> ## Documentation Index
> Fetch the complete documentation index at: https://docs.karta.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# How-to index

> Search-friendly answers for the public Karta jobs in the process inventory, with each question routed to the canonical docs page.

Use this page when you know the task in your own words but not the page that
owns it. Each row uses a question a developer, operator, or security reviewer is
likely to type, then points to the canonical page that answers it.

## Process coverage

* Public process questions covered here: **281**.
* Canonical answers stay in the task pages; this index makes those answers
  findable through docs search, browser search, and agent retrieval.

## Learning, evaluation, and documentation journeys

| Question                                                          | Answer                                                                                                                                                                                                                                                             |
| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| How do I choose a docs path by job?                               | To choose a docs path by job, start with [Choose your path](/journeys); it compares jobs, roles, integration choices, and the next page to read.                                                                                                                   |
| How do I learn core Karta vocabulary?                             | To learn core Karta vocabulary, use [Glossary](/glossary); it defines the shared product, API, security, and operations vocabulary.                                                                                                                                |
| How do I evaluate Karta for production?                           | To evaluate Karta for production, start with [Choose your path](/journeys); it compares jobs, roles, integration choices, and the next page to read.                                                                                                               |
| How do I review production architecture?                          | To review production architecture, use [Architecture review](/security/architecture-review); it gives architects the production review frame for planes, credentials, isolation, spend, audit, and operations.                                                     |
| How do I review the security model?                               | To review the security model, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                                       |
| How do I review production readiness?                             | To review production readiness, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                                    |
| How do I decide widget vs API vs adapter integration?             | To decide widget vs API vs adapter integration, start with [Choose your path](/journeys); it compares jobs, roles, integration choices, and the next page to read. Related: [Consumer adapters](/api-reference/adapters/overview).                                 |
| How do I decide native session API vs OpenAI adapter?             | To decide native session API vs OpenAI adapter, start with [Choose your path](/journeys); it compares jobs, roles, integration choices, and the next page to read. Related: [Consumer adapters](/api-reference/adapters/overview).                                 |
| How do I decide anonymous vs signed-in widget?                    | To decide anonymous vs signed-in widget, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent). |
| How do I decide per-user vs team-role vs backend-job karta grain? | To decide per-user vs team-role vs backend-job karta grain, use [Kartas & memory](/concepts/instances-and-memory); it explains karta ids, per-user/team/job/fleet boundaries, durable memory, and ephemeral choices.                                               |
| How do I decide whether memory should be durable or ephemeral?    | To decide whether memory should be durable or ephemeral, use [Kartas & memory](/concepts/instances-and-memory); it explains karta ids, per-user/team/job/fleet boundaries, durable memory, and ephemeral choices.                                                  |
| How do I review trust and compliance materials?                   | To review trust and compliance materials, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                                           |
| How do I check platform status?                                   | To check platform status, check [Status page](https://status.karta.sh); it shows live platform health and incident updates.                                                                                                                                        |
| How do I find troubleshooting guidance by symptom?                | To find troubleshooting guidance by symptom, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                     |

