Multi-agent DAG orchestration, purpose-built for enterprise engineering teams Learn more →

GitHub

Last updated 2026-05-21·7 min read

Cendriix reads tickets, plans changes, opens pull requests, and merges branches through a GitHub App. This guide covers installing the app and what access it needs.

Overview

The integration is a GitHub App, not a personal access token. The app is installed on the repositories you choose and authenticates with short-lived installation tokens. There is no personal credential to leak, and the org admin sees exactly which repos the app can reach.

Installing the GitHub App

bash
cendriix workspace scm connect --provider github

This opens the GitHub App installation flow in your browser. Choose specific repositories or grant the whole organisation, then confirm. The connector turns active as soon as the installation completes.

Repository scopes

Grant the app only the repositories the orchestrator should touch. You can change the repository list at any time from the GitHub App settings page; the change takes effect immediately. Cendriix never enumerates repositories it has not been granted.

What Cendriix does in your repo

ActionDescription
readReads code, branches, issues, and pull requests to plan a change.
branchCreates a feature branch for each run, never commits to the default branch directly.
pull requestOpens a PR with the change, run summary, and a link to the Cendriix run.
review replyResponds to review comments and pushes follow-up commits on the same branch.
mergeMerges the PR only after every required check passes and any approval gate clears.

Status checks & CI

Cendriix posts a status check on every pull request it opens, reporting the state of the associated run. It also waits for your existing CI checks, the orchestrator does not merge until every required check on the branch is green, exactly as a human contributor would have to.

Branch protection is respectedCendriix operates within your branch protection rules. If a branch requires two reviewers, the orchestrator cannot merge with one, branch protection is enforced by GitHub, and the app has no way around it.

Credential handling

Cendriix stores only the GitHub App installation ID. Installation tokens are minted on demand, scoped to the granted repositories, and expire after one hour. No personal access token and no long-lived secret is ever stored.

Next steps