playcademy 0.14.2 → 0.14.4-alpha.1

package/dist/constants.d.ts

@@ -8,6 +8,61 @@ export { GAME_WORKER_DOMAINS, PLAYCADEMY_BASE_URLS, PLAYCADEMY_DOMAINS } from '@
  * Used when integrations.customRoutes.directory is not specified in config
  */
 declare const DEFAULT_API_ROUTES_DIRECTORY = "server/api";
+/**
+ * Server root directory (fixed location)
+ */
+declare const SERVER_ROOT_DIRECTORY = "server";
+/**
+ * Server library/utilities directory (fixed location)
+ */
+declare const SERVER_LIB_DIRECTORY = "server/lib";
+/**
+ * Auth routes subdirectory name within API directory (fixed structure)
+ */
+declare const AUTH_API_SUBDIRECTORY = "auth";
+/**
+ * Sample routes subdirectory name within API directory (fixed structure)
+ */
+declare const SAMPLE_API_SUBDIRECTORY = "sample";
+/**
+ * Sample route filenames
+ */
+declare const SAMPLE_CUSTOM_FILENAME = "custom.ts";
+declare const SAMPLE_DATABASE_FILENAME = "database.ts";
+declare const SAMPLE_KV_FILENAME = "kv.ts";
+declare const SAMPLE_BUCKET_FILENAME = "bucket.ts";
+
+/**
+ * Auth-related constants and dependency versions
+ *
+ * Versions are read from workspace catalog at build time
+ */
+/**
+ * Better Auth version to install in user projects
+ * Read from workspace catalog at CLI build time
+ */
+declare const BETTER_AUTH_VERSION: string;
+/**
+ * @playcademy/auth version to install in user projects
+ */
+declare const PLAYCADEMY_AUTH_VERSION = "latest";
+/**
+ * Auth provider display names
+ */
+declare const AUTH_PROVIDER_NAMES: Record<string, string>;
+/**
+ * OAuth callback URL pattern
+ * Replace {gameUrl} with actual game URL and {provider} with provider name
+ */
+declare const OAUTH_CALLBACK_URL_PATTERN = "{gameUrl}/api/auth/callback/{provider}";
+/**
+ * Placeholder game URL for setup instructions
+ */
+declare const PLACEHOLDER_GAME_URL = "https://your-game.playcademy.gg";
+/**
+ * Auth configuration filename (fixed structure)
+ */
+declare const AUTH_CONFIG_FILE = "auth.ts";
 
 /**
  * Bucket-related constants
@@ -66,6 +121,11 @@ declare const MINIFLARE_D1_DIRECTORY = "miniflare-D1DatabaseObject";
  * This matches the pattern used by Vite, Bun, and other modern tools.
  */
 declare const ENV_FILES: readonly [".env", ".env.development", ".env.local"];
+/**
+ * Environment example file (template for required environment variables)
+ * Safe to commit to version control with placeholder values
+ */
+declare const ENV_EXAMPLE_FILE = ".env.example";
 /**
  * TypeScript config files to check (in priority order)
  *
@@ -163,4 +223,4 @@ declare const DEFAULT_PORTS: {
  */
 declare const CONFIG_FILE_NAMES: string[];
 
-export { BUCKET_ALWAYS_SKIP, CALLBACK_PATH, CALLBACK_PORT, CLI_DEFAULT_OUTPUTS, CLI_DIRECTORIES, CLI_FILES, CLI_USER_DIRECTORIES, CLOUDFLARE_BINDINGS, CLOUDFLARE_COMPATIBILITY_DATE, CONFIG_FILE_NAMES, DEFAULT_API_ROUTES_DIRECTORY, DEFAULT_DATABASE_DIRECTORY, DEFAULT_PORTS, DEFAULT_SEED_FILE_NAME, ENV_FILES, MINIFLARE_D1_DIRECTORY, SCHEMA_INDEX_FILE, SCHEMA_SUBDIRECTORY, SSO_AUTH_TIMEOUT_MS, TSCONFIG_FILES, WORKSPACE_NAME };
+export { AUTH_API_SUBDIRECTORY, AUTH_CONFIG_FILE, AUTH_PROVIDER_NAMES, BETTER_AUTH_VERSION, BUCKET_ALWAYS_SKIP, CALLBACK_PATH, CALLBACK_PORT, CLI_DEFAULT_OUTPUTS, CLI_DIRECTORIES, CLI_FILES, CLI_USER_DIRECTORIES, CLOUDFLARE_BINDINGS, CLOUDFLARE_COMPATIBILITY_DATE, CONFIG_FILE_NAMES, DEFAULT_API_ROUTES_DIRECTORY, DEFAULT_DATABASE_DIRECTORY, DEFAULT_PORTS, DEFAULT_SEED_FILE_NAME, ENV_EXAMPLE_FILE, ENV_FILES, MINIFLARE_D1_DIRECTORY, OAUTH_CALLBACK_URL_PATTERN, PLACEHOLDER_GAME_URL, PLAYCADEMY_AUTH_VERSION, SAMPLE_API_SUBDIRECTORY, SAMPLE_BUCKET_FILENAME, SAMPLE_CUSTOM_FILENAME, SAMPLE_DATABASE_FILENAME, SAMPLE_KV_FILENAME, SCHEMA_INDEX_FILE, SCHEMA_SUBDIRECTORY, SERVER_LIB_DIRECTORY, SERVER_ROOT_DIRECTORY, SSO_AUTH_TIMEOUT_MS, TSCONFIG_FILES, WORKSPACE_NAME };