## Creating and authoring an agent

| Question                                                  | Answer                                                                                                                                                                                                                                         |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I create an agent project?                         | To create an agent project, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings.                                                                    |
| How do I scaffold a starter agent with `karta create`?    | To scaffold a starter agent with `karta create`, follow [Quickstart](/quickstart); it walks through CLI install, login, scaffold, setup, deploy, and opening the live agent.                                                                   |
| How do I create a blank skeleton agent?                   | To create a blank skeleton agent, follow [Quickstart](/quickstart); it walks through CLI install, login, scaffold, setup, deploy, and opening the live agent.                                                                                  |
| How do I create an FAQ/support-agent starter?             | To create an FAQ/support-agent starter, follow [Support-bot tutorial](/tutorials/support-bot); it walks through a working support-bot agent and local integration path.                                                                        |
| How do I bring an existing Claude Code project?           | To bring an existing Claude Code project, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                    |
| How do I bring an existing OpenCode project?              | To bring an existing OpenCode project, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                       |
| How do I bring an existing DeepAgents project?            | To bring an existing DeepAgents project, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                     |
| How do I bring an existing Goose project?                 | To bring an existing Goose project, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                          |
| How do I write CLAUDE.md instructions?                    | To write CLAUDE.md instructions, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                             |
| How do I write AGENTS.md instructions?                    | To write AGENTS.md instructions, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                             |
| How do I replace starter instructions?                    | To replace starter instructions, follow [Quickstart](/quickstart); it walks through CLI install, login, scaffold, setup, deploy, and opening the live agent.                                                                                   |
| How do I add a .claude directory?                         | To add a .claude directory, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                                  |
| How do I create a DeepAgents agent from the CLI?          | To create a DeepAgents agent from the CLI, follow [Quickstart](/quickstart); it walks through CLI install, login, scaffold, setup, deploy, and opening the live agent.                                                                         |
| How do I create a Goose agent from the CLI?               | To create a Goose agent from the CLI, follow [Quickstart](/quickstart); it walks through CLI install, login, scaffold, setup, deploy, and opening the live agent.                                                                              |
| How do I add sub-agents?                                  | To add sub-agents, use [Sub-agent files](/build/defining-agents); it documents sub-agent file locations, frontmatter, routing keys, defaults, and handoff patterns. Related: [Sub-agents](/concepts/agents).                                   |
| How do I add a skill?                                     | To add a skill, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                                              |
| How do I bind a skill to an agent?                        | To bind a skill to an agent, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                                 |
| How do I configure MCP servers?                           | To configure MCP servers, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                                    |
| How do I define tools?                                    | To define tools, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                                             |
| How do I configure hooks?                                 | To configure hooks, use [Configuration](/build/configuration); it covers runtime behavior, hooks, policies, message visibility, and approval-related configuration. Related: [Hooks & policies](/sdks/python/hooks-and-policies).              |
| How do I configure policies?                              | To configure policies, use [Configuration](/build/configuration); it covers runtime behavior, hooks, policies, message visibility, and approval-related configuration. Related: [Hooks & policies](/sdks/python/hooks-and-policies).           |
| How do I configure karta.toml?                            | To configure karta.toml, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                              |
| How do I name an agent?                                   | To name an agent, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings.                                                                              |
| How do I enable the deploy gate?                          | To enable the deploy gate, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                            |
| How do I declare env vars?                                | To declare env vars, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                                  |
| How do I mark env vars as secret?                         | To mark env vars as secret, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                           |
| How do I pick buildpack vs Dockerfile vs file-copy build? | To pick buildpack vs Dockerfile vs file-copy build, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                   |
| How do I configure a Python entry point?                  | To configure a Python entry point, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                    |
| How do I configure a multi-agent repo?                    | To configure a multi-agent repo, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                      |
| How do I avoid duplicate agent names?                     | To avoid duplicate agent names, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                       |
| How do I define model override?                           | To define model override, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.                                                                                 |
| How do I define runtime behavior?                         | To define runtime behavior, use [Configuration](/build/configuration); it covers runtime behavior, hooks, policies, message visibility, and approval-related configuration. Related: [Hooks & policies](/sdks/python/hooks-and-policies).      |
| How do I configure message visibility?                    | To configure message visibility, use [Configuration](/build/configuration); it covers runtime behavior, hooks, policies, message visibility, and approval-related configuration. Related: [Hooks & policies](/sdks/python/hooks-and-policies). |
| How do I configure approvals behavior?                    | To configure approvals behavior, use [Inputs API](/api-reference/inputs); it documents pending input prompts plus approve-once, approve-for-session, and deny decisions.                                                                       |

## Local development, testing, and evaluation

| Question                                                    | Answer                                                                                                                                                                                                                                                         |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I install the Karta CLI?                             | To install the Karta CLI, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                                           |
| How do I run `karta doctor`?                                | To run `karta doctor`, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                                              |
| How do I log in with device flow?                           | To log in with device flow, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                                         |
| How do I log in with a piped token?                         | To log in with a piped token, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                                       |
| How do I select a CLI profile?                              | To select a CLI profile, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                                            |
| How do I check `karta whoami`?                              | To check `karta whoami`, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                                            |
| How do I run an agent locally with `karta dev`?             | To run an agent locally with `karta dev`, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                           |
| How do I send a one-shot local message with `karta dev -m`? | To send a one-shot local message with `karta dev -m`, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                               |
| How do I keep a stable local port for a frontend?           | To keep a stable local port for a frontend, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                         |
| How do I simulate a verified user locally?                  | To simulate a verified user locally, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent). |
| How do I exercise the same session API locally?             | To exercise the same session API locally, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                           |
| How do I hot-reload instruction edits?                      | To hot-reload instruction edits, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                                    |
| How do I exercise approval prompts locally?                 | To exercise approval prompts locally, use [Inputs API](/api-reference/inputs); it documents pending input prompts plus approve-once, approve-for-session, and deny decisions.                                                                                  |
| How do I point a custom frontend at the local session API?  | To point a custom frontend at the local session API, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                |
| How do I run a support-bot tutorial locally?                | To run a support-bot tutorial locally, follow [Support-bot tutorial](/tutorials/support-bot); it walks through a working support-bot agent and local integration path.                                                                                         |
| How do I test a browser widget through a local proxy?       | To test a browser widget through a local proxy, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                     |
| How do I test streaming SSE parsing?                        | To test streaming SSE parsing, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation.                                                                                           |
| How do I test multi-turn session resume?                    | To test multi-turn session resume, use [Sessions API](/api-reference/sessions); it documents session creation, fetching, metadata, identity fields, and session resumption.                                                                                    |
| How do I test sub-agent routing?                            | To test sub-agent routing, use [Sub-agent files](/build/defining-agents); it documents sub-agent file locations, frontmatter, routing keys, defaults, and handoff patterns. Related: [Sub-agents](/concepts/agents).                                           |
| How do I test skill behavior?                               | To test skill behavior, follow [Agent structure](/build/agent-structure); it explains the agent project files, harness config, sub-agents, skills, tools, and settings. Related: [Skills](/build/skills).                                                      |
| How do I reproduce a production release locally?            | To reproduce a production release locally, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                          |
| How do I bind production env vars locally?                  | To bind production env vars locally, use [karta.toml](/build/karta-toml); it documents deploy manifest fields, agent names, env vars, secrets, build modes, and entry points.                                                                                  |
| How do I include secrets for audited local reproduction?    | To include secrets for audited local reproduction, use [CLI overview](/cli/overview); it covers CLI install, login, profiles, local dev, stable ports, commands, and local/production parity.                                                                  |
| How do I detect PATH shadowing?                             | To detect PATH shadowing, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                                    |
| How do I validate local runtime bootstrap?                  | To validate local runtime bootstrap, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                         |

## Deploying and releasing an agent

| Question                                             | Answer                                                                                                                                                                                                          |
| ---------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I configure delivery with `karta setup`?      | To configure delivery with `karta setup`, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                   |
| How do I commit an agent project to git?             | To commit an agent project to git, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                          |
| How do I deploy with `karta deploy`?                 | To deploy with `karta deploy`, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                              |
| How do I deploy by hosted git push?                  | To deploy by hosted git push, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                               |
| How do I deploy by folder upload?                    | To deploy by folder upload, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                                 |
| How do I deploy by GitHub sync?                      | To deploy by GitHub sync, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                                   |
| How do I deploy from CI?                             | To deploy from CI, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                                          |
| How do I provision the hosted agent on first deploy? | To provision the hosted agent on first deploy, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.              |
| How do I wire the `karta` git remote?                | To wire the `karta` git remote, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                             |
| How do I build a release?                            | To build a release, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.                  |
| How do I stream build progress?                      | To stream build progress, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                                   |
| How do I activate a release?                         | To activate a release, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.               |
| How do I keep the agent URL stable across deploys?   | To keep the agent URL stable across deploys, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                |
| How do I deploy all enabled agents in a repo?        | To deploy all enabled agents in a repo, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                     |
| How do I publish a release over the API?             | To publish a release over the API, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.   |
| How do I roll back from the dashboard?               | To roll back from the dashboard, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.     |
| How do I roll back with CLI?                         | To roll back with CLI, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.               |
| How do I roll back over the API?                     | To roll back over the API, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.           |
| How do I pin a session to a release?                 | To pin a session to a release, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.       |
| How do I pin a scheduled run to a release?           | To pin a scheduled run to a release, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases. |
| How do I fetch a release archive?                    | To fetch a release archive, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.          |
| How do I inspect recent releases?                    | To inspect recent releases, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.          |
| How do I read build logs?                            | To read build logs, follow [Deploy loop](/deploy/deploy-loop); it covers setup, git remotes, deploy methods, build progress, hosted agents, and failed-deploy recovery.                                         |
| How do I handle a failed build?                      | To handle a failed build, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                     |
| How do I re-run a failed deploy?                     | To re-run a failed deploy, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                    |

