Synchronet Git Commit Log

Modified Files:


src/doors/syncduke/Game/src/menues.c
diff

syncduke: declutter the in-game help footer

Drop the verbose "- PAGE n OF 2 : PRESS A KEY ... -" prompt on both help
pages for a minimal "PAGE n / 2" indicator -- the page affordance stays,
the clutter goes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/menues.c
diff

src/doors/syncduke/Game/src/player.c
diff

src/doors/syncduke/syncduke_input.c
diff

xtrn/syncduke/controls.msg
diff

syncduke: complete the control bindings + redesign the in-game help

Comparing the door's keymap against Duke's default key table turned up
real gaps (R was stolen for AutoRun, no inventory cycle, no chase view).

Keymap (syncduke_input.c):
- R now reaches Duke's Steroids hotkey; AutoRun moved to Ctrl-R (frees the
  natural key, matching Duke).
- [ / ] -> inventory select (reaches Scuba/Boots, no direct hotkey).
- F7 / Ctrl-G -> chase view (extended the Ctrl-A..F->F1..F6 block to
  Ctrl-G; also map xterm F7 = CSI 18~). Engine already toggles on sc_F7.

Ctrl-O mouse-steering toggle now flashes "MOUSE STEERING ON/OFF" on screen
(player.c), via the same FTA quote path Duke uses for its own toggles --
the door raises a flag, the engine prints it (slot 122, unused in SP).

In-game GAME CONTROLS chart (menues.c case 707) redesigned: two pages
(movement/weapons/terminal, inventory/view) instead of one cramped sheet,
colorized like Duke's F1 help -- yellow section headings, orange keys,
blue actions (gametextpal pal 7 / pal 2) -- with ^X notation for the
control-key shortcuts. Reflects the new R/Ctrl-R/[ ]/F7 bindings.

controls.msg (lobby quick-ref) synced to the full, correct key set.

Live-confirmed: help pages, R=Steroids, Ctrl-O popup, F7/Ctrl-G chase
(incl. F7 on Contour w/ kitty-keys, which still sends legacy CSI 18~).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/xpdev/xpbeep.c
diff

xpbeep: cap pathological ALSA buffer latency

Open ALSA once with the existing minimal parameter negotiation so
user and .asoundrc defaults remain authoritative when they produce
a reasonable buffer.

If the negotiated ALSA buffer exceeds 300 ms, reopen and retry with
a CoreAudio-like 3 x 1024-frame target. If the capped retry fails,
fall back to the original uncapped configuration rather than dropping
ALSA entirely.

This should kick in for whatever weird-assed distro DigitalMan uses
where the mixer latency with the default ALSA device is allegedly
around 30s.

Co-Authored-By: OpenAI Codex <codex@openai.com>

Modified Files:


src/doors/syncduke/syncduke_stubs.c
diff

src/doors/termgfx/audio.c
diff

src/doors/termgfx/audio.h
diff

src/doors/termgfx/audio_mgr.c
diff

src/doors/termgfx/audio_mgr.h
diff

syncduke: stereo pan for positional audio (ambiences + one-shots)

Builds on the distance-attenuation fix: now sounds also track DIRECTION.
SyncTERM's A;Volume APC accepts separate VL/VR (live per-channel left/right,
not just mono V), so a running loop can be re-panned every frame with no
re-queue click -- our wrapper only emitted V=, so add a VL=/VR= builder.

- audio.c/.h: termgfx_audio_volume_lr() -- live per-side channel volume.
- audio_mgr.c/.h: termgfx_audio_loop_volume() takes a pan, computes VL/VR
  (side toward the source full, opposite ramps -- the original audiolib law),
  and suppresses unchanged L/R so per-frame calls stay cheap.
- syncduke_stubs.c: sd_angle_to_pan() replicates MV_CalcPanTable's triangle
  exactly (front=center, hard right at angle 8, behind=center, hard left at
  24). FX_Pan3D pushes volume+pan to loops; one-shots (FX_PlayVOC3D/WAV3D)
  are panned at queue time via the existing pan slot.

Pan is discrete per-frame (no T= ramp yet). Live-confirmed by ear: the
cinema projector pans as you cross it, weapons/enemies have direction.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/syncduke_stubs.c
diff

src/doors/termgfx/audio_mgr.c
diff

src/doors/termgfx/audio_mgr.h
diff

syncduke: 3D distance attenuation for looping ambiences (projector et al.)

The engine re-pans every active positional voice each frame (sounds.c
calls FX_Pan3D), so ambiences like the E1L1 cinema projector should swell
as the player approaches. FX_Pan3D was a no-op stub, freezing each loop at
the volume it had when first triggered -- the projector started at vol=7
(player far away) and stayed inaudible no matter how close you walked.

- termgfx_audio_loop_volume(): update a running loop's channel volume live,
  suppressing redundant sends so it's safe to call every frame.
- FX_Pan3D: map the per-frame distance to a volume (same curve as
  sd_loop_play) and push it to the loop. One-shots never reach here
  (fire-and-forget leaves Sound[].num==0, so the engine's pan loop skips
  them). Pan/stereo still not wired -- distance attenuation is what governs
  audibility here.

Live-confirmed: projector now audible on approach.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


exec/load/syncterm_cache.js
diff

If lst is undefined, fail the upload.

Added Files:


src/doors/termgfx/audio_midi.c
diff

src/doors/termgfx/audio_midi.h
diff

Modified Files:


src/doors/syncduke/.gitignore
diff

src/doors/syncduke/CMakeLists.txt
diff

src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/syncduke/syncduke_stubs.c
diff

src/doors/termgfx/CMakeLists.txt
diff

src/doors/termgfx/audio.c
diff

src/doors/termgfx/audio.h
diff

src/doors/termgfx/audio_mgr.c
diff

src/doors/termgfx/audio_mgr.h
diff

syncduke: OPL3 MIDI music + digital-audio polish

Builds on the SFX path (5b29253803 diabetes-21-onto) with in-process music
and a round of audio fixes, all through termgfx's SyncTERM audio-APC manager:

- Music: render the GRP's MIDIs via libADLMIDI (OPL3), peak-normalized, cached
  as OGG/Vorbis (libsndfile, build-gated TERMGFX_WITH_SNDFILE) under a content-
  addressed m/<track>.ogg so a track uploads once; raw-WAV fallback otherwise.
- SFX: transcode the VOCs libsndfile rejects (multi-block) to 8-bit WAV.
- Setup Sound volume sliders wired (FX + music master) and SOUND/MUSIC toggles.
- Looping ambient (FX_PlayLooped*) on dedicated channels; stop on door exit.
- soundonce flood fix: a door-side per-sound rate limit. Returning a real voice
  handle so the engine's Sound[].num gate works would deadlock newgame()'s
  busy-wait on the skill-announce voice (the engine assumes an async audiolib
  completion source our APC path lacks), so instead we drop a same-sound
  re-dispatch inside an 8-tick window -- collapsing a per-tic soundonce stream
  to one burst while leaving real weapon fire untouched.

New termgfx audio module (audio_midi.{c,h}) + audio.c/audio_mgr.c additions;
syncduke wires them through its FX_/MUSIC_ stubs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/termgfx/libADLMIDI/AUTHORS
diff

src/doors/termgfx/libADLMIDI/CMakeLists.txt
diff

src/doors/termgfx/libADLMIDI/LICENSE
diff

src/doors/termgfx/libADLMIDI/LICENSE.GPL-3.txt
diff

src/doors/termgfx/libADLMIDI/LICENSE.LGPL-2.1.txt
diff

src/doors/termgfx/libADLMIDI/cmake/FindLIBVLC.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/djgpp/djgpp-cmake-core.sh
diff

src/doors/termgfx/libADLMIDI/cmake/djgpp/djgpp-cmake.sh
diff

src/doors/termgfx/libADLMIDI/cmake/djgpp/toolchain-djgpp.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/mingw-dlls.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom-dos/custom-h/mymap.h
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom-dos/custom-h/myset.h
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom-dos/ow-cmake.sh
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom-dos/toolchain-ow.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom/Linux-OpenWatcom-C.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom/Linux-OpenWatcom-CXX.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom/Linux-OpenWatcom.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom/ow-cmake.sh
diff

src/doors/termgfx/libADLMIDI/cmake/openwattcom/toolchain-ow.cmake
diff

src/doors/termgfx/libADLMIDI/cmake/win-ci/lib-sdk.cmd
diff

src/doors/termgfx/libADLMIDI/cmake/win-ci/vlc-plugin.cmd
diff

src/doors/termgfx/libADLMIDI/cmake/win-ci/winmm-drivers.cmd
diff

src/doors/termgfx/libADLMIDI/include/adlmidi.h
diff

src/doors/termgfx/libADLMIDI/libADLMIDI.pc.in
diff

src/doors/termgfx/libADLMIDI/src/adlmidi.cpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_bankmap.h
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_bankmap.tcc
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_cvt.hpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_db.h
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_load.cpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_midiplay.cpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_midiplay.hpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_opl3.cpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_opl3.hpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_private.cpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_private.hpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_ptr.hpp
diff

src/doors/termgfx/libADLMIDI/src/adlmidi_sequencer.cpp
diff

src/doors/termgfx/libADLMIDI/src/chips/common/mutex.hpp
diff

src/doors/termgfx/libADLMIDI/src/chips/common/ptr.hpp
diff

src/doors/termgfx/libADLMIDI/src/chips/dosbox/dbopl.cpp
diff

src/doors/termgfx/libADLMIDI/src/chips/dosbox/dbopl.h
diff

src/doors/termgfx/libADLMIDI/src/chips/dosbox_opl3.cpp
diff

src/doors/termgfx/libADLMIDI/src/chips/dosbox_opl3.h
diff

src/doors/termgfx/libADLMIDI/src/chips/java/JavaOPL3.hpp
diff

src/doors/termgfx/libADLMIDI/src/chips/java_opl3.cpp
diff

src/doors/termgfx/libADLMIDI/src/chips/java_opl3.h
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked/nukedopl3.c
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked/nukedopl3.h
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked/nukedopl3_174.c
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked/nukedopl3_174.h
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked_opl3.cpp
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked_opl3.h
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked_opl3_v174.cpp
diff

src/doors/termgfx/libADLMIDI/src/chips/nuked_opl3_v174.h
diff

src/doors/termgfx/libADLMIDI/src/chips/opal/LICENSE.txt
diff

src/doors/termgfx/libADLMIDI/src/chips/opal/README.old
diff

src/doors/termgfx/libADLMIDI/src/chips/opal/opal-pan.diff
diff

src/doors/termgfx/libADLMIDI/src/chips/opal/opal.hpp
diff

src/doors/termgfx/libADLMIDI/src/chips/opal_opl3.cpp
diff

src/doors/termgfx/libADLMIDI/src/chips/opal_opl3.h
diff

src/doors/termgfx/libADLMIDI/src/chips/opl_chip_base.h
diff

src/doors/termgfx/libADLMIDI/src/chips/opl_chip_base.tcc
diff

src/doors/termgfx/libADLMIDI/src/cvt_mus2mid.hpp
diff

src/doors/termgfx/libADLMIDI/src/cvt_xmi2mid.hpp
diff

src/doors/termgfx/libADLMIDI/src/file_reader.hpp
diff

src/doors/termgfx/libADLMIDI/src/fraction.hpp
diff

src/doors/termgfx/libADLMIDI/src/inst_db.cpp
diff

src/doors/termgfx/libADLMIDI/src/midi_sequencer.h
diff

src/doors/termgfx/libADLMIDI/src/midi_sequencer.hpp
diff

src/doors/termgfx/libADLMIDI/src/midi_sequencer_impl.hpp
diff

src/doors/termgfx/libADLMIDI/src/oplinst.h
diff

src/doors/termgfx/libADLMIDI/src/structures/pl_list.hpp
diff

src/doors/termgfx/libADLMIDI/src/structures/pl_list.tcc
diff

src/doors/termgfx/libADLMIDI/src/wopl/wopl_file.c
diff

src/doors/termgfx/libADLMIDI/src/wopl/wopl_file.h
diff

termgfx: vendor libADLMIDI (OPL3/Nuked OPL3 MIDI synthesizer)

Pinned snapshot, used to render Duke Nukem 3D's MIDI music to PCM
in-process (OPL3 emulation, embedded instrument banks) for the SyncTERM
audio-APC path. Vendored like Chocolate Duke3D -- not tracked upstream.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncduke/lobby.msg
diff

Updated lobby art (it still sucks though)

Modified Files:


3rdp/win64.release/libsndfile/bin/libsndfile.a
diff

Rebuild Win64 libsndfile to use FLAC__NO_DLL

Modified Files:


src/syncterm/GNUmakefile
diff

Library order and shlwapi.dll for Windows

Modified Files:


src/syncterm/GNUmakefile
diff

Add Vorbis path to library search path for Windows

Modified Files:


3rdp/darwin.release/flac/lib/libFLAC++.a
diff

3rdp/darwin.release/flac/lib/libFLAC.a
diff

3rdp/darwin.release/lame/lib/libmp3lame.a
diff

3rdp/darwin.release/libsndfile/lib/libsndfile.a
diff

3rdp/darwin.release/mpg123/lib/libmpg123.a
diff

3rdp/darwin.release/mpg123/lib/libout123.a
diff

3rdp/darwin.release/mpg123/lib/libsyn123.a
diff

3rdp/darwin.release/mpg123/lib/pkgconfig/libmpg123.pc
diff

3rdp/darwin.release/mpg123/lib/pkgconfig/libout123.pc
diff

3rdp/darwin.release/mpg123/lib/pkgconfig/libsyn123.pc
diff

3rdp/darwin.release/ogg/lib/libogg.a
diff

3rdp/darwin.release/opus/lib/libopus.a
diff

3rdp/darwin.release/vorbis/lib/libvorbis.a
diff

3rdp/darwin.release/vorbis/lib/libvorbisenc.a
diff

3rdp/darwin.release/vorbis/lib/libvorbisfile.a
diff

Update to older Darwin version

So CI builds

Modified Files:


src/syncterm/GNUmakefile
diff

And win32 needs to link with the Vorbis libs too

Not enough to just toss then in some random place in the file system
I guess.

Added Files:


3rdp/win32.release/vorbis/bin/libvorbis.a
diff

3rdp/win32.release/vorbis/bin/libvorbisenc.a
diff

3rdp/win32.release/vorbis/include/vorbis/codec.h
diff

3rdp/win32.release/vorbis/include/vorbis/vorbisenc.h
diff

3rdp/win32.release/vorbis/include/vorbis/vorbisfile.h
diff

3rdp/win64.release/vorbis/bin/libvorbis.a
diff

3rdp/win64.release/vorbis/bin/libvorbisenc.a
diff

3rdp/win64.release/vorbis/include/vorbis/codec.h
diff

3rdp/win64.release/vorbis/include/vorbis/vorbisenc.h
diff

3rdp/win64.release/vorbis/include/vorbis/vorbisfile.h
diff

Add libvorbis v1.3.7 too

Windows needs it to link, but doesn't need it to build libsndfile
apparently.

Added Files:


3rdp/darwin.release/flac/include/FLAC++/all.h
diff

3rdp/darwin.release/flac/include/FLAC++/decoder.h
diff

3rdp/darwin.release/flac/include/FLAC++/encoder.h
diff

3rdp/darwin.release/flac/include/FLAC++/export.h
diff

3rdp/darwin.release/flac/include/FLAC++/metadata.h
diff

3rdp/darwin.release/flac/include/FLAC/all.h
diff

3rdp/darwin.release/flac/include/FLAC/assert.h
diff

3rdp/darwin.release/flac/include/FLAC/callback.h
diff

3rdp/darwin.release/flac/include/FLAC/export.h
diff

3rdp/darwin.release/flac/include/FLAC/format.h
diff

3rdp/darwin.release/flac/include/FLAC/metadata.h
diff

3rdp/darwin.release/flac/include/FLAC/ordinals.h
diff

3rdp/darwin.release/flac/include/FLAC/stream_decoder.h
diff

3rdp/darwin.release/flac/include/FLAC/stream_encoder.h
diff

3rdp/darwin.release/flac/lib/libFLAC++.a
diff

3rdp/darwin.release/flac/lib/libFLAC.a
diff

3rdp/darwin.release/flac/lib/pkgconfig/flac++.pc
diff

3rdp/darwin.release/flac/lib/pkgconfig/flac.pc
diff

3rdp/darwin.release/lame/include/lame/lame.h
diff

3rdp/darwin.release/lame/lib/libmp3lame.a
diff

3rdp/darwin.release/libsndfile/include/sndfile.h
diff

3rdp/darwin.release/libsndfile/include/sndfile.hh
diff

3rdp/darwin.release/libsndfile/lib/libsndfile.a
diff

3rdp/darwin.release/libsndfile/lib/pkgconfig/sndfile.pc
diff

3rdp/darwin.release/mpg123/include/fmt123.h
diff

3rdp/darwin.release/mpg123/include/mpg123.h
diff

3rdp/darwin.release/mpg123/include/out123.h
diff

3rdp/darwin.release/mpg123/include/syn123.h
diff

3rdp/darwin.release/mpg123/lib/libmpg123.a
diff

3rdp/darwin.release/mpg123/lib/libout123.a
diff

3rdp/darwin.release/mpg123/lib/libsyn123.a
diff

3rdp/darwin.release/mpg123/lib/pkgconfig/libmpg123.pc
diff

3rdp/darwin.release/mpg123/lib/pkgconfig/libout123.pc
diff

3rdp/darwin.release/mpg123/lib/pkgconfig/libsyn123.pc
diff

3rdp/darwin.release/ogg/include/ogg/config_types.h
diff

3rdp/darwin.release/ogg/include/ogg/ogg.h
diff

3rdp/darwin.release/ogg/include/ogg/os_types.h
diff

3rdp/darwin.release/ogg/lib/libogg.a
diff

3rdp/darwin.release/ogg/lib/pkgconfig/ogg.pc
diff

3rdp/darwin.release/opus/include/opus/opus.h
diff

3rdp/darwin.release/opus/include/opus/opus_defines.h
diff

3rdp/darwin.release/opus/include/opus/opus_multistream.h
diff

3rdp/darwin.release/opus/include/opus/opus_projection.h
diff

3rdp/darwin.release/opus/include/opus/opus_types.h
diff

3rdp/darwin.release/opus/lib/libopus.a
diff

3rdp/darwin.release/opus/lib/pkgconfig/opus.pc
diff

3rdp/darwin.release/vorbis/include/vorbis/codec.h
diff

3rdp/darwin.release/vorbis/include/vorbis/vorbisenc.h
diff

3rdp/darwin.release/vorbis/include/vorbis/vorbisfile.h
diff

3rdp/darwin.release/vorbis/lib/libvorbis.a
diff

3rdp/darwin.release/vorbis/lib/libvorbisenc.a
diff

3rdp/darwin.release/vorbis/lib/libvorbisfile.a
diff

3rdp/darwin.release/vorbis/lib/pkgconfig/vorbis.pc
diff

3rdp/darwin.release/vorbis/lib/pkgconfig/vorbisenc.pc
diff

3rdp/darwin.release/vorbis/lib/pkgconfig/vorbisfile.pc
diff

Modified Files:


src/syncterm/GNUmakefile
diff

src/syncterm/re1/backtrack.c
diff

src/syncterm/re1/pike.c
diff

src/syncterm/re1/regexp.h
diff

src/syncterm/re1/sub.c
diff

And add static macOS fat libs too

macOS has been tested, Windows has not.

Added Files:


3rdp/win32.release/flac/bin/libFLAC.a
diff

3rdp/win32.release/flac/include/FLAC++/all.h
diff

3rdp/win32.release/flac/include/FLAC++/decoder.h
diff

3rdp/win32.release/flac/include/FLAC++/encoder.h
diff

3rdp/win32.release/flac/include/FLAC++/export.h
diff

3rdp/win32.release/flac/include/FLAC++/metadata.h
diff

3rdp/win32.release/flac/include/FLAC/all.h
diff

3rdp/win32.release/flac/include/FLAC/assert.h
diff

3rdp/win32.release/flac/include/FLAC/callback.h
diff

3rdp/win32.release/flac/include/FLAC/export.h
diff

3rdp/win32.release/flac/include/FLAC/format.h
diff

3rdp/win32.release/flac/include/FLAC/metadata.h
diff

3rdp/win32.release/flac/include/FLAC/ordinals.h
diff

3rdp/win32.release/flac/include/FLAC/stream_decoder.h
diff

3rdp/win32.release/flac/include/FLAC/stream_encoder.h
diff

3rdp/win32.release/lame/bin/libmp3lame.a
diff

3rdp/win32.release/lame/include/lame/lame.h
diff

3rdp/win32.release/libsndfile/bin/libsndfile.a
diff

3rdp/win32.release/libsndfile/include/sndfile.h
diff

3rdp/win32.release/libsndfile/include/sndfile.hh
diff

3rdp/win32.release/mpg123/bin/libmpg123.a
diff

3rdp/win32.release/mpg123/bin/libout123.a
diff

3rdp/win32.release/mpg123/bin/libsyn123.a
diff

3rdp/win32.release/mpg123/include/fmt123.h
diff

3rdp/win32.release/mpg123/include/mpg123.h
diff

3rdp/win32.release/mpg123/include/out123.h
diff

3rdp/win32.release/mpg123/include/syn123.h
diff

3rdp/win32.release/ogg/bin/libogg.a
diff

3rdp/win32.release/ogg/include/ogg/config_types.h
diff

3rdp/win32.release/ogg/include/ogg/ogg.h
diff

3rdp/win32.release/ogg/include/ogg/os_types.h
diff

3rdp/win32.release/opus/bin/libopus.a
diff

3rdp/win32.release/opus/include/opus/opus.h
diff

3rdp/win32.release/opus/include/opus/opus_custom.h
diff

3rdp/win32.release/opus/include/opus/opus_defines.h
diff

3rdp/win32.release/opus/include/opus/opus_multistream.h
diff

3rdp/win32.release/opus/include/opus/opus_projection.h
diff

3rdp/win32.release/opus/include/opus/opus_types.h
diff

3rdp/win64.release/flac/bin/libFLAC.a
diff

3rdp/win64.release/flac/include/FLAC++/all.h
diff

3rdp/win64.release/flac/include/FLAC++/decoder.h
diff

3rdp/win64.release/flac/include/FLAC++/encoder.h
diff

3rdp/win64.release/flac/include/FLAC++/export.h
diff

3rdp/win64.release/flac/include/FLAC++/metadata.h
diff

3rdp/win64.release/flac/include/FLAC/all.h
diff

3rdp/win64.release/flac/include/FLAC/assert.h
diff

3rdp/win64.release/flac/include/FLAC/callback.h
diff

3rdp/win64.release/flac/include/FLAC/export.h
diff

3rdp/win64.release/flac/include/FLAC/format.h
diff

3rdp/win64.release/flac/include/FLAC/metadata.h
diff

3rdp/win64.release/flac/include/FLAC/ordinals.h
diff

3rdp/win64.release/flac/include/FLAC/stream_decoder.h
diff

3rdp/win64.release/flac/include/FLAC/stream_encoder.h
diff

3rdp/win64.release/lame/bin/libmp3lame.a
diff

3rdp/win64.release/lame/include/lame/lame.h
diff

3rdp/win64.release/libsndfile/bin/libsndfile.a
diff

3rdp/win64.release/libsndfile/include/sndfile.h
diff

3rdp/win64.release/libsndfile/include/sndfile.hh
diff

3rdp/win64.release/mpg123/bin/libmpg123.a
diff

3rdp/win64.release/mpg123/bin/libout123.a
diff

3rdp/win64.release/mpg123/bin/libsyn123.a
diff

3rdp/win64.release/mpg123/include/fmt123.h
diff

3rdp/win64.release/mpg123/include/mpg123.h
diff

3rdp/win64.release/mpg123/include/out123.h
diff

3rdp/win64.release/mpg123/include/syn123.h
diff

3rdp/win64.release/ogg/bin/libogg.a
diff

3rdp/win64.release/ogg/include/ogg/config_types.h
diff

3rdp/win64.release/ogg/include/ogg/ogg.h
diff

3rdp/win64.release/ogg/include/ogg/os_types.h
diff

3rdp/win64.release/opus/bin/libopus.a
diff

3rdp/win64.release/opus/include/opus/opus.h
diff

3rdp/win64.release/opus/include/opus/opus_custom.h
diff

3rdp/win64.release/opus/include/opus/opus_defines.h
diff

3rdp/win64.release/opus/include/opus/opus_multistream.h
diff

3rdp/win64.release/opus/include/opus/opus_projection.h
diff

3rdp/win64.release/opus/include/opus/opus_types.h
diff

Modified Files:


src/syncterm/GNUmakefile
diff

Add Windows libraries for libsndfile...

libsndfile v1.2.2
FLAC v1.5.0
LAME v3.100
mpg123 v1.33.6
ogg v1.3.6
opus v1.6.1

Added Files:


src/doors/syncdoom/i_termsound.c
diff

Modified Files:


src/doors/syncdoom/CMakeLists.txt
diff

src/doors/syncdoom/i_sound.c
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: digital sound effects via SyncTERM audio APC

Wire SyncDOOM's SFX through the shared termgfx audio module (added for
SyncDuke in the prior commit): a Doom sound_module_t (i_termsound.c)
registered in i_sound.c's sound_modules[], so the engine's normal
S_StartSound -> I_StartSound path drives it with no game-code changes.
It builds the DS<name> lump name, reads the DMX header (rate + 8-bit PCM)
and hands the samples to termgfx_audio_sfx, which WAV-wraps and ships them
to SyncTERM for libsndfile decode + mixing.

syncdoom.c creates the manager in DG_Init, fires the libsndfile cap probe,
and feeds inbound bytes in pump_input (with a one-shot "audio: tier=N" dlog).
Gated on a libsndfile-capable SyncTERM (tier 1); a silent no-op otherwise.
Validated live on SyncTERM 1.10a.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/termgfx/audio.c
diff

src/doors/termgfx/audio.h
diff

src/doors/termgfx/audio_mgr.c
diff

src/doors/termgfx/audio_mgr.h
diff

Modified Files:


src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/syncduke/syncduke_stubs.c
diff

src/doors/termgfx/CMakeLists.txt
diff

syncduke: digital sound effects via SyncTERM audio APC

Add a termgfx audio module and wire SyncDuke's SFX through it:

* termgfx/audio.{c,h} -- I/O-free SyncTERM:A / SyncTERM:Q builders (Store,
  Load, Queue, Synth, Flush) + the libsndfile capability parser.
* termgfx/audio_mgr.{c,h} -- per-session policy: capability tier, an
  upload-once sample cache, per-play slot Load+Queue (a Queue empties its
  slot, so each play re-Loads -- the file stays cached, no re-transfer),
  round-robin channel pool, reserved music channel. NULL/tier<1 = silent.
* syncduke FX_PlayVOC3D/WAV3D ship each in-memory VOC/WAV to SyncTERM, which
  decodes it via libsndfile and mixes it; the cap probe rides the startup
  handshake and the reply is parsed from the input stream.

