Skip to main content

Documentation Index

Fetch the complete documentation index at: https://pcmtg.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

7.1 Sybil Defense & Authentication (OAuth)

Because PCMTG relies on a dynamic global economy (GIPs) and a hidden ELO system, it is highly susceptible to Sybil attacks (players spinning up thousands of bot accounts to inflate their quadrant’s GIP).
  • Authentication: Anonymous login is strictly prohibited. All players must authenticate via Firebase Auth using high-friction OAuth providers (Google, Reddit, or Discord).
  • Account Banning: If a bot network is detected, the Cloud Run Admin SDK instantly flags the OAuth UID, permanently zeroing out their ELO and stripping their accumulated GIPs from their quadrant’s total.

7.2 The Ghost Orchestrator (Behavioral AI Bots)

To ensure the 60-second table loop remains frictionless, human players must never wait in an empty lobby.
  • Trigger: A Node.js background service monitors the ActiveTables Firestore collection. If a human occupies a seat for > 5 seconds, the Ghost Orchestrator activates.
  • Injection: It populates the remaining seats with “Ghost Players.”
  • Behavioral Profiles: Ghosts do not play randomly. They are assigned behavioral profiles based on their assigned quadrant:
    • LibLeft Ghosts: Highly volatile; statistically more likely to hit the “Based” button to force a Grand Consensus.
    • AuthRight Ghosts: Conservative; favor playing Policy Cards to freeze axes.
    • AuthLeft Ghosts: Focused on collective play; prioritize punishing lone-wolf defection.
    • LibRight Ghosts: High-risk; favor maximizing Euclidean distance shifts.

7.3 GCP Billing Kill-Switches

Because the backend scales to zero and can infinitely scale to thousands of containers, a malicious DDoS attack could theoretically generate massive Cloud Run and Vertex AI bills.
  • Budget Alerts: GCP Cloud Billing is configured with strict thresholds (e.g., 50,50, 100).
  • Automated Kill-Switch: If the budget exceeds 100%, a Pub/Sub event triggers a Cloud Function that instantly disables the billing account linked to the project, taking the system offline. We prioritize total downtime over unbounded financial liability.