Conversation
…ation about the Launcher
There was a problem hiding this comment.
Pull request overview
This PR merges main into the client branch, bringing in a mix of configuration enhancements, documentation improvements, and dependency updates across Mercury Core and its Docs site.
Changes:
- Added
Secure(TLS) option to the email configuration, updated the default SMTP port from 587 to 465, added@types/nodemailer, and addedawaitto a recovery email send call. - Expanded documentation with new guides (RCCService setup, Launcher setup), new install pages (.NET SDK), updated version references, and reformatted markdown lists.
- Upgraded dependencies including Astro v5→v6, Svelte, SvelteKit, Biome, and various lock file updates across both Site and Docs.
Reviewed changes
Copilot reviewed 19 out of 24 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| mercury.core.ts | Updated default email port to 465 and added Secure: true |
| Assets/schema.ts | Added Secure boolean to the Email config type with JSDoc |
| Site/src/lib/server/config.ts | Added Secure boolean validation to config schema |
| Site/src/lib/server/email.ts | Passed secure config to nodemailer transport |
| Site/src/routes/(rbxclient)/asset/characterfetch/[username]/+server.ts | Changed config.Domain to config.DomainInsecure |
| Site/src/routes/(plain)/recover/+page.server.ts | Added await to sendRecoveryEmail call |
| Site/src/lib/server/init.surql | Changed dedicated field to use DEFAULT ALWAYS false |
| Site/package.json & Site/bun.lock | Dependency version bumps and added @types/nodemailer |
| Docs/package.json & Docs/bun.lock | Astro v6 migration and dependency updates |
| Docs/src/content/docs/install/*.md | Version updates for Go, SurrealDB, Caddy; new .NET SDK page |
| Docs/src/content/docs/services/*.md | Expanded RCC and Launcher docs |
| Docs/src/content/docs/guides/*.mdoc | New RCC/Launcher setup guides, markdown reformatting |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| description: Details on how to install the .NET SDK. | ||
| --- | ||
|
|
||
| [.NET](https://dotnet.microsoft.com) is a software framework used for building and running applications, working on multiple desktop platforms. The .NET SDK (Software Development Kit) includes the tools and libraries needed to develop .NET applications. At the time of writing, the latest version is [**v10.0.200**](https://dotnet.microsoft.com/en-us/download/dotnet/10.0). |
There was a problem hiding this comment.
There is a leading space at the beginning of line 6. The paragraph starts with [.NET] instead of [.NET].
| [.NET](https://dotnet.microsoft.com) is a software framework used for building and running applications, working on multiple desktop platforms. The .NET SDK (Software Development Kit) includes the tools and libraries needed to develop .NET applications. At the time of writing, the latest version is [**v10.0.200**](https://dotnet.microsoft.com/en-us/download/dotnet/10.0). | |
| [.NET](https://dotnet.microsoft.com) is a software framework used for building and running applications, working on multiple desktop platforms. The .NET SDK (Software Development Kit) includes the tools and libraries needed to develop .NET applications. At the time of writing, the latest version is [**v10.0.200**](https://dotnet.microsoft.com/en-us/download/dotnet/10.0). |
|
|
||
| const [, id, code] = await db.query<string[]>(recoveryQuery, { email }) | ||
| if (id && code) sendRecoveryEmail(email, code) | ||
| if (id && code) await sendRecoveryEmail(email, code) |
There was a problem hiding this comment.
Adding await here contradicts the security guidance in the comment on line 25: "don't await because if it blocks then a user could tell whether a given email is registered or not". By awaiting the email send, the response time will be noticeably longer when the email exists (email is sent) versus when it doesn't (skipped), enabling a timing-based email enumeration attack. The original fire-and-forget behavior was intentional to prevent this.
|
|
||
| This page provides information about the Mercury Launcher, responsible for downloading, installing, and unpacking Setup deployment packages. It also registers itself with the operating system to handle file associations, and should open when any place is joined from the Site, then launching the Client. An implementation of the Launcher is available at the [tp-link-extender/MercuryLauncher](https://github.com/tp-link-extender/MercuryLauncher) repository. | ||
|
|
||
| With the modularity of the Mercury Suite, it is not required to use this implementation of the Launcher alongside Mercury Core, and a custom implementation or other launcher can be used instead. However, the custom Setup deployment format is designed to be used with the Launcher, and isn't compatible with the 'standard' deployment format. |
There was a problem hiding this comment.
There appears to be a trailing space at the end of this line.
| With the modularity of the Mercury Suite, it is not required to use this implementation of the Launcher alongside Mercury Core, and a custom implementation or other launcher can be used instead. However, the custom Setup deployment format is designed to be used with the Launcher, and isn't compatible with the 'standard' deployment format. | |
| With the modularity of the Mercury Suite, it is not required to use this implementation of the Launcher alongside Mercury Core, and a custom implementation or other launcher can be used instead. However, the custom Setup deployment format is designed to be used with the Launcher, and isn't compatible with the 'standard' deployment format. |
No description provided.