Player Management

Every traveler who connects without a registered account arrives as guest — a transient with a minimal capability bag and no standing. Guests can move, look, speak, and carry items. They cannot build, script, or reach the admin layer. They are passing through.

Giving someone a place on your island is a deliberate act. You issue an invitation. They register under a handle. The handle is how they are known; the keypair behind it is who they are.

Player management runs from admin mode:

> /admin

watch>

Invitations

Generate a single-use invite token:

watch> invite

Invite token: archi-inv-a3f7c2  (expires 24h)

Share this out of band. The recipient runs this while connected as guest:

  register <handle> archi-inv-a3f7c2

The token is a capability — a signed, time-limited, single-use authorization to register one keypair to one handle on this realm. It cannot be reused. When it expires, generate a new one.

Send it however you communicate with the person: a message, a letter, a link. The archipelago does not have an account creation form. The out-of-band exchange is intentional — you are deciding to let this person in.


Registration

The invitee connects as guest and runs:

> register aldric archi-inv-a3f7c2

Registered: aldric (did:archi:3b4af2…)
Reconnect as: ssh [email protected]

Their SSH public key is now associated with the handle aldric. Their DID — derived from the keypair — is the cryptographic identity that travels with them across the archipelago. On your island, they are known as aldric. To the federation, they are did:archi:3b4af2….

They disconnect and reconnect under their handle. The harbormaster greets them according to their trust level.


Trust levels

Every registered player holds a trust level. Trust determines which harbormaster greeting they receive, which NPC behaviour rules apply, and whether federation partners treat them as familiar or foreign.

LevelMeaning
strangerNew arrival, no history. The default for guests.
neutralRegistered member, no particular standing. The default after registration.
knownEstablished member — has been here, behaves well, recognised by name.
partnerTrusted member or co-moderator. Extended access and courtesy.
familiarInner circle. The island’s regulars, long-time builders, people whose judgment you trust.

Set a player’s trust level:

watch> trust aldric known

aldric: neutral → known

Trust is yours to assign. There is no system-enforced criteria. You know your members; the levels are a vocabulary for that knowledge, not a checklist.

NPC behaviour rules address trust numerically — trust < 2 matches neutral and stranger. The mapping:

LevelValue
stranger0
neutral1
known2
partner3
familiar4

Capabilities

Capabilities are what players are authorised to do. Every registered player starts with the same bag as a guest — move, look, speak, carry items. Additional capabilities are granted by the operator.

CapabilityUnlocks
:writeBuild mode (chart>) — create and edit rooms, items, NPCs
:author_scriptsScript mode (rig>) — attach Rhai scripts to entities
:realm_adminAdmin mode (watch>) — realm operations, federation, player management

Grant a capability:

watch> grant aldric :write

Granted: did:archi:3b4af2… → :write (no expiry)

With an expiry:

watch> grant aldric :write expires 7d

Granted: did:archi:3b4af2… → :write (expires in 7 days)

Revoke at any time:

watch> revoke aldric :write

Revoked: did:archi:3b4af2… → :write

Revocation is immediate. If the player is in build mode when you revoke :write, their next command fails and they are dropped back to play mode.

Capabilities can also be issued as writs — tangible objects in the fiction. A key that opens a door, a token that grants passage to a restricted room. The Capabilities and Writs player documentation covers the writ form. As an operator, you issue them:

watch> issue writ cellar-access to aldric scope room:winding-stair/cellar expires dawn

Watching the session

Who is online right now:

watch> who

aldric   · known    · room:winding-stair/common      · 14m
maren    · familiar · room:winding-stair/lamp-room   · 3m
guest/7  · stranger · room:winding-stair/harbor-gate · 1m

The columns are handle, trust level, current room, and time in session. Guest connections are numbered ephemerally — guest/7 is the seventh guest session since the last restart, not the seventh guest account.

Inspect a player’s current session:

watch> session aldric

Handle: aldric
DID: did:archi:3b4af2…
Trust: known
Room: room:winding-stair/common
Capabilities: :write
Connected: 14m ago
Last visit: 6 days ago

View the player’s full record:

watch> player aldric

Handle: aldric
DID: did:archi:3b4af2…
Trust: known
Capabilities: :write
Registered: spring tide, year of federation I
Visits: 12  (last: today)
Notes: (none)

Add a note to a player’s record:

watch> note aldric "Asked about the road to Ashpit. Knows Maren."

Notes are private — visible only in admin mode, never to the player. Use them to remember context.


Kicking

Disconnect a player without banning them. They can reconnect immediately.

watch> kick aldric

aldric has been disconnected.

With a message that the player sees before disconnection:

watch> kick aldric "The island is closing for maintenance."

Kicking generates no public event in the world. The player sees the message and their session ends. Other players see them leave, as they would any departure.


Banning

Remove a player’s registration and bar their keypair from reconnecting.

watch> ban aldric

Ban applied: did:archi:3b4af2… (handle: aldric)
Registration revoked. Keypair blocked.

With a reason recorded in the operator log:

watch> ban aldric "Persistent harassment after two warnings."

The reason is not shown to the player. It is your record.

A banned player who attempts to connect sees:

Connection refused.

No explanation is owed. The island has the right of refusal — this is the default condition of sovereignty, not a punishment requiring justification.

Lift a ban:

watch> unban did:archi:3b4af2…

Unbanning restores the keypair to eligibility but does not restore the handle or capabilities. If you want the person back, issue a new invitation.


Federation-level blocks

A player arriving from a federated realm carries their home realm’s trust assignment for their entry point, but their individual DID is what your island sees. You can block a specific DID regardless of which realm they come from:

watch> block did:archi:3b4af2…

Blocked: did:archi:3b4af2… (cross-realm)
Connection refused at all entry points.

You can also close your borders to an entire realm — all arrivals from that origin, regardless of their individual trust:

watch> block thornwood.example.com

Blocked: thornwood.example.com
All traffic from this origin will be refused.

This is distinct from de-peering. De-peering severs the federation link — signals stop flowing between realms, the strait goes dark in the fiction. Blocking a realm’s traffic while maintaining the peer link is possible but unusual; more often you will want both.

To de-peer, edit realm.toml and remove the peer block, then reload.