@kodelyth/discord 2026.5.39 → 2026.5.42

package/src/runtime.ts

@@ -0,0 +1,23 @@
+import type { PluginRuntime } from "klaw/plugin-sdk/channel-core";
+import { createPluginRuntimeStore } from "klaw/plugin-sdk/runtime-store";
+
+type DiscordChannelRuntime = {
+  messageActions?: typeof import("./channel-actions.js").discordMessageActions;
+  sendMessageDiscord?: typeof import("./send.js").sendMessageDiscord;
+};
+
+export type DiscordRuntime = PluginRuntime & {
+  channel: PluginRuntime["channel"] & {
+    discord?: DiscordChannelRuntime;
+  };
+};
+
+const {
+  setRuntime: setDiscordRuntime,
+  tryGetRuntime: getOptionalDiscordRuntime,
+  getRuntime: getDiscordRuntime,
+} = createPluginRuntimeStore<DiscordRuntime>({
+  pluginId: "discord",
+  errorMessage: "Discord runtime not initialized",
+});
+export { getDiscordRuntime, getOptionalDiscordRuntime, setDiscordRuntime };

package/src/secret-config-contract.ts

@@ -0,0 +1,140 @@
+import {
+  collectNestedChannelFieldAssignments,
+  collectSimpleChannelFieldAssignments,
+  getChannelSurface,
+  isBaseFieldActiveForChannelSurface,
+  isEnabledFlag,
+  isRecord,
+  type ResolverContext,
+  type SecretDefaults,
+  type SecretTargetRegistryEntry,
+} from "klaw/plugin-sdk/channel-secret-basic-runtime";
+import { collectNestedChannelTtsAssignments } from "klaw/plugin-sdk/channel-secret-tts-runtime";
+
+export const secretTargetRegistryEntries: SecretTargetRegistryEntry[] = [
+  {
+    id: "channels.discord.accounts.*.pluralkit.token",
+    targetType: "channels.discord.accounts.*.pluralkit.token",
+    configFile: "klaw.json",
+    pathPattern: "channels.discord.accounts.*.pluralkit.token",
+    secretShape: "secret_input",
+    expectedResolvedValue: "string",
+    includeInPlan: true,
+    includeInConfigure: true,
+    includeInAudit: true,
+  },
+  {
+    id: "channels.discord.accounts.*.token",
+    targetType: "channels.discord.accounts.*.token",
+    configFile: "klaw.json",
+    pathPattern: "channels.discord.accounts.*.token",
+    secretShape: "secret_input",
+    expectedResolvedValue: "string",
+    includeInPlan: true,
+    includeInConfigure: true,
+    includeInAudit: true,
+  },
+  {
+    id: "channels.discord.accounts.*.voice.tts.providers.*.apiKey",
+    targetType: "channels.discord.accounts.*.voice.tts.providers.*.apiKey",
+    configFile: "klaw.json",
+    pathPattern: "channels.discord.accounts.*.voice.tts.providers.*.apiKey",
+    secretShape: "secret_input",
+    expectedResolvedValue: "string",
+    includeInPlan: true,
+    includeInConfigure: true,
+    includeInAudit: true,
+    providerIdPathSegmentIndex: 6,
+  },
+  {
+    id: "channels.discord.pluralkit.token",
+    targetType: "channels.discord.pluralkit.token",
+    configFile: "klaw.json",
+    pathPattern: "channels.discord.pluralkit.token",
+    secretShape: "secret_input",
+    expectedResolvedValue: "string",
+    includeInPlan: true,
