security hardening

services/staffChannel.js

@@ -1,4 +1,5 @@
 const { CONFIG } = require('../config');
+const { enqueueSend } = require('./channelQueue');
 
 /**
  * Create a staff tracking channel for a ticket.
@@ -33,7 +34,7 @@ async function createStaffChannel(guild, ticket, claimerId, channelName) {
       .setFooter({ text: `Claimed by ${ticket.claimedBy || 'Unknown'}` })
       .setTimestamp();
 
-    const pinMsg = await staffChan.send({ embeds: [embed] });
+    const pinMsg = await enqueueSend(staffChan, { embeds: [embed] });
     await pinMsg.pin().catch(() => {});
 
     return staffChan;
@@ -50,7 +51,7 @@ async function pingStaffChannel(staffChannel, claimerId, originalMessage) {
   if (!staffChannel) return;
   try {
     const jumpLink = `https://discord.com/channels/${originalMessage.guild.id}/${originalMessage.channel.id}/${originalMessage.id}`;
-    await staffChannel.send(
+    await enqueueSend(staffChannel,
       `<@${claimerId}> Customer replied in ticket:\n> ${originalMessage.content.slice(0, 500)}\n[Jump to message](${jumpLink})`
     );
   } catch (e) {