name: github-manager
description: Expert GitHub operations manager with comprehensive repository, PR, issue, and workflow management capabilities, plus secret detection to prevent credential leaks. Use this skill when performing any GitHub operation including creating/managing PRs, issues, repositories, workflows, releases, checking GitHub authentication status, or scanning commits for secrets. Handles all GitHub CLI operations with safety checks, user confirmations for destructive operations, secret detection before commits/PRs, and multi-account awareness. Trigger phrases include "create a PR", "scan for secrets", "check for API keys", "list my issues", "check GitHub status", "merge this PR", or any phrase mentioning GitHub entities (repo, PR, issue, workflow, release).

GitHub Manager

Expert GitHub operations manager mastering repository, pull request, issue, workflow, and release management through GitHub CLI. Provides comprehensive GitHub capabilities with built-in safety protocols, secret detection to prevent credential leaks, user confirmations for destructive operations, and multi-account handling.

Core Capabilities

1. Authentication & Account Management

Display current logged-in user, available accounts, authentication status, and token scopes. Switch between GitHub accounts when multiple are configured. Verify account permissions before operations.

Key Operations:
- Check authentication status and current user
- List available GitHub accounts
- Verify token scopes and permissions
- Switch between accounts when needed

2. Repository Operations

Create, clone, and delete repositories. Manage repository settings (visibility, description, topics). Archive/unarchive repositories. Fork repositories. Manage repository secrets and variables.

Key Operations:
- Create new repositories (public/private)
- Clone existing repositories
- Delete repositories (with confirmation)
- Update repository settings
- Manage repository secrets/variables
- Archive/unarchive repositories

3. Pull Request Management

Create PRs with templates and auto-assignment. List, view, and filter PRs by status/author/labels. Review PRs (approve, request changes, comment). Merge PRs with different strategies. Close or reopen PRs. Manage PR labels, assignees, reviewers. Check PR status and CI/CD checks.

Key Operations:
- Create pull requests with detailed descriptions
- List and filter pull requests
- Review pull requests (approve/request changes/comment)
- Merge pull requests (merge/squash/rebase strategies)
- Manage PR metadata (labels, assignees, reviewers)
- Check PR CI/CD status

4. Issue Management

Create, edit, and close issues. List and filter issues. Manage issue labels, assignees, milestones. Convert issues to PRs. Link issues and PRs.

Key Operations:
- Create new issues with templates
- List and filter issues by various criteria
- Update issue status and metadata
- Convert issues to pull requests
- Link related issues and PRs

5. Branch Management

List branches (local and remote). Create and delete branches. Set default branch. Protect branches with rules. View branch protection status.

Key Operations:
- List all branches (local and remote)
- Create new branches
- Delete branches (with confirmation)
- Configure branch protection rules
- Set repository default branch

6. Workflow & Actions

List workflow runs. Trigger workflows manually. View workflow logs. Cancel running workflows. Re-run failed workflows.

Key Operations:
- List GitHub Actions workflow runs
- Trigger manual workflow dispatches
- View workflow logs and details
- Cancel running workflows
- Re-run failed or specific workflow runs

7. Release Management

Create and manage releases. Upload release assets. List releases. Delete releases.

Key Operations:
- Create new releases with tags
- Upload release assets
- List all releases
- Delete releases (with confirmation)

8. Secret Detection & Prevention

Scan code for secrets before commits and PRs to prevent credential leaks. Detect 100+ secret patterns including API keys, passwords, tokens, private keys, and credentials using gitleaks.

Key Operations:
- Scan staged files before commits
- Scan commits before creating PRs
- Detect API keys, tokens, passwords, private keys
- Provide remediation guidance for found secrets
- Block dangerous operations with confirmation workflow

Safety & Confirmation Workflow

Always follow this pattern for destructive operations:

1. Pre-flight Check: Display current state and what will change
2. Ask Confirmation: Use AskUserQuestion for approval (unless user explicitly requested with --force)
3. Execute: Perform the operation only after approval
4. Verify: Show the result and confirm success

Operations Requiring Confirmation

• Deleting repositories, branches, or releases
• Merging or closing PRs
• Changing repository visibility
• Modifying branch protection rules
• Force operations (force push, etc.)
• Bulk operations
• Proceeding with commits/PRs when secrets are detected

Operations NOT Requiring Confirmation

• Listing/viewing information
• Creating drafts
• Checking status
• Viewing logs
• Read-only operations

Workflow Patterns

Always Start With Context

Before any operation:
1. Show current GitHub user via gh auth status
2. Display relevant current state (e.g., current branch, open PRs)
3. Clarify the operation scope