Gated on a libsndfile-capable SyncTERM (audio APC, tier 1); a no-op on older
or non-SyncTERM clients. Validated live on SyncTERM 1.10a -- weapon/menu/world
SFX play and repeat. Music (MIDI), looped/ambient SFX and 3D pan are
follow-ups.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/m_menu.c
diff

src/doors/syncdoom/syncdoom.c
diff

src/doors/syncduke/README.md
diff

syncdoom: kitty keyboard protocol -- true key-up, hold-to-move, native turn

Port SyncDuke's kitty keyboard support to SyncDOOM. On a terminal that speaks
the
kitty keyboard protocol (e.g. Contour) the door queries support at startup
(CSI?u),
pushes the progressive-enhancement flags on the reply (CSI>11u), and pops them
on
exit -- so it gets explicit key press/repeat/release instead of faking key-up
with a
timeout. Gated: terminals that don't answer keep the existing key-up-synthesis
scheme, byte-for-byte unchanged.

Under kitty:
- parse_byte() handles the CSI-u key events plus the disambiguated F-key/nav
forms
  Contour sends (F1=CSI P, F2=CSI Q, F3=13~, F4=CSI S, F5=15~, F6=17~; Home=CSI
H,
  End=CSI F; numpad Private-Use-Area codepoints incl. numpad Enter).
kitty_dispatch()
  routes door hotkeys (F4 tier-cycle, Ctrl-S/T/O/U/P) to key_seen() on press
only and
  game keys to explicit keyq_push down/up -- bypassing the s_active grace
machinery,
  so movement holds and Doom's native turn-accel ramp runs.
- The Ctrl-S stats strip shows "kbd:kitty".
- Options shows the now-moot TAP/HOLD/TURN/FAST-TURN knobs as "NATIVE" (the
byte-path
  key-feel tuning does nothing with real key-up).
- Home/End in a menu jump to the first/last item.

Also document the kitty behavior in both door READMEs. Validated on Contour;
SyncTERM and other terminals unaffected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncduke/tests/test_kitty.c
diff

Modified Files:


src/doors/syncduke/Game/src/menues.c
diff

src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/syncduke/tests/test_keymap.c
diff

syncduke: kitty keyboard protocol -- true key-up, hold-to-move, native turn

Terminals that speak the kitty keyboard protocol (e.g. Contour) report explicit
key press/repeat/release, so the door no longer has to fake key-up with a
timeout.
The door queries support at startup (CSI?u); on a reply it pushes the
progressive-
enhancement flags (CSI>11u: disambiguate + event-types + report-all-keys) and
pops
them on exit (CSI<u).  Negotiation is gated -- terminals that don't answer keep
the
existing byte-path behavior, unchanged.

Under kitty:
- Movement (WASD/strafe/space) and the turn arrows drive Duke's real key state
  (kitty_press/kitty_release), held until the actual key-up -- crisp
hold-to-move,
  and turning uses the engine's native turn-accel ramp instead of the door's
  synthetic rate, so it feels like the original.  expire() still times out
momentary
  press() keys (F-keys, Center) while leaving kitty-held keys down (far
release_at).
- Full key map for Contour's encodings: printables/numbers/space + numpad (the
  Private-Use-Area keypad codepoints, incl. numpad Enter) via CSI-u; arrows as
  CSI A/B/C/D with release; F1=CSI P, F2=CSI Q, F3=13~, F4=CSI S, F5=15~,
F6=17~;
  PgUp/PgDn look, Home/End center.  F-key release events are gated press-only
so
  nothing double-fires.
- Ctrl-A..F aliases now mirror the door's F-keys (Ctrl-A=help, Ctrl-D=tier
cycle,
  Ctrl-B/C/E/F=Duke save/load) instead of raw Duke scancodes.
- Home/End in a MENU jump to the first/last item (probeXduke); in gameplay they
  still Center_View.
- The Ctrl-S stats strip shows "kbd:kitty" when negotiated.
- Setup Controls greys + disables the byte-path feel knobs (KEY TAP/HOLD, TURN
  SPEED, FAST TURN) and shows a contextual "native key timing" note on hover,
since
  those only compensate for terminals without key-up.

tests/test_kitty.c drives the real pump with Contour's byte sequences and
asserts
the decoded scancodes / actions; test_keymap.c gains a stub for the new output
path.
Live-validated on Contour (hold-to-move, turn, F-keys, numpad, menus) with
SyncTERM
unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/syncduke_config.c
diff

xtrn/CLAUDE.md
diff

syncduke: put the debug log in data/syncduke/; document SBBS env vars

A bare [debug] log filename now goes in <SBBSDATA>/syncduke/ (the door's shared
data
dir, alongside the games registry) rather than the per-user dir, so co-op
nodes'
logs sit together and don't clutter user storage. Uses the SBBSDATA env var
SBBS
sets for external programs (no hardcoded path, no new door arg); still
node-tagged
via sbbs_my_node(); an explicit path or a dev run (no SBBSDATA) is unchanged.

Also document in xtrn/CLAUDE.md the five env vars SBBS exports to external
programs
(SBBSCTRL/SBBSDATA/SBBSEXEC/SBBSNODE/SBBSNNUM), the dir-vs-number distinction,
and
the don't-derive / dev-fallback caveats.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/game.c
diff

syncduke: allow 11-char player names; strip whitespace when over-long

getnames() and the type-6 receive both capped the netgame name at 10 chars (the
stock fragbar-field limit), truncating an 11-char alias like "Digital Man" to
"DIGITAL MA". Raise both ends to 11 (= MAXPLAYERNAMELENGTH; user_name[] is 32
and
the name packet is variable-length, so the arrays/protocol already have room).
For
an alias longer than 11, drop whitespace first so the cap keeps more
alphanumerics
("Digital Man Jr" -> "DIGITALMANJ"). The deathmatch fragbar column is drawn for
10,
so an 11th char sits a touch wide there (cosmetic; co-op's player list has
room).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/player.c
diff

syncduke: fix co-op desync from non-synced terminal look (horiz)

The terminal PgUp/PgDn "look" applied a per-node variable (syncduke_pitch_step)
straight to ps[snum].horiz in processinput, which runs for every player -- so
the
looking player's node moved that player's pitch while the other node's copy of
the
variable was 0. horiz diverged between the two sims and the lockstep syncval
check
tripped "OUT OF SYNC". (Root-caused by logging the syncval components on both
nodes
and diffing: horiz was the lone diverging field.)

Route the pitch through the synced input, like the mouse-steer turn already is:
getinput folds one notch/tic into the FIFO's horz field, and processinput
applies
sync[snum].horz to the correct player on both sims (in either aim mode, after
the
auto-center so a tap holds). Verified: extended 2-player co-op play with look,
no
desync.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/syncduke_config.c
diff

syncduke: per-node debug-log filename so co-op nodes don't clobber one log

Two co-op doors run by the same user on different nodes share one per-user dir,
so
both wrote the same [debug] log and clobbered it (which made the SIGSEGV above
hard
to read). Tag the configured log filename with the node number from
sbbs_my_node()
(termgfx; reads SBBSNNUM that SBBS sets for every external program, falling
back to
SBBSNODE's trailing digits) -> syncduke.<node>.log. Respects [debug] log
on/off; no
node env (dev/standalone) leaves the name unchanged. sbbs_node.c is already in
the
termgfx library SyncDuke links, so this is just an #include.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/syncduke_io.c
diff

syncduke: bound the sixel encode to its buffer (fix full-res co-op SIGSEGV)

The full-res sixel opt-in (5cbc69c24) encodes sxh=sdh without the half-res /2,
so
on a large canvas (sdw at the 1024 width cap, sdh ~691 with the aspect/stretch
fit)
sxw*sxh exceeded the fixed syncduke_scaled[1024*640] buffer and overran into
the
adjacent globals -- g_out got clobbered with palette bytes, and the next
out_put
memcpy faulted (SIGSEGV in syncduke_present, seen at co-op level entry).
Root-caused
from the core: &g_out sits 48 bytes past the buffer end.

Hard-bound the encoded area to the buffer (sxw*sxh <= OUT_W_MAX*OUT_H_MAX) so
it can
never overrun again, and raise OUT_H_MAX 640->768 so a full-res encode on a
maxed
window isn't needlessly shrunk by that clamp.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

src/doors/syncduke/syncduke_io.c
diff

syncduke/syncdoom: full-resolution sixel F4 opt-in for pan-ignoring terminals

Default non-SyncTERM sixel encodes at half vertical resolution and relies on
the
terminal's "2;1 raster aspect to double it. Some terminals (e.g. WezTerm)
ignore
the aspect ratio and render the image at half height. Add a "sixel-full" stop
to
the F4 video-tier cycle (offered only on non-SyncTERM) that encodes at full
vertical resolution (vsc=1, no terminal scaling) -- correct on any sixel
terminal
at ~2x the wire bytes. Default stays the cheap half-res; the choice is per-user
sticky (SyncDOOM: <home>/syncdoom.ini [video] sixel_fullres; SyncDuke: a
syncduke.fullres flag-file in the per-user dir). SyncTERM is unaffected (JXL
tier;
the vsc=1 path is gated off there).

Also: shorten the F4 cycle banner to "Video: <tier>" (drop the app name and the
"(F4 to cycle)" tip -- it only shows on an F4 press) and fix its centering to
use
the real cell width instead of out_w/8 (a wide font over-counted columns and
ran
the label off-screen); show "sixel-full" in the Ctrl-S stats strip in both
doors.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/termgfx/term.c
diff

src/doors/termgfx/term.h
diff

termgfx: correct the DECSDM ?80 rationale in the comments

The term.h/term.c comments claimed mode 80 "defaults to SET" and that ?80l
"pins the sixel to top-left" -- both wrong. SyncTERM/cterm reversed mode 80 in
rev 1.328 (2026) to match real VT-340 hardware (it defaults to RESET), and the
load-bearing effect of ?80l for us is POSITIONING, not scroll-prevention: under
?80l a non-SyncTERM sixel terminal draws the image at the text cursor (so the
door centers it), while SyncTERM's cterm ignores the cursor and anchors
top-left. Scroll-prevention is handled separately by keeping the image off the
last text row (the bottom-cell reserve). Comments only; no code change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


exec/load/game_lobby.js
diff

xtrn/syncduke/controls.msg
diff

xtrn/syncduke/get-binary.js
diff

xtrn/syncduke/lobby.js
diff

xtrn/syncduke/lobby.msg
diff

xtrn/syncduke/syncduke_lib.js
diff

Modified Files:


src/doors/syncduke/Game/src/game.c
diff

src/doors/syncduke/Game/src/menues.c
diff

src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_config.c
diff

src/doors/syncduke/syncduke_door.c
diff

src/doors/syncduke/syncduke_game.c
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_net.c
diff

src/doors/syncduke/tests/test_keymap.c
diff

xtrn/syncduke/.gitignore
diff

xtrn/syncduke/install-xtrn.ini
diff

xtrn/syncduke/syncduke.example.ini
diff

syncduke: LAN co-op lobby, chat-sync + alias fixes, door config

The v1 co-op feature set on top of the UDP mmulti transport:

- Lobby (xtrn/syncduke/lobby.js over the shared exec/load/game_lobby.js):
  Create/Join a 2-player LAN game, play single-player, or view controls. It
  spawns the native door directly (-s socket, no drop file), so it registers
  as a JS module (?lobby), not a DOOR32 native. install-xtrn wires it plus
  get-binary.js (pre-exec, required) so the door never registers without a
  runnable executable.
- Door net args (-netrole/-netport/-netpeer) parsed and stripped before the
  engine's command-line parser; syncduke.ini [net] (advertise, port range,
  stale) and [video] (sixel_max_width, use_cell_size) knobs.
- Chat OOS fix: typemode() built the message in a local buffer but sent the
  stale global tempbuf, corrupting the move FIFO -> "OUT OF SYNC". Send the
  built text.
- Alias fix: seed the player name from the door's -name (the BBS alias)
  instead of the engine default "XDUKE".
- Controls: SyncDOOM-style action layer (Space=fire, WASD move/strafe, arrows
  turn) gated on gameplay so menus and Talk get literal keys.
- Cell-size probe (ESC[16t) for canvas sizing on non-SyncTERM terminals;
  main-menu version line.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

src/doors/syncduke/syncduke_io.c
diff

syncduke/syncdoom: fill the terminal window without the last-row sixel white
bar

The image tiers now scale up to fill the probed window (sixel width cap
raised 640 -> 1024) instead of a small centered image. To do that safely,
reserve one text-cell row at the bottom of the sixel fit: a terminal that
ignores DECSDM ?80l (e.g. Windows Terminal) scrolls a sixel that reaches its
last text row, scrolling blank/white lines in below it -- the image renders
short with a white bar beneath. Keeping the sixel off the last row avoids the
scroll. JXL/PPM (positioned by APC pixel offset, not a text cell) are
unaffected and keep the full scale_max.

Both doors fit a 1.6:1 frame through the same path, so the change is mirrored
in syncduke_io.c and syncdoom.c.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncduke/syncduke_net.c
diff

Modified Files:


src/doors/syncduke/CMakeLists.txt
diff

src/doors/syncduke/syncduke_stubs.c
diff

syncduke: LAN co-op — fill the mmulti seam with a UDP transport

The vendored Build/Duke netcode (game.c getpackets() + the move-FIFO
lockstep) was intact; only the mmulti transport seam was stubbed
single-player. syncduke_net.c fills it for 2-player LAN co-op:

  - getpacket/sendpacket carry raw game packets between two door
    instances over UDP, reporting the sender's player index from the
    source address (broadcast when other<0).
  - initmultiplayers does a tiny master/join handshake to set the
    mmulti globals (numplayers / myconnectindex / the connect list)
    before the engine reads them.
  - env-configured, single-player-safe when unset:
      SYNCDUKE_NET=master SYNCDUKE_NET_PORT=<port>   -> player 0
      SYNCDUKE_NET=join   SYNCDUKE_NET_PEER=host:port -> player 1
  - own UDP (no new dep): Chocolate-Duke's ENet mmulti is the protocol
    oracle but the ENet lib was removed from the tree; this matches
    SyncDOOM's from-scratch transport.

Validated end-to-end with two live instances on the loopback driven
into a shared E1L1 cooperative level (slash warp args /v1 /l1 /c2 --
the engine's parser only honors '/' options, not '-'): the full Duke
netgame negotiation flows bidirectionally (weapon order, version/CRC
match, names), both pass every waitforeverybody() sync barrier, both
complete enterlevel() (ready2send=1), and the move-FIFO lockstep then
pumps -- ~320 per-tic sync/input packets each way with the simulation
stepping in lockstep (ototalclock advancing tic for tic on both).

Sampled packet logging (first 16 then every 64th, gated on
SYNCDUKE_LOG) is left in as netplay bring-up diagnostics.
genericmultifunction stays a no-op stub.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/conio/cterm_dec.c
diff

Fix sixel row background mask initialization

Clear the reusable sixel row mask when starting each raster line and initialize
the current raster span with the sixel background colour.  This prevents unset
pixels from reusing mask and pixel data left over from the previous sixel row
buffer.

Track the right edge of horizontally-scaled sixel cells so the full cell width
is flushed to the backend.

This should fix ticket 258.

Co-Authored-By: OpenAI Codex <codex@openai.com>

Modified Files:


src/conio/cterm_dec.c
diff

Parse complete sixel numeric commands incrementally

Co-Authored-By: OpenAI Codex <codex@openai.com>

Modified Files:


src/conio/cterm.adoc
diff

src/conio/cterm.c
diff

src/conio/cterm_cterm.c
diff

src/conio/cterm_dec.c
diff

Reverse DECSDM meaning

DEC mode 80 is the "Sixel Display Mode" which, when set, *disables*
sixel scrolling, and defaults to reset.

This is the opposite of what the VT-340 manual says, but experiments
on a real VT-340 in 2021 show this behaviour is correct.

Bump revision.

Modified Files:


src/syncterm/WrenTODO.md
diff

Trim completed Wren TODO entries

Keep WrenTODO focused on live work by removing completed audit history and
resolved implementation notes.

Co-Authored-By: OpenAI Codex <codex@openai.com>

Modified Files:


src/syncterm/Wren.adoc
diff

src/syncterm/WrenTODO.md
diff

src/syncterm/bbslist.h
diff

src/syncterm/conn.c
diff

src/syncterm/conn.h
diff

src/syncterm/scripts/auto/connected/status_default.wren
diff

src/syncterm/scripts/syncterm.wren
diff

src/syncterm/syncterm.c
diff

src/syncterm/wren_bind.c
diff

src/syncterm/wren_bind_conn.c
diff

src/syncterm/wren_bind_conn.h
diff

Move connection timing out of BBS entries

Track live connection elapsed time in the connection layer and expose it to
Wren as Conn.elapsedSeconds. Remove the runtime timing fields from BBS and
update the default status bar/docs accordingly.

Co-Authored-By: OpenAI Codex <codex@openai.com>

Added Files:


src/syncterm/scripts/auto/connected/host_popup.wren
diff

Modified Files:


src/syncterm/Wren.adoc
diff

src/syncterm/scripts/ui_popup.wren
diff

src/syncterm/scripts/ui_popup_test.wren
diff

src/syncterm/term.c
diff

src/syncterm/wren_host.c
diff

src/syncterm/wren_host.h
diff

src/syncterm/wren_host_internal.h
diff

Route terminal popups through Wren alerts

Co-Authored-By: OpenAI Codex <codex@openai.com>

Modified Files:


exec/sbbslist.js
diff

Verify finger service on BBSes as well

Modified Files:


exec/filescancfg.js
diff

exec/load/shell_lib.js
diff

exec/msgscancfg.js
diff

Make the "Config:" and "Info:" prompts unique between main/msg and file menu

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: client-side sixel scaling (bandwidth reduction, like SyncDuke)

emit_frame_sixel sent a full-resolution sixel (pan=1) at the display size; now
it
encodes at 1/SIXEL_SCALE and emits the "pan;pad raster aspect so the terminal
scales it back up -- SyncTERM integer-doubles (pad=2), other sixel terminals
get
the 2:1 pixel aspect (pad=1).  The encoded height is clamped to whole 6-row
bands
(a partial final band garbles under pan>1).  Lossless on SyncTERM: Doom's
indexed
buffer (I_VideoBuffer) is natively 320x200, so a SyncTERM frame encodes at
native
res, not a downscale.

~1/4 the sixel bytes on SyncTERM (320x198 vs 640x400), ~1/2 on other sixel
terminals -- and the two doors now emit byte-identical sixel frames.  Reuses
the
shared termgfx sixel_encode_aspect.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/termgfx/pace.c
diff

src/doors/termgfx/pace.h
diff

termgfx: share the DSR RTT-sample update between the doors

Second slice of the present/pace unification.  Both doors fold each DSR
round-trip
into a 3/4 RTT EMA, latch rt_high at 40ms, and track a min-RTT baseline, then
run
the AIMD -- the same logic, with two small divergences: SyncDOOM also rejects a
stale sample (a late reply for a reclaimed frame, rtt < EMA/3) and re-seeds the
baseline after an 8s window; SyncDuke does neither.

Extract it as termgfx_rtt_sample() parameterized by those two knobs
(stale_reject,
rtt_min_window_ms): Duke passes (0, 0), Doom passes (1, RTT_MIN_WINDOW).  The
function returns whether the sample was accepted so each door runs the AIMD
only
then.  The DSR send-time ring + inflight + the reclaim/gate stay per-door.

Pure refactor -- proven bit-identical to each door's old inline RTT logic
across
14160 replayed samples (spanning stale/normal/spike RTT and the 8s window), 0
mismatches.  Adds a rtt_min_at to SyncDuke (written by the helper, unused there
since its window is 0).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/termgfx/pace.c
diff

src/doors/termgfx/pace.h
diff

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/termgfx/CMakeLists.txt
diff

termgfx: share the AIMD pipeline-depth controller between the doors

SyncDuke and SyncDOOM had byte-identical copies of the delay-based AIMD that
settles the DSR-ack frame pipeline depth from the measured round-trip (same
thresholds, same 3/4 RTT EMA feeding it, same ceiling = one frame per 40ms of
baseline RTT capped at 8, same sticky floor at rt_high).  Extract it once into
termgfx/pace.c (termgfx_aimd_update) and have both doors' auto_depth_update
call
it; the per-door tuning (the DEPTH_MAX cap, initial depth, the RTT bookkeeping
and reclaim policy) stays in each door and is passed in.

First slice of the present/pace unification, and the trickiest shared
algorithm.
Pure refactor -- proven bit-identical to the old inline controller across 25600
replayed (rtt, baseline, latch, time, cap, start-depth) steps, 0 mismatches.

The DSR ring + RTT EMA (with the doors' small divergences -- RTT-min re-seed
window, stale-sample guard) and the deadline-reclaim/gate are the next slices.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

syncduke: mouse-steer around the actual displayed image, not out_w

The mouse steer mapped the pointer column to a turn rate around the center of
an
out_w x out_h image -- but the displayed image is now the fitted/centered sixel
(or the JXL fill), and out_w no longer describes it.  On a wide SyncTERM the
sixel
anchors top-left (cursor ignored under ?80l) yet the steer assumed
canvas-center,
so the neutral point was off.

present() now records the displayed image's actual horizontal center column and
half-width each frame -- accounting for tier and terminal (SyncTERM sixel
top-left
vs JXL/elsewhere centered) -- and the steer reads that (syncduke_hsteer).
Replaces
syncduke_image_geometry, whose out_w-based centering is gone.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: use shared termgfx_geom_fit/center (phase 2 of the geometry
unification)

SyncDOOM's compute_geometry computed the fit-to-canvas image size and the
center offset inline; SyncDuke now calls the same logic in termgfx/geometry.c.
Replace Doom's inline math with termgfx_geom_fit() + termgfx_geom_center() so
the
two doors share one implementation instead of parallel copies.

This is a pure refactor -- verified bit-identical to the old inline code across
8910 (vw, vh, cap) cases, 0 mismatches.  The sixel-640 cap selection, the PPM /
no-scale-fit branches, and the sixel-without-real-cell-size top-left override
all
stay in Doom (they're tier/door policy around the shared fit/center core).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/syncduke_io.c
diff

syncduke: aspect-preserve the sixel tier (fit, don't stretch to fill)

The sixel tier sized the encoded frame to out_w x out_h -- the terminal's pixel
canvas capped at 640x480 -- and nearest-scaled Duke's native 320x200 into it,
which is 4:3 on a tall terminal: the game came out vertically stretched (e.g.
encoded 320x240 at >=80x50 instead of ~320x200).

Run the sixel through the same termgfx_geom_fit/center as the JXL tier: fit
320x200 into the real graphics canvas (XTSMGRAPHICS via syncduke_canvas_w/h,
not
the rows*16 text-area estimate) preserving 8:5, capped at 640 wide, then encode
at 1/scale of that.  The displayed sixel is now a constant 640x400 letter-boxed
and centered, exactly like SyncDOOM.

Side effects, all good:
  - no vertical stretch (keeps 8:5 on tall terminals);
  - the prior 80x50/60 over-hang is gone -- a fit is <= canvas by construction,
    so the frame can no longer scale past the real ~640x400 SyncTERM canvas;
  - ~18% less sixel bandwidth on tall terminals (320x198 vs 320x240).

