@playcademy/sandbox 0.1.0-beta.2 → 0.1.0-beta.4

package/dist/cli.js

@@ -13024,7 +13024,7 @@ globstar while`, file, fr, pattern, pr3, swallowee);
             }
           };
           for (let i3 = 0, c2;i3 < pattern.length && (c2 = pattern.charAt(i3)); i3++) {
-            this.debug("%s\t%s %s %j", pattern, i3, re3, c2);
+            this.debug("%s	%s %s %j", pattern, i3, re3, c2);
             if (escaping) {
               if (c2 === "/") {
                 return false;
@@ -21547,7 +21547,7 @@ Is ${source_default.bold.blue(this.base.name)} schema created or renamed from an
         IS_LINE_JUNK = function(line2, pat = /^\s*#?\s*$/) {
           return pat.test(line2);
         };
-        IS_CHARACTER_JUNK = function(ch, ws = " \t") {
+        IS_CHARACTER_JUNK = function(ch, ws = " 	") {
           return indexOf.call(ws, ch) >= 0;
         };
         _formatRangeUnified = function(start2, stop2) {
@@ -31137,7 +31137,7 @@ globstar while`, file, fr, pattern, pr3, swallowee);
             }
           };
           for (let i3 = 0, c2;i3 < pattern.length && (c2 = pattern.charAt(i3)); i3++) {
-            this.debug("%s\t%s %s %j", pattern, i3, re3, c2);
+            this.debug("%s	%s %s %j", pattern, i3, re3, c2);
             if (escaping) {
               if (c2 === "/") {
                 return false;
@@ -52844,8 +52844,8 @@ var DEMO_USER = {
   email: "demo@playcademy.com",
   emailVerified: true,
   image: null,
-  role: "player",
-  developerStatus: "none",
+  role: "developer",
+  developerStatus: "approved",
   createdAt: now,
   updatedAt: now
 };
@@ -72673,6 +72673,8 @@ __export(exports_schemas, {
   verification: () => verification,
   users: () => users,
   userRoleEnum: () => userRoleEnum,
+  userLevelsRelations: () => userLevelsRelations,
+  userLevels: () => userLevels,
   shopListingsRelations: () => shopListingsRelations,
   shopListings: () => shopListings,
   sessions: () => sessions,
@@ -72680,6 +72682,7 @@ __export(exports_schemas, {
   maps: () => maps,
   mapElementsRelations: () => mapElementsRelations,
   mapElements: () => mapElements,
+  levelConfigs: () => levelConfigs,
   itemsRelations: () => itemsRelations,
   items: () => items,
   itemTypeEnum: () => itemTypeEnum,
@@ -72696,11 +72699,14 @@ __export(exports_schemas, {
   currenciesRelations: () => currenciesRelations,
   currencies: () => currencies,
   accounts: () => accounts,
+  XPActionInputSchema: () => XPActionInputSchema,
   VersionSchema: () => VersionSchema,
   UpsertGameMetadataSchema: () => UpsertGameMetadataSchema,
   UpdateUserSchema: () => UpdateUserSchema,
+  UpdateUserLevelSchema: () => UpdateUserLevelSchema,
   UpdateShopListingSchema: () => UpdateShopListingSchema,
   UpdateMapElementSchema: () => UpdateMapElementSchema,
+  UpdateLevelConfigSchema: () => UpdateLevelConfigSchema,
   UpdateItemSchema: () => UpdateItemSchema,
   UpdateInventoryItemSchema: () => UpdateInventoryItemSchema,
   UpdateGameStateSchema: () => UpdateGameStateSchema,
@@ -72711,10 +72717,12 @@ __export(exports_schemas, {
   StartSessionInputSchema: () => StartSessionInputSchema,
   SelectVerificationSchema: () => SelectVerificationSchema,
   SelectUserSchema: () => SelectUserSchema,
+  SelectUserLevelSchema: () => SelectUserLevelSchema,
   SelectShopListingSchema: () => SelectShopListingSchema,
   SelectSessionSchema: () => SelectSessionSchema,
   SelectMapSchema: () => SelectMapSchema,
   SelectMapElementSchema: () => SelectMapElementSchema,
+  SelectLevelConfigSchema: () => SelectLevelConfigSchema,
   SelectItemSchema: () => SelectItemSchema,
   SelectInventoryItemSchema: () => SelectInventoryItemSchema,
   SelectGameStateSchema: () => SelectGameStateSchema,
@@ -72726,13 +72734,16 @@ __export(exports_schemas, {
   ProcessZipSchema: () => ProcessZipSchema,
   MapElementMetadataZodSchema: () => MapElementMetadataZodSchema,
   ManifestV1Schema: () => ManifestV1Schema,
+  MAX_LEVEL: () => MAX_LEVEL,
   ItemMetadataSchema: () => ItemMetadataSchema,
   InventoryActionInputSchema: () => InventoryActionInputSchema,
   InsertVerificationSchema: () => InsertVerificationSchema,
   InsertUserSchema: () => InsertUserSchema,
+  InsertUserLevelSchema: () => InsertUserLevelSchema,
   InsertShopListingSchema: () => InsertShopListingSchema,
   InsertSessionSchema: () => InsertSessionSchema,
   InsertMapElementSchema: () => InsertMapElementSchema,
+  InsertLevelConfigSchema: () => InsertLevelConfigSchema,
   InsertItemSchema: () => InsertItemSchema,
   InsertInventoryItemSchema: () => InsertInventoryItemSchema,
   InsertGameStateSchema: () => InsertGameStateSchema,
@@ -77508,12 +77519,60 @@ var InsertShopListingSchema = createInsertSchema(shopListings, {
 }).omit({ id: true, createdAt: true, updatedAt: true });
 var SelectShopListingSchema = createSelectSchema(shopListings);
 var UpdateShopListingSchema = InsertShopListingSchema.partial().extend({});
+// ../data/src/schemas/levels.ts
+var MAX_LEVEL = 100;
+var userLevels = pgTable("user_levels", {
+  userId: text("user_id").primaryKey().references(() => users.id, { onDelete: "cascade" }),
+  currentLevel: integer("current_level").notNull().default(1),
+  currentXp: integer("current_xp").notNull().default(0),
+  totalXpEarned: integer("total_xp_earned").notNull().default(0),
+  lastLevelUpAt: timestamp("last_level_up_at", { withTimezone: true }),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true }).defaultNow().$onUpdate(() => new Date)
+});
+var levelConfigs = pgTable("level_configs", {
+  id: uuid("id").primaryKey().defaultRandom(),
+  level: integer("level").notNull().unique(),
+  xpRequired: integer("xp_required").notNull(),
+  creditsReward: integer("credits_reward").notNull().default(0),
+  createdAt: timestamp("created_at").defaultNow().notNull()
+}, (table) => [uniqueIndex("unique_level_config_idx").on(table.level)]);
+var userLevelsRelations = relations(userLevels, ({ one }) => ({
+  user: one(users, {
+    fields: [userLevels.userId],
+    references: [users.id]
+  })
+}));
+var InsertUserLevelSchema = createInsertSchema(userLevels, {
+  userId: exports_external.string().min(1, "User ID is required"),
+  currentLevel: exports_external.number().int().min(1, "Level must be at least 1").default(1),
+  currentXp: exports_external.number().int().min(0, "XP cannot be negative").default(0),
+  totalXpEarned: exports_external.number().int().min(0, "Total XP earned cannot be negative").default(0)
+}).omit({ createdAt: true, updatedAt: true });
+var SelectUserLevelSchema = createSelectSchema(userLevels);
+var UpdateUserLevelSchema = createUpdateSchema(userLevels).omit({
+  userId: true,
+  createdAt: true
+});
+var InsertLevelConfigSchema = createInsertSchema(levelConfigs, {
+  level: exports_external.number().int().min(1, "Level must be at least 1"),
+  xpRequired: exports_external.number().int().min(0, "XP required cannot be negative"),
+  creditsReward: exports_external.number().int().min(0, "Credits reward cannot be negative").default(0)
+}).omit({ id: true, createdAt: true });
+var SelectLevelConfigSchema = createSelectSchema(levelConfigs);
+var UpdateLevelConfigSchema = createUpdateSchema(levelConfigs).omit({
+  id: true,
+  createdAt: true
+});
+var XPActionInputSchema = exports_external.object({
+  amount: exports_external.number().int("XP amount must be an integer").positive("XP amount must be positive")
+});
 // src/database/path-manager.ts
 import fs2 from "node:fs";
 import { join as join2, isAbsolute, dirname } from "node:path";
 
