Local development
Running locally is the fastest way to test a configuration before committing to a cloud deployment.Configure environment variables
.env and fill in at minimum the three required variables:Install dependencies and start the server
.env is not auto-loaded. The dev script runs tsx src/index.ts with no dotenv integration, so variables in .env are ignored unless you load them yourself. Either start with tsx --env-file=.env src/index.ts, or export the variables into your shell first with set -a; source .env; set +a before running npm run dev.Fly.io deployment
For production use, deploy the orchestrator as a Fly.io app. Each client (team or tenant) runs as a separate Fly app defined by a.toml file in the clients/ directory.
Install the Fly CLI and log in
Follow the Fly.io CLI installation guide and run
fly auth login.Provision a new client
The Alternatively, copy the example client config and create resources manually:
scripts/provision-client.sh script walks you through creating a new Fly app interactively:Set Fly secrets
The orchestrator reads its credentials from Fly secrets at runtime:Add
ADMIN_ACCESS_CODE and any notification variables if needed.Auto-deploy on push (FLY_API_TOKEN)
The deploy-clients.yml workflow in the orchestrator repo deploys every client in clients/*.toml on each push to main. It authenticates with a single GitHub Actions secret, FLY_API_TOKEN, set on the orchestrator repo under Settings → Secrets and variables → Actions.
This is not the same token as
FLY_SESSIONS_TOKEN. FLY_API_TOKEN is a CI secret used only to run flyctl deploy. FLY_SESSIONS_TOKEN is a runtime environment variable the orchestrator reads to spawn Fly Machine session machines.Fly.io infrastructure details
Each Fly app uses:- Machine size:
shared-cpu-1xwith 256 MB of memory — sufficient for the polling loop and admin UI - Volume: A
dedup_datavolume mounted at/datafor SQLite persistence (deduplication, team mappings, and dispatch log) - HTTP service: Internal port 8080, HTTPS enforced, minimum one machine always running
Environment variables
The table below covers all variables the orchestrator reads. Required variables must be set before the service will start successfully. See Environment variables for AI-Implement for more detailed information on each variable.| Variable | Required | Default | Description |
|---|---|---|---|
LINEAR_API_KEY | Yes | — | Linear personal API key for polling issues and updating status |
GITHUB_APP_ID | Yes | — | GitHub App numeric ID used to generate installation tokens |
GITHUB_APP_PRIVATE_KEY | Yes | — | GitHub App RSA private key in PEM format, with newlines escaped as \n |
ADMIN_ACCESS_CODE | No | — | Password for the admin UI at /admin. If unset, the admin UI is disabled |
NOTIFY_TYPE | No | — | Notification provider: slack or teams |
NOTIFY_WEBHOOK_URL | No | — | Incoming webhook URL for Slack or Teams notifications. Notifications are skipped if unset |
POLL_INTERVAL_MS | No | 60000 | How often the orchestrator polls Linear for new issues, in milliseconds |
PORT | No | 8080 | HTTP port the orchestrator listens on |
DEDUP_DB_PATH | No | /data/dedup.sqlite | Path to the SQLite database file |
GITHUB_WEBHOOK_SECRET | No | — | HMAC-SHA256 secret for validating incoming GitHub webhook payloads |
What’s next
Connect a target repo
Sync workflow templates into a GitHub repo and map it to a Linear team in the admin UI.
Environment variables reference
Full reference for every environment variable the orchestrator supports.