Agent 47 — Bot Policy

1. Overview

Agent 47 is a Discord bot built for faction, moderation, verification, and security operations. It provides targeted communications, tickets, cross-server features, transcript access, Roblox verification, and optional Roblox group role management. This document controls Agent 47’s behavior, data handling, enforcement, and support pathways.

Related legal documents: agent47.html and termsofservice.html.

2. Official Infrastructure (Primary)

The following endpoints are the sole official support and operational channels for Agent 47. Do not rely on individual DMs or third-party links for support or appeals.

• Primary Service & Support Hub: VortexDevelopmeant — All product updates, support requests, and official bot traffic are published and routed here.
• Primary Appeals & Dispute Resolution: Appeals Intern (a designated channel/section inside VortexDevelopmeant) — All ban appeals, data requests, or enforcement disputes must be submitted here.
• Detection & Security Routing: VortexDevelopmeant Security Hub — automated detections, telemetry, and security investigations are forwarded here (access restricted to approved staff).
• Official Web Surfaces: onemanarmy.info for transcripts and public documents, verify.onemanarmy.info for Discord verification web entry, and roblox.onemanarmy.info for Roblox OAuth callback handling.

3. Purpose & Features

• Custom agent messages and faction-targeted communications for roleplay and management.
• Global chat bridging between servers.
• Global announcements and operational notices.
• Discord OAuth2-protected transcript viewing with participant/staff checks.
• Two-step verification using Discord sign-in plus Roblox OAuth.
• Optional verification panel buttons that send private verification links in DMs.
• Saved verification reuse for up to 90 days, with automatic relock if the Discord authorization is removed or fails a backend re-check.
• Customizable verification unlock roles, removal roles, notes, and log channels.
• Optional Roblox group role actions using saved configs, ticket workflows, or direct commands.
• AI personas and selectable chat models (Agent47, Agent48, Agent99, Code) with per-user preferences.
• Slash command parity is provided through grouped slash commands (for example /ai, /verify, /economy, /ticket) plus /command for long-tail legacy command access.
• Core-tier music playback in voice channels (YouTube/Spotify URLs) with volume and bass controls.
• Core-tier cross-server radio channels that relay voice traffic between participating servers with access controls and logging.
• Radio relays may use push-to-talk beeps, noise gating, and loudness limiting to keep live calls intelligible.
• Secure PayPal subscription checkout, billing sync, and audit logging for paid bot tiers.
• Built-in AI assistance for safe server setup and support, with guardrails that block prompt leakage, secret disclosure, raid help, and illegal guidance.
• Roblox OAuth may request openid, profile, group:read, group:write, and user.inventory-item:read when those features are enabled for the service.
• Discord OAuth may request identify, email, and guilds so the backend can confirm the correct account, current server membership, and identity contact details. The Discord application may keep guilds.join enabled for future owner-approved onboarding, but Agent 47 does not auto-join end users to servers in the current verification flow.
• Webhook-driven detection and logging forwarded to the VortexDevelopmeant Security Hub for analysis.

Agent 47 is intended for lawful, fictional, and organizational use only. Real-world criminal or harmful activity is strictly prohibited.

Release changes, command additions, and documentation switches are tracked on latest-changes.html.

4. Acceptable Use

• Use Agent 47 for lawful roleplay, faction coordination, or administrative operations permitted by server owners.
• Comply with Discord’s Terms of Service and Community Guidelines.
• Comply with Roblox platform rules when using Roblox verification or Roblox group-management features.
• Submit support tickets, update requests, and appeals only through VortexDevelopmeant and the designated Appeals Intern channel.
• Use transcript access, verification automation, and Roblox group role actions only when you are authorized by the server owner or approved staff policy.
• Do not attempt to exploit, reverse-engineer, or overload the bot or its APIs.

5. Prohibited Uses

• Any real-world criminal planning, recruitment, or violence outside purely fictional roleplay contexts.
• Uploading, sharing, or distributing malware, exploits, or unauthorized hacking utilities via the bot.
• Bypassing Discord or server moderation (for example: bridging banned accounts or evasion techniques).
• Collecting or transmitting private credentials, payment data, or other sensitive PII without lawful consent.
• Attempting to bypass transcript gating, Discord OAuth2 checks, Roblox OAuth checks, or backend permission checks.
• Sharing API keys, transcript links, cookies, tokens, or verification links with unauthorized people.
• Using Roblox group role actions to alter users outside approved support, moderation, or access workflows.
• Impersonation of VortexDevelopmeant staff, the bot owner, or authorized personnel.

