Real protection for paid plugins.
Per-project obfuscation. Per-buyer watermarking. Four host-binding modes. Optional loader-required mode so the jar refuses to run outside the hye loader. Honest about what protection can and can't do — no fake heartbeat-bricking, no “unbreakable” promises, no buyer surveillance.
- 4host-binding modes (uuid, hostname, ip, free)
- sha256every promoted artifact, signed + attested
- 0remote bricking. ever. by design.
Six layers, all on by default for paid plugins.
Each layer is independent: you can run any subset, with the keep rules and toggles that match your project. None of these run on free projects unless you opt in.
ProGuard-style obfuscation
Class, method, and field renaming with reflection-safe keep rules. We ship a default profile that's safe for Bukkit/Paper plugins (keeps event handlers, command executors, NMS bridges intact) and let you author custom keep rules per project. Optional string obfuscation for sensitive constants.
Per-buyer watermarking
Each download is built with a steganographic marker derived from the buyer's license ID + a project-side salt. Markers live in jar metadata, MANIFEST entries, and selectively in non-executable bytecode regions. If a paid jar lands on a forum, we can decode the marker and trace it back to the leak source.
Server-bound licensing
License keys bind to one of four host modes: server UUID, hostname, IP, or free (validation-only). The plugin self-validates against token.hye.gg at boot and on a creator-configurable cadence. Bound activations show in the buyer's license dashboard; rotating the key invalidates them all.
Build attestation
Every promoted jar carries a sha256 digest, a hye-side signature in the MANIFEST, and a build-attestation record in the audit log. Buyers can verify the artifact wasn't tampered with after promotion. We don't claim signature checking is virus-prevention — ClamAV does that — but it does mean a dropped-in jar from a third-party site fails verification.
hye loader (companion runtime)
An optional server-side companion plugin that hot-reloads jars from your library, applies version updates without a full restart, diffs configs across versions, and keeps the licensing handshake local. Creators can require it: a project flagged “loader-required” refuses to start outside the loader environment, blocking forum re-uploads at the JVM level.
Scan + moderation pipeline
Every uploaded jar runs ClamAV, plugin-metadata extraction, archive listing, and a moderator review before promotion to the download bucket. Obfuscated artifacts go through the same gate — obfuscation never bypasses scanning. Your reputation, the buyer's safety.
The strongest forum-leak resistance we ship.
The hye loader is an optional server-side companion plugin. Creators can flag a project as loader-required, which makes the protected jar refuse to start outside the loader's classloader. A forum re-upload won't run on a vanilla server.
About the hye loaderHot-reload + sync
The loader pulls plugin updates from your library, diffs configs across versions, and reloads classes without booting your players. New shard from scratch in one command.
Local license handshake
License validation runs against `token.hye.gg`, with the loader caching the response for offline-friendly behavior. The loader does not implement remote bricking, so a brief outage at hye doesn't kill your server.
Loader-required mode
Creators can mark a project as loader-required. The protected jar refuses to start outside the loader's classloader, so even if someone obtains the file, they can't run it on a vanilla server. This is the strongest piracy-resistance posture we ship.
Activation audit trail
The loader emits structured events for activations, validations, and rotations. Both buyers and creators see the same trail in their dashboards — no off-platform handshakes, no “trust me” licensing.
Every protection toggle, in one place.
You configure these in the project editor on the dashboard. Defaults are conservative; everything except build attestation is opt-in.
- Obfuscation profileoff | default | customOff ships the source-equivalent jar. Default applies the safe Bukkit/Paper preset. Custom lets you author keep rules and name-mangling overrides per project.
- Per-buyer watermarkingoff | onOn bakes a steganographic marker derived from the buyer's license into the jar at promotion time. Off ships the same artifact for every buyer.
- License host bindinguuid | hostname | ip | freeHow tightly an activation is bound. Server UUID is the strictest (one Minecraft server). Free is validation-only (audit + revocation but no host enforcement). IP and hostname sit between.
- Max activations per license1 | 3 | customHow many concurrent server bindings each issued license tolerates. Useful for buyers running staging/canary alongside production.
- Loader-requiredoff | onOn refuses to start the protected jar outside the hye loader. Strongest forum-leak resistance; requires buyers to install the loader.
- Validation cadenceboot-only | hourly | per-actionHow often the plugin re-validates against token.hye.gg. Boot-only is offline-friendly. Per-action is paranoid (and rarely worth the round-trip).
- Build attestationalways onEvery promoted artifact is digested + signed. Not user-toggleable; the trust contract requires it.
Honest limits, in writing.
Marketing pages on competing platforms make claims protection technology can't back. Here are the lines we don't cross.
- We do not implement remote heartbeat bricking. A network outage at hye does not kill running servers.
- We do not claim obfuscation is unbreakable. Determined attackers can deobfuscate any JVM bytecode given enough time.
- We do not run silent code execution outside the protected jar's normal scope. The loader is open about everything it does.
- We do not collect player data through licensing. Activations track server identity, not player accounts.
- We do not sell deobfuscation services. We do not offer “unlock” tiers. The keep rules are the keep rules.
- When a license is revoked, the validate endpoint returns denied. Older offline-cached responses are honored within their cache TTL — we don't claim instant cutoff.
Ship your plugin with the protection you actually need.
Toggle obfuscation. Pick a host-binding mode. Decide whether to require the loader. Set max activations. Walk away from forum re-upload anxiety.