chore(security): add guardrails and PR merge summary docs

docs/DISCORD_CONTROL.md

@@ -21,6 +21,10 @@ export AUTH_TOKEN='strong-token'
 # optional allowlist
 # export ALLOWED_GUILD_IDS='123,456'
 # export ALLOWED_CALLER_IDS='agent-main,agent-admin'
+# optional limits
+# export MAX_MEMBER_FIELDS=20
+# export MAX_MEMBER_RESPONSE_BYTES=500000
+# export MAX_PRIVATE_MUTATION_TARGETS=200
 node server.mjs
 ```
 

docs/PR_SUMMARY.md

@@ -0,0 +1,55 @@
+# PR Summary (WhisperGate + Discord Control)
+
+## Scope
+
+This PR delivers two tracks:
+
+1. WhisperGate deterministic no-reply gate for Discord sessions
+2. Discord control extension API for private-channel/member-list gaps
+
+## Delivered Features
+
+### WhisperGate
+
+- Deterministic rule chain:
+  1) non-discord => skip
+  2) bypass sender => skip
+  3) ending symbol matched => skip
+  4) else => no-reply provider/model override
+- `NO_REPLY` backend API (`/v1/chat/completions`, `/v1/responses`, `/v1/models`)
+- Optional API bearer auth (`AUTH_TOKEN`)
+- Prompt prepend on bypass/end-symbol paths:
+  - `你的这次发言必须以🔚作为结尾。`
+- Rule validation script and fixtures
+
+### Discord Control API
+
+- `channel-private-create`
+- `channel-private-update` (`merge`/`replace`)
+- `member-list` with optional field projection
+- Action gate + guild allowlist + caller allowlist + bearer auth
+- Dry-run support for channel private actions
+
+## Runtime Mode
+
+- No-Docker-first
+- Run directly with Node.js
+
+## Security Defaults (recommended)
+
+- Set `AUTH_TOKEN`
+- Set `REQUIRE_AUTH_TOKEN=true`
+- Use `ALLOWED_GUILD_IDS`
+- Use `ALLOWED_CALLER_IDS`
+- Keep Discord bot token in env only (`DISCORD_BOT_TOKEN`)
+
+## Known Limits
+
+- This repo cannot elevate bot privileges; Discord admin permissions still govern all actions.
+- `member-list` depends on Discord API permission/intents availability.
+
+## Rollback
+
+- Disable plugin entry or remove plugin path from OpenClaw config
+- Stop `discord-control-api` process
+- Keep no-reply API stopped if not needed