Environment Variables

Sortie supports SORTIE_* environment variable overrides for most configuration fields, with optional .env file loading. Environment variables flow in six distinct directions - each covered in its own section below.

Section	Direction	When it matters
Configuration overrides	Parent shell / `.env` file → config fields	Deploying in containers, CI, cloud-native environments
Agent runtime variables	Parent shell → agent subprocess	Before starting Sortie
`$VAR` indirection in WORKFLOW.md	Parent shell → config fields at startup	Writing the workflow file
Hook subprocess environment	Sortie → hook subprocess	Writing hook scripts
MCP server environment	Worker → `.sortie/mcp.json` → agent runtime → MCP server	Writing custom tools, debugging tool execution
Install script variables	Parent shell → `install.sh`	Installing the binary

Configuration overrides

Twenty-four SORTIE_* environment variables override individual WORKFLOW.md configuration fields. Set them in the parent shell, in a .env file, or both.

Precedence

Four sources feed configuration, highest priority first:

SORTIE_* environment variables in the real process environment
.env file values (opt-in via SORTIE_ENV_FILE or --env-file)
WORKFLOW.md front matter YAML
Built-in defaults

A real env var always beats a .env value for the same key. Both beat whatever the YAML says.

Tracker variables

Env var	Overrides	Type
`SORTIE_TRACKER_KIND`	`tracker.kind`	string
`SORTIE_TRACKER_ENDPOINT`	`tracker.endpoint`	string
`SORTIE_TRACKER_API_KEY`	`tracker.api_key`	string (secret - never logged)
`SORTIE_TRACKER_PROJECT`	`tracker.project`	string
`SORTIE_TRACKER_ACTIVE_STATES`	`tracker.active_states`	csv
`SORTIE_TRACKER_TERMINAL_STATES`	`tracker.terminal_states`	csv
`SORTIE_TRACKER_QUERY_FILTER`	`tracker.query_filter`	string
`SORTIE_TRACKER_HANDOFF_STATE`	`tracker.handoff_state`	string
`SORTIE_TRACKER_IN_PROGRESS_STATE`	`tracker.in_progress_state`	string
`SORTIE_TRACKER_COMMENTS_ON_DISPATCH`	`tracker.comments.on_dispatch`	bool (`true`/`false`/`1`/`0`)
`SORTIE_TRACKER_COMMENTS_ON_COMPLETION`	`tracker.comments.on_completion`	bool
`SORTIE_TRACKER_COMMENTS_ON_FAILURE`	`tracker.comments.on_failure`	bool

Polling variables

Env var	Overrides	Type
`SORTIE_POLLING_INTERVAL_MS`	`polling.interval_ms`	int

Workspace variables

Env var	Overrides	Type
`SORTIE_WORKSPACE_ROOT`	`workspace.root`	string (path - `~` expanded)

Agent variables

Env var	Overrides	Type
`SORTIE_AGENT_KIND`	`agent.kind`	string
`SORTIE_AGENT_COMMAND`	`agent.command`	string
`SORTIE_AGENT_TURN_TIMEOUT_MS`	`agent.turn_timeout_ms`	int
`SORTIE_AGENT_READ_TIMEOUT_MS`	`agent.read_timeout_ms`	int
`SORTIE_AGENT_STALL_TIMEOUT_MS`	`agent.stall_timeout_ms`	int
`SORTIE_AGENT_MAX_CONCURRENT_AGENTS`	`agent.max_concurrent_agents`	int
`SORTIE_AGENT_MAX_TURNS`	`agent.max_turns`	int
`SORTIE_AGENT_MAX_RETRY_BACKOFF_MS`	`agent.max_retry_backoff_ms`	int
`SORTIE_AGENT_MAX_SESSIONS`	`agent.max_sessions`	int

Top-level variables

Env var	Overrides	Type
`SORTIE_DB_PATH`	`db_path`	string (path - `~` expanded)

Control variables

These are not config field overrides. They control how overrides are loaded.

