Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.devin.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Devin supports two methods for connecting to GitHub Enterprise Server (GHES) and GitHub Enterprise Cloud (GHEC) with Data Residency:
  1. GitHub App (Recommended) — Register and install a dedicated GitHub App on your GHES or GHEC instance. This provides a streamlined setup experience and does not require managing personal access tokens.
  2. Personal Access Token (PAT) — Create a service account and generate a fine-grained personal access token. This method works for all GHES versions.
The GitHub App integration is currently available on a limited basis. To get started, please contact your Cognition representative.

GitHub App Setup

The GitHub App setup involves three steps:
  1. App Registration — Register a GitHub App on your GHES or GHEC instance. You only need one App registration per instance.
  2. App Configuration — Configure the registered App on your GHES or GHEC instance (e.g., make it public and opt out of token expiration).
  3. App Installation — Install the registered App on each GitHub organization you want Devin to access. You need one installation per organization.

Prerequisites

  • A Devin user with Manage git permissions
  • Owner or admin access to the GitHub organization where the App will be registered

Step 1: Register the GitHub App

  1. In your Devin account, navigate to Enterprise SettingsIntegrationsGitHub.
  2. Expand the Advanced section to reveal the GitHub Enterprise options.
GitHub Enterprise advanced section
  1. Click Register App.
  2. In the modal that appears, enter the hostname of your GHES or GHEC instance and the organization where the App will be registered.
Register App modal
  1. You will be redirected to GitHub. Click Register App to complete the registration.
GitHub registration page
  1. After being redirected back to Devin, the GitHub App is now registered in your GitHub organization.

Step 2: Configure the GitHub App

After registration, configure the App on your GHES or GHEC instance:
  1. On your GHES or GHEC instance, navigate to the GitHub organization specified during registration.
  2. Go to SettingsDeveloper SettingsGitHub Apps and select the Devin App.
Developer Settings - GitHub Apps
  1. In the Advanced section, under Danger zone, click Make public. This allows the App to be installed across other organizations on the same instance.
  2. Navigate to the Optional features section and opt out of User-to-server token expiration. This prevents access tokens from expiring and avoids the need for users to re-authorize the App periodically.
User-to-server token expiration setting

Step 3: Install the GitHub App

  1. In your Devin account, navigate to Enterprise SettingsIntegrationsGitHub.
  2. Expand the Advanced section and click Install App.
  3. In the modal, select the GitHub App registered under your GHES or GHEC instance.
Install App modal
  1. You will be redirected to GitHub, where you can choose a GitHub organization and select which repositories to grant Devin access to. We recommend granting access to all repositories.
  2. After completing the installation, you will be redirected back to Devin. A new git connection will appear in SettingsIntegrationsGitHub.
Repeat this step for each additional GitHub organization you want to connect.

Troubleshooting

If you encounter issues during the GitHub App registration or installation process, please contact your Cognition representative or reach out to enterprise@cognition.ai.

Personal Access Token Setup

Integrating Devin into your GitHub allows Devin to access your repos and create pull requests. This lets Devin be a true collaborator on your engineering team.

Create a Service Account for Devin

  1. Within your GitHub Enterprise, create a new GitHub account for Devin to use. This is important to ensure all of Devin’s access and usage can be properly tracked and managed.
  2. Add the newly created service account to all relevant GitHub organizations as a Member. Verify that the account has access to all of the repositories that Devin is expected to access.

Generate a Personal Access Token for Devin

  1. While logged into the service account, click on the profile picture in the upper-right corner, then click Settings.
  2. In the left sidebar, click Developer settings.
  3. In the left sidebar, under Personal access tokens, click Fine-grained tokens.
  4. Click Generate new token.
  5. Add the Token name and Expiration.
    Note: When the token expires, Devin will immediately lose all access to GitHub and a new token will need to be created.
  6. Under Resource owner, select the correct organization.
If you’re not seeing the correct organization under “Resource owner”, make sure that the enterprise and organization have enabled the use of fine-grained personal access tokens.

Enabling in Enterprise Settings

Only Enterprise Admins will be able to update these settings. Make sure that personal access tokens are also enabled in the specific organization settings.
  1. In the top-right corner of GitHub Enterprise Server, click your profile picture, then click Enterprise settings.
  2. At the top of the page, click Policies.
  3. Under Policies, click Personal access tokens.
  4. Select the Fine-grained tokens tab.
  5. Under Fine-grained personal access tokens, enable access.
  6. Click Save.

Enabling in Organization Settings

Only Organization Admins will be able to update these settings. Make sure that personal access tokens are also enabled in the enterprise settings.
  1. In the upper-right corner of GitHub, click your profile picture, then click Organizations.
  2. Next to the organization, click Settings.
  3. In the left sidebar, under Personal access tokens, click Settings.
  4. Select the Fine-grained tokens tab.
  5. Under Fine-grained personal access tokens, enable access for your organization.
  6. Click Save.
  1. Under Repository access, select which repositories you want Devin to work with. Tokens always include read-only access to all public repositories on GitHub.
  2. Make sure the token has the following permissions which are required for Devin to work properly:
PermissionAccess levelDescription
ContentsRead and writeAllow Devin to contribute to the codebase
IssuesRead and writeAllow Devin to open new issues
MetadataRead onlyAllow Devin to view crucial metadata about a repository such as who owns it
Pull requestsRead and writeAllow Devin to create new PRs
Additional permissions will help Devin better collaborate with your team depending on what work you’re asking Devin to do.
  1. Click Generate Token and save the token that is displayed.
    Note: Admin approval may be needed depending on your GitHub settings.
  2. To validate that the token has all the necessary access and permissions, create and push a test branch on your local machine to a repository in the organization.
  3. Once the token has been generated and tested, reach out to your Cognition point of contact to finish the setup process. If you are not currently working directly with our team, reach out to enterprise@cognition.ai.

Validating PAT Permissions Locally

Before sharing the token with Cognition, verify that it has the correct permissions by pushing a test branch: 
# Authenticate with gh CLI using your token
export GH_TOKEN=your_personal_access_token
export GH_HOST=your-github-enterprise-server.com

# Clone the repository
gh repo clone your-organization/your-repository
cd your-repository

# Create a test branch
git checkout -b test-devin-token-$(date +%s)

# Make a small change
echo "# Test" >> TEST.md
git add TEST.md
git commit -m "Test: Validate Devin token permissions"

# Push the branch (tests contents write permission)
git push origin HEAD

# Create a pull request (tests pull requests write permission)
gh pr create --title "Test: Validate Devin token permissions" \
  --body "This is a test PR to validate token permissions." \
  --base main

# Clean up: close the test PR and delete the test branch
gh pr close pr-number --delete-branch
Expected results: The push and PR creation should succeed without authentication errors. If the push fails, verify the token has “Contents: Read and write” permission. If the PR creation fails, verify the token has “Pull requests: Read and write” permission.

Using Devin with the GitHub Integration

Now that GitHub is integrated, you can configure which Devin sub-organizations have access to each repository (see Repository Permissions) Once the integration is set up, you can go to the Devin web application and you are now able to @mention any repository in your prompt! If you are using a repository for the first time, we recommend going through the development environment setup process in the onboarding flow to ensure that Devin has the most accurate and up to date information about working with your codebase.
Devin will automatically respond to any PR comments as long as the session has not been archived

Security Considerations

Some additional information regarding Devin’s permissions in GitHub:
  • We recommend enabling branch protections on master to ensure checks are enforced before Devin can merge any changes.
  • If Devin is connected to your organization’s GitHub account then it will have the same permissions for any user with access to the GitHub and Devin organizations.
  • Devin will not mirror the permissions of the user running a session with Devin, it will retain the permissions granted at the org-level.
  • Devin cannot create new repos in your GitHub account.