botschat 0.1.20 → 0.1.21

package/packages/api/src/index.ts

@@ -5,9 +5,6 @@ import { authMiddleware, verifyToken, getJwtSecret, verifyMediaSignature, signMe
 import { randomUUID } from "./utils/uuid.js";
 import { auth } from "./routes/auth.js";
 import { agents } from "./routes/agents.js";
-import { agentsV2 } from "./routes/agents-v2.js";
-import { migrateV2 } from "./routes/migrate-v2.js";
-import { historyV2 } from "./routes/history-v2.js";
 import { channels } from "./routes/channels.js";
 import { tasks } from "./routes/tasks.js";
 import { jobs } from "./routes/jobs.js";
@@ -18,6 +15,7 @@ import { upload } from "./routes/upload.js";
 import { push } from "./routes/push.js";
 import { setup } from "./routes/setup.js";
 import { devAuth } from "./routes/dev-auth.js";
+import { demo, isDemoUserId } from "./routes/demo.js";
 
 // Re-export the Durable Object class so wrangler can find it
 export { ConnectionDO } from "./do/connection-do.js";
@@ -91,15 +89,37 @@ app.get("/api/health", (c) => c.json({ status: "ok", version: "0.1.0" }));
 // ---- Public routes (no auth) ----
 app.route("/api/auth", auth);
 app.route("/api/dev-auth", devAuth);
+app.route("/api/demo", demo);
 app.route("/api/setup", setup);
 
 // ---- Protected routes (require Bearer token) ----
 const protectedApp = new Hono<{ Bindings: Env; Variables: { userId: string } }>();
 protectedApp.use("/*", authMiddleware());
+
+// Block sensitive operations for the demo user
+const DEMO_BLOCKED_ROUTES: Array<{ method: string; pattern: RegExp }> = [
+  { method: "POST",   pattern: /^\/pairing-tokens/ },
+  { method: "POST",   pattern: /^\/upload/ },
+  { method: "DELETE", pattern: /^\/$/ },  // DELETE /api (account deletion goes via /api/auth/account)
+];
+protectedApp.use("/*", async (c, next) => {
+  const userId = c.get("userId");
+  if (!isDemoUserId(userId)) return next();
+  const method = c.req.method;
+  const path = c.req.path.replace(/^\/api/, "");
+  // Block pairing tokens, file upload, and any DELETE (channels, tasks, sessions, account)
+  if (method === "DELETE") {
+    return c.json({ error: "Demo account cannot perform this action" }, 403);
+  }
+  for (const r of DEMO_BLOCKED_ROUTES) {
+    if (method === r.method && r.pattern.test(path)) {
+      return c.json({ error: "Demo account cannot perform this action" }, 403);
+    }
+  }
+  return next();
+});
+
 protectedApp.route("/agents", agents);
-protectedApp.route("/v2/agents", agentsV2);
-protectedApp.route("/v2/migrate", migrateV2);
-protectedApp.route("/v2/messages", historyV2);
 protectedApp.route("/channels", channels);
 protectedApp.route("/models", models);
 protectedApp.get("/me", async (c) => {
@@ -215,7 +235,7 @@ protectedApp.get("/tasks", async (c) => {
   const kind = c.req.query("kind") ?? "background";
 
   const { results } = await c.env.DB.prepare(
-    `SELECT t.id, t.channel_id, t.name, t.kind, t.provider_job_id,
+    `SELECT t.id, t.channel_id, t.name, t.kind, t.openclaw_cron_job_id,
             t.session_key, t.enabled, t.created_at, t.updated_at
      FROM tasks t
      JOIN channels ch ON t.channel_id = ch.id
@@ -228,7 +248,7 @@ protectedApp.get("/tasks", async (c) => {
       channel_id: string;
       name: string;
       kind: string;
-      provider_job_id: string | null;
+      openclaw_cron_job_id: string | null;
       session_key: string | null;
       enabled: number;
       created_at: number;
@@ -241,7 +261,7 @@ protectedApp.get("/tasks", async (c) => {
       channelId: r.channel_id,
       name: r.name,
       kind: r.kind,
-      providerJobId: r.provider_job_id,
+      openclawCronJobId: r.openclaw_cron_job_id,
       sessionKey: r.session_key,
       enabled: !!r.enabled,
       createdAt: r.created_at,
@@ -372,8 +392,6 @@ async function verifyUserAccess(c: { req: { header: (n: string) => string | unde
 app.all("/api/gateway/:connId", async (c) => {
   let userId = c.req.param("connId");
 
