Headless Mode

Run Autohand Code on DigitalOcean Droplets

Use a Droplet as a simple always-on Autohand Code runner with SSH access, snapshots, monitoring, and optional doctl automation.

Beginner 30 min

Provider docs used

This tutorial follows DigitalOcean's Droplet creation flow: choose a Droplet image, region, size, authentication method, project, and tags, then use the assigned IP address to connect. Keep the current provider guide open: How to Create a Droplet.

Step 1: Create a Droplet

  1. Open the DigitalOcean Control Panel and choose Create, then Droplets.
  2. Select an Ubuntu LTS image.
  3. Select a region close to your Git host, artifact registry, or team.
  4. Choose a CPU and memory size large enough for your repository tests.
  5. Select SSH key authentication. Avoid password login for automation hosts.
  6. Enable monitoring, add tags such as autohand and runner, and assign the Droplet to the correct project.
  7. Create the Droplet and wait for the public IP address.

Step 2: Connect and harden SSH

ssh [email protected]

adduser --disabled-password --gecos "" autohand
usermod -aG sudo autohand
rsync --archive --chown=autohand:autohand ~/.ssh /home/autohand

su - autohand

Use a DigitalOcean Cloud Firewall or host firewall to allow SSH only from your trusted IP ranges. Take a snapshot after the base runner setup is complete.

Step 3: Install Autohand Code

sudo apt-get update
sudo apt-get install -y ca-certificates curl git build-essential

node --version
npm --version

npm install -g autohand-cli
autohand --version

Step 4: Configure secrets and repository access

mkdir -p ~/.autohand ~/.ssh ~/work ~/logs
chmod 700 ~/.autohand ~/.ssh

cat > ~/.autohand/env <<'EOF'
export OPENROUTER_API_KEY="sk-or-v1-..."
export AUTOHAND_MODEL="anthropic/claude-sonnet-4"
EOF
chmod 600 ~/.autohand/env

ssh-keygen -t ed25519 -C "autohand-digitalocean-runner" -f ~/.ssh/github-autohand

Add the public key to your Git host as a deploy key. Use read-only access for review jobs and write access only for jobs that push branches.

Step 5: Clone and run Autohand Code

source ~/.autohand/env
cd ~/work
GIT_SSH_COMMAND="ssh -i ~/.ssh/github-autohand" git clone [email protected]:your-org/your-repo.git
cd your-repo

autohand -p "Review this repository and write a short risk summary" \
  --restricted \
  --output-format stream-json | tee -a ~/logs/first-review.jsonl

Step 6: Automate with doctl or cron

DigitalOcean documents both Control Panel creation and automated Droplet creation with the official doctl CLI. Use doctl if you want disposable Autohand Code runners for specific jobs.

# Example shape; choose current region, size, image, and SSH key IDs from doctl list commands.
doctl compute droplet create autohand-runner \
  --region nyc3 \
  --size s-2vcpu-2gb \
  --image ubuntu-24-04-x64 \
  --ssh-keys YOUR_SSH_KEY_ID \
  --tag-name autohand

For an always-on runner, schedule jobs directly on the Droplet.

0 8 * * 1-5 . $HOME/.autohand/env && cd $HOME/work/your-repo && git pull --ff-only && autohand -p "Review changes and summarize action items" --restricted --output-format json >> $HOME/logs/daily-review.jsonl 2>&1

Operations checklist

  • Use Cloud Firewalls for SSH access control.
  • Snapshot the Droplet after installing Node.js, Git, Autohand Code, and base dependencies.
  • Use tags so billing and inventory reports can identify Autohand Code runners.
  • Destroy disposable runners after the job finishes.
  • Keep model provider keys separate from the DigitalOcean API token used by doctl.