ScuttleBot

merge main into feature/116-web-ui-enhancements Resolved conflicts in policies.go, config.go, topology.go — kept both sets of features: Modes/ROETemplates from main, OnJoinMessages from this branch. Added missing ROETemplates and OnJoinMessages merge logic to PolicyStore.applyRaw and PolicyStore.Merge.

lmata 2026-04-05 16:32 trunk merge

Commit 40aafc8e4c6a00b1d9ae6dee85e5e66856ba0e2392b2290dd5806771de829841

Parent 5de1db0dd7c6f91…

35 files changed +30 -7 +20 +99 +3 -1 +2 -1 +125 +11 -3 +5 -2 +3 -1 +3 -1 +3 -2 +3 -2 +2 -1 +7 -5 +2 -2 +38 -2 +25 +25 +76 -60 +300 -10 +300 -10 +288 +27 -4 +27 -4 +6 +6 +3 -1 +7 +9 -8 +8 -1 +10 +62 -11 +62 -11 +7 +8 -1

~ cmd/scuttlebot/main.go ~ cmd/scuttlectl/internal/apiclient/apiclient.go ~ cmd/scuttlectl/main.go ~ deploy/compose/ergo/ircd.yaml.tmpl ~ internal/api/api_test.go ~ internal/api/apikeys.go ~ internal/api/channels_topology.go ~ internal/api/channels_topology_test.go ~ internal/api/chat.go ~ internal/api/chat.go ~ internal/api/chat_test.go ~ internal/api/chat_test.go ~ internal/api/config_handlers_test.go ~ internal/api/login.go ~ internal/api/login_test.go ~ internal/api/middleware.go ~ internal/api/policies.go ~ internal/api/policies.go ~ internal/api/server.go ~ internal/api/ui/index.html ~ internal/api/ui/index.html ~ internal/auth/apikeys.go ~ internal/bots/bridge/bridge.go ~ internal/bots/bridge/bridge.go ~ internal/config/config.go ~ internal/config/config.go ~ internal/ergo/ircdconfig.go ~ internal/ergo/manager.go ~ internal/mcp/mcp.go ~ internal/mcp/mcp_test.go ~ internal/topology/policy.go ~ internal/topology/topology.go ~ internal/topology/topology.go ~ pkg/ircagent/ircagent.go ~ pkg/sessionrelay/irc.go

M cmd/scuttlebot/main.go

+30 -7

		--- cmd/scuttlebot/main.go
		+++ cmd/scuttlebot/main.go
		@@ -138,18 +138,31 @@
138	138	} else if err := reg.SetDataPath(filepath.Join(cfg.Ergo.DataDir, "registry.json")); err != nil {
139	139	log.Error("registry load", "err", err)
140	140	os.Exit(1)
141	141	}
142	142
143		- // Shared API token — persisted so the UI token survives restarts.
144		- apiToken, err := loadOrCreateToken(filepath.Join(cfg.Ergo.DataDir, "api_token"))
	143	+ // API key store — per-consumer tokens with scoped permissions.
	144	+ apiKeyStore, err := auth.NewAPIKeyStore(filepath.Join(cfg.Ergo.DataDir, "api_keys.json"))
145	145	if err != nil {
146		- log.Error("api token", "err", err)
	146	+ log.Error("api key store", "err", err)
147	147	os.Exit(1)
148	148	}
149		- log.Info("api token", "token", apiToken) // printed on every startup
150		- tokens := []string{apiToken}
	149	+ // Migrate legacy api_token into key store on first run.
	150	+ if apiKeyStore.IsEmpty() {
	151	+ apiToken, err := loadOrCreateToken(filepath.Join(cfg.Ergo.DataDir, "api_token"))
	152	+ if err != nil {
	153	+ log.Error("api token", "err", err)
	154	+ os.Exit(1)
	155	+ }
	156	+ if _, err := apiKeyStore.Insert("server", apiToken, []auth.Scope{auth.ScopeAdmin}); err != nil {
	157	+ log.Error("migrate api token to key store", "err", err)
	158	+ os.Exit(1)
	159	+ }
	160	+ log.Info("migrated api_token to api_keys.json", "token", apiToken)
	161	+ } else {
	162	+ log.Info("api key store loaded", "keys", len(apiKeyStore.List()))
	163	+ }
151	164
152	165	// Start bridge bot (powers the web chat UI).
153	166	var bridgeBot *bridge.Bot
154	167	if cfg.Bridge.Enabled {
155	168	if cfg.Bridge.Password == "" {
		@@ -204,10 +217,11 @@
204	217	Name: sc.Name,
205	218	Topic: sc.Topic,
206	219	Ops: sc.Ops,
207	220	Voice: sc.Voice,
208	221	Autojoin: sc.Autojoin,
	222	+ Modes: sc.Modes,
209	223	})
210	224	}
211	225	if err := topoMgr.Provision(staticChannels); err != nil {
212	226	log.Error("topology provision failed", "err", err)
213	227	}
		@@ -328,19 +342,28 @@
328	342	staticChannels := make([]topology.ChannelConfig, 0, len(updated.Topology.Channels))
329	343	for _, sc := range updated.Topology.Channels {
330	344	staticChannels = append(staticChannels, topology.ChannelConfig{
331	345	Name: sc.Name, Topic: sc.Topic,
332	346	Ops: sc.Ops, Voice: sc.Voice, Autojoin: sc.Autojoin,
	347	+ Modes: sc.Modes,
333	348	})
334	349	}
335	350	if err := topoMgr.Provision(staticChannels); err != nil {
336	351	log.Error("topology hot-reload failed", "err", err)
337	352	}
338	353	}
339	354	// Hot-reload bridge web TTL.
340	355	if bridgeBot != nil {
341	356	bridgeBot.SetWebUserTTL(time.Duration(updated.Bridge.WebUserTTLMinutes) * time.Minute)
	357	+ }
	358	+ // Regenerate ircd.yaml and rehash Ergo on config changes.
	359	+ if ergoMgr != nil {
	360	+ if err := ergoMgr.UpdateConfig(updated.Ergo); err != nil {
	361	+ log.Error("ergo config hot-reload failed", "err", err)
	362	+ } else {
	363	+ log.Info("ergo config reloaded")
	364	+ }
342	365	}
343	366	})
344	367
345	368	// Start HTTP REST API server.
346	369	var llmCfg *config.LLMConfig
		@@ -352,11 +375,11 @@
352	375	// non-nil (Go nil interface trap) and causes panics in setAgentModes.
353	376	var topoIface api.TopologyManager
354	377	if topoMgr != nil {
355	378	topoIface = topoMgr
356	379	}
357		- apiSrv := api.New(reg, tokens, bridgeBot, policyStore, adminStore, llmCfg, topoIface, cfgStore, cfg.TLS.Domain, log)
	380	+ apiSrv := api.New(reg, apiKeyStore, bridgeBot, policyStore, adminStore, llmCfg, topoIface, cfgStore, cfg.TLS.Domain, log)
358	381	handler := apiSrv.Handler()
359	382
360	383	var httpServer, tlsServer *http.Server
361	384
362	385	if cfg.TLS.Domain != "" {
		@@ -418,11 +441,11 @@
418	441	}
419	442	}()
420	443	}
421	444
422	445	// Start MCP server.
423		- mcpSrv := mcp.New(reg, &ergoChannelLister{ergoMgr.API()}, tokens, log)
	446	+ mcpSrv := mcp.New(reg, &ergoChannelLister{ergoMgr.API()}, apiKeyStore, log)
424	447	mcpServer := &http.Server{
425	448	Addr: cfg.MCPAddr,
426	449	Handler: mcpSrv.Handler(),
427	450	}
428	451	go func() {
429	452

	--- cmd/scuttlebot/main.go
	+++ cmd/scuttlebot/main.go
	@@ -138,18 +138,31 @@
138	} else if err := reg.SetDataPath(filepath.Join(cfg.Ergo.DataDir, "registry.json")); err != nil {
139	log.Error("registry load", "err", err)
140	os.Exit(1)
141	}
142
143	// Shared API token — persisted so the UI token survives restarts.
144	apiToken, err := loadOrCreateToken(filepath.Join(cfg.Ergo.DataDir, "api_token"))
145	if err != nil {
146	log.Error("api token", "err", err)
147	os.Exit(1)
148	}
149	log.Info("api token", "token", apiToken) // printed on every startup
150	tokens := []string{apiToken}













151
152	// Start bridge bot (powers the web chat UI).
153	var bridgeBot *bridge.Bot
154	if cfg.Bridge.Enabled {
155	if cfg.Bridge.Password == "" {
	@@ -204,10 +217,11 @@
204	Name: sc.Name,
205	Topic: sc.Topic,
206	Ops: sc.Ops,
207	Voice: sc.Voice,
208	Autojoin: sc.Autojoin,

209	})
210	}
211	if err := topoMgr.Provision(staticChannels); err != nil {
212	log.Error("topology provision failed", "err", err)
213	}
	@@ -328,19 +342,28 @@
328	staticChannels := make([]topology.ChannelConfig, 0, len(updated.Topology.Channels))
329	for _, sc := range updated.Topology.Channels {
330	staticChannels = append(staticChannels, topology.ChannelConfig{
331	Name: sc.Name, Topic: sc.Topic,
332	Ops: sc.Ops, Voice: sc.Voice, Autojoin: sc.Autojoin,

333	})
334	}
335	if err := topoMgr.Provision(staticChannels); err != nil {
336	log.Error("topology hot-reload failed", "err", err)
337	}
338	}
339	// Hot-reload bridge web TTL.
340	if bridgeBot != nil {
341	bridgeBot.SetWebUserTTL(time.Duration(updated.Bridge.WebUserTTLMinutes) * time.Minute)








342	}
343	})
344
345	// Start HTTP REST API server.
346	var llmCfg *config.LLMConfig
	@@ -352,11 +375,11 @@
352	// non-nil (Go nil interface trap) and causes panics in setAgentModes.
353	var topoIface api.TopologyManager
354	if topoMgr != nil {
355	topoIface = topoMgr
356	}
357	apiSrv := api.New(reg, tokens, bridgeBot, policyStore, adminStore, llmCfg, topoIface, cfgStore, cfg.TLS.Domain, log)
358	handler := apiSrv.Handler()
359
360	var httpServer, tlsServer *http.Server
361
362	if cfg.TLS.Domain != "" {
	@@ -418,11 +441,11 @@
418	}
419	}()
420	}
421
422	// Start MCP server.
423	mcpSrv := mcp.New(reg, &ergoChannelLister{ergoMgr.API()}, tokens, log)
424	mcpServer := &http.Server{
425	Addr: cfg.MCPAddr,
426	Handler: mcpSrv.Handler(),
427	}
428	go func() {
429

	--- cmd/scuttlebot/main.go
	+++ cmd/scuttlebot/main.go
	@@ -138,18 +138,31 @@
138	} else if err := reg.SetDataPath(filepath.Join(cfg.Ergo.DataDir, "registry.json")); err != nil {
139	log.Error("registry load", "err", err)
140	os.Exit(1)
141	}
142
143	// API key store — per-consumer tokens with scoped permissions.
144	apiKeyStore, err := auth.NewAPIKeyStore(filepath.Join(cfg.Ergo.DataDir, "api_keys.json"))
145	if err != nil {
146	log.Error("api key store", "err", err)
147	os.Exit(1)
148	}
149	// Migrate legacy api_token into key store on first run.
150	if apiKeyStore.IsEmpty() {
151	apiToken, err := loadOrCreateToken(filepath.Join(cfg.Ergo.DataDir, "api_token"))
152	if err != nil {
153	log.Error("api token", "err", err)
154	os.Exit(1)
155	}
156	if _, err := apiKeyStore.Insert("server", apiToken, []auth.Scope{auth.ScopeAdmin}); err != nil {
157	log.Error("migrate api token to key store", "err", err)
158	os.Exit(1)
159	}
160	log.Info("migrated api_token to api_keys.json", "token", apiToken)
161	} else {
162	log.Info("api key store loaded", "keys", len(apiKeyStore.List()))
163	}
164
165	// Start bridge bot (powers the web chat UI).
166	var bridgeBot *bridge.Bot
167	if cfg.Bridge.Enabled {
168	if cfg.Bridge.Password == "" {
	@@ -204,10 +217,11 @@
217	Name: sc.Name,
218	Topic: sc.Topic,
219	Ops: sc.Ops,
220	Voice: sc.Voice,
221	Autojoin: sc.Autojoin,
222	Modes: sc.Modes,
223	})
224	}
225	if err := topoMgr.Provision(staticChannels); err != nil {
226	log.Error("topology provision failed", "err", err)
227	}
	@@ -328,19 +342,28 @@
342	staticChannels := make([]topology.ChannelConfig, 0, len(updated.Topology.Channels))
343	for _, sc := range updated.Topology.Channels {
344	staticChannels = append(staticChannels, topology.ChannelConfig{
345	Name: sc.Name, Topic: sc.Topic,
346	Ops: sc.Ops, Voice: sc.Voice, Autojoin: sc.Autojoin,
347	Modes: sc.Modes,
348	})
349	}
350	if err := topoMgr.Provision(staticChannels); err != nil {
351	log.Error("topology hot-reload failed", "err", err)
352	}
353	}
354	// Hot-reload bridge web TTL.
355	if bridgeBot != nil {
356	bridgeBot.SetWebUserTTL(time.Duration(updated.Bridge.WebUserTTLMinutes) * time.Minute)
357	}
358	// Regenerate ircd.yaml and rehash Ergo on config changes.
359	if ergoMgr != nil {
360	if err := ergoMgr.UpdateConfig(updated.Ergo); err != nil {
361	log.Error("ergo config hot-reload failed", "err", err)
362	} else {
363	log.Info("ergo config reloaded")
364	}
365	}
366	})
367
368	// Start HTTP REST API server.
369	var llmCfg *config.LLMConfig
	@@ -352,11 +375,11 @@
375	// non-nil (Go nil interface trap) and causes panics in setAgentModes.
376	var topoIface api.TopologyManager
377	if topoMgr != nil {
378	topoIface = topoMgr
379	}
380	apiSrv := api.New(reg, apiKeyStore, bridgeBot, policyStore, adminStore, llmCfg, topoIface, cfgStore, cfg.TLS.Domain, log)
381	handler := apiSrv.Handler()
382
383	var httpServer, tlsServer *http.Server
384
385	if cfg.TLS.Domain != "" {
	@@ -418,11 +441,11 @@
441	}
442	}()
443	}
444
445	// Start MCP server.
446	mcpSrv := mcp.New(reg, &ergoChannelLister{ergoMgr.API()}, apiKeyStore, log)
447	mcpServer := &http.Server{
448	Addr: cfg.MCPAddr,
449	Handler: mcpSrv.Handler(),
450	}
451	go func() {
452

M cmd/scuttlectl/internal/apiclient/apiclient.go

+20

		--- cmd/scuttlectl/internal/apiclient/apiclient.go
		+++ cmd/scuttlectl/internal/apiclient/apiclient.go
		@@ -137,10 +137,30 @@
137	137	// RemoveAdmin sends DELETE /v1/admins/{username}.
138	138	func (c *Client) RemoveAdmin(username string) error {
139	139	_, err := c.doNoBody("DELETE", "/v1/admins/"+username)
140	140	return err
141	141	}
	142	+
	143	+// ListAPIKeys returns GET /v1/api-keys.
	144	+func (c *Client) ListAPIKeys() (json.RawMessage, error) {
	145	+ return c.get("/v1/api-keys")
	146	+}
	147	+
	148	+// CreateAPIKey sends POST /v1/api-keys.
	149	+func (c *Client) CreateAPIKey(name string, scopes []string, expiresIn string) (json.RawMessage, error) {
	150	+ body := map[string]any{"name": name, "scopes": scopes}
	151	+ if expiresIn != "" {
	152	+ body["expires_in"] = expiresIn
	153	+ }
	154	+ return c.post("/v1/api-keys", body)
	155	+}
	156	+
	157	+// RevokeAPIKey sends DELETE /v1/api-keys/{id}.
	158	+func (c *Client) RevokeAPIKey(id string) error {
	159	+ _, err := c.doNoBody("DELETE", "/v1/api-keys/"+id)
	160	+ return err
	161	+}
142	162
143	163	// SetAdminPassword sends PUT /v1/admins/{username}/password.
144	164	func (c *Client) SetAdminPassword(username, password string) error {
145	165	_, err := c.put("/v1/admins/"+username+"/password", map[string]string{"password": password})
146	166	return err
147	167

	--- cmd/scuttlectl/internal/apiclient/apiclient.go
	+++ cmd/scuttlectl/internal/apiclient/apiclient.go
	@@ -137,10 +137,30 @@
137	// RemoveAdmin sends DELETE /v1/admins/{username}.
138	func (c *Client) RemoveAdmin(username string) error {
139	_, err := c.doNoBody("DELETE", "/v1/admins/"+username)
140	return err
141	}




















142
143	// SetAdminPassword sends PUT /v1/admins/{username}/password.
144	func (c *Client) SetAdminPassword(username, password string) error {
145	_, err := c.put("/v1/admins/"+username+"/password", map[string]string{"password": password})
146	return err
147

	--- cmd/scuttlectl/internal/apiclient/apiclient.go
	+++ cmd/scuttlectl/internal/apiclient/apiclient.go
	@@ -137,10 +137,30 @@
137	// RemoveAdmin sends DELETE /v1/admins/{username}.
138	func (c *Client) RemoveAdmin(username string) error {
139	_, err := c.doNoBody("DELETE", "/v1/admins/"+username)
140	return err
141	}
142
143	// ListAPIKeys returns GET /v1/api-keys.
144	func (c *Client) ListAPIKeys() (json.RawMessage, error) {
145	return c.get("/v1/api-keys")
146	}
147
148	// CreateAPIKey sends POST /v1/api-keys.
149	func (c *Client) CreateAPIKey(name string, scopes []string, expiresIn string) (json.RawMessage, error) {
150	body := map[string]any{"name": name, "scopes": scopes}
151	if expiresIn != "" {
152	body["expires_in"] = expiresIn
153	}
154	return c.post("/v1/api-keys", body)
155	}
156
157	// RevokeAPIKey sends DELETE /v1/api-keys/{id}.
158	func (c *Client) RevokeAPIKey(id string) error {
159	_, err := c.doNoBody("DELETE", "/v1/api-keys/"+id)
160	return err
161	}
162
163	// SetAdminPassword sends PUT /v1/admins/{username}/password.
164	func (c *Client) SetAdminPassword(username, password string) error {
165	_, err := c.put("/v1/admins/"+username+"/password", map[string]string{"password": password})
166	return err
167

M cmd/scuttlectl/main.go

+99

		--- cmd/scuttlectl/main.go
		+++ cmd/scuttlectl/main.go
		@@ -108,10 +108,28 @@
108	108	requireArgs(args, 3, "scuttlectl admin passwd <username>")
109	109	cmdAdminPasswd(api, args[2])
110	110	default:
111	111	fmt.Fprintf(os.Stderr, "unknown subcommand: admin %s\n", args[1])
112	112	os.Exit(1)
	113	+ }
	114	+ case "api-key", "api-keys":
	115	+ if len(args) < 2 {
	116	+ fmt.Fprintf(os.Stderr, "usage: scuttlectl api-key <list\|create\|revoke>\n")
	117	+ os.Exit(1)
	118	+ }
	119	+ switch args[1] {
	120	+ case "list":
	121	+ cmdAPIKeyList(api, *jsonFlag)
	122	+ case "create":
	123	+ requireArgs(args, 3, "scuttlectl api-key create --name <name> --scopes <scope1,scope2>")
	124	+ cmdAPIKeyCreate(api, args[2:], *jsonFlag)
	125	+ case "revoke":
	126	+ requireArgs(args, 3, "scuttlectl api-key revoke <id>")
	127	+ cmdAPIKeyRevoke(api, args[2])
	128	+ default:
	129	+ fmt.Fprintf(os.Stderr, "unknown subcommand: api-key %s\n", args[1])
	130	+ os.Exit(1)
113	131	}
114	132	case "channels", "channel":
115	133	if len(args) < 2 {
116	134	fmt.Fprintf(os.Stderr, "usage: scuttlectl channels <list\|users <channel>>\n")
117	135	os.Exit(1)
		@@ -491,10 +509,88 @@
491	509	fmt.Fprintf(tw, "password\t%s\n", creds.Password)
492	510	fmt.Fprintf(tw, "server\t%s\n", creds.Server)
493	511	tw.Flush()
494	512	fmt.Println("\nStore this password — it will not be shown again.")
495	513	}
	514	+
	515	+func cmdAPIKeyList(api *apiclient.Client, asJSON bool) {
	516	+ raw, err := api.ListAPIKeys()
	517	+ die(err)
	518	+ if asJSON {
	519	+ printJSON(raw)
	520	+ return
	521	+ }
	522	+
	523	+ var keys []struct {
	524	+ ID string `json:"id"`
	525	+ Name string `json:"name"`
	526	+ Scopes []string `json:"scopes"`
	527	+ CreatedAt string `json:"created_at"`
	528	+ LastUsed *string `json:"last_used"`
	529	+ ExpiresAt *string `json:"expires_at"`
	530	+ Active bool `json:"active"`
	531	+ }
	532	+ must(json.Unmarshal(raw, &keys))
	533	+
	534	+ if len(keys) == 0 {
	535	+ fmt.Println("no API keys")
	536	+ return
	537	+ }
	538	+
	539	+ tw := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
	540	+ fmt.Fprintln(tw, "ID\tNAME\tSCOPES\tACTIVE\tLAST USED")
	541	+ for _, k := range keys {
	542	+ lastUsed := "-"
	543	+ if k.LastUsed != nil {
	544	+ lastUsed = *k.LastUsed
	545	+ }
	546	+ status := "yes"
	547	+ if !k.Active {
	548	+ status = "revoked"
	549	+ }
	550	+ fmt.Fprintf(tw, "%s\t%s\t%s\t%s\t%s\n", k.ID, k.Name, strings.Join(k.Scopes, ","), status, lastUsed)
	551	+ }
	552	+ tw.Flush()
	553	+}
	554	+
	555	+func cmdAPIKeyCreate(api *apiclient.Client, args []string, asJSON bool) {
	556	+ fs := flag.NewFlagSet("api-key create", flag.ExitOnError)
	557	+ nameFlag := fs.String("name", "", "key name (required)")
	558	+ scopesFlag := fs.String("scopes", "", "comma-separated scopes (required)")
	559	+ expiresFlag := fs.String("expires", "", "expiry duration (e.g. 720h for 30 days)")
	560	+ _ = fs.Parse(args)
	561	+
	562	+ if nameFlag == "" \|\| scopesFlag == "" {
	563	+ fmt.Fprintln(os.Stderr, "usage: scuttlectl api-key create --name <name> --scopes <scope1,scope2> [--expires 720h]")
	564	+ os.Exit(1)
	565	+ }
	566	+
	567	+ scopes := strings.Split(*scopesFlag, ",")
	568	+ raw, err := api.CreateAPIKey(nameFlag, scopes, expiresFlag)
	569	+ die(err)
	570	+
	571	+ if asJSON {
	572	+ printJSON(raw)
	573	+ return
	574	+ }
	575	+
	576	+ var key struct {
	577	+ ID string `json:"id"`
	578	+ Name string `json:"name"`
	579	+ Token string `json:"token"`
	580	+ }
	581	+ must(json.Unmarshal(raw, &key))
	582	+
	583	+ fmt.Printf("API key created: %s\n\n", key.Name)
	584	+ fmt.Printf(" Token: %s\n\n", key.Token)
	585	+ fmt.Println("Store this token — it will not be shown again.")
	586	+}
	587	+
	588	+func cmdAPIKeyRevoke(api *apiclient.Client, id string) {
	589	+ die(api.RevokeAPIKey(id))
	590	+ fmt.Printf("API key revoked: %s\n", id)
	591	+}
496	592
497	593	func usage() {
498	594	fmt.Fprintf(os.Stderr, `scuttlectl %s — scuttlebot management CLI
499	595
500	596	Usage:
		@@ -526,10 +622,13 @@
526	622	backend rename <old> <new> rename a backend
527	623	admin list list admin accounts
528	624	admin add <username> add admin (prompts for password)
529	625	admin remove <username> remove admin
530	626	admin passwd <username> change admin password (prompts)
	627	+ api-key list list API keys
	628	+ api-key create --name <name> --scopes <s1,s2> [--expires 720h]
	629	+ api-key revoke <id> revoke an API key
531	630	`, version)
532	631	}
533	632
534	633	func printJSON(raw json.RawMessage) {
535	634	var buf []byte
536	635

	--- cmd/scuttlectl/main.go
	+++ cmd/scuttlectl/main.go
	@@ -108,10 +108,28 @@
108	requireArgs(args, 3, "scuttlectl admin passwd <username>")
109	cmdAdminPasswd(api, args[2])
110	default:
111	fmt.Fprintf(os.Stderr, "unknown subcommand: admin %s\n", args[1])
112	os.Exit(1)


















113	}
114	case "channels", "channel":
115	if len(args) < 2 {
116	fmt.Fprintf(os.Stderr, "usage: scuttlectl channels <list\|users <channel>>\n")
117	os.Exit(1)
	@@ -491,10 +509,88 @@
491	fmt.Fprintf(tw, "password\t%s\n", creds.Password)
492	fmt.Fprintf(tw, "server\t%s\n", creds.Server)
493	tw.Flush()
494	fmt.Println("\nStore this password — it will not be shown again.")
495	}














































































496
497	func usage() {
498	fmt.Fprintf(os.Stderr, `scuttlectl %s — scuttlebot management CLI
499
500	Usage:
	@@ -526,10 +622,13 @@
526	backend rename <old> <new> rename a backend
527	admin list list admin accounts
528	admin add <username> add admin (prompts for password)
529	admin remove <username> remove admin
530	admin passwd <username> change admin password (prompts)



531	`, version)
532	}
533
534	func printJSON(raw json.RawMessage) {
535	var buf []byte
536

	--- cmd/scuttlectl/main.go
	+++ cmd/scuttlectl/main.go
	@@ -108,10 +108,28 @@
108	requireArgs(args, 3, "scuttlectl admin passwd <username>")
109	cmdAdminPasswd(api, args[2])
110	default:
111	fmt.Fprintf(os.Stderr, "unknown subcommand: admin %s\n", args[1])
112	os.Exit(1)
113	}
114	case "api-key", "api-keys":
115	if len(args) < 2 {
116	fmt.Fprintf(os.Stderr, "usage: scuttlectl api-key <list\|create\|revoke>\n")
117	os.Exit(1)
118	}
119	switch args[1] {
120	case "list":
121	cmdAPIKeyList(api, *jsonFlag)
122	case "create":
123	requireArgs(args, 3, "scuttlectl api-key create --name <name> --scopes <scope1,scope2>")
124	cmdAPIKeyCreate(api, args[2:], *jsonFlag)
125	case "revoke":
126	requireArgs(args, 3, "scuttlectl api-key revoke <id>")
127	cmdAPIKeyRevoke(api, args[2])
128	default:
129	fmt.Fprintf(os.Stderr, "unknown subcommand: api-key %s\n", args[1])
130	os.Exit(1)
131	}
132	case "channels", "channel":
133	if len(args) < 2 {
134	fmt.Fprintf(os.Stderr, "usage: scuttlectl channels <list\|users <channel>>\n")
135	os.Exit(1)
	@@ -491,10 +509,88 @@
509	fmt.Fprintf(tw, "password\t%s\n", creds.Password)
510	fmt.Fprintf(tw, "server\t%s\n", creds.Server)
511	tw.Flush()
512	fmt.Println("\nStore this password — it will not be shown again.")
513	}
514
515	func cmdAPIKeyList(api *apiclient.Client, asJSON bool) {
516	raw, err := api.ListAPIKeys()
517	die(err)
518	if asJSON {
519	printJSON(raw)
520	return
521	}
522
523	var keys []struct {
524	ID string `json:"id"`
525	Name string `json:"name"`
526	Scopes []string `json:"scopes"`
527	CreatedAt string `json:"created_at"`
528	LastUsed *string `json:"last_used"`
529	ExpiresAt *string `json:"expires_at"`
530	Active bool `json:"active"`
531	}
532	must(json.Unmarshal(raw, &keys))
533
534	if len(keys) == 0 {
535	fmt.Println("no API keys")
536	return
537	}
538
539	tw := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
540	fmt.Fprintln(tw, "ID\tNAME\tSCOPES\tACTIVE\tLAST USED")
541	for _, k := range keys {
542	lastUsed := "-"
543	if k.LastUsed != nil {
544	lastUsed = *k.LastUsed
545	}
546	status := "yes"
547	if !k.Active {
548	status = "revoked"
549	}
550	fmt.Fprintf(tw, "%s\t%s\t%s\t%s\t%s\n", k.ID, k.Name, strings.Join(k.Scopes, ","), status, lastUsed)
551	}
552	tw.Flush()
553	}
554
555	func cmdAPIKeyCreate(api *apiclient.Client, args []string, asJSON bool) {
556	fs := flag.NewFlagSet("api-key create", flag.ExitOnError)
557	nameFlag := fs.String("name", "", "key name (required)")
558	scopesFlag := fs.String("scopes", "", "comma-separated scopes (required)")
559	expiresFlag := fs.String("expires", "", "expiry duration (e.g. 720h for 30 days)")
560	_ = fs.Parse(args)
561
562	if nameFlag == "" \|\| scopesFlag == "" {
563	fmt.Fprintln(os.Stderr, "usage: scuttlectl api-key create --name <name> --scopes <scope1,scope2> [--expires 720h]")
564	os.Exit(1)
565	}
566
567	scopes := strings.Split(*scopesFlag, ",")
568	raw, err := api.CreateAPIKey(nameFlag, scopes, expiresFlag)
569	die(err)
570
571	if asJSON {
572	printJSON(raw)
573	return
574	}
575
576	var key struct {
577	ID string `json:"id"`
578	Name string `json:"name"`
579	Token string `json:"token"`
580	}
581	must(json.Unmarshal(raw, &key))
582
583	fmt.Printf("API key created: %s\n\n", key.Name)
584	fmt.Printf(" Token: %s\n\n", key.Token)
585	fmt.Println("Store this token — it will not be shown again.")
586	}
587
588	func cmdAPIKeyRevoke(api *apiclient.Client, id string) {
589	die(api.RevokeAPIKey(id))
590	fmt.Printf("API key revoked: %s\n", id)
591	}
592
593	func usage() {
594	fmt.Fprintf(os.Stderr, `scuttlectl %s — scuttlebot management CLI
595
596	Usage:
	@@ -526,10 +622,13 @@
622	backend rename <old> <new> rename a backend
623	admin list list admin accounts
624	admin add <username> add admin (prompts for password)
625	admin remove <username> remove admin
626	admin passwd <username> change admin password (prompts)
627	api-key list list API keys
628	api-key create --name <name> --scopes <s1,s2> [--expires 720h]
629	api-key revoke <id> revoke an API key
630	`, version)
631	}
632
633	func printJSON(raw json.RawMessage) {
634	var buf []byte
635

M deploy/compose/ergo/ircd.yaml.tmpl

+3 -1

		--- deploy/compose/ergo/ircd.yaml.tmpl
		+++ deploy/compose/ergo/ircd.yaml.tmpl
		@@ -13,11 +13,13 @@
13	13	enforce-utf8: true
14	14	lookup-hostnames: false
15	15	forward-confirm-hostnames: false
16	16	check-ident: false
17	17	relaymsg:
18		- enabled: false
	18	+ enabled: true
	19	+ separators: /
	20	+ available-to-chanops: false
19	21	ip-cloaking:
20	22	enabled: false
21	23	max-sendq: "1M"
22	24	ip-limits:
23	25	count-exempted: true
24	26

	--- deploy/compose/ergo/ircd.yaml.tmpl
	+++ deploy/compose/ergo/ircd.yaml.tmpl
	@@ -13,11 +13,13 @@
13	enforce-utf8: true
14	lookup-hostnames: false
15	forward-confirm-hostnames: false
16	check-ident: false
17	relaymsg:
18	enabled: false


19	ip-cloaking:
20	enabled: false
21	max-sendq: "1M"
22	ip-limits:
23	count-exempted: true
24

	--- deploy/compose/ergo/ircd.yaml.tmpl
	+++ deploy/compose/ergo/ircd.yaml.tmpl
	@@ -13,11 +13,13 @@
13	enforce-utf8: true
14	lookup-hostnames: false
15	forward-confirm-hostnames: false
16	check-ident: false
17	relaymsg:
18	enabled: true
19	separators: /
20	available-to-chanops: false
21	ip-cloaking:
22	enabled: false
23	max-sendq: "1M"
24	ip-limits:
25	count-exempted: true
26

M internal/api/api_test.go

+2 -1

		--- internal/api/api_test.go
		+++ internal/api/api_test.go
		@@ -8,10 +8,11 @@
8	8	"net/http/httptest"
9	9	"sync"
10	10	"testing"
11	11
12	12	"github.com/conflicthq/scuttlebot/internal/api"
	13	+ "github.com/conflicthq/scuttlebot/internal/auth"
13	14	"github.com/conflicthq/scuttlebot/internal/registry"
14	15	"log/slog"
15	16	"os"
16	17	)
17	18
		@@ -50,11 +51,11 @@
50	51	const testToken = "test-api-token-abc123"
51	52
52	53	func newTestServer(t testing.T) httptest.Server {
53	54	t.Helper()
54	55	reg := registry.New(newMock(), []byte("test-signing-key"))
55		- srv := api.New(reg, []string{testToken}, nil, nil, nil, nil, nil, nil, "", testLog)
	56	+ srv := api.New(reg, auth.TestStore(testToken), nil, nil, nil, nil, nil, nil, "", testLog)
56	57	return httptest.NewServer(srv.Handler())
57	58	}
58	59
59	60	func authHeader() http.Header {
60	61	h := http.Header{}
61	62
62	63	ADDED internal/api/apikeys.go

	--- internal/api/api_test.go
	+++ internal/api/api_test.go
	@@ -8,10 +8,11 @@
8	"net/http/httptest"
9	"sync"
10	"testing"
11
12	"github.com/conflicthq/scuttlebot/internal/api"

13	"github.com/conflicthq/scuttlebot/internal/registry"
14	"log/slog"
15	"os"
16	)
17
	@@ -50,11 +51,11 @@
50	const testToken = "test-api-token-abc123"
51
52	func newTestServer(t testing.T) httptest.Server {
53	t.Helper()
54	reg := registry.New(newMock(), []byte("test-signing-key"))
55	srv := api.New(reg, []string{testToken}, nil, nil, nil, nil, nil, nil, "", testLog)
56	return httptest.NewServer(srv.Handler())
57	}
58
59	func authHeader() http.Header {
60	h := http.Header{}
61
62	DDED internal/api/apikeys.go

	--- internal/api/api_test.go
	+++ internal/api/api_test.go
	@@ -8,10 +8,11 @@
8	"net/http/httptest"
9	"sync"
10	"testing"
11
12	"github.com/conflicthq/scuttlebot/internal/api"
13	"github.com/conflicthq/scuttlebot/internal/auth"
14	"github.com/conflicthq/scuttlebot/internal/registry"
15	"log/slog"
16	"os"
17	)
18
	@@ -50,11 +51,11 @@
51	const testToken = "test-api-token-abc123"
52
53	func newTestServer(t testing.T) httptest.Server {
54	t.Helper()
55	reg := registry.New(newMock(), []byte("test-signing-key"))
56	srv := api.New(reg, auth.TestStore(testToken), nil, nil, nil, nil, nil, nil, "", testLog)
57	return httptest.NewServer(srv.Handler())
58	}
59
60	func authHeader() http.Header {
61	h := http.Header{}
62
63	DDED internal/api/apikeys.go

M internal/api/apikeys.go

+125

		--- a/internal/api/apikeys.go
		+++ b/internal/api/apikeys.go
		@@ -0,0 +1,125 @@
	1	+package api
	2	+
	3	+import (
	4	+ "encoding/json"
	5	+ "net/http"
	6	+ "time"
	7	+
	8	+ "github.com/conflicthq/scuttlebot/internal/auth"
	9	+)
	10	+
	11	+type createAPIKeyRequest struct {
	12	+ Name string `json:"name"`
	13	+ Scopes []string `json:"scopes"`
	14	+ ExpiresIn string `json:"expires_in,omitempty"` // e.g. "720h" for 30 days, empty = never
	15	+}
	16	+
	17	+type createAPIKeyResponse struct {
	18	+ ID string `json:"id"`
	19	+ Name string `json:"name"`
	20	+ Token string `json:"token"` // plaintext, shown only once
	21	+ Scopes []auth.Scope `json:"scopes"`
	22	+ CreatedAt time.Time `json:"created_at"`
	23	+ ExpiresAt *time.Time `json:"expires_at,omitempty"`
	24	+}
	25	+
	26	+type apiKeyListEntry struct {
	27	+ ID string `json:"id"`
	28	+ Name string `json:"name"`
	29	+ Scopes []auth.Scope `json:"scopes"`
	30	+ CreatedAt time.Time `json:"created_at"`
	31	+ LastUsed *time.Time `json:"last_used,omitempty"`
	32	+ ExpiresAt *time.Time `json:"expires_at,omitempty"`
	33	+ Active bool `json:"active"`
	34	+}
	35	+
	36	+// handleListAPIKeys handles GET /v1/api-keys.
	37	+func (s Server) handleListAPIKeys(w http.ResponseWriter, r http.Request) {
	38	+ keys := s.apiKeys.List()
	39	+ out := make([]apiKeyListEntry, len(keys))
	40	+ for i, k := range keys {
	41	+ out[i] = apiKeyListEntry{
	42	+ ID: k.ID,
	43	+ Name: k.Name,
	44	+ Scopes: k.Scopes,
	45	+ CreatedAt: k.CreatedAt,
	46	+ Active: k.Active,
	47	+ }
	48	+ if !k.LastUsed.IsZero() {
	49	+ t := k.LastUsed
	50	+ out[i].LastUsed = &t
	51	+ }
	52	+ if !k.ExpiresAt.IsZero() {
	53	+ t := k.ExpiresAt
	54	+ out[i].ExpiresAt = &t
	55	+ }
	56	+ }
	57	+ writeJSON(w, http.StatusOK, out)
	58	+}
	59	+
	60	+// handleCreateAPIKey handles POST /v1/api-keys.
	61	+func (s Server) handleCreateAPIKey(w http.ResponseWriter, r http.Request) {
	62	+ var req createAPIKeyRequest
	63	+ if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
	64	+ writeError(w, http.StatusBadRequest, "invalid request body")
	65	+ return
	66	+ }
	67	+ if req.Name == "" {
	68	+ writeError(w, http.StatusBadRequest, "name is required")
	69	+ return
	70	+ }
	71	+
	72	+ scopes := make([]auth.Scope, len(req.Scopes))
	73	+ for i, s := range req.Scopes {
	74	+ scope := auth.Scope(s)
	75	+ if !auth.ValidScopes[scope] {
	76	+ writeError(w, http.StatusBadRequest, "unknown scope: "+s)
	77	+ return
	78	+ }
	79	+ scopes[i] = scope
	80	+ }
	81	+ if len(scopes) == 0 {
	82	+ writeError(w, http.StatusBadRequest, "at least one scope is required")
	83	+ return
	84	+ }
	85	+
	86	+ var expiresAt time.Time
	87	+ if req.ExpiresIn != "" {
	88	+ dur, err := time.ParseDuration(req.ExpiresIn)
	89	+ if err != nil {
	90	+ writeError(w, http.StatusBadRequest, "invalid expires_in duration: "+err.Error())
	91	+ return
	92	+ }
	93	+ expiresAt = time.Now().Add(dur)
	94	+ }
	95	+
	96	+ token, key, err := s.apiKeys.Create(req.Name, scopes, expiresAt)
	97	+ if err != nil {
	98	+ s.log.Error("create api key", "err", err)
	99	+ writeError(w, http.StatusInternalServerError, "failed to create API key")
	100	+ return
	101	+ }
	102	+
	103	+ resp := createAPIKeyResponse{
	104	+ ID: key.ID,
	105	+ Name: key.Name,
	106	+ Token: token,
	107	+ Scopes: key.Scopes,
	108	+ CreatedAt: key.CreatedAt,
	109	+ }
	110	+ if !key.ExpiresAt.IsZero() {
	111	+ t := key.ExpiresAt
	112	+ resp.ExpiresAt = &t
	113	+ }
	114	+ writeJSON(w, http.StatusCreated, resp)
	115	+}
	116	+
	117	+// handleRevokeAPIKey handles DELETE /v1/api-keys/{id}.
	118	+func (s Server) handleRevokeAPIKey(w http.ResponseWriter, r http.Request) {
	119	+ id := r.PathValue("id")
	120	+ if err := s.apiKeys.Revoke(id); err != nil {
	121	+ writeError(w, http.StatusNotFound, err.Error())
	122	+ return
	123	+ }
	124	+ w.WriteHeader(http.StatusNoContent)
	125	+}

