Deploy
End-to-end deploy of openma to your own Cloudflare account. Plan on 30–60 minutes the first time, mostly waiting for OAuth app approvals.
Prerequisites
Section titled “Prerequisites”- Node 22+,
pnpm10+ - A Cloudflare account on the Workers Paid plan
wranglerlogged in (npx wrangler login)- A domain on your Cloudflare account
- API keys for at least one LLM provider (Anthropic, OpenAI, or MiniMax)
-
Clone and install.
Terminal window git clone https://github.com/open-ma/open-managed-agents.gitcd open-managed-agentspnpm install -
Create the Cloudflare resources.
Run these once, save the IDs they print, you’ll paste them into wrangler files.
Terminal window # D1 database (shared by main + integrations)npx wrangler d1 create openma-auth# KV namespacenpx wrangler kv namespace create CONFIG_KV# R2 bucketsnpx wrangler r2 bucket create managed-agents-filesnpx wrangler r2 bucket create managed-agents-workspace# Vectorize index for semantic memorynpx wrangler vectorize create openma-memory \--dimensions=1024 --metric=cosine -
Edit the wrangler files.
Open
apps/main/wrangler.jsoncand replace the placeholder IDs:{"d1_databases": [{ "binding": "AUTH_DB", "database_name": "openma-auth", "database_id": "<paste yours>" }],"kv_namespaces": [{ "binding": "CONFIG_KV", "id": "<paste yours>" }],"vectorize": [{ "binding": "VECTORIZE", "index_name": "openma-memory" }],"routes": [{ "pattern": "app.yourdomain.com", "custom_domain": true }]}Repeat for
apps/agent/wrangler.jsonc(same D1, KV, R2 ids; agent-specific DOs are auto-created on first deploy) andapps/integrations/wrangler.jsonc(same D1). -
Set secrets.
Terminal window # Requirednpx wrangler secret put ANTHROPIC_API_KEY # or OPENAI/MINIMAXnpx wrangler secret put BETTER_AUTH_SECRET # any random 32+ char stringnpx wrangler secret put API_KEY # initial dev API keynpx wrangler secret put INTEGRATIONS_INTERNAL_SECRET # shared between main + integrationsnpx wrangler secret put MCP_SIGNING_KEY # for outbound MCP token signing# Per worker — repeat for apps/main, apps/agent, apps/integrations as needednpx wrangler secret put ANTHROPIC_API_KEY -c apps/agent/wrangler.jsoncGenerate random secrets with:
Terminal window openssl rand -hex 32See the full env table in Reference → Configuration.
-
Register OAuth apps (only the integrations you want).
See OAuth Apps — separate page because each provider’s dashboard is a maze of its own.
For each, capture the client_id / client_secret / signing_secret and store them as secrets:
Terminal window npx wrangler secret put LINEAR_CLIENT_IDnpx wrangler secret put LINEAR_CLIENT_SECRET# ... and so on for GITHUB_*, SLACK_* -
Apply database migrations.
Terminal window npx wrangler d1 migrations apply openma-auth --remoteThe canonical schema lives at
apps/main/migrations/0001_schema.sql. -
Deploy.
Terminal window pnpm deployThis runs
scripts/deploy.sh, which:- Reads service bindings from KV.
- Generates
wrangler.deploy.jsoncwith the rightservicesarray. - Uploads the main worker version.
- Uploads sandbox worker versions in parallel.
- Runs a smoke test placeholder.
- Activates sandbox versions.
- Activates the main worker version.
Custom domains auto-create DNS records on first deploy (cert provisioning takes ~1 min).
-
Smoke test.
Terminal window curl https://app.yourdomain.com/healthz# → {"ok": true}# Sign in via the Consoleopen https://app.yourdomain.comOn first sign-up your tenant is auto-created.
Optional: deploy the docs site
Section titled “Optional: deploy the docs site”pnpm deploy:docsBuild is ~5 sec, upload is ~10 sec. Routes to docs.yourdomain.com (or whatever you set in apps/docs/wrangler.jsonc).
Optional: staging environment
Section titled “Optional: staging environment”Every wrangler file has a [env.staging] block. Deploy to staging with:
pnpm deploy --env staging # main + agent + integrationspnpm --filter open-managed-agents-docs deploy:staging # docsStaging uses separate D1 / R2 / DO ids and routes to *.staging.yourdomain.com.