Skip to content

Add GitHub token auth for production server init#37

Merged
jonathonbyrdziak merged 2 commits intomasterfrom
feature/production-git-auth
Mar 20, 2026
Merged

Add GitHub token auth for production server init#37
jonathonbyrdziak merged 2 commits intomasterfrom
feature/production-git-auth

Conversation

@jonathonbyrdziak
Copy link
Copy Markdown
Contributor

@jonathonbyrdziak jonathonbyrdziak commented Mar 20, 2026

Summary

  • When protocol init detects a production/staging server can't access the provided repo URL, it now guides the user through creating an organization-level fine-grained PAT with read-only permissions
  • Token is stored securely in ~/.protocol/.node/github-token (0600) and configured via git credential helper
  • Removes the redundant environment question from slave node flow (already chosen in step 1)

Why org-level tokens?

If a developer who set up the server leaves the org and their personal token is revoked, production breaks. Org-level tokens belong to the organization, not an individual — SOC2 compliant with minimal permissions (Contents: Read, Metadata: Read).

Flow

  1. User provides repo URL → git ls-remote tests access
  2. If access fails on a GitHub repo → walks through fine-grained PAT creation steps
  3. User pastes token → verifies it works → stores in .node/ with git credential helper
  4. For non-GitHub repos, falls back to recommending protocol key:generate for SSH

Test plan

  • Run protocol init → choose production → enter a private repo URL the server can't access
  • Verify the auth guidance appears with correct org/repo names
  • Paste a valid fine-grained PAT and confirm access verification succeeds
  • Verify token stored at ~/.protocol/.node/github-token with 0600 permissions
  • Verify git credential helper configured and subsequent git operations work
  • Test with a repo the server already has access to — should skip auth flow entirely

🤖 Generated with Claude Code

jonathonbyrdziak and others added 2 commits March 20, 2026 13:25
@jonathonbyrdziak @claude
Add GitHub token auth flow for production init
620903d 
When a production/staging server can't access a private repo, guide the
user through creating an org-level fine-grained PAT with read-only
permissions. This avoids the SOC2 risk where a developer leaves, their
personal token is revoked, and production breaks.

Also removes the redundant environment step from the slave node flow
since the environment is already chosen in step 1.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jonathonbyrdziak @claude
Add Variables: Read-only to token permissions for release pointer
780ca7d 
The release watcher reads PROTOCOL_ACTIVE_RELEASE from GitHub Actions
variables to determine which release to deploy.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jonathonbyrdziak jonathonbyrdziak merged commit ab58c24 into master Mar 20, 2026
6 of 8 checks passed
@jonathonbyrdziak jonathonbyrdziak deleted the feature/production-git-auth branch March 20, 2026 20:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jonathonbyrdziak