@playcademy/sdk 0.1.17 → 0.2.0

package/dist/index.js

@@ -1,28 +1,21 @@
-var __defProp = Object.defineProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
-
 // ../logger/src/index.ts
 var isBrowser = () => {
   const g = globalThis;
   return typeof g.window !== "undefined" && typeof g.document !== "undefined";
-}, isProduction = () => {
+};
+var isProduction = () => {
   return typeof process !== "undefined" && false;
-}, isDevelopment = () => {
+};
+var isDevelopment = () => {
   return typeof process !== "undefined" && true;
-}, isInteractiveTTY = () => {
+};
+var isInteractiveTTY = () => {
   return typeof process !== "undefined" && Boolean(process.stdout && process.stdout.isTTY);
-}, isSilent = () => {
+};
+var isSilent = () => {
   return typeof process !== "undefined" && process.env.LOG_SILENT === "true";
-}, detectOutputFormat = () => {
+};
+var detectOutputFormat = () => {
   if (isBrowser()) {
     return "browser";
   }
@@ -46,7 +39,17 @@ var isBrowser = () => {
     return "color-tty";
   }
   return "json-single-line";
-}, colors, getLevelColor = (level) => {
+};
+var colors = {
+  reset: "\x1B[0m",
+  dim: "\x1B[2m",
+  red: "\x1B[31m",
+  yellow: "\x1B[33m",
+  blue: "\x1B[34m",
+  cyan: "\x1B[36m",
+  gray: "\x1B[90m"
+};
+var getLevelColor = (level) => {
   switch (level) {
     case "debug":
       return colors.blue;
@@ -59,7 +62,8 @@ var isBrowser = () => {
     default:
       return colors.reset;
   }
-}, formatBrowserOutput = (level, message, context) => {
+};
+var formatBrowserOutput = (level, message, context) => {
   const timestamp = new Date().toISOString();
   const levelUpper = level.toUpperCase();
   const consoleMethod = getConsoleMethod(level);
@@ -68,7 +72,8 @@ var isBrowser = () => {
   } else {
     consoleMethod(`[${timestamp}] ${levelUpper}`, message);
   }
-}, formatColorTTY = (level, message, context) => {
+};
+var formatColorTTY = (level, message, context) => {
   const timestamp = new Date().toISOString();
   const levelColor = getLevelColor(level);
   const levelUpper = level.toUpperCase().padEnd(5);
@@ -79,7 +84,8 @@ var isBrowser = () => {
   } else {
     consoleMethod(`${coloredPrefix} ${message}`);
   }
-}, formatJSONSingleLine = (level, message, context) => {
+};
+var formatJSONSingleLine = (level, message, context) => {
   const timestamp = new Date().toISOString();
   const logEntry = {
     timestamp,
@@ -89,7 +95,8 @@ var isBrowser = () => {
   };
   const consoleMethod = getConsoleMethod(level);
   consoleMethod(JSON.stringify(logEntry));
-}, formatJSONPretty = (level, message, context) => {
+};
+var formatJSONPretty = (level, message, context) => {
   const timestamp = new Date().toISOString();
   const logEntry = {
     timestamp,
@@ -99,7 +106,8 @@ var isBrowser = () => {
   };
   const consoleMethod = getConsoleMethod(level);
   consoleMethod(JSON.stringify(logEntry, null, 2));
-}, getConsoleMethod = (level) => {
+};
+var getConsoleMethod = (level) => {
   switch (level) {
     case "debug":
       return console.debug;
@@ -112,18 +120,28 @@ var isBrowser = () => {
     default:
       return console.log;
   }
-}, levelPriority, getMinimumLogLevel = () => {
+};
+var levelPriority = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3
+};
+var getMinimumLogLevel = () => {
   const envLevel = typeof process !== "undefined" ? (process.env.LOG_LEVEL ?? "").toLowerCase() : "";
   if (envLevel && ["debug", "info", "warn", "error"].includes(envLevel)) {
     return envLevel;
   }
   return isProduction() ? "info" : "debug";
-}, shouldLog = (level) => {
+};
+var shouldLog = (level) => {
   if (isSilent())
     return false;
   const minLevel = getMinimumLogLevel();
   return levelPriority[level] >= levelPriority[minLevel];
-}, customHandler, performLog = (level, message, context) => {
+};
+var customHandler;
+var performLog = (level, message, context) => {
   if (!shouldLog(level))
     return;
   if (customHandler) {
@@ -145,7 +163,8 @@ var isBrowser = () => {
       formatJSONPretty(level, message, context);
       break;
   }
-}, createLogger = () => {
+};
+var createLogger = () => {
   return {
     debug: (message, context) => performLog("debug", message, context),
     info: (message, context) => performLog("info", message, context),
@@ -153,25 +172,8 @@ var isBrowser = () => {
     error: (message, context) => performLog("error", message, context),
     log: performLog
   };
-}, log;
-var init_src = __esm(() => {
-  colors = {
-    reset: "\x1B[0m",
-    dim: "\x1B[2m",
-    red: "\x1B[31m",
-    yellow: "\x1B[33m",
-    blue: "\x1B[34m",
-    cyan: "\x1B[36m",
-    gray: "\x1B[90m"
-  };
-  levelPriority = {
-    debug: 0,
-    info: 1,
-    warn: 2,
-    error: 3
-  };
-  log = createLogger();
-});
+};
+var log = createLogger();
 
 // src/core/auth/strategies.ts
 class ApiKeyAuth {
@@ -421,8 +423,25 @@ class ConnectionMonitor {
     });
   }
 }
-
 // src/messaging.ts
+var MessageEvents;
+((MessageEvents2) => {
+  MessageEvents2["INIT"] = "PLAYCADEMY_INIT";
+  MessageEvents2["TOKEN_REFRESH"] = "PLAYCADEMY_TOKEN_REFRESH";
+  MessageEvents2["PAUSE"] = "PLAYCADEMY_PAUSE";
+  MessageEvents2["RESUME"] = "PLAYCADEMY_RESUME";
+  MessageEvents2["FORCE_EXIT"] = "PLAYCADEMY_FORCE_EXIT";
+  MessageEvents2["OVERLAY"] = "PLAYCADEMY_OVERLAY";
+  MessageEvents2["CONNECTION_STATE"] = "PLAYCADEMY_CONNECTION_STATE";
+  MessageEvents2["READY"] = "PLAYCADEMY_READY";
+  MessageEvents2["EXIT"] = "PLAYCADEMY_EXIT";
+  MessageEvents2["TELEMETRY"] = "PLAYCADEMY_TELEMETRY";
+  MessageEvents2["KEY_EVENT"] = "PLAYCADEMY_KEY_EVENT";
+  MessageEvents2["DISPLAY_ALERT"] = "PLAYCADEMY_DISPLAY_ALERT";
+  MessageEvents2["AUTH_STATE_CHANGE"] = "PLAYCADEMY_AUTH_STATE_CHANGE";
+  MessageEvents2["AUTH_CALLBACK"] = "PLAYCADEMY_AUTH_CALLBACK";
+})(MessageEvents ||= {});
+
 class PlaycademyMessaging {
   listeners = new Map;
   send(type, payload, options) {
@@ -498,26 +517,7 @@ class PlaycademyMessaging {
     window.dispatchEvent(new CustomEvent(type, { detail: payload }));
   }
 }
-var MessageEvents, messaging;
-var init_messaging = __esm(() => {
-  ((MessageEvents2) => {
-    MessageEvents2["INIT"] = "PLAYCADEMY_INIT";
-    MessageEvents2["TOKEN_REFRESH"] = "PLAYCADEMY_TOKEN_REFRESH";
-    MessageEvents2["PAUSE"] = "PLAYCADEMY_PAUSE";
-    MessageEvents2["RESUME"] = "PLAYCADEMY_RESUME";
-    MessageEvents2["FORCE_EXIT"] = "PLAYCADEMY_FORCE_EXIT";
-    MessageEvents2["OVERLAY"] = "PLAYCADEMY_OVERLAY";
-    MessageEvents2["CONNECTION_STATE"] = "PLAYCADEMY_CONNECTION_STATE";
-    MessageEvents2["READY"] = "PLAYCADEMY_READY";
-    MessageEvents2["EXIT"] = "PLAYCADEMY_EXIT";
-    MessageEvents2["TELEMETRY"] = "PLAYCADEMY_TELEMETRY";
-    MessageEvents2["KEY_EVENT"] = "PLAYCADEMY_KEY_EVENT";
-    MessageEvents2["DISPLAY_ALERT"] = "PLAYCADEMY_DISPLAY_ALERT";
-    MessageEvents2["AUTH_STATE_CHANGE"] = "PLAYCADEMY_AUTH_STATE_CHANGE";
-    MessageEvents2["AUTH_CALLBACK"] = "PLAYCADEMY_AUTH_CALLBACK";
-  })(MessageEvents ||= {});
-  messaging = new PlaycademyMessaging;
-});
+var messaging = new PlaycademyMessaging;
 
 // src/core/connection/utils.ts
 function createDisplayAlert(authContext) {
@@ -599,16 +599,24 @@ class ConnectionManager {
     }
   }
 }
-var init_manager = __esm(() => {
-  init_messaging();
-});
-
-// src/core/connection/index.ts
-var init_connection = __esm(() => {
-  init_manager();
-});
-
 // src/core/errors.ts
+class PlaycademyError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "PlaycademyError";
+  }
+}
+
+class ApiError extends Error {
+  status;
+  details;
+  constructor(status, message, details) {
+    super(`${status} ${message}`);
+    this.status = status;
+    this.details = details;
+    Object.setPrototypeOf(this, ApiError.prototype);
+  }
+}
 function extractApiErrorInfo(error) {
   if (!(error instanceof ApiError)) {
     return null;
@@ -617,216 +625,370 @@ function extractApiErrorInfo(error) {
     status: error.status,
     statusText: error.message
   };
-  if (error.details && typeof error.details === "object") {
-    const details = error.details;
-    if ("error" in details && typeof details.error === "string") {
-      info.error = details.error;
-    }
-    if ("message" in details && typeof details.message === "string") {
-      info.message = details.message;
-    }
-    if (!info.error && !info.message) {
-      info.details = error.details;
-    }
+  if (error.details) {
+    info.details = error.details;
   }
   return info;
 }
-var PlaycademyError, ApiError;
-var init_errors = __esm(() => {
-  PlaycademyError = class PlaycademyError extends Error {
-    constructor(message) {
-      super(message);
-      this.name = "PlaycademyError";
-    }
-  };
-  ApiError = class ApiError extends Error {
-    status;
-    details;
-    constructor(status, message, details) {
-      super(`${status} ${message}`);
-      this.status = status;
-      this.details = details;
-      Object.setPrototypeOf(this, ApiError.prototype);
-    }
-  };
-});
-
-// src/core/namespaces/auth.ts
-function createAuthNamespace(client) {
-  return {
-    login: async (credentials) => {
-      try {
-        const response = await client["request"]("/auth/sign-in/email", "POST", { body: credentials });
-        client.setToken(response.token, "session");
-        return {
-          success: true,
-          token: response.token,
-          user: response.user,
-          expiresAt: response.expiresAt
-        };
-      } catch (error) {
-        return {
-          success: false,
-          error: error instanceof Error ? error.message : "Authentication failed"
-        };
-      }
-    },
-    logout: async () => {
-      try {
-        await client["request"]("/auth/sign-out", "POST");
-      } catch {}
-      client.setToken(null);
-    },
-    apiKeys: {
-      create: async (options) => {
-        return client["request"]("/dev/api-keys", "POST", {
-          body: {
-            name: options?.name || `SDK Key - ${new Date().toISOString()}`,
-            expiresIn: options?.expiresIn !== undefined ? options.expiresIn : null,
-            permissions: options?.permissions || {
-              games: ["read", "write", "delete"],
-              users: ["read:self", "write:self"],
-              dev: ["read", "write"]
-            }
-          }
-        });
-      },
-      list: async () => {
-        return client["request"]("/auth/api-key/list", "GET");
-      },
-      revoke: async (keyId) => {
-        await client["request"]("/auth/api-key/revoke", "POST", {
-          body: { id: keyId }
-        });
-      }
-    }
-  };
-}
-
-// ../utils/src/random.ts
-async function generateSecureRandomString(length) {
-  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
-  const randomValues = new Uint8Array(length);
-  globalThis.crypto.getRandomValues(randomValues);
-  return Array.from(randomValues).map((byte) => charset[byte % charset.length]).join("");
-}
 
-// src/core/auth/oauth.ts
-function getTimebackConfig() {
-  return {
-    authorizationEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/authorize",
-    tokenEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/token",
-    scope: "openid email phone"
-  };
+// src/core/request.ts
+function checkDevWarnings(data) {
+  if (!data || typeof data !== "object")
+    return;
+  const response = data;
+  const warningType = response.__playcademyDevWarning;
+  if (!warningType)
+    return;
+  switch (warningType) {
+    case "timeback-not-configured":
+      console.warn("%c⚠️ TimeBack Not Configured", "background: #f59e0b; color: white; padding: 6px 12px; border-radius: 4px; font-weight: bold; font-size: 13px");
+      console.log("%cTimeBack is configured in playcademy.config.js but the sandbox does not have TimeBack credentials.", "color: #f59e0b; font-weight: 500");
+      console.log("To test TimeBack locally:");
+      console.log("  Set the following environment variables:");
+      console.log("    • %cTIMEBACK_ONEROSTER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
+      console.log("    • %cTIMEBACK_CALIPER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
+      console.log("    • %cTIMEBACK_API_CLIENT_ID/SECRET", "color: #0ea5e9; font-weight: 600; font-family: monospace");
+      console.log("  Or deploy your game: %cplaycademy deploy", "color: #10b981; font-weight: 600; font-family: monospace");
+      console.log("  Or wait for %c@superbuilders/timeback-local%c (coming soon)", "color: #8b5cf6; font-weight: 600; font-family: monospace", "color: inherit");
+      break;
+    default:
+      console.warn(`[Playcademy Dev Warning] ${warningType}`);
+  }
 }
-async function generateOAuthState(data) {
-  const csrfToken = await generateSecureRandomString(32);
