Easy NPC can execute commands and import presets, but the server decides how much authority an NPC is allowed to use.

There are two relevant command levels:

• the level stored on an action entry
• the maximum level allowed for the NPC on this server

The effective level is always the lower of the two.

Example:

• action level: ADMINS
• NPC level: GAMEMASTERS
• effective level: GAMEMASTERS

The server assigns authority when an NPC is created or updated through trusted code paths such as:

• preset import
• browser spawn
• editor updates

The imported preset does not keep full authority automatically. The server clamps it to the rules in config/easy_npc/security.cfg.

Default command level limits:

• normal player: ALL
• creative non-admin player: MODERATORS
• admin import: ADMINS
• trusted server-side import without player context: ADMINS

Security rules are not limited to command actions. The server can also allow or block whole NPC features.

Current feature groups in the code:

• DIALOG
• TRADING
• COMMAND_ACTION
• SCOREBOARD_ACTION
• INTERACT_BLOCK_ACTION
• OPEN_TRADING_ACTION
• OBJECTIVE
• MOVEMENT
• POSITION
• COMBAT_ATTRIBUTE
• BASE_ATTRIBUTE
• SPAWN_NPC

Default feature roles:

• DIALOG: NORMAL_PLAYER
• all other listed features: CREATIVE_PLAYER

Security settings are stored in:

config/easy_npc/security.cfg

Important command-level settings:

• normalPlayerCommandLevel
• creativePlayerCommandLevel
• maxAdminImportedCommandLevel
• serverTrustedCommandLevel
• blockUnsafeNpcCommands
• unsafeNpcCommands
• executeAsUserCommandAllowList.ALL
• executeAsUserCommandAllowList.MODERATORS
• executeAsUserCommandAllowList.GAMEMASTERS
• executeAsUserCommandAllowList.ADMINS
• executeAsUserCommandAllowList.OWNERS

Important spawn-related settings:

• npcSpawnRateLimitCreative
• npcSpawnRateLimitAdmin
• feature.SPAWN_NPC

The file also supports per-feature role entries such as:

• feature.DIALOG
• feature.TRADING
• feature.OBJECTIVE
• feature.POSITION

Default values from the current code:

normalPlayerCommandLevel=ALL
creativePlayerCommandLevel=MODERATORS
maxAdminImportedCommandLevel=ADMINS
serverTrustedCommandLevel=ADMINS
blockUnsafeNpcCommands=true
unsafeNpcCommands=ban,ban-ip,banlist,debug,deop,difficulty,forceload,function,gamerule,kick,op,pardon,reload,save-all,save-off,save-on,schedule,setidletimeout,setworldspawn,spawnpoint,spreadplayers,stop,whitelist
executeAsUserCommandAllowList.ALL=
executeAsUserCommandAllowList.MODERATORS=
executeAsUserCommandAllowList.GAMEMASTERS=
executeAsUserCommandAllowList.ADMINS=
executeAsUserCommandAllowList.OWNERS=
npcSpawnRateLimitCreative=5
npcSpawnRateLimitAdmin=20
feature.DIALOG=NORMAL_PLAYER
feature.TRADING=CREATIVE_PLAYER
feature.COMMAND_ACTION=CREATIVE_PLAYER
feature.SCOREBOARD_ACTION=CREATIVE_PLAYER
feature.INTERACT_BLOCK_ACTION=CREATIVE_PLAYER
feature.OPEN_TRADING_ACTION=CREATIVE_PLAYER
feature.OBJECTIVE=CREATIVE_PLAYER
feature.MOVEMENT=CREATIVE_PLAYER
feature.POSITION=CREATIVE_PLAYER
feature.COMBAT_ATTRIBUTE=CREATIVE_PLAYER
feature.BASE_ATTRIBUTE=CREATIVE_PLAYER
feature.SPAWN_NPC=CREATIVE_PLAYER

Suitable for public gameplay NPCs and harmless command actions.

Examples:

• /say Welcome!
• /scoreboard players add @initiator reputation 1

Suitable for builder or event helper NPCs.

Suitable for world-control style commands such as time or weather changes.

Suitable for stronger server administration commands.

The highest level. Use only for tightly controlled private or development setups.

Preset import is sanitized before the NPC is created or updated.

Depending on the actor role and feature rules, the server may:

• remove trading data
• remove objective data
• remove movement or attribute data
• remove blocked actions
• clamp command permission levels
• rewrite or remove owner data

The importing player receives a short warning if server rules changed the preset during import.

The preset browser can show a server-rules preview before import.

The preview can mark features as:

• allowed
• blocked
• reduced

This uses the same security rules as actual preset import.

If blockUnsafeNpcCommands=true is enabled, Easy NPC blocks critical server-management commands from NPC command execution.

This is intended to protect commands such as:

• operator management
• whitelist or ban changes
• direct stop commands

The blocked command roots are configured with unsafeNpcCommands. Entries are command roots without arguments; /op Steve and op are both normalized to op.

The unsafe list is checked before any allowlist. If a server really wants to allow a command such as op, it must remove op from unsafeNpcCommands and also add it to the matching executeAsUserCommandAllowList.<LEVEL> entry.

For maintenance workflows, prefer a safer trigger such as a scoreboard value, a tag, or an external admin-only automation step.

Command actions normally execute as the NPC. This is the compatible path for NPC messages, effects, rewards, and commands such as:

• /say Welcome!
• /give @initiator stone
• /playsound minecraft:entity.villager.ambient master @a ~ ~ ~ 1 1

These commands are capped by the NPC command level and blocked only if their root command is in unsafeNpcCommands.

Execute as player is stricter. It uses the interacting player as the command source, so it can look like the player performed the action. Because of that, every user-executed command must be explicitly allowlisted:

executeAsUserCommandAllowList.GAMEMASTERS=shop

The command still cannot exceed the lower of:

• the action entry command level
• the NPC's stored command level

Example:

• A normal-player NPC with command level ALL cannot elevate /shop to GAMEMASTERS, even if shop is allowlisted at GAMEMASTERS.
• An admin-created NPC with command level GAMEMASTERS can run an allowlisted /shop command at GAMEMASTERS.
• /say as player is blocked by default unless the server explicitly allowlists say.

• public gameplay NPCs: ALL
• builder or event NPCs: MODERATORS
• world-control NPCs: GAMEMASTERS
• admin-only NPCs: ADMINS
• owner-only or dev-only automation: OWNERS