ORCSGirls Play Lab — Active Backlog

The single-server consolidation replaced full URLs (https://data.orcsgirls.org/api/...) with relative paths (/api/...). This is correct for production but breaks local development — running the static frontend on localhost:8000 makes fetch('/api/...') hit localhost:8000/api/... which 404s.

Fix: introduce /api-base.js at the repo root that sets window.API_BASE based on hostname detection.

// /api-base.js
window.API_BASE = (function () {
    var h = location.hostname;
    return (h === 'localhost' || h === '127.0.0.1' || h === '' || h.endsWith('.local'))
        ? 'https://play.orcsgirls.org'
        : '';
}());

Production hostname → empty string (relative paths preserved, no behaviour change). Localhost / 127.0.0.1 / .local → full URL to live API.

Then each fetch('/api/...') becomes fetch(API_BASE + '/api/...'). Touch points (about 10 files):

• access.js
• admin/_admin-common.js (in apiGet / apiPost helpers)
• admin/submissions.html
• quiz/index.html
• quiz/host.html
• quiz/js/quiz-client.js
• web/showcase.html
• web/editor.html
• web/js/unicode-names.js
• science/js/Fourdem.js

Add <script src="/api-base.js"></script> in <head> of every page that makes API calls — load it next to theme-init.js for consistency.

PHP side: no changes needed. api/_db.php already includes http://localhost, http://localhost:80, http://localhost:8000, and http://127.0.0.1 in its CORS allowlist (lines 18–24). The previous CORS audit during single-server consolidation kept these in deliberately.

Note: this work will eventually fold into the planned shared/api.js module (Code Reuse Step 4 in CLAUDE.md). The minimal api-base.js version is a faster path to unblock local dev now; the full module can absorb it cleanly when that refactor happens.

Current scoring: 500 + round(500 × time_remaining / time_limit). Two natural extensions:

• Answer-order bonus: first player to answer correctly gets a small additional bonus (e.g. +100 for 1st, +75 for 2nd, +50 for 3rd). Order is determinable from quiz_responses.answered_at — no schema change needed, just a COUNT(*) of prior correct responses at submit time in answer.php.
• Streak multiplier: consecutive correct answers multiply the score (1× → 1.5× → 2×, reset on wrong). Requires a streak column on quiz_players (or computed per-player from quiz_responses at answer time). Rewards consistency; good as an opt-in mode since it changes the feel of the game significantly.

• True / False: two-option variant — special two-button layout on mobile (large ✓ and ✗). Store as normal 2-answer question, just add a question_type flag for the display layer.
• Image answers: answers are images rather than text. Useful for "which circuit is correct?" or "which graph matches the data?". Requires storing image_data on quiz_answers (not just quiz_questions).
• Ordering / ranking: students drag answers into the correct sequence. More complex client-side interaction but high educational value for sequences, timelines, algorithm steps. Would need a new response schema (ordered list rather than single answer_id).
• Short free-text entry: student types a word or number; teacher marks correct answers as an exact-match or case-insensitive list. Useful for "what year did X happen?" or "type the output of this code snippet". No multiple-choice overhead, but requires manual or automated marking.

The crop modal canvas is a natural foundation for lightweight annotation. After cropping, teacher could switch to an "annotate" mode to add:

• Coloured arrows or circles to highlight specific parts of a diagram
• Text labels (e.g. "what does this component do?")
• A question mark overlay on a specific region to draw attention

Annotations would be rendered onto the canvas and baked into the JPEG at confirm time — no additional storage schema needed. The canvas-based architecture already supports this; it's purely a UI addition to the crop modal.

• Per-student breakdown: after a session, show each player's answer to each question (correct/wrong, time taken). Currently only aggregate answer counts are shown on the reveal screen. All data exists in quiz_responses — it's a display feature.
• CSV export: download session results as a spreadsheet (player, question, answer, correct, points, time). Useful for grading or class analysis. One PHP endpoint + a download button in the admin quiz list.
• Cross-session tracking: identify which questions are consistently answered incorrectly across multiple runs of the same quiz. Useful for identifying topics that need re-teaching. Requires aggregating quiz_responses across sessions by question_id.

• Quiz import from CSV/JSON: teacher prepares questions in a spreadsheet, uploads to populate the quiz builder. Reduces manual data entry for large question sets.
• Question bank / copy between quizzes: a teacher-library of reusable questions. Drag or select individual questions from any existing quiz into the current editor.
• Self-paced / practice mode: student joins a quiz without a teacher running it live. They work through questions at their own pace and see results immediately after each answer. Would require a separate session type with no host advance step.
• Celebration screen: on the final done screen, show a brief confetti animation or podium (1st/2nd/3rd on a visual podium) before the full leaderboard. High motivation value for a classroom setting.

• Wire labels: click a wire to give it a name displayed mid-wire — useful for tracing signal paths in complex circuits.
• Export / import: serialise the circuit to JSON; allow dragging a JSON file onto the canvas to load it — enables teachers to share starter circuits.
• Additional gate types: NAND, NOR, XNOR.
• Challenge 5 — SR Latch: two NOR gates with cross-coupled feedback; introduces memory and state. Requires NOR gate and handling stable-state feedback in the evaluator.

Layout consistency

Two layout patterns exist. Pages still needing migration to the sidebar (.tool-split) pattern: data/terminal.html, data/plotter.html, cyber/logic-gates.html. Leave as-is: cyber/binary.html (intentional full-screen), fun/dice.html (acceptable for simplicity).

Reusable code candidates

• Nav boilerplate: all pages repeat ~12 identical header lines. A nav.js injection would reduce maintenance surface.
• Toolbar/sidebar CSS: .toolbar-purple, .toolbar-btn, .ctrl-label, .ctrl-sel etc. duplicated across 5+ tools — consolidate into style.css.
• Admin common JS: already extracted to _admin-common.js — good model to follow for future admin pages.

JS extraction (when touching these files)

• cyber/binary.html (~625 lines) → cyber/js/binary.js
• cyber/logic-gates.html (~820 lines) → cyber/js/logic-gates.js
• fun/button-maker.html (~820 lines) → fun/js/button-maker.js
• fun/element-name.html (~760 lines) → fun/js/element-name.js

• Multiple designs per sheet: mix different button designs on one print sheet.
• Border/outline ring: decorative coloured ring inside the button edge — common on name badges.

Standalone companion to the existing Password Strength Checker. Visual timeline of crack times at multiple attack speeds; adjustable inputs (length, character pool, entropy bits). Link from cyber/password.html.

• Verify iOS file-picker branch on current Safari
• Show Retry button when camera permission is denied
• Spectrum annotation: "Low frequency (shapes)" / "High frequency (edges)" overlay
• Dedicated download button (currently buried in status bar)

• Create fun/stamps/ with paired red/cyan PNGs + manifest.json; loadStamps() fetches manifest — no base64 in source.
• Test coordinate accuracy on iOS, Android and trackpads.

• Vertical separators (portrait canvas mode)
• Two-colour mode (alternate dot colours by index)
• Mirrored symmetry toggle
• Preset library dropdown
• Multi-row stacked separators (honeycomb/brick pattern)
• Responsive CSS export (tiling segment with background-repeat:repeat-x)
• Live URL hash for shareable parameter links
• Randomise button

• Auto-refresh so the showcase updates live during a class
• Allow students to update their own submission (one-time secret code returned at submit time)

Migrate existing Particle IoT tools into the site. Suggested location: new iot/ section with hub page + nav item. Owner will provide files when ready.