Skip to main content
Craft lets users turn a prompt into finished work (web apps, documents, reports, slides, automations) with a free-form AI agent in an isolated sandbox. Because it reads company data, acts in connected apps, and runs shared skills on everyone’s behalf, you govern the surface area: who can use it, which models, skills, and apps they reach, and which actions need approval. For self-hosted setup, see the Craft deployment guide.

Prerequisites

Craft requires:
  • Craft enabled for the workspace (ENABLE_CRAFT=true on self-hosted deployments).
  • A full Onyx deployment (Craft is not compatible with Onyx Lite or with the vector database disabled).
  • A supported model provider available to Craft users: Anthropic, OpenAI, or OpenRouter.
  • Admin access to manage skills, apps, and action policies.
Craft runs generated code in isolated sandboxes. If you self-host, review the deployment and security guidance before enabling Craft broadly.

What you control

AreaWhat you decide
User accessWhich users or groups can reach the models and features Craft needs.
Model providersWhich supported providers and models are available.
SkillsWhich built-in skills are active, plus organization and group-shared custom skills.
AppsWhich apps exist, how credentials are supplied, and how users connect them.
ApprovalsWhether each app action is auto-approved, asks the user, or is denied.

Roll out Craft

1

Confirm prerequisites

Check the requirements above. On self-hosted, confirm the sandbox backend, proxy, file storage, and scheduled-task workers are ready.
2

Pilot with a few users

Start with users who have concrete artifact workflows: recurring reports, dashboards, presentations, or app-backed summaries.
3

Publish only the skills they need

Enable built-in skills deliberately and review custom bundles before sharing. See Managing Skills.
4

Enable apps with conservative policies

Start sensitive actions at Ask or Deny, and reserve Auto-approve for low-risk reads. See Managing Apps.
5

Review, then expand

Confirm users get the artifacts they need, approvals read clearly, and scheduled tasks complete without avoidable failures.

Govern over time

Governance is ongoing, not a one-time rollout. On a regular cadence:
  • Skills: re-read published org skills and retire stale ones. Personal skills are user-owned and sit outside org review. See Managing Skills.
  • Apps: revisit action policies, pull back anything that crept to Auto-approve, and rotate credentials. See Managing Apps.
  • Scheduled tasks: these run on the creator’s permissions and pre-approved apps, so confirm pre-approvals still match narrow, safe workflows.

Data access

Craft acts as the signed-in user. When it searches company knowledge, Onyx’s access controls apply: Craft only returns documents that user is already permitted to see. Craft’s working files are separate from your indexed connector data:
  • Session attachments belong to a single Craft session.
  • User Library files are reusable files owned by a user.
  • Generated artifacts belong to the session that produced them.

Where to go next

Managing Skills

Publish, govern, and audit built-in, organization, and personal skills.

Managing Apps

Connect apps, control credentials, and set action policies.

Deployment

Configure Kubernetes or Docker Compose sandboxes for self-hosted Craft.

Architecture

Review the sandbox, proxy, search, credential, and sharing boundaries.