Skip to main content
DRACO NEST

Changelog

Current updates are automatically synced from CHANGELOG.md.

Back to homepage

Changelog

All notable changes to this project will be documented in this file.

[d7caeec] - 2026-05-16

Added

  • [backend] Add backup-gated ARK runtime auto-healing: Adds Pterodactyl backup rotation before restarts, backup-gated restart execution across restart APIs, and a feature-flagged ARK runtime stall detector that restarts only after query, RCON, and stale save or log evidence confirm the game runtime is stuck.
  • [backend] Add cluster config rollout, rollback, and deployment history: Adds cluster-level config apply, preview, rollback, and apply-run history APIs with per-target deployment tracking, staged rollout through bulk-apply infrastructure, idempotency, and retry-failed-targets support. Completes Phase 8 of the Config Studio unification plan.
  • [backend] Add Crafting Skill Potion mod settings: Operators can edit Crafting Skill Potion (Workshop 2307661303) from the Mod Settings Drawer. Adds a [CraftingSkillPotion] definition with 24 options across messages, timing, statMultipliers, restore, and cheatWeight.
  • [backend] Add Creature Finder Deluxe mod settings: Operators can now edit the Creature Finder Deluxe mod (Workshop 1591643730) from the Mod Settings Drawer. Adds a [CreatureFinderDeluxe] definition with 5 options across filtering, scanning, and access categories, including the ScanRange 100-1000000 meter clamp.
  • [backend] Add Dino Overhaul X mod settings: Operators can edit Dino Overhaul X (Workshop 710880648) settings from the Mod Settings Drawer. Adds a static [DOXSettings] definition with 33 options across difficulty, bosses, AI, spawning, dinos, cloning, potions, loot, and inventory.
  • [backend] Add GitLab merge request code review worker: Adds a GitLab merge request webhook, BullMQ review queue, dedicated worker, OpenAI-based review generation, MR note idempotency markers, DLQ handling, admin alerts, Error RAG learning, PM2 wiring, and shutdown hooks.
  • [backend] Add owner notification gate for ARK runtime stall auto-healing: Notifies server owners through their configured in-app, email, and Discord preferences before ARK game_runtime_stalled auto-restarts, waits at least 10 minutes for manual recovery, and sends a follow-up notification after verified recovery.
  • [backend] Add settings bulk apply API routes: Adds owner-scoped dry-run and execute routes for settings bulk apply runs, including target compatibility previews, idempotent run replay, and run status retrieval.
  • [backend] Add settings bulk apply worker orchestration: Adds the queued settings bulk apply service and worker that fans target servers through the existing Settings Platform apply path with per-target idempotency, DLQ alerting, and sanitized RAG error summaries.
  • [backend] Add settings deployment snapshot foundation: Adds additive SettingsDeployment and RenderedConfigFile models, a deployment snapshot service, optional apply-orchestrator and bulk-target wrapping through SETTINGS_DEPLOYMENT_SNAPSHOT_V1, and Active Config deployment status sourced from the latest deployment snapshot.
  • [backend] Add settings drift detection reports: Adds versioned ConfigDriftReport storage, a server drift detection service that compares rendered deployment snapshots with current Pterodactyl files without writing them, a feature-flagged server drift check API, and Active Config visibility for the latest drift report.
  • [backend] Add settings profile and bulk apply observability: Adds sanitized settings profile events, per-target bulk apply telemetry, an owner-only bulk apply runs diagnostics API, and audit-correlation coverage for repeated cluster-wide partial failures.
  • [backend] Add settings profiles foundation: Introduces feature flags, additive Prisma tables, backend compatibility helpers, and owner-scoped settings profile APIs for saved server settings profiles and future bulk apply workflows.
  • [backend] Add Shiny! Dinos mod settings: Operators can now edit the Shiny Dinos mod (Workshop 2016338122) from the Mod Settings Drawer. Adds a [Shiny] definition with 38 options across spawning, dinos, variants, enraged, tracker, notifications, rewards, cosmetic, and debug categories.
  • [backend] Add Upgrade Station Augment Station config support: Adds dark-launched multi-section mod configuration for Upgrade Station [AugmentStation], including first-open import state, row-presence ownership, structured INI previews, and single-upload writes for shared INI files.
  • [backend] Add Upgrade Station mod settings: Operators can edit the Upgrade Station mod (Workshop 821530042) from the Mod Settings Drawer via a 15-option [UpgradeStation] definition across upgrading, salvaging, and fortune categories. Augment Station and Game.ini overrides stay out of scope.
  • [backend] Add versioned server override foundation: Adds SettingsServerOverrideVersion, strict validation for technical per-server override fields, protected profile compatibility for server-owned keys, server override API routes, and Active Config visibility for the latest override version.
  • [backend] Add versioned settings profile assignments: Adds the additive SettingsProfile, SettingsProfileVersion, and SettingsProfileAssignment foundation with server and cluster active-configuration APIs, idempotent profile assignment, and Active Config UI integration for the assigned profile version.
  • [backend] Instrument mod-config apply pipeline with Prometheus metrics: Worker emits mod_config_apply_jobs_total, mod_config_apply_duration_seconds and mod_config_drift_entries_total. The POST /apply route increments the enqueued counter so dashboards can compare queue rate against worker throughput.
  • [backend] Persist requiresRestart and isAdvanced on ModConfigOption: Adds two boolean columns plus inference helpers so the editor's Advanced filter and the worker restart decision come from data instead of frontend key-substring heuristics.
  • [backend] Preview pending mod config overrides as INI before apply: New GET /servers/:id/mods/config/preview endpoint returns a diff between defaults and saved overrides plus the rendered INI section. Editor review panel uses it to show what the worker will write.
  • [backend] RAG Azure Blob ingester for canonical collections: Adds an Azure Blob JSONL RAG ingester with canonical collection routing, per-record validation, idempotent upserts, cache invalidation, and explicit append/replace modes for stale chunk cleanup.
  • [backend] Starbound vote provider and verified TopServers adapter: Registers only verified TopServers adapters for ARK-Servers.net and Starbound-Servers.net, parses scalar claim responses, and leaves ASA_SERVERS unregistered until a dedicated ASA API adapter exists.
  • [backend] Upgrade Station engram hiding: Individual Upgrade Station engrams can now be hidden from the Mod Settings Drawer. Applies OverrideNamedEngramEntries to Game.ini without affecting other mods' engram overrides.
  • [backend] Vote-rewards UES emission and anomaly detection: Emits vote lifecycle events through UES and adds a repeatable vote-anomaly detector that feeds Draco P5/RAG when failure rates exceed configured thresholds.
  • [backend] Vote-site and reward policy admin API: Adds owner-scoped vote-site, reward-policy, vote-event history, and admin redelivery APIs using withServerMiddleware and apiSuccess/apiError envelopes.
  • [backend] Vote-site integration foundation (schema + ark-servers.net provider): Adds vote-site schema models, encrypted API-key storage, the provider abstraction, the ARK-Servers.net adapter, and dormant feature-flag env variables.
  • [backend] Vote-site polling and reward delivery workers: Adds BullMQ vote polling and reward-delivery workers with identity resolution, lifecycle state transitions, reward action validation, retries, and DLQ handling.
  • [docs] Plan vote-sites and Vote Rewards integration: Adds the implementation plan for vote-site providers and automated in-game Vote Rewards, covering schema, workers, APIs, RBAC, UES, and Design v7 UI.
  • [frontend] Add cluster profile picker and bulk assign on Compatibility tab: Adds a Settings Profile picker to the cluster overview page and a bulk 'Assign to selected servers' action to the profile Compatibility tab. Both reuse existing assign endpoints and surface per-target results.
  • [frontend] Add cluster settings bulk apply UI: Adds a cluster settings panel for previewing and executing saved profile, member server, or imported JSON settings changes across all or selected cluster members with visible per-target results.
  • [frontend] Add Death Recovery mod configuration: Adds GameUserSettings.ini editor support for the Death Recovery mod (Steam ID 751991809), exposing DelayTimer, decay, lifespan, pickup, single-stone, global-timer and exclusion list options through the Mod Config Editor.
  • [frontend] Add events, members, and Discord webhook health sections to the community dashboard: Adds upcoming events, recent members, and Discord webhook health sections to /dashboard/community with EN/PL copy and endpoint tests.
  • [frontend] Add Primal Fear (PrimalFear) to the Mod Settings Drawer: Adds a Mod Settings definition for Primal Fear (Steam ID 839162288), exposing all 57 [PrimalFear] options across 14 categories. Apply uses the existing mod-config:apply queue and writes only non-default overrides into GameUserSettings.ini.
  • [frontend] Add server settings profiles UI: Adds server settings profile controls for saving reusable non-sensitive settings, previewing saved profiles, and loading compatible values into the settings form before saving.
  • [frontend] Add Settings Profile assignment picker to server Active Config: Adds a profile picker to the server Active Config view so operators can assign or change the active Settings Profile without leaving the server page. Posts to /api/servers/{id}/settings-profile/assign with idempotency and refreshes Active Config.
  • [frontend] Add side-by-side settings comparison to profile Compatibility tab: After Preview, the Settings Profile Compatibility tab now shows a 3-column comparison table (server value vs profile value) with a 'Show only differences' toggle, server selector for multi-target previews, and badges for changed and skipped fields.
  • [frontend] Auto-redirect mod config apply to profile editor: Mod config apply now redirects to a Settings Profile draft editor when profiled mod config is enforced. The banner picks 0/1/N profile candidates and imported keys are highlighted in the editor.
  • [frontend] Config Studio profile list and in-place save: Config Studio now lists all saved profiles with assigned servers and View / Edit / Copy / Download / Delete actions. Profile editor saves changes in place as a new version, hides operational fields (mod IDs, ports), and adds value search.
  • [frontend] Expose vote rewards in dashboard navigation: Adds the player vote rewards page to the main dashboard sidebar with EN/PL navigation labels.
  • [frontend] Poll mod config apply job until the worker reports a terminal state: Editor captures the queued job id, polls /apply?jobId every 1.5s and surfaces a status pill plus toast when the rollout completes or fails. Backup path renders alongside the success toast.
  • [frontend] Surface restart-required indicator and toggle in mod config review: Review panel shows a restart badge per dirty option flagged requiresRestart and a confirm-restart checkbox that drives the apply request, replacing the hardcoded restartServer=false.
  • [frontend] Vote-site and reward policy admin UI (Design v7): Adds the owner vote-rewards admin UI with vote-site management, reward recipe editing, history filters, redelivery controls, hooks, atoms, molecules, and EN/PL copy.
  • [general] Add Claude Code Action for automated PR reviews: Adds the anthropics/claude-code-action GitHub workflow to automatically review every non-draft pull request against CLAUDE.md conventions and project ADRs, plus an @claude mention responder for issues and review comments.
  • [general] Add Draco-assisted server settings suggestions: Adds catalog-backed Draco settings suggestions with sensitive-field filtering, deterministic fallback mode, review-before-apply UI, feedback telemetry, and sanitized RAG learning events.
  • [general] Add settings config compiler: Adds a normalized settings compiler with rendered file hashes, server and cluster apply APIs, Active Config recovery actions, drift import/revert, staged cluster rollout, rollback, retry, ownership maps, managed mod settings, preservation, and conflicts.
  • [general] Vote-rewards player widget and delivery notifications: Adds the player vote-rewards page, claim-now API, pending-events API, and post-delivery in-game plus notification fanout behind policy flags.
  • [infra] Add Grafana dashboard for the mod-config apply pipeline: Adds monitoring/dashboards/mod-config-apply.json with enqueue/completion throughput, failure rate, p50/p95 duration by mod, and recent drift counts.
  • [infra] Add k6 idempotency load test and Playwright API smoke for mod-config apply: Adds a k6 idempotency load test for mod-config apply and a Playwright API smoke covering queue, polling, and preview endpoints.
  • [worker] Add profiled mod config imports: Adds profile-owned mod config import, DLQ handling for exhausted apply jobs, and Draco learning telemetry for mod config failures.

