GitHub (Personal Access Token)

Live

API KEY

SOURCE CONTROL

Developer Tools

GitHub (Personal Access Token) connects agents to source control with each user's own API key: branches, PRs, issues, releases, and Actions.

  • Per-user credentials: each call uses the actual user's token, never a shared bot.
  • Encrypted per-tenant vault: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: pre-call scope check, 90-day SIEM-exportable audit chain.
GitHub (Personal Access Token)
agent · Acme Q3
Run
Any open PRs on api-server waiting for review, and are checks green?
S
githubpat_pull_requests_list
96ms
GitHub agent
3 open PRs. #482 approved, checks green, ready to merge. #479 waiting on 2 reviewers since Tuesday. #475 failing lint on ci/test.
Sources: 3 PRs, api-server, base main
githubpat
3 PRs
18:29
Message Claude...

Tools your engineering agent reaches for on GitHub, scoped per user.

CALL ANY TOOL
Source control end to end: read files, open and merge PRs, triage issues, search code, and drive CI, each call on the user's own API key.
githubpat_pull_request_create
Open a pull request
Create a new pull request in a repository; requires write access to the head branch.
Parameters
Name
Type
Required
Description
base
string
Required
The name of the branch you want the changes pulled into
head
string
Required
The name of the branch where your changes are implemented (format: user:branch)
owner
string
Required
The account owner of the repository
repo
string
Required
The name of the repository
body
string
Optional
The contents of the pull request description
draft
boolean
Optional
Indicates whether the pull request is a draft
maintainer_can_modify
boolean
Optional
Indicates whether maintainers can modify the pull request
title
string
Optional
The title of the pull request
githubpat_pull_request_merge
Merge a pull request
githubpat_issues_list
List issues
githubpat_issue_create
Create an issue
githubpat_file_contents_get
Read file contents
githubpat_commits_list
List commits
githubpat_search_code
Search code
githubpat_workflow_dispatch
Trigger a workflow
Build your Agent
Same auth pattern across LangChain, OpenAI, Anthropic, and Google ADK.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { createReactAgent } from "@langchain/langgraph/prebuilt";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

// GitHub tools scoped to this user
const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["githubpat"], toolNames: [
    "githubpat_pull_request_create",
    "githubpat_issues_list",
    "githubpat_search_code"] },
  pageSize: 100,
});

const agent = createReactAgent({ llm, tools });
await agent.invoke({ messages: [{ role: "user", content: "Open a PR from fix/login-timeout into main." }] });
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["githubpat"] }, pageSize: 100,
});

const res = await openai.chat.completions.create({
  model: "gpt-5",
  messages: [{ role: "user", content: "List open issues labeled bug in api-server." }],
  tools,
});

// Execute the tool call with the user's vaulted GitHub PAT
await sk.tools.executeTool(res.choices[0].message.tool_calls[0], "user_123");
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["githubpat"] }, pageSize: 100,
});

const msg = await anthropic.messages.create({
  model: "claude-sonnet-5",
  max_tokens: 1024,
  messages: [{ role: "user", content: "Search the org for uses of the deprecated auth client." }],
  tools,
});

// Tool call runs with the user's vaulted GitHub PAT
await sk.tools.executeTool(msg.content, "user_123");
import { Agent } from "@google/adk/agents";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["githubpat"] }, pageSize: 100,
});

const agent = new Agent({
  name: "github_repo_agent",
  model: "gemini-2.5-pro",
  instruction: "Manage GitHub repos, issues, and PRs for the signed-in user.",
  tools,
});

await agent.run("Merge PR #482 with squash if checks are green.");
Try these prompts
Copy any prompt into your agent. Each maps directly to a GitHub tool. Click to copy, paste into your agent, done.
Ship code
Copy the prompt
Copied
Open a PR from fix/login-timeout into main with a summary of the diff.
Copy the prompt
Copied
Merge PR #482 with squash if checks are green.
Copy the prompt
Copied
Create a branch off main for the payments refactor.
Triage issues and reviews
Copy the prompt
Copied
List open issues labeled bug in api-server.
Copy the prompt
Copied
File an issue for the flaky checkout test and label it ci.
Copy the prompt
Copied
Which PRs are still waiting on review this week?
Search and CI
Copy the prompt
Copied
Search the org for uses of the deprecated auth client.
Copy the prompt
Copied
Trigger the deploy workflow on main.
Copy the prompt
Copied
Why did the last release workflow run fail?
SEE HOW AUTH WORKS
Your users connect once. Their GitHub tokens stay vaulted, every call is scope-checked, and every action is logged.
1
Authorize
Your user connects
GitHub (Personal Access Token)
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
GitHub (Personal Access Token)
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
GitHub (Personal Access Token)
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
GitHub (Personal Access Token)
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other developer connectors.
ENGINEERING
DevOps assistant agent
Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.
ENGINEERING
Auto-release notes agent
Group merged GitHub PRs by feature, fix, or chore and publish release notes per tag. No manual changelog grooming.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with identity, scope enforcement, and audit. Connectors follow.
01.
Shared tokens break per-user analytics
A shared machine-account PAT looks fine in a demo. In production every merge, force-push, and issue edit is attributed to one bot, and you cannot tell who shipped what. Scalekit resolves the credential of the actual user who triggered the agent, never a shared bot.
// shared token
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
GitHub today. Others tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access GitHub as the user or through a shared key?
As the user. Scalekit resolves the PAT of the person who triggered the agent at request time, so every commit, merge, and issue edit in your audit trail is attributed to a real user, not a shared machine account.
Where is the GitHub token stored?
In an AES-256 encrypted vault with per-tenant namespacing. Tokens are resolved at request time, never enter LLM context, and can be rotated or revoked from one dashboard.
Can I limit what the agent does in GitHub?
Yes. Filter by tool name in listScopedTools to expose only what you want, for example read and search without merge, delete, or team management. Scalekit also enforces scope checks before every API call.
What happens when a user revokes access?
The credential is invalidated at the next tool call. The call fails closed, other users' connections are unaffected, and the revocation is logged in the audit chain.
A PAT can carry broad repo scope. Does the agent get all of it?
No. The token's GitHub scope is the ceiling, not the grant. You choose which of the 113 tools the agent sees, so destructive operations like repo_delete or git_ref_delete stay hidden unless you list them, and Scalekit checks scope before every call.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""githubpat"": {
""url"": ""https://mcp.scalekit.com/githubpat"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.githubpat]
url = ""https://mcp.scalekit.com/githubpat""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""githubpat"": {
""url"": ""https://mcp.scalekit.com/githubpat"",
""type"": ""http""
}
}
}