GitHub repo owner gates catalog admin
Platform spec ADR
GitHub repo owner gates catalog admin
Spec standingStandard
0 revisions (git unavailable at build; counts may be empty)
No commits recorded for this path.
| Section id | Required | Found |
|---|---|---|
what-this-feature-specifies | yes | yes |
implementation-anchors | yes | yes |
Full tree: run pnpm verify:platform-spec-layout (writes src/generated/platform-spec-layout-report.json).
Context
Section titled “Context”GitNexus used a static admin roster for catalog mutations. Beskid Nexus indexes public graphs for many repositories — administration should follow GitHub ownership, not a deployment-time username list that does not scale across contributors and org repos.
Instance operators still need bootstrap authority for auth hub pairing and secrets — distinct from day-to-day repo administration.
Decision
Section titled “Decision”POST/PATCH/DELETE /api/admin/catalog*andPOST .../analyzeandPOST .../refresh-docsrequire the session user to be owner or admin of the entry’sgitUrlper GitHub API (GET /repos/{owner}/{repo}with hub user token).GET /api/auth/memust exposeownedRepoIds— catalog ids the user may administer — for UI gating.requireAdmin(env roster) is retained only forPOST /api/admin/auth/pairand first-run setup endpoints.- Ownership verification may be cached up to 15 minutes per
(login, gitUrl). - Non-owners receive
403on mutating routes.
Consequences
Section titled “Consequences”github-ownership.tscentralizes URL parsing and API checks.- Frontend admin sheet gates on
ownedRepoIds.includes(activeEntry.id). - Public catalog and graph routes remain unauthenticated.
Status
Section titled “Status”Accepted — reference implementation in beskid_nexus/gitnexus/src/server/nexus/github-ownership.ts.