Changed

  • [backend] Align ASE Profile catalog with ark.wiki.gg: Align ASE Profile settings with ark.wiki.gg by adding supported Game.ini/ServerSettings mappings, explicit profile/restart metadata, INI boolean preview serialization, and deferred metadata for repeatable-array keys until iniService supports repeatable lines.
  • [backend] Align mod-config routes with the unified API middleware pattern: All five mod-config routes now run isProtected via withMiddleware, share assertServerAccess for ownership checks and emit apiSuccess/apiError. Removed inline session lookup and as-const response blocks.
  • [backend] Block legacy config repair for profile-managed servers: Adds a profile-managed target guard so legacy INI synchronization, enforcement self-healing, and Configuration Watchdog drift repair skip servers with active Settings Profile assignments instead of silently overwriting profile-rendered configuration.
  • [backend] RBAC v2 phase B: unify platform admin on SUPERADMIN: Replaces 30+ legacy userRole === "OWNER" checks with isAdminRole() so SUPERADMIN reaches full parity in legacy ownership, pterodactyl, admin and UI paths. Adds an idempotent Prisma migration that rewrites User.role and RagChunk.minRole from OWNER to SUPERADMIN.
  • [backend] RBAC v2 phase C-2: drop OWNER dual-read across the codebase: Simplifies guards, middleware, ROLE_PERMISSIONS, ROLE_HIERARCHY, RATE_LIMITS, seed-rbac, Discord roleMap and 18 admin route helpers to recognize SUPERADMIN as the only platform admin. UserRole.OWNER is unreachable in code; phase D will drop it from the Postgres enum.
  • [backend] RBAC v2 phase D: drop OWNER value from UserRole Postgres enum: Rebuilds the UserRole enum without OWNER (rename legacy, create new, retype 4 columns, drop legacy) inside a transaction with a pre-flight assertion that no OWNER rows remain. Schema.prisma drops OWNER and ROLE_PERMISSIONS reverts from Partial<Record> to full Record.
  • [backend] Scope mod configuration service cache per Prisma client: ModConfigService no longer pins the first Prisma client passed at startup; each client (including transaction clients and test mocks) now gets its own service instance.
  • [frontend] Hide runtime fields and add Beacon-style meta in settings-profile wizard: The 'New settings profile' wizard now hides 8 per-server runtime fields (Server Map, Session Name, Args, Mod IDs, Extra Params, Extra Flags, Port, Query Port) and shows description, default, range, restart hint and INI/Pterodactyl origin under each remaining field.
  • [frontend] Introduce Active Config as the server configuration read model: Renames the server configuration tab to Active Config, moves Config Studio into the operational sidebar, and replaces the server-local editor with a read-only source-of-truth overview.
  • [frontend] Make Profile settings card collapsible and searchable: Profile settings card on the server settings page now starts with all category sections collapsed, shows a field count per section, surfaces inline field descriptions, and exposes a search box that auto-expands matching categories. Category names are translated.
  • [frontend] Migrate community integration modal to design v7 atoms and localize all strings: Moves the community integration modal to v7 atoms, localizes labels and validation copy, persists ?period= in the URL, and adds a section-aware skeleton loader.
  • [frontend] Remove prohibited shadow classes from audited surface components: Removes prohibited shadow and drop-shadow classes from audited app and component surfaces, and adds the Design v7 token audit report for remaining color, CTA, and radius follow-up work.
  • [frontend] Remove prohibited shadow classes from core surface components: Removes prohibited shadow classes from 29 core surface components and adds the Design v7 token audit report for follow-up color, CTA, and radius work.
  • [frontend] Remove remaining shadow classes from audited surfaces: Removes remaining prohibited shadow classes from Toast, beta signup, beta hero, beta benefits, molecule Toast, and monitoring alert surfaces identified by the May 14 design token audit follow-up.
  • [frontend] Remove remaining shadow utilities from audited surfaces: Removes leftover shadow utility classes from audited Design v7 surfaces on the current main branch without merging the obsolete May 12 token audit report.
  • [frontend] Rewrite ARK_ASA setting descriptions in English Beacon-style prose: All 86 asa.json fields now ship 1-3 sentence English descriptions (50 Polish replaced, 26 empty filled, 10 short expanded). New Jest guardrail mirrors the ASE one.
  • [frontend] Rewrite ARK_ASE setting descriptions in English Beacon-style prose: All 327 ase.json fields now ship 1-3 sentence English descriptions focused on what each setting does (81 handwritten, rest templated). A new Jest guardrail blocks regressions to short or Polish strings.
  • [frontend] Rewrite descriptions for 8 smaller game mappings in English Beacon-style prose: 111 fields across aska, enshrouded, fivem, last_oasis, minecraft, palworld, rust and soulmask now ship 1-3 sentence English descriptions. Adds a parameterised Jest guardrail covering all 8 mappings.
  • [frontend] Show field description, default, range and origin on settings-profile detail page: Profile values tab now reuses SettingsProfileFieldRow from the wizard — each editable field shows its description, default, validation range, restart hint and INI/Pterodactyl origin. Readonly mode shows the same metadata alongside the stored value.
  • [frontend] Split the community dashboard page into sections, hooks, and pure helpers: Splits the community dashboard route into a slim orchestrator, focused section components, data hooks, and pure helpers while preserving behavior.
  • [frontend] Streamline server Active Config page around profile assignment: Streamlines the server settings page: the Assign profile card hosts a drift badge and an always-available Open Config Studio link in its header, an Apply button next to Change profile, and an inline status row that surfaces apply success and server-side errors.
  • [frontend] Unify mod config editor CTAs and add lifecycle toasts: Editor uses Review/Queue/Applied terminology consistently and emits draft-saved, queued, applied, failed and overrides-cleared toasts. Error and unsaved-change counts now use ICU pluralization in pl and en.
  • [general] Complete unified Config Studio profile apply flow: Adds versioned Settings Profile APIs, rendered INI apply for profile mod settings, Active Config server override editing, Config Studio landing, preserved unmanaged drift marking, and legacy mod INI apply blocking when profiled mod config is enabled.
  • [infra] Run mod config seed automatically on every deploy: Runs prisma/seed-mod-configs.ts after deploy migrations so new mod settings definitions become visible without a manual seed step. Adds npm run seed:mod-configs for ad-hoc re-seeds.

