Automaker

Overview

Automaker is an Electron + web app that transforms a Kanban board into a multi-agent development studio. You describe features as cards, drag them to “In Progress,” and Claude Agent SDK-powered agents automatically implement them — writing code, running tests, and committing — while you watch in real time. Each task runs in an isolated git worktree. The flow: describe a feature → approve the plan → agent builds → you review → ship.

Automaker handles the development loop exceptionally well. The friction it leaves unsolved is identity during the loop — agents hit email verifications, SMS 2FA walls, and credential storage gaps that require human intervention mid-task. Ravi plugs that gap: a real email address, a real phone number, and an encrypted secrets vault, scoped per agent worktree.

The problem Ravi solves

When an Automaker agent is autonomously building a feature that involves third-party services, it runs into walls that break the autonomous loop:

Registering a Stripe sandbox account, Twilio number, Supabase project, or any SaaS requires a verified email address
SMS OTPs arrive on a human’s phone — the agent can’t read them programmatically
Credentials discovered during implementation (API keys, tokens) have nowhere safe to land — .env files risk ending up in git history
When multiple worktrees run in parallel, shared credential stores create cross-contamination risk between feature branches

Without Ravi, every service signup and 2FA checkpoint requires a human in the loop. With Ravi, the agent handles it.

How it works together

Per-worktree identity isolation

Automaker’s architecture runs each task in its own git worktree. Ravi’s identity model maps directly to this: each worktree can get a dedicated Ravi identity — a unique email address, phone number, and secrets namespace. Agents operating in parallel on separate features never touch each other’s credentials or inboxes. Clean isolation by design.

When an agent needs to register for an external service mid-task, it calls Ravi to get a provisioned email and phone. The signup completes. The verification email lands in the Ravi inbox. The agent reads it, extracts the link or OTP, and continues — no human needed, no loop broken.

2FA and OTP completion in autonomous loops

Automaker agents accessing dashboards, CI/CD integrations, or cloud APIs frequently hit two-factor authentication. Ravi’s SMS inbox and TOTP support let the agent complete the verification step programmatically, without pausing to involve a human.

Encrypted credential vault instead of .env files

Instead of writing discovered API keys to .env files that risk leaking into git, agents write credentials into Ravi’s encrypted vault at runtime. On the next run — or when another worktree legitimately needs the same credential — the agent retrieves it via the vault API. The secret never touches the filesystem in plaintext.

Concrete setup guide

Step 1: Provision a Ravi identity per Automaker workspace

Create one Ravi identity for each Automaker project (or one per worktree for strict isolation):

# Using the Ravi API
import ravi

client = ravi.Client(api_key=os.environ["RAVI_API_KEY"])
identity = client.identities.create(name="automaker-feature-auth-flow")
# Returns: { email, phone, identity_id }

Store the identity_id in the Automaker workspace config so each agent task can reference it.

Step 2: Add a Ravi MCP server to each agent’s context

Expose Ravi tools to the Claude Agent SDK agent running inside Automaker by adding a Ravi MCP server:

{
  "mcpServers": {
    "ravi": {
      "command": "npx",
      "args": ["@ravi/mcp-server"],
      "env": {
        "RAVI_API_KEY": "${RAVI_API_KEY}",
        "RAVI_IDENTITY_ID": "${RAVI_IDENTITY_ID}"
      }
    }
  }
}

The MCP server exposes tools the agent can call natively: ravi_get_email, ravi_get_phone, ravi_receive_otp, ravi_secrets_get, and ravi_secrets_set.

Step 3: System prompt addition for credential discipline

Add a short instruction to the Automaker agent system prompt:

When you need to register for an external service or receive a verification code,
use the Ravi tools to get a provisioned email address and phone number.
Store all API keys and tokens you discover using ravi_secrets_set — never write
secrets to .env files or commit them to the repository.

Step 4: Example agent flow — Stripe sandbox setup

Without Ravi, this task requires a human. With Ravi, the agent handles it autonomously:

Agent calls ravi_get_email() → gets automaker-2a4f@raviapp.dev
Agent visits dashboard.stripe.com/register, fills the email, completes signup
Agent calls ravi_receive_otp() → gets the verification code from the Ravi inbox
Agent enters code, Stripe account created
Agent calls ravi_secrets_set("STRIPE_TEST_SECRET_KEY", sk_test_...) → credential stored encrypted
Agent continues building the feature, retrieving the key at runtime via ravi_secrets_get

The loop never breaks. The human never gets interrupted.

Why Ravi adds value specifically here

Automaker’s value proposition is keeping humans out of the development loop until review time. Every pause — “I need you to check your email” or “can you log in and get the API key” — costs that promise. Ravi makes those pauses unnecessary.

Beyond convenience, there are structural advantages:

Accountability per worktree — Each parallel agent task has its own Ravi identity. If something goes wrong — a service gets rate-limited, an account gets flagged — you can trace it to the specific worktree and task, not to a shared account that all agents were using.

Credential lifecycle tied to task lifecycle — When a worktree is cleaned up, the Ravi identity and secrets associated with it can be decommissioned. No leaked API keys lingering in shared credential stores after the task is done.

Audit trail — Ravi logs what credentials were accessed and when. When an autonomous agent makes changes to production-adjacent services during development, that paper trail matters.