Manual fallback

Validate a GitHub token without storing it.

Use this fallback when the GitHub App production credentials are not configured yet. The app checks the token against GitHub once, lists recent repositories, and keeps the 24/7 path on the safer GitHub App flow.

Create fine-grained token Achievement Lab

Token arrives

Submitted once to a serverless route over HTTPS.

Access inspected

GitHub returns identity and writable repositories.

Artifact written

One transparent developer journal commit, never hidden.

Token discarded

No database insert, no session storage, no long-lived credential.

Fallback execution path

Manual GitHub Access

No token storage

GitHub usernameFine-grained tokenSent once over HTTPS for validation. It is not saved by this app.

Manual mode limits

Manual tokens are useful for local testing and one-off validation. For real 24/7 production, GitHub Active should use the GitHub App flow so Netlify can mint short-lived installation tokens.

Least privilege

Recommended token scope

Repository access

Only selected repositories

Repository permissions

Contents: Read and write, Metadata: Read

Expiration

Short expiration, rotate regularly