Self-hosting

GitHub App and Orb

A self-host needs webhook delivery and installation tokens. Use a direct GitHub App when you own the full setup, or Orb broker mode when you want delegated token minting.

Choose a connection mode

Direct GitHub App: Your self-host stores the App id, slug, private key, and webhook secret. It mints installation tokens directly.
Brokered Orb: Your self-host uses ORB_ENROLLMENT_SECRET to request short-lived installation tokens from the central Orb broker.

Direct App permissions

Pull requests: read/write.
Checks: read/write.
Issues: read/write.
Contents: read. Add write only if the self-host should merge.
Commit statuses: read.
Metadata: read.

Events should include pull request, pull request review, push, issues, check suite, check run, and status.

Direct App env

.env

GITHUB_APP_ID=123456
GITHUB_APP_SLUG=my-gittensory-app
GITHUB_APP_PRIVATE_KEY_FILE=/run/secrets/github-app-private-key.pem
GITHUB_WEBHOOK_SECRET=<same-secret-configured-on-the-app>

Brokered Orb env

.env

ORB_ENROLLMENT_SECRET=<issued-once-by-orb>
ORB_BROKER_URL=https://gittensory-api.aethereal.dev

Brokered mode is useful when the self-host should not hold a GitHub App private key. It still needs a reachable webhook path or relay mode, depending on the network setup.

Webhook checks

curl https://reviews.example.com/health
curl https://reviews.example.com/ready

bash

After installing the App on a test repo, open a small PR and confirm the webhook delivery appears in GitHub and a job appears in self-host logs. Continue with Operations for log and metric checks.

← PreviousConfiguration Next →AI providers