Integration Setup Guides

RAM — 8 GB minimum (recommended). The default Docker stack runs the portal, MongoDB, and 40+ MCP integration containers. Services such as Memory and Code Search load embedding models (~300 MB each) at startup. On servers with less than ~8 GB RAM you risk out-of-memory kills and unstable behaviour.

CPU — AVX support required. MongoDB 7 needs a CPU with AVX instructions (typical on Intel Haswell / AMD Ryzen and newer). The installer checks this automatically.

Disk — tens of GB free. Docker images for all services add up; leave enough space for images, volumes, and logs.

Docker & Docker Compose — required. See the Docker install guide.

Every prompt editor in ClearFox — Profile → Personal System Prompt, Admin → LLMs → Company Context, Admin → Roles → Custom System Prompt, Admin → Integrations → System Prompt, and Agents → Task — accepts Markdown. The text is sent to the model exactly as you typed it; the editor only adds syntax highlighting so structure is easier to see while writing.

Modern LLMs (Claude, GPT-4/5, Gemini) treat Markdown as semantic structure, not decoration. Headings group related instructions, lists improve step-by-step adherence, fenced code blocks separate examples from instructions, and bold raises the weight of a phrase. Both Anthropic and OpenAI recommend structuring system prompts this way.

Use level-2 headings (##) for sections. The model uses them as anchors and is more likely to satisfy every section.

## Role
You are a senior PPC analyst.

## Goal
Find ad groups where CPA is 2× the account average.

## Output
A markdown table with ad group, spend, CPA, and a one-line recommendation.

Use bullet or numbered lists for steps and rules. Numbered lists are stronger for ordered procedures; bullets for non-ordered constraints.

## Steps
1. Pull the last 30 days of campaign data.
2. Compute account-average CPA.
3. Flag ad groups ≥ 2× average.

## Rules
- Never include paused ad groups.
- Cite source rows by id.

Use fenced code blocks (```) for examples, schemas, and verbatim text the model should copy. The model reliably treats their content as data, not instructions — a useful fence against accidental prompt injection in pasted samples.

## Output schema
```json
{ "ad_group": "string", "cpa": "number", "recommendation": "string" }
```

Use **bold** sparingly to mark non-negotiable rules or critical numbers. Overuse dilutes the signal — if every line is bold, none of them is.

- **Always** use the company’s display currency.
- *Prefer* short summaries when the user did not ask for detail.

Use inline `code` for tool names, field names, exact values, and identifiers. This stops the model from translating or paraphrasing them.

Call <code>`search_orders`</code> with <code>`status: "shipped"`</code>, never with localised words like &ldquo;shipped&rdquo; or &ldquo;отгружено&rdquo;.

Pitfalls to avoid:

• Don't mix three heading levels in a short prompt — pick <code>##</code> and stop.
• Don't bury key constraints in a wall of paragraph text — break them into a bulleted "Rules" section.
• Don't write very long single sentences ending with semicolons; split them into list items.
• Don't indent code blocks with leading spaces inside lists — keep fences flush left so the markdown parser doesn't treat them as nested code.

Need help structuring an existing prompt? On the agent edit screen, click Improve with AI on the right side of the page. ClearFox sends your task plus the runtime context (model, sources, triggers) to the LLM and returns a properly structured Markdown rewrite plus up to three actionable recommendations. Use Investigate on a failed run to do the same with the run transcript as additional context.

Google and Microsoft require HTTPS for OAuth redirect URIs in production. If your Portal URL uses http://, OAuth login and account linking will not work. Exception: http://localhost is allowed for local development.

ClearFox includes a setup command that installs Caddy and configures HTTPS automatically:

<code>curl -fsSL https://clearfox.ai/install.sh | sudo sh -s caddy ai.yourcompany.com</code>
Make sure DNS for your domain points to the server and ports 80/443 are open.

Alternatively, use nginx with Let's Encrypt, or a cloud load balancer (AWS ALB, Cloudflare Tunnel, etc.).

