Anti-Nuke
How detection works
Sliding time windows, per-executor tracking, cooldown.
For each watched action type, Auditer maintains an in-memory sliding window keyed by (guild, executor, action type). Every audit event adds a timestamp to the buffer; entries older than the window are discarded.
When the buffer length meets or exceeds the configured count, the response fires. A 10-second cooldown per (guild, executor) prevents the same response from firing repeatedly during an in-progress attack.
Example#
Channel deletes are configured at 3 in 10 seconds. A user deletes 4 channels in 6 seconds. After the third delete, the threshold is met, the response fires (e.g. strip all roles), and any further deletes by the same user are ignored for the next 10 seconds (since they have no roles anyway).
Whitelisted users and roles bypass detection entirely. Their actions are not counted. See the Whitelist article for guidance.