1. Hey Guest, is it this your first time on the forums?

    Visit the Beginner's Box

    Introduce yourself, read some of the ins and outs of the community, access to useful links and information.

    Dismiss Notice

Public consultation on plan for mod distribution system

Discussion in 'Community Dev Corner' started by Shadlington, Mar 24, 2013.

Mods: Downburst, Mazey
  1. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    Note: Please read this in entirety before posting anything. It is primarily aimed at those that intend to develop mods for KAG but is also relevant to those that would use them, both as players and server owners (albeit to a lesser extent).

    Modding is going to be huge in the full version of KAG - it'll be an endless source of new content. However, there are some limitations in the current system for distributing mods. I intend to develop a sophisticated system that makes the process of getting mods (and updates to said mods) out to players as painless as possible for developers.

    Overview

    In order to explain how it will work I will first walk through a typical workflow from the development of a mod to the mod actually being used by a client, before exploring some aspects in more detail:

    Note: I am going to skim over the majority of the technical details, as my focus at this point is on giving a high level overview of the proposed system.
    1. A developer starting a new mod will register an entry for said mod with the API - they will include a unique name as part of this registration.
    2. A mercurial repo (note: I would also like to support git, though it is not promised) will be auto-generated for the project (the URL for accessing the repo will follow a standard format that can be constructed from the mod details).
    3. The developer will then set additional settings on the mod. What settings will be available will be discussed further down, though they are primarily concerned with access control.
    4. The developer can then commit their code to the repo.
    5. At any point the developer can generate a packaged version, registered with a version number (following the format [major].[minor].[patch], with [patch] as optional). In response, a tar.gz of the mod's files at that point in time will be generated, which can then be downloaded via a standardised URL constructed from the mod's identifier & the version number.
      In order for the version to be generated they must include a modinfo.json metadata file, which will include the mod’s registration info (if it does not match the details registered with the API it will be rejected), a list of dependencies (mod identifiers with specific version numbers) and the most recent version number of the game that the mod is compatible with.
      Possibly need some flags on versions for whether they are things like alpha, beta, RC, release and maybe latest/default.
    6. A server owner configuring their server to use the new mod would not have to download the files themselves. Instead there will be a specific configuration file on the server in which a list of mod identifiers can be entered (optionally with version numbers too). When a server starts/restarts it will download, unpack and load the packages for the listed mods, including any dependencies. This will default to using the latest version available or alternatively will get a specific version if a version number was specified. It will not download the package if the server already has it and it has not been modified locally (more on this later).
    7. When a client is trying to connect to a modded server it will request the list of active mods for the server from the API. It then asks the API for the details of each mod and checks if it needs to download any of them. If it does the client will be notified and if they confirm that they are happy with that then the client will download, unpack and load the mods before connecting to the server.
    Mod settings

    The settings I intend to support on mods are:
    • Description
    • Access control tied into our account system, for several things:- Access to viewing/downloading the source (all vs restricted list)- Commit access (restricted list)- Package download permission (all vs restricted list)
    • Server ACL that uses the new API key system that I’ll be developing in advance of this mod system - essentially working in the same way as access control for users, for restricting which servers are allowed to run the mod
    • Whether the mod will be ‘publicly listed’ or not (whether a GET to https://api.kag2d.com/mods will include the mod in the returned list)
    • Option to disable checking for local changes to mods, to allow rapid tinkering
    • Options to reject versions if the specified KAG version number or dependency version numbers are not the most recent
    • Possibly support open/closed source mods (see further down for details)
    • If closed source mods go ahead then premium mods may be an option too
    Other notes

