metin-server/m2pack-secure
1
0
Fork 0
Code Issues 3 Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
4139f044dfd1b9302578fce1bb01a1cafc346bf6
m2pack-secure/README.md
server 521f884b85 Add operational docs for release workflow
2026-04-14 12:34:07 +02:00

3.7 KiB
Raw Blame History

m2pack-secure

CLI-first archive builder for a modern Metin2 client pack pipeline.

It is designed as a replacement for legacy EterPack tooling when you control the client source and want a format that is easier to automate and harder to tamper with.

Goals

  • CLI workflow first, no GUI dependency
  • deterministic manifest layout for automation
  • zstd compression
  • XChaCha20-Poly1305 authenticated encryption per file
  • Ed25519 signed manifest for tamper detection
  • JSON output for AI agents and automation
  • no real content master key embedded in the client header

Current commands

  • m2pack keygen
  • m2pack build
  • m2pack diff
  • m2pack list
  • m2pack verify
  • m2pack extract
  • m2pack export-client-config
  • m2pack export-runtime-key

MCP Server

The repository also ships a Linux-friendly MCP server that wraps the m2pack CLI for AI agents and automation.

Files:

  • mcp_server.mjs
  • package.json

Install:

npm install

Run:

npm run mcp

If the m2pack binary is not at build/m2pack, set:

export M2PACK_BINARY=/absolute/path/to/m2pack

Exposed tools:

  • pack_keygen
  • pack_build
  • pack_diff
  • pack_list
  • pack_verify
  • pack_extract
  • pack_export_client_config
  • pack_export_runtime_key
  • pack_binary_info

Smoke test:

npm run mcp:smoke

Python MCP Server

If you prefer Python over Node for the MCP wrapper, the repository also ships a Python FastMCP variant.

Setup:

python3 -m venv .venv-mcp
. .venv-mcp/bin/activate
pip install -r requirements-mcp.txt

Run:

python mcp_server.py

Python smoke test:

python scripts/mcp_smoke_test.py

Build

cmake -S . -B build
cmake --build build -j

Quick start

Generate a master content key and signing keypair:

./build/m2pack keygen --out-dir keys --json

Build an archive from a client asset directory:

./build/m2pack build \
  --input /path/to/client/root \
  --output out/client.m2p \
  --key keys/master.key \
  --sign-secret-key keys/signing.key \
  --key-id 1 \
  --json

Verify the archive:

./build/m2pack verify \
  --archive out/client.m2p \
  --public-key keys/signing.pub \
  --key keys/master.key \
  --json

Extract:

./build/m2pack extract \
  --archive out/client.m2p \
  --output out/unpacked \
  --key keys/master.key

Export a client config header for m2dev-client-src/src/PackLib/M2PackKeys.h:

./build/m2pack export-client-config \
  --key keys/master.key \
  --public-key keys/signing.pub \
  --key-id 1 \
  --output /path/to/m2dev-client-src/src/PackLib/M2PackKeys.h

Export a runtime key payload for a launcher or CI handoff:

./build/m2pack export-runtime-key \
  --key keys/master.key \
  --public-key keys/signing.pub \
  --key-id 1 \
  --format json \
  --output out/runtime-key.json \
  --json

Diff a source tree against an archive:

./build/m2pack diff \
  --left /path/to/client/root \
  --right out/client.m2p \
  --json

Format summary

  • Single archive file with a fixed header
  • Binary manifest near the end of the file
  • Signed manifest hash in the header
  • Per-file random nonce
  • Per-file AEAD ciphertext, authenticated with the relative file path

See docs/format.md and docs/client-integration.md. For Codex and Claude Code MCP setup, see docs/agent-setup.md. For the runtime key payload contract, see docs/launcher-contract.md. For release steps, see docs/release-workflow.md. For key rotation policy, see docs/key-rotation.md. For legacy pack migration, see docs/migration.md.

Reference in New Issue View Git Blame Copy Permalink