define authoritative server runtime contracts — PLAN_PR_LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME

Author: DavidQ

docs/dev/CODEX_COMMANDS.md

@@ -1,4 +1,4 @@
 MODEL: GPT-5.3-codex
-REASONING: low
+REASONING: high
 COMMAND:
-No further implementation. APPLY complete.
+Prepare for implementation of authoritative server runtime per PLAN_PR_LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME. No engine API breakage.

docs/dev/COMMIT_COMMENT.txt

@@ -1 +1 @@
-apply transport/session foundation and validate — APPLY_PR_LEVEL_12_1_REAL_NETWORK_FOUNDATION
+define authoritative server runtime contracts — PLAN_PR_LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME

docs/dev/reports/validation_checklist.txt

@@ -1,3 +1,3 @@
-- Apply completed
-- Validation passed
-- Ready for next PR
+- Server loop defined
+- Input ingestion defined
+- Ownership boundaries defined

docs/pr/BUILD_PR_LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME.md

@@ -0,0 +1,55 @@
+# BUILD_PR_LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME
+
+## Purpose
+Implement the first authoritative server runtime slice on top of Level 12.1 transport/session contracts with no engine API breakage.
+
+## Scope
+Primary target files:
+- `src/engine/network/AuthoritativeServerRuntime.js`
+- `src/engine/network/AuthoritativeInputIngestionContract.js`
+- `src/engine/network/index.js`
+- `tests/final/MultiplayerNetworkingStack.test.mjs`
+- `docs/pr/LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME_CONTRACTS.md`
+
+Allowed nearby reads:
+- `src/engine/network/TransportContract.js`
+- `src/engine/network/SessionLifecycleContract.js`
+- `src/engine/network/HandshakeSimulator.js`
+- `src/engine/network/HostServerBootstrap.js`
+- `docs/pr/LEVEL_12_1_REAL_NETWORK_FOUNDATION_CONTRACTS.md`
+
+## Required implementation
+- Add an authoritative server runtime contract with an isolated tick loop that can run independently of gameplay code.
+- Add a client input ingestion contract that validates and normalizes input envelopes before queueing.
+- Enforce server-owned state boundaries so only server runtime code mutates authoritative state snapshots.
+- Keep handshake simulation compatible and testable with Level 12.1 foundations.
+- Export new runtime/contract symbols additively from `src/engine/network/index.js` only.
+- Extend `tests/final/MultiplayerNetworkingStack.test.mjs` with focused assertions for:
+  - runtime loop start/step/stop behavior
+  - input ingestion acceptance and rejection paths
+  - server ownership boundary protection
+  - existing handshake simulation still passing
+
+## Acceptance criteria
+- Server runtime contract documented and implemented.
+- Input ingestion contract documented and implemented.
+- Authoritative ownership boundaries are enforced by runtime behavior and tests.
+- No existing engine network exports are removed or renamed.
+- Existing handshake simulation remains green.
+
+## Validation
+Run only:
+- `node --check src/engine/network/AuthoritativeServerRuntime.js`
+- `node --check src/engine/network/AuthoritativeInputIngestionContract.js`
+- `node --input-type=module -e "import('./tests/final/MultiplayerNetworkingStack.test.mjs').then(async ({ run }) => { await run(); console.log('PASS MultiplayerNetworkingStack'); })"`
+- `node --input-type=module -e "import('./tests/production/EnginePublicBarrelImports.test.mjs').then(async ({ run }) => { await run(); console.log('PASS EnginePublicBarrelImports'); })"`
+
+## Non-goals
+- no replication implementation
+- no gameplay coupling
+- no UI/debug expansion
+- no engine core API redesign
+- no repo-wide cleanup or unrelated refactor
+
+## Working tree rule
+If the tree is already dirty, ignore unrelated files and modify only the scoped files for this PR purpose.

docs/pr/LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME_PREP.md

@@ -0,0 +1,67 @@
+# LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME_PREP
+
+## Goal
+Define implementation-ready boundaries for Level 12.2 authoritative server runtime so APPLY can be executed in one pass without engine API breakage.
+
+## Runtime Contract Shape (Planned)
+
+`AuthoritativeServerRuntime` should expose:
+
+- `start({ sessionId, tickRateHz })`
+- `stop(reason)`
+- `step(dtSeconds)`
+- `ingestClientInput(envelope)`
+- `drainAcceptedInputs()`
+- `getSnapshot()`
+
+Runtime ownership:
+
+- Owns authoritative tick/time counters.
+- Owns authoritative input queue.
+- Owns authoritative session status for runtime state.
+- Does not mutate gameplay state directly in Level 12.2.
+
+## Client Input Ingestion Contract (Planned)
+
+`AuthoritativeInputIngestionContract` validates inbound envelopes with a stable shape:
+
+- `sessionId` string
+- `clientId` string
+- `sequence` non-negative integer
+- `inputType` string
+- `payload` plain object
+- `sentAtMs` finite number
+
+Validation behavior:
+
+- Reject malformed envelopes with deterministic codes.
+- Normalize accepted envelopes to a server-safe canonical shape.
+- Preserve ingestion metadata for diagnostics (`acceptedAtTick`, `acceptedAtMs`).
+
+## Server-Owned State Boundaries (Planned)
+
+State fields that must be server-owned:
+
+- `authoritativeTick`
+- `runtimePhase` (`idle`, `running`, `stopped`, `failed`)
+- `connectedClients` registry
+- `acceptedInputQueue`
+
+Boundary rules:
+
+- Client-originated packets cannot directly mutate authoritative runtime fields.
+- All mutation enters through `ingestClientInput` and `step`.
+- External consumers receive read-only snapshots.
+
+## Compatibility Guardrails
+
+- Keep Level 12.1 handshake flow (`hello -> accept -> confirm`) intact and testable.
+- Maintain existing exports; add new exports only.
+- Avoid changes outside `src/engine/network/*` and targeted network tests.
+
+## APPLY Readiness Checklist
+
+- BUILD doc exists with exact targets and exact validation commands.
+- Runtime and ingestion contracts have concrete method signatures.
+- Ownership boundaries are explicit enough for deterministic tests.
+- Handshake regression checks remain in validation path.

docs/pr/PLAN_PR_LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME.md

@@ -0,0 +1,24 @@
+# PLAN_PR_LEVEL_12_2_AUTHORITATIVE_SERVER_RUNTIME
+
+## Purpose
+Introduce authoritative server runtime layer on top of transport/session foundation.
+
+## Scope
+- Define authoritative server loop
+- Define server-owned state boundaries
+- Define client input ingestion contract
+
+## Non-Scope
+- No full replication system
+- No gameplay coupling
+- No UI/debug expansion
+
+## Testability
+- Server loop runs independently
+- Input ingestion validated
+- State ownership enforced
+
+## Acceptance Criteria
+- Server runtime contract documented
+- Input ingestion contract defined
+- Authoritative ownership boundaries enforced