@playcademy/sandbox 0.1.0-beta.6 → 0.1.0-beta.8

package/dist/server.js

@@ -1706,8 +1706,8 @@ is not a problem with esbuild. You need to fix your environment instead.
       if (isFirstPacket) {
         isFirstPacket = false;
         let binaryVersion = String.fromCharCode(...bytes);
-        if (binaryVersion !== "0.25.4") {
-          throw new Error(`Cannot start service: Host version "${"0.25.4"}" does not match binary version ${quote(binaryVersion)}`);
+        if (binaryVersion !== "0.25.5") {
+          throw new Error(`Cannot start service: Host version "${"0.25.5"}" does not match binary version ${quote(binaryVersion)}`);
         }
         return;
       }
@@ -2895,7 +2895,7 @@ for your current platform.`);
       } catch (e) {}
       if (pnpapi) {
         const root = pnpapi.getPackageInformation(pnpapi.topLevel).packageLocation;
-        const binTargetPath = path.join(root, "node_modules", ".cache", "esbuild", `pnpapi-${pkg.replace("/", "-")}-${"0.25.4"}-${path.basename(subpath)}`);
+        const binTargetPath = path.join(root, "node_modules", ".cache", "esbuild", `pnpapi-${pkg.replace("/", "-")}-${"0.25.5"}-${path.basename(subpath)}`);
         if (!fs3.existsSync(binTargetPath)) {
           fs3.mkdirSync(path.dirname(binTargetPath), { recursive: true });
           fs3.copyFileSync(binPath, binTargetPath);
@@ -2923,7 +2923,7 @@ for your current platform.`);
     }
   }
   var _a;
-  var isInternalWorkerThread = ((_a = worker_threads == null ? undefined : worker_threads.workerData) == null ? undefined : _a.esbuildVersion) === "0.25.4";
+  var isInternalWorkerThread = ((_a = worker_threads == null ? undefined : worker_threads.workerData) == null ? undefined : _a.esbuildVersion) === "0.25.5";
   var esbuildCommandAndArgs = () => {
     if ((!ESBUILD_BINARY_PATH || false) && (path2.basename(__filename) !== "main.js" || path2.basename(__dirname) !== "lib")) {
       throw new Error(`The esbuild JavaScript API cannot be bundled. Please mark the "esbuild" package as external so it's not included in the bundle.
@@ -2985,7 +2985,7 @@ More information: The file containing the code for esbuild's JavaScript API (${_
       }
     }
   };
-  var version2 = "0.25.4";
+  var version2 = "0.25.5";
   var build = (options) => ensureServiceIsRunning().build(options);
   var context = (buildOptions) => ensureServiceIsRunning().context(buildOptions);
   var transform = (input, options) => ensureServiceIsRunning().transform(input, options);
@@ -3103,7 +3103,7 @@ More information: The file containing the code for esbuild's JavaScript API (${_
     if (longLivedService)
       return longLivedService;
     let [command, args2] = esbuildCommandAndArgs();
-    let child = child_process.spawn(command, args2.concat(`--service=${"0.25.4"}`, "--ping"), {
+    let child = child_process.spawn(command, args2.concat(`--service=${"0.25.5"}`, "--ping"), {
       windowsHide: true,
       stdio: ["pipe", "pipe", "inherit"],
       cwd: defaultWD
@@ -3211,7 +3211,7 @@ More information: The file containing the code for esbuild's JavaScript API (${_
       esbuild: node_exports
     });
     callback(service);
-    let stdout = child_process.execFileSync(command, args2.concat(`--service=${"0.25.4"}`), {
+    let stdout = child_process.execFileSync(command, args2.concat(`--service=${"0.25.5"}`), {
       cwd: defaultWD,
       windowsHide: true,
       input: stdin,
@@ -3227,7 +3227,7 @@ More information: The file containing the code for esbuild's JavaScript API (${_
   var startWorkerThreadService = (worker_threads2) => {
     let { port1: mainPort, port2: workerPort } = new worker_threads2.MessageChannel;
     let worker = new worker_threads2.Worker(__filename, {
-      workerData: { workerPort, defaultWD, esbuildVersion: "0.25.4" },
+      workerData: { workerPort, defaultWD, esbuildVersion: "0.25.5" },
       transferList: [workerPort],
       execArgv: []
     });
@@ -50336,9 +50336,9 @@ import { Http2ServerRequest } from "http2";
 import { Readable } from "stream";
 import crypto2 from "crypto";
 var RequestError = class extends Error {
-  static name = "RequestError";
   constructor(message, options) {
     super(message, options);
+    this.name = "RequestError";
   }
 };
 var toRequestError = (e) => {
@@ -50943,7 +50943,8 @@ var PLAYCADEMY_CREDITS_ID = crypto.randomUUID();
 var SAMPLE_ITEMS = [
   {
     id: PLAYCADEMY_CREDITS_ID,
-    internalName: "PLAYCADEMY_CREDITS",
+    slug: "PLAYCADEMY_CREDITS",
+    gameId: null,
     displayName: "PLAYCADEMY credits",
     description: "The main currency used across PLAYCADEMY.",
     type: "currency",
@@ -50954,7 +50955,8 @@ var SAMPLE_ITEMS = [
   },
   {
     id: crypto.randomUUID(),
-    internalName: "FOUNDING_MEMBER_BADGE",
+    slug: "FOUNDING_MEMBER_BADGE",
+    gameId: null,
     displayName: "Founding Member Badge",
     description: "Reserved for founding core team of the PLAYCADEMY platform.",
     type: "badge",
@@ -50965,7 +50967,8 @@ var SAMPLE_ITEMS = [
   },
   {
     id: crypto.randomUUID(),
-    internalName: "EARLY_ADOPTER_BADGE",
+    slug: "EARLY_ADOPTER_BADGE",
+    gameId: null,
     displayName: "Early Adopter Badge",
     description: "Awarded to users who joined during the beta phase.",
     type: "badge",
@@ -50976,7 +50979,8 @@ var SAMPLE_ITEMS = [
   },
   {
     id: crypto.randomUUID(),
-    internalName: "FIRST_GAME_BADGE",
+    slug: "FIRST_GAME_BADGE",
+    gameId: null,
     displayName: "First Game Played",
     description: "Awarded for playing your first game in the Playcademy platform.",
     type: "badge",
@@ -50987,7 +50991,8 @@ var SAMPLE_ITEMS = [
   },
   {
     id: crypto.randomUUID(),
-    internalName: "COMMON_SWORD",
+    slug: "COMMON_SWORD",
+    gameId: null,
     displayName: "Common Sword",
     description: "A basic sword, good for beginners.",
     type: "unlock",
@@ -50996,7 +51001,8 @@ var SAMPLE_ITEMS = [
   },
   {
     id: crypto.randomUUID(),
-    internalName: "SMALL_HEALTH_POTION",
+    slug: "SMALL_HEALTH_POTION",
+    gameId: null,
     displayName: "Small Health Potion",
     description: "Restores a small amount of health.",
     type: "other",
@@ -51005,7 +51011,8 @@ var SAMPLE_ITEMS = [
   },
   {
     id: crypto.randomUUID(),
-    internalName: "SMALL_BACKPACK",
+    slug: "SMALL_BACKPACK",
+    gameId: null,
     displayName: "Small Backpack",
     description: "Increases your inventory capacity by 5 slots.",
     type: "upgrade",
@@ -75478,14 +75485,20 @@ var itemTypeEnum = pgEnum("item_type", [
 ]);
 var items = pgTable("items", {
   id: uuid("id").primaryKey().defaultRandom(),
-  internalName: text("internal_name").notNull().unique(),
+  slug: text("slug").notNull(),
+  gameId: uuid("game_id").references(() => games.id, {
+    onDelete: "cascade"
+  }),
   displayName: text("display_name").notNull(),
   description: text("description"),
   type: itemTypeEnum("type").notNull().default("other"),
   imageUrl: text("image_url"),
   metadata: jsonb("metadata").default({}),
   createdAt: timestamp("created_at").defaultNow().notNull()
-});
+}, (table) => [
+  uniqueIndex("items_game_slug_idx").on(table.gameId, table.slug),
+  uniqueIndex("items_global_slug_idx").on(table.slug).where(sql`game_id IS NULL`)
+]);
 var inventoryItems = pgTable("inventory_items", {
   id: uuid("id").primaryKey().defaultRandom(),
   userId: text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
@@ -75518,9 +75531,13 @@ var shopListings = pgTable("shop_listings", {
 }, (table) => [
   uniqueIndex("unique_item_currency_listing_idx").on(table.itemId, table.currencyId)
 ]);
-var itemsRelations = relations(items, ({ many }) => ({
+var itemsRelations = relations(items, ({ many, one }) => ({
   shopListings: many(shopListings),
-  inventoryItems: many(inventoryItems)
+  inventoryItems: many(inventoryItems),
+  game: one(games, {
+    fields: [items.gameId],
+    references: [games.id]
+  })
 }));
 var currenciesRelations = relations(currencies, ({ many }) => ({
   shopListings: many(shopListings)
@@ -75569,14 +75586,18 @@ var ItemMetadataSchema = exports_external.object({
 var InsertItemSchema = createInsertSchema(items, {
   imageUrl: exports_external.string().refine((val) => validateRelativePath2(val, "imageUrl")).optional().nullable(),
