Getting your credentials

This authorizes the agent's Claude Code runtime against your Claude subscription. The agent will not run any task until this token is set.

1. Install the Claude Code CLI if you haven't already (installation guide).
2. Run claude setup-token in your terminal and complete the browser login.
3. Copy the token it prints — it starts with sk-ant-. Paste it into the Claude Code token field on the onboarding form.

Supply a GitHub PAT if the agent should read or write your repositories. Without it, the agent can still work on public repos and local files, but cannot push to or clone private ones.

Fine-grained token (recommended)

1. Go to GitHub → Settings → Developer settings → Fine-grained tokens.
2. Scope it to only the repositories the agent should touch.
3. Under Repository permissions, grant Contents: Read and write and Pull requests: Read and write (add Issues if the agent should manage issues).
4. Generate the token and copy it — it starts with github_pat_.

Classic token

A classic token (starts with ghp_) with the repo scope also works, but grants access to all your repositories — fine-grained is safer.

To run the agent in your Slack workspace you need a bot token (xoxb-) and an app-level token (xapp-) for Socket Mode. The onboarding form generates a ready-to-paste Slack app manifest so you don't configure scopes by hand.

The Slack app setup guide covers creating the app from the manifest, copying both tokens, and finding the Slack user IDs for your agent's allowlist.

When you submit the onboarding form, each token is written to your agent's dedicated secret in AWS Secrets Manager (encrypted with a per-tenant key) and is never written to the provision request stored in S3, never returned in an API response, and never logged. Read more in Security.