Skip to content

assistant-ui: surface GitHub App install + permission links per repo#591

Merged
ExtraToast merged 2 commits into
mainfrom
feat/github-app-frontend
Jun 6, 2026
Merged

assistant-ui: surface GitHub App install + permission links per repo#591
ExtraToast merged 2 commits into
mainfrom
feat/github-app-frontend

Conversation

@jorisjonkers-dev-agents

Copy link
Copy Markdown
Contributor

What

Managing the personal-stack-agents GitHub App — installing it on a repo's owner, and periodically widening the token's permissions and approving that on each installation — meant leaving the UI and hunting for GitHub URLs. The repositories feature now surfaces those links directly, so it can be done from the frontend without searching the repo.

  • githubAppLinks.ts — pure helper: parses the owner from a repository URL (scp-style SSH, ssh://, http(s)://; rejects non-GitHub hosts, malformed values, bad owners) and builds the install URL from a slug read from VITE_GITHUB_APP_SLUG (default personal-stack-agents).
  • GitHubAppPanel.vue (per repository, in RepositoryView) — shows the detected owner with install, user-installation configure, org-installation configure, and owner-side permissions links, plus the requested-permissions summary (contents/pull_requests/actions: write).
  • GitHubAppReference.vue (repositories overview) — repo-agnostic operator panel with the public App, install, owner permissions, and owner installations links and the "approve the change on each installation" note — the periodic permission-bump path.
  • DockerfileVITE_GITHUB_APP_SLUG build arg so images can override the slug.

Frontend-only by design

No assistant-api / OpenAPI change: every link is built client-side from the repo owner + configurable slug, so services/assistant-api/openapi.json and services/assistant-ui/src/api/generated.ts are untouched (the contract job stays green). All links open in a new tab with rel="noopener noreferrer".

How it was built

Planned and implemented through the council orchestrator with codex (gpt-5.5) as planner-B, consolidator, worker, and verifier (claude as planner-A for the cross-model critique). 5-task DAG fanned out across codex workers in isolated worktrees.

Verification

  • npm run typecheck (vue-tsc) — clean.
  • npm run lint (eslint . --max-warnings 0) — clean.
  • Vitest — 48 tests across the 4 specs pass (owner parsing/link building, and the mounted views asserting canonical hrefs with target=_blank / rel=noopener noreferrer).
  • git diff on openapi.json / generated.ts — clean.

Managing the personal-stack-agents GitHub App — installing it on a
repo's owner, and periodically widening the token's permissions and
approving that on each installation — meant leaving the UI to hunt for
GitHub URLs. The repositories feature now surfaces those links directly.

A pure helper (features/repositories/services/githubAppLinks.ts) parses
the owner from a repository URL (scp-style SSH, ssh://, http(s)://,
rejecting non-GitHub and malformed values) and builds the install URL
from a slug read from VITE_GITHUB_APP_SLUG (default
personal-stack-agents). A per-repository GitHubAppPanel shows the
detected owner with install, user- and org-installation configure, and
owner-side permissions links; a repo-agnostic GitHubAppReference on the
repositories overview carries the operator-side permissions and
installations links plus the per-installation approval note. The
assistant-ui Dockerfile gains a VITE_GITHUB_APP_SLUG build arg.

Frontend-only by design: no assistant-api or OpenAPI change, so the
links are built client-side and the committed contract is untouched.
The repo-wide `pnpm format:check` (`prettier --check .`) only runs in the
"Lint Frontend" job, which is path-gated to frontend changes — so the
agent-kit prompt/template/skill/manifest files and private design notes
have been edited for a while without prettier ever checking them, leaving
them in a non-prettier style. The first PR to touch a frontend path
surfaces that as 21 "code style" failures unrelated to the change.

These are authored/generated text — prompt wording, rendered skills, the
manifest whose sha256s are pinned by the agent-kit renderer, and private
design docs — not JS sources, and prettier reformatting them either
churns prompt text or fights the renderer. Exclude them from prettier,
matching how the ignore file already excludes generated artefacts
(openapi.json, generated.ts, generated-jooq).
@ExtraToast ExtraToast merged commit 5bcd80f into main Jun 6, 2026
42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant