fix: strip user: prefix from Discord allowed user IDs in onboarding

Users sometimes paste Discord IDs with prefixes like 'user:123456', '<@123456>', or '<@!123456>' from Discord's UI or third-party tools. This caused auth failures since the allowlist contained 'user:123' but the actual user_id from messages was just '123'. Fixes: - Added _clean_discord_id() helper in discord.py to strip common prefixes - Applied sanitization at runtime when parsing DISCORD_ALLOWED_USERS env var - Applied sanitization in hermes setup and hermes gateway setup input flows - Handles user:, <@>, and <@!> prefix formats
2026-04-25 00:51:20 +00:00 · 2026-03-13 09:35:39 -07:00 · 2026-03-13 09:35:39 -07:00 · 153ccbfd61
commit 153ccbfd61
parent e8c9bcea2b
3 changed files with 53 additions and 3 deletions
--- a/hermes_cli/gateway.py
+++ b/hermes_cli/gateway.py
@ -623,6 +623,18 @@ def _setup_standard_platform(platform: dict):
            value = prompt(f"  {var['prompt']}", password=False)
            if value:
                cleaned = value.replace(" ", "")
+                # For Discord, strip common prefixes (user:123, <@123>, <@!123>)
+                if "DISCORD" in var["name"]:
+                    parts = []
+                    for uid in cleaned.split(","):
+                        uid = uid.strip()
+                        if uid.startswith("<@") and uid.endswith(">"):
+                            uid = uid.lstrip("<@!").rstrip(">")
+                        if uid.lower().startswith("user:"):
+                            uid = uid[5:]
+                        if uid:
+                            parts.append(uid)
+                    cleaned = ",".join(parts)
                save_env_value(var["name"], cleaned)
                print_success(f"  Saved — only these users can interact with the bot.")
                allowed_val_set = cleaned