Env var	Purpose	Type
`SORTIE_ENV_FILE`	Path to a `.env` file containing `SORTIE_*` overrides	string

When --env-file is provided, the CLI resolves the path to absolute and exports it as SORTIE_ENV_FILE in the process environment. This ensures the value is captured by CollectSortieEnv and propagated to the MCP server, which runs in a different working directory and needs the absolute path to locate the .env file. When both SORTIE_ENV_FILE and --env-file are set, the CLI flag wins.

Type coercion

Type	Rule	Error behavior
string	Used as-is	-
int	Parsed via `strconv.Atoi`. Leading/trailing whitespace trimmed.	Startup error: `config: polling.interval_ms: invalid integer value: abc (from SORTIE_POLLING_INTERVAL_MS)`
bool	Accepts `true`, `false`, `1`, `0` (case-insensitive)	Startup error naming the env var and rejected value
csv	Comma-separated. Items trimmed. Empty items discarded. Empty string produces an empty list.	-

Fields not overridable via env

Field	Reason
`hooks.*` (all hook scripts)	Multiline shell scripts do not fit in a single env var
`hooks.timeout_ms`	Grouped with hooks for consistency
`agent.max_concurrent_agents_by_state`	Complex map structure (`{"in progress": 3, "to do": 1}`)
Extension sections (`server`, `worker`, `claude-code`, etc.)	Plugin-owned configuration; overrides belong to the adapter
`logging.level`	Controlled by the `--log-level` CLI flag
`logging.format`	Controlled by the `--log-format` CLI flag

`.env` file support

Loading a .env file is opt-in.

Warning

Sortie does not auto-discover .env files in the working directory. Its working directory is the WORKFLOW.md location, and a .env file placed there could silently alter behavior for any operator who runs sortie from that directory. Always load .env explicitly via SORTIE_ENV_FILE or --env-file.

Enable .env loading with either:

# Via environment variable
export SORTIE_ENV_FILE=/etc/sortie/prod.env
sortie WORKFLOW.md

# Via CLI flag (takes precedence over the env var)
sortie --env-file /etc/sortie/prod.env WORKFLOW.md

File format:

# /etc/sortie/jira.env
# Comments start with #. Blank lines are ignored.

SORTIE_TRACKER_KIND=jira
SORTIE_TRACKER_ENDPOINT=https://myco.atlassian.net
SORTIE_TRACKER_API_KEY="you@company.com:xpat_abc123def456"
SORTIE_TRACKER_PROJECT=PLATFORM
SORTIE_POLLING_INTERVAL_MS=30000
SORTIE_WORKSPACE_ROOT=~/workspace/sortie

GitHub adapter equivalent:

# /etc/sortie/github.env
SORTIE_TRACKER_KIND=github
SORTIE_TRACKER_API_KEY="ghp_your_personal_access_token"
SORTIE_TRACKER_PROJECT=myorg/myrepo
SORTIE_POLLING_INTERVAL_MS=30000
SORTIE_WORKSPACE_ROOT=~/workspace/sortie

Rules:

One KEY=VALUE per line. No multiline values.
# lines and blank lines are ignored.
Optional single or double quotes around values - outer quotes are stripped, no escape processing.
Only keys starting with SORTIE_ are loaded. All other keys are silently ignored.
No variable interpolation within values. $HOME in a .env value is the literal string $HOME.
Real environment variables always take precedence over .env values.
The .env file is re-read on every WORKFLOW.md reload (file change detection). Real env vars require a process restart to change.

CSV encoding for list fields

active_states and terminal_states accept comma-separated values:

SORTIE_TRACKER_ACTIVE_STATES="To Do,In Progress"
SORTIE_TRACKER_TERMINAL_STATES="Done,Won't Do"

Each item is trimmed of surrounding whitespace. Empty items (from trailing commas or double commas) are discarded. An empty string produces an empty list.

