@playcademy/sdk 0.2.0 → 0.2.2

package/dist/index.js

@@ -1,3 +1,202 @@
+// src/messaging.ts
+var MessageEvents;
+((MessageEvents2) => {
+  MessageEvents2["INIT"] = "PLAYCADEMY_INIT";
+  MessageEvents2["TOKEN_REFRESH"] = "PLAYCADEMY_TOKEN_REFRESH";
+  MessageEvents2["PAUSE"] = "PLAYCADEMY_PAUSE";
+  MessageEvents2["RESUME"] = "PLAYCADEMY_RESUME";
+  MessageEvents2["FORCE_EXIT"] = "PLAYCADEMY_FORCE_EXIT";
+  MessageEvents2["OVERLAY"] = "PLAYCADEMY_OVERLAY";
+  MessageEvents2["CONNECTION_STATE"] = "PLAYCADEMY_CONNECTION_STATE";
+  MessageEvents2["READY"] = "PLAYCADEMY_READY";
+  MessageEvents2["EXIT"] = "PLAYCADEMY_EXIT";
+  MessageEvents2["TELEMETRY"] = "PLAYCADEMY_TELEMETRY";
+  MessageEvents2["KEY_EVENT"] = "PLAYCADEMY_KEY_EVENT";
+  MessageEvents2["DISPLAY_ALERT"] = "PLAYCADEMY_DISPLAY_ALERT";
+  MessageEvents2["AUTH_STATE_CHANGE"] = "PLAYCADEMY_AUTH_STATE_CHANGE";
+  MessageEvents2["AUTH_CALLBACK"] = "PLAYCADEMY_AUTH_CALLBACK";
+})(MessageEvents ||= {});
+
+class PlaycademyMessaging {
+  listeners = new Map;
+  send(type, payload, options) {
+    if (options?.target) {
+      this.sendViaPostMessage(type, payload, options.target, options.origin || "*");
+      return;
+    }
+    const context = this.getMessagingContext(type);
+    if (context.shouldUsePostMessage) {
+      this.sendViaPostMessage(type, payload, context.target, context.origin);
+    } else {
+      this.sendViaCustomEvent(type, payload);
+    }
+  }
+  listen(type, handler) {
+    const postMessageListener = (event) => {
+      const messageEvent = event;
+      if (messageEvent.data?.type === type) {
+        handler(messageEvent.data.payload || messageEvent.data);
+      }
+    };
+    const customEventListener = (event) => {
+      handler(event.detail);
+    };
+    if (!this.listeners.has(type)) {
+      this.listeners.set(type, new Map);
+    }
+    const listenerMap = this.listeners.get(type);
+    listenerMap.set(handler, {
+      postMessage: postMessageListener,
+      customEvent: customEventListener
+    });
+    window.addEventListener("message", postMessageListener);
+    window.addEventListener(type, customEventListener);
+  }
+  unlisten(type, handler) {
+    const typeListeners = this.listeners.get(type);
+    if (!typeListeners || !typeListeners.has(handler)) {
+      return;
+    }
+    const listeners = typeListeners.get(handler);
+    window.removeEventListener("message", listeners.postMessage);
+    window.removeEventListener(type, listeners.customEvent);
+    typeListeners.delete(handler);
+    if (typeListeners.size === 0) {
+      this.listeners.delete(type);
+    }
+  }
+  getMessagingContext(eventType) {
+    const isIframe = typeof window !== "undefined" && window.self !== window.top;
+    const iframeToParentEvents = [
+      "PLAYCADEMY_READY" /* READY */,
+      "PLAYCADEMY_EXIT" /* EXIT */,
+      "PLAYCADEMY_TELEMETRY" /* TELEMETRY */,
+      "PLAYCADEMY_KEY_EVENT" /* KEY_EVENT */,
+      "PLAYCADEMY_DISPLAY_ALERT" /* DISPLAY_ALERT */
+    ];
+    const shouldUsePostMessage = isIframe && iframeToParentEvents.includes(eventType);
+    return {
+      shouldUsePostMessage,
+      target: shouldUsePostMessage ? window.parent : undefined,
+      origin: "*"
+    };
+  }
+  sendViaPostMessage(type, payload, target = window.parent, origin = "*") {
+    const messageData = { type };
+    if (payload !== undefined) {
+      messageData.payload = payload;
+    }
+    target.postMessage(messageData, origin);
+  }
+  sendViaCustomEvent(type, payload) {
+    window.dispatchEvent(new CustomEvent(type, { detail: payload }));
+  }
+}
+var messaging = new PlaycademyMessaging;
+
+// src/core/static/init.ts
+async function getPlaycademyConfig(allowedParentOrigins) {
+  const preloaded = window.PLAYCADEMY;
+  if (preloaded?.token) {
+    return preloaded;
+  }
+  if (window.self !== window.top) {
+    return await waitForPlaycademyInit(allowedParentOrigins);
+  } else {
+    return createStandaloneConfig();
+  }
+}
+function getReferrerOrigin() {
+  try {
+    return document.referrer ? new URL(document.referrer).origin : null;
+  } catch {
+    return null;
+  }
+}
+function buildAllowedOrigins(explicit) {
+  if (Array.isArray(explicit) && explicit.length > 0)
+    return explicit;
+  const ref = getReferrerOrigin();
+  return ref ? [ref] : [];
+}
+function isOriginAllowed(origin, allowlist) {
+  if (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1") {
+    return true;
+  }
+  if (!allowlist || allowlist.length === 0) {
+    console.error("[Playcademy SDK] No allowed origins configured. Consider passing allowedParentOrigins explicitly to init().");
+    return false;
+  }
+  return allowlist.includes(origin);
+}
+async function waitForPlaycademyInit(allowedParentOrigins) {
+  return new Promise((resolve, reject) => {
+    let contextReceived = false;
+    const timeoutDuration = 5000;
+    const allowlist = buildAllowedOrigins(allowedParentOrigins);
+    let hasWarnedAboutUntrustedOrigin = false;
+    function warnAboutUntrustedOrigin(origin) {
+      if (hasWarnedAboutUntrustedOrigin)
+        return;
+      hasWarnedAboutUntrustedOrigin = true;
+      console.warn("[Playcademy SDK] Ignoring INIT from untrusted origin:", origin);
+    }
+    const handleMessage = (event) => {
+      if (event.data?.type !== "PLAYCADEMY_INIT" /* INIT */)
+        return;
+      if (!isOriginAllowed(event.origin, allowlist)) {
+        warnAboutUntrustedOrigin(event.origin);
+        return;
+      }
+      contextReceived = true;
+      window.removeEventListener("message", handleMessage);
+      clearTimeout(timeoutId);
+      window.PLAYCADEMY = event.data.payload;
+      resolve(event.data.payload);
+    };
+    window.addEventListener("message", handleMessage);
+    const timeoutId = setTimeout(() => {
+      if (!contextReceived) {
+        window.removeEventListener("message", handleMessage);
+        reject(new Error(`${"PLAYCADEMY_INIT" /* INIT */} not received within ${timeoutDuration}ms`));
+      }
+    }, timeoutDuration);
+  });
+}
+function createStandaloneConfig() {
+  console.debug("[Playcademy SDK] Standalone mode detected, creating mock context for sandbox development");
+  const mockConfig = {
+    baseUrl: "http://localhost:4321",
+    gameUrl: window.location.origin,
+    token: "mock-game-token-for-local-dev",
+    gameId: "mock-game-id-from-template",
+    realtimeUrl: undefined
+  };
+  window.PLAYCADEMY = mockConfig;
+  return mockConfig;
+}
+async function init(options) {
+  if (typeof window === "undefined") {
+    throw new Error("Playcademy SDK must run in a browser context");
+  }
+  const config = await getPlaycademyConfig(options?.allowedParentOrigins);
+  if (options?.baseUrl) {
+    config.baseUrl = options.baseUrl;
+  }
+  const client = new this({
+    baseUrl: config.baseUrl,
+    gameUrl: config.gameUrl,
+    token: config.token,
+    gameId: config.gameId,
+    autoStartSession: window.self !== window.top,
+    onDisconnect: options?.onDisconnect,
+    enableConnectionMonitoring: options?.enableConnectionMonitoring
+  });
+  client["initPayload"] = config;
+  messaging.listen("PLAYCADEMY_TOKEN_REFRESH" /* TOKEN_REFRESH */, ({ token }) => client.setToken(token));
+  messaging.send("PLAYCADEMY_READY" /* READY */, undefined);
+  return client;
+}
 // ../logger/src/index.ts
 var isBrowser = () => {
   const g = globalThis;
@@ -175,85 +374,120 @@ var createLogger = () => {
 };
 var log = createLogger();
 
-// src/core/auth/strategies.ts
-class ApiKeyAuth {
-  apiKey;
-  constructor(apiKey) {
-    this.apiKey = apiKey;
-  }
-  getToken() {
-    return this.apiKey;
-  }
-  getType() {
-    return "apiKey";
-  }
-  getHeaders() {
-    return { "x-api-key": this.apiKey };
+// src/core/errors.ts
+class PlaycademyError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "PlaycademyError";
   }
 }
 
-class SessionAuth {
-  sessionToken;
-  constructor(sessionToken) {
-    this.sessionToken = sessionToken;
-  }
-  getToken() {
-    return this.sessionToken;
+class ApiError extends Error {
+  status;
+  details;
+  constructor(status, message, details) {
+    super(`${status} ${message}`);
+    this.status = status;
+    this.details = details;
+    Object.setPrototypeOf(this, ApiError.prototype);
   }
-  getType() {
-    return "session";
+}
+function extractApiErrorInfo(error) {
+  if (!(error instanceof ApiError)) {
+    return null;
   }
-  getHeaders() {
-    return { Authorization: `Bearer ${this.sessionToken}` };
+  const info = {
+    status: error.status,
+    statusText: error.message
+  };
+  if (error.details) {
+    info.details = error.details;
   }
+  return info;
 }
 
-class GameJwtAuth {
-  gameToken;
-  constructor(gameToken) {
-    this.gameToken = gameToken;
-  }
-  getToken() {
-    return this.gameToken;
-  }
-  getType() {
-    return "gameJwt";
+// src/core/static/login.ts
+async function login(baseUrl, email, password) {
+  let url = baseUrl;
+  if (baseUrl.startsWith("/") && typeof window !== "undefined") {
+    url = window.location.origin + baseUrl;
   }
-  getHeaders() {
-    return { Authorization: `Bearer ${this.gameToken}` };
+  url = url + "/auth/login";
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ email, password })
+  });
+  if (!response.ok) {
+    try {
+      const errorData = await response.json();
+      const errorMessage = errorData && errorData.message ? String(errorData.message) : response.statusText;
+      throw new PlaycademyError(errorMessage);
+    } catch (error) {
+      log.error("[Playcademy SDK] Failed to parse error response JSON, using status text instead:", { error });
+      throw new PlaycademyError(response.statusText);
+    }
   }
+  return response.json();
+}
+// ../utils/src/random.ts
+async function generateSecureRandomString(length) {
+  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+  const randomValues = new Uint8Array(length);
+  globalThis.crypto.getRandomValues(randomValues);
+  return Array.from(randomValues).map((byte) => charset[byte % charset.length]).join("");
 }
 
-class NoAuth {
-  getToken() {
-    return null;
-  }
-  getType() {
-    return "session";
-  }
-  getHeaders() {
-    return {};
-  }
+// src/core/auth/oauth.ts
+function getTimebackConfig() {
+  return {
+    authorizationEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/authorize",
+    tokenEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/token",
+    scope: "openid email phone"
+  };
 }
-function createAuthStrategy(token, tokenType) {
-  if (!token) {
-    return new NoAuth;
-  }
-  if (tokenType === "apiKey") {
-    return new ApiKeyAuth(token);
-  }
-  if (tokenType === "session") {
-    return new SessionAuth(token);
+var OAUTH_CONFIGS = {
+  get TIMEBACK() {
+    return getTimebackConfig;
   }
-  if (tokenType === "gameJwt") {
-    return new GameJwtAuth(token);
+};
+async function generateOAuthState(data) {
+  const csrfToken = await generateSecureRandomString(32);
+  if (data && Object.keys(data).length > 0) {
+    const jsonStr = JSON.stringify(data);
+    const base64 = btoa(jsonStr).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+    return `${csrfToken}.${base64}`;
   }
-  if (token.startsWith("cademy")) {
-    return new ApiKeyAuth(token);
+  return csrfToken;
+}
+function parseOAuthState(state) {
+  const lastDotIndex = state.lastIndexOf(".");
+  if (lastDotIndex > 0 && lastDotIndex < state.length - 1) {
+    try {
+      const csrfToken = state.substring(0, lastDotIndex);
+      const base64 = state.substring(lastDotIndex + 1);
+      const base64WithPadding = base64.replace(/-/g, "+").replace(/_/g, "/");
+      const paddedBase64 = base64WithPadding + "=".repeat((4 - base64WithPadding.length % 4) % 4);
+      const jsonStr = atob(paddedBase64);
+      const data = JSON.parse(jsonStr);
+      return { csrfToken, data };
+    } catch {}
   }
-  return new GameJwtAuth(token);
+  return { csrfToken: state };
+}
+function getOAuthConfig(provider) {
+  const configGetter = OAUTH_CONFIGS[provider];
+  if (!configGetter)
+    throw new Error(`Unsupported auth provider: ${provider}`);
+  return configGetter();
 }
 
+// src/core/static/identity.ts
+var identity = {
+  parseOAuthState
+};
 // src/core/auth/utils.ts
 function openPopupWindow(url, name = "auth-popup", width = 500, height = 600) {
   const left = window.screenX + (window.outerWidth - width) / 2;
@@ -283,845 +517,208 @@ function isInIframe() {
   }
 }
 
-// src/core/connection/monitor.ts
-class ConnectionMonitor {
-  state = "online";
-  callbacks = new Set;
-  heartbeatInterval;
-  consecutiveFailures = 0;
-  isMonitoring = false;
-  config;
-  constructor(config) {
-    this.config = {
-      baseUrl: config.baseUrl,
-      heartbeatInterval: config.heartbeatInterval ?? 1e4,
-      heartbeatTimeout: config.heartbeatTimeout ?? 5000,
-      failureThreshold: config.failureThreshold ?? 2,
-      enableHeartbeat: config.enableHeartbeat ?? true,
-      enableOfflineEvents: config.enableOfflineEvents ?? true
-    };
-    this._detectInitialState();
-  }
-  start() {
-    if (this.isMonitoring)
-      return;
-    this.isMonitoring = true;
-    if (this.config.enableOfflineEvents && typeof window !== "undefined") {
-      window.addEventListener("online", this._handleOnline);
-      window.addEventListener("offline", this._handleOffline);
-    }
-    if (this.config.enableHeartbeat) {
-      this._startHeartbeat();
-    }
-  }
-  stop() {
-    if (!this.isMonitoring)
-      return;
-    this.isMonitoring = false;
-    if (typeof window !== "undefined") {
-      window.removeEventListener("online", this._handleOnline);
-      window.removeEventListener("offline", this._handleOffline);
+// src/core/auth/flows/popup.ts
+async function initiatePopupFlow(options) {
+  const { provider, callbackUrl, onStateChange, oauth } = options;
+  try {
+    onStateChange?.({
+      status: "opening_popup",
+      message: "Opening authentication window..."
+    });
+    const defaults = getOAuthConfig(provider);
+    const config = oauth ? { ...defaults, ...oauth } : defaults;
+    if (!config.clientId) {
+      throw new Error(`clientId is required for ${provider} authentication. ` + "Please provide it in the oauth parameter.");
     }
-    if (this.heartbeatInterval) {
-      clearInterval(this.heartbeatInterval);
-      this.heartbeatInterval = undefined;
+    const stateData = options.stateData;
+    const state = await generateOAuthState(stateData);
+    const params = new URLSearchParams({
+      response_type: "code",
+      client_id: config.clientId,
+      redirect_uri: callbackUrl,
+      state
+    });
+    if (config.scope) {
+      params.set("scope", config.scope);
     }
-  }
-  onChange(callback) {
-    this.callbacks.add(callback);
-    return () => this.callbacks.delete(callback);
-  }
-  getState() {
-    return this.state;
-  }
-  async checkNow() {
-    await this._performHeartbeat();
-    return this.state;
-  }
-  reportRequestFailure(error) {
-    const isNetworkError = error instanceof TypeError || error instanceof Error && error.message.includes("fetch");
-    if (!isNetworkError)
-      return;
-    this.consecutiveFailures++;
-    if (this.consecutiveFailures >= this.config.failureThreshold) {
-      this._setState("degraded", "Multiple consecutive request failures");
+    const authUrl = `${config.authorizationEndpoint}?${params.toString()}`;
+    const popup = openPopupWindow(authUrl, "playcademy-auth");
+    if (!popup || popup.closed) {
+      throw new Error("Popup blocked. Please enable popups and try again.");
     }
+    onStateChange?.({
+      status: "exchanging_token",
+      message: "Waiting for authentication..."
+    });
+    return await waitForServerMessage(popup, onStateChange);
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : "Authentication failed";
+    onStateChange?.({
+      status: "error",
+      message: errorMessage,
+      error: error instanceof Error ? error : new Error(errorMessage)
+    });
+    throw error;
   }
-  reportRequestSuccess() {
-    if (this.consecutiveFailures > 0) {
-      this.consecutiveFailures = 0;
-      if (this.state === "degraded") {
-        this._setState("online", "Requests succeeding again");
+}
+async function waitForServerMessage(popup, onStateChange) {
+  return new Promise((resolve) => {
+    let resolved = false;
+    const handleMessage = (event) => {
+      if (event.origin !== window.location.origin)
+        return;
+      const data = event.data;
+      if (data?.type === "PLAYCADEMY_AUTH_STATE_CHANGE") {
+        resolved = true;
+        window.removeEventListener("message", handleMessage);
+        if (data.authenticated && data.user) {
+          onStateChange?.({
+            status: "complete",
+            message: "Authentication successful"
+          });
+          resolve({
+            success: true,
+            user: data.user
+          });
+        } else {
+          const error = new Error(data.error || "Authentication failed");
+          onStateChange?.({
+            status: "error",
+            message: error.message,
+            error
+          });
+          resolve({
+            success: false,
+            error
+          });
+        }
       }
-    }
-  }
-  _detectInitialState() {
-    if (typeof navigator !== "undefined" && !navigator.onLine) {
-      this.state = "offline";
-    }
-  }
-  _handleOnline = () => {
-    this.consecutiveFailures = 0;
-    this._setState("online", "Browser online event");
-  };
-  _handleOffline = () => {
-    this._setState("offline", "Browser offline event");
-  };
-  _startHeartbeat() {
-    this._performHeartbeat();
-    this.heartbeatInterval = setInterval(() => {
-      this._performHeartbeat();
-    }, this.config.heartbeatInterval);
-  }
-  async _performHeartbeat() {
-    if (typeof navigator !== "undefined" && !navigator.onLine) {
-      return;
-    }
-    try {
-      const controller = new AbortController;
-      const timeoutId = setTimeout(() => controller.abort(), this.config.heartbeatTimeout);
-      const response = await fetch(`${this.config.baseUrl}/ping`, {
-        method: "GET",
-        signal: controller.signal,
-        cache: "no-store"
-      });
-      clearTimeout(timeoutId);
-      if (response.ok) {
-        this.consecutiveFailures = 0;
-        if (this.state !== "online") {
-          this._setState("online", "Heartbeat successful");
-        }
-      } else {
-        this._handleHeartbeatFailure("Heartbeat returned non-OK status");
+    };
+    window.addEventListener("message", handleMessage);
+    const checkClosed = setInterval(() => {
+      if (popup.closed && !resolved) {
+        clearInterval(checkClosed);
+        window.removeEventListener("message", handleMessage);
+        const error = new Error("Authentication cancelled");
+        onStateChange?.({
+          status: "error",
+          message: error.message,
+          error
+        });
+        resolve({
+          success: false,
+          error
+        });
       }
-    } catch (error) {
-      this._handleHeartbeatFailure(error instanceof Error ? error.message : "Heartbeat failed");
-    }
-  }
-  _handleHeartbeatFailure(reason) {
-    this.consecutiveFailures++;
-    if (this.consecutiveFailures >= this.config.failureThreshold) {
-      if (typeof navigator !== "undefined" && !navigator.onLine) {
-        this._setState("offline", reason);
-      } else {
-        this._setState("degraded", reason);
+    }, 500);
+    setTimeout(() => {
+      if (!resolved) {
+        window.removeEventListener("message", handleMessage);
+        clearInterval(checkClosed);
+        const error = new Error("Authentication timeout");
+        onStateChange?.({
+          status: "error",
+          message: error.message,
+          error
+        });
+        resolve({
+          success: false,
+          error
+        });
       }
+    }, 5 * 60 * 1000);
+  });
+}
+
+// src/core/auth/flows/redirect.ts
+async function initiateRedirectFlow(options) {
+  const { provider, callbackUrl, onStateChange, oauth } = options;
+  try {
+    onStateChange?.({
+      status: "opening_popup",
+      message: "Redirecting to authentication provider..."
