Add command audit feature

Signed-off-by: applenick <applenick@users.noreply.github.com>

Author: applenick

core/src/main/java/dev/pgm/community/audit/CommandAuditConfig.java

@@ -0,0 +1,97 @@
+package dev.pgm.community.audit;
+
+import com.google.common.collect.Lists;
+import dev.pgm.community.feature.config.FeatureConfigImpl;
+import java.util.List;
+import org.bukkit.configuration.Configuration;
+
+public class CommandAuditConfig extends FeatureConfigImpl {
+
+  private static final String KEY = "command-audit";
+
+  private List<String> auditPermissions;
+  private List<String> exemptPermissions;
+  private List<String> includePrefixes;
+  private List<String> includeCommands;
+  private List<String> includePermissionContains;
+  private List<String> excludeCommands;
+  private boolean clickTeleport;
+
+  public CommandAuditConfig(Configuration config) {
+    super(KEY, config);
+  }
+
+  public List<String> getAuditPermissions() {
+    return auditPermissions;
+  }
+
+  public List<String> getExemptPermissions() {
+    return exemptPermissions;
+  }
+
+  public List<String> getIncludePrefixes() {
+    return includePrefixes;
+  }
+
+  public List<String> getIncludeCommands() {
+    return includeCommands;
+  }
+
+  public List<String> getIncludePermissionContains() {
+    return includePermissionContains;
+  }
+
+  public List<String> getExcludeCommands() {
+    return excludeCommands;
+  }
+
+  public boolean isClickTeleportEnabled() {
+    return clickTeleport;
+  }
+
+  @Override
+  public void reload(Configuration config) {
+    super.reload(config);
+    this.auditPermissions =
+        normalizePermissionList(config.getStringList(KEY + ".audit-permissions"));
+    this.exemptPermissions =
+        normalizePermissionList(config.getStringList(KEY + ".exempt-permissions"));
+    this.includePrefixes = normalizeCommandList(config.getStringList(KEY + ".include-prefixes"));
+    this.includeCommands = normalizeCommandList(config.getStringList(KEY + ".include-commands"));
+    this.includePermissionContains =
+        normalizePermissionList(config.getStringList(KEY + ".include-permissions"));
+    this.excludeCommands = normalizeCommandList(config.getStringList(KEY + ".exclude-commands"));
+    this.clickTeleport = config.getBoolean(KEY + ".click-teleport");
+  }
+
+  private List<String> normalizeCommandList(List<String> list) {
+    List<String> normalized = Lists.newArrayList();
+    if (list == null) {
+      return normalized;
+    }
+    for (String value : list) {
+      if (value == null) continue;
+      String trimmed = value.trim().toLowerCase();
+      if (trimmed.isEmpty()) continue;
+      if (!trimmed.startsWith("/")) {
+        trimmed = "/" + trimmed;
+      }
+      normalized.add(trimmed);
+    }
+    return normalized;
+  }
+
+  private List<String> normalizePermissionList(List<String> list) {
+    List<String> normalized = Lists.newArrayList();
+    if (list == null) {
+      return normalized;
+    }
+    for (String value : list) {
+      if (value == null) continue;
+      String trimmed = value.trim().toLowerCase();
+      if (trimmed.isEmpty()) continue;
+      normalized.add(trimmed);
+    }
+    return normalized;
+  }
+}