## Running and consuming an agent

| Question                                                   | Answer                                                                                                                                                                                                                                                                 |
| ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I open the hosted chat page?                        | To open the hosted chat page, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).          |
| How do I create a session?                                 | To create a session, use [Sessions API](/api-reference/sessions); it documents session creation, fetching, metadata, identity fields, and session resumption.                                                                                                          |
| How do I send a message?                                   | To send a message, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).                        |
| How do I stream a response?                                | To stream a response, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).                     |
| How do I accumulate a non-streaming response?              | To accumulate a non-streaming response, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).   |
| How do I resume a session by id?                           | To resume a session by id, use [Sessions API](/api-reference/sessions); it documents session creation, fetching, metadata, identity fields, and session resumption.                                                                                                    |
| How do I fetch a session?                                  | To fetch a session, use [Sessions API](/api-reference/sessions); it documents session creation, fetching, metadata, identity fields, and session resumption.                                                                                                           |
| How do I pass session metadata?                            | To pass session metadata, use [Sessions API](/api-reference/sessions); it documents session creation, fetching, metadata, identity fields, and session resumption.                                                                                                     |
| How do I pass end\_user\_id?                               | To pass end\_user\_id, use [Kartas & memory](/concepts/instances-and-memory); it explains karta ids, per-user/team/job/fleet boundaries, durable memory, and ephemeral choices. Related: [Sessions API](/api-reference/sessions).                                      |
| How do I pass agent\_instance\_id from a trusted backend?  | To pass agent\_instance\_id from a trusted backend, use [Kartas & memory](/concepts/instances-and-memory); it explains karta ids, per-user/team/job/fleet boundaries, durable memory, and ephemeral choices. Related: [Sessions API](/api-reference/sessions).         |
| How do I route to a sub-agent?                             | To route to a sub-agent, use [Sub-agent files](/build/defining-agents); it documents sub-agent file locations, frontmatter, routing keys, defaults, and handoff patterns. Related: [Sub-agents](/concepts/agents).                                                     |
| How do I hand off between sub-agents?                      | To hand off between sub-agents, use [Sessions & participants](/concepts/sessions-and-participants); it explains sessions, participants, handoffs, metadata, and ownership boundaries. Related: [Sub-agent files](/build/defining-agents).                              |
| How do I resolve an input prompt?                          | To resolve an input prompt, use [Inputs API](/api-reference/inputs); it documents pending input prompts plus approve-once, approve-for-session, and deny decisions.                                                                                                    |
| How do I approve a tool once?                              | To approve a tool once, use [Inputs API](/api-reference/inputs); it documents pending input prompts plus approve-once, approve-for-session, and deny decisions.                                                                                                        |
| How do I approve a tool for the session?                   | To approve a tool for the session, use [Inputs API](/api-reference/inputs); it documents pending input prompts plus approve-once, approve-for-session, and deny decisions.                                                                                             |
| How do I deny a tool action?                               | To deny a tool action, use [Inputs API](/api-reference/inputs); it documents pending input prompts plus approve-once, approve-for-session, and deny decisions.                                                                                                         |
| How do I interrupt a user turn?                            | To interrupt a user turn, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).                 |
| How do I submit a gateway event?                           | To submit a gateway event, use [Gateway API](/api-reference/gateway); it documents participant delivery, gateway events, and multi-party session routing. Related: [Sessions & participants](/concepts/sessions-and-participants).                                     |
| How do I deliver to a participant?                         | To deliver to a participant, use [Gateway API](/api-reference/gateway); it documents participant delivery, gateway events, and multi-party session routing. Related: [Sessions & participants](/concepts/sessions-and-participants).                                   |
| How do I use a Managed Agents event log client?            | To use a Managed Agents event log client, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview). |
| How do I use OpenAI Responses shape?                       | To use OpenAI Responses shape, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).            |
| How do I use OpenAI Chat Completions shape?                | To use OpenAI Chat Completions shape, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).     |
| How do I continue with previous\_response\_id?             | To continue with previous\_response\_id, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).  |
| How do I read typed SSE events?                            | To read typed SSE events, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation.                                                                                                        |
| How do I handle mid-stream error events?                   | To handle mid-stream error events, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation.                                                                                               |
| How do I handle pre-stream HTTP errors?                    | To handle pre-stream HTTP errors, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation.                                                                                                |
| How do I retry 429?                                        | To retry 429, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation.                                                                                                                    |
| How do I retry 503 with Retry-After?                       | To retry 503 with Retry-After, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation.                                                                                                   |
| How do I preserve request correlation context for support? | To preserve request correlation context for support, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation.                                                                             |

