Cuitty Code Apps

Apps that can help manage code without owning everything.

Code Apps are Git-backed extensions for repository, registry, package, and CI workflows. Every install is bound to a target and a reviewed set of SpiceDB permissions.

Install targets

Apps can be scoped narrowly. A release automation app can target one repo; a package policy app can target one registry namespace.

  • User account
  • Organization
  • Repository
  • Registry namespace
  • Package

Permission review

App manifests declare requested resources, actions, and reasons. Installs store only approved grants, and runtime calls are checked against the installation token.

[[app.permissions]]
resource = "repository"
actions = ["read", "create_pr"]
reason = "Open remediation pull requests."

Lifecycle

Publish

App source, manifest, docs, and release tags live in Git.

Install

Users review the exact permissions requested by a specific app version.

Run

App events and manual actions run as Airflow DAGs with scoped tokens.

Upgrade

Permission changes are diffed before a newer version can take effect.

Uninstall

Cuitty revokes grants, disables schedules, and keeps the audit trail.