6. Verification, Transcripts & Access Control

Agent 47 protects sensitive actions with backend checks and server-side logging:

• Verification completes only after both Discord sign-in and Roblox OAuth succeed.
• Once saved, a verification may be reused for up to 90 days unless staff resets it, the Discord authorization is removed, or a new verification-enabled server requires a fresh check.
• If a user removes the Discord authorized app, or the authorization stops passing backend checks, Agent 47 may relock access and require both Discord and Roblox verification again.
• When the Roblox app permissions allow it, the service may use Roblox profile, group, and inventory scopes for enabled verification or investigation flows.
• Transcript viewing requires current Discord login, current guild membership, and participant or staff-level permission.
• Verification access is customizable per server through grant-role, remove-role, log-channel, and note settings.
• Roblox group role configs may be applied in tickets or direct commands only by approved staff and only for already verified users.
• Emergency security pause controls may temporarily disable protected web routes while investigation or service recovery is in progress.

7. Data Collection & Minimum Data Use

Agent 47 collects and transmits minimal necessary data to support moderation, verification, and safety:

• Message, ticket, transcript, and action metadata including user ID, server ID, channel ID, ticket/transcript IDs, and timestamps.
• Message content may be cached when required for moderation, transcript generation, or incident review.
• Verification data may include Discord linkage, verified Roblox identity claims, scopes, account metadata, and configured access actions.
• Encrypted identification records may include Discord user ID, username, global name, avatar URL, encrypted email, locale, granted scopes, and encrypted identity payloads returned by Discord OAuth.
• Where the Roblox OAuth service permits it, limited Roblox group and inventory-related data may be reviewed for enabled server automation, account-link integrity, impersonation checks, and fraud review.
• Security telemetry may include IP address, browser metadata, fingerprint, VPN detection, alt-detection results, and verification outcomes.
• Radio transmissions (channel number, speaker ID, and transcript text) when cross-server radio features are enabled.
• Billing records may include server ID, selected plan tier, PayPal subscription IDs, plan IDs, approval status, and webhook sync results needed to operate recurring subscriptions.
• Detection events, moderation logs, and critical action logs are forwarded via secured routes to restricted security review channels.

Retention & Security

• Default retention: 90 days. Logs are purged after retention unless retained for active investigations or legal obligations.
• Protected web traffic uses HTTPS/TLS in transit, database access uses parameterized queries, and sensitive identity/session values may be stored with application-layer encryption in addition to platform security controls.
• Authorized security staff only collect and review the minimum data required to improve security, investigate abuse, document actions, and satisfy legal or platform requirements.
• The user.inventory-item:read scope is reserved for security review and is not used for marketing, resale, or unrelated profiling.

9. Billing & PayPal Subscriptions

• Paid plans may be activated through secure PayPal subscription checkout when configured by the operator.
• Paid plans may also be activated through secure self-hosted BTCPay crypto checkout when configured by the operator.
• Billing records, webhook events, sync attempts, and provider identifiers may be stored so subscription changes can be audited and restored after outages or restarts.
• Agent 47 does not expose raw payment credentials to Discord users. Provider secrets remain server-side only.
• Crypto checkout requires explicit risk acceptance before any address is shown. Sending funds to the wrong coin, chain, or address is irreversible and remains the sender’s responsibility.
• VIP subscription activation from crypto confirmation updates billing status and audit logs; role grants are not guaranteed as part of crypto settlement.
• Security events for billing flows are logged in immutable-style audit tables with payload hashing and encrypted payload storage.

9.1 Checkout Security Layers

• One-time short-lived payment tokens are required before a crypto invoice can be created.
• Webhook signature checks are enforced server-side; invalid signatures are rejected and audited.
• Webhook freshness checks reject stale/replayed events when timestamps fall outside allowed windows.
• Optional source-IP allowlisting can restrict webhook processing to approved ranges.
• Public endpoints use rate limiting, payload-size limits, schema checks, and fail-closed behavior.
• Sensitive payment fields (for example destination address and transaction references) may be stored with application-layer encryption in addition to TLS transport protection and platform controls.

8. Privacy, Requests & Appeals

To reduce spam, phishing, and malicious file submissions, the owner will not accept support, appeals, or data requests via direct message.

