📚 Gherkin / BDD Study Pack 26 files

Gherkin / BDD Study Pack — Reviewer Edition

This repository is a hands-on study pack for Behaviour-Driven Development (BDD) with Gherkin and Cucumber.js, themed around regulated online-gambling testing (PAM / RTS financial-limit rules). It pairs written guides with a small, runnable Cucumber suite.

What's in here

  • Guides — markdown walkthroughs of BDD, Gherkin syntax, day-to-day workflow, CI/CD gating, and interview prep.
  • features/ — executable Gherkin scenarios (.feature).
  • features/step_definitions/steps.ts — TypeScript step code that backs the scenarios.
  • cucumber.js — Cucumber runner config (loads TypeScript via ts-node).
  • .github/workflows/ — CI pipeline that runs the suite as regulatory quality gates.

How to run the tests

# 1. Install dependencies (Node.js 20+ recommended)
npm install

# 2. Run only the RTS 12 (financial-limit) scenarios  — the default
npm test
#   (equivalent to:  npx cucumber-js --tags @RTS12)

# 3. Run the entire suite
npm run test:all
#   (equivalent to:  npx cucumber-js)

Running by tag

Scenarios are tagged (e.g. @RTS12, @RTS13, @SelfExclusion). Run a subset with:

npx cucumber-js --tags "@RTS12 or @SelfExclusion"

How it wires together

cucumber.js registers ts-node/register, loads step definitions from features/step_definitions/**/*.ts, and runs every .feature under features/. So adding a new .feature file plus matching steps is all that's needed to grow the suite.

CI

.github/workflows/regulatory_bdd_gates.yml runs on PRs to main/release/**: it lints Gherkin, spins up mocks, then executes tagged Cucumber runs as merge-blocking quality gates.


This docs.html is generated by build_docs.py. Re-run python3 build_docs.py after editing any source file to refresh it. Reviewer notes you type below are saved in your browser only (localStorage) and are not written back to the repo.

10_minute_tutorial.md

markdown · 113.1 KB↑ top

Title: Live Content

Description: Fetched live

Source: https://cucumber.io/docs/guides/10-minute-tutorial/


10-minute tutorial | Cucumber

10-minute tutorial

 

In this quick tutorial you will learn how to:

  • Install Cucumber
  • Write your first scenario using the Gherkin syntax
  • Write your first step definition in Java
  • Run Cucumber
  • Learn the basic workflow of Behaviour-Driven Development (BDD)

We'll use Cucumber to develop a small library that can figure out whether it's Friday yet.

  • A basic understanding of your chosen programming language and its standard tooling
  • Some experience using a terminal
  • Some experience using a text editor

Before we begin, you'll need the following:

Create an empty Cucumber project

We'll start by creating a new project directory with the cucumber-archetype Maven plugin. Open a terminal, go to the directory where you want to create your project, and run the following command:

mvn archetype:generate \
"-DarchetypeGroupId=io.cucumber" \
"-DarchetypeArtifactId=cucumber-archetype" \
"-DarchetypeVersion=7.34.3" \
"-DgroupId=hellocucumber" \
"-DartifactId=hellocucumber" \
"-Dpackage=hellocucumber" \
"-Dversion=1.0.0-SNAPSHOT" \
"-DinteractiveMode=false"

You should get something like the following result:

[INFO] Project created from Archetype in dir: [directory where you created the project]/cucumber
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------

Change into the directory that was just created by running the following command:

cd hellocucumber

Open the project in IntelliJ IDEA:

  • File -> Open... -> (Select the pom.xml)
  • Select Open as Project

You now have a small project with Cucumber installed.

Verify your installation

To make sure everything works together correctly, let's run Cucumber.

mvn test

You should see something like the following:

-------------------------------------------------------
T E S T S
-------------------------------------------------------

Tests run: 0, Failures: 0, Errors: 0, Skipped: 0

Results :

Tests run: 0, Failures: 0, Errors: 0, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------

Cucumber's output is telling us that it didn't find anything to run.

Write a scenario

When we do Behaviour-Driven Development with Cucumber we use concrete examples to specify what we want the software to do. Scenarios are written before production code. They start their life as an executable specification. As the production code emerges, scenarios take on a role as living documentation and automated tests.

Example Mapping

Try running an Example Mapping workshop in your team to design examples together.

In Cucumber, an example is called a scenario. Scenarios are defined in .feature files, which are stored in the src/test/resources/hellocucumber directory (or a subdirectory).

One concrete example would be that Sunday isn't Friday.

Create an empty file called src/test/resources/hellocucumber/is_it_friday_yet.feature with the following content:

Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario: Sunday isn't Friday
Given today is Sunday
When I ask whether it's Friday yet
Then I should be told "Nope"

The first line of this file starts with the keyword Feature: followed by a name. It's a good idea to use a name similar to the file name.

The second line is a brief description of the feature. Cucumber does not execute this line because it's documentation.

The fourth line, Scenario: Sunday is not Friday is a scenario, which is a concrete example illustrating how the software should behave.

The last three lines starting with Given, When and Then are the steps of our scenario. This is what Cucumber will execute.

See scenario reported as undefined

Now that we have a scenario, we can ask Cucumber to execute it.

mvn test

Cucumber is telling us we have one undefined scenario and three undefined steps. It's also suggesting some snippets of code that we can use to define these steps:

-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running hellocucumber.RunCucumberTest

Scenario: Sunday isn't Friday # hellocucumber/is_it_friday_yet.feature:4
Given today is Sunday
When I ask whether it's Friday yet
Then I should be told "Nope"
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.15 s <<< FAILURE! - in hellocucumber.RunCucumberTest
[ERROR] Is it Friday yet?.Sunday isn't Friday Time elapsed: 0.062 s <<< ERROR!
io.cucumber.junit.platform.engine.UndefinedStepException:
The step 'today is Sunday' and 2 other step(s) are undefined.
You can implement these steps using the snippet(s) below:

@Given("today is Sunday")
public void today_is_sunday() {
// Write code here that turns the phrase above into concrete actions
throw new io.cucumber.java.PendingException();
}
@When("I ask whether it's Friday yet")
public void i_ask_whether_it_s_friday_yet() {
// Write code here that turns the phrase above into concrete actions
throw new io.cucumber.java.PendingException();
}
@Then("I should be told {string}")
public void i_should_be_told(String string) {
// Write code here that turns the phrase above into concrete actions
throw new io.cucumber.java.PendingException();
}

Copy each of the three snippets for the undefined steps and paste them into src/test/java/hellocucumber/StepDefinitions.java .

See scenario reported as pending

Run Cucumber again. This time the output is a little different:

-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running hellocucumber.RunCucumberTest
Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario: Sunday isn't Friday # hellocucumber/is_it_friday_yet.feature:4
Given today is Sunday # StepDefinitions.today_is_Sunday()
io.cucumber.java.PendingException: TODO: implement me
at hellocucumber.StepDefinitions.today_is_Sunday(StepDefinitions.java:14)
at ?.today is Sunday(classpath:hellocucumber/is_it_friday_yet.feature:5)

When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "Nope" # StepDefinitions.i_should_be_told(String)

Pending scenarios:
hellocucumber/is_it_friday_yet.feature:4 # Sunday isn't Friday

1 Scenarios (1 pending)
3 Steps (2 skipped, 1 pending)
0m0.188s

io.cucumber.java.PendingException: TODO: implement me
at hellocucumber.StepDefinitions.today_is_Sunday(StepDefinitions.java:13)
at ?.today is Sunday(classpath:hellocucumber/is_it_friday_yet.feature:5)

Cucumber found our step definitions and executed them. They are currently marked as pending, which means we need to make them do something useful.

See scenario reported as failing

The next step is to do what the comments in the step definitions is telling us to do:

Write code here that turns the phrase above into concrete actions

Try to use the same words in the code as in the steps.

Ubiquitous language

If the words in your steps originated from conversations during an Example Mapping session, you're building a Ubiquitous Language, which we believe is a great way to make your production code and tests more understandable and easier to maintain.

Change your step definition code to this:

package hellocucumber;

import io.cucumber.java.en.Given;
import io.cucumber.java.en.When;
import io.cucumber.java.en.Then;
import static org.assertj.core.api.Assertions.assertThat;

class IsItFriday {
static String isItFriday(String today) {
return null;
}
}

public class StepDefinitions {
private String today;
private String actualAnswer;

@Given("today is Sunday")
public void today_is_Sunday() {
today = "Sunday";
}

@When("I ask whether it's Friday yet")
public void i_ask_whether_it_s_Friday_yet() {
actualAnswer = IsItFriday.isItFriday(today);
}

@Then("I should be told {string}")
public void i_should_be_told(String expectedAnswer) {
assertThat(actualAnswer).isEqualTo(expectedAnswer);
}
}

Run Cucumber again:

-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running hellocucumber.RunCucumberTest
Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario: Sunday isn't Friday # hellocucumber/is_it_friday_yet.feature:4
Given today is Sunday # StepDefinitions.today_is_Sunday()
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "Nope" # StepDefinitions.i_should_be_told(String)
org.opentest4j.AssertionFailedError:
expected: "Nope"
but was: null
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
at io.cucumber.skeleton.StepDefinitions.I_have_cukes_in_my_belly(StepDefinitions.java:12)
at ✽.I have 42 cukes in my belly(classpath:io/cucumber/skeleton/belly.feature:4)


Failed scenarios:
hellocucumber/is_it_friday_yet.feature:4 # Sunday isn't Friday

1 Scenarios (1 failed)
3 Steps (1 failed, 2 passed)
0m0.404s

That's progress! The first two steps are passing, but the last one is failing.

See scenario reported as passing

Let's do the minimum we need to make the scenario pass. In this case, that means making our method return Nope:

static String isItFriday(String today) {
return "Nope";
}

Run Cucumber again:

-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running hellocucumber.RunCucumberTest
Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario: Sunday isn't Friday # hellocucumber/is_it_friday_yet.feature:4
Given today is Sunday # StepDefinitions.today_is_Sunday()
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "Nope" # StepDefinitions.i_should_be_told(String)

1 Scenarios (1 passed)
3 Steps (3 passed)
0m0.255s

Congratulations! You've got your first green Cucumber scenario.

Add another failing test

The next thing to test for would be that we also get the correct result when it is Friday.

Update the is_it_friday_yet.feature file:

Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario: Sunday isn't Friday
Given today is Sunday
When I ask whether it's Friday yet
Then I should be told "Nope"

Scenario: Friday is Friday
Given today is Friday
When I ask whether it's Friday yet
Then I should be told "TGIF"

We'll need to add a step definition to set today to "Friday":

@Given("today is Friday")
public void today_is_Friday() {
today = "Friday";
}

When we run this test, it will fail.

-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running hellocucumber.RunCucumberTest
Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario: Sunday isn't Friday # hellocucumber/is_it_friday_yet.feature:4
Given today is Sunday # StepDefinitions.today_is_Sunday()
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "Nope" # StepDefinitions.i_should_be_told(String)

Scenario: Friday is Friday # hellocucumber/is_it_friday_yet.feature:9
Given today is Friday # StepDefinitions.today_is_Friday()
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "TGIF" # StepDefinitions.i_should_be_told(String)
org.opentest4j.AssertionFailedError:
expected: "TGIF"
but was: "Nope"
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
at io.cucumber.skeleton.StepDefinitions.I_have_cukes_in_my_belly(StepDefinitions.java:12)
at ✽.I have 42 cukes in my belly(classpath:io/cucumber/skeleton/belly.feature:4)


Failed scenarios:
hellocucumber/is_it_friday_yet.feature:9 # Friday is Friday

2 Scenarios (1 failed, 1 passed)
6 Steps (1 failed, 5 passed)
0m0.085s

org.opentest4j.AssertionFailedError:
expected: "TGIF"
but was: "Nope"
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
at io.cucumber.skeleton.StepDefinitions.I_have_cukes_in_my_belly(StepDefinitions.java:12)
at ✽.I have 42 cukes in my belly(classpath:io/cucumber/skeleton/belly.feature:4)

That is because we haven't implemented the logic yet! Let's do that next.

Make it pass

We should update our statement to actually evaluate whether or not today is equal to "Friday".

static String isItFriday(String today) {
return "Friday".equals(today) ? "TGIF" : "Nope";
}

Run Cucumber again:

-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running hellocucumber.RunCucumberTest
Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario: Sunday isn't Friday # hellocucumber/is_it_friday_yet.feature:4
Given today is Sunday # StepDefinitions.today_is_Sunday()
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "Nope" # StepDefinitions.i_should_be_told(String)

Scenario: Friday is Friday # hellocucumber/is_it_friday_yet.feature:9
Given today is Friday # StepDefinitions.today_is_Friday()
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "TGIF" # StepDefinitions.i_should_be_told(String)

2 Scenarios (2 passed)
6 Steps (6 passed)
0m0.255s

Using variables and examples

So, we all know that there are more days in the week than just Sunday and Friday. Let's update our scenario to use variables and evaluate more possibilities. We'll use variables and examples to evaluate Friday, Sunday, and anything else!

Update the is_it_friday_yet.feature file. Notice how we go from Scenario to Scenario Outline when we start using multiple Examples.

Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario Outline: Today is or is not Friday
Given today is "<day>"
When I ask whether it's Friday yet
Then I should be told "<answer>"

Examples:
| day | answer |
| Friday | TGIF |
| Sunday | Nope |
| anything else! | Nope |

We need to replace the step definitions for today is Sunday and today is Friday with one step definition that takes the value of <day> as a String. Update the step definitions as follows:

package hellocucumber;

import io.cucumber.java.en.Given;
import io.cucumber.java.en.When;
import io.cucumber.java.en.Then;
import static org.assertj.core.api.Assertions.assertThat;

class IsItFriday {
static String isItFriday(String today) {
return "Friday".equals(today) ? "TGIF" : "Nope";
}
}

public class Stepdefs {
private String today;
private String actualAnswer;

@Given("today is {string}")
public void today_is(String today) {
this.today = today;
}

@When("I ask whether it's Friday yet")
public void i_ask_whether_it_s_Friday_yet() {
actualAnswer = IsItFriday.isItFriday(today);
}

@Then("I should be told {string}")
public void i_should_be_told(String expectedAnswer) {
assertThat(actualAnswer).isEqualTo(expectedAnswer);
}
}

Run Cucumber again:

-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running hellocucumber.RunCucumberTest
Feature: Is it Friday yet?
Everybody wants to know when it's Friday

Scenario Outline: Today is or is not Friday # hellocucumber/is_it_friday_yet.feature:4
Given today is "<day>"
When I ask whether it's Friday yet
Then I should be told "<answer>"

Examples:

Scenario Outline: Today is or is not Friday # hellocucumber/is_it_friday_yet.feature:11
Given today is "Friday" # StepDefinitions.today_is(String)
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "TGIF" # StepDefinitions.i_should_be_told(String)

Scenario Outline: Today is or is not Friday # hellocucumber/is_it_friday_yet.feature:12
Given today is "Sunday" # StepDefinitions.today_is(String)
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "Nope" # StepDefinitions.i_should_be_told(String)

Scenario Outline: Today is or is not Friday # hellocucumber/is_it_friday_yet.feature:13
Given today is "anything else!" # StepDefinitions.today_is(String)
When I ask whether it's Friday yet # StepDefinitions.i_ask_whether_it_s_Friday_yet()
Then I should be told "Nope" # StepDefinitions.i_should_be_told(String)

3 Scenarios (3 passed)
9 Steps (9 passed)
0m0.255s

Refactoring

Now that we have working code, we should do some refactoring:

  • We should move the isItFriday method out from the test code into production code.
  • We could at some point extract helper methods from our step definition, for methods we use in several places.

Summary

In this brief tutorial you've seen how to install Cucumber, how to follow the BDD process to develop a method, and how to use that method to evaluate multiple scenarios!

bdd_overview.md

markdown · 27.7 KB↑ top

Title: Live Content

Description: Fetched live

Source: https://cucumber.io/docs/bdd/


Behaviour-Driven Development | Cucumber

Behaviour-Driven Development

Behaviour-Driven Development (BDD) is the software development process that Cucumber was built to support.

There's much more to BDD than just using Cucumber.

What is BDD?

BDD is a way for software teams to work that closes the gap between business people and technical people by:

  • Encouraging collaboration across roles to build shared understanding of the problem to be solved
  • Working in rapid, small iterations to increase feedback and the flow of value
  • Producing system documentation that is automatically checked against the system's behaviour

We do this by focusing collaborative work around concrete, real-world examples that illustrate how we want the system to behave. We use those examples to guide us from concept through to implementation, in a process of continuous collaboration.

BDD and agile

We assume that your team are using some kind of agile methodology already, planning work in small increments of value like User Stories. BDD does not replace your existing agile process, it enhances it.

Think of BDD as a set of plugins for your existing process that will make your team more able to deliver on the promises of agile: timely, reliable releases of working software that meets your organisation’s evolving needs, requiring some maintenance effort and discipline.

Rapid iterations

We assume you would like to be able to respond quickly to feedback from your users, and do only the minimal work necessary to meet those needs.

BDD encourages working in rapid iterations, continuously breaking down your user's problems into small pieces that can flow through your development process as quickly as possible.

Three practices

Essentially, day-to-day BDD activity is a three-step, iterative process:

  1. First, take a small upcoming change to the system -- a User Story -- and talk about concrete examples of the new functionality to explore, discover and agree on the details of what's expected to be done.
  2. Next, document those examples in a way that can be automated, and check for agreement.
  3. Finally, implement the behaviour described by each documented example, starting with an automated test to guide the development of the code.

The idea is to make each change small and iterate rapidly, moving back up a level each time you need more information. Each time you automate and implement a new example, you've added something valuable to your system, and you're ready to respond to feedback.

We call these practices Discovery, Formulation, and Automation.

Diagram of how the practices fit together
Discovery, Formulation and Automation

Over time, the documented examples become an asset that enables your team to continue confidently and rapidly making changes to the system. The code reflects the documentation, and the documentation reflects the team's shared understanding of the problem domain. This shared understanding is constantly evolving.

There's lots to learn about each of these practices. We'll summarise each of them below.

Discovery: What it could do

The hardest single part of building a software system is deciding precisely what to build.

-- Fred Brooks, The mythical man-month

Although documentation and automated tests are produced by a BDD team, you can think of them as nice side-effects. The real goal is valuable, working software, and the fastest way to get there is through conversations between the people who are involved in imagining and delivering that software.

BDD helps teams to have the right conversations at the right time so you minimise the amount of time spent in meetings and maximising the amount of valuable code you produce.

We use structured conversations, called discovery workshops, that focus around real-world examples of the system from the users' perspective. These conversations grow our team's shared understanding of the needs of our users, of the rules that govern how the system should function, and of the scope of what needs to be done.

