GitHub Tools
Guide

Tokens and Authentication

Authenticate GitHub tools with fine-grained PATs or Vercel Connect — map token permissions to each preset and apply least privilege.

Every tool call hits the GitHub API with the token you provide. Scoping that token correctly is the first line of defense. You have two main options: a fine-grained personal access token you manage yourself, or short-lived tokens minted by Vercel Connect.

Align GitHub PAT with tool presets

Create a fine-grained token

Fine-grained personal access tokens let you restrict access per repository and per permission category. This is the recommended type for any production assistant.

  1. Go to github.com/settings/personal-access-tokens/new
  2. Select only the repositories your agent needs
  3. Enable permissions based on the preset you plan to use (see matrix below)

Map permissions to presets

PresetRepository accessContentsPull requestsIssuesActionsAdministration
repo-explorerselected reposread
code-reviewselected reposreadread (or write for comments)
issue-triageselected reposreadwrite
ci-opsselected reposreadwrite
maintainerselected reposwritewritewritewritewrite (for repo creation and forking)

Mint tokens with Vercel Connect

For agents deployed on Vercel, Vercel Connect replaces long-lived PATs entirely. You attach a GitHub connector (a Vercel-managed GitHub App) to your project, and your server code requests a short-lived, scoped token at runtime — no secret to store, rotate, or leak.

Create a GitHub connector

Create a connector from the Vercel dashboard (or vercel connect in the CLI) with the type github, then install it on the GitHub organization or user account your agent needs, selecting the repositories to expose.

Link the connector to the Vercel project that runs your agent. On Vercel, the SDK authenticates automatically with the deployment's OIDC token. For local development, run vercel link then vercel env pull to get a development OIDC token.

Request a token at runtime

Install @vercel/connect and call getToken with the permissions your preset needs, then pass the result as token:

connect-token.ts
import { getToken } from '@vercel/connect'
import { createGithubTools } from '@github-tools/sdk'
import { generateText } from 'ai'

const token = await getToken('github/my-connector', {
  subject: { type: 'app' },
  scopes: ['contents:read', 'pull_requests:read'],
})

const { text } = await generateText({
  model: 'anthropic/claude-sonnet-4.6',
  tools: createGithubTools({ token, preset: 'code-review' }),
  prompt: 'Summarize the open PRs on my-org/my-repo.',
})

Call getToken per request rather than caching the string yourself — the SDK keeps an in-process cache and refreshes tokens as they approach expiry. For multi-tenant connectors (one connector installed on several GitHub organizations), pass installationId to target a specific installation.

Why Connect over a PAT

Fine-grained PATVercel Connect
LifetimeUntil expiry/revocationShort-lived, auto-refreshed
StorageEnv var / secret managerNothing to store — minted at runtime
ScopingSet once at creationPer-request scopes and repositories
Multi-tenantOne token per orgOne connector, many installations
RotationManualAutomatic
Roadmapeve agents will resolve per-session GitHub tokens through eve connections (auth: 'eve') backed by Vercel Connect, so each user of your agent authorizes their own GitHub access. For now, pass token explicitly as shown above.

Apply least-privilege step by step

Start with read-only

Enable only contents: read and use preset: 'repo-explorer'.

Validate in staging

Run the agent against a test repository and review all tool calls before adding write scopes.

Add writes for approved operations

Enable write permissions only for the specific families you need, and combine with approval control.

Safest baseline: fine-grained token (or Connect-minted token) + narrow preset + requireApproval: true.

External references