// automod
Automod
kesarAI ships a rule-based content filter that runs on every message in a guild. It's the deterministic counterpart to the AI-driven Autopilot scanner: where Autopilot grades content with a vision-and-language model, automod uses fixed patterns, thresholds, and counters that you can audit line by line.
Overview
Everything is off by default. A freshly-invited bot will not delete a single message until an administrator opens /automod and turns on at least one rule. Open the panel with:
/automod # server-wide configuration
/automod user:@TroubleMaker # per-user overridesThe command requires Discord Administrator or the automod mod permission (set via /modpanel). When invoked without a user, the server panel opens — toggles for each rule, modals to edit each rule's parameters, a role-picker for bypass roles, and editors for the penalty tiers and escalation ladder. When a user is supplied, the per-user override panel opens instead. Both panels write to disk immediately on every change.
Text rules scan more than just message.content. Embed titles, descriptions, footers, field names and values, sticker names, and attachment filenames are all scanned for banned words, links, and invites — so a rich embed posted via webhook with a slur in its description, or a file named raid-server.gif, gets caught. Shape-based rules (caps %, line limit, emoji count) still run on message.contentonly so a stylized embed doesn't inflate the metric and false-positive an innocent user.
By default, messages from bots and webhooks are skipped. Turn on Moderate Bots on the server panel to apply automod to webhook-posted content as well — useful when a bridge bot or webhook is being abused. The bot never moderates its own messages regardless of this flag.
Tip. Start with invite filter, mention limit, and flood detection. They're the three rules that pay off on day one for almost every server. Add the word-ban list when you have a real complaint to react to — pre-emptive wordlists turn into a maintenance burden fast.
The ten rules
Each rule is independently toggleable, has its own parameter modal, and reports its trigger phrase to the audit log when it fires. Rules run in a fixed order — per-user checks first, then server rules, then spam / duplicate detection, then the server-wide flood check. Reaction spam runs on a separate listener because Discord delivers reaction events independently of messages.
Word bansBlock specific words even when offenders try to obfuscate them.
A single entry for the slur 'nigger' also catches 'n1gg3r', 'n-i-g-g-e-r', and the spoiler-tag variant '||n||i||g||er' — the filter strips leetspeak, separator characters, Cyrillic look-alikes, markdown, and zero-width characters before matching. The same matcher also scans embed titles/descriptions, sticker names, and attachment filenames, so a banned word in a webhook-posted rich embed or a file called 'slur.png' is caught.
A second regex-pattern list is available for power users; each pattern is capped at 200 characters to keep the matcher safe from catastrophic backtracking. Broken patterns are flagged in the setup modal title (⚠ N broken) so admins notice typos.
Character filtersFour sub-checks: caps percentage, zalgo, emoji count, and character-run limit.
Caps fires when more than X% of the alphabetic characters are uppercase, and never on messages shorter than eight letters — 'OK' is fine, 'STOP TYPING LIKE THIS' triggers. Zalgo fires on three+ consecutive Unicode combining marks. Emoji counts both custom Discord emojis and Unicode symbols. The character-run check catches 'aaaaaaaaaaaaa' and '!!!!!!!!!!!!' — any single character repeated more than N times in a row (default 12, so 'looooool' is fine but long runs aren't).
Line limitVertical-spam guard — cap the number of lines per message.
Useful against ASCII-art floods and copy-pasted lyrics. Optionally counts whitespace-only lines so the trick of double-spacing doesn't slip through.
Flood detectionServer-wide rate limit for a single channel — designed for raids and coordinated spam.
Fires when N messages land in a channel within S seconds, regardless of who sent them or what they said. Content is ignored; this is a raid shield, not a content filter.
Reaction spamCatch users bombing reactions to bypass text rate limits or amplify pings.
Counts reactions per user across a rolling window (default 10 reactions in 30s). Three actions: warn, remove-the-offender's-reactions, or mute. Uses Discord's raw reaction event so it catches reactions to older, uncached messages too — a common evasion path.
Reaction violations feed the same escalation ladder as text violations, so a user who text-spams then reaction-spams climbs tiers in one shared count.
Invite filterStrip Discord invite links posted by non-staff members.
Matches discord.gg/<code>, discord.com/invite/<code>, and discordapp.com/invite/<code>. Scans message content AND embeds — a webhook-posted rich embed with an invite in its description is caught. An 'allow own invites' toggle lets your guild's own invite codes through automatically.
Fuzzy duplicate filterCatch near-duplicate messages from the same user — not just exact reposts.
Compares each new message against that user's last 20 messages using Python's SequenceMatcher. A similarity threshold of 0.85 catches 'check out this site!!! site.com' followed by 'check out this site! site.com' — the kind of reword shuffling a copy-paste spammer uses to dodge exact-match filters.
Spam detectionExact duplicate detection in a rolling window — the classic 'same message four times in a minute' guard.
Hashes each message and counts how many identical hashes a user has posted within the configured window (default 60 seconds). If the count crosses the threshold, the rule fires. Can be paired with the fuzzy filter for layered defence.
Link filterAllowlist or blocklist domains. Wildcards match every subdomain.
In blocklist mode, an entry for 'example.com' also blocks 'free.example.com' and 'gimme-money.example.com'. In allowlist mode, anything not on the list is removed — strict, useful for tightly-scoped servers. Like the other text rules, this scans embed text and attachment filenames in addition to message content.
Mention limitCap the combined user, role, and @everyone/@here mentions per message.
Catches the '@everyone-but-staff' style of group ping evasion where someone tries to chain six role mentions into one message. An @everyone or @here ping counts as one mention each, so a single '@everyone hi' is caught when the limit is zero.
Penalty system
When a rule fires, the message is always deleted first. Then automod decides what else to do, in one of three ways:
1. Per-user custom penalty (highest priority)
If the offending user has a custom_penalty set on their per-user override, that action and duration apply — full stop. Useful for serial offenders where you want to skip the usual tiered escalation and go straight to a fixed response.
2. Escalation ladder
For spam-category violations (spam, fuzzy duplicates, flood, reaction spam), automod can walk a configurable ladder of actions. Each tier has a trigger count; on the first violation a user lands on tier 1, on the second they move to tier 2, and so on. The counter resets to zero after one hour of clean behaviour. Past the last tier the action sticks — there's no auto-promotion to ban.
Escalation state persists across bot restarts. A user who reached tier 2 yesterday is still on tier 2 today — violations don't reset to zero just because the bot rebooted. The counters live in the same SQLite database that stores your guild config; nothing extra to set up.
The six actions you can put on a tier, from softest to hardest:
delete— Quietly remove the message. No notification, no role change.warn— Post a public warning embed in the channel naming the offender and the rule.mute— Discord native timeout for a configurable duration.slowuser— Apply a per-user per-channel slowmode via permission overwrites. Targeted, less blunt than a channel-wide slowmode.kick— Kick from the server. The offender can rejoin via invite.ban— Permanent ban. Stays in place until an admin lifts it.
3. Legacy three-tier system (fallback)
If escalation isn't configured, automod falls back to a simpler three-tier system tuned for non-spam rule fires (word bans, character filters, etc.):
- Tier 1 — warn (default).
- Tier 2 — 60-second timeout (default).
- Tier 3 — 300-second timeout (default).
Each tier has a configurable violation-count threshold and you can swap the action — including the ones used in the escalation ladder. Tiers are scanned from 3 → 1 descending, so the highest matching threshold wins.
Per-user overrides
Run /automod user:@Member to override any server setting for a single member. Override fields default to inherit (the value null in storage); an explicit value — even false, 0, or an empty list [] — counts as an active override.
Two common patterns:
- Tighten for a problem user. Drop their caps cap to 30%, set their mention limit to 1, and pre-set a
custom_penaltyofmute 1h. The next time they breach a rule they get the heavy hand instead of the warn-then-timeout escalation everyone else gets. - Loosen for a trusted user.Disable the link filter and bump the line limit so a community lore-poster doesn't get deleted every time they paste a 50-line worldbuild.
Bypass roles
The bypass-roles picker on the server panel takes up to ten roles. Any member who holds any of those roles is exempt from every rule — bypass is all-or-nothing, not per-rule.
Recommendation. Bypass should be your staff roles only. If you want a trusted-member role to skip some rules but not others (say, the link filter but not spam detection), use a per-user override on those members instead.
What gets logged
Every automod action lands in audit.db as an automod_<action> event under the Moderation category — automod_delete, automod_mute, automod_ban, and so on. Each entry records the target, the channel, the offence count, and the trigger phrase (first 200 characters of the offending content). See the audit log guide for the full retention and export model.
Automod does notDM the offender, and it does not post to a separate “automod log” channel — everything routes through the same logs cog as every other moderation event. If you want a real-time mirror of automod fires, point a logs mirror channel at the moderation category in /logs setup.