Skip to main content

Summary

Four major capability blocks were completed for Casa Devarno. The family hub can now ingest data from all 19 GitHub organisations automatically, enforce granular access control per org and repo, track workforce members, and the public-facing content (landing page, Atlas docs, SO1 blog) has been significantly expanded.

What this means for the business

GitHub visibility across the entire empire

A GitHub App now connects to all 19 organisations. Every 6 hours, a scheduled job discovers organisations, paginates all repositories and members, and stores the data locally. Real-time webhook events (pushes, PRs, CI results, releases) flow in continuously. The database now holds a complete inventory of every repo, its language, CI status, last activity, and security alert counts — across all 340+ repositories. This eliminates the “which org has that repo?” problem and enables the upcoming insights dashboard (TASKSET 6).

Three-layer access control

Access is now enforced at three levels:
  1. Platform — admin/member/child roles (unchanged, governs the family hub itself)
  2. Organisation — owner/admin/member/viewer roles per GitHub org (who can see which org’s data)
  3. Repository — read/write/maintain/admin grants per repo (fine-grained, supports temporary access with auto-expiry)
Dev4rno has irrevocable superadmin access across everything — enforced in code, not a database flag that could be accidentally changed.

Workforce registry

A new workforce table tracks team members across the empire — core family, contractors, advisors, and alumni. Each person links to their platform account and GitHub identity. This supports future onboarding automation and access reviews.

Content expansion

  • Landing page: New “Factory Floor” section showcases the 36-domain portfolio with interactive category tabs (Choco, Chronicle, Null0, Family, Product). Two new orgs added to the registry (Choco and Cookr).
  • Atlas docs: New Choco tab with 5 pages covering the documentation platform. Chronicle tab expanded from 6 to 9 pages with collaboration, custom schemas, and audit trail guides. Full 36-domain strategy page.
  • Blog: 4 new published posts including “The Factory Floor: Building a Software Empire from One Desk” — the narrative anchor for the Wonka factory identity.

Roadmap ahead

TASKSETs 6-8 are planned and ready for authorisation:
  • TASKSET 6: Insights dashboard — charts for GitHub metrics, domain health, workforce, and cross-org activity
  • TASKSET 7: Governance policies — automated detection of stale repos, security alert thresholds, missing descriptions
  • TASKSET 8: Activity feed — unified timeline merging GitHub events, milestones, domain alerts, and admin actions
Beyond that, 10 post-completion blocks are scoped (35 issues total) covering integration hardening, notification pipelines, CI/CD intelligence, security posture tracking, and mobile/PWA support.

Action items

  1. Create the GitHub App on GitHub.com using family-hub/github-app.yml as the manifest, install on all 19 orgs
  2. Set environment variables: GITHUB_APP_ID, GITHUB_APP_PRIVATE_KEY, GITHUB_WEBHOOK_SECRET, SUPERADMIN_USER_ID
  3. Run migrations: 0002_high_namor.sql, 0003_goofy_hydra.sql, 0004_fat_maria_hill.sql (7 new tables total)
  4. Trigger initial sync: POST /api/cron/github-sync with CRON_SECRET to populate org/repo/member data
  5. Schedule cron: Configure external cron (Vercel Cron or QStash) to call /api/cron/github-sync every 6 hours
  6. Authorise TASKSET 6 to build the insights dashboard that surfaces all this data
See also: Technical findings