Tester mode boundary
Tester tools are for controlled validation and support evidence. They must stay outside normal player navigation and must never grant admin or gameplay authority.
Tester onboarding and QA checklist
This guide helps testers exercise the live text client while preserving server authority. Use public API screens, current-state recovery, and sanitized reports; do not use database access.
Before testing
- Use a test account and test character names.
- Do not enter real personal secrets in character, party, or command fields.
- Expect rough text presentation; report contract/recovery problems before polish preferences.
- When reporting a problem, include what screen you were on, what action you clicked, and whether Play / Current State recovered.
Access and account
- Open https://text.massiveworldgames.com and confirm the login/register screen loads.
- Register or log in with a test account. Do not reuse production personal passwords.
- Confirm Play / Current State routes through /session/current after authentication.
- Confirm browser localStorage/sessionStorage do not contain a backend bearer token.
First playable loop
- Create or recover a character from backend state.
- Open the public anchor and inspect contracts, rumours, NPCs, journal, and party.
- Create a party charter through the backend if one is not active.
- Review routes and hazards, create a travel plan, start travel, and resolve a leg.
- Instantiate an encounter only when the backend exposes that action.
- Submit encounter choices and enter combat when the backend permits it.
- Submit combat legal-action intents only; never expect the client to show or edit damage values it invented.
- Resolve combat, review pending reward, claim it once, and confirm duplicate claim is safe.
- Open consequences/report and confirm journal/rumour/consequence surfaces are backend-visible data.
Reconnect and stale-state recovery
- Refresh the browser on public anchor, travel, encounter, combat, reward, and report screens.
- Use Play / Current State after each refresh and confirm the backend routes the next screen.
- When the situation changes, confirm the recovery screen tells you to re-check current state rather than guessing.
Safe issue reporting
- Use /scenario/report to describe what loop areas were covered in this browser session.
- Download /debug/sanitized-report when reporting a bug.
- Include visible correlation IDs when available.
- Do not paste passwords, raw bearer tokens, cookies, database IDs from private tools, or screenshots of secrets.
- Report whether the issue blocked progress or whether current-state recovery worked.
Client safety expectations
- The debug panel should be hidden in production.
- Private files such as .env, composer.json, src/App.php, templates, and vendor files must not be publicly readable.
- Player/backend/generated text should render as text, not executable HTML.
- The client should never ask for database access or backend admin credentials.
Useful tester links
Choose a path forward. The campaign will check whether that choice is still possible.