@cybernetyx1/atlasflow-github 0.1.0

package/LICENSE

@@ -0,0 +1,18 @@
+PROPRIETARY SOFTWARE LICENSE
+
+Copyright (c) 2026 Cybernetyx. All rights reserved.
+
+This software and its source code are the proprietary and confidential property
+of the copyright holder. The software is original work authored independently.
+
+No part of this software may be copied, reproduced, modified, published,
+distributed, sublicensed, or sold in any form or by any means without the prior
+written permission of the copyright holder, except as expressly permitted by a
+separate written agreement.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,39 @@
+# @cybernetyx1/atlasflow-github
+
+GitHub REST tools and persona slot bindings for AtlasFlow agents — read repos, PRs, issues, and files, or post guarded review output.
+
+## Install
+
+```sh
+pnpm add @cybernetyx1/atlasflow-github
+```
+
+Part of the AtlasFlow monorepo. Proprietary.
+
+## Usage
+
+`githubTools(options)` returns the raw GitHub tools for an agent. `githubBinding(options)` returns a persona binding that resolves a token from the environment (fine-grained PAT, GitHub App installation token, or Actions token) and fills the `github` manifest slot.
+
+```ts
+import { githubTools } from "@cybernetyx1/atlasflow-github";
+
+// Direct: pass a token and default owner/repo.
+const tools = githubTools({
+  token: process.env.GITHUB_TOKEN,
+  owner: "cybernetyx",
+  repo: "atlasflow",
+});
+```
+
+```ts
+import { githubBinding } from "@cybernetyx1/atlasflow-github";
+
+// Persona slot binding: resolves the token from env at runtime.
+const binding = githubBinding({ tokenEnv: "GITHUB_TOKEN", slot: "github" });
+```
+
+Also exported: `githubToolBinding`, `createGitHubClient`, `createGitHubAppJwt`, `resolveGitHubAppInstallationToken`, `resolveGitHubTokenFromEnv`, the `GitHubApiError` class, and the `GitHubToolsOptions` / `GitHubEnvBindingOptions` types.
+
+## License
+
+Proprietary. © 2026 Cybernetyx. See LICENSE.

package/dist/index.d.ts

@@ -0,0 +1,95 @@
+import { PersonaBindings, PersonaToolsBinding, RawTool } from '@cybernetyx1/atlasflow-runtime';
+
+interface GitHubToolsOptions {
+    /** Fine-grained PAT, GitHub App installation token, or Actions token. */
+    token?: string;
+    /** Defaults used when a tool call omits owner/repo. */
+    owner?: string;
+    repo?: string;
+    /** Override for GitHub Enterprise Server. Defaults to https://api.github.com. */
+    baseUrl?: string;
+    /** REST API version header. Defaults to the current public GitHub API version. */
+    apiVersion?: string;
+    userAgent?: string;
+    fetch?: typeof fetch;
+    headers?: Record<string, string>;
+    /** Per-file patch/content safety caps for model-facing responses. */
+    maxPatchChars?: number;
+    maxFileContentChars?: number;
+}
+interface GitHubEnvBindingOptions extends Omit<GitHubToolsOptions, "token" | "owner" | "repo"> {
+    tokenEnv?: string;
+    owner?: string;
+    repo?: string;
+    ownerEnv?: string;
+    repoEnv?: string;
+    appId?: string;
+    appIdEnv?: string;
+    appPrivateKey?: string;
+    appPrivateKeyEnv?: string;
+    appJwt?: string;
+    appJwtEnv?: string;
+    installationId?: string;
+    installationIdEnv?: string;
+    /** Manifest slot satisfied by these tools. Defaults to "github". */
+    slot?: string;
+}
+interface GitHubAppJwtOptions {
+    appId: string | number;
+    privateKey: string;
+    /** Test hook; defaults to Date.now(). */
+    nowMs?: number;
+}
+interface GitHubAppInstallationTokenOptions {
+    appId?: string | number;
+    privateKey?: string;
+    jwt?: string;
+    installationId?: string;
+    owner?: string;
+    repo?: string;
+    repositories?: string[];
+    permissions?: Record<string, string>;
+    baseUrl?: string;
+    apiVersion?: string;
+    userAgent?: string;
+    fetch?: typeof fetch;
+    headers?: Record<string, string>;
+    nowMs?: number;
+}
+interface GitHubTokenEnvOptions extends Omit<GitHubAppInstallationTokenOptions, "appId" | "privateKey" | "jwt" | "installationId" | "owner" | "repo"> {
+    tokenEnv?: string;
+    owner?: string;
+    repo?: string;
+    ownerEnv?: string;
+    repoEnv?: string;
+    appId?: string;
+    appIdEnv?: string;
+    appPrivateKey?: string;
+    appPrivateKeyEnv?: string;
+    appJwt?: string;
+    appJwtEnv?: string;
+    installationId?: string;
+    installationIdEnv?: string;
+}
+declare class GitHubApiError extends Error {
+    status: number;
+    code: string;
+    details?: unknown | undefined;
+    constructor(status: number, code: string, message: string, details?: unknown | undefined);
+}
+interface GitHubRequestOptions {
+    method?: string;
+    accept?: string;
+    body?: unknown;
+}
+declare function createGitHubClient(options?: GitHubToolsOptions): {
+    request: <T>(path: string, requestOptions?: GitHubRequestOptions) => Promise<T>;
+};
+declare function createGitHubAppJwt(options: GitHubAppJwtOptions): Promise<string>;
+declare function resolveGitHubAppInstallationToken(options: GitHubAppInstallationTokenOptions): Promise<string>;
+declare function resolveGitHubTokenFromEnv(env: Record<string, unknown>, options?: GitHubTokenEnvOptions): Promise<string | undefined>;
+declare function githubTools(options?: GitHubToolsOptions): RawTool[];
+declare function githubToolBinding(options?: GitHubEnvBindingOptions): PersonaToolsBinding;
+declare function githubBinding(options?: GitHubEnvBindingOptions): PersonaBindings;
+
+export { GitHubApiError, type GitHubAppInstallationTokenOptions, type GitHubAppJwtOptions, type GitHubEnvBindingOptions, type GitHubTokenEnvOptions, type GitHubToolsOptions, createGitHubAppJwt, createGitHubClient, githubBinding, githubToolBinding, githubTools, resolveGitHubAppInstallationToken, resolveGitHubTokenFromEnv };

package/dist/index.js

@@ -0,0 +1,465 @@
+// src/index.ts
+import { rawTool } from "@cybernetyx1/atlasflow-runtime";
+var GitHubApiError = class extends Error {
+  constructor(status, code, message, details) {
+    super(message);
+    this.status = status;
+    this.code = code;
+    this.details = details;
+    this.name = "GitHubApiError";
+  }
+  status;
+  code;
+  details;
+};
+var DEFAULT_API_VERSION = "2026-03-10";
+var DEFAULT_BASE_URL = "https://api.github.com";
+var DEFAULT_MAX_PATCH_CHARS = 12e3;
+var DEFAULT_MAX_FILE_CONTENT_CHARS = 2e4;
+function stringParam(value, name) {
+  if (typeof value !== "string" || value.trim() === "") throw new Error(`${name} is required`);
+  return value;
+}
+function numberParam(value, name) {
+  if (typeof value !== "number" || !Number.isInteger(value) || value < 1) throw new Error(`${name} must be a positive integer`);
+  return value;
+}
+function optionalNumber(value, fallback, name) {
+  if (value === void 0 || value === null) return fallback;
+  return numberParam(value, name);
+}
+function resolveRepo(options, args) {
+  return {
+    owner: stringParam(args.owner ?? options.owner, "owner"),
+    repo: stringParam(args.repo ?? options.repo, "repo")
+  };
+}
+function enc(value) {
+  return encodeURIComponent(String(value));