   type: exports_external.enum(itemTypeEnum.enumValues).default("other"),
-  metadata: ItemMetadataSchema.optional()
+  metadata: ItemMetadataSchema.optional(),
+  gameId: exports_external.string().uuid().optional().nullable()
 }).omit({ id: true });
 var SelectItemSchema = createSelectSchema(items);
 var UpdateItemSchema = InsertItemSchema.pick({
+  slug: true,
+  displayName: true,
+  description: true,
   type: true,
   metadata: true,
   imageUrl: true
-});
+}).partial();
 var InsertInventoryItemSchema = createInsertSchema(inventoryItems).omit({
   id: true,
   updatedAt: true
@@ -75812,7 +75833,7 @@ async function seedCurrentProjectGame(db, project) {
 // package.json
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.1.0-beta.5",
+  version: "0.1.0-beta.7",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -75825,18 +75846,18 @@ var package_default = {
       types: "./dist/cli.js"
     }
   },
-  files: [
-    "dist"
-  ],
   bin: {
     "playcademy-sandbox": "./dist/cli.js"
   },
+  files: [
+    "dist"
+  ],
   scripts: {
-    dev: "bun --watch src/cli.ts",
-    start: "bun src/cli.ts",
     build: "bun run build.ts",
+    bump: 'bunx bumpp --no-tag --no-push -c "chore(@playcademy/sandbox): release v%s"',
+    dev: "bun --watch src/cli.ts",
     pub: "bun run build && bun run bump && bun publish --access public",
-    bump: 'bunx bumpp --no-tag --no-push -c "chore(@playcademy/sandbox): release v%s"'
+    start: "bun src/cli.ts"
   },
   dependencies: {
     "@electric-sql/pglite": "^0.3.2",
@@ -75851,7 +75872,8 @@ var package_default = {
   devDependencies: {
     "@playcademy/api-core": "workspace:*",
     "@playcademy/data": "workspace:*",
-    "@types/bun": "latest"
+    "@types/bun": "latest",
+    "yocto-spinner": "catalog:"
   },
   peerDependencies: {
     typescript: "^5"
@@ -75916,7 +75938,7 @@ async function getUserMe(ctx) {
 }
 
 // ../data/src/constants.ts
-var ITEM_INTERNAL_NAMES = {
+var ITEM_SLUGS = {
   PLAYCADEMY_CREDITS: "PLAYCADEMY_CREDITS",
   PLAYCADEMY_XP: "PLAYCADEMY_XP",
   FOUNDING_MEMBER_BADGE: "FOUNDING_MEMBER_BADGE",
@@ -75927,14 +75949,15 @@ var ITEM_INTERNAL_NAMES = {
   SMALL_BACKPACK: "SMALL_BACKPACK"
 };
 var CURRENCIES = {
-  PRIMARY: ITEM_INTERNAL_NAMES.PLAYCADEMY_CREDITS,
-  XP: ITEM_INTERNAL_NAMES.PLAYCADEMY_XP
+  PRIMARY: ITEM_SLUGS.PLAYCADEMY_CREDITS,
+  XP: ITEM_SLUGS.PLAYCADEMY_XP
 };
 var BADGES = {
-  FOUNDING_MEMBER: ITEM_INTERNAL_NAMES.FOUNDING_MEMBER_BADGE,
-  EARLY_ADOPTER: ITEM_INTERNAL_NAMES.EARLY_ADOPTER_BADGE,
-  FIRST_GAME: ITEM_INTERNAL_NAMES.FIRST_GAME_BADGE
+  FOUNDING_MEMBER: ITEM_SLUGS.FOUNDING_MEMBER_BADGE,
+  EARLY_ADOPTER: ITEM_SLUGS.EARLY_ADOPTER_BADGE,
+  FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
 };
+var INTERACTION_TYPE = Object.fromEntries(interactionTypeEnum.enumValues.map((value) => [value, value]));
 
 // ../api-core/src/utils/levels.ts
 var levelConfigCache = null;
@@ -76091,7 +76114,7 @@ async function addXP(ctx, amount) {
           creditsAwarded: creditsToAward
         });
         if (creditsToAward > 0) {
-          const [creditsItem] = await tx.select({ id: items.id }).from(items).where(eq(items.internalName, CURRENCIES.PRIMARY)).limit(1);
+          const [creditsItem] = await tx.select({ id: items.id }).from(items).where(eq(items.slug, CURRENCIES.PRIMARY)).limit(1);
           if (!creditsItem) {
             throw ApiError.internal(`${CURRENCIES.PRIMARY} item not found`);
           }
@@ -76291,15 +76314,18 @@ async function getUserInventory(ctx) {
     const db = getDatabase();
     const inventory2 = await db.select({
       id: inventoryItems.id,
+      userId: inventoryItems.userId,
       quantity: inventoryItems.quantity,
       item: {
         id: items.id,
-        internalName: items.internalName,
+        slug: items.slug,
+        gameId: items.gameId,
         displayName: items.displayName,
         description: items.description,
         type: items.type,
         imageUrl: items.imageUrl,
-        metadata: items.metadata
+        metadata: items.metadata,
+        createdAt: items.createdAt
       },
       updatedAt: inventoryItems.updatedAt
