mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 22:41:09 +02:00
61f2772789
- App display name → Cardecky in mana-apps.ts, MODULE_REGISTRY, alle Docs - Domains: cardecky.mana.how (App), cardecky-api.mana.how (Marketplace API), cardecky.com (Marketing-Landing — cloudflared-route + nginx-Block vorbereitet, DNS muss noch gesetzt werden) - 301-Redirect cards.mana.how → cardecky.mana.how (nginx + cloudflared) für alte Bookmarks; kann nach 6–12 Monaten wieder raus - SPDX license IDs Cards-Personal-Use/Pro-Only-1.0 → Cardecky-* via Drizzle 0001-Migration (DROP CHECK → UPDATE rows → SET DEFAULT → ADD CHECK), inkl. _journal- und 0001_snapshot-Update - In-mana cards-Modul: dezenter Banner zur Standalone-App (GUIDELINES §12), einmal schließbar via localStorage - Docker-CORS-Listen, sso-origins.ts, Prometheus-Target aktualisiert Technische IDs bleiben bewusst: appId 'cards', schema mana_platform.cards.*, Verzeichnis apps/cards/, Package @cards/web, services/cards-server, Env-Vars CARDS_*, UMAMI_WEBSITE_ID_CARDS*, Class CardsEvents — Mana-Konvention (Brand ≠ technischer Identifier). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
26 KiB
26 KiB
Mana Earning System
Konzept für fraud-resistente Mechanismen, durch die Nutzer Mana Credits verdienen können.
Status: Planung
Letzte Aktualisierung: 2026-02-16
Übersicht
Das Earning-System besteht aus drei Säulen:
| Säule | Beschreibung | Reward-Typ |
|---|---|---|
| Karma/XP System | Gamification ohne monetären Wert | XP, Badges, Levels |
| Creator Rewards | Social-Proof-basierte Content-Belohnung | Credits (delayed) |
| Community Bounties | Kuratierte Belohnungen für Contributions | Credits (manual) |
Design-Prinzipien
- Fraud-Resistenz vor Großzügigkeit - Lieber weniger Rewards als exploitable Systems
- Social Proof - Rewards basieren auf Nutzen für ANDERE, nicht eigene Aktionen
- Delayed Gratification - Zeit für Fraud-Detection vor Auszahlung
- Manual Gates - Große Rewards immer mit menschlicher Review
- Non-monetary Gamification - Engagement ohne Credit-Risiko
1. Karma/XP System
Konzept
Ein nicht-monetäres Punktesystem für Engagement und Gamification. XP können NICHT für AI-Features eingetauscht werden - sie dienen nur der Motivation und Status-Anzeige.
Warum kein Credit-Risiko?
XP hat keinen monetären Wert
→ Farming bringt keinen finanziellen Vorteil
→ Kein Anreiz für Bots/Multi-Accounts
→ Wir können großzügig sein ohne Risiko
XP-Quellen
Tägliche Aktivität
| Aktion | XP | Limit |
|---|---|---|
| Täglicher Login | 10 | 1x/Tag |
| Erste Aktion des Tages | 5 | 1x/Tag |
| 5 Minuten aktive Nutzung | 5 | 6x/Tag (30 Min max) |
App-Nutzung
| Aktion | XP | Limit |
|---|---|---|
| Task erstellen | 1 | 50/Tag |
| Task erledigen | 2 | 50/Tag |
| Event erstellen | 2 | 20/Tag |
| Kontakt hinzufügen | 1 | 30/Tag |
| Deck erstellen | 5 | 10/Tag |
| Karte erstellen | 1 | 100/Tag |
| Präsentation erstellen | 5 | 5/Tag |
Streaks
| Streak | XP Bonus |
|---|---|
| 7 Tage | 50 |
| 30 Tage | 200 |
| 100 Tage | 500 |
| 365 Tage | 2000 |
Cross-App Nutzung
| Aktion | XP |
|---|---|
| 3 Apps an einem Tag genutzt | 20 |
| 5 Apps an einem Tag genutzt | 50 |
| Alle Apps in einer Woche genutzt | 100 |
Level-System
Level 1: 0 XP → Newcomer
Level 5: 500 XP → Regular
Level 10: 2,000 XP → Enthusiast
Level 20: 10,000 XP → Power User
Level 30: 30,000 XP → Expert
Level 50: 100,000 XP → Legend
Level 100: 500,000 XP → Mana Master
Level-Vorteile (keine Credits!)
