Skip to content

Finish AntiLink Guard OSS: docs/, README rewrite, CHANGELOG v0.1.0 (Phase 9/9)#18

Merged
timeout187 merged 2 commits into
mainfrom
claude/antilink-modernize-repo-igiz8n
Jul 6, 2026
Merged

Finish AntiLink Guard OSS: docs/, README rewrite, CHANGELOG v0.1.0 (Phase 9/9)#18
timeout187 merged 2 commits into
mainfrom
claude/antilink-modernize-repo-igiz8n

Conversation

@timeout187

Copy link
Copy Markdown
Owner

Summary

Completes the AntiLink Guard OSS migration (previously merged through Phase 8 in #8). This PR adds the last two pieces:

  1. docs/ (9 pages) - getting-started, configuration, rules-engine, discord-setup, privacy, self-hosting, threat-model, api-reference, migration-from-old-antilink. Every command, type name, severity score, and behavioral claim was checked against the actual source rather than described from memory (e.g. the severity/threshold tables in rules-engine.md were verified against packages/core/src/classification/reasons.ts; the "no admin auto-bypass" claim was confirmed by reading policy-engine.ts's isBypassed function directly).
  2. README.md rewrite - tagline, badges, a problem statement, a Mermaid architecture diagram, quick start, Docker Compose, slash command examples, privacy/security section, and the required background note - explicit that this repo is only the open-source framework, with no affiliation to any hosted product sharing part of the name. No fabricated stars/downloads/adoption.
  3. CHANGELOG.md finalized for v0.1.0 - the original single-file bot's entry is retitled [0.1.0-legacy] to avoid a version-number collision with this rewrite's own v0.1.0, and a comprehensive [0.1.0] - AntiLink Guard OSS entry replaces the smaller, now-superseded Unreleased bullets from an earlier, incomplete modernization pass.

Verification

pnpm run build       ✅ (topological: core/storage → cli/discord-bot → apps)
pnpm run typecheck   ✅
pnpm run lint        ✅
pnpm run format:check ✅
pnpm run test        ✅ 202 passed, 1 skipped (MySQL contract tests - no local server; run for real in CI via a service container)

Recommended v0.1.0 release notes (for the GitHub Release, once tagged)

AntiLink Guard OSS v0.1.0

The first release of AntiLink Guard OSS - a self-hostable, TypeScript, open-source Discord anti-phishing and link-moderation framework, extracted from lessons learned running a moderation bot across 100+ servers.

  • Real link detection: defanged links, punycode, homoglyphs, markdown links, Discord invites - not a substring match.
  • A policy engine with four verdicts and a log → warn → delete → timeout enforcement ladder.
  • Four storage backends (memory/SQLite/MySQL/PostgreSQL) behind one interface.
  • All slash commands: /antilink, /allowlist, /blocklist, /invites, /logs, /testlink, /config.
  • A standalone antilink CLI and a minimal local dashboard.
  • Metadata-only audit logging - no message content is ever stored.

See docs/migration-from-old-antilink.md if you're running the previous single-file bot.

Recommended next issues/milestones

  • Slash commands for bypassRoleIds/bypassUserIds/channel exemptions (currently only settable via /config import or the storage API directly - see ROADMAP.md)
  • Configurable timeout duration (currently a fixed 10-minute default)
  • Re-scan on message edit (messageUpdate) - currently only messageCreate is scanned
  • A public, opt-in domain-reputation feed format for knownPhishingDomains
  • Structured audit-log filtering in dashboard-lite (by user/channel/verdict/date)
  • systemd/pm2 process-manager example for non-Docker deployments

🤖 Generated with Claude Code

https://claude.ai/code/session_01MivRFgabRtQs6GhpNM3wie


Generated by Claude Code

claude added 2 commits July 6, 2026 22:34
docs/getting-started.md      - clone through first blocked link, ~10 min path
docs/configuration.md        - the two configuration surfaces (per-guild DB
                                config via slash commands vs. the local
                                antilink.config.json used by the CLI) and
                                exactly which fields each one controls
docs/rules-engine.md         - the extraction -> classification -> policy
                                pipeline, the real severity/threshold tables
                                from packages/core, and the mode->action
                                matrix
docs/discord-setup.md        - Developer Portal steps, required permissions,
                                Message Content Intent, command registration
docs/privacy.md              - what's stored (and the AuditLogEntry type's
                                deliberate lack of a message-content field),
                                what's sent to Discord, operator responsibilities
docs/self-hosting.md         - bare Node vs Docker Compose, the three storage
                                backends and their env vars, updating, logging
docs/threat-model.md         - what's detected, what deliberately isn't
                                (zero-days, DMs, attachments, edited messages),
                                trust boundaries, and documented failure modes
docs/api-reference.md        - every package's actual public exports, pulled
                                directly from each src/index.ts
docs/migration-from-old-antilink.md - mapping this repo's own predecessor
                                (the pre-rewrite single-file bot, still in
                                git history) onto the new framework

Every command, type name, severity score, and threshold cited was checked
against the actual source rather than described from memory - e.g. the
severity table in rules-engine.md was verified against
packages/core/src/classification/reasons.ts, and the "no admin auto-bypass"
claim in discord-setup.md/migration-from-old-antilink.md was confirmed by
reading policy-engine.ts's isBypassed function.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01MivRFgabRtQs6GhpNM3wie
…r v0.1.0

README.md: complete rewrite - tagline, badges (license/Node/discord.js/pnpm/
TypeScript/CI/CodeQL), a problem statement contrasting real detection against
a naive substring-match anti-link bot, a Mermaid architecture diagram tracing
messageCreate and slash-command interactions through core's extraction/
classification/policy pipeline into storage, a quick start, Docker Compose,
slash command examples, a privacy/security section, and the required
background note connecting this project to production experience while
being explicit that this repo contains only the open-source framework - no
affiliation with any hosted product sharing part of the name. No fabricated
stars, downloads, or adoption numbers anywhere.

CHANGELOG.md: the original single-file bot's entry is retitled
[0.1.0-legacy] to disambiguate it from this rewrite's own v0.1.0 (both
would otherwise claim the same version number for two very different
things). Added a full [0.1.0] - AntiLink Guard OSS entry describing
everything shipped in this rewrite, replacing the now-superseded
Unreleased bullets from the repo's earlier, smaller modernization pass.

This closes out the full migration: pnpm monorepo, packages/{core,storage,
discord-bot,cli}, apps/{example-bot,dashboard-lite}, docs/, CI/CodeQL/
dependabot, and now the README/CHANGELOG to match. 202 tests pass; build,
typecheck, lint, and format are all clean across the whole workspace.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01MivRFgabRtQs6GhpNM3wie
@timeout187 timeout187 merged commit a5ba029 into main Jul 6, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants