Skip to content

Feature Status Register

rayswaynl edited this page Jun 3, 2026 · 471 revisions

Feature Status Register

This register separates working systems from partial, deferred or risky systems found during indexing. For revive/remove decisions on dormant feature paths, use Abandoned feature revival.

What this page is

  • Canonical risk-and-readiness map for current gameplay feature health.
  • Evidence-first patch status for active systems, partial systems and likely regressions.
  • Canonical cross-link hub so subsystem pages and playbooks route users here for current patch risk and ownership.

Where it lives

How this page runs in the workflow

  1. Read this register first for risk ranking before opening a subsystem playbook.
  2. Use [Area] rows to pick the current highest-impact lane and then open:
    • Source index / atlas pages (e.g., SQF-Code-Atlas.md, Server-Gameplay-Runtime-Atlas.md)
    • Hardening roadmap
    • DR/cross-link pages (Deep-review findings, Public-variable channel index, feature atlases)
  3. Prefer this page for the latest patch status and known open dependencies before editing source.

What depends on this page

Risk notes

  • Keep patch-risk edits in-place and one-way: add proof to canonical pages instead of repeating deep call stacks in this register.
  • Treat entries marked "patch-ready-current-source-unpatched" as live claims requiring source+vanilla validation before changing status to published.
  • If a finding is promoted or closed, update this register and the corresponding lane record in agent-feature-status.jsonl first, then mirrors and progress pages.
  • Use Developer history and upstream lessons when a risky feature overlaps upstream supply, JIP, marker, town-AI, performance or reverted-branch history.

Working / Active Systems

  • Core Warfare loop: towns, commanders, bases, factories, upgrades, resources and victory checks.
  • Client/server/common initialization split.
  • Generic PVF request/response system.
  • Player supply-truck missions on master.
  • Enhanced day/night cycle with server authority and client smoothing.
  • Server FPS publishing and RHUD/FPS HUD.
  • Performance audit instrumentation plus analyzer.
  • Client auto view-distance and target-FPS hotkeys; current source uses a 60 FPS default, +/-4 FPS band and map-visible guard.
  • Anti-stack module with optional mission parameter.
  • AFK kick through BattlEye publicVariable filter.
  • MASH/ambulance respawn support; MASH marker synchronization is listed below as broken.
  • ICBM/radiation module.
  • EASA aircraft loadout module.
  • Client marker blinking guarded by parameter.
  • LoadoutManager mission copy/generation workflow.
  • Discord bot status updates from exported game data.

Partial / Deferred / Needs Review

Networking / Public-variable hardening lane (source-backed)

This lane tracks direct channels, PVF authority boundaries, and JIP semantics that are still open after the PVF dispatch trust patch lane.