## Embedding and frontend integration

| Question                                                          | Answer                                                                                                                                                                                                                                                                                      |
| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I create an embed key?                                     | To create an embed key, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                                     |
| How do I copy the reveal-once embed key?                          | To copy the reveal-once embed key, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                          |
| How do I add allowed origins?                                     | To add allowed origins, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                                     |
| How do I embed the widget script tag?                             | To embed the widget script tag, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                             |
| How do I customize inline theme fields?                           | To customize inline theme fields, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                           |
| How do I configure appearance in the dashboard?                   | To configure appearance in the dashboard, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                   |
| How do I configure widget behavior?                               | To configure widget behavior, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                               |
| How do I configure pre-chat consent?                              | To configure pre-chat consent, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                              |
| How do I configure localization?                                  | To configure localization, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                                  |
| How do I open the widget from a custom button?                    | To open the widget from a custom button, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                    |
| How do I send a message from host-page code?                      | To send a message from host-page code, use [Messages API](/api-reference/messages); it documents sending turns, streaming responses, unary responses, interrupts, and adapter-shaped message flows. Related: [Consumer adapters](/api-reference/adapters/overview).                         |
| How do I subscribe to widget events?                              | To subscribe to widget events, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                              |
| How do I identify a soft user?                                    | To identify a soft user, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent).                                          |
| How do I identify a verified user?                                | To identify a verified user, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent).                                      |
| How do I generate an HMAC identity token server-side?             | To generate an HMAC identity token server-side, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent).                   |
| How do I generate a structured step-up identity token?            | To generate a structured step-up identity token, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent).                  |
| How do I refresh identity after step-up?                          | To refresh identity after step-up, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent).                                |
| How do I use backend-minted session tokens instead of embed keys? | To use backend-minted session tokens instead of embed keys, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget). |
| How do I implement a token endpoint?                              | To implement a token endpoint, use [Session tokens](/security/session-tokens); it covers browser-safe session-token minting, claims, TTLs, verified subjects, and refresh.                                                                                                                  |
| How do I use tokenFn refresh?                                     | To use tokenFn refresh, use [Session tokens](/security/session-tokens); it covers browser-safe session-token minting, claims, TTLs, verified subjects, and refresh.                                                                                                                         |
| How do I build a custom UI with the headless client?              | To build a custom UI with the headless client, use [Headless React](/sdks/widget/headless-react); it covers the headless client, React bindings, custom UI flows, and token refresh.                                                                                                        |
| How do I embed the React widget component?                        | To embed the React widget component, use [Headless React](/sdks/widget/headless-react); it covers the headless client, React bindings, custom UI flows, and token refresh.                                                                                                                  |
| How do I build a custom React UI with useKartaAgent?              | To build a custom React UI with useKartaAgent, use [Headless React](/sdks/widget/headless-react); it covers the headless client, React bindings, custom UI flows, and token refresh.                                                                                                        |
| How do I disclose widget data path to end users?                  | To disclose widget data path to end users, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                  |
| How do I configure CSP for the widget?                            | To configure CSP for the widget, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                                                             |
| How do I configure frame source for widget iframe?                | To configure frame source for widget iframe, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                |
| How do I handle widget limit\_reached state?                      | To handle widget limit\_reached state, follow [Chat widget quickstart](/sdks/widget/quickstart); it covers embed keys, allowed origins, script install, widget commands, theme, behavior, consent, and limits. Related: [Chat widget security](/security/chat-widget).                      |