 class DatabasePathManager {
-  static DEFAULT_DB_SUBPATH = join2("@playcademy", "vite-plugin", ".playcademy", "sandbox.db");
+  static DEFAULT_DB_SUBPATH = join2("@playcademy", "vite-plugin", "node_modules", ".playcademy", "sandbox.db");
   static findNodeModulesPath() {
     let currentDir = process.cwd();
     while (currentDir !== dirname(currentDir)) {
@@ -77587,12 +77646,35 @@ async function seedDemoData(db) {
     for (const inventory2 of SAMPLE_INVENTORY) {
       await db.insert(inventoryItems).values(inventory2);
     }
+    const levelConfigsData = generateLevelConfigs();
+    for (const config of levelConfigsData) {
+      await db.insert(levelConfigs).values(config);
+    }
   } catch (error2) {
     console.error("❌ Error seeding demo data:", error2);
     throw error2;
   }
   return DEMO_USER;
 }
+function generateLevelConfigs() {
+  const configs = [];
+  for (let level = 1;level <= 100; level++) {
+    const xpRequired = level === 1 ? 0 : Math.floor(50 * Math.pow(level - 1, 1.7));
+    let creditsReward = 0;
+    if (level > 1) {
+      creditsReward = 25 + level * 25;
+      if (level % 10 === 1 && level > 1) {
+        creditsReward += 75;
+      }
+    }
+    configs.push({
+      level,
+      xpRequired,
+      creditsReward
+    });
+  }
+  return configs;
+}
 async function seedCurrentProjectGame(db, project) {
   const now2 = new Date;
   try {
@@ -77628,7 +77710,7 @@ async function seedCurrentProjectGame(db, project) {
 // package.json
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.1.0-beta.1",
+  version: "0.1.0-beta.3",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -77657,8 +77739,6 @@ var package_default = {
   dependencies: {
     "@electric-sql/pglite": "^0.3.2",
     "@hono/node-server": "^1.14.2",
-    "@playcademy/api-core": "workspace:*",
-    "@playcademy/data": "workspace:*",
     commander: "^12.1.0",
     "drizzle-kit": "^0.31.0",
     "drizzle-orm": "^0.42.0",
@@ -77667,6 +77747,8 @@ var package_default = {
     picocolors: "^1.1.1"
   },
   devDependencies: {
+    "@playcademy/api-core": "workspace:*",
+    "@playcademy/data": "workspace:*",
     "@types/bun": "latest"
   },
   peerDependencies: {
@@ -77731,6 +77813,270 @@ async function getUserMe(ctx) {
   }
 }
 
