Code

Code App Market

Publish, share, install, and manage Cuitty Code Apps.

The Code App Market is the browser surface for discovering, installing, and managing Cuitty Code Apps. It uses the Cuitty Git API and the same owners, organizations, slugs, visibility semantics, and SpiceDB relationships as repositories and registry packages.

Required services

Environment variables

PUBLIC_API_URL=http://localhost:4351
PUBLIC_CUITTY_AUTH_URL=http://localhost:7705
AUTH_ISSUER=http://localhost:7705
AUTH_CLIENT_ID=cuitty-git
SPICEDB_ENDPOINT=http://localhost:50051
SPICEDB_PRESHARED_KEY=dev-secret
AIRFLOW_URL=http://localhost:8080
CUITTY_APP_EXECUTION_MODE=airflow

Routes

Permissions model

Apps can be public, private, or organization-visible. Public discovery does not automatically mean public install; app owners can still restrict who may install an app. Private and organization-visible apps should return not found to unauthorized users when hiding existence is required.

Operators should verify that market search, detail, install, and settings routes all use the same authorization policy.

Common workflows

  1. Publish a listing from a repository release and .cuitty/app.toml manifest.
  2. Show README or manifest docs from the configured docs path.
  3. Review requested permissions before installation.
  4. Install to the selected user, organization, repository, registry namespace, or package.
  5. Manage versions, metadata, and visibility from the listing settings page.

Failure modes and recovery

E2E checks

From the tests directory in the Cuitty Git repository:

bun run test:e2e:apps-registry -- --project=chromium
bun run test:e2e:apps-registry:headed

The mocked specs set local browser auth state and intercept API responses by API path, so both direct API calls on http://localhost:4351/api/v1/... and proxied frontend calls on http://localhost:4350/api/v1/... are covered.