All Docs/Git Provider Connections

Git Provider Connections

DevSpec connects to a git provider to access your repositories. This is required before you can track repositories in your projects. DevSpec supports four provider families:

  • GitHub — OAuth.
  • Bitbucket Cloud — OAuth.
  • GitLab — gitlab.com (OAuth) or a self-managed instance (OAuth or a personal access token).
  • Gitea / Forgejo / Codeberg — self-hosted Gitea or Forgejo, and Codeberg, via OAuth or a personal access token.

Your connection is yours

A git connection belongs to you, not to a project. You authorize a provider once — under You → Connections — and that single connection works across every project you administer. A project never stores its own copy of your credential; it simply references your connection for the specific repositories you track into it.

This matches how the providers actually work: a provider OAuth authorization is granted to your account, and one authorization already covers every repository you can access.

Heads-up: when you track a repository into a project using your connection, every member of that project can read and interact with that repository's code through your connection. Keep that in mind when adding repos to a shared project.

When DevSpec eventually offers a GitHub App, that will provide an organization-owned connection for teams; until then, connections are per-user as described here.

Connecting a provider

Connect under You → Connections → Git connections, or just start adding a repository in a project — if you haven't connected the provider yet, you'll be prompted to authorize your account first.

Cloud providers (GitHub, Bitbucket, GitLab.com)

  • Pick your provider and click "Authorize."
  • Approve DevSpec on the provider's consent screen.
  • You're redirected back with your account connected. The connection now appears in You → Connections.

Self-managed GitLab or Gitea / Forgejo

  • Enter your instance URL (for Codeberg, use https://codeberg.org).
  • Authorize with OAuth, or paste a personal access token with repository + webhook access.
  • DevSpec validates the credential and connects the instance to your account.

You can disconnect any connection at any time from You → Connections (and revoke DevSpec entirely from the provider's own settings).

What DevSpec can access

DevSpec only reads your code. It clones and indexes your tracked repositories, reads files, pull/merge requests and commits, and installs one webhook so it knows when you push. It never commits, pushes, or modifies your code. When you implement changes via Autopilot or the MCP, that's your local agent acting with your own local git credentials — entirely under your control.

A note on scope: provider OAuth is coarse — it can't be narrowed to specific repositories (only a future GitHub App can do per-repo selection). So the token DevSpec receives can technically reach every repo your account can, but DevSpec only ever uses it for the repos you track into projects, and only to read them + manage their sync webhook. The exact scopes per provider, all least-privilege for what we do:

  • GitHub — the repo scope (which also covers webhook management).
  • Bitbucketaccount, repository, pullrequest, webhook.
  • GitLab — the api scope (GitLab has no narrower webhook-only scope).
  • Gitea / Forgejo — repository read + webhook, per the instance's OAuth app or token.

Revoking access — from You → Connections or the provider's settings — immediately stops DevSpec from reading the repositories you connected.

If a connection breaks

If the connection backing a project's repositories stops working — because the person who added them disconnected it or their access expired — the project's dashboard shows a "Git connection needs attention" prompt and the affected repo cards show a badge. Two ways to recover:

  • The owner reconnects. Whoever authorized the connection re-authorizes it in You → Connections; every repository that references it recovers automatically.
  • Another admin adopts the repos. Any project admin who has their own valid connection can click Reconnect on the dashboard to re-point the project's repositories onto their connection.