Problem
Data Machine's chat transcript storage is keyed around user_id. For public frontend chat, anonymous requests currently execute under the selected agent owner after access checks pass. That is acceptable for model/tool credential scope, but it is not a safe transcript ownership model.
If anonymous session APIs listed sessions by the runtime user, public visitors could see sessions owned by the agent owner or by other visitors. We need a first-class transcript owner that can be a logged-in user or a browser/session principal, while the runtime execution user can remain the agent owner.
Required shape
- Add transcript ownership fields such as
owner_type and an opaque/hashable owner key.
- Keep
user_id for compatibility/reporting, but stop using it as the only access boundary.
- Migrate existing rows as user-owned transcript sessions.
- Let
AgentsChatHandler separate:
- runtime user: agent owner for credentials/tool policy
- session principal: current WP user or anonymous/browser principal for transcript ownership
- Update session list/get/delete/read checks to use transcript owner identity.
Acceptance criteria
- Anonymous/browser principals can create, list, read, mark read, and delete only their own sessions.
- Logged-in users keep their existing session behavior.
- Public audience grants never expose agent-owner sessions.
- Existing rows remain accessible to their original WP users after migration.
- Tests cover anonymous/browser principal isolation and logged-in compatibility.
Related work
- Agents API needs principal-owned conversation-session contracts.
- Frontend Agent Chat needs a secure browser principal cookie.
- A8C Intelligence can later add WordPress.com login/account claiming for public visitors.
Problem
Data Machine's chat transcript storage is keyed around
user_id. For public frontend chat, anonymous requests currently execute under the selected agent owner after access checks pass. That is acceptable for model/tool credential scope, but it is not a safe transcript ownership model.If anonymous session APIs listed sessions by the runtime user, public visitors could see sessions owned by the agent owner or by other visitors. We need a first-class transcript owner that can be a logged-in user or a browser/session principal, while the runtime execution user can remain the agent owner.
Required shape
owner_typeand an opaque/hashable owner key.user_idfor compatibility/reporting, but stop using it as the only access boundary.AgentsChatHandlerseparate:Acceptance criteria
Related work