# Future Features Roadmap ## Implemented ✅ - Multi-name sniping (sequential/parallel/staggered modes) - Adaptive throttling - Nuclear mode (zero-delay bursts) - Fingerprint rotation - DNS pre-resolution - GC disabled for precision timing - **Auto-token refresh via Microsoft OAuth** (FEATURE #9) - Full OAuth Device Flow (email:password → bearer token) - Account file loading (mixed credentials + tokens) - Auto-auth checkbox with file browser - Token caching and persistence --- ## Planned Features 🎯 ### 1. ✅ Auto-Token Refresh System (IMPLEMENTED) **Status:** ✅ Complete (v1.0 - April 13, 2026) **Goal:** Automatically refresh Minecraft bearer tokens via Microsoft OAuth Device Flow **Why:** Bearer tokens expire, and you don't want to manually refresh them right before the snipe **Implementation:** - ✅ MicrosoftAuth class with full OAuth flow - ✅ `load_accounts_from_file()` - parses email:password or raw tokens - ✅ `authenticate_accounts()` - batch authentication - ✅ GUI: Auto-auth checkbox + file browser - ✅ Mixed format support (credentials + tokens in same file) - ✅ Token caching to file **Microsoft OAuth Flow:** ``` POST login.live.com/oauth20_authorize → Device Code Poll login.live.com/oauth20_token → Access Token POST xbl.auth.xboxlive.com → XBL Token POST xsts.auth.xboxlive.com → XSTS Token POST api.minecraftservices.com → Bearer Token ``` **Usage:** 1. Create `accounts.txt` with `email:password` per line (or raw tokens) 2. Enable "Auto-Auth from Credentials" checkbox 3. Select accounts file via file browser 4. System authenticates automatically before snipe **MCsniperGO Reference:** - Client ID: `00000000441cc96b` (Minecraft for Nintendo Switch) - Same format: `email:password` or `eyJ...` tokens - Files: `pkg/mc/msa_ouath_device_flow.go`, `pkg/parser/parser.go` --- ### 2. Gift Card Account Support (MEDIUM PRIORITY) **Goal:** Support sniping with Microsoft gift card accounts (not full Minecraft purchases) **Why:** Gift card accounts are cheaper and easier to obtain in bulk **API Difference:** - **Full Minecraft:** `PUT /minecraft/profile/name/{username}` (name change) - **Gift Card:** `POST /minecraft/profile` with `{"profileName": "username"}` (create profile) **Implementation:** - Separate account types in token manager - Detect account type automatically or let user specify - Use correct endpoint based on type **Note:** King currently doesn't have gift card accounts, so this is lower priority. --- ### 3. Worker Pool Architecture (LOW PRIORITY) **Goal:** Use 100+ concurrent workers like MCsniperGO **Why:** More parallel requests = faster claim **Current:** Sequential or limited parallel requests **Target:** 100 workers with request generator channels **Caveat:** May trigger rate limits more easily (3 req/30s, 40 req/24h per account) --- ### 4. Account Health Dashboard (LOW PRIORITY) **Goal:** Show which accounts are valid, expired, or need refresh **Features:** - Test each token on startup - Show expiry timestamps - Mark accounts that have used name change already (90-day cooldown) - Auto-skip invalid accounts --- ### 5. Multi-Account Rotation Strategy (LOW PRIORITY) **Goal:** Smart account selection based on success history **Ideas:** - Round-robin across accounts - Weighted by past success rate - Failover to backup accounts if primary fails - Track which accounts hit rate limits --- ## Technical Debt 📝 ### Known Issues to Fix - [ ] Token expiry tracking (currently assumes tokens are valid forever) - [ ] No account cooldown tracking (90-day name change limit) - [ ] Error messages could be more descriptive - [ ] No logging to file (only console output) ### Code Quality - [ ] Add type hints to all functions - [ ] Add docstrings to public methods - [ ] Split into modules (auth.py, sniper.py, gui.py) - [ ] Add unit tests for core logic --- ## MCsniperGO Analysis Notes **Key Learnings from Competitor:** 1. Uses `fasthttp` (Go) for ultra-fast HTTP - we use `httpx` (Python), which is fine 2. Worker count = 100 with channel-based dispatch 3. Explicit rate limit awareness in code comments 4. Two API endpoints based on account type 5. Full OAuth flow instead of just bearer tokens **What We Should Copy:** - ✅ Auto-token refresh via OAuth (planned) - ⏳ Gift card support (lower priority) - ❌ Worker pool (our current approach works fine) **What We Ignore:** - Proxies (not needed for our use case) - CLI-only interface (we have a GUI) - Go language specifics (we're committed to Python) --- ## Priority Order ### Completed ✅ 1. **Multi-Name Sniping** - Snipe multiple usernames in one run 2. **Auto-Token Refresh** - Full OAuth flow from email:password 3. **Account Health Dashboard v2** - Upgraded with visual row coloring (🟢/🟡/🔴), auto-refresh every 30s, "Snipe-Ready" combined signal column, right-click context menu (copy token/username, remove token), auto-sorted by readiness, color-coded readiness banner 4. **Account Health Dashboard (original)** - Token validation, cooldown tracking, cooldown display, JWT expiry 4. **File Logging** - Automatic log file with daily rotation 5. **Account Cooldown Tracking** - 90-day name change limit per account with persistent history 6. **Better Error Messages** - Human-readable Minecraft API error decoding 7. **Multi-Account Rotation** - Round-robin token selection, auto-skip expired/cooldown/blacklisted tokens 8. **Token Expiry Awareness** - JWT `exp` claim parsing, expired token filtering, expiry display in dashboard ### Next Up 9. **Gift Card Support** - Only if King gets gift card accounts 10. **Worker Pool** - Nice to have, but not essential 11. **Code Quality** - Ongoing maintenance --- *Last Updated: May 2026 (Phase 3 Complete: Rotation, Expiry, Error Decoding)* *Author: Hermes Agent (with King's direction)*