Ship faster from the comments you already write

What it does

Six things Codweft gets right that PAT-based bots don't

• Your coding-plan keys, never ours

  Codweft routes Kimi, Z.ai, and MiniMax coding-plan credentials. Your keys are stored encrypted in Codweft and decrypted only when a runner job needs them. You pay your model provider directly. Codweft never touches billing

• GitHub App, not a bot account

  One install on your org. Granular permissions, no PATs, no shared service accounts to rotate

• Comment-driven workflows

  @codweft <verb> in any issue or PR triggers a reusable, versioned GitHub Actions run that is fully visible to your team

• Temporary workflow branches

  Each command creates a short-lived branch with the workflow for that run, triggers it, and cleans it up after completion

• Run history and audit

  Every command is logged with status, requester, run URL, and outcome. Browse it in the dashboard or pipe it to your SIEM

• Open and verifiable

  The workflows live in github.com/codweft/github-actions, pinned by tag. Read what's running before you ship it

How it works

Three steps from install to merged PR

1. 01

   Install the GitHub App

   One click on github.com/apps/codweft. Pick your org and the repos you want covered

2. 02

   Configure model routing

   Store provider credentials in Codweft, pick the models each repository can use, and keep secrets out of repository Actions settings

3. 03

   Comment @codweft on issues or PRs

   @codweft review, @codweft fix, @codweft implement, @codweft resolve conflicts. Every command is a tracked Actions run

Commands

A small vocabulary that does a lot

Triggered from any issue or pull request comment by trusted users in your repo. Every command is a versioned reusable workflow you can pin and audit

@codweft review focus on auth code

@codweft fix the off-by-one in pagination

@codweft implement

@codweft resolve conflicts prefer ours for lockfile

FAQ

Questions, answered

• Which models does Codweft support?

  Kimi (Kimi K2.7 Code), Z.ai (GLM-5.2, GLM-5.1, GLM-5-Turbo, GLM-4.7, GLM-4.5-Air), and MiniMax (MiniMax-M3 plus M2.x options). The router tries the credentials you configure in order. At least one route is required per repo or org

• Does Codweft cost anything?

  Codweft itself is free during the MVP. You pay your model provider for tokens and your GitHub Actions usage for run minutes. Both are billed directly by them, not by us

• What permissions does the GitHub App need?

  Read on contents and metadata, write on pull requests and issues for the repos you select. Provider keys are stored encrypted in Codweft, not in your repo, so no Actions secrets permission is needed. The full permission list is shown on the install page

• What happens when I rotate a coding-plan key?

  Update the credential in the repository's or account's Codweft dashboard. We store it encrypted and decrypt it only for runner jobs. The next run picks up the new key

• Can trusted users only trigger commands, or anyone?

  Only repository owners, members, and collaborators. The reusable workflows check association on every comment event before doing anything

• Is Codweft open source?

  The reusable workflows are: github.com/codweft/github-actions. The portal/control plane is closed source for now