feat: implement GitHub org-gated access for coder.ddev.com, fixes #64#131
Merged
feat: implement GitHub org-gated access for coder.ddev.com, fixes #64#131
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…-signup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… requirements Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…6, C-007) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…gside upsun Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Auto-committed by spec-kitty before creating the lane worktree for WP01
- Expand ALLOWED_ORGS to full 27-org list (ddev + coder-ddev-com + 25 sponsor orgs) - Add staging OAuth App sub-section with separate callback URL - Document coder-ddev-com org purpose and individual membership management - Add sponsor org access policy table with all confirmed org slugs - Add runbook for adding a new sponsor org Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Auto-committed by spec-kitty before creating the lane worktree for WP02
- Add top-level Access Management section explaining the org-gated signup model - Document granting access via coder-ddev-com org membership - Document pre-creating password exception accounts via CLI and Web UI - Explain private org membership and read:org scope behavior - List initial coder-ddev-com members Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- docs/admin/blog-post-draft.md: ready-to-apply diff for ddev.com blog post - Replaces 'Log In with GitHub' section to explain access restrictions - Adds 'Requesting Access' paragraph with link to coder-ddev-com/access-requests - Adds sponsor org access benefit mention Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…y/mission-github-org-gated-signup-01KR1P4G
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Discord: ddev.com/s/discord - Issues: ddev/coder-ddev not ddev/ddev Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- start.coder.ddev.com auth-callout now explains ddev/sponsor org requirement and links to coder-ddev-com/access-requests - Add docs/access-denied.html for use as redirect target when unauthorized users hit the OAuth callback (used by the Caddy reverse-proxy fix) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
rfay
changed the title
"the ddev" → "the ddev org" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Explains project structure (.kittify/, kitty-specs/), when to use spec-kitty, how to start a mission, implementation lanes, key files (wps.yaml, spec.md, mission-events.jsonl), common pitfalls, and a completed missions table. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Changes have been applied directly to ddev/ddev.com src/content/blog/coder-ddev-com-announcement.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
rfay
changed the title
This was referenced May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements GitHub org-gated access for coder.ddev.com. New signups and re-authentication are restricted to members of approved GitHub organizations. This is also the first mission driven through spec-kitty, initializing the project's spec-driven development infrastructure.
spec-kitty initialization
This branch introduces two new top-level directories that will persist for all future initiatives:
.kittify/— project-level spec-kitty configuration: project charter (governance, quality directives, stakeholder roles), config, and skills manifest. Consulted by every future spec-kitty mission to validate scope and constraints.kitty-specs/github-org-gated-signup-01KR1P4G/— the complete specification record for this initiative: requirements (spec.md), research evidence log and source register, data model, implementation plan, work-package manifest (wps.yaml), task files (WP01–WP04), requirement-traceability checklist, and append-only mission event log. Future initiatives get their own subdirectory alongside this one.Changes
docs/admin/server-setup.mdCODER_OAUTH2_GITHUB_ALLOWED_ORGSlist (27 orgs: ddev, coder-ddev-com, and 25 confirmed $100+/mo sponsor orgs)coder-ddev-comGitHub orgdocs/admin/user-management.mdread:orgscope explanationdocs/admin/coder-ddev-com/(operator drafts — already applied to live repos)org-profile-README.md→coder-ddev-com/.githubprofile/README.mdaccess-requests-README.md→coder-ddev-com/access-requestsREADMEaccess-request-issue-template.yml→ GitHub issue form templatesponsor-notification.md→ template for notifying new sponsor orgsdocs/admin/blog-post-draft.mddocs/index.html(start.coder.ddev.com)docs/access-denied.htmlstart.coder.ddev.com/access-deniedexplaining why access was denied and how to request itTest plan
start.coder.ddev.comreflects updated auth calloutPUT /api/v2/appearanceservice_banner to production coder.ddev.com🤖 Generated with Claude Code