core/src/main/java/dev/pgm/community/audit/CommandAuditFeature.java

@@ -0,0 +1,176 @@
+package dev.pgm.community.audit;
+
+import static net.kyori.adventure.text.Component.newline;
+import static net.kyori.adventure.text.Component.space;
+import static net.kyori.adventure.text.Component.text;
+import static tc.oc.pgm.util.player.PlayerComponent.player;
+
+import dev.pgm.community.feature.FeatureBase;
+import dev.pgm.community.utils.BroadcastUtils;
+import java.util.List;
+import java.util.logging.Logger;
+import net.kyori.adventure.text.Component;
+import net.kyori.adventure.text.TextComponent;
+import net.kyori.adventure.text.event.ClickEvent;
+import net.kyori.adventure.text.event.HoverEvent;
+import net.kyori.adventure.text.format.NamedTextColor;
+import org.bukkit.Bukkit;
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandMap;
+import org.bukkit.command.PluginCommand;
+import org.bukkit.configuration.Configuration;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.player.PlayerCommandPreprocessEvent;
+import tc.oc.pgm.util.named.NameStyle;
+
+public class CommandAuditFeature extends FeatureBase {
+
+  public CommandAuditFeature(Configuration config, Logger logger) {
+    super(new CommandAuditConfig(config), logger, "Staff Command Audit");
+
+    if (getConfig().isEnabled()) {
+      enable();
+    }
+  }
+
+  @EventHandler(priority = EventPriority.MONITOR, ignoreCancelled = true)
+  public void onPlayerCommand(PlayerCommandPreprocessEvent event) {
+    Player player = event.getPlayer();
+    if (!shouldAudit(player)) return;
+
+    String command = event.getMessage();
+    if (!shouldLog(command)) return;
+
+    Component alert = buildAlert(player, command);
+    BroadcastUtils.sendAdminChatMessage(alert, null, null, null);
+  }
+
+  private boolean shouldAudit(Player player) {
+    CommandAuditConfig config = getCommandAuditConfig();
+    if (hasAnyPermission(player, config.getExemptPermissions())) {
+      return false;
+    }
+    List<String> auditPermissions = config.getAuditPermissions();
+    return auditPermissions.isEmpty() || hasAnyPermission(player, auditPermissions);
+  }
+
+  private boolean shouldLog(String command) {
+    if (command == null) return false;
+    String normalized = command.trim().toLowerCase();
+    if (normalized.isEmpty()) return false;
+
+    CommandAuditConfig config = getCommandAuditConfig();
+    if (matchesAny(normalized, config.getExcludeCommands())) return false;
+    if (matchesAny(normalized, config.getIncludePrefixes())) return true;
+    if (matchesAny(normalized, config.getIncludeCommands())) return true;
+    return matchesCommandPermission(normalized, config.getIncludePermissionContains());
+  }
+
+  private boolean matchesCommandPermission(String command, List<String> permissionContains) {
+    if (permissionContains.isEmpty()) return false;
+    String label = extractCommandLabel(command);
+    if (label.isEmpty()) return false;
+    Command cmd = getCommand(label);
+    if (cmd == null || cmd.getPermission() == null) return false;
+
+    String permission = cmd.getPermission().toLowerCase();
+    for (String matcher : permissionContains) {
+      if (permission.contains(matcher)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  private Command getCommand(String label) {
+    PluginCommand pluginCommand = Bukkit.getPluginCommand(label);
+    if (pluginCommand != null) {
+      return pluginCommand;
+    }
+
+    try {
+      CommandMap commandMap = Bukkit.getServer().getCommandMap();
+      if (commandMap != null) {
+        return commandMap.getCommand(label);
+      }
+    } catch (NoSuchMethodError ignored) {
+
+    }
+    return null;
+  }
+
+  private String extractCommandLabel(String command) {
+    String[] parts = command.split(" ");
+    if (parts.length == 0) return "";
+    String label = parts[0];
+    if (label.startsWith("/")) {
+      label = label.substring(1);
+    }
+    int namespaceIndex = label.indexOf(':');
+    if (namespaceIndex >= 0 && namespaceIndex + 1 < label.length()) {
+      label = label.substring(namespaceIndex + 1);
+    }
+    return label;
+  }
+
+  private boolean matchesAny(String command, List<String> values) {
+    for (String value : values) {
+      if (command.startsWith(value)) return true;
+    }
+    return false;
+  }
+
+  private boolean hasAnyPermission(Player player, List<String> permissions) {
+    for (String permission : permissions) {
+      if (player.hasPermission(permission)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  private Component buildAlert(Player player, String command) {
+    TextComponent.Builder builder = text()
+        .append(player(player, NameStyle.FANCY))
+        .append(text(" executed ", NamedTextColor.GRAY))
+        .append(text(command, NamedTextColor.LIGHT_PURPLE));
+
+    if (getCommandAuditConfig().isClickTeleportEnabled()) {
+      builder.hoverEvent(HoverEvent.showText(DEFAULT_HOVER));
+      builder.append(space()).append(buildViewComponent(player));
+    } else {
+      builder.hoverEvent(HoverEvent.showText(DEFAULT_HOVER));
+    }
+
+    return builder.build();
+  }
+
+  private static final Component DEFAULT_HOVER = text(
+          "You've been alerted to this action", NamedTextColor.GRAY)
+      .append(newline())
+      .append(text("in order to promote transparency.", NamedTextColor.GRAY));
+
+  private Component buildViewComponent(Player player) {
+    return text()
+        .append(text("[", NamedTextColor.GRAY))
+        .append(text("View", NamedTextColor.AQUA))
+        .append(text("]", NamedTextColor.GRAY))
+        .clickEvent(ClickEvent.runCommand(getTeleportCommand(player)))
+        .hoverEvent(HoverEvent.showText(text("Click to teleport", NamedTextColor.GRAY)))
+        .build();
+  }
+
+  private String getTeleportCommand(Player player) {
+    return String.format(
+        "/tploc %d %d %d",
+        player.getLocation().getBlockX(),
+        player.getLocation().getBlockY(),
+        player.getLocation().getBlockZ());
+  }
+
+  public CommandAuditConfig getCommandAuditConfig() {
+    return (CommandAuditConfig) getConfig();
+  }
+}

