Initial commit: Brass & Sigil monorepo

Self-hosted Minecraft modpack distribution + administration system.

- launcher/  Avalonia 12 desktop client; single-file win-x64 publish.
             Microsoft auth via XboxAuthNet, manifest+SHA-1 mod sync,
             portable install path, sidecar settings.
- server/    brass-sigil-server daemon (.NET 8, linux-x64). Wraps the
             MC subprocess, embedded Kestrel admin panel with cookie
             auth + rate limiting, RCON bridge, scheduled backups,
             BlueMap CLI integration with player markers + skin proxy,
             friend-side whitelist request flow, world wipe with seed
             selection (keep current / random / custom).
- pack/      pack.lock.json (Modrinth + manual CurseForge entries),
             data-only tweak source under tweaks/, build outputs in
             overrides/ (gitignored).
- scripts/   Build-Pack / Build-Tweaks / Update-Pack / Check-Updates
             plus Deploy-Brass.ps1 unified one-shot deploy with
             version-bump pre-flight and daemon-state detection.

launcher/Services/WhitelistRequestService.cs

@@ -0,0 +1,67 @@
+using System;
+using System.Net.Http;
+using System.Net.Http.Json;
+using System.Text.Json.Serialization;
+using System.Threading.Tasks;
+
+namespace ModpackLauncher.Services;
+
+/// <summary>
+/// Friend-side wrapper for the brass-sigil-server's public whitelist endpoints.
+/// Exists so the launcher can:
+///   - Send a "please add me" request without the friend needing to share their
+///     MC username with the admin out-of-band.
+///   - Poll status afterwards so the launcher UI reflects pending/approved/denied.
+/// </summary>
+public sealed class WhitelistRequestService
+{
+    private static readonly HttpClient _http = new() { Timeout = TimeSpan.FromSeconds(10) };
+
+    public sealed class StatusResponse
+    {
+        [JsonPropertyName("ok")]     public bool Ok { get; set; }
+        [JsonPropertyName("status")] public string? Status { get; set; }
+    }
+
+    public sealed class RequestResponse
+    {
+        [JsonPropertyName("ok")]     public bool Ok { get; set; }
+        [JsonPropertyName("status")] public string? Status { get; set; }
+        [JsonPropertyName("error")]  public string? Error { get; set; }
+    }
+
+    /// <summary>
+    /// Returns "pending" / "approved" / "denied" / "unknown" / "" (network error).
+    /// </summary>
+    public async Task<string> GetStatusAsync(string panelUrl, string username)
+    {
+        try
+        {
+            var url = $"{panelUrl.TrimEnd('/')}/api/whitelist/status?username={Uri.EscapeDataString(username)}";
+            var resp = await _http.GetFromJsonAsync<StatusResponse>(url);
+            return resp?.Status ?? "";
+        }
+        catch
+        {
+            return "";
+        }
+    }
+
+    public async Task<RequestResponse> SubmitAsync(string panelUrl, string username, string? message = null)
+    {
+        try
+        {
+            var url = $"{panelUrl.TrimEnd('/')}/api/whitelist/request";
+            var resp = await _http.PostAsJsonAsync(url, new { username, message });
+            var body = await resp.Content.ReadFromJsonAsync<RequestResponse>();
+            if (body is null) return new RequestResponse { Ok = false, Error = "Empty response." };
+            if (!resp.IsSuccessStatusCode && string.IsNullOrEmpty(body.Error))
+                body.Error = $"HTTP {(int)resp.StatusCode}";
+            return body;
+        }
+        catch (Exception ex)
+        {
+            return new RequestResponse { Ok = false, Error = ex.Message };
+        }
+    }
+}