Skip to main content

Documentation Index

Fetch the complete documentation index at: https://onecli.sh/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

OneCLI connects AI agents to Fly.io so they can deploy and manage applications, Machines, volumes, and secrets. The gateway injects your API token into requests automatically.

Setup

1

Create an API token

Generate a token from the Fly.io dashboard or run:
fly tokens create org
2

Connect in OneCLI

Open the OneCLI dashboard, go to Connections > Fly.io, and paste your API token.

How it works

  1. Your API token is encrypted and stored by OneCLI
  2. When an agent sends a request to api.machines.dev or api.fly.io, the gateway intercepts it
  3. The gateway injects the token as an Authorization: Bearer header
  4. The request is forwarded to Fly.io
Agents never see the raw token.

What agents can do

AreaExamples
AppsCreate, list, and manage Fly applications
MachinesStart, stop, and configure Fly Machines
VolumesCreate and manage persistent storage volumes
SecretsSet and unset application secrets
DeploymentsDeploy new releases
CertificatesManage TLS certificates for custom domains

Use cases

  • Coding agents deploying applications after building
  • Infrastructure agents scaling Machines up or down
  • Monitoring agents checking application health
  • Agents managing secrets and environment variables

Controlling access with rules

Use OneCLI’s rules engine to restrict agent access. For example, block destructive operations like deleting apps or machines, or rate-limit deployments. Rules are evaluated before credential injection.