playcademy 0.18.0 → 0.18.2

package/dist/constants/src/timeback.ts

@@ -1,118 +0,0 @@
-/**
- * TimeBack Integration Constants
- *
- * Constants related to TimeBack Caliper integration.
- */
-
-/**
- * TimeBack LTI issuer URLs by environment
- * Used for JWT token verification (iss claim)
- */
-export const TIMEBACK_LTI_ISSUER_URLS = {
-    production: 'https://timeback.com',
-    staging: 'https://staging.timeback.com',
-} as const
-
-/**
- * TimeBack Caliper sensor URLs
- * Allowed sensor URLs for Caliper event validation
- */
-export const TIMEBACK_CALIPER_SENSORS = [
-    'https://samuraimath.com',
-    'https://app.alphamath.school',
-    'https://mathraiders.com',
-] as const
-
-/**
- * TimeBack integration route paths (on game backend)
- * These routes are available on game backends when TimeBack is enabled
- *
- * NOTE:
- *  These paths are relative to /api/ - the full paths are /api/integrations/timeback/*
- */
-export const TIMEBACK_ROUTES = {
-    END_ACTIVITY: '/integrations/timeback/end-activity',
-    GET_XP: '/integrations/timeback/xp',
-} as const
-
-/**
- * TimeBack OneRoster organization identifier
- * This is the default organization sourcedId for Playcademy games
- */
-export const TIMEBACK_ORG_SOURCED_ID = 'PLAYCADEMY' as const
-
-/**
- * Default organization name for Playcademy games
- */
-export const TIMEBACK_ORG_NAME = 'Playcademy Studios' as const
-
-/**
- * Default organization type for Playcademy games
- */
-export const TIMEBACK_ORG_TYPE = 'department' as const
-
-// ============================================================================
-// TimeBack Resource Defaults
-// ============================================================================
-
-/**
- * Default course configuration values
- */
-export const TIMEBACK_COURSE_DEFAULTS = {
-    gradingScheme: 'STANDARD',
-    level: {
-        elementary: 'Elementary',
-        middle: 'Middle',
-        high: 'High',
-        ap: 'AP',
-    },
-    goals: {
-        dailyXp: 50,
-        dailyLessons: 3,
-    },
-    metrics: {
-        totalXp: 1000,
-        totalLessons: 50,
-    },
-} as const
-
-/**
- * Default resource configuration values
- */
-export const TIMEBACK_RESOURCE_DEFAULTS = {
-    vendorId: 'playcademy',
-    roles: ['primary'] as const,
-    importance: 'primary' as const,
-    metadata: {
-        type: 'interactive' as const,
-        toolProvider: 'Playcademy',
-        instructionalMethod: 'exploratory' as const,
-        language: 'en-US',
-    },
-} as const
-
-/**
- * Default component configuration values
- */
-export const TIMEBACK_COMPONENT_DEFAULTS = {
-    sortOrder: 1,
-    prerequisiteCriteria: 'ALL' as const,
-} as const
-
-/**
- * Default componentResource configuration values
- */
-export const TIMEBACK_COMPONENT_RESOURCE_DEFAULTS = {
-    sortOrder: 1,
-    lessonType: 'quiz',
-} as const
-
-// ============================================================================
-// 2HL (Two-Hour Learning) Model
-// ============================================================================
-
-/**
- * Daily XP threshold for the 2HL model.
- * Students must earn this much XP daily to unlock non-enrolled games.
- */
-export const DAILY_XP_THRESHOLD = 120

package/dist/constants/src/typescript.ts

@@ -1,21 +0,0 @@
-/**
- * TypeScript tooling configuration.
- *
- * Centralizes the TypeScript runner used for workspace type checking.
- */
-
-export const TypeScriptPackages = {
-    tsc: 'tsc',
-    nativePreview: '@typescript/native-preview',
-    nativePreviewPinned: '@typescript/native-preview@7.0.0-dev.20260221.1',
-} as const
-
-type TypeScriptRunner = Readonly<{
-    package: (typeof TypeScriptPackages)[keyof typeof TypeScriptPackages]
-    bin: 'tsc' | 'tsgo'
-}>
-
-export const TYPESCRIPT_RUNNER: TypeScriptRunner = {
-    package: TypeScriptPackages.nativePreviewPinned,
-    bin: 'tsgo',
-}