+}
+function truncate(text, max) {
+  return text.length > max ? `${text.slice(0, max)}
+... [truncated ${text.length - max} chars]` : text;
+}
+function json(data) {
+  return JSON.stringify(data);
+}
+function decodeBase64(input) {
+  const normalized = input.replace(/\s+/g, "");
+  const binary = typeof globalThis.atob === "function" ? globalThis.atob(normalized) : Buffer.from(normalized, "base64").toString("binary");
+  const bytes = Uint8Array.from(binary, (ch) => ch.charCodeAt(0));
+  return new TextDecoder().decode(bytes);
+}
+function createGitHubClient(options = {}) {
+  const doFetch = options.fetch ?? fetch;
+  const base = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
+  async function request(path, requestOptions = {}) {
+    const res = await doFetch(`${base}${path}`, {
+      method: requestOptions.method ?? "GET",
+      headers: {
+        accept: requestOptions.accept ?? "application/vnd.github+json",
+        "content-type": "application/json",
+        "user-agent": options.userAgent ?? "atlasflow-github",
+        "x-github-api-version": options.apiVersion ?? DEFAULT_API_VERSION,
+        ...options.token ? { authorization: `Bearer ${options.token}` } : {},
+        ...options.headers
+      },
+      body: requestOptions.body === void 0 ? void 0 : JSON.stringify(requestOptions.body)
+    });
+    const contentType = res.headers.get("content-type") ?? "";
+    const data = contentType.includes("json") ? await res.json().catch(() => void 0) : await res.text();
+    if (!res.ok) {
+      const error = typeof data === "object" && data ? data : void 0;
+      throw new GitHubApiError(res.status, "github_request_failed", error?.message ?? res.statusText, data);
+    }
+    return data;
+  }
+  return { request };
+}
+async function createGitHubAppJwt(options) {
+  const subtle = globalThis.crypto?.subtle;
+  if (!subtle) throw new Error("GitHub App JWT signing requires Web Crypto subtle support.");
+  const now = Math.floor((options.nowMs ?? Date.now()) / 1e3);
+  const header = base64UrlEncodeString(JSON.stringify({ alg: "RS256", typ: "JWT" }));
+  const payload = base64UrlEncodeString(JSON.stringify({ iat: now - 60, exp: now + 9 * 60, iss: String(options.appId) }));
+  const data = `${header}.${payload}`;
+  const key = await subtle.importKey("pkcs8", privateKeyPemToPkcs8(options.privateKey), { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, false, ["sign"]);
+  const signature = await subtle.sign("RSASSA-PKCS1-v1_5", key, new TextEncoder().encode(data));
+  return `${data}.${base64UrlEncodeBytes(new Uint8Array(signature))}`;
+}
+async function resolveGitHubAppInstallationToken(options) {
+  const jwt = options.jwt ?? (options.appId !== void 0 && options.privateKey ? await createGitHubAppJwt({ appId: options.appId, privateKey: options.privateKey, nowMs: options.nowMs }) : void 0);
+  if (!jwt) throw new Error("GitHub App auth requires jwt or appId + privateKey.");
+  const client = createGitHubClient({
+    token: jwt,
+    baseUrl: options.baseUrl,
+    apiVersion: options.apiVersion,
+    userAgent: options.userAgent ?? "atlasflow-github-app",
+    fetch: options.fetch,
+    headers: options.headers
+  });
+  const installationId = options.installationId ?? (options.owner && options.repo ? String((await client.request(`/repos/${enc(options.owner)}/${enc(options.repo)}/installation`)).id ?? "") : void 0);
+  if (!installationId) throw new Error("GitHub App auth requires installationId or owner + repo to resolve the installation.");
+  const repositories = options.repositories ?? (options.repo ? [options.repo] : void 0);
+  const body = {
+    ...repositories?.length ? { repositories } : {},
+    ...options.permissions ? { permissions: options.permissions } : {}
+  };
+  const token = await client.request(`/app/installations/${enc(installationId)}/access_tokens`, {
+    method: "POST",
+    body
+  });
+  if (typeof token.token !== "string" || !token.token) throw new Error("GitHub App installation token response did not include a token.");
+  return token.token;
+}
+async function resolveGitHubTokenFromEnv(env, options = {}) {
+  const token = readEnv(env, options.tokenEnv ?? "GITHUB_TOKEN", false);
+  if (token) return token;
+  const owner = options.owner ?? readEnv(env, options.ownerEnv ?? "GITHUB_OWNER", false);
+  const repo = options.repo ?? readEnv(env, options.repoEnv ?? "GITHUB_REPO", false);
+  const appId = options.appId ?? readEnv(env, options.appIdEnv ?? "GITHUB_APP_ID", false);
+  const privateKey = options.appPrivateKey ?? readEnv(env, options.appPrivateKeyEnv ?? "GITHUB_APP_PRIVATE_KEY", false);
+  const jwt = options.appJwt ?? readEnv(env, options.appJwtEnv ?? "GITHUB_APP_JWT", false);
+  const installationId = options.installationId ?? readEnv(env, options.installationIdEnv ?? "GITHUB_INSTALLATION_ID", false);
+  if (!jwt && (!appId || !privateKey)) return void 0;
+  return resolveGitHubAppInstallationToken({
+    ...options,
+    owner,
+    repo,
+    appId,
+    privateKey,
+    jwt,
+    installationId
+  });
+}
+function githubTools(options = {}) {
+  const client = createGitHubClient(options);
+  const maxPatchChars = options.maxPatchChars ?? DEFAULT_MAX_PATCH_CHARS;
+  const maxFileContentChars = options.maxFileContentChars ?? DEFAULT_MAX_FILE_CONTENT_CHARS;
+  return [
+    rawTool({
+      name: "github_get_pull_request",
+      description: "Fetch pull request metadata from GitHub.",
+      parameters: schema(
+        {
+          owner: stringSchema("Repository owner. Optional when bound by the workspace."),
+          repo: stringSchema("Repository name. Optional when bound by the workspace."),
+          pull_number: integerSchema("Pull request number.")
+        },
+        ["pull_number"]
+      ),
+      execute: async (args) => {
+        const { owner, repo } = resolveRepo(options, args);
+        const pullNumber = numberParam(args.pull_number, "pull_number");
+        const pr = await client.request(`/repos/${enc(owner)}/${enc(repo)}/pulls/${enc(pullNumber)}`);
+        return json({
+          number: pr.number,
+          title: pr.title,
+          body: pr.body,
+          state: pr.state,
+          draft: pr.draft,
+          merged: pr.merged,
+          author: pr.user?.login,
+          head: pr.head,
+          base: pr.base,
+          additions: pr.additions,
+          deletions: pr.deletions,
+          changed_files: pr.changed_files,
+          html_url: pr.html_url
+        });
+      }
+    }),
+    rawTool({
+      name: "github_list_pull_request_files",
+      description: "List files changed by a pull request, including truncated patches when GitHub provides them.",
+      parameters: schema(
+        {
+          owner: stringSchema("Repository owner. Optional when bound by the workspace."),
+          repo: stringSchema("Repository name. Optional when bound by the workspace."),
+          pull_number: integerSchema("Pull request number."),
+          per_page: integerSchema("Results per page, max 100."),
+          page: integerSchema("Page number.")
