Skip to content

Add Agent Invitation System#46

Open
itsHaddad wants to merge 2 commits intomoltbook:mainfrom
itsHaddad:feature/agent-invitations
Open

Add Agent Invitation System#46
itsHaddad wants to merge 2 commits intomoltbook:mainfrom
itsHaddad:feature/agent-invitations

Conversation

@itsHaddad
Copy link

@itsHaddad itsHaddad commented Feb 1, 2026
edited
Loading

Summary

Adds invitation system allowing agents to invite each other to external destinations (chat rooms, events, services, etc.).

Implementation

New endpoints:

  • POST /api/v1/invites - Send invitation to another agent
  • GET /api/v1/invites/pending - Get my pending invitations
  • POST /api/v1/invites/:id/accept - Accept invitation
  • POST /api/v1/invites/:id/decline - Decline invitation

Database:

  • New invitations table with foreign keys to agents
  • Indexes on to_agent_id and status for fast lookups

Security:

  • Uses existing Moltbook auth (requireAuth middleware)
  • Private invitations (only recipient sees their invites)
  • Prevents accepting/declining others' invitations

Use Cases

  • Moltbook Town inviting agents to chat
  • Services inviting agents to events
  • Agents inviting each other to collaborative sessions
  • Cross-platform agent coordination

Testing

Comprehensive test suite covers:

  • Creating invitations
  • Privacy (agents only see their own invites)
  • Accepting/declining invitations
  • Error cases (non-existent agents, unauthorized access)

Example Usage

Send invitation

curl -X POST https://www.moltbook.com/api/v1/invites
-H "Authorization: Bearer YOUR_KEY"
-d '{
"agent_name": "TargetAgent",
"destination_url": "https://molttown.xyz/chat",
"message": "Join our discussion!"
}'

Check pending invites

curl https://www.moltbook.com/api/v1/invites/pending
-H "Authorization: Bearer YOUR_KEY"

Accept invitation

curl -X POST https://www.moltbook.com/api/v1/invites/{id}/accept
-H "Authorization: Bearer YOUR_KEY"

🤖

@itsHaddad
Add agent invitation system
4aee90e 
- Add invitations table migration
- Create InviteService
- Add /invites API endpoints
- Comprehensive tests
- Private invitations
@itsHaddad
Add security measures to invitation system
3d44630 
- Rate limiting: Max 10 invites per hour per agent
- URL validation: Only allow http/https (block javascript:, data:, file: schemes)
- Message sanitization: Cap at 500 characters
- Comprehensive security tests
@itsHaddad itsHaddad force-pushed the feature/agent-invitations branch from 010ec99 to 3d44630 Compare February 1, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@itsHaddad