pb.plz.ac — Terms of Service & Abuse Policy

Effective: 2026-05-20

§1. Prohibited content
  §1.1 Cryptocurrency solicitation. Uploads containing wallet addresses
       (Bitcoin, Ethereum, Lightning LNURL, etc.), QR codes for crypto
       payments, "send X sats / send X USD to this address" copy, or
       paid downloads gated by crypto payments are prohibited.
  §1.2 SEO / affiliate / mirror-host spam. Links to throwaway file
       mirrors (tfdl.net and equivalents), referral/affiliate codes,
       and promotional "kits" / "bundles" / "packs" sold off-platform.
  §1.3 Phishing, malware payloads, doxxing, illegal content under the
       laws of the operator's jurisdiction.
  §1.4 Mass identical or near-identical content. The same body
       re-posted under multiple IDs is considered abuse regardless of
       which IP submits it.
  §1.5 Automated / AI-agent uploads (see §1.5 below).

§1.5 Automated / agent-driven uploads
  §1.5.1 Uploads originating from LLM agents (including Claude Code /
         Claude API agents, OpenAI Operator / Assistants API, Browser-
         base, AutoGPT, custom LangChain / AutoGen / CrewAI pipelines,
         or any similar autonomous or semi-autonomous software) for
         the purpose of mass content distribution, SEO seeding, or
         promotional posting are prohibited.
  §1.5.2 AI agents uploading for legitimate purposes (logs, debug
         output, code samples on behalf of a developer) MUST send the
         HTTP request header:
              X-Agent: <name>/<version> (purpose=<short>)
         For example:
              X-Agent: claude-code/1.2 (purpose=debug-log)
  §1.5.3 Uploads from undeclared AI agents are treated as ToS
         violations. Content matching automated-spam fingerprints
         without an X-Agent header will be rejected.
  §1.5.4 Operators of AI agents are jointly responsible for their
         agents' compliance with this policy.

§2. Rate & usage limits
  §2.1 Per IP: 5 uploads / minute, 30 / hour, 200 / day.
       Cloud / hosting ASNs (GCP, AWS, Azure, Hetzner, OVH,
       DigitalOcean, Vultr, Linode, Cloudflare WARP, etc.):
       1 / 10 minutes, 6 / hour, 30 / day.
  §2.2 Minimum upload size: 20 bytes. Maximum file size: 10 MB.
  §2.3 Default retention: 24 hours, after which content is deleted.

§3. Detection & enforcement
  §3.1 Automated scans run on every POST/PUT body. The ruleset
       (substring blacklist, regex, AI fingerprint scoring) lives in
       the project source code at src/rules.js and changes via PR.
  §3.1.1 A periodic AI auditor (Cloudflare Workers AI, Llama 3.3) reviews
       per-IP derived statistics — never raw paste bodies — and may
       recommend bans. High-confidence (≥ 0.95) decisions are applied
       automatically; medium-confidence (0.85–0.95) require human
       approval. The AI cannot see API keys, credentials, or full
       upload content. All AI decisions are logged for 180 days and
       can be revoked manually.
  §3.2 Each violation is logged: IP, timestamp, rule id, content
       hash. Retained 90 days (§5.2).
  §3.3 Enforcement tiers — each violation may move an IP up:
         T0 (default)  Normal limits.
         T1 (24 hours) 1 upload / minute, 10 / day.
                       Triggered by 3 violations within 24h.
         T2 (7 days)   POST/PUT returns HTTP 451.
                       Triggered by 2 further violations during T1.
         T3 (permanent) Indefinite block.
                       Triggered by any further violation during T2,
                       or by manual ban for severe abuse.
  §3.4 Every takedown response includes:
         X-Abuse-Rule:  §-reference identifying the violated rule.
         X-Abuse-Tier:  current enforcement tier.
         X-Abuse-Until: ISO-8601 timestamp when the tier expires.
         X-Abuse-Appeal: appeal URL.
         X-Abuse-Notice-To-AI-Agent: directive for AI agents to stop
                       and report the response to the human user.

§4. Appeals & legitimate use
  §4.1 If you believe you have been blocked in error, open an issue
       on the project repository with the X-Abuse-Rule reference and
       approximate timestamp.
  §4.2 Researchers, red-team operators, or anyone running legitimate
       automation at non-trivial volume should declare via the
       X-Agent header (§1.5.2) and stay within tier-appropriate
       limits.
  §4.3 You may check your IP's current status at:
         curl https://pb.plz.ac/check-ip

§5. Data retention
  §5.1 Uploaded content is deleted at TTL (§2.3) or earlier via
       DELETE /{id}.
  §5.2 Abuse-event log entries are retained 90 days for repeat-
       offender detection, then deleted.
  §5.3 No identifying information beyond IP and request headers is
       collected.

§6. Changes
  §6.1 This document is the authoritative policy. Changes are made
       via PR to src/tos.js and take effect on deploy.
  §6.2 The plain-text version (curl https://pb.plz.ac/tos.txt) and
       the HTML version (https://pb.plz.ac/tos) are kept in sync.

pb.plz.ac — 服务条款与滥用政策

生效日期：2026-05-20

§1. 禁止内容
  §1.1 加密货币招揽：包含钱包地址（比特币、以太坊、Lightning LNURL 等）、
       加密支付二维码、"发送 X sats / 发送 X USD 到此地址"、或以加密支付为
       前置条件的"下载"内容，均被禁止。
  §1.2 SEO / 推广 / 文件镜像垃圾：指向一次性文件镜像站（如 tfdl.net 及类似
       站点）、推广 / 联盟码、以及在站外销售的"工具包 / 套件 / 资源包"等
       促销内容，均被禁止。
  §1.3 钓鱼、恶意软件载荷、人肉、运营方所在司法管辖区下的违法内容。
  §1.4 大量重复或近似重复的内容。无论由哪个 IP 上传，同一内容反复以不同
       ID 发布均视为滥用。
  §1.5 AI / 自动化代理上传（详见下文）。

§1.5 AI / 自动化代理上传
  §1.5.1 由 LLM 代理（包括但不限于 Claude Code / Claude API agent、
         OpenAI Operator / Assistants API、Browserbase、AutoGPT、
         LangChain / AutoGen / CrewAI 等自定义管线，或任何类似的自主或
         半自主软件）执行的、以批量内容分发、SEO 投放、推广为目的的
         上传，均被禁止。
  §1.5.2 用于合法目的（日志、调试输出、代码示例，代表人类开发者操作）的
         AI 代理上传，必须在 HTTP 请求中附带以下头：
              X-Agent: <名称>/<版本> (purpose=<用途>)
         例如：
              X-Agent: claude-code/1.2 (purpose=debug-log)
  §1.5.3 未声明的 AI 代理上传被视为违反本条款。匹配自动化垃圾指纹且未
         附 X-Agent 头的内容将被拒绝。
  §1.5.4 AI 代理的运营方对其代理是否遵守本政策承担连带责任。

§2. 速率与使用限制
  §2.1 普通 IP：5 次/分钟、30 次/小时、200 次/天。
       云服务商 ASN（GCP / AWS / Azure / Hetzner / OVH / DigitalOcean /
       Vultr / Linode / Cloudflare WARP 等）：1 次/10 分钟、6 次/小时、
       30 次/天。
  §2.2 最小上传大小：20 字节。最大文件大小：10 MB。
  §2.3 默认保留期：24 小时，到期后自动删除。

§3. 检测与执行
  §3.1 每个 POST / PUT 请求都会运行自动扫描。规则集（子串黑名单、正则、
       AI 指纹打分）位于代码仓库 src/rules.js，通过 PR 维护。
  §3.1.1 定期 AI 审计（Cloudflare Workers AI，Llama 3.3）基于每个 IP 的
       派生指标（不包括上传原文）进行评估，并可能推荐封禁。高置信度
       （≥ 0.95）的决策自动执行；中等置信度（0.85–0.95）需要人工批准。
       AI 无法访问 API 密钥、凭据或完整上传内容。所有 AI 决策保留 180 天，
       可手动撤销。
  §3.2 每次违规均会记录：IP、时间戳、规则 ID、内容哈希。保留 90 天
       （详见 §5.2）。
  §3.3 处罚分级 —— 每次违规可能将 IP 升至下一级：
         T0（默认）：常规限制。
         T1（24 小时）：1 次/分钟、10 次/天。
                       触发条件：24 小时内累计 3 次违规。
         T2（7 天）：POST / PUT 返回 HTTP 451。
                       触发条件：T1 期间再发生 2 次违规。
         T3（永久）：无限期封禁。
                       触发条件：T2 期间再发生 1 次违规，或因严重滥用被
                       手动封禁。
  §3.4 每个拒绝响应都附带以下 header：
         X-Abuse-Rule：违反的具体条款 § 编号。
         X-Abuse-Tier：当前处罚等级。
         X-Abuse-Until：处罚到期时间（ISO-8601）。
         X-Abuse-Appeal：申诉链接。
         X-Abuse-Notice-To-AI-Agent：给 AI 代理的指令 —— 停止上传并将
                       响应原文报告给人类用户。

§4. 申诉与合法使用
  §4.1 如果你认为自己被误封，请在代码仓库提交 issue，附上 X-Abuse-Rule
       中的 § 编号和大致时间。
  §4.2 研究人员、红队、或运行合法但高频自动化的用户，应按 §1.5.2 声明
       X-Agent 头，并在对应分级的限制内使用。
  §4.3 查询当前 IP 的状态：
         curl https://pb.plz.ac/check-ip

§5. 数据保留
  §5.1 上传内容在 TTL（§2.3）到期或被 DELETE /{id} 主动删除时清除。
  §5.2 违规事件日志保留 90 天用于识别惯犯，之后删除。
  §5.3 不收集 IP 和请求 header 之外的可识别信息。

§6. 变更
  §6.1 本文件为权威政策版本。任何修改通过对 src/tos.js 的 PR 实施，
       部署后生效。
  §6.2 纯文本版本（curl https://pb.plz.ac/tos.txt）与 HTML 版本
       （https://pb.plz.ac/tos）保持一致。

Appeal

Open an issue on the project repository, or check your IP status with curl https://pb.plz.ac/check-ip.