-  let agentId: string | null = null;
-
   if (!userId.startsWith("u_")) {
     const token =
       c.req.query("token") ??
@@ -384,28 +402,16 @@ app.all("/api/gateway/:connId", async (c) => {
       return c.json({ error: "Token required for gateway connection" }, 401);
     }
 
-    // v2: try agents table first (multi-agent), fallback to pairing_tokens (legacy)
-    const agentRow = await c.env.DB.prepare(
-      "SELECT id, user_id FROM agents WHERE pairing_token = ?",
+    const row = await c.env.DB.prepare(
+      "SELECT user_id FROM pairing_tokens WHERE token = ? AND revoked_at IS NULL",
     )
       .bind(token)
-      .first<{ id: string; user_id: string }>();
-
-    if (agentRow) {
-      userId = agentRow.user_id;
-      agentId = agentRow.id;
-    } else {
-      const row = await c.env.DB.prepare(
-        "SELECT user_id FROM pairing_tokens WHERE token = ? AND revoked_at IS NULL",
-      )
-        .bind(token)
-        .first<{ user_id: string }>();
-
-      if (!row) {
-        return c.json({ error: "Invalid pairing token" }, 401);
-      }
-      userId = row.user_id;
+      .first<{ user_id: string }>();
+
+    if (!row) {
+      return c.json({ error: "Invalid pairing token" }, 401);
     }
+    userId = row.user_id;
   }
 
   // --- Worker-level rate limit (Cache API) ---
@@ -422,27 +428,17 @@ app.all("/api/gateway/:connId", async (c) => {
     });
   }
 
-  // Audit: update connection stats (agents table for v2, pairing_tokens for legacy)
+  // Audit: update pairing token stats (only when not rate-limited)
   const token = c.req.query("token") ?? c.req.header("X-Pairing-Token");
   if (token) {
     const clientIp = c.req.header("CF-Connecting-IP") ?? c.req.header("X-Forwarded-For") ?? "unknown";
-    if (agentId) {
-      c.executionCtx.waitUntil(
-        c.env.DB.prepare(
-          `UPDATE agents
-           SET status = 'connected', last_connected_at = unixepoch(), last_ip = ?, connection_count = connection_count + 1, updated_at = unixepoch()
-           WHERE id = ?`,
-        ).bind(clientIp, agentId).run(),
-      );
-    } else {
-      c.executionCtx.waitUntil(
-        c.env.DB.prepare(
-          `UPDATE pairing_tokens
-           SET last_connected_at = unixepoch(), last_ip = ?, connection_count = connection_count + 1
-           WHERE token = ?`,
-        ).bind(clientIp, token).run(),
-      );
-    }
+    c.executionCtx.waitUntil(
+      c.env.DB.prepare(
+        `UPDATE pairing_tokens
+         SET last_connected_at = unixepoch(), last_ip = ?, connection_count = connection_count + 1
+         WHERE token = ?`,
+      ).bind(clientIp, token).run(),
+    );
   }
 
   const doId = c.env.CONNECTION_DO.idFromName(userId);
@@ -450,7 +446,6 @@ app.all("/api/gateway/:connId", async (c) => {
   const url = new URL(c.req.url);
   url.pathname = `/gateway/${userId}`;
   url.searchParams.set("verified", "1");
-  if (agentId) url.searchParams.set("agentId", agentId);
   const doResp = await stub.fetch(new Request(url.toString(), c.req.raw));
 
