Skip to main content

Overview

Create GitHub issues without revealing your identity. The issue is posted by the @gitgost-anonymous bot account, protecting your privacy while enabling you to report bugs, request features, or start discussions.

Endpoint

POST /v1/gh/:owner/:repo/issues/anonymous

Path Parameters

owner
string
required
GitHub repository owner (user or organization)
repo
string
required
Repository name

Authentication

No authentication required. Anonymous issue creation requires no API keys, tokens, or GitHub accounts.

Request Body

title
string
required
Issue title (must not be empty after trimming whitespace)
body
string
required
Issue description in Markdown format (must not be empty after trimming whitespace)
labels
array
default:"[]"
Array of label names to apply to the issue. Labels must already exist in the repository.

Response

issue_url
string
required
Full GitHub URL of the created issueExample: https://github.com/owner/repo/issues/42
number
number
required
Issue number in the repository
hash
string
required
8-character identity hash for this issue author (consistent across comments)
karma
number
required
Initial karma score (always 0 for new issues)
user_token
string
required
Unique token for this author identity. Save this token to post follow-up comments as the same anonymous user.
issue_reply_token
string
required
Alias for user_token (same value). Used for posting replies to this issue.

Examples

curl -X POST https://gitgost.leapcell.app/v1/gh/owner/repo/issues/anonymous \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Memory leak in worker pool",
    "body": "## Description\n\nThe worker pool doesn\'t properly clean up goroutines when closed, leading to memory leaks over time.\n\n## Steps to Reproduce\n\n1. Create worker pool with 100 workers\n2. Process 10,000 tasks\n3. Close the pool\n4. Observe goroutine count (doesn\'t decrease)\n\n## Expected Behavior\n\nGoroutines should be cleaned up when pool is closed.",
    "labels": ["bug", "performance"]
  }'

Response Examples

Success (200 OK)

{
  "issue_url": "https://github.com/owner/repo/issues/42",
  "number": 42,
  "hash": "a1b2c3d4",
  "karma": 0,
  "user_token": "XYZABC123456789",
  "issue_reply_token": "XYZABC123456789"
}

Validation Error (400 Bad Request)

{
  "error": "title and body are required"
}

{
  "error": "invalid payload"
}

Repository Not Found (400 Bad Request)

{
  "error": "failed to create issue: 404 Not Found"
}

Issue Format

Created issues include a footer disclaimer: Your Body: 
## Description

The worker pool doesn't properly clean up goroutines when closed...
Actual Posted Body: 
## Description

The worker pool doesn't properly clean up goroutines when closed...

---

*This is an anonymous contribution made via [gitGost](https://gitgost.leapcell.app).*

*The original author's identity has been anonymized to protect their privacy.*

Identity Management

User Token

The user_token is your anonymous identity for this issue:
1

Save the token

Store the user_token securely. You’ll need it to post follow-up comments as the same anonymous author.
# Example: save to a file
echo "XYZABC123456789" > .gitgost-token
2

Maintain consistent identity

Use the same token in subsequent comment requests to appear as the same anonymous user.
# Later, when commenting
curl -X POST ".../comments/anonymous" \
  -d '{"user_token": "XYZABC123456789", "body": "..."}'
3

Token security

  • Tokens are randomly generated (10 bytes, base32-encoded)
  • No expiration
  • Not recoverable if lost
  • Not linked to any personal information

Hash System

The hash is a deterministic identifier derived from:
  • Repository (owner/repo)
  • Issue number
  • Your user token
Properties:
  • 8-character hex string
  • Consistent across your comments on this issue
  • Enables karma tracking and moderation
  • Different hash per issue/PR
Implementation: 
input := fmt.Sprintf("%s/%s#%d|%s", owner, repo, number, userToken)
h := hmac.New(sha256.New, secretKey)
h.Write([]byte(input))
hash := hex.EncodeToString(h.Sum(nil))[:8]
Source Reference: internal/http/handlers.go:1359-1364

Karma System

Karma tracks your reputation as an anonymous contributor on a per-issue/PR basis.

Karma Mechanics

initial_karma
number
default:"0"
New issues start with 0 karma
comment_increment
number
default:"+1"
Each comment you post increases karma by 1
report_reset
string
Karma resets to 0 if you receive 3+ reports

Karma Display

Karma is not displayed in issues, only in comments. When you comment on this issue, your comment footer will show: 
---
goster-a1b2c3d4 · karma (1) · [report](https://gitgost.leapcell.app/v1/moderation/report?hash=a1b2c3d4)

Moderation

Issues and comments can be reported if they violate community guidelines.

Report System

Anyone can report a hash via: 
https://gitgost.leapcell.app/v1/moderation/report?hash=a1b2c3d4

Moderation Policy

1

0-2 reports

Internal log only, no action taken
2

3-5 reports

  • Hash flagged
  • 6-hour cooldown applied
  • Karma reset to 0
  • All existing comments updated to show karma=0
3

6+ reports

  • Hash permanently blocked
  • All comments by this hash deleted
  • Cannot post new content
Source Reference: internal/http/handlers.go:610-615

Rate Limiting

While not explicitly rate-limited per-endpoint, global service rate limits apply to prevent abuse.
The service monitors for:
  • Rapid successive requests from single IPs
  • Coordinated abuse across multiple IPs
  • Spam patterns
Abusive behavior may trigger:
  • Temporary IP-based blocks
  • Service-wide panic mode suspension
  • Automatic issue/comment deletion

Best Practices

Be Descriptive

Provide detailed issue descriptions with:
  • Clear title
  • Steps to reproduce
  • Expected vs actual behavior
  • Environment details

Save Your Token

Store your user_token immediately:
  • Enables follow-up comments
  • Maintains consistent identity
  • Cannot be recovered if lost

Use Labels Wisely

Only use labels that:
  • Exist in the target repo
  • Accurately describe the issue
  • Follow project conventions

Respect Guidelines

Follow the project’s:
  • Code of conduct
  • Contributing guidelines
  • Issue templates
  • Community standards

Implementation Details

Token Generation

func generateUserToken() string {
    buf := make([]byte, 10)
    _, err := rand.Read(buf)
    if err != nil {
        return fmt.Sprintf("tok-%d", time.Now().UnixNano())
    }
    return strings.ToUpper(
        base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(buf)
    )
}
  • 10 random bytes (80 bits of entropy)
  • Base32-encoded (uppercase, no padding)
  • Example: XYZABC123456789
Source Reference: internal/http/handlers.go:1366-1373

Request Validation

The endpoint validates:
  1. JSON Parsing: Request body must be valid JSON
  2. Required Fields: title and body must be non-empty after trimming
  3. Repository Existence: Target repo must exist and bot must have access
  4. Labels: Labels must already exist in the repository (invalid labels are silently ignored by GitHub)
Source Reference: internal/http/handlers.go:986-1024

Limitations

Once created, anonymous issues cannot be edited or deleted via the API. You must contact the repository maintainers directly.
You cannot create new labels. Only existing repository labels can be applied.
Images, files, and attachments are not supported. Use external hosting and Markdown links.
Lost tokens cannot be recovered. Save them immediately after receiving them.
Unlike anonymous PRs, issues don’t have ntfy notification support. Check GitHub directly for updates.

Anonymous Comments

Post follow-up comments using your user token

Anonymous PRs

Create anonymous pull requests via Git push

Troubleshooting

”title and body are required”

Ensure both fields are provided and contain non-whitespace content: 
// ❌ Invalid
{
  "title": "",
  "body": "   "
}

// ✅ Valid
{
  "title": "Bug report",
  "body": "Description of the bug"
}

“failed to create issue: 404 Not Found”

The repository doesn’t exist or the bot lacks access:
  • Verify the owner and repo names
  • Check that the repository is public
  • Ensure the repository hasn’t been deleted or renamed

Labels not applied

GitHub silently ignores invalid labels:
  • Verify labels exist in the target repository
  • Check label names for typos
  • Labels are case-sensitive

Token not working for comments

Ensure you’re using the token correctly:
  • Use the exact token string received
  • Send it in the user_token field of comment requests
  • Don’t modify or format the token

Build docs developers (and LLMs) love

Get started for freeTalk to us