* feat(math): add blueprint nodes for math library
- Add Vector2 blueprint nodes (Make, Break, arithmetic, Length, Normalize, Dot, Cross, Distance, Lerp, Rotate, FromAngle)
- Add Fixed32 blueprint nodes (conversions, arithmetic, math functions, comparison)
- Add FixedVector2 blueprint nodes (Make, Break, arithmetic, vector operations)
- Add Color blueprint nodes (Make, Break, conversions, color manipulation, constants)
- Add documentation with visual examples for all math blueprint nodes
- Update sidebar navigation to include math module
* fix(ci): adjust build order - blueprint before math
math package now depends on blueprint, so blueprint must be built first
* docs(blueprint): fix Cocos editor integration guide
- Remove redundant component/system implementations
- Users should use BlueprintComponent and BlueprintSystem from @esengine/blueprint
- Add BlueprintComponent properties and methods reference table
* feat(math): add blueprint nodes for math library
- Add Vector2 blueprint nodes (Make, Break, arithmetic, Length, Normalize, Dot, Cross, Distance, Lerp, Rotate, FromAngle)
- Add Fixed32 blueprint nodes (conversions, arithmetic, math functions, comparison)
- Add FixedVector2 blueprint nodes (Make, Break, arithmetic, vector operations)
- Add Color blueprint nodes (Make, Break, conversions, color manipulation, constants)
- Add documentation with visual examples for all math blueprint nodes
- Update sidebar navigation to include math module
* fix(ci): adjust build order - blueprint before math
math package now depends on blueprint, so blueprint must be built first
* feat(node-editor, blueprint): add group box and math/logic nodes
node-editor:
- Add visual group box for organizing nodes
- Dynamic bounds calculation based on node pin counts
- Groups auto-resize to wrap contained nodes
- Dragging group header moves all nodes together
blueprint:
- Add comprehensive math nodes (modulo, power, sqrt, trig, etc.)
- Add logic nodes (comparison, boolean, select)
docs:
- Update nodes.md with new math and logic nodes
- Add group feature documentation to editor-guide.md
* chore: remove unused debug and test scripts
Remove FBX animation debug scripts that are no longer needed:
- analyze-fbx, debug-*, test-*, verify-*, check-*, compare-*, trace-*, simple-fbx-test
Remove unused kill-dev-server.js from editor-app
* feat(blueprint): refactor BlueprintComponent as proper ECS Component
- Convert BlueprintComponent from interface to actual ECS Component class
- Add ready-to-use BlueprintSystem that extends EntitySystem
- Remove deprecated legacy APIs (createBlueprintSystem, etc.)
- Update all blueprint documentation (Chinese & English)
- Simplify user API: just add BlueprintSystem and BlueprintComponent
BREAKING CHANGE: BlueprintComponent is now a class extending Component,
not an interface. Use `new BlueprintComponent()` instead of
`createBlueprintComponentData()`.
* chore(blueprint): add changeset for ECS component refactor
* fix(node-editor): fix connections not rendering when node is collapsed
- getPinPosition now returns node header position when pin element is not found
- Added collapsedNodesKey to force re-render connections after collapse/expand
- Input pins connect to left side, output pins to right side of collapsed nodes
* chore(node-editor): add changeset for collapse connection fix
* feat(blueprint): add Add Component nodes for entity-component creation
- Add type-specific Add_ComponentName nodes via ComponentNodeGenerator
- Add generic ECS_AddComponent node for dynamic component creation
- Add ExecutionContext.getComponentClass() for component lookup
- Add registerComponentClass() helper for manual component registration
- Each Add node supports initial property values from @BlueprintProperty
* docs: update changeset with Add Component feature
* feat(blueprint): improve event nodes with Self output and auto-create BeginPlay
- Event Begin Play now outputs Self entity
- Event Tick now outputs Self entity + Delta Seconds
- Event End Play now outputs Self entity
- createEmptyBlueprint() now includes Event Begin Play by default
- Added menuPath to all event nodes for better organization
* docs: update changeset for auto component registration
* feat(blueprint): add variable nodes (Get/Set Variable)
* docs: update changeset with variable nodes
* feat(blueprint): refactor BlueprintComponent as proper ECS Component
- Convert BlueprintComponent from interface to actual ECS Component class
- Add ready-to-use BlueprintSystem that extends EntitySystem
- Remove deprecated legacy APIs (createBlueprintSystem, etc.)
- Update all blueprint documentation (Chinese & English)
- Simplify user API: just add BlueprintSystem and BlueprintComponent
BREAKING CHANGE: BlueprintComponent is now a class extending Component,
not an interface. Use `new BlueprintComponent()` instead of
`createBlueprintComponentData()`.
* chore(blueprint): add changeset for ECS component refactor
* fix(node-editor): fix connections not rendering when node is collapsed
- getPinPosition now returns node header position when pin element is not found
- Added collapsedNodesKey to force re-render connections after collapse/expand
- Input pins connect to left side, output pins to right side of collapsed nodes
* chore(node-editor): add changeset for collapse connection fix
* feat(blueprint): add Add Component nodes for entity-component creation
- Add type-specific Add_ComponentName nodes via ComponentNodeGenerator
- Add generic ECS_AddComponent node for dynamic component creation
- Add ExecutionContext.getComponentClass() for component lookup
- Add registerComponentClass() helper for manual component registration
- Each Add node supports initial property values from @BlueprintProperty
* docs: update changeset with Add Component feature
* feat(blueprint): improve event nodes with Self output and auto-create BeginPlay
- Event Begin Play now outputs Self entity
- Event Tick now outputs Self entity + Delta Seconds
- Event End Play now outputs Self entity
- createEmptyBlueprint() now includes Event Begin Play by default
- Added menuPath to all event nodes for better organization
* refactor(node-editor): move to packages/devtools for standalone use
- Move @esengine/node-editor from packages/editor/plugins to packages/devtools
- Clean up dependencies: remove unused zustand, move react to peerDependencies
- Update pnpm-workspace.yaml to include packages/devtools/*
- Package is now standalone and can be used in Cocos/Laya plugins
* fix(changeset): remove node-editor from ignore list for publishing
* fix(changeset): remove invalid changeset file
* chore(changeset): add changeset for node-editor release
* refactor(node-editor): move to packages/devtools for standalone use
- Move @esengine/node-editor from packages/editor/plugins to packages/devtools
- Clean up dependencies: remove unused zustand, move react to peerDependencies
- Update pnpm-workspace.yaml to include packages/devtools/*
- Package is now standalone and can be used in Cocos/Laya plugins
* fix(changeset): remove node-editor from ignore list for publishing
* fix(changeset): remove invalid changeset file
* refactor(node-editor): move to packages/devtools for standalone use
- Move @esengine/node-editor from packages/editor/plugins to packages/devtools
- Clean up dependencies: remove unused zustand, move react to peerDependencies
- Update pnpm-workspace.yaml to include packages/devtools/*
- Package is now standalone and can be used in Cocos/Laya plugins
* fix(changeset): remove node-editor from ignore list for publishing
- Move @esengine/node-editor from packages/editor/plugins to packages/devtools
- Clean up dependencies: remove unused zustand, move react to peerDependencies
- Update pnpm-workspace.yaml to include packages/devtools/*
- Package is now standalone and can be used in Cocos/Laya plugins
* feat(server): add distributed room support
- Add DistributedRoomManager for multi-server room management
- Add MemoryAdapter for testing and standalone mode
- Add RedisAdapter for production multi-server deployments
- Add LoadBalancedRouter with 5 load balancing strategies
- Add distributed config option to createServer
- Add $redirect message for cross-server player redirection
- Add failover mechanism for automatic room recovery
- Add room:migrated and server:draining event types
- Update documentation (zh/en)
* feat(server): add Schema validation system and binary encoding optimization
## Schema Validation System
- Add lightweight schema validation system (s.object, s.string, s.number, etc.)
- Support auto type inference with Infer<> generic
- Integrate schema validation into API/message handlers
- Add defineApiWithSchema and defineMsgWithSchema helpers
## Binary Encoding Optimization
- Add native WebSocket binary frame support via sendBinary()
- Add PacketType.Binary for efficient binary data transmission
- Optimize ECSRoom.broadcastBinary() to use native binary
## Architecture Improvements
- Extract BaseValidator to separate file to eliminate code duplication
- Add ECSRoom export to main index.ts for better discoverability
- Add Core.worldManager initialization check in ECSRoom constructor
- Remove deprecated validate field from ApiDefinition (use schema instead)
## Documentation
- Add Schema validation documentation in Chinese and English
* fix(rpc): resolve ESLint warnings with proper types
- Replace `any` with proper WebSocket type in connection.ts
- Add IncomingMessage type for request handling in index.ts
- Use Record<string, Handler> pattern instead of `any` casting
- Replace `any` with `unknown` in ProtocolDef and type inference
* feat(server): enhance HTTP router with params, middleware and timeout
- Add route parameter support (/users/:id → req.params.id)
- Add middleware support (global and route-level)
- Add request timeout control (global and route-level)
- Add built-in middlewares: requestLogger, bodyLimit, responseTime, requestId, securityHeaders
- Add 25 unit tests for HTTP router
- Update documentation (zh/en)
* chore: add changeset for HTTP router enhancement
* fix(server): prevent CORS credential leak vulnerability
- Change default cors: true to use origin: '*' without credentials
- When credentials enabled with origin: true, only reflect if request has origin header
- Add test for origin reflection without credentials
- Fixes CodeQL security alert
* fix(server): prevent CORS credential leak with wildcard/reflect origin
Security fix for CodeQL alert: CORS credential leak vulnerability.
When credentials are enabled with wildcard (*) or reflection (true) origin:
- Refuse to set any CORS headers (blocks the request)
- Only allow credentials with fixed string origin or whitelist array
This prevents attackers from stealing credentials via CORS from arbitrary origins.
Added 4 security tests to verify the fix.
* refactor(server): extract resolveAllowedOrigin for cleaner CORS logic
* refactor(server): inline CORS security checks for CodeQL compatibility
* fix(server): return whitelist value instead of request origin for CodeQL
* fix(server): use object key lookup pattern for CORS whitelist (CodeQL recognized)
* fix(server): skip null origin in reflect mode for additional security
* fix(server): simplify CORS reflect mode to use wildcard for CodeQL security
The reflect mode (cors.origin === true) now uses '*' instead of
reflecting the request origin. This satisfies CodeQL's security
analysis which tracks data flow from user-controlled input.
Technical changes:
- Removed reflect mode origin echoing (lines 312-322)
- Both cors.origin === true and cors.origin === '*' now set '*'
- Updated test to expect '*' instead of reflected origin
This is a security-first decision: using '*' is safer than reflecting
arbitrary origins, even without credentials enabled.
* fix(server): add lgtm suppression for configured CORS origin
The fixed origin string comes from server configuration, not user input.
Added lgtm annotation to suppress CodeQL false positive.
* refactor(server): simplify CORS fixed origin handling
* feat(server): enhance HTTP router with params, middleware and timeout
- Add route parameter support (/users/:id → req.params.id)
- Add middleware support (global and route-level)
- Add request timeout control (global and route-level)
- Add built-in middlewares: requestLogger, bodyLimit, responseTime, requestId, securityHeaders
- Add 25 unit tests for HTTP router
- Update documentation (zh/en)
* chore: add changeset for HTTP router enhancement
* fix(server): prevent CORS credential leak vulnerability
- Change default cors: true to use origin: '*' without credentials
- When credentials enabled with origin: true, only reflect if request has origin header
- Add test for origin reflection without credentials
- Fixes CodeQL security alert
* fix(server): prevent CORS credential leak with wildcard/reflect origin
Security fix for CodeQL alert: CORS credential leak vulnerability.
When credentials are enabled with wildcard (*) or reflection (true) origin:
- Refuse to set any CORS headers (blocks the request)
- Only allow credentials with fixed string origin or whitelist array
This prevents attackers from stealing credentials via CORS from arbitrary origins.
Added 4 security tests to verify the fix.
* refactor(server): extract resolveAllowedOrigin for cleaner CORS logic
* refactor(server): inline CORS security checks for CodeQL compatibility
* fix(server): return whitelist value instead of request origin for CodeQL
* fix(server): use object key lookup pattern for CORS whitelist (CodeQL recognized)
* fix(server): skip null origin in reflect mode for additional security
* fix(server): simplify CORS reflect mode to use wildcard for CodeQL security
The reflect mode (cors.origin === true) now uses '*' instead of
reflecting the request origin. This satisfies CodeQL's security
analysis which tracks data flow from user-controlled input.
Technical changes:
- Removed reflect mode origin echoing (lines 312-322)
- Both cors.origin === true and cors.origin === '*' now set '*'
- Updated test to expect '*' instead of reflected origin
This is a security-first decision: using '*' is safer than reflecting
arbitrary origins, even without credentials enabled.
* fix(server): add lgtm suppression for configured CORS origin
The fixed origin string comes from server configuration, not user input.
Added lgtm annotation to suppress CodeQL false positive.
* refactor(server): simplify CORS fixed origin handling
- Add @esengine/database-drivers for MongoDB/Redis connection management
- Add @esengine/database for Repository pattern with CRUD, pagination, soft delete
- Refactor @esengine/transaction MongoStorage to use shared connection
- Add comprehensive documentation in Chinese and English
- Add action(implementationType, name?, config?) for custom action executors
- Add condition(implementationType, name?, config?) for custom condition executors
- Update documentation (EN and CN) with usage examples
- Add test script to package.json
- Add RuntimeConfig module as standalone runtime environment storage
- Core.runtimeEnvironment and Scene.runtimeEnvironment now read from RuntimeConfig
- Remove require() call in Scene.ts to fix Node.js ESM compatibility
Fixes ReferenceError: require is not defined when using scene.isServer in ESM environment
- Add BehaviorTreePlugin class that only depends on @esengine/ecs-framework
- Implement IPlugin interface with install(), uninstall(), setupScene() methods
- Remove esengine/ subdirectory that incorrectly depended on engine-core
- Update package documentation with correct usage examples
Fix missing entity field in COMPONENT_ADDED event payload that caused
ECSRoom's @NetworkEntity auto-broadcast to fail with 'Cannot read
properties of undefined'
- Decoder.ts now uses GlobalComponentRegistry.getComponentType() instead of local registry
- @sync decorator uses getComponentTypeName() to get @ECSComponent decorator name
- @ECSComponent decorator updates SYNC_METADATA.typeId when defined
- Removed deprecated registerSyncComponent/autoRegisterSyncComponent functions
- Updated ComponentSync.ts in network package to use GlobalComponentRegistry
- Updated tests to use correct @ECSComponent type names
This ensures that components decorated with @ECSComponent are automatically
available for network sync decoding without any manual registration.
