What it watches
Nobody should delete 5 channels in 60 seconds. Cap at 3/60s for most servers.
Mass role deletion is the classic nuke signature. Cap at 3/60s.
Even trusted mods shouldn’t ban 20 people in 5 minutes unless explicitly approved. Cap at 5/60s.
Same signature as bans but softer. Cap at 10/60s.
Mass webhook creation is the precursor to spam-dumping via webhooks. Cap at 3/60s.
How it detects the actor
Discord doesn’t tell your bot who performed most destructive actions directly. Guard reads the audit log every time an event fires and matches the event to the actor. This is how we know “@phished-admin deleted 7 channels” and not just “7 channels got deleted.”Punishments
When a user exceeds any quota, one of three things happens (your choice):- Strip roles — all their roles are removed. They keep their account but lose all admin power. Best default.
- Ban — permanent ban. Use this if you’re confident the account is compromised beyond recovery.
- Quarantine — move them to a dedicated
@Quarantinerole that blocks them from everything. Lets you investigate before committing to a ban.
Auto-revert
Optional. If the offender was banning or kicking people while over quota, Kovra automatically un-bans those users (they keep whatever roles they had). Channel and role deletes can’t be reverted — Discord doesn’t keep the data.Whitelist
- Whitelist roles — roles exempt from anti-nuke entirely (e.g. the bot owner role).
- Whitelist users — specific users exempt (the server owner should usually be on this list to avoid self-lockout).
- Ignore bots — default
true, since bots often make legitimate bulk changes.
Alert channel
Pick a channel. When anti-nuke fires, it posts:- Actor avatar + name
- Event type + count vs window
- What action was taken
- How many actions were auto-reverted