Admin — approve / publish an agent
Permissions
PlatformAdminGuard reads req.user.role, which is set by AuthMiddleware from the better-auth session. The guard does not call the DB — it trusts the session payload. If a role change needs to take effect immediately, the user must sign out and back in (or session token must refresh).
Field-level effects
| Change | Side effect |
|---|---|
status | Visibility flip; if first transition to active, publishedAt set |
redirectUris | Mirrored to oauth_clients.redirect_uris |
capabilities[] / steps[] | Full replace, not patch — full array becomes the new set |
tagIds[] | Full replace of agent_tags rows |
Audit trail
Every admin write hits AuditLogMiddleware. The PostHog batch sends:
{
"event": "api_request",
"properties": {
"userId": "...",
"userRole": "platform_admin",
"method": "POST",
"path": "/agents/<id>",
"statusCode": 200,
"result": "success",
"duration_ms": 87
}
}
Failures (4xx/5xx) record the error code in the same row.
Soft delete
DELETE /agents/:id sets status: 'inactive' and disables the OAuth client. Subscriptions remain in the DB.