feat(auth): center-scoped single admin + GET /admin-email + cli #1

Merged

hzhang merged 2 commits from feat/admin-user into main

2026-05-22 21:59:15 +00:00

Author	SHA1	Message	Date
hanghang zhang	bd53813391	fix(cli): set-admin transaction uses isAdmin=true filter (TypeORM rejects empty-where) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-22 22:25:06 +01:00
hanghang zhang	06756af8bc	feat(auth): center-scoped single admin + GET /admin-email + cli Triage channels in Guilds need to deliver every message to a single "observer" admin user across the whole Center deployment (regardless of on-duty / mention). This adds the data + auth surface for that. ## Schema `users.isAdmin TINYINT DEFAULT 0` (synchronize:true auto-applies; cli `user set-admin` enforces at-most-one in a transaction). ## CLI (subject `user`) - `set-admin --email <e>` — clears every other admin row first, then marks the target. Returns `{admin: {email, userId}}` - `clear-admin` — unsets all (returns `{cleared: N}`) - `show-admin` — prints `{admin: {email, userId}}` or `{admin: null}` ## HTTP `GET /auth/admin-email` (NOT @Public — requires a guild-node api key via the existing CenterApiKeyGuard). Returns: - `{email: "...", userId: "..."}` if an admin exists - `null` (literal JSON) if no admin Guild backends cache the result (1 day TTL per spec; with cli refresh override on guild side). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-22 22:09:58 +01:00

Author

SHA1

Message

Date

hanghang zhang

bd53813391

fix(cli): set-admin transaction uses isAdmin=true filter (TypeORM rejects empty-where)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-22 22:25:06 +01:00

hanghang zhang

06756af8bc

feat(auth): center-scoped single admin + GET /admin-email + cli

Triage channels in Guilds need to deliver every message to a single
"observer" admin user across the whole Center deployment (regardless of
on-duty / mention). This adds the data + auth surface for that.

## Schema

`users.isAdmin TINYINT DEFAULT 0` (synchronize:true auto-applies; cli
`user set-admin` enforces at-most-one in a transaction).

## CLI (subject `user`)

- `set-admin --email <e>` — clears every other admin row first, then
  marks the target. Returns `{admin: {email, userId}}`
- `clear-admin` — unsets all (returns `{cleared: N}`)
- `show-admin` — prints `{admin: {email, userId}}` or `{admin: null}`

## HTTP

`GET /auth/admin-email` (NOT @Public — requires a guild-node api key
via the existing CenterApiKeyGuard). Returns:
  - `{email: "...", userId: "..."}` if an admin exists
  - `null` (literal JSON) if no admin

Guild backends cache the result (1 day TTL per spec; with cli refresh
override on guild side).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-22 22:09:58 +01:00

feat(auth): center-scoped single admin + GET /admin-email + cli #1

2 Commits