Creating a Pull Request

# 1. Show context
gh auth status
git status
git branch --show-current
gh pr list

# 2. Scan for secrets in commits
gitleaks detect --source . --log-level info --verbose

# If secrets found:
# - Display findings with file:line locations
# - Ask confirmation via AskUserQuestion:
#   "Secrets detected in your code. How would you like to proceed?"
#   Options:
#   - Abort and fix secrets (recommended)
#   - Show remediation steps
#   - Proceed anyway (not recommended for public repos)

# 3. Create PR with details (only if no secrets OR user confirmed)
gh pr create --title "..." --body "..." --base main

# 4. Show result
gh pr view

Deleting a Branch (Requires Confirmation)

# 1. Show what exists
gh repo view
git branch -a | grep branch-name

# 2. Ask confirmation via AskUserQuestion
# "Are you sure you want to delete branch 'feature-x'?"
# Options: Yes / No

# 3. Execute if approved
gh api repos/:owner/:repo/git/refs/heads/branch-name -X DELETE

# 4. Verify
git branch -a | grep branch-name || echo "Branch deleted successfully"

Merging a Pull Request

# 1. Show PR details and checks
gh pr view <number> --json title,state,isDraft,mergeable,statusCheckRollup

# 2. Ask confirmation if checks are passing
# Show: Title, Status, Checks, Merge strategy
# Ask: "Merge this PR with squash strategy?"

# 3. Execute merge
gh pr merge <number> --squash

# 4. Verify and show result
gh pr view <number>

Scanning for Secrets Before Commit

# 1. Check what will be committed
git status
git diff --staged

# 2. Scan staged files for secrets
gitleaks protect --staged --verbose

# If no secrets found:
# - Proceed with commit

# If secrets found:
# - Display each finding with file:line:secret-type
# - Ask confirmation via AskUserQuestion:
#   "Detected secrets in staged files. How would you like to proceed?"
#   Options:
#   - Abort commit (recommended)
#   - Show remediation steps
#   - Add files to .gitleaksignore
#   - Unstage files with secrets

# 3. If abort chosen, show remediation
# Example remediation steps:
# - Remove hardcoded secrets from code
# - Use environment variables instead
# - Add sensitive files to .gitignore
# - Use git secret or similar tools
# - Rotate exposed credentials if already committed

Scanning Specific Files or Commits

# Scan specific file
gitleaks detect --source /path/to/file --no-git

# Scan last N commits
gitleaks detect --log-opts="--since=1.week"

# Scan specific commit range
gitleaks detect --log-opts="commit1..commit2"

# Scan with custom config
gitleaks detect --config .gitleaks.toml

Remediation After Secret Detection

When secrets are detected, follow this remediation workflow:

# 1. Unstage files with secrets
git reset HEAD <file-with-secret>

# 2. Remove secret from code
# Option A: Use environment variable
# Before: api_key = "sk-abc123xyz"
# After:  api_key = os.getenv('API_KEY')

# Option B: Use configuration file (in .gitignore)
# Before: password = "mypassword"
# After:  password = config.get('password')  # config.json in .gitignore

# Option C: Use secret management tool
# - AWS Secrets Manager
# - HashiCorp Vault
# - GitHub Secrets (for Actions)

# 3. Add to .gitignore if needed
echo "config/secrets.json" >> .gitignore
echo ".env" >> .gitignore

# 4. If secret already committed to history
# WARNING: This rewrites history - coordinate with team
git filter-branch --force --index-filter \
  "git rm --cached --ignore-unmatch <file-with-secret>" \
  --prune-empty --tag-name-filter cat -- --all

# 5. Rotate the exposed credential
# - Generate new API key/password
# - Revoke old credential
# - Update in secure location

Multi-Account Handling

When multiple GitHub accounts are detected:
1. Always display active account at start
2. Ask which account to use if ambiguous
3. Suggest switching accounts if current lacks permissions

# Check all authenticated accounts
gh auth status

# Switch account if needed
gh auth switch

Error Handling

Parse gh error messages and provide clear explanations with suggested fixes:

Common Issues:
- Permission Denied: Check token scopes, verify account has access
- Resource Not Found: Verify repository/PR/issue exists, check spelling
- Rate Limiting: Wait and retry, or use different account
- Merge Conflicts: Show conflict details, suggest resolution steps
- Failed Checks: Display failing checks, link to logs

Error Response Pattern:

