Slash commands: User/Mod/Admin/Owner tiers wired through the audit log#32
Merged
Merged
Conversation
Adds a Tier helper in tempest-perms that maps the 80-bit permission mask plus the server owner flag to a coarse User / Mod / Admin / Owner label. Tiers are display-only; every gate still resolves down to specific bit checks. Existing servers already auto-create Owner / Admin / Moderator / User / @everyone roles on creation, so no migration is needed for the role tier shape itself. A new commands module in tempest-api exposes a 17-entry catalog and a single POST /servers/:server_id/commands dispatcher. GET on the same path returns the catalog with an `allowed` flag per command computed from the caller's mask, so the client UI can gray out anything the caller cannot run. Each dispatch resolves the mask once, runs the per-command access check, executes against tempest_db, publishes gateway events when relevant, and writes audit rows: the original fine-grained event (member.banned, channel.locked, channel.slowmode_set, messages.bulk_deleted, server.renamed, server.ownership_transferred, server.deleted, server.announcement, audit.queried, role.assigned, role.unassigned, member.timeout_set, member.timeout_cleared, member.kicked, member.unbanned, member.nickname_changed) plus a single command.invoked envelope for every dispatch with metadata for the command name, tier, success flag, and denied reason. Backend additions besides the dispatcher: * tempest-db channels::lock_state / set_locked, plus a 0012 migration that extends channels with locked / locked_by / locked_at / lock_reason columns. The send-message path refuses non-mod posts when the channel is locked. * tempest-db messages::bulk_soft_delete for /purge, returning the tombstoned ids so the dispatcher can publish MessageDelete fanout. * tempest-db servers::transfer_ownership for /transfer-owner. Frontend (apps/web): * lib/commands.ts: catalog mirror, slash parser, mention/duration parsing, dispatch helper. Cosmetic /me /shrug /tableflip /unflip rewrite the message; /whois /help run client-side. * components/CommandPalette.tsx: Cmd/Ctrl+K and `/` on an empty composer open a palette grouped by tier with `allowed` graying out commands the caller cannot run. Selecting a row inserts the usage template into the composer. * chat.tsx send() intercepts /-prefixed drafts before the regular send path, surfaces command results and parse errors via a six-second status banner above the composer. * styles.css covers the palette and the status banner. Tests: * crates/tempest-perms tier::tests covers owner bypass, admin and mod bit promotion, rank ordering, plain-member fallthrough. * crates/tempest-api commands::tests covers catalog uniqueness, owner bypass, empty-mask deny, admin access semantics, and per-bit access checks for every catalog entry.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.