lalph + Ravi
lalph + Ravi
lalph is a CLI orchestrator that turns your issue tracker into an agent work queue. You point it at GitHub Issues or Linear, configure agent presets (Claude Code, Codex, and others), and lalph continuously pulls work, assigns it to the right agent, manages git worktrees for parallelism, creates PRs, handles review, and optionally auto-merges — running as a background daemon across multiple projects simultaneously.
It’s the autonomous dev loop taken seriously: not a one-shot agent invocation, but sustained multi-project, multi-agent operation driven entirely by your backlog.
Ravi is the identity layer that makes this sustainable. lalph agents working through a backlog inevitably encounter credential management, external service authentication, and verification flows. Without proper identity infrastructure, those moments stall the loop. With Ravi, they don’t.
The Problem
lalph itself warns users to add .lalph/ to .gitignore because it stores credentials there. That’s the core issue: an orchestrator designed to run autonomously, with plaintext secrets sitting next to the repo.
Credentials on disk are a risk every time agents commit. A misconfigured .gitignore, a log that captures environment state, or a backup that sweeps the project directory — any of these can leak your GitHub PAT or Linear API key. lalph can run unattended for hours; the blast radius of a leaked token scales with uptime.
All presets share one identity. lalph supports label-based routing: “bug” issues go to a Claude preset, “perf” issues go to a Codex preset. But without per-preset identity, every PR those agents open comes from the same GitHub account. You lose the traceability that makes multi-agent operation auditable.
Autonomous tasks hit verification walls. When an agent task involves signing up for an external service, calling an authenticated API, or receiving a one-time code, there’s no clean path without human intervention — unless the agent has a real email address and phone number it can use.
The review agent has no dedicated inbox. lalph supports a per-project review agent. Without a scoped identity, PR review notifications land in your personal inbox alongside everything else.
How Ravi Helps
Encrypted credential vault — no more .lalph/ secrets on disk
lalph reads its issue source tokens at startup. Instead of writing GITHUB_TOKEN and LINEAR_API_KEY to .lalph/credentials, store them in Ravi’s E2E-encrypted vault and pull them at runtime:
# Store once
ravi secrets set GITHUB_TOKEN ghp_...
ravi secrets set LINEAR_API_KEY lin_api_...
# lalph startup wrapper
export GITHUB_TOKEN=$(ravi secrets get GITHUB_TOKEN)
export LINEAR_API_KEY=$(ravi secrets get LINEAR_API_KEY)
lalphCredentials never touch disk. They’re decrypted only in memory, only when lalph runs, from a vault that’s auditable and rotatable without touching the repo.
Per-preset agent identities — traceable PRs, separable audit trails
lalph routes different issue labels to different agent presets. Each preset can map to a distinct Ravi identity — its own email address and phone number — giving agents working on different task types auditable, separable identities.
When preset A opens a PR for a bug fix and preset B opens one for a performance improvement, you know exactly which identity did it. If something goes wrong, the trail is clear.
# Each preset references a Ravi identity UUID
# Bug-fix agent uses identity: ravi-bugfix-agent@yourdomain.ravi.app
# Perf agent uses identity: ravi-perf-agent@yourdomain.ravi.appVerification flows inside agent tasks — no more stalls
When an agent task involves signing up for an external service, authenticating an API, or receiving a verification code, Ravi provides the email, phone, and TOTP layer the agent needs to proceed without human intervention.
# Agent calls this mid-task to get its contact info
ravi get-info
# Returns: { email: "lalph-agent@yourdomain.ravi.app", phone: "+15551234567" }
# For SMS/email verification codes
ravi inbox sms --unread
ravi inbox email --unreadThe agent gets the code, completes the flow, and continues — the backlog keeps moving.
Dedicated review agent inbox — clean separation
lalph’s per-project review agent gets a Ravi email address scoped to the review role. PR review notifications route to a dedicated, agent-readable inbox rather than your personal email — clean separation between execution agents and the review agent, with a full audit trail of what each one received and acted on.
Setup Guide
1. Install lalph
npm install -g lalph2. Store issue source credentials in Ravi
ravi secrets set GITHUB_TOKEN ghp_your_token_here
ravi secrets set LINEAR_API_KEY lin_api_your_key_here3. Create a Ravi identity for your lalph agent
ravi identity create "lalph-agent"
# Or for per-preset identities:
ravi identity create "lalph-bugfix"
ravi identity create "lalph-perf"4. Configure lalph projects
lalph projects add
# Follow the interactive setup
# Point to the repo, set concurrency, connect issue source5. Create a startup wrapper
#!/bin/bash
# lalph-start.sh
export GITHUB_TOKEN=$(ravi secrets get GITHUB_TOKEN)
export LINEAR_API_KEY=$(ravi secrets get LINEAR_API_KEY)
lalph "$@"chmod +x lalph-start.sh
./lalph-start.sh # or run as a background daemon6. Configure agent presets with Ravi identities
In your lalph project config, reference Ravi identity info for each preset. When a preset needs to interact with external services, it uses ravi get-info to get its scoped email and phone rather than sharing yours.
What This Looks Like in Practice
A lalph config that uses ravi secrets get GITHUB_TOKEN and ravi secrets get LINEAR_API_KEY at startup — instead of reading from .lalph/credentials. Each agent preset references a Ravi identity UUID so every PR opened by that preset is traceable to a specific agent persona. When a task requires a third-party signup, the agent calls ravi get-info to get its email and phone and proceeds without human intervention.
This turns lalph from “autonomous dev loop with credentials stored in plaintext” into “autonomous dev loop with proper identity infrastructure” — agents that can operate at scale, leave a clean audit trail, and handle real-world authentication without stalling.