feat: add moderation command suite (v2.0.0)

.gitignore

@@ -21,6 +21,10 @@ data/*
 # Test and coverage outputs
 coverage/
 
+# Specs (tracked outside repo)
+.specs/
+
 # Verification scripts
 verify-*.js
 VERIFICATION_GUIDE.md
+

AGENTS.md

@@ -29,6 +29,7 @@
 | `src/modules/chimeIn.js` | Organic conversation joining logic |
 | `src/modules/welcome.js` | Dynamic welcome message generation |
 | `src/modules/spam.js` | Spam/scam pattern detection |
+| `src/modules/moderation.js` | Moderation — case creation, DM notifications, mod log embeds, escalation, tempban scheduler |
 | `src/modules/config.js` | Config loading/saving (DB + file), runtime updates |
 | `src/modules/events.js` | Event handler registration (wires modules to Discord events) |
 | `src/utils/errors.js` | Error classes and handling utilities |
@@ -37,6 +38,7 @@
 | `src/utils/retry.js` | Retry utility for flaky operations |
 | `src/utils/registerCommands.js` | Discord REST API command registration |
 | `src/utils/splitMessage.js` | Message splitting for Discord's 2000-char limit |
+| `src/utils/duration.js` | Duration parsing — "1h", "7d" ↔ ms with human-readable formatting |
 | `config.json` | Default configuration (seeded to DB on first run) |
 | `.env.example` | Environment variable template |
 
@@ -87,9 +89,31 @@ export async function execute(interaction) {
 }
 ```
 
-2. Commands are auto-discovered from `src/commands/` on startup
-3. Run `pnpm run deploy` to register with Discord (or restart the bot)
-4. Add permission in `config.json` under `permissions.allowedCommands`
+2. Export `adminOnly = true` for mod-only commands
+3. Commands are auto-discovered from `src/commands/` on startup
+4. Run `pnpm run deploy` to register with Discord (or restart the bot)
+5. Add permission in `config.json` under `permissions.allowedCommands`
+
+### Moderation Command Pattern
+
+Moderation commands follow a shared pattern via `src/modules/moderation.js`:
+
+1. `deferReply({ ephemeral: true })` — respond privately
+2. Validate inputs (hierarchy check, target vs. moderator, etc.)
+3. `sendDmNotification()` — DM the target (if enabled in config)
+4. Execute the Discord action (ban, kick, timeout, etc.)
+5. `createCase()` — record in `mod_cases` table
+6. `sendModLogEmbed()` — post embed to the configured mod log channel
+7. `checkEscalation()` — for warn commands, check auto-escalation thresholds
+
+Duration-based commands (timeout, tempban, slowmode) use `parseDuration()` from `src/utils/duration.js`.
+
+### Database Tables
+
+| Table | Purpose |
+|-------|---------|
+| `mod_cases` | All moderation actions — warn, kick, ban, timeout, etc. One row per action per guild |
+| `mod_scheduled_actions` | Scheduled operations (tempban expiry). Polled every 60s by the tempban scheduler |
 
 ## How to Add a Module
 
@@ -145,3 +169,8 @@ After every code change, check whether these files need updating:
 4. **DATABASE_URL optional** — the bot works without a database (uses config.json only), but config persistence requires PostgreSQL
 5. **Undici override** — `pnpm.overrides` pins undici; this was originally added for Node 18 compatibility and may no longer be needed on Node 22. Verify before removing
 6. **2000-char limit** — Discord messages can't exceed 2000 characters; use `splitMessage()` utility
+7. **DM before action** — moderation commands DM the target *before* executing kicks/bans; once a user is kicked/banned they can't receive DMs from the bot
+8. **Hierarchy checks** — `checkHierarchy(moderator, target)` prevents moderating users with equal or higher roles; always call this before executing mod actions
+9. **Duration caps** — Discord timeouts max at 28 days; slowmode caps at 6 hours (21600s). Both are enforced in command logic
+10. **Tempban scheduler** — runs on a 60s interval; started in `index.js` startup and stopped in graceful shutdown. Catches up on missed unbans after restart
+11. **Case numbering** — per-guild sequential and assigned atomically inside `createCase()` using `COALESCE(MAX(case_number), 0) + 1` in a single INSERT

README.md

@@ -12,6 +12,7 @@ AI-powered Discord bot for the [Volvox](https://volvox.dev) developer community.
 - **🎯 Chime-In** — Bot can organically join conversations when it has something relevant to add (configurable per-channel).
 - **👋 Dynamic Welcome Messages** — Contextual onboarding with time-of-day greetings, community activity snapshots, member milestones, and highlight channels.
 - **🛡️ Spam Detection** — Pattern-based scam/spam detection with mod alerts and optional auto-delete.
+- **⚔️ Moderation Suite** — Full-featured mod toolkit: warn, kick, ban, tempban, softban, timeout, purge, lock/unlock, slowmode. Includes case management, mod log routing, DM notifications, auto-escalation, and tempban scheduling.
 - **⚙️ Config Management** — All settings stored in PostgreSQL with live `/config` slash command for runtime changes.
 - **📊 Health Monitoring** — Built-in health checks and `/status` command for uptime, memory, and latency stats.
 - **🎤 Voice Activity Tracking** — Tracks voice channel activity for community insights.
@@ -145,9 +146,24 @@ All configuration lives in `config.json` and can be updated at runtime via the `
 
 | Key | Type | Description |
 |-----|------|-------------|
-| `enabled` | boolean | Enable spam detection |
+| `enabled` | boolean | Enable moderation features |
 | `alertChannelId` | string | Channel for mod alerts |
 | `autoDelete` | boolean | Auto-delete detected spam |
+| `dmNotifications.warn` | boolean | DM users when warned |
+| `dmNotifications.timeout` | boolean | DM users when timed out |
+| `dmNotifications.kick` | boolean | DM users when kicked |
+| `dmNotifications.ban` | boolean | DM users when banned |
+| `escalation.enabled` | boolean | Enable auto-escalation after repeated warns |
+| `escalation.thresholds` | array | Escalation rules (see below) |
+| `logging.channels.default` | string | Fallback mod log channel ID |
+| `logging.channels.warns` | string | Channel for warn events |
+| `logging.channels.bans` | string | Channel for ban/unban events |
+| `logging.channels.kicks` | string | Channel for kick events |
+| `logging.channels.timeouts` | string | Channel for timeout events |
+| `logging.channels.purges` | string | Channel for purge events |
+| `logging.channels.locks` | string | Channel for lock/unlock events |
+
+**Escalation thresholds** are objects with: `warns` (count), `withinDays` (window), `action` ("timeout" or "ban"), `duration` (for timeout, e.g. "1h").
 
 ### Permissions (`permissions`)
 
@@ -157,6 +173,60 @@ All configuration lives in `config.json` and can be updated at runtime via the `
 | `adminRoleId` | string | Role ID for admin commands |
 | `allowedCommands` | object | Per-command permission levels |
 
+## ⚔️ Moderation Commands
+
+All moderation commands require the admin role (configured via `permissions.adminRoleId`).
+
+### Core Actions
+
+| Command | Description |
+|---------|-------------|
+| `/warn <user> [reason]` | Issue a warning |
+| `/kick <user> [reason]` | Remove from server |
+| `/timeout <user> <duration> [reason]` | Temporarily mute (up to 28 days) |
+| `/untimeout <user> [reason]` | Remove active timeout |
+| `/ban <user> [reason] [delete_days]` | Permanent ban |
+| `/tempban <user> <duration> [reason] [delete_days]` | Temporary ban with auto-unban |
+| `/unban <user_id> [reason]` | Unban by user ID |
+| `/softban <user> [reason] [delete_days]` | Ban + immediate unban (purges messages) |
+
+### Message Management
+
+| Command | Description |
+|---------|-------------|
+| `/purge all <count>` | Bulk delete messages (1–100) |
+| `/purge user <user> <count>` | Delete messages from a specific user |
+| `/purge bot <count>` | Delete bot messages only |
+| `/purge contains <text> <count>` | Delete messages containing text |
+| `/purge links <count>` | Delete messages with URLs |
+| `/purge attachments <count>` | Delete messages with files/images |
+
+### Case Management
+
+| Command | Description |
+|---------|-------------|
+| `/case view <case_id>` | View a specific case |
+| `/case list [user] [type]` | List recent cases with optional filters |
+| `/case reason <case_id> <reason>` | Update a case's reason |
+| `/case delete <case_id>` | Delete a case |
+| `/history <user>` | View full mod history for a user |
+
+### Channel Control
+
+| Command | Description |
+|---------|-------------|
+| `/lock [channel] [reason]` | Prevent @everyone from sending messages |
+| `/unlock [channel] [reason]` | Restore send permissions |
+| `/slowmode <duration> [channel]` | Set channel slowmode (0 to disable) |
+
+### Mod Log Configuration
+
+| Command | Description |
+|---------|-------------|
+| `/modlog setup` | Interactive channel routing with select menus |
+| `/modlog view` | View current log routing config |
+| `/modlog disable` | Disable all mod logging |
+
 ## 🛠️ Development
 
 ### Scripts

biome.json

@@ -1,14 +1,7 @@
 {
   "$schema": "https://biomejs.dev/schemas/2.3.14/schema.json",
   "files": {
-    "includes": [
-      "src/**/*.js",
-      "tests/**/*.js",
-      "!node_modules/**",
-      "!coverage/**",
-      "!logs/**",
-      "!data/**"
-    ]
+    "includes": ["src/**/*.js", "tests/**/*.js", "!node_modules", "!coverage", "!logs", "!data"]
   },
   "linter": {
     "enabled": true,

config.json

@@ -32,7 +32,31 @@
   "moderation": {
     "enabled": true,
     "alertChannelId": "1438665401243275284",
-    "autoDelete": false
+    "autoDelete": false,
+    "dmNotifications": {
+      "warn": true,
+      "timeout": true,
+      "kick": true,
+      "ban": true
+    },
+    "escalation": {
+      "enabled": false,
+      "thresholds": [
+        { "warns": 3, "withinDays": 7, "action": "timeout", "duration": "1h" },
+        { "warns": 5, "withinDays": 30, "action": "ban" }
+      ]
+    },
+    "logging": {
+      "channels": {
+        "default": null,
+        "warns": null,
+        "bans": null,
+        "kicks": null,
+        "timeouts": null,
+        "purges": null,
+        "locks": null
+      }
+    }
   },
   "logging": {
     "level": "info",
@@ -44,7 +68,22 @@
     "usePermissions": true,
     "allowedCommands": {
       "ping": "everyone",
-      "config": "admin"
+      "config": "admin",
+      "warn": "admin",
+      "kick": "admin",
+      "timeout": "admin",
+      "untimeout": "admin",
+      "ban": "admin",
+      "tempban": "admin",
+      "unban": "admin",
+      "softban": "admin",
+      "purge": "admin",
+      "case": "admin",
+      "history": "admin",
+      "lock": "admin",
+      "unlock": "admin",
+      "slowmode": "admin",
+      "modlog": "admin"
     }
   }
 }

src/commands/ban.js

@@ -0,0 +1,96 @@
+/**
+ * Ban Command
+ * Bans a user from the server and records a moderation case.
+ */
+
+import { SlashCommandBuilder } from 'discord.js';
+import { info, error as logError } from '../logger.js';
+import { getConfig } from '../modules/config.js';
+import {
+  checkHierarchy,
+  createCase,
+  sendDmNotification,
+  sendModLogEmbed,
+  shouldSendDm,
+} from '../modules/moderation.js';
+
+export const data = new SlashCommandBuilder()
+  .setName('ban')
+  .setDescription('Ban a user from the server')
+  .addUserOption((opt) => opt.setName('user').setDescription('Target user').setRequired(true))
+  .addStringOption((opt) =>
+    opt.setName('reason').setDescription('Reason for ban').setRequired(false),
+  )
+  .addIntegerOption((opt) =>
+    opt
+      .setName('delete_messages')
+      .setDescription('Days of messages to delete (0-7)')
+      .setMinValue(0)
+      .setMaxValue(7)
+      .setRequired(false),
+  );
+
+export const adminOnly = true;
+
+/**
+ * Execute the ban command
+ * @param {import('discord.js').ChatInputCommandInteraction} interaction
+ */
+export async function execute(interaction) {
+  try {
+    await interaction.deferReply({ ephemeral: true });
+
+    const config = getConfig();
+    const user = interaction.options.getUser('user');
+    const reason = interaction.options.getString('reason');
+    const deleteMessageDays = interaction.options.getInteger('delete_messages') || 0;
+
+    let member = null;
+    try {
+      member = await interaction.guild.members.fetch(user.id);
+    } catch {
+      // User not in guild — skip hierarchy check
+    }
+
+    if (member) {
+      const hierarchyError = checkHierarchy(
+        interaction.member,
+        member,
+        interaction.guild.members.me,
+      );
+      if (hierarchyError) {
+        return await interaction.editReply(hierarchyError);
+      }
+
+      if (shouldSendDm(config, 'ban')) {
+        await sendDmNotification(member, 'ban', reason, interaction.guild.name);
+      }
+    }
+
+    await interaction.guild.members.ban(user.id, {
+      deleteMessageSeconds: deleteMessageDays * 86400,
+      reason: reason || undefined,
+    });
+
+    const caseData = await createCase(interaction.guild.id, {
+      action: 'ban',
+      targetId: user.id,
+      targetTag: user.tag,
+      moderatorId: interaction.user.id,
+      moderatorTag: interaction.user.tag,
+      reason,
+    });
+
+    await sendModLogEmbed(interaction.client, config, caseData);
+
+    info('User banned', { target: user.tag, moderator: interaction.user.tag });
+    await interaction.editReply(
+      `✅ **${user.tag}** has been banned. (Case #${caseData.case_number})`,
+    );
+  } catch (err) {
+    logError('Command error', { error: err.message, command: 'ban' });
+    await interaction
+      .editReply('❌ An error occurred. Please try again or contact an administrator.')
+      .catch(() => {});
+  }
+}