Initial commit

Author: chrisreddington

.devcontainer/devcontainer.json

@@ -0,0 +1,22 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/typescript-node
+{
+	"name": "Node.js & TypeScript",
+	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+	"image": "mcr.microsoft.com/devcontainers/typescript-node:1-22-bookworm",
+
+	// Features to add to the dev container. More info: https://containers.dev/features.
+	// "features": {},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	"postCreateCommand": "npm install"
+
+	// Configure tool-specific properties.
+	// "customizations": {},
+
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "root"
+}

.github/copilot-instructions.md

@@ -0,0 +1,77 @@
+# Turn-Based Games Platform - AI Developer Guide
+
+## Architecture Overview
+
+This is a **monorepo workspace** with three packages that work together to create a turn-based games platform:
+
+- **`shared/`** - Core game logic, types, and SQLite storage (TypeScript library)
+- **`web/`** - Next.js 15 frontend with API routes (React + TailwindCSS)  
+- **`mcp-server/`** - Model Context Protocol server providing AI opponents (Node.js service)
+
+**Key Integration Pattern**: The MCP server communicates with the web app via HTTP calls to `/api/games/*` endpoints, not direct database access. This maintains clear service boundaries.
+
+## Development Workflow
+
+**Essential build order** (shared must be built first):
+```bash
+npm run build --workspace=shared  # Always run first
+npm run dev --workspace=web       # Starts Next.js dev server (port 3000)
+npm run dev --workspace=mcp-server # Starts MCP server (stdio)
+```
+
+**Database location**: SQLite file is at `web/games.db` by default, controlled by `GAMES_DB_PATH` env var.
+
+## Core Architecture Patterns
+
+### Game Implementation Pattern
+All games follow the `Game<TGameState, TMove>` interface in `shared/src/types/game.ts`:
+- `validateMove()` - Check if move is legal
+- `applyMove()` - Apply move and return new state  
+- `checkGameEnd()` - Determine win/draw/continue
+- `getValidMoves()` - Get available moves
+- `getInitialState()` - Create starting game state
+
+### Storage Pattern
+Games use a dual-storage approach:
+- **Web app**: Direct SQLite access via `shared/src/storage/sqlite-storage.ts`
+- **MCP server**: HTTP calls to web API endpoints (no direct DB access)
+
+### AI Integration Pattern
+The MCP server exposes tools like `play_tic_tac_toe` and `create_tic_tac_toe_game`. It calls the web API to:
+1. Fetch current game state
+2. Calculate AI move using algorithms in `mcp-server/src/ai/`
+3. Submit move back via API POST
+
+## File Organization Conventions
+
+### API Routes Structure
+- `web/src/app/api/games/[game-type]/route.ts` - Create/list games
+- `web/src/app/api/games/[game-type]/[id]/move/route.ts` - Make moves
+
+### Game-Specific Types
+Game states extend `BaseGameState` and are defined in `shared/src/types/games.ts`:
+- `TicTacToeGameState` includes `board: Board` and `playerSymbols`
+- `RPSGameState` includes `rounds` and `scores`
+
+### Component Organization
+- `web/src/components/games/` - Game-specific UI components
+- `web/src/app/games/[game-type]/` - Game-specific pages
+
+## Development Guidelines
+
+### Adding New Games
+1. Define types in `shared/src/types/games.ts`
+2. Implement game class in `shared/src/games/`
+3. Add API routes in `web/src/app/api/games/[new-game]/`
+4. Create AI implementation in `mcp-server/src/ai/`
+5. Add MCP tools in `mcp-server/src/server.ts`
+6. Build UI components in `web/src/components/games/`
+
+### Environment Variables
+- `WEB_API_BASE` - MCP server's web app URL (default: `http://localhost:3000`)
+- `GAMES_DB_PATH` - SQLite database location (default: `./games.db`)
+
+### Key Dependencies
+- `@modelcontextprotocol/sdk` - MCP server framework
+- `sqlite3` - Database (shared between web/mcp-server)
+- `@turn-based-mcp/shared` - Internal workspace dependency

.github/dependabot.yml

@@ -0,0 +1,32 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      actions-minor:
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      npm-development:
+        dependency-type: development
+        update-types:
+          - minor
+          - patch
+      npm-production:
+        dependency-type: production
+        update-types:
+          - patch

