dccodex can be run as a personal bot or as a shared bot. The security boundary is different for each mode.
Use this for public or shared deployments:
CODEX_BACKEND=openai
BOT_CREDENTIAL_MODE=user
BOT_FUNDING_MODE=shared
LOCAL_REPO_MODE=disabled
GITHUB_REPO_ACCESS=public
CREDENTIALS_MASTER_KEY=use-a-long-random-secretThis configuration means:
- other users do not use the host owner's Codex or OpenAI account
- each user must provide their own OpenAI API key
- local host directories are not exposed through repo linking
- private GitHub repos are not read through host-side GitHub credentials
Use this only for yourself or a trusted small group:
CODEX_BACKEND=cli
BOT_CREDENTIAL_MODE=host
LOCAL_REPO_MODE=allowlistIn this mode, allowed Discord users run through the host's local Codex CLI login.
Never commit:
.env- Discord bot tokens
- OpenAI API keys
data/data/user-credentials.jsondata/credentials.key- logs that include request content
If a Discord bot token was pasted into a chat, screenshot, terminal, or issue, rotate it in the Discord Developer Portal before publishing the repository.
When BOT_CREDENTIAL_MODE=user is enabled, dccodex stores each user's OpenAI API key encrypted at rest with AES-256-GCM.
Limits of this protection:
- it prevents plain-text disclosure from JSON files
- it does not protect against a compromised host
- the host operator can still control the running code
For production shared deployments, set CREDENTIALS_MASTER_KEY from the hosting environment. Do not rely on the generated local data/credentials.key if the deployment may move between machines.
Message Content Intent is optional. Keep it disabled unless you add features that need message content in surfaces where Discord does not expose it without the privileged intent.
Slash commands and message context menu actions are the preferred flow because they expose only the interaction payload Discord sends for that action.
Use conservative repo policy defaults for public hosts:
LOCAL_REPO_MODE=disabled
GITHUB_REPO_ACCESS=publicOnly use LOCAL_REPO_MODE=all or GITHUB_REPO_ACCESS=host on a trusted personal host.
Open a private advisory or contact the maintainer if you find a vulnerability. Avoid opening a public issue with live credentials, tokens, logs, or user data.