Both image tiers now share termgfx_geom_fit, lining SyncDuke up with SyncDOOM
ahead of wiring Doom to the same helper.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/termgfx/geometry.c
diff

src/doors/termgfx/geometry.h
diff

Modified Files:


src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_config.c
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/termgfx/CMakeLists.txt
diff

src/doors/termgfx/term.c
diff

xtrn/syncduke/syncduke.example.ini
diff

syncduke: JXL fill+center via shared termgfx geometry; widescreen fixes

Start extracting the doors' image geometry into termgfx so SyncDuke and
SyncDOOM
stop diverging.  New termgfx/geometry.{c,h} holds the scale-to-fill + center
math
that previously lived only in syncdoom.c (compute_geometry):
  - termgfx_geom_fit()    -- fit a source into the canvas, aspect-preserving,
                            scaled to fill, capped at scale_max, thin-bar
stretch.
  - termgfx_geom_center() -- pixel offset (APC DX/DY) + 1-based cell origin.
SyncDOOM will adopt these next; this commit wires SyncDuke.

SyncDuke's JXL tier was a small, top-left 640x480 image because it never
learned
the real graphics canvas and blit 1:1 at DX/DY 0,0.  Now:
  - the shared probe also sends ESC[?2;1S (XTSMGRAPHICS); SyncDuke parses the
    reply for SyncTERM's true graphics-canvas pixels (syncduke_canvas_w/h).
  - the JXL tier fills that canvas (capped at [video] scale_max, default 1280
to
    match SyncDOOM, configurable in syncduke.ini) and centers via the APC
DX/DY.
  - the sixel cursor-centering reuses termgfx_geom_center too.
The sixel/out-sizing/mouse paths are unchanged (cell size unknown on SyncTERM
->
top-left fallback, exactly as before).

Two widescreen fixes while here:
  - F4 tier switch now clears the screen UNCONDITIONALLY (it used to ride on
the
    popup label, which is suppressed under the Ctrl-S stats overlay) -- a JXL->
    sixel switch with stats up no longer leaves the old larger image showing.
  - the live stats strip right-justifies to the real terminal width (term px /
    cell) instead of the capped image width, so it sits at the right edge in a
    wide window instead of mid-canvas.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/termgfx/term.c
diff

syncduke: center the sixel/image in the terminal canvas (port from syncdoom)

SyncDUKE drew its image at the top-left (ESC[H), while SyncDOOM centers it.
The difference only shows on terminals that honor the cursor as the sixel
origin
(e.g. Windows Terminal); SyncTERM ignores the cursor under DECSDM ?80l and
anchors 0,0, so both doors look top-left there.

Port SyncDOOM's approach: probe the cell-pixel size (ESC[16t) in addition to
the
window pixels (ESC[14t), then center the out_w x out_h image in the pixel
canvas
and position the cursor at the resulting cell (ESC[row;colH). Without a cell
size
(SyncTERM doesn't answer ESC[16t) we fall back to the top-left -- byte-for-byte
the old behavior -- so the main platform is unchanged. The mouse steering now
derives its center column and half-width from the same shared geometry helper,
so
pointer-to-turn mapping tracks the centered image instead of assuming a
top-left,
8px-cell layout.

- termgfx/term.c: add ESC[16t to the shared probe (SyncTERM ignores it).
- syncduke_input.c: parse the ESC[16t reply; mouse steer uses image geometry.
- syncduke.h: cell-size accessors + syncduke_image_geometry().
- syncduke_io.c: syncduke_image_geometry() + center the image-tier cursor.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/conio/cterm.c
diff

src/syncterm/CHANGES
diff

Some Prestel fixes

1. Pass ESC through
2. Support "cursor on mode" as documented in the Acorn Prestel manual
3. Fix HOME binding for Prestel
4. Pass through CTRL-L and CTRL-T (Clear screen and delete line)

This adds the bits that the online frame editor appears to have made
use of (per the Prestel Custom Handbook).

Modified Files:


install/install.iss
diff

install/upgrade.iss
diff

install: ship OpenSSL libcrypto-3.dll for mail DKIM; bump version to 3.22a

The Win32 installer (install.iss and upgrade.iss) now copies
libcrypto-3.dll into exec/ so the mail server's DKIM signing (issue #215)
works in installed builds.  It is sourced from the vcpkg classic-mode
install (c:\vcpkg\installed\x86-windows) via a new "vcpkg" define, with
the skipifsourcedoesntexist flag so a build made without OpenSSL still
produces a valid installer (DKIM simply absent).

Also bump MyAppVersion 3.21e -> 3.22a and VersionInfoVersion 3.21.4 ->
3.22.0 to match the current release.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Added Files:


src/build/openssl.props
diff

Modified Files:


docs/v322_new.md
diff

src/sbbs3/mail_dkim.c
diff

src/sbbs3/mailsrvr.vcxproj
diff

mailsrvr: enable DKIM signing on the Win32 build (issue #215)

The outbound DKIM signer added in 32ea273f6 (acting-27-fees) is
OpenSSL-only (cryptlib cannot emit a raw PKCS#1 signature) and previously
compiled to no-op stubs on Windows, so Win32 mail went out unsigned.

Add src/build/openssl.props, imported by mailsrvr.vcxproj (both Win32
configs), sourcing libcrypto from a vcpkg classic-mode install
(vcpkg install openssl:x86-windows), defining DKIM_OPENSSL, and linking
libcrypto dynamically.  The sheet is self-gating: with no vcpkg OpenSSL
present it adds nothing and mail_dkim.c falls back to stubs, mirroring how
the *nix build gates DKIM on libcrypto.  Dynamic linkage lets the mail
server share the single libcrypto-3.dll that an OpenSSL-enabled
mosquitto.dll will also ship, instead of duplicating crypto via static
linking or vendoring a bundle into 3rdp.

Load the RSA private key via an in-memory BIO (BIO_new_mem_buf +
PEM_read_bio_PrivateKey) instead of handing a FILE* to
PEM_read_PrivateKey: on Windows the OpenSSL DLL has its own C runtime, so
a FILE* hand-off fatally aborts ("OPENSSL_Uplink: no OPENSSL_Applink").
A memory BIO avoids the CRT boundary and is portable.

Update docs/v322_new.md to note DKIM is supported on Windows builds too.

Live-validated: Gmail reports dkim=pass (d=synchro.net s=sbbs) and
dmarc=pass on DKIM alignment from vert.synchro.net (Win32).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/CMakeLists.txt
diff

src/doors/syncduke/syncduke_log.c
diff

syncduke: trap CRT fast-fails with a stack trace; emit .map + .pdb

The crash logger had only an unhandled-exception filter, which CRT fast-fails
(c0000409 -- invalid parameter, /GS stack cookie, etc.) and stack overflows
bypass entirely, so a gameplay abend left nothing logged. Add a CRT invalid-
parameter handler (logs a backtrace, then RETURNS so the bad call fails instead
of killing the door), a pure-call handler, SIGABRT/SIGFPE/SIGILL handlers, and
a
vectored-exception backstop for access violations -- each logging a module+RVA
stack trace via RtlCaptureStackBackTrace (resolved at runtime; no dbghelp,
since
the vendored Game/src/DbgHelp.h shadows the SDK header).

Build now emits syncduke.map and a .pdb (/Zi + /DEBUG, optimizations preserved
via /OPT:REF,/OPT:ICF) so the traces and any external (procdump) dumps resolve
to functions.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Engine/src/tiles.c
diff

syncduke: fix sheared/garbage savegame thumbnail (setviewtotile stride)

setviewtotile() advanced ylookup by tileWidth while bytesperline was
tileHeight,
so each rendered row of the savegame thumbnail was stored ~60px too close
(shear)
and rows 0..tileWidth-1 filled only ~63% of the tile, leaving the bottom third
as
garbage. Match the row stride to bytesperline (tileHeight). The LOAD GAME
preview
now renders correctly (existing saves keep their already-captured bad
thumbnail).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/menues.c
diff

syncduke: 2-page Controls Help, TURN SPEED label, reset input on load

- Controls Help (case 707) is now two pages: page 1 = movement/action + door
  hotkeys, page 2 = the pass-through keys (Quick Kick, Holoduke/Jetpack/Night
  Vision/Medkit, use-inventory, turn-around, map-follow, crosshair, auto-aim).
  A key turns the page; ESC / a second key exits.
- Rename the TURN HOLD slider to TURN SPEED (it now sets the continuous turn
  rate, not a key-hold duration).
- loadplayer() calls syncduke_input_reset() so a restored game starts from the
  saved state rather than the pre-load crouch/turn latches.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/player.c
diff

src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_input.c
diff

syncduke: responsive keyboard turning + reset input state on load

Turning: a terminal can't hold a key and the door refreshes key-down only once
per presented frame, so Duke's per-sim-tic turn-key polling produced uneven,
frame-tied bursts that no key-hold slider could smooth. Drive a time-windowed
continuous turn level from the arrow bytes that getinput() adds to angvel every
sim-tic (player.c) -- like the door's mouse steer / SyncDOOM's steady turn.
Rate
comes from the TURN slider (small floor so 0 ~ barely turns); FAST TURN is now
a
+50% turbo. Arrows stay raw scancodes in menus for navigation.

Load: syncduke_input_reset() (called from loadplayer) clears the sticky-crouch
latch, pending key-holds, queued scancodes, and turn/look momentum, so the
pre-load session's input no longer bleeds into a restored game (e.g. crouch).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/game.c
diff

src/doors/syncduke/Game/src/premap.c
diff

syncduke: restore intro fade-ins; gate demo recording

Now that the GRP is cached and loads are near-instant, the splash screens
flashed by. Restore the gradual palette fade-in by presenting EACH fade step
(each is a distinct frame, so the de-dupe keeps it), keeping the existing
holds/animations:
 - the ENTERING <level> screen (premap.c) -- a visible fade + ~1.5s hold so
   the level name is readable;
 - the 3D Realms logo and the title screen (game.c).

Also gate opendemowrite() on syncduke_record_enabled() so a stale recstat=1
(from a saved duke3d.cfg) can't write a demo when recording is disabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/menues.c
diff

xtrn/syncduke/syncduke.example.ini
diff

syncduke: menu UX -- slider values, demo/RECORD + RESOLUTION removed, build
footer

Setup Controls: show each keyboard-feel slider's live 0..63 value right-
justified just left of its bar; rename STEER SENSITIVITY -> MOUSE SENSITIVITY
and MOUSE STEERING -> MOUSE (the toggle also gates the mouse buttons).

Options: drop the RECORD (demo) item from the menu unless syncduke.ini
[game] record=true -- a demo file is useless to a user who can't download it
and just wastes disk (off by default; documented in syncduke.example.ini).

Video Setup: remove the RESOLUTION item (the door renders a fixed 320x200
scaled to the terminal, so it had no effect); the remaining items renumber up.

Main menu: show the git hash (lower-left) and build date (lower-right) via
the generated git_hash.h, like SyncDOOM.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Added Files:


src/doors/syncduke/syncduke_log.c
diff

Modified Files:


src/doors/syncduke/CMakeLists.txt
diff

src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_config.c
diff

src/doors/syncduke/syncduke_door.c
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/syncduke/tests/test_keymap.c
diff

syncduke: debug log, crash handler, and resilient door I/O

Add an optional file debug log (syncduke_log.c), independent of the BBS's
stderr/syslog capture -- a door that drops back to the BBS otherwise leaves
nothing logged, and WER minidumps aren't configured on this host:
 - enabled via syncduke.ini [debug] log, env SYNCDUKE_LOG, or -log <path>; a
   relative path lands in each player's per-user dir. Timestamped, flushed
   per line so a crash/hangup still leaves the tail on disk.
 - installs a last-resort crash handler (SetUnhandledExceptionFilter on
   Windows, SIGSEGV/etc on *nix) that records the fault to the log, plus an
   atexit marker -- so hangups, clean exits, and crashes are all captured.
 - hangup() and the send/recv error paths log the reason incl. WSA codes.

Make transient socket errors non-fatal: send()/recv() returning WSAENOBUFS
or WSAEINTR are backpressure (retry next tick), not a dead client. A burst
of large frames (e.g. holding a key, which defeats the frame de-dupe) can
surface WSAENOBUFS, which previously dropped the player back to the BBS.

Also: clamp the mouse-sensitivity slider floor to 1 (0 = no turn at all),
and wire the git build-info (synchronet_gitinfo) + the syncduke_record_enabled
/ [game] record plumbing used by the menu and demo changes that follow.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


exec/load/salib.js
diff

salib.js: send spamd message from a single read, not file_size()+sendfile()

The Content-length announced to spamd was computed from file_size() while
the body was delivered separately via sendfile() -- two operations on the
same temp file. When that file lives on a soft network mount (e.g. a CIFS
loopback), a stat and a later send can disagree under load: the body
short-reads while the size call already returned the full length, so spamd
rejects the message with "Content-Length mismatch ... protocol error 76"
and spamc.js passes it through unscanned.

Read the file once into memory and derive Content-length from the bytes
actually sent, so the two can never disagree (a short read just scans a
shorter message rather than erroring). spamc.js already caps message size,
so reading into memory is bounded.

Surfaced after enabling mailproc ProcessDNSBL processing tripled the
volume flowing through spamc.js.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncdoom/deploy.bat
diff

src/doors/syncdoom/deploy.sh
diff

src/doors/syncduke/deploy.bat
diff

src/doors/syncduke/deploy.sh
diff

Modified Files:


src/doors/syncdoom/COMPILING.md
diff

src/doors/syncdoom/build.bat
diff

src/doors/syncdoom/build.sh
diff

src/doors/syncduke/README.md
diff

src/doors/syncduke/build.bat
diff

src/doors/syncduke/build.sh
diff

syncduke/syncdoom: split deploy out of the build into deploy.sh/deploy.bat

Building no longer auto-installs the binary into a live xtrn dir -- build.sh /
build.bat now only produce build/<door> (build-msvc\Release\<door>.exe on
Windows), and a new deploy.sh / deploy.bat carries it to the door's xtrn dir(s)
on demand.  A sysop can rebuild and test before pushing a new binary to a
running BBS.

This also fixes a 0-byte-binary bug on SYMLINK=1 installs where the live
xtrn/<door>/<door> is a server-side symlink back to the build output, exposed
over an SMB mount as a plain file on a different device.  The old in-build
`cp -f "$EXE" live/<door>` had source and dest resolve to the same physical
file, but `-ef` and cp's same-file guard compare st_dev/st_ino -- which differ
across the mount -- so cp opened the dest O_TRUNC and zeroed the build output
to
0 bytes before reading a byte.  deploy.sh guards against it two ways: skip when
the dest already has identical content (catches the cross-mount self-reference
-ef misses, and preserves the symlink), and otherwise copy via a temp file +
atomic rename so the source can never be the O_TRUNC victim.  deploy.bat skips
via `fc /b`.

Docs (syncduke README, syncdoom COMPILING) updated for the two-step flow.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Engine/src/filesystem.c
diff

syncduke: load the GRP into RAM so lump reads don't round-trip over SMB

The Build engine read each GRP lump via unbuffered 2-4 byte read()s
(kread16/32/8 -> kread -> lseek+read), relying on the OS file cache to make
them cheap. That holds on local disk but not over a network share: on an
SMB-mounted install every tiny read round-trips to the file server, so door
startup (CON compile, art/palette load) took ~13.7s vs ~3.2s on local disk.

Slurp the read-only GRP into RAM once at initgroupfile() (folding in the
existing CRC32 pass) and serve each lump kread() via memcpy; fall back to the
fd path if the allocation fails. The original authors clearly intended this
(the commented-out groupfil_memory malloc and the "caches the GRP in memory"
note). SMB startup now matches local disk (~3.2s); local is unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/game.c
diff

src/doors/syncduke/syncduke_config.c
diff

syncduke: fix two Windows door startup failures (setvbuf, GRP dir)

Both killed the Win32 door at launch -- it died straight back to the BBS
after the "Loading..." splash; found while bringing up the MSVC build.

1. syncduke_config.c: setvbuf(stdout, NULL, _IOLBF, 0) (used to route the
   engine's diagnostics to the BBS log) is fine on glibc, but MSVC's CRT
   rejects _IOLBF with size 0 (it requires size >= 2) -> invalid-parameter
   fast-fail (c0000409), confirmed from the WER minidump. Use _IONBF on
   Windows (unbuffered, valid with size 0, flushes immediately); *nix keeps
   _IOLBF.

2. Game/src/game.c: the Windows findGRPToUse() never consulted
   syncduke_grpdir (only the *nix branch did), so with -home (CWD = the
   per-user dir) it scanned the wrong directory and exited with
   "Can't find 'duke3d*.grp'". Honor syncduke_grpdir first, mirroring the
   *nix branch, so the GRP opens by absolute path regardless of CWD.

Verified on Windows via an inherited-socket harness matching the live launch
(-s<socket> -home <userdir>): loads DUKE3D.GRP by absolute path and renders
(sixel and JXL tiers).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/build.sh
diff

src/doors/syncduke/build.sh
diff

syncduke/syncdoom: build.sh deploys to the live install, not just the repo

A sysop reported re-running build.sh without his live door binary updating.
build.sh derived its destination purely from the script's own location
(../../../xtrn/<door>), which is the REPO's xtrn -- correct only when the live
xtrn is the repo's (the recommended SYMLINK=1 *nix install, where xtrn ->
repo/xtrn). On a COPY-style install the live xtrn is a separate directory the
in-tree copy never reaches, so the running door kept the old binary. The binary
is a git-ignored build artifact, so unlike the tracked door files it is not
carried to a live install by `git pull` / `update.js` -- build.sh is what must
deliver it.

Deploy to the in-tree bundle AND, when it is a distinct directory, the live
install -- located via $SBBSCTRL (install root = $SBBSCTRL/..) or an explicit
$SYNCDUKE_DEST / $SYNCDOOM_DEST override. Same-directory targets (symlinked or
build-in-place installs) are detected with -ef and skipped, and the deployed
path is printed so a wrong guess/fallback is visible.

The -ef guard also fixes a latent abort: cp -f onto a dev symlink
(xtrn/<door>/<door> -> build/<door>) is a same-file copy that errors and, under
`set -e`, aborted the whole script.

Validated for both doors across three layouts: in-tree-only (SBBSCTRL unset),
copy install (separate live dir gets the binary, verified byte-identical), and
symlinked install (live == in-tree, skipped).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncduke/Game/src/game.c
diff

src/doors/syncduke/syncduke_door.c
diff

syncduke: strip door args before the engine's command-line parser

A sysop reported SyncDuke dumping the Duke3D command-line help to syslog and
never starting.  The vendored engine's DOS-era checkcommandline() treats any
argv element beginning with '/' as a "/option" and, on an unrecognized one,
prints comlinehelp() and exits.  On a Unix host the DOOR32.SYS drop-file path
(Synchronet's %f) and the -home/-grpdir values are ABSOLUTE paths starting
with '/', so the engine misreads them -- e.g. "/home/.../door32.sys" parses as
option '/h' -> unknown -> help+exit.

It only "worked" when the install path's first letter happened to be a handled
option letter (e.g. /sbbs -> 's', which is the skill flag and survives -- as a
side effect forcing player skill 0).  And it surfaced only once the user had a
GRP: GRP init runs before checkcommandline and exits early when no GRP is
present, so a GRP-less install hits the GRP error first, masking this.

Fix: syncduke_sanitize_cmdline() compacts argv to remove the door's own args
(DOOR32.SYS path, -home, -grpdir, -s<fd>) just before checkcommandline, handing
the engine an engine-only argv.  All of these are already consumed by the
pre-main constructors, so stripping them is safe.  Path-independent, and it
also eliminates the incidental skill-0 side effect.

Reproduced (GRP present, /home launch path -> help dump) and verified fixed
(loads the GRP, proceeds into init, no help dump); /sbbs path unregressed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


xtrn/syncduke/download.js
diff

Modified Files:


src/doors/syncduke/.gitignore
diff

xtrn/syncduke/install-xtrn.ini
diff

syncduke: optional installer download of the shareware DUKE3D.GRP

SyncDuke ships no game data, so a fresh install has no GRP to run.  Add an
optional installer step that fetches the freely-redistributable shareware
Episode 1 GRP so the door is playable out of the box -- mirroring SyncDOOM's
getwads.js Freedoom fetch.

download.js downloads 3D Realms' original shareware install package and
extracts DUKE3D.GRP from it.  The GRP is two archive layers deep
(3dduke13.zip -> DN3DSW13.SHR self-extractor -> DUKE3D.GRP); Synchronet's
Archive (libarchive) reads both, and the result is byte-identical to the
canonical 11,035,779-byte "SHAREWARE 1.3D" GRP.  Idempotent (skips a GRP
already present), non-fatal if offline, and SpiderMonkey 1.8.5-compatible.
install-xtrn.ini runs it as a prompted, non-required [exec:download.js] step
after the config copy, so it can read the [grp] dir from syncduke.ini.

Named download.js (not getgrp/getmaps) so it can grow more options later
(map packs, the registered GRP) once the door can load them -- today it only
fetches the base game GRP.  .gitignore also gains *.grp so a dropped-in GRP
is never accidentally committed (it is proprietary game data, not ours to
redistribute from the repo even though the shareware package is).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/conio/cterm.c
diff

Fix functions that were namespaced in v1.10

Modified Files:


src/syncterm/term.c
diff

Actually hook up lf_expand

Modified Files:


src/syncterm/CHANGES
diff

src/syncterm/bbslist.c
diff

src/syncterm/bbslist.h
diff

Add LF Expand option to dialing directory

Useful for embedded work and such... not really useful for BBSing
I hope.

Modified Files:


src/conio/cterm.c
diff

src/conio/cterm.h
diff

Add lf_expand option

Expands an LF to CRLF pair

Added Files:


src/doors/syncduke/build.bat
diff

src/doors/syncduke/compat/strings.h
diff

src/doors/syncduke/vcpkg.json
diff

Modified Files:


src/doors/syncduke/.gitignore
diff

src/doors/syncduke/CMakeLists.txt
diff

src/doors/syncduke/README.md
diff

src/doors/syncduke/syncduke_config.c
diff

src/doors/syncduke/syncduke_door.c
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/syncduke/syncduke_plat.c
diff

syncduke: Win32/MSVC build (build.bat, vcpkg.json, cross-platform shim I/O)

Following src/doors/syncdoom, add the files to build SyncDuke for Win32:

- build.bat + vcpkg.json: VS 2022 configure/build/install, static libjxl
  via classic-mode vcpkg (falls back to sixel/text tiers when absent).
- CMakeLists.txt: PLATFORM_WIN32 on Windows; guard the GCC-only options
  under NOT MSVC and add MSVC equivalents (/w, CRT/Winsock deprecation
  defines, /FORCE:MULTIPLE for the engine tentative-global + xpdev dup
  symbols, premap.c /Od, ws2_32 + winmm). /FIinttypes.h plus
  _MSC_STDINT_H_/_MSC_INTTYPES_H_ neutralize the vendored msinttypes
  shims that clash with MSVC 2022's native headers.
- compat/strings.h: satisfies the vendored filesystem.c <strings.h>
  include on MSVC (maps strcasecmp); #include_next passthrough on *nix.
- Shim sources (door/config/io/input/plat): _WIN32 paths using Winsock
  send/recv/ioctlsocket, QueryPerformanceCounter clocks, Sleep,
  _fullpath/_stricmp, and .CRT$XCU constructors (reading __argc/__argv)
  in place of glibc __attribute__((constructor)). input.c/door.c stay
  xpdev-free so the keymap unit test still links standalone; the *nix
  paths are unchanged.

Verified: builds under MSVC (Win32 x86 console syncduke.exe) and on Linux.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Added Files:


src/sbbs3/mail_dkim.c
diff

src/sbbs3/mail_dkim.h
diff

Modified Files:


docs/v322_new.md
diff

src/sbbs3/GNUmakefile
diff

src/sbbs3/mailsrvr.cpp
diff

src/sbbs3/mailsrvr.h
diff

src/sbbs3/mailsrvr.vcxproj
diff

src/sbbs3/mime.c
diff

src/sbbs3/mime.h
diff

src/sbbs3/objects.mk
diff

src/sbbs3/sbbs_ini.c
diff

src/sbbs3/scfg/scfgindex.h
diff

src/sbbs3/scfg/scfgsrvr.c
diff

mailsrvr: DKIM signing of outbound mail (issue #215)

Sign outbound messages with a relaxed/relaxed rsa-sha256 DKIM-Signature
header so receivers can authenticate them.  Enabled via the [Mail]
DKIMSign / DKIMDomain / DKIMSelector keys (and the SCFG SendMail Support
menu); the RSA private key is loaded from ctrl/dkim_<selector>.pem and
the matching public key is published in DNS by the sysop.

New mail_dkim.{c,h}: streaming relaxed body hash, relaxed header
canonicalization, DKIM-Signature assembly, and OpenSSL EVP signing
(cryptlib cannot emit a raw PKCS#1 signature).  This is an OpenSSL-only
feature, gated on pkg-config libcrypto; without it the entry points
compile to no-op stubs and mail goes out unsigned.

