Skip to content
PREQSTATION Guide

Environment Variables

This reference documents all environment variables used by projects-manager, preqstation-skill, and preqstation-openclaw.

projects-manager

Server-side variables for the main PREQSTATION web service.

VariableRequiredDefaultPurpose
AUTH_SECRETYesHMAC session secret (minimum 16 characters)
OWNER_EMAILYesSingle account email address
OWNER_PASSWORDYesOwner password (minimum 8 characters)
DATABASE_URLYesNeon PostgreSQL connection string
ALLOWED_ORIGINSNoCORS verification (comma-separated URLs)
CRON_SECRETNoVercel cron job authentication secret

Setup Example

.env.local
AUTH_SECRET="your-secret-min-16-chars"
OWNER_EMAIL="you@example.com"
OWNER_PASSWORD="securepassword123"
DATABASE_URL="postgresql://user:pass@host/dbname"
ALLOWED_ORIGINS="https://yourdomain.com,https://www.yourdomain.com"
CRON_SECRET="cron-secret-for-vercel"

Database Setup

Get your Neon PostgreSQL connection string:

  1. Create project on Neon Console
  2. Copy connection string: postgresql://[user]:[password]@[host]/[dbname]
  3. Set as DATABASE_URL

preqstation-skill

Agent-side variables for MCP server and shell helpers.

VariableRequiredDefaultPurpose
PREQSTATION_API_URLYesprojects-manager API base URL (e.g., https://mypreqstation.vercel.app)
PREQSTATION_TOKENYesBearer token (format: preq_ prefix, from /api-keys page)
PREQSTATION_ENGINENocodexFallback engine when client auto-detection unavailable

Setup Example

Terminal window
# ~/.zshrc or ~/.bashrc
export PREQSTATION_API_URL="https://your-preqstation-domain.vercel.app"
export PREQSTATION_TOKEN="preq_xxxxxxxxxxxxxxxxx"
export PREQSTATION_ENGINE="claude-code"  # optional

Getting a Token

  1. Deploy projects-manager
  2. Log into web UI
  3. Go to Settings → API Keys
  4. Click “New Token”
  5. Copy the generated token (starts with preq_)

Engine Values

ValueMeaning
claude-codeClaude Code
codexCodex (OpenAI)
gemini-cliGemini CLI

preqstation-openclaw

Execution layer variables for OpenClaw skill and worktree management.

VariableRequiredDefaultPurpose
OPENCLAW_WORKTREE_ROOTNo/tmp/openclaw-worktreesRoot directory for isolated task worktrees

Setup Example

Terminal window
# ~/.zshrc or ~/.bashrc
export OPENCLAW_WORKTREE_ROOT="/home/user/openclaw-worktrees"

Worktree Root Considerations

Default: /tmp/openclaw-worktrees

  • Temporary directory, cleaned on system reboot
  • Fine for transient task execution
  • Works with most CI/CD systems

Custom: /home/user/openclaw-worktrees

  • Persistent across reboots
  • Useful for debugging and inspection
  • Requires manual cleanup of old worktrees

In CI/CD:

Terminal window
export OPENCLAW_WORKTREE_ROOT="/workspace/openclaw-worktrees"

Complete Setup Checklist

Terminal window
# 1. Install projects-manager (optional for local testing)
# Skip if using hosted instance


# 2. Set preqstation-skill variables
export PREQSTATION_API_URL="https://your-hosted-domain.vercel.app"
export PREQSTATION_TOKEN="preq_xxxxx"  # from /api-keys page
export PREQSTATION_ENGINE="claude-code"


# 3. Set preqstation-openclaw variables (optional)
export OPENCLAW_WORKTREE_ROOT="$HOME/openclaw-worktrees"


# 4. Verify connectivity
curl -H "Authorization: Bearer $PREQSTATION_TOKEN" \
  "$PREQSTATION_API_URL/api/health"
# Should return: {"status":"ok"}

Environment Variable Scope

LayerVariablesScope
Web ServiceAUTH_SECRET, OWNER_EMAIL, OWNER_PASSWORD, DATABASE_URL, ALLOWED_ORIGINS, CRON_SECRETServer-side only, set during deployment
MCP ServerPREQSTATION_API_URL, PREQSTATION_TOKEN, PREQSTATION_ENGINEAvailable to all MCP tools and shell helpers
ExecutionOPENCLAW_WORKTREE_ROOTAffects where worktrees are created during task execution

Secrets Best Practices

  1. Never commit secrets — Use .env.local (git-ignored)
  2. Use secret managers — GitHub Secrets, Vercel Env, HashiCorp Vault
  3. Rotate tokens regularly — Revoke old tokens from /api-keys page
  4. Scope tokens narrowly — Use separate tokens per environment
  5. Monitor token usage — Check audit logs for suspicious activity