Full example

Overview

Enabling your AI agent to work on full existing code projects unlocks a new set of capabilities. This guide explains how to give your AI agent access to entire codebases, allowing it to make changes and run projects end-to-end like a human engineer.

Using Code Mounts

While you can use normal shell exec commands to clone a public GitHub repository, Runloop provides a more powerful feature called CodeMounts. This allows you to mount a repository into your Devbox at a specific path.

Creating a Devbox with a Code Mount

curl -X POST \
  'https://api.runloop.ai/v1/devboxes' \
  -H "Authorization: Bearer $RUNLOOP_API_KEY" \
  -H 'Content-Type: application/json' \
  -d '{
    "code_mounts": [
      {
        "repo_name": "rl-cli",
        "repo_owner": "runloopai",
        "token": "<YOUR_GITHUB_TOKEN>"
      }
    ]
  }'
This will clone the repo onto the Devbox and allow you to pull changes and branches. Note if you want to create pull requests or mutative actions you must configure your Git Auth as described below.

Connecting to Private GitHub Repositories

To enable your Devbox to interact with private GitHub repositories, you need to provide proper authentication credentials. Runloop offers several methods to achieve this.

Using Code Mounts with GitHub Token

When you create a Devbox with a Code Mount, Runloop automatically sets up the GH_TOKEN environment variable and credential cache for you. This authenticates all command-line tools in your Devbox with your GitHub token. This allows your AI agent to use Github and open authenticated pull requests using the gh cli tool. 
curl -X POST \
  'https://api.runloop.ai/v1/devboxes' \
  -H "Authorization: Bearer $RUNLOOP_API_KEY" \
  -H 'Content-Type: application/json' \
  -d '{
    "code_mounts": [
      {
        "repo_name": "rl-cli",
        "repo_owner": "runloopai",
        "token": "<YOUR_GITHUB_TOKEN>"
      }
    ]
  }'

Manually Configuring Your Devbox for GitHub

Alternatively, you can configure your Devbox manually using the setup_commands argument: 
curl -X POST \
  'https://api.runloop.ai/v1/devboxes' \
  -H "Authorization: Bearer $RUNLOOP_API_KEY" \
  -H 'Content-Type: application/json'  \
  -d '{
    "environment_variables": {"GH_TOKEN": "<YOUR_GITHUB_TOKEN>"},
    "setup_commands": [
      "git config --global credential.helper '\''cache --timeout=3600'\''",
      "echo \"protocol=https\nhost=github.com\nusername=$GH_TOKEN\npassword=$GH_TOKEN\" | git credential-cache store"      
    ]
  }'
This command:
  1. Creates a new Devbox
  2. Sets the GH_TOKEN environment variable with your GitHub token
  3. Configures Git to use the credential cache
  4. Stores your GitHub token in the Git credential cache for one hour
Adjust the --timeout value in the git config command to change how long the credentials are cached.

Best Practices for Token Security

  1. Use tokens with the minimum required permissions for your tasks.
  2. Regularly rotate your GitHub tokens.
  3. Never commit or push files containing your tokens to version control.
  4. Use environment variables when possible to avoid exposing tokens in command-line arguments.
By following these guidelines, you can securely enable your AI agent to work with full projects and private repositories, expanding its capabilities within the Runloop Devbox environment.