Operations

Daily check

Copy/eps status
/eps profile
/eps alerts status
/eps reports recent

Staff should look for repeated incidents, unexpected profile changes, missing companion state if used, or logging left on after a debug session.

Rollout workflow

1. Run observe during first deployment on customized networks.
2. Let players use normal menus, cosmetics, voice, lobby items, and minigames.
3. Review summaries, not private detector mechanics.
4. Move to balanced after normal traffic is clean.

Incident review

An incident summary is for staff triage. It tells you who was affected, whether enforcement happened, what broad area reported it, and what evidence to send to support. It should not be treated as a public explanation of every detector.

Copy/eps reports recent
/eps reports review <id>

Evidence handling

• Capture evidence only when investigating an active issue or when support requests it.
• Do not post evidence files publicly. They can contain private server and player context.
• Share evidence through private support channels only.
• Delete stale local evidence according to your own privacy policy.

Attack response

1. Check status and recent incidents.
2. Confirm the behavior is not a normal plugin workflow.
3. Collect private evidence if the abuse is ongoing.
4. Use strict only when the signal is clearly hostile.
5. Return to balanced after the event.

False-positive review

1. Switch to observe.
2. Reproduce the legitimate action.
3. Collect version, deployment shape, profile, incident ID, and reproduction steps.
4. Send the report privately.
5. Do not publish full incident metadata in public tickets.