{"ok":true,"phase":"v17.9 Phase 199","service":"GitHub Connector Blueprint","github":{"system":"OmegaCrownAI GitHub Connector Blueprint","phase":"v17.9 Phase 199","status":"github_connector_blueprint_ready","purpose":"Define the first governed development connector for GitHub repository reading, issue review, branch planning, PR draft preparation, release-note drafting, audit trail, and permission-gated safety.","corePrinciple":"GitHub connector actions should begin read-only and draft-only. Direct merges, pushes, releases, deployments, or destructive repo actions require explicit approval, audit, and rollback context.","manifest":{"connectorId":"github","name":"GitHub","category":"development","version":"0.1.0","authType":"oauth","permissionsRequested":["connector_read","connector_write_draft"],"riskLevel":"medium","actions":[{"actionId":"github.read_repository","name":"Read repository metadata","inputSchema":"owner, repo","outputSchema":"repository metadata, default branch, latest commit summary","approvalGate":"read_only","auditRequired":true},{"actionId":"github.read_issues","name":"Read GitHub issues","inputSchema":"owner, repo, labels, state","outputSchema":"issue list with ids, titles, states, labels","approvalGate":"read_only","auditRequired":true},{"actionId":"github.prepare_branch","name":"Prepare branch plan","inputSchema":"owner, repo, baseBranch, branchName, purpose","outputSchema":"branch plan and safety checklist","approvalGate":"workspace_write","auditRequired":true},{"actionId":"github.prepare_pull_request","name":"Prepare pull request draft","inputSchema":"owner, repo, branch, title, body, changedFiles","outputSchema":"pull request draft metadata","approvalGate":"workspace_write","auditRequired":true},{"actionId":"github.prepare_release_notes","name":"Prepare release notes draft","inputSchema":"owner, repo, commits, milestone, version","outputSchema":"release notes draft","approvalGate":"workspace_write","auditRequired":true}],"healthcheck":"Verify GitHub OAuth scopes, repository access, rate limit, and API availability.","disconnectPolicy":"Revoke OAuth token and remove cached repository metadata.","dataRetentionPolicy":"Store only minimal issue, PR, branch, and release metadata required for workflow review."},"validation":{"ok":true,"manifest":{"connectorId":"github","name":"GitHub","category":"development","version":"0.1.0","authType":"oauth","permissionsRequested":["connector_read","connector_write_draft"],"riskLevel":"medium","actions":[{"actionId":"github.read_repository","name":"Read repository metadata","inputSchema":"owner, repo","outputSchema":"repository metadata, default branch, latest commit summary","approvalGate":"read_only","auditRequired":true},{"actionId":"github.read_issues","name":"Read GitHub issues","inputSchema":"owner, repo, labels, state","outputSchema":"issue list with ids, titles, states, labels","approvalGate":"read_only","auditRequired":true},{"actionId":"github.prepare_branch","name":"Prepare branch plan","inputSchema":"owner, repo, baseBranch, branchName, purpose","outputSchema":"branch plan and safety checklist","approvalGate":"workspace_write","auditRequired":true},{"actionId":"github.prepare_pull_request","name":"Prepare pull request draft","inputSchema":"owner, repo, branch, title, body, changedFiles","outputSchema":"pull request draft metadata","approvalGate":"workspace_write","auditRequired":true},{"actionId":"github.prepare_release_notes","name":"Prepare release notes draft","inputSchema":"owner, repo, commits, milestone, version","outputSchema":"release notes draft","approvalGate":"workspace_write","auditRequired":true}],"healthcheck":"Verify GitHub OAuth scopes, repository access, rate limit, and API availability.","disconnectPolicy":"Revoke OAuth token and remove cached repository metadata.","dataRetentionPolicy":"Store only minimal issue, PR, branch, and release metadata required for workflow review."},"errors":[],"warnings":[],"score":100,"allowedCategories":["communication","crm_sales","storage_files","development","payments_billing","marketing_distribution","model_compute","automation_webhooks"],"allowedPermissions":["connector_read","connector_write_draft","connector_external_write","connector_financial_action","connector_secret_management"],"allowedAuthTypes":["oauth","api_key","service_account","webhook_secret","local"],"allowedApprovalGates":["read_only","artifact_generation","workspace_write","external_write","blocked_by_default"],"credentialSafetyChecks":["Never commit API keys, OAuth tokens, webhooks secrets, passwords, or private credentials.","Use scoped OAuth permissions where possible.","Use least-privilege API keys.","Use server-side environment variables or secret manager only.","Do not expose secrets in generated artifacts, logs, screenshots, JSON responses, or client-side code.","Support credential revocation and connector disconnect flow.","Audit connector install, use, failure, and disconnect events."],"requiredPolicy":"Connector manifests must pass validation before install, execution, external write, marketplace approval, or customer-visible activation."