Server Packages
Varion builds the supported developer server as a SINGLE package. A server developer gets a ready-to-run JavaScript developer server, not the whole source project. The full build and CDN flow is in Release model; this page is about the package contents and its boundaries.
Developer server package
tools/package-developer-server.ps1 builds varion-server.exe and lays out the package under dist/Varion-Server-Developer-MVP/ (the output must stay inside dist/). Next to it, it creates the zip Varion-Server-Developer-MVP.zip and a sha256 sidecar Varion-Server-Developer-MVP.zip.sha256 (format <hash> <filename>).
Layout:
Varion-Server-Developer-MVP/
varion-server.exe
host/varion-host.cjs # Node host
server.toml # from server.example.toml
start-varion-server.ps1
README.md # from MVP_HANDOFF.md
build-info.json
resources/
my-gamemode/ # starter resource: resource.toml, server/, client/
developer/
README.md
MVP_HANDOFF.md
server.example.toml
tools/ (resource scaffolding)
sdk/templates/js-full-resource/
sdk/Varion.Server/npm/@varion/server/
sdk/Varion.Client/npm/@varion/client/
docs/ # js/README, scripting/EVENTS_RPC, configuration/SERVER_CONFIG, configuration/RESOURCE_CONFIG (+ en/)Before packaging, the script runs node --check over the host and starter resource (server/client main.js) and calls tools/verify-platform-trust.ps1.
build-info.json
build-info.json holds the release metadata: product, engineCommit (short hash), engineDirty, protocol (11), gtaBuild (3788), runtime (server-js/client-js) and serverSha256 (hash of varion-server.exe). See Release model.
Trust boundary
verify-platform-trust.ps1 scans the package for leaks before it is zipped. The developer server package must NOT contain:
- platform/source trees at the root:
src,client,build,deps,tools,docs,docs-public,docs-site,injector,patcher,webengine,cdn,installer-payload,app-dist,dist; - secrets/config:
.env,.git,launcher.config.json,launcher.config.local.json,CLIENT_PAYLOAD.txt; - signing material:
manifest-private.pem,manifest-public.pem,manifest-public.generated.cjsand any.pfx/.pem/.key.
This keeps the package a clean JavaScript developer server with no platform, CDN or launcher internals and no signing keys.
Source Backing
This page is derived from tools/package-developer-server.ps1, tools/verify-platform-trust.ps1, and is kept consistent with Release model.