Documentation
How Guardiobot works.
A reference for server owners, community members, and developers.
Guardiobot is added through the server owner dashboard. You need Administrator permissions on the target server.
- Log in with Discord — go to the dashboard login and authorise with Discord OAuth2.
- Select your server — the dashboard lists all servers where you have Administrator permissions.
- Invite the bot — click Add Guardiobot. Discord will ask you to confirm the required permissions.
- Configure settings — set your log channel, verification channel, and feature toggles. The bot works with defaults immediately, but reviewing these is recommended.
Everything is configured through the server owner dashboard. Slash commands are for manual moderation actions only — not setup.
The bot starts working on four things the moment it joins — no additional setup required for these to be active:
Every message is scored for severity using the content detection engine. Severity 8–10 triggers automatic deletion and enforcement. Severity 5–7 creates a report for volunteer review.
Members who join go through verification and are checked against active cross-server punishments. Previously banned users are re-punished on join, even if banned in a different server.
Members can right-click any message → Apps → "Report to Guardiobot". The reporter's identity is hashed — volunteers cannot see who submitted a report.
Duplicate messages are caught by an in-memory sliding-window check. Detected spam is deleted and the user is muted for 5 minutes automatically.
When a new member joins, Guardiobot sends them a DM with a 6-digit code. They enter it in your verification channel. Then they answer a short maths challenge. Both steps must pass before the verified role is granted.
This two-factor approach stops most automated bot waves without being a barrier to legitimate users. If a member doesn't receive the DM, they can request the code again in the verification channel.
The verification DM requires that new members haven't blocked bots or disabled DMs from server members. Consider pinning a note in your verification channel explaining this.
These slash commands are available to server administrators and moderators directly in Discord:
| Command | Action |
|---|---|
/ban | Ban a user from the server |
/unban | Lift an existing ban |
/kick | Remove a user from the server |
/mute | Temporarily restrict messaging |
/unmute | Remove a mute |
/warn | Issue an official warning (logged) |
/warnings | View a user's warning history |
/purge | Bulk-delete messages from a channel |
/lock | Prevent all messages in a channel |
/unlock | Re-open a locked channel |
/check | Look up a user's classification, Rotector score, and punishment history |
Command responses can be set to ephemeral (only visible to the user who ran it) or public, configurable per server under Settings → Command Visibility in your dashboard.
- Right-click the message (or long-press on mobile) to open Discord's message action menu.
- Select "Apps" from the menu.
- Click "Report to Guardiobot" — a modal opens asking you to choose a category.
- Select a category and submit. You'll receive confirmation that the report was received.
Your identity is protected. Your Discord ID is hashed with SHA-256 before storage — the original ID is never written to the database. Volunteers cannot see who submitted a report.
| Category | Use for |
|---|---|
| Grooming & Exploitation | Soliciting personal info, age/location probing, off-platform redirect attempts, boundary-testing patterns |
| Harassment & Threats | Targeted harassment, direct threats, bullying, coordinated attacks |
| Sexual or Gore Content | Explicit or graphic content — auto-flagged NSFW, routed to age-verified volunteers only |
| Hate Speech | Content targeting protected characteristics: race, religion, gender, sexuality, disability |
| Scams & Phishing | Fraudulent links, crypto scams, fake giveaways, credential theft attempts |
| Spam | Repeated messages, mass pings, unsolicited promotional content |
| Self-Harm | Content encouraging or normalising self-harm or suicide |
| Other | Anything that doesn't fit but needs human review |
Every report enters a queue reviewed by Trust & Safety volunteers — not a bot. A volunteer claims the report, reviews the message and context, and takes one of these actions: warn, restrict, escalate to senior staff, or issue a removal. Enforcement decisions apply across the entire Guardiobot network.
- Immediate — you receive confirmation your report was received.
- Within 24 hours — a T&S volunteer claims and reviews the report.
