# How to deploy an agent

Walk through every setting on the agent editor: integration, model, prompt, rules, MCPs, skills, env vars, vaults, and your code repo.





This is a field-by-field walkthrough of the agent editor. Open [Fleet](https://app.nairi.ai/agents/fleet) and click **New agent** to follow along. Most fields are optional, so don't feel like you need to fill everything in on day one.

If you'd rather skim a top-down overview first, see the [Quickstart](/help/getting-started/quickstart).

## What you have to set [#what-you-have-to-set]

Only two fields are required:

* **Agent Name**
* **Agent Integration**

Everything else can be added or changed later. Creating an agent is free. You're billed when it runs a task.

## Agent Name [#agent-name]

The name is also the **Agent ID** that you'll use to address the agent from Slack (`@<name>`), Discord, and the API.

* Pick something short and unique.
* The dashboard shows the generated ID below the field as you type, e.g. `data-bot` for "Data Bot". Lowercase, alphanumeric, with `/`, `.`, `_`, `-` allowed.
* Up to 200 characters.

You can't rename an agent after creation, so choose something you'll be happy with.

## GitHub Repository [#github-repository]

Optional. Connect a repo when:

* You want the agent to read code, push branches, and open PRs.
* You want it to pick up `.claude/skills/`, `CLAUDE.md`, or `AGENTS.md` from a configuration repo.

The dropdown shows repos you've already wired up. Pick &#x2A;*"+ Create new repository integration"*&#x2A; to attach a new one from your GitHub install, or leave it on &#x2A;*"No repository"** if the agent doesn't need code access.

If you haven't connected GitHub yet, see [Connecting GitHub](/help/integrations/github).

## Agent Integration [#agent-integration]

Required. This decides which agent harness (Claude Code, Codex, OpenCode) the agent runs under, and which API key pays for its tokens.

The dropdown groups options by provider:

* **Nairi Platform** — the free shared pool. Counts against your plan's monthly task quota. Good for trying things out.
* **Anthropic** — your own Anthropic API key or OAuth credit. Runs Claude Code.
* **Opencode** — OpenCode Zen or any OpenCode-supported provider.
* **Codex** — OpenAI's Codex CLI.

If you haven't connected any LLM provider yet, see [Connecting your LLM provider](/help/integrations/llm-provider). The Nairi Platform option is always there on managed agents.

### Picking a model [#picking-a-model]

After choosing the integration, a second dropdown appears with the models available for that provider:

* **Anthropic** → Claude Model (Sonnet, Opus, Haiku)
* **Opencode** → LLM Model (any provider OpenCode supports, e.g. `anthropic/claude-sonnet-4-5`)
* **Codex** → Codex Model

The Nairi Platform option doesn't show a model picker. It uses a sensible default.

### Quick decision guide [#quick-decision-guide]

| If you want…                | Pick…                             |
| --------------------------- | --------------------------------- |
| Best-in-class coding output | Anthropic + Claude Sonnet or Opus |
| Cheapest run                | Opencode with a low-cost provider |
| OpenAI-only stack           | Codex                             |
| Just to try Nairi           | Nairi Platform (free)             |

## Agent Rules [#agent-rules]

Long-lived markdown instructions the agent should follow when they're relevant: project conventions, tone, security policies, code style. See [Rules](/help/rules) for the full overview.

Rules are managed at org level under [Settings → Artifacts](https://app.nairi.ai/settings/artifacts?tab=rules). Attach the ones you want to this agent by ticking the checkboxes in the Agent Rules section.

The description on each rule is what the agent reads to decide whether the rule applies to a given task. Keep each rule focused on one topic.

## MCP Configs [#mcp-configs]

MCP (Model Context Protocol) servers give the agent tools: read a database, query a CRM, fetch logs, post a message somewhere. See [MCP Tools](/help/mcp) for the full overview.

Attach an MCP config to the agent by ticking it in the MCP Configs section. Configs are managed at org level under [Settings → Artifacts](https://app.nairi.ai/settings/artifacts?tab=mcp-configs).

Two ways to add MCPs:

* **MCP Marketplace** — one-click OAuth via Composio. Hundreds of SaaS tools.
* **Custom MCP config** — paste JSON for stdio or HTTP/SSE servers.

It's safe to inline credentials in an MCP config: the JSON is held by the mcp-proxy sidecar, not the agent. Tick **Mark as sensitive** when creating the config so the dashboard hides its content. See [MCP Tools](/help/mcp) for the full story.

## Skills [#skills]

Skills are packaged capabilities the agent can invoke on demand: "send a Slack DM", "draft a Linear issue", "trigger a Vercel deploy". See [Skills](/help/skills) for the full overview.

