🎩 GitHat

Switch your Git Hats

GitHat is a lightweight CLI tool that lets you bind GitHub accounts per repository and run Git commands securely using HTTPS + encrypted tokens. Seamlessly manage multiple GitHub accounts on a single machine — without SSH, without credential conflicts, and without leaking tokens.

---

✨ Why GitHat?

If you’ve ever:

• worked with personal + work GitHub accounts
• accidentally pushed a commit with the wrong identity
• fought with SSH keys, global Git config, or credential helpers

👉 GitHat fixes all of that.

What GitHat does differently

• ✅ No SSH setup required
• ✅ No global Git config changes
• ✅ No credential helper pollution
• ✅ Repo-level account binding
• ✅ Encrypted token storage
• ✅ Works with standard git commands

---

🧠 Core Idea

GitHat introduces account-aware Git execution.

You can either:

• explicitly choose an account
• or bind an account to a repo and forget about it

githat personal: git push
githat git push   # auto-uses bound account

---

📦 Installation

npm install -g githat

Verify:

githat --version

---

🛠️ Getting Started

1️⃣ Add a GitHub account

GitHat uses HTTPS + Personal Access Tokens (PAT).

githat add personal \
  --user yourGithubUsername \
  --email your@email.com \
  --token YOUR_GITHUB_TOKEN

🔒 Tokens are encrypted before being stored.

---

2️⃣ List configured accounts

githat list

Output:

📂 GitHat Accounts:
personal → Your Name <your@email.com>
work     → Company Name <work@email.com>

---

3️⃣ Use an account explicitly (prefix mode)

githat personal: git clone https://github.com/user/repo
githat work: git push

✔ No SSH ✔ No prompts ✔ No credential caching

---

🔗 Repo-Level Binding (Recommended)

Bind an account once per repository.

Bind an account

cd my-project
githat bind personal

This creates:

.git/githat.json

{
  "account": "personal"
}

---

Check repo status

githat status

Output:

📌 Repo bound to: personal

---

Use Git normally (no prefix!)

githat git add .
githat git commit -m "Initial commit"
githat git push

🎯 GitHat automatically uses the bound account.

---

🔐 Security Model

GitHat is designed to never leak credentials.

Token protection

• Tokens are encrypted at rest
• Decrypted only in memory
• Never written to Git config
• Never exposed in logs

Git execution

• credential.helper disabled
• GIT_ASKPASS used securely
• GIT_TERMINAL_PROMPT=0
• No global Git state touched

---

🧩 Supported Commands

Account Management

githat add <name>
githat list
githat remove <name>

Repo Binding

githat bind <name>
githat status

Git Passthrough

githat personal: git push
githat git pull
githat git clone <url>

---

❌ What GitHat Does NOT Do (by design)

• ❌ Does not modify ~/.gitconfig
• ❌ Does not rely on SSH keys
• ❌ Does not override system Git
• ❌ Does not store tokens in plaintext
• ❌ Does not affect normal git usage

---

🏗️ Architecture Overview

CLI Entry
 ├── Prefix Parser (personal:)
 ├── Repo Binding Resolver
 ├── Account Loader
 └── Git Executor
        ├── Token Injection
        ├── Identity Override
        └── Secure AskPass

---

🧪 Example Workflow

# Setup once
githat add personal --user john --email john@mail.com --token XXX
githat add work --user john-work --email john@company.com --token YYY

# Per repo
cd work-repo
githat bind work

cd personal-repo
githat bind personal

# Forever after
githat git push   # always correct account

---

🚧 Roadmap

v1.1.0

• Auto-bind on clone
• githat unbind
• Repo override warnings

v1.2.0

• GitHub Enterprise support
• Token rotation helpers

---

🤝 Contributing

PRs are welcome.

git clone https://github.com/yourname/githat
cd githat
npm install
npm link

---

📄 License

MIT License © 2025

---

❤️ Final Words

GitHat exists to make multi-account Git workflows boring again — no surprises, no mistakes, no stress.

If you work with multiple GitHub accounts, this tool is for you.