Tamagochi is CyberSkill's cross-platform 2D animated companion game and PetOS white-label B2B engine. The project is organized around 53 audited tasks covering compliance, infrastructure, auth, pet lifecycle, care loops, AI safety, AR/social sharing, social play, monetization, localization, accessibility, observability, and multi-tenant B2B.
This repository is currently an executable product-contract baseline: it contains domain services, local QA app, generated-but-hardened app/API/infra deliverables, task specs, product docs, SRS, QA matrix, unit tests, task acceptance tests, E2E journeys, and verification scripts.
| Path | Purpose |
|---|---|
src/ |
Deterministic TypeScript domain services for product logic and policies |
tests/unit/ |
Service-level unit coverage |
tests/e2e/ |
Cross-module product journeys and local QA console checks |
tests/task-acceptance.test.ts |
One executable acceptance contract per shipped task |
apps/web-qa/ |
Browser-based QA console for live local verification |
apps/cocos/ |
Cocos client deliverable surface and component contracts |
apps/api/ |
API/module deliverable surface |
apps/realtime/ |
Realtime room deliverable surface |
apps/petos-console/ |
PetOS console deliverable surface |
infra/supabase/ |
Supabase migration and edge-function deliverables |
docs/tasks/ |
task specs, backlog, implementation log, one-by-one audit |
docs/PRD.md |
Product Requirements Document |
docs/SRS.md |
Software Requirements Specification |
docs/testing/TEST_CASES.md |
Full test-case and traceability matrix |
docs/marketing/SOCIAL_CONTENT_SCHEDULE.md |
Manual social posting content and schedule |
Use Node.js 24+.
node --version
npm --versionExpected:
node >= 24
npm >= 11
Install workspace links:
npm installNo production vendor credentials are required for local verification. Vendor/device checks are tracked as deployment gates.
Run the full local verification suite:
npm run verifyThis runs:
npm run test:unit
npm run test:task
npm run test:e2e
npm run task:check
npm run qa:checkExpected result:
12 unit tests passed
54 task acceptance tests passed
7 E2E tests passed
task check passed
QA check passed
Start the local web QA app:
npm run web:qaOpen:
http://localhost:4173
Use the buttons in this order:
- Run Standard Player Flow
- Run Under-13 Safe Flow
- Run Social + Trade Flow
- Run Monetization Flow
- Run PetOS Tenant Flow
- Run All task Journeys
The page should show Passing, 53 shipped tasks, compliance gates, scenario evidence, and the manual social-post queue.
Start the local playable game harness:
npm run web:gameOpen:
http://localhost:4175
Use this click path to verify the game loop:
- Click
Hatch. - Click
Nameand choose a safe name. - Click
Feed,Clean,Hug, andMini-game. - Click
Age +1 Dayuntil the pet reaches adult. - Open each tab:
AI,Social,Economy,AR & Viral,PetOS,Audit. - Click every action button in each tab.
- Switch
AudiencetoUnder-13 Kidsand verify scripted AI/contextual ad behavior. - Switch
TenantbetweenMochi,Techcombank, andVietteland verify theme and tenant text change.
The playable harness is the local proof surface for game behavior. Native AR, real IAP, real ad SDKs, Zalo OA, Crowdin, and app-store submissions remain external production gates.
npm run test:unitCovers:
- legal/compliance gates;
- Apple/Google/Zalo auth and kid invites;
- Cocos/infra bundle and tenant loading;
- observability/anti-cheat;
- pet hatch/name/evolution/stats/breeding/grandma rescue;
- feed/clean/hug/mini-game/streak logic;
- economy ledger/IAP/subscription/ads;
- AI safety and kids scripted mode;
- AR/share/live-ops media logic;
- social/trade/ceremony;
- localization/accessibility/B2B.
npm run test:taskCovers every task in src/registry.ts. If a new task is added, this suite must gain a matching acceptance case.
npm run test:e2eCovers:
- Standard player hatch-to-share journey.
- Under-13 safe account journey.
- Monetization and live-ops journey.
- Social collection journey.
- PetOS tenant isolation journey.
- Game-session orchestrator across all journeys.
- Web QA console serving browser-ready assets.
npm run task:checkValidates:
- 53 task source files exist;
- every task frontmatter is
status: shipped; - every task has
shipped: 2026-05-17; - every audit file has
score_post_revision_2: 10/10; - every declared file reference exists;
- backlog and manifest are synchronized.
npm run qa:checkValidates:
- root README exists;
- PRD exists;
- SRS exists;
- test-case matrix exists;
- social content schedule exists;
- unit and E2E test files exist;
- package scripts are wired;
- no generated placeholder markers remain.
Generate the strict task manifest before processing:
npm run task:manifestThis writes:
docs/tasks/pipeline/TASK_MANIFEST.md
docs/tasks/pipeline/task-manifest.json
Run the conditional one-by-one audit pipeline:
npm run task:auditThe pipeline scans each task in build order, marks [Unimplemented, Implemented-Pending-Audit, Blocked, Completed], writes the manifest after each state change, and creates one raw-output audit report per task in:
docs/tasks/pipeline/audits/
Each completed task must pass:
npm run test:unit
npm run test:task -- --test-name-pattern <TASK-ID>
npm run test:e2e
npm run task:check
npm run qa:checkWhen prior backlog status labels are stale, run the fresh zero-touch revalidation path instead:
npm run task:fresh-auditThis ignores existing status cells, writes a pre-flight edge-case matrix, re-derives each task state from declared deliverables and tests, updates BACKLOG.md after every task, writes raw per-FR reports to docs/tasks/pipeline/fresh-audits/, and finishes with Node's coverage report.
