Discord: guard message:received hook session keys

[webdevtodayjason]

Summary

Describe the problem and fix in 2–5 bullets:

• Problem: message:received internal hooks rely on SessionKey; when inbound context ends up with an empty/missing session key, hook dispatch is skipped.
• Why it matters: Discord guild traffic can still process normally while hook automations miss events.
• What changed: added a session-key guard in Discord inbound processing and a fallback in hook dispatch (SessionKey -> CommandTargetSessionKey).
• What did NOT change (scope boundary): no changes to routing policy, mention gating, or reply delivery behavior.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes message:received hook does not fire for Discord guild channel messages #31212
• Related #

User-visible / Behavior Changes

• Internal message:received hooks now still emit when inbound context has no SessionKey but has CommandTargetSessionKey.
• Discord inbound processing now guarantees a non-empty session key reaches dispatch by falling back to route session key.

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation:

Repro + Verification

Environment

• OS: macOS
• Runtime/container: Node 22 + Vitest
• Model/provider: n/a
• Integration/channel (if any): Discord + internal hooks
• Relevant config (redacted): n/a

Steps

1. Build inbound context where SessionKey is empty/missing.
2. Dispatch inbound message through dispatchReplyFromConfig.
3. Observe internal hook dispatch behavior.

Expected

• message:received internal hooks emit when a fallback session key exists.

Actual

• Before: skipped when SessionKey absent.
• After: emits using fallback CommandTargetSessionKey.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
  • pnpm exec vitest run src/auto-reply/reply/dispatch-from-config.test.ts src/discord/monitor/message-handler.process.test.ts
  • pnpm exec oxlint src/auto-reply/reply/dispatch-from-config.ts src/auto-reply/reply/dispatch-from-config.test.ts src/discord/monitor/message-handler.process.ts src/discord/monitor/message-handler.process.test.ts
• Edge cases checked:
  • Missing SessionKey + present CommandTargetSessionKey.
  • Discord derived session key empty fallback to route session key.
• What you did not verify:
  • Live Discord runtime against real gateway credentials.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps:

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: revert commit 0d76f9fbb.
• Files/config to restore:
  • src/auto-reply/reply/dispatch-from-config.ts
  • src/discord/monitor/message-handler.process.ts
• Known bad symptoms reviewers should watch for:
  • duplicate/missing message:received internal hook events.

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

• Risk: fallback session-key resolution could emit a hook in cases that previously skipped.
  • Mitigation: added focused regression tests for both fallback paths and left default behavior unchanged when no key is available.

[greptile-apps]

Greptile Summary

This PR fixes a bug where message:received internal hooks were being skipped when inbound context had an empty or missing SessionKey. The fix adds proper session key fallback mechanisms in two places:

• dispatch-from-config.ts: Falls back to CommandTargetSessionKey when SessionKey is missing/empty for internal hook dispatch
• message-handler.process.ts: Adds route.sessionKey as final fallback in the session key resolution chain and explicitly filters out empty/whitespace strings

The changes are well-tested with focused regression tests for both fallback paths. The logic correctly handles edge cases (undefined, empty strings, whitespace) and maintains backward compatibility by keeping default behavior unchanged when no valid session key is available.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - it's a focused bug fix with comprehensive test coverage
• The changes are well-contained, logically sound, and thoroughly tested. Both fallback mechanisms are straightforward additions that don't alter existing behavior when session keys are present. The PR adds two new test cases that specifically validate the fallback behavior, and the implementation correctly handles all edge cases (undefined, empty strings, whitespace).
• No files require special attention

_{Last reviewed commit: 0d76f9f}

[webdevtodayjason]

Superseded by #33038, which carries the same fix rebased on current main.