Skip to content

Replace the single global admin allowlist with a per-customer concept #4889

Description

@JSONbored

Problem: A single global admin-login allowlist grants maintainer-equivalent trust across every repo in the deployment today — correctly representing "the one operator" for self-host, but there's no concept of a per-customer admin distinct from literal GitHub repo-owner permissions for a hosted model.

Area: ORB / Cloud

Proposal: Add a per-tenant admin concept, derived from real GitHub repo-owner/org-admin permissions rather than a single hardcoded allowlist.

Deliverables:

  • Per-tenant admin resolution replacing the single global allowlist for hosted deployments (self-host can keep the simple allowlist as its default).

Metadata

Metadata

Assignees

Labels

maintainer-onlyOwner-only work — yields no Gittensor points.roadmapOn the Wave-2 agent-layer roadmap board (project 9)

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions