PhantomBot is a Twitch chat bot powered by Java. PhantomBot has many modern features out of the box such as a built-in webpanel, enhanced moderation, games, a point system, raffles, custom commands, a music player, and more. PhantomBot can also be integrated with many services such as Discord, TipeeeStream, StreamLabs and StreamElements!

Additional functionality is enabled through the use of third-party modules.

• Get PhantomBot
• Security Policy

• Microsoft Windows
  • Windows 10 or 11; Windows Server 2019, 2022, or 2025 (64-bit, x64)
    • No additional requirements
  • Windows 10; Windows Server 2019 or 2022 (32-bit, x86)
    • Eclipse Temurin 17 JRE
• macOS
  • macOS 12 (Monterey) or later (Intel or Apple silicon, 64-bit, x64)
    • No additional requirements
• Linux
  • Any GCC-based Linux (Ubuntu, Debian, CentOS, etc)
    • Intel/AMD (64-bit, x64)
      • glibc 2.12 or later
    • ARM 64-bit (Raspberry Pi 4/5 with 64-bit enabled, etc)
      • glibc 2.17 or later
    • ARM 32-bit HF (Raspberry Pi 3, etc)
      • glibc 2.23 or later
  • Any musl-based Linux (Alpine, etc) equivilent to Alpine 3.5 or later (64-bit, x64)
    • Eclipse Temurin 17 JRE
• Other OSes and Processors
  • Check support for JDK 17 at Eclipse Temurin Supported Platforms

• Download the Latest Release for your platform
  • Please note that macOS on Apple Silicon should use the arm64-apple_silicon package
• Extract the release to the installation location of your choice
• Linux / macOS: Apply execute permissions to the launchers
  • Execute chmod +x launch.sh in a terminal
  • If you plan to setup the bot as a background service later, execute chmod +x launch-service.sh in a terminal
• Launch the launcher script
  • Windows: Double-click, or execute from a terminal, launch.bat or launch.ps1
  • Linux / macOS: Execute ./launch.sh in a terminal
• Open the bots web panel
  • Default URL when accessing locally is: http://localhost:25000
  • If accessing remotely, configure your firewall/port forwarding as needed to allow access to port 25000
  • It is normal for the browser to give a security warning, as we use self-signed SSL certificates by default
• Click Bot Setup and OAuth
• When the login page appears, look in your terminal window for the auto-generated username and password
• Fill in the name of the Twitch channel to join
  • Optionally, also expand the Panel Login section and set a new username and password for the admin user
• Click the floating Save Configuration button near the bottom-left to save the changes
• Click the OAuth Setup link at the top of the page
• Follow instructions to setup OAuth
  • Remember to perform both the Bot OAuth (Set user that the bot will post as) and the Broadcaster OAuth (Authorization for using the Twitch API)
• Enjoy!
  • More documentation can be found in our guides
  • Support is available through our Discord
    • Please, no private DMs or @mentions (pings)

To reduce risk of database corruption, please only close / shutdown the bot using the following methods

• If running in a terminal from launch.bat, launch.ps1, or launch.sh
  • Type exit and then hit enter
  • Press CTRL+C
• If running as a background service with launch-service.sh
  • Send the SIGTERM signal with kill PID
• After starting the shutdown process, please wait for the Bot is Exiting message to appear

More documentation for installation and setup is available in our guides

• Windows
• Linux:
  • Ubuntu
  • CentOS
• macOS

PhantomBot publishes official builds to Docker Hub and GitHub Container Registry

• DockerHub
• GHCR
• Docker Compose File

Detailed upgrade instructions are listed on our documentation.

• Feel free to check out our Version History.
• If you are a developer, feel free to check out the source and submit pull requests. We provide a guide to setup your development environment.
• Please don't forget to watch, and star our repo!
• A huge thanks goes out to the people who have already contributed to the project.

PhantomBot is licensed under the GNU General Public License v3 (GPL-3).

ℹ️ Notice: We use Rollbar to automatically report exceptions to the dev team.

OAuth tokens, Client IDs, and API Secrets are NOT sent. All information is kept private.

