@crowdedkingdomstudios/crowdyjs 2.1.2 → 4.0.0

package/dist/auth-state.d.ts

@@ -1,21 +1,11 @@
+import { SessionStore, type SessionListener, type TokenStore } from './session.js';
+export type AuthStateListener = SessionListener;
 /**
- * Single source of truth for the auth token within one CrowdyClient instance.
- *
- * Both the HTTP client (`GraphQLClient`) and the WebSocket subscription
- * manager observe this. Anything that mutates auth state - the typed
- * `client.auth.login()` / `register()` / `logout()` family, or external
- * callers - flows through `setToken()` so subscription requests can never
- * silently fail with "Must be authenticated to subscribe".
- *
- * (Replaces the previous arrangement where GraphQLClient and
- * SubscriptionManager each held their own copy of the token.)
+ * Backwards-compatible internal name for the v3 SessionStore. Public callers
+ * should use `client.session`; older domain wrappers still accept AuthState.
  */
-export type AuthStateListener = (token: string | null) => void;
-export declare class AuthState {
-    private token;
-    private listeners;
-    getToken(): string | null;
-    setToken(token: string | null): void;
+export declare class AuthState extends SessionStore {
+    constructor(tokenStore?: TokenStore);
     subscribe(listener: AuthStateListener): () => void;
 }
 //# sourceMappingURL=auth-state.d.ts.map

package/dist/auth-state.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-state.d.ts","sourceRoot":"","sources":["../src/auth-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;AAE/D,qBAAa,SAAS;IACpB,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,SAAS,CAAgC;IAEjD,QAAQ,IAAI,MAAM,GAAG,IAAI;IAIzB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAYpC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM,IAAI;CAQnD"}
+{"version":3,"file":"auth-state.d.ts","sourceRoot":"","sources":["../src/auth-state.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,KAAK,eAAe,EAAE,KAAK,UAAU,EAAE,MAAM,cAAc,CAAC;AAEnF,MAAM,MAAM,iBAAiB,GAAG,eAAe,CAAC;AAEhD;;;GAGG;AACH,qBAAa,SAAU,SAAQ,YAAY;gBAC7B,UAAU,CAAC,EAAE,UAAU;IAInC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM,IAAI;CAGnD"}

package/dist/auth-state.js

@@ -1,30 +1,13 @@
-export class AuthState {
-    constructor() {
-        this.token = null;
-        this.listeners = new Set();
-    }
-    getToken() {
-        return this.token;
-    }
-    setToken(token) {
-        if (token === this.token)
-            return;
-        this.token = token;
-        for (const listener of this.listeners) {
-            try {
-                listener(token);
-            }
-            catch (error) {
-                console.error('AuthState listener threw:', error);
-            }
-        }
+import { SessionStore } from './session.js';
+/**
+ * Backwards-compatible internal name for the v3 SessionStore. Public callers
+ * should use `client.session`; older domain wrappers still accept AuthState.
+ */
+export class AuthState extends SessionStore {
+    constructor(tokenStore) {
+        super(tokenStore);
     }
     subscribe(listener) {
-        this.listeners.add(listener);
-        // Replay current value immediately so listeners initialize correctly.
-        listener(this.token);
-        return () => {
-            this.listeners.delete(listener);
-        };
+        return this.onChange(listener);
     }
 }

package/dist/client.d.ts

@@ -7,27 +7,36 @@
  * `client.auth.login`, `client.udp.sendActorUpdate`).
  */
 import type { TypedDocumentNode } from '@graphql-typed-document-node/core';
-import { AuthState } from './auth-state.js';
+import type { SessionStore } from './session.js';
+import type { CrowdyLogger } from './logger.js';
 export interface GraphQLClientConfig {
+    httpUrl?: string;
     graphqlEndpoint?: string;
     timeout?: number;
+    logger?: CrowdyLogger;
 }
 export declare class GraphQLClient {
     private readonly graphqlEndpoint;
     private readonly timeout;
-    private readonly authState;
-    constructor(config: GraphQLClientConfig | undefined, authState: AuthState);
+    private readonly session;
+    private readonly logger;
+    constructor(config: GraphQLClientConfig | undefined, session: SessionStore);
     getEndpoint(): string;
     /**
      * Execute a typed GraphQL operation produced by codegen and return the
      * `data` payload. Throws on transport errors, GraphQL errors, or timeouts.
      */
-    request<TResult, TVariables>(document: TypedDocumentNode<TResult, TVariables>, variables?: TVariables): Promise<TResult>;
+    request<TResult, TVariables>(document: TypedDocumentNode<TResult, TVariables>, variables?: TVariables, options?: {
+        signal?: AbortSignal;
+    }): Promise<TResult>;
     /**
      * Internal escape hatch for raw query strings (used by hand-written
      * adapters that haven't migrated to typed documents yet). Prefer
      * `request()` with a `TypedDocumentNode`.
      */
-    query<T = any>(query: string, variables?: Record<string, any>): Promise<T>;
+    query<T = any>(query: string, variables?: Record<string, unknown>, options?: {
+        signal?: AbortSignal;
+    }): Promise<T>;
 }
+export { GraphQLClient as GraphQLTransport };
 //# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,MAAM,WAAW,mBAAmB;IAClC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;gBAE1B,MAAM,EAAE,mBAAmB,YAAK,EAAE,SAAS,EAAE,SAAS;IAOlE,WAAW,IAAI,MAAM;IAIrB;;;OAGG;IACG,OAAO,CAAC,OAAO,EAAE,UAAU,EAC/B,QAAQ,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAChD,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,OAAO,CAAC;IAKnB;;;;OAIG;IACG,KAAK,CAAC,CAAC,GAAG,GAAG,EACjB,KAAK,EAAE,MAAM,EACb,SAAS,GAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAM,GAClC,OAAO,CAAC,CAAC,CAAC;CAgDd"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAWhD,MAAM,WAAW,mBAAmB;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAe;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;gBAE1B,MAAM,EAAE,mBAAmB,YAAK,EAAE,OAAO,EAAE,YAAY;IAUnE,WAAW,IAAI,MAAM;IAIrB;;;OAGG;IACG,OAAO,CAAC,OAAO,EAAE,UAAU,EAC/B,QAAQ,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAChD,SAAS,CAAC,EAAE,UAAU,EACtB,OAAO,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GACrC,OAAO,CAAC,OAAO,CAAC;IASnB;;;;OAIG;IACG,KAAK,CAAC,CAAC,GAAG,GAAG,EACjB,KAAK,EAAE,MAAM,EACb,SAAS,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,EACvC,OAAO,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GACrC,OAAO,CAAC,CAAC,CAAC;CA+Cd;AAED,OAAO,EAAE,aAAa,IAAI,gBAAgB,EAAE,CAAC"}

package/dist/client.js

@@ -7,12 +7,17 @@
  * `client.auth.login`, `client.udp.sendActorUpdate`).
  */
 import { print } from 'graphql';
+import { silentLogger } from './logger.js';
+import { CrowdyError, CrowdyGraphQLError, CrowdyHttpError, CrowdyNetworkError, CrowdyTimeoutError, } from './errors.js';
 export class GraphQLClient {
-    constructor(config = {}, authState) {
+    constructor(config = {}, session) {
         this.graphqlEndpoint =
-            config.graphqlEndpoint || 'http://localhost:3000/graphql';
+            config.graphqlEndpoint ||
+                config.httpUrl ||
+                'http://localhost:3000/graphql';
         this.timeout = config.timeout || 60000;
-        this.authState = authState;
+        this.session = session;
+        this.logger = config.logger ?? silentLogger;
     }
     getEndpoint() {
         return this.graphqlEndpoint;
@@ -21,19 +26,20 @@ export class GraphQLClient {
      * Execute a typed GraphQL operation produced by codegen and return the
      * `data` payload. Throws on transport errors, GraphQL errors, or timeouts.
      */
-    async request(document, variables) {
+    async request(document, variables, options = {}) {
         const queryStr = print(document);
-        return this.query(queryStr, (variables ?? {}));
+        return this.query(queryStr, (variables ?? {}), options);
     }
     /**
      * Internal escape hatch for raw query strings (used by hand-written
      * adapters that haven't migrated to typed documents yet). Prefer
      * `request()` with a `TypedDocumentNode`.
      */
-    async query(query, variables = {}) {
+    async query(query, variables = {}, options = {}) {
         const controller = new AbortController();
         const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        const token = this.authState.getToken();
+        const token = this.session.getToken();
+        const signal = options.signal ?? controller.signal;
         try {
             const requestBody = { query, variables };
             const response = await fetch(this.graphqlEndpoint, {
@@ -43,32 +49,33 @@ export class GraphQLClient {
                     ...(token ? { Authorization: `Bearer ${token}` } : {}),
                 },
                 body: JSON.stringify(requestBody),
-                signal: controller.signal,
+                signal,
             });
             clearTimeout(timeoutId);
             if (!response.ok) {
                 const errorText = await response.text();
-                throw new Error(`HTTP error! status: ${response.status}, body: ${errorText}`);
+                throw new CrowdyHttpError(response.status, errorText);
             }
             const result = await response.json();
             if (result.errors) {
-                const error = result.errors[0];
-                const errorMessage = Array.isArray(error.message)
-                    ? error.message.join(', ')
-                    : error.message;
-                throw new Error(errorMessage);
+                throw new CrowdyGraphQLError(result.errors);
             }
             return result.data;
         }
         catch (error) {
             clearTimeout(timeoutId);
             if (error instanceof Error && error.name === 'AbortError') {
-                throw new Error('Request timeout exceeded when trying to connect');
+                throw new CrowdyTimeoutError(this.timeout);
             }
-            if (error instanceof Error) {
+            if (error instanceof CrowdyError) {
                 throw error;
             }
-            throw new Error(`Network error: ${error}`);
+            if (error instanceof Error) {
+                throw new CrowdyNetworkError(error);
+            }
+            this.logger.error?.('GraphQL request failed', error);
+            throw new CrowdyNetworkError(error);
         }
     }
 }
+export { GraphQLClient as GraphQLTransport };

package/dist/crowdy-client.d.ts

@@ -1,18 +1,34 @@
 /**
  * Public surface of the SDK. Construct one `CrowdyClient` per session and
  * access everything via the typed sub-clients (`client.auth`, `client.udp`,
- * `client.orgs`, ...). The legacy `client.login()` / `client.sendActorUpdate`
- * shortcuts are gone - use `client.auth.login()` / `client.udp.sendActorUpdate()`
- * instead.
+ * `client.chunks`, ...).
+ *
+ * The management/game-api split means CrowdyJS now talks to **two** GraphQL
+ * endpoints behind the scenes:
+ *
+ *   - `managementUrl` / `managementGraphqlEndpoint` -> `cks-management-api`
+ *     used by `auth` (login, register, logout, password / email flows) and
+ *     `users` (me, updateGamertag, deleteMyAccount). This is also where
+ *     `game_tokens` are minted.
+ *
+ *   - `httpUrl` / `graphqlEndpoint` -> `cks-game-api`
+ *     used by every game / world / replication sub-client
+ *     (`chunks`, `voxels`, `actors`, `teleport`, `state`, `serverStatus`,
+ *     `udp`). WebSocket subscriptions (`wsUrl`) also target this endpoint.
+ *
+ * A single `AuthState` is shared across both clients, so once
+ * `client.auth.login()` returns, every subsequent SDK call (against either
+ * endpoint) carries the Bearer token automatically.
  */
+import { AuthState } from './auth-state.js';
+import { GraphQLClient } from './client.js';
+import { SubscriptionManager } from './subscriptions.js';
+import type { CrowdyLogger } from './logger.js';
+import type { TokenStore } from './session.js';
+import { WorldClient } from './world.js';
 import { AuthAPI } from './domains/auth.js';
 import { UsersAPI } from './domains/users.js';
-import { OrganizationsAPI } from './domains/organizations.js';
 import { AppsAPI } from './domains/apps.js';
-import { AppAccessAPI } from './domains/appAccess.js';
-import { BillingAPI } from './domains/billing.js';
-import { QuotasAPI } from './domains/quotas.js';
-import { PaymentsAPI } from './domains/payments.js';
 import { ChunksAPI } from './domains/chunks.js';
 import { VoxelsAPI } from './domains/voxels.js';
 import { ActorsAPI } from './domains/actors.js';
@@ -21,22 +37,46 @@ import { StateAPI } from './domains/state.js';
 import { ServerStatusAPI } from './domains/serverStatus.js';
 import { UdpAPI } from './domains/udp.js';
 export interface CrowdyClientConfig {
+    /** game-api HTTP root (e.g. `https://dev-game-api.crowdedkingdoms.com`). */
+    httpUrl?: string;
+    /** game-api WS root. */
+    wsUrl?: string;
+    /** game-api GraphQL endpoint. Defaults to `${httpUrl}/graphql`. */
     graphqlEndpoint?: string;
+    /** game-api WS endpoint. Defaults to `${wsUrl}/graphql`. */
     wsEndpoint?: string;
+    /**
+     * management-api HTTP root (e.g.
+     * `https://dev-management-api.crowdedkingdoms.com`). When set,
+     * `client.auth` and `client.users` route here. If left empty the SDK
+     * falls back to `httpUrl` for backwards-compatibility with the legacy
+     * single-endpoint deployment, but new code should set this explicitly.
+     */
+    managementUrl?: string;
+    /** management-api GraphQL endpoint. Defaults to `${managementUrl}/graphql`. */
+    managementGraphqlEndpoint?: string;
     timeout?: number;
+    tokenStore?: TokenStore;
+    logger?: CrowdyLogger;
+    realtime?: {
+        retryAttempts?: number;
+        retryInitialDelayMs?: number;
+        retryMaxDelayMs?: number;
+        waitTimeoutMs?: number;
+    };
 }
 export declare class CrowdyClient {
-    private readonly authState;
-    private readonly client;
-    private readonly subscriptions;
+    /** Shared token state for both game-api and management-api requests. */
+    readonly session: AuthState;
+    /** game-api HTTP client. */
+    readonly graphql: GraphQLClient;
+    /** game-api WebSocket subscription manager. */
+    readonly realtime: SubscriptionManager;
+    /** management-api HTTP client. Same `AuthState` as `graphql`. */
+    readonly management: GraphQLClient;
     readonly auth: AuthAPI;
     readonly users: UsersAPI;
-    readonly orgs: OrganizationsAPI;
     readonly apps: AppsAPI;
-    readonly appAccess: AppAccessAPI;
-    readonly billing: BillingAPI;
-    readonly quotas: QuotasAPI;
-    readonly payments: PaymentsAPI;
     readonly chunks: ChunksAPI;
     readonly voxels: VoxelsAPI;
     readonly actors: ActorsAPI;
@@ -45,7 +85,13 @@ export declare class CrowdyClient {
     readonly serverStatus: ServerStatusAPI;
     readonly udp: UdpAPI;
     constructor(config?: CrowdyClientConfig);
+    /** Imperatively set the Bearer token (useful for SSO / token rehydrate). */
+    setToken(token: string | null): void;
+    /** Read the current Bearer token (null if no session). */
+    getToken(): string | null;
+    world(appId: string): WorldClient;
     /** Closes the WebSocket and clears the in-memory auth token. */
     close(): void;
 }
+export declare function createCrowdyClient(config?: CrowdyClientConfig): CrowdyClient;
 //# sourceMappingURL=crowdy-client.d.ts.map

package/dist/crowdy-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crowdy-client.d.ts","sourceRoot":"","sources":["../src/crowdy-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,MAAM,WAAW,kBAAkB;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,YAAY;IAGvB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAsB;IAGpD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,YAAY,CAAC;IACjC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC;IAC/B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,eAAe,CAAC;IACvC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;gBAET,MAAM,GAAE,kBAAuB;IA4B3C,gEAAgE;IAChE,KAAK,IAAI,IAAI;CAId"}
+{"version":3,"file":"crowdy-client.d.ts","sourceRoot":"","sources":["../src/crowdy-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,MAAM,WAAW,kBAAkB;IAEjC,4EAA4E;IAC5E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mEAAmE;IACnE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,+EAA+E;IAC/E,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAGnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,QAAQ,CAAC,EAAE;QACT,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAED,qBAAa,YAAY;IACvB,wEAAwE;IACxE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC;IAC5B,4BAA4B;IAC5B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,+CAA+C;IAC/C,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,CAAC;IACvC,iEAAiE;IACjE,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;IAGnC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IAGvB,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,eAAe,CAAC;IACvC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;gBAET,MAAM,GAAE,kBAAuB;IAsD3C,4EAA4E;IAC5E,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAIpC,0DAA0D;IAC1D,QAAQ,IAAI,MAAM,GAAG,IAAI;IAIzB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW;IAIjC,gEAAgE;IAChE,KAAK,IAAI,IAAI;CAId;AAED,wBAAgB,kBAAkB,CAChC,MAAM,GAAE,kBAAuB,GAC9B,YAAY,CAEd"}