After setting up HTTPS, update the Portal URL in Admin → Settings to https://ai.yourcompany.com.

Then register the HTTPS redirect URIs in your OAuth provider console (Google Cloud Console or Azure Portal). Both URIs are shown in Admin → OAuth when the provider is in “My own OAuth app” mode; the SSO tab shows the sign-in URI separately.

Go to Google Cloud Console → Credentials. Create a project if you don't have one.

Click Create Credentials → OAuth client ID → Application type: Web application.

Under Authorized redirect URIs, add both (replace with your portal URL):

https://ai.yourcompany.com/api/auth/callback/google
https://ai.yourcompany.com/api/oauth/callback

Copy the Client ID and Client Secret.

Go to OAuth consent screen. Under Audience, select Internal if your organization uses Google Workspace — this removes the “Google hasn’t verified this app” warning entirely. If you only see External (personal Gmail account), you must add every Google account you plan to connect to ClearFox under Test users. Without this, connecting that account in Admin → OAuth will fail with a 403 error. Up to 100 test users are allowed.

In ClearFox Admin → OAuth, open the Google subtab, switch the mode to My own OAuth app, and paste the Client ID and Client Secret. The same OAuth app is used for both integrations and portal sign-in (SSO) — register both redirect URIs in the same Google app.

Enable any Google APIs you plan to use (Analytics, Sheets, etc.) in the API Library.

Optional — remove the “unverified app” warning permanently: If you want any Google account to connect without restrictions (not just test users), submit your app for Google verification. Before submitting: fill in the app logo, homepage URL, and privacy policy on the consent screen, then click Publish App to move from testing to production. Then click Prepare for Verification, write a justification for each scope explaining how your app uses it, record a short demo video showing the OAuth flow, and click Submit for Verification. Expected review time: ~2–3 business days for brand-only, ~10 business days for sensitive scopes (Analytics, Sheets, Drive), ~6 weeks for restricted scopes. Google will contact the project owner by email.

Go to Azure Portal → App registrations → New registration.

Name: e.g. 'ClearFox Portal'. Supported account types: 'Accounts in this organizational directory only' (single tenant).

Under Redirect URI, add (replace with your portal URL):

https://ai.yourcompany.com/api/auth/callback/azure-ad

After creation, go to Authentication → Add a platform → Web. Add the second redirect URI:

https://ai.yourcompany.com/api/oauth/callback

Go to Certificates & secrets → New client secret. Copy the Value (not Secret ID).

Copy the Application (client) ID and Directory (tenant) ID from the app's Overview page.

In ClearFox Admin → OAuth, open the Microsoft subtab, switch the mode to My own OAuth app, and paste the Tenant ID, Client ID, and Client Secret. The same Azure app powers both integrations and portal sign-in (SSO) — register both redirect URIs in the same app registration.

Go to console.anthropic.com/settings/keys.

Click 'Create Key', give it a name (e.g. 'ClearFox'), and copy the key.

Paste the key in the ClearFox setup wizard (or Admin → LLMs after installation).

Recommended models: claude-sonnet-4-20250514 (default), claude-opus-4-20250514 (max quality).

Pricing: pay-per-token via Anthropic. No minimum commitment.

Go to platform.openai.com/api-keys.

Click 'Create new secret key', name it (e.g. 'ClearFox'), and copy the key.

Paste the key in the ClearFox setup wizard (or Admin → LLMs after installation).

Recommended models: gpt-4o-mini (default, cheap), gpt-5.5 (flagship, 1M context).

Pricing: pay-per-token via OpenAI. No minimum commitment.

Install Ollama: ollama.com/download (macOS, Linux, Windows).

Pull a model:

ollama pull llama3.1:70b

Ollama serves an OpenAI-compatible API on port 11434 by default.

If Ollama runs on the host machine, use host.docker.internal as the host.

Enter the Ollama base URL and model name in the ClearFox setup wizard (or Admin → LLMs).

Example: http://host.docker.internal:11434 with model llama3.1:70b

All data stays on your machine. No internet access required after model download.

Install vLLM: docs.vllm.ai or use the Docker image.

Start vLLM with an OpenAI-compatible server:

vllm serve meta-llama/Llama-3.1-70B-Instruct --port 8000

If vLLM runs on the host machine, use host.docker.internal as the host.

Enter the vLLM base URL and model name in the ClearFox setup wizard (or Admin → LLMs).

Example: http://host.docker.internal:8000/v1 with model meta-llama/Llama-3.1-70B-Instruct

Requires a GPU with sufficient VRAM (70B model needs ~40GB). For smaller setups, use 8B or 13B models.

Full air-gap support. Nothing leaves your network.

Create a read-only MySQL user for the AI:

CREATE USER 'clearfox'@'%' IDENTIFIED BY 'your-password';
GRANT SELECT ON your_database.* TO 'clearfox'@'%';

If MySQL runs on the host machine, use host.docker.internal as the host.

If MySQL runs in Docker, use the container name as the host.

In ClearFox Admin UI → Integrations, find MySQL → click '+' to add a config. Fill in host, user, pass, db.

Optionally set key_tables to highlight important tables.

Create a read-only PostgreSQL user for the AI:

CREATE USER clearfox WITH PASSWORD 'your-password';
GRANT CONNECT ON DATABASE your_db TO clearfox;
GRANT USAGE ON SCHEMA public TO clearfox;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO clearfox;

If PostgreSQL runs on the host machine, use host.docker.internal as the host.

In ClearFox Admin UI → Integrations, find PostgreSQL → click '+' to add a config. Fill in host, user, pass, db.

Optionally set schema and key_tables.

Create a read-only MongoDB user for the AI:

use admin
db.createUser({ user: "clearfox", pwd: "your-password", roles: [{ role: "read", db: "your_database" }] })

In ClearFox Admin UI → Integrations, find MongoDB → click '+' to add a config. Set the URI (include database name in the path).

If MongoDB runs on the host machine, use host.docker.internal as the host. If in Docker, use the container name.

Go to Google Cloud Console → Service Accounts and create a new service account (e.g. clearfox-analytics). No roles needed during creation.

Enable the Google Analytics Data API for your Google Cloud project.

Open the created service account → Keys tab → Add Key → Create new key → JSON. Download the JSON file.

⚠️ If you get an iam.disableServiceAccountKeyCreation error, your organization blocks key creation. Ask your Organization Policy Administrator to temporarily disable the iam.disableServiceAccountKeyCreation constraint in Organization Policies, or create the key for you.

In Google Analytics, go to Admin → Property Access Management → + → Add users. Add the service account email with Viewer role. The email is in the downloaded JSON file — look for the client_email field (looks like clearfox-analytics@your-project.iam.gserviceaccount.com). ⚠️ Without this step you will get a 403 PermissionDenied error even if the JSON key is valid.

Find your GA4 Property ID: Google Analytics → Admin → Property Settings → Property ID (9-digit number).

In ClearFox Admin → Integrations, find Google Analytics → click '+'. Paste the contents of the JSON key file and enter the Property ID.

Prerequisite: Google OAuth must be configured in ClearFox (Client ID + Secret). See Google OAuth Setup.

Enable the BigQuery API in your Google Cloud project (the same project where your OAuth app lives).

Find your GCP project ID in Google Cloud Console — it’s next to the project name at the top.

Make sure the Google account you’ll connect has at least the BigQuery Data Viewer + BigQuery Job User roles on the project (IAM & Admin → IAM).

Each user goes to Profile → My Integrations → BigQuery, clicks Connect Google Account, signs in, then pastes the GCP project ID. The AI can immediately list datasets, inspect schemas and run SELECT queries.

⚠️ If you see “Google hasn’t verified this app”: click Advanced → Go to [your domain] (unsafe). To remove this warning permanently, submit the app for Google verification or set the OAuth consent screen to Internal (Workspace orgs only). bigquery.readonly is classified as a sensitive scope, so verification is required if you want External + Production without warnings.

Scope is bigquery.readonly — DML/DDL is intentionally blocked. To run writes use the BigQuery console directly.

Go to Atlassian API Tokens.

Click 'Create API token', name it (e.g. 'ClearFox AI'), and copy the token.

In ClearFox Admin UI → Integrations, find Jira → click '+' to add a config. Fill in base_url, email, api_token, and optionally default_projects.

Go to Atlassian API Tokens.

Click 'Create API token', name it (e.g. 'ClearFox AI'), and copy the token.

In ClearFox Admin UI → Integrations, find Confluence → click '+' to add a config. Fill in url, email, api_token.

Pick one of two setups: (A) shared workspace Internal Integration token — simplest if one Notion workspace is exposed to all employees; (B) OAuth — when each user has their own Notion or you want per-user access control.

(A) Internal Integration token (recommended for one shared workspace). In Notion, open Settings → Integrations → Develop or manage integrations, create an Internal integration, copy its ntn_… token. In ClearFox Admin → Configs → Notion → + Add, paste it into the api_key field. Then in Notion, share each relevant page with the integration: page … → Connections → add it (top-level pages cascade to children).

(B) OAuth — per-user. Goes through ClearFox's managed proxy (oauth.clearfox.ai) by default; nothing to configure on the admin side. Or register your own Public integration at notion.so/profile/integrations and paste its Client ID/Secret in Admin → OAuth → Notion. Each user then connects in Profile → My Integrations → Notion and shares the pages they want to expose.

(B) OAuth — shared workspace. If you want a single OAuth-based account shared across all users (instead of an Internal token): Admin → Configs → Notion → + Add, click Connect Notion, authorize once. Grant role access in Admin → Roles.

Resolution order at runtime: personal OAuth → workspace OAuth → workspace api_key. Whichever is set first wins; the others act as fallbacks.

Go to Slack API Apps and click 'Create New App' → 'From scratch'.

Name it (e.g. 'ClearFox AI') and select your workspace.

Go to 'OAuth & Permissions' → 'Scopes' → add Bot Token Scopes:

channels:read, channels:history, groups:read, groups:history,
users:read, search:read, chat:write (if you want the AI to post).

Click 'Install to Workspace' and authorize.

Copy the 'Bot User OAuth Token' (starts with xoxb-...).

In ClearFox Admin UI → Integrations, find Slack → click '+' to add a config. Paste the bot token.

Invite the bot to channels it should access: /invite @ClearFox AI

Log in to Freshservice as an admin.

Go to your profile icon → Profile Settings.

On the right side, find your API Key and copy it.

Your domain is the subdomain (e.g. 'mycompany' from mycompany.freshservice.com).

In ClearFox Admin UI → Integrations, find Freshservice → click '+' to add a config. Fill in url and api_key.

Go to Stripe Dashboard → API Keys.

Click '+ Create restricted key' (recommended over the secret key for security).

Give it a name (e.g. 'ClearFox AI Read-Only').

Set permissions: All Read access. Do NOT enable any Write permissions unless needed.

Click 'Create key' and copy it (starts with rk_live_... or sk_live_...).

In ClearFox Admin UI → Integrations, find Stripe → click '+' to add a config. Paste the API key.

For test mode, use keys from 'Test mode' toggle (starts with sk_test_...).

Go to HubSpot → Settings (gear icon) → Integrations → Private Apps.

Click 'Create a private app', name it (e.g. 'ClearFox AI').

Go to 'Scopes' tab and enable read scopes you need:

crm.objects.contacts.read, crm.objects.deals.read, crm.objects.companies.read, etc.

Click 'Create app' and copy the access token.

In ClearFox Admin UI → Integrations, find HubSpot → click '+' to add a config. Paste the access token.

Log in to your Bitrix24 cloud account as an administrator.

Go to Developer resources → Other → Inbound webhook.

Grant the scopes you want exposed: crm (leads, deals, companies, contacts), lists (Lists / Списки), tasks, user.

Copy the full webhook URL — it ends with a trailing slash, e.g. https://yourcompany.bitrix24.ru/rest/1/abc123token/.

In ClearFox Admin UI → Integrations, find Bitrix24 → click '+' to add a config. Paste the webhook URL.

The webhook inherits the permissions of the user who created it. Use an admin user for full read access.

In Customer.io, go to Settings → Account Settings → API Credentials.

Open the App API Keys tab, click 'Create App API Key', name it (e.g. 'ClearFox AI') and copy it. This powers all reads.

Note your data region — US accounts use customer.io, EU accounts use the EU data center. Pick the matching Region in the config.

Optional (for writes): on the Track API Keys tab, copy your Site ID and a Track API Key — these enable identifying people and tracking events.

In ClearFox Admin UI → Integrations, find Customer.io → click '+' to add a config. Paste the App API key, set the region, and (optionally) the Track Site ID and Track API key.

Log in to BambooHR as an admin.

Click your name → API Keys.

Click 'Add New Key', name it (e.g. 'ClearFox AI'), and copy the key.

Your subdomain is the part before .bamboohr.com (e.g. 'mycompany').

In ClearFox Admin UI → Integrations, find BambooHR → click '+' to add a config. Fill in subdomain and api_key.

Log in to HiBob as an admin.

Go to Settings → Integrations → Service Users.

Create a new service user with the required permissions.

Copy the Service User ID and Token.

In ClearFox Admin UI → Integrations, find HiBob → click '+' to add a config. Fill in api_token and service_user_id.

Prerequisite: Google OAuth must be configured in ClearFox (Client ID + Secret). If you haven't done this yet, see the Google OAuth Setup section above.

Enable the Google Sheets API in your Google Cloud project (the same project where your OAuth app lives).

Go to Admin → OAuth → click Connect Google Account. A popup will open — sign in with the Google account that has access to your spreadsheets and grant the requested permissions.

⚠️ If you see a “Google hasn’t verified this app” warning: click Advanced → Go to [your domain] (unsafe). To remove this warning permanently, set your OAuth consent screen to Internal (Google Workspace orgs only: Cloud Console → OAuth consent screen) or submit your app for Google verification.

Go to Admin → Integrations → Google Sheets → click + to create a config. Select the Google account you just connected.

Users can add their own spreadsheets in Profile → My Integrations → Google Sheets. The connected Google account must have access to each spreadsheet (either as owner or via sharing).

Prerequisite: Microsoft 365 OAuth must be configured first. See Microsoft 365 OAuth Setup.

In Azure Portal → App registrations, open your ClearFox app → API permissions → Add a permission → Microsoft Graph → Delegated permissions. Add: Calendars.ReadWrite, User.Read, People.Read, offline_access. Click Grant admin consent.

Microsoft Calendar uses per-user OAuth — each user connects their own account. There is no admin-level config needed in Integrations.

Each user goes to Profile → My Integrations and clicks Connect Microsoft Account next to Microsoft Calendar. This opens a Microsoft login popup. After approving, their calendar is immediately available to the AI.

The AI can then list events, check availability, create meetings, and search the calendar — all scoped to that user's own account.

Tip: If users see a permissions error after connecting, make sure admin consent was granted in step 2 for the entire organization.

Log in to Odoo as an admin.

Go to Settings → Users & Companies → your user → Preferences tab.

Scroll to 'API Keys' section → click 'New API Key', name it, and copy the key.

Your Odoo URL is the base URL of your instance (e.g. https://mycompany.odoo.com).

The database name is visible in the URL or in Settings → Database Manager.

In ClearFox Admin UI → Integrations, find Odoo → click '+' to add a config. Fill in url, db, username, api_key.

Log in to Make.com → click your profile icon (bottom-left) → Profile.

Scroll to the API section → click 'Add API token'. Select all scopes you need (at minimum: scenarios, connections, organizations) → click 'Save'. Copy the token immediately (it is shown only once).

Find your Organization ID: go to Organization settings → the ID is in the URL: make.com/organization/ORG_ID/....