Interaction with `$VAR` indirection

When a SORTIE_* override is set for a field, it replaces the YAML value entirely. The $VAR expansion that would normally run on the YAML value is skipped for that field. Values from env overrides are literal - $ characters are not expanded.

Example: WORKFLOW.md has api_key: $MY_TOKEN. If SORTIE_TRACKER_API_KEY=tok$5abc is set, the api_key becomes the literal string tok$5abc. The $MY_TOKEN indirection never executes. The $5 is not expanded.

Path fields (workspace.root, db_path) still receive ~ expansion even when set via env overrides. Only $VAR expansion is skipped.

Agent runtime variables

Agent adapters spawn subprocesses that inherit the full parent process environment. Sortie itself does not read or validate these variables - they pass straight through. If one is missing, the agent subprocess fails, not Sortie.

Variable	Required by	Description
`ANTHROPIC_API_KEY`	`claude-code` adapter (Anthropic direct)	API key for the Anthropic API. The Claude Code CLI reads this on startup. Missing or invalid values cause an authentication error in the agent subprocess.
`CLAUDE_CODE_USE_BEDROCK`	`claude-code` adapter (AWS Bedrock)	Set to `1` to route Claude Code through AWS Bedrock instead of the direct API.
`AWS_ACCESS_KEY_ID`	`claude-code` adapter (AWS Bedrock)	AWS access key. Required when `CLAUDE_CODE_USE_BEDROCK=1`.
`AWS_SECRET_ACCESS_KEY`	`claude-code` adapter (AWS Bedrock)	AWS secret key. Required when `CLAUDE_CODE_USE_BEDROCK=1`.
`AWS_REGION`	`claude-code` adapter (AWS Bedrock)	AWS region for Bedrock inference. Required when `CLAUDE_CODE_USE_BEDROCK=1`.
`CLAUDE_CODE_USE_VERTEX`	`claude-code` adapter (Google Vertex AI)	Set to `1` to route Claude Code through Google Vertex AI.
`ANTHROPIC_VERTEX_PROJECT_ID`	`claude-code` adapter (Google Vertex AI)	GCP project ID. Required when `CLAUDE_CODE_USE_VERTEX=1`.
`CLOUD_ML_REGION`	`claude-code` adapter (Google Vertex AI)	GCP region. Required when `CLAUDE_CODE_USE_VERTEX=1`.
`ANTHROPIC_BASE_URL`	`claude-code` adapter (proxy)	Override the Anthropic API base URL. Use for LiteLLM, custom gateways, or corporate proxies.
`COPILOT_GITHUB_TOKEN`	`copilot-cli` adapter	GitHub token dedicated to Copilot CLI. Highest priority among the three token variables the CLI checks.
`GH_TOKEN`	`copilot-cli` adapter	GitHub token shared with the `gh` CLI. Second priority for Copilot CLI authentication. Also used by many GitHub tooling integrations.
`GITHUB_TOKEN`	`copilot-cli` adapter	GitHub token common in CI environments. Third priority for Copilot CLI authentication.
`CODEX_API_KEY`	`codex` adapter	OpenAI API key for the Codex CLI. The `codex app-server` subprocess reads this on startup. If the variable is unset, the adapter falls back to cached credentials in `~/.codex/auth.json` on the target host.

A missing ANTHROPIC_API_KEY is the most common claude-code deployment failure. Sortie starts and polls the tracker normally, but every agent session fails at launch with an auth error. The Sortie logs show a worker exit with exit_type=error; the root cause is only visible in the agent’s stderr output.

For copilot-cli, a missing GitHub token is the equivalent failure. The adapter’s preflight check validates that at least one of COPILOT_GITHUB_TOKEN, GH_TOKEN, or GITHUB_TOKEN is set, or that gh auth status succeeds. If none are available, StartSession fails with agent_not_found. The Copilot CLI itself implements try-and-fallback across these three variables - precedence matters only when multiple sources hold different valid tokens.

