npm - @playcademy/sandbox - Versions diffs - 0.3.5 → 0.3.7 - Mend

@playcademy/sandbox 0.3.5 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/server.js CHANGED Viewed

@@ -996,7 +996,7 @@ ${t}`), i3 = h(this, y2).getSize();
 // ../../node_modules/esbuild/lib/main.js
 var require_main = __commonJS((exports, module2) => {
-  var __dirname = "/Users/hbauer/work/projects/playcademy/node_modules/esbuild/lib", __filename = "/Users/hbauer/work/projects/playcademy/node_modules/esbuild/lib/main.js";
+  var __dirname = "/Users/hbauer/work/clones/playcademy-test/node_modules/esbuild/lib", __filename = "/Users/hbauer/work/clones/playcademy-test/node_modules/esbuild/lib/main.js";
   var __defProp2 = Object.defineProperty;
   var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
   var __getOwnPropNames2 = Object.getOwnPropertyNames;
@@ -86664,9 +86664,9 @@ var require_serde = __commonJS((exports, module2) => {
     strictParseShort: () => strictParseShort2
   });
   module2.exports = __toCommonJS(serde_exports);
-  var import_schema2 = require_schema();
+  var import_schema3 = require_schema();
   var copyDocumentWithTransform2 = (source, schemaRef, transform = (_5) => _5) => {
-    const ns = import_schema2.NormalizedSchema.of(schemaRef);
+    const ns = import_schema3.NormalizedSchema.of(schemaRef);
     switch (typeof source) {
       case "undefined":
       case "boolean":
@@ -87279,7 +87279,7 @@ var require_protocols = __commonJS((exports, module2) => {
       return "%" + c3.charCodeAt(0).toString(16).toUpperCase();
     });
   }
-  var import_schema2 = require_schema();
+  var import_schema22 = require_schema();
   var import_protocol_http2 = require_dist_cjs2();
   var import_schema3 = require_schema();
   var import_serde = require_serde();
@@ -87445,7 +87445,7 @@ var require_protocols = __commonJS((exports, module2) => {
       const query = {};
       const headers = {};
       const endpoint = await context.endpoint();
-      const ns = import_schema2.NormalizedSchema.of(operationSchema?.input);
+      const ns = import_schema22.NormalizedSchema.of(operationSchema?.input);
       const schema4 = ns.getSchema();
       let hasNonHttpBindingMember = false;
       let payload;
@@ -87462,7 +87462,7 @@ var require_protocols = __commonJS((exports, module2) => {
       if (endpoint) {
         this.updateServiceEndpoint(request3, endpoint);
         this.setHostPrefix(request3, operationSchema, input);
-        const opTraits = import_schema2.NormalizedSchema.translateTraits(operationSchema.traits);
+        const opTraits = import_schema22.NormalizedSchema.translateTraits(operationSchema.traits);
         if (opTraits.http) {
           request3.method = opTraits.http[0];
           const [path3, search] = opTraits.http[1].split("?");
@@ -87540,7 +87540,7 @@ var require_protocols = __commonJS((exports, module2) => {
       if (traits.httpQueryParams) {
         for (const [key, val2] of Object.entries(data)) {
           if (!(key in query)) {
-            this.serializeQuery(import_schema2.NormalizedSchema.of([
+            this.serializeQuery(import_schema22.NormalizedSchema.of([
               ns.getValueSchema(),
               {
                 ...traits,
@@ -87570,12 +87570,12 @@ var require_protocols = __commonJS((exports, module2) => {
     }
     async deserializeResponse(operationSchema, context, response) {
       const deserializer = this.deserializer;
-      const ns = import_schema2.NormalizedSchema.of(operationSchema.output);
+      const ns = import_schema22.NormalizedSchema.of(operationSchema.output);
       const dataObject = {};
       if (response.statusCode >= 300) {
         const bytes = await collectBody2(response.body, context);
         if (bytes.byteLength > 0) {
-          Object.assign(dataObject, await deserializer.read(import_schema2.SCHEMA.DOCUMENT, bytes));
+          Object.assign(dataObject, await deserializer.read(import_schema22.SCHEMA.DOCUMENT, bytes));
         }
         await this.handleError(operationSchema, context, response, dataObject, this.deserializeMetadata(response));
         throw new Error("@smithy/core/protocols - HTTP Protocol error handler failed to throw.");
@@ -92260,7 +92260,7 @@ var require_protocols2 = __commonJS((exports, module2) => {
       this.serdeContext = serdeContext;
     }
   };
-  var import_schema2 = require_schema();
+  var import_schema4 = require_schema();
   var import_serde2 = require_serde();
   var import_util_base64 = require_dist_cjs9();
   var import_serde = require_serde();
@@ -92351,7 +92351,7 @@ var require_protocols2 = __commonJS((exports, module2) => {
     }
     _read(schema4, value) {
       const isObject4 = value !== null && typeof value === "object";
-      const ns = import_schema2.NormalizedSchema.of(schema4);
+      const ns = import_schema4.NormalizedSchema.of(schema4);
       if (ns.isListSchema() && Array.isArray(value)) {
         const listMember = ns.getValueSchema();
         const out2 = [];
@@ -92395,13 +92395,13 @@ var require_protocols2 = __commonJS((exports, module2) => {
       }
       if (ns.isTimestampSchema()) {
         const options = this.settings.timestampFormat;
-        const format = options.useTrait ? ns.getSchema() === import_schema2.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default;
+        const format = options.useTrait ? ns.getSchema() === import_schema4.SCHEMA.TIMESTAMP_DEFAULT ? options.default : ns.getSchema() ?? options.default : options.default;
         switch (format) {
-          case import_schema2.SCHEMA.TIMESTAMP_DATE_TIME:
+          case import_schema4.SCHEMA.TIMESTAMP_DATE_TIME:
             return (0, import_serde2.parseRfc3339DateTimeWithOffset)(value);
-          case import_schema2.SCHEMA.TIMESTAMP_HTTP_DATE:
+          case import_schema4.SCHEMA.TIMESTAMP_HTTP_DATE:
             return (0, import_serde2.parseRfc7231DateTime)(value);
-          case import_schema2.SCHEMA.TIMESTAMP_EPOCH_SECONDS:
+          case import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS:
             return (0, import_serde2.parseEpochTimestamp)(value);
           default:
             console.warn("Missing timestamp format, parsing value with Date constructor:", value);
@@ -92710,7 +92710,7 @@ var require_protocols2 = __commonJS((exports, module2) => {
     }
   };
   var import_protocols2 = require_protocols();
-  var import_schema4 = require_schema();
+  var import_schema42 = require_schema();
   var import_util_body_length_browser2 = require_dist_cjs21();
   var AwsRestJsonProtocol = class extends import_protocols2.HttpBindingProtocol {
     static {
@@ -92726,7 +92726,7 @@ var require_protocols2 = __commonJS((exports, module2) => {
       const settings = {
         timestampFormat: {
           useTrait: true,
-          default: import_schema4.SCHEMA.TIMESTAMP_EPOCH_SECONDS
+          default: import_schema42.SCHEMA.TIMESTAMP_EPOCH_SECONDS
         },
         httpBindings: true,
         jsonName: true
@@ -92747,7 +92747,7 @@ var require_protocols2 = __commonJS((exports, module2) => {
     }
     async serializeRequest(operationSchema, input, context) {
       const request3 = await super.serializeRequest(operationSchema, input, context);
-      const inputSchema = import_schema4.NormalizedSchema.of(operationSchema.input);
+      const inputSchema = import_schema42.NormalizedSchema.of(operationSchema.input);
       const members = inputSchema.getMemberSchemas();
       if (!request3.headers["content-type"]) {
         const httpPayloadMember = Object.values(members).find((m5) => {
@@ -92791,19 +92791,19 @@ var require_protocols2 = __commonJS((exports, module2) => {
       if (errorIdentifier.includes("#")) {
         [namespace, errorName] = errorIdentifier.split("#");
       }
-      const registry2 = import_schema4.TypeRegistry.for(namespace);
+      const registry2 = import_schema42.TypeRegistry.for(namespace);
       let errorSchema;
       try {
         errorSchema = registry2.getSchema(errorIdentifier);
       } catch (e2) {
-        const baseExceptionSchema = import_schema4.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException();
+        const baseExceptionSchema = import_schema42.TypeRegistry.for("smithy.ts.sdk.synthetic." + namespace).getBaseException();
         if (baseExceptionSchema) {
           const ErrorCtor = baseExceptionSchema.ctor;
           throw Object.assign(new ErrorCtor(errorName), dataObject);
         }
         throw new Error(errorName);
       }
-      const ns = import_schema4.NormalizedSchema.of(errorSchema);
+      const ns = import_schema42.NormalizedSchema.of(errorSchema);
       const message2 = dataObject.message ?? dataObject.Message ?? "Unknown";
       const exception = new errorSchema.ctor(message2);
       await this.deserializeHttpMessage(errorSchema, context, response, dataObject);
@@ -119571,7 +119571,7 @@ async function requirePortAvailable(port, timeoutMs = 100) {
 // package.json