package/dist/crowdy-client.js

@@ -1,21 +1,32 @@
 /**
  * Public surface of the SDK. Construct one `CrowdyClient` per session and
  * access everything via the typed sub-clients (`client.auth`, `client.udp`,
- * `client.orgs`, ...). The legacy `client.login()` / `client.sendActorUpdate`
- * shortcuts are gone - use `client.auth.login()` / `client.udp.sendActorUpdate()`
- * instead.
+ * `client.chunks`, ...).
+ *
+ * The management/game-api split means CrowdyJS now talks to **two** GraphQL
+ * endpoints behind the scenes:
+ *
+ *   - `managementUrl` / `managementGraphqlEndpoint` -> `cks-management-api`
+ *     used by `auth` (login, register, logout, password / email flows) and
+ *     `users` (me, updateGamertag, deleteMyAccount). This is also where
+ *     `game_tokens` are minted.
+ *
+ *   - `httpUrl` / `graphqlEndpoint` -> `cks-game-api`
+ *     used by every game / world / replication sub-client
+ *     (`chunks`, `voxels`, `actors`, `teleport`, `state`, `serverStatus`,
+ *     `udp`). WebSocket subscriptions (`wsUrl`) also target this endpoint.
+ *
+ * A single `AuthState` is shared across both clients, so once
+ * `client.auth.login()` returns, every subsequent SDK call (against either
+ * endpoint) carries the Bearer token automatically.
  */
 import { AuthState } from './auth-state.js';
 import { GraphQLClient } from './client.js';
 import { SubscriptionManager } from './subscriptions.js';
+import { WorldClient } from './world.js';
 import { AuthAPI } from './domains/auth.js';
 import { UsersAPI } from './domains/users.js';
-import { OrganizationsAPI } from './domains/organizations.js';
 import { AppsAPI } from './domains/apps.js';
-import { AppAccessAPI } from './domains/appAccess.js';
-import { BillingAPI } from './domains/billing.js';
-import { QuotasAPI } from './domains/quotas.js';
-import { PaymentsAPI } from './domains/payments.js';
 import { ChunksAPI } from './domains/chunks.js';
 import { VoxelsAPI } from './domains/voxels.js';
 import { ActorsAPI } from './domains/actors.js';
@@ -25,28 +36,59 @@ import { ServerStatusAPI } from './domains/serverStatus.js';
 import { UdpAPI } from './domains/udp.js';
 export class CrowdyClient {
     constructor(config = {}) {
-        this.authState = new AuthState();
-        this.client = new GraphQLClient({ graphqlEndpoint: config.graphqlEndpoint, timeout: config.timeout }, this.authState);
-        this.subscriptions = new SubscriptionManager({ wsEndpoint: config.wsEndpoint }, this.authState);
-        this.auth = new AuthAPI(this.client, this.authState);
-        this.users = new UsersAPI(this.client);
-        this.orgs = new OrganizationsAPI(this.client);
-        this.apps = new AppsAPI(this.client);
-        this.appAccess = new AppAccessAPI(this.client);
-        this.billing = new BillingAPI(this.client);
-        this.quotas = new QuotasAPI(this.client);
-        this.payments = new PaymentsAPI(this.client);
-        this.chunks = new ChunksAPI(this.client);
-        this.voxels = new VoxelsAPI(this.client);
-        this.actors = new ActorsAPI(this.client);
-        this.teleport = new TeleportAPI(this.client);
-        this.state = new StateAPI(this.client);
-        this.serverStatus = new ServerStatusAPI(this.client);
-        this.udp = new UdpAPI(this.client, this.subscriptions);
+        this.session = new AuthState(config.tokenStore);
+        this.graphql = new GraphQLClient({
+            httpUrl: config.httpUrl,
+            graphqlEndpoint: config.graphqlEndpoint,
+            timeout: config.timeout,
+            logger: config.logger,
+        }, this.session);
+        this.realtime = new SubscriptionManager({
+            wsUrl: config.wsUrl,
+            wsEndpoint: config.wsEndpoint,
+            logger: config.logger,
+            ...config.realtime,
+        }, this.session);
+        const managementGraphqlEndpoint = config.managementGraphqlEndpoint ??
+            (config.managementUrl
+                ? `${config.managementUrl.replace(/\/$/, '')}/graphql`
+                : config.graphqlEndpoint);
+        // Management-api client. Falls back to game-api endpoint if the caller
+        // hasn't configured `managementUrl` yet (single-endpoint legacy mode).
+        this.management = new GraphQLClient({
+            httpUrl: config.managementUrl ?? config.httpUrl,
+            graphqlEndpoint: managementGraphqlEndpoint,
+            timeout: config.timeout,
+            logger: config.logger,
+        }, this.session);
+        this.auth = new AuthAPI(this.management, this.session);
+        this.users = new UsersAPI(this.management);
+        this.apps = new AppsAPI(this.management);
+        this.chunks = new ChunksAPI(this.graphql);
+        this.voxels = new VoxelsAPI(this.graphql);
+        this.actors = new ActorsAPI(this.graphql);
+        this.teleport = new TeleportAPI(this.graphql);
+        this.state = new StateAPI(this.graphql);
+        this.serverStatus = new ServerStatusAPI(this.graphql);
+        this.udp = new UdpAPI(this.graphql, this.realtime);
+    }
+    /** Imperatively set the Bearer token (useful for SSO / token rehydrate). */
+    setToken(token) {
+        this.session.setToken(token);
+    }
+    /** Read the current Bearer token (null if no session). */
+    getToken() {
+        return this.session.getToken();
+    }
+    world(appId) {
+        return new WorldClient(appId, this.udp);
     }
     /** Closes the WebSocket and clears the in-memory auth token. */
     close() {
-        this.subscriptions.close();
-        this.authState.setToken(null);
+        this.realtime.close();
+        this.session.setToken(null);
     }
 }
+export function createCrowdyClient(config = {}) {
+    return new CrowdyClient(config);
+}