-  if (data && Object.keys(data).length > 0) {
-    const jsonStr = JSON.stringify(data);
-    const base64 = btoa(jsonStr).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
-    return `${csrfToken}.${base64}`;
+function prepareRequestBody(body, headers) {
+  if (body instanceof FormData) {
+    return body;
   }
-  return csrfToken;
+  if (body instanceof ArrayBuffer || body instanceof Blob || ArrayBuffer.isView(body)) {
+    if (!headers["Content-Type"]) {
+      headers["Content-Type"] = "application/octet-stream";
+    }
+    return body;
+  }
+  if (body !== undefined && body !== null) {
+    headers["Content-Type"] = "application/json";
+    return JSON.stringify(body);
+  }
+  return;
 }
-function parseOAuthState(state) {
-  const lastDotIndex = state.lastIndexOf(".");
-  if (lastDotIndex > 0 && lastDotIndex < state.length - 1) {
+async function request({
+  path,
+  baseUrl,
+  method = "GET",
+  body,
+  extraHeaders = {},
+  raw = false
+}) {
+  const url = baseUrl.replace(/\/$/, "") + (path.startsWith("/") ? path : `/${path}`);
+  const headers = { ...extraHeaders };
+  const payload = prepareRequestBody(body, headers);
+  const res = await fetch(url, {
+    method,
+    headers,
+    body: payload,
+    credentials: "omit"
+  });
+  if (raw) {
+    return res;
+  }
+  if (!res.ok) {
+    const clonedRes = res.clone();
+    const errorBody = await clonedRes.json().catch(() => clonedRes.text().catch(() => {
+      return;
+    })) ?? undefined;
+    throw new ApiError(res.status, res.statusText, errorBody);
+  }
+  if (res.status === 204)
+    return;
+  const contentType = res.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
     try {
-      const csrfToken = state.substring(0, lastDotIndex);
-      const base64 = state.substring(lastDotIndex + 1);
-      const base64WithPadding = base64.replace(/-/g, "+").replace(/_/g, "/");
-      const paddedBase64 = base64WithPadding + "=".repeat((4 - base64WithPadding.length % 4) % 4);
-      const jsonStr = atob(paddedBase64);
-      const data = JSON.parse(jsonStr);
-      return { csrfToken, data };
-    } catch {}
+      const parsed = await res.json();
+      checkDevWarnings(parsed);
+      return parsed;
+    } catch (err) {
+      if (err instanceof SyntaxError)
+        return;
+      throw err;
+    }
   }
-  return { csrfToken: state };
-}
-function getOAuthConfig(provider) {
-  const configGetter = OAUTH_CONFIGS[provider];
-  if (!configGetter)
-    throw new Error(`Unsupported auth provider: ${provider}`);
-  return configGetter();
+  const rawText = await res.text().catch(() => "");
+  return rawText && rawText.length > 0 ? rawText : undefined;
 }
-var OAUTH_CONFIGS;
-var init_oauth = __esm(() => {
-  OAUTH_CONFIGS = {
-    get TIMEBACK() {
-      return getTimebackConfig;
-    }
-  };
-});
-
-// src/core/auth/flows/popup.ts
-async function initiatePopupFlow(options) {
-  const { provider, callbackUrl, onStateChange, oauth } = options;
+async function fetchManifest(deploymentUrl) {
+  const manifestUrl = `${deploymentUrl.replace(/\/$/, "")}/playcademy.manifest.json`;
   try {
-    onStateChange?.({
-      status: "opening_popup",
-      message: "Opening authentication window..."
-    });
-    const defaults = getOAuthConfig(provider);
-    const config = oauth ? { ...defaults, ...oauth } : defaults;
-    if (!config.clientId) {
-      throw new Error(`clientId is required for ${provider} authentication. ` + "Please provide it in the oauth parameter.");
-    }
-    const stateData = options.stateData;
-    const state = await generateOAuthState(stateData);
-    const params = new URLSearchParams({
-      response_type: "code",
-      client_id: config.clientId,
-      redirect_uri: callbackUrl,
-      state
-    });
-    if (config.scope) {
-      params.set("scope", config.scope);
-    }
-    const authUrl = `${config.authorizationEndpoint}?${params.toString()}`;
-    const popup = openPopupWindow(authUrl, "playcademy-auth");
-    if (!popup || popup.closed) {
-      throw new Error("Popup blocked. Please enable popups and try again.");
+    const response = await fetch(manifestUrl);
+    if (!response.ok) {
+      log.error(`[fetchManifest] Failed to fetch manifest from ${manifestUrl}. Status: ${response.status}`);
+      throw new PlaycademyError(`Failed to fetch manifest: ${response.status} ${response.statusText}`);
     }
-    onStateChange?.({
-      status: "exchanging_token",
-      message: "Waiting for authentication..."
-    });
-    return await waitForServerMessage(popup, onStateChange);
+    return await response.json();
   } catch (error) {
-    const errorMessage = error instanceof Error ? error.message : "Authentication failed";
-    onStateChange?.({
-      status: "error",
-      message: errorMessage,
-      error: error instanceof Error ? error : new Error(errorMessage)
+    if (error instanceof PlaycademyError) {
+      throw error;
+    }
+    log.error(`[Playcademy SDK] Error fetching or parsing manifest from ${manifestUrl}:`, {
+      error
     });
-    throw error;
+    throw new PlaycademyError("Failed to load or parse game manifest");
   }
 }
-async function waitForServerMessage(popup, onStateChange) {
-  return new Promise((resolve) => {
-    let resolved = false;
-    const handleMessage = (event) => {
-      if (event.origin !== window.location.origin)
-        return;
-      const data = event.data;
-      if (data?.type === "PLAYCADEMY_AUTH_STATE_CHANGE") {
-        resolved = true;
-        window.removeEventListener("message", handleMessage);
-        if (data.authenticated && data.user) {
-          onStateChange?.({
-            status: "complete",
-            message: "Authentication successful"
-          });
-          resolve({
-            success: true,
-            user: data.user
-          });
-        } else {
-          const error = new Error(data.error || "Authentication failed");
-          onStateChange?.({
-            status: "error",
-            message: error.message,
-            error
+
+// src/core/static/init.ts
+async function getPlaycademyConfig(allowedParentOrigins) {
+  const preloaded = window.PLAYCADEMY;
+  if (preloaded?.token) {
+    return preloaded;
+  }
+  if (window.self !== window.top) {
+    return await waitForPlaycademyInit(allowedParentOrigins);
+  } else {
+    return createStandaloneConfig();
+  }
+}
+function getReferrerOrigin() {
+  try {
+    return document.referrer ? new URL(document.referrer).origin : null;
+  } catch {
+    return null;
+  }
+}
+function buildAllowedOrigins(explicit) {
+  if (Array.isArray(explicit) && explicit.length > 0)
+    return explicit;
+  const ref = getReferrerOrigin();
+  return ref ? [ref] : [];
+}
+function isOriginAllowed(origin, allowlist) {
+  if (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1") {
+    return true;
+  }
+  if (!allowlist || allowlist.length === 0) {
+    console.error("[Playcademy SDK] No allowed origins configured. Consider passing allowedParentOrigins explicitly to init().");
+    return false;
+  }
+  return allowlist.includes(origin);
+}
+async function waitForPlaycademyInit(allowedParentOrigins) {
+  return new Promise((resolve, reject) => {
+    let contextReceived = false;
+    const timeoutDuration = 5000;
+    const allowlist = buildAllowedOrigins(allowedParentOrigins);
+    let hasWarnedAboutUntrustedOrigin = false;
+    function warnAboutUntrustedOrigin(origin) {
+      if (hasWarnedAboutUntrustedOrigin)
+        return;
+      hasWarnedAboutUntrustedOrigin = true;
+      console.warn("[Playcademy SDK] Ignoring INIT from untrusted origin:", origin);
+    }
+    const handleMessage = (event) => {
+      if (event.data?.type !== "PLAYCADEMY_INIT" /* INIT */)
+        return;
+      if (!isOriginAllowed(event.origin, allowlist)) {
+        warnAboutUntrustedOrigin(event.origin);
+        return;
+      }
+      contextReceived = true;
+      window.removeEventListener("message", handleMessage);
+      clearTimeout(timeoutId);
+      window.PLAYCADEMY = event.data.payload;
+      resolve(event.data.payload);
+    };
+    window.addEventListener("message", handleMessage);
+    const timeoutId = setTimeout(() => {
+      if (!contextReceived) {
+        window.removeEventListener("message", handleMessage);
+        reject(new Error(`${"PLAYCADEMY_INIT" /* INIT */} not received within ${timeoutDuration}ms`));
+      }
+    }, timeoutDuration);
+  });
+}
+function createStandaloneConfig() {
+  console.debug("[Playcademy SDK] Standalone mode detected, creating mock context for sandbox development");
+  const mockConfig = {
+    baseUrl: "http://localhost:4321",
+    gameUrl: window.location.origin,
+    token: "mock-game-token-for-local-dev",
+    gameId: "mock-game-id-from-template",
+    realtimeUrl: undefined
+  };
+  window.PLAYCADEMY = mockConfig;
+  return mockConfig;
+}
+async function init(options) {
+  if (typeof window === "undefined") {
+    throw new Error("Playcademy SDK must run in a browser context");
+  }
+  const config = await getPlaycademyConfig(options?.allowedParentOrigins);
+  if (options?.baseUrl) {
+    config.baseUrl = options.baseUrl;
+  }
+  const client = new this({
+    baseUrl: config.baseUrl,
+    gameUrl: config.gameUrl,
+    token: config.token,
+    gameId: config.gameId,
+    autoStartSession: window.self !== window.top,
+    onDisconnect: options?.onDisconnect,
+    enableConnectionMonitoring: options?.enableConnectionMonitoring
+  });
+  client["initPayload"] = config;
+  messaging.listen("PLAYCADEMY_TOKEN_REFRESH" /* TOKEN_REFRESH */, ({ token }) => client.setToken(token));
+  messaging.send("PLAYCADEMY_READY" /* READY */, undefined);
+  return client;
+}
+// src/core/static/login.ts
+async function login(baseUrl, email, password) {
+  let url = baseUrl;
+  if (baseUrl.startsWith("/") && typeof window !== "undefined") {
+    url = window.location.origin + baseUrl;
+  }
+  url = url + "/auth/login";
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ email, password })
+  });
+  if (!response.ok) {
+    try {
+      const errorData = await response.json();
+      const errorMessage = errorData && errorData.message ? String(errorData.message) : response.statusText;
+      throw new PlaycademyError(errorMessage);
+    } catch (error) {
+      log.error("[Playcademy SDK] Failed to parse error response JSON, using status text instead:", { error });
+      throw new PlaycademyError(response.statusText);
+    }
+  }
+  return response.json();
+}
+// ../utils/src/random.ts
+async function generateSecureRandomString(length) {
+  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+  const randomValues = new Uint8Array(length);
+  globalThis.crypto.getRandomValues(randomValues);
+  return Array.from(randomValues).map((byte) => charset[byte % charset.length]).join("");
+}
+
+// src/core/auth/oauth.ts
+function getTimebackConfig() {
+  return {
+    authorizationEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/authorize",
+    tokenEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/token",
+    scope: "openid email phone"
+  };
+}
+var OAUTH_CONFIGS = {
+  get TIMEBACK() {
+    return getTimebackConfig;
+  }
+};
+async function generateOAuthState(data) {
+  const csrfToken = await generateSecureRandomString(32);
+  if (data && Object.keys(data).length > 0) {
+    const jsonStr = JSON.stringify(data);
+    const base64 = btoa(jsonStr).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+    return `${csrfToken}.${base64}`;
+  }
+  return csrfToken;
+}
+function parseOAuthState(state) {
+  const lastDotIndex = state.lastIndexOf(".");
+  if (lastDotIndex > 0 && lastDotIndex < state.length - 1) {
+    try {
+      const csrfToken = state.substring(0, lastDotIndex);
+      const base64 = state.substring(lastDotIndex + 1);
+      const base64WithPadding = base64.replace(/-/g, "+").replace(/_/g, "/");
+      const paddedBase64 = base64WithPadding + "=".repeat((4 - base64WithPadding.length % 4) % 4);
+      const jsonStr = atob(paddedBase64);
+      const data = JSON.parse(jsonStr);
+      return { csrfToken, data };
+    } catch {}
+  }
+  return { csrfToken: state };
+}
+function getOAuthConfig(provider) {
+  const configGetter = OAUTH_CONFIGS[provider];
+  if (!configGetter)
+    throw new Error(`Unsupported auth provider: ${provider}`);
+  return configGetter();
+}
+
+// src/core/static/identity.ts
+var identity = {
+  parseOAuthState
+};
+// src/core/auth/flows/popup.ts
+async function initiatePopupFlow(options) {
+  const { provider, callbackUrl, onStateChange, oauth } = options;
+  try {
+    onStateChange?.({
+      status: "opening_popup",
+      message: "Opening authentication window..."