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.3.5",
+  version: "0.3.7",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -134350,6 +134350,21 @@ async function mintGameJwt(gameId, userId) {
   const token = await signJwt({ uid: userId }, "game", expirationTimeSeconds, gameId);
   return { token, exp: expirationTimestampMillis };
 }
+async function mintRealtimeJwt(userId, gameId, username, role) {
+  const payload = {
+    sub: userId
+  };
+  if (gameId) {
+    payload.gameId = gameId;
+  }
+  if (username) {
+    payload.username = username;
+  }
+  if (role) {
+    payload.role = role;
+  }
+  return await signJwt(payload, "realtime", "30m");
+}
 // ../api-core/src/utils/validation.ts
 function formatValidationErrors(error2) {
   const flattened = error2.flatten();
@@ -143454,6 +143469,17 @@ function createCustomHostnamesNamespace(config2) {
     }
   };
 }
+// ../cloudflare/src/utils/schema.ts
+function buildSchemaSql(sql3) {
+  const trimmed = sql3.trim();
+  if (!trimmed) {
+    return "";
+  }
+  return `PRAGMA defer_foreign_keys = on;
+${trimmed}
+PRAGMA defer_foreign_keys = off;`;
+}
 // ../cloudflare/src/core/namespaces/d1.ts
 function createD1Namespace(config2) {
   const { client, accountId } = config2;
@@ -143488,26 +143514,22 @@ function createD1Namespace(config2) {
     async executeSchema(databaseId, schema4) {
       log2.debug("[Cloudflare D1] Executing schema", {
         databaseId,
-        schemaHash: schema4.hash
+        schemaHash: schema4.hash,
+        sqlLength: schema4.sql.length
       });
       try {
-        const statements = schema4.sql.split(";").map((stmt) => stmt.trim()).filter((stmt) => stmt.length > 0 && !stmt.startsWith("--"));
-        for (const statement of statements) {
-          if (statement.trim()) {
-            log2.debug("[Cloudflare D1] Executing SQL statement", {
-              databaseId,
-              statement: statement.substring(0, 100) + (statement.length > 100 ? "..." : "")
-            });
-            await client.d1.database.query(databaseId, {
-              account_id: accountId,
-              sql: statement
-            });
-          }
-        }
+        const sql3 = buildSchemaSql(schema4.sql);
+        log2.debug("[Cloudflare D1] Executing schema", {
+          databaseId,
+          sql: sql3
+        });
+        await client.d1.database.query(databaseId, {
+          account_id: accountId,
+          sql: sql3
+        });
         log2.info("[Cloudflare D1] Schema executed", {
           databaseId,
-          schemaHash: schema4.hash,
-          statementsExecuted: statements.length
+          schemaHash: schema4.hash
         });
       } catch (error2) {
         log2.error("[Cloudflare D1] Failed to execute schema", {
@@ -143537,52 +143559,31 @@ function createD1Namespace(config2) {
     },
     async reset(name4) {
       log2.debug("[Cloudflare D1] Resetting database", { name: name4 });
-      const databases = await client.d1.database.list({ account_id: accountId });
-      let databaseId = null;
-      for await (const db of databases) {
-        if (db.name === name4 && db.uuid) {
-          databaseId = db.uuid;
-          break;
+      try {
+        const databases = await client.d1.database.list({ account_id: accountId });
+        for await (const db of databases) {
+          if (db.name === name4 && db.uuid) {
+            log2.debug("[Cloudflare D1] Deleting existing database", {
+              name: name4,
+              uuid: db.uuid
+            });
+            await client.d1.database.delete(db.uuid, { account_id: accountId });
+            log2.info("[Cloudflare D1] Deleted existing database", { name: name4 });
+            break;
+          }
         }
+      } catch (error2) {
+        log2.warn("[Cloudflare D1] Failed to delete existing database", { name: name4, error: error2 });
       }
-      if (!databaseId) {
-        throw new Error(`D1 database not found: ${name4}`);
-      }
-      const tablesResult = await client.d1.database.query(databaseId, {
+      const result = await client.d1.database.create({
         account_id: accountId,
-        sql: "SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' AND name NOT LIKE '_cf_%'"
+        name: name4
       });
-      const tables = tablesResult.result?.[0]?.results || [];
-      if (tables.length === 0) {
-        log2.info("[Cloudflare D1] No tables to drop", { name: name4, databaseId });
-        return;
+      if (!result.uuid) {
