yovi_en2c

1

Functionality

The system must correctly implement Game Y rules and provide all six working AI strategies. The multiplayer mode must accurately synchronize game state between two players in real time. The admin panel must correctly enforce role-based access so that only admin users can perform privileged operations.

2

Usability

The React-based interface must be intuitive for new players. The component-based architecture supports internationalization (EN/ES), theme switching (dark/light), and responsive layout.

3

Reliability & Availability

Using Docker and Docker Compose ensures consistent deployment. The gateway, multiplayer service, and Nginx are designed to be stateless and restartable. Docker restart policies limit downtime in case of failure.

4

Modularity & Maintainability

The eight-service architecture ensures components can be developed, tested, and extended independently. The Strategy Pattern in gamey allows new AI strategies to be added without modifying existing code.

5

Security

JWT-based authentication protects user-specific operations. bcrypt hashing is used for passwords. Role claims in the JWT payload allow the gateway and frontend to enforce admin-only routes without additional service calls. The reverse proxy limits direct exposure of internal services. The gateway sanitizes and validates all path parameters.

6

Testability

The separation of concerns allows comprehensive testing: unit tests in Rust (cargo test) and Node.js (Vitest, Jest), integration tests via supertest and tower::ServiceExt, property-based tests with proptest, and end-to-end tests via Playwright. Load tests use k6.

Development Team

Ana Pérez Bango (UO294100), Adriana García Suárez (UO300042)

Implement a scalable, maintainable, and well-documented solution that fulfills all course requirements.

End Users (Human Players)

N/A

Usable, stable interface with complete gameplay, multiplayer, social features, and statistics.

Platform Administrators

Privileged users via the admin panel

Ability to manage user accounts, grant or revoke admin permissions, delete match histories, and remove accounts from the platform.

Micrati (Client)

N/A

Fulfillment of game, API, public deployment, and interoperability requirements.

Project Evaluators

Arquisoft course staff

Compliance with documentation (Arc42 + ADRs), testing, deployment, code quality (SonarCloud), and feature completeness criteria.

External Bot Developers

API users via /interop/*

Well-documented, stable, and versioned API for automated bot integration using YEN notation.

Rival Teams (Interop)

Other ASW course teams

Stable bot interoperability API that allows bot-vs-bot matches between teams following the shared YEN contract.

Frontend Technology

The web application MUST be implemented in TypeScript. React is the chosen framework.

The client requires TypeScript for type safety and maintainability.

No (TypeScript mandatory)

Game Engine Language

The game logic module MUST be implemented in Rust.

Performance and memory safety requirements for game state validation and AI strategies.

No

Communication Protocol

All communication between the webapp and game engine MUST use JSON messages following YEN notation for game states.

Standardized format specified by the client for interoperability.

No

Public Interoperability API

The system MUST expose a documented public interoperability API (botapi) that allows external bots to interact using YEN notation.

Core requirement from Micrati for third-party bot integration and cross-team competitions.

No

Real-time Multiplayer

The player-vs-player mode MUST use WebSockets (via Socket.IO) for bidirectional real-time communication.

HTTP polling is insufficient for the latency requirements of a turn-based game with live state sync.

No (WebSockets mandatory; Socket.IO library negotiable)

Deployment

The complete system MUST be publicly accessible via the Web over HTTPS.

The client needs to demonstrate the working product to evaluators and end users.

No

Containerization

All services MUST be containerized using Docker with a root-level docker-compose.yml.

Ensures consistent deployment across environments.

Partial (format flexible)

Database

User data MUST be persisted. MongoDB is the current implementation.

Data persistence is mandatory; the specific database technology is negotiable.

Yes (technology choice)

Authentication

User operations MUST be secured using JWT-based authentication with bcrypt password hashing.

Ensures secure access to user-specific data and actions. Passwords must never be stored in plain text.

No

Role-based Access Control

The system MUST support at least two roles: regular user and administrator. Role information MUST be encoded in the JWT payload so the gateway and frontend can enforce access without additional service calls.

Required for the admin panel feature. Encoding roles in the token avoids an extra round-trip on every protected request.

Partial (additional roles could be added)

Load Testing

The system MUST include a load testing suite using k6 covering at minimum registration, login, and game start scenarios.

Required to validate that the system meets the concurrent user quality goals under realistic conditions.

Partial (additional scenarios encouraged)

Game Rules

The system MUST correctly implement the rules of Game Y (classic version minimum).

Core business requirement; incorrect game rules make the product worthless.

No

Game Modes

Both player-versus-machine (PvM) and player-versus-player (PvP) modes MUST be available. The PvP mode operates in real time via WebSockets.

Primary use cases for the platform.

No

Board Size

The game MUST support variable board sizes configurable by the user (minimum size 3, no enforced maximum).

Required for different difficulty levels and game variants.

No

AI Strategies

The computer MUST implement more than one strategy, selectable by the user. Six strategies are currently implemented.

Demonstrates AI sophistication and provides varied gameplay experience.

No (minimum one strategy mandatory; more encouraged)

User Data

Users MUST be able to register and access their match history and statistics.

Basic user management requirement.

No

Admin Capabilities

Administrator users MUST be able to: view all registered accounts, grant or revoke admin permissions, delete a user’s match history, and permanently delete user accounts.

Required for platform moderation and management.

No

Documentation Standard

Architecture MUST be documented following the Arc42 template (sections 1-15, including new sections for Load Testing, API Reference, and Monitoring).

Course requirement for the ASW lab.

No

Decision Recording

Architectural decisions MUST be recorded as ADRs (Architecture Decision Records) in the GitHub wiki.

Ensures traceability and rationale documentation.

No

Version Control

Development MUST use Git with the repository hosted on GitHub (Arquisoft/yovi_en2c).

Course requirement for collaboration and evaluation.

No

Branching Strategy

A branch-based workflow MUST be followed (feature branches, pull requests, code reviews).

Ensures code quality and team coordination.

Partial

Testing Requirements

The system MUST include unit tests, integration tests, end-to-end tests, and load tests.

Quality assurance requirement from course evaluation.

No

Test Coverage

Code coverage MUST meet thresholds defined in sonar-project.properties (minimum 80%).

Quality gate for acceptance.

No

CI/CD

Automated build, test, and deployment MUST be implemented via GitHub Actions. CI/CD Pipeline wiki page

Ensures reproducible builds and deployment automation.

No

Issue Tracking

All tasks MUST be tracked using GitHub Issues.

Project management and traceability requirement.

No

Code Quality

Code quality MUST be monitored via SonarCloud. Critical issues block merges.

Required by course evaluation criteria.

No

Bot Integration

External bots can ONLY interact through the public interoperability API (botapi, exposed at /interop/*); no direct access to internal services.

Security and encapsulation requirement.

No

Interoperability Contract

The botapi MUST follow the shared cross-team interoperability contract: POST /games, GET /games/{id}, POST /games/{id}/play, and GET /play (stateless), all using YEN notation.

Enables bot-vs-bot matches between teams from different universities.

No

API Documentation

The public interoperability API MUST be documented via OpenAPI (YAML) at src/openapi/openapi.yaml.

Enables external developers to build compatible bots without reading source code.

Partial (format negotiable)

YEN Notation Compliance

Any system claiming to support Game Y MUST use YEN notation for game state representation.

Industry standard for this game family.

No

Public Accessibility

The deployed system MUST be accessible without special network configuration over HTTPS.

End users and evaluators need to access the platform easily.

No

Response Time (bot move)

Game engine must respond within 2 seconds for standard board sizes (⇐11x11).

k6 load test p(95) < 2000ms on /game/new.

Partial

Response Time (login)

Login endpoint must respond within 1.5 seconds at 50 concurrent users.

k6 load test p(95) < 1500ms on /login.

Partial

Response Time (registration)

Registration endpoint must respond within 2 seconds at 50 concurrent users.

k6 load test p(95) < 2000ms on /register.

Partial

Concurrent Users

Support at least 50 concurrent users on auth endpoints without degradation.

k6 ramping VU scenarios (register and login scripts).

Yes (scale up with resources)

Error Rate

HTTP error rate MUST remain below 5% under load test conditions.

k6 threshold http_req_failed rate < 0.05.

Partial

Availability

System must achieve 99% uptime during the evaluation period.

Monitoring via Prometheus and Grafana dashboards.

Partial

Test Coverage

Code coverage MUST remain above 80% as enforced by SonarCloud.

Automated coverage reports in CI pipeline.

No

Frontend: React + TypeScript + Vite

React’s component model enables UI reuse, i18n support, and theme switching. TypeScript is mandatory per client. Vite provides fast dev server and optimized production builds.

Technical Constraint: TypeScript; Quality: Usability, Maintainability

Vue, Angular (rejected: team familiarity)

Authentication Service: Node.js/Express + JWT + bcryptjs

Isolated JWT logic with single responsibility improves testability. bcrypt ensures passwords are never stored in plain text. JWT role claims allow stateless admin authorization.

Quality: Security, Testability; Constraint: RBAC, bcrypt

Auth inside users service (rejected: violates SRP)

User Service: Node.js/Express + Mongoose

Lightweight, integrates well with MongoDB. Handles user data, friends graph, notifications, game results, ranking, search, and admin operations in a single cohesive service.

Quality: Development speed, Testability

Python/Flask, Java/Spring (rejected: heavier)

Game Engine: Rust + Axum + Tokio

Mandated by client. Memory safety and performance for game logic and six AI strategies. Axum provides ergonomic async HTTP with type-safe extractors and shared state via Arc<YBotRegistry>.

Technical Constraint: Rust; Quality: Performance, Reliability

Actix-web (rejected: more complex); C++, Go (not allowed)

Multiplayer Service: Node.js + Socket.IO

Socket.IO provides battle-tested WebSocket abstraction with room management, reconnection, and fallback transport. Delegates game rules to Gamey via HTTP, keeping itself stateless regarding game logic.

