GitHub PAT

Interact with GitHub using Personal Access Tokens. User controls access via PAT scopes.

Setup

User provides their PAT:

1. Create PAT at github.com/settings/tokens
2. Select scopes (repo for full, public_repo for public only)
3. Provide token to agent

Store in TOOLS.md or pass via --token.

Commands

# List repos you have access to
python3 scripts/gh.py repos [--token TOKEN]

# Clone a repo
python3 scripts/gh.py clone owner/repo [--token TOKEN]

# Create branch
python3 scripts/gh.py branch <branch-name> [--repo owner/repo]

# Commit and push
python3 scripts/gh.py push "<message>" [--branch branch] [--repo owner/repo]

# Open a pull request
python3 scripts/gh.py pr "<title>" [--body "description"] [--base main] [--head branch]

# Create an issue
python3 scripts/gh.py issue "<title>" [--body "description"] [--repo owner/repo]

# View repo info
python3 scripts/gh.py info owner/repo

Security Model

• User controls access via PAT scopes
• No OAuth - no "allow full access" prompts
• Least privilege - user creates PAT with minimal needed scopes
• Fine-grained PATs supported for specific repo access

Token Storage

Agent stores token in TOOLS.md under ### GitHub section. Never expose in logs or messages.