Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.qredence.ai/llms.txt

Use this file to discover all available pages before exploring further.

Fleet Pi loads configuration from .env at the repo root. apps/web/vite.config.ts is responsible for loading the file into the server-side routes; values are accessed through process.env at runtime. The canonical example lives in .env.example. This page is the authoritative reference for every variable Fleet Pi reads, grouped by concern.

AWS / Bedrock

VariableRequiredDefaultPurpose
AWS_REGIONNous-east-1Region for every Bedrock call. Models must be enabled in this region.
AWS_PROFILENoUse a named AWS profile from ~/.aws/credentials.
AWS_BEARER_TOKEN_BEDROCKNoSet only if your Bedrock setup uses bearer-token authentication.
Fleet Pi uses the standard AWS credential chain — environment variables, profile, or IAM role. You can also provide AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY directly.

Pi runtime

VariableRequiredDefaultPurpose
PI_AGENT_DIRNoPi defaultOverride the Pi agent resource directory. Read in server-runtime.ts and server-shared.ts.
FLEET_PI_RUNTIME_TTL_MSNo600000How long a Pi runtime stays warm between chat turns (10 minutes by default).
FLEET_PI_REPO_ROOTNocwdOverride the project root that the workspace server treats as canonical.

Logging

VariableRequiredDefaultPurpose
LOG_LEVELNoinfoPino log level. Logs are pretty-printed unless NODE_ENV=production.
NODE_ENVNoControls pretty-printing and a few Vite behaviors.
The logger lives in apps/web/src/lib/logger.ts. It includes PII redaction and emits a requestId correlation ID for every chat request, which lines up with bedrock-api circuit-breaker events for incident review.

Authentication (Better Auth)

Auth is disabled until you set BETTER_AUTH_SECRET. When the secret is present, Better Auth is mounted at /api/auth/*.
VariableRequired when auth enabledDefaultPurpose
BETTER_AUTH_SECRETYesSigning secret. Generate with openssl rand -base64 32.
BETTER_AUTH_URLNohttp://localhost:3000Base URL used for OAuth callback URLs.
BETTER_AUTH_TRUSTED_ORIGINSNoBETTER_AUTH_URLComma-separated list of trusted origins for the auth router.
AUTH_DATABASE_PATHNo.fleet/auth.sqliteSQLite database path for users and sessions.
GOOGLE_CLIENT_IDNoEnables Google OAuth when paired with GOOGLE_CLIENT_SECRET.
GOOGLE_CLIENT_SECRETNoRequired with GOOGLE_CLIENT_ID.
The Google login button is hidden in the UI when either Google variable is missing.

Sessions and workspace paths

Pi session files are persisted under .fleet/sessions/ inside the repo. The session manager rejects paths outside the repo-scoped directory via isUsableSessionFile, so a stale sessionFile in localStorage silently falls back to a fresh session — see runbooks for recovery. Canonical durable state lives under agent-workspace/. The workspace server reads canonical files directly and uses agent-workspace/indexes/ only as projection storage.

Generated configuration files

FilePurpose
apps/web/src/routeTree.gen.tsGenerated by TanStack Router. Do not edit by hand.
openapi.jsonGenerated from zod schemas, drives the API reference. Regenerate with pnpm generate:docs.
agent-workspace/manifest.jsonDescribes the canonical workspace shape and the contract version.

Quickstart

Apply this configuration end to end.

Runbooks

Troubleshoot Bedrock errors, sessions, and circuit-breaker state.