Patch Notes

0.1.274-dev

• Hardened packet viewer cleanup after local evidence storage failures.
• Cleared stale manual capture tracking when a report cannot be written.
• Kept automatic, prelogin, and legacy capture buffers bounded.
• Bounded active capture incident entries during repeated report pressure.
• Fixed hardened runtime startup after the license verifier ABI was broken by obfuscation.
• Fixed signed standalone license fallback when the live verification endpoint returns an invalid response.
• Disabled companion server startup when the forwarding key is blank, too short, or still change-me.
• Fixed missing or invalid operational profile metadata falling back to observe mode.
• Made Velocity runtime startup idempotent so loader and proxy initialize paths cannot double-register channels, packet listeners, or server hooks.
• Added a GitHub Actions clean-checkout CI gate for tests, checks, distribution build, loader smoke, and hardened smoke.
• Fixed Linux clean-checkout hardener execution by invoking the vendored wrapper through Bash and tracking the wrapper files needed by the vendored hardener.
• Added a local network-level plugin-message exploit probe for SVC request-secret oversize and client-origin TAB bridge payloads.
• Extended the plugin-message exploit probe for already-running lab/customer-like proxies with explicit report-directory evidence collection.
• Fixed plugin-message probe disconnect handling so online-mode or closed targets fail quickly instead of timing out.
• Added a release stability gate wrapper that runs authenticated real-player join and customer-like exploit replay before promotion.
• Fixed release stability wrapper parameter passing so it reaches the authenticated join gate correctly.
• Moved scheduled update checks off the scheduler thread and blocked overlapping update probes so a slow license artifact endpoint cannot stall recurring runtime tasks.
• Stabilized companion pre-auth socket handling under slow CI or loaded hosts by giving peers a larger handshake window while keeping the hard pre-auth socket cap.
• Added a regression test for failed manual packet viewer flush cleanup.

Validation

• Runtime capture regression test passed uncached.
• Capture service pressure regression test passed uncached.
• Velocity bootstrap idempotency regression test passed uncached.
• Replay corpus verification passed for raw overflow, prelogin flood, PacketEvents crash-prevention, SVC oversize, and TAB bridge exploit fixtures.
• Full uncached test suite passed.
• Distribution, loader smoke, and hardened obfuscation smoke passed.
• GitHub Actions CI run 25876387452 passed on commit b1f457f8.
• Docker test stack smoke passed.
• Offline join probe passed through Velocity and backend with a benign voice UDP envelope.
• Netty pressure probe passed with 100 status pings, 25 invalid packet sends, and 100 short handshakes.
• Plugin-message exploit probe passed after recording SVC-REQ-SIZE and TAB-BRIDGE-DIR reports from a live offline client session.
• External -NoStackControl plugin-message probe mode passed against an already-running offline local proxy and emitted report IDs e794626c-0892-4860-88c7-cb6d13c7f3b3 and 7a36a026-a1e7-4420-b9f0-9dd915d1a3fe.
• External -NoStackControl plugin-message probe mode failed fast against an online-mode local proxy with plugin-message-exploit-probe-ended-before-join "socketClosed".
• Release stability wrapper fails fast without target data instead of allowing an incomplete promotion gate.
• Release stability wrapper reaches the authenticated join gate when target data is present and fails on the missing Microsoft auth cache until device login is completed.
• Runtime update service regression test passed uncached for async scheduler handoff and overlap suppression.
• Companion transport regression test passed uncached for the authenticated peer cap, pre-auth socket cap, and dropped outbound message accounting.
• GitHub Actions CI run 25878287944 passed on commit 3e22f020.
• Sequential Netty pressure passed with status-ok=100/100, invalid-sent=25/25, and handshake-sent=100/100.
• Latest external plugin-message replay emitted svc-report=14fb173a-2ee8-4605-8fca-005be8e3146a and tab-report=14864b42-f28a-4152-b9e4-7f16c27ee945.

Artifacts

Release readiness

• Memory leak risk from capture tracking is fixed and covered by runtime capture and capture service pressure tests.
• Hardened build startup risk from obfuscation is fixed and covered by distribution, loader smoke, and hardened smoke gates.
• Companion default-secret exposure is fixed and covered by companion transport tests.
• Fail-open profile fallback is fixed and covered by operational profile tests.
• Velocity double-start lifecycle risk is fixed and covered by bootstrap regression tests.
• Local proxy and backend stability passed Docker smoke, offline join, and Netty pressure probes.
• Clean GitHub checkout verification passed CI run 25876387452 with test, check, distribution, loader smoke, and hardened smoke gates.
• Exploit protection evidence passed replay corpus checks for raw overflow, prelogin flood, PacketEvents crash-prevention, SVC oversize, and TAB bridge exploit fixtures; local Docker network replay and external local -NoStackControl replay recorded SVC-REQ-SIZE and TAB-BRIDGE-DIR.
• Not stable-customer-ready yet: authenticated real-player join and live customer-server exploit replay are still unproven.

Remaining gates

• Run .\docker\test-stack\release-stability-gates.ps1 -InteractiveDeviceCode -ProfilesFolder build\test-stack\auth-cache -AllowRemote -TargetHost <host> -Port <port> -ReportsDirectory <reports-dir> once to create the Microsoft auth cache, then rerun without -InteractiveDeviceCode.
• Stable release decision: do not promote until the wrapper prints release-stability-gates-ok on the hardened build and the emitted report IDs are attached to the release audit.

Dependency review

Runtime libraries were checked against current Maven metadata. Stable dependencies were already current; release candidates, snapshots, and alpha major-version lines were not pulled into this patch.