GitHub Integration

Install the GitHub App

CostLens uses a GitHub App — no OAuth tokens, no manual webhook setup.

1. Go to Settings → GitHub or complete onboarding
2. Click Install GitHub App — redirects to GitHub
3. Select your organization and grant access to repos
4. GitHub redirects back — CostLens stores your installationId and fetches available repos
5. Select which repos to track (limited by plan)

No OAuth tokens stored. Auth uses GitHub App installation tokens that rotate automatically.

What Gets Tracked

AI Detection

CostLens automatically detects AI-assisted PRs by matching active coding sessions to PR branches. When a developer has a tracked AI session on the same branch as an opened PR, the cost is attributed.

You can manually override detection using the AI/Manual toggle on any PR in the dashboard.

Cost Per PR

The key metric: how much AI spend went into shipping each pull request.

Permissions

The CostLens GitHub App requests:

• Pull requests — read (track PRs and reviews)
• Contents — read (commit metadata only, not file contents)
• Metadata — read (repo names, branches)

Webhook events subscribed:

• pull_request — opened, closed, synchronize
• pull_request_review — submitted
• pull_request_review_comment — created

No write permissions. All webhook deliveries are signed with HMAC-SHA256 and verified server-side.

Backfill

On first install, CostLens backfills recent PR history using installation tokens (parallelized, batches of 5 repos):

• Free plan — last 14 days
• Pro plan — last 90 days
• Business plan — last 180 days

A daily cron re-syncs all connected users to catch any missed webhook events.