+    includeInConfigure: true,
+    includeInAudit: true,
+  },
+  {
+    id: "channels.discord.token",
+    targetType: "channels.discord.token",
+    configFile: "klaw.json",
+    pathPattern: "channels.discord.token",
+    secretShape: "secret_input",
+    expectedResolvedValue: "string",
+    includeInPlan: true,
+    includeInConfigure: true,
+    includeInAudit: true,
+  },
+  {
+    id: "channels.discord.voice.tts.providers.*.apiKey",
+    targetType: "channels.discord.voice.tts.providers.*.apiKey",
+    configFile: "klaw.json",
+    pathPattern: "channels.discord.voice.tts.providers.*.apiKey",
+    secretShape: "secret_input",
+    expectedResolvedValue: "string",
+    includeInPlan: true,
+    includeInConfigure: true,
+    includeInAudit: true,
+    providerIdPathSegmentIndex: 4,
+  },
+];
+
+export function collectRuntimeConfigAssignments(params: {
+  config: { channels?: Record<string, unknown> };
+  defaults?: SecretDefaults;
+  context: ResolverContext;
+}): void {
+  const resolved = getChannelSurface(params.config, "discord");
+  if (!resolved) {
+    return;
+  }
+  const { channel: discord, surface } = resolved;
+  collectSimpleChannelFieldAssignments({
+    channelKey: "discord",
+    field: "token",
+    channel: discord,
+    surface,
+    defaults: params.defaults,
+    context: params.context,
+    topInactiveReason: "no enabled account inherits this top-level Discord token.",
+    accountInactiveReason: "Discord account is disabled.",
+  });
+  collectNestedChannelFieldAssignments({
+    channelKey: "discord",
+    nestedKey: "pluralkit",
+    field: "token",
+    channel: discord,
+    surface,
+    defaults: params.defaults,
+    context: params.context,
+    topLevelActive:
+      isBaseFieldActiveForChannelSurface(surface, "pluralkit") &&
+      isRecord(discord.pluralkit) &&
+      isEnabledFlag(discord.pluralkit),
+    topInactiveReason:
+      "no enabled Discord surface inherits this top-level PluralKit config or PluralKit is disabled.",
+    accountActive: ({ account, enabled }) =>
+      enabled && isRecord(account.pluralkit) && isEnabledFlag(account.pluralkit),
+    accountInactiveReason: "Discord account is disabled or PluralKit is disabled for this account.",
+  });
+  collectNestedChannelTtsAssignments({
+    channelKey: "discord",
+    nestedKey: "voice",
+    channel: discord,
+    surface,
+    defaults: params.defaults,
+    context: params.context,
+    topLevelActive:
+      isBaseFieldActiveForChannelSurface(surface, "voice") &&
+      isRecord(discord.voice) &&
+      isEnabledFlag(discord.voice),
+    topInactiveReason:
+      "no enabled Discord surface inherits this top-level voice config or voice is disabled.",
+    accountActive: ({ account, enabled }) =>
+      enabled && isRecord(account.voice) && isEnabledFlag(account.voice),
+    accountInactiveReason: "Discord account is disabled or voice is disabled for this account.",
+  });
+}

package/src/security-audit.runtime.ts

@@ -0,0 +1 @@
+export { collectDiscordSecurityAuditFindings } from "./security-audit.js";

package/src/security-audit.test.ts

@@ -0,0 +1,245 @@
+import { describe, expect, it, vi } from "vitest";
+import type { ResolvedDiscordAccount } from "./accounts.js";
+import type { KlawConfig } from "./runtime-api.js";
+import { collectDiscordSecurityAuditFindings } from "./security-audit.js";
+
+type DiscordAccountConfig = ResolvedDiscordAccount["config"];
+
+const { readChannelAllowFromStoreMock } = vi.hoisted(() => ({
+  readChannelAllowFromStoreMock: vi.fn(async () => [] as string[]),
+}));
+
+vi.mock("klaw/plugin-sdk/conversation-runtime", () => ({
+  readChannelAllowFromStore: readChannelAllowFromStoreMock,
+}));
+
+function createAccount(
+  config: DiscordAccountConfig,
+  accountId = "default",
+): ResolvedDiscordAccount {
+  return {
+    accountId,
+    enabled: true,
+    token: "t",
+    tokenSource: "config",
+    tokenStatus: "available",
+    config,
+  };
+}
+
+async function collectFindings(params: {
+  cfg: KlawConfig;
+  config: DiscordAccountConfig;
+  accountId?: string;
+  orderedAccountIds?: string[];
+  hasExplicitAccountPath?: boolean;
+  storeAllowFrom?: string[];
+}) {
+  readChannelAllowFromStoreMock.mockResolvedValue(params.storeAllowFrom ?? []);
+  return await collectDiscordSecurityAuditFindings({
+    cfg: params.cfg,
+    account: createAccount(params.config, params.accountId),
+    accountId: params.accountId ?? "default",
+    orderedAccountIds: params.orderedAccountIds ?? ["default"],
+    hasExplicitAccountPath: params.hasExplicitAccountPath ?? false,
+  });
+}
+
+describe("Discord security audit findings", () => {
+  it("flags slash commands when access-group enforcement is disabled and no users allowlist exists", async () => {
+    const cfg: KlawConfig = {
+      commands: { native: true, useAccessGroups: false },
+      channels: {
+        discord: {
+          enabled: true,
+          token: "t",
+          groupPolicy: "allowlist",
+          guilds: {
+            "123": {
+              channels: {
+                general: { enabled: true },
+              },
+            },
+          },
+        },
+      },
+    };
+
+    const discordConfig = cfg.channels?.discord;
+    if (!discordConfig) {
+      throw new Error("discord config required");
+    }
+    const findings = await collectFindings({
+      cfg,
+      config: discordConfig,
+    });
+
+    const unrestrictedFinding = findings.find(
+      (finding) => finding.checkId === "channels.discord.commands.native.unrestricted",
+    );
+    expect(unrestrictedFinding?.severity).toBe("critical");
+  });
+
+  it.each([
+    {
+      name: "flags missing guild user allowlists",
+      cfg: {
+        commands: { native: true },
+        channels: {
+          discord: {
+            enabled: true,
+            token: "t",
+            groupPolicy: "allowlist",
+            guilds: {
+              "123": {
+                channels: {
+                  general: { enabled: true },
+                },
+              },
+            },
+          },
+        },
+      } satisfies KlawConfig,
+      expectFinding: true,
+    },
+    {
+      name: "does not flag when dm.allowFrom includes a Discord snowflake id",
+      cfg: {
+        commands: { native: true },
+        channels: {
+          discord: {
+            enabled: true,
+            token: "t",
+            dm: { allowFrom: ["387380367612706819"] },
+            groupPolicy: "allowlist",
+            guilds: {
+              "123": {
+                channels: {
+                  general: { enabled: true },
+                },
+              },
+            },
+          },
+        },
+      } satisfies KlawConfig,
+      expectFinding: false,
+    },
+  ])("$name", async (testCase) => {
+    const findings = await collectFindings({
+      cfg: testCase.cfg,
