All features from the master branch

[myonara]

provided by an ai, to be cross checked and reviewed

---

Note

High Risk
Touches core connection lifecycle (telnet negotiation, Socket.IO events, and connection routing), so regressions could break connectivity or GMCP behavior across deployments.

Overview
Adds multi-MUD support and GMCP plumbing to the backend. A new MudConfigService loads optional mud_config.json via MUD_CONFIG_PATH, exposes GET /api/mud-config, and mudConnect now accepts an optional mudId to resolve per-MUD host/port (with env var fallback).

Implements GMCP end-to-end: a new telnet option handler (TELOPT_GMCP) parses/sends GMCP subnegotiation, TelnetClient emits gmcpIncoming/gmcpStart, and SocketManager forwards these as Socket.IO events while enriching outgoing Core.BrowserInfo with server-derived real_ip.

Improves operational robustness with earlier telnet socket error handling (including AggregateError detail), explicit localhost→127.0.0.1 resolution to avoid Node happy-eyeballs issues, added CORS wiring on the Socket.IO server, global process-level error handlers, plus new Jest unit tests for MudConfigService, GMCP parsing/handler behavior, and real-IP extraction. Documentation is updated/added (Cursor rules, GMCP.md, docker guide, and migration plans).

^{Written by Cursor Bugbot for commit 2b854bf. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on March 14

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

MUD config rejectUnauthorized setting silently ignored

Medium Severity

The MudConfig interface in @webmud3/shared includes rejectUnauthorized: boolean, but ResolvedMudConnection omits this field. The resolveConnection() method drops it when mapping MudConfig → ResolvedMudConnection, and createTelnetConnection hardcodes rejectUnauthorized: true. Any MUD configured with ssl: true and rejectUnauthorized: false (e.g., self-signed certificates) will fail to connect because the per-MUD setting is silently ignored.

Additional Locations (2)

• backend/src/core/config/mud-config.service.ts#L111-L126
• backend/src/features/telnet/telnet-client.ts#L687-L701

 

[cursor]

Duplicate migration documents add ~1500 lines of redundancy

Low Severity

MIGRATION_V1.md and MIGRATION_V2.md are ~95% identical — V2 only adds sections 4.3 and 4.4 to V1's content. MIGRATION_V3.md supersedes both as a comprehensive, updated plan reflecting the current migration state. Keeping all three versions adds ~1500 lines of redundant documentation.

Additional Locations (1)

• dockerfiles/MIGRATION_V2.md#L1-L767

 

[cursor]

GMCP handlers permanently lost after disconnect and reconnect

High Severity

GmcpService.reset() calls this.moduleRegistry.clear(), permanently removing all GMCP handlers. GmcpBootstrapService.bootstrap() is guarded by initialized === true and only runs once at app startup via provideAppInitializer. After a MUD disconnect triggers reset(), subsequent reconnections have an empty handler registry — Core.Supports.Set sends an empty list, and no incoming GMCP messages are routed to handlers. All GMCP functionality (Char, Sound, Files, etc.) is broken until a full page reload.

Additional Locations (1)

• frontend/src/app/features/gmcp/gmcp-bootstrap.service.ts#L43-L61