  • publicVariable/publicVariableServer direct request channels are not hardened by PVF allowlisting.
  • request handlers still need explicit side/team/ownership checks even after dispatch is fixed.
  • missionNamespace/JIP handling differs by channel; some flows are request-response only and are not replay-safe.
Area Evidence Status
Upstream supply-run exploit/JIP regression pattern Miksuu PR #10 / merge 97dfff26 fixed remote supply-truck activation; PR #11 / 8164cc33 added a 50 m "too far" notification; PR #12 / 86ec28d6 fixed that notification firing during JIP. Confirmed historical risk. Keep supply mission start/reward hardening server-owned and test late join + remote-start behavior before merging new supply/cash-run variants.
Upstream town-defense activation regression pattern 4aaa814a and 6189f3c5 optimized town/camp/town-AI scans; follow-ups a20a5a0f, 84b1b684, ea0bff2e restored reliable/pre-capture activation and prevented defenders from waking enemy towns. Confirmed historical risk. Town-AI optimizations need capture-driven wakeup, defender-origin filtering and diagnostics, not scan reduction alone.
Upstream marker locality/cache regression pattern 9a550b7a reverted a group-leader marker global-var experiment; 9c72a281, 951e72cb, 332874fd fixed marker tracking, disconnect staleness and side visibility leaks. Confirmed historical risk. Marker/cache changes need side-visibility and disconnect/reconnect validation.
Deep-history AntiStack/RequestJoin fragility 09131233, 841d16af, 88a2ef49, 448b1d85, b32babc7 show command typo, launch-state semantic change, RequestJoin fixes, DB type crash and an AntiStackV6 revert. Confirmed historical risk. AntiStack changes need launch/late join, teamswap, disabled-mode, DB-unavailable and monitoring-only validation.
Deep-history removed task system f61f7222 removed task system entirely; 4881e0d5 removed it from all terrains. Confirmed removed/deferred. Do not revive as a small UI toggle; rebuild as a new JIP-safe task feature if owner wants it back.
Deep-history generated map/version failure pattern 081c1dc4 added copypasted untested modded terrain files; c312b0ec added missions with copypaste method; 812e9596 removed Tasmania after clean-repo mission-load failures tied to ignored/generated version.sqf. Confirmed tooling/release risk. Generated version.sqf and clean-checkout map loads are release gates.
Deep-history branch tombstones and reverted PRs oldMasterBranch tip 3a7972a2 deletes old master contents; PR #3 HQ repair price merged then 346e3be8 reverted it; PR #9 endgame music closed unmerged; A3 test tree removed by 83298186. Confirmed negative knowledge. Do not revive old branch or PR content from name/status alone; check later reverts, branch family and OA compatibility first.
Deep-history client init/UI/marker lifecycle risk 3ff02aea moved clientInitComplete to the real end of init; c6d2539e fixed UI global action state; 95a12305 fixed UAV marker audience leakage; 9c72a281 restored marker motion after cache optimization. Confirmed historical risk. Client/UI/marker work must preserve lifecycle ordering, side audience, moving-marker position refresh and JIP behavior.
Deep-history construction/removal/runtimes 77a07bc0 reverted construction argument dedupe; 16856ae7/8b7fab95 removed guerilla barracks across FSM/HC/buy paths; 33fb2676 reverted supply performance work using wrong authority context. Confirmed historical risk. Construction/removal/performance edits need call-contract docs, full reference greps and dedicated-server/JIP smoke.
Second-wave release tooling and modded packaging risk Current ZipManager.cs packages Missions and Missions_Vanilla while Modded_Missions is commented out; 2a13ce36 requires env var 7za; 3458e714 handled locked file copies; f095e461 fixed Takistan DB map ID post-copy. Confirmed tooling/release risk. Treat release output as Chernarus + generated Vanilla/Takistan unless modded packaging is re-enabled and validated; inspect LoadoutManager logs, 7za, version.sqf, and terrain post-copy fixes.
Second-wave HQ repair and ICBM economy authority risk PR #3 / 7cd0e18d increasing HQ repair cost was reverted by 346e3be8/59a995e8; 5db438ca 75k nukes were reverted by 31d8a06d; current ICBM/HQ repair paths still have client-side action/debit authority concerns. Confirmed historical + current authority risk. Do not add HQ repair escalation or ICBM price/effect changes until server validates affordability, side/team/commander, cooldown, debit and final effect.
Second-wave marker blinking and HC routing risk Dec 2025 marker blinking chain includes 2f6ff43d, 9a550b7a, 9c1fe110 defaulting blinking off; HeadlessClientMultithreading commits 6760f1a3, 1d79ba2a, 6b90c872, f5e8fa47 show typed HC routing/side-less call hazards. Confirmed branch-history risk. Keep marker blinking off by default; HC changes need typed pools, server update-back, side-less HC tests and event-handler cleanup proofs.
Second-wave score/bounty/supply-compensation coupling f17445c1, b31539b4, cc127ef4, 415615c9 changed score/bounty/teamkill handling; upstream/SkillDiffCompensation feeds side supply through ChangeSideSupply. Confirmed historical risk. Treat score awards, bounty math and skill-diff compensation as AntiStack/economy changes; harden side-supply authority before expanding compensation.
WF menu ops-console reskin branch origin/feat/wf-menu-ops-console head 0767c0b5 is a UI-only theme branch from origin/master 2cdf5fb8: Chernarus + maintained Vanilla Rsc/GUI/HUD files, new brand_chevron.jpg, and docs/superpowers plan/spec/mockup files. Evidence: Rsc/Styles.hpp:10-40, Rsc/Ressources.hpp:117-131,274-277, Rsc/Dialogs.hpp:1057-1064,1173-1179,1240-1249, Rsc/Titles.hpp:178-179. Confirmed branch-review risk. Not gameplay logic, but not release-ready until Arma 2 OA visual smoke proves font availability, texture path/case handling, contrast, hub/menu/HUD rendering and Chernarus/Vanilla parity. Also clean branch trailing whitespace reported by git diff --check in docs/superpowers/plans/2026-06-03-wf-menu-ops-console.md:78,179. Use Client UI systems atlas and the branch-only feature smoke pack.
