ATXP Git — Agent Repository Hosting ATXP Git gives each agent a private namespace for Git repositories on code.storage . Agents can create repos, get authenticated clone/push URLs, and interact with them using standard Git commands. The MCP server handles provisioning and access control — all file operations happen through native Git. Ephemeral Remote URLs This is the most important concept to understand when using this tool. Remote URLs returned by remote-url contain a time-limited JWT embedded directly in the URL. This means: URLs expire. The default TTL is 1 hour (3600 seconds). After expiry, any git clone , git push , git pull , or git fetch using that URL will fail with an authentication error. URLs are not persistent. Do not store remote URLs in config files, environment variables, or long-lived scripts expecting them to work indefinitely. They are single-use credentials with a short lifespan. Refresh when expired. When a git operation fails with an auth error, get a fresh URL and update the remote:
Get a new writable URL
npx atxp@latest git remote-url my-project --writable
Update the existing remote with the new URL
git remote set-url origin < new-url
Retry the operation
git
push
No separate credential setup needed.
The URL embeds authentication — no
git credential
helper or SSH key configuration is required.
Read vs. write URLs.
Read-only URLs are free. Writable URLs cost $0.01 (this meters storage growth from pushes). Always request read-only unless you need to push.
Practical Workflow for Long-Running Tasks
If your task involves multiple git operations over time:
1. Get a writable URL at the start of your work session
2. Clone and make changes
3. Commit and push before the URL expires (within 1 hour)
4. If you need to push again later, get a fresh URL first
For tasks that may span multiple hours, request a new URL before each push rather than at the start. The
--ttl
flag can extend expiry up to the server maximum, but planning for refresh is more robust.
Security Model
Repos are private by default
— only the owner can access them.
Public repos
allow read-only access from other authenticated users via
remote-url
with
writable: false
.
Write access
requires repo ownership. No collaborator model — repos are single-owner.
URLs contain credentials
— treat
remote-url
output like a secret. Do not log, echo, or share writable URLs.
Soft-delete
— deleted repos become immediately inaccessible but are permanently removed after 30 days.
Commands Reference
Command
Cost
Description
npx atxp@latest git create
1. Create a repository ($0.50)
npx atxp@latest git create my-app
2. Get a writable URL ($0.01)
npx atxp@latest git remote-url my-app --writable
Returns: https://t:eyJ...@atxp.code.storage/userid/my-app.git
3. Clone, work, push (standard git)
git clone < url
cd my-app
... make changes ...
git add . && git commit -m "initial commit" && git push
4. Later — URL expired? Get a fresh one
npx atxp@latest git remote-url my-app --writable git remote set-url origin < new-url
git push Error Responses Scenario Error message Not authenticated "ATXP authentication required" Repo doesn't exist (or private + not owner) "Repository not found" Write to another user's repo "Permission denied" Repo name already taken "Repository already exists" Service unavailable "Service temporarily unavailable. Please retry in a few seconds." Git ref conflict "Conflict: ... Re-read the current state and retry." Visibility Mode Owner Other authenticated users Private Full read/write No access Public Full read/write Read-only (via remote-url with read-only default) Rate Limits Per-client: 120 requests/minute Per-IP: 10,000 requests/minute Exceeding limits returns HTTP 429 with a Retry-After hint.