Mux + Ravi

Mux is a desktop and browser application from Coder that runs multiple AI coding agents in parallel across fully isolated workspaces. Built for developers who need to parallelize complex tasks across different LLMs — Sonnet, GPT-5, Opus, Grok, Ollama, OpenRouter — without losing track of git divergence, context budgets, or who did what.

Mux gives you the orchestration layer. It does not give each workspace a separate identity. That’s where the friction starts.

Agents running inside Mux workspaces increasingly need to do things that require real identity: sign up for API keys, verify accounts, pass 2FA checkpoints, push commits attributed to a distinct entity. Without a structured answer to “who is this workspace,” every agent reaches for the same shared credentials on the host machine — which defeats the isolation Mux was built to provide.

Ravi is the identity layer that makes workspace isolation complete.

The Problem

Mux’s design premise is tight: each workspace gets its own directory, git worktree, context window, and model selection. But credential isolation isn’t built in.

Shared host credentials bleed across workspaces. When three parallel agents are working across three Mux workspaces, all three are pulling API keys from the same environment variables or config files on the host. A key rotation in one workspace affects all of them. A leaked credential from workspace A is a leaked credential everywhere.

SSH-connected remote agents hit 2FA walls. Mux supports SSH remotes, which lets you run agents on remote machines. But services requiring TOTP-based 2FA expect the authenticator to be local. Remote agents either skip those services entirely or require plaintext secrets stored on the remote machine — both bad outcomes.

Account verification loops block agent progress. Coding agents regularly need to sign up for services — package registries, cloud consoles, third-party APIs. Every sign-up requires a valid email. Every account activation requires clicking a link. Without a real inbox the agent controls, verification becomes a human-in-the-loop step that breaks automation.

There’s no per-workspace credential lifecycle. Mux workspaces have a lifecycle — created for a task, archived when the PR merges. Credentials provisioned for a workspace should follow the same lifecycle. Without tooling to automate provision and revocation, old credentials accumulate on the host long after the work is done.

What Ravi Adds

1. Workspace-Scoped Credential Vaults

Ravi’s secrets store maps cleanly onto Mux’s workspace model. Each workspace gets its own namespace in Ravi’s vault — keys like MUX_WORKSPACE_<slug>_GITHUB_TOKEN or MUX_WORKSPACE_<slug>_NPM_TOKEN. Agents in workspace A cannot access workspace B’s credentials; they only receive what’s scoped to their namespace.

When a workspace is created, a setup script provisions the necessary credentials and stores them in Ravi. When the workspace is archived, the same script retrieves and revokes them, then deletes the vault entries. The host machine never holds the credentials directly.

2. Agent Email and Phone for Service Verification

Ravi provisions real email addresses and phone numbers for agent identities. When a Mux agent needs to sign up for an API service, register on a package registry, or verify a cloud account, it calls Ravi to get a valid inbox and number — receives the verification email or SMS — stores the credential — and continues without any human involvement.

This turns account verification from a blocking manual step into a two-line API call.

3. TOTP for Remote Agents

Mux’s SSH runtime lets agents run on remote machines. Services requiring time-based 2FA (GitHub, AWS, npm) expect the TOTP seed to be available at authentication time. Ravi’s TOTP store holds the seed securely and returns the current code on request. The remote agent calls Ravi’s API, gets the code, completes the 2FA challenge — without storing any plaintext secrets on the remote machine.

4. Ravi MCP Server per Workspace

Coder ships MCP support across their tooling ecosystem. The cleanest Ravi integration is an MCP server that Mux attaches at workspace creation time. Each workspace gets a scoped Ravi identity — its own email, phone, and credential namespace — exposed via MCP tools the agent can call directly.

When the agent needs to sign up for a service, it calls the Ravi MCP tool. The tool returns a Ravi-provisioned email, receives the verification link, confirms the account, and stores the credential in the workspace-scoped vault — all within the agent’s normal tool-use loop. No human checkpoint. Clean separation between workspaces. Full audit trail.

Concrete Integration: Workspace Identity Lifecycle

Here’s the full pattern for provisioning and revoking credentials as Mux workspaces come and go:

import subprocess
import json
import ravi  # Ravi Python client

def provision_mux_workspace(workspace_slug: str, services: list[str]):
    """
    Called when a new Mux workspace is created.
    Provisions service credentials and stores them in Ravi's vault.
    """
    provisioned = {}

    for service in services:
        key = f"MUX_{workspace_slug.upper()}_{service.upper()}_TOKEN"

        if service == "github":
            # Create a fine-grained GitHub token scoped to this workspace
            token = create_github_token(scope=workspace_slug)
            ravi.secrets_set(key=key, value=token)
            provisioned[service] = key

        elif service == "npm":
            # Register an npm account using a Ravi-provisioned inbox
            identity = ravi.get_info()  # workspace email
            token = register_npm_account(email=identity["email"])
            ravi.secrets_set(key=key, value=token)
            provisioned[service] = key

    # Write workspace manifest so cleanup can find the keys later
    with open(f"/tmp/mux-manifest-{workspace_slug}.json", "w") as f:
        json.dump({"workspace": workspace_slug, "keys": provisioned}, f)

    print(f"Workspace {workspace_slug} provisioned: {list(provisioned.keys())}")
    return provisioned


def teardown_mux_workspace(workspace_slug: str):
    """
    Called when a Mux workspace is archived (PR merged, task complete).
    Revokes service credentials and deletes vault entries.
    """
    with open(f"/tmp/mux-manifest-{workspace_slug}.json") as f:
        manifest = json.load(f)

    for service, key in manifest["keys"].items():
        secret = ravi.secrets_get(key)
        if service == "github":
            revoke_github_token(secret["value"])
        # Delete from Ravi vault
        ravi.secrets_delete(secret["uuid"])
        print(f"Revoked {service} credential for {workspace_slug}")

    print(f"Workspace {workspace_slug} cleaned up.")

