Security model

Server authority, DataStore scoping, and immune ranks.

Server authority

Every command runs inside Server/Commands.lua. The client only dispatches intent over a typed RemoteFunction. Rank, target, and rate limits are checked on the server before any side effect.

DataStore namespaces

• Bans, mutes, warnings, global config, per-player preferences, and saved locations each use their own DataStore.
• The experience CreatorId is always Owner. Any stale ban row for the CreatorId is cleared on boot.

Immune ranks

• The experience CreatorId cannot be banned by AGMS.
• Owner-tier (level 6) accounts cannot be moderated by lower ranks.
• The CreatorId cannot be removed from the saved Admin list.

Webhooks

Discord webhook URLs live in ServerStorage StringValues, never in client-replicated code. Toggle individual log types from the Config page.

Addons

The AGMS_Addons folder accepts only ModuleScripts. No remote module loading.