Glossary

Alphabetical reference of domain terms used across the Evospin codebase and this documentation portal. Each entry includes a 1–3 line definition and a pointer to the canonical source — typically a file:line citation, an ADR, a runbook, or a memory.

When a term appears in a flow doc, an architecture doc, or a customer-facing track, this is the definition to reach for. Disagreements between docs are resolved here.

---

2FA — Two-factor authentication. The flow is sign-in → if 2FA enabled, request a TOTP code → /auth/verify-2fa issues the real access_token cookie. The intermediate state is signed by JWT_MFA_TEMP_SECRET. See api-reference/auth-flow.md.

access_token — HttpOnly cookie set by POST /auth/verify-2fa (or /auth/sign-in for non-2FA users). Contains a signed JWT with sub (userId) and exp claims. Set at apps/api/src/auth/cookies.ts:8-23. The admin-fe reads a different cookie name (jwt_access_token) due to a bug — see jwt_access_token.

ADR — Architecture Decision Record. Self-contained Markdown documents in adr/ capturing the why behind non-obvious decisions. MADR-style template: Status / Date / Context / Decision / Considered Alternatives / Consequences / References. Index at adr/README.md. Status values: Accepted, Superseded by ADR-NNNN, Deprecated.

AdminActionLog — Postgres model that records every non-GET /admin/* mutation. Written by AdminLoggerInterceptor.tap() at libs/modules/src/admin-logger/interceptor. Fields: method, url, user_id (the admin actor, not the target), request_body, response, duration_ms. Insert errors are swallowed by safeLog. Schema: libs/_prisma/src/schema/api.prisma:1479.

api — The main NestJS app on port 4000. REST + Swagger surface (277 paths, 317 operations); handles public + admin endpoints. Source root apps/api/. See api-reference/api.md.

Badger — LSM-tree embedded key-value store (dgraph-io/badger) used as the storage backend for Jaeger v2. Persists span data on a 50 GB EBS volume; spans TTL at 72 h. Config at terraform/modules/monitoring/jaeger-v2-config.yaml.tftpl. Decision: ADR-0009.

bcrypt — Password hash function used at apps/api/src/auth/auth.service.ts (sign-up / sign-in). The bcrypt cost is the dominant component of sign-in latency — p95 ≈ 200 ms documented in performance-test-report.md.

bet_settled_queue — BullMQ queue that fires after every bet settles. Triggers leaderboard UPSERT, rakeback calc, affiliate notification, and live-bets push. Defined at apps/api/src/bet/queue/const.ts:1. Fire-and-forget: a Redis outage silently drops side-effects (SF-007).

BetQueueProducer — Injectable service at apps/api/src/bet/queue/bet.queue-producer.ts:13 that enqueues jobs onto bet_settled_queue. Called from BetService.onClosed.

BetStatus — Prisma enum at libs/_prisma/src/schema/api.prisma:625. Values: CREATED, SETTLED, ERROR, ROLLBACK. Most bets transition directly from CREATED to SETTLED within a single transaction.

BGaming — External slots provider integration at apps/api/src/casino/slots/providers/bgaming/. One of four wired slot providers (also pm8, evogames, st8).

bj — NestJS app on port 4002. Currently orphaned: ships a full blackjack implementation but no dropbet client reaches it (all blackjack traffic routes through api's /casino/games/house/blackjack/*). Memory: project_ebit_bj_orphan. See ebit-bj.

bo — Backoffice NestJS app on port 4003. Admin-only REST + Swagger (48 paths, 58 operations). Source root apps/bo/. See api-reference/bo.md.

bot Redis — Second Redis instance on port 6380 (password bot). Isolates house-bot fleet state from the main cache. Compose env: REDISCLOUD_BOT_URL.

bpftrace — Tracing tool used for profiling kernel and userland during perf runs. Referenced in docs/performance-testing.md. Companion to pidstat, iostat, perf record, FlameGraph.

BullMQ — Redis-backed job queue (@nestjs/bullmq). Powers all production async work: sessions, bets, bots, challenges, leaderboard, promo tasks, rakeback, skindeck deposits, and both speed-roulette queues. Decision: ADR-0003. NOT RabbitMQ — see Fast Track.

@Cacheable — In-process cache decorator from @type-cacheable/core. Used on leaderboard queries at apps/api/src/leaderboard/leaderboard.repository.ts:41. Uses a local Map, not Redis — cache is per-process, not shared across ebit-api and ebit-bo. See SF-022.

cache Redis — Primary Redis on port 6379 (password cache). Hosts BullMQ queues, throttler counters, user detail caches, ONLINE_USERS_KEY zset, gateway pub/sub channels, and auth-session keys. Compose env: REDISCLOUD_URL.

cAdvisor — Container resource exporter scraped by Prometheus during perf runs. Surfaces per-container CPU / memory / FD / network. See terraform/modules/monitoring/.

CCPAYMENT — Crypto deposits/withdrawals integration at apps/api/src/payment/provider/integration/ccpayment/. One of three wired payment providers (also nowpayments, skindeck). Recipe: recipes/add-payment-provider.md.

challenge — Time-bound competition (e.g., "wager 1000 DBC this week"). Browse-only for users; winners selected and awarded by admins via admin-challenge.controller.ts. No user-triggered claim route exists. See flows/dropbet-challenges.md.

clientSeed — User-chosen random string used in provably-fair RNG. Stored on UserFairnessSeeds model. Rotatable via PUT /fairness/seed when no multistage game is active. See provably fair.

commissionGgrUsdAmount — Decimal field on the Bet model at libs/_prisma/src/schema/api.prisma:656. Tracks the house's Gross Gaming Revenue commission in USD for each bet.

createAndSettleBet — Method on BetService at apps/api/src/bet/bet.service.ts:560. Atomically creates a bet record and settles it within a single Prisma transaction. Used by single-round house games (dice, limbo, mines, plinko).

CurrencySymbol — Prisma enum at libs/_prisma/src/schema/api.prisma:70. Values include DBC (platform token), BTC, ETH, TETH (testnet ETH — indistinguishable from ETH at the API layer, SF-018), EVO, SOL, TRX, USDT, and others. Recipe to add: recipes/change-currency-or-add-currency.md.

c7g — AWS Graviton (arm64) instance family used for the perf-stack VMs. Class chosen for price-performance ratio. See terraform/perf/.

DBC — "DropBet Coin" — the primary platform currency. Seeded users start with 1,000 DBC. All house-game bets denominate in a CurrencySymbol; DBC is the default.

dev_perf — Doppler config (a branch off the dev environment in each project) used by the perf-test stack. Holds perf-specific overrides (e.g. SUT public IP for APP_BE_ORIGIN). Memory: reference_doppler_workspace.

Doppler — Secrets-management SaaS used as the single source of truth for env vars across all three repos. Workspace ebit-devops with three projects (ebit-api, ebit-fe, ebit-admin-fe). Decision: ADR-0010. Memory: reference_doppler_workspace.

Doppler personal token — Workspace-admin token issued to a human; stored at ~/.config/doppler/token (chmod 600). Used for project / config / secret CRUD via doppler CLI. Distinct from a service token which is per-project per-config and read-only.

Doppler service token — Per-project + per-config read token (e.g. dp.st.dev_perf.*). Cannot read across configs or projects. Used by container runtime via doppler run --token <service-token> -- <cmd>. Tokens land in terraform/perf/secrets/ (gitignored).

dropbet — The player-facing brand of the platform. The codebase ships as ebit-fe; the deployed brand is dropbet. White-labels can re-brand — see recipes/customize-branding.md.

ebit — The platform. Three sibling repositories (ebit-api, ebit-fe, ebit-admin-fe) plus the observability/Terraform infrastructure. See README.md for the portal entry point.

ebit-admin-fe — Admin Vite + React 19 SPA (migrated from Next.js). Single-language; TanStack Router + Tailwind. Authenticates via the jwt_access_token cookie (legacy name; see jwt_access_token). Repo at ebit-admin-fe/.

ebit-api — NestJS monorepo at ebit-api/. Hosts five apps (api, rt, bj, bo, speed-roulette) sharing 11 libs. Decision: ADR-0011. Build via per-app nest build <app>.

ebit-bj — Orphaned NestJS app on port 4002. Ships a full blackjack implementation with EVO-Games wallet RPC and its own session-token scheme. No dropbet client reaches it — all blackjack traffic goes through ebit-api's /casino/games/house/blackjack/*. See AF-4 and memory project_ebit_bj_orphan.

ebit-fe — Player-facing Next.js 14 site (App Router, next-intl, Tailwind, shadcn). Branded dropbet. Repo at ebit-fe/. Locales currently en + de.

ECR — AWS Elastic Container Registry. Hosts the per-app Docker images pushed before a perf-stack apply. See terraform/perf/README.md.

EBS gp3 — AWS general-purpose SSD storage class. Used for both Postgres data and Jaeger Badger storage on the perf monitoring VM. Costs ≈ $0.0928 / GB-month base in eu-north-1.

EOS blockchain — External dependency for speed-roulette fairness. roulette-state.service.ts calls eosService.waitForBlock(eosBlockNum, 2000) to anchor each round's randomness to a publicly verifiable EOS block. Outage stalls the round queue.

EVO-Games — External wallet RPC provider. Only reachable from the orphan ebit-bj app. Not used by any dropbet flow.

Evogames — External slots provider integration at apps/api/src/casino/slots/providers/evogames/. Distinct from EVO-Games (the wallet RPC consumed by the orphan ebit-bj).

EvoLogger — Application-code logger facade from @bebkovan/server-core. Writes to winston → docker stdout. ~40 call sites. Records carry trace_id / span_id / trace_flags but originally didn't reach Loki. Now scraped by the filelog/docker receiver — query: {source="docker_filelog"} |= "EvoLogger". Decision: ADR-0007. Memory: project_evologger_trace_correlation.

@ExternalControllerClient — Decorator at libs/gateway/src/ms-controller/external-controller-client.decorator.ts:18. Configures Nest microservice RPC over Redis pub/sub with a timeout. Does NOT propagate W3C traceparent — callee spans appear as orphan root traces (AF-2). Decision: ADR-0005. Memory: project_otel_microservice_transport_gap.

fakeUserOnline — Variable in apps/api/src/user/online-tracker.service.ts. Initialised at 500, drifts by Math.floor(Math.random() * 10 - 5) every 10 seconds, floored at 180. Added to the real ONLINE_USERS_KEY zcard before broadcasting UsersOnlineUpdated. The UI counter is cosmetic. Decision: ADR-0008. Memory: project_online_count_inflation.

Fast Track — External CRM bonus tracker. Wired via apps/api/src/fast-track/rabbitmq/fast-track.rmq.module.ts:8 with disabled = true. The RabbitMQ broker runs in compose but receives zero traffic. 11 producer call sites in bet.service.ts (×4) and promo-effect.service.ts (×7) silently drop events. See AF-6 and ADR-0003.

filelog/docker — OTel Collector receiver in observability/otel-collector.yml. Scrapes Docker container JSON logs from /var/lib/docker/containers/. Tags each record with resource.source = docker_filelog. This is how EvoLogger records reach Loki.

FlameGraph — CPU profile visualisation tool. Used during perf runs to identify hot paths. Output of perf record + perf script + flamegraph.pl. Reference: performance-testing.md.

@GatewayMethod — Decorator at libs/gateway/src/decorators/gateway-method.decorator.ts:14. Combines @MessagePattern, interceptors, and validation for gateway RPC handlers.

GeeTest — Captcha provider used in production alongside reCAPTCHA. Verified at apps/api/src/captcha/. Bypass x-captcha-token: pass is local-only.

GOMEMLIMIT — Go runtime memory ceiling environment variable. Set to 1500MiB for Jaeger v2 to bound the Badger compactor's heap and prevent the OOM class observed under v1 in-memory storage. See ADR-0009.

Grafana — Visualisation and alerting UI on port 3003 (admin/grafana). 9 provisioned dashboards under observability/grafana/provisioning/dashboards/. Reads from Prometheus + Loki + Jaeger. Operator how-to: engineering/observability-runbook.md.

hashedServerSeed — SHA256(serverSeed) published to the user before a bet is placed. After settlement, the raw serverSeed is revealed so the user can verify the hash matches. This is the "commit" phase of the commit-reveal provably-fair scheme.

headless Chromium — Browser used by Playwright canary and full-flow tests. Runs without UI. See tests-perf/playwright-canary/.

house game — Casino games operated by the platform (not a third-party provider). Includes dice, limbo, mines, plinko, and blackjack. All share the @PlaceBetLock pipeline. Controllers live under apps/api/src/casino/house/. Recipe to add: recipes/add-game.md.

Husky prepare hook — Git hooks installer that runs husky install post-npm install. Skipped when NODE_ENV=production, which is why production Docker images don't ship Husky machinery. Gotcha: a developer running npm i --omit=dev locally will break the prepare hook chain.

IMDSv2 — AWS Instance Metadata Service v2. Required (not v1) on perf VMs per terraform/perf/ security baseline. Token-based, replay-resistant.

iostat — Linux disk-I/O stats tool. Used during perf runs to spot saturation. Companion to pidstat.

isFromRegister — Flag passed to session.service.ts:104 during sign-up. When true, the BullMQ session enqueue is skipped — so the first login produces no UserSession row. An admin inspecting a just-registered account sees only the one-shot RegistrationInfo row.

Jaeger — Distributed-tracing UI + storage. Port 16686. Default service ebit-api. Search/click pivots from Grafana exemplar dots.

Jaeger v2 — jaegertracing/jaeger:2.17 running on the OpenTelemetry Collector core. Replaced v1 (EOL 2025-12-31) on 2026-04-25. Healthcheck path is /status (not /). Decision: ADR-0009.

JWT — JSON Web Token. Evospin issues short-lived signed JWTs as access_token cookies. The signing secret is JWT_SECRET per Doppler. Format includes sub (userId), roles, permissions, exp claims.

JWT_MFA_TEMP_SECRET — Doppler secret for signing the intermediate 2FA-pending JWT issued between /auth/sign-in and /auth/verify-2fa. Distinct from JWT_SECRET.

jwt_access_token — Cookie name the admin-fe reads at ebit-admin-fe/src/types/Auth.ts:36. Does NOT match the API's access_token cookie name — this mismatch is a known bug that blocks the admin-fe dashboard. See AF-1 and memory project_admin_fe_auth_bugs.

k6 — Load-generation tool used for perf testing. arm64 binary on the loadgen VM. Scenarios under tests-perf/k6/. Emits k6_* Prometheus metrics during runs.

KYC — Know Your Customer identity verification. Evospin uses Sumsub (vendor-specific abstraction). Levels: BASIC, FULL, ENHANCED. Recipe to swap: recipes/swap-kyc-provider.md.

leaderboard_user_position_view — Postgres view at libs/_prisma/src/schema/api.prisma:1371. Computes user positions via ROW_NUMBER() window function. Not materialised — recomputes per query. SF-023.

LeaderboardQueueProducer — Dead code. pushUserAction at apps/api/src/leaderboard/leaderboard.queue-producer.ts has zero call sites. The processor subscribes to a queue nobody writes to. SF-020.

loadgen — Perf VM running k6 scenarios against the SUT. Provisioned by terraform/perf/.

Loki — Log aggregation backend on port 3100. Receives logs via OTLP-bridged pino path (with service_name resource) and via the filelog/docker receiver (without). Query via Grafana Explore using LogQL. See engineering/observability-runbook.md.

MADR — Markdown ADR template (Status / Date / Context / Decision / Considered Alternatives / Consequences / References). All ADRs in adr/ follow it. Reference: adr.github.io/madr.

main amount — The spendable balance in UserBalance.amount. Bets deduct from this. Distinct from vaultAmount, which is a user-locked savings pocket.

Mermaid — Diagram-as-code syntax. The portal's only diagram format (STYLE.md §4). Diagrams must be ≤30 nodes and accompanied by a fallback table.

monitoring — Perf VM hosting the OTel collector + Jaeger v2 + Prometheus + Grafana + Loki. Provisioned by terraform/modules/monitoring/.

NFR — Non-Functional Requirement. Performance, availability, security, capacity targets. Evospin's NFR set documented in business/nfr-sla.md.

node_exporter — Prometheus exporter for host-level metrics (CPU, memory, disk, network, file-descriptors). Scraped on every perf VM. Source for the ebit-perf-system dashboard.

nonce — Monotonically incrementing counter on UserFairnessSeeds. Advanced by popUserSeed inside the bet transaction. Combined with the server seed + client seed to produce the RNG input. Source: apps/api/src/provably-fair/provably-fair.service.ts:44.

NowPayments — Crypto payments integration at apps/api/src/payment/provider/integration/nowpayments/.

ONLINE_USERS_KEY — Redis zset constant at apps/rt/src/online-tracker/const.ts:1 (value: online_users). Members are user IDs; scores are epoch-ms of last warmUpUserOnline. Swept every minute by zremrangebyscore with threshold now - ONLINE_USER_TTL_SECONDS.

ONLINE_USER_TTL_SECONDS — Constant at apps/rt/src/online-tracker/const.ts:3. Set to 30. Determines how long after disconnect a user still appears "online" in the zset.

OpenAPI — OpenAPI 3.0 specification generated by NestJS Swagger. Live at :4000/swagger and :4003/swagger. Snapshotted at docs/api-reference/openapi/api.openapi.json and bo.openapi.json. Refresh: api/sync-postman.sh.

OpenTelemetry — Vendor-neutral observability framework. The codebase uses @opentelemetry/instrumentation-* for HTTP, Prisma, ioredis, BullMQ, pino, winston, and more. SDK init at apps/<app>/src/pre-otel.main.ts. See OTel.

OTel — Short for OpenTelemetry. Convention used throughout the portal. The OTel Collector ingests traces / metrics / logs at OTLP gRPC :4317 + HTTP :4318. Architectural overview: engineering/observability.md.

OTLP — OpenTelemetry Protocol. Two transports: gRPC (:4317) and HTTP/protobuf (:4318). Used by every service to ship spans to the OTel collector.

otel-collector — The OpenTelemetry Collector process. Single instance per environment. Pipelines: traces (OTLP → memory_limiter → tail_sampling → batch → Jaeger + spanmetrics), metrics (OTLP + spanmetrics → Prometheus remote-write), logs (OTLP + filelog → Loki). Config at observability/otel-collector.yml.

OtpGuard — Guard at apps/api/src/auth/guards/otp.guard.ts:8. Validates a per-request TOTP code from the x-otp header against the user's stored mfaSecret. Required on SuperAdmin-only routes alongside RolesGuard.

p50 / p95 / p99 — Latency percentiles. The 50th / 95th / 99th percentile request duration. Standard SLO unit. p95 < 200 ms is the sign-in target per performance-test-report.md.

perf record — Linux profiling tool that captures CPU samples. Inputs to perf script → FlameGraph. Used during phase 4 of perf testing.

PermissionGuard — Factory function at apps/api/src/auth/guards/permission.guard.ts:11. Creates a JWT guard that checks the user's permission set against a required key (e.g., user.view, user.ban). Shortcircuits for SuperAdmin at line 24 — before the MFA check at line 40 (SF-029).

pidstat — Linux per-process CPU/memory stats tool. Used during perf runs to spot a single hot process.

@PlaceBetLock — Decorator at libs/shared/src/security/place-bet-lock.decorator.ts:19. Acquires a per-user Redis mutex before the bet handler runs. Serialises all bet operations for a single user — including across different game types. Prevents double-settle and fairness-seed races.

Playwright — Browser automation library used for canary tests + full E2E flows. Specs under tests-perf/playwright-canary/ and tests-e2e/. Recipe: recipes/add-e2e-test.md.

PM8 — External slots provider integration at apps/api/src/casino/slots/providers/pm8/. Operator-signed HMAC auth scheme.

popUserSeed — Method at apps/api/src/provably-fair/provably-fair.service.ts:44. Fetches the user's current fairness seed and atomically increments the nonce. Runs inside the bet's Prisma transaction, so a failed bet rolls back the nonce advance.

Postgres — Primary RDBMS. Local port 5555 → 5432. Single database split into three Prisma schemas (api, blackjack, speed_roulette) per ADR-0006.

Postman — REST client. Collections at docs/api/postman/ebit-api.postman_collection.json (59 folders / 317 reqs) and ebit-bo.postman_collection.json (15 / 58). Generated from the OpenAPI specs by api/sync-postman.sh.

Prisma — Type-safe ORM and migration tool. Schema split across three files in libs/_prisma/src/schema/ per ADR-0006. Migrations at libs/_prisma/src/migrations/.

Private.* — Namespace prefix for inter-service RPC events in libs/gateway/src/events.ts. Examples: Private.AuthSocket, Private.TransactionFindMany, Private.BetFindMany. Transported via Redis pub/sub — no traceparent propagation.

process-exporter — Prometheus exporter for per-process metrics (CPU, memory, FD per process). Scraped on perf VMs. Default config groups all node processes under groupname="node"; per-app split needs cmdline regex rules.

PromoEffectService — Service at apps/api/src/promo/services/promo-effect.service.ts. Orchestrates applying promo-code effects (balance credit, free spins, referral bonuses) to user accounts. Contains 7 fastTrackBonusService.emitBonus() call sites that currently no-op.

Prometheus — Time-series metric store on port 9090. Scrapes node_exporter, cAdvisor, process-exporter, and the OTel collector's Prometheus exporter. Provides PromQL for Grafana panels and alerting.

provably fair — Commit-reveal fairness scheme. Before a bet: user sees hashedServerSeed = SHA256(serverSeed). After: raw serverSeed is revealed. User can verify: SHA256(revealed) === committed. Combined with clientSeed + nonce to produce the RNG value. Implementation: apps/api/src/provably-fair/.

PSI — Linux Pressure Stall Information. Surfaces in /proc/pressure/{cpu,memory,io}. Used as a saturation indicator alongside CPU%/memory%.

RabbitMQ — AMQP broker on local port 5672 (UI 15672). Vhost ft (Fast Track). Receives zero traffic — the producer is stubbed (disabled = true). See Fast Track and ADR-0003.

RACE_ENABLED — Environment variable at ebit-api/.example.env:101. When not 'true', all leaderboard endpoints throw. The flag is off in local Doppler, so the feature is effectively dark. SF-019.

rakeback — User rebate on house edge. Calculated in apps/api/src/rakeback/rakeback.service.ts:47 during bet_settled_queue processing. Users accumulate rakeback and claim via a dedicated endpoint.

randomMultiplier — Game outcome multiplier computed from RNG. In limbo: apps/api/src/casino/house/limbo/limbo.service.ts:49. In dice: derived from the threshold and direction. A randomMultiplier = 1.0 in limbo collapses genuine bust and near-one crash into one value.

randomValue — Raw RNG output (0-100 for dice). Computed from HMAC-SHA256(serverSeed, clientSeed:nonce). Source: apps/api/src/casino/house/dice/dto/dice.dto.ts:35.

reCAPTCHA — Google's bot-prevention service. Verified at apps/api/src/captcha/google/recaptcha.service.ts. Bypass x-captcha-token: pass only works when NODE_ENV=local (line 28). See reCAPTCHA bypass.

reCAPTCHA bypass — RecaptchaService at apps/api/src/captcha/recaptcha.service.ts:28 short-circuits when NODE_ENV === 'local' && token === 'pass'. A production container misconfigured with NODE_ENV=local disables captcha. Break-glass procedure: runbooks/captcha-break-glass.md.

refresh_token — HttpOnly cookie set alongside access_token. Used by /auth/refresh to issue a new access_token without re-entering credentials. Set at apps/api/src/auth/cookies.ts.

RolesGuard — Guard at apps/api/src/auth/guards/roles.guard.ts:10. Checks the user's roles against required endpoint roles (e.g., Role.SuperAdmin). Layered on top of JwtGuard and PermissionGuard.

roundId — Unique identifier of a game round on the Bet model at libs/_prisma/src/schema/api.prisma:663. Combined with userId in a @@unique constraint — this is the only backstop against double-settlement (SF-004).

RPO — Recovery Point Objective. Maximum acceptable data loss measured in time. Evospin's target documented in business/nfr-sla.md.

RTO — Recovery Time Objective. Maximum acceptable downtime to restore service. Target documented in business/nfr-sla.md.

RTP — Return To Player. The percentage of total wagered amount a game returns over a long horizon (e.g. 99 % means 1 % house edge). Configured per house game in libs/games/src/house-games.config.ts.

rt — NestJS websocket app on port 4001. socket.io with namespace /events. Throughput-bound; deployed independently from api. JWT read from cookie, not the Authorization header (gotcha — memory project_otel_integration_gotchas).

Server.* — Namespace prefix for server-to-client push events. Examples: Server.UsersOnlineUpdated, Server.BalanceUpdated, Server.NewBet. Transported via Redis pub/sub gateway → ebit-rt → socket.io broadcast/room/user emit.

Skindeck — Payment provider integration for cosmetic/skin deposits at apps/api/src/payment/provider/integration/skindeck/skindeck.module.ts:10. Has its own BullMQ queue for deposit processing.

SLA — Service-Level Agreement. Customer-facing commitment derived from internal SLOs. Documented in business/nfr-sla.md.

SLO — Service-Level Objective. Internal target (typically expressed as p95 < N ms or error rate < X% over a window). Inputs to SLA. Defined in business/nfr-sla.md.

smoke test — Short low-VU k6 run (50 VUs / 1 min) executed before the stepped ramp to verify the SUT is alive. See perf-run-checklist.md.

socket_token — Cookie set alongside access_token and refresh_token during sign-in. Presented to ebit-rt via auth: { socket_token } in the socket.io handshake. Extracted by extractSocketAuthToken at apps/rt/src/utils.ts:24.

Softswiss — External slots provider integration. Variant naming surfaces as ST8 in this codebase — see ST8.

spanmetrics — OTel Collector connector in observability/otel-collector.yml. Derives calls_total + duration_milliseconds_bucket histograms from trace spans so that span-only instrumentations (Prisma, ioredis) get Prometheus histogram metrics without explicit metric instrumentation. Decision: ADR-0002. Note: metric names are unprefixed — not traces_spanmetrics_calls_total (common confusion).

speed-roulette — Casino game anchored to EOS blockchain blocks. Runs as a separate NestJS app (apps/speed-roulette/). State machine driven by BullMQ with concurrency: 1. Settlement is async and decoupled from the bet trace. See flows/dropbet-speed-roulette.md.

ST8 — External slots provider integration at apps/api/src/casino/slots/providers/st8/. The most mature integration in tree (admin / bonus / hydrate / wallet RPC complete). Often informally called "Softswiss" by domain experts.

stepped ramp — Multi-stage k6 test: 1k → 2.5k → 5k → 7.5k → 10k VUs over 42 minutes, with 5 min plateaus. The standard perf-test load shape. See tests-perf/k6/.

Sumsub — Current KYC vendor. Integration at apps/api/src/kyc/sumsub/. Vendor-specific abstraction (no KycProviderInterface). Recipe to swap: recipes/swap-kyc-provider.md.

SuperAdmin — Highest role in the Role enum. Grants access to balance adjustments, role assignment, and permission changes — all gated by OtpGuard (per-request TOTP). Caution: PermissionGuard shortcuts before the MFA check for SuperAdmin (SF-029).

SUT — System Under Test. The perf-stack VM running ebit-api + Postgres + Redis. Provisioned by terraform/perf/. Distinct from loadgen and monitoring.

tail-sampling — OTel collector processor that decides per-trace which to keep. Policy: 100 % errors + 100 % traces with any span > 500 ms + 10 % of the rest. Decision: ADR-0012. Operator gotcha: ~90 % of OK traces dropped — Jaeger min-duration=0 search returns fewer hits than were served.

Terraform — Infrastructure-as-Code tool. The perf stack is rooted at terraform/perf/. Modules under terraform/modules/: monitoring, sut, loadgen, etc.

TETH — Testnet ETH. Listed in CurrencySymbol but indistinguishable from ETH at the API layer. FE denylist handles it client-side. SF-018.

traceparent — W3C trace-context header (traceparent: 00-<traceId>-<spanId>-<flags>). Propagated by ebit-fe via @vercel/otel propagateContextUrls. NOT propagated across the Nest Redis pub/sub transport (@ExternalControllerClient) — this is the AF-2 blind spot. Decision: ADR-0005.

UserBalance — Prisma model linking a user to a currency with amount (spendable) and vaultAmount (locked). The toVault operation has no overdraft guard — balance can go negative (SF-013). Source: libs/_prisma/src/schema/api.prisma.

UserFairnessSeeds — Prisma model at libs/_prisma/src/schema/api.prisma:146. Stores serverSeed, clientSeed, hashedServerSeed, and nonce per user. The nonce advances with each bet via popUserSeed.

vault amount — The locked savings pocket in UserBalance.vaultAmount. Users transfer funds between main and vault via POST /accounting/balances/to-vault and /from-vault. Bets cannot be placed from vault funds.

vhost ft — RabbitMQ virtual host for Fast Track CRM. Boots empty by design; receives no traffic. See Fast Track.

VU — k6 Virtual User. Each VU is an independent simulated user executing scenario steps in a loop. Surfaced in Grafana as the k6_vus metric.

WildcardsIoAdapter — Socket.io adapter at apps/rt/src/gateway/wildcard.adapter.ts:5. Enables @SubscribeMessage('*') wildcard handlers via the socketio-wildcard library. This is how ClientGateway.clientMessageHandler catches all client events.

x-captcha-token — Header presented to captcha-guarded endpoints. Local-only literal pass works under NODE_ENV=local (apps/api/src/captcha/google/recaptcha.service.ts:28). Real value comes from a reCAPTCHA / GeeTest browser challenge.

@vercel/otel — Next.js OTel SDK pinned to 1.x on ebit-fe. v2.x removed propagateContextUrls which is essential for FE→API trace propagation. Decision: ADR-0004.