+// ../api-core/src/utils/levels.ts
+var levelConfigCache = null;
+async function getLevelConfig(db, level) {
+  if (level < 1) {
+    throw ApiError.badRequest("Level must be at least 1");
+  }
+  if (levelConfigCache?.has(level)) {
+    return levelConfigCache.get(level) || null;
+  }
+  try {
+    const [config] = await db.select().from(levelConfigs).where(eq(levelConfigs.level, level)).limit(1);
+    if (levelConfigCache && config) {
+      levelConfigCache.set(level, config);
+    }
+    return config || null;
+  } catch (error2) {
+    logger2.error(`Error fetching level config for level ${level}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function calculateXPToNextLevel(db, currentLevel, currentXp) {
+  try {
+    const nextLevelConfig = await getLevelConfig(db, currentLevel + 1);
+    if (!nextLevelConfig) {
+      return 0;
+    }
+    return Math.max(0, nextLevelConfig.xpRequired - currentXp);
+  } catch (error2) {
+    logger2.error(`Error calculating XP to next level:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function checkLevelUp(tx, currentLevel, newXp) {
+  let level = currentLevel;
+  let remainingXp = newXp;
+  let totalCreditsAwarded = 0;
+  let leveledUp = false;
+  while (true) {
+    if (level >= MAX_LEVEL) {
+      break;
+    }
+    const nextLevelConfig2 = await tx.select().from(levelConfigs).where(eq(levelConfigs.level, level + 1)).limit(1);
+    const [nextLevel2] = nextLevelConfig2;
+    if (!nextLevel2) {
+      break;
+    }
+    if (remainingXp >= nextLevel2.xpRequired) {
+      level += 1;
+      remainingXp -= nextLevel2.xpRequired;
+      totalCreditsAwarded += nextLevel2.creditsReward;
+      leveledUp = true;
+    } else {
+      break;
+    }
+  }
+  const nextLevelConfig = await tx.select().from(levelConfigs).where(eq(levelConfigs.level, level + 1)).limit(1);
+  const [nextLevel] = nextLevelConfig;
+  const xpToNextLevel = nextLevel ? Math.max(0, nextLevel.xpRequired - remainingXp) : 0;
+  return {
+    newLevel: level,
+    remainingXp,
+    leveledUp,
+    creditsAwarded: totalCreditsAwarded,
+    xpToNextLevel
+  };
+}
+
+// ../api-core/src/utils/validation.ts
+function formatValidationErrors(error2) {
+  const flattened = error2.flatten();
+  const fieldErrors = Object.entries(flattened.fieldErrors).map(([field, errors2]) => `${field}: ${errors2?.join(", ") || "Invalid"}`).join("; ");
+  const formErrors = flattened.formErrors.join("; ");
+  const allErrors = [fieldErrors, formErrors].filter(Boolean).join("; ");
+  return allErrors || "Validation failed";
+}
+
+// ../api-core/src/levels/index.ts
+var AddXPSchema = XPActionInputSchema;
+async function getUserLevel(ctx) {
+  const user = ctx.user;
+  if (!user) {
+    throw ApiError.unauthorized("Valid session or bearer token required");
+  }
+  try {
+    const db = getDatabase();
+    let [userLevel] = await db.select().from(userLevels).where(eq(userLevels.userId, user.id)).limit(1);
+    if (!userLevel) {
+      const [newUserLevel] = await db.insert(userLevels).values({
+        userId: user.id,
+        currentLevel: 1,
+        currentXp: 0,
+        totalXpEarned: 0
+      }).returning();
+      if (!newUserLevel) {
+        throw ApiError.internal("Failed to create user level record");
+      }
+      userLevel = newUserLevel;
+    }
+    return userLevel;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching user level for user ${user.id}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function addXP(ctx, amount) {
+  const user = ctx.user;
+  if (!user) {
+    throw ApiError.unauthorized("Valid session or bearer token required");
+  }
+  if (amount <= 0) {
+    throw ApiError.badRequest("XP amount must be positive");
+  }
+  try {
+    const db = getDatabase();
+    const result = await db.transaction(async (tx) => {
+      let [userLevel] = await tx.select().from(userLevels).where(eq(userLevels.userId, user.id)).limit(1);
+      if (!userLevel) {
+        const [newUserLevel] = await tx.insert(userLevels).values({
+          userId: user.id,
+          currentLevel: 1,
+          currentXp: 0,
+          totalXpEarned: 0
+        }).returning();
+        if (!newUserLevel) {
+          throw ApiError.internal("Failed to create user level record");
+        }
+        userLevel = newUserLevel;
+      }
+      const newCurrentXp = userLevel.currentXp + amount;
+      const newTotalXpEarned = userLevel.totalXpEarned + amount;
+      const levelUpResult = await checkLevelUp(tx, userLevel.currentLevel, newCurrentXp);
+      const [updatedUserLevel] = await tx.update(userLevels).set({
+        currentLevel: levelUpResult.newLevel,
+        currentXp: levelUpResult.remainingXp,
+        totalXpEarned: newTotalXpEarned,
+        lastLevelUpAt: levelUpResult.leveledUp ? new Date : userLevel.lastLevelUpAt
+      }).where(eq(userLevels.userId, user.id)).returning();
+      if (!updatedUserLevel) {
+        throw ApiError.internal("Failed to update user level");
+      }
+      let creditsAwarded = 0;
+      if (levelUpResult.leveledUp) {
+        const creditsToAward = levelUpResult.creditsAwarded;
+        logger2.debug("User leveled up", {
+          userId: user.id,
+          oldLevel: userLevel.currentLevel,
+          newLevel: levelUpResult.newLevel,
+          xpAdded: amount,
+          totalXpEarned: newTotalXpEarned,
+          creditsAwarded: creditsToAward
+        });
+        if (creditsToAward > 0) {
+          const [creditsItem] = await tx.select({ id: items.id }).from(items).where(eq(items.internalName, "PLAYCADEMY_CREDITS")).limit(1);
+          if (!creditsItem) {
+            throw ApiError.internal("PLAYCADEMY_CREDITS item not found");
+          }
+          await tx.insert(inventoryItems).values({
+            userId: user.id,
+            itemId: creditsItem.id,
+            quantity: creditsToAward
+          }).onConflictDoUpdate({
+            target: [
+              inventoryItems.userId,
+              inventoryItems.itemId
+            ],
+            set: {
+              quantity: sql`${inventoryItems.quantity} + ${creditsToAward}`
+            }
+          });
+        }
+        creditsAwarded = creditsToAward;
+      } else {
+        logger2.debug("XP added to user", {
+          userId: user.id,
+          level: userLevel.currentLevel,
+          xpAdded: amount,
+          totalXpEarned: newTotalXpEarned
+        });
+      }
+      return {
+        totalXpEarned: newTotalXpEarned,
+        newLevel: levelUpResult.newLevel,
+        leveledUp: levelUpResult.leveledUp,
+        creditsAwarded,
+        xpToNextLevel: levelUpResult.xpToNextLevel
+      };
+    });
+    return result;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error adding XP for user ${user.id}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function addXPFromRequest(ctx) {
+  let amount;
+  try {
+    const requestBody = await ctx.request.json();
+    const parsed = AddXPSchema.parse(requestBody);
+    amount = parsed.amount;
+  } catch (error2) {
+    if (error2 instanceof ZodError) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(error2)}`);
+    }
+    logger2.error("Failed to parse request body:", error2);
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  return await addXP(ctx, amount);
+}
+async function getAllLevelConfigs(_ctx) {
+  try {
+    const db = getDatabase();
+    const configs = await db.select().from(levelConfigs).orderBy(levelConfigs.level);
+    return configs;
+  } catch (error2) {
+    logger2.error("Error fetching all level configs:", error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function getUserLevelProgress(ctx) {
+  const userLevel = await getUserLevel(ctx);
+  try {
+    const db = getDatabase();
+    const xpToNextLevel = await calculateXPToNextLevel(db, userLevel.currentLevel, userLevel.currentXp);
+    return {
+      level: userLevel.currentLevel,
+      currentXp: userLevel.currentXp,
+      xpToNextLevel,
+      totalXpEarned: userLevel.totalXpEarned
+    };
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching user level progress:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function getLevelConfigByPath(ctx) {
+  const levelParam = ctx.params.level;
+  if (!levelParam) {
+    throw ApiError.badRequest("Level parameter is required");
+  }
+  const level = parseInt(levelParam, 10);
+  if (isNaN(level) || level < 1) {
+    throw ApiError.badRequest("Level must be a positive integer");
+  }
+  try {
+    const db = getDatabase();
+    return await getLevelConfig(db, level);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching level config for level ${level}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+
 // src/routes/users.ts
 var usersRouter = new Hono2;
 usersRouter.get("/me", async (c2) => {
@@ -77752,18 +78098,66 @@ usersRouter.get("/me", async (c2) => {
     return c2.json({ error: message }, 500);
   }
 });
+usersRouter.get("/level", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const levelData = await getUserLevel(ctx);
+    return c2.json(levelData);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getUserLevel:", error2);
+    const message = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message }, 500);
+  }
+});
+usersRouter.get("/level/progress", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const progressData = await getUserLevelProgress(ctx);
+    return c2.json(progressData);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getUserLevelProgress:", error2);
+    const message = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message }, 500);
+  }
+});
+usersRouter.post("/xp/add", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await addXPFromRequest(ctx);
+    return c2.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in addXPFromRequest:", error2);
+    const message = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message }, 500);
+  }
+});
 // src/routes/health.ts
 var healthRouter = new Hono2;
 healthRouter.get("/", (c2) => c2.json({ status: "ok", timestamp: new Date().toISOString() }));
-// ../api-core/src/utils/validation.ts
-function formatValidationErrors(error2) {
-  const flattened = error2.flatten();
-  const fieldErrors = Object.entries(flattened.fieldErrors).map(([field, errors2]) => `${field}: ${errors2?.join(", ") || "Invalid"}`).join("; ");
-  const formErrors = flattened.formErrors.join("; ");
-  const allErrors = [fieldErrors, formErrors].filter(Boolean).join("; ");
-  return allErrors || "Validation failed";
-}
-
 // ../api-core/src/inventory/index.ts
 async function getUserInventory(ctx) {
   const user = ctx.user;
@@ -81993,6 +82387,46 @@ devRouter.delete("/keys/:keyId", async (c2) => {
     return c2.json({ error: message2 }, 500);
   }
 });
+// src/routes/levels.ts
+var levelsRouter = new Hono2;
+levelsRouter.get("/config", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const configs = await getAllLevelConfigs(ctx);
+    return c2.json(configs);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getAllLevelConfigs:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
+levelsRouter.get("/config/:level", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: { level: c2.req.param("level") },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const config = await getLevelConfigByPath(ctx);
+    return c2.json(config);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getLevelConfigByPath:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
 // src/server.ts
 async function startServer(options) {
   const { port, verbose, project } = options;
@@ -82019,6 +82453,7 @@ async function startServer(options) {
   app.route("/api/maps", mapsRouter);
   app.route("/api/shop-listings", shopListingsRouter);
   app.route("/api/dev", devRouter);
+  app.route("/api/levels", levelsRouter);
   return serve({ fetch: app.fetch, port });
 }
 var version3 = package_default.version;
@@ -82060,14 +82495,19 @@ async function findAvailablePort(startPort = 4321) {
 
