Product
Bop Overview Features Pricing
Docs Blog
Company
About Contact
GitHub Get Started

Documentation

Authentication

Bop uses local API keys for LLM providers and GitHub. No platform account is required.

API Keys (Primary Method)

Set your LLM provider API key and optional GitHub token as environment variables:

1
2
3
4
5
6
7
8
9

# LLM provider — one key is all you need
export ANTHROPIC_API_KEY="sk-ant-..."

# Optional: additional providers for custom multi-reviewer setups
export OPENAI_API_KEY="sk-..."
export GEMINI_API_KEY="..."

# GitHub access (required for PR reviews)
export GITHUB_TOKEN="ghp_..."

You can also configure API keys in your bop.yaml or .bop.yaml config file:

1
2
3

providers:
  anthropic:
    apiKey: ${ANTHROPIC_API_KEY}

GitHub Token Requirements

For PR reviews and GitHub integration, the GitHub token needs these scopes:

ScopeRequired For
repoReading PR diffs, posting comments
read:orgTeam reviewer assignments (optional)

Creating a Personal Access Token

  1. Go to GitHub Settings > Developer settings > Personal access tokens
  2. Click Generate new token (classic)
  3. Select the repo scope
  4. Generate and copy the token

Using GitHub CLI

Alternatively, use the GitHub CLI to create a token:

1

gh auth token

This returns a token with appropriate scopes.

Credential Storage

API keys are read from environment variables or config files. Bop does not store API keys — you manage them through your standard secret management practices.

Platform credentials (for future Pro features) are stored at:

1

~/.config/bop/auth.json

This file is created only if you authenticate with the Bop platform.

API Key Best Practices

  1. Never commit API keys - Use environment variables or secrets
  2. Use separate keys for CI - Create dedicated keys for automation
  3. Rotate regularly - Change keys periodically
  4. Limit scopes - Only grant necessary permissions
  5. Monitor usage - Watch for unexpected API usage

Platform Authentication (Coming Soon)

Bop Pro will include platform authentication for team features, centralized configuration, and usage analytics.

Login

1

bop auth login

Opens a browser for GitHub OAuth authentication. Credentials are stored locally at ~/.config/bop/auth.json.

Check Status

1

bop auth status

Logout

1

bop auth logout

GitHub Actions OIDC

Bop Pro will support OpenID Connect (OIDC) for keyless authentication in GitHub Actions, eliminating the need for long-lived platform tokens.

Troubleshooting

“Invalid token” for GitHub operations

  1. Verify your GITHUB_TOKEN is set correctly
  2. Check the token hasn’t expired
  3. Ensure the token has repo scope

“Permission denied” in GitHub Actions

Ensure your workflow has the required permissions:

1
2
3

permissions:
  contents: read
  pull-requests: write

Provider API key errors

  1. Verify the environment variable is set: echo $ANTHROPIC_API_KEY
  2. Check the key is valid with your provider’s dashboard
  3. Ensure the key has not been revoked or expired