GitHub App Permissions
Questions: [email protected].
Why Enji Guard Uses A GitHub App
Enji Guard uses a GitHub App so customers can grant repository access without sharing personal access tokens.
The GitHub App lets the Enji Fleet agents orchestrator read selected repositories, run selected tasks, and create GitHub output such as issues or pull requests when you enable those actions.
What Enji Guard May Read
Depending on the permissions granted and the selected feature, Enji Guard and the Enji Fleet agents orchestrator may read:
- selected repository contents;
- repository metadata;
- branches, commits, and pull requests;
- issues and comments;
- workflow or check metadata where needed;
- repository access verification metadata.
Repository-backed tasks should include a repository access context so the Enji Fleet agents orchestrator knows which repository the task is allowed to use.
Repository-backed tasks run in isolated containers. After the task completes, those containers are shut down and removed together with the cloned repository code. Full repository clones are not retained after task completion.
What Enji Guard May Write
Depending on the permissions granted and the selected feature, Enji Guard and the Enji Fleet agents orchestrator may write:
- GitHub issues for findings or scheduled improvement jobs;
- pull-request branches and pull requests for enabled autofixes;
- pull-request comments or review comments for enabled review workflows;
- status, check, or workflow output where configured.
What Enji Guard Does Not Do By Default
Unless a future feature clearly says otherwise, Enji Guard does not:
- merge pull requests automatically;
- deploy code automatically;
- scan every repository in an organization without selection and verification;
- use GitHub access for unrelated customer accounts;
- require personal access tokens for the general Enji Guard repository flow.
Repository Verification
The GitHub App install flow is owned by GitHub and the Enji Fleet agents orchestrator. After installation, Enji Guard verifies that the installation can access the selected repository before marking the repository as connected.
Local “connected” state is a product convenience. The hard access boundary is the verified repository access enforced by the Enji Fleet agents orchestrator.
Revoking Access
You can revoke Enji Guard GitHub App access from GitHub.
After revocation:
- future repository-backed tasks may fail or pause;
- scheduled improvement jobs may stop working;
- Enji Guard may still show existing reports, history, issue links, and pull request links for security, investigation, auditability, and product-history purposes;
- if you want historical repository records deleted, contact [email protected]. Enji.ai processes deletion and offboarding requests within a maximum of 30 days;
- you may need to reconnect the GitHub App to run new repository-backed actions.
Permission Manifest
The generated GitHub App manifest currently requests these repository permissions:
| Permission | Access | Why Enji Guard needs it |
|---|---|---|
| Contents | Write | Read code for audits and create pull-request branches where enabled |
| Issues | Write | Open issues for findings and scheduled improvement jobs |
| Pull requests | Write | Open pull requests and review comments where enabled |
| Metadata | Read | Verify selected repositories and installation state |
The manifest subscribes to issue_comment, issues, and pull_request
events so Enji Guard can react to enabled repository workflows and route them
to the correct project/task context.