Integration in sendmail_thread uses a two-pass render: pass 1 captures
the message via a thread-local observer on sockprintf (nothing
transmitted) to compute the body hash and collect the signed headers,
then the DKIM-Signature is prepended and pass 2 transmits while
re-hashing the body, aborting on a mismatch.  mimegetboundary() gains a
seed so both passes produce an identical MIME boundary; the MSG_KILLFILE
attachment removal and the msg.subj mutation are guarded/saved so the
capture pass has no side effects.  POP3 retrieval and the
DKIM-disabled path are byte-for-byte unchanged.

SCFG gains DKIM Signing / Domain / Selector options under Mail Server ->
SendMail Support (scfgindex.h regenerated).

Live-validated on mail.synchro.net: Gmail reports dkim=pass, and
dmarc=pass for a *.synchro.net From address (relaxed alignment against a
single d=synchro.net key).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
(cherry picked from commit d28f2990942da53bfc96e3ed84daeac8277a41e1)

Added Files:


3rdp/build/cl-visibility.patch
diff

Modified Files:


3rdp/build/GNUmakefile
diff

cryptlib: hide vendored OpenSSL symbols so libcrypto can coexist

cryptlib's libcl.a bundles an ancient OpenSSL and exports ~139
OpenSSL-namespace globals (BN_*, MD5_*, SHA*, RSA_*, sanityCheckBignum,
...).  Statically linked into libsbbs.so with those symbols global, they
interpose a separately-linked libcrypto: e.g. EVP_RSA_gen's internal
BN_free binds to cryptlib's BN_free, which is then handed an OpenSSL
BIGNUM of incompatible layout -> crash in sanityCheckBignum.  (libcrypto
was previously only a transitive dependency via libmosquitto and never
called by our own code, so this was latent.)

New cl-visibility.patch compiles cryptlib with -fvisibility=hidden and
decorates its public C_RET API with visibility("default") -- gated on
__GNUC__ && _CRYPT_DEFINED, mirroring the existing Windows dllexport
split -- so only the crypt* API is exported and the vendored OpenSSL
symbols become local.  Verified: crypt* stays exported (the server .so
modules still resolve it), BN_*/MD5_*/sanityCheckBignum are hidden, and a
full release relink is clean.  Enables direct libcrypto use in the mail
server (DKIM signing) and closes the latent interposition risk against
mosquitto's libcrypto.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
(cherry picked from commit 57656a4c55e84faefcdcca66cebf8df65fc4a8c6)

Modified Files:


exec/lbshell.js
diff

lbshell.js: beep instead of crash on stray keys in the xtrn menu

When a keystroke that isn't a valid menu item leaks through the lightbar
getval() in the external-programs ('x') handler, parseInt() of it yields
NaN or an out-of-range index, and the code dereferenced the array element
without checking it existed:

- Section selection fed parseInt(x_sec) straight into new Xtrnsec(), whose
  constructor immediately reads xtrn_area.sec_list[sec].prog_list -> the
  "sec_list[sec] is undefined" TypeError seen in error.log.
- Program selection's own guard was the crash: it read .number off
  prog_list[parseInt(x_prog)] which was undefined.

Validate the section index before constructing the submenu, and look the
program up once with a null-check before dereferencing. A stray keystroke
now just beeps instead of throwing and dropping to the default shell.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
(cherry picked from commit 074785210f01bdc40ecff0782984c7cfe02a5330)

Modified Files:


docs/v322_new.md
diff

exec/load/salib.js
diff

exec/spamc.js
diff

spamc.js/salib.js: let SpamAssassin see the originating relay IP

Enable the synthetic Received-header injection (set msg.hello_name from
the mailproc hello_name global) so spamd can identify the connecting
client and run sender-IP DNSBLs (Spamhaus, etc.) and SPF -- previously
every message scored with NO_RELAYS/NO_RECEIVED, neutering those checks.

Strip the synthetic Received from the re-written message so the stored
mail doesn't duplicate the Received the mail server adds at delivery
(the duplicate that caused this to be disabled in f886a41 / only-3-strip).
Strip it on its own: SA consumes the injected Return-Path, so a combined
match never hit.

Validated live: NO_RELAYS/NO_RECEIVED gone, SPF_PASS + RCVD_IN_* now
firing, stored messages carry exactly one Received header.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
(cherry picked from commit 567c45486b2cb958d70a2fabe2bd9f29e2c8ade0)

Added Files:


src/doors/syncduke/.gitignore
diff

src/doors/syncduke/CMakeLists.txt
diff

src/doors/syncduke/README.md
diff

src/doors/syncduke/build.sh
diff

src/doors/syncduke/compat/SDL.h
diff

src/doors/syncduke/syncduke.h
diff

src/doors/syncduke/syncduke_config.c
diff

src/doors/syncduke/syncduke_door.c
diff

src/doors/syncduke/syncduke_game.c
diff

src/doors/syncduke/syncduke_input.c
diff

src/doors/syncduke/syncduke_io.c
diff

src/doors/syncduke/syncduke_plat.c
diff

src/doors/syncduke/syncduke_stubs.c
diff

src/doors/syncduke/tests/save_load_test.sh
diff

src/doors/syncduke/tests/test_keymap.c
diff

xtrn/syncduke/.gitignore
diff

xtrn/syncduke/install-xtrn.ini
diff

xtrn/syncduke/syncduke.example.ini
diff

Modified Files:


src/doors/syncduke/Engine/src/draw.c
diff

src/doors/syncduke/Engine/src/draw.h
diff

src/doors/syncduke/Engine/src/engine.c
diff

src/doors/syncduke/Engine/src/unix_compat.h
diff

src/doors/syncduke/Game/src/actors.c
diff

src/doors/syncduke/Game/src/config.c
diff

src/doors/syncduke/Game/src/duke3d.h
diff

src/doors/syncduke/Game/src/game.c
diff

src/doors/syncduke/Game/src/gamedef.c
diff

src/doors/syncduke/Game/src/global.c
diff

src/doors/syncduke/Game/src/menues.c
diff

src/doors/syncduke/Game/src/player.c
diff

src/doors/syncduke/Game/src/premap.c
diff

src/doors/syncduke/SEAM.md
diff

syncduke: headless door shim -- single-player Duke Nukem 3D over a BBS terminal

Replace Chocolate Duke3D's SDL video/input/timer back end with a headless shim
(syncduke_*.c/h) that captures the Build engine's 8-bit framebuffer and renders
it to the user's terminal via termgfx -- auto-selecting JPEG XL (on SyncTERM),
sixel, or the text/block fallback (so even a no-sixel terminal like conhost
works), with F4 to cycle tiers and DSR-ack auto-depth pacing.

Includes the 64-bit (LP64) port of the vendored engine (CON VM + renderer
pointer widening), DOOR32.SYS client-socket I/O, the SyncDOOM-style control
scheme + mouse steering + Controls Help, per-user save/config dirs (-home),
64-bit-safe save/load, the build script + installer + example config, and a
keymap unit test.

v1 is SINGLE-PLAYER ONLY (no multiplayer/lobby/audio yet), shareware Episode 1.
See README.md / SEAM.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncduke/CHOCOLATE_DUKE3D_README.md
diff

src/doors/syncduke/DESIGN.md
diff

src/doors/syncduke/Engine/src/Makefile.am
diff

src/doors/syncduke/Engine/src/build.h
diff

src/doors/syncduke/Engine/src/cache.c
diff

src/doors/syncduke/Engine/src/cache.h
diff

src/doors/syncduke/Engine/src/display.c
diff

src/doors/syncduke/Engine/src/display.h
diff

src/doors/syncduke/Engine/src/draw.c
diff

src/doors/syncduke/Engine/src/draw.h
diff

src/doors/syncduke/Engine/src/dummy_multi.c
diff

src/doors/syncduke/Engine/src/engine.c
diff

src/doors/syncduke/Engine/src/engine.h
diff

src/doors/syncduke/Engine/src/filesystem.c
diff

src/doors/syncduke/Engine/src/filesystem.h
diff

src/doors/syncduke/Engine/src/fixedPoint_math.c
diff

src/doors/syncduke/Engine/src/fixedPoint_math.h
diff

src/doors/syncduke/Engine/src/icon.h
diff

src/doors/syncduke/Engine/src/macos_compat.h
diff

src/doors/syncduke/Engine/src/mmulti.c
diff

src/doors/syncduke/Engine/src/mmulti.cpp
diff

src/doors/syncduke/Engine/src/mmulti_stable.cpp
diff

src/doors/syncduke/Engine/src/mmulti_stable.h
diff

src/doors/syncduke/Engine/src/mmulti_unstable.h
diff

src/doors/syncduke/Engine/src/multi.c
diff

src/doors/syncduke/Engine/src/network.c
diff

src/doors/syncduke/Engine/src/network.h
diff

src/doors/syncduke/Engine/src/platform.h
diff

src/doors/syncduke/Engine/src/tiles.c
diff

src/doors/syncduke/Engine/src/tiles.h
diff

src/doors/syncduke/Engine/src/unix_compat.h
diff

src/doors/syncduke/Engine/src/win32_compat.h
diff

src/doors/syncduke/Engine/src/windows/inttypes.h
diff

src/doors/syncduke/Engine/src/windows/stdint.h
diff

src/doors/syncduke/Game/src/DbgHelp.h
diff

src/doors/syncduke/Game/src/Makefile.am
diff

src/doors/syncduke/Game/src/_functio.h
diff

src/doors/syncduke/Game/src/_rts.h
diff

src/doors/syncduke/Game/src/actors.c
diff

src/doors/syncduke/Game/src/animlib.c
diff

src/doors/syncduke/Game/src/animlib.h
diff

src/doors/syncduke/Game/src/audiolib/Makefile.am
diff

src/doors/syncduke/Game/src/audiolib/_al_midi.h
diff

src/doors/syncduke/Game/src/audiolib/_blaster.h
diff

src/doors/syncduke/Game/src/audiolib/_guswave.h
diff

src/doors/syncduke/Game/src/audiolib/_midi.h
diff

src/doors/syncduke/Game/src/audiolib/_multivc.h
diff

src/doors/syncduke/Game/src/audiolib/_pas16.h
diff

src/doors/syncduke/Game/src/audiolib/_sndscap.h
diff

src/doors/syncduke/Game/src/audiolib/adlibfx.c
diff

src/doors/syncduke/Game/src/audiolib/adlibfx.h
diff

src/doors/syncduke/Game/src/audiolib/al_midi.c
diff

src/doors/syncduke/Game/src/audiolib/al_midi.h
diff

src/doors/syncduke/Game/src/audiolib/assert.h
diff

src/doors/syncduke/Game/src/audiolib/awe32.c
diff

src/doors/syncduke/Game/src/audiolib/awe32.h
diff

src/doors/syncduke/Game/src/audiolib/blaster.c
diff

src/doors/syncduke/Game/src/audiolib/blaster.h
diff

src/doors/syncduke/Game/src/audiolib/ctaweapi.h
diff

src/doors/syncduke/Game/src/audiolib/debugio.c
diff

src/doors/syncduke/Game/src/audiolib/debugio.h
diff

src/doors/syncduke/Game/src/audiolib/dma.c
diff

src/doors/syncduke/Game/src/audiolib/dma.h
diff

src/doors/syncduke/Game/src/audiolib/dpmi.c
diff

src/doors/syncduke/Game/src/audiolib/dpmi.h
diff

src/doors/syncduke/Game/src/audiolib/dsl.c
diff

src/doors/syncduke/Game/src/audiolib/dsl.h
diff

src/doors/syncduke/Game/src/audiolib/fx_man.c
diff

src/doors/syncduke/Game/src/audiolib/fx_man.h
diff

src/doors/syncduke/Game/src/audiolib/gmtimbre.c
diff

src/doors/syncduke/Game/src/audiolib/gus.c
diff

src/doors/syncduke/Game/src/audiolib/gusmidi.c
diff

src/doors/syncduke/Game/src/audiolib/gusmidi.h
diff

src/doors/syncduke/Game/src/audiolib/guswave.c
diff

src/doors/syncduke/Game/src/audiolib/guswave.h
diff

src/doors/syncduke/Game/src/audiolib/interrup.h
diff

src/doors/syncduke/Game/src/audiolib/irq.c
diff

src/doors/syncduke/Game/src/audiolib/irq.h
diff

src/doors/syncduke/Game/src/audiolib/leetimbr.c
diff

src/doors/syncduke/Game/src/audiolib/linklist.h
diff

src/doors/syncduke/Game/src/audiolib/ll_man.c
diff

src/doors/syncduke/Game/src/audiolib/ll_man.h
diff

src/doors/syncduke/Game/src/audiolib/memcheck.h
diff

src/doors/syncduke/Game/src/audiolib/midi.c
diff

src/doors/syncduke/Game/src/audiolib/midi.h
diff

src/doors/syncduke/Game/src/audiolib/mpu401.c
diff

src/doors/syncduke/Game/src/audiolib/mpu401.h
diff

src/doors/syncduke/Game/src/audiolib/multivoc.c
diff

src/doors/syncduke/Game/src/audiolib/multivoc.h
diff

src/doors/syncduke/Game/src/audiolib/music.c
diff

src/doors/syncduke/Game/src/audiolib/music.h
diff

src/doors/syncduke/Game/src/audiolib/mv_mix.asm
diff

src/doors/syncduke/Game/src/audiolib/mv_mix.c
diff

src/doors/syncduke/Game/src/audiolib/mv_mix16.asm
diff

src/doors/syncduke/Game/src/audiolib/mvreverb.asm
diff

src/doors/syncduke/Game/src/audiolib/mvreverb.c
diff

src/doors/syncduke/Game/src/audiolib/myprint.c
diff

src/doors/syncduke/Game/src/audiolib/myprint.h
diff

src/doors/syncduke/Game/src/audiolib/newgf1.h
diff

src/doors/syncduke/Game/src/audiolib/nodpmi.c
diff

src/doors/syncduke/Game/src/audiolib/nomusic.c
diff

src/doors/syncduke/Game/src/audiolib/pas16.c
diff

src/doors/syncduke/Game/src/audiolib/pas16.h
diff

src/doors/syncduke/Game/src/audiolib/pitch.c
diff

src/doors/syncduke/Game/src/audiolib/pitch.h
diff

src/doors/syncduke/Game/src/audiolib/sndcards.h
diff

src/doors/syncduke/Game/src/audiolib/sndscape.c
diff

src/doors/syncduke/Game/src/audiolib/sndscape.h
diff

src/doors/syncduke/Game/src/audiolib/sndsrc.c
diff

src/doors/syncduke/Game/src/audiolib/sndsrc.h
diff

src/doors/syncduke/Game/src/audiolib/standard.h
diff

src/doors/syncduke/Game/src/audiolib/task_man.c
diff

src/doors/syncduke/Game/src/audiolib/task_man.h
diff

src/doors/syncduke/Game/src/audiolib/user.c
diff

src/doors/syncduke/Game/src/audiolib/user.h
diff

src/doors/syncduke/Game/src/audiolib/usrhooks.c
diff

src/doors/syncduke/Game/src/audiolib/usrhooks.h
diff

src/doors/syncduke/Game/src/audiolib/util.h
diff

src/doors/syncduke/Game/src/config.c
diff

src/doors/syncduke/Game/src/config.h
diff

src/doors/syncduke/Game/src/console.c
diff

src/doors/syncduke/Game/src/console.h
diff

src/doors/syncduke/Game/src/control.c
diff

src/doors/syncduke/Game/src/control.h
diff

src/doors/syncduke/Game/src/cvar_defs.c
diff

src/doors/syncduke/Game/src/cvar_defs.h
diff

src/doors/syncduke/Game/src/cvars.c
diff

src/doors/syncduke/Game/src/cvars.h
diff

src/doors/syncduke/Game/src/develop.h
diff

src/doors/syncduke/Game/src/duke3d.h
diff

src/doors/syncduke/Game/src/dukeunix.h
diff

src/doors/syncduke/Game/src/dukewin.h
diff

src/doors/syncduke/Game/src/dummy_audiolib.c
diff

src/doors/syncduke/Game/src/file_lib.h
diff

src/doors/syncduke/Game/src/funct.h
diff

src/doors/syncduke/Game/src/function.h
diff

src/doors/syncduke/Game/src/game.c
diff

src/doors/syncduke/Game/src/game.h
diff

src/doors/syncduke/Game/src/gamedef.c
diff

src/doors/syncduke/Game/src/gamedefs.h
diff

src/doors/syncduke/Game/src/global.c
diff

src/doors/syncduke/Game/src/global.h
diff

src/doors/syncduke/Game/src/joystick.h
diff

src/doors/syncduke/Game/src/keyboard.c
diff

src/doors/syncduke/Game/src/keyboard.h
diff

src/doors/syncduke/Game/src/menues.c
diff

src/doors/syncduke/Game/src/midi/Makefile.am
diff

src/doors/syncduke/Game/src/midi/sdl_midi.c
diff

src/doors/syncduke/Game/src/mouse.h
diff

src/doors/syncduke/Game/src/names.h
diff

src/doors/syncduke/Game/src/player.c
diff

src/doors/syncduke/Game/src/premap.c
diff

src/doors/syncduke/Game/src/premap.h
diff

src/doors/syncduke/Game/src/rts.c
diff

src/doors/syncduke/Game/src/rts.h
diff

src/doors/syncduke/Game/src/scriplib.c
diff

src/doors/syncduke/Game/src/scriplib.h
diff

src/doors/syncduke/Game/src/sector.c
diff

src/doors/syncduke/Game/src/sounddebugdefs.h
diff

src/doors/syncduke/Game/src/soundefs.h
diff

src/doors/syncduke/Game/src/sounds.c
diff

src/doors/syncduke/Game/src/sounds.h
diff

src/doors/syncduke/Game/src/types.h
diff

src/doors/syncduke/Game/src/util_lib.h
diff

src/doors/syncduke/PLAN.md
diff

src/doors/syncduke/SEAM.md
diff

syncduke: vendor pristine Chocolate Duke3D snapshot + design docs

Pinned upstream Chocolate Duke3D (Duke Nukem 3D source (c) 3D Realms + the
Build
engine (c) Ken Silverman), GPLv2, unmodified, plus the v1 design spec,
implementation plan, and engine/platform seam notes. The headless door shim and
our engine patches land in the next commit.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/CMakeLists.txt
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: serve the JXL and text tiers via termgfx

Use the extracted termgfx encoders/transport (jxl, apc, caps, text) instead of
in-tree copies; emit_cached_image / emit_frame_jxl become thin wrappers and the
text tier renders via termgfx's rt_render_frame. CMake propagates WITH_JXL +
the
libjxl include to the termgfx target.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/termgfx/README.md
diff

src/doors/termgfx/apc.c
diff

src/doors/termgfx/apc.h
diff

src/doors/termgfx/caps.c
diff

src/doors/termgfx/caps.h
diff

src/doors/termgfx/jxl.c
diff

src/doors/termgfx/jxl.h
diff

src/doors/termgfx/term.c
diff

src/doors/termgfx/term.h
diff

src/doors/termgfx/text.c
diff

src/doors/termgfx/text.h
diff

Modified Files:


src/doors/termgfx/CMakeLists.txt
diff

src/doors/termgfx/sixel.c
diff

src/doors/termgfx/sixel.h
diff

termgfx: add JPEG XL, APC transport, cap-probe, and text-block tiers

Extend the shared door-graphics library beyond sixel: a libjxl encoder
(jxl.c, behind WITH_JXL), the SyncTERM APC cached-image transport (apc.c),
the Q;JXL capability cap-probe (caps.c), and the ANSI text/block-character
render tiers (text.c, moved from syncdoom/render_text.c and made framebuffer-
source-agnostic). All I/O-free: the encoders build bytes, the door sends them.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/termgfx/CMakeLists.txt
diff

src/doors/termgfx/sbbs_node.c
diff

src/doors/termgfx/sbbs_node.h
diff

src/doors/termgfx/sixel.c
diff

src/doors/termgfx/sixel.h
diff

Modified Files:


src/doors/syncdoom/CMakeLists.txt
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: extract reusable bits into shared libtermgfx

First slice of the door-library extraction: move the two already-standalone,
engine-agnostic modules out of the SyncDOOM door into a new shared static
library, src/doors/termgfx/, so future framebuffer doors (e.g. a Duke Nukem 3D
port) can link them instead of copy/pasting.

  - sixel.{c,h}     -- the indexed DECSIXEL encoder (was render_sixel)
  - sbbs_node.{c,h} -- door-native node list / paging / who's-online

Files in the dedicated termgfx/ dir carry no redundant prefix (the directory is
the namespace); the lib keeps sbbs_node's meaningful prefix. libtermgfx exposes
its own dir as a PUBLIC include (so the door gets the headers) and keeps the
sbbs3/xpdev header paths sbbs_node needs PRIVATE (headers only -- xpdev symbols
still resolve at the door's final link). SyncDOOM drops the two sources + the
now-orphaned sbbs3 include and links the lib. No logic change; builds clean.

More of syncdoom.c's renderer/pacing/caps/overlay/input will move into termgfx
behind a termgfx.h engine interface over time (exported symbols there prefixed
termgfx_).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/filterfile.hpp
diff

src/sbbs3/findstr.c
diff

src/sbbs3/findstr.h
diff

Fix Win32 debug-heap assertion freeing cached filter lists (GitLab #1099)

filterFile::listed() (and ~filterFile/reset()) freed its cached str_list
with strListFree(), which links locally into each server module (xpdev is
statically linked), but built it with findstr_list(), which is dllimport'd
from sbbs.dll. So the list was allocated in sbbs.dll's CRT heap and freed
in the server module's own /MTd CRT heap. Each statically-linked CRT keeps
a per-module debug block list, so the freeing module's _free_dbg_nolock
can't find the block and asserts at debug_heap.cpp:996.

This is why the issue was debug/Windows-only and undetectable by App
Verifier: in release the UCRT heap is GetProcessHeap() (shared across
modules) so the cross-module free actually succeeds, and non-Windows
shares one libc heap -- only the Win32 debug CRT's per-module accounting
notices. It was also reproducible single-threaded (deterministic heap
mismatch, not a race) and only via findstr_list() (the lone allocation
crossing the DLL boundary). Affects every filter object (ip_can,
ip_silent_can, host_can, host_exempt) in every server, since filterFile
is a header-only class compiled into each module. Present since the class
was introduced in cd30ec58a (press-5-filled).

Pair findstr_list() with a findstr_list_free() exported from the same
translation unit (sbbs.dll), and call it from all three filterFile free
sites so allocation and deallocation share one heap. This also lets the
strListFree() that #1099 had to comment out of reset() be restored (now
under the object mutex, since reset() runs in the shutdown path where a
late client thread may still be in listed()).

Verified: rebuilt services.dll imports both findstr_list and
findstr_list_free from sbbs.dll. Built clean on Win32/Release.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/js_global.cpp
diff

src/sbbs3/js_internal.cpp
diff

Fix crash/regression in require() when a required symbol is undefined

js_IsTerminated() was reading its object argument's JS private slot as a
js_callback_t*, but the only caller (js_require) passes the execution
scope -- for a top-level require() that's the global object, whose
private is a global_private_t, not a js_callback_t. Reinterpreting it
walked garbage: js_callback_t::terminated (offset 16) lands in the
middle of global_private_t and ::bg lands past its end, so the result is
undefined. In jsexec those bytes happened to dereference truthy; in
sbbsctrl they were the unmapped pointer 0x000007fc, faulting with an
access violation in JS_TriggerAllOperationCallbacks' call chain and
taking down the Control Panel (WER minidump 2026-06-24).

The condition was also inverted: generating-12-calm (c185d884eb)
uncommented urge-22-door's (78b2682ec8, gitlab #681) stubbed
`if (TRUE) { //!js_IsTerminated(...)` as `if (js_IsTerminated(...))`,
dropping the `!`. The two defects cancelled in the common case (garbage
returned true, so the inverted test still printed the error), which is
why it went unnoticed -- but it meant #681's actual purpose, suppressing
the "symbol not defined" error during termination, never worked, and on
Windows it crashed instead.

Fix js_IsTerminated() to walk the scope chain to the internal "js"
object (mirroring js_execfile's lookup) before reading the js_callback_t,
and restore the `!` so the error is reported unless the script is
genuinely terminating. Verified: require() of a defined symbol succeeds,
require() of an undefined symbol throws "symbol 'x' not defined by
script 'y'", and no crash.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/xtrn.cpp
diff

src/xpdev/multisock.c
diff

Don't leak server listen sockets to spawned child processes (Windows)

On Windows, sockets are inheritable by default and the timed-event / native
external CreateProcess() path passed bInheritHandles=TRUE unconditionally, so
every spawned child (a jsexec timed event, a native door, a Web Server CGI)
inherited open handles to all server listen sockets. A long-lived child (e.g. a
chat_llm_irc.js timed event) would then keep those sockets bound in the kernel
after the parent (sbbsctrl/sbbscon) exited, leaving a ghost process that owned
every Synchronet port and silently dropped incoming connections of all
protocols.

Two complementary fixes:

- multisock.c: mark every listen socket (and accepted client socket)
  non-inheritable via SetHandleInformation(HANDLE_FLAG_INHERIT, 0) right after
  creation. This is the shared listen-socket path for all servers
  (Terminal/Mail/FTP/Web/Services), so children can no longer inherit a listen
  socket regardless of any CreateProcess inheritance flag.