   // Cache the rate limit after the DO responds (success or rate-limited).
@@ -523,28 +518,16 @@ app.post("/api/plugin-upload", async (c) => {
   if (!token) {
     return c.json({ error: "Missing X-Pairing-Token header" }, 401);
   }
-
-  // v2: try agents table first, fallback to pairing_tokens
-  const agentRow = await c.env.DB.prepare(
-    "SELECT user_id FROM agents WHERE pairing_token = ?",
+  const row = await c.env.DB.prepare(
+    "SELECT user_id FROM pairing_tokens WHERE token = ? AND revoked_at IS NULL",
   )
     .bind(token)
     .first<{ user_id: string }>();
-
-  let userId: string;
-  if (agentRow) {
-    userId = agentRow.user_id;
-  } else {
-    const row = await c.env.DB.prepare(
-      "SELECT user_id FROM pairing_tokens WHERE token = ? AND revoked_at IS NULL",
-    )
-      .bind(token)
-      .first<{ user_id: string }>();
-    if (!row) {
-      return c.json({ error: "Invalid pairing token" }, 401);
-    }
-    userId = row.user_id;
+  if (!row) {
+    return c.json({ error: "Invalid pairing token" }, 401);
   }
+
+  const userId = row.user_id;
   const contentType = c.req.header("Content-Type") ?? "";
   if (!contentType.includes("multipart/form-data")) {
     return c.json({ error: "Expected multipart/form-data" }, 400);

package/packages/api/src/routes/agents.ts

@@ -23,10 +23,10 @@ agents.get("/", async (c) => {
 
   // 1. Channel-based agents (each channel = one agent, default session = first adhoc task)
   const { results: channels } = await c.env.DB.prepare(
-    "SELECT id, name, provider_agent_id FROM channels WHERE user_id = ? ORDER BY created_at ASC",
+    "SELECT id, name, openclaw_agent_id FROM channels WHERE user_id = ? ORDER BY created_at ASC",
   )
     .bind(userId)
-    .all<{ id: string; name: string; provider_agent_id: string }>();
+    .all<{ id: string; name: string; openclaw_agent_id: string }>();
 
   // Find the "General" channel to associate with the default agent (for session support).
   // If the user has created a "General" channel (auto-created on first session "+"),
@@ -52,7 +52,7 @@ agents.get("/", async (c) => {
       .first<{ session_key: string }>();
 
     const sessionKey =
-      task?.session_key ?? `agent:${ch.provider_agent_id}:botschat:${userId}:adhoc`;
+      task?.session_key ?? `agent:${ch.openclaw_agent_id}:botschat:${userId}:adhoc`;
     list.push({
       id: ch.id,
       name: ch.name,

package/packages/api/src/routes/auth.ts

@@ -357,6 +357,7 @@ auth.get("/me", async (c) => {
 auth.delete("/account", async (c) => {
   const userId = c.get("userId" as never) as string;
   if (!userId) return c.json({ error: "Unauthorized" }, 401);
+  if (userId.startsWith("demo_")) return c.json({ error: "Demo account cannot be deleted" }, 403);
 
   // Delete all user media from R2
   const prefix = `${userId}/`;

package/packages/api/src/routes/channels.ts

@@ -9,14 +9,14 @@ channels.get("/", async (c) => {
   const userId = c.get("userId");
 
   const { results } = await c.env.DB.prepare(
-    "SELECT id, name, description, provider_agent_id, system_prompt, created_at, updated_at FROM channels WHERE user_id = ? ORDER BY created_at DESC",
+    "SELECT id, name, description, openclaw_agent_id, system_prompt, created_at, updated_at FROM channels WHERE user_id = ? ORDER BY created_at DESC",
   )
     .bind(userId)
     .all<{
       id: string;
       name: string;
       description: string;
-      provider_agent_id: string;
+      openclaw_agent_id: string;
       system_prompt: string;
       created_at: number;
       updated_at: number;
@@ -27,7 +27,7 @@ channels.get("/", async (c) => {
       id: r.id,
       name: r.name,
       description: r.description,
-      providerAgentId: r.provider_agent_id,
+      openclawAgentId: r.openclaw_agent_id,
       systemPrompt: r.system_prompt,
       createdAt: r.created_at,
       updatedAt: r.updated_at,
@@ -38,10 +38,10 @@ channels.get("/", async (c) => {
 /** POST /api/channels — create a new channel */
 channels.post("/", async (c) => {
   const userId = c.get("userId");
-  const { name, description, providerAgentId, systemPrompt } = await c.req.json<{
+  const { name, description, openclawAgentId, systemPrompt } = await c.req.json<{
     name: string;
     description?: string;
-    providerAgentId?: string;
+    openclawAgentId?: string;
     systemPrompt?: string;
   }>();
 