+      config: testCase.cfg.channels.discord,
+    });
+
+    expect(
+      findings.some(
+        (finding) => finding.checkId === "channels.discord.commands.native.no_allowlists",
+      ),
+    ).toBe(testCase.expectFinding);
+  });
+
+  it.each([
+    {
+      name: "warns when Discord allowlists contain name-based entries",
+      config: {
+        enabled: true,
+        token: "t",
+        allowFrom: ["Alice#1234", "<@123456789012345678>"],
+        guilds: {
+          "123": {
+            users: ["trusted.operator"],
+            channels: {
+              general: {
+                users: ["987654321098765432", "security-team"],
+              },
+            },
+          },
+        },
+      } satisfies DiscordAccountConfig,
+      storeAllowFrom: ["team.owner"],
+      expectNameBasedSeverity: "warn",
+      detailIncludes: [
+        "channels.discord.allowFrom:Alice#1234",
+        "channels.discord.guilds.123.users:trusted.operator",
+        "channels.discord.guilds.123.channels.general.users:security-team",
+        "~/.klaw/credentials/discord-allowFrom.json:team.owner",
+      ],
+      detailExcludes: ["<@123456789012345678>"],
+    },
+    {
+      name: "marks Discord name-based allowlists as break-glass when dangerous matching is enabled",
+      config: {
+        enabled: true,
+        token: "t",
+        dangerouslyAllowNameMatching: true,
+        allowFrom: ["Alice#1234"],
+      } satisfies DiscordAccountConfig,
+      expectNameBasedSeverity: "info",
+      detailIncludes: ["out-of-scope"],
+    },
+    {
+      name: "audits name-based allowlists on non-default Discord accounts",
+      accountId: "beta",
+      orderedAccountIds: ["alpha", "beta"],
+      hasExplicitAccountPath: true,
+      config: {
+        enabled: true,
+        token: "b",
+        allowFrom: ["Alice#1234"],
+      } satisfies DiscordAccountConfig,
+      expectNameBasedSeverity: "warn",
+      detailIncludes: ["channels.discord.accounts.beta.allowFrom:Alice#1234"],
+    },
+    {
+      name: "does not warn when Discord allowlists use ID-style entries only",
+      config: {
+        enabled: true,
+        token: "t",
+        allowFrom: [
+          "123456789012345678",
+          "<@223456789012345678>",
+          "user:323456789012345678",
+          "discord:423456789012345678",
+          "pk:member-123",
+        ],
+        guilds: {
+          "123": {
+            users: ["523456789012345678", "<@623456789012345678>", "pk:member-456"],
+            channels: {
+              general: {
+                users: ["723456789012345678", "user:823456789012345678"],
+              },
+            },
+          },
+        },
+      } satisfies DiscordAccountConfig,
+      expectNoNameBasedFinding: true,
+    },
+  ])("$name", async (testCase) => {
+    const findings = await collectFindings({
+      cfg: { channels: { discord: testCase.config } },
+      config: testCase.config,
+      accountId: testCase.accountId,
+      orderedAccountIds: testCase.orderedAccountIds,
+      hasExplicitAccountPath: testCase.hasExplicitAccountPath,
+      storeAllowFrom: testCase.storeAllowFrom,
+    });
+    const nameBasedFinding = findings.find(
+      (entry) => entry.checkId === "channels.discord.allowFrom.name_based_entries",
+    );
+
+    if (testCase.expectNoNameBasedFinding) {
+      expect(nameBasedFinding).toBeUndefined();
+    } else {
+      if (!nameBasedFinding) {
+        throw new Error(`expected name-based finding for ${testCase.name}`);
+      }
+      expect(nameBasedFinding.severity).toBe(testCase.expectNameBasedSeverity);
+      for (const snippet of testCase.detailIncludes ?? []) {
+        expect(nameBasedFinding.detail).toContain(snippet);
+      }
+      for (const snippet of testCase.detailExcludes ?? []) {
+        expect(nameBasedFinding.detail).not.toContain(snippet);
+      }
+    }
+  });
+});

