Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

deploy-open-harness

Name: Deploy Open Harness
Author: vercel-labs

// Guides a user through collecting the credentials needed to deploy their own copy of Open Harness, deploying this repo on Vercel, and completing first-run setup. Use for requests about deploying, self-hosting, configuring credentials, or getting started with a fork of this app.

Exécuter dans Manus

$ git log --oneline --stat

stars:5 524

forks:707

updated:13 avril 2026 à 16:03

SKILL.md

readonly

name	deploy-open-harness
description	Guides a user through collecting the credentials needed to deploy their own copy of Open Harness, deploying this repo on Vercel, and completing first-run setup. Use for requests about deploying, self-hosting, configuring credentials, or getting started with a fork of this app.

You are helping a user deploy their own copy of Open Harness.

Base your guidance on the current codebase, not on older Harness-era setup assumptions.

First rule: verify current requirements from the repo

Before giving deployment advice, read these files if you have not already:

README.md
apps/web/.env.example
apps/web/lib/db/client.ts
apps/web/lib/jwe/encrypt.ts
apps/web/lib/crypto.ts
apps/web/app/api/auth/signin/vercel/route.ts
apps/web/app/api/auth/vercel/callback/route.ts
apps/web/app/api/github/app/install/route.ts
apps/web/app/api/github/app/callback/route.ts
apps/web/lib/github/app-auth.ts
apps/web/lib/redis.ts
apps/web/lib/sandbox/config.ts

If the code and the docs disagree, trust the code and say so.

Do not rely on scripts/setup.sh.

Goals

Help the user:

Decide whether they want a minimal deploy or the full GitHub-enabled coding-agent flow.
Collect only the credentials actually required for that scope.
Understand where to obtain each credential.
Deploy this repo on Vercel.
Complete first-run verification.
Leave with a short next-steps checklist.

Safety rules

Never ask the user to paste secrets into chat.
Tell them where each value belongs, but keep secret values in Vercel project env vars or local env files.
Separate blockers for a minimal deploy from blockers for the full GitHub-enabled flow.
Be explicit when something is optional.

Scope the deployment first

Start by determining which path the user wants:

1) Minimal deploy

A working hosted app where the user can deploy it, sign in with Vercel, and use the product without GitHub repo access.

2) Full deploy

Everything in the minimal deploy, plus GitHub account linking, GitHub App installation, private repo access, pushes, and PR creation.

If the user is unsure, recommend minimal deploy first, then layer on GitHub.

Credential checklist

Use this checklist when guiding the user.

Required for the app to run

POSTGRES_URL
JWE_SECRET

Required for a usable hosted deployment

ENCRYPTION_KEY
NEXT_PUBLIC_VERCEL_APP_CLIENT_ID
VERCEL_APP_CLIENT_SECRET

Required for GitHub-enabled repo flows

NEXT_PUBLIC_GITHUB_CLIENT_ID
GITHUB_CLIENT_SECRET
GITHUB_APP_ID
GITHUB_APP_PRIVATE_KEY
NEXT_PUBLIC_GITHUB_APP_SLUG
GITHUB_WEBHOOK_SECRET

Optional

REDIS_URL or KV_URL
VERCEL_PROJECT_PRODUCTION_URL
NEXT_PUBLIC_VERCEL_PROJECT_PRODUCTION_URL
VERCEL_SANDBOX_BASE_SNAPSHOT_ID
ELEVENLABS_API_KEY

How to explain each credential

PostgreSQL

Tell the user to create a Postgres database and copy the connection string into POSTGRES_URL.

JWE secret

Explain that this is required for session encryption.

Recommended generation command:

openssl rand -base64 32 | tr '+/' '-_' | tr -d '=\n'

Encryption key

Explain that provider tokens are encrypted at rest and the value must be a 64-character hex string.