Data is only sent when an exception occurs. Some very common exceptions are not sent, such as the ones that occur when a connection times out.

Exceptions are sent through a server owned by @gmt2001 for additional filtering before continuing on to Rollbar. No data is saved on this server beyond normal logs used for DDOS mitigation. These logs may include IP addresses and are deleted after 5 weeks. IP addresses are NOT sent on to Rollbar.

The following values are sent from botlogin.txt:

• allownonascii - Indicates if other config values in botlogin.txt are allowed to use non-US-ASCII characters
• baseport - Indicates the port that the built-in webserver listens on
• channel - Indicates the Broadcaster's channel, where the bot interacts with Twitch viewers
• datastore - Indicates which database backend is used, but NOT the IP/login details for the database
• debugon - Indicates whether debug messages are printed to the console and logged
• debuglog - Overrides the above to only log, but not print to console
• helixdebug - Enables additional debug logging of Twitch Helix API requests and responses (Not including OAuth tokens)
• ircdebug - Enables additional debug logging of incoming messages from Twitch Message Interface (TMI/IRC)
• logtimezone - Indicates the timezone used by the bot
• musicenable - Indicates whether the YouTube player has been enabled at the botlogin.txt level
• owner - Indicates the bot owner (used for giving a non-broadcaster bot owner admin privileges)
• proxybypasshttps - Overrides the SSL checks in the bot to pretend SSL is enabled, for use with a reverse proxy
• reactordebug - Enables very verbose debug output to console from the Netty backend (Helix and Discord API)
• reloadscripts - Indicates whether the bot is allowed to reload most JavaScript files when they are changed without a restart
• rhinodebugger - Enables verbose debug output when JavaScript exceptions occur
• rollbarid - A GUIDv4 which uniquely identifies the current PhantomBot installation, used for identifying when multiple exceptions are coming from the same bot
• usehttps - Indicates whether SSL is enabled on the bots built-in webserver
• user - The bots Twitch username
• userollbar - Indicates if Rollbar exception reporting is enabled
• webenable - Indicates if the bots built-in webserver is enabled
• wsdebug - Enables debug output of WebSocket messages from the panel
• httpwsserverdebug - Enables requests to the webserver to be logged to ./logs/request

For all other values in botlogin.txt, only an indicator of whether the value exists will be sent, but not the actual value itself.

The other data sent includes:

• java.home - Indicates where Java is installed
• java.specification.name - Indicates the specification of the Java Runtime Environment the Java installation adheres to
• java.specification.vendor - Indicates the vendor of the above specification
• java.specification.version - Indicates the version of the above specification
• java.vendor - Indicates the vendor of the actual Java installation
• java.version - Indicates the actual version of the Java installation
• os.arch - Indicates 32-bit or 64-bit operating system
• os.name - Indicates the name of the operating system
• os.version - Indicates the version of the operating system
• The current state of debugon, even if set from the console
• The current state of debuglog, even if set from the console
• A boolean indicator of whether the OAuth is logged in as the Bot (but not the actual OAuth token)
• A boolean indicator of whether the API OAuth is logged in as the Broadcaster (but not the actual OAuth token)
• The full stack trace of the exception
• On some exceptions, the actual input variables if they don't contain any passwords or secret values

To opt out of Rollbar exception reporting, add the following line to the botlogin.txt:

userollbar=false

Docker users can opt out using the above method, or by adding the following environment variable to the container:

PHANTOMBOT_USEROLLBAR=false

for docker-compose.yml

PHANTOMBOT_USEROLLBAR: "false"

You must restart the bot after putting the opt-out for the change to take effect. Editing a Docker container or docker-compose may require more steps to apply the changes, consult your manual.

If you believe your data has already been sent and want to issue a GDPR delete request, please opt out as above and then send your bot name, broadcaster name, and the rollbarid from botlogin.txt to: gdpr /A\T/ phantombot // hopto \ org

We also accept requests for copies of your data. GDPR requests are accepted from all users, even those who do not live in a locale that has such laws.

Please note that the IP addresses in the DDOS logs can not be retrieved or deleted manually, but will be automatically deleted after 5 weeks by log rotation.