fix: enforce strict allowlist across pairing stores (#23017)

2026-05-11 02:54:31 +00:00 · 2026-02-22 00:00:23 +01:00
parent 617e38cec0
commit 0bd9f0d4ac
31 changed files with 162 additions and 45 deletions
--- a/src/discord/monitor/agent-components.ts
+++ b/src/discord/monitor/agent-components.ts
@@ -464,7 +464,8 @@ async function ensureDmComponentAuthorized(params: {
    return true;
  }

-  const storeAllowFrom = await readChannelAllowFromStore("discord").catch(() => []);
+  const storeAllowFrom =
+    dmPolicy === "allowlist" ? [] : await readChannelAllowFromStore("discord").catch(() => []);
  const effectiveAllowFrom = [...(ctx.allowFrom ?? []), ...storeAllowFrom];
  const allowList = normalizeDiscordAllowList(effectiveAllowFrom, ["discord:", "user:", "pk:"]);
  const allowMatch = allowList