fix(discord): deduplicate bootstrap by bot token#367
Merged
JonasJesus42 merged 3 commits intomainfrom Apr 7, 2026
Merged
Conversation
Multiple connections in Supabase can share the same bot token (duplicate entries). Without dedup, the bootstrap started multiple Discord.js clients with the same token, causing conflicts and duplicate events. Now tracks started tokens and skips connections that share an already running bot. Config cache is still synced for all connections. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 1 file
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="discord-read/server/main.ts">
<violation number="1" location="discord-read/server/main.ts:354">
P1: Skipping duplicate-token connections without registering an alias instance allows later onChange for that connection to start another Discord client with the same token.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| console.log( | ||
| `[BOOTSTRAP] Skipping ${connectionId} — bot already started for this token`, | ||
| ); | ||
| continue; |
Contributor
There was a problem hiding this comment.
P1: Skipping duplicate-token connections without registering an alias instance allows later onChange for that connection to start another Discord client with the same token.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At discord-read/server/main.ts, line 354:
<comment>Skipping duplicate-token connections without registering an alias instance allows later onChange for that connection to start another Discord client with the same token.</comment>
<file context>
@@ -353,13 +346,34 @@ async function bootstrapFromSupabase(): Promise<void> {
+ console.log(
+ `[BOOTSTRAP] Skipping ${connectionId} — bot already started for this token`,
+ );
+ continue;
+ }
+
</file context>
Logs which fields are present/missing when onChange tries to save config to Supabase, and when DISCORD_SAVE_CONFIG tool is called. This helps debug why some connections (e.g. deco-help) fail to persist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Logs every read/write to LazyStudioKV so we can see if TRIGGER_CONFIGURE is saving credentials and if notify() is finding them on reload. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
1 issue found across 3 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="discord-read/server/main.ts">
<violation number="1" location="discord-read/server/main.ts:176">
P1: Avoid logging any portion of the Discord bot token; log only presence/absence to prevent secret leakage in observability systems.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| `[CONFIG] Authorized Guilds: ${authorizedGuilds.length > 0 ? authorizedGuilds.join(", ") : "all"}`, | ||
| ); | ||
| console.log( | ||
| `[CONFIG] Bot token: ${botToken ? `${botToken.slice(0, 10)}...${botToken.slice(-4)}` : "MISSING"}`, |
Contributor
There was a problem hiding this comment.
P1: Avoid logging any portion of the Discord bot token; log only presence/absence to prevent secret leakage in observability systems.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At discord-read/server/main.ts, line 176:
<comment>Avoid logging any portion of the Discord bot token; log only presence/absence to prevent secret leakage in observability systems.</comment>
<file context>
@@ -169,6 +172,13 @@ const runtime = withRuntime<Env, typeof StateSchema, Registry>({
`[CONFIG] Authorized Guilds: ${authorizedGuilds.length > 0 ? authorizedGuilds.join(", ") : "all"}`,
);
+ console.log(
+ `[CONFIG] Bot token: ${botToken ? `${botToken.slice(0, 10)}...${botToken.slice(-4)}` : "MISSING"}`,
+ );
+ } else {
</file context>
Suggested change
| `[CONFIG] Bot token: ${botToken ? `${botToken.slice(0, 10)}...${botToken.slice(-4)}` : "MISSING"}`, | |
| `[CONFIG] Bot token: ${botToken ? "configured" : "MISSING"}`, | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Setand skips connections that share an already running botTest plan
Skipping conn_xxx — bot already started for this tokenfor duplicates🤖 Generated with Claude Code
Summary by cubic
Deduplicate Discord bootstrap by bot token so only one
discord.jsclient starts per unique token; config cache still updates for every connection. Adds diagnostic logs around config save and trigger storage to help trace missing fields and credentials.ensureBotRunningsucceeds.config-cachefor all connections, including duplicates.onChangeand DISCORD_SAVE_CONFIG, and log TriggerStorage GET/SET/DELETE (present/missing fields, masked bot token, env/runtime flags; credential reads/writes on reload).Written for commit 55d71af. Summary will update on new commits.