# `lib/` — system-scope dependencies

This directory holds binary dependencies that are not available from a
public Maven repository and so are referenced as `system`-scope in
`pom.xml`.

## `AuthMe-5.6.0-FORK-Universal.jar`

The HaHaWTH fork of AuthMe-ReReloaded, build 49. Used at compile time
only — `system` scope means it is never bundled into the shaded plugin
jar.

This jar is not checked in to the public repository because:

1. It is not licensed by us — it ships under AuthMe-ReReloaded's GPL.
2. It is several MB; redistributing it bloats the repo for no benefit.
3. Any 5.x AuthMe-ReReloaded fork exposes the same `LoginEvent` and
   `AuthMeAsyncPreLoginEvent` API and works as a drop-in compile target.

To build locally:

1. Download the AuthMe jar that matches the runtime you intend to
   target. Verified against
   [HaHaWTH/AuthMeReloaded](https://github.com/HaHaWTH/AuthMeReloaded)
   build 49 (`AuthMe-5.6.0-FORK-Universal.jar`).
2. Drop it into this directory with the exact filename
   `AuthMe-5.6.0-FORK-Universal.jar`.
3. Run `mvn clean package` from the repo root.

## CI builds

`.github/workflows/build.yml` and `.github/workflows/release.yml` both
include a `Fetch AuthMe jar` step that downloads the dependency before
running Maven. The download URL is read from the repository secret
`AUTHME_JAR_URL`. To make CI builds succeed:

1. Go to the repo's **Settings → Secrets and variables → Actions**.
2. Add a new repository secret named `AUTHME_JAR_URL`.
3. Set the value to a direct download URL for the AuthMe jar that
   matches the version pinned in `pom.xml` (currently
   `5.6.0-FORK-b49`). A GitHub release asset URL works.

Until that secret is set, the `Build` and `Release` workflows will fail
on the first run with `AUTHME_JAR_URL secret is not set`. This is the
expected gating — do not remove the check; it stops a broken jar from
shipping silently.