.github/instructions/api-routes.instructions.md

@@ -0,0 +1,149 @@
+---
+applyTo: "web/src/app/api/**/*.{ts,js}"
+description: Next.js API route development patterns for the turn-based games platform
+---
+
+# API Route Instructions
+
+Follow these patterns when creating Next.js API routes:
+
+## File Structure and Naming
+
+- Use Next.js 13+ App Router conventions (`route.ts`)
+- Group related routes by game type: `/api/games/[game-type]/`
+- Use dynamic routes for game instances: `/api/games/[game-type]/[id]/`
+- Include MCP-specific sanitized endpoints: `/api/games/[game-type]/mcp/`
+
+## HTTP Method Handlers
+
+Export named functions for each HTTP method:
+
+```typescript
+import { NextRequest, NextResponse } from 'next/server'
+
+export async function GET() {
+  // Handle GET requests
+}
+
+export async function POST(request: NextRequest) {
+  // Handle POST requests with body
+}
+
+export async function DELETE(request: NextRequest) {
+  // Handle DELETE requests
+}
+```
+
+## Request/Response Patterns
+
+### Request Handling
+- Always use try-catch blocks for error handling
+- Parse request bodies with `await request.json()`
+- Extract URL parameters from dynamic routes: `{ params }: { params: Promise<{ id: string }> }`
+- Validate required fields and return 400 for missing data
+
+### Response Patterns
+- Use `NextResponse.json()` for all responses
+- Include appropriate HTTP status codes:
+  - 200: Success
+  - 400: Bad request (validation errors, invalid moves)
+  - 404: Resource not found
+  - 500: Server errors
+- Return consistent error shapes: `{ error: 'Error message' }`
+
+## Game Integration Patterns
+
+### Game State Management
+- Create game instances at module level: `const ticTacToeGame = new TicTacToeGame()`
+- Use shared game storage functions from `@turn-based-mcp/shared`
+- Always validate moves using game logic before applying
+- Update game history with player moves and timestamps
+
+### Move Processing Flow
+```typescript
+// 1. Validate game exists
+const gameSession = await getGameFromStorage(gameId)
+if (!gameSession) {
+  return NextResponse.json({ error: 'Game not found' }, { status: 404 })
+}
+
+// 2. Validate move
+if (!gameInstance.validateMove(gameSession.gameState, move, playerId)) {
+  return NextResponse.json({ error: 'Invalid move' }, { status: 400 })
+}
+
+// 3. Apply move and update state
+let updatedGameState = gameInstance.applyMove(gameSession.gameState, move, playerId)
+
+// 4. Add to history
+const playerMove = { playerId, move, timestamp: new Date() }
+gameSession.history.push(playerMove)
+
+// 5. Check for game end
+const gameResult = gameInstance.checkGameEnd(updatedGameState)
+if (gameResult) {
+  updatedGameState = { ...updatedGameState, status: 'finished', winner: gameResult.winner }
+}
+
+// 6. Save and return
+gameSession.gameState = updatedGameState
+await saveGameToStorage(gameId, gameSession)
+return NextResponse.json(gameSession)
+```
+
+## Error Handling
+
+- Log errors with `console.error()` before returning responses
+- Handle specific error types (validation, storage, parsing)
+- Return generic error messages to avoid exposing internals
+- Use 500 status for unexpected errors
+
+## Security and Sanitization
+
+### MCP Endpoints
+- Create separate `/mcp/` endpoints for MCP server access
+- Sanitize sensitive data (hide current player choices in RPS)
+- Remove incomplete rounds and private information
+- Validate all inputs from external MCP requests
+
+### General Security
+- Validate all input parameters
+- Sanitize data before storage
+- Use proper TypeScript types for request/response shapes
+- Avoid exposing sensitive game state to clients
+
+## Example Route Structure
+
+```typescript
+import { NextRequest, NextResponse } from 'next/server'
+import { GameClass } from '@turn-based-mcp/shared'
+import { getGame, setGame } from '../../../lib/game-storage'
+
+const gameInstance = new GameClass()
+
+export async function POST(request: NextRequest) {
+  try {
+    const { playerName, gameId } = await request.json()
+    
+    const players = [
+      { id: 'player1', name: playerName || 'Player', isAI: false },
+      { id: 'ai', name: 'AI', isAI: true }
+    ]
+    
+    const gameState = gameInstance.getInitialState(players)
+    if (gameId) gameState.id = gameId
+    
+    const gameSession = {
+      gameState,
+      gameType: 'game-type',
+      history: []
+    }
+    
+    await setGame(gameState.id, gameSession)
+    return NextResponse.json(gameSession)
+  } catch (error) {
+    console.error('Error creating game:', error)
+    return NextResponse.json({ error: 'Failed to create game' }, { status: 500 })
+  }
+}
+```