| Level | Vorteil |
|---|---|
| 5 | Profilrahmen (Bronze) |
| 10 | Custom Themes freischalten |
| 20 | Profilrahmen (Silber) |
| 30 | Early Access zu Beta Features |
| 50 | Profilrahmen (Gold) |
| 75 | Leaderboard Badge |
| 100 | Profilrahmen (Legendary) + "OG" Status |
Leaderboards
- Täglich: Top 100 XP heute
- Wöchentlich: Top 100 XP diese Woche
- Monatlich: Top 100 XP diesen Monat
- All-Time: Top 1000 Gesamt-XP
Datenbank-Schema
-- XP Balances
CREATE TABLE karma.balances (
user_id UUID PRIMARY KEY REFERENCES auth.users(id),
total_xp BIGINT NOT NULL DEFAULT 0,
current_level INTEGER NOT NULL DEFAULT 1,
daily_xp INTEGER NOT NULL DEFAULT 0,
weekly_xp INTEGER NOT NULL DEFAULT 0,
monthly_xp INTEGER NOT NULL DEFAULT 0,
current_streak INTEGER NOT NULL DEFAULT 0,
longest_streak INTEGER NOT NULL DEFAULT 0,
last_activity_date DATE,
created_at TIMESTAMPTZ DEFAULT NOW(),
updated_at TIMESTAMPTZ DEFAULT NOW()
);
-- XP Transactions (für Audit, optional)
CREATE TABLE karma.transactions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES auth.users(id),
amount INTEGER NOT NULL,
source VARCHAR(50) NOT NULL, -- 'daily_login', 'task_complete', 'streak_bonus', etc.
source_id VARCHAR(100), -- optional: task_id, deck_id, etc.
app_id VARCHAR(50),
created_at TIMESTAMPTZ DEFAULT NOW()
);
-- Indexes
CREATE INDEX idx_karma_balances_total ON karma.balances(total_xp DESC);
CREATE INDEX idx_karma_balances_daily ON karma.balances(daily_xp DESC);
CREATE INDEX idx_karma_transactions_user ON karma.transactions(user_id, created_at DESC);
-- Daily reset job (cron)
-- Reset daily_xp at midnight
-- Reset weekly_xp on Monday
-- Reset monthly_xp on 1st
API Endpoints
GET /api/v1/karma/balance → { totalXp, level, streak, rank }
GET /api/v1/karma/leaderboard → { daily: [...], weekly: [...], allTime: [...] }
POST /api/v1/karma/claim-streak → { bonus: 50, newStreak: 7 }
GET /api/v1/karma/history → [{ amount, source, createdAt }, ...]
2. Creator Rewards (Social Proof)
Konzept
Credits für Content, der von ANDEREN Nutzern tatsächlich verwendet wird. Nicht für das Erstellen, sondern für den Nutzen.
Fraud-Prevention Mechanismen
- Social Proof Required: Nur Nutzung durch ANDERE zählt
- Verified Users Only: Nur Interaktionen von verifizierten Usern zählen
- Delayed Payout: 14 Tage Wartezeit für Fraud-Check
- Monthly Cap: Max 100 Credits/Monat durch Creator Rewards
- Quality Gate: Mindeststandards für Content
Was ist ein "Verified User"?