+        throw new Error("Database creation succeeded but no UUID returned");
       }
-      log2.debug("[Cloudflare D1] Found tables to drop", {
-        databaseId,
-        count: tables.length,
-        tables: tables.map((t2) => t2.name)
-      });
-      await client.d1.database.query(databaseId, {
-        account_id: accountId,
-        sql: "PRAGMA defer_foreign_keys = on"
-      });
-      for (const table14 of tables) {
-        if (!table14.name)
-          continue;
-        await client.d1.database.query(databaseId, {
-          account_id: accountId,
-          sql: `DROP TABLE IF EXISTS "${table14.name}"`
-        });
-      }
-      await client.d1.database.query(databaseId, {
-        account_id: accountId,
-        sql: "PRAGMA defer_foreign_keys = off"
-      });
-      log2.info("[Cloudflare D1] Database reset complete", {
-        name: name4,
-        databaseId,
-        tablesDropped: tables.length
-      });
+      log2.info("[Cloudflare D1] Database reset complete", { name: name4, uuid: result.uuid });
+      return result.uuid;
     }
   };
 }
@@ -144788,6 +144789,56 @@ async function verifyGameAccessBySlug(slug2, user) {
 function getGameWorkerApiKeyName(slug2) {
   return `game-worker-${slug2}`.substring(0, 32);
 }
+// ../api-core/src/utils/secrets-storage.ts
+var import_client_s32 = __toESM(require_dist_cjs81(), 1);
+function getSecretsConfig() {
+  const bucketName = process.env.GAME_SECRETS_BUCKET;
+  const masterKey = process.env.GAME_SECRETS_MASTER_KEY;
+  if (!bucketName || !masterKey) {
+    throw new Error("Secrets storage not configured");
+  }
+  const accessKeyId = process.env.CLOUDFLARE_R2_ACCESS_KEY_ID;
+  const secretAccessKey = process.env.CLOUDFLARE_R2_SECRET_ACCESS_KEY;
+  const endpoint = process.env.CLOUDFLARE_R2_DEFAULT_ENDPOINT;
+  if (!accessKeyId || !secretAccessKey || !endpoint) {
+    throw new Error("R2 credentials not configured");
+  }
+  return {
+    bucketName,
+    credentials: {
+      accessKeyId,
+      secretAccessKey,
+      endpoint
+    },
+    masterKey
+  };
+}
+function getSecretsKey(gameId) {
+  return `${gameId}.json.enc`;
+}
+function createR2Client(config2) {
+  return new import_client_s32.S3Client({
+    region: "auto",
+    endpoint: config2.credentials.endpoint,
+    credentials: {
+      accessKeyId: config2.credentials.accessKeyId,
+      secretAccessKey: config2.credentials.secretAccessKey
+    }
+  });
+}
+async function deleteSecrets(gameId, config2) {
+  const client = createR2Client(config2);
+  const key = getSecretsKey(gameId);
+  try {
+    await client.send(new import_client_s32.DeleteObjectCommand({
+      Bucket: config2.bucketName,
+      Key: key
+    }));
+  } catch (error2) {
+    log2.error("[SecretsStorage] Failed to delete secrets", { gameId, error: error2 });
+    throw new Error(`Failed to delete secrets for game ${gameId}`);
+  }
+}
 // src/database/seed/achievements.ts
 async function seedAchievements(db) {
   const now2 = new Date;
@@ -144831,6 +144882,30 @@ async function seedCurrencies(db) {
   }
 }
+// src/lib/logging/adapter.ts
+var customLogger;
+function setLogger(logger3) {
+  customLogger = logger3;
+}
+function getLogger() {
+  if (customLogger) {
+    return customLogger;
+  }
+  return {
+    info: (msg) => console.log(msg),
+    warn: (msg) => console.warn(msg),
+    error: (msg) => console.error(msg)
+  };
+}
+var logger3 = {
+  info: (msg) => {
+    if (customLogger || !config.embedded) {
+      getLogger().info(msg);
+    }
+  },
+  warn: (msg) => getLogger().warn(msg),
+  error: (msg) => getLogger().error(msg)
+};
 // src/database/seed/timeback.ts
 function generateMockStudentId(userId) {
   return `mock-student-${userId.slice(-8)}`;
@@ -144895,7 +144970,7 @@ async function seedCoreGames(db) {
     try {
       await db.insert(games).values(gameData).onConflictDoNothing();
     } catch (error2) {
-      console.error(`Error seeding core game '${gameData.slug}':`, error2);
+      logger3.error(`Error seeding core game '${gameData.slug}': ${error2}`);
     }
   }
 }
@@ -144936,7 +145011,7 @@ async function seedCurrentProjectGame(db, project) {
     }
     return newGame;
   } catch (error2) {
-    console.error("❌ Error seeding project game:", error2);
+    logger3.error(`❌ Error seeding project game: ${error2}`);
     throw error2;
   }
 }
@@ -145063,13 +145138,6 @@ async function setupServerDatabase(processedOptions, project) {
 // src/server/options.ts
 var import_json_colorizer = __toESM(require_dist2(), 1);
