The Gap Between Hobbyist and Professional Tooling
Most FiveM admin menus are hobbyist-tier: buttons for giving weapons, teleporting, noclip, that kind of thing. Agency-Admin is built for communities that take moderation as seriously as a moderation team at a real game studio would.
Action Logging With Context
Every admin action writes to a tamper-resistant log with admin ID, target, action, timestamp, and reason. No more "who gave that player a Rhino?" mysteries. Logs are queryable through the admin UI with filters for admin, time range, and action type. This is basic accountability infrastructure that staff teams actually need.
Permission Tiers
Three built-in tiers: moderator (kick, timeout, basic item checks), admin (ban, item give, teleport), senior admin (config changes, permission management, database admin). Each tier's actions are strictly scoped — a moderator can't escalate themselves by finding a loophole. We've tested this model with multiple large communities over the last two years.
Ban Management
Bans support duration, reason, evidence URL (screenshot or video link), appeal status, and review notes. When a banned player tries to rejoin, the message they see includes the reason and — if configured — an appeal link. Transparent moderation is effective moderation.
Real-Time Threat Detection
Agency-Admin ships with a configurable detection layer that flags suspicious patterns: sudden money spikes, impossible teleports, rapid item duplication, unusual weapon spawns. Flags surface in the admin dashboard with full context. We're not an anticheat — we're a detection tool that makes admin response time drop from hours to minutes.
Installation & Setup
Agency-Admin requires oxmysql for log persistence. Import admin.sql into your database, add the resource to your server, and add ensure agency-admin to server.cfg. Initial admin assignment happens through config.lua — list your highest-trust identifiers as senior admins. All other permission grants are managed through the in-game UI going forward.
The resource auto-detects your framework on startup. QBCore and ESX permission hooks are bundled; standalone setups implement the Config.IsAdmin(src, level) function manually.
Configuration Options
The config.lua covers permission and detection settings:
- Permission tiers — names and capabilities of each tier are fully redefinable. The default three-tier model is a starting point, not a requirement.
- Detection thresholds — configure the money-spike threshold, teleport distance limit, and item-count velocity that trigger flags.
- Discord webhook — all admin actions and detection flags can forward to a Discord channel in parallel with the in-game log.
- Ban appeal URL — the URL shown to banned players in their ban message.
- Log retention — how many days admin action logs are kept before auto-cleanup. Default 90 days.
- Stealth mode for senior admins — senior admins can browse the server anonymously without appearing in player lists.
Framework Compatibility
Agency-Admin works on QBCore, ESX, and standalone setups. The permission layer is the only framework-touching piece — everything else (UI, logging, ban system, detection engine) is framework-agnostic. For custom frameworks, the compatibility shim is four functions in config.lua.
Why This Matters for Roleplay
Server health is directly tied to moderation quality. Communities that have visible, consistent, accountable moderation retain players longer than those that rely on informal judgment calls. Agency-Admin's audit log is the key accountability mechanism: when a moderation decision is challenged, the log provides exact context for what happened, when, and who authorized it.
The detection layer changes the admin team's posture from reactive to proactive. Instead of waiting for player reports about a suspected cheater, the dashboard surfaces suspicious patterns before they cause server-wide damage. A money dupe caught in hour one causes far less harm than one running for two days undetected.
The permission tier system protects against insider risk. A newly recruited moderator having the same access as a senior admin is a security and liability issue. Tightly scoped permissions mean that even if a staff member goes rogue, the blast radius is limited by their tier.
Frequently Asked Questions
Can I add custom admin commands that integrate with the permission system?
Yes. Use exports['agency-admin']:RegisterCommand(name, tier, handler) to register custom commands that inherit Agency-Admin's permission checks and automatic logging. Your command shows up in the admin UI's command list and is logged identically to built-in actions.
How does the ban system handle VPN/alt accounts?
Agency-Admin logs the full identifier set (license, steam, discord, IP) at ban time. On reconnect attempts it checks all identifiers, not just the one used for login. For servers with persistent ban evasion issues, the dashboard includes a flagging system for suspicious identifier patterns.
Can moderators see the detection flags before taking action?
Flags surface to all admins at or above the minimum configured tier for that flag type. Money-spike flags are visible to all admins; teleport-impossible flags route to tech admins only by default. All flag-viewing is also logged — admins can see which flags their colleagues reviewed and what action (if any) was taken.
Does Agency-Admin conflict with other admin menus like vMenu or qb-adminmenu?
No conflict. Agency-Admin can coexist with other menus — they operate on different keybinds and don't share state. Some servers run Agency-Admin alongside a legacy admin menu during transition, using Agency-Admin for logging and detection while keeping familiar commands for veteran staff members.
Requirements
- FiveM server (QBCore, ESX, or standalone)
- oxmysql
- cfx.re account with valid Agency-Admin license
- Optional: Agency-Reports (for integrated player report handling)
Building a Staff Culture Around the Tooling
The best admin tools in the world don't help if your staff culture doesn't support accountability. Agency-Admin's audit log is most valuable in communities where staff know their actions are logged and accept that as standard operating procedure rather than as surveillance.
Establish early that all admin actions go through the logged interface. Resist the temptation to bypass logging "just this once" for quick fixes — the log's value is in completeness. A log with gaps is almost as bad as no log at all when you need to reconstruct events.
Use the detection flags in weekly staff reviews rather than only when something goes wrong. Reviewing a week's flags even when nothing notable happened builds familiarity with what normal looks like, which makes anomalies obvious when they appear.
The permission tier system works best when promotions through tiers are meaningful milestones. A moderator who earns admin access after three months of clean logged work has context and investment that an immediate full-access grant doesn't create.