feat(control-panel): add authenticated maintainer settings update end…

[enjoyandlove]

Summary

• Add POST /v1/app/repos/:owner/:repo/settings — an authenticated maintainer-facing endpoint for updating repository automation settings (public surface mode, label name, check mode, linked issue policy, maintainer-author inclusion, etc.).
• Enforce role-based authorization: requires maintainer, owner, or operator role; session users are additionally scoped to repos they have evidence for (requireSessionRepoAccess).
• Record a settings.updated audit event on every successful change (actor, target repo, key fields changed).
• Response is the plain RepositorySettings type — no private scoring context, wallet, hotkey, or compensation language.

Scope

• This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
• This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
• I linked an issue, or this is small enough that the summary explains why an issue is not needed.

Closes #130.

Validation

• git diff --check
• npm run actionlint
• npm run typecheck
• npm run test:coverage locally; global coverage stays at or above 97% for lines, statements, functions, and branches (aim for 98%+ branch coverage locally so CI variance does not fail near the threshold)
• npm run test:workers
• npm run build:mcp
• npm run test:mcp-pack
• npm run ui:openapi:check
• npm run ui:lint
• npm run ui:typecheck
• npm run ui:build
• npm audit --audit-level=moderate
• New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

• test:workers, build:mcp, test:mcp-pack, ui:lint, ui:typecheck, ui:build, npm audit — not run locally; no MCP, worker, or UI code was changed.

Safety

• No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
• Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
• Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests.
• API/OpenAPI/MCP behavior is updated and tested where needed.
• UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks.
• Visible UI changes include screenshots or a short recording.
• Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs.

UI and docs checkboxes are not applicable — this is a backend-only change.

Notes

• The endpoint lives under /v1/app/ so browser sessions can reach it (the general auth middleware only allows sessions on /v1/app/* paths).
• Static API token callers (operator) bypass the repo-scope check, matching the existing pattern for all other /v1/app/* operator routes.
• 8 integration tests cover: operator success + audit trail, maintainer session (PR-association evidence), non-maintainer → insufficient_role, out-of-scope repo → forbidden_repo, unauthenticated → 401, invalid body → 400, private-language boundary, owner-installation session.

[gittensory]

Important

Gittensory found maintainer review notes

Scoped related-work signals were found for this PR. They are advisory unless the gate reports a blocker.

Readiness score: 75/100

Signal	Result	Evidence	Action
Linked issue	✅ Linked	#130	No action.
Related work	⚠️ 3 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.	Review top overlaps.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels; size label size:M.	Add scope summary.
Validation evidence	✅ 25/25	PR body includes validation/test evidence.	No action.
Open PR queue	❌ 3/10	20 open PR(s), 14 likely reviewable.	Expect slower review.
Contributor context	✅ Confirmed Gittensor contributor	enjoyandlove; Gittensor profile; 33 PR(s), 15 issue(s).	No action.
Gate result	✅ Passing	No configured blocker found.	No action.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

Review context

• Author: enjoyandlove
• Role context: outside_contributor
• Public audience mode: oss maintainer
• Lane context: Repository is configured for direct PR review.
• Public profile languages: JavaScript, TypeScript, Python, Solidity, Rust, Vue, Clojure, Dart
• Official Gittensor activity: 33 PR(s), 15 issue(s).
• Related work: Items reference the same linked issue feat(control-panel): add maintainer control panel #130. (issue #130)
• Related work: Open PR work references issue feat(control-panel): add maintainer control panel #130. (issue #130)
• Related work: Titles/paths share 7 meaningful terms. (PR #350)
• Additional title-only matches omitted; title-only overlap does not block.

Maintainer notes

• Possible duplicate or overlapping work: 87 related open work cluster(s) were detected.

Contributor next steps

• Review top overlaps.
• Add scope summary.
• Expect slower review.
• Check active issues and PRs before submitting.

• Re-run Gittensory review

---

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers. Learn more about Gittensor contribution workflows.