AI News HubLIVE
In-site rewrite2 min read

Ghbrk: Let AI agents run Git/gh without exposing SSH keys/API tokens

Ghbrk is a credential broker written in Rust that allows autonomous AI coding agents to securely execute Git and GitHub operations without exposing SSH keys or GitHub tokens. It uses a root-owned daemon to hold credentials, requires explicit 'ghbrk' prefix for remote operations, enforces policy-based access control, and logs all decisions to an append-only audit log. Ideal for engineers who delegate GitHub access to AI agents.

SourceHacker News AIAuthor: marconae

Notifications You must be signed in to change notification settings

Fork 0

Star 3

BranchesTags

Open more actions menu

Folders and files

NameName

Last commit message

Last commit date

Latest commit

History

81 Commits

81 Commits

.github/workflows

.github/workflows

.serena

.serena

assets

assets

config

config

deploy

deploy

docs

docs

specs

specs

src

src

tests

tests

.gitignore

.gitignore

AGENTS.md

AGENTS.md

CHANGELOG.md

CHANGELOG.md

CLAUDE.md

CLAUDE.md

Cargo.lock

Cargo.lock

Cargo.toml

Cargo.toml

LICENSE

LICENSE

README.md

README.md

about.hbs

about.hbs

about.toml

about.toml

deny.toml

deny.toml

deploy-local.sh

deploy-local.sh

ghbrk.md

ghbrk.md

install.sh

install.sh

Repository files navigation

Getting Started

curl -fsSL https://raw.githubusercontent.com/marconae/ghbrk/main/install.sh | sudo bash

Note

Agent wiring included. The installer places ghbrk.md in ~/.claude/ and prepends @ghbrk.md to ~/.claude/CLAUDE.md (Claude Code), and appends it to ~/.codex/AGENTS.md (Codex). Agents learn which operations require the ghbrk prefix automatically. Pass --no-claude or --no-codex to skip wiring.

Important

Requires Linux with systemd and an x86_64 CPU. See Installation for credential setup and policy configuration.

Why I Built It

I run autonomous AI coding agents. Agents can expose your GitHub credentials in ways you might not notice.

For example, when an agent:

reads ~/.ssh/config or ~/.ssh/id_rsa to figure out how to push — your private key ends up in the context window

runs echo $GITHUB_TOKEN to debug a failing gh call — your token lands in the session transcript

So I built ghbrk to prevent agents from getting access to your GitHub credentials.

The daemon holds your SSH key and GitHub token. Agents never see them. Every remote git and gh operation is checked against a policy you control, and every decision is logged.

Who Should Use It?

If you are an agentic engineer running autonomous agents — coding assistants, CI bots, automated reviewers — and you give those agents access to GitHub, then ghbrk was built for you.

How Does It Work?

Agent │ │ ghbrk git push / ghbrk gh pr create │ (explicit — no transparent interception) ▼ ghbrk daemon (holds your SSH key and token) │ ├─ checks policy ──── allow → runs git / gh with credentials injected │ streams output back to the agent │ └──────────────────── deny → returns error, logs the decision

Agents call ghbrk explicitly for remote operations. Local commands (git status, git commit) run as usual, without going through the broker.

The daemon checks policy — owned by root, not readable by the agent. The agent cannot see or modify what it is allowed to do.

Credentials are injected at execution time. The agent process never sees the SSH key or token.

Every decision is logged to an append-only audit log.

The policy is a YAML file you write and only root can change. Only the repos, operations, and branches you explicitly allow will go through.

rules:

  • user: alice

org: acme repo: platform operations: [push] branches: ["feature/*"] effect: allow

Everything else is denied by default.

Documentation

Guide Description

Installation Install from binary, provision credentials, write a policy

Commands ghbrk git, ghbrk gh, doctor, explain, policy, allow

Policy Reference Rules, operations, branch matching, environment variables

Agent Integration How to wire up an agent to use ghbrk

Audit Log Log format and example entries

Built with Rust 🦀 and made with ❤️ by marconae.

About

A credential broker that gives coding agents git and gh access without exposing SSH keys or tokens, gated by a root-owned policy. Written in Rust 🦀

Topics

github

git

linux

agentic-ai

agentic-workflows

agentic-engineering

Resources

Readme

License

MIT license

Uh oh!

There was an error while loading. Please reload this page.

Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks

Report repository

Releases 1

v1.1.2

Latest

Jun 27, 2026

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

Rust 93.9%

Shell 5.4%

Other 0.7%