Ghbrk: Let AI agents run Git/gh without exposing SSH keys/API tokens
Ghbrk is a credential broker written in Rust that allows autonomous AI coding agents to securely execute Git and GitHub operations without exposing SSH keys or GitHub tokens. It uses a root-owned daemon to hold credentials, requires explicit 'ghbrk' prefix for remote operations, enforces policy-based access control, and logs all decisions to an append-only audit log. Ideal for engineers who delegate GitHub access to AI agents.
Notifications You must be signed in to change notification settings
Fork 0
Star 3
BranchesTags
Open more actions menu
Folders and files
NameName
Last commit message
Last commit date
Latest commit
History
81 Commits
81 Commits
.github/workflows
.github/workflows
.serena
.serena
assets
assets
config
config
deploy
deploy
docs
docs
specs
specs
src
src
tests
tests
.gitignore
.gitignore
AGENTS.md
AGENTS.md
CHANGELOG.md
CHANGELOG.md
CLAUDE.md
CLAUDE.md
Cargo.lock
Cargo.lock
Cargo.toml
Cargo.toml
LICENSE
LICENSE
README.md
README.md
about.hbs
about.hbs
about.toml
about.toml
deny.toml
deny.toml
deploy-local.sh
deploy-local.sh
ghbrk.md
ghbrk.md
install.sh
install.sh
Repository files navigation
Getting Started
curl -fsSL https://raw.githubusercontent.com/marconae/ghbrk/main/install.sh | sudo bash
Note
Agent wiring included. The installer places ghbrk.md in ~/.claude/ and prepends @ghbrk.md to ~/.claude/CLAUDE.md (Claude Code), and appends it to ~/.codex/AGENTS.md (Codex). Agents learn which operations require the ghbrk prefix automatically. Pass --no-claude or --no-codex to skip wiring.
Important
Requires Linux with systemd and an x86_64 CPU. See Installation for credential setup and policy configuration.
Why I Built It
I run autonomous AI coding agents. Agents can expose your GitHub credentials in ways you might not notice.
For example, when an agent:
reads ~/.ssh/config or ~/.ssh/id_rsa to figure out how to push — your private key ends up in the context window
runs echo $GITHUB_TOKEN to debug a failing gh call — your token lands in the session transcript
So I built ghbrk to prevent agents from getting access to your GitHub credentials.
The daemon holds your SSH key and GitHub token. Agents never see them. Every remote git and gh operation is checked against a policy you control, and every decision is logged.
Who Should Use It?
If you are an agentic engineer running autonomous agents — coding assistants, CI bots, automated reviewers — and you give those agents access to GitHub, then ghbrk was built for you.
How Does It Work?
Agent │ │ ghbrk git push / ghbrk gh pr create │ (explicit — no transparent interception) ▼ ghbrk daemon (holds your SSH key and token) │ ├─ checks policy ──── allow → runs git / gh with credentials injected │ streams output back to the agent │ └──────────────────── deny → returns error, logs the decision
Agents call ghbrk explicitly for remote operations. Local commands (git status, git commit) run as usual, without going through the broker.
The daemon checks policy — owned by root, not readable by the agent. The agent cannot see or modify what it is allowed to do.
Credentials are injected at execution time. The agent process never sees the SSH key or token.
Every decision is logged to an append-only audit log.
The policy is a YAML file you write and only root can change. Only the repos, operations, and branches you explicitly allow will go through.
rules:
- user: alice
org: acme repo: platform operations: [push] branches: ["feature/*"] effect: allow
Everything else is denied by default.
Documentation
Guide Description
Installation Install from binary, provision credentials, write a policy
Commands ghbrk git, ghbrk gh, doctor, explain, policy, allow
Policy Reference Rules, operations, branch matching, environment variables
Agent Integration How to wire up an agent to use ghbrk
Audit Log Log format and example entries
Built with Rust 🦀 and made with ❤️ by marconae.
About
A credential broker that gives coding agents git and gh access without exposing SSH keys or tokens, gated by a root-owned policy. Written in Rust 🦀
Topics
github
git
linux
agentic-ai
agentic-workflows
agentic-engineering
Resources
Readme
License
MIT license
Uh oh!
There was an error while loading. Please reload this page.
Activity
Stars
3 stars
Watchers
1 watching
Forks
0 forks
Report repository
Releases 1
v1.1.2
Latest
Jun 27, 2026
Uh oh!
There was an error while loading. Please reload this page.
Contributors
Uh oh!
There was an error while loading. Please reload this page.
Languages
Rust 93.9%
Shell 5.4%
Other 0.7%