git commands against the agent’s workspace on the gateway host. Authentication uses a per-agent ed25519 SSH key stored at ~/.beige/agents/<AGENTNAME>/ssh/id_ed25519 — the gateway operator’s own SSH keys are never used, even as a fallback.
How it works
The agent’s/workspace inside Docker is a bind mount of ~/.beige/agents/<AGENTNAME>/workspace/ on the gateway host. Both sides see the same files. The git tool runs git on the gateway host against that path, meaning:
- The SSH key lives at
~/.beige/agents/<AGENTNAME>/ssh/id_ed25519— a path that is never mounted into the container - The agent cannot read the key via
exec cator any other mechanism - Each agent has its own key, so agents are isolated from each other
Installation
Prerequisites
Authentication
Default: per-agent SSH key (ssh mode)
Generate a dedicated ed25519 key for each agent. Replace <AGENTNAME> with the agent’s name as defined in config.json5:
sessionContext.agentDir at call time as defaults.
Custom SSH key path
Override the defaults inconfig.json5 — useful for shared deploy keys or non-standard locations:
HTTPS with a Personal Access Token (https mode)
Use ${ENV_VAR} syntax so the token is read from the environment at startup — never hardcoded in config.json5:
GIT_ASKPASS helper — no credential store is touched.
Configuration
Default allowed subcommands
clone, pull, push, fetch, add, commit, status, diff, log, show, checkout, branch, merge, rebase, stash, remote, tag, mv, rm, restore, reset, rev-parse, ls-files, shortlog
