Void Sentinel | AI-Powered Anti-Cheat v2.0.1-CORTEX

Check the announcement
Link : https://x.com/NightBeamLLC/status/2066630277804225021

Sentinel Cortex Movement Engine​

• Replaces direct Bukkit movement check execution with a single Cortex movement pipeline.
• Loads the local sentinel-cortex-vsm-v1-1-fast model at startup and validates model id, metadata, feature order, feature count, class count, and tree count.
• Extracts the exact 57-feature vector into a reusable buffer and falls back to model medians for invalid values.
• Uses rule confirmations and rolling per-label aggregation before emitting any violation.

Operations​

• New commands:
  • /vs ai status
  • /vs ai debug <player>
  • /vs ai profile <player>
• New permission: voidsentinel.ai
• New config section: movement-engine and ai.

Fixed​

• SpeedAnalysis shared buffer bug Each player now has isolated per-UUID violation state via ConcurrentHashMap. Previously a single int buffer was shared across all players, meaning one player's lag could cause false positives on completely unrelated players.
• SimulationAnalysis Jump Boost gravity error Removed erroneous 0.1 * level addition to falling gravity prediction. Jump Boost only affects initial jump impulse (already handled in getJumpVelocity()), not ongoing fall physics. This caused false positives on legitimate players with Jump Boost falling normally.
• CombatListener partial-block ground detection isActuallyOnGround() now uses a 0.5-block tolerance for slabs, stairs, carpets, and snow layers instead of the full-block 0.03 tolerance. Previously, players standing on bottom slabs were incorrectly reported as airborne, feeding bad data into the Criticals check.
• CriticalsAnalysis partial-block exemptions Added SLAB, STAIR, CARPET, and SNOW_LAYER to containsExemptBlock(). Defense-in-depth against ground detection edge cases on non-full blocks.

Security​

• GUI permission bypass (Critical) Kick, ban, and warn actions in AdminToolsGUI and PlayerSelectGUI now enforce server-side permission checks. Players need voidsentinel.moderate.<action> or voidsentinel.admin. Previously, anyone with voidsentinel.gui could ban players as console.Trust & Hardening
• Backend directory traversal (Critical) handleGetConfig and handleSetConfig now validate file paths using getCanonicalPath(). Any ../ traversal escaping the plugin data folder is blocked and logged as a security violation.
• Backend command injection (High) handleModeration() now validates targetName against ^[a-zA-Z0-9_]{1,16}$ (valid Minecraft username) and strips ;&|$\n\rfrom reasons. Previously, a craftedtargetNamelike<p attacker` could execute arbitrary commands.
• Backend default bind address Changed from 0.0.0.0 to 127.0.0.1 in both code and config. Startup warning logs are emitted when the backend is enabled. Binding to 0.0.0.0 exposes the dashboard without TLS.
• New permission nodes Added voidsentinel.admin, voidsentinel.moderate.kick, voidsentinel.moderate.ban, voidsentinel.moderate.warn to plugin.yml. voidsentinel.* inherits all of them.

Performance & Thread Safety​

• SentinelPlayer rotation history recentYawChanges and recentPitchChanges changed from Collections.synchronizedList(new ArrayList<>()) with remove(0) (O per call) to ArrayDeque<Float> with synchronized blocks (pollFirst() is O(1)).
• SentinelPlayer Y-delta and ground state lists recentYDeltas and recentOnGroundStates (previously unsynchronized LinkedList) now use synchronized blocks around all compound operations (add + trim loop). Prevents ConcurrentModificationException from ProtocolLib async packet processing.
• ViolationHandler log writer logWriter.println() is now wrapped in synchronized (logWriter) to prevent concurrent write corruption from async violation processing threads.

Stability​

• VelocityAnalysis TPS/ping leniency Y-deviation and XZ-deviation thresholds now scale dynamically with server TPS (via TpsChecker.getLagMultiplier(): 1.0x at 20 TPS, up to 3.0x at <15 TPS) and player ping (up to 2x at >350ms). Eliminates false positives during lag spikes.
• FlightAnalysis TPS leniency Hover and ascend tick thresholds now scale with server TPS via TpsChecker.getLagMultiplier(). At 15 TPS, the hover threshold increases 33%, preventing false flags on laggy players who momentarily appear to hover.

Passive Violation Decay​

Violations now decay by 1 every 5 minutes for checks a player hasn't triggered recently. This means a clean player who had a single false flag won't carry that VL forever.

• Config path: general.vl-decay (enabled by default)

TPS Protection​

When your server TPS drops below 18.0, VoidSentinel automatically becomes more lenient raising detection buffers so lag spikes don't cause false flags.

• Config path: general.tps-protection (enabled by default)

Punishment Cooldown​

A 5-second cooldown now prevents punishment commands from firing multiple times back-to-back on the same player.

Memory Leak Prevention​

Detection modules now clean up per-player state when a player leaves the server. This prevents slow memory growth on servers with high player turnover (minigames, hubs, etc.).

Bug Fixes​

Issue	What was wrong	What's fixed
Bedrock players flagged incorrectly	Lenient mode wasn't actually exempting Bedrock players from checks	Bedrock players in lenient mode are now properly exempted
Config paths broken	Settings like bedrock.lenient-mode and bypass.permissions couldn't be read from config	All config paths now read from the correct YAML locations
Health modification by GroundAnalysis	The NoFall check was directly modifying player health instead of just flagging	GroundAnalysis now flags normally without touching health
Crash without ProtocolLib	Two checks (BlinkAnalysis, MultiEntityAnalysis) would crash the entire plugin if ProtocolLib wasn't installed	These checks now gracefully disable themselves when ProtocolLib is absent
Missing command permissions	/vs insights, /vs budget, /vs trust, and /vs logs commands had no permissions defined	voidsentinel.intelligence and voidsentinel.intelligence.admin permissions added
Plugin version outdated	api-version was set to 1.13	Updated to 1.21

False Positive Reductions​

Speed Analysis now properly exempts:

• Ice, slime blocks, honey blocks, pistons, and beds
• Dolphin's Grace and Conduit Power effects

Step Analysis now properly exempts:

• Slabs, stairs, carpets, snow layers, lily pads
• Scaffolding, slime, honey, pistons, bubble columns

Phase Analysis thresholds are now configurable:

• min-horizontal, min-vertical, min-violations, suppression-ms

Timer Analysis now scales its detection threshold when server TPS is low.

Configuration​

These entries are added automatically to your config on first run if they don't exist:

general:
disabled-worlds: []
tps-protection:
enabled: true
min-tps: 18.0
vl-decay:
enabled: true
interval-ms: 300000
amount: 1

phase-analysis:
min-violations: 3
suppression-ms: 200

Commands​

All commands remain the same. New permissions available:

Permission	Description
voidsentinel.intelligence	Access to /vs insights and /vs budget
voidsentinel.intelligence.admin	Access to /vs trust, /vs actions, /vs logs
voidsentinel.debug	Receive debug messages in chat

• Reverted to standard version naming.
• Improved movement and packet detection for smoother gameplay.
• Reduced false positives in certain checks for a more reliable experience.
• General optimizations and bug fixes.

Summary: Upgraded VoidSentinel to run on Java 21 and updated Paper API compatibility

• Implemented TimerAdapter adapter (delegates to existing TimerAnalysis).
• Added TimerLimitAnalysis detection: sustained extreme-timer detection with configurable speed-threshold, window-size, and required-streak.

The Chronos Engine (Backtracking)​

We have moved away from simple "Lag Tolerant" reach checks to a Backtracking System.

• What it means: When you hit a player, we travel back in time to where they were on your screen.
• Result: You can now run strict 3.0-block reach checks without false positives on lagging players.
• Tech: Zero-allocation ring buffer storing 2000ms of entity history.

Entropy Intelligence​

Standard Aura checks can be bypassed by "Smooth Aim" clients. We now measure the Entropy of player rotations.

• Detection: Flags robotic aim that is statistically "too perfect" or lacks human micro-jitter.
• Adaptive: Scales difficulty based on your Trust Score.

Adaptive Trust System​

Not all players are treated equally.

• Trusted Players: >80 Trust Score grants slightly wider combat margins (preventing rare false positives).
• Untrusted Accounts: <20 Trust Score enforces stricter rules.
• Growth: Trust is earned passively through playtime and verified client sessions.

Improvements​

• Reach Analysis: Completely rewritten to use the Chronos Engine.
• Performance: Optimized SentinelPlayer memory footprint.

False Positive Fixes​

• Flight Detection Improvements: Resolved an issue where players falling from high distances.
• Mace Mechanics: Added support for the Maces.
• Building Sensitivity: Fixed a rare case where rapidly building upwards could trigger flight checks.

System Updates​

• Reduced Log Spam: Significantly decreased the number of false alerts in the console.
• Velocity Tracking: Improved the accuracy of vertical velocity analysis to better distinguish between legitimate game mechanics and movement hacks.

Critical Detection Fixes​

• Jesus (Water Walk) Overhaul:
  • Fixed Silent Bypass: Check now correctly calculates movement speed from input events, patching a bypass where players could evade detection by avoiding damage/knockback.
  • Fixed Deep Water Exploit: Patched a logical flaw where bobbing in deep water triggered a "falling" exemption; the check now enforces validation even with negative vertical velocity if on liquid.
  • Anti-Ground Spoof: Removed client-sided onGround
    reliance to prevent packet spoofing.
• Blink Detection: Added BlinkAnalysis
  to detect players suppressing packets to teleport/lag-switch.
• Block Reach: Enhanced reach detection to cover block interactions (verified in ReachAnalysis).
• Mace Detection: Added new analysis module.

GUI & Usability​

• Player Stats GUI:
  • Navigation: Added a functional "Back" button to the Player Stats menu, allowing easier navigation back to the player list.

• Stability & Core​

  • Console Cleanup: Eliminated spammy debug logs and resolved console errors related to detection initialization.