feat: Add GitHub token support for reviewing private repositories.

Author: sng-asyncfunc

npx/README.md

@@ -35,6 +35,23 @@ export GEMINI_API_KEY=your_key
 npx asyncreview review --url <url> -q "Review this"
 ```
 
+## GitHub Token (For Private Repos)
+
+For private repositories, you'll need to provide a GitHub token. The token can be provided in three ways (in order of priority):
+
+1. `--github-token <token>` flag
+2. `GITHUB_TOKEN` environment variable
+3. Interactive prompt (optional, if neither above is set)
+
+```bash
+# Using --github-token flag
+npx asyncreview review --url <url> -q "Review this" --github-token YOUR_GITHUB_TOKEN
+
+# Using environment variable
+export GITHUB_TOKEN=your_token
+npx asyncreview review --url <url> -q "Review this"
+```
+
 ## Options
 
 | Option | Description |
@@ -45,6 +62,7 @@ npx asyncreview review --url <url> -q "Review this"
 | `--quiet` | Suppress progress output |
 | `-m, --model <model>` | Model to use (default: gemini-3-pro-preview) |
 | `--api <key>` | Gemini API key |
+| `--github-token <token>` | GitHub token for private repos |
 
 ## Examples
 
@@ -60,6 +78,9 @@ npx asyncreview review -u https://github.com/org/repo/pull/123 -q "Document thes
 
 # Scripting with JSON
 npx asyncreview review -u https://github.com/org/repo/pull/123 -q "Review" --quiet -o json | jq .answer
+
+# Private repository review
+npx asyncreview review -u https://github.com/org/private-repo/pull/456 -q "Review this" --github-token ghp_xxxxxxxxxxxx
 ```
 
 ## License

npx/package-lock.json

@@ -1,6 +1,6 @@
 {
     "name": "asyncreview",
-    "version": "0.2.0",
+    "version": "0.3.0",
     "description": "AI-powered GitHub PR/Issue reviews from the command line",
     "type": "module",
     "bin": {

npx/package.json

@@ -1,5 +1,5 @@
 /**
- * API key management - handles env vars, CLI flags, and interactive prompts
+ * API key and GitHub token management - handles env vars, CLI flags, and interactive prompts
  */
 
 import inquirer from 'inquirer';
@@ -40,3 +40,39 @@ export async function getApiKey(cliApiKey?: string): Promise<string> {
 
     return answers.apiKey;
 }
+
+export async function getGitHubToken(cliToken?: string, requireToken: boolean = false): Promise<string> {
+    // 1. Check --github-token flag first (highest priority)
+    if (cliToken) {
+        return cliToken;
+    }
+
+    // 2. Check environment variable
+    const envToken = process.env.GITHUB_TOKEN;
+    if (envToken) {
+        return envToken;
+    }
+
+    // 3. If not required, return empty string (for public repos)
+    if (!requireToken) {
+        return '';
+    }
+
+    // 4. No token found but required - prompt user
+    console.log(chalk.yellow('\n⚠️  No GitHub token found.\n'));
+    console.log(chalk.dim('A GitHub token is required for private repositories.'));
+    console.log(chalk.dim('You can set it via:'));
+    console.log(chalk.dim('  • --github-token <token> flag'));
+    console.log(chalk.dim('  • GITHUB_TOKEN environment variable\n'));
+
+    const answers = await inquirer.prompt([
+        {
+            type: 'password',
+            name: 'githubToken',
+            message: 'Enter your GitHub token (or press Enter to skip):',
+            mask: '•',
+        },
+    ]);
+
+    return answers.githubToken || '';
+}

npx/src/api-key.ts

@@ -4,7 +4,7 @@
 
 import chalk from 'chalk';
 import ora from 'ora';
-import { getApiKey } from './api-key.js';
+import { getApiKey, getGitHubToken } from './api-key.js';
 import {
     checkPython,
     checkAsyncReviewInstalled,
@@ -19,10 +19,11 @@ export interface ReviewOptions {
     quiet?: boolean;
     model?: string;
     api?: string;
+    githubToken?: string;
 }
 
 export async function runReview(options: ReviewOptions): Promise<void> {
-    const { url, question, output, quiet = false, model, api } = options;
+    const { url, question, output, quiet = false, model, api, githubToken } = options;
 
     try {
         // 1. Check Python availability
@@ -63,7 +64,10 @@ export async function runReview(options: ReviewOptions): Promise<void> {
         // 3. Get API key
         const apiKey = await getApiKey(api);
 
