Human-in-the-loop for AI agents — on your phone. Your agent calls pushnotifi_request_ack, you tap Approve / Deny / Yes / No (or type a reply) on the PushNotifi mobile app, the agent's pushnotifi_await_ack returns your answer and the workflow continues.
pushnotifi-secrets:
- Never inline a PushNotifi `X-API-Key`, user key, group key, or inbound-webhook token as a string literal in source. Read from environment variables.
- Required env var names (use these exact names so other tooling and recipes line up):
- `PUSHNOTIFI_USER_KEY` — account API key sent as `X-API-Key`
- `PUSHNOTIFI_GROUP_KEY` — default destination `send_to_key` (group), 32-char `g…`
- `PUSHNOTIFI_APPLICATION_KEY` — optional; omit to use the account default application
- `PUSHNOTIFI_WEBHOOK_TOKEN` — optional; per-user inbound-webhook token from the dashboard
- `PUSHNOTIFI_API_BASE_URL` — optional; default `https://api.pushnotifi.me`
- Validate at process start: if `PUSHNOTIFI_USER_KEY` is missing or empty, fail fast with a clear error. Do not partially-initialize a client.
- Never write a key value to a log line, error message, telemetry payload, or test fixture. When the key must appear in an error context, redact to the last 4 characters.
- Add `.env` and `.env.*` (except `.env.example`) to `.gitignore` if the project does not already ignore them.
- When generating example files, write `.env.example` with placeholder values, never `.env`.
- Inbound webhook tokens are per-user secrets, not shared identifiers. Treat them with the same care as API keys.