@playcademy/vite-plugin 0.0.1-beta.12 → 0.0.1-beta.13

package/dist/index.js

@@ -41060,6 +41060,8 @@ import { constants, KeyObject as KeyObject3 } from "node:crypto";
 import * as crypto5 from "node:crypto";
 import { promisify } from "node:util";
 import { KeyObject as KeyObject4, createSecretKey } from "node:crypto";
+import fs32 from "node:fs";
+import path22 from "node:path";
 var __create2 = Object.create;
 var __getProtoOf2 = Object.getPrototypeOf;
 var __defProp2 = Object.defineProperty;
@@ -43831,7 +43833,7 @@ ${file}:${line2}:${column}: ERROR: ${pluginText}${e.text}`;
       result = `(?${regexp.flags})${result}`;
     return result;
   }
-  var fs32 = __require2("fs");
+  var fs33 = __require2("fs");
   var os2 = __require2("os");
   var path3 = __require2("path");
   var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;
@@ -43896,14 +43898,14 @@ ${file}:${line2}:${column}: ERROR: ${pluginText}${e.text}`;
       for (const unixKey in knownUnixlikePackages) {
         try {
           const pkg = knownUnixlikePackages[unixKey];
-          if (fs32.existsSync(path3.join(nodeModulesDirectory, pkg)))
+          if (fs33.existsSync(path3.join(nodeModulesDirectory, pkg)))
             return pkg;
         } catch {}
       }
       for (const windowsKey in knownWindowsPackages) {
         try {
           const pkg = knownWindowsPackages[windowsKey];
-          if (fs32.existsSync(path3.join(nodeModulesDirectory, pkg)))
+          if (fs33.existsSync(path3.join(nodeModulesDirectory, pkg)))
             return pkg;
         } catch {}
       }
@@ -43916,7 +43918,7 @@ ${file}:${line2}:${column}: ERROR: ${pluginText}${e.text}`;
   }
   function generateBinPath() {
     if (isValidBinaryPath(ESBUILD_BINARY_PATH)) {
-      if (!fs32.existsSync(ESBUILD_BINARY_PATH)) {
+      if (!fs33.existsSync(ESBUILD_BINARY_PATH)) {
         console.warn(`[esbuild] Ignoring bad configuration: ESBUILD_BINARY_PATH=${ESBUILD_BINARY_PATH}`);
       } else {
         return { binPath: ESBUILD_BINARY_PATH, isWASM: false };
@@ -43928,7 +43930,7 @@ ${file}:${line2}:${column}: ERROR: ${pluginText}${e.text}`;
       binPath = __require2.resolve(`${pkg}/${subpath}`);
     } catch (e) {
       binPath = downloadedBinPath(pkg, subpath);
-      if (!fs32.existsSync(binPath)) {
+      if (!fs33.existsSync(binPath)) {
         try {
           __require2.resolve(pkg);
         } catch {
@@ -44004,10 +44006,10 @@ for your current platform.`);
       if (pnpapi) {
         const root = pnpapi.getPackageInformation(pnpapi.topLevel).packageLocation;
         const binTargetPath = path3.join(root, "node_modules", ".cache", "esbuild", `pnpapi-${pkg.replace("/", "-")}-0.25.5-${path3.basename(subpath)}`);
-        if (!fs32.existsSync(binTargetPath)) {
-          fs32.mkdirSync(path3.dirname(binTargetPath), { recursive: true });
-          fs32.copyFileSync(binPath, binTargetPath);
-          fs32.chmodSync(binTargetPath, 493);
+        if (!fs33.existsSync(binTargetPath)) {
+          fs33.mkdirSync(path3.dirname(binTargetPath), { recursive: true });
+          fs33.copyFileSync(binPath, binTargetPath);
+          fs33.chmodSync(binTargetPath, 493);
         }
         return { binPath: binTargetPath, isWASM };
       }
@@ -44016,7 +44018,7 @@ for your current platform.`);
   }
   var child_process = __require2("child_process");
   var crypto32 = __require2("crypto");
-  var path22 = __require2("path");
+  var path23 = __require2("path");
   var fs222 = __require2("fs");
   var os22 = __require2("os");
   var tty2 = __require2("tty");
@@ -44033,7 +44035,7 @@ for your current platform.`);
   var _a;
   var isInternalWorkerThread = ((_a = worker_threads == null ? undefined : worker_threads.workerData) == null ? undefined : _a.esbuildVersion) === "0.25.5";
   var esbuildCommandAndArgs = () => {
-    if ((!ESBUILD_BINARY_PATH || false) && (path22.basename(__filename2) !== "main.js" || path22.basename(__dirname2) !== "lib")) {
+    if ((!ESBUILD_BINARY_PATH || false) && (path23.basename(__filename2) !== "main.js" || path23.basename(__dirname2) !== "lib")) {
       throw new Error(`The esbuild JavaScript API cannot be bundled. Please mark the "esbuild" package as external so it's not included in the bundle.
 
 More information: The file containing the code for esbuild's JavaScript API (${__filename2}) does not appear to be inside the esbuild package on the file system, which usually means that the esbuild package was bundled into another file. This is problematic because the API needs to run a binary executable inside the esbuild package which is located using a relative path from the API code to the executable. If the esbuild package is bundled, the relative path will be incorrect and the executable won't be found.`);
@@ -44329,7 +44331,7 @@ More information: The file containing the code for esbuild's JavaScript API (${_
     afterClose(null);
   };
   var randomFileName = () => {
-    return path22.join(os22.tmpdir(), `esbuild-${crypto32.randomBytes(32).toString("hex")}`);
+    return path23.join(os22.tmpdir(), `esbuild-${crypto32.randomBytes(32).toString("hex")}`);
   };
   var workerThreadService = null;
   var startWorkerThreadService = (worker_threads2) => {
@@ -46908,11 +46910,11 @@ var require_node22 = __commonJS2((exports) => {
   var require_source_map_support = __commonJS22((exports2, module22) => {
     var SourceMapConsumer = require_source_map().SourceMapConsumer;
     var path3 = __require2("path");
-    var fs32;
+    var fs33;
     try {
-      fs32 = __require2("fs");
-      if (!fs32.existsSync || !fs32.readFileSync) {
-        fs32 = null;
+      fs33 = __require2("fs");
+      if (!fs33.existsSync || !fs33.readFileSync) {
+        fs33 = null;
       }
     } catch (err2) {}
     var bufferFrom = require_buffer_from();
@@ -46950,30 +46952,30 @@ var require_node22 = __commonJS2((exports) => {
       };
     }
     var retrieveFile = handlerExec(retrieveFileHandlers);
-    retrieveFileHandlers.push(function(path22) {
-      path22 = path22.trim();
-      if (/^file:/.test(path22)) {
-        path22 = path22.replace(/file:\/\/\/(\w:)?/, function(protocol, drive) {
+    retrieveFileHandlers.push(function(path23) {
+      path23 = path23.trim();
+      if (/^file:/.test(path23)) {
+        path23 = path23.replace(/file:\/\/\/(\w:)?/, function(protocol, drive) {
           return drive ? "" : "/";
         });
       }
-      if (path22 in fileContentsCache) {
-        return fileContentsCache[path22];
+      if (path23 in fileContentsCache) {
+        return fileContentsCache[path23];
       }
       var contents = "";
       try {
-        if (!fs32) {
+        if (!fs33) {
           var xhr = new XMLHttpRequest;
-          xhr.open("GET", path22, false);
+          xhr.open("GET", path23, false);
           xhr.send(null);
           if (xhr.readyState === 4 && xhr.status === 200) {
             contents = xhr.responseText;
           }
-        } else if (fs32.existsSync(path22)) {
-          contents = fs32.readFileSync(path22, "utf8");
+        } else if (fs33.existsSync(path23)) {
+          contents = fs33.readFileSync(path23, "utf8");
         }
       } catch (er2) {}
-      return fileContentsCache[path22] = contents;
+      return fileContentsCache[path23] = contents;
     });
     function supportRelativeURL(file, url2) {
       if (!file)
@@ -47234,9 +47236,9 @@ var require_node22 = __commonJS2((exports) => {
         var line2 = +match[2];
         var column = +match[3];
         var contents = fileContentsCache[source];
-        if (!contents && fs32 && fs32.existsSync(source)) {
+        if (!contents && fs33 && fs33.existsSync(source)) {
           try {
-            contents = fs32.readFileSync(source, "utf8");
+            contents = fs33.readFileSync(source, "utf8");
           } catch (er2) {
             contents = "";
           }
@@ -47780,13 +47782,13 @@ If you have no idea what this means or what Pirates is, let me explain: Pirates
   var require_filesystem = __commonJS22((exports2) => {
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.removeExtension = exports2.fileExistsAsync = exports2.readJsonFromDiskAsync = exports2.readJsonFromDiskSync = exports2.fileExistsSync = undefined;
-    var fs32 = __require2("fs");
+    var fs33 = __require2("fs");
     function fileExistsSync(path3) {
-      if (!fs32.existsSync(path3)) {
+      if (!fs33.existsSync(path3)) {
         return false;
       }
       try {
-        var stats = fs32.statSync(path3);
+        var stats = fs33.statSync(path3);
         return stats.isFile();
       } catch (err2) {
         return false;
@@ -47794,14 +47796,14 @@ If you have no idea what this means or what Pirates is, let me explain: Pirates
     }
     exports2.fileExistsSync = fileExistsSync;
     function readJsonFromDiskSync(packageJsonPath) {
-      if (!fs32.existsSync(packageJsonPath)) {
+      if (!fs33.existsSync(packageJsonPath)) {
         return;
       }
       return __require2(packageJsonPath);
     }
     exports2.readJsonFromDiskSync = readJsonFromDiskSync;
     function readJsonFromDiskAsync(path3, callback) {
-      fs32.readFile(path3, "utf8", function(err2, result) {
+      fs33.readFile(path3, "utf8", function(err2, result) {
         if (err2 || !result) {
           return callback();
         }
@@ -47810,8 +47812,8 @@ If you have no idea what this means or what Pirates is, let me explain: Pirates
       });
     }
     exports2.readJsonFromDiskAsync = readJsonFromDiskAsync;
-    function fileExistsAsync(path22, callback2) {
-      fs32.stat(path22, function(err2, stats) {
+    function fileExistsAsync(path23, callback2) {
+      fs33.stat(path23, function(err2, stats) {
         if (err2) {
           return callback2(undefined, false);
         }
@@ -49254,7 +49256,7 @@ If you have no idea what this means or what Pirates is, let me explain: Pirates
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.loadTsconfig = exports2.walkForTsConfig = exports2.tsConfigLoader = undefined;
     var path3 = __require2("path");
-    var fs32 = __require2("fs");
+    var fs33 = __require2("fs");
     var JSON5 = require_lib3();
     var StripBom = require_strip_bom();
     function tsConfigLoader(_a) {
@@ -49283,10 +49285,10 @@ If you have no idea what this means or what Pirates is, let me explain: Pirates
     }
     function resolveConfigPath(cwd, filename) {
       if (filename) {
-        var absolutePath = fs32.lstatSync(filename).isDirectory() ? path3.resolve(filename, "./tsconfig.json") : path3.resolve(cwd, filename);
+        var absolutePath = fs33.lstatSync(filename).isDirectory() ? path3.resolve(filename, "./tsconfig.json") : path3.resolve(cwd, filename);
         return absolutePath;
       }
-      if (fs32.statSync(cwd).isFile()) {
+      if (fs33.statSync(cwd).isFile()) {
         return path3.resolve(cwd);
       }
       var configAbsolutePath = walkForTsConfig(cwd);
@@ -49294,7 +49296,7 @@ If you have no idea what this means or what Pirates is, let me explain: Pirates
     }
     function walkForTsConfig(directory, readdirSync) {