Classic PATs do not work with Copilot CLI

Copilot CLI requires a fine-grained personal access token (prefix github_pat_) with the Copilot Requests permission enabled. Classic PATs (prefix ghp_) fail authentication silently - the CLI falls through all three token variables and reports no valid credential. OAuth tokens (gho_ from copilot auth login) and GitHub App user-to-server tokens (ghu_) also work. If you see authentication failures despite having a token set, check the token prefix.

For codex, a missing CODEX_API_KEY produces the same pattern as Claude Code. Sortie starts normally, but every agent session fails with an authentication error during the app-server initialization handshake. If CODEX_API_KEY is unset, the adapter attempts to use cached credentials from ~/.codex/auth.json; if those are also absent or expired, StartSession fails with response_error. In SSH mode, the adapter injects CODEX_API_KEY into the remote command line because OpenSSH drops local environment variables by default.

For opencode, authentication is provider-specific and the adapter does not preflight it. OpenCode resolves credentials from its own environment, auth store, project .env, or opencode.json provider config, while the Sortie adapter injects or overrides a small managed OPENCODE_* set on every run and export subprocess.

Variable	Purpose	Description
`ANTHROPIC_API_KEY`	Anthropic provider auth	API key for Anthropic-backed OpenCode models.
`OPENAI_API_KEY`	OpenAI provider auth	API key for OpenAI-backed OpenCode models.
`GOOGLE_API_KEY`	Google direct provider auth	API key for Google-backed OpenCode models that use direct API-key authentication.
`AWS_*`	AWS-backed provider auth	AWS credentials, profiles, or bearer-token settings used by Bedrock-backed providers.
`GITLAB_TOKEN`	GitLab Duo auth	GitLab token for Duo-backed models.
`CLOUDFLARE_*`	Cloudflare-backed provider auth	Cloudflare credentials and account settings for Cloudflare-backed providers.
`GOOGLE_APPLICATION_CREDENTIALS`	Google / Vertex provider auth	Path to a Google service-account credentials file when OpenCode uses ADC-based Google or Vertex authentication.
`GOOGLE_CLOUD_PROJECT`	Google / Vertex provider config	Google Cloud project ID.
`VERTEX_LOCATION`	Google / Vertex provider config	Vertex AI region.
`OPENCODE_CONFIG`	Config injection	Path to an OpenCode config file.
`OPENCODE_CONFIG_DIR`	Config injection	Directory containing OpenCode config.
`OPENCODE_CONFIG_CONTENT`	Config injection	Inline JSON config content.
`OPENCODE_PERMISSION`	Permission policy	Inline JSON permission policy. When `opencode.allowed_tools` or `opencode.denied_tools` is configured, Sortie removes any inherited value and writes its managed policy instead.
`OPENCODE_AUTO_SHARE`	Session sharing	Auto-share on completion. Sortie-managed runs force this to `false`.
`OPENCODE_DISABLE_AUTOCOMPACT`	Context compaction	Managed by `opencode.disable_autocompact`.
`OPENCODE_DISABLE_AUTOUPDATE`	Self-update	Sortie-managed runs force this to `true`.
`OPENCODE_DISABLE_LSP_DOWNLOAD`	LSP download	Sortie-managed runs force this to `true`.

In local mode, provider credentials come from the parent environment or from OpenCode’s own auth/config state, while the managed OPENCODE_* values above are injected by the adapter. In SSH mode, Sortie prefixes only the managed OPENCODE_* variables onto the remote command. Provider credentials such as ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, AWS_*, GITLAB_TOKEN, CLOUDFLARE_*, GOOGLE_APPLICATION_CREDENTIALS, GOOGLE_CLOUD_PROJECT, and VERTEX_LOCATION must already exist on the remote host or in the remote host’s OpenCode auth/config state.

`$VAR` indirection in WORKFLOW.md

Selected WORKFLOW.md configuration fields resolve environment variable references at startup. This keeps secrets and deployment-specific values out of the workflow file.