+    });
+    const defaults = getOAuthConfig(provider);
+    const config = oauth ? { ...defaults, ...oauth } : defaults;
+    if (!config.clientId) {
+      throw new Error(`clientId is required for ${provider} authentication. ` + "Please provide it in the oauth parameter.");
     }
-  }
-  _setState(newState, reason) {
-    if (this.state === newState)
-      return;
-    const oldState = this.state;
-    this.state = newState;
-    console.debug(`[ConnectionMonitor] ${oldState} → ${newState}: ${reason}`);
-    this.callbacks.forEach((callback) => {
-      try {
-        callback(newState, reason);
-      } catch (error) {
-        console.error("[ConnectionMonitor] Error in callback:", error);
-      }
+    const stateData = options.stateData;
+    const state = await generateOAuthState(stateData);
+    const params = new URLSearchParams({
+      response_type: "code",
+      client_id: config.clientId,
+      redirect_uri: callbackUrl,
+      state
+    });
+    if (config.scope) {
+      params.set("scope", config.scope);
+    }
+    const authUrl = `${config.authorizationEndpoint}?${params.toString()}`;
+    window.location.href = authUrl;
+    return new Promise(() => {});
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : "Authentication failed";
+    onStateChange?.({
+      status: "error",
+      message: errorMessage,
+      error: error instanceof Error ? error : new Error(errorMessage)
     });
+    throw error;
   }
 }
-// src/messaging.ts
-var MessageEvents;
-((MessageEvents2) => {
-  MessageEvents2["INIT"] = "PLAYCADEMY_INIT";
-  MessageEvents2["TOKEN_REFRESH"] = "PLAYCADEMY_TOKEN_REFRESH";
-  MessageEvents2["PAUSE"] = "PLAYCADEMY_PAUSE";
-  MessageEvents2["RESUME"] = "PLAYCADEMY_RESUME";
-  MessageEvents2["FORCE_EXIT"] = "PLAYCADEMY_FORCE_EXIT";
-  MessageEvents2["OVERLAY"] = "PLAYCADEMY_OVERLAY";
-  MessageEvents2["CONNECTION_STATE"] = "PLAYCADEMY_CONNECTION_STATE";
-  MessageEvents2["READY"] = "PLAYCADEMY_READY";
-  MessageEvents2["EXIT"] = "PLAYCADEMY_EXIT";
-  MessageEvents2["TELEMETRY"] = "PLAYCADEMY_TELEMETRY";
-  MessageEvents2["KEY_EVENT"] = "PLAYCADEMY_KEY_EVENT";
-  MessageEvents2["DISPLAY_ALERT"] = "PLAYCADEMY_DISPLAY_ALERT";
-  MessageEvents2["AUTH_STATE_CHANGE"] = "PLAYCADEMY_AUTH_STATE_CHANGE";
-  MessageEvents2["AUTH_CALLBACK"] = "PLAYCADEMY_AUTH_CALLBACK";
-})(MessageEvents ||= {});
 
-class PlaycademyMessaging {
-  listeners = new Map;
-  send(type, payload, options) {
-    if (options?.target) {
-      this.sendViaPostMessage(type, payload, options.target, options.origin || "*");
-      return;
-    }
-    const context = this.getMessagingContext(type);
-    if (context.shouldUsePostMessage) {
-      this.sendViaPostMessage(type, payload, context.target, context.origin);
-    } else {
-      this.sendViaCustomEvent(type, payload);
-    }
+// src/core/auth/flows/unified.ts
+async function initiateUnifiedFlow(options) {
+  const { mode = "auto" } = options;
+  const effectiveMode = mode === "auto" ? isInIframe() ? "popup" : "redirect" : mode;
+  switch (effectiveMode) {
+    case "popup":
+      return initiatePopupFlow(options);
+    case "redirect":
+      return initiateRedirectFlow(options);
+    default:
+      throw new Error(`Unsupported authentication mode: ${effectiveMode}`);
   }
-  listen(type, handler) {
-    const postMessageListener = (event) => {
-      const messageEvent = event;
-      if (messageEvent.data?.type === type) {
-        handler(messageEvent.data.payload || messageEvent.data);
+}
+
+// src/core/auth/login.ts
+async function login2(client, options) {
+  try {
+    let stateData = options.stateData;
+    if (!stateData) {
+      try {
+        const currentUser = await client.users.me();
+        if (currentUser?.id) {
+          stateData = { playcademy_user_id: currentUser.id };
+        }
+      } catch {
+        log.debug("[Playcademy SDK] No current user available for state data");
       }
-    };
-    const customEventListener = (event) => {
-      handler(event.detail);
-    };
-    if (!this.listeners.has(type)) {
-      this.listeners.set(type, new Map);
     }
-    const listenerMap = this.listeners.get(type);
-    listenerMap.set(handler, {
-      postMessage: postMessageListener,
-      customEvent: customEventListener
+    log.debug("[Playcademy SDK] Starting OAuth login", {
+      provider: options.provider,
+      mode: options.mode || "auto",
+      callbackUrl: options.callbackUrl,
+      hasStateData: !!stateData
     });
-    window.addEventListener("message", postMessageListener);
-    window.addEventListener(type, customEventListener);
-  }
-  unlisten(type, handler) {
-    const typeListeners = this.listeners.get(type);
-    if (!typeListeners || !typeListeners.has(handler)) {
-      return;
-    }
-    const listeners = typeListeners.get(handler);
-    window.removeEventListener("message", listeners.postMessage);
-    window.removeEventListener(type, listeners.customEvent);
-    typeListeners.delete(handler);
-    if (typeListeners.size === 0) {
-      this.listeners.delete(type);
+    const optionsWithState = {
+      ...options,
+      stateData
+    };
+    const result = await initiateUnifiedFlow(optionsWithState);
+    if (result.success && result.user) {
+      log.debug("[Playcademy SDK] OAuth login successful", {
+        userId: result.user.sub
+      });
     }
-  }
-  getMessagingContext(eventType) {
-    const isIframe = typeof window !== "undefined" && window.self !== window.top;
-    const iframeToParentEvents = [
-      "PLAYCADEMY_READY" /* READY */,
-      "PLAYCADEMY_EXIT" /* EXIT */,
-      "PLAYCADEMY_TELEMETRY" /* TELEMETRY */,
-      "PLAYCADEMY_KEY_EVENT" /* KEY_EVENT */,
-      "PLAYCADEMY_DISPLAY_ALERT" /* DISPLAY_ALERT */
-    ];
-    const shouldUsePostMessage = isIframe && iframeToParentEvents.includes(eventType);
+    return result;
+  } catch (error) {
+    log.error("[Playcademy SDK] OAuth login failed", { error });
+    const authError = error instanceof Error ? error : new Error("Authentication failed");
     return {
-      shouldUsePostMessage,
-      target: shouldUsePostMessage ? window.parent : undefined,
-      origin: "*"
-    };
-  }
-  sendViaPostMessage(type, payload, target = window.parent, origin = "*") {
-    const messageData = { type };
-    if (payload !== undefined) {
-      messageData.payload = payload;
-    }
-    target.postMessage(messageData, origin);
-  }
-  sendViaCustomEvent(type, payload) {
-    window.dispatchEvent(new CustomEvent(type, { detail: payload }));
-  }
-}
-var messaging = new PlaycademyMessaging;
-
-// src/core/connection/utils.ts
-function createDisplayAlert(authContext) {
-  return (message, options) => {
-    if (authContext?.isInIframe && typeof window !== "undefined" && window.parent !== window) {
-      window.parent.postMessage({
-        type: "PLAYCADEMY_DISPLAY_ALERT",
-        message,
-        options
-      }, "*");
-    } else {
-      const prefix = options?.type === "error" ? "❌" : options?.type === "warning" ? "⚠️" : "ℹ️";
-      console.log(`${prefix} ${message}`);
-    }
-  };
-}
-
-// src/core/connection/manager.ts
-class ConnectionManager {
-  monitor;
-  authContext;
-  disconnectHandler;
-  connectionChangeCallback;
-  currentState = "online";
-  additionalDisconnectHandlers = new Set;
-  constructor(config) {
-    this.authContext = config.authContext;
-    this.disconnectHandler = config.onDisconnect;
-    this.connectionChangeCallback = config.onConnectionChange;
-    if (config.authContext?.isInIframe) {
-      this._setupPlatformListener();
-    }
-  }
-  getState() {
-    return this.monitor?.getState() ?? this.currentState;
-  }
-  async checkNow() {
-    if (!this.monitor) {
-      return this.currentState;
-    }
-    return await this.monitor.checkNow();
-  }
-  reportRequestSuccess() {
-    this.monitor?.reportRequestSuccess();
-  }
-  reportRequestFailure(error) {
-    this.monitor?.reportRequestFailure(error);
-  }
-  onDisconnect(callback) {
-    this.additionalDisconnectHandlers.add(callback);
-    return () => {
-      this.additionalDisconnectHandlers.delete(callback);
-    };
-  }
-  stop() {
-    this.monitor?.stop();
-  }
-  _setupPlatformListener() {
-    messaging.listen("PLAYCADEMY_CONNECTION_STATE" /* CONNECTION_STATE */, ({ state, reason }) => {
-      this.currentState = state;
-      this._handleConnectionChange(state, reason);
-    });
-  }
-  _handleConnectionChange(state, reason) {
-    this.connectionChangeCallback?.(state, reason);
-    if (state === "offline" || state === "degraded") {
-      const context = {
-        state,
-        reason,
-        timestamp: Date.now(),
-        displayAlert: createDisplayAlert(this.authContext)
-      };
-      if (this.disconnectHandler) {
-        this.disconnectHandler(context);
-      }
-      this.additionalDisconnectHandlers.forEach((handler) => {
-        handler(context);
-      });
-    }
-  }
-}
-// src/core/errors.ts
-class PlaycademyError extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "PlaycademyError";
-  }
-}
-
-class ApiError extends Error {
-  status;
-  details;
-  constructor(status, message, details) {
-    super(`${status} ${message}`);
-    this.status = status;
-    this.details = details;
-    Object.setPrototypeOf(this, ApiError.prototype);
-  }
-}
-function extractApiErrorInfo(error) {
-  if (!(error instanceof ApiError)) {
-    return null;
-  }
-  const info = {
-    status: error.status,
-    statusText: error.message
-  };
-  if (error.details) {
-    info.details = error.details;
-  }
-  return info;
-}
-
-// src/core/request.ts
-function checkDevWarnings(data) {
-  if (!data || typeof data !== "object")
-    return;
-  const response = data;
-  const warningType = response.__playcademyDevWarning;
-  if (!warningType)
-    return;
-  switch (warningType) {
-    case "timeback-not-configured":
-      console.warn("%c⚠️ TimeBack Not Configured", "background: #f59e0b; color: white; padding: 6px 12px; border-radius: 4px; font-weight: bold; font-size: 13px");
-      console.log("%cTimeBack is configured in playcademy.config.js but the sandbox does not have TimeBack credentials.", "color: #f59e0b; font-weight: 500");
-      console.log("To test TimeBack locally:");
-      console.log("  Set the following environment variables:");
-      console.log("    • %cTIMEBACK_ONEROSTER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
-      console.log("    • %cTIMEBACK_CALIPER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
-      console.log("    • %cTIMEBACK_API_CLIENT_ID/SECRET", "color: #0ea5e9; font-weight: 600; font-family: monospace");
-      console.log("  Or deploy your game: %cplaycademy deploy", "color: #10b981; font-weight: 600; font-family: monospace");
-      console.log("  Or wait for %c@superbuilders/timeback-local%c (coming soon)", "color: #8b5cf6; font-weight: 600; font-family: monospace", "color: inherit");
-      break;
-    default:
-      console.warn(`[Playcademy Dev Warning] ${warningType}`);
-  }
-}
-function prepareRequestBody(body, headers) {
-  if (body instanceof FormData) {
-    return body;
-  }
-  if (body instanceof ArrayBuffer || body instanceof Blob || ArrayBuffer.isView(body)) {
-    if (!headers["Content-Type"]) {
-      headers["Content-Type"] = "application/octet-stream";
-    }
-    return body;
-  }
-  if (body !== undefined && body !== null) {
-    headers["Content-Type"] = "application/json";
-    return JSON.stringify(body);
-  }
-  return;
-}
-async function request({
-  path,
-  baseUrl,
-  method = "GET",
-  body,
-  extraHeaders = {},
-  raw = false
-}) {
-  const url = baseUrl.replace(/\/$/, "") + (path.startsWith("/") ? path : `/${path}`);
-  const headers = { ...extraHeaders };
-  const payload = prepareRequestBody(body, headers);
-  const res = await fetch(url, {
-    method,
-    headers,
-    body: payload,
-    credentials: "omit"