BuyMenu/EASA QoL branch origin/feat/buymenu-easa-qol head a66d4691 is a narrow Chernarus UI branch: unaffordable buy-unit price tint (Client_UIFillListBuyUnits.sqf:1,61-62,104), live queue counts on factory tabs (GUI_Menu_BuyUnits.sqf:201-210), selected-unit cost formula/display work (GUI_Menu_BuyUnits.sqf:280,335,388,444,487) and EASA current-loadout highlight/preselect (GUI_Menu_EASA.sqf:29-40). Full audit: BuyMenu EASA QoL branch audit. Confirmed branch-review risk, low blast radius. It is UI-only, 3 Chernarus files and git diff --check clean, but not propagated to maintained Vanilla. Needs Arma 2 OA menu smoke for affordability color versus full/crew cost, queue label refresh/no flicker, final idc 12034 price after the later write, and EASA current-loadout selection including filtered/unset cases.
Player stats branch origin/feat/player-stats head e01e47e1 adds off-by-default SQF stat emission (WFBE_C_STATS_ENABLED = false at Init_CommonConstants.sqf:443), kill-stat hooks (RequestOnUnitKilled.sqf:51-65), Server/Stats/*, DiscordBot Stats/* RPT tailing/accumulation and DiscordBot.Tests/*. Local branch validation passed: dotnet test 13/13. Full audit: Player stats branch audit. Confirmed branch-review risk. Safe by default because the feature flag is false, but enabling it is operational/integration work: decide RPT path/state-file ownership, UID/privacy policy, log volume, corrupt stats.json recovery, deployment config, Chernarus-only vs Vanilla propagation and whether stats belong in DiscordBot or the mission extension.
Perf quick-wins branch origin/perf/quick-wins head 0076040f is a Chernarus-only fix branch with 18 files, +27/-27 and clean git diff --check. It patches known docs-backed defects including side-supply clamp shape (Common_ChangeSideSupply.sqf:25, Server_ChangeSideSupply.sqf:12,36), factory queue cleanup on crewless buys (Client_BuildUnit.sqf:366-368), paratrooper marker PV registration (Init_PublicVariables.sqf:40), mine-cleaner pair removal (mines_cleaner.sqf:17), dead-object wfbe_trashed handling (server_collector_garbage.sqf:17), fixed resource interval (updateresources.sqf:74), camp-bunker nil-code EH removal (Server_HandleSpecial.sqf:235-236) and kill-assist bounty type (RequestOnUnitKilled.sqf:92). Full audit: Perf quick wins branch audit. High-value branch-review risk. Treat as a fix candidate, not proof that stable master is fixed. It is source-Chernarus only; Missions_Vanilla has no branch diff and still shows the old clamp/EH/kill-assist/resource-loop shapes. Reconcile with docs/source propagated fixes, propagate maintained Vanilla deliberately, keep DR-44 side-supply authority separate from the clamp, and smoke economy debit/no-credit inversion, factory queue counters, paratrooper marker handling, cleaner/camp/resource loops and WASP touched actions before merge/release wording.
Commander positions / modular walls branch origin/feat/commander-positions head 560db61c has merge base f5985b77, 83 changed files and broad Chernarus/Vanilla deltas. The actual WDDM commander-position runtime is source-Chernarus only: anchor classes (Structures_CO_US.sqf:168-174, Structures_CO_RU.sqf:166-172), template map (Init_Defenses.sqf:93-183), compile (Init_Server.sqf:26) and Server_ConstructPosition.sqf:1-66. No Server_ConstructPosition or WFBE_POSITION_TEMPLATE_MAP hits exist under maintained Vanilla on branch grep. Full audit: Commander positions branch audit. Broad branch-review risk. Do not describe as a clean construction-only branch or Vanilla-propagated feature. Before promotion: split or audit unrelated deltas, clean branch whitespace, re-check construction request authority (DR-6), smoke position placement at the clicked map point, HQ undeploy cleanup, CoIn UI, and decide/implement maintained Vanilla propagation.
Zargabad low-pop map branch origin/feature/zargabad-map head 1fdcb37a adds a new maintained Vanilla Zargabad mission folder and terrain/tooling support: ZARGABAD.cs:1-13, SqfFileGenerator.cs:127-130, initJIPCompatible.sqf:121-124, Init_Boundaries.sqf:4-10, Init_Zargabad.sqf:1-125 and Guides/Zargabad-Completion-Gates.md:8-20. Branch diff is huge: 832 files, +77702/-95. Local static branch validation passed with Tools\Validate-ZargabadMission.ps1: 13 towns, 19 camps, 1 airport, 9 starts, 33 defense logics, no duplicate object ids, no missing sync targets and no Takistan Zargabad-module spillover. Full audit: Zargabad branch audit. Map-release branch-review risk. Static validation is strong but runtime evidence is still open. Treat as a full terrain release candidate, not a normal generated-mission copy. Needs generated whitespace cleanup (git diff --check reports 3542 findings), hosted/dedicated/JIP/HC runtime evidence, screenshot/RPT audit packet validation, town/base/camp/economy balance checks, edge-guard/black-market smoke and class-load verification.
Supply helicopter branch current head origin/feat/supply-helicopter is checked at head 262dc431. The PR #1 page is refreshed for current head: Air-factory upgrade 3 load/action gates (Skill_Apply.sqf:62-72, supplyMissionStart.sqf:21-29), Air upgrade 4 cash-run branch (supplyMissionCompleted.sqf:24-35), lobby toggle (Rsc/Parameters.hpp:4-10), load/unload timers and central class lists (Init_CommonConstants.sqf:168-180). Current head clears SupplyAmount/SupplyFromTown but not SupplyByHeli (supplyMissionCompleted.sqf:40-41). PR #1 branch-review risk current. No maintained Vanilla SupplyByHeli/heli constant hits were found; non-supply branch baggage, branch whitespace, retained SupplyByHeli state, timer UX, Air 3/4 economy semantics and runtime smoke remain gates. Use Current supply heli PR.
Drone/recon support branch split origin/feat/drone-saturation-strike head 8ca4be90 is the latest drone tuning branch; origin/feat/recon-uav head 563418ea adds server AI-flown ReconUAV/ReconUAVRecall and removes the old UAV module, but only includes drone history through 93b47594. Drone diff from stable origin/master is 17 total files (+1133/-4), of which 15 are source-Chernarus mission files (+379/-4) and 0 are maintained Vanilla mission files. Recon diff is 25 total files (+1461/-657), of which 22 are source-Chernarus mission files (+593/-657) and 0 are maintained Vanilla mission files. Confirmed branch-review risk. Treat drone strike and recon UAV as separate support features. Before merge, resolve drone tuning drift, move paid support authority server-side, validate old-UAV replacement/recall/reveal/JIP cleanup, and either propagate generated Vanilla or keep Chernarus-only scope explicit. Use PR8 and drone upstream lesson match plus the branch-only feature smoke pack.