Recommended generation command:

openssl rand -hex 32

Vercel OAuth app

Tell the user to create a Vercel OAuth app and set:

Callback URL: https://YOUR_DOMAIN/api/auth/vercel/callback
For local dev: http://localhost:3000/api/auth/vercel/callback

Store the credentials as:

NEXT_PUBLIC_VERCEL_APP_CLIENT_ID
VERCEL_APP_CLIENT_SECRET

GitHub App

Tell the user they do not need a separate GitHub OAuth app. Open Harness uses the GitHub App's user authorization flow.

Tell the user to create a GitHub App and set:

Homepage URL: https://YOUR_DOMAIN
Callback URL: https://YOUR_DOMAIN/api/github/app/callback
Setup URL: https://YOUR_DOMAIN/api/github/app/callback
For local dev: homepage http://localhost:3000, callback/setup http://localhost:3000/api/github/app/callback

Also tell them to:

enable "Request user authorization (OAuth) during installation"
use the GitHub App Client ID and Client Secret for NEXT_PUBLIC_GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET
make the app public if they want org installs to work cleanly
generate a webhook secret
download/generate the private key

Store the values as:

NEXT_PUBLIC_GITHUB_CLIENT_ID
GITHUB_CLIENT_SECRET
GITHUB_APP_ID
GITHUB_APP_PRIVATE_KEY
NEXT_PUBLIC_GITHUB_APP_SLUG
GITHUB_WEBHOOK_SECRET

Mention that GITHUB_APP_PRIVATE_KEY can be stored either as PEM contents with escaped newlines or as a base64-encoded PEM.

Redis / KV

Explain that Redis is optional. It improves resumable streams, stop signaling, and caching, but it is not required for the first deploy.

Deployment flow

Guide the user through this sequence:

Fork the repo.
Import it into Vercel at the repo root.
Add the baseline env vars:
- POSTGRES_URL
- JWE_SECRET
- ENCRYPTION_KEY
Deploy once to get a stable production URL.
Create the Vercel OAuth app using that production URL.
Add NEXT_PUBLIC_VERCEL_APP_CLIENT_ID and VERCEL_APP_CLIENT_SECRET.
Redeploy.
If the user wants the full GitHub flow, create the GitHub App using the production URL, add the GitHub env vars, and redeploy again.
Optionally add Redis/KV and the production URL vars.

If the user already has a custom domain ready, it is fine to use that domain from the start instead of the default vercel.app production URL.

First-run verification

For a minimal deploy, walk the user through:

Open the production site.
Sign in with Vercel.
Confirm they land in the app successfully.
Create a session and confirm the basic UI loads.

For the full deploy, also verify:

GitHub account linking works.
GitHub App installation completes.
Installations or repos appear in the UI.
A repo-backed session can start.
The sandbox starts and the agent can work in the repo.

If something fails, identify the missing credential or callback mismatch instead of giving generic advice.

Response format

When helping a user, prefer this structure:

Target scope — minimal or full.
Credential checklist — grouped into required now vs optional later.
How to get each missing credential — short, concrete instructions.
Deploy steps — only the next actions the user should take.
Verification — what to click/test after deploy.
Next upgrades — Redis, GitHub, voice, custom domain, snapshot override, only if relevant.

Be concise. Keep the user moving toward the next unblocker.

related-skills.json

même dépôt

code-review.md

from "vercel-labs/open-agents"

Reviews code changes and provides actionable feedback. Use when the user asks to review a PR, diff, commit, or code changes. Triggers on "/review", "review this PR", "review my changes", "code review".

2026-04-205.5k

remove-demo-limits.md

from "vercel-labs/open-agents"

Removes Open Harness hosted demo restrictions from a fork. Use when a maintainer wants to remove managed-template trial caps, hosted deployment gating, or "deploy your own" limits. Triggers on "remove demo limits", "remove trial limits", "remove hosted restrictions", "open this up for my fork", "remove managed template restrictions".

2026-04-135.5k

plan-mode.md

from "vercel-labs/open-agents"

Holistic, system-aware planning before implementing non-trivial tasks. Use when the task involves new features, architectural decisions, multi-file changes, unclear requirements, or multiple valid approaches. Triggers on "/plan", "plan this", "design an approach", "let's plan first".