     }).from(inventoryItems).where(eq(inventoryItems.userId, user.id)).innerJoin(items, eq(inventoryItems.itemId, items.id));
@@ -77928,14 +77954,13 @@ async function listGames(ctx) {
   if (!user) {
     throw ApiError.unauthorized("Must be logged in to list games");
   }
-  if (user.role !== "admin" && user.role !== "developer") {
-    throw ApiError.forbidden("Requires admin or developer privileges to list games");
-  }
   try {
     const db = getDatabase();
     let filter2 = undefined;
     if (user.role === "developer") {
       filter2 = eq(games.developerId, user.id);
+    } else if (user.role === "player") {
+      return [];
     }
     const games2 = await db.query.games.findMany({
       where: filter2,
@@ -78176,6 +78201,375 @@ async function upsertGameBySlug(ctx) {
     throw ApiError.internal("Internal server error", error2);
   }
 }
+
+// ../api-core/src/items/index.ts
+async function validateGameOwnership(user, gameId) {
+  if (user.role === "admin") {
+    return;
+  }
+  try {
+    const db = getDatabase();
+    const gameOwnership = await db.query.games.findFirst({
+      where: and(eq(games.id, gameId), eq(games.developerId, user.id)),
+      columns: { id: true }
+    });
+    if (!gameOwnership) {
+      const gameExists = await db.query.games.findFirst({
+        where: eq(games.id, gameId),
+        columns: { id: true }
+      });
+      if (!gameExists) {
+        throw ApiError.notFound("Game not found");
+      }
+      throw ApiError.forbidden("You do not own this game");
+    }
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error checking game ownership for ${gameId}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function listItems(ctx) {
+  const user = ctx.user;
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to view items");
+  }
+  try {
+    const db = getDatabase();
+    const url2 = new URL(ctx.request.url);
+    const gameId = url2.searchParams.get("gameId");
+    let allItems;
+    if (gameId) {
+      allItems = await db.query.items.findMany({
+        where: eq(items.gameId, gameId)
+      });
+    } else {
+      allItems = await db.query.items.findMany();
+    }
+    return allItems;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error("Error fetching items:", error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function getItemById(ctx) {
+  const user = ctx.user;
+  const itemId = ctx.params.itemId;
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to view item details");
+  }
+  if (!itemId) {
+    throw ApiError.badRequest("Missing item ID");
+  }
+  try {
+    const db = getDatabase();
+    const item = await db.query.items.findFirst({
+      where: eq(items.id, itemId)
+    });
+    if (!item) {
+      throw ApiError.notFound("Item not found");
+    }
+    return item;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching item ${itemId}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function createItem(ctx) {
+  const user = ctx.user;
+  if (!user || user.role !== "admin") {
+    throw ApiError.forbidden("Admin access required");
+  }
+  let inputData;
+  try {
+    const requestBody = await ctx.request.json();
+    const validationResult = InsertItemSchema.safeParse(requestBody);
+    if (!validationResult.success) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+    }
+    inputData = validationResult.data;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error("Failed to parse request body or invalid JSON:", error2);
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  try {
+    const db = getDatabase();
+    const [newItem] = await db.insert(items).values(inputData).returning();
+    if (!newItem) {
+      throw ApiError.internal("Failed to create item in database");
+    }
+    return newItem;
+  } catch (error2) {
+    if (error2 instanceof Error) {
+      if (error2.message.includes("duplicate key value violates unique constraint")) {
+        const gameScope = inputData.gameId ? "for this game" : "as a platform item";
+        throw ApiError.conflict(`An item with slug '${inputData.slug}' already exists ${gameScope}`);
+      }
+    }
+    logger2.error("Error creating item:", error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function updateItem(ctx) {