-// src/lib/logging/adapter.ts
-var customLogger;
-function setLogger(logger3) {
-  customLogger = logger3;
-}
-// src/server/options.ts
 function processServerOptions(_port, options) {
   const {
     verbose = false,
@@ -145197,6 +145265,8 @@ manifestRouter.get("/", async (c3) => {
       { method: "GET", url: `${baseUrl}/api/notifications/stats/:userId` },
       { method: "POST", url: `${baseUrl}/api/notifications/deliver` },
       { method: "POST", url: `${baseUrl}/api/timeback/populate-student` },
+      { method: "GET", url: `${baseUrl}/api/timeback/user` },
+      { method: "GET", url: `${baseUrl}/api/timeback/user/:timebackId` },
       { method: "GET", url: `${baseUrl}/api/timeback/xp/today` },
       { method: "PUT", url: `${baseUrl}/api/timeback/xp/today` },
       { method: "GET", url: `${baseUrl}/api/timeback/xp/total` },
@@ -150456,6 +150526,10 @@ async function getMockTimebackData(db, timebackId, gameId) {
   });
   return { id: timebackId, role, enrollments, organizations };
 }
+async function getMockTimebackUser(db, gameId) {
+  const timebackId = config.timeback.timebackId || "mock-student-00000001";
+  return getMockTimebackData(db, timebackId, gameId);
+}
 async function buildMockUserResponse(db, user, gameId) {
   const timeback3 = user.timebackId ? await getMockTimebackData(db, user.timebackId, gameId) : undefined;
   if (gameId) {
@@ -150586,57 +150660,6 @@ usersRouter.all("/", async (c3) => {
   const error2 = ApiError.methodNotAllowed("Method not allowed");
   return c3.json(createErrorResponse(error2), 405);
 });
-// ../api-core/src/utils/secrets-storage.ts
-var import_client_s32 = __toESM(require_dist_cjs81(), 1);
-function getSecretsConfig() {
-  const bucketName = process.env.GAME_SECRETS_BUCKET;
-  const masterKey = process.env.GAME_SECRETS_MASTER_KEY;
-  if (!bucketName || !masterKey) {
-    throw new Error("Secrets storage not configured");
-  }
-  const accessKeyId = process.env.CLOUDFLARE_R2_ACCESS_KEY_ID;
-  const secretAccessKey = process.env.CLOUDFLARE_R2_SECRET_ACCESS_KEY;
-  const endpoint = process.env.CLOUDFLARE_R2_DEFAULT_ENDPOINT;
-  if (!accessKeyId || !secretAccessKey || !endpoint) {
-    throw new Error("R2 credentials not configured");
-  }
-  return {
-    bucketName,
-    credentials: {
-      accessKeyId,
-      secretAccessKey,
-      endpoint
-    },
-    masterKey
-  };
-}
-function getSecretsKey(gameId) {
-  return `${gameId}.json.enc`;
-}
-function createR2Client(config2) {
-  return new import_client_s32.S3Client({
-    region: "auto",
-    endpoint: config2.credentials.endpoint,
-    credentials: {
-      accessKeyId: config2.credentials.accessKeyId,
-      secretAccessKey: config2.credentials.secretAccessKey
-    }
-  });
-}
-async function deleteSecrets(gameId, config2) {
-  const client = createR2Client(config2);
-  const key = getSecretsKey(gameId);
-  try {
-    await client.send(new import_client_s32.DeleteObjectCommand({
-      Bucket: config2.bucketName,
-      Key: key
-    }));
-  } catch (error2) {
-    log2.error("[SecretsStorage] Failed to delete secrets", { gameId, error: error2 });
-    throw new Error(`Failed to delete secrets for game ${gameId}`);
-  }
-}
 // ../../node_modules/ulidx/dist/node/index.js
 import crypto6 from "node:crypto";
@@ -153033,6 +153056,7 @@ gameUploadsRouter.post("/uploads/initiate", async (c3) => {
 // src/routes/platform/games/verify.ts
 var gameVerifyRouter = new Hono2;
 gameVerifyRouter.post("/verify", async (c3) => {
+  const clonedRequest = c3.req.raw.clone();
   const body2 = await c3.req.json().catch(() => ({}));
   const token2 = body2?.token;
   if (!token2) {
@@ -153061,11 +153085,43 @@ gameVerifyRouter.post("/verify", async (c3) => {
       }
     });
   }
+  if (token2.endsWith(".sandbox")) {
+    try {
+      const parts2 = token2.split(".");
+      if (parts2.length === 3) {
+        const payload = JSON.parse(atob(parts2[1]));
+        const userId = payload.uid;
+        const gameIdOrSlug = payload.sub;
+        const db = c3.get("db");
+        const userData = await db.query.users.findFirst({
+          where: (users2, { eq: eq3 }) => eq3(users2.id, userId)
+        });
+        if (!userData) {
+          return c3.json({ error: "User not found in sandbox" }, 500);
+        }
+        return c3.json({
+          claims: payload,
+          gameId: gameIdOrSlug,
+          user: {
+            sub: userData.id,
+            email: userData.email || "",