+    });
+    const defaults = getOAuthConfig(provider);
+    const config = oauth ? { ...defaults, ...oauth } : defaults;
+    if (!config.clientId) {
+      throw new Error(`clientId is required for ${provider} authentication. ` + "Please provide it in the oauth parameter.");
+    }
+    const stateData = options.stateData;
+    const state = await generateOAuthState(stateData);
+    const params = new URLSearchParams({
+      response_type: "code",
+      client_id: config.clientId,
+      redirect_uri: callbackUrl,
+      state
+    });
+    if (config.scope) {
+      params.set("scope", config.scope);
+    }
+    const authUrl = `${config.authorizationEndpoint}?${params.toString()}`;
+    const popup = openPopupWindow(authUrl, "playcademy-auth");
+    if (!popup || popup.closed) {
+      throw new Error("Popup blocked. Please enable popups and try again.");
+    }
+    onStateChange?.({
+      status: "exchanging_token",
+      message: "Waiting for authentication..."
+    });
+    return await waitForServerMessage(popup, onStateChange);
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : "Authentication failed";
+    onStateChange?.({
+      status: "error",
+      message: errorMessage,
+      error: error instanceof Error ? error : new Error(errorMessage)
+    });
+    throw error;
+  }
+}
+async function waitForServerMessage(popup, onStateChange) {
+  return new Promise((resolve) => {
+    let resolved = false;
+    const handleMessage = (event) => {
+      if (event.origin !== window.location.origin)
+        return;
+      const data = event.data;
+      if (data?.type === "PLAYCADEMY_AUTH_STATE_CHANGE") {
+        resolved = true;
+        window.removeEventListener("message", handleMessage);
+        if (data.authenticated && data.user) {
+          onStateChange?.({
+            status: "complete",
+            message: "Authentication successful"
+          });
+          resolve({
+            success: true,
+            user: data.user
+          });
+        } else {
+          const error = new Error(data.error || "Authentication failed");
+          onStateChange?.({
+            status: "error",
+            message: error.message,
+            error
           });
           resolve({
             success: false,
@@ -870,9 +1032,6 @@ async function waitForServerMessage(popup, onStateChange) {
     }, 5 * 60 * 1000);
   });
 }
-var init_popup = __esm(() => {
-  init_oauth();
-});
 
 // src/core/auth/flows/redirect.ts
 async function initiateRedirectFlow(options) {
@@ -911,9 +1070,6 @@ async function initiateRedirectFlow(options) {
     throw error;
   }
 }
-var init_redirect = __esm(() => {
-  init_oauth();
-});
 
 // src/core/auth/flows/unified.ts
 async function initiateUnifiedFlow(options) {
@@ -928,13 +1084,9 @@ async function initiateUnifiedFlow(options) {
       throw new Error(`Unsupported authentication mode: ${effectiveMode}`);
   }
 }
-var init_unified = __esm(() => {
-  init_popup();
-  init_redirect();
-});
 
 // src/core/auth/login.ts
-async function login(client, options) {
+async function login2(client, options) {
   try {
     let stateData = options.stateData;
     if (!stateData) {
@@ -973,25 +1125,17 @@ async function login(client, options) {
     };
   }
 }
-var init_login = __esm(() => {
-  init_src();
-  init_unified();
-});
 
-// src/core/namespaces/identity.ts
+// src/namespaces/game/identity.ts
 function createIdentityNamespace(client) {
   return {
-    connect: (options) => login(client, options),
+    connect: (options) => login2(client, options),
     _getContext: () => ({
       isInIframe: client["authContext"]?.isInIframe ?? false
     })
   };
 }
-var init_identity = __esm(() => {
-  init_login();
-});
-
-// src/core/namespaces/runtime.ts
+// src/namespaces/game/runtime.ts
 function createRuntimeNamespace(client) {
   const eventListeners = new Map;
   const trackListener = (eventType, handler) => {
@@ -1040,7 +1184,7 @@ function createRuntimeNamespace(client) {
     exit: async () => {
       if (client["internalClientSessionId"] && client["gameId"]) {
         try {
-          await client.games.endSession(client["internalClientSessionId"], client["gameId"]);
+          await client["_sessionManager"].endSession(client["internalClientSessionId"], client["gameId"]);
         } catch (error) {
           log.error("[Playcademy SDK] Failed to auto-end session:", {
             sessionId: client["internalClientSessionId"],
@@ -1145,262 +1289,46 @@ function createRuntimeNamespace(client) {
     }
   };
 }
-var init_runtime = __esm(() => {
-  init_src();
-  init_messaging();
-});
-
-// src/core/cache/ttl-cache.ts
-function createTTLCache(options) {
-  const cache = new Map;
-  const { ttl: defaultTTL, keyPrefix = "", onClear } = options;
-  async function get(key, loader, config) {
-    const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
-    const now = Date.now();
-    const effectiveTTL = config?.ttl !== undefined ? config.ttl : defaultTTL;
-    const force = config?.force || false;
-    const skipCache = config?.skipCache || false;
-    if (effectiveTTL === 0 || skipCache) {
-      return loader();
-    }
-    if (!force) {
-      const cached = cache.get(fullKey);
-      if (cached && cached.expiresAt > now) {
-        return cached.value;
-      }
-    }
-    const promise = loader().catch((error) => {
-      cache.delete(fullKey);
-      throw error;
-    });
-    cache.set(fullKey, {
-      value: promise,
-      expiresAt: now + effectiveTTL
-    });
-    return promise;
-  }
-  function clear(key) {
-    if (key === undefined) {
-      cache.clear();
-      onClear?.();
-    } else {
-      const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
-      cache.delete(fullKey);
-    }
-  }
-  function size() {
-    return cache.size;
-  }
-  function prune() {
-    const now = Date.now();
-    for (const [key, entry] of cache.entries()) {
-      if (entry.expiresAt <= now) {
-        cache.delete(key);
-      }
-    }
-  }
-  function getKeys() {
-    const keys = [];
-    const prefixLen = keyPrefix ? keyPrefix.length + 1 : 0;
-    for (const fullKey of cache.keys()) {
-      keys.push(fullKey.substring(prefixLen));
-    }
-    return keys;
-  }
-  function has(key) {
-    const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
-    const cached = cache.get(fullKey);
-    if (!cached)
-      return false;
-    const now = Date.now();
-    if (cached.expiresAt <= now) {
-      cache.delete(fullKey);
-      return false;
-    }
-    return true;
-  }
-  return { get, clear, size, prune, getKeys, has };
-}
-
-// src/core/request.ts
-function checkDevWarnings(data) {
-  if (!data || typeof data !== "object")
-    return;
-  const response = data;
-  const warningType = response.__playcademyDevWarning;
-  if (!warningType)
-    return;
-  switch (warningType) {
-    case "timeback-not-configured":
-      console.warn("%c⚠️ TimeBack Not Configured", "background: #f59e0b; color: white; padding: 6px 12px; border-radius: 4px; font-weight: bold; font-size: 13px");
-      console.log("%cTimeBack is configured in playcademy.config.js but the sandbox does not have TimeBack credentials.", "color: #f59e0b; font-weight: 500");
-      console.log("To test TimeBack locally:");
-      console.log("  Set the following environment variables:");
-      console.log("    • %cTIMEBACK_ONEROSTER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
-      console.log("    • %cTIMEBACK_CALIPER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
-      console.log("    • %cTIMEBACK_API_CLIENT_ID/SECRET", "color: #0ea5e9; font-weight: 600; font-family: monospace");
-      console.log("  Or deploy your game: %cplaycademy deploy", "color: #10b981; font-weight: 600; font-family: monospace");
-      console.log("  Or wait for %c@superbuilders/timeback-local%c (coming soon)", "color: #8b5cf6; font-weight: 600; font-family: monospace", "color: inherit");
-      break;
-    default:
-      console.warn(`[Playcademy Dev Warning] ${warningType}`);
-  }
-}
-function prepareRequestBody(body, headers) {
-  if (body instanceof FormData) {
-    return body;
-  }
-  if (body instanceof ArrayBuffer || body instanceof Blob || ArrayBuffer.isView(body)) {
-    if (!headers["Content-Type"]) {
-      headers["Content-Type"] = "application/octet-stream";
-    }
-    return body;
-  }
-  if (body !== undefined && body !== null) {
-    headers["Content-Type"] = "application/json";
-    return JSON.stringify(body);
-  }
-  return;
-}
-async function request({
-  path,
-  baseUrl,
-  method = "GET",
-  body,
-  extraHeaders = {},
-  raw = false
-}) {
-  const url = baseUrl.replace(/\/$/, "") + (path.startsWith("/") ? path : `/${path}`);
-  const headers = { ...extraHeaders };
-  const payload = prepareRequestBody(body, headers);
-  const res = await fetch(url, {
-    method,
-    headers,
-    body: payload,
-    credentials: "omit"
-  });
-  if (raw) {
-    return res;
-  }
-  if (!res.ok) {
-    const clonedRes = res.clone();
-    const errorBody = await clonedRes.json().catch(() => clonedRes.text().catch(() => {
-      return;
-    })) ?? undefined;
-    throw new ApiError(res.status, res.statusText, errorBody);
-  }
-  if (res.status === 204)
-    return;
-  const contentType = res.headers.get("content-type") ?? "";
-  if (contentType.includes("application/json")) {
-    try {
-      const parsed = await res.json();
-      checkDevWarnings(parsed);
-      return parsed;
-    } catch (err) {
-      if (err instanceof SyntaxError)
-        return;
-      throw err;
-    }
-  }
-  const rawText = await res.text().catch(() => "");
-  return rawText && rawText.length > 0 ? rawText : undefined;
-}
-async function fetchManifest(deploymentUrl) {
-  const manifestUrl = `${deploymentUrl.replace(/\/$/, "")}/playcademy.manifest.json`;
-  try {
-    const response = await fetch(manifestUrl);
-    if (!response.ok) {
-      log.error(`[fetchManifest] Failed to fetch manifest from ${manifestUrl}. Status: ${response.status}`);
-      throw new PlaycademyError(`Failed to fetch manifest: ${response.status} ${response.statusText}`);
-    }
-    return await response.json();
-  } catch (error) {
-    if (error instanceof PlaycademyError) {
-      throw error;
-    }
-    log.error(`[Playcademy SDK] Error fetching or parsing manifest from ${manifestUrl}:`, {
-      error
-    });
-    throw new PlaycademyError("Failed to load or parse game manifest");
+// src/namespaces/game/backend.ts
+function createBackendNamespace(client) {
+  function normalizePath(path) {
+    return path.startsWith("/") ? path : `/${path}`;
   }
-}
-var init_request = __esm(() => {
-  init_src();
-  init_errors();
-});
-
-// src/core/namespaces/games.ts
-function createGamesNamespace(client) {
-  const gamesListCache = createTTLCache({
-    ttl: 60 * 1000,
-    keyPrefix: "games.list"
-  });
-  const gameFetchCache = createTTLCache({
-    ttl: 60 * 1000,
-    keyPrefix: "games.fetch"
-  });
   return {
-    fetch: async (gameIdOrSlug, options) => {
-      const promise = client["request"](`/games/${gameIdOrSlug}`, "GET");
-      return gameFetchCache.get(gameIdOrSlug, async () => {
-        const baseGameData = await promise;
-        if (baseGameData.gameType === "hosted" && baseGameData.deploymentUrl !== null && baseGameData.deploymentUrl !== "") {
-          const manifestData = await fetchManifest(baseGameData.deploymentUrl);
-          return { ...baseGameData, manifest: manifestData };
-        }
-        return baseGameData;
-      }, options);
+    async get(path, headers) {
