https://github.com/jaggzh/repo-verify-utils
Examine your repository access before giving it to AI agents and editors.
https://github.com/jaggzh/repo-verify-utils
Last synced: 3 months ago
JSON representation
Examine your repository access before giving it to AI agents and editors.
- Host: GitHub
- URL: https://github.com/jaggzh/repo-verify-utils
- Owner: jaggzh
- License: gpl-3.0
- Created: 2025-06-01T10:40:55.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-06-01T15:28:09.000Z (about 1 year ago)
- Last Synced: 2025-06-01T19:13:28.274Z (about 1 year ago)
- Language: Shell
- Size: 169 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-cli-apps-in-a-csv - repo-verify-utils - Utility collection to help examine what repositories and scopes yout GitHub identity has access to. (<a name="git"></a>Git and accessories)
- awesome-cli-apps - repo-verify-utils - Utility collection to help examine what repositories and scopes yout GitHub identity has access to. (<a name="git"></a>Git and accessories)
README
# repo-verify-utils
A utility collection to help examine what repositories and scopes your GitHub identity has access to.
---
## Overview
With the shift toward using agents, automation tools, cloud editors, etc. --
that act on your behalf -- you may be granting repository access to more than you
realize. This repository provides small, inspectable utilities that help
you see what repos your credentials can access — including repos you don't own
but can still affect.
It’s designed to be simple, transparent, and shell-native.
Initial utilities are focused on GitHub (and use bash) and assume you’re using
a `GH_TOKEN` with appropriate API access, and `GH_LOGIN` set to
your username).

---
## Issues:
- The $GH_TOKEN display in commands is supposed to be redacted, but it's not working --
**SO DON'T PASTE YOUR OUTPUT FROM THESE SCRIPTS TO OTHER PEOPLE**
- I just set this up. We probably need to reference the shell script location
so it will source its utility routines scripts from the proper paths. **For
now, run the scripts from here in your clone of the repo.**
- Need to make a `-C` option so piping will retain `jq` syntax highlighting.
---
## Example: List Repos You Can Access but Don’t Own
```bash
github/github--list--repos-affiliated--not-mine | less
```
**Tip**: use `bat` instead of `less` if you want color to go across lines
## Example: List Repos You Own
```bash
github/github--list--repos-affiliated--mine | less
```
---
## Usage
Clone or symlink this repo and run utilities directly. You can either:
### Option 1: Run in place
```bash
git clone https://github.com/yourname/repo-verify-utils.git
cd repo-verify-utils/github
export GH_TOKEN=ghp_yourTokenHere
export GH_LOGIN=yourusername
./github--list--repos-affiliated--not-mine
```
### Option 2: Symlink into your `$PATH`
```bash
ln -s ~/repo-verify-utils/github/github--list--repos-affiliated--not-mine ~/bin/
github--list--repos-affiliated--not-mine
```
---
## Files
* `ansi.sh`:
Color/formatting utility functions used across scripts.
* `repofns.sh`: Helper functions including:
- Color print helpers (`asection`, `awarn`, etc.)
- `github_env_verify` – checks if `GH_TOKEN` and `GH_LOGIN` are set
* `github/github--list--repos-affiliated--mine`:
Lists all affiliated GitHub repos that **you own**.
* `github/github--list--repos-affiliated--not-mine`:
Lists all affiliated GitHub repos that **you do not own**, i.e., where you're
a collaborator or org member.
* `github/zz--set-env--GH_LOGIN--to-your-username`:
Convenience script for setting the `GH_LOGIN` environment variable.
* `github/zz--set-env--GH_TOKEN`:
Convenience script for setting the `GH_TOKEN` environment variable.
---
## Requirements
* Bash (for now)
* `curl`
* `jq`
* (optional but recommended) [`bat`](https://github.com/sharkdp/bat) for colorized output
---
## Goals
* Help users explore what repos their token/identity can modify or access
* Make GitHub API interaction easy and safe to inspect
* Avoid accidental exposure or unintended permissions
* Encourage review of OAuth app scopes and access boundaries
---
## Future Plans (chatgpt made this up):
* Add support for org/team listings
* Classify access by permission level (push/admin/etc.)
* Add GitHub Apps / OAuth audit helpers
* Optional HTML/JSON output modes