Four sites where Pixi v8's stricter typing tripped tsgo:
- AvatarImage: container.filters is typed as 'readonly Filter[] | null'
in v8 (no longer a single-Filter union). The old fallback branch
'else container.filters = [container.filters, …]' tried to treat a
readonly array as a single Filter; collapsed to the array-spread
path which now covers both undefined and non-empty cases. Added
Filter to the pixi.js import.
- FurnitureBadgeDisplayVisualization.updateSprite() had a 4-arg
override (sprite, asset, scale, layerId) of the parent's 2-arg
signature (scale, layerId). The sprite/asset were never used from
the parameters — the body only mutated 'sprite'. Refactored to
fetch the sprite via this.getSprite(layerId) inside the override
body so the signature matches the base.
- ExtendedSprite: 'renderer.gl' / 'glRenderTarget.resolveTargetFramebuffer'
exist only on WebGLRenderer / GlRenderTarget (not the WebGPU
variants). The runtime check 'renderer.type === RendererType.WEBGL'
guarantees this; cast at the boundary to satisfy the typechecker.
- TextureUtils.generateImage: Pixi v8's Extractor.image() returns the
union ImageLike (HTMLCanvasElement | HTMLImageElement); the public
signature promises HTMLImageElement. Cast at return — the Pixi
default backend returns HTMLImageElement here.
Each workspace package was still pinning `typescript: ~5.5.x` or
`~5.8.2` in its own devDependencies even though the root bumped to 6.0.3
in 60b1143. The pins were dead (yarn 1 hoists from root) but they're
misleading when reading a single package.json. Bring them all to
`^6.0.3` to match the root.
Other:
- @thumbmarkjs/thumbmarkjs 1.8.1 → 1.9.0 (root + communication package)
- yarn.lock regenerated from a clean install (vitest 4 hoisting was
flaking on the patch vite bump; reverted vite to ^8.0.10)
Adds CLAUDE.md at the repo root: short project context for future
sessions — stack, the 12-workspace layout, the React-friendly v2.1.0
additions (`subscribe()`, `subscribeMessage()`, snapshot getters), build
scripts, and known gotchas (`SessionDataManager.getUserData` does NOT
exist; sendChat* expects 3 args; dispatchEvent is sync).
RenderTexture leak in IsometricImageFurniVisualization, every direction change or thumbnail update leaked a GPU RenderTexture.
Image object leak in FurnitureDynamicThumbnailVisualization, now clears callbacks and src after use.
Image object leak in FurnitureBadgeDisplayVisualization, image objects never cleaned up
- parse extra room snapshot data such as hotel time, room item limit and group context
- expose richer furni metadata including flags, dimensions and teleport targets
- expose richer user metadata including room-entry fields and ids needed by inspection tools
- keep session and room engine models aligned with the new wired monitor/inspection flow
Add onTilemapChange callback that fires after every renderTiles() call,
enabling the UI layer to react to tilemap mutations in real-time.
Co-Authored-By: medievalshell <medievalshell@users.noreply.github.com>
- add ClickUserMessageComposer and outgoing header wiring\n- send the user click packet from RoomObjectEventHandler for avatar single clicks\n- support wf_trg_click_user in the linked Nitro UI/emulator flow
- Validate data URL format (must start with data:image/png)
- Validate PNG magic bytes on binary data before sending
- Enforce 2MB size limit matching server
- Add try/catch around atob() to handle invalid base64 gracefully
- Fix XSS vulnerability in editor download: replace unsafe window.open()+document.write()
with safe anchor-based download that also validates data URL scheme
- add ClickUserMessageComposer and outgoing header wiring\n- send the user click packet from RoomObjectEventHandler for avatar single clicks\n- support wf_trg_click_user in the linked Nitro UI/emulator flow
simoleo89