-        // 4. Run the review
+        // 4. Get GitHub token (optional for public repos)
+        const ghToken = await getGitHubToken(githubToken, false);
+
+        // 5. Run the review
         if (!quiet) {
             console.log(chalk.cyan(`\n🔍 Reviewing: ${url}`));
             console.log(chalk.dim(`   Question: ${question}\n`));
@@ -76,6 +80,7 @@ export async function runReview(options: ReviewOptions): Promise<void> {
             quiet,
             model,
             apiKey,
+            githubToken: ghToken,
         });
 
         // In quiet mode, we suppressed stdout during execution

npx/src/cli.ts

@@ -23,6 +23,7 @@ program
     .option('--quiet', 'Suppress progress output')
     .option('-m, --model <model>', 'Model to use (e.g. gemini-3-pro-preview)')
     .option('--api <key>', 'Gemini API key (defaults to GEMINI_API_KEY env var)')
+    .option('--github-token <token>', 'GitHub token for private repos (defaults to GITHUB_TOKEN env var)')
     .action(async (options) => {
         await runReview(options);
     });

npx/src/index.ts

@@ -158,6 +158,7 @@ export interface RunOptions {
     quiet: boolean;
     model?: string;
     apiKey: string;
+    githubToken?: string;
 }
 
 /**
@@ -205,6 +206,7 @@ export async function runPythonReview(options: RunOptions): Promise<string> {
             env: {
                 ...process.env,
                 GEMINI_API_KEY: options.apiKey,
+                ...(options.githubToken && { GITHUB_TOKEN: options.githubToken }),
                 PYTHONPATH: pythonPath,
                 // Ensure we don't inherit conflicting python env vars
                 VIRTUAL_ENV: path.dirname(path.dirname(pythonCmd))

npx/src/python-runner.ts

@@ -19,13 +19,17 @@ Use this skill when the user:
 ## How to use this skill
 
 1. **Check prerequisites** — Verify `GEMINI_API_KEY` is set
-2. **Get the PR/Issue URL** — Ask user if not provided
-3. **Formulate a question** — Convert user's request into a specific question
-4. **Run the review command** — Execute `npx asyncreview review --url <URL> -q "<question>"`
-5. **Present the results** — Share the AI's findings with sources
+2. **Check if repo is private** — Use `gh repo view` to determine if `GITHUB_TOKEN` is required
+3. **Set GITHUB_TOKEN if needed** — Use `gh auth token` for private repos
+4. **Get the PR/Issue URL** — Ask user if not provided
+5. **Formulate a question** — Convert user's request into a specific question
+6. **Run the review command** — Execute `npx asyncreview review --url <URL> -q "<question>"`
+7. **Present the results** — Share the AI's findings with sources
 
 ## Prerequisites
 
+### 1. Check for `GEMINI_API_KEY` (Required)
+
 **Before running any command, check for `GEMINI_API_KEY`:**
 
 ```bash
@@ -40,6 +44,103 @@ Then set it:
 export GEMINI_API_KEY="user-provided-key"
 ```
 
