GitHub
Give your agent access to GitHub — reading issues, creating pull requests, cloning repos, and more. Credentials are injected by the Pai sidecar; the agent never holds the real token.
Get a token
- Go to github.com/settings/tokens
- Click Generate new token (classic)
- Select scopes:
repo(full repo access) or narrow it down as needed - Copy the token — it starts with
ghp_
Setup
# 1. Store the token
pai add secret github-pat --from-literal token=ghp_...
# 2. Create the provider
pai apply -f - <<EOF
apiVersion: pai.io/v1
kind: Provider
metadata:
name: github-writer
spec:
type: github
auth:
type: pat
secretRef: github-pat
policy:
allow:
- pulls:create
- pulls:comment
- issues:read
- issues:comment
- contents:read
deny:
- admin:*
- repo:delete
scope:
repositories:
- "myorg/my-repo"
EOF
Attach to an agent
spec:
providers:
- github-writer
Supported actions
| Action | API operations |
|---|---|
contents:read | Read files, clone repo, git fetch/pull |
contents:write | Push commits, git push |
pulls:read | List and read pull requests |
pulls:create | Open a new pull request |
pulls:comment | Comment on pull requests |
pulls:update | Update PR title, body, labels |
issues:read | List and read issues |
issues:create | Open a new issue |
issues:comment | Comment on issues |
repo:read | Read repository metadata |
repo:delete | Delete a repository |
org:read | Read organization info |
org:update | Update organization settings |
admin:collaborators | Add or remove collaborators |
Scope — restricting to specific repos
scope:
repositories:
- "myorg/repo-a"
- "myorg/repo-b"
Requests to any repository not in this list are denied, even if the action is allowed by policy.
Read-only example
spec:
type: github
auth:
type: pat
secretRef: github-pat
policy:
allow: ["*"]
httpRules:
- methods: [GET]
paths: ["*"]
effect: allow
- methods: [POST, PUT, PATCH, DELETE]
paths: ["*"]
effect: deny