GitHub
Mara reads your repo. GitHub OAuth is the connection.
What she asks for
A read-only OAuth grant on the repo you choose. The scope is repo:read for private repos, or no scope for public repos. She can't write to the repo, can't open PRs, can't push commits, can't modify settings.
What she reads
The README, for product positioning and the activation surface. The commit log, to know what shipped this week. The issues, to understand what users have asked for and what's broken. In-tree marketing pages, if your repo has them.
She doesn't read source code line-by-line. She reads code structure to understand surfaces (this product has a CLI and a web app, for example) but doesn't try to summarize implementation.
How often she reads
The initial pass happens at onboarding. After that, a daily refresh checks for new commits, README changes, and issue activity. The freshness gate is 23 hours per tenant: one round-trip to GitHub per day per connected repo.
If you ship something big, you can manually trigger a refresh from the integrations settings.
What happens when you revoke
Revoke the OAuth grant in your GitHub settings. Mara loses access on her next sync. The tenant_integrations.disabled_at row gets stamped, and Mara stops trying. Existing data she's already read stays.
Reconnect by re-granting OAuth.
What about GitLab, Bitbucket, self-hosted Git?
Not yet. GitHub-only on day one. Add a v2 issue if any of these is a blocker.