[Gastown] PR 10.6: Integrations-Based Repo Connection

[jrf0110]

Overview

Allow users to connect rigs to repositories via Kilo's existing integrations system (GitHub App, GitLab OAuth) instead of raw git URLs, enabling automatic token management and repo discovery.

Builds on #385 (Town Configuration) — once integrations are wired, git auth tokens are managed automatically and the manual git_auth config becomes a fallback for repos not covered by an integration.

Part of #204. See plans/gastown-cloud-proposal-d.md § "PR 10.6: Integrations-Based Repo Connection" for the full design.

Key Deliverables

Integration-Aware Rig Creation

When creating a rig, the dialog offers two paths:

1. Integration-based (preferred): If the user has a GitHub App or GitLab OAuth integration active, show a searchable repo picker populated from PlatformRepository[] cached on the integration. Auto-fills git_url, default_branch, and stores platform_integration_id.

2. Manual (fallback): Raw git URL input + manual branch. Requires a token in town config ([Gastown] PR 10.5: Town Configuration — Environment Variables & Settings #385) for private repos.

Automatic Token Lifecycle

When the Rig DO dispatches an agent:

1. Check if the rig has a platform_integration_id
2. If yes:
   • GitHub: Call generateGitHubInstallationToken(installationId, appType) to mint a short-lived token (1hr). Pass to container as GIT_TOKEN.
   • GitLab: Call getValidGitLabToken(integration) to get/refresh OAuth token. Pass to container as GIT_TOKEN.
3. If no: Fall back to town-level git_auth config from [Gastown] PR 10.5: Town Configuration — Environment Variables & Settings #385.
4. Container control server periodically refreshes tokens via gastown worker API (tokens expire).

Schema Changes

ALTER TABLE gastown_rigs ADD COLUMN platform_integration_id UUID
  REFERENCES platform_integrations(id);

Worker Changes

New internal endpoint:

POST /api/internal/rigs/:rigId/git-token

Called by the container when it needs a fresh git token. The worker reads the rig's integration, mints/refreshes a token via existing helpers (generateGitHubInstallationToken, getValidGitLabToken), returns { token, expires_at }.

Dashboard Changes

• Create Rig dialog: Integration-aware repo picker (reuse existing RepositorySelector pattern from Cloud Agent). Falls back to manual URL.
• Rig settings: Show connected integration, "Reconnect" option.
• Town settings: "Connect Integration" link → /integrations if none exists.

Dependencies

• [Gastown] PR 10.5: Town Configuration — Environment Variables & Settings #385 (Town Configuration) — provides the fallback manual token path
• Existing platform_integrations table and helpers (getGitHubTokenForUser/Organization, getGitLabTokenForUser/Organization, generateGitHubInstallationToken, getValidGitLabToken)

Acceptance Criteria

• gastown_rigs table has platform_integration_id FK (Postgres + Rig DO SQLite)
• Create Rig dialog shows integration-based repo picker when integrations are available
• Selecting a repo auto-fills git URL, default branch, and stores integration reference
• Rig DO dispatch path mints GitHub/GitLab tokens automatically when integration is linked
• Container refreshes tokens before expiry via /api/internal/rigs/:rigId/git-token
• Falls back to manual town-level git_auth config when no integration is linked
• Manual git URL fallback still works for create rig
• Rig settings page shows connected integration status

Future Enhancement (Not In Scope)

Webhook-driven bead creation: GitHub issue → Gastown bead, external PR merge → bead status update. The platform_integration_id FK enables this but the webhook routing is deferred.

[jrf0110]

Implemented in PR #389 (Phase 2). Integrations-based repo connection with RepositoryCombobox, platform_integration_id on rigs, self-hosted GitLab support.