Secure command center for Discord bot operations.

The login route is live as part of the foundation shell. OAuth, guild checks, and role-aware session enforcement are the next implementation slice.

Server-side permission gates

Masked secrets by default

Audit-first

Every critical action leaves a trail

Access status

OAuth enabled

Sign in with Discord

Login now uses the real Discord OAuth2 authorization-code flow with guild membership checks and server-side session issuance.

Your session is missing or no longer valid. Please sign in again.

Required scopes: identify, email, guilds, and guilds.members.read. The callback stores Discord tokens encrypted and creates a signed app session.

Guardrails

No tokens or secrets are rendered anywhere in this route.
Route separation is already in place so public auth screens stay outside the operator shell.
Privileged app routes now require a signed session before rendering.