CLRK guides
Task-focused walkthroughs for CLRK workflows.
The guides cover the patterns most teams hit operating CLRK: running and packaging agents, keeping credentials and budgets out of the agent process, locking down what an agent can reach, wiring up telemetry, and the recurring design patterns that show up around auth and state. Pick the one you need; each guide stands alone.
Getting started
A · QUICKSTARTRun your first agentApply a minimal example under `clrk dev`, watch a sandbox spawn, and confirm the API key never reaches the agent.→B · HTTPClaude Code over HTTPStand up Claude Code as an internal HTTP service so callers can prompt it without holding the Anthropic API key.→C · PACKAGEPackage a custom agentTurn a Python, Node, or shell script into a CLRK agent: pick the kind, honor the I/O contract, ship an image.→D · CRONSchedule recurring agentsRun a TaskAgent on a cron schedule with a fixed payload - same agent, same image, different trigger.→
Security and isolation
E · CREDSHide credentials from agentsKeep API keys out of the agent process entirely. The proxy injects them after the request leaves the sandbox.→F · BUDGETCap LLM spend per agentSet token budgets that the egress proxy enforces. The agent sees a 429 when over budget; denials land in OTLP.→G · EGRESSLock down agent egressDefault-deny outbound traffic. Allowlist the upstreams agents actually need by hostname, CIDR, and port.→
Observability
H · OTLPSend telemetry to OTLP endpointsWire CLRK's request logs and traces to your observability backend - per-EgressGateway, OTLP/HTTP, no extra collector.→I · TRACINGTrace requests through agentsFollow a single inbound request from ingress through the sandbox through every LLM call it produced.→J · METRICSQuery fleet metricsRead fleet stats and chart data - a typed catalog plus a time-series query over the spans and logs your agents already emit.→