+      return client["requestGameBackend"](normalizePath(path), "GET", undefined, headers);
     },
-    list: (options) => {
-      return gamesListCache.get("all", () => client["request"]("/games", "GET"), options);
+    async post(path, body, headers) {
+      return client["requestGameBackend"](normalizePath(path), "POST", body, headers);
     },
-    saveState: async (state) => {
-      const gameId = client["_ensureGameId"]();
-      await client["request"](`/games/${gameId}/state`, "POST", { body: state });
+    async put(path, body, headers) {
+      return client["requestGameBackend"](normalizePath(path), "PUT", body, headers);
     },
-    loadState: async () => {
-      const gameId = client["_ensureGameId"]();
-      return client["request"](`/games/${gameId}/state`, "GET");
+    async patch(path, body, headers) {
+      return client["requestGameBackend"](normalizePath(path), "PATCH", body, headers);
     },
-    startSession: async (gameId) => {
-      const idToUse = gameId ?? client["_ensureGameId"]();
-      return client["request"](`/games/${idToUse}/sessions`, "POST", {});
+    async delete(path, headers) {
+      return client["requestGameBackend"](normalizePath(path), "DELETE", undefined, headers);
     },
-    endSession: async (sessionId, gameId) => {
-      const effectiveGameIdToEnd = gameId ?? client["_ensureGameId"]();
-      if (client["internalClientSessionId"] && sessionId === client["internalClientSessionId"] && effectiveGameIdToEnd === client["gameId"]) {
-        client["internalClientSessionId"] = undefined;
-      }
-      await client["request"](`/games/${effectiveGameIdToEnd}/sessions/${sessionId}/end`, "POST");
+    async request(path, method, body, headers) {
+      return client["requestGameBackend"](normalizePath(path), method, body, headers);
     },
-    token: {
-      create: async (gameId, options) => {
-        const res = await client["request"](`/games/${gameId}/token`, "POST");
-        if (options?.apply) {
-          client.setToken(res.token);
-        }
-        return res;
-      }
+    async download(path, method = "GET", body, headers) {
+      return client["requestGameBackend"](normalizePath(path), method, body, headers, true);
     },
-    leaderboard: {
-      get: async (gameId, options) => {
-        const params = new URLSearchParams;
-        if (options?.limit)
-          params.append("limit", String(options.limit));
-        if (options?.offset)
-          params.append("offset", String(options.offset));
-        const queryString = params.toString();
-        const path = queryString ? `/games/${gameId}/leaderboard?${queryString}` : `/games/${gameId}/leaderboard`;
-        return client["request"](path, "GET");
+    url(pathOrStrings, ...values) {
+      if (Array.isArray(pathOrStrings) && "raw" in pathOrStrings) {
+        const strings = pathOrStrings;
+        const path2 = strings.reduce((acc, str, i) => {
+          return acc + str + (values[i] != null ? String(values[i]) : "");
+        }, "");
+        return `${client.gameUrl}/api${path2.startsWith("/") ? path2 : `/${path2}`}`;
       }
+      const path = pathOrStrings;
+      return `${client.gameUrl}/api${path.startsWith("/") ? path : `/${path}`}`;
     }
   };
 }
-var init_games = __esm(() => {
-  init_request();
-});
-
 // src/core/cache/permanent-cache.ts
 function createPermanentCache(keyPrefix) {
   const cache = new Map;
@@ -1442,7 +1370,7 @@ function createPermanentCache(keyPrefix) {
   return { get, clear, has, size, keys };
 }
 
-// src/core/namespaces/users.ts
+// src/namespaces/game/users.ts
 function createUsersNamespace(client) {
   const itemIdCache = createPermanentCache("items");
   const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
@@ -1498,594 +1426,105 @@ function createUsersNamespace(client) {
         const qty = item?.quantity ?? 0;
         return qty >= minQuantity;
       }
-    },
-    scores: {
-      get: async (userIdOrOptions, options) => {
-        let userId;
-        let queryOptions;
-        if (typeof userIdOrOptions === "string") {
-          userId = userIdOrOptions;
-          queryOptions = options || {};
-        } else {
-          queryOptions = userIdOrOptions || {};
-          const user = await client["request"]("/users/me", "GET");
-          userId = user.id;
-        }
-        const params = new URLSearchParams({
-          limit: String(queryOptions.limit || 50)
-        });
-        if (queryOptions.gameId) {
-          params.append("gameId", queryOptions.gameId);
-        }
-        return client["request"](`/users/${userId}/scores?${params}`, "GET");
-      }
     }
   };
 }
-var init_users = () => {};
+// ../constants/src/overworld.ts
+var ITEM_SLUGS = {
+  PLAYCADEMY_CREDITS: "PLAYCADEMY_CREDITS",
+  PLAYCADEMY_XP: "PLAYCADEMY_XP",
+  FOUNDING_MEMBER_BADGE: "FOUNDING_MEMBER_BADGE",
+  EARLY_ADOPTER_BADGE: "EARLY_ADOPTER_BADGE",
+  FIRST_GAME_BADGE: "FIRST_GAME_BADGE",
+  COMMON_SWORD: "COMMON_SWORD",
+  SMALL_HEALTH_POTION: "SMALL_HEALTH_POTION",
+  SMALL_BACKPACK: "SMALL_BACKPACK",
+  LAVA_LAMP: "LAVA_LAMP",
+  BOOMBOX: "BOOMBOX",
+  CABIN_BED: "CABIN_BED"
+};
+var CURRENCIES = {
+  PRIMARY: ITEM_SLUGS.PLAYCADEMY_CREDITS,
+  XP: ITEM_SLUGS.PLAYCADEMY_XP
+};
+var BADGES = {
+  FOUNDING_MEMBER: ITEM_SLUGS.FOUNDING_MEMBER_BADGE,
+  EARLY_ADOPTER: ITEM_SLUGS.EARLY_ADOPTER_BADGE,
+  FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
+};
+// ../constants/src/timeback.ts
+var TIMEBACK_ROUTES = {
+  END_ACTIVITY: "/integrations/timeback/end-activity"
+};
+// src/core/cache/singleton-cache.ts
+function createSingletonCache() {
+  let cachedValue;
+  let hasValue = false;
+  async function get(loader) {
+    if (hasValue) {
+      return cachedValue;
+    }
+    const value = await loader();
+    cachedValue = value;
+    hasValue = true;
+    return value;
+  }
+  function clear() {
+    cachedValue = undefined;
+    hasValue = false;
+  }
+  function has() {
+    return hasValue;
+  }
+  return { get, clear, has };
+}
 
-// src/core/namespaces/dev.ts
-function createDevNamespace(client) {
+// src/namespaces/game/credits.ts
+function createCreditsNamespace(client) {
+  const creditsIdCache = createSingletonCache();
+  const getCreditsItemId = async () => {
+    return creditsIdCache.get(async () => {
+      const queryParams = new URLSearchParams({ slug: CURRENCIES.PRIMARY });
+      const creditsItem = await client["request"](`/items/resolve?${queryParams.toString()}`, "GET");
+      if (!creditsItem || !creditsItem.id) {
+        throw new Error("Playcademy Credits item not found in catalog");
+      }
+      return creditsItem.id;
+    });
+  };
   return {
-    status: {
-      apply: () => client["request"]("/dev/apply", "POST"),
-      get: async () => {
-        const response = await client["request"]("/dev/status", "GET");
-        return response.status;
+    balance: async () => {
+      const inventory = await client["request"]("/inventory", "GET");
+      const primaryCurrencyInventoryItem = inventory.find((item) => item.item?.slug === CURRENCIES.PRIMARY);
+      return primaryCurrencyInventoryItem?.quantity ?? 0;
+    },
+    add: async (amount) => {
+      if (amount <= 0) {
+        throw new Error("Amount must be positive");
       }
+      const creditsItemId = await getCreditsItemId();
+      const result = await client["request"]("/inventory/add", "POST", {
+        body: {
+          itemId: creditsItemId,
+          qty: amount
+        }
+      });
+      client["emit"]("inventoryChange", {
+        itemId: creditsItemId,
+        delta: amount,
+        newTotal: result.newTotal
+      });
+      return result.newTotal;
     },
-    games: {
-      deploy: async (slug, options) => {
-        const { metadata, file, backend, hooks } = options;
-        hooks?.onEvent?.({ type: "init" });
-        let game;
-        if (metadata) {
-          game = await client["request"](`/games/${slug}`, "PUT", {
-            body: metadata
-          });
-          if (metadata.gameType === "external" && !file && !backend) {
-            return game;
-          }
-        }
-        let uploadToken;
-        if (file) {
-          const fileName = file instanceof File ? file.name : "game.zip";
-          const initiateResponse = await client["request"]("/games/uploads/initiate/", "POST", {
-            body: {
-              fileName,
-              gameId: game?.id || slug
-            }
-          });
-          uploadToken = initiateResponse.uploadToken;
-          if (hooks?.onEvent && typeof XMLHttpRequest !== "undefined") {
-            await new Promise((resolve, reject) => {
-              const xhr = new XMLHttpRequest;
-              xhr.open("PUT", initiateResponse.presignedUrl, true);
-              const contentType = file.type || "application/octet-stream";
-              try {
-                xhr.setRequestHeader("Content-Type", contentType);
-              } catch {}
-              xhr.upload.onprogress = (event) => {
-                if (event.lengthComputable) {
-                  const percent = event.loaded / event.total;
-                  hooks.onEvent?.({
-                    type: "s3Progress",
-                    loaded: event.loaded,
-                    total: event.total,
-                    percent
-                  });
-                }
-              };
-              xhr.onload = () => {
-                if (xhr.status >= 200 && xhr.status < 300)
-                  resolve();
-                else
-                  reject(new Error(`File upload failed: ${xhr.status} ${xhr.statusText}`));
-              };
-              xhr.onerror = () => reject(new Error("File upload failed: network error"));
-              xhr.send(file);
-            });
-          } else {
-            const uploadResponse = await fetch(initiateResponse.presignedUrl, {
-              method: "PUT",
-              body: file,
-              headers: {
-                "Content-Type": file.type || "application/octet-stream"
-              }
-            });
-            if (!uploadResponse.ok) {
-              throw new Error(`File upload failed: ${uploadResponse.status} ${uploadResponse.statusText}`);
-            }
-          }
-        }
-        if (uploadToken || backend) {
-          const deployUrl = `${client.baseUrl}/games/${slug}/deploy`;
-          const authToken = client.getToken();
-          const tokenType = client.getTokenType();
-          const headers = {
-            "Content-Type": "application/json"
-          };
-          if (authToken) {
-            if (tokenType === "apiKey") {
-              headers["x-api-key"] = authToken;
-            } else {
-              headers["Authorization"] = `Bearer ${authToken}`;
-            }
-          }
-          const requestBody = {};
-          if (uploadToken)
-            requestBody.uploadToken = uploadToken;
-          if (metadata)
-            requestBody.metadata = metadata;
-          if (backend) {
-            requestBody.code = backend.code;
-            requestBody.config = backend.config;
-            if (backend.bindings)
-              requestBody.bindings = backend.bindings;
-            if (backend.schema)
-              requestBody.schema = backend.schema;
-            if (backend.secrets)
-              requestBody.secrets = backend.secrets;
-          }
-          const finalizeResponse = await fetch(deployUrl, {
-            method: "POST",
-            headers,
-            body: JSON.stringify(requestBody),
-            credentials: "omit"
-          });
-          if (!finalizeResponse.ok) {
