For blocklisting, users with a role set as blocklist cannot use the picker UI for that server. This would benefit guilds with mute roles.

For allowlisting, users without a role set as allowlist cannot use the picker UI for that server. This would benefit guilds with gatekeeping roles.

When both are present, blocklist wins.

Category delete was overlooked in initial editor implementation

tbd

Handle a new Discord feature adding pending field to members.

Implementation:

• API
  • POST /revoke-session
    • Calls OAuth2 revoke
    • Deletes session from KV regardless of outcome
• Web
  • /machinery/logout
    • Fetch call to API
    • Delete cookies, sessionStorage, return to landing

Currently all Suspense and data-loading states are a white page. A state should be made for generic loading, and possibly skeleton states later.

On mobile, :active includes anything previously tapped. This makes the check ✔️ inside the role component stay even when the role is disabled, and will disappear after tapping another thing.

Using RoleypolyNext bot (currently in Next-Stage),

• Add production secrets to secret store
• Click deploy as production
• Ensure bot is deployed
• Move Next-Stage to another bot token
• Update Next marketing to use https://next.roleypoly.com

As a role editor, I would like to add roles to my Discord server while editing my server on Roleypoly.

In scope:

• Inside search picker, allow role creation with no permissions at the last-most position
• Optional: color picker/palette

Not in scope:

• Editing roles
• Deleting roles
• Reordering roles

When i need to add another category for roles, it says there is none and the roleypoly role is above the other roles and i needed color roles and one of my mods informed me it wasn’t working and it says the color role is above the roleypoly role even tho it has no permissions to the color roles and the roleypoly role is above them/has all permissions

KSUIDs were used for session keys for speed of development, but we'd rather use something far longer and more random in order to make it exceedingly difficult to hijack sessions. UUIDv4s would be acceptable, but anything is possible. Please tradeoff size vs complexity, as these do get sent in headers, which do have a size limit.

On...

• /servers
• /s/:id
• Masthead
  ...links have default styling.

Regression introduced with removing next/link

Implementation:

• API
  • GET /login-bounce
    • Builds Discord OAuth token flow URL, redirects to it
  • GET /login-callback
    • Finishes token flow
    • Gets current user with credential
    • Fetches current user guilds with credentials (fixes #52)
    • Creates a session in KV with token, user, guilds
• UI
  • /machinery/new-session?id=
    • Sets sessionStorage session_key
    • Sets HTTP-only cookie rp_session_key
    • Redirects to / for reconciliation

Optionally enable or disable the ability to pick roles when a member has one of these roles set by an administrator.

As a server manager, I would like to know when changes to Roleypoly occur via the Editor by my fellow server managers, so than I can understand when or why modifications were made.

Acceptance Criteria

• In the editor "utilities" pane, add an input for a Discord Webhook URL, which is saved to the GuildData KV.
• Optionally, add an 'audit log' subpage of the guild editor to walk and/or automate through the necessary Webhook setup, which would be able to set and save the webhook URL.
• On edits, send a detailed notification via the webhook detailing changes, like category modifications, etc, and who did it, if the webhook URL is set.
• None of this data should be stored, only sent via webhook.

We originally left Discord.js due to needs around sharding being harder to manage, and some gRPC-ish concerns in an earlier iteration of the bot.

Most of these concerns have been sidelined, as the bot barely does anything of value anymore, and the value available is very well targetted.

Acceptance Criteria

• /src/discord-bot is made into a node package in packages/bot
• hack/dockerfiles/bot.Dockerfile updated to use node
• Go tooling (e.g. CI/CD, go.mod) is removed
• Functionally and operationally identical to the status quo
  • Not in scope: root commands for stats
• Must support sharding on a single process

As an administrator with a complicated set of roles, I want to be able to pick roles manually for users and have some other roles automatically assigned to those users based on rules I create.

e.g., I might have a role called Steering Committee Member. A user is on the Steering Committee if they are chair of any committee, an elected delegate, or a member of the executive council. The roles for chair, elected delegate, and exec council are set manually, but I want Roleypoly to set the Steering Committee Member role automatically. If the user in the future has no such required roles, the dependent role should be removed.

This is somewhat related to the allowlist/denylist feature in that we have essentially gated certain roles on others, except that in this case the role is automatically set rather than just being allowed to be added by the user.

Just added the bot to my friends discord server but nothing shows up on the website after it's added

Store any newly accessed servers in localStorage, sorted by recency.

In Server Nav/Picker, separate a "Recents" area at the top, using data passed down from page-level.

As an editor, I'd like to limit the number of roles selectable within a category so that a user can pick between 1 and any number of roles.

Implementation

Likely change the "category type" selector to match:

• 0 = Multi (for backwards compatibility)
• 1 = Single (for backwards compatibility)
• number = Maximum of N

• It doesn't align itself properly on mobile
• It doesn't close when clicked outside of

Repro:

1. Open https://stage.roleypoly.com/s/386659935687147521 while logged in
2. Reload
3. Observe login page

Workaround:

1. Navigate away
2. Navigate back

Looks like server is missing auth state while client has auth.

Investigate InteractionObserver, etc for making backgroundImage get set when in frame.

• Add some basic troubleshooting page for if the bot or web app isn't acting properly
• Gives 1% more visibility into infrastructure
• Since shards aren't publicly accessible for a pull-style uptime check, shards should send a heartbeat to the API.

Prelude branch in feat/heartbeat

As a user, I'd like to have a quick overview of how the editor works, so that I can better understand it.

In certain cases, Auth redirects may be necessary.

• Landing / when authed
• Server Picker /servers when anonymous
• Auth Login /auth/login when authed
• Role Picker /s/[id] when anonymous
• Server Editor /s/[id]/edit when not editor (will be covered in #82)

A user must be able to login, and their permissions must aggregate throughout the platform and UI.

Needs roleypoly/auth#1 to manage sessions.

Supported via two methods:

• OAuth via Discord
• DM via bot

Related stories:

• roleypoly/auth#1
• roleypoly/auth#2
• roleypoly/auth#3
• roleypoly/discord#1
• roleypoly/discord#2
• roleypoly/ui#1

tbd

As a server manager, I would like to fetch my categories from Legacy/v1 so that I don't have to set up my roles/categories again.

The API parts of this are present, this covers the manager action button instead of using API.

Since guild data is the most critical data we hold, lets sync it to GCP somehow.

Possible path, after some exploration:

• Due to CF Worker config limits re: GCP auth, push GuildData changes to a Cloud Function that stores it in Cloud Storage.
• Another function for the opposite direction, pulling data out.
• Add a circuit breaker and/or env flag to make the main worker use GCP "failover store" instead of KV in case of bad stuff.

As a new server manager, I would like to be redirected to the editor when Roleypoly successfully joins via the Discord OAuth flow, so that I can set up my server settings.

Currently, the OAuth flow finishes with a "done!" instead of redirecting.

This would include some configuration changes and Discord app config setting changes to point to the webapp for the redirect.

This was removed from the CRA port, but should be added back in.

Users would be able to pick their roles from an available list of roles.

Roles with dangerous permissions; ADMINISTRATOR, MANAGE_SERVER, MANAGE_ROLES; cannot be selected, and will be disabled.

Roles that are not categorized may not be selected.

Roles in a hidden category may not be selected.

Due to the given nature of these constraints, one would consider doing a whitelist of roles without dangerous permissions and filter any that do not apply.

• Don't let non-interactable states look interactable (e.g. guilds disabled)

Using Roleypoly bot (current in Legacy Prod)

• Change Next-Prod bot token to Legacy-Prod
• Decommission Legacy-Prod (but not Legacy-Stage, as it's doing guild data importing in short-term)
• Finalize Legacy DB export, put somewhere
• Import from Legacy DB export instead of using Legacy-Stage, make a ticket to capture.
• Finally, decommission any unnecessary remaining infrastructure.

Using masthead data, create a dashboard page for all servers the user is in.

Guild admins (perms: ADMINISTRATOR and MANAGE_ROLES) would be able to use the editor.

Editor would have a way to categorize roles.

Editor would have a way to create, edit, and sort categories.

Editor would be extensible to support other various modules, such as a blacklist/whitelist system.

Take a design exploration pass of /servers page

Ideas:

• Grouped by role (Admin, Manager, User)
• Icons and boundaries for Recent/All/Groups
• Favorites? (local only)

Design language changes should also be applied to guilds popover

If I set some roles under "Block roles from using Roleypoly" or "Allow these roles to use Roleypoly", press save & exit, and then open that menu again, no roles are listed.