Skip to content

fix: whitelist admins from honeypot and make warning more prominent#33

Merged
DysektAI merged 2 commits into
mainfrom
honeypot-fixes
Jul 10, 2026
Merged

fix: whitelist admins from honeypot and make warning more prominent#33
DysektAI merged 2 commits into
mainfrom
honeypot-fixes

Conversation

@DysektAI

@DysektAI DysektAI commented Jul 10, 2026

Copy link
Copy Markdown
Member

User description

Summary

  • Whitelist members with an admin role so the honeypot can never ban/kick them, reusing the existing ADMIN_ROLE_ID config via the shared hasAdminRole helper (same one used by /wipe and /nuke).
  • Replace the subtle warning message with a prominent Discord heading so users clearly understand they will be banned instantly if they post in the channel.

Test plan

  • node --check syntax sweep passes for all JS files
  • npm test — all 9 tests pass
  • Honeypot tests confirm listeners register correctly and no-op when disabled
  • Manual: verify an admin posting in the honeypot channel is not punished
  • Manual: verify the new warning message renders as a heading in Discord

CodeAnt-AI Description

Keep admins safe in the honeypot channel and make the warning impossible to miss

What Changed

  • Members with an admin role are no longer deleted, banned, or kicked if they post in the honeypot channel
  • The honeypot warning now appears as a large, prominent heading that clearly says messages there will trigger an instant ban

Impact

✅ Fewer accidental admin bans
✅ Clearer honeypot warnings
✅ Less confusion when staff test the channel

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

Reuse the shared ADMIN_ROLE_ID config (via hasAdminRole) so members with
an admin role are never banned/kicked when posting in the honeypot
channel. Also update the warning message to a large heading so users
clearly understand the consequence of posting.
@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 52 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0953dbd8-b7b5-408f-ac5b-22478c0337e5

📥 Commits

Reviewing files that changed from the base of the PR and between 2f5351b and 9aa7294.

📒 Files selected for processing (2)
  • src/handlers/honeypotHandler.js
  • test/honeypot.test.js
📝 Walkthrough

Walkthrough

The honeypot handler now exempts members with admin roles from enforcement and replaces the honeypot warning with a marker-based ban warning.

Changes

Honeypot enforcement

Layer / File(s) Summary
Admin bypass and warning update
src/handlers/honeypotHandler.js
Adds an admin-role check that stops honeypot deletion and punishment, and updates the warning message wording.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly matches the main change: admin whitelisting for the honeypot and a more prominent warning.
Description check ✅ Passed The description is directly related to the code changes and test status in the pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch honeypot-fixes

Comment @coderabbitai help to get the list of available commands.

@codeant-ai codeant-ai Bot added the size:XS This PR changes 0-9 lines, ignoring generated files label Jul 10, 2026
Comment thread src/handlers/honeypotHandler.js Outdated
@kilo-code-bot

This comment was marked as resolved.

Comment thread src/handlers/honeypotHandler.js Outdated
@DysektAI
DysektAI merged commit c8265b8 into main Jul 10, 2026
10 of 11 checks passed
@DysektAI
DysektAI deleted the honeypot-fixes branch July 10, 2026 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:XS This PR changes 0-9 lines, ignoring generated files

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant