docs(github-app): public docs, setup runbook, and app logo#714
Conversation
Document the Fro Bot Agent GitHub App identity for issue #703: a public-facing page (what it does, contents:read permission, privacy posture, install/uninstall) and an operator runbook (registration, ownership, credential wiring). Add a flat geometric app logo (SVG + 512px PNG) derived from the Fro Bot head mark. Refs #703
fro-bot
left a comment
fro-bot
left a comment
There was a problem hiding this comment.
Verdict: PASS
Docs-and-assets-only PR (2 markdown files, 2 SVGs, 1 PNG; no build tooling, no code paths touched). I verified every factual claim in the docs against the codebase and they are accurate.
Verification performed:
contents: readpermission claim — matches the enforced minimum inpackages/gateway/src/github/app-client.ts:59(contents: 'read'), and the docs correctly state nothing else is requested.- Env var names
GITHUB_APP_ID,GITHUB_APP_PRIVATE_KEY,GATEWAY_GITHUB_APP_INSTALL_URL— all present inpackages/gateway/src/config.ts:328-331. *_FILEconvention (GITHUB_APP_ID_FILE,GITHUB_APP_PRIVATE_KEY_FILE) — matchesdeploy/compose.yaml:31-32.- Secret file paths
deploy/secrets/github-app-id/github-app-private-key— matchdeploy/README.md:185-186. - Slug
fro-bot-agentand install URL — match the default inconfig.ts:331andapp-client.ts:130. /fro-bot add-projectcommand — matchespackages/gateway/src/discord/commands/add-project.ts.assets/github-app-logo-512.pngis a valid 512×512 RGBA PNG; both SVGs are well-formed.- Relative doc links (
./github-app-setup.md,../deploy/README.md) resolve correctly.
Blocking issues
None.
Non-blocking concerns
- Command name drift between docs. These new docs correctly use
/fro-bot add-project(matching the code). However the existingdeploy/README.md:192still refers to it as the/add-projectcommand. Not introduced by this PR, but since this PR establishes/fro-bot add-projectas canonical, a follow-up to aligndeploy/README.mdwould prevent operator confusion. - Public link vs. install link.
github-app.mdpoints users tohttps://github.com/apps/fro-bot-agent(public page) while the gateway default is.../installations/new. This is intentional and correct for the two different audiences (human reader vs. programmatic install prompt) — flagging only so it isn't mistaken for an inconsistency.
Missing tests
None required. This PR adds only static markdown and image assets with no executable behavior, so there is nothing to unit-test. The underlying config/permission invariants the docs describe are already covered by packages/gateway/src/config.test.ts (env var loading, install URL default/override) and the permission check in app-client.ts.
Risk assessment (LOW): No code, config, or runtime behavior changes. Blast radius is limited to documentation and avatar assets. Zero regression and zero security exposure — the docs accurately describe the existing least-privilege (contents: read, no webhook) posture rather than altering it.
Run Summary
| Field | Value |
|---|---|
| Event | pull_request |
| Repository | fro-bot/agent |
| Run ID | 26708723003 |
| Cache | hit |
| Session | ses_182a9dbf1ffe1iqS5vY2j5Mpc9 |
fro-bot
left a comment
fro-bot
left a comment
There was a problem hiding this comment.
Verdict: PASS
Re-reviewed after commit db6f2d6 (which restructured the trailing copy section of docs/github-app.md from "Listing copy" into a labeled "GitHub App settings copy" block). Still docs-and-assets-only — no code paths touched. All factual claims remain accurate against the codebase.
Verification (re-confirmed for the new content):
contents: readclaim — matches the enforced minimum inpackages/gateway/src/github/app-client.ts:59./fro-bot add-project <repo-url>— matchespackages/gateway/src/discord/commands/add-project.ts.- Slug
fro-bot-agent/ install URL — matchconfig.ts:331andapp-client.ts:130. - Homepage URL
https://github.com/fro-bot/agent— correct repo. - Badge background
0D0216— consistent with the Void color used in the logo SVGs (fill="#0D0216"). - Env vars,
*_FILEconvention, and secret paths ingithub-app-setup.md— unchanged and still matchconfig.ts,deploy/compose.yaml:31-32, anddeploy/README.md:185-186. - Both SVGs well-formed;
github-app-logo-512.pngis a valid 512×512 RGBA PNG.
The new "Description" block is correctly labeled as copy-to-paste content and its claims (contents: read, no webhook, no data collected, inert) are consistent with the rest of the doc and the implementation.
Blocking issues
None.
Non-blocking concerns
- Command name drift between docs. These docs use the canonical
/fro-bot add-project(matching the code), butdeploy/README.md:192still calls it/add-project. Pre-existing, not introduced here; a follow-up to aligndeploy/README.mdwould avoid operator confusion. - Public link vs. install link.
github-app.mdlinks the public pagehttps://github.com/apps/fro-bot-agentwhile the gateway default is.../installations/new. Intentional (human vs. programmatic audience) — noted only to pre-empt a false-positive inconsistency flag.
Missing tests
None required. Static markdown and image assets with no executable behavior. The config/permission invariants the docs describe are already covered by packages/gateway/src/config.test.ts and the permission check in app-client.ts.
Risk assessment (LOW): No code, config, or runtime behavior change. Blast radius limited to documentation and avatar assets. Zero regression and zero security exposure — the docs describe the existing least-privilege (contents: read, no webhook) posture rather than altering it.
Run Summary
| Field | Value |
|---|---|
| Event | pull_request |
| Repository | fro-bot/agent |
| Run ID | 26708866947 |
| Cache | hit |
| Session | ses_182a9dbf1ffe1iqS5vY2j5Mpc9 |
2 participants
Adds the in-repo identity deliverables for the Fro Bot Agent GitHub App (issue #703).
Deliverables
docs/github-app.md— public-facing page: what the app does, the exactcontents: readpermission, privacy posture (inert unless paired with a self-hosted gateway; no webhook, no data collected here), install/uninstall steps, and the listing description + tagline.docs/github-app-setup.md— operator runbook: app registration,fro-botownership, and where credentials live (the operator's own gateway env, never committed), linking to the deploy README for secret wiring.assets/github-app-logo.svg(primary),assets/github-app-logo-alt.svg(variant), and a 512×512 PNG export for upload.Docs reference the published slug
fro-bot-agentand the/fro-bot add-projectcommand. Static markdown and assets only — no build tooling.