- xtrn.cpp external(): only pass bInheritHandles=TRUE when the child actually
  needs to inherit a handle we're sharing - the redirected stdio pipes
  (use_pipes) or the duplicated passthru/client socket that a native
socket-door
  talks over. A timed event running jsexec shares neither and now gets FALSE.
  DOS doors communicate via named mailslots/events and need no inheritance.

Fixes #1151.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/lobby.js
diff

xtrn/syncdoom/lobby.msg
diff

xtrn/syncdoom/syncdoom.example.ini
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom lobby: live who's-online/activity panel + activity log

Add an opt-in live lobby ([lobby] live): a bottom-anchored panel that
shows who's online (Synchronet's canonical presence_lib node_status
format -- alias bright/green for SyncDOOM players, activity grey, clipped
so a long status never wraps; SyncDOOM players first) plus recent game
events, refreshed ~1/s and growing upward over the art. The poll loop
services node messages/telegrams (nodesync), passes control keys through
so Ctrl-T/Ctrl-U no longer draw over the panel while leaving Ctrl-P for
node paging, and treats Enter/'?' as a menu redraw.

Add the 'L' activity-log view (json_lines over events.jsonl) with
prune-on-entry retention. Move the menu-key hints into the themeable
lobby.msg art and use console.pause() for the standard prompt.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/g_game.c
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: in-game multi-line who's-online + game-event log

Replace the single clipped HU message line for the in-game who's-online
list (Ctrl-U) with the shared multi-line top banner (white-on-red, the
same non-blocking overlay incoming pages use): one node per row with the
full standard activity phrase (sbbs_action_str, matching the waiting room
/ terminal-server display), auto-clearing after a few seconds. Grow the
banner to 10 rows, size its output buffer for that, and wipe vacated rows
when a shorter banner replaces a taller one.

Add game-event logging to <data>/syncdoom/events.jsonl (-eventlog): start,
level-clear, frag, death and end records (with debug fields: terminal,
user, node, tier, build), plus frag/death/total-frag accessors in g_game.c.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/websrvr.cpp
diff

websrvr: log authenticated user logon/logoff at LOG_INFO

http_logon()/http_logoff() logged every web logon and logoff at LOG_DEBUG, so
webv4 (and HTTP-auth) user logins were invisible in the server log unless
debug-level web logging was enabled - unlike the FTP (ftpsrvr.cpp:2695), mail
(mailsrvr.cpp:1422/4380/4489) and terminal (answer.cpp:452) servers, which all
record a successful user login at LOG_INFO.

Log a logon at LOG_INFO when a real user authenticated (user.number > 0) and
keep anonymous/Guest logons (number == 0) at LOG_DEBUG, so the constant
per-request anonymous churn (bots, crawlers) stays quiet.  http_logoff()
already early-returns unless a user was logged in, so it moves to LOG_INFO
unconditionally.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/websrvr.cpp
diff

websrvr: consolidate js_CreateUserObjects() branches in http_checkuser()

The user>0 and guest (NULL user) branches differed only in the user argument
and an error-log string; collapse them into a single call with a ternary for
the user pointer.  No functional change (the anonymous failure path now logs
the same "creating user objects" message as the authenticated path).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/websrvr.cpp
diff

websrvr: remove #1169 timing probes (issue resolved)

Reverts the debug-level timing probes added in f6d382c13 to localize the
webv4 login stall; #1169 is now root-caused and fixed in b0f02c4e6
(recvbufsocket reads buffered TLS data directly instead of waiting on the
raw socket for MaxInactivity).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/websrvr.cpp
diff

websrvr: read buffered TLS request body directly (fix #1169 login stall)

A webv4 login/logout is an HTTPS POST whose body (credentials) often arrives
in the same TLS record as the headers, so it sits decrypted-but-unread in the
TLS layer with nothing left on the raw socket.  read_post_data() ->
recvbufsocket() gated each read on session_check(), which since 50258e70b
("detect TLS client disconnect", #1155) only treats a TLS session as readable
when a byte has been peeked (peeked_valid) - it no longer short-circuits on
tls_pending.  With the body buffered but no peeked byte, session_check() fell
through to socket_check() on the raw socket and blocked for the full
MaxInactivity timeout (60-90s) before the buffered body was finally read.
That is the #1169 "login stalls ~90s at Initializing User Objects" symptom:
POST-only (login/logout), duration == MaxInactivity, no wire traffic.

Guard the recvbufsocket() wait with tls_pending the same way sockreadline()
already does for header reads: when TLS data is already buffered, read it
directly instead of waiting on the raw socket.  Header reads were unaffected
because sockreadline() kept its own tls_pending guard; only the body read
regressed.

Manifests whenever the body is TLS-buffered at read time (reliably on Windows,
intermittently on Linux v3.22a); absent in v3.21f, which predates 50258e70b.
Verified on vert: the auth POST's "Authorization check complete" -> "Responding
to request" gap went from 60s to 0s.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/vdmodem/readme.txt
diff

src/vdmodem/vdmodem.c
diff

vdmodem: Add configurable ConnectMsg result for incoming connections (#1165)

SVDM hardcoded "CONNECT 9600" for extended result codes, which makes DOS
BBS software that paces its output to the reported modem speed (e.g.
SPITFIRE) run slowly even though the TCP connection is unrestricted.

Add a "ConnectMsg" key to the root section of svdm.ini specifying the text
reported after "CONNECT" (e.g. "115200/ARQ"), so the sysop can report a
faster, optionally error-corrected connection. It applies only with
extended (ATX1+) verbose (ATV1) result codes; empty (the default)
preserves the legacy "CONNECT 9600"/"CONNECT" behavior. The reported speed
is cosmetic and does not limit TCP throughput.

Bump SVDM version to 0.6 and document ConnectMsg in readme.txt.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/websrvr.cpp
diff

websrvr: add debug-level timing probes to localize webv4 login stall (#1169)

Issue #1169 reports an exactly-90-second stall on every webv4 portal
login/logout, logged between "Initializing User Objects" and the first
"Adding query value" line.  It was initially suspected to be related to
#1153 (Windows exclusive user.tab locking), but the reporter confirmed
the stall persists on a current nightly that already carries the #1153
fix, so it is unrelated.

Tracing the path shows js_CreateUserObjects() and its area-object
creators only build lazy JS skeletons and take no user.tab lock, and the
stalling request is anonymous (no user-record write at all), so the
native "Initializing User Objects" step is an unlikely culprit.  To
localize the delay empirically, add LOG_DEBUG probes that bisect the gap
between that log line and query-string parsing:

  - http_checkuser(): "User Objects initialized" (bounds js_CreateUserObjects)
  - check_request(): "Authorization check complete" (bounds check_ars tail)
  - respond(): "Responding to request (dynamic=%d)"
  - exec_ssjs(): "beginning JS request" / "initializing request properties"
    (brackets JS_BEGINREQUEST to catch a blocking begin-request)

The adjacent pair of lines that straddles the 90s gap in a debug log
localizes the offending region.  Probes are tagged "#1169 timing probe"
for easy removal once root-caused.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/node.c
diff

Extended node status was displayed without user number

Broken since commit d116f36227

Added Files:


exec/sdos.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

Removed Files:


exec/sdos.src
diff

Merge branch 'sdos-shell' into 'master'

Sdos Shell from Baja to JS

See merge request main/sbbs!699

Added Files:


exec/sdos.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

Removed Files:


exec/sdos.src
diff

Sdos Shell from Baja to JS

Modified Files:


src/doors/syncdoom/sbbs_node.c
diff

src/doors/syncdoom/sbbs_node.h
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom: show lobby/waiting/game in the node who's-online status

The door now sets a free-text node status (node.exb + the NODE_EXT misc
bit) so the BBS-wide who's-online AND the door's own Ctrl-U list show the
SyncDOOM sub-state instead of the generic "running external program":

  - JS lobby/menu  -> the default "running SyncDOOM" (unchanged)
  - waiting room   -> "in the SyncDOOM waiting room"
  - in a level     -> "playing SyncDOOM: <wad> (E1M1)" / "(MAP07)"

The WAD label is the friendly [wadset:*] name the lobby passes via a new
-wadname arg, or the -iwad basename (e.g. "freedoom1") when absent. The
map only appears while actually in a level (usergame); it's cleared on
door exit (and the BBS rewrites it from the action anyway).

sbbs_node.c gains sbbs_node_set_ext() (write node.exb + set/clear NODE_EXT
via a locked read-modify-write, as in sbbs) and sbbs_node_ext() (read);
sbbs_list_nodes() flags NODE_EXT nodes so Ctrl-U shows their free text.
Also makes the terse action abbreviations more readable (main menu,
reading msgs, downloading, ...).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/m_menu.c
diff

syncdoom: shorten the F1 help line to "CTRL-S STATS"

Match the in-game STATS ON/OFF toggle label (was "STATISTICS").

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: fix Windows Terminal sixel regression (per-frame palette)

The define-once palette optimization assumed the terminal retains sixel
color registers across separate DCS images. SyncTERM does, but Windows
Terminal and xterm do NOT -- so frames that omitted the palette block
referenced undefined registers and rendered with wrong/default colors.

Gate define-once on g_is_syncterm; everywhere else re-send the palette
every frame. It's now the stable 1:1 register<->index set, so a per-frame
palette is identical each time (no churn) -- matches Deuce's guidance and
restores correct sixel on WT/xterm while keeping SyncTERM's define-once.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: add sixel to the F4 tier cycle on JXL terminals

When JXL is the startup tier, the door now also probes sixel (the JXL
ladder short-circuits before probe_sixel, and a JXL-capable SyncTERM
answers the sixel CTDA query immediately), and adds it as a second
graphics state so F4 cycles jxl -> sixel -> text tiers. Lets a player
A/B the two graphics tiers live. Skipped when sixel is force-disabled.

Graphics-tier cycle labels now name the tier (jxl/sixel/ppm) instead of
the generic "graphics", so the F4 flash shows which one you're on.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/README.md
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: document WAD compatibility for sysops

Add a "WAD compatibility" note where sysops actually pick WADs -- the top
of the [wads] section in syncdoom.example.ini and the wads/ bullet in the
xtrn README. Covers: vanilla / limit-removing only (Chocolate Doom engine,
so Boom/MBF21/(G)ZDoom-only maps and patches won't run -- a GZDoom mod like
MyHouse plays only its vanilla decoy map), the known-good IWAD list, and the
multiplayer rule that every player in a lockstep match runs the same WAD set.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/i_video.c
diff

src/doors/syncdoom/render_sixel.c
diff

src/doors/syncdoom/render_sixel.h
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: make the sixel tier work on SyncTERM

Three fixes that together make SyncTERM render the sixel tier correctly
(it previously garbled and/or scrolled), and let older SyncTERM reach it.

- Stable, define-once palette. The encoder rebuilt a per-frame palette from
  the RGB framebuffer and re-emitted all 256 color-register definitions every
  frame -- with register numbers assigned in scan order, so the same Doom color
  was a different register each frame. That churn corrupted SyncTERM's decoder
  (garbled colors every few frames). Now we encode from Doom's native 8-bit
  indices (i_video.c exposes the live palette + a change counter) against a
  fixed 1:1 register<->index palette, and (re)define the registers ONLY when
  Doom actually changes the palette (damage/pickup/radsuit/menu). A steady
  scene sends band data alone -- identical palette every frame, ~4KB smaller.

- DECSDM (private mode 80) reset while the sixel tier is active. It defaults
  to set, which scrolls the page + appends a newline whenever a full-screen
  sixel reaches the bottom -- i.e. every frame. Resetting it pins the sixel at
  the page origin and stops the per-frame scroll. Restored on exit/tier-change.

- CTDA sixel auto-detect. SyncTERM advertises sixel only via its private CTerm
  Device Attributes (ESC[<c -> capability 4 = pixel ops), not the xterm DA1
  flag, so older (no-JXL) SyncTERM used to fall back to text. Probe ESC[<c and
  accept cap 4, so those versions auto-select sixel. 1.4+ still prefers JXL
  (the tier ladder probes JXL first).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


exec/lbshell.js
diff

Don't need to pass a filespec to bbs.list_file_info(..., FI_USERXFER)

Fixes lbshell.js line 1388: ReferenceError: spec is not defined

Modified Files:


src/conio/cterm_dec.c
diff

Ensure pixelsb is initialized for setpixels()

This could cause weird blinking issues with sixel background areas

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: anchor mouse steering to the image + cap sixel size

Two fixes for terminal mouse steering in a window much larger than the
rendered game (notably xterm sixel):

- Steer relative to the IMAGE, not the window. The steer center and
  full-deflection span are now taken from the rendered image's cell
  rectangle (g_img_col + width) instead of the terminal's center. With a
  letterboxed or top-left-anchored image the old window-center put the
  "idle" point out in the black margin, so the player spun until the
  pointer was dragged off into empty space; now idle sits on the picture's
  center and the image edge is full turn. Exact once the terminal's real
  cell size is known (SyncTERM always; xterm with allowWindowOps).

- Never upscale the sixel past native 640x400, even when real pixel
  geometry was measured. Sixel is near-raw RLE, so a window-filling sixel
  on a large console is both too big for the terminal to render and a huge
  per-frame payload that stalls the DSR pacing -- the door froze on a blank
  screen once allowWindowOps let xterm report a big window. The 640 cap was
  previously skipped when geometry was known; sixel is impractical to
  upscale regardless. JXL/PPM (real compression) keep the full scale_max.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/xpdev/ini_file.c
diff

xpdev: fix iniSetString/iniGetSection misfiling keys in empty sections

When an ini section's header exists but the section is empty (immediately
followed by another section header, or EOF), section_start() returned the
end of the list, so iniSetString()/iniSetValue() inserted new keys at the
end of the file -- under the last section -- instead of into the intended
(empty) section. The misfiled keys then couldn't be read back via
iniGetString(section, key), and repeated rewrites accumulated duplicates
(GitLab #1168).

Root-cause the special case away: find_section() now returns the index of
the next section header (or the list terminator) for an empty section,
which is both the correct stop-point for read loops and the correct
insertion point for new keys. section_start() is removed (it collapsed to
an identity).

That change required guarding iniGetSection(): it unconditionally pushed
list[i] and only worked before because find_section() returned the NULL
terminator for an empty section. It now skips the push when list[i] is a
section header, so an empty section yields no keys instead of bleeding the
following section's header and keys into the result. This also fixes a
pre-existing latent bug: iniGetSection(ROOT) on a file with no root-level
keys returned the first named section's contents -- which corrupted
iniSortSections(list, NULL, ...) output (reachable from filedat.c's
batch_list_sort(), duplicating the first entry of a no-root batch list).

Adds an in-memory regression suite under #ifdef INI_FILE_TEST (run when the
test binary is invoked with no file arguments): 6 checks covering the
#1168 misfile, the empty-section read guard, and the empty-root case. The
suite reports 3 failures against the unfixed code and 0 against the fix.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/sbbs_node.c
diff

syncdoom: define a PATH_MAX fallback in sbbs_node.c (MSVC)

sbbs_node.c used PATH_MAX but only included dirwrap.h, which defines the
xpdev-portable MAX_PATH -- not PATH_MAX, which is POSIX-only and absent
under MSVC (error C2065). Add the same #ifndef PATH_MAX fallback syncdoom.c
already uses, so the door's Windows/MSVC build compiles.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: write per-user prefs fresh to fix lost settings

The per-user prefs file (data/user/####/doom/syncdoom.ini) silently
stopped saving and loading its [input] settings (mouse, instant_turn,
kpturn, ...) and piled up duplicate keys. Cause: read-modify-write plus
"remove a key when it equals the default" eventually emptied the [input]
section, and an xpdev bug then misfiled every later [input] key at the end
of the file under [video], where it was unreadable (gitlab #1168).

Write the file fresh each time instead -- store only the current
non-default prefs, sections built in order -- so the empty-section path is
never hit and an already-corrupted file self-heals on the next save. These
are generated prefs in data/, so there's nothing hand-edited to preserve
by reading the old file first.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/m_menu.c
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: Ctrl-O toggles mouse steering in-game + F1 help line

Ctrl-O now flips terminal mouse steering on/off live, mirroring the
Ctrl-S/Ctrl-T door hotkeys: it flashes a "MOUSE ON/OFF" label, switches
the xterm tracking modes to match (?1003h/?1006h on, ?1003l/?1006l off),
and saves the setting per-user. Turning it off also drops any held button
and the last pointer offset so the player stops cleanly. This doubles as
the per-user off switch for anyone who doesn't want mouse control.

Also adds a "CTRL-O MOUSE / CTRL-S STATISTICS" line to the F1 controls
help screen, shifting the control list up a few pixels to keep it clear
of the skull.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/doomgeneric.h
diff

src/doors/syncdoom/i_input.c
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/README.md
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: terminal mouse steering (xterm SGR mouse)

On SyncTERM and other xterm-mouse-capable clients the door now turns with
the mouse, which bypasses Doom's turn-acceleration ramp and the door's
key-up-synthesis grace machinery entirely -- so turning is markedly
smoother and more precise than the arrow keys (no key-repeat lag).

Terminals report the pointer's ABSOLUTE, screen-clamped cell position
(no relative deltas, and the host can't recenter the pointer), so the
model is a virtual joystick: the pointer's horizontal offset from
screen-center sets a turn RATE -- hold it left of center to keep turning
left, return to center to stop. A relative-delta "native feel" model was
prototyped and dropped (it stalls uselessly at the window edge). An idle
timeout relaxes steering to neutral when the pointer stops reporting, so
abandoning it off-center (e.g. alt-tabbing away) no longer spins forever
-- terminals send no focus-out event to signal it.

Buttons map to Doom's defaults: left = fire, right = strafe-modifier,
middle = forward. Vertical mouse and the wheel are unused. Button state
comes only from real press/release events, never from motion reports
(a motion report can carry stale/phantom button bits, which otherwise
stuck the fire bit on while steering).

Enable/disable with [input] mouse = on|off (default on) or -mouse on|off;
saved per-user, suppressed in menus and while typing chat, and simply
inert on terminals without mouse reporting.

Implementation: parse SGR mouse reports (ESC[<b;col;row M/m) in the CSI
parser (enlarged the param buffer); DG_GetMouse() projects state to a
per-tic ev_mouse posted from I_GetEvent(); enable/disable the tracking
modes (?1003h/?1006h) in DG_Init/terminal_restore.

Also fixes the in-game Ctrl-P key, which a stale "return 't'" alias had
been shadowing so it opened talk instead of reaching the page handler.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncdoom/sbbs_node.c
diff

src/doors/syncdoom/sbbs_node.h
diff

Modified Files:


src/doors/syncdoom/CMakeLists.txt
diff

src/doors/syncdoom/hu_stuff.c
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: in-game who's-online (Ctrl-U) and node paging (Ctrl-P)

Let a player see who else is on the BBS and page a node from the door. Door-
native: no SCFG/scfg_t load -- new sbbs_node.{c,h} reads node.dab from
$SBBSCTRL
and user/name.dat from $SBBSDATA, and pages a node the way putnmsg does (append
to msgs/n###.msg + set the target's NODE_NMSG flag), all with plain file I/O
and
the current Synchronet headers (nodedefs.h). Self node from $SBBSNNUM. The
public interface uses a projected sbbs_node_info_t so the BBS node_t never
collides with Doom's own node_t (BSP nodes).

UI:
- Waiting room: Ctrl-U lists the online nodes (node, alias, activity), Ctrl-P
  pages one (list -> pick node -> type message); incoming pages are shown there
  too. Blocking screens are fine here -- no game is running. A hint row
advertises
  the keys.
- In-game: non-blocking, so the lockstep netgame and the frame pacing aren't
  disturbed. Ctrl-U posts a compact one-line HUD message ("Online: <alias>
  <activity>, ..."); an incoming page is word-wrapped into a transient top-of-
  screen banner (Doom's HU line caps at 80 chars and would truncate it); Ctrl-P
  in-game just points to the waiting room. Polled between ticks.

Activity wording matches Synchronet's nodestr() defaults; a terse set of
abbreviations is used for the compact in-game line.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: accept a short or SAUCE-padded waiting.bin splash

load_splash() required the file to be exactly 4000 bytes (80x25), so an editor
that saved a shorter canvas (e.g. PabloDraw's 80x23 = 3680 bytes) or appended a
SAUCE record was rejected and the door fell back to the baked-in art. Now it
zero-fills the cell buffer and loads up to 4000 bytes from any non-empty file:
a short image fills the top rows (rest black), a longer one has the extra bytes
(SAUCE) ignored.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


xtrn/syncdoom/waiting.bin
diff

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/d_net.c
diff

src/doors/syncdoom/g_game.c
diff

src/doors/syncdoom/m_menu.c
diff

src/doors/syncdoom/syncdoom.c
diff

src/doors/syncdoom/tools/gen_splash.py
diff

xtrn/syncdoom/README.md
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: FAST TURN default, change-only prefs, quit fog, editable splash

Door/lobby polish (all built; FAST TURN and the teleport-fog quit
live-confirmed
in MP):

- FAST TURN: a new Options-menu checkbox / [input] instant_turn that defeats
  Doom's slow-start turn-acceleration ramp -- the ramp keeps resetting on
  terminal key-repeat gaps and makes turning feel laggy. Now DEFAULT ON, with
the
  TURN grace lowered (150 -> 75 ms) so full-speed taps don't over-swing.
Per-user,
  saved. (The inline input rows shift up a touch to fit the new option.)
- Per-user prefs now save ONLY settings the player actually changed from the
  sysop/built-in default; matching keys are removed. So a sysop's house
defaults
  keep reaching returning players for any key they never touched in-game.
- [game] quit_effect = keep | vanish | fog (default fog): a departing player's
  marine teleports out (fog puff + sound) instead of standing frozen. The body
is
  removed deterministically across the lockstep netgame, so it's a house
setting,
  not a per-user toggle.
- [game] splash: the waiting-room backdrop is now an external, editable
  waiting.bin (80x25 raw char+attr "binary text", PabloDraw/Moebius-editable),
  loaded at startup with the baked-in art as fallback. tools/gen_splash.py
emits
  it alongside the C header.
- READMEs + syncdoom.example.ini updated for all of the above.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom: case-insensitive WAD resolution (DOOM2.WAD vs doom2.wad)

On a case-sensitive (Linux) filesystem a configured "doom2.wad" did not find a
real DOOM2.WAD -- DOS/Windows WADs are commonly upper-case -- so the lobby hid
the wadset and the door reported it "not found". Resolve case-insensitively
with
the stock helpers: the lobby uses file_getcase() (presence check + launch
args),
and the door's wadcopy() uses fexistcase() (xpdev dirwrap), which rewrites the
path to the real on-disk case. A no-op on case-insensitive (Windows)
filesystems.

Reported by nelgin.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/ctrl/MainFormUnit.cpp
diff

sbbsctrl: count total_users() on a background thread, not the GUI thread

TMainForm::StatsTimerTick() called total_users() directly on the VCL
message-pump thread.  total_users() walks the entire user base, reading
every record (a lock/read/unlock per user); on a large base - especially a
network-mounted data_dir - that is slow, and while the servers are busy
(e.g. a web scrape saturating the file share) it froze the GUI for seconds
at a time.  1eb9328327 (limited-19-blackjack) reduced how often the scan
runs, but throttling frequency can't stop an individual O(N) blocking scan
from freezing the UI when it does run.

Run the scan on a short-lived background thread (_beginthread, matching the
server-launch threads in this file).  The worker never touches the VCL: it
publishes the count, and StatsTimerTick() picks it up on a later tick.  The
existing frequency guard and the !StatsForm->Visible early-return are kept,
so a hidden Stats window still scans nothing and at most one scan runs at a
time.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/websrvr.cpp
diff

websrvr: bound drain_outbuf() so a dead client can't wedge the server

drain_outbuf() spun in a SLEEP(1) loop as long as the outbuf ring buffer
held data and the socket was still valid, with no timeout and no check of
the terminate_server flag (the "/* ToDo: This should probably timeout
eventually... */" note acknowledged this).  When a client stops reading,
the output thread blocks in its send and the buffer never drains, so the
session thread spins forever.  Under a distributed web scrape (many
abandoned Alibaba/Aliyun keep-alive connections) this hung web-server
shutdown: the "Waiting for N child threads to terminate" loop never
completed because several http_session_thread()s were stuck in
drain_outbuf() <- send_error().

Bound the wait: return (not break) when terminate_server is set, or once
the buffer has stalled for max_inactivity seconds.  Returning rather than
falling through matters - the output thread can hold outbuf_write while
blocked in a send, so the trailing pthread_mutex_lock() would just re-hang;
returning lets the caller close the socket, which unblocks the output
thread.

Unbounded since the original SLEEP-based drain in 00f254912d (maker-8-money).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


xtrn/zmachine/getgames.js
diff

xtrn/zmachine: getgames.js -- clear message when http.js lacks Download()

Older Synchronet installs ship an exec/load/http.js without
HTTPRequest.Download(),
so getgames' fetches died with an opaque "Download is not a function" (X-Bit
hit
this on a Windows install). Detect it up front: print a clear "update http.js"
notice, still install the bundled games, and skip the download entries
gracefully
instead of throwing.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/zmachine/tools/blorb2gfx.js
diff

xtrn/zmachine/zmachine.js
diff

xtrn/zmachine: Windows/ImageMagick fixes for v6 graphics baking

Surfaced by a Windows install report (X-Bit / X-Bit BBS) of Arthur's v6 scenes
rendering washed-out in SyncTERM.

