MUD Scripting checklist for MUDs

Wrap all external API calls and high-risk logic in pcall() or xpcall() to prevent script crashes from halting the entire client session.

Verify that scripts stop sending commands and clear all active timers or 'tempTimers' immediately upon game disconnection to prevent buffer overflows on reconnect.

Confirm that script-specific error logs are written to a dedicated directory and do not exceed 10MB in size to prevent disk bloat.

Ensure all user-provided alias arguments are escaped before being passed to the 'send' or 'expand' functions to prevent command injection.

Implement a 'reset' function that clears all variables and returns the script to a known-good state without requiring a client restart.

Verify that all triggers use line-start (^) or line-end ($) anchors where possible to reduce the regex engine's search space per line.

Audit code to ensure variables are declared with 'local' scope unless they must be shared across the entire environment.

Check that every recurring timer has a corresponding 'kill' or 'stop' mechanism to prevent memory leaks and 'ghost' script execution.

Ensure scripts listening to high-frequency events (like 'sysWindowResizeEvent' or 'gmcp.Char.Vitals') use a debounce or throttle to limit execution frequency.

Test that large data tables are saved to disk using a fast serializer (like yajl or lfs) rather than basic string concatenation.

Ensure all functions and global tables are nested under a single unique top-level table (e.g., MyPluginName.core) to avoid collisions with other scripts.

Implement a startup check that verifies the MUD client version meets the script's API requirements and alerts the user if it is outdated.

Verify that scripts wait for a 'Protocol Enabled' event before attempting to parse GMCP or MSDP data packets.

Ensure file paths use the client's internal directory variables (e.g., getMudletHomeDir()) instead of hardcoded Windows or Linux paths.

Check for the existence of required external libraries (like LuaSQL or LuaFileSystem) during the initialization phase.

Use a consistent prefix and color for script-generated messages to distinguish them from MUD output and other plugins.

Provide a clear visual indicator (gauge, label, or echo) showing whether 'Combat' or 'Auto-loot' scripts are currently active.

Verify that all user-adjustable settings can be modified via an alias or menu without editing the source code.

Implement a 'scriptname help' command that lists all available aliases and their syntax within the client console.

Include a 'debug' or 'verbose' mode that can be toggled to show hidden script logic for troubleshooting.

Verify that the object correctly inherits from the standard library (std/container, std/room) and calls ::create() or ::reset() properly.

Ensure 'apply' functions (like valid_read or valid_write) check the effective user ID (geteuid) before granting file access.

Confirm that set_heart_beat(0) is called when an object is idle to reduce server-side CPU overhead.

Verify that any LPC shadows are automatically removed when the base object is destructed to prevent orphaned logic.

Test that save_object() and restore_object() handle data corruption by falling back to default values if the .o file is unreadable.

Export the script as a .mpackage or .xml and import it into a clean client profile to ensure no local dependencies were missed.

Include a version string and timestamp in the script's main table to assist with remote update checks.

Ensure a comment block at the top of the main script file includes the license type (e.g., MIT, GPL) and author contact information.

Provide a mechanism for the script to migrate old configuration data to a new format when a version update is detected.

Verify that all external images, sounds, or CSS files are referenced using relative paths within the script's package folder.