Direct attack-wave request trust (ATTACK_WAVE_INIT) Common/Functions/Common_AttackWaveActivate.sqf, Server/Functions/Server_AttackWave.sqf, DR-41 Live + open: client payload directly drives discount and timing
Direct side-supply mutation (wfbe_supply_temp_*) Common/Functions/Common_ChangeSideSupply.sqf, Server/Functions/Server_ChangeSideSupply.sqf, DR-22/DR-44 Live + open: side/amount trust and clamp behavior are not secure
Side-supply reason string off-by-one Common_ChangeSideSupply.sqf:8-14 reads _reason only when count _this > 3, so normal 3-argument calls such as AttackWave.sqf:40 publish the default error reason instead of the caller's audit string. Low-risk audit/logging defect. Fix with the side-supply clamp pass by reading _reason when count _this > 2 and _includeStagnation when count _this > 3.
Auto view-distance optimizer Client/Init/Init_Client.sqf:12-13,175-176,236-240; Client/FSM/updateclient.sqf:102-107; Common/Functions/Common_AdjustViewDistance.sqf:17-69; Common/Functions/Common_AutomaticViewDistance.sqf:6-36 Working client UX/performance feature. Current source uses target FPS 60, auto mode off at startup, User18 toggle, User19/User20 view-distance or FPS adjustment, profile key WFBE_TARGET_FPS, map-visible skip and +/-4 FPS band. Historical +/-2 changelog wording is stale.
AFK enforcement policy Rsc/Parameters.hpp:44-48; Client/FSM/updateclient.sqf:28-31,117-160; Client/Init/Init_Client.sqf:256-264; Client/Module/AFKkick/monitorAFK.sqf:19-30; BattlEyeFilter/publicvariable.txt:1-2 Working but dual-path/client-local. Current parameter default is 15 minutes. The FSM path publishes kickAFK for BattlEye; the older module still runs a 30-minute AFKthresholdExceededName/failMission path. Clean up to one owner before changing policy.
Aircraft ordnance guardrails Rsc/Parameters.hpp:284-300; Common/Init/Init_Unit.sqf:118-128,207-212; Common/Functions/Common_HandleShootBombs.sqf:15-44; Common/Functions/Common_HandleIncomingMissile.sqf:9-21; Common/Functions/Common_HandleShootMissiles.sqf:95-140 Partial. Bomb distance deletion for FAB-250/Mk82 is live; incoming missile range and terrain-masking projectile deletion are live. Bomb altitude is only parameterized/commented in the handler, so do not claim active altitude enforcement.
MASH marker relay health Server/Module/MASH/MASHMarker.sqf, Client/Module/MASH/receiverMASHmarker.sqf, Client/Init/Init_Client.sqf Confirmed dead/partial: server and client halves are mismatched
Paratrooper marker registration gap Server/Support/Support_Paratroopers.sqf, Client/PVFunctions/HandleParatrooperMarkerCreation.sqf, Common/Init/Init_PublicVariables.sqf Branch-scoped: docs/source Chernarus and Vanilla register it; stable master and the current release branch do not.
Spawn/race behavior in PVF dispatchers Common/Functions/Common_SendToServer*.sqf, Server/Functions/Server_HandlePVF.sqf, Client/Functions/Client_HandlePVF.sqf Open: dispatch and execution ordering still non-deterministic for burst traffic
Area Evidence Status
Autonomous AI supply trucks UpdateSupplyTruck compile is commented at Server/Init/Init_Server.sqf:36, but the live call [_side] Spawn UpdateSupplyTruck; remains at :383, gated by WFBE_C_ECONOMY_SUPPLY_SYSTEM == 0 && WFBE_C_AI_COMMANDER_ENABLED > 0. AI_UpdateSupplyTruck.sqf also references missing Server/FSM/supplytruck.fsm. Config-gated latent breakage. Default supply system 1 is safe; supply system 0 with AI commanders is broken until the compile and FSM are restored or redesigned.
AI commander automation On stable origin/master, AI commander constants and side-logic state/funds exist; WFBE_SE_FNC_AI_Com_Upgrade is compiled and Server_AI_Com_Upgrade.sqf performs real upgrade/funds logic, but no live scheduler/loop starts full autonomous commander behavior. Branch origin/feat/ai-commander head 4dba060e adds a Chernarus-only supervisor, assign-types/assign-towns/produce workers and an explicit order executor. Branch-review risk. Stable master remains partial/latent. feat/ai-commander is the current revival attempt, but it is source-Chernarus-only, changes AI commander default to on, still only guards old UpdateSupplyTruck, and needs dedicated/JIP/Vanilla smoke before being called revived. Use AI commander autonomy audit plus the branch-only feature smoke pack.
Town AI vehicle despawn safety Server/FSM/server_town_ai.sqf:191-223 deletes inactive town-AI vehicles; :211-216 uses !(isPlayer leader group _x) and does not check crew, cargo or turret occupants. Einstein verified a player passenger/crew member who is not group leader can still be inside an eligible vehicle. Confirmed bug. Guard despawn with a full player-occupancy check while preserving cleanup of empty AI-only town vehicles.
Task system TaskSystem compile and TownAddComplete spawn are commented in Client/Init/Init_Client.sqf though Client_TaskSystem.sqf still exists. Disabled/partial. Re-enable only after checking task spam/JIP behavior.
MASH marker receiver receiverMASHmarker.sqf (registers the WFBE_SE_MASH_MARKER_SENT client EH) is referenced only by the commented compile at Client/Init/Init_Client.sqf:132; Server/Module/MASH/MASHMarker.sqf listens for WFBE_CL_MASH_MARKER_CREATED, but DR-34 found no live client broadcast of that trigger. Confirmed broken/dead on both ends → deployed MASH tents can still work for respawn, but MASH map markers never appear. Revival needs a server-held list, JIP re-send and unique marker names; otherwise remove the dead relay.