+  const user = ctx.user;
+  const itemId = ctx.params.itemId;
+  if (!user || user.role !== "admin") {
+    throw ApiError.forbidden("Admin access required");
+  }
+  if (!itemId) {
+    throw ApiError.badRequest("Missing item ID");
+  }
+  let inputData;
+  try {
+    const requestBody = await ctx.request.json();
+    const validationResult = UpdateItemSchema.safeParse(requestBody);
+    if (!validationResult.success) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+    }
+    inputData = validationResult.data;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error("Failed to parse request body or invalid JSON:", error2);
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  if (Object.keys(inputData).length === 0) {
+    throw ApiError.badRequest("No update data provided");
+  }
+  try {
+    const db = getDatabase();
+    const [updatedItem] = await db.update(items).set(inputData).where(eq(items.id, itemId)).returning();
+    if (!updatedItem) {
+      throw ApiError.notFound("Item not found for update");
+    }
+    return updatedItem;
+  } catch (error2) {
+    if (error2 instanceof Error) {
+      if (error2.message.includes("duplicate key value violates unique constraint")) {
+        throw ApiError.conflict("An item with this slug already exists within the same scope (platform or game)");
+      }
+    }
+    logger2.error(`Error updating item ${itemId}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function deleteItem(ctx) {
+  const user = ctx.user;
+  const itemId = ctx.params.itemId;
+  if (!user || user.role !== "admin") {
+    throw ApiError.forbidden("Admin access required");
+  }
+  if (!itemId) {
+    throw ApiError.badRequest("Missing item ID");
+  }
+  try {
+    const db = getDatabase();
+    const result = await db.delete(items).where(eq(items.id, itemId)).returning({ id: items.id });
+    if (result.length === 0) {
+      throw ApiError.notFound("Item not found for deletion");
+    }
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error deleting item ${itemId}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function resolveItem(ctx) {
+  const user = ctx.user;
+  const url2 = new URL(ctx.request.url);
+  const slug = url2.searchParams.get("slug");
+  const gameId = url2.searchParams.get("gameId");
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to resolve items");
+  }
+  if (!slug) {
+    throw ApiError.badRequest("Missing slug parameter");
+  }
+  try {
+    const db = getDatabase();
+    if (gameId) {
+      const gameItem = await db.query.items.findFirst({
+        where: and(eq(items.slug, slug), eq(items.gameId, gameId))
+      });
+      if (gameItem) {
+        return gameItem;
+      }
+    }
+    const platformItem = await db.query.items.findFirst({
+      where: and(eq(items.slug, slug), isNull(items.gameId))
+    });
+    if (!platformItem) {
+      throw ApiError.notFound(`Item with slug '${slug}' not found`);
+    }
+    return platformItem;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error resolving item slug ${slug}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function listGameItems(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to view items");
+  }
+  if (!gameId) {
+    throw ApiError.badRequest("Missing game ID");
+  }
+  try {
+    const db = getDatabase();
+    const gameItems = await db.query.items.findMany({
+      where: eq(items.gameId, gameId)
+    });
+    return gameItems;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error fetching items for game ${gameId}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function createGameItem(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to create items");
+  }
+  if (!gameId) {
+    throw ApiError.badRequest("Missing game ID");
+  }
+  await validateGameOwnership(user, gameId);
+  let inputData;
+  try {
+    const requestBody = await ctx.request.json();
+    const bodyData = typeof requestBody === "object" && requestBody !== null ? requestBody : {};
+    const validationResult = InsertItemSchema.safeParse({
+      ...bodyData,
+      gameId
+    });
+    if (!validationResult.success) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+    }
+    inputData = validationResult.data;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error("Failed to parse request body or invalid JSON:", error2);
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  try {
+    const db = getDatabase();
+    const [newItem] = await db.insert(items).values(inputData).returning();
+    if (!newItem) {
+      throw ApiError.internal("Failed to create item in database");
+    }
+    return newItem;
+  } catch (error2) {
+    if (error2 instanceof Error) {
+      if (error2.message.includes("duplicate key value violates unique constraint")) {
+        throw ApiError.conflict(`An item with slug '${inputData.slug}' already exists for this game`);
+      }
+    }
+    logger2.error("Error creating game item:", error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function updateGameItem(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  const itemId = ctx.params.itemId;
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to update items");
+  }
+  if (!gameId || !itemId) {
+    throw ApiError.badRequest("Missing game ID or item ID");
+  }
+  await validateGameOwnership(user, gameId);
+  let inputData;
+  try {
+    const requestBody = await ctx.request.json();
+    const validationResult = UpdateItemSchema.safeParse(requestBody);
+    if (!validationResult.success) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+    }
+    inputData = validationResult.data;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error("Failed to parse request body or invalid JSON:", error2);
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  if (Object.keys(inputData).length === 0) {
+    throw ApiError.badRequest("No update data provided");
+  }
+  try {
+    const db = getDatabase();
+    const existingItem = await db.query.items.findFirst({
+      where: and(eq(items.id, itemId), eq(items.gameId, gameId))
+    });
+    if (!existingItem) {
+      throw ApiError.notFound("Item not found for this game");
+    }
+    const [updatedItem] = await db.update(items).set(inputData).where(eq(items.id, itemId)).returning();
+    if (!updatedItem) {
+      throw ApiError.notFound("Item not found for update");
+    }
+    return updatedItem;
+  } catch (error2) {
+    if (error2 instanceof Error) {
+      if (error2.message.includes("duplicate key value violates unique constraint")) {
+        throw ApiError.conflict("An item with this slug already exists for this game");
+      }
+    }
+    logger2.error(`Error updating game item ${itemId}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function deleteGameItem(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  const itemId = ctx.params.itemId;
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to delete items");
+  }
+  if (!gameId || !itemId) {
+    throw ApiError.badRequest("Missing game ID or item ID");
+  }
+  await validateGameOwnership(user, gameId);
+  try {
+    const db = getDatabase();
+    const result = await db.delete(items).where(and(eq(items.id, itemId), eq(items.gameId, gameId))).returning({ id: items.id });
+    if (result.length === 0) {
+      throw ApiError.notFound("Item not found for this game");
+    }
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    logger2.error(`Error deleting game item ${itemId}:`, error2);
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
 // ../../node_modules/@oslojs/binary/dist/uint.js
 class BigEndian {
   uint8(data2, offset) {
@@ -79255,6 +79649,88 @@ gamesRouter.post("/uploads/finalize", async (c2) => {
     return c2.json({ error: message2 }, 500);
   }
 });
+gamesRouter.get("/:gameId/items", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await listGameItems(ctx);
+    return c2.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in listGameItems:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
+gamesRouter.post("/:gameId/items", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await createGameItem(ctx);
+    return c2.json(result, 201);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in createGameItem:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
