Added can_comment and comment_ban fields to members schema

[rob-ghost]

Description

Adds comment moderation fields to the members schema and a dedicated schema for the comment ban endpoint, enabling the Admin API to validate comment ban requests. This supports the member comment ban feature.

Changes

• Added comment_bans.json base schema with comment_ban definition:
  • reason (string, required, minLength: 1, maxLength: 2000): explanation for the ban
  • expires_at (string|null, optional, format: date-time): ISO 8601 timestamp for temporary bans
• Added comment_bans-add.json schema for the /members/:id/comment-ban endpoint
• Added can_comment (boolean) to member properties
• Added comment_ban property to member schema (references shared definition, allows null)
• Bumped version to 4.6.0 (minor - new backwards-compatible feature)

ref https://linear.app/ghost/issue/FEA-487
ref TryGhost/Ghost#25791

---

Note

Introduces comment moderation support in the Admin API schema.

• Adds comment_bans.json base schema with comment_ban definition (reason, optional expires_at)
• Adds comment_bans-add.json for comment_bans.add endpoint and registers it in index.js
• Extends member schemas (members.json, members-edit.json) with can_comment (boolean) and comment_ban (object or null)
• Bumps @tryghost/admin-api-schema to 4.6.0

^{Written by Cursor Bugbot for commit 1523b68. This will update automatically on new commits. Configure here.}

[coderabbitai]

Walkthrough

The pull request adds comment-related fields to member schemas and a new comment-bans schema: can_comment (boolean) and comment_ban (oneOf object or null) were added to packages/admin-api-schema/lib/schemas/members.json and members-edit.json. A new schema file packages/admin-api-schema/lib/schemas/comment_bans-add.json was introduced, and comment_bans-add was added to the exported schemas list in packages/admin-api-schema/lib/schemas/index.js. The package version in packages/admin-api-schema/package.json was bumped from 4.5.13 to 4.6.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main changes: adding can_comment and comment_ban fields to the members schema.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description clearly explains the addition of comment moderation fields to member schemas and the dedicated comment ban endpoint schema, with specific details about the new fields and their properties.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

packages/admin-api-schema/lib/schemas/members-edit.json (1)

57-76: Consider adding validation constraints to the comment_ban field.

The comment_ban schema currently lacks validation constraints that could improve data quality:

1. reason field (line 63-64): No maxLength constraint. Consider adding a reasonable limit (e.g., 500 or 2000 characters) to prevent extremely long ban reasons.

2. expires_at field (line 66-68): No format constraint. If this is meant to be a date-time value, consider adding "format": "date-time" to ensure valid ISO 8601 timestamps are provided.

💡 Proposed validation improvements

                  "reason": {
-                   "type": "string"
+                   "type": "string",
+                   "maxLength": 2000
                  },
                  "expires_at": {
-                   "type": ["string", "null"]
+                   "type": ["string", "null"],
+                   "format": "date-time"
                  }

Note: The format constraint will only apply when expires_at is a string, not when it's null.

packages/admin-api-schema/lib/schemas/members.json (1)

51-73: Consider adding validation constraints to the comment_ban field.

Similar to the members-edit schema, the base member definition would benefit from validation constraints:

1. reason field (line 60-61): Add a maxLength constraint (e.g., 2000 characters) to prevent unreasonably long ban reasons.

2. expires_at field (line 63-64): Add "format": "date-time" to ensure valid ISO 8601 timestamps when a string value is provided.

These constraints will help maintain data quality and provide clearer expectations for API consumers.

💡 Proposed validation improvements

                  "reason": {
-                   "type": "string"
+                   "type": "string",
+                   "maxLength": 2000
                  },
                  "expires_at": {
-                   "type": ["string", "null"]
+                   "type": ["string", "null"],
+                   "format": "date-time"
                  }

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 395b38c and 8a50e18.

