Player Management
Every traveler who connects without a registered account arrives as guest — a transient with a minimal capability bag and no standing. Guests can move, look, speak, and carry items. They cannot build, script, or reach the admin layer. They are passing through.
Giving someone a place on your island is a deliberate act. You issue an invitation. They register under a handle. The handle is how they are known; the keypair behind it is who they are.
Player management runs from admin mode:
> /admin
watch>
Invitations
Generate a single-use invite token:
watch> invite
Invite token: archi-inv-a3f7c2 (expires 24h)
Share this out of band. The recipient runs this while connected as guest:
register <handle> archi-inv-a3f7c2
The token is a capability — a signed, time-limited, single-use authorization to register one keypair to one handle on this realm. It cannot be reused. When it expires, generate a new one.
Send it however you communicate with the person: a message, a letter, a link. The archipelago does not have an account creation form. The out-of-band exchange is intentional — you are deciding to let this person in.
Registration
The invitee connects as guest and runs:
> register aldric archi-inv-a3f7c2
Registered: aldric (did:archi:3b4af2…)
Reconnect as: ssh [email protected]
Their SSH public key is now associated with the handle aldric. Their DID — derived from the keypair — is the cryptographic identity that travels with them across the archipelago. On your island, they are known as aldric. To the federation, they are did:archi:3b4af2….
They disconnect and reconnect under their handle. The harbormaster greets them according to their trust level.
Trust levels
Every registered player holds a trust level. Trust determines which harbormaster greeting they receive, which NPC behaviour rules apply, and whether federation partners treat them as familiar or foreign.
| Level | Meaning |
|---|---|
stranger | New arrival, no history. The default for guests. |
neutral | Registered member, no particular standing. The default after registration. |
known | Established member — has been here, behaves well, recognised by name. |
partner | Trusted member or co-moderator. Extended access and courtesy. |
familiar | Inner circle. The island’s regulars, long-time builders, people whose judgment you trust. |
Set a player’s trust level:
watch> trust aldric known
aldric: neutral → known
Trust is yours to assign. There is no system-enforced criteria. You know your members; the levels are a vocabulary for that knowledge, not a checklist.
NPC behaviour rules address trust numerically — trust < 2 matches neutral and stranger. The mapping:
| Level | Value |
|---|---|
stranger | 0 |
neutral | 1 |
known | 2 |
partner | 3 |
familiar | 4 |
Capabilities
Capabilities are what players are authorised to do. Every registered player starts with the same bag as a guest — move, look, speak, carry items. Additional capabilities are granted by the operator.
| Capability | Unlocks |
|---|---|
:write | Build mode (chart>) — create and edit rooms, items, NPCs |
:author_scripts | Script mode (rig>) — attach Rhai scripts to entities |
:realm_admin | Admin mode (watch>) — realm operations, federation, player management |
Grant a capability:
watch> grant aldric :write
Granted: did:archi:3b4af2… → :write (no expiry)
With an expiry:
watch> grant aldric :write expires 7d
Granted: did:archi:3b4af2… → :write (expires in 7 days)
Revoke at any time:
watch> revoke aldric :write
Revoked: did:archi:3b4af2… → :write
Revocation is immediate. If the player is in build mode when you revoke :write, their next command fails and they are dropped back to play mode.
Capabilities can also be issued as writs — tangible objects in the fiction. A key that opens a door, a token that grants passage to a restricted room. The Capabilities and Writs player documentation covers the writ form. As an operator, you issue them:
watch> issue writ cellar-access to aldric scope room:winding-stair/cellar expires dawn
Watching the session
Who is online right now:
watch> who
aldric · known · room:winding-stair/common · 14m
maren · familiar · room:winding-stair/lamp-room · 3m
guest/7 · stranger · room:winding-stair/harbor-gate · 1m
The columns are handle, trust level, current room, and time in session. Guest connections are numbered ephemerally — guest/7 is the seventh guest session since the last restart, not the seventh guest account.
Inspect a player’s current session:
watch> session aldric
Handle: aldric
DID: did:archi:3b4af2…
Trust: known
Room: room:winding-stair/common
Capabilities: :write
Connected: 14m ago
Last visit: 6 days ago
View the player’s full record:
watch> player aldric
Handle: aldric
DID: did:archi:3b4af2…
Trust: known
Capabilities: :write
Registered: spring tide, year of federation I
Visits: 12 (last: today)
Notes: (none)
Add a note to a player’s record:
watch> note aldric "Asked about the road to Ashpit. Knows Maren."
Notes are private — visible only in admin mode, never to the player. Use them to remember context.
Kicking
Disconnect a player without banning them. They can reconnect immediately.
watch> kick aldric
aldric has been disconnected.
With a message that the player sees before disconnection:
watch> kick aldric "The island is closing for maintenance."
Kicking generates no public event in the world. The player sees the message and their session ends. Other players see them leave, as they would any departure.
Banning
Remove a player’s registration and bar their keypair from reconnecting.
watch> ban aldric
Ban applied: did:archi:3b4af2… (handle: aldric)
Registration revoked. Keypair blocked.
With a reason recorded in the operator log:
watch> ban aldric "Persistent harassment after two warnings."
The reason is not shown to the player. It is your record.
A banned player who attempts to connect sees:
Connection refused.
No explanation is owed. The island has the right of refusal — this is the default condition of sovereignty, not a punishment requiring justification.
Lift a ban:
watch> unban did:archi:3b4af2…
Unbanning restores the keypair to eligibility but does not restore the handle or capabilities. If you want the person back, issue a new invitation.
Federation-level blocks
A player arriving from a federated realm carries their home realm’s trust assignment for their entry point, but their individual DID is what your island sees. You can block a specific DID regardless of which realm they come from:
watch> block did:archi:3b4af2…
Blocked: did:archi:3b4af2… (cross-realm)
Connection refused at all entry points.
You can also close your borders to an entire realm — all arrivals from that origin, regardless of their individual trust:
watch> block thornwood.example.com
Blocked: thornwood.example.com
All traffic from this origin will be refused.
This is distinct from de-peering. De-peering severs the federation link — signals stop flowing between realms, the strait goes dark in the fiction. Blocking a realm’s traffic while maintaining the peer link is possible but unusual; more often you will want both.
To de-peer, edit realm.toml and remove the peer block, then reload.