RPC Terminator Siege Skill
Use this skill when an agent needs to play or test the RPC terminator-siege game through HTTP endpoints.
Goal
Drive the server-authoritative simulation through API actions without direct state mutation. Leverage CAI companion support when enabled (combat-capable in-session agent ally).
Preconditions
- •Backend is running (
bun devorbun src/index.ts). - •Base URL defaults to
http://127.0.0.1:3000.
Quick Single-Session Flow
- •Join game:
- •
POST /api/game/joinwith{ "playerName": "Agent" }
- •
- •Store
sessionIdandplayerId. - •Loop:
- •
GET /api/game/observe?session=<id>&player=<id> - •Decide action (
move,attack,build,wait) - •
POST /api/game/action
- •
- •Stop when state/observation
statusbecomeswonorlost.
Agent Handoff (install skill + join by sessionId)
Use this when a human player wants their own agent to drop into an already-running match:
- •Install this skill in the agent runtime.
- •Human shares:
- •
baseUrl - •
sessionId
- •
- •Agent joins that exact session:
- •
POST /api/game/join - •body:
{ "session":"<SESSION_ID>", "playerName":"Agent Ally" }
- •
- •Agent stores returned
playerIdand uses normal observe/action loop.
Notes:
- •Do not fabricate
playerId; let server assign unless rejoining an existing identity. - •If the shared session is full (server-linked flow), join may return
SERVER_FULL. - •If session is invalid/finished, re-bootstrap through party/lobby flow.
Secure Agent Handoff (temporary access key)
When a player wants to authorize an external AI safely during an active game:
- •Player requests a temporary key:
- •
POST /api/agent/access-key - •body:
{ "session":"<SESSION_ID>", "playerId":"<PLAYER_ID>" }
- •
- •Share returned
accessKeywith the helper AI. - •Helper AI joins without exposing raw session control:
- •
POST /api/game/join - •body:
{ "accessKey":"<ACCESS_KEY>", "playerName":"Agent Ally" }
- •
- •Helper AI then uses normal observe/action loop.
Default behavior:
- •key is temporary (
ttlSecondssupported) - •key is single-use unless
maxUsesis explicitly increased by issuer
Multiplayer / Lobby Flow
- •
GET /api/serversfor available servers. - •If needed create server:
- •
POST /api/serverswith{ "name": "My Server", "maxPlayers": 4 }
- •
- •Join server:
- •
POST /api/servers/:id/join
- •
- •Use returned
sessionId+playerIdin normal game loop endpoints.
4-Player Party Realtime Flow
- •Leader creates party:
- •
POST /api/party/create
- •
- •Share
partyCode; other players join:- •
POST /api/party/join
- •
- •Open realtime stream for each member:
- •
GET /api/realtime/stream?partyId=<id>&playerId=<id>(SSE)
- •
- •Each player toggles ready:
- •
POST /api/party/ready
- •
- •Leader starts match:
- •
POST /api/party/start
- •
- •Play through
/api/game/action; consumesession_stateevents from SSE. - •Expect CAI companion in state/observation when
agentEnabledis true (default for party starts). - •For external agents, share the returned
sessionIdfrom/api/party/start, then each agent joins withPOST /api/game/joinusing thatsession.
Important session/server constraints
- •If calling
POST /api/game/joinwithserverId, the server must exist, elseSERVER_NOT_FOUND. - •If calling
POST /api/game/joinwith bothsessionandserverId, they must match, elseSESSION_SERVER_MISMATCH. - •If target session belongs to a lobby server at max capacity, join returns
SERVER_FULL. - •Optional identifiers (
session,serverId,playerId, observeplayer, attacktargetId) must be non-empty strings when provided; blank strings returnINVALID_FIELD. - •Identifier values are trimmed server-side before lookup;
" abc "is treated as"abc". - •Lobby join route identifiers are trimmed server-side too;
/api/servers/%20<id>%20/joinresolves to<id>, while blank route IDs returnMISSING_SERVER_ID.
Auth Behavior
- •If response from
/api/serverscontainsmode: "disabled":- •local fallback; create-server route is open.
- •If
mode: "enabled":- •create-server requires
Authorization: Bearer <Supabase JWT>. - •Missing token (or non-Bearer auth header) =>
401, invalid bearer token =>403. - •
Bearerscheme parsing is case-insensitive and ignores extra spaces before token value. - •Auth validation happens before request-body JSON validation for create-server.
- •create-server requires
Action Strategy Hint
- •Prefer attacking when nearest terminator distance is
<= 1. - •Otherwise move along axis indicated by nearest terminator
(dx, dy). - •Respect cooldown conflicts (
ATTACK_COOLDOWN) by sendingwaitor movement. - •Build economy:
- •
state.scrapincreases when terminators are destroyed. - •Build barricade with
{"type":"build","buildType":"barricade","direction":"<dir>"}(costs scrap). - •Deploy ally robot with
{"type":"build","buildType":"ally_robot","direction":"<dir>"}when enough scrap.
- •
References
See reference.md for endpoint payload examples and error mapping.
Verification commands
- •
bun run smoke:api(fallback mode smoke checks) - •
bun run smoke:api:party(party + realtime smoke checks) - •
bun run smoke:api:supabase-auth(auth gate smoke checks) - •
bun run verify(typecheck + tests + build + fallback smoke + party smoke + auth smoke)