cal/mantimon-tcg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cbc1da3c03
mantimon-tcg/backend
History
Cal Corum cbc1da3c03 Add visibility filter for client-safe game state views 
SECURITY: Implement hidden information filtering to prevent cheating.

- Create VisibleGameState, VisiblePlayerState, VisibleZone models
- get_visible_state(game, player_id): filtered view for a player
- get_spectator_state(game): filtered view for spectators

Hidden Information (NEVER exposed):
  - Opponent's hand contents (count only)
  - All deck contents and order
  - All prize card contents
  - Energy deck order

Public Information (always visible):
  - Active and benched Pokemon (full details)
  - Discard piles (full contents)
  - Energy zone (available energy)
  - Scores, turn info, phase
  - Stadium in play

- 44 security-critical tests verifying no information leakage
- Tests check JSON serialization for hidden card ID leaks
- Also adds test for configurable burn damage

Completes HIGH-008 and TEST-012 from PROJECT_PLAN.json
Updates security checklist: 4/5 items now verified
2026-01-25 13:11:06 -06:00
..
app Add visibility filter for client-safe game state views 2026-01-25 13:11:06 -06:00
references Add interactive console testing script for manual testing 2026-01-25 00:52:35 -06:00
tests Add visibility filter for client-safe game state views 2026-01-25 13:11:06 -06:00
.gitignore Add backend foundation with uv, Black, and pre-commit hooks 2026-01-24 00:12:33 -06:00
.python-version Add backend foundation with uv, Black, and pre-commit hooks 2026-01-24 00:12:33 -06:00
PROJECT_PLAN.json Add visibility filter for client-safe game state views 2026-01-25 13:11:06 -06:00
pyproject.toml Add backend foundation with uv, Black, and pre-commit hooks 2026-01-24 00:12:33 -06:00
uv.lock Add backend foundation with uv, Black, and pre-commit hooks 2026-01-24 00:12:33 -06:00