> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fabro.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Scripted install and local server auth

## Scripted non-interactive install

`fabro install` now supports fully non-interactive setup, including GitHub App creation. You can pass all required values as flags — app ID, private key, webhook secret — without any browser interaction. The installer generates Ed25519 keys natively in Rust instead of shelling out to OpenSSL, and the browser-based GitHub App bootstrap flow has been removed in favor of the CLI-only path. This makes it possible to script Fabro deployments in CI or headless environments.

```bash theme={"languages":{"custom":["/languages/dot.json","/languages/fabro.json"]}}
fabro install --github-app-id 12345 --github-private-key-file key.pem --github-webhook-secret s3cret
```

## Dev-token local server auth

Local CLI-managed servers previously started with no authentication. Now, `fabro server start` provisions a dev token and passes it to both the CLI and web clients automatically. This means local servers are authenticated by default — the web UI redirects through a token-based login flow, and CLI commands authenticate transparently. The dev token is scoped to the local session and stored alongside other server state.

<Warning>
  **`GITHUB_CLI_TOKEN` renamed to `GITHUB_TOKEN`.** The environment variable and vault secret for GitHub token auth have been renamed. The `gh_cli` strategy is now called `token`, reflecting that at runtime it's just a stored token — not tied to the `gh` CLI.

  To migrate: replace `GITHUB_CLI_TOKEN` with `GITHUB_TOKEN` in your environment or vault configuration. Current server runtimes read `GITHUB_TOKEN` from the vault.
</Warning>

## More

<Accordion title="Fixes">
  * Fixed OpenAI Codex OAuth device auth to align with current endpoint response shape
  * Fixed setup registration and OAuth state validation to prevent half-written configurations
  * Fixed vault-backed credentials not loading during server-spawned workflow execution
</Accordion>
