What this does
The GitHub integration unlocks three things:
- Read your code — the agent can search and read files to diagnose customer-reported errors (without exposing source code to customers)
- Detect deploys — when a deploy lands with a commit message like
fixes CSTAR-42, cStar marks the linked Sentry-tracked ticket as resolved and notifies affected customers - Open issues — the agent can file a GitHub issue for engineering when it cannot resolve a real bug. When the issue closes, customers are notified automatically
How to connect
- Go to Settings → Team → Integrations → GitHub
- Create a fine-grained Personal Access Token at github.com/settings/personal-access-tokens/new
- Select the repos you want cStar to access
- Set permissions:
- Contents: Read-only (required for code reads + deploy detection)
- Issues: Read and write (required for the agent to file bugs)
- Pull requests: Read and write (optional, for future PR features)
- Paste the token and click Validate, then Connect
- After connecting, copy the webhook URL and Webhook Secret from the Deploy Detection card and add them to your repo's Settings → Webhooks
Subscribed webhook events
Turn on these events in the GitHub webhook config:
- Deployment statuses — for deploy detection
- Pushes — for commit-based deploy detection on main
- Issues — so closing an AI-filed issue notifies customers
Security
- Code is read-only by default. Write access (PRs, issues) requires explicit toggle in Settings
- The agent is forbidden from sharing source code, file paths, or issue URLs with customers
- Tokens are encrypted at rest in cStar