Technical Constraint: WebSockets; Quality: Reliability, Functionality

Raw WebSocket (rejected: no room management); SSE (rejected: unidirectional)

Bot API: Node.js + Express + TypeScript

Dedicated public API in TypeScript for type safety. Supports both server mode (external bots play our bots) and client mode (our bots play rival APIs). In-memory session store is sufficient given stateless game rules.

Technical Constraint: Public Interop API; Quality: Interoperability, Testability

Rust-based (rejected: slower iteration); Python (rejected: team expertise)

Reverse Proxy: Nginx

Centralizes public access, HTTPS termination, HTTP→HTTPS redirect, and path-based routing to all four public-facing services (webapp, gateway, multiplayer, botapi).

Quality: Security, Deployability, Availability

Traefik (rejected: more complex config); no proxy (rejected: insecure)

Database: MongoDB via Mongoose

Schema flexibility for evolving user data. Aggregation pipelines support ranking and statistics. Mongoose ODM provides schema validation, virtuals, and middleware hooks.

Quality: Development speed, Deployability

PostgreSQL (rejected: schema changes slower)

Monitoring: Prometheus + Grafana

Prometheus scrapes metrics from gateway, users, and gamey. Grafana provides a pre-built dashboard with request rate, p95 latency, and error rate panels for all three services.

Quality: Observability, Availability

Datadog (rejected: paid); custom logging only (rejected: no time-series)

Load Testing: k6

k6 provides JavaScript-based load test scripts with custom metrics (Trend, Rate), threshold enforcement, and JSON result export. Three scenarios cover registration, login, and game start.

Technical Constraint: Load Testing; Quality: Performance

Locust (rejected: Python only); JMeter (rejected: XML config, heavy)

Containerization: Docker + Docker Compose

Ensures consistent environments across dev/test/prod. Required for deployment. GitHub Container Registry stores published images per service.

Technical Constraint: Containerization; Quality: Deployability

Kubernetes (overkill); manual deployment (rejected: inconsistent)

CI/CD: GitHub Actions

Integrated with repository. Automates test, build, publish to GHCR, and deploy on every release tag.

Organizational Constraint: CI/CD; Quality: Testability

Jenkins (rejected: separate infrastructure)

Strategy Pattern

Bot AI implementation in gamey

Six strategies implement YBot trait. New strategies require only a new struct — no modification to existing code.

gamey/src/bot/bot_implementations/

Registry Pattern

YBotRegistry manages bot instances

Allows dynamic bot selection by name at runtime. Used by both the game server handlers and the CLI.

gamey/src/bot/ybot_registry.rs

Gateway / Router Pattern

Nginx + gateway + botapi routing

Public traffic routes through Nginx; internal request flows are separated for web and bot clients.

nginx/, gateway/, botapi/

Middleware Pattern

JWT verification in auth service; Prometheus in gateway, users, gamey

authenticateToken middleware intercepts protected requests. express-prom-bundle and axum-prometheus intercept all requests for metrics.

authentication/auth-service.js, all services

Observer / Event Pattern

Socket.IO events in multiplayer service

Room state changes emit room_updated, game_started, game_updated, game_over, opponent_left events to all connected clients.

multiplayer/src/multiplayer-service.js

Repository Pattern

Mongoose models in users service

User, GameResult, Notification models encapsulate all data access. Tests mock at model level.

users/models/

React Context Pattern

ThemeProvider, I18nProvider in webapp

Global state (theme, language) shared across all components without prop drilling.

webapp/src/ThemeProvider.tsx, webapp/src/i18n/I18nProvider.tsx

Union-Find (Disjoint Set)

Win condition detection in game core

Tracks connected components of each player’s pieces. Checks if any component touches all three sides. Used in PlayerSet with parent, touches_side_a/b/c flags.

gamey/src/core/player_set.rs

Functionality

Rust engine with Union-Find win detection; six strategies in gamey/src/bot/; Socket.IO rooms for real-time PvP

Rust for game logic; Strategy Pattern; Socket.IO for multiplayer

Unit tests in gamey/; integration tests for bot moves; Socket.IO event tests

Usability

React SPA with responsive UI; custom i18n (EN/ES); dark/light theme; hint system

React frontend; ThemeProvider; I18nProvider; /hint endpoint backed by alfa_beta_bot

E2E tests (Playwright); language toggle tested; theme persistence tested

Modularity & Maintainability

Eight services with single responsibilities; Strategy Pattern; OpenAPI spec for botapi

Eight-service architecture; Strategy Pattern; TypeScript in botapi

Independent deployment possible; new AI strategy = new struct + registration

Reliability & Availability

Docker restart policies; stateless gateway and auth; Prometheus alerts

Containerization; stateless design; monitoring stack

docker-compose up with restart; Prometheus scraping; Grafana dashboard

Security

bcrypt hashing; JWT with role claims; input sanitization in gateway; Nginx as public perimeter

bcrypt in authentication service; RBAC in JWT; gateway path validators

Auth tests; admin route protection tests; SonarCloud security hotspot review

Testability

Separation of concerns; Vitest/Jest in Node; cargo test in Rust; Supertest for HTTP; k6 for load

