Upgrade from Standalone

Moving from standalone to platform mode requires one environment variable. Your existing code, configuration, and policies continue to work unchanged.

Prerequisites

A Sekuire account (sign up at sekuire.ai)
A workspace with an install token
Your existing standalone agent

Step 1: Get an Install Token

Log in to the Sekuire dashboard
Navigate to your workspace settings
Generate an install token (starts with skt_)

Or use the CLI:

sekuire auth login
sekuire config set api_url https://api.sekuire.ai

Step 2: Set Environment Variables

Add two environment variables to your deployment:

export SEKUIRE_INSTALL_TOKEN=skt_your_token_here
export SEKUIRE_API_URL=https://api.sekuire.ai

That's it. Your agent now connects to the platform on startup. The SDK handles bootstrap, credential rotation, and heartbeat automatically.

Step 3: Verify Connection

Run your agent. You should see log output confirming platform registration:

[sekuire] Bootstrap successful, installation_id=inst_abc123
[sekuire] Runtime token acquired, expires in 3600s
[sekuire] Heartbeat started (interval: 30s)

Your agent appears in the dashboard under your workspace.

What Changes

Automatic (no code changes)

Behavior	Standalone	After Upgrade
Identity	Computed locally	Computed locally + registered
Policy source	`sekuire.yml`	Remote policy (falls back to local)
Audit events	Local logger	Sent to central audit trail
Token management	N/A	Automatic bootstrap + refresh

Optional (code changes for new features)

These features require additional code but are not mandatory:

Task Worker - receive tasks from the platform:

import { createWorker } from '@sekuire/sdk';

const worker = createWorker({
  apiBaseUrl: process.env.SEKUIRE_API_URL!,
  agentId: agent.sekuireId,
  installToken: process.env.SEKUIRE_INSTALL_TOKEN,
  capabilities: ['summarize', 'translate'],
});

worker.onTask('summarize', async (ctx, input) => {
  return agent.chat(input.prompt as string);
});

await worker.start();

Beacon - heartbeat and kill switch:

import { createBeacon } from '@sekuire/sdk';

const beacon = createBeacon({
  apiBaseUrl: process.env.SEKUIRE_API_URL!,
  agentId: agent.sekuireId,
  installToken: process.env.SEKUIRE_INSTALL_TOKEN,
});

beacon.onCommand((cmd) => {
  if (cmd.type === 'terminate') process.exit(0);
  if (cmd.type === 'pause') agent.pause();
});

await beacon.start();

A2A Routing - skill-based discovery through the platform:

import { A2ATaskDelegator } from '@sekuire/sdk';

const delegator = new A2ATaskDelegator(
  process.env.SEKUIRE_API_URL!,
  runtimeToken,
);

const result = await delegator.routeBySkill({
  skill: 'document:summarize',
  message: { role: 'user', parts: [{ type: 'text', text: 'Summarize this report' }] },
});

Policy Migration

Local policies still work

Your sekuire.yml policy section continues to be enforced. If the platform also has a workspace policy, both are applied (most restrictive wins).

Moving policies to the platform

To manage policies centrally:

Open the dashboard, navigate to Policies
Create a new policy with the same rules from your sekuire.yml
Activate the policy
Optionally remove the local policy section from sekuire.yml

The agent picks up remote policies automatically via heartbeat.

Rollback

To return to standalone mode, remove the environment variables:

unset SEKUIRE_INSTALL_TOKEN
unset SEKUIRE_API_URL

Restart your agent. It returns to pure local operation with no platform dependency.

Troubleshooting

Agent not appearing in dashboard

Verify SEKUIRE_INSTALL_TOKEN is set and valid
Check that SEKUIRE_API_URL points to the correct endpoint
Look for bootstrap errors in logs

Policy conflicts

Remote policies take precedence over local when both exist
Use SEKUIRE_POLICY_DEV_OVERRIDE=true to run in warn-only mode during migration
Check the audit trail in the dashboard to see which rules are triggering

Token expiration

The SDK handles token refresh automatically
If you see 401 errors, verify your install token has not been revoked
For container restarts, set SEKUIRE_INSTALLATION_ID and SEKUIRE_REFRESH_TOKEN for credential recovery

Next Steps

Standalone vs Platform - Full comparison
Workers - Background task processing
Beacon - Heartbeat and kill switch
Policy Enforcement - Runtime enforcement details

Prerequisites​

Step 1: Get an Install Token​

Step 2: Set Environment Variables​

Step 3: Verify Connection​

What Changes​

Automatic (no code changes)​

Optional (code changes for new features)​

Policy Migration​

Local policies still work​

Moving policies to the platform​

Rollback​

Troubleshooting​

Agent not appearing in dashboard​

Policy conflicts​

Token expiration​

Next Steps​