AgentFlow Enterprise Docs
Integrations Setup
This page documents only integrations present in code or readiness configuration, with optional or unverified paths clearly marked.
Integration Matrix
| Integration | Variables | Current behavior |
|---|---|---|
| HubSpot | HUBSPOT_ACCESS_TOKEN, HUBSPOT_WEBHOOK_SECRET, HUBSPOT_CLIENT_SECRET | Optional contact create/update and webhook handling when configured. Missing tokens mark sync as not_configured or skip passive events. |
| Slack | SLACK_WEBHOOK_URL plus optional alias variables | Optional webhook or bot-token notification dispatch for hot/sales-ready qualification events. |
| Google Calendar / Sheets | GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_CALENDAR_ID, GOOGLE_SHEETS_ID plus aliases | Readiness path only in inspected integration env detection/passive event recording unless surfaced and validated in UI. |
| OpenAI | OPENAI_API_KEY, optional OPENAI_MODEL | Server-side AI qualification and chat route calls only. |
| Amplitude | NEXT_PUBLIC_AMPLITUDE_API_KEY | Browser-safe product analytics plus server-side checkout/payment events. Avoid PII in event properties. |
| Sentry | SENTRY_DSN, NEXT_PUBLIC_SENTRY_DSN | Error tracking configuration. Verify PII filtering and source map upload settings before production. |
| UptimeRobot / status page | NEXT_PUBLIC_STATUS_PAGE_URL | Optional public status page link displayed by /status. |
CRM, Notifications, and Google Readiness
- HubSpot sync is optional and should be described as configured when
HUBSPOT_ACCESS_TOKENor accepted private app token variables are present. - Slack dispatch is optional. It can use an incoming webhook or bot token plus channel id depending on configured variables.
- Google Calendar and Sheets variables are detected, but inspected code records passive readiness status rather than proving a customer-facing UI workflow.
- Outbound webhooks are present through
OUTBOUND_WEBHOOK_URLandOUTBOUND_WEBHOOK_SECRET; they are outside the requested required page list but are part of integration dispatch.
Do not over-market integrations
Use wording such as optional, configured when environment variables are present, readiness path, or requires production verification unless the UI and end-to-end provider behavior are validated.
AI, Analytics, and Monitoring
OpenAI calls run server-side through route handlers. Browser code should never receive OPENAI_API_KEY, model provider credentials, raw prompts that expose private logic, or provider stack traces.
Amplitude and Sentry must be configured with privacy expectations: avoid raw PII in analytics events, filter sensitive error context, and confirm DSN/client exposure is intentional.