Deploy & Embed
After your agent is running well in Test mode, click Deploy in the workspace. AgentNavaKit mints a publishable token, exposes a hosted chat page at console.agentnava.com/c/<agentId>, and gives you a single <script> tag to drop into your customer’s website. No SDK, no backend, no CORS to configure — the embed is the whole product.
The whole thing — one script tag
Paste this anywhere in the HTML of the page where you want the chat bubble to appear. The token comes pre-filled in your Deploy panel; click Copy there.
<script src="https://console.agentnava.com/embed/v1.js"
data-token="agt_pk_xxxxxxxxxxxxxxxx" defer></script>That’s it. A floating chat bubble appears bottom-right. Visitors click it, a panel opens, they chat with your agent. Reload the page and the same visitor sees their conversation continue — anonymous visitors are identified by a uuid stored in localStorage.
Optional knobs
All optional — sensible defaults if you skip them.
| Attribute | Default | Notes |
|---|---|---|
data-token | required | The publishable token from your Deploy panel. Starts with agt_pk_. |
data-position | bottom-right | Or bottom-left. |
data-color | #059669 | Bubble background colour (any CSS colour). |
data-title | agent name | Sets the iframe’s title for screen readers. |
data-user-id | auto-generated | If your site already knows the visitor, pass their stable id. Without this, an anonymous uuid is minted and persisted in localStorage. |
data-user-name | — | Display name to send to the agent. |
data-user-email | — | Email to send to the agent. |
Telling the agent who the user is
Two paths. Pick whichever fits your stack.
1. Static — data-attrs on the script tag
Simplest. Your server renders the snippet with the user’s id baked in.
<script src="https://console.agentnava.com/embed/v1.js"
data-token="agt_pk_xxxx"
data-user-id="customer-42"
data-user-name="Jane Smith"
data-user-email="jane@example.com"
defer></script>2. Dynamic — JS API after auth
Some apps don’t know the user at page render time (post-login SPA, lazy load). Identify after the embed boots:
// Anywhere on your page, AFTER the embed script has run
window.AgentNava.identify({
id: 'customer-42',
name: 'Jane Smith',
email: 'jane@example.com'
});The agent’s session keys to user.id, so the same id on the same agent → continues the same conversation. Different id → a new conversation.
Security note. Identity passed from the browser is self-attested — anyone in the browser console can call identify with any id. For high-trust use cases (showing PII the agent shouldn’t reveal to imposters), the upcoming signed-identity flow has your backend mint a JWT proving the user is yours. Until then, treat the embed identity as a routing hint, not a permission grant.
JS API exposed by the embed
The embed sets window.AgentNava after it boots:
window.AgentNava = {
open(): void // open the chat panel
close(): void // close it
identify({ id, name?, email? }): void // set the user (see above)
}The script tag has a defer attribute so it runs after the HTML parses; if you need to call AgentNava.identify immediately on page load, wait for DOMContentLoaded or use a small poll until window.AgentNava exists.
Hosted chat page (no embed)
If you don’t want to embed at all, the Deploy panel also gives you a direct URL:
https://console.agentnava.com/c/<agentId>Share it like any other link. Anonymous users can chat with the deployed agent. Same per-visitor session continuity (localStorage uuid).
What’s actually happening
For when you need to debug or build your own client.
Public endpoints
| Endpoint | Auth | What it does |
|---|---|---|
GET /v1/public/agents/by-token/:token | None | Resolves a publishable token to its agentId + name. The embed bootstrap uses this to derive the iframe URL. |
GET /v1/public/agents/:agentId | None | Public metadata for a prod-deployed agent. Returns 404 for non-deployed agents so private specs don’t leak. |
POST /v1/public/chat | Authorization: Bearer agt_pk_* | SSE chat stream. Body: { content, user: { id, name?, email? } }. Session keys to (agentId, user.id). |
Token semantics
- Minted on first Deploy to prod. Persists across re-deploys.
- The token is public — pasted into customer site source. Treat it like a Stripe publishable key.
- Scoped to a single agent. Leaks affect that agent only; can be rotated independently.
- Open CORS (
*) at the chat endpoint — required for embeds on customer-owned origins.
Custom domains (planned)
Path-based hosting at console.agentnava.com/c/<agentId> works today and is the default. <your-agent>.agents.agentnava.com wildcard subdomains are planned — the wrangler route + DNS already work, the per-agent claim flow is what’s missing. The embed snippet doesn’t change when this ships; only the URL the iframe loads.