fix(policy): remove DELETE method from Discord preset

[dknos]

Summary

• Removes DELETE method from Discord policy preset
• Discord bots use GET/POST/PUT/PATCH for standard operations; DELETE is rarely needed and expands attack surface

Test plan

• Verify Discord bot operations (send message, read channels, add reactions) still work without DELETE
• Confirm no standard bot SDK calls require DELETE

Fixes #1433

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Restricted DELETE request access for the Discord integration to improve security and prevent unintended modifications.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 74dca6c4-3440-4783-9fbd-23d5a691b75d

📥 Commits

Reviewing files that changed from the base of the PR and between c99e3e8 and 05bee19.

📒 Files selected for processing (1)

• nemoclaw-blueprint/policies/presets/discord.yaml

💤 Files with no reviewable changes (1)

• nemoclaw-blueprint/policies/presets/discord.yaml

---

📝 Walkthrough

Walkthrough

The DELETE HTTP method allowance was removed from the Discord network policy preset for the discord.com:443 REST endpoint. Other HTTP methods (GET, POST, PUT, PATCH) and WebSocket/CDN access rules remain unchanged.

Changes

Cohort / File(s)	Summary
Discord Policy Security Fix nemoclaw-blueprint/policies/presets/discord.yaml	Removed the DELETE method permission from the discord.com:443 REST endpoint rule that applied to all paths (/**). Restricts overly permissive default behavior allowing deletion of Discord resources.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 DELETE is gone, hooray, hooray!
No more channels vanish in dismay,
The Discord preset now plays it safe,
With GET and POST to keep the grace,
A rabbit's code, precise and right! 🎯

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(policy): remove DELETE method from Discord preset' is clear and specific, directly describing the main change in the changeset.
Linked Issues check	✅ Passed	The PR directly addresses issue #1433 by removing the DELETE HTTP method from the Discord preset, which was identified as overly permissive and increasing attack surface.
Out of Scope Changes check	✅ Passed	The change is narrowly scoped to removing only the DELETE method rule from the Discord policy preset, with no unrelated modifications present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wscurran]

✨ Thanks for submitting this fix, which proposes a way to remove the DELETE method from the Discord policy preset to improve security by reducing unnecessary permissions.

---

Possibly related open issues:

• #1433 Discord Preset Allows DELETE Method on All Paths — Overly Permissive Default - IssueFinder - SN 11