Class ModScriptCompiler

Namespace: GrindFest

Assembly: GrindFest.dll

Compiles C# scripts from mods into in-memory assemblies, with security scanning.

Security model:

Parse all .cs files into Roslyn syntax trees.
Walk the syntax trees looking for dangerous API usage (not string matching — avoids false positives from comments and string literals).
If dangerous APIs found and mod is not trusted → block compilation.
Trust is hash-based: if scripts change, trust is revoked.
First-party mods (author "GrindFest Team") are always trusted.

public static class ModScriptCompiler

Inheritance: object

ModScriptCompiler

Properties

TrustStorePath: Path to the trust store file: persistentDataPath/trusted-mods.json Format: { "ModName": "sha256-of-all-scripts", ... }

Methods

CompileAll(List<ModDefinition>): Compile all mods that have a Scripts/ folder. Handles security scanning, trust gating, and Roslyn compilation. Populates mod.SecurityWarnings, mod.ScriptsBlocked, mod.ScriptsTrusted, mod.ScriptsHash.

ComputeScriptsHash(string[]): Compute a combined SHA-256 hash for all .cs files. Used to detect script changes (invalidates trust).

IsModTrusted(ModDefinition, string, Dictionary<string, string>): Check whether a mod is trusted for the given scripts hash.

LoadTrustStore(): Load the trust store from disk.

SaveTrustStore(Dictionary<string, string>): Save the trust store to disk.

ScanSyntaxTrees(List<SyntaxTree>): Scan parsed syntax trees for dangerous API usage. Walks the AST to avoid false positives from comments and string literals.

TrustMod(ModDefinition): Mark a mod as trusted (writes its current scripts hash to the trust store). Called from the mod browser UI when user clicks "Trust & Enable".