Detect bots.
Protect
your server.
Gait watches behavioral patterns — never message content — to detect automated and bot accounts. Built for server admins who want signal, not noise.
How it works
Four dimensions.
One score.
Gait computes a trust score between 0 and 1 from four behavioral dimensions. A minimum of 25 observed events is required before any account is scored.
How regular and mechanical is the timing of this account's activity? Bots operate on clocks; humans don't.
- Burst regularity — variance in message cluster timing
- Reply latency CV — coefficient of variation in response time
- Typing ratio CV — consistency of typing duration vs message length
Do message lengths and edit patterns show human variance? Automated accounts often produce suspiciously uniform output.
- Message length CV — variation in character count over time
- Edit rate — ratio of edits to original messages sent
Account history and identity signals. New accounts with randomised names and no avatars score lower.
- Account age — days since Discord account creation
- Username entropy — Shannon entropy of the username string
- Avatar presence — whether a custom avatar is set
Cross-server coordination and interaction graph analysis. Reserved for Phase 2 — currently neutral at 0.5.
- Cross-server presence patterns
- Interaction network clustering
- Coordinated join velocity
Permissions
What Gait
asks for and why.
Three of these are Discord Privileged Gateway Intents — you'll see them labelled in the authorisation flow. Here's exactly what each one enables.
| Permission | Why we need it | What it does NOT grant |
|---|---|---|
| Server Membersprivileged | Receive join and leave events to track account age at join, join velocity, and membership patterns across your server. | Access to member DMs, bans, roles, or any profile data beyond what is publicly visible. |
| Message Contentprivileged | Measure message length and edit timing. We record the length of a message in characters and whether it was edited — never the text itself. | Message text, attachments, links, or any semantic content. The content field is discarded immediately after length is measured. |
| Presenceprivileged | Observe activity state transitions (online → idle → offline) to detect unnaturally stable or clockwork presence patterns. | Rich presence data, game activity, Spotify status, or custom status text. |
| Send Messages | Post alert embeds to the channel you configure with /gait setchannel. | Access to any channel that is not the configured alert channel. |
| Embed Links | Render rich alert cards with score breakdowns and action buttons. | Ability to post in channels not already granted by Send Messages. |
| View Channels | Observe message and reaction events across channels that are visible to the bot role. | Access to private or restricted channels unless explicitly granted by your server's role configuration. |
| Kick Membersoptional | Only used when admin enables /gait mode auto-kick. Removes accounts that score confirmed_automated with confidence ≥ 0.7. Kicked users may rejoin. | Any action against accounts that haven't crossed the auto-action threshold, or any action when the mode is left at alert (the default). |
| Ban Membersoptional | Only used when admin enables /gait mode auto-ban. Bans accounts that score confirmed_automated with confidence ≥ 0.7. Reversal requires manual unban. | Any action against accounts that haven't crossed the auto-action threshold, or any action when the mode is left at alert (the default). |
Data transparency
Exactly what gets
sent to our API.
Gait never transmits message content, raw user IDs, or any personally identifiable information. All identifiers are anonymised before leaving your server.
- Anonymised user identifier (GIID) HMAC-SHA-256 hash of your guild ID + Discord user ID. Irreversible. Raw IDs never leave your server.
- Event type e.g. message_create, guild_join, reaction_add — no content, just the event kind.
- Message length Character count only. The message text itself is discarded immediately.
- Edit flag + edit latency Whether a message was edited, and how many seconds after posting.
- Reply latency Seconds between a message being sent and a reply being posted.
- Account age at join Age of the Discord account in days at the time they joined your server.
- Avatar presence Boolean: does this account have a custom avatar set?
- Username entropy Shannon entropy score of the username string — a measure of how randomised it appears.
- Message content The text of any message. Ever. Length is measured then the string is discarded.
- Raw Discord user IDs Snowflake IDs are hashed with HMAC-SHA-256 before transmission. The raw ID never reaches our API.
- Direct messages The bot only observes events in servers it has been invited to.
- Voice audio We record voice state changes (joined / left) but never audio data.
- Usernames or display names The username string is used only to compute entropy. The string itself is not stored.
- Email addresses or linked accounts We have no access to Discord account settings or OAuth data.
- IP addresses We receive no network-level data about your members.
The guild-specific salt is unique to your server and never shared. The two-stage hash means Gait cannot reverse-map a GIID to a Discord user, and your guild cannot reconstruct GIIDs without Gait's internal salt.
Setup
Two steps.
Five minutes.
No account, no dashboard, no API keys to manage. Everything is configured from inside Discord.
Invite the bot
Click the button below and authorise Gait for your server. The bot will appear in your member list and begin observing events immediately. No configuration needed to start collecting data.
→ Add to DiscordSet your alert channel
Run one slash command in the channel where you want to receive alerts. Gait will post a test message to confirm it's working.
/gait setchannel #your-channelOptional — fine-tune per server
Lower the alert threshold for stricter detection. Default is 0.45.
Automatically kick confirmed bots instead of alerting only.
Check the current trust score for any member on demand.
Mark a known-human account, overriding the score permanently.
Feedback loop
Accurate feedback
makes Gait sharper.
Every alert ships with one-tap action buttons. When admins with Manage Server confirm or correct an alert, Gait learns which signals separate real bots from real humans — and the score model improves for every server using it.
Tells Gait the signals that fired on this account were correct. Strengthens detection of similar patterns across all servers.
Tells Gait the alert was wrong. Just as valuable as confirmations — negative labels are how we cut down the false-alarm rate.
Action taken without a final verdict. Recorded as a moderate corroboration of the alert.
Permanently overrides the score for a known-good account and teaches Gait that this behavioral profile is human.
Why it matters
Phase 1 runs on a heuristic scorer — fixed rules with fixed weights. Phase 2 introduces a machine-learning model trained on the labels admins generate by clicking these buttons. The model can only become more accurate than the heuristic if the labels feeding it are accurate. Every honest click counts; rubber-stamping bot alerts that are actually humans makes Gait worse, not better.
Stay in the loop
Get updates
as Gait evolves.
Phase 2 — cross-server clustering and ML scoring — is in development. We'll email when it ships and when major detection updates land. No spam, no sharing, unsubscribe anytime.