Git Hosting
Kod stores repositories as regular bare Git repositories and serves them over HTTP and SSH. You can use kod clone for the smoothest local experience, or plain Git commands when you prefer standard tooling.
Create a Repository
Section titled “Create a Repository”kod repo create my-appAfter creation, clone with the Kod helper:
kod clone my-appOr use plain Git over HTTP:
git clone https://git.example.com/repos/my-app.gitHTTP Git uses Basic Auth. The username can be anything, and the password is your Kod API token.
Import a Repository
Section titled “Import a Repository”Use kod repo import to mirror an existing local or remote Git repository into Kod:
kod repo import https://github.com/example/my-app.gitkod repo import ../my-local-repo my-appKod imports with git clone --mirror, so branches and refs are preserved. The repository name is optional; if omitted, Kod derives it from the source URL or path.
SSH Access
Section titled “SSH Access”The SSH server is enabled by default on port 2222. Configure it with kod serve flags or environment variables:
kod serve --ssh --ssh-port 2222
KOD_SSH_ENABLED=true \KOD_SSH_PORT=2222 \kod serveFor production, either expose port 2222 directly or forward/bind port 22 to the Kod SSH port.
Add a Collaborator Key
Section titled “Add a Collaborator Key”SSH access is based on a collaborator username and public key.
As an admin, create a username-linked token and add the user as a collaborator:
kod token create alice --username alice --permissions repo:read,repo:writekod repo my-app collaborator add aliceAlice configures her CLI with that token and adds a public key:
kod initkod keys add ~/.ssh/id_ed25519.pub --name laptopThen she can clone and push over SSH:
cd my-appgit push origin mainAdmins can manage another user’s keys with --username:
kod keys add ~/.ssh/alice.pub --username alice --name workstationkod keys list --username alicekod keys remove <key-id>Anonymous Read-Only SSH
Section titled “Anonymous Read-Only SSH”For public mirrors, you can allow unauthenticated clone, fetch, and repository discovery over SSH:
KOD_SSH_ANONYMOUS_READ=true kod serveAnonymous clients use the anonymous SSH username:
Anonymous SSH is read-only. Pushes are rejected.
SSH Repository Discovery
Section titled “SSH Repository Discovery”Kod supports lightweight repository discovery over SSH:
Opening an SSH shell also shows a compact repository list:
The repository list is filtered to what the authenticated key can read. Anonymous users only see repositories when anonymous read-only SSH is enabled.
Branch Protection
Section titled “Branch Protection”Protected branches can only be pushed by the repository owner or an admin token. Collaborators with repo:write are blocked by the Git pre-receive hook.
kod repo my-app protectedkod repo my-app protect mainkod repo my-app unprotect mainAccess Rules
Section titled “Access Rules”| Access path | Authentication | Read access | Write access |
|-------------|----------------|-------------|--------------|
| kod clone | API token from kod init | repo:read plus collaborator or owner/admin | repo:write plus collaborator or owner/admin |
| HTTP Git | API token as password | repo:read plus collaborator or owner/admin | repo:write plus collaborator or owner/admin |
| SSH Git | Added public key | Owner or collaborator | Owner or collaborator, except anonymous |
| Anonymous SSH | anonymous SSH username | Only when enabled | Never |