package/dist/constants.js

@@ -1,5 +1,137 @@
 // src/constants/api.ts
 var DEFAULT_API_ROUTES_DIRECTORY = "server/api";
+var SERVER_ROOT_DIRECTORY = "server";
+var SERVER_LIB_DIRECTORY = "server/lib";
+var AUTH_API_SUBDIRECTORY = "auth";
+var SAMPLE_API_SUBDIRECTORY = "sample";
+var SAMPLE_CUSTOM_FILENAME = "custom.ts";
+var SAMPLE_DATABASE_FILENAME = "database.ts";
+var SAMPLE_KV_FILENAME = "kv.ts";
+var SAMPLE_BUCKET_FILENAME = "bucket.ts";
+
+// ../../package.json
+var package_default = {
+  name: "playcademy",
+  devDependencies: {
+    "@aws-sdk/client-s3": "^3.787.0",
+    "@eslint/js": "^9.24.0",
+    "@ianvs/prettier-plugin-sort-imports": "^4.4.2",
+    "@pulumi/pulumi": "^3.195.0",
+    "@types/bun": "latest",
+    commander: "^14.0.0",
+    eslint: "^9.24.0",
+    globals: "^16.0.0",
+    husky: "^9.1.7",
+    jscodeshift: "^17.3.0",
+    "lint-staged": "^15.5.1",
+    prettier: "3.5.3",
+    "prettier-plugin-svelte": "^3.3.3",
+    rimraf: "^6.0.1",
+    sharp: "^0.34.2",
+    typedoc: "^0.28.5",
+    "typedoc-plugin-markdown": "^4.7.0",
+    "typedoc-vitepress-theme": "^1.1.2",
+    "typescript-eslint": "^8.30.1",
+    "yocto-spinner": "^0.2.2"
+  },
+  peerDependencies: {
+    typescript: "^5"
+  },
+  private: true,
+  scripts: {
+    build: "bun run scripts/build.ts",
+    "build:types": "bun tsc -b packages/data",
+    clean: "bun scripts/clean.ts && bun i",
+    "docs:commit": "bun scripts/docs-commit.ts",
+    dev: "bunx sst dev",
+    "dev:reset": "sst shell -- bun run scripts/dev-reset.ts",
+    "db:reseed": "sst shell -- bun run scripts/dev-reseed-db.ts",
+    "db:sync": "sst shell -- bun run scripts/dev-sync-db.ts",
+    "db:studio": "sst shell -- bun run --filter @playcademy/data studio",
+    "upload-games": "sst shell -- bun run scripts/upload-games.ts",
+    "upload-items": "sst shell -- bun run scripts/upload-items.ts",
+    "upload-sprites": "sst shell -- bun run scripts/upload-sprites.ts",
+    "upload-static-assets": "sst shell -- bun run scripts/upload-static-assets.ts",
+    "upload:all": "sst shell -- bun run scripts/upload-all.ts",
+    "sync-engine-assets": "bun scripts/sync-engine-assets.ts",
+    "sync-vite-templates": "bun scripts/sync-vite-templates.ts",
+    "sync-godot-template": "bun scripts/sync-godot-template.ts",
+    "sync:all": "bun scripts/sync-all.ts",
+    "setup-cloudflare": "bun scripts/setup-cloudflare-dispatch.ts",
+    "list-s3-bucket": "sst shell -- bun scripts/list-s3-bucket.ts",
+    doctor: "bunx sst shell -- bun scripts/doctor.ts",
+    format: "bun run --filter '*' format",
+    lint: "bun run --filter '*' lint",
+    prepare: "husky",
+    sort: "bunx sort-package-json **/package.json",
+    test: "bun test",
+    "test:unit": "bun scripts/test-unit.ts",
+    "test:integration": "bun scripts/test-integration.ts",
+    "test:watch": "bun test --watch",
+    "docker:relay": "bun run scripts/docker-relay.ts",
