Agents

Use agents:base when a sandbox should already have agent CLIs and common coding tools installed. It includes Codex CLI, Claude Code, Node.js 22, Python 3.12, git, ripgrep, jq, and build tools.

Add credentials from the dashboard Agents page. Syva stores them as project secrets and never returns the plaintext after save. API keys can be saved directly. OAuth sign-in uses the official CLIs: Codex shows the ChatGPT device-code URL and code, while Claude opens an Anthropic authorization URL and asks you to paste the returned code.

Codex API-key auth and saved ChatGPT auth are synced as /root/.codex/auth.json. Claude API-key auth is injected as ANTHROPIC_API_KEY. Claude OAuth tokens are injected as CLAUDE_CODE_OAUTH_TOKEN.

Each provider has one active auth method. Saving API-key auth replaces OAuth auth for that provider, and saving OAuth auth replaces API-key auth.

Launch a sandbox with agents:base, clone or write your workspace, then run the agent command.

codex login status
claude auth status

codex exec --json "Inspect this repository and summarize the highest-risk test failures."

claude -p "Inspect this repository and summarize the highest-risk test failures." --output-format stream-json

• Prefer scoped API keys for automation.
• Treat OAuth tokens and saved auth files like passwords.
• Agent credentials are available to commands in that project sandbox. Use a separate project for untrusted runs.
• Delete credentials from the Agents page when a project no longer needs them.
• Do not print secrets from agent prompts or shell commands.