Deploy Open Harness

Name: Deploy Open Harness
Author: vercel-labs

vercel-labs/open-agents

Self-host your own Open Harness fork on Vercel with the right env vars, GitHub app hooks, and sandbox/redis settings for a verified first run.

Install

npx skills add https://github.com/vercel-labs/open-agents --skill deploy-open-harness

What is this skill?

Requires reading README.md, apps/web/.env.example, and auth/GitHub/sandbox source files before advising—code wins over s
Branches minimal deploy vs full GitHub-enabled coding-agent setup so you only collect necessary secrets
Maps Vercel OAuth, GitHub App install/callback, JWE/crypto, Redis, and sandbox config to where each credential is obtain
Explicitly avoids relying on scripts/setup.sh for current Open Harness
Ends with a short next-steps verification checklist after deploy

Adoption & trust: 24 installs on skills.sh; 5.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Kubernetesmicrosoft/azure-skills

Azure Kubernetes skill supplies fix patterns for AKS Automatic compatibility—adding resource requests, dropping capabili…204k installs·1.2k stars

Github Actions Docsxixu-me/skills

github-actions-docs is a research-oriented agent skill that stops generic CI/CD guesses when the user’s question is real…187k installs·61 stars

Deploy To Vercelvercel-labs/agent-skills

Deploy to Vercel is an agent skill from Vercel Labs that walks solo builders through shipping a project to Vercel with d…67.1k installs·27.7k stars

Vercel Cli With Tokensvercel-labs/agent-skills

Vercel CLI with Tokens is a Vercel Labs agent skill that teaches coding agents how to deploy and manage projects when in…47.2k installs·27.7k stars

Turborepovercel/turborepo

Turborepo Skill is procedural guidance for Vercel’s Turborepo build system on JavaScript and TypeScript monorepos. It ta…36k installs·30.5k stars

Docker Expertsickn33/antigravity-awesome-skills

Docker Expert is an agent skill that acts as a hands-on containerization consultant for solo and indie builders shipping…18.7k installs·40.1k stars

Journey fit

Primary fit

Ship is the primary shelf because the skill’s outcome is a production Vercel deployment and credential-complete first-run verification, not feature coding. Launch covers go-live checklist, scope choice (minimal vs full GitHub agent flow), and post-deploy next steps.

Common Questions / FAQ

Is Deploy Open Harness safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Deploy Open Harness

You are helping a user deploy their own copy of Open Harness.

Base your guidance on the current codebase, not on older Harness-era setup assumptions.

## First rule: verify current requirements from the repo

Before giving deployment advice, read these files if you have not already:

- `README.md`
- `apps/web/.env.example`
- `apps/web/lib/db/client.ts`
- `apps/web/lib/jwe/encrypt.ts`
- `apps/web/lib/crypto.ts`
- `apps/web/app/api/auth/signin/vercel/route.ts`
- `apps/web/app/api/auth/vercel/callback/route.ts`
- `apps/web/app/api/github/app/install/route.ts`
- `apps/web/app/api/github/app/callback/route.ts`
- `apps/web/lib/github/app-auth.ts`
- `apps/web/lib/redis.ts`
- `apps/web/lib/sandbox/config.ts`

If the code and the docs disagree, trust the code and say so.

Do not rely on `scripts/setup.sh`.

## Goals

Help the user:

1. Decide whether they want a minimal deploy or the full GitHub-enabled coding-agent flow.
2. Collect only the credentials actually required for that scope.
3. Understand where to obtain each credential.
4. Deploy this repo on Vercel.
5. Complete first-run verification.
6. Leave with a short next-steps checklist.

## Safety rules

- Never ask the user to paste secrets into chat.
- Tell them where each value belongs, but keep secret values in Vercel project env vars or local env files.
- Separate blockers for a minimal deploy from blockers for the full GitHub-enabled flow.
- Be explicit when something is optional.

## Scope the deployment first

Start by determining which path the user wants:

### 1) Minimal deploy
A working hosted app where the user can deploy it, sign in with Vercel, and use the product without GitHub repo access.

### 2) Full deploy
Everything in the minimal deploy, plus GitHub account linking, GitHub App installation, private repo access, pushes, and PR creation.

If the user is unsure, recommend **minimal deploy first**, then layer on GitHub.

## Credential checklist

Use this checklist when guiding the user.

### Required for the app to run

- `POSTGRES_URL`
- `JWE_SECRET`

### Required for a usable hosted deployment

- `ENCRYPTION_KEY`
- `NEXT_PUBLIC_VERCEL_APP_CLIENT_ID`
- `VERCEL_APP_CLIENT_SECRET`

### Required for GitHub-enabled repo flows

- `NEXT_PUBLIC_GITHUB_CLIENT_ID`
- `GITHUB_CLIENT_SECRET`
- `GITHUB_APP_ID`
- `GITHUB_APP_PRIVATE_KEY`
- `NEXT_PUBLIC_GITHUB_APP_SLUG`
- `GITHUB_WEBHOOK_SECRET`

### Optional

- `REDIS_URL` or `KV_URL`
- `VERCEL_PROJECT_PRODUCTION_URL`
- `NEXT_PUBLIC_VERCEL_PROJECT_PRODUCTION_URL`
- `VERCEL_SANDBOX_BASE_SNAPSHOT_ID`
- `ELEVENLABS_API_KEY`

## How to explain each credential

### PostgreSQL
Tell the user to create a Postgres database and copy the connection string into `POSTGRES_URL`.

### JWE secret
Explain that this is required for session encryption.

Recommended generation command:

```bash
openssl rand -base64 32 | tr '+/' '-_' | tr -d '=\n'
```

### Encryption key
Explain that provider tokens are encrypted at rest and the value must be a 64-character hex string.

Recommended generation command:

```bash
openssl rand -hex 32
```

### Vercel OAuth app
Tell the user to create a Vercel OAuth app and set:

- Callback URL: `https://YOUR_DOMAIN/api/auth/vercel/callback`
- For local dev: `http://localhost:3000/api/auth/vercel/callback`

Store the credentials as:

- `NEXT_PUBLIC_VERCEL_APP_CLIENT_ID`
- `VERCEL_APP_CLIENT_SECRET`

### GitHub App
Tell the user they do not need a separate GitHub OAuth app. Open Harness uses the GitHub App's user authorization flow.

