No description
Joey Yakimowich-Payne
c8d7480a26Before this commit ANY authenticated player in the room could send custom-modifier.register and have the server accept + broadcast the descriptor — including an opponent mid-match. Fill the 10-slot per-room cap with hostile descriptors, or register a descriptor the host then applies and finds unexpected. Fix: Room gains a hostToken field set at room.create (the creator's token). The register handler gates on room.hostToken === ws.data.token. Non-host registrations are rejected with BAD_TOKEN and a message explaining the gate. Host permissions are stable across reconnects — the host's token is preserved in sessionStorage on the client, so closing + reopening the host's tab retains the permission. A later 'transfer host' flow can mutate hostToken; no such mutation exists today (lobbies have a single creator who remains host for the room's lifetime). New server test 'rejects non-host (opponent) registrations with BAD_TOKEN (Q4.4)' seeds a white+black room, has black try to register (rejected), then white succeeds (proving the gate doesn't leak across players). 1399 → 1400 tests. |
||
|---|---|---|
| .github/workflows | ||
| .sisyphus | ||
| docs | ||
| packages | ||
| scripts | ||
| .gitignore | ||
| eslint.config.js | ||
| lefthook.yml | ||
| LICENSE | ||
| package.json | ||
| playwright.config.ts | ||
| README.md | ||
| tsconfig.base.json | ||
| tsconfig.json | ||
| vitest.workspace.ts | ||
@paratype
A Doorenbos-style Rete II rules engine for TypeScript games, with an authoritative WebSocket chess demo.
Packages
packages/rete— Rete II engine corepackages/chess— Browser chess demo (React + Vite)packages/server— Authoritative Bun WebSocket server
Docs
- SPEC.md — Engine specification
- PHASES.md — Development phases & perf budgets
- RULES.md — Chess rule presets
- PROTOCOL.md — WebSocket message protocol
Getting Started
bun install && bun run check