package/dist/domains/apps.d.ts

@@ -1,27 +1,55 @@
-import type { GraphQLClient } from '../client.js';
-import { type AppQuery, type AppQueryVariables, type AppBySlugQuery, type AppBySlugQueryVariables, type MyAppsQuery, type AppsForOrgQuery, type AppsForOrgQueryVariables, type MarketplaceAppsQuery, type MarketplaceAppsQueryVariables, type CreateAppMutation, type CreateAppMutationVariables, type UpdateAppMutation, type UpdateAppMutationVariables, type ArchiveAppMutationVariables, type SetAppVisibilityMutation, type SetAppVisibilityMutationVariables } from '../generated/graphql.js';
 /**
- * App (game / world) lifecycle and discovery. Exposed as `client.apps`.
+ * Apps sub-client. Targets `cks-management-api` (where the apps catalog
+ * lives). After the DB split each app may be served by its own per-tenant
+ * cks-game-api; the marketplace returns `gameApiUrl` for those rows so the
+ * caller can build a per-app `CrowdyClient` against the correct endpoint.
+ *
+ * Typical pattern:
  *
- * `marketplace()` is a public listing (no auth) of every app where
- * visibility = PUBLIC and status = LIVE; the rest of the methods require
- * either org-membership permissions or super admin.
+ *   const baseClient = createCrowdyClient({
+ *     managementUrl: 'https://api.example.com',
+ *     httpUrl: 'https://legacy-game-api.example.com', // pre-split fallback
+ *   });
+ *   await baseClient.auth.login({ email, password });
+ *
+ *   const route = await baseClient.apps.routeFor(appId);
+ *   if (route.splitMode && route.gameApiUrl) {
+ *     const perAppClient = createCrowdyClient({
+ *       managementUrl: 'https://api.example.com',
+ *       httpUrl: route.gameApiUrl,
+ *       wsUrl: route.gameApiUrl.replace(/^https?/, 'wss'),
+ *       tokenStore: baseClient.session.tokenStore,
+ *     });
+ *     // drive gameplay through perAppClient
+ *   }
  */
+import type { GraphQLClient } from '../client.js';
+import { type AppQuery, type AppBySlugQuery, type MyAppsQuery } from '../generated/graphql.js';
+/**
+ * Subset of an `App` row that the SDK exposes for routing decisions. The
+ * fields are typed loosely as `unknown` because the generated types lag
+ * behind the `splitMode` / `gameApiUrl` selection until codegen runs.
+ */
+export interface AppRoute {
+    appId: string;
+    splitMode: boolean;
+    gameApiUrl: string | null;
+}
 export declare class AppsAPI {
-    private gql;
-    constructor(gql: GraphQLClient);
-    marketplace(args?: MarketplaceAppsQueryVariables): Promise<MarketplaceAppsQuery['apps']>;
-    byId(appId: AppQueryVariables['appId']): Promise<AppQuery['app']>;
-    bySlug(args: AppBySlugQueryVariables): Promise<AppBySlugQuery['appBySlug']>;
+    private readonly management;
+    constructor(management: GraphQLClient);
+    /** Fetch a single app by id. */
+    app(appId: string): Promise<AppQuery['app']>;
+    /** Fetch by org slug + app slug (marketplace links). */
+    appBySlug(orgSlug: string, appSlug: string): Promise<AppBySlugQuery['appBySlug']>;
+    /** Apps the caller can play (org membership OR active access). */
     myApps(): Promise<MyAppsQuery['myApps']>;
-    forOrg(orgSlug: AppsForOrgQueryVariables['orgSlug']): Promise<AppsForOrgQuery['appsForOrg']>;
-    create(input: CreateAppMutationVariables['input']): Promise<CreateAppMutation['createApp']>;
-    update(args: UpdateAppMutationVariables): Promise<UpdateAppMutation['updateApp']>;
-    archive(appId: ArchiveAppMutationVariables['appId']): Promise<{
-        appId: any;
-        status: string;
-        updatedAt: any;
-    }>;
-    setVisibility(args: SetAppVisibilityMutationVariables): Promise<SetAppVisibilityMutation['setAppVisibility']>;
+    /**
+     * Convenience: returns just the routing tuple for a given app. If the
+     * app row is missing or the API does not expose split-mode fields yet,
+     * returns `{ appId, splitMode: false, gameApiUrl: null }` so the caller
+     * keeps using the legacy single-endpoint deployment.
+     */
+    routeFor(appId: string): Promise<AppRoute>;
 }
 //# sourceMappingURL=apps.d.ts.map