📒 Files selected for processing (3)

• packages/admin-api-schema/lib/schemas/members-edit.json
• packages/admin-api-schema/lib/schemas/members.json
• packages/admin-api-schema/package.json

🧰 Additional context used

📓 Path-based instructions (1)

packages/*/package.json

📄 CodeRabbit inference engine (CLAUDE.md)

All packages are published under the @tryghost scope

Files:

• packages/admin-api-schema/package.json

🧠 Learnings (1)

📚 Learning: 2026-01-06T10:55:42.630Z

Learnt from: CR
Repo: TryGhost/SDK PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T10:55:42.630Z
Learning: Applies to packages/*/package.json : All packages are published under the `tryghost` scope

Applied to files:

• packages/admin-api-schema/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

🔇 Additional comments (2)

packages/admin-api-schema/package.json (1)

3-3: LGTM! Appropriate version bump for new features.

The minor version increment (4.5.13 → 4.6.0) correctly follows semantic versioning for adding new backward-compatible fields to the schema.

packages/admin-api-schema/lib/schemas/members-edit.json (1)

54-76: Inconsistency: PR description doesn't mention the comment_ban field.

The PR description states that only can_comment is being added, but the actual changes introduce both can_comment and comment_ban fields. The commit message correctly mentions both fields, suggesting the PR description may be outdated or incomplete.

[cursor]

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on February 3

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.74%. Comparing base (3ab8735) to head (16654c0).
⚠️ Report is 12 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #725      +/-   ##
==========================================
+ Coverage   84.62%   84.74%   +0.12%     
==========================================
  Files          33       33              
  Lines        3518     3546      +28     
  Branches      394      396       +2     
==========================================
+ Hits         2977     3005      +28     
  Misses        536      536              
  Partials        5        5              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

packages/admin-api-schema/lib/schemas/members.json (2)

51-53: Consider adding a description for documentation.

The can_comment field structure is correct. Consider adding a "description" property to document the field's purpose and its relationship to comment_ban.

📝 Suggested enhancement

 "can_comment": {
+  "description": "Whether the member is allowed to post comments. May be false due to a ban or other moderation action.",
   "type": "boolean"
 },

---

54-76: Schema structure is correct; business logic verification is out of scope for this package.

The comment_ban structure is well-designed:

• Correctly uses oneOf to allow either a ban object or null
• Properly restricts additional properties
• reason has sensible constraints (minLength 1, maxLength 2000)
• expires_at correctly allows both ISO 8601 timestamp strings and null for permanent bans

Optional: Add description for better documentation

📝 Suggested enhancement

 "comment_ban": {
+  "description": "Ban details if the member is banned from commenting, or null if not banned. When present, reason is required and expires_at can be set for temporary bans.",
   "oneOf": [

Note: This package (admin-api-schema) is purely for JSON Schema validation of API requests. The relationship between can_comment and comment_ban—including handling of potentially inconsistent states, automatic cleanup of expired bans, and privilege restoration—is enforced by Ghost core business logic, not by this validation schema.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 55ad23b and 16654c0.

📒 Files selected for processing (3)

• packages/admin-api-schema/lib/schemas/members-edit.json
• packages/admin-api-schema/lib/schemas/members.json
• packages/admin-api-schema/package.json

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/admin-api-schema/package.json
• packages/admin-api-schema/lib/schemas/members-edit.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

[kevinansfield]

Can this use the same "$ref": "comment_bans#/definitions/comment_ban" format used above or does it need to be duplicated?

[rob-ghost]

Good question! I tried to solve this before, but the problem is we can't reference definitions from other contexts. In this case we're within the members scope, but comment_ban is defined in comment_bans scope. So the duplication is needed.

I also explored putting comment_ban into members scope because technically it exists in /members/ but then the name of the docName referenced in the request payload needs to be changed to something like members-comment_bans so I decided to leave it under the comment_bans scope and accept the duplication.

[kevinansfield]

A couple of minor questions about removing duplication but nothing blocking 👌