docs(seqera-ai): align Enterprise Co-Scientist docs for 26.1#1381
Open
llewellyn-sl wants to merge 6 commits intoenterprise-26.1-documentationfrom
Open
docs(seqera-ai): align Enterprise Co-Scientist docs for 26.1#1381llewellyn-sl wants to merge 6 commits intoenterprise-26.1-documentationfrom
llewellyn-sl wants to merge 6 commits intoenterprise-26.1-documentationfrom
Conversation
✅ Deploy Preview for seqera-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
bebosudo
reviewed
May 4, 2026
| ```bash | ||
| export SEQERA_AUTH_DOMAIN=https://cloud.seqera.io/api | ||
| export SEQERA_AUTH_DOMAIN=https://platform.example.com/api | ||
| export SEQERA_AUTH_CLI_CLIENT_ID=seqera_ai_cli |
Member
There was a problem hiding this comment.
Suggested change
| export SEQERA_AUTH_CLI_CLIENT_ID=seqera_ai_cli |
this doesn't seem to be needed
Member
There was a problem hiding this comment.
I added these 4 to my shell when trying to get the CLI working. TBD if they were all necessary:
- `SEQERA_AI_BACKEND_URL`
- `SEQERA_AUTH_DOMAIN`
- `SEQERA_AUTH_CLI_CLIENT_ID`
- `TOWER_ACCESS_TOKEN`
gwright99
reviewed
May 4, 2026
Member
gwright99
left a comment
gwright99
left a comment
There was a problem hiding this comment.
Commented on the parts of this PR which touched upon deployment. I did not review the "how to use the CLI" since this was not part of my efforts last week.
| - **Token encryption key** for encrypting sensitive tokens at rest. Generate with: | ||
| - Seqera Platform Enterprise 26.1 or later deployed with the [Seqera Platform Helm chart](./platform-helm.md). | ||
| - Helm v3 and `kubectl` installed locally. | ||
| - DNS names and TLS certificates for the Platform, agent backend, MCP server, and portal web interface hosts. |
Member
There was a problem hiding this comment.
If created manually, where are they getting the FQDNs from? Having to look at the Helm chart config?
| - Seqera Platform Enterprise 26.1 or later deployed with the [Seqera Platform Helm chart](./platform-helm.md). | ||
| - Helm v3 and `kubectl` installed locally. | ||
| - DNS names and TLS certificates for the Platform, agent backend, MCP server, and portal web interface hosts. | ||
| - Access to pull the `agent-backend`, `mcp`, and `portal-web` images from `cr.seqera.io`, or mirrored copies in your internal registry. |
Member
There was a problem hiding this comment.
Define repo? How does this align to the comments @bebosudo made today about the new proxy sites?
| - Helm v3 and `kubectl` installed locally. | ||
| - DNS names and TLS certificates for the Platform, agent backend, MCP server, and portal web interface hosts. | ||
| - Access to pull the `agent-backend`, `mcp`, and `portal-web` images from `cr.seqera.io`, or mirrored copies in your internal registry. | ||
| - A MySQL 8 database for the agent backend. You can use the same MySQL instance as Platform with a separate database and user, or a separate instance. |
Member
There was a problem hiding this comment.
Minor version? I assume we want 8.4?
| - DNS names and TLS certificates for the Platform, agent backend, MCP server, and portal web interface hosts. | ||
| - Access to pull the `agent-backend`, `mcp`, and `portal-web` images from `cr.seqera.io`, or mirrored copies in your internal registry. | ||
| - A MySQL 8 database for the agent backend. You can use the same MySQL instance as Platform with a separate database and user, or a separate instance. | ||
| - A Redis 7 instance for agent backend task coordination. |
Member
There was a problem hiding this comment.
Minor version? 7.2.x or something else?
Talk about Valkey support?
| - Keep the agent backend token encryption key stable across upgrades. Changing it prevents the backend from decrypting existing encrypted values. | ||
| - MCP uses the user's Platform token to call Platform APIs. The agent backend does not need a separate long-lived Platform service credential for user-scoped tool calls. | ||
| - Use separate MySQL credentials for the agent backend database. | ||
| - Enable Redis TLS and MySQL TLS when your managed services require encrypted connections. |
Member
There was a problem hiding this comment.
See earlier comment about Valkey
| See [Authentication](./authentication.md) for a comprehensive authentication guide. | ||
|
|
||
| If you are testing a development build of the CLI against the hosted production Seqera AI service, see [Install Seqera AI](../enterprise/install-seqera-ai.md#connect-the-cli-to-seqera-ai) for the required environment variables. | ||
| For Enterprise deployments, set `SEQERA_AI_BACKEND_URL` to your organization's agent backend before you start Co-Scientist. See [Authentication](./authentication.md#connect-to-an-enterprise-backend) for the full environment variable reference. |
Member
There was a problem hiding this comment.
