Your team has been on GitHub for years. Engineers join, get added to repos, move teams, get promoted, sometimes leave. Access piles up quietly. Here's a question most engineering leads can't answer without clicking through a dozen GitHub settings pages: Who has admin access to your production repos right now? Not who should . Who does . I spent the last few weeks building a tool to answer that — and then ran it against a few orgs (with permission). What I found was uncomfortable enough that I'm writing this post. The access drift problem GitHub's access model is powerful but silent. There's no built-in alert when: An engineer who left 6 months ago still has write access to your main repo A contractor was given admin "temporarily" and never had it revoked Your staging repo has 11 admins because everyone who ever set it up still has access An outside collaborator — someone not even in your org — can push to production None of these show up in any dashboard. You have to go looking.…