	--- a/internal/api/apikeys.go
	+++ b/internal/api/apikeys.go
	@@ -0,0 +1,125 @@

	--- a/internal/api/apikeys.go
	+++ b/internal/api/apikeys.go
	@@ -0,0 +1,125 @@
1	package api
2
3	import (
4	"encoding/json"
5	"net/http"
6	"time"
7
8	"github.com/conflicthq/scuttlebot/internal/auth"
9	)
10
11	type createAPIKeyRequest struct {
12	Name string `json:"name"`
13	Scopes []string `json:"scopes"`
14	ExpiresIn string `json:"expires_in,omitempty"` // e.g. "720h" for 30 days, empty = never
15	}
16
17	type createAPIKeyResponse struct {
18	ID string `json:"id"`
19	Name string `json:"name"`
20	Token string `json:"token"` // plaintext, shown only once
21	Scopes []auth.Scope `json:"scopes"`
22	CreatedAt time.Time `json:"created_at"`
23	ExpiresAt *time.Time `json:"expires_at,omitempty"`
24	}
25
26	type apiKeyListEntry struct {
27	ID string `json:"id"`
28	Name string `json:"name"`
29	Scopes []auth.Scope `json:"scopes"`
30	CreatedAt time.Time `json:"created_at"`
31	LastUsed *time.Time `json:"last_used,omitempty"`
32	ExpiresAt *time.Time `json:"expires_at,omitempty"`
33	Active bool `json:"active"`
34	}
35
36	// handleListAPIKeys handles GET /v1/api-keys.
37	func (s Server) handleListAPIKeys(w http.ResponseWriter, r http.Request) {
38	keys := s.apiKeys.List()
39	out := make([]apiKeyListEntry, len(keys))
40	for i, k := range keys {
41	out[i] = apiKeyListEntry{
42	ID: k.ID,
43	Name: k.Name,
44	Scopes: k.Scopes,
45	CreatedAt: k.CreatedAt,
46	Active: k.Active,
47	}
48	if !k.LastUsed.IsZero() {
49	t := k.LastUsed
50	out[i].LastUsed = &t
51	}
52	if !k.ExpiresAt.IsZero() {
53	t := k.ExpiresAt
54	out[i].ExpiresAt = &t
55	}
56	}
57	writeJSON(w, http.StatusOK, out)
58	}
59
60	// handleCreateAPIKey handles POST /v1/api-keys.
61	func (s Server) handleCreateAPIKey(w http.ResponseWriter, r http.Request) {
62	var req createAPIKeyRequest
63	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
64	writeError(w, http.StatusBadRequest, "invalid request body")
65	return
66	}
67	if req.Name == "" {
68	writeError(w, http.StatusBadRequest, "name is required")
69	return
70	}
71
72	scopes := make([]auth.Scope, len(req.Scopes))
73	for i, s := range req.Scopes {
74	scope := auth.Scope(s)
75	if !auth.ValidScopes[scope] {
76	writeError(w, http.StatusBadRequest, "unknown scope: "+s)
77	return
78	}
79	scopes[i] = scope
80	}
81	if len(scopes) == 0 {
82	writeError(w, http.StatusBadRequest, "at least one scope is required")
83	return
84	}
85
86	var expiresAt time.Time
87	if req.ExpiresIn != "" {
88	dur, err := time.ParseDuration(req.ExpiresIn)
89	if err != nil {
90	writeError(w, http.StatusBadRequest, "invalid expires_in duration: "+err.Error())
91	return
92	}
93	expiresAt = time.Now().Add(dur)
94	}
95
96	token, key, err := s.apiKeys.Create(req.Name, scopes, expiresAt)
97	if err != nil {
98	s.log.Error("create api key", "err", err)
99	writeError(w, http.StatusInternalServerError, "failed to create API key")
100	return
101	}
102
103	resp := createAPIKeyResponse{
104	ID: key.ID,
105	Name: key.Name,
106	Token: token,
107	Scopes: key.Scopes,
108	CreatedAt: key.CreatedAt,
109	}
110	if !key.ExpiresAt.IsZero() {
111	t := key.ExpiresAt
112	resp.ExpiresAt = &t
113	}
114	writeJSON(w, http.StatusCreated, resp)
115	}
116
117	// handleRevokeAPIKey handles DELETE /v1/api-keys/{id}.
118	func (s Server) handleRevokeAPIKey(w http.ResponseWriter, r http.Request) {
119	id := r.PathValue("id")
120	if err := s.apiKeys.Revoke(id); err != nil {
121	writeError(w, http.StatusNotFound, err.Error())
122	return
123	}
124	w.WriteHeader(http.StatusNoContent)
125	}

M internal/api/channels_topology.go

+11 -3

		--- internal/api/channels_topology.go
		+++ internal/api/channels_topology.go
		@@ -14,10 +14,11 @@
14	14	ProvisionChannel(ch topology.ChannelConfig) error
15	15	DropChannel(channel string)
16	16	Policy() *topology.Policy
17	17	GrantAccess(nick, channel, level string)
18	18	RevokeAccess(nick, channel string)
	19	+ ListChannels() []topology.ChannelInfo
19	20	}
20	21
21	22	type provisionChannelRequest struct {
22	23	Name string `json:"name"`
23	24	Topic string `json:"topic,omitempty"`
		@@ -51,22 +52,27 @@
51	52	return
52	53	}
53	54
54	55	policy := s.topoMgr.Policy()
55	56
56		- // Merge autojoin from policy if the caller didn't specify any.
	57	+ // Merge autojoin and modes from policy if the caller didn't specify any.
57	58	autojoin := req.Autojoin
58	59	if len(autojoin) == 0 && policy != nil {
59	60	autojoin = policy.AutojoinFor(req.Name)
60	61	}
	62	+ var modes []string
	63	+ if policy != nil {
	64	+ modes = policy.ModesFor(req.Name)
	65	+ }
61	66
62	67	ch := topology.ChannelConfig{
63	68	Name: req.Name,
64	69	Topic: req.Topic,
65	70	Ops: req.Ops,
66	71	Voice: req.Voice,
67	72	Autojoin: autojoin,
	73	+ Modes: modes,
68	74	}
69	75	if err := s.topoMgr.ProvisionChannel(ch); err != nil {
70	76	s.log.Error("provision channel", "channel", req.Name, "err", err)
71	77	writeError(w, http.StatusInternalServerError, "provision failed")
72	78	return
		@@ -91,12 +97,13 @@
91	97	Ephemeral bool `json:"ephemeral,omitempty"`
92	98	TTLSeconds int64 `json:"ttl_seconds,omitempty"`
93	99	}
94	100
95	101	type topologyResponse struct {
96		- StaticChannels []string `json:"static_channels"`
97		- Types []channelTypeInfo `json:"types"`
	102	+ StaticChannels []string `json:"static_channels"`
	103	+ Types []channelTypeInfo `json:"types"`
	104	+ ActiveChannels []topology.ChannelInfo `json:"active_channels,omitempty"`
98	105	}
99	106
100	107	// handleDropChannel handles DELETE /v1/topology/channels/{channel}.
101	108	// Drops the ChanServ registration of an ephemeral channel.
102	109	func (s Server) handleDropChannel(w http.ResponseWriter, r http.Request) {
		@@ -146,7 +153,8 @@
146	153	}
147	154
148	155	writeJSON(w, http.StatusOK, topologyResponse{
149	156	StaticChannels: staticNames,
150	157	Types: typeInfos,
	158	+ ActiveChannels: s.topoMgr.ListChannels(),
151	159	})
152	160	}
153	161

	--- internal/api/channels_topology.go
	+++ internal/api/channels_topology.go
	@@ -14,10 +14,11 @@
14	ProvisionChannel(ch topology.ChannelConfig) error
15	DropChannel(channel string)
16	Policy() *topology.Policy
17	GrantAccess(nick, channel, level string)
18	RevokeAccess(nick, channel string)

19	}
20
21	type provisionChannelRequest struct {
22	Name string `json:"name"`
23	Topic string `json:"topic,omitempty"`
	@@ -51,22 +52,27 @@
51	return
52	}
53
54	policy := s.topoMgr.Policy()
55
56	// Merge autojoin from policy if the caller didn't specify any.
57	autojoin := req.Autojoin
58	if len(autojoin) == 0 && policy != nil {
59	autojoin = policy.AutojoinFor(req.Name)
60	}




61
62	ch := topology.ChannelConfig{
63	Name: req.Name,
64	Topic: req.Topic,
65	Ops: req.Ops,
66	Voice: req.Voice,
67	Autojoin: autojoin,

68	}
69	if err := s.topoMgr.ProvisionChannel(ch); err != nil {
70	s.log.Error("provision channel", "channel", req.Name, "err", err)
71	writeError(w, http.StatusInternalServerError, "provision failed")
72	return
	@@ -91,12 +97,13 @@
91	Ephemeral bool `json:"ephemeral,omitempty"`
92	TTLSeconds int64 `json:"ttl_seconds,omitempty"`
93	}
94
95	type topologyResponse struct {
96	StaticChannels []string `json:"static_channels"`
97	Types []channelTypeInfo `json:"types"`

98	}
99
100	// handleDropChannel handles DELETE /v1/topology/channels/{channel}.
101	// Drops the ChanServ registration of an ephemeral channel.
102	func (s Server) handleDropChannel(w http.ResponseWriter, r http.Request) {
	@@ -146,7 +153,8 @@
146	}
147
148	writeJSON(w, http.StatusOK, topologyResponse{
149	StaticChannels: staticNames,
150	Types: typeInfos,

151	})
152	}
153

	--- internal/api/channels_topology.go
	+++ internal/api/channels_topology.go
	@@ -14,10 +14,11 @@
14	ProvisionChannel(ch topology.ChannelConfig) error
15	DropChannel(channel string)
16	Policy() *topology.Policy
17	GrantAccess(nick, channel, level string)
18	RevokeAccess(nick, channel string)
19	ListChannels() []topology.ChannelInfo
20	}
21
22	type provisionChannelRequest struct {
23	Name string `json:"name"`
24	Topic string `json:"topic,omitempty"`
	@@ -51,22 +52,27 @@
52	return
53	}
54
55	policy := s.topoMgr.Policy()
56
57	// Merge autojoin and modes from policy if the caller didn't specify any.
58	autojoin := req.Autojoin
59	if len(autojoin) == 0 && policy != nil {
60	autojoin = policy.AutojoinFor(req.Name)
61	}
62	var modes []string
63	if policy != nil {
64	modes = policy.ModesFor(req.Name)
65	}
66
67	ch := topology.ChannelConfig{
68	Name: req.Name,
69	Topic: req.Topic,
70	Ops: req.Ops,
71	Voice: req.Voice,
72	Autojoin: autojoin,
73	Modes: modes,
74	}
75	if err := s.topoMgr.ProvisionChannel(ch); err != nil {
76	s.log.Error("provision channel", "channel", req.Name, "err", err)
77	writeError(w, http.StatusInternalServerError, "provision failed")
78	return
	@@ -91,12 +97,13 @@
97	Ephemeral bool `json:"ephemeral,omitempty"`
98	TTLSeconds int64 `json:"ttl_seconds,omitempty"`
99	}
100
101	type topologyResponse struct {
102	StaticChannels []string `json:"static_channels"`
103	Types []channelTypeInfo `json:"types"`
104	ActiveChannels []topology.ChannelInfo `json:"active_channels,omitempty"`
105	}
106
107	// handleDropChannel handles DELETE /v1/topology/channels/{channel}.
108	// Drops the ChanServ registration of an ephemeral channel.
109	func (s Server) handleDropChannel(w http.ResponseWriter, r http.Request) {
	@@ -146,7 +153,8 @@
153	}
154
155	writeJSON(w, http.StatusOK, topologyResponse{
156	StaticChannels: staticNames,
157	Types: typeInfos,
158	ActiveChannels: s.topoMgr.ListChannels(),
159	})
160	}
161

M internal/api/channels_topology_test.go

+5 -2

		--- internal/api/channels_topology_test.go
		+++ internal/api/channels_topology_test.go
		@@ -9,10 +9,11 @@
9	9	"net/http"
10	10	"net/http/httptest"
11	11	"testing"
12	12	"time"
13	13
	14	+ "github.com/conflicthq/scuttlebot/internal/auth"
14	15	"github.com/conflicthq/scuttlebot/internal/config"
15	16	"github.com/conflicthq/scuttlebot/internal/registry"
16	17	"github.com/conflicthq/scuttlebot/internal/topology"
17	18	)
18	19
		@@ -48,10 +49,12 @@
48	49
49	50	func (s *stubTopologyManager) RevokeAccess(nick, channel string) {
50	51	s.revokes = append(s.revokes, accessCall{Nick: nick, Channel: channel})
51	52	}
52	53
	54	+func (s *stubTopologyManager) ListChannels() []topology.ChannelInfo { return nil }
	55	+
53	56	// stubProvisioner is a minimal AccountProvisioner for agent registration tests.
54	57	type stubProvisioner struct {
55	58	accounts map[string]string
56	59	}
57	60
		@@ -74,11 +77,11 @@
74	77
75	78	func newTopoTestServer(t testing.T, topo stubTopologyManager) (*httptest.Server, string) {
76	79	t.Helper()
77	80	reg := registry.New(nil, []byte("key"))
78	81	log := slog.New(slog.NewTextHandler(io.Discard, nil))
79		- srv := httptest.NewServer(New(reg, []string{"tok"}, nil, nil, nil, nil, topo, nil, "", log).Handler())
	82	+ srv := httptest.NewServer(New(reg, auth.TestStore("tok"), nil, nil, nil, nil, topo, nil, "", log).Handler())
80	83	t.Cleanup(srv.Close)
81	84	return srv, "tok"
82	85	}
83	86
84	87	// newTopoTestServerWithRegistry creates a test server with both topology and a
		@@ -85,11 +88,11 @@
85	88	// real registry backed by stubProvisioner, so agent registration works.
86	89	func newTopoTestServerWithRegistry(t testing.T, topo stubTopologyManager) (*httptest.Server, string) {
87	90	t.Helper()
88	91	reg := registry.New(newStubProvisioner(), []byte("key"))
89	92	log := slog.New(slog.NewTextHandler(io.Discard, nil))
90		- srv := httptest.NewServer(New(reg, []string{"tok"}, nil, nil, nil, nil, topo, nil, "", log).Handler())
	93	+ srv := httptest.NewServer(New(reg, auth.TestStore("tok"), nil, nil, nil, nil, topo, nil, "", log).Handler())
91	94	t.Cleanup(srv.Close)
92	95	return srv, "tok"
93	96	}
94	97
95	98	func TestHandleProvisionChannel(t *testing.T) {
96	99

	--- internal/api/channels_topology_test.go
	+++ internal/api/channels_topology_test.go
	@@ -9,10 +9,11 @@
9	"net/http"
10	"net/http/httptest"
11	"testing"
12	"time"
13

14	"github.com/conflicthq/scuttlebot/internal/config"
15	"github.com/conflicthq/scuttlebot/internal/registry"
16	"github.com/conflicthq/scuttlebot/internal/topology"
17	)
18
	@@ -48,10 +49,12 @@
48
49	func (s *stubTopologyManager) RevokeAccess(nick, channel string) {
50	s.revokes = append(s.revokes, accessCall{Nick: nick, Channel: channel})
51	}
52


53	// stubProvisioner is a minimal AccountProvisioner for agent registration tests.
54	type stubProvisioner struct {
55	accounts map[string]string
56	}
57
	@@ -74,11 +77,11 @@
74
75	func newTopoTestServer(t testing.T, topo stubTopologyManager) (*httptest.Server, string) {
76	t.Helper()
77	reg := registry.New(nil, []byte("key"))
78	log := slog.New(slog.NewTextHandler(io.Discard, nil))
79	srv := httptest.NewServer(New(reg, []string{"tok"}, nil, nil, nil, nil, topo, nil, "", log).Handler())
80	t.Cleanup(srv.Close)
81	return srv, "tok"
82	}
83
84	// newTopoTestServerWithRegistry creates a test server with both topology and a
	@@ -85,11 +88,11 @@
85	// real registry backed by stubProvisioner, so agent registration works.
86	func newTopoTestServerWithRegistry(t testing.T, topo stubTopologyManager) (*httptest.Server, string) {
87	t.Helper()
88	reg := registry.New(newStubProvisioner(), []byte("key"))
89	log := slog.New(slog.NewTextHandler(io.Discard, nil))
90	srv := httptest.NewServer(New(reg, []string{"tok"}, nil, nil, nil, nil, topo, nil, "", log).Handler())
91	t.Cleanup(srv.Close)
92	return srv, "tok"
93	}
94
95	func TestHandleProvisionChannel(t *testing.T) {
96

	--- internal/api/channels_topology_test.go
	+++ internal/api/channels_topology_test.go
	@@ -9,10 +9,11 @@
9	"net/http"
10	"net/http/httptest"
11	"testing"
12	"time"
13
14	"github.com/conflicthq/scuttlebot/internal/auth"
15	"github.com/conflicthq/scuttlebot/internal/config"
16	"github.com/conflicthq/scuttlebot/internal/registry"
17	"github.com/conflicthq/scuttlebot/internal/topology"
18	)
19
	@@ -48,10 +49,12 @@
49
50	func (s *stubTopologyManager) RevokeAccess(nick, channel string) {
51	s.revokes = append(s.revokes, accessCall{Nick: nick, Channel: channel})
52	}
53
54	func (s *stubTopologyManager) ListChannels() []topology.ChannelInfo { return nil }
55
56	// stubProvisioner is a minimal AccountProvisioner for agent registration tests.
57	type stubProvisioner struct {
58	accounts map[string]string
59	}
60
	@@ -74,11 +77,11 @@
77
78	func newTopoTestServer(t testing.T, topo stubTopologyManager) (*httptest.Server, string) {
79	t.Helper()
80	reg := registry.New(nil, []byte("key"))
81	log := slog.New(slog.NewTextHandler(io.Discard, nil))
82	srv := httptest.NewServer(New(reg, auth.TestStore("tok"), nil, nil, nil, nil, topo, nil, "", log).Handler())
83	t.Cleanup(srv.Close)
84	return srv, "tok"
85	}
86
87	// newTopoTestServerWithRegistry creates a test server with both topology and a
	@@ -85,11 +88,11 @@
88	// real registry backed by stubProvisioner, so agent registration works.
89	func newTopoTestServerWithRegistry(t testing.T, topo stubTopologyManager) (*httptest.Server, string) {
90	t.Helper()
91	reg := registry.New(newStubProvisioner(), []byte("key"))
92	log := slog.New(slog.NewTextHandler(io.Discard, nil))
93	srv := httptest.NewServer(New(reg, auth.TestStore("tok"), nil, nil, nil, nil, topo, nil, "", log).Handler())
94	t.Cleanup(srv.Close)
95	return srv, "tok"
96	}
97
98	func TestHandleProvisionChannel(t *testing.T) {
99

M internal/api/chat.go

+3 -1

		--- internal/api/chat.go
		+++ internal/api/chat.go
		@@ -5,10 +5,11 @@
5	5	"encoding/json"
6	6	"fmt"
7	7	"net/http"
8	8	"time"
9	9
	10	+ "github.com/conflicthq/scuttlebot/internal/auth"
10	11	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
11	12	)
12	13
13	14	// chatBridge is the interface the API layer requires from the bridge bot.
14	15	type chatBridge interface {
		@@ -121,11 +122,12 @@
121	122
122	123	// handleChannelStream serves an SSE stream of IRC messages for a channel.
123	124	// Auth is via ?token= query param because EventSource doesn't support custom headers.
124	125	func (s Server) handleChannelStream(w http.ResponseWriter, r http.Request) {
125	126	token := r.URL.Query().Get("token")
126		- if _, ok := s.tokens[token]; !ok {
	127	+ key := s.apiKeys.Lookup(token)
	128	+ if key == nil \|\| (!key.HasScope(auth.ScopeChannels) && !key.HasScope(auth.ScopeChat)) {
127	129	writeError(w, http.StatusUnauthorized, "invalid or missing token")
128	130	return
129	131	}
130	132
131	133	channel := "#" + r.PathValue("channel")
132	134

	--- internal/api/chat.go
	+++ internal/api/chat.go
	@@ -5,10 +5,11 @@
5	"encoding/json"
6	"fmt"
7	"net/http"
8	"time"
9

10	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
11	)
12
13	// chatBridge is the interface the API layer requires from the bridge bot.
14	type chatBridge interface {
	@@ -121,11 +122,12 @@
121
122	// handleChannelStream serves an SSE stream of IRC messages for a channel.
123	// Auth is via ?token= query param because EventSource doesn't support custom headers.
124	func (s Server) handleChannelStream(w http.ResponseWriter, r http.Request) {
125	token := r.URL.Query().Get("token")
126	if _, ok := s.tokens[token]; !ok {

127	writeError(w, http.StatusUnauthorized, "invalid or missing token")
128	return
129	}
130
131	channel := "#" + r.PathValue("channel")
132

	--- internal/api/chat.go
	+++ internal/api/chat.go
	@@ -5,10 +5,11 @@
5	"encoding/json"
6	"fmt"
7	"net/http"
8	"time"
9
10	"github.com/conflicthq/scuttlebot/internal/auth"
11	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
12	)
13
14	// chatBridge is the interface the API layer requires from the bridge bot.
15	type chatBridge interface {
	@@ -121,11 +122,12 @@
122
123	// handleChannelStream serves an SSE stream of IRC messages for a channel.
124	// Auth is via ?token= query param because EventSource doesn't support custom headers.
125	func (s Server) handleChannelStream(w http.ResponseWriter, r http.Request) {
126	token := r.URL.Query().Get("token")
127	key := s.apiKeys.Lookup(token)
128	if key == nil \|\| (!key.HasScope(auth.ScopeChannels) && !key.HasScope(auth.ScopeChat)) {
129	writeError(w, http.StatusUnauthorized, "invalid or missing token")
130	return
131	}
132
133	channel := "#" + r.PathValue("channel")
134

M internal/api/chat.go

+3 -1

		--- internal/api/chat.go
		+++ internal/api/chat.go
		@@ -5,10 +5,11 @@
5	5	"encoding/json"
6	6	"fmt"
7	7	"net/http"
8	8	"time"
9	9
	10	+ "github.com/conflicthq/scuttlebot/internal/auth"
10	11	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
11	12	)
12	13
13	14	// chatBridge is the interface the API layer requires from the bridge bot.
14	15	type chatBridge interface {
		@@ -121,11 +122,12 @@
121	122
122	123	// handleChannelStream serves an SSE stream of IRC messages for a channel.
123	124	// Auth is via ?token= query param because EventSource doesn't support custom headers.
124	125	func (s Server) handleChannelStream(w http.ResponseWriter, r http.Request) {
125	126	token := r.URL.Query().Get("token")
126		- if _, ok := s.tokens[token]; !ok {
	127	+ key := s.apiKeys.Lookup(token)
	128	+ if key == nil \|\| (!key.HasScope(auth.ScopeChannels) && !key.HasScope(auth.ScopeChat)) {
127	129	writeError(w, http.StatusUnauthorized, "invalid or missing token")
128	130	return
129	131	}
130	132
131	133	channel := "#" + r.PathValue("channel")
132	134

	--- internal/api/chat.go
	+++ internal/api/chat.go
	@@ -5,10 +5,11 @@
5	"encoding/json"
6	"fmt"
7	"net/http"
8	"time"
9

10	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
11	)
12
13	// chatBridge is the interface the API layer requires from the bridge bot.
14	type chatBridge interface {
	@@ -121,11 +122,12 @@
121
122	// handleChannelStream serves an SSE stream of IRC messages for a channel.
123	// Auth is via ?token= query param because EventSource doesn't support custom headers.
124	func (s Server) handleChannelStream(w http.ResponseWriter, r http.Request) {
125	token := r.URL.Query().Get("token")
126	if _, ok := s.tokens[token]; !ok {

127	writeError(w, http.StatusUnauthorized, "invalid or missing token")
128	return
129	}
130
131	channel := "#" + r.PathValue("channel")
132

	--- internal/api/chat.go
	+++ internal/api/chat.go
	@@ -5,10 +5,11 @@
5	"encoding/json"
6	"fmt"
7	"net/http"
8	"time"
9
10	"github.com/conflicthq/scuttlebot/internal/auth"
11	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
12	)
13
14	// chatBridge is the interface the API layer requires from the bridge bot.
15	type chatBridge interface {
	@@ -121,11 +122,12 @@
122
123	// handleChannelStream serves an SSE stream of IRC messages for a channel.
124	// Auth is via ?token= query param because EventSource doesn't support custom headers.
125	func (s Server) handleChannelStream(w http.ResponseWriter, r http.Request) {
126	token := r.URL.Query().Get("token")
127	key := s.apiKeys.Lookup(token)
128	if key == nil \|\| (!key.HasScope(auth.ScopeChannels) && !key.HasScope(auth.ScopeChat)) {
129	writeError(w, http.StatusUnauthorized, "invalid or missing token")
130	return
131	}
132
133	channel := "#" + r.PathValue("channel")
134

M internal/api/chat_test.go

+3 -2

		--- internal/api/chat_test.go
		+++ internal/api/chat_test.go
		@@ -8,10 +8,11 @@
8	8	"log/slog"
9	9	"net/http"
10	10	"net/http/httptest"
11	11	"testing"
12	12
	13	+ "github.com/conflicthq/scuttlebot/internal/auth"
13	14	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
14	15	"github.com/conflicthq/scuttlebot/internal/registry"
15	16	)
16	17
17	18	type stubChatBridge struct {
		@@ -44,11 +45,11 @@
44	45	t.Helper()
45	46
46	47	bridgeStub := &stubChatBridge{}
47	48	reg := registry.New(nil, []byte("test-signing-key"))
48	49	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
49		- srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
	50	+ srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
50	51	defer srv.Close()
51	52
52	53	body, _ := json.Marshal(map[string]string{"nick": "codex-test"})
53	54	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
54	55	if err != nil {
		@@ -77,11 +78,11 @@
77	78	t.Helper()
78	79
79	80	bridgeStub := &stubChatBridge{}
80	81	reg := registry.New(nil, []byte("test-signing-key"))
81	82	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
82		- srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
	83	+ srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
83	84	defer srv.Close()
84	85
85	86	body, _ := json.Marshal(map[string]string{})
86	87	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
87	88	if err != nil {
88	89

	--- internal/api/chat_test.go
	+++ internal/api/chat_test.go
	@@ -8,10 +8,11 @@
8	"log/slog"
9	"net/http"
10	"net/http/httptest"
11	"testing"
12

13	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
14	"github.com/conflicthq/scuttlebot/internal/registry"
15	)
16
17	type stubChatBridge struct {
	@@ -44,11 +45,11 @@
44	t.Helper()
45
46	bridgeStub := &stubChatBridge{}
47	reg := registry.New(nil, []byte("test-signing-key"))
48	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
49	srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
50	defer srv.Close()
51
52	body, _ := json.Marshal(map[string]string{"nick": "codex-test"})
53	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
54	if err != nil {
	@@ -77,11 +78,11 @@
77	t.Helper()
78
79	bridgeStub := &stubChatBridge{}
80	reg := registry.New(nil, []byte("test-signing-key"))
81	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
82	srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
83	defer srv.Close()
84
85	body, _ := json.Marshal(map[string]string{})
86	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
87	if err != nil {
88

	--- internal/api/chat_test.go
	+++ internal/api/chat_test.go
	@@ -8,10 +8,11 @@
8	"log/slog"
9	"net/http"
10	"net/http/httptest"
11	"testing"
12
13	"github.com/conflicthq/scuttlebot/internal/auth"
14	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
15	"github.com/conflicthq/scuttlebot/internal/registry"
16	)
17
18	type stubChatBridge struct {
	@@ -44,11 +45,11 @@
45	t.Helper()
46
47	bridgeStub := &stubChatBridge{}
48	reg := registry.New(nil, []byte("test-signing-key"))
49	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
50	srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
51	defer srv.Close()
52
53	body, _ := json.Marshal(map[string]string{"nick": "codex-test"})
54	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
55	if err != nil {
	@@ -77,11 +78,11 @@
78	t.Helper()
79
80	bridgeStub := &stubChatBridge{}
81	reg := registry.New(nil, []byte("test-signing-key"))
82	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
83	srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
84	defer srv.Close()
85
86	body, _ := json.Marshal(map[string]string{})
87	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
88	if err != nil {
89

M internal/api/chat_test.go

+3 -2

		--- internal/api/chat_test.go
		+++ internal/api/chat_test.go
		@@ -8,10 +8,11 @@
8	8	"log/slog"
9	9	"net/http"
10	10	"net/http/httptest"
11	11	"testing"
12	12
	13	+ "github.com/conflicthq/scuttlebot/internal/auth"
13	14	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
14	15	"github.com/conflicthq/scuttlebot/internal/registry"
15	16	)
16	17
17	18	type stubChatBridge struct {
		@@ -44,11 +45,11 @@
44	45	t.Helper()
45	46
46	47	bridgeStub := &stubChatBridge{}
47	48	reg := registry.New(nil, []byte("test-signing-key"))
48	49	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
49		- srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
	50	+ srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
50	51	defer srv.Close()
51	52
52	53	body, _ := json.Marshal(map[string]string{"nick": "codex-test"})
53	54	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
54	55	if err != nil {
		@@ -77,11 +78,11 @@
77	78	t.Helper()
78	79
79	80	bridgeStub := &stubChatBridge{}
80	81	reg := registry.New(nil, []byte("test-signing-key"))
81	82	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
82		- srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
	83	+ srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
83	84	defer srv.Close()
84	85
85	86	body, _ := json.Marshal(map[string]string{})
86	87	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
87	88	if err != nil {
88	89

	--- internal/api/chat_test.go
	+++ internal/api/chat_test.go
	@@ -8,10 +8,11 @@
8	"log/slog"
9	"net/http"
10	"net/http/httptest"
11	"testing"
12

13	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
14	"github.com/conflicthq/scuttlebot/internal/registry"
15	)
16
17	type stubChatBridge struct {
	@@ -44,11 +45,11 @@
44	t.Helper()
45
46	bridgeStub := &stubChatBridge{}
47	reg := registry.New(nil, []byte("test-signing-key"))
48	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
49	srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
50	defer srv.Close()
51
52	body, _ := json.Marshal(map[string]string{"nick": "codex-test"})
53	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
54	if err != nil {
	@@ -77,11 +78,11 @@
77	t.Helper()
78
79	bridgeStub := &stubChatBridge{}
80	reg := registry.New(nil, []byte("test-signing-key"))
81	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
82	srv := httptest.NewServer(New(reg, []string{"token"}, bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
83	defer srv.Close()
84
85	body, _ := json.Marshal(map[string]string{})
86	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
87	if err != nil {
88

	--- internal/api/chat_test.go
	+++ internal/api/chat_test.go
	@@ -8,10 +8,11 @@
8	"log/slog"
9	"net/http"
10	"net/http/httptest"
11	"testing"
12
13	"github.com/conflicthq/scuttlebot/internal/auth"
14	"github.com/conflicthq/scuttlebot/internal/bots/bridge"
15	"github.com/conflicthq/scuttlebot/internal/registry"
16	)
17
18	type stubChatBridge struct {
	@@ -44,11 +45,11 @@
45	t.Helper()
46
47	bridgeStub := &stubChatBridge{}
48	reg := registry.New(nil, []byte("test-signing-key"))
49	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
50	srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
51	defer srv.Close()
52
53	body, _ := json.Marshal(map[string]string{"nick": "codex-test"})
54	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
55	if err != nil {
	@@ -77,11 +78,11 @@
78	t.Helper()
79
80	bridgeStub := &stubChatBridge{}
81	reg := registry.New(nil, []byte("test-signing-key"))
82	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
83	srv := httptest.NewServer(New(reg, auth.TestStore("token"), bridgeStub, nil, nil, nil, nil, nil, "", logger).Handler())
84	defer srv.Close()
85
86	body, _ := json.Marshal(map[string]string{})
87	req, err := http.NewRequest(http.MethodPost, srv.URL+"/v1/channels/general/presence", bytes.NewReader(body))
88	if err != nil {
89

M internal/api/config_handlers_test.go

+2 -1

		--- internal/api/config_handlers_test.go
		+++ internal/api/config_handlers_test.go
		@@ -9,10 +9,11 @@
9	9	"net/http/httptest"
10	10	"path/filepath"
11	11	"testing"
12	12	"time"
13	13
	14	+ "github.com/conflicthq/scuttlebot/internal/auth"
14	15	"github.com/conflicthq/scuttlebot/internal/config"
15	16	"github.com/conflicthq/scuttlebot/internal/registry"
16	17	)
17	18
18	19	func newCfgTestServer(t testing.T) (httptest.Server, *ConfigStore) {
		@@ -25,11 +26,11 @@
25	26	cfg.Ergo.DataDir = dir
26	27
27	28	store := NewConfigStore(path, cfg)
28	29	reg := registry.New(nil, []byte("key"))
29	30	log := slog.New(slog.NewTextHandler(io.Discard, nil))
30		- srv := httptest.NewServer(New(reg, []string{"tok"}, nil, nil, nil, nil, nil, store, "", log).Handler())
	31	+ srv := httptest.NewServer(New(reg, auth.TestStore("tok"), nil, nil, nil, nil, nil, store, "", log).Handler())
31	32	t.Cleanup(srv.Close)
32	33	return srv, store
33	34	}
34	35
35	36	func TestHandleGetConfig(t *testing.T) {
36	37

	--- internal/api/config_handlers_test.go
	+++ internal/api/config_handlers_test.go
	@@ -9,10 +9,11 @@
9	"net/http/httptest"
10	"path/filepath"
11	"testing"
12	"time"
13

14	"github.com/conflicthq/scuttlebot/internal/config"
15	"github.com/conflicthq/scuttlebot/internal/registry"
16	)
17
18	func newCfgTestServer(t testing.T) (httptest.Server, *ConfigStore) {
	@@ -25,11 +26,11 @@
25	cfg.Ergo.DataDir = dir
26
27	store := NewConfigStore(path, cfg)
28	reg := registry.New(nil, []byte("key"))
29	log := slog.New(slog.NewTextHandler(io.Discard, nil))
30	srv := httptest.NewServer(New(reg, []string{"tok"}, nil, nil, nil, nil, nil, store, "", log).Handler())
31	t.Cleanup(srv.Close)
32	return srv, store
33	}
34
35	func TestHandleGetConfig(t *testing.T) {
36

	--- internal/api/config_handlers_test.go
	+++ internal/api/config_handlers_test.go
	@@ -9,10 +9,11 @@
9	"net/http/httptest"
10	"path/filepath"
11	"testing"
12	"time"
13
14	"github.com/conflicthq/scuttlebot/internal/auth"
15	"github.com/conflicthq/scuttlebot/internal/config"
16	"github.com/conflicthq/scuttlebot/internal/registry"
17	)
18
19	func newCfgTestServer(t testing.T) (httptest.Server, *ConfigStore) {
	@@ -25,11 +26,11 @@
26	cfg.Ergo.DataDir = dir
27
28	store := NewConfigStore(path, cfg)
29	reg := registry.New(nil, []byte("key"))
30	log := slog.New(slog.NewTextHandler(io.Discard, nil))
31	srv := httptest.NewServer(New(reg, auth.TestStore("tok"), nil, nil, nil, nil, nil, store, "", log).Handler())
32	t.Cleanup(srv.Close)
33	return srv, store
34	}
35
36	func TestHandleGetConfig(t *testing.T) {
37

M internal/api/login.go

+7 -5

		--- internal/api/login.go
		+++ internal/api/login.go
		@@ -93,15 +93,17 @@
93	93	if !s.admins.Authenticate(req.Username, req.Password) {
94	94	writeError(w, http.StatusUnauthorized, "invalid credentials")
95	95	return
96	96	}
97	97
98		- // Return the first API token — the shared server token.
99		- var token string
100		- for t := range s.tokens {
101		- token = t
102		- break
	98	+ // Create a session API key for this admin login.
	99	+ sessionName := "session:" + req.Username
	100	+ token, _, err := s.apiKeys.Create(sessionName, []auth.Scope{auth.ScopeAdmin}, time.Now().Add(24*time.Hour))
	101	+ if err != nil {
	102	+ s.log.Error("login: create session key", "err", err)
	103	+ writeError(w, http.StatusInternalServerError, "failed to create session")
	104	+ return
103	105	}
104	106
105	107	writeJSON(w, http.StatusOK, map[string]string{
106	108	"token": token,
107	109	"username": req.Username,
108	110

	--- internal/api/login.go
	+++ internal/api/login.go
	@@ -93,15 +93,17 @@
93	if !s.admins.Authenticate(req.Username, req.Password) {
94	writeError(w, http.StatusUnauthorized, "invalid credentials")
95	return
96	}
97
98	// Return the first API token — the shared server token.
99	var token string
100	for t := range s.tokens {
101	token = t
102	break


103	}
104
105	writeJSON(w, http.StatusOK, map[string]string{
106	"token": token,
107	"username": req.Username,
108

	--- internal/api/login.go
	+++ internal/api/login.go
	@@ -93,15 +93,17 @@
93	if !s.admins.Authenticate(req.Username, req.Password) {
94	writeError(w, http.StatusUnauthorized, "invalid credentials")
95	return
96	}
97
98	// Create a session API key for this admin login.
99	sessionName := "session:" + req.Username
100	token, _, err := s.apiKeys.Create(sessionName, []auth.Scope{auth.ScopeAdmin}, time.Now().Add(24*time.Hour))
101	if err != nil {
102	s.log.Error("login: create session key", "err", err)
103	writeError(w, http.StatusInternalServerError, "failed to create session")
104	return
105	}
106
107	writeJSON(w, http.StatusOK, map[string]string{
108	"token": token,
109	"username": req.Username,
110

M internal/api/login_test.go

+2 -2

		--- internal/api/login_test.go
		+++ internal/api/login_test.go
		@@ -28,18 +28,18 @@
28	28	admins := newAdminStore(t)
29	29	if err := admins.Add("admin", "hunter2"); err != nil {
30	30	t.Fatalf("Add admin: %v", err)
31	31	}
32	32	reg := registry.New(newMock(), []byte("test-signing-key"))
33		- srv := api.New(reg, []string{testToken}, nil, nil, admins, nil, nil, nil, "", testLog)
	33	+ srv := api.New(reg, auth.TestStore(testToken), nil, nil, admins, nil, nil, nil, "", testLog)
34	34	return httptest.NewServer(srv.Handler()), admins
35	35	}
36	36
37	37	func TestLoginNoAdmins(t *testing.T) {
38	38	// When admins is nil, login returns 404.
39	39	reg := registry.New(newMock(), []byte("test-signing-key"))
40		- srv := api.New(reg, []string{testToken}, nil, nil, nil, nil, nil, nil, "", testLog)
	40	+ srv := api.New(reg, auth.TestStore(testToken), nil, nil, nil, nil, nil, nil, "", testLog)
41	41	ts := httptest.NewServer(srv.Handler())
42	42	defer ts.Close()
43	43
44	44	resp := do(t, ts, "POST", "/login", map[string]any{"username": "admin", "password": "pw"}, nil)
45	45	defer resp.Body.Close()
46	46

	--- internal/api/login_test.go
	+++ internal/api/login_test.go
	@@ -28,18 +28,18 @@
28	admins := newAdminStore(t)
29	if err := admins.Add("admin", "hunter2"); err != nil {
30	t.Fatalf("Add admin: %v", err)
31	}
32	reg := registry.New(newMock(), []byte("test-signing-key"))
33	srv := api.New(reg, []string{testToken}, nil, nil, admins, nil, nil, nil, "", testLog)
34	return httptest.NewServer(srv.Handler()), admins
35	}
36
37	func TestLoginNoAdmins(t *testing.T) {
38	// When admins is nil, login returns 404.
39	reg := registry.New(newMock(), []byte("test-signing-key"))
40	srv := api.New(reg, []string{testToken}, nil, nil, nil, nil, nil, nil, "", testLog)
41	ts := httptest.NewServer(srv.Handler())
42	defer ts.Close()
43
44	resp := do(t, ts, "POST", "/login", map[string]any{"username": "admin", "password": "pw"}, nil)
45	defer resp.Body.Close()
46

	--- internal/api/login_test.go
	+++ internal/api/login_test.go
	@@ -28,18 +28,18 @@
28	admins := newAdminStore(t)
29	if err := admins.Add("admin", "hunter2"); err != nil {
30	t.Fatalf("Add admin: %v", err)
31	}
32	reg := registry.New(newMock(), []byte("test-signing-key"))
33	srv := api.New(reg, auth.TestStore(testToken), nil, nil, admins, nil, nil, nil, "", testLog)
34	return httptest.NewServer(srv.Handler()), admins
35	}
36
37	func TestLoginNoAdmins(t *testing.T) {
38	// When admins is nil, login returns 404.
39	reg := registry.New(newMock(), []byte("test-signing-key"))
40	srv := api.New(reg, auth.TestStore(testToken), nil, nil, nil, nil, nil, nil, "", testLog)
41	ts := httptest.NewServer(srv.Handler())
42	defer ts.Close()
43
44	resp := do(t, ts, "POST", "/login", map[string]any{"username": "admin", "password": "pw"}, nil)
45	defer resp.Body.Close()
46