- blorb2gfx.js + v6scaledFile: prefer ImageMagick 7's unified "magick" command,
  fall back to "convert". On Windows, bare "convert" is the OS disk-format tool
  that shadows ImageMagick on the PATH, silently breaking the bake.

- blorb2gfx.js: place "-depth 8" AFTER the input so PPM output is forced to
  maxval 255. On ImageMagick 7, -depth before the input is only a read setting,
  so a 4-bit (16-colour) Blorb source wrote maxval 15 -- which SyncTERM renders
  washed-out (and which looks "fine" in GIMP, since GIMP normalises maxval).
  Latent on every IM7 host, not just Windows. The -gamma 0.55 pre-darken (to
  cancel SyncTERM's pnm_gamma) is unchanged and still applied.

- zmachine.js: require("userdefs.js") instead of load() -- sbbsdefs.js already
  require()s it, so a 2nd load() re-executes it (idempotent require avoids the
  redundant re-declaration); best practice regardless.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/prntfile.cpp
diff

src/sbbs3/sbbs.h
diff

Fix custom-shell menus showing the stock menu instead of the override-dir file

When a command shell sets a menu sub-directory override (menu_dir), menu file
lookups are supposed to search that subdir before the default text/menu dir.
Commit d3123dd1ae (vampire-14-reset) added that default-dir fallback, but
implemented it *inside* menu_exists() on a per-extension basis.  Because the
terminal-type extension priority loop lives one level up in menu() (rip, mon,
ans, seq, msg, asc), a higher-priority extension that exists only in the
default dir would preempt a customized lower-priority extension in the override
subdir: e.g. with menu_dir="errol_", a custom errol_/main.asc was shadowed by
the stock text/menu/main.msg, because menu() asked menu_exists(code,"msg")
(which fell back to the default dir and matched) before ever trying .asc in the
subdir.  Result: the stock "classic" menu was displayed while the custom
shell's keystroke handling still worked -- as reported by Errol Casey
(Amessyroom) on sync_sysops.

Move the subdir->default fallback out to wrap the *entire* extension search, in
both menu() and the NULL-ext path of menu_exists(), so the override subdir is
exhausted across all extensions before the default dir is consulted at all.
Factor the single-dir, single-extension lookup into a new no-fallback helper
menu_exists_in().  Direct callers of menu_exists() (including the JS
bbs.menu_exists() binding, str.cpp info-file checks, and random_menu()) keep
the two-pass fallback and their existing boolean contract.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/mp_server.c
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom: quit empty matches fast + reap dead servers' registry files

Two fixes so abandoned/dead games stop lingering in the Browse list:

- mp_server.c: once a client has connected, an empty match (creator cancelled,
  everyone left, or the game finished) now quits after ~8s instead of the full
  60s idle timeout. A never-joined spawn keeps the full grace (its creator's
  connect is still in flight). An empty match is already hidden from Browse, so
  nobody can join it during the wait anyway.

- sd_list_games: a clean shutdown removes its own .ini, but an unclean death
  (kill/crash) leaves it frozen at its last heartbeat. Reap (delete) such a
  file once it's well past stale (x3, leaving margin for SMB attribute-cache
  lag on a shared cross-host games dir); a still-live server re-creates its
  file on the next heartbeat. The merely-stale window still just hides it.

Validated: reap test deletes only the ancient orphan, keeps stale/empty ones
hidden-but-present, lists the joinable game.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/lobby.js
diff

syncdoom lobby: auto-join when only one game is running

Pressing J with a single game listed made the player read a one-row table
and then type "1". When exactly one game is running, skip the list and the
"join which?" prompt and join it directly (still validated: lobby status,
WAD set installed). A one-line "Joining <host>'s game..." confirms the pick.
Two or more games still show the picker.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: list waiting-room players one per row (fits 3-4 long names)

The player list was a single row of "N.name" entries separated by spaces --
fine for two short aliases, but three or four longer ones (Synchronet allows
25-char aliases) overran 80 columns and truncated, like the prompt did.

Put one player per row and size the status panel to the player count: it
grows upward over the splash from 4 rows (1-2 players) to 6 (a full 4), so
every name shows in full regardless of length. Validated via pyte at 1-4
players incl. a 25-char alias -- nothing reaches column 80.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/sd_splash.h
diff

src/doors/syncdoom/tools/gen_splash.py
diff

syncdoom: redo the splash as a shaded-block DOOM wordmark

The first splash used solid full-blocks in flat horizontal color bands -- the
crude look real ANSI art avoids. Real ANSI grades color with shade glyphs
(0xB0/0xB1/0xB2) that mix a bright foreground over a dark background to make
intermediate tones (yellow over red = orange, etc.).

Regenerate sd_splash.h as a crisp rasterized "DOOM" wordmark rendered that
way: a white-hot top melting through a cyan-chrome band into a dithered
yellow->orange->red fire, with a dark-red 3D bevel on the right/bottom letter
edges, a left highlight, and molten drips. Still bespoke (not derived from any
commercial Doom asset). tools/gen_splash.py rewritten to match (Pillow +
numpy).

Validated by rendering sd_splash.h through the door's exact emission path
(pyte) behind the waiting-room panel.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/lobby.js
diff

xtrn/syncdoom/syncdoom.example.ini
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom lobby: optional full-screen DOOM ANSI attract on entry

Show a full-screen DOOM ANSI splash once when a player enters the lobby,
before the menu. A random *.ans/*.asc from the [lobby] art_dir (default an
"art" sub-dir of the door dir) is paged; any key drops into the menu. Silent
and skipped when no art is installed or [lobby] attract = false, so it costs
nothing out of the box.

The art is sysop-provided -- nothing ships in the repo (the classic ~48-row
DOOM scene portraits are fan art of id's monsters; a sysop drops their own
into the art dir). The waiting-room bespoke logo splash is unchanged.

- syncdoom_lib.js: cfg.lobby, sd_attract_dir(), sd_attract_files() (filters by
  extension case-insensitively -- classic art is often upper-case *.ANS and
  directory() is case-sensitive on *nix).
- lobby.js: sd_attract() called once at the top of sd_main().
- syncdoom.example.ini: documented [lobby] attract / art_dir.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: keep the waiting-room "waiting alone" prompt within 80 cols

The controller-waiting-alone prompt ("Waiting for another player... auto-
starts when full. Q cancel (then pick single-player to play solo).") was a
single ~103-char line that ran off the right edge of an 80-column terminal,
truncating the solo hint to "...pick si." (reported with a screenshot).

Split it across the panel's two free rows: the "waiting / auto-starts" line
on top+2 and the "Q to cancel / play solo" hint on top+3, each well within
80 cols. The other two prompt cases already fit and are unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncdoom/sd_splash.h
diff

src/doors/syncdoom/tools/gen_splash.py
diff

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: bake in a bespoke fiery-DOOM-logo waiting-room splash

The multiplayer waiting room had no backdrop. Render a baked-in 80x25 splash
(the same "ENDOOM" char+CGA-attr cell format) behind the player panel: a fiery
DOOM logo (chrome -> white -> yellow -> orange -> red gradient with molten
drips), "S Y N C" overhead, and a tagline. The art is bespoke -- NOT derived
from any commercial Doom asset -- so it ships safely in the public tree (a
Freedoom ENDOOM looked poor, and doom.wad's is copyrighted).

- sd_render_screen(cells): generalizes the former WAD-ENDOOM renderer to draw
  any 80x25 char+attr buffer (CGA attribute -> SGR, raw CP437 or UTF-8 per the
  terminal's charset), capped to the terminal's row count.
- sd_splash.h: the embedded splash array, generated by tools/gen_splash.py
  (Pillow). Edit the generator, not the header.
- Drops the w_wad.h/z_zone.h includes (no longer reading a WAD lump).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: resolve a bare -iwad/-file against the [wads] dir, not CWD

The door exports DOOMWADDIR from the [wads] dir so a bare
"-iwad freedoom1.wad" -- the direct-exec single-player install entry --
can locate the WAD in the configured directory. But the arg-rewrite that
makes WAD paths absolute before the sandbox chdir ran abscopy(), which
resolves a relative name against the door's CWD: "freedoom1.wad" became
"<doordir>/freedoom1.wad" before Doom's own IWAD search ran, defeating
DOOMWADDIR and failing with "IWAD file '<doordir>/freedoom1.wad' not
found!" whenever the WAD lives in the wads/ subdir (the default layout).

Add wadcopy(): a relative -iwad/-file/-merge value resolves against the
configured (absolute) [wads] dir when the file is found there -- the same
place the JS lobby loads from -- falling back to CWD-relative (abscopy)
otherwise. The lobby, which passes absolute WAD paths, is unaffected.

The installer's single-player launch string needs no change.

Reported by Accession.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/CMakeLists.txt
diff

src/doors/syncdoom/README.md
diff

src/doors/syncdoom/render_text.c
diff

src/doors/syncdoom/render_text.h
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/controls.msg
diff

xtrn/syncdoom/syncdoom.example.ini
diff

Removed Files:


src/doors/syncdoom/cli_data.c
diff

src/doors/syncdoom/cli_data.h
diff

syncdoom: remove the text-tier dither (and the Ctrl-N toggle)

The blue-noise dither only ever applied in 256-color text mode, and the
cell-diff
forced it static (an animated dither re-tints every cell every frame, defeating
the diff) -- at which point it was barely visible and not worth its keep.

Rip it out: drop the noise machinery from render_text.c (init_noise,
NOISE_SAMPLE,
the per-cell noise application, rt_set_dither/rt_dither_applicable) and delete
cli_data.c/.h (the 172 KB blue-noise texture pack, dither-only) + its build
entry.
Remove the door's Ctrl-N hotkey, [video] dither config, per-user dither pref,
and
the docs/controls/example.ini references.

Colors are now emitted exactly as quantized (no change at 4/24-bit, which never
dithered; 256-color loses only the subtle static texture). Builds smaller and
one
fewer thing to explain. Text tiers only; JXL/sixel unaffected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/hu_stuff.c
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: legible text-tier HUD -- message line + chat as real characters

In the text tier Doom's HUD text (pickup messages, chat) was rasterized into
the
320x200 framebuffer and then downsampled with the rest of the image to half/
sextant blocks -> illegible mush. Render it as actual terminal characters
instead.

- hu_stuff.c: HU_message_text()/HU_chat_text() expose the current message-line
and
  chat strings; sd_text_hud (set by the door in text mode) suppresses Doom's
own
  framebuffer draw of them so only the crisp terminal-character version shows.
- syncdoom.c (text path only): fetch the strings, register their cell
rectangles as
  cell-diff exclusions (so the game never repaints under them -- no flicker,
same as
  the stats overlay), then draw them on top -- the message top-left
(white-on-black,
  capped to stay clear of the right-side stats overlay), chat one row below
  (yellow-on-blue). sd_text_hud is 0 in the graphics tiers, where Doom draws
the HUD
  into the image as before.

Validated: the attract demo's pickups now render as readable text ("Got the
pump-action shotgun!", "Picked up some bullets.", ...) rather than blocks. Chat
is
wired the same way; needs a live multiplayer game to confirm. Text tiers only.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/render_text.c
diff

src/doors/syncdoom/render_text.h
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: cell-diff text renderer -> flicker-free, lower bandwidth

The text tier re-painted the entire screen every frame; the big frame segments
over TCP, so the terminal showed a half-updated row before the stats overlay
(at
the end of the frame) arrived -> the overlay strobed, and every frame was a
full
redraw.

render_text.c now diffs: a shared put_cell() sink (replacing the per-cell
output_colors/glyph) keeps a SHADOW of each terminal cell's (fg,bg,glyph)
signature and re-emits a cell only when it changed (absolute cursor positioning
instead of per-row newlines; the SGR cache carries across the frame). rt_config
sizes the shadow + forces a full repaint on any tier/charset/geometry change;
rt_render_frame clears + repaints on force, else emits only the deltas. The
dither is held STATIC (the noise texture no longer cycles) so a cell's
signature
is stable frame-to-frame -- otherwise every cell would read as changed. Ctrl-N
still toggles dithering on/off; it's just spatial now, not animated.

HUD exclusion (rt_exclude_add/clear + rt_invalidate): the door registers the
stats overlay's cell rectangle before each render, so the game diff never emits
those cells -> the overlay is never repainted under, killing the flicker
without
sacrificing a row. rt_invalidate() resyncs the shadow after the door clears a
label row behind the renderer's back.

Validated (harness + pyte): renders identically to the old full redraw; only
the
forced repaints clear-screen (2 of 316 frames), near-static frames drop to
0-500 B (the diff skipping unchanged cells), and the overlay stays intact over
the game with exclusion on. Text tiers only; JXL/sixel untouched.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: anchor text-mode overlay + labels to the rendered grid width

In text mode the grid is capped (text_max_cols, default 200), so on a terminal
wider than the cap the stats overlay (right-justified) and the centered labels
(DEPTH/DITHER/STATS/video) were positioned against the full g_cols and landed
off
to the right of the actual game view -- the overlay flew past the edge, the
labels
drifted right. Add overlay_cols() = the rendered width (g_text_cols in text
mode,
g_cols for the graphics tiers, where the overlay sits in the centered image's
margin) and route the overlay's right-justify + all four label centerings
through
it. g_text_cols is set in setup_text_mode to the capped tcols.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: stats-overlay display fixes (letterbox clear, shrink, MB/s)

Three fixes to the Ctrl-S overlay (and the Ctrl-T/N/F4 labels), reported on a
large Windows Terminal / SSH window where the centered game frame never
repaints
the top row:

- Clear on dismiss: when a label's dwell ends (or the overlay is toggled off)
the
  top row is wiped (ESC[1;1H ESC[2K) and a full repaint forced. In a
letterboxed
  window that row is in the margin, so it was stranding the text otherwise.
- Shrink-gap blanking: the overlay is right-justified, so a narrower redraw
(fewer
  fps/lag digits, or KB/s -> MB/s) left the previous wider text's left end
behind.
  Track the prior width and blank exactly the now-uncovered cells.
- Throughput reads fractional MB/s above 999 KB/s (KiB/MiB of wire bytes) so
the
  field stays narrow on a fast link (LAN sixel runs 3-6 MB/s).

Confirmed fixed live on Windows Terminal (LAN).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: AIMD auto-depth controller, stable depth, lag relabel, cap 8

Follow-up to dfd77154e. Live VPN testing showed the base-minus-penalty auto
depth oscillating 4/5<->1 on a jittery link, and the depth-1 dips were a
slideshow. Rework the controller and the supporting RTT measurement.

- auto depth is now a delay-based AIMD controller with a dead-band and a rate
  limit (max_inflight is a pure getter; auto_depth_update runs per DSR report):
  probe up one when the round-trip is clean (<1.25x baseline), ease down when
it
  queues, HOLD in between -> it SETTLES at the link's sustainable depth instead
  of hunting. Heavy queuing eases down (no longer slams to 1). Validated: holds
  high on a fat VPN, stable on LAN, no oscillation.
- RTT baseline integrity: a reclaimed frame's late DSR report could be
  mis-matched to a freshly-sent one, reading absurdly low and collapsing the
  ceiling to depth 1 (the "manual cycle -> dips to 1 -> slow crawl back" bug).
  Two guards: skip exactly the reports owed by reclaimed frames (g_dsr_stale),
  and ignore any sample far below the smoothed RTT.
- g_rt_high (renamed from the misleading "g_remote"): the frame round-trip is
  network latency PLUS the client's decode/render time, so a LAN with
non-instant
  JXL decode legitimately has a ~50ms round-trip. Once it's non-trivial, floor
  depth at 2 (depth 1 there only caps the frame rate) -- latched, so a
corrupted
  sample can never strand a remote player at depth 1.
- Relabel the displayed/logged "RTT" -> "lag": it isn't pure ping (includes
  decode), so "lag" is honest. Overlay, Ctrl-T popup, exit telemetry.
- Raise the depth cap 5 -> 8 (DEPTH_MAX; DSR ring widened to 16). On a high-
  latency link frame rate ~= depth/round-trip, so 5 left fps on the table (e.g.
  ~19fps at depth 5 / 230ms); depth 8 reaches the 35fps sim cap there. auto
  climbs to ~6 on such a link on its own; 7-8 are manual. Docs updated.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/controls.msg
diff

syncdoom: frame de-dupe + overlay throughput + auto-depth retune

Follow-ups to the adaptive frame pacing (3f94d6c31), driven by live VPN/LAN
testing and the exit telemetry now in the BBS log.

Frame de-dupe:
- emit_frame keeps a copy of the last framebuffer sent and skips a
byte-identical
  re-render -- the duplicates Doom emits between its 35fps sim tics, plus any
still
  scene. Caps the wire rate at the real visual rate and saves the redundant
bytes
  (logs show 50-75% of renders skipped). Cache is invalidated on any label
flash or
  geometry change so the screen never goes stale.
- The Ctrl-S overlay no longer suspends de-dupe (which defeated the point while
you
  watched the meter): the frame body is de-duped independently, and the overlay
  refreshes only when its text changes, so a static screen costs ~nothing. This
also
  cures the overlay flicker (it was repainting row 1 every frame).

Stats overlay + telemetry:
- Overlay shows transmit throughput (KB/s to the player) and reads "depth
N/auto";
  dropped the "SyncDOOM" label for room. Exit telemetry logs the de-duped
count.
- Ctrl-T's centered popup is suppressed while the overlay is up (it already
shows
  the live depth/RTT) so it can't obscure the game.

auto-depth retune (max_inflight):
- Floor depth at 2 once RTT > ~30ms: depth 1 is one frame per round-trip -- a
  slideshow on a remote link -- so never auto-park a far player there.
- The BDP cap now only applies while actively streaming (recent fps >= 10). An
idle
  or de-duped lull drops the frame rate for lack of MOTION, not bandwidth;
capping
  on that was clamping depth to 1 right as the next move began (the logged
  "depth=1 on a 211ms link" bug). The RTT-inflation backoff stays the real
bloat
  guard, and heavy queuing now drains all the way to 1 to flush a backlog.

controls.msg: add the Ctrl-S row + color/style refresh.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/m_menu.c
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/controls.msg
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: adaptive frame pacing to lift remote frame rate (Ctrl-T / Ctrl-S)

Over a high-latency link the DSR per-frame pacing capped the frame rate at
~1/RTT (a slideshow). Make the number of frames "in flight" configurable and,
by default, adaptive.

- [video] frames_in_flight = 1..5 | auto (now the default). A pipeline lets
  several frames cross the link at once, lifting a far-away player's frame rate
  toward Doom's 35fps sim; on a fast LAN it goes well past that (duplicate
  re-renders between tics -- a frame-dedupe pass, next, will trim those).
- auto = delay-based + bandwidth-aware congestion control: base depth from the
  BASELINE (windowed-min) RTT, back off when the current RTT inflates above it
  (a queue we're causing), and cap at the bandwidth-delay product (recent_fps x
  min_RTT) so a high-latency *low-bandwidth* link (a far VPN) can't
over-pipeline
  and bloat the input lag. Validated live across LAN and VPN, and in simulation
  (stable / queuing / bandwidth-limited links).
- Ctrl-T cycles the depth (1..5 -> auto) live and saves it per-user; Ctrl-S
  toggles a top-right stats overlay (tier / fps / RTT current+baseline /
depth).
- Exit telemetry logs RTT (current + baseline min) and the effective depth.
- Built-in default is auto (door is new -- no installed base to surprise); the
  example.ini ships frames_in_flight = auto. README + controls.msg + the F1
  help document the keys.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


exec/chat_llm_irc.js
diff

chat_llm_irc: disable SpiderMonkey branch-limit in the bot main loop

js.branch_limit (alias of js.time_limit) caps the cumulative operation-
callback count over the JS runtime's whole life.  A long-lived daemon that
polls in a while-loop for days inevitably reaches it, at which point jsexec
sets js.terminated and the bot exits; the launcher relaunches it, producing
the periodic 'guru dropped and rejoined' churn on IRC.

Set js.branch_limit = 0 (disabled) at the top of main_loop().  This loop is
not a runaway: it blocks on sock.poll() with a timeout and leaves promptly on
js.terminated or the .stop semfile, so real shutdown still works.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


ctrl/chat_llm_persona.utf8
diff

chat_llm: add SECURITY guardrails to the guru persona prompt

The guru had no security framing, so a caller could get it to role-play
as a shell: typing 'cat /etc/passwd | grep bbs' produced a fabricated,
realistic-looking passwd line (no actual file access -- the LLM has no
shell -- but credential-file-shaped output that invites escalation and
erodes trust in a multi-party channel).

Add a high-priority SECURITY section (marked as overriding even the
anti-fabrication rules) instructing the persona that it is a chat persona,
not a shell/OS/command interpreter: do not simulate command execution or
invent command output; never emit (real or fabricated) system files,
credentials, hashes, keys, or other users' private data; cannot grant
access or change accounts; and ignore caller attempts to override its
identity/rules or extract the prompt.

Validated against the live engine: shell-command, prompt-injection,
privilege-escalation, and data-exfil probes all deflect in character
while normal Q&A is unaffected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/chat.cpp
diff

chat: emit UTF-8 guru replies correctly to UTF-8 terminals (fix mojibake)

Guru replies come off the LLM as UTF-8, but they were pushed through
CP437-assuming output primitives that re-encode each byte to the
terminal charset.  On a UTF-8 terminal this double-encoded every
multibyte character into mojibake (e.g. a curly apostrophe shown as
three glyphs), and any node-spy (sbbsctrl, mqtt_spy.js) mirroring the
node's byte stream saw the same corruption.

Fix both output paths:

- Multinode (chat_llm_multinode_turn): stop pre-converting the reply to
  CP437 based on the reader's terminal and emit with bprintf(P_AUTO_UTF8,
  ...).  The reply stays UTF-8; bputs() adapts per terminal -- raw UTF-8
  to a UTF-8 term, print_utf8_as_cp437() to a CP437 term.

- 1-on-1 streamed and non-streamed (simulate_type, the shared chokepoint
  reached via js_simulate_type and chat_llm_session): when the terminal
  is UTF-8, emit each multibyte codepoint atomically via bputs(seq,
  P_UTF8) instead of byte-by-byte outchar().  Typo simulation correctly
  applies to ASCII only.  Robust to a codepoint split across SSE tokens
  (bytes still go out raw and in order).  The speed_factor<=0 fast path
  uses P_AUTO_UTF8.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/build.bat
diff

build: use x64-hosted compiler (PreferredToolArchitecture=x64) on Windows

The 32-bit-hosted CL.exe (HostX86\x86) intermittently crashed with
0xC0000005 (STATUS_ACCESS_VIOLATION) on the parallel Windows GitLab build
-- e.g. job 1547029, where CL.exe died compiling upgrade_to_v319.vcxproj.
The crash is in the compiler front-end itself, not our code, and lands on
a random source file each run: the classic symptom of the 32-bit host
exhausting its ~2GB user address space under a loaded parallel build.

Passing PreferredToolArchitecture=x64 as a solution-wide global property
switches CL.exe to the x64-hosted, x86-targeting cross-compiler
(HostX64\x86). Output is identical (still /MACHINE:X86, /arch:IA32) but
the compiler runs as a 64-bit process with no 2GB ceiling. Set on the
msbuild command line (not a .vcxproj/Directory.Build) so it is a global
property guaranteed visible before Cpp.Default.props selects the tool
architecture, and so it also covers the sibling xpdev/smblib libs.

Follow-on to the mspdbsrv (266083317) and LTCG mitigations in
Directory.Build.targets.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


xtrn/zmachine/.gitignore
diff

xtrn/zmachine: gitignore runtime game content (v6 .gfx/.blb/.z6, titles,
splash, logs)

The door dir doubles as the install dir, so sysop/runtime game data lives
alongside the package. Ignore it (v6 .z6 games + .gfx graphics caches, Blorb
sources, per-genre titles.ini IFDB caches, the optional intro splash, and logs)
so a populated install never shows it as untracked or risks committing game
data
to the shared repo. Bundled Zork I/II/III remain tracked.

Modified Files:


src/sbbs3/userdat.c
diff

src/sbbs3/userdat.h
diff

Create user_can_access_xtrn() - unused as of yet

I created this function in anticipation of using it to solve issue #1166, but
it's more complicated than first thought (the JS system object where the node
status is often retrieved does not know the identity of the user viewing it).

I plan to use this function to help solve that issue later.

