Handbook
Forge Fleet quickstarts
Audience: Developers picking a track, or operators sanity-checking an install. Outcome: Run the Verify block for your path (local, bare metal, workspace, templates, TLS). Prerequisites: Shell and curl; Docker for…
Updated
Each section ends with Verify steps you can run from the same shell (adjust host/port).
Default ports: 18765 (CLI default), 18766 (common user install). Replace $BASE and $TOKEN below.
export BASE=http://127.0.0.1:18765
curl_auth=( )
[[ -n "${FLEET_TOKEN:-}" ]] && curl_auth=( -H "Authorization: Bearer ${FLEET_TOKEN}" )
1. Local developer (5–10 min)
- Prefer the guided Install & run locally page (venv + Compose recap); then
pip install -e .via Git install if you need packaging detail. - Run
fleet-server --host 127.0.0.1 --port 18765with a writableFLEET_DATA_DIR, or use your install’ssystemctl --userunit. - Open
/admin/if the bind is loopback.
Verify
curl -sS "${BASE}/v1/version" | head -c 400; echo
curl -sS "${curl_auth[@]}" "${BASE}/v1/health" | head -c 400; echo
Expect 200 and JSON. If you set FLEET_BEARER_TOKEN and bind beyond loopback, include Authorization.
2. Fresh host operator (20–45 min)
- Follow HOST-BOOTSTRAP.md for Docker/OS and (optional) Caddy.
- Install Fleet per GIT-INSTALL.md; set
FLEET_BEARER_TOKENinforge-fleet.envfor non-loopback binds. systemctl --user enable --now forge-fleet.service(or your distro equivalent).
Verify
curl -sS "${curl_auth[@]}" "${BASE}/v1/version"
curl -sS "${curl_auth[@]}" "${BASE}/v1/health"
curl -sS "${curl_auth[@]}" "${BASE}/v1/admin/snapshot" | head -c 600; echo
Expect 200 for all three. /v1/admin/snapshot is large—pipe to head or jq filters.
3. First API job (after server is up)
Requires Docker available to the Fleet process. See EXAMPLES.md for a full docker run example.
Verify
# After POST /v1/jobs returns {"id":"..."}:
curl -sS "${curl_auth[@]}" "${BASE}/v1/jobs/<job_id>"
Expect status to move from queued → running → terminal state.
4. Workspace upload job (longer)
POST /v1/jobswithmeta.workspace_upload_required: true and optional manifest flags — WORKSPACE_UPLOAD.md.PUT /v1/jobs/{id}/workspacewith gzip tarball.- Poll
GET /v1/jobs/{id}.
Verify: job meta.workspace_state progresses to ready; then runner starts the container.
5. Container template build (Docker host)
- Ensure
requirement_templates.jsonand Docker/BuildKit per CONTAINER-TEMPLATES.md. POST /v1/container-templates/buildwith requirement ids.
Verify
curl -sS "${curl_auth[@]}" "${BASE}/v1/container-templates/status"
6. Caddy / TLS front (20–60 min)
Follow CADDY-SYSTEMD.md or CADDY-UNIFIED-GRANITE.md. DNS + certificates dominate wall time.
Verify: curl https://your-host/v1/health with correct Authorization when bearer is required.
7. Remote git self-update (maintainer)
From a machine that can reach the API: POST /v1/admin/git-self-update with bearer — see API-REFERENCE.md and README.md. System installs under /opt/forge-fleet may return 400 with a host-shell command instead.
Verify: GET /v1/version shows updated package_semver / git metadata after restart.
Common failures
| Symptom | What to do |
|---|---|
401 on /v1/* |
Send Authorization: Bearer when a token is configured or the bind is not loopback-only. |
docker: not found or jobs stuck queued |
Install Docker/Podman; see Host bootstrap. |
| Workspace job never leaves pending_upload | PUT /v1/jobs/{id}/workspace with a valid gzip tar; see Workspace upload. |
| 502 via Caddy | Confirm Fleet listens where the proxy expects; curl Fleet loopback. |
More: Troubleshooting.