Fixed

  • [backend] Fix 3 bugs in smart restart (When Empty, cancel double RCON, power-fail error): Smart restart now falls back to cached player counts when RCON is unavailable, avoids duplicate cancellation broadcasts, and reports power-action failures with an accurate error after successful backups.
  • [backend] Fix 5 bugs in mod config edit/save-to-INI flow: Fixes mod-config apply status, per-server locking, case-insensitive HTML guards, legacy identifier handling on /instances, and INI section sanitization.
  • [backend] Fix BigInt serialization crash in mod installation flow: Mod install no longer crashes when Mod.sizeBytes is serialized. Redis idempotency caching and mod install API responses now coerce BigInt values to strings, matching the existing mod list behavior.
  • [backend] Fix logic bugs in Maintenance & updates system: Fixes 7 logic bugs in the Maintenance & updates pipeline: FiveM critical-version severity, middleware auth on pending API, in-flight mod exclusion, txAdmin multi-owner notifications, semantic version comparison, metadata-based deduplication, and worker status schedule source.
  • [backend] Fix mod settings not written to GameUserSettings.ini on bulk apply: Writes imported mod config values to GameUserSettings.ini during bulk profile apply, matching the existing single-server and cluster apply paths.
  • [backend] Fix rendered ARK config file paths: ARK rendered config apply now resolves Game.ini and GameUserSettings.ini to full Pterodactyl paths before writing. This fixes online apply failures for breeding, hatching, taming, and other INI-target fields.
  • [backend] Fix settings profile import silently skipping fields whose catalog key differs from INI key: Indexes catalog fields by iniKey and originalName so ASE/ASA settings whose INI key differs from the catalog key import into profiles correctly.
  • [backend] Fix SMART restart cancellation, scheduled restart TTL and execution reliability: When Empty restart cancellation now clears DB state, streak keys, queued jobs, and failure counters. Scheduled restart execution also floors Redis TTLs and isolates RCON failures so restarts are not moved to DLQ incorrectly.
  • [backend] Guard concurrent mod lifecycle operations: Mod install and removal now reject overlapping lifecycle operations, and removal workers no longer soft-delete a mod record when a newer install has already superseded the removal.
  • [backend] Harden GitLab code review runtime configuration: Ensures the GitLab code review worker keeps separate OpenAI clients and circuit breakers per review base URL and model, handles paginated GitLab notes and diffs, hardens webhook header normalization and DLQ behavior, and adds regression coverage for worker lifecycle behavior.
  • [backend] Harden secondary mod config imports: Secondary key/value INI imports now create draft rows without overwriting app edits, reject invalid live numeric values, route INI sync to secondary key/value sections, and preserve owned struct-list default rows in profile imports.
  • [backend] Harden settings profile assignment safety checks: Rejects unsafe Settings Profile assignments, prevents premature cluster rollback mutations, blocks legacy mod config writes for cluster-managed servers, and derives cluster Active Config status from member deployment snapshots.
  • [backend] Harden Smart Restart audit fixes: Hardened Smart Restart cancellation, watchdog routing, settings-triggered restarts, status contracts, and delayed restart batching.
  • [backend] Harden vote provider polling and reward delivery: Fixes vote integration audit gaps: worker startup, scalar provider parsing, ASA gating, event dedupe, retry-safe provider claims, canonical Pterodactyl identifiers, and soft-delete wiring.
  • [backend] Honor mod install idempotency headers: The mod install API now uses the Idempotency-Key header so reinstalling the same mod after removal queues a fresh install instead of returning stale cached state.
  • [backend] Include createBackup in the deterministic mod-config apply jobId: Two apply requests differing only in createBackup were collapsed into the same BullMQ job. The flag is now part of the SHA-256 hash so the worker schedules both rollouts.
  • [backend] Keep settings apply successful after transient rendered file errors: Settings apply now logs transient Pterodactyl fetch failures during rendered config file merge instead of returning 500 after core writes succeeded. The Apply button also enables as soon as a profile is assigned.
  • [backend] RBAC v2 phase C-1: drop OWNER from UI and fix 42 admin route lockouts: After phase B migrated all OWNER users to SUPERADMIN, 42 admin routes still gated on role !== "OWNER" would lock SUPERADMIN out at next JWT refresh; each is rewritten to !isAdminRole(...) and ChangeRoleModal drops OWNER from selectable options.
  • [backend] Route Smart Restart broadcasts through game-aware RCON: Smart Restart and scheduled restart warnings now try the game-aware RCON broadcast path before falling back to the Pterodactyl console broadcast command, preserving Minecraft delivery while fixing ARK, Rust, FiveM, and Soulmask warnings.
  • [backend] Synchronize Game.ini struct-list conflicts: INI sync now detects and resolves managed Game.ini struct-list entries, including Upgrade Station engram hides, without treating repeated keys as scalar INI values.
  • [backend] Translate mod configuration validation errors with stable keys: Validation failures now return a stable error code and ICU params so the editor can render localized messages instead of leaking raw keys like min_value_25.
  • [backend] Unify Smart Restart scheduling and execution: Smart Restart now uses one canonical orchestrator for public API, settings UI, legacy compatibility, and AI actions; RCON warnings use runtime status, stale player-count fallbacks are blocked, and operators can pause the system with a live feature flag.
  • [backend] Use linked Steam accounts for vote reward claims: Allows the player vote reward claim flow to check linked Steam gaming accounts in addition to Discord identities, so ARK-Servers.net Steam votes can be detected from the dashboard.
  • [backend] Write mod config to INI on single-server profile apply: When applying a saved settings profile to a single server in Config Studio, mod config values stored in the profile are now compiled and written to the server's GameUserSettings.ini — matching the existing bulk apply behaviour.
  • [backend] Write profile INI settings to game server even without mod config: Applying a settings profile in Config Studio now writes the profile's regular INI settings (SessionName, multipliers, etc.) to GameUserSettings.ini even when the profile contains no mod config and the game server is running.
  • [frontend] Confirm completed mod installs in the UI: The mods manager now refreshes in-progress installs in the background and shows a success toast when a mod reaches an installed or pending-restart state.
  • [frontend] Fix community landing audit regressions: Converts the public community landing page to server-rendered content with route metadata, removes mock stats, and makes feature navigation link-accessible.
  • [frontend] Fix Live Console authentication race: Delays the initial Live Console log request until Wings confirms the authenticated server stream, preventing intermittent JWT errors and connection interruption banners during console startup.
  • [frontend] Fix settings profile values tab not saving changes: Three bugs blocked saves on the profile values tab: API errors were swallowed silently (no toast), catalog fields missing a stored value caused a validation error that silently blocked the save, and catalog load failures left the editor in silent readonly mode.
  • [frontend] Localize the contact page and harden form against spam and GDPR gaps: Localizes /contact, adds canonical/hreflang metadata, consent, accessible fields, env-gated hCaptcha, reply-to handling, and keeps html lang aligned with the URL locale.
  • [frontend] Map every configurable mod to its translation namespace: Editor option labels and category names are now resolved per mod instead of always reading from the cybers namespace. Unknown keys fall back to a humanized form of the INI key.
  • [frontend] Restore real data on the server backups dashboard: Replaces the hardcoded /dashboard/servers/[id]/backups placeholder with the existing BackupManager wired to the Pterodactyl backup adapter.
  • [frontend] Settings profile save no longer aborts silently: Saving profile values used to abort without any toast or loading state when an editable field had no value and no default. The save now skips untouched fields, toasts validation issues, and reports API failures instead of swallowing them.
  • [frontend] Stabilize mod configuration editor save and reset behavior: Apply now waits for a successful draft save, reset to defaults marks only changed keys as dirty, and numeric parsing falls back cleanly instead of producing NaN.
  • [general] Fix Active Config server override form production build: Marks the extracted Active Config server override form modules as client components so Next.js can build the hook-based form.
  • [general] Fix smart restart never firing and misleading 'Restarting now...' badge: When Empty restart status now stays cancellable and says it will restart when empty instead of showing an immediate countdown. Smart restart jobs also include source=manual so the processor executes them.
  • [general] Harden delayed restart scheduling: Delayed restart now includes the user reason in broadcasts, filters intervals longer than the delay, sends the final restart warning, and deletes malformed Redis schedules instead of leaving corrupt keys behind.
  • [general] SMART restart now sends in-game broadcast, IMMEDIATE uses custom reason, modal mode label fixed: When Empty restarts now broadcast the restart reason before power action, immediate restarts use the modal reason in RCON messages, and the Smart Restart summary renders localized mode labels correctly.
  • [general] Stop MSW from intercepting fetch in jsdom UI test environments: tests/msw/jest-setup.ts now skips server.listen / resetHandlers / close when window is defined. Unblocks useMyProfiles.test.tsx (3/4 cases that failed with 'request.clone is not a function') and other UI suites running through the default Jest config.
  • [infra] Monitor Smart Restart task worker drift: Added the task worker process that executes smart and scheduled restarts to the critical PM2 drift checks and reconciliation path.
  • [infra] Reduce full-repo ESLint runtime: Excludes local worktrees and agent/editor state from ESLint, disables graph-wide import warnings in the default lint path, and turns off React Compiler lint gates until the app opts into React Compiler.
  • [worker] Persist ASE mod lists through startup variables: ASE mod installs now update the egg-compatible MOD_ID startup variable, keep the dashboard MOD_IDS record idempotent, and regenerate startup commands with a GameModIds fallback so manual INI rewrites do not drop active mods.
  • [worker] Restore mod reinstall queueing after removal: Mod install and remove queue IDs now include the concrete ModJob record, and reinstalls clear soft-delete state while ARK ActiveMods is rebuilt from active records only.
  • [worker] Serialize mod ActiveMods state during concurrent operations: Mod install and remove workers now rebuild ActiveMods from active statuses inside the per-server config lock and enqueue sync jobs with operation-scoped IDs.

Security

  • [security] Block cross-tenant access on mod configuration endpoints: Mod configuration routes now require server ownership or platform admin. Plain CLIENT users can no longer read or modify another tenant's mod config or apply jobs.
  • [security] Strip newline and control characters from mod config INI values: Sanitization is enforced both at write time in ModConfigService.updateInstances and at apply time in mergeINISection so a stored value cannot break out of the managed section into another INI block.

[8c2b8c4] - 2026-05-09

Added

  • [backend] Add Dino Storage v2 mod settings: Adds Dino Storage v2 as an ARK ASE mod configuration definition for the existing mod settings drawer and GameUserSettings.ini apply flow.
  • [backend] Add Lethals Reusables mod settings: Adds an ARK ASE Lethals Reusables mod configuration definition and seed coverage for its GameUserSettings.ini options.
  • [frontend] Add Awesome SpyGlass mod settings: Adds an ARK ASE Awesome SpyGlass mod configuration definition, seed coverage, and drawer warnings for the mod's saved settings file caveat.
  • [frontend] Add Awesome Teleporters mod settings: Adds an ARK ASE Awesome Teleporters mod configuration definition and seed coverage for its GameUserSettings.ini options.
  • [frontend] Add mod settings drawer for S+ configuration: Adds the configurable mod settings drawer, S+ ASE definition seed, reset/apply hardening, and managed INI merge behavior for mod configuration overrides.
  • [general] Add dedicated settings profile management: Adds the settings profiles dashboard with idempotent create, duplicate, public import, clone-as-new-version editing, and guarded profile sharing.

Changed

  • [backend] Refactor schedule plan policy: Refactors schedule plan limits around canonical CAMP, STRONGHOLD, CITADEL, and DEDICATED NEST policies with an operator kill switch.
  • [frontend] Refine Config Studio workspace and ARK setting copy: Widens the settings-only Config Studio workspace, groups the operations rail, shows inline setting descriptions, and replaces generic ARK ASE catalog descriptions with localized copy.

Fixed

  • [backend] Preserve ARK cluster startup flags during settings sync: Keeps clustered ARK servers' clusterid and ClusterDirOverride flags in the active Pterodactyl startup environment when settings are synchronized.
  • [backend] Reduce console reconnect pressure during Pterodactyl rate limits: Stops immediate retries after Pterodactyl 429 responses, forwards console websocket rate limits with Retry-After, and accepts legacy Socket.IO subscribe payloads for resource updates.
  • [backend] Restore smart and delayed server restart execution: Adds a dedicated task-worker PM2 runner for scheduled restart consumers, processes delayed restarts with SCAN and DLQ handling, routes broadcasts through the Pterodactyl Client API, and shows a specific zero-player restart toast.
  • [backend] Stabilize ARK RCON routing and monitoring: Preserves explicit Pterodactyl RCON ports, disables chat sentiment RCON collection by default, closes sentiment RCON clients reliably, and updates ARK GameDig identifiers to the current ase/asa values.
  • [backend] Start the mod config apply worker: Ensures queued mod configuration apply jobs are processed by starting the existing mod config apply worker during application startup.
  • [frontend] Complete Config Studio rollout readiness: Adds the owner/admin rollout cohort guard for Config Studio, documents the broad rollout switch, and splits oversized Config Studio components so strict lint can pass.
  • [frontend] Fix admin dashboard entry route: Redirects the bare /admin path to the localized owner dashboard and restores the missing auto-scaling helper copy.
  • [frontend] Fix Config Studio boolean preview validation: Allows ARK boolean settings that use 0/1 catalog validation, such as Show Floating Damage Text, to pass review preview and apply normally.
  • [frontend] Fix localized dashboard KPI navigation: Uses the locale-aware routing wrapper for dashboard KPI cards so RSC navigation from localized dashboard pages does not request unprefixed dashboard routes.
  • [frontend] Unify server detail dashboard page layout: Hosts the server detail shell in the canonical DashboardPage wrapper, removes nested page chrome from server subpages, constrains standard server tabs on wide screens, and preserves wide settings layouts without duplicate main landmarks.
  • [general] Fix dashboard feature flag provider: Wraps the dashboard layout in the feature flag provider so sidebar feature flag hooks render without tripping the error boundary.
  • [general] Fix settings profile create and detail workflows: Repairs localized settings profile navigation, source-server profile creation for large ARK states, and user-facing profile management error handling.
  • [general] Fix settings profile detail production build: Updates the settings profile detail page to use asynchronous Next.js route params so the production build type check passes.
  • [general] Harden cluster settings runtime apply: Fixes cluster settings auth, API middleware, runtime sync visibility, active-member filtering, and static asset smoke checks for Config Studio cluster flows.

[5b6dca2] - 2026-05-06

Added

  • [backend] Add Config Studio audit timeline API: Adds a read-only Config Studio audit endpoint backed by Unified Event System settings apply events for timeline views.
  • [backend] Add Config Studio backup gate service: Adds a recommendation-only backup gate for Config Studio previews that considers high-risk changes and local backup freshness without blocking apply.
  • [backend] Add Config Studio funnel telemetry: Adds bounded OpenTelemetry counters and histograms for Config Studio preview, import, snapshot, and apply flows without recording server IDs, actor IDs, setting keys, or setting values.
  • [backend] Add Config Studio import and export previews: Adds preview-only Config Studio import APIs for JSON profiles, ARK INI, and Palworld settings plus a JSON export API that excludes sensitive values.
  • [backend] Add Config Studio summary endpoint: Adds a read-only Config Studio summary API with catalog statistics, last settings change, last completed backup, and backup freshness recommendations.
  • [backend] Add Config Studio value snapshots: Adds sanitized Config Studio value snapshots with list/create APIs and automatic pre-apply snapshots for high-risk settings changes.
  • [backend] Add Discord Command Center foundation: Introduces the additive Discord integration schema, bot approval flow for mutating commands, community Discord routing APIs, centralized Discord outbound delivery, and DRACO NEST bot branding.
  • [backend] Add Discord community delivery queue: Adds queue-backed Discord community route delivery from UES server events with deterministic job idempotency, retry handling, DLQ escalation, admin alerts, and sanitized Draco learning for exhausted delivery failures.
  • [backend] Add Discord role sync workflow: Adds feature-flagged Discord role mapping APIs, manual role sync enqueueing, a dedicated BullMQ worker with DLQ escalation, and dashboard controls for community role synchronization.
  • [backend] Add Draco console log draft flow: Adds log-analysis intent handling, draft token creation for compatible Draco suggestions, a single-use draft consume endpoint, and bounded Config Studio telemetry.
  • [backend] Add ephemeral Draco draft store: Adds a Redis-first Draco draft proposal store with five-minute TTLs, single-use consumption, actor guards, and in-memory fallback when Redis is unavailable.
  • [backend] Add gated Draco Discord diagnostics: Adds a feature-flagged /draco diagnose Discord command that routes linked users through the existing Draco ask endpoint and blocks execution when DISCORD_AI_COMMANDS_ENABLED is disabled.
  • [backend] Add settings bulk apply API routes: Adds owner-scoped dry-run and execute routes for settings bulk apply runs, including target compatibility previews, idempotent run replay, and run status retrieval.
  • [backend] Add settings bulk apply worker orchestration: Adds the queued settings bulk apply service and worker that fans target servers through the existing Settings Platform apply path with per-target idempotency, DLQ alerting, and sanitized RAG error summaries.
  • [backend] Add settings profile and bulk apply observability: Adds sanitized settings profile events, per-target bulk apply telemetry, an owner-only bulk apply runs diagnostics API, and audit-correlation coverage for repeated cluster-wide partial failures.
  • [backend] Add settings profiles foundation: Introduces feature flags, additive Prisma tables, backend compatibility helpers, and owner-scoped settings profile APIs for saved server settings profiles and future bulk apply workflows.
  • [backend] Expose Config Studio apply and mod summary metadata: Adds last successful settings apply time and installed mod count to the Config Studio summary payload for mod-aware review surfaces.
  • [backend] Warn on mod-sensitive settings previews: Add non-blocking preview warnings when changed mod-sensitive settings may affect installed mods.
  • [frontend] Add cluster settings bulk apply UI: Adds a cluster settings panel for previewing and executing saved profile, member server, or imported JSON settings changes across all or selected cluster members with visible per-target results.
  • [frontend] Add Config Studio backup gate panel: Adds a Config Studio sidebar panel that shows backup freshness and lets admins create a full backup before applying risky configuration changes.
  • [frontend] Add Config Studio dashboard shell: Adds the Config Studio shell around the existing settings editor with summary, audit timeline, and snapshot panels.
  • [frontend] Add Config Studio import and export panel: Adds a Config Studio sidebar panel for previewing JSON, ARK INI, and Palworld configuration imports and copying sanitized JSON exports.
  • [frontend] Add Discord Command Center setup wizard: Adds an operator-visible Discord setup checklist and per-route health summary to the community Discord Command Center.
  • [frontend] Add Draco Advisor to Config Studio: Adds a Config Studio Advisor panel that turns Draco settings suggestions into local draft changes while keeping final writes behind the existing review and apply flow.
  • [frontend] Add Draco Ops Summary dashboard hub: Adds a centralized Draco Ops Summary dashboard hub with surface discovery, pending approval previews, insights previews, and shared FAB handoff metadata while keeping mutations behind the approval flow.
  • [frontend] Add GRM Draco ingestion operations panel: Admins can review GRM Draco ingestion health, inspect DLQ entries, and replay or resolve failed jobs with an audit reason.
  • [frontend] Add manual Config Studio snapshots: Adds a Config Studio snapshots action that lets admins capture a sanitized settings snapshot from the sidebar and refresh the snapshot timeline.
  • [frontend] Add Mods Manager Config Studio review prompt: Shows a localized Config Studio review banner after mod install, removal, or version changes, adds mod-sensitive field warnings, and records bounded review prompt telemetry.
  • [frontend] Add server settings profiles UI: Adds server settings profile controls for saving reusable non-sensitive settings, previewing saved profiles, and loading compatible values into the settings form before saving.
  • [frontend] Bridge console analysis into Config Studio drafts: Adds an Analyze with Draco action to live console logs and opens Config Studio with a single-use Draco draft when actionable settings are found.
  • [frontend] Complete Config Studio guardrails and bulk integration: Adds Config Studio feature gates, ADR documentation, built-in presets, advisor telemetry, mod-aware risk reasons, unsaved-change protection, summary cluster metadata, and UI integration with the existing bulk apply workflow.
  • [frontend] Highlight mod-aware Config Studio warnings: Shows mod-sensitive setting warnings in Config Studio so admins can review risky changes before applying them to modded servers.
  • [frontend] Load Config Studio import previews into the editor draft: Connects compatible Config Studio import previews to the settings editor draft so admins can review and apply imported values through the existing Settings Platform pipeline.
  • [frontend] Surface Config Studio health in the server header: Adds a server-facing Config Studio health badge so admins can spot pending settings changes, schema context, and backup freshness before opening the editor.
  • [frontend] Track Config Studio draft state globally: Adds a lightweight client store for pending Config Studio draft changes and syncs it from the editor shell for health badge consumers.
  • [general] Add Config Studio settings preview review: Adds a Settings Platform preview endpoint with risk classification and routes Config Studio saves through a review modal before applying changes when the feature flag is enabled.
  • [general] Add Draco-assisted server settings suggestions: Adds catalog-backed Draco settings suggestions with sensitive-field filtering, deterministic fallback mode, review-before-apply UI, feedback telemetry, and sanitized RAG learning events.

