Your First Claude Agent in Production

Chapter 1: Pick the Right First Use Case

Not every task suits a first agent deployment. Choose something that is bounded (clear, limited access), measurable (you know when it worked), non-critical (failure doesn’t break production), and repetitive (happens often enough to justify setup).

Good first choices: code review on one repo, daily ticket summary, documentation generation. Avoid: production deployments, customer-facing interactions, multi-system orchestration.

Chapter 2: Set Up Sentrely

Log in to the Sentrely dashboard and create a project. Note your GATEWAY_URL — every agent request routes through it.

export GATEWAY_URL=https://gw.yologateway.io/projects/my-webapp

Chapter 3: Write Your First Policy

For a code review agent:

project: my-webapp
agent: code-reviewer

policies:
  - git:read on repos/my-webapp
  - git:comment on repos/my-webapp/pull-requests/*
  # Nothing else. No push, merge, deploy, or other repos.

budget:
  max_tokens_per_session: 100000
  max_sessions_per_day: 50

Apply via the dashboard. The policy is active immediately — any request outside these permissions is denied and logged.

Chapter 4: Run Your First Session

Prepare a session token:

curl -X POST $GATEWAY_URL/sessions/prepare \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -d '{"project": "my-webapp", "agent": "code-reviewer"}'

Launch Claude with the session token:

docker run --rm \
  -e GATEWAY_URL=$GATEWAY_URL \
  -e SESSION_TOKEN=$SESSION_TOKEN \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  your-agent-image:latest

Chapter 5: Review the Audit Trail

In the Gateway dashboard → Audit Log, filter by project and agent. You’ll see every request:

• git:read on repos/my-webapp/src/main.ts — Allowed ✓
• git:comment on pull-requests/42 — Allowed ✓
• git:push on branches/main — Denied ✗ (policy violation)

That denied push means the Gateway worked. The agent tried to exceed its bounds and was stopped.

Chapter 6: Add a Slack Approval Gate

Update your policy to gate security findings:

policies:
  - git:read on repos/my-webapp
  - git:comment on repos/my-webapp/pull-requests/*
    condition:
      comment_tag: security
    requires_approval: true
    approval_channel: slack:#security-reviews

Security-tagged comments now pause and route to Slack. A team member approves or denies with one click. The decision is logged.

Chapter 7: What’s Next

You have a governed Claude agent. From here:

1. Expand policies — add repos, new capabilities
2. Add more agents — each with its own identity and policy
3. Set up cost alerts — catch unexpected token usage
4. Browse templates — pre-built configs for common use cases
5. Read the security playbook — advanced RBAC and compliance

Governance doesn’t slow you down. It lets you run more agents with more confidence.