-  });
-  if (raw) {
-    return res;
-  }
-  if (!res.ok) {
-    const clonedRes = res.clone();
-    const errorBody = await clonedRes.json().catch(() => clonedRes.text().catch(() => {
-      return;
-    })) ?? undefined;
-    throw new ApiError(res.status, res.statusText, errorBody);
-  }
-  if (res.status === 204)
-    return;
-  const contentType = res.headers.get("content-type") ?? "";
-  if (contentType.includes("application/json")) {
-    try {
-      const parsed = await res.json();
-      checkDevWarnings(parsed);
-      return parsed;
-    } catch (err) {
-      if (err instanceof SyntaxError)
-        return;
-      throw err;
-    }
-  }
-  const rawText = await res.text().catch(() => "");
-  return rawText && rawText.length > 0 ? rawText : undefined;
-}
-async function fetchManifest(deploymentUrl) {
-  const manifestUrl = `${deploymentUrl.replace(/\/$/, "")}/playcademy.manifest.json`;
-  try {
-    const response = await fetch(manifestUrl);
-    if (!response.ok) {
-      log.error(`[fetchManifest] Failed to fetch manifest from ${manifestUrl}. Status: ${response.status}`);
-      throw new PlaycademyError(`Failed to fetch manifest: ${response.status} ${response.statusText}`);
-    }
-    return await response.json();
-  } catch (error) {
-    if (error instanceof PlaycademyError) {
-      throw error;
-    }
-    log.error(`[Playcademy SDK] Error fetching or parsing manifest from ${manifestUrl}:`, {
-      error
-    });
-    throw new PlaycademyError("Failed to load or parse game manifest");
-  }
-}
-
-// src/core/static/init.ts
-async function getPlaycademyConfig(allowedParentOrigins) {
-  const preloaded = window.PLAYCADEMY;
-  if (preloaded?.token) {
-    return preloaded;
-  }
-  if (window.self !== window.top) {
-    return await waitForPlaycademyInit(allowedParentOrigins);
-  } else {
-    return createStandaloneConfig();
-  }
-}
-function getReferrerOrigin() {
-  try {
-    return document.referrer ? new URL(document.referrer).origin : null;
-  } catch {
-    return null;
-  }
-}
-function buildAllowedOrigins(explicit) {
-  if (Array.isArray(explicit) && explicit.length > 0)
-    return explicit;
-  const ref = getReferrerOrigin();
-  return ref ? [ref] : [];
-}
-function isOriginAllowed(origin, allowlist) {
-  if (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1") {
-    return true;
-  }
-  if (!allowlist || allowlist.length === 0) {
-    console.error("[Playcademy SDK] No allowed origins configured. Consider passing allowedParentOrigins explicitly to init().");
-    return false;
-  }
-  return allowlist.includes(origin);
-}
-async function waitForPlaycademyInit(allowedParentOrigins) {
-  return new Promise((resolve, reject) => {
-    let contextReceived = false;
-    const timeoutDuration = 5000;
-    const allowlist = buildAllowedOrigins(allowedParentOrigins);
-    let hasWarnedAboutUntrustedOrigin = false;
-    function warnAboutUntrustedOrigin(origin) {
-      if (hasWarnedAboutUntrustedOrigin)
-        return;
-      hasWarnedAboutUntrustedOrigin = true;
-      console.warn("[Playcademy SDK] Ignoring INIT from untrusted origin:", origin);
-    }
-    const handleMessage = (event) => {
-      if (event.data?.type !== "PLAYCADEMY_INIT" /* INIT */)
-        return;
-      if (!isOriginAllowed(event.origin, allowlist)) {
-        warnAboutUntrustedOrigin(event.origin);
-        return;
-      }
-      contextReceived = true;
-      window.removeEventListener("message", handleMessage);
-      clearTimeout(timeoutId);
-      window.PLAYCADEMY = event.data.payload;
-      resolve(event.data.payload);
-    };
-    window.addEventListener("message", handleMessage);
-    const timeoutId = setTimeout(() => {
-      if (!contextReceived) {
-        window.removeEventListener("message", handleMessage);
-        reject(new Error(`${"PLAYCADEMY_INIT" /* INIT */} not received within ${timeoutDuration}ms`));
-      }
-    }, timeoutDuration);
-  });
-}
-function createStandaloneConfig() {
-  console.debug("[Playcademy SDK] Standalone mode detected, creating mock context for sandbox development");
-  const mockConfig = {
-    baseUrl: "http://localhost:4321",
-    gameUrl: window.location.origin,
-    token: "mock-game-token-for-local-dev",
-    gameId: "mock-game-id-from-template",
-    realtimeUrl: undefined
-  };
-  window.PLAYCADEMY = mockConfig;
-  return mockConfig;
-}
-async function init(options) {
-  if (typeof window === "undefined") {
-    throw new Error("Playcademy SDK must run in a browser context");
-  }
-  const config = await getPlaycademyConfig(options?.allowedParentOrigins);
-  if (options?.baseUrl) {
-    config.baseUrl = options.baseUrl;
-  }
-  const client = new this({
-    baseUrl: config.baseUrl,
-    gameUrl: config.gameUrl,
-    token: config.token,
-    gameId: config.gameId,
-    autoStartSession: window.self !== window.top,
-    onDisconnect: options?.onDisconnect,
-    enableConnectionMonitoring: options?.enableConnectionMonitoring
-  });
-  client["initPayload"] = config;
-  messaging.listen("PLAYCADEMY_TOKEN_REFRESH" /* TOKEN_REFRESH */, ({ token }) => client.setToken(token));
-  messaging.send("PLAYCADEMY_READY" /* READY */, undefined);
-  return client;
-}
-// src/core/static/login.ts
-async function login(baseUrl, email, password) {
-  let url = baseUrl;
-  if (baseUrl.startsWith("/") && typeof window !== "undefined") {
-    url = window.location.origin + baseUrl;
-  }
-  url = url + "/auth/login";
-  const response = await fetch(url, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify({ email, password })
-  });
-  if (!response.ok) {
-    try {
-      const errorData = await response.json();
-      const errorMessage = errorData && errorData.message ? String(errorData.message) : response.statusText;
-      throw new PlaycademyError(errorMessage);
-    } catch (error) {
-      log.error("[Playcademy SDK] Failed to parse error response JSON, using status text instead:", { error });
-      throw new PlaycademyError(response.statusText);
-    }
-  }
-  return response.json();
-}
-// ../utils/src/random.ts
-async function generateSecureRandomString(length) {
-  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
-  const randomValues = new Uint8Array(length);
-  globalThis.crypto.getRandomValues(randomValues);
-  return Array.from(randomValues).map((byte) => charset[byte % charset.length]).join("");
-}
-
-// src/core/auth/oauth.ts
-function getTimebackConfig() {
-  return {
-    authorizationEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/authorize",
-    tokenEndpoint: "https://alpha-auth-production-idp.auth.us-west-2.amazoncognito.com/oauth2/token",
-    scope: "openid email phone"
-  };
-}
-var OAUTH_CONFIGS = {
-  get TIMEBACK() {
-    return getTimebackConfig;
-  }
-};
-async function generateOAuthState(data) {
-  const csrfToken = await generateSecureRandomString(32);
-  if (data && Object.keys(data).length > 0) {
-    const jsonStr = JSON.stringify(data);
-    const base64 = btoa(jsonStr).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
-    return `${csrfToken}.${base64}`;
-  }
-  return csrfToken;
-}
-function parseOAuthState(state) {
-  const lastDotIndex = state.lastIndexOf(".");
-  if (lastDotIndex > 0 && lastDotIndex < state.length - 1) {
-    try {
-      const csrfToken = state.substring(0, lastDotIndex);
-      const base64 = state.substring(lastDotIndex + 1);
-      const base64WithPadding = base64.replace(/-/g, "+").replace(/_/g, "/");
-      const paddedBase64 = base64WithPadding + "=".repeat((4 - base64WithPadding.length % 4) % 4);
-      const jsonStr = atob(paddedBase64);
-      const data = JSON.parse(jsonStr);
-      return { csrfToken, data };
-    } catch {}
-  }
-  return { csrfToken: state };
-}
-function getOAuthConfig(provider) {
-  const configGetter = OAUTH_CONFIGS[provider];
-  if (!configGetter)
-    throw new Error(`Unsupported auth provider: ${provider}`);
-  return configGetter();
-}
-
-// src/core/static/identity.ts
-var identity = {
-  parseOAuthState
-};
-// src/core/auth/flows/popup.ts
-async function initiatePopupFlow(options) {
-  const { provider, callbackUrl, onStateChange, oauth } = options;
-  try {
-    onStateChange?.({
-      status: "opening_popup",
-      message: "Opening authentication window..."
-    });
-    const defaults = getOAuthConfig(provider);
-    const config = oauth ? { ...defaults, ...oauth } : defaults;
-    if (!config.clientId) {
-      throw new Error(`clientId is required for ${provider} authentication. ` + "Please provide it in the oauth parameter.");
-    }
-    const stateData = options.stateData;
-    const state = await generateOAuthState(stateData);
-    const params = new URLSearchParams({
-      response_type: "code",
-      client_id: config.clientId,
-      redirect_uri: callbackUrl,
-      state
-    });
-    if (config.scope) {
-      params.set("scope", config.scope);
-    }
-    const authUrl = `${config.authorizationEndpoint}?${params.toString()}`;
-    const popup = openPopupWindow(authUrl, "playcademy-auth");
-    if (!popup || popup.closed) {
-      throw new Error("Popup blocked. Please enable popups and try again.");
-    }
-    onStateChange?.({
-      status: "exchanging_token",
-      message: "Waiting for authentication..."
-    });
-    return await waitForServerMessage(popup, onStateChange);
-  } catch (error) {
-    const errorMessage = error instanceof Error ? error.message : "Authentication failed";
-    onStateChange?.({
-      status: "error",
-      message: errorMessage,
-      error: error instanceof Error ? error : new Error(errorMessage)
-    });
-    throw error;
-  }
-}
-async function waitForServerMessage(popup, onStateChange) {
-  return new Promise((resolve) => {
-    let resolved = false;
-    const handleMessage = (event) => {
-      if (event.origin !== window.location.origin)
-        return;
-      const data = event.data;
-      if (data?.type === "PLAYCADEMY_AUTH_STATE_CHANGE") {
-        resolved = true;
-        window.removeEventListener("message", handleMessage);
-        if (data.authenticated && data.user) {
-          onStateChange?.({
-            status: "complete",
-            message: "Authentication successful"
-          });
-          resolve({
-            success: true,
-            user: data.user
-          });
-        } else {
-          const error = new Error(data.error || "Authentication failed");
-          onStateChange?.({
-            status: "error",
-            message: error.message,
-            error
-          });
-          resolve({
-            success: false,
-            error
-          });
-        }
-      }
-    };
-    window.addEventListener("message", handleMessage);
-    const checkClosed = setInterval(() => {
-      if (popup.closed && !resolved) {
-        clearInterval(checkClosed);
-        window.removeEventListener("message", handleMessage);
-        const error = new Error("Authentication cancelled");
-        onStateChange?.({
-          status: "error",
-          message: error.message,
-          error
-        });
-        resolve({
-          success: false,
-          error
-        });
-      }
-    }, 500);
-    setTimeout(() => {
-      if (!resolved) {
-        window.removeEventListener("message", handleMessage);
-        clearInterval(checkClosed);
-        const error = new Error("Authentication timeout");
-        onStateChange?.({
-          status: "error",
-          message: error.message,
-          error
-        });
-        resolve({
-          success: false,
-          error
-        });
-      }
-    }, 5 * 60 * 1000);
-  });
-}
-
-// src/core/auth/flows/redirect.ts
-async function initiateRedirectFlow(options) {
-  const { provider, callbackUrl, onStateChange, oauth } = options;
-  try {
-    onStateChange?.({
-      status: "opening_popup",
-      message: "Redirecting to authentication provider..."