Service separation; Middleware Pattern; in-memory test DBs (mongodb-memory-server)

Unit: cargo test, npm test; Integration: Supertest; E2E: Playwright; Load: k6

Interoperability

REST API with YEN notation; OpenAPI doc; client mode for rival APIs; versioned endpoints (/v1/)

Public botapi; versioned gamey endpoints; remoteInteropClient with allowlist

API tests verify YEN round-trips; cross-team integration tested during course sessions

Iterative Development (sprints)

Early validation of gameplay; adapt to feedback

Regular demos; continuous integration

Course timeline; quality goals

Kanban Board (GitHub Projects)

Visualize work; identify bottlenecks

Issues tracked; clear priorities

Organizational: issue tracking

Code Reviews via Pull Requests

Catch issues early; share knowledge

All PRs require review; standards enforced

Quality: maintainability, reliability

Definition of Done

Feature = code + tests + docs + reviewed

Ensures completeness before merge

Quality: testability, maintainability

Architecture Decision Records (ADRs)

Document why decisions were made

GitHub wiki with numbered ADRs

Organizational: documentation standard

SonarCloud Quality Gate

Automated code quality enforcement

PRs blocked if coverage drops below 80% or critical issues found

Organizational: code quality

ADR-001

Extensible game mode architecture starting with PvM; PvP added as real-time multiplayer

Implemented ✅

ADR-002

MongoDB for user data — schema flexibility, aggregation for ranking

Implemented ✅

ADR-003

Eight-service microservices architecture (updated from original three-service)

Implemented ✅ (updated)

ADR-004

Nginx as public reverse proxy with WebSocket upgrade support for Socket.IO

Implemented ✅ (updated)

ADR-005

Strategy Pattern for AI — six bot strategies as pluggable YBot implementations

Implemented ✅ (updated)

ADR-006

Dedicated authentication microservice with bcrypt and JWT role claims

Implemented ✅

ADR-007

Axum as HTTP framework for Rust game engine

Implemented ✅

ADR-008

Custom i18n in frontend — zero dependencies, EN/ES, localStorage persistence

Implemented ✅

ADR-009

Socket.IO for real-time multiplayer — dedicated service, in-memory rooms, delegates rules to Gamey

Implemented ✅

ADR-010

400ms debounce on social search — vs. throttle and search-on-submit

Implemented ✅

ADR-011

React Context for theme and i18n — vs. Redux/Zustand

Implemented ✅

ADR-012

Unambiguous alphabet for room codes — excludes O/0/I/1 to minimise transcription errors

Implemented ✅

ADR-013

express-prom-bundle with normalizePath: true — prevents metric cardinality explosion

Implemented ✅

ADR-014

Test DB isolation via _test suffix using regex — workaround for Atlas multi-host URI format

Implemented ✅

ADR-015

Express 5 in REST services, Express 4 in multiplayer — Socket.IO compatibility constraint

Implemented ✅

ADR-016

In-memory state for BotAPI and multiplayer — conscious decision vs. Redis/MongoDB

Implemented ✅

TypeScript frontend

React + TypeScript in webapp/; TypeScript also used in botapi/

Rust game engine

gamey/ service with core logic, six bot strategies, and Axum HTTP server

JSON + YEN communication

REST APIs with YEN validation in gamey/; YEN passed transparently through gateway and multiplayer

Real-time multiplayer (WebSockets)

multiplayer/ service with Socket.IO; Nginx proxies /socket.io/* with WebSocket upgrade

Public API for bots

botapi/ exposes interoperability endpoints; versioned OpenAPI spec

Docker containerization

Each service has a Dockerfile; root docker-compose.yml; images in GitHub Container Registry

User data persistence

MongoDB in users/ service via Mongoose ODM

JWT authentication + bcrypt

Dedicated authentication/ service (ADR-006); bcrypt in /createuser, comparison in /login

Role-based access control

role field in JWT payload; gateway enforces admin-only routes; admin panel in webapp

Admin capabilities

Admin endpoints in users service: list all users, update role, delete history, delete account

Multiple AI strategies

Strategy Pattern in gamey/src/bot/ — six strategies implement YBot trait

Load testing

k6 scripts in tests/load/: register.js, login.js, start_game.js

Monitoring

Prometheus scrapes gateway, users, gamey; Grafana dashboard provisioned automatically

Testing requirements

Unit, integration, E2E, property-based, and load tests across all services

CI/CD

GitHub Actions: test → build → publish to GHCR → deploy on release

Documentation (Arc42 + ADRs)

This document (sections 1-15) + ADRs 001-009 in GitHub wiki

Internationalization

Custom i18n module in webapp/src/i18n/ (EN + ES); localStorage persistence

Public HTTPS

Nginx

Browser / Bot

HTTPS

Single external entry point with TLS termination

WebSocket Upgrade

Nginx → Multiplayer

Browser

WSS (Socket.IO)