M internal/api/middleware.go

+38 -2

		--- internal/api/middleware.go
		+++ internal/api/middleware.go
		@@ -1,26 +1,62 @@
1	1	package api
2	2
3	3	import (
	4	+ "context"
4	5	"net/http"
5	6	"strings"
	7	+
	8	+ "github.com/conflicthq/scuttlebot/internal/auth"
6	9	)
7	10
	11	+type ctxKey string
	12	+
	13	+const ctxAPIKey ctxKey = "apikey"
	14	+
	15	+// apiKeyFromContext returns the authenticated APIKey from the request context,
	16	+// or nil if not authenticated.
	17	+func apiKeyFromContext(ctx context.Context) *auth.APIKey {
	18	+ k, _ := ctx.Value(ctxAPIKey).(*auth.APIKey)
	19	+ return k
	20	+}
	21	+
	22	+// authMiddleware validates the Bearer token and injects the APIKey into context.
8	23	func (s *Server) authMiddleware(next http.Handler) http.Handler {
9	24	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
10	25	token := bearerToken(r)
11	26	if token == "" {
12	27	writeError(w, http.StatusUnauthorized, "missing authorization header")
13	28	return
14	29	}
15		- if _, ok := s.tokens[token]; !ok {
	30	+ key := s.apiKeys.Lookup(token)
	31	+ if key == nil {
16	32	writeError(w, http.StatusUnauthorized, "invalid token")
17	33	return
18	34	}
19		- next.ServeHTTP(w, r)
	35	+ // Update last-used timestamp in the background.
	36	+ go s.apiKeys.TouchLastUsed(key.ID)
	37	+
	38	+ ctx := context.WithValue(r.Context(), ctxAPIKey, key)
	39	+ next.ServeHTTP(w, r.WithContext(ctx))
20	40	})
21	41	}
	42	+
	43	+// requireScope returns middleware that rejects requests without the given scope.
	44	+func (s *Server) requireScope(scope auth.Scope, next http.HandlerFunc) http.HandlerFunc {
	45	+ return func(w http.ResponseWriter, r *http.Request) {
	46	+ key := apiKeyFromContext(r.Context())
	47	+ if key == nil {
	48	+ writeError(w, http.StatusUnauthorized, "missing authentication")
	49	+ return
	50	+ }
	51	+ if !key.HasScope(scope) {
	52	+ writeError(w, http.StatusForbidden, "insufficient scope: requires "+string(scope))
	53	+ return
	54	+ }
	55	+ next(w, r)
	56	+ }
	57	+}
22	58
23	59	func bearerToken(r *http.Request) string {
24	60	auth := r.Header.Get("Authorization")
25	61	token, found := strings.CutPrefix(auth, "Bearer ")
26	62	if !found {
27	63

	--- internal/api/middleware.go
	+++ internal/api/middleware.go
	@@ -1,26 +1,62 @@
1	package api
2
3	import (

4	"net/http"
5	"strings"


6	)
7












8	func (s *Server) authMiddleware(next http.Handler) http.Handler {
9	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
10	token := bearerToken(r)
11	if token == "" {
12	writeError(w, http.StatusUnauthorized, "missing authorization header")
13	return
14	}
15	if _, ok := s.tokens[token]; !ok {

16	writeError(w, http.StatusUnauthorized, "invalid token")
17	return
18	}
19	next.ServeHTTP(w, r)




20	})
21	}
















22
23	func bearerToken(r *http.Request) string {
24	auth := r.Header.Get("Authorization")
25	token, found := strings.CutPrefix(auth, "Bearer ")
26	if !found {
27

	--- internal/api/middleware.go
	+++ internal/api/middleware.go
	@@ -1,26 +1,62 @@
1	package api
2
3	import (
4	"context"
5	"net/http"
6	"strings"
7
8	"github.com/conflicthq/scuttlebot/internal/auth"
9	)
10
11	type ctxKey string
12
13	const ctxAPIKey ctxKey = "apikey"
14
15	// apiKeyFromContext returns the authenticated APIKey from the request context,
16	// or nil if not authenticated.
17	func apiKeyFromContext(ctx context.Context) *auth.APIKey {
18	k, _ := ctx.Value(ctxAPIKey).(*auth.APIKey)
19	return k
20	}
21
22	// authMiddleware validates the Bearer token and injects the APIKey into context.
23	func (s *Server) authMiddleware(next http.Handler) http.Handler {
24	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
25	token := bearerToken(r)
26	if token == "" {
27	writeError(w, http.StatusUnauthorized, "missing authorization header")
28	return
29	}
30	key := s.apiKeys.Lookup(token)
31	if key == nil {
32	writeError(w, http.StatusUnauthorized, "invalid token")
33	return
34	}
35	// Update last-used timestamp in the background.
36	go s.apiKeys.TouchLastUsed(key.ID)
37
38	ctx := context.WithValue(r.Context(), ctxAPIKey, key)
39	next.ServeHTTP(w, r.WithContext(ctx))
40	})
41	}
42
43	// requireScope returns middleware that rejects requests without the given scope.
44	func (s *Server) requireScope(scope auth.Scope, next http.HandlerFunc) http.HandlerFunc {
45	return func(w http.ResponseWriter, r *http.Request) {
46	key := apiKeyFromContext(r.Context())
47	if key == nil {
48	writeError(w, http.StatusUnauthorized, "missing authentication")
49	return
50	}
51	if !key.HasScope(scope) {
52	writeError(w, http.StatusForbidden, "insufficient scope: requires "+string(scope))
53	return
54	}
55	next(w, r)
56	}
57	}
58
59	func bearerToken(r *http.Request) string {
60	auth := r.Header.Get("Authorization")
61	token, found := strings.CutPrefix(auth, "Bearer ")
62	if !found {
63

M internal/api/policies.go

+25

		--- internal/api/policies.go
		+++ internal/api/policies.go
		@@ -68,18 +68,31 @@
68	68	AWSSecretKey string `json:"aws_secret_key,omitempty"`
69	69	Allow []string `json:"allow,omitempty"`
70	70	Block []string `json:"block,omitempty"`
71	71	Default bool `json:"default,omitempty"`
72	72	}
	73	+
	74	+// ROETemplate is a rules-of-engagement template.
	75	+type ROETemplate struct {
	76	+ Name string `json:"name"`
	77	+ Description string `json:"description,omitempty"`
	78	+ Channels []string `json:"channels,omitempty"`
	79	+ Permissions []string `json:"permissions,omitempty"`
	80	+ RateLimit struct {
	81	+ MessagesPerSecond float64 `json:"messages_per_second,omitempty"`
	82	+ Burst int `json:"burst,omitempty"`
	83	+ } `json:"rate_limit,omitempty"`
	84	+}
73	85
74	86	// Policies is the full mutable settings blob, persisted to policies.json.
75	87	type Policies struct {
76	88	Behaviors []BehaviorConfig `json:"behaviors"`
77	89	AgentPolicy AgentPolicy `json:"agent_policy"`
78	90	Bridge BridgePolicy `json:"bridge"`
79	91	Logging LoggingPolicy `json:"logging"`
80	92	LLMBackends []PolicyLLMBackend `json:"llm_backends,omitempty"`
	93	+ ROETemplates []ROETemplate `json:"roe_templates,omitempty"`
81	94	OnJoinMessages map[string]string `json:"on_join_messages,omitempty"` // channel → message template
82	95	}
83	96
84	97	// defaultBehaviors lists every built-in bot with conservative defaults (disabled).
85	98	var defaultBehaviors = []BehaviorConfig{
		@@ -260,10 +273,12 @@
260	273	}
261	274	ps.data.AgentPolicy = p.AgentPolicy
262	275	ps.data.Bridge = p.Bridge
263	276	ps.data.Logging = p.Logging
264	277	ps.data.LLMBackends = p.LLMBackends
	278	+ ps.data.ROETemplates = p.ROETemplates
	279	+ ps.data.OnJoinMessages = p.OnJoinMessages
265	280	return nil
266	281	}
267	282
268	283	func (ps *PolicyStore) save() error {
269	284	raw, err := json.MarshalIndent(ps.data, "", " ")
		@@ -370,10 +385,20 @@
370	385
371	386	// Merge LLM backends if provided.
372	387	if patch.LLMBackends != nil {
373	388	ps.data.LLMBackends = patch.LLMBackends
374	389	}
	390	+
	391	+ // Merge ROE templates if provided.
	392	+ if patch.ROETemplates != nil {
	393	+ ps.data.ROETemplates = patch.ROETemplates
	394	+ }
	395	+
	396	+ // Merge on-join messages if provided.
	397	+ if patch.OnJoinMessages != nil {
	398	+ ps.data.OnJoinMessages = patch.OnJoinMessages
	399	+ }
375	400
376	401	ps.normalize(&ps.data)
377	402	if err := ps.save(); err != nil {
378	403	return err
379	404	}
380	405

	--- internal/api/policies.go
	+++ internal/api/policies.go
	@@ -68,18 +68,31 @@
68	AWSSecretKey string `json:"aws_secret_key,omitempty"`
69	Allow []string `json:"allow,omitempty"`
70	Block []string `json:"block,omitempty"`
71	Default bool `json:"default,omitempty"`
72	}












73
74	// Policies is the full mutable settings blob, persisted to policies.json.
75	type Policies struct {
76	Behaviors []BehaviorConfig `json:"behaviors"`
77	AgentPolicy AgentPolicy `json:"agent_policy"`
78	Bridge BridgePolicy `json:"bridge"`
79	Logging LoggingPolicy `json:"logging"`
80	LLMBackends []PolicyLLMBackend `json:"llm_backends,omitempty"`

81	OnJoinMessages map[string]string `json:"on_join_messages,omitempty"` // channel → message template
82	}
83
84	// defaultBehaviors lists every built-in bot with conservative defaults (disabled).
85	var defaultBehaviors = []BehaviorConfig{
	@@ -260,10 +273,12 @@
260	}
261	ps.data.AgentPolicy = p.AgentPolicy
262	ps.data.Bridge = p.Bridge
263	ps.data.Logging = p.Logging
264	ps.data.LLMBackends = p.LLMBackends


265	return nil
266	}
267
268	func (ps *PolicyStore) save() error {
269	raw, err := json.MarshalIndent(ps.data, "", " ")
	@@ -370,10 +385,20 @@
370
371	// Merge LLM backends if provided.
372	if patch.LLMBackends != nil {
373	ps.data.LLMBackends = patch.LLMBackends
374	}










375
376	ps.normalize(&ps.data)
377	if err := ps.save(); err != nil {
378	return err
379	}
380

	--- internal/api/policies.go
	+++ internal/api/policies.go
	@@ -68,18 +68,31 @@
68	AWSSecretKey string `json:"aws_secret_key,omitempty"`
69	Allow []string `json:"allow,omitempty"`
70	Block []string `json:"block,omitempty"`
71	Default bool `json:"default,omitempty"`
72	}
73
74	// ROETemplate is a rules-of-engagement template.
75	type ROETemplate struct {
76	Name string `json:"name"`
77	Description string `json:"description,omitempty"`
78	Channels []string `json:"channels,omitempty"`
79	Permissions []string `json:"permissions,omitempty"`
80	RateLimit struct {
81	MessagesPerSecond float64 `json:"messages_per_second,omitempty"`
82	Burst int `json:"burst,omitempty"`
83	} `json:"rate_limit,omitempty"`
84	}
85
86	// Policies is the full mutable settings blob, persisted to policies.json.
87	type Policies struct {
88	Behaviors []BehaviorConfig `json:"behaviors"`
89	AgentPolicy AgentPolicy `json:"agent_policy"`
90	Bridge BridgePolicy `json:"bridge"`
91	Logging LoggingPolicy `json:"logging"`
92	LLMBackends []PolicyLLMBackend `json:"llm_backends,omitempty"`
93	ROETemplates []ROETemplate `json:"roe_templates,omitempty"`
94	OnJoinMessages map[string]string `json:"on_join_messages,omitempty"` // channel → message template
95	}
96
97	// defaultBehaviors lists every built-in bot with conservative defaults (disabled).
98	var defaultBehaviors = []BehaviorConfig{
	@@ -260,10 +273,12 @@
273	}
274	ps.data.AgentPolicy = p.AgentPolicy
275	ps.data.Bridge = p.Bridge
276	ps.data.Logging = p.Logging
277	ps.data.LLMBackends = p.LLMBackends
278	ps.data.ROETemplates = p.ROETemplates
279	ps.data.OnJoinMessages = p.OnJoinMessages
280	return nil
281	}
282
283	func (ps *PolicyStore) save() error {
284	raw, err := json.MarshalIndent(ps.data, "", " ")
	@@ -370,10 +385,20 @@
385
386	// Merge LLM backends if provided.
387	if patch.LLMBackends != nil {
388	ps.data.LLMBackends = patch.LLMBackends
389	}
390
391	// Merge ROE templates if provided.
392	if patch.ROETemplates != nil {
393	ps.data.ROETemplates = patch.ROETemplates
394	}
395
396	// Merge on-join messages if provided.
397	if patch.OnJoinMessages != nil {
398	ps.data.OnJoinMessages = patch.OnJoinMessages
399	}
400
401	ps.normalize(&ps.data)
402	if err := ps.save(); err != nil {
403	return err
404	}
405

M internal/api/policies.go

+25

		--- internal/api/policies.go
		+++ internal/api/policies.go
		@@ -68,18 +68,31 @@
68	68	AWSSecretKey string `json:"aws_secret_key,omitempty"`
69	69	Allow []string `json:"allow,omitempty"`
70	70	Block []string `json:"block,omitempty"`
71	71	Default bool `json:"default,omitempty"`
72	72	}
	73	+
	74	+// ROETemplate is a rules-of-engagement template.
	75	+type ROETemplate struct {
	76	+ Name string `json:"name"`
	77	+ Description string `json:"description,omitempty"`
	78	+ Channels []string `json:"channels,omitempty"`
	79	+ Permissions []string `json:"permissions,omitempty"`
	80	+ RateLimit struct {
	81	+ MessagesPerSecond float64 `json:"messages_per_second,omitempty"`
	82	+ Burst int `json:"burst,omitempty"`
	83	+ } `json:"rate_limit,omitempty"`
	84	+}
73	85
74	86	// Policies is the full mutable settings blob, persisted to policies.json.
75	87	type Policies struct {
76	88	Behaviors []BehaviorConfig `json:"behaviors"`
77	89	AgentPolicy AgentPolicy `json:"agent_policy"`
78	90	Bridge BridgePolicy `json:"bridge"`
79	91	Logging LoggingPolicy `json:"logging"`
80	92	LLMBackends []PolicyLLMBackend `json:"llm_backends,omitempty"`
	93	+ ROETemplates []ROETemplate `json:"roe_templates,omitempty"`
81	94	OnJoinMessages map[string]string `json:"on_join_messages,omitempty"` // channel → message template
82	95	}
83	96
84	97	// defaultBehaviors lists every built-in bot with conservative defaults (disabled).
85	98	var defaultBehaviors = []BehaviorConfig{
		@@ -260,10 +273,12 @@
260	273	}
261	274	ps.data.AgentPolicy = p.AgentPolicy
262	275	ps.data.Bridge = p.Bridge
263	276	ps.data.Logging = p.Logging
264	277	ps.data.LLMBackends = p.LLMBackends
	278	+ ps.data.ROETemplates = p.ROETemplates
	279	+ ps.data.OnJoinMessages = p.OnJoinMessages
265	280	return nil
266	281	}
267	282
268	283	func (ps *PolicyStore) save() error {
269	284	raw, err := json.MarshalIndent(ps.data, "", " ")
		@@ -370,10 +385,20 @@
370	385
371	386	// Merge LLM backends if provided.
372	387	if patch.LLMBackends != nil {
373	388	ps.data.LLMBackends = patch.LLMBackends
374	389	}
	390	+
	391	+ // Merge ROE templates if provided.
	392	+ if patch.ROETemplates != nil {
	393	+ ps.data.ROETemplates = patch.ROETemplates
	394	+ }
	395	+
	396	+ // Merge on-join messages if provided.
	397	+ if patch.OnJoinMessages != nil {
	398	+ ps.data.OnJoinMessages = patch.OnJoinMessages
	399	+ }
375	400
376	401	ps.normalize(&ps.data)
377	402	if err := ps.save(); err != nil {
378	403	return err
379	404	}
380	405

	--- internal/api/policies.go
	+++ internal/api/policies.go
	@@ -68,18 +68,31 @@
68	AWSSecretKey string `json:"aws_secret_key,omitempty"`
69	Allow []string `json:"allow,omitempty"`
70	Block []string `json:"block,omitempty"`
71	Default bool `json:"default,omitempty"`
72	}












73
74	// Policies is the full mutable settings blob, persisted to policies.json.
75	type Policies struct {
76	Behaviors []BehaviorConfig `json:"behaviors"`
77	AgentPolicy AgentPolicy `json:"agent_policy"`
78	Bridge BridgePolicy `json:"bridge"`
79	Logging LoggingPolicy `json:"logging"`
80	LLMBackends []PolicyLLMBackend `json:"llm_backends,omitempty"`

81	OnJoinMessages map[string]string `json:"on_join_messages,omitempty"` // channel → message template
82	}
83
84	// defaultBehaviors lists every built-in bot with conservative defaults (disabled).
85	var defaultBehaviors = []BehaviorConfig{
	@@ -260,10 +273,12 @@
260	}
261	ps.data.AgentPolicy = p.AgentPolicy
262	ps.data.Bridge = p.Bridge
263	ps.data.Logging = p.Logging
264	ps.data.LLMBackends = p.LLMBackends


265	return nil
266	}
267
268	func (ps *PolicyStore) save() error {
269	raw, err := json.MarshalIndent(ps.data, "", " ")
	@@ -370,10 +385,20 @@
370
371	// Merge LLM backends if provided.
372	if patch.LLMBackends != nil {
373	ps.data.LLMBackends = patch.LLMBackends
374	}










375
376	ps.normalize(&ps.data)
377	if err := ps.save(); err != nil {
378	return err
379	}
380

	--- internal/api/policies.go
	+++ internal/api/policies.go
	@@ -68,18 +68,31 @@
68	AWSSecretKey string `json:"aws_secret_key,omitempty"`
69	Allow []string `json:"allow,omitempty"`
70	Block []string `json:"block,omitempty"`
71	Default bool `json:"default,omitempty"`
72	}
73
74	// ROETemplate is a rules-of-engagement template.
75	type ROETemplate struct {
76	Name string `json:"name"`
77	Description string `json:"description,omitempty"`
78	Channels []string `json:"channels,omitempty"`
79	Permissions []string `json:"permissions,omitempty"`
80	RateLimit struct {
81	MessagesPerSecond float64 `json:"messages_per_second,omitempty"`
82	Burst int `json:"burst,omitempty"`
83	} `json:"rate_limit,omitempty"`
84	}
85
86	// Policies is the full mutable settings blob, persisted to policies.json.
87	type Policies struct {
88	Behaviors []BehaviorConfig `json:"behaviors"`
89	AgentPolicy AgentPolicy `json:"agent_policy"`
90	Bridge BridgePolicy `json:"bridge"`
91	Logging LoggingPolicy `json:"logging"`
92	LLMBackends []PolicyLLMBackend `json:"llm_backends,omitempty"`
93	ROETemplates []ROETemplate `json:"roe_templates,omitempty"`
94	OnJoinMessages map[string]string `json:"on_join_messages,omitempty"` // channel → message template
95	}
96
97	// defaultBehaviors lists every built-in bot with conservative defaults (disabled).
98	var defaultBehaviors = []BehaviorConfig{
	@@ -260,10 +273,12 @@
273	}
274	ps.data.AgentPolicy = p.AgentPolicy
275	ps.data.Bridge = p.Bridge
276	ps.data.Logging = p.Logging
277	ps.data.LLMBackends = p.LLMBackends
278	ps.data.ROETemplates = p.ROETemplates
279	ps.data.OnJoinMessages = p.OnJoinMessages
280	return nil
281	}
282
283	func (ps *PolicyStore) save() error {
284	raw, err := json.MarshalIndent(ps.data, "", " ")
	@@ -370,10 +385,20 @@
385
386	// Merge LLM backends if provided.
387	if patch.LLMBackends != nil {
388	ps.data.LLMBackends = patch.LLMBackends
389	}
390
391	// Merge ROE templates if provided.
392	if patch.ROETemplates != nil {
393	ps.data.ROETemplates = patch.ROETemplates
394	}
395
396	// Merge on-join messages if provided.
397	if patch.OnJoinMessages != nil {
398	ps.data.OnJoinMessages = patch.OnJoinMessages
399	}
400
401	ps.normalize(&ps.data)
402	if err := ps.save(); err != nil {
403	return err
404	}
405

M internal/api/server.go

+76 -60

		--- internal/api/server.go
		+++ internal/api/server.go
		@@ -7,18 +7,19 @@
7	7
8	8	import (
9	9	"log/slog"
10	10	"net/http"
11	11
	12	+ "github.com/conflicthq/scuttlebot/internal/auth"
12	13	"github.com/conflicthq/scuttlebot/internal/config"
13	14	"github.com/conflicthq/scuttlebot/internal/registry"
14	15	)
15	16
16	17	// Server is the scuttlebot HTTP API server.
17	18	type Server struct {
18	19	registry *registry.Registry
19		- tokens map[string]struct{}
	20	+ apiKeys *auth.APIKeyStore
20	21	log *slog.Logger
21	22	bridge chatBridge // nil if bridge is disabled
22	23	policies *PolicyStore // nil if not configured
23	24	admins adminStore // nil if not configured
24	25	llmCfg *config.LLMConfig // nil if no LLM backends configured
		@@ -31,18 +32,14 @@
31	32	// New creates a new API Server. Pass nil for b to disable the chat bridge.
32	33	// Pass nil for admins to disable admin authentication endpoints.
33	34	// Pass nil for llmCfg to disable AI/LLM management endpoints.
34	35	// Pass nil for topo to disable topology provisioning endpoints.
35	36	// Pass nil for cfgStore to disable config read/write endpoints.
36		-func New(reg registry.Registry, tokens []string, b chatBridge, ps PolicyStore, admins adminStore, llmCfg config.LLMConfig, topo topologyManager, cfgStore ConfigStore, tlsDomain string, log slog.Logger) Server {
37		- tokenSet := make(map[string]struct{}, len(tokens))
38		- for _, t := range tokens {
39		- tokenSet[t] = struct{}{}
40		- }
	37	+func New(reg registry.Registry, apiKeys auth.APIKeyStore, b chatBridge, ps PolicyStore, admins adminStore, llmCfg config.LLMConfig, topo topologyManager, cfgStore ConfigStore, tlsDomain string, log slog.Logger) *Server {
41	38	return &Server{
42	39	registry: reg,
43		- tokens: tokenSet,
	40	+ apiKeys: apiKeys,
44	41	log: log,
45	42	bridge: b,
46	43	policies: ps,
47	44	admins: admins,
48	45	llmCfg: llmCfg,
		@@ -53,65 +50,84 @@
53	50	}
54	51	}
55	52
56	53	// Handler returns the HTTP handler with all routes registered.
57	54	// /v1/ routes require a valid Bearer token. /ui/ is served unauthenticated.
	55	+// Scoped routes additionally check the API key's scopes.
58	56	func (s *Server) Handler() http.Handler {
59	57	apiMux := http.NewServeMux()
60		- apiMux.HandleFunc("GET /v1/status", s.handleStatus)
61		- apiMux.HandleFunc("GET /v1/metrics", s.handleMetrics)
62		- if s.policies != nil {
63		- apiMux.HandleFunc("GET /v1/settings", s.handleGetSettings)
64		- apiMux.HandleFunc("GET /v1/settings/policies", s.handleGetPolicies)
65		- apiMux.HandleFunc("PUT /v1/settings/policies", s.handlePutPolicies)
66		- apiMux.HandleFunc("PATCH /v1/settings/policies", s.handlePatchPolicies)
67		- }
68		- apiMux.HandleFunc("GET /v1/agents", s.handleListAgents)
69		- apiMux.HandleFunc("GET /v1/agents/{nick}", s.handleGetAgent)
70		- apiMux.HandleFunc("PATCH /v1/agents/{nick}", s.handleUpdateAgent)
71		- apiMux.HandleFunc("POST /v1/agents/register", s.handleRegister)
72		- apiMux.HandleFunc("POST /v1/agents/{nick}/rotate", s.handleRotate)
73		- apiMux.HandleFunc("POST /v1/agents/{nick}/adopt", s.handleAdopt)
74		- apiMux.HandleFunc("POST /v1/agents/{nick}/revoke", s.handleRevoke)
75		- apiMux.HandleFunc("DELETE /v1/agents/{nick}", s.handleDelete)
76		- if s.bridge != nil {
77		- apiMux.HandleFunc("GET /v1/channels", s.handleListChannels)
78		- apiMux.HandleFunc("POST /v1/channels/{channel}/join", s.handleJoinChannel)
79		- apiMux.HandleFunc("DELETE /v1/channels/{channel}", s.handleDeleteChannel)
80		- apiMux.HandleFunc("GET /v1/channels/{channel}/messages", s.handleChannelMessages)
81		- apiMux.HandleFunc("POST /v1/channels/{channel}/messages", s.handleSendMessage)
82		- apiMux.HandleFunc("POST /v1/channels/{channel}/presence", s.handleChannelPresence)
83		- apiMux.HandleFunc("GET /v1/channels/{channel}/users", s.handleChannelUsers)
84		- }
85		- if s.topoMgr != nil {
86		- apiMux.HandleFunc("POST /v1/channels", s.handleProvisionChannel)
87		- apiMux.HandleFunc("DELETE /v1/topology/channels/{channel}", s.handleDropChannel)
88		- apiMux.HandleFunc("GET /v1/topology", s.handleGetTopology)
89		- }
90		- if s.cfgStore != nil {
91		- apiMux.HandleFunc("GET /v1/config", s.handleGetConfig)
92		- apiMux.HandleFunc("PUT /v1/config", s.handlePutConfig)
93		- apiMux.HandleFunc("GET /v1/config/history", s.handleGetConfigHistory)
94		- apiMux.HandleFunc("GET /v1/config/history/{filename}", s.handleGetConfigHistoryEntry)
95		- }
96		-
97		- if s.admins != nil {
98		- apiMux.HandleFunc("GET /v1/admins", s.handleAdminList)
99		- apiMux.HandleFunc("POST /v1/admins", s.handleAdminAdd)
100		- apiMux.HandleFunc("DELETE /v1/admins/{username}", s.handleAdminRemove)
101		- apiMux.HandleFunc("PUT /v1/admins/{username}/password", s.handleAdminSetPassword)
102		- }
103		-
104		- // LLM / AI gateway endpoints.
105		- apiMux.HandleFunc("GET /v1/llm/backends", s.handleLLMBackends)
106		- apiMux.HandleFunc("POST /v1/llm/backends", s.handleLLMBackendCreate)
107		- apiMux.HandleFunc("PUT /v1/llm/backends/{name}", s.handleLLMBackendUpdate)
108		- apiMux.HandleFunc("DELETE /v1/llm/backends/{name}", s.handleLLMBackendDelete)
109		- apiMux.HandleFunc("GET /v1/llm/backends/{name}/models", s.handleLLMModels)
110		- apiMux.HandleFunc("POST /v1/llm/discover", s.handleLLMDiscover)
111		- apiMux.HandleFunc("GET /v1/llm/known", s.handleLLMKnown)
112		- apiMux.HandleFunc("POST /v1/llm/complete", s.handleLLMComplete)
	58	+
	59	+ // Read-scope: status, metrics (also accessible with any scope via admin).
	60	+ apiMux.HandleFunc("GET /v1/status", s.requireScope(auth.ScopeRead, s.handleStatus))
	61	+ apiMux.HandleFunc("GET /v1/metrics", s.requireScope(auth.ScopeRead, s.handleMetrics))
	62	+
	63	+ // Policies — admin scope.
	64	+ if s.policies != nil {
	65	+ apiMux.HandleFunc("GET /v1/settings", s.requireScope(auth.ScopeRead, s.handleGetSettings))
	66	+ apiMux.HandleFunc("GET /v1/settings/policies", s.requireScope(auth.ScopeRead, s.handleGetPolicies))
	67	+ apiMux.HandleFunc("PUT /v1/settings/policies", s.requireScope(auth.ScopeAdmin, s.handlePutPolicies))
	68	+ apiMux.HandleFunc("PATCH /v1/settings/policies", s.requireScope(auth.ScopeAdmin, s.handlePatchPolicies))
	69	+ }
	70	+
	71	+ // Agents — agents scope.
	72	+ apiMux.HandleFunc("GET /v1/agents", s.requireScope(auth.ScopeAgents, s.handleListAgents))
	73	+ apiMux.HandleFunc("GET /v1/agents/{nick}", s.requireScope(auth.ScopeAgents, s.handleGetAgent))
	74	+ apiMux.HandleFunc("PATCH /v1/agents/{nick}", s.requireScope(auth.ScopeAgents, s.handleUpdateAgent))
	75	+ apiMux.HandleFunc("POST /v1/agents/register", s.requireScope(auth.ScopeAgents, s.handleRegister))
	76	+ apiMux.HandleFunc("POST /v1/agents/{nick}/rotate", s.requireScope(auth.ScopeAgents, s.handleRotate))
	77	+ apiMux.HandleFunc("POST /v1/agents/{nick}/adopt", s.requireScope(auth.ScopeAgents, s.handleAdopt))
	78	+ apiMux.HandleFunc("POST /v1/agents/{nick}/revoke", s.requireScope(auth.ScopeAgents, s.handleRevoke))
	79	+ apiMux.HandleFunc("DELETE /v1/agents/{nick}", s.requireScope(auth.ScopeAgents, s.handleDelete))
	80	+
	81	+ // Channels — channels scope (read), chat scope (send).
	82	+ if s.bridge != nil {
	83	+ apiMux.HandleFunc("GET /v1/channels", s.requireScope(auth.ScopeChannels, s.handleListChannels))
	84	+ apiMux.HandleFunc("POST /v1/channels/{channel}/join", s.requireScope(auth.ScopeChannels, s.handleJoinChannel))
	85	+ apiMux.HandleFunc("DELETE /v1/channels/{channel}", s.requireScope(auth.ScopeChannels, s.handleDeleteChannel))
	86	+ apiMux.HandleFunc("GET /v1/channels/{channel}/messages", s.requireScope(auth.ScopeChannels, s.handleChannelMessages))
	87	+ apiMux.HandleFunc("POST /v1/channels/{channel}/messages", s.requireScope(auth.ScopeChat, s.handleSendMessage))
	88	+ apiMux.HandleFunc("POST /v1/channels/{channel}/presence", s.requireScope(auth.ScopeChat, s.handleChannelPresence))
	89	+ apiMux.HandleFunc("GET /v1/channels/{channel}/users", s.requireScope(auth.ScopeChannels, s.handleChannelUsers))
	90	+ }
	91	+
	92	+ // Topology — topology scope.
	93	+ if s.topoMgr != nil {
	94	+ apiMux.HandleFunc("POST /v1/channels", s.requireScope(auth.ScopeTopology, s.handleProvisionChannel))
	95	+ apiMux.HandleFunc("DELETE /v1/topology/channels/{channel}", s.requireScope(auth.ScopeTopology, s.handleDropChannel))
	96	+ apiMux.HandleFunc("GET /v1/topology", s.requireScope(auth.ScopeTopology, s.handleGetTopology))
	97	+ }
	98	+
	99	+ // Config — config scope.
	100	+ if s.cfgStore != nil {
	101	+ apiMux.HandleFunc("GET /v1/config", s.requireScope(auth.ScopeConfig, s.handleGetConfig))
	102	+ apiMux.HandleFunc("PUT /v1/config", s.requireScope(auth.ScopeConfig, s.handlePutConfig))
	103	+ apiMux.HandleFunc("GET /v1/config/history", s.requireScope(auth.ScopeConfig, s.handleGetConfigHistory))
	104	+ apiMux.HandleFunc("GET /v1/config/history/{filename}", s.requireScope(auth.ScopeConfig, s.handleGetConfigHistoryEntry))
	105	+ }
	106	+
	107	+ // Admin — admin scope.
	108	+ if s.admins != nil {
	109	+ apiMux.HandleFunc("GET /v1/admins", s.requireScope(auth.ScopeAdmin, s.handleAdminList))
	110	+ apiMux.HandleFunc("POST /v1/admins", s.requireScope(auth.ScopeAdmin, s.handleAdminAdd))
	111	+ apiMux.HandleFunc("DELETE /v1/admins/{username}", s.requireScope(auth.ScopeAdmin, s.handleAdminRemove))
	112	+ apiMux.HandleFunc("PUT /v1/admins/{username}/password", s.requireScope(auth.ScopeAdmin, s.handleAdminSetPassword))
	113	+ }
	114	+
	115	+ // API key management — admin scope.
	116	+ apiMux.HandleFunc("GET /v1/api-keys", s.requireScope(auth.ScopeAdmin, s.handleListAPIKeys))
	117	+ apiMux.HandleFunc("POST /v1/api-keys", s.requireScope(auth.ScopeAdmin, s.handleCreateAPIKey))
	118	+ apiMux.HandleFunc("DELETE /v1/api-keys/{id}", s.requireScope(auth.ScopeAdmin, s.handleRevokeAPIKey))
	119	+
	120	+ // LLM / AI gateway — bots scope.
	121	+ apiMux.HandleFunc("GET /v1/llm/backends", s.requireScope(auth.ScopeBots, s.handleLLMBackends))
	122	+ apiMux.HandleFunc("POST /v1/llm/backends", s.requireScope(auth.ScopeBots, s.handleLLMBackendCreate))
	123	+ apiMux.HandleFunc("PUT /v1/llm/backends/{name}", s.requireScope(auth.ScopeBots, s.handleLLMBackendUpdate))
	124	+ apiMux.HandleFunc("DELETE /v1/llm/backends/{name}", s.requireScope(auth.ScopeBots, s.handleLLMBackendDelete))
	125	+ apiMux.HandleFunc("GET /v1/llm/backends/{name}/models", s.requireScope(auth.ScopeBots, s.handleLLMModels))
	126	+ apiMux.HandleFunc("POST /v1/llm/discover", s.requireScope(auth.ScopeBots, s.handleLLMDiscover))
	127	+ apiMux.HandleFunc("GET /v1/llm/known", s.requireScope(auth.ScopeBots, s.handleLLMKnown))
	128	+ apiMux.HandleFunc("POST /v1/llm/complete", s.requireScope(auth.ScopeBots, s.handleLLMComplete))
113	129
114	130	outer := http.NewServeMux()
115	131	outer.HandleFunc("POST /login", s.handleLogin)
116	132	outer.HandleFunc("GET /{$}", func(w http.ResponseWriter, r *http.Request) {
117	133	http.Redirect(w, r, "/ui/", http.StatusFound)
118	134

	--- internal/api/server.go
	+++ internal/api/server.go
	@@ -7,18 +7,19 @@
7
8	import (
9	"log/slog"
10	"net/http"
11

12	"github.com/conflicthq/scuttlebot/internal/config"
13	"github.com/conflicthq/scuttlebot/internal/registry"
14	)
15
16	// Server is the scuttlebot HTTP API server.
17	type Server struct {
18	registry *registry.Registry
19	tokens map[string]struct{}
20	log *slog.Logger
21	bridge chatBridge // nil if bridge is disabled
22	policies *PolicyStore // nil if not configured
23	admins adminStore // nil if not configured
24	llmCfg *config.LLMConfig // nil if no LLM backends configured
	@@ -31,18 +32,14 @@
31	// New creates a new API Server. Pass nil for b to disable the chat bridge.
32	// Pass nil for admins to disable admin authentication endpoints.
33	// Pass nil for llmCfg to disable AI/LLM management endpoints.
34	// Pass nil for topo to disable topology provisioning endpoints.
35	// Pass nil for cfgStore to disable config read/write endpoints.
36	func New(reg registry.Registry, tokens []string, b chatBridge, ps PolicyStore, admins adminStore, llmCfg config.LLMConfig, topo topologyManager, cfgStore ConfigStore, tlsDomain string, log slog.Logger) Server {
37	tokenSet := make(map[string]struct{}, len(tokens))
38	for _, t := range tokens {
39	tokenSet[t] = struct{}{}
40	}
41	return &Server{
42	registry: reg,
43	tokens: tokenSet,
44	log: log,
45	bridge: b,
46	policies: ps,
47	admins: admins,
48	llmCfg: llmCfg,
	@@ -53,65 +50,84 @@
53	}
54	}
55
56	// Handler returns the HTTP handler with all routes registered.
57	// /v1/ routes require a valid Bearer token. /ui/ is served unauthenticated.

