feat(setup): operator role prompt per channel, owner by default

Previously init-first-agent auto-granted global owner to the first user wired through it and left every subsequent user as nothing — no role, no membership. That worked for the bootstrap path but broke the second channel's welcome DM: the access gate saw no role + no membership and dropped the message with accessReason='not_member'. Make the role explicit: - scripts/init-first-agent.ts accepts --role owner|admin|member (default: owner). Role drives the grant: owner -> global owner (agent_group_id=null) admin -> admin scoped to this agent group member -> no role row, just membership Idempotent via getUserRoles pre-check — safe on re-runs. addMember runs unconditionally (INSERT OR IGNORE) so the access gate has a row even for users who'd otherwise pass via role alone. - setup/lib/role-prompt.ts — shared askOperatorRole(channel) prompt with owner as the default pick. Self-host single-operator is the dominant case, so the user's fingers default to Enter. - Telegram / Discord / WhatsApp drivers all call askOperatorRole before resolving the agent name and pass --role <choice> through. Captured in progression log via setupLog.userInput('<channel>_role'). Summary output drops the fragile "promoted on first owner" hint in favor of a dedicated role: line ("owner (global)" / "admin (scoped to <ag-id>)" / "member") so re-runs make the current grant legible. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 12:57:57 +03:00
parent 4859d8fb2d
commit 596035be09
5 changed files with 132 additions and 20 deletions
--- a/setup/channels/discord.ts
+++ b/setup/channels/discord.ts
@@ -28,6 +28,7 @@ import k from 'kleur';

 import * as setupLog from '../logs.js';
 import { confirmThenOpen } from '../lib/browser.js';
+import { askOperatorRole } from '../lib/role-prompt.js';
 import { ensureAnswer, fail, runQuietChild } from '../lib/runner.js';

 const DEFAULT_AGENT_NAME = 'Nano';
@@ -88,6 +89,9 @@ export async function runDiscordChannel(displayName: string): Promise<void> {
  const dmChannelId = await openDmChannel(token, ownerUserId);
  const platformId = `discord:@me:${dmChannelId}`;

+  const role = await askOperatorRole('Discord');
+  setupLog.userInput('discord_role', role);
+
  const agentName = await resolveAgentName();

  const init = await runQuietChild(
@@ -100,6 +104,7 @@ export async function runDiscordChannel(displayName: string): Promise<void> {
      '--platform-id', platformId,
      '--display-name', displayName,
      '--agent-name', agentName,
+      '--role', role,
    ],
    {
      running: `Connecting ${agentName} to your Discord DMs…`,
--- a/setup/channels/telegram.ts
+++ b/setup/channels/telegram.ts
@@ -22,6 +22,7 @@ import k from 'kleur';

 import * as setupLog from '../logs.js';
 import { confirmThenOpen } from '../lib/browser.js';
+import { askOperatorRole } from '../lib/role-prompt.js';
 import {
  type Block,
  type StepResult,
@@ -96,6 +97,9 @@ export async function runTelegramChannel(displayName: string): Promise<void> {
    );
  }

+  const role = await askOperatorRole('Telegram');
+  setupLog.userInput('telegram_role', role);
+
  const agentName = await resolveAgentName();

  const init = await runQuietChild(
@@ -108,6 +112,7 @@ export async function runTelegramChannel(displayName: string): Promise<void> {
      '--platform-id', platformId,
      '--display-name', displayName,
      '--agent-name', agentName,
+      '--role', role,
    ],
    {
      running: `Connecting ${agentName} to your Telegram chat…`,
--- a/setup/channels/whatsapp.ts
+++ b/setup/channels/whatsapp.ts
@@ -43,6 +43,7 @@ import {
  spawnStep,
  writeStepEntry,
 } from '../lib/runner.js';
+import { askOperatorRole } from '../lib/role-prompt.js';
 import { brandBold } from '../lib/theme.js';

 const DEFAULT_AGENT_NAME = 'Nano';
@@ -101,6 +102,9 @@ export async function runWhatsAppChannel(displayName: string): Promise<void> {
    writeAssistantHasOwnNumber();
  }

+  const role = await askOperatorRole('WhatsApp');
+  setupLog.userInput('whatsapp_role', role);
+
  const agentName = await resolveAgentName();

  const platformId = `${chatPhone}@s.whatsapp.net`;
@@ -115,6 +119,7 @@ export async function runWhatsAppChannel(displayName: string): Promise<void> {
      '--platform-id', platformId,
      '--display-name', displayName,
      '--agent-name', agentName,
+      '--role', role,
    ],
    {
      running: `Connecting ${agentName} to WhatsApp…`,
@@ -128,6 +133,7 @@ export async function runWhatsAppChannel(displayName: string): Promise<void> {
        AGENT_NAME: agentName,
        PLATFORM_ID: platformId,
        MODE: isDedicated ? 'dedicated' : 'shared',
+        ROLE: role,
      },
    },
  );