+            name: userData.name || userData.username || "",
+            email_verified: true,
+            given_name: undefined,
+            family_name: undefined,
+            timeback_id: userData.timebackId || undefined
+          }
+        });
+      }
+    } catch {
+      return c3.json({ error: "Invalid sandbox token" }, 400);
+    }
+  }
   const ctx = {
     user: undefined,
     params: {},
     url: new URL(c3.req.url),
-    request: c3.req.raw
+    request: clonedRequest
   };
   try {
     const result = await verifyGameToken(ctx);
@@ -155212,7 +155268,7 @@ async function deliverNotifications(ctx) {
   if (!user) {
     throw ApiError.unauthorized("Must be logged in to deliver notifications");
   }
-  log2.info("[API] Delivering pending notifications", {
+  log2.debug("[API] Delivering pending notifications", {
     userId: user.id
   });
   try {
@@ -155320,6 +155376,58 @@ notificationsRouter.post("/deliver", async (c3) => {
     return c3.json(createUnknownErrorResponse(error2), 500);
   }
 });
+// ../api-core/src/handlers/realtime/token.ts
+async function generateRealtimeToken(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params?.gameId;
+  log2.debug("[API] generating realtime token", {
+    userId: user?.id || "anonymous",
+    gameId: gameId || "none"
+  });
+  if (!user) {
+    throw ApiError.unauthorized("Valid session or bearer token required");
+  }
+  try {
+    if (gameId) {
+      const db = getDatabase();
+      const game = await db.query.games.findFirst({
+        where: eq(games.id, gameId),
+        columns: { id: true }
+      });
+      if (!game) {
+        throw ApiError.notFound("Game not found");
+      }
+    }
+    const displayName = user.username || (user.name ? user.name.split(" ")[0] : undefined) || undefined;
+    const token2 = await mintRealtimeJwt(user.id, gameId, displayName, user.role || undefined);
+    return { token: token2 };
+  } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
+    log2.error("[API /realtime/token] Failed to generate realtime token:", { error: error2 });
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+// src/routes/platform/realtime.ts
+var realtimeRouter = new Hono2;
+realtimeRouter.post("/token", async (c3) => {
+  const ctx = {
+    user: c3.get("user"),
+    params: {},
+    url: new URL(c3.req.url),
+    request: c3.req.raw
+  };
+  try {
+    const result = await generateRealtimeToken(ctx);
+    return c3.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c3.json(createErrorResponse(error2), error2.statusCode);
+    }
+    console.error("Error in realtime/token:", error2);
+    return c3.json(createUnknownErrorResponse(error2), 500);
+  }
+});
 // ../api-core/src/utils/timeback-errors.ts
 function isTimebackApiError(error2) {
   return typeof error2 === "object" && error2 !== null && "name" in error2 && error2.name === "TimebackApiError" && "status" in error2 && "details" in error2;
@@ -155854,24 +155962,59 @@ async function getTimeBackXpHistory(ctx) {
     throw ApiError.internal("Failed to get TimeBack XP history", error2);
   }
 }
-// ../api-core/src/handlers/timeback/enrollments.ts
-async function getStudentEnrollments(ctx) {
+// ../api-core/src/handlers/timeback/user.ts
+async function getTimebackUser(ctx) {
+  const user = ctx.user;
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to get timeback data");
+  }
+  const db = getDatabase();
+  const userData = await db.query.users.findFirst({
+    where: eq(users.id, user.id)
+  });
+  if (!userData) {
+    throw ApiError.notFound("User not found");
+  }
+  if (!userData.timebackId) {
+    throw ApiError.notFound("User does not have a TimeBack account");
+  }
+  log2.debug("[API] Getting timeback user data", {
+    userId: user.id,
+    timebackId: userData.timebackId,
+    gameId: ctx.gameId
+  });
+  const timeback3 = await fetchUserTimebackData(userData.timebackId, ctx.gameId);
+  log2.info("[API] Retrieved timeback user data", {
+    userId: user.id,
+    timebackId: userData.timebackId,
+    role: timeback3.role,
+    enrollmentCount: timeback3.enrollments.length,
+    organizationCount: timeback3.organizations.length
+  });
+  return timeback3;
+}
+async function getTimebackUserById(ctx) {
   const user = ctx.user;
   if (!user) {
-    throw ApiError.unauthorized("Must be logged in to get enrollments");
+    throw ApiError.unauthorized("Must be logged in to get timeback data");
   }
   const timebackId = ctx.params.timebackId;
   if (!timebackId) {