Find your Team ID (optional): click on a team → the ID is in the URL: make.com/organization/.../team/TEAM_ID/....

In ClearFox Admin UI → Integrations, find Make → click '+' to add a config. Fill in api_token, and optionally team_id and zone.

Log in to Zapier → go to Settings (gear icon) → API Keys.

Click 'Create API Key', name it (e.g. 'ClearFox AI'), and copy the key.

In ClearFox Admin UI → Integrations, find Zapier → click '+' to add a config. Paste the API key.

The API key provides read access to your Zaps, task history, and folders.

Datadog read APIs require both an API key and an Application key. Use a dedicated read-only service account where possible — the Application key inherits the user's permissions.

Find your Site (region): log in to Datadog and check the URL bar. app.datadoghq.com → site is datadoghq.com (US1, default). Other sites: datadoghq.eu (EU), us3.datadoghq.com, us5.datadoghq.com, ap1.datadoghq.com, ddog-gov.com. ⚠️ Using the wrong site returns 403 Forbidden even with valid keys.

Create the API key: go to Organization Settings → API Keys → + New Key. Name it (e.g. ClearFox AI) and copy the value.

Create the Application key: go to Organization Settings → Application Keys → + New Key. Name it (e.g. ClearFox AI) and copy the value. ⚠️ The API key alone is not enough for read endpoints; the Application key is mandatory.

⚠️ Don't confuse Key ID with Key value. The Application Keys table shows the Key ID (UUID with dashes, 36 chars) — that is not the key. Click the row to open the details panel and copy the Key field (40 hex chars, no dashes). If the value is no longer shown there, create a new key — Datadog reveals the full value only at creation time. Pasting the Key ID produces 401 Unauthorized on every endpoint while the API key validation still appears to succeed.

Scope the Application key (recommended): open the new key → Scopes tab → switch from Inherit user permissions to Custom scopes. Enable read-only scopes for what the AI needs: monitors_read, metrics_read, logs_read_data, events_read, dashboards_read, incident_read, slos_read, hosts_read. Without scopes the key has full access of the user that created it.

In ClearFox Admin UI → Integrations, find Datadog → click '+' to add a config. Set site (e.g. datadoghq.com or datadoghq.eu), paste api_key and app_key.

Common errors: 403 Forbidden → wrong site, missing scope on the App key, or the user that created the App key was deactivated. 401 Unauthorized → API key is invalid or revoked.

Log in to Grafana as an admin and open Administration → Users and access → Service accounts (Grafana 9+). On older versions use Configuration → API keys.

Click Add service account, name it (e.g. ClearFox AI), and set role to Viewer. Viewer is enough to query datasources, dashboards, and alert state — the AI never writes to Grafana.

On the service account page, click Add service account token, give it any name, and copy the token (starts with glsa_). The token is shown only once.

Datasources must already be configured in Grafana itself — ClearFox queries them through Grafana's datasource proxy. Typical setup: Loki for logs, Prometheus for metrics. No extra credentials needed on ClearFox side.

Your URL is the Grafana base URL, e.g. https://grafana.yourcompany.com. If Grafana is on the same private network as ClearFox you can also use the internal URL.

In ClearFox Admin UI → Integrations, find Grafana → click + to add a config. Fill in url and api_key (paste the glsa_ token).

Querying logs: the AI uses LogQL via Loki, e.g. {app="api"} |= "error". It can list available labels and values automatically. If you have multiple Loki datasources, the AI will ask which one to use.

Self-hosted Grafana with self-signed TLS: use a publicly trusted certificate (Caddy / Let's Encrypt) or expose Grafana over plain HTTP on the internal network — ClearFox does not skip TLS verification by design.

Generate a dedicated SSH deploy key (no passphrase):

ssh-keygen -t ed25519 -C "clearfox-git" -f ~/.ssh/clearfox_git -N ""

Copy the public key — you will need it in the next step:

cat ~/.ssh/clearfox_git.pub

Add the public key as a deploy key in your Git hosting. Grant read-only access.
GitHub: Managing deploy keys · GitLab: Deploy keys

Base64-encode the private key (the value ClearFox needs):

cat ~/.ssh/clearfox_git | base64 -w0 ; echo

On macOS use base64 without -w0 and strip line breaks:

cat ~/.ssh/clearfox_git | base64 | tr -d '\n' ; echo

In ClearFox Admin UI → Integrations, find Git → click '+' to add a config. Paste the base64 SSH key and repos (comma-separated URL|branch).

The server will clone repos on startup and provide code search and file reading tools.

No configuration needed. This server fetches URLs and extracts content as markdown.

It works out of the box with no API keys required.

No configuration needed. This server provides structured step-by-step reasoning.

It works out of the box with no API keys required.

No configuration needed. This server provides persistent memory storage for the AI.

It works out of the box with no API keys required.

On top of the built-in integrations, each user can connect their own remote MCP servers. Go to Profile → Custom MCP servers.

Click + Add server and fill in: a short name (lowercase, used as the tool prefix — e.g. context7), the server URL (must be https://), and a short description of what it is for (the assistant uses this to decide when to call it — or click Fill with AI to generate one).

Choose Authentication: None for open servers; Authorization header to paste a token (e.g. Bearer xxx); or OAuth when the provider asks you to sign in (see the Customer.io example below).

For header/none servers, click Test connection to list the tools, then Save. For OAuth, Save first, then Authorize and complete the sign-in popup — the status turns to ✓ Connected.

The server's tools become available in your own chats and personal agents only, named name_tool (e.g. context7_query-docs). They are not shared with other users or admins.

Security: a custom server is third-party code you choose to trust — its tools and responses reach the assistant the same as built-in ones. The portal only accepts public https:// URLs (internal/private addresses are blocked) and never sends a custom server any other integration's data or credentials.

Many hosted MCP servers (e.g. Customer.io, Notion, Linear) authenticate with OAuth — you sign in to grant access instead of pasting a token.

In Profile → Custom MCP servers, add a server with the provider's MCP URL (e.g. https://mcp-eu.customer.io/mcp) and set Authentication to OAuth. No client ID or secret is needed — the portal registers itself automatically.

Click Save, then Authorize. A popup opens the provider's sign-in / consent screen; approve access to your workspace.

After the popup closes the server shows ✓ Connected and its tools are ready. Use Disconnect to revoke, or Re-authorize to switch accounts. Tokens are refreshed automatically.

Context7 serves up-to-date documentation for thousands of libraries and frameworks as MCP tools.

(Optional) Create an API key at context7.com/dashboard for higher rate limits. Context7 also works without a key.

In Profile → Custom MCP servers, add a server: name context7, URL https://mcp.context7.com/mcp, and (if you made a key) Authorization Bearer ctx7sk-….

Save. The assistant can now resolve a library and pull its docs on demand via the context7_* tools.

View real-time logs from the portal container:

docker compose logs -f portal --tail 100

Restart all ClearFox services:

docker compose restart

Stop all containers (data is preserved):

docker compose down

Passwords are stored as bcrypt hashes and cannot be recovered. You can only set a new one.

Generate a new bcrypt hash (replace NEW_PASSWORD with your new password):

docker compose exec portal sh -c "cd /tmp && npm install --no-save bcryptjs 2>/dev/null && node -e \"require('/tmp/node_modules/bcryptjs').hash('NEW_PASSWORD',12,function(e,h){console.log(h)})\""

Copy the output hash (starts with $2a$12$...) and update the user in the database (replace admin@example.com and HASH):

docker compose exec mongodb mongosh portal --eval 'db.users.updateOne({email:"admin@example.com"},{$set:{passwordHash:"HASH",updatedAt:new Date()}})'

If the output shows modifiedCount: 1, the password has been changed. You can now log in.

Drop the portal database. This removes all data — users, settings, conversations:

docker compose exec mongodb mongosh portal --eval "db.dropDatabase()"

After reset, restart the portal and go through the setup wizard again:

docker compose restart portal