},"supportedWorkflows":["Read repository metadata","Read issues and labels","Prepare branch plan","Prepare pull request draft","Prepare release notes draft","Record audit trail for every connector action","Block direct merge/push/deploy actions by default"],"blockedByDefaultGitHubActions":["Direct push to main","Merge pull request","Delete branch","Delete repository","Create production release","Deploy production environment","Change repository secrets","Change protected branch rules"],"permissionGateExamples":{"readDecision":{"ok":true,"decision":"allow","connectorId":"github","actionId":"github.read_issues","permission":"connector_read","requestedGate":"read_only","riskLevel":"low","userApproved":false,"hasAuditContext":true,"reasons":["Permission gate passed with current scope."],"requirements":[],"auditRecordPreview":{"connectorId":"github","actionId":"github.read_issues","permission":"connector_read","requestedGate":"read_only","riskLevel":"low","decision":"allow","approvalRequired":false,"blocked":false,"auditRequired":true}},"draftDecision":{"ok":true,"decision":"allow","connectorId":"github","actionId":"github.prepare_pull_request","permission":"connector_write_draft","requestedGate":"workspace_write","riskLevel":"medium","userApproved":false,"hasAuditContext":true,"reasons":["Permission gate passed with current scope."],"requirements":[],"auditRecordPreview":{"connectorId":"github","actionId":"github.prepare_pull_request","permission":"connector_write_draft","requestedGate":"workspace_write","riskLevel":"medium","decision":"allow","approvalRequired":false,"blocked":false,"auditRequired":true}},"unsafeWriteDecision":{"ok":false,"decision":"require_approval","connectorId":"github","actionId":"github.merge_pull_request","permission":"connector_external_write","requestedGate":"external_write","riskLevel":"high","userApproved":false,"hasAuditContext":true,"reasons":["External write requires explicit approval.","High-risk connector action requires approval."],"requirements":["User/admin approval required.","Approval gate must be completed before execution."],"auditRecordPreview":{"connectorId":"github","actionId":"github.merge_pull_request","permission":"connector_external_write","requestedGate":"external_write","riskLevel":"high","decision":"require_approval","approvalRequired":true,"blocked":false,"auditRequired":true}}},"auditRecords":{"readRepository":{"auditId":"audit_github_github_read_repository_connector_read","phase":"v17.8 Phase 198","service":"Connector Audit Trail Integration","actor":"admin","role":"Admin","connectorId":"github","actionId":"github.read_repository","permission":"connector_read","requestedGate":"read_only","riskLevel":"low","decision":"allow","ok":true,"approvalRequired":false,"blocked":false,"userApproved":false,"hasAuditContext":true,"inputHash":"input_hash_placeholder","outputHash":"output_hash_placeholder","rollbackAvailable":true,"rollbackNote":"Read-only action; rollback not required.","reasons":["Permission gate passed with current scope."],"requirements":[],"evidence":["permission gate decision","connector id","action id","permission used","requested approval gate","risk level","approval status","audit context status"],"timestamp":"2026-06-02T01:13:25.750Z"},"preparePullRequest":{"auditId":"audit_github_github_prepare_pull_request_connector_write_draft","phase":"v17.8 Phase 198","service":"Connector Audit Trail Integration","actor":"admin","role":"Builder Agent","connectorId":"github","actionId":"github.prepare_pull_request","permission":"connector_write_draft","requestedGate":"workspace_write","riskLevel":"medium","decision":"allow","ok":true,"approvalRequired":false,"blocked":false,"userApproved":false,"hasAuditContext":true,"inputHash":"input_hash_placeholder","outputHash":"output_hash_placeholder","rollbackAvailable":true,"rollbackNote":"Draft-only PR preparation; no merge or direct production write.","reasons":["Permission gate passed with current scope."],"requirements":[],"evidence":["permission gate decision","connector id","action id","permission used","requested approval gate","risk level","approval status","audit context status"],"timestamp":"2026-06-02T01:13:25.750Z"},"blockedMerge":{"auditId":"audit_github_github_merge_pull_request_connector_external_write","phase":"v17.8 Phase 198","service":"Connector Audit Trail Integration","actor":"admin","role":"Owner","connectorId":"github","actionId":"github.merge_pull_request","permission":"connector_external_write","requestedGate":"external_write","riskLevel":"high","decision":"require_approval","ok":false,"approvalRequired":true,"blocked":false,"userApproved":false,"hasAuditContext":true,"inputHash":"input_hash_placeholder","outputHash":"output_hash_placeholder","rollbackAvailable":true,"rollbackNote":"Merge/push actions require explicit owner approval and rollback plan.","reasons":["External write requires explicit approval.","High-risk connector action requires approval."],"requirements":["User/admin approval required.","Approval gate must be completed before execution."],"evidence":["permission gate decision","connector id","action id","permission used","requested approval gate","risk level","approval status","audit context status"],"timestamp":"2026-06-02T01:13:25.750Z"}},"requiredScopes":[{"scope":"repo:read","reason":"Read repository metadata, issues, branches, and PR information."},{"scope":"pull_request:draft","reason":"Prepare PR drafts or metadata without merging."},{"scope":"repo:write","reason":"High-risk future scope; blocked by default until owner approval."}],"installReviewChecklist":["Confirm GitHub connector identity.","Confirm OAuth scopes are least-privilege.","Confirm repository access is limited to selected repos.","Confirm actions are read/draft by default.","Confirm direct push/merge/release/deploy actions are blocked by default.","Confirm audit trail records are created for every action.","Confirm disconnect policy revokes OAuth token.","Confirm no GitHub tokens are exposed in logs, UI, commits, or artifacts."],"nextImplementationSteps":["GitHub OAuth configuration","Repository selector UI","Issue reader action","Pull request draft action","Connector action audit persistence","Owner approval gate for write actions"]}}