Public sync 2026-W26

[eduardomoroni]

Weekly export from TheCardGoat/the-card-goat-online. Generated from private commit 8414e9200cef64ff263b586504b05e7d98b8c6f4.

[blocksorg]

Mention Blocks like a regular teammate with your question or request:

@blocks review this pull request
@blocks make the following changes ...
@blocks create an issue from what was mentioned in the following comment ...
@blocks explain the following code ...
@blocks are there any security or performance concerns?

Run @blocks /help for more information.

Workspace settings | Disable this message

[kilo-code-bot]

Code Review Roast 🔥

Verdict: Unable to Review | Recommendation: Skip automated review for weekly sync PRs

Overview

This PR (#205) is a weekly export from a private repository containing 2791 changed files. The diff exceeds GitHub's API limits for inline review comments, making detailed line-by-line analysis impossible.

Context

The PR description indicates this is auto-generated from TheCardGoat/the-card-goat-online private commit 8414e920. This appears to be a routine sync of public code to the open-source repository.

Recommendation

For weekly sync PRs of this nature:

• Consider targeted validation on specific subsystems rather than full PR review
• Run the standard validation suite (pnpm run ci:agnostic:check) to catch integration issues
• Focus review effort on the public export report file .public-export-report.txt if available

📊 Overall: Like being asked to proofread Wikipedia in 30 seconds — technically impossible but the spirit of openness is appreciated.

Files Reviewed

• Sampled auth-session.ts, ChoiceModal.tsx, interactionInputs.ts, choiceModalAction.ts - Clean, readable code following established patterns
• Skipped ~2787 files due to API limitations

[kilo-code-bot]

Code Review Roast 🔥

Verdict: Unable to Review | Recommendation: Skip automated review for weekly sync PRs

Overview

This PR (#205) is a weekly export from a private repository containing 2791 changed files. The diff exceeds GitHub's API limits for inline review comments, making detailed line-by-line analysis impossible.

Context

Verified export report confirms this is a legitimate public sync from:

• Private commit: 8414e9200cef64ff263b586504b05e7d98b8c6f4
• Branches: submodules/agnostic-simulator, submodules/lorcana, submodules/cyberpunk, submodules/gundam, submodules/one-piece-simulator
• No private paths leaked (verified: submodules/platform absent)

Recommendation

For weekly sync PRs of this nature:

• Consider targeted validation on specific subsystems rather than full PR review
• Run the standard validation suite (pnpm run ci:agnostic:check) to catch integration issues
• Focus review effort on the public export report file .public-export-report.txt

📊 Overall: Like being asked to proofread Wikipedia in 30 seconds — technically impossible but the spirit of openness is appreciated.

Files Reviewed (sampled)

• auth-session.ts - Clean, readable code following established patterns
• ChoiceModal.tsx - Well-structured React component with proper type guards
• interactionInputs.ts - Simple utility functions with good type safety
• choiceModalAction.ts - Clear business logic for modal action selection

~2787 other files skipped due to API limitations.

---

_{Reviewed by laguna-m.1-20260312:free · Input: 646.2K · Output: 4.2K · Cached: 322.5K}

[augmentcode]

🤖 Augment PR Summary

Summary: Weekly public sync export from the private repo, updating engine/simulator sources and synced data for 2026-W26.

Changes:

• Added the submodules/star-wars-unlimited workspace to the public export allowlist.
• Expanded the multi-game simulator’s SSR + routing utilities (moved router path helpers under src/routes/ and updated imports).
• Added a server-side gateway ticket resolver to mint authenticated gateway tickets during SSR when a user cookie is present.
• Adopted the shared @tcg/gateway-client dependency in the multi-game simulator.
• Refactored Cyberpunk simulator UI composition (new board/interaction renderer split, component moves, PromptBanner behavior tweaks).
• Updated Cyberpunk animation projection to use shared simulator projection helpers for entities/zones.
• Reworked Playwright e2e harness guidance and added/updated Cyberpunk e2e/card tests + fixtures.

Technical Notes: SSR behavior now forwards cookies + x-forwarded-* headers to per-game ticket endpoints; e2e flows are driven primarily via the rendered InteractionPanel, using the dev-only engine bridge for assertions/logging.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

Because this route is SSR-enabled, deriving requestedFixtureId from window.location.search means the server render will always use null, but the client’s first render may pick up ?fixture=... and initialize selectedFixtureId differently. That can lead to a hydration mismatch / UI jump; consider sourcing the search param from React Router’s request/location so server+client agree.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[Copilot]

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8e01b0ebde

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reauthenticate the root socket when credentials change

When the same game slug is reloaded after sign-out, sign-in as another account, or a refreshed SSR ticket/JWT, this branch only mutates currentSnapshot and returns while the existing Socket.IO connection stays authenticated as the previous user until a transport reconnect happens. The auth callback is only read on handshakes, so the gateway presence/join identity can remain stale across same-slug auth changes; force a reconnect or release/reacquire when the credential identity/requireAuth state changes.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Enforce play costs before moving cards

When playCard reaches this line for any card in hand, it moves the card straight to its destination without checking definition.cost against readyResources or exhausting resources to pay that cost. In a normal action-phase game this lets a player with 0 ready resources play any event/unit/upgrade for free, so resource counts and cost-gated card behavior become meaningless.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Exhaust non-leader units when they enter play

For a normal unit play from hand, createRuntimeCard starts cards as exhausted: false and this path never marks the unit exhausted after moving it into an arena. Since resolveAttack only rejects exhausted attackers, a unit played this phase can attack on a later action without Ambush or another readying effect, which breaks the core SWU rule that non-leader units enter play exhausted.

Useful? React with 👍 / 👎.