package/dist/domains/apps.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apps.d.ts","sourceRoot":"","sources":["../../src/domains/apps.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,OAAO,EAEL,KAAK,QAAQ,EACb,KAAK,iBAAiB,EAEtB,KAAK,cAAc,EACnB,KAAK,uBAAuB,EAE5B,KAAK,WAAW,EAEhB,KAAK,eAAe,EACpB,KAAK,wBAAwB,EAE7B,KAAK,oBAAoB,EACzB,KAAK,6BAA6B,EAElC,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAE/B,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAE/B,KAAK,2BAA2B,EAEhC,KAAK,wBAAwB,EAC7B,KAAK,iCAAiC,EACvC,MAAM,yBAAyB,CAAC;AAEjC;;;;;;GAMG;AACH,qBAAa,OAAO;IACN,OAAO,CAAC,GAAG;gBAAH,GAAG,EAAE,aAAa;IAEhC,WAAW,CACf,IAAI,GAAE,6BAAkC,GACvC,OAAO,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAKlC,IAAI,CAAC,KAAK,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAKjE,MAAM,CACV,IAAI,EAAE,uBAAuB,GAC5B,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IAKjC,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAKxC,MAAM,CACV,OAAO,EAAE,wBAAwB,CAAC,SAAS,CAAC,GAC3C,OAAO,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAKnC,MAAM,CACV,KAAK,EAAE,0BAA0B,CAAC,OAAO,CAAC,GACzC,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAKpC,MAAM,CACV,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAKpC,OAAO,CACX,KAAK,EAAE,2BAA2B,CAAC,OAAO,CAAC,GAC1C,OAAO,CAAC;QAAE,KAAK,EAAE,GAAG,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,GAAG,CAAA;KAAE,CAAC;IAKpD,aAAa,CACjB,IAAI,EAAE,iCAAiC,GACtC,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC,CAAC;CAIzD"}
+{"version":3,"file":"apps.d.ts","sourceRoot":"","sources":["../../src/domains/apps.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAIL,KAAK,QAAQ,EAEb,KAAK,cAAc,EAEnB,KAAK,WAAW,EACjB,MAAM,yBAAyB,CAAC;AAEjC;;;;GAIG;AACH,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAcD,qBAAa,OAAO;IACN,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,aAAa;IAEtD,gCAAgC;IAC1B,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAQlD,wDAAwD;IAClD,SAAS,CACb,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IAQvC,kEAAkE;IAC5D,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAQ9C;;;;;OAKG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;CAUjD"}