Git Repo Auth
БесплатноНе проверенMints short-lived, scoped GitHub App installation tokens on demand for AI agents to access git repositories or the GitHub API.
Описание
Mints short-lived, scoped GitHub App installation tokens on demand for AI agents to access git repositories or the GitHub API.
README
Your AI can build things. This lets it save them — safely.
When you ask an AI to build something, that work has to live somewhere. Developers keep theirs on GitHub — but GitHub expects you to create and manage digital keys, and that's where most people give up.
This bridge handles the keys for you. Connect your GitHub account once. After that, every time your AI needs to save work, it gets a fresh key that opens only the one door it needs — and the key expires in an hour.
That's actually safer than what most professionals do. The common shortcut is one master key that opens everything and lasts for years. Here, there's no master key to lose — and if you ever want out, one click disconnects everything.
You never see a key. You never touch a key. You just ask, and it saves to GitHub.
Want this with nearly zero effort?
You don't have to run anything. The hosted bridge is live:
- New to all this? Start here: https://gitauth.klappy.dev/start — connected in about a minute, no card for the trial.
- Developer? The fast path: https://gitauth.klappy.dev/start-developers
- The deal: a real free trial, then plans from $1/month. Pricing and limits render live from the same rulebook the server enforces.
- Who you're dealing with: the hosted service is operated by Covenynt Ventures LLC — that's the name on Stripe receipts and in the terms.
- Rather hold your own keys? https://gitauth.klappy.dev/self-host — same code as this repo, $0 forever.
The technical version
Connect GitHub once. Your agent mints its own short-lived, scoped tokens after that.
A Cloudflare Worker that bridges MCP's OAuth to GitHub App installation tokens. Users click "Connect," log in with GitHub, and choose which account to bind. From then on, their MCP session can call one tool — github_token — which returns a ≤1-hour token scoped to their installation, optionally down-scoped per request.
Currently GitHub; forge-agnostic by design.
How the bridge works
- An MCP client (Claude, etc.) connects to
/mcpand is sent through a standard OAuth 2.1 flow (dynamic client registration, PKCE) served by this worker. - Inside that flow, the user logs in with GitHub. The worker checks which installations of this GitHub App the user actually controls (
GET /user/installations— GitHub filters by both app and user). - Zero installations → the user is sent to install the app on their repos. One → bound automatically. Several → a picker.
- The grant is bound to that installation ID. Every later
github_tokencall mints for that installation only. GitHub enforces the walls: a token minted for one installation physically cannot touch another's repositories.
Security model — read before trusting
What is never stored. No GitHub tokens, ever. Installation tokens are minted on demand and die within the hour. The GitHub user token from login is used for two GET requests and discarded. The worker's state is: its own OAuth grants (hashed, in KV) and 10-minute pending records during account selection.
What the operator holds. One GitHub App private key — their own, in worker secrets. Users never hand over keys. This is the standard model every CI service uses.
Blast radius, honestly. If this worker is compromised, the attacker gains minting capability over the repos of every account that installed the app — not their keys, not their accounts, but their installed scope, within the app's permission ceiling. Your kill switch as a user is first-class and unilateral: uninstall the app, and minting for your account ends instantly; outstanding tokens die within the hour. If that trust trade doesn't fit you, self-host your own instance (below) — it's the same code.
"No Administration" ≠ "cannot escalate." The recommended grant (Contents RW, PRs RW, Workflows RW, Metadata R) excludes Administration. But Workflows write means a token holder can modify CI, and CI runs with the repo's own credentials. The path is accepted, not eliminated: CI changes land in PRs and audit logs under the app's [bot] identity. Users who don't want the trade can simply not grant the app repos where it matters — or the operator can drop the Workflows permission app-wide.
Per-request enforcement. The permission ceiling, repository scoping, one-hour expiry, and bot provenance are all enforced by GitHub, not by this code.
Connect (as a user)
Add this server to your MCP client — the hosted bridge endpoint is:
https://gitauth.klappy.dev/mcp
(Self-hosting? Substitute your own deployment's /mcp.)
Your client will walk you through GitHub login and installation binding. Then ask your agent to call github_token when it needs git or API access.
github_token parameters (both optional): repositories (names, no owner) and permissions (e.g. {"contents":"read"}) — each must be within what the app was granted and where it's installed.
Operate (run your own bridge)
- Create a GitHub App (Settings → Developer settings → GitHub Apps → New). Webhook off. Permissions: Contents RW, Pull requests RW, Workflows RW (optional — see security model), Metadata R. Nothing else; explicitly not Administration. Make the app public if others should be able to install it.
- Enable user OAuth on the app: set Callback URL to
https://<deployment>/callback, then generate a client secret (App settings → Client secrets). Note the Client ID. - Generate the private key. Paste it as-is — the worker auto-converts GitHub's PKCS#1 format to the PKCS#8 that WebCrypto needs. (Manual fallback if ever needed:
openssl pkcs8 -topk8 -inform PEM -in key.pem -nocrypt.) The key never transits chat in any format. - Set the slug in
wrangler.jsonc(GH_APP_SLUG, fromgithub.com/apps/<slug>) and create a KV namespace for theOAUTH_KVbinding if the committed ID isn't yours:wrangler kv namespace create OAUTH_KV. - Secrets (never committed, never pasted in chat):
wrangler secret put GH_APP_ID wrangler secret put GH_APP_PRIVATE_KEY # the PKCS#8 PEM wrangler secret put GITHUB_CLIENT_ID wrangler secret put GITHUB_CLIENT_SECRET - Deploy:
npm install && npm run deploy - Keep any existing PAT until the first real token mints. Retiring the fallback before validating the replacement is how lockouts happen.
Retired in v0.2: MCP_AUTH_TOKEN (replaced by per-user OAuth) and GH_APP_INSTALLATION_ID (now bound per grant).
Development
npm install
npm run typecheck
npm test
npm run dev # local; dummy values in .dev.vars (gitignored)
Troubleshooting & project journal
Field-observed failures and fixes live in docs/troubleshooting.md — start there if a token "doesn't work." The evidence behind each entry is the project journal under odd/ledger/: dated DOLCHEO records of what was observed, learned, and decided. New observations go to the journal first, then get distilled into troubleshooting.
License
Deliberately not yet licensed (all rights reserved by default) — a licensing decision is pending and will be made once, deliberately. Open an issue if you need clarity before then.
Установка Git Repo Auth
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/klappy/git-repo-auth-mcpFAQ
Git Repo Auth MCP бесплатный?
Да, Git Repo Auth MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Git Repo Auth?
Нет, Git Repo Auth работает без API-ключей и переменных окружения.
Git Repo Auth — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Git Repo Auth в Claude Desktop, Claude Code или Cursor?
Открой Git Repo Auth на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Git Repo Auth with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
