Adding a new agent
Provision a new AI agent in the Aucert workforce through the Astra console.
Prerequisites
- Access to Astra console with
adminoroperatorrole - Agent's purpose, role, and model decided — see Model routing and operator labels for the available models (
opus,sonnet,opus-direct,sonnet-direct,kimi) and the[tag]-based override mechanism - Platform accounts prepared (GitHub, Plane, Slack as needed)
Steps
1
Create agent in Astra
Open astra.aucert.dev → Agents → Create new agent
Fill in: Fun name (celestial-themed), Role, Trait, Model
Set max_concurrent_tasks to 1 (increase after validation)
☐
Verify
Agent appears in the workforce overview with 'inactive' status
2
Configure platform accounts
GitHub: Create a bot account, add to aucert-admin org
Plane: Create user account in plane.aucert.dev
Record both account IDs in the Astra agent detail page
☐
Verify
Platform accounts tab shows GitHub and Plane accounts linked
3
Store credentials in Token Vault
In agent detail → Token Vault tab
Add GitHub PAT (scopes: repo, workflow)
Add Plane API token
☐
Verify
Token Vault shows 2 tokens stored (encrypted, values hidden)
4
Set system prompt
In agent detail → Configuration tab
Set system prompt prefix (personality, constraints, context loading rules)
Set default runtime config (temperature, max tokens)
☐
Verify
Preview the system prompt — should include CLAUDE.md rules and agent-specific guardrails
5
Activate the agent
Set agent status to 'active' in Astra
The dispatcher can now assign tasks to this agent
☐
Verify
Agent card shows green 'Active' status badge in workforce overview
Naming conventions
| Convention | Rule | Examples |
|---|---|---|
| Fun name | Celestial bodies (stars, constellations) | Vega, Rigel, Lyra, Altair, Sirius |
| No duplicates | Check existing agents before choosing | astra.aucert.dev/agents |
| Role names | Lowercase, descriptive | coder, ops, docs, reviewer |
| Traits | Lowercase adjective | thorough, fast, creative |
Security considerations
- Token rotation: Rotate platform tokens every 90 days via the Token Vault
- Least privilege: GitHub PATs should have minimal required scopes
- Audit trail: Every token access is logged in Astra's audit log
- Encryption: All tokens encrypted with AES-256-GCM, master key from K8s secret
What's next
- Workforce overview — See all active agents
- Dispatch architecture — How tasks reach agents
- How to create an agent task — Dispatch work to agents