Armor stands are not damaged by cacti but can be broken by arrows. An armor stand destroyed by an explosion or a firework does not drop as an item. Armor stands in water and lava at the same time are not consumed by the lava.
Notably also adds some metadata files for NixOS
* add support for linux clang cross compiles
* add linux clang instructions
* un-capitalize Mob.horse.*
* update the description in flake.nix
---------
Co-authored-by: Loki <lokirautio@gmail.com>
Add missing GuardianModel.cpp and GuardianRenderer.cpp to the
Minecraft.Server build configuration to fix compilation errors in
the debug GitHub PR workflow.
Also fix inconsistent indentation in Minecraft.Client's Common.cmake
for the GuardianModel.cpp and GuardianRenderer.cpp entries (styling only).
Resolve merge conflicts across multiple components
Merge and synchronize XML locale changes
Ensure consistency between string resources and localization files
Minor fixes to restore successful builds after merge
- Protect PlayerList and ServerConnection players vectors with critical
sections; all iterations use copy-on-read snapshots to prevent iterator
invalidation during concurrent join/leave
- Add null check on player bounding box in movement validation to prevent
crash when player is removed mid-tick
- Re-validate socket player pointer immediately before SendData to narrow
the TOCTOU race window on disconnect
- Replace inline disconnect cleanup with a queued system drained on the
main tick thread, eliminating the done_cs -> m_playersCS lock inversion
that caused deadlocks under load
- Disable Windows QuickEdit mode at server startup to prevent console
input selection from freezing the process
- Move chunk priority sort behind ServerConnection::sortPlayersByChunkPriority()
to keep the players vector lock-protected
Adds the FourKit .NET 10 plugin host as a second dedicated server
build flavour alongside the existing vanilla server. Both flavours
build from the same source tree, with FourKit gated by the
MINECRAFT_SERVER_FOURKIT_BUILD preprocessor define.
Build layout:
Minecraft.Server vanilla, no plugin support, no .NET dep
Minecraft.Server.FourKit FourKit-enabled, ships with bundled
.NET 10 self-contained runtime in runtime/
and an empty plugins/ folder
Both produce a Minecraft.Server.exe in their own per-target output
dir. The variant identity lives in the directory name, not the
binary name, so either flavour can be shipped as a drop-in.
Native bridge (Minecraft.Server/FourKit*.{cpp,h}):
* FourKitRuntime: hosts CoreCLR via hostfxr's command-line init API
(the runtime-config API does not support self-contained components)
* FourKitBridge: ~50 Fire* event entry points, with inline no-op
stubs for the standalone build so gameplay code can call them
unconditionally
* FourKitNatives: ~80 native callbacks the managed side invokes
for player/world/inventory mutations
* FourKitMappers: type and enum mapping helpers
Managed plugin host (Minecraft.Server.FourKit/):
* Bukkit-style API: Player, World, Block, Inventory, Command,
Listener, EventHandler attribute, ~54 event classes
* PluginLoader with per-plugin AssemblyLoadContext
* FourKitHost as the [UnmanagedCallersOnly] entry point table
* Runtime resolves plugins relative to the host process so they
always live next to Minecraft.Server.exe regardless of where the
managed assembly itself is loaded from
Engine hooks (Minecraft.Client/, Minecraft.World/):
* Player lifecycle (PreLogin, Login, Join, Quit, Kick, Move,
Teleport, Portal, Death) wired into PendingConnection and
PlayerConnection without disturbing the cipher handshake or
identity-token security flow
* Inventory open/click/drop hooks across every container menu type
* Block place/break/grow/burn/spread/from-to hooks across the
full tile family
* Bed enter/leave, sign change, entity damage/death, ender pearl
teleport hooks
Regression fixes preserved while applying donor diffs:
* ServerPlayer::die() retains the LCE-Revelations hardcore branch
(setGameMode(ADVENTURE) + banPlayerForHardcoreDeath) in both the
FourKit and non-FourKit code paths
* ServerLevel::entityAdded() retains the sub-entity ID reassignment
loop required by the client's handleAddMob offset, fixing Ender
Dragon and Wither boss multi-part hit detection
* LivingEntity::travel() retains the raw Player* cast and the
cached frictionTile, both Revelations perf wins that the donor
silently reverted
* ServerLogger.cpp keeps the file-logging code donor stripped
* PlayerList.cpp end portal transition fix and UIScene_EndPoem
bounds-check are intact
Build system:
* Top-level CMakeLists.txt adds the Minecraft.Server.FourKit
subdirectory and pulls in the new shared cmake/ServerTarget.cmake
helper
* Minecraft.Server/cmake/sources/Common.cmake is now location
independent (uses CMAKE_CURRENT_LIST_DIR) so the source list
can be consumed from either server target's CMakeLists.txt
* The seven FourKit*.cpp/h files live in their own
_MINECRAFT_SERVER_COMMON_SERVER_FOURKIT variable so the
standalone target omits them
* configure-time .NET 10 SDK check fails fast with a clear
download link if the SDK is missing
* global.json pins the SDK to 10.0.100 with latestFeature
rollforward
Sample plugin (samples/HelloPlugin/) demonstrates the loader and
the PlayerJoinEvent listener pattern.