ERROR: <Brief description>

Details: <What went wrong>

Suggested Action: <How to fix>

Intelligent Defaults

• Use repository defaults when available (default branch, PR template)
• Infer PR base branch from current branch name patterns
• Auto-detect PR reviewers from CODEOWNERS
• Suggest labels based on branch name or commit messages
• Default to squash merge for feature branches

Response Format

Always structure responses as:

1. Current State: Show what exists now
2. Proposed Action: Explain what will happen
3. Confirmation (if needed): Ask for approval via AskUserQuestion
4. Result: Show outcome and next steps

Example:

Current State:
- Logged in as: [email protected]
- Current branch: feature/add-login
- Open PRs: 0

Proposed Action:
Create pull request:
- Title: "Add user login functionality"
- Base: main
- Head: feature/add-login

[Execute operation]

Result:
✅ Pull request created: #123
URL: https://github.com/owner/repo/pull/123

Next Steps:
- Request reviews: gh pr edit 123 --add-reviewer username
- Check CI status: gh pr checks 123

Commands Reference

Core Commands Used

• gh auth status - Check authentication
• gh auth switch - Switch accounts
• gh repo * - Repository operations
• gh pr * - Pull request operations
• gh issue * - Issue operations
• gh workflow * - GitHub Actions workflows
• gh release * - Release management
• gh api - Direct GitHub API access for advanced operations
• gitleaks detect - Scan for secrets in commits and files
• gitleaks protect - Scan staged files before commit

Key Command Patterns

List with filtering:

gh pr list --state open --author @me
gh issue list --label bug --assignee username
gh workflow list --all

View with JSON output:

gh pr view 123 --json title,state,mergeable,statusCheckRollup
gh repo view --json name,description,visibility,defaultBranchRef

Create with options:

gh pr create --title "..." --body "..." --base main --reviewer username
gh issue create --title "..." --body "..." --label bug --assignee @me

Integration with Git Operations

Coordinate with local git operations:
- Check local branch state before remote operations
- Sync local/remote state after GitHub operations
- Warn about divergence between local and remote
- Suggest git operations when GitHub operations need local changes

Example:

# Before creating PR, ensure branch is pushed
git status
git push -u origin feature-branch

# Then create PR
gh pr create --fill

Proactive Behavior

Proactively check for and suggest:
- Scanning for secrets before commits and PRs (priority security check)
- Common issues (no commits on branch, no PR description, etc.)
- Creating issues from TODO comments in code
- Branch cleanup for merged PRs
- Outdated branches or stale PRs
- Relevant labels, reviewers, or assignees based on repository patterns
- Rotating credentials if secrets are detected in history

Anti-Patterns to Avoid

• ❌ Never perform destructive operations without confirmation
• ❌ Never skip secret scanning before commits/PRs to public repositories
• ❌ Never assume account/repository context without verifying
• ❌ Never create PRs without showing a summary first
• ❌ Never merge PRs without showing checks and review status
• ❌ Never delete resources without showing what will be deleted
• ❌ Never use git commands for GitHub operations (use gh CLI instead)
• ❌ Never proceed with detected secrets without user confirmation

Quick Reference Examples

Check Authentication

gh auth status

Create Pull Request

# With interactive prompts
gh pr create

# With all details
gh pr create \
  --title "Add new feature" \
  --body "Description here" \
  --base main \
  --reviewer username \
  --label feature

Merge Pull Request

# Show PR details first
gh pr view 123

# Merge with strategy
gh pr merge 123 --squash

Create Issue

gh issue create \
  --title "Bug: Login fails" \
  --body "Steps to reproduce..." \
  --label bug \
  --assignee @me

Trigger Workflow

# List workflows
gh workflow list

# Run workflow
gh workflow run workflow-name.yml

Manage Repository

# View repository
gh repo view

# Update repository settings
gh api repos/:owner/:repo -X PATCH \
  -f description="New description" \
  -f private=false

Scan for Secrets

# Scan staged files before commit
gitleaks protect --staged --verbose

# Scan entire repository
gitleaks detect --source . --verbose

# Scan specific file
gitleaks detect --source path/to/file --no-git

# Scan with custom configuration
gitleaks detect --config .gitleaks.toml

Resources

This skill uses the GitHub CLI (gh) for GitHub operations and gitleaks for secret detection. Ensure both are installed:

# Install GitHub CLI
brew install gh

# Authenticate
gh auth login

# Verify
gh auth status

# Install gitleaks (for secret detection)
brew install gitleaks

# Verify gitleaks
gitleaks version

Additional Resources:
- See references/gh-commands.md for comprehensive GitHub CLI command reference
- See references/secret-detection.md for detailed secret detection patterns and remediation guidance