[{"data":1,"prerenderedAt":373},["ShallowReactive",2],{"navigation_docs":3,"-guide-token-permissions":66,"-guide-token-permissions-surround":368},[4,22,54],{"title":5,"path":6,"stem":7,"children":8,"page":21},"Getting Started","\u002Fgetting-started","docs",[9,13,17],{"title":10,"path":11,"stem":12},"Introduction","\u002Fgetting-started\u002Fintroduction","docs\u002F1.getting-started\u002F1.introduction",{"title":14,"path":15,"stem":16},"Installation","\u002Fgetting-started\u002Finstallation","docs\u002F1.getting-started\u002F2.installation",{"title":18,"path":19,"stem":20},"Agent Skills","\u002Fgetting-started\u002Fagent-skills","docs\u002F1.getting-started\u002F3.agent-skills",false,{"title":23,"path":24,"stem":7,"children":25,"page":21},"Guide","\u002Fguide",[26,30,34,38,42,46,50],{"title":27,"path":28,"stem":29},"Quick Start","\u002Fguide\u002Fquick-start","docs\u002F2.guide\u002F1.quick-start",{"title":31,"path":32,"stem":33},"Scope with Presets","\u002Fguide\u002Fpresets","docs\u002F2.guide\u002F2.presets",{"title":35,"path":36,"stem":37},"Control Write Safety","\u002Fguide\u002Fapproval-control","docs\u002F2.guide\u002F3.approval-control",{"title":39,"path":40,"stem":41},"Commit Attribution","\u002Fguide\u002Fcommit-attribution","docs\u002F2.guide\u002F4.commit-attribution",{"title":43,"path":44,"stem":45},"Configure Token Scopes","\u002Fguide\u002Ftoken-permissions","docs\u002F2.guide\u002F5.token-and-permissions",{"title":47,"path":48,"stem":49},"Examples","\u002Fguide\u002Fexamples","docs\u002F2.guide\u002F6.examples",{"title":51,"path":52,"stem":53},"Durable workflows (Vercel Workflow)","\u002Fguide\u002Fdurable-workflows","docs\u002F2.guide\u002F7.durable-workflows",{"title":55,"path":56,"stem":7,"children":57,"page":21},"Api","\u002Fapi",[58,62],{"title":59,"path":60,"stem":61},"Tools Catalog","\u002Fapi\u002Ftools-catalog","docs\u002F3.api\u002F1.tools-catalog",{"title":63,"path":64,"stem":65},"API Reference","\u002Fapi\u002Freference","docs\u002F3.api\u002F2.reference",{"id":67,"title":43,"body":68,"description":353,"extension":354,"links":355,"meta":364,"navigation":365,"path":44,"seo":366,"stem":45,"__hash__":367},"docs\u002Fdocs\u002F2.guide\u002F5.token-and-permissions.md",{"type":69,"value":70,"toc":340},"minimark",[71,75,80,83,103,107,271,275,312,319,323],[72,73,74],"p",{},"Every tool call hits the GitHub REST API with the token you provide. Scoping that token correctly is the first line of defense.",[76,77,79],"h2",{"id":78},"create-a-fine-grained-token","Create a fine-grained token",[72,81,82],{},"Fine-grained personal access tokens let you restrict access per repository and per permission category. This is the recommended type for any production assistant.",[84,85,86,97,100],"ol",{},[87,88,89,90],"li",{},"Go to ",[91,92,96],"a",{"href":93,"rel":94},"https:\u002F\u002Fgithub.com\u002Fsettings\u002Fpersonal-access-tokens\u002Fnew",[95],"nofollow","github.com\u002Fsettings\u002Fpersonal-access-tokens\u002Fnew",[87,98,99],{},"Select only the repositories your agent needs",[87,101,102],{},"Enable permissions based on the preset you plan to use (see matrix below)",[76,104,106],{"id":105},"map-permissions-to-presets","Map permissions to presets",[108,109,110,138],"table",{},[111,112,113],"thead",{},[114,115,116,120,123,126,129,132,135],"tr",{},[117,118,119],"th",{},"Preset",[117,121,122],{},"Repository access",[117,124,125],{},"Contents",[117,127,128],{},"Pull requests",[117,130,131],{},"Issues",[117,133,134],{},"Actions",[117,136,137],{},"Administration",[139,140,141,167,195,218,241],"tbody",{},[114,142,143,150,153,158,161,163,165],{},[144,145,146],"td",{},[147,148,149],"code",{},"repo-explorer",[144,151,152],{},"selected