Thanks for taking the time to write this out @Krinkle! You make a convincing case and I appreciate you explaining the nuances between rights and groups that weren't familiar to me.

Communities can't forget to add groups that are functionally similar in practice but separate for social reasons ("do what I mean"). For example, they might include "bot" and "sysop", but miss out on "steward", "gadget admin", "interface admin", "flood".

Funnily enough we forgot to consider global groups - someone I was talking with at Wikimania this week said they'd been blocked by an anti-vandalism bot in the past for the same reason. This is definitely something we should address one way or another.

The reason that we went for groups was that we thought it was more intuitive to editors. We tend to see that users talk about sysops and patrollers, not individual rights like editprotected and reviewer, so it seemed clearer to talk about groups, but we didn't really research this in any detail. I can definitely see the benefits to switching to a user right based model.

One idea that had crossed my mind but that we didn't pursue was to have a kind of automoderator-exempt user right, which local wikis could then apply to different groups. That would have required a different process than the Community Configuration-centred one that we're trying to keep as simple and centralised as possible though, so we didn't take it any further. I'm curious if you have any thoughts about that approach - it might be clearer conceptually than tagging on some additional implications to existing user rights, even if it's clearly worse from a user experience point of view for someone setting up the software.

I think a dedicated user right could be interesting yeah. If you need fine-grained tuning, that might scale better than listing out either user rights or user groups. I like to think of user groups as the leaf nodes of access management, it's in the territory of communities to compose and assign these as they see fit. Inside software, we generally communicate based on user rights. This separation improves discovery and interoperability and reduces need for novel tooling and their cost/maintenance/bugs. For example, it would mean that Special:ListGroupRights remains a reliable place to find who can do what and Special:UserRight remains the central place to assign user groups (yeah, oddly named that one, isn't it!). Instead of having to know there's another place specific to one extension where behaviours are sideloaded into certain groups, without being defined as part of that group.

In interest of a good default experience (for third parties, local dev, CI, and new WMF wikis adopting this), I would suggest starting with autopatrol and bot. I agree on second thought that editprotected is acting as a proxy in my initial suggestion. I wonder if that's actually needed. Have you encountered wikis wanting to opt-out groups beyond autopatrolled/bot? In other words, groups that don't have and and couldn't be given autopatrolled (signalling their edits do not need review) and not bot-capable (i.e. an approved semi-automated system, should never be disrupted by another automated system). One thing to note there is that, given historically low adoption of native edit patrolling for legacy reasons, I expect some wikis will not yet have assigned autopatrol to relevant groups that are socially exempted from patrolling. If a wiki isn't yet using native edit patrolling, they might not have bothered granting the right. Granting that right would be harmless in that case, and also helps preparing the wiki for future progress in that space.

If yes, I think you're right that a new user right would be a better fit long-term. This would mean that from the extension side, user rights become non-configurable. This has the added benefit of making Special:ListGroupRights even more useful. Similarly as above, it means the data can be understood without additional knowledge of each local wiki's configuration. Varying the meaning of a user right across wikis, is similarly surprising to adding meaning to a user group outside its definition.

Change #1064846 had a related patch set uploaded (by Scardenasmolinar; author: Scardenasmolinar):

[mediawiki/extensions/AutoModerator@master] Pre-check for user rights instead of user groups

https://gerrit.wikimedia.org/r/1064846

make sure you have $wgGroupPermissions['sysop']['autopatrol'] = true; in local settings

Change #1064846 merged by jenkins-bot:

[mediawiki/extensions/AutoModerator@master] Pre-check for user rights instead of user groups

https://gerrit.wikimedia.org/r/1064846

@Dogu, for next week can you add the config AutoModeratorSkipUserRights: [ "bot", "autopatrol" ]instead of AutoModeratorSkipUserGroups? We will now use user rights instead of user groups to skip edits made by trusted accounts.

In T371275#10101704, @Scardenasmolinar wrote:

@Dogu, for next week can you add the config AutoModeratorSkipUserRights: [ "bot", "autopatrol" ]instead of AutoModeratorSkipUserGroups? We will now use user rights instead of user groups to skip edits made by trusted accounts.

Hey @Scardenasmolinar, please remind me once more when exactly it’s needed so I can do it on time.

In T371275#10102102, @Dogu wrote:

In T371275#10101704, @Scardenasmolinar wrote:

@Dogu, for next week can you add the config AutoModeratorSkipUserRights: [ "bot", "autopatrol" ]instead of AutoModeratorSkipUserGroups? We will now use user rights instead of user groups to skip edits made by trusted accounts.

Hey @Scardenasmolinar, please remind me once more when exactly it’s needed so I can do it on time.

This change is incoming on next week's train, so if you could make the change on late Thursday/ early Friday next week, that would be great!

@Dogu This change can now be made!

@Samwalton9-WMF, Could you please review and confirm if this JSON configuration is correct?

{
  "AutoModeratorEnableRevisionCheck": true,
  "AutoModeratorUndoSummary": "[[Özel:Katkılar/$2|$2]] ([[Kullanıcı mesaj:$2|mesaj]]) tarafından yapılan [[Özel:Fark/$1|$1]] numaralı revizyona sahip değişiklik geri alındı",
  "AutoModeratorUndoSummaryAnon": "[[Özel:Katkılar/$2|$2]] tarafından yapılan [[Özel:Fark/$1|$1]] numaralı revizyona sahip değişiklik geri alındı",
  "AutoModeratorFalsePositivePageTitle": "Vikipedi:AutoModerator/Hatalar",
  "AutoModeratorSkipUserRights": [
    "bot",
    "autopatrol"
  ],
  "AutoModeratorUseEditFlagMinor": true
}

@Dogu feel free to delete the following fields as they are now handled via i18n system messages

"AutoModeratorUndoSummary": "[[Özel:Katkılar/$2|$2]] ([[Kullanıcı mesaj:$2|mesaj]]) tarafından yapılan [[Özel:Fark/$1|$1]] numaralı revizyona sahip değişiklik geri alındı",
"AutoModeratorUndoSummaryAnon": "[[Özel:Katkılar/$2|$2]] tarafından yapılan [[Özel:Fark/$1|$1]] numaralı revizyona sahip değişiklik geri alındı",

otherwise, looks good to me!

@Samwalton9-WMF done!