Skip to content

feat!: add bot accounts and bot API tokens#996

Draft
hmans wants to merge 4 commits into
mainfrom
hmans/bot-accounts-api-tokens
Draft

feat!: add bot accounts and bot API tokens#996
hmans wants to merge 4 commits into
mainfrom
hmans/bot-accounts-api-tokens

Conversation

@hmans

@hmans hmans commented Jun 18, 2026

Copy link
Copy Markdown
Contributor
  • Adds bot accounts as first-class users with owner links, bot badges, permission gates, deletion cascade, and bot-only API-token auth.
  • Adds named bot token management with creator-selected fixed expiry, revocation metadata, max-TTL config, GraphQL/API auth integration, and admin UI.
  • Updates generated GraphQL/protobuf/frontend types plus FDR-028, ADR-041, glossary, architecture, and docs-site security/permissions/env-var pages.
  • Checks: go test ./internal/core ./internal/graph ./internal/http_server -tags test_endpoints, pnpm check, pnpm test:unit -- --run.

Fixes #266.

hmans added 4 commits June 8, 2026 14:21
…i-tokens

* origin/main:
  chore: use isolated chrome-devtools-mcp
  feat(moderation): add channel room bans (#777)
  fix: refresh expiring attachment asset URLs (#779)
  chore(main): release 0.1.0-alpha.3 (#721)
  test(frontend): cover service worker shell in e2e (#774)
  feat(auth): use OTP codes for email verification (#771)
  refactor(graphql)!: consolidate list field shapes (#770)
  chore: pr-checklist skill
  chore: AGENTS.md
  feat(frontend): polish service worker shell caching (#773)
  fix(frontend): keep failed server icons visible (#772)
  refactor(graphql): clean up release API shape (#769)

# Conflicts:
#	cli/internal/graph/generated.go
#	cli/internal/graph/model/models_gen.go
#	docs-website/src/content/docs/guides/security.mdx
#	docs/fdr/INDEX.md
#	frontend/src/lib/gql/graphql.ts
…i-tokens

* origin/main: (72 commits)
  fix(frontend): stabilize presence display (#850)
  refactor: tidy core service and projection boundaries (#848)
  refactor(frontend): restore admin gear navigation (#849)
  feat: add durable LiveKit call events and E2EE (#835)
  feat: allow editing thread reply channel echoes (#847)
  feat(frontend): find server users in cmd-k (#844)
  fix(frontend): auto-paginate admin members (#846)
  refactor: tidy core projection infrastructure (#845)
  chore: update AGENTS.md
  docs: add event sourcing skill (#843)
  chore: update PR checklist skill
  refactor: move message assets to asset aggregates (#838)
  fix: validate cookie encryption secret early (#842)
  docs: refresh architecture inventory (#841)
  refactor(frontend): consolidate user settings (#840)
  fix: refine conversation start marker UX (#839)
  perf(threads): paginate My Threads (#837)
  fix: attribute RBAC audit events to actors (#834)
  fix(frontend): paginate room member sidebar (#833)
  chore: AGENTS.md
  ...

# Conflicts:
#	cli/internal/config/config.go
#	cli/internal/core/can.go
#	cli/internal/graph/generated.go
#	cli/internal/graph/model/models_gen.go
#	cli/internal/pb/chatto/core/v1/models.pb.go
#	docs/ARCHITECTURE.md
#	docs/adr/INDEX.md
#	docs/fdr/FDR-001-roles-and-permissions.md
#	frontend/src/lib/components/chat/Chrome.svelte
#	frontend/src/lib/gql/gql.ts
#	frontend/src/lib/gql/graphql.ts
#	frontend/src/lib/state/server/store.svelte.ts
#	frontend/src/routes/chat/[serverId]/server-admin/members/+page.svelte
…i-tokens

* origin/main: (129 commits)
  fix(graphql): enforce room move group permissions (#987)
  test(cli): speed up Go test suite (#984)
  chore(main): release 0.3.1 (#977)
  fix(frontend): tighten mobile message action sheet (#981)
  fix: correct push notification deep links (#982)
  fix(frontend): echo local room posts after send (#980)
  fix(frontend): remove server name from room header (#979)
  feat: quote selected text when replying (#978)
  fix(frontend): add embed frame vertical spacing (#976)
  chore(main): release 0.3.0 (#965)
  feat: add simple and rich composer modes (#974)
  fix: tighten sidebar item spacing (#975)
  fix(frontend): improve blockquote styling (#973)
  fix(frontend): route room badges from scoped notifications (#972)
  feat: simplify web push opt-in (#971)
  feat: improve linked message previews (#970)
  feat(messages): add copy link menu action (#969)
  fix(composer): preserve trailing hashes in headings (#967)
  fix(frontend): align chat control border radii (#968)
  feat: gate message attachments with message.attach (#966)
  ...

# Conflicts:
#	cli/cmd/reset.go
#	cli/cmd/run.go
#	cli/internal/config/config.go
#	cli/internal/core/can.go
#	cli/internal/core/permission.go
#	cli/internal/graph/generated.go
#	cli/internal/graph/model/models_gen.go
#	cli/internal/pb/chatto/core/v1/models.pb.go
#	cli/internal/pb/chatto/core/v1/user_events.pb.go
#	docs-website/src/content/docs/guides/permissions.mdx
#	docs-website/src/content/docs/reference/environment-variables.mdx
#	docs-website/src/content/docs/reference/roadmap.mdx
#	docs/ARCHITECTURE.md
#	docs/adr/INDEX.md
#	docs/fdr/FDR-001-roles-and-permissions.md
#	docs/fdr/FDR-018-account-lifecycle.md
#	docs/fdr/FDR-023-authentication-and-sessions.md
#	frontend/src/lib/components/UserAvatar.svelte
#	frontend/src/lib/gql/gql.ts
#	frontend/src/lib/gql/graphql.ts
#	frontend/src/lib/types/core.ts
#	proto/chatto/core/v1/models.proto
@hmans hmans marked this pull request as draft June 18, 2026 19:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bot accounts & dedicated bot API tokens

1 participant