GitHub Tools now issues short-lived, scoped GitHub tokens at runtime via Vercel Connect, using the new @github-tools/sdk/connect subpath. No personal access token is stored, rotated, or exposed. The token is minted from a connector at call time and carries only the permissions the active toolset requires.
Three built-in presets, code-review, issue-triage, and maintainer, map automatically to the correct Connect scopes. Multi-tenant deployments can override installationId, repositories, or scopes per call to isolate access. On Vercel, authentication is handled via OIDC with zero configuration. Local development requires only vercel link and vercel env pull.
The full implementation details, including how connectGithubToken returns a lazy token provider for custom tool factories, and how a single file in agent/tools/ registers the complete toolset via the eve integration, are in the official documentation at github-tools.com. That wiring is worth reading before you build.
[READ ORIGINAL →]