You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 16, 2026. It is now read-only.
internal/connectors/github/app_token_source.go — in-memory installation→token cache with no distributed backing
Required work
Distributed token cache: move GitHub App installation-token cache from in-memory to Redis so multiple API replicas share cached tokens and don't each hit GitHub's token creation endpoint
Error classification: distinguish GitHub API rate limits (429), permission errors (403), transient failures (5xx), and not-found (404) — return appropriate broker error codes for each
Token pre-refresh: if a cached token has < 5 minutes remaining, refresh proactively before the next request uses it
Write operations (when needed): add allowlisted operations for create_issue, create_pull_request_comment, create_check_run — each with appropriate permission scoping
Per-repository permission scoping: ensure installation tokens are minted with only the permissions needed for the specific operation, not the full app permission set
Fallback logic: if GitHub App token exchange fails (misconfigured app, installation removed), fall back to static token if available, or return a clear error
Summary
The GitHub connector works for basic read-only proxy flows but has several gaps for production use.
Current state
internal/connectors/github/connector.go— 4 read-only operations allowlistedinternal/connectors/github/executor.go— in-memory token cache, basic error handlinginternal/connectors/github/app_token_source.go— in-memory installation→token cache with no distributed backingRequired work
create_issue,create_pull_request_comment,create_check_run— each with appropriate permission scopingFiles
internal/connectors/github/connector.go— add operationsinternal/connectors/github/executor.go— error classificationinternal/connectors/github/app_token_source.go— Redis-backed cache, pre-refreshPriority
Medium.
🤖 Generated with Claude Code