Deploy
scripts/setup-cf.sh is an interactive wizard that provisions every Cloudflare resource, patches the wrangler files, sets secrets, applies migrations, and deploys the three workers. Plan on ~5 minutes hands-on, plus a few minutes of network-bound waits.
Prerequisites
Section titled “Prerequisites”- Node 22+,
pnpm10+ - A Cloudflare account on the Workers Paid plan ($5/mo — required for Durable Objects + R2)
wranglerlogged in (npx wrangler login)- An Anthropic API key (or OpenAI / compatible provider via a model card later)
You do not need a custom domain to start — workers default to *.workers.dev URLs.
Three commands
Section titled “Three commands”-
Clone, install, login.
Terminal window git clone https://github.com/open-ma/open-managed-agents.gitcd open-managed-agentspnpm installnpx wrangler login -
Run the setup wizard.
Terminal window ./scripts/setup-cf.shThe wizard:
- Creates 2 D1 databases (
openma-auth,openma-integrations) - Creates 1 KV namespace (
CONFIG_KV) - Creates 4 R2 buckets (
managed-agents-files,-workspace,-memory,-backups) - Splices the captured IDs into
apps/{main,agent,integrations}/wrangler.jsonc(preserving comments) - Sets secrets — auto-generates
BETTER_AUTH_SECRET,API_KEY,INTEGRATIONS_INTERNAL_SECRET,PLATFORM_ROOT_SECRET; prompts forANTHROPIC_API_KEY - Applies migrations (one consolidated file per D1)
- Deploys main + agent + integrations
- Wires the R2 → memory-events queue notification
It’s idempotent: rerunning detects existing resources via
wrangler d1/kv listand reuses their IDs. Secrets are skipped if already set unless you pass--reset-secrets. - Creates 2 D1 databases (
-
Open the Console.
The main worker prints its
*.workers.devURL on deploy. Sign up — your first user becomes the owner of a fresh tenant. Everything works against the *.workers.dev URLs out of the box.
Optional follow-ups
Section titled “Optional follow-ups”Custom domain
Section titled “Custom domain”If you have a domain on this Cloudflare account, set up routes in each apps/*/wrangler.jsonc:
"routes": [ { "pattern": "app.yourdomain.com", "custom_domain": true }]Then redeploy:
npx wrangler deploy --config apps/main/wrangler.jsoncnpx wrangler deploy --config apps/agent/wrangler.jsoncnpx wrangler deploy --config apps/integrations/wrangler.jsoncDNS records auto-create on first deploy with a custom domain (cert provisioning ~1 min).
Slack / GitHub / Linear OAuth
Section titled “Slack / GitHub / Linear OAuth”Skip if you only want bare agent functionality. To enable them:
# Per provider — see the dashboard maze in oauth-apps.mdxnpx wrangler secret put LINEAR_CLIENT_ID --config apps/integrations/wrangler.jsoncnpx wrangler secret put LINEAR_CLIENT_SECRET --config apps/integrations/wrangler.jsonc# ... and so on for GITHUB_*, SLACK_*Then redeploy apps/integrations/.
See OAuth Apps for the per-provider walkthrough.
Staging environment
Section titled “Staging environment”The wrangler files include env.staging overlays preconfigured against openma.dev’s staging DB IDs. To use these for your staging deployment, you’d need to create a parallel set of staging DBs and patch those IDs in. Most self-hosters don’t need this — --env staging is primarily for openma.dev itself.
npx wrangler deploy --config apps/main/wrangler.jsonc --env stagingMulti-shard scaling
Section titled “Multi-shard scaling”The default deployment is single-D1: every tenant lives in one openma-auth D1. Code auto-detects this via the absence of AUTH_DB_01 binding and skips the shard router entirely. If you need horizontal scaling later (10K+ tenants), the multi-shard mode lives in env.production overlay — see Operations → Multi-shard.
Redeploy after code changes
Section titled “Redeploy after code changes”npx wrangler deploy --config apps/main/wrangler.jsoncnpx wrangler deploy --config apps/agent/wrangler.jsoncnpx wrangler deploy --config apps/integrations/wrangler.jsoncYou can run any subset — e.g. iterate on agent code with just apps/agent redeploys.