> ## Documentation Index
> Fetch the complete documentation index at: https://docs.katofficial.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Internal Anti-Nuke

> Protection against bot token theft via authorization windows

The Internal Anti-Nuke cog protects against **bot token theft**. If an attacker obtains the bot's token and sends API requests directly, those requests appear in the guild audit log attributed to the bot but have no matching authorization window — triggering an immediate guild leave.

## Authorization Windows

The cog maintains four types of authorization windows. Any match is sufficient to authorize an action:

| Window         | Duration         | Description                                                                                                                                                        |
| -------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Task window    | Duration of task | A recognized background task (e.g. `sync_bans_task`) is actively running. Covers all guilds globally while active.                                                 |
| Owner window   | 5 minutes        | A bot owner ran a command (prefix or slash, including jishaku) in this guild. A guild ID of `0` acts as a global owner window covering every guild simultaneously. |
| Command window | 60 seconds       | Any non-owner command was invoked in this guild.                                                                                                                   |
| Join window    | 10 minutes       | The bot just joined this guild, covering the flood of auto-bans and role creations during `on_guild_join`.                                                         |

## Monitored Audit Log Actions

The following actions are monitored. If the bot performs any of these outside an authorization window it immediately leaves the guild:

* `ban`
* `kick`
* `unban`
* `channel_delete`
* `role_delete`
* `guild_update`
* `webhook_create`
* `webhook_delete`
* `bot_add`

Actions such as `role_create`, `role_update`, `channel_update`, `member_update`, and `invite_create` are **not** monitored because the bot performs them legitimately and frequently (quarantine setup, mute roles, etc.).