+    "debug:leaderboard-notifications": "bunx sst shell -- bun scripts/debug/leaderboard-notifications.ts",
+    "timeback:caliper": "sst shell -- bun scripts/caliper-cli.ts",
+    notify: "NODE_ENV=productionbunx sst shell -- bun scripts/notifications-cli.ts"
+  },
+  type: "module",
+  workspaces: {
+    packages: [
+      "apps/*",
+      "packages/*",
+      "games/*",
+      "templates/*"
+    ],
+    catalog: {
+      sst: "^3.14.11",
+      dedent: "^1.6.0",
+      typescript: "^5.7.2",
+      vite: "^6.3.5",
+      eslint: "^9.24.0",
+      prettier: "3.5.3",
+      "@types/bun": "latest",
+      jose: "^5.2.3",
+      zod: "^3.25.53",
+      "better-auth": "1.3.33"
+    },
+    catalogs: {
+      svelte: {
+        svelte: "^5.23.1",
+        "@sveltejs/adapter-auto": "^6.0.0",
+        "@sveltejs/kit": "^2.16.0",
+        "@sveltejs/vite-plugin-svelte": "^5.0.3",
+        "svelte-check": "^4.2.1",
+        "prettier-plugin-svelte": "^3.3.3",
+        "eslint-plugin-svelte": "^3.0.0"
+      },
+      database: {
+        "drizzle-orm": "^0.42.0",
+        "drizzle-kit": "^0.31.0",
+        "drizzle-zod": "^0.7.1"
+      },
+      aws: {
+        "@aws-sdk/client-s3": "^3.787.0",
+        "@aws-sdk/s3-request-presigner": "^3.787.0"
+      },
+      linting: {
+        "typescript-eslint": "^8.30.1",
+        "@eslint/js": "^9.24.0",
+        "eslint-config-prettier": "^10.0.1"
+      }
+    }
+  }
+};
+
+// src/constants/auth.ts
+var BETTER_AUTH_VERSION = package_default.workspaces.catalog["better-auth"];
+var PLAYCADEMY_AUTH_VERSION = "latest";
+var AUTH_PROVIDER_NAMES = {
+  email: "Email/password",
+  github: "GitHub",
+  google: "Google"
+};
+var OAUTH_CALLBACK_URL_PATTERN = "{gameUrl}/api/auth/callback/{provider}";
+var PLACEHOLDER_GAME_URL = "https://your-game.playcademy.gg";
+var AUTH_CONFIG_FILE = "auth.ts";
 
 // src/constants/config.ts
 var ENV_FILES = [
@@ -10,6 +142,7 @@ var ENV_FILES = [
   ".env.local"
   // Overrides all (highest priority)
 ];
+var ENV_EXAMPLE_FILE = ".env.example";
 var TSCONFIG_FILES = [
   "tsconfig.app.json",
   // Modern tooling (try first)
@@ -137,6 +270,10 @@ var BADGES = {
   FIRST_GAME: ITEM_SLUGS.FIRST_GAME_BADGE
 };
 export {
+  AUTH_API_SUBDIRECTORY,
+  AUTH_CONFIG_FILE,
+  AUTH_PROVIDER_NAMES,
+  BETTER_AUTH_VERSION,
   BUCKET_ALWAYS_SKIP,
   CALLBACK_PATH,
   CALLBACK_PORT,
@@ -151,13 +288,24 @@ export {
   DEFAULT_DATABASE_DIRECTORY,
   DEFAULT_PORTS,
   DEFAULT_SEED_FILE_NAME,
+  ENV_EXAMPLE_FILE,
   ENV_FILES,
   GAME_WORKER_DOMAINS,
   MINIFLARE_D1_DIRECTORY,
+  OAUTH_CALLBACK_URL_PATTERN,
+  PLACEHOLDER_GAME_URL,
+  PLAYCADEMY_AUTH_VERSION,
   PLAYCADEMY_BASE_URLS,
   PLAYCADEMY_DOMAINS,
+  SAMPLE_API_SUBDIRECTORY,
+  SAMPLE_BUCKET_FILENAME,
+  SAMPLE_CUSTOM_FILENAME,
+  SAMPLE_DATABASE_FILENAME,
+  SAMPLE_KV_FILENAME,
   SCHEMA_INDEX_FILE,
   SCHEMA_SUBDIRECTORY,
+  SERVER_LIB_DIRECTORY,
+  SERVER_ROOT_DIRECTORY,
   SSO_AUTH_TIMEOUT_MS,
   TSCONFIG_FILES,
   WORKSPACE_NAME