2026-04-025.5k

agent-browser.md

from "vercel-labs/open-agents"

Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.

2026-03-275.5k

emil-design-eng.md

from "vercel-labs/open-agents"

This skill encodes Emil Kowalski's philosophy on UI polish, component design, animation decisions, and the invisible details that make software feel great.

2026-03-165.5k

package.json

"author": "vercel-labs"

"repository": "vercel-labs/open-agents"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Développeurs de logicielsProfessions informatiques et mathématiques15-1252L4

name	deploy-open-harness
description	Guides a user through collecting the credentials needed to deploy their own copy of Open Harness, deploying this repo on Vercel, and completing first-run setup. Use for requests about deploying, self-hosting, configuring credentials, or getting started with a fork of this app.

You are helping a user deploy their own copy of Open Harness.

Base your guidance on the current codebase, not on older Harness-era setup assumptions.

First rule: verify current requirements from the repo

Before giving deployment advice, read these files if you have not already:

README.md
apps/web/.env.example
apps/web/lib/db/client.ts
apps/web/lib/jwe/encrypt.ts
apps/web/lib/crypto.ts
apps/web/app/api/auth/signin/vercel/route.ts
apps/web/app/api/auth/vercel/callback/route.ts
apps/web/app/api/github/app/install/route.ts
apps/web/app/api/github/app/callback/route.ts
apps/web/lib/github/app-auth.ts
apps/web/lib/redis.ts
apps/web/lib/sandbox/config.ts

If the code and the docs disagree, trust the code and say so.

Do not rely on scripts/setup.sh.

Goals

Help the user:

Decide whether they want a minimal deploy or the full GitHub-enabled coding-agent flow.
Collect only the credentials actually required for that scope.
Understand where to obtain each credential.
Deploy this repo on Vercel.
Complete first-run verification.
Leave with a short next-steps checklist.

Safety rules

Never ask the user to paste secrets into chat.
Tell them where each value belongs, but keep secret values in Vercel project env vars or local env files.
Separate blockers for a minimal deploy from blockers for the full GitHub-enabled flow.
Be explicit when something is optional.

Scope the deployment first

Start by determining which path the user wants:

1) Minimal deploy

A working hosted app where the user can deploy it, sign in with Vercel, and use the product without GitHub repo access.

2) Full deploy

Everything in the minimal deploy, plus GitHub account linking, GitHub App installation, private repo access, pushes, and PR creation.

If the user is unsure, recommend minimal deploy first, then layer on GitHub.

Credential checklist

Use this checklist when guiding the user.

Required for the app to run

POSTGRES_URL
JWE_SECRET

Required for a usable hosted deployment

ENCRYPTION_KEY
NEXT_PUBLIC_VERCEL_APP_CLIENT_ID
VERCEL_APP_CLIENT_SECRET

Required for GitHub-enabled repo flows

NEXT_PUBLIC_GITHUB_CLIENT_ID
GITHUB_CLIENT_SECRET
GITHUB_APP_ID
GITHUB_APP_PRIVATE_KEY
NEXT_PUBLIC_GITHUB_APP_SLUG
GITHUB_WEBHOOK_SECRET

Optional

REDIS_URL or KV_URL
VERCEL_PROJECT_PRODUCTION_URL
NEXT_PUBLIC_VERCEL_PROJECT_PRODUCTION_URL
VERCEL_SANDBOX_BASE_SNAPSHOT_ID
ELEVENLABS_API_KEY

How to explain each credential

PostgreSQL

Tell the user to create a Postgres database and copy the connection string into POSTGRES_URL.

JWE secret

Explain that this is required for session encryption.

Recommended generation command:

openssl rand -base64 32 | tr '+/' '-_' | tr -d '=\n'

Encryption key

Explain that provider tokens are encrypted at rest and the value must be a 64-character hex string.