+### 2. Check if Repository is Private (Critical)
+
+**IMPORTANT:** Before reviewing a PR/Issue, you MUST check if the repository is private. If it is, `GITHUB_TOKEN` is **REQUIRED**.
+
+#### Step 1: Extract owner and repo from URL
+
+From a URL like `https://github.com/owner/repo/pull/123`, extract:
+- owner: `owner`
+- repo: `repo`
+
+#### Step 2: Check repository visibility
+
+**Option A: Using GitHub CLI (if available)**
+
+```bash
+gh repo view owner/repo --json isPrivate -q '.isPrivate'
+```
+
+**Option B: Without GitHub CLI (using curl)**
+
+```bash
+# Try to access the repo via GitHub API without authentication
+curl -s -o /dev/null -w "%{http_code}" https://api.github.com/repos/owner/repo
+```
+
+**Possible outcomes:**
+- **With `gh`:**
+  - `true` → Repository is **private**, `GITHUB_TOKEN` is **REQUIRED**
+  - `false` → Repository is **public**, `GITHUB_TOKEN` is **optional**
+  - Error (e.g., "not found") → May indicate private repo without auth, or repo doesn't exist
+
+- **With `curl`:**
+  - `200` → Repository is **public**, `GITHUB_TOKEN` is **optional** (but recommended for higher rate limits)
+  - `404` → Repository is **private** or doesn't exist, `GITHUB_TOKEN` is **REQUIRED**
+  - `403` → Rate limited, need `GITHUB_TOKEN`
+
+#### Step 3: If private, ensure `GITHUB_TOKEN` is set
+
+```bash
+# Check if GITHUB_TOKEN is already set
+echo $GITHUB_TOKEN
+```
+
+If empty or not set, obtain it using one of these methods:
+
+**Option A: Using GitHub CLI (if available)**
+
+```bash
+# Get token from GitHub CLI (must be authenticated with `gh auth login` first)
+export GITHUB_TOKEN=$(gh auth token)
+
+# Verify it's set
+echo $GITHUB_TOKEN
+```
+
+If `gh auth token` fails, authenticate first:
+
+```bash
+gh auth login
+```
+
+**Option B: Without GitHub CLI (create token via web)**
+
+1. Go to GitHub: https://github.com/settings/tokens
+2. Click **"Generate new token"** → **"Generate new token (classic)"**
+3. Give it a descriptive name (e.g., "AsyncReview CLI")
+4. Select scopes:
+   - ✅ `repo` (Full control of private repositories)
+5. Click **"Generate token"**
+6. Copy the token (you won't see it again!)
+7. Set it in your terminal:
+
+```bash
+export GITHUB_TOKEN="ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+# Verify it's set
+echo $GITHUB_TOKEN
+```
+
+**Security tip:** For better security, consider creating a fine-grained token with minimal permissions:
+- Go to: https://github.com/settings/personal-access-tokens/new
+- Select specific repositories
+- Grant only "Contents" read permission
+
+**Then run the review with the token:**
+
+```bash
+npx asyncreview review --url <URL> -q "question" --github-token $GITHUB_TOKEN
+```
+
+Or set it as an environment variable for the session:
+
+```bash
+export GITHUB_TOKEN=$(gh auth token)
+npx asyncreview review --url <URL> -q "question"
+```
+
 ## Quick start
 
 ```bash
@@ -105,6 +206,50 @@ The AI will:
 3. Analyze content in the Python sandbox
 4. Report findings with evidence
 
+## Example: Review a Private Repository PR
+
+**Complete workflow for private repositories:**
+
+```bash
+# Step 1: Extract owner/repo from URL
+# URL: https://github.com/myorg/private-repo/pull/42
+# owner="myorg", repo="private-repo"
+
+# Step 2: Check if repository is private
+
+## Option A: With GitHub CLI
+gh repo view myorg/private-repo --json isPrivate -q '.isPrivate'
+# Output: true (it's private!)
+
+## Option B: Without GitHub CLI (using curl)
+curl -s -o /dev/null -w "%{http_code}" https://api.github.com/repos/myorg/private-repo
+# Output: 404 (likely private or doesn't exist)
+
+# Step 3: Ensure GITHUB_TOKEN is set
+echo $GITHUB_TOKEN
+
+## If empty, Option A: Get from GitHub CLI
+export GITHUB_TOKEN=$(gh auth token)
+
+## If empty, Option B: Create via web (https://github.com/settings/tokens)
+## Then:
+export GITHUB_TOKEN="ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+# Step 4: Run the review with the token
+npx asyncreview review \
+  --url https://github.com/myorg/private-repo/pull/42 \
+  -q "Does this PR introduce any security vulnerabilities?" \
+  --github-token $GITHUB_TOKEN
+
+# Alternative: Token is already in environment, no flag needed
+npx asyncreview review \
+  --url https://github.com/myorg/private-repo/pull/42 \
+  -q "Does this PR introduce any security vulnerabilities?"
+```
+
+**If you get a 404 or authentication error:** The repository is likely private, and you need to provide `GITHUB_TOKEN`.
+
+
 ## Output formats
 
 | Format | Flag | Description |