# Sandbox Pilot Offer Package

This package is the casino-facing pre-offer checklist for a sandbox pilot. It is not a real-money production approval. Rouge Reels provides game clients, game APIs, provably fair result generation, audit records, reconciliation, and verifier tooling. The casino remains the source of truth for player accounts, balances, KYC, AML, payments, responsible gaming, jurisdiction controls, and player funds.

## Pilot Disclaimer

- Sandbox only; no real-money traffic.
- Not production certified yet.
- Rouge Reels never owns wallet funds and does not perform FX conversion, custody, blockchain settlement, or on-chain balance checks.
- Production requires legal, jurisdiction, security, operational, and certification review.
- Strategies are visible but disabled for v1.

## Pre-Offer Checks

Run these checks before sending the pilot package to a casino:

```powershell
npm.cmd test
npm.cmd run smoke:deployment -- https://staging-games.rougereels.com
```

Confirm:

- `GET /health` returns `status: "ok"`, `currency: "multi"`, and all supported currencies.
- `GET /ready?operatorId=<sandbox-operator>` returns `status: "ready"` and exposes no shared secret.
- `/docs/openapi.json`, `/docs/postman_collection.json`, and this guide are reachable.
- Dice, Limbo, and Plinko launch in iframe mode with `embed=1`.
- Manual and Auto betting work for Dice, Limbo, and Plinko.
- Casino callback balance display, debit, credit, rollback, idempotent retry, bet report lookup, reconciliation, and fairness verifier work.

## Version Freeze

Before the first casino receives the package:

- Create a stable branch or release tag, for example `sandbox-pilot-v0.1`.
- Confirm `docs/API.md`, `docs/openapi.json`, `docs/postman_collection.json`, `docs/sandbox-integration-guide.md`, and `docs/sample-casino-backend.js` describe the same API behavior.
- Use the same version label in partner emails, support notes, and demo credentials.
- Do not change public API behavior in the pilot version without creating a new version tag and updated docs package.

## Casino Demo Package

Send the casino:

- Staging URL, for example `https://staging-games.rougereels.com`.
- Docs URL, for example `https://docs.rougereels.com` or `/docs.html` on staging.
- Sandbox operator ids from `docs/sandbox-currency-profiles.sql`.
- Iframe launch examples from `docs/API.md`.
- Callback signing guide from `docs/API.md`.
- OpenAPI spec: `docs/openapi.json`.
- Postman collection: `docs/postman_collection.json`.
- Sample casino callback backend: `docs/sample-casino-backend.js`.
- Expected wallet endpoint contract:
  - validate session
  - get balance
  - debit bet
  - credit win
  - rollback transaction
- Required tests:
  - successful launch/session/balance
  - winning round
  - losing round
  - identical idempotency retry
  - idempotency conflict
  - failed settlement rollback
  - round history by `roundId`
  - reconciliation export
  - fairness verifier

## Currency Scope

The first sandbox offer exposes all supported configured currencies through separate operator-currency profiles:

```txt
USD, EUR, GBP, USDT, USDC, BTC, uBTC, ETH, LTC, DOGE, BNB, SOL, XRP, ADA, TRX, XLM, ZEC
```

Use one active currency per operator profile. The stable sandbox naming pattern is:

```txt
sandbox-usd
sandbox-eur
sandbox-gbp
sandbox-usdt
sandbox-usdc
sandbox-btc
sandbox-ubtc
sandbox-eth
sandbox-ltc
sandbox-doge
sandbox-bnb
sandbox-sol
sandbox-xrp
sandbox-ada
sandbox-trx
sandbox-xlm
sandbox-zec
```

The casino chooses the player-facing wallet currency before launch, creates a launch token for the matching operator profile, and sends all balances, debits, credits, rollbacks, limits, and reconciliation values in that profile currency.

## Cloudflare Stage

Set up Cloudflare during the sandbox pilot stage if a casino will see the environment. It gives the pilot a stable HTTPS domain and prepares the path for WAF, DNSSEC, and production hardening later.

Recommended initial hostnames:

```txt
staging-games.rougereels.com
sandbox.rougereels.com
docs.rougereels.com
```

For the pilot:

- Add the domain to Cloudflare and move DNS when ready.
- Add the staging/sandbox hostname to Vercel first.
- Create the DNS record Cloudflare/Vercel requires.
- Start DNS-only until Vercel verifies TLS.
- Enable proxying later only after callback troubleshooting is complete.
- Keep admin/dashboard access private; do not expose unfinished admin auth publicly.

## Hard Gates Before Real-Money Production

- Security: external penetration test, OWASP ASVS review, dependency/secret scanning, admin auth/MFA, role access, and secret rotation.
- Fairness and audit: server seed encryption at rest, seed lifecycle documentation, round reports from stored audit data, and long RTP simulations for enabled profiles.
- Operations: observability, alerting, uptime/error dashboards, database backup/restore test, incident response runbook, and reconciliation/export process.
- Compliance: legal review for target jurisdictions, certification lab conversation, PCI scope confirmation, and privacy/data processing review.

## Sandbox Acceptance Criteria

- Casino can launch Dice, Limbo, and Plinko using docs alone.
- Casino balance is shown, but Rouge Reels never owns wallet funds.
- Duplicate requests cannot double-charge or double-pay.
- Failed settlement creates rollback and reconciliation evidence.
- Casino can inspect a full dispute trail by `roundId`.
- Partner can verify a completed round with the fairness verifier.
- A casino engineer can complete the sandbox flow without a live call.