(feat) Discord OAuth and verification

[evanjacobson]

Summary

#1354 with db migrations not breaking.

• there is zero diff between the other files and the previous PR

• Add Discord as an OAuth auth provider on the user profile page, using a separate Discord OAuth app (distinct from the existing bot)

• Add Discord guild membership verification — checks if the user is a member of the Kilo Discord server via the bot API

• Auto-verify guild membership when a user first links their Discord account; re-verify button available for non-members

• New DB migration adds discord_server_member and discord_server_member_at columns to kilocode_users

Verification

• pnpm typecheck — passes
• pnpm test — passes
• Link Discord account on profile page
• Guild membership auto-verifies after linking
• Re-verify button works for non-members
• Soft delete nullifies new Discord columns

Visual Changes

New "Discord Server Membership" card on the user profile page showing:

• Prompt to link Discord if not connected
• Green checkmark with verification date if user is a Kilo Discord member
• "Not a member" status with invite link and re-verify button otherwise

Loom (Kilo Team only)

https://www.loom.com/share/3512eb86ef38454d86c95fa7cbfc51f1

Other PRs for this feature

#1356

Reviewer Notes

• Discord OAuth app env vars (DISCORD_OAUTH_CLIENT_ID, DISCORD_OAUTH_CLIENT_SECRET) are separate from the existing bot token (DISCORD_OAUTH_BOT_TOKEN) — the bot token is used server-side for guild membership checks
• discord_provider_account_id was intentionally excluded from the getDiscordGuildStatus response to minimize API surface
• Guild check errors are caught and sanitized to avoid leaking internal details (rate limits, missing env vars) to the client

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (20 files)

• packages/db/src/migrations/0058_oauth_username_and_discord_verifications.sql
• packages/db/src/migrations/meta/_journal.json
• packages/db/src/schema-types.ts
• packages/db/src/schema.ts
• src/app/api/cloud-agent/sessions/prepare/route.test.ts
• src/components/auth/DiscordLogo.tsx
• src/components/profile/DiscordGuildStatus.tsx
• src/components/profile/LoginMethodsWrapper.tsx
• src/lib/auth/constants.ts
• src/lib/auth/provider-metadata.tsx
• src/lib/config.server.ts
• src/lib/integrations/discord-guild-membership.ts
• src/lib/token.test.ts
• src/lib/user.server.ts
• src/lib/user.test.ts
• src/lib/user.ts
• src/routers/user-router.ts
• src/tests/account-verification-redirect.test.ts
• src/tests/helpers/user.helper.ts
• src/tests/multi-auth.test.ts

---

_{Reviewed by gpt-5.4-20260305 · 922,964 tokens}