feat: add starboard, permissions, memory, and rate limit config sections to web dashboard

[BillChirico]

Summary

Adds missing config sections to the web dashboard config editor that already exist in the bot backend.

New top-level sections

• Starboard — enabled toggle, channel ID, threshold, emoji, self-star toggle, ignored channels (comma-separated)
• Permissions — enabled toggle, admin role ID, moderator role ID, bot owners (comma-separated)
• Memory — enabled toggle, max context memories, auto-extract toggle

New moderation sub-sections

• Rate Limiting — enabled toggle, max messages, window seconds, mute thresholds and durations
• Link Filtering — enabled toggle, blocked domains (comma-separated)

Additions to existing sections

• Triage — added Status Reactions boolean toggle

Bonus fix

• Fixed pre-existing DeepPartial spread inference TS errors in all setDraftConfig updater callbacks by adding as GuildConfig casts

Files changed

• web/src/types/config.ts — new interfaces (StarboardConfig, RateLimitConfig, LinkFilterConfig, PermissionsConfig, MemoryConfig), updated ModerationConfig, TriageConfig, BotConfig, and ConfigSection
• web/src/components/dashboard/config-editor.tsx — new UI sections, updater callbacks, isGuildConfig updated

Checks

• tsc --noEmit: 0 errors in modified files (fixed pre-existing issues)
• biome check: 0 errors
• vitest run: 74 test files, 1538 tests passed

[coderabbitai]

Warning

Rate limit exceeded

@BillChirico has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 15 minutes and 0 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 7b5beaa and 6a78c97.

📒 Files selected for processing (5)

• README.md
• config.json
• tests/api/utils/configAllowlist.test.js
• web/src/components/dashboard/config-editor.tsx
• web/src/types/config.ts

📝 Walkthrough

Walkthrough

The PR expands the bot's configuration system by introducing new configuration sections (starboard, permissions, memory) and nested features (rate limiting and link filtering under moderation), updating the type definitions, allowlist validation, and dashboard editor UI accordingly.

Changes

Cohort / File(s)	Summary
Config Allowlist Updates src/api/utils/configAllowlist.js	Expanded SAFE_CONFIG_KEYS to include starboard, permissions, and memory; adjusted READABLE_CONFIG_KEYS to reflect these additions.
Type Definitions web/src/types/config.ts	Added new interfaces for RateLimitConfig, LinkFilterConfig, StarboardConfig, PermissionsConfig, and MemoryConfig; extended ModerationConfig, BotConfig, and TriageConfig with new optional properties and ConfigSection union type.
Dashboard Editor UI web/src/components/dashboard/config-editor.tsx	Extended editor with new top-level sections and controls for starboard, permissions, memory, plus rate limiting and link filtering under moderation; added parseNumberInput utility, state handlers, patch logic, and validation for new fields.

Possibly related PRs

• VolvoxLLC/volvox-bot PR 83: Directly related as it introduced the SAFE_CONFIG_KEYS and READABLE_CONFIG_KEYS constants; this PR expands those sets with the new configuration sections.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: adding starboard, permissions, memory, and rate limit config sections to the web dashboard.
Description check	✅ Passed	The description comprehensively explains the new sections, sub-sections, bonus fixes, and files changed, directly relating to the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/config-editor-sections

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @BillChirico's task in 2m 35s —— View job

---

Review of PR #100 — 2 warnings, 2 nitpicks

• Read AGENTS.md for project conventions
• Read all changed files and understand the diff
• Review code quality, architecture, and patterns
• Review types and interfaces
• Review config editor component
• Review config allowlist and tests
• Check config.json and README docs
• Post inline comments for specific issues
• Submit review verdict

---

Most issues from previous review rounds have been fixed in the latest commits (parseNumberInput min mismatch, allowedCommands type, nullable role IDs, 401 throw, config.json starboard defaults, modRoles field, allowlist test coverage, README starboard/permissions docs).

Remaining issues:

#	Severity	Issue	Location
1	🟡 Warning	Missing config-editor tests for parseNumberInput and isGuildConfig	config-editor.tsx:38
2	🟡 Warning	Missing memory config docs in README	config.ts:132 / README.md
3	🔵 Nitpick	statusReactions toggle has no backend consumer	config.ts:161
4	🔵 Nitpick	Integer fields accept decimals (missing step={1})	config-editor.tsx:694

See inline comments for details and fix instructions.

[greptile-apps]

Greptile Summary

Adds starboard, permissions, memory, and rate limit/link filter configuration sections to the web dashboard. The implementation is mostly solid with comprehensive types, consistent use of the parseNumberInput helper, and proper backend allowlist updates.

