Roadmap

References

Stuff and Things are happening here.

One Pager

Game Design Document (GDD)

Technical Design Document (TDD)

UE5 Dedicated Server — headless build compiles and runs

Server launches with -server flag, binds to port 7777, accepts client connections. Authoritative game logic confirmed se…

Server-authoritative damage, loot & Bounty economy validated

Client inputs trigger server-side resolution. No client can write its own damage or loot outcome. --- Priority: P1 · CR…

Code stripping confirmed on packaged client build

Sensitive C++ systems absent from client binary. Verified via UE5 build configuration and binary inspection. --- Priori…

World state snapshot writing every 60s to Redis

Physicalized loot positions, Bounty values, Blood Hunt state all captured. Restore from snapshot tested on a fresh insta…

Reconnect grace window tested — 90s hold, loot drop on expiry

Disconnect mid-session. Reconnect within 90s → state preserved. Let timer expire → loot drops in world at last position.…

Portal traversal server authority confirmed

Server resolves destination, manages cooldowns. Client cannot dictate portal outcome. --- Priority: P2 · IMPORTANT

Blood Hunt trigger and duration fully server-managed

Threshold crossed → server broadcasts. Duration enforced server-side. Client responds to replicated flag only. --- Prio…

Auth Service issuing and validating JWT tokens

Login → JWT issued. JWT validated on every authenticated request. Token refresh silent and functional. --- Priority: P1…

Ban Service populated and queried on every login

Auth Service checks Ban Service on every login attempt. Banned accounts receive immediate rejection with reason code. -…

EAC attestation enforced on server connection

Dedicated server refuses connections from clients failing EAC attestation. EAC auto-reports flow to Ban Service. --- Pr…

Account Service PostgreSQL — daily backups + 30-day PITR enabled

Automated daily snapshots active. Point-in-time recovery tested. Restore drill completed to confirm RTO. --- Priority: …

OAuth2 / Steam / EOS integration tested end-to-end

Third-party login flows complete. Token exchange working. Edge cases (expired tokens, revoked access) handled. --- Prio…

Account data deletion flow implemented (GDPR)

Player data deletion request → Account Service wipes PII. Retention policy documented. Applies to EU players at minimum.…

Ban admin interface operational

Manual review, ban reversal, and appeals accessible. Permissions scoped to admin accounts only. --- Priority: P3 · NICE…

API Gateway live with rate limiting enforced

All client HTTPS traffic routing through gateway. Rate limits per IP and per account active. HTTP 429 on breach confirme…

DDoS protection active on all public endpoints

Cloudflare or AWS Shield configured. Load test run. Server IPs confirmed absent from any public resource. --- Priority:…

mTLS configured on all internal gRPC channels

Certificates issued per service. Calls from uncertified callers rejected at transport layer. Certificate rotation proces…

Secrets Manager in use for all credentials

JWT signing keys, DB credentials, mTLS certs, API keys all in AWS Secrets Manager or equivalent. No secrets in environme…

Join Token IP exposure window confirmed — 30s TTL enforced

Server IP delivered only inside signed token. Token expiry rolls back slot reservation. Ghost slot accumulation test pas…

Client build version check rejecting mismatched clients

ERR_VERSION_MISMATCH returned on mismatch. Client displays update prompt. Old clients cannot silently desync. --- Prior…

IP rotation on fleet re-provision tested

New instance provisioned → new IP registered in Registry. Old IP not referenced anywhere persistent. --- Priority: P2 ·…

Matchmaking dual-constraint validation live

unitCount + 1 ≤ 6 AND playerCount + unitSize ≤ 24 both enforced atomically. Race condition test passed. --- Priority: P…

Server Registry heartbeat failure detection active

3 missed heartbeats → server declared dead → Registry entry purged → Fleet Manager provisions replacement. --- Priority…

Auto-scaling tested under simulated load

Queue depth threshold triggers Fleet Manager scale-up. New instance boots, registers, and accepts units within SLA. ---…

Pre-warming configured per region for expected peak hours

Historical or estimated peak times configured. Idle instances sit READY in Registry before players arrive. --- Priority…

Region latency probe tested across all supported regions

Client probes return valid RTT values. Lowest-latency region correctly assigned as regionPref. Player override functiona…

Unit atomic placement confirmed — no split parties

Party of 4 always lands on same server or queues together. No partial placements under concurrent load test. --- Priori…

FIFO queue drain order validated

Units placed in arrival order per region when multiple servers become available simultaneously. --- Priority: P3 · NICE…

Social Service / Steam / EOS friend graph integration live

Friend list populates in Lobby invite UI. Presence states (Online, In Lobby, In Game) accurate and updating in real time…

Party WebSocket session stable under simulated drop/rejoin

Member disconnects and reconnects to party session. State consistent for all remaining members. --- Priority: P2 · IMPO…

Presence invisible mode enforced at Social Service level

Player sets invisible → presence withheld from all friends. Enforcement server-side, not client-side. --- Priority: P2 …

Cross-region party formation tested

Party members in different regions. regionPref resolved to lowest average latency. All members land on same server. ---…

Centralised log aggregation live across all services

Structured JSON logs flowing to CloudWatch / Datadog. Correlation IDs threading across service boundaries. Query tested.…

Critical alerts configured and tested

Crash rate, queue depth, heartbeat failure, 5xx rate, EAC spike alerts all fire and route to on-call. Alert thresholds t…

Real-time ops dashboard live

Queue depth, server instance count, player count per server, API error rates visible at a glance. --- Priority: P2 · IM…

Analytics event pipeline live — server-side only

Gameplay events (loot, Blood Hunt, portal, Bounty peaks) streaming to data warehouse. Client events not trusted or inges…

Configuration / Feature Flag Service operational

Blood Hunt thresholds, Bounty escalation rates, loot spawn weights tunable at runtime without server redeploy. Tested li…

Runbook documented for common incidents

Server crash, fleet scale failure, matchmaking queue spike, EAC ban wave — each has a documented response procedure. --…

Steam Direct submission complete — Necrotic Studios entity registered

Legal business registration precedes Steam Direct for tax and revenue reasons. W-8/W-9 on file with Valve. --- Priority…

CDN / patch delivery pipeline tested

Steam depot configured. Update pushed and received by test clients. Delta patching working. Rollback process documented.…

GDPR data residency requirements assessed for EU regions

Data residency rules reviewed per server region. EU player data storage location compliant or exemption documented. ---…

Data retention policy documented and implemented

Account data, logs, analytics events — retention periods defined and enforced. Deletion automation tested. --- Priority…

Necrotic Studios legal registration complete

Studio legally registered as a business entity before revenue is received. Tax reporting obligations understood. --- Pr…

Terms of Service and Privacy Policy published

Legal documents live at a public URL, referenced from the game client and Steam page. Covers data use, ban policy, and r…