roles
Repository review for security teams
Review the repository boundary and customer-controlled access before approving a sync.
Updated 2026-06-10
Review the repository boundary
The Test Chronicle agent runs in a local checkout or CI runner controlled by the customer. It does not install a GitHub App or independently browse repositories.
Ask the key questions
- What can the sync process read?
- Which metadata leaves the checkout?
- Which GitHub permission and secrets does the workflow receive?
- How are credentials scoped and revoked?
- How are project and account deletion initiated?
The Security and Trust page answers these questions in one place. How repository sync works explains the processing path, and the GitHub Actions guide provides the recommended read-only workflow.
Related reading
Security and trustReview the repository boundary, synced metadata, permissions, credentials, and deletion controls before connecting a project.How repository sync worksFollow the path from a repository checkout to the historical views in the Test Chronicle dashboard.Sync with GitHub ActionsAutomate incremental project syncs after validating the repository with the local CLI.
See it in Test Chronicle
Inspect a populated project or start tracking your own repository history.
Explore the sandbox