sourcebot-dev · msukkari · Oct 22, 2025 · Oct 18, 2025 · Oct 18, 2025 · Oct 18, 2025
diff --git a/docs/docs/configuration/auth/providers.mdx b/docs/docs/configuration/auth/providers.mdx
@@ -33,6 +33,13 @@ The following authentication providers require an [enterprise license](/docs/lic
 
 [Auth.js GitHub Provider Docs](https://authjs.dev/getting-started/providers/github)
 
+Authentication using both a **GitHub OAuth App** and a **GitHub App** is supported. In both cases, you must provide Sourcebot the `CLIENT_ID` and `SECRET_ID` and configure the 
+callback URL correctly (more info in Auth.js docs). 
+
+When using a **GitHub App** for auth, enable the following permissions:
+- `“Email addresses” account permissions (read)`
+- `"Metadata" repository permissions (read)` (only needed if enabling [permission syncing](/docs/features/permission-syncing))
+
 **Required environment variables:**
 - `AUTH_EE_GITHUB_CLIENT_ID`
 - `AUTH_EE_GITHUB_CLIENT_SECRET`

diff --git a/docs/docs/configuration/environment-variables.mdx b/docs/docs/configuration/environment-variables.mdx
@@ -62,9 +62,9 @@ The following environment variables allow you to configure your Sourcebot deploy
 ### Review Agent Environment Variables
 | Variable | Default | Description |
 | :------- | :------ | :---------- |
-| `GITHUB_APP_ID` | `-` | <p>The GitHub App ID used for review agent authentication.</p> |
-| `GITHUB_APP_PRIVATE_KEY_PATH` | `-` | <p>The container relative path to the private key file for the GitHub App used by the review agent.</p> |
-| `GITHUB_APP_WEBHOOK_SECRET` | `-` | <p>The webhook secret for the GitHub App used by the review agent.</p> |
+| `GITHUB_REVIEW_AGENT_APP_ID` | `-` | <p>The GitHub App ID used for review agent authentication.</p> |
+| `GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET` | `-` | <p>The container relative path to the private key file for the GitHub App used by the review agent.</p> |
+| `GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH` | `-` | <p>The webhook secret for the GitHub App used by the review agent.</p> |
 | `OPENAI_API_KEY` | `-` | <p>The OpenAI API key used by the review agent.</p> |
 | `REVIEW_AGENT_API_KEY` | `-` | <p>The Sourcebot API key used by the review agent.</p> |
 | `REVIEW_AGENT_AUTO_REVIEW_ENABLED` | `false` | <p>Enables/disables automatic code reviews by the review agent.</p> |

diff --git a/docs/docs/features/agents/review-agent.mdx b/docs/docs/features/agents/review-agent.mdx
@@ -44,9 +44,9 @@ Before you get started, make sure you have an OpenAPI account that you can creat
     <Step title="Configure the environment variables in Sourcebot">
         Sourcebot requires the following environment variables to begin reviewing PRs through your new GitHub app:
 
-        - `GITHUB_APP_ID`: The client ID of your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
-        - `GITHUB_APP_WEBHOOK_SECRET`: The webhook secret you defined in your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
-        - `GITHUB_APP_PRIVATE_KEY_PATH`: The path to your app's private key. If you're running Sourcebot from a container, this is the path to this file from within your container
+        - `GITHUB_REVIEW_AGENT_APP_ID`: The client ID of your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
+        - `GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET`: The webhook secret you defined in your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
+        - `GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH`: The path to your app's private key. If you're running Sourcebot from a container, this is the path to this file from within your container
         (ex `/data/review-agent-key.pem`). You must copy the private key file into the directory you mount to Sourcebot (similar to the config file). 
 
         You can generate a private key file for your app in the [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings). You must copy this private key file into the
@@ -74,9 +74,9 @@ Before you get started, make sure you have an OpenAPI account that you can creat
                     - "/Users/michael/sourcebot_review_agent_workspace:/data"
                 environment:
                     CONFIG_PATH: "/data/config.json"
-                    GITHUB_APP_ID: "my-github-app-id"
-                    GITHUB_APP_WEBHOOK_SECRET: "my-github-app-webhook-secret"
-                    GITHUB_APP_PRIVATE_KEY_PATH: "/data/review-agent-key.pem"
+                    GITHUB_REVIEW_AGENT_APP_ID: "my-github-app-id"
+                    GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET: "my-github-app-webhook-secret"
+                    GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH: "/data/review-agent-key.pem"
                     REVIEW_AGENT_API_KEY: "sourcebot-my-key"
                     OPENAI_API_KEY: "sk-proj-my-open-api-key"
         ```

diff --git a/docs/snippets/schemas/v3/app.schema.mdx b/docs/snippets/schemas/v3/app.schema.mdx
@@ -0,0 +1,114 @@
+{/* THIS IS A AUTO-GENERATED FILE. DO NOT MODIFY MANUALLY! */}
+```json
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "AppConfig",
+  "oneOf": [
+    {
+      "$schema": "http://json-schema.org/draft-07/schema#",
+      "type": "object",
+      "title": "GithubAppConfig",
+      "properties": {
+        "type": {
+          "const": "githubApp",
+          "description": "GitHub App Configuration"
+        },
+        "deploymentHostname": {
+          "type": "string",
+          "format": "url",
+          "default": "github.com",
+          "description": "The hostname of the GitHub App deployment.",
+          "examples": [
+            "github.com",
+            "github.example.com"
+          ],
+          "pattern": "^[^\\s/$.?#].[^\\s]*$"
+        },
+        "id": {
+          "type": "string",
+          "description": "The ID of the GitHub App."
+        },
+        "privateKey": {
+          "description": "The private key of the GitHub App.",
+          "anyOf": [
+            {
+              "type": "object",
+              "properties": {
+                "secret": {
+                  "type": "string",
+                  "description": "The name of the secret that contains the token."
+                }
+              },
+              "required": [
+                "secret"
+              ],
+              "additionalProperties": false
+            },
+            {
+              "type": "object",
+              "properties": {
+                "env": {
+                  "type": "string",
+                  "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
+                }
+              },
+              "required": [
+                "env"
+              ],
+              "additionalProperties": false
+            }
+          ]
+        },
+        "privateKeyPath": {
+          "description": "The path to the private key of the GitHub App.",
+          "anyOf": [
+            {
+              "type": "object",
+              "properties": {
+                "secret": {
+                  "type": "string",
+                  "description": "The name of the secret that contains the token."
+                }
+              },
+              "required": [
+                "secret"
+              ],
+              "additionalProperties": false
+            },
+            {
+              "type": "object",
+              "properties": {
+                "env": {
+                  "type": "string",
+                  "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
+                }
+              },
+              "required": [
+                "env"
+              ],
+              "additionalProperties": false
+            }
+          ]
+        }
+      },
+      "required": [
+        "type",
+        "id"
+      ],
+      "oneOf": [
+        {
+          "required": [
+            "privateKey"
+          ]
+        },
+        {
+          "required": [
+            "privateKeyPath"
+          ]
+        }
+      ],
+      "additionalProperties": false
+    }
+  ]
+}
+```
diff --git a/docs/snippets/schemas/v3/githubApp.schema.mdx b/docs/snippets/schemas/v3/githubApp.schema.mdx
@@ -0,0 +1,108 @@
+{/* THIS IS A AUTO-GENERATED FILE. DO NOT MODIFY MANUALLY! */}
+```json
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "GithubAppConfig",
+  "properties": {
+    "type": {
+      "const": "githubApp",
+      "description": "GitHub App Configuration"
+    },
+    "deploymentHostname": {
+      "type": "string",
+      "format": "url",
+      "default": "github.com",
+      "description": "The hostname of the GitHub App deployment.",
+      "examples": [
+        "github.com",
+        "github.example.com"
+      ],
+      "pattern": "^[^\\s/$.?#].[^\\s]*$"
+    },
+    "id": {
+      "type": "string",
+      "description": "The ID of the GitHub App."
+    },
+    "privateKey": {
+      "description": "The private key of the GitHub App.",
+      "anyOf": [
+        {
+          "type": "object",
+          "properties": {
+            "secret": {
+              "type": "string",
+              "description": "The name of the secret that contains the token."
+            }
+          },
+          "required": [
+            "secret"
+          ],
+          "additionalProperties": false
+        },
+        {
+          "type": "object",
+          "properties": {
+            "env": {
+              "type": "string",
+              "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
+            }
+          },
+          "required": [
+            "env"
+          ],
+          "additionalProperties": false
+        }
+      ]
+    },
+    "privateKeyPath": {
+      "description": "The path to the private key of the GitHub App.",
+      "anyOf": [
+        {
+          "type": "object",
+          "properties": {
+            "secret": {
+              "type": "string",
+              "description": "The name of the secret that contains the token."
+            }
+          },
+          "required": [
+            "secret"
+          ],
+          "additionalProperties": false
+        },
+        {
+          "type": "object",
+          "properties": {
+            "env": {
+              "type": "string",
+              "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
+            }
+          },
+          "required": [
+            "env"
+          ],
+          "additionalProperties": false
+        }
+      ]
+    }
+  },
+  "required": [
+    "type",
+    "id"
+  ],
+  "oneOf": [
+    {
+      "required": [
+        "privateKey"
+      ]
+    },
+    {
+      "required": [
+        "privateKeyPath"
+      ]
+    }
+  ],
+  "additionalProperties": false
+}
+```