+        },
+        ["pull_number"]
+      ),
+      execute: async (args) => {
+        const { owner, repo } = resolveRepo(options, args);
+        const pullNumber = numberParam(args.pull_number, "pull_number");
+        const perPage = Math.min(optionalNumber(args.per_page, 100, "per_page"), 100);
+        const page = optionalNumber(args.page, 1, "page");
+        const files = await client.request(
+          `/repos/${enc(owner)}/${enc(repo)}/pulls/${enc(pullNumber)}/files?per_page=${enc(perPage)}&page=${enc(page)}`
+        );
+        return json({
+          files: files.map((file) => ({
+            filename: file.filename,
+            status: file.status,
+            additions: file.additions,
+            deletions: file.deletions,
+            changes: file.changes,
+            previous_filename: file.previous_filename,
+            raw_url: file.raw_url,
+            blob_url: file.blob_url,
+            patch: typeof file.patch === "string" ? truncate(file.patch, maxPatchChars) : void 0
+          }))
+        });
+      }
+    }),
+    rawTool({
+      name: "github_get_issue",
+      description: "Fetch issue or pull request timeline metadata from the GitHub Issues API.",
+      parameters: schema(
+        {
+          owner: stringSchema("Repository owner. Optional when bound by the workspace."),
+          repo: stringSchema("Repository name. Optional when bound by the workspace."),
+          issue_number: integerSchema("Issue or pull request number.")
+        },
+        ["issue_number"]
+      ),
+      execute: async (args) => {
+        const { owner, repo } = resolveRepo(options, args);
+        const issueNumber = numberParam(args.issue_number, "issue_number");
+        const issue = await client.request(`/repos/${enc(owner)}/${enc(repo)}/issues/${enc(issueNumber)}`);
+        return json({
+          number: issue.number,
+          title: issue.title,
+          body: issue.body,
+          state: issue.state,
+          author: issue.user?.login,
+          labels: issue.labels,
+          assignees: issue.assignees,
+          pull_request: issue.pull_request,
+          html_url: issue.html_url
+        });
+      }
+    }),
+    rawTool({
+      name: "github_list_issue_comments",
+      description: "List comments on a GitHub issue or pull request conversation.",
+      parameters: schema(
+        {
+          owner: stringSchema("Repository owner. Optional when bound by the workspace."),
+          repo: stringSchema("Repository name. Optional when bound by the workspace."),
+          issue_number: integerSchema("Issue or pull request number."),
+          per_page: integerSchema("Results per page, max 100."),
+          page: integerSchema("Page number.")
+        },
+        ["issue_number"]
+      ),
+      execute: async (args) => {
+        const { owner, repo } = resolveRepo(options, args);
+        const issueNumber = numberParam(args.issue_number, "issue_number");
+        const perPage = Math.min(optionalNumber(args.per_page, 50, "per_page"), 100);
+        const page = optionalNumber(args.page, 1, "page");
+        const comments = await client.request(
+          `/repos/${enc(owner)}/${enc(repo)}/issues/${enc(issueNumber)}/comments?per_page=${enc(perPage)}&page=${enc(page)}`
+        );
+        return json({
+          comments: comments.map((comment) => ({
+            id: comment.id,
+            author: comment.user?.login,
+            body: comment.body,
+            created_at: comment.created_at,
+            updated_at: comment.updated_at,
+            html_url: comment.html_url
+          }))
+        });
+      }
+    }),
+    rawTool({
+      name: "github_create_issue_comment",
+      description: "Create a timeline comment on a GitHub issue or pull request.",
+      parameters: schema(
+        {
+          owner: stringSchema("Repository owner. Optional when bound by the workspace."),
+          repo: stringSchema("Repository name. Optional when bound by the workspace."),
+          issue_number: integerSchema("Issue or pull request number."),
+          body: stringSchema("Markdown comment body.")
+        },
+        ["issue_number", "body"]
+      ),
+      execute: async (args) => {
+        const { owner, repo } = resolveRepo(options, args);
+        const issueNumber = numberParam(args.issue_number, "issue_number");
+        const body = stringParam(args.body, "body");
+        const comment = await client.request(`/repos/${enc(owner)}/${enc(repo)}/issues/${enc(issueNumber)}/comments`, {
+          method: "POST",
+          body: { body }
+        });
+        return json({ id: comment.id, html_url: comment.html_url, body: comment.body });
+      }
+    }),
+    rawTool({
+      name: "github_get_file",
+      description: "Fetch and decode a file from a repository using the GitHub Contents API.",
+      parameters: schema(
+        {
+          owner: stringSchema("Repository owner. Optional when bound by the workspace."),
+          repo: stringSchema("Repository name. Optional when bound by the workspace."),
+          path: stringSchema("File path inside the repository."),
+          ref: stringSchema("Branch, tag, or commit SHA.")
+        },
+        ["path"]
+      ),
+      execute: async (args) => {
+        const { owner, repo } = resolveRepo(options, args);
+        const filePath = stringParam(args.path, "path");
+        const ref = typeof args.ref === "string" && args.ref ? `?ref=${enc(args.ref)}` : "";
+        const content = await client.request(`/repos/${enc(owner)}/${enc(repo)}/contents/${filePath.split("/").map(enc).join("/")}${ref}`);
+        if (content.type !== "file" || typeof content.content !== "string") throw new Error(`GitHub content is not a file: ${filePath}`);
+        return json({
+          path: content.path,
+          sha: content.sha,
+          size: content.size,
+          html_url: content.html_url,
+          content: truncate(decodeBase64(content.content), maxFileContentChars)
+        });
+      }
+    }),
+    rawTool({
+      name: "github_create_pull_request_review",
+      description: "Create a GitHub pull request review summary, optionally with diff-position comments.",
+      parameters: schema(
+        {
+          owner: stringSchema("Repository owner. Optional when bound by the workspace."),
+          repo: stringSchema("Repository name. Optional when bound by the workspace."),
+          pull_number: integerSchema("Pull request number."),
+          body: stringSchema("Review body in Markdown."),
+          event: {
+            type: "string",
+            enum: ["COMMENT", "APPROVE", "REQUEST_CHANGES"],
+            description: "Review event. COMMENT is safest for automated reviews."
+          },
+          commit_id: stringSchema("Specific commit SHA to review."),
+          comments: {
+            type: "array",
+            description: "Optional diff-position review comments.",
+            items: {
+              type: "object",
+              properties: {
+                path: stringSchema("Changed file path."),
+                position: integerSchema("Diff position, not file line number."),
+                body: stringSchema("Comment body.")
+              },
+              required: ["path", "position", "body"],
+              additionalProperties: false
+            }
+          }
+        },
+        ["pull_number", "body", "event"]
+      ),
+      execute: async (args) => {
+        const { owner, repo } = resolveRepo(options, args);
+        const pullNumber = numberParam(args.pull_number, "pull_number");
+        const body = stringParam(args.body, "body");
+        const event = stringParam(args.event, "event");
+        if (!["COMMENT", "APPROVE", "REQUEST_CHANGES"].includes(event)) throw new Error("event must be COMMENT, APPROVE, or REQUEST_CHANGES");
+        const review = await client.request(`/repos/${enc(owner)}/${enc(repo)}/pulls/${enc(pullNumber)}/reviews`, {
+          method: "POST",
+          body: {
+            body,
+            event,
+            ...typeof args.commit_id === "string" && args.commit_id ? { commit_id: args.commit_id } : {},
+            ...Array.isArray(args.comments) ? { comments: args.comments } : {}