- After action — the decision is recorded in the audit log. You won't receive the specific outcome, but actions are logged and reviewable.
Do not submit duplicate reports. Multiple reports for the same content don't speed up review — they create extra work for volunteers.
Guardiobot maintains a safety classification for users across the network based on verified offence history:
| Class | Risk level | Criteria |
|---|---|---|
| Class A | High | 5+ severe offences in a 6-month window |
| Class B | Medium | 2–4 severe offences in a 6-month window |
| Class C | Clean | No recent severe offences |
| Class D | GDPR deleted | Right to erasure exercised (Article 17) |
Class A and B users may be automatically blocked from joining servers depending on each server's configuration. If you believe you were classified incorrectly, you can submit an appeal through the server owner dashboard.
Appeals for classification decisions have a 6-month waiting period from the date of the triggering offence. If you believe the original action was factually incorrect (not just unfair), note that as grounds for expedited review.
For content involving immediate danger, illegal activity, or child sexual abuse material (CSAM):
- Report through the normal Guardiobot flow — CSAM and illegal content are highest priority and reviewed within 1 hour.
- Email abuse@guardiobot.org for urgent cases that need direct escalation.
- If someone is in immediate physical danger, contact emergency services in your country first.
- CSAM is reported by Guardiobot to the National Center for Missing & Exploited Children (NCMEC) in accordance with legal obligations.
For crisis lines and safety organisations by country, see our Emergency Resources page.
Every message goes through the following steps in sequence:
- Spam detection — duplicate messages sent rapidly are caught by an in-memory sliding-window check. No external calls, no latency. Match → delete + 5-minute mute.
- Content detection engine — non-spam messages are scored 1–10 using four methods: keyword matching, regex patterns, SHA-256 content hashes, and URL pattern matching. Runs locally, no external API dependency.
- Adaptive learning sample — a percentage of messages (configurable: 1%, 10%, or 50%) updates the community's behaviour model asynchronously. Doesn't affect detection speed.
- Severity-based action — score 8–10: automatic deletion + enforcement. Score 5–7: report created for volunteer review. Score 1–4: logged only.
Case-sensitive or insensitive, whole-word or substring. Obfuscation-resistant through character normalisation. Used for explicit language, slurs, and known threat phrases.
Pre-compiled regular expressions for complex multi-word patterns — escalation sequences, off-platform redirect attempts, structured solicitation flows.
SHA-256 fingerprints of known bad content. Exact-match detection that can't be fooled by rephrasing. Used for documented exploitation scripts and CSAM-adjacent text.
Domain and URL patterns checked against a safety database. Catches phishing links, scam redirects, and known malicious sites before members can click them.
Each server develops its own baseline behaviour profile over time. The system tracks five signals: message length, emoji frequency, link frequency, capitalisation rate, and mention frequency. As your server's normal posting style changes — events, staff changes, rebrands — the detection thresholds adjust, reducing false positives over time.
Server-specific overrides are also stored: words that are normal in your community can be whitelisted; terms that are particularly sensitive can be added to a custom blacklist. Both are managed through your dashboard.
Message samples are retained for 30 days, then automatically deleted. They are never used for any purpose other than improving detection accuracy for your server.
The anti-raid system monitors join events in real time and responds to coordinated attacks automatically.
- Join floods — abnormally high join rates trigger rate limiting and optional automatic lockdown.
- VPN/proxy detection — joining accounts using known VPN or proxy IPs are flagged. Requires third-party API keys (ProxyCheck, IPHub, or VPNAPI) configured in your dashboard.
- Alt-account detection — accounts with patterns consistent with alt behaviour are flagged for review.
- Account age enforcement — accounts created too recently can be automatically kicked or restricted. Threshold is configurable per server.
Lockdown mode can be triggered automatically when a raid is detected, or manually via /lock. While in lockdown, no new joins are processed. A moderator must manually lift it via /unlock or through the dashboard.