Run:
node scripts/task-audit-one-by-one.mjsOutput:
docs/tasks/IMPLEMENTATION_AUDIT_2026-05-18.md
The audit table lists all tasks in dependency/build order with:
- deliverable check;
- automated verification;
- live/manual verification;
- result;
- blocked production gates where vendor credentials or physical devices are needed.
Read in this order:
docs/PRD.mdfor product goals, personas, scope, success metrics, and release gates.docs/SRS.mdfor software interfaces, data models, error handling, and verification requirements.docs/testing/TEST_CASES.mdfor full test-case traceability.docs/tasks/BACKLOG.mdfor the shipped task index.docs/tasks/IMPLEMENTATION_AUDIT_2026-05-18.mdfor the one-by-one implementation audit.
For features that touch TikTok/Reels/Shorts/Threads/X/LinkedIn, use:
docs/marketing/SOCIAL_CONTENT_SCHEDULE.md
Before posting:
- Run
npm run web:qa. - Capture the relevant live QA flow or native gameplay build.
- Confirm the clip is vertical and watermarked.
- Confirm no child PII appears.
- Confirm no off-platform trade language appears.
- Confirm no real-money randomization language appears.
- Post at the scheduled Asia/Ho_Chi_Minh time.
Edit:
src/pet.ts
src/care.ts
Then run:
npm run test:unit
npm run test:e2eKey tuning points:
- stat decay rates in
PetService.reconcileStats; - feed/clean/hug restore values in
CareService; - mini-game payout cap in
CareService.miniGame; - streak forgiveness behavior in
CareService.claimStreak.
Edit:
src/economy.ts
Then run:
npm run test:unit
npm run test:taskRules that must not be weakened:
- Hearts only from IAP source.
- No overdraft.
- No Coins/Hearts conversion.
- Catalog items must remain direct purchase and non-randomized.
Edit:
src/legal.ts
src/auth.ts
src/ai.ts
src/economy.ts
src/media.ts
Then run:
npm run verifyRules that must not be weakened:
- Under-13 users require parent invite verification.
- Under-13 AI is scripted only.
- Under-13 ads are contextual only.
- Kids SDK allow-list remains restricted.
- Quiet-hour push restrictions remain enforced.
Edit:
src/b2b.ts
apps/cocos/assets/tenants/
docs/b2b/
Then run:
npm run test:e2e
npm run task:checkTenant rules:
- Tenant slug must be explicit.
- Cross-tenant reads must filter to zero rows.
- DPO audit must remain role-gated.
- Reference tenants must not leak consumer data.
Use this repo to validate product logic and task traceability:
npm run verify
npm run web:qaThe static QA console can be hosted from:
apps/web-qa/
Recommended targets:
- Cloudflare Pages for internal QA;
- Vercel preview for stakeholder review;
- static S3/R2 bucket for lightweight smoke checks.
Production client deployment requires native Cocos Creator tooling:
- Install pinned Cocos Creator 3.8.x.
- Open
apps/cocos. - Configure kids/standard build target.
- Run Cocos build for WebGL, iOS, Android.
- Run bundle-budget checks.
- Upload source maps privately to Sentry.
- Submit iOS/Android builds through Fastlane lanes after credentials are configured.
Production API and realtime services should be promoted from the current deliverable contracts into deployable services:
- Provision Supabase standard and kids projects.
- Apply migrations in
infra/supabase/**. - Configure tenant RLS session variables.
- Deploy edge functions.
- Deploy realtime rooms with sticky sessions and Redis presence.
- Configure Sentry, GameAnalytics, Mixpanel, AppsFlyer, and Better Stack.
- Run tenant-isolation smoke tests.
These cannot be fully completed without external credentials/devices:
- Apple TestFlight / App Store Connect.
- Google Play Internal Test.
- Zalo OA OAuth approval.
- PRIVO or SuperAwesome kWS sandbox.
- ARKit and ARCore physical device checks.
- Apple/Google/Antom/Xsolla payment sandboxes.
- LevelPlay/AppLovin ad-network sandbox.
- Crowdin project token.
Track these in the one-by-one implementation audit before production release.
- Add the task markdown under
docs/tasks/<module>/. - Add it to
docs/tasks/BACKLOG.md. - Add an audit file with
score_post_revision_2: 10/10. - Add the task ID to
src/registry.ts. - Implement the domain/service/UI/infra deliverable.
- Add unit tests.
- Add task acceptance coverage.
- Add E2E coverage if it crosses modules.
- Update
docs/testing/TEST_CASES.md. - Run:
npm run verifyUsually means a new task file, audit file, declared file path, backlog row, or manifest count is out of sync.
Fix:
npm run task:checkRead the error message and update the specific task/backlog/artifact.
Usually means documentation or test-suite coverage is missing, or generated placeholder markers reappeared.
Fix:
npm run qa:checkThen update the missing README/PRD/SRS/test/social/audit artifact.
Check port:
PORT=4174 npm run web:qaOpen:
http://localhost:4174
Run the focused suite first:
npm run test:unit
npm run test:e2eThen run the full suite:
npm run verifyAs of 2026-05-18:
- 53 tasks shipped.
- Placeholder markers removed.
- PRD/SRS/test matrix present.
- Unit, task acceptance, and E2E suites wired.
- Web QA console available locally.
- Social content schedule prepared for manual posting.
Run npm run verify for the current machine’s authoritative status.