Aegis acts as a governance layer between your AI agents and GitHub. To inspect repository state, evaluate branch policies, and route pull request actions on your behalf, Aegis needs your GitHub identity and a personal access token (PAT) with the right scopes. You provide these once during onboarding and can update them at any time from Settings.Documentation Index
Fetch the complete documentation index at: https://docs.runaegis.co/llms.txt
Use this file to discover all available pages before exploring further.
What you need before you start
Before connecting GitHub, collect the following:- GitHub username, your GitHub login name (e.g.
octocat). - GitHub user ID, the numeric ID for your account, not the username.
- Personal access token, a classic or fine-grained PAT with the required scopes listed below.
Your GitHub user ID is a number, not your username. Look it up by visiting
https://api.github.com/users/YOUR_USERNAME in a browser and reading the id field in the JSON response.Required PAT scopes
Your PAT must have all three of the following scopes. Aegis will not function correctly if any are missing.| Scope | Why Aegis needs it |
|---|---|
repo | Read repository contents, branches, and pull request state. Required for policy evaluation on any private or public repo. |
read:user | Verify your GitHub identity and confirm the user ID you provide matches your token. |
workflow | Inspect and interact with GitHub Actions workflows. Required for CI-status checks used by policies like CI Required Before Merge. |
Create a personal access token
Open GitHub token settings
Go to github.com/settings/tokens. Sign in if prompted.
Choose a token type
Click Generate new token and select Generate new token (classic). Fine-grained tokens are supported, but classic tokens are the simplest way to grant the three required scopes in one step.
Set a name and expiration
Give the token a descriptive name such as
Aegis governance and choose an expiration that fits your rotation policy. Tokens with no expiration are convenient but are not recommended for production use.Select the required scopes
Check the boxes for
repo, read:user, and workflow. You do not need any other scopes.Add your credentials in Aegis
During initial setup, the onboarding flow collects your GitHub credentials in step 1. If you have already completed onboarding, navigate to Settings → GitHub to view your current connection or go to Settings → Profile to update your PAT.Open the GitHub settings section
In the Aegis dashboard, click Settings in the sidebar, then select GitHub under the Integrations group. You will see your current username, numeric user ID, and the scopes your token requires.
Sync your repositories after connecting
Providing your credentials does not automatically import your repositories. You must trigger a sync so Aegis can discover the repos your PAT can access. After saving your GitHub credentials, navigate to Settings → Repositories and click Sync. Aegis uses your GitHub user ID and PAT to discover the repositories your token can access. New repositories added to your account will not appear in Aegis until you sync again. For details on setting read and write permissions for each repository after syncing, see Repository permissions.Rotate your PAT
When you generate a new PAT to replace an expiring or compromised one:- Create the new token on GitHub with the same three scopes.
- In Aegis, go to Settings → Profile and paste the new token into the GitHub PAT field.
- Click Update token.
- Revoke the old token on GitHub at github.com/settings/tokens.