Random 3am thoughts, ao-coverage
I suppose the simplest way to give it extensively controllable repos is to just provide an endpoint that "locks" an org/repo and assigns the token. I have a feeling that could be easy to lose, though. Also people could "reserve" repos that they don't actually own. Then it's down to the admin of the coverage server.
Maybe the token could be paired with an email address, but that would then require a dependency on an email server.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!