CodexAAC

[Igor Santos213]

I'm developing a website for the Tibia community called Codex AAC!

Technologies I'm using:

● Frontend: Node.js | Next.js | Tailwind CSS | TypeScript
● Backend: Go | Prisma | MySQL | Gorilla Mux

It's still in the early development phase, but there are already some interesting features.

Want to follow along? Check it out on GitHub: GitHub - WebCodeSmith/CodexAAC (https://github.com/WebCodeSmith/CodexAAC)

Discord: Join the Codex-AAC Discord Server! (https://discord.gg/uQsQkfmTEE)

 

[bok]

Thx!!!

 

[Ezzz]

Interesting, any place to check it out ?

 

[Gesior.pl]

Interesting, any place to check it out ?

I tried to run it on VPS.
Frontend prod build fails (error in .tsx). Frontend dev works.
Backend prod/dev starts.
It's compatible only with Canary database structure. I tried TFS 1.4 and it cannot create account.

You can create similar AAC using Codex ( https://openai.com/pl-PL/codex/ ).
It's easy to make sites like that with AI. Anyone can make similar site in few hours/days and put backdoor in it

You can check how it looks/works (dev frontend):

http://37.27.190.169:3000/create-account

http://37.27.190.169:3000/characters/Not%20Sure

http://37.27.190.169:3000/community/ranking

but I will probably turn off that VPS tomorrow, as it's unusable and there are no new commits in last 2 weeks.

When you create account, you are logged to that account and you can create character, but after logout, you cannot login again. It shows Internal server error on /login and that's all.

It looks like this:


There are some small errors like level % calculation (should be 0%):



EDIT:
FRONTEND CRASHED
Maybe it's related to 'dev mode', but each page refresh increases RAM usage by node by 2-5 MB. My server has 4 GB RAM.
'prod mode' of frontend does not work. I tried to fix reported bugs, but after every fix, I start 'build' and it reports another.
I added auto-restarter, so it will restart node after crash.

 

[Gesior.pl]

Update. My server in Hetzner with this AAC was blocked by datacenter for scanning other server on Saturday:

scansnarf-ng detected Netscan from 37.27.190.169

2025-12-20 03:51:32  37.27.190.169 35980 ->     31.57.254.0  3306   74 TCP
2025-12-20 03:51:33  37.27.190.169 35980 ->     31.57.254.0  3306   74 TCP
2025-12-20 03:51:34  37.27.190.169 35980 ->     31.57.254.0  3306   74 TCP
2025-12-20 03:51:32  37.27.190.169 23714 ->     31.57.254.0  3389   74 TCP
2025-12-20 03:51:33  37.27.190.169 23714 ->     31.57.254.0  3389   74 TCP

All I installed on that machine was MariaDB and this AAC. SSH had only access by SSH key + fail2ban installed, so it was not some random 'weak SSH password scan'.
Install that AAC, wait 3 days and your server will DDoS other servers

EDIT:
I've talked with author of that AAC on Discord. He said that nextJS/react had some bug fixed ( React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog (https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182) ):

The project is still using version 15.x, so the command must be executed manually.
You must run this command on the frontend, and it will resolve this issue.
npm install next@latest react@latest react-dom@latest