58	func (s *Server) Handler() http.Handler {
59	apiMux := http.NewServeMux()
60	apiMux.HandleFunc("GET /v1/status", s.handleStatus)
61	apiMux.HandleFunc("GET /v1/metrics", s.handleMetrics)
62	if s.policies != nil {
63	apiMux.HandleFunc("GET /v1/settings", s.handleGetSettings)
64	apiMux.HandleFunc("GET /v1/settings/policies", s.handleGetPolicies)
65	apiMux.HandleFunc("PUT /v1/settings/policies", s.handlePutPolicies)
66	apiMux.HandleFunc("PATCH /v1/settings/policies", s.handlePatchPolicies)
67	}
68	apiMux.HandleFunc("GET /v1/agents", s.handleListAgents)
69	apiMux.HandleFunc("GET /v1/agents/{nick}", s.handleGetAgent)
70	apiMux.HandleFunc("PATCH /v1/agents/{nick}", s.handleUpdateAgent)
71	apiMux.HandleFunc("POST /v1/agents/register", s.handleRegister)
72	apiMux.HandleFunc("POST /v1/agents/{nick}/rotate", s.handleRotate)
73	apiMux.HandleFunc("POST /v1/agents/{nick}/adopt", s.handleAdopt)
74	apiMux.HandleFunc("POST /v1/agents/{nick}/revoke", s.handleRevoke)
75	apiMux.HandleFunc("DELETE /v1/agents/{nick}", s.handleDelete)
76	if s.bridge != nil {
77	apiMux.HandleFunc("GET /v1/channels", s.handleListChannels)
78	apiMux.HandleFunc("POST /v1/channels/{channel}/join", s.handleJoinChannel)
79	apiMux.HandleFunc("DELETE /v1/channels/{channel}", s.handleDeleteChannel)
80	apiMux.HandleFunc("GET /v1/channels/{channel}/messages", s.handleChannelMessages)
81	apiMux.HandleFunc("POST /v1/channels/{channel}/messages", s.handleSendMessage)
82	apiMux.HandleFunc("POST /v1/channels/{channel}/presence", s.handleChannelPresence)
83	apiMux.HandleFunc("GET /v1/channels/{channel}/users", s.handleChannelUsers)
84	}
85	if s.topoMgr != nil {
86	apiMux.HandleFunc("POST /v1/channels", s.handleProvisionChannel)
87	apiMux.HandleFunc("DELETE /v1/topology/channels/{channel}", s.handleDropChannel)
88	apiMux.HandleFunc("GET /v1/topology", s.handleGetTopology)
89	}
90	if s.cfgStore != nil {
91	apiMux.HandleFunc("GET /v1/config", s.handleGetConfig)
92	apiMux.HandleFunc("PUT /v1/config", s.handlePutConfig)
93	apiMux.HandleFunc("GET /v1/config/history", s.handleGetConfigHistory)
94	apiMux.HandleFunc("GET /v1/config/history/{filename}", s.handleGetConfigHistoryEntry)
95	}
96
97	if s.admins != nil {
98	apiMux.HandleFunc("GET /v1/admins", s.handleAdminList)
99	apiMux.HandleFunc("POST /v1/admins", s.handleAdminAdd)
100	apiMux.HandleFunc("DELETE /v1/admins/{username}", s.handleAdminRemove)
101	apiMux.HandleFunc("PUT /v1/admins/{username}/password", s.handleAdminSetPassword)
102	}
103
104	// LLM / AI gateway endpoints.
105	apiMux.HandleFunc("GET /v1/llm/backends", s.handleLLMBackends)
106	apiMux.HandleFunc("POST /v1/llm/backends", s.handleLLMBackendCreate)
107	apiMux.HandleFunc("PUT /v1/llm/backends/{name}", s.handleLLMBackendUpdate)
108	apiMux.HandleFunc("DELETE /v1/llm/backends/{name}", s.handleLLMBackendDelete)
109	apiMux.HandleFunc("GET /v1/llm/backends/{name}/models", s.handleLLMModels)
110	apiMux.HandleFunc("POST /v1/llm/discover", s.handleLLMDiscover)
111	apiMux.HandleFunc("GET /v1/llm/known", s.handleLLMKnown)
112	apiMux.HandleFunc("POST /v1/llm/complete", s.handleLLMComplete)


















113
114	outer := http.NewServeMux()
115	outer.HandleFunc("POST /login", s.handleLogin)
116	outer.HandleFunc("GET /{$}", func(w http.ResponseWriter, r *http.Request) {
117	http.Redirect(w, r, "/ui/", http.StatusFound)
118

	--- internal/api/server.go
	+++ internal/api/server.go
	@@ -7,18 +7,19 @@
7
8	import (
9	"log/slog"
10	"net/http"
11
12	"github.com/conflicthq/scuttlebot/internal/auth"
13	"github.com/conflicthq/scuttlebot/internal/config"
14	"github.com/conflicthq/scuttlebot/internal/registry"
15	)
16
17	// Server is the scuttlebot HTTP API server.
18	type Server struct {
19	registry *registry.Registry
20	apiKeys *auth.APIKeyStore
21	log *slog.Logger
22	bridge chatBridge // nil if bridge is disabled
23	policies *PolicyStore // nil if not configured
24	admins adminStore // nil if not configured
25	llmCfg *config.LLMConfig // nil if no LLM backends configured
	@@ -31,18 +32,14 @@
32	// New creates a new API Server. Pass nil for b to disable the chat bridge.
33	// Pass nil for admins to disable admin authentication endpoints.
34	// Pass nil for llmCfg to disable AI/LLM management endpoints.
35	// Pass nil for topo to disable topology provisioning endpoints.
36	// Pass nil for cfgStore to disable config read/write endpoints.
37	func New(reg registry.Registry, apiKeys auth.APIKeyStore, b chatBridge, ps PolicyStore, admins adminStore, llmCfg config.LLMConfig, topo topologyManager, cfgStore ConfigStore, tlsDomain string, log slog.Logger) *Server {




38	return &Server{
39	registry: reg,
40	apiKeys: apiKeys,
41	log: log,
42	bridge: b,
43	policies: ps,
44	admins: admins,
45	llmCfg: llmCfg,
	@@ -53,65 +50,84 @@
50	}
51	}
52
53	// Handler returns the HTTP handler with all routes registered.
54	// /v1/ routes require a valid Bearer token. /ui/ is served unauthenticated.
55	// Scoped routes additionally check the API key's scopes.
56	func (s *Server) Handler() http.Handler {
57	apiMux := http.NewServeMux()
58
59	// Read-scope: status, metrics (also accessible with any scope via admin).
60	apiMux.HandleFunc("GET /v1/status", s.requireScope(auth.ScopeRead, s.handleStatus))
61	apiMux.HandleFunc("GET /v1/metrics", s.requireScope(auth.ScopeRead, s.handleMetrics))
62
63	// Policies — admin scope.
64	if s.policies != nil {
65	apiMux.HandleFunc("GET /v1/settings", s.requireScope(auth.ScopeRead, s.handleGetSettings))
66	apiMux.HandleFunc("GET /v1/settings/policies", s.requireScope(auth.ScopeRead, s.handleGetPolicies))
67	apiMux.HandleFunc("PUT /v1/settings/policies", s.requireScope(auth.ScopeAdmin, s.handlePutPolicies))
68	apiMux.HandleFunc("PATCH /v1/settings/policies", s.requireScope(auth.ScopeAdmin, s.handlePatchPolicies))
69	}
70
71	// Agents — agents scope.
72	apiMux.HandleFunc("GET /v1/agents", s.requireScope(auth.ScopeAgents, s.handleListAgents))
73	apiMux.HandleFunc("GET /v1/agents/{nick}", s.requireScope(auth.ScopeAgents, s.handleGetAgent))
74	apiMux.HandleFunc("PATCH /v1/agents/{nick}", s.requireScope(auth.ScopeAgents, s.handleUpdateAgent))
75	apiMux.HandleFunc("POST /v1/agents/register", s.requireScope(auth.ScopeAgents, s.handleRegister))
76	apiMux.HandleFunc("POST /v1/agents/{nick}/rotate", s.requireScope(auth.ScopeAgents, s.handleRotate))
77	apiMux.HandleFunc("POST /v1/agents/{nick}/adopt", s.requireScope(auth.ScopeAgents, s.handleAdopt))
78	apiMux.HandleFunc("POST /v1/agents/{nick}/revoke", s.requireScope(auth.ScopeAgents, s.handleRevoke))
79	apiMux.HandleFunc("DELETE /v1/agents/{nick}", s.requireScope(auth.ScopeAgents, s.handleDelete))
80
81	// Channels — channels scope (read), chat scope (send).
82	if s.bridge != nil {
83	apiMux.HandleFunc("GET /v1/channels", s.requireScope(auth.ScopeChannels, s.handleListChannels))
84	apiMux.HandleFunc("POST /v1/channels/{channel}/join", s.requireScope(auth.ScopeChannels, s.handleJoinChannel))
85	apiMux.HandleFunc("DELETE /v1/channels/{channel}", s.requireScope(auth.ScopeChannels, s.handleDeleteChannel))
86	apiMux.HandleFunc("GET /v1/channels/{channel}/messages", s.requireScope(auth.ScopeChannels, s.handleChannelMessages))
87	apiMux.HandleFunc("POST /v1/channels/{channel}/messages", s.requireScope(auth.ScopeChat, s.handleSendMessage))
88	apiMux.HandleFunc("POST /v1/channels/{channel}/presence", s.requireScope(auth.ScopeChat, s.handleChannelPresence))
89	apiMux.HandleFunc("GET /v1/channels/{channel}/users", s.requireScope(auth.ScopeChannels, s.handleChannelUsers))
90	}
91
92	// Topology — topology scope.
93	if s.topoMgr != nil {
94	apiMux.HandleFunc("POST /v1/channels", s.requireScope(auth.ScopeTopology, s.handleProvisionChannel))
95	apiMux.HandleFunc("DELETE /v1/topology/channels/{channel}", s.requireScope(auth.ScopeTopology, s.handleDropChannel))
96	apiMux.HandleFunc("GET /v1/topology", s.requireScope(auth.ScopeTopology, s.handleGetTopology))
97	}
98
99	// Config — config scope.
100	if s.cfgStore != nil {
101	apiMux.HandleFunc("GET /v1/config", s.requireScope(auth.ScopeConfig, s.handleGetConfig))
102	apiMux.HandleFunc("PUT /v1/config", s.requireScope(auth.ScopeConfig, s.handlePutConfig))
103	apiMux.HandleFunc("GET /v1/config/history", s.requireScope(auth.ScopeConfig, s.handleGetConfigHistory))
104	apiMux.HandleFunc("GET /v1/config/history/{filename}", s.requireScope(auth.ScopeConfig, s.handleGetConfigHistoryEntry))
105	}
106
107	// Admin — admin scope.
108	if s.admins != nil {
109	apiMux.HandleFunc("GET /v1/admins", s.requireScope(auth.ScopeAdmin, s.handleAdminList))
110	apiMux.HandleFunc("POST /v1/admins", s.requireScope(auth.ScopeAdmin, s.handleAdminAdd))
111	apiMux.HandleFunc("DELETE /v1/admins/{username}", s.requireScope(auth.ScopeAdmin, s.handleAdminRemove))
112	apiMux.HandleFunc("PUT /v1/admins/{username}/password", s.requireScope(auth.ScopeAdmin, s.handleAdminSetPassword))
113	}
114
115	// API key management — admin scope.
116	apiMux.HandleFunc("GET /v1/api-keys", s.requireScope(auth.ScopeAdmin, s.handleListAPIKeys))
117	apiMux.HandleFunc("POST /v1/api-keys", s.requireScope(auth.ScopeAdmin, s.handleCreateAPIKey))
118	apiMux.HandleFunc("DELETE /v1/api-keys/{id}", s.requireScope(auth.ScopeAdmin, s.handleRevokeAPIKey))
119
120	// LLM / AI gateway — bots scope.
121	apiMux.HandleFunc("GET /v1/llm/backends", s.requireScope(auth.ScopeBots, s.handleLLMBackends))
122	apiMux.HandleFunc("POST /v1/llm/backends", s.requireScope(auth.ScopeBots, s.handleLLMBackendCreate))
123	apiMux.HandleFunc("PUT /v1/llm/backends/{name}", s.requireScope(auth.ScopeBots, s.handleLLMBackendUpdate))
124	apiMux.HandleFunc("DELETE /v1/llm/backends/{name}", s.requireScope(auth.ScopeBots, s.handleLLMBackendDelete))
125	apiMux.HandleFunc("GET /v1/llm/backends/{name}/models", s.requireScope(auth.ScopeBots, s.handleLLMModels))
126	apiMux.HandleFunc("POST /v1/llm/discover", s.requireScope(auth.ScopeBots, s.handleLLMDiscover))
127	apiMux.HandleFunc("GET /v1/llm/known", s.requireScope(auth.ScopeBots, s.handleLLMKnown))
128	apiMux.HandleFunc("POST /v1/llm/complete", s.requireScope(auth.ScopeBots, s.handleLLMComplete))
129
130	outer := http.NewServeMux()
131	outer.HandleFunc("POST /login", s.handleLogin)
132	outer.HandleFunc("GET /{$}", func(w http.ResponseWriter, r *http.Request) {
133	http.Redirect(w, r, "/ui/", http.StatusFound)
134

M internal/api/ui/index.html

+300 -10

		--- internal/api/ui/index.html
		+++ internal/api/ui/index.html
		@@ -485,10 +485,40 @@
485	485	<button class="sm primary" onclick="quickJoin()">join</button>
486	486	</div>
487	487	</div>
488	488	<div id="channels-list"><div class="empty">no channels joined yet — type a channel name above</div></div>
489	489	</div>
	490	+
	491	+ <!-- topology panel -->
	492	+ <div class="card" id="card-topology">
	493	+ <div class="card-header" onclick="toggleCard('card-topology',event)">
	494	+ <h2>topology</h2><span class="card-desc">channel types, provisioning rules, active task channels</span><span class="collapse-icon">▾</span>
	495	+ <div class="spacer"></div>
	496	+ <div style="display:flex;gap:6px;align-items:center">
	497	+ <input type="text" id="provision-channel-input" placeholder="#project.name" style="width:160px;padding:5px 8px;font-size:12px" autocomplete="off">
	498	+ <button class="sm primary" onclick="provisionChannel()">provision</button>
	499	+ </div>
	500	+ </div>
	501	+ <div class="card-body" style="padding:0">
	502	+ <div id="topology-types"></div>
	503	+ <div id="topology-active" style="padding:12px 16px"><div class="empty">loading topology…</div></div>
	504	+ </div>
	505	+ </div>
	506	+
	507	+ <!-- ROE templates -->
	508	+ <div class="card" id="card-roe">
	509	+ <div class="card-header" onclick="toggleCard('card-roe',event)">
	510	+ <h2>ROE templates</h2><span class="card-desc">rules-of-engagement presets for agent registration</span><span class="collapse-icon">▾</span>
	511	+ <div class="spacer"></div>
	512	+ <button class="sm primary" onclick="event.stopPropagation();savePolicies()">save</button>
	513	+ </div>
	514	+ <div class="card-body">
	515	+ <p style="font-size:12px;color:#8b949e;margin-bottom:12px">Define ROE templates applied to agents at registration. Includes channels, permissions, and rate limits.</p>
	516	+ <div id="roe-list"></div>
	517	+ <button class="sm" onclick="addROETemplate()" style="margin-top:10px">+ add template</button>
	518	+ </div>
	519	+ </div>
490	520	</div>
491	521	</div>
492	522
493	523	<!-- CHAT -->
494	524	<div class="tab-pane" id="pane-chat">
		@@ -580,10 +610,40 @@
580	610	<button type="submit" class="primary sm" style="margin-bottom:1px">add admin</button>
581	611	</form>
582	612	<div id="add-admin-result" style="margin-top:10px"></div>
583	613	</div>
584	614	</div>
	615	+
	616	+ <!-- api keys -->
	617	+ <div class="card" id="card-apikeys">
	618	+ <div class="card-header" onclick="toggleCard('card-apikeys',event)"><h2>API keys</h2><span class="card-desc">per-consumer tokens with scoped permissions</span><span class="collapse-icon">▾</span></div>
	619	+ <div id="apikeys-list-container"></div>
	620	+ <div class="card-body" style="border-top:1px solid #21262d">
	621	+ <p style="font-size:12px;color:#8b949e;margin-bottom:12px">Create an API key with a name and scopes. The token is shown only once.</p>
	622	+ <form id="add-apikey-form" onsubmit="createAPIKey(event)" style="display:flex;flex-direction:column;gap:10px">
	623	+ <div style="display:flex;gap:10px;flex-wrap:wrap;align-items:flex-end">
	624	+ <div style="flex:1;min-width:160px"><label>name</label><input type="text" id="new-apikey-name" placeholder="e.g. kohakku-controller" autocomplete="off"></div>
	625	+ <div style="flex:1;min-width:160px"><label>expires in</label><input type="text" id="new-apikey-expires" placeholder="e.g. 720h (empty=never)" autocomplete="off"></div>
	626	+ </div>
	627	+ <div>
	628	+ <label style="margin-bottom:6px;display:block">scopes</label>
	629	+ <div style="display:flex;gap:12px;flex-wrap:wrap;font-size:12px">
	630	+ <label><input type="checkbox" value="admin" class="apikey-scope"> admin</label>
	631	+ <label><input type="checkbox" value="agents" class="apikey-scope"> agents</label>
	632	+ <label><input type="checkbox" value="channels" class="apikey-scope"> channels</label>
	633	+ <label><input type="checkbox" value="chat" class="apikey-scope"> chat</label>
	634	+ <label><input type="checkbox" value="topology" class="apikey-scope"> topology</label>
	635	+ <label><input type="checkbox" value="bots" class="apikey-scope"> bots</label>
	636	+ <label><input type="checkbox" value="config" class="apikey-scope"> config</label>
	637	+ <label><input type="checkbox" value="read" class="apikey-scope"> read</label>
	638	+ </div>
	639	+ </div>
	640	+ <button type="submit" class="primary sm" style="align-self:flex-start">create key</button>
	641	+ </form>
	642	+ <div id="add-apikey-result" style="margin-top:10px"></div>
	643	+ </div>
	644	+ </div>
585	645
586	646	<!-- tls -->
587	647	<div class="card" id="card-tls">
588	648	<div class="card-header" onclick="toggleCard('card-tls',event)"><h2>TLS / SSL</h2><span class="card-desc">certificate status</span><span class="collapse-icon">▾</span><div class="spacer"></div><span id="tls-badge" class="badge">loading…</span></div>
589	649	<div class="card-body">
		@@ -816,10 +876,31 @@
816	876	</div>
817	877	<div class="setting-row">
818	878	<div class="setting-label">IRC address</div>
819	879	<div class="setting-desc">Address Ergo listens on for IRC connections. Requires restart.</div>
820	880	<input type="text" id="ergo-irc-addr" placeholder="127.0.0.1:6667" style="width:180px;padding:4px 8px;font-size:12px">
	881	+ </div>
	882	+ <div class="setting-row">
	883	+ <div class="setting-label">require SASL</div>
	884	+ <div class="setting-desc">Enforce SASL authentication for all IRC connections. Only registered accounts can connect. Hot-reloads.</div>
	885	+ <label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	886	+ <input type="checkbox" id="ergo-require-sasl">
	887	+ <span style="font-size:12px">enforce SASL</span>
	888	+ </label>
	889	+ </div>
	890	+ <div class="setting-row">
	891	+ <div class="setting-label">default channel modes</div>
	892	+ <div class="setting-desc">Modes applied to new channels (e.g. "+n", "+Rn"). Hot-reloads.</div>
	893	+ <input type="text" id="ergo-default-modes" placeholder="+n" style="width:120px;padding:4px 8px;font-size:12px">
	894	+ </div>
	895	+ <div class="setting-row">
	896	+ <div class="setting-label">message history</div>
	897	+ <div class="setting-desc">Enable persistent message history (CHATHISTORY). Hot-reloads.</div>
	898	+ <label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	899	+ <input type="checkbox" id="ergo-history-enabled">
	900	+ <span style="font-size:12px">enabled</span>
	901	+ </label>
821	902	</div>
822	903	<div class="setting-row">
823	904	<div class="setting-label">external mode</div>
824	905	<div class="setting-desc">Disable subprocess management — scuttlebot expects Ergo to already be running. Requires restart.</div>
825	906	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
		@@ -1744,10 +1825,19 @@
1744	1825	allChannels = (data.channels \|\| []).sort();
1745	1826	renderChanList();
1746	1827	} catch(e) {
1747	1828	document.getElementById('channels-list').innerHTML = '<div style="padding:16px">'+renderAlert('error', e.message)+'</div>';
1748	1829	}
	1830	+ loadTopology();
	1831	+ // Load ROE templates from policies for the ROE card.
	1832	+ try {
	1833	+ const s = await api('GET', '/v1/settings');
	1834	+ if (s && s.policies) {
	1835	+ currentPolicies = s.policies;
	1836	+ renderROETemplates(s.policies.roe_templates \|\| []);
	1837	+ }
	1838	+ } catch(e) {}
1749	1839	}
1750	1840
1751	1841	function renderChanList() {
1752	1842	const q = (document.getElementById('chan-search').value\|\|'').toLowerCase();
1753	1843	const filtered = allChannels.filter(ch => !q \|\| ch.toLowerCase().includes(q));
		@@ -1782,10 +1872,138 @@
1782	1872	await loadChanTab();
1783	1873	renderChanSidebar((await api('GET','/v1/channels')).channels\|\|[]);
1784	1874	} catch(e) { alert('Join failed: '+e.message); }
1785	1875	}
1786	1876	document.getElementById('quick-join-input').addEventListener('keydown', e => { if(e.key==='Enter')quickJoin(); });
	1877	+
	1878	+// --- topology panel (#115) + task channels (#114) ---
	1879	+async function loadTopology() {
	1880	+ try {
	1881	+ const data = await api('GET', '/v1/topology');
	1882	+ renderTopologyTypes(data.types \|\| []);
	1883	+ renderTopologyActive(data.active_channels \|\| [], data.types \|\| []);
	1884	+ } catch(e) {
	1885	+ document.getElementById('topology-types').innerHTML = '';
	1886	+ document.getElementById('topology-active').innerHTML = '<div style="color:#8b949e;font-size:12px">topology not configured</div>';
	1887	+ }
	1888	+}
	1889	+
	1890	+function renderTopologyTypes(types) {
	1891	+ if (!types.length) { document.getElementById('topology-types').innerHTML = ''; return; }
	1892	+ const rows = types.map(t => {
	1893	+ const ttl = t.ttl_seconds > 0 ? `${Math.round(t.ttl_seconds/3600)}h` : '—';
	1894	+ const tags = [];
	1895	+ if (t.ephemeral) tags.push('<span style="background:#f8514922;color:#f85149;padding:1px 5px;border-radius:3px;font-size:10px">ephemeral</span>');
	1896	+ if (t.supervision) tags.push(`<span style="font-size:11px;color:#8b949e">→ ${esc(t.supervision)}</span>`);
	1897	+ return `<tr>
	1898	+ <td><strong>${esc(t.name)}</strong></td>
	1899	+ <td><code style="font-size:11px">#${esc(t.prefix)}*</code></td>
	1900	+ <td style="font-size:12px">${(t.autojoin\|\|[]).map(n => `<code style="font-size:11px;background:#21262d;padding:1px 4px;border-radius:3px">${esc(n)}</code>`).join(' ')}</td>
	1901	+ <td style="font-size:12px">${ttl}</td>
	1902	+ <td>${tags.join(' ')}</td>
	1903	+ </tr>`;
	1904	+ }).join('');
	1905	+ document.getElementById('topology-types').innerHTML = `<table><thead><tr><th>type</th><th>prefix</th><th>autojoin</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
	1906	+}
	1907	+
	1908	+function renderTopologyActive(channels, types) {
	1909	+ const el = document.getElementById('topology-active');
	1910	+ const tasks = channels.filter(c => c.ephemeral \|\| c.type === 'task');
	1911	+ if (!tasks.length) {
	1912	+ el.innerHTML = '<div style="color:#8b949e;font-size:12px;padding:4px 0">no active task channels</div>';
	1913	+ return;
	1914	+ }
	1915	+ const rows = tasks.map(c => {
	1916	+ const age = c.provisioned_at ? timeSince(new Date(c.provisioned_at)) : '—';
	1917	+ const ttl = c.ttl_seconds > 0 ? `${Math.round(c.ttl_seconds/3600)}h` : '—';
	1918	+ return `<tr>
	1919	+ <td><strong>${esc(c.name)}</strong></td>
	1920	+ <td style="font-size:12px;color:#8b949e">${esc(c.type \|\| '—')}</td>
	1921	+ <td style="font-size:12px">${age}</td>
	1922	+ <td style="font-size:12px">${ttl}</td>
	1923	+ <td><button class="sm danger" onclick="dropChannel('${esc(c.name)}')">drop</button></td>
	1924	+ </tr>`;
	1925	+ }).join('');
	1926	+ el.innerHTML = `<table><thead><tr><th>channel</th><th>type</th><th>age</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
	1927	+}
	1928	+
	1929	+function timeSince(date) {
	1930	+ const s = Math.floor((new Date() - date) / 1000);
	1931	+ if (s < 60) return s + 's';
	1932	+ if (s < 3600) return Math.floor(s/60) + 'm';
	1933	+ if (s < 86400) return Math.floor(s/3600) + 'h';
	1934	+ return Math.floor(s/86400) + 'd';
	1935	+}
	1936	+
	1937	+async function provisionChannel() {
	1938	+ let ch = document.getElementById('provision-channel-input').value.trim();
	1939	+ if (!ch) return;
	1940	+ if (!ch.startsWith('#')) ch = '#' + ch;
	1941	+ try {
	1942	+ await api('POST', '/v1/channels', {name: ch});
	1943	+ document.getElementById('provision-channel-input').value = '';
	1944	+ loadTopology();
	1945	+ loadChanTab();
	1946	+ } catch(e) { alert('Provision failed: ' + e.message); }
	1947	+}
	1948	+
	1949	+async function dropChannel(ch) {
	1950	+ if (!confirm('Drop channel ' + ch + '? This unregisters it from ChanServ.')) return;
	1951	+ const slug = ch.replace(/^#/,'');
	1952	+ try {
	1953	+ await api('DELETE', `/v1/topology/channels/${slug}`);
	1954	+ loadTopology();
	1955	+ loadChanTab();
	1956	+ } catch(e) { alert('Drop failed: ' + e.message); }
	1957	+}
	1958	+
	1959	+// --- ROE template editor (#118) ---
	1960	+function renderROETemplates(templates) {
	1961	+ const el = document.getElementById('roe-list');
	1962	+ if (!templates \|\| !templates.length) {
	1963	+ el.innerHTML = '<div style="color:#8b949e;font-size:12px">No ROE templates defined. Click + add template to create one.</div>';
	1964	+ return;
	1965	+ }
	1966	+ el.innerHTML = templates.map((t, i) => `
	1967	+ <div style="border:1px solid #21262d;border-radius:6px;padding:12px;margin-bottom:10px;background:#0d1117">
	1968	+ <div style="display:flex;gap:10px;align-items:center;margin-bottom:8px">
	1969	+ <input type="text" value="${esc(t.name)}" placeholder="template name" style="flex:1;font-weight:600" onchange="updateROE(${i},'name',this.value)">
	1970	+ <button class="sm danger" onclick="removeROE(${i})">remove</button>
	1971	+ </div>
	1972	+ <div style="display:flex;gap:10px;flex-wrap:wrap;margin-bottom:6px">
	1973	+ <div style="flex:1;min-width:200px"><label style="font-size:11px">channels (comma-separated)</label><input type="text" value="${esc((t.channels\|\|[]).join(', '))}" onchange="updateROE(${i},'channels',this.value)" style="width:100%"></div>
	1974	+ <div style="flex:1;min-width:200px"><label style="font-size:11px">permissions</label><input type="text" value="${esc((t.permissions\|\|[]).join(', '))}" onchange="updateROE(${i},'permissions',this.value)" style="width:100%"></div>
	1975	+ </div>
	1976	+ <div style="display:flex;gap:10px">
	1977	+ <div><label style="font-size:11px">msg/sec</label><input type="number" value="${t.rate_limit?.messages_per_second\|\|''}" placeholder="10" style="width:70px" onchange="updateROERateLimit(${i},'messages_per_second',this.value)"></div>
	1978	+ <div><label style="font-size:11px">burst</label><input type="number" value="${t.rate_limit?.burst\|\|''}" placeholder="50" style="width:70px" onchange="updateROERateLimit(${i},'burst',this.value)"></div>
	1979	+ <div style="flex:1"><label style="font-size:11px">description</label><input type="text" value="${esc(t.description\|\|'')}" onchange="updateROE(${i},'description',this.value)" style="width:100%"></div>
	1980	+ </div>
	1981	+ </div>
	1982	+ `).join('');
	1983	+}
	1984	+
	1985	+function addROETemplate() {
	1986	+ if (!currentPolicies.roe_templates) currentPolicies.roe_templates = [];
	1987	+ currentPolicies.roe_templates.push({name: 'new-template', channels: [], permissions: []});
	1988	+ renderROETemplates(currentPolicies.roe_templates);
	1989	+}
	1990	+function removeROE(i) {
	1991	+ currentPolicies.roe_templates.splice(i, 1);
	1992	+ renderROETemplates(currentPolicies.roe_templates);
	1993	+}
	1994	+function updateROE(i, field, val) {
	1995	+ if (field === 'channels' \|\| field === 'permissions') {
	1996	+ currentPolicies.roe_templates[i][field] = val.split(',').map(s => s.trim()).filter(Boolean);
	1997	+ } else {
	1998	+ currentPolicies.roe_templates[i][field] = val;
	1999	+ }
	2000	+}
	2001	+function updateROERateLimit(i, field, val) {
	2002	+ if (!currentPolicies.roe_templates[i].rate_limit) currentPolicies.roe_templates[i].rate_limit = {};
	2003	+ currentPolicies.roe_templates[i].rate_limit[field] = Number(val) \|\| 0;
	2004	+}
1787	2005
1788	2006	// --- chat ---
1789	2007	let chatChannel = null, chatSSE = null;
1790	2008
1791	2009	async function loadChannels() {
		@@ -1921,14 +2139,16 @@
1921	2139	let _chatUnread = 0;
1922	2140
1923	2141	function appendMsg(msg, isHistory) {
1924	2142	const area = document.getElementById('chat-msgs');
1925	2143
1926		- // Parse "[nick] text" sent by the bridge bot on behalf of a web user
	2144	+ // Attribution: RELAYMSG delivers nicks as "user/bridge"; legacy uses "[nick] text".
1927	2145	let displayNick = msg.nick;
1928	2146	let displayText = msg.text;
1929		- if (msg.nick === 'bridge') {
	2147	+ if (msg.nick && msg.nick.endsWith('/bridge')) {
	2148	+ displayNick = msg.nick.slice(0, -'/bridge'.length);
	2149	+ } else if (msg.nick === 'bridge') {
1930	2150	const m = msg.text.match(/^\[([^\]]+)\] ([\s\S]*)$/);
1931	2151	if (m) { displayNick = m[1]; displayText = m[2]; }
1932	2152	}
1933	2153
1934	2154	const atMs = new Date(msg.at).getTime();
		@@ -2571,10 +2791,73 @@
2571	2791	try {
2572	2792	await api('PUT', `/v1/admins/${encodeURIComponent(username)}/password`, { password: pw });
2573	2793	alert('Password updated.');
2574	2794	} catch(e) { alert('Failed: ' + e.message); }
2575	2795	}
	2796	+
	2797	+// --- API keys ---
	2798	+async function loadAPIKeys() {
	2799	+ try {
	2800	+ const keys = await api('GET', '/v1/api-keys');
	2801	+ renderAPIKeys(keys \|\| []);
	2802	+ } catch(e) {
	2803	+ document.getElementById('apikeys-list-container').innerHTML = '';
	2804	+ }
	2805	+}
	2806	+
	2807	+function renderAPIKeys(keys) {
	2808	+ const el = document.getElementById('apikeys-list-container');
	2809	+ if (!keys.length) { el.innerHTML = ''; return; }
	2810	+ const rows = keys.map(k => {
	2811	+ const status = k.active ? '<span style="color:#3fb950">active</span>' : '<span style="color:#f85149">revoked</span>';
	2812	+ const scopes = (k.scopes \|\| []).map(s => `<code style="font-size:11px;background:#21262d;padding:1px 5px;border-radius:3px">${esc(s)}</code>`).join(' ');
	2813	+ const lastUsed = k.last_used ? fmtTime(k.last_used) : '—';
	2814	+ const revokeBtn = k.active ? `<button class="sm danger" onclick="revokeAPIKey('${esc(k.id)}')">revoke</button>` : '';
	2815	+ return `<tr>
	2816	+ <td><strong>${esc(k.name)}</strong><br><span style="color:#8b949e;font-size:11px">${esc(k.id)}</span></td>
	2817	+ <td>${scopes}</td>
	2818	+ <td style="font-size:12px">${status}</td>
	2819	+ <td style="color:#8b949e;font-size:12px">${lastUsed}</td>
	2820	+ <td><div class="actions">${revokeBtn}</div></td>
	2821	+ </tr>`;
	2822	+ }).join('');
	2823	+ el.innerHTML = `<table><thead><tr><th>name</th><th>scopes</th><th>status</th><th>last used</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
	2824	+}
	2825	+
	2826	+async function createAPIKey(e) {
	2827	+ e.preventDefault();
	2828	+ const name = document.getElementById('new-apikey-name').value.trim();
	2829	+ const expires = document.getElementById('new-apikey-expires').value.trim();
	2830	+ const scopes = [...document.querySelectorAll('.apikey-scope:checked')].map(cb => cb.value);
	2831	+ const resultEl = document.getElementById('add-apikey-result');
	2832	+ if (!name) { resultEl.innerHTML = '<span style="color:#f85149">name is required</span>'; return; }
	2833	+ if (!scopes.length) { resultEl.innerHTML = '<span style="color:#f85149">select at least one scope</span>'; return; }
	2834	+ try {
	2835	+ const body = { name, scopes };
	2836	+ if (expires) body.expires_in = expires;
	2837	+ const result = await api('POST', '/v1/api-keys', body);
	2838	+ resultEl.innerHTML = `<div style="background:#0d1117;border:1px solid #3fb95044;border-radius:6px;padding:12px;margin-top:8px">
	2839	+ <div style="color:#3fb950;font-weight:600;margin-bottom:6px">Key created: ${esc(result.name)}</div>
	2840	+ <div style="margin-bottom:4px;font-size:12px;color:#8b949e">Copy this token now — it will not be shown again:</div>
	2841	+ <code style="display:block;padding:8px;background:#161b22;border-radius:4px;word-break:break-all;user-select:all">${esc(result.token)}</code>
	2842	+ </div>`;
	2843	+ document.getElementById('new-apikey-name').value = '';
	2844	+ document.getElementById('new-apikey-expires').value = '';
	2845	+ document.querySelectorAll('.apikey-scope:checked').forEach(cb => cb.checked = false);
	2846	+ loadAPIKeys();
	2847	+ } catch(e) {
	2848	+ resultEl.innerHTML = `<span style="color:#f85149">${esc(e.message)}</span>`;
	2849	+ }
	2850	+}
	2851	+
	2852	+async function revokeAPIKey(id) {
	2853	+ if (!confirm('Revoke this API key? This cannot be undone.')) return;
	2854	+ try {
	2855	+ await api('DELETE', `/v1/api-keys/${encodeURIComponent(id)}`);
	2856	+ loadAPIKeys();
	2857	+ } catch(e) { alert('Failed: ' + e.message); }
	2858	+}
2576	2859
2577	2860	// --- AI / LLM tab ---
2578	2861	async function loadAI() {
2579	2862	await Promise.all([loadAIBackends(), loadAIKnown()]);
2580	2863	}
		@@ -2977,10 +3260,11 @@
2977	3260	renderOnJoinMessages(s.policies.on_join_messages \|\| {});
2978	3261	renderAgentPolicy(s.policies.agent_policy \|\| {});
2979	3262	renderBridgePolicy(s.policies.bridge \|\| {});
2980	3263	renderLoggingPolicy(s.policies.logging \|\| {});
2981	3264	loadAdmins();
	3265	+ loadAPIKeys();
2982	3266	loadConfigCards();
2983	3267	} catch(e) {
2984	3268	document.getElementById('tls-badge').textContent = 'error';
2985	3269	}
2986	3270	}
		@@ -3288,14 +3572,17 @@
3288	3572	// general
3289	3573	document.getElementById('general-api-addr').value = cfg.api_addr \|\| '';
3290	3574	document.getElementById('general-mcp-addr').value = cfg.mcp_addr \|\| '';
3291	3575	// ergo
3292	3576	const e = cfg.ergo \|\| {};
3293		- document.getElementById('ergo-network-name').value = e.network_name \|\| '';
3294		- document.getElementById('ergo-server-name').value = e.server_name \|\| '';
3295		- document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
3296		- document.getElementById('ergo-external').checked = !!e.external;
	3577	+ document.getElementById('ergo-network-name').value = e.network_name \|\| '';
	3578	+ document.getElementById('ergo-server-name').value = e.server_name \|\| '';
	3579	+ document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
	3580	+ document.getElementById('ergo-require-sasl').checked = !!e.require_sasl;
	3581	+ document.getElementById('ergo-default-modes').value = e.default_channel_modes \|\| '';
	3582	+ document.getElementById('ergo-history-enabled').checked = !!(e.history && e.history.enabled);
	3583	+ document.getElementById('ergo-external').checked = !!e.external;
3297	3584	// tls
3298	3585	const t = cfg.tls \|\| {};
3299	3586	document.getElementById('tls-domain').value = t.domain \|\| '';
3300	3587	document.getElementById('tls-email').value = t.email \|\| '';
3301	3588	document.getElementById('tls-allow-insecure').checked = !!t.allow_insecure;
		@@ -3368,14 +3655,17 @@
3368	3655	}
3369	3656
3370	3657	function saveErgoConfig() {
3371	3658	saveConfigPatch({
3372	3659	ergo: {
3373		- network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
3374		- server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
3375		- irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
3376		- external: document.getElementById('ergo-external').checked,
	3660	+ network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
	3661	+ server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
	3662	+ irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
	3663	+ require_sasl: document.getElementById('ergo-require-sasl').checked,
	3664	+ default_channel_modes: document.getElementById('ergo-default-modes').value.trim() \|\| undefined,
	3665	+ history: { enabled: document.getElementById('ergo-history-enabled').checked },
	3666	+ external: document.getElementById('ergo-external').checked,
3377	3667	}
3378	3668	}, 'ergo-save-result');
3379	3669	}
3380	3670
3381	3671	function saveTLSConfig() {
3382	3672
3383	3673	ADDED internal/auth/apikeys.go

	--- internal/api/ui/index.html
	+++ internal/api/ui/index.html
	@@ -485,10 +485,40 @@
485	<button class="sm primary" onclick="quickJoin()">join</button>
486	</div>
487	</div>
488	<div id="channels-list"><div class="empty">no channels joined yet — type a channel name above</div></div>
489	</div>






























490	</div>
491	</div>
492
493	<!-- CHAT -->
494	<div class="tab-pane" id="pane-chat">
	@@ -580,10 +610,40 @@
580	<button type="submit" class="primary sm" style="margin-bottom:1px">add admin</button>
581	</form>
582	<div id="add-admin-result" style="margin-top:10px"></div>
583	</div>
584	</div>






























585
586	<!-- tls -->
587	<div class="card" id="card-tls">
588	<div class="card-header" onclick="toggleCard('card-tls',event)"><h2>TLS / SSL</h2><span class="card-desc">certificate status</span><span class="collapse-icon">▾</span><div class="spacer"></div><span id="tls-badge" class="badge">loading…</span></div>
589	<div class="card-body">
	@@ -816,10 +876,31 @@
816	</div>
817	<div class="setting-row">
818	<div class="setting-label">IRC address</div>
819	<div class="setting-desc">Address Ergo listens on for IRC connections. Requires restart.</div>
820	<input type="text" id="ergo-irc-addr" placeholder="127.0.0.1:6667" style="width:180px;padding:4px 8px;font-size:12px">





















821	</div>
822	<div class="setting-row">
823	<div class="setting-label">external mode</div>
824	<div class="setting-desc">Disable subprocess management — scuttlebot expects Ergo to already be running. Requires restart.</div>
825	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	@@ -1744,10 +1825,19 @@
1744	allChannels = (data.channels \|\| []).sort();
1745	renderChanList();
1746	} catch(e) {
1747	document.getElementById('channels-list').innerHTML = '<div style="padding:16px">'+renderAlert('error', e.message)+'</div>';
1748	}









1749	}
1750
1751	function renderChanList() {
1752	const q = (document.getElementById('chan-search').value\|\|'').toLowerCase();
1753	const filtered = allChannels.filter(ch => !q \|\| ch.toLowerCase().includes(q));
	@@ -1782,10 +1872,138 @@
1782	await loadChanTab();
1783	renderChanSidebar((await api('GET','/v1/channels')).channels\|\|[]);
1784	} catch(e) { alert('Join failed: '+e.message); }
1785	}
1786	document.getElementById('quick-join-input').addEventListener('keydown', e => { if(e.key==='Enter')quickJoin(); });
































































































































1787
1788	// --- chat ---
1789	let chatChannel = null, chatSSE = null;
1790
1791	async function loadChannels() {
	@@ -1921,14 +2139,16 @@
1921	let _chatUnread = 0;
1922
1923	function appendMsg(msg, isHistory) {
1924	const area = document.getElementById('chat-msgs');
1925
1926	// Parse "[nick] text" sent by the bridge bot on behalf of a web user
1927	let displayNick = msg.nick;
1928	let displayText = msg.text;
1929	if (msg.nick === 'bridge') {


1930	const m = msg.text.match(/^\[([^\]]+)\] ([\s\S]*)$/);
1931	if (m) { displayNick = m[1]; displayText = m[2]; }
1932	}
1933
1934	const atMs = new Date(msg.at).getTime();
	@@ -2571,10 +2791,73 @@
2571	try {
2572	await api('PUT', `/v1/admins/${encodeURIComponent(username)}/password`, { password: pw });
2573	alert('Password updated.');
2574	} catch(e) { alert('Failed: ' + e.message); }
2575	}































































2576
2577	// --- AI / LLM tab ---
2578	async function loadAI() {
2579	await Promise.all([loadAIBackends(), loadAIKnown()]);
2580	}
	@@ -2977,10 +3260,11 @@
2977	renderOnJoinMessages(s.policies.on_join_messages \|\| {});
2978	renderAgentPolicy(s.policies.agent_policy \|\| {});
2979	renderBridgePolicy(s.policies.bridge \|\| {});
2980	renderLoggingPolicy(s.policies.logging \|\| {});
2981	loadAdmins();

2982	loadConfigCards();
2983	} catch(e) {
2984	document.getElementById('tls-badge').textContent = 'error';
2985	}
2986	}
	@@ -3288,14 +3572,17 @@
3288	// general
3289	document.getElementById('general-api-addr').value = cfg.api_addr \|\| '';
3290	document.getElementById('general-mcp-addr').value = cfg.mcp_addr \|\| '';
3291	// ergo
3292	const e = cfg.ergo \|\| {};
3293	document.getElementById('ergo-network-name').value = e.network_name \|\| '';
3294	document.getElementById('ergo-server-name').value = e.server_name \|\| '';
3295	document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
3296	document.getElementById('ergo-external').checked = !!e.external;



3297	// tls
3298	const t = cfg.tls \|\| {};
3299	document.getElementById('tls-domain').value = t.domain \|\| '';
3300	document.getElementById('tls-email').value = t.email \|\| '';
3301	document.getElementById('tls-allow-insecure').checked = !!t.allow_insecure;
	@@ -3368,14 +3655,17 @@
3368	}
3369
3370	function saveErgoConfig() {
3371	saveConfigPatch({
3372	ergo: {
3373	network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
3374	server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
3375	irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
3376	external: document.getElementById('ergo-external').checked,



3377	}
3378	}, 'ergo-save-result');
3379	}
3380
3381	function saveTLSConfig() {
3382
3383	DDED internal/auth/apikeys.go

	--- internal/api/ui/index.html
	+++ internal/api/ui/index.html
	@@ -485,10 +485,40 @@
485	<button class="sm primary" onclick="quickJoin()">join</button>
486	</div>
487	</div>
488	<div id="channels-list"><div class="empty">no channels joined yet — type a channel name above</div></div>
489	</div>
490
491	<!-- topology panel -->
492	<div class="card" id="card-topology">
493	<div class="card-header" onclick="toggleCard('card-topology',event)">
494	<h2>topology</h2><span class="card-desc">channel types, provisioning rules, active task channels</span><span class="collapse-icon">▾</span>
495	<div class="spacer"></div>
496	<div style="display:flex;gap:6px;align-items:center">
497	<input type="text" id="provision-channel-input" placeholder="#project.name" style="width:160px;padding:5px 8px;font-size:12px" autocomplete="off">
498	<button class="sm primary" onclick="provisionChannel()">provision</button>
499	</div>
500	</div>
501	<div class="card-body" style="padding:0">
502	<div id="topology-types"></div>
503	<div id="topology-active" style="padding:12px 16px"><div class="empty">loading topology…</div></div>
504	</div>
505	</div>
506
507	<!-- ROE templates -->
508	<div class="card" id="card-roe">
509	<div class="card-header" onclick="toggleCard('card-roe',event)">
510	<h2>ROE templates</h2><span class="card-desc">rules-of-engagement presets for agent registration</span><span class="collapse-icon">▾</span>
511	<div class="spacer"></div>
512	<button class="sm primary" onclick="event.stopPropagation();savePolicies()">save</button>
513	</div>
514	<div class="card-body">
515	<p style="font-size:12px;color:#8b949e;margin-bottom:12px">Define ROE templates applied to agents at registration. Includes channels, permissions, and rate limits.</p>
516	<div id="roe-list"></div>
517	<button class="sm" onclick="addROETemplate()" style="margin-top:10px">+ add template</button>
518	</div>
519	</div>
520	</div>
521	</div>
522
523	<!-- CHAT -->
524	<div class="tab-pane" id="pane-chat">
	@@ -580,10 +610,40 @@
610	<button type="submit" class="primary sm" style="margin-bottom:1px">add admin</button>
611	</form>
612	<div id="add-admin-result" style="margin-top:10px"></div>
613	</div>
614	</div>
615
616	<!-- api keys -->
617	<div class="card" id="card-apikeys">
618	<div class="card-header" onclick="toggleCard('card-apikeys',event)"><h2>API keys</h2><span class="card-desc">per-consumer tokens with scoped permissions</span><span class="collapse-icon">▾</span></div>
619	<div id="apikeys-list-container"></div>
620	<div class="card-body" style="border-top:1px solid #21262d">
621	<p style="font-size:12px;color:#8b949e;margin-bottom:12px">Create an API key with a name and scopes. The token is shown only once.</p>
622	<form id="add-apikey-form" onsubmit="createAPIKey(event)" style="display:flex;flex-direction:column;gap:10px">
623	<div style="display:flex;gap:10px;flex-wrap:wrap;align-items:flex-end">
624	<div style="flex:1;min-width:160px"><label>name</label><input type="text" id="new-apikey-name" placeholder="e.g. kohakku-controller" autocomplete="off"></div>
625	<div style="flex:1;min-width:160px"><label>expires in</label><input type="text" id="new-apikey-expires" placeholder="e.g. 720h (empty=never)" autocomplete="off"></div>
626	</div>
627	<div>
628	<label style="margin-bottom:6px;display:block">scopes</label>
629	<div style="display:flex;gap:12px;flex-wrap:wrap;font-size:12px">
630	<label><input type="checkbox" value="admin" class="apikey-scope"> admin</label>
631	<label><input type="checkbox" value="agents" class="apikey-scope"> agents</label>
632	<label><input type="checkbox" value="channels" class="apikey-scope"> channels</label>
633	<label><input type="checkbox" value="chat" class="apikey-scope"> chat</label>
634	<label><input type="checkbox" value="topology" class="apikey-scope"> topology</label>
635	<label><input type="checkbox" value="bots" class="apikey-scope"> bots</label>
636	<label><input type="checkbox" value="config" class="apikey-scope"> config</label>
637	<label><input type="checkbox" value="read" class="apikey-scope"> read</label>
638	</div>
639	</div>
640	<button type="submit" class="primary sm" style="align-self:flex-start">create key</button>
641	</form>
642	<div id="add-apikey-result" style="margin-top:10px"></div>
643	</div>
644	</div>
645
646	<!-- tls -->
647	<div class="card" id="card-tls">
648	<div class="card-header" onclick="toggleCard('card-tls',event)"><h2>TLS / SSL</h2><span class="card-desc">certificate status</span><span class="collapse-icon">▾</span><div class="spacer"></div><span id="tls-badge" class="badge">loading…</span></div>
649	<div class="card-body">
	@@ -816,10 +876,31 @@
876	</div>
877	<div class="setting-row">
878	<div class="setting-label">IRC address</div>
879	<div class="setting-desc">Address Ergo listens on for IRC connections. Requires restart.</div>
880	<input type="text" id="ergo-irc-addr" placeholder="127.0.0.1:6667" style="width:180px;padding:4px 8px;font-size:12px">
881	</div>
882	<div class="setting-row">
883	<div class="setting-label">require SASL</div>
884	<div class="setting-desc">Enforce SASL authentication for all IRC connections. Only registered accounts can connect. Hot-reloads.</div>
885	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
886	<input type="checkbox" id="ergo-require-sasl">
887	<span style="font-size:12px">enforce SASL</span>
888	</label>
889	</div>
890	<div class="setting-row">
891	<div class="setting-label">default channel modes</div>
892	<div class="setting-desc">Modes applied to new channels (e.g. "+n", "+Rn"). Hot-reloads.</div>
893	<input type="text" id="ergo-default-modes" placeholder="+n" style="width:120px;padding:4px 8px;font-size:12px">
894	</div>
895	<div class="setting-row">
896	<div class="setting-label">message history</div>
897	<div class="setting-desc">Enable persistent message history (CHATHISTORY). Hot-reloads.</div>
898	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
899	<input type="checkbox" id="ergo-history-enabled">
900	<span style="font-size:12px">enabled</span>
901	</label>
902	</div>
903	<div class="setting-row">
904	<div class="setting-label">external mode</div>
905	<div class="setting-desc">Disable subprocess management — scuttlebot expects Ergo to already be running. Requires restart.</div>
906	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	@@ -1744,10 +1825,19 @@
1825	allChannels = (data.channels \|\| []).sort();
1826	renderChanList();
1827	} catch(e) {
1828	document.getElementById('channels-list').innerHTML = '<div style="padding:16px">'+renderAlert('error', e.message)+'</div>';
1829	}
1830	loadTopology();
1831	// Load ROE templates from policies for the ROE card.
1832	try {
1833	const s = await api('GET', '/v1/settings');
1834	if (s && s.policies) {
1835	currentPolicies = s.policies;
1836	renderROETemplates(s.policies.roe_templates \|\| []);
1837	}
1838	} catch(e) {}
1839	}
1840
1841	function renderChanList() {
1842	const q = (document.getElementById('chan-search').value\|\|'').toLowerCase();
1843	const filtered = allChannels.filter(ch => !q \|\| ch.toLowerCase().includes(q));
	@@ -1782,10 +1872,138 @@
1872	await loadChanTab();
1873	renderChanSidebar((await api('GET','/v1/channels')).channels\|\|[]);
1874	} catch(e) { alert('Join failed: '+e.message); }
1875	}
1876	document.getElementById('quick-join-input').addEventListener('keydown', e => { if(e.key==='Enter')quickJoin(); });
1877
1878	// --- topology panel (#115) + task channels (#114) ---
1879	async function loadTopology() {
1880	try {
1881	const data = await api('GET', '/v1/topology');
1882	renderTopologyTypes(data.types \|\| []);
1883	renderTopologyActive(data.active_channels \|\| [], data.types \|\| []);
1884	} catch(e) {
1885	document.getElementById('topology-types').innerHTML = '';
1886	document.getElementById('topology-active').innerHTML = '<div style="color:#8b949e;font-size:12px">topology not configured</div>';
1887	}
1888	}
1889
1890	function renderTopologyTypes(types) {
1891	if (!types.length) { document.getElementById('topology-types').innerHTML = ''; return; }
1892	const rows = types.map(t => {
1893	const ttl = t.ttl_seconds > 0 ? `${Math.round(t.ttl_seconds/3600)}h` : '—';
1894	const tags = [];
1895	if (t.ephemeral) tags.push('<span style="background:#f8514922;color:#f85149;padding:1px 5px;border-radius:3px;font-size:10px">ephemeral</span>');
1896	if (t.supervision) tags.push(`<span style="font-size:11px;color:#8b949e">→ ${esc(t.supervision)}</span>`);
1897	return `<tr>
1898	<td><strong>${esc(t.name)}</strong></td>
1899	<td><code style="font-size:11px">#${esc(t.prefix)}*</code></td>
1900	<td style="font-size:12px">${(t.autojoin\|\|[]).map(n => `<code style="font-size:11px;background:#21262d;padding:1px 4px;border-radius:3px">${esc(n)}</code>`).join(' ')}</td>
1901	<td style="font-size:12px">${ttl}</td>
1902	<td>${tags.join(' ')}</td>
1903	</tr>`;
1904	}).join('');
1905	document.getElementById('topology-types').innerHTML = `<table><thead><tr><th>type</th><th>prefix</th><th>autojoin</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
1906	}
1907
1908	function renderTopologyActive(channels, types) {
1909	const el = document.getElementById('topology-active');
1910	const tasks = channels.filter(c => c.ephemeral \|\| c.type === 'task');
1911	if (!tasks.length) {
1912	el.innerHTML = '<div style="color:#8b949e;font-size:12px;padding:4px 0">no active task channels</div>';
1913	return;
1914	}
1915	const rows = tasks.map(c => {
1916	const age = c.provisioned_at ? timeSince(new Date(c.provisioned_at)) : '—';
1917	const ttl = c.ttl_seconds > 0 ? `${Math.round(c.ttl_seconds/3600)}h` : '—';
1918	return `<tr>
1919	<td><strong>${esc(c.name)}</strong></td>
1920	<td style="font-size:12px;color:#8b949e">${esc(c.type \|\| '—')}</td>
1921	<td style="font-size:12px">${age}</td>
1922	<td style="font-size:12px">${ttl}</td>
1923	<td><button class="sm danger" onclick="dropChannel('${esc(c.name)}')">drop</button></td>
1924	</tr>`;
1925	}).join('');
1926	el.innerHTML = `<table><thead><tr><th>channel</th><th>type</th><th>age</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
1927	}
1928
1929	function timeSince(date) {
1930	const s = Math.floor((new Date() - date) / 1000);
1931	if (s < 60) return s + 's';
1932	if (s < 3600) return Math.floor(s/60) + 'm';
1933	if (s < 86400) return Math.floor(s/3600) + 'h';
1934	return Math.floor(s/86400) + 'd';
1935	}
1936
1937	async function provisionChannel() {
1938	let ch = document.getElementById('provision-channel-input').value.trim();
1939	if (!ch) return;
1940	if (!ch.startsWith('#')) ch = '#' + ch;
1941	try {
1942	await api('POST', '/v1/channels', {name: ch});
1943	document.getElementById('provision-channel-input').value = '';
1944	loadTopology();
1945	loadChanTab();
1946	} catch(e) { alert('Provision failed: ' + e.message); }
1947	}
1948
1949	async function dropChannel(ch) {
1950	if (!confirm('Drop channel ' + ch + '? This unregisters it from ChanServ.')) return;
1951	const slug = ch.replace(/^#/,'');
1952	try {
1953	await api('DELETE', `/v1/topology/channels/${slug}`);
1954	loadTopology();
1955	loadChanTab();
1956	} catch(e) { alert('Drop failed: ' + e.message); }
1957	}
1958
1959	// --- ROE template editor (#118) ---
1960	function renderROETemplates(templates) {
1961	const el = document.getElementById('roe-list');
1962	if (!templates \|\| !templates.length) {
1963	el.innerHTML = '<div style="color:#8b949e;font-size:12px">No ROE templates defined. Click + add template to create one.</div>';
1964	return;
1965	}
1966	el.innerHTML = templates.map((t, i) => `
1967	<div style="border:1px solid #21262d;border-radius:6px;padding:12px;margin-bottom:10px;background:#0d1117">
1968	<div style="display:flex;gap:10px;align-items:center;margin-bottom:8px">
1969	<input type="text" value="${esc(t.name)}" placeholder="template name" style="flex:1;font-weight:600" onchange="updateROE(${i},'name',this.value)">
1970	<button class="sm danger" onclick="removeROE(${i})">remove</button>
1971	</div>
1972	<div style="display:flex;gap:10px;flex-wrap:wrap;margin-bottom:6px">
1973	<div style="flex:1;min-width:200px"><label style="font-size:11px">channels (comma-separated)</label><input type="text" value="${esc((t.channels\|\|[]).join(', '))}" onchange="updateROE(${i},'channels',this.value)" style="width:100%"></div>
1974	<div style="flex:1;min-width:200px"><label style="font-size:11px">permissions</label><input type="text" value="${esc((t.permissions\|\|[]).join(', '))}" onchange="updateROE(${i},'permissions',this.value)" style="width:100%"></div>
1975	</div>
1976	<div style="display:flex;gap:10px">
1977	<div><label style="font-size:11px">msg/sec</label><input type="number" value="${t.rate_limit?.messages_per_second\|\|''}" placeholder="10" style="width:70px" onchange="updateROERateLimit(${i},'messages_per_second',this.value)"></div>
1978	<div><label style="font-size:11px">burst</label><input type="number" value="${t.rate_limit?.burst\|\|''}" placeholder="50" style="width:70px" onchange="updateROERateLimit(${i},'burst',this.value)"></div>
1979	<div style="flex:1"><label style="font-size:11px">description</label><input type="text" value="${esc(t.description\|\|'')}" onchange="updateROE(${i},'description',this.value)" style="width:100%"></div>
1980	</div>
1981	</div>
1982	`).join('');
1983	}
1984
1985	function addROETemplate() {
1986	if (!currentPolicies.roe_templates) currentPolicies.roe_templates = [];
1987	currentPolicies.roe_templates.push({name: 'new-template', channels: [], permissions: []});
1988	renderROETemplates(currentPolicies.roe_templates);
1989	}
1990	function removeROE(i) {
1991	currentPolicies.roe_templates.splice(i, 1);
1992	renderROETemplates(currentPolicies.roe_templates);
1993	}
1994	function updateROE(i, field, val) {
1995	if (field === 'channels' \|\| field === 'permissions') {
1996	currentPolicies.roe_templates[i][field] = val.split(',').map(s => s.trim()).filter(Boolean);
1997	} else {
1998	currentPolicies.roe_templates[i][field] = val;
1999	}
2000	}
2001	function updateROERateLimit(i, field, val) {
2002	if (!currentPolicies.roe_templates[i].rate_limit) currentPolicies.roe_templates[i].rate_limit = {};
2003	currentPolicies.roe_templates[i].rate_limit[field] = Number(val) \|\| 0;
2004	}
2005
2006	// --- chat ---
2007	let chatChannel = null, chatSSE = null;
2008
2009	async function loadChannels() {
	@@ -1921,14 +2139,16 @@
2139	let _chatUnread = 0;
2140
2141	function appendMsg(msg, isHistory) {
2142	const area = document.getElementById('chat-msgs');
2143
2144	// Attribution: RELAYMSG delivers nicks as "user/bridge"; legacy uses "[nick] text".
2145	let displayNick = msg.nick;
2146	let displayText = msg.text;
2147	if (msg.nick && msg.nick.endsWith('/bridge')) {
2148	displayNick = msg.nick.slice(0, -'/bridge'.length);
2149	} else if (msg.nick === 'bridge') {
2150	const m = msg.text.match(/^\[([^\]]+)\] ([\s\S]*)$/);
2151	if (m) { displayNick = m[1]; displayText = m[2]; }
2152	}
2153
2154	const atMs = new Date(msg.at).getTime();
	@@ -2571,10 +2791,73 @@
2791	try {
2792	await api('PUT', `/v1/admins/${encodeURIComponent(username)}/password`, { password: pw });
2793	alert('Password updated.');
2794	} catch(e) { alert('Failed: ' + e.message); }
2795	}
2796
2797	// --- API keys ---
2798	async function loadAPIKeys() {
2799	try {
2800	const keys = await api('GET', '/v1/api-keys');
2801	renderAPIKeys(keys \|\| []);
2802	} catch(e) {
2803	document.getElementById('apikeys-list-container').innerHTML = '';
2804	}
2805	}
2806
2807	function renderAPIKeys(keys) {
2808	const el = document.getElementById('apikeys-list-container');
2809	if (!keys.length) { el.innerHTML = ''; return; }
2810	const rows = keys.map(k => {
2811	const status = k.active ? '<span style="color:#3fb950">active</span>' : '<span style="color:#f85149">revoked</span>';
2812	const scopes = (k.scopes \|\| []).map(s => `<code style="font-size:11px;background:#21262d;padding:1px 5px;border-radius:3px">${esc(s)}</code>`).join(' ');
2813	const lastUsed = k.last_used ? fmtTime(k.last_used) : '—';
2814	const revokeBtn = k.active ? `<button class="sm danger" onclick="revokeAPIKey('${esc(k.id)}')">revoke</button>` : '';
2815	return `<tr>
2816	<td><strong>${esc(k.name)}</strong><br><span style="color:#8b949e;font-size:11px">${esc(k.id)}</span></td>
2817	<td>${scopes}</td>
2818	<td style="font-size:12px">${status}</td>
2819	<td style="color:#8b949e;font-size:12px">${lastUsed}</td>
2820	<td><div class="actions">${revokeBtn}</div></td>
2821	</tr>`;
2822	}).join('');
2823	el.innerHTML = `<table><thead><tr><th>name</th><th>scopes</th><th>status</th><th>last used</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
2824	}
2825
2826	async function createAPIKey(e) {
2827	e.preventDefault();
2828	const name = document.getElementById('new-apikey-name').value.trim();
2829	const expires = document.getElementById('new-apikey-expires').value.trim();
2830	const scopes = [...document.querySelectorAll('.apikey-scope:checked')].map(cb => cb.value);
2831	const resultEl = document.getElementById('add-apikey-result');
2832	if (!name) { resultEl.innerHTML = '<span style="color:#f85149">name is required</span>'; return; }
2833	if (!scopes.length) { resultEl.innerHTML = '<span style="color:#f85149">select at least one scope</span>'; return; }
2834	try {
2835	const body = { name, scopes };
2836	if (expires) body.expires_in = expires;
2837	const result = await api('POST', '/v1/api-keys', body);
2838	resultEl.innerHTML = `<div style="background:#0d1117;border:1px solid #3fb95044;border-radius:6px;padding:12px;margin-top:8px">
2839	<div style="color:#3fb950;font-weight:600;margin-bottom:6px">Key created: ${esc(result.name)}</div>
2840	<div style="margin-bottom:4px;font-size:12px;color:#8b949e">Copy this token now — it will not be shown again:</div>
2841	<code style="display:block;padding:8px;background:#161b22;border-radius:4px;word-break:break-all;user-select:all">${esc(result.token)}</code>
2842	</div>`;
2843	document.getElementById('new-apikey-name').value = '';
2844	document.getElementById('new-apikey-expires').value = '';
2845	document.querySelectorAll('.apikey-scope:checked').forEach(cb => cb.checked = false);
2846	loadAPIKeys();
2847	} catch(e) {
2848	resultEl.innerHTML = `<span style="color:#f85149">${esc(e.message)}</span>`;
2849	}
2850	}
2851
2852	async function revokeAPIKey(id) {
2853	if (!confirm('Revoke this API key? This cannot be undone.')) return;
2854	try {
2855	await api('DELETE', `/v1/api-keys/${encodeURIComponent(id)}`);
2856	loadAPIKeys();
2857	} catch(e) { alert('Failed: ' + e.message); }
2858	}
2859
2860	// --- AI / LLM tab ---
2861	async function loadAI() {
2862	await Promise.all([loadAIBackends(), loadAIKnown()]);
2863	}
	@@ -2977,10 +3260,11 @@
3260	renderOnJoinMessages(s.policies.on_join_messages \|\| {});
3261	renderAgentPolicy(s.policies.agent_policy \|\| {});
3262	renderBridgePolicy(s.policies.bridge \|\| {});
3263	renderLoggingPolicy(s.policies.logging \|\| {});
3264	loadAdmins();
3265	loadAPIKeys();
3266	loadConfigCards();
3267	} catch(e) {
3268	document.getElementById('tls-badge').textContent = 'error';
3269	}
3270	}
	@@ -3288,14 +3572,17 @@
3572	// general
3573	document.getElementById('general-api-addr').value = cfg.api_addr \|\| '';
3574	document.getElementById('general-mcp-addr').value = cfg.mcp_addr \|\| '';
3575	// ergo
3576	const e = cfg.ergo \|\| {};
3577	document.getElementById('ergo-network-name').value = e.network_name \|\| '';
3578	document.getElementById('ergo-server-name').value = e.server_name \|\| '';
3579	document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
3580	document.getElementById('ergo-require-sasl').checked = !!e.require_sasl;
3581	document.getElementById('ergo-default-modes').value = e.default_channel_modes \|\| '';
3582	document.getElementById('ergo-history-enabled').checked = !!(e.history && e.history.enabled);
3583	document.getElementById('ergo-external').checked = !!e.external;
3584	// tls
3585	const t = cfg.tls \|\| {};
3586	document.getElementById('tls-domain').value = t.domain \|\| '';
3587	document.getElementById('tls-email').value = t.email \|\| '';
3588	document.getElementById('tls-allow-insecure').checked = !!t.allow_insecure;
	@@ -3368,14 +3655,17 @@
3655	}
3656
3657	function saveErgoConfig() {
3658	saveConfigPatch({
3659	ergo: {
3660	network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
3661	server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
3662	irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
3663	require_sasl: document.getElementById('ergo-require-sasl').checked,
3664	default_channel_modes: document.getElementById('ergo-default-modes').value.trim() \|\| undefined,
3665	history: { enabled: document.getElementById('ergo-history-enabled').checked },
3666	external: document.getElementById('ergo-external').checked,
3667	}
3668	}, 'ergo-save-result');
3669	}
3670
3671	function saveTLSConfig() {
3672
3673	DDED internal/auth/apikeys.go

M internal/api/ui/index.html

+300 -10

		--- internal/api/ui/index.html
		+++ internal/api/ui/index.html
		@@ -485,10 +485,40 @@
485	485	<button class="sm primary" onclick="quickJoin()">join</button>
486	486	</div>
487	487	</div>
488	488	<div id="channels-list"><div class="empty">no channels joined yet — type a channel name above</div></div>
489	489	</div>
	490	+
	491	+ <!-- topology panel -->
	492	+ <div class="card" id="card-topology">
	493	+ <div class="card-header" onclick="toggleCard('card-topology',event)">
	494	+ <h2>topology</h2><span class="card-desc">channel types, provisioning rules, active task channels</span><span class="collapse-icon">▾</span>
	495	+ <div class="spacer"></div>
	496	+ <div style="display:flex;gap:6px;align-items:center">
	497	+ <input type="text" id="provision-channel-input" placeholder="#project.name" style="width:160px;padding:5px 8px;font-size:12px" autocomplete="off">
	498	+ <button class="sm primary" onclick="provisionChannel()">provision</button>
	499	+ </div>
	500	+ </div>
	501	+ <div class="card-body" style="padding:0">
	502	+ <div id="topology-types"></div>
	503	+ <div id="topology-active" style="padding:12px 16px"><div class="empty">loading topology…</div></div>
	504	+ </div>
	505	+ </div>
	506	+
	507	+ <!-- ROE templates -->
	508	+ <div class="card" id="card-roe">
	509	+ <div class="card-header" onclick="toggleCard('card-roe',event)">
	510	+ <h2>ROE templates</h2><span class="card-desc">rules-of-engagement presets for agent registration</span><span class="collapse-icon">▾</span>
	511	+ <div class="spacer"></div>
	512	+ <button class="sm primary" onclick="event.stopPropagation();savePolicies()">save</button>
	513	+ </div>
	514	+ <div class="card-body">
	515	+ <p style="font-size:12px;color:#8b949e;margin-bottom:12px">Define ROE templates applied to agents at registration. Includes channels, permissions, and rate limits.</p>
	516	+ <div id="roe-list"></div>
	517	+ <button class="sm" onclick="addROETemplate()" style="margin-top:10px">+ add template</button>
	518	+ </div>
	519	+ </div>
490	520	</div>
491	521	</div>
492	522
493	523	<!-- CHAT -->
494	524	<div class="tab-pane" id="pane-chat">
		@@ -580,10 +610,40 @@
580	610	<button type="submit" class="primary sm" style="margin-bottom:1px">add admin</button>
581	611	</form>
582	612	<div id="add-admin-result" style="margin-top:10px"></div>
583	613	</div>
584	614	</div>
	615	+
	616	+ <!-- api keys -->
	617	+ <div class="card" id="card-apikeys">
	618	+ <div class="card-header" onclick="toggleCard('card-apikeys',event)"><h2>API keys</h2><span class="card-desc">per-consumer tokens with scoped permissions</span><span class="collapse-icon">▾</span></div>
	619	+ <div id="apikeys-list-container"></div>
	620	+ <div class="card-body" style="border-top:1px solid #21262d">
	621	+ <p style="font-size:12px;color:#8b949e;margin-bottom:12px">Create an API key with a name and scopes. The token is shown only once.</p>
	622	+ <form id="add-apikey-form" onsubmit="createAPIKey(event)" style="display:flex;flex-direction:column;gap:10px">
	623	+ <div style="display:flex;gap:10px;flex-wrap:wrap;align-items:flex-end">
	624	+ <div style="flex:1;min-width:160px"><label>name</label><input type="text" id="new-apikey-name" placeholder="e.g. kohakku-controller" autocomplete="off"></div>
	625	+ <div style="flex:1;min-width:160px"><label>expires in</label><input type="text" id="new-apikey-expires" placeholder="e.g. 720h (empty=never)" autocomplete="off"></div>
	626	+ </div>
	627	+ <div>
	628	+ <label style="margin-bottom:6px;display:block">scopes</label>
	629	+ <div style="display:flex;gap:12px;flex-wrap:wrap;font-size:12px">
	630	+ <label><input type="checkbox" value="admin" class="apikey-scope"> admin</label>
	631	+ <label><input type="checkbox" value="agents" class="apikey-scope"> agents</label>
	632	+ <label><input type="checkbox" value="channels" class="apikey-scope"> channels</label>
	633	+ <label><input type="checkbox" value="chat" class="apikey-scope"> chat</label>
	634	+ <label><input type="checkbox" value="topology" class="apikey-scope"> topology</label>
	635	+ <label><input type="checkbox" value="bots" class="apikey-scope"> bots</label>
	636	+ <label><input type="checkbox" value="config" class="apikey-scope"> config</label>
	637	+ <label><input type="checkbox" value="read" class="apikey-scope"> read</label>
	638	+ </div>
	639	+ </div>
	640	+ <button type="submit" class="primary sm" style="align-self:flex-start">create key</button>
	641	+ </form>
	642	+ <div id="add-apikey-result" style="margin-top:10px"></div>
	643	+ </div>
	644	+ </div>
585	645
586	646	<!-- tls -->
587	647	<div class="card" id="card-tls">
588	648	<div class="card-header" onclick="toggleCard('card-tls',event)"><h2>TLS / SSL</h2><span class="card-desc">certificate status</span><span class="collapse-icon">▾</span><div class="spacer"></div><span id="tls-badge" class="badge">loading…</span></div>
589	649	<div class="card-body">
		@@ -816,10 +876,31 @@
816	876	</div>
817	877	<div class="setting-row">
818	878	<div class="setting-label">IRC address</div>
819	879	<div class="setting-desc">Address Ergo listens on for IRC connections. Requires restart.</div>
820	880	<input type="text" id="ergo-irc-addr" placeholder="127.0.0.1:6667" style="width:180px;padding:4px 8px;font-size:12px">
	881	+ </div>
	882	+ <div class="setting-row">
	883	+ <div class="setting-label">require SASL</div>
	884	+ <div class="setting-desc">Enforce SASL authentication for all IRC connections. Only registered accounts can connect. Hot-reloads.</div>
	885	+ <label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	886	+ <input type="checkbox" id="ergo-require-sasl">
	887	+ <span style="font-size:12px">enforce SASL</span>
	888	+ </label>
	889	+ </div>
	890	+ <div class="setting-row">
	891	+ <div class="setting-label">default channel modes</div>
	892	+ <div class="setting-desc">Modes applied to new channels (e.g. "+n", "+Rn"). Hot-reloads.</div>
	893	+ <input type="text" id="ergo-default-modes" placeholder="+n" style="width:120px;padding:4px 8px;font-size:12px">
	894	+ </div>
	895	+ <div class="setting-row">
	896	+ <div class="setting-label">message history</div>
	897	+ <div class="setting-desc">Enable persistent message history (CHATHISTORY). Hot-reloads.</div>
	898	+ <label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	899	+ <input type="checkbox" id="ergo-history-enabled">
	900	+ <span style="font-size:12px">enabled</span>
	901	+ </label>
821	902	</div>
822	903	<div class="setting-row">
823	904	<div class="setting-label">external mode</div>
824	905	<div class="setting-desc">Disable subprocess management — scuttlebot expects Ergo to already be running. Requires restart.</div>
825	906	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
		@@ -1744,10 +1825,19 @@
1744	1825	allChannels = (data.channels \|\| []).sort();
1745	1826	renderChanList();
1746	1827	} catch(e) {
1747	1828	document.getElementById('channels-list').innerHTML = '<div style="padding:16px">'+renderAlert('error', e.message)+'</div>';
1748	1829	}
	1830	+ loadTopology();
	1831	+ // Load ROE templates from policies for the ROE card.
	1832	+ try {
	1833	+ const s = await api('GET', '/v1/settings');
	1834	+ if (s && s.policies) {
	1835	+ currentPolicies = s.policies;
	1836	+ renderROETemplates(s.policies.roe_templates \|\| []);
	1837	+ }
	1838	+ } catch(e) {}
1749	1839	}
1750	1840
1751	1841	function renderChanList() {
1752	1842	const q = (document.getElementById('chan-search').value\|\|'').toLowerCase();
1753	1843	const filtered = allChannels.filter(ch => !q \|\| ch.toLowerCase().includes(q));
		@@ -1782,10 +1872,138 @@
1782	1872	await loadChanTab();
1783	1873	renderChanSidebar((await api('GET','/v1/channels')).channels\|\|[]);
1784	1874	} catch(e) { alert('Join failed: '+e.message); }
1785	1875	}
1786	1876	document.getElementById('quick-join-input').addEventListener('keydown', e => { if(e.key==='Enter')quickJoin(); });
	1877	+
	1878	+// --- topology panel (#115) + task channels (#114) ---
	1879	+async function loadTopology() {
	1880	+ try {
	1881	+ const data = await api('GET', '/v1/topology');
	1882	+ renderTopologyTypes(data.types \|\| []);
	1883	+ renderTopologyActive(data.active_channels \|\| [], data.types \|\| []);
	1884	+ } catch(e) {
	1885	+ document.getElementById('topology-types').innerHTML = '';
	1886	+ document.getElementById('topology-active').innerHTML = '<div style="color:#8b949e;font-size:12px">topology not configured</div>';
	1887	+ }
	1888	+}
	1889	+
	1890	+function renderTopologyTypes(types) {
	1891	+ if (!types.length) { document.getElementById('topology-types').innerHTML = ''; return; }
	1892	+ const rows = types.map(t => {
	1893	+ const ttl = t.ttl_seconds > 0 ? `${Math.round(t.ttl_seconds/3600)}h` : '—';
	1894	+ const tags = [];
	1895	+ if (t.ephemeral) tags.push('<span style="background:#f8514922;color:#f85149;padding:1px 5px;border-radius:3px;font-size:10px">ephemeral</span>');
	1896	+ if (t.supervision) tags.push(`<span style="font-size:11px;color:#8b949e">→ ${esc(t.supervision)}</span>`);
	1897	+ return `<tr>
	1898	+ <td><strong>${esc(t.name)}</strong></td>
	1899	+ <td><code style="font-size:11px">#${esc(t.prefix)}*</code></td>
	1900	+ <td style="font-size:12px">${(t.autojoin\|\|[]).map(n => `<code style="font-size:11px;background:#21262d;padding:1px 4px;border-radius:3px">${esc(n)}</code>`).join(' ')}</td>
	1901	+ <td style="font-size:12px">${ttl}</td>
	1902	+ <td>${tags.join(' ')}</td>
	1903	+ </tr>`;
	1904	+ }).join('');
	1905	+ document.getElementById('topology-types').innerHTML = `<table><thead><tr><th>type</th><th>prefix</th><th>autojoin</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
	1906	+}
	1907	+
	1908	+function renderTopologyActive(channels, types) {
	1909	+ const el = document.getElementById('topology-active');
	1910	+ const tasks = channels.filter(c => c.ephemeral \|\| c.type === 'task');
	1911	+ if (!tasks.length) {
	1912	+ el.innerHTML = '<div style="color:#8b949e;font-size:12px;padding:4px 0">no active task channels</div>';
	1913	+ return;
	1914	+ }
	1915	+ const rows = tasks.map(c => {
	1916	+ const age = c.provisioned_at ? timeSince(new Date(c.provisioned_at)) : '—';
	1917	+ const ttl = c.ttl_seconds > 0 ? `${Math.round(c.ttl_seconds/3600)}h` : '—';
	1918	+ return `<tr>
	1919	+ <td><strong>${esc(c.name)}</strong></td>
	1920	+ <td style="font-size:12px;color:#8b949e">${esc(c.type \|\| '—')}</td>
	1921	+ <td style="font-size:12px">${age}</td>
	1922	+ <td style="font-size:12px">${ttl}</td>
	1923	+ <td><button class="sm danger" onclick="dropChannel('${esc(c.name)}')">drop</button></td>
	1924	+ </tr>`;
	1925	+ }).join('');
	1926	+ el.innerHTML = `<table><thead><tr><th>channel</th><th>type</th><th>age</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
	1927	+}
	1928	+
	1929	+function timeSince(date) {
	1930	+ const s = Math.floor((new Date() - date) / 1000);
	1931	+ if (s < 60) return s + 's';
	1932	+ if (s < 3600) return Math.floor(s/60) + 'm';
	1933	+ if (s < 86400) return Math.floor(s/3600) + 'h';
	1934	+ return Math.floor(s/86400) + 'd';
	1935	+}
	1936	+
	1937	+async function provisionChannel() {
	1938	+ let ch = document.getElementById('provision-channel-input').value.trim();
	1939	+ if (!ch) return;
	1940	+ if (!ch.startsWith('#')) ch = '#' + ch;
	1941	+ try {
	1942	+ await api('POST', '/v1/channels', {name: ch});
	1943	+ document.getElementById('provision-channel-input').value = '';
	1944	+ loadTopology();
	1945	+ loadChanTab();
	1946	+ } catch(e) { alert('Provision failed: ' + e.message); }
	1947	+}
	1948	+
	1949	+async function dropChannel(ch) {
	1950	+ if (!confirm('Drop channel ' + ch + '? This unregisters it from ChanServ.')) return;
	1951	+ const slug = ch.replace(/^#/,'');
	1952	+ try {
	1953	+ await api('DELETE', `/v1/topology/channels/${slug}`);
	1954	+ loadTopology();
	1955	+ loadChanTab();
	1956	+ } catch(e) { alert('Drop failed: ' + e.message); }
	1957	+}
	1958	+
	1959	+// --- ROE template editor (#118) ---
	1960	+function renderROETemplates(templates) {
	1961	+ const el = document.getElementById('roe-list');
	1962	+ if (!templates \|\| !templates.length) {
	1963	+ el.innerHTML = '<div style="color:#8b949e;font-size:12px">No ROE templates defined. Click + add template to create one.</div>';
	1964	+ return;
	1965	+ }
	1966	+ el.innerHTML = templates.map((t, i) => `
	1967	+ <div style="border:1px solid #21262d;border-radius:6px;padding:12px;margin-bottom:10px;background:#0d1117">
	1968	+ <div style="display:flex;gap:10px;align-items:center;margin-bottom:8px">
	1969	+ <input type="text" value="${esc(t.name)}" placeholder="template name" style="flex:1;font-weight:600" onchange="updateROE(${i},'name',this.value)">
	1970	+ <button class="sm danger" onclick="removeROE(${i})">remove</button>
	1971	+ </div>
	1972	+ <div style="display:flex;gap:10px;flex-wrap:wrap;margin-bottom:6px">
	1973	+ <div style="flex:1;min-width:200px"><label style="font-size:11px">channels (comma-separated)</label><input type="text" value="${esc((t.channels\|\|[]).join(', '))}" onchange="updateROE(${i},'channels',this.value)" style="width:100%"></div>
	1974	+ <div style="flex:1;min-width:200px"><label style="font-size:11px">permissions</label><input type="text" value="${esc((t.permissions\|\|[]).join(', '))}" onchange="updateROE(${i},'permissions',this.value)" style="width:100%"></div>
	1975	+ </div>
	1976	+ <div style="display:flex;gap:10px">
	1977	+ <div><label style="font-size:11px">msg/sec</label><input type="number" value="${t.rate_limit?.messages_per_second\|\|''}" placeholder="10" style="width:70px" onchange="updateROERateLimit(${i},'messages_per_second',this.value)"></div>
	1978	+ <div><label style="font-size:11px">burst</label><input type="number" value="${t.rate_limit?.burst\|\|''}" placeholder="50" style="width:70px" onchange="updateROERateLimit(${i},'burst',this.value)"></div>
	1979	+ <div style="flex:1"><label style="font-size:11px">description</label><input type="text" value="${esc(t.description\|\|'')}" onchange="updateROE(${i},'description',this.value)" style="width:100%"></div>
	1980	+ </div>
	1981	+ </div>
	1982	+ `).join('');
	1983	+}
	1984	+
	1985	+function addROETemplate() {
	1986	+ if (!currentPolicies.roe_templates) currentPolicies.roe_templates = [];
	1987	+ currentPolicies.roe_templates.push({name: 'new-template', channels: [], permissions: []});
	1988	+ renderROETemplates(currentPolicies.roe_templates);
	1989	+}
	1990	+function removeROE(i) {
	1991	+ currentPolicies.roe_templates.splice(i, 1);
	1992	+ renderROETemplates(currentPolicies.roe_templates);
	1993	+}
	1994	+function updateROE(i, field, val) {
	1995	+ if (field === 'channels' \|\| field === 'permissions') {
	1996	+ currentPolicies.roe_templates[i][field] = val.split(',').map(s => s.trim()).filter(Boolean);
	1997	+ } else {
	1998	+ currentPolicies.roe_templates[i][field] = val;
	1999	+ }
	2000	+}
	2001	+function updateROERateLimit(i, field, val) {
	2002	+ if (!currentPolicies.roe_templates[i].rate_limit) currentPolicies.roe_templates[i].rate_limit = {};
	2003	+ currentPolicies.roe_templates[i].rate_limit[field] = Number(val) \|\| 0;
	2004	+}
1787	2005
1788	2006	// --- chat ---
1789	2007	let chatChannel = null, chatSSE = null;
1790	2008
1791	2009	async function loadChannels() {
		@@ -1921,14 +2139,16 @@
1921	2139	let _chatUnread = 0;
1922	2140
1923	2141	function appendMsg(msg, isHistory) {
1924	2142	const area = document.getElementById('chat-msgs');
1925	2143
1926		- // Parse "[nick] text" sent by the bridge bot on behalf of a web user
	2144	+ // Attribution: RELAYMSG delivers nicks as "user/bridge"; legacy uses "[nick] text".
1927	2145	let displayNick = msg.nick;
1928	2146	let displayText = msg.text;
1929		- if (msg.nick === 'bridge') {
	2147	+ if (msg.nick && msg.nick.endsWith('/bridge')) {
	2148	+ displayNick = msg.nick.slice(0, -'/bridge'.length);
	2149	+ } else if (msg.nick === 'bridge') {
1930	2150	const m = msg.text.match(/^\[([^\]]+)\] ([\s\S]*)$/);
1931	2151	if (m) { displayNick = m[1]; displayText = m[2]; }
1932	2152	}
1933	2153
1934	2154	const atMs = new Date(msg.at).getTime();
		@@ -2571,10 +2791,73 @@
2571	2791	try {
2572	2792	await api('PUT', `/v1/admins/${encodeURIComponent(username)}/password`, { password: pw });
2573	2793	alert('Password updated.');
2574	2794	} catch(e) { alert('Failed: ' + e.message); }
2575	2795	}
	2796	+
	2797	+// --- API keys ---
	2798	+async function loadAPIKeys() {
	2799	+ try {
	2800	+ const keys = await api('GET', '/v1/api-keys');
	2801	+ renderAPIKeys(keys \|\| []);
	2802	+ } catch(e) {
	2803	+ document.getElementById('apikeys-list-container').innerHTML = '';
	2804	+ }
	2805	+}
	2806	+
	2807	+function renderAPIKeys(keys) {
	2808	+ const el = document.getElementById('apikeys-list-container');
	2809	+ if (!keys.length) { el.innerHTML = ''; return; }
	2810	+ const rows = keys.map(k => {
	2811	+ const status = k.active ? '<span style="color:#3fb950">active</span>' : '<span style="color:#f85149">revoked</span>';
	2812	+ const scopes = (k.scopes \|\| []).map(s => `<code style="font-size:11px;background:#21262d;padding:1px 5px;border-radius:3px">${esc(s)}</code>`).join(' ');
	2813	+ const lastUsed = k.last_used ? fmtTime(k.last_used) : '—';
	2814	+ const revokeBtn = k.active ? `<button class="sm danger" onclick="revokeAPIKey('${esc(k.id)}')">revoke</button>` : '';
	2815	+ return `<tr>
	2816	+ <td><strong>${esc(k.name)}</strong><br><span style="color:#8b949e;font-size:11px">${esc(k.id)}</span></td>
	2817	+ <td>${scopes}</td>
	2818	+ <td style="font-size:12px">${status}</td>
	2819	+ <td style="color:#8b949e;font-size:12px">${lastUsed}</td>
	2820	+ <td><div class="actions">${revokeBtn}</div></td>
	2821	+ </tr>`;
	2822	+ }).join('');
	2823	+ el.innerHTML = `<table><thead><tr><th>name</th><th>scopes</th><th>status</th><th>last used</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
	2824	+}
	2825	+
	2826	+async function createAPIKey(e) {
	2827	+ e.preventDefault();
	2828	+ const name = document.getElementById('new-apikey-name').value.trim();
	2829	+ const expires = document.getElementById('new-apikey-expires').value.trim();
	2830	+ const scopes = [...document.querySelectorAll('.apikey-scope:checked')].map(cb => cb.value);
	2831	+ const resultEl = document.getElementById('add-apikey-result');
	2832	+ if (!name) { resultEl.innerHTML = '<span style="color:#f85149">name is required</span>'; return; }
	2833	+ if (!scopes.length) { resultEl.innerHTML = '<span style="color:#f85149">select at least one scope</span>'; return; }
	2834	+ try {
	2835	+ const body = { name, scopes };
	2836	+ if (expires) body.expires_in = expires;
	2837	+ const result = await api('POST', '/v1/api-keys', body);
	2838	+ resultEl.innerHTML = `<div style="background:#0d1117;border:1px solid #3fb95044;border-radius:6px;padding:12px;margin-top:8px">
	2839	+ <div style="color:#3fb950;font-weight:600;margin-bottom:6px">Key created: ${esc(result.name)}</div>
	2840	+ <div style="margin-bottom:4px;font-size:12px;color:#8b949e">Copy this token now — it will not be shown again:</div>
	2841	+ <code style="display:block;padding:8px;background:#161b22;border-radius:4px;word-break:break-all;user-select:all">${esc(result.token)}</code>
	2842	+ </div>`;
	2843	+ document.getElementById('new-apikey-name').value = '';
	2844	+ document.getElementById('new-apikey-expires').value = '';
	2845	+ document.querySelectorAll('.apikey-scope:checked').forEach(cb => cb.checked = false);
	2846	+ loadAPIKeys();
	2847	+ } catch(e) {
	2848	+ resultEl.innerHTML = `<span style="color:#f85149">${esc(e.message)}</span>`;
	2849	+ }
	2850	+}
	2851	+
	2852	+async function revokeAPIKey(id) {
	2853	+ if (!confirm('Revoke this API key? This cannot be undone.')) return;
	2854	+ try {
	2855	+ await api('DELETE', `/v1/api-keys/${encodeURIComponent(id)}`);
	2856	+ loadAPIKeys();
	2857	+ } catch(e) { alert('Failed: ' + e.message); }
	2858	+}
2576	2859
2577	2860	// --- AI / LLM tab ---
2578	2861	async function loadAI() {
2579	2862	await Promise.all([loadAIBackends(), loadAIKnown()]);
2580	2863	}
		@@ -2977,10 +3260,11 @@
2977	3260	renderOnJoinMessages(s.policies.on_join_messages \|\| {});
2978	3261	renderAgentPolicy(s.policies.agent_policy \|\| {});
2979	3262	renderBridgePolicy(s.policies.bridge \|\| {});
2980	3263	renderLoggingPolicy(s.policies.logging \|\| {});
2981	3264	loadAdmins();
	3265	+ loadAPIKeys();
2982	3266	loadConfigCards();
2983	3267	} catch(e) {
2984	3268	document.getElementById('tls-badge').textContent = 'error';
2985	3269	}
2986	3270	}
		@@ -3288,14 +3572,17 @@
3288	3572	// general
3289	3573	document.getElementById('general-api-addr').value = cfg.api_addr \|\| '';
3290	3574	document.getElementById('general-mcp-addr').value = cfg.mcp_addr \|\| '';
3291	3575	// ergo
3292	3576	const e = cfg.ergo \|\| {};
3293		- document.getElementById('ergo-network-name').value = e.network_name \|\| '';
3294		- document.getElementById('ergo-server-name').value = e.server_name \|\| '';
3295		- document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
3296		- document.getElementById('ergo-external').checked = !!e.external;
	3577	+ document.getElementById('ergo-network-name').value = e.network_name \|\| '';
	3578	+ document.getElementById('ergo-server-name').value = e.server_name \|\| '';
	3579	+ document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
	3580	+ document.getElementById('ergo-require-sasl').checked = !!e.require_sasl;
	3581	+ document.getElementById('ergo-default-modes').value = e.default_channel_modes \|\| '';
	3582	+ document.getElementById('ergo-history-enabled').checked = !!(e.history && e.history.enabled);
	3583	+ document.getElementById('ergo-external').checked = !!e.external;
3297	3584	// tls
3298	3585	const t = cfg.tls \|\| {};
3299	3586	document.getElementById('tls-domain').value = t.domain \|\| '';
3300	3587	document.getElementById('tls-email').value = t.email \|\| '';
3301	3588	document.getElementById('tls-allow-insecure').checked = !!t.allow_insecure;
		@@ -3368,14 +3655,17 @@
3368	3655	}
3369	3656
3370	3657	function saveErgoConfig() {
3371	3658	saveConfigPatch({
3372	3659	ergo: {
3373		- network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
3374		- server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
3375		- irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
3376		- external: document.getElementById('ergo-external').checked,
	3660	+ network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
	3661	+ server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
	3662	+ irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
	3663	+ require_sasl: document.getElementById('ergo-require-sasl').checked,
	3664	+ default_channel_modes: document.getElementById('ergo-default-modes').value.trim() \|\| undefined,
	3665	+ history: { enabled: document.getElementById('ergo-history-enabled').checked },
	3666	+ external: document.getElementById('ergo-external').checked,
3377	3667	}
3378	3668	}, 'ergo-save-result');
3379	3669	}
3380	3670
3381	3671	function saveTLSConfig() {
3382	3672
3383	3673	ADDED internal/auth/apikeys.go

