git integration — now live

Your agent ships code.
Your rules decide what merges.

AgentBlocks gives your AI agents scoped, short-lived Git credentials to push commits, open PRs, and manage branches — with deterministic approval rules you define. Zero long-lived tokens. Full audit trail. Every push accounted for.

Get your API key → Read the docs
zsh — agent workflow
# Agent requests a push to feature branch
$ agentblocks git push --repo acme/backend --branch feat/auth-flow
[ab] ✓ auto-approved — matches rule: feature/* branches
[ab] issuing scoped token (ttl: 60s, scope: push:feat/auth-flow)
[ab] ✓ pushed 3 commits to feat/auth-flow
[ab] token revoked. audit id: ab_7f3k9x2

# Agent requests a push to main — requires human review
$ agentblocks git push --repo acme/backend --branch main
[ab] ⏳ pending review — rule: main requires approval
[ab] notification sent to #eng-approvals on Slack
the problem

Agents with your SSH key is a
production incident waiting to happen

Most agent frameworks tell you to "just add your GitHub token". That's not a solution. That's a liability.

risk

Long-lived PATs

Personal access tokens with broad repo scope sitting in environment variables. One leak and every repo is exposed.

risk

No branch protection

Your agent has the same push permissions you do. Nothing stops it from force-pushing to main at 3am.

risk

Invisible operations

No audit trail. No log of what was pushed, when, or why. When something breaks, you're grep-ing git reflog.

risk

Runaway commits

Agent stuck in a loop? That's 400 commits to your repo before anyone notices. Good luck with that revert.

what your agent can do

Three operations. Fully gated.

Every Git action your agent needs, with the controls it shouldn't be without.

git push

Push commits

Your agent pushes to any branch you allow. Scoped token issued on approval, revoked on completion. 60-second TTL by default.

git pr

Open pull requests

Agent opens PRs with title, description, and reviewers. Auto-assign labels based on your rules. Keeps your workflow intact.

git branch

Manage branches

Create feature branches, delete stale ones, checkout and switch. Branch naming conventions enforced by your rules.

approval rules

You write the rules. We enforce them.

Deterministic. Not probabilistic. Your rules evaluate on every request, every time, with zero ambiguity.

AGENT REQUEST

Push to docs/*

Documentation branch commits

AUTO-APPROVE
AGENT REQUEST

Push to feat/*

Feature branch development

AUTO-APPROVE
AGENT REQUEST

Open PR to develop

Pull request targeting develop

HUMAN REVIEW
AGENT REQUEST

Push to main

Direct push to production branch

BLOCKED
credential model

Ephemeral tokens. Least privilege.
No exceptions.

Your agent never sees a long-lived credential. Every token is scoped to the exact operation and revoked on completion.

Short-lived tokens

60-second TTL by default. Tokens are generated per-action and automatically revoked after execution completes.

Minimal scope

Token scoped to the specific repo, branch, and operation. A push token to feat/x can't read main.

Rate limiting

Cap pushes per agent, per repo, per hour. A stuck loop hits the ceiling and stops — not your on-call.

Full audit log

Every request, rule evaluation, token issuance, and execution logged with timestamp and agent ID. Queryable via API.

Approval routing

Route review requests to Slack, email, or WhatsApp. Approve from wherever you are. Reject with one tap.

Zero persistence

No credentials stored in your codebase, env vars, or CI config. Tokens exist only in memory, only during execution.

configuration

Declare your rules. Ship your agents.

Define approval rules in YAML. AgentBlocks enforces them on every request. No middleware. No custom code.

agentblocks.yaml
git:
  rules:
    - action: push
      branch: "docs/*"
      auto_approve: true

    - action: push
      branch: "feat/*"
      auto_approve: true

    - action: push
      branch: "main"
      auto_approve: false
      notify: "slack:#eng"

  rate_limit:
    max_pushes: 20
    per: "hour"
    token_ttl: "60s"
audit.log
14:32:01 [INFO] request from agent-7f3
14:32:01 [INFO] action: push to feat/auth
14:32:01 [PASS] rule: feat/* auto-approve
14:32:01 [INFO] token issued (60s ttl)
14:32:03 [DONE] 3 commits pushed
14:32:03 [INFO] token revoked

14:45:12 [INFO] request from agent-7f3
14:45:12 [INFO] action: push to main
14:45:12 [HOLD] rule: main requires review
14:45:12 [INFO] notified slack:#eng
why this matters

The alternative is duct tape

Compare giving your agent raw credentials versus routing through AgentBlocks.

Raw PAT / SSH key
AgentBlocks
Token lifetime
Months / never expires
60 seconds
Scope
All repos, all branches
Single repo + branch
Branch protection
Relies on GitHub settings
Enforced per-request
Rate limiting
None
Configurable per agent
Audit trail
git log (maybe)
Full API-queryable log
Human approval
Not possible
Per-branch, per-action
get started

Stop handing your agent the keys to the repo

Set up scoped Git access for your agents in under 5 minutes. Define your rules, deploy your agents, sleep at night.

Get your API key →
$ pip install agentblocks