-            const errText = await finalizeResponse.text().catch(() => "");
-            throw new Error(`Deploy request failed: ${finalizeResponse.status} ${finalizeResponse.statusText}${errText ? ` - ${errText}` : ""}`);
-          }
-          if (!finalizeResponse.body) {
-            throw new Error("Deploy response body missing");
-          }
-          hooks?.onEvent?.({ type: "finalizeStart" });
-          let sawAnyServerEvent = false;
-          const reader = finalizeResponse.body.pipeThrough(new TextDecoderStream).getReader();
-          let buffer = "";
-          while (true) {
-            const { done, value } = await reader.read();
-            if (done) {
-              if (!sawAnyServerEvent) {
-                hooks?.onClose?.();
-                hooks?.onEvent?.({ type: "close" });
-              }
-              break;
-            }
-            buffer += value;
-            let eolIndex;
-            while ((eolIndex = buffer.indexOf(`
-
-`)) >= 0) {
-              const message = buffer.slice(0, eolIndex);
-              buffer = buffer.slice(eolIndex + 2);
-              const eventLine = message.match(/^event: (.*)$/m);
-              const dataLine = message.match(/^data: (.*)$/m);
-              if (eventLine && dataLine) {
-                const eventType = eventLine[1];
-                const eventData = JSON.parse(dataLine[1]);
-                if (eventType === "uploadProgress") {
-                  sawAnyServerEvent = true;
-                  const percent = (eventData.value ?? 0) / 100;
-                  hooks?.onEvent?.({
-                    type: "finalizeProgress",
-                    percent,
-                    currentFileLabel: eventData.currentFileLabel || ""
-                  });
-                } else if (eventType === "status") {
-                  sawAnyServerEvent = true;
-                  if (eventData.message) {
-                    hooks?.onEvent?.({
-                      type: "finalizeStatus",
-                      message: eventData.message
-                    });
-                  }
-                } else if (eventType === "complete") {
-                  sawAnyServerEvent = true;
-                  reader.cancel();
-                  return eventData;
-                } else if (eventType === "error") {
-                  sawAnyServerEvent = true;
-                  reader.cancel();
-                  throw new Error(eventData.message);
-                }
-              }
-            }
-          }
-          throw new Error("Deployment completed but no final game data received");
-        }
-        if (game) {
-          return game;
-        }
-        throw new Error("No deployment actions specified (need metadata, file, or backend)");
-      },
-      seed: async (slug, code, environment) => {
-        return client["request"](`/games/${slug}/seed`, "POST", {
-          body: { code, environment }
-        });
-      },
-      upsert: async (slug, metadata) => client["request"](`/games/${slug}`, "PUT", { body: metadata }),
-      delete: (gameId) => client["request"](`/games/${gameId}`, "DELETE"),
-      secrets: {
-        set: async (slug, secrets) => {
-          const result = await client["request"](`/games/${slug}/secrets`, "POST", { body: secrets });
-          return result.keys;
-        },
-        list: async (slug) => {
-          const result = await client["request"](`/games/${slug}/secrets`, "GET");
-          return result.keys;
-        },
-        get: async (slug) => {
-          const result = await client["request"](`/games/${slug}/secrets/values`, "GET");
-          return result.secrets;
-        },
-        delete: async (slug, key) => {
-          await client["request"](`/games/${slug}/secrets/${key}`, "DELETE");
-        }
-      },
-      database: {
-        reset: async (slug, schema) => {
-          return client["request"](`/games/${slug}/database/reset`, "POST", {
-            body: { schema }
-          });
-        }
-      },
-      bucket: {
-        list: async (slug, prefix) => {
-          const params = prefix ? `?prefix=${encodeURIComponent(prefix)}` : "";
-          const result = await client["request"](`/games/${slug}/bucket${params}`, "GET");
-          return result.files;
-        },
-        get: async (slug, key) => {
-          const res = await client["request"](`/games/${slug}/bucket/${encodeURIComponent(key)}`, "GET", { raw: true });
-          if (!res.ok) {
-            let errorMessage = res.statusText;
-            try {
-              const errorData = await res.json();
-              if (errorData.error) {
-                errorMessage = errorData.error;
-              } else if (errorData.message) {
-                errorMessage = errorData.message;
-              }
-            } catch {}
-            throw new Error(errorMessage);
-          }
-          return res.arrayBuffer();
-        },
-        put: async (slug, key, content, contentType) => {
-          await client["request"](`/games/${slug}/bucket/${encodeURIComponent(key)}`, "PUT", {
-            body: content,
-            headers: contentType ? { "Content-Type": contentType } : undefined
-          });
-        },
-        delete: async (slug, key) => {
-          await client["request"](`/games/${slug}/bucket/${encodeURIComponent(key)}`, "DELETE");
-        }
-      },
-      domains: {
-        add: async (slug, hostname) => {
-          return client["request"](`/games/${slug}/domains`, "POST", {
-            body: { hostname }
-          });
-        },
-        list: async (slug) => {
-          const result = await client["request"](`/games/${slug}/domains`, "GET");
-          return result.domains;
-        },
-        status: async (slug, hostname, refresh) => {
-          const params = refresh ? "?refresh=true" : "";
-          return client["request"](`/games/${slug}/domains/${hostname}${params}`, "GET");
-        },
-        delete: async (slug, hostname) => {
-          await client["request"](`/games/${slug}/domains/${hostname}`, "DELETE");
-        }
-      }
-    },
-    items: {
-      create: (gameId, slug, itemData) => client["request"](`/games/${gameId}/items`, "POST", {
-        body: {
-          slug,
-          ...itemData
-        }
-      }),
-      update: (gameId, itemId, updates) => client["request"](`/games/${gameId}/items/${itemId}`, "PATCH", {
-        body: updates
-      }),
-      list: (gameId) => client["request"](`/games/${gameId}/items`, "GET"),
-      get: (gameId, slug) => {
-        const queryParams = new URLSearchParams({ slug, gameId });
-        return client["request"](`/items/resolve?${queryParams.toString()}`, "GET");
-      },
-      delete: (gameId, itemId) => client["request"](`/games/${gameId}/items/${itemId}`, "DELETE"),
-      shop: {
-        create: (gameId, itemId, listingData) => {
-          return client["request"](`/games/${gameId}/items/${itemId}/shop-listing`, "POST", { body: listingData });
-        },
-        get: (gameId, itemId) => {
-          return client["request"](`/games/${gameId}/items/${itemId}/shop-listing`, "GET");
-        },
-        update: (gameId, itemId, updates) => {
-          return client["request"](`/games/${gameId}/items/${itemId}/shop-listing`, "PATCH", { body: updates });
-        },
-        delete: (gameId, itemId) => {
-          return client["request"](`/games/${gameId}/items/${itemId}/shop-listing`, "DELETE");
-        },
-        list: (gameId) => {
-          return client["request"](`/games/${gameId}/shop-listings`, "GET");
-        }
-      }
-    }
-  };
-}
-
-// src/core/namespaces/maps.ts
-function createMapsNamespace(client) {
-  const mapDataCache = createTTLCache({
-    ttl: 5 * 60 * 1000,
-    keyPrefix: "maps.data"
-  });
-  const mapElementsCache = createTTLCache({
-    ttl: 60 * 1000,
-    keyPrefix: "maps.elements"
-  });
-  return {
-    get: (identifier, options) => mapDataCache.get(identifier, () => client["request"](`/maps/${identifier}`, "GET"), options),
-    elements: (mapId, options) => mapElementsCache.get(mapId, () => client["request"](`/map/elements?mapId=${mapId}`, "GET"), options),
-    objects: {
-      list: (mapId) => client["request"](`/maps/${mapId}/objects`, "GET"),
-      create: (mapId, objectData) => client["request"](`/maps/${mapId}/objects`, "POST", {
-        body: objectData
-      }),
-      delete: (mapId, objectId) => client["request"](`/maps/${mapId}/objects/${objectId}`, "DELETE")
-    }
-  };
-}
-var init_maps = () => {};
-
-// src/core/namespaces/admin.ts
-function createAdminNamespace(client) {
-  return {
-    games: {
-      pauseGame: (gameId) => client["request"](`/admin/games/${gameId}/pause`, "POST"),
-      resumeGame: (gameId) => client["request"](`/admin/games/${gameId}/resume`, "POST")
-    },
-    items: {
-      create: (props) => client["request"]("/items", "POST", { body: props }),
-      get: (itemId) => client["request"](`/items/${itemId}`, "GET"),
-      list: () => client["request"]("/items", "GET"),
-      update: (itemId, props) => client["request"](`/items/${itemId}`, "PATCH", { body: props }),
-      delete: (itemId) => client["request"](`/items/${itemId}`, "DELETE")
-    },
-    currencies: {
-      create: (props) => client["request"]("/currencies", "POST", { body: props }),
-      get: (currencyId) => client["request"](`/currencies/${currencyId}`, "GET"),
-      list: () => client["request"]("/currencies", "GET"),
-      update: (currencyId, props) => client["request"](`/currencies/${currencyId}`, "PATCH", { body: props }),
-      delete: (currencyId) => client["request"](`/currencies/${currencyId}`, "DELETE")
-    },
-    shopListings: {
-      create: (props) => client["request"]("/shop-listings", "POST", { body: props }),
-      get: (listingId) => client["request"](`/shop-listings/${listingId}`, "GET"),
-      list: () => client["request"]("/shop-listings", "GET"),
-      update: (listingId, props) => client["request"](`/shop-listings/${listingId}`, "PATCH", {
-        body: props
-      }),
-      delete: (listingId) => client["request"](`/shop-listings/${listingId}`, "DELETE")
-    }
-  };
-}
-
-// src/core/namespaces/shop.ts
-function createShopNamespace(client) {
-  return {
-    view: () => {
-      return client["request"]("/shop/view", "GET");
-    }
-  };
-}
-
-// src/core/namespaces/telemetry.ts
-function createTelemetryNamespace(client) {
-  return {
-    pushMetrics: (metrics) => client["request"](`/telemetry/metrics`, "POST", { body: metrics })
-  };
-}
-
-// src/core/cache/cooldown-cache.ts
-function createCooldownCache(defaultCooldownMs) {
-  const lastFetchTime = new Map;
-  const pendingRequests = new Map;
-  const lastResults = new Map;
-  async function get(key, loader, config) {
-    const now = Date.now();
-    const lastFetch = lastFetchTime.get(key) || 0;
-    const timeSinceLastFetch = now - lastFetch;
-    const effectiveCooldown = config?.cooldown !== undefined ? config.cooldown : defaultCooldownMs;
-    const force = config?.force || false;
-    const pending = pendingRequests.get(key);
-    if (pending) {
-      return pending;
-    }
-    if (!force && timeSinceLastFetch < effectiveCooldown) {
-      const cachedResult = lastResults.get(key);
-      if (cachedResult !== undefined) {
-        return Promise.resolve(cachedResult);
-      }
-    }
-    const promise = loader().then((result) => {
-      pendingRequests.delete(key);
-      lastFetchTime.set(key, Date.now());
-      lastResults.set(key, result);
-      return result;
-    }).catch((error) => {
-      pendingRequests.delete(key);
-      throw error;
-    });
