GitHub

Sesame uses GitHub Personal Access Tokens (PAT) to access your repositories. This approach gives you full control over permissions and works with both personal accounts and organizations.

Why Personal Access Tokens?

Unlike OAuth-based integrations, PATs offer several advantages:

• Granular permissions: Choose exactly which repositories and actions to allow
• Organization support: Works seamlessly with organization repositories
• No app installation: No need to install a GitHub App on your account or org
• Easy revocation: Revoke access anytime from your GitHub settings

Creating a Personal Access Token

Step 1: Go to GitHub Token Settings

Visit github.com/settings/tokens and click "Generate new token". Choose "Fine-grained token" for better security, or "Classic token" for simplicity.

Step 2: Configure Token Settings

For Fine-grained tokens (recommended):

1. Give your token a descriptive name (e.g., "Sesame")
2. Set an expiration date (90 days recommended)
3. Under Repository access, select:
   • "All repositories" for full access, or
   • "Only select repositories" to limit access
4. Under Permissions, grant:
   • Contents: Read and write (to read/write code)
   • Pull requests: Read and write (to create PRs)
   • Metadata: Read-only (required for all tokens)

For Classic tokens:

Select these scopes:

• repo - Full control of private repositories
• Or public_repo - Access to public repositories only

Step 3: Generate and Copy

Click "Generate token" and copy the token immediately. You won't be able to see it again.

Adding Your Token to Sesame

1. Click your avatar in the top-right corner
2. Select "GitHub PAT" from the dropdown
3. Paste your token and click "Save PAT"

Sesame validates the token against GitHub's API before saving. If validation fails, double-check that you copied the entire token.

Token Security

Your token is encrypted at rest using AES-256 encryption. Sesame never logs or exposes your token in plain text.

To revoke access:

1. Remove the token from Sesame (click "Remove PAT" in the dialog)
2. Delete the token from GitHub's token settings

Troubleshooting

"Invalid GitHub PAT" error

• Ensure you copied the entire token (it starts with ghp_ for classic or github_pat_ for fine-grained)
• Check that the token hasn't expired
• Verify the token has the required permissions

Can't see organization repositories

For fine-grained tokens:

• Ensure the token was created with access to the organization
• The organization may need to approve fine-grained PAT access in organization settings

For classic tokens:

• Enable SSO for the token if your organization uses SAML SSO

Rate limiting

GitHub has API rate limits. If you encounter rate limiting:

• Wait a few minutes before retrying
• Consider using a fine-grained token scoped to specific repositories

Commit Attribution

When you connect your GitHub PAT, Sesame uses your GitHub identity for all commits made by agents. This means:

• Commits appear under your name in the git history
• Your GitHub profile is linked to the commits
• Contribution graphs reflect work done via Sesame

Sesame fetches your GitHub username and uses GitHub's noreply email format (username@users.noreply.github.com) to protect your real email address while still linking commits to your profile.

If no PAT is connected, commits are attributed to "Sesame Agent" (agent@sesame.works).

Co-authored-by Trailer

By default, Sesame adds a Co-authored-by trailer to commit messages to indicate AI assistance:

Add user authentication feature

Co-authored-by: Sesame <agent@sesame.works>

This can be disabled in the admin settings. See Settings for details.

Quick Links

• Create a new classic token
• Create a new fine-grained token
• Manage existing tokens
• GitHub PAT documentation