fix(readme): correct OAuth permissions integer for thread + attachment usage

[chr1syy]

README-only change. Does not affect code or tests, but does require existing installs to re-invite the bot if a server has revoked thread/attachment permissions for @everyone (which is why this bug has been latent).

The bug

The documented invite URL granted Manage Messages but no thread permissions, even though the bot creates and sends to threads:

• src/handlers/messageCreate.ts:75 — (message.channel as TextChannel).threads.create(...) for mention-triggered threads
• src/commands/session.ts:99 — parentChannel.threads.create(...) for /session new
• src/handlers/messageCreate.ts:96 — thread.send({ files: [...] }) to re-upload attachments

Today the bot works on most Discord servers because Create Public Threads, Send Messages in Threads, and Attach Files are granted to @everyone by default. A server that has revoked any of those for @everyone would break the bot's /session new and mention flow on a fresh install.

The fix

Permission integer: 11344 → 309237681232

Bit	Value	Permission	Change	Why
4	16	Manage Channels	keep	Create/delete agent channels
6	64	Add Reactions	keep	⏳/🎧 indicators
10	1024	View Channel	keep
11	2048	Send Messages	keep
13	8192	Manage Messages	drop	No longer used; PR #22 replaced reaction.remove() with reaction.users.remove()
15	32768	Attach Files	add	Re-upload attachments to threads
35	34359738368	Create Public Threads	add	/session new + mention-triggered threads
38	274877906944	Send Messages in Threads	add	Sending to threads

Total: 16 + 64 + 1024 + 2048 + 32768 + 34359738368 + 274877906944 = 309237681232

Also adds a one-line rationale next to each granted permission so future readers can audit the set against the code paths that use it.

Test plan

• grep confirms no in-tree usage of MANAGE_MESSAGES, messages.delete, reactions.removeAll, pin, unpin.
• grep confirms threads.create is called and thread.send({ files }) is called.
• No code changes; full test suite is unaffected.
• Manual: invite the bot to a clean test server with the new URL, run /session new and post an attachment, verify both succeed.

🤖 Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@chr1syy has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 29 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8ced485c-6f06-4398-ba32-e4c6683105c3

📥 Commits

Reviewing files that changed from the base of the PR and between d3e67a9 and bd31de3.

📒 Files selected for processing (1)

• README.md

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/oauth-permissions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}