	--- internal/api/ui/index.html
	+++ internal/api/ui/index.html
	@@ -485,10 +485,40 @@
485	<button class="sm primary" onclick="quickJoin()">join</button>
486	</div>
487	</div>
488	<div id="channels-list"><div class="empty">no channels joined yet — type a channel name above</div></div>
489	</div>






























490	</div>
491	</div>
492
493	<!-- CHAT -->
494	<div class="tab-pane" id="pane-chat">
	@@ -580,10 +610,40 @@
580	<button type="submit" class="primary sm" style="margin-bottom:1px">add admin</button>
581	</form>
582	<div id="add-admin-result" style="margin-top:10px"></div>
583	</div>
584	</div>






























585
586	<!-- tls -->
587	<div class="card" id="card-tls">
588	<div class="card-header" onclick="toggleCard('card-tls',event)"><h2>TLS / SSL</h2><span class="card-desc">certificate status</span><span class="collapse-icon">▾</span><div class="spacer"></div><span id="tls-badge" class="badge">loading…</span></div>
589	<div class="card-body">
	@@ -816,10 +876,31 @@
816	</div>
817	<div class="setting-row">
818	<div class="setting-label">IRC address</div>
819	<div class="setting-desc">Address Ergo listens on for IRC connections. Requires restart.</div>
820	<input type="text" id="ergo-irc-addr" placeholder="127.0.0.1:6667" style="width:180px;padding:4px 8px;font-size:12px">





















821	</div>
822	<div class="setting-row">
823	<div class="setting-label">external mode</div>
824	<div class="setting-desc">Disable subprocess management — scuttlebot expects Ergo to already be running. Requires restart.</div>
825	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	@@ -1744,10 +1825,19 @@
1744	allChannels = (data.channels \|\| []).sort();
1745	renderChanList();
1746	} catch(e) {
1747	document.getElementById('channels-list').innerHTML = '<div style="padding:16px">'+renderAlert('error', e.message)+'</div>';
1748	}









1749	}
1750
1751	function renderChanList() {
1752	const q = (document.getElementById('chan-search').value\|\|'').toLowerCase();
1753	const filtered = allChannels.filter(ch => !q \|\| ch.toLowerCase().includes(q));
	@@ -1782,10 +1872,138 @@
1782	await loadChanTab();
1783	renderChanSidebar((await api('GET','/v1/channels')).channels\|\|[]);
1784	} catch(e) { alert('Join failed: '+e.message); }
1785	}
1786	document.getElementById('quick-join-input').addEventListener('keydown', e => { if(e.key==='Enter')quickJoin(); });
































































































































1787
1788	// --- chat ---
1789	let chatChannel = null, chatSSE = null;
1790
1791	async function loadChannels() {
	@@ -1921,14 +2139,16 @@
1921	let _chatUnread = 0;
1922
1923	function appendMsg(msg, isHistory) {
1924	const area = document.getElementById('chat-msgs');
1925
1926	// Parse "[nick] text" sent by the bridge bot on behalf of a web user
1927	let displayNick = msg.nick;
1928	let displayText = msg.text;
1929	if (msg.nick === 'bridge') {


1930	const m = msg.text.match(/^\[([^\]]+)\] ([\s\S]*)$/);
1931	if (m) { displayNick = m[1]; displayText = m[2]; }
1932	}
1933
1934	const atMs = new Date(msg.at).getTime();
	@@ -2571,10 +2791,73 @@
2571	try {
2572	await api('PUT', `/v1/admins/${encodeURIComponent(username)}/password`, { password: pw });
2573	alert('Password updated.');
2574	} catch(e) { alert('Failed: ' + e.message); }
2575	}































































2576
2577	// --- AI / LLM tab ---
2578	async function loadAI() {
2579	await Promise.all([loadAIBackends(), loadAIKnown()]);
2580	}
	@@ -2977,10 +3260,11 @@
2977	renderOnJoinMessages(s.policies.on_join_messages \|\| {});
2978	renderAgentPolicy(s.policies.agent_policy \|\| {});
2979	renderBridgePolicy(s.policies.bridge \|\| {});
2980	renderLoggingPolicy(s.policies.logging \|\| {});
2981	loadAdmins();

2982	loadConfigCards();
2983	} catch(e) {
2984	document.getElementById('tls-badge').textContent = 'error';
2985	}
2986	}
	@@ -3288,14 +3572,17 @@
3288	// general
3289	document.getElementById('general-api-addr').value = cfg.api_addr \|\| '';
3290	document.getElementById('general-mcp-addr').value = cfg.mcp_addr \|\| '';
3291	// ergo
3292	const e = cfg.ergo \|\| {};
3293	document.getElementById('ergo-network-name').value = e.network_name \|\| '';
3294	document.getElementById('ergo-server-name').value = e.server_name \|\| '';
3295	document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
3296	document.getElementById('ergo-external').checked = !!e.external;



3297	// tls
3298	const t = cfg.tls \|\| {};
3299	document.getElementById('tls-domain').value = t.domain \|\| '';
3300	document.getElementById('tls-email').value = t.email \|\| '';
3301	document.getElementById('tls-allow-insecure').checked = !!t.allow_insecure;
	@@ -3368,14 +3655,17 @@
3368	}
3369
3370	function saveErgoConfig() {
3371	saveConfigPatch({
3372	ergo: {
3373	network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
3374	server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
3375	irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
3376	external: document.getElementById('ergo-external').checked,



3377	}
3378	}, 'ergo-save-result');
3379	}
3380
3381	function saveTLSConfig() {
3382
3383	DDED internal/auth/apikeys.go

	--- internal/api/ui/index.html
	+++ internal/api/ui/index.html
	@@ -485,10 +485,40 @@
485	<button class="sm primary" onclick="quickJoin()">join</button>
486	</div>
487	</div>
488	<div id="channels-list"><div class="empty">no channels joined yet — type a channel name above</div></div>
489	</div>
490
491	<!-- topology panel -->
492	<div class="card" id="card-topology">
493	<div class="card-header" onclick="toggleCard('card-topology',event)">
494	<h2>topology</h2><span class="card-desc">channel types, provisioning rules, active task channels</span><span class="collapse-icon">▾</span>
495	<div class="spacer"></div>
496	<div style="display:flex;gap:6px;align-items:center">
497	<input type="text" id="provision-channel-input" placeholder="#project.name" style="width:160px;padding:5px 8px;font-size:12px" autocomplete="off">
498	<button class="sm primary" onclick="provisionChannel()">provision</button>
499	</div>
500	</div>
501	<div class="card-body" style="padding:0">
502	<div id="topology-types"></div>
503	<div id="topology-active" style="padding:12px 16px"><div class="empty">loading topology…</div></div>
504	</div>
505	</div>
506
507	<!-- ROE templates -->
508	<div class="card" id="card-roe">
509	<div class="card-header" onclick="toggleCard('card-roe',event)">
510	<h2>ROE templates</h2><span class="card-desc">rules-of-engagement presets for agent registration</span><span class="collapse-icon">▾</span>
511	<div class="spacer"></div>
512	<button class="sm primary" onclick="event.stopPropagation();savePolicies()">save</button>
513	</div>
514	<div class="card-body">
515	<p style="font-size:12px;color:#8b949e;margin-bottom:12px">Define ROE templates applied to agents at registration. Includes channels, permissions, and rate limits.</p>
516	<div id="roe-list"></div>
517	<button class="sm" onclick="addROETemplate()" style="margin-top:10px">+ add template</button>
518	</div>
519	</div>
520	</div>
521	</div>
522
523	<!-- CHAT -->
524	<div class="tab-pane" id="pane-chat">
	@@ -580,10 +610,40 @@
610	<button type="submit" class="primary sm" style="margin-bottom:1px">add admin</button>
611	</form>
612	<div id="add-admin-result" style="margin-top:10px"></div>
613	</div>
614	</div>
615
616	<!-- api keys -->
617	<div class="card" id="card-apikeys">
618	<div class="card-header" onclick="toggleCard('card-apikeys',event)"><h2>API keys</h2><span class="card-desc">per-consumer tokens with scoped permissions</span><span class="collapse-icon">▾</span></div>
619	<div id="apikeys-list-container"></div>
620	<div class="card-body" style="border-top:1px solid #21262d">
621	<p style="font-size:12px;color:#8b949e;margin-bottom:12px">Create an API key with a name and scopes. The token is shown only once.</p>
622	<form id="add-apikey-form" onsubmit="createAPIKey(event)" style="display:flex;flex-direction:column;gap:10px">
623	<div style="display:flex;gap:10px;flex-wrap:wrap;align-items:flex-end">
624	<div style="flex:1;min-width:160px"><label>name</label><input type="text" id="new-apikey-name" placeholder="e.g. kohakku-controller" autocomplete="off"></div>
625	<div style="flex:1;min-width:160px"><label>expires in</label><input type="text" id="new-apikey-expires" placeholder="e.g. 720h (empty=never)" autocomplete="off"></div>
626	</div>
627	<div>
628	<label style="margin-bottom:6px;display:block">scopes</label>
629	<div style="display:flex;gap:12px;flex-wrap:wrap;font-size:12px">
630	<label><input type="checkbox" value="admin" class="apikey-scope"> admin</label>
631	<label><input type="checkbox" value="agents" class="apikey-scope"> agents</label>
632	<label><input type="checkbox" value="channels" class="apikey-scope"> channels</label>
633	<label><input type="checkbox" value="chat" class="apikey-scope"> chat</label>
634	<label><input type="checkbox" value="topology" class="apikey-scope"> topology</label>
635	<label><input type="checkbox" value="bots" class="apikey-scope"> bots</label>
636	<label><input type="checkbox" value="config" class="apikey-scope"> config</label>
637	<label><input type="checkbox" value="read" class="apikey-scope"> read</label>
638	</div>
639	</div>
640	<button type="submit" class="primary sm" style="align-self:flex-start">create key</button>
641	</form>
642	<div id="add-apikey-result" style="margin-top:10px"></div>
643	</div>
644	</div>
645
646	<!-- tls -->
647	<div class="card" id="card-tls">
648	<div class="card-header" onclick="toggleCard('card-tls',event)"><h2>TLS / SSL</h2><span class="card-desc">certificate status</span><span class="collapse-icon">▾</span><div class="spacer"></div><span id="tls-badge" class="badge">loading…</span></div>
649	<div class="card-body">
	@@ -816,10 +876,31 @@
876	</div>
877	<div class="setting-row">
878	<div class="setting-label">IRC address</div>
879	<div class="setting-desc">Address Ergo listens on for IRC connections. Requires restart.</div>
880	<input type="text" id="ergo-irc-addr" placeholder="127.0.0.1:6667" style="width:180px;padding:4px 8px;font-size:12px">
881	</div>
882	<div class="setting-row">
883	<div class="setting-label">require SASL</div>
884	<div class="setting-desc">Enforce SASL authentication for all IRC connections. Only registered accounts can connect. Hot-reloads.</div>
885	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
886	<input type="checkbox" id="ergo-require-sasl">
887	<span style="font-size:12px">enforce SASL</span>
888	</label>
889	</div>
890	<div class="setting-row">
891	<div class="setting-label">default channel modes</div>
892	<div class="setting-desc">Modes applied to new channels (e.g. "+n", "+Rn"). Hot-reloads.</div>
893	<input type="text" id="ergo-default-modes" placeholder="+n" style="width:120px;padding:4px 8px;font-size:12px">
894	</div>
895	<div class="setting-row">
896	<div class="setting-label">message history</div>
897	<div class="setting-desc">Enable persistent message history (CHATHISTORY). Hot-reloads.</div>
898	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
899	<input type="checkbox" id="ergo-history-enabled">
900	<span style="font-size:12px">enabled</span>
901	</label>
902	</div>
903	<div class="setting-row">
904	<div class="setting-label">external mode</div>
905	<div class="setting-desc">Disable subprocess management — scuttlebot expects Ergo to already be running. Requires restart.</div>
906	<label style="display:flex;align-items:center;gap:6px;cursor:pointer">
	@@ -1744,10 +1825,19 @@
1825	allChannels = (data.channels \|\| []).sort();
1826	renderChanList();
1827	} catch(e) {
1828	document.getElementById('channels-list').innerHTML = '<div style="padding:16px">'+renderAlert('error', e.message)+'</div>';
1829	}
1830	loadTopology();
1831	// Load ROE templates from policies for the ROE card.
1832	try {
1833	const s = await api('GET', '/v1/settings');
1834	if (s && s.policies) {
1835	currentPolicies = s.policies;
1836	renderROETemplates(s.policies.roe_templates \|\| []);
1837	}
1838	} catch(e) {}
1839	}
1840
1841	function renderChanList() {
1842	const q = (document.getElementById('chan-search').value\|\|'').toLowerCase();
1843	const filtered = allChannels.filter(ch => !q \|\| ch.toLowerCase().includes(q));
	@@ -1782,10 +1872,138 @@
1872	await loadChanTab();
1873	renderChanSidebar((await api('GET','/v1/channels')).channels\|\|[]);
1874	} catch(e) { alert('Join failed: '+e.message); }
1875	}
1876	document.getElementById('quick-join-input').addEventListener('keydown', e => { if(e.key==='Enter')quickJoin(); });
1877
1878	// --- topology panel (#115) + task channels (#114) ---
1879	async function loadTopology() {
1880	try {
1881	const data = await api('GET', '/v1/topology');
1882	renderTopologyTypes(data.types \|\| []);
1883	renderTopologyActive(data.active_channels \|\| [], data.types \|\| []);
1884	} catch(e) {
1885	document.getElementById('topology-types').innerHTML = '';
1886	document.getElementById('topology-active').innerHTML = '<div style="color:#8b949e;font-size:12px">topology not configured</div>';
1887	}
1888	}
1889
1890	function renderTopologyTypes(types) {
1891	if (!types.length) { document.getElementById('topology-types').innerHTML = ''; return; }
1892	const rows = types.map(t => {
1893	const ttl = t.ttl_seconds > 0 ? `${Math.round(t.ttl_seconds/3600)}h` : '—';
1894	const tags = [];
1895	if (t.ephemeral) tags.push('<span style="background:#f8514922;color:#f85149;padding:1px 5px;border-radius:3px;font-size:10px">ephemeral</span>');
1896	if (t.supervision) tags.push(`<span style="font-size:11px;color:#8b949e">→ ${esc(t.supervision)}</span>`);
1897	return `<tr>
1898	<td><strong>${esc(t.name)}</strong></td>
1899	<td><code style="font-size:11px">#${esc(t.prefix)}*</code></td>
1900	<td style="font-size:12px">${(t.autojoin\|\|[]).map(n => `<code style="font-size:11px;background:#21262d;padding:1px 4px;border-radius:3px">${esc(n)}</code>`).join(' ')}</td>
1901	<td style="font-size:12px">${ttl}</td>
1902	<td>${tags.join(' ')}</td>
1903	</tr>`;
1904	}).join('');
1905	document.getElementById('topology-types').innerHTML = `<table><thead><tr><th>type</th><th>prefix</th><th>autojoin</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
1906	}
1907
1908	function renderTopologyActive(channels, types) {
1909	const el = document.getElementById('topology-active');
1910	const tasks = channels.filter(c => c.ephemeral \|\| c.type === 'task');
1911	if (!tasks.length) {
1912	el.innerHTML = '<div style="color:#8b949e;font-size:12px;padding:4px 0">no active task channels</div>';
1913	return;
1914	}
1915	const rows = tasks.map(c => {
1916	const age = c.provisioned_at ? timeSince(new Date(c.provisioned_at)) : '—';
1917	const ttl = c.ttl_seconds > 0 ? `${Math.round(c.ttl_seconds/3600)}h` : '—';
1918	return `<tr>
1919	<td><strong>${esc(c.name)}</strong></td>
1920	<td style="font-size:12px;color:#8b949e">${esc(c.type \|\| '—')}</td>
1921	<td style="font-size:12px">${age}</td>
1922	<td style="font-size:12px">${ttl}</td>
1923	<td><button class="sm danger" onclick="dropChannel('${esc(c.name)}')">drop</button></td>
1924	</tr>`;
1925	}).join('');
1926	el.innerHTML = `<table><thead><tr><th>channel</th><th>type</th><th>age</th><th>TTL</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
1927	}
1928
1929	function timeSince(date) {
1930	const s = Math.floor((new Date() - date) / 1000);
1931	if (s < 60) return s + 's';
1932	if (s < 3600) return Math.floor(s/60) + 'm';
1933	if (s < 86400) return Math.floor(s/3600) + 'h';
1934	return Math.floor(s/86400) + 'd';
1935	}
1936
1937	async function provisionChannel() {
1938	let ch = document.getElementById('provision-channel-input').value.trim();
1939	if (!ch) return;
1940	if (!ch.startsWith('#')) ch = '#' + ch;
1941	try {
1942	await api('POST', '/v1/channels', {name: ch});
1943	document.getElementById('provision-channel-input').value = '';
1944	loadTopology();
1945	loadChanTab();
1946	} catch(e) { alert('Provision failed: ' + e.message); }
1947	}
1948
1949	async function dropChannel(ch) {
1950	if (!confirm('Drop channel ' + ch + '? This unregisters it from ChanServ.')) return;
1951	const slug = ch.replace(/^#/,'');
1952	try {
1953	await api('DELETE', `/v1/topology/channels/${slug}`);
1954	loadTopology();
1955	loadChanTab();
1956	} catch(e) { alert('Drop failed: ' + e.message); }
1957	}
1958
1959	// --- ROE template editor (#118) ---
1960	function renderROETemplates(templates) {
1961	const el = document.getElementById('roe-list');
1962	if (!templates \|\| !templates.length) {
1963	el.innerHTML = '<div style="color:#8b949e;font-size:12px">No ROE templates defined. Click + add template to create one.</div>';
1964	return;
1965	}
1966	el.innerHTML = templates.map((t, i) => `
1967	<div style="border:1px solid #21262d;border-radius:6px;padding:12px;margin-bottom:10px;background:#0d1117">
1968	<div style="display:flex;gap:10px;align-items:center;margin-bottom:8px">
1969	<input type="text" value="${esc(t.name)}" placeholder="template name" style="flex:1;font-weight:600" onchange="updateROE(${i},'name',this.value)">
1970	<button class="sm danger" onclick="removeROE(${i})">remove</button>
1971	</div>
1972	<div style="display:flex;gap:10px;flex-wrap:wrap;margin-bottom:6px">
1973	<div style="flex:1;min-width:200px"><label style="font-size:11px">channels (comma-separated)</label><input type="text" value="${esc((t.channels\|\|[]).join(', '))}" onchange="updateROE(${i},'channels',this.value)" style="width:100%"></div>
1974	<div style="flex:1;min-width:200px"><label style="font-size:11px">permissions</label><input type="text" value="${esc((t.permissions\|\|[]).join(', '))}" onchange="updateROE(${i},'permissions',this.value)" style="width:100%"></div>
1975	</div>
1976	<div style="display:flex;gap:10px">
1977	<div><label style="font-size:11px">msg/sec</label><input type="number" value="${t.rate_limit?.messages_per_second\|\|''}" placeholder="10" style="width:70px" onchange="updateROERateLimit(${i},'messages_per_second',this.value)"></div>
1978	<div><label style="font-size:11px">burst</label><input type="number" value="${t.rate_limit?.burst\|\|''}" placeholder="50" style="width:70px" onchange="updateROERateLimit(${i},'burst',this.value)"></div>
1979	<div style="flex:1"><label style="font-size:11px">description</label><input type="text" value="${esc(t.description\|\|'')}" onchange="updateROE(${i},'description',this.value)" style="width:100%"></div>
1980	</div>
1981	</div>
1982	`).join('');
1983	}
1984
1985	function addROETemplate() {
1986	if (!currentPolicies.roe_templates) currentPolicies.roe_templates = [];
1987	currentPolicies.roe_templates.push({name: 'new-template', channels: [], permissions: []});
1988	renderROETemplates(currentPolicies.roe_templates);
1989	}
1990	function removeROE(i) {
1991	currentPolicies.roe_templates.splice(i, 1);
1992	renderROETemplates(currentPolicies.roe_templates);
1993	}
1994	function updateROE(i, field, val) {
1995	if (field === 'channels' \|\| field === 'permissions') {
1996	currentPolicies.roe_templates[i][field] = val.split(',').map(s => s.trim()).filter(Boolean);
1997	} else {
1998	currentPolicies.roe_templates[i][field] = val;
1999	}
2000	}
2001	function updateROERateLimit(i, field, val) {
2002	if (!currentPolicies.roe_templates[i].rate_limit) currentPolicies.roe_templates[i].rate_limit = {};
2003	currentPolicies.roe_templates[i].rate_limit[field] = Number(val) \|\| 0;
2004	}
2005
2006	// --- chat ---
2007	let chatChannel = null, chatSSE = null;
2008
2009	async function loadChannels() {
	@@ -1921,14 +2139,16 @@
2139	let _chatUnread = 0;
2140
2141	function appendMsg(msg, isHistory) {
2142	const area = document.getElementById('chat-msgs');
2143
2144	// Attribution: RELAYMSG delivers nicks as "user/bridge"; legacy uses "[nick] text".
2145	let displayNick = msg.nick;
2146	let displayText = msg.text;
2147	if (msg.nick && msg.nick.endsWith('/bridge')) {
2148	displayNick = msg.nick.slice(0, -'/bridge'.length);
2149	} else if (msg.nick === 'bridge') {
2150	const m = msg.text.match(/^\[([^\]]+)\] ([\s\S]*)$/);
2151	if (m) { displayNick = m[1]; displayText = m[2]; }
2152	}
2153
2154	const atMs = new Date(msg.at).getTime();
	@@ -2571,10 +2791,73 @@
2791	try {
2792	await api('PUT', `/v1/admins/${encodeURIComponent(username)}/password`, { password: pw });
2793	alert('Password updated.');
2794	} catch(e) { alert('Failed: ' + e.message); }
2795	}
2796
2797	// --- API keys ---
2798	async function loadAPIKeys() {
2799	try {
2800	const keys = await api('GET', '/v1/api-keys');
2801	renderAPIKeys(keys \|\| []);
2802	} catch(e) {
2803	document.getElementById('apikeys-list-container').innerHTML = '';
2804	}
2805	}
2806
2807	function renderAPIKeys(keys) {
2808	const el = document.getElementById('apikeys-list-container');
2809	if (!keys.length) { el.innerHTML = ''; return; }
2810	const rows = keys.map(k => {
2811	const status = k.active ? '<span style="color:#3fb950">active</span>' : '<span style="color:#f85149">revoked</span>';
2812	const scopes = (k.scopes \|\| []).map(s => `<code style="font-size:11px;background:#21262d;padding:1px 5px;border-radius:3px">${esc(s)}</code>`).join(' ');
2813	const lastUsed = k.last_used ? fmtTime(k.last_used) : '—';
2814	const revokeBtn = k.active ? `<button class="sm danger" onclick="revokeAPIKey('${esc(k.id)}')">revoke</button>` : '';
2815	return `<tr>
2816	<td><strong>${esc(k.name)}</strong><br><span style="color:#8b949e;font-size:11px">${esc(k.id)}</span></td>
2817	<td>${scopes}</td>
2818	<td style="font-size:12px">${status}</td>
2819	<td style="color:#8b949e;font-size:12px">${lastUsed}</td>
2820	<td><div class="actions">${revokeBtn}</div></td>
2821	</tr>`;
2822	}).join('');
2823	el.innerHTML = `<table><thead><tr><th>name</th><th>scopes</th><th>status</th><th>last used</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
2824	}
2825
2826	async function createAPIKey(e) {
2827	e.preventDefault();
2828	const name = document.getElementById('new-apikey-name').value.trim();
2829	const expires = document.getElementById('new-apikey-expires').value.trim();
2830	const scopes = [...document.querySelectorAll('.apikey-scope:checked')].map(cb => cb.value);
2831	const resultEl = document.getElementById('add-apikey-result');
2832	if (!name) { resultEl.innerHTML = '<span style="color:#f85149">name is required</span>'; return; }
2833	if (!scopes.length) { resultEl.innerHTML = '<span style="color:#f85149">select at least one scope</span>'; return; }
2834	try {
2835	const body = { name, scopes };
2836	if (expires) body.expires_in = expires;
2837	const result = await api('POST', '/v1/api-keys', body);
2838	resultEl.innerHTML = `<div style="background:#0d1117;border:1px solid #3fb95044;border-radius:6px;padding:12px;margin-top:8px">
2839	<div style="color:#3fb950;font-weight:600;margin-bottom:6px">Key created: ${esc(result.name)}</div>
2840	<div style="margin-bottom:4px;font-size:12px;color:#8b949e">Copy this token now — it will not be shown again:</div>
2841	<code style="display:block;padding:8px;background:#161b22;border-radius:4px;word-break:break-all;user-select:all">${esc(result.token)}</code>
2842	</div>`;
2843	document.getElementById('new-apikey-name').value = '';
2844	document.getElementById('new-apikey-expires').value = '';
2845	document.querySelectorAll('.apikey-scope:checked').forEach(cb => cb.checked = false);
2846	loadAPIKeys();
2847	} catch(e) {
2848	resultEl.innerHTML = `<span style="color:#f85149">${esc(e.message)}</span>`;
2849	}
2850	}
2851
2852	async function revokeAPIKey(id) {
2853	if (!confirm('Revoke this API key? This cannot be undone.')) return;
2854	try {
2855	await api('DELETE', `/v1/api-keys/${encodeURIComponent(id)}`);
2856	loadAPIKeys();
2857	} catch(e) { alert('Failed: ' + e.message); }
2858	}
2859
2860	// --- AI / LLM tab ---
2861	async function loadAI() {
2862	await Promise.all([loadAIBackends(), loadAIKnown()]);
2863	}
	@@ -2977,10 +3260,11 @@
3260	renderOnJoinMessages(s.policies.on_join_messages \|\| {});
3261	renderAgentPolicy(s.policies.agent_policy \|\| {});
3262	renderBridgePolicy(s.policies.bridge \|\| {});
3263	renderLoggingPolicy(s.policies.logging \|\| {});
3264	loadAdmins();
3265	loadAPIKeys();
3266	loadConfigCards();
3267	} catch(e) {
3268	document.getElementById('tls-badge').textContent = 'error';
3269	}
3270	}
	@@ -3288,14 +3572,17 @@
3572	// general
3573	document.getElementById('general-api-addr').value = cfg.api_addr \|\| '';
3574	document.getElementById('general-mcp-addr').value = cfg.mcp_addr \|\| '';
3575	// ergo
3576	const e = cfg.ergo \|\| {};
3577	document.getElementById('ergo-network-name').value = e.network_name \|\| '';
3578	document.getElementById('ergo-server-name').value = e.server_name \|\| '';
3579	document.getElementById('ergo-irc-addr').value = e.irc_addr \|\| '';
3580	document.getElementById('ergo-require-sasl').checked = !!e.require_sasl;
3581	document.getElementById('ergo-default-modes').value = e.default_channel_modes \|\| '';
3582	document.getElementById('ergo-history-enabled').checked = !!(e.history && e.history.enabled);
3583	document.getElementById('ergo-external').checked = !!e.external;
3584	// tls
3585	const t = cfg.tls \|\| {};
3586	document.getElementById('tls-domain').value = t.domain \|\| '';
3587	document.getElementById('tls-email').value = t.email \|\| '';
3588	document.getElementById('tls-allow-insecure').checked = !!t.allow_insecure;
	@@ -3368,14 +3655,17 @@
3655	}
3656
3657	function saveErgoConfig() {
3658	saveConfigPatch({
3659	ergo: {
3660	network_name: document.getElementById('ergo-network-name').value.trim() \|\| undefined,
3661	server_name: document.getElementById('ergo-server-name').value.trim() \|\| undefined,
3662	irc_addr: document.getElementById('ergo-irc-addr').value.trim() \|\| undefined,
3663	require_sasl: document.getElementById('ergo-require-sasl').checked,
3664	default_channel_modes: document.getElementById('ergo-default-modes').value.trim() \|\| undefined,
3665	history: { enabled: document.getElementById('ergo-history-enabled').checked },
3666	external: document.getElementById('ergo-external').checked,
3667	}
3668	}, 'ergo-save-result');
3669	}
3670
3671	function saveTLSConfig() {
3672
3673	DDED internal/auth/apikeys.go

M internal/auth/apikeys.go

+288

		--- a/internal/auth/apikeys.go
		+++ b/internal/auth/apikeys.go
		@@ -0,0 +1,288 @@
	1	+package auth
	2	+
	3	+import (
	4	+ "crypto/rand"
	5	+ "crypto/sha256"
	6	+ "encoding/hex"
	7	+ "encoding/json"
	8	+ "fmt"
	9	+ "os"
	10	+ "strings"
	11	+ "sync"
	12	+ "time"
	13	+
	14	+ "github.com/oklog/ulid/v2"
	15	+)
	16	+
	17	+// Scope represents a permission scope for an API key.
	18	+type Scope string
	19	+
	20	+const (
	21	+ ScopeAdmin Scope = "admin" // full access
	22	+ ScopeAgents Scope = "agents" // agent registration, rotation, revocation
	23	+ ScopeChannels Scope = "channels" // channel CRUD, join, messages, presence
	24	+ ScopeTopology Scope = "topology" // channel provisioning, topology management
	25	+ ScopeBots Scope = "bots" // bot configuration, start/stop
	26	+ ScopeConfig Scope = "config" // server config read/write
	27	+ ScopeRead Scope = "read" // read-only access to all GET endpoints
	28	+ ScopeChat Scope = "chat" // send/receive messages only
	29	+)
	30	+
	31	+// ValidScopes is the set of all recognised scopes.
	32	+var ValidScopes = map[Scope]bool{
	33	+ ScopeAdmin: true, ScopeAgents: true, ScopeChannels: true,
	34	+ ScopeTopology: true, ScopeBots: true, ScopeConfig: true,
	35	+ ScopeRead: true, ScopeChat: true,
	36	+}
	37	+
	38	+// APIKey is a single API key record.
	39	+type APIKey struct {
	40	+ ID string `json:"id"`
	41	+ Name string `json:"name"`
	42	+ Hash string `json:"hash"` // SHA-256 of the plaintext token
	43	+ Scopes []Scope `json:"scopes"`
	44	+ CreatedAt time.Time `json:"created_at"`
	45	+ LastUsed time.Time `json:"last_used,omitempty"`
	46	+ ExpiresAt time.Time `json:"expires_at,omitempty"` // zero = never
	47	+ Active bool `json:"active"`
	48	+}
	49	+
	50	+// HasScope reports whether the key has the given scope (or admin, which implies all).
	51	+func (k *APIKey) HasScope(s Scope) bool {
	52	+ for _, scope := range k.Scopes {
	53	+ if scope == ScopeAdmin \|\| scope == s {
	54	+ return true
	55	+ }
	56	+ }
	57	+ return false
	58	+}
	59	+
	60	+// IsExpired reports whether the key has passed its expiry time.
	61	+func (k *APIKey) IsExpired() bool {
	62	+ return !k.ExpiresAt.IsZero() && time.Now().After(k.ExpiresAt)
	63	+}
	64	+
	65	+// APIKeyStore persists API keys to a JSON file.
	66	+type APIKeyStore struct {
	67	+ mu sync.RWMutex
	68	+ path string
	69	+ data []APIKey
	70	+}
	71	+
	72	+// NewAPIKeyStore loads (or creates) the API key store at the given path.
	73	+func NewAPIKeyStore(path string) (*APIKeyStore, error) {
	74	+ s := &APIKeyStore{path: path}
	75	+ if err := s.load(); err != nil {
	76	+ return nil, err
	77	+ }
	78	+ return s, nil
	79	+}
	80	+
	81	+// Create generates a new API key with the given name and scopes.
	82	+// Returns the plaintext token (shown only once) and the stored key record.
	83	+func (s *APIKeyStore) Create(name string, scopes []Scope, expiresAt time.Time) (plaintext string, key APIKey, err error) {
	84	+ s.mu.Lock()
	85	+ defer s.mu.Unlock()
	86	+
	87	+ token, err := genToken()
	88	+ if err != nil {
	89	+ return "", APIKey{}, fmt.Errorf("apikeys: generate token: %w", err)
	90	+ }
	91	+
	92	+ key = APIKey{
	93	+ ID: newULID(),
	94	+ Name: name,
	95	+ Hash: hashToken(token),
	96	+ Scopes: scopes,
	97	+ CreatedAt: time.Now().UTC(),
	98	+ ExpiresAt: expiresAt,
	99	+ Active: true,
	100	+ }
	101	+ s.data = append(s.data, key)
	102	+ if err := s.save(); err != nil {
	103	+ // Roll back.
	104	+ s.data = s.data[:len(s.data)-1]
	105	+ return "", APIKey{}, err
	106	+ }
	107	+ return token, key, nil
	108	+}
	109	+
	110	+// Insert adds a pre-built API key with a known plaintext token.
	111	+// Used for migrating the startup token into the store.
	112	+func (s *APIKeyStore) Insert(name, plaintext string, scopes []Scope) (APIKey, error) {
	113	+ s.mu.Lock()
	114	+ defer s.mu.Unlock()
	115	+
	116	+ key := APIKey{
	117	+ ID: newULID(),
	118	+ Name: name,
	119	+ Hash: hashToken(plaintext),
	120	+ Scopes: scopes,
	121	+ CreatedAt: time.Now().UTC(),
	122	+ Active: true,
	123	+ }
	124	+ s.data = append(s.data, key)
	125	+ if err := s.save(); err != nil {
	126	+ s.data = s.data[:len(s.data)-1]
	127	+ return APIKey{}, err
	128	+ }
	129	+ return key, nil
	130	+}
	131	+
	132	+// Lookup finds an active, non-expired key by plaintext token.
	133	+// Returns nil if no match.
	134	+func (s APIKeyStore) Lookup(token string) APIKey {
	135	+ hash := hashToken(token)
	136	+ s.mu.RLock()
	137	+ defer s.mu.RUnlock()
	138	+ for i := range s.data {
	139	+ if s.data[i].Hash == hash && s.data[i].Active && !s.data[i].IsExpired() {
	140	+ k := s.data[i]
	141	+ return &k
	142	+ }
	143	+ }
	144	+ return nil
	145	+}
	146	+
	147	+// TouchLastUsed updates the last-used timestamp for a key by ID.
	148	+func (s *APIKeyStore) TouchLastUsed(id string) {
	149	+ s.mu.Lock()
	150	+ defer s.mu.Unlock()
	151	+ for i := range s.data {
	152	+ if s.data[i].ID == id {
	153	+ s.data[i].LastUsed = time.Now().UTC()
	154	+ _ = s.save() // best-effort persistence
	155	+ return
	156	+ }
	157	+ }
	158	+}
	159	+
	160	+// Get returns a key by ID, or nil if not found.
	161	+func (s APIKeyStore) Get(id string) APIKey {
	162	+ s.mu.RLock()
	163	+ defer s.mu.RUnlock()
	164	+ for i := range s.data {
	165	+ if s.data[i].ID == id {
	166	+ k := s.data[i]
	167	+ return &k
	168	+ }
	169	+ }
	170	+ return nil
	171	+}
	172	+
	173	+// List returns all keys (active and revoked).
	174	+func (s *APIKeyStore) List() []APIKey {
	175	+ s.mu.RLock()
	176	+ defer s.mu.RUnlock()
	177	+ out := make([]APIKey, len(s.data))
	178	+ copy(out, s.data)
	179	+ return out
	180	+}
	181	+
	182	+// Revoke deactivates a key by ID.
	183	+func (s *APIKeyStore) Revoke(id string) error {
	184	+ s.mu.Lock()
	185	+ defer s.mu.Unlock()
	186	+ for i := range s.data {
	187	+ if s.data[i].ID == id {
	188	+ if !s.data[i].Active {
	189	+ return fmt.Errorf("apikeys: key %q already revoked", id)
	190	+ }
	191	+ s.data[i].Active = false
	192	+ return s.save()
	193	+ }
	194	+ }
	195	+ return fmt.Errorf("apikeys: key %q not found", id)
	196	+}
	197	+
	198	+// Lookup (TokenValidator interface) reports whether the token is valid.
	199	+// Satisfies the mcp.TokenValidator interface.
	200	+func (s *APIKeyStore) ValidToken(token string) bool {
	201	+ return s.Lookup(token) != nil
	202	+}
	203	+
	204	+// TestStore creates an in-memory APIKeyStore with a single admin-scope key
	205	+// for the given token. Intended for tests only — does not persist to disk.
	206	+func TestStore(token string) *APIKeyStore {
	207	+ s := &APIKeyStore{path: "", data: []APIKey{{
	208	+ ID: "test-key",
	209	+ Name: "test",
	210	+ Hash: hashToken(token),
	211	+ Scopes: []Scope{ScopeAdmin},
	212	+ CreatedAt: time.Now().UTC(),
	213	+ Active: true,
	214	+ }}}
	215	+ return s
	216	+}
	217	+
	218	+// IsEmpty reports whether there are no keys.
	219	+func (s *APIKeyStore) IsEmpty() bool {
	220	+ s.mu.RLock()
	221	+ defer s.mu.RUnlock()
	222	+ return len(s.data) == 0
	223	+}
	224	+
	225	+func (s *APIKeyStore) load() error {
	226	+ raw, err := os.ReadFile(s.path)
	227	+ if os.IsNotExist(err) {
	228	+ return nil
	229	+ }
	230	+ if err != nil {
	231	+ return fmt.Errorf("apikeys: read %s: %w", s.path, err)
	232	+ }
	233	+ if err := json.Unmarshal(raw, &s.data); err != nil {
	234	+ return fmt.Errorf("apikeys: parse: %w", err)
	235	+ }
	236	+ return nil
	237	+}
	238	+
	239	+func (s *APIKeyStore) save() error {
	240	+ if s.path == "" {
	241	+ return nil // in-memory only (tests)
	242	+ }
	243	+ raw, err := json.MarshalIndent(s.data, "", " ")
	244	+ if err != nil {
	245	+ return err
	246	+ }
	247	+ return os.WriteFile(s.path, raw, 0600)
	248	+}
	249	+
	250	+func hashToken(token string) string {
	251	+ h := sha256.Sum256([]byte(token))
	252	+ return hex.EncodeToString(h[:])
	253	+}
	254	+
	255	+func genToken() (string, error) {
	256	+ b := make([]byte, 32)
	257	+ if _, err := rand.Read(b); err != nil {
	258	+ return "", err
	259	+ }
	260	+ return hex.EncodeToString(b), nil
	261	+}
	262	+
	263	+func newULID() string {
	264	+ entropy := ulid.Monotonic(rand.Reader, 0)
	265	+ return ulid.MustNew(ulid.Timestamp(time.Now()), entropy).String()
	266	+}
	267	+
	268	+// ParseScopes parses a comma-separated scope string into a slice.
	269	+// Returns an error if any scope is unrecognised.
	270	+func ParseScopes(s string) ([]Scope, error) {
	271	+ parts := strings.Split(s, ",")
	272	+ scopes := make([]Scope, 0, len(parts))
	273	+ for _, p := range parts {
	274	+ p = strings.TrimSpace(p)
	275	+ if p == "" {
	276	+ continue
	277	+ }
	278	+ scope := Scope(p)
	279	+ if !ValidScopes[scope] {
	280	+ return nil, fmt.Errorf("unknown scope %q", p)
	281	+ }
	282	+ scopes = append(scopes, scope)
	283	+ }
	284	+ if len(scopes) == 0 {
	285	+ return nil, fmt.Errorf("at least one scope is required")
	286	+ }
	287	+ return scopes, nil
	288	+}