Recommended generation command:

openssl rand -hex 32

Vercel OAuth app

Tell the user to create a Vercel OAuth app and set:

Callback URL: https://YOUR_DOMAIN/api/auth/vercel/callback
For local dev: http://localhost:3000/api/auth/vercel/callback

Store the credentials as:

NEXT_PUBLIC_VERCEL_APP_CLIENT_ID
VERCEL_APP_CLIENT_SECRET

GitHub App

Tell the user they do not need a separate GitHub OAuth app. Open Harness uses the GitHub App's user authorization flow.

Tell the user to create a GitHub App and set:

Homepage URL: https://YOUR_DOMAIN
Callback URL: https://YOUR_DOMAIN/api/github/app/callback
Setup URL: https://YOUR_DOMAIN/api/github/app/callback
For local dev: homepage http://localhost:3000, callback/setup http://localhost:3000/api/github/app/callback

Also tell them to:

enable "Request user authorization (OAuth) during installation"
use the GitHub App Client ID and Client Secret for NEXT_PUBLIC_GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET
make the app public if they want org installs to work cleanly
generate a webhook secret
download/generate the private key

Store the values as:

NEXT_PUBLIC_GITHUB_CLIENT_ID
GITHUB_CLIENT_SECRET
GITHUB_APP_ID
GITHUB_APP_PRIVATE_KEY
NEXT_PUBLIC_GITHUB_APP_SLUG
GITHUB_WEBHOOK_SECRET

Mention that GITHUB_APP_PRIVATE_KEY can be stored either as PEM contents with escaped newlines or as a base64-encoded PEM.

Redis / KV

Explain that Redis is optional. It improves resumable streams, stop signaling, and caching, but it is not required for the first deploy.

Deployment flow

Guide the user through this sequence:

Fork the repo.
Import it into Vercel at the repo root.
Add the baseline env vars:
- POSTGRES_URL
- JWE_SECRET
- ENCRYPTION_KEY
Deploy once to get a stable production URL.
Create the Vercel OAuth app using that production URL.
Add NEXT_PUBLIC_VERCEL_APP_CLIENT_ID and VERCEL_APP_CLIENT_SECRET.
Redeploy.
If the user wants the full GitHub flow, create the GitHub App using the production URL, add the GitHub env vars, and redeploy again.
Optionally add Redis/KV and the production URL vars.

If the user already has a custom domain ready, it is fine to use that domain from the start instead of the default vercel.app production URL.

First-run verification

For a minimal deploy, walk the user through:

Open the production site.
Sign in with Vercel.
Confirm they land in the app successfully.
Create a session and confirm the basic UI loads.

For the full deploy, also verify:

GitHub account linking works.
GitHub App installation completes.
Installations or repos appear in the UI.
A repo-backed session can start.
The sandbox starts and the agent can work in the repo.

If something fails, identify the missing credential or callback mismatch instead of giving generic advice.

Response format

When helping a user, prefer this structure:

Target scope — minimal or full.
Credential checklist — grouped into required now vs optional later.
How to get each missing credential — short, concrete instructions.
Deploy steps — only the next actions the user should take.
Verification — what to click/test after deploy.
Next upgrades — Redis, GitHub, voice, custom domain, snapshot override, only if relevant.

Be concise. Keep the user moving toward the next unblocker.

deploy-open-harness

First rule: verify current requirements from the repo

Goals

Safety rules

Scope the deployment first

1) Minimal deploy

2) Full deploy

Credential checklist

Required for the app to run

Required for a usable hosted deployment

Required for GitHub-enabled repo flows

Optional

How to explain each credential

PostgreSQL

JWE secret

Encryption key

Vercel OAuth app

GitHub App

Redis / KV

Deployment flow

First-run verification

Response format

Plus depuis ce dépôt

Plus depuis ce dépôt

First rule: verify current requirements from the repo

Goals

Safety rules

Scope the deployment first

1) Minimal deploy

2) Full deploy

Credential checklist

Required for the app to run

Required for a usable hosted deployment

Required for GitHub-enabled repo flows

Optional

How to explain each credential

PostgreSQL

JWE secret

Encryption key

Vercel OAuth app

GitHub App

Redis / KV

Deployment flow

First-run verification

Response format