       if (readdirSync === undefined) {
-        readdirSync = fs32.readdirSync;
+        readdirSync = fs33.readdirSync;
       }
       var files = readdirSync(directory);
       var filesToCheck = ["tsconfig.json", "jsconfig.json"];
@@ -49313,11 +49315,11 @@ If you have no idea what this means or what Pirates is, let me explain: Pirates
     exports2.walkForTsConfig = walkForTsConfig;
     function loadTsconfig(configFilePath, existsSync2, readFileSync) {
       if (existsSync2 === undefined) {
-        existsSync2 = fs32.existsSync;
+        existsSync2 = fs33.existsSync;
       }
       if (readFileSync === undefined) {
         readFileSync = function(filename) {
-          return fs32.readFileSync(filename, "utf8");
+          return fs33.readFileSync(filename, "utf8");
         };
       }
       if (!existsSync2(configFilePath)) {
@@ -50947,7 +50949,7 @@ function mapColumnsInSQLToAlias2(query, alias) {
 }
 function mapResultRow2(columns, row, joinsNotNullableMap) {
   const nullifyMap = {};
-  const result = columns.reduce((result2, { path: path22, field }, columnIndex) => {
+  const result = columns.reduce((result2, { path: path23, field }, columnIndex) => {
     let decoder;
     if (is2(field, Column2)) {
       decoder = field;
@@ -50957,8 +50959,8 @@ function mapResultRow2(columns, row, joinsNotNullableMap) {
       decoder = field.sql.decoder;
     }
     let node = result2;
-    for (const [pathChunkIndex, pathChunk] of path22.entries()) {
-      if (pathChunkIndex < path22.length - 1) {
+    for (const [pathChunkIndex, pathChunk] of path23.entries()) {
+      if (pathChunkIndex < path23.length - 1) {
         if (!(pathChunk in node)) {
           node[pathChunk] = {};
         }
@@ -50966,8 +50968,8 @@ function mapResultRow2(columns, row, joinsNotNullableMap) {
       } else {
         const rawValue = row[columnIndex];
         const value = node[pathChunk] = rawValue === null ? null : decoder.mapFromDriverValue(rawValue);
-        if (joinsNotNullableMap && is2(field, Column2) && path22.length === 2) {
-          const objectName = path22[0];
+        if (joinsNotNullableMap && is2(field, Column2) && path23.length === 2) {
+          const objectName = path23[0];
           if (!(objectName in nullifyMap)) {
             nullifyMap[objectName] = value === null ? getTableName2(field.table) : false;
           } else if (typeof nullifyMap[objectName] === "string" && nullifyMap[objectName] !== getTableName2(field.table)) {
@@ -55779,7 +55781,7 @@ var init_api = __esm(() => {
     "../node_modules/.pnpm/fs.realpath@1.0.0/node_modules/fs.realpath/old.js"(exports) {
       var pathModule = __require22("path");
       var isWindows = process.platform === "win32";
-      var fs32 = __require22("fs");
+      var fs33 = __require22("fs");
       var DEBUG = process.env.NODE_DEBUG && /fs/.test(process.env.NODE_DEBUG);
       function rethrow() {
         var callback;
@@ -55844,7 +55846,7 @@ var init_api = __esm(() => {
           base = m4[0];
           previous = "";
           if (isWindows && !knownHard[base]) {
-            fs32.lstatSync(base);
+            fs33.lstatSync(base);
             knownHard[base] = true;
           }
         }
@@ -55862,7 +55864,7 @@ var init_api = __esm(() => {
           if (cache && Object.prototype.hasOwnProperty.call(cache, base)) {
             resolvedLink = cache[base];
           } else {
-            var stat = fs32.lstatSync(base);
+            var stat = fs33.lstatSync(base);
             if (!stat.isSymbolicLink()) {
               knownHard[base] = true;
               if (cache)
@@ -55877,8 +55879,8 @@ var init_api = __esm(() => {
               }
             }
             if (linkTarget === null) {
-              fs32.statSync(base);
-              linkTarget = fs32.readlinkSync(base);
+              fs33.statSync(base);
+              linkTarget = fs33.readlinkSync(base);
             }
             resolvedLink = pathModule.resolve(previous, linkTarget);
             if (cache)
@@ -55915,7 +55917,7 @@ var init_api = __esm(() => {
           base = m4[0];
           previous = "";
           if (isWindows && !knownHard[base]) {
-            fs32.lstat(base, function(err2) {
+            fs33.lstat(base, function(err2) {
               if (err2)
                 return cb(err2);
               knownHard[base] = true;
@@ -55943,7 +55945,7 @@ var init_api = __esm(() => {
           if (cache && Object.prototype.hasOwnProperty.call(cache, base)) {
             return gotResolvedLink(cache[base]);
           }
-          return fs32.lstat(base, gotStat);
+          return fs33.lstat(base, gotStat);
         }
         function gotStat(err2, stat) {
           if (err2)
@@ -55960,10 +55962,10 @@ var init_api = __esm(() => {
               return gotTarget(null, seenLinks[id], base);
             }
           }
-          fs32.stat(base, function(err22) {
+          fs33.stat(base, function(err22) {
             if (err22)
               return cb(err22);
-            fs32.readlink(base, function(err3, target) {
+            fs33.readlink(base, function(err3, target) {
               if (!isWindows)
                 seenLinks[id] = target;
               gotTarget(err3, target);
@@ -55993,9 +55995,9 @@ var init_api = __esm(() => {
       realpath.realpathSync = realpathSync;
       realpath.monkeypatch = monkeypatch;
       realpath.unmonkeypatch = unmonkeypatch;
-      var fs32 = __require22("fs");
-      var origRealpath = fs32.realpath;
-      var origRealpathSync = fs32.realpathSync;
+      var fs33 = __require22("fs");
+      var origRealpath = fs33.realpath;
+      var origRealpathSync = fs33.realpathSync;
       var version22 = process.version;
       var ok = /^v[0-5]\./.test(version22);
       var old = require_old();
@@ -56033,12 +56035,12 @@ var init_api = __esm(() => {
         }
       }
       function monkeypatch() {
-        fs32.realpath = realpath;
-        fs32.realpathSync = realpathSync;
+        fs33.realpath = realpath;
+        fs33.realpathSync = realpathSync;
       }
       function unmonkeypatch() {
-        fs32.realpath = origRealpath;
-        fs32.realpathSync = origRealpathSync;
+        fs33.realpath = origRealpath;
+        fs33.realpathSync = origRealpathSync;
       }
     }
   });
@@ -56264,8 +56266,8 @@ var init_api = __esm(() => {
         return new Minimatch2(pattern, options).match(p3);
       };
       module2.exports = minimatch2;
-      var path22 = require_path2();
-      minimatch2.sep = path22.sep;
+      var path23 = require_path2();
+      minimatch2.sep = path23.sep;
       var GLOBSTAR2 = Symbol("globstar **");
       minimatch2.GLOBSTAR = GLOBSTAR2;
       var expand2 = require_brace_expansion3();
@@ -56778,8 +56780,8 @@ globstar while`, file, fr, pattern, pr3, swallowee);
           if (f3 === "/" && partial)
             return true;
           const options = this.options;
-          if (path22.sep !== "/") {
-            f3 = f3.split(path22.sep).join("/");
+          if (path23.sep !== "/") {
+            f3 = f3.split(path23.sep).join("/");
           }
           f3 = f3.split(slashSplit);
           this.debug(this.pattern, "split", f3);
@@ -56869,8 +56871,8 @@ globstar while`, file, fr, pattern, pr3, swallowee);
       function ownProp(obj, field) {
         return Object.prototype.hasOwnProperty.call(obj, field);
       }
-      var fs32 = __require22("fs");
-      var path22 = __require22("path");
+      var fs33 = __require22("fs");
+      var path23 = __require22("path");
       var minimatch2 = require_minimatch2();
       var isAbsolute2 = __require22("path").isAbsolute;
       var Minimatch2 = minimatch2.Minimatch;
@@ -56928,7 +56930,7 @@ globstar while`, file, fr, pattern, pr3, swallowee);
         self2.stat = !!options.stat;
         self2.noprocess = !!options.noprocess;
         self2.absolute = !!options.absolute;
-        self2.fs = options.fs || fs32;
+        self2.fs = options.fs || fs33;
         self2.maxLength = options.maxLength || Infinity;
         self2.cache = options.cache || /* @__PURE__ */ Object.create(null);
         self2.statCache = options.statCache || /* @__PURE__ */ Object.create(null);
@@ -56937,13 +56939,13 @@ globstar while`, file, fr, pattern, pr3, swallowee);
         self2.changedCwd = false;
         var cwd = process.cwd();
         if (!ownProp(options, "cwd"))
-          self2.cwd = path22.resolve(cwd);
+          self2.cwd = path23.resolve(cwd);
         else {
-          self2.cwd = path22.resolve(options.cwd);
+          self2.cwd = path23.resolve(options.cwd);
           self2.changedCwd = self2.cwd !== cwd;
         }
-        self2.root = options.root || path22.resolve(self2.cwd, "/");
-        self2.root = path22.resolve(self2.root);
+        self2.root = options.root || path23.resolve(self2.cwd, "/");
+        self2.root = path23.resolve(self2.root);
         self2.cwdAbs = isAbsolute2(self2.cwd) ? self2.cwd : makeAbs(self2, self2.cwd);
         self2.nomount = !!options.nomount;
         if (process.platform === "win32") {
@@ -57025,13 +57027,13 @@ globstar while`, file, fr, pattern, pr3, swallowee);
       function makeAbs(self2, f3) {
         var abs = f3;
         if (f3.charAt(0) === "/") {
-          abs = path22.join(self2.root, f3);
+          abs = path23.join(self2.root, f3);
         } else if (isAbsolute2(f3) || f3 === "") {
           abs = f3;
         } else if (self2.changedCwd) {
-          abs = path22.resolve(self2.cwd, f3);
+          abs = path23.resolve(self2.cwd, f3);
         } else {
-          abs = path22.resolve(f3);
+          abs = path23.resolve(f3);
         }
         if (process.platform === "win32")
           abs = abs.replace(/\\/g, "/");
@@ -57062,7 +57064,7 @@ globstar while`, file, fr, pattern, pr3, swallowee);
       var Minimatch2 = minimatch2.Minimatch;
       var Glob = require_glob2().Glob;
       var util2 = __require22("util");
-      var path22 = __require22("path");
+      var path23 = __require22("path");
       var assert2 = __require22("assert");
       var isAbsolute2 = __require22("path").isAbsolute;
       var common = require_common2();
@@ -57192,7 +57194,7 @@ See: https://github.com/isaacs/node-glob/issues/167`);
                 e = prefix2 + e;
             }
             if (e.charAt(0) === "/" && !this.nomount) {
-              e = path22.join(this.root, e);
+              e = path23.join(this.root, e);
             }
             this._emitMatch(index6, e);
           }
@@ -57341,9 +57343,9 @@ See: https://github.com/isaacs/node-glob/issues/167`);
         if (prefix2 && isAbsolute2(prefix2) && !this.nomount) {
           var trail = /[\/\\]$/.test(prefix2);
           if (prefix2.charAt(0) === "/") {
-            prefix2 = path22.join(this.root, prefix2);
+            prefix2 = path23.join(this.root, prefix2);
           } else {
-            prefix2 = path22.resolve(this.root, prefix2);
+            prefix2 = path23.resolve(this.root, prefix2);
             if (trail)
               prefix2 += "/";
           }