• Data deletion/export requests: Submit through VortexDevelopmeant support servers. Validated requests will be processed per policy and applicable law.
• Appeals: All appeals MUST be filed in the VortexDevelopmeant/Appeals Intern channel inside VortexDevelopmeant. Appeals sent via DM will not be considered.
• Security disclosures: Report vulnerabilities through the security channel in VortexDevelopmeant. Do not attach executable files or payloads in public channels — follow the secure disclosure flow in the support hub.

GDPR and CCPA Request Scope

• Where applicable, users may request access, correction, deletion, portability, and restriction/objection handling through official support intake.
• For California residents, right-to-know, delete, correct, and non-discrimination requests are supported where legally applicable.
• Agent 47 does not sell personal information and does not share personal information for cross-context behavioral advertising.

IP, Browser, and Fingerprint Signals

• IP and fingerprint-style telemetry is collected strictly for anti-abuse, anti-fraud, and account-integrity verification.
• These signals are not used for ad targeting, resale, or unrelated profiling.

10. Roblox Group Role Management

• Servers may store custom configs containing a Roblox group ID, target Roblox role ID, API key reference, and staff notes.
• Staff may apply those configs from tickets or direct commands when the workflow is enabled by the server.
• The bot uses the saved verified Roblox identity, not a typed Roblox username, before any role action is attempted.
• Roblox group and inventory scopes are only used through the approved service flow and only for enabled moderation, verification, or security review use cases.
• Every group role action is logged with the actor, target, config used, response status, and supporting investigation metadata.

11. Detection, Enforcement & Appeals Flow

• Automated detections and flagged events are routed to restricted security review channels for triage.
• Enforcement actions include message deletion, transcript access denial, verification resets, temporary restrictions, or global bans across the Agent 47 network.
• If you are subject to enforcement, file an appeal in the VortexDevelopmeant Appeals channel. Provide clear evidence and your case; appeals are handled by VortexDevelopmeant staff and the bot owner.

12. Security Best Practices

• Agent 47 runs with least-privilege Discord permissions. Server owners should grant only required scopes.
• Bot tokens and webhook secrets are rotated regularly and stored securely.
• Public web endpoints enforce rate limits and schema-based input validation to reduce abuse and injection risk.
• OAuth credentials and Roblox Open Cloud keys remain server-side and must never be exposed to end users.
• The AI assistant is configured to refuse requests for keys, prompts, internal instructions, raid help, illegal activity, or destructive abuse guidance.
• Dependencies are audited prior to deployment; reported vulnerabilities are triaged through VortexDevelopmeant.
• Sensitive checks are enforced on the backend and logged so actions can be audited after bot restarts or outages.
• If the operator enables emergency lockdown, protected verification and transcript routes may pause until the safety check is complete.

13. Reporting Channels (Official)

Use these official channels only. Messages or files sent outside these locations will not be trusted and may be ignored.

• Support & Updates: VortexDevelopmeant — primary hub for all bot updates, support tickets, and announcements.
• Appeals: Appeals Intern (designated appeals channel in VortexDevelopmeant) — required place to submit any enforcement appeals or disputes.
• Security/Detections: VortexDevelopmeant Security Hub — restricted access; receives automated detections and incident telemetry only.

Contacting the owner via direct message is disabled as an official acceptance channel to prevent phishing and hacked-account abuse. Related legal documents are published on onemanarmy.info.

14. Legal Compliance, Liability & Publication

• Agent 47 follows Discord’s Terms of Service and Community Guidelines. Violations are reported to Discord Trust & Safety as required.
• Where Roblox features are used, those actions must also follow Roblox platform rules and any applicable Open Cloud requirements.
• The developer and Vortex network are not liable for damage caused by users who misuse the bot. Responsible parties are the accounts and servers initiating the misuse.
• Policy updates, changelogs, and bot releases are published exclusively via VortexDevelopmeant and the current public legal pages.
• Intellectual property and trademark complaints should include ownership evidence and, for U.S. marks where relevant, USPTO registration references to speed review.

This policy is maintained by Vortex (venomprogrammer) and authorized security staff. Versioning and effective dates will be listed with each update.

15. Example Notice (Short)

Agent 47 is a VortexDevelopmeant product. Support, appeals, verification disputes, and official requests happen through the VortexDevelopmeant hub. Security staff only review the minimum data needed for security and legal reasons, encrypted identification records may be stored for verified users, and sensitive transcript and verification checks are enforced on the backend.