When a user is banned in one participating server, that ban is propagated to every other participating server automatically. Each server has a trust score. High-trust bans are auto-accepted. Lower-trust bans go to a manual review queue where a volunteer approves or rejects before enforcement.
Network participation settings are managed by Guardiobot's Management team — not by individual server owners. This is intentional, to prevent servers from being added to or removed from the network without oversight.
Enforcement also applies on join: when a user with an active cross-server punishment joins any protected server, the punishment is re-applied automatically. This closes the most common evasion path — leaving a banned server and joining another in the same network.
To join the network or adjust participation settings, contact Guardiobot via the support page or the Discord server.
All core protection features are free. Subscriptions unlock optional extras.
| Feature | Free | Community Manager $4.99/mo | Developer $6.99/mo |
|---|---|---|---|
| Content detection engine | ✓ | ✓ | ✓ |
| Anonymous reporting | ✓ | ✓ | ✓ |
| Anti-raid protection | ✓ | ✓ | ✓ |
| Member verification | ✓ | ✓ | ✓ |
| Cross-server network | ✓ | ✓ | ✓ |
| Server owner dashboard | ✓ | ✓ | ✓ |
| Punishment removal | — | ✓ | ✓ |
| AI chatbot (own API key) | — | ✓ | ✓ |
| API access | — | — | ✓ 60 req/min |
Subscriptions are managed through Stripe. To subscribe, go to the Subscription section in your server owner dashboard.
Community Manager subscribers can enable an optional AI conversation assistant in a designated channel. The bot uses the Claude AI model — but you provide your own Anthropic API key. Guardiobot does not hold a shared key and cannot access your usage or conversation logs.
- Go to Dashboard → AI Settings for your server.
- Enable the AI chatbot and select the channel it should respond in.
- Enter your Anthropic API key. The key is validated on save and stored encrypted (AES-256-GCM) — it is never logged.
Usage costs are billed directly by Anthropic against your API key — not through Guardiobot. You are responsible for monitoring your usage and spending limits in your Anthropic console.
Billing is handled by Stripe. To view invoices, update your payment method, or cancel your subscription, go to Dashboard → Subscription → Manage Billing. This opens the Stripe Customer Portal where all billing actions are handled.
Cancellations take effect at the end of the current billing period. Your server keeps access to paid features until then. If you cancel and re-subscribe, a new billing cycle starts from the date of re-subscription.
The public API is accessible via https://dashboard.guardiobot.org. Developer tier subscribers can generate API keys from Dashboard → API Keys. Each account can hold up to 5 active keys.
Authentication uses a Bearer token passed in the request header:
Authorization: Bearer gb_<your_key>
The rate limit for API key requests is 60 requests per minute. Exceeded limits return HTTP 429. Keys can be revoked at any time from the dashboard.
API keys are shown in full only at time of creation. The dashboard displays only the last 4 characters of each key thereafter. Store your keys securely.
The following public endpoints are available to Developer tier subscribers. All responses are JSON.
/api/v1/users/:discordId/classification
Returns the safety classification and basic summary for a Discord user ID.
Parameters:
| Name | In | Type | Description |
|---|---|---|---|
discordId | path | string | Discord user ID (17–20 digit snowflake) |
Example response:
{
"discordId": "123456789012345678",
"classification": "C",
"activeRestrictions": false,
"networkBanned": false
}
The API is intended for integrating Guardiobot data into your own tooling. Do not use it to build automated enforcement systems outside of Guardiobot — enforcement decisions must remain within the Guardiobot pipeline to preserve audit integrity.
| HTTP status | Meaning |
|---|---|
200 | Success |
400 | Bad request — check your parameters |
401 | Missing or invalid API key |
403 | Valid key but insufficient permissions (not Developer tier) |
404 | User not found in the Guardiobot database |
429 | Rate limit exceeded — 60 req/min |
500 | Internal server error — try again or contact support |
All error responses include a JSON body with a message field describing the issue.