-    });
-    const defaults = getOAuthConfig(provider);
-    const config = oauth ? { ...defaults, ...oauth } : defaults;
-    if (!config.clientId) {
-      throw new Error(`clientId is required for ${provider} authentication. ` + "Please provide it in the oauth parameter.");
-    }
-    const stateData = options.stateData;
-    const state = await generateOAuthState(stateData);
-    const params = new URLSearchParams({
-      response_type: "code",
-      client_id: config.clientId,
-      redirect_uri: callbackUrl,
-      state
-    });
-    if (config.scope) {
-      params.set("scope", config.scope);
-    }
-    const authUrl = `${config.authorizationEndpoint}?${params.toString()}`;
-    window.location.href = authUrl;
-    return new Promise(() => {});
-  } catch (error) {
-    const errorMessage = error instanceof Error ? error.message : "Authentication failed";
-    onStateChange?.({
-      status: "error",
-      message: errorMessage,
-      error: error instanceof Error ? error : new Error(errorMessage)
-    });
-    throw error;
-  }
-}
-
-// src/core/auth/flows/unified.ts
-async function initiateUnifiedFlow(options) {
-  const { mode = "auto" } = options;
-  const effectiveMode = mode === "auto" ? isInIframe() ? "popup" : "redirect" : mode;
-  switch (effectiveMode) {
-    case "popup":
-      return initiatePopupFlow(options);
-    case "redirect":
-      return initiateRedirectFlow(options);
-    default:
-      throw new Error(`Unsupported authentication mode: ${effectiveMode}`);
-  }
-}
-
-// src/core/auth/login.ts
-async function login2(client, options) {
-  try {
-    let stateData = options.stateData;
-    if (!stateData) {
-      try {
-        const currentUser = await client.users.me();
-        if (currentUser?.id) {
-          stateData = { playcademy_user_id: currentUser.id };
-        }
-      } catch {
-        log.debug("[Playcademy SDK] No current user available for state data");
-      }
-    }
-    log.debug("[Playcademy SDK] Starting OAuth login", {
-      provider: options.provider,
-      mode: options.mode || "auto",
-      callbackUrl: options.callbackUrl,
-      hasStateData: !!stateData
-    });
-    const optionsWithState = {
-      ...options,
-      stateData
-    };
-    const result = await initiateUnifiedFlow(optionsWithState);
-    if (result.success && result.user) {
-      log.debug("[Playcademy SDK] OAuth login successful", {
-        userId: result.user.sub
-      });
-    }
-    return result;
-  } catch (error) {
-    log.error("[Playcademy SDK] OAuth login failed", { error });
-    const authError = error instanceof Error ? error : new Error("Authentication failed");
-    return {
-      success: false,
-      error: authError
+      success: false,
+      error: authError
     };
   }
 }
@@ -1243,49 +840,53 @@ function createRuntimeNamespace(client) {
       }
       return counts;
     },
-    assets: {
-      url(pathOrStrings, ...values) {
-        const gameUrl = client["initPayload"]?.gameUrl;
-        let path;
-        if (Array.isArray(pathOrStrings) && "raw" in pathOrStrings) {
-          const strings = pathOrStrings;
-          path = strings.reduce((acc, str, i) => {
-            return acc + str + (values[i] != null ? String(values[i]) : "");
-          }, "");
-        } else {
-          path = pathOrStrings;
-        }
-        if (!gameUrl) {
-          return path.startsWith("./") ? path : "./" + path;
-        }
-        const cleanPath = path.startsWith("./") ? path.slice(2) : path;
-        return gameUrl + cleanPath;
-      },
-      fetch: async (path, options) => {
-        const gameUrl = client["initPayload"]?.gameUrl;
-        if (!gameUrl) {
-          const relativePath = path.startsWith("./") ? path : "./" + path;
-          return fetch(relativePath, options);
-        }
-        const cleanPath = path.startsWith("./") ? path.slice(2) : path;
-        return fetch(gameUrl + cleanPath, options);
-      },
-      json: async (path) => {
-        const response = await client.runtime.assets.fetch(path);
-        return response.json();
-      },
-      blob: async (path) => {
-        const response = await client.runtime.assets.fetch(path);
-        return response.blob();
-      },
-      text: async (path) => {
-        const response = await client.runtime.assets.fetch(path);
-        return response.text();
-      },
-      arrayBuffer: async (path) => {
-        const response = await client.runtime.assets.fetch(path);
-        return response.arrayBuffer();
+    assets: createAssetsNamespace(client)
+  };
+}
+function createAssetsNamespace(client) {
+  const fetchAsset = async (path, options) => {
+    const gameUrl = client["initPayload"]?.gameUrl;
+    if (!gameUrl) {
+      const relativePath = path.startsWith("./") ? path : "./" + path;
+      return fetch(relativePath, options);
+    }
+    const cleanPath = path.startsWith("./") ? path.slice(2) : path;
+    return fetch(gameUrl + cleanPath, options);
+  };
+  return {
+    url(pathOrStrings, ...values) {
+      const gameUrl = client["initPayload"]?.gameUrl;
+      let path;
+      if (Array.isArray(pathOrStrings) && "raw" in pathOrStrings) {
+        const strings = pathOrStrings;
+        path = strings.reduce((acc, str, i) => {
+          return acc + str + (values[i] != null ? String(values[i]) : "");
+        }, "");
+      } else {
+        path = pathOrStrings;
+      }
+      if (!gameUrl) {
+        return path.startsWith("./") ? path : "./" + path;
       }
+      const cleanPath = path.startsWith("./") ? path.slice(2) : path;
+      return gameUrl + cleanPath;
+    },
+    fetch: fetchAsset,
+    json: async (path) => {
+      const response = await fetchAsset(path);
+      return response.json();
+    },
+    blob: async (path) => {
+      const response = await fetchAsset(path);
+      return response.blob();
+    },
+    text: async (path) => {
+      const response = await fetchAsset(path);
+      return response.text();
+    },
+    arrayBuffer: async (path) => {
+      const response = await fetchAsset(path);
+      return response.arrayBuffer();
     }
   };
 }
@@ -1334,579 +935,814 @@ function createPermanentCache(keyPrefix) {
   const cache = new Map;
   async function get(key, loader) {
     const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
-    const existing = cache.get(fullKey);
-    if (existing)
-      return existing;
+    const existing = cache.get(fullKey);
+    if (existing)
+      return existing;
+    const promise = loader().catch((error) => {
+      cache.delete(fullKey);
+      throw error;
+    });
+    cache.set(fullKey, promise);
+    return promise;
+  }
+  function clear(key) {
+    if (key === undefined) {
+      cache.clear();
+    } else {
+      const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
+      cache.delete(fullKey);
+    }
+  }
+  function has(key) {
+    const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
+    return cache.has(fullKey);
+  }
+  function size() {
+    return cache.size;
+  }
+  function keys() {
+    const result = [];
+    const prefixLen = keyPrefix ? keyPrefix.length + 1 : 0;
+    for (const fullKey of cache.keys()) {
+      result.push(fullKey.substring(prefixLen));
+    }
+    return result;
+  }
+  return { get, clear, has, size, keys };
+}
+
+// src/namespaces/game/users.ts
+function createUsersNamespace(client) {
+  const itemIdCache = createPermanentCache("items");
+  const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  const resolveItemId = async (identifier) => {
+    if (UUID_REGEX.test(identifier))
+      return identifier;
+    const gameId = client["gameId"];
+    const cacheKey = gameId ? `${identifier}:${gameId}` : identifier;
+    return itemIdCache.get(cacheKey, async () => {
+      const queryParams = new URLSearchParams({ slug: identifier });
+      if (gameId)
+        queryParams.append("gameId", gameId);
+      const item = await client["request"](`/items/resolve?${queryParams.toString()}`, "GET");
+      return item.id;
+    });
+  };
+  return {
+    me: async () => {
+      return client["request"]("/users/me", "GET");
+    },
+    inventory: {
+      get: async () => client["request"](`/inventory`, "GET"),
+      add: async (identifier, qty) => {
+        const itemId = await resolveItemId(identifier);
+        const res = await client["request"](`/inventory/add`, "POST", { body: { itemId, qty } });
+        client["emit"]("inventoryChange", {
+          itemId,
+          delta: qty,
+          newTotal: res.newTotal
+        });
+        return res;
+      },
+      remove: async (identifier, qty) => {
+        const itemId = await resolveItemId(identifier);
+        const res = await client["request"](`/inventory/remove`, "POST", { body: { itemId, qty } });
+        client["emit"]("inventoryChange", {
+          itemId,
+          delta: -qty,
+          newTotal: res.newTotal
+        });
+        return res;
+      },
+      quantity: async (identifier) => {
+        const itemId = await resolveItemId(identifier);
+        const inventory = await client["request"](`/inventory`, "GET");
+        const item = inventory.find((inv) => inv.item?.id === itemId);
+        return item?.quantity ?? 0;
+      },
+      has: async (identifier, minQuantity = 1) => {
+        const itemId = await resolveItemId(identifier);
+        const inventory = await client["request"](`/inventory`, "GET");
+        const item = inventory.find((inv) => inv.item?.id === itemId);
+        const qty = item?.quantity ?? 0;
+        return qty >= minQuantity;
+      }
+    }
+  };
+}
+// ../constants/src/overworld.ts
+var ITEM_SLUGS = {
+  PLAYCADEMY_CREDITS: "PLAYCADEMY_CREDITS",
+  PLAYCADEMY_XP: "PLAYCADEMY_XP",
+  FOUNDING_MEMBER_BADGE: "FOUNDING_MEMBER_BADGE",
+  EARLY_ADOPTER_BADGE: "EARLY_ADOPTER_BADGE",
+  FIRST_GAME_BADGE: "FIRST_GAME_BADGE",
+  COMMON_SWORD: "COMMON_SWORD",
+  SMALL_HEALTH_POTION: "SMALL_HEALTH_POTION",
+  SMALL_BACKPACK: "SMALL_BACKPACK",
+  LAVA_LAMP: "LAVA_LAMP",
+  BOOMBOX: "BOOMBOX",
+  CABIN_BED: "CABIN_BED"
+};
+var CURRENCIES = {
+  PRIMARY: ITEM_SLUGS.PLAYCADEMY_CREDITS,
+  XP: ITEM_SLUGS.PLAYCADEMY_XP
+};
+var BADGES = {
+  FOUNDING_MEMBER: ITEM_SLUGS.FOUNDING_MEMBER_BADGE,
+  EARLY_ADOPTER: ITEM_SLUGS.EARLY_ADOPTER_BADGE,
+  FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
+};
+// ../constants/src/timeback.ts
+var TIMEBACK_ROUTES = {
+  END_ACTIVITY: "/integrations/timeback/end-activity"
+};
+// src/core/cache/singleton-cache.ts
+function createSingletonCache() {
+  let cachedValue;
+  let hasValue = false;
+  async function get(loader) {
+    if (hasValue) {
+      return cachedValue;
+    }
+    const value = await loader();
+    cachedValue = value;
+    hasValue = true;
+    return value;
+  }
+  function clear() {
+    cachedValue = undefined;
+    hasValue = false;
+  }
+  function has() {
+    return hasValue;
+  }
+  return { get, clear, has };
+}
+
+// src/namespaces/game/credits.ts
+function createCreditsNamespace(client) {
+  const creditsIdCache = createSingletonCache();
+  const getCreditsItemId = async () => {
+    return creditsIdCache.get(async () => {
+      const queryParams = new URLSearchParams({ slug: CURRENCIES.PRIMARY });
+      const creditsItem = await client["request"](`/items/resolve?${queryParams.toString()}`, "GET");
+      if (!creditsItem || !creditsItem.id) {
+        throw new Error("Playcademy Credits item not found in catalog");
+      }
+      return creditsItem.id;
+    });
+  };
+  return {
+    balance: async () => {
+      const inventory = await client["request"]("/inventory", "GET");
+      const primaryCurrencyInventoryItem = inventory.find((item) => item.item?.slug === CURRENCIES.PRIMARY);
+      return primaryCurrencyInventoryItem?.quantity ?? 0;
+    },
+    add: async (amount) => {
+      if (amount <= 0) {
+        throw new Error("Amount must be positive");
+      }
+      const creditsItemId = await getCreditsItemId();
+      const result = await client["request"]("/inventory/add", "POST", {
+        body: {
+          itemId: creditsItemId,
+          qty: amount
+        }
+      });
+      client["emit"]("inventoryChange", {
+        itemId: creditsItemId,
+        delta: amount,
+        newTotal: result.newTotal
+      });
+      return result.newTotal;
+    },
+    spend: async (amount) => {
