May 26, 2026 — Dev Update

This has been one of the most productive weeks in LichSouls history. We shipped infrastructure changes, brand new social systems, a full security layer for messages, and more QoL improvements than we can count. Here's everything that landed.

Infrastructure: Cloudflare Workers

The biggest under-the-hood change this week: we fully migrated the platform to Cloudflare Workers via OpenNext. The site now runs at the edge globally instead of on a traditional server. This means faster cold starts, lower latency for everyone regardless of region, and a foundation that scales without us thinking about it.

All data storage (database, media, private files) is now fully Cloudflare-native — D1 for the database, R2 for object storage. This also sets us up for everything else we shipped this week.

Warden Encryption

Direct messages are now encrypted at rest on our servers using AES-256-GCM — a system we're calling Warden. Every message sent from this point forward is encrypted before it touches the database. Even if the database were ever exposed, message content would not be readable as plain text.

You'll see a 'Protected by Warden Encryption' indicator in the message header and a 'Warded' label on each encrypted message's timestamp. Both the full Messages page and the ChatBar popup show this.

Profile Media Uploads

You can now upload your own profile pictures and banners directly on the site. No more needing a Discord CDN link or an external image host.

• Upload directly from your profile's edit drawer — JPEG, PNG, WebP, and GIF supported
• Up to 6 previous avatars and 3 previous banners are kept in a history gallery — click any to restore it
• Images are stored in private Cloudflare R2 storage
• Your Discord profile picture is preserved as a separate fallback — reset to it any time with one click
• If you haven't customized your avatar, it will automatically update when you change your Discord profile picture

Custom Profile URLs

Your profile now has a custom URL slug — set it in your profile edit drawer under 'Profile URL'. Instead of lichsouls.com/profile/123456789, you can have lichsouls.com/profile/yourname.

• 3–32 characters, letters/numbers/hyphens/underscores
• Old slugs redirect to your current one automatically so existing links don't break
• Once a slug is used, it's reserved to you permanently — nobody else can claim a URL you previously held
• 30-day cooldown between changes to prevent abuse

Direct Messages

The full direct messaging system is live. Start a conversation from any profile, manage all your threads from the Messages page, and chat in real time from the floating ChatBar popup in the corner — no need to leave whatever page you're on.

• Full Messages page with threaded conversations
• Floating ChatBar popup accessible from anywhere on the site
• Image attachments supported (requires account verification — see below)
• Messages soft-delete: deleted messages show as 'This message was deleted' to both parties, preserved for moderation
• No footer in the Messages view for a clean chat experience

Attachment Verification

Sending image attachments in direct messages requires your account to be verified by staff. This is a deliberate safety measure to reduce the risk of prohibited media being shared through the platform.

Unverified users will see a disabled paperclip with a tooltip explaining how to get verified. Staff can grant and revoke verification from the user management panel. Verification records include a timestamp and the staff member who granted it.

Profile Walls, Friends & Social Features

• Profile walls — post on your own wall or a friend's, with privacy controls for who can post and who can view
• Full friend request system with accept/decline and pending request management
• Block system — blocking a user prevents all interaction
• Report system — report users directly from their profile or from a message, evidence images supported
• Online status indicator — shows who's currently active with optional classic mode
• Privacy settings — independently control wall visibility, friend list visibility, message permissions, online status, and connected accounts per-user

Notifications

The notification system is live. You'll receive notifications for friend requests, accepted requests, wall posts, and wall comments.

• Unread count badge in the navbar
• Mark individual notifications as read by clicking them
• Mark all as read in one click
• Delete all notifications to clear the slate

Communities & Streams

• RS3 clan applications are fully restored and running from D1 — editable by staff with gear and stats tracking
• Stream schedule data is now loaded from D1 and fully editable from the staff dashboard
• Ranking system page and staff management view are live
• D&D Grimoire character sheets — character creation, ability scores, sequence editor, and the full stat tracker brought over from the Prestige Encounters site

Twitch Integration

You can now link your Twitch account from your profile settings. This is optional and can be unlinked at any time. On the staff side, the Twitch integration hooks into bot control — more on what that enables soon.

Legal Pages

We completely rewrote our legal pages from scratch to accurately reflect how the platform works today.

• Privacy Policy — full data inventory, Warden encryption disclosure, data retention specifics, law enforcement cooperation policy
• Terms of Service — prohibited content, mandatory CSAM reporting obligations (NCMEC), DM encryption disclosure, attachment verification, DMCA
• Cookie Policy — full table of all cookies we set, third-party disclosure for Discord OAuth
• Disclaimer — non-affiliation with game publishers (Jagex, Mojang, Blizzard, Rare, Wizards of the Coast), accuracy limitations, UGC policy

Staff Tools

• Staff dashboard expanded with user management, post management, report queue, and stream/application controls all in one place
• User management panel — view all members, manage account restrictions (ban, no messages, no wall posts, no friend requests), grant or revoke attachment verification
• Post editor — create and publish Dev Updates and Community News posts with a block-based editor; JSON import lets us draft posts externally and import them directly
• Report queue — staff can review user reports, view evidence, and take action

QoL & Bug Fixes

• Navbar is now fully responsive on mobile
• Message send scrolls to the latest message correctly
• Fixed a notification bug that caused duplicate or missing alerts
• Profile slug history patched to correctly track redirects on rapid updates
• Banned users are now handled gracefully across all interaction surfaces
• Friends list rendering fixes for edge cases with mutual friend counts