-    pendingRequests.set(key, promise);
-    return promise;
-  }
-  function clear(key) {
-    if (key === undefined) {
-      lastFetchTime.clear();
-      pendingRequests.clear();
-      lastResults.clear();
-    } else {
-      lastFetchTime.delete(key);
-      pendingRequests.delete(key);
-      lastResults.delete(key);
-    }
-  }
-  return { get, clear };
-}
-
-// src/core/namespaces/levels.ts
-function createLevelsNamespace(client) {
-  const progressCache = createCooldownCache(5000);
-  return {
-    get: async () => {
-      return client["request"]("/users/level", "GET");
-    },
-    progress: async (options) => {
-      return progressCache.get("user-progress", () => client["request"]("/users/level/progress", "GET"), options);
-    },
-    config: {
-      list: async () => {
-        return client["request"]("/levels/config", "GET");
-      },
-      get: async (level) => {
-        return client["request"](`/levels/config/${level}`, "GET");
-      }
-    }
-  };
-}
-var init_levels = () => {};
-
-// ../constants/src/auth.ts
-var init_auth = () => {};
-
-// ../constants/src/domains.ts
-var init_domains = () => {};
-
-// ../constants/src/env-vars.ts
-var init_env_vars = () => {};
-
-// ../constants/src/overworld.ts
-var ITEM_SLUGS, CURRENCIES, BADGES;
-var init_overworld = __esm(() => {
-  ITEM_SLUGS = {
-    PLAYCADEMY_CREDITS: "PLAYCADEMY_CREDITS",
-    PLAYCADEMY_XP: "PLAYCADEMY_XP",
-    FOUNDING_MEMBER_BADGE: "FOUNDING_MEMBER_BADGE",
-    EARLY_ADOPTER_BADGE: "EARLY_ADOPTER_BADGE",
-    FIRST_GAME_BADGE: "FIRST_GAME_BADGE",
-    COMMON_SWORD: "COMMON_SWORD",
-    SMALL_HEALTH_POTION: "SMALL_HEALTH_POTION",
-    SMALL_BACKPACK: "SMALL_BACKPACK",
-    LAVA_LAMP: "LAVA_LAMP",
-    BOOMBOX: "BOOMBOX",
-    CABIN_BED: "CABIN_BED"
-  };
-  CURRENCIES = {
-    PRIMARY: ITEM_SLUGS.PLAYCADEMY_CREDITS,
-    XP: ITEM_SLUGS.PLAYCADEMY_XP
-  };
-  BADGES = {
-    FOUNDING_MEMBER: ITEM_SLUGS.FOUNDING_MEMBER_BADGE,
-    EARLY_ADOPTER: ITEM_SLUGS.EARLY_ADOPTER_BADGE,
-    FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
-  };
-});
-// ../constants/src/timeback.ts
-var TIMEBACK_ROUTES;
-var init_timeback = __esm(() => {
-  TIMEBACK_ROUTES = {
-    END_ACTIVITY: "/integrations/timeback/end-activity"
-  };
-});
-
-// ../constants/src/workers.ts
-var init_workers = () => {};
-
-// ../constants/src/index.ts
-var init_src2 = __esm(() => {
-  init_auth();
-  init_domains();
-  init_env_vars();
-  init_overworld();
-  init_timeback();
-  init_workers();
-});
-
-// src/core/cache/singleton-cache.ts
-function createSingletonCache() {
-  let cachedValue;
-  let hasValue = false;
-  async function get(loader) {
-    if (hasValue) {
-      return cachedValue;
-    }
-    const value = await loader();
-    cachedValue = value;
-    hasValue = true;
-    return value;
-  }
-  function clear() {
-    cachedValue = undefined;
-    hasValue = false;
-  }
-  function has() {
-    return hasValue;
-  }
-  return { get, clear, has };
-}
-
-// src/core/namespaces/credits.ts
-function createCreditsNamespace(client) {
-  const creditsIdCache = createSingletonCache();
-  const getCreditsItemId = async () => {
-    return creditsIdCache.get(async () => {
-      const queryParams = new URLSearchParams({ slug: CURRENCIES.PRIMARY });
-      const creditsItem = await client["request"](`/items/resolve?${queryParams.toString()}`, "GET");
-      if (!creditsItem || !creditsItem.id) {
-        throw new Error("Playcademy Credits item not found in catalog");
-      }
-      return creditsItem.id;
-    });
-  };
-  return {
-    balance: async () => {
-      const inventory = await client["request"]("/inventory", "GET");
-      const primaryCurrencyInventoryItem = inventory.find((item) => item.item?.slug === CURRENCIES.PRIMARY);
-      return primaryCurrencyInventoryItem?.quantity ?? 0;
-    },
-    add: async (amount) => {
-      if (amount <= 0) {
-        throw new Error("Amount must be positive");
-      }
-      const creditsItemId = await getCreditsItemId();
-      const result = await client["request"]("/inventory/add", "POST", {
-        body: {
-          itemId: creditsItemId,
-          qty: amount
-        }
-      });
-      client["emit"]("inventoryChange", {
-        itemId: creditsItemId,
-        delta: amount,
-        newTotal: result.newTotal
-      });
-      return result.newTotal;
-    },
-    spend: async (amount) => {
-      if (amount <= 0) {
-        throw new Error("Amount must be positive");
-      }
-      const creditsItemId = await getCreditsItemId();
-      const result = await client["request"]("/inventory/remove", "POST", {
-        body: {
-          itemId: creditsItemId,
-          qty: amount
+    spend: async (amount) => {
+      if (amount <= 0) {
+        throw new Error("Amount must be positive");
+      }
+      const creditsItemId = await getCreditsItemId();
+      const result = await client["request"]("/inventory/remove", "POST", {
+        body: {
+          itemId: creditsItemId,
+          qty: amount
         }
       });
       client["emit"]("inventoryChange", {
@@ -2097,31 +1536,7 @@ function createCreditsNamespace(client) {
     }
   };
 }
-var init_credits = __esm(() => {
-  init_src2();
-});
-
-// src/core/namespaces/leaderboard.ts
-function createLeaderboardNamespace(client) {
-  return {
-    fetch: async (options) => {
-      const params = new URLSearchParams({
-        timeframe: options?.timeframe || "all_time",
-        limit: String(options?.limit || 10),
-        offset: String(options?.offset || 0)
-      });
-      if (options?.gameId) {
-        params.append("gameId", options.gameId);
-      }
-      return client["request"](`/leaderboard?${params}`, "GET");
-    },
-    getUserRank: async (gameId, userId) => {
-      return client["request"](`/games/${gameId}/users/${userId}/rank`, "GET");
-    }
-  };
-}
-
-// src/core/namespaces/scores.ts
+// src/namespaces/game/scores.ts
 function createScoresNamespace(client) {
   return {
     submit: async (gameId, score, metadata) => {
@@ -2131,99 +1546,15 @@ function createScoresNamespace(client) {
           metadata
         }
       });
-    },
-    getByUser: async (gameId, userId, options) => {
-      const params = new URLSearchParams;
-      if (options?.limit) {
-        params.append("limit", String(options.limit));
-      }
-      const queryString = params.toString();
-      const path = queryString ? `/games/${gameId}/users/${userId}/scores?${queryString}` : `/games/${gameId}/users/${userId}/scores`;
-      return client["request"](path, "GET");
-    }
-  };
-}
-
-// src/core/namespaces/character.ts
-function createCharacterNamespace(client) {
-  const componentCache = createTTLCache({
-    ttl: 5 * 60 * 1000,
-    keyPrefix: "character.components"
-  });
-  return {
-    get: async (userId) => {
-      try {
-        const path = userId ? `/character/${userId}` : "/character";
-        return await client["request"](path, "GET");
-      } catch (error) {
-        if (error instanceof Error) {
-          if (error.message.includes("404")) {
-            return null;
-          }
-        }
-        throw error;
-      }
-    },
-    create: async (characterData) => {
-      return client["request"]("/character", "POST", { body: characterData });
-    },
-    update: async (updates) => {
-      return client["request"]("/character", "PATCH", { body: updates });
-    },
-    components: {
-      list: async (options) => {
-        const cacheKey = options?.level === undefined ? "all" : String(options.level);
-        return componentCache.get(cacheKey, async () => {
-          const path = options?.level !== undefined ? `/character/components?level=${options.level}` : "/character/components";
-          const components = await client["request"](path, "GET");
-          return components || [];
-        }, options);
-      },
-      clearCache: (key) => componentCache.clear(key),
-      getCacheKeys: () => componentCache.getKeys()
-    },
-    accessories: {
-      equip: async (slot, componentId) => {
-        return client["request"]("/character/accessories/equip", "POST", { body: { slot, accessoryComponentId: componentId } });
-      },
-      remove: async (slot) => {
-        return client["request"](`/character/accessories/${slot}`, "DELETE");
-      },
-      list: async () => {
-        const character = await client.character.get();
-        return character?.accessories || [];
-      }
-    }
-  };
-}
-var init_character = () => {};
-
-// src/core/namespaces/sprites.ts
-function createSpritesNamespace(client) {
-  const templateUrlCache = createPermanentCache("sprite-template-urls");
-  return {
-    templates: {
-      get: async (slug) => {
-        if (!slug)
-          throw new Error("Sprite template slug is required");
-        const templateMeta = await templateUrlCache.get(slug, async () => {
-          return client["request"](`/sprites/templates/${slug}`, "GET");
-        });
-        if (!templateMeta.url) {
-          throw new Error(`Template ${slug} has no URL in database`);
-        }
-        const response = await fetch(templateMeta.url);
-        if (!response.ok) {
-          throw new Error(`Failed to fetch template JSON from ${templateMeta.url}: ${response.statusText}`);
-        }
-        return await response.json();
-      }
     }
   };
 }
-var init_sprites = () => {};
+// src/namespaces/game/realtime.client.ts
+var CLOSE_CODES = {
+  NORMAL_CLOSURE: 1000,
+  TOKEN_REFRESH: 4000
+};
 
-// src/core/namespaces/realtime.client.ts
 class RealtimeChannelClient {
   gameId;
   _channelName;
@@ -2420,17 +1751,8 @@ class RealtimeChannelClient {
     return this.ws?.readyState === WebSocket.OPEN;
   }
 }
-var CLOSE_CODES;
-var init_realtime_client = __esm(() => {
-  init_src();
-  init_messaging();
-  CLOSE_CODES = {
-    NORMAL_CLOSURE: 1000,
-    TOKEN_REFRESH: 4000
-  };
-});
 
-// src/core/namespaces/realtime.ts
+// src/namespaces/game/realtime.ts
 function createRealtimeNamespace(client) {
   return {
     token: {
@@ -2455,45 +1777,7 @@ function createRealtimeNamespace(client) {
     }
   };
 }
-var init_realtime = __esm(() => {
-  init_realtime_client();
-});
-
-// src/core/namespaces/achievements.ts
-function createAchievementsNamespace(client) {
-  const achievementsListCache = createTTLCache({
-    ttl: 5 * 1000,
-    keyPrefix: "achievements.list"
-  });
-  const achievementsHistoryCache = createTTLCache({
-    ttl: 5 * 1000,
-    keyPrefix: "achievements.history"
-  });
-  return {
-    list: (options) => {
-      return achievementsListCache.get("current", () => client["request"]("/achievements/current", "GET"), options);
-    },
-    history: {
-      list: async (queryOptions, cacheOptions) => {
-        const params = new URLSearchParams;
-        if (queryOptions?.limit)
-          params.append("limit", String(queryOptions.limit));
-        const qs = params.toString();
-        const path = qs ? `/achievements/history?${qs}` : "/achievements/history";
-        const cacheKey = qs ? `history-${qs}` : "history";
-        return achievementsHistoryCache.get(cacheKey, () => client["request"](path, "GET"), cacheOptions);
-      }
-    },
-    progress: {
-      submit: async (achievementId) => client["request"]("/achievements/progress", "POST", {
-        body: { achievementId }
-      })
-    }
-  };
-}
-var init_achievements = () => {};
-
-// src/core/namespaces/timeback.ts
+// src/namespaces/game/timeback.ts
 function createTimebackNamespace(client) {
   let currentActivity = null;
   return {
@@ -2548,7 +1832,8 @@ function createTimebackNamespace(client) {