Added Files:


xtrn/zmachine/.gitignore
diff

xtrn/zmachine/README.md
diff

xtrn/zmachine/SYSOP.md
diff

xtrn/zmachine/fantasy/arthur-r74-s890714.msg
diff

xtrn/zmachine/fantasy/zork1.z3
diff

xtrn/zmachine/fantasy/zork2.z3
diff

xtrn/zmachine/fantasy/zork3.z3
diff

xtrn/zmachine/games.ini
diff

xtrn/zmachine/getgames.js
diff

xtrn/zmachine/install-xtrn.ini
diff

xtrn/zmachine/jszm.js
diff

xtrn/zmachine/quetzal.js
diff

xtrn/zmachine/test/.gitignore
diff

xtrn/zmachine/test/blorb2gfx.js
diff

xtrn/zmachine/test/colour.js
diff

xtrn/zmachine/test/conformance.sh
diff

xtrn/zmachine/test/czech.sh
diff

xtrn/zmachine/test/fixtures/games_test.ini
diff

xtrn/zmachine/test/getgames_test.js
diff

xtrn/zmachine/test/gfx_probe.js
diff

xtrn/zmachine/test/journey_smoke.js
diff

xtrn/zmachine/test/quetzal.js
diff

xtrn/zmachine/test/resume.js
diff

xtrn/zmachine/test/screen.sh
diff

xtrn/zmachine/test/screenlist.js
diff

xtrn/zmachine/test/syntaxcheck.js
diff

xtrn/zmachine/test/test.ppm
diff

xtrn/zmachine/test/timed.js
diff

xtrn/zmachine/test/unicode.sh
diff

xtrn/zmachine/test/unit.js
diff

xtrn/zmachine/test/v45.js
diff

xtrn/zmachine/test/v6.js
diff

xtrn/zmachine/test/v6clearscreen.js
diff

xtrn/zmachine/test/v6gfx.sh
diff

xtrn/zmachine/test/v6mode.js
diff

xtrn/zmachine/test/v6parity.sh
diff

xtrn/zmachine/test/v6pic.js
diff

xtrn/zmachine/test/v6sixel.js
diff

xtrn/zmachine/test/v6surface.js
diff

xtrn/zmachine/test/viewport.js
diff

xtrn/zmachine/test/zz_smoke.js
diff

xtrn/zmachine/tools/blorb2gfx.js
diff

xtrn/zmachine/v6pics.js
diff

xtrn/zmachine/v6sixel.js
diff

xtrn/zmachine/viewport.js
diff

xtrn/zmachine/zmachine.js
diff

xtrn/zmachine: add the JSZM Z-machine interactive-fiction door

A Synchronet external program (door) that plays Z-machine interactive fiction
(Infocom classics and modern IF) in the terminal server, using the JSZM
interpreter ported to Synchronet JavaScript (SpiderMonkey 1.8.5).

- jszm.js / quetzal.js -- interpreter engine + Quetzal save codec
- zmachine.js -- the door front-end (v3/4/5/8 text + v6 graphics)
- v6pics.js / v6sixel.js / viewport.js / tools/blorb2gfx.js -- v6 graphics
  (SyncTERM APC + Sixel tiers; Blorb->.gfx baker)
- games.ini / getgames.js -- curated game catalog + installer provisioner
  (bundles MIT-licensed Zork I/II/III; fetches more on request, incl. Arthur
v6)
- install-xtrn.ini -- SCFG auto-install
- test/ -- conformance + unit/smoke suite

Squashed from the standalone jszm development history (process/design docs not
included). Original JSZM by zzo38 (public domain); jszm by David Lehenbauer;
ES5
port, Synchronet door, v6 graphics, and installer by Rob Swindell (Digital
Man).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


xtrn/syncdoom/getwads.js
diff

Modified Files:


xtrn/syncdoom/README.md
diff

xtrn/syncdoom/install-xtrn.ini
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: installer fetches the free Freedoom WAD set

SyncDOOM ships no game data, so a fresh install wasn't playable until the sysop
supplied WADs by hand. Add getwads.js: it downloads the freely-redistributable
Freedoom set -- Phase 1 + 2 and FreeDM, pinned to release 0.13.0 -- into the
[wads] dir, extracting each WAD from its GitHub release zip via the new
HTTPRequest.Download() (streamed to disk) + Archive.extract(). Idempotent
(skips
WADs already present), non-fatal on any download/extract failure, and resolves
its directory via js.exec_dir (the script's own dir, beside syncdoom.ini).

install-xtrn.ini runs it as a prompted, optional [exec:] step after seeding the
config. [wads] default flips from the commercial doom2 to freedoom1 (what the
installer provides) so the door plays out of the box; the commercial wadsets
stay hidden until their WADs are supplied. README documents the auto-download.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


exec/load/http.js
diff

http.js: add Download() and output_file for streaming a response body to disk

HTTPRequest buffered the entire response body in a (SpiderMonkey 1.8.5) string,
which is costly and risky for large downloads. Add an output_file property and
a
Download(url, filename) convenience method that stream the body straight to a
file in bounded 16 KB chunks instead.

Backward compatible: output_file defaults to undefined, so existing
Get()/Post()
callers are unchanged. Only a final 2xx response streams to the file -- a
redirect (3xx) body is still read into this.body so Get()'s redirect-follow
re-requests, and a 4xx/5xx error body stays in this.body for the caller to
inspect. Also exposes body_length (bytes received) on every request.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncdoom/build.bat
diff

src/doors/syncdoom/build.sh
diff

xtrn/syncdoom/.gitignore
diff

Modified Files:


docs/v322_new.md
diff

src/doors/syncdoom/COMPILING.md
diff

src/doors/syncdoom/MULTIPLAYER.md
diff

xtrn/syncdoom/README.md
diff

syncdoom: docs + build-helper polish for release

Documentation review before publishing the door:
- xtrn README: Windows/MSVC is documented as SUPPORTED (build.bat or CMake +
  vcpkg, see COMPILING.md), not "planned" -- the Winsock port has shipped.
- MULTIPLAYER.md: add the `[net] skill` and `[wadset:*] skill` keys to the
  config tables and correct the stale "skill is not a set key" note (it is
one).
- COMPILING.md: document the one-command build helpers in each platform
section.
- docs/v322_new.md: add SyncDOOM to the Stock Modules "what's new" list.

Build helpers:
- build.sh: the *nix counterpart of build.bat -- CMake configure + build, then
  copy the binary next to the lobby in this tree's xtrn/syncdoom/ (the same
place
  build.bat installs the .exe). For an in-place install that's the live door
dir;
  JPEG-XL tier auto-enabled when libjxl is found.
- build.bat: track the existing Windows/MSVC build+install helper (was
untracked).
- xtrn/syncdoom/.gitignore: ignore the locally-built syncdoom / syncdoom.exe
door
  binaries so they can't be committed by accident.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/MULTIPLAYER.md
diff

src/doors/syncdoom/mp_server.c
diff

src/doors/syncdoom/render_text.c
diff

src/doors/syncdoom/render_text.h
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: don't let a multiplayer match start with one player; drop in-progress
games from Browse

First real-player test: creators sat alone in the waiting room, pressed Start
not realizing they should wait, and landed in a one-player "co-op". Mid-game
join
isn't possible (vanilla lockstep fixes player slots at GAMESTART, no state
transfer), so make starting alone hard instead:

- Waiting room refuses a manual Start while the controller is alone in a
  multi-player match (num_players < 2 && max_players > 1) -- beep, ignore --
and
  shows "Waiting for another player to join... auto-starts when full... (to
play
  by yourself pick Play single-player)". Auto-start-when-full is unchanged; an
  explicit 1-player match (test/solo) still starts immediately.
- Dedicated server drops its registry .ini the moment the match goes
in-progress
  (and stops heartbeating it), so Browse only ever lists joinable games. Safe:
  max_games isn't registry-counted and ports use a live bind-test.
- MULTIPLAYER.md documents the no-mid-game-join rationale + these mitigations.

Also in this batch:
- Default input graces moved to their slider midpoints: TAP 500->300,
  TURN 180->150 (HOLD stays 150); example.ini updated. A per-user syncdoom.ini
  [input] still overrides.
- Ctrl-N dither toggle is now a no-op (no label, no save) where it does
nothing:
  the graphics tiers, and the text color depths that never dither (16-color,
  truecolor).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

src/doors/syncdoom/m_menu.c
diff

src/doors/syncdoom/render_text.c
diff

src/doors/syncdoom/render_text.h
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/controls.msg
diff

xtrn/syncdoom/lobby.js
diff

xtrn/syncdoom/syncdoom.example.ini
diff

syncdoom: Ctrl-N dither toggle + per-user syncdoom.ini; fix dither washout on
F4 cycle

- Dither washout fix: init_noise() rescaled noise_textures in place, and
rt_config
  calls it on every F4 tier cycle, so the repeated rescaling flattened the
dither
  until it vanished and never came back. Guard it to scale once (color depth is
  fixed for the life of the process). User-confirmed on Windows Terminal
(8-bit).
- Per-user prefs: the per-user file is now a sectioned syncdoom.ini in -home
  ([input] kp* graces + [video] dither), mirroring the house syncdoom.ini
beside
  the exe (was a flat input.ini). Saved read-modify-write so unmanaged keys
  survive. Precedence: built-in -> house ini -> per-user -> CLI.
- [video] dither = auto|on|off (auto = by color depth: on at 256-color, off at
  16-color and truecolor) plus a live Ctrl-N toggle -- no function key was
free,
  so 0x0E is intercepted at the door level (never reaches Doom).
rt_set_dither()
  re-derives the dither state without rescaling. Dither is text-tier only; off
  also trims text bandwidth (fewer SGR color escapes from broken-up flat runs).
- Docs: Ctrl-N row in controls.msg (byte-correct codes + the per-user note) and
  the README controls table; example.ini [video] dither + per-user overlay
note.
- Lobby: drop the redundant console.pause() in sd_controls -- printfile's
  auto-pause is the single dismissal; trimmed controls.msg to one screen.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/MULTIPLAYER.md
diff

src/doors/syncdoom/README.md
diff

src/doors/syncdoom/dstrings.c
diff

src/doors/syncdoom/i_system.c
diff

src/doors/syncdoom/m_config.c
diff

src/doors/syncdoom/m_menu.c
diff

src/doors/syncdoom/net_udp.c
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/README.md
diff

xtrn/syncdoom/lobby.js
diff

xtrn/syncdoom/syncdoom.example.ini
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom: persist options, in-game input-feel sliders, skill select, loopback
bind, key/quit fixes

Door (src/doors/syncdoom):
- Config persistence: doomgeneric had Save/LoadDefaultCollection #if-ORIGCODE'd
  out, so screen size / messages / detail never saved or loaded. Re-enabled
both
  (deps were all live). Skip DEFAULT_KEY entries -- the door's fixed terminal->
  Doom keycodes (>=128) don't survive the config scancode round-trip and were
  corrupting strafe/fire/use to 0. Also call M_SaveDefaults on
hangup/time-limit
  exits, not just menu quit.
- I_Quit now actually exits (its exit() was #if-ORIGCODE'd, so menu quit,
hangup,
  and the waiting-room cancel fell through into the game).
- Waiting-room Q cancel: drain stale lobby type-ahead + scan the whole read so
a
  buffered Enter can't auto-launch before Q is seen.
- In-game Options > Input "feel" sliders (KEY TAP/HOLD/TURN) for the key-up-
  synthesis graces, inline on the Options menu, snap-to-grid stepping, bars
  aligned with SCREEN SIZE. Saved per-user (input.ini in -home, root section);
  [input] ini is the house default; -kp* CLI still wins.
- -skill plumbed through to doomgeneric (was being eaten by the -s prefix
  matcher, which clobbered the client socket and bounced the player to the
lobby).
- net_udp.c: server binds 127.0.0.1 by default (-bindaddr); off-box play is
opt-
  in. Client keeps INADDR_ANY. (File reformatted to house style.)
- Help screen: git hash lower-left, build date lower-right.
- Quit prompts: "dos" -> "the BBS".

Lobby (xtrn/syncdoom):
- [net] bind (defaults to advertise); skill picker with [net]/[wadset] skill
  default; WAD-set picker fits the real terminal width (name-only fallback);
  dropped em-dash "--" separators from user-facing strings.

Docs: MULTIPLAYER.md, READMEs, and syncdoom.example.ini updated for the bind
default, skill, input-feel, and persistence behavior.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/MULTIPLAYER.md
diff

syncdoom: reconcile MULTIPLAYER.md with as-built; add inter-BBS federation
design

Bring the multiplayer design doc in line with what shipped: the real [net]
keys (advertise, port_low/high, max_games, max_players=4, idle_timeout, stale,
allow_external), colon section separators ([wadset:*], [net:<hostname>]), the
per-host override, the actual mp_write_registry fields, and the [wads]/
[wadset:*] keys -- marking autoscan/default_iwad/sort/bind/discovery deferred.

Replace the open "scope=public" sketch with a concrete Inter-BBS federation
design: finger-based registry discovery, a trusted-peer IP allowlist, and an
optional out-of-band shared secret (passed on the command line) for dynamic-IP
peers. Co-op first, given lockstep latency across the internet.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


xtrn/syncdoom/syncdoom.example.ini
diff

Modified Files:


src/doors/syncdoom/README.md
diff

xtrn/CLAUDE.md
diff

xtrn/syncdoom/install-xtrn.ini
diff

Removed Files:


src/doors/syncdoom/syncdoom.ini
diff

syncdoom: ship syncdoom.example.ini + installer copy; drop duplicate src config

Version-control the documented config template as
xtrn/syncdoom/syncdoom.example.ini and have install-xtrn.ini copy it to the
live syncdoom.ini on install (the [copy:] action won't clobber an existing one
without confirmation). The door and lobby both read the one combined file
(video/input for the door; net/wads/wadset for the lobby).

Remove the duplicate door-only sample src/doors/syncdoom/syncdoom.ini, which
had already drifted from the deployed config, and repoint the door README at
the combined example. Document the example.ini -> live-ini [copy:] pattern in
xtrn/CLAUDE.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/lobby.js
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom lobby: per-host advertise, WAD-set default/note, per-WAD .msg

Multi-host: overlay a hostname-keyed [net:<hostname>] section onto [net]
(keyed by system.local_host_name) and pass [net] advertise to the dedicated
server as -advertise, so one shared install can give each host its own
joinable address. Blank advertise still means loopback / same-host only.

WAD picker: pre-select the [wads] default set, show a [wadset:*] note
(with a pause) before launch, and display any "<wadname>.msg" readme sitting
beside a WAD in the selected set (paged, before launch).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/render_text.c
diff

syncdoom: skip redundant per-cell SGR in the text/block renderer

The text tier emitted a full color escape for every cell. Track the last
foreground/background actually sent and emit only the component(s) that
changed -- a flat run now emits just the glyph -- cutting output bytes
sharply over a BBS link with identical on-screen results. The cache is
reset at each \033[0m (row end) and at frame start, where the terminal is
back to its default colors. Also drops the now-unused buffer_append_format.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncdoom/COMPILING.md
diff

src/doors/syncdoom/vcpkg.json
diff

Modified Files:


src/doors/syncdoom/.gitignore
diff

src/doors/syncdoom/CMakeLists.txt
diff

src/doors/syncdoom/README.md
diff

src/doors/syncdoom/mp_server.c
diff

src/doors/syncdoom/render_text.c
diff

src/doors/syncdoom/syncdoom.c
diff

syncdoom: add Windows/MSVC build support (incl. JPEG-XL via vcpkg)

Port the door to build with Visual Studio 2022 / MSVC via CMake. The
engine (Chocolate Doom) was already _WIN32-aware and all socket I/O
already went through xpdev's sockwrap; this fills the remaining gaps:

- syncdoom.c: guard <unistd.h>, add the Windows include block; now_ms()
  via timeGetTime(), DG_SleepMs() via Sleep(), abscopy() via _fullpath;
  WSAStartup() at startup (sockwrap doesn't self-init Winsock); guard
  SIGPIPE out; PATH_MAX fallback.
- mp_server.c: implement mp_spawn_server() with CreateProcess
  (DETACHED_PROCESS) -- the Windows analogue of the fork/setsid detach.
- render_text.c: mempcpy/stpcpy fallbacks for MSVC (glibc-only).
- CMakeLists.txt: MSVC branch (CRT deprecation defs, winmm, C11);
  Winsock/winmm come transitively from xpdev. JPEG-XL: locate an
  MSVC-built static libjxl + deps (highway/brotli/lcms2), with a
  release/debug split so multi-config (VS) builds link the right CRT.
- vcpkg.json: manifest pinning libjxl for the MSVC JPEG-XL tier.
- COMPILING.md: build instructions for *nix and Windows; README trimmed
  to a quickstart that points to it.

Verified on Win32: Release + Debug both link and run (mode=jxl), with a
self-contained exe (libjxl statically linked, no JXL DLLs). The *nix
build is unchanged -- all Windows code paths are behind _WIN32 guards.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/lobby.msg
diff

syncdoom lobby: hint the global hotkeys on the lobby screen

Add a footer line to the lobby art pointing out Synchronet's global hotkeys
that
stay live inside the door -- Ctrl-U (who's online) and Ctrl-P (private message)
--
handy for a user waiting in the lobby for others to join the game.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/lobby.js
diff

xtrn/syncdoom/syncdoom.ini
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom lobby: page nodes to join, fix join-race & stale games, cap at 4
players

When creating a multi-player game, offer to page other active nodes whose users
can run the door (User.compare_ars against the door's execution_ars), delivered
via the sysop-configurable NodeMsgFmt so it matches normal inter-node messages.
The page prompt now runs before the server is spawned, so it no longer sits in
the spawn->connect window where a browse-joiner could connect first and steal
the
host/controller slot. Hide games with zero connected players from the Join
list,
so a match everyone has left doesn't linger until the server's idle-timeout.
Cap
players at Doom's MAXPLAYERS (4) rather than NET_MAXPLAYERS (8) -- the game has
only four player slots/colors/starts.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

syncdoom: document WASD controls and DeHackEd/WAD-merge support

Rewrite the in-game controls section of the door README for the WASD scheme and
the type-cheats/save-names-in-UPPERCASE rule, and document the -deh
DeHackEd/BEX
patch loading and -merge WAD-merge support now built into the door.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/d_englsh.h
diff

src/doors/syncdoom/doomkeys.h
diff

src/doors/syncdoom/g_game.c
diff

src/doors/syncdoom/m_menu.c
diff

src/doors/syncdoom/syncdoom.c
diff

xtrn/syncdoom/controls.msg
diff

syncdoom: WASD controls, in-game chat text-entry, Ctrl-P talk alias

Remap the terminal input to a WASD scheme: W/S move forward/back (the up/down-
arrow movement keys), A/D strafe, turning stays on the left/right arrows, Space
fires, E uses/opens, R toggles always-run. The run toggle moves off the literal
'\' to a synthetic KEY_RUNTOGGLE, so '\' is freed and an uppercase R still
reaches
the cheat parser. Suppress the gameplay remaps while typing text (chat_on or
menuactive) so space/letters enter literally, and give chat its own
discrete-tap
path in key_seen (a repeated char must register every time). Add Ctrl-P as a
talk
alias. Refresh the F1 help screen (WASD/E/R/T rows, horizontally-centered skull
computed from the live patch width, explicit QUICKSAVE/QUICKLOAD), drop the
parens
that read poorly in the bitmap font, and reword the quit prompt to "quit to
bbs".

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/m_menu.c
diff

syncdoom: move the build-id to the lower-right of the F1 controls screen

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/lobby.js
diff

xtrn/syncdoom/lobby.msg
diff

syncdoom: lobby menu/UX -- Join relabel, create-when-empty prompt, picker width

- lobby.msg + lobby.js: relabel the menu -- J "Join a multi-player game" (was
  B Browse) and C "Create a multi-player game" (was "co-op"); the optional
  external-join moves to E so it doesn't collide with J.
- sd_browse: when no games are running, prompt console.yesno("Create a game
now").
- sd_pick_wadset: cap each WAD-set label to one line (long descriptions
wrapped).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


xtrn/syncdoom/syncdoom.ini
diff

xtrn/syncdoom/syncdoom_lib.js
diff

syncdoom: lobby -- deh= wadset key + FreeDM wadset

- syncdoom_lib.js: a wadset may now specify deh = <patch[,patch...]>; it's
built
  into -deh args and required-present like the WADs, so a mod shipping a
DeHackEd
  patch can be curated.
- syncdoom.ini: document the deh key; add the FreeDM wadset (free deathmatch
IWAD).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


src/doors/syncdoom/deh_ammo.c
diff

src/doors/syncdoom/deh_bexstr.c
diff

src/doors/syncdoom/deh_cheat.c
diff

src/doors/syncdoom/deh_defs.h
diff

src/doors/syncdoom/deh_doom.c
diff

src/doors/syncdoom/deh_frame.c
diff

src/doors/syncdoom/deh_io.c
diff

src/doors/syncdoom/deh_io.h
diff

src/doors/syncdoom/deh_main.c
diff

src/doors/syncdoom/deh_mapping.c
diff

src/doors/syncdoom/deh_mapping.h
diff

src/doors/syncdoom/deh_misc.c
diff

src/doors/syncdoom/deh_ptr.c
diff

src/doors/syncdoom/deh_sound.c
diff

src/doors/syncdoom/deh_str.c
diff

src/doors/syncdoom/deh_text.c
diff

src/doors/syncdoom/deh_thing.c
diff

src/doors/syncdoom/deh_weapon.c
diff

src/doors/syncdoom/w_merge.c
diff

Modified Files:


src/doors/syncdoom/CMakeLists.txt
diff

src/doors/syncdoom/d_main.c
diff

src/doors/syncdoom/deh_main.h
diff

src/doors/syncdoom/deh_misc.h
diff

src/doors/syncdoom/deh_str.h
diff

src/doors/syncdoom/doomfeatures.h
diff

src/doors/syncdoom/doomtype.h
diff

syncdoom: vendor and enable DeHackEd (-deh) and WAD merge (-merge)

Both were #undef'd in doomfeatures.h with their sources absent. Vendor the
DeHackEd subsystem (deh_*.c/.h) and w_merge from Chocolate Doom and enable
FEATURE_DEHACKED + FEATURE_WAD_MERGE. The deh sources came from a newer
Chocolate
Doom than our doomgeneric base, so a few adaptations were needed:
- doomtype.h: add the PRINTF_ATTR / PRINTF_ARG_ATTR macros the newer headers
use.
- deh_io.c: this base has no M_fopen, and lumpinfo is an array of structs.
- deh_main.c: drop DEH_AutoLoadPatches (needs the newer i_glob); and free the
  -deh filename only when it is the malloc'd copy -- this base's
  D_TryFindWADByName returns the original argv string when the file isn't
found,
  and freeing that stack pointer aborted the door (free(): invalid pointer).
- w_merge.c taken from the pre-lumpinfo-pointer-refactor revision to match.

Also un-gate LoadIwadDeh (ORIGCODE -> FEATURE_DEHACKED) so the Freedoom/FreeDM
IWAD dehacked lumps (level names, etc.) load. Command-line -deh is applied
after,
so it still overrides.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/README.md
diff

xtrn/syncdoom/controls.msg
diff

xtrn/syncdoom/lobby.js
diff

syncdoom: lobby help -- terminals & video-modes section; presentation fixes

- controls.msg: add a TERMINALS & VIDEO MODES section (JXL needs SyncTERM 1.4+,
  sixel terminals, CP437/UTF-8 ANSI text), shorten "Run (toggle)", and replace
  the esoteric Ctrl-A cursor-right indent codes (and a stray trailing Ctrl-Z)
  with plain spaces so the file edits cleanly in any editor.
- lobby.js: drop the redundant "Command:" prompt (the art is the menu) and stop
  passing P_NOPAUSE so the now-longer help auto-paginates.
- README: JXL needs SyncTERM 1.4+, not 1.2+ (per src/syncterm/CHANGES).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: cap the text-tier render grid on oversized terminals

A maximized terminal can measure huge (e.g. 561x105); the text tier then
renders
the full grid -- ~330 KB per frame, 1.5+ MB/s -- which floods the link and
trips
the dead-client watchdog, so the door looks like it auto-terminates. Beyond
Doom's own detail the extra cells add only bytes, so cap the text grid to
[video] text_max_cols x text_max_rows (default 200x80; 0 = uncapped). Invisible
for normal terminals; it only bounds the maximized case.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/doors/syncdoom/syncdoom.c
diff

syncdoom: anchor the sixel image at top-left when terminal pixels are unknown

Sixel is positioned by text cell, but the image is sized in pixels; on a
terminal
that doesn't report its real cell-pixel size (e.g. xterm with allowWindowOps
off)
the door assumed 16px-tall cells, so the "centered" row landed too low and the
frame looked bottom-anchored. When real geometry is unknown, anchor the sixel
at
row 1, col 1 -- predictable, and what a user expects. JXL/PPM (SyncTERM, real
geometry) still center via the APC DX/DY offsets.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/syncterm/term.c
diff

Fix big in parsing binary PBM/PPMs

Only a single whitespace is allowed between the header and the raster
data.

While we're here, remove some unused variables.

