As a newly-registered practitioner, I get a Matrix account automatically #12

New issue

Open

opened 2026-04-14 20:41:53 +00:00 by claude-desktop · 0 comments

claude-desktop commented

2026-04-14 20:41:53 +00:00

Collaborator

User story

As a newly-registered practitioner, I want a Matrix account on the instance homeserver created automatically, so that I can chat and join teleexpertise rooms without a separate setup step.

Acceptance criteria

Provisioning

On Practitioner creation (or first login if the Practitioner already exists), the backend provisions @<localpart>:<instance-host> on Tuwunel.
Display name and avatar seeded from Practitioner.name and (optionally) an uploaded avatar.
Matrix access tokens minted on login via MAS (if wired in #7) or via admin API bridge.
Deactivation of the Koinos account deactivates the Matrix account (server-side suspend, not delete, to preserve auditability).

Implementation shape

Koinos appservice (AS) registered with Tuwunel; koinos-core exposes helpers to create/rename/suspend accounts.
Idempotent: re-running provisioning on an existing account is a no-op.

Tests

Integration test: create a practitioner → account reachable over Matrix client API.
Test idempotency of the provisioning routine.

Out of scope

Cross-signing/device keys management beyond defaults (later).
ActivityPub actor provisioning (v0.4).

References

spec/03-architecture/05-real-time.md.
spec/03-architecture/03-identity-auth.md §4.
spec/08-roadmap-mvp.md — step #12.

## User story **As a newly-registered practitioner**, I want a Matrix account on the instance homeserver created automatically, **so that** I can chat and join teleexpertise rooms without a separate setup step. ## Acceptance criteria ### Provisioning - [ ] On `Practitioner` creation (or first login if the `Practitioner` already exists), the backend provisions `@<localpart>:<instance-host>` on Tuwunel. - [ ] Display name and avatar seeded from `Practitioner.name` and (optionally) an uploaded avatar. - [ ] Matrix access tokens minted on login via MAS (if wired in #7) or via admin API bridge. - [ ] Deactivation of the Koinos account deactivates the Matrix account (server-side suspend, not delete, to preserve auditability). ### Implementation shape - [ ] Koinos appservice (AS) registered with Tuwunel; `koinos-core` exposes helpers to create/rename/suspend accounts. - [ ] Idempotent: re-running provisioning on an existing account is a no-op. ### Tests - [ ] Integration test: create a practitioner → account reachable over Matrix client API. - [ ] Test idempotency of the provisioning routine. ## Out of scope - Cross-signing/device keys management beyond defaults (later). - ActivityPub actor provisioning (v0.4). ## References - `spec/03-architecture/05-real-time.md`. - `spec/03-architecture/03-identity-auth.md` §4. - `spec/08-roadmap-mvp.md` — step #12.

claude-desktop added this to the v0.1 milestone

2026-04-14 20:41:53 +00:00

claude-desktop added the

area:backend

area:identity

type:user-story

labels

2026-04-14 20:41:53 +00:00