package/dist/constants/src/workers.ts

@@ -1,36 +0,0 @@
-/**
- * Worker Naming Constants
- *
- * Conventions for naming Cloudflare workers to avoid collisions
- * between staging and production deployments.
- */
-
-/**
- * Worker naming patterns
- * - Production workers: {slug} → accessible at {slug}.playcademy.gg
- * - Staging workers: staging-{slug} → accessible at {slug}-staging.playcademy.gg
- *
- * Note: Worker names use a PREFIX (staging-) while hostnames use a SUFFIX (-staging)
- * to follow subdomain naming conventions.
- */
-export const WORKER_NAMING = {
-    /** Prefix for staging worker names (e.g., "staging-bamboo") */
-    STAGING_PREFIX: 'staging-',
-    /** Suffix for staging worker hostnames (e.g., "bamboo-staging.playcademy.gg") */
-    STAGING_SUFFIX: '-staging',
-} as const
-
-/**
- * Prefix for user-defined secrets in Cloudflare Worker bindings.
- *
- * Cloudflare bindings are flat, so we namespace user secrets with this prefix
- * to distinguish them from platform bindings (like GAME_ID, PLAYCADEMY_API_KEY).
- *
- * Usage:
- * - When setting secrets: `bindings[SECRETS_PREFIX + key] = value`
- * - When reading secrets: strip prefix and expose as `c.env.secrets.KEY`
- *
- * @see reconstructSecrets in edge-play/entry/setup.ts
- * @see prefixSecrets in edge-play/entry/setup.ts
- */
-export const SECRETS_PREFIX = 'secrets_'

package/dist/edge-play/src/constants.ts

@@ -1,27 +0,0 @@
-/**
- * Constants for game backend workers
- */
-
-import { TIMEBACK_ROUTES, WORKER_ENV_VARS, WORKER_NAMING } from '@playcademy/constants'
-
-/**
- * Re-export shared constants from @playcademy/constants
- */
-export { WORKER_ENV_VARS as ENV_VARS, WORKER_NAMING }
-
-/**
- * Built-in API routes
- */
-export const ROUTES = {
-    /** Route index (lists available routes) */
-    INDEX: '/api',
-
-    /** Health check endpoint */
-    HEALTH: '/api/health',
-
-    /** TimeBack integration routes */
-    TIMEBACK: {
-        END_ACTIVITY: `/api${TIMEBACK_ROUTES.END_ACTIVITY}`,
-        GET_XP: `/api${TIMEBACK_ROUTES.GET_XP}`,
-    },
-} as const