+gamesRouter.patch("/:gameId/items/:itemId", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const itemId = c2.req.param("itemId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId, itemId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await updateGameItem(ctx);
+    return c2.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in updateGameItem:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
+gamesRouter.delete("/:gameId/items/:itemId", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const itemId = c2.req.param("itemId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId, itemId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    await deleteGameItem(ctx);
+    return c2.body(null, 204);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json({ error: error2.message }, error2.statusCode);
+    }
+    console.error("Error in deleteGameItem:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
+  }
+});
 // src/routes/manifest.ts
 var manifestRouter = new Hono2;
 manifestRouter.get("/", async (c2) => {
@@ -79269,7 +79745,7 @@ manifestRouter.get("/", async (c2) => {
       { method: "GET", url: `${baseUrl}/api/users/me` },
       { method: "GET", url: `${baseUrl}/api/inventory` },
       { method: "POST", url: `${baseUrl}/api/inventory/add` },
-      { method: "POST", url: `${baseUrl}/api/inventory/spend` },
+      { method: "POST", url: `${baseUrl}/api/inventory/remove` },
       { method: "POST", url: `${baseUrl}/api/games/:gameId/sessions` },
       {
         method: "POST",
@@ -79386,157 +79862,27 @@ shopRouter.get("/view", async (c2) => {
     return c2.json({ error: message2 }, 500);
   }
 });
-// ../api-core/src/items/index.ts
-async function listItems(ctx) {
-  const user = ctx.user;
-  if (!user) {
-    throw ApiError.unauthorized("Must be logged in to view items");
-  }
-  try {
-    const db = getDatabase();
-    const allItems = await db.query.items.findMany();
-    return allItems;
-  } catch (error2) {
-    if (error2 instanceof ApiError) {
-      throw error2;
-    }
-    logger2.error("Error fetching items:", error2);
-    throw ApiError.internal("Internal server error", error2);
-  }
-}
-async function getItemById(ctx) {
-  const user = ctx.user;
-  const itemId = ctx.params.itemId;
-  if (!user) {
-    throw ApiError.unauthorized("Must be logged in to view item details");
-  }
-  if (!itemId) {
-    throw ApiError.badRequest("Missing item ID");
-  }
-  try {
-    const db = getDatabase();
-    const item = await db.query.items.findFirst({
-      where: eq(items.id, itemId)
-    });
-    if (!item) {
-      throw ApiError.notFound("Item not found");
-    }
-    return item;
-  } catch (error2) {
-    if (error2 instanceof ApiError) {
-      throw error2;
-    }
-    logger2.error(`Error fetching item ${itemId}:`, error2);
-    throw ApiError.internal("Internal server error", error2);
-  }
-}
-async function createItem(ctx) {
-  const user = ctx.user;
-  if (!user || user.role !== "admin") {
-    throw ApiError.forbidden("Admin access required");
-  }
-  let inputData;
-  try {
-    const requestBody = await ctx.request.json();
-    const validationResult = InsertItemSchema.safeParse(requestBody);
-    if (!validationResult.success) {
-      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
-    }
-    inputData = validationResult.data;
-  } catch (error2) {
-    if (error2 instanceof ApiError) {
-      throw error2;
-    }
-    logger2.error("Failed to parse request body or invalid JSON:", error2);
-    throw ApiError.badRequest("Invalid JSON body");
-  }
-  try {
-    const db = getDatabase();
-    const [newItem] = await db.insert(items).values(inputData).returning();
-    if (!newItem) {
-      throw ApiError.internal("Failed to create item in database");
-    }
-    return newItem;
-  } catch (error2) {
-    if (error2 instanceof Error) {
-      if (error2.message.includes("duplicate key value violates unique constraint")) {
-        throw ApiError.conflict("An item with this internal name already exists");
-      }
-    }
-    logger2.error("Error creating item:", error2);
-    throw ApiError.internal("Internal server error", error2);
