What this does

The GitHub integration unlocks three things:

  1. Read your code: the agent can search and read files to diagnose customer-reported errors (without exposing source code to customers).
  2. Detect deploys: when a deploy lands with a commit message like fixes CSTAR-42, cStar marks the linked Sentry-tracked ticket as resolved and notifies affected customers. Recognized verbs include fixes, closes, and resolves.
  3. Open issues: the agent can file a GitHub issue for engineering when it can't resolve a real bug. When the issue closes, customers are notified automatically.

How to connect

  1. Go to Settings → Team → Integrations → GitHub.
  2. Create a fine-grained Personal Access Token at github.com/settings/personal-access-tokens/new.
  3. Select the repos you want cStar to access.
  4. Set permissions:
    • Contents: Read-only (required for code reads + deploy detection)
    • Issues: Read and write (required for the agent to file bugs)
    • Pull requests: Read and write (optional, for future PR features)
  5. Paste the token and click Validate, then Connect.
  6. After connecting, copy the webhook URL and Webhook Secret from the Deploy Detection card and add them to your repo's Settings → Webhooks.

Subscribed webhook events

Turn on these events in the GitHub webhook config:

  • Deployment statuses: for deploy detection
  • Pushes: for commit-based deploy detection on main
  • Issues: so closing an AI-filed issue notifies customers

Security

  • Code is read-only by default. Write access (PRs, issues) requires explicit toggle in Settings.
  • The agent is forbidden from sharing source code, file paths, or issue URLs with customers.
  • Tokens are encrypted at rest in cStar.