Built because
nothing was good enough.

The problem

Most anticheats handle obvious cheating fine. KillAura at 10 CPS, fly hacks, blatant scaffold, those get caught. The real problem is ghost cheating. Bypass configs that mimic real movement, subtle reach offsets, timing manipulation sitting just under every threshold. Rules alone cannot catch what was designed to evade them.

The architecture

GraceAC runs two layers in parallel. The rules-based pipeline operates at the Velocity proxy level, intercepting packets before they reach your backend and firing deterministic checks against known cheat signatures. Reach, killaura, velocity abuse, scaffold and more, all tunable per server.

The ML sidecar runs alongside it, trained on labeled movement and combat packet logs from real servers. It targets ghost configs specifically. LiquidBounce bypass patterns, humanised aim, behaviour that scores clean on rules but statistically diverges from legitimate play.

Open source

The core detection checks and Velocity plugin are open source. The ML model weights stay closed, not out of secrecy, but because publishing them hands cheat developers a direct target to optimise against. Everything else is reviewable. If you cannot read it, you should not run it.