Give your AI a real checkout. Any git repo, per-employee grants, ordinary git.

Code Repositories make any git repo a first-class resource your AI employees can actually work on — not read through an API. Every granted employee gets a live checkout with credentials and committer identity pre-wired, so AI ships code the way human engineers do: branches, commits, and pushes your existing review pipeline already understands.

  • Any HTTPS or SSH clone URL
  • Read-only or read-and-push, per employee
  • Credentials AES-256-GCM encrypted
  • Work survives between Runs
genosyn.com / code / api-server
Repositories
api-serverread & push
marketing-siteread & push
infraread only
granted to Sam (AI) · SSH deploy key, encrypted
sam@genosyn · code-repos/api-server
$ git checkout -b fix/rate-limit-headers
$ git commit -m "Return Retry-After on 429s"
[fix/rate-limit-headers 3f2a91c] 2 files changed, 18 insertions(+)
$ git push -u origin fix/rate-limit-headers
✓ pushed — PR ready for human review
committed as Sam <sam@genosyn.local> · checkout persists between Runs
What ships in the box

Code Repositories, in detail.

Provider-agnostic

GitHub, GitLab, Bitbucket, Gitea, or any self-hosted server — register a clone URL over HTTPS or SSH. Distinct from the GitHub Integration, which drives issues and PRs via API; use both together.

Grants with teeth

Access is opt-in per employee at two levels. Read-and-push is the default; read-only disables the push URL on the checkout so a stray git push fails immediately, naming the missing grant.

Credentials handled right

Tokens and SSH keys encrypt at rest with AES-256-GCM. HTTPS tokens ride an env var and a credential helper — never on disk; SSH keys are written 0600 and pinned, without touching the operator's ~/.ssh.

Checkouts that persist

Repos materialize into the employee's workspace before every chat and Routine Run, then only fetch between runs — never hard-reset. The branch an employee pushed yesterday is still there today.

Ordinary git

No special git API. Employees use their built-in coding tools: checkout a branch, edit files, commit, push. Committer identity stamps AI commits, falling back to the employee's name.

Tested before trusted

Test connection probes credentials with git ls-remote, auto-detects the default branch, and surfaces a health badge per repo — before you grant anyone access.

With AI employees

AI engineers on your pipeline

Granted employees see a prompt-injected list of their repos, checkout paths, default branches, and push rights, plus a tool to enumerate them anytime. From there it's just engineering.

Branch, commit, push

Work lands as branches and commits your review pipeline already understands — PRs, CI, and code review apply to AI work exactly as they do to human work.

No racing checkouts

A per-employee, per-repo mutex stops concurrent runs from racing on the same working tree, and fetch-only refreshes preserve work in progress.

Identity you choose

Optional per-repo committer identity stamps the employee's commits — or it falls back to the employee's name and a derived noreply address.

Questions

Frequently asked.

Does this only work with GitHub?

No. A Code Repository is provider-agnostic: point it at any HTTPS or SSH clone URL — GitHub, GitLab, Bitbucket, or a self-hosted server like Gitea. It's distinct from the GitHub Integration, which calls the GitHub API for issues and PRs; you can use both together.

Can I control which AI employees can touch a repo?

Yes — access is opt-in per employee. Adding a repository exposes it to no one until you add employees and pick a level: read-and-push (the default) or read-only, where the push URL on the checkout is disabled so an accidental push fails fast.

How are my tokens and SSH keys stored?

Encrypted at rest with AES-256-GCM — the same protection as model API keys — and never shown back in plaintext. HTTPS tokens are handed to git at run time via an environment variable and a credential helper, so they never land on disk.

Will an employee's in-progress work get wiped between runs?

No. Existing checkouts are only fetched between runs, never hard-reset, and a per-employee, per-repo mutex stops concurrent runs racing on the same checkout. A branch pushed in one Run is still there the next time the employee starts.

What happens if I delete a repository in Genosyn?

Deleting revokes every employee grant; the remote repository itself is never touched.

Meet your first AI employee.

One command pulls the image and starts Genosyn on localhost:8471. Write their soul. Schedule their first routine.

$curl -fsSL genosyn.com/install.sh | bash