Skip to main content
Run git commands against the agent’s workspace on the gateway host. Authentication uses a per-agent ed25519 SSH key stored at ~/.beige/agents/<AGENTNAME>/ssh/id_ed25519 — the gateway operator’s own SSH keys are never used, even as a fallback.

How it works

The agent’s /workspace inside Docker is a bind mount of ~/.beige/agents/<AGENTNAME>/workspace/ on the gateway host. Both sides see the same files. The git tool runs git on the gateway host against that path, meaning:
  • The SSH key lives at ~/.beige/agents/<AGENTNAME>/ssh/id_ed25519 — a path that is never mounted into the container
  • The agent cannot read the key via exec cat or any other mechanism
  • Each agent has its own key, so agents are isolated from each other

Installation

Or install all tools:

Prerequisites

Authentication

Default: per-agent SSH key (ssh mode)

Generate a dedicated ed25519 key for each agent. Replace <AGENTNAME> with the agent’s name as defined in config.json5:
No config needed — the tool derives key paths from sessionContext.agentDir at call time as defaults.

Custom SSH key path

Override the defaults in config.json5 — useful for shared deploy keys or non-standard locations:

HTTPS with a Personal Access Token (https mode)

Use ${ENV_VAR} syntax so the token is read from the environment at startup — never hardcoded in config.json5:
The token is injected via a transient GIT_ASKPASS helper — no credential store is touched.

Configuration

Default allowed subcommands

clone, pull, push, fetch, add, commit, status, diff, log, show, checkout, branch, merge, rebase, stash, remote, tag, mv, rm, restore, reset, rev-parse, ls-files, shortlog

Permanently blocked (cannot be enabled by any config)

Config Examples

Read-only clone agent:
Full commit + push with per-agent SSH keys:

Security