v1.0 · COMING SOON · ON SOLANA

The secure on-chain bank inside your GitHub.

AI agents are taking over developer workflows, but most wallet infrastructure was never designed with them in mind. A single compromised approval is all it takes to drain everything. GitSafe vaults have no approve function and no transferable tokens — no attack surface for agents to exploit.

Soul-bound: no transfer, no drain

Constrained vault access

Unphishable: no approve, no drain

Gasless: GitSafe covers all fees

In-vault token swap and portfolio

Auto-pay bounties on PR merge

Ecosystem Read Docs $GITSAFE — Soon

PROJECT SETUP

Comment

@gitsafebot

AI Bot

parses

Workspace

created

Budget

locked

BOUNTY LIFECYCLE

Assign

bounty

Funds

escrowed

merged

Payout

auto

ON-CHAIN SETTLEMENT

GitSafe

detects

Solana

tx queued

Contract

executes

Receipt

posted

GitSafe

Manage projects, track portfolios, and pay teams directly from your repo

Vaults deployed

Txs on-chain

Commands

Repos connected

Protocol

How it works

GitSafe runs on one principle: every team operation, from planning to payment, should happen in the same place where the code lives. Bot-first by design — the same interface your AI agents use is the same one your team uses.

Comment in a GitHub issue

Mention @gitsafebot in any issue or PR. The AI bot parses your intent and maps it to an on-chain action — no dashboard, no form.

Vault escrows the funds

Budget is locked in a soul-bound vault on Solana. No one can move it until the condition is met — not even GitSafe.

PR merges, payout releases

When the PR is merged, the program verifies the event on-chain and transfers funds automatically. Receipt posted back to the issue.

Platform

Everything your team needs

Project Workspaces

Create named projects with budgets and track bounties, contributors, and spend — all via GitHub comments.

Instant Payouts

Funds release in milliseconds when conditions are met. No manual approvals, no delays, no invoices.

Security

Soul-bound safeTokens cannot be transferred or drained. Two-step commit/reveal vault transfers. Recovery address protection.

Key Management

Set a recovery address and rotate your vault signing key on-chain at any time. Your vault, your control.

VAULT

On-Chain Banking

Every user gets a personal vault on Solana. Deposit, hold, transfer, and track your crypto portfolio without ever leaving GitSafe.

PROJECTS

Bounty Management

Create projects, assign bounties, and release payments directly from GitHub issues and pull requests. No external dashboards, no manual invoices.

TRADE

DeFi Swap

Swap tokens inside your vault using on-chain liquidity. One action, settled on Solana, with fees covered by GitSafe.

PROTECTION

AI Security

The only on-chain bank account safe enough to give an AI agent access. No approve function, no transfer surface. Even a fully compromised agent cannot move a single token without explicit on-chain permission.

acme-org / mobile-app / issues / 47

>@gitsafebot create project Mobile App v2 with 500 USDC budget

Project Mobile App v2 initialized. 500.00 safeUSDC locked in project escrow. Budget available for task assignment.

>@gitsafebot assign this task to @alex_dev with 45 USDC bounty

Task registered. 45.00 safeUSDC escrowed for @alex_dev (GitHub ID: 789102). Funds release automatically on PR merge.

>GitHub: PR #110 merged by @maintainer

Task #47 closed via PR #110. 45.00 USDC released to @alex_dev. Fee: 0.09 USDC (0.2%). Tx: 4a1z…9efK. Budget remaining: 455.00 safeUSDC.

Security

Safe enough for AI agents.
Cryptographically un-phishable.

Most wallets hand every key to whoever holds the private key — including the AI agents you give bot access to. GitSafe enforces permissions at the contract level, not at the trust level.

No approve, no drain surface

SafeTokens have no transfer or approve function. An AI agent with full bot access cannot drain the vault — there is simply no function to call. A compromised key is worthless without an exploit path.

Permanent identity anchoring

Every vault, project, and permission is bound to a GitHub Permanent User ID: an immutable integer that cannot be changed by renaming an account, cannot be claimed by another user, and cannot be spoofed in a webhook payload.

On-chain permission enforcement

The program verifies manager permissions before any operation executes. Budget allocation, task assignment, and fund reclamation all require the caller to hold a verified manager role — enforced at the program level, not application level.