HN Showcase
Back to browse
GitHub Repository
1 starsTypeScript

GitRails-Let agents call only the GitHub endpoints and params you allow

by maxaw·Apr 24, 2026·1 point·2 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainSolve My Problem

Regex-param filtering locks agents to specific paths without full repo access.

Strengths
  • Regex param matching allows path-level scoping beyond standard OAuth scopes.
  • Key separation lets trusted agents provision untrusted ones safely.
  • HTTP proxy design works with any agent capable of network calls.
Weaknesses
  • Only 21 endpoints supported currently, limiting utility for complex workflows.
  • Shared rate-limit budget across all agents could cause contention issues.
Category
Security
Target Audience

Developers building AI agents, security engineers managing AI access

Similar To

GitHub Apps · MCP Servers

Post Description

This is a proxy over the GitHub API. The aim is to make it easy to provide untrusted agents very fine-grained access to GitHub. To test it, you can install the GitHub app, receive a principal key, and point a trusted agent at the README.md with the key and ask it to help you configure keys and permissions for untrusted agents, which can then call the proxied endpoints. It is open source and a work in progress :)

Similar Projects

Security●●Solid

Solution for Prompt Injection of AI Agents

Execution firewall for AI agents before prompt injection causes real damage.

Big BrainBold Bet
prudhvinomos
302mo ago