Key additions:

• New top-level config sections: starboard, permissions, memory
• New moderation sub-sections: rate limiting, link filtering
• Status reactions toggle for triage
• Fixed pre-existing TypeScript DeepPartial errors with type assertions

Critical issues:

• Starboard backend module doesn't exist yet - users can configure it but the bot won't act on it
• statusReactions field added to UI but not implemented in backend triage module
• Permissions section missing three fields (usePermissions, allowedCommands, modRoles) that exist in backend and type definitions

Minor improvements needed:

• Integer input fields should include step={1} attribute to prevent decimal values in threshold, maxMessages, etc.

Confidence Score: 2/5

• Requires attention before merge - adds UI for features without backend implementation
• Score reflects two critical gaps: (1) starboard configuration can be saved but has no backend module to process it, allowing users to configure a non-functional feature, and (2) statusReactions field similarly has no backend implementation. Additionally, the permissions section is missing three fields that exist in the backend, preventing users from configuring command-level permissions.
• Pay attention to src/api/utils/configAllowlist.js (starboard has no backend), web/src/types/config.ts (statusReactions unused), and web/src/components/dashboard/config-editor.tsx (missing permissions fields, needs step attributes)

Important Files Changed

Filename	Overview
web/src/types/config.ts	Added comprehensive type definitions for starboard, permissions, memory, rate limit, and link filter configs. Types are well-structured and match backend expectations, but some fields not exposed in UI.
web/src/components/dashboard/config-editor.tsx	Added UI sections for starboard, permissions, memory, rate limit, and link filter. Uses parseNumberInput helper consistently, but missing step={1} on integer inputs and some permission fields not exposed.
src/api/utils/configAllowlist.js	Added starboard, permissions, and memory to SAFE_CONFIG_KEYS. Correctly moved them from READABLE_CONFIG_KEYS. However, starboard backend implementation doesn't exist yet.
tests/api/utils/configAllowlist.test.js	Added test assertions for new config keys in both SAFE_CONFIG_KEYS and READABLE_CONFIG_KEYS. Tests are complete and correct.

_{Last reviewed commit: 6a78c97}

[greptile-apps]

_{6 files reviewed, 16 comments}

_{Edit Code Review Agent Settings | Greptile}

[claude]

Review Summary — 2 warnings, 3 nitpicks

🟡 Warnings:

1. PermissionsConfig type mismatch (config.ts:119-123): adminRoleId and moderatorRoleId typed as string but backend config.json defaults them to null. Should be string | null.
2. Number inputs accept invalid values (config-editor.tsx, all new number inputs): onChange handlers don't enforce the min constraint — negative/zero values pass through. Add if (num < 1) return; after isFinite checks.
3. Missing tests (config-editor.tsx): No tests added for new sections. AGENTS.md requires tests for all new code.

🔵 Nitpicks:
4. Stale JSDoc (config-editor.tsx:34-36): isGuildConfig comment lists 5 sections but code checks 8.
5. Incomplete PermissionsConfig type (config.ts:118-123): Missing usePermissions and allowedCommands fields from backend.

[claude]

Review Summary — 2 warnings, 1 nitpick (+ 1 carried-forward warning)

🟡 Warnings:

1. allowedCommands type mismatch (config.ts:124): Record<string, string[]> should be Record<string, string>. Backend config.json and permissions.js use single-string values, not arrays.
2. Number inputs missing min enforcement (config-editor.tsx:697-776, 1187-1192): Rate limit + memory inputs still use the old inline pattern that doesn't enforce min. The parseNumberInput helper was added but only applied to starboard threshold.
3. Missing tests (config-editor.tsx): No test file exists. AGENTS.md requires tests for all new code.

🔵 Nitpick:
4. statusReactions not in backend (config.ts:160): Not referenced anywhere in src/.

AI fix prompt (copy-paste into an AI agent)

Fix the following issues in the feat/config-editor-sections branch of VolvoxLLC/volvox-bot:

1. web/src/types/config.ts line 124: Change allowedCommands: Record<string, string[]> to allowedCommands: Record<string, string>. The backend config.json maps command names to single permission level strings ("everyone", "admin", "moderator"), not arrays.

2. web/src/components/dashboard/config-editor.tsx lines 697-776 and 1187-1192: Replace all inline number parsing in rate limit onChange handlers and the memory maxContextMemories onChange handler with the existing parseNumberInput helper. Pattern to use:

onChange={(e) => {
  const num = parseNumberInput(e.target.value, 1);
  if (num !== undefined) updateRateLimitField("fieldName", num);
}}

Apply this to: maxMessages, windowSeconds, muteAfterTriggers, muteWindowSeconds, muteDurationSeconds (all with min=1), and memory maxContextMemories (min=1).