Is this on the Platform config page?
justinegeffen
changed the base branch from
master
to
enterprise-26.1-documentation
llewellyn-sl
force-pushed
the
26-1-docs-update
branch
from
239f207 to
403a157
Compare
llewellyn-sl
force-pushed
the
26-1-docs-update
branch
from
e7df482 to
3fb137d
Compare
bebosudo
reviewed
May 6, 2026
Member
bebosudo
left a comment
bebosudo
left a comment
There was a problem hiding this comment.
Some initial recommendations, I've got some more coming up
| - Access to pull the images required by the Helm charts from the configured container registry, or mirrored copies in your internal registry. See [Seqera container images](./advanced-topics/seqera-container-images.md) and [Mirroring container images](./configuration/mirroring.md). | ||
| - A MySQL 8.4 LTS-compatible database for the agent backend. You can use the same MySQL instance as Platform with a separate database and user, or a separate instance. | ||
| - A Redis 7.2-compatible or Valkey 7.2-compatible instance for agent backend task coordination. | ||
| - A stable Fernet token encryption key for the agent backend if you use Kustomize or need encrypted values to survive chart upgrades. Helm-only installs can let the chart generate this key, but explicitly setting it avoids accidental regeneration. |
Member
There was a problem hiding this comment.
Suggested change
| - A stable Fernet token encryption key for the agent backend if you use Kustomize or need encrypted values to survive chart upgrades. Helm-only installs can let the chart generate this key, but explicitly setting it avoids accidental regeneration. | |
| - A stable Fernet token encryption key for the agent backend if you use Kustomize. Helm-only installs can let the chart generate this key, but explicitly setting it avoids accidental regeneration. |
I'd say that most users don't want to brick their db when upgrading :)
Member
There was a problem hiding this comment.
Shall we move this point lower in the list so the instructions to generate the key come right after it?
Co-authored-by: Alberto Chiusole <1922124+bebosudo@users.noreply.github.com> Signed-off-by: Justine Geffen <justinegeffen@users.noreply.github.com>
Co-authored-by: Alberto Chiusole <1922124+bebosudo@users.noreply.github.com> Signed-off-by: Justine Geffen <justinegeffen@users.noreply.github.com>
Co-authored-by: Alberto Chiusole <1922124+bebosudo@users.noreply.github.com> Signed-off-by: Justine Geffen <justinegeffen@users.noreply.github.com>
Co-authored-by: Alberto Chiusole <1922124+bebosudo@users.noreply.github.com> Signed-off-by: Justine Geffen <justinegeffen@users.noreply.github.com>
Contributor
|
fix formatting |
bebosudo
requested changes
May 7, 2026
| value: "false" | ||
| ``` | ||
|
|
||
| Documentation search embeddings are independent from chat inference. Keep Titan embeddings configured through Bedrock when you use improved documentation search. |
Member
There was a problem hiding this comment.
Adding this note here as a reminder to update the docs after we update the helm charts and define the inference provider and documentation index user-interface (i.e. there should be no need to specify values via extraEnvVars). cc @endre-seqera
| Configure Bedrock so Claude inference and Titan embeddings run in your AWS account. Bedrock is the recommended Enterprise configuration. | ||
|
|
||
| ```yaml | ||
| agent-backend: |
Member
There was a problem hiding this comment.
I'm not sure specifying agent-backend may be misleading to users, and I need to test what happens when the same map is specified multiple times, does it augment the previous one or overwrite it?
| agent-backend: | ||
| bedrockAgentCoreArn: arn:aws:bedrock-agentcore:<region>:<account-id>:runtime/<runtime-id> | ||
| ``` | ||
|
|
Member
There was a problem hiding this comment.
Suggested change
| If the `bedrockAssumeRoleArn` value is defined, agent backend will first assume the role before interacting with the agent core runtime. | |
| ## Configure the portal web interface | ||
|
|
||
| Install the CLI first by following [Seqera AI CLI installation](../seqera-ai/installation.mdx), or install it directly with: | ||
| The portal web chart serves the browser interface and proxies requests to the agent backend. It derives Platform OIDC settings from the Platform domain and uses the fixed Enterprise client values required by the application. |
Member
There was a problem hiding this comment.
Suggested change
| The portal web chart serves the browser interface and proxies requests to the agent backend. It derives Platform OIDC settings from the Platform domain and uses the fixed Enterprise client values required by the application. | |
| The portal web chart serves the browser interface and proxies requests to the agent backend. It authenticates users through Seqera Platform. |
I don't think the second part of the sentence adds value?
| enabled: true | ||
| ``` | ||
|
|
||
| Expose MCP, agent backend, and portal web through the chart ingress only if you use Kubernetes Ingress. If you use the Gateway API or another network layer, configure that layer instead. |
Member
There was a problem hiding this comment.
This sentence should go at the top of the document probably, and made less redundant possibly, something like "The MCP, agent backend and portal web Helm charts provide the option to define kubernetes ingresses: other methods to expose the services can be used, e.g. via the extraDeploy resource".
Comment on lines
+174
to
+184
| The chart sets: | ||
|
|
||
| | Environment variable | Value | | ||
| | --- | --- | | ||
| | `SEQERA_PLATFORM_API_URL` | `http://<global.platformServiceAddress>:<global.platformServicePort>` | | ||
| | `SEQERA_PLATFORM_APP_URL` | `https://<global.platformExternalDomain>` | | ||
| | `SEQERA_AGENT_BACKEND_URL` | `https://<global.agentBackendDomain>` | | ||
| | `SEQERA_AUTH_DOMAIN` | `https://<global.platformExternalDomain>/api` | | ||
|
|
||
| Set optional observability or feature flag variables with `portal-web.extraEnvVars` only if your Enterprise environment uses them. | ||
|
|
Member
There was a problem hiding this comment.
Suggested change
| The chart sets: | |
| | Environment variable | Value | | |
| | --- | --- | | |
| | `SEQERA_PLATFORM_API_URL` | `http://<global.platformServiceAddress>:<global.platformServicePort>` | | |
| | `SEQERA_PLATFORM_APP_URL` | `https://<global.platformExternalDomain>` | | |
| | `SEQERA_AGENT_BACKEND_URL` | `https://<global.agentBackendDomain>` | | |
| | `SEQERA_AUTH_DOMAIN` | `https://<global.platformExternalDomain>/api` | | |
| Set optional observability or feature flag variables with `portal-web.extraEnvVars` only if your Enterprise environment uses them. |
No need to specify the env vars.
The second sentence doesn't provide any variable and may be misleading to enterprise users.
|
|
||
| Enterprise deployments do not use Seqera Cloud credit balances or the Cloud credit request flow. Usage and inference costs are managed by your organization through the configured inference provider, such as AWS Bedrock or Anthropic API. | ||
|
|
||
| When `ORG_CREDITS_ENABLED=false` is set on the agent backend deployment, the CLI `/credits` command reports that usage is managed by your organization and directs users to their Seqera administrator. |
Member
There was a problem hiding this comment.
I want to bring this value into the helm chart if it's important to enterprise customers so they won't need to play with extraEnvVars
|
|
||
| ## Usage and cost | ||
|
|
||
| Enterprise deployments do not use Seqera Cloud credit balances or the Cloud credit request flow. Usage and inference costs are managed by your organization through the configured inference provider, such as AWS Bedrock or Anthropic API. |
Member
There was a problem hiding this comment.
I don't think enterprise customers can install the AI apps on-prem and point them to platform cloud, so the mention of "seqera cloud credits" may not mean much?
| If your Enterprise deployment uses a different OAuth client ID for the CLI, replace `seqera_ai_cli` with the value configured for your installation. | ||
| The agent backend `/health` endpoint returns `200 OK` when the service starts and required dependencies are reachable. The MCP server exposes `/health` for reachability and `/service-info` for server and protocol information. The portal web interface does not expose a matching `/service-info` endpoint; use the HTTP response and browser sign-in test to confirm it is reachable. | ||
|
|
||
| Open the portal web interface, for example `https://ai.platform.example.com`, and sign in with your Platform account. A successful login confirms that Platform OIDC, portal web, and the agent backend are connected. |
Member
There was a problem hiding this comment.
Suggested change
| Open the portal web interface, for example `https://ai.platform.example.com`, and sign in with your Platform account. A successful login confirms that Platform OIDC, portal web, and the agent backend are connected. | |
| Open the portal web interface, for example `https://ai.platform.example.com`, and sign in with your Platform account. A successful login confirms that Platform OIDC, portal web, and the agent backend are connected. Start a chat in the interface to test the inference provider configuration; if sandboxing was configured, try asking a specific question that would trigger a sandbox execution, e.g. `What's the accurate square root of 98723516236?`, which should prompt the model to write a small Python script that should run in the sandbox. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Validation
git diff --checkplatform-enterprise_docs/enterprise-sidebar.jsonNotes