#22397: fix: warn on IEEE-754 precision loss for large numeric owner IDs (fail closed)
size: XS
Cluster:
Discord and MS Teams Fixes
Related: #22284 (core senderIsOwner threading fix already merged in #22296)
## What this does
Discord snowflake IDs are ~10^18, which exceeds `Number.MAX_SAFE_INTEGER`. If someone stores
one as an unquoted number in their JSON config:
```json
{ "ownerAllowFrom": [1048693844750901359] }
```
...JavaScript's JSON parser silently rounds it to `1048693844750901400` before any of our code
runs. The rounded string doesn't match the real sender ID, so the user gets locked out of
owner-only tools with no indication of why.
This adds a `console.warn` in `resolveOwnerAllowFromList` when a numeric entry exceeds
`MAX_SAFE_INTEGER`, telling the user to quote it as a string. No attempt to silently compensate
for the bad config — matching fails closed, which is the correct security posture for owner
gating.
## Changes
- `command-auth.ts` — 8-line warn block in `resolveOwnerAllowFromList`
- `command-control.test.ts` — test asserting `senderIsOwner === false` for precision-lost IDs
Most Similar PRs
#19111: fix(config): warn on numeric IDs that lose precision
by Clawborn · 2026-02-17
68.5%
#19401: fix(ui): prevent precision loss when coercing large numeric strings...
by Operative-001 · 2026-02-17
68.1%
#19011: fix(discord): enforce owner checks for privileged message actions
by coygeek · 2026-02-17
67.8%
#22557: fix(discord): coerce exec approval approver IDs to string to preven...
by zwffff · 2026-02-21
64.8%
#22524: fix(doctor): preserve precision of large Discord snowflake IDs in -...
by jmasson · 2026-02-21
64.6%
#22022: fix: propagate senderIsOwner to agent loop
by alexalex89 · 2026-02-20
60.1%
#16828: fix(config): transform Discord user/role IDs to strings
by Limitless2023 · 2026-02-15
59.8%
#15759: discord: fix sender undefined type errors in message handler
by bniceley50 · 2026-02-13
59.4%
#12204: fix(discord): resolve numeric guildId/channelId pairs in channel al...
by mcaxtr · 2026-02-09
59.1%
#8648: fix: don't treat bare numeric Discord IDs as definitive target IDs
by dbottme · 2026-02-04
59.1%