package/dist/db.js

@@ -22,6 +22,121 @@ var init_file_loader = __esm({
 import { copyFileSync, existsSync, mkdirSync, readdirSync, unlinkSync } from "fs";
 import { join as join2 } from "path";
 
+// ../../package.json
+var package_default = {
+  name: "playcademy",
+  devDependencies: {
+    "@aws-sdk/client-s3": "^3.787.0",
+    "@eslint/js": "^9.24.0",
+    "@ianvs/prettier-plugin-sort-imports": "^4.4.2",
+    "@pulumi/pulumi": "^3.195.0",
+    "@types/bun": "latest",
+    commander: "^14.0.0",
+    eslint: "^9.24.0",
+    globals: "^16.0.0",
+    husky: "^9.1.7",
+    jscodeshift: "^17.3.0",
+    "lint-staged": "^15.5.1",
+    prettier: "3.5.3",
+    "prettier-plugin-svelte": "^3.3.3",
+    rimraf: "^6.0.1",
+    sharp: "^0.34.2",
+    typedoc: "^0.28.5",
+    "typedoc-plugin-markdown": "^4.7.0",
+    "typedoc-vitepress-theme": "^1.1.2",
+    "typescript-eslint": "^8.30.1",
+    "yocto-spinner": "^0.2.2"
+  },
+  peerDependencies: {
+    typescript: "^5"
+  },
+  private: true,
+  scripts: {
+    build: "bun run scripts/build.ts",
+    "build:types": "bun tsc -b packages/data",
+    clean: "bun scripts/clean.ts && bun i",
+    "docs:commit": "bun scripts/docs-commit.ts",
+    dev: "bunx sst dev",
+    "dev:reset": "sst shell -- bun run scripts/dev-reset.ts",
+    "db:reseed": "sst shell -- bun run scripts/dev-reseed-db.ts",
+    "db:sync": "sst shell -- bun run scripts/dev-sync-db.ts",
+    "db:studio": "sst shell -- bun run --filter @playcademy/data studio",
+    "upload-games": "sst shell -- bun run scripts/upload-games.ts",
+    "upload-items": "sst shell -- bun run scripts/upload-items.ts",
+    "upload-sprites": "sst shell -- bun run scripts/upload-sprites.ts",
+    "upload-static-assets": "sst shell -- bun run scripts/upload-static-assets.ts",
+    "upload:all": "sst shell -- bun run scripts/upload-all.ts",
+    "sync-engine-assets": "bun scripts/sync-engine-assets.ts",
+    "sync-vite-templates": "bun scripts/sync-vite-templates.ts",
+    "sync-godot-template": "bun scripts/sync-godot-template.ts",
+    "sync:all": "bun scripts/sync-all.ts",
+    "setup-cloudflare": "bun scripts/setup-cloudflare-dispatch.ts",
+    "list-s3-bucket": "sst shell -- bun scripts/list-s3-bucket.ts",
+    doctor: "bunx sst shell -- bun scripts/doctor.ts",
+    format: "bun run --filter '*' format",
+    lint: "bun run --filter '*' lint",
+    prepare: "husky",
+    sort: "bunx sort-package-json **/package.json",
+    test: "bun test",
+    "test:unit": "bun scripts/test-unit.ts",
+    "test:integration": "bun scripts/test-integration.ts",
+    "test:watch": "bun test --watch",
+    "docker:relay": "bun run scripts/docker-relay.ts",
+    "debug:leaderboard-notifications": "bunx sst shell -- bun scripts/debug/leaderboard-notifications.ts",
+    "timeback:caliper": "sst shell -- bun scripts/caliper-cli.ts",
+    notify: "NODE_ENV=productionbunx sst shell -- bun scripts/notifications-cli.ts"
+  },
+  type: "module",
+  workspaces: {
+    packages: [
+      "apps/*",
+      "packages/*",
+      "games/*",
+      "templates/*"
+    ],
+    catalog: {
+      sst: "^3.14.11",
+      dedent: "^1.6.0",
+      typescript: "^5.7.2",
+      vite: "^6.3.5",
+      eslint: "^9.24.0",
+      prettier: "3.5.3",
+      "@types/bun": "latest",
+      jose: "^5.2.3",
+      zod: "^3.25.53",
+      "better-auth": "1.3.33"
+    },
+    catalogs: {
+      svelte: {
+        svelte: "^5.23.1",
+        "@sveltejs/adapter-auto": "^6.0.0",
+        "@sveltejs/kit": "^2.16.0",
+        "@sveltejs/vite-plugin-svelte": "^5.0.3",
+        "svelte-check": "^4.2.1",
+        "prettier-plugin-svelte": "^3.3.3",
+        "eslint-plugin-svelte": "^3.0.0"
+      },
+      database: {
+        "drizzle-orm": "^0.42.0",
+        "drizzle-kit": "^0.31.0",
+        "drizzle-zod": "^0.7.1"
+      },
+      aws: {
+        "@aws-sdk/client-s3": "^3.787.0",
+        "@aws-sdk/s3-request-presigner": "^3.787.0"
+      },
+      linting: {
+        "typescript-eslint": "^8.30.1",
+        "@eslint/js": "^9.24.0",
+        "eslint-config-prettier": "^10.0.1"
+      }
+    }
+  }
+};
+
+// src/constants/auth.ts
+var BETTER_AUTH_VERSION = package_default.workspaces.catalog["better-auth"];
+
 // src/constants/config.ts
 var ENV_FILES = [
   ".env",
@@ -690,6 +805,9 @@ var logger = {
   }
 };
 
