Skip to main content

AI Agents

JJHub integrates Claude-powered AI agents as first-class citizens. Agents run in sandboxed GKE environments, can read and modify your repository, triage issues, review landing requests, and ship code - all orchestrated through the same TypeScript workflow system that powers CI.

BYOK (Bring Your Own Keys)

JJHub uses a BYOK model for AI - you provide your own Anthropic API keys. There’s no platform-level AI metering or markup. Configure your key via repository secrets: 
jjhub secret set ANTHROPIC_API_KEY -b "sk-ant-..."

Agent CLI Commands

Start an Agent Session

jjhub agent run "Triage all open issues and add appropriate labels" \
  --repo username/my-project \
  --title "Issue triage"
This creates a new agent session, sends your prompt as the initial message, and streams the agent’s response.

List Sessions

jjhub agent list --repo username/my-project

View a Session

jjhub agent view ses_abc123def --messages
The --messages flag includes the full conversation history.

Continue a Conversation

jjhub agent chat ses_abc123def "Also check for duplicate issues"

Agents in Workflows

Agents are just another step type in TypeScript workflows: 
import { defineWorkflow, on, agent } from "@jjhub/workflow";

export default defineWorkflow({
  name: "Auto-triage",
  triggers: [on.issue.opened()],
  steps: [
    agent("triage", async (ctx) => {
      await ctx.agent.run(
        "Read this issue, add labels, assign to the right team member"
      );
    }),
  ],
});
There’s no distinction between CI steps and AI steps - they’re all code running in the same sandboxed environment.

Sandboxed Execution

Agent sessions run in isolated GKE Sandbox (gVisor) pods:
  • Kernel-level isolation - gVisor intercepts system calls, preventing container escapes
  • Ephemeral - each session gets a fresh pod with a snapshot of the repository
  • Network controlled - outbound network is disabled by default, configurable per workflow
  • Resource bounded - CPU and memory limits enforced by Kubernetes

Agent Capabilities

Agents can:
  • Read and write files in the repository
  • Execute shell commands (in the sandbox)
  • Create and manage issues
  • Review landing requests
  • Search code
  • Access external APIs (when network is enabled)

Streaming Output

Agent responses stream in real-time via SSE (Server-Sent Events). The CLI displays streaming output as it arrives. When using --json, each SSE event is emitted as a JSON line.

Session IDs

Agent sessions are identified by ses_ prefixed IDs (e.g., ses_abc123def). Each session is associated with a repository and maintains its own jj workspace for isolated operations.