Affiliate Shield

Affiliate Shield auto-detects affiliate links in your subreddit and enforces your policy report, warn, or remove so mods spend less time hunting referral spam and more time moderating what matters.

Comment

Affiliate Shield

Detect affiliate links. Protect your community. Automate moderation.

Developed by JPrime · Source on GitHub

Inspiration

Affiliate links are everywhere on Reddit—buried in deal posts, product recommendations, and comment threads. A single Amazon tag= parameter or shortened URL can turn genuine advice into undisclosed promotion, and moderators often don't notice until members complain.

Most subreddits rely on manual review, regex in AutoModerator, or honor-system rules that are hard to enforce at scale. We built Affiliate Shield because mods deserve a tool that understands how affiliate links actually appear in the wild: Markdown, bare domains, obfuscated text, edited comments, and link shorteners—not just obvious https:// strings in post titles.

Our goal was simple: give communities a trustworthy, configurable guardrail that catches referral spam early without turning every mod into a link detective.

What it does

Affiliate Shield is a Devvit Web moderation app that scans posts and comments for affiliate and tracking links, then takes the action your subreddit configures.

Detection

  • Amazon tags, eBay affiliate params, known affiliate networks, URL shorteners, and generic tracking query strings
  • Plain URLs, Markdown links, bare domains, HTML body content, and obfuscated patterns ([dot], hxxps://)
  • Confidence scoring (low / medium / high) with configurable enforcement thresholds
  • Global blocklist plus per-subreddit allow/block lists

Automation

  • Scans on submit, create, edit, report, and AutoModerator filter events
  • Daily scheduled backfill scans and weekly mod digests
  • Strike-based escalation for repeat offenders, with decay over time

Moderation

  • Report, warn, remove, spam, lock, or scan-only—separately for posts, comments, and link-only posts
  • Compliance presets (strict commerce, report only, warn first, links banned)
  • Human-in-the-loop mode that downgrades harsh actions to mod reports
  • Mod menu tools: deep thread scan, appeal & whitelist, approve content, clear strikes
  • User-facing link self-check (no action taken)

Visibility

  • Inline splash dashboard with scan stats, top domains, and recent activity
  • Mod mail and optional Discord/Slack webhook notifications on matches
  • Redis-backed audit log for moderation transparency

How we built it

Affiliate Shield is a full-stack Devvit Web application:

Layer Stack
Frontend React 19, Tailwind CSS 4, Vite
Backend Node.js 22, Hono, serverless Devvit runtime
Storage Redis (audit logs, strikes, dedup, retry queue, temp whitelists)
Config devvit.json — 40+ subreddit settings, triggers, menu items, scheduler tasks

Architecture

src/
  shared/     Detection engine, types, compliance presets, unit tests
  server/
    core/     Scan pipeline, moderation, settings, eligibility, webhooks
    routes/   Triggers, mod menu, scheduler, API, settings validation
  client/     Splash dashboard (inline entrypoint)

The scan pipeline resolves optional short URLs, merges temporary domain whitelists, runs affiliate detection, filters by confidence and eligibility, applies compliance presets, escalates via strikes, executes moderation actions, logs to Redis, and fires notifications. Failed actions land in a retry queue processed every 15 minutes.

End-to-end type safety flows from shared types through the server; the splash dashboard consumes a typed REST API for stats and self-check.

Challenges we ran into

Link extraction is messy. The same URL can appear twice from Markdown—once with a trailing ] from the label syntax and once clean from the link target. We had to normalize punctuation, tighten URL regex character classes, and dedupe by canonical hostname + path + query.

Devvit iframe constraints. External links don't behave like normal browser tabs—navigateTo is required for in-app navigation, while blob downloads and target="_blank" anchors don't work reliably inside Reddit's webview. We adapted the splash UI accordingly.

Balancing automation vs. trust. Aggressive auto-removal can frustrate good-faith users; too lenient and spam slips through. Compliance presets, human-in-the-loop mode, confidence thresholds, and per-network toggles let each subreddit tune the tradeoff.

Moderation API failures. Reddit API calls can fail transiently. We built a Redis sorted-set retry queue with exponential backoff so removals and reports aren't silently lost.

Settings complexity. With dozens of subreddit settings, we grouped policies into presets and validated domain lists, usernames, and numeric thresholds through dedicated settings endpoints.

Accomplishments that we're proud of

  • A production-ready mod tool with 12 event triggers, 11 mod menu actions, and 3 scheduled jobs—not a proof of concept
  • Smart detection that handles real Reddit content formats, not just laboratory URL strings
  • 40+ configurable settings including compliance presets, strike escalation, webhooks, and network-level toggles
  • A modern splash dashboard with self-check, weekly stats, domain breakdown, and activity feed
  • Thoughtful mod workflows: appeals, temporary domain whitelisting, strike clearing, and deep thread scans
  • Full type-check, lint, and unit test coverage on the detection engine
  • Built entirely on Devvit Web (no legacy Blocks API)—aligned with Reddit's current platform direction

What we learned

  • Affiliate spam on Reddit is format-diverse; detection must handle Markdown, edits, and obfuscation—not just naive string matching
  • Moderators want control knobs, not a black box: presets, confidence levels, and human-in-the-loop matter as much as raw detection accuracy
  • Devvit Web is a capable platform for serious mod tools—triggers, scheduler, Redis, menu actions, and client effects cover most automation needs
  • Shared types between client and server pay off quickly in a project with this many settings and API surfaces
  • Shipping inside Reddit's iframe teaches you to design UX around platform primitives (navigateTo, showToast) instead of assuming standard web behavior

What's next for Affiliate Shield

  • Richer detection — more regional Amazon domains, additional affiliate networks, and image/OCR link extraction
  • Mod review queue UI — inline dashboard to approve, appeal, or override matches without leaving the app post
  • Community reporting integration — surface Affiliate Shield results when users report "spam" or "affiliate link"
  • Cross-subreddit blocklist sharing — opt-in federation of known bad domains across installing communities

- AutoMod rule generator — one-click YAML snippets that complement (not replace) the app's scanning

Affiliate Shield · JPrime · BSD-3-Clause

Share this project:

Updates