Skip to content

kernel/claude-managed-agents-kernel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
examples
examples
 
 
src
src
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Claude Managed Agents + Kernel Browsers

A cookbook showing how to use Claude Managed Agents alongside Kernel browsers.

Cookbook

Each recipe in this cookbook uses

  • Claude Managed Agents: Anthropic's cloud agent harness.
  • Vaults: A feature of Claude Managed Agents that allows for securely storing secrets, with newly-added support for environment variable secrets.
  • Kernel: Crazy fast browser infra for agents.
  • Kernel CLI: the kernel CLI gives your agent a way to provision browsers and control them, e.g. via computer use.

Recipes

  • src/ux-swarm.ts contains an example of an agent that spins up a swarm of browsers in parallel all testing different parts of a website via computer use. (example output)
  • src/lead-intel.ts takes a customer lead's site and comes up with parallelizable research tasks (e.g. products, pricing plans, how they measure usage, etc.) and delegates each task to a subagent armed with a Kernel browser. (example output)

Prerequisites

How it works

There are two distinct networking planes. Do not conflate them.

(A) Environment networking — what the sandbox can reach at all

This is a firewall on the container. setup.ts sets it to limited, 443-only:

config.networking = {
  type: "limited",
  allow_package_managers: true,             // lets npm/pip install @onkernel/cli
  allow_mcp_servers: false,
  allowed_hosts: ["api.onkernel.com", "*.onkernel.com"],
}

That's all the recipe needs: it drives the browser entirely over Kernel's CLI via kernel browsers computer / kernel browsers playwright execute / kernel browsers screenshot/ etc.

(B) Credential networking — where the placeholder becomes the real secret

Set on the credential's auth block:

auth.networking = {
  type: "limited",
  allowed_hosts: ["api.onkernel.com", "*.onkernel.com"],
}

This governs substitution, not reachability. The sandbox env var KERNEL_API_KEY holds an opaque placeholder. Anthropic substitutes the real secret into an outbound request only when the placeholder appears in a request to an allowed host. The plaintext key never lands in the container, never enters the model's context, and is never logged by your code.

The list is scoped to exactly where the key is consumed — the .com Kernel control plane. Keep this list as tight as the workload allows — it is the only thing standing between a prompt-injected agent and your real key (next section).

Run it

1. Setup (durable resources)

npm install
cp .env.example .env   # then fill in ANTHROPIC_API_KEY and KERNEL_API_KEY
npm run setup

Creates the durable, reusable infrastructure and writes their ids to .kernel-agent.json:

  • a cloud environment with the (A) limited networking shown above,
  • a vault plus an environment_variable credential (secret_name: KERNEL_API_KEY) with the (B) limited credential networking shown above.

Run this once. Every recipe reuses these ids.

2. Run a recipe

Each recipe takes the target site as a required URL argument:

npm run ux-swarm -- https://example.com

or

npm run lead-intel -- https://acme.com

3. Teardown

npm run teardown

Deletes the environment, deletes the vault (which cascades to its credentials), and archives the cookbook's agents (agents have no delete — archive is the terminal state). Then removes .kernel-agent.json.

About

A cookbook of recipes pairing Claude Managed Agents with Kernel cloud browsers — parallel computer-use agent swarms, with API keys secured via Vaults.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages