name: sigit-code-cloud-agent
description: "Reference for siGit Code Cloud Agent, the autonomous, sandboxed coding agent (task -> pull request) we are building. Use when working on the agent product surface: the AgentRun lifecycle, the AWS sandbox that runs siGit Code headless, per-run scoped tokens, the GitHostAdapter (sigit.si first, then GitHub/GitLab), or anything that turns a delegated task into a reviewed PR. Distinct from siGit Code Cloud (the hosted chat); see the sigit-code-cloud skill for that."
siGit Code Cloud Agent
siGit Code Cloud Agent is autonomous, sandboxed siGit Code that solves an issue or task in a Git repository and opens a pull request, working in the background like a human developer. The user delegates a task and walks away; the agent works on its own and comes back with a PR to review.
Status: planning. The full strategy, architecture, pricing, and roadmap are in
docs/product/sigit-code-cloud-agent-plan.md.
The product map (how this sits next to the other products) is in
docs/product/product-overview.md.
Where it fits (and the naming that matters)
- siGit Code — the local agent. The engine.
- siGit Code Cloud — the hosted chat (interactive, synchronous). Its work
unit is a session. See the
sigit-code-cloudskill. - siGit Code Cloud Agent — this. Autonomous, asynchronous. Its work unit is an agent run (one delegated task -> autonomous work -> PR).
Load-bearing: "session" belongs to the chat product; the agent's unit is a
"run". Never call the agent or its runs "sessions". /cloud/sessions is chat
history, not agent runs.
What it is and is not
- Engine: siGit Code, run headless in an ephemeral sandbox (AWS), with
hosted inference. The agent clones the repo, edits, runs build/test, iterates,
and pushes a branch. The agent loop and tools already exist in
getsigit/sigit; the new work is running it headless and the orchestration around it. - Repo target: sigit.si first, then GitHub, GitLab, and other Git
hosts. Scope is Git only (no SVN, Mercurial, or other VCS). Keep clone /
branch-push / PR-open behind a
GitHostAdapterseam from day one so the agent is not welded to our own forge. - Output: a pull request on the target Git host (a pushed branch + review surface). A human reviews and merges. The agent never auto-merges.
- MVP trigger (decided): from a repo on sigit.si, the user describes a task and the agent produces a PR. Formal issue-assignment is a fast-follow (needs an Issues feature and the host adapters).
- Copilot analog: the Copilot coding agent (the cloud agent), not Copilot Chat.
Architecture (two planes; inference reused)
Control plane (Rails, sigit-si)
AgentRun model (lifecycle) + controller + job
Web "Run agent" UI, live run log (SSE), diff -> PR
Mints per-run scoped tokens (git push + inference), enforces caps/metering
| RunTask (aws-sdk) ^ SSE/webhook: logs, status, diff
v |
Execution plane (AWS)
Ephemeral sandbox (Fargate task v1 -> Firecracker microVM at scale)
clones repo (scoped git token) -> runs siGit Code headless
OPENAI_BASE_URL = https://sigit.si/api/v1 (per-run inference token)
edits / runs build+test -> pushes head branch -> PR via GitHostAdapter
Private subnet, egress allowlist, hard caps (wall-clock, tokens, tool calls)
| /v1/chat/completions (per-run token)
v
Inference (unchanged): Api::V1::ChatCompletionsController -> OndeCloudService -> Onde Cloud
Existing entitlement gate, allowance metering, and identity masking all apply.
The agent is "just another client" of the inference endpoint siGit Code Cloud already operates, so the entitlement / metering / identity-masking path is reused unchanged. Because the agent's inference token is minted server-side per run with a budget, there is no public client holding credentials, which also closes the standing "inference token <-> Onde Cloud auth" gap for this path.
Safety (non-negotiable, because it runs code on our infra)
- Per-run hard caps: wall-clock timeout, CPU/memory, inference token budget (tied
to a new
AgentUsage), max tool calls, max sandbox lifetime. - Network egress allowlist (sigit.si + package registries only). The single most important control.
- Ephemeral, scoped credentials only; nothing long-lived in the sandbox.
- Human-in-the-loop: the agent opens a PR, never auto-merges.
- Per-plan concurrency caps; real cancellation tears down the sandbox.
- Identity hygiene: run logs, PR titles/bodies, and errors stay neutral (same rule as chat); never disclose the upstream model or provider.
Pricing shape
Runs cost sandbox compute (Fargate per-second) plus inference tokens, so
metering captures both (AgentUsage: runs, agent-seconds, tokens). Sandbox time
is rounding error; price on metered inference per run. Included-run bundles per
plan, mirroring Subscription::CLOUD_ALLOWANCE. See the plan doc for the worked
model and the [FILL FROM PHASE 0] inputs.
Dependencies / open items
- No PRs or Issues on sigit.si yet. A minimal PR surface is on the critical path; v1 can ship as "pushed branch + compare view". Issues gate issue-assignment.
- AWS is net-new infra (VPC/IAM/NAT/egress-allowlist). No
aws-sdkin the app yet. - siGit Code has no headless one-shot mode yet (TUI or ACP only). Adding a headless runner that drives the existing loop non-interactively and exits is the first build step (do not start building until asked).
Status
Spec and plan only. Nothing built. Do not start implementation without an explicit go-ahead; this skill is the reference for when we do.