3. Create test file web/tests/components/dashboard/config-editor.test.tsx (or .test.ts) with tests covering:
   • isGuildConfig recognizing new sections (starboard, permissions, memory)
   • parseNumberInput enforcing min/max constraints
   • New updater callbacks producing correct state
   • Rendering new sections with default config data

[claude]

Review Summary — 3 warnings, 1 nitpick

Most previously reported issues from the first two reviews have been addressed in commit 7b5beaa. A few items remain:

🟡 Warnings:

1. parseNumberInput min param mismatch (config-editor.tsx, 6 locations): All rate limit number inputs and memory maxContextMemories pass min=0 to parseNumberInput but have min={1} in the HTML attribute. This allows 0 to be saved, which is functionally invalid for these fields (0 messages, 0 seconds, 0 memories). Fix: change parseNumberInput(e.target.value, 0) to parseNumberInput(e.target.value, 1) on lines 698, 712, 728, 742, 756, and 1155.
2. Missing config-editor tests: No test file exists for config-editor.tsx. AGENTS.md states: "Any new code must include tests — PRs that drop coverage below 80% will fail CI." At minimum, isGuildConfig and parseNumberInput should be unit-tested.
3. Missing test assertions for new allowlist keys (tests/api/utils/configAllowlist.test.js): starboard, permissions, and memory were added to SAFE_CONFIG_KEYS but the test doesn't verify them. starboard is also missing from READABLE_CONFIG_KEYS assertions.

🔵 Nitpick:
4. statusReactions not in backend (config.ts:160): Field added to TriageConfig and UI, but src/modules/triage.js doesn't reference it. Consider adding a comment noting this is a planned feature.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

web/src/components/dashboard/config-editor.tsx (1)

240-245: ⚠️ Potential issue | 🟠 Major

401 save path can still fall through into normal completion UX.

On unauthorized responses, sendSection redirects but returns normally. The outer flow can still continue and show success/partial-save messaging before navigation completes.

Suggested fix

   const failedSections: string[] = [];
+  let redirectedToLogin = false;

   async function sendSection(sectionPatches: Array<{ path: string; value: unknown }>) {
     for (const patch of sectionPatches) {
       const res = await fetch(
         `/api/guilds/${encodeURIComponent(guildId)}/config`,
         {
@@
       if (res.status === 401) {
         // Abort all other in-flight requests before redirecting
+        redirectedToLogin = true;
         saveAbortController.abort();
         window.location.href = "/login";
-        return;
+        throw new Error("UNAUTHORIZED_REDIRECT");
       }
@@
   try {
     const results = await Promise.allSettled(
@@
     );
+
+    if (redirectedToLogin) return;

     const hasFailures = results.some((r) => r.status === "rejected");
@@
   } catch (err) {
+    if (redirectedToLogin) return;
     const msg = (err as Error).message || "Failed to save config";
     toast.error("Failed to save config", { description: msg });
   } finally {

Also applies to: 256-299

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@web/src/components/dashboard/config-editor.tsx` around lines 240 - 245, The
401 handling in sendSection (where saveAbortController.abort() and
window.location.href = "/login" are called) returns normally and allows outer
success/partial-save UX to run; after redirect you must stop further processing
by throwing or returning a rejected promise. Update the 401 branches in
sendSection (and the similar blocks later) to abort and then immediately throw
an Error (or return Promise.reject(new Error('Unauthorized'))) so callers don't
proceed to success/partial-save logic; use the same pattern in all 401 handling
spots to ensure the outer flow is terminated.

web/src/types/config.ts (1)

107-177: ⚠️ Potential issue | 🟠 Major

Documentation missing for new config sections in README.md

The PR adds three new configuration sections (starboard, permissions, memory) to the type definitions, but documentation is incomplete in README.md:

• permissions — documented ✓
• starboard — not documented (missing all fields: enabled, channelId, threshold, emoji, selfStarAllowed, ignoredChannels)
• memory — not documented (missing all fields: enabled, maxContextMemories, autoExtract)