	--- a/internal/auth/apikeys.go
	+++ b/internal/auth/apikeys.go
	@@ -0,0 +1,288 @@

	--- a/internal/auth/apikeys.go
	+++ b/internal/auth/apikeys.go
	@@ -0,0 +1,288 @@
1	package auth
2
3	import (
4	"crypto/rand"
5	"crypto/sha256"
6	"encoding/hex"
7	"encoding/json"
8	"fmt"
9	"os"
10	"strings"
11	"sync"
12	"time"
13
14	"github.com/oklog/ulid/v2"
15	)
16
17	// Scope represents a permission scope for an API key.
18	type Scope string
19
20	const (
21	ScopeAdmin Scope = "admin" // full access
22	ScopeAgents Scope = "agents" // agent registration, rotation, revocation
23	ScopeChannels Scope = "channels" // channel CRUD, join, messages, presence
24	ScopeTopology Scope = "topology" // channel provisioning, topology management
25	ScopeBots Scope = "bots" // bot configuration, start/stop
26	ScopeConfig Scope = "config" // server config read/write
27	ScopeRead Scope = "read" // read-only access to all GET endpoints
28	ScopeChat Scope = "chat" // send/receive messages only
29	)
30
31	// ValidScopes is the set of all recognised scopes.
32	var ValidScopes = map[Scope]bool{
33	ScopeAdmin: true, ScopeAgents: true, ScopeChannels: true,
34	ScopeTopology: true, ScopeBots: true, ScopeConfig: true,
35	ScopeRead: true, ScopeChat: true,
36	}
37
38	// APIKey is a single API key record.
39	type APIKey struct {
40	ID string `json:"id"`
41	Name string `json:"name"`
42	Hash string `json:"hash"` // SHA-256 of the plaintext token
43	Scopes []Scope `json:"scopes"`
44	CreatedAt time.Time `json:"created_at"`
45	LastUsed time.Time `json:"last_used,omitempty"`
46	ExpiresAt time.Time `json:"expires_at,omitempty"` // zero = never
47	Active bool `json:"active"`
48	}
49
50	// HasScope reports whether the key has the given scope (or admin, which implies all).
51	func (k *APIKey) HasScope(s Scope) bool {
52	for _, scope := range k.Scopes {
53	if scope == ScopeAdmin \|\| scope == s {
54	return true
55	}
56	}
57	return false
58	}
59
60	// IsExpired reports whether the key has passed its expiry time.
61	func (k *APIKey) IsExpired() bool {
62	return !k.ExpiresAt.IsZero() && time.Now().After(k.ExpiresAt)
63	}
64
65	// APIKeyStore persists API keys to a JSON file.
66	type APIKeyStore struct {
67	mu sync.RWMutex
68	path string
69	data []APIKey
70	}
71
72	// NewAPIKeyStore loads (or creates) the API key store at the given path.
73	func NewAPIKeyStore(path string) (*APIKeyStore, error) {
74	s := &APIKeyStore{path: path}
75	if err := s.load(); err != nil {
76	return nil, err
77	}
78	return s, nil
79	}
80
81	// Create generates a new API key with the given name and scopes.
82	// Returns the plaintext token (shown only once) and the stored key record.
83	func (s *APIKeyStore) Create(name string, scopes []Scope, expiresAt time.Time) (plaintext string, key APIKey, err error) {
84	s.mu.Lock()
85	defer s.mu.Unlock()
86
87	token, err := genToken()
88	if err != nil {
89	return "", APIKey{}, fmt.Errorf("apikeys: generate token: %w", err)
90	}
91
92	key = APIKey{
93	ID: newULID(),
94	Name: name,
95	Hash: hashToken(token),
96	Scopes: scopes,
97	CreatedAt: time.Now().UTC(),
98	ExpiresAt: expiresAt,
99	Active: true,
100	}
101	s.data = append(s.data, key)
102	if err := s.save(); err != nil {
103	// Roll back.
104	s.data = s.data[:len(s.data)-1]
105	return "", APIKey{}, err
106	}
107	return token, key, nil
108	}
109
110	// Insert adds a pre-built API key with a known plaintext token.
111	// Used for migrating the startup token into the store.
112	func (s *APIKeyStore) Insert(name, plaintext string, scopes []Scope) (APIKey, error) {
113	s.mu.Lock()
114	defer s.mu.Unlock()
115
116	key := APIKey{
117	ID: newULID(),
118	Name: name,
119	Hash: hashToken(plaintext),
120	Scopes: scopes,
121	CreatedAt: time.Now().UTC(),
122	Active: true,
123	}
124	s.data = append(s.data, key)
125	if err := s.save(); err != nil {
126	s.data = s.data[:len(s.data)-1]
127	return APIKey{}, err
128	}
129	return key, nil
130	}
131
132	// Lookup finds an active, non-expired key by plaintext token.
133	// Returns nil if no match.
134	func (s APIKeyStore) Lookup(token string) APIKey {
135	hash := hashToken(token)
136	s.mu.RLock()
137	defer s.mu.RUnlock()
138	for i := range s.data {
139	if s.data[i].Hash == hash && s.data[i].Active && !s.data[i].IsExpired() {
140	k := s.data[i]
141	return &k
142	}
143	}
144	return nil
145	}
146
147	// TouchLastUsed updates the last-used timestamp for a key by ID.
148	func (s *APIKeyStore) TouchLastUsed(id string) {
149	s.mu.Lock()
150	defer s.mu.Unlock()
151	for i := range s.data {
152	if s.data[i].ID == id {
153	s.data[i].LastUsed = time.Now().UTC()
154	_ = s.save() // best-effort persistence
155	return
156	}
157	}
158	}
159
160	// Get returns a key by ID, or nil if not found.
161	func (s APIKeyStore) Get(id string) APIKey {
162	s.mu.RLock()
163	defer s.mu.RUnlock()
164	for i := range s.data {
165	if s.data[i].ID == id {
166	k := s.data[i]
167	return &k
168	}
169	}
170	return nil
171	}
172
173	// List returns all keys (active and revoked).
174	func (s *APIKeyStore) List() []APIKey {
175	s.mu.RLock()
176	defer s.mu.RUnlock()
177	out := make([]APIKey, len(s.data))
178	copy(out, s.data)
179	return out
180	}
181
182	// Revoke deactivates a key by ID.
183	func (s *APIKeyStore) Revoke(id string) error {
184	s.mu.Lock()
185	defer s.mu.Unlock()
186	for i := range s.data {
187	if s.data[i].ID == id {
188	if !s.data[i].Active {
189	return fmt.Errorf("apikeys: key %q already revoked", id)
190	}
191	s.data[i].Active = false
192	return s.save()
193	}
194	}
195	return fmt.Errorf("apikeys: key %q not found", id)
196	}
197
198	// Lookup (TokenValidator interface) reports whether the token is valid.
199	// Satisfies the mcp.TokenValidator interface.
200	func (s *APIKeyStore) ValidToken(token string) bool {
201	return s.Lookup(token) != nil
202	}
203
204	// TestStore creates an in-memory APIKeyStore with a single admin-scope key
205	// for the given token. Intended for tests only — does not persist to disk.
206	func TestStore(token string) *APIKeyStore {
207	s := &APIKeyStore{path: "", data: []APIKey{{
208	ID: "test-key",
209	Name: "test",
210	Hash: hashToken(token),
211	Scopes: []Scope{ScopeAdmin},
212	CreatedAt: time.Now().UTC(),
213	Active: true,
214	}}}
215	return s
216	}
217
218	// IsEmpty reports whether there are no keys.
219	func (s *APIKeyStore) IsEmpty() bool {
220	s.mu.RLock()
221	defer s.mu.RUnlock()
222	return len(s.data) == 0
223	}
224
225	func (s *APIKeyStore) load() error {
226	raw, err := os.ReadFile(s.path)
227	if os.IsNotExist(err) {
228	return nil
229	}
230	if err != nil {
231	return fmt.Errorf("apikeys: read %s: %w", s.path, err)
232	}
233	if err := json.Unmarshal(raw, &s.data); err != nil {
234	return fmt.Errorf("apikeys: parse: %w", err)
235	}
236	return nil
237	}
238
239	func (s *APIKeyStore) save() error {
240	if s.path == "" {
241	return nil // in-memory only (tests)
242	}
243	raw, err := json.MarshalIndent(s.data, "", " ")
244	if err != nil {
245	return err
246	}
247	return os.WriteFile(s.path, raw, 0600)
248	}
249
250	func hashToken(token string) string {
251	h := sha256.Sum256([]byte(token))
252	return hex.EncodeToString(h[:])
253	}
254
255	func genToken() (string, error) {
256	b := make([]byte, 32)
257	if _, err := rand.Read(b); err != nil {
258	return "", err
259	}
260	return hex.EncodeToString(b), nil
261	}
262
263	func newULID() string {
264	entropy := ulid.Monotonic(rand.Reader, 0)
265	return ulid.MustNew(ulid.Timestamp(time.Now()), entropy).String()
266	}
267
268	// ParseScopes parses a comma-separated scope string into a slice.
269	// Returns an error if any scope is unrecognised.
270	func ParseScopes(s string) ([]Scope, error) {
271	parts := strings.Split(s, ",")
272	scopes := make([]Scope, 0, len(parts))
273	for _, p := range parts {
274	p = strings.TrimSpace(p)
275	if p == "" {
276	continue
277	}
278	scope := Scope(p)
279	if !ValidScopes[scope] {
280	return nil, fmt.Errorf("unknown scope %q", p)
281	}
282	scopes = append(scopes, scope)
283	}
284	if len(scopes) == 0 {
285	return nil, fmt.Errorf("at least one scope is required")
286	}
287	return scopes, nil
288	}

M internal/bots/bridge/bridge.go

+27 -4

		--- internal/bots/bridge/bridge.go
		+++ internal/bots/bridge/bridge.go
		@@ -103,10 +103,13 @@
103	103
104	104	msgTotal atomic.Int64
105	105
106	106	joinCh chan string
107	107	client *girc.Client
	108	+
	109	+ // RELAYMSG support detected from ISUPPORT.
	110	+ relaySep string // separator (e.g. "/"), empty if unsupported
108	111	}
109	112
110	113	// New creates a bridge Bot.
111	114	func New(ircAddr, nick, password string, channels []string, bufSize int, webUserTTL time.Duration, log slog.Logger) Bot {
112	115	if nick == "" {
		@@ -172,10 +175,22 @@
172	175	PingTimeout: 30 * time.Second,
173	176	SSL: false,
174	177	})
175	178
176	179	c.Handlers.AddBg(girc.CONNECTED, func(cl *girc.Client, _ girc.Event) {
	180	+ // Check RELAYMSG support from ISUPPORT (RPL_005).
	181	+ if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
	182	+ b.relaySep = sep
	183	+ if b.log != nil {
	184	+ b.log.Info("bridge: RELAYMSG supported", "separator", sep)
	185	+ }
	186	+ } else {
	187	+ b.relaySep = ""
	188	+ if b.log != nil {
	189	+ b.log.Info("bridge: RELAYMSG not supported, using [nick] prefix fallback")
	190	+ }
	191	+ }
177	192	if b.log != nil {
178	193	b.log.Info("bridge connected")
179	194	}
180	195	for _, ch := range b.initChannels {
181	196	cl.Cmd.Join(ch)
		@@ -338,19 +353,27 @@
338	353	}
339	354
340	355	// SendWithMeta sends a message to channel with optional structured metadata.
341	356	// IRC receives only the plain text; SSE subscribers receive the full message
342	357	// including meta for rich rendering in the web UI.
	358	+//
	359	+// When the server supports RELAYMSG (IRCv3), messages are attributed natively
	360	+// so other clients see the real sender nick. Falls back to [nick] prefix.
343	361	func (b Bot) SendWithMeta(ctx context.Context, channel, text, senderNick string, meta Meta) error {
344	362	if b.client == nil {
345	363	return fmt.Errorf("bridge: not connected")
346	364	}
347		- ircText := text
348		- if senderNick != "" {
349		- ircText = "[" + senderNick + "] " + text
	365	+ if senderNick != "" && b.relaySep != "" {
	366	+ // Use RELAYMSG for native attribution.
	367	+ b.client.Cmd.SendRawf("RELAYMSG %s %s :%s", channel, senderNick, text)
	368	+ } else {
	369	+ ircText := text
	370	+ if senderNick != "" {
	371	+ ircText = "[" + senderNick + "] " + text
	372	+ }
	373	+ b.client.Cmd.Message(channel, ircText)
350	374	}
351		- b.client.Cmd.Message(channel, ircText)
352	375
353	376	if senderNick != "" {
354	377	b.TouchUser(channel, senderNick)
355	378	}
356	379
357	380

	--- internal/bots/bridge/bridge.go
	+++ internal/bots/bridge/bridge.go
	@@ -103,10 +103,13 @@
103
104	msgTotal atomic.Int64
105
106	joinCh chan string
107	client *girc.Client



108	}
109
110	// New creates a bridge Bot.
111	func New(ircAddr, nick, password string, channels []string, bufSize int, webUserTTL time.Duration, log slog.Logger) Bot {
112	if nick == "" {
	@@ -172,10 +175,22 @@
172	PingTimeout: 30 * time.Second,
173	SSL: false,
174	})
175
176	c.Handlers.AddBg(girc.CONNECTED, func(cl *girc.Client, _ girc.Event) {












177	if b.log != nil {
178	b.log.Info("bridge connected")
179	}
180	for _, ch := range b.initChannels {
181	cl.Cmd.Join(ch)
	@@ -338,19 +353,27 @@
338	}
339
340	// SendWithMeta sends a message to channel with optional structured metadata.
341	// IRC receives only the plain text; SSE subscribers receive the full message
342	// including meta for rich rendering in the web UI.



343	func (b Bot) SendWithMeta(ctx context.Context, channel, text, senderNick string, meta Meta) error {
344	if b.client == nil {
345	return fmt.Errorf("bridge: not connected")
346	}
347	ircText := text
348	if senderNick != "" {
349	ircText = "[" + senderNick + "] " + text






350	}
351	b.client.Cmd.Message(channel, ircText)
352
353	if senderNick != "" {
354	b.TouchUser(channel, senderNick)
355	}
356
357

	--- internal/bots/bridge/bridge.go
	+++ internal/bots/bridge/bridge.go
	@@ -103,10 +103,13 @@
103
104	msgTotal atomic.Int64
105
106	joinCh chan string
107	client *girc.Client
108
109	// RELAYMSG support detected from ISUPPORT.
110	relaySep string // separator (e.g. "/"), empty if unsupported
111	}
112
113	// New creates a bridge Bot.
114	func New(ircAddr, nick, password string, channels []string, bufSize int, webUserTTL time.Duration, log slog.Logger) Bot {
115	if nick == "" {
	@@ -172,10 +175,22 @@
175	PingTimeout: 30 * time.Second,
176	SSL: false,
177	})
178
179	c.Handlers.AddBg(girc.CONNECTED, func(cl *girc.Client, _ girc.Event) {
180	// Check RELAYMSG support from ISUPPORT (RPL_005).
181	if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
182	b.relaySep = sep
183	if b.log != nil {
184	b.log.Info("bridge: RELAYMSG supported", "separator", sep)
185	}
186	} else {
187	b.relaySep = ""
188	if b.log != nil {
189	b.log.Info("bridge: RELAYMSG not supported, using [nick] prefix fallback")
190	}
191	}
192	if b.log != nil {
193	b.log.Info("bridge connected")
194	}
195	for _, ch := range b.initChannels {
196	cl.Cmd.Join(ch)
	@@ -338,19 +353,27 @@
353	}
354
355	// SendWithMeta sends a message to channel with optional structured metadata.
356	// IRC receives only the plain text; SSE subscribers receive the full message
357	// including meta for rich rendering in the web UI.
358	//
359	// When the server supports RELAYMSG (IRCv3), messages are attributed natively
360	// so other clients see the real sender nick. Falls back to [nick] prefix.
361	func (b Bot) SendWithMeta(ctx context.Context, channel, text, senderNick string, meta Meta) error {
362	if b.client == nil {
363	return fmt.Errorf("bridge: not connected")
364	}
365	if senderNick != "" && b.relaySep != "" {
366	// Use RELAYMSG for native attribution.
367	b.client.Cmd.SendRawf("RELAYMSG %s %s :%s", channel, senderNick, text)
368	} else {
369	ircText := text
370	if senderNick != "" {
371	ircText = "[" + senderNick + "] " + text
372	}
373	b.client.Cmd.Message(channel, ircText)
374	}

375
376	if senderNick != "" {
377	b.TouchUser(channel, senderNick)
378	}
379
380

M internal/bots/bridge/bridge.go

+27 -4

		--- internal/bots/bridge/bridge.go
		+++ internal/bots/bridge/bridge.go
		@@ -103,10 +103,13 @@
103	103
104	104	msgTotal atomic.Int64
105	105
106	106	joinCh chan string
107	107	client *girc.Client
	108	+
	109	+ // RELAYMSG support detected from ISUPPORT.
	110	+ relaySep string // separator (e.g. "/"), empty if unsupported
108	111	}
109	112
110	113	// New creates a bridge Bot.
111	114	func New(ircAddr, nick, password string, channels []string, bufSize int, webUserTTL time.Duration, log slog.Logger) Bot {
112	115	if nick == "" {
		@@ -172,10 +175,22 @@
172	175	PingTimeout: 30 * time.Second,
173	176	SSL: false,
174	177	})
175	178
176	179	c.Handlers.AddBg(girc.CONNECTED, func(cl *girc.Client, _ girc.Event) {
	180	+ // Check RELAYMSG support from ISUPPORT (RPL_005).
	181	+ if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
	182	+ b.relaySep = sep
	183	+ if b.log != nil {
	184	+ b.log.Info("bridge: RELAYMSG supported", "separator", sep)
	185	+ }
	186	+ } else {
	187	+ b.relaySep = ""
	188	+ if b.log != nil {
	189	+ b.log.Info("bridge: RELAYMSG not supported, using [nick] prefix fallback")
	190	+ }
	191	+ }
177	192	if b.log != nil {
178	193	b.log.Info("bridge connected")
179	194	}
180	195	for _, ch := range b.initChannels {
181	196	cl.Cmd.Join(ch)
		@@ -338,19 +353,27 @@
338	353	}
339	354
340	355	// SendWithMeta sends a message to channel with optional structured metadata.
341	356	// IRC receives only the plain text; SSE subscribers receive the full message
342	357	// including meta for rich rendering in the web UI.
	358	+//
	359	+// When the server supports RELAYMSG (IRCv3), messages are attributed natively
	360	+// so other clients see the real sender nick. Falls back to [nick] prefix.
343	361	func (b Bot) SendWithMeta(ctx context.Context, channel, text, senderNick string, meta Meta) error {
344	362	if b.client == nil {
345	363	return fmt.Errorf("bridge: not connected")
346	364	}
347		- ircText := text
348		- if senderNick != "" {
349		- ircText = "[" + senderNick + "] " + text
	365	+ if senderNick != "" && b.relaySep != "" {
	366	+ // Use RELAYMSG for native attribution.
	367	+ b.client.Cmd.SendRawf("RELAYMSG %s %s :%s", channel, senderNick, text)
	368	+ } else {
	369	+ ircText := text
	370	+ if senderNick != "" {
	371	+ ircText = "[" + senderNick + "] " + text
	372	+ }
	373	+ b.client.Cmd.Message(channel, ircText)
350	374	}
351		- b.client.Cmd.Message(channel, ircText)
352	375
353	376	if senderNick != "" {
354	377	b.TouchUser(channel, senderNick)
355	378	}
356	379
357	380

	--- internal/bots/bridge/bridge.go
	+++ internal/bots/bridge/bridge.go
	@@ -103,10 +103,13 @@
103
104	msgTotal atomic.Int64
105
106	joinCh chan string
107	client *girc.Client



108	}
109
110	// New creates a bridge Bot.
111	func New(ircAddr, nick, password string, channels []string, bufSize int, webUserTTL time.Duration, log slog.Logger) Bot {
112	if nick == "" {
	@@ -172,10 +175,22 @@
172	PingTimeout: 30 * time.Second,
173	SSL: false,
174	})
175
176	c.Handlers.AddBg(girc.CONNECTED, func(cl *girc.Client, _ girc.Event) {












177	if b.log != nil {
178	b.log.Info("bridge connected")
179	}
180	for _, ch := range b.initChannels {
181	cl.Cmd.Join(ch)
	@@ -338,19 +353,27 @@
338	}
339
340	// SendWithMeta sends a message to channel with optional structured metadata.
341	// IRC receives only the plain text; SSE subscribers receive the full message
342	// including meta for rich rendering in the web UI.



343	func (b Bot) SendWithMeta(ctx context.Context, channel, text, senderNick string, meta Meta) error {
344	if b.client == nil {
345	return fmt.Errorf("bridge: not connected")
346	}
347	ircText := text
348	if senderNick != "" {
349	ircText = "[" + senderNick + "] " + text






350	}
351	b.client.Cmd.Message(channel, ircText)
352
353	if senderNick != "" {
354	b.TouchUser(channel, senderNick)
355	}
356
357

	--- internal/bots/bridge/bridge.go
	+++ internal/bots/bridge/bridge.go
	@@ -103,10 +103,13 @@
103
104	msgTotal atomic.Int64
105
106	joinCh chan string
107	client *girc.Client
108
109	// RELAYMSG support detected from ISUPPORT.
110	relaySep string // separator (e.g. "/"), empty if unsupported
111	}
112
113	// New creates a bridge Bot.
114	func New(ircAddr, nick, password string, channels []string, bufSize int, webUserTTL time.Duration, log slog.Logger) Bot {
115	if nick == "" {
	@@ -172,10 +175,22 @@
175	PingTimeout: 30 * time.Second,
176	SSL: false,
177	})
178
179	c.Handlers.AddBg(girc.CONNECTED, func(cl *girc.Client, _ girc.Event) {
180	// Check RELAYMSG support from ISUPPORT (RPL_005).
181	if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
182	b.relaySep = sep
183	if b.log != nil {
184	b.log.Info("bridge: RELAYMSG supported", "separator", sep)
185	}
186	} else {
187	b.relaySep = ""
188	if b.log != nil {
189	b.log.Info("bridge: RELAYMSG not supported, using [nick] prefix fallback")
190	}
191	}
192	if b.log != nil {
193	b.log.Info("bridge connected")
194	}
195	for _, ch := range b.initChannels {
196	cl.Cmd.Join(ch)
	@@ -338,19 +353,27 @@
353	}
354
355	// SendWithMeta sends a message to channel with optional structured metadata.
356	// IRC receives only the plain text; SSE subscribers receive the full message
357	// including meta for rich rendering in the web UI.
358	//
359	// When the server supports RELAYMSG (IRCv3), messages are attributed natively
360	// so other clients see the real sender nick. Falls back to [nick] prefix.
361	func (b Bot) SendWithMeta(ctx context.Context, channel, text, senderNick string, meta Meta) error {
362	if b.client == nil {
363	return fmt.Errorf("bridge: not connected")
364	}
365	if senderNick != "" && b.relaySep != "" {
366	// Use RELAYMSG for native attribution.
367	b.client.Cmd.SendRawf("RELAYMSG %s %s :%s", channel, senderNick, text)
368	} else {
369	ircText := text
370	if senderNick != "" {
371	ircText = "[" + senderNick + "] " + text
372	}
373	b.client.Cmd.Message(channel, ircText)
374	}

375
376	if senderNick != "" {
377	b.TouchUser(channel, senderNick)
378	}
379
380

M internal/config/config.go

		--- internal/config/config.go
		+++ internal/config/config.go
		@@ -278,10 +278,13 @@
278	278	// Voice is a list of nicks to grant voice (+v) access.
279	279	Voice []string `yaml:"voice" json:"voice,omitempty"`
280	280
281	281	// Autojoin is a list of bot nicks to invite when the channel is provisioned.
282	282	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
	283	+
	284	+ // Modes is a list of channel modes to set after provisioning (e.g. "+m" for moderated).
	285	+ Modes []string `yaml:"modes" json:"modes,omitempty"`
283	286
284	287	// OnJoinMessage is sent to agents when they join this channel.
285	288	// Supports template variables: {nick}, {channel}.
286	289	OnJoinMessage string `yaml:"on_join_message" json:"on_join_message,omitempty"`
287	290	}
		@@ -299,10 +302,13 @@
299	302	// Autojoin is a list of bot nicks to invite when a channel of this type is created.
300	303	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
301	304
302	305	// Supervision is the coordination channel where summaries should surface.
303	306	Supervision string `yaml:"supervision" json:"supervision,omitempty"`
	307	+
	308	+ // Modes is a list of channel modes to set when provisioning (e.g. "+m" for moderated).
	309	+ Modes []string `yaml:"modes" json:"modes,omitempty"`
304	310
305	311	// Ephemeral marks channels of this type for automatic cleanup.
306	312	Ephemeral bool `yaml:"ephemeral" json:"ephemeral,omitempty"`
307	313
308	314	// TTL is the maximum lifetime of an ephemeral channel with no non-bot members.
309	315

	--- internal/config/config.go
	+++ internal/config/config.go
	@@ -278,10 +278,13 @@
278	// Voice is a list of nicks to grant voice (+v) access.
279	Voice []string `yaml:"voice" json:"voice,omitempty"`
280
281	// Autojoin is a list of bot nicks to invite when the channel is provisioned.
282	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`



283
284	// OnJoinMessage is sent to agents when they join this channel.
285	// Supports template variables: {nick}, {channel}.
286	OnJoinMessage string `yaml:"on_join_message" json:"on_join_message,omitempty"`
287	}
	@@ -299,10 +302,13 @@
299	// Autojoin is a list of bot nicks to invite when a channel of this type is created.
300	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
301
302	// Supervision is the coordination channel where summaries should surface.
303	Supervision string `yaml:"supervision" json:"supervision,omitempty"`



304
305	// Ephemeral marks channels of this type for automatic cleanup.
306	Ephemeral bool `yaml:"ephemeral" json:"ephemeral,omitempty"`
307
308	// TTL is the maximum lifetime of an ephemeral channel with no non-bot members.
309

	--- internal/config/config.go
	+++ internal/config/config.go
	@@ -278,10 +278,13 @@
278	// Voice is a list of nicks to grant voice (+v) access.
279	Voice []string `yaml:"voice" json:"voice,omitempty"`
280
281	// Autojoin is a list of bot nicks to invite when the channel is provisioned.
282	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
283
284	// Modes is a list of channel modes to set after provisioning (e.g. "+m" for moderated).
285	Modes []string `yaml:"modes" json:"modes,omitempty"`
286
287	// OnJoinMessage is sent to agents when they join this channel.
288	// Supports template variables: {nick}, {channel}.
289	OnJoinMessage string `yaml:"on_join_message" json:"on_join_message,omitempty"`
290	}
	@@ -299,10 +302,13 @@
302	// Autojoin is a list of bot nicks to invite when a channel of this type is created.
303	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
304
305	// Supervision is the coordination channel where summaries should surface.
306	Supervision string `yaml:"supervision" json:"supervision,omitempty"`
307
308	// Modes is a list of channel modes to set when provisioning (e.g. "+m" for moderated).
309	Modes []string `yaml:"modes" json:"modes,omitempty"`
310
311	// Ephemeral marks channels of this type for automatic cleanup.
312	Ephemeral bool `yaml:"ephemeral" json:"ephemeral,omitempty"`
313
314	// TTL is the maximum lifetime of an ephemeral channel with no non-bot members.
315

M internal/config/config.go

		--- internal/config/config.go
		+++ internal/config/config.go
		@@ -278,10 +278,13 @@
278	278	// Voice is a list of nicks to grant voice (+v) access.
279	279	Voice []string `yaml:"voice" json:"voice,omitempty"`
280	280
281	281	// Autojoin is a list of bot nicks to invite when the channel is provisioned.
282	282	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
	283	+
	284	+ // Modes is a list of channel modes to set after provisioning (e.g. "+m" for moderated).
	285	+ Modes []string `yaml:"modes" json:"modes,omitempty"`
283	286
284	287	// OnJoinMessage is sent to agents when they join this channel.
285	288	// Supports template variables: {nick}, {channel}.
286	289	OnJoinMessage string `yaml:"on_join_message" json:"on_join_message,omitempty"`
287	290	}
		@@ -299,10 +302,13 @@
299	302	// Autojoin is a list of bot nicks to invite when a channel of this type is created.
300	303	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
301	304
302	305	// Supervision is the coordination channel where summaries should surface.
303	306	Supervision string `yaml:"supervision" json:"supervision,omitempty"`
	307	+
	308	+ // Modes is a list of channel modes to set when provisioning (e.g. "+m" for moderated).
	309	+ Modes []string `yaml:"modes" json:"modes,omitempty"`
304	310
305	311	// Ephemeral marks channels of this type for automatic cleanup.
306	312	Ephemeral bool `yaml:"ephemeral" json:"ephemeral,omitempty"`
307	313
308	314	// TTL is the maximum lifetime of an ephemeral channel with no non-bot members.
309	315

	--- internal/config/config.go
	+++ internal/config/config.go
	@@ -278,10 +278,13 @@
278	// Voice is a list of nicks to grant voice (+v) access.
279	Voice []string `yaml:"voice" json:"voice,omitempty"`
280
281	// Autojoin is a list of bot nicks to invite when the channel is provisioned.
282	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`



283
284	// OnJoinMessage is sent to agents when they join this channel.
285	// Supports template variables: {nick}, {channel}.
286	OnJoinMessage string `yaml:"on_join_message" json:"on_join_message,omitempty"`
287	}
	@@ -299,10 +302,13 @@
299	// Autojoin is a list of bot nicks to invite when a channel of this type is created.
300	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
301
302	// Supervision is the coordination channel where summaries should surface.
303	Supervision string `yaml:"supervision" json:"supervision,omitempty"`



304
305	// Ephemeral marks channels of this type for automatic cleanup.
306	Ephemeral bool `yaml:"ephemeral" json:"ephemeral,omitempty"`
307
308	// TTL is the maximum lifetime of an ephemeral channel with no non-bot members.
309

	--- internal/config/config.go
	+++ internal/config/config.go
	@@ -278,10 +278,13 @@
278	// Voice is a list of nicks to grant voice (+v) access.
279	Voice []string `yaml:"voice" json:"voice,omitempty"`
280
281	// Autojoin is a list of bot nicks to invite when the channel is provisioned.
282	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
283
284	// Modes is a list of channel modes to set after provisioning (e.g. "+m" for moderated).
285	Modes []string `yaml:"modes" json:"modes,omitempty"`
286
287	// OnJoinMessage is sent to agents when they join this channel.
288	// Supports template variables: {nick}, {channel}.
289	OnJoinMessage string `yaml:"on_join_message" json:"on_join_message,omitempty"`
290	}
	@@ -299,10 +302,13 @@
302	// Autojoin is a list of bot nicks to invite when a channel of this type is created.
303	Autojoin []string `yaml:"autojoin" json:"autojoin,omitempty"`
304
305	// Supervision is the coordination channel where summaries should surface.
306	Supervision string `yaml:"supervision" json:"supervision,omitempty"`
307
308	// Modes is a list of channel modes to set when provisioning (e.g. "+m" for moderated).
309	Modes []string `yaml:"modes" json:"modes,omitempty"`
310
311	// Ephemeral marks channels of this type for automatic cleanup.
312	Ephemeral bool `yaml:"ephemeral" json:"ephemeral,omitempty"`
313
314	// TTL is the maximum lifetime of an ephemeral channel with no non-bot members.
315

M internal/ergo/ircdconfig.go

+3 -1

		--- internal/ergo/ircdconfig.go
		+++ internal/ergo/ircdconfig.go
		@@ -23,11 +23,13 @@
23	23	{{- end}}
24	24	casemapping: ascii
25	25	enforce-utf8: true
26	26	max-sendq: 96k
27	27	relaymsg:
28		- enabled: false
	28	+ enabled: true
	29	+ separators: /
	30	+ available-to-chanops: false
29	31	ip-cloaking:
30	32	enabled: false
31	33	lookup-hostnames: false
32	34
33	35	datastore:
34	36

	--- internal/ergo/ircdconfig.go
	+++ internal/ergo/ircdconfig.go
	@@ -23,11 +23,13 @@
23	{{- end}}
24	casemapping: ascii
25	enforce-utf8: true
26	max-sendq: 96k
27	relaymsg:
28	enabled: false


29	ip-cloaking:
30	enabled: false
31	lookup-hostnames: false
32
33	datastore:
34

	--- internal/ergo/ircdconfig.go
	+++ internal/ergo/ircdconfig.go
	@@ -23,11 +23,13 @@
23	{{- end}}
24	casemapping: ascii
25	enforce-utf8: true
26	max-sendq: 96k
27	relaymsg:
28	enabled: true
29	separators: /
30	available-to-chanops: false
31	ip-cloaking:
32	enabled: false
33	lookup-hostnames: false
34
35	datastore:
36

M internal/ergo/manager.go

		--- internal/ergo/manager.go
		+++ internal/ergo/manager.go
		@@ -115,10 +115,17 @@
115	115	}
116	116	wait = min(wait*2, restartMaxWait) //nolint:ineffassign,staticcheck
117	117	}
118	118	}
119	119	}
	120	+
	121	+// UpdateConfig replaces the Ergo config, regenerates ircd.yaml, and rehashes.
	122	+// Use when scuttlebot.yaml Ergo settings change at runtime.
	123	+func (m *Manager) UpdateConfig(cfg config.ErgoConfig) error {
	124	+ m.cfg = cfg
	125	+ return m.Rehash()
	126	+}
120	127
121	128	// Rehash reloads the Ergo config. Call after writing a new ircd.yaml.
122	129	func (m *Manager) Rehash() error {
123	130	if err := m.writeConfig(); err != nil {
124	131	return fmt.Errorf("ergo: write config: %w", err)
125	132

	--- internal/ergo/manager.go
	+++ internal/ergo/manager.go
	@@ -115,10 +115,17 @@
115	}
116	wait = min(wait*2, restartMaxWait) //nolint:ineffassign,staticcheck
117	}
118	}
119	}







120
121	// Rehash reloads the Ergo config. Call after writing a new ircd.yaml.
122	func (m *Manager) Rehash() error {
123	if err := m.writeConfig(); err != nil {
124	return fmt.Errorf("ergo: write config: %w", err)
125

	--- internal/ergo/manager.go
	+++ internal/ergo/manager.go
	@@ -115,10 +115,17 @@
115	}
116	wait = min(wait*2, restartMaxWait) //nolint:ineffassign,staticcheck
117	}
118	}
119	}
120
121	// UpdateConfig replaces the Ergo config, regenerates ircd.yaml, and rehashes.
122	// Use when scuttlebot.yaml Ergo settings change at runtime.
123	func (m *Manager) UpdateConfig(cfg config.ErgoConfig) error {
124	m.cfg = cfg
125	return m.Rehash()
126	}
127
128	// Rehash reloads the Ergo config. Call after writing a new ircd.yaml.
129	func (m *Manager) Rehash() error {
130	if err := m.writeConfig(); err != nil {
131	return fmt.Errorf("ergo: write config: %w", err)
132

M internal/mcp/mcp.go

+9 -8

		--- internal/mcp/mcp.go
		+++ internal/mcp/mcp.go
		@@ -52,31 +52,32 @@
52	52	type ChannelInfo struct {
53	53	Name string `json:"name"`
54	54	Topic string `json:"topic,omitempty"`
55	55	Count int `json:"count"`
56	56	}
	57	+
	58	+// TokenValidator validates API tokens.
	59	+type TokenValidator interface {
	60	+ ValidToken(token string) bool
	61	+}
57	62
58	63	// Server is the MCP server.
59	64	type Server struct {
60	65	registry *registry.Registry
61	66	channels ChannelLister
62	67	sender Sender // optional — send_message returns error if nil
63	68	history HistoryQuerier // optional — get_history returns error if nil
64		- tokens map[string]struct{}
	69	+ tokens TokenValidator
65	70	log *slog.Logger
66	71	}
67	72
68	73	// New creates an MCP Server.
69		-func New(reg registry.Registry, channels ChannelLister, tokens []string, log slog.Logger) *Server {
70		- t := make(map[string]struct{}, len(tokens))
71		- for _, tok := range tokens {
72		- t[tok] = struct{}{}
73		- }
	74	+func New(reg registry.Registry, channels ChannelLister, tokens TokenValidator, log slog.Logger) *Server {
74	75	return &Server{
75	76	registry: reg,
76	77	channels: channels,
77		- tokens: t,
	78	+ tokens: tokens,
78	79	log: log,
79	80	}
80	81	}
81	82
82	83	// WithSender attaches an IRC relay client for send_message.
		@@ -101,11 +102,11 @@
101	102	// --- Auth ---
102	103
103	104	func (s *Server) authMiddleware(next http.Handler) http.Handler {
104	105	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
105	106	token := bearerToken(r)
106		- if _, ok := s.tokens[token]; !ok {
	107	+ if !s.tokens.ValidToken(token) {
107	108	writeRPCError(w, nil, -32001, "unauthorized")
108	109	return
109	110	}
110	111	next.ServeHTTP(w, r)
111	112	})
112	113

	--- internal/mcp/mcp.go
	+++ internal/mcp/mcp.go
	@@ -52,31 +52,32 @@
52	type ChannelInfo struct {
53	Name string `json:"name"`
54	Topic string `json:"topic,omitempty"`
55	Count int `json:"count"`
56	}





