Server Developer Portal
This page describes the public Varion surface for game server developers: what the runtime archive contains, where resources live, which APIs are stable and which platform internals are not part of the SDK.
Runtime Archive
The developer package is built by tools/package-developer-server.ps1 into dist/Varion-Server-Developer-MVP/ and zipped to Varion-Server-Developer-MVP.zip (with a Varion-Server-Developer-MVP.zip.sha256 checksum alongside). Its root layout is:
varion-server.exe
server.toml
start-varion-server.ps1
build-info.json
README.md
host/varion-host.cjs
resources/
developer/build-info.json describes the build: product, engineCommit, engineDirty, protocol (11), gtaBuild (3788), runtime, serverSha256. host/varion-host.cjs is the JavaScript server host. developer/ holds the SDK surface (developer/sdk/...), bundled docs (developer/docs/) and tools.
This is enough to start the dedicated server and build resources. The package targets the supported JavaScript runtime; it does not contain platform source trees, launcher internals, client bootstrap/injection internals, private CDN config, signing keys, smoke-test resources, project-specific gamemodes or local build scripts.
First Run
cd C:\Servers\my-server
.\varion-server.exeThe server reads server.toml from the current directory.
First Resource
Create a resource folder:
resources/
mymode/
resource.toml
server/
main.jsMinimal resources/mymode/resource.toml:
enabled = true
type = "js"
main = "server/main.js"
client-type = "none"Register the resource in server.toml. The JavaScript host starts automatically for any type = "js" resource — modules = ["js-module"] is not required; the modules array is only for native server modules:
resources = [ "mymode" ]
modules = []Public Surface
| Surface | Contract |
|---|---|
server.toml | Server name, ports, resources, modules, masterlist settings |
resource.toml | Resource type, entry points, client files, dependencies, config |
resources/ | Game logic, client scripts, assets and streamed files |
host/varion-host.cjs | JavaScript server host runtime |
developer/sdk/Varion.Server/npm/@varion/server | Server JS typings and helpers |
developer/sdk/Varion.Client/npm/@varion/client | Client JS package and generated typings |
developer/sdk/templates/js-full-resource | Full JS resource starter |
developer/docs/ | Bundled documentation |
build-info.json | Build metadata (protocol, gtaBuild, engineCommit, serverSha256) |
The C#/Go SDKs and native C++ module headers (include/) are not part of the JS MVP package — they are a preview surface (see the API map below).
Core docs:
- GETTING_STARTED.md
- SERVER_PACKAGES.md
- general/RESOURCES.md
- SERVER_SCRIPTING.md
- CLIENT_JS_API.md
- MODULE_SDK.md
- MASTERLIST.md
API Map
The current server binary executes only JavaScript resources server-side (the Node host starts automatically). The C# and Go SDKs ship in the kit as a preview surface, but varion-server.exe does not load them yet. Native C++ modules are loaded by CModuleLoader from modules/.
| Language | Server | Client | Notes |
|---|---|---|---|
| JavaScript | type = "js" via Varion Node host — working server runtime | client-type = "js" | Node host auto-starts; global varion object in scripts |
| C# | type = "csharp" via Varion.SDK — preview | client-type = "csharp" via the .NET client host (additive) | Server binary only executes js resources so far |
| Go | type = "go" via sdk/varion-go — preview | None | C ABI contract include/varion_go_host.h; server binary does not load go resources yet |
| C++ | Native modules in modules/ | No public client module SDK | Loaded by CModuleLoader; see include/varion_module_sdk.h |
Trust Model
Varion treats the client as untrusted. Gameplay, economy, resource manifests, masterlist identity and production trust decisions must be enforced server-side or by the official backend.
For production listing:
serverId = "srv_..."
serverLicenseTokenFile = "data/server-license.txt"
requireServerLicense = trueThe masterlist backend verifies the server proof. The launcher/client can display trusted state, but the client is not the authority.
Secret files are ignored by the runtime .gitignore, including:
data/masterlist-token.txtdata/server-license.txt- local
.envfiles - logs, stream cache and local DB files
Safe templates such as .env.example are allowed.