@@ -52,7 +52,7 @@ channels.post("/", async (c) => {
   const id = generateId("ch_");
   // Default agent ID derived from channel name (slug)
   const agentId =
-    providerAgentId?.trim() ||
+    openclawAgentId?.trim() ||
     name
       .trim()
       .toLowerCase()
@@ -60,7 +60,7 @@ channels.post("/", async (c) => {
       .replace(/^-|-$/g, "");
 
   await c.env.DB.prepare(
-    "INSERT INTO channels (id, user_id, name, description, provider_agent_id, system_prompt) VALUES (?, ?, ?, ?, ?, ?)",
+    "INSERT INTO channels (id, user_id, name, description, openclaw_agent_id, system_prompt) VALUES (?, ?, ?, ?, ?, ?)",
   )
     .bind(id, userId, name.trim(), description?.trim() ?? "", agentId, systemPrompt?.trim() ?? "")
     .run();
@@ -88,7 +88,7 @@ channels.post("/", async (c) => {
       id,
       name: name.trim(),
       description: description?.trim() ?? "",
-      providerAgentId: agentId,
+      openclawAgentId: agentId,
       systemPrompt: systemPrompt?.trim() ?? "",
     },
     201,
@@ -101,14 +101,14 @@ channels.get("/:id", async (c) => {
   const channelId = c.req.param("id");
 
   const row = await c.env.DB.prepare(
-    "SELECT id, name, description, provider_agent_id, system_prompt, created_at, updated_at FROM channels WHERE id = ? AND user_id = ?",
+    "SELECT id, name, description, openclaw_agent_id, system_prompt, created_at, updated_at FROM channels WHERE id = ? AND user_id = ?",
   )
     .bind(channelId, userId)
     .first<{
       id: string;
       name: string;
       description: string;
-      provider_agent_id: string;
+      openclaw_agent_id: string;
       system_prompt: string;
       created_at: number;
       updated_at: number;
@@ -120,7 +120,7 @@ channels.get("/:id", async (c) => {
     id: row.id,
     name: row.name,
     description: row.description,
-    providerAgentId: row.provider_agent_id,
+    openclawAgentId: row.openclaw_agent_id,
     systemPrompt: row.system_prompt,
     createdAt: row.created_at,
     updatedAt: row.updated_at,

package/packages/api/src/routes/demo.ts

@@ -0,0 +1,156 @@
+import { Hono } from "hono";
+import type { Env } from "../env.js";
+import { createToken, createRefreshToken, getJwtSecret } from "../utils/auth.js";
+import { generateId } from "../utils/id.js";
+import { randomUUID } from "../utils/uuid.js";
+
+const DEMO_USER_PREFIX = "demo_";
+const DEMO_DISPLAY_NAME = "Demo User";
+const DEMO_TTL_SECONDS = 24 * 3600; // 24 hours
+
+function isDemoUserId(userId: string): boolean {
+  return userId.startsWith(DEMO_USER_PREFIX);
+}
+
+const demo = new Hono<{ Bindings: Env }>();
+
+/**
+ * POST /api/demo/login — public endpoint for Google Play reviewers and demos.
+ * Each call creates a fresh isolated demo user with seeded data.
+ * Old demo users (>24h) are cleaned up in the background.
+ * Rate limited: 1 request per 5 seconds per IP (via Cache API).
+ */
+demo.post("/login", async (c) => {
+  // Rate limit by IP
+  const ip = c.req.header("CF-Connecting-IP") ?? c.req.header("X-Forwarded-For") ?? "unknown";
+  const cache = caches.default;
+  const rateCacheUrl = `https://rate.internal/demo-login/${ip}`;
+  const rateCacheReq = new Request(rateCacheUrl);
+  const cached = await cache.match(rateCacheReq);
+  if (cached) {
+    return c.json({ error: "Too many requests, try again later" }, 429);
+  }
+  c.executionCtx.waitUntil(
+    cache.put(rateCacheReq, new Response(null, {
+      headers: { "Cache-Control": "public, max-age=5" },
+    })),
+  );
+
+  const jwtSecret = getJwtSecret(c.env);
+  const userId = DEMO_USER_PREFIX + generateId("").slice(0, 12);
+  const email = `${userId}@demo.botschat.app`;
+
+  await c.env.DB.prepare(
+    "INSERT INTO users (id, email, password_hash, display_name) VALUES (?, ?, '', ?)",
+  ).bind(userId, email, DEMO_DISPLAY_NAME).run();
+
+  await seedDemoData(c.env.DB, userId);
+
+  // Clean up expired demo users in the background (non-blocking)
+  c.executionCtx.waitUntil(cleanupOldDemoUsers(c.env.DB));
+
+  const token = await createToken(userId, jwtSecret);
+  const refreshToken = await createRefreshToken(userId, jwtSecret);
+
+  return c.json({
+    id: userId,
+    email,
+    displayName: DEMO_DISPLAY_NAME,
+    token,
+    refreshToken,
+  });
+});
+
+async function cleanupOldDemoUsers(db: D1Database) {
+  try {
+    const cutoff = Math.floor(Date.now() / 1000) - DEMO_TTL_SECONDS;
+    const { results } = await db.prepare(
+      "SELECT id FROM users WHERE id LIKE 'demo_%' AND created_at < ? LIMIT 20",
+    ).bind(cutoff).all<{ id: string }>();
+
+    for (const row of results ?? []) {
+      await db.batch([
+        db.prepare("DELETE FROM messages WHERE user_id = ?").bind(row.id),
+        db.prepare("DELETE FROM jobs WHERE user_id = ?").bind(row.id),
+        db.prepare("DELETE FROM tasks WHERE channel_id IN (SELECT id FROM channels WHERE user_id = ?)").bind(row.id),
+        db.prepare("DELETE FROM sessions WHERE user_id = ?").bind(row.id),
+        db.prepare("DELETE FROM channels WHERE user_id = ?").bind(row.id),
+        db.prepare("DELETE FROM pairing_tokens WHERE user_id = ?").bind(row.id),
+        db.prepare("DELETE FROM push_tokens WHERE user_id = ?").bind(row.id),
+        db.prepare("DELETE FROM users WHERE id = ?").bind(row.id),
+      ]);
+    }
+    if ((results?.length ?? 0) > 0) {
+      console.log(`[demo] Cleaned up ${results!.length} expired demo users`);
+    }
+  } catch (err) {
+    console.error("[demo] Cleanup failed:", err);
+  }
+}
+
+async function seedDemoData(db: D1Database, userId: string) {
+  const now = Math.floor(Date.now() / 1000);
+
+  const ch1 = generateId("ch_");
+  const ch2 = generateId("ch_");
+
+  await db.batch([
+    db.prepare(
+      "INSERT INTO channels (id, user_id, name, description, openclaw_agent_id, system_prompt, created_at, updated_at) VALUES (?, ?, ?, ?, 'main', '', ?, ?)",
+    ).bind(ch1, userId, "General", "Default chat channel", now, now),
+    db.prepare(
+      "INSERT INTO channels (id, user_id, name, description, openclaw_agent_id, system_prompt, created_at, updated_at) VALUES (?, ?, ?, ?, 'main', '', ?, ?)",
+    ).bind(ch2, userId, "Tasks Demo", "Background task demo channel", now, now),
+  ]);
+
+  const adhocTask1 = generateId("tsk_");
+  const adhocTask2 = generateId("tsk_");
+  const ses1 = generateId("ses_");
+  const ses2 = generateId("ses_");
+  const sessionKey1 = `agent:main:botschat:${userId}:adhoc`;
+  const sessionKey2 = `agent:main:botschat:${userId}:adhoc:${ch2}`;
+
+  await db.batch([
+    db.prepare(
+      "INSERT INTO tasks (id, channel_id, name, kind, session_key, enabled, created_at, updated_at) VALUES (?, ?, 'Ad Hoc Chat', 'adhoc', ?, 1, ?, ?)",
+    ).bind(adhocTask1, ch1, sessionKey1, now, now),
+    db.prepare(
+      "INSERT INTO tasks (id, channel_id, name, kind, session_key, enabled, created_at, updated_at) VALUES (?, ?, 'Ad Hoc Chat', 'adhoc', ?, 1, ?, ?)",
+    ).bind(adhocTask2, ch2, sessionKey2, now, now),
+    db.prepare(
+      "INSERT INTO sessions (id, channel_id, user_id, name, session_key) VALUES (?, ?, ?, 'Session 1', ?)",
+    ).bind(ses1, ch1, userId, sessionKey1),
+    db.prepare(
+      "INSERT INTO sessions (id, channel_id, user_id, name, session_key) VALUES (?, ?, ?, 'Session 1', ?)",
+    ).bind(ses2, ch2, userId, sessionKey2),
+  ]);
+
+  const bgTask = generateId("tsk_");
+  const bgCronId = randomUUID();
+  const bgSessionKey = `agent:main:botschat:${userId}:task:${bgTask}`;
+
+  await db.prepare(
+    "INSERT INTO tasks (id, channel_id, name, kind, openclaw_cron_job_id, session_key, enabled, created_at, updated_at) VALUES (?, ?, ?, 'background', ?, ?, 1, ?, ?)",
+  ).bind(bgTask, ch2, "Daily Summary", bgCronId, bgSessionKey, now, now).run();
+
+  const jobId = `job_demo_${Date.now()}`;
+  await db.prepare(
+    "INSERT INTO jobs (id, task_id, user_id, session_key, status, started_at, finished_at, duration_ms, summary, created_at) VALUES (?, ?, ?, ?, 'ok', ?, ?, 2300, 'Daily summary generated successfully.', ?)",
+  ).bind(jobId, bgTask, userId, bgSessionKey, now - 3600, now - 3600 + 2, now).run();
+
+  const msgs = [
+    { sender: "user", text: "Hello! What can you do?" },
+    { sender: "agent", text: "Hi there! I'm your AI assistant powered by OpenClaw. I can help with:\n\n- **Chat**: Ask me anything — coding, writing, research, brainstorming\n- **Scheduled Tasks**: Set up recurring background jobs (e.g. daily summaries, monitoring)\n- **Multi-channel**: Organize conversations into separate channels\n- **E2E Encryption**: All messages can be end-to-end encrypted\n\nTry typing a message below!" },
+    { sender: "user", text: "Can you summarize a webpage for me?" },
+    { sender: "agent", text: "Absolutely! Just paste the URL and I'll summarize it for you. I can also extract key points, translate content, or answer questions about the page.\n\nFor example, you could say:\n> Summarize https://example.com/article\n\nNote: In this demo, I'll echo your messages back. Connect a real OpenClaw instance for full AI capabilities." },
+  ];
+
+  const msgBatch = msgs.map((m, i) =>
+    db.prepare(
+      "INSERT INTO messages (id, user_id, session_key, sender, text, encrypted, created_at) VALUES (?, ?, ?, ?, ?, 0, ?)",
+    ).bind(randomUUID(), userId, sessionKey1, m.sender, m.text, now - 300 + i * 30),
+  );
+  await db.batch(msgBatch);
+}
+
+export { demo, isDemoUserId };

