Documentation

GitHub Connect

Browse your GitHub repos, clone them directly into CODEXT, and bundle without leaving the app. A Pro feature. Everything runs locally — the token, the clone, the output.

Getting started How it works GitHub Connect AI integration Local-first

The OAuth flow

Connecting GitHub uses a standard OAuth 2.0 authorization code flow. CODEXT opens your system browser to the GitHub authorization page. You approve the permissions, GitHub redirects back to the app with an authorization code, and CODEXT exchanges it for an access token.

The token is stored immediately in your OS keychain — Windows Credential Manager on Windows, Keychain Access on macOS. It is never written to disk in plaintext, never logged, never transmitted to CODEXT servers.

Click "Connect GitHub" in CODEXT

The button is in the top-right corner of the app, marked with the GitHub icon. Available in Pro only.

GitHub authorization page opens in your browser

CODEXT redirects to github.com/login/oauth/authorize. You're authenticating with GitHub directly — not with CODEXT.

Approve the requested permissions

GitHub shows you exactly which permissions are being requested (listed below). Click "Authorize CODEXT".

Browser redirects back to the app

GitHub sends you to localhost:PORT with an authorization code. CODEXT intercepts this and exchanges it for a token.

Token stored in OS keychain

The access token is written to your OS keychain and immediately used to load your repo list. Never stored on disk in plaintext.

Permissions requested

CODEXT requests the minimum permissions needed to list and clone your repos. No write access. No webhook access. No organization admin.

Scope	What it allows	Why CODEXT needs it
read:user	Read your GitHub username and profile	To display your username in the app interface
repo	Read access to your repositories (public and private)	To list repos and perform read-only shallow clones

Note on the "repo" scope

GitHub's "repo" scope is read/write at the API level, but CODEXT
only uses the read operations: list repos and clone. No write
operations are ever performed. You can verify this by inspecting
CODEXT's network traffic — no POST/PATCH/DELETE to github.com/api.

Cloning a repo

From the repo browser, click any repo and click "Bundle". CODEXT runs a shallow clone (depth 1 by default — only the latest commit, no history) into your OS temp directory. This is equivalent to running:

What CODEXT runs

git clone --depth 1 https://github.com/user/repo.git
  /tmp/codext-clone-[randomhash]/

After bundling, the clone sits in your temp folder until you delete it manually or your OS clears temp on restart. CODEXT does not delete it automatically — your data, your control.

Clone depth is configurable in settings (v1.2.0+). Increasing depth to full history can significantly increase clone time and disk usage for large repos.

Disconnecting GitHub

To disconnect: open CODEXT, click your GitHub username in the top bar, and click "Disconnect". This removes the token from your OS keychain. CODEXT no longer has access to your GitHub account.

To fully revoke access, also go to GitHub Settings → Applications → Authorized OAuth Appsand revoke CODEXT. This invalidates the token at GitHub's end as well.

Revoke on GitHub

github.com → Settings → Applications → Authorized OAuth Apps → CODEXT → Revoke

GitHub Connect

Everything you need to know