     throw ApiError.badRequest("Missing timebackId parameter");
   }
-  log2.debug("[API] Getting student enrollments", { userId: user.id, timebackId });
-  const enrollments = await fetchEnrollmentsFromEduBridge(timebackId);
-  log2.info("[API] Retrieved student enrollments", {
-    userId: user.id,
+  log2.debug("[API] Getting timeback user by ID", {
+    requesterId: user.id,
+    timebackId
+  });
+  const timeback3 = await fetchUserTimebackData(timebackId);
+  log2.info("[API] Retrieved timeback user by ID", {
+    requesterId: user.id,
     timebackId,
-    enrollmentCount: enrollments.length
+    role: timeback3.role,
+    enrollmentCount: timeback3.enrollments.length,
+    organizationCount: timeback3.organizations.length
   });
-  return { enrollments };
+  return timeback3;
 }
 // src/routes/integrations/timeback.ts
 var timebackRouter = new Hono2;
@@ -156064,32 +156207,62 @@ timebackRouter.post("/end-activity", async (c3) => {
     return c3.json(createUnknownErrorResponse(error2), 500);
   }
 });
-timebackRouter.get("/enrollments/:timebackId", async (c3) => {
+timebackRouter.get("/user", async (c3) => {
+  const user2 = c3.get("user");
+  const gameId = c3.get("gameId");
+  if (!user2) {
+    const error2 = ApiError.unauthorized("Must be logged in to get timeback data");
+    return c3.json(createErrorResponse(error2), error2.statusCode);
+  }
+  try {
+    if (shouldMockTimeback()) {
+      const db = c3.get("db");
+      const timeback3 = await getMockTimebackUser(db, gameId);
+      return c3.json(timeback3);
+    }
+    const ctx = {
+      user: user2,
+      params: {},
+      url: new URL(c3.req.url),
+      request: c3.req.raw,
+      gameId
+    };
+    const result = await getTimebackUser(ctx);
+    return c3.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c3.json(createErrorResponse(error2), error2.statusCode);
+    }
+    console.error("Error in getTimebackUser:", error2);
+    return c3.json(createUnknownErrorResponse(error2), 500);
+  }
+});
+timebackRouter.get("/user/:timebackId", async (c3) => {
   const timebackId = c3.req.param("timebackId");
-  const user = c3.get("user");
-  if (!user) {
-    const error2 = ApiError.unauthorized("Must be logged in to get enrollments");
+  const user2 = c3.get("user");
+  if (!user2) {
+    const error2 = ApiError.unauthorized("Must be logged in to get timeback data");
     return c3.json(createErrorResponse(error2), error2.statusCode);
   }
   try {
     if (shouldMockTimeback()) {
       const db = c3.get("db");
-      const enrollments2 = await getMockEnrollments(db);
-      return c3.json({ enrollments: enrollments2 });
+      const timeback3 = await getMockTimebackUser(db);
+      return c3.json(timeback3);
     }
     const ctx = {
-      user,
+      user: user2,
       params: { timebackId },
       url: new URL(c3.req.url),
       request: c3.req.raw
     };
-    const result = await getStudentEnrollments(ctx);
+    const result = await getTimebackUserById(ctx);
     return c3.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
       return c3.json(createErrorResponse(error2), error2.statusCode);
     }
-    console.error("Error in getStudentEnrollments:", error2);
+    console.error("Error in getTimebackUserById:", error2);
     return c3.json(createUnknownErrorResponse(error2), 500);
   }
 });
@@ -156126,29 +156299,29 @@ async function provisionUserFromLti(claims) {
     where: and(eq(accounts.accountId, ltiTimebackId), eq(accounts.providerId, providerId))
   });
   if (existingAccount) {
-    const user2 = await db.query.users.findFirst({
+    const user3 = await db.query.users.findFirst({
       where: eq(users.id, existingAccount.userId)
     });
-    if (user2) {
+    if (user3) {
       log2.info("[lti-timeback] Found existing user by LTI account linkage", {
-        userId: user2.id,
+        userId: user3.id,
         ltiTimebackId
       });
-      return user2;
+      return user3;
     }
   }
-  const user = await db.query.users.findFirst({
+  const user2 = await db.query.users.findFirst({
     where: eq(users.email, email)
   });
-  if (user) {
+  if (user2) {
     await db.transaction(async (tx) => {
       const existingLtiAccount = await tx.query.accounts.findFirst({
-        where: and(eq(accounts.userId, user.id), eq(accounts.providerId, providerId))
+        where: and(eq(accounts.userId, user2.id), eq(accounts.providerId, providerId))
       });
       if (!existingLtiAccount) {
         await tx.insert(accounts).values({