Ein User gilt als "verified" wenn MINDESTENS EINS zutrifft:
- Hat mindestens 1x Credits gekauft
- Account älter als 60 Tage UND mindestens 30 aktive Tage
- Verifizierte E-Mail von bekanntem Provider (nicht temp-mail)
- Manuell vom Team verifiziert
Reward-Struktur
Cardecky
| Metrik | Threshold | Credits | Max/Monat |
|---|---|---|---|
| Deck kopiert | 10 verified User | 5 | 50 |
| Deck kopiert | 50 verified User | 15 | 30 |
| Deck kopiert | 100 verified User | 30 | 30 |
| Featured Deck | Team-Auswahl | 50 | 50 |
Quotes
| Metrik | Threshold | Credits | Max/Monat |
|---|---|---|---|
| Zitat eingereicht & akzeptiert | Nach Review | 3 | 30 |
| Zitat wird 100x angezeigt | Unique User | 5 | 25 |
| Zitat-Sammlung geteilt & genutzt | 10 verified Nutzer | 10 | 20 |
Presi
| Metrik | Threshold | Credits | Max/Monat |
|---|---|---|---|
| Template erstellt & approved | Nach Review | 10 | 30 |
| Template wird genutzt | 20 verified User | 10 | 40 |
Payout-Flow
┌─────────────────────────────────────────────────────────────┐
│ Creator Reward Flow │
├─────────────────────────────────────────────────────────────┤
│ │
│ Tag 0: User A erstellt Deck │
│ → Status: "Public" │
│ │
│ Tag 1-14: Andere User kopieren das Deck │
│ → Copies werden gezählt (nur verified users) │
│ → Anti-Fraud Checks laufen │
│ │
│ Tag 14: Evaluation │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Fraud-Check: │ │
│ │ - Kopien von verschiedenen IPs? ✓ │ │
│ │ - Kopien über Zeit verteilt? ✓ │ │
│ │ - Keine Muster (Ring-Verdacht)? ✓ │ │
│ │ - Content-Qualität OK? ✓ │ │
│ └─────────────────────────────────────────────────────┘ │
│ │ │
│ ├─── Pass → Credits gutschreiben │
│ │ → Transaction: type='creator_reward' │
│ │ │
│ └─── Fail → Manuelle Review-Queue │
│ → Ggf. Account-Flag │
│ │
└─────────────────────────────────────────────────────────────┘
Datenbank-Schema
-- Pending Creator Rewards
CREATE TABLE credits.creator_rewards_pending (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES auth.users(id),
content_type VARCHAR(50) NOT NULL, -- 'deck', 'quote', 'template'
content_id UUID NOT NULL,
reward_type VARCHAR(50) NOT NULL, -- 'copies_10', 'copies_50', 'featured'
credits_amount INTEGER NOT NULL,
verified_interactions INTEGER NOT NULL DEFAULT 0,
interaction_user_ids UUID[] NOT NULL DEFAULT '{}',
status VARCHAR(20) NOT NULL DEFAULT 'pending', -- 'pending', 'approved', 'rejected', 'paid'
fraud_score INTEGER DEFAULT 0,
fraud_signals JSONB DEFAULT '[]',
eligible_at TIMESTAMPTZ NOT NULL, -- created_at + 14 days
reviewed_at TIMESTAMPTZ,
paid_at TIMESTAMPTZ,
created_at TIMESTAMPTZ DEFAULT NOW()
);
-- Verified Users Cache (für Performance)
CREATE MATERIALIZED VIEW credits.verified_users AS
SELECT
u.id as user_id,
CASE
WHEN EXISTS (SELECT 1 FROM credits.purchases p WHERE p.user_id = u.id AND p.status = 'completed') THEN true
WHEN u.created_at < NOW() - INTERVAL '60 days'
AND (SELECT COUNT(DISTINCT DATE(created_at)) FROM karma.transactions WHERE user_id = u.id) >= 30 THEN true
ELSE false
END as is_verified
FROM auth.users u;
-- Refresh daily
CREATE INDEX idx_verified_users ON credits.verified_users(user_id) WHERE is_verified = true;
-- Content Interactions Tracking
CREATE TABLE credits.content_interactions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
content_type VARCHAR(50) NOT NULL,
content_id UUID NOT NULL,
creator_user_id UUID NOT NULL,
interacting_user_id UUID NOT NULL,
interaction_type VARCHAR(50) NOT NULL, -- 'copy', 'like', 'use'
