Skip to content

Server Packages

Varion builds the supported developer server as a SINGLE package. A server developer gets a ready-to-run JavaScript developer server, not the whole source project. The full build and CDN flow is in Release model; this page is about the package contents and its boundaries.

Developer server package

tools/package-developer-server.ps1 builds varion-server.exe and lays out the package under dist/Varion-Server-Developer-MVP/ (the output must stay inside dist/). Next to it, it creates the zip Varion-Server-Developer-MVP.zip and a sha256 sidecar Varion-Server-Developer-MVP.zip.sha256 (format <hash> <filename>).

Layout:

text
Varion-Server-Developer-MVP/
  varion-server.exe
  host/varion-host.cjs           # Node host
  server.toml                    # from server.example.toml
  start-varion-server.ps1
  README.md                      # from MVP_HANDOFF.md
  build-info.json
  resources/
    my-gamemode/                 # starter resource: resource.toml, server/, client/
  developer/
    README.md
    MVP_HANDOFF.md
    server.example.toml
    tools/ (resource scaffolding)
    sdk/templates/js-full-resource/
    sdk/Varion.Server/npm/@varion/server/
    sdk/Varion.Client/npm/@varion/client/
    docs/                        # js/README, scripting/EVENTS_RPC, configuration/SERVER_CONFIG, configuration/RESOURCE_CONFIG (+ en/)

Before packaging, the script runs node --check over the host and starter resource (server/client main.js) and calls tools/verify-platform-trust.ps1.

build-info.json

build-info.json holds the release metadata: product, engineCommit (short hash), engineDirty, protocol (11), gtaBuild (3788), runtime (server-js/client-js) and serverSha256 (hash of varion-server.exe). See Release model.

Trust boundary

verify-platform-trust.ps1 scans the package for leaks before it is zipped. The developer server package must NOT contain:

  • platform/source trees at the root: src, client, build, deps, tools, docs, docs-public, docs-site, injector, patcher, webengine, cdn, installer-payload, app-dist, dist;
  • secrets/config: .env, .git, launcher.config.json, launcher.config.local.json, CLIENT_PAYLOAD.txt;
  • signing material: manifest-private.pem, manifest-public.pem, manifest-public.generated.cjs and any .pfx / .pem / .key.

This keeps the package a clean JavaScript developer server with no platform, CDN or launcher internals and no signing keys.

Source Backing

This page is derived from tools/package-developer-server.ps1, tools/verify-platform-trust.ps1, and is kept consistent with Release model.

Varion Multiplayer Platform