When a field is overridden by a SORTIE_* environment variable, $VAR indirection is skipped for that field. See Configuration overrides.

Expansion modes

Two expansion functions exist. The mode depends on the field.

resolveEnvRef - Expands only when the entire trimmed value is a variable reference ($VAR or ${VAR}). Mixed content like https://example.com/$VAR is returned unchanged, preventing destructive rewriting of URIs and paths.

resolveEnv - Full os.ExpandEnv semantics. Expands $VAR and ${VAR} references anywhere in the string, including within larger values.

expandPath - Expands ~ or ~/ at the start of the value to the user’s home directory, then applies full os.ExpandEnv.

Fields with `$VAR` support

Field	Expansion mode	Example value	Resolves to
`tracker.endpoint`	`resolveEnvRef`	`$SORTIE_JIRA_ENDPOINT`	`https://myco.atlassian.net`
`tracker.api_key`	`resolveEnv`	`user@example.com:$SORTIE_JIRA_API_KEY`	`user@example.com:xyztoken123`
`tracker.project`	`resolveEnvRef`	`$SORTIE_JIRA_PROJECT`	`PLATFORM`
`tracker.query_filter`	`resolveEnvRef`	`$SORTIE_JIRA_QUERY_FILTER`	`labels = 'agent-ready'`
`tracker.handoff_state`	`resolveEnvRef`	`$SORTIE_HANDOFF_STATE`	`Human Review`
`workspace.root`	`expandPath`	`~/workspace/sortie`	`/home/deploy/workspace/sortie`
`db_path`	`expandPath`	`$SORTIE_DB_DIR/sortie.db`	`/var/lib/sortie/sortie.db`

All other fields (including agent.kind, agent.max_turns, hook scripts, etc.) are treated as literal strings with no expansion.

The variable names in the table are user-defined conventions, not Sortie-internal identifiers. For the GitHub adapter, common conventions are $SORTIE_GITHUB_TOKEN or $GITHUB_TOKEN for tracker.api_key (a plain personal access token, not email:token format) and $SORTIE_GITHUB_PROJECT for tracker.project (an owner/repo string). See the GitHub adapter reference for per-field semantics.

Behavior when a variable is unset or empty

Scenario	Behavior
`$VAR` resolves to an empty string	The field is treated as missing. For required fields (e.g., `tracker.api_key` when the adapter declares it required), this is a startup error.
The referenced variable does not exist in the environment	Same as empty - `os.ExpandEnv` returns `""` for undefined variables.
`tracker.handoff_state` resolves to empty	Startup error: `config: tracker.handoff_state: resolved to empty (check environment variable)`.
`db_path` resolves to empty	Startup error: `config: db_path: resolved to empty (check environment variable)`.

What this is not

$VAR indirection is not general shell expansion. It does not support:

Command substitution ($(command) or `command`)
Arithmetic expansion ($((1+2)))
Default values (${VAR:-default})
Glob expansion (*, ?)

Only the Go standard library os.ExpandEnv function is used. See the Go documentation for exact semantics.

Hook subprocess environment

Hook scripts (after_create, before_run, after_run, before_remove) run as subprocesses with a restricted environment. On POSIX systems, hooks execute via sh -c; on Windows, via cmd.exe /C. The full parent process environment is not inherited.

Injected variables

Sortie injects these variables into every hook invocation. They override any same-named variable from the parent environment.

Variable	Type	Description
`SORTIE_ISSUE_ID`	string	Stable tracker-internal issue ID.
`SORTIE_ISSUE_IDENTIFIER`	string	Human-readable ticket key (e.g., `PROJ-123`).
`SORTIE_WORKSPACE`	string	Absolute path to the per-issue workspace directory. Always the same as the hook’s working directory.
`SORTIE_ATTEMPT`	string	Current attempt number as a decimal integer. Starts at `1`. Increments on retries. `0` if the attempt count is unavailable.
`SORTIE_SSH_HOST`	string	SSH host allocated for this issue. Present only when SSH mode is active (`extensions.worker.ssh_hosts` is configured and a host was assigned). Absent in local mode.

