Feature/user lifecycle cli#95
Merged
Merged
Conversation
Introduce an optional bearer token for the shared HTTP listener (MCP and dashboard) via the FROID_AUTH_TOKEN env var / --auth-token flag. When unset, the HTTP endpoints remain unauthenticated, preserving current behavior. An empty token is rejected as a misconfiguration. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add an axum middleware that requires a matching Authorization: Bearer header on the shared HTTP listener when FROID_AUTH_TOKEN is set, protecting both the MCP transport and the dashboard with a single layer. Token comparison is constant-time. When no token is configured, log a warning and leave the endpoints open, preserving existing behavior. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add an Authentication section, a config-table entry, and an .env.example placeholder describing the bearer token guarding the MCP and dashboard HTTP endpoints. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The probe is merged into the router after the bearer-auth layer so supervisors and container healthchecks can reach it without a token. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
All five rig OpenAI client construction sites now go through a shared helper that applies the optional base-URL override, so any OpenAI-compatible endpoint (Ollama, OpenRouter, self-hosted gateways) can serve the entire pipeline. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
FROID_AUTH_TOKENS maps bearer tokens to Telegram chat ids. The new middleware resolves the token to a tenant and the listener forwards /mcp and /api requests to a lazily built, cached router bound to that user's isolated database, so every user of a shared instance gets their own MCP endpoint and dashboard view instead of only the first whitelisted admin. The /health probe and the static SPA shell (no journal data) are now served outside the auth layer in all modes, which a browser needs to load the dashboard before it can present a token. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
POST /api/messages captures an entry from the browser, filed under the owning user's conversation so it flows through the same extraction, embedding, and review pipeline as Telegram messages. GET /api/entries lists recent entries; GET /api/reviews/daily and /api/reviews/weekly return completed reviews for an optional date range. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
A shared fetch wrapper attaches the bearer token from localStorage and surfaces 401s as a full-screen token gate, so the dashboard works in a plain browser without a reverse proxy injecting headers. New Journal tab captures entries and lists recent ones; new Reviews tab shows completed daily and weekly reviews. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Each worker domain now runs as a single supervised loop that visits every tenant database per pass (TenantSweepCycle), instead of spawning six unsupervised polling loops per tenant at registration time. Worker count stays constant as users are added, new tenants are picked up on the next pass, and a panicking worker now surfaces through supervise() instead of dying silently. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
froid users list shows the per-user journal databases on disk; froid users delete <chat_id> --yes permanently removes a user's database and WAL side-files, covering right-to-erasure requests. This also introduces a proper 'serve' subcommand: the documented 'froid serve' invocation previously failed to parse. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.