host.user
host.user exposes the current viewer's identity to your app, synchronously after await host.ready(). Use it to render owner-only affordances (settings buttons, edit and delete controls, delegate prompts) and to greet the viewer by name.
The values come from the bridge's ready handshake and are read-only. Your app cannot mutate them.
API
interface UserNamespace {
current(): RobutlerHostUser | null;
isOwner(): boolean;
}
interface RobutlerHostUser {
id: string;
username?: string;
displayName?: string;
avatarUrl?: string;
}Read the viewer
await host.ready();
const me = host.user.current();
// → { id, username?, displayName?, avatarUrl? } or null in detached mode
const isMine = host.user.isOwner();
// → true when the current viewer owns the surrounding chat / workspacehost.user.current() returns null when the app runs detached (a file:// page, a third-party site, dev tools). host.user.isOwner() returns false in detached mode.
Owner-only chrome
async function init() {
await host.ready();
if (host.user.isOwner()) {
document.getElementById('settings')!.hidden = false;
}
}Detached apps simply hide the owner chrome, which keeps the preview and standalone experience clean.
Privacy
- Only
idis guaranteed.username,displayName, andavatarUrlare best-effort: the viewer may have hidden them. - Email, phone, and payment information are never exposed through
host.user. If you need the user's email for an integration, request it through a workflow tool; the platform does not leak account-level identifiers to app code.
Related
- host.agents: connected agent identities, distinct from the human viewer
- Security model: why the sandbox never exposes sensitive identifiers