@@ -57530,7 +57532,7 @@ See: https://github.com/isaacs/node-glob/issues/167`);
       var Minimatch2 = minimatch2.Minimatch;
       var inherits = require_inherits2();
       var EE = __require22("events").EventEmitter;
-      var path22 = __require22("path");
+      var path23 = __require22("path");
       var assert2 = __require22("assert");
       var isAbsolute2 = __require22("path").isAbsolute;
       var globSync = require_sync();
@@ -57813,7 +57815,7 @@ See: https://github.com/isaacs/node-glob/issues/167`);
                 e = prefix2 + e;
             }
             if (e.charAt(0) === "/" && !this.nomount) {
-              e = path22.join(this.root, e);
+              e = path23.join(this.root, e);
             }
             this._emitMatch(index6, e);
           }
@@ -58000,9 +58002,9 @@ See: https://github.com/isaacs/node-glob/issues/167`);
         if (prefix2 && isAbsolute2(prefix2) && !this.nomount) {
           var trail = /[\/\\]$/.test(prefix2);
           if (prefix2.charAt(0) === "/") {
-            prefix2 = path22.join(this.root, prefix2);
+            prefix2 = path23.join(this.root, prefix2);
           } else {
-            prefix2 = path22.resolve(this.root, prefix2);
+            prefix2 = path23.resolve(this.root, prefix2);
             if (trail)
               prefix2 += "/";
           }
@@ -58965,8 +58967,8 @@ See: https://github.com/isaacs/node-glob/issues/167`);
       };
       overrideErrorMap = errorMap;
       makeIssue = (params) => {
-        const { data: data2, path: path22, errorMaps, issueData } = params;
-        const fullPath = [...path22, ...issueData.path || []];
+        const { data: data2, path: path23, errorMaps, issueData } = params;
+        const fullPath = [...path23, ...issueData.path || []];
         const fullIssue = {
           ...issueData,
           path: fullPath
@@ -59057,11 +59059,11 @@ See: https://github.com/isaacs/node-glob/issues/167`);
         errorUtil2.toString = (message) => typeof message === "string" ? message : message === null || message === undefined ? undefined : message.message;
       })(errorUtil || (errorUtil = {}));
       ParseInputLazyPath = class {
-        constructor(parent, value, path22, key) {
+        constructor(parent, value, path23, key) {
           this._cachedPath = [];
           this.parent = parent;
           this.data = value;
-          this._path = path22;
+          this._path = path23;
           this._key = key;
         }
         get path() {
@@ -93939,13 +93941,13 @@ var RegExpRouter = class {
     }
     const paths = checkOptionalParameter(path4) || [path4];
     for (let i22 = 0, len2 = paths.length;i22 < len2; i22++) {
-      const path22 = paths[i22];
+      const path23 = paths[i22];
       Object.keys(routes).forEach((m) => {
         if (method === METHOD_NAME_ALL || method === m) {
-          routes[m][path22] ||= [
-            ...findMiddleware(middleware[m], path22) || findMiddleware(middleware[METHOD_NAME_ALL], path22) || []
+          routes[m][path23] ||= [
+            ...findMiddleware(middleware[m], path23) || findMiddleware(middleware[METHOD_NAME_ALL], path23) || []
           ];
-          routes[m][path22].push([handler, paramCount - len2 + i22 + 1]);
+          routes[m][path23].push([handler, paramCount - len2 + i22 + 1]);
         }
       });
     }
@@ -93953,13 +93955,13 @@ var RegExpRouter = class {
   match(method, path4) {
     clearWildcardRegExpCache();
     const matchers = this.#buildAllMatchers();
-    this.match = (method2, path22) => {
+    this.match = (method2, path23) => {
       const matcher = matchers[method2] || matchers[METHOD_NAME_ALL];
-      const staticMatch = matcher[2][path22];
+      const staticMatch = matcher[2][path23];
       if (staticMatch) {
         return staticMatch;
       }
-      const match2 = path22.match(matcher[0]);
+      const match2 = path23.match(matcher[0]);
       if (!match2) {
         return [[], emptyParam];
       }
@@ -94351,7 +94353,7 @@ var logger = (fn = console.log) => {
 };
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.1.0-beta.8",
+  version: "0.1.0-beta.9",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -94372,7 +94374,7 @@ var package_default = {
   ],
   scripts: {
     build: "bun run build.ts",
-    bump: 'bunx bumpp --no-tag --no-push -c "chore(@playcademy/sandbox): release v%s"',
+    bump: 'SKIP_TESTS=1 bunx bumpp --no-tag --no-push -c "chore(@playcademy/sandbox): release v%s"',
     dev: "bun --watch src/cli.ts",
     pub: "bun run build && bun run bump && bun publish --access public",
     start: "bun src/cli.ts"
@@ -114334,11 +114336,15 @@ class DatabasePathManager {
   }
   static resolveDatabasePath(customPath) {
     if (customPath) {
+      if (customPath === ":memory:")
+        return ":memory:";
       return isAbsolute(customPath) ? customPath : join2(process.cwd(), customPath);
     }
     return join2(this.findNodeModulesPath(), this.DEFAULT_DB_SUBPATH);
   }
   static ensureDatabaseDirectory(dbPath) {
+    if (dbPath === ":memory:")
+      return;
     const dirPath = dirname(dbPath);
     const absolutePath = isAbsolute(dirPath) ? dirPath : join2(process.cwd(), dirPath);
     try {
@@ -114375,25 +114381,115 @@ async function createDatabaseSchema(db) {
 async function setupDatabase(customPath) {
   const dbPath = DatabasePathManager.resolveDatabasePath(customPath);
   DatabasePathManager.ensureDatabaseDirectory(dbPath);
-  const client = new Ke2(dbPath);
+  const client = dbPath === ":memory:" ? new Ke2 : new Ke2(dbPath);
   const db = drizzle(client, { schema: exports_tables_index });
   await createDatabaseSchema(db);
   initializeDatabase(db);
   return db;
 }
+var MAX_LEVEL = 100;
+var ITEM_SLUGS = {
+  PLAYCADEMY_CREDITS: "PLAYCADEMY_CREDITS",
+  PLAYCADEMY_XP: "PLAYCADEMY_XP",
+  FOUNDING_MEMBER_BADGE: "FOUNDING_MEMBER_BADGE",
+  EARLY_ADOPTER_BADGE: "EARLY_ADOPTER_BADGE",
+  FIRST_GAME_BADGE: "FIRST_GAME_BADGE",
+  COMMON_SWORD: "COMMON_SWORD",
+  SMALL_HEALTH_POTION: "SMALL_HEALTH_POTION",
+  SMALL_BACKPACK: "SMALL_BACKPACK"
+};
+var CURRENCIES = {
+  PRIMARY: ITEM_SLUGS.PLAYCADEMY_CREDITS,
+  XP: ITEM_SLUGS.PLAYCADEMY_XP
+};
+var CURRENCY_SYMBOLS = {
+  PLAYCADEMY_CREDITS: "PC",
+  PLAYCADEMY_XP: "XP",
+  DEFAULT: "¤"
+};
+var BADGES = {
+  FOUNDING_MEMBER: ITEM_SLUGS.FOUNDING_MEMBER_BADGE,
+  EARLY_ADOPTER: ITEM_SLUGS.EARLY_ADOPTER_BADGE,
+  FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
+};
+var INTERACTION_TYPE = Object.fromEntries(interactionTypeEnum.enumValues.map((value) => [value, value]));
+var CORE_GAME_UUIDS = {
+  PLAYGROUND: "00000000-0000-0000-0000-000000000001",
+  EQUATION_ARENA: "00000000-0000-0000-0000-000000000002",
+  BAMBOO: "00000000-0000-0000-0000-000000000003"
+};
 var now = new Date;
-var DEMO_USER = {
-  id: crypto.randomUUID(),
-  name: "Demo User",
-  username: "demo_user",
-  email: "demo@playcademy.com",
-  emailVerified: true,
-  image: null,
-  role: "developer",
-  developerStatus: "approved",
-  createdAt: now,
-  updatedAt: now
+var DEMO_USERS = {
+  admin: {
+    id: crypto.randomUUID(),
+    name: "Admin User",
+    username: "admin_user",
+    email: "admin@playcademy.com",
+    emailVerified: true,
+    image: null,
+    role: "admin",
+    developerStatus: "approved",
+    createdAt: now,
+    updatedAt: now
+  },
+  player: {
+    id: crypto.randomUUID(),
+    name: "Player User",
+    username: "player_user",
+    email: "player@playcademy.com",
+    emailVerified: true,
+    image: null,
+    role: "player",
+    developerStatus: "none",
+    createdAt: now,
+    updatedAt: now
+  },
+  developer: {
+    id: crypto.randomUUID(),
+    name: "Developer User",
+    username: "developer_user",
+    email: "developer@playcademy.com",
+    emailVerified: true,
+    image: null,
+    role: "developer",
+    developerStatus: "approved",
+    createdAt: now,
+    updatedAt: now
+  },
+  pendingDeveloper: {
+    id: crypto.randomUUID(),
+    name: "Pending Developer",
+    username: "pending_dev",
+    email: "pending@playcademy.com",
+    emailVerified: true,
+    image: null,
+    role: "developer",
+    developerStatus: "pending",
+    createdAt: now,
+    updatedAt: now
+  },
+  unverifiedPlayer: {
+    id: crypto.randomUUID(),
+    name: "Unverified Player",
+    username: "unverified_player",
+    email: "unverified@playcademy.com",
+    emailVerified: false,
+    image: null,
+    role: "player",
+    developerStatus: "none",
+    createdAt: now,
+    updatedAt: now
+  }
+};
+var DEMO_TOKENS = {
+  "sandbox-demo-token": DEMO_USERS.admin,
+  "sandbox-admin-token": DEMO_USERS.admin,
+  "sandbox-player-token": DEMO_USERS.player,
+  "sandbox-developer-token": DEMO_USERS.developer,
+  "sandbox-pending-dev-token": DEMO_USERS.pendingDeveloper,
+  "sandbox-unverified-token": DEMO_USERS.unverifiedPlayer
 };
+var DEMO_USER = DEMO_USERS.admin;
 var PLAYCADEMY_CREDITS_ID = crypto.randomUUID();
 var SAMPLE_ITEMS = [
   {
@@ -114403,7 +114499,7 @@ var SAMPLE_ITEMS = [
     displayName: "PLAYCADEMY credits",
     description: "The main currency used across PLAYCADEMY.",
     type: "currency",
-    imageUrl: "playcademy-credit.png",
+    imageUrl: "http://playcademy-sandbox.local/playcademy-credit.png",
     metadata: {
       rarity: "common"
     }
@@ -114439,7 +114535,7 @@ var SAMPLE_ITEMS = [
     displayName: "First Game Played",
     description: "Awarded for playing your first game in the Playcademy platform.",
     type: "badge",
-    imageUrl: "first-game-badge.png",
+    imageUrl: "http://playcademy-sandbox.local/first-game-badge.png",
     metadata: {
       rarity: "uncommon"
     }
@@ -114451,7 +114547,7 @@ var SAMPLE_ITEMS = [
     displayName: "Common Sword",
     description: "A basic sword, good for beginners.",
     type: "unlock",
-    imageUrl: "common-sword.png",
+    imageUrl: "http://playcademy-sandbox.local/common-sword.png",
     metadata: undefined
   },
   {
@@ -114461,7 +114557,7 @@ var SAMPLE_ITEMS = [
     displayName: "Small Health Potion",
     description: "Restores a small amount of health.",
     type: "other",
-    imageUrl: "small-health-potion.png",
+    imageUrl: "http://playcademy-sandbox.local/small-health-potion.png",
     metadata: undefined
   },
   {
@@ -114471,7 +114567,7 @@ var SAMPLE_ITEMS = [
     displayName: "Small Backpack",
     description: "Increases your inventory capacity by 5 slots.",
     type: "upgrade",
-    imageUrl: "small-backpack.png",
+    imageUrl: "http://playcademy-sandbox.local/small-backpack.png",
     metadata: undefined
   }
 ];
@@ -114489,6 +114585,7 @@ async function seedDemoData(db) {
     for (const item of SAMPLE_ITEMS) {
       await db.insert(items).values(item);
     }
+    await seedCurrencies(db);
     for (const inventory of SAMPLE_INVENTORY) {
       await db.insert(inventoryItems).values(inventory);
     }
@@ -114496,12 +114593,90 @@ async function seedDemoData(db) {
     for (const config of levelConfigsData) {
       await db.insert(levelConfigs).values(config);
     }
+    await seedCoreGames(db);
   } catch (error2) {
     console.error("❌ Error seeding demo data:", error2);
     throw error2;
   }
   return DEMO_USER;
 }
+async function seedCurrencies(db) {
+  const currencyItems = SAMPLE_ITEMS.filter((item) => item.type === "currency");
+  for (const currencyItem of currencyItems) {
+    const symbol = getCurrencySymbol(currencyItem.slug);
+    const isPrimary = currencyItem.slug === ITEM_SLUGS.PLAYCADEMY_CREDITS;
+    await db.insert(currencies).values({
+      id: crypto.randomUUID(),
+      itemId: currencyItem.id,
+      symbol,
+      isPrimary,
+      createdAt: new Date,
+      updatedAt: new Date
+    });
+  }
+}
+function getCurrencySymbol(slug) {
+  switch (slug) {
+    case ITEM_SLUGS.PLAYCADEMY_CREDITS:
+      return CURRENCY_SYMBOLS.PLAYCADEMY_CREDITS;
+    case ITEM_SLUGS.PLAYCADEMY_XP:
+      return CURRENCY_SYMBOLS.PLAYCADEMY_XP;
+    default:
+      return CURRENCY_SYMBOLS.DEFAULT;
+  }
+}
+async function seedCoreGames(db) {
+  const now2 = new Date;
+  const coreGames = [
+    {
+      id: CORE_GAME_UUIDS.PLAYGROUND,
+      developerId: DEMO_USER.id,
+      slug: "playground",
+      displayName: "Playground",
+      version: "local",
+      platform: "web",
+      assetBundleBase: "https://cdn.test.playcademy.net/games/01/internal",
+      metadata: { description: "A playground environment for internal testing." },
+      mapElementId: null,
+      createdAt: now2,
+      updatedAt: now2
+    },
+    {
+      id: CORE_GAME_UUIDS.EQUATION_ARENA,
+      developerId: DEMO_USER.id,
+      slug: "equation-arena",
+      displayName: "Equation Arena",
+      version: "local",
+      platform: "web",
+      assetBundleBase: "https://cdn.test.playcademy.net/games/02/internal",
+      metadata: { description: "Solve math problems to defeat the dragon!" },
+      mapElementId: null,
+      createdAt: now2,
+      updatedAt: now2
+    },
+    {
+      id: CORE_GAME_UUIDS.BAMBOO,
+      developerId: DEMO_USER.id,
+      slug: "bamboo",
+      displayName: "Bamboo",
+      version: "local",
+      platform: "web",
+      assetBundleBase: "https://cdn.test.playcademy.net/games/03/internal",
+      metadata: { description: "A relaxing game with bamboo and pandas." },
+      mapElementId: null,
+      createdAt: now2,
+      updatedAt: now2
+    }
+  ];
+  for (const gameData of coreGames) {
+    try {
+      await db.insert(games).values(gameData).onConflictDoNothing();
+      console.log(`-> Seeded core game: ${gameData.displayName} (${gameData.slug})`);
+    } catch (error2) {
+      console.error(`Error seeding core game '${gameData.slug}':`, error2);
+    }
+  }
+}
 function generateLevelConfigs() {
   const configs = [];
   for (let level = 1;level <= 100; level++) {
@@ -114550,7 +114725,7 @@ async function seedCurrentProjectGame(db, project) {
       displayName: project.displayName,
       version: project.version,
       platform: "web",
-      assetBundleBase: "",
+      assetBundleBase: "https://localhost",
       metadata: {
         description: project.description || `Auto-generated game for ${project.displayName}`
       },
@@ -114567,7 +114742,17 @@ async function seedCurrentProjectGame(db, project) {
 }
 function setupAuth() {
   return async (c2, next) => {
-    c2.set("user", DEMO_USER);
+    const authHeader = c2.req.header("Authorization");
+    if (authHeader?.startsWith("Bearer ")) {
+      const token = authHeader.substring(7);
+      const demoUser = DEMO_TOKENS[token];
+      if (demoUser) {
+        c2.set("user", demoUser);
+        await next();
+        return;
+      }
+    }
+    c2.set("user", DEMO_USERS.admin);
     await next();
   };
 }
@@ -114595,6 +114780,9 @@ class ApiError extends Error {
   static badRequest(message = "Bad request", details) {
     return new ApiError(400, "BAD_REQUEST", message, details);
   }
+  static unprocessableEntity(message = "Unprocessable entity", details) {
+    return new ApiError(422, "UNPROCESSABLE_ENTITY", message, details);
+  }
   static conflict(message = "Conflict") {
     return new ApiError(409, "CONFLICT", message);
   }
@@ -115064,8 +115252,8 @@ function getErrorMap2() {
   return overrideErrorMap2;
 }
 var makeIssue2 = (params) => {
-  const { data: data2, path: path22, errorMaps, issueData } = params;
-  const fullPath = [...path22, ...issueData.path || []];
+  const { data: data2, path: path23, errorMaps, issueData } = params;
+  const fullPath = [...path23, ...issueData.path || []];
   const fullIssue = {
     ...issueData,
     path: fullPath
@@ -115175,11 +115363,11 @@ var errorUtil2;
 })(errorUtil2 || (errorUtil2 = {}));
 
 class ParseInputLazyPath2 {
-  constructor(parent, value, path22, key) {
+  constructor(parent, value, path23, key) {
     this._cachedPath = [];
     this.parent = parent;
     this.data = value;
-    this._path = path22;
+    this._path = path23;
     this._key = key;
   }
   get path() {
@@ -118559,27 +118747,6 @@ var coerce2 = {
   date: (arg) => ZodDate2.create({ ...arg, coerce: true })
 };
 var NEVER = INVALID2;
-var MAX_LEVEL = 100;
-var ITEM_SLUGS = {
-  PLAYCADEMY_CREDITS: "PLAYCADEMY_CREDITS",
-  PLAYCADEMY_XP: "PLAYCADEMY_XP",
-  FOUNDING_MEMBER_BADGE: "FOUNDING_MEMBER_BADGE",
-  EARLY_ADOPTER_BADGE: "EARLY_ADOPTER_BADGE",
-  FIRST_GAME_BADGE: "FIRST_GAME_BADGE",
-  COMMON_SWORD: "COMMON_SWORD",
-  SMALL_HEALTH_POTION: "SMALL_HEALTH_POTION",
-  SMALL_BACKPACK: "SMALL_BACKPACK"
-};
-var CURRENCIES = {
-  PRIMARY: ITEM_SLUGS.PLAYCADEMY_CREDITS,
-  XP: ITEM_SLUGS.PLAYCADEMY_XP
-};
-var BADGES = {
-  FOUNDING_MEMBER: ITEM_SLUGS.FOUNDING_MEMBER_BADGE,
-  EARLY_ADOPTER: ITEM_SLUGS.EARLY_ADOPTER_BADGE,
-  FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
-};
-var INTERACTION_TYPE = Object.fromEntries(interactionTypeEnum.enumValues.map((value) => [value, value]));
 var CONSTANTS = {
   INT8_MIN: -128,
   INT8_MAX: 127,
@@ -118879,10 +119046,10 @@ var CreateDeveloperKeyInputSchema = InsertDeveloperKeySchema.pick({
 });
 var safeRelativePathRegex = /^(?!.*\.\.)(?!\/)[\w\-./]+$/;
 var invalidPathMessage = "Path must be relative, contain only alphanumeric, -, _, ., / characters, and not contain .. segments.";
-var validateRelativePath = (path22, fieldName) => {
-  if (path22 == null)
+var validateRelativePath = (path23, fieldName) => {
+  if (path23 == null)
     return true;
-  if (typeof path22 !== "string" || !safeRelativePathRegex.test(path22)) {
+  if (typeof path23 !== "string" || !safeRelativePathRegex.test(path23)) {
     throw new exports_external.ZodError([
       {
         code: exports_external.ZodIssueCode.custom,
@@ -118994,10 +119161,10 @@ var ManifestV1Schema = exports_external.object({
 });
 var safeRelativePathRegex2 = /^(?!.*\.\.)(?!\/)[\w\-./]+$/;
 var invalidPathMessage2 = "Path must be relative, contain only alphanumeric, -, _, ., / characters, and not contain .. segments.";
-var validateRelativePath2 = (path22, fieldName) => {
-  if (path22 == null)
+var validateRelativePath2 = (path23, fieldName) => {
+  if (path23 == null)
     return true;
-  if (typeof path22 !== "string" || !safeRelativePathRegex2.test(path22)) {
+  if (typeof path23 !== "string" || !safeRelativePathRegex2.test(path23)) {
     throw new exports_external.ZodError([
       {
         code: exports_external.ZodIssueCode.custom,
@@ -119276,9 +119443,8 @@ async function getUserLevel(ctx) {
     }
     return userLevel;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error fetching user level for user ${user.id}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -119365,9 +119531,8 @@ async function addXP(ctx, amount) {
     });
     return result;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error adding XP for user ${user.id}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -119414,9 +119579,8 @@ async function getUserLevelProgress(ctx) {
       totalXP: userLevel.totalXP
     };
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error fetching user level progress:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -119435,9 +119599,8 @@ async function getLevelConfigByPath(ctx) {
     const db = getDatabase();
     return await getLevelConfig(db, level);
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error fetching level config for level ${level}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -119459,13 +119622,34 @@ async function getUserMe(ctx) {
     }
     return userData;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error("[API /users/me] Database error fetching user:", { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
 }
+function createErrorResponse(error2) {
+  const errorResponse = {
+    error: {
+      code: error2.code,
+      message: error2.message,
+      details: error2.details
+    }
+  };
+  if (errorResponse.error.details === undefined) {
+    delete errorResponse.error.details;
+  }
+  return errorResponse;
+}
+function createUnknownErrorResponse(error2) {
+  const message = error2 instanceof Error ? error2.message : "Internal server error";
+  return {
+    error: {
+      code: "INTERNAL_ERROR",
+      message
+    }
+  };
+}
 var usersRouter = new Hono2;
 usersRouter.get("/me", async (c2) => {
   const ctx = {
@@ -119479,11 +119663,10 @@ usersRouter.get("/me", async (c2) => {
     return c2.json(userData);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getUserMe:", error2);
-    const message = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 usersRouter.get("/level", async (c2) => {
@@ -119498,11 +119681,10 @@ usersRouter.get("/level", async (c2) => {
     return c2.json(levelData);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getUserLevel:", error2);
-    const message = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 usersRouter.get("/level/progress", async (c2) => {
@@ -119517,11 +119699,10 @@ usersRouter.get("/level/progress", async (c2) => {
     return c2.json(progressData);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getUserLevelProgress:", error2);
-    const message = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 usersRouter.post("/xp/add", async (c2) => {
@@ -119536,11 +119717,10 @@ usersRouter.post("/xp/add", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in addXPFromRequest:", error2);
-    const message = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 var healthRouter = new Hono2;
@@ -119704,11 +119884,10 @@ inventoryRouter.get("/", async (c2) => {
     return c2.json(inventory);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getUserInventory:", error2);
-    const message = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 inventoryRouter.post("/add", async (c2) => {
@@ -119723,11 +119902,10 @@ inventoryRouter.post("/add", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in addInventoryItem:", error2);
-    const message = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 inventoryRouter.post("/remove", async (c2) => {
@@ -119742,11 +119920,10 @@ inventoryRouter.post("/remove", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in removeInventoryItem:", error2);
-    const message = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 function assertError(err2) {
@@ -119961,9 +120138,6 @@ async function initiateUpload(ctx) {
   if (!user) {
     throw ApiError.unauthorized("Must be logged in to initiate uploads");
   }
-  if (!uploadDeps) {
-    throw ApiError.internal("Upload dependencies not configured");
-  }
   let inputData;
   try {
     const requestBody = await ctx.request.json();
@@ -119980,6 +120154,9 @@ async function initiateUpload(ctx) {
     throw ApiError.badRequest("Invalid JSON body");
   }
   const { fileName, gameId } = inputData;
+  if (!uploadDeps) {
+    throw ApiError.internal("Upload dependencies not configured");
+  }
   try {
     const version3 = ulid();
     const tempS3Key = `uploads-temp/${gameId}/${version3}/${fileName}`;
@@ -120000,9 +120177,6 @@ async function* finalizeUpload(ctx) {
   if (!user) {
     throw ApiError.unauthorized("Must be logged in to finalize uploads");
   }
-  if (!uploadDeps) {
-    throw ApiError.internal("Upload dependencies not configured");
-  }
   let inputData;
   try {
     const requestBody = await ctx.request.json();
@@ -120019,6 +120193,9 @@ async function* finalizeUpload(ctx) {
     throw ApiError.badRequest("Invalid JSON body");
   }
   const { tempS3Key, gameId, version: version3, slug, metadata: metadata2 } = inputData;
+  if (!uploadDeps) {
+    throw ApiError.internal("Upload dependencies not configured");
+  }
   try {
     yield {
       type: "status",
@@ -121358,6 +121535,13 @@ async function loadGameState(ctx) {
   }
   try {
     const db = getDatabase();
+    const game = await db.query.games.findFirst({
+      where: eq(games.id, gameId),
+      columns: { id: true }
+    });
+    if (!game) {
+      throw ApiError.notFound("Game not found");
+    }
     const gameState = await db.query.gameStates.findFirst({
       where: and(eq(gameStates.userId, user.id), eq(gameStates.gameId, gameId)),
       columns: { data: true }
@@ -121389,20 +121573,27 @@ async function saveGameState(ctx) {
   if (!gameId) {
     throw ApiError.badRequest("Missing game ID");
   }
-  let inputData;
-  try {
-    const requestBody = await ctx.request.json();
-    const validatedData = InsertGameStateSchema.parse(requestBody);
-    inputData = validatedData.data || {};
-  } catch (error2) {
-    if (error2 instanceof ZodError2) {
-      throw ApiError.badRequest("Invalid game state data format");
-    }
-    log2.error("Failed to parse request body or invalid JSON:", { error: error2 });
-    throw ApiError.badRequest("Invalid JSON body");
-  }
   try {
     const db = getDatabase();
+    const game = await db.query.games.findFirst({
+      where: eq(games.id, gameId),
+      columns: { id: true }
+    });
+    if (!game) {
+      throw ApiError.notFound("Game not found");
+    }
+    let inputData;
+    try {
+      const requestBody = await ctx.request.json();
+      if (typeof requestBody === "object" && requestBody !== null) {
+        inputData = requestBody;
+      } else {
+        throw new Error("Request body must be an object");
+      }
+    } catch (error2) {
+      log2.error("Failed to parse request body or invalid JSON:", { error: error2 });
+      throw ApiError.badRequest("Invalid JSON body");
+    }
     await db.insert(gameStates).values({
       userId: user.id,
       gameId,
@@ -121421,6 +121612,44 @@ async function saveGameState(ctx) {
     throw ApiError.internal("Internal server error", error2);
   }
 }
+function findMonorepoRootInternal(startDir) {
+  let currentDir = startDir;
+  while (true) {
+    const packageJsonPath = path22.join(currentDir, "package.json");
+    if (fs32.existsSync(packageJsonPath)) {
+      try {
+        const packageJsonContent = fs32.readFileSync(packageJsonPath, "utf-8");
+        const packageJson = JSON.parse(packageJsonContent);
+        if (packageJson && typeof packageJson === "object" && "workspaces" in packageJson) {
+          return currentDir;
+        }
+      } catch (parseError) {
+        log2.warn(`[utils/paths] Error parsing ${packageJsonPath}:`, {
+          error: parseError
+        });
+      }
+    }
+    const parentDir = path22.dirname(currentDir);
+    if (parentDir === currentDir) {
+      throw new Error("Could not find monorepo root (package.json with workspaces) starting from " + startDir);
+    }
+    currentDir = parentDir;
+  }
+}
+var determinedRoot;
+try {
+  determinedRoot = findMonorepoRootInternal(process.cwd());
+} catch (error2) {
+  determinedRoot = process.cwd();
+  log2.warn("[utils/paths] Could not locate monorepo root via workspace package.json scan. Falling back to process.cwd() (", { root: determinedRoot, error: error2 });
+}
+var UUID_REGEX = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
+function isValidUUID(value) {
+  if (!value || typeof value !== "string") {
+    return false;
+  }
+  return UUID_REGEX.test(value);
+}
 async function validateGameOwnership(user, gameId) {
   if (user.role === "admin") {
     return;
@@ -121492,6 +121721,9 @@ async function getItemById(ctx) {
   if (!itemId) {
     throw ApiError.badRequest("Missing item ID");
   }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
   try {
     const db = getDatabase();
     const item = await db.query.items.findFirst({
@@ -121563,6 +121795,9 @@ async function updateItem(ctx) {
   if (!itemId) {
     throw ApiError.badRequest("Missing item ID");
   }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
   let inputData;
   try {
     const requestBody = await ctx.request.json();
@@ -121589,6 +121824,8 @@ async function updateItem(ctx) {
     }
     return updatedItem;
   } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint")) {
         throw ApiError.conflict("An item with this slug already exists within the same scope (platform or game)");
@@ -121611,6 +121848,9 @@ async function deleteItem(ctx) {
   if (!itemId) {
     throw ApiError.badRequest("Missing item ID");
   }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
   try {
     const db = getDatabase();
     const result = await db.delete(items).where(eq(items.id, itemId)).returning({ id: items.id });
@@ -121641,6 +121881,9 @@ async function resolveItem(ctx) {
   if (!slug) {
     throw ApiError.badRequest("Missing slug parameter");
   }
+  if (gameId && !isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
   try {
     const db = getDatabase();
     if (gameId) {
@@ -121679,6 +121922,9 @@ async function listGameItems(ctx) {
   if (!gameId) {
     throw ApiError.badRequest("Missing game ID");
   }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
   try {
     const db = getDatabase();
     const gameItems = await db.query.items.findMany({
@@ -121706,6 +121952,9 @@ async function createGameItem(ctx) {
   if (!gameId) {
     throw ApiError.badRequest("Missing game ID");
   }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
   await validateGameOwnership(user, gameId);
   let inputData;
   try {
@@ -121758,6 +122007,12 @@ async function updateGameItem(ctx) {
   if (!gameId || !itemId) {
     throw ApiError.badRequest("Missing game ID or item ID");
   }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
   await validateGameOwnership(user, gameId);
   let inputData;
   try {
@@ -121791,6 +122046,9 @@ async function updateGameItem(ctx) {
     }
     return updatedItem;
   } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint")) {
         throw ApiError.conflict("An item with this slug already exists for this game");
@@ -121815,6 +122073,12 @@ async function deleteGameItem(ctx) {
   if (!gameId || !itemId) {
     throw ApiError.badRequest("Missing game ID or item ID");
   }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
   await validateGameOwnership(user, gameId);
   try {
     const db = getDatabase();
@@ -121830,6 +122094,288 @@ async function deleteGameItem(ctx) {
     throw ApiError.internal("Internal server error", error2);
   }
 }
+async function createGameItemShopListing(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  const itemId = ctx.params.itemId;
+  log2.debug("[API] creating game item shop listing", {
+    userId: user?.id || "anonymous",
+    gameId,
+    itemId
+  });
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to create shop listings");
+  }
+  if (!gameId || !itemId) {
+    throw ApiError.badRequest("Missing game ID or item ID");
+  }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
+  await validateGameOwnershipAndItemAccess(user.id, gameId, itemId);
+  let inputData;
+  try {
+    const requestBody = await ctx.request.json();
+    const validationResult = InsertShopListingSchema.omit({
+      itemId: true
+    }).safeParse(requestBody);
+    if (!validationResult.success) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+    }
+    inputData = validationResult.data;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    log2.error("Failed to parse request body", { error: error2 });
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  try {
+    const db = getDatabase();
+    const currency = await db.query.currencies.findFirst({
+      where: eq(currencies.itemId, inputData.currencyId)
+    });
+    if (!currency) {
+      throw ApiError.badRequest("Invalid currency: currency not found for the provided item ID");
+    }
+    const [newListing] = await db.insert(shopListings).values({
+      ...inputData,
+      itemId,
+      currencyId: currency.id
+    }).returning();
+    if (!newListing) {
+      throw ApiError.internal("Failed to create shop listing in database");
+    }
+    return newListing;
+  } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
+    if (error2 instanceof Error) {
+      if (error2.message.includes("duplicate key value violates unique constraint")) {
+        throw ApiError.conflict("A shop listing already exists for this item with the specified currency");
+      }
+      if (error2.message.includes("violates foreign key constraint")) {
+        if (error2.message.includes("shop_listings_currency_id_fkey")) {
+          throw ApiError.badRequest("Invalid currency ID");
+        }
+      }
+    }
+    log2.error("Error creating shop listing", { error: error2 });
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function getGameItemShopListing(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  const itemId = ctx.params.itemId;
+  log2.debug("[API] fetching game item shop listing", {
+    userId: user?.id || "anonymous",
+    gameId,
+    itemId
+  });
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to view shop listings");
+  }
+  if (!gameId || !itemId) {
+    throw ApiError.badRequest("Missing game ID or item ID");
+  }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
+  await validateGameOwnershipAndItemAccess(user.id, gameId, itemId);
+  try {
+    const db = getDatabase();
+    const shopListing = await db.query.shopListings.findFirst({
+      where: eq(shopListings.itemId, itemId)
+    });
+    return shopListing || null;
+  } catch (error2) {
+    log2.error(`Error fetching shop listing for item ${itemId}:`, { error: error2 });
