GitHub App setup

The GitHub App approach

Slope uses the GitHub App pattern, not personal access tokens. When you "install" the app, GitHub gives us an installation_id scoped to the repos you picked. To act, we mint a short-lived (max 1 hour) installation token signed with the app's private key. The audit log on every issue shows Slope as the actor.

Setup

1. Integrations → Install GitHub App.
2. You'll be redirected to GitHub. Pick the organization (or your personal account).
3. Choose Only select repositories and pick the repos that should receive Slope-created issues. We recommend starting with one (e.g. your marketing-content repo).
4. Click Install. You're back in Slope with the integration showing as connected.

Permissions we request

• Repository contents: Read (so we can link to PRs that reference our issues).
• Issues: Read & Write (so we can create + label + close).
• Metadata: Read (basic repo info).

We never request code-write access, secrets access, or workflows.

Webhooks

Slope subscribes to issues events from the App. When you close a Slope-created issue in GitHub, the webhook fires, and we mark the execution_task as completed. 14 days later, the impact worker queries GSC for the target page and writes the delta.

Revoking

GitHub.com → your org settings → Installed GitHub Apps → Slope → Uninstall. Or from Slope's Integrations page → Disconnect (we stop using the installation immediately).