is_verified_user BOOLEAN NOT NULL DEFAULT false,
ip_hash VARCHAR(64), -- hashed for privacy
created_at TIMESTAMPTZ DEFAULT NOW(),
UNIQUE(content_type, content_id, interacting_user_id, interaction_type)
);
CREATE INDEX idx_content_interactions_creator ON credits.content_interactions(creator_user_id, created_at DESC);
CREATE INDEX idx_content_interactions_content ON credits.content_interactions(content_type, content_id);
Fraud-Detection Signals
interface FraudSignals {
// Timing-basiert
allInteractionsWithin24h: boolean; // Verdächtig wenn true
interactionsEvenlySpaced: boolean; // Bot-Pattern
// User-basiert
sameIpCluster: boolean; // Viele User, gleiche IP
newAccountCluster: boolean; // Viele neue Accounts
lowActivityAccounts: boolean; // Accounts ohne sonstige Aktivität
// Pattern-basiert
reciprocalInteractions: boolean; // A kopiert B, B kopiert A
ringPattern: boolean; // A→B→C→D→A
// Content-basiert
duplicateContent: boolean; // Kopie von anderem Deck
lowQualityContent: boolean; // Zu kurz, kein Inhalt
// Historical
previousFraudFlags: number; // Frühere Flags
}
// Score calculation
function calculateFraudScore(signals: FraudSignals): number {
let score = 0;
if (signals.allInteractionsWithin24h) score += 30;
if (signals.interactionsEvenlySpaced) score += 20;
if (signals.sameIpCluster) score += 40;
if (signals.newAccountCluster) score += 25;
if (signals.reciprocalInteractions) score += 35;
if (signals.ringPattern) score += 50;
if (signals.duplicateContent) score += 40;
if (signals.previousFraudFlags > 0) score += signals.previousFraudFlags * 15;
return Math.min(score, 100);
}
// Thresholds
const FRAUD_THRESHOLDS = {
AUTO_APPROVE: 10, // Score < 10: Auto-approve
MANUAL_REVIEW: 30, // Score 10-30: Queue for review
AUTO_REJECT: 50, // Score > 50: Auto-reject
};
3. Community Bounties
Konzept
Manuell kuratierte Belohnungen für wertvolle Community-Beiträge. Jede Auszahlung erfordert Team-Review.
Bug Bounty Program
Severity Levels
| Severity | Beschreibung | Credits | Beispiele |
|---|---|---|---|
| Critical | Sicherheit, Datenverlust | 500-1000 | Auth Bypass, SQL Injection, Data Leak |
| High | Major Feature kaputt | 100-250 | App Crash, Datenverlust (lokal), Payment Bug |
| Medium | Feature funktioniert nicht richtig | 25-75 | Falsches Verhalten, Sync-Probleme |
| Low | Kleinere Bugs | 10-25 | UI Glitches, Typos, Edge Cases |
| Cosmetic | Nur visuell | 5 | Alignment, Farben, Spacing |
Bug Report Prozess
┌─────────────────────────────────────────────────────────────┐
│ Bug Report Flow │
├─────────────────────────────────────────────────────────────┤
│ │
│ 1. User öffnet Bug Report │
│ - App auswählen │
│ - Titel (kurz) │
│ - Description (Steps to Reproduce) │
│ - Expected vs Actual Behavior │
│ - Screenshots/Video (optional, +10% Bonus) │
│ - Device/Browser Info (auto-filled) │
│ │
│ 2. Automatische Checks │
│ - Duplikat-Check (Similarity zu existierenden Bugs) │
│ - Spam-Check (zu kurz, bekannte Patterns) │
│ - Rate Limit (max 5 Reports/Tag) │
│ │
│ 3. Triage Queue │
│ Team reviewed innerhalb 48h: │
│ - Ist es ein echter Bug? → Severity zuweisen │
│ - Duplikat? → Link zu Original, kleiner Trostpreis (5) │
│ - Kein Bug? → Ablehnen mit Begründung │
│ │
│ 4. Bug wird gefixt │
│ - Credits werden gutgeschrieben │
│ - Optional: Erwähnung in Release Notes │
│ │
│ 5. Hall of Fame │
│ - Monatliche Top Bug Hunters │
│ - Lifetime Leaderboard │
│ │