package/src/security-audit.ts

@@ -0,0 +1,208 @@
+import { coerceNativeSetting, normalizeAllowFromList } from "klaw/plugin-sdk/channel-policy";
+import { readChannelAllowFromStore } from "klaw/plugin-sdk/conversation-runtime";
+import { isDangerousNameMatchingEnabled } from "klaw/plugin-sdk/dangerous-name-runtime";
+import {
+  resolveNativeCommandsEnabled,
+  resolveNativeSkillsEnabled,
+} from "klaw/plugin-sdk/native-command-config-runtime";
+import type { ResolvedDiscordAccount } from "./accounts.js";
+import type { KlawConfig } from "./runtime-api.js";
+import { isDiscordMutableAllowEntry } from "./security-doctor.js";
+
+function normalizeOptionalString(value: string | null | undefined): string | undefined {
+  const normalized = value?.trim();
+  return normalized ? normalized : undefined;
+}
+
+function addDiscordNameBasedEntries(params: {
+  target: Set<string>;
+  values: unknown;
+  source: string;
+}) {
+  if (!Array.isArray(params.values)) {
+    return;
+  }
+  for (const value of params.values) {
+    if (!isDiscordMutableAllowEntry(String(value))) {
+      continue;
+    }
+    const text = normalizeOptionalString(String(value)) ?? "";
+    if (!text) {
+      continue;
+    }
+    params.target.add(`${params.source}:${text}`);
+  }
+}
+
+export async function collectDiscordSecurityAuditFindings(params: {
+  cfg: KlawConfig;
+  accountId?: string | null;
+  account: ResolvedDiscordAccount;
+  orderedAccountIds: string[];
+  hasExplicitAccountPath: boolean;
+}) {
+  const findings: Array<{
+    checkId: string;
+    severity: "info" | "warn" | "critical";
+    title: string;
+    detail: string;
+    remediation?: string;
+  }> = [];
+  const discordCfg = params.account.config ?? {};
+  const accountId =
+    normalizeOptionalString(params.accountId) ?? params.account.accountId ?? "default";
+  const dangerousNameMatchingEnabled = isDangerousNameMatchingEnabled(discordCfg);
+  const storeAllowFrom = await readChannelAllowFromStore("discord", process.env, accountId).catch(
+    () => [],
+  );
+  const discordNameBasedAllowEntries = new Set<string>();
+  const discordPathPrefix =
+    params.orderedAccountIds.length > 1 || params.hasExplicitAccountPath
+      ? `channels.discord.accounts.${accountId}`
+      : "channels.discord";
+
+  addDiscordNameBasedEntries({
+    target: discordNameBasedAllowEntries,
+    values: discordCfg.allowFrom,
+    source: `${discordPathPrefix}.allowFrom`,
+  });
+  addDiscordNameBasedEntries({
+    target: discordNameBasedAllowEntries,
+    values: (discordCfg.dm as { allowFrom?: unknown } | undefined)?.allowFrom,
+    source: `${discordPathPrefix}.dm.allowFrom`,
+  });
+  addDiscordNameBasedEntries({
+    target: discordNameBasedAllowEntries,
+    values: storeAllowFrom,
+    source: "~/.klaw/credentials/discord-allowFrom.json",
+  });
+
+  const guildEntries = (discordCfg.guilds as Record<string, unknown> | undefined) ?? {};
+  for (const [guildKey, guildValue] of Object.entries(guildEntries)) {
+    if (!guildValue || typeof guildValue !== "object") {
+      continue;
+    }
+    const guild = guildValue as Record<string, unknown>;
+    addDiscordNameBasedEntries({
+      target: discordNameBasedAllowEntries,
+      values: guild.users,
+      source: `${discordPathPrefix}.guilds.${guildKey}.users`,
+    });
+    const channels = guild.channels;
+    if (!channels || typeof channels !== "object") {
+      continue;
+    }
+    for (const [channelKey, channelValue] of Object.entries(channels as Record<string, unknown>)) {
+      if (!channelValue || typeof channelValue !== "object") {
+        continue;
+      }
+      const channel = channelValue as Record<string, unknown>;
+      addDiscordNameBasedEntries({
+        target: discordNameBasedAllowEntries,
+        values: channel.users,
+        source: `${discordPathPrefix}.guilds.${guildKey}.channels.${channelKey}.users`,
+      });
+    }
+  }
+
+  if (discordNameBasedAllowEntries.size > 0) {
+    const examples = Array.from(discordNameBasedAllowEntries).slice(0, 5);
+    const more =
+      discordNameBasedAllowEntries.size > examples.length
+        ? ` (+${discordNameBasedAllowEntries.size - examples.length} more)`
+        : "";
+    findings.push({
+      checkId: "channels.discord.allowFrom.name_based_entries",
+      severity: dangerousNameMatchingEnabled ? "info" : "warn",
+      title: dangerousNameMatchingEnabled
