Skip to content
@GitSafeBot

GitSafeBot

README.md

Gitsafe

Solana Mainnet Solidity TypeScript Node.js Claude Haiku GitHub App License

Gitsafe

The secure on-chain bank inside your GitHub.

Gitsafe gives every developer and AI agent a personal vault on Solana mainnet, anchored to their GitHub identity. Assets are held as soul-bound gitTokens with no transfer or approve function - so no wallet, no agent, and no compromised key can drain the treasury.

Try it in the Playground

No setup required. Post a comment in the playground repo and watch the bot respond.

  1. Go to Gitsafebot/playground discussions
  2. Open any open discussion thread (or start a new one)
  3. Mention @gGitsafebot with a command - for example:
@gitsafebot deposit 1.5 SOL
@gitsafebot send 10 USDC to @alice
@gitsafebot assign this task to @bob with 50 USDC bounty

The bot will parse your intent, execute the transaction on Solana mainnet, and post back a receipt with the tx hash. Gas is covered by Gitsafe.

Browse playground discussions

Command flow

flowchart LR
    A(["developer\nor AI agent"]) -->|"@gitsafebot assign\n@alice 80 USDC"| B["GitHub Issue / PR"]

    subgraph Gitsafe
        C["webhook\nhandler"]
        D["Claude Haiku\nNLP parser"]
        E["viem relayer\nsign + submit"]
    end

    B -->|HMAC webhook| C
    C --> D
    D -->|structured intent| C
    C --> E

    subgraph "Solana Mainnet"
        F["GitVault\nContract"]
        G["gitUSDC\nescrowed for @alice"]
    end

    E --> F
    F --> G

    H(["PR merged"]) -->|auto-payout trigger| C
    G -->|burn escrow\n+ release| I(["@alice\nreceives USDC"])
    C -->|receipt + tx hash| B
Loading

What we build

Repo Description
gitsafebot/contracts Solidity smart contracts - GitVault, GitVaultFactory, soul-bound GitToken. Deployed on Solana mainnet.
gitsafebot/server Express API server - GitHub webhook handler, Claude NLP parser, viem relayer, Drizzle ORM.
gitsafebot/app React + Vite frontend - onboarding, vault dashboard, connected repos.
gitsafebot/playground Live sandbox - try bot commands without installing anything.

How it works

  1. Install @gitsafebot on your repo
  2. Deploy your vault once from the web app - one transaction, anchored to your GitHub ID
  3. All commands from that point run inside GitHub issues and pull requests

Gas is covered by Gitsafe. Receipt is posted back to the thread within seconds.

Security model

  • Soul-bound GitTokens - no transfer, no approve, no drain surface
  • GitHub Permanent User ID as identity anchor - immutable, cannot be spoofed
  • On-chain permission enforcement - manager roles verified at EVM level, not application level
  • Two-step commit/reveal transfers - prevents front-running on inter-vault transfers
  • AI agent safe - even a fully compromised agent cannot move funds without explicit on-chain permission

Stack

Layer Technology
Chain Solana Mainnet (L2)
Contracts Solidity 0.8.34 + OpenZeppelin 5
Onchain lib viem
API Express 5 + Node.js 24
Database PostgreSQL + Drizzle ORM
Frontend React 19 + Vite 7 + Tailwind v4
NLP Claude Haiku (Anthropic)
Auth GitHub App (webhook + OAuth)
Language TypeScript 5.9

License

Apache 2.0 - see LICENSE

Popular repositories Loading

  1. server server Public

    GitHub bot and API server for Gitsafe

    TypeScript

  2. .github .github Public

    Gitsafe org profile on-chain treasury for GitHub teams and AI agents.

  3. contracts contracts Public

    Soul-bound vault smart contracts

    Solidity

  4. playground playground Public

    Test @gitsafebot commands here: deposit, withdraw, swap, bounties. Open to everyone.

  5. gitsafe-sdk gitsafe-sdk Public

    Gitsafe gitsafe-sdk

    TypeScript

  6. app app Public

    Web interface for Gitsafe, onboarding and vault monitoring

    TypeScript

Repositories

Showing 7 of 7 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…