 // src/cli.ts
 var program2 = new Command;
-program2.name("playcademy-sandbox").description("Local development server for Playcademy game development").version("0.1.0").option("-p, --port <number>", "Port to run the server on", "4321").option("-v, --verbose", "Enable verbose logging", true).action(async (options) => {
+program2.name("playcademy-sandbox").description("Local development server for Playcademy game development").version("0.1.0").option("-p, --port <number>", "Port to run the server on", "4321").option("-v, --verbose", "Enable verbose logging", true).option("--project-name <name>", "Name of the current project").option("--project-slug <slug>", "Slug of the current project").action(async (options) => {
   try {
     const requestedPort = parseInt(options.port);
     const availablePort = await findAvailablePort(requestedPort);
     const serverOptions = {
       port: availablePort,
       seed: options.seed,
-      verbose: options.verbose
+      verbose: options.verbose,
+      project: options.projectName && options.projectSlug ? {
+        slug: options.projectSlug,
+        displayName: options.projectName,
+        version: "1.0.0"
+      } : undefined
     };
     const server = await startServer(serverOptions);
     console.log("");

package/dist/constants.d.ts

@@ -1,22 +1,11 @@
-import type { Item } from '@playcademy/data/schemas';
-export declare const DEMO_USER: {
-    id: `${string}-${string}-${string}-${string}-${string}`;
-    name: string;
-    username: string;
-    email: string;
-    emailVerified: boolean;
-    image: null;
-    role: "player";
-    developerStatus: "none";
-    createdAt: Date;
-    updatedAt: Date;
-};
+import type { Item, User } from '@playcademy/data/schemas';
+export declare const DEMO_USER: User;
 export declare const DEMO_TOKEN = "demo-token";
 export declare const PLAYCADEMY_CREDITS_ID: `${string}-${string}-${string}-${string}-${string}`;
 export declare const SAMPLE_ITEMS: Omit<Item, 'createdAt'>[];
 export declare const SAMPLE_INVENTORY: {
     id: `${string}-${string}-${string}-${string}-${string}`;
-    userId: `${string}-${string}-${string}-${string}-${string}`;
+    userId: string;
     itemId: `${string}-${string}-${string}-${string}-${string}`;
     quantity: number;
 }[];

