GitHub App (private repositories)
Install and configure the Oxagen GitHub App so your workspace can ingest source code from private and organization-owned repositories.
Overview
Public GitHub repositories can be connected from the Oxagen app using owner/repo only — no GitHub App required.
Private repositories (and organization-owned repos that need app-based access) require the Oxagen GitHub App to be installed on the correct GitHub account or organization. The app grants workspace-scoped, auditable access so Oxagen can clone and index code through the same ingestion pipeline described in Ingestion.
Before you start
- An Oxagen account and a workspace where you can manage connections.
- A GitHub account with permission to install GitHub Apps on the target user account or GitHub organization (org owners can install for the org).
- The repository names you want (in
owner/repoform) and the default branch you want indexed (oftenmain).
Install from Oxagen
- Open app.oxagen.ai and select the workspace that should own the connection.
- Go to Connections (or your workspace’s connection management surface).
- Choose Add connection → GitHub.
- Select the flow for private (or organization) repositories — not the public
owner/repo-only path. - Click Install GitHub App (or equivalent). Oxagen redirects you to GitHub’s install screen with a secure, one-time state so the installation is tied to your Oxagen workspace when you return.
Complete the flow on github.com before closing the tab.
Configure on GitHub
On GitHub’s installation screen:
- Install for — Pick your personal account or the organization that owns the private repos. If you pick the wrong account, Oxagen will not see the installation for the org you need.
- Repository access
- All repositories — Simplest if policy allows; new private repos are included automatically.
- Only select repositories — Add every private repo Oxagen should ingest. You can add more later under Settings → Applications → Installed GitHub Apps (user or org settings).
- Confirm permissions requested by the Oxagen GitHub App and finish Install.
If your company restricts third-party apps, an org admin may need to approve the app or allow installation for your org.
Finish in Oxagen
After GitHub redirects back to Oxagen:
- Open Add connection → GitHub → private flow again if needed.
- Select the installation that matches the GitHub account or org you used (Oxagen lists installations linked to your tenant).
- Enter
owner/repo(for exampleacme-corp/api) and the default branch. - Save the connection. Ingestion runs on Oxagen’s side using the GitHub App installation token for that org — your workspace graph stays isolated per Oxagen’s Security model.
Troubleshooting
| Issue | What to check |
|---|---|
| Installation missing in Oxagen | Install completed on the same GitHub user/org you use in Oxagen; try Install GitHub App again from the connection dialog. |
| Repo not found or access denied | Under the org’s Installed GitHub Apps settings, confirm the repo is allowed (All repositories or explicitly selected). |
| Wrong GitHub org | Uninstall the app from the mistaken account (GitHub settings) and reinstall on the org that owns the code. |
| Org policy blocks the app | Ask an org admin to allow the Oxagen GitHub App or to complete the install on behalf of the org. |
Related
- Ingestion — How content becomes typed nodes and edges in the workspace ontology.
- Security & Privacy — Data handling, workspace isolation, and encryption.
Code Graph
How Oxagen ingests a repository into a typed, queryable code graph and what your agents can traverse against it.
Events, triggers, and audits
How Oxagen turns ontology changes into observable events, how those events fire user-defined agent triggers, and how every agent run is recorded in a hash-chained, Merkle-attested audit log.