Runtime Permission Discovery, Update Notifications & LuckPerms Migration

This is a massive update introducing intelligent runtime permission discovery, automatic update notifications, and a complete LuckPerms migration tool.

Runtime Permission Discovery

HyperPerms now automatically discovers and registers permissions from all installed plugins, making them instantly available in the web editor without manual configuration.

How It Works

JAR Scanning at Startup

• Scans plugin JAR files for permission strings in bytecode
• Extracts plugin names from manifest.json
• Builds namespace-to-plugin mappings (e.g., "theeconomy" -> "EconomySystem")
• Pre-registers permissions so they appear immediately in the web editor

Intelligent Filtering

• Blacklist of 50+ code-related words to prevent false positives
• Known permission prefix whitelist
• Pattern validation (2-5 segments, 3+ char namespace)
• Java package rejection (java., javax., org., com.google., etc.)

Performance

• Results cached in jar-scan-cache.json
• Cache keyed by JAR filename and modification timestamp
• Unchanged JARs skipped on subsequent startups
• Typical overhead: 1-3 seconds initial scan, near-zero for cached

Web Editor Integration

The web editor now displays discovered permissions with full context:

• "Installed" badges appear next to permissions from running plugins
• Dynamic categories created for each discovered plugin
• Seamless merge with the static permission registry
• Makes finding the right permissions faster and easier

Operator Update Notification System

Never miss an update. Operators automatically receive notifications when joining the server.

Commands:

• /hp update - Check for available updates
• /hp update confirm - Download update to mods folder
• /hp updates - View notification preference
• /hp updates on|off - Toggle join notifications

Features:

• Delayed notification (1.5s after join) for clean UX
• Opt-out model (enabled by default)
• Preferences persist in notification-preferences.json
• GitHub release version checking

LuckPerms Migration Tool

Migrate from LuckPerms to HyperPerms with a single command.

Commands:

• /hp migrate luckperms - Preview migration (dry-run)
• /hp migrate luckperms --confirm - Execute migration
• /hp migrate luckperms --verbose - Detailed preview
• Conflict resolution: --merge (default), --skip, --overwrite

Supported Storage Backends:

• YAML file storage
• JSON file storage
• H2 embedded database
• MySQL/MariaDB remote database

What Gets Migrated:

• Groups with weights, prefixes, suffixes
• All user permissions and group memberships
• Tracks/ladders with correct ordering
• Temporary permissions with expiry
• Context mappings (server, world)
• Group inheritance hierarchies

Safety:

• Automatic backup before migration
• Dry-run mode by default
• Full rollback on failure
• Circular inheritance detection

Compatibility Fixes

Hex Color Support and Werchat Compatibility

• Added hex color parsing (§x§R§R§G§G§B§B format)
• Added underline and strikethrough format codes
• Werchat detection: HyperPerms defers chat handling when Werchat is installed
• New ChatAPI.getRawPrefix() and getRawSuffix() methods

HyperPerms + HyFactions Chat Fix

• Resolved chat prefix conflict when both plugins are installed
• Dynamic event priority based on HyFactions presence
• Output: [FactionTag] [RankPrefix] PlayerName: message

Player List Formatting

• Complete rewrite using Hytale's packet system
• Proper async prefix/suffix resolution
• Strip color codes and invisible Unicode characters
• Add left padding to prevent UI clipping

Startup Error Fixes

• Null-safe server root resolution in LuckPerms migrator
• Removed verbose debug logging spam

Permission System Fixes

Universal Permission Negation Fix

Restructured WildcardMatcher.check() to properly evaluate negations before grants. Previously, grants like com.hyperwarps.* would return TRUE before negations were evaluated.

User Permission Leak Fix

Fixed PermissionProvider.addUserPermissions() which was incorrectly persisting every permission check as a direct user node.

Security Fix

Removed overly broad com.* from HyperHomes built-in permissions.

Expanded Wildcard Aliases

• HyperHomes: Added share, admin, and bypass wildcard expansions
• HyperWarps: Full wildcard expansion with bypass permissions

Web Editor Updates (HyperPermsWeb)

Dynamic Permission Discovery Support

• Backend plugin permissions displayed in web editor
• "Installed" badges for permissions from running plugins
• Dynamic categories for discovered plugins

Negative Permission Support

• Proper parsing of denied permissions (-permission.node)
• Red text and - prefix in UI for denied permissions

Bug Fixes

• Fixed manual permission input disappearing after one character
• Fixed old JSON config compatibility
• Fixed CSRF validation blocking production requests
• Fixed i18n namespace issues

Test Coverage

Added P0 specification verification tests covering:

• User negation overrides group grant
• Specific negation with wildcard
• Context-specific overrides global
• Expired permission handling
• Default group fallback
• Weight priority conflicts

All 118 tests pass.