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function updateGameItemShopListing(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  const itemId = ctx.params.itemId;
+  log2.debug("[API] updating game item shop listing", {
+    userId: user?.id || "anonymous",
+    gameId,
+    itemId
+  });
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to update shop listings");
+  }
+  if (!gameId || !itemId) {
+    throw ApiError.badRequest("Missing game ID or item ID");
+  }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
+  await validateGameOwnershipAndItemAccess(user.id, gameId, itemId);
+  let inputData;
+  try {
+    const requestBody = await ctx.request.json();
+    const validationResult = UpdateShopListingSchema.safeParse(requestBody);
+    if (!validationResult.success) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+    }
+    inputData = validationResult.data;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    log2.error("Failed to parse request body", { error: error2 });
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+  try {
+    const db = getDatabase();
+    let resolvedCurrencyId = inputData.currencyId;
+    if (inputData.currencyId) {
+      const currency = await db.query.currencies.findFirst({
+        where: eq(currencies.itemId, inputData.currencyId)
+      });
+      if (!currency) {
+        throw ApiError.badRequest("Invalid currency: currency not found for the provided item ID");
+      }
+      resolvedCurrencyId = currency.id;
+    }
+    const [updatedListing] = await db.update(shopListings).set({
+      ...inputData,
+      currencyId: resolvedCurrencyId,
+      updatedAt: new Date
+    }).where(eq(shopListings.itemId, itemId)).returning();
+    if (!updatedListing) {
+      throw ApiError.notFound("Shop listing not found for this item");
+    }
+    return updatedListing;
+  } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
+    if (error2 instanceof Error) {
+      if (error2.message.includes("duplicate key value violates unique constraint")) {
+        throw ApiError.conflict("A shop listing already exists for this item with the specified currency");
+      }
+      if (error2.message.includes("violates foreign key constraint")) {
+        if (error2.message.includes("shop_listings_currency_id_fkey")) {
+          throw ApiError.badRequest("Invalid currency ID");
+        }
+      }
+    }
+    log2.error(`Error updating shop listing for item ${itemId}:`, { error: error2 });
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function deleteGameItemShopListing(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  const itemId = ctx.params.itemId;
+  log2.debug("[API] deleting game item shop listing", {
+    userId: user?.id || "anonymous",
+    gameId,
+    itemId
+  });
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to delete shop listings");
+  }
+  if (!gameId || !itemId) {
+    throw ApiError.badRequest("Missing game ID or item ID");
+  }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
+  if (!isValidUUID(itemId)) {
+    throw ApiError.unprocessableEntity("itemId must be a valid UUID format");
+  }
+  await validateGameOwnershipAndItemAccess(user.id, gameId, itemId);
+  try {
+    const db = getDatabase();
+    const result = await db.delete(shopListings).where(eq(shopListings.itemId, itemId)).returning();
+    if (result.length === 0) {
+      throw ApiError.notFound("Shop listing not found for this item");
+    }
+    log2.info(`Shop listing deleted for item ${itemId} by user ${user.id}`);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    log2.error(`Error deleting shop listing for item ${itemId}:`, { error: error2 });
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function listGameShopListings(ctx) {
+  const user = ctx.user;
+  const gameId = ctx.params.gameId;
+  log2.debug("[API] listing game shop listings", {
+    userId: user?.id || "anonymous",
+    gameId
+  });
+  if (!user) {
+    throw ApiError.unauthorized("Must be logged in to view shop listings");
+  }
+  if (!gameId) {
+    throw ApiError.badRequest("Missing game ID");
+  }
+  if (!isValidUUID(gameId)) {
+    throw ApiError.unprocessableEntity("gameId must be a valid UUID format");
+  }
+  await validateGameOwnership(user, gameId);
+  try {
+    const db = getDatabase();
+    const gameItems = await db.query.items.findMany({
+      where: eq(items.gameId, gameId)
+    });
+    if (gameItems.length === 0) {
+      return [];
+    }
+    const itemIds = gameItems.map((item) => item.id);
+    const gameShopListings = await db.query.shopListings.findMany({
+      where: inArray(shopListings.itemId, itemIds),
+      with: {
+        item: true
+      }
+    });
+    return gameShopListings;
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    log2.error(`Error fetching shop listings for game ${gameId}:`, { error: error2 });
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
+async function validateGameOwnershipAndItemAccess(userId, gameId, itemId) {
+  try {
+    const db = getDatabase();
+    const game = await db.query.games.findFirst({
+      where: and(eq(games.id, gameId), eq(games.developerId, userId))
+    });
+    if (!game) {
+      throw ApiError.forbidden("You do not own this game");
+    }
+    const item = await db.query.items.findFirst({
+      where: and(eq(items.id, itemId), eq(items.gameId, gameId))
+    });
+    if (!item) {
+      throw ApiError.notFound("Item not found in this game");
+    }
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      throw error2;
+    }
+    log2.error(`Error validating game ownership and item access:`, { error: error2 });
+    throw ApiError.internal("Internal server error", error2);
+  }
+}
 
 class BigEndian {
   uint8(data2, offset) {
@@ -122650,11 +123196,10 @@ gamesRouter.get("/", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in listGames:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.get("/:slug", async (c2) => {
@@ -122671,11 +123216,10 @@ gamesRouter.get("/:slug", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getGame:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.put("/:slug", async (c2) => {
@@ -122691,11 +123235,10 @@ gamesRouter.put("/:slug", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in upsertGameBySlug:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.patch("/:gameId", async (c2) => {
@@ -122711,11 +123254,10 @@ gamesRouter.patch("/:gameId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in updateGame:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.delete("/:gameId", async (c2) => {
@@ -122731,11 +123273,10 @@ gamesRouter.delete("/:gameId", async (c2) => {
     return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in deleteGame:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.post("/:gameId/sessions", async (c2) => {
@@ -122751,11 +123292,10 @@ gamesRouter.post("/:gameId/sessions", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in startGameSession:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.post("/:gameId/sessions/:sessionId/end", async (c2) => {
@@ -122772,14 +123312,13 @@ gamesRouter.post("/:gameId/sessions/:sessionId/end", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in endGameSession:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
-gamesRouter.post("/:gameId/sessions/token", async (c2) => {
+gamesRouter.post("/:gameId/token", async (c2) => {
   const gameId = c2.req.param("gameId");
   const ctx = {
     user: c2.get("user"),
@@ -122792,14 +123331,13 @@ gamesRouter.post("/:gameId/sessions/token", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in mintGameToken:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
-gamesRouter.get("/:gameId/sessions/state", async (c2) => {
+gamesRouter.get("/:gameId/state", async (c2) => {
   const gameId = c2.req.param("gameId");
   const ctx = {
     user: c2.get("user"),
@@ -122812,14 +123350,13 @@ gamesRouter.get("/:gameId/sessions/state", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in loadGameState:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
-gamesRouter.post("/:gameId/sessions/state", async (c2) => {
+gamesRouter.post("/:gameId/state", async (c2) => {
   const gameId = c2.req.param("gameId");
   const ctx = {
     user: c2.get("user"),
@@ -122829,14 +123366,13 @@ gamesRouter.post("/:gameId/sessions/state", async (c2) => {
   };
   try {
     await saveGameState(ctx);
-    return c2.json({ success: true });
+    return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in saveGameState:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.post("/uploads/initiate", async (c2) => {
@@ -122851,11 +123387,10 @@ gamesRouter.post("/uploads/initiate", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in initiateUpload:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.post("/uploads/finalize", async (c2) => {
@@ -122876,12 +123411,12 @@ gamesRouter.post("/uploads/finalize", async (c2) => {
           controller.close();
         } catch (error2) {
           if (error2 instanceof ApiError) {
-            controller.enqueue(formatSSEData("error", { message: error2.message }));
+            const errorResponse = createErrorResponse(error2);
+            controller.enqueue(formatSSEData("error", errorResponse.error));
           } else {
             console.error("Error in finalize upload stream:", error2);
-            controller.enqueue(formatSSEData("error", {
-              message: "Internal server error"
-            }));
+            const errorResponse = createUnknownErrorResponse(error2);
+            controller.enqueue(formatSSEData("error", errorResponse.error));
           }
           controller.close();
         }
@@ -122896,11 +123431,10 @@ gamesRouter.post("/uploads/finalize", async (c2) => {
     });
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in finalizeUpload:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.get("/:gameId/items", async (c2) => {
@@ -122916,11 +123450,10 @@ gamesRouter.get("/:gameId/items", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in listGameItems:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.post("/:gameId/items", async (c2) => {
@@ -122936,11 +123469,10 @@ gamesRouter.post("/:gameId/items", async (c2) => {
     return c2.json(result, 201);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in createGameItem:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.patch("/:gameId/items/:itemId", async (c2) => {
@@ -122957,11 +123489,10 @@ gamesRouter.patch("/:gameId/items/:itemId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in updateGameItem:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 gamesRouter.delete("/:gameId/items/:itemId", async (c2) => {
@@ -122978,11 +123509,109 @@ gamesRouter.delete("/:gameId/items/:itemId", async (c2) => {
     return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in deleteGameItem:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
+  }
+});
+gamesRouter.get("/:gameId/shop-listings", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await listGameShopListings(ctx);
+    return c2.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json(createErrorResponse(error2), error2.statusCode);
