Built to be Private
MaestroBot and its underlying architecture are fundamentally designed to be intensely private and personal. This is a custom-tailored system built for agentic workflows on your terms.
Do Not Distribute
This repository and its source code are provided exclusively for your personal deployment. Please do not re-host, republish, or distribute this codebase publicly. Distributing it publicly invites unintended use, API abuse, or severe security implications.
Security Protocols
Because this bot has access to sensitive databases, API keys, and powerful autonomous tools, you must take its security seriously.
Never Commit Secrets
Your .env and config.toml files hold extremely sensitive information, including your bot token, database credentials, and core API keys. They are .gitignored by default—do not ever commit them to a public repo.
The `OWNER_ID` is Absolute
Authorization relies entirely on the OWNER_ID provided in the .env file. This ID grants total administrative control. Verify that this ID is strictly your own Discord User ID.
Guest Management Risks
Granting admin access to friends is inherently dangerous. It can lead to data loss or security issues if that user's account is compromised. Only grant this with absolute certainty.
Database Isolation
When setting up MySQL, ensure the user created for MaestroBot only has access to MaestroBot's specific DB_NAME database. Never give it global root access to your entire database server.
API Key Protection
The Agent and its various tools utilize paid API keys (like Anthropic and Firecrawl). Keeping your environment variables secure is the only way to prevent unauthorized token usage and unexpected billing charges from these providers.