add claude agent step docs#3233
Conversation
|
Hey @liam-mackie are there some images that go with this change? |
Yes, there are! Sorry, I meant to set this as a draft PR so I could get some docs partially ready for a bug bash on Monday 😅 I'll be adding screenshots to the docs and refining them next week - I'll ping you once we need a review 🙇 |
The three Claude Agent Step pages referenced 10 screenshot PNGs that were never captured, so the linkinator crawl in the PR build failed with 404s. Fold each pending image tag into its <!-- SCREENSHOT --> block so the build passes; uncomment them once the screenshots are captured.
|
Pull request environment is available at https://stoctodocspr3233.z22.web.core.windows.net. You can view the ephemeral environment status in Octopus Deploy. This environment will be automatically deprovisioned when the pull request is closed, or after 7 days of inactivity. |
| 1. Open your deployment process or runbook and select **Add step**. | ||
| 2. Search for `claude` and choose **Run Claude Agent** from the step library. | ||
|
|
||
| <!-- SCREENSHOT: step-library-run-claude.png |
There was a problem hiding this comment.
Any content included in a list has to be indented... but you can also switch out of a list and use headings instead if there's lots of content within the list.
i.e.,
## 1. Add step
Open your deployment process or runbook and select **Add step**
(screenshot)
## 2. Add the Run Claude Agent step
Search for...# Conflicts: # src/pages/docs/octopus-ai/claude-agent-step/index.md
|
|
||
| The Claude Agent Step gives you a place to run an agent *inside* the deployment. You choose how much the agent can do, from a read-only investigation to running commands on the target, and you can sandbox the process so a mistake stays contained. Octopus hands the agent the deployment's context, so it knows which project, environment, and release it's working on. Every invocation of Claude streams to the task log, records its token usage and cost, and stores a full transcript you can review later. | ||
|
|
||
| We built it with two kinds of work in mind. The first is investigating and reacting to deployments: a DevOps engineer who owns a runbook and wants an agent to look at a failed deployment and explain what went wrong, or run a quick smoke test before a release is promoted. The second is building the step into templates: a platform engineer who wants to offer a safe, pre-scoped agent step to their teams. If pre-scoping agents sounds useful to you, read [Security & Compliance](/docs/octopus-ai/claude-agent-step/security-and-compliance) for more information. |
There was a problem hiding this comment.
I don't think there is a section in sec and compliance for this
| We built it with two kinds of work in mind. The first is investigating and reacting to deployments: a DevOps engineer who owns a runbook and wants an agent to look at a failed deployment and explain what went wrong, or run a quick smoke test before a release is promoted. The second is building the step into templates: a platform engineer who wants to offer a safe, pre-scoped agent step to their teams. If pre-scoping agents sounds useful to you, read [Security & Compliance](/docs/octopus-ai/claude-agent-step/security-and-compliance) for more information. | |
| We built it with two kinds of work in mind. The first is investigating and reacting to deployments: a DevOps engineer who owns a runbook and wants an agent to look at a failed deployment and explain what went wrong, or run a quick smoke test before a release is promoted. The second is building the step into templates: a platform engineer who wants to offer a safe, pre-scoped agent step to their teams. |
thx eddy Co-authored-by: Eddy Moulton <8491021+eddymoulton@users.noreply.github.com>
|
To check before merging: Are we sufficiently recommending that the tentacle running claude is given restricted access |
| ## The audit trail | ||
|
|
||
| Every execution produces an audit trail, so you can review after the fact exactly what the agent did. | ||
|
|
||
| - **A full session transcript.** The complete verbose session is captured and stored on the Octopus Server, separately from the task log. Sensitive variable values are scrubbed before the transcript is persisted. | ||
| - **Access gated by a dedicated permission.** Reading a transcript requires the space-scoped `AiAgentTranscriptView` permission. | ||
| - **Audit events.** Recording, and any deletion, of a transcript raises an audit event tied to the space, project, environment, tenant, target, and task, so the transcript's own lifecycle is auditable. | ||
| - **Token and cost reporting.** Usage and cost are recorded per model and shown as a **Claude Usage Summary** on the task page. | ||
|
|
||
| :::figure | ||
|  | ||
| ::: |
There was a problem hiding this comment.
Assuming these logs work with existing Audit Steaming, I'd consider linking off to the docs/security/users-and-teams/auditing/audit-stream documentation with a little blurb describing how they can be exported.
Added a soft warning in the security and compliance docs: |
|
Hey @steve-fenton-octopus! This should be ready for you to review now! Thanks for fixing up the links in advance 😅 |
This PR is to add the Claude Agent Step documentation.