Skip to content

Commit 534ea34

Browse files
Prep v1 launch: client-auth online (Spark), AI fixes, security, cleanup
Online multiplayer (works on the free Spark plan, no Blaze/Cloud Functions): - Convert to client-authoritative resolution: the defender resolves each shot on-device and settles turn/winner. database.rules.json now permits this while preserving the invariants that don't need a trusted server — ship boards stay private, only the two participants can touch a game, shot coordinates are locked after firing, a shooter cannot forge its own result, and winner/turn must be a real participant. - Add SERVER_AUTHORITATIVE flag (false) so the client skips the (absent) Cloud Functions and resolves locally. Flip to true after upgrading to Blaze + deploying functions to restore server-side anti-cheat. - Update rules-tests to cover the client-authoritative model. AI: - Fix Medium AI targeting: derive lock direction from the second hit and walk the full hit-line from the origin (no longer strands a half-sunk ship), and fully reset targeting state on exhaustion (no stale state bleeding across ships). Guarded by new regression tests. - Replace generateAiPlacements' uncapped retry loop with GameEngine.autoPlace() (guaranteed termination, honours adjacency mode). Security: - Harden resolveShot Cloud Function: resolve from the stored shot coordinates and refuse to re-resolve an already-resolved shot (for the future Blaze path). Play Games: - Remove the unused leaderboard/achievement code and the placeholder 000000000000 App ID for v1 (dead code + latent SDK-init crash risk). Repo hygiene: - Remove graphify-out/ cache, smoke screenshots, stray scripts and zero-byte artifacts; untrack the confidential security-audit docs (kept on disk); ignore node_modules/, logs and crash dumps; commit function/rules-tests lockfiles. - Keep PRODUCTION-CHECKLIST.md current with the Spark deploy path.
1 parent 7cc99c4 commit 534ea34

281 files changed

Lines changed: 5304 additions & 28564 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.gitignore

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,3 +31,21 @@ build-logic/convention/bin/
3131
core/ai/bin/
3232
core/domain/bin/
3333
.kotlin/
34+
35+
# Node (Cloud Functions + Firebase rules tests)
36+
node_modules/
37+
38+
# Logs & JVM crash dumps
39+
*.log
40+
hs_err_pid*.log
41+
replay_pid*.log
42+
43+
# Local tooling artifacts (knowledge-graph cache, smoke screenshots, one-off scripts)
44+
graphify-out/
45+
.graphify_python
46+
.smoke_*.png
47+
fix_icons.py
48+
49+
# Internal security-audit docs — do NOT publish in a public repo (kept locally only)
50+
security-audit-report.md
51+
security-audit-summary.md

.graphify_python

Lines changed: 0 additions & 1 deletion
This file was deleted.

.smoke_battle.png

-81 KB
Binary file not shown.

.smoke_diff.png

-120 KB
Binary file not shown.

.smoke_menu.png

-75.1 KB
Binary file not shown.

.smoke_menu2.png

-84.6 KB
Binary file not shown.

.smoke_mode.png

-98.8 KB
Binary file not shown.

.smoke_placed.png

-141 KB
Binary file not shown.

.smoke_shot1.png

-82.7 KB
Binary file not shown.

.smoke_x.png

-82.7 KB
Binary file not shown.

0 commit comments

Comments
 (0)