Design generic connected accounts and external grants model #971
Description
Summary
Data Machine needs a generic primitive for connected external accounts so agents can act on behalf of users or sites in a scoped, grant-based way.
This should stay generic and reusable beyond Extra Chill.
Motivation
Extra Chill's roadmap includes Roadie helping users manage:
- social media accounts
- artist platform actions
- possibly email/calendar/other connected services
This requires a clean separation between:
- platform auth (who is this WordPress user?)
- external service auth (which outside accounts has this user/site connected?)
Core requirements
- Generic provider model (
instagram,x,youtube,spotify,gsc, etc.) - Support both:
- user-owned connections
- site-owned / org-owned credentials
- Agents should act through grants, not by owning credentials directly
- Scoped permissions / provider scopes / expiration metadata
- Secure storage of credentials / refresh metadata
- Ability/tool resolution should be able to ask:
- does the acting principal have a valid connection for this provider?
- is this agent/session allowed to use it?
Suggested generic model
Connection
- connection_id
- owner_type (user|site|agent?)
- owner_id
- provider
- account_identifier
- scopes
- status
- encrypted_credentials
- refresh metadata
- expires_at
Then a separate grants/access model for agent use.
Design constraints
- Must remain Data Machine generic, not Extra Chill-specific
- Should work for both chat agents and future automation/pipelines where appropriate
- Needs a clean distinction between personal user accounts and site/org service credentials
- Avoid coupling one agent permanently to one connection
Why this matters
This is foundational for Roadie evolving from a chat widget into a real product surface for account management and social/media workflows.