Safe by design, not by promise
ForgeFeed never sees your GitHub password or personal access tokens. It authenticates as a GitHub App and acts only within the repository access you explicitly grant.
No credential handling
GitHub passwords and personal access tokens are never requested or stored. Linking uses GitHub's official GitHub App flow.
Verified linking
An installation binds to a server only after the installer proves they control it, using a single-use, 15-minute code redeemed in Discord.
Least privilege
The bot runs with minimal Discord permissions and does not read message content. Admin actions reply privately (ephemerally).
Server isolation
All data is scoped per-server. One server can never see or affect another's repositories, trackers, or configuration.
Hardened surface
Webhook signatures are cryptographically verified, embed content is sanitized against injection, and web endpoints are rate-limited.
Scoped access, revocable
ForgeFeed acts only within the repository access you grant, and it can be revoked any time from GitHub or with /unlinkgithub.
Ownership, proven, then linked
Linking uses GitHub's official GitHub App flow plus an ownership check, so an install can only ever be bound by the person who performed it.
- 1
Install the GitHub App
An admin runs /linkgithub and installs ForgeFeed on the account or org they control, choosing exactly which repositories it can access.
- 2
GitHub proves ownership
GitHub confirms the installer controls that installation and returns a single-use, 15-minute code, shown only to the person who completed the install.
- 3
Redeem inside Discord
The admin redeems the code with /confirmlink in the server they want linked. A forwarded install link can never bind someone else's repositories to your server.
Because the code is shown only to the person who completed the install and is redeemed inside Discord by a server admin, a shared or forwarded install link can never bind someone else's repositories to your server, or yours to theirs. Access can be revoked any time from GitHub or with /unlinkgithub.
How delivery stays reliable and verified
GitHub App tokens
Per-installation tokens (5,000 req/hr each) are minted on demand and cached. Short-lived signed app tokens are used only to request them, never your credentials.
Verified webhooks
Real-time updates arrive over GitHub webhooks. Every payload is cryptographically verified before it is processed.
Reconciling scheduler
A periodic catch-up pass reconciles anything a missed webhook delivery would have dropped, so nothing is ever silently lost.
Smart multi-account routing
When a server links several installations, ForgeFeed selects the installation that owns each repo, so personal and org repos are fetched with the right credentials.
Runtime: Node.js 24, discord.js v14, Express, and MySQL/MariaDB. Trackers that repeatedly fail are auto-paused and the owner is notified; API rate limits are respected with adaptive back-off.
Bring your repos in, on your terms.
Grant exactly the repositories you choose, revoke anytime, and keep full control from GitHub.