package/dist/database/seed.d.ts

@@ -1,17 +1,22 @@
 import { setupDatabase } from '.';
 import type { ProjectInfo } from '../types';
 export declare function seedDemoData(db: Awaited<ReturnType<typeof setupDatabase>>): Promise<{
-    id: `${string}-${string}-${string}-${string}-${string}`;
+    id: string;
     name: string;
-    username: string;
+    username: string | null;
     email: string;
     emailVerified: boolean;
-    image: null;
-    role: "player";
-    developerStatus: "none";
+    image: string | null;
+    role: "admin" | "player" | "developer";
+    developerStatus: "none" | "pending" | "approved";
     createdAt: Date;
     updatedAt: Date;
 }>;
+export declare function generateLevelConfigs(): {
+    level: number;
+    xpRequired: number;
+    creditsReward: number;
+}[];
 export declare function seedCurrentProjectGame(db: Awaited<ReturnType<typeof setupDatabase>>, project: ProjectInfo): Promise<{
     id: string;
     createdAt: Date | null;

package/dist/routes/index.d.ts

@@ -9,3 +9,4 @@ export { currenciesRouter } from './currencies';
 export { mapRouter, mapsRouter } from './maps';
 export { shopListingsRouter } from './shop-listings';
 export { devRouter } from './dev';
+export { levelsRouter } from './levels';

package/dist/routes/levels.d.ts

@@ -0,0 +1,3 @@
+import { Hono } from 'hono';
+import type { HonoEnv } from '../types';
+export declare const levelsRouter: Hono<HonoEnv, import("hono/types").BlankSchema, "/">;

package/dist/server.js

@@ -13023,7 +13023,7 @@ globstar while`, file, fr, pattern, pr3, swallowee);
             }
           };
           for (let i3 = 0, c2;i3 < pattern.length && (c2 = pattern.charAt(i3)); i3++) {
-            this.debug("%s\t%s %s %j", pattern, i3, re3, c2);
+            this.debug("%s	%s %s %j", pattern, i3, re3, c2);
             if (escaping) {
               if (c2 === "/") {
                 return false;
@@ -21546,7 +21546,7 @@ Is ${source_default.bold.blue(this.base.name)} schema created or renamed from an
         IS_LINE_JUNK = function(line2, pat = /^\s*#?\s*$/) {
           return pat.test(line2);
         };
-        IS_CHARACTER_JUNK = function(ch, ws = " \t") {
+        IS_CHARACTER_JUNK = function(ch, ws = " 	") {
           return indexOf.call(ws, ch) >= 0;
         };
         _formatRangeUnified = function(start2, stop2) {
@@ -31136,7 +31136,7 @@ globstar while`, file, fr, pattern, pr3, swallowee);
             }
           };
           for (let i3 = 0, c2;i3 < pattern.length && (c2 = pattern.charAt(i3)); i3++) {
-            this.debug("%s\t%s %s %j", pattern, i3, re3, c2);
+            this.debug("%s	%s %s %j", pattern, i3, re3, c2);
             if (escaping) {
               if (c2 === "/") {
                 return false;
@@ -50934,8 +50934,8 @@ var DEMO_USER = {
   email: "demo@playcademy.com",
   emailVerified: true,
   image: null,
-  role: "player",
-  developerStatus: "none",
+  role: "developer",
+  developerStatus: "approved",
   createdAt: now,
   updatedAt: now
 };
@@ -70763,6 +70763,8 @@ __export(exports_schemas, {
   verification: () => verification,
   users: () => users,
   userRoleEnum: () => userRoleEnum,
+  userLevelsRelations: () => userLevelsRelations,
+  userLevels: () => userLevels,
   shopListingsRelations: () => shopListingsRelations,
   shopListings: () => shopListings,
   sessions: () => sessions,
@@ -70770,6 +70772,7 @@ __export(exports_schemas, {
   maps: () => maps,
   mapElementsRelations: () => mapElementsRelations,
   mapElements: () => mapElements,
+  levelConfigs: () => levelConfigs,
   itemsRelations: () => itemsRelations,
   items: () => items,
   itemTypeEnum: () => itemTypeEnum,
@@ -70786,11 +70789,14 @@ __export(exports_schemas, {
   currenciesRelations: () => currenciesRelations,
   currencies: () => currencies,
   accounts: () => accounts,
+  XPActionInputSchema: () => XPActionInputSchema,
   VersionSchema: () => VersionSchema,
   UpsertGameMetadataSchema: () => UpsertGameMetadataSchema,
   UpdateUserSchema: () => UpdateUserSchema,
+  UpdateUserLevelSchema: () => UpdateUserLevelSchema,
   UpdateShopListingSchema: () => UpdateShopListingSchema,
   UpdateMapElementSchema: () => UpdateMapElementSchema,
+  UpdateLevelConfigSchema: () => UpdateLevelConfigSchema,
   UpdateItemSchema: () => UpdateItemSchema,
   UpdateInventoryItemSchema: () => UpdateInventoryItemSchema,
   UpdateGameStateSchema: () => UpdateGameStateSchema,
@@ -70801,10 +70807,12 @@ __export(exports_schemas, {
   StartSessionInputSchema: () => StartSessionInputSchema,
   SelectVerificationSchema: () => SelectVerificationSchema,
   SelectUserSchema: () => SelectUserSchema,
+  SelectUserLevelSchema: () => SelectUserLevelSchema,
   SelectShopListingSchema: () => SelectShopListingSchema,
   SelectSessionSchema: () => SelectSessionSchema,
   SelectMapSchema: () => SelectMapSchema,
   SelectMapElementSchema: () => SelectMapElementSchema,
+  SelectLevelConfigSchema: () => SelectLevelConfigSchema,
   SelectItemSchema: () => SelectItemSchema,
   SelectInventoryItemSchema: () => SelectInventoryItemSchema,
   SelectGameStateSchema: () => SelectGameStateSchema,
@@ -70816,13 +70824,16 @@ __export(exports_schemas, {
   ProcessZipSchema: () => ProcessZipSchema,
   MapElementMetadataZodSchema: () => MapElementMetadataZodSchema,
   ManifestV1Schema: () => ManifestV1Schema,
+  MAX_LEVEL: () => MAX_LEVEL,
   ItemMetadataSchema: () => ItemMetadataSchema,
   InventoryActionInputSchema: () => InventoryActionInputSchema,
   InsertVerificationSchema: () => InsertVerificationSchema,
   InsertUserSchema: () => InsertUserSchema,
+  InsertUserLevelSchema: () => InsertUserLevelSchema,
   InsertShopListingSchema: () => InsertShopListingSchema,
   InsertSessionSchema: () => InsertSessionSchema,
   InsertMapElementSchema: () => InsertMapElementSchema,
+  InsertLevelConfigSchema: () => InsertLevelConfigSchema,
   InsertItemSchema: () => InsertItemSchema,
   InsertInventoryItemSchema: () => InsertInventoryItemSchema,
   InsertGameStateSchema: () => InsertGameStateSchema,
@@ -75598,12 +75609,60 @@ var InsertShopListingSchema = createInsertSchema(shopListings, {
 }).omit({ id: true, createdAt: true, updatedAt: true });
 var SelectShopListingSchema = createSelectSchema(shopListings);
 var UpdateShopListingSchema = InsertShopListingSchema.partial().extend({});
+// ../data/src/schemas/levels.ts
+var MAX_LEVEL = 100;
+var userLevels = pgTable("user_levels", {
+  userId: text("user_id").primaryKey().references(() => users.id, { onDelete: "cascade" }),
+  currentLevel: integer("current_level").notNull().default(1),
+  currentXp: integer("current_xp").notNull().default(0),
+  totalXpEarned: integer("total_xp_earned").notNull().default(0),
+  lastLevelUpAt: timestamp("last_level_up_at", { withTimezone: true }),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true }).defaultNow().$onUpdate(() => new Date)
+});
+var levelConfigs = pgTable("level_configs", {
+  id: uuid("id").primaryKey().defaultRandom(),
+  level: integer("level").notNull().unique(),
+  xpRequired: integer("xp_required").notNull(),
+  creditsReward: integer("credits_reward").notNull().default(0),
+  createdAt: timestamp("created_at").defaultNow().notNull()
+}, (table) => [uniqueIndex("unique_level_config_idx").on(table.level)]);
+var userLevelsRelations = relations(userLevels, ({ one }) => ({
+  user: one(users, {
+    fields: [userLevels.userId],
+    references: [users.id]
+  })
+}));
+var InsertUserLevelSchema = createInsertSchema(userLevels, {
+  userId: exports_external.string().min(1, "User ID is required"),
+  currentLevel: exports_external.number().int().min(1, "Level must be at least 1").default(1),
+  currentXp: exports_external.number().int().min(0, "XP cannot be negative").default(0),
+  totalXpEarned: exports_external.number().int().min(0, "Total XP earned cannot be negative").default(0)
+}).omit({ createdAt: true, updatedAt: true });
+var SelectUserLevelSchema = createSelectSchema(userLevels);
+var UpdateUserLevelSchema = createUpdateSchema(userLevels).omit({
+  userId: true,
+  createdAt: true
+});
+var InsertLevelConfigSchema = createInsertSchema(levelConfigs, {
+  level: exports_external.number().int().min(1, "Level must be at least 1"),
+  xpRequired: exports_external.number().int().min(0, "XP required cannot be negative"),
+  creditsReward: exports_external.number().int().min(0, "Credits reward cannot be negative").default(0)
+}).omit({ id: true, createdAt: true });
+var SelectLevelConfigSchema = createSelectSchema(levelConfigs);
+var UpdateLevelConfigSchema = createUpdateSchema(levelConfigs).omit({
+  id: true,
+  createdAt: true
+});
+var XPActionInputSchema = exports_external.object({
+  amount: exports_external.number().int("XP amount must be an integer").positive("XP amount must be positive")
+});
 // src/database/path-manager.ts
 import fs2 from "node:fs";
 import { join as join2, isAbsolute, dirname } from "node:path";
 
 class DatabasePathManager {
-  static DEFAULT_DB_SUBPATH = join2("@playcademy", "vite-plugin", ".playcademy", "sandbox.db");
+  static DEFAULT_DB_SUBPATH = join2("@playcademy", "vite-plugin", "node_modules", ".playcademy", "sandbox.db");
   static findNodeModulesPath() {
     let currentDir = process.cwd();
     while (currentDir !== dirname(currentDir)) {
@@ -75677,12 +75736,35 @@ async function seedDemoData(db) {
     for (const inventory2 of SAMPLE_INVENTORY) {
       await db.insert(inventoryItems).values(inventory2);
     }
+    const levelConfigsData = generateLevelConfigs();
+    for (const config of levelConfigsData) {
+      await db.insert(levelConfigs).values(config);
+    }
   } catch (error2) {
     console.error("❌ Error seeding demo data:", error2);
     throw error2;
   }
   return DEMO_USER;
 }
+function generateLevelConfigs() {
+  const configs = [];
+  for (let level = 1;level <= 100; level++) {
+    const xpRequired = level === 1 ? 0 : Math.floor(50 * Math.pow(level - 1, 1.7));
+    let creditsReward = 0;
+    if (level > 1) {
+      creditsReward = 25 + level * 25;
+      if (level % 10 === 1 && level > 1) {
+        creditsReward += 75;
+      }
+    }
+    configs.push({
+      level,
+      xpRequired,
+      creditsReward
+    });
+  }
+  return configs;
+}
 async function seedCurrentProjectGame(db, project) {
   const now2 = new Date;
   try {
@@ -75718,7 +75800,7 @@ async function seedCurrentProjectGame(db, project) {
 // package.json
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.1.0-beta.1",
+  version: "0.1.0-beta.3",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -75747,8 +75829,6 @@ var package_default = {
   dependencies: {
     "@electric-sql/pglite": "^0.3.2",
     "@hono/node-server": "^1.14.2",
-    "@playcademy/api-core": "workspace:*",
-    "@playcademy/data": "workspace:*",
     commander: "^12.1.0",
     "drizzle-kit": "^0.31.0",
     "drizzle-orm": "^0.42.0",
@@ -75757,6 +75837,8 @@ var package_default = {
     picocolors: "^1.1.1"
   },
   devDependencies: {
+    "@playcademy/api-core": "workspace:*",
+    "@playcademy/data": "workspace:*",
     "@types/bun": "latest"
   },
   peerDependencies: {
@@ -75821,6 +75903,270 @@ async function getUserMe(ctx) {
   }
 }
 
+// ../api-core/src/utils/levels.ts
+var levelConfigCache = null;
+async function getLevelConfig(db, level) {
+  if (level < 1) {
+    throw ApiError.badRequest("Level must be at least 1");
+  }
+  if (levelConfigCache?.has(level)) {
+    return levelConfigCache.get(level) || null;
+  }
+  try {
+    const [config] = await db.select().from(levelConfigs).where(eq(levelConfigs.level, level)).limit(1);
+    if (levelConfigCache && config) {
+      levelConfigCache.set(level, config);
+    }
+    return config || null;
+  } catch (error2) {
+    logger2.error(`Error fetching level config for level ${level}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function calculateXPToNextLevel(db, currentLevel, currentXp) {
+  try {
+    const nextLevelConfig = await getLevelConfig(db, currentLevel + 1);
+    if (!nextLevelConfig) {
+      return 0;
+    }
+    return Math.max(0, nextLevelConfig.xpRequired - currentXp);
+  } catch (error2) {
+    logger2.error(`Error calculating XP to next level:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function checkLevelUp(tx, currentLevel, newXp) {
+  let level = currentLevel;
+  let remainingXp = newXp;
+  let totalCreditsAwarded = 0;
+  let leveledUp = false;
+  while (true) {
+    if (level >= MAX_LEVEL) {
+      break;
+    }
+    const nextLevelConfig2 = await tx.select().from(levelConfigs).where(eq(levelConfigs.level, level + 1)).limit(1);
+    const [nextLevel2] = nextLevelConfig2;
+    if (!nextLevel2) {
+      break;
+    }
+    if (remainingXp >= nextLevel2.xpRequired) {
+      level += 1;
+      remainingXp -= nextLevel2.xpRequired;
+      totalCreditsAwarded += nextLevel2.creditsReward;
+      leveledUp = true;
+    } else {
+      break;
+    }
+  }
+  const nextLevelConfig = await tx.select().from(levelConfigs).where(eq(levelConfigs.level, level + 1)).limit(1);
+  const [nextLevel] = nextLevelConfig;
+  const xpToNextLevel = nextLevel ? Math.max(0, nextLevel.xpRequired - remainingXp) : 0;
+  return {
+    newLevel: level,
+    remainingXp,
+    leveledUp,
+    creditsAwarded: totalCreditsAwarded,
+    xpToNextLevel
+  };
+}
+
+// ../api-core/src/utils/validation.ts
+function formatValidationErrors(error2) {
+  const flattened = error2.flatten();
+  const fieldErrors = Object.entries(flattened.fieldErrors).map(([field, errors2]) => `${field}: ${errors2?.join(", ") || "Invalid"}`).join("; ");
+  const formErrors = flattened.formErrors.join("; ");
+  const allErrors = [fieldErrors, formErrors].filter(Boolean).join("; ");
+  return allErrors || "Validation failed";
+}
+
+// ../api-core/src/levels/index.ts
+var AddXPSchema = XPActionInputSchema;
+async function getUserLevel(ctx) {
+  const user = ctx.user;
+  if (!user) {
+    throw ApiError.unauthorized("Valid session or bearer token required");
+  }
+  try {
+    const db = getDatabase();
+    let [userLevel] = await db.select().from(userLevels).where(eq(userLevels.userId, user.id)).limit(1);
+    if (!userLevel) {
+      const [newUserLevel] = await db.insert(userLevels).values({
+        userId: user.id,
+        currentLevel: 1,
+        currentXp: 0,
+        totalXpEarned: 0
+      }).returning();
+      if (!newUserLevel) {
+        throw ApiError.internal("Failed to create user level record");
+      }
+      userLevel = newUserLevel;
+    }
+    return userLevel;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching user level for user ${user.id}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function addXP(ctx, amount) {
+  const user = ctx.user;
+  if (!user) {
+    throw ApiError.unauthorized("Valid session or bearer token required");
+  }
+  if (amount <= 0) {
+    throw ApiError.badRequest("XP amount must be positive");
+  }
+  try {
+    const db = getDatabase();
+    const result = await db.transaction(async (tx) => {
+      let [userLevel] = await tx.select().from(userLevels).where(eq(userLevels.userId, user.id)).limit(1);
+      if (!userLevel) {
+        const [newUserLevel] = await tx.insert(userLevels).values({
+          userId: user.id,
+          currentLevel: 1,
+          currentXp: 0,
+          totalXpEarned: 0
+        }).returning();
+        if (!newUserLevel) {
+          throw ApiError.internal("Failed to create user level record");
+        }
+        userLevel = newUserLevel;
+      }
+      const newCurrentXp = userLevel.currentXp + amount;
+      const newTotalXpEarned = userLevel.totalXpEarned + amount;
+      const levelUpResult = await checkLevelUp(tx, userLevel.currentLevel, newCurrentXp);
+      const [updatedUserLevel] = await tx.update(userLevels).set({
+        currentLevel: levelUpResult.newLevel,
+        currentXp: levelUpResult.remainingXp,
+        totalXpEarned: newTotalXpEarned,
+        lastLevelUpAt: levelUpResult.leveledUp ? new Date : userLevel.lastLevelUpAt
+      }).where(eq(userLevels.userId, user.id)).returning();
+      if (!updatedUserLevel) {
+        throw ApiError.internal("Failed to update user level");
+      }
+      let creditsAwarded = 0;
+      if (levelUpResult.leveledUp) {
+        const creditsToAward = levelUpResult.creditsAwarded;
+        logger2.debug("User leveled up", {
+          userId: user.id,
+          oldLevel: userLevel.currentLevel,
+          newLevel: levelUpResult.newLevel,
+          xpAdded: amount,
+          totalXpEarned: newTotalXpEarned,
+          creditsAwarded: creditsToAward
+        });
+        if (creditsToAward > 0) {
+          const [creditsItem] = await tx.select({ id: items.id }).from(items).where(eq(items.internalName, "PLAYCADEMY_CREDITS")).limit(1);
+          if (!creditsItem) {
+            throw ApiError.internal("PLAYCADEMY_CREDITS item not found");
+          }
+          await tx.insert(inventoryItems).values({
+            userId: user.id,
+            itemId: creditsItem.id,
+            quantity: creditsToAward
+          }).onConflictDoUpdate({
+            target: [
+              inventoryItems.userId,
+              inventoryItems.itemId
+            ],
+            set: {
+              quantity: sql`${inventoryItems.quantity} + ${creditsToAward}`
+            }
+          });
+        }
+        creditsAwarded = creditsToAward;
+      } else {
+        logger2.debug("XP added to user", {
+          userId: user.id,
+          level: userLevel.currentLevel,
+          xpAdded: amount,