         timingData: {
           durationSeconds
         },
-        xpEarned: data.xpAwarded
+        xpEarned: data.xpAwarded,
+        masteredUnits: data.masteredUnits
       };
       try {
         const response = await client["requestGameBackend"](TIMEBACK_ROUTES.END_ACTIVITY, "POST", request2);
@@ -2620,515 +1905,197 @@ function createTimebackNamespace(client) {
     }
   };
 }
-var init_timeback2 = __esm(() => {
-  init_src2();
-});
-
-// src/core/namespaces/notifications.ts
-function createNotificationsNamespace(client) {
-  const notificationsListCache = createTTLCache({
-    ttl: 5 * 1000,
-    keyPrefix: "notifications.list"
-  });
-  const notificationStatsCache = createTTLCache({
-    ttl: 30 * 1000,
-    keyPrefix: "notifications.stats"
-  });
-  return {
-    list: async (queryOptions, cacheOptions) => {
-      const params = new URLSearchParams;
-      if (queryOptions?.status)
-        params.append("status", queryOptions.status);
-      if (queryOptions?.type)
-        params.append("type", queryOptions.type);
-      if (queryOptions?.limit)
-        params.append("limit", String(queryOptions.limit));
-      if (queryOptions?.offset)
-        params.append("offset", String(queryOptions.offset));
-      const qs = params.toString();
-      const path = qs ? `/notifications?${qs}` : "/notifications";
-      const cacheKey = qs ? `list-${qs}` : "list";
-      return notificationsListCache.get(cacheKey, () => client["request"](path, "GET"), cacheOptions);
-    },
-    markAsSeen: async (notificationId) => {
-      const result = await client["request"](`/notifications/${notificationId}/status`, "PATCH", {
-        body: {
-          id: notificationId,
-          status: "seen"
-        }
-      });
-      notificationsListCache.clear();
-      return result;
-    },
-    markAsClicked: async (notificationId) => {
-      const result = await client["request"](`/notifications/${notificationId}/status`, "PATCH", {
-        body: {
-          id: notificationId,
-          status: "clicked"
-        }
-      });
-      notificationsListCache.clear();
-      return result;
-    },
-    dismiss: async (notificationId) => {
-      const result = await client["request"](`/notifications/${notificationId}/status`, "PATCH", {
-        body: {
-          id: notificationId,
-          status: "dismissed"
-        }
-      });
-      notificationsListCache.clear();
-      return result;
+// src/clients/public.ts
+class PlaycademyClient {
+  baseUrl;
+  gameUrl;
+  authStrategy;
+  gameId;
+  config;
+  listeners = {};
+  internalClientSessionId;
+  authContext;
+  initPayload;
+  connectionManager;
+  _sessionManager = {
+    startSession: async (gameId) => {
+      return this.request(`/games/${gameId}/sessions`, "POST");
     },
-    stats: {
-      get: async (queryOptions, cacheOptions) => {
-        const user = await client.users.me();
-        const params = new URLSearchParams;
-        if (queryOptions?.from)
-          params.append("from", queryOptions.from);
-        if (queryOptions?.to)
-          params.append("to", queryOptions.to);
-        const qs = params.toString();
-        const path = qs ? `/notifications/stats/${user.id}?${qs}` : `/notifications/stats/${user.id}`;
-        const cacheKey = qs ? `stats-${qs}` : "stats";
-        return notificationStatsCache.get(cacheKey, () => client["request"](path, "GET"), cacheOptions);
-      }
+    endSession: async (sessionId, gameId) => {
+      return this.request(`/games/${gameId}/sessions/${sessionId}`, "DELETE");
     }
   };
-}
-var init_notifications = () => {};
-
-// src/core/namespaces/backend.ts
-function createBackendNamespace(client) {
-  function normalizePath(path) {
-    return path.startsWith("/") ? path : `/${path}`;
+  constructor(config) {
+    this.baseUrl = config?.baseUrl?.endsWith("/api") ? config.baseUrl : `${config?.baseUrl}/api`;
+    this.gameUrl = config?.gameUrl;
+    this.gameId = config?.gameId;
+    this.config = config || {};
+    this.authStrategy = createAuthStrategy(config?.token ?? null, config?.tokenType);
+    this._detectAuthContext();
+    this._initializeInternalSession().catch(() => {});
+    this._initializeConnectionMonitor();
+  }
+  getBaseUrl() {
+    const isRelative = this.baseUrl.startsWith("/");
+    const isBrowser2 = typeof window !== "undefined";
+    return isRelative && isBrowser2 ? `${window.location.origin}${this.baseUrl}` : this.baseUrl;
+  }
+  getGameBackendUrl() {
+    if (!this.gameUrl) {
+      throw new PlaycademyError("Game backend URL not configured. gameUrl must be set to use game backend features.");
+    }
+    const isRelative = this.gameUrl.startsWith("/");
+    const isBrowser2 = typeof window !== "undefined";
+    const effectiveGameUrl = isRelative && isBrowser2 ? `${window.location.origin}${this.gameUrl}` : this.gameUrl;
+    return `${effectiveGameUrl}/api`;
+  }
+  ping() {
+    return "pong";
+  }
+  setToken(token, tokenType) {
+    this.authStrategy = createAuthStrategy(token, tokenType);
+    this.emit("authChange", { token });
+  }
+  getTokenType() {
+    return this.authStrategy.getType();
   }
-  return {
-    async get(path, headers) {
-      return client["requestGameBackend"](normalizePath(path), "GET", undefined, headers);
-    },
-    async post(path, body, headers) {
-      return client["requestGameBackend"](normalizePath(path), "POST", body, headers);
-    },
-    async put(path, body, headers) {
-      return client["requestGameBackend"](normalizePath(path), "PUT", body, headers);
-    },
-    async patch(path, body, headers) {
-      return client["requestGameBackend"](normalizePath(path), "PATCH", body, headers);
-    },
-    async delete(path, headers) {
-      return client["requestGameBackend"](normalizePath(path), "DELETE", undefined, headers);
-    },
-    async request(path, method, body, headers) {
-      return client["requestGameBackend"](normalizePath(path), method, body, headers);
-    },
-    async download(path, method = "GET", body, headers) {
-      return client["requestGameBackend"](normalizePath(path), method, body, headers, true);
-    },
-    url(pathOrStrings, ...values) {
-      if (Array.isArray(pathOrStrings) && "raw" in pathOrStrings) {
-        const strings = pathOrStrings;
-        const path2 = strings.reduce((acc, str, i) => {
-          return acc + str + (values[i] != null ? String(values[i]) : "");
-        }, "");
-        return `${client.gameUrl}/api${path2.startsWith("/") ? path2 : `/${path2}`}`;
-      }
-      const path = pathOrStrings;
-      return `${client.gameUrl}/api${path.startsWith("/") ? path : `/${path}`}`;
-    }
-  };
-}
-
-// src/core/namespaces/index.ts
-var init_namespaces = __esm(() => {
-  init_identity();
-  init_runtime();
-  init_games();
-  init_users();
-  init_maps();
-  init_levels();
-  init_credits();
-  init_character();
-  init_sprites();
-  init_realtime();
-  init_achievements();
-  init_timeback2();
-  init_notifications();
-});
-
-// src/core/static/init.ts
-async function getPlaycademyConfig(allowedParentOrigins) {
-  const preloaded = window.PLAYCADEMY;
-  if (preloaded?.token) {
-    return preloaded;
+  getToken() {
+    return this.authStrategy.getToken();
   }
-  if (window.self !== window.top) {
-    return await waitForPlaycademyInit(allowedParentOrigins);
-  } else {
-    return createStandaloneConfig();
+  isAuthenticated() {
+    return this.authStrategy.getToken() !== null;
   }
-}
-function getReferrerOrigin() {
-  try {
-    return document.referrer ? new URL(document.referrer).origin : null;
-  } catch {
-    return null;
+  onAuthChange(callback) {
+    this.on("authChange", (payload) => callback(payload.token));
   }
-}
-function buildAllowedOrigins(explicit) {
-  if (Array.isArray(explicit) && explicit.length > 0)
-    return explicit;
-  const ref = getReferrerOrigin();
-  return ref ? [ref] : [];
-}
-function isOriginAllowed(origin, allowlist) {
-  if (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1") {
-    return true;
+  onDisconnect(callback) {
+    if (!this.connectionManager) {
+      return () => {};
+    }
+    return this.connectionManager.onDisconnect(callback);
   }
-  if (!allowlist || allowlist.length === 0) {
-    console.error("[Playcademy SDK] No allowed origins configured. Consider passing allowedParentOrigins explicitly to init().");
-    return false;
+  getConnectionState() {
+    return this.connectionManager?.getState() ?? "unknown";
   }
-  return allowlist.includes(origin);
-}
-async function waitForPlaycademyInit(allowedParentOrigins) {
-  return new Promise((resolve, reject) => {
-    let contextReceived = false;
-    const timeoutDuration = 5000;
-    const allowlist = buildAllowedOrigins(allowedParentOrigins);
-    let hasWarnedAboutUntrustedOrigin = false;
-    function warnAboutUntrustedOrigin(origin) {
-      if (hasWarnedAboutUntrustedOrigin)
-        return;
-      hasWarnedAboutUntrustedOrigin = true;
-      console.warn("[Playcademy SDK] Ignoring INIT from untrusted origin:", origin);
-    }
-    const handleMessage = (event) => {
-      if (event.data?.type !== "PLAYCADEMY_INIT" /* INIT */)
-        return;
-      if (!isOriginAllowed(event.origin, allowlist)) {
-        warnAboutUntrustedOrigin(event.origin);
-        return;
-      }
-      contextReceived = true;
-      window.removeEventListener("message", handleMessage);
-      clearTimeout(timeoutId);
-      window.PLAYCADEMY = event.data.payload;
-      resolve(event.data.payload);
-    };
-    window.addEventListener("message", handleMessage);
-    const timeoutId = setTimeout(() => {
-      if (!contextReceived) {
-        window.removeEventListener("message", handleMessage);
-        reject(new Error(`${"PLAYCADEMY_INIT" /* INIT */} not received within ${timeoutDuration}ms`));
-      }
-    }, timeoutDuration);
-  });
-}
-function createStandaloneConfig() {
-  console.debug("[Playcademy SDK] Standalone mode detected, creating mock context for sandbox development");
-  const mockConfig = {
-    baseUrl: "http://localhost:4321",
-    gameUrl: window.location.origin,
-    token: "mock-game-token-for-local-dev",
-    gameId: "mock-game-id-from-template",
-    realtimeUrl: undefined
-  };
-  window.PLAYCADEMY = mockConfig;
-  return mockConfig;
-}
-async function init(options) {
-  const { PlaycademyClient } = await Promise.resolve().then(() => (init_client(), exports_client));
-  if (typeof window === "undefined") {
-    throw new Error("Playcademy SDK must run in a browser context");
+  async checkConnection() {
+    if (!this.connectionManager)
+      return "unknown";
+    return await this.connectionManager.checkNow();
   }
-  const config = await getPlaycademyConfig(options?.allowedParentOrigins);
-  if (options?.baseUrl) {
-    config.baseUrl = options.baseUrl;
+  _setAuthContext(context) {
+    this.authContext = context;
   }
-  const client = new PlaycademyClient({
-    baseUrl: config.baseUrl,
-    gameUrl: config.gameUrl,
-    token: config.token,
-    gameId: config.gameId,
-    autoStartSession: window.self !== window.top,
-    onDisconnect: options?.onDisconnect,
-    enableConnectionMonitoring: options?.enableConnectionMonitoring
-  });
-  client["initPayload"] = config;
-  messaging.listen("PLAYCADEMY_TOKEN_REFRESH" /* TOKEN_REFRESH */, ({ token }) => client.setToken(token));
-  messaging.send("PLAYCADEMY_READY" /* READY */, undefined);
-  if (import.meta.env?.MODE === "development") {
-    window.PLAYCADEMY_CLIENT = client;
+  on(event, callback) {
+    this.listeners[event] = this.listeners[event] ?? [];
