All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- AVP conformance-vector tests (
AvpConformanceVectorsTest). The crypto primitives and envelope compositions are now gated byte for byte against the published Alt Vault Protocol vectors, vendored undersrc/test/resources/avp-vectors/fromtrqlmao/avp: HKDF, X25519, Ed25519, the AAD and key-binding-message constructions, the payload AEAD, the key wrap, and the MUST-reject negative bank. The round-trip tests proved self-consistency; these prove interoperability with every other AVP implementation, so a silent change to a construction is caught.
- Corrected the Alt Vault Protocol spec link in the README (
trqlmao/avp-spectotrqlmao/avp).
- Breaking: bans are now per-server.
AltAccount.ban: BanInfois replaced bybans: Map<serverId, BanInfo>;banned()now means "banned on any server" andbanned(String serverId)checks one server;bannedServers()returns the banned server ids;withBan(BanInfo)becomeswithBan(String serverId, BanInfo); andAltStore.markBanned(uuid, ban)becomesmarkBanned(uuid, serverId, ban).serverIdis an opaque, host-supplied string (the same namespace as game stats) — the library performs no server detection. Oldaccounts.datfiles are migrated on load: a single legacybanbecomesbans = { "unknown": ban }, so existing badges are preserved.
- Breaking (crypto): the
X25519-HKDF-SHA256-AESGCM-v1key-wrap scheme's HKDFinfo(also the wrap GCM AAD) changed from the library-namespacedlol.trq.alts/rdk-wrap/v1to the vendor-neutralavp/rdk-wrap/v1, matching the published Alt Vault Protocol scheme so the wrap interoperates with any conformant implementation. Wrapped keys produced by 0.2.0/0.3.0 cannot be unwrapped by 0.4.0 and vice versa. This is safe in practice because no shared vault has been deployed yet. The change is a single constant inX25519HkdfAesGcmKeyWrap; nothing else moves.
- Breaking: replaced the Hypixel-specific stats surface with a server-agnostic one.
GameStats(an ordered list ofStatdisplay chips) replacesHypixelStats/BedwarsStats/SkywarsStats;GameStatsSource(with aserverId()) replacesHypixelStatsSource; andAltsRuntime.hypixelStats()becomesgameStats(String serverId), backed by one cache per registered source. A host registers a source per server viaBuilder.gameStatsSource(...)(a duplicate server id throws). Migrate by formatting your stats intoGameStats.Statchips and reading them back withgameStats(yourServerId).
StaticGameStatsSource, a fixed in-memoryGameStatsSourcefor demos and tests.- A compiled
examples/source set (ExampleNetGameStatsSource) so examples cannot drift from the API.
- Shared vault (
lol.trq.alts.vault,lol.trq.alts.crypto) — a zero-knowledge shared alt repository: Ed25519 identity + X25519 key-agreement (VaultIdentity), AES-256-GCM payloads with replay-binding AAD (PayloadCipher), a pluggableKeyWrapScheme(defaultX25519HkdfAesGcmKeyWrap), andSharedVault— pure client-side crypto for create / open / encrypt / decrypt / rotate-on-removal over plain transport DTOs. The server (a host-suppliedVaultTransport) sees only ciphertext, wrapped keys, public keys, and counters. - Federation (
lol.trq.alts.vault.federation) —RepoAddress(avp://host/repoId),InviteRequest, andRepoLocatormake repositories reachable across independently-hosted servers using one portable identity. NewVaultTransportResolverSPI seam maps a host authority to a transport, so a member pointed at one server can join a repository hosted on another. - Provenance —
AltAccountgainssourceClient/sourceUser: which client a shared alt was added from and the user within it. Carried inside the encrypted payload only (the server never sees them).AltAccount.withSource(client, user)stamps them. - Anti-MITM —
MemberEntrygains an optionalkeyBindingSig, andIssuerSignedKeyBindingVerifierchecks a member's served public keys against an identity-provider signature before wrapping a data key to them — for joining repositories on servers you do not operate. MicrosoftAuthConfig— the Microsoft client id, scope, redirect path, and every service endpoint are now host-supplied; wire it viaAltsRuntime.Builder.microsoftAuth(...).
- Breaking (pre-1.0):
MicrosoftAuthUtil.authenticate()now takes aMicrosoftAuthConfig. There is no built-in Microsoft client id any more — a host must supply its own Azure app id to enable Microsoft login (offline / cookie / session login are unaffected). Hosts usingAltsRuntimeonly need to add.microsoftAuth(MicrosoftAuthConfig.of(yourClientId)).
- Initial release.
- Auth (
lol.trq.alts.auth) — Microsoft OAuth 2.0, browser-cookie, session-token, and offline login behindAltLoginService, allCompletableFuture-based. - Store (
lol.trq.alts.store) —AltStore, an AES-256-GCM + PBKDF2 encrypted local account file; filename and key-binding are host-configurable. - Cache (
lol.trq.alts.cache) —AsyncCache<K,V>, a lazy non-blocking value cache with stale-while-revalidate TTL. - Skin (
lol.trq.alts.skin) —SkinAvatarCache<H>, async player-head fetch/cache generic over the host texture-handle type. - Model (
lol.trq.alts.model) —AltAccount,AccountType,LoginMode,SessionData,HypixelStats,BanInfo. - SPI (
lol.trq.alts.spi) — host seams:SessionInjector,VaultDirectoryProvider,TextureUploader<H>,MainThreadExecutor,ToastSink,HypixelStatsSource. AltsRuntimewiring root with an accumulating builder.- Spotless / palantir-java-format toolchain, JUnit 5 tests, GitHub Actions CI, and JitPack publishing manifest.