Add config tables for the missing sections following the existing pattern in the Configuration section of README.md.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@web/src/types/config.ts` around lines 107 - 177, Add missing documentation
for the StarboardConfig and MemoryConfig types to README.md by adding two new
configuration tables in the Configuration section that follow the existing
pattern used for other sections (e.g., PermissionsConfig): create a "Starboard"
table documenting each field from StarboardConfig (enabled, channelId,
threshold, emoji, selfStarAllowed, ignoredChannels) with type, description, and
default/example values; create a "Memory" table documenting each field from
MemoryConfig (enabled, maxContextMemories, autoExtract) likewise; ensure these
sections mention where they appear in the UI/API (matching how other sections
like "permissions" are described) and include the corresponding ConfigSection
entries.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@web/src/components/dashboard/config-editor.tsx`:
- Around line 1093-1094: Normalize empty-string role IDs to null before updating
the config: when handling onChange for the inputs that call
updatePermissionsField("adminRoleId", ...) and
updatePermissionsField("moderatorRoleId", ...), convert e.target.value === '' to
null (or alternatively implement this coercion inside updatePermissionsField
itself) so the config stores null for cleared values instead of ''. Keep
disabled={saving} as-is.
- Around line 698-699: The positive-only inputs call parseNumberInput(..., 0)
which allows 0 despite the UI min={1}; update those calls to use
parseNumberInput(..., 1) so zero cannot be parsed/persisted, e.g. change the
parseNumberInput call paired with updateRateLimitField("maxMessages", ...) and
the other similar handlers to pass 1 as the minimum; apply this change for every
positive-only field referenced in the comment so parseNumberInput enforces a
minimum of 1.

---

Outside diff comments:
In `@web/src/components/dashboard/config-editor.tsx`:
- Around line 240-245: The 401 handling in sendSection (where
saveAbortController.abort() and window.location.href = "/login" are called)
returns normally and allows outer success/partial-save UX to run; after redirect
you must stop further processing by throwing or returning a rejected promise.
Update the 401 branches in sendSection (and the similar blocks later) to abort
and then immediately throw an Error (or return Promise.reject(new
Error('Unauthorized'))) so callers don't proceed to success/partial-save logic;
use the same pattern in all 401 handling spots to ensure the outer flow is
terminated.

In `@web/src/types/config.ts`:
- Around line 107-177: Add missing documentation for the StarboardConfig and
MemoryConfig types to README.md by adding two new configuration tables in the
Configuration section that follow the existing pattern used for other sections
(e.g., PermissionsConfig): create a "Starboard" table documenting each field
from StarboardConfig (enabled, channelId, threshold, emoji, selfStarAllowed,
ignoredChannels) with type, description, and default/example values; create a
"Memory" table documenting each field from MemoryConfig (enabled,
maxContextMemories, autoExtract) likewise; ensure these sections mention where
they appear in the UI/API (matching how other sections like "permissions" are
described) and include the corresponding ConfigSection entries.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d8e82c5 and 7b5beaa.

📒 Files selected for processing (3)

• src/api/utils/configAllowlist.js
• web/src/components/dashboard/config-editor.tsx
• web/src/types/config.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Greptile Review
• GitHub Check: claude-review

🧰 Additional context used

📓 Path-based instructions (2)

**/*.js

📄 CodeRabbit inference engine (AGENTS.md)

**/*.js: Use ESM modules only — use import/export, never require()
Use node: protocol for Node.js builtins (e.g. import { readFileSync } from 'node:fs')
Always use semicolons
Use single quotes for strings
Use 2-space indentation
No TypeScript — use plain JavaScript with JSDoc comments for documentation

Files:

• src/api/utils/configAllowlist.js

src/**/*.js

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.js: Always use Winston for logging — import { info, warn, error } from ../logger.js
NEVER use console.log, console.warn, console.error, or any console.* method in src/ files
Pass structured metadata to Winston logging calls (e.g. info('Message processed', { userId, channelId }))
Use custom error classes from src/utils/errors.js for error handling
Always log errors with context before re-throwing
Use getConfig(guildId?) from src/modules/config.js to read config
Use setConfigValue(path, value, guildId?) from src/modules/config.js to update config at runtime
Use splitMessage() utility for messages exceeding Discord's 2000-character limit
Use safeSend() wrapper for outgoing Discord messages to sanitize mentions and enforce allowedMentions

Files:

• src/api/utils/configAllowlist.js

🧠 Learnings (8)

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Update `config.json` documentation in README.md when adding new config sections or keys

Applied to files:

• web/src/types/config.ts

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Applies to **/*.js : No TypeScript — use plain JavaScript with JSDoc comments for documentation

Applied to files:

• web/src/components/dashboard/config-editor.tsx

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Applies to tests/**/*.js : Test files must achieve at least 80% code coverage on statements, branches, functions, and lines

Applied to files:

• web/src/components/dashboard/config-editor.tsx

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Any new code must include tests before being committed

Applied to files:

• web/src/components/dashboard/config-editor.tsx

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Applies to src/**/*.js : Use `setConfigValue(path, value, guildId?)` from `src/modules/config.js` to update config at runtime

