Collaborate on a private repo
Pass work back and forth with a co-founder by keeping your sessions in your own private GitHub repo. The web app and the agent kit both read and write the same portable file, so a non-technical founder in the browser and a technical one in an agent stay in sync.
Every Thought Layer session is one portable file (.thought-layer/<name>.json). You can already pass that file by hand (Save progress to file, then Load progress from file). Collaboration makes the handoff continuous: keep the files in a private GitHub repo you own, and both surfaces sync to it.
One file, two surfaces
The web app and the kit write the exact same format to the same path in the same repo, so it does not matter which side made an edit. BYOK, no central account, nothing phones home beyond your own GitHub.
The two surfaces
- In the web app: open Save and load progress, expand GitHub sync, and connect your repo with a fine grained token. Pick a session, Sync from GitHub to pull, Save to GitHub to push. The token stays in your browser.
- In the kit (Pi or any shell):
tl sync initpoints at the repo,tl sync save --name <session>pushes, andtl sync open --name <session>pulls, all over git. Same files, same repo.
Set it up
- Create a private GitHub repo (for example
your-name/tl-sessions). One repo for your own projects, and a separate repo per outside founder you collaborate with, so access stays isolated. - Make a fine grained personal access token scoped to just that repo. The only permission it needs is Repository permissions, Contents: Read and write (Metadata: Read is added automatically); leave everything else off. Give it a short expiry. Create a token.
- Connect: in the web app paste the owner, repo, a session name, and the token; in the kit run
tl sync init --repo your-name/tl-sessions. - Add a collaborator to the repo in its GitHub settings. They connect the same way. Access is granted on GitHub; the tools never change permissions.
How edits reconcile
Git carries history and lets several people work at once. Reconciliation is done by the tools, not by a raw text merge: when two people edit the same session, the kit merges field by field (newest wins, and any close call is reported), and the web app opens the same Merge Progress dialog you see on a file import, so you pick a side per difference. Answers only one side has are always kept.
The token tradeoff (read this)
The web app is a static site with no server, so a token you paste lives in your browser, where page scripts can read it. Keep it least privilege: a fine grained token scoped to the one private repo, with only Contents Read and write (Metadata Read is automatic), and a short expiry. Uncheck Remember on this device to keep it only for the tab (cleared when the tab closes), and use Forget token on a shared machine. If you would rather no browser token existed at all, sync from the kit's tl sync over git instead: it uses your gh login or git credential helper, so nothing is held in the browser.
What is not synced
Only the session files sync. Your model API key and your GitHub token never enter a session file, and built product artifacts (a dist folder, a build.json) stay out of the sessions repo.
