Skip to content

Commit 76489a4

Browse files
tmilewskimanovotnyclaude
authored
feat: Agent Tasks (#3176)
Co-authored-by: Michael Novotny <manovotny@gmail.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 8d8c40e commit 76489a4

8 files changed

Lines changed: 242 additions & 0 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ yarn.lock
4242

4343
.idea/
4444
.context/
45+
.claude/settings.local.json
4546

4647
/docs/docs
4748
/docs/docs/

docs/guides/ai/overview.mdx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@ To learn how to implement both sides of the flow using Clerk, refer to the follo
3333
- [Build an MCP server](/docs/guides/ai/mcp/build-mcp-server)
3434
- [Connect an MCP client](/docs/guides/ai/mcp/connect-mcp-client)
3535

36+
## Agent Tasks
37+
38+
Agent Tasks allow you to create authenticated sessions on behalf of users without going through the standard sign-in flow. This is useful for AI agent workflows where an agent needs to act on behalf of a user. Read the complete [Agent Tasks guide](/docs/guides/development/testing/agent-tasks).
39+
3640
## AI prompts
3741

3842
Clerk's AI prompt library provides curated prompts to help you work more efficiently with AI-powered development tools like Cursor, Claude Code, Codex, GitHub Copilot, and more. These prompts guide AI assistants in helping you implement Clerk's features correctly.
Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
---
2+
title: Agent Tasks
3+
description: Use Agent Tasks to create authenticated sessions on behalf of users in your tests and AI agent workflows.
4+
---
5+
6+
Agent Tasks provide a way to create authenticated sessions on behalf of users without going through the standard sign-in flow. When you create an agent task, Clerk returns a URL that, when visited, creates a session for the specified user and redirects to the URL of your choice.
7+
8+
This is useful for:
9+
10+
- Automated end-to-end testing where you need a signed-in user
11+
- AI agent workflows that act on behalf of a user
12+
13+
## Create an agent task
14+
15+
Use the [Backend SDK](/docs/reference/backend/agent-tasks/create) to create an agent task. The returned `url` can then be visited to establish the session.
16+
17+
```ts
18+
import { createClerkClient } from '@clerk/backend'
19+
20+
const clerkClient = createClerkClient({
21+
secretKey: process.env.CLERK_SECRET_KEY,
22+
})
23+
24+
const agentTask = await clerkClient.agentTasks.create({
25+
onBehalfOf: {
26+
userId: 'user_xxx',
27+
// or { identifier: 'test@example.com' }
28+
},
29+
permissions: '*',
30+
agentName: 'my-agent',
31+
taskDescription: 'Automated test login',
32+
redirectUrl: 'http://localhost:3000/dashboard',
33+
})
34+
35+
// agentTask.url is the URL to visit to authenticate the user
36+
```
37+
38+
## Use with Playwright
39+
40+
The following example shows how to use an agent task in a Playwright test to authenticate a user.
41+
42+
```ts {{ filename: 'e2e/app.spec.ts' }}
43+
import { createClerkClient } from '@clerk/backend'
44+
import { test, expect } from '@playwright/test'
45+
46+
const clerkClient = createClerkClient({
47+
secretKey: process.env.CLERK_SECRET_KEY,
48+
})
49+
50+
test('authenticated user flow', async ({ page }) => {
51+
const agentTask = await clerkClient.agentTasks.create({
52+
onBehalfOf: {
53+
userId: 'user_xxx',
54+
// or { identifier: 'test@example.com' }
55+
},
56+
permissions: '*',
57+
agentName: 'test-agent',
58+
taskDescription: 'test-login',
59+
redirectUrl: 'http://localhost:3000/dashboard',
60+
})
61+
62+
await page.goto(agentTask.url)
63+
await expect(page.locator('header')).toContainText('Welcome')
64+
})
65+
```
66+
67+
## Revoke an agent task
68+
69+
If you need to invalidate an agent task before it's used, you can [revoke it](/docs/reference/backend/agent-tasks/revoke).
70+
71+
```ts
72+
await clerkClient.agentTasks.revoke('agttsk_xxx')
73+
```

docs/guides/development/testing/overview.mdx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,10 @@ If the session token expires, you will need to refresh it with the same [create
2424

2525
For more information, feedback or issues, visit the [`@clerk/testing`](https://github.com/clerk/javascript/tree/main/packages/testing) package.
2626

27+
## Agent Tasks
28+
29+
Agent Tasks allow you to create authenticated sessions on behalf of users without going through the standard sign-in flow. This is useful for automated end-to-end testing and AI agent workflows. Read the complete [Agent Tasks guide](/docs/guides/development/testing/agent-tasks).
30+
2731
## Testing Tokens
2832

2933
Testing Tokens allow you to bypass bot detection mechanisms that protect Clerk applications from malicious bots, ensuring your test suites run smoothly. Without Testing Tokens, you may encounter "Bot traffic detected" errors in your requests.

