TILLFORGE · QUICKSTART

From an empty repo to a protected push.

GA

Create a repo, mint a token, clone and push with your editor’s native git, then watch a secret get rejected at the boundary — the whole loop, in a few commands.

01Install

Install the CLI and log in

TillForge lives inside the one tilldev CLI, alongside pulse, auth, cache, and ark. The CLI talks to the dashboard API over HTTPS only.

bash
# The TillForge commands ship inside the one TillDev CLI.
npm i -g @tilldev/cli        # or: pnpm add -g @tilldev/cli
tilldev login                # opens the browser; scopes the CLI to your org
02Create

Create a repository

A repo is created with a protected default branch and secret scanning on from the first push. Visibility is private, internal, or public.

bash
# Create a repo. The default branch is seeded PROTECTED and
# secret-scanned from the very first push — no configuration.
tilldev forge repos create --name acme-api --visibility private
# → repo  acme-api   default: main (protected)   visibility: private
03Authenticate

Mint a tfp_ token

Over HTTPS, a tfp_ token is your git password. Scope it read, write, or admin, optionally pin it to a single repo, and give it an expiry.

bash
# Mint a tfp_ token — this is your git password over HTTPS.
# The secret is shown ONCE and stored hash-only; scope it write.
tilldev forge tokens create --scope write --repo acme-api --expires 90
# → tfp_live_… (copy it now — it is never shown again)
Shown once, stored hash-only
The token secret is printed one time and stored as a hash — TillForge cannot show it to you again. If you lose it, revoke it and mint another. Minting can require MFA. Full details in Access & tokens.
04Push

Clone and push from any editor

Because TillForge speaks standard smart-HTTP, your editor’s built-in git works with no plugin. Clone over HTTPS and push — the token is the password.

bash
# Clone from any editor — native git, zero plugin.
git clone https://git.tilldev.dev/acme/acme-api.git
#   Username: your TillDev email (or 'x-access-token')
#   Password: the tfp_ token you just minted

cd acme-api
echo "# acme-api" > README.md
git add README.md && git commit -m "first commit"
git push -u origin main
# → pushed · main protected · scanned clean

Prefer keys? SSH works the same way — ssh://git@git.tilldev.dev:2222/acme/acme-api.git — once you register a key.

05The wedge

Watch a secret get rejected

This is the headline. Push a blob that contains a credential and the boundary rejects the whole push — the secret never enters history or the reflog. It fails closed: a scanner that can’t run refuses the push rather than passing it.

bash
# Now try to push a secret. The push boundary rejects it BEFORE
# it can enter history or the reflog — the credential never lands.
git commit -am "add config"        # config contains an API key
git push
# ! [remote rejected] main -> main (secret detected)
#   config.env:3  aws-access-key-id  — remove it and re-push,
#   or allowlist with a reason if it is a false positive.
Reject, not alert
A great many tools alert after a secret is already in history — where it stays forever. TillForge rejects at push, so the credential is never written. A genuine false positive is cleared with an audited, reason-stamped per-repo allowlist. See Branch protection.
06Read

Read the findings and the trail

Everything the boundary caught, plus a recovery trail, is one command away — and the same views live in the dashboard.

bash
# Everything the boundary caught, and the recovery trail:
tilldev forge findings acme-api          # secrets rejected at the push boundary
tilldev forge reflog acme-api            # ref-change history (one-click recover)
tilldev forge audit --limit 5            # the append-only privileged-action log
07Next

What's next

  • Repositories — clone / push over HTTPS + SSH and browse code, history, and blame.
  • Branch protection — the protected branch, secret-reject, and one-click reflog recovery in depth.
  • Pull requests — reviews, the merge gate, checks, and CODEOWNERS.
  • CLI reference — every command and flag.