## Identity, auth, and access management

| Question                                                   | Answer                                                                                                                                                                                                                                                     |
| ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I mint an API key?                                  | To mint an API key, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication).                                   |
| How do I store API key server-side?                        | To store API key server-side, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication).                         |
| How do I rotate an API key?                                | To rotate an API key, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication).                                 |
| How do I revoke an API key?                                | To revoke an API key, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication).                                 |
| How do I scope a key to specific operations?               | To scope a key to specific operations, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication).                |
| How do I use separate keys for CI, backend, and operators? | To use separate keys for CI, backend, and operators, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication).  |
| How do I mint a session token server-side?                 | To mint a session token server-side, use [Session tokens](/security/session-tokens); it covers browser-safe session-token minting, claims, TTLs, verified subjects, and refresh.                                                                           |
| How do I refresh an expired session token?                 | To refresh an expired session token, use [Session tokens](/security/session-tokens); it covers browser-safe session-token minting, claims, TTLs, verified subjects, and refresh.                                                                           |
| How do I bind session token to verified subject?           | To bind session token to verified subject, use [Session tokens](/security/session-tokens); it covers browser-safe session-token minting, claims, TTLs, verified subjects, and refresh.                                                                     |
| How do I keep TTL short?                                   | To keep TTL short, use [Session tokens](/security/session-tokens); it covers browser-safe session-token minting, claims, TTLs, verified subjects, and refresh.                                                                                             |
| How do I avoid shipping kt\_live keys to browsers?         | To avoid shipping kt\_live keys to browsers, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication).          |
| How do I verify identity HMAC?                             | To verify identity HMAC, use [Widget identity](/sdks/widget/identity); it covers soft identity, verified identity, HMAC tokens, structured step-up tokens, and identity refresh. Related: [Authenticated agent](/sdks/widget/authenticated-agent).         |
| How do I reject identity mismatch?                         | To reject identity mismatch, use [Authentication](/api-reference/authentication); it covers bearer API keys, route-family rules, scopes, and server-vs-browser credential boundaries.                                                                      |
| How do I require MFA enrollment?                           | To require MFA enrollment, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path. Related: [Security model](/security/security-model).            |
| How do I complete step-up reauthentication?                | To complete step-up reauthentication, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path. Related: [Security model](/security/security-model). |
| How do I create an organization invitation?                | To create an organization invitation, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path. Related: [Security model](/security/security-model). |
| How do I accept an organization invitation?                | To accept an organization invitation, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path. Related: [Security model](/security/security-model). |
| How do I assign member roles?                              | To assign member roles, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path. Related: [Security model](/security/security-model).               |
| How do I review API auth failures?                         | To review API auth failures, use [Errors](/api-reference/errors); it covers HTTP errors, stream errors, retry behavior, tenant-safe 404s, and request correlation. Related: [Authentication](/api-reference/authentication).                               |
| How do I diagnose 401?                                     | To diagnose 401, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                                         |
| How do I diagnose 403?                                     | To diagnose 403, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                                         |
| How do I diagnose 404 default-deny behavior?               | To diagnose 404 default-deny behavior, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                   |

## Using model keys and LLM providers

| Question                                          | Answer                                                                                                                                                                           |
| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I use Karta-managed model access?          | To use Karta-managed model access, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.          |
| How do I bring your own model provider key?       | To bring your own model provider key, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.       |
| How do I store a BYOK key?                        | To store a BYOK key, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.                        |
| How do I rotate a BYOK key?                       | To rotate a BYOK key, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.                       |
| How do I choose a provider?                       | To choose a provider, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.                       |
| How do I choose a model?                          | To choose a model, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.                          |
| How do I set an org default model?                | To set an org default model, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.                |
| How do I set an agent model override?             | To set an agent model override, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.             |
| How do I use an Anthropic subscription connector? | To use an Anthropic subscription connector, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures. |
| How do I diagnose provider quota failures?        | To diagnose provider quota failures, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.           |
| How do I diagnose invalid model key failures?     | To diagnose invalid model key failures, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.        |
| How do I handle BYOK key rejection?               | To handle BYOK key rejection, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.               |

## Usage, budgets, billing, and pricing

| Question                                      | Answer                                                                                                                                                                                                                                                      |
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I read usage totals?                   | To read usage totals, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).                 |
| How do I read billing status?                 | To read billing status, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).               |
| How do I set an org budget?                   | To set an org budget, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).                 |
| How do I set a per-key sub-limit?             | To set a per-key sub-limit, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors.                                                                        |
| How do I set a per-user spend cap?            | To set a per-user spend cap, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).          |
| How do I set a per-karta spend cap?           | To set a per-karta spend cap, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).         |
| How do I set a per-seat spend cap?            | To set a per-seat spend cap, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).          |
| How do I set an anonymous widget spend cap?   | To set an anonymous widget spend cap, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits). |
| How do I configure budget threshold webhooks? | To configure budget threshold webhooks, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Webhooks](/platform/webhooks).                   |
| How do I raise a budget cap?                  | To raise a budget cap, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).                |
| How do I wait for budget propagation?         | To wait for budget propagation, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).       |
| How do I handle 402 budget exhaustion?        | To handle 402 budget exhaustion, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).      |
| How do I handle credits exhaustion?           | To handle credits exhaustion, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).         |
| How do I top up prepaid credits?              | To top up prepaid credits, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).            |
| How do I buy a credit pack?                   | To buy a credit pack, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).                 |
| How do I configure auto-refill?               | To configure auto-refill, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).             |
| How do I review rate card?                    | To review rate card, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).                  |
| How do I attribute cost to keys?              | To attribute cost to keys, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).            |
| How do I attribute cost to end users?         | To attribute cost to end users, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).       |
| How do I attribute cost to kartas?            | To attribute cost to kartas, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).          |
| How do I forecast against caps?               | To forecast against caps, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).             |
| How do I use no-billing mode?                 | To use no-billing mode, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Billing & credits](/platform/billing-and-credits).               |

## Webhooks, audit, and observability

| Question                                      | Answer                                                                                                                                                                                                                                |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I register a webhook endpoint?         | To register a webhook endpoint, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                               |
| How do I select webhook event types?          | To select webhook event types, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                                |
| How do I verify webhook signatures?           | To verify webhook signatures, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                                 |
| How do I rotate webhook signing secret?       | To rotate webhook signing secret, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                             |
| How do I receive budget threshold events?     | To receive budget threshold events, use [Usage & budgets](/platform/usage-and-budgets); it covers usage totals, budgets, spend caps, hard caps, attribution, propagation, and budget errors. Related: [Webhooks](/platform/webhooks). |
| How do I receive billing events?              | To receive billing events, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                                    |
| How do I receive session events?              | To receive session events, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                                    |
| How do I receive turn events?                 | To receive turn events, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                                       |
| How do I retry webhook deliveries?            | To retry webhook deliveries, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                                  |
| How do I re-enable an auto-disabled webhook?  | To re-enable an auto-disabled webhook, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                        |
| How do I protect webhook endpoints from SSRF? | To protect webhook endpoints from SSRF, use [Webhooks](/platform/webhooks); it covers endpoint registration, event selection, signatures, secret rotation, retries, SSRF protection, and auto-disable recovery.                       |
| How do I review audit log?                    | To review audit log, use [Audit log](/platform/audit-log); it covers account-change audit events and review workflows.                                                                                                                |
| How do I review account-change history?       | To review account-change history, use [Audit log](/platform/audit-log); it covers account-change audit events and review workflows.                                                                                                   |
| How do I report a problem from the dashboard? | To report a problem from the dashboard, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths. Related: [Trust & compliance](/security/trust).             |
| How do I report abuse?                        | To report abuse, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths. Related: [Trust & compliance](/security/trust).                                    |

## Security review and governance

| Question                                      | Answer                                                                                                                                                                                                                                                      |
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I review prompt-injection assumptions? | To review prompt-injection assumptions, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                      |
| How do I review runtime isolation boundary?   | To review runtime isolation boundary, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                        |
| How do I review karta memory model?           | To review karta memory model, use [Kartas & memory](/concepts/instances-and-memory); it explains karta ids, per-user/team/job/fleet boundaries, durable memory, and ephemeral choices.                                                                      |
| How do I review browser credential boundary?  | To review browser credential boundary, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                       |
| How do I review API key scope boundary?       | To review API key scope boundary, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                            |
| How do I review model-provider data path?     | To review model-provider data path, use [BYOK](/platform/byok); it covers Karta-managed access, BYOK storage, provider choice, rotation, quotas, and model-key failures.                                                                                    |
| How do I review widget privacy disclosure?    | To review widget privacy disclosure, use [Chat widget security](/security/chat-widget); it covers browser credential safety, widget data paths, allowed origins, CSP, and privacy disclosures. Related: [Trust & compliance](/security/trust).              |
| How do I review operator access posture?      | To review operator access posture, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                           |
| How do I review residual risks?               | To review residual risks, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                                    |
| How do I review CSP requirements?             | To review CSP requirements, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                                  |
| How do I review origin allowlist?             | To review origin allowlist, use [Security model](/security/security-model); it covers trust boundaries, isolation, prompt-injection containment, residual risks, CSP, and operator access.                                                                  |
| How do I review audit requirements?           | To review audit requirements, use [Audit log](/platform/audit-log); it covers account-change audit events and review workflows.                                                                                                                             |
| How do I review support and incident path?    | To review support and incident path, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path. Related: [Troubleshooting](/platform/troubleshooting). |
| How do I report a vulnerability?              | To report a vulnerability, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths. Related: [Trust & compliance](/security/trust).                                                |
| How do I follow coordinated disclosure?       | To follow coordinated disclosure, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths. Related: [Trust & compliance](/security/trust).                                         |

## Operating and troubleshooting production agents

| Question                                      | Answer                                                                                                                                                                                                                                       |
| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I run day-0 smoke test?                | To run day-0 smoke test, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                     |
| How do I confirm active release?              | To confirm active release, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.                                        |
| How do I send one production turn?            | To send one production turn, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                 |
| How do I exercise the browser path?           | To exercise the browser path, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                |
| How do I confirm browser has no kt\_live key? | To confirm browser has no kt\_live key, use [API keys](/platform/api-keys); it covers creating, naming, fine-grained scoping, rotating, revoking, and separating server-side keys. Related: [Authentication](/api-reference/authentication). |
| How do I check usage after smoke test?        | To check usage after smoke test, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                             |
| How do I check configured limits?             | To check configured limits, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                  |
| How do I rehearse rollback?                   | To rehearse rollback, use [Releases & rollback](/deploy/releases-and-rollback); it covers immutable releases, activation, stable URLs, rollback, release pinning, archives, and recent releases.                                             |
| How do I assign deploy ownership?             | To assign deploy ownership, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                  |
| How do I assign rollback ownership?           | To assign rollback ownership, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                |
| How do I assign API key ownership?            | To assign API key ownership, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                 |
| How do I assign BYOK ownership?               | To assign BYOK ownership, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                    |
| How do I assign budget ownership?             | To assign budget ownership, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                  |
| How do I assign webhook ownership?            | To assign webhook ownership, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                 |
| How do I assign audit-review ownership?       | To assign audit-review ownership, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                            |
| How do I diagnose stuck deploy?               | To diagnose stuck deploy, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                  |
| How do I diagnose failed build?               | To diagnose failed build, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                  |
| How do I diagnose no active release?          | To diagnose no active release, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                             |
| How do I diagnose model call failure?         | To diagnose model call failure, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                            |
| How do I diagnose session 404?                | To diagnose session 404, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                                   |
| How do I diagnose webhook quietness?          | To diagnose webhook quietness, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                             |
| How do I diagnose 429 rate limiting?          | To diagnose 429 rate limiting, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths.                                                                             |
| How do I check status.karta.sh?               | To check status.karta.sh, check [Status page](https://status.karta.sh); it shows live platform health and incident updates.                                                                                                                  |
| How do I escalate to support?                 | To escalate to support, use [Production readiness](/platform/production-readiness); it provides the launch checklist, day-0 smoke test, ownership runbook, and support escalation path.                                                      |

## Legal, compliance, and support operations

| Question                                       | Answer                                                                                                                                                                                                                     |
| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| How do I publish legal documents?              | To publish legal documents, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                 |
| How do I review terms of service?              | To review terms of service, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                 |
| How do I review privacy policy?                | To review privacy policy, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                   |
| How do I review DPA?                           | To review DPA, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                              |
| How do I review AUP?                           | To review AUP, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                              |
| How do I review support policy?                | To review support policy, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                   |
| How do I review refund policy?                 | To review refund policy, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                    |
| How do I review cookie notice?                 | To review cookie notice, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                    |
| How do I review DMCA process?                  | To review DMCA process, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                     |
| How do I review SLA?                           | To review SLA, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                              |
| How do I review sub-processors?                | To review sub-processors, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                   |
| How do I review AI model data-handling policy? | To review AI model data-handling policy, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                    |
| How do I submit privacy request?               | To submit privacy request, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                                  |
| How do I submit legal or DMCA request?         | To submit legal or DMCA request, use [Trust & compliance](/security/trust); it points to public trust, legal, privacy, DPA, disclosure, subprocessor, support, abuse, and compliance materials.                            |
| How do I submit support request?               | To submit support request, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths. Related: [Trust & compliance](/security/trust).               |
| How do I submit abuse report?                  | To submit abuse report, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths. Related: [Trust & compliance](/security/trust).                  |
| How do I submit security vulnerability report? | To submit security vulnerability report, use [Troubleshooting](/platform/troubleshooting); it maps production symptoms to causes, fixes, status checks, and support paths. Related: [Trust & compliance](/security/trust). |