`after_run` hook variables

These variables are injected only during after_run hook invocations.

Variable	Type	Description
`SORTIE_SELF_REVIEW_STATUS`	string	Self-review outcome for the current run. Values: `"disabled"` (self-review not configured), `"passed"` (review passed), `"cap_reached"` (iteration cap reached without passing), `"error"` (review loop encountered a fatal error). Set on all `after_run` invocations.
`SORTIE_SELF_REVIEW_SUMMARY_PATH`	string	Absolute path to `.sortie/review_summary.md` in the workspace. Contains a human-readable Markdown summary of the review outcome. Absent when self-review did not run or the summary file was not written.

See Configure self-review for usage examples.

Inherited variables

Beyond the injected variables above, hooks inherit two categories from the parent Sortie process:

Platform allowlist - A fixed set of standard infrastructure variables, varying by OS:

POSIX (Linux, macOS): PATH, HOME, SHELL, TMPDIR, USER, LOGNAME, TERM, LANG, LC_ALL, SSH_AUTH_SOCK
Windows: PATH, SYSTEMROOT, COMSPEC, PATHEXT, USERPROFILE, TEMP, TMP, APPDATA, LOCALAPPDATA, HOMEDRIVE, HOMEPATH, USERNAME

SORTIE_* prefix - All parent environment variables whose names start with SORTIE_ are inherited. This includes any SORTIE_* variables set via configuration overrides. This is the intended mechanism for passing additional values (API tokens, repository URLs, custom flags) into hooks without exposing the full process environment.

Stripped variables

Everything not in the allowlist and not prefixed with SORTIE_ is stripped. This includes:

Cloud credentials: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, GOOGLE_APPLICATION_CREDENTIALS
API tokens: JIRA_API_TOKEN, ANTHROPIC_API_KEY, GITHUB_TOKEN
Application config: DATABASE_URL, REDIS_URL, etc.

This is a security boundary. Hooks run user-authored shell scripts; restricting their environment limits the blast radius of a compromised or buggy hook.

Providing additional values to hooks

Two approaches:

SORTIE_-prefixed variables. Export the value with a SORTIE_ prefix in the parent environment. It passes through automatically.

export SORTIE_JIRA_API_TOKEN="xyztoken123"
export SORTIE_REPO_URL="git@github.com:myorg/myrepo.git"
sortie WORKFLOW.md

Inside the hook:

git clone "$SORTIE_REPO_URL" .

In-hook credential loading. Fetch credentials from external sources inside the script.
```
source /etc/sortie/hooks-env
aws sts get-caller-identity
```

Override precedence

When the same variable name exists in both the parent environment (via SORTIE_* passthrough) and the injected set, the injected value wins. For example, a parent SORTIE_ISSUE_ID=stale is overwritten by the orchestrator’s current SORTIE_ISSUE_ID for the active issue.

MCP server environment

The MCP tool server (sortie mcp-server) runs as a child process of the agent runtime, not of the Sortie orchestrator. The agent runtime constructs the MCP server’s environment exclusively from the env field in .sortie/mcp.json - variables not listed in that block do not reach the server. The worker writes per-session context variables and all SORTIE_*-prefixed process environment variables into this block before launching the agent.

