Skip to content
Security & Privacy

Safe by design, not by promise

ForgeFeed never sees your GitHub password or personal access tokens. It authenticates as a GitHub App and acts only within the repository access you explicitly grant.

No credential handling

GitHub passwords and personal access tokens are never requested or stored. Linking uses GitHub's official GitHub App flow.

Verified linking

An installation binds to a server only after the installer proves they control it, using a single-use, 15-minute code redeemed in Discord.

Least privilege

The bot runs with minimal Discord permissions and does not read message content. Admin actions reply privately (ephemerally).

Server isolation

All data is scoped per-server. One server can never see or affect another's repositories, trackers, or configuration.

Hardened surface

Webhook signatures are cryptographically verified, embed content is sanitized against injection, and web endpoints are rate-limited.

Scoped access, revocable

ForgeFeed acts only within the repository access you grant, and it can be revoked any time from GitHub or with /unlinkgithub.

How linking works

Ownership, proven, then linked

Linking uses GitHub's official GitHub App flow plus an ownership check, so an install can only ever be bound by the person who performed it.

  1. 1

    Install the GitHub App

    An admin runs /linkgithub and installs ForgeFeed on the account or org they control, choosing exactly which repositories it can access.

  2. 2

    GitHub proves ownership

    GitHub confirms the installer controls that installation and returns a single-use, 15-minute code, shown only to the person who completed the install.

  3. 3

    Redeem inside Discord

    The admin redeems the code with /confirmlink in the server they want linked. A forwarded install link can never bind someone else's repositories to your server.

Because the code is shown only to the person who completed the install and is redeemed inside Discord by a server admin, a shared or forwarded install link can never bind someone else's repositories to your server, or yours to theirs. Access can be revoked any time from GitHub or with /unlinkgithub.

Under the hood

How delivery stays reliable and verified

GitHub App tokens

Per-installation tokens (5,000 req/hr each) are minted on demand and cached. Short-lived signed app tokens are used only to request them, never your credentials.

Verified webhooks

Real-time updates arrive over GitHub webhooks. Every payload is cryptographically verified before it is processed.

Reconciling scheduler

A periodic catch-up pass reconciles anything a missed webhook delivery would have dropped, so nothing is ever silently lost.

Smart multi-account routing

When a server links several installations, ForgeFeed selects the installation that owns each repo, so personal and org repos are fetched with the right credentials.

Runtime: Node.js 24, discord.js v14, Express, and MySQL/MariaDB. Trackers that repeatedly fail are auto-paused and the owner is notified; API rate limits are respected with adaptive back-off.

Bring your repos in, on your terms.

Grant exactly the repositories you choose, revoke anytime, and keep full control from GitHub.