Replace andelf/nightly-release with gh CLI commands that create tags
via the GitHub API, which auto-signs them with the github-actions bot
key for the green Verified badge.
Use capitalized tags (Nightly, Nightly-Dedicated-Server) to match
existing releases. Restore full client release body with instructions,
multiplayer setup, and fork explanation.
Merge client and server nightly releases into a single workflow.
Add artifact attestation for signed builds. Use CMake instead of
MSBuild. Preserve LCRE naming, top-level zip folders, and commit
hash release titles.
Players now appear in each other's Tab list immediately on join,
regardless of render distance. Previously, players only appeared when
they entered entity tracking range because AddPlayerPacket was only
sent through the TrackedEntity system.
On disconnect, a RemoveEntitiesPacket is broadcast to all clients so
players added via the join broadcast are properly cleaned up, not just
those within tracking range.
The tab player list and teleport menu now show the correct map marker
color for each player. The icon is computed using the same hash as the
map renderer (getRandomPlayerMapIcon) and stored by player name,
bypassing the unreliable small-ID lookup that produced wrong colors
on dedicated servers.
Register remote players in the client's IQNet array when their
AddPlayerPacket arrives, so they appear in the Tab player list.
Previously only the host and local player were registered.
Also filter the dedicated server's phantom host entry (slot 0, empty
gamertag) from the UI, fix tick() to update entries by smallId instead
of sequential index, and fix player removal to use gamertag matching
since XUIDs are 0 on dedicated servers.
* Add clang-format workflow for pull request checks
* Modify push paths in nightly workflow
Updated paths for push event to include all files except specified ones.
* Update paths for nightly-server workflow triggers
* Modify paths for pull request triggers
Update pull request workflow to include specific paths.
* Tidy up clang-format installation in workflow
Replace the XOR obfuscation cipher with AES-128-CTR using the Windows
BCrypt API. Key material grows from 16 to 32 bytes (16 AES key + 16 IV).
All callers auto-adjust via StreamCipher::KEY_SIZE. No handshake or
protocol changes needed beyond the larger MC|CKey payload.
Comprehensive security system to protect against packet-sniffing attacks,
XUID harvesting, privilege escalation, bot flooding, and XUID impersonation.
- Stream cipher: per-session XOR cipher with 4-message handshake via
CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection,
backwards compatible (old clients/servers fall back to plaintext).
- Security gate: buffers all game data until cipher handshake completes,
preventing unsecured clients from receiving any XUIDs or game state.
- Cipher handshake enforcer: kicks clients that don't complete the handshake
within 5 seconds (configurable via require-secure-client).
- Identity tokens: persistent per-XUID tokens in identity-tokens.json,
issued over the encrypted channel, verified on reconnect. Prevents XUID
replay attacks. Client stores server-specific tokens.
- PROXY protocol v1: parses real client IPs from playit.gg tunnel headers
so rate limiting, IP bans, and XUID spoof detection work per-player.
- Rate limiting: per-IP sliding window (default 5 connections/30s) with
pending connection cap (default 10).
- Privilege hardening: OP requires ops.json, live checks on every command
and privilege packet. Host-only server settings changes.
- XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders.
- Packet validation: readUtf global string cap, reduced max packet size,
stream desync protection on oversized strings.
- OpManager: persistent ops.json with XUID-based OP list.
- Whitelist improvements: whitelist add accepts player names with ambiguity
detection, XUID cache from login attempts.
- revoketoken command: revoke identity tokens for players who lost theirs.
- server.log: persistent log file written alongside console output with
flush-per-write to survive crashes.
- CLI security logging: consolidated per-join security summary with cipher
status, token status, XUID, and real IP. Security warnings for kicks,
spoofing, and unauthorized commands.