+// src/lib/secrets/env.ts
+init_file_loader();
+
 // src/lib/config/loader.ts
 init_file_loader();
 

package/dist/edge-play/src/entry/middleware.ts

@@ -6,7 +6,7 @@
 
 import { cors } from 'hono/cors'
 
-import { PlaycademyClient } from '@playcademy/sdk/server'
+import { PlaycademyClient, verifyGameToken } from '@playcademy/sdk/server'
 
 import { populateProcessEnv, reconstructSecrets } from './setup'
 
@@ -17,19 +17,23 @@ import type { RuntimeConfig } from './types'
 /**
  * Register CORS middleware
  *
+ * Allows cross-origin requests with credentials support.
+ * This is required for authentication systems like Better Auth that use cookies.
+ *
  * TODO: Harden CORS in production - restrict to trusted origins:
- * - Game's assetBundleBase (for hosted games)
+ * - Game's deploymentUrl (for hosted games)
  * - Game's externalUrl (for external games)
- * - Platform frontend domains (hub.playcademy.com, hub.dev.playcademy.net)
- * This would require passing game metadata through env bindings during deployment
+ * - Platform domains (hub.playcademy.com, hub.dev.playcademy.net)
  */
 export function registerCors(app: Hono<HonoEnv>): void {
     app.use(
         '*',
         cors({
-            origin: '*', // Permissive for now
+            origin: origin => origin, // Echo back the origin (permissive but allows credentials)
+            credentials: true, // Required for cookies/sessions (e.g., Better Auth)
             allowMethods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
             allowHeaders: ['Content-Type', 'Authorization'],
+            // exposeHeaders: ['set-auth-token'],
         }),
     )
 }
@@ -72,3 +76,96 @@ export function registerSdkInit(app: Hono<HonoEnv>, config: RuntimeConfig): void
         await next()
     })
 }
+
+/**
+ * Register Playcademy user middleware
+ *
+ * Verifies platform game tokens and populates c.get('playcademyUser')
+ * if a valid token is present in the Authorization header
+ */
+export function registerPlaycademyUser(app: Hono<HonoEnv>): void {
+    app.use('*', async (c, next) => {
+        const authHeader = c.req.header('Authorization')
+
+        if (authHeader?.startsWith('Bearer ')) {
+            const token = authHeader.slice(7)
+
+            try {
+                const result = await verifyGameToken(token)
+
+                c.set('playcademyUser', result.user)
+            } catch {
+                // Invalid/expired token - that's fine, just don't set user
+                // Routes can decide if they require authentication
+            }
+        }
+
+        await next()
+    })
+}
+
+/**
+ * Register API 404 handler
+ *
+ * Returns a helpful JSON response for unmatched API routes.
+ * Should be registered after all API routes but before asset fallback.
+ */
+export function registerApiNotFoundHandler(app: Hono<HonoEnv>): void {
+    app.all('/api/*', async c => {
+        return c.json(
+            {
+                error: 'Not Found',
+                message: `Route ${c.req.method} ${c.req.path} not found`,
+                path: c.req.path,
+                method: c.req.method,
+            },
+            404,
+        )
+    })
+}
+
+/**
+ * Register asset fallback handler
+ *
+ * Serves static assets from Workers Assets binding.
+ * MUST be registered last as it's a catch-all for non-API routes.
+ *
+ * SPA Routing Support:
+ * - First tries to fetch the requested path (e.g., /assets/main.js)
+ * - If 404 and NOT an API route, falls back to /index.html
+ * - This allows client-side routing (React Router) to work on refresh
+ */
+export function registerAssetFallback(app: Hono<HonoEnv>): void {
+    app.get('*', async c => {
+        if (!c.env.ASSETS) {
+            return c.json(
+                {
+                    error: 'Not Found',
+                    message: 'Asset not found',
+                    path: c.req.path,
+                },
+                404,
+            )
+        }
+
+        // Try to fetch the requested asset
+        const response = await c.env.ASSETS.fetch(c.req.raw)
+
+        // If found, return it
+        if (response.status !== 404) {
+            return response
+        }
+
+        // If not found and it's a file request (has extension), return 404
+        const path = new URL(c.req.url).pathname
+        if (path.includes('.')) {
+            return response
+        }
+
+        // Otherwise, fall back to index.html for predictable routing
+        const indexUrl = new URL(c.req.url)
+        indexUrl.pathname = '/index.html'
+
+        return await c.env.ASSETS.fetch(new Request(indexUrl.toString()))
+    })
+}

package/dist/edge-play/src/entry/session.ts

@@ -0,0 +1,44 @@
+/**
+ * Session Middleware Factory
+ *
+ * Provides a factory function for creating Better Auth session middleware.
+ * Games using Better Auth can use this to populate c.get('user') automatically.
+ *
+ * This is a factory (not a direct middleware) because edge-play can't import
+ * game-specific code. Games pass their getAuth function to create the middleware.
+ */
+
+import type { Context } from 'hono'
+import type { HonoEnv } from '../types'
+
+/**
+ * Create session middleware that populates c.get('user') from Better Auth sessions
+ *
+ * @param getAuth - Function that returns the game's Better Auth instance
+ * @returns Middleware function
+ *
+ * @example
+ * ```typescript
+ * // In your bundled entry point (auto-injected by CLI)
+ * import { createSessionMiddleware } from '@playcademy/edge-play'
+ * import { getAuth } from './server/lib/auth'
+ *
+ * app.use('*', createSessionMiddleware(getAuth))
+ * ```
+ */
+export function createSessionMiddleware(
+    getAuth: (c: Context<HonoEnv>) => {
+        api: { getSession: (options: { headers: Headers }) => Promise<{ user: unknown } | null> }
+    },
+) {
+    return async (c: Context<HonoEnv>, next: () => Promise<void>) => {
+        const auth = getAuth(c)
+        const session = await auth.api.getSession({ headers: c.req.raw.headers })
+
+        if (session?.user) {
+            c.set('user', session.user)
+        }
+
+        await next()
+    }
+}

package/dist/edge-play/src/entry.ts

@@ -6,17 +6,29 @@
  *
  * Bundled with esbuild and deployed to Cloudflare Workers (or AWS Lambda).
  * Config is injected at build time via esbuild's `define` option.
+ *
+ * DO NOT REMOVE any code wrapped by ⚠️ BUILD_MARKER: <marker> ⚠️
  */
 
 import { Hono } from 'hono'
 
-import { registerCors, registerEnvSetup, registerSdkInit } from './entry/middleware'
+import {
+    registerApiNotFoundHandler,
+    registerAssetFallback,
+    registerCors,
+    registerEnvSetup,
+    registerPlaycademyUser,
+    registerSdkInit,
+} from './entry/middleware'
 import { setupProcessGlobal } from './entry/setup'
 import { registerBuiltinRoutes } from './register-routes'
 
 import type { RuntimeConfig } from './entry/types'
 import type { HonoEnv } from './types'
 
+// DO NOT REMOVE THE BELOW COMMENT
+// ⚠️ BUILD_MARKER: CUSTOM_ROUTE_IMPORTS ⚠️
+
 /**
  * Config injected at build time by esbuild
  *
@@ -43,6 +55,10 @@ const app = new Hono<HonoEnv>()
 registerCors(app)
 registerEnvSetup(app, PLAYCADEMY_CONFIG)
 registerSdkInit(app, PLAYCADEMY_CONFIG)
+registerPlaycademyUser(app)
+
+// DO NOT REMOVE THE BELOW COMMENT
+// ⚠️ BUILD_MARKER: SESSION_MIDDLEWARE ⚠️
 
 // Register built-in integration routes based on enabled integrations
 // This function conditionally imports and registers routes like:
@@ -54,4 +70,20 @@ registerSdkInit(app, PLAYCADEMY_CONFIG)
 // its route code is completely removed from the bundle.
 await registerBuiltinRoutes(app, PLAYCADEMY_CONFIG.integrations)
 
+// DO NOT REMOVE THE BELOW COMMENT
+// ⚠️ BUILD_MARKER: CUSTOM_ROUTES ⚠️
+
+// Register API 404 handler
+// Returns JSON error for unmatched /api/* routes
+// Must be registered after all API routes
+registerApiNotFoundHandler(app)
+
+// Register static asset fallback handler
+// Serves frontend assets from Workers Assets binding
+// MUST be registered last as it uses a wildcard GET route (app.get('*', ...))
+//
+// In production: Serves frontend assets from Workers Assets binding
+// In local dev: Returns 404 (Vite serves the frontend separately)
+registerAssetFallback(app)
+
 export default app

package/dist/edge-play/src/index.ts

@@ -1,2 +1,4 @@
-export { registerBuiltinRoutes } from './register-routes'
 export { ROUTES } from './constants'
+
+export { registerBuiltinRoutes } from './register-routes'
+export { createSessionMiddleware } from './entry/session'

package/dist/edge-play/src/register-routes.ts

@@ -17,10 +17,6 @@ import type { HonoEnv, Integrations } from './types'
  * @param integrations - Enabled integrations from config
  */
 export async function registerBuiltinRoutes(app: Hono<HonoEnv>, integrations?: Integrations) {
-    // Root page (always included)
-    const root = await import('./routes/root')
-    app.get('/', root.GET)
-
     // Route discovery (always included)
     const routesIndex = await import('./routes/index')
     app.get(ROUTES.INDEX, routesIndex.GET)

package/dist/edge-play/src/types.ts

@@ -1,10 +1,8 @@
 /**
  * Type definitions for game backend runtime
  *
- * Defines types for:
- * - Cloudflare Worker environment bindings
- * - Hono context with typed env
- * - Route handler signatures
+ * Base types that can be augmented by game-specific generated types.
+ * Games extend these via playcademy-env.d.ts module augmentation.
  */
 
 /// <reference types="@cloudflare/workers-types" />
@@ -17,7 +15,7 @@ import type { RouteMetadata } from './entry/types'
  */
 export interface Integrations {
     timeback?: unknown
-    auth?: { enabled: boolean }
+    auth?: boolean
     storage?: { enabled: boolean }
     realtime?: { enabled: boolean }
 }
@@ -39,6 +37,9 @@ export interface ServerEnv {
     /** Game-specific secrets (optional) */
     secrets?: Record<string, string>
 
+    /** Workers Assets binding for static files (Cloudflare-specific) */
+    ASSETS?: { fetch(request: Request): Promise<Response> }
+
     /** KV namespace binding (optional, Cloudflare-specific) */
     KV?: KVNamespace
 
@@ -59,6 +60,7 @@ export interface HonoVariables {
     sdk: PlaycademyClient
     config: PlaycademyConfig
     routeMetadata: Array<RouteMetadata>
+    [key: string]: unknown
 }
 
 /**