--- title: "Run Autohand Code on DigitalOcean Droplets" source: https://docs.autohand.ai/tutorials/run-autohand-on-digitalocean --- # Run Autohand Code on DigitalOcean Droplets Use a Droplet as a simple always-on Autohand Code runner with SSH access, snapshots, monitoring, and optional doctl automation. Beginner 30 min ## Provider docs used This tutorial follows DigitalOcean's Droplet creation flow: choose a Droplet image, region, size, authentication method, project, and tags, then use the assigned IP address to connect. Keep the current provider guide open: [How to Create a Droplet](https://docs.digitalocean.com/products/droplets/how-to/create/). ## Step 1: Create a Droplet 1. Open the DigitalOcean Control Panel and choose **Create**, then **Droplets**. 2. Select an Ubuntu LTS image. 3. Select a region close to your Git host, artifact registry, or team. 4. Choose a CPU and memory size large enough for your repository tests. 5. Select SSH key authentication. Avoid password login for automation hosts. 6. Enable monitoring, add tags such as `autohand` and `runner`, and assign the Droplet to the correct project. 7. Create the Droplet and wait for the public IP address. ## Step 2: Connect and harden SSH ``` bash ssh root@203.0.113.10 adduser --disabled-password --gecos "" autohand usermod -aG sudo autohand rsync --archive --chown=autohand:autohand ~/.ssh /home/autohand su - autohand ``` Use a DigitalOcean Cloud Firewall or host firewall to allow SSH only from your trusted IP ranges. Take a snapshot after the base runner setup is complete. ## Step 3: Install Autohand Code ``` bash sudo apt-get update sudo apt-get install -y ca-certificates curl git build-essential node --version npm --version npm install -g autohand-cli autohand --version ``` ## Step 4: Configure secrets and repository access ``` bash mkdir -p ~/.autohand ~/.ssh ~/work ~/logs chmod 700 ~/.autohand ~/.ssh cat > ~/.autohand/env <<'EOF' export OPENROUTER_API_KEY="sk-or-v1-..." export AUTOHAND_MODEL="anthropic/claude-sonnet-4" EOF chmod 600 ~/.autohand/env ssh-keygen -t ed25519 -C "autohand-digitalocean-runner" -f ~/.ssh/github-autohand ``` Add the public key to your Git host as a deploy key. Use read-only access for review jobs and write access only for jobs that push branches. ## Step 5: Clone and run Autohand Code ``` bash source ~/.autohand/env cd ~/work GIT_SSH_COMMAND="ssh -i ~/.ssh/github-autohand" git clone git@github.com:your-org/your-repo.git cd your-repo autohand -p "Review this repository and write a short risk summary" \ --restricted \ --output-format stream-json | tee -a ~/logs/first-review.jsonl ``` ## Step 6: Automate with doctl or cron DigitalOcean documents both Control Panel creation and automated Droplet creation with the official `doctl` CLI. Use `doctl` if you want disposable Autohand Code runners for specific jobs. ``` bash # Example shape; choose current region, size, image, and SSH key IDs from doctl list commands. doctl compute droplet create autohand-runner \ --region nyc3 \ --size s-2vcpu-2gb \ --image ubuntu-24-04-x64 \ --ssh-keys YOUR_SSH_KEY_ID \ --tag-name autohand ``` For an always-on runner, schedule jobs directly on the Droplet. ``` bash 0 8 * * 1-5 . $HOME/.autohand/env && cd $HOME/work/your-repo && git pull --ff-only && autohand -p "Review changes and summarize action items" --restricted --output-format json >> $HOME/logs/daily-review.jsonl 2>&1 ``` ## Operations checklist - Use Cloud Firewalls for SSH access control. - Snapshot the Droplet after installing Node.js, Git, Autohand Code, and base dependencies. - Use tags so billing and inventory reports can identify Autohand Code runners. - Destroy disposable runners after the job finishes. - Keep model provider keys separate from the DigitalOcean API token used by `doctl`.