DISCORD_ALLOW_BOTS has no effect without also adding the bot to DISCORD_ALLOWED_USERS

[alanjds]

Bug Description

DISCORD_ALLOW_BOTS=mentions (or all) has no practical effect because the authorization check in _is_user_authorized() runs before the bot filter in the Discord platform adapter, rejecting bot messages with Unauthorized user before the bot filter is ever reached.

Steps to Reproduce

1. Set DISCORD_ALLOW_BOTS=mentions in .env
2. Have a Discord bot/webhook user send a message that mentions the Hermes bot
3. Observe WARNING gateway.run: Unauthorized user: <bot_id> in the logs
4. Hermes does not respond

Expected Behavior

DISCORD_ALLOW_BOTS=mentions should be sufficient to allow bot messages that mention Hermes, without requiring the bot's user ID to also be in DISCORD_ALLOWED_USERS.

Actual Behavior

The authorization check in gateway/run.py:_is_user_authorized() rejects the message before the DISCORD_ALLOW_BOTS check in gateway/platforms/discord.py (line ~555) is reached.

Proposed Fix

In _is_user_authorized(), skip the allowlist check for bot messages when DISCORD_ALLOW_BOTS is set to mentions or all. Alternatively, move the bot filter check upstream before the authorization check, or have _is_user_authorized() return True for bots when the allow-bots policy permits it.

Environment

• Bazzite Linux, Hermes running inside Ubuntu Distrobox
• Discord gateway platform
• Triggered by a Cloudflare Worker webhook posting Notion events to a Discord channel

[johnbabu021]

when i configured discord to hermes i am not able to turn on the gateway
2026-04-01 21:39:47,844 WARNING gateway.run: Discord: discord.py not installed
2026-04-01 21:39:47,844 WARNING gateway.run: No adapter available for discord
2026-04-01 21:39:47,844 ERROR gateway.run: Gateway failed to connect any configured messaging platform: all configured messaging platforms failed to connect

[teknium1]

Fixed in #11606 — #11606

Your root-cause analysis was spot on. The Discord adapter's _is_user_authorized runs BEFORE the bot filter in on_message is what was dropping bot messages with 'Unauthorized user'. Fix reorders on_message (bot filter runs first), adds is_bot to SessionSource, and bypasses the gateway allowlist for bots permitted by DISCORD_ALLOW_BOTS=mentions/all.

Your Cloudflare Worker → Discord scenario should now work. Thanks for the crisp reproduction + the proposed fix direction — credit to you AND @gnanam1990 (who submitted the implementation).