Source Available — Coming Soon

Your agents shouldn't
have the keys.
Neither should that intern.

A self-hosted git control plane built for teams that run AI agents every day. Mediated pushes. Policy enforcement at the transport layer. Credentials that stay server-side. Rules that actually hold.

Works with any agent that speaks git HTTP
Claude Code Cursor GitHub Copilot Workspace Devin Custom LLM agents CI/CD pipelines
The origin story

I've watched a junior dev git push --force to main on a Friday.
Heck — I was that junior dev once. Except I did it on a Saturday, because I have excellent timing.

Early in my career I knew just enough git to be dangerous. Force push felt like an eraser — it would fix things. It would. Then it didn't, and I spent a weekend explaining to my team why their commits had evaporated.

And it's not just force-push. The other failure mode is quieter: the pull request that never happens. Resolving a merge conflict means deciding whose code survives. When you can't tell why either version exists, that call is genuinely scary. So people skip the PR. Just this once. Then every time.

Building these tools I watched an agent do something worse. It found a UI bug — interactive cards rendering about 50 pixels below where the cursor landed. Fixed it. Put it on a branch. Then moved on to the API work it was actually supposed to be doing.

An hour later, from deep inside that API context, it looked at its branch list. The fix branch hadn't been merged. Looked stale. So the agent force-merged it, deleted the branch, and kept working — assuming its current in-progress state was the latest truth.

The cursor bug came back. The agent had no idea it even happened — its context had been compacted twice since the fix. I found out when I went to show someone how happy I was with it, and the cards just... drifted off, nowhere near my cursor. Meanwhile my agent was proudly working on APIs, probably quite certain it had saved me some trouble by cleaning up that "stale" branch. It had just merged over a bug it had just been praised for fixing, with no memory of either. I only caught it because I happened to test that flow again while I still remembered the fix existed. We don't always get that lucky. If a pull request had been required, the merge would have been an obvious, deliberate act — not something that disappeared quietly between tasks.

I've been building with AI agents as a core part of how I work for a few years now. I ship real production software with them. I think agentic development is the most significant shift in how software gets built since version control itself.

But agents inherit every bad git habit humans have, scaled up and running at 3am. The fix isn't to ban them. It's to stop handing out unguarded keys and enforce the rules at the transport layer — where they actually hold, for every client, whether it remembers to follow them or not.

RepoHarbor is that layer. I built it for myself. Now I'm sharing it because I think a lot of people are about to need it.

Joseph Dattilo, builder & technical founder, Date Palm Media LLC
What it does
🤖

Built for Coding Agents

Issue your agents a scoped git handle — exactly the repos and branches they need, nothing more. Credentials stay in RepoHarbor. Agents push through a guarded endpoint. A bad commit can't reach main because the policy says so.

🔒

PR Enforcement & Branch Protection

Require pull requests, block direct pushes to protected branches, reject force-pushes — enforced at the transport layer before anything reaches your repo. Applies to every client equally: the developer who skips PRs to avoid merge conflicts, and the agent that forgot it already fixed this on another branch an hour ago.

🗝

Credential Custody

Provider tokens live in RepoHarbor's encrypted store. Issue repo-scoped tokens to agents, revoke them instantly, rotate them without touching upstream credentials. No more secrets in env files that outlive the project.

📦

Portable by Design

Export your full instance — repos, workspaces, policies, and optionally encrypted credentials — as a single bundle. Migrate, back up, or bootstrap a new pod in minutes. Your data, your deployment, no lock-in.

🏠

Self-Hosted First

Docker Compose for local dev. Kubernetes + Helm for production. You control where it runs and who has access. A hosted tier is coming — but self-hosted will always be a first-class option.

📊

Operator Dashboard

Create workspaces, add repos, rotate tokens, set policy — every action is API-backed. Dashboard, CLI, and automation share the same contract. No magic that only works through the UI.

What it's not

RepoHarbor is not a GitHub replacement. It's not trying to be GitLab. It doesn't care about issues, project boards, or code review UI. It's a control plane — infrastructure that sits in front of your repositories and enforces the rules you set. Think of it like a bouncer, not a venue.

It's also not opinionated about which AI agent you use. Claude, GPT, Cursor, your own custom agent — if it speaks git, RepoHarbor can mediate it.

Who it's for

If you've ever cringed at a push notification, this is for you.

Developers building with AI agents

You run Claude or Cursor or a custom agent on real repos. You need it to be able to commit and push — but not to everything, and not without guardrails.

Small teams that move fast

You don't have a dedicated DevOps person configuring branch protection on every new repo. RepoHarbor gives you a single place to enforce it across all of them.

Platform & DevOps engineers

Deploy once, point your pipelines and agent integrations at it, and get a single choke point for git policy without modifying every downstream system.

Open source — soon

I build in public.

RepoHarbor will be open source. I'm opening it because the tooling for agentic development is still early and the community deserves to see, use, and improve it — I'm not interested in building a walled garden. The code isn't public yet; it's coming soon.

Commercial licensing and a hosted tier are coming too, but the core product will always be available to run yourself. Want in early? Join the waitlist and I'll reach out as access opens.

Join the waitlist
Source Available soon
Deployment Docker / Kubernetes
Backend Python / FastAPI
Status Active development
Common questions
Does this work with Claude Code, Cursor, or my custom agent?

If your agent can push to a git HTTP remote, it works with RepoHarbor — no special integration needed. Issue it a scoped token, point it at your RepoHarbor endpoint, and policy applies automatically.

Does my agent need to know it's going through a control plane?

No. From the agent's perspective it's just a git remote. RepoHarbor handles credential exchange and policy enforcement transparently.

What happens when an agent tries to force-push or push directly to main?

The push is rejected at the transport layer before it reaches the repo. The agent receives a standard git error. No special agent-side handling required.

Can I run this myself?

Soon. RepoHarbor will be open source — Docker Compose for local dev, Kubernetes and Helm for production, self-hosting always a first-class option. The code isn't public yet; for now, join the waitlist and I'll let you know the moment it's available.

Want in? Join the waitlist.

RepoHarbor is in active development, with the hosted tier and the source release opening soon. If this is something you'd use, get on the list and I'll reach out.

Join the waitlist