repos",[144,154,155],{},[147,156,157],{},"read",[144,159,160],{},"—",[144,162,160],{},[144,164,160],{},[144,166,160],{},[114,168,169,174,176,180,189,191,193],{},[144,170,171],{},[147,172,173],{},"code-review",[144,175,152],{},[144,177,178],{},[147,179,157],{},[144,181,182,184,185,188],{},[147,183,157],{}," (or ",[147,186,187],{},"write"," for comments)",[144,190,160],{},[144,192,160],{},[144,194,160],{},[114,196,197,202,204,208,210,214,216],{},[144,198,199],{},[147,200,201],{},"issue-triage",[144,203,152],{},[144,205,206],{},[147,207,157],{},[144,209,160],{},[144,211,212],{},[147,213,187],{},[144,215,160],{},[144,217,160],{},[114,219,220,225,227,231,233,235,239],{},[144,221,222],{},[147,223,224],{},"ci-ops",[144,226,152],{},[144,228,229],{},[147,230,157],{},[144,232,160],{},[144,234,160],{},[144,236,237],{},[147,238,187],{},[144,240,160],{},[114,242,243,248,250,254,258,262,266],{},[144,244,245],{},[147,246,247],{},"maintainer",[144,249,152],{},[144,251,252],{},[147,253,187],{},[144,255,256],{},[147,257,187],{},[144,259,260],{},[147,261,187],{},[144,263,264],{},[147,265,187],{},[144,267,268,270],{},[147,269,187],{}," (for repo creation and forking)",[76,272,274],{"id":273},"apply-least-privilege-step-by-step","Apply least-privilege step by step",[276,277,279,284,295,299,302,306],"steps",{"level":278},"3",[280,281,283],"h3",{"id":282},"start-with-read-only","Start with read-only",[72,285,286,287,290,291,294],{},"Enable only ",[147,288,289],{},"contents: read"," and use ",[147,292,293],{},"preset: 'repo-explorer'",".",[280,296,298],{"id":297},"validate-in-staging","Validate in staging",[72,300,301],{},"Run the agent against a test repository and review all tool calls before adding write scopes.",[280,303,305],{"id":304},"add-writes-for-approved-operations","Add writes for approved operations",[72,307,308,309,294],{},"Enable write permissions only for the specific families you need, and combine with ",[91,310,311],{"href":36},"approval control",[313,314,315,316,294],"note",{},"Safest baseline: fine-grained token + narrow preset + ",[147,317,318],{},"requireApproval: true",[76,320,322],{"id":321},"external-references","External references",[324,325,326,333],"ul",{},[87,327,328],{},[91,329,332],{"href":330,"rel":331},"https:\u002F\u002Fdocs.github.com\u002Fen\u002Frest\u002Fauthentication\u002Fpermissions-required-for-fine-grained-personal-access-tokens",[95],"Fine-grained PAT permissions",[87,334,335],{},[91,336,339],{"href":337,"rel":338},"https:\u002F\u002Fdocs.github.com\u002Fen\u002Fauthentication\u002Fkeeping-your-account-and-data-secure\u002Fmanaging-your-personal-access-tokens",[95],"Managing personal access tokens",{"title":341,"searchDepth":342,"depth":342,"links":343},"",2,[344,345,346,352],{"id":78,"depth":342,"text":79},{"id":105,"depth":342,"text":106},{"id":273,"depth":342,"text":274,"children":347},[348,350,351],{"id":282,"depth":349,"text":283},3,{"id":297,"depth":349,"text":298},{"id":304,"depth":349,"text":305},{"id":321,"depth":342,"text":322},"Map GitHub token permissions to each preset and tool family.","md",[356,361],{"label":357,"icon":358,"to":36,"color":359,"variant":360},"Control write safety","i-lucide-shield-check","neutral","subtle",{"label":362,"icon":363,"to":60,"color":359,"variant":360},"Browse all tools","i-lucide-list-tree",{},true,{"title":43,"description":353},"db3Oa9RmrH2YEjiVUO8jdHwFTE3gpknt8JKXsRpFJWQ",[369,371],{"title":39,"path":40,"stem":41,"description":370,"children":-1},"Configure author, committer, and co-authorship for commits created by GitHub tools.",{"title":47,"path":48,"stem":49,"description":372,"children":-1},"Complete scripts and agent patterns you can copy and adapt.",1779365451999]