Tell the user to create a GitHub App and set:

- Homepage URL: `https://YOUR_DOMAIN`
- Callback URL: `https://YOUR_DOMAIN/api/github/app/callback`
- Setup URL: `https:/

What is this skill?

Requires reading README.md, apps/web/.env.example, and auth/GitHub/sandbox source files before advising—code wins over s

Branches minimal deploy vs full GitHub-enabled coding-agent setup so you only collect necessary secrets

Maps Vercel OAuth, GitHub App install/callback, JWE/crypto, Redis, and sandbox config to where each credential is obtain

Explicitly avoids relying on scripts/setup.sh for current Open Harness

Ends with a short next-steps verification checklist after deploy

Adoption & trust: 24 installs on skills.sh; 5.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Deploy Open Harness

You are helping a user deploy their own copy of Open Harness.

Base your guidance on the current codebase, not on older Harness-era setup assumptions.

## First rule: verify current requirements from the repo

Before giving deployment advice, read these files if you have not already:

- `README.md`
- `apps/web/.env.example`
- `apps/web/lib/db/client.ts`
- `apps/web/lib/jwe/encrypt.ts`
- `apps/web/lib/crypto.ts`
- `apps/web/app/api/auth/signin/vercel/route.ts`
- `apps/web/app/api/auth/vercel/callback/route.ts`
- `apps/web/app/api/github/app/install/route.ts`
- `apps/web/app/api/github/app/callback/route.ts`
- `apps/web/lib/github/app-auth.ts`
- `apps/web/lib/redis.ts`
- `apps/web/lib/sandbox/config.ts`

If the code and the docs disagree, trust the code and say so.

Do not rely on `scripts/setup.sh`.

## Goals

Help the user:

1. Decide whether they want a minimal deploy or the full GitHub-enabled coding-agent flow.
2. Collect only the credentials actually required for that scope.
3. Understand where to obtain each credential.
4. Deploy this repo on Vercel.
5. Complete first-run verification.
6. Leave with a short next-steps checklist.

## Safety rules

- Never ask the user to paste secrets into chat.
- Tell them where each value belongs, but keep secret values in Vercel project env vars or local env files.
- Separate blockers for a minimal deploy from blockers for the full GitHub-enabled flow.
- Be explicit when something is optional.

## Scope the deployment first

Start by determining which path the user wants:

### 1) Minimal deploy
A working hosted app where the user can deploy it, sign in with Vercel, and use the product without GitHub repo access.

### 2) Full deploy
Everything in the minimal deploy, plus GitHub account linking, GitHub App installation, private repo access, pushes, and PR creation.

If the user is unsure, recommend **minimal deploy first**, then layer on GitHub.

## Credential checklist

Use this checklist when guiding the user.

### Required for the app to run

- `POSTGRES_URL`
- `JWE_SECRET`

### Required for a usable hosted deployment

- `ENCRYPTION_KEY`
- `NEXT_PUBLIC_VERCEL_APP_CLIENT_ID`
- `VERCEL_APP_CLIENT_SECRET`

### Required for GitHub-enabled repo flows

- `NEXT_PUBLIC_GITHUB_CLIENT_ID`
- `GITHUB_CLIENT_SECRET`
- `GITHUB_APP_ID`
- `GITHUB_APP_PRIVATE_KEY`
- `NEXT_PUBLIC_GITHUB_APP_SLUG`
- `GITHUB_WEBHOOK_SECRET`

### Optional

- `REDIS_URL` or `KV_URL`
- `VERCEL_PROJECT_PRODUCTION_URL`
- `NEXT_PUBLIC_VERCEL_PROJECT_PRODUCTION_URL`
- `VERCEL_SANDBOX_BASE_SNAPSHOT_ID`
- `ELEVENLABS_API_KEY`

## How to explain each credential

### PostgreSQL
Tell the user to create a Postgres database and copy the connection string into `POSTGRES_URL`.

### JWE secret
Explain that this is required for session encryption.

Recommended generation command:

```bash
openssl rand -base64 32 | tr '+/' '-_' | tr -d '=\n'
```

### Encryption key
Explain that provider tokens are encrypted at rest and the value must be a 64-character hex string.

Recommended generation command:

```bash
openssl rand -hex 32
```

### Vercel OAuth app
Tell the user to create a Vercel OAuth app and set:

- Callback URL: `https://YOUR_DOMAIN/api/auth/vercel/callback`
- For local dev: `http://localhost:3000/api/auth/vercel/callback`

Store the credentials as:

- `NEXT_PUBLIC_VERCEL_APP_CLIENT_ID`
- `VERCEL_APP_CLIENT_SECRET`

### GitHub App
Tell the user they do not need a separate GitHub OAuth app. Open Harness uses the GitHub App's user authorization flow.

Tell the user to create a GitHub App and set:

- Homepage URL: `https://YOUR_DOMAIN`
- Callback URL: `https://YOUR_DOMAIN/api/github/app/callback`
- Setup URL: `https:/

Install

What is this skill?

Recommended Skills

Journey fit

Is Deploy Open Harness safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Deploy Open Harness safe to install?

SKILL.md