-  }
-}
-async function updateItem(ctx) {
-  const user = ctx.user;
-  const itemId = ctx.params.itemId;
-  if (!user || user.role !== "admin") {
-    throw ApiError.forbidden("Admin access required");
-  }
-  if (!itemId) {
-    throw ApiError.badRequest("Missing item ID");
-  }
-  let inputData;
-  try {
-    const requestBody = await ctx.request.json();
-    const validationResult = UpdateItemSchema.safeParse(requestBody);
-    if (!validationResult.success) {
-      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
-    }
-    inputData = validationResult.data;
-  } catch (error2) {
-    if (error2 instanceof ApiError) {
-      throw error2;
-    }
-    logger2.error("Failed to parse request body or invalid JSON:", error2);
-    throw ApiError.badRequest("Invalid JSON body");
-  }
-  if (Object.keys(inputData).length === 0) {
-    throw ApiError.badRequest("No update data provided");
-  }
-  try {
-    const db = getDatabase();
-    const [updatedItem] = await db.update(items).set(inputData).where(eq(items.id, itemId)).returning();
-    if (!updatedItem) {
-      throw ApiError.notFound("Item not found for update");
-    }
-    return updatedItem;
-  } catch (error2) {
-    if (error2 instanceof Error) {
-      if (error2.message.includes("duplicate key value violates unique constraint")) {
-        throw ApiError.conflict("An item with this internal name already exists");
-      }
-    }
-    logger2.error(`Error updating item ${itemId}:`, error2);
-    throw ApiError.internal("Internal server error", error2);
-  }
-}
-async function deleteItem(ctx) {
-  const user = ctx.user;
-  const itemId = ctx.params.itemId;
-  if (!user || user.role !== "admin") {
-    throw ApiError.forbidden("Admin access required");
-  }
-  if (!itemId) {
-    throw ApiError.badRequest("Missing item ID");
-  }
+// src/routes/items.ts
+var itemsRouter = new Hono2;
+itemsRouter.get("/resolve", async (c2) => {
+  const ctx = {
+    user: c2.get("user"),
+    params: {},
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
   try {
-    const db = getDatabase();
-    const result = await db.delete(items).where(eq(items.id, itemId)).returning({ id: items.id });
-    if (result.length === 0) {
-      throw ApiError.notFound("Item not found for deletion");
-    }
+    const result = await resolveItem(ctx);
+    return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      throw error2;
+      return c2.json({ error: error2.message }, error2.statusCode);
     }
-    logger2.error(`Error deleting item ${itemId}:`, error2);
-    throw ApiError.internal("Internal server error", error2);
+    console.error("Error in resolveItem:", error2);
+    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
+    return c2.json({ error: message2 }, 500);
   }
-}
-
-// src/routes/items.ts
-var itemsRouter = new Hono2;
+});
 itemsRouter.post("/", async (c2) => {
   const ctx = {
     user: c2.get("user"),
@@ -79709,8 +80055,8 @@ async function createCurrency(ctx) {
   } catch (error2) {
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint") || error2.message.includes("UNIQUE constraint failed")) {
-        if (error2.message.includes("currencies_internal_name_unique")) {
-          throw ApiError.conflict("A currency with this internal name already exists");
+        if (error2.message.includes("currencies_slug_unique")) {
+          throw ApiError.conflict("A currency with this slug already exists");
         }
         throw ApiError.conflict("A similar currency already exists");
       }
@@ -79756,8 +80102,8 @@ async function updateCurrency(ctx) {
   } catch (error2) {
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint") || error2.message.includes("UNIQUE constraint failed")) {
-        if (error2.message.includes("currencies_internal_name_unique")) {
-          throw ApiError.conflict("A currency with this internal name already exists");
+        if (error2.message.includes("currencies_slug_unique")) {
+          throw ApiError.conflict("A currency with this slug already exists");
         }
         throw ApiError.conflict("A similar currency already exists");
       }