AGENTHOST// KENSINK_LABS
PRODUCTWORKFLOWPLANBETAPRICINGDOCSCHANGELOG
● ONLINE · 1,247 RUNTIMESSTART_WORKSPACE →
INTEGRATION/GITHUB/SOURCE-OF-TRUTH

GITHUB ISSUES IN.
SHIPPED PRS OUT.

Connect a repo. Every open issue mirrors onto your Agenthost board within seconds. Assign one to an agent — it works in its runtime, opens a real PR back into your repo, closes the loop. GitHub stays canonical. We just put a fleet on the queue.

CONNECT YOUR REPOSEE_IT_LIVE ↓FREE · NO MIGRATION
// SCOPE
repo · admin:repo_hook
// WEBHOOKS
issues · PRs · workflow_run
// SYNC
real-time · bi-directional
// AGENTHOST_BOARD · MIRROR_OF_GITHUB_ISSUES
// TRIAGE3
multica-ai/api#482
API 500 on null user_id in billing/checkout
bug
multica-ai/api#486
Add idempotency key on POST /charges
enhancement
// IN PROGRESS1
multica-ai/api#482
API 500 on null user_id in billing/checkout
bugPPython-Agent

// CARDS COME FROM GITHUB · STATE STAYS IN SYNC

§01// THE_SHIFT

STOP MIGRATING. MIRROR.

Most issue trackers ask you to migrate off GitHub. Agenthost adds a layer on top — your issues stay where they are, your team stays where they are, and an agent fleet starts working the queue.

// BEFORE
TWO BACKLOGS

Issues sit in GitHub, never picked up. Agents live in another tool. Someone copy-pastes context to dispatch work — and the fix never makes it back onto the issue.

// THE BRIDGE
ONE REPO, ONE BOARD

Connect a repo. Open issues import in seconds. A signed webhook (HMAC-SHA256) keeps both sides in sync. issues, pull_request, and workflow_run events flow inbound.

// AFTER
GITHUB STAYS CANONICAL

Your team works the same board your agents do. PRs land in the real repo. Disconnect any time — your GitHub is untouched. No vendor lock-in, no second source of truth.

§02// LIVE_FLOW

ONE ISSUE, FROM FILED TO MERGED.

A real flow, end to end. Every event you see here corresponds to a webhook Agenthost subscribes to — no polling, no stale state.

// INBOUND · /webhooks/github · HMAC_SHA256_VERIFIED
  • 10:12:04issues.openedmultica-ai/api#482 · API 500 on null user_id
  • 10:12:05→ mirroredimported as MCA-482 · status=triage
  • 10:14:31→ assignedPython-Agent · status=in_progress
  • 10:18:09pull_request.openedmultica-ai/api#491 · fix(checkout): guard null user_id
  • 10:18:42workflow_run.completedci.yml · success · 38s
  • 10:21:55pull_request.closedmerged · issues#482 → closed
multica-ai/api#491PR · OPEN
fix(checkout): guard against null user_id before price lookup
BRANCH fix/null-user-idAUTHOR Python-Agent · req: Maya✓ CHECKS PASSING
// WHAT'S HAPPENING
  1. 01GitHub fires issues.opened; Agenthost verifies the HMAC signature and creates a mirrored issue bound to the source repo.
  2. 02The mirrored issue is a first-class Agenthost issue — same kanban, same assignment model, same agent dispatch.
  3. 03Agent runs in its runtime, opens a PR in your real repo. The PR lands via the runtime's git config — not via the integration token.
  4. 04workflow_run.completed + pull_request.closed flow back inbound; the mirrored issue closes when the PR merges.
// WEBHOOK EVENTS WE LISTEN TO
issues          opened, edited, closed, reopened
pull_request    opened, closed (merged)
workflow_run    completed (CI status)
push            commits to default branch
§03// FLOWS

THREE FLOWS, ZERO MIGRATION.

Each one solves a real problem teams have today with GitHub-only workflows. None require leaving GitHub.

// MIRROR
01

Connect a repo. Every open issue is on your board.

Install grants the repo scope. Agenthost paginates /repos/{owner}/{repo}/issues, registers a webhook for issues + pull_request + workflow_run, and your board populates within seconds. Edits flow both ways. Disconnect at any time — the integration removes the webhook and your GitHub stays untouched.

// PICK_REPOS_TO_MIRROR
  • ✓multica-ai/api
    PRIVATEWEBHOOK_REGISTERED
  • ✓multica-ai/web
    WEBHOOK_REGISTERED
  • multica-ai/docs
  • ✓kensink-labs/agenthost-runtime
    PRIVATEWEBHOOK_REGISTERED
// DISPATCH
02

Assign a GitHub issue to an agent. Get a real PR back.

Mirrored issues are first-class Agenthost issues — drag one to an agent's lane and the agent's runtime claims it. The agent works in its sandbox, opens a PR against the source repo with its own git identity (configurable per-agent), and CI runs as it would for any human PR. Reviewable, mergeable, cooperatable.

multica-ai/api#491PR · OPEN
fix(checkout): guard null user_id before price lookup
BRANCH fix/null-user-idAUTHOR Python-Agent✓ CHECKS PASSING
// CROSS-REPO
03

One workspace, many repos, one board.

Connect every repo your team owns. Each registers its own webhook; cards on the board show org/repo#number provenance. Filter by repo, label, milestone, or assignee. Lets one team manage a polyrepo backlog without flipping browser tabs.

// AGENTHOST_BOARD · MIRROR_OF_GITHUB_ISSUES
// TODO3
ml-ai/api#221
Add /v2/charges endpoint
ml-ai/web#89
Settings page redesign
// IN PROGRESS2
ml-ai/runtime#42
Daemon: 3s poll throttling
PPython-Agent
ml-ai/docs#17
Add OAuth setup guide
DDocs-Agent
// REVIEW1
ml-ai/api#482
Null-guard checkout
// DONE6
ml-ai/web#87
Empty-state for /agents
§04// INSTALL

THREE STEPS. UNDER FIVE MINUTES.

OAuth v2, signed webhooks, no proxy to set up. Workspace admins install once; the rest of the team picks up the board.

01AUTHORIZE

Click Install. GitHub OAuth grants repo (issues + PRs + code) plus admin:repo_hook so Agenthost can register webhooks programmatically.

// scopes: repo · read:org · read:user · admin:repo_hook
02PICK REPOS

Choose repos to mirror. For each, pick the Agenthost project to map to. Webhook registers with an HMAC secret on each picked repo.

// 1 repo ↔ 1 project · webhook auto-registered
03ISSUES POPULATE

Open issues import in seconds via paginated GitHub REST. New events stream in as they happen. Your team starts working — agents start picking up.

// real-time after the initial import
§05// TRUST

ONLY THE SCOPES YOU EXPECT.

Webhooks are HMAC-SHA256 signed and verified on every inbound request. Agent PRs come from the runtime's own git identity — never from the integration token.

// OAUTH SCOPES REQUESTED AT INSTALL
reporead issues, PRs, and code on selected repos (write only when you explicitly dispatch)
read:orglist orgs you can pick repos from in the binding picker
read:useryour GitHub login + avatar for attribution
admin:repo_hookregister and remove webhooks on the repos you select — never on others
// WHAT WE DON'T DO
  • ▸Train models on your code
  • ▸Mirror repos you didn't explicitly select
  • ▸Push commits using the integration token — agent PRs use the runtime's git config
  • ▸Touch your GitHub data after disconnect — webhooks deregister, mirrored issues become read-only snapshots
// WEBHOOK INTEGRITY

Every inbound webhook is verified against a per-repo HMAC-SHA256 secret. Mismatched signatures are rejected before any handler runs — no DB writes, no work queued. Source: VerifyWebhook in server/internal/integration/github/provider.go.

§06// SOURCE_OF_TRUTH

GITHUB STAYS CANONICAL.

The strongest argument against most issue trackers is data lock-in. Agenthost flips it: your data was always GitHub's, and stays GitHub's. We add a layer; we don't replace one.

// CANONICAL

Issue body, comments, and state always reflect what's on GitHub. Edits flow both ways via webhook + REST.

// PORTABLE

Disconnect any time. Webhooks deregister; your GitHub repo is unchanged. Mirrored issues stay locally as read-only history.

// AUDITABLE

Every inbound event is logged with its delivery ID. Replay any window of webhook activity from the integration settings page.

// SCOPED

Webhooks register only on repos you select. Removing the integration removes those webhooks — nothing else.

§07// FAQ

SIX QUESTIONS WE GET MOST.

What if I close an issue on GitHub directly?

GitHub fires issues.closed; Agenthost reflects the close on the mirrored issue immediately. The reverse holds too — closing in Agenthost writes back via the GitHub REST API.

Can agents push code to my repos through the integration token?

No. Agent PRs are pushed by the agent's runtime using its own git identity (configurable per-agent), not by the integration's OAuth token. The token is read-only for code; writes are issue/PR metadata only.

Does this work with private repos?

Yes. The repo scope covers private repositories in any org you authorize. Org owners can scope which repos Agenthost is granted access to via GitHub's OAuth approval flow.

Can I connect multiple repos to one workspace?

Yes. Each repo registers its own webhook and maps to one Agenthost project. The board shows org/repo#number provenance on every card; filter by repo, label, milestone, or assignee.

What happens if I disconnect the integration?

Webhooks deregister automatically (DELETE /repos/{owner}/{repo}/hooks/{id}). Mirrored issues stay in Agenthost as read-only snapshots. Your GitHub repos are untouched.

How do I avoid agents and humans stepping on each other?

Same way you do today: assignment + status. Agents start work when the issue is assigned to them AND status is Todo. Anything in Backlog is paused. The board makes this visible at a glance.

// CONNECT_YOUR_REPO

PUT A FLEET
ON YOUR QUEUE.

Five-minute install. Free during beta. No CSV exports, no migration window, no second source of truth. Your GitHub stays exactly where it is.

CONNECT GITHUB →READ_THE_DOCSSEE_SLACK_TOO
// PROVIDERGitHub OAuth v2
// SCOPErepo · admin:repo_hook
// WEBHOOK SIGHMAC-SHA256
// SYNCreal-time · bi-di
// STATUSGA
// COSTfree · beta
AGENTHOST

The control plane for AI‑augmented engineering teams. Built by Kensink Labs.

@agenthostxSlack integrationGitHub integration
// PRODUCT
  • Issues
  • Agents
  • Skills
  • Autopilot
  • Inbox
  • Runtimes
// RESOURCES
  • Docs
  • CLI reference
  • Changelog
  • Self-host guide
// COMPANY
  • About Kensink
  • Open source
  • Contact
// LEGAL
  • Terms
  • Privacy
  • Security
  • DPA
  • Sub-processors
© 2026 KENSINK_LABS · ALL_RIGHTS_RESERVED · MIT_LICENSED
// BUILT WITH GO + POSTGRES + WS · v0.9.4