+          totalXpEarned: newTotalXpEarned
+        });
+      }
+      return {
+        totalXpEarned: newTotalXpEarned,
+        newLevel: levelUpResult.newLevel,
+        leveledUp: levelUpResult.leveledUp,
+        creditsAwarded,
+        xpToNextLevel: levelUpResult.xpToNextLevel
+      };
+    });
+    return result;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error adding XP for user ${user.id}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function addXPFromRequest(ctx) {
+  let amount;
+  try {
+    const requestBody = await ctx.request.json();
+    const parsed = AddXPSchema.parse(requestBody);
+    amount = parsed.amount;
+  } catch (error2) {
+    if (error2 instanceof ZodError) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(error2)}`);
+    }
+    logger2.error("Failed to parse request body:", error2);
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  return await addXP(ctx, amount);
+}
+async function getAllLevelConfigs(_ctx) {
+  try {
+    const db = getDatabase();
+    const configs = await db.select().from(levelConfigs).orderBy(levelConfigs.level);
+    return configs;
+  } catch (error2) {
+    logger2.error("Error fetching all level configs:", error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function getUserLevelProgress(ctx) {
+  const userLevel = await getUserLevel(ctx);
+  try {
+    const db = getDatabase();
+    const xpToNextLevel = await calculateXPToNextLevel(db, userLevel.currentLevel, userLevel.currentXp);
+    return {
+      level: userLevel.currentLevel,
+      currentXp: userLevel.currentXp,
+      xpToNextLevel,
+      totalXpEarned: userLevel.totalXpEarned
+    };
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching user level progress:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function getLevelConfigByPath(ctx) {
+  const levelParam = ctx.params.level;
+  if (!levelParam) {
+    throw ApiError.badRequest("Level parameter is required");
+  }
+  const level = parseInt(levelParam, 10);
+  if (isNaN(level) || level < 1) {
+    throw ApiError.badRequest("Level must be a positive integer");
+  }
+  try {
+    const db = getDatabase();
+    return await getLevelConfig(db, level);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching level config for level ${level}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+
 // src/routes/users.ts
 var usersRouter = new Hono2;
 usersRouter.get("/me", async (c2) => {
@@ -75842,18 +76188,66 @@ usersRouter.get("/me", async (c2) => {
     return c2.json({ error: message }, 500);
   }
 });
+usersRouter.get("/level", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const levelData = await getUserLevel(ctx);
+    return c2.json(levelData);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getUserLevel:", error2);
+    const message = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message }, 500);
+  }
+});
+usersRouter.get("/level/progress", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const progressData = await getUserLevelProgress(ctx);
+    return c2.json(progressData);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getUserLevelProgress:", error2);
+    const message = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message }, 500);
+  }
+});
+usersRouter.post("/xp/add", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await addXPFromRequest(ctx);
+    return c2.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in addXPFromRequest:", error2);
+    const message = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message }, 500);
+  }
+});
 // src/routes/health.ts
 var healthRouter = new Hono2;
 healthRouter.get("/", (c2) => c2.json({ status: "ok", timestamp: new Date().toISOString() }));
-// ../api-core/src/utils/validation.ts
-function formatValidationErrors(error2) {
-  const flattened = error2.flatten();
-  const fieldErrors = Object.entries(flattened.fieldErrors).map(([field, errors2]) => `${field}: ${errors2?.join(", ") || "Invalid"}`).join("; ");
-  const formErrors = flattened.formErrors.join("; ");
-  const allErrors = [fieldErrors, formErrors].filter(Boolean).join("; ");
-  return allErrors || "Validation failed";
-}
-
 // ../api-core/src/inventory/index.ts
 async function getUserInventory(ctx) {
   const user = ctx.user;
@@ -80083,6 +80477,46 @@ devRouter.delete("/keys/:keyId", async (c2) => {
     return c2.json({ error: message2 }, 500);
   }
 });
+// src/routes/levels.ts
+var levelsRouter = new Hono2;
+levelsRouter.get("/config", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const configs = await getAllLevelConfigs(ctx);
+    return c2.json(configs);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getAllLevelConfigs:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
+levelsRouter.get("/config/:level", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: { level: c2.req.param("level") },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const config = await getLevelConfigByPath(ctx);
+    return c2.json(config);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in getLevelConfigByPath:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
 // src/server.ts
 async function startServer(options) {
   const { port, verbose, project } = options;
@@ -80109,6 +80543,7 @@ async function startServer(options) {
   app.route("/api/maps", mapsRouter);
   app.route("/api/shop-listings", shopListingsRouter);
   app.route("/api/dev", devRouter);
+  app.route("/api/levels", levelsRouter);
   return serve({ fetch: app.fetch, port });
 }
 var version3 = package_default.version;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@playcademy/sandbox",
-    "version": "0.1.0-beta.2",
+    "version": "0.1.0-beta.4",
     "description": "Local development server for Playcademy game development",
     "type": "module",
     "exports": {
@@ -29,8 +29,6 @@
     "dependencies": {
         "@electric-sql/pglite": "^0.3.2",
         "@hono/node-server": "^1.14.2",
-        "@playcademy/api-core": "0.1.0",
-        "@playcademy/data": "0.0.1",
         "commander": "^12.1.0",
         "drizzle-kit": "^0.31.0",
         "drizzle-orm": "^0.42.0",
@@ -39,6 +37,8 @@
         "picocolors": "^1.1.1"
     },
     "devDependencies": {
+        "@playcademy/api-core": "0.1.0",
+        "@playcademy/data": "0.0.1",
         "@types/bun": "latest"
     },
     "peerDependencies": {