Private beta: AI SRE is currently in private beta and available to invited accounts only. To join the whitelist test, contact the Flashduty sales team to request access; features and the UI may change during the beta.
Overview
Apps is where you manage authorized external applications. Each external application appears as a card — you authorize it, manage its installations, and enable / disable or revoke it right from its card. Today there is exactly one app under Apps — GitHub (with room to add GitLab and other code-hosting platforms later). Once you authorize GitHub, AI SRE can work directly inside your code repositories during a session: understand and explore code, investigate recent changes / commits / PRs, trace a PR from a change ticket, answer questions about a codebase, and — when you ask — fix a bug, open a PR, or file an issue. It all runs through native
gh / git, like an engineer working in a terminal.
Main Scenario: Letting the Cloud Sandbox Reach Your Repositories
AI SRE sessions run in a Flashduty cloud sandbox by default. The sandbox is a clean, isolated, ephemeral environment that carries none of your git credentials — which is exactly what an App solves. Once you authorize the GitHub App, the agent inside the sandbox can clone your repositories, read diffs, and open PRs, without you handing it any password or token; its access is limited to the repositories you granted, with only the least privilege needed to do the work. This is what the GitHub App is mainly for.
BYOC (self-hosted Runner) generally doesn’t need it. A Runner runs on your own machine, which usually already has
gh / git credentials configured (you work with repositories on it every day). In that case the agent just uses the host’s own gh — no GitHub App authorization needed. (If the host happens to have no gh configured, authorizing the App lets BYOC sessions use it too.) For the differences between environments, see Environments (BYOC).Where to Find It
Go to Plugins → Apps. Apps is the first and default tab in the Plugins area — opening Plugins lands you here.
Viewing the Apps tab requires the appropriate permission; without it, the tab is hidden. Authorizing, revoking, and enabling / disabling each require their own action permission — when you lack one, the corresponding button is shown disabled.
The GitHub App
The following uses GitHub, the only app available today, to walk through authorization, installation management, and adjusting repository access.
Connecting a GitHub Organization
Start the authorization from the GitHub card. The whole install completes in a popup through GitHub’s official install page, and the list refreshes automatically after the callback.Start the authorization
Click Authorize on the GitHub card (if the App already has an installation, the button reads Connect another organization). The frontend opens a popup that loads GitHub’s official install page.
Pick the organization and repositories on GitHub
Choose the organization (or personal account) to install into, and grant a repository scope — All repositories or Only select repositories. The set of granted repositories determines which repositories AI SRE can access afterward.
If you are not the owner of the organization, GitHub routes the request to the organization owner through its request-to-install approval flow; the installation activates only after approval. Which organization to install into and which repositories to grant are decided entirely on GitHub’s install page — Flashduty does not select on your behalf.
Managing Installations
Each authorized organization adds one installation row under the GitHub card. Each row shows:| Element | Description |
|---|---|
| Organization name | The GitHub organization / account login the installation lives on |
| Status dot | A colored dot plus a label: Connected, Suspended, Revoked |
| Repository count | The number of repositories currently granted to this installation |
Enable / Disable (suspend / resume)
Enable / Disable (suspend / resume)
The toggle in the top-right of the card switches between Enabled and Disabled. Disable = suspend: while suspended, the agent can no longer reach those repositories — but the GitHub installation itself is kept, so you can re-enable instantly with one click, without going through the GitHub authorization again. An App counts as “enabled” as long as it has at least one Connected installation.
Revoke
Revoke
Click Revoke on a row; after you confirm, the installation is set to Revoked and AI SRE can no longer access that organization’s repositories. A revoked installation is hidden from the card; re-authorizing the same organization restores it.
Suspend vs. Revoke: suspend turns it off temporarily, keeps the GitHub installation, and resumes with one click; revoke disconnects this authorization and requires going through the GitHub authorization again to use it.
Adding or Adjusting Repository Access
The organization is already connected, but you want AI SRE to reach more of its repositories — you don’t need to revoke and reconnect. In Plugins → Apps, click Authorize / Connect another organization again for that organization (or open the App’s Configure page on GitHub directly). GitHub shows the Repository access screen; select the additional repositories and save, and AI SRE re-syncs the granted repository list automatically — the new repositories become available without re-creating the connection.Fallback: if a newly added repository still reports “cannot access / 404 / 403” in a session, open the App’s page on GitHub (e.g.
github.com/apps/flashduty) → Configure → select the organization → scroll to the Danger zone → Uninstall. Then return to Plugins → Apps in Flashduty and authorize the organization again, granting all the repositories you need in one pass.How AI SRE Works Inside a Repository
After authorization, you need no extra configuration. When you ask AI SRE to work on a task in a repository during a session, it works like an engineer joining the project — understand first, then change, then verify. This behavior is governed by the built-in
github Skill.
Typical actions
- Enter the repository: clone it into its own workspace and read the repo’s own conventions first (
CLAUDE.md,AGENTS.md,README,CONTRIBUTING). - Investigate changes / PRs: use
git log,gh pr list,gh pr view,gh pr diff,gh search prsto trace a PR named in an incident or change ticket, see what a release shipped, or read a diff before deciding anything. - Change and propose: create a branch, make a minimal diff, open a reviewable PR with
gh pr create, or file an issue withgh issue create, and report the PR / issue URL back to you.
- Never force-push (
git push --force), and never push the default branch directly — always a branch + PR. - One logical change per PR, kept reviewable; if a change balloons beyond a focused diff, it stops and hands the analysis back to you.
- Never delete branches, close others’ issues / PRs, or change repository settings; never commit secrets, credentials, or build artifacts.
If the agent reports it cannot access a repository in a cloud session, it usually means the account has not authorized the GitHub App, or the target repository was not granted — just authorize and grant it under Plugins → Apps. The agent does not ask you for any token.
Permissions & Scope
GitHub App authorize and revoke are account-level operations. The account is the only security boundary; the team here is just an ownership / audit tag: any account member with the corresponding permission can authorize a new organization, revoke any installation, or enable / disable the whole App; when a session needs a repository, it obtains access from any connected installation in the account. Members of an account share one authorization — consistent with AI SRE’s “usage = account-level, ownership = team tag” model for other resources.
Related Pages
MCP (External Tools)
Connect external tools and data sources via the Model Context Protocol.
Console
Watch the agent clone a repo, read a diff, and open a PR during a session.
Environments (BYOC)
BYOC sessions use the runner host’s own gh and generally don’t need the GitHub App.
Skills
The built-in github Skill governs how the agent works inside a repository.