package/packages/api/src/routes/sessions.ts

@@ -11,10 +11,10 @@ sessions.get("/", async (c) => {
 
   // Verify channel ownership
   const channel = await c.env.DB.prepare(
-    "SELECT id, provider_agent_id FROM channels WHERE id = ? AND user_id = ?",
+    "SELECT id, openclaw_agent_id FROM channels WHERE id = ? AND user_id = ?",
   )
     .bind(channelId, userId)
-    .first<{ id: string; provider_agent_id: string }>();
+    .first<{ id: string; openclaw_agent_id: string }>();
 
   if (!channel) return c.json({ error: "Channel not found" }, 404);
 
@@ -48,10 +48,10 @@ sessions.post("/", async (c) => {
 
   // Verify channel ownership
   const channel = await c.env.DB.prepare(
-    "SELECT id, provider_agent_id FROM channels WHERE id = ? AND user_id = ?",
+    "SELECT id, openclaw_agent_id FROM channels WHERE id = ? AND user_id = ?",
   )
     .bind(channelId, userId)
-    .first<{ id: string; provider_agent_id: string }>();
+    .first<{ id: string; openclaw_agent_id: string }>();
 
   if (!channel) return c.json({ error: "Channel not found" }, 404);
 
@@ -67,7 +67,7 @@ sessions.post("/", async (c) => {
 
   const sessionName = name?.trim() || `Session ${count + 1}`;
   const id = generateId("ses_");
-  const sessionKey = `agent:${channel.provider_agent_id}:botschat:${userId}:ses:${id}`;
+  const sessionKey = `agent:${channel.openclaw_agent_id}:botschat:${userId}:ses:${id}`;
 
   await c.env.DB.prepare(
     "INSERT INTO sessions (id, channel_id, user_id, name, session_key) VALUES (?, ?, ?, ?, ?)",