Developer Portal
Your control plane for apps, agents, keys, OAuth, webhooks, workflows, and runtime inspection.
Overview
The developer portal at developers.archastro.ai is the web-based control plane for your ArchAstro apps. Every resource your agents need — API keys, OAuth providers, webhooks, workflows, configs — is managed here.
Portal changes are app-scoped and auditable. Use the portal for configuration and inspection, then automate with the API or CLI for CI/CD workflows.
For the Agent Network web interface (agent management, networks, cross-org connections), see Agent Network App.
App management
When you sign in, you'll see a list of your apps. Each app is an isolated container that scopes all resources: agents, keys, users, threads, configs, and more.
API keys
The portal generates two types of keys:
- Publishable keys (
pk_live_) — safe to include in client-side code. Used for SDK initialization and non-sensitive operations. - Secret keys (
sk_live_) — server-only. Used for agent creation, routine management, and all control-plane operations. Shown once at creation — copy immediately.
You can revoke any key instantly from the portal. Revoked keys stop working immediately.
Sandboxes
Sandboxes are isolated environments within an app. Each sandbox gets its own set of API keys and its own data partition. Use sandboxes for:
- Testing new routines before production deployment
- Staging environments for CI/CD
- Isolated development environments per team member
Create a sandbox from the portal, and it generates a publishable key automatically. All API calls scoped to a sandbox only see sandbox data.
Domains
Configure allowed domains for client-side SDK usage and email sending. Add your production domain and any staging domains that need API access.
Environment variables
Store encrypted configuration values (API keys for external services, webhook secrets, feature flags) that your workflows and scripts can reference. Values are never displayed in the portal after creation — you can only update or delete them.
Members
Invite teammates to your app with role-based access:
- Admin — full access, can manage members and keys
- Developer — read/write access to all resources
Pending invitations are visible in the Members section until accepted.
Agents
The Agents section is where you create and manage agent identities. Each agent is a resource with:
- Name and lookup key — display name and optional unique identifier for programmatic access
- Identity — a description or system prompt that defines the agent's behavior
- Contact info — optional email and phone for agent-facing scenarios
- Profile picture — upload an avatar for the agent
- Ownership — agents can be owned by a team, user, or the system
Routines
Routines are event-driven behaviors attached to agents. From the portal you can:
- Create routines — define the event type (
thread.message_added,schedule.cron, etc.), handler type (workflow, script, or preset), and configuration - Activate and pause — toggle routine execution without deleting
- Filter by agent — view routines for a specific agent
- View run history — inspect past executions with status, duration, input payload, and output
Routine handler types:
| Handler | How it works |
|---|---|
| Workflow | Executes a WorkflowGraph config. Requires a config_id. |
| Script | Runs inline script code or references a Script config. |
| Preset | Delegates to a built-in handler (participate, send_message, do_task). |
Extensions (tools and skills)
Tools are capabilities you attach to agents. The portal supports:
- Built-in tools — platform-provided capabilities like email access, calendar operations, task creation
- Custom tools — define your own tools with a name, description, JSON Schema parameters, and a handler (script or workflow)
Tools start in draft status and must be activated before agents can use them.
Context
Context controls what data an agent can access. The portal manages five resource types:
Installations — connections between agents and data sources.
| Category | Examples | Requires OAuth |
|---|---|---|
| Integration | Gmail, Outlook, GitHub, Slack, X | Usually yes |
| Web content | Sites and curated link collections | No |
| Platform content | Threads, uploaded files, and other app data | No |
When you create an integration installation, the portal prompts the user to complete an OAuth flow. Once authorized, the platform automatically creates sources to ingest data.
Sources — individual data retrieval tasks within an installation (e.g., "Gmail inbox emails", "GitHub activity feed"). Sources track sync state: initializing, syncing, synced, error, paused.
Integrations — OAuth credential records for connected services. Shows provider, workspace, auth type, and connection date.
Credentials — stored API keys and tokens scoped to specific domains, used for external service access.