package/dist/edge-play/src/entry/middleware.ts

@@ -1,247 +0,0 @@
-/**
- * Middleware Configuration
- *
- * All middleware for the game backend worker
- */
-
-import { cors } from 'hono/cors'
-
-import { PlaycademyClient, verifyGameToken } from '@playcademy/sdk/server'
-
-import { resolveRawSelfWorker, wrapSelfWorkerWithPathResolution } from '../lib/self-dispatch'
-import { populateProcessEnv, reconstructSecrets } from './setup'
-
-import type { Context, Hono } from 'hono'
-
-import type { AssetsFetcher, HonoEnv } from '../types'
-import type { RuntimeConfig } from './types'
-
-/**
- * Register CORS middleware
- *
- * Allows cross-origin requests with credentials support.
- * This is required for authentication systems like Better Auth that use cookies.
- *
- * TODO: Harden CORS in production - restrict to trusted origins:
- * - Game's deploymentUrl (for hosted games)
- * - Game's externalUrl (for external games)
- * - Platform domains (hub.playcademy.com, hub.dev.playcademy.net)
- */
-export function registerCors(app: Hono<HonoEnv>): void {
-    app.use(
-        '*',
-        cors({
-            origin: origin => origin, // Echo back the origin (permissive but allows credentials)
-            credentials: true, // Required for cookies/sessions (e.g., Better Auth)
-            allowMethods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
-            allowHeaders: ['Content-Type', 'Authorization'],
-            // exposeHeaders: ['set-auth-token'],
-        }),
-    )
-}
-
-/**
- * Register environment setup middleware
- *
- * Populates process.env, reconstructs secrets, and sets config
- */
-export function registerEnvSetup(app: Hono<HonoEnv>, config: RuntimeConfig): void {
-    app.use('*', async (c, next) => {
-        c.env = { ...c.env }
-        populateProcessEnv(c.env)
-        c.env.secrets = reconstructSecrets(c.env)
-        c.env.SELF = wrapSelfWorkerWithPathResolution(resolveRawSelfWorker(c.env), c.req.url)
-        c.set('config', config)
-        c.set('routeMetadata', config.__routeMetadata || [])
-        await next()
-    })
-}
-
-/**
- * Register SDK initialization middleware
- *
- * Lazily initializes the Playcademy SDK on first request and
- * makes it available via c.get('sdk')
- */
-export function registerSdkInit(app: Hono<HonoEnv>, config: RuntimeConfig): void {
-    let sdkPromise: Promise<PlaycademyClient> | null = null
-
-    app.use('*', async (c, next) => {
-        if (!sdkPromise) {
-            sdkPromise = PlaycademyClient.init({
-                apiKey: c.env.PLAYCADEMY_API_KEY,
-                gameId: c.env.GAME_ID,
-                baseUrl: c.env.PLAYCADEMY_BASE_URL,
-                config,
-            })
-        }
-
-        c.set('sdk', await sdkPromise)
-        await next()
-    })
-}
-
-/**
- * Register Playcademy user middleware
- *
- * Verifies platform game tokens and populates c.get('playcademyUser')
- * if a valid token is present in the Authorization header
- */
-export function registerPlaycademyUser(app: Hono<HonoEnv>): void {
-    app.use('*', async (c, next) => {
-        const authHeader = c.req.header('Authorization')
-
-        if (authHeader?.startsWith('Bearer ')) {
-            const token = authHeader.slice(7)
-
-            try {
-                const result = await verifyGameToken(token)
-
-                c.set('playcademyUser', result.user)
-            } catch {
-                // Invalid/expired token - that's fine, just don't set user
-                // Routes can decide if they require authentication
-            }
-        }
-
-        await next()
-    })
-}
-
-/**
- * Register API 404 handler
- *
- * Returns a helpful JSON response for unmatched API routes.
- * Should be registered after all API routes but before asset fallback.
- */
-export function registerApiNotFoundHandler(app: Hono<HonoEnv>): void {
-    app.all('/api/*', async c =>
-        c.json(
-            {
-                error: 'Not Found',
-                message: `Route ${c.req.method} ${c.req.path} not found`,
-                path: c.req.path,
-                method: c.req.method,
-            },
-            404,
-        ),
-    )
-}
-
-/**
- * Detect if ASSETS binding is an R2 bucket or Workers Assets Fetcher
- * Returns true for R2Bucket, false for AssetsFetcher
- */
-function isR2AssetsBinding(assets: AssetsFetcher | R2Bucket): assets is R2Bucket {
-    // R2Bucket has .get() method, Fetcher has .fetch() method
-    return 'get' in assets && typeof assets.get === 'function' && !('fetch' in assets)
-}
-
-/**
- * Serve assets from Workers Assets binding (Fetcher)
- * Default strategy for games with files <25MB
- */
-async function serveFromWorkersAssets(
-    c: Context<HonoEnv>,
-    assets: AssetsFetcher,
-): Promise<Response> {
-    // Try to fetch the requested asset
-    const response = await assets.fetch(c.req.raw)
-
-    // If found, return it
-    if (response.status !== 404) {
-        return response
-    }
-
-    // If not found and it's a file request (has extension), return 404
-    const path = new URL(c.req.url).pathname
-
-    if (path.includes('.')) {
-        return response
-    }
-
-    // Otherwise, fall back to index.html for SPA routing
-    const indexUrl = new URL(c.req.url)
-
-    indexUrl.pathname = '/index.html'
-
-    return await assets.fetch(new Request(indexUrl.toString()))
-}
-
-/**
- * Serve assets from R2 bucket binding
- * Fallback strategy for games with large files (≥25MB) like Godot WASM
- */
-async function serveFromR2(c: Context<HonoEnv>, bucket: R2Bucket): Promise<Response> {
-    const path = new URL(c.req.url).pathname
-    const key = path === '/' ? 'index.html' : path.slice(1)
-
-    // Try to fetch the requested asset
-    const object = await bucket.get(key)
-
-    if (object) {
-        return new Response(object.body, {
-            headers: {
-                'Content-Type': object.httpMetadata?.contentType || 'application/octet-stream',
-                // Use 1-hour caching - balances performance with update propagation
-                // (Godot and other engines use non-hashed filenames)
-                'Cache-Control': key === 'index.html' ? 'no-cache' : 'public, max-age=3600',
-                ETag: object.etag,
-            },
-        })
-    }
-
-    // If not found and it's a file request (has extension), return 404
-    if (path.includes('.')) {
-        return c.json({ error: 'Not Found', message: 'Asset not found', path }, 404)
-    }
-
-    // Otherwise, fall back to index.html for SPA routing
-    const indexObject = await bucket.get('index.html')
-
-    if (indexObject) {
-        return new Response(indexObject.body, {
-            headers: {
-                'Content-Type': 'text/html',
-                'Cache-Control': 'no-cache',
-            },
-        })
-    }
-
-    return c.json({ error: 'Not Found', message: 'Asset not found', path }, 404)
-}
-
-/**
- * Register asset fallback handler
- *
- * Serves static assets from either Workers Assets or R2 bucket binding.
- * Automatically detects which binding type is present and routes accordingly.
- * MUST be registered last as it's a catch-all for non-API routes.
- *
- * Supports two deployment strategies:
- * - Workers Assets (default): For games with files <25MB
- * - R2 Bucket (fallback): For games with large files like Godot WASM
- *
- * SPA Routing Support:
- * - First tries to fetch the requested path (e.g., /assets/main.js)
- * - If 404 and NOT an API route, falls back to /index.html
- * - This allows client-side routing (React Router) to work on refresh
- */
-export function registerAssetFallback(app: Hono<HonoEnv>): void {
-    app.get('*', async c => {
-        if (!c.env.ASSETS) {
-            return c.json(
-                {
-                    error: 'Not Found',
-                    message: 'Asset not found',
-                    path: c.req.path,
-                },
-                404,
-            )
-        }
-
-        return isR2AssetsBinding(c.env.ASSETS)
-            ? await serveFromR2(c, c.env.ASSETS)
-            : await serveFromWorkersAssets(c, c.env.ASSETS)
-    })
-}