Real-time PvP game events

Auth API

Authentication

Gateway

HTTP (internal)

Register, login, verify JWT

User Data API

Users

Auth, Gateway

HTTP (internal)

User CRUD, friends, notifications, admin ops

Game API

Gamey

Gateway, Multiplayer, BotAPI

HTTP (internal)

Game logic, bot moves, win detection

Interop API

BotAPI

External Bots

HTTPS → HTTP

Public bot integration with YEN

Remote Interop

BotAPI (client)

Rival Team APIs

HTTP (outbound)

Cross-team bot-vs-bot via YEN contract

Database

MongoDB

Users

MongoDB Wire

Data persistence

Metrics

Prometheus

Gateway, Users, Gamey

HTTP (scrape)

Observability data collection

1 — Registration

New user creates account with bcrypt hashing and JWT generation

Webapp, Gateway, Auth, Users, MongoDB

Security, Functionality

2 — Login + Verify

Returning user authenticates; session verified on every page load

Webapp, Gateway, Auth, Users

Security, Usability

3 — PvM Game

Complete game loop against AI bot with result persistence

Webapp, Gateway, Gamey, Users, MongoDB

Functionality, Performance

4 — PvP Multiplayer

Real-time room creation, join, and move synchronization via Socket.IO

Webapp, Gateway, Multiplayer, Gamey

Functionality, Reliability

5 — Friend Request

User search, friend request, notification, and acceptance

Webapp, Gateway, Users, MongoDB

Functionality, Usability

6 — Admin Delete

Admin removes account with cascading data deletion and role enforcement

Webapp, Gateway, Users, MongoDB

Security, Functionality

7 — External Bot (BotAPI)

Bot creates session, plays moves, queries state via interop API

BotAPI, Gamey

Interoperability, Reliability

8 — Error Handling

Service down, opponent disconnect, token expiry, unauthorized admin access

All services

Reliability, Security, Availability

nginx

nginx:stable-alpine

80, 443 (public)

webapp, gateway, botapi, multiplayer

—

webapp

ghcr.io/arquisoft/yovi_en2c-webapp:latest

80 (internal)

gateway

VITE_API_URL=/api (build arg)

gateway

ghcr.io/arquisoft/yovi_en2c-gateway:latest

8080 (internal)

authentication, gamey, users, multiplayer

AUTH_BASE_URL, GAMEY_BASE_URL, MULTIPLAYER_BASE_URL, USERS_BASE_URL, PORT=8080

authentication

ghcr.io/arquisoft/yovi_en2c-authentication:latest

5000 (internal)

users

JWT_SECRET, JWT_EXPIRES, USERS_SERVICE_URL=http://users:3000, PORT=5000

users

ghcr.io/arquisoft/yovi_en2c-users:latest

3000 (internal)

MongoDB

MONGODB_URI, PORT=3000

gamey

ghcr.io/arquisoft/yovi_en2c-gamey:latest

4000 (internal)

—

—

multiplayer

ghcr.io/arquisoft/yovi_en2c-multiplayer:latest

7000 (internal)

gamey

GAMEY_BASE_URL=http://gamey:4000, PORT=7000

botapi

ghcr.io/arquisoft/yovi_en2c-botapi:latest

4001 (internal)

gamey

GAMEY_BASE_URL=http://gamey:4000, GAMEY_API_VERSION=v1, PORT=4001

prometheus

prom/prometheus

9090:9090

—

Config: users/monitoring/prometheus/prometheus.yml

grafana

grafana/grafana

9091:3000

prometheus

Provisioning: users/monitoring/grafana/provisioning/

Image source

Built from local source (build: ./service)

Pulled from GHCR (image: ghcr.io/arquisoft/…​)

Build args

VITE_API_URL=/api passed to webapp build

Not needed (image already built)

Volumes

Source code not mounted (clean build)

Config files mounted read-only (nginx/conf.d, nginx/certs)

Secrets

.env file at project root

Environment variables injected by CI/CD on the VM

Monitoring ports

Prometheus 9090, Grafana 9091 accessible locally

Same ports — restrict via firewall in production if needed

MongoDB

Local container or Atlas URI in .env

Atlas URI in production environment variable

Nginx Reverse Proxy

nginx

monitor-net + public

Only container with external ports (80, 443)

Webapp (React SPA)

webapp

monitor-net (internal)

Served as static files; built with Vite

API Gateway

gateway

monitor-net (internal)

Prometheus metrics at /metrics

Authentication Service

authentication

monitor-net (internal)

Stateless; no persistent storage

Users Service

users

monitor-net (internal)

Prometheus metrics; Swagger UI at /api-docs

Game Engine

gamey

monitor-net (internal)

Stateless Rust binary; Prometheus via axum-prometheus

Multiplayer Service

multiplayer

monitor-net (internal)

In-memory room state; lost on container restart

Bot API

botapi

monitor-net (internal)

In-memory session state; lost on container restart

MongoDB

External (Atlas URI)

— (external)

URI injected via MONGODB_URI env var

Prometheus

prometheus

monitor-net

Scrapes gateway, users, gamey every 15s

Grafana

grafana

monitor-net

Dashboard auto-provisioned; port 9091 external

Isolation

All containers share a single monitor-net bridge network. Only Nginx has external port bindings. Internal services are not reachable from outside the VM.

Portability

All services are containerized with multi-stage Dockerfiles (where applicable). Images are published to GHCR and pulled on the target VM — no build tools required in production.

Stateless services

Gateway, authentication, and gamey are fully stateless. Multiplayer and botapi hold in-memory state (rooms and sessions respectively) which is lost on container restart — acceptable for the current scope.

Data durability

MongoDB Atlas provides managed persistence with automatic backups. The MONGODB_URI env var is the only configuration needed; no data volume is managed by Docker Compose.

Secret management

JWT_SECRET and MONGODB_URI are stored as GitHub Secrets and injected as environment variables during the deploy step. They are never committed to the repository.

Restart policy

Docker Compose restart: unless-stopped (implicit in deploy config) ensures containers are automatically restarted after crashes or VM reboots.

Monitoring

Prometheus + Grafana are always-on in production. The "Yovi Services Overview" dashboard shows request rate, p95 latency, and error rate for gateway, users, and gamey in real time with a 30-second refresh.

SSL certificates

TLS certificates are mounted from nginx/certs/ (Let’s Encrypt format: fullchain.pem + privkey.pem). Certificate renewal is managed externally and requires an Nginx reload.

Gamey

Parses YEN via GameY::try_from(yen) to reconstruct board state; serializes via From<&GameY> for YEN; validates row count, row lengths, and cell characters

Gateway

Passes YEN through transparently — no parsing; forwards raw JSON body between webapp and Gamey

Multiplayer

Stores current YEN per room in RoomManager; sends updated YEN in all Socket.IO game events

BotAPI

Validates YEN via assertValidYen(); detects moves via detectSingleAddedMove(); applies moves via applyMoveToYen(); forwards to Gamey for rule enforcement

Webapp

Receives YEN from gateway; renders board from layout string; sends YEN in move requests

Gateway

express-prom-bundle (Node.js)

GET /metrics

Users

express-prom-bundle (Node.js)

GET /metrics

Gamey

axum-prometheus (Rust)

GET /metrics

400 Bad Request

Invalid input format or business rule violation

Passwords do not match; malformed YEN; occupied cell

401 Unauthorized

Missing or invalid JWT token

No Authorization header; expired token

403 Forbidden

Valid token but insufficient role

Regular user accessing admin endpoint

404 Not Found

Resource does not exist

Username not found; room not found; game not found

409 Conflict

Duplicate resource

Username already exists; friend request already sent

500 Internal Server Error

Unexpected server-side error

Unhandled exception in service logic

502 Bad Gateway

Internal service unreachable

Gamey container down; auth service unreachable

503 Service Unavailable

Service temporarily down

Container restarting

Unit tests

Vitest (gateway, auth, botapi), Jest (users, multiplayer), cargo test (gamey)

tests/, *.test.ts, *_test.rs

Individual functions, modules, and Mongoose models

Integration tests

Supertest (Node.js), tower::ServiceExt::oneshot (Rust)

tests/, gamey/src/game_server/

HTTP endpoints with in-memory or test databases

Property-based tests

proptest (Rust)

gamey/src/core/coord.rs

Coordinate roundtrip invariants, barycentric sum invariant

End-to-end tests

Playwright

webapp/e2e/

Complete user journeys in a real browser

Load tests

k6

tests/load/

Registration (50 VUs), login (50 VUs), game start (20 VUs)

Transport encryption

HTTPS with TLS via Nginx for all external traffic. Internal container-to-container communication uses plain HTTP on the isolated Docker bridge network.

Password hashing

bcrypt with cost factor 10 in the users service. Hashed passwords are returned only to the auth service for comparison and are never included in any public API response.

JWT signing

HS256 algorithm with a strong secret (JWT_SECRET from environment). Tokens expire after JWT_EXPIRES (default 24h). The secret is stored in GitHub Secrets and never committed.

Role enforcement

Admin role is encoded in the JWT payload. Both client-side (webapp route guard) and server-side (gateway middleware) checks are applied, so a compromised client cannot bypass authorization.

Input sanitization

The gateway validates and sanitizes all path parameters (username: alphanumeric + underscore + hyphen, max 60 chars; notification ID: MongoDB ObjectId regex; room code: uppercase alphanumeric). Invalid inputs return 400 before reaching internal services.

Authorization header sanitization

The gateway extracts Bearer tokens using a strict regex (/^Bearer\s+([A-Za-z0-9\-._~/]=*)$/) and rejects malformed headers.

Bot API host allowlist

The remoteInteropClient in botapi validates the base_url against a hardcoded set of allowed hosts before making outbound HTTP requests, preventing SSRF attacks.

x-powered-by disabled

All Node.js services call app.disable("x-powered-by") to avoid leaking the framework version in response headers.