+          }
+        });
+        return json({ id: review.id, state: review.state, html_url: review.html_url, body: review.body });
+      }
+    })
+  ];
+}
+function githubToolBinding(options = {}) {
+  return async ({ env }) => {
+    const owner = options.owner ?? readEnv(env, options.ownerEnv ?? "GITHUB_OWNER", false);
+    const repo = options.repo ?? readEnv(env, options.repoEnv ?? "GITHUB_REPO", false);
+    return githubTools({
+      ...options,
+      token: await resolveGitHubTokenFromEnv(env, { ...options, owner, repo }),
+      owner,
+      repo
+    });
+  };
+}
+function githubBinding(options = {}) {
+  const slot = options.slot ?? "github";
+  return { toolSlots: { [slot]: githubToolBinding(options) } };
+}
+function readEnv(env, name, required) {
+  const value = env[name];
+  if (typeof value === "string" && value) return value;
+  if (required) throw new Error(`${name} is required for GitHub tools`);
+  return void 0;
+}
+function stringSchema(description) {
+  return { type: "string", description };
+}
+function integerSchema(description) {
+  return { type: "integer", minimum: 1, description };
+}
+function schema(properties, required) {
+  return {
+    type: "object",
+    properties,
+    required,
+    additionalProperties: false
+  };
+}
+function base64UrlEncodeString(input) {
+  return base64UrlEncodeBytes(new TextEncoder().encode(input));
+}
+function base64UrlEncodeBytes(input) {
+  return bytesToBase64(input).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function bytesToBase64(input) {
+  let binary = "";
+  for (const byte of input) binary += String.fromCharCode(byte);
+  if (typeof globalThis.btoa === "function") return globalThis.btoa(binary);
+  return Buffer.from(input).toString("base64");
+}
+function base64ToBytes(input) {
+  const binary = typeof globalThis.atob === "function" ? globalThis.atob(input) : Buffer.from(input, "base64").toString("binary");
+  return Uint8Array.from(binary, (ch) => ch.charCodeAt(0));
+}
+function privateKeyPemToPkcs8(pem) {
+  const normalized = pem.replace(/\\n/g, "\n");
+  const der2 = base64ToBytes(normalized.replace(/-----BEGIN [^-]+-----/g, "").replace(/-----END [^-]+-----/g, "").replace(/\s+/g, ""));
+  if (/-----BEGIN RSA PRIVATE KEY-----/.test(normalized)) return pkcs1ToPkcs8(der2);
+  return der2;
+}
+function pkcs1ToPkcs8(pkcs1) {
+  const version = Uint8Array.from([2, 1, 0]);
+  const rsaAlgorithm = Uint8Array.from([48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]);
+  return der(48, concatBytes(version, rsaAlgorithm, der(4, pkcs1)));
+}
+function der(tag, body) {
+  return concatBytes(Uint8Array.from([tag]), derLength(body.length), body);
+}
+function derLength(length) {
+  if (length < 128) return Uint8Array.from([length]);
+  const bytes = [];
+  let n = length;
+  while (n > 0) {
+    bytes.unshift(n & 255);
+    n >>= 8;
+  }
+  return Uint8Array.from([128 | bytes.length, ...bytes]);
+}
+function concatBytes(...parts) {
+  const out = new Uint8Array(parts.reduce((sum, part) => sum + part.length, 0));
+  let offset = 0;
+  for (const part of parts) {
+    out.set(part, offset);
+    offset += part.length;
+  }
+  return out;
+}
+export {
+  GitHubApiError,
+  createGitHubAppJwt,
+  createGitHubClient,
+  githubBinding,
+  githubToolBinding,
+  githubTools,
+  resolveGitHubAppInstallationToken,
+  resolveGitHubTokenFromEnv
+};

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@cybernetyx1/atlasflow-github",
+  "version": "0.1.0",
+  "description": "GitHub REST tools and bindings for AtlasFlow agents.",
+  "type": "module",
+  "license": "SEE LICENSE IN LICENSE",
+  "author": "Cybernetyx",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Cybernetyx/atlasflow.git",
+    "directory": "packages/github"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@cybernetyx1/atlasflow-runtime": "0.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.0",
+    "tsup": "^8.3.5",
+    "typescript": "^5.7.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit",
+    "test": "node --import tsx --test test/*.test.ts"
+  }
+}