Ravi

Superset + Ravi

Superset + Ravi

Superset is a macOS desktop IDE built for the AI agents era. Its core insight: coding agents should not share a working directory. Each task gets its own git worktree, its own branch, and its own terminal session. You can run 10+ agents in parallel, monitor status from a unified dashboard, and review diffs without leaving the app.

Ravi completes the picture. Compute isolation via worktrees handles the code. Identity isolation via Ravi handles everything agents need to interact with the outside world — without stepping on each other or stalling for a human.

The Problem Superset Alone Can’t Solve

Running 10 parallel agents is straightforward until one of them tries to authenticate to an external service. At that point you hit a wall:

  • Shared credentials — agents collide on the same inbox, the same phone number, the same API key. One agent consumes the OTP before another can use it.
  • Human-in-the-loop — agents pause and wait for someone to hand them a verification code. Parallel execution collapses back to serial.
  • Hardcoded secrets.env files in the repo, or copy-pasted credentials, create security and collision risk across worktrees.

Ravi solves all three. Each agent gets a provisioned email address, a phone number, and an isolated secrets store — provisioned at worktree creation, torn down when the task is done.

How It Works

Superset runs .superset/setup.sh (or the script specified in .superset/config.json) when a worktree is created. That’s where Ravi integration lives.

Per-Workspace Identity Provisioning

#!/bin/bash
# .superset/setup.sh

# Provision a fresh Ravi identity for this worktree
ravi identity create --name "superset-$SUPERSET_WORKSPACE_NAME"

# Inject the provisioned email and phone into .env
RAVI_EMAIL=$(ravi identity info --field email)
RAVI_PHONE=$(ravi identity info --field phone)

echo "AGENT_EMAIL=$RAVI_EMAIL" >> .env
echo "AGENT_PHONE=$RAVI_PHONE" >> .env

SUPERSET_WORKSPACE_NAME is set automatically by Superset. Every agent that runs in this worktree now has its own real inbox and phone — no collision possible.

Secret Injection Without Hardcoding

# Pull shared API keys from the Ravi vault into the worktree's .env
ravi secrets get OPENAI_API_KEY >> .env
ravi secrets get STRIPE_TEST_KEY >> .env
ravi secrets get GITHUB_TOKEN >> .env

Secrets stay in the Ravi vault, not in the repo or in shared shell environments. Each worktree gets a clean copy at setup time.

Autonomous Email and SMS Verification

When an agent is testing a sign-up flow, verifying a webhook endpoint, or confirming an account mid-task, it can handle verification inline:

# Agent reads its own inbox for a verification link
ravi inbox email --unread --json | jq '.[0].text_content' | grep -oP 'https://[^\s]+'

# Or waits for an OTP via SMS
ravi inbox sms --unread --json | jq '.[0].body' | grep -oP '[0-9]{6}'

No human needs to be in the loop. The agent completes verification and keeps running.

Teardown

# .superset/teardown.sh (optional)
# Clean up the ephemeral identity when the worktree is destroyed
ravi identity delete --name "superset-$SUPERSET_WORKSPACE_NAME"

Why Ravi Adds Value

Genuine parallel autonomy. Without Ravi, agents either share credentials (collision risk) or block on human verification (defeats the purpose of parallel execution). With Ravi, each worktree is an isolated agent with its own accountable identity.

Real email and phone, not mocks. Ravi provisions real addresses and numbers. Agents can interact with services that require actual inboxes — not test fixtures or mock servers.

Persistent, auditable identity. Every email received, every OTP consumed, every API call made is traceable to the identity that made it. When you’re running 10+ agents in parallel, this matters for debugging and for accountability.

Secure secret management. The Ravi vault keeps credentials out of .env files, shell history, and git repos. Setup scripts pull what they need at runtime.

Agent-agnostic, like Superset itself. Whether the agent inside the worktree is Claude Code, Codex CLI, Cursor Agent, or something else entirely, Ravi is just CLI calls in the setup script. No SDK required.

Full Setup Example

.superset/config.json

{
  "setup": ".superset/setup.sh",
  "teardown": ".superset/teardown.sh"
}

.superset/setup.sh

#!/bin/bash
set -e

# Install dependencies
bun install

# Provision a Ravi identity for this agent
ravi identity create --name "ws-$SUPERSET_WORKSPACE_NAME"

# Inject identity info into .env
echo "AGENT_EMAIL=$(ravi identity info --field email)" >> .env
echo "AGENT_PHONE=$(ravi identity info --field phone)" >> .env

# Pull shared secrets from the Ravi vault
echo "OPENAI_API_KEY=$(ravi secrets get OPENAI_API_KEY)" >> .env
echo "DATABASE_URL=$(ravi secrets get DATABASE_URL)" >> .env

echo "Worktree $SUPERSET_WORKSPACE_NAME ready."

.superset/teardown.sh

#!/bin/bash
ravi identity delete --name "ws-$SUPERSET_WORKSPACE_NAME"
echo "Identity for $SUPERSET_WORKSPACE_NAME cleaned up."

The One-Click Preset

The integration above can be packaged as a Superset workspace preset and shared across teams. A single preset handles:

  1. Dependency installation
  2. Ravi identity provisioning per worktree
  3. Secret injection from the Ravi vault
  4. Cleanup on teardown

The result: any agent pointing at any task in Superset can authenticate to external services, receive verification codes, and complete its work without human intervention. Compute isolation and identity isolation, both handled.

Resources