    Some of the following are ideas that haven't been fleshed out yet or not guaranteed to be included, some are just 'extra info':
    • The system will be entirely exposed by the API. This means, it will be possible for people to build their own web interfaces to it, and indeed I would love to find someone to build a website that allows for managing and searching mod (similar to how garanis built his excellent server browser site) using the existing SSO infrastructure for authentication & a new API key system I will be developing. The basic idea behind the API key system is that you will have to sign in via SSO and then give the site specific permissions (e.g. ‘manage my mods’) and from then on the site will be allowed to make specific kinds of API requests on your behalf. Note: If you are a web developer that would be interested in working on a web front end to this service then I'd love to hear from you to discuss it - PM me.
    • Ideally there will be a +1/-1 reddit-style mod rating system that will (hopefully) allow for community moderation of mods. The specifics of this have yet to be worked out.
    • Servers will be allowed to disable the API method of downloading mods, at the cost of not being available in the main server list by default (you will have to enable a filter to show ‘unmanaged mod’ servers). They will then use the current method of direct download from server to client or instead require that clients download mods externally and independently.
    • I'd quite like to allow ‘closed source’ mods. Currently we distribute mods as their raw scripts, which are then compiled into AngelScript bytecode at runtime. If there was sufficient demand I would be interested in allowing the option to have a closed source mod in which AngelScript is run in order to compile the scripts to bytecode and save them as files whenever a new mod version is created. These bytecode files would then be what is downloaded and loaded by the servers/clients.
    • I'd like to collect mod usage stats so we can track how many servers + players used each mod over time
    • Something I'm particularly excited about with this system is the possibility to create 'framework' mods, thanks to the dependency + version system. Someone could, for example, create a mod that provides the basic building blocks of an RPG (XP, quests, NPCs, etc.). Other mods could then build on that mod by listing it as a dependency (and likely fixing the dependency to a particular version in order to ensure that the new mod won't break if the framework mod is updated). You'd then potentially have many RPG mods that were all written in a fraction of the time because they had this framework to build on. An alternative to framework mods is that you could create 'mod packs' that combine many smaller mods into one (again using dependencies) in order to provide a more complete experience.
    I would love to hear your feedback on this system and will appreciate any criticism provided that it is constructive. I'm especially keen on what potential mod developers think of the proposal, though I'd also like to hear what regular users think about it.
     
    Aphelion, Noburu, Agnar and 26 others like this.
  2. GloriousToast

    GloriousToast Haxor Donator

    Messages:
    1,463
    I prefer a 5 star rating system over a +1/-1 because having a score that remains at near or below zero doesn't tell me how good it is unless it also reports the # of people giving it a +1 or -1. I feel it would be nice to have an extensive sorting system with tags and the sort like full mod(like Vanhuek's rping mod), mod on small details(way leaves fall to the ground), decor, gamemode, especially with the unlimited nature of it all. I am slightly concerned with mods that have little to no affect on the game or are small in general, would that warrant a registration to the repo?
     
    SlyStalker, I3lue and SirLoading like this.
  3. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    1. +1/-1 refers to a reddit-style system of upvoting, rather than something that gets the average score calculated. The specific algorithm that will be used to determine score has not been decided on yet but it will be based on the total up/downvotes.

    2. I'd like extensive sorting like that, though whether or not that is something that the API should handle itself or something that is implemented in a third party website I haven't decided on yet.

    3. Yes, all mods should register with the API, though you might want to question why you need such insignificant mods. If you just want a small tweak to an existing mod then a better solution might be to offer a patch to said existing mod. You'll still be able to have other smaller mods if you choose not to use the API-centric system though, but you'll be listed as a server running 'unmanaged mods'.

    EDIT: added a new point on the end of the other notes section that might be of interest, Toast.
     
  4. Cirom

    Cirom Bison Rider

    Messages:
    162
    Perhaps you could do it like how QDB does it, basically like: [512/789], where 512 is the amount of +1 votes, and 789 is the amount of people who voted. (And, perhaps, building a percentage off of that.)

    Other than that, I think this is great! :D I'm still planning on building my "Overlord" gamemode I made a topic on ages ago. I hope to make lots of mods which people will enjoy, haha. (And of course, get trumped by much better mod makers. :P)
     
  5. VanHuek

    VanHuek KAG Guard Tester

    Messages:
    751
    If you did have it as a closed mod and someone listed it as a dependency how could you enforce that your mod could only be on your server?

    Additionally, not that I'm thinking of it as if I did I would go down a different distribution method what about premium mods?
     
  6. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    All mod settings would still apply if the mod was a dependency - if it was closed, then if it was a dependency it would be downloaded as bytecode, if it was restricted to specific servers then mods that used it as a dependency would also be restricted to said servers.

    I am thinking about premium mods, but I don't want to explore that yet - its far too early to get into details on that. However, if it were to happen is that all players would have a record of mods that they have purchased and servers running premium mods would only allow people that have purchased said mods to join them.

    You mention a different distribution method... What did you have in mind and why do you think this system would not satisfy your needs (if it supported closed source, server-restricted, premium mods)?
     
    delankski likes this.
  7. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    Incidentally, if anyone is (or knows) a web developer whom would be interested in working on a site that functions as a front end to this service (either as just the mod management system, a mod search system or both) then PM me as I'd love to discuss it with them. We won't be looking to pay anyone to do this but I'm comfortable with them making money through the site provided that the basic service (i.e. allowing mod management or mod searching) is free. Provided that it is of sufficient quality, such a site would be officially endorsed.
     
    delankski likes this.
  8. Fate

    Fate Studying seashells

    Messages:
    593
    I'll say this right off the bat: I don't belong to the primary group this topic is intended for (mod developers), but I'd like to give a small input for the rating system:

    Just leave it at +1. No downvoting. Ability to downvote could be harmful to the general system because people could downvote content from people they dislike/downvote mod types they don't like/other subjective reasons.
     
    SlyStalker likes this.
  9. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    Without downvoting it won't serve its intended purpose of providing community moderation though :/
     
    Last edited: Sep 29, 2013
    itsagabe, miniswrider, Cirom and 2 others like this.
  10. I've done a public distribution system or two, and have a few thoughts. It seems you've gone through and nailed down a lot of the gritty details, which is great - there's really not much left to cover here.

    1. Searching is a must requirement: https://api.kag2d.com/mods/?q=nameofmod or something similar.
    2. I would strongly prefer Git, but that's me. I find Git to be much more flexible to use (and you could integrate the system with Github fairly easily to provide Issue tracking, wikis and commit logs if Git were used).
    3. I'd really prefer it if the API stayed as JSON, or at least was dynamic, supporting both JSON and XML.
    4. As for pagination of large result sets, can we standardize on &limit=10 for 10 rows, and &start=20 for start at 20th result? It's far easier to build an API consumer with that standard. (I would also recommend limiting the amount of data that can be returned back to 20 for your server's sake).
    5. How are you going to be verifying mods? IOW, if a mod on the server is named "Foobar", and I create a mod in my KAG called "Foobar" and put similar named files in it that have cheats in them, how are you verifying the integrity of each mod to prevent spoofing?
    6. Stats for each mod: big plus. At the very least, download counts with a download trend graph.
    7. Compatibility checking? Say KAG 1.0 releases, and then 400 mods are made. KAG 1.1 releases 6 months later, breaking 200 of those mods. Do you have a way of stating on each version of the mod (since v2.0 of a mod may support one KAG version, where 2.1 may not) what versions of KAG it supports? Furthermore, can the community contribute to the version compatibility? (If not, you'll probably end up with a lot of mods that devs "say" work in all versions, but likely do not.)
    8. I've found in my experience that Star Ratings always suck. You end up with a lot of 4 star rated things, and very little else. I have found the +1/-1 rating system to be the most effective.
    9. That said, another strongly effective way of promoting good content is through sorting filters, like, sort by:
    • Download Count
    • Top Rated
    • Most Recent
    • Featured
    Yes, featured. This would require some sort of moderation, which is my next question...
    10. Moderation? What's to prevent someone from uploading a mod that nukes my hard drive, or corrupts KAG into a spam-email-sending beast? Moderation is annoying, but necessary, and takes manpower. (Though, I don't see it taking much at the start.)
    Anyway, I'll stop there, but that's a few thoughts. Good job so far Shad!
     
    Agnar, I3lue, ParaLogia and 7 others like this.
  11. VanHuek

    VanHuek KAG Guard Tester

    Messages:
    751

    Didn't mean to sound like that: although as we talked about previously about possibilities of distribution.
    </br>--- merged: Mar 26, 2013 1:41 PM ---</br>
    We could possible have an editor rating and public rating? Then say for example, myself, went on to various servers tried out mods and rated the art quality or the script quality. And will the rating reset for each update? I.e Dinosaur Survival 0.8 crashes every time a Dinosaur jumps into Lava and gets a 1/10 rating but then at 0.81232320918 snapshot w8089uksd this is fixed and then deserves a rating of 10.4 (3sf).

    Also I have no idea what has happened to my font.
     
  12. Furai

    Furai THD Team THD Team Administrator

    Messages:
    3,124
    It doesn't have to reset for what is worth. User would be allowed only to upvote or downvote at time. So if one changes mind and changes his vote then it will work fine. At least I think it should be done this way.

    Overall, Tom, it sounds amazing (like it did when you first introduced the idea to us). Are you sure that Dave won't have time to work on the website? It still far future. (:
     
    delankski likes this.
  13. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    Thanks, this is exactly what I made this thread for :D

    1. Searching in the API call will be possible in the same way that it is currently possible when searching for servers
    2. Yeah I'd prefer git too. However all our own (KAG Team) development tools are built around mercurial, hence why it is getting first dibs. Full disclosure: I would really, really like git in there so I'm pretty sure I'll get around to it eventually, its just that supporting a second VC system isn't top of the priority list. When I do get around to it I'll probably implement some sort of automated transition system that'll do its best to preserve commit history if you choose to swap repo.
    3. It will follow all of the same conventions as the current API, so yes it'll be using JSON. There may be some sort-of-exceptions in that where conventions need improvement the same improvement will be applied to elsewhere in the API. However, we need to implement proper version support in the API before that happens - which is itself planned to be implemented before development of this mod distribution system gets underway.
    4. I like this and will likely include it as one of the improvements I retroactively apply to the server side of the API :)
    5. The general idea is that mods will be verified against the mod stored with the API by simple hash comparisons. The unaltered game code won't allow clients/servers to run scripts that haven't been confirmed with the API as being the same... However there is still the issue of how to stop hackers from subverting this process by altering the game code. We have plans for this but I am not going to discuss it in a public forum :)
    6. Download and usage stats are the main 2 things I want, we'll see what else seems appropriate closer to the time.
    7. Compatibility with KAG itself is a good point that I hadn't really given much thought. If I make that something that is managed in the API then it will probably just be an extra bit of meta data against each mod version. For it to be something that is altered by the community it would either have to be something similar to how ratings are implemented (though I'm really not sure how this would work) or simply a service provided by an external website.
    8. Agreed.
    9. Yep, these echo similar thoughts I'd had. I'm particularly interested in doing things like 'featured' mods once the mod ecosystem has matured a bit.
    10. The AngelScript bindings don't exist to perform anything destructive like that - though I've had one or two ideas of how they could be abused to a lesser extent. As such we will have moderators, but a major reason for having a rating system is that things that get downvoted into oblivion will be examined more closely to see what people are complaining about. Additionally I'm considering some sort of separate 'report abuse' system, for cases when mods are specifically malicious.

    EDIT: Had some other thoughts, particularly re: point 7 (and our IRC discussion), and the plan is getting some revisions. Thanks :D
     
  14. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    I don't care who works on it so long that someone does (and they do a good job).
    If Dave wants to then I'm perfectly fine with that :D
     
    delankski likes this.
  15. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    What Furai said - your vote can be changed at any time. New votes will not be cumulative - you have one vote per mod, which is replaced if you change it from down to up or vice versa.
     
    delankski likes this.
  16. Regarding sorting and filtering of mods - i think adding tags to mods by their developers will be sufficient. This plus some community consensus establishing some general category-tags, like Gameplay, Graphic, HUD, etc will allow creating a really effective mod browser.

    When comparing hashes of client's mod files with those from API - make sure to use a secure hash function. MD5 is not enough, it can be spoofed even without altering KAG code.
     
    Contrary likes this.
  17. tmewett5

    tmewett5 Shark Slayer

    Messages:
    17
    This is a nice idea :)
    Some things I would say are that enforcing the use of a remote DVCS may complicate developing mods, especially if they don't want to use what is on offer. E.g. what if I wanted to use Bazaar? Or no VCS whatsoever?

    If I were to make a mod distribution system, this it what I would do (off the top of my head (might not be best for KAG)):
    1. New mods start as a forum thread with personally hosted code/downloads
    2. If that mod is seen as good/popular it is added to the official mod repository* by a moderator/admin/whatever
    3. Mod makers can then push changes to the repo (via plain FTP)
    4. Servers and clients behave in the same way you described
    * Not a DVCS repo!
    These are just assorted thoughts
     
  18. Shadlington

    Shadlington THD Team THD Team Administrator Global Moderator

    Messages:
    1,562
    I've considered things like that. That's why we will still continue to support mods that are not API-managed (servers running them will just have an 'unmanaged' flag on them in the server browser that will be filtered out by default).
    But the API is going to enforce the use of repos (and because it can't feasibly support all repos its just going to enforce the use of the ones we like :p). If you don't want to use the repos like repos, that's up to you (you could develop mods independently, testing them as unmanaged mods and then only upload changes to the repo in a single, massive commit if you so wished - though I certainly don't advise it).

    And I'm definitely not doing anything that requires admins to manually add content to an official repo.
     
    tmewett5 likes this.
  19. Downburst

    Downburst Mindblown Global Moderator Forum Moderator Donator Tester

    Messages:
    1,813
    I know that Soldat's modding system was used to download viruses to user's computers. This API system will only allow people to download approved mods, but won't KAG devs be automatically responsible for any mod on the API this way? IE, won't people have the ability to start a law-suit against the responsible KAG devs if one of the mods contains an exploit?
     
    Gofio and FuzzyBlueBaron like this.
  20. Not if the devs make sure to write the following for the system:
    - AUP (Acceptable Use Policy)
    - Usage Disclaimer, basically stating we are not responsible for 3rd-party content hosted on this site, bla bla bla
     
    Gofio likes this.
Mods: Downburst, Mazey