Injecting Credentials into Mux Workspace Environments

Mux supports environment variable injection per workspace. With Ravi-managed secrets, the injection is a single retrieval step before the workspace launches:

#!/bin/bash
# inject-workspace-env.sh — run before launching a Mux workspace
WORKSPACE_SLUG=$1

export GH_TOKEN=$(ravi secrets get MUX_${WORKSPACE_SLUG}_GITHUB_TOKEN)
export NPM_TOKEN=$(ravi secrets get MUX_${WORKSPACE_SLUG}_NPM_TOKEN)

echo "Environment ready for workspace ${WORKSPACE_SLUG}"
# Mux picks up these environment variables for the spawned agent sessions

Handling Verification Email Inside a Mux Agent

When an agent running inside a Mux workspace needs to complete an email verification loop, the Ravi inbox tools handle it without leaving the agent’s context:

import time
import ravi

def sign_up_and_verify(service_url: str, service_name: str):
    """
    Sign up for a service using the workspace's Ravi-provisioned email,
    then complete the email verification automatically.
    """
    identity = ravi.get_info()
    workspace_email = identity["email"]

    # Submit the registration form with the Ravi email
    submit_registration(service_url, email=workspace_email)

    # Wait for the verification email (usually arrives within seconds)
    time.sleep(10)

    # Read the inbox and extract the verification link
    threads = ravi.inbox_email(unread=True)
    for thread in threads:
        if service_name.lower() in thread["subject"].lower():
            messages = ravi.read_email(thread["thread_id"])
            for msg in messages["messages"]:
                # Extract the verification URL from the email body
                import re
                urls = re.findall(r"https://[^\s\"]+verify[^\s\"]*", msg["text_content"])
                if urls:
                    return urls[0]  # Return URL for the agent to visit

    raise RuntimeError(f"No verification email found from {service_name}")

Setup Guide

Prerequisites

• Mux installed (desktop or server mode)
• Ravi CLI configured (ravi identity list shows your active identity)

Step 1: Provision a Ravi identity for each Mux workspace type

For development workspaces where agents will register external services:

# Create a workspace identity (email + phone + credential namespace)
ravi identity create "mux-workspace-alpha"

# Confirm your provisioned contact details
ravi get-info

Step 2: Store existing workspace credentials in Ravi

If you have existing API tokens for services your agents use, move them into Ravi’s vault now:

# Replace environment variable sprawl with Ravi-managed secrets
ravi secrets set MUX_DEFAULT_GITHUB_TOKEN ghp_your_token_here
ravi secrets set MUX_DEFAULT_NPM_TOKEN npm_your_token_here

Step 3: Configure the workspace provision/teardown scripts

Add the provision_mux_workspace and teardown_mux_workspace scripts to your Mux workspace lifecycle hooks. Mux supports pre-create and post-archive hooks via its configuration — point them at these scripts with the workspace slug as an argument.

Step 4: (Optional) Attach the Ravi MCP server to each workspace

If Mux’s MCP integration is available for your setup, configure the Ravi MCP server as a tool provider for each workspace. The agent can then call Ravi tools directly — provisioning inboxes, reading verification emails, and storing credentials — without any external scripting layer.

Step 5: Test the full loop

Create a test workspace, run a script that calls sign_up_and_verify against a staging service, confirm the verification email was received and parsed, archive the workspace, and verify the credentials were revoked and removed from the Ravi vault.

Why Ravi Fits Mux Specifically

Mux’s core insight is that isolated workspaces let agents work in parallel without stepping on each other. Ravi extends that isolation to the credential layer — the part Mux doesn’t touch.

Without Ravi:

• Every Mux workspace shares the same GitHub token from the host environment
• Agents needing service sign-ups block on human email verification
• SSH-connected agents can’t complete 2FA without plaintext secrets on the remote
• Credentials from archived workspaces linger on the host indefinitely

With Ravi:

• Each workspace gets a scoped credential namespace, provisioned on creation and revoked on archive
• Agents handle email and SMS verification autonomously using Ravi-provisioned inboxes
• Remote agents retrieve TOTP codes from Ravi’s vault without storing secrets on the remote machine
• The credential lifecycle mirrors the workspace lifecycle — clean, audited, automated

Mux solves “how do I run ten agents in parallel without chaos.” Ravi solves “how do those ten agents each have a real, isolated, accountable identity.” The two fit together because they’re solving adjacent halves of the same problem.

Resources

• Mux on GitHub
• Coder — Enterprise AI Development Infrastructure
• Ravi identity provisioning
• Ravi secrets management