Environment composition

The env block is built in two layers:

SORTIE_* process variables (lower precedence). The worker scans the orchestrator’s process environment and collects every variable whose name starts with SORTIE_. This captures credential variables (e.g., SORTIE_TRACKER_API_KEY), configuration overrides (e.g., SORTIE_POLLING_INTERVAL_MS), and any operator-defined SORTIE_* values.
Per-session variables (higher precedence). The worker writes these six variables, overriding any same-named key from layer 1:

Variable	Type	Description
`SORTIE_ISSUE_ID`	string	Tracker-internal issue ID. Scopes tool operations to the current issue.
`SORTIE_ISSUE_IDENTIFIER`	string	Human-readable ticket key (e.g., `PROJ-123`). Used by `tracker_api` for project-level scoping.
`SORTIE_WORKSPACE`	string	Absolute path to the per-issue workspace directory.
`SORTIE_DB_PATH`	string	Absolute path to the Sortie SQLite database. The MCP server opens this in read-only mode for Tier 1 tools that query run history (e.g., `workspace_history`). This is the same resolved path that the orchestrator uses - if you set `SORTIE_DB_PATH` as a configuration override, the MCP server receives that same value.
`SORTIE_SESSION_ID`	string	Opaque session identifier for the current worker run. Used by tools that query session-specific data.
`SORTIE_ATTEMPT`	string	Current retry attempt number as a decimal integer. Written when the orchestrator has attempt information (retries and continuations). Absent on the very first dispatch. Starts at `1` for the first retry and increments on subsequent retries.

Per-session variables always win. A stale SORTIE_ISSUE_ID in the process environment is overwritten by the orchestrator’s value for the active issue.

Credential delivery

Tier 2 tools (like tracker_api) need tracker API credentials. These reach the MCP server through the env block: the worker’s process environment contains credential variables (e.g., SORTIE_TRACKER_API_KEY), the SORTIE_* prefix scan collects them, and the worker writes them into .sortie/mcp.json. The MCP server’s config parser (applyEnvOverrides) resolves $VAR indirection in the workflow file against these variables.

When the operator uses --env-file, the CLI exports the resolved absolute path as SORTIE_ENV_FILE in the process environment. The prefix scan captures this variable, so the MCP server receives the .env file path and can load it through its own applyEnvOverrides mechanism.

The .sortie/mcp.json file is written with 0o600 permissions (owner read/write only) and resides within the per-issue workspace directory. The credential is already available to the agent subprocess via os.Environ() - writing it to the config file does not expand the agent’s access.

Controlled environment

Unlike the hook subprocess environment, which uses a POSIX allowlist plus SORTIE_* prefix filter on the parent process, the MCP server receives its environment entirely from the config file’s env block. Non-SORTIE_* variables from the orchestrator’s process (e.g., PATH, HOME, ANTHROPIC_API_KEY) are not passed to the MCP server. The SORTIE_* prefix acts as a bounded namespace - no non-Sortie secrets leak into the config file.

Relationship to hook variables

Four per-session variables (SORTIE_ISSUE_ID, SORTIE_ISSUE_IDENTIFIER, SORTIE_WORKSPACE, SORTIE_ATTEMPT) are shared with the hook subprocess environment. SORTIE_DB_PATH and SORTIE_SESSION_ID are specific to the MCP execution channel - hooks don’t receive them. In hooks, SORTIE_ATTEMPT is always present (defaulting to 0 on the first dispatch). In the MCP env block, SORTIE_ATTEMPT is written only when the orchestrator has attempt information (retries and continuations); on the very first dispatch it is absent from the per-session set, though it may still appear if the operator’s process environment contains a SORTIE_ATTEMPT variable captured by the SORTIE_* prefix scan.

Install script variables

The install.sh script accepts three environment variables that control installation behavior.

Variable	Default	Description
`SORTIE_VERSION`	Latest GitHub release	Pin a specific release tag (e.g., `1.9.0`). When set, the script skips the GitHub API call to discover the latest version.
`SORTIE_INSTALL_DIR`	`/usr/local/bin` (root) or `~/.local/bin` (non-root)	Override the directory where the `sortie` binary is placed.
`SORTIE_NO_VERIFY`	`0`	Set to `1` to skip SHA-256 checksum verification of the downloaded binary.

Example:

SORTIE_VERSION=1.9.0 SORTIE_INSTALL_DIR=/opt/bin \
  curl -sSL https://get.sortie-ai.com/install.sh | sh