           id: crypto7.randomUUID(),
-          userId: user.id,
+          userId: user2.id,
           accountId: ltiTimebackId,
           providerId,
           accessToken: null,
@@ -156159,14 +156332,14 @@ async function provisionUserFromLti(claims) {
           updatedAt: new Date
         });
         log2.info("[lti-timeback] Linked existing user to LTI provider", {
-          userId: user.id,
-          email: user.email,
+          userId: user2.id,
+          email: user2.email,
           ltiTimebackId,
           note: "User may have different TimeBack ID from OAuth flow"
         });
       }
     });
-    return user;
+    return user2;
   }
   const newUserId = crypto7.randomUUID();
   const createdUser = await db.transaction(async (tx) => {
@@ -156209,10 +156382,10 @@ async function processLtiLaunch(idToken) {
   try {
     const claims = await verifyLtiToken(idToken);
     validateLtiClaims(claims);
-    const user = await provisionUserFromLti(claims);
+    const user2 = await provisionUserFromLti(claims);
     const targetUri = claims["https://purl.imsglobal.org/spec/lti/claim/target_link_uri"];
     return {
-      user,
+      user: user2,
       targetUri,
       claims
     };
@@ -156232,45 +156405,45 @@ async function processTimeBackLtiLaunch(ctx) {
   }
   const currentHost = ctx.url.hostname;
   const launchResult = await processLtiLaunch(idToken);
-  const { user, targetUri, claims } = launchResult;
+  const { user: user2, targetUri, claims } = launchResult;
   log2.info("[lti-timeback] User roles", {
-    userId: user.id,
+    userId: user2.id,
     isLearner: LtiRoleChecks.isLearner(claims),
     isInstructor: LtiRoleChecks.isInstructor(claims),
     isAdministrator: LtiRoleChecks.isAdministrator(claims),
     allRoles: claims["https://purl.imsglobal.org/spec/lti/claim/roles"]
   });
-  const sessionToken = await createLtiSession(user.id);
+  const sessionToken = await createLtiSession(user2.id);
   const redirectPath = extractRedirectPath(targetUri, currentHost);
   log2.info("[lti-timeback] LTI launch successful", {
-    userId: user.id,
+    userId: user2.id,
     redirectPath
   });
   return {
-    user,
+    user: user2,
     redirectPath,
     sessionToken
   };
 }
 async function getTimeBackLtiStatus(ctx) {
-  const user = ctx.user;
-  if (!user) {
+  const user2 = ctx.user;
+  if (!user2) {
     throw ApiError.unauthorized("Must be logged in");
   }
   const db = getDatabase();
   const ltiAccount = await db.query.accounts.findFirst({
-    where: and(eq(accounts.userId, user.id), eq(accounts.providerId, AUTH_PROVIDER_IDS.TIMEBACK_LTI))
+    where: and(eq(accounts.userId, user2.id), eq(accounts.providerId, AUTH_PROVIDER_IDS.TIMEBACK_LTI))
   });
   const oauthAccount = await db.query.accounts.findFirst({
-    where: and(eq(accounts.userId, user.id), eq(accounts.providerId, AUTH_PROVIDER_IDS.TIMEBACK))
+    where: and(eq(accounts.userId, user2.id), eq(accounts.providerId, AUTH_PROVIDER_IDS.TIMEBACK))
   });
   return {
     hasLtiAccount: !!ltiAccount,
     ltiTimebackId: ltiAccount?.accountId || undefined,
     hasOAuthAccount: !!oauthAccount,
-    oauthTimebackId: oauthAccount?.accountId || user.timebackId || undefined,
-    email: user.email,
-    userId: user.id
+    oauthTimebackId: oauthAccount?.accountId || user2.timebackId || undefined,
+    email: user2.email,
+    userId: user2.id
   };
 }
@@ -156309,20 +156482,20 @@ ltiRouter.all("/launch", async (c3) => {
   }
 });
 ltiRouter.get("/status", async (c3) => {
-  let user = undefined;
+  let user2 = undefined;
   const authHeader = c3.req.header("Authorization");
   if (authHeader?.startsWith("Bearer ")) {
     const token2 = authHeader.substring(7);
     const demoUser = DEMO_TOKENS[token2];
     if (demoUser) {
       const db = c3.get("db");
-      user = await db.query.users.findFirst({
+      user2 = await db.query.users.findFirst({
         where: eq(users.id, demoUser.id)
       });
     }
   }
   const ctx = {
-    user,
+    user: user2,
     params: {},
     url: new URL(c3.req.url),
     request: c3.req.raw
@@ -156357,6 +156530,7 @@ function registerRoutes(app) {
   app.route("/api/sprites", spriteRouter);
   app.route("/api/achievements", achievementsRouter);
   app.route("/api/notifications", notificationsRouter);
+  app.route("/api/realtime", realtimeRouter);
   app.route("/api/dev", devRouter);
   app.route("/api/timeback", timebackRouter);
   app.route("/api/lti", ltiRouter);