Git

the git integration allows resolve ai to access and analyze code from your private git repositories this integration clones repositories to the https //docs resolve ai/resolve satellite and provides the agent with code context during investigations overview the git integration enables resolve ai to clone and sync multiple git repositories search through code files and directories view file contents and git history analyze commit information, diffs, and blame provide code context during investigations the git integration runs on your satellite, which means repositories are cloned locally in your environment and code never leaves your infrastructure available mcp tools the git integration provides the following operations git network calls git clone , git fetch local read only git commands read repository contents, view history, analyze commits and diffs other read only commands file system operations for accessing cloned repositories remediation commands create code changes on a branch and create a pr (only when explicitly requested by a user) authentication configuration the git integration supports two authentication methods github app authentication (recommended) use github app authentication for the best user experience with automatic token management and fine grained permissions use cases github repositories (public or private) teams requiring centralized permission management /#setup guide token based authentication use personal access tokens or service account tokens for direct authentication use cases non github git providers (gitlab, bitbucket, etc ) self hosted git servers (supports /#custom ssl certificates ) environments requiring custom ssl certificates mixed authentication across multiple providers /#option 2 token based authentication | /#creating personal access tokens storage configuration the git integration requires storage to clone and maintain repositories by default, it uses emptydir (ephemeral storage with 10gi limit) for production, we recommend using a persistentvolumeclaim /#how much disk space do i need | /#should i use pvc or emptydir for storage using persistentvolumeclaim (recommended for production) to use persistent storage that survives pod restarts gitvolume type persistentvolumeclaim optionally, you can adjust the pvc template as needed see https //kubernetes io/docs/concepts/workloads/controllers/statefulset/#volume claim templates gitvolume type persistentvolumeclaim persistentvolumeclaim spec \#storageclassname "gp3" # uses cluster default otherwise resources requests storage 200gi # adjust as needed \### using emptydir (default) the default configuration uses emptydir to customize the size gitvolume type emptydir emptydir sizelimit 20gi # adjust based on your repository sizes emptydir limitation with emptydir, repositories are deleted when the pod restarts, requiring a complete re clone this can be time consuming for large repositories setup guide option 1 github app authentication github app authentication requires you to first configure the integration in your satellite, then complete the installation via the resolve ai web interface step 1 configure integration in satellite add the github app integration to your resolve values yaml resolve values yaml integrations github type git create true connection authconfigs githubapp # name your auth config type "github" \# optional configure storage (default is emptydir with 10gi) \# for production, use persistentvolumeclaim gitvolume type persistentvolumeclaim apply the changes helm upgrade install resolve satellite \\ oci //registry 1 docker io/resolveaihq/satellite chart \\ \ values resolve values yaml step 2 install the github app after deploying your satellite configuration navigate to https //app0 resolve ai/integrations/git/edit in resolve ai find your integration (eg named github in the sample above) and open it click the install github app button you'll be redirected to github to authorize the resolve ai github app select which repositories to grant access to all repositories grant access to all repos in your organization only select repositories choose specific repositories click install & authorize you'll be redirected back to resolve ai github app installation screenshot will show repository selection step 3 verify integration the health check should pass automatically, confirming repositories were cloned successfully check the integration status in the resolve ai interface if you encounter issues, see the /#troubleshooting section option 2 token based authentication step 1 create access tokens create personal access tokens for your git provider see /#creating personal access tokens for detailed instructions for github step 2 create kubernetes secret create a kubernetes secret to securely store your git credentials git credentials yml apiversion v1 kind secret type opaque metadata name git credentials stringdata tokenauthcredentials | bitbucketauth username \<your username> token \<your token> gitlabauth username \<your gitlab username> token \<your gitlab token> apply the secret apply secret kubectl apply f git credentials yml step 3 configure integration in satellite add the git integration configuration to your resolve values yaml resolve values yaml integrations gittokenauth type git create true secretname git credentials connection \# define authentication configurations authconfigs githubtokenauth type "token" tokenauthremoteurls \ "https //github com/your org/repo 1 git" \ "https //github com/your org/repo 2 git" gitlabauth type "token" tokenauthremoteurls \ "https //gitlab com/your org/repo 3 git" \ "https //gitlab com/your org/repo 4 git" \# optional configure storage (default is emptydir with 10gi) \# for production, use persistentvolumeclaim gitvolume type persistentvolumeclaim step 4 apply changes update your satellite deployment with the new configuration helm upgrade install resolve satellite \\ oci //registry 1 docker io/resolveaihq/satellite chart \\ \ values resolve values yaml step 5 verify integration open the https //app0 resolve ai/integrations/git/connect in resolve ai and check the connection the health check should pass, confirming repositories were cloned successfully if you encounter issues, see the /#troubleshooting section advanced configuration multiple authentication methods you can combine multiple authentication methods in a single integration for example, use /#setup guide for github com repositories alongside /#option 2 token based authentication for other git providers resolve values yaml integrations gitmultiauth type git create true secretname git multi credentials connection authconfigs \# github app for github com repositories githubapp type "github" \# token auth for gitlab repositories gitlabauth type "token" tokenauthremoteurls \ "https //gitlab com/org/repo git" \# token auth for self hosted git server selfhostedauth type "token" tokenauthremoteurls \ "https //git company com/team/project git" \# optional configure storage for production gitvolume type persistentvolumeclaim custom ssl certificates for self hosted git servers with self signed certificates or custom certificate authorities (cas), you can provide trusted certificates first, create a secret with your credentials and certificate git selfhosted credentials yml apiversion v1 kind secret type opaque metadata name git selfhosted credentials stringdata tokenauthcredentials | selfhosted username \<your username> token \<your token> trustedcertificateoverrides | selfhosted | \ begin certificate miidvtccaj2gawibagijakbsx/nluct2ma0gcsqgsib3dqebcwuamfixczajbgnv baytalvtmqswcqydvqqidajdqtelmakga1uebwwcu0yxedaobgnvbaomb1rlc3rp cmcxfzavbgnvbammdmdpdc5sb2nhbc50zxn0mb4xdti1mtexnzizndexofoxdti2 (certificate content) ftuklsprm3tvtm56ygjtqtnf+jkpduzejj6ghwh56bnet3odc/3nvok= \ end certificate apply the secret kubectl apply f git selfhosted credentials yml then configure the integration resolve values yaml integrations gitselfhosted type git create true secretname git selfhosted credentials connection authconfigs selfhosted type "token" tokenauthremoteurls \ "https //git company com/team/project git" \# optional configure storage for production gitvolume type persistentvolumeclaim certificate format certificates must be in pem format (base64 encoded with begin/end markers) the certificate will be used to verify the git server's identity instead of system certificates disable ssl verification (not recommended) security risk disabling ssl verification can expose you to man in the middle attacks only use this in trusted networks for testing purposes if you need to disable ssl verification entirely resolve values yaml integrations gitnoverify type git create true secretname git noverify credentials connection authconfigs localauth type "token" tokenauthremoteurls \ "https //git local test/repo git" \# disable ssl verification (use with caution!) gitsslnoverify true \# optional configure storage for production gitvolume type persistentvolumeclaim creating personal access tokens github github offers two types of personal access tokens fine grained tokens better security, but only access a single github organization's repositories classic tokens enables access to multiple github organizations' repositories option 1 fine grained personal access token (recommended) go to settings > developer settings > personal access tokens > fine grained tokens click generate new token enter a token name (e g , "resolve ai satellite") set the resource owner to your github organization set expiration date (required) under repository access , select which repositories to grant access to select only select repositories and choose specific repositories, or select all repositories if needed under permissions , in the repositories tab, select add permissions and then contents , which will enable read only access to contents and metadata click generate token copy the token immediately (you won't be able to see it again) option 2 classic personal access token go to settings > developer settings > personal access tokens > tokens (classic) click generate new token > generate new token (classic) add a note (e g , "resolve ai satellite") set expiration date select the following scope for private repositories select the top level repo scope (this grants full read/write access github does not offer read only scope for classic tokens) for public repositories only select public repo click generate token copy the token immediately (you won't be able to see it again) on the token click configure sso and authorize your organization(s), if necessary classic tokens with repo scope grant full read/write access use fine grained tokens for read only access gitlab go to preferences > in the sidebar > access tokens add a new token enter a token name (e g , "resolve ai satellite") select an expiration date (recommended) select the following scope read repository (read only access to repository code) click create personal access token copy the token immediately (you won't be able to see it again) the read repository scope provides read only access to repository content without granting broader api permissions repository url formats the git integration supports https urls ssh urls are not currently supported supported formats https //github com/org name/repo name git https //gitlab com/org name/repo name git https //bitbucket org/org name/repo name git https //github your company com/org name/repo name git # github enterprise troubleshooting health check failures if the integration health check fails check credentials verify the kubernetes secret contains correct username and token ( /#creating personal access tokens ) check repository access ensure the token has permission to access all listed repositories check network access verify the satellite can reach the git provider (firewall rules, network policies) check certificate for self hosted git, verify the certificate is valid and in pem format ( /#custom ssl certificates ) check logs view satellite logs for detailed error messages kubectl logs n resolve deployment/resolve satellite c satellite clone failures common issues when repositories fail to clone authentication failures token expired or lacks necessary permissions ( /#how do i rotate credentials ) network timeouts repository host unreachable from satellite disk space insufficient storage for cloning repositories ( /#storage configuration ) invalid urls ensure urls are in https format and accessible ( /#repository url formats ) refresh issues the integration automatically refreshes repositories periodically if refresh fails check that credentials are still valid verify network connectivity ensure sufficient disk space for fetching updates frequently asked questions how often are repositories synced? repositories are updated during routine health checks and scrapes by default, this occurs every few minutes is my source code stored in resolve ai's cloud? no repositories are cloned only to your satellite, which runs in your infrastructure code never leaves your environment unless small code snippets appear in investigation results shared to slack or saved in resolve ai saas can the agent modify my repositories? no the git integration is read only the agent can read files and history but cannot push commits, create branches, or modify code how much disk space do i need? plan for the total size of all repositories you want to clone, plus overhead for git metadata for example, if you have 10 repositories averaging 1gb each, allocate at least 15 20gb of persistent storage should i use pvc or emptydir for storage? we recommend using a persistentvolumeclaim (pvc) for production environments with a pvc repositories persist across pod restarts no need to re clone repositories after deployments or failures better performance for large repositories use emptydir only for testing or development environments where repository re cloning on pod restart is acceptable can i use ssh keys instead of tokens? currently, only https with personal access tokens is supported ssh authentication is not available what's the difference between github app and token authentication? github app oauth based, automatic token rotation, fine grained permissions, managed through github's ui token manual credential management, requires token rotation, simpler setup, works with any git provider can i use both github app and token authentication? yes! you can configure multiple auth configs in the same integration, mixing github app authentication with token based authentication for other providers we only support one github app based auth config at the moment how do i add more repositories? github app go to github's app settings and grant access to additional repositories the integration will automatically detect them token auth add the repository url to the tokenauthremoteurls array for the appropriate auth config and redeploy how do i rotate credentials? for token based auth generate a new token from your git provider update the kubernetes secret with the new token update secret kubectl apply f git credentials yml restart the satellite deployment to pick up the new secret kubectl rollout restart deployment/resolve satellite for github app no rotation needed! github apps handle token management automatically can i configure different permissions for different repositories? yes, with the new configuration you can create multiple auth configs, each with its own credentials and repository list this allows you to use different service accounts with different permissions what happens if a token expires? github app tokens are automatically refreshed no action needed token auth health checks will fail you'll need to generate a new token and update the secret