ModAAegis

An enterprise-grade, autonomous threat mitigation engine that provides Reddit moderators with a live velocity radar, heuristic user scanning, and 24/7 background spam defense.

Comment

Inspiration

Moderating massive, highly active subreddits is a 24/7 job, but moderators are human. When a targeted spam burst, bot brigade, or malicious actor hits a community at 3:00 AM, the damage is often done before a human can open the moderation queue. We realized there was a critical gap between detecting a high-velocity threat and definitively neutralizing it. We wanted to build an enterprise-grade, autonomous defense system that doesn't just passively flag content, but actively evaluates context, calculates risk, and deploys countermeasures in real time—even when the mod team is asleep.

What it does

ModAAegis is an Active Threat Radar and Neutralization Engine. It bridges the gap between monitoring and execution through three core systems:

The Ghost Autopilot: A background engine that monitors comment velocity in real time. If spam crosses a custom threshold, it autonomously locks the post and dispatches an emergency ModMail alert to the team.

Heuristic Threat Scoring: ModAAegis doesn't just count comments; it evaluates the user. It scans account age and karma on the fly. Brand-new accounts or those with negative karma receive a massive threat-weight multiplier, triggering the Autopilot faster for bot rings while ignoring trusted entities on a custom Allowlist.

Native Context Integration: We injected a "Scan User" button directly into Reddit's native comment overflow menu. Moderators can click this on any suspicious comment to instantly generate and receive a private intelligence report detailing the user's calculated risk level.

The Command Dashboard: A live, React-powered UI that surfaces one-click, RBAC-secured defense protocols (Lockdown, Purge & Ban) directly to the mod team during an active attack.

How we built it

ModAAegis was engineered using the bleeding-edge @devvit/web framework to ensure a strict separation between the client and server.

Backend: We utilized Hono for robust API routing and Reddit's native Redis implementation to maintain our live velocity telemetry streams.

Frontend: The dashboard is built in React, utilizing short-polling to visualize the Redis threat counter in real time without overwhelming the API.

Integration: We leveraged Devvit's native Settings API for community-specific configuration (thresholds and allowlists) and tapped directly into the onCommentSubmit webhook to power the Ghost Autopilot.

Challenges we ran into

Building on a new framework means hitting bleeding-edge edge cases.

Schema Validation Quirks: We encountered a silent Devvit CLI validation error when trying to register community settings. The legacy documentation referenced the installation key, but the new web framework strictly enforces the subreddit key in devvit.json. Identifying and resolving this undocumented shift was a major breakthrough.

The Database Trap: When building the Ghost Autopilot, we initially used a strict equality check (=== threshold) to trigger the lockdown. However, when we introduced Heuristic Threat Scoring (which adds +3 to the score for suspicious bots), the counter would skip over the exact threshold integer, causing the engine to fail silently. We engineered a "previous state" tracker to ensure the threshold trigger evaluates perfectly every time.

Ghost Accounts: We had to implement strict TypeScript guard clauses in our heuristic engine to prevent the entire app from crashing when attempting to scan a user who had been recently shadowbanned or deleted by Reddit administrators.

Accomplishments that we're proud of

We are incredibly proud of building a 100% functional, production-ready architecture with absolutely zero simulations. Beyond the core features, we are most proud of implementing Role-Based Access Control (RBAC) on our API routes. We ensured that even if a clever attacker sniffed the network traffic and found our /api/lockdown endpoint, the Hono backend intercepts the request, cross-references Reddit's live database to verify moderator clearance, and forcefully rejects unauthorized execution attempts.

What we learned

This project was a masterclass in modern cloud architecture and event-driven systems. We learned how to manipulate and strip complex JSON payloads from webhooks, how to manage state securely using Redis in a serverless environment, and how to seamlessly blend custom React interfaces with native platform UI hooks. Most importantly, we learned how to design software that handles failure gracefully through defensive programming and rigorous edge-case testing.

What's next for ModAAegis

Our immediate goal is to expand the Heuristic Engine. We plan to integrate native Machine Learning logic to perform real-time sentiment analysis on the spam bursts to differentiate between a passionate community debate and a malicious bot brigade. Furthermore, we aim to implement "Global Threat Intelligence," allowing instances of ModAAegis across different subreddits to share data, automatically pre-banning bot rings before they can spread across the platform.

Built With

Share this project:

Updates