This directory contains the manifest files for WorldDriven's GitHub Apps. These manifests define the permissions, events, and configuration for each app.
For how these apps fit into the overall system, see ARCHITECTURE.md.
| App | Purpose | Permissions |
|---|---|---|
| worlddriven | PR voting and auto-merge | checks, contents, issues, pull_requests, statuses, workflows |
| worlddriven-migrate | One-time repository transfer | administration, metadata |
The main app handles the democratic PR management system:
- Monitors pull requests and reviews
- Calculates voting weights based on contributions
- Automatically merges PRs when voting threshold is reached
- Posts status updates and comments
Install: github.com/apps/worlddriven
A minimal app for transferring repositories to the worlddriven org:
- Only used during repository migration
- Requires Administration permission to perform transfers
- Can be uninstalled after migration completes
Install: github.com/apps/worlddriven-migrate
We use separate apps to follow the principle of least privilege:
- Trust: Users are more likely to install an app with minimal permissions
- Security: The main app doesn't need admin access for normal operations
- Clarity: Each app has a clear, single purpose
- Transparency: Users know exactly why each permission is needed
These manifests can be used with GitHub's App Manifest Flow to create or recreate the apps.
- Navigate to GitHub organization settings
- Go to Developer settings > GitHub Apps > New GitHub App
- Or use the manifest flow programmatically:
<form action="https://github.com/organizations/worlddriven/settings/apps/new" method="post">
<input type="hidden" name="manifest" value='<JSON_MANIFEST_HERE>'>
<button type="submit">Create GitHub App</button>
</form>| Field | Description |
|---|---|
name |
Display name of the app |
url |
Homepage URL |
hook_attributes.url |
Webhook endpoint URL |
description |
App description shown to users |
public |
Whether app can be installed by anyone |
default_events |
GitHub events the app subscribes to |
default_permissions |
Permissions requested by the app |
GitHub Apps cannot be updated via API. To change permissions or settings:
- Go to github.com/organizations/worlddriven/settings/apps
- Select the app to modify
- Update settings manually
- Update the manifest file in this repository to keep documentation in sync
Note: When permissions are added, existing installations must approve the new permissions.
The webhook handlers for these apps are implemented in the core repository:
| App | Webhook Endpoint | Handler |
|---|---|---|
| WorldDriven | /api/webhooks/github |
webhookHandler.js |
| WorldDriven Migrate | /api/webhooks/migrate |
migrationHandler.js |