Changed

  • [backend] Add mod-sensitive settings metadata: Add mod-sensitive settings catalog metadata backed by a per-game key registry.
  • [backend] Harden multigame Mods Manager operations: Moves the server mods page onto the shared Mods Manager widget, adds canonical install/remove/update/reorder operations with idempotent jobs, keeps legacy mods endpoints as compatibility shims, and marks removed mods only after worker completion.
  • [frontend] Clean up dashboard Draco search and navigation: Replaces the dashboard AI panel card with a global Draco search surface, removes marked dashboard and server-list controls, removes Guilded from the community integration panel, and exposes servers and clusters through expandable dashboard navigation.
  • [frontend] Clean up public signup and pricing plan presentation: Updates public signup copy to the DRACO NEST brand and keeps pricing recommendations focused on plan names and summary information instead of first-level CPU, RAM, and disk specs.
  • [frontend] Extract Config Studio review risk and diff UI: Adds reusable Atomic Design molecules for Config Studio risk badges, diff rows, and restart indicators, then uses them in the review and apply modal.
  • [frontend] Harden server console page: Routes console commands through canonical APIs, hardens WebSocket proxy frame handling, and unifies the console page with live logs and Draco analysis.
  • [frontend] Harden server players management: Standardizes player APIs, adds idempotent audited moderation actions, moves refresh to a POST endpoint, and updates the players dashboard UI with multigame-aware identifiers and localized copy.
  • [frontend] Harden the multigame servers dashboard: Moves the servers page to a canonical dashboard-list BFF, keeps DB-backed rows visible during Pterodactyl degradation, adds list filters and sorting, and hardens power actions with idempotency keys.
  • [frontend] Harden the server Files manager: Unifies the Files page with the shared server dashboard widget, strengthens file API validation and mutation safety, and localizes the file manager UI.
  • [frontend] Move Draco search into the dashboard topbar: Embeds Ask Draco in the dashboard topbar across dashboard pages and restores portfolio-scope answers without requiring a manually selected server.
  • [frontend] Redesign dashboard topbar, clusters, and monitoring command center: Refreshes the dashboard topbar with Ask Draco, rebuilds the ARK clusters overview, and replaces monitoring with a command center for fleet health, Draco insights, server cards, table view, filters, and recent events.
  • [frontend] Replace dashboard Ask Draco FAB with Command Dock: Replaces the floating Ask Draco handoff with a dashboard Command Dock, renders operational result cards, removes the global FAB mount, and keeps status and prompt hardening.
  • [frontend] Use the rich server hero across server dashboard tabs: Moves the live server dashboard hero into the shared server layout so overview, console, players, mods, files, settings, backups, schedules, and domains use consistent multigame status, player, resource, and power controls.
  • [general] Add Draco action registry, approval UX, RAG QA, and privacy controls: Centralizes Draco action intent policy, adds pending approval UX for chat and log diagnostics, exposes RAG collection health for admins, adds golden evals and prompt regression coverage, expands feedback reason buckets, and gives users opt-in memory plus deletion controls.
  • [general] Add Draco approval smoke coverage to CI: Adds a dedicated Draco approval Playwright smoke script and CI step, keeps the full Playwright run from duplicating the tagged smoke, and documents the staging approval checklist.
  • [general] Harden Draco action policy and memory separation: Treats Draco power actions as service-impacting approval intents, adds tenant-scoped idempotency, stale and policy-blocked outcomes, price-impact staging, expanded RAG status visibility, and keeps P1/P2 quality signals out of retrievable memory.
  • [general] Harden Draco chat actions and expose RAG safety context: Routes Draco chat actions through approvals, adds global FAB server selection, stages provisioning recommendations, refreshes prompt/RAG metadata, expands log diagnostics, and adds feedback plus RAG health signals.
  • [general] Promote Config Studio and Settings feature flags: Promote Config Studio review/advisor and Settings profiles/bulk-apply/draco-assist flags to on-by-default with ENV kill-switch.
  • [general] Stabilize Draco approvals, RAG QA, and memory ownership: Adds rich stale approval snapshots, improves approval impact details, expands RAG QA alerts and security evals, and separates Draco memory by user, server, and community ownership scopes.
  • [general] Stabilize Draco approvals, telemetry, RAG miss rates, and memory gating: Adds typed Draco action params, approval-flow smoke coverage, admin action telemetry, collection-level RAG retrieval miss rates, and an opt-in gate for P5 remediation memory.

Fixed

  • [backend] Fix Discord command center server RBAC: Allows linked Discord users to list and operate only their own or member servers through server-scoped RBAC, and prevents Discord role sync from downgrading app roles when no Discord role mapping is configured.
  • [backend] Fix Mods Manager update route ownership middleware: Moves the canonical server mod update endpoint onto the shared server-scoped middleware so authentication, ownership, and canonical server resolution match the other Mods Manager routes.
  • [backend] Harden Discord Command Center approvals: Makes Discord action approvals idempotent under concurrent requests, guards Discord REST calls with the global bot kill switch and a circuit breaker, and aligns Pterodactyl route tests with canonical server identity resolution.
  • [backend] Isolate dashboard API rate-limit buckets: Moves generic dashboard read and write limits to authenticated route-scoped buckets while preserving custom limits for sensitive actions such as bulk apply, power actions, AI commands, and resource scaling.
  • [backend] Prevent Draco settings questions from falling back to no-access chat: Routes server settings questions through an authorized platform workflow response so Draco no longer tells dashboard users to log in or obtain file access when server context is already active.
  • [backend] Prevent empty ARK engram point overrides: Treats blank ARK engram point and total conversion settings as removals so empty INI entries do not suppress default ASE engram point grants.
  • [backend] Restore Discord account link URLs: Adds browser GET handlers for Discord account link tokens so bot-generated /discord/link URLs resolve through the localized app route and complete the existing link workflow after login.
  • [backend] Scope settings profile creation rate limits: Prevents reusable server settings profile creation from sharing the global dashboard write rate-limit bucket, so normal dashboard write activity no longer blocks profile saves.
  • [backend] Synchronize server resource allocations after Pterodactyl updates: Resource scaling now writes live Pterodactyl RAM, CPU, and disk limits back to the server record and includes a dry-run reconciliation command for existing allocation drift.
  • [backend] Use live player counts across server dashboards: Adds a cached live RCON player snapshot for supported games and uses it to keep the players page, dashboard home, monitoring cards, and persisted server current player counts in sync.
  • [frontend] Fix Mods Manager translation namespace: Moves Mods Manager page and control copy into the gameServer.widgets.mods namespace so the server mods page no longer renders missing translation keys.
  • [frontend] Fix settings profile save feedback: Allows complete ARK-sized settings profiles to be saved and restores visible success or error notifications for settings profile actions.
  • [frontend] Restore feature flag provider worker build compatibility: Adds the explicit React import required when the worker TypeScript build reaches the feature flag provider under its legacy JSX setting.
  • [frontend] Restore GRM dashboard permission fallback: Redirects users without CRM_VIEW permission from the GRM dashboard back to the main dashboard instead of surfacing a Server Component error.
  • [frontend] Route Draco Command Dock requests through active server context: Ensures dashboard topbar Draco commands opened from server pages use the active server and streaming Draco/RAG path instead of falling back to fleet Ops Summary responses.
  • [frontend] Use live Pterodactyl resource limits on the servers dashboard: The servers list now prefers live Wings resource limits for RAM and disk usage, falling back to stored allocation fields only when live status is unavailable.
  • [general] Fix server resource capacity and live player consistency: Normalizes server storage allocation units, shows used and total capacity in server hero live resources, and reuses live ARK player snapshots for dashboard and player management views.
  • [general] Hide inactive clusters by default: Filters inactive ARK clusters out of the default clusters API and dashboard navigation while keeping explicit inactive cluster queries available for admin review.
  • [infra] Stabilize Discord bot production startup: Moves the production Discord bot health endpoint to port 3011 and lets slash command registration use a bot-specific application ID when OAuth and bot applications differ.

Security

  • [backend] Harden console WebSocket frame forwarding: Restricts browser-origin console proxy frames to auth and log requests, blocks command and power frames, and records policy violations for operational review.

[5c3a0ca] - 2026-05-02

Added

  • [backend] Complete remaining GRM character, economy, and Draco ingestion surfaces: Adds GRM characters and economy dashboards with read APIs, promotes route contracts behind flags, and expands GRM Draco ingestion to selected P3/P4/P5 AI memory seeds with DLQ-after-three-failures handling.
  • [backend] GRM production-readiness completion for telemetry, Draco ingestion, snapshot cache, and admin health: Adds selected P1/P2 GRM Draco ingestion, failure telemetry, snapshot fallback, admin ingestion health UI/APIs, authenticated GRM mobile smoke, and backfill/compaction utilities with optional promoted-event pruning.
  • [frontend] Achievements strip on the dashboard home behind dashboardVisualV1: Appended a 4-card achievements strip (3 unlocked plus 1 in-progress with mock progress) below the two-column dashboard body under dashboardVisualV1, with EN/PL translations, extended guardrails, and unit tests for AchievementCard and the strip.
  • [frontend] Activate dashboard hero and KPI strip behind dashboardVisualV1: Activated DashboardHero and the refactored KPI strip (admin/non-admin card branch via useDashboardKpiData) on the dashboard home behind the dashboardVisualV1 flag, with EN/PL translations, extended i18n guardrails, and unit tests for the hero and cardKind branch.
  • [frontend] Add local GRM section navigation: Adds an internal GRM section navigation bar for overview, players, groups, reports, economy, and characters so the global sidebar can stay focused on one GRM workspace entry.
  • [frontend] Two-column dashboard with AI panel and compact server rows behind dashboardVisualV1: Activated the two-column dashboard layout (compact-row server list with filter pills, plus DashboardAIPanel) under dashboardVisualV1, with EN/PL aiPanel and serverList translations, extended guardrails, and unit tests.

Changed

  • [backend] Clarify Draco log analysis MVP diagnostics: Adds structured safe log-analysis responses, Palworld and Last Oasis coverage tests, honest metadata for rules/RAG/mock usage, and telemetry for Draco log diagnostics.
  • [frontend] Clean up the dashboard visual home composition: Cleaned dashboardVisualV1 with a full-width Dashboard AI command card, Server Status, no low-value home cards, no topbar command search, no floating dock or FabAI icon, and the user menu moved into the topbar.
  • [frontend] Expand verified ASE server settings coverage: Adds a feature-flagged Advanced mode for ARK: Survival Evolved server settings, hardens official INI mappings, and annotates catalog fields with tier and source metadata.
  • [frontend] Harden server settings cockpit interactions: Improves the server settings widget with searchable filters, sensitive-field masking, normalized dirty-state detection, deterministic save idempotency, and conflict handling that preserves local edits.
  • [frontend] Improve GRM mobile table cards: Moves GRM groups, characters, and economy transactions to responsive table card views and trims secondary Players and Reports fields from compact mobile cards.
  • [frontend] Refine GRM dashboard workspace hierarchy: Prioritizes Reports and Players as GRM quick actions while moving module availability into a lower-priority workspace section without changing route availability data.
  • [frontend] Show ARK cluster IDs in server hero metadata: Displays the public ARK cluster runtime ID in the server hero metadata for clustered servers and returns cluster assignment data from the Ptero v1 server detail API.
  • [frontend] Standardize dashboard page widths: Adds a shared dashboard page shell and applies consistent workspace or contained widths across the main dashboard, server list, monitoring, analytics, GRM, community, subscription, profile, and achievements views.
  • [frontend] Unify server console and logs tabs: Adds a unified Console & Logs tab for server dashboards, migrates legacy console/logs tab configuration, and portal-hardens the online players modal overlay.
  • [general] Canonicalize public pricing taxonomy: Updates public pricing, pricing-v2 recommendations, wizard handoff metadata, Stripe checkout metadata, analytics, and AI prompt pricing context to use CAMP, STRONGHOLD, CITADEL, and DEDICATED NEST while preserving legacy plan aliases for compatibility.
  • [infra] Add custom server container runtime path: Adds a Dockerfile, Docker context denylist, container liveness route, and deployment runbook for starting the DRACO NEST custom server with tsx while keeping workers documented as a separate runtime.
  • [security] Add the RBAC v2 authorization foundation: Introduced the staged RBAC v2 permission resolver, server membership roles, shadow/enforce middleware controls, role-change auditing, cache invalidation, and rollout inventory/backfill tooling.
  • [security] Strengthen RAG collection isolation: Centralizes canonical RAG collection slugs, keeps game-specific searches scoped by collection id, emits collection id and fallback telemetry, and makes the RAG smoke harness bootstrap canonical collections idempotently before read checks.

Fixed

  • [backend] Align GRM controlled-rollout completion paths: Aligned GRM access control, foundation metrics, route status, player economy copy, and partial Draco ingestion operations for controlled rollout.
  • [backend] Complete ASE custom map provisioning support: Preserves custom ARK map names and Steam Workshop map mod IDs through server creation, Stripe checkout, provisioning, and existing server map changes while keeping SERVER_MAP validation aligned with supported custom map names.
  • [backend] Fix GRM overview net-flow response validation: Allows the GRM overview API to return signed netFlow30d values so negative 30-day economy flow no longer fails response contract validation.
  • [backend] Fix Pterodactyl resource upgrade build payload: Preserves the current Pterodactyl allocation, swap, IO, and feature limits when applying resource upgrades so the build update contract is accepted.
  • [backend] Harden resource scaling modal limits: Aligns the resource scaling API with the 64 GB policy cap, validates node headroom server-side, and restores localized modal action labels.
  • [backend] Remove ARK cluster creation caps: Removes the ASE cluster 8 GB rollout cap and max_servers provisioning blockers, and reports ARK cluster members using active non-terminated servers only.
  • [backend] Resolve ARK player query ports from runtime configuration: Updated the ARK RCON player endpoint to query the default allocation, honor explicit QUERY_PORT overrides, and derive ASE or ASA query ports from SERVER_PORT or allocation data when needed.
  • [backend] Secure server stats and align ARK player counts: Added server access enforcement to the dashboard stats endpoint and updated ARK dashboard player count polling to use the live ARK player source consistently with widgets.
  • [frontend] Consolidate GRM into one dashboard workspace navigation item: Replaces separate global Players and Teams dashboard sidebar entries with a single GRM workspace link while keeping GRM subviews available as internal routes.
  • [frontend] Display ARK dashboard query ports from the shared port contract: Updated the ARK server dashboard hero to show the same query port used by player-count lookups, honoring QUERY_PORT overrides and deriving ASE or ASA fallbacks from SERVER_PORT or the game allocation.
  • [frontend] Fix ARK map editor modal layering: Renders the map editor modal through a body portal with a top-level overlay so it is no longer clipped by the server hero card.
  • [frontend] Fix dashboard monitoring server list hydration: Updated the dashboard monitoring page to read the canonical servers API response shape so existing servers render in the monitoring overview.
  • [frontend] Improve dashboard mobile header wrapping: Makes dashboard page header actions and GRM snapshot widget headers wrap safely on mobile to prevent title compression and horizontal overflow.
  • [frontend] Improve resource upgrade completion feedback: Shows a clear success state with the updated RAM, CPU, and disk values after resource upgrades complete instead of exposing queued job details.
  • [frontend] Prioritize GRM section actions: Removes redundant overview/back header actions from main GRM subpages and shifts the GRM overview header actions toward internal GRM sections.
  • [frontend] Restore dashboard topbar actions: Restores the language switcher in the dashboard topbar and keeps topbar dropdown layers visible for notification and user menu actions.
  • [frontend] Stabilize the dashboard shell rollout: Added dashboard shell translations, strict visual feature flag parsing, breadcrumb provider wiring, and unique main-content semantics for the Phase A dashboard shell rollout.
  • [frontend] Standardize the dashboard shell Phase A rollout: Aligned dashboard shell markers, navigation entries, compact user menu usage, translations, and guardrail tests for the Phase A visual shell rollout.
  • [frontend] Use public server identity in the server hero: Returns the public server name from the canonical Pterodactyl detail API and refreshes stale ARK log-detected versions before rendering the server hero.
  • [general] Reduce technical debt audit false positives: Improved technical debt audit route/color handling, deterministic production OpenAI env loading for Draco ingest, and split wizard, Minecraft network, and AI command center files to reduce oversized cleanup debt.
  • [general] Remediate ARK dashboard security and mobile health issues: Removed console token leakage, masked server passwords, improved mobile layout, moved ARK dashboard calls to canonical Pterodactyl v1 APIs, refreshed WebSocket auth tokens, and reduced duplicate player polling.