+    }
+    console.error("Error in listGameShopListings:", error2);
+    return c2.json(createUnknownErrorResponse(error2), 500);
+  }
+});
+gamesRouter.post("/:gameId/items/:itemId/shop-listing", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const itemId = c2.req.param("itemId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId, itemId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await createGameItemShopListing(ctx);
+    return c2.json(result, 201);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json(createErrorResponse(error2), error2.statusCode);
+    }
+    console.error("Error in createGameItemShopListing:", error2);
+    return c2.json(createUnknownErrorResponse(error2), 500);
+  }
+});
+gamesRouter.get("/:gameId/items/:itemId/shop-listing", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const itemId = c2.req.param("itemId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId, itemId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await getGameItemShopListing(ctx);
+    return c2.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json(createErrorResponse(error2), error2.statusCode);
+    }
+    console.error("Error in getGameItemShopListing:", error2);
+    return c2.json(createUnknownErrorResponse(error2), 500);
+  }
+});
+gamesRouter.patch("/:gameId/items/:itemId/shop-listing", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const itemId = c2.req.param("itemId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId, itemId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    const result = await updateGameItemShopListing(ctx);
+    return c2.json(result);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json(createErrorResponse(error2), error2.statusCode);
+    }
+    console.error("Error in updateGameItemShopListing:", error2);
+    return c2.json(createUnknownErrorResponse(error2), 500);
+  }
+});
+gamesRouter.delete("/:gameId/items/:itemId/shop-listing", async (c2) => {
+  const gameId = c2.req.param("gameId");
+  const itemId = c2.req.param("itemId");
+  const ctx = {
+    user: c2.get("user"),
+    params: { gameId, itemId },
+    url: new URL(c2.req.url),
+    request: c2.req.raw
+  };
+  try {
+    await deleteGameItemShopListing(ctx);
+    return c2.body(null, 204);
+  } catch (error2) {
+    if (error2 instanceof ApiError) {
+      return c2.json(createErrorResponse(error2), error2.statusCode);
+    }
+    console.error("Error in deleteGameItemShopListing:", error2);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 var manifestRouter = new Hono2;
@@ -123006,15 +123635,15 @@ manifestRouter.get("/", async (c2) => {
       },
       {
         method: "POST",
-        url: `${baseUrl}/api/games/:gameId/sessions/token`
+        url: `${baseUrl}/api/games/:gameId/token`
       },
       {
         method: "GET",
-        url: `${baseUrl}/api/games/:gameId/sessions/state`
+        url: `${baseUrl}/api/games/:gameId/state`
       },
       {
         method: "POST",
-        url: `${baseUrl}/api/games/:gameId/sessions/state`
+        url: `${baseUrl}/api/games/:gameId/state`
       }
     ],
     documentation: "https://docs.playcademy.dev"
@@ -123086,9 +123715,8 @@ async function getShopView(ctx) {
       currencies: shopCurrencies
     };
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error("Error fetching shop view data:", { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123106,11 +123734,10 @@ shopRouter.get("/view", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getShopView:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 var itemsRouter = new Hono2;
@@ -123126,11 +123753,10 @@ itemsRouter.get("/resolve", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in resolveItem:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 itemsRouter.post("/", async (c2) => {
@@ -123145,11 +123771,10 @@ itemsRouter.post("/", async (c2) => {
     return c2.json(result, 201);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in createItem:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 itemsRouter.get("/", async (c2) => {
@@ -123164,11 +123789,10 @@ itemsRouter.get("/", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in listItems:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 itemsRouter.get("/:itemId", async (c2) => {
@@ -123184,11 +123808,10 @@ itemsRouter.get("/:itemId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getItemById:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 itemsRouter.patch("/:itemId", async (c2) => {
@@ -123204,11 +123827,10 @@ itemsRouter.patch("/:itemId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in updateItem:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 itemsRouter.delete("/:itemId", async (c2) => {
@@ -123224,11 +123846,10 @@ itemsRouter.delete("/:itemId", async (c2) => {
     return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in deleteItem:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 async function listCurrencies(ctx) {
@@ -123242,9 +123863,8 @@ async function listCurrencies(ctx) {
     const allCurrencies = await db.query.currencies.findMany();
     return allCurrencies;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error("Error fetching currencies:", { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123272,9 +123892,8 @@ async function getCurrencyById(ctx) {
     }
     return currency;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error fetching currency ${currencyId}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123287,21 +123906,18 @@ async function createCurrency(ctx) {
   if (!user || user.role !== "admin") {
     throw ApiError.forbidden("Admin access required");
   }
-  let inputData;
+  let requestBody;
   try {
-    const requestBody = await ctx.request.json();
-    const validationResult = InsertCurrencySchema.safeParse(requestBody);
-    if (!validationResult.success) {
-      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
-    }
-    inputData = validationResult.data;
-  } catch (error2) {
-    if (error2 instanceof ApiError) {
-      throw error2;
-    }
-    log2.error("Failed to parse request body or invalid JSON:", { error: error2 });
+    requestBody = await ctx.request.json();
+  } catch (jsonError) {
+    log2.error("Failed to parse request body as JSON:", { error: jsonError });
     throw ApiError.badRequest("Invalid JSON body");
   }
+  const validationResult = InsertCurrencySchema.safeParse(requestBody);
+  if (!validationResult.success) {
+    throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+  }
+  const inputData = validationResult.data;
   try {
     const db = getDatabase();
     const [newCurrency] = await db.insert(currencies).values(inputData).returning();
@@ -123310,6 +123926,8 @@ async function createCurrency(ctx) {
     }
     return newCurrency;
   } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint") || error2.message.includes("UNIQUE constraint failed")) {
         if (error2.message.includes("currencies_slug_unique")) {
@@ -123335,21 +123953,18 @@ async function updateCurrency(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
-  let inputData;
+  let requestBody;
   try {
-    const requestBody = await ctx.request.json();
-    const validationResult = UpdateCurrencySchema.safeParse(requestBody);
-    if (!validationResult.success) {
-      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
-    }
-    inputData = validationResult.data;
-  } catch (error2) {
-    if (error2 instanceof ApiError) {
-      throw error2;
-    }
-    log2.error("Failed to parse request body or invalid JSON:", { error: error2 });
+    requestBody = await ctx.request.json();
+  } catch (jsonError) {
+    log2.error("Failed to parse request body as JSON:", { error: jsonError });
     throw ApiError.badRequest("Invalid JSON body");
   }
+  const validationResult = UpdateCurrencySchema.safeParse(requestBody);
+  if (!validationResult.success) {
+    throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+  }
+  const inputData = validationResult.data;
   if (Object.keys(inputData).length === 0) {
     throw ApiError.badRequest("No update data provided");
   }
@@ -123361,6 +123976,8 @@ async function updateCurrency(ctx) {
     }
     return updatedCurrency;
   } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint") || error2.message.includes("UNIQUE constraint failed")) {
         if (error2.message.includes("currencies_slug_unique")) {
@@ -123393,9 +124010,8 @@ async function deleteCurrency(ctx) {
       throw ApiError.notFound("Currency not found for deletion");
     }
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error deleting currency ${currencyId}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123413,11 +124029,10 @@ currenciesRouter.post("/", async (c2) => {
     return c2.json(result, 201);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in createCurrency:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 currenciesRouter.get("/", async (c2) => {
@@ -123432,11 +124047,10 @@ currenciesRouter.get("/", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in listCurrencies:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 currenciesRouter.get("/:currencyId", async (c2) => {
@@ -123452,11 +124066,10 @@ currenciesRouter.get("/:currencyId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getCurrencyById:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 currenciesRouter.patch("/:currencyId", async (c2) => {
@@ -123472,11 +124085,10 @@ currenciesRouter.patch("/:currencyId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in updateCurrency:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 currenciesRouter.delete("/:currencyId", async (c2) => {
@@ -123492,11 +124104,10 @@ currenciesRouter.delete("/:currencyId", async (c2) => {
     return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in deleteCurrency:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 async function getMapElements(ctx) {
@@ -123512,6 +124123,9 @@ async function getMapElements(ctx) {
   if (!mapId) {
     throw ApiError.badRequest("Missing required query parameter: mapId");
   }
+  if (!isValidUUID(mapId)) {
+    throw ApiError.unprocessableEntity("mapId must be a valid UUID format");
+  }
   try {
     const db = getDatabase();
     const elements = await db.query.mapElements.findMany({
@@ -123527,9 +124141,8 @@ async function getMapElements(ctx) {
     });
     return elements;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error("Error fetching map elements:", { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123557,9 +124170,8 @@ async function getMapByIdentifier(ctx) {
     }
     return mapDetails;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error fetching map details for identifier '${mapIdentifier}':`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123578,11 +124190,10 @@ mapRouter.get("/elements", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getMapElements:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 mapsRouter.get("/:identifier", async (c2) => {
