Upload 93 files

bot/cogs/__pycache__/admin.cpython-311.pyc

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4e65407e3a0ee2ebbaee76d78967fa971bfa4460c8922ad8f4b67abac8670f4e
-size 125088
+oid sha256:e270a16b470f278e4e28ec544b4f0d41f7cbd9b779e86c5895e69332c12a2c40
+size 128139

bot/cogs/__pycache__/ai_suite.cpython-311.pyc

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:a59d6c99f1b5da223c1cd0cc22d7e3d6200ea5f6c00df433181311389f2b584c
-size 142874
+oid sha256:87f01bf9a440357d17580e66c2efa381504f8bf1e56d21d7441c36247ea810cb
+size 147711

bot/cogs/__pycache__/events.cpython-311.pyc

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:58e4643fd664dcdb77bde357abcf03ef9507fb718cb6a8aa0a575b041c7a7102
-size 141527
+oid sha256:f44117d125c62595e8d6e4275e863dff84411cb9d94d3c2771ff7d0f03d10ecf
+size 141960

bot/cogs/__pycache__/media.cpython-311.pyc

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4a4041ede6a563d0c1605ccde48c9572c66d76bbbaa74f4a7e64abc807651d3a
-size 223657
+oid sha256:e2754334025d4695b6eb3daaf2e259b9733692c25e981f290c2434c627816f1d
+size 224730

bot/cogs/admin.py

@@ -904,10 +904,50 @@ class Admin(commands.Cog):
             "🛡️ Shield State",
             f"Current level: **`{level}`**\n"
             f"Profile: {profile}\n\n"
-            "Use `/shield_level low|medium|high` to change it.",
+            "Use `/shield_level low|medium|high` to change it.\n"
+            "Use `/shield_restrict <text>` to add custom restrictions.\n"
+            "Use `/shield_keywords <words>` to add strict trigger keywords."
         )
         await self._safe_ctx_send(ctx, embed=embed, ephemeral=bool(ctx.interaction))
 
+    @commands.hybrid_command(name="shield_restrict", description="Set custom AI shield restrictions")
+    @commands.has_permissions(manage_guild=True)
+    async def shield_restrict(self, ctx: commands.Context, *, restrictions: str) -> None:
+        """Tell the AI shield what to be strict on. Example: 'no crypto links, no dm requests'."""
+        if not ctx.guild:
+            await ctx.send("Server only.", ephemeral=True)
+            return
+        await self.bot.db.execute(
+            "INSERT INTO shield_settings(guild_id, level, custom_restrictions) VALUES (?, ?, ?) "
+            "ON CONFLICT(guild_id) DO UPDATE SET custom_restrictions = excluded.custom_restrictions",
+            ctx.guild.id, "medium", restrictions[:500],
+        )
+        embed = discord.Embed(
+            title="🛡️ Shield Restrictions Updated",
+            description=f"Custom restrictions set to:\n`{restrictions[:200]}`",
+            color=discord.Color.green(),
+        )
+        await ctx.send(embed=embed, ephemeral=True)
+
+    @commands.hybrid_command(name="shield_keywords", description="Add keywords that trigger instant shield action")
+    @commands.has_permissions(manage_guild=True)
+    async def shield_keywords(self, ctx: commands.Context, *, keywords: str) -> None:
+        """Add custom keywords for the shield. Example: 'crypto, investment, dm me, wallet, airdrop'."""
+        if not ctx.guild:
+            await ctx.send("Server only.", ephemeral=True)
+            return
+        await self.bot.db.execute(
+            "INSERT INTO shield_settings(guild_id, level, strict_keywords) VALUES (?, ?, ?) "
+            "ON CONFLICT(guild_id) DO UPDATE SET strict_keywords = excluded.strict_keywords",
+            ctx.guild.id, "medium", keywords[:500],
+        )
+        embed = discord.Embed(
+            title="🔑 Shield Keywords Updated",
+            description=f"Strict keywords set to:\n`{keywords[:200]}`",
+            color=discord.Color.green(),
+        )
+        await ctx.send(embed=embed, ephemeral=True)
+
     @commands.hybrid_command(name="econ_admin", description=get_cmd_desc("commands.admin.econ_admin_desc"))
     @commands.has_permissions(administrator=True)
     async def econ_admin(self, ctx: commands.Context, member: discord.Member, action: str, amount: int) -> None:

bot/cogs/ai_admin.py

@@ -67,6 +67,11 @@ class IntelligenceLayer:
 
 You receive natural language requests (Arabic, English, or mixed) and output ONLY a valid JSON array of actions. Do NOT include any other text.
 
+SAFETY & CONFIRMATION RULES:
+If the user requests a DESTRUCTIVE action (e.g., "delete messages"/"حذف الرسائل", "purge"/"مسح", "ban"/"حظر", "kick"/"طرد", "delete channel"), you MUST:
+1. Add `"requires_confirmation": true` to the action JSON object.
+2. In `"response_to_user"`, ask the user for confirmation (e.g., "⚠️ This will delete 50 messages in #general. Click Confirm to proceed." or "⚠️ سيتم حذف 50 رسالة. اضغط 'تأكيد' للمتابعة.").
+
 ═══════════════════════════════════════════════════════
 YOUR CAPABILITIES
 ═══════════════════════════════════════════════════════
@@ -880,6 +885,38 @@ class ExecutionEngine:
             f"**Top 5:**\n" + "\n".join(lines)
         )
     
+class AIAdminConfirmationView(discord.ui.View):
+    """View for confirming destructive AI Admin actions."""
+    def __init__(self, cog: "AIAdmin", ctx: commands.Context, action: dict, response_text: str) -> None:
+        super().__init__(timeout=60.0)
+        self.cog = cog
+        self.ctx = ctx
+        self.action = action
+        self.response_text = response_text
+
+    @discord.ui.button(label="Confirm", emoji="✅", style=discord.ButtonStyle.success)
+    async def confirm(self, interaction: discord.Interaction, button: discord.ui.Button) -> None:
+        if interaction.user.id != self.ctx.author.id:
+            await interaction.response.send_message("❌ Only the command author can confirm.", ephemeral=True)
+            return
+        
+        await interaction.response.defer(thinking=True)
+        try:
+            # Remove the confirmation flag so it executes normally
+            self.action.pop("requires_confirmation", None)
+            results = await self.cog.execution.execute([self.action], self.ctx)
+            result_text = "\n".join(results)
+            await interaction.followup.send(f"✅ **Action Executed:**\n{result_text[:1800]}")
+        except Exception as e:
+            await interaction.followup.send(f"❌ **Execution Error:** {str(e)[:1000]}")
+
+    @discord.ui.button(label="Cancel", emoji="❌", style=discord.ButtonStyle.danger)
+    async def cancel(self, interaction: discord.Interaction, button: discord.ui.Button) -> None:
+        if interaction.user.id != self.ctx.author.id:
+            await interaction.response.send_message("❌ Only the command author can cancel.", ephemeral=True)
+            return
+        await interaction.response.edit_message(content="❌ Action cancelled by user.", view=None)
+
 class AIAdmin(commands.Cog):
     """Autonomous AI Administrator Cog."""
     
@@ -891,7 +928,7 @@ class AIAdmin(commands.Cog):
 
     @staticmethod
     def _parse_duration_minutes(text: str) -> int | None:
-        match = re.search(r"(\d+)\s*(m|min|mins|minute|minutes|h|hr|hour|hours|d|day|days)?", text, re.IGNORECASE)
+        match = re.search(r"(\d+)\s*(s|sec|secs|second|seconds|m|min|mins|minute|minutes|h|hr|hour|hours|d|day|days)?", text, re.IGNORECASE)
         if not match:
             return None
         value = int(match.group(1))
@@ -900,6 +937,8 @@ class AIAdmin(commands.Cog):
             value *= 60
         elif unit.startswith("d"):
             value *= 60 * 24
+        elif unit.startswith("s"):
+            value = max(1, value // 60)  # Convert seconds to minutes (min 1 min)
         return max(1, min(value, 40320))
 
     async def _try_direct_moderation(self, ctx: commands.Context, request: str) -> str | None:
@@ -1124,21 +1163,44 @@ class AIAdmin(commands.Cog):
             if "response_to_user" in action:
                 response_text = action.pop("response_to_user")
                 break
-        
-        results = await self.execution.execute(actions, ctx)
-        
-        try:
-            if response_text:
-                await ctx.send(response_text)
+
+        # Split actions into safe (execute now) and unsafe (require confirmation)
+        safe_actions = []
+        unsafe_actions = []
+        for action in actions:
+            if action.get("requires_confirmation"):
+                unsafe_actions.append(action)
             else:
-                await ctx.send("\n".join(results))
-        except discord.NotFound:
-            # Interaction message may have been deleted
+                safe_actions.append(action)
+
+        # Execute safe actions immediately
+        safe_results = []
+        if safe_actions:
+            safe_results = await self.execution.execute(safe_actions, ctx)
+
+        # Handle unsafe actions (Confirmation Flow)
+        if unsafe_actions:
+            # Take the first unsafe action to confirm
+            action_to_confirm = unsafe_actions[0]
+            # Remove the flag so it executes when confirmed
+            action_to_confirm.pop("requires_confirmation", None)
+            
+            # Construct a message if the AI didn't provide a specific one
+            confirm_msg = response_text if response_text else f"⚠️ **Action Requires Confirmation:**\n`{action_to_confirm.get('action')}`"
+            
+            view = AIAdminConfirmationView(self, ctx, action_to_confirm, confirm_msg)
+            await ctx.send(confirm_msg, view=view)
+        else:
+            # All actions were safe, send normal response
+            final_response = response_text
+            if safe_results:
+                final_response = f"{response_text or ''}\n\n{' '.join(safe_results)}".strip()
+            
             try:
+                await ctx.send(final_response)
+            except discord.NotFound:
                 if ctx.channel:
-                    await ctx.channel.send(response_text or "\n".join(results))
-            except Exception:
-                pass
+                    await ctx.channel.send(final_response)
     
     @commands.hybrid_command(name="ai_help", description=get_cmd_desc("commands.ai.ai_help_desc"))
     async def ai_help(self, ctx: commands.Context) -> None:

bot/cogs/ai_suite.py

@@ -36,10 +36,30 @@ try:
 except Exception:  # pragma: no cover
     edge_tts = None
 
+try:
+    from duckduckgo_search import DDGS
+    HAS_DDG = True
+except Exception:  # pragma: no cover
+    DDGS = None
+    HAS_DDG = False
+
 from bot.i18n import get_cmd_desc
 from bot.emojis import resolve_emoji_value
 
 
+# ═══════════════════════════════════════════════════════════════════════════════
+# WEB SEARCH — RAG-based live context injection
+# ═══════════════════════════════════════════════════════════════════════════════
+
+# Keywords that trigger automatic web search
+_WEB_SEARCH_TRIGGERS = re.compile(
+    r"\b(today|now|current|latest|recent|news|live|right now|this (week|month|year)|"
+    r"2025|2026|price|rate|stock|score|result|winner|election|update|breaking|event|"
+    r"اليوم|الآن|الحالي|أحدث|أخبار|مباشر|سعر|معدل|نتيجة|فائز|حدث)"
+    r"\b",
+    re.IGNORECASE,
+)
+
 PERSONALITY_INSTRUCTIONS = {
     "wise": "Respond as a wise mentor: calm, clear, and practical.",
     "sarcastic": "Respond with light sarcasm only, never insulting or abusive.",
@@ -55,6 +75,7 @@ class PromptPayload:
     image_bytes: bytes | None = None
     is_code_result: bool = False
     memory_context: str = ""
+    web_context: str = ""  # Injected web search results for RAG
 
 
 class ImperialMotaz:
@@ -448,6 +469,43 @@ class AISuite(commands.Cog):
         self.memory_icon = resolve_emoji_value("🧠", fallback="🧠", bot=bot)
         self.spark_icon = resolve_emoji_value("⚡", fallback="⚡", bot=bot)
 
+    # ═══════════════════════════════════════════════════════════════════════════════
+    # WEB SEARCH — RAG-based live context injection via DuckDuckGo
+    # ═══════════════════════════════════════════════════════════════════════════════
+
+    @staticmethod
+    def _needs_web_search(text: str) -> bool:
+        """Check if the prompt contains keywords that suggest live info is needed."""
+        return bool(_WEB_SEARCH_TRIGGERS.search(text))
+
+    async def _web_search_context(self, query: str, max_results: int = 5) -> str:
+        """Search the web and return top results as context for the AI.
+
+        Returns a formatted string with title, snippet, and URL for each result.
+        Runs in a thread pool to avoid blocking the event loop.
+        """
+        if not HAS_DDG or DDGS is None:
+            return ""
+
+        def _do_search() -> str:
+            try:
+                with DDGS() as ddgs:
+                    results = list(ddgs.text(query, max_results=max_results))
+                if not results:
+                    return ""
+                parts = []
+                for i, r in enumerate(results[:max_results], 1):
+                    title = r.get("title", "")
+                    body = r.get("body", r.get("snippet", ""))
+                    url = r.get("href", r.get("url", ""))
+                    parts.append(f"[{i}] {title}\n    {body}\n    Source: {url}")
+                return "\n\n".join(parts)
+            except Exception:
+                return ""
+
+        # Run in thread pool to avoid blocking the event loop
+        return await asyncio.get_event_loop().run_in_executor(None, _do_search)
+
     async def cog_load(self) -> None:
         # Persistent registration for AI settings panel buttons/select.
         self.bot.add_view(AISettingsView(self))
@@ -871,6 +929,7 @@ class AISuite(commands.Cog):
         image_bytes: bytes | None = None,
         model: str | None = None,
         memory_context: str = "",
+        web_context: str = "",
     ) -> dict:
         # Kept method name for minimal code changes; implementation now uses OpenRouter.
         api_key = self.bot.settings.openrouter_api_key
@@ -884,12 +943,27 @@ class AISuite(commands.Cog):
             + self._personality(guild)
         )
 
+        # Inject web search results as context (RAG)
+        web_prefix = ""
+        if web_context.strip():
+            web_prefix = (
+                "You have access to LIVE WEB SEARCH results below. "
+                "Use these results to provide accurate, up-to-date answers. "
+                "If the search results contain the answer, prioritize them over your training data. "
+                "Mention that your info is from a live search.\n\n"
+                f"═══ LIVE WEB SEARCH RESULTS ═══\n{web_context[:6000]}\n═══ END SEARCH RESULTS ═══\n\n"
+            )
+
         if memory_context.strip():
             prompt = (
                 f"Channel short-term memory (last 10 messages):\n{memory_context[:5000]}\n\n"
                 f"Current user request:\n{prompt}"
             )
 
+        # Prepend web context to the prompt
+        if web_prefix:
+            prompt = web_prefix + prompt
+
         user_content: list[dict] = [{"type": "text", "text": prompt}]
         if image_bytes:
             data_url = "data:image/png;base64," + base64.b64encode(image_bytes).decode("utf-8")
@@ -958,6 +1032,7 @@ class AISuite(commands.Cog):
                     payload.image_bytes,
                     model=model,
                     memory_context=payload.memory_context,
+                    web_context=payload.web_context,
                 )
                 return self._extract_text(data), model
             except Exception as e:
@@ -1410,24 +1485,47 @@ class AISuite(commands.Cog):
             await self._send_error(ctx, err)
             return
         await self._safe_defer(ctx)
+
+        # ─── Web Search Detection & Execution ───
+        web_context = ""
+        progress_msg = None
+        if self._needs_web_search(prompt):
+            progress_msg = await self._send_progressive_embed(
+                ctx,
+                title="🔍 Searching the web...",
+                description="Looking for the latest information online.",
+            )
+            web_context = await self._web_search_context(prompt)
+            if progress_msg:
+                try:
+                    await progress_msg.delete()
+                except Exception:
+                    pass
+            progress_msg = None
+
         progress_msg = await self._send_progressive_embed(
             ctx,
             title=f"{self.ai_icon} Thinking...",
-            description="Analyzing your request.",
+            description="Analyzing your request." + (" (with web results)" if web_context else ""),
         )
         try:
             memory = await self._channel_memory_text(ctx.channel, limit=self.MEMORY_WINDOW_SIZE)
             await self._update_progressive_embed(
                 progress_msg,
                 title=f"{self.memory_icon} Writing...",
-                description="Using short-term channel memory for better context.",
+                description="Using short-term channel memory for better context." + (" + live web search" if web_context else ""),
+            )
+            payload = PromptPayload(
+                command_name="chat",
+                prompt=prompt,
+                memory_context=memory,
+                web_context=web_context,
             )
-            payload = PromptPayload(command_name="chat", prompt=prompt, memory_context=memory)
             await self.run_payload(ctx, payload)
             await self._update_progressive_embed(
                 progress_msg,
                 title=f"{self.spark_icon} Finalizing...",
-                description="Response delivered successfully.",
+                description="Response delivered successfully." + (" 🔍 Source: Live Web Search" if web_context else ""),
             )
         finally:
             if progress_msg:
@@ -1837,11 +1935,25 @@ class AISuite(commands.Cog):
             )
 
         memory = await self._channel_memory_text(message.channel, limit=10)
-        payload = PromptPayload(command_name="auto_chat", prompt=prompt, memory_context=memory)
+
+        # Web search for auto chat if keywords detected
+        web_context = ""
+        if self._needs_web_search(content):
+            web_context = await self._web_search_context(content, max_results=3)
+
+        payload = PromptPayload(
+            command_name="auto_chat",
+            prompt=prompt,
+            memory_context=memory,
+            web_context=web_context,
+        )
         try:
             async with message.channel.typing():
                 text, model_used = await self._generate_with_failover(message.guild, payload)
-            await message.reply(f"{text[:1800]}\n\n{self.memory_icon} Model: `{model_used}`", mention_author=False)
+            footer = f"\n\n{self.memory_icon} Model: `{model_used}`"
+            if web_context:
+                footer += " 🔍 Source: Live Web Search"
+            await message.reply(f"{text[:1800]}{footer}", mention_author=False)
         except Exception:
             await message.reply(
                 "❌ I couldn't process the AI request right now. Please try again in a moment.",

bot/cogs/developer.py

@@ -16,8 +16,8 @@ class Developer(commands.Cog):
     def __init__(self, bot: commands.Bot) -> None:
         self.bot = bot
 
-    async def cog_check(self, ctx: commands.Context) -> bool:
-        return await self.bot.is_owner(ctx.author)
+    # Removed global cog_check to allow more granular permissions
+    # Individual commands can have their own checks if needed
 
     @commands.command(name="load", help="Load a cog extension by dotted path.")
     async def load(self, ctx: commands.Context, extension: str) -> None:
@@ -48,7 +48,7 @@ class Developer(commands.Cog):
     async def emoji_scan(self, ctx: commands.Context) -> None:
         """Scan all configured custom emojis and show which ones are broken."""
         if not self.bot.is_ready() or not self.bot.user:
-            await ctx.reply("⏳ Bot is not ready yet.", ephemeral=True)
+            await ctx.send("⏳ Bot is not ready yet.", ephemeral=True)
             return
 
         bot_emojis = {e.id: e for e in self.bot.emojis}
@@ -125,10 +125,17 @@ class Developer(commands.Cog):
 
         embed.set_footer(text="Run this after the bot joins new servers to refresh emoji cache")
 
-        if ctx.interaction:
-            await ctx.interaction.response.send_message(embed=embed, ephemeral=True)
-        else:
-            await ctx.reply(embed=embed, ephemeral=True)
+        try:
+            if ctx.interaction:
+                if ctx.interaction.response.is_done():
+                    await ctx.interaction.followup.send(embed=embed, ephemeral=True)
+                else:
+                    await ctx.interaction.response.send_message(embed=embed, ephemeral=True)
+            else:
+                await ctx.send(embed=embed, ephemeral=True)
+        except discord.InteractionResponded:
+            if ctx.interaction:
+                await ctx.interaction.followup.send(embed=embed, ephemeral=True)
 
     @staticmethod
     def _extract_id(value: str) -> int | None:

bot/cogs/events.py

@@ -532,76 +532,97 @@ class Events(commands.Cog):
     async def _check_multi_vector_scam(self, message: discord.Message) -> tuple[bool, str, int]:
         """Multi-Vector Scam Detection.
 
-        Combines suspicion score, link inspection, and contextual chain analysis.
+        Checks in order:
+        1. Custom admin-set keywords (instant block)
+        2. Any scam keyword + link → instant block
+        3. Pure scam text (high-risk patterns)
+        4. Any link in message (suspicion tracking)
+        5. Suspicion score threshold (repeat offender)
         Returns: (is_scam, reason, total_score)
         """
         guild_id = message.guild.id if message.guild else 0
         user_id = message.author.id
         content = message.content or ""
+        text_lower = content.strip().lower()
         has_images = bool(message.attachments)
 
+        if not text_lower and not has_images:
+            return False, "", 0
+
+        # --- CHECK 1: Custom admin-set strict keywords (instant block) ---
+        custom_row = await self.bot.db.fetchone(
+            "SELECT custom_restrictions, strict_keywords FROM shield_settings WHERE guild_id = ?",
+            guild_id,
+        )
+        strict_keywords = (custom_row[1] or "").lower() if custom_row else ""
+
+        if strict_keywords:
+            for kw in strict_keywords.split(","):
+                kw = kw.strip()
+                if kw and kw in text_lower:
+                    return True, f"Custom keyword: `{kw}`", 20
+
+        # --- CHECK 2: Any scam keyword + ANY link → instant block ---
+        has_any_scam_keyword = bool(
+            SCAM_INVITE_RE.search(text_lower) or
+            SCAM_CALL_TO_ACTION_RE.search(text_lower) or
+            SCAM_KEYWORDS_RE.search(text_lower) or
+            SCAM_OFFICIAL_RE.search(text_lower) or
+            SCAM_URGENT_RE.search(text_lower)
+        )
+        has_link = bool(SCAM_LINK_RE.search(content))
+
+        if has_any_scam_keyword and has_link:
+            link_risk, link_reasons = self._classify_link_risk(content)
+            return True, f"Scam keywords + link ({link_reasons or 'detected'})", 15
+
+        # --- CHECK 3: Pure high-risk scam text (no link needed) ---
+        has_cta = bool(SCAM_CALL_TO_ACTION_RE.search(text_lower))
+        has_keyword = bool(SCAM_KEYWORDS_RE.search(text_lower))
+        has_official = bool(SCAM_OFFICIAL_RE.search(text_lower))
+        has_urgent = bool(SCAM_URGENT_RE.search(text_lower))
+
+        # CTA alone is enough if it matches scam patterns
+        if has_cta and has_keyword:
+            return True, "Scam CTA + keywords", 15
+
+        # Official impersonation + urgency
+        if has_official and (has_urgent or has_keyword):
+            return True, "Official impersonation scam", 15
+
+        # Any single strong scam signal (prevents first-time scammers)
+        if has_official and has_link:
+            return True, "Official + link", 15
+
+        # --- CHECK 4: Suspicion tracking for repeat offenders ---
         total_score = 0
         reasons: list[str] = []
 
-        # --- Stage 1: Check for invite/scam keywords ---
-        is_stage1, stage1_reasons = self._detect_invite_chain(content)
-        if is_stage1:
-            score = await self.suspicion.add_points(guild_id, user_id, 5, "invite_text")
+        if has_any_scam_keyword:
             total_score += 5
-            reasons.extend(stage1_reasons)
-
-        # --- Stage 2: Check for link or image ---
-        is_stage2, stage2_reasons = self._detect_link_stage(content, has_images)
-        if is_stage2:
-            score = await self.suspicion.add_points(guild_id, user_id, 10, "link_or_image")
-            total_score += 10
-            reasons.extend(stage2_reasons)
-
-            # Link + invite combo = High-Risk Scam
-            link_risk, _ = self._classify_link_risk(content)
-            if SCAM_INVITE_RE.search(content) and link_risk >= 2:
+            reasons.append("scam keywords")
+        if has_link:
+            link_risk, link_reasons = self._classify_link_risk(content)
+            if link_risk >= 2:
                 total_score += 5
-                reasons.append("CRITICAL: invite keywords + suspicious link")
+                reasons.append(f"suspicious link ({link_reasons})")
+            elif link_risk >= 1:
+                total_score += 3
+                reasons.append("link detected")
 
-        # --- Check existing suspicion score ---
+        if has_any_scam_keyword or (has_link and link_risk >= 2):  # noqa: F821
+            await self.suspicion.add_points(guild_id, user_id, total_score, "scam_signal")
+
+        # --- CHECK 5: Repeat offender threshold ---
         existing_score = await self.suspicion.get_score(guild_id, user_id)
         total_score = max(total_score, existing_score)
 
-        # --- Action: If score > 10 → trigger Warning System ---
         if total_score > SuspicionTracker.ACTION_THRESHOLD:
             reason_str = " | ".join(reasons[:3])
-            return True, f"Multi-vector scam (score: {total_score}): {reason_str}", total_score
-
-        # --- Link Inspection: suspicious domain without prior context ---
-        if SCAM_LINK_RE.search(content) and not self._is_trusted_domain(content):
-            link_risk, link_reasons = self._classify_link_risk(content)
-            if link_risk >= 3 and SCAM_INVITE_RE.search(content):
-                return True, f"Immediate scam: {link_reasons}", total_score + 5
+            return True, f"Repeat scam (score: {total_score}): {reason_str}", total_score
 
         return False, "", total_score
 
-    def _is_high_risk_scam_text(self, content: str) -> bool:
-        """Legacy compatibility — now uses multi-vector detection."""
-        is_scam, _, _ = asyncio.get_event_loop().run_until_complete(
-            self._check_multi_vector_scam_discord_mock(content)
-        ) if hasattr(self, '_check_multi_vector_scam_discord_mock') else False
-        # Fallback to basic heuristic for sync contexts
-        text = (content or "").strip().lower()
-        if not text:
-            return False
-        if BENIGN_DM_RE.search(text) and not SCAM_LINK_RE.search(text):
-            return False
-        has_link = bool(SCAM_LINK_RE.search(text))
-        has_cta = bool(SCAM_CALL_TO_ACTION_RE.search(text))
-        has_keyword = bool(SCAM_KEYWORDS_RE.search(text))
-        has_official = bool(SCAM_OFFICIAL_RE.search(text))
-        has_urgent = bool(SCAM_URGENT_RE.search(text))
-        if has_link and (has_cta or has_keyword or has_official or has_urgent):
-            return True
-        if has_cta and (has_keyword or has_official) and not BENIGN_DM_RE.search(text):
-            return True
-        return False
-
     def _scam_heuristics(self, content: str, has_images: bool = False) -> tuple[int, list[str]]:
         """Legacy compatibility — replaced by multi-vector detection."""
         text = (content or "").strip().lower()
@@ -1216,6 +1237,15 @@ class Events(commands.Cog):
             except Exception:
                 pass
 
+        # Log to warns table (connects to admin warning system)
+        await self.bot.db.execute(
+            "INSERT INTO warns(guild_id, user_id, moderator_id, reason) VALUES (?, ?, ?, ?)",
+            guild.id,
+            member.id if member else 0,
+            self.bot.user.id if self.bot.user else 0,
+            f"Multi-Vector Scam (score: {score}): {reason[:180]}",
+        )
+
         # Log to shield_logs
         await self.bot.db.execute(
             "INSERT INTO shield_logs(guild_id, user_id, reason, message_content) VALUES (?, ?, ?, ?)",

bot/cogs/media.py

@@ -154,14 +154,22 @@ def _build_emoji_markup(emoji_obj: discord.Emoji) -> str:
 
 
 def _resolve_emoji_value(raw_value: str, default: str) -> str:
-    """Resolve emoji by ID using bot cache, then fallback to unicode default."""
+    """Resolve emoji for media panel display.
+
+    Returns the full custom emoji tag so Discord can render it.
+    Only uses default if the value is empty/invalid.
+    """
+    if not raw_value:
+        return default
+    # Check if it's a custom emoji tag
+    if raw_value.startswith("<") and raw_value.endswith(">"):
+        return raw_value  # Return as-is for Discord to render
     emoji_id = _extract_emoji_id(raw_value)
     if emoji_id is not None and _EMOJI_BOT is not None:
         found = _EMOJI_BOT.get_emoji(emoji_id)
         if found is not None:
             return _build_emoji_markup(found)
-    # Emoji not available in cache — return default unicode to avoid raw :name: display
-    return default
+    return raw_value if raw_value.strip() else default
 
 
 def _load_emoji_config() -> dict[str, str]:
@@ -391,6 +399,7 @@ class GuildPlaybackState:
     volume: int = 80
     stay_247: bool = False
     filter_preset: str = "none"
+    _autoplay_chain: int = 0  # Consecutive autoplay tracks (resets on human interaction)
 
 
 @dataclass
@@ -832,14 +841,33 @@ class Media(commands.Cog):
         )
 
     async def _autoplay_next(self, guild: discord.Guild, player: wavelink.Player) -> None:
-        """Get autoplay recommendation and play it."""
+        """Get autoplay recommendation and play it.
+
+        Safety limits:
+        - Won't autoplay if queue already has 10+ tracks
+        - Won't autoplay more than 3 consecutive recommended tracks
+        - Skips if a human-added track is already playing
+        """
         try:
+            state = self._guild_state(guild.id)
+
+            # Don't autoplay if queue is already full
+            queue_size = player.queue.count if hasattr(player.queue, 'count') else 0
+            if queue_size >= 10:
+                return
+
+            # Don't chain more than 3 autoplay tracks in a row
+            if state._autoplay_chain >= 3:
+                state._autoplay_chain = 0
+                return
+
             # Search for similar music
             current = self.now_playing.get(guild.id)
             seed = current.title if current else "top hits"
             results = await wavelink.Playable.search(f"ytsearch:{seed}")
             if results:
                 track = random.choice(results[:5])  # Pick from top 5
+                state._autoplay_chain = getattr(state, '_autoplay_chain', 0) + 1
                 await player.queue.put_wait(track)
                 next_track = player.queue.get()
                 self.now_playing[guild.id] = self._wavelink_to_track(next_track, 0)

bot/cogs/media_helpers.py

@@ -31,15 +31,18 @@ def _emoji(key: str, default: str) -> str:
     return resolve_emoji(key, default)
 
 
-def _button_emoji(key: str, default: str) -> str | discord.PartialEmoji:
-    """Build a button-safe emoji (supports raw custom emoji tags)."""
+def _button_emoji(key: str, default: str) -> str | discord.PartialEmoji | None:
+    """Return emoji for button labels. Returns PartialEmoji for custom tags."""
     value = _emoji(key, default)
-    try:
-        if isinstance(value, str) and value.startswith("<") and value.endswith(">"):
+    if not value:
+        return default
+    # Try to parse as custom emoji tag
+    if isinstance(value, str) and value.startswith("<") and value.endswith(">"):
+        try:
             return discord.PartialEmoji.from_str(value)
-    except Exception:
-        pass
-    return value
+        except Exception:
+            pass
+    return value if isinstance(value, str) else default
 
 
 # ═══════════════════════════════════════════════════════════════════════════════

bot/cogs/menu.py

@@ -709,6 +709,12 @@ class CommandsMenuView(discord.ui.View):
         embed.add_field(name=tips_title, value=tips, inline=True)
         embed.add_field(name=updates_title, value=updates, inline=False)
 
+        # ═══ What's New section ═══
+        whats_new = await self.bot.get_text(guild_id, "menu.whats_new_heading")
+        whats_new_content = await self.bot.get_text(guild_id, "menu.whats_new_content")
+        if whats_new and whats_new != "menu.whats_new_heading" and whats_new_content and whats_new_content != "menu.whats_new_content":
+            embed.add_field(name=whats_new, value=whats_new_content[:900], inline=False)
+
         embed.set_footer(text=footer)
         embed.description = f"{embed.description}\n\nPage {self.page + 1}/{total_pages}"
         return embed

bot/cogs/utility.py

@@ -338,6 +338,7 @@ class Utility(commands.Cog):
                 await channel.send(f"⏰ <@{user_id}> reminder: {msg}")
             await self.bot.db.execute("DELETE FROM reminders WHERE id = ?", rid)
 
+
     @commands.hybrid_command(name="search", description=get_cmd_desc("commands.tools.search_desc"))
     @discord.app_commands.describe(query="Search query | بحث")
     async def search(self, ctx: commands.Context, query: str) -> None:
@@ -529,11 +530,6 @@ async def _yt_search(query: str, max_results: int = 25) -> list[dict]:
     return results
 
 
-class Utility(commands.Cog):
-    """Utility commands including YouTube search."""
-
-    def __init__(self, bot: commands.Bot) -> None:
-        self.bot = bot
 
     @commands.hybrid_command(name="botstats", description=get_cmd_desc("commands.tools.botstats_desc"))
     async def botstats(self, ctx: commands.Context) -> None:
@@ -553,4 +549,9 @@ class Utility(commands.Cog):
 
 
 async def setup(bot: commands.Bot) -> None:
-    await bot.add_cog(Utility(bot))
+    cog = Utility(bot)
+    # Wire autocomplete after the class is fully defined
+    if hasattr(cog, 'search') and cog.search is not None:
+        yt_ac = YouTubeAutocomplete()
+        cog.search.autocomplete = yt_ac.autocomplete
+    await bot.add_cog(cog)

bot/cogs/verification.py

@@ -47,7 +47,17 @@ class VerifyView(discord.ui.View):
             return
 
         await member.add_roles(role, reason="Member completed verification")
-        await interaction.followup.send(await self.bot.get_text(guild_id, "welcome.verify_success"), ephemeral=True)
+
+        # Send success message with redirect link to welcome channel
+        welcome_channel_id = row[1] if row else None
+        redirect_text = ""
+        if welcome_channel_id:
+            welcome_ch = interaction.guild.get_channel(welcome_channel_id)
+            if welcome_ch:
+                redirect_text = f"\n\n➡️ {await self.bot.get_text(guild_id, 'welcome.redirect_text', channel=welcome_ch.mention)}"
+
+        success_msg = await self.bot.get_text(guild_id, "welcome.verify_success")
+        await interaction.followup.send(f"{success_msg}{redirect_text}", ephemeral=True)
 
         await self.bot.log_to_guild(
             interaction.guild,

bot/emojis.py

@@ -141,21 +141,17 @@ def _ensure_unescaped_emoji(value: str) -> str:
 
 
 def resolve_emoji_value(value: str, fallback: str = "✨", *, bot: discord.Client | None = None) -> str:
-    """Resolve emoji config with a hybrid resolver (cache first, then fallback to unicode).
+    """Resolve emoji config for display in embeds/messages.
 
-    If the custom emoji is available in the bot's cache, it returns the full tag.
-    Otherwise it falls back to the unicode fallback to avoid showing raw :name: text.
+    Returns the full custom emoji tag <:name:id> so Discord can render it.
+    Only falls back to unicode if the value is invalid or empty.
+    Custom emoji tags work in embed descriptions if the bot has access to the emoji.
     """
     parsed = _parse_custom_emoji_config(value)
     if parsed is not None:
         config_name, emoji_id, animated = parsed
-        active_bot = bot or _EMOJI_BOT
-        if active_bot is not None:
-            resolved = active_bot.get_emoji(emoji_id)
-            if resolved is not None:
-                return _ensure_unescaped_emoji(_format_custom_emoji(resolved))
-        # Emoji not in cache — return fallback unicode to avoid raw :name: display
-        return fallback
+        # Return the full custom emoji tag — Discord renders it if valid
+        return _ensure_unescaped_emoji(_build_custom_emoji_code(config_name, emoji_id, animated))
 
     emoji_id = _extract_emoji_id(value)
     active_bot = bot or _EMOJI_BOT
@@ -163,8 +159,7 @@ def resolve_emoji_value(value: str, fallback: str = "✨", *, bot: discord.Clien
         resolved = active_bot.get_emoji(emoji_id)
         if resolved is not None:
             return _ensure_unescaped_emoji(_format_custom_emoji(resolved))
-        return fallback
-    # Value might be a plain unicode emoji or already-resolved string
+    # Return as-is (might be unicode emoji or already-resolved tag)
     return _ensure_unescaped_emoji(value or fallback)
 
 

bot_test.log

@@ -0,0 +1,39 @@
+[OK] Keep-alive HTTP server started on port 10000
+[OK] Flask lifeline started on 0.0.0.0:7860
+2026-04-09 22:59:01,847 | INFO | mega-bot.config | Loaded 1 owner ID(s).
+ * Serving Flask app 'bot-lifeline'
+ * Debug mode: off
+2026-04-09 22:59:01,865 | INFO | discord.client | logging in using static token
+2026-04-09 22:59:03,974 | INFO | httpx | HTTP Request: HEAD https://huggingface.co/datasets/mtaaz/db/resolve/main/database.db "HTTP/1.1 302 Found"
+2026-04-09 22:59:04,302 | INFO | httpx | HTTP Request: POST https://huggingface.co/api/datasets/mtaaz/db/preupload/main "HTTP/1.1 200 OK"
+2026-04-09 22:59:04,514 | INFO | httpx | HTTP Request: POST https://huggingface.co/datasets/mtaaz/db.git/info/lfs/objects/batch "HTTP/1.1 200 OK"
+2026-04-09 22:59:04,734 | INFO | httpx | HTTP Request: GET https://huggingface.co/api/datasets/mtaaz/db/xet-write-token/main "HTTP/1.1 200 OK"
+
+
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+
+
  ./database.db               : 100%|██████████|  184kB /  184kB            
+No files have been modified since last commit. Skipping to prevent empty commit.
+2026-04-09 22:59:05,980 | WARNING | huggingface_hub.hf_api | No files have been modified since last commit. Skipping to prevent empty commit.
+2026-04-09 22:59:06,197 | INFO | httpx | HTTP Request: GET https://huggingface.co/api/datasets/mtaaz/db/revision/main "HTTP/1.1 200 OK"
+2026-04-09 22:59:07,050 | WARNING | mega-bot | FFmpeg binary not found in PATH.
+2026-04-09 22:59:07,115 | WARNING | mega-bot | MainMenuView registration skipped: View is not persistent. Items need to have a custom_id set and View must have no timeout
+2026-04-09 22:59:07,948 | INFO | mega-bot | Loaded all cogs and synced slash commands
+2026-04-09 22:59:08,825 | INFO | discord.gateway | Shard ID None has connected to Gateway (Session ID: a9741b4159f3677909c8df43062d7271).
+2026-04-09 22:59:10,840 | INFO | mega-bot | Logged in as Ultimate bot#9259 (1475803247313682472)
+^C

database.db-wal

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5e4aebadf9918d28b332f92b113c88b7bc344f2f3a6cc093b22d32b4ee1eac2b
-size 111272
+oid sha256:770eff54c07d26e4599ea95a1c9f833f74a157aad1e19700d8335897e3ea30dd
+size 218392

requirements.txt

@@ -12,3 +12,4 @@ Pillow>=10.4.0
 gTTS>=2.5.3
 edge-tts>=6.1.13
 huggingface_hub>=0.25.0
+duckduckgo-search>=6.3.0