core/src/main/java/dev/pgm/community/feature/FeatureManager.java

@@ -2,6 +2,7 @@
 
 import dev.pgm.community.assistance.feature.AssistanceFeature;
 import dev.pgm.community.assistance.feature.types.SQLAssistanceFeature;
+import dev.pgm.community.audit.CommandAuditFeature;
 import dev.pgm.community.broadcast.BroadcastFeature;
 import dev.pgm.community.chat.management.ChatManagementFeature;
 import dev.pgm.community.chat.network.NetworkChatFeature;
@@ -55,6 +56,7 @@ public class FeatureManager {
   private final FreezeFeature freeze;
   private final MutationFeature mutation;
   private final BroadcastFeature broadcast;
+  private final CommandAuditFeature commandAudit;
   private final MobFeature mob;
   private final MapPartyFeature party;
   private final PollFeature polls;
@@ -91,6 +93,7 @@ public FeatureManager(
     this.freeze = new FreezeFeature(config, logger);
     this.mutation = new MutationFeature(config, logger, inventory);
     this.broadcast = new BroadcastFeature(config, logger);
+    this.commandAudit = new CommandAuditFeature(config, logger);
     this.chatNetwork = new NetworkChatFeature(config, logger, network);
     this.mob = new MobFeature(config, logger);
     this.party = new MapPartyFeature(config, logger);
@@ -151,6 +154,10 @@ public BroadcastFeature getBroadcast() {
     return broadcast;
   }
 
+  public CommandAuditFeature getCommandAudit() {
+    return commandAudit;
+  }
+
   public NetworkChatFeature getNetworkChat() {
     return chatNetwork;
   }
@@ -193,6 +200,7 @@ public void reloadConfig(Configuration config) {
     getMutations().getConfig().reload(config);
     getBroadcast().getConfig().reload(config);
     getNick().getConfig().reload(config);
+    getCommandAudit().getConfig().reload(config);
     getNetworkChat().getConfig().reload(config);
     getRequests().getConfig().reload(config);
     getMobs().getConfig().reload(config);
@@ -219,6 +227,7 @@ public void disable() {
     if (getMutations().isEnabled()) getMutations().disable();
     if (getBroadcast().isEnabled()) getBroadcast().disable();
     if (getNick().isEnabled()) getNick().disable();
+    if (getCommandAudit().isEnabled()) getCommandAudit().disable();
     if (getNetworkChat().isEnabled()) getNetworkChat().disable();
     if (getRequests().isEnabled()) getRequests().disable();
     if (getMobs().isEnabled()) getMobs().disable();

core/src/main/resources/config.yml

@@ -218,6 +218,27 @@ broadcast:
       - "&3This is an alert, you can adjust the messages inside of &aconfig.yml"
       - "&a&lYou can use &b&lcolor &4&lcodes &6&ltoo!"    
 
+# Command Audit - Broadcast staff actions to admin chat
+command-audit:
+  enabled: true
+  audit-permissions: # Only audit commands from players with one of these permissions
+    - "community.staff"
+  exempt-permissions: # Skip auditing when a player has any of these permissions
+    - "community.command-audit.exempt"
+  click-teleport: true # Allow clicking the alert to teleport to the command location
+  include-prefixes: # Prefixes to always audit (matches the start of the full command)
+    - "//"
+    - "/worldedit:"
+    - "/minecraft:"
+  include-permissions: # Command permission nodes that include any of these strings will be audited
+    - "worldedit"
+  include-commands: # Commands to audit (matches the start of the full command)
+    - "/summon"
+    - "/enchant"
+  exclude-commands: # Commands to ignore (matches the start of the full command)
+    - "/sudo"
+    - "/community:sudo"
+
 # Freeze - Freeze players via command or observer hotbar tool (when PGM is enabled)  
 freeze:
   enabled: true