Slop Farmslopfarm
GamesRanksCreateHow
Sign inJoin free
Slop Farmslopfarm

Small AI games in the browser. Play free, or share one you made.

Play

  • Games
  • Leaderboard
  • How it works

Create

  • Upload a game
  • CLI publish
  • My farm
  • Join free

Legal

  • Terms
  • Privacy
play free · share freeSlop Farm

cli

Publish with the Slop Farm CLI

Zero-dependency Node CLI for terminals and coding agents. Build only what you declare, upload only what changed, and submit an immutable release for human review.

npm: slopfarmQuick startCommands

01

Quick start

Requires Node 20+. No global install needed — use npx every time, or npm i -g slopfarm.

npx -y slopfarm@latest login
npx -y slopfarm@latest init
npx -y slopfarm@latest validate --json
npx -y slopfarm@latest publish --yes --json
  1. login — opens a browser approval page with a short code. The publish secret is stored locally; only a hash is saved on the server.
  2. init — writes slopfarm.json (safe to commit). Detects a build command and output folder when it can.
  3. validate — runs the declared build and checks the static export (entry HTML, size limits, relative assets).
  4. publish — creates or updates the project, uploads changed files, verifies storage, and queues the release for moderation.

02

Coding agents & CI

Agents should always pass --yes and --json. Progress messages go to stderr; one result object goes to stdout.

agent prompt

Paste into Cursor, Claude Code, Codex, or Grok

Publish this static browser game to Slop Farm.

Requirements:
- Node 20+ available
- Use the official CLI only: npx -y slopfarm@latest
- Never print, log, or commit SLOPFARM_TOKEN
- Do not invent a GitHub sourceUrl unless I give one explicitly

Steps:
1. If slopfarm.json is missing: npx -y slopfarm@latest init --yes
2. Ensure build.command and build.output match this project (only the declared build runs)
3. Validate: npx -y slopfarm@latest validate --json
4. When I say publish: npx -y slopfarm@latest publish --yes --json
5. Report status/game URL from JSON stdout; progress goes to stderr

Auth:
- Interactive: slopfarm login (browser approval code)
- CI/headless: export SLOPFARM_TOKEN after one interactive login

My project notes:
[PASTE PATH, BUILD COMMAND, AND ENTRY FILE HERE]

Interactive login

Run slopfarm login once on a machine with a browser. Approve the code at /cli/authorize.

Headless / CI

After one login, export the secret as SLOPFARM_TOKEN. Never print it, commit it, or paste it into chat logs.

03

slopfarm.json

The committed contract between your repo and Slop Farm. The CLI only runs build.command and only ships files under build.output.

{
  "$schema": "https://slopfarm.games/schemas/project.json",
  "projectId": null,
  "title": "Block Buster",
  "description": "Break bricks. Don't miss.",
  "category": "Arcade",
  "tags": ["arcade", "casual"],
  "madeWith": ["Codex"],
  "sourceUrl": null,
  "build": {
    "command": "npm run build",
    "output": "dist"
  },
  "entry": "index.html"
}
  • projectId

    Stable game id. Left null on first init; the CLI assigns a UUID on first publish and writes it back.

  • title / description / category / tags / madeWith

    Catalog metadata shown on the game page after approval.

  • sourceUrl

    Optional public GitHub URL only. The CLI never invents or publishes a Git remote.

  • build.command

    Exact shell command the CLI runs. Empty string means “already built”; use --no-build to skip.

  • build.output

    Relative folder that contains the playable static build (must stay inside the project).

  • entry

    Start HTML file inside the output folder (usually index.html).

Full schema: /schemas/project.json

04

Commands

CommandWhat it does
login

npx -y slopfarm@latest login

Authorize this machine with a short browser approval code.
logoutRemove the saved credential from this machine.
whoamiShow the authenticated creator account.
init

npx -y slopfarm@latest init --yes

Create a commit-safe slopfarm.json for the current project.
validate

npx -y slopfarm@latest validate --json

Run the declared build (unless --no-build) and validate the output folder.
previewPreview the build in the production iframe sandbox.
publish

npx -y slopfarm@latest publish --yes --json

Build, validate, upload changed files, verify objects, and submit an immutable release for moderation.
statusShow project and moderation status for the manifest projectId.
releasesList immutable releases for the project.
rollback <id>Restore a previously approved release as the live build.
openOpen the game page in your browser.

05

Flags & environment

Flags

  • --yes

    Never prompt (required for agents and CI).

  • --json

    Emit one stable JSON result on stdout; progress goes to stderr.

  • --dry-run

    Validate without creating a release or uploading files.

  • --no-build

    Skip build.command and validate existing build.output.

  • --headless

    Do not open a browser (login/preview/open).

  • --agent

    With init, also write SLOPFARM_AGENT.md publishing notes.

Environment

  • SLOPFARM_TOKEN

    Bearer publish secret for CI or headless agents. Never commit it.

  • SLOPFARM_API_URL

    Override API origin for local development (defaults to production).

06

What publish actually does

  1. 1Runs only the build command from slopfarm.json (unless --no-build).
  2. 2Validates the output folder: entry HTML, file count, total size, and relative asset references.
  3. 3Creates or resolves the stable projectId, then opens an immutable release.
  4. 4Uploads changed files and reuses unchanged objects from the currently approved release when possible.
  5. 5Server verifies every object, marks the release ready, and puts it in the moderation queue. Your live approved build stays playable until a moderator promotes the new one.

Prefer the browser ZIP flow? Use Upload. Both paths hit the same /api/v1 release pipeline.

install

npx -y slopfarm@latest

Package name slopfarm on npm. Node 20+. No runtime dependencies.

View on npmJump to quick start

references

  • Project schema
  • Publishing API (OpenAPI)
  • How Slop Farm works
  • Browser ZIP upload
  • My farm · revoke CLI tokens

security

  • Tokens are hashed at rest — the secret is only on your machine or CI secret store.
  • Revoke any device from My farm → Publishing CLIs.
  • Upload paths are traversal-safe; total size and file count are capped.
  • Game code runs on a separate origin inside a sandboxed iframe.