Skip to content

add claude agent step docs#3233

Merged
liam-mackie merged 26 commits into
mainfrom
claude-agent-step-docs
Jul 13, 2026
Merged

add claude agent step docs#3233
liam-mackie merged 26 commits into
mainfrom
claude-agent-step-docs

Conversation

@liam-mackie

@liam-mackie liam-mackie commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR is to add the Claude Agent Step documentation.

@steve-fenton-octopus

Copy link
Copy Markdown
Contributor

Hey @liam-mackie are there some images that go with this change?

@liam-mackie

Copy link
Copy Markdown
Contributor Author

Hey @liam-mackie are there some images that go with this change?

Yes, there are! Sorry, I meant to set this as a draft PR so I could get some docs partially ready for a bug bash on Monday 😅

I'll be adding screenshots to the docs and refining them next week - I'll ping you once we need a review 🙇

The three Claude Agent Step pages referenced 10 screenshot PNGs that were
never captured, so the linkinator crawl in the PR build failed with 404s.
Fold each pending image tag into its <!-- SCREENSHOT --> block so the build
passes; uncomment them once the screenshots are captured.
@team-marketing-branch-protections

Copy link
Copy Markdown

Pull request environment is available at https://stoctodocspr3233.z22.web.core.windows.net.

You can view the ephemeral environment status in Octopus Deploy.

This environment will be automatically deprovisioned when the pull request is closed, or after 7 days of inactivity.

1. Open your deployment process or runbook and select **Add step**.
2. Search for `claude` and choose **Run Claude Agent** from the step library.

<!-- SCREENSHOT: step-library-run-claude.png

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any content included in a list has to be indented... but you can also switch out of a list and use headings instead if there's lots of content within the list.

i.e.,

## 1. Add step

Open your deployment process or runbook and select **Add step**

(screenshot)

## 2. Add the Run Claude Agent step

Search for...

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated?

Comment thread src/pages/docs/octopus-ai/claude-agent-step/getting-started.md Outdated
Comment thread src/pages/docs/octopus-ai/claude-agent-step/getting-started.md Outdated

The Claude Agent Step gives you a place to run an agent *inside* the deployment. You choose how much the agent can do, from a read-only investigation to running commands on the target, and you can sandbox the process so a mistake stays contained. Octopus hands the agent the deployment's context, so it knows which project, environment, and release it's working on. Every invocation of Claude streams to the task log, records its token usage and cost, and stores a full transcript you can review later.

We built it with two kinds of work in mind. The first is investigating and reacting to deployments: a DevOps engineer who owns a runbook and wants an agent to look at a failed deployment and explain what went wrong, or run a quick smoke test before a release is promoted. The second is building the step into templates: a platform engineer who wants to offer a safe, pre-scoped agent step to their teams. If pre-scoping agents sounds useful to you, read [Security & Compliance](/docs/octopus-ai/claude-agent-step/security-and-compliance) for more information.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think there is a section in sec and compliance for this

Suggested change
We built it with two kinds of work in mind. The first is investigating and reacting to deployments: a DevOps engineer who owns a runbook and wants an agent to look at a failed deployment and explain what went wrong, or run a quick smoke test before a release is promoted. The second is building the step into templates: a platform engineer who wants to offer a safe, pre-scoped agent step to their teams. If pre-scoping agents sounds useful to you, read [Security & Compliance](/docs/octopus-ai/claude-agent-step/security-and-compliance) for more information.
We built it with two kinds of work in mind. The first is investigating and reacting to deployments: a DevOps engineer who owns a runbook and wants an agent to look at a failed deployment and explain what went wrong, or run a quick smoke test before a release is promoted. The second is building the step into templates: a platform engineer who wants to offer a safe, pre-scoped agent step to their teams.

Comment thread src/pages/docs/octopus-ai/claude-agent-step/index.md Outdated
Comment thread src/pages/docs/octopus-ai/claude-agent-step/tools.md Outdated
Comment thread src/pages/docs/octopus-ai/claude-agent-step/tools.md Outdated
Comment thread src/pages/docs/octopus-ai/claude-agent-step/tools.md Outdated
@eddymoulton

Copy link
Copy Markdown
Contributor

To check before merging: Are we sufficiently recommending that the tentacle running claude is given restricted access

Comment on lines +153 to +164
## The audit trail

Every execution produces an audit trail, so you can review after the fact exactly what the agent did.

- **A full session transcript.** The complete verbose session is captured and stored on the Octopus Server, separately from the task log. Sensitive variable values are scrubbed before the transcript is persisted.
- **Access gated by a dedicated permission.** Reading a transcript requires the space-scoped `AiAgentTranscriptView` permission.
- **Audit events.** Recording, and any deletion, of a transcript raises an audit event tied to the space, project, environment, tenant, target, and task, so the transcript's own lifecycle is auditable.
- **Token and cost reporting.** Usage and cost are recorded per model and shown as a **Claude Usage Summary** on the task page.

:::figure
![The AiAgentTranscriptView permission in the Octopus role editor](/docs/img/octopus-ai/claude-agent-step/transcript-permission.png)
:::

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming these logs work with existing Audit Steaming, I'd consider linking off to the docs/security/users-and-teams/auditing/audit-stream documentation with a little blurb describing how they can be exported.

@liam-mackie

Copy link
Copy Markdown
Contributor Author

To check before merging: Are we sufficiently recommending that the tentacle running claude is given restricted access

Added a soft warning in the security and compliance docs:

- **Tentacle user account.** The agent is launched under the user account Tentacle is configured to run as. You should adjust the configuration on your deployment target or worker to ensure the Tentacle account running the agent has limited access to files it doesn't require.

@liam-mackie

Copy link
Copy Markdown
Contributor Author

Hey @steve-fenton-octopus! This should be ready for you to review now! Thanks for fixing up the links in advance 😅

@steve-fenton-octopus steve-fenton-octopus left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@liam-mackie liam-mackie merged commit 937b315 into main Jul 13, 2026
7 checks passed
@liam-mackie liam-mackie deleted the claude-agent-step-docs branch July 13, 2026 11:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants