Collections Overview
| Collection | Purpose |
|---|---|
botify_nodes | PC registration, 30-second heartbeats, online/offline status, active accounts list |
botify_cookies | .ROBLOSECURITY cookies scoped per-user + per-PC (unique index) |
botify_commands | Remote command queue — polled by each node every few seconds |
botify_logs | Cloud log storage scoped per PC name and owner ID |
botify_licenses | License keys with plan types (standard / enterprise) and HWID bindings |
botify_command_history | Audit trail for all executed remote commands |
botify_enterprise_clusters | Enterprise Cluster node registration and deployment tracking |
botify_screenshots | Remote screenshot storage as Base64-encoded PNG |
updates | Auto-update version manifest records |
update_history | Full history of all published updates |
Collection Details
botify_nodes
Registers each PC running Botify and tracks live status.- Document created or updated on every app launch
- Heartbeat:
last_seenfield updated every 30 seconds - Nodes missing heartbeats for 90+ seconds are marked
offline
| Field | Description |
|---|---|
pc_name | Machine label from Settings |
owner_id | Discord User ID of the account owner |
status | online or offline |
active_accounts | List of currently running bot usernames |
command_token | 32-byte random hex token for remote command auth |
last_seen | Timestamp of most recent heartbeat |
botify_cookies
Stores all.ROBLOSECURITY cookies with per-user and per-PC scoping.
- Unique index:
(owner_id, pc_name, username)— prevents cross-user cookie leakage - Fields include: cookie value, username, age timestamp, validation status
botify_commands
The remote command queue. Botify polls this collection every few seconds for commands addressed to its node.- Each command must include a valid
auth_tokenmatching the node’scommand_token - Optionally verified against
owner_id - Executed commands are moved to
botify_command_history
botify_licenses
Stores license key records for legacy key activation.| Field | Description |
|---|---|
key | The license key string |
plan | standard or enterprise |
hwid | Hardware ID bound on first activation |
expiry | Expiration date (if applicable) |
botify_enterprise_clusters
Tracks PCs registered under Enterprise Cluster deployments.| Field | Description |
|---|---|
cluster_id | Unique identifier for the cluster |
server_code | ERLC private server code for this cluster |
nodes | List of PC names in this cluster |
status | Deployment status |
Data Flow Diagram
Security Model
| Layer | Implementation |
|---|---|
| Database Credentials | Embedded in the Botify binary — users never configure this |
| Command Auth | Per-node 32-byte random command_token — commands without it are silently rejected |
| Cookie Scoping | owner_id + pc_name unique index — nodes cannot read other users’ cookies |
| Local Encryption | Optional DPAPI encryption for account_store.json |
| Discord OAuth | Guild role verification ("Client" role required) on every login |