Applied to files:

• web/src/components/dashboard/config-editor.tsx

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Applies to src/commands/*mod*.js : Send DM notifications to moderation targets *before* executing kicks/bans (once kicked/banned, users cannot receive DMs from the bot)

Applied to files:

• web/src/components/dashboard/config-editor.tsx

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Applies to src/modules/{ai,spam,moderation}.js : Per-request modules (AI, spam, moderation) should call `getConfig(interaction.guildId)` on every invocation for automatic hot-reload support

Applied to files:

• web/src/components/dashboard/config-editor.tsx

📚 Learning: 2026-02-25T02:39:33.506Z

Learnt from: CR
Repo: VolvoxLLC/volvox-bot PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T02:39:33.506Z
Learning: Applies to src/**/*.js : Use `getConfig(guildId?)` from `src/modules/config.js` to read config

Applied to files:

• web/src/components/dashboard/config-editor.tsx

🔇 Additional comments (3)

src/api/utils/configAllowlist.js (2)

7-16: Allowlist expansion is correct and aligned with the new config model.

Adding starboard, permissions, and memory to SAFE_CONFIG_KEYS is the right change to unblock API read/write for the new sections.

---

18-18: Readable keys derivation is a good anti-drift change.

Building READABLE_CONFIG_KEYS from SAFE_CONFIG_KEYS and appending 'logging' keeps allowlists consistent over time.

web/src/types/config.ts (1)

79-177: Type surface expansion is coherent with the new sections.

The added interfaces and union updates are internally consistent and map cleanly to the new dashboard sections/sub-sections.

[claude]

3 warnings, 2 nitpicks — see inline comments.

🟡 Warnings:

1. Missing config.json starboard defaults + README docs (config.ts:115): No starboard block in config.json — first save creates it from UI-hardcoded fallbacks. README missing config tables for starboard and memory.
2. Missing modRoles in PermissionsConfig (config.ts:125): Backend reads config.permissions?.modRoles but type omits it.
3. Missing config-editor tests (config-editor.tsx:51): No test file exists for parseNumberInput or isGuildConfig. AGENTS.md requires tests for all new code.

🔵 Nitpicks:
4. statusReactions has no backend consumer (config.ts:160): Toggle persists but bot won't act on it.
5. Integer fields accept decimals (config-editor.tsx:694): Count-based inputs missing step={1}.

[claude]

Review Summary — 2 warnings, 2 nitpicks

Most issues from previous review rounds (parseNumberInput min mismatch, allowedCommands type, nullable role IDs, 401 throw, config.json starboard defaults, modRoles field, allowlist test coverage, README starboard/permissions docs) have been fixed in the latest commits. Well done on addressing feedback iteratively.

🟡 Warnings:

1. Missing config-editor tests (config-editor.tsx:38): No test file exists for parseNumberInput or isGuildConfig. AGENTS.md requires tests for all new code.
2. Missing memory config docs in README (config.ts:132): README has config tables for starboard and permissions but not memory. AGENTS.md requires documenting new config sections.

🔵 Nitpicks:
3. statusReactions not consumed by backend (config.ts:161): Toggle persists but src/modules/triage.js doesn't reference it.
4. Integer fields accept decimals (config-editor.tsx:694): Count-based inputs missing step={1} HTML attribute.

AI fix prompt (copy-paste into an AI agent)

Fix the following issues on the feat/config-editor-sections branch of VolvoxLLC/volvox-bot:

1. Create web/tests/components/dashboard/config-editor.test.ts (or .test.tsx) with unit tests covering:

   • isGuildConfig recognizing new sections (starboard, permissions, memory), rejecting arrays/nulls/non-objects
   • parseNumberInput enforcing min/max constraints (empty string → undefined, non-finite → undefined, below min → clamped to min, above max → clamped to max, valid → number)
     Note: isGuildConfig and parseNumberInput are module-private. Export them for direct testing or test indirectly.

2. README.md: Add a memory config reference table after the Permissions section, following the existing format:

   ### Memory (`memory`)
   | Key | Type | Description |
   |-----|------|-------------|
   | `enabled` | boolean | Enable AI context memory |
   | `maxContextMemories` | number | Maximum memories injected into AI context (default: 5) |
   | `autoExtract` | boolean | Automatically extract and store memories from conversations |

3. web/src/types/config.ts line 161: Add /** @todo implement in triage module */ comment above statusReactions.

4. web/src/components/dashboard/config-editor.tsx: Add step={1} to all count-based number inputs: maxMessages (line 694), muteAfterTriggers (line 723), starboard threshold (line 1018), maxContextMemories (line 1168).