[0.3.4] - 2026-04-13

[!NOTE] This update represents a foundational shift towards a complete Zero Trust Architecture, prioritizing immutable security boundaries and proactive data integrity.

Added

• Unified Linking Bottleneck: Refactored the core account linking logic to funnel all entry points (Slash Commands, Text Messages, and Direct Links) through a single completeLinkProcess method. This ensures consistent enforcement of all security rules across the entire plugin.
• Secure Link Wrapper: Restored a secure linkAccount wrapper for AuthManager that maintains API compatibility while strictly routing all login refreshes through the mandatory security bottleneck.
• Dynamic JDA Maintenance: Refactored core managers to support hot-swapping the Discord JDA instance during reloads, allowing the plugin to refresh its connection without requiring a full server reboot.
• Friendly Auth-Restart Messaging: Enhanced the login flow to detect when the authentication system is restarting, providing players with informative guidance and a friendly kick message instead of generic errors.
• Dynamic Channel Feedback (STATIC Mode):
  • The in-game linking instructions now dynamically resolve and display the #channel-name of the designated Discord linking channel when STATIC mode is enabled.
  • Improved AccountLinkListener to provide immediate, 5-second auto-deleting feedback when a user sends a code to the wrong public channel in STATIC mode.
• Linking Privacy Enhancement: Upgraded all user-facing account linking Slash Commands (/link register, /link drop, /link status, /link remove, /link clear) to use ephemeral responses. Confirmation embeds and failure notices are now private to the executing user.
• Differentiated Limit Feedback: Refactored the LinkError system to distinguish between different types of failure limits.
  • MAX_LINKS_REACHED: Specifically messages the user about hitting the maximum accounts per Discord profile.
  • MAX_IP_LINKS_REACHED: Explicitly notifies users when they reach the maximum allowed links from their current IP address.
• Auto-Deleting Public Messages: Implemented a 5-second automatic cleanup for linking codes and bot responses in public channels. This ensures that valid/invalid codes and linking status messages do not clutter public text channels.
• Improved Listener Feedback: The AccountLinkListener now provides informative replies in public linking channels when a valid code is posted but fails due to a limit (like IP, Discord, or Guild requirements), ensuring users understand why the process stalled without revealing valid codes to others.
• SLASH_ONLY Mode Feedback: In-game linking codes posted via text (DMs) while SLASH_ONLY is enabled now receive a direct response pointing the user to the /link register command.

Fixed

• Shutdown Safety Guardrails: Implemented plugin.isEnabled() checks across all asynchronous task schedulers to prevent IllegalPluginAccessException errors during server shutdown or reloads.
• Discord API Error Suppression: Silenced "Requester has been stopped" log spam that occurred when the Discord bot was forced to shutdown or restart while tasks were still in flight.
• Join-Time Blindness Persistence: Fixed a race condition where players would remain blinded after being unfrozen on their first join after an update. Leveraged EventPriority.HIGHEST to ensure a final blindness cleanup at the end of the join sequence, providing a robust fix without artificial delays.
• Duplicate Join Messages: Resolved an issue where authenticating via 2FA would occasionally trigger duplicate join broadcasts by centralizing broadcast logic within the linking bottleneck.
• STATIC Mode DM Fix: Fixed an issue where private messages (DMs) were ignored when STATIC linking mode was enabled. DMs are now correctly processed regardless of the designated static channel.

Technical

• Build Optimization: Streamlined the maven-shade-plugin configuration to prevent redundant artifact generation and reduce build noise.

[0.3.3] - 2026-03-23

⚠️ Configuration Update Required ⚠️ To take advantage of the new STATIC and SLASH_ONLY Linking Modes, as well as customize Slash Command cooldown limits, please backup and delete your current plugins/JanusMCD/account-linking.yml so the server generates a fresh configuration file containing the newly implemented variables!

Added

• Linking Modes (STATIC & SLASH_ONLY): Extensively overhauled linking controls. STATIC mode explicitly requires linking codes to be posted in a configured link-channel-id. SLASH_ONLY mode fully removes chat processing for codes, moving all linked verification exclusively into Slash Commands.
• Link Slash Commands: Implemented user-facing commands /link register <code> and /link drop <IGN>. Standard users can execute these without Administrative permissions.
• Discord Drop Rate-Limiting & Auto-Complete: The /link drop command filters available accounts intelligently through Auto-Complete, exclusively proposing the Discord User's linked IGNs. Also added a 7-day configurable cooldown logic to unlinking.
• Strict Data Wipe: When players execute /link drop, their .dat Player files, statistics, and advancements are forcefully deleted from the world/playerdata/ server payload to inhibit unlinked alting.
• Secure Unlinking: The /link drop command now strictly validates that the user actually owns the account they are trying to drop, even if they manually type the name.
• Webhook Queueing Engine: Fully replaced custom HTTP webhooks with club.minnced.discord-webhooks. It natively queues operations and respects Discord API rate limits, solving out-of-order chat messages and severe CPU/Thread hogs during player bursts.
• Strict IP Validation: Added a strict mismatch detector. If a player attempts to join with a trusted session but their IP address has changed, their trusted session is wiped and they are forced to fully re-authenticate to prevent hijacking.
• Guild Security Isolation & Audit: Refactored unauthorized guild enforcement into a dedicated GuildSecurityListener. This centralizes the "allowed-guilds" logic and introduces an automated hourly "safety net" audit to ensure the bot never remains in unauthorized servers.

Fixed

• World Restoration: Fixed an issue where players were not correctly returned to their previous dimensions (Nether/End) after logging out. Location preservation is now correctly saved during PlayerQuitEvent rather than being prematurely consumed on join.
• Early-Login IP Detection: Implemented an early IP Cache in LoginProtectionListener to prevent edge-case kicks when a player's network address returns null during initial handshakes.
• Event Deprecation Warning: Bypassed Paper's PlayerSpawnLocationEvent deprecation warning by utilizing manual EventExecutor registration. This removes console spam while retaining necessary access to the Player object during spawn enforcement.

Jumped Version 0.3.1 due to number of fixes.

• Chat Security: Resolved "Scunthorpe Problem" by implementing safe-word lists and context-aware de-spacing analysis.

• Networking & Auth: Eliminated ghost links and auth loops via granular unlinking and proactive backend vouching.

• Session Security: Enforced strict 24-hour session expiry and standardized all network logic to Unix timestamps.

• Admin Tools: Launched the Panopticon dashboard for unified investigations, inventory renders, and activity sparklines.

• Technical Health: Migrated build system to Maven, upgraded to Java 25, and implemented library shading/relocation for Java 21.

JanusMCD v0.3.0 - The "Panopticon" Update

I been hard at work behind the scenes, and this update brings a massive leap in server intelligence and security. Here's what's new:

New Feature: The Panopticon

This feature requires TartarusPunishments and an upcoming release called "Jupiter Administration"

Trust Scores: Instantly see a player's reliability rating (0-100) based on their history. This is an active calculation over time. Activity Graphs: View a visual sparkline of their login activity over the last 30 days. No more guessing if they're active! Forensics: Check their last known IP, verify if they're using a VPN, and see potential alt accounts. Command: simply run /investigate

Deep Ecosystem Integration

Janus now talks directly to other plugins for a seamless experience:

Jupiter Administration: View live renders of player inventories, armor, and ender chests directly in Discord! You can even browse their NBT data or check quarantined items.

Tartarus Punishments: Access a player's full criminal record and staff notes instantly. Need to take action? Ban, Kick, Mute, or Freeze them with a single click of a button.

Rock-Solid Stability

Sync-Lock Protocol (VELOCITY): Prevents "split-brain" issues by locking player actions until data is fully synced across servers.

Paper & Folia Support: Added native support for modern chat rendering, ensuring your chat looks crisp and clean on the latest server software.

Security Upgrades

Resolved an issue where filling in console.channel.role.id did not release control to users with said role. This didnt cause a security issue as this was fail-closed, it blocked everything in the console. Security preserved.

[0.2.5] - 2026-01-30

New Features

• Sync-Lock Protocol (Split-Brain Prevention):
  • Zero-Trust Synchronization: Implemented a robust "Lock & Ack" protocol for critical operations (like Unlinking). The backend now waits for explicit acknowledgement from the Proxy before finalizing state changes.
  • Player Locking: SyncLockManager temporarily freezes players (blocking Move, Interact, Chat, Command) while synchronization is in progress.
  • Acknowledgement Packets: Introduced SyncAckPacket. Velocity confirms it has processed the Unlink (cleared session/DB) by sending an ACK back to the backend.
  • Strict Workflow: The backend will only kick/redirect the player after receiving the ACK, ensuring the Proxy is guaranteed to be in the correct state (Unauthenticated) when the player reconnects.

Security & Hardening

• Freeze System Hardening:
  • Universal Command Blocking: Frozen players are now blocked from executing ALL commands, including proxy-level commands (e.g., /server, /glist) on Velocity.
  • Packet Synchronization: Active FREEZE_SYNC packet listening ensures instant state enforcement on the proxy.
  • Inventory Blocking: Added checks to prevent frozen players from moving items or opening inventories.
  • Split-Brain Resilience: Validated idempotent packet handling for LINK and UNLINK operations.
• Spawn Location Enforcement:
  • Universal Apply: Fixed logic to strictly enforce default-spawn for ALL players (Linked, Unlinked, or Auto-Vouched) across every workflow (Join, Manual Auth, Session Resume).
  • Auto-Vouch Fix: Resolved an issue where players authenticating via stored sessions (Auto-Vouch) would bypass the spawn teleport.
  • Debug Warnings: Added console alerts for potentially misconfigured spawn settings.
• UUID Spoofing Mitigation:
  • Strict Backend Enforcement: Players who fail to verify their session with the Proxy (potential spoofers) are now KICKED instead of just frozen.
  • Security Audit: Enhanced startup diagnostics for proxy configuration.

Improved

• Chat Relay:
  • Logic Refinement: Explicitly separated "Should Relay" logic into a reusable method.
  • Vanish Support: Added clearer checks for Vanish status to prevent relaying messages from vanished players.
  • Paper Support: Added dedicated PaperChatListener to handle AsyncChatEvent properly on Paper/Folia servers.

Fixed

• Discord ID Unlink Guard: Fixed a potential bypass where unlinking a user by Discord ID (instead of UUID) might not trigger the race-condition guards on Velocity. SyncRelayManager now correctly maps Discord IDs to all online player UUIDs and adds them to the pendingUnlinks guard.
• SyncRelay Syntax: Fixed syntax errors in SyncRelayManager that could prevent proper packet interception.
• Velocity Sync: Fixed JSON parsing in SyncRelayManager to correctly handle LINK and UNLINK packets using GSON.
• Join Messages: AuthHandshakeListener now suppression initial join messages and manually broadcasts them after successful authentication/handshake.
• Velocity Authorization Persistence: Fixed a critical bug where unlinked players would be automatically re-authenticated upon rejoining. VelocitySecurityManager now correctly removes the persistent database record when an UNLINK packet is received.
• Sync Link Packet (DM Fix): Fixed an issue where verifies via Discord DM would not update the Proxy or other servers immediately. Added missing SyncLinkPacket transmission to AccountLinkingManager.
• Console Security:
  • Fail-Safe Role Check: Fixed a security loophole where a blank console-command-role-id allowed everyone to run console commands. Now, a blank ID triggers a "System Lockdown", denying all commands.
  • Sync Race Condition (Auto-Vouch): Fixed a critical race condition where players could be "Auto-Vouched" by Velocity immediately after unlinking.
    • Split-Brain Protection (Backend): Implemented recentUnlinks cache to retain knowledge of unlinks for 15s after packet flushing. This covers the "Flush -> Vouch Arrives" window where the backend acts as the source of truth.
    • Queue Inspection (Backend): Inspects local packet queue to ignore stale proxy vouches if an UNLINK is pending.
    • Auto-Vouch Delay (Velocity): SessionManager now waits 2 seconds before checking trust, allowing the Lobby server time to flush its UNLINK packet queue.
    • Pending Unlink Guard (Velocity): VelocitySecurityManager temporarily blacklists players in memory while processing UNLINK packets to block race-condition reads.
• Sync Logging: Improved visibility of Sync Packet forwarding on Velocity by changing debug logs to INFO level.

Changed

• Dependencies: Relocated GSON to prevent conflicts with Velocity.