diff --git a/index.js b/index.js
index 8b93e7e..ce914ea 100644
--- a/index.js
+++ b/index.js
@@ -1 +1 @@
-module.exports = require('./lib')
\ No newline at end of file
+module.exports = require('./lib')
diff --git a/lib/backend/api/index.js b/lib/backend/api/index.js
index 057e9bf..5d4ee86 100644
--- a/lib/backend/api/index.js
+++ b/lib/backend/api/index.js
@@ -1,42 +1,41 @@
+const path = require('path')
 const express = require('express')
 const bodyParser = require('body-parser')
 const jsonResponse = require('q-json-response')
 const auth = require(path.join(path.dirname(require.main.filename), '../lib/game/api/auth'))
 
 module.exports = function (config) {
-  const env = config.common.storage.env
+  const { common } = config
+  const { db, env } = common.storage
   const router = new express.Router()
-  config.on('expressPreConfig', (app) => app.use('/api', authlib.router))
+  config.on('expressPreConfig', (app) => app.use('/api', auth.router))
   router.use(bodyParser.json())
   router.post('/add-object-intent', auth.tokenAuth, jsonResponse((request) => {
     return checkGame(request)
       .then(() => {
-        if (request.body.name == 'activateSafeMode') {
+        if (request.body.name === 'activateSafeMode') {
           return common.getGametime()
             .then(gameTime => db['rooms.objects'].count({$and: [{type: 'controller'}, {user: '' + request.user._id}, {safeMode: {$gt: gameTime}}]}))
-            .then(count => count > 0 ? q.reject('safe mode active already') : undefined)
+            .then(count => count > 0 ? Promise.reject(new Error('safe mode active already')) : undefined)
         }
       })
-      .then(() => env.hmset(env.keys.ROOM_INTENTS + request.body.room, request.user._id.toString() + '.manual', JSON.stringify({ [request.body._id]: { [request.body.name]: request.body.intent }})))
-      .then(() => db.rooms.update({ _id: request.body.room }, { $set: { active: true }}))
-      .then(() => ({}))
-      .then(() => db['rooms.intents'].update({
-        room: request.body.room
-      }, {
-        $merge: {
-          users: {
-            [request.user._id.toString()]: {
-              objectsManual: {
-                [request.body._id]: {
-                  [request.body.name]: request.body.intent
-                }
-              }
-            }
+      .then(() => env.hmset(env.keys.ROOM_INTENTS + request.body.room, request.user._id.toString() + '.manual', JSON.stringify({[request.body._id]: { [request.body.name]: request.body.intent }})))
+      .then(() => db.rooms.update({ _id: request.body.room }, {$set: { active: true }}))
+  }))
+
+  function checkGame (req) {
+    return db.rooms.findOne({ _id: req.body.room })
+      .then((room) => {
+        if (!room) {
+          return Promise.reject(new Error('invalid room'))
+        }
+        if (/^(W|E)/.test(req.body.room)) {
+          if (room.status === 'out of borders' || (room.openTime && room.openTime > Date.now())) {
+            return Promise.reject(new Error('out of borders'))
           }
+          return true
         }
-      }, {
-        upsert: true
-      }))
-      .then(() => db.rooms.update({ _id: request.body.room }, { $set: { active: true }}))
-  }))
+        return Promise.reject(new Error('not supported'))
+      })
+  }
 }
diff --git a/lib/backend/index.js b/lib/backend/index.js
index b799b07..8772abc 100644
--- a/lib/backend/index.js
+++ b/lib/backend/index.js
@@ -1,8 +1,3 @@
 module.exports = function (config) {
   require('api')(config)
-  config.cli.on('cliSandbox', function (sandbox) {
-    sandbox.example = function () {
-      return 'Example Response'
-    }
-  })
 }