openclaw - 💡(How to fix) Fix Separate public message policy from native slash-command policy on Discord [1 participants]

Summary

Discord deployments often need different trust policies for public message replies vs native slash commands. Today those controls appear too tightly coupled, making it hard to allow safe public mention-based conversations while keeping slash/native command surfaces private, owner-only, or disabled.

Problem to solve

For public-facing Discord agents, operators may want to allow normal guild mention replies while restricting native slash/menu commands to owners or disabling them entirely. At the moment, message access policy and command access policy appear too closely linked in practice.

This creates an awkward tradeoff:

• allow public chat and risk exposing command surfaces more broadly than intended
• or lock down commands in a way that also restricts normal public mention behavior

These are different trust surfaces:

• public message replies are conversational and are often intentionally open to server members
• slash commands are operational/control surfaces and may need tighter protection

Proposed solution

Please add a distinct policy layer for native slash/menu commands, separate from normal message reply policy.

Useful capabilities would include:

• separate controls for DM message policy, guild/group message policy, mention/reply policy, and native slash/menu command policy
• allowlists for command invokers that are independent from normal message senders
• optional per-account, per-guild, or per-channel command policy overrides
• optional per-command or per-command-group restrictions for sensitive operations

Even a simpler split between:

• who can chat with the bot
• who can invoke command surfaces

would already make public Discord deployments much easier to secure cleanly.

Alternatives considered

Current workarounds include:

• using separate public and private/admin agents
• disabling native commands entirely even when public message replies are still desired
• overloading shared allowlist/policy controls for both messages and commands

Those approaches work, but add complexity or force operators into awkward tradeoffs.

Impact

This would improve safety and ergonomics for public Discord bots by letting operators preserve good public mention/reply UX without unnecessarily exposing command surfaces. It would also reduce the need for multi-agent/account workarounds when one deployment needs both public chat and private operational controls.

Evidence/examples

Example scenarios:

1. Allow public mention replies in guilds, but disable all native slash commands entirely.
2. Allow public mention replies, but only allow slash commands from a specific owner allowlist.
3. Keep DM access private to the owner, while still allowing public mention replies in guilds.
4. Restrict sensitive commands (restart/reset/admin-style operations) without affecting normal chat replies.

Additional information

This request is specifically about separating trust policy for normal public message handling from trust policy for native slash/menu command surfaces on Discord. It is not primarily about removing commands; it is about making command access independently configurable from public chat access.