+        ? "Discord allowlist uses break-glass name/tag matching"
+        : "Discord allowlist contains name or tag entries",
+      detail: dangerousNameMatchingEnabled
+        ? "Discord name/tag allowlist matching is explicitly enabled via dangerouslyAllowNameMatching. This mutable-identity mode is operator-selected break-glass behavior and out-of-scope for vulnerability reports by itself. " +
+          `Found: ${examples.join(", ")}${more}.`
+        : "Discord name/tag allowlist matching uses normalized slugs and can collide across users. " +
+          `Found: ${examples.join(", ")}${more}.`,
+      remediation: dangerousNameMatchingEnabled
+        ? "Prefer stable Discord IDs (or <@id>/user:<id>/pk:<id>), then disable dangerouslyAllowNameMatching."
+        : "Prefer stable Discord IDs (or <@id>/user:<id>/pk:<id>) in channels.discord.allowFrom and channels.discord.guilds.*.users, or explicitly opt in with dangerouslyAllowNameMatching=true if you accept the risk.",
+    });
+  }
+
+  const nativeEnabled = resolveNativeCommandsEnabled({
+    providerId: "discord",
+    providerSetting: coerceNativeSetting(
+      (discordCfg.commands as { native?: unknown } | undefined)?.native,
+    ),
+    globalSetting: params.cfg.commands?.native,
+  });
+  const nativeSkillsEnabled = resolveNativeSkillsEnabled({
+    providerId: "discord",
+    providerSetting: coerceNativeSetting(
+      (discordCfg.commands as { nativeSkills?: unknown } | undefined)?.nativeSkills,
+    ),
+    globalSetting: params.cfg.commands?.nativeSkills,
+  });
+  if (!nativeEnabled && !nativeSkillsEnabled) {
+    return findings;
+  }
+
+  const defaultGroupPolicy = params.cfg.channels?.defaults?.groupPolicy;
+  const groupPolicy =
+    (discordCfg.groupPolicy as string | undefined) ?? defaultGroupPolicy ?? "allowlist";
+  const guildsConfigured = Object.keys(guildEntries).length > 0;
+  const hasAnyUserAllowlist = Object.values(guildEntries).some((guild) => {
+    if (!guild || typeof guild !== "object") {
+      return false;
+    }
+    const record = guild as Record<string, unknown>;
+    if (Array.isArray(record.users) && record.users.length > 0) {
+      return true;
+    }
+    const channels = record.channels;
+    if (!channels || typeof channels !== "object") {
+      return false;
+    }
+    return Object.values(channels as Record<string, unknown>).some((channel) => {
+      if (!channel || typeof channel !== "object") {
+        return false;
+      }
+      const channelRecord = channel as Record<string, unknown>;
+      return Array.isArray(channelRecord.users) && channelRecord.users.length > 0;
+    });
+  });
+  const dmAllowFromRaw = (discordCfg.dm as { allowFrom?: unknown } | undefined)?.allowFrom;
+  const dmAllowFrom = Array.isArray(dmAllowFromRaw) ? dmAllowFromRaw : [];
+  const ownerAllowFromConfigured =
+    normalizeAllowFromList([...dmAllowFrom, ...storeAllowFrom]).length > 0;
+  const useAccessGroups = params.cfg.commands?.useAccessGroups !== false;
+
+  if (!useAccessGroups && groupPolicy !== "disabled" && guildsConfigured && !hasAnyUserAllowlist) {
+    findings.push({
+      checkId: "channels.discord.commands.native.unrestricted",
+      severity: "critical",
+      title: "Discord slash commands are unrestricted",
+      detail:
+        "commands.useAccessGroups=false disables sender allowlists for Discord slash commands unless a per-guild/channel users allowlist is configured; with no users allowlist, any user in allowed guild channels can invoke /… commands.",
+      remediation:
+        "Set commands.useAccessGroups=true (recommended), or configure channels.discord.guilds.<id>.users (or channels.discord.guilds.<id>.channels.<channel>.users).",
+    });
+  } else if (
+    useAccessGroups &&
+    groupPolicy !== "disabled" &&
+    guildsConfigured &&
+    !ownerAllowFromConfigured &&
+    !hasAnyUserAllowlist
+  ) {
+    findings.push({
+      checkId: "channels.discord.commands.native.no_allowlists",
+      severity: "warn",
+      title: "Discord slash commands have no allowlists",
+      detail:
+        "Discord slash commands are enabled, but neither an owner allowFrom list nor any per-guild/channel users allowlist is configured; /… commands will be rejected for everyone.",
+      remediation:
+        "Add your user id to channels.discord.allowFrom (or approve yourself via pairing), or configure channels.discord.guilds.<id>.users.",
+    });
+  }
+
+  return findings;
+}

