Skip to main content
Interact with GitHub using the gh CLI. Routes all commands to gh running on the gateway host. Repository deletion (repo delete) is permanently blocked regardless of configuration.

Installation

Install this tool individually:
Or install all tools from the toolkit:

Configuration

All gh subcommands are permitted by default except api, which is excluded because it allows arbitrary HTTP methods and GraphQL mutations. When allowedCommands is set explicitly, it fully replaces the default list.

Authentication

The tool supports two authentication modes: Token in config (recommended for multi-agent setups) Set token in the agent’s pluginConfigs. The token is forwarded to gh via GH_TOKEN and takes precedence over any credential stored on the host, so different agents can authenticate as different GitHub identities. Both token formats work without any special configuration:
  • Classic personal access tokens: ghp_…
  • Fine-grained personal access tokens: github_pat_…
Host-level auth (zero config) When no token is configured, the tool inherits the gateway process’s environment and gh picks up whatever auth is already present on the host (~/.config/gh/, GITHUB_TOKEN env var, etc.). Run gh auth login on the host once, and all agents without an explicit token will share that credential.

Prerequisites

Config Examples

Agent with its own token:
Read-only agent (list and view, no mutations):
Issue triage bot (issues only):
Enable raw API access alongside standard commands:

Per-Agent Configuration (pluginConfigs)

Use beige’s pluginConfigs to give different agents different GitHub tokens and permissions:

Error Reference

Implementation Details

  • Target: Gateway (runs on the host, not in the sandbox)
  • Dependency: gh CLI
  • Stateless: Each invocation spawns a fresh gh process
  • Token precedence: config.tokenGH_TOKEN → host ~/.config/gh/