This guide turns the examples/live-github-ops blueprint into a step-by-step operator workflow for a real GitHub repository.
Use this document when you want to:
- move from fixture or offline demo runs into live GitHub issue polling
- keep Codex CLI as the default worker runtime
- run RepoAgents continuously with conservative human approval
- operate from a local machine, VM, or simple process manager before building a larger platform
Before touching a live repository, confirm:
uv sync --devcompleted in the RepoAgents checkoutcodex --versionandcodex loginboth workGITHUB_TOKENis exported with read access to issues and write access only if you intend to post comments or open draft PRs- the target repository is cloned locally and has a clean baseline
- you understand the active
merge_policy.modeandsafety.*settings
For the conservative default path, keep:
llm.mode: codexmerge_policy.mode: human_approvalsafety.allow_write_comments: falseor tightly controlledsafety.allow_open_pr: falseuntil dry-runs and single-issue triggers look correct
The live blueprint example is here:
- ../examples/live-github-ops/README.md
- ../examples/live-github-ops/ops/preflight.md
- ../examples/live-github-ops/ops/repoagents.env.example
- ../examples/live-github-ops/ops/build-handoff.sh
- ../examples/live-github-ops/ops/handoff-order.md
- ../examples/live-github-ops/ops/run-loop.sh
- ../examples/live-github-ops/ops/render-dashboard.sh
Work from the real repository you want RepoAgents to maintain.
git clone git@github.com:OWNER/REPO.git
cd REPO
git status --shortIf the working tree is already dirty, either clean it first or set workspace.dirty_policy deliberately. For live operation, block is the safest default.
Run initialization from inside the target repository.
uv run --project /path/to/RepoAgents repoagents init \
--preset python-library \
--tracker-repo OWNER/REPOAdjust the preset if the repository is closer to web-app, docs-only, or research-project.
This creates:
.ai-repoagents/repoagents.yamlAGENTS.mdWORKFLOW.md.ai-repoagents/roles/.ai-repoagents/prompts/.ai-repoagents/policies/
Open .ai-repoagents/repoagents.yaml and confirm the live path values.
Recommended baseline:
tracker:
kind: github
mode: rest
repo: OWNER/REPO
poll_interval_seconds: 300
workspace:
strategy: worktree
dirty_policy: block
logging:
json: true
file_enabled: true
llm:
mode: codex
merge_policy:
mode: human_approval
safety:
allow_write_comments: false
allow_open_pr: falseWhy these settings:
tracker.mode: restuses the live GitHub adapterworkspace.strategy: worktreeis more practical for larger repositorieslogging.file_enabled: trueleaves an operator trail in.ai-repoagents/logs/repoagents.jsonlhuman_approvalkeeps merge and publication conservative during rollout
Use the blueprint env file as the starting point.
cp /path/to/RepoAgents/examples/live-github-ops/ops/repoagents.env.example ./.ai-repoagents/repoagents.envThen export the variables through your shell, direnv, systemd environment, or another secrets manager.
Minimum live environment:
export GITHUB_TOKEN=...If Codex CLI is already logged in locally, you do not need to place Codex credentials into the repository.
Before a single issue is executed, validate the environment.
uv run --project /path/to/RepoAgents repoagents doctorThe expected healthy path is:
- config loads successfully
- Codex command is executable
- GitHub auth and network checks pass
- runtime directories are writable
- the repository is a valid git work tree if
worktreemode is active - no unexpected managed template drift is reported
Do not continue to live execution until doctor is clean or the remaining warnings are understood.
Before you run against the real GitHub API, it is useful to rehearse the handoff shape locally.
The example repo ships with ops/github-smoke.fixture.json for this purpose. Temporarily set:
tracker:
smoke_fixture_path: ops/github-smoke.fixture.jsonThen generate the handoff bundle:
bash /path/to/RepoAgents/examples/live-github-ops/ops/build-handoff.shThis writes:
- root
.ai-repoagents/reports/github-smoke.json|md - root
.ai-repoagents/reports/ops-status.json|md - root
.ai-repoagents/reports/ops-brief.json|md - bundle-local
github-smoke.json|md,ops-status.json|md,ops-brief.json|md - bundle landing files
index.html,README.md
Use ../examples/live-github-ops/ops/handoff-order.md as the fixed open order.
Remove tracker.smoke_fixture_path again before real live rollout.
Use a targeted dry-run before starting the polling loop.
uv run --project /path/to/RepoAgents repoagents trigger 123 --dry-runLook for:
- the issue is selected correctly
- the role order is correct
- planner
likely_filesare plausible - blocked side effects match policy
- the backend is
codex, not a demo shim
If the repo is not ready for a specific issue number yet, repoagents run --dry-run --once is also useful for previewing the next poll cycle.
After a clean dry-run, execute exactly one issue.
uv run --project /path/to/RepoAgents repoagents trigger 123
uv run --project /path/to/RepoAgents repoagents status --issue 123Inspect the produced data:
- artifacts under
.ai-repoagents/artifacts/issue-123/<run-id>/ - workspace under
.ai-repoagents/workspaces/issue-123/<run-id>/repo/or the worktree path - state in
.ai-repoagents/state/runs.json - logs in
.ai-repoagents/logs/repoagents.jsonl
If reviewer or policy guardrails request changes, treat that as the intended safety behavior during rollout.
Once a single issue behaves as expected, start the loop.
bash /path/to/RepoAgents/examples/live-github-ops/ops/run-loop.shThat helper script is a thin wrapper around:
uv run repoagents runRun it under a process supervisor for real operations, for example systemd, launchd, a container runtime, or a CI scheduled runner.
Generate the operator dashboard regularly.
bash /path/to/RepoAgents/examples/live-github-ops/ops/render-dashboard.shOr directly:
uv run repoagents dashboard --refresh-seconds 30Open .ai-repoagents/dashboard/index.html in a browser and use:
- search to find one issue quickly
- the status filter to isolate failures or retries
- timed refresh when the page stays open during active operations
Use the least destructive recovery path first.
For a failed or retry-pending issue:
uv run repoagents status --issue 123
uv run repoagents retry 123
uv run repoagents trigger 123 --dry-run
uv run repoagents trigger 123Use clean --dry-run before any workspace cleanup:
uv run repoagents clean --dry-run
uv run repoagents cleanIf the problem is GitHub auth, Codex login, rate limiting, or dirty worktree state, fix that cause before re-running the issue.
Do not enable comments or draft PRs on day 1 unless the repository is already well understood.
Recommended rollout:
- Start with
allow_write_comments: falseandallow_open_pr: false - After several clean single-issue runs, consider enabling issue comments
- Only after reviewer and policy behavior look stable, consider
allow_open_pr: true - Keep merges manual even when draft PR creation is enabled
Polling is enough for an MVP rollout, but webhook-driven execution is useful for faster reaction.
Relevant paths:
Validate webhook payloads with:
uv run repoagents webhook --event issues --payload webhook.json --dry-runbefore wiring them into a live receiver.
Before calling the deployment live, verify:
doctoris clean- at least one
trigger --dry-runand onetriggercompleted successfully - artifacts and logs are readable by operators
- the dashboard renders correctly
dirty_policy, publication policy, and safety flags match the repo risk profile- the human reviewer path is clear when RepoAgents requests changes