Coding Agents
Configure coding agents in Coding Agents settings.| Agent | Authentication |
|---|---|
| Claude Code | Claude OAuth, Anthropic API key, or AWS Bedrock |
| Codex | OpenAI OAuth or OpenAI API key |
| Opencode | OpenRouter API key |
| Cursor | Cursor API key |
Anthropic API Key Alternative
Use an Anthropic API key (starts withsk-ant-) if you do not want to connect Claude OAuth.
OpenAI API Key Alternative
Use an OpenAI API key if you do not want to connect OpenAI OAuth for Codex.OpenRouter API Key
Use an OpenRouter API key (starts withsk-or-) for Opencode. Create one from the OpenRouter keys page.
Opencode
Use Opencode when you want an OpenRouter-backed coding agent. See the Opencode agent guide for setup details, models, and usage.Cursor API Key
Use a Cursor API key to run Cursor agents. Cursor supports Composer 2 and Composer 2.5. See the Cursor agent guide for setup details and usage.Bedrock Alternative
If you prefer AWS Bedrock for Claude, provide your AWS credentials instead of Claude OAuth. Bedrock credentials require:- Access Key ID
- Secret Access Key
- Region
Scopes
Credentials can be set at two levels:| Scope | Description |
|---|---|
| Organization | Shared by all members, used as default |
| User | Personal credentials, takes priority over org |
How Credentials Are Used
When a workspace is created, Replicas identifies the user and uses their credentials if available, falling back to organization credentials.Coding Agent Auth Fallback
Workspaces prefer Claude OAuth. When a workspace reports that its OAuth token was rejected, Replicas first force-rotates the OAuth token; only if Anthropic rejects that refresh does it fall back to the Anthropic API key, then AWS Bedrock, if either is configured. Codex works the same way: a rejected OpenAI OAuth token is force-rotated first, then Replicas falls back to the configured OpenAI API key. OAuth token refreshes are serialized per credential, so concurrent workspaces crossing the expiry threshold together no longer invalidate each other’s tokens. Workspaces also re-resolve Claude credentials when waking from hibernation, so a workspace that was sleeping while the OAuth token rotated upstream picks up the latest credentials on wake instead of failing the first message.Authentication Retry Behavior
If Claude, Codex, or Cursor returns an authentication error mid-conversation (for example, an access token that expired between messages, a ChatGPT session that ended on Codex, or a revoked Cursor API key), the workspace pauses the chat instead of surfacing the raw error. An amber re-authentication pill appears above the composer and the textarea and Send button stay disabled while credentials are refreshed and your message is replayed automatically. If every retry fails, the chat shows a “Couldn’t authenticate” message for the selected agent. Check your credentials in Coding Agents settings and try again.From Linear
When you assign an issue to Replicas, it finds your Replicas account by matching your Linear email. Your personal agent credentials and preferences are used if configured.From GitHub
Your personal GitHub account is automatically connected when an admin connects GitHub at the organization level. When you mention@tryreplicas on a PR, Replicas identifies you by your GitHub login and uses your personal credentials.
If you need to reconnect or use a different GitHub or GitLab account, you can do so manually in User settings (click Settings in the sidebar).
From GitLab
When you mention@tryreplicas on a merge request or issue, Replicas identifies you by your GitLab username and uses your personal credentials. Connect your personal GitLab account from Account → Integrations to attribute merge requests to you. See GitLab integration.