Skip to content

Source Control Datamodel

Jump to bottom
Tom Smith edited this page Sep 24, 2025 · 4 revisions

GitHub Access & Permissions

Goal: Read and act on GitHub repos while keeping required permissions minimal.

User Stories

  • Brian (ind dev)

    • GitHub repo under personal account

  • Paul (org owner)

    • Multiple repos under org account (not individual account)

  • Tom (dev)

    • Read/write access to individual repos (within the org)
    • Tries to add access before org owner

  • Evan (dev)

    • Read/write access to individual repos (within both org and personal account)

  • mempool (open source)

    • Fork under individual or org

Example Flows

  • Paul (owner)

    • Onboard to Hive → creates Hive login token → visits Electa workspace
    • Hive does not see installation_id for the PM app
    • Paul creates PM token for the Stakwork org
    • Paul may need to create a personal token for the PM app (for the OWNER)

  • Tom (dev)

    • Onboard to Hive → creates Hive login token → visits Electa workspace
    • Hive does not see PM app token for Tom
    • Tom is redirected to GitHub to create that token (redirect, no action required)
    • Later: Tom visits another Stakwork (org) workspace (senza-lnd)
      • Hive is aware that Tom has PM app token → status = green (no action required)

Requirements

  • Login to Hive website (with GitHub)
  • User invited to a workspace
  • User creates a workspace and attaches a repo in an org they control
  • Individual == org, same rules apply
  • User creates a workspace and attaches a repo in an org they don’t control

Architecture

Tables

  • source_control_org
  • source_control_tokens

Access Model

  • Org/individual grants access by installing the Hive App at org level (all or select repos)
  • Person OAuth token tied to GitHub app
  • Permissions defined for the Hive Chat App
  • Installing the app creates installation_id

Example:

  • Tom invited to workspace → loads dashboard (install ID exists)
  • Tom has no OAuth token for repo
  • Tom goes to OAuth link via GitHub client_id (GitHub app → Hive Chat PM)
  • Redirects to GitHub (login/redirect back to Hive)
  • New token generated for Tom for the org
  • Individual has source_control_org record (same as company org)

Tokens

  • Login token
  • PM app token
    • App token per org
  • User-specific token per PM app

Clone this wiki locally