E2E Test Coverage Plan — Evospin Workspace¶

Date: April 2026
Scope: Three repos (ebit-api, ebit-fe, ebit-admin-fe)
Status: Initial inventory of user-visible flows for QA sprint planning

Overview¶

Evospin is a real-money sports betting and casino platform. The platform has: - dropbet player site (Next.js 14 on :3000) - admin panel (Vite + React 19 SPA on :5173 host / :3003 compose) - REST API (NestJS :4000) with 5 microapps - Real-time gateway (socket.io :4001) - Game servers (blackjack, speed-roulette)

Dependencies in place: Postgres, Redis (2 instances), RabbitMQ (stub), BullMQ queues for async jobs.

Excluded Flows¶

The following are explicitly out of scope for initial E2E tests: - Real crypto/blockchain deposits (skindeck wallet integration) - On-chain withdrawals or external wallet APIs - Fast Track CRM (stubbed; see CLAUDE.md) - Real payment gateway (Stripe/PSP) flows - 3rd-party OAuth (Google/Facebook sign-in) - Sentry/Doppler admin dashboards

Full Inventory¶

A. Authentication & Account Management¶

Aspect	Detail
Name	User Registration
Surface	Dropbet (web form)
Entry Points	`ebit-api/apps/api/src/auth/auth.controller.ts:signUp()` POST `/auth/sign-up`; `ebit-fe/src/app/[locale]/` (auth modal)
Dependencies	Postgres, Redis (session storage)
Crypto/External Check	None — pure local email/password with Postgres persistence
Test Feasibility	Easy — REST POST, seedable via admin debug endpoint
E2E Priority	High (core flow, already documented per brief)
Notes	Already has E2E + doc per brief; sign-up form includes reCAPTCHA throttle

Aspect	Detail
Name	User Login / JWT Issue
Surface	Dropbet (web form)
Entry Points	`ebit-api/apps/api/src/auth/auth.controller.ts:signIn()` POST `/auth/sign-in`; `ebit-fe` login modal
Dependencies	Postgres, Redis
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	High (core flow, already documented)
Notes	Returns JWT + refresh token; session queued to BullMQ for async updates

A3: Password Reset¶

Aspect	Detail
Name	Forgot Password + Reset
Surface	Dropbet (email link workflow)
Entry Points	`ebit-api/apps/api/src/user/user.controller.ts:forgotPassword()` POST `/user/forgot-password`; `ebit-api/.../resetPassword()` POST `/user/reset-password`
Dependencies	Postgres, email (debug-friendly in local)
Crypto/External Check	None — email sending is mocked in local
Test Feasibility	Medium — requires email mock capture or direct token generation
E2E Priority	Medium (common user flow)
Notes	Sends reset token via email; token validation is time-bound

A4: Email Verification¶

Aspect	Detail
Name	Email Verification (Post-Sign-Up)
Surface	Dropbet (email confirmation link)
Entry Points	`ebit-api/apps/api/src/user/user.controller.ts:resendVerificationEmail()` GET `/user/request-email-verification`; POST `/user/verify-email`
Dependencies	Postgres, email mock
Crypto/External Check	None
Test Feasibility	Medium — requires email token capture
E2E Priority	Medium (common compliance flow)
Notes	Required for KYC; resend available

A5: Change Password (Authenticated)¶

Aspect	Detail
Name	Change Password (Settings)
Surface	Dropbet settings page
Entry Points	`ebit-api/apps/api/src/user/user.controller.ts:changePassword()` POST `/user/change-password`
Dependencies	Postgres, JWT guard
Crypto/External Check	None
Test Feasibility	Easy — requires current password, new password
E2E Priority	Medium
Notes	Re-auth required; throttled

A6: 2FA Setup & Verification¶

Aspect	Detail
Name	Two-Factor Authentication (TOTP)
Surface	Dropbet settings page
Entry Points	`ebit-api/.../user.controller.ts:setupMfa()` POST `/user/setup-mfa`; `verifyMfa()` POST `/user/verify-mfa`
Dependencies	Postgres, time-based OTP (TOTP library)
Crypto/External Check	None — TOTP is local
Test Feasibility	Medium — requires TOTP secret + time-sync simulation
E2E Priority	Medium (security feature)
Notes	Seed includes 2FA admin user fixture for testing

Aspect	Detail
Name	Admin Panel Sign-In
Surface	Admin panel (ebit-admin-fe Vite SPA on :5173 / :3003)
Entry Points	Same `/auth/sign-in` but with admin role check; admin-fe UI under `src/routes/` (TanStack Router)
Dependencies	Postgres, JWT, admin role in user record
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	High (already documented per brief)
Notes	Already has E2E + doc

B. User Account & Profile¶

B1: View & Edit Profile (Account Settings)¶

Aspect	Detail
Name	Profile / Account Settings
Surface	Dropbet `/settings/account`
Entry Points	`ebit-api/.../user.controller.ts:getProfile()` GET `/user/me`; PATCH `/user/me`
Dependencies	Postgres, JWT
Crypto/External Check	None
Test Feasibility	Easy — seedable user, PATCH with profile DTO
E2E Priority	Medium
Notes	Editable fields: display name, phone, date of birth, address (for KYC)

B2: User Balance & Wallet¶

Aspect	Detail
Name	View Balance / Internal Wallet
Surface	Dropbet (sidebar, dashboard)
Entry Points	`ebit-api/.../accounting.controller.ts:getBalances()` GET `/accounting/balances`
Dependencies	Postgres (user_balance table), Redis (optional cache)
Crypto/External Check	None — internal virtual balance only
Test Feasibility	Easy — seeded with test balance
E2E Priority	High (central to all gameplay)
Notes	Supports multi-currency; vault separation available

B3: Vault Transfer (Balance to Vault)¶

Aspect	Detail
Name	Move Balance to/from Vault
Surface	Dropbet balance management UI
Entry Points	`ebit-api/.../accounting.controller.ts:toVault()` POST `/accounting/to-vault`; `fromVault()` POST `/accounting/from-vault`
Dependencies	Postgres, atomic transaction
Crypto/External Check	None
Test Feasibility	Easy — pure DB transaction
E2E Priority	Medium
Notes	Atomic; balance immediately reflected

B4: Account Restrictions (Self-Exclusion, Deposit Limits)¶

Aspect	Detail
Name	Set Deposit/Loss Limits, Self-Exclude
Surface	Dropbet `/settings/restrictions`
Entry Points	`ebit-api/.../users-limits.controller.ts:createLimit()` POST `/users-limits`; GET `/users-limits`
Dependencies	Postgres (user_limit table)
Crypto/External Check	None
Test Feasibility	Easy — upsert with time-based logic
E2E Priority	Medium (compliance feature)
Notes	Time-bound; system enforces at deposit/withdrawal

C. Betting (Sports)¶

C1: Place Sports Bet¶

Aspect	Detail
Name	Place Sports Bet (Single or Combo)
Surface	Dropbet sportsbook UI
Entry Points	`ebit-api/.../sportsbook.controller.ts:placeBet()` (if present) or REST POST; actual implementation may be in BullMQ queue producer at `ebit-api/apps/api/src/bet/queue/`
Dependencies	Postgres, Redis (bet queue), odds feed (simulated/stubbed)
Crypto/External Check	Depends on odds provider — if real-time feed required, may be external. Verify if seedable fixtures exist.
Test Feasibility	Medium — requires valid game/match/selection seeds; BullMQ job processing
E2E Priority	High (core product)
Notes	Bet created, queued for settlement; can test with seeded matches or mock odds endpoint

C2: View Bet History¶

Aspect	Detail
Name	Bet History / My Bets
Surface	Dropbet `/settings/bets`
Entry Points	`ebit-api/apps/api/src/bet/bet.controller.ts:findMany()` GET `/bets` (paginated)
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy — seedable bets via admin endpoint
E2E Priority	High
Notes	Shows all bets, statuses (pending, won, lost, cancelled), results

C3: Get Bet Details¶

Aspect	Detail
Name	View Single Bet Details
Surface	Dropbet bet detail modal/page
Entry Points	`ebit-api/.../bet.controller.ts:getHouseGameBetDetails()` GET `/bets/house-games/info/:betId` or similar
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Medium
Notes	Shows selections, odds, stake, return, result

C4: Cancel Bet (Pre-Settlement)¶

Aspect	Detail
Name	Cancel Open Bet
Surface	Dropbet bet detail page
Entry Points	`ebit-api/apps/api/src/bet/admin.bet.controller.ts` (admin endpoint likely) or check for user-facing endpoint
Dependencies	Postgres, BullMQ (if async cancellation)
Crypto/External Check	None
Test Feasibility	Medium — requires bet in "open" status; may be admin-only
E2E Priority	Medium
Notes	Likely admin-only; check actual implementation

D. Casino Games (House Games)¶

D1: Blackjack Session¶

Aspect	Detail
Name	Play Blackjack
Surface	Dropbet `/games/originals/blackjack`
Entry Points	`ebit-api/apps/api/src/casino/house/blackjack/blackjack.controller.ts:initGame()` POST `/casino/games/house/blackjack/init`; `handleAction()` POST `/casino/games/house/blackjack/action`
Dependencies	Postgres, Redis (game state), `bj` microapp (game server on separate port)
Crypto/External Check	None — fully internal dealer logic
Test Feasibility	Medium — requires bj server running; game state can be driven via API calls
E2E Priority	High (core game product)
Notes	Full game lifecycle (deal, hit, stand, double, split); provably fair seeding supported

D2: Speed Roulette Session¶

Aspect	Detail
Name	Play Speed Roulette
Surface	Dropbet `/games/originals/speed-roulette`
Entry Points	`ebit-api/apps/api/src/casino/house/speed-roulette-api/speed-roulette-api.controller.ts:placeBet()` POST `/casino/games/house/speed-roulette/bet`
Dependencies	Postgres, Redis, `speed-roulette` microapp
Crypto/External Check	None
Test Feasibility	Medium — similar to Blackjack; requires speed-roulette server
E2E Priority	High
Notes	Fast-paced; seeded multiplier outcomes available

D3: House Games — Dice, Keno, Limbo, Mines, Plinko, Monkey-Run, Roulette¶

Aspect	Detail
Name	Play House Game (Non-Blackjack, Non-Speed-Roulette)
Surface	Dropbet `/games/originals/{game}`
Entry Points	`ebit-api/.../dice.controller.ts`, `.../keno.controller.ts`, etc. — each game has POST endpoints for bet init/action
Dependencies	Postgres, Redis, provably fair seeding
Crypto/External Check	None
Test Feasibility	Medium — pure server-side RNG with seeded outcomes
E2E Priority	Medium (game coverage)
Notes	Fast single-round games; all use similar architecture

D4: View Game Details & Statistics¶

Aspect	Detail
Name	Game List, Search, Filter, Favorites
Surface	Dropbet `/casino/*`, `/games`
Entry Points	`ebit-api/apps/api/src/casino/games/controller/games.controller.ts:findManyGamesPublic()` GET `/casino/games`
Dependencies	Postgres (games catalog)
Crypto/External Check	None
Test Feasibility	Easy — seeded game catalog
E2E Priority	Medium
Notes	Also covers favorites (add/remove), search, provider filtering

D5: Provably Fair Verification¶

Aspect	Detail
Name	Verify Game Fairness
Surface	Dropbet `/fairness` or modal
Entry Points	`ebit-api/apps/api/src/provably-fair/provably-fair.controller.ts` endpoints
Dependencies	Postgres (hash seeds), crypto libs
Crypto/External Check	None — pure local hash verification
Test Feasibility	Easy — deterministic verification
E2E Priority	Low (compliance, not core UX)
Notes	User can verify any past game result

E. Real-Time & Notifications¶

E1: WebSocket Connection & Authentication¶

Aspect	Detail
Name	RT Gateway Connection
Surface	socket.io client connection to :4001
Entry Points	`ebit-api/apps/rt/src/gateway/client.gateway.ts` handles all socket connections; `/events` namespace
Dependencies	Redis (for socket.io adapter), BullMQ queues (for game/bet events)
Crypto/External Check	None
Test Feasibility	Medium — requires socket.io client; JWT auth via socket payload
E2E Priority	High (real-time is core to UX)
Notes	Client connects, authenticates with JWT; server emits events on `/events` namespace

E2: Live Game Events¶

Aspect	Detail
Name	Receive Live Game Results
Surface	Real-time updates to UI (no specific page; emitted to all connected clients)
Entry Points	RT gateway emits game result events (Blackjack, Speed-Roulette, etc.)
Dependencies	Redis, RT gateway, game servers
Crypto/External Check	None
Test Feasibility	Medium — trigger game action, verify RT event arrives
E2E Priority	High
Notes	Events: game start, action applied, result, balance update

E3: Notifications & Alerts¶

Aspect	Detail
Name	Real-Time Notifications (Bets, Deposits, Withdrawals)
Surface	Notification toast in Dropbet UI
Entry Points	RT gateway emits via BullMQ job producers (e.g., `session.queue-producer.ts`, `bet/queue/`)
Dependencies	BullMQ, Redis, RT gateway
Crypto/External Check	None
Test Feasibility	Medium — trigger action, verify RT notification
E2E Priority	High
Notes	Notifications: new deposit, withdrawal processed, bet result, challenge progress

F. Payments & Deposits¶

F1: Generate Deposit Address¶

Aspect	Detail
Name	Request Crypto Deposit Address
Surface	Dropbet payment/deposit page
Entry Points	`ebit-api/apps/api/src/payment/deposit/deposit.controller.ts:getOrCreateAddress()` POST `/payments/deposit/static-address`
Dependencies	Postgres, external crypto provider API (Skindeck, etc.)
Crypto/External Check	EXCLUDED — requires real crypto provider integration
Test Feasibility	N/A
E2E Priority	N/A
Notes	Out of scope per requirements

F2: View Deposit History¶

Aspect	Detail
Name	Deposit History
Surface	Dropbet `/settings/transactions`
Entry Points	`ebit-api/.../deposit.controller.ts:getMany()` GET `/payments/deposit`
Dependencies	Postgres
Crypto/External Check	None — display-only
Test Feasibility	Easy — seedable deposits
E2E Priority	Medium
Notes	Shows all deposits, status (pending, confirmed, failed), amount, date

F3: Initiate Withdrawal¶

Aspect	Detail
Name	Withdrawal Request
Surface	Dropbet withdrawal page
Entry Points	`ebit-api/apps/api/src/payment/withdraw/withdraw.controller.ts:create()` POST `/payments/withdraw`
Dependencies	Postgres, external payment provider (withdrawal address validation, KYC checks)
Crypto/External Check	EXCLUDED — requires real provider integration
Test Feasibility	N/A
E2E Priority	N/A
Notes	Out of scope

F4: View Withdrawal History¶

Aspect	Detail
Name	Withdrawal History
Surface	Dropbet `/settings/transactions`
Entry Points	`ebit-api/.../withdraw.controller.ts:findMany()` GET `/payments/withdraw`
Dependencies	Postgres
Crypto/External Check	None — display-only
Test Feasibility	Easy — seedable withdrawals
E2E Priority	Medium
Notes	Shows all withdrawals, status, amount, address

G. Promotions & Bonuses¶

G1: View Available Promotions¶

Aspect	Detail
Name	Browse Promotions
Surface	Dropbet `/promotions`
Entry Points	`ebit-api/apps/api/src/promo/controllers/promo.controller.ts:findManyPromoCodesPublic()` GET `/promo`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy — seeded promo catalog
E2E Priority	Medium
Notes	Shows active promotions, terms, eligibility

Aspect	Detail
Name	Apply Promo Code
Surface	Dropbet promo page or deposit page
Entry Points	`ebit-api/.../promo.controller.ts:claimPromoCode()` POST `/promo/{codeId}/claim`
Dependencies	Postgres, BullMQ (bonus credit may be async)
Crypto/External Check	None
Test Feasibility	Medium — seeded promo code, bonus calculation
E2E Priority	Medium
Notes	Validates code, eligibility, applies bonus to balance

Aspect	Detail
Name	Bonus History
Surface	Dropbet `/settings/my-bonuses`
Entry Points	`ebit-api/.../promo.controller.ts:findMyPromoCodes()` GET `/promo/history`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Medium
Notes	Shows claimed promos, bonus amount, rollover status, expiry

H. Challenges & Leaderboards¶

H1: View Challenges (Public)¶

Aspect	Detail
Name	Browse Challenges
Surface	Dropbet `/challenges`
Entry Points	`ebit-api/apps/api/src/challenge/controller/challenge.controller.ts:findManyChallenges()` GET `/challenge`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy — seeded challenge catalog
E2E Priority	Low (nice-to-have, not core)
Notes	Shows active challenges, requirements, rewards

H2: View My Challenges (Authenticated)¶

Aspect	Detail
Name	My Active Challenges
Surface	Dropbet `/challenges` (filtered for user)
Entry Points	`ebit-api/.../challenge.controller.ts:findMyChallenges()` GET `/challenge/my`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Shows user progress, next milestones

H3: View Leaderboards¶

Aspect	Detail
Name	Leaderboards (Racing / Leaderboard Page)
Surface	Dropbet `/leaderboard`
Entry Points	`ebit-api/apps/api/src/leaderboard/leaderboard.controller.ts:getLeaderboardPublic()` GET `/leaderboards/:type`
Dependencies	Postgres, Redis (optional cache)
Crypto/External Check	None
Test Feasibility	Easy — seedable user stats
E2E Priority	Low (display-only, non-critical)
Notes	Shows top players by various metrics (weekly/monthly/all-time)

I. Affiliate Program¶

I1: View Affiliate Dashboard¶

Aspect	Detail
Name	Affiliate Overview
Surface	Dropbet `/affiliates`
Entry Points	`ebit-api/apps/api/src/affiliate/affiliate.controller.ts:findStats()` GET `/affiliate/overview`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy — seedable referral data
E2E Priority	Low (optional feature)
Notes	Shows earnings, clicks, conversions, commissions

I2: Generate / View Referral Code¶

Aspect	Detail
Name	Affiliate Referral Code
Surface	Dropbet `/affiliates`
Entry Points	`ebit-api/apps/api/src/affiliate/code/affiliate-code.controller.ts:findManyAffiliateCodes()` GET `/affiliate/codes`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Can create multiple codes; track performance per code

I3: Claim Affiliate Earnings¶

Aspect	Detail
Name	Withdraw Affiliate Commissions
Surface	Dropbet affiliate page
Entry Points	`ebit-api/.../affiliate.controller.ts:claim()` POST `/affiliate/claim`
Dependencies	Postgres, BullMQ (async payout)
Crypto/External Check	None — internal balance transfer
Test Feasibility	Medium — requires accumulated earnings
E2E Priority	Low
Notes	Credits to user balance; may be gated by minimum threshold

J. VIP Program¶

J1: View VIP Program Details¶

Aspect	Detail
Name	VIP Program Info
Surface	Dropbet `/vip-program`
Entry Points	VIP program endpoint (read-only info)
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy — static content
E2E Priority	Low
Notes	Shows tiers, requirements, benefits

J2: Submit VIP Application¶

Aspect	Detail
Name	VIP Application
Surface	Dropbet VIP application page
Entry Points	`ebit-api/apps/api/src/vip-program/players/vip-program.controller.ts:upsertApplication()` POST `/vip-program/application`
Dependencies	Postgres, file upload (stats screenshot)
Crypto/External Check	None — local file storage
Test Feasibility	Medium — requires image upload, form submission
E2E Priority	Low
Notes	File upload with size/type validation

J3: View VIP Application Status¶

Aspect	Detail
Name	Check VIP Application Status
Surface	Dropbet VIP page
Entry Points	`ebit-api/.../vip-program.controller.ts:getApplication()` GET `/vip-program/application`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Shows approval status, tier, benefits

K. Knowledge Base & Support¶

K1: View FAQ¶

Aspect	Detail
Name	Frequently Asked Questions
Surface	Dropbet `/faq`
Entry Points	`ebit-api/apps/api/src/faq/faq.controller.ts:findMany()` GET `/faq`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Display-only; CRUD in admin

K2: View Legal Pages¶

Aspect	Detail
Name	Legal Documents (T&C, Privacy, Responsible Gaming)
Surface	Dropbet `/legal/*`
Entry Points	Static pages (Next.js rendering)
Dependencies	None — static content
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Display-only compliance pages

L. Admin Dashboard & Management¶

Aspect	Detail
Name	Admin Login
Surface	Admin panel (ebit-admin-fe Vite SPA :5173 / :3003)
Entry Points	Same auth controller as player; admin-fe has role-based UI
Dependencies	Postgres, JWT
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	High (already documented)
Notes	N/A

L2: View Dashboard / Analytics¶

Aspect	Detail
Name	Admin Dashboard Stats
Surface	Admin panel `/dashboard`
Entry Points	`ebit-api/apps/api/src/dashboard-v2/admin.dashboard-combined.controller.ts:getMainStats()` GET `/admin/dashboard-v2/main/stats`
Dependencies	Postgres (aggregation queries)
Crypto/External Check	None
Test Feasibility	Easy — seedable data, pre-aggregated or computed on-the-fly
E2E Priority	Medium (admin core)
Notes	Shows revenue, player count, game stats, etc.

L3: Manage Users (View, Edit, Ban)¶

Aspect	Detail
Name	User Management
Surface	Admin panel (users list)
Entry Points	`ebit-api/apps/api/src/user/admin.user.controller.ts` — GET `/admin/users`, PATCH `/admin/users/{id}`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Medium
Notes	Edit email, ban status, KYC status, balance override (debug)

L4: Manage Bets (View, Cancel, Settle)¶

Aspect	Detail
Name	Bet Management
Surface	Admin panel `/bets`
Entry Points	`ebit-api/apps/api/src/bet/admin.bet.controller.ts` — GET `/admin/bets`, PATCH `/admin/bets/{id}`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Medium
Notes	View all bets, adjust stakes/results (debug), manual settlement

Aspect	Detail
Name	Promotion CRUD
Surface	Admin panel `/promocodes`
Entry Points	`ebit-api/apps/api/src/promo/controllers/admin-promo.controller.ts` — POST `/admin/promo`, PATCH `/admin/promo/{id}`
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Medium
Notes	Create/edit promo codes, set bonus, duration, eligibility

L6: Manage Challenges¶

Aspect	Detail
Name	Challenge CRUD
Surface	Admin panel `/challenges`
Entry Points	`ebit-api/apps/api/src/challenge/controller/admin-challenge.controller.ts` — POST, PATCH, DELETE
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Create/edit challenges, set milestones, rewards

L7: Manage Games & Categories¶

Aspect	Detail
Name	Game Configuration
Surface	Admin panel `/game-management`
Entry Points	`ebit-api/apps/api/src/casino/games/controller/games.admin.controller.ts` — GET, PATCH
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Enable/disable games, set odds/RTP, category assignment

L8: Manage Admins (Admin Users, Permissions)¶

Aspect	Detail
Name	Admin User Management
Surface	Admin panel `/admins`
Entry Points	`ebit-api/apps/api/src/user/admin.user.controller.ts` (admin branch) — POST, PATCH
Dependencies	Postgres (admin_role table)
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low
Notes	Create/remove admin accounts, assign roles/permissions

L9: KYC Management¶

Aspect	Detail
Name	KYC Verification Status
Surface	Admin panel `/kyc-limits-management`
Entry Points	`ebit-api/apps/api/src/kyc/controller/admin.kyc.controller.ts` — GET, PATCH
Dependencies	Postgres, external KYC provider (stubbed in local)
Crypto/External Check	Partial — API calls KYC provider, but webhook is stubbed
Test Feasibility	Medium — can mock KYC webhook responses
E2E Priority	Medium (compliance)
Notes	View KYC status, approve/reject, set limits

L10: View Admin Logs¶

Aspect	Detail
Name	Admin Action Logs
Surface	Admin panel `/admin-logs`
Entry Points	`ebit-api/apps/api/src/system/logger/admin.logger.controller.ts` — GET `/admin/logs`
Dependencies	Postgres (audit table)
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low (compliance/audit)
Notes	Shows all admin actions, timestamps, user

L11: Manage Site Configuration¶

Aspect	Detail
Name	Site Config (Maintenance, Feature Flags)
Surface	Admin panel (feature-flag endpoint, or dedicated page)
Entry Points	`ebit-api/apps/api/src/site-config/admin.site-config.controller.ts` — GET, PATCH
Dependencies	Postgres, Redis (cache)
Crypto/External Check	None
Test Feasibility	Easy
E2E Priority	Low (operational, not user-facing)
Notes	Toggle features, set maintenance mode, country restrictions

M. Misc Flows¶

M1: Email Notifications (Background)¶

Aspect	Detail
Name	Email Notifications (Bet Results, Deposits, etc.)
Surface	User email inbox
Entry Points	BullMQ queue jobs (async)
Dependencies	Redis (BullMQ), email service (SendGrid, mocked locally)
Crypto/External Check	None — mocked in local
Test Feasibility	Medium — verify queue jobs are enqueued, mock email capture
E2E Priority	Low (nice-to-have)
Notes	Sent asynchronously; can verify via queue inspection

M2: Geo-Blocking / IP-Based Country Detection¶

Aspect	Detail
Name	Country Restriction Enforcement
Surface	Registration/login page (denied access)
Entry Points	`ebit-api/apps/api/src/country/geo.controller.ts` — GET `/country/me`
Dependencies	GeoIP library (MaxMind, etc.)
Crypto/External Check	None — local geolocation
Test Feasibility	Medium — mock IP address, verify rejection
E2E Priority	Low (compliance)
Notes	Can test with VPN/proxy header spoofing

M3: Responsible Gaming Checks¶

Aspect	Detail
Name	Self-Exclusion, Deposit Limits Enforcement
Surface	Deposit/bet page (cannot proceed if limits hit)
Entry Points	Various controllers check `user_limit` table
Dependencies	Postgres
Crypto/External Check	None
Test Feasibility	Medium — set limits, attempt action, verify rejection
E2E Priority	Medium (compliance)
Notes	Critical for regulatory compliance

Summary by Priority¶

High Priority (Core Product)¶

User Authentication (sign-up, sign-in, 2FA) — already documented
Bet Placement & History — central to sports betting
House Games (Blackjack, Speed-Roulette, others) — core casino features
Real-Time Gateway (WebSocket, notifications) — critical UX
Balance Management — fundamental to gameplay
Admin Dashboard & User Management — critical for operations

Medium Priority (Common User Flows)¶

Password reset, email verification
Account settings, profile management
Deposit/withdrawal history
Promotions & bonuses
Challenges & leaderboards (if racing is a major feature)
VIP program
Affiliate program
KYC verification
Responsible gaming limits

Low Priority (Nice-to-Have / Admin)¶

Legal pages, FAQ (static content)
Fairness verification (niche user feature)
Blog, affiliate recruitment flows
Chat, tips, admin logs
Game management (admin-only)

Recommended Next 5 Flows for E2E¶

Based on coverage gaps and strategic value:

Bet Placement & Settlement — currently untested; high impact. Test placing single/combo bets, seeded match data, BullMQ job processing.
Blackjack Game Session — core game; requires game server but fully testable. Test init → deal → action → settlement.
Speed Roulette Game Session — similar to Blackjack; fast iteration testing.
Real-Time WebSocket Subscriptions — test RT connection, auth, event delivery for bet/game results.
Admin Dashboard Analytics — verify key metrics (revenue, player count, game stats) from seeded data.

Effort to launch: ~2–3 weeks of active development (test infrastructure setup + 5 flows × 2–3 days each).

Technical Notes¶

Seeding: Use ebit-api/libs/_prisma/src/seed/ and debug endpoints (/debug/*) to populate test data.
Async Jobs: Monitor redis-cli for BullMQ job queue (KEYS bull:*).
Game Servers: Ensure bj, speed-roulette microapps are running on their respective ports.
Local Email: Mocked in local env; verify via BullMQ queue inspection, not actual SMTP.
Real-Time: Socket.io on :4001 with /events namespace; requires JWT in socket payload.
Database: Postgres on :5555; run migrations before each test suite (npm run db:migrate:dev).

Document version: 1.0
Last updated: April 2026