Skip to content

Feature/user lifecycle cli#95

Merged
asiniscalchi merged 12 commits into
mainfrom
feature/user-lifecycle-cli
Jun 11, 2026
Merged

Feature/user lifecycle cli#95
asiniscalchi merged 12 commits into
mainfrom
feature/user-lifecycle-cli

Conversation

@asiniscalchi

Copy link
Copy Markdown
Owner

No description provided.

asiniscalchi and others added 12 commits June 8, 2026 07:43
Introduce an optional bearer token for the shared HTTP listener (MCP and
dashboard) via the FROID_AUTH_TOKEN env var / --auth-token flag. When unset,
the HTTP endpoints remain unauthenticated, preserving current behavior. An
empty token is rejected as a misconfiguration.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add an axum middleware that requires a matching Authorization: Bearer header
on the shared HTTP listener when FROID_AUTH_TOKEN is set, protecting both the
MCP transport and the dashboard with a single layer. Token comparison is
constant-time. When no token is configured, log a warning and leave the
endpoints open, preserving existing behavior.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add an Authentication section, a config-table entry, and an .env.example
placeholder describing the bearer token guarding the MCP and dashboard HTTP
endpoints.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The probe is merged into the router after the bearer-auth layer so
supervisors and container healthchecks can reach it without a token.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
All five rig OpenAI client construction sites now go through a shared
helper that applies the optional base-URL override, so any
OpenAI-compatible endpoint (Ollama, OpenRouter, self-hosted gateways)
can serve the entire pipeline.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
FROID_AUTH_TOKENS maps bearer tokens to Telegram chat ids. The new
middleware resolves the token to a tenant and the listener forwards
/mcp and /api requests to a lazily built, cached router bound to that
user's isolated database, so every user of a shared instance gets their
own MCP endpoint and dashboard view instead of only the first
whitelisted admin.

The /health probe and the static SPA shell (no journal data) are now
served outside the auth layer in all modes, which a browser needs to
load the dashboard before it can present a token.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
POST /api/messages captures an entry from the browser, filed under the
owning user's conversation so it flows through the same extraction,
embedding, and review pipeline as Telegram messages. GET /api/entries
lists recent entries; GET /api/reviews/daily and /api/reviews/weekly
return completed reviews for an optional date range.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
A shared fetch wrapper attaches the bearer token from localStorage and
surfaces 401s as a full-screen token gate, so the dashboard works in a
plain browser without a reverse proxy injecting headers. New Journal
tab captures entries and lists recent ones; new Reviews tab shows
completed daily and weekly reviews.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Each worker domain now runs as a single supervised loop that visits
every tenant database per pass (TenantSweepCycle), instead of spawning
six unsupervised polling loops per tenant at registration time. Worker
count stays constant as users are added, new tenants are picked up on
the next pass, and a panicking worker now surfaces through supervise()
instead of dying silently.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
froid users list shows the per-user journal databases on disk;
froid users delete <chat_id> --yes permanently removes a user's
database and WAL side-files, covering right-to-erasure requests.
This also introduces a proper 'serve' subcommand: the documented
'froid serve' invocation previously failed to parse.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@asiniscalchi asiniscalchi merged commit 846c490 into main Jun 11, 2026
4 checks passed
@asiniscalchi asiniscalchi deleted the feature/user-lifecycle-cli branch June 11, 2026 07:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant