main
md 5.75 KB

name: sigit-code-cloud-agent

description: "Reference for siGit Code Cloud Agent, the autonomous, sandboxed coding agent (task -> pull request) we are building. Use when working on the agent product surface: the AgentRun lifecycle, the AWS sandbox that runs siGit Code headless, per-run scoped tokens, the GitHostAdapter (sigit.si first, then GitHub/GitLab), or anything that turns a delegated task into a reviewed PR. Distinct from siGit Code Cloud (the hosted chat); see the sigit-code-cloud skill for that."

siGit Code Cloud Agent

siGit Code Cloud Agent is autonomous, sandboxed siGit Code that solves an issue or task in a Git repository and opens a pull request, working in the background like a human developer. The user delegates a task and walks away; the agent works on its own and comes back with a PR to review.

Status: planning. The full strategy, architecture, pricing, and roadmap are in docs/product/sigit-code-cloud-agent-plan.md. The product map (how this sits next to the other products) is in docs/product/product-overview.md.

Where it fits (and the naming that matters)

  • siGit Code — the local agent. The engine.
  • siGit Code Cloud — the hosted chat (interactive, synchronous). Its work unit is a session. See the sigit-code-cloud skill.
  • siGit Code Cloud Agent — this. Autonomous, asynchronous. Its work unit is an agent run (one delegated task -> autonomous work -> PR).

Load-bearing: "session" belongs to the chat product; the agent's unit is a "run". Never call the agent or its runs "sessions". /cloud/sessions is chat history, not agent runs.

What it is and is not

  • Engine: siGit Code, run headless in an ephemeral sandbox (AWS), with hosted inference. The agent clones the repo, edits, runs build/test, iterates, and pushes a branch. The agent loop and tools already exist in getsigit/sigit; the new work is running it headless and the orchestration around it.
  • Repo target: sigit.si first, then GitHub, GitLab, and other Git hosts. Scope is Git only (no SVN, Mercurial, or other VCS). Keep clone / branch-push / PR-open behind a GitHostAdapter seam from day one so the agent is not welded to our own forge.
  • Output: a pull request on the target Git host (a pushed branch + review surface). A human reviews and merges. The agent never auto-merges.
  • MVP trigger (decided): from a repo on sigit.si, the user describes a task and the agent produces a PR. Formal issue-assignment is a fast-follow (needs an Issues feature and the host adapters).
  • Copilot analog: the Copilot coding agent (the cloud agent), not Copilot Chat.

Architecture (two planes; inference reused)

Control plane (Rails, sigit-si)
  AgentRun model (lifecycle) + controller + job
  Web "Run agent" UI, live run log (SSE), diff -> PR
  Mints per-run scoped tokens (git push + inference), enforces caps/metering
        | RunTask (aws-sdk)            ^ SSE/webhook: logs, status, diff
        v                               |
Execution plane (AWS)
  Ephemeral sandbox (Fargate task v1 -> Firecracker microVM at scale)
    clones repo (scoped git token) -> runs siGit Code headless
    OPENAI_BASE_URL = https://sigit.si/api/v1 (per-run inference token)
    edits / runs build+test -> pushes head branch -> PR via GitHostAdapter
  Private subnet, egress allowlist, hard caps (wall-clock, tokens, tool calls)
        | /v1/chat/completions (per-run token)
        v
Inference (unchanged): Api::V1::ChatCompletionsController -> OndeCloudService -> Onde Cloud
  Existing entitlement gate, allowance metering, and identity masking all apply.

The agent is "just another client" of the inference endpoint siGit Code Cloud already operates, so the entitlement / metering / identity-masking path is reused unchanged. Because the agent's inference token is minted server-side per run with a budget, there is no public client holding credentials, which also closes the standing "inference token <-> Onde Cloud auth" gap for this path.

Safety (non-negotiable, because it runs code on our infra)

  • Per-run hard caps: wall-clock timeout, CPU/memory, inference token budget (tied to a new AgentUsage), max tool calls, max sandbox lifetime.
  • Network egress allowlist (sigit.si + package registries only). The single most important control.
  • Ephemeral, scoped credentials only; nothing long-lived in the sandbox.
  • Human-in-the-loop: the agent opens a PR, never auto-merges.
  • Per-plan concurrency caps; real cancellation tears down the sandbox.
  • Identity hygiene: run logs, PR titles/bodies, and errors stay neutral (same rule as chat); never disclose the upstream model or provider.

Pricing shape

Runs cost sandbox compute (Fargate per-second) plus inference tokens, so metering captures both (AgentUsage: runs, agent-seconds, tokens). Sandbox time is rounding error; price on metered inference per run. Included-run bundles per plan, mirroring Subscription::CLOUD_ALLOWANCE. See the plan doc for the worked model and the [FILL FROM PHASE 0] inputs.

Dependencies / open items

  • No PRs or Issues on sigit.si yet. A minimal PR surface is on the critical path; v1 can ship as "pushed branch + compare view". Issues gate issue-assignment.
  • AWS is net-new infra (VPC/IAM/NAT/egress-allowlist). No aws-sdk in the app yet.
  • siGit Code has no headless one-shot mode yet (TUI or ACP only). Adding a headless runner that drives the existing loop non-interactively and exits is the first build step (do not start building until asked).

Status

Spec and plan only. Nothing built. Do not start implementation without an explicit go-ahead; this skill is the reference for when we do.