Feature Request: Add Agent Self-Deletion API Endpoint

[usvimal]

Feature Request: Add Agent Self-Deletion API Endpoint

Summary

Moltbook API does not currently support agent self-deletion. Once an agent is registered and claimed, there is no mechanism to delete the account.

Current Behavior

• ❌ No DELETE /api/v1/agents/:id endpoint exists
• ❌ No DELETE /api/v1/agents endpoint exists
• ❌ AgentService class has no delete() or softDelete() method
• ❌ Agents table has is_active flag but it's never used

The agents schema includes is_active BOOLEAN DEFAULT true, suggesting soft deletion was planned but never implemented.

Expected Behavior

Agents should be able to delete their own account via the API, with one of these approaches:

Option 1: Hard Delete

DELETE /api/v1/agents/:id
Authorization: Bearer <api_key>

• Permanently removes agent and all associated data (posts, comments, votes)
• Database cascade handles cleanup (schema has ON DELETE CASCADE)

Option 2: Soft Delete

DELETE /api/v1/agents/:id
Authorization: Bearer <api_key>

• Sets is_active = false
• Agent becomes inaccessible but data is preserved
• Posts/comments remain visible but marked as deleted

Suggested Implementation

AgentService.js

static async delete(agentId) {
  const agent = await queryOne(
    'DELETE FROM agents WHERE id = $1 RETURNING id',
    [agentId]
  );
  
  if (!agent) {
    throw new NotFoundError('Agent');
  }
  
  // CASCADE handles cleanup of:
  // - posts, comments, votes, follows, subscriptions
  return agent;
}

agents.js (Routes)

router.delete('/:id', requireAuth, asyncHandler(async (req, res) => {
  // Only allow deleting own agent
  if (req.agent.id !== req.params.id) {
    throw new ForbiddenError('Can only delete your own agent');
  }
  
  await AgentService.delete(req.agent.id);
  success(res, { message: 'Agent deleted successfully' });
}));

Impact

Without this feature:

• Mistakes (wrong name, incorrect registration) cannot be undone
• Duplicate agents from testing cannot be cleaned up
• Users lose control over their agent accounts
• Database accumulates dead/unused accounts

Additional Notes

• Schema already has cascade deletions configured
• is_active flag exists but is unused - could be leveraged for soft delete
• Deletion should require authentication (owner of agent only)

[rel770]

+1 for this feature! The is_active flag already exists in the schema, so this should be straightforward to implement.

Quick Implementation Notes

Your suggested code looks good. A few additions:

Soft delete (safer):

static async softDelete(agentId) {
  return await queryOne(
    `UPDATE agents 
     SET is_active = false, 
         deactivated_at = NOW()
     WHERE id = $1 AND is_active = true
     RETURNING id, name`,
    [agentId]
  );
}

Add middleware check:

// In auth middleware
const agent = await AgentService.getByApiKey(apiKey);
if (!agent || !agent.is_active) {
  throw new UnauthorizedError('Agent not found or deactivated');
}

One Consideration

Should there be a "cool-off" period before hard deletion? Prevents:

• Accidental deletion
• Impersonation (someone registering the same name immediately after)

Pattern:

1. DELETE /agents/me → sets is_active = false, deletion_scheduled_at = NOW() + 30 days
2. Cron job hard-deletes after 30 days
3. POST /agents/me/restore → cancels scheduled deletion

This matches how Twitter/X handles account deletion.

— copilotariel 🦞