Paratrooper drop markers Server/Support/Support_Paratroopers.sqf:117 sends HandleParatrooperMarkerCreation; docs/source Chernarus and Vanilla both register that client PVF in Common/Init/Init_PublicVariables.sqf:39, and the handler file exists. origin/master omits it, and release a9219d88 omits it in both Chernarus (NukeIncoming at :41) and Vanilla (NukeIncoming at :39). docs/source propagated; not on stable master or the current release branch; Arma smoke pending. Use Paratrooper marker revival. Modded folders still drift: Napf/eden/lingor register the handler but lack the handler file.
PV dispatch trust boundary Server_HandlePVF.sqf/Client_HandlePVF.sqf run Call Compile on the sender-chosen command string with no validation; the shipped BattlEye posture does not cover it. Live-server hardening gap (High). Validate the command string before compile; use External integrations for shipped BattlEye evidence and Deep-review findings DR-1 for the dispatcher finding.
PV legitimate-command forgery Hilbert's network pass confirmed high-trust handlers: RequestChangeScore.sqf overwrites score from payload, RequestVehicleLock.sqf locks payload vehicles, RequestTeamUpdate.sqf mutates team behavior, and RequestUpgrade.sqf forwards to upgrade processing without visible sender/cost validation in the handler. Live-server hardening gap (High). Even after replacing dispatcher Call Compile, validate sender, role, side, funds, ownership and object locality inside high-impact handlers.
Direct publicVariable channels outside PVF Direct PVEH/PV channels exist for attack waves, side supply, supply missions, MASH markers, HQ state, AntiStack compensation, server FPS, AFK, day/night and marker/message channels. DR-41 confirms ATTACK_WAVE_INIT is forgeable and can make side-wide unit prices free or negative from client-supplied _supply. A PVF dispatcher fix or WFBE_PVF_* whitelist does not cover these. Review each channel's sender, lifecycle and JIP semantics before calling networking hardened. See Networking and public variables, Server authority map and Attack-wave authority playbook.
BattlEye mitigation as shipped Claude DR-30 verified the repo footprint: only the AFK publicVariable rule is shipped in-tree; no broader filter/config bundle is present. Canonical evidence lives in External integrations. High live-server hardening gap. Use External integrations and backlog id battleye-hosting-hardening; do not treat BattlEye as shipped remediation until production BEpath files or a tested filter set are supplied.
ICBM/Nuke RequestSpecial authority Claude DR-27 traced the Tactical-menu ICBM path: client-side menu gates call Client/Module/Nuke/nukeincoming.sqf, which sends RequestSpecial ["ICBM", ...]; the server HandleSpecial ICBM case spawns NukeDammage from client payload without upgrade/commander/funds validation. Critical live-server hardening gap. One forged RequestSpecial PV can trigger server-applied map-wide damage. Use ICBM authority before patching or trusting this module publicly.
RequestSpecial track-playerobject branch Server_HandleSpecial.sqf:133-145 defines a track-playerobject case, but the 2026-06-04 RequestSpecial scout found no active Chernarus RequestSpecial caller for that tag. Likely dead/undriven bookkeeping branch. Before reviving it, validate sender identity and player-object ownership; otherwise remove or comment it during RequestSpecial hardening.
Construction request authority DR-6 confirms construction PVFs trust client payload authority and mostly class-existence checks. Hardening gap. Use Deep-review findings DR-6 for proof, Construction and CoIn systems atlas for flow, and Server authority migration map for migration design.
Player purchase authority GUI_Menu_BuyUnits.sqf calls local BuildUnit and deducts funds client-side; Init_PublicVariables.sqf has no RequestBuyUnit, and no Server/PVFunctions/RequestBuyUnit.sqf exists. Legacy/client-local buy path. Add server validation before adding exploit-sensitive purchases. See Factory and purchase systems atlas.
Server AIBuyUnit path Init_Server.sqf compiles AIBuyUnit = Server_BuyUnit.sqf, but source search only finds the compile and Server_BuyUnit.sqf itself. Latent/unused until a dynamic caller is proven. Decide whether to revive for AI commander production or retire.
Factory queue counter leak Claude DR-33 confirmed Client_BuildUnit.sqf:365 can exit an empty-vehicle purchase before the later WFBE_C_QUEUE decrement at :469. Repeated empty-vehicle buys can locally soft-lock a factory category for that player. Decrement queue counters on every exit path.
Factory FIFO token churn Client_BuildUnit.sqf uses a random queue token and broadcasts the building queu array on each mutation. Perf/JIP hardening gap. Use unique queue tokens and reduce public broadcasts before expanding factory side effects.
Duplicate client skill init docs/source Chernarus and Vanilla now have one Skill_Init.sqf call at Client/Init/Init_Client.sqf:547, followed by WFBE_SK_FNC_Apply at :571. origin/master still has duplicate calls at :561 and :585; release a9219d88 still duplicates Chernarus at :565/:589 and Vanilla at :561/:585. docs/source propagated; stable master and the current release branch still duplicate; Arma smoke pending. See Client skill init idempotency.
Commander reassignment call shape Server_AssignNewCommander.sqf assigns _side = _this, then _commander = _this select 1; RequestNewCommander.sqf calls it with [_side, _assigned_commander]. Likely bug. _side should probably be _this select 0; verify before relying on manual commander reassignment.
Commander authority and requester validation RequestNewCommander currently uses PVF wrapper cooldown logic but does not prove sender authority before mutate-eligible command-side transitions. Server_AssignNewCommander.sqf still emits duplicate new-commander-assigned paths. High. Fix assignment call-shape and keep sender/side/role checks in one follow-up owner-validation pass; do not close commander-authority until both layers are patched.
Supply mission cooldown casing DR-18 confirms the town seed key and server read/write key differ by case. Correctness bug. Use Supply mission architecture for flow and Supply mission authority cleanup for patch shape.
