Add bot user type for API integrations

[adriantaut]

This adds a bot role to the User model, following the existing system role pattern, to support programmatic API access via dedicated service accounts.

Motivation

Currently, integrating external tools with Fizzy's API requires creating a regular human user to hold a Personal Access Token. This works, but the "user" consumes a seat, appears alongside real humans in user lists, and there's no way to distinguish bot actions from human actions in the UI.

Basecamp 3 had chatbot support — this brings a similar concept to Fizzy.

We've been running this in production on our fork for AI agent integrations and it's been working well.

What this does

Model layer — bot role enum, guards mirroring system? checks:

• User::Role — adds bot to the enum, bot scope, bots included in active scope
• User::Configurable — skip settings creation for bots
• User::Settings — skip email bundling for bots
• User — bots are always considered "setup"
• Notifier, Comment::Eventable, Notification::Pushable — skip notifications, event tracking, and push for bot-created actions

Controllers (2 new, admin-only):

• Account::BotsController — CRUD for bot users (create with transactional identity + token provisioning, rename, deactivate)
• Account::BotAccessTokensController — token management per bot (mirrors My::AccessTokensController)

Views:

• Bot management pages (new, show with token table)
• _bot_user.html.erb partial to keep _user.html.erb clean
• "Create bot" button for admins in account settings
• comment-by-bot CSS class on comments

JSON API for programmatic provisioning:

• POST /account/bots — returns { user: { id, name, role }, token: "..." }
• PATCH /account/bots/:id — rename bot
• DELETE /account/bots/:id — deactivate bot

Test plan

• 1435 tests pass (0 failures, 0 errors)
• 17 new tests across 3 new test files covering bot CRUD, token management, access control, and model behavior

Closes #2617

[claude]

Claude Code Review

This pull request is from a fork — automated review is disabled. A repository maintainer can comment @claude review to run a one-time review.

[Copilot]

Pull request overview

This PR adds support for bot/service account users in Fizzy's API integrations. It implements a new bot user role that allows creating dedicated service accounts for programmatic API access, solving the previous issue where bots had to be created as regular human users and consume a seat.

Changes:

• Added bot user role enum with corresponding database scopes and access controls
• Bot users skip settings creation, email bundling, and event tracking (similar to system users)
• Created two new admin-only controllers for bot CRUD operations and access token management
• Added bot management UI with separate _bot_user.html.erb partial and new bot creation endpoints
• Implemented JSON API for programmatic bot provisioning (POST /account/bots, PATCH, DELETE)
• Bot actions (comments, events) are visually distinguished with comment-by-bot CSS class

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
app/models/user/role.rb	Added bot to role enum and scopes, including new bot scope
app/models/user/configurable.rb	Skip settings creation for bots (mirroring system user behavior)
app/models/user/settings.rb	Skip email bundling for bots
app/models/user.rb	Bot users always considered "setup"
app/models/notifier.rb	Skip notifications for bot-created actions
app/models/notification/pushable.rb	Skip push notifications for bot actions
app/models/comment/eventable.rb	Skip event tracking for bot-created comments
app/controllers/account/bots_controller.rb	New CRUD controller with admin-only access for bot management
app/controllers/account/bot_access_tokens_controller.rb	New controller for bot access token management
app/views/account/settings/_bot_user.html.erb	New partial for rendering bot users in settings list
app/views/account/settings/_users.html.erb	Modified to conditionally render bot vs. regular user partials
app/views/cards/comments/_comment.html.erb	Added comment-by-bot CSS class for styling bot comments
app/views/account/bots/new.html.erb, show.html.erb	New views for bot creation and management UI
app/views/account/bot_access_tokens/new.html.erb	New view for generating bot access tokens
test/models/user/bot_test.rb	New tests for bot model behavior
test/controllers/account/bots_controller_test.rb	New tests for bot controller actions
test/controllers/account/bot_access_tokens_controller_test.rb	New tests for token management
config/routes.rb	Added nested routes for bot and bot_access_tokens resources

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.