feat(discord-control): align auth with token/allowlist/action-gate and add dryRun

2026-02-25 21:57:39 +00:00
parent 867285309b
commit 4bec5982a5
2 changed files with 104 additions and 24 deletions
--- a/docs/DISCORD_CONTROL.md
+++ b/docs/DISCORD_CONTROL.md
@@ -10,8 +10,16 @@
 ```bash
 cd discord-control-api
 export DISCORD_BOT_TOKEN='xxx'
-# optional
-# export AUTH_TOKEN='strong-token'
+# 建议启用
+export AUTH_TOKEN='strong-token'
+# optional hard requirement
+# export REQUIRE_AUTH_TOKEN=true
+# optional action gates
+# export ENABLE_CHANNEL_PRIVATE_CREATE=true
+# export ENABLE_MEMBER_LIST=true
+# optional allowlist
+# export ALLOWED_GUILD_IDS='123,456'
+# export ALLOWED_CALLER_IDS='agent-main,agent-admin'
 node server.mjs
 ```

@@ -26,6 +34,7 @@ curl -sS http://127.0.0.1:8790/health
 `POST /v1/discord/action`

 - Header: `Authorization: Bearer <AUTH_TOKEN>`（若配置）
+- Header: `X-OpenClaw-Caller-Id: <id>`（若配置了 `ALLOWED_CALLER_IDS`）
 - Body: `{ "action": "...", ... }`

 ---
@@ -49,7 +58,8 @@ curl -sS http://127.0.0.1:8790/health
  "allowedUserIds": ["111", "222"],
  "allowedRoleIds": ["333"],
  "allowMask": "67648",
-  "denyEveryoneMask": "1024"
+  "denyEveryoneMask": "1024",
+  "dryRun": false
 }
 ```

@@ -81,5 +91,11 @@ curl -sS http://127.0.0.1:8790/health

 ## Notes

+鉴权与内置风格对齐（简化版）：
+- 控制面 token：`AUTH_TOKEN` / `REQUIRE_AUTH_TOKEN`
+- 调用者 allowlist：`ALLOWED_CALLER_IDS`（配合 `X-OpenClaw-Caller-Id`）
+- action gate：`ENABLE_CHANNEL_PRIVATE_CREATE` / `ENABLE_MEMBER_LIST`
+- guild allowlist：`ALLOWED_GUILD_IDS`
+
 - 这不是 bot 自提权工具；bot 仍需由管理员授予足够权限。
- 若无权限，Discord API 会返回 403 并原样透出错误信息。
+- 若无权限，Discord API 会返回 403 并透传错误细节。