└─────────────────────────────────────────────────────────────┘
Bug Report Schema
CREATE TABLE community.bug_reports (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES auth.users(id),
-- Report Details
app_id VARCHAR(50) NOT NULL,
title VARCHAR(200) NOT NULL,
description TEXT NOT NULL,
steps_to_reproduce TEXT,
expected_behavior TEXT,
actual_behavior TEXT,
-- Attachments
screenshot_urls TEXT[],
video_url TEXT,
-- Device Info
device_info JSONB, -- { platform, os, browser, appVersion }
-- Triage
status VARCHAR(20) NOT NULL DEFAULT 'pending',
-- 'pending', 'triaging', 'confirmed', 'duplicate', 'not_a_bug', 'fixed', 'wont_fix'
severity VARCHAR(20), -- 'critical', 'high', 'medium', 'low', 'cosmetic'
duplicate_of UUID REFERENCES community.bug_reports(id),
-- Reward
credits_awarded INTEGER,
transaction_id UUID REFERENCES credits.transactions(id),
-- Internal
internal_notes TEXT,
assigned_to VARCHAR(100),
github_issue_url TEXT,
-- Timestamps
created_at TIMESTAMPTZ DEFAULT NOW(),
triaged_at TIMESTAMPTZ,
fixed_at TIMESTAMPTZ,
-- Anti-spam
ip_hash VARCHAR(64),
similarity_score FLOAT -- zu existierenden Reports
);
CREATE INDEX idx_bug_reports_user ON community.bug_reports(user_id);
CREATE INDEX idx_bug_reports_status ON community.bug_reports(status);
CREATE INDEX idx_bug_reports_app ON community.bug_reports(app_id, status);
Feature Suggestions
| Phase | Credits | Bedingung |
|---|---|---|
| Eingereicht | 0 | - |
| Community Vote: 25+ Upvotes | 5 | Verified User Votes only |
| In Roadmap aufgenommen | 25 | Team-Entscheidung |
| Feature released | 75 | Implementation abgeschlossen |
Community Help (Future)
Für spätere Phasen, wenn Community-Plattform existiert:
| Aktion | Credits | Review |
|---|---|---|
| Antwort als "Lösung" markiert | 5 | Auto (durch Fragesteller) |
| Guide/Tutorial geschrieben | 25-75 | Manual Review |
| Video-Tutorial | 50-150 | Manual Review |
| Übersetzung beigetragen | 10-50 | Manual Review |
Bounty Administration
-- Bounty Pool Tracking
CREATE TABLE community.bounty_pool (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
month DATE NOT NULL, -- First of month
budget_credits INTEGER NOT NULL,
spent_credits INTEGER NOT NULL DEFAULT 0,
created_at TIMESTAMPTZ DEFAULT NOW()
);
-- Monthly budget: e.g., 10,000 Credits
-- Prevents runaway spending
Implementation Roadmap
Phase 1: Karma/XP System
Priority: High | Effort: Medium | Risk: Low
TODO
-
Database Setup
- Create
karmaschema - Create
balancestable - Create
transactionstable - Setup daily/weekly/monthly reset cron jobs
- Create
-
Backend (mana-auth)
- Create
KarmaModule - Create
KarmaServicewith methods:awardXp(userId, amount, source, sourceId?, appId?)getBalance(userId)getLeaderboard(type: 'daily' | 'weekly' | 'monthly' | 'allTime')calculateLevel(totalXp)checkAndAwardStreakBonus(userId)
- Create
KarmaControllerwith endpoints - Create Event Listener für App-Events (Task complete, etc.)
- Create
-
Integration in Apps
- Event-Emitter in jeder App für XP-relevante Aktionen
- Zentrales Event-Bus System (Redis Pub/Sub oder direkte HTTP calls)
-
Frontend (alle Web Apps)
- XP-Anzeige in Header/Profile
- Level-Badge Component
- Streak-Anzeige
- Leaderboard-Page
- Level-Up Animation/Notification
-
Testing
- Unit Tests für XP-Calculation
- Unit Tests für Level-Calculation
- Integration Tests für Streak-Logic
- Load Tests für Leaderboard-Queries
Phase 2: Creator Rewards
Priority: Medium | Effort: High | Risk