Summary
Add environment-based allowlists to control who can trigger the bot and in which channels.
Implementation
ALLOWED_USERS - Comma-separated Discord user IDsALLOWED_ROLES - Comma-separated Discord role IDsALLOWED_CHANNELS - Comma-separated channel IDs
Check these before queueing any job in bot.ts. If lists are empty, allow all (current behavior).
Priority
This is the highest-priority safety feature - prevents random server members from spawning Claude sessions.
Labels
enhancement, security
Summary
Add environment-based allowlists to control who can trigger the bot and in which channels.
Implementation
ALLOWED_USERS- Comma-separated Discord user IDsALLOWED_ROLES- Comma-separated Discord role IDsALLOWED_CHANNELS- Comma-separated channel IDsCheck these before queueing any job in bot.ts. If lists are empty, allow all (current behavior).
Priority
This is the highest-priority safety feature - prevents random server members from spawning Claude sessions.
Labels
enhancement, security