docs/manifest.json

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1465,6 +1465,10 @@
14651465
"title": "Test emails and phones",
14661466
"href": "/docs/guides/development/testing/test-emails-and-phones"
14671467
},
1468+
{
1469+
"title": "Agent Tasks",
1470+
"href": "/docs/guides/development/testing/agent-tasks"
1471+
},
14681472
{
14691473
"title": "Cypress",
14701474
"items": [
@@ -3179,6 +3183,24 @@
31793183
]
31803184
]
31813185
},
3186+
{
3187+
"title": "Agent Tasks",
3188+
"tag": "(Beta)",
3189+
"items": [
3190+
[
3191+
{
3192+
"title": "`create()`",
3193+
"wrap": false,
3194+
"href": "/docs/reference/backend/agent-tasks/create"
3195+
},
3196+
{
3197+
"title": "`revoke()`",
3198+
"wrap": false,
3199+
"href": "/docs/reference/backend/agent-tasks/revoke"
3200+
}
3201+
]
3202+
]
3203+
},
31823204
{
31833205
"title": "Testing Tokens",
31843206
"items": [
Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
---
2+
title: '`create()`'
3+
description: Use Clerk's JS Backend SDK to create an agent task.
4+
sdk: js-backend
5+
---
6+
7+
Creates an [agent task](/docs/guides/development/testing/agent-tasks) that generates a URL which, when visited, creates a session for the specified user. This is useful for automated testing or agent-driven flows where full authentication isn't practical.
8+
9+
```ts
10+
function create(params: CreateAgentTaskParams): Promise<AgentTask>
11+
```
12+
13+
## `CreateAgentTaskParams`
14+
15+
<Properties>
16+
- `onBehalfOf`
17+
- `{ userId: string } | { identifier: string }`
18+
19+
The user to create the agent task for. Provide either a `userId` or an `identifier` (e.g., an email address).
20+
21+
---
22+
23+
- `permissions`
24+
- `string`
25+
26+
The permissions the agent task will have. Currently, `'*'` is the only supported value, which grants all permissions.
27+
28+
---
29+
30+
- `agentName`
31+
- `string`
32+
33+
The name of the agent creating the task.
34+
35+
---
36+
37+
- `taskDescription`
38+
- `string`
39+
40+
A description of the agent task.
41+
42+
---
43+
44+
- `redirectUrl`
45+
- `string`
46+
47+
The URL to redirect to after the agent task is consumed.
48+
49+
---
50+
51+
- `sessionMaxDurationInSeconds?`
52+
- `number`
53+
54+
The maximum duration in seconds for the session created by the agent task. Defaults to 30 minutes (1800 seconds).
55+
</Properties>
56+
57+
## `AgentTask`
58+
59+
`create()` returns an `AgentTask` object with the following properties:
60+
61+
<Properties>
62+
- `agentId`
63+
- `string`
64+
65+
A stable identifier for the agent, unique per `agentName` within an instance.
66+
67+
---
68+
69+
- `agentTaskId`
70+
- `string`
71+
72+
A unique identifier for this agent task.
73+
74+
---
75+
76+
- `url`
77+
- `string`
78+
79+
The URL that, when visited, creates a session for the user.
80+
</Properties>
81+
82+
## Example
83+
84+
<Include src="_partials/backend/usage" />
85+
86+
```tsx
87+
const agentTask = await clerkClient.agentTasks.create({
88+
onBehalfOf: {
89+
userId: 'user_xxx',
90+
},
91+
permissions: '*',
92+
agentName: 'my-agent',
93+
taskDescription: 'Perform automated action',
94+
redirectUrl: 'https://example.com/dashboard',
95+
})
96+
97+
// agentTask.url is the URL to visit to authenticate the user
98+
```
99+
100+
## Backend API (BAPI) endpoint
101+
102+
This method in the SDK is a wrapper around the BAPI endpoint `POST/agents/tasks`. See the [BAPI reference](/docs/reference/backend-api/tag/agent-tasks){{ target: '_blank' }} for more information.
Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
title: '`revoke()`'
3+
description: Use Clerk's JS Backend SDK to revoke an agent task.
4+
sdk: js-backend
5+
---
6+
7+
Revokes an existing agent task, preventing it from being used to create a session.
8+
9+
```ts
10+
function revoke(agentTaskId: string): Promise<Omit<AgentTask, 'url'>>
11+
```
12+
13+
## Parameters
14+
15+
<Properties>
16+
- `agentTaskId`
17+
- `string`
18+
19+
The ID of the agent task to revoke.
20+
</Properties>
21+
22+
## Example
23+
24+
<Include src="_partials/backend/usage" />
25+
26+
```tsx
27+
await clerkClient.agentTasks.revoke('agttsk_xxx')
28+
```
29+
30+
## Backend API (BAPI) endpoint
31+
32+
This method in the SDK is a wrapper around the BAPI endpoint `POST/agents/tasks/{agent_task_id}/revoke`. See the [BAPI reference](/docs/reference/backend-api/tag/agent-tasks/POST/agents/tasks/%7Bagent_task_id%7D/revoke){{ target: '_blank' }} for more information.

docs/reference/backend/overview.mdx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -533,6 +533,10 @@ The **SAML Connection** resource allows you to manage SAML connections associate
533533

534534
The **Sign-in Token** resource allows you to create and manage sign-in tokens for your application. Sign-in tokens are JWTs that can be used to sign in to an application without specifying any credentials. A sign-in token can be used at most once and can be consumed from the Frontend API using the `ticket` strategy.
535535

536+
### Agent tasks
537+
538+
The **Agent Task** resource allows you to create agent tasks that generate URLs for creating sessions on behalf of users. This is useful for automated testing or agent-driven flows where full authentication isn't practical. The `create()` operation returns an `AgentTask` object containing a `url` that, when visited, creates a session for the specified user.
539+
536540
### Testing tokens
537541

538542
The **Testing Token** resource allows you to create and manage [testing tokens](/docs/guides/development/testing/overview#testing-tokens) for your application. Testing tokens allow you to bypass bot detection mechanisms that protect Clerk applications from malicious bots, ensuring your end-to-end test suites run smoothly. Without Testing tokens, you may encounter "Bot traffic detected" errors in your requests.

0 commit comments

Comments
 (0)