CI:
* nightly.yml builds both server flavours, ships
LCE-Revelations-Server-Win64.zip and
LCE-Revelations-Server-Win64-FourKit.zip, attests both, and
updates release notes for the dual-flavour layout
* pull-request.yml pulls in actions/setup-dotnet so the FourKit
publish step works in PR validation
* All zip artifacts and the client zip are renamed from
LCREWindows64 to LCE-Revelations-{Client,Server}-Win64
Documentation:
* COMPILE.md gets a VS 2022 quick start, .NET 10 prereq section,
server flavours explanation, and a troubleshooting section
* docs/FOURKIT_PORT_RECON.md captures the file-by-file recon that
drove the port
* docs/FOURKIT_PARITY.md is the canonical reference for which
events FourKit fires
Docker:
* docker-compose.dedicated-server.yml MC_RUNTIME_DIR default points
at the vanilla CMake output. The FourKit Docker image is
intentionally NOT shipped yet because hosting .NET 10 self
contained inside Wine has not been smoke-tested
Chunk loading now batches up to 16 nearest-first requests per player per
tick on dedicated server (client stays at 1), improving tick recovery
time after player join.
Reverts the async save system -- the background thread snapshot/compress
path added complexity without measurable benefit. Autosave on Windows64
server now uses the standard synchronous flush like client, in
preparation for a proper async implementation from upstream.
Autosave previously froze the main thread for 2-6 seconds while
compressing the entire save file with zlib. Now the save buffer is
snapshotted under the lock (~18ms), then compression runs on a
background thread. The compressed data is committed to StorageManager
on the next main-thread tick via CommitPendingAsyncSave().
Also skip redundant full chunk saves during autosave on the dedicated
server -- chunks are already persisted by the per-tick trickle save.
Only entity data is flushed, matching Xbox/Orbis behavior.
Added per-step timing to the autosave handler for diagnostics.
Replace the XOR obfuscation cipher with AES-128-CTR using the Windows
BCrypt API. Key material grows from 16 to 32 bytes (16 AES key + 16 IV).
All callers auto-adjust via StreamCipher::KEY_SIZE. No handshake or
protocol changes needed beyond the larger MC|CKey payload.
Comprehensive security system to protect against packet-sniffing attacks,
XUID harvesting, privilege escalation, bot flooding, and XUID impersonation.
- Stream cipher: per-session XOR cipher with 4-message handshake via
CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection,
backwards compatible (old clients/servers fall back to plaintext).
- Security gate: buffers all game data until cipher handshake completes,
preventing unsecured clients from receiving any XUIDs or game state.
- Cipher handshake enforcer: kicks clients that don't complete the handshake
within 5 seconds (configurable via require-secure-client).
- Identity tokens: persistent per-XUID tokens in identity-tokens.json,
issued over the encrypted channel, verified on reconnect. Prevents XUID
replay attacks. Client stores server-specific tokens.
- PROXY protocol v1: parses real client IPs from playit.gg tunnel headers
so rate limiting, IP bans, and XUID spoof detection work per-player.
- Rate limiting: per-IP sliding window (default 5 connections/30s) with
pending connection cap (default 10).
- Privilege hardening: OP requires ops.json, live checks on every command
and privilege packet. Host-only server settings changes.
- XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders.
- Packet validation: readUtf global string cap, reduced max packet size,
stream desync protection on oversized strings.
- OpManager: persistent ops.json with XUID-based OP list.
- Whitelist improvements: whitelist add accepts player names with ambiguity
detection, XUID cache from login attempts.
- revoketoken command: revoke identity tokens for players who lost theirs.
- server.log: persistent log file written alongside console output with
flush-per-write to survive crashes.
- CLI security logging: consolidated per-join security summary with cipher
status, token status, XUID, and real IP. Security warnings for kicks,
spoofing, and unauthorized commands.