+    this.listeners[event].push(callback);
   }
-  return client;
-}
-var init_init = __esm(() => {
-  init_messaging();
-});
-
-// src/core/static/login.ts
-async function login2(baseUrl, email, password) {
-  let url = baseUrl;
-  if (baseUrl.startsWith("/") && typeof window !== "undefined") {
-    url = window.location.origin + baseUrl;
+  emit(event, payload) {
+    (this.listeners[event] ?? []).forEach((listener) => {
+      listener(payload);
+    });
   }
-  url = url + "/auth/login";
-  const response = await fetch(url, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify({ email, password })
-  });
-  if (!response.ok) {
+  async request(path, method, options) {
+    const effectiveHeaders = {
+      ...options?.headers,
+      ...this.authStrategy.getHeaders()
+    };
     try {
-      const errorData = await response.json();
-      const errorMessage = errorData && errorData.message ? String(errorData.message) : response.statusText;
-      throw new PlaycademyError(errorMessage);
+      const result = await request({
+        path,
+        method,
+        body: options?.body,
+        baseUrl: this.baseUrl,
+        extraHeaders: effectiveHeaders,
+        raw: options?.raw
+      });
+      this.connectionManager?.reportRequestSuccess();
+      return result;
     } catch (error) {
-      log.error("[Playcademy SDK] Failed to parse error response JSON, using status text instead:", { error });
-      throw new PlaycademyError(response.statusText);
+      this.connectionManager?.reportRequestFailure(error);
+      throw error;
     }
   }
-  return response.json();
-}
-var init_login2 = __esm(() => {
-  init_src();
-  init_errors();
-});
-
-// src/core/static/identity.ts
-var identity;
-var init_identity2 = __esm(() => {
-  init_oauth();
-  identity = {
-    parseOAuthState
-  };
-});
-
-// src/core/static/index.ts
-var init_static = __esm(() => {
-  init_init();
-  init_login2();
-  init_identity2();
-});
-
-// src/core/client.ts
-var exports_client = {};
-__export(exports_client, {
-  PlaycademyClient: () => PlaycademyClient
-});
-var PlaycademyClient;
-var init_client = __esm(() => {
-  init_src();
-  init_connection();
-  init_errors();
-  init_namespaces();
-  init_request();
-  init_static();
-  PlaycademyClient = class PlaycademyClient {
-    baseUrl;
-    gameUrl;
-    authStrategy;
-    gameId;
-    config;
-    listeners = {};
-    internalClientSessionId;
-    authContext;
-    initPayload;
-    connectionManager;
-    constructor(config) {
-      this.baseUrl = config?.baseUrl?.endsWith("/api") ? config.baseUrl : `${config?.baseUrl}/api`;
-      this.gameUrl = config?.gameUrl;
-      this.gameId = config?.gameId;
-      this.config = config || {};
-      this.authStrategy = createAuthStrategy(config?.token ?? null, config?.tokenType);
-      this._detectAuthContext();
-      this._initializeInternalSession().catch(() => {});
-      this._initializeConnectionMonitor();
-    }
-    getBaseUrl() {
-      const isRelative = this.baseUrl.startsWith("/");
-      const isBrowser2 = typeof window !== "undefined";
-      return isRelative && isBrowser2 ? `${window.location.origin}${this.baseUrl}` : this.baseUrl;
-    }
-    getGameBackendUrl() {
-      if (!this.gameUrl) {
-        throw new PlaycademyError("Game backend URL not configured. gameUrl must be set to use game backend features.");
-      }
-      const isRelative = this.gameUrl.startsWith("/");
-      const isBrowser2 = typeof window !== "undefined";
-      const effectiveGameUrl = isRelative && isBrowser2 ? `${window.location.origin}${this.gameUrl}` : this.gameUrl;
-      return `${effectiveGameUrl}/api`;
-    }
-    ping() {
-      return "pong";
-    }
-    setToken(token, tokenType) {
-      this.authStrategy = createAuthStrategy(token, tokenType);
-      this.emit("authChange", { token });
-    }
-    getTokenType() {
-      return this.authStrategy.getType();
-    }
-    getToken() {
-      return this.authStrategy.getToken();
-    }
-    isAuthenticated() {
-      return this.authStrategy.getToken() !== null;
-    }
-    onAuthChange(callback) {
-      this.on("authChange", (payload) => callback(payload.token));
-    }
-    onDisconnect(callback) {
-      if (!this.connectionManager) {
-        return () => {};
-      }
-      return this.connectionManager.onDisconnect(callback);
-    }
-    getConnectionState() {
-      return this.connectionManager?.getState() ?? "unknown";
-    }
-    async checkConnection() {
-      if (!this.connectionManager)
-        return "unknown";
-      return await this.connectionManager.checkNow();
-    }
-    _setAuthContext(context) {
-      this.authContext = context;
-    }
-    on(event, callback) {
-      this.listeners[event] = this.listeners[event] ?? [];
-      this.listeners[event].push(callback);
-    }
-    emit(event, payload) {
-      (this.listeners[event] ?? []).forEach((listener) => {
-        listener(payload);
+  async requestGameBackend(path, method, body, headers, raw) {
+    const effectiveHeaders = {
+      ...headers,
+      ...this.authStrategy.getHeaders()
+    };
+    try {
+      const result = await request({
+        path,
+        method,
+        body,
+        baseUrl: this.getGameBackendUrl(),
+        extraHeaders: effectiveHeaders,
+        raw
       });
+      this.connectionManager?.reportRequestSuccess();
+      return result;
+    } catch (error) {
+      this.connectionManager?.reportRequestFailure(error);
+      throw error;
     }
-    async request(path, method, options) {
-      const effectiveHeaders = {
-        ...options?.headers,
-        ...this.authStrategy.getHeaders()
-      };
-      try {
-        const result = await request({
-          path,
-          method,
-          body: options?.body,
-          baseUrl: this.baseUrl,
-          extraHeaders: effectiveHeaders,
-          raw: options?.raw
-        });
-        this.connectionManager?.reportRequestSuccess();
-        return result;
-      } catch (error) {
-        this.connectionManager?.reportRequestFailure(error);
-        throw error;
-      }
-    }
-    async requestGameBackend(path, method, body, headers, raw) {
-      const effectiveHeaders = {
-        ...headers,
-        ...this.authStrategy.getHeaders()
-      };
-      try {
-        const result = await request({
-          path,
-          method,
-          body,
-          baseUrl: this.getGameBackendUrl(),
-          extraHeaders: effectiveHeaders,
-          raw
-        });
-        this.connectionManager?.reportRequestSuccess();
-        return result;
-      } catch (error) {
-        this.connectionManager?.reportRequestFailure(error);
-        throw error;
-      }
-    }
-    _ensureGameId() {
-      if (!this.gameId) {
-        throw new PlaycademyError("This operation requires a gameId, but none was provided when initializing the client.");
-      }
-      return this.gameId;
-    }
-    _detectAuthContext() {
-      this.authContext = { isInIframe: isInIframe() };
+  }
+  _ensureGameId() {
+    if (!this.gameId) {
+      throw new PlaycademyError("This operation requires a gameId, but none was provided when initializing the client.");
     }
-    _initializeConnectionMonitor() {
-      if (typeof window === "undefined")
-        return;
-      const isEnabled = this.config.enableConnectionMonitoring ?? true;
-      if (!isEnabled)
-        return;
-      try {
-        this.connectionManager = new ConnectionManager({
-          baseUrl: this.baseUrl,
-          authContext: this.authContext,
-          onDisconnect: this.config.onDisconnect,
-          onConnectionChange: (state, reason) => {
-            this.emit("connectionChange", { state, reason });
-          }
-        });
-      } catch (error) {
-        log.error("[Playcademy SDK] Failed to initialize connection manager:", { error });
-      }
+    return this.gameId;
+  }
+  _detectAuthContext() {
+    this.authContext = { isInIframe: isInIframe() };
+  }
+  _initializeConnectionMonitor() {
+    if (typeof window === "undefined")
+      return;
+    const isEnabled = this.config.enableConnectionMonitoring ?? true;
+    if (!isEnabled)
+      return;
+    try {
+      this.connectionManager = new ConnectionManager({
+        baseUrl: this.baseUrl,
+        authContext: this.authContext,
+        onDisconnect: this.config.onDisconnect,
+        onConnectionChange: (state, reason) => {
+          this.emit("connectionChange", { state, reason });
+        }
+      });
+    } catch (error) {
+      log.error("[Playcademy SDK] Failed to initialize connection manager:", { error });
     }
-    async _initializeInternalSession() {
-      if (!this.gameId || this.internalClientSessionId)
-        return;
-      const shouldAutoStart = this.config.autoStartSession ?? true;
-      if (!shouldAutoStart)
-        return;
-      try {
-        const response = await this.games.startSession(this.gameId);
-        this.internalClientSessionId = response.sessionId;
-        log.debug("[Playcademy SDK] Auto-started game session", {
-          gameId: this.gameId,
-          sessionId: this.internalClientSessionId
-        });
-      } catch (error) {
-        log.error("[Playcademy SDK] Auto-starting session failed for game", {
-          gameId: this.gameId,
-          error
-        });
-      }
+  }
+  async _initializeInternalSession() {
+    if (!this.gameId || this.internalClientSessionId)
+      return;
+    const shouldAutoStart = this.config.autoStartSession ?? true;
+    if (!shouldAutoStart)
+      return;
+    try {
+      const response = await this._sessionManager.startSession(this.gameId);
+      this.internalClientSessionId = response.sessionId;
+      log.debug("[Playcademy SDK] Auto-started game session", {
+        gameId: this.gameId,
+        sessionId: this.internalClientSessionId
+      });
+    } catch (error) {
+      log.error("[Playcademy SDK] Auto-starting session failed for game", {
+        gameId: this.gameId,
+        error
+      });
     }
-    auth = createAuthNamespace(this);
-    identity = createIdentityNamespace(this);
-    runtime = createRuntimeNamespace(this);
-    games = createGamesNamespace(this);
-    users = createUsersNamespace(this);
-    dev = createDevNamespace(this);
-    maps = createMapsNamespace(this);
-    admin = createAdminNamespace(this);
-    shop = createShopNamespace(this);
-    levels = createLevelsNamespace(this);
-    timeback = createTimebackNamespace(this);
-    telemetry = createTelemetryNamespace(this);
-    credits = createCreditsNamespace(this);
-    leaderboard = createLeaderboardNamespace(this);
-    scores = createScoresNamespace(this);
-    character = createCharacterNamespace(this);
-    sprites = createSpritesNamespace(this);
-    realtime = createRealtimeNamespace(this);
-    achievements = createAchievementsNamespace(this);
-    notifications = createNotificationsNamespace(this);
-    backend = createBackendNamespace(this);
-    static init = init;
-    static login = login2;
-    static identity = identity;
-  };
-});
-
-// src/index.ts
-init_client();
-init_errors();
-init_connection();
-init_messaging();
+  }
+  identity = createIdentityNamespace(this);
+  runtime = createRuntimeNamespace(this);
+  users = createUsersNamespace(this);
+  timeback = createTimebackNamespace(this);
+  credits = createCreditsNamespace(this);
+  scores = createScoresNamespace(this);
+  realtime = createRealtimeNamespace(this);
+  backend = createBackendNamespace(this);
+  static init = init;
+  static login = login;
+  static identity = identity;
+}
 export {
   messaging,
   extractApiErrorInfo,