Items — browsable index of ingested context items (documents, messages, code) with content type and source traceability.
Orchestration
Configs
Configs are versioned artifacts that store workflows, scripts, templates, and other structured content. The portal provides a full-screen editor with:
- Language-aware editing — syntax highlighting for YAML, JSON, and Liquid templates
- Validation — check syntax and schema before saving
- Version history — every save creates a new version; you can view past versions
- References — insert references to other configs (cross-linking)
- Archive/unarchive — soft-delete without permanent removal
- Kind filtering — filter by config type and path prefix
Config kinds include WorkflowGraph, Script, AIWorker, and custom types you define.
Workflows
The workflow editor is a full-screen visual builder for composing multi-step execution flows. From the portal you can:
- Build workflow graphs — add nodes (data, script, template), connect them, and configure each step
- Run workflows — execute directly from the editor with a "Run as User" selector to choose execution context
- Debug — inspect workflow inputs, outputs, and execution state
- Version — every save increments the version number automatically
Workflows are stored as configs with kind WorkflowGraph and are referenced by routines and automations via config_id.
Scripts
The script editor provides a full-screen code environment for writing automation logic. Scripts can:
- Run standalone via the "Run" button (with user context selection)
- Be referenced by routines as handlers
- Be embedded in workflow nodes
Scripts are stored as configs with kind Script.
Automations
Automations are app-scoped event handlers (vs. routines which are agent-scoped). The portal shows:
- Stats dashboard — scheduled count, event trigger count, running count
- Type filter — view scheduled automations, event triggers, or all
- Activation controls — activate, pause, view runs
- Run history — inspect execution records with status and output
Automation types:
| Type | Trigger | Example |
|---|---|---|
| Scheduled | Cron expression | Daily digest at 8am |
| Event trigger | Domain event | Send welcome email on user.created |
Users, teams, and organizations
Users
View and manage all users in your app. The portal supports:
- Creating users — with email, name, phone, and confirmation status
- System users — bot accounts that don't need login credentials (auto-generated email)
- Filtering — search by name/email, filter by confirmation status
- Token management — view and revoke user tokens
Teams
Teams are workspace containers for threads, tasks, and shared resources. Create teams with a name and description, view members, and manage team threads.
Organizations
Organizations provide B2B multi-tenancy. Each org has:
- Name, slug (unique identifier), and domain
- Member management
- Hierarchical grouping for apps
Integrations setup
OAuth providers
Configure sign-in providers (Google, GitHub) with your OAuth client credentials. Each provider needs:
- Client ID and Client Secret from the provider's developer console
- Callback URLs for your application
- Scopes are auto-configured per provider
OAuth clients
Register third-party applications that can authenticate against your app using OAuth. When enabled, you can:
- Register clients with name, scopes, and redirect URIs
- View client credentials (shown once at creation)
- Enable/disable individual clients
Webhooks
Set up inbound webhooks for GitHub and Slack with provider-specific signature validation. Each webhook gets an auto-generated delivery URL. Configure which events to receive and set authorization tokens.
Storage
Files
Browse and manage uploaded files with metadata (filename, content type, size, uploader). Files can be owned by teams or users and are accessible via signed download URLs.
Objects
View metadata objects stored in the platform. Objects are team-scoped structured data containers.
Threads
Browse conversation threads across your app. The portal provides:
- Thread list with pagination
- Thread detail view with full message history
- Thread metadata (title, slug, channel status, owner)
Portal vs API vs CLI
| Task | Portal | API | CLI |
|---|---|---|---|
| Initial app setup | Best | OK | OK |
| Key management | Good | Good | Good |
| Agent + routine creation | Good | Best | Good |
| Viewing run history | Best | OK | — |
| Workflow editing | Best | — | — |
| Script editing | Best | — | — |
| Config management | Good | Good | Best (local sync) |
| CI/CD automation | — | Best | Good |
| Bulk operations | — | Best | Good |
Use the portal for visual management, workflow building, and inspection. Use the API for programmatic operations. Use the CLI for local development, config sync, and scripting.