Terraform Code Foundry (Multi-Account)
An autonomous code foundry on a multi-account architecture: one shared "tools" account holds the GitHub token-minter and an exported coding toolset, and each user gets a thin sub-account whose Coding Agent installs those tools cross-account and works on the user's own repo, scoped by a per-user context.
This example shows how to productise an autonomous agent to many users without duplicating the toolbox per user or scattering credentials. A single shared "tools" account holds the expensive, sensitive machinery once: a GitHub bot that mints repository-scoped GitHub App tokens (signed from a JWT secret), a Coding Tools skillset exported account-wide as global-coding-tools, shared Design and Coding spaces, and a Designs Manager that keeps designs synced. Each user gets a thin, isolated sub-account whose Coding Agent installs the shared toolset cross-account with an @shared@global-coding-tools reference.
Everything runs on one partner token. Each account is selected with a provider
alias and run_as (the X-RunAs-UserId header), the same multi-account mechanism as
the multi-tenant examples. The shared account must carry the alias shared so the
cross-account skillset reference resolves.
The agent never holds the GitHub App key. To touch a repo it asks the shared GitHub bot (via bot/apply) to mint a short-lived, repository-scoped token. Which repository is decided by the sub-user's context, not hard-coded — hard-coding would be a security risk because each agent belongs to a user who may interact with it. That is why the partner-user context API is now exposed via GraphQL, and why each sub-account is given a context with its repo and Vercel project. A heartbeat trigger keeps each coding agent making the next step on a long task.
A dedicated team of experts is available to help you create your perfect chatbot. Reach out via or chat for more information.
