Problem: A single global admin-login allowlist grants maintainer-equivalent trust across every repo in the deployment today — correctly representing "the one operator" for self-host, but there's no concept of a per-customer admin distinct from literal GitHub repo-owner permissions for a hosted model.
Area: ORB / Cloud
Proposal: Add a per-tenant admin concept, derived from real GitHub repo-owner/org-admin permissions rather than a single hardcoded allowlist.
Deliverables:
- Per-tenant admin resolution replacing the single global allowlist for hosted deployments (self-host can keep the simple allowlist as its default).
Problem: A single global admin-login allowlist grants maintainer-equivalent trust across every repo in the deployment today — correctly representing "the one operator" for self-host, but there's no concept of a per-customer admin distinct from literal GitHub repo-owner permissions for a hosted model.
Area: ORB / Cloud
Proposal: Add a per-tenant admin concept, derived from real GitHub repo-owner/org-admin permissions rather than a single hardcoded allowlist.
Deliverables: