Skip to content

Git Integration

Jump to bottom
Sia edited this page May 31, 2026 · 3 revisions

Git Integration

For cloning private repositories into new projects.

/settings/git-integrations in the web UI.

Three sources of git credentials

  1. No credentialshttps://github.com/owner/public-repo.git works out of the box for public repos.
  2. HTTPS PAT (Personal Access Token) — for private HTTPS URLs. Registered per-host; the git CLI auto-picks via credential.helper=store.
  3. SSH key — for private SSH URLs (git@host:owner/repo.git). vibe-coder generates an ed25519 key pair; you register the public key in your git provider.

Storage

File Purpose Permissions
~/.config/vibe-coder/git-tokens.json Vibe-coder's normalized PAT store (UI reads from here) 0600
~/.git-credentials Standard git CLI store. URLs of the form https://x-access-token:TOKEN@host 0600
~/.ssh/id_ed25519 + .pub SSH key pair 0600 / 0644
~/.ssh/known_hosts Pre-seeded with github.com / gitlab.com / bitbucket.org host keys 0600

All paths are bind-mounted to ./vibe-coder-data/ so they survive image upgrades.

Register a PAT

Web UI

  1. /settings/git-integrations+ New token (auto-open on first visit).
  2. Pick provider (GitHub / GitLab / Gitea / Bitbucket / generic).
  3. Host: domain only (github.com, not https://github.com).
  4. Paste the token. Username auto-defaults per provider:
    • GitHub: x-access-token
    • GitLab: oauth2
    • Bitbucket: x-token-auth
    • Gitea: vibe-coder (host doesn't care, only token matters)
  5. Click Register.

REST API

curl -X POST http://<host>:17880/api/settings/git-integrations \
  -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \
  -d '{
    "provider":"github",
    "host":"github.com",
    "token":"ghp_..."
  }'

Where do I get the PAT?

Provider URL Required scope
GitHub https://github.com/settings/tokens (classic) or fine-grained repo (classic) or "Contents: Read and write" (fine-grained)
GitLab https://gitlab.com/-/user_settings/personal_access_tokens read_repository (and write_repository if you'll push)
Gitea User Settings → Applications → Generate New Token read:repository
Bitbucket Personal settings → App passwords Repository: Read (and Write if push)

SSH key — auto-provisioning

The entrypoint script auto-generates an ED25519 keypair on first container boot at /home/vibe/.ssh/id_ed25519, persisted via the ./vibe-coder-data/dev-tools/ssh/ bind mount (see Data-Volumes). Once present it is never overwritten — your key survives docker compose pull && up -d and even ad-hoc --force-recreate.

Dedicated settings page (recommended)

Admin UI → Settings → SSH Key (/settings/ssh-key):

  1. Public key is displayed in a copyable monospace textbox.
  2. Click Copy.
  3. Paste it into your Git host's SSH Keys page (Gitea / GitHub / GitLab / Bitbucket).
  4. git@host:owner/repo.git URLs now work in project register and git clone/push over SSH.

The page also shows algorithm / fingerprint / comment / created-at, and a Regenerate card that backs up the current key as id_ed25519.bak.<ts> before issuing a fresh keypair (you must then re-register the new public key on every Git host you use).

REST API

# View
curl -fsS http://<host>:17880/api/server/ssh-key \
  -H "Authorization: Bearer $TOKEN"
# {
#   "publicKey": "ssh-ed25519 AAAA... vibe-coder-server@host-20260526",
#   "algorithm": "ssh-ed25519",
#   "fingerprint": "SHA256:abc…",
#   "comment": "vibe-coder-server@host-20260526",
#   "createdAt": "2026-05-26T11:00:00Z"
# }

# Regenerate (backs up old → new key returned)
curl -X POST http://<host>:17880/api/server/ssh-key/regenerate \
  -H "Authorization: Bearer $TOKEN"

Alternate: lazy generation via /settings/git-integrations

The SSH key can also be created lazily by clicking Generate SSH key under /settings/git-integrations (REST: POST /api/settings/git-integrations/ssh-keygen). This endpoint is idempotent (no-op if the auto-provisioned key already exists), but the dedicated /settings/ssh-key page above is the preferred path.

Use the credentials — project register

# HTTPS (PAT auto-picked from ~/.git-credentials)
curl -X POST http://<host>:17880/api/projects/register \
  -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \
  -d '{
    "projectId":"my-private",
    "appName":"My Private",
    "packageName":"com.example.priv",
    "sourceType":"clone",
    "cloneUrl":"https://github.com/owner/private-repo.git"
  }'

# SSH
curl -X POST http://<host>:17880/api/projects/register \
  ... -d '{ ..., "cloneUrl":"git@github.com:owner/private-repo.git" }'

The server runs git clone --progress with:

  • GIT_TERMINAL_PROMPT=0 (so an unauthenticated request fails fast instead of hanging on stdin)
  • GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new -o BatchMode=yes" (auto-accepts new host keys, never prompts)

If clone fails, the partial directory is automatically cleaned up.

Common errors

Code Cause Fix
400 missing_clone_url sourceType=clone but cloneUrl empty Provide cloneUrl
400 bad_url_scheme URL not https:// or git@host: Use a supported scheme
400 unsafe_url URL contains file:// or .. Don't try to clone local paths
409 target_not_empty Project folder already has files Pick a different projectId
502 clone_failed (exit 128) Authentication failed Register a PAT or SSH key; check cloneUrl typos
504 timeout clone exceeded 10 min Slow network or huge repo; clone manually inside the container with --depth=1

Security notes

  • PATs are stored in plaintext (0600 file). vibe-coder is a single-user LAN tool; OS file permissions are the boundary.
  • Tokens are masked in any UI response (last 4 chars + bullets).
  • Revoking a token: delete from the UI/API → the underlying ~/.git-credentials is rewritten without that entry.
  • Best practice: use short-lived fine-grained PATs scoped to specific repos; rotate quarterly.

Clone this wiki locally