refactor(security): enforce account-scoped pairing APIs

2026-05-12 14:01:12 +00:00 · 2026-02-26 21:57:10 +01:00
parent a0c5e28f3b
commit bce643a0bd
27 changed files with 331 additions and 94 deletions
--- a/src/discord/monitor/native-command.ts
+++ b/src/discord/monitor/native-command.ts
@@ -46,10 +46,7 @@ import { logVerbose } from "../../globals.js";
 import { createSubsystemLogger } from "../../logging/subsystem.js";
 import { getAgentScopedMediaLocalRoots } from "../../media/local-roots.js";
 import { buildPairingReply } from "../../pairing/pairing-messages.js";
-import {
-  readChannelAllowFromStore,
-  upsertChannelPairingRequest,
-} from "../../pairing/pairing-store.js";
+import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
 import { resolveAgentRoute } from "../../routing/resolve-route.js";
 import { resolveAgentIdFromSessionKey } from "../../routing/session-key.js";
 import { buildUntrustedChannelMetadata } from "../../security/channel-metadata.js";
@@ -1363,8 +1360,8 @@ async function dispatchDiscordCommandInteraction(params: {
    if (dmPolicy !== "open") {
      const storeAllowFrom = await readStoreAllowFromForDmPolicy({
        provider: "discord",
+        accountId,
        dmPolicy,
-        readStore: (provider) => readChannelAllowFromStore(provider),
      });
      const effectiveAllowFrom = [
        ...(discordConfig?.allowFrom ?? discordConfig?.dm?.allowFrom ?? []),
@@ -1388,6 +1385,7 @@ async function dispatchDiscordCommandInteraction(params: {
          const { code, created } = await upsertChannelPairingRequest({
            channel: "discord",
            id: user.id,
+            accountId,
            meta: {
              tag: sender.tag,
              name: sender.name,