package/src/security-contract.ts

@@ -0,0 +1,47 @@
+import { isRecord } from "klaw/plugin-sdk/string-coerce-runtime";
+
+type UnsupportedSecretRefConfigCandidate = {
+  path: string;
+  value: unknown;
+};
+
+export const unsupportedSecretRefSurfacePatterns = [
+  "channels.discord.threadBindings.webhookToken",
+  "channels.discord.accounts.*.threadBindings.webhookToken",
+] as const;
+
+export function collectUnsupportedSecretRefConfigCandidates(
+  raw: unknown,
+): UnsupportedSecretRefConfigCandidate[] {
+  if (!isRecord(raw)) {
+    return [];
+  }
+  if (!isRecord(raw.channels) || !isRecord(raw.channels.discord)) {
+    return [];
+  }
+
+  const candidates: UnsupportedSecretRefConfigCandidate[] = [];
+  const discord = raw.channels.discord;
+  const threadBindings = isRecord(discord.threadBindings) ? discord.threadBindings : null;
+  if (threadBindings) {
+    candidates.push({
+      path: "channels.discord.threadBindings.webhookToken",
+      value: threadBindings.webhookToken,
+    });
+  }
+
+  const accounts = isRecord(discord.accounts) ? discord.accounts : null;
+  if (!accounts) {
+    return candidates;
+  }
+  for (const [accountId, account] of Object.entries(accounts)) {
+    if (!isRecord(account) || !isRecord(account.threadBindings)) {
+      continue;
+    }
+    candidates.push({
+      path: `channels.discord.accounts.${accountId}.threadBindings.webhookToken`,
+      value: account.threadBindings.webhookToken,
+    });
+  }
+  return candidates;
+}

package/src/security-doctor.test.ts

@@ -0,0 +1,25 @@
+import { describe, expect, it } from "vitest";
+import { isDiscordMutableAllowEntry } from "./security-doctor.js";
+
+describe("discord security doctor helpers", () => {
+  it("rejects stable ids and wildcard forms", () => {
+    expect(isDiscordMutableAllowEntry("*")).toBe(false);
+    expect(isDiscordMutableAllowEntry("123456789")).toBe(false);
+    expect(isDiscordMutableAllowEntry("<@123456789>")).toBe(false);
+    expect(isDiscordMutableAllowEntry("user:123456789")).toBe(false);
+    expect(isDiscordMutableAllowEntry("pk:123456789")).toBe(false);
+  });
+
+  it("flags freeform names but not prefixed stable-id namespaces", () => {
+    expect(isDiscordMutableAllowEntry("alice")).toBe(true);
+    expect(isDiscordMutableAllowEntry("discord:alice")).toBe(false);
+    expect(isDiscordMutableAllowEntry("user:alice")).toBe(false);
+    expect(isDiscordMutableAllowEntry("pk:alice")).toBe(false);
+  });
+
+  it("treats empty prefixed entries as mutable placeholders", () => {
+    expect(isDiscordMutableAllowEntry("discord:")).toBe(true);
+    expect(isDiscordMutableAllowEntry("user:")).toBe(true);
+    expect(isDiscordMutableAllowEntry("pk:")).toBe(true);
+  });
+});