Secrets management

JWT_SECRET and MONGODB_URI are stored as GitHub Secrets and injected as environment variables at deploy time. .env files are gitignored. SonarCloud suppression comments (// NOSONAR) are used only for translation key strings containing the word "password", not for actual credentials.

v1 (2026-01-15)

webapp, users, gamey

v2 (2026-02-24)

+ authentication, gateway

v3 (2026-03-20)

+ multiplayer, botapi, nginx

random_bot

Random valid move

—

heuristic_bot

Side connection heuristic

Easy

minimax_bot

Minimax (depth 3)

Medium

alfa_beta_bot

Minimax + alpha-beta pruning

Hard

monte_carlo_hard

Monte Carlo Tree Search

Expert

monte_carlo_extreme

MCTS (more iterations)

Extreme

ADR-001

Extensible game modes — PvM, PvP, local PvP

2026-01-15

✅

ADR-002

MongoDB + Mongoose for user data

2026-01-20

✅

ADR-003

Eight-service microservices (evolved from three)

2026-01-15

✅ updated

ADR-004

Nginx as public reverse proxy with WS upgrade

2026-01-20

✅ updated

ADR-005

Strategy Pattern for AI — six YBot implementations

2026-01-25

✅ updated

ADR-006

Dedicated authentication microservice with bcrypt

2026-02-24

✅

ADR-007

Axum as HTTP framework for Rust game engine

2026-02-01

✅

ADR-008

Custom i18n — zero dependencies, EN/ES

2026-03-01

✅

ADR-009

Socket.IO for real-time multiplayer in dedicated service

2026-03-10

✅

ADR-010

YEN as universal game state format

2026-01-20

✅

ADR-011

Role-based access control via JWT claims

2026-03-15

✅

ADR-012

Union-Find for win condition detection

2026-02-10

✅

ADR-013

Barycentric coordinate system for the game board

2026-02-10

✅

ADR-014

Express 5 for Node.js services

2026-02-15

✅

ADR-015

In-memory state for BotAPI and multiplayer sessions

2026-03-10

✅

ADR-016

Test database isolation via URI suffix _test

2026-02-20

✅

ADR-017

Vitest (ESM) + Jest (CJS) as test runners

2026-02-15

✅

ADR-018

ESM vs CommonJS module system split

2026-01-20

✅

ADR-019

express-prom-bundle for auto-instrumented metrics

2026-03-01

✅

ADR-020

React Context API for theme and i18n global state

2026-03-01

✅

ADR-021

Room code generation without ambiguous characters

2026-03-10

✅

ADR-022

400ms debounced search in social features

2026-03-18

✅

Functionality

QS-01, QS-06, QS-07, QS-14, QS-15

Correct game rules; admin ops; extensible AI; bot API compliance

Usability

QS-04, QS-05, QS-06

New user < 2min; 100% i18n coverage; admin task < 3 clicks

Reliability & Availability

QS-09, QS-10, QS-11

99% uptime; crash recovery < 30s; zero data loss

Modularity & Maintainability

QS-07, QS-08

New AI strategy = 2 changes; coverage > 80%

Security

QS-12, QS-13

100% expired tokens rejected; 100% non-admin admin routes blocked

Testability

QS-08

Coverage > 80% enforced by SonarCloud

Interoperability

QS-14, QS-15

Valid YEN always accepted; cross-team game completes

Performance

QS-01, QS-02, QS-03

p95 move < 2s; p95 login < 1.5s; 50 concurrent users

R1

TypeScript–Rust integration — Serialization bugs in the YEN format between Node.js and Rust services (e.g., field naming, null vs. undefined, integer overflow)

2 (M)

3 (H)

6

Versioned JSON interface (YEN); contract tests in BotAPI (yen.test.ts); integration tests covering full round-trips; assertValidYen() validates on every BotAPI entry point

R2

Game Y rules misunderstanding — Incorrect Union-Find win detection (e.g., off-by-one in barycentric coordinates, wrong side-touch detection)

2 (M)

3 (H)

6

Property-based tests with proptest verify coordinate invariants; unit tests cover all edge cases including corner cells, full board, and known winning configurations

R3

Multiplayer room state loss — In-memory RoomManager loses all active rooms on container restart

3 (H)

2 (M)

6

Accepted trade-off for current scope; rooms are short-lived; players can create a new room; documented in Section 8; Redis adapter is the documented upgrade path for horizontal scaling

R4

Socket.IO scalability — Multiplayer service cannot be scaled horizontally without a shared session store; a single instance becomes a bottleneck under high PvP load

2 (M)

2 (M)

4

Current deployment is single-instance; Redis Socket.IO adapter documented as future upgrade; acceptable for course evaluation scale (< 50 concurrent users)

R5

Bot API remote interop host allowlist — The hardcoded allowlist in remoteInteropClient may block valid rival team APIs or become outdated between course iterations

2 (M)

2 (M)

4

Allowlist is configurable in source; update process is documented; fallback: disable check for trusted environments via environment variable

R6

AI performance on large boards — monte_carlo_extreme can exceed the 2-second response budget on boards > 11×11 due to exponential search space growth

2 (M)

2 (M)

4

Performance budget enforced in k6 threshold; board size is user-configurable with no enforced maximum; MonteCarloBot iteration count is constructor-configurable; documented as a known limitation

R7

MongoDB Atlas dependency — External managed database; outage would take down the entire platform since users, auth, and game results all depend on it

1 (L)

3 (H)

3

Atlas provides 99.95% SLA with automatic failover; MONGODB_URI can be switched to a local instance if needed; connection errors surface immediately via service health endpoints

R8

JWT secret exposure — If JWT_SECRET is leaked, all tokens can be forged, bypassing authentication and admin authorization

1 (L)

3 (H)

3

Secret stored in GitHub Secrets only; never committed; short token lifetime (JWT_EXPIRES=24h); SonarCloud scans for accidental credential commits

R9

Nginx single point of failure — All external traffic routes through a single Nginx container; a crash takes down the entire public-facing system

1 (L)

3 (H)

3

Docker restart: unless-stopped; stateless config (no in-memory state); health check on port 80; Prometheus monitors request rate drop as indirect availability signal

R10

Scope creep — optional features delay evaluation deliverables — Social features, admin panel, and cross-team interop were added incrementally; each adds surface area for bugs and testing debt

2 (M)

2 (M)

4

MoSCoW prioritisation; Definition of Done enforced per feature; SonarCloud coverage gate prevents shipping undertested features

TD1

Multiplayer room state is in-memory only — Active PvP rooms are lost if the multiplayer container restarts. Players must create a new room after any service interruption.

Medium — poor UX during deployments or crashes; unacceptable for production at scale

Accepted for current scope. Future: Redis Socket.IO adapter for persistent room state across restarts and horizontal scaling.

TD2

BotAPI remote host allowlist is hardcoded — remoteInteropClient has a hardcoded Set of allowed hosts (localhost:4001, equipo-rival:4001, yovi.13.63.89.84.sslip.io). Adding a new rival team requires a code change and redeploy.

Low — only affects cross-team interop sessions; can be unblocked quickly

Planned: move allowlist to an environment variable (REMOTE_INTEROP_ALLOWED_HOSTS) parsed at startup.

TD3

Users service openapi.yaml is outdated — The OpenAPI spec served at /api-docs only documents /createuser. The many new endpoints (friends, notifications, ranking, search, admin, profile) are not documented in the YAML, reducing discoverability for internal consumers.

Low — internal service not consumed by external developers; Swagger UI is misleading

Planned: update openapi.yaml to cover all current endpoints before final evaluation.

TD4

No pagination on most list endpoints — GET /gameresults/:username, GET /users/:username/friends, GET /users/:username/notifications return all records without pagination. Users with large histories may experience slow responses.

Low-Medium — acceptable for current data volumes; degrades as user base grows

Planned: add ?page=&limit= query parameters to list endpoints in the users service.

TD5

Plain-text password comparison — ~~The authentication service compared passwords in plain text~~

~~High — critical security vulnerability~~

✅ Resolved (2026-03-05) — bcrypt hashing implemented in POST /createuser (cost factor 10) and bcrypt.compare() in POST /login. Passwords are never stored or transmitted in plain text.

TD6

Multiplayer game results not persisted — PvP game outcomes are not saved to MongoDB. The users service GameResult model supports gameMode: "pvp" but the multiplayer service does not call the users service on game completion. PvP wins do not appear in statistics or rankings.

Medium — users expect their multiplayer wins to count; ranking is PvM-only

Planned: multiplayer service calls POST /gameresults for both players on game_over event.

TD7

Hint system uses alfa_beta_bot regardless of selected difficulty — POST /hint always delegates to alfa_beta_bot independent of the difficulty level the user has chosen. A user playing on "Easy" (heuristic_bot) receives a Hard-level hint.

Low — hints still work and are useful; inconsistency may confuse advanced users

Planned: pass the selected bot ID as a parameter to POST /hint and use it in the hint calculation. Player Hints wiki page

register_duration p(95)

< 2000ms

High p95 indicates database pressure or auth service saturation

login_duration p(95)

< 1500ms

Login is faster than register (no bcrypt hash write); high p95 indicates auth or users service bottleneck

start_game_duration p(95)

< 3000ms

High p95 may indicate gamey is CPU-bound on bot initialisation for size 7

http_req_failed rate

< 5% (< 10% for game)

Any failures above threshold indicate service errors under load; check service logs

register_success rate

> 95%

Failures may indicate duplicate username collisions (expected ~5%) or service errors

login_success rate

> 95%

Failures indicate seed users were not created or credential mismatch

Register

register_duration

Trend

End-to-end latency of POST /register including gateway → auth → users → MongoDB

Register

register_success

Rate

Proportion of requests that returned HTTP 2xx without an error field

Login

login_duration