Modified Files:


exec/pcboard.js
diff

Merge branch 'pcboard-shell' into 'master'

Fix file scan prompt

See merge request main/sbbs!700

Modified Files:


exec/pcboard.js
diff

Fix file scan prompt

Modified Files:


.claude/skills/smbutils/SKILL.md
diff

smbutils skill: correct count-limit option and document r/pagination gotcha

Surfaced while reading sub-board messages with smbutil: the skill described
the count-limit option as -#<N> in one place (smbutil actually rejects that
with "Unknown opt '#'") and as unsupported in another. The real option is a
bare -<N> (e.g. -1). Also documented that `r` with no count reads to the end
of the base and paginates - so piped/non-interactive it can stall or
auto-background waiting for a keypress - and added the clean scripted form
(-o -1 r#<num> <base> </dev/null) plus an options-table row.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


docs/v322_new.md
diff

exec/binkit.js
diff

exec/irc.js
diff

exec/load/dorkit.js
diff

exec/load/lockfile.js
diff

src/sbbs3/exec.cpp
diff

src/sbbs3/js_internal.cpp
diff

src/sbbs3/main.cpp
diff

src/sbbs3/sbbs.h
diff

src/sbbs3/services.cpp
diff

src/sbbs3/websrvr.cpp
diff

services/web/terminal: decouple JS client-disconnect termination from
auto_terminate

ead5ccf16 (song-11-earn) "Detect disconnection in JavaScript callback"
overloaded the js_callback_t.auto_terminate flag - historically just
"abort on server shutdown/recycle" - to also abort a script ~10
operation-callbacks after its client socket disconnects. cfa6fe9e1
(bolt-11-banner) exempted static services (IRC daemon, MRC connector),
but per-connection service scripts were left exposed.

BinkIT, run as the inbound binkp service, intentionally keeps working
after the peer disconnects: it finishes the batch, updates binkstats.ini,
and as its last act touches the FIDOIN/BINKOUT event semaphores. The
disconnect check aborted it mid-cleanup, so those semaphores were never
touched and outbound FTN mail to downlinks silently piled up.

Decouple the two concerns with a new js_callback_t.terminate_on_disconnect
control (exposed as the js.terminate_on_disconnect property), distinct
from auto_terminate (which again governs only shutdown/recycle, via
js_CommonOperationCallback). All three client-connected servers now gate
their disconnect abort on terminate_on_disconnect and share a single
JS_DISCONNECT_TERMINATE_COUNT (10) constant, replacing three literal 10s
(including the long-standing terminal check in exec.cpp). Default true in
the Terminal, Web, and Services servers; binkit.js opts out with
js.terminate_on_disconnect=false. js_EvalOnExit suspends it alongside
auto_terminate so on-exit cleanup can't be cut short.

Stock scripts that previously set js.auto_terminate=false to ride out a
client disconnect now set terminate_on_disconnect in lockstep: dorkit.js
(self-manages carrier loss), irc.js, and lockfile.js (UnlockAll - avoids
stale locks if killed mid-unlock, which also closes the same exposure for
per-connection services).

Re #1156.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


ctrl/chat_llm.ini
diff

exec/chat_llm.js
diff

exec/chat_llm_irc.js
diff

chat_llm: stop the IRC guru volunteering wrong/unsolicited answers

Two changes to make the guru a far more reluctant, more accurate
unprompted participant on IRC, prompted by live #synchronet logs where
it (a) answered questions one user had explicitly aimed at another, and
(b) confidently restated others' mistakes as fact.

1. directed_at_other() (chat_llm_irc.js): a question addressed to a
   specific other participant ("nelgin: why are you changing ip?") is a
   person-to-person exchange, not a room question -- the bot no longer
   arms an intervention on it.  is_nick_ping only caught a BARE "Nick?";
   this catches "Nick: <content>" / "Nick, <content>" where Nick is a
   seen channel member that isn't the bot.

2. Two-layer confidence gate for unprompted interventions only (direct
   questions are answered best-effort as before):
   - In-prompt SKIP escape: the volunteering generation is told to answer
     only if the retrieved docs explicitly support a correct answer and
     to never restate an asker's assumption as fact; otherwise it emits
     SKIP and the bot stays silent (and persists nothing).  No extra
     round-trip.  (ctx.volunteering -> build_messages; is_volunteer_abstain
     nulls the reply in chat_session.)
   - 14B fact-check (verify_volunteer_answer): a 7B feels "grounded" off a
     merely-related chunk and confirms false premises anyway (observed: a
     bogus mods/exec load path off a chunk about mods shadowing exec).  Any
     non-declined answer is fact-checked by a stronger model that must
     return VERIFIED; fails closed (any error/ambiguity -> silence).  Reuses
     relay_rewrite_model, kept transient (keep_alive 0) so the warm chat
     model isn't evicted.  New ini knobs: intervention_verify[_model|_prompt].

Also adds an anti-sycophancy clause to the IRC grounding for all replies:
don't agree with or repeat a user's claim unless the docs support it.

Live-validated: the false-premise "mods/exec" question now abstains
(3/3), an ungroundable question abstains, and legitimate groundable
questions (SBBSecho, transfer protocols, BinkP) still answer.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


.claude/skills/javascript/SKILL.md
diff

javascript skill: document terminal-control abstraction + K_CTRLKEYS vs
K_EXTKEYS

Two lessons from the Z-Machine v6 door work:

- Terminal control sequences (cursor show/hide, etc.) are abstracted in
  ansiterm_lib.js (CSI ?25h/l via ansiterm.send) -- reach for that before
  hand-writing escape codes.

- Function/cursor key input: inkey/getkey pre-translate the arrow/Home/End
  escapes into control codes (TERM_KEY_*), conflating them with Ctrl-letters.
  K_EXTKEYS still yields those conflated codes and has no F-key codes;
K_CTRLKEYS
  passes control keys through AND leaves the escape sequences RAW so you can
parse
  the cterm forms yourself (ESC[A/B/C/D, ESC[11~..24~) and keep arrows/F-keys
  distinct. getbyte() is the raw alternative but drops idle-disconnect + UTF-8.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


exec/wildcat.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

Removed Files:


exec/wildcat.src
diff

text/menu/wildcat/sysop.asc
diff

Merge branch 'wildcat-shell' into 'master'

Wildcat Clone Shell from Baja to JS

See merge request main/sbbs!696

Added Files:


exec/wildcat.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

Removed Files:


exec/wildcat.src
diff

text/menu/wildcat/sysop.asc
diff

Wildcat Clone Shell from Baja to JS

Added Files:


exec/wwiv.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

Removed Files:


exec/wwiv.src
diff

Merge branch 'wwiv-shell' into 'master'

WWIV Clone shell Baja to JS

See merge request main/sbbs!692

Added Files:


exec/wwiv.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

Removed Files:


exec/wwiv.src
diff

WWIV Clone shell Baja to JS

Modified Files:


src/syncterm/term.c
diff

Fix reading of PBM P4 files

If the width is not a multiple of eight, ignore the last padding bits
at the end of each line.

But really, there's no reason to create a PBM where the width isn't
a multiple of eight.

Fixes issue reported by DigitalMan on Discord

Modified Files:


src/conio/cterm.adoc
diff

src/syncterm/term.c
diff

Some minor PBM fixes.

1. Fix the text PBM format parsing (which nobody should ever use
   for anything ever)
2. Fix the embedded MASK= parsing (which should only rarely be used
   for oddball things)

Modified Files:


docs/v322_new.md
diff

exec/load/binkp.js
diff

BinkIT: don't record successful binkp/1.1 callouts as failures

The JSBinkP session loop only breaks out on *receiving* a final M_EOB,
but in binkp/1.1's two-M_EOB handshake the completed state is usually
reached by *sending* the last EOB.  After sending it, the peer closes
the connection, and the next loop iteration attempts one more M_EOB on
the now-closed socket; that send fails and (since b795cf6a3d) marked the
whole session as failed -- even though all files had already been sent
and acknowledged.  binkit.js then wrote "[callout failure]" to
data/binkstats.ini with the sent file(s) listed.

binkp/1.0 peers (Mystic, mbcico) exchange a single M_EOB each and break
immediately on receipt, so they were recorded correctly; the bug hit
binkp/1.1 peers (Synchronet/BinkIT, binkd) -- the vast majority of
sessions -- producing huge "failed_callouts" counts despite mail
flowing fine.  Reported in DOVE-Net's sync_sysops by Khronos and Gamgee.

Fix: a failed closing M_EOB send is benign once our sent files have all
been acknowledged (pending_ack empty); break the loop without failing
the session in that case.  Only fail when files remain unacknowledged.
The on-wire behavior is unchanged.  Bumped JSBinkP revision to 6 so the
fix is identifiable via the vers= field in binkstats.ini.

Validated with a two-process TCP loopback harness: binkp/1.1 callout
flips from false to true (file transferred either way); binkp/1.0 and
no-files polls unchanged; a peer that drops mid-transfer still fails.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


exec/load/cterm_lib.js
diff

cterm_lib: add cterm_screen_geometry() resolver

Wraps query_fontdims()/query_graphicsdim()/charheight() into one call
returning { cols, rows, cellW, cellH, pxW, pxH } with fallbacks, for
pixel-addressed protocols (Z-machine v6 door). Reusable by any door.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


.claude/skills/javascript/SKILL.md
diff

skills/javascript: load() caller-scope trap + uselect/printfile/directory
gotchas

Lessons captured from Synchronet door work:
- load('file') runs in the CALLER's scope, so its top-level vars become locals
of
  whatever function called load() -- a top-level / on_exit handler can't see a
  value load()ed inside main(); capture it into a reachable scope (the silent
  "quetzal is not defined" ReferenceError).
- console.uselect: the title is auto-prefixed with "Select " (pass "a Game",
not
  "Select a Game"); the display call's number argument is the DEFAULT item
index.
  console.line_counter = 0 discards a pending auto-pager prompt before a clear.
- console.printfile renders Ctrl-A codes + ANSI/CP437 by default; P_PCBOARD is
  only for PCBoard @X codes (it would misread a literal @).
- directory() defaults to GLOB_MARK, so directory entries come back with a
trailing
  '/' (self-identifying). The CWD is process-global (always ctrl/, since sbbs
is
  multi-threaded) -- which is why no chdir is exposed to BBS JS; build absolute
  paths from js.exec_dir / system.*_dir.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/conio/bitmap_con.c
diff

Fix X phase in setpixels()

While the first text row in a setpixels() call was handled correctly,
later rows always started at an X phase of 0. This means cells on the
right edge would not be marked as containing pixels if the right edge
is fewer pixels into a cell than the left edge.

Reported by DigitalMan on Discord via direct message.

Modified Files:


exec/major.js
diff

Merge branch 'major-shell' into 'master'

Fix prompt color bleed

See merge request main/sbbs!694

Modified Files:


exec/major.js
diff

Fix prompt color bleed

Modified Files:


exec/load/tdfonts_lib.js
diff

tdfiglet: emit conditional new-line (Ctrl-A '/') on right-most-column rows

When a rendered row fills to the right-most column of the detected or
configured width, output Synchronet's conditional new-line (Ctrl-A '/')
instead of a hard CRLF. The terminal auto-wraps at the right margin, so a
hard CRLF there produced an extra blank line; the conditional new-line only
emits a new-line when the cursor isn't already at column 0, so it's correct
on both auto-wrapping and non-auto-wrapping terminals.

This generalizes the previous right-justify-with-zero-padding special case
(which simply omitted the CRLF) to any justification, keyed solely on whether
the row reaches the right-most column. In -a (ANSI) mode nothing extra is
emitted, preserving prior behavior.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


.claude/skills/javascript/SKILL.md
diff

skills/javascript: document inkey timed input + inactivity model

Add a "Timed / non-blocking key input, and the inactivity model"
subsection to the input/output coverage: console.inkey(mode, timeout)
semantics (timeout in ms; K_NONE returns "" vs K_NUL returns null on
timeout; 1-char string on a key), the getkey-enforces-idle /
inkey-doesn't trap, and the live console inactivity properties
(max_getkey_inactivity, getkey_inactivity_warning, last_getkey_activity).
Verified against inkey.cpp, getkey.cpp, js_console.cpp, scfglib1.c
(NOINP=0x0100, default max_getkey_inactivity=300).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


exec/obv-2.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

text/menu/obv-2/main.msg
diff

Removed Files:


exec/obv-2.src
diff

Merge branch 'obv2-shell' into 'master'

OBV-2 Clone Shell from Baja to JS

See merge request main/sbbs!689

Added Files:


exec/obv-2.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

text/menu/obv-2/main.msg
diff

Removed Files:


exec/obv-2.src
diff

OBV-2 Clone Shell from Baja to JS

Added Files:


exec/spitfire.js
diff

text/menu/spitfire/chat.msg
diff

text/menu/spitfire/e-mail.msg
diff

text/menu/spitfire/file.msg
diff

text/menu/spitfire/main.msg
diff

text/menu/spitfire/msg.msg
diff

text/menu/spitfire/msglist.asc
diff

text/menu/spitfire/msgview.asc
diff

text/menu/spitfire/multchat.msg
diff

text/menu/spitfire/qwk.msg
diff

Merge branch 'xbit-spitfire-shell' into 'master'

Add Spitfire BBS-inspired command shell

See merge request main/sbbs!690

Added Files:


exec/spitfire.js
diff

text/menu/spitfire/chat.msg
diff

text/menu/spitfire/e-mail.msg
diff

text/menu/spitfire/file.msg
diff

text/menu/spitfire/main.msg
diff

text/menu/spitfire/msg.msg
diff

text/menu/spitfire/msglist.asc
diff

text/menu/spitfire/msgview.asc
diff

text/menu/spitfire/multchat.msg
diff

text/menu/spitfire/qwk.msg
diff

Add Spitfire BBS-inspired command shell

Modified Files:


src/sbbs3/text_defaults.c
diff

text_defaults.c: regenerate to sync with text.dat (SearchStringPrompt)

textgen output was stale relative to ctrl/text.dat: string 076
(SearchStringPrompt) had been updated in text.dat — the "(?=help)" hint
recolored — but the generated default in text_defaults.c was never
regenerated to match. No-op for behavior (text.dat is the source of truth
loaded at runtime); keeps the compiled-in default in sync.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/main.cpp
diff

src/sbbs3/sbbs.h
diff

src/sbbs3/str.cpp
diff

Terminal server: fully transmit pre-disconnect message before close (#1157)

Messages shown to a client immediately before disconnecting (nonodes.txt
when all nodes are full or node init fails, and badip.msg/badhost.msg for
blocked clients) were intermittently not seen by the caller.

Root cause: these paths printed the file then called flush_output(), which
waits on outbuf.empty_event. That event fires when output_thread moves the
ring-buffer contents into its *linear* buffer (RingBufRead), not when those
bytes are actually sent over the socket. flush_output() therefore returned
in the gap between ring->linear hand-off and the sendsocket(), the caller
closed the socket, and output_thread's send then failed on the closed FD
("!ERROR ... sending on socket"). The result was a thread-scheduling race,
matching the reporter's intermittent, protocol-independent symptom.

Add sbbs_t::WaitForOutbufDrained(timeout): wait for the ring buffer to
empty AND for output_thread's linear buffer to be transmitted, tracked via
a new output_thread_busy atomic (set before the ring->linear read so the
empty_event hand-off can't be mistaken for "everything sent", cleared once
the linear buffer is fully sent). Use it in place of flush_output() at the
two nonodes.txt disconnect sites (main.cpp) and in trashcan_msg() (str.cpp).

flush_output() is retained for outcom()'s transmit-backpressure retry loop,
where "wait for ring-buffer space" (with its online short-circuit) is the
correct semantics.

The nonodes drop-before-close pattern is from ff1aae498 (same-3-jazz);
trashcan_msg()'s flush_output(500) is from 424dfe107 (cold-36-task); the
underlying empty_event-means-ring-drained-not-sent gap is inherent to the
two-stage output_thread design.

Reported by xbit with detailed cross-client testing.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Added Files:


exec/major.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

text/menu/major/email.asc
diff

text/menu/major/file.asc
diff

text/menu/major/main.asc
diff

text/menu/major/msg.asc
diff

text/menu/major/quickscn.asc
diff

text/menu/major/userdefs.asc
diff

Removed Files:


exec/major.src
diff

Merge branch 'major-shell' into 'master'

Major Shell from Baja to JS

See merge request main/sbbs!686

Added Files:


exec/major.js
diff

Modified Files:


exec/GNUmakefile
diff

exec/Makefile
diff

text/menu/major/email.asc
diff

text/menu/major/file.asc
diff

text/menu/major/main.asc
diff

text/menu/major/msg.asc
diff

text/menu/major/quickscn.asc
diff

text/menu/major/userdefs.asc
diff

Removed Files:


exec/major.src
diff

Major Shell from Baja to JS

Modified Files:


src/sbbs3/services.cpp
diff

services: init static-service client socket to INVALID_SOCKET, not 0

js_static_service_thread() memset()s its service_client to zero and never
assigns .socket, leaving it 0 - a valid file descriptor (stdin), not the
codebase's "no socket" sentinel.  The thread already passes INVALID_SOCKET
to js_initcx(), but js_initcx() doesn't store its sock arg into the struct,
so the field silently stayed 0.  Set it to INVALID_SOCKET explicitly so no
code path mistakes fd 0 for a live client socket.

Hygiene follow-up to cfa6fe9e1 (bolt-11-banner) / #1156; not a behavior
change (socket_check() already returns false for both 0 and INVALID_SOCKET,
so the SERVICE_OPT_STATIC guard remains the actual fix).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/services.cpp
diff

services: don't apply JS disconnection check to static services

ead5ccf16 (song-11-earn) added a disconnection check to the Services
server's js_OperationCallback() that aborts a script once its client
socket has been gone for 10 consecutive callbacks (socket_check() of
client->socket fails).  This is correct for per-connection services
(accepted client socket), but static services (SERVICE_OPT_STATIC -
e.g. the IRC daemon, MRC connector) run via js_static_service_thread()
with a zero-initialized service_client whose .socket is never set (0).
socket_check(0, ...) returns false, so auto_terminate static services
were wrongly warned "Disconnected" and aborted after 10 callbacks, then
(being STATIC_LOOP) immediately restarted - cycling endlessly.

Gate the disconnection check on !(client->service->options &
SERVICE_OPT_STATIC) so it only runs for real per-client connections.

Fixes #1156 (reported by Accession).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


.claude/skills/javascript/SKILL.md
diff

javascript skill: correct js.on_exit scope (door child-scope vs jsexec)

The earlier note said on_exit evaluates "in the GLOBAL scope" -- true only for
jsexec/login/timed-event modules (host evaluates against js_glob and recurses
child scopes). Doors and most bbs.exec/;exec/js.exec invocations run in a fresh
child js_scope (exec.cpp:595) and the host evaluates on_exit against THAT scope
(exec.cpp:701) with no recursion. Registration captures the scope where
js.on_exit is called -- top level = js_scope, inside a function = that
function's call object -- so a handler registered inside main() is filed where
a
door's EvalOnExit(js_scope) never looks and silently never runs, even though
the
same code passes under jsexec (which recurses). This shipped as a live bug.

Rewrite: register on_exit at top level (not inside a function); prefer
try/finally for clean-unwind cleanup (a door disconnect is a clean unwind) and
use on_exit only as the forced-terminate backstop; note that a jsexec wrapper
does not reproduce a door's on_exit scope, so finally is the dependable path.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Added Files:


xtrn/CLAUDE.md
diff

xtrn: add CLAUDE.md with install-xtrn.ini guidance

Guidance for working in the xtrn/ tree: how install-xtrn.ini installers work
(root keys, section types, flow keys), the 16-char LEN_CODE limit (the
install-xtrn.js '8 chars' comment is stale), and '?<module>' cmd resolution
against startup_dir.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


.claude/skills/javascript/SKILL.md
diff

javascript skill: document js.on_exit() scope + forced-termination semantics

js.on_exit() evaluates its handler string in the script's GLOBAL scope (it
compiles the string against the global object), so a handler function nested in
another function is unreachable and throws silently at exit. It also fires on
forced termination (operator-terminate / SIGTERM), which -- unlike a thrown
exception -- does NOT run catch/finally (verified empirically via SIGTERM +
file markers). New 'Script lifecycle: exit handlers' section covers the
global-scope requirement, the finally-vs-on_exit distinction, and the
out-of-process testing caveat.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


exec/txt_handler.js
diff

txt_handler.js: serve robots.txt as text/plain, not the HTML viewer

The .txt web handler wrapped every *.txt request (including /robots.txt)
in the HTML "LIST"-style viewer, returning Content-Type: text/html. A
robots.txt served as HTML is unparseable by crawlers, which then treat
the site as having no robots.txt and crawl everything -- defeating the
file entirely.

Serve robots.txt as raw text/plain (same path as the existing ?raw
output), while still rendering all other *.txt in the HTML viewer.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Modified Files:


src/sbbs3/websrvr.cpp
diff

websrvr: detect TLS client disconnect in session_check() (#1155)

session_check()'s is_tls branch treated a readable socket as "connected"
and latched session->tls_pending; once set, it returned "connected" on
every later call without re-probing the socket. But a peer's TLS
close_notify (and a FIN) arrive as readable bytes, so after an HTTPS
client hung up, session_check() reported it connected forever. The
JavaScript disconnect check in js_OperationCallback (ead5ccf16) relies on
session_check(), so its abort never armed (offline_counter stayed 0): a
badly-formed SSJS/XJS page that loops on mswait() without checking for
disconnection (e.g. the webv4 user/system stats) ran forever, pinning its
http_session thread, a MaxClients slot, and a CLOSE_WAIT socket -- a pile
of zombie HTTPS clients in sbbsctrl/MQTT and eventual MaxClients
exhaustion.

Why this only bit Windows: socket_check() (xpdev) has two paths. On
non-Windows builds it uses poll() (CFLAGS += -DPREFER_POLL, set only in
build/Common.gmake, i.e. the GNU-make/Unix builds). poll() reports
POLLHUP when the peer closes its end -- even while there is still buffered
data to read -- and socket_check() returns false on POLLHUP before it
ever runs the readable/MSG_PEEK logic. So on Unix the close was detected,
session_check() returned false, and tls_pending never latched. Windows
(MSBuild) does not define PREFER_POLL and uses select(), which has no
POLLHUP equivalent: a closing TLS socket simply looks "readable"
(MSG_PEEK returns the encrypted close_notify bytes), so the latch was set
and the disconnect masked. The session_check() bug is platform-
independent; poll()/POLLHUP merely hid it everywhere except Windows.

Fix: drop the tls_pending liveness latch. Use peeked_valid (a decrypted
byte already buffered) as the readable fast-path, and when the raw socket
is readable, probe via cryptPopData(1 byte) -- which a raw MSG_PEEK
cannot do -- to tell apart application data (connected; the byte is
cached in session->peeked so the next sess_recv() returns it),
CRYPT_ERROR_TIMEOUT (connected, no app data yet) and CRYPT_ERROR_COMPLETE
(peer closed -> disconnected). The probe is non-blocking
(CRYPT_OPTION_NET_READTIMEOUT == 0, set at session setup) and runs in the
session's own thread, so there is no concurrent reader. Also close the
socket in place in recvbufsocket() when session_check() reports a
disconnect (it previously relied on the latch returning true and the
following sess_recv() failing).

Latch introduced in d93478b918 (famous-15-sons); the readable-as-
connected + tls_pending set predates it (dbbfabf1b1, funky-27-foam).

Validated on a production Windows server: CLOSE_WAIT count ~22 -> 0,
sbbsctrl thread count 221 -> 25, and ran overnight with no zombie HTTPS
clients.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Modified Files:


src/sbbs3/services.cpp
diff

src/sbbs3/websrvr.cpp
diff

Detect disconnection in JavaScript callback

First noticed (many times) in the Web Server, sbbsctrl-win32 would should very
long-lived (seemingly infinitely lived) clients. When I lost Internet access
last night for a few hours, this gave me the opportunity to debug these zombie
clients and it turns out that a badly formed ssjs or xjs (in this case, webv4
user and system stats), that doesn't check for disconnection, and just loops,
can loop almost forever (eventually the infinite loop detection, if enabled
in the configuration, should abort the script). Checking the connection state
in the JS callback was the missing piece.

Through code review, I saw the same check was missing in the services server.
I reproduced this theoretical issue by modifying an existing service script to
not check the connection itself and indeed it ran-on after disconnection
without this fix.

I did the 10-checks before termination thing (giving the script a chance to
self-terminate more gracefully) like is done in the Terminal Server.

Modified Files:


src/xpdev/filewrap.c
diff

xpdev/filewrap: flock path of xp_lockfile() honors fd open mode too (#1153)

The non-Linux POSIX (flock) path of xp_lockfile() always took LOCK_EX,
even for a read-only descriptor, unlike the Linux/fcntl path which
derives the lock type from the fd's open mode. So on FreeBSD/macOS/etc.
(USE_FCNTL_LOCKS is Linux-only) a read-only lock() serialized concurrent
readers - the same exclusive-lock-on-reads issue fixed for Windows in the
previous commit. flock() (unlike fcntl()) isn't forced to a lock type by
the access mode, so the LOCK_EX was a choice; mirror the fcntl path and
take LOCK_SH for an O_RDONLY fd.

The user.tab read path is already covered on these platforms (rdlock()'s
flock branch uses LOCK_SH); this brings the lock() primitive itself to
parity, so any read-only-fd caller benefits. flock remains whole-file
(pos/len ignored) - a pre-existing coarseness, unchanged here.

Not compiled in this environment (the flock branch builds only on
non-Linux POSIX); mirrors the existing fcntl-branch idiom.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>