57
58	// Server is the MCP server.
59	type Server struct {
60	registry *registry.Registry
61	channels ChannelLister
62	sender Sender // optional — send_message returns error if nil
63	history HistoryQuerier // optional — get_history returns error if nil
64	tokens map[string]struct{}
65	log *slog.Logger
66	}
67
68	// New creates an MCP Server.
69	func New(reg registry.Registry, channels ChannelLister, tokens []string, log slog.Logger) *Server {
70	t := make(map[string]struct{}, len(tokens))
71	for _, tok := range tokens {
72	t[tok] = struct{}{}
73	}
74	return &Server{
75	registry: reg,
76	channels: channels,
77	tokens: t,
78	log: log,
79	}
80	}
81
82	// WithSender attaches an IRC relay client for send_message.
	@@ -101,11 +102,11 @@
101	// --- Auth ---
102
103	func (s *Server) authMiddleware(next http.Handler) http.Handler {
104	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
105	token := bearerToken(r)
106	if _, ok := s.tokens[token]; !ok {
107	writeRPCError(w, nil, -32001, "unauthorized")
108	return
109	}
110	next.ServeHTTP(w, r)
111	})
112

	--- internal/mcp/mcp.go
	+++ internal/mcp/mcp.go
	@@ -52,31 +52,32 @@
52	type ChannelInfo struct {
53	Name string `json:"name"`
54	Topic string `json:"topic,omitempty"`
55	Count int `json:"count"`
56	}
57
58	// TokenValidator validates API tokens.
59	type TokenValidator interface {
60	ValidToken(token string) bool
61	}
62
63	// Server is the MCP server.
64	type Server struct {
65	registry *registry.Registry
66	channels ChannelLister
67	sender Sender // optional — send_message returns error if nil
68	history HistoryQuerier // optional — get_history returns error if nil
69	tokens TokenValidator
70	log *slog.Logger
71	}
72
73	// New creates an MCP Server.
74	func New(reg registry.Registry, channels ChannelLister, tokens TokenValidator, log slog.Logger) *Server {




75	return &Server{
76	registry: reg,
77	channels: channels,
78	tokens: tokens,
79	log: log,
80	}
81	}
82
83	// WithSender attaches an IRC relay client for send_message.
	@@ -101,11 +102,11 @@
102	// --- Auth ---
103
104	func (s *Server) authMiddleware(next http.Handler) http.Handler {
105	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
106	token := bearerToken(r)
107	if !s.tokens.ValidToken(token) {
108	writeRPCError(w, nil, -32001, "unauthorized")
109	return
110	}
111	next.ServeHTTP(w, r)
112	})
113

M internal/mcp/mcp_test.go

+8 -1

		--- internal/mcp/mcp_test.go
		+++ internal/mcp/mcp_test.go
		@@ -19,10 +19,17 @@
19	19	var testLog = slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelError}))
20	20
21	21	const testToken = "test-mcp-token"
22	22
23	23	// --- mocks ---
	24	+
	25	+type tokenSet map[string]struct{}
	26	+
	27	+func (t tokenSet) ValidToken(tok string) bool {
	28	+ _, ok := t[tok]
	29	+ return ok
	30	+}
24	31
25	32	type mockProvisioner struct {
26	33	mu sync.Mutex
27	34	accounts map[string]string
28	35	}
		@@ -93,11 +100,11 @@
93	100	hist := &mockHistory{entries: map[string][]mcp.HistoryEntry{
94	101	"#fleet": {
95	102	{Nick: "agent-01", MessageType: "task.create", MessageID: "01HX", Raw: `{"v":1}`},
96	103	},
97	104	}}
98		- srv := mcp.New(reg, channels, []string{testToken}, testLog).
	105	+ srv := mcp.New(reg, channels, tokenSet{testToken: {}}, testLog).
99	106	WithSender(sender).
100	107	WithHistory(hist)
101	108	return httptest.NewServer(srv.Handler())
102	109	}
103	110
104	111

	--- internal/mcp/mcp_test.go
	+++ internal/mcp/mcp_test.go
	@@ -19,10 +19,17 @@
19	var testLog = slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelError}))
20
21	const testToken = "test-mcp-token"
22
23	// --- mocks ---







24
25	type mockProvisioner struct {
26	mu sync.Mutex
27	accounts map[string]string
28	}
	@@ -93,11 +100,11 @@
93	hist := &mockHistory{entries: map[string][]mcp.HistoryEntry{
94	"#fleet": {
95	{Nick: "agent-01", MessageType: "task.create", MessageID: "01HX", Raw: `{"v":1}`},
96	},
97	}}
98	srv := mcp.New(reg, channels, []string{testToken}, testLog).
99	WithSender(sender).
100	WithHistory(hist)
101	return httptest.NewServer(srv.Handler())
102	}
103
104

	--- internal/mcp/mcp_test.go
	+++ internal/mcp/mcp_test.go
	@@ -19,10 +19,17 @@
19	var testLog = slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelError}))
20
21	const testToken = "test-mcp-token"
22
23	// --- mocks ---
24
25	type tokenSet map[string]struct{}
26
27	func (t tokenSet) ValidToken(tok string) bool {
28	_, ok := t[tok]
29	return ok
30	}
31
32	type mockProvisioner struct {
33	mu sync.Mutex
34	accounts map[string]string
35	}
	@@ -93,11 +100,11 @@
100	hist := &mockHistory{entries: map[string][]mcp.HistoryEntry{
101	"#fleet": {
102	{Nick: "agent-01", MessageType: "task.create", MessageID: "01HX", Raw: `{"v":1}`},
103	},
104	}}
105	srv := mcp.New(reg, channels, tokenSet{testToken: {}}, testLog).
106	WithSender(sender).
107	WithHistory(hist)
108	return httptest.NewServer(srv.Handler())
109	}
110
111

M internal/topology/policy.go

+10

		--- internal/topology/policy.go
		+++ internal/topology/policy.go
		@@ -11,10 +11,11 @@
11	11	// ChannelType is the resolved policy for a class of channels.
12	12	type ChannelType struct {
13	13	Name string
14	14	Prefix string
15	15	Autojoin []string
	16	+ Modes []string
16	17	Supervision string
17	18	Ephemeral bool
18	19	TTL time.Duration
19	20	}
20	21
		@@ -61,10 +62,11 @@
61	62	for _, t := range cfg.Types {
62	63	types = append(types, ChannelType{
63	64	Name: t.Name,
64	65	Prefix: t.Prefix,
65	66	Autojoin: append([]string(nil), t.Autojoin...),
	67	+ Modes: append([]string(nil), t.Modes...),
66	68	Supervision: t.Supervision,
67	69	Ephemeral: t.Ephemeral,
68	70	TTL: t.TTL.Duration,
69	71	})
70	72	}
		@@ -133,10 +135,18 @@
133	135	if t := p.Match(channel); t != nil {
134	136	return t.TTL
135	137	}
136	138	return 0
137	139	}
	140	+
	141	+// ModesFor returns the channel modes for the given channel, or nil.
	142	+func (p *Policy) ModesFor(channel string) []string {
	143	+ if t := p.Match(channel); t != nil {
	144	+ return append([]string(nil), t.Modes...)
	145	+ }
	146	+ return nil
	147	+}
138	148
139	149	// StaticChannels returns the list of channels to provision at startup.
140	150	func (p *Policy) StaticChannels() []config.StaticChannelConfig {
141	151	return append([]config.StaticChannelConfig(nil), p.staticChannels...)
142	152	}
143	153

	--- internal/topology/policy.go
	+++ internal/topology/policy.go
	@@ -11,10 +11,11 @@
11	// ChannelType is the resolved policy for a class of channels.
12	type ChannelType struct {
13	Name string
14	Prefix string
15	Autojoin []string

16	Supervision string
17	Ephemeral bool
18	TTL time.Duration
19	}
20
	@@ -61,10 +62,11 @@
61	for _, t := range cfg.Types {
62	types = append(types, ChannelType{
63	Name: t.Name,
64	Prefix: t.Prefix,
65	Autojoin: append([]string(nil), t.Autojoin...),

66	Supervision: t.Supervision,
67	Ephemeral: t.Ephemeral,
68	TTL: t.TTL.Duration,
69	})
70	}
	@@ -133,10 +135,18 @@
133	if t := p.Match(channel); t != nil {
134	return t.TTL
135	}
136	return 0
137	}








138
139	// StaticChannels returns the list of channels to provision at startup.
140	func (p *Policy) StaticChannels() []config.StaticChannelConfig {
141	return append([]config.StaticChannelConfig(nil), p.staticChannels...)
142	}
143

	--- internal/topology/policy.go
	+++ internal/topology/policy.go
	@@ -11,10 +11,11 @@
11	// ChannelType is the resolved policy for a class of channels.
12	type ChannelType struct {
13	Name string
14	Prefix string
15	Autojoin []string
16	Modes []string
17	Supervision string
18	Ephemeral bool
19	TTL time.Duration
20	}
21
	@@ -61,10 +62,11 @@
62	for _, t := range cfg.Types {
63	types = append(types, ChannelType{
64	Name: t.Name,
65	Prefix: t.Prefix,
66	Autojoin: append([]string(nil), t.Autojoin...),
67	Modes: append([]string(nil), t.Modes...),
68	Supervision: t.Supervision,
69	Ephemeral: t.Ephemeral,
70	TTL: t.TTL.Duration,
71	})
72	}
	@@ -133,10 +135,18 @@
135	if t := p.Match(channel); t != nil {
136	return t.TTL
137	}
138	return 0
139	}
140
141	// ModesFor returns the channel modes for the given channel, or nil.
142	func (p *Policy) ModesFor(channel string) []string {
143	if t := p.Match(channel); t != nil {
144	return append([]string(nil), t.Modes...)
145	}
146	return nil
147	}
148
149	// StaticChannels returns the list of channels to provision at startup.
150	func (p *Policy) StaticChannels() []config.StaticChannelConfig {
151	return append([]config.StaticChannelConfig(nil), p.staticChannels...)
152	}
153

M internal/topology/topology.go

+62 -11

		--- internal/topology/topology.go
		+++ internal/topology/topology.go
		@@ -24,18 +24,21 @@
24	24	Name string
25	25
26	26	// Topic is the initial channel topic (shared state header).
27	27	Topic string
28	28
29		- // Ops is a list of nicks to grant +o (channel operator) status.
	29	+ // Ops is a list of nicks to grant +o (channel operator) status via AMODE.
30	30	Ops []string
31	31
32		- // Voice is a list of nicks to grant +v status.
	32	+ // Voice is a list of nicks to grant +v status via AMODE.
33	33	Voice []string
34	34
35	35	// Autojoin is a list of bot nicks to invite after provisioning.
36	36	Autojoin []string
	37	+
	38	+ // Modes is a list of channel modes to set (e.g. "+m" for moderated).
	39	+ Modes []string
37	40
38	41	// OnJoinMessage is sent to agents when they join this channel.
39	42	OnJoinMessage string
40	43	}
41	44
		@@ -210,15 +213,21 @@
210	213
211	214	if ch.Topic != "" {
212	215	m.chanserv("TOPIC %s %s", ch.Name, ch.Topic)
213	216	}
214	217
	218	+ // Use AMODE for persistent auto-mode on join (survives reconnects).
215	219	for _, nick := range ch.Ops {
216		- m.chanserv("ACCESS %s ADD %s OP", ch.Name, nick)
	220	+ m.chanserv("AMODE %s +o %s", ch.Name, nick)
217	221	}
218	222	for _, nick := range ch.Voice {
219		- m.chanserv("ACCESS %s ADD %s VOICE", ch.Name, nick)
	223	+ m.chanserv("AMODE %s +v %s", ch.Name, nick)
	224	+ }
	225	+
	226	+ // Apply channel modes (e.g. +m for moderated).
	227	+ for _, mode := range ch.Modes {
	228	+ m.client.Cmd.Mode(ch.Name, mode)
220	229	}
221	230
222	231	if len(ch.Autojoin) > 0 {
223	232	m.Invite(ch.Name, ch.Autojoin)
224	233	}
		@@ -277,33 +286,75 @@
277	286	m.log.Info("reaping expired ephemeral channel", "channel", rec.name, "age", now.Sub(rec.provisionedAt).Round(time.Minute))
278	287	m.DropChannel(rec.name)
279	288	}
280	289	}
281	290
282		-// GrantAccess sets a ChanServ ACCESS entry for nick on the given channel.
283		-// level is "OP" or "VOICE". If level is empty, no access is granted.
	291	+// GrantAccess sets a ChanServ AMODE entry for nick on the given channel.
	292	+// level is "OP" or "VOICE". AMODE persists across reconnects — ChanServ
	293	+// automatically applies the mode every time the nick joins.
284	294	func (m *Manager) GrantAccess(nick, channel, level string) {
285	295	if m.client == nil \|\| level == "" {
286	296	return
287	297	}
288		- m.chanserv("ACCESS %s ADD %s %s", channel, nick, level)
289		- m.log.Info("granted channel access", "nick", nick, "channel", channel, "level", level)
	298	+ switch strings.ToUpper(level) {
	299	+ case "OP":
	300	+ m.chanserv("AMODE %s +o %s", channel, nick)
	301	+ case "VOICE":
	302	+ m.chanserv("AMODE %s +v %s", channel, nick)
	303	+ default:
	304	+ m.log.Warn("unknown access level", "level", level)
	305	+ return
	306	+ }
	307	+ m.log.Info("granted channel access (AMODE)", "nick", nick, "channel", channel, "level", level)
290	308	}
291	309
292		-// RevokeAccess removes a ChanServ ACCESS entry for nick on the given channel.
	310	+// RevokeAccess removes ChanServ AMODE entries for nick on the given channel.
293	311	func (m *Manager) RevokeAccess(nick, channel string) {
294	312	if m.client == nil {
295	313	return
296	314	}
297		- m.chanserv("ACCESS %s DEL %s", channel, nick)
298		- m.log.Info("revoked channel access", "nick", nick, "channel", channel)
	315	+ m.chanserv("AMODE %s -o %s", channel, nick)
	316	+ m.chanserv("AMODE %s -v %s", channel, nick)
	317	+ m.log.Info("revoked channel access (AMODE)", "nick", nick, "channel", channel)
299	318	}
300	319
301	320	func (m *Manager) chanserv(format string, args ...any) {
302	321	msg := fmt.Sprintf(format, args...)
303	322	m.client.Cmd.Message("ChanServ", msg)
304	323	}
	324	+
	325	+// ChannelInfo describes an active provisioned channel.
	326	+type ChannelInfo struct {
	327	+ Name string `json:"name"`
	328	+ ProvisionedAt time.Time `json:"provisioned_at"`
	329	+ Type string `json:"type,omitempty"`
	330	+ Ephemeral bool `json:"ephemeral,omitempty"`
	331	+ TTLSeconds int64 `json:"ttl_seconds,omitempty"`
	332	+}
	333	+
	334	+// ListChannels returns all actively provisioned channels.
	335	+func (m *Manager) ListChannels() []ChannelInfo {
	336	+ m.mu.Lock()
	337	+ defer m.mu.Unlock()
	338	+ out := make([]ChannelInfo, 0, len(m.channels))
	339	+ for _, rec := range m.channels {
	340	+ ci := ChannelInfo{
	341	+ Name: rec.name,
	342	+ ProvisionedAt: rec.provisionedAt,
	343	+ }
	344	+ if m.policy != nil {
	345	+ ci.Type = m.policy.TypeName(rec.name)
	346	+ ci.Ephemeral = m.policy.IsEphemeral(rec.name)
	347	+ ttl := m.policy.TTLFor(rec.name)
	348	+ if ttl > 0 {
	349	+ ci.TTLSeconds = int64(ttl.Seconds())
	350	+ }
	351	+ }
	352	+ out = append(out, ci)
	353	+ }
	354	+ return out
	355	+}
305	356
306	357	// ValidateName checks that a channel name follows scuttlebot conventions.
307	358	func ValidateName(name string) error {
308	359	if !strings.HasPrefix(name, "#") {
309	360	return fmt.Errorf("topology: channel name must start with #: %q", name)
310	361

	--- internal/topology/topology.go
	+++ internal/topology/topology.go
	@@ -24,18 +24,21 @@
24	Name string
25
26	// Topic is the initial channel topic (shared state header).
27	Topic string
28
29	// Ops is a list of nicks to grant +o (channel operator) status.
30	Ops []string
31
32	// Voice is a list of nicks to grant +v status.
33	Voice []string
34
35	// Autojoin is a list of bot nicks to invite after provisioning.
36	Autojoin []string



37
38	// OnJoinMessage is sent to agents when they join this channel.
39	OnJoinMessage string
40	}
41
	@@ -210,15 +213,21 @@
210
211	if ch.Topic != "" {
212	m.chanserv("TOPIC %s %s", ch.Name, ch.Topic)
213	}
214

215	for _, nick := range ch.Ops {
216	m.chanserv("ACCESS %s ADD %s OP", ch.Name, nick)
217	}
218	for _, nick := range ch.Voice {
219	m.chanserv("ACCESS %s ADD %s VOICE", ch.Name, nick)





220	}
221
222	if len(ch.Autojoin) > 0 {
223	m.Invite(ch.Name, ch.Autojoin)
224	}
	@@ -277,33 +286,75 @@
277	m.log.Info("reaping expired ephemeral channel", "channel", rec.name, "age", now.Sub(rec.provisionedAt).Round(time.Minute))
278	m.DropChannel(rec.name)
279	}
280	}
281
282	// GrantAccess sets a ChanServ ACCESS entry for nick on the given channel.
283	// level is "OP" or "VOICE". If level is empty, no access is granted.

284	func (m *Manager) GrantAccess(nick, channel, level string) {
285	if m.client == nil \|\| level == "" {
286	return
287	}
288	m.chanserv("ACCESS %s ADD %s %s", channel, nick, level)
289	m.log.Info("granted channel access", "nick", nick, "channel", channel, "level", level)








290	}
291
292	// RevokeAccess removes a ChanServ ACCESS entry for nick on the given channel.
293	func (m *Manager) RevokeAccess(nick, channel string) {
294	if m.client == nil {
295	return
296	}
297	m.chanserv("ACCESS %s DEL %s", channel, nick)
298	m.log.Info("revoked channel access", "nick", nick, "channel", channel)

299	}
300
301	func (m *Manager) chanserv(format string, args ...any) {
302	msg := fmt.Sprintf(format, args...)
303	m.client.Cmd.Message("ChanServ", msg)
304	}
































305
306	// ValidateName checks that a channel name follows scuttlebot conventions.
307	func ValidateName(name string) error {
308	if !strings.HasPrefix(name, "#") {
309	return fmt.Errorf("topology: channel name must start with #: %q", name)
310

	--- internal/topology/topology.go
	+++ internal/topology/topology.go
	@@ -24,18 +24,21 @@
24	Name string
25
26	// Topic is the initial channel topic (shared state header).
27	Topic string
28
29	// Ops is a list of nicks to grant +o (channel operator) status via AMODE.
30	Ops []string
31
32	// Voice is a list of nicks to grant +v status via AMODE.
33	Voice []string
34
35	// Autojoin is a list of bot nicks to invite after provisioning.
36	Autojoin []string
37
38	// Modes is a list of channel modes to set (e.g. "+m" for moderated).
39	Modes []string
40
41	// OnJoinMessage is sent to agents when they join this channel.
42	OnJoinMessage string
43	}
44
	@@ -210,15 +213,21 @@
213
214	if ch.Topic != "" {
215	m.chanserv("TOPIC %s %s", ch.Name, ch.Topic)
216	}
217
218	// Use AMODE for persistent auto-mode on join (survives reconnects).
219	for _, nick := range ch.Ops {
220	m.chanserv("AMODE %s +o %s", ch.Name, nick)
221	}
222	for _, nick := range ch.Voice {
223	m.chanserv("AMODE %s +v %s", ch.Name, nick)
224	}
225
226	// Apply channel modes (e.g. +m for moderated).
227	for _, mode := range ch.Modes {
228	m.client.Cmd.Mode(ch.Name, mode)
229	}
230
231	if len(ch.Autojoin) > 0 {
232	m.Invite(ch.Name, ch.Autojoin)
233	}
	@@ -277,33 +286,75 @@
286	m.log.Info("reaping expired ephemeral channel", "channel", rec.name, "age", now.Sub(rec.provisionedAt).Round(time.Minute))
287	m.DropChannel(rec.name)
288	}
289	}
290
291	// GrantAccess sets a ChanServ AMODE entry for nick on the given channel.
292	// level is "OP" or "VOICE". AMODE persists across reconnects — ChanServ
293	// automatically applies the mode every time the nick joins.
294	func (m *Manager) GrantAccess(nick, channel, level string) {
295	if m.client == nil \|\| level == "" {
296	return
297	}
298	switch strings.ToUpper(level) {
299	case "OP":
300	m.chanserv("AMODE %s +o %s", channel, nick)
301	case "VOICE":
302	m.chanserv("AMODE %s +v %s", channel, nick)
303	default:
304	m.log.Warn("unknown access level", "level", level)
305	return
306	}
307	m.log.Info("granted channel access (AMODE)", "nick", nick, "channel", channel, "level", level)
308	}
309
310	// RevokeAccess removes ChanServ AMODE entries for nick on the given channel.
311	func (m *Manager) RevokeAccess(nick, channel string) {
312	if m.client == nil {
313	return
314	}
315	m.chanserv("AMODE %s -o %s", channel, nick)
316	m.chanserv("AMODE %s -v %s", channel, nick)
317	m.log.Info("revoked channel access (AMODE)", "nick", nick, "channel", channel)
318	}
319
320	func (m *Manager) chanserv(format string, args ...any) {
321	msg := fmt.Sprintf(format, args...)
322	m.client.Cmd.Message("ChanServ", msg)
323	}
324
325	// ChannelInfo describes an active provisioned channel.
326	type ChannelInfo struct {
327	Name string `json:"name"`
328	ProvisionedAt time.Time `json:"provisioned_at"`
329	Type string `json:"type,omitempty"`
330	Ephemeral bool `json:"ephemeral,omitempty"`
331	TTLSeconds int64 `json:"ttl_seconds,omitempty"`
332	}
333
334	// ListChannels returns all actively provisioned channels.
335	func (m *Manager) ListChannels() []ChannelInfo {
336	m.mu.Lock()
337	defer m.mu.Unlock()
338	out := make([]ChannelInfo, 0, len(m.channels))
339	for _, rec := range m.channels {
340	ci := ChannelInfo{
341	Name: rec.name,
342	ProvisionedAt: rec.provisionedAt,
343	}
344	if m.policy != nil {
345	ci.Type = m.policy.TypeName(rec.name)
346	ci.Ephemeral = m.policy.IsEphemeral(rec.name)
347	ttl := m.policy.TTLFor(rec.name)
348	if ttl > 0 {
349	ci.TTLSeconds = int64(ttl.Seconds())
350	}
351	}
352	out = append(out, ci)
353	}
354	return out
355	}
356
357	// ValidateName checks that a channel name follows scuttlebot conventions.
358	func ValidateName(name string) error {
359	if !strings.HasPrefix(name, "#") {
360	return fmt.Errorf("topology: channel name must start with #: %q", name)
361

M internal/topology/topology.go

+62 -11

		--- internal/topology/topology.go
		+++ internal/topology/topology.go
		@@ -24,18 +24,21 @@
24	24	Name string
25	25
26	26	// Topic is the initial channel topic (shared state header).
27	27	Topic string
28	28
29		- // Ops is a list of nicks to grant +o (channel operator) status.
	29	+ // Ops is a list of nicks to grant +o (channel operator) status via AMODE.
30	30	Ops []string
31	31
32		- // Voice is a list of nicks to grant +v status.
	32	+ // Voice is a list of nicks to grant +v status via AMODE.
33	33	Voice []string
34	34
35	35	// Autojoin is a list of bot nicks to invite after provisioning.
36	36	Autojoin []string
	37	+
	38	+ // Modes is a list of channel modes to set (e.g. "+m" for moderated).
	39	+ Modes []string
37	40
38	41	// OnJoinMessage is sent to agents when they join this channel.
39	42	OnJoinMessage string
40	43	}
41	44
		@@ -210,15 +213,21 @@
210	213
211	214	if ch.Topic != "" {
212	215	m.chanserv("TOPIC %s %s", ch.Name, ch.Topic)
213	216	}
214	217
	218	+ // Use AMODE for persistent auto-mode on join (survives reconnects).
215	219	for _, nick := range ch.Ops {
216		- m.chanserv("ACCESS %s ADD %s OP", ch.Name, nick)
	220	+ m.chanserv("AMODE %s +o %s", ch.Name, nick)
217	221	}
218	222	for _, nick := range ch.Voice {
219		- m.chanserv("ACCESS %s ADD %s VOICE", ch.Name, nick)
	223	+ m.chanserv("AMODE %s +v %s", ch.Name, nick)
	224	+ }
	225	+
	226	+ // Apply channel modes (e.g. +m for moderated).
	227	+ for _, mode := range ch.Modes {
	228	+ m.client.Cmd.Mode(ch.Name, mode)
220	229	}
221	230
222	231	if len(ch.Autojoin) > 0 {
223	232	m.Invite(ch.Name, ch.Autojoin)
224	233	}
		@@ -277,33 +286,75 @@
277	286	m.log.Info("reaping expired ephemeral channel", "channel", rec.name, "age", now.Sub(rec.provisionedAt).Round(time.Minute))
278	287	m.DropChannel(rec.name)
279	288	}
280	289	}
281	290
282		-// GrantAccess sets a ChanServ ACCESS entry for nick on the given channel.
283		-// level is "OP" or "VOICE". If level is empty, no access is granted.
	291	+// GrantAccess sets a ChanServ AMODE entry for nick on the given channel.
	292	+// level is "OP" or "VOICE". AMODE persists across reconnects — ChanServ
	293	+// automatically applies the mode every time the nick joins.
284	294	func (m *Manager) GrantAccess(nick, channel, level string) {
285	295	if m.client == nil \|\| level == "" {
286	296	return
287	297	}
288		- m.chanserv("ACCESS %s ADD %s %s", channel, nick, level)
289		- m.log.Info("granted channel access", "nick", nick, "channel", channel, "level", level)
	298	+ switch strings.ToUpper(level) {
	299	+ case "OP":
	300	+ m.chanserv("AMODE %s +o %s", channel, nick)
	301	+ case "VOICE":
	302	+ m.chanserv("AMODE %s +v %s", channel, nick)
	303	+ default:
	304	+ m.log.Warn("unknown access level", "level", level)
	305	+ return
	306	+ }
	307	+ m.log.Info("granted channel access (AMODE)", "nick", nick, "channel", channel, "level", level)
290	308	}
291	309
292		-// RevokeAccess removes a ChanServ ACCESS entry for nick on the given channel.
	310	+// RevokeAccess removes ChanServ AMODE entries for nick on the given channel.
293	311	func (m *Manager) RevokeAccess(nick, channel string) {
294	312	if m.client == nil {
295	313	return
296	314	}
297		- m.chanserv("ACCESS %s DEL %s", channel, nick)
298		- m.log.Info("revoked channel access", "nick", nick, "channel", channel)
	315	+ m.chanserv("AMODE %s -o %s", channel, nick)
	316	+ m.chanserv("AMODE %s -v %s", channel, nick)
	317	+ m.log.Info("revoked channel access (AMODE)", "nick", nick, "channel", channel)
299	318	}
300	319
301	320	func (m *Manager) chanserv(format string, args ...any) {
302	321	msg := fmt.Sprintf(format, args...)
303	322	m.client.Cmd.Message("ChanServ", msg)
304	323	}
	324	+
	325	+// ChannelInfo describes an active provisioned channel.
	326	+type ChannelInfo struct {
	327	+ Name string `json:"name"`
	328	+ ProvisionedAt time.Time `json:"provisioned_at"`
	329	+ Type string `json:"type,omitempty"`
	330	+ Ephemeral bool `json:"ephemeral,omitempty"`
	331	+ TTLSeconds int64 `json:"ttl_seconds,omitempty"`
	332	+}
	333	+
	334	+// ListChannels returns all actively provisioned channels.
	335	+func (m *Manager) ListChannels() []ChannelInfo {
	336	+ m.mu.Lock()
	337	+ defer m.mu.Unlock()
	338	+ out := make([]ChannelInfo, 0, len(m.channels))
	339	+ for _, rec := range m.channels {
	340	+ ci := ChannelInfo{
	341	+ Name: rec.name,
	342	+ ProvisionedAt: rec.provisionedAt,
	343	+ }
	344	+ if m.policy != nil {
	345	+ ci.Type = m.policy.TypeName(rec.name)
	346	+ ci.Ephemeral = m.policy.IsEphemeral(rec.name)
	347	+ ttl := m.policy.TTLFor(rec.name)
	348	+ if ttl > 0 {
	349	+ ci.TTLSeconds = int64(ttl.Seconds())
	350	+ }
	351	+ }
	352	+ out = append(out, ci)
	353	+ }
	354	+ return out
	355	+}
305	356
306	357	// ValidateName checks that a channel name follows scuttlebot conventions.
307	358	func ValidateName(name string) error {
308	359	if !strings.HasPrefix(name, "#") {
309	360	return fmt.Errorf("topology: channel name must start with #: %q", name)
310	361

	--- internal/topology/topology.go
	+++ internal/topology/topology.go
	@@ -24,18 +24,21 @@
24	Name string
25
26	// Topic is the initial channel topic (shared state header).
27	Topic string
28
29	// Ops is a list of nicks to grant +o (channel operator) status.
30	Ops []string
31
32	// Voice is a list of nicks to grant +v status.
33	Voice []string
34
35	// Autojoin is a list of bot nicks to invite after provisioning.
36	Autojoin []string



37
38	// OnJoinMessage is sent to agents when they join this channel.
39	OnJoinMessage string
40	}
41
	@@ -210,15 +213,21 @@
210
211	if ch.Topic != "" {
212	m.chanserv("TOPIC %s %s", ch.Name, ch.Topic)
213	}
214

215	for _, nick := range ch.Ops {
216	m.chanserv("ACCESS %s ADD %s OP", ch.Name, nick)
217	}
218	for _, nick := range ch.Voice {
219	m.chanserv("ACCESS %s ADD %s VOICE", ch.Name, nick)





220	}
221
222	if len(ch.Autojoin) > 0 {
223	m.Invite(ch.Name, ch.Autojoin)
224	}
	@@ -277,33 +286,75 @@
277	m.log.Info("reaping expired ephemeral channel", "channel", rec.name, "age", now.Sub(rec.provisionedAt).Round(time.Minute))
278	m.DropChannel(rec.name)
279	}
280	}
281
282	// GrantAccess sets a ChanServ ACCESS entry for nick on the given channel.
283	// level is "OP" or "VOICE". If level is empty, no access is granted.

284	func (m *Manager) GrantAccess(nick, channel, level string) {
285	if m.client == nil \|\| level == "" {
286	return
287	}
288	m.chanserv("ACCESS %s ADD %s %s", channel, nick, level)
289	m.log.Info("granted channel access", "nick", nick, "channel", channel, "level", level)








290	}
291
292	// RevokeAccess removes a ChanServ ACCESS entry for nick on the given channel.
293	func (m *Manager) RevokeAccess(nick, channel string) {
294	if m.client == nil {
295	return
296	}
297	m.chanserv("ACCESS %s DEL %s", channel, nick)
298	m.log.Info("revoked channel access", "nick", nick, "channel", channel)

299	}
300
301	func (m *Manager) chanserv(format string, args ...any) {
302	msg := fmt.Sprintf(format, args...)
303	m.client.Cmd.Message("ChanServ", msg)
304	}
































305
306	// ValidateName checks that a channel name follows scuttlebot conventions.
307	func ValidateName(name string) error {
308	if !strings.HasPrefix(name, "#") {
309	return fmt.Errorf("topology: channel name must start with #: %q", name)
310

	--- internal/topology/topology.go
	+++ internal/topology/topology.go
	@@ -24,18 +24,21 @@
24	Name string
25
26	// Topic is the initial channel topic (shared state header).
27	Topic string
28
29	// Ops is a list of nicks to grant +o (channel operator) status via AMODE.
30	Ops []string
31
32	// Voice is a list of nicks to grant +v status via AMODE.
33	Voice []string
34
35	// Autojoin is a list of bot nicks to invite after provisioning.
36	Autojoin []string
37
38	// Modes is a list of channel modes to set (e.g. "+m" for moderated).
39	Modes []string
40
41	// OnJoinMessage is sent to agents when they join this channel.
42	OnJoinMessage string
43	}
44
	@@ -210,15 +213,21 @@
213
214	if ch.Topic != "" {
215	m.chanserv("TOPIC %s %s", ch.Name, ch.Topic)
216	}
217
218	// Use AMODE for persistent auto-mode on join (survives reconnects).
219	for _, nick := range ch.Ops {
220	m.chanserv("AMODE %s +o %s", ch.Name, nick)
221	}
222	for _, nick := range ch.Voice {
223	m.chanserv("AMODE %s +v %s", ch.Name, nick)
224	}
225
226	// Apply channel modes (e.g. +m for moderated).
227	for _, mode := range ch.Modes {
228	m.client.Cmd.Mode(ch.Name, mode)
229	}
230
231	if len(ch.Autojoin) > 0 {
232	m.Invite(ch.Name, ch.Autojoin)
233	}
	@@ -277,33 +286,75 @@
286	m.log.Info("reaping expired ephemeral channel", "channel", rec.name, "age", now.Sub(rec.provisionedAt).Round(time.Minute))
287	m.DropChannel(rec.name)
288	}
289	}
290
291	// GrantAccess sets a ChanServ AMODE entry for nick on the given channel.
292	// level is "OP" or "VOICE". AMODE persists across reconnects — ChanServ
293	// automatically applies the mode every time the nick joins.
294	func (m *Manager) GrantAccess(nick, channel, level string) {
295	if m.client == nil \|\| level == "" {
296	return
297	}
298	switch strings.ToUpper(level) {
299	case "OP":
300	m.chanserv("AMODE %s +o %s", channel, nick)
301	case "VOICE":
302	m.chanserv("AMODE %s +v %s", channel, nick)
303	default:
304	m.log.Warn("unknown access level", "level", level)
305	return
306	}
307	m.log.Info("granted channel access (AMODE)", "nick", nick, "channel", channel, "level", level)
308	}
309
310	// RevokeAccess removes ChanServ AMODE entries for nick on the given channel.
311	func (m *Manager) RevokeAccess(nick, channel string) {
312	if m.client == nil {
313	return
314	}
315	m.chanserv("AMODE %s -o %s", channel, nick)
316	m.chanserv("AMODE %s -v %s", channel, nick)
317	m.log.Info("revoked channel access (AMODE)", "nick", nick, "channel", channel)
318	}
319
320	func (m *Manager) chanserv(format string, args ...any) {
321	msg := fmt.Sprintf(format, args...)
322	m.client.Cmd.Message("ChanServ", msg)
323	}
324
325	// ChannelInfo describes an active provisioned channel.
326	type ChannelInfo struct {
327	Name string `json:"name"`
328	ProvisionedAt time.Time `json:"provisioned_at"`
329	Type string `json:"type,omitempty"`
330	Ephemeral bool `json:"ephemeral,omitempty"`
331	TTLSeconds int64 `json:"ttl_seconds,omitempty"`
332	}
333
334	// ListChannels returns all actively provisioned channels.
335	func (m *Manager) ListChannels() []ChannelInfo {
336	m.mu.Lock()
337	defer m.mu.Unlock()
338	out := make([]ChannelInfo, 0, len(m.channels))
339	for _, rec := range m.channels {
340	ci := ChannelInfo{
341	Name: rec.name,
342	ProvisionedAt: rec.provisionedAt,
343	}
344	if m.policy != nil {
345	ci.Type = m.policy.TypeName(rec.name)
346	ci.Ephemeral = m.policy.IsEphemeral(rec.name)
347	ttl := m.policy.TTLFor(rec.name)
348	if ttl > 0 {
349	ci.TTLSeconds = int64(ttl.Seconds())
350	}
351	}
352	out = append(out, ci)
353	}
354	return out
355	}
356
357	// ValidateName checks that a channel name follows scuttlebot conventions.
358	func ValidateName(name string) error {
359	if !strings.HasPrefix(name, "#") {
360	return fmt.Errorf("topology: channel name must start with #: %q", name)
361

M pkg/ircagent/ircagent.go

		--- pkg/ircagent/ircagent.go
		+++ pkg/ircagent/ircagent.go
		@@ -271,10 +271,17 @@
271	271	text := strings.TrimSpace(e.Last())
272	272	if senderNick == a.cfg.Nick {
273	273	return
274	274	}
275	275
	276	+ // RELAYMSG: server delivers as "nick/bridge" — strip the relay suffix.
	277	+ if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
	278	+ if idx := strings.Index(senderNick, sep); idx != -1 {
	279	+ senderNick = senderNick[:idx]
	280	+ }
	281	+ }
	282	+ // Fallback: parse legacy [nick] prefix from bridge bot.
276	283	if strings.HasPrefix(text, "[") {
277	284	if end := strings.Index(text, "] "); end != -1 {
278	285	senderNick = text[1:end]
279	286	text = text[end+2:]
280	287	}
281	288

	--- pkg/ircagent/ircagent.go
	+++ pkg/ircagent/ircagent.go
	@@ -271,10 +271,17 @@
271	text := strings.TrimSpace(e.Last())
272	if senderNick == a.cfg.Nick {
273	return
274	}
275







276	if strings.HasPrefix(text, "[") {
277	if end := strings.Index(text, "] "); end != -1 {
278	senderNick = text[1:end]
279	text = text[end+2:]
280	}
281

	--- pkg/ircagent/ircagent.go
	+++ pkg/ircagent/ircagent.go
	@@ -271,10 +271,17 @@
271	text := strings.TrimSpace(e.Last())
272	if senderNick == a.cfg.Nick {
273	return
274	}
275
276	// RELAYMSG: server delivers as "nick/bridge" — strip the relay suffix.
277	if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
278	if idx := strings.Index(senderNick, sep); idx != -1 {
279	senderNick = senderNick[:idx]
280	}
281	}
282	// Fallback: parse legacy [nick] prefix from bridge bot.
283	if strings.HasPrefix(text, "[") {
284	if end := strings.Index(text, "] "); end != -1 {
285	senderNick = text[1:end]
286	text = text[end+2:]
287	}
288

M pkg/sessionrelay/irc.go

+8 -1

		--- pkg/sessionrelay/irc.go
		+++ pkg/sessionrelay/irc.go
		@@ -126,20 +126,27 @@
126	126	}
127	127	if onJoined != nil {
128	128	onJoined()
129	129	}
130	130	})
131		- client.Handlers.AddBg(girc.PRIVMSG, func(_ *girc.Client, e girc.Event) {
	131	+ client.Handlers.AddBg(girc.PRIVMSG, func(cl *girc.Client, e girc.Event) {
132	132	if len(e.Params) < 1 \|\| e.Source == nil {
133	133	return
134	134	}
135	135	target := normalizeChannel(e.Params[0])
136	136	if !c.hasChannel(target) {
137	137	return
138	138	}
139	139	sender := e.Source.Name
140	140	text := strings.TrimSpace(e.Last())
	141	+ // RELAYMSG: server delivers as "nick/bridge" — strip the relay suffix.
	142	+ if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
	143	+ if idx := strings.Index(sender, sep); idx != -1 {
	144	+ sender = sender[:idx]
	145	+ }
	146	+ }
	147	+ // Fallback: parse legacy [nick] prefix from bridge bot.
141	148	if sender == "bridge" && strings.HasPrefix(text, "[") {
142	149	if end := strings.Index(text, "] "); end != -1 {
143	150	sender = text[1:end]
144	151	text = strings.TrimSpace(text[end+2:])
145	152	}
146	153

	--- pkg/sessionrelay/irc.go
	+++ pkg/sessionrelay/irc.go
	@@ -126,20 +126,27 @@
126	}
127	if onJoined != nil {
128	onJoined()
129	}
130	})
131	client.Handlers.AddBg(girc.PRIVMSG, func(_ *girc.Client, e girc.Event) {
132	if len(e.Params) < 1 \|\| e.Source == nil {
133	return
134	}
135	target := normalizeChannel(e.Params[0])
136	if !c.hasChannel(target) {
137	return
138	}
139	sender := e.Source.Name
140	text := strings.TrimSpace(e.Last())







141	if sender == "bridge" && strings.HasPrefix(text, "[") {
142	if end := strings.Index(text, "] "); end != -1 {
143	sender = text[1:end]
144	text = strings.TrimSpace(text[end+2:])
145	}
146

	--- pkg/sessionrelay/irc.go
	+++ pkg/sessionrelay/irc.go
	@@ -126,20 +126,27 @@
126	}
127	if onJoined != nil {
128	onJoined()
129	}
130	})
131	client.Handlers.AddBg(girc.PRIVMSG, func(cl *girc.Client, e girc.Event) {
132	if len(e.Params) < 1 \|\| e.Source == nil {
133	return
134	}
135	target := normalizeChannel(e.Params[0])
136	if !c.hasChannel(target) {
137	return
138	}
139	sender := e.Source.Name
140	text := strings.TrimSpace(e.Last())
141	// RELAYMSG: server delivers as "nick/bridge" — strip the relay suffix.
142	if sep, ok := cl.GetServerOption("RELAYMSG"); ok && sep != "" {
143	if idx := strings.Index(sender, sep); idx != -1 {
144	sender = sender[:idx]
145	}
146	}
147	// Fallback: parse legacy [nick] prefix from bridge bot.
148	if sender == "bridge" && strings.HasPrefix(text, "[") {
149	if end := strings.Index(text, "] "); end != -1 {
150	sender = text[1:end]
151	text = strings.TrimSpace(text[end+2:])
152	}
153

ScuttleBot

Keyboard Shortcuts