Code

Cuitty Code Apps

Installable, permission-scoped apps for Cuitty Code.

Cuitty Code Apps are installable automation units that run against Cuitty Code resources. Apps are owned by a user or organization, published with a versioned manifest, installed into a target owner, and granted only the permissions declared by the app.

Apps can target a user, organization, repository, registry namespace, or package. The target decides which SpiceDB relationships are written for the install and which resources the app can read, write, publish to, or operate.

Required services

Environment variables

PUBLIC_API_URL=http://localhost:4351
PUBLIC_CUITTY_AUTH_URL=http://localhost:7705
AUTH_ISSUER=http://localhost:7705
AUTH_CLIENT_ID=cuitty-git
CUITTY_PUBLIC_URL=http://localhost:4350
CUITTY_GIT_SECRET_KEY=dev-secret-change-me
SPICEDB_ENDPOINT=http://localhost:50051
SPICEDB_PRESHARED_KEY=dev-secret
AIRFLOW_URL=http://localhost:8080
AIRFLOW_USERNAME=airflow
AIRFLOW_PASSWORD=airflow
CUITTY_APP_EXECUTION_MODE=airflow
CUITTY_APP_RUN_CALLBACK_SECRET=dev-callback-secret

Use deployment-specific secret management for database URLs, SpiceDB keys, Airflow credentials, registry credentials, and callback HMAC secrets.

Permissions model

The app listing controls discovery and installation. The installation controls runtime access. Manifest-declared permissions are the upper bound: installers can approve fewer grants, but the API rejects grants that the manifest did not declare.

Public apps can be discovered by everyone, private apps are visible only to explicit owners or admins, and organization-visible apps are visible to members of the shared organization. Unauthorized callers may receive 404 when the platform must hide private app existence.

Common workflows

  1. Publish an app release from an immutable Git tag.
  2. Review the manifest, docs path, version, requested permissions, and runtime.
  3. Install the app to a user, organization, repository, registry namespace, or package target.
  4. Run app actions through Airflow with a scoped installation token.
  5. Upgrade only after reviewing permission changes.
  6. Uninstall by revoking grants and disabling app-owned schedules.

Failure modes and recovery