// GitHub code repository integration for investigating code changes, deployments, commits, PRs, and suggesting fixes during RCA
Amazon CloudWatch alarm integration — receives alarm state-change notifications via SNS webhooks and creates incidents automatically
On-prem Kubernetes cluster integration for running kubectl commands on connected clusters via Aurora agent relay
Postmortem generation and management tools for writing, reading, and versioning incident postmortems
GitLab code repository integration for investigating code changes, deployments, commits, MRs, and suggesting fixes during RCA
Sentry error tracking integration for searching issues, fetching stacktraces, listing projects, and running Discover event searches during RCA investigations
Slack integration tools for reading channel messages and thread replies
| name | github |
| id | github |
| description | GitHub code repository integration for investigating code changes, deployments, commits, PRs, and suggesting fixes during RCA |
| category | code_repository |
| connection_check | {"method":"is_connected_function","module":"utils.auth.github_auth_router","function":"is_github_connected"} |
| tools | ["get_connected_repos","github_rca","github_fix","github_apply_fix","github_commit"] |
| index | Code repo — discover repos, check deployments/commits/PRs, suggest & apply fixes |
| rca_priority | 2 |
| allowed-tools | get_connected_repos, github_rca, github_fix, github_apply_fix, github_commit |
| metadata | {"author":"aurora","version":"1.0"} |
GitHub integration for investigating code changes during Root Cause Analysis and managing code fixes. Connected account: {username}
get_connected_repos FIRST to list them with descriptions.github_rca auto-selects it. If multiple, you MUST pass repo='owner/repo'.get_connected_repos — Discover available repos + descriptions. Always call first.github_rca(repo='owner/repo', action=...) — Investigate code changes for RCA:
deployment_check — GitHub Actions workflow runs (failures, suspicious timing)commits — Recent commits with automatic 2-hour incident correlationdiff (requires commit_sha) — File-level changes for a specific commitpull_requests — Merged PRs in the time windowincident_time (ISO 8601) for automatic time window correlationgithub_fix(file_path=..., edits=[{old_string, new_string, replace_all?}, ...], fix_description=..., root_cause_summary=...) — Suggest a code fix via anchored search-and-replace edits (stored for user review, not auto-applied). First call get_file_contents to read the current file so you can copy the exact old_string (with enough surrounding context to be unique).github_apply_fix(suggestion_id=...) — Create a PR from an approved fix (only after user reviews)github_commit(repo=..., commit_message=...) — Push Terraform files to GitHubget_file_contents, create_or_update_file, push_files, get_repository_treecreate_branch, list_branches, list_commits, get_commitcreate_pull_request, list_pull_requests, merge_pull_request, get_pull_request_filescreate_issue, list_issues, search_issues, add_issue_commentlist_workflow_runs, get_workflow_run, get_job_logs, run_workflowlist_code_scanning_alerts, list_dependabot_alerts, list_secret_scanning_alertsowner and repo parameters (split from 'owner/repo').Code changes are a common root cause of incidents. Investigate GitHub early in the process.
Important: Merged does not always mean deployed. Many teams have separate CI (build) and CD (deploy) steps. When concluding that a commit caused an incident, check whether it was actually deployed. If deployment status cannot be confirmed, qualify your conclusion (e.g. "this commit is the likely cause if it was deployed").
Step 1 — Discover repos:
get_connected_repos() — returns all connected repos with descriptions.
Read the descriptions to pick the repo most relevant to the alert.
Step 2 — Check deployments (did something ship?):
github_rca(repo='owner/repo', action='deployment_check', incident_time='<ISO8601>')
Finds failed workflow runs and runs completed within 2 hours of the incident.
Step 3 — Check commits (what code changed?):
github_rca(repo='owner/repo', action='commits', incident_time='<ISO8601>')
Lists commits with automatic suspicious-commit flagging (within 2 hrs of incident).
Step 4 — Inspect suspicious changes:
github_rca(repo='owner/repo', action='diff', commit_sha='<sha>')
Shows file-level additions/deletions. Prioritize config/infra files (.yaml, .env, terraform/).
Step 5 — Check merged PRs:
github_rca(repo='owner/repo', action='pull_requests', incident_time='<ISO8601>')
Finds PRs merged in the time window; recently merged PRs are flagged.
Step 6 — Suggest fix:
First read the file with get_file_contents(owner, repo, path). Then:
github_fix(file_path=..., edits=[{old_string: "...", new_string: "..."}], fix_description=..., root_cause_summary=...)
old_string must match the current file exactly (include 1–3 lines of surrounding context so the match is unique). Indentation counts. Keep old_string narrow — just the lines you're changing plus a little surrounding context. Do NOT pass the whole file as old_string; if a single edit covers more than ~half the file Aurora will reject it. For multi-section changes, send multiple smaller edits. Use replace_all: true only when old_string matches the file byte-for-byte and you want every occurrence touched. Aurora applies the edits server-side and stores the result for user review; github_apply_fix then creates the PR.
incident_time on every github_rca call for automatic time correlation.time_window_hours (default 24) to widen/narrow the search.get_file_contents) to read files, never local shell commands.