Attach a skill by ticking it in the Skills section. Skills are managed at org level under [Settings → Artifacts](https://app.nairi.ai/settings/artifacts?tab=skills).

Two sources:

* **Skill Marketplace** — Nairi's curated catalogue.
* **Custom skill** — upload your own `.zip` or `.skill` package.

The skill's description in `SKILL.md` is what the agent reads to decide *when* to use it. A vague description means the skill never gets invoked.

Skills that call third-party APIs almost always pair with a [secret vault](#secret-vaults) holding the API key. The skill reads the credential as `$CCASECRET_<NAME>`; the vault provides the actual value.

## Secret Vaults [#secret-vaults]

For API keys, tokens, database passwords, and anything else sensitive — usually consumed by a skill the agent runs.

A vault is a named bundle of secrets. Tick the checkbox to attach a vault to the agent. Vaults are managed at [Settings → Artifacts](https://app.nairi.ai/settings/artifacts?tab=vaults).

The typical pattern: you have a skill (your own or from the Marketplace) that calls some third-party API. The skill's script reads `$CCASECRET_VERCEL_API_KEY` (or whichever env var name), and the vault provides the actual value. Same skill works for everyone in your org; each org plugs in its own vault.

What happens at runtime:

* The agent's process sees a placeholder like `CCASECRET_VERCEL_API_KEY` in its environment.
* The secret proxy swaps the placeholder for the real value only on outbound HTTPS requests to the domains you allowed.
* The plaintext value is never written to the container's filesystem.

See [Vaults](/help/vaults) for setup and [How Nairi manages secrets](/help/vaults/security-model) for the full security model.

<Callout type="warn">
  Secret vaults are not available on self-hosted agents. Use plain environment variables or your own secret management on self-hosted runtimes.
</Callout>

## Environment Variables [#environment-variables]

Non-sensitive config: feature flags, base URLs, account IDs, default branches. Plaintext key-value pairs injected directly into the agent's environment.

The Environment Variables section is a small table at the bottom of the editor:

| Key                     | Value                     |
| ----------------------- | ------------------------- |
| `GITHUB_DEFAULT_BRANCH` | `main`                    |
| `API_BASE_URL`          | `https://api.example.com` |

The last row is always a placeholder for adding a new one. Fill in a key and value, and a new empty row appears automatically.

For anything sensitive, use a vault. Env vars are visible in plaintext in the dashboard and not domain-restricted.

## System Prompt (Advanced) [#system-prompt-advanced]

Hidden inside the **Advanced** section at the bottom of the editor. Click to expand.

Nairi ships a default system prompt tuned for our flow (PRs, threads, tool calls). Leave it alone unless you have a reason. Custom prompts are good for:

* Pinning a persona ("You are the on-call SRE bot").
* Adding hard constraints the agent must remember every turn.
* Switching writing style for customer-facing output.

What does *not* belong in the system prompt:

* Step-by-step procedures. Use [skills](/help/skills).
* Long-lived policies. Use [rules](/help/rules).
* Secrets. Use [vaults](/help/vaults).

Aim for under 500 tokens. To reset to the platform default, clear the field and save.

## Save and deploy [#save-and-deploy]

Two buttons appear depending on which fields you change:

* **Save** (next to Description or System Prompt) saves just that field. No redeploy.
* **Save & Redeploy** (bottom-right) saves the whole configuration and rolls out a fresh container. Used for any change to rules, MCPs, skills, env vars, vaults, or model.

For self-hosted agents, the button says **Save Configuration** instead. You'll need to restart `nairid` on your own infrastructure to pick up the new config.

The first **Save & Redeploy** is what brings the agent online for the first time.

## Connecting to Slack or Discord [#connecting-to-slack-or-discord]

Once the agent is deployed, bind it to a channel so people can talk to it:

* **Slack** — run `/nairi config` in the channel and pick this agent. See [Configuring the agent in Slack](/help/configuring-the-agent/slack).
* **Discord** — mention `@Nairi config` in the channel. See [Configuring the agent in Discord](/help/configuring-the-agent/discord).

The Connected Channels section in the agent editor shows which channels are routing to this agent. It's read-only here. Binding happens in Slack and Discord, not in the dashboard.

## Related [#related]

* [Where and how your agent runs](/help/building-agents/runtime)
* [Rules](/help/rules) · [Skills](/help/skills) · [MCP Tools](/help/mcp) · [Vaults](/help/vaults)
* [Quickstart](/help/getting-started/quickstart)

***

*Can't find what you're looking for? Email [support@nairi.ai](mailto:support@nairi.ai).*