+      if (amount <= 0) {
+        throw new Error("Amount must be positive");
+      }
+      const creditsItemId = await getCreditsItemId();
+      const result = await client["request"]("/inventory/remove", "POST", {
+        body: {
+          itemId: creditsItemId,
+          qty: amount
+        }
+      });
+      client["emit"]("inventoryChange", {
+        itemId: creditsItemId,
+        delta: -amount,
+        newTotal: result.newTotal
+      });
+      return result.newTotal;
+    }
+  };
+}
+// src/namespaces/game/scores.ts
+function createScoresNamespace(client) {
+  return {
+    submit: async (gameId, score, metadata) => {
+      return client["request"](`/games/${gameId}/scores`, "POST", {
+        body: {
+          score,
+          metadata
+        }
+      });
+    }
+  };
+}
+// src/namespaces/game/realtime.ts
+function createRealtimeNamespace(client) {
+  return {
+    token: {
+      get: async () => {
+        const endpoint = client["gameId"] ? `/games/${client["gameId"]}/realtime/token` : "/realtime/token";
+        return client["request"](endpoint, "POST");
+      }
+    }
+  };
+}
+// src/core/cache/ttl-cache.ts
+function createTTLCache(options) {
+  const cache = new Map;
+  const { ttl: defaultTTL, keyPrefix = "", onClear } = options;
+  async function get(key, loader, config) {
+    const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
+    const now = Date.now();
+    const effectiveTTL = config?.ttl !== undefined ? config.ttl : defaultTTL;
+    const force = config?.force || false;
+    const skipCache = config?.skipCache || false;
+    if (effectiveTTL === 0 || skipCache) {
+      return loader();
+    }
+    if (!force) {
+      const cached = cache.get(fullKey);
+      if (cached && cached.expiresAt > now) {
+        return cached.value;
+      }
+    }
     const promise = loader().catch((error) => {
       cache.delete(fullKey);
       throw error;
     });
-    cache.set(fullKey, promise);
+    cache.set(fullKey, {
+      value: promise,
+      expiresAt: now + effectiveTTL
+    });
     return promise;
   }
   function clear(key) {
     if (key === undefined) {
       cache.clear();
+      onClear?.();
     } else {
       const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
       cache.delete(fullKey);
     }
   }
-  function has(key) {
-    const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
-    return cache.has(fullKey);
-  }
   function size() {
     return cache.size;
   }
-  function keys() {
-    const result = [];
+  function prune() {
+    const now = Date.now();
+    for (const [key, entry] of cache.entries()) {
+      if (entry.expiresAt <= now) {
+        cache.delete(key);
+      }
+    }
+  }
+  function getKeys() {
+    const keys = [];
     const prefixLen = keyPrefix ? keyPrefix.length + 1 : 0;
     for (const fullKey of cache.keys()) {
-      result.push(fullKey.substring(prefixLen));
+      keys.push(fullKey.substring(prefixLen));
     }
-    return result;
+    return keys;
   }
-  return { get, clear, has, size, keys };
+  function has(key) {
+    const fullKey = keyPrefix ? `${keyPrefix}:${key}` : key;
+    const cached = cache.get(fullKey);
+    if (!cached)
+      return false;
+    const now = Date.now();
+    if (cached.expiresAt <= now) {
+      cache.delete(fullKey);
+      return false;
+    }
+    return true;
+  }
+  return { get, clear, size, prune, getKeys, has };
 }
 
-// src/namespaces/game/users.ts
-function createUsersNamespace(client) {
-  const itemIdCache = createPermanentCache("items");
-  const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
-  const resolveItemId = async (identifier) => {
-    if (UUID_REGEX.test(identifier))
-      return identifier;
-    const gameId = client["gameId"];
-    const cacheKey = gameId ? `${identifier}:${gameId}` : identifier;
-    return itemIdCache.get(cacheKey, async () => {
-      const queryParams = new URLSearchParams({ slug: identifier });
-      if (gameId)
-        queryParams.append("gameId", gameId);
-      const item = await client["request"](`/items/resolve?${queryParams.toString()}`, "GET");
-      return item.id;
-    });
-  };
+// src/namespaces/game/timeback.ts
+function createTimebackNamespace(client) {
+  let currentActivity = null;
+  const userCache = createTTLCache({
+    ttl: 5 * 60 * 1000,
+    keyPrefix: "game.timeback.user"
+  });
+  const getTimeback = () => client["initPayload"]?.timeback;
   return {
-    me: async () => {
-      return client["request"]("/users/me", "GET");
+    get user() {
+      return {
+        get id() {
+          return getTimeback()?.id;
+        },
+        get role() {
+          return getTimeback()?.role;
+        },
+        get enrollments() {
+          return getTimeback()?.enrollments ?? [];
+        },
+        get organizations() {
+          return getTimeback()?.organizations ?? [];
+        },
+        fetch: async (options) => {
+          return userCache.get("current", async () => {
+            const response = await client["request"]("/timeback/user", "GET");
+            const initPayload = client["initPayload"];
+            if (initPayload) {
+              initPayload.timeback = response;
+            }
+            return {
+              id: response.id,
+              role: response.role,
+              enrollments: response.enrollments,
+              organizations: response.organizations
+            };
+          }, options);
+        }
+      };
     },
-    inventory: {
-      get: async () => client["request"](`/inventory`, "GET"),
-      add: async (identifier, qty) => {
-        const itemId = await resolveItemId(identifier);
-        const res = await client["request"](`/inventory/add`, "POST", { body: { itemId, qty } });
-        client["emit"]("inventoryChange", {
-          itemId,
-          delta: qty,
-          newTotal: res.newTotal
-        });
-        return res;
-      },
-      remove: async (identifier, qty) => {
-        const itemId = await resolveItemId(identifier);
-        const res = await client["request"](`/inventory/remove`, "POST", { body: { itemId, qty } });
-        client["emit"]("inventoryChange", {
-          itemId,
-          delta: -qty,
-          newTotal: res.newTotal
-        });
-        return res;
-      },
-      quantity: async (identifier) => {
-        const itemId = await resolveItemId(identifier);
-        const inventory = await client["request"](`/inventory`, "GET");
-        const item = inventory.find((inv) => inv.item?.id === itemId);
-        return item?.quantity ?? 0;
-      },
-      has: async (identifier, minQuantity = 1) => {
-        const itemId = await resolveItemId(identifier);
-        const inventory = await client["request"](`/inventory`, "GET");
-        const item = inventory.find((inv) => inv.item?.id === itemId);
-        const qty = item?.quantity ?? 0;
-        return qty >= minQuantity;
+    startActivity: (metadata) => {
+      currentActivity = {
+        startTime: Date.now(),
+        metadata,
+        pausedTime: 0,
+        pauseStartTime: null
+      };
+    },
+    pauseActivity: () => {
+      if (!currentActivity) {
+        throw new Error("No activity in progress. Call startActivity() before pauseActivity().");
+      }
+      if (currentActivity.pauseStartTime !== null) {
+        throw new Error("Activity is already paused.");
+      }
+      currentActivity.pauseStartTime = Date.now();
+    },
+    resumeActivity: () => {
+      if (!currentActivity) {
+        throw new Error("No activity in progress. Call startActivity() before resumeActivity().");
+      }
+      if (currentActivity.pauseStartTime === null) {
+        throw new Error("Activity is not paused.");
+      }
+      const pauseDuration = Date.now() - currentActivity.pauseStartTime;
+      currentActivity.pausedTime += pauseDuration;
+      currentActivity.pauseStartTime = null;
+    },
+    endActivity: async (data) => {
+      if (!currentActivity) {
+        throw new Error("No activity in progress. Call startActivity() before endActivity().");
+      }
+      if (currentActivity.pauseStartTime !== null) {
+        const pauseDuration = Date.now() - currentActivity.pauseStartTime;
+        currentActivity.pausedTime += pauseDuration;
+        currentActivity.pauseStartTime = null;
+      }
+      const endTime = Date.now();
+      const totalElapsed = endTime - currentActivity.startTime;
+      const activeTime = totalElapsed - currentActivity.pausedTime;
+      const durationSeconds = Math.floor(activeTime / 1000);
+      const { correctQuestions, totalQuestions } = data;
+      const request = {
+        activityData: currentActivity.metadata,
+        scoreData: {
+          correctQuestions,
+          totalQuestions
+        },
+        timingData: {
+          durationSeconds
+        },
+        xpEarned: data.xpAwarded,
+        masteredUnits: data.masteredUnits
+      };
+      try {
+        const response = await client["requestGameBackend"](TIMEBACK_ROUTES.END_ACTIVITY, "POST", request);
+        currentActivity = null;
+        return response;
+      } catch (error) {
+        currentActivity = null;
+        throw error;
       }
     }
   };
 }
-// ../constants/src/overworld.ts
-var ITEM_SLUGS = {
-  PLAYCADEMY_CREDITS: "PLAYCADEMY_CREDITS",
-  PLAYCADEMY_XP: "PLAYCADEMY_XP",
-  FOUNDING_MEMBER_BADGE: "FOUNDING_MEMBER_BADGE",
-  EARLY_ADOPTER_BADGE: "EARLY_ADOPTER_BADGE",
-  FIRST_GAME_BADGE: "FIRST_GAME_BADGE",
-  COMMON_SWORD: "COMMON_SWORD",
-  SMALL_HEALTH_POTION: "SMALL_HEALTH_POTION",
-  SMALL_BACKPACK: "SMALL_BACKPACK",
-  LAVA_LAMP: "LAVA_LAMP",
-  BOOMBOX: "BOOMBOX",
-  CABIN_BED: "CABIN_BED"
-};
-var CURRENCIES = {
-  PRIMARY: ITEM_SLUGS.PLAYCADEMY_CREDITS,
-  XP: ITEM_SLUGS.PLAYCADEMY_XP
-};
-var BADGES = {
-  FOUNDING_MEMBER: ITEM_SLUGS.FOUNDING_MEMBER_BADGE,
-  EARLY_ADOPTER: ITEM_SLUGS.EARLY_ADOPTER_BADGE,
-  FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
-};
-// ../constants/src/timeback.ts
-var TIMEBACK_ROUTES = {
-  END_ACTIVITY: "/integrations/timeback/end-activity"
-};
-// src/core/cache/singleton-cache.ts
-function createSingletonCache() {
-  let cachedValue;
-  let hasValue = false;
-  async function get(loader) {
-    if (hasValue) {
-      return cachedValue;
-    }
-    const value = await loader();
-    cachedValue = value;
-    hasValue = true;
-    return value;
+// src/core/auth/strategies.ts
+class ApiKeyAuth {
+  apiKey;
+  constructor(apiKey) {
+    this.apiKey = apiKey;
+  }
+  getToken() {
+    return this.apiKey;
+  }
+  getType() {
+    return "apiKey";
+  }
+  getHeaders() {
+    return { "x-api-key": this.apiKey };
+  }
+}
+
+class SessionAuth {
+  sessionToken;
+  constructor(sessionToken) {
+    this.sessionToken = sessionToken;
+  }
+  getToken() {
+    return this.sessionToken;
+  }
+  getType() {
+    return "session";
+  }
+  getHeaders() {
+    return { Authorization: `Bearer ${this.sessionToken}` };
+  }
+}
+
+class GameJwtAuth {
+  gameToken;
+  constructor(gameToken) {
+    this.gameToken = gameToken;
+  }
+  getToken() {
+    return this.gameToken;
+  }
+  getType() {
+    return "gameJwt";
+  }
+  getHeaders() {
+    return { Authorization: `Bearer ${this.gameToken}` };
+  }
+}
+
+class NoAuth {
+  getToken() {
+    return null;
+  }
+  getType() {
+    return "session";
+  }
+  getHeaders() {
+    return {};
+  }
+}
+function createAuthStrategy(token, tokenType) {
+  if (!token) {
+    return new NoAuth;
+  }
+  if (tokenType === "apiKey") {
+    return new ApiKeyAuth(token);
+  }
+  if (tokenType === "session") {
+    return new SessionAuth(token);
   }
-  function clear() {
-    cachedValue = undefined;
-    hasValue = false;
+  if (tokenType === "gameJwt") {
+    return new GameJwtAuth(token);
   }
-  function has() {
-    return hasValue;
+  if (token.startsWith("cademy")) {
+    return new ApiKeyAuth(token);
   }
-  return { get, clear, has };
+  return new GameJwtAuth(token);
 }
 
-// src/namespaces/game/credits.ts
-function createCreditsNamespace(client) {
-  const creditsIdCache = createSingletonCache();
-  const getCreditsItemId = async () => {
-    return creditsIdCache.get(async () => {
-      const queryParams = new URLSearchParams({ slug: CURRENCIES.PRIMARY });
-      const creditsItem = await client["request"](`/items/resolve?${queryParams.toString()}`, "GET");
-      if (!creditsItem || !creditsItem.id) {
-        throw new Error("Playcademy Credits item not found in catalog");
+// src/core/connection/monitor.ts
+class ConnectionMonitor {
+  state = "online";
+  callbacks = new Set;
+  heartbeatInterval;
+  consecutiveFailures = 0;
+  isMonitoring = false;
+  config;
+  constructor(config) {
+    this.config = {
+      baseUrl: config.baseUrl,
+      heartbeatInterval: config.heartbeatInterval ?? 1e4,
+      heartbeatTimeout: config.heartbeatTimeout ?? 5000,
+      failureThreshold: config.failureThreshold ?? 2,
+      enableHeartbeat: config.enableHeartbeat ?? true,
+      enableOfflineEvents: config.enableOfflineEvents ?? true
+    };
+    this._detectInitialState();
+  }
+  start() {
+    if (this.isMonitoring)
+      return;
+    this.isMonitoring = true;
+    if (this.config.enableOfflineEvents && typeof window !== "undefined") {
+      window.addEventListener("online", this._handleOnline);
+      window.addEventListener("offline", this._handleOffline);
+    }
+    if (this.config.enableHeartbeat) {
+      this._startHeartbeat();
+    }
+  }
+  stop() {
+    if (!this.isMonitoring)
+      return;
+    this.isMonitoring = false;
+    if (typeof window !== "undefined") {
+      window.removeEventListener("online", this._handleOnline);
+      window.removeEventListener("offline", this._handleOffline);
+    }
+    if (this.heartbeatInterval) {
+      clearInterval(this.heartbeatInterval);
+      this.heartbeatInterval = undefined;
+    }
+  }
+  onChange(callback) {
+    this.callbacks.add(callback);
+    return () => this.callbacks.delete(callback);
+  }
+  getState() {
+    return this.state;
+  }
+  async checkNow() {
+    await this._performHeartbeat();
+    return this.state;
+  }
+  reportRequestFailure(error) {
+    const isNetworkError = error instanceof TypeError || error instanceof Error && error.message.includes("fetch");
+    if (!isNetworkError)
+      return;
+    this.consecutiveFailures++;
+    if (this.consecutiveFailures >= this.config.failureThreshold) {
+      this._setState("degraded", "Multiple consecutive request failures");
+    }
+  }
+  reportRequestSuccess() {
+    if (this.consecutiveFailures > 0) {
+      this.consecutiveFailures = 0;
+      if (this.state === "degraded") {
+        this._setState("online", "Requests succeeding again");
       }
-      return creditsItem.id;
-    });
+    }
+  }
+  _detectInitialState() {
+    if (typeof navigator !== "undefined" && !navigator.onLine) {
+      this.state = "offline";
+    }
+  }
+  _handleOnline = () => {
+    this.consecutiveFailures = 0;
+    this._setState("online", "Browser online event");
   };
-  return {
-    balance: async () => {
-      const inventory = await client["request"]("/inventory", "GET");
-      const primaryCurrencyInventoryItem = inventory.find((item) => item.item?.slug === CURRENCIES.PRIMARY);
-      return primaryCurrencyInventoryItem?.quantity ?? 0;
-    },
-    add: async (amount) => {
-      if (amount <= 0) {
-        throw new Error("Amount must be positive");
-      }
-      const creditsItemId = await getCreditsItemId();
-      const result = await client["request"]("/inventory/add", "POST", {
-        body: {
-          itemId: creditsItemId,
-          qty: amount
-        }
-      });
-      client["emit"]("inventoryChange", {
-        itemId: creditsItemId,
-        delta: amount,
-        newTotal: result.newTotal
+  _handleOffline = () => {
+    this._setState("offline", "Browser offline event");
+  };
+  _startHeartbeat() {
+    this._performHeartbeat();
+    this.heartbeatInterval = setInterval(() => {
+      this._performHeartbeat();
+    }, this.config.heartbeatInterval);
+  }
+  async _performHeartbeat() {
+    if (typeof navigator !== "undefined" && !navigator.onLine) {
+      return;
+    }
+    try {
+      const controller = new AbortController;
+      const timeoutId = setTimeout(() => controller.abort(), this.config.heartbeatTimeout);
+      const response = await fetch(`${this.config.baseUrl}/ping`, {
+        method: "GET",
+        signal: controller.signal,
+        cache: "no-store"
       });
-      return result.newTotal;
-    },
-    spend: async (amount) => {
-      if (amount <= 0) {
-        throw new Error("Amount must be positive");
-      }
-      const creditsItemId = await getCreditsItemId();
-      const result = await client["request"]("/inventory/remove", "POST", {
-        body: {
-          itemId: creditsItemId,
-          qty: amount
+      clearTimeout(timeoutId);
+      if (response.ok) {
+        this.consecutiveFailures = 0;
+        if (this.state !== "online") {
+          this._setState("online", "Heartbeat successful");
         }
-      });
-      client["emit"]("inventoryChange", {
-        itemId: creditsItemId,
-        delta: -amount,
-        newTotal: result.newTotal
-      });
-      return result.newTotal;
+      } else {
+        this._handleHeartbeatFailure("Heartbeat returned non-OK status");
+      }
+    } catch (error) {
+      this._handleHeartbeatFailure(error instanceof Error ? error.message : "Heartbeat failed");
     }
-  };
+  }
+  _handleHeartbeatFailure(reason) {
+    this.consecutiveFailures++;
+    if (this.consecutiveFailures >= this.config.failureThreshold) {
+      if (typeof navigator !== "undefined" && !navigator.onLine) {
+        this._setState("offline", reason);
+      } else {
+        this._setState("degraded", reason);
+      }
+    }
+  }
+  _setState(newState, reason) {
+    if (this.state === newState)
+      return;
+    const oldState = this.state;
+    this.state = newState;
+    console.debug(`[ConnectionMonitor] ${oldState} → ${newState}: ${reason}`);
+    this.callbacks.forEach((callback) => {
+      try {
+        callback(newState, reason);
+      } catch (error) {
+        console.error("[ConnectionMonitor] Error in callback:", error);
+      }
+    });
+  }
 }
-// src/namespaces/game/scores.ts
-function createScoresNamespace(client) {
-  return {
-    submit: async (gameId, score, metadata) => {
-      return client["request"](`/games/${gameId}/scores`, "POST", {
-        body: {
-          score,
-          metadata
-        }
-      });
+// src/core/connection/utils.ts
+function createDisplayAlert(authContext) {
+  return (message, options) => {
+    if (authContext?.isInIframe && typeof window !== "undefined" && window.parent !== window) {
+      window.parent.postMessage({
+        type: "PLAYCADEMY_DISPLAY_ALERT",
+        message,
+        options
+      }, "*");
+    } else {
+      const prefix = options?.type === "error" ? "❌" : options?.type === "warning" ? "⚠️" : "ℹ️";
+      console.log(`${prefix} ${message}`);
     }
   };
 }
-// src/namespaces/game/realtime.client.ts
-var CLOSE_CODES = {
-  NORMAL_CLOSURE: 1000,
-  TOKEN_REFRESH: 4000
-};
 
-class RealtimeChannelClient {
-  gameId;
-  _channelName;
-  getToken;
-  baseUrl;
-  ws;
-  listeners = new Set;
-  isClosing = false;
-  tokenRefreshUnsubscribe;
-  constructor(gameId, _channelName, getToken, baseUrl) {
-    this.gameId = gameId;
-    this._channelName = _channelName;
-    this.getToken = getToken;
-    this.baseUrl = baseUrl;
-  }
-  async connect() {
-    try {
-      const token = await this.getToken();
-      let wsBase;
-      if (/^ws(s)?:\/\//.test(this.baseUrl)) {
-        wsBase = this.baseUrl;
-      } else if (/^http(s)?:\/\//.test(this.baseUrl)) {
-        wsBase = this.baseUrl.replace(/^http/, "ws");
-      } else {
-        const isBrowser2 = typeof window !== "undefined";
-        if (isBrowser2) {
-          const proto = window.location.protocol === "https:" ? "wss" : "ws";
-          wsBase = `${proto}://${window.location.host}${this.baseUrl}`;
-        } else {
-          wsBase = `ws://${this.baseUrl.replace(/^\//, "")}`;
-        }
-      }
-      const url = new URL(wsBase);
-      url.searchParams.set("token", token);
-      url.searchParams.set("c", this._channelName);
-      this.ws = new WebSocket(url);
-      this.setupEventHandlers();
-      this.setupTokenRefreshListener();
-      await new Promise((resolve, reject) => {
-        if (!this.ws) {
-          reject(new Error("WebSocket creation failed"));
-          return;
-        }
-        const onOpen = () => {
-          this.ws?.removeEventListener("open", onOpen);
-          this.ws?.removeEventListener("error", onError);
-          resolve();
-        };
-        const onError = (event) => {
-          this.ws?.removeEventListener("open", onOpen);
-          this.ws?.removeEventListener("error", onError);
-          reject(new Error(`WebSocket connection failed: ${event}`));
-        };
-        this.ws.addEventListener("open", onOpen);
-        this.ws.addEventListener("error", onError);
-      });
-      log.debug("[RealtimeChannelClient] Connected to channel", {
-        gameId: this.gameId,
-        channel: this._channelName
-      });
-      return this;
-    } catch (error) {
-      log.error("[RealtimeChannelClient] Connection failed", {
-        gameId: this.gameId,
-        channel: this._channelName,
-        error
-      });
-      throw error;
+// src/core/connection/manager.ts
+class ConnectionManager {
+  monitor;
+  authContext;
+  disconnectHandler;
+  connectionChangeCallback;
+  currentState = "online";
+  additionalDisconnectHandlers = new Set;
+  constructor(config) {
+    this.authContext = config.authContext;
+    this.disconnectHandler = config.onDisconnect;
+    this.connectionChangeCallback = config.onConnectionChange;
+    if (config.authContext?.isInIframe) {
+      this._setupPlatformListener();
+    }
+  }
+  getState() {
+    return this.monitor?.getState() ?? this.currentState;
+  }
+  async checkNow() {
+    if (!this.monitor) {
+      return this.currentState;
     }
+    return await this.monitor.checkNow();
   }
-  setupEventHandlers() {
-    if (!this.ws)
-      return;
-    this.ws.onmessage = (event) => {
-      try {
-        const data = JSON.parse(event.data);
-        this.listeners.forEach((callback) => {
-          try {
-            callback(data);
-          } catch (error) {
-            log.warn("[RealtimeChannelClient] Message listener error", {
-              channel: this._channelName,
-              error
-            });
-          }
-        });
-      } catch (error) {
-        log.warn("[RealtimeChannelClient] Failed to parse message", {
-          channel: this._channelName,
-          message: event.data,
-          error
-        });
-      }
-    };
-    this.ws.onclose = (event) => {
-      log.debug("[RealtimeChannelClient] Connection closed", {
-        channel: this._channelName,
-        code: event.code,
-        reason: event.reason,
-        wasClean: event.wasClean
-      });
-      if (!this.isClosing && event.code !== CLOSE_CODES.TOKEN_REFRESH) {
-        log.warn("[RealtimeChannelClient] Unexpected disconnection", {
-          channel: this._channelName,
-          code: event.code,
-          reason: event.reason
-        });
-      }
-    };
-    this.ws.onerror = (event) => {
-      log.error("[RealtimeChannelClient] WebSocket error", {
-        channel: this._channelName,
-        event
-      });
-    };
+  reportRequestSuccess() {
+    this.monitor?.reportRequestSuccess();
   }
-  setupTokenRefreshListener() {
-    const tokenRefreshHandler = async ({ token }) => {
-      log.debug("[RealtimeChannelClient] Token refresh received, reconnecting", {
-        channel: this._channelName
-      });
-      try {
-        await this.reconnectWithNewToken(token);
-      } catch (error) {
-        log.error("[RealtimeChannelClient] Token refresh reconnection failed", {
-          channel: this._channelName,
-          error
-        });
-      }
-    };
-    messaging.listen("PLAYCADEMY_TOKEN_REFRESH" /* TOKEN_REFRESH */, tokenRefreshHandler);
-    this.tokenRefreshUnsubscribe = () => {
-      messaging.unlisten("PLAYCADEMY_TOKEN_REFRESH" /* TOKEN_REFRESH */, tokenRefreshHandler);
+  reportRequestFailure(error) {
+    this.monitor?.reportRequestFailure(error);
+  }
+  onDisconnect(callback) {
+    this.additionalDisconnectHandlers.add(callback);
+    return () => {
+      this.additionalDisconnectHandlers.delete(callback);
     };
   }
-  async reconnectWithNewToken(_token) {
-    if (this.ws && this.ws.readyState === WebSocket.OPEN) {
-      this.ws.close(CLOSE_CODES.TOKEN_REFRESH, "token_refresh");
-      await new Promise((resolve) => {
-        const checkClosed = () => {
-          if (!this.ws || this.ws.readyState === WebSocket.CLOSED) {
-            resolve();
-          } else {
-            setTimeout(checkClosed, 10);
-          }
-        };
-        checkClosed();
-      });
-    }
-    await this.connect();
+  stop() {
+    this.monitor?.stop();
   }
-  send(data) {
-    if (this.ws?.readyState === WebSocket.OPEN) {
-      try {
-        const message = JSON.stringify(data);
-        this.ws.send(message);
-      } catch (error) {
-        log.error("[RealtimeChannelClient] Failed to send message", {
-          channel: this._channelName,
-          error,
-          data
-        });
+  _setupPlatformListener() {
+    messaging.listen("PLAYCADEMY_CONNECTION_STATE" /* CONNECTION_STATE */, ({ state, reason }) => {
+      this.currentState = state;
+      this._handleConnectionChange(state, reason);
+    });
+  }
+  _handleConnectionChange(state, reason) {
+    this.connectionChangeCallback?.(state, reason);
+    if (state === "offline" || state === "degraded") {
+      const context = {
+        state,
+        reason,
+        timestamp: Date.now(),
+        displayAlert: createDisplayAlert(this.authContext)
+      };
+      if (this.disconnectHandler) {
+        this.disconnectHandler(context);
       }
-    } else {
-      log.warn("[RealtimeChannelClient] Cannot send message - connection not open", {
-        channel: this._channelName,
-        readyState: this.ws?.readyState
+      this.additionalDisconnectHandlers.forEach((handler) => {
+        handler(context);
       });
     }
   }
-  onMessage(callback) {
-    this.listeners.add(callback);
-    return () => this.listeners.delete(callback);
+}
+// src/core/request.ts
+function checkDevWarnings(data) {
+  if (!data || typeof data !== "object")
+    return;
+  const response = data;
+  const warningType = response.__playcademyDevWarning;
+  if (!warningType)
+    return;
+  switch (warningType) {
+    case "timeback-not-configured":
+      console.warn("%c⚠️ TimeBack Not Configured", "background: #f59e0b; color: white; padding: 6px 12px; border-radius: 4px; font-weight: bold; font-size: 13px");
+      console.log("%cTimeBack is configured in playcademy.config.js but the sandbox does not have TimeBack credentials.", "color: #f59e0b; font-weight: 500");
+      console.log("To test TimeBack locally:");
+      console.log("  Set the following environment variables:");
+      console.log("    • %cTIMEBACK_ONEROSTER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
+      console.log("    • %cTIMEBACK_CALIPER_API_URL", "color: #0ea5e9; font-weight: 600; font-family: monospace");
+      console.log("    • %cTIMEBACK_API_CLIENT_ID/SECRET", "color: #0ea5e9; font-weight: 600; font-family: monospace");
+      console.log("  Or deploy your game: %cplaycademy deploy", "color: #10b981; font-weight: 600; font-family: monospace");
+      console.log("  Or wait for %c@superbuilders/timeback-local%c (coming soon)", "color: #8b5cf6; font-weight: 600; font-family: monospace", "color: inherit");
+      break;
+    default:
+      console.warn(`[Playcademy Dev Warning] ${warningType}`);
+  }
+}
+function prepareRequestBody(body, headers) {
+  if (body instanceof FormData) {
+    return body;
   }
-  close() {
-    this.isClosing = true;
-    if (this.tokenRefreshUnsubscribe) {
-      this.tokenRefreshUnsubscribe();
-      this.tokenRefreshUnsubscribe = undefined;
-    }
-    if (this.ws) {
-      this.ws.close(CLOSE_CODES.NORMAL_CLOSURE, "client_close");
-      this.ws = undefined;
+  if (body instanceof ArrayBuffer || body instanceof Blob || ArrayBuffer.isView(body)) {
+    if (!headers["Content-Type"]) {
+      headers["Content-Type"] = "application/octet-stream";
     }
-    this.listeners.clear();
-    log.debug("[RealtimeChannelClient] Channel closed", {
-      channel: this._channelName
-    });
-  }
-  get channelName() {
-    return this._channelName;
+    return body;
   }
-  get isConnected() {
-    return this.ws?.readyState === WebSocket.OPEN;
+  if (body !== undefined && body !== null) {
+    headers["Content-Type"] = "application/json";
+    return JSON.stringify(body);
   }
+  return;
 }
-
-// src/namespaces/game/realtime.ts
-function createRealtimeNamespace(client) {
-  return {
-    token: {
-      get: async () => {
-        const endpoint = client["gameId"] ? `/games/${client["gameId"]}/realtime/token` : "/realtime/token";
-        return client["request"](endpoint, "POST");
-      }
-    },
-    async open(channel = "default", url) {
-      if (!client["gameId"]) {
-        throw new Error("gameId is required for realtime channels");
-      }
-      let wsBaseUrl = url;
-      if (!wsBaseUrl && typeof window !== "undefined") {
-        const ctx = window.PLAYCADEMY;
-        if (ctx?.realtimeUrl) {
-          wsBaseUrl = ctx.realtimeUrl;
-        }
-      }
-      const realtimeClient = new RealtimeChannelClient(client["gameId"], channel, () => client.realtime.token.get().then((r) => r.token), wsBaseUrl ?? client.getBaseUrl());
-      return realtimeClient.connect();
+async function request({
+  path,
+  baseUrl,
+  method = "GET",
+  body,
+  extraHeaders = {},
+  raw = false
+}) {
+  const url = baseUrl.replace(/\/$/, "") + (path.startsWith("/") ? path : `/${path}`);
+  const headers = { ...extraHeaders };
+  const payload = prepareRequestBody(body, headers);
+  const res = await fetch(url, {
+    method,
+    headers,
+    body: payload,
+    credentials: "omit"
+  });
+  if (raw) {
+    return res;
+  }
+  if (!res.ok) {
+    const clonedRes = res.clone();
+    const errorBody = await clonedRes.json().catch(() => clonedRes.text().catch(() => {
+      return;
+    })) ?? undefined;
+    throw new ApiError(res.status, res.statusText, errorBody);
+  }
+  if (res.status === 204)
+    return;
+  const contentType = res.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    try {
+      const parsed = await res.json();
+      checkDevWarnings(parsed);
+      return parsed;
+    } catch (err) {
+      if (err instanceof SyntaxError)
+        return;
+      throw err;
     }
-  };
+  }
+  const rawText = await res.text().catch(() => "");
+  return rawText && rawText.length > 0 ? rawText : undefined;
 }
-// src/namespaces/game/timeback.ts
-function createTimebackNamespace(client) {
-  let currentActivity = null;
-  return {
-    startActivity: (metadata) => {
-      currentActivity = {
-        startTime: Date.now(),
-        metadata,
-        pausedTime: 0,
-        pauseStartTime: null
-      };
-    },
-    pauseActivity: () => {
-      if (!currentActivity) {
-        throw new Error("No activity in progress. Call startActivity() before pauseActivity().");
-      }
-      if (currentActivity.pauseStartTime !== null) {
-        throw new Error("Activity is already paused.");
-      }
-      currentActivity.pauseStartTime = Date.now();
-    },
-    resumeActivity: () => {
-      if (!currentActivity) {
-        throw new Error("No activity in progress. Call startActivity() before resumeActivity().");
-      }
-      if (currentActivity.pauseStartTime === null) {
-        throw new Error("Activity is not paused.");
-      }
-      const pauseDuration = Date.now() - currentActivity.pauseStartTime;
-      currentActivity.pausedTime += pauseDuration;
-      currentActivity.pauseStartTime = null;
-    },
-    endActivity: async (data) => {
-      if (!currentActivity) {
-        throw new Error("No activity in progress. Call startActivity() before endActivity().");
-      }
-      if (currentActivity.pauseStartTime !== null) {
-        const pauseDuration = Date.now() - currentActivity.pauseStartTime;
-        currentActivity.pausedTime += pauseDuration;
-        currentActivity.pauseStartTime = null;
-      }
-      const endTime = Date.now();
-      const totalElapsed = endTime - currentActivity.startTime;
-      const activeTime = totalElapsed - currentActivity.pausedTime;
-      const durationSeconds = Math.floor(activeTime / 1000);
-      const { correctQuestions, totalQuestions } = data;
-      const request2 = {
-        activityData: currentActivity.metadata,
-        scoreData: {
-          correctQuestions,
-          totalQuestions
-        },
-        timingData: {
-          durationSeconds
-        },
-        xpEarned: data.xpAwarded,
-        masteredUnits: data.masteredUnits
-      };
-      try {
-        const response = await client["requestGameBackend"](TIMEBACK_ROUTES.END_ACTIVITY, "POST", request2);
-        currentActivity = null;
-        return response;
-      } catch (error) {
-        currentActivity = null;
-        throw error;
-      }
-    },
-    management: {
-      setup: (request2) => {
-        return client["request"]("/timeback/setup", "POST", {
-          body: request2
-        });
-      },
-      verify: (gameId) => {
-        return client["request"](`/timeback/verify/${gameId}`, "GET");
-      },
-      cleanup: (gameId) => {
-        return client["request"](`/timeback/integrations/${gameId}`, "DELETE");
-      },
-      get: (gameId) => {
-        return client["request"](`/timeback/integrations/${gameId}`, "GET");
-      },
-      getConfig: (gameId) => {
-        return client["request"](`/timeback/config/${gameId}`, "GET");
-      }
-    },
-    xp: {
-      today: async (options) => {
-        const params = new URLSearchParams;
-        if (options?.date)
-          params.set("date", options.date);
-        if (options?.timezone)
-          params.set("tz", options.timezone);
-        const query = params.toString();
-        const endpoint = query ? `/timeback/xp/today?${query}` : "/timeback/xp/today";
-        return client["request"](endpoint, "GET");
-      },
-      total: async () => {
-        return client["request"]("/timeback/xp/total", "GET");
-      },
-      history: async (options) => {
-        const params = new URLSearchParams;
-        if (options?.startDate)
-          params.set("startDate", options.startDate);
-        if (options?.endDate)
-          params.set("endDate", options.endDate);
-        const query = params.toString();
-        const endpoint = query ? `/timeback/xp/history?${query}` : "/timeback/xp/history";
-        return client["request"](endpoint, "GET");
-      },
-      summary: async (options) => {
-        const [today, total] = await Promise.all([
-          client["request"]((() => {
-            const params = new URLSearchParams;
-            if (options?.date)
-              params.set("date", options.date);
-            if (options?.timezone)
-              params.set("tz", options.timezone);
-            const query = params.toString();
-            return query ? `/timeback/xp/today?${query}` : "/timeback/xp/today";
-          })(), "GET"),
-          client["request"]("/timeback/xp/total", "GET")
-        ]);
-        return { today, total };
-      }
+async function fetchManifest(deploymentUrl) {
+  const manifestUrl = `${deploymentUrl.replace(/\/$/, "")}/playcademy.manifest.json`;
+  try {
+    const response = await fetch(manifestUrl);
+    if (!response.ok) {
+      log.error(`[fetchManifest] Failed to fetch manifest from ${manifestUrl}. Status: ${response.status}`);
+      throw new PlaycademyError(`Failed to fetch manifest: ${response.status} ${response.statusText}`);
     }
-  };
+    return await response.json();
+  } catch (error) {
+    if (error instanceof PlaycademyError) {
+      throw error;
+    }
+    log.error(`[Playcademy SDK] Error fetching or parsing manifest from ${manifestUrl}:`, {
+      error
+    });
+    throw new PlaycademyError("Failed to load or parse game manifest");
+  }
 }
-// src/clients/public.ts
-class PlaycademyClient {
+
+// src/clients/base.ts
+class PlaycademyBaseClient {
   baseUrl;
   gameUrl;
   authStrategy;
@@ -2084,9 +1920,13 @@ class PlaycademyClient {
       });
     }
   }
+  users = createUsersNamespace(this);
+}
+
+// src/clients/public.ts
+class PlaycademyClient extends PlaycademyBaseClient {
   identity = createIdentityNamespace(this);
   runtime = createRuntimeNamespace(this);
-  users = createUsersNamespace(this);
   timeback = createTimebackNamespace(this);
   credits = createCreditsNamespace(this);
   scores = createScoresNamespace(this);