Harden Discord chat agent routing, validation, and runtime error handling.

andrelandgraf · andrelandgraf · commit a6dabfdd4df4 · 2026-02-27T22:07:50.000-08:00
This scopes prompt handling to the configured channel, adds stronger prompt and event-update validation, and improves gateway startup failure responses for safer production behavior.
diff --git a/app/src/app/api/discord/gateway/route.ts b/app/src/app/api/discord/gateway/route.ts
@@ -25,15 +25,25 @@ export async function GET(request: Request): Promise<Response> {
     return new Response("Unauthorized", { status: 401 });
   }
 
-  const bot = getDiscordReviewBot();
-  const discordAdapter = bot.getAdapter("discord");
-  const durationMs = 600 * 1000;
-  const webhookUrl = `${mainConfig.instance.origin}/api/webhooks/discord`;
+  try {
+    const bot = getDiscordReviewBot();
+    const discordAdapter = bot.getAdapter("discord");
+    const durationMs = 600 * 1000;
+    const webhookUrl = `${mainConfig.instance.origin}/api/webhooks/discord`;
 
-  return discordAdapter.startGatewayListener(
-    { waitUntil: (task) => after(() => task) },
-    durationMs,
-    undefined,
-    webhookUrl,
-  );
+    return discordAdapter.startGatewayListener(
+      { waitUntil: (task) => after(() => task) },
+      durationMs,
+      undefined,
+      webhookUrl,
+    );
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    return new Response(
+      `Failed to start Discord gateway listener: ${message}`,
+      {
+        status: 500,
+      },
+    );
+  }
 }
diff --git a/app/src/lib/discord/prompt-agent.ts b/app/src/lib/discord/prompt-agent.ts
@@ -2,7 +2,7 @@ import { db } from "@/lib/db";
 import { mainConfig } from "@/lib/config";
 import { eventsTable, type InsertEvent } from "@/lib/schema";
 import { createLumaClient } from "@/lib/luma";
-import { and, eq } from "drizzle-orm";
+import { eq } from "drizzle-orm";
 import { createGateway, generateText, tool } from "ai";
 import { z } from "zod";
 
@@ -71,25 +71,32 @@ function normalizeUpdateData(
   if (typeof eventData.attendeeLimit === "number") {
     normalized.attendeeLimit = eventData.attendeeLimit;
   }
-  if (typeof eventData.tagline === "string") normalized.tagline = eventData.tagline;
+  if (typeof eventData.tagline === "string")
+    normalized.tagline = eventData.tagline;
   if (typeof eventData.startDate === "string") {
     normalized.startDate = toDate(eventData.startDate);
   }
   if (typeof eventData.endDate === "string") {
     normalized.endDate = toDate(eventData.endDate);
   }
-  if ("lumaEventId" in eventData) normalized.lumaEventId = eventData.lumaEventId;
-  if (typeof eventData.isDraft === "boolean") normalized.isDraft = eventData.isDraft;
+  if ("lumaEventId" in eventData)
+    normalized.lumaEventId = eventData.lumaEventId;
+  if (typeof eventData.isDraft === "boolean")
+    normalized.isDraft = eventData.isDraft;
   if (typeof eventData.isHackathon === "boolean") {
     normalized.isHackathon = eventData.isHackathon;
   }
   if (typeof eventData.highlightOnLandingPage === "boolean") {
     normalized.highlightOnLandingPage = eventData.highlightOnLandingPage;
   }
-  if ("fullAddress" in eventData) normalized.fullAddress = eventData.fullAddress;
-  if ("shortLocation" in eventData) normalized.shortLocation = eventData.shortLocation;
-  if ("streetAddress" in eventData) normalized.streetAddress = eventData.streetAddress;
-  if ("recordingUrl" in eventData) normalized.recordingUrl = eventData.recordingUrl;
+  if ("fullAddress" in eventData)
+    normalized.fullAddress = eventData.fullAddress;
+  if ("shortLocation" in eventData)
+    normalized.shortLocation = eventData.shortLocation;
+  if ("streetAddress" in eventData)
+    normalized.streetAddress = eventData.streetAddress;
+  if ("recordingUrl" in eventData)
+    normalized.recordingUrl = eventData.recordingUrl;
 
   return normalized;
 }
@@ -104,17 +111,23 @@ async function getEventBySlug(slug: string) {
   return event ?? null;
 }
 
-async function updateEventBySlug(input: z.infer<typeof updateEventInputSchema>) {
+async function updateEventBySlug(
+  input: z.infer<typeof updateEventInputSchema>,
+) {
   const existingEvent = await getEventBySlug(input.slug);
   if (!existingEvent) {
     throw new Error(`Event not found for slug: ${input.slug}`);
   }
 
   const normalized = normalizeUpdateData(input.eventData);
+  if (Object.keys(normalized).length === 0) {
+    throw new Error("No valid fields were provided for update");
+  }
+
   const [updated] = await db
     .update(eventsTable)
     .set(normalized)
-    .where(and(eq(eventsTable.id, existingEvent.id)))
+    .where(eq(eventsTable.id, existingEvent.id))
     .returning();
 
   return updated ?? null;
@@ -152,15 +165,21 @@ function buildTools() {
 export async function runDiscordPromptAgent(input: {
   prompt: string;
 }): Promise<string> {
+  const prompt = input.prompt.trim();
+  if (!prompt) {
+    return "Please provide a prompt.";
+  }
+
   const { text } = await generateText({
     model: getGatewayModel(),
     tools: buildTools(),
     system: `You are the AllThingsWeb Discord ops assistant.
 You can inspect and update AllThingsWeb event data and fetch Luma event payloads.
 Use tools whenever the answer depends on current data.
 Before updating event data, confirm intent from the user message and summarize what changed.
+If user intent is ambiguous, ask a clarifying question instead of calling update tools.
 Be concise and action-oriented.`,
-    prompt: input.prompt,
+    prompt,
   });
 
   return text.trim();
diff --git a/app/src/lib/discord/review-bot.tsx b/app/src/lib/discord/review-bot.tsx
@@ -27,8 +27,9 @@ type ReviewCardInput = {
   isDraft: boolean;
 };
 
-let reviewBot: Chat<{ discord: ReturnType<typeof createDiscordAdapter> }> | null =
-  null;
+let reviewBot: Chat<{
+  discord: ReturnType<typeof createDiscordAdapter>;
+}> | null = null;
 let handlersRegistered = false;
 
 function requireDiscordConfig() {
@@ -94,22 +95,35 @@ function registerHandlers(
     await event.thread.post("No pending review session found for this event.");
   });
 
+  const isPromptChannelMessage = (thread: Thread): boolean => {
+    const { reviewChannelId } = requireDiscordConfig();
+    const discordAdapter = bot.getAdapter("discord");
+    const decodedThread = discordAdapter.decodeThreadId(thread.id);
+    return decodedThread.channelId === reviewChannelId;
+  };
+
   const promptFromMessage = async (thread: Thread, message: Message) => {
+    if (!isPromptChannelMessage(thread)) {
+      return;
+    }
+
     const userPrompt = message.text?.trim();
-    if (!userPrompt) {
+    if (!userPrompt || userPrompt.length < 2) {
       return;
     }
 
     try {
       await thread.startTyping();
       const response = await runDiscordPromptAgent({
-        prompt: userPrompt,
+        prompt: userPrompt.slice(0, 4000),
       });
       await thread.post(response || "I couldn't generate a response.");
     } catch (error) {
       const errorMessage =
         error instanceof Error ? error.message : "Unknown error";
-      await thread.post(`I hit an error while processing that request: ${errorMessage}`);
+      await thread.post(
+        `I hit an error while processing that request: ${errorMessage}`,
+      );
     }
   };
 
@@ -164,7 +178,9 @@ export async function postEventReviewCard(
     Card({
       title: `New Luma event draft: ${input.name}`,
       children: [
-        CardText("Review this event draft and approve when it is ready to publish."),
+        CardText(
+          "Review this event draft and approve when it is ready to publish.",
+        ),
         Fields([
           Field({ label: "Event ID", value: input.eventId }),
           Field({ label: "Slug", value: input.slug }),
@@ -178,7 +194,10 @@ export async function postEventReviewCard(
             label: "End",
             value: new Date(input.endDate).toISOString().slice(0, 16),
           }),
-          Field({ label: "Attendee Limit", value: String(input.attendeeLimit) }),
+          Field({
+            label: "Attendee Limit",
+            value: String(input.attendeeLimit),
+          }),
         ]),
         CardText(input.tagline),
         Actions([
diff --git a/app/src/lib/review/approval.ts b/app/src/lib/review/approval.ts
@@ -56,7 +56,12 @@ export async function approveDiscordReviewSessionByEventId(input: {
     .set({
       isDraft: false,
     })
-    .where(and(eq(eventsTable.id, pendingSession.eventId), eq(eventsTable.isDraft, true)));
+    .where(
+      and(
+        eq(eventsTable.id, pendingSession.eventId),
+        eq(eventsTable.isDraft, true),
+      ),
+    );
 
   await db
     .update(eventReviewSessionsTable)