Security

  • [backend] Harden AI operational approval validation: Adds central approval validation for AI-triggered server actions, binding approvals to exact server/action/risk/user policy checks before restart, backup, smart restart, and ARK cluster setup execution.
  • [backend] Harden dashboard AI command tenant isolation: Validates dashboard AI command server scopes against the authenticated session before operational data is read, rejects mixed unauthorized scopes, and records sanitized denial audit events.
  • [backend] Lock down beta operational endpoints: Adds beta safety gates, allowlists, destructive-action confirmations, mandatory pre-wipe backups, signed Discord alert authentication, and audit logging around RCON, wipe, and Discord alert endpoints.
  • [security] Beta safety stabilization gates: Adds fail-closed standard sales checkout gating, production-safe AI restart and RAG rollout defaults, stricter OAuth email trust checks, manage-level authorization hardening, closes legacy mod install auto-adoption, and adds a custom runtime smoke script.

[2db5967] - 2026-04-26

Changed

  • [frontend] Code split below-fold dashboard home modules: Dashboard home now lazy-loads optional and below-fold modules such as the Draco action hub, usage guard, maintenance updates, uptime quick view, attention center, GRM snapshot, and plan confirmation modal to reduce the initial client bundle.
  • [frontend] Remove legacy server wizard shell and feature flag: Consolidated /dashboard/servers/new on the V2 five-step shell and removed the wizardUiV2Enabled flag along with the legacy desktop rail and sticky action bar. Internal cleanup with no user-facing change.
  • [frontend] Server wizard: a11y, reduced-motion gating and code splitting: Step panel is a labelled landmark, step title gains focus on navigation, rail is an ordered list, sliders forward aria-valuetext to the thumb, dock toggles aria-busy and announces blockers, transitions honour reduced-motion, steps 2-5 are dynamic chunks.
  • [frontend] Server wizard: design v7 polish across the new shell: Replaced the legacy Card surface in step 1 with a v7 tonal panel, removed shadow overrides, scrubbed forbidden Tailwind classes from ServerCreationWizard, and extended the hardcoded-color scanner to cover the wizard route. No user-visible behaviour change.
  • [frontend] Server wizard: RHF + Zod skeleton and step migration: Rebuilt the server creation flow on react-hook-form with a Zod composite schema and a v7 shell. All five steps now run through useWizardForm with draft persistence, dynamic chunked steps, and shared RadioCard / SliderField primitives.

Fixed

  • [backend] Tune pgvector ivfflat probes and add RAG retrieval metrics: Draco AI RAG similarity searches now set ivfflat.probes=10 per query (up from the pgvector default of 1) to restore recall on filtered queries, emit sgshub_rag_retrieval_* Prometheus metrics, and use a partial ivfflat index that skips rows awaiting embeddings.
  • [frontend] Align dashboard home cards with semantic tokens: Dashboard home cards, badges, and quick actions now use semantic border utilities and readable minimum text sizing instead of legacy border combinations and tiny arbitrary text classes.
  • [frontend] Align dashboard widgets with v7 visual tokens: Dashboard command, server overview, security sentinel, and auto-fix widgets no longer rely on legacy glow overlays, hardcoded color palettes, or shadow override utilities; they now use semantic v7 tokens and button styling.
  • [frontend] Clean up dashboard orphans and stale UI plumbing: Removed unreferenced dashboard components and dead UI context fields, dropped the misleading server count placeholder from DashboardPageHeader, and ensured the plan-confirmation modal clears its URL parameter on close so refreshing no longer reopens it.
  • [frontend] Expose dashboard loading state to assistive technologies: DashboardLoadingState now marks the loading skeleton as a status region with aria-busy and screen-reader-only loading text.
  • [frontend] Improve dashboard landmark and error state accessibility: The dashboard main landmark is now labelled by its hidden page heading, and the dashboard error boundary uses current v7 surface/button classes with explicit focus-visible rings.
  • [frontend] Improve dashboard updates accessibility and token usage: Dashboard updates loading, error, filters, pending updates, timing, history, and confirmation modal states now use semantic DRACO tokens and clearer accessible semantics for status, tabs, dialogs, labels, and controls.
  • [frontend] Improve Draco action trend chart accessibility: The Draco action hub trend chart now exposes a labeled figure with a summary description, clearer bar button labels, selected states, and a polite live-region announcement for chart drill-down changes.
  • [frontend] Keep homepage platform-first before segment selection: Homepage now stays neutral until a visitor explicitly selects a game segment, with platform copy, five workflow steps, beta CTA coverage, and the final responsive DRACO NEST platform hero background.
  • [frontend] Normalize dashboard widget heading hierarchy: Dashboard home widgets now use consistent level-three headings under the existing widgets section heading, avoiding heading level jumps in the dashboard outline.
  • [frontend] Reduce dashboard motion runtime and improve widget density: Dashboard Draco action hub and legacy dashboard widgets now use organism placement, larger readable text sizes, consistent card radii, and CSS-based motion instead of eager framer-motion where practical.
  • [frontend] Render dashboard home progressively during data loading: Dashboard home now keeps the authenticated shell visible during initial data fetches so section-level skeletons can render instead of blocking the page behind a full-screen loader.
  • [frontend] Route homepage beta CTAs to the beta page: Homepage Join the beta calls to action now navigate directly to https://draconest.eu/en/beta instead of the registration beta query path.
  • [general] Harden server wizard provisioning recovery: Token-paid server provisioning requests now carry billing context into the provisioning queue so terminal worker failures can refund tokens once, and the legacy wizard submit action now honors final validation blocking state.
  • [worker] Guard the synthetics worker success exit after critical endpoint failures: The synthetics worker now avoids logging a false success path after a critical health-check failure triggers a fatal exit, keeping runtime behavior and observability aligned during production checks.
  • [worker] Refactor server provisioning worker test suite: Refactored the serverProvisioningWorker test suite to replace unreliable BullMQ testing patterns with direct processor invocations and strictly faked Prisma database interactions, restoring 100% test pass rate for infrastructural components.