Skip to content

bridge: require registration token for broker registration#111

Merged
benvinegar merged 1 commit into
mainfrom
bentlegen/broker-registration-token-only
Feb 22, 2026
Merged

bridge: require registration token for broker registration#111
benvinegar merged 1 commit into
mainfrom
bentlegen/broker-registration-token-only

Conversation

@benvinegar
Copy link
Copy Markdown
Member

@benvinegar benvinegar commented Feb 22, 2026

Summary

  • require --registration-token for baudbot broker register
  • remove legacy --auth-code parsing and payload support from bin/broker-register.mjs
  • update broker registration usage/help text in bin/baudbot
  • update docs/examples to use token-only registration flow:
    • README.md
    • CONFIGURATION.md
    • AGENTS.md
    • docs/operations.md
  • update broker registration tests for token-only behavior

Why

modem-dev/baudbot-services merged the dashboard-canonical registration flow and /api/register now requires registration_token in the primary path. Keeping auth_code in baudbot caused stale UX/docs and a misleading CLI contract.

Testing

  • node --test bin/broker-register.test.mjs
  • node --check bin/broker-register.mjs
  • bash -n bin/baudbot

@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented Feb 22, 2026

Greptile Summary

This PR removes the legacy auth_code registration flow and enforces registration_token as the sole authentication mechanism for broker registration, aligning with the updated /api/register endpoint in baudbot-services.

Key changes:

  • Removed --auth-code parameter parsing from bin/broker-register.mjs
  • Updated payload to send only registration_token (previously conditionally sent both)
  • Removed legacy auth_code error mappings (403 invalid/consumed auth code)
  • Added new error mapping for 400 "missing registration proof"
  • Updated all documentation files (README.md, CONFIGURATION.md, AGENTS.md, docs/operations.md) with token-only examples
  • Updated CLI help text in bin/baudbot to show --registration-token as required
  • Added test coverage for token requirement and --auth-code rejection

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • Clean API migration with comprehensive test coverage, consistent documentation updates across all files, and proper error handling. The changes are backward-incompatible by design (removing deprecated auth_code), which is intentional and documented in the PR description
  • No files require special attention

Important Files Changed

Filename Overview
bin/broker-register.mjs Removed legacy auth_code parameter parsing and payload support, now requires registration_token only
bin/broker-register.test.mjs Updated tests to validate token-only registration flow and verify auth_code rejection
bin/baudbot Updated CLI help text to reflect required --registration-token parameter

Last reviewed commit: 6ba9064

@benvinegar benvinegar merged commit ab13d8f into main Feb 22, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benvinegar