It would be helpful to specify in the config certain scopes that a user is granting access to. Use case:

• Deployed instance of Prose + Gatekeeper only want enable people to edit their organization's repos

Perhaps this filtering is already possible somehow I'm just unaware...

It is possible!

In step #1 of OAuth Steps https://github.com/prose/gatekeeper#oauth-steps add query parameters like you do for client_id you just also add scope like... scope=user%20repo would give you user and repo scopes.

For example:

https://github.com/login/oauth/authorize?client_id=123abc456defg789hij&scope=repo%20user%20admin:org