NSR-AI v1.2: Enhanced Pet System, API Key Management & Open-Source Addon Platform

Welcome to a smarter, more resilient NSR-AI! This update introduces a highly advanced API Key Management system, designed for ultimate control, security, and flexibility, alongside the groundbreaking NSR-AI Open-Source Addon API and significant enhancements to the Pet System.

✨ Core Improvements

The entire API key, pet, API, and configuration systems have been thoroughly modified to enhance security, efficiency, and speed.

• Unmatched Security: Stored keys are protected with military-grade AES-256-GCM encryption, salted with your unique player data.
• Player Empowerment: You have full control over your own keys directly in-game, reducing reliance on server admins.
• Enhanced Reliability: The intelligent rotation and fallback system ensures a much smoother and more reliable AI chat experience.
• Simplified Error Messages: All API key errors now use a clear three-part format: Error [Code]: [Name]. Suggestion: [Fix]. Player-specific errors are shown only in-game, keeping the console clean.
• Enhanced Help Command: The /ai help command now provides detailed descriptions for all commands and subcommands, making it easier for users to understand plugin functionalities.

🚀 New Features & Major Enhancements

🔑 Advanced API Key Manager

The entire key system has been rebuilt from the ground up, now consolidated under the powerful /ai apikey command.

Refined API Key Entry Workflow

When you type /ai apikey, you will now see these instructions:

• To add a session-based key (temporary): Directly paste your API key in chat.
• To store an existing session-based key (permanent): Type /ai apikey store <projectId>. This command will convert your most recently added session key into a permanent stored key, associating it with the provided <projectId>.
• To store a new API key from scratch (permanent): First type /ai apikey, then type store-<your_api_key>. The system will automatically generate a unique Project ID for it.

Intelligent Key Rotation & Fallback

NSR-AI now automatically rotates through your available API keys for each request. This distributes the load and maximizes uptime.

• Automatic Fallback: If a key is busy, rate-limited, or hits an error, the system automatically tries the next available key in your list, ensuring your conversation continues seamlessly.

Detailed Key Status & Statistics

Use /ai apikey info <key-id> to see a detailed breakdown of your key's performance.

• Key Status Glossary:
  • 🟢 Active (ACTIVE): The key is valid and ready, waiting in the wings.
  • 🟠 Using (USING): This is the key currently processing your AI requests.
  • 🟡 Overloaded (OVERLOADED): The key is temporarily rate-limited. The system will automatically skip it and try again later.
  • 🚫 Limit Reached (LIMIT_REACHED): The key has hit a hard usage limit (e.g., daily/monthly quota) and will be skipped until the quota resets.
  • 🔴 Inactive (INACTIVE): The key is invalid or has an error (e.g., wrong model, or other error ). It will not be used until it is changed to the active through timer reset.
• Statistics Glossary:
  • Uses: The total number of successful AI responses this key has delivered.
  • Errors: How many times the key has failed (e.g., other API errors).
  • Fallbacks: The number of times the key had to switch from this key to another one because of an error and also includes the due to rate limits.

Manual Overload Timer Removal

A new command has been added to manually clear the overloaded status of an API key.

• Command: /ai apikey timer <key-id> remove
• Functionality: This command allows administrators to immediately remove the rate-limited or overloaded status from a specific API key (either player-specific or global). This is useful if an API provider issue has been resolved, and you wish to re-enable the key before its natural cooldown period expires.
• Permissions: This command requires player permissions.

API Key Deletion

A new command allows for the removal of unwanted or corrupted API keys.

• Command: /ai apikey clear <all|projectId>
• Functionality: This command enables you to delete specific API keys by their projectId or clear all your API keys. This is particularly useful for removing corrupted, expired, or unused keys, helping to maintain a clean and efficient API key management system.
• Permissions: Requires players permissions to manage API keys.

Automatic Provider Detection

When you add a key, NSR-AI instantly detects the provider (Google, Anthropic, OpenAI) and assigns a suitable default model, streamlining the setup process.

Per-Player Fallback System

• You can now control whether the plugin uses server keys if your personal key fails.
• Command: /ai apikey fallback global <true|false>
• Default: false. The plugin will stop if your key fails.
• Tab Completion: This new command has full tab-completion for ease of use.

📝 Enhanced Chat and Logging

Chat History Saving Preference

Players now have granular control over whether their AI chat conversations are saved to the plugin's logs.

• Command: /ai apikey msg save <true|false>
• Functionality: This command allows a player to enable or disable the saving of their AI chat history for their active API key.
  • If set to true, chat messages (excluding API key entry messages) will be logged.
  • If set to false, chat messages will not be logged.
• Default: false (chat history saving is disabled by default for enhanced privacy).

Enhanced Chat Logging and Session Management

The plugin now features a robust chat logging system designed for clarity, organization, and session tracking.

• Dedicated Log Folders: Player and admin chat histories are stored in separate, dedicated folders (playerchathistory and adminchathistory) within the plugin's data directory.
• Daily Log Rotation: A new log file is automatically created for each day, ensuring logs are easy to navigate and manage. Files are named chat-MM-dd-yyyy.log.
• Intelligent Session Tracking:
  • If a player disconnects and reconnects within 5 minutes, their chat continues to be logged in the same daily log file.
  • If a player reconnects after more than 5 minutes, or on a new day, a new session-specific log file is created. These files are appended with a numerical suffix (e.g., chat-MM-dd-yyyy-1.log, chat-MM-dd-yyyy-2.log), providing clear separation of chat sessions.
• In-Game Color Preservation: Chat logs accurately preserve the in-game color formatting, making them easier to read and review.
• API Key Exclusion: All API keys (global and player-specific) and direct API key entry messages (store-<your_api_key>) are strictly excluded from all chat logs to ensure maximum security and prevent sensitive information leakage.
• Pet Chat Logging (Optional): Chat interactions with pets can also be logged in a dedicated pet folder under the player's name (if enabled).

🛡️ Security and Error Handling

Enhanced Security

While API keys are entered via chat, the plugin now employs advanced filtering to ensure that messages containing API keys (both global and player-specific) or those used for direct API key storage (store-<your_api_key>) are never written to the plugin's chat history logs. This provides an additional layer of security, preventing sensitive information from being inadvertently recorded.

Error Message Philosophy

• For Player Keys: Error messages for a player's personal key are inbuilt (hardcoded) and are only shown to the player in-game. The console remains clean. This is for security and privacy, as server owners do not have control over messages related to a player's personal API key.
• For Global Keys: When a server-wide global key fails, a detailed, inbuilt error message is logged to the console for administrators. This log includes the API key type, error code, error name, and a suggestion for resolution.
• In-game Message: If all available API keys (player-specific and global) fail to provide a response, a customizable globalKeyFailMessage (defined in features.yml) is displayed to the player in-game.

💻 User Interface

Sleek Cyber-Console UI

All apikey commands feature a clean, professional "cyber-console" theme, making the interface intuitive and stylish.

Help Command Disclaimer

A small disclaimer has been added to the /ai help command, informing users that some commands might be misconfigured or have incorrect descriptions based on server settings.

🔒 Configuration Encryption & Security

• Automatic Configuration Encryption: Sensitive data in config.yml, including the admin-activation-code and global API keys, are now automatically encrypted. The plugin intelligently encrypts new plain-text values on reload, so you can safely add or change keys in the config file.
• New Admin Code Command: Server operators can now use the /ai admincode command to safely view the current admin activation code. This code is now generated automatically if it's not set in the config.

🐞 Bug Fixes and Stability Improvements

This update addresses several critical issues to enhance the plugin's reliability and security:

• Configuration Reload System Fixed: Resolved an issue where configuration changes (for config.yml, features.yml, etc.) were not being applied correctly after a /ai reload command, despite the plugin reporting a successful reload. The reload system now accurately updates all relevant settings.
• API Key Logging Prevention: Fixed a security vulnerability where API keys, when entered via chat, could inadvertently be saved in chat history logs. The plugin now strictly prevents any API key information from being written to logs, ensuring sensitive data remains secure.

📂 File Organization

• Data files have been reorganized into new folders for better management:
  • bug.txt is now at: plugins/NSR-AI/security/bug.txt
  • bugfix.reloading is now at: plugins/NSR-AI/security/bugfix.reloading
  • reserved-nicknames.yml is now at: plugins/NSR-AI/pets/reserved-nicknames.yml
  • death_log.yml is now at: plugins/NSR-AI/pets/death_log.yml

This update empowers you with a robust and transparent key management system. We can't wait for you to experience the new level of control and reliability!

🛡️ Advanced Security Architecture

NSR-AI is built with a security-first mindset. The plugin employs a multi-layered strategy to protect sensitive data, particularly player API keys. This section details the core components of our security framework.

Core Security Files

These files are the foundation of the plugin's encryption system and are located in the plugins/NSR-AI/security/ directory.

• master_secret.conf: This file contains a unique, randomly generated secret value. It acts as the primary seed for generating the server's main encryption key. Never share this file.
• server.salt: This is a random value used to add complexity to the encryption process, making it more resistant to pre-computation attacks (like ✨ tables). It ensures that even if two servers had the same master secret, their final encryption keys would be different.
• master.key: This is the final, derived Server Master Key. It is generated by combining the master_secret.conf and the server.salt. This is the key that performs the second layer of encryption on all stored API keys.

Player API Key Storage Security

When a player stores an API key using /ai apikey store or the store-<key> format, it is never saved in plain text. Instead, it undergoes a robust, three-layer encryption process.

1. Storage Location: Stored keys are saved in the plugins/NSR-AI/player_keys/<player_uuid>/ directory. Each player has their own dedicated folder, named after their unique player ID (UUID). Within this folder, individual API keys are stored in separate .yml files, named after their Project ID (<project_id>.yml). This player-specific folder also contains the player's unique master.key and salt.bin files, which are crucial for deriving their Player Master Key.

2. Layer 1: Key-Specific Encryption:

   • First, a unique encryption key (userKey) is derived from a combination of the player's UUID and the key's Project ID.
   • The raw API key is then encrypted with this userKey. This means every single stored key has its own unique first layer of protection.

3. Layer 2: Player-Specific Master Key Encryption:

   • The already-encrypted data from Layer 1 is then encrypted again, this time using the Player Master Key. Each player has their own unique Player Master Key, derived from their master.key and salt.bin files, adding a crucial layer of individual security.

4. Layer 3: Server-Wide Master Key Encryption:

   • The already-encrypted data from Layer 2 is then encrypted again, this time using the Server Master Key (master.key).
   • This triply-encrypted key is what is actually written to the player's .yml file.

5. Integrity Verification (Hashing):

   • Alongside the encrypted key, the plugin stores a SHA-256 hash of the final encrypted data.
   • When the server starts and loads the key, it re-calculates the hash. If the new hash does not match the stored hash, the data has been tampered with and will not load the key, logging a security warning.

This multi-layered approach ensures that API keys are exceptionally secure. An attacker would need to compromise the server to get the master.key, server.salt, master_secret.conf, and know the specific player's UUID and Project ID to even begin to decrypt a single key.

🤝 Introducing the NSR-AI Open-Source Addon API

We are thrilled to announce the open-sourcing of the NSR-AI Addon API! This new API layer transforms NSR-AI into a powerful platform, allowing developers to create rich, integrated addons without directly modifying the core plugin. It provides a secure and stable bond, enabling addons to interact with key functionalities, much like a dedicated communication channel.

✨ Key Addon Capabilities:

• Admin Mode Management: Addons can now programmatically toggle and monitor a player's NSR-AI admin mode, enabling advanced moderation or event-driven features.
• Advanced GUI Customization: Developers can register and open their own custom Graphical User Interfaces, offering full control over layout and interaction within the NSR-AI ecosystem.
• Player AI States: Access and manage player-specific AI interaction settings, including AI chat cooldown status, remaining time, and AI enablement, allowing for smarter, context-aware addon behavior.
• Knowledge Base Interaction: Addons can directly add, remove, and retrieve entries from NSR-AI's core knowledge base, enabling dynamic expansion or curation of the AI's understanding.
• Conversation History Control: Gain programmatic control over player conversation histories, including clearing, summarizing, refreshing, and retrieving past interactions for analysis or custom display.
• Configuration Reloading: Addons can trigger reloads of NSR-AI's main configuration, feature settings, and the knowledge base, allowing for dynamic updates without a server restart.

🛡️ Important Restrictions:

To maintain NSR-AI's security, stability, and integrity, certain functionalities remain exclusively within the core plugin and are not exposed via the Addon API:

• No Security Bypass: The API offers no methods to circumvent or disable NSR-AI's robust security mechanisms, including addon banning.
• No Bug Fixation Interference: Addons cannot interfere with or disable the core plugin's critical bug fixation logic.
• No Direct API Key Management: Addons cannot add new API providers or modify API key limits. Furthermore, addons cannot steal player API keys nor do they have direct control over them. The core plugin maintains absolute control over API key management, ensuring secure and efficient operation.