@@ -123598,11 +124209,10 @@ mapsRouter.get("/:identifier", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getMapByIdentifier:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 async function createShopListing(ctx) {
@@ -123640,6 +124250,8 @@ async function createShopListing(ctx) {
     }
     return newListing;
   } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint") || error2.message.includes("UNIQUE constraint failed")) {
         throw ApiError.conflict("This item is already listed for sale with this currency");
@@ -123670,9 +124282,8 @@ async function listShopListings(ctx) {
     const allListings = await db.query.shopListings.findMany();
     return allListings;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error("Error fetching shop listings:", { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123690,6 +124301,9 @@ async function getShopListingById(ctx) {
   if (!listingId) {
     throw ApiError.badRequest("Missing listing ID");
   }
+  if (!isValidUUID(listingId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for listing ID");
+  }
   try {
     const db = getDatabase();
     const listing = await db.query.shopListings.findFirst({
@@ -123700,9 +124314,8 @@ async function getShopListingById(ctx) {
     }
     return listing;
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error fetching shop listing ${listingId}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123754,6 +124367,8 @@ async function updateShopListing(ctx) {
     }
     return updatedListing;
   } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
     if (error2 instanceof Error) {
       if (error2.message.includes("duplicate key value violates unique constraint") || error2.message.includes("UNIQUE constraint failed")) {
         throw ApiError.conflict("This item is already listed for sale with this currency");
@@ -123784,6 +124399,9 @@ async function deleteShopListing(ctx) {
   if (!listingId) {
     throw ApiError.badRequest("Missing listing ID");
   }
+  if (!isValidUUID(listingId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for listing ID");
+  }
   try {
     const db = getDatabase();
     const result = await db.delete(shopListings).where(eq(shopListings.id, listingId)).returning({ id: shopListings.id });
@@ -123791,9 +124409,8 @@ async function deleteShopListing(ctx) {
       throw ApiError.notFound("Shop listing not found for deletion");
     }
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error deleting shop listing ${listingId}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -123811,11 +124428,10 @@ shopListingsRouter.post("/", async (c2) => {
     return c2.json(result, 201);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in createShopListing:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 shopListingsRouter.get("/", async (c2) => {
@@ -123830,11 +124446,10 @@ shopListingsRouter.get("/", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in listShopListings:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 shopListingsRouter.get("/:listingId", async (c2) => {
@@ -123850,11 +124465,10 @@ shopListingsRouter.get("/:listingId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getShopListingById:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 shopListingsRouter.patch("/:listingId", async (c2) => {
@@ -123870,11 +124484,10 @@ shopListingsRouter.patch("/:listingId", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in updateShopListing:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 shopListingsRouter.delete("/:listingId", async (c2) => {
@@ -123890,11 +124503,10 @@ shopListingsRouter.delete("/:listingId", async (c2) => {
     return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in deleteShopListing:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 async function applyForDeveloperStatus(ctx) {
@@ -123943,7 +124555,7 @@ async function listDeveloperKeys(ctx) {
   if (!user) {
     throw ApiError.unauthorized("Must be logged in to view API keys");
   }
-  if (user.role !== "developer" || user.developerStatus !== "approved") {
+  if (user.developerStatus !== "approved") {
     throw ApiError.forbidden("User does not have developer privileges");
   }
   try {
@@ -123963,6 +124575,46 @@ async function listDeveloperKeys(ctx) {
     throw ApiError.internal("Internal server error", error2);
   }
 }
+async function parseCreateKeyInput(request) {
+  if (request.headers.get("content-length") === "0") {
+    return {};
+  }
+  try {
+    const requestBody = await request.json();
+    const validationResult = CreateDeveloperKeyInputSchema.safeParse(requestBody);
+    if (!validationResult.success) {
+      throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
+    }
+    return validationResult.data;
+  } catch (error2) {
+    if (error2 instanceof ApiError)
+      throw error2;
+    log2.error("Failed to parse request body or invalid JSON", { error: error2 });
+    throw ApiError.badRequest("Invalid JSON body");
+  }
+}
+async function createDeveloperKeyCore(userId, label) {
+  const db = getDatabase();
+  const apiKey2 = generateApiKey();
+  const keyHash = await hashApiKey(apiKey2);
+  const keyData = {
+    userId,
+    keyHash,
+    label: label ?? null
+  };
+  const [newKeyMeta] = await db.insert(developerKeys).values(keyData).returning({
+    id: developerKeys.id,
+    label: developerKeys.label,
+    createdAt: developerKeys.createdAt
+  });
+  if (!newKeyMeta) {
+    throw ApiError.internal("Failed to create API key in database");
+  }
+  return {
+    ...newKeyMeta,
+    apiKey: apiKey2
+  };
+}
 async function createDeveloperKey(ctx) {
   const user = ctx.user;
   log2.debug("[API] creating developer key", {
@@ -123971,51 +124623,15 @@ async function createDeveloperKey(ctx) {
   if (!user) {
     throw ApiError.unauthorized("Must be logged in to create API keys");
   }
-  if (user.role !== "developer" || user.developerStatus !== "approved") {
+  if (user.developerStatus !== "approved") {
     throw ApiError.forbidden("User does not have developer privileges");
   }
-  let inputData = {};
-  try {
-    if (ctx.request.headers.get("content-length") !== "0") {
-      const requestBody = await ctx.request.json();
-      const validationResult = CreateDeveloperKeyInputSchema.safeParse(requestBody);
-      if (!validationResult.success) {
-        throw ApiError.badRequest(`Validation failed: ${formatValidationErrors(validationResult.error)}`);
-      }
-      inputData = validationResult.data;
-    }
-  } catch (error2) {
-    if (error2 instanceof ApiError) {
-      throw error2;
-    }
-    log2.error("Failed to parse request body or invalid JSON", { error: error2 });
-    throw ApiError.badRequest("Invalid JSON body");
-  }
   try {
-    const db = getDatabase();
-    const apiKey2 = generateApiKey();
-    const keyHash = await hashApiKey(apiKey2);
-    const keyData = {
-      userId: user.id,
-      keyHash,
-      label: inputData.label ?? null
-    };
-    const [newKeyMeta] = await db.insert(developerKeys).values(keyData).returning({
-      id: developerKeys.id,
-      label: developerKeys.label,
-      createdAt: developerKeys.createdAt
-    });
-    if (!newKeyMeta) {
-      throw ApiError.internal("Failed to create API key in database");
-    }
-    return {
-      ...newKeyMeta,
-      apiKey: apiKey2
-    };
+    const inputData = await parseCreateKeyInput(ctx.request);
+    return await createDeveloperKeyCore(user.id, inputData.label);
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error("Error creating API key", { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -124030,7 +124646,7 @@ async function deleteDeveloperKey(ctx) {
   if (!user) {
     throw ApiError.unauthorized("Must be logged in to delete API keys");
   }
-  if (user.role !== "developer" || user.developerStatus !== "approved") {
+  if (user.developerStatus !== "approved") {
     throw ApiError.forbidden("User does not have developer privileges");
   }
   if (!keyId) {
@@ -124051,9 +124667,8 @@ async function deleteDeveloperKey(ctx) {
       throw ApiError.notFound("API Key not found during delete operation");
     }
   } catch (error2) {
-    if (error2 instanceof ApiError) {
+    if (error2 instanceof ApiError)
       throw error2;
-    }
     log2.error(`Error revoking API key ${keyId}:`, { error: error2 });
     throw ApiError.internal("Internal server error", error2);
   }
@@ -124071,11 +124686,10 @@ devRouter.post("/apply", async (c2) => {
     return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in applyForDeveloperStatus:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 devRouter.get("/status", async (c2) => {
@@ -124090,11 +124704,10 @@ devRouter.get("/status", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getDeveloperStatus:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 devRouter.get("/keys", async (c2) => {
@@ -124109,11 +124722,10 @@ devRouter.get("/keys", async (c2) => {
     return c2.json(result);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in listDeveloperKeys:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 devRouter.post("/keys", async (c2) => {
@@ -124128,11 +124740,10 @@ devRouter.post("/keys", async (c2) => {
     return c2.json(result, 201);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in createDeveloperKey:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 devRouter.delete("/keys/:keyId", async (c2) => {
@@ -124148,11 +124759,10 @@ devRouter.delete("/keys/:keyId", async (c2) => {
     return c2.body(null, 204);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in deleteDeveloperKey:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 var levelsRouter = new Hono2;
@@ -124168,11 +124778,10 @@ levelsRouter.get("/config", async (c2) => {
     return c2.json(configs);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getAllLevelConfigs:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 levelsRouter.get("/config/:level", async (c2) => {
@@ -124187,19 +124796,20 @@ levelsRouter.get("/config/:level", async (c2) => {
     return c2.json(config);
   } catch (error2) {
     if (error2 instanceof ApiError) {
-      return c2.json({ error: error2.message }, error2.statusCode);
+      return c2.json(createErrorResponse(error2), error2.statusCode);
     }
     console.error("Error in getLevelConfigByPath:", error2);
-    const message2 = error2 instanceof Error ? error2.message : "Internal server error";
-    return c2.json({ error: message2 }, 500);
+    return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
 async function startServer(options) {
-  const { port, verbose, project } = options;
-  const db = await setupDatabase();
-  await seedDemoData(db);
-  if (project) {
-    await seedCurrentProjectGame(db, project);
+  const { port, verbose = false, project, memoryOnly = false, seed = true } = options;
+  const db = await setupDatabase(memoryOnly ? ":memory:" : undefined);
+  if (seed) {
+    await seedDemoData(db);
+    if (project) {
+      await seedCurrentProjectGame(db, project);
+    }
   }
   const app = new Hono2;
   app.use("*", cors({ origin: "*", credentials: true }));