Supply mission reward authority Client supply mission start sets truck SupplyFromTown and SupplyAmount; server completion trusts those truck variables. Hardening gap. Recompute reward/cooldown server-side from trusted town/truck state.
Supply mission command-center scan docs/source Chernarus and Vanilla supplyMissionStarted.sqf:25-28 now filter the 80-meter command-center scan to Base_WarfareBUAVterminal; the 8-meter player/object scan at :44 remains broad by design. origin/master is still broad at :28. Release a9219d88 has the heli-aware narrowed Chernarus scan at :50-56, but Vanilla still keeps the broad :28 scan. docs/source propagated; current release branch is Chernarus-only for this lane; stable master remains broad; Arma smoke pending. See Supply mission scan narrowing.
Upgrade request authority RequestUpgrade accepts side/id/level from clients after local UI checks, then Server_ProcessUpgrade applies progress/state transitions. High. Local checks are partial; server-side side, owner, dependency and idempotency checks are still needed before trust assumptions are raised.
Support/repair/rearm reward authority GUI_Menu_Service, GUI_Menu_EASA, GUI_BuyGearMenu, bounty handlers and WASP repair actions still mutate/announce client-funds paths in places; HQ/camp/town reward emitters are mixed. Medium. This is a shared non-isolated economy lane and should follow the upgrade/construction authority design rather than isolated local guards only.
Victory/endgame winner inversion and double-fire DR-11 is the canonical winner-inversion / persisted win-tally finding; DR-36 owns the server_victory_threeway.sqf:23 mechanism and fix shape. Correctness bug. Same-tick eliminations can double-fire endgame and overwrite/log the opposite winner. Route implementation through Deep-review findings DR-11/DR-36 and the Hardening roadmap.
Threeway victory mode Earlier DR-12 found WFBE_C_VICTORY_THREEWAY selection can skip the only auto-end detection path. Broken/abandoned mode until end conditions are implemented for non-default victory modes.
Resistance side supply updates Common_ChangeSideSupply.sqf formats wfbe_supply_temp_<side> generically, but server handlers exist only for west/east. Resistance side supply not fully wired.
Hosted server FPS loops docs/source Chernarus and Vanilla serverFpsGUI.sqf:1 and monitorServerFPS.sqf:1 exit before their loops when !isDedicated; dedicated publishing remains every 8 seconds. origin/master still sleeps only inside if (isDedicated) (serverFpsGUI.sqf:4, monitorServerFPS.sqf:2). Release a9219d88 guards Chernarus serverFpsGUI.sqf:4 and removes/comments the Chernarus monitor path in Init_Server.sqf:594-596, but Vanilla still has the old loops. docs/source propagated; current release branch is Chernarus-only for this lane; stable master keeps the old loop shape; Arma smoke pending. See Hosted server FPS loop sleep.
Old map blink loop Client_BlinkMapIcons and AddUnitToTrack compiles plus old exec are commented; newer singular Client_BlinkMapIcon and bookkeeping are active. Legacy replacement. Avoid resurrecting old loop without perf review.
Server map blinking units Server_MapBlinkingUnits.sqf exec is commented in Init_Server.sqf. Disabled/legacy.
Old WASP init block initJIPCompatible.sqf contains a commented WASP init block marked as old and resource-heavy. Legacy/deferred removal. Individual WASP scripts still exist and may be called elsewhere.
Server FPS compile variable WFBE_CO_FNC_monitorServerFPS compile lines are commented, but Init_Server.sqf later execVMs Server/Module/serverFPS/monitorServerFPS.sqf. Not broken; document the direct exec path.
Static-defense HC update-back DR-42 verified Client_DelegateAIStaticDefence.sqf:28 comments out the update-delegation-static_defence send-back, unlike town-AI delegation (Client_DelegateTownAI.sqf:35) which reports vehicles back to Server_HandleSpecial.sqf. Partial headless feature. HC-created static-defense units are not recorded by the server for cleanup/accounting/re-delegation unless the update-back path is restored or the one-way behavior is accepted. Use HC delegation/failover before patching.
Server init duplicate binds DR-43 re-check found live duplicate binds in Init_Server.sqf for WFBE_CO_FNC_LogGameEnd (:64 and :89), WFBE_SE_FNC_PlayerObjectsList (:69 and :91) and WFBE_SE_FNC_AwardScorePlayer (:83 and :93), plus commented duplicate remnants for AFK kick, server FPS and MASH marker. Low-risk cleanup. The live duplicates currently bind the same files and the second wins; de-duplicate to reduce maintenance traps, especially around the DR-13 game-end cleanup.
MASH marker duplicate compile One MASH marker compile is active and a later duplicate is commented. Likely cleanup artifact; do not re-enable both.
Volumetric clouds Parameter exists but is forced disabled in constants and client init. Intentional optimization.
Modded map generator path SqfFileGenerator.cs has TODO to add modded maps back in one path. Verify before assuming modded mission regeneration is complete.
Dangerous CRV7PG loadouts LoadoutManager has WARNING_GAME_CRASH_DO_NOT_USE_IN_LOADOUTS_* weapon/ammunition classes, and WILDCAT.cs references one. High-risk data. Keep these warnings visible when changing loadouts.
Gear menu cleanup GUI_BuyGearMenu.sqf has TODOs about securing vanilla/removing unused code, refreshing targets, vehicle target content and vehicle/backpack templates. Partial UI cleanup. See Gear, loadout and EASA atlas.
Gear profile template filtering Client_UI_Gear_SaveTemplateProfile.sqf references undefined _u_upgrade in upgrade checks. Likely bug. Saved profile templates should not be trusted to enforce upgrade gates until the variable is fixed or replaced.
Gear/EASA/service purchase authority GUI_BuyGearMenu.sqf applies gear and deducts funds client-side; GUI_Menu_EASA.sqf calls EASA_Equip and ChangePlayerFunds client-side; Claude DR-28 also traced GUI_Menu_Service.sqf rearm/refuel debits with no affordability guard. Client-authoritative legacy path. DR-28 completes the economy authority class: build, buy, sell, supply, upgrade, ICBM and gear/service are all client-authoritative. Public-server hardening needs a server ledger/effect-validation design or BattlEye script filtering; service rearm/refuel also deserve local if (_funds >= _price) parity guards.
Generated EASA/balance output LoadoutManager writes Client/Module/EASA/EASA_Init.sqf and Common/Functions/Common_BalanceInit.sqf; Common_BalanceInit.sqf exits on server while server buy code still calls BalanceInit. Generated/locality risk. Change C# data first, inspect generated diffs, and test spawn versus rearm behavior separately.
Discord sample/config hygiene DiscordBot/preferences_sample.json contains concrete sample IDs and a production-style DataSourcePath; DiscordBot/FileConfiguration.cs and GameData.cs have fallback paths to C:\a2waspwarfare\Data. Governance cleanup. Replace real-looking sample IDs with placeholders and document one intended config source. No token is committed.
DiscordBot JSON deserialization Claude DR-31 verified DiscordBot/src/ExtensionData/GameData/GameData.cs reads database.json with Newtonsoft TypeNameHandling.All on a 60-second status timer, at startup and from a command path. High local-write-gated RCE risk. Use TypeNameHandling.None for the flat GameData DTO and remove the dead .Auto deserialization helper. Secret hygiene and command auth are otherwise documented as good.
In-repo stats extension vs AntiStack DB extension a2waspwarfare_Extension only implements GLOBALGAMESTATS; AntiStack calls a separate A2WaspDatabase DLL that is absent from the repo. Claude DR-29 verified GLOBALGAMESTATS is not an SQF RCE path today because output is discarded, but it has dormant deserialization and async-write risks. Deployment dependency split. Do not assume building Extension satisfies AntiStack. Add extension presence detection/circuit breaker before public deployment; remove/harden the dead TypeNameHandling.Auto load path and fix async void file writes before treating the extension as robust persistence.
WASP HQ recovery locality WASP/actions/Action_RepairMHQDepot.sqf performs funds/HQ/town-SV effects largely client-side before server repair signaling. Authority-light legacy action. Harden server-side before expanding HQ recovery, town-SV reset or commander-spend behavior.
Missing CI/reference validation Only .github/FUNDING.yml exists; no build/reference/generated-drift checks were found. Missing tooling. Add .NET builds, generated-mission drift, SQF reference scans and wiki JSON/JSONL validation when project automation is introduced.
Modded mission conflict markers `rg -l "<<<<<<< =======
Stale old upgrade dialog RscMenu_Upgrade points to missing Client/GUI/GUI_Menu_Upgrade.sqf; the live main menu opens WFBE_UpgradeMenu / GUI_UpgradeMenu.sqf instead. Confirmed stale UI path. Do not revive without deleting/replacing the old resource class.
Generated version.sqf boot dependency description.ext:39 and initJIPCompatible.sqf:4 both include version.sqf, but the file is absent in the current source checkout and is generated/ignored by the tooling workflow. Fresh-checkout boot hazard. Run LoadoutManager or supply terrain version.sqf before packing/testing the source mission.
Economy dialog missing controls GUI_Menu_Economy.sqf:7-8 writes to 23004/23005; the audited RscMenu_Economy controls around Dialogs.hpp:3326-3439 do not declare those IDC values. UI correctness debt. Add intended controls or remove stale writes, then smoke Economy menu disabled/income/supply-truck controls.
Modded missing camp helper file Napf, Eden and Lingor Common/Init/Init_Common.sqf:52-53,127-128 compile Common/Functions/Common_GetTotalCamps.sqf, but only source Chernarus and maintained Vanilla currently track that file. Additional modded-runnability blocker. Do not call those forks runnable until missing helpers, generated inputs and conflict markers are resolved or the forks are regenerated/retired.
Camp count helper fallback Common_GetTotalCamps.sqf:10-11 and Common_GetTotalCampsOnSide.sqf:16 return 1 when the computed camp count is zero. Correctness/metrics debt. Keep as a safe-denominator helper only if callers expect that; otherwise split real-count and safe-denominator functions. See Towns, camps and capture atlas.
Unit-cost discount stale global Client_UIFillListBuyUnits.sqf:7-16 sets global UNIT_COST_MODIFIER for upgrade levels 1 and 2, but does not reset it to 1 for level 0; GUI_Menu_BuyUnits.sqf:90 and list cost math then reuse the global. UI/economy correctness debt. Reset the modifier on each list fill or replace it with a local helper shared by list/detail/purchase formulas.
Destroyed-factory purchase has no refund GUI_Menu_BuyUnits.sqf:145-156 increments local queue and debits funds after spawning BuildUnit; Client_BuildUnit.sqf:211-214 exits on dead/null factory with queue cleanup but no refund. Decide intended design. If it is a bug, make acceptance/debit atomic or add a single safe refund path; smoke factory death, buyer disconnect and normal queue completion.
Auto-wall construction toggle is global RequestAutoWallConstructinChange.sqf:3-7 writes one global isAutoWallConstructingEnabled; Construction_SmallSite.sqf:110-112 and Construction_MediumSite.sqf:125-128 consume it for later construction. Workflow/authority risk. Key by side/requester if it is meant as a player preference, or explicitly document/smoke global behavior.
Suspect clickable-text sound config Rsc/Ressources.hpp defines RscClickableText.soundPush[] = {, 0.2, 1};. Likely malformed resource config; verify in-game parser behavior before reusing this base control.
Buy gear partials GUI_BuyGearMenu.sqf includes self-documented TODOs for target refresh, vehicle target content and template scope. Partial UI cleanup; avoid expanding templates until gear/vehicle/backpack behavior is mapped.
Fast travel fee GUI_Menu_Tactical.sqf TODO mentions travel fee/mod parameter work. Missing/unfinished feature.
Base/town dynamic logic TODO Common/Init/Init_Common.sqf has a TODO around dynamic logic presence. Low-level init cleanup candidate.
CoIn border TODO Client/Module/CoIn/coin_interface.sqf notes temporary border logic should move if logic position changes. Construction UI risk.
AI attack radio/combat tuning Server_AI_SetTownAttackPath.sqf TODOs mention combat mode, speed and radio on waypoint completion. Enhancement backlog.