🐾 Pet System Enhancements

This update brings significant new features and improvements to the pet system, making your companions more interactive and personalized.

New Pet Types Introduced

• Expanded Pet Roster: The plugin now supports a wider variety of Minecraft entities as pets, including:
  • Wolf, Cat, Horse, Parrot, Pig, Panda, Sheep, Cow.
• Technoblade Tribute Pig: The Pig pet now features a special death message: "(pet name) never dies! 👑".

Pet Features & Management

• Pet Inventory: Pets now have their own inventories, accessible via /ai pet inv.
• Pet Details: Use /ai pet to view details about your active pet.
• Pet Stats: Pets now track level, xp, health, hunger, and mood.
• Stat Regeneration: Pets periodically regenerate health and hunger, and their mood updates over time.
• Hunger and Health Decay: Pets now experience natural hunger and health decay over time, requiring players to feed and care for them to maintain their well-being.
• Mood System Refinement: Pet moods are now managed by an enum (HAPPY, NEUTRAL, SAD, HUNGRY, TIRED, ANGRY, FURIOUS) for more expressive behavior.

🔗 Shareable Pet Link System

A groundbreaking feature allowing players to share access to their pets with friends, fostering a more social and interactive pet experience.

• Conditional Access: Generate links that either grant immediate access or require owner approval.
• Custom Relationships: Define unique relationships (e.g., "brother", "sister", "ally") for friends, influencing future pet interactions.
• Link Generation (/ai pet share):
  • /ai pet share <pet_name>: Generates a link requiring owner acceptance.
  • /ai pet share <pet_name> allow: Generates a link for immediate access.
  • /ai pet share <pet_name> <relationship>: Generates a link with a custom relationship, requiring owner acceptance.
  • /ai pet share <pet_name> <relationship> allow: Generates a link with a custom relationship, immediate access.
• Link Usage (/ai pet <link_code>): Players use this to activate links, triggering access or acceptance requests.
• Owner Acceptance: Clickable chat messages for owners to accept or deny friend requests.
• Friend Management (/ai pet removefriend, /ai pet relation):
  • /ai pet removefriend <player_name> <pet_name>: Owner removes a friend's access.
  • /ai pet relation <pet_name> <player_name> <new_relationship>: Owner changes a friend's relationship.
• Listing Commands:
  • /ai pet link list: Shows your own pets that are linked with other players.
  • /ai pet linked list: Shows other players' pets that are linked with you.
• Player Unlinking (/ai pet unlink <pet_name>): Friends can voluntarily remove their own access to a pet.
• Dynamic Relationships: The system supports any custom relationship string typed by the owner, with "friend" as the default.
• Tab Completion: Comprehensive tab completion for all new commands.
• Pet Inventory Access for Friends: Added /ai pet inv allow|disallow <pet_name> <player_name> command to allow or disallow specific players to access a pet's inventory.
• Pet Barking: Pets will now "bark" or make a species-appropriate sound when a non-owner/non-friend talks to them.

Advanced Knowledge Search (Hybrid AI System)

The /ai data command has been completely re-engineered into a sophisticated, hybrid AI system that seamlessly blends conversational AI with a precise, local knowledge base search. This new approach provides more accurate, context-aware answers while significantly optimizing API usage.

This system operates on a multi-step principle known as Retrieval Augmented Generation (RAG):

1. Intent Recognition & Retrieval: When you ask a question like /ai data hey who is the owner of this plugin?, the system doesn't just send your message to the AI. First, it intelligently analyzes your message to identify the core question ("who is the owner of this plugin?"). It then uses this core question to perform a highly targeted search within the knowledge.yml file, retrieving only the most relevant pieces of information.

2. Augmented Generation: Next, the system constructs a new, highly-detailed prompt for the main AI. This prompt includes your original, full message along with the specific, relevant information retrieved from the knowledge base. This acts as a "cheat sheet" for the AI, giving it the exact facts it needs to answer your question correctly.

3. Natural, Contextual Response: Finally, the AI processes this combined information and generates a single, natural-sounding response that incorporates both the conversational elements of your original message and the factual data from the knowledge base. The result is a fluid answer like, "Hello! The owner of the NSR-AI plugin is BlackForge."

This advanced process ensures that you get the most accurate and relevant answers, drawn directly from the server's custom knowledge, while preventing the high costs and potential inaccuracies of sending large, irrelevant amounts of data to the AI.