fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907)

* fix(channels): default allowFrom to id-only; add dangerous name opt-in * docs(security): align channel allowFrom docs with id-only default
2026-05-08 03:01:25 +00:00 · 2026-02-24 01:01:51 +00:00
parent 41b0568b35
commit cfa44ea6b4
53 changed files with 852 additions and 100 deletions
--- a/src/discord/monitor/message-handler.preflight.ts
+++ b/src/discord/monitor/message-handler.preflight.ts
@@ -190,6 +190,7 @@ export async function preflightDiscordMessage(
              name: sender.name,
              tag: sender.tag,
            },
+            allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true,
          })
        : { allowed: false };
      const allowMatchMeta = formatAllowlistMatchMeta(allowMatch);
@@ -563,6 +564,7 @@ export async function preflightDiscordMessage(
    guildInfo,
    memberRoleIds,
    sender,
+    allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true,
  });

  if (!isDirectMessage) {
@@ -572,11 +574,15 @@ export async function preflightDiscordMessage(
      "pk:",
    ]);
    const ownerOk = ownerAllowList
-      ? allowListMatches(ownerAllowList, {
-          id: sender.id,
-          name: sender.name,
-          tag: sender.tag,
-        })
+      ? allowListMatches(
+          ownerAllowList,
+          {
+            id: sender.id,
+            name: sender.name,
+            tag: sender.tag,
+          },
+          { allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true },
+        )
      : false;
    const useAccessGroups = params.cfg.commands?.useAccessGroups !== false;
    const commandGate = resolveControlCommandGate({