It may also reveal gaps in our understanding, where we need more information before we know what to do.

The scrutiny of a discovery session often reveals low-priority functionality that can be deferred from the scope of a user story, helping the team to work in smaller increments, improving their flow.

If you're new to BDD, discovery is the right place to start. You won't get much joy from the other two practices until you've mastered discovery.

Formulation: What it should do

As soon as we have identified at least one valuable example from our discovery sessions, we can now formulate each example as structured documentation. This gives us a quick way to confirm that we really do have a shared understanding of what to build.

In contrast to traditional documentation, we use a medium that can be read by both humans and computers, so that:

  • We can get feedback from the whole team about our shared vision of what we're building.
  • We'll be able to automate these examples to guide our development of the implementation.

By writing this executable specification collaboratively, we establish a shared language for talking about the system. This helps us to use problem-domain terminology all the way down into the code.

Automation: What it actually does

Now that we have our executable specification, we can use it to guide our development of the implementation.

Taking one example at a time, we automate it by connecting it to the system as a test. The test fails because we have not implemented the behaviour it describes yet. Now we develop the implementation code, using lower-level examples of the behaviour of internal system components to guide us as required.

The automated examples work like guide-rails, helping us to keep our development work on track.

When we need to come back and maintain the system later, the automated examples will help us to understand what the system is currently doing, and to make changes safely without unintentionally breaking anything.

This rapid, repeatable feedback reduces the burden of manual regression testing, freeing people up to do more interesting work, like exploratory testing.

Learn more

Read the topics below to dig deeper and learn more about BDD.

bdd_test_strategy_guide.md

markdown · 2.6 KB↑ top

Defining an Efficient BDD Test Strategy

Behaviour-Driven Development (BDD) is not just a testing tool; it's a collaborative methodology. An efficient test strategy using BDD bridges the gap between business stakeholders and technical teams.

1. Discovery (The "Three Amigos" Meeting)

Before any code is written, a meeting occurs between the Product Owner (Business), Developer (Technical), and Tester (Quality). * Goal: To build a shared understanding of a new feature by identifying concrete examples of how the software should behave. * Process: The team uses techniques like "Example Mapping" to explore the rules, define examples, and uncover edge cases (e.g., "What happens if a player hits their daily deposit limit but tries to use a new payment method?"). * Efficiency gain: Finding misunderstandings before coding starts is significantly cheaper than fixing bugs later.

2. Formulation (Writing the Gherkin)

The Tester or SDET takes the agreed-upon examples and formulates them into Business-Readable, Domain-Specific Language (Gherkin). * Declarative vs. Imperative: Efficient Gherkin focuses on what happens (business logic), not how it happens (UI clicks). * Inefficient (Imperative): Given I click the 'Login' button and type 'password123' in the text field... * Efficient (Declarative): Given the user logs in with valid credentials... * Scenario Outlines: To avoid repetition, use Scenario Outline and Examples tables. This allows you to test dozens of boundary conditions (e.g., various deposit amounts and limits) in a single block of text. * Backgrounds: Use Background to set up state that is common to all scenarios in the file, keeping scenarios concise.

3. Automation (Binding to Code)

The plain-text Gherkin steps are bound to automation code (Step Definitions). * Tools: Cucumber, SpecFlow, or Cypress/Playwright with Cucumber preprocessors. * Reusability: Efficient teams build a library of reusable step definitions. A step like Given "John" has an active daily deposit limit of 50 GBP can be parameterized so the developer only writes the code for it once, but the tester can use it with any name and any amount in future feature files.

4. Validation (Living Documentation)

The automated tests run continuously in the CI/CD pipeline (e.g., GitHub Actions, Jenkins). * Single Source of Truth: Because the feature files are executable, they can never go out of date. If the system changes but the documentation doesn't, the tests fail. * Reporting: The test output generates a readable report that proves to stakeholders and regulatory auditors (like the UKGC) that the system complies with the rules.

day_to_day_tester_workflow.md

markdown · 2.9 KB↑ top

The Day-to-Day Workflow of a PAM Software Tester

A realistic look at your actual daily responsibilities, stripped of the futuristic AI concepts.

While the AI architectures are great for the interview, your actual day job will be highly structured around Agile/Scrum ceremonies and the BDD lifecycle. Here is exactly what a typical week looks like.

The Workflow Diagram

graph TD
    A([Start of Sprint]) --> B[1. Read New Jira Tickets]

    subgraph Discovery Phase
    B --> C{Three Amigos Sync}
    C -->|Clarify Rules| D[Product Manager]
    C -->|Discuss Architecture| E[Developer]
    C -->|Define Edge Cases| F[You: Software Tester]
    end

    subgraph Formulation Phase
    F --> G[2. Write Gherkin Feature Files]
    G --> H[3. Attach Feature Files to Jira]
    end

    subgraph Automation Phase
    H --> I[4. Dev Writes App Code]
    H --> J[4b. Dev/You Write TypeScript Step Defs]
    I --> K((Run Cucumber Tests))
    J --> K
    end

    subgraph Validation Phase
    K -->|Tests Fail| L[5. Log Defect in Jira]
    L --> I
    K -->|Tests Pass| M[6. Manual/Exploratory Testing]
    M -->|Bugs Found| L
    M -->|Everything Good| N([7. Sign-off for Release])
    end

A Typical Day in the Life

9:00 AM - Daily Standup You join a quick 15-minute call with the PAM team. You report: "Yesterday I finished writing the BDD scenarios for the new RTS 12 Gross Limit feature. Today, I'm waiting for the developers to finish the API endpoint so I can run the automated tests against it."

10:00 AM - Requirement Analysis (Jira) A new ticket comes in: "Users need a 24-hour cooling-off period when increasing a limit." You read the ticket and start analyzing the edge cases using your regulatory background. (e.g., What happens if they log out during the 24 hours?)

11:00 AM - The "Three Amigos" Sync You jump on a call with the Developer and the Product Manager. You ask your edge-case questions. Together, you all agree exactly on what the system should do.

1:00 PM - Formulation (Writing Gherkin) You open VS Code and translate the morning's agreements into strict Given/When/Then syntax in a .feature file. You push this file to GitHub or attach it to the Jira ticket.

3:00 PM - Execution & Defect Management The developer finishes building the feature. You trigger the CI/CD pipeline (or run npx cucumber-js locally). * Scenario A: The tests pass! You spend 30 minutes doing some manual "Exploratory Testing" just clicking around the UI trying to break things the automation couldn't catch. If it's clean, you sign off. * Scenario B: A test fails! You investigate, realize the developer forgot the 24-hour timer and only made it 12 hours. You open Jira, log a Defect Ticket with "Steps to Reproduce" and set the Priority to "High" because it breaches UKGC rules.

5:00 PM - Wrap Up You update your Jira ticket statuses and log off. You've successfully prevented a regulatory breach from hitting production!

qa_vocabulary_guide.md

markdown · 3.5 KB↑ top

QA Vocabulary and Narrative Guide

To transition smoothly from a compliance/regulatory background into a formal Software Tester role, you need to speak the dialect of QA. This guide translates your existing expertise into standard testing terminology.

1. The "Why Testing?" Narrative

The recruiter or hiring manager will ask why you want to move into QA without a formal "Tester" title in your past. This is your power answer:

"I’ve spent the last 8 years defining exactly what correct Responsible Gambling behavior looks like from the regulatory side. I've been writing the strict acceptance criteria for these complex features. Moving into formal testing is the natural next step for me. I don’t just want to define the rules anymore; I want to be the person who writes the executable specifications (BDD) and proves that the PAM system actually meets them. I already have the deepest domain knowledge of the limits and risks—testing is just applying that knowledge to the CI/CD pipeline."

2. Jira & Defect Management Vocabulary

In QA, how you report a bug is just as important as finding it. * Expected vs. Actual Result: Every Jira bug ticket must have these two sections. * Expected: The user should be blocked from depositing (per RTS 12). * Actual: The user was allowed to deposit successfully. * Steps to Reproduce (Repro Steps): A numbered list so a developer can trigger the bug themselves. * Severity vs. Priority: * Severity: How bad is the technical failure? (e.g., Critical = The app crashes; Minor = A typo in the UI). * Priority: How fast do we need to fix it? (e.g., A broken deposit limit might be a simple technical fix [low severity], but failing an RTS regulation is a Blocker priority because of legal risk).

3. Test Types to Know

Understand which test applies to which scenario: * Smoke Testing: Running a tiny subset of crucial tests to ensure the build isn't completely broken before doing deep testing. (e.g., Can a user log in?) * Sanity Testing: A quick check of a specific new feature to make sure the developer actually built it. * Regression Testing: Running the massive suite of all existing tests (often automated via Cucumber) to ensure a new feature didn't accidentally break an old feature. (Crucial for RG features: "We added a new game, but did it break the deposit limits?") * Integration Testing: Testing how two systems talk to each other (e.g., Does the PAM system correctly send events to Kafka?). * Exploratory Testing: Manual, unscripted testing where you use your domain knowledge to try and "break" the system in weird ways that automation wouldn't catch.

4. Test Case Management Tools

You don't need to be an expert, but you must recognize these names if they come up: * Zephyr, Xray, or TestRail: These are tools (often plugins inside Jira) where QA teams store all their test cases. Instead of a spreadsheet, you write your tests in Xray, link them to the Developer's Jira ticket, and mark them Pass/Fail.

5. Translating "Tao of Pickles" to QA

  • Contract First $\rightarrow$ Test-Driven Acceptance Criteria (ATDD/BDD): Defining the exact inputs and outputs before building.
  • Eval-Driven QA $\rightarrow$ Systematic Regression / Heuristic Testing: Using strict evaluation models to continuously check system health.
  • Phase Gates $\rightarrow$ Quality Gates in CI/CD: Automated checkpoints in the deployment pipeline that block bad code from reaching production.

gherkin_reference.md

markdown · 85.0 KB↑ top

Title: Live Content

Description: Fetched live

Source: https://cucumber.io/docs/gherkin/reference/


Reference | Cucumber

Reference

Gherkin uses a set of special keywords to give structure and meaning to executable specifications. Each keyword is translated to many spoken languages; in this reference we'll use English.

Most lines in a Gherkin document start with one of the keywords.

Comments are only permitted at the start of a new line, anywhere in the feature file. They begin with zero or more spaces, followed by a hash sign (#) and some text.

Block comments are currently not supported by Gherkin.

Either spaces or tabs may be used for indentation. The recommended indentation level is two spaces. Here is an example:

Feature: Guess the word

# The first example has two steps
Scenario: Maker starts a game
When the Maker starts a game
Then the Maker waits for a Breaker to join

# The second example has three steps
Scenario: Breaker joins a game
Given the Maker has started a game with the word "silky"
When the Breaker joins the Maker's game
Then the Breaker must guess a word with 5 characters

The trailing portion (after the keyword) of each step is matched to a code block, called a step definition.

Please note that some keywords are followed by a colon (:) and some are not. If you add a colon after a keyword that should not be followed by one, your test(s) will be ignored.

Keywords

Each line that isn't a blank line has to start with a Gherkin keyword, followed by any text you like. The only exceptions are the free-form descriptions placed underneath Example/Scenario, Background, Scenario Outline and Rule lines.

The primary keywords are:

There are a few secondary keywords as well:

  • """ (Doc Strings)
  • | (Data Tables)
  • @ (Tags)
  • # (Comments)
Localisation

Gherkin is localised for many spoken languages; each has their own localised equivalent of these keywords.

Feature

The purpose of the Feature keyword is to provide a high-level description of a software feature, and to group related scenarios.

The first primary keyword in a Gherkin document must always be Feature, followed by a : and a short text that describes the feature.

You can add free-form text underneath Feature to add more description.

These description lines are ignored by Cucumber at runtime, but are available for reporting (they are included by reporting tools like the official HTML formatter).

Feature: Guess the word

The word guess game is a turn-based game for two players.
The Maker makes a word for the Breaker to guess. The game
is over when the Breaker guesses the Maker's word.

Example: Maker starts a game

The name and the optional description have no special meaning to Cucumber. Their purpose is to provide a place for you to document important aspects of the feature, such as a brief explanation and a list of business rules (general acceptance criteria).

The free format description for Feature ends when you start a line with the keyword Background, Rule, Example or Scenario Outline (or their alias keywords).

You can place tags above Feature to group related features, independent of your file and directory structure.

You can only have a single Feature in a .feature file.

Descriptions

Free-form descriptions (as described above for Feature) can also be placed underneath Example/Scenario, Background, Scenario Outline and Rule.

You can write anything you like, as long as no line starts with a keyword.

Descriptions can be in the form of Markdown - formatters including the official HTML formatter support this.

Rule

The (optional) Rule keyword has been part of Gherkin since v6.

The purpose of the Rule keyword is to represent one business rule that should be implemented. It provides additional information for a feature. A Rule is used to group together several scenarios that belong to this business rule. A Rule should contain one or more scenarios that illustrate the particular rule.

For example:

# -- FILE: features/gherkin.rule_example.feature
Feature: Highlander

Rule: There can be only One

Example: Only One -- More than one alive
Given there are 3 ninjas
And there are more than one ninja alive
When 2 ninjas meet, they will fight
Then one ninja dies (but not me)
And there is one ninja less alive

Example: Only One -- One alive
Given there is only 1 ninja alive
Then they will live forever ;-)

Rule: There can be Two (in some cases)

Example: Two -- Dead and Reborn as Phoenix
...

Example

This is a concrete example that illustrates a business rule. It consists of a list of steps.

The keyword Scenario is a synonym of the keyword Example.

You can have as many steps as you like, but we recommend 3-5 steps per example. Having too many steps will cause the example to lose its expressive power as a specification and documentation.

In addition to being a specification and documentation, an example is also a test. As a whole, your examples are an executable specification of the system.

Examples follow this same pattern:

  • Describe an initial context (Given steps)
  • Describe an event (When steps)
  • Describe an expected outcome (Then steps)

Steps

Each step starts with Given, When, Then, And, or But.

Cucumber executes each step in a scenario one at a time, in the sequence you’ve written them in. When Cucumber tries to execute a step, it looks for a matching step definition to execute.

Keywords are not taken into account when looking for a step definition. This means you cannot have a Given, When, Then, And or But step with the same text as another step.

Cucumber considers the following steps duplicates:

Given there is money in my account
Then there is money in my account

This might seem like a limitation, but it forces you to come up with a less ambiguous, more clear domain language:

Given my account has a balance of £430
Then my account should have a balance of £430

Given

Given steps are used to describe the initial context of the system - the scene of the scenario. It is typically something that happened in the past.

When Cucumber executes a Given step, it will configure the system to be in a well-defined state, such as creating and configuring objects or adding data to a test database.

The purpose of Given steps is to put the system in a known state before the user (or external system) starts interacting with the system (in the When steps). Avoid talking about user interaction in Given's. If you were creating use cases, Given's would be your preconditions.

It's okay to have several Given steps (use And or But for number 2 and upwards to make it more readable).

Examples:

  • Mickey and Minnie have started a game
  • I am logged in
  • Joe has a balance of £42

When

When steps are used to describe an event, or an action. This can be a person interacting with the system, or it can be an event triggered by another system.

Examples:

  • Guess a word
  • Invite a friend
  • Withdraw money
Imagine it's 1922

Most software does something people could do manually (just not as efficiently).

Try hard to come up with examples that don't make any assumptions about technology or user interface. Imagine it's 1922, when there were no computers.

Implementation details should be hidden in the step definitions.

Then

Then steps are used to describe an expected outcome, or result.

The step definition of a Then step should use an assertion to compare the actual outcome (what the system actually does) to the expected outcome (what the step says the system is supposed to do).

An outcome should be on an observable output. That is, something that comes out of the system (report, user interface, message), and not a behaviour deeply buried inside the system (like a record in a database).

Examples:

  • See that the guessed word was wrong
  • Receive an invitation
  • Card should be swallowed

While it might be tempting to implement Then steps to look in the database - resist that temptation!

You should only verify an outcome that is observable for the user (or external system), and changes to a database are usually not.

And, But

If you have successive Given's or Then's, you could write:

Example: Multiple Givens
Given one thing
Given another thing
Given yet another thing
When I open my eyes
Then I should see something
Then I shouldn't see something else

Or, you could make the example more fluidly structured by replacing the successive Given's or Then's with And's and But's:

Example: Multiple Givens
Given one thing
And another thing
And yet another thing
When I open my eyes
Then I should see something
But I shouldn't see something else

*

Gherkin also supports using an asterisk (*) in place of any of the normal step keywords. This can be helpful when you have some steps that are effectively a list of things, so you can express it more like bullet points where otherwise the natural language of And etc might not read so elegantly.

For example:

Scenario: All done
Given I am out shopping
And I have eggs
And I have milk
And I have butter
When I check my list
Then I don't need anything

Could be expressed as:

Scenario: All done
Given I am out shopping
* I have eggs
* I have milk
* I have butter
When I check my list
Then I don't need anything

Background

Occasionally you'll find yourself repeating the same Given steps in all of the scenarios in a Feature.

Since it is repeated in every scenario, this is an indication that those steps are not essential to describe the scenarios; they are incidental details. You can literally move such Given steps to the background, by grouping them under a Background section.

A Background allows you to add some context to the scenarios that follow it. It can contain one or more Given steps, which are run before each scenario, but after any Before hooks.

A Background is placed before the first Scenario/Example, at the same level of indentation.

For example:

Feature: Multiple site support
Only blog owners can post to a blog, except administrators,
who can post to all blogs.

Background:
Given a global administrator named "Greg"
And a blog named "Greg's anti-tax rants"
And a customer named "Dr. Bill"
And a blog named "Expensive Therapy" owned by "Dr. Bill"

Scenario: Dr. Bill posts to his own blog
Given I am logged in as Dr. Bill
When I try to post to "Expensive Therapy"
Then I should see "Your article was published."

Scenario: Dr. Bill tries to post to somebody else's blog, and fails
Given I am logged in as Dr. Bill
When I try to post to "Greg's anti-tax rants"
Then I should see "Hey! That's not your blog!"

Scenario: Greg posts to a client's blog
Given I am logged in as Greg
When I try to post to "Expensive Therapy"
Then I should see "Your article was published."

Background is also supported at the Rule level, for example:

Feature: Overdue tasks
Let users know when tasks are overdue, even when using other
features of the app

Rule: Users are notified about overdue tasks on first use of the day
Background:
Given I have overdue tasks

Example: First use of the day
Given I last used the app yesterday
When I use the app
Then I am notified about overdue tasks

Example: Already used today
Given I last used the app earlier today
When I use the app
Then I am not notified about overdue tasks
...

You can only have one set of Background steps per Feature or Rule. If you need different Background steps for different scenarios, consider breaking up your set of scenarios into more Rules or more Features.

For a less explicit alternative to Background, check out conditional hooks.

Tips for using Background

  • Don't use Background to set up complicated states, unless that state is actually something the client needs to know.
    • For example, if the user and site names don't matter to the client, use a higher-level step such as Given I am logged in as a site owner.
  • Keep your Background section short.
    • The client needs to actually remember this stuff when reading the scenarios. If the Background is more than 4 lines long, consider moving some of the irrelevant details into higher-level steps.
  • Make your Background section vivid.
    • Use colourful names, and try to tell a story. The human brain keeps track of stories much better than it keeps track of names like "User A", "User B", "Site 1", and so on.
  • Keep your scenarios short, and don't have too many.
    • If the Background section has scrolled off the screen, the reader no longer has a full overview of what's happening. Think about using higher-level steps, or splitting the *.feature file.

Scenario Outline

The Scenario Outline keyword can be used to run the same Scenario multiple times, with different combinations of values.

The keyword Scenario Template is a synonym of the keyword Scenario Outline.

Copying and pasting scenarios to use different values quickly becomes tedious and repetitive:

Scenario: eat 5 out of 12
Given there are 12 cucumbers
When I eat 5 cucumbers
Then I should have 7 cucumbers

Scenario: eat 5 out of 20
Given there are 20 cucumbers
When I eat 5 cucumbers
Then I should have 15 cucumbers

We can collapse these two similar scenarios into a Scenario Outline.

Scenario outlines allow us to more concisely express these scenarios through the use of a template with < >-delimited parameters:

Scenario Outline: eating
Given there are <start> cucumbers
When I eat <eat> cucumbers
Then I should have <left> cucumbers

Examples:
| start | eat | left |
| 12 | 5 | 7 |
| 20 | 5 | 15 |

Examples

A Scenario Outline must contain one or more Examples (or Scenarios) section(s). Its steps are interpreted as a template which is never directly run. Instead, the Scenario Outline is run once for each row in the Examples section beneath it (not counting the first header row).

The steps can use <> delimited parameters that reference headers in the examples table. Cucumber will replace these parameters with values from the table before it tries to match the step against a step definition.

You can use parameters in Scenario Outline descriptions as well.

You can also use parameters in multiline step arguments.

Step Arguments

In some cases you might want to pass more data to a step than fits on a single line. For this purpose Gherkin has Doc Strings and Data Tables.

Doc Strings

Doc Strings are handy for passing a larger piece of text to a step definition.

The text should be offset by delimiters consisting of three double-quote marks on lines of their own:

Given a blog post named "Random" with Markdown body
"""
Some Title, Eh?
===============
Here is the first paragraph of my blog post. Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
"""

In your step definition, there’s no need to find this text and match it in your pattern. It will automatically be passed as the last argument in the step definition.

Indentation of the opening """ is unimportant, although common practice is two spaces in from the enclosing step. The indentation inside the triple quotes, however, is significant. Each line of the Doc String will be dedented according to the opening """. Indentation beyond the column of the opening """ will therefore be preserved.

Doc strings also support using three backticks as the delimiter:

Given a blog post named "Random" with Markdown body
```
Some Title, Eh?
===============
Here is the first paragraph of my blog post. Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
```

This might be familiar for those used to writing with Markdown.

Tool support for backticks

Whilst all current versions of Cucumber support backticks as the delimiter, many tools like text editors don't (yet).

It's possible to annotate the DocString with the type of content it contains. You specify the content type after the triple quote, as follows:

Given a blog post named "Random" with Markdown body
"""markdown
Some Title, Eh?
===============
Here is the first paragraph of my blog post. Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
"""
Tool support for content types

Whilst all current versions of Cucumber support content types as the delimiter, many tools like text editors don't (yet).

Data Tables

Data Tables are handy for passing a list of values to a step definition:

Given the following users exist:
| name | email | twitter |
| Aslak | [email protected] | @aslak_hellesoy |
| Julien | [email protected] | @jbpros |
| Matt | [email protected] | @mattwynne |

Just like Doc Strings, Data Tables will be passed to the step definition as the last argument.

Table Cell Escaping

If you want to use a newline character in a table cell, you can write this as \n. If you need a | as part of the cell, you can escape it as \|. And finally, if you need a \, you can escape that with \\.

Data Table API

Cucumber provides a rich API for manipulating tables from within step definitions. See the Data Table API reference reference for more details.

Spoken Languages

The language you choose for Gherkin should be the same language your users and domain experts use when they talk about the domain. Translating between two languages should be avoided.

This is why Gherkin has been translated to over 70 languages .

Here is a Gherkin scenario written in Norwegian:

# language: no
Funksjonalitet: Gjett et ord

Eksempel: Ordmaker starter et spill
Når Ordmaker starter et spill
må Ordmaker vente på at Gjetter blir med

Eksempel: Gjetter blir med
Gitt at Ordmaker har startet et spill med ordet "bløtt"
Når Gjetter blir med på Ordmakers spill
må Gjetter gjette et ord på 5 bokstaver

A # language: header on the first line of a feature file tells Cucumber what spoken language to use - for example # language: fr for French. If you omit this header, Cucumber will default to English (en).

Some Cucumber implementations also let you set the default language in the configuration, so you don't need to place the # language header in every file.

ears_to_gherkin_bridge.md

markdown · 3.1 KB↑ top

Bridging EARS to Gherkin

If you have a background in compliance or requirement analysis, you are likely familiar with EARS (Easy Approach to Requirements Syntax). EARS is excellent for writing strict, unambiguous requirements. Gherkin takes those requirements and turns them into executable specifications for automated testing.

Being able to explain this bridge in your interview is a massive advantage. It proves you understand why both exist and how to translate regulatory constraints into software tests.

The Direct Translation

EARS uses five basic patterns. Here is how they map directly to Gherkin (BDD).

1. Ubiquitous Requirements

  • EARS: The system shall <system response>
  • Gherkin: You rarely write a scenario for these. Instead, these often map to the Background: or overarching rules that apply across the board.

2. Event-Driven Requirements

  • EARS: When <trigger>, the system shall <system response>
  • Gherkin: gherkin When <trigger> Then <system response> Example:
    • EARS: When a player requests a deposit limit decrease, the system shall apply it immediately.
    • Gherkin: gherkin When the player requests to decrease their deposit limit Then the new limit should be implemented immediately

3. State-Driven Requirements

  • EARS: While <precondition>, the system shall <system response>
  • Gherkin: The While precondition perfectly maps to a Given statement. gherkin Given <precondition> When <action> Then <system response> Example:
    • EARS: While a player is self-excluded, the system shall reject login attempts.
    • Gherkin: gherkin Given the player is currently self-excluded When they attempt to log in Then the login attempt should be rejected

4. Unwanted Behavior (Edge Cases)

  • EARS: If <unwanted condition>, then the system shall <system response>
  • Gherkin: This translates beautifully into Scenario Outlines to test error handling. Example:
    • EARS: If a player attempts to deposit an amount exceeding their active limit, the system shall reject the transaction.
    • Gherkin: gherkin Given the player has a limit of 50 When the player attempts to deposit 100 Then the transaction should be rejected

The Interview Talking Point

If they ask about your experience with BDD, drop this narrative:

*"I've spent years using formal syntax like EARS to capture complex regulatory requirements—defining exactly what 'shall' happen when certain triggers occur. EARS is fantastic for capturing requirements without ambiguity, but its weakness is that it's passive documentation.

My transition to Gherkin and BDD is about taking those exact same When/Shall constraints and turning them into Executable Specifications. Gherkin allows me to translate the rigor of an EARS requirement into a Given/When/Then format that a CI/CD pipeline can actually execute against the PAM system. EARS captures the requirement; Gherkin proves we built it correctly."*

vscode_bdd_setup.md

markdown · 2.0 KB↑ top

VS Code Setup for BDD and Gherkin

To efficiently write and manage BDD feature files using Gherkin syntax, your IDE should be configured to provide formatting, linting, and autocomplete.

Essential Extensions

1. Cucumber (Official)

  • ID: cucumberopen.cucumber-official
  • Description: The official extension from the Cucumber team.
  • Features:
  • Syntax Highlighting: Color-codes Feature, Scenario, Given, When, Then.
  • Auto-formatting: Automatically aligns tables (pipes |) in Examples and formats indentation.
  • Go to Definition: Allows you to Ctrl+Click (or Cmd+Click) on a Gherkin step to jump directly to the underlying JavaScript/TypeScript automation code.
  • Step Autocomplete: Suggests steps that have already been defined in your automation code.

2. Cucumber (Gherkin) Full Support

  • ID: alexkrechik.cucumberautocomplete
  • Description: Historically the most popular and widely used Gherkin extension (by Alexander Krechik).
  • Features: It provides robust autocomplete by scanning both your feature files and your underlying step definitions. Many enterprise teams prefer this over the official extension because of how highly customizable it is via the settings.json file.

To force consistent formatting across your team, you can add these settings to your VS Code workspace:

{
  "editor.formatOnSave": true,
  "[cucumber]": {
    "editor.defaultFormatter": "cucumberopen.cucumber-official"
  },
  "cucumber.glue": [
    "cypress/support/step_definitions/**/*.ts",
    "tests/step_definitions/**/*.js"
  ]
}

Linting Gherkin

For enterprise-level consistency, consider using gherkin-lint. It is an npm package you can run in your CI pipeline to enforce rules such as: * No scenarios without descriptions. * Max length of scenarios. * No duplicate scenario names. * Forcing the use of Background if multiple scenarios start with the exact same steps.

ci_cd_pipeline_guide.md

markdown · 2.5 KB↑ top

CI/CD and Quality Gates in High-Scale Betting

In high-stakes, heavily regulated environments like a major betting operator (e.g., bet365), you cannot rely on manual testing before a release. The sheer volume of changes and the financial risk of a bug mean that tests must run automatically. This is done using Continuous Integration (CI) and Continuous Deployment (CD) pipelines.

What is a Quality Gate?

A Quality Gate is an automated checkpoint in your CI/CD pipeline. When a developer attempts to merge new code, the pipeline automatically spins up an environment and runs your BDD feature files. * Pass: If all Gherkin scenarios pass, the code is allowed through the gate and can be merged or deployed. * Fail: If a single scenario fails (e.g., a developer accidentally removed the 24-hour cooling-off logic), the gate "slams shut." The deployment is blocked, and the developer is alerted immediately.

How it looks at a major company (like bet365)

Based on typical enterprise architectures (and noting the job description mentioned GKE - Google Kubernetes Engine and Kafka), the pipeline usually looks like this:

  1. Code Commit: A developer pushes a change to the PAM (Player Account Management) service.
  2. Linting & Unit Tests: The pipeline runs basic code quality checks.
  3. Integration Environment Spin-up: The pipeline deploys the new PAM service to an ephemeral (temporary) Kubernetes cluster on GKE. It connects it to a test Kafka stream to simulate real-time betting events.
  4. BDD Regulatory Quality Gate (Your Domain): * The pipeline triggers the test automation framework (e.g., Cucumber with TypeScript). * It executes the @RTS12 and @SelfExclusion tagged feature files against this temporary environment. * It simulates players logging in, hitting deposit limits, and requesting self-exclusion.
  5. Reporting: Cucumber generates a test report. If successful, the code moves to Staging/Production. If it fails, the build is marked "red" and halted.

The Real Document

To see exactly how this is configured in code, I have generated a real, functional GitHub Actions Pipeline YAML file in this workspace.

You can view it here: .github/workflows/regulatory_bdd_gates.yml

This YAML file is the actual code that orchestrates the quality gates, telling the servers exactly how to install Cucumber, run the tests, and block deployments if the regulatory limits fail.

advanced_ai_test_architecture.md

markdown · 3.5 KB↑ top

Advanced AI-Driven Test Architecture (2026)

A blueprint for integrating Large Language Models (LLMs) into heavily regulated QA environments.

When interviewing for a modern Software Tester or SDET role, demonstrating an understanding of how to safely implement AI is a massive differentiator. Blindly trusting an LLM to write compliance tests introduces critical legal and technical risks.

This document outlines a state-of-the-art AI Testing Pipeline designed to mitigate hallucinations and maximize efficiency.


1. The "Turtles All the Way Down" Problem & Consensus Architecture

If you use an LLM to generate a test, and another LLM to evaluate that test, you risk "turtles all the way down"—where two hallucinating models agree on a hallucinated rule.

The Solution: Multi-Agent Consensus Instead of relying on a single model, the Jira requirement (e.g., RTS 12 limits) is processed through an ensemble of three distinct foundational models (e.g., Google Gemma, Claude Haiku, and OpenAI GPT-4). * Agreement: If all 3 models generate the same logical BDD scenario, the test auto-advances. * Disagreement: If the models diverge, it highlights ambiguity in the requirement or a hallucination. The test is flagged and immediately routed to a Human-in-the-Loop (the QA Tester) for manual review.

2. LLM Observability & Drift Monitoring

Models are not static; their weights and APIs change over time. Relying on them for automated test generation carries a long-term risk of Model Drift.

The Solution: Telemetry and Tracing * By recording traces of the AI's output over time for the same baseline requirements, the QA team can set up automated alerts. * If the consensus ensemble suddenly starts generating slightly different compliance interpretations today than they did three months ago, the tracing telemetry flags the variance. This allows the team to catch AI degradation before a bad test reaches the CI/CD pipeline.

3. The End-to-End AI Pipeline Workflow

When a new requirement is ready for testing, it follows this automated flow:

  1. Jira MCP Fetch: An agent securely pulls the acceptance criteria directly from Jira.
  2. Consensus Generation: The 3-model ensemble generates the Gherkin feature files.
  3. Trace Logging: The generation event and outputs are logged for drift monitoring.
  4. Syntax Linting: The raw outputs pass through gherkin-lint to ensure strict formatting.
  5. Consensus Gate: Disagreements go to human review; agreements proceed.
  6. Policy as Code (PaC) Validation: The code is checked against internal security policies to ensure no hardcoded PII and correct repository structures.
  7. Execution: The BDD tests are run against the integration environment to prove the system works.

4. Cost Optimization: Cloud vs. Local Models

Running every single step of this pipeline through premium cloud APIs (like GPT-4) is cost-prohibitive at an enterprise scale.

The Solution: Tiered Compute A truly progressive QA strategy balances capability with commercial reality: * Heavy Lifting (Cloud): Use the expensive, highly capable cloud models for the initial complex reasoning (e.g., digesting the UKGC RTS 12 legal document). * Routine Checks (Local/Edge): Offload simpler, high-volume tasks (like final formatting reviews, linting checks, or basic LLM code reviews) to smaller, open-source models running locally or on-premise (e.g., a local Llama 3 or Gemma 8B instance). This drastically reduces cloud inference costs while maintaining high quality.

react_visual_testing_landscape_2026.md

markdown · 3.0 KB↑ top

AI-Powered Visual UI Testing Landscape (2026)

Focus: React & TypeScript Environments

As UI testing moves away from flaky, DOM-based assertions (e.g., expect(element).toBeVisible()), the industry has embraced Visual AI Testing. This approach takes screenshots of the UI and uses Machine Learning/LLMs to compare them semantically against a baseline, ignoring irrelevant rendering noise.

The Top Tools in 2026

1. Applitools Eyes (The Enterprise Choice)

  • How it works: Uses true "Visual AI" to understand the semantic hierarchy of a page. If dynamic content changes (like a username or a live betting odd), the AI knows to ignore it. It only flags layout breakage, missing buttons, or overlapping text.
  • Why it fits the PAM role: Heavily used by enterprise companies (like bet365) to test across dozens of different mobile devices and browsers simultaneously without writing custom scripts for each.

2. Chromatic (The React Component Choice)

  • How it works: Built by the team behind Storybook. Instead of testing the entire web app at once, Chromatic visually tests individual React components in isolation.
  • Why it fits the PAM role: If the PAM UI team is using React/TypeScript, they are almost certainly using Storybook to manage their UI components. Chromatic integrates directly into the CI pipeline to catch visual bugs at the component level before they hit production.

3. Percy (The CI/CD Choice)

  • How it works: Acquired by BrowserStack, Percy focuses heavily on developer workflow. It integrates natively into GitHub Pull Requests, showing developers visual diffs right alongside their code diffs.
  • Why it fits the PAM role: Great for teams moving fast. It reduces "flakiness" through intelligent noise-reduction algorithms.

4. Playwright Native Visual Comparisons (The Open-Source Choice)

  • How it works: Playwright (the fastest-growing E2E framework for TypeScript) has built-in toHaveScreenshot() assertions. While it doesn't have an LLM out of the box, it provides a deterministic, zero-vendor-lock-in way to do visual testing.
  • Why it fits the PAM role: Playwright's TypeScript support is unmatched. When paired with AI coding agents (like Copilot or Cursor), developers can quickly iterate on visual tests without paying for expensive 3rd-party SaaS tools.

The 2026 Architecture Strategy

If they ask how you would architect the UI testing for a React/TypeScript PAM system, pitch this 3-layer approach: 1. Unit/Component Tests: Test the React components in isolation using Storybook + Chromatic to catch visual bugs early. 2. API/Integration Tests: Test the core business logic (like RTS 12 Limits) strictly via the Golang/TypeScript APIs using BDD/Cucumber. Bypass the UI entirely for speed. 3. End-to-End Visual Tests: Use Playwright + Applitools to run a handful of "Golden Path" tests (e.g., a user logging in and depositing) to ensure the UI renders correctly on mobile and desktop using Visual AI to prevent flakiness.

rts_regs.md

markdown · 70.3 KB↑ top

2 - Definition of terms

2.1 In this document the following terms have the following meanings.

All links open in a new tab.

Compensated games or events Games or virtual events that adjust the likelihood of winning outcomes occurring based on previous payouts or intake. Sometimes referred to as adaptive behaviour or percentage compensation.

Easily accessible This term generally means the facilities or information is either on the screen, or can be intuitively accessed via efficient navigation or other means.

Game A game of chance as defined in section 6(2) of the Gambling Act 2005 (the Act).

Gambling The Gambling Act 2005 defines gambling as follows: * gaming - within the meaning of section 6 * betting - within the meaning of section 9 and * participating in a lottery within the meaning of section 14 and subject to section 15 .

Gaming session A gaming session is the playing of any of the applicable activities, for example bingo or casino games, and commences when a player starts playing a game for real money. A gaming session ends when a player exits a game.

High frequency lottery A lottery in which any draw takes place less than one hour after a draw in a previous lottery promoted on behalf of the same non-commercial society or local authority or as part of the same multiple lottery scheme.

Instant lottery A lottery in which every draw takes place either before, or at the point of, purchase of tickets by participants in the lottery.

Lottery ticket As described by section 253 of the Act and a reference in this document to a lottery ticket includes: * a lottery ticket which is sent by post following entry by means of remote communication * a message sent or displayed to a person electronically in a manner which enables him to retain the message electronically or print it.

Mapping The process of selecting an outcome using the result from a Random Number Generator (RNG). For example, the result from a RNG is mapped to a reel strip symbol.

Peer-to-peer gambling A type of gambling where customers gamble against each other rather than against the house. For example, equal chance gaming such as poker or peer-to-peer betting through betting exchanges.

Play-for-free Also known as play-for-fun. Demonstration version of a real money game where the customer is not staking or winning any money or money’s worth.

Progressive or progressive jackpot An incremental prize that increases as a result of contributions from the monies staked within a game from pre-set base value.

Random Number Generator (RNG) Refers to any item of hardware or software which is used to generate random numbers with the intended property of statistical randomness.

Restricted display device A device such as a mobile phone which has limited space on which to display information, when used to access gambling facilities that the operator intends a customer to use by means of such a device.

We expect that a player using a restricted display device would still have the ability to use all required responsible gambling tools, such as financial limits or self-exclusion. We would not consider it acceptable to require a player to login via, for example, the desktop website version of the gambling facilities in order to access responsible gambling tools. Such an approach would create unreasonable barriers and may deter or prevent mobile users from utilising the available tools.

Scaling Scaling is the process used to convert the output from a RNG into the format required to produce a result for a particular gambling product. To illustrate, an RNG may produce a result of between one and 100,000 but these possible outcomes need to be scaled to the potential game outcomes of, for example, between 1 – 52 to correspond to a standard pack of cards.

Seeding Refers to the process used to determine the initial state of the RNG.

Slots Casino games of a reel-based type (includes games that have non-traditional reels).

Subscription lottery A series of lotteries (other than instant lotteries) promoted on behalf of the same non-commercial society or local authority in respect of which participants pay for participation in one or more future lotteries by regular subscription over a fixed or indefinite period.

Telephone gambling Gambling which takes place via a telephone, without the use of visual displays, by interaction with a customer service agent or an automated system, such as intelligent voice recognition systems or touch tone.

Third party software Refers to software that is separately available from the core software product and is designed to add optional features. It includes additional software, supplied, or used, by the gambling operator, or player, which was not part of the basic package.

Virtual As described by section 353(3) of the Act. Virtual event and virtual game are to be construed accordingly.

3 - Remote gambling and software technical standards

RTS 1 – Customer account information

Applies to: All gambling – except subscription lotteries.

RTS aim 1 To provide customers with easily accessible information about their current balances and facilities that enable them to review previous gambling and account transactions.

RTS requirement 1A Where customers hold a credit or debit balance, the pages or screens used for gambling and to move money into and out of accounts must display the customer’s current account balance, in the currency of their account for example dollars, euros or pounds sterling, whenever that customer is logged in. Where it is not practical to display current balance from gambling screens then easily accessible links to this information must be provided.

RTS implementation guidance 1A * Gambling pages and screens include virtual game pages, sports betting coupons, poker and other virtual gaming ‘tables’. * For telephone betting this information is to be delivered at the customer’s request by the customer service agent or automated response system.

RTS requirement 1B Customers must have easy access to at least three months account and gambling history without having to contact the licensee. A minimum of 12 months of gambling and account history must be made available on request. The ability to request this information should be made clear to customers and be provided as soon as is practicable.

The gambling and account history should include: * credit and debit information such as deposits, withdrawals, movement of funds between products, payments off credit accounts, entry fee deductions, and bonus information, as appropriate * bets placed, the results of bets, winnings paid * for gaming (including bingo) full or summarised gaming information should be available, for example, £10 taken into game, £100 turned over, £3 taken away from game. Where detailed historic game information may not necessarily be directly available to customers, as a minimum, customers must have easy access to details of the last game played and summarised information for previous activities * where customers are able to move funds between gambling products, account information and statements should clearly display movement of funds into and out of products * an option for customers to use their own defined time period or to select from a range of time periods. A summary total for the period selected should be displayed (at least on the first screen or page if the transactions span multiple screens).

For telephone betting and restricted display devices, where customers demonstrate that they also have access to websites – by registering online or using other online products – it is acceptable to provide access to statements via these websites, otherwise customers should be sent a regular copy of their statement via email, fax or post unless they elect not to receive this information. Customers should be sent a statement on request, even if they have opted out of receiving regular statements.

RTS requirement 1C Customers must be able to access information about their net deposits.

RTS implementation guidance 1C Net deposits are defined as the running total of all deposits minus the sum of all withdrawals for the lifetime of the account. This should be displayed at an account level so the figure represents the net position of all payment methods. Where full account lifetime history is not possible then, as a minimum, the net deposits should be displayed from 1 April 2018, or the account opening date if after 1 April 2018. Information which explains the net deposit figure, including the timeframe it covers, should be provided.

RTS 2 – Displaying transactions

Applies to: In respect of requirements 2A to 2D - All gambling. In respect of requirements 2E - Casino (excluding peer-to-peer poker).

RTS aim 2 To enable the customer to understand the value and content of their transactions.

RTS requirement 2A The remote gambling system must make available clear information about the amount of money being gambled by the customer, including any conversions from one form of currency to another, or from currency to credits, chips or other tokens etc, at the point of conversion.

RTS implementation guidance 2A * The financial commitment for each gamble should be displayed somewhere on the screen either in the currency of the customer’s account or in the currency of the product. The use of credits, chips or other tokens with no face value should only be used when the corresponding currency amount is clearly visible, or where the customer is not staking additional money such as a poker tournament. * Any conversion from one currency to another should be clearly presented to the customer and any conversion rules are also to be presented. Where currency is converted into tokens, chips or credits, etc, the conversion should be clearly displayed. * Information about the value of the gamble should be displayed including, as appropriate: * unit stake and total stake, whether currency, credit, tokens, chips, or any other form of payment * entry fees, for example, payment for entry to poker tournaments * the price of lottery tickets and the number of draws entered. * For telephone gambling, this information is to be delivered by the customer service agent or automated response system. * For subscription lotteries, sending a confirmation by email or post and/or displaying the stake and the number of draws entered when the customer subscribes is sufficient.

RTS requirement 2B The gambling system must display sufficient relevant information about the customer’s gamble so that the content of the gamble is clear. This information must be made available before the customer commits to the gamble including, for example, in the artwork and textual information displayed during gaming, or on an electronic equivalent of a betting slip or lottery ticket.

RTS implementation guidance 2B * The following items provide guidelines about the type of information that may be relevant: * selections – the items the customer has chosen to gamble on * the bet type * the accepted odds, for example current odds, starting price, first show, etc * the odds format that will take precedence in settling bets must be set out in the rules. * These items, where relevant, are also required on applications designed for use on restricted display devices. * For telephone gambling the content of the customer’s bet should be read back to them before the bet is confirmed. * Where the customer is able to choose, through the use of a third party user-interface, to override the display of this information, this must not be the default option. That is, the customer must make an active choice not to have the information available or to install a user-interface that does not contain the information. The remote gambling system should continue to make available or send the information to the customer; it should not assume that the information is not required. * For subscription lotteries, sending a confirmation by email or post and/or displaying the first draw and the number of draws for which the customer will be entered is sufficient.

RTS requirement 2C The gambling system must enable customers to choose whether to accept price fluctuations (in either direction) that occur after their bet is requested.

RTS implementation guidance 2C * Players should be presented with options to control whether a price change should be accepted or not. * These options must be presented on a per bet basis, except in circumstances where a customer has requested a default account setting to disable price change alerts prior to bet acceptance. Where the functionality is offered at an account level the default option should not be set to accept all fluctuations. Where a customer chooses not to accept price changes automatically any bet where the price changes must be reoffered before it is accepted. * Information sufficient to explain the options to the customers should be provided. * An optimum solution would enable consumers to choose to automatically accept price movements within a particular margin range. Account level options offered to consumer could include accepting all bets with higher price, accepting all bets with shorter price or accepting all bets regardless of price movements. * This requirement does not intend to capture currency fluctuations.

RTS requirement 2D Customers who choose to use third party user interfaces must be informed that applications may not display full information about their gambles.

RTS implementation guidance 2D Information should be included in terms and conditions, rules or other general information about the gambling product that is made available to and/or sent out to customers.

RTS requirement 2E All gaming sessions must clearly display a customer’s net position, in the currency of their account or product (for example, pounds sterling, dollar, Euro) since the session started.

RTS Implementation guidance 2E Net position is defined as the total of all winnings minus the sum of all losses since the start of the session.

RTS 3 – Rules, game descriptions and the likelihood of winning

Applies to: Gaming (including bingo), lotteries and betting on virtual events

RTS aim 3 To enable customers to make informed decisions about whether to gamble based on their chances of winning, the way the game, lottery or event works, the prizes or payouts on offer and the current state of multi-state games or events.

RTS requirement 3A An explanation of the applicable rules must be easily available to the customer before they commit to gamble. The content including artwork and text must be accurate, and sufficient to explain all of the applicable rules and how to participate. All reasonable steps must be taken to ensure that the content is understandable.

RTS implementation guidance 3A * Explanatory content includes information in artwork and text displayed within the virtual event, in ‘help’ or ‘how to play’ pages, or other supporting material. * Links to the information should be prominently placed, for example on home pages for gaming sections, game selection pages or menus, or within individual games, so that customers can easily locate them. * As a minimum, restricted display devices should provide explanatory content via a menu item or other link. * The following items provide guidelines on the type of explanatory content that may be relevant and should be considered for inclusion: * the name of the game, lottery or virtual event * the applicable rules, including clear descriptions of what constitutes a winning outcome * restrictions on play or betting, such as any play duration limits, maximum wins, etc * the number of decks or frequency of shuffles in virtual card games * whether there are contributions to jackpots (progressives) and the way in which the jackpot operates, for example, whether the jackpot is won by achieving a particular outcome * instructions on how to interact with the game * rules pertaining to metamorphosis of games, for example, the number and type of tokens that need to be collected in order to qualify for a feature or bonus round and the rules and behaviour of the bonus round * the rules for entering a single lottery draw or a series of lottery draws and the frequency of the draws.

RTS requirement 3B Where relevant, as the game or event progresses, information that may reasonably be expected to enable the customer to understand the current state must be displayed.

RTS implementation guidance 3B The following items provide guidelines on the type of information that may be relevant. * Where a game builds up a collection of tokens (symbols etc), the current number collected. * An indication of which rules are currently relevant, such as displaying ‘bonus round’ or other feature labels. * This requirement does not apply to lotteries.

RTS requirement 3C For each virtual event, game (including bingo), or lottery, information that may reasonably be expected to enable the customer to make an informed decision about his or her chances of winning must be easily available before the customer commits to gamble. Information must include: * a description of the way the game works and the way in which winners are determined and prizes allocated * house edge (or margin) * the return to player (RTP) percentage or * the probability (likelihood) of winning events occurring.

RTS implementation guidance 3C * The following items provide further guidance on acceptable types of information about the likelihood of winning: * for types of peer-to-peer games where the likelihood of winning may depend on skill and/or the actions of other participants, a description of the way the game works and how winners are determined will be sufficient * for bingo, and some types of lottery or other games where it is not possible to determine the likelihood of winning because it depends on the eventual number of participants, a description of the way in which prizes are allocated will be sufficient * the average theoretical return to player percentage. Where an event (other than peer- to-peer) involves an element of skill, return to player percentage should be calculated using either the auto-play strategy or a standard/published strategy * the house edge, margin or over-round, for example for a virtual race * the probability of each winning event occurring, or such information as may reasonably be expected to allow the customer to calculate the probability that the event will occur. The nature of some games may mean that the game itself provides sufficient information, for example, the likelihood of rolling a six on a six-sided die would not require further explanation. * The odds displayed in virtual event betting should reflect the probability of each event occurring as closely as possible. * Information may be included in artwork and text displayed within the virtual game or event, in ‘help’ or ‘how to play’ pages, or other supporting material. * Information should be easily accessible, for example by placing links on home pages for gaming or virtual event sections, game selection pages or menus, or within individual games.

RTS requirement 3D For each virtual event, game (including bingo), or lottery, content describing the potential prizes and payouts or the means by which these are calculated or determined must be easily available before the customer commits to gamble.

RTS implementation guidance 3D * Information should be made available about the amounts that customers may potentially win, for example in the form of pay-tables, or by showing the odds paid for particular outcomes. * For peer-to-peer games where the prize is determined based on the actions of the participants, a description of the way the game works and the rake or commission taken will be sufficient. * For lotteries and other types of events where the potential amount or prize paid out may not be known before the customer commits to gamble, describing the way in which the prize amount is determined will be sufficient. * Information may be included in artwork and text displayed within the virtual event, in ‘help’ or ‘how to play’ pages, or other supporting material. * Information should be easily accessible, for example by placing links on home pages for gaming sections, game selection pages or menus, or within individual games. * Displays of jackpot amounts that change over time (progressives) should be updated as frequently as practicable, particularly after the amount has been reset following a win.

RTS 4 – Time-critical events

Applies to: Gaming (including bingo), lotteries and betting on virtual events

RTS aim 4 To reduce the risk that customers are unfairly disadvantaged by technical factors that may affect speed of response, and to ensure customers are made aware of the risk.

RTS requirement 4A Where speed of interaction has a significant effect on the customer’s chance of winning, operators must assess the level of risk and demonstrate to the Commission that they are taking reasonable steps to reduce the risk to customers.

RTS implementation guidance 4A Examples of possible approaches include: * estimating the degree of network latency (delay) a customer is experiencing and displaying regularly updated information to the customer about any disadvantage that they may be operating under (for example high, medium, low) * applying a handicapping system based on estimated performance and/or system latency * treating winning responses that arrive within a period of time as simultaneous and implementing a policy on how simultaneous wins are to be dealt with.

RTS requirement 4B For time-critical events, the customer should be informed that they might be at a disadvantage because of technical issues such as slower network speeds, or slower end user device performance.

RTS implementation guidance 4B * Information should be included in game descriptions, rules, ‘help’ or ‘how to play’ pages.

RTS 5 – Result determination

Applies to: All gambling

RTS aim 5 To ensure that the gambling system implements the operator’s rules, game rules and betting rules as they are described to the customer.

RTS requirement 5A All reasonable steps should be taken to ensure that gambles are accepted, processed and settled in accordance with the operators’ published terms and rules, and the rules of the specific game, event, or bet.

Where unexpected system flaws, faults, or errors that affect the customer occur, steps are to be taken as soon as practicable to remedy the problem and ensure that the customer is treated fairly according to the circumstances.

RTS implementation guidance 5A * Under normal operation, in the absence of technical faults, the system should act in accordance with the rules. * Reasonable steps include testing of systems and new products against the published rules and monitoring the ongoing performance of those products in the live environment. Refer to our testing strategy for more detailed requirements in this area. * Customers should be notified when errors that affect them, for example, incorrectly settled bets, have occurred as soon as practicable after the event occurs. Steps should be taken to rectify the error, for example, by manually adjusting the customer’s account.

RTS 6 – Result determination for play-for-free games

Applies to: Gaming (including bingo), lotteries and betting on virtual events.

RTS aim 6 To minimise the risk that customers are misled about the likelihood of winning due to the behaviour of play-for-free games.

RTS requirement 6A Play-for-free games must implement the same game rules as the corresponding play-for-money games offered on the same facilities (that is, the same website). Operators must take all reasonable steps to ensure that play-for-free games accurately represent the likelihood of winning and prize distribution in the play-for-money game. For the purpose of this requirement playing a game includes participating in a lottery and/or betting on a virtual event.

RTS implementation guidance 6A * The play-for-free game should use the same RNG as the corresponding play-for-money games, another RNG that fulfils the requirements set out in RTS requirement 7A, or a publicly available RNG, (such as those available as standard within operating systems) that may reasonably be expected to produce no systematic bias. * Where 6A is not reasonably possible, it should be demonstrated that the method of producing outcomes does not introduce a systematic bias, for example: * if tables of random numbers are used, they should be sufficiently long to support a large number of games without repeating * the method should represent game probabilities accurately, that is it should not produce a higher than expected proportion of winning outcomes. * The prize distribution should accurately represent the play-for-money game. For example, where play-for-free games use virtual cash, the virtual cash payouts should be the same as the corresponding play-for-money game, and where tokens are used, the allocation of tokens as prizes should be proportionate to the stakes and prizes in the play-for-money game. * Where videos are used to advertise a game’s features it should be made clear to consumers where footage has been edited or sped-up for promotional purposes. Similarly, where a non-consumer (for example supplier’s) website is demonstrating a game with higher than normal returns (that is, on a website that is different to the real money gambling facility websites) it should be made clear that it is a demonstration game specifically designed to demonstrate the bonus features.

RTS 7 – Generation of random outcomes

Applies to: Gaming (including bingo), lotteries, and betting on virtual events

RTS aim 7 To ensure that games and other virtual events operate fairly.

RTS requirement 7A Random number generation and game results must be ‘acceptably random’. Acceptably random here means that it is possible to demonstrate to a high degree of confidence that the output of the RNG, game, lottery and virtual event outcomes are random through, for example, statistical analysis using generally accepted tests and methods of analysis. Adaptive behaviour (that is, a compensated game) is not permitted.

Where lotteries use the outcome of other events external to the lottery, to determine the result of the lottery the outcome must be unpredictable and externally verifiable.

RTS implementation guidance 7A * RNGs should be capable of demonstrating the following qualities: * the output from the RNG is uniformly distributed over the entire output range and game, lottery, or virtual event outcomes are distributed in accordance with the expected or theoretical probabilities * the output of the RNG, game, lottery, and virtual event outcomes should be unpredictable, for example, for a software RNG it should be computationally infeasible to predict what the next number will be without complete knowledge of the algorithm and seed value * random number generation does not reproduce the same output stream (cycle), and that two instances of a RNG do not produce the same stream as each other (synchronise) * any forms of seeding and re-seeding used do not introduce predictability * any scaling applied to the output of the random number generator maintains the qualities as detailed * For lotteries using external events - where it is not practical to demonstrate 7A the events outcomes should be: * unpredictable, that is, events should be selected only where they may reasonably be assumed to be random events * unable to be influenced by the lottery operator (or external lottery manager) * publicly available and externally verifiable, for example, events that are published in local or national press would be acceptable. * For games or virtual events that use the laws of physics to generate the outcome of the game (mechanical RNGs), the mechanical RNG used should be capable of meeting the requirements in a. where applicable and in addition: * the mechanical pieces should be constructed of materials to prevent decomposition of any component over time (for example, a ball shall not disintegrate) * the properties of physical items used to choose the selection should not be altered * players should not have the ability to interact with, come into physical contact with, or manipulate the mechanics of the game * Restricting adaptive behaviour prohibits automatic or manual interventions that change the probabilities of game outcomes occurring during play. Restricting adaptive behaviour is not intended to prevent games from offering bonus or special features that implement a different set of rules, if they are based on the occurrence of random events.

RTS requirement 7B As far as is reasonably possible, games and events must be implemented fairly and in accordance with the rules and prevailing payouts, where applicable, as they are described to the customer.

RTS implementation guidance 7B * Games should implement the rules as described in the rules available to the customer before play commenced. * The mapping of the random inputs to game outcomes should be in accordance with prevailing probabilities, pay tables, etc. * When random numbers, scaled or otherwise, are received, for example, following a game requesting a sequence of random numbers, they are to be used in the order in which they are received and they may not be discarded due to adaptive behaviour. * Numbers or sequences of numbers are not to be discarded, unless they fall outside the expected range of numbers required by the virtual event – such an occurrence should result in an error being logged and investigated.

RTS requirement 7C Game designs or features that may reasonably be expected to mislead the customer about the likelihood of particular results occurring are not permitted, including substituting losing events with near-miss losing events and simulations of real devices that do not simulate the real probabilities of the device.

RTS implementation guidance 7C * Where a virtual event simulates a physical device, the theoretical game probabilities should match the probabilities of the real device (for example, the probability of a coin landing heads must be 0.5 every time the coin is tossed). * Where multiple physical devices are simulated the probabilities of each outcome should be independent of the other simulated devices. * Games may not falsely display near-miss results, that is, the event may not substitute one losing outcome with a different losing outcome. * Where the event requires a pre-determined layout (for example, hidden prizes on a map), the locations of the winning spots should not change during play, except as provided for in the rules of the game. * Where games involve an element of skill, every outcome described in the virtual event rules or artwork should be possible, that is, the customer should have some chance of achieving an advertised outcome regardless of skill. * Where a customer contributes to a jackpot pool, that customer should be eligible to win the jackpot whilst they are playing that game, in accordance with the game and jackpot rules.

RTS requirement 7D The rules, payouts and outcome probabilities of a virtual event or game may not be changed while it is available for gambling, except as provided for in the rules of the game, lottery or virtual event. Such changes must be brought to customer’s attention.

RTS implementation guidance 7D * Changes to game or event rules, paytables or other parameters that change the way in which a game, lottery, or event works, the winnings paid, or likelihood of winning (except as described in 7Dc), should be conducted with the game or event taken offline or suspended. * Altered games, lotteries, and events should display a notice that informs customers that the game or event has been changed, for example, ‘rules changed’, ’new odds’, or 'different payouts’. The notice should be displayed on game selection screens and on the events themselves if it is possible for the customer to go straight to the event without using a selection screen. * This requirement is not intended to prevent games and virtual events where specified changes occur legitimately, in accordance with the game or event rules, for example: * virtual events, such as virtual racing products where the odds differ from event to event depending on the virtual runners * virtual games, such as bingo where the odds of winning are dependent on the number of entrants * games with progressive jackpots, where the amount that can be won changes over time * games with bonus rounds where different rules apply, so long as these rounds are properly described to the customer * unspecified changes to rules, paytables or other parameters that change the way in which a game, lottery or event works are not permitted, for example, rules that state ‘game rules may be changed at any time’ would not be acceptable.

RTS requirement 7E Except in the case of subscription lotteries, the system clearly and accurately display the result of the game or event and the customer’s gamble. The result must be displayed for a length of time that may reasonably be expected to be sufficient for the customer to understand the result of the game or event in the context of their gamble.

RTS implementation guidance 7E The game artwork and text should be sufficient to provide the customer with all of the information required to determine whether they have lost or won, and the value of any winnings.

RTS 8 – Auto-play functionality

Applies to: Gaming (including bingo).

RTS aim 8A To make clear that auto-play cannot be offered for online gaming.

RTS requirement 8A The gambling system must require a customer to commit to each game cycle individually.

RTS guidance 8A This requirement does not prohibit offering functionality to automatically post blinds in peer-to-peer poker.

RTS 9 – Progressive jackpot systems

Applies to: Gaming (including bingo)

RTS aim 9 To ensure that progressive jackpot systems operate fairly.

RTS requirement 9A An explanation of the jackpot rules must be clearly available to the customer before they commit to gamble.

RTS implementation guidance 9A * The rules for a jackpot shall describe how it is funded, what the start-up seed and any ceiling values are. The jackpot system’s return to player percentage should be displayed as per RTS 3C, this could be one combined game and progressive jackpot RTP figure or broken down into the base game and jackpot component. If a player is not eligible for a game’s progressive jackpot prize this should be made clear, along with their respective theoretical RTP. * The rules for a jackpot shall describe how the prizes are determined and awarded, including what happens when two or more players simultaneously trigger the same jackpot, or appear to simultaneously trigger the jackpot, for example due to network latency issues. * All eligible players should be able to see the current jackpot values and these should be updated as frequently as is practicable, particularly after the amount has been reset following a win. * Where a jackpot is capped at a ceiling value, an explanation of how subsequent player contributions are handled should be provided (for example, the operation of any redirected overflow or reserve pools).

RTS requirement 9B Jackpot systems must be configured and operated with adequate fairness and security.

RTS implementation guidance 9B * The gambling system shall maintain strict access and logging controls over the configuration and changes made to live jackpots. * Where a customer contributes to a jackpot pool, that customer should be eligible to win the jackpot whilst they are playing that game. The chances of winning a jackpot should increase in correlation with the amount contributed. * Where a jackpot containing player contributions is decommissioned those contributions need to be returned fairly according to the circumstances, with priority given to the players who made the contributions. Some example methods to achieve this include: * waiting until the jackpot is next awarded before decommissioning it. * adding any remaining contributions onto another jackpot system, preferably one with a similar player base. * returning remaining contributions as a one off event, with adequate customer disclosure to explain the origin of money. * The gambling system shall ensure that a winning customer is notified of a jackpot win immediately after it is triggered and that other participating customers are adequately notified of the jackpots reset value.

RTS 10 – Interrupted gambling

Applies to: Peer-to-peer betting and gaming (including bingo)

RTS aim 10 To ensure that customers are treated fairly in the event of interrupted play or betting and that they are aware of how they will be treated if interruptions occur.

RTS requirement 10A Operators must take all reasonable steps to ensure that their policies for instigating or dealing with service interruptions are fair and do not systematically disadvantage customers.

RTS implementation guidance 10A * For gaming the following policies should be applied: * where an interruption occurs after the operator receives notification of the customer’s gamble and where the customer can have no further influence on the outcome of the event or gamble the results of the gamble should stand * where an interruption to a single-participant single stage event occurs before an outcome has been generated the customer should have any deducted stake returned to their balance * for stateful games (games where there are multiple stages or decision points), all reasonable steps should be taken to restore the game to its last known state to enable the customer to complete the game * games with multiple participants (equal chance or otherwise) should be dealt with fairly on a case-by-case basis * progressive jackpot values should be restored to their pre-failure state. * For peer-to-peer betting the following policies should be applied: * where a service interruption is caused by failures in the gambling system, operators should suspend betting on all betting markets that have been affected by a significant event before service is restored * other failures should be dealt with fairly on a case-by-case basis.

RTS requirement 10B Systems must be capable of recovering from failures that cause interruptions to gambling, including where appropriate, the capability to void gambles (with or without manual intervention), the capability to suspend betting markets, and taking all reasonable steps to retain sufficient information to be able to restore events to their pre-failure state.

RTS implementation guidance 10B * For gaming the system should: * be capable of voiding gambles and restoring the amount gambled to the customer automatically, or in conjunction with manual operational controls; and * implement all reasonable measures to maintain sufficient information to be capable of automatically restoring an event to its pre-failure state so that it may be completed by the customer. The following information should be restored, as appropriate: * the state of a deck of cards, and any hands that have been dealt * number of tokens collected * any other predetermined information, such as maps or prize layouts * the value of any progressive jackpots * the state of any gambles, for example, who has staked what on what outcome * bets placed or offered. * For peer-to-peer betting, it should be possible to suspend betting markets manually or automatically.

RTS requirement 10C Operators must make available information about their policies regarding service interruptions in various different circumstances.

RTS implementation guidance 10C Operators should make information available to customers about how they will be treated in various common scenarios. However, this does not mean that operators have to detail all possible scenarios or responses to service interruptions.

RTS 11 – Limiting collusion and cheating

Applies to: Peer-to-peer gaming

RTS aim 11 To reduce the risk that cheating or collusion by players unfairly disadvantages another player and to inform customers about the risks posed.

RTS requirement 11A Measures intended to deter, prevent, and detect collusion and cheating must be implemented. Gambling systems must retain a record of relevant activities to facilitate investigation and be capable of suspending or disabling player accounts or player sessions. Operators must monitor the effectiveness of their policies and procedures.

RTS implementation guidance 11A * Relevant activities to be recorded will vary by game but may include: * which players played at which tables * the amounts won from and lost to accounts * game activities to an individual bet/action level. * Where appropriate, prevention measures may include: * taking steps to prevent a player from occupying more than one seat at any individual table. * Detection measures may include, detecting and investigating the following, where appropriate: * players who frequently share the same tables * players from same address who share the same table * suspicious patterns of play (such as chip dumping) * unusual gameplay statistics. * Customer complaints about cheating should be investigated. * Records should be kept of investigations which result in an account being closed including: * player details (name, location, which licence the activity was in reliance on), scale of the offences (financial and number of players), time and date etc * the reason for investigation (including whether it was initiated by customer contact) and the outcome * any relevant evidence such as reports, screenshots, chat history etc. This information should be considered when updating the risks identified in relevant policies and procedures.

RTS requirement 11B Information must be made available about the operator’s policies and procedures with regard to cheating, recovered player funds and about how to complain if a customer suspects other participants are cheating.

RTS implementation guidance 11B * As a minimum deterrent, customers should be informed that accounts will be closed if the customer is found to have cheated. * Information regarding funds that are recovered from accounts during integrity investigations is not expected to cover every scenario but should highlight the main aims of the policy. * Relevant information should be included in terms and conditions or rules.

RTS 12 – Financial limits

Applies to: All gambling - except subscription lotteries

RTS 12 aim To provide all customers with facilities to apply financial limits to their accounts to enable them to set and maintain a gambling budget that is suitable for their personal circumstances.

RTS requirement 12A The gambling system must provide easily accessible facilities for customers to set their own financial limits at any time from the point of registration.

Customers must be prompted to set a limit as part of the registration process or at the point at which the customer makes the first deposit or payment. The limit must be implemented as soon as practicable after the customer’s request. The customer must be informed when the limit will come into force.

RTS implementation guidance 12A * Limits could be in the form of: * deposit limits: where the amount a customer deposits into their account is limited over a particular duration * spend limits: where the amount a customer spends on gambling (or specific gambling products) is restricted for a given period – this type of limit may be appropriate where the customer does not hold a deposit account with the operator * loss limits: where the amount lost (that is, winnings subtracted from the amount spent) is restricted (for instance when a customer makes a £10 bet and wins £8, the loss is £2). * The period/duration of the limits on offer should include: * 24 hours and * 7 days and * one month * where a customer sets simultaneous time frames, for example a daily deposit limit and a weekly limit, the lowest limit should always apply. Therefore if a daily deposit limit of £10 and a weekly limit of £100 are both set then the maximum the system should allow to be deposited is £10 per day and £70 per week.

RTS requirement 12B Customers must be presented with a ‘free text’ box to set a limit, or the equivalent in the case of telephone gambling.

As a minimum, limits must be applied at the account level.

RTS implementation guidance 12B * In addition to account-level limits, limits could be implemented across individual products or channels. Where gambling licensees offer the facility to set limits for individual products or channels it should be made clear to customers using the facility whether those limits apply at the account or product/channel level. For example, where a limit has been set for a specific game, a customer should not be misled into assuming that the limit automatically applies to other products. * Where a customer sets simultaneous time frames, gambling licensees should provide clear information on how the interaction between those limits works. * Operators could provide links to tools or resources to inform budgeting and aid customers in determining appropriate limits for their personal circumstances. * In order to mitigate against user error, the gambling system could permit specific monetary increments for limits, such as whole pounds.

RTS requirement 12C Financial limit facilities must be provided via a direct link on the homepage and be clearly visible and accessible.

Financial limit facilities must be clearly visible and accessible on deposit pages/screens or via a direct link on these pages or screens.

The gambling system must minimise the number of clicks or pages customers make in order to access financial limit facilities.

RTS implementation guidance 12C * Links to limit-setting facilities from communications such as emails or notifications should link directly to the facilities and not via a home page or other intermediate page(s), unless required by account log in security settings.

RTS requirement 12D Customer-led limits must only be increased at the customer’s request, only after a cooling-off period of at least 24 hours has elapsed and only once the customer has taken positive action at the end of the cooling off period to confirm their request.

Unless systems/technical failures prevent it, customer-led reductions to limits must be implemented immediately.

The gambling system must provide a prompt to customers to review their own account and transaction information, as is currently made available under RTS 1 – Customer account information. This must be provided at a minimum of six-month intervals for accounts with activity within a rolling 12-month period. Customers must be provided with facilities to set more frequent reminders to receive this statement and review their limits.

RTS implementation guidance 12D * In the event of systems or technical failure not facilitating an automated and/or immediate reduction in limits, the customer should be informed when the limit reduction will take effect. * Operators should monitor engagement with and responses to alerts, in order to inform good design and best practice.

RTS requirement 12E Financial limit-setting facilities must present setting a limit as the default choice. The gambling system must require an action by the customer in order to decline setting a limit.

The gambling system must receive confirmation that the customer does not wish to set a limit before moving on to deposit/gamble.

The gambling system must prompt existing customers without limits set to review this position as a minimum on an annual basis.

RTS implementation guidance 12E * Presentation of financial limits as the default option could take the form of pre-selected fields such as tick boxes, or through visual distinction. * Action to decline setting a limit and receiving confirmation could take the form of a tick box, dismissing a message or other action by the customer. * Customers who choose to opt out of setting a limit could be provided with information or links to tools and resources such as budgeting tools and information about safer gambling.

RTS 13 – Time requirements and reality checks

Applies to: In respect of requirement RTS 13A – All remote gambling except telephone gambling. In respect of RTS 13B – Remote gaming (including bingo but excluding peer to peer gaming), remote instant win lotteries and high frequency lotteries. In respect of RTS 13C – Casino (excluding peer to peer poker).

RTS aim 13 To provide customers with facilities to assist them to keep track of the time they spend gambling.

RTS requirement 13A Where the gambling system uses full screen client applications that obscure the clock on the customer’s device the client application itself must display the time of day or the elapsed time since the application was started, wherever practicable.

RTS implementation guidance 13A * Time of day should either be taken from the customer’s own device or ‘server time’ and should be displayed in hours and minutes. * Operators will not be expected to detect whether or not customers have hidden their clocks. * Elapsed time should be displayed in minutes and hours. * For restricted display devices, time of day or elapsed time should be displayed where the device supports it. * In addition, customers may be offered the ability to set a session or game-play duration reminder.

RTS requirement 13B The gambling system must provide easily accessible facilities that make it possible for customers to set a frequency at which they will receive and see on the screen a reality check within a gaming session. A ‘reality check’ means a display of the time elapsed since the session began. The customer must acknowledge the reality check for it to be removed from the screen.

RTS implementation guidance 13B * The customer should be offered the opportunity to set or amend a reality check via easily accessible means at all times. Customers should be able to select a frequency at which the reality check will appear on the screen. Customers can be presented with a pre-set list time periods but these must have a reasonable and appropriate range from which to select and where a default time period is offered it must be set at the minimum * The reality check should continue to appear at the selected time intervals until the customer’s gaming session ends (see definition of terms) or the customer exits their account (this will depend on solutions i ii iii below). If a customer is participating in multiple gaming sessions at once (for example, playing bingo as well as participating in slots games in between draws) the gaming session began when the player commenced with the first product. The reality check facility could be implemented via one of the following ways: * Player account level implementation - there are two potential solutions for account level implementation. The optimum approach would enable customers to set a reality check reminder for their account, which would commence at the start of the first gaming session and roll over to subsequent sessions. An alternative solution would be for the reality check to commence before a customer accesses a gaming session (for example, at account login stage). The second solution would meet the requirement although it would not take into account natural breaks in play, such as when customers are in the casino lobby. * Product level implementation - this approach will enable a customer to set a reality check for each individual gaming session, for example the player commences playing roulette and then later starts playing blackjack and has two reality checks running concurrently but covering different time periods. * Hybrid solution - some games are subject one reality check and others are subject to another for example all slot games are subject to a single reality check and live dealer products are subject to a separate reality check. * A clear explanation of how the reality check is implemented must be provided to players so they are aware of how they can use it to assist them in managing their gambling. Where possible a player’s preferences should be applied to all future account logins or gaming sessions (where applicable). If this is not possible players must be provided with clear information that explains that they will have to set a reality check for each account login or gaming session. * The reality check should offer the customer the facility to exit the gaming session or log out of their account (depending on which of the above solutions is adopted). * The reality check should provide a link to the customer’s account history. * The reality check can be presented at the end of a game but a player cannot be permitted to commit further funds to a new game until they have acknowledged the reality check, unless it occurs mid-way through a multi-state game such as blackjack where a player would need to commit additional funds if they wanted to split or double down. * The reality check must prevent a new game within an auto-play sequence from commencing until the player has acknowledged the reality check.

RTS requirement 13C The elapsed time should be displayed for the duration of the gaming session.

RTS implementation guidance 13C * Time displayed should begin either when the game is opened or once play commences. * Elapsed time should be displayed in seconds, minutes and hours.

RTS 14 – Responsible product design

Applies to: In respect of requirements RTS 14A and 14B – All gambling. In respect of requirement RTS 14C – Casino (excluding peer-to-peer poker). In respect of requirement RTS 14D – Slots. In respect of requirement RTS 14E and 14F – Casino. In respect of requirement RTS 14G – Casino (excluding slots and peer-to-peer poker).

RTS aim 14 To ensure that products are designed responsibly and to minimise the likelihood that they exploit or encourage problem gambling behaviour.

RTS requirement 14A Gambling products must not actively encourage customers to chase their losses, increase their stake or increase the amount they have decided to gamble, or continue to gamble after they have indicated that they wish to stop.

RTS implementation guidance 14A * By actively encourage, we mean the inclusion of specific features, functions or information that could reasonably be expected to encourage a greater likelihood of the behaviours described occurring. For example: * the amount of funds taken into a product should not be topped up without the customer choosing to do so on each occasion, for example, when a customer buys-in at a poker table they should have to choose to purchase more chips to play at the table, automatic re-buys should not be provided * written or graphical information should not encourage customers to try to win back their losses * customers who have chosen to exit a game should not be encouraged to continue playing by, for example, being offered a free game. * This requirement is not intended to prevent operators from offering special features or well-known games such as blackjack that allow customers to increase their stake on the occurrence of specific events (for example, split).

RTS requirement 14B Consumers must not be given the option to cancel their withdrawal request.

RTS implementation guidance 14B Once a customer has made a request to withdraw funds, they should not be given the option to deposit using these funds. Operators should make the process to withdraw funds as frictionless as possible.

RTS requirement 14C The gambling system must not offer functionality which facilitates playing multiple games at the same time.

RTS implementation guidance 14C * Operators are not permitted to offer functionality designed to allow players to play multiple games at the same time. This includes, but is not limited to, split screen or multi-screen functionality. * Combining multiple games in a way which facilitates simultaneous play is not permitted.

RTS requirement 14D It must be a minimum of 2.5 seconds from the time a game is started until the next game cycle can be commenced. It must always be necessary to release and then depress the 'start button’ or take equivalent action to commence a game cycle.

RTS implementation guidance 14D A game cycle starts when a player depresses the ‘start button’ or takes equivalent action to initiate the game and ends when all money or money’s worth staked or won during the game has been either lost or delivered to, or made available for collection by the player and the start button or equivalent becomes available to initiate the next game.

A player should commit to each game cycle individually, continued contact with a button, key or screen should not initiate a new game cycle.

RTS requirement 14E The gambling system must not permit a customer to reduce the time until the result is presented.

RTS implementation guidance 14E * Features such as turbo, quick spin and slam stop are not permitted. This is not intended to be an exhaustive list but to illustrate the types of features the requirement is referring to. * This applies to all remote games, regardless of game cycle speed. * This requirement does not apply to bonus and/or feature games where an additional stake is not wagered. * This requirement does not prohibit the ‘scratch-all’ and/or ’reveal-all’ feature. * This requirement does not prohibit games where the customer will lose their stake unless they take action to end the game.

RTS requirement 14F The gambling system must not celebrate a return which is less than or equal to the total stake gambled.

RTS implementation guidance 14F * By ‘celebrate’ we mean the use of auditory or visual effects that are associated with a win are not permitted for returns which are less than or equal to last total amount staked. * The following items provide guidelines for reasonable steps to inform the customer of the result of their game cycle: * Display of total amount awarded. * Winning lines displayed for a short period of time that will be considered sufficient to inform the customer of the result. This implementation should not override any of the display requirements (as set out in RTS 7E). * Brief sound to indicate the result of the game and transfer to player balance.

RTS requirement 14G It must be a minimum of 5 seconds from the time a game is started until the next game cycle can be commenced. It must always be necessary to release and then depress the 'start button’ or take equivalent action to commence a game cycle.

RTS implementation guidance 14G A game cycle starts when a player depresses the ‘start button’ or takes equivalent action to initiate the game and ends when all money or money’s worth staked or won during the game has been either lost or delivered to, or made available for collection by the player and the start button or equivalent becomes available to initiate the next game.

A player should commit to each game cycle individually, continued contact with a button, key or screen should not initiate a new game cycle.

RTS 15 – In-play betting

Applies to: Betting and peer-to-peer betting

RTS aim 15 To make the customer aware that they may not have the latest information available when betting on live events, and that they may be at a disadvantage to operators or other customers who have more up-to-date information.

RTS requirement 15A Information must be made available that explains that ‘live’ TV or other broadcasts are delayed and that others may have more up-to-date information. Main in-play betting pages must include this information where practicable.

RTS implementation guidance 15A * Brief information should be included on main in-play pages or screens, such as the in-play home page or screen. More detail should be provided in ‘help’ or ‘how to’ or other product pages or screens. * For telephone betting the information should be included in the general betting or product information that is made available to and/or sent out to customers. * Where a brief notice cannot be practicably included on the main pages or screens, the information should be provided on easily accessible ‘help’, ‘how to’ or other product pages or screens.

RTS 16 – Use of third party software

Applies to: Peer-to-peer gambling

RTS aim 16 To make customers in peer-to-peer gambling aware that they may be gambling against a software program (designed to automatically participate in gambling within certain parameters, sometimes referred to as a bot), or a human aided by third party software.

RTS requirement 16A Where peer-to-peer customers may be gambling against programs deployed by other customers to play on their behalf, or customers assisted by third party software, information should be made available that describes that this is possible, and if it is against the operator’s terms and conditions, how to report suspected use.

RTS implementation guidance 16A * The warning and information about how to complain should be included in game descriptions, rules, terms and conditions, ‘help’, ‘how to play’ or other general product information pages. * The warning should also inform customers that if they use a program to gamble on their behalf, other customers may be able to exploit it.

RTS requirement 16B Operators must make it clear to players whether the use of third party software is permitted and if so which types. Operators that prohibit certain types of third party software must implement measures intended to deter, prevent, and detect their use.

RTS implementation guidance 16B Clear, accessible information about the types of software that are permitted or prohibited should be included within terms and conditions and the players guide (LCCP Social responsibility code 4.2.3), as a minimum. This does not have to be an extensive list but could be a description of the key features of the software.

RTS requirement 16C Where operators use programs to participate in gambling on their behalf in peer-to-peer gambling, easily accessible information must be displayed, which clearly informs customers that the operator uses this kind of software.

RTS implementation guidance 16C * Peer-to-peer gambling operators that use software to gamble on their behalf (for example, poker robots) should display a notice to customers on the home pages or screens and in the game description, ‘help’ or ‘how to play/bet’ pages or screens. * As a minimum, restricted display devices should provide a link to further information on gambling pages/screens or in ‘help’, ‘about’ or ‘how to bet/play’ pages or screens.

RTS 17 – Live dealer studios

Applies to: Gaming (including bingo)

RTS aim 17 To ensure that live dealer operations are fair.

RTS requirement 17A Live dealer operations must be fair and independently auditable.

RTS implementation guidance 17A * Equipment and consumables should be of commercial casino quality. Designated staff should be responsible for monitoring the integrity of all operational equipment. * Croupiers need to undergo adequate training to provide the gambling in a fair way according to documented procedures and game rules. Evidence of training and refresher training should be maintained. * Gambling provision should be supervised by staff responsible to oversee dealer activities and integrity. Video surveillance to record all dealer activity should be in place, enough to cover the predefined gaming areas with sufficient detail to confirm whether dealing procedures and game rules were followed. * Secure areas, gambling equipment and consumables shall be protected by appropriate access controls to ensure that only authorised personnel are allowed access. * Game logs should be maintained and game events collated into statistics which can be analysed for trends relating to game performance, staff and/or locations in the gaming area.

4 - Remote gambling and software technical standards (RTS) security requirements

Security requirements summary

4.1 This section sets out a summary of the RTS security requirements that licence holders must meet. The Commission has based the security requirements on the relevant sections of Annex A to the ISO/IEC 27001:2022 standard.

4.2 This 2022 standard replaces ISO/IEC 27001:2013.

4.3 The Commission’s aim in setting out the security standards is to ensure customers are not exposed to unnecessary security risks by choosing to participate in remote gambling. The Commission has highlighted those systems that are most critical to achieving the Commission’s aims and the security standards apply to these critical systems: * electronic systems that record, store, process, share, transmit or retrieve sensitive customer information, for example, credit/debit card details, authentication information, customer account balances * electronic systems that generate, transmit, or process random numbers used to determine the outcome of games or virtual events * electronic systems that store results or the current state of a customer’s gamble * points of entry to and exit from the above systems (other systems that are able to communicate directly with core critical systems) * communication networks that transmit sensitive customer information.

Organisational controls

  • 5.1 Policies for information security
  • 5.10 Acceptable use of information and other associated assets
  • 5.15 Access control
  • 5.16 Identity management
  • 5.17 Authentication information
  • 5.18 Access rights
  • 5.19 Information security in supplier relationships
  • 5.20 Addressing information security within supplier agreements
  • 5.21 Managing information security in the ICT supply chain
  • 5.22 Monitoring, review and change management of supplier services
  • 5.23 Information security for use of cloud services
  • 5.24 Information security incident management planning and preparation
  • 5.25 Assessment and decision on information security events
  • 5.26 Response to information security incidents
  • 5.28 Collection of evidence
  • 5.35 Independent review of information security

People controls

  • 6.3 Information security awareness, education and training
  • 6.5 Responsibilities after termination or change of employment
  • 6.7 Remote working
  • 6.8 Information security event reporting

Physical controls

  • 7.8 Equipment siting and protection
  • 7.10 Storage media
  • 7.14 Secure disposal or re-use of equipment

Technological controls

  • 8.1 User endpoint devices
  • 8.2 Privileged access rights
  • 8.3 Information access restriction
  • 8.5 Secure authentication
  • 8.7 Protection against malware
  • 8.13 Information backup
  • 8.15 Logging
  • 8.17 Clock synchronisation
  • 8.18 Use of privileged utility programs
  • 8.20 Networks security
  • 8.21 Security of network services
  • 8.22 Segregation of networks
  • 8.24 Use of cryptography
  • 8.25 Secure development life cycle
  • 8.26 Application security requirements
  • 8.27 Secure system architecture and engineering principles
  • 8.29 Security testing in development and acceptance
  • 8.30 Outsourced development
  • 8.31 Separation of development, test and production environments
  • 8.32 Change management
  • 8.33 Test information

5 - Annex

RTS numbers Bingo* Casino Betting (Virtual) Betting (Real event) Betting (Peer-to-peer) Subscription lotteries Instant Win/High frequency lotteries
RTS 1 – Customer account information X X X X X X
RTS 2 A-D – displaying transactions X X X X X X X
RTS 2E – displaying transactions X
RTS 3 – Rules, game descriptions and likelihood of winning X X X X X
RTS 4 – time critical events X X X
RTS 5 – result determination X X X X X X X
RTS 6 – Result determination for play for free games X X X X X
RTS 7 – Generation of random outcomes X X X X X
RTS 8 – Auto play functionality X X
RTS 9 – Progressive jackpots X X
RTS 10 – Interrupted gambling X X X
RTS 11 – Limiting collusion/cheating X**
RTS 12 – Financial Limits X X X X X X
RTS 13A – Time requirements X X X X X X X
RTS 13B – Reality checks X*** X*** X
RTS 13C – Time requirements X
RTS 14A&B – Responsible product design X X X X X X X
RTS 14C – Responsible product design (excluding peer-to-peer poker) X
RTS 14D – Responsible product design (slots) X
RTS 14E and 14F – Responsible product design X
RTS 14G – Responsible product design (excluding slots and peer-to-peer poker) X
RTS 15 – In play betting X X X
RTS 16 – Third party software X** X
RTS 17 – Live dealer studios If applicable If applicable
Security requirements**** X X X X X X X
  • The following standards apply to holders of remote bingo licences when making facilities available by means of remote communication in respect of games of bingo played on more than one set of premises: RTS 3, RTS 4, RTS 5, RTS 7, RTS 10 and RTS 14.

** Peer-to-peer gaming only

*** Excluding peer-to-peer gaming

**** The following categories of licences require the full security audit by an independent auditor: Remote betting – general (but not telephone only or trading rooms), remote betting (virtual events) pool and intermediary, remote casino, remote bingo, all host licences and remote lotteries (with entries greater than £250,000 per year). NB: The table lists the main gambling variants as set out in the RTS. The standards that apply to a specific products will vary based on the underlying event. For example, the underlying event of pool betting will determine whether it is caught as betting (real event) or betting (virtual).

pam_tester_interview_prep.md

markdown · 3.5 KB↑ top

Interview Prep: Software Tester (PAM / Regulatory Delivery)

The Role Context

You are interviewing for a Software Tester role in the Player Account Management (PAM) team, specifically within the Regulatory Delivery Stream. Your focus is heavily on Risk, Regulatory, Limits, and Self-Exclusion functionality.

Key Themes to Emphasize

1. Regulatory Compliance (RTS 12 & 13 — plus LCCP for self-exclusion)

  • Accuracy note: RTS 12 = financial limits; RTS 13 = time requirements / reality checks. Self-exclusion is not RTS — it falls under the LCCP Social Responsibility Code (SRCP 3.5.x) and the national online self-exclusion scheme (GAMSTOP). Don't conflate the two in the interview; knowing the distinction is itself a credibility signal for a regulatory-delivery role.
  • Talking Point: Emphasize your understanding that regulatory testing is fundamentally different from standard functional testing. A bug in a UI might cause a bad user experience, but a bug in deposit limits or self-exclusion can result in multi-million pound fines from the UKGC and severe harm to vulnerable customers.
  • Your Approach: You rely on strict edge-case testing (e.g., testing the exact boundary of a limit, testing timezone shifts for 24-hour cooling-off periods, ensuring audit logs are immutable).

2. BDD as a Communication Tool

  • Talking Point: BDD is not just for automation; it's a shared language.
  • Your Approach: Explain how you use Gherkin syntax to ensure Product Managers, Compliance Officers, and Developers all agree on how a regulation should be implemented before a single line of code is written. BDD feature files act as "Living Documentation" for compliance audits.

3. Data-Driven Testing for Efficiency

  • Talking Point: The job requires "defining efficient test strategies."
  • Your Approach: Mention how you avoid writing hundreds of repetitive test cases. Instead, you use Gherkin Scenario Outline and Examples tables. This allows you to pass massive datasets (different limit amounts, different player statuses, different consumption amounts) through a single test scenario, maximizing coverage while minimizing maintenance.

4. Continuous Integration and AI

  • Talking Point: The role mentions CI systems and AI technologies for developer productivity.
  • Your Approach: Discuss how automated BDD tests should run on every Pull Request via CI/CD pipelines to prevent regressions. You can also mention that you leverage AI (like LLMs) to help brainstorm edge cases, formulate initial Gherkin drafts, and quickly analyze API schemas or Markdown documentation (like regulatory documents).

Example Scenario to Discuss in the Interview

If they ask how you would test a specific requirement, walk them through this Self-Exclusion scenario:

Feature: Self-Exclusion Enforcement

  Scenario Outline: Player attempts actions while self-excluded
    Given a player "Sarah" has an active self-exclusion status
    When "Sarah" attempts to <action>
    Then the action should be <result>
    And an audit event should be logged for the <action> attempt

    Examples:
      | action              | result   |
      | log in              | rejected |
      | deposit funds       | rejected |
      | withdraw funds      | allowed  |
      | place a bet         | rejected |

Note: Point out to the interviewers that even when self-excluded, players are legally allowed to withdraw their existing funds, which is why that specific action is 'allowed'. Catching nuances like this proves you understand safer gambling domains.

elite_interview_pitch.md

markdown · 4.2 KB↑ top

The Elite Interview Pitch

A personalized narrative mapping your unmatched industry experience directly to the PAM Software Tester role.

The Core Narrative

You are not a traditional QA Tester applying for a gambling tech role. You are a Compliance and Regulatory Architect moving into QA to execute the exact standards you have been enforcing across the industry.

When asked, "Tell us about yourself and why you want this role," use this framework:

"I’ve spent my career mastering the entire lifecycle of gambling compliance. I started by translating complex, new-market regulations (like Spain) into technical requirements for the dev teams building the slots front-end at Genesis Global. At Allwyn, I was writing the foundational Business Requirement Documents (BRDs) alongside Scientific Games. At William Hill, I operated at the enterprise level, authoring their group-wide RTS monitoring framework."

"Most recently, as a Compliance Manager at the UKGC, I led the 2025 software license assessments and worked on policy submissions regarding upcoming RTS issues. I know exactly how an operator's software fails an audit because I am the one auditing it."

"I want this role in the PAM team because I want to close the loop. I want to take those BRDs, that RTS monitoring framework, and the UKGC audit standards, and bake them directly into bet365's CI/CD pipeline using BDD and Gherkin. I want to engineer compliance directly into the test automation before the code even ships."


Mapping Your Experience to the Job Description

1. "Collaborating within a cross-functional team... to understand Business and technical requirements." * Your Proof: "At Genesis Global, I worked directly with the dev teams to translate Spanish gambling regulations into technical front-end requirements for slots. I am highly comfortable sitting between the legal requirements and the technical implementation."

2. "Conducting quality assurance testing on Responsible Gambling-specific projects." * Your Proof: "At William Hill, I wrote the entire RTS monitoring framework for the group assurance department. My 'testing' has been at the macro level, ensuring enterprise-wide systems comply with the exact Responsible Gambling principles this PAM team is building."

3. "Awareness and understanding of... Risk, Regulations, Limits and Self-Exclusion." * Your Proof: "As a UKGC Compliance Manager leading the 2025 software license assessments, I don't just understand the regulations—I enforce them. I also know where the regulations are heading next year based on my recent work with researchers on RTS policy issues."

4. "Defining efficient test strategies, including BDD feature files using Gherkin syntax." * Your Proof: "I am a massive advocate for Spec-Driven Development (SDD). I treat underlying code as disposable and the Gherkin specification as the ultimate source of truth. In fact, I am so passionate about rigorous requirements syntax that I actually built and published three VS Code extensions (under the name davidcockson) for EARS syntax and architecture design. My goal is to write iron-clad Gherkin specifications for the PAM team, knowing that enterprise platforms like TestMu AI will orchestrate and self-heal the actual execution across the CI/CD pipeline."

5. "Progressive attitude towards new technologies, including the use of AI." * Your Proof: "I am currently completing a Google/Kaggle engineering program focused on deploying zero-trust AI agents to Google Cloud. I know how to design AI consensus architectures (using models like Gemini and Haiku) that can securely bootstrap Gherkin tests from Jira tickets while using strict Policy Servers to prevent AI hallucination."


The Ultimate Flex

If they ask about your lack of a formal "Tester" title, smile and say:

"A standard tester looks at an RTS ticket and asks 'What are the acceptance criteria?' I look at the ticket and say, 'I wrote the framework for this at William Hill, I audited this exact feature for the UKGC last year, and here is the automated BDD feature file that ensures bet365 never gets fined for it.' Testing is just the technical execution of the rules I've spent my career writing."

bet365_ai_tech_stack_research.md

markdown · 4.1 KB↑ top

Bet365 AI & Tech Stack Research (Mid-2026)

Targeted research on bet365's internal testing and code modernisation strategy.

If you want to prove you've thoroughly researched their engineering culture, drop these specific initiatives into your interview answers.

1. Code Modernisation via GraphRAG

The Challenge: Bet365 has a massive, complex legacy codebase that they are actively modernising and migrating to Google Cloud Platform (GCP). Standard Generative AI models struggle with this because they lose the context of how different database tables and functions interact. The Solution: Bet365 built a custom GraphRAG (Graph Retrieval-Augmented Generation) system, applying the approach from Microsoft's published GraphRAG research. * What it does: It combines metadata tagging with GraphRAG to build a knowledge graph that summarises its databases and the business logic encoded in them (stored procedures, functions, tables), giving the AI the business context it previously lacked. * How developers use it: Instead of just asking AI to write code, bet365 engineers use it as an "Informed Partner." They ask, "If I change this specific deposit limit function, what other downstream systems will break?" The GraphRAG system highlights the exact dependencies, reducing investigation time from weeks to hours. * Interview talking point: "I was fascinated to read about how bet365 uses GraphRAG to map legacy dependencies during GCP migrations. When testing complex regulatory logic like RTS 12 limits, having that graph-level context is critical to ensure we are testing the right downstream APIs."

2. Quality Engineering via TestMu AI

The Partnership: On 31 March 2026, TestMu AI (which rebranded from LambdaTest on 12 Jan 2026) announced that Hillside Technology Limited — the technology entity behind bet365 — had adopted its platform to unify automated software testing and support hundreds of weekly production releases. The Usage: * Bet365 uses the platform's HyperExecute grid (with just-in-time infrastructure provisioning) to manage hundreds of weekly production releases, running cross-platform tests across 3,000+ browser/OS combinations and 10,000+ real iOS and Android devices through a single unified interface. * How it changes your role: You will not need to manage flaky Selenium grids or device farms. TestMu uses "Agentic AI" to self-heal brittle UI tests if a developer changes a button. This frees you up to act as the Architect—focusing entirely on Spec-Driven Development (SDD) and writing the Gherkin rules, while TestMu handles the execution layer. * Interview talking point: "I know bet365 recently partnered with TestMu AI to scale release velocity and unify testing across devices. Because platforms like TestMu handle the heavy lifting of cross-device orchestration and self-healing UI execution, it frees me up to focus on writing iron-clad BDD Gherkin specifications for our UKGC compliance rules, knowing TestMu will execute them flawlessly in the CI/CD pipeline."

3. The Google Cloud (GCP) Backbone

Bet365 relies heavily on GCP for its infrastructure (BigQuery, GKE, Cloud Spanner). * Interview talking point: "Because my background includes hands-on Google Cloud certifications (GKE, Terraform, Vertex AI), I understand the exact infrastructure that bet365's code runs on. I don't just write tests in a vacuum; I write tests that are designed to execute efficiently within cloud-native CI/CD pipelines."


Sources (verified June 2026)

  • TestMu AI rebrand from LambdaTest (12 Jan 2026): https://www.testmuai.com/lambdatest-is-now-testmuai/
  • bet365 / Hillside Technology partnership with TestMu AI (31 Mar 2026): https://www.businesswire.com/news/home/20260331630451/en/bet365-Partners-with-TestMu-AI-to-Accelerate-Global-Release-Velocity-with-Agentic-AI-Quality-Engineering — case study: https://www.testmuai.com/customers/bet365/
  • bet365 GraphRAG code modernisation: https://www.computing.co.uk/feature/2025/how-bet365-cracked-a-gen-ai-conundrum and https://www.computerweekly.com/news/366626201/Interview-Tech-innovation-at-Bet365

features/rts12_2026_updates.feature

code · 6.0 KB↑ top
@safer_gambling @RTS12 @compliance
Feature: UKGC RTS 12 Financial Limits and Prompts (RTS 12B changes)
  As a PAM System
  I need to enforce the latest RTS 12 financial limit definitions and rules
  So that we maintain compliance with the UKGC mandates

  # EFFECTIVE-DATE NOTE (verified June 2026):
  #  - IN FORCE since 31 Oct 2025: limit-setting presented as the DEFAULT option,
  #    prompt to set a limit before first deposit, six-monthly review prompt,
  #    annual prompt for customers without limits.
  #  - UPCOMING, effective 30 SEPTEMBER 2026 (pushed back from the originally
  #    proposed 30 June 2026): the "gross deposit limit" / "net deposit limit"
  #    definitions, "deposit limit" reserved for gross limits, "spend limits"
  #    renamed to "stake limits", revised loss-limit definition, and the
  #    "most restrictive limit must always apply" rule. The CURRENT standard
  #    (see rts_regs.md) still says "spend limits" and "the LOWEST limit should apply".
  # Sources:
  #  https://www.gamblingcommission.gov.uk/standards/remote-gambling-and-software-technical-standards/rts-12-financial-limits
  #  https://www.gamblingcommission.gov.uk/licensees-and-businesses/guide/page/rts-upcoming-changes

  Background:
    Given the player is logged into their account
    And the PAM system is configured for UKGC RTS 12 compliance

  # Source (RTS 12E, 12A, 12B):
  # "all customers must be prompted to set a financial limit as early as possible"
  # "financial limits must only be offered using free text and financial limits must be applied at the account level"
  # "setting a financial limit must be presented as the default option, and customers must take action to decline"
  Scenario: Limit setting is the default option with free text input (RTS 12A, 12B, 12E)
    Given a new player completes registration
    When the player reaches the onboarding limits screen
    Then setting a financial limit should be presented as the default option
    And the input field must be free text rather than predefined dropdowns
    And the limit must apply at the account level
    And the player must take positive action (e.g., clicking a specific "opt out" button) to decline setting a limit

  # Source (RTS 12B): 
  # "where a customer sets simultaneous time frames, for example a daily deposit limit and a weekly limit, the most restrictive must always apply."
  Scenario Outline: Enforcing the most restrictive limit across multiple timeframes (RTS 12B)
    Given the player has a daily gross deposit limit of <daily_limit> GBP
    And the player has a weekly gross deposit limit of <weekly_limit> GBP
    And the player has already deposited <deposited_today> GBP today
    And the player has already deposited <deposited_this_week> GBP this week
    When the player attempts to deposit <deposit_attempt> GBP
    Then the system must evaluate against both limits
    And the deposit transaction should be <expected_result>
    And the rejection reason should cite the most restrictive limit if applicable

    Examples:
      | daily_limit | weekly_limit | deposited_today | deposited_this_week | deposit_attempt | expected_result |
      | 50          | 200          | 40              | 150                 | 20              | rejected        | # Fails daily (40+20 > 50)
      | 100         | 150          | 0               | 140                 | 50              | rejected        | # Fails weekly (140+50 > 150)
      | 50          | 200          | 0               | 100                 | 40              | accepted        | # Passes both

  # Source (RTS 12B Definitions):
  # gross deposit limit: "where the amount a customer deposits into their account is limited over a particular duration"
  # net deposit limit: "the amount deposited into the account minus any withdrawals made for the period or duration of the limit applied."
  # loss limits: "the total value of stakes placed on gambling products minus the total value of any winnings or returns from those stakes"
  # stake limits: "the term 'spend limits' to be replaced with 'stake limits' to provide clarity"
  Scenario Outline: Calculating distinct financial limit types (RTS 12B)
    Given the player has set a <limit_type> limit of 100 GBP for the day
    And the player has the following transaction history for today:
      | Type       | Amount |
      | Deposit    | 80     |
      | Withdrawal | 30     |
      | Stake      | 60     |
      | Win        | 20     |
    When the system calculates the remaining allowance
    Then the consumed amount of the limit should equal <consumed_amount> GBP

    Examples:
      | limit_type        | consumed_amount | # Explanation                                    |
      | Gross Deposit     | 80              | # Total Deposited                                |
      | Net Deposit       | 50              | # Deposits (80) - Withdrawals (30)               |
      | Loss              | 40              | # Stakes (60) - Winnings (20)                    |
      | Stake             | 60              | # Total Stakes placed                            |

  # Source (RTS 12D):
  # "customers must receive a prompt to review their account and transaction information, that this prompt must be provided at a minimum of six-monthly intervals, and that customers should be able to set more frequent reminders"
  Scenario: Mandatory account review prompt (RTS 12D)
    Given the player has not reviewed their account and transaction information for 6 months
    When the player logs into the system
    Then the system must display a prompt to review account activity
    And the player must be given the option to set more frequent review reminders

  # Source (RTS 12E):
  # "customers without limits must be prompted to review this at least annually"
  Scenario: Annual prompt for users who opted out of limits (RTS 12E)
    Given the player took positive action to decline setting a financial limit
    And 12 months have passed since their decision
    When the player logs into the system
    Then the system must display a prompt to review their decision not to set a limit

features/safer_gambling_limits.feature

code · 3.6 KB↑ top
Feature: Safer Gambling - Financial Limits and Reality Checks
  As a Player Account Management (PAM) system
  I want to enforce financial limits, reality checks, and self-exclusion
  So that we comply with RTS 12 and RTS 13 safer gambling regulations

  Background:
    Given a registered player "John" exists
    And "John" has an account balance of 100 GBP

  Scenario: Player sets a daily deposit limit (RTS 12A)
    Given "John" has no active deposit limits
    When "John" sets a daily deposit limit of 50 GBP
    Then the system should confirm the limit is active immediately
    And "John" should not be able to deposit more than 50 GBP within 24 hours

  Scenario: Player attempts to exceed their deposit limit (RTS 12A)
    Given "John" has an active daily deposit limit of 50 GBP
    And "John" has already deposited 40 GBP today
    When "John" attempts to deposit 20 GBP
    Then the deposit transaction should be rejected
    And "John" should receive a notification "Deposit exceeds your active daily limit."

  Scenario: Player requests to increase their deposit limit (RTS 12D)
    Given "John" has an active daily deposit limit of 50 GBP
    When "John" requests to increase the daily deposit limit to 100 GBP
    Then the system should enforce a cooling-off period of 24 hours from the request
    And the limit should remain 50 GBP during the cooling-off period
    And an audit log of the limit increase request should be generated

  Scenario: Player confirms deposit limit increase after cooling-off period (RTS 12D)
    Given "John" requested a limit increase to 100 GBP over 24 hours ago
    When "John" takes positive action to confirm the new limit
    Then the new daily deposit limit of 100 GBP should become active immediately
    And an audit log of the limit increase confirmation should be generated

  Scenario: Limit increases do not reset the deposited amount
    Given "John" has an active daily deposit limit of 50 GBP
    And "John" has already deposited 40 GBP today
    When "John" confirms a limit increase to 100 GBP
    Then the new daily deposit limit of 100 GBP should become active
    And "John" should only have 60 GBP remaining in their daily deposit allowance
    When "John" attempts to deposit 70 GBP
    Then the deposit transaction should be rejected

  Scenario: Player requests to decrease their deposit limit (RTS 12D)
    Given "John" has an active daily deposit limit of 100 GBP
    When "John" requests to decrease the daily deposit limit to 50 GBP
    Then the new limit of 50 GBP should be implemented immediately

  Scenario: Reality check appears after elapsed time (RTS 13B)
    Given "John" has set a reality check frequency of 60 minutes
    And "John" has an active gaming session
    When 60 minutes elapse in the current gaming session
    Then a reality check notification displaying the elapsed time should appear on the screen
    And "John" must not be permitted to commit further funds until the reality check is acknowledged

  # NOTE: Self-exclusion is NOT an RTS standard. It is governed by the LCCP
  # Social Responsibility Code (SRCP 3.5.x) and the national online scheme
  # (GAMSTOP). The 6-month minimum below is the national-scheme minimum.
  # RTS 12/13 cover financial limits and reality checks; self-exclusion does not.
  Scenario: Player initiates self-exclusion
    Given "John" is logged into the application
    When "John" opts for self-exclusion for a period of 6 months
    Then the system should immediately end "John"'s active gaming session
    And "John" should not be able to log in for the next 6 months
    And the system should prevent promotional materials from being sent to "John"

features/step_definitions/steps.ts

code · 6.7 KB↑ top
// Step definitions for the @RTS12 financial-limits feature.
//
// This is a SELF-CONTAINED in-memory simulation of the PAM rules so the suite
// runs green with no external API/DB. In a real bet365 PAM system the Given/When
// steps would call the API client (e.g. PamApiClient) or a Kafka producer instead
// of mutating `this.player`. The assertion LOGIC here is real, so the Examples
// tables genuinely validate the rules (e.g. most-restrictive limit, loss calc).

import { Given, When, Then, DataTable } from '@cucumber/cucumber';
import assert from 'node:assert/strict';

// --- Background ---------------------------------------------------------------

Given('the player is logged into their account', function (this: any) {
  this.player = {
    loggedIn: true,
    depositedToday: 0,
    depositedThisWeek: 0,
    transactions: [],
  };
});

Given('the PAM system is configured for UKGC RTS 12 compliance', function (this: any) {
  this.rtsCompliant = true;
});

// --- Scenario: limit-setting is the default option (RTS 12A/12B/12E) ----------

Given('a new player completes registration', function (this: any) {
  this.player = { ...(this.player || {}), registered: true };
});

When('the player reaches the onboarding limits screen', function (this: any) {
  // The PAM system renders the onboarding screen per the RTS 12 requirements.
  this.onboardingScreen = {
    defaultOption: 'set_limit',
    inputType: 'free_text',
    limitScope: 'account',
    declineRequiresPositiveAction: true,
  };
});

Then('setting a financial limit should be presented as the default option', function (this: any) {
  assert.equal(this.onboardingScreen.defaultOption, 'set_limit');
});

Then('the input field must be free text rather than predefined dropdowns', function (this: any) {
  assert.equal(this.onboardingScreen.inputType, 'free_text');
});

Then('the limit must apply at the account level', function (this: any) {
  assert.equal(this.onboardingScreen.limitScope, 'account');
});

Then(
  /^the player must take positive action .* to decline setting a limit$/,
  function (this: any) {
    assert.equal(this.onboardingScreen.declineRequiresPositiveAction, true);
  }
);

// --- Scenario Outline: most-restrictive limit across timeframes (RTS 12B) ------

Given('the player has a daily gross deposit limit of {int} GBP', function (this: any, daily: number) {
  this.player = { ...(this.player || {}), dailyLimit: daily };
});

Given('the player has a weekly gross deposit limit of {int} GBP', function (this: any, weekly: number) {
  this.player.weeklyLimit = weekly;
});

Given('the player has already deposited {int} GBP today', function (this: any, amount: number) {
  this.player.depositedToday = amount;
});

Given('the player has already deposited {int} GBP this week', function (this: any, amount: number) {
  this.player.depositedThisWeek = amount;
});

When('the player attempts to deposit {int} GBP', function (this: any, amount: number) {
  this.depositAttempt = amount;
});

Then('the system must evaluate against both limits', function (this: any) {
  const daily = this.player.depositedToday + this.depositAttempt;
  const weekly = this.player.depositedThisWeek + this.depositAttempt;

  const breaches: { limit: string; over: number }[] = [];
  if (daily > this.player.dailyLimit) breaches.push({ limit: 'daily', over: daily - this.player.dailyLimit });
  if (weekly > this.player.weeklyLimit) breaches.push({ limit: 'weekly', over: weekly - this.player.weeklyLimit });

  this.evaluation = {
    accepted: breaches.length === 0,
    // The "most restrictive" breach is the one exceeded by the largest margin.
    mostRestrictive: breaches.sort((a, b) => b.over - a.over)[0]?.limit ?? null,
  };
});

Then('the deposit transaction should be {word}', function (this: any, expected: string) {
  const actual = this.evaluation.accepted ? 'accepted' : 'rejected';
  assert.equal(actual, expected);
});

Then('the rejection reason should cite the most restrictive limit if applicable', function (this: any) {
  if (!this.evaluation.accepted) {
    assert.ok(this.evaluation.mostRestrictive, 'a rejected deposit must cite the breached limit');
  }
});

// --- Scenario Outline: calculating distinct limit types (RTS 12B) -------------

Given(/^the player has set a (.+) limit of (\d+) GBP for the day$/, function (this: any, limitType: string, amount: string) {
  this.player = { ...(this.player || {}), limitType: limitType.trim(), limitAmount: Number(amount) };
});

Given('the player has the following transaction history for today:', function (this: any, table: DataTable) {
  this.player.transactions = table.hashes().map((row) => ({ type: row.Type, amount: Number(row.Amount) }));
});

When('the system calculates the remaining allowance', function (this: any) {
  const sum = (type: string) =>
    this.player.transactions.filter((t: any) => t.type === type).reduce((acc: number, t: any) => acc + t.amount, 0);

  const deposits = sum('Deposit');
  const withdrawals = sum('Withdrawal');
  const stakes = sum('Stake');
  const wins = sum('Win');

  const consumedByType: Record<string, number> = {
    'Gross Deposit': deposits,
    'Net Deposit': deposits - withdrawals,
    Loss: stakes - wins,
    Stake: stakes,
  };

  this.consumed = consumedByType[this.player.limitType];
});

Then('the consumed amount of the limit should equal {int} GBP', function (this: any, expected: number) {
  assert.equal(this.consumed, expected);
});

// --- Scenario: account-review prompt + annual opt-out prompt (RTS 12D/12E) -----

Given('the player has not reviewed their account and transaction information for {int} months', function (this: any, months: number) {
  this.player = { ...(this.player || {}), monthsSinceReview: months };
});

Given('the player took positive action to decline setting a financial limit', function (this: any) {
  this.player = { ...(this.player || {}), declinedLimit: true };
});

Given('{int} months have passed since their decision', function (this: any, months: number) {
  this.player.monthsSinceDecision = months;
});

When('the player logs into the system', function (this: any) {
  this.prompts = {
    reviewActivity: (this.player.monthsSinceReview ?? 0) >= 6,
    setMoreFrequentReminders: (this.player.monthsSinceReview ?? 0) >= 6,
    reviewNoLimitDecision: this.player.declinedLimit === true && (this.player.monthsSinceDecision ?? 0) >= 12,
  };
});

Then('the system must display a prompt to review account activity', function (this: any) {
  assert.equal(this.prompts.reviewActivity, true);
});

Then('the player must be given the option to set more frequent review reminders', function (this: any) {
  assert.equal(this.prompts.setMoreFrequentReminders, true);
});

Then('the system must display a prompt to review their decision not to set a limit', function (this: any) {
  assert.equal(this.prompts.reviewNoLimitDecision, true);
});

cucumber.js

code · 0.2 KB↑ top
module.exports = {
  default: {
    requireModule: ['ts-node/register'],
    require: ['features/step_definitions/**/*.ts'],
    format: ['progress'],
    paths: ['features/**/*.feature']
  }
}

package.json

code · 0.3 KB↑ top
{
  "name": "gherghin",
  "version": "1.0.0",
  "main": "index.js",
  "scripts": {
    "test": "cucumber-js --tags @RTS12",
    "test:all": "cucumber-js"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "description": "",
  "devDependencies": {
    "@cucumber/cucumber": "^12.9.0",
    "ts-node": "^10.9.2",
    "typescript": "^6.0.3"
  }
}

.github/workflows/regulatory_bdd_gates.yml

code · 1.9 KB↑ top
name: PAM Regulatory Quality Gates

on:
  pull_request:
    branches: [ "main", "release/**" ]
  push:
    branches: [ "main" ]

jobs:
  bdd-compliance-tests:
    name: Run BDD Regulatory Tests (Cucumber)
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Setup Node.js (Test Framework Environment)
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install Dependencies
        run: npm ci

      - name: Lint Gherkin Feature Files
        run: npx gherkin-lint
        # This acts as the first gate: enforces standard Gherkin syntax across the team

      - name: Spin up Local PAM API Mock (Docker)
        run: docker compose up -d pam-api-mock kafka-test-broker
        # In a real environment (like bet365), this step might instead deploy to a temporary GKE (Kubernetes) namespace

      - name: Execute RTS 12 (Financial Limits) Tests
        run: npx cucumber-js features/ --tags "@RTS12" --format json:reports/rts12-report.json
        # Quality Gate 1: Block merge if deposit limits logic is broken

      - name: Execute RTS 13 & Self-Exclusion Tests
        run: npx cucumber-js features/ --tags "@RTS13 or @SelfExclusion" --format json:reports/rts13-report.json
        # Quality Gate 2: Block merge if self-exclusion or reality check logic is broken

      - name: Generate Living Documentation (HTML Report)
        if: always() # Run this even if tests fail so we can see the exact errors
        run: npx cucumber-html-reporter -d reports/

      - name: Upload Test Reports as Artifact
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: BDD-Compliance-Report
          path: reports/
          retention-days: 30
          # These reports act as immutable compliance evidence for regulatory audits (e.g. UKGC)

.agents/skills/bdd-gherkin/SKILL.md

markdown · 2.9 KB↑ top

name: bdd-gherkin description: Guide for creating and checking Behaviour-Driven Development (BDD) feature files using Gherkin syntax, particularly for regulatory and testing contexts.


BDD and Gherkin Writing Skill

Use this skill when asked to create, format, or validate BDD feature files using Gherkin syntax, or when devising test strategies.

1. Defining an Efficient BDD Test Strategy

Source: Cucumber Official Guides - BDD Overview

An efficient BDD test strategy moves from discovery to automation: - Discovery ("Three Amigos"): The Product Owner, Developer, and Tester discuss a requirement and identify concrete examples of behavior. - Formulation: The Tester formulates these examples into Gherkin feature files (declarative, business-readable text). - Automation: Developers/Testers write step definitions to map the Gherkin steps to test automation code (e.g., Cypress, Selenium, API clients). - Validation: The feature files run in the CI/CD pipeline, acting as living documentation.

2. Gherkin Syntax Best Practices

  • Declarative over Imperative: Write steps that describe what the user is trying to achieve, not how they do it.
  • Bad: "When the user clicks the login button and types 'password' in the field"
  • Good: "When the user logs in with valid credentials"
  • Backgrounds: Use Background for repeated Given steps across scenarios in the same file.
  • Scenario Outlines: Use Scenario Outline with Examples tables for data-driven testing to avoid repetitive scenarios.
  • Tags: Use tags like @regression, @smoke, or @RTS12 to organize and target specific test suites.

3. Example: Data-Driven Regulatory Testing

This is an example of an efficient way to test multiple boundary conditions without duplicating code:

@safer_gambling @RTS12
Feature: Safer Gambling Financial Limits (Data-Driven)

  Background:
    Given a registered player "John" exists

  Scenario Outline: Player attempts to deposit with active limits
    Given "John" has an active <limit_type> limit of <limit_amount> GBP
    And "John" has already consumed <consumed_amount> GBP of that limit
    When "John" attempts to deposit <deposit_amount> GBP
    Then the deposit transaction should be <expected_result>
    And the remaining limit should be <remaining_limit> GBP

    Examples:
      | limit_type | limit_amount | consumed_amount | deposit_amount | expected_result | remaining_limit |
      | daily      | 100          | 50              | 60             | rejected        | 50              |
      | daily      | 100          | 50              | 50             | accepted        | 0               |
      | weekly     | 500          | 400             | 150            | rejected        | 100             |
      | monthly    | 1000         | 0               | 1001           | rejected        | 1000            |

README.md

markdown · 3.3 KB↑ top

Gherkin / BDD Study Pack

A hands-on study pack for Behaviour-Driven Development (BDD) with Gherkin and Cucumber.js, themed around regulated online-gambling testing (PAM / RTS financial-limit rules). It pairs written guides with a small, runnable Cucumber suite — and doubles as interview prep for PAM/QA tester roles.


📖 Quick read — the docs viewer

Everything in this repo is bundled into a single, offline, self-contained page with a sidebar index, syntax-highlighted code, and a notes box under each file.

# Open the reviewable HTML (no internet needed — just opens in your browser)
xdg-open docs.html        # Linux
# or double-click docs.html in your file manager

Regenerate it any time after editing a source file:

python3 build_docs.py     # requires: python3 + `markdown` and `pygments` modules

build_docs.py auto-discovers every .md, .feature, .ts, .js, .yml, and .json file (skipping node_modules), so the docs stay in sync as the repo grows. The reviewer-notes you type in the page are saved in your browser (localStorage) and can be exported to reviewer-notes.md with the ⬇ Export notes button.


🧪 Running the BDD tests

Requires Node.js 20+.

# 1. Install dependencies
npm install

# 2. Run the RTS 12 (financial-limit) scenarios — the default
npm test
#   ≡ npx cucumber-js --tags @RTS12

# 3. Run the entire suite
npm run test:all
#   ≡ npx cucumber-js

Running by tag

Scenarios are tagged (@RTS12, @RTS13, @SelfExclusion, …). Run a subset with:

npx cucumber-js --tags "@RTS12 or @SelfExclusion"

How it wires together

cucumber.js registers ts-node/register, loads step definitions from features/step_definitions/**/*.ts, and runs every .feature under features/. To add a test: drop a new .feature file in features/ and add matching step definitions — no other config needed.

CI

.github/workflows/regulatory_bdd_gates.yml runs on PRs to main / release/**: it lints Gherkin, spins up mocks, then executes tagged Cucumber runs as merge-blocking quality gates.


🗂️ What's in here

Area Files
Start here 10_minute_tutorial.md, bdd_overview.md, bdd_test_strategy_guide.md, day_to_day_tester_workflow.md, qa_vocabulary_guide.md
Gherkin reference gherkin_reference.md, ears_to_gherkin_bridge.md, vscode_bdd_setup.md
CI/CD & advanced testing ci_cd_pipeline_guide.md, advanced_ai_test_architecture.md, react_visual_testing_landscape_2026.md
Regulatory (PAM / RTS) rts_regs.md
Interview prep pam_tester_interview_prep.md, elite_interview_pitch.md, bet365_ai_tech_stack_research.md
Runnable suite features/*.feature, features/step_definitions/steps.ts, cucumber.js, package.json
CI .github/workflows/regulatory_bdd_gates.yml
Docs tooling build_docs.pydocs.html

📝 Obsidian notes

Working notes and the cross-links live in the Obsidian vault:

  • Open in Obsidian
  • Vault path: 02_Coding-Development/BDD-Gherkin-Study-Pack.md
  • Auto-listed in 02_Coding-Development/_Coding-Index.md (Dataview)

increasing_weekly_limit_master_spec.md

markdown · 6.1 KB↑ top

Master Specification: Increasing a Weekly Deposit Limit

This document acts as the single source of truth for the "Increase Weekly Limit" flow. It bridges the gap between Business Requirements (BDD), System Architecture (Diagrams), Test Automation, and Production Operations (Observability).


Part 1: BDD Requirements (Cucumber/Gherkin)

As established, enterprise systems separate "Account Management" (changing rules) from "Payments" (enforcing rules). Therefore, this flow spans two distinct feature files.

File 1: Account Management (manage_weekly_limit.feature)

Owner: Responsible Gambling (RG) Team Purpose: Verifies the 24-hour cooling-off period and notification lifecycle.

@safer_gambling @limits_management
Feature: Manage Weekly Deposit Limit

  Background:
    Given a verified player exists
    And they have an active weekly deposit limit of £100

  Scenario: Requesting a weekly limit increase triggers a cooling-off period
    When the player requests to increase their weekly limit to £500
    Then the request must be marked as pending
    And the player should be notified of the 24-hour cooling-off period
    And their active weekly limit must remain £100

  Scenario: A pending limit increase takes effect after 24 hours
    Given the player has a pending request to increase their weekly limit to £500
    When 24 hours have passed since the request was made
    Then their active weekly limit must automatically become £500
    And the pending request should be marked as completed
    And they should be notified that the new limit is active

File 2: Cashier / Payments (deposit_enforcement.feature)

Owner: Payments Team Purpose: Verifies the system correctly does the math against the active limit.

@payments @deposit_limits
Feature: Enforce Weekly Deposit Limits During Transactions

  Scenario Outline: System enforces the active weekly limit
    Given the player has an active weekly limit of £<weekly_limit>
    And they have already deposited £<prior_deposits> this week
    When they attempt to make a new deposit of £<new_deposit>
    Then the transaction should be <expected_outcome>

    Examples:
      | weekly_limit | prior_deposits | new_deposit | expected_outcome |
      | 100          | 0              | 50          | Accepted         |
      | 100          | 50             | 50          | Accepted         |
      | 100          | 50             | 60          | Rejected         |
      | 500          | 400            | 150         | Rejected         |

Part 2: System Architecture (Diagrams)

Diagram A: Limit Lifecycle (State Machine)

This maps directly to manage_weekly_limit.feature. It visualizes the strict regulatory path a limit must take.

stateDiagram-v2
    [*] --> Active_100: Player creates account

    state "Active Limit (£100)" as Active_100
    state "Pending Increase (£500)" as Pending
    state "Active Limit (£500)" as Active_500

    Active_100 --> Pending: Player requests £500\n(Start Cooling-off)

    Pending --> Active_100: Player cancels request
    Pending --> Active_500: 24h Cron Job fires\n(Limit Applied)

Diagram B: Deposit Enforcement (Sequence Diagram)

This maps directly to deposit_enforcement.feature. It shows how the Payment system queries the RG system before moving money.

sequenceDiagram
    actor Player
    participant Cashier UI
    participant Payment Gateway
    participant RG Service

    Player->>Cashier UI: Attempt Deposit (£60)
    Cashier UI->>Payment Gateway: Process(£60)

    Payment Gateway->>RG Service: Get Active Weekly Limit
    RG Service-->>Payment Gateway: Return Active Limit (£100) & Prior Deposits (£50)

    Payment Gateway->>Payment Gateway: Calculate: 50 + 60 = 110 (Exceeds 100)

    Payment Gateway-->>Cashier UI: Reject Transaction
    Cashier UI-->>Player: Show "Limit Exceeded" message

Part 3: Test Automation Strategy

How QA and Automation Engineers will execute these Gherkin steps:

  1. Handling the 24-Hour Wait: * Automated tests cannot pause for 24 hours. * Solution: The step When 24 hours have passed will be automated via a "Time Travel" backdoor. The automation framework will make a direct API call to the database or trigger the system's "Midnight Cron Job" manually to instantly mature the pending request.
  2. Mocking Notifications: * We do not want to spam real email addresses during test runs. * Solution: The And they should be notified steps will point to a mocked SMTP server (like Mailhog or Mailtrap) to verify the email was generated with the correct template, without actually sending it.
  3. Data Isolation: * Every scenario run will generate a brand new, unique Player ID to ensure previous test deposits don't accidentally ruin the math for the next test.

Part 4: Production Observability & Monitoring

When this code is deployed, we use Datadog/Grafana to ensure production reality matches our Cucumber tests.

1. Key Business Metrics (Dashboards)

We track these metrics to ensure the lifecycle is completing successfully: * rg.weekly_limit.increase.requested (Spikes when users click submit) * rg.weekly_limit.increase.applied (Should perfectly mirror the 'requested' metric, offset by 24 hours) * payments.deposit.rejected.weekly_limit (Spikes if users are actively hitting their boundaries)

2. Standardized Log Tags

If an engineer searches Splunk/Kibana, they should find logs matching our Gherkin terms: * [INFO] event="limit_increase_pending" type="weekly" old_limit=100 new_limit=500 player_id=XYZ * [INFO] event="limit_increase_applied" type="weekly" active_limit=500 player_id=XYZ * [WARN] event="deposit_rejected" reason="weekly_limit_exceeded" player_id=XYZ

3. Distributed Tracing for CI/CD Failures

If the A pending limit increase takes effect after 24 hours test fails in the CI pipeline, the test runner injects a Trace-ID. QA can paste that ID into Datadog to see exactly where the chain broke: * ✅ Cron Job fired successfully * ✅ Database updated to £500 * ❌ Notification Service returned 500 Internal Server Error (Root Cause Found!)

safer_gambling_architecture.md

markdown · 3.9 KB↑ top

Safer Gambling System Architecture & Observability

This document maps the Gherkin behavioral tests to system architecture, state management, and production observability.

1. State Machine: Deposit Limit Lifecycle

This diagram defines the core business rules for limit states. Every transition arrow here corresponds directly to a Scenario in our manage_deposit_limits.feature file.

stateDiagram-v2
    [*] --> Active: Player sets initial limit

    state "Active Limit (£50)" as Active
    state "Pending Increase (£100)" as Pending

    Active --> Active: Decrease Limit (Instant)\n[Scenario 1]

    Active --> Pending: Request Increase\n[Scenario 2]

    Pending --> Active: Cancel Request\n[Scenario 4]
    Pending --> Active: 24h Timer Expires\n[Scenario 3]

2. Sequence Diagram: Deposit Enforcement

This diagram shows the flow for the Scenario Outline: System enforces the active limits. It highlights why we need distributed tracing—multiple services are involved in a single transaction.

sequenceDiagram
    actor Player
    participant Cashier UI
    participant Payment Gateway
    participant RG Service (Limits)
    participant Notification Service

    Player->>Cashier UI: Attempt Deposit (£60)
    Cashier UI->>Payment Gateway: ProcessTransaction(£60)

    %% The gateway must check limits before moving money
    Payment Gateway->>RG Service: Check Limits(PlayerID, £60)

    alt Over Limit (Rejected)
        RG Service-->>Payment Gateway: Reject (Daily Limit Exceeded)
        Payment Gateway-->>Cashier UI: Error: Deposit blocked
        Cashier UI-->>Player: Show "Limit Exceeded" Message
    else Within Limits (Accepted)
        RG Service-->>Payment Gateway: Accept
        Payment Gateway->>Payment Gateway: Move Funds
        Payment Gateway-->>Cashier UI: Success
        Cashier UI-->>Player: Deposit Successful
        Payment Gateway->>Notification Service: Send Receipt
    end

3. Domain Context Map: Microservice Boundaries

As discussed, "Managing Limits" and "Enforcing Limits" belong in completely different feature files because they live in different system domains.

flowchart LR
    subgraph "Account Management Domain"
        RG[RG Service]
        DB[(RG Database)]
        Cron[24h Timer Cron Job]

        RG --> DB
        Cron -.-> RG
    end

    subgraph "Payments Domain"
        Cashier[Cashier Service]
        Bank[External Bank API]

        Cashier --> Bank
    end

    %% The boundary connection
    Cashier -- "Requests Limit Status" --> RG

4. Production Observability Strategy

To prove our Gherkin tests are actually reflecting reality, we monitor the following in tools like Datadog, Grafana, or Splunk:

Key Business Metrics (Dashboards)

If our tests pass, these metrics should align with expected player behavior: * rg.limits.decreased.total (Counter: Should increment instantly) * rg.limits.increase_requested.total (Counter: Should increment when Pending starts) * rg.limits.increase_applied.total (Counter: Should spike 24 hours after requests) * payments.deposit.rejected tagged with reason:daily_limit or reason:monthly_limit

Distributed Tracing (Debugging Tests)

When a BDD test executes via Cypress or Selenium, it injects a header (e.g., X-B3-TraceId). If the test Scenario: A pending limit increase takes effect after 24 hours fails, we search the trace ID in Datadog and might see: 1. [SUCCESS] Test Runner triggers Cron Job API 2. [SUCCESS] RG Service reads Pending Limit from Database 3. [ERROR] Notification Service timed out sending the confirmation email (This proves the limit logic worked, but the test failed because of the email system).

Standardized Log Tagging

The system should emit logs matching our Gherkin vocabulary: * [INFO] action=limit_increase_pending player_id=123 amount=1000 delay_hours=24 * [INFO] action=deposit_rejected reason=weekly_limit_exceeded attempted=60 available=50 ```

safer_gambling_limits.md

markdown · 2.6 KB↑ top

Safer Gambling Deposit Limits Feature

@safer_gambling @regulatory @RTS12
Feature: Safer Gambling Deposit Limits Management
  As a verified player
  I want to be able to manage my financial deposit limits
  So that I can gamble responsibly and within my means

  Background:
    Given a verified player exists
    And they have the following active deposit limits:
      | limit_type | amount |
      | daily      | £50    |
      | weekly     | £200   |
      | monthly    | £500   |

  Scenario: Decreasing a limit takes effect instantly
    When the player requests to decrease their weekly limit to £100
    Then their active weekly limit must instantly become £100
    And they should be notified that the decrease was successful
    And their daily and monthly limits must remain unchanged

  Scenario: Requesting a limit increase triggers a cooling-off period
    When the player requests to increase their monthly limit to £1000
    Then the request must be marked as pending
    And the player should be notified of the 24-hour cooling-off period
    And their active monthly limit must remain £500
    And their daily and weekly limits must remain unchanged

  Scenario: A pending limit increase takes effect after 24 hours
    Given the player has a pending request to increase their monthly limit to £1000
    When 24 hours have passed since the request was made
    Then their active monthly limit must automatically become £1000
    And the pending request should be marked as completed
    And they should be notified that the new limit is active

  Scenario: Cancelling a pending limit increase
    Given the player has a pending request to increase their monthly limit to £1000
    When the player cancels the pending request before 24 hours have passed
    Then the pending request should be removed
    And their active monthly limit must remain £500
    And they should be notified of the cancellation

  Scenario Outline: System enforces the active limits during deposits
    Given the player has already deposited £<previous_deposits> today
    When they attempt to make a new deposit of £<new_deposit>
    Then the transaction should be <expected_outcome>
    And their remaining daily limit should be £<remaining_daily>

    Examples:
      | previous_deposits | new_deposit | expected_outcome | remaining_daily |
      | 10                | 20          | Accepted         | 20              |
      | 10                | 40          | Accepted         | 0               |
      | 10                | 50          | Rejected         | 40              |
      | 50                | 1           | Rejected         | 0               |