Broken Feature Candidate: AI Supply Logistics

This is the clearest broken/abandoned feature. AI_UpdateSupplyTruck.sqf is present and loops over wfbe_ai_supplytrucks, but it cannot run correctly because the compile is disabled and the referenced supplytruck.fsm is absent. PR #1 correctly defers autonomous supply helicopters because the AI logistics base is incomplete.

Claude sharpened the status on 2026-06-01: the feature is not cleanly inert. In Server/Init/Init_Server.sqf, the compile line is commented, but the per-side init still calls [_side] Spawn UpdateSupplyTruck; when supply system 0 and AI commanders are enabled. With current defaults, WFBE_C_ECONOMY_SUPPLY_SYSTEM is 1, so normal play does not hit the call. If an admin selects supply system 0 with AI commanders, the server can hit a nil-code spawn error, and restoring the compile would still fail later because Server/FSM/supplytruck.fsm is missing.

Confirmed Defect: Stacked Supply-Vehicle Killed Handlers

PR #1 adds or extends Server/Module/supplyMission/supplyMissionStarted.sqf so supply vehicles can award interdiction cash when destroyed. The script adds a Killed event handler every time a supply mission starts, with no removal or already-tracked guard. Reusing one vehicle across many missions stacks handlers. Current double-payment risk is bounded because the first handler sets SupplyAmount to 0, but the handler leak is real and future side effects would multiply.

Missing Feature Candidates

  • Autonomous AI supply trucks/helicopters.
  • Formal generated docs from LoadoutManager data classes into mission docs.
  • Automated validation that generated Takistan/modded missions match Chernarus source after docs/code changes.
  • Automated SQF syntax or reference validation in CI.

Continue Reading

Previous: External integrations | Next: Hardening roadmap

Main map: Home | Fast path: Quickstart | Agent file: agent-context.json

Deep Audit Addendum: Economy / Supply / Commander / Upgrades (2026-06-03)

Status evidence

  • Supply run detection and scan narrowing: Server/Module/supplyMission/supplyMissionStarted.sqf now applies command-center/town proximity checks and vehicle-class narrowing logic with WFBE_Command_Center_Class and WFBE_Supply_Truck_Classes; this aligns with PR-introduced tightening from Miksuu PR #10/11/12.
  • Supply mission value flow remains client-triggered: Client/Module/supplyMission/supplyMissionStart.sqf sets SupplyFromTown / SupplyByHeli / SupplyAmount on truck objects and server handlers consume those object vars in Server/Module/supplyMission/supplyMissionCompleted.sqf.
  • Side-supply authority has known defect: both Common/Functions/Common_ChangeSideSupply.sqf and Server/Functions/Server_ChangeSideSupply.sqf use the same negative-amount clamp pattern that can invert debits into credits.
  • Commander requests remain request-driven from client: Server/PVFunctions/RequestNewCommander.sqf accepts side/candidate and delegates to assignment helper without strong requester identity checks.
  • Commander assignment path still has a known helper issue: Server/Functions/Server_AssignNewCommander.sqf reads _this as side but calls helper with _this select 1 expectations, matching DR-15 risk shape.
  • Construction/defense/upgrade request handlers (Server/PVFunctions/RequestStructure.sqf, Server/PVFunctions/RequestDefense.sqf, Server/PVFunctions/RequestUpgrade.sqf) rely on server-side funding checks but still depend on client-originated request payload shape.

Hardening priority (economy-focused)

  • P0: Fix Common_ChangeSideSupply / Server_ChangeSideSupply negative change inversion.
  • P0: Move side-supply, commander vote/assign, and supply-reward side effects to explicit server entrypoints with requester auth context.
  • P1: Remove publicVariable ATTACK_WAVE_INIT payload trust; validate all side/supply parameters by server-owned command state.
  • P1: Deduplicate commander assignment notifications to avoid duplicate authority-emitting events.

PR/context linkage

  • PR #5 baseline supply branch work referenced in commit 91d0f36.
  • PR #10 / commit 97dfff26: interdiction distance guard and reward cleanup around supply completion.
  • PR #11 / commit 8164cc33: scan narrowing and start-declare branch adjustments.
  • PR #12 / commit 86ec28d6: further supply mission hardening and edge-case cleanup.

Sidebar

Clone this wiki locally