Push a change/<name> branch carrying an OpenSpec proposal and an @change-apply opt-in commit; remcc runs /opsx:apply with Claude Code on a GitHub-hosted runner and opens a pull request for your review.
- No laptop tether. Claude Code loop runs on a GitHub-hosted runner, while you do something else.
- Normal PR review. Output lands as a branch + PR; the usual review, CI, and branch-protection apply.
- Tight safety boundary. Claude Code runs in an ephemeral Ubuntu VM, destroyed after coding is completed.
Three phases: [author locally] -> [apply on a runner] -> [review and merge locally]
- An OpenSpec-initialised, pnpm-managed repo with
.claude/committed - A
remccGitHub App installed on the target repo - An Anthropic API key with budget
Full checklist: docs/SETUP.md#prerequisites.
From a clean clone of the target repository on main:
bash <(curl -fsSL https://raw.githubusercontent.com/premeq/remcc/main/install.sh) initVerifies prerequisites, configures GitHub-side controls (default-branch approval ruleset, secret scanning, secrets, opsx:apply defaults), writes the workflow and template files, and opens a remcc-init PR for you to merge. See docs/SETUP.md.
On a fresh change/<name> branch, draft the OpenSpec change with Claude:
claude /opsx:proposeGenerates openspec/changes/<name>/ with proposal.md, design.md, specs/, and tasks.md. Iterate freely — WIP pushes don't fire the runner.
git commit --allow-empty -m "@change-apply: first pass"
git pushOnly commit subjects starting with @change-apply trigger apply. Trailers (Opsx-Model:, Opsx-Effort:) override model and thinking budget per run — see docs/SETUP.md#configuring-the-apply-model.
The opsx-apply workflow spins up an ephemeral ubuntu-latest runner, executes /opsx:apply <name> against the branch state, validates the change, then destroys the VM. Logs upload as a workflow artifact.
The App pushes the apply output and opens a PR to main as <app-slug>[bot] — a distinct actor from you, so the default-branch approval ruleset lets you review and approve it (the bot can't approve its own PR). Apply errors land as a draft PR with logs attached.
Pull the PR branch, finalise the change, push back:
git fetch && git checkout change/<name> && git pull
claude /opsx:verify
claude /opsx:archive
git add . && git commit -m "Archive change/<name>"
git push/opsx:verify checks the implementation against the artifacts. /opsx:archive moves the change folder under openspec/changes/archive/ and syncs delta specs into the main specs. Any subject that doesn't start with @change-apply is safe — the archive push won't re-trigger the runner.
Approve the PR and merge into main. The change branch is deleted on merge.
remcc v1 is intentionally narrow:
- Claude Code only. No other AI coding agents.
- GitHub Actions only. No GitLab, Bitbucket, CircleCI.
- OpenSpec
/opsx:applyonly. No arbitrary prompts. - pnpm-managed JavaScript repos only. The workflow runs
pnpm install --frozen-lockfile. - One invocation per change. Push or
workflow_dispatch, then watch the PR.
Deeper hardening caveats (org-vs-user-owned repo, GHAS-gated controls) live in docs/SECURITY.md.
bash <(curl -fsSL https://raw.githubusercontent.com/premeq/remcc/main/install.sh) upgradeOpens a remcc-upgrade PR with the template diff — see docs/SETUP.md#upgrading-remcc.
- docs/SETUP.md — prerequisites, App setup, automated and manual adoption, configuration knobs.
- docs/SECURITY.md — threat model, identity boundary, hardening caveats by repo ownership.
- docs/COSTS.md — Anthropic API and GitHub Actions cost guidance.
remcc v1 targets monorepo adoption and is stable enough for trial use.