GitHub
Set up the GitHub App for Mneme webhook ingestion.
The GitHub connector is the primary signal source for Mneme. It receives webhook events from a GitHub App and processes them into signals and memories.
Create a GitHub App
- Go to GitHub Settings → Developer settings → GitHub Apps → New GitHub App
- Fill in the details:
- App name: Mneme (or your preferred name)
- Homepage URL: Your Mneme deployment URL
- Webhook URL:
https://your-mneme-host/webhooks/github - Webhook secret: Generate a random secret and save it for later
Permissions
Set the following repository permissions:
| Permission | Access | Purpose |
|---|---|---|
| Contents | Read | Read file contents and diffs |
| Pull requests | Read & Write | Comment on PRs, read PR data |
| Commit statuses | Read & Write | Set check status on commits |
| Metadata | Read | Repository metadata (always required) |
Events
Subscribe to these webhook events:
| Event | Description |
|---|---|
pull_request | PR opened, closed, merged, updated |
push | Code pushed to any branch |
issues | Issue created, updated, closed |
issue_comment | Comments on issues and PRs |
pull_request_review | PR review submitted |
pull_request_review_comment | Inline review comments |
Generate Private Key
After creating the app, generate a private key from the app settings page. Save the .pem file securely.
Environment Variables
Set these in your Mneme deployment:
GITHUB_APP_ID=123456
GITHUB_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----"
# OR use a file path:
GITHUB_PRIVATE_KEY_PATH=/path/to/private-key.pem
GITHUB_WEBHOOK_SECRET=your-webhook-secretInstall the App
- Go to your GitHub App's public page
- Click Install
- Select the organization or user account
- Choose All repositories or select specific repos
- Click Install
Webhook Verification
Mneme verifies every incoming webhook using HMAC-SHA256:
- The
x-hub-signature-256header containssha256=<hex-digest> - Mneme computes
HMAC-SHA256(webhook_secret, request_body) - Comparison uses timing-safe equality to prevent timing attacks
Invalid signatures are rejected with 401 Unauthorized.
Processed Events
The GitHub connector processes these event types into signals:
| Event | Signal Category | What's Captured |
|---|---|---|
push | Code change | Commits, files changed, authors |
issues | Discussion | Issue title, body, labels, assignees |
issue_comment | Discussion | Comment content, context |
pull_request_review | Code review | Review verdict, body |
pull_request_review_comment | Code review | Inline comment, diff context, file path |
Configuration
GitHub signals are configured via Dashboard → Connectors → GitHub. You can customize which event types are processed. GitHub signals are enabled by default.