GitHub App Integration

Connect SyntaxValid to GitHub to analyze pull requests, enforce policies, and surface results directly in your workflow.

## GitHub App Integration

The GitHub App integration connects SyntaxValid directly to your development workflow.

It enables automated analysis, pull request checks, and policy enforcement without disrupting how teams work.

---

## What the GitHub App does

Once installed, the GitHub App allows SyntaxValid to:

- Analyze pull requests and commits

- Report issues and TrustScore automatically

- Enforce blocking policies before merge

- Keep analysis results in sync with code changes

The integration is read-focused and safety-oriented.

---

## How the integration works (high level)

1. The GitHub App is installed on selected repositories

2. Pull request or commit events trigger analysis

3. SyntaxValid analyzes the relevant code snapshot

4. Results are reported back to GitHub

5. Merge readiness reflects policy compliance

All results are tied to specific commits or pull requests.

---

## Permissions and access model

The GitHub App requests only the permissions required to function:

- Read access to repository contents

- Read access to pull requests and commits

- Status reporting permissions

SyntaxValid does not:

- Write to your repository by default

- Modify code automatically

- Bypass GitHub review rules

---

## Pull request checks

When enabled, SyntaxValid appears as a pull request check.

Checks indicate:

- Analysis status (running, completed)

- Blocking or non-blocking results

- Overall TrustScore impact

Blocking issues can prevent merging until resolved.

---

## Policy enforcement

GitHub integration enforces policies consistently.

If a pull request violates an active policy:

- The check fails

- Blocking issues are surfaced

- Merge readiness is denied

This ensures standards are applied automatically.

---

## Fixing issues from GitHub

Issues detected via GitHub can be:

- Reviewed in SyntaxValid

- Fixed locally

- Addressed using Fix with AI

- Verified by re-running analysis

GitHub remains the control plane for merging.

---

## Security and safety considerations

- No secrets are stored from your repository

- Code snapshots are analyzed deterministically

- Access can be revoked at any time via GitHub

SyntaxValid respects repository boundaries and permissions.

---

## When to use GitHub App integration

The GitHub App is recommended when:

- Teams use pull requests consistently

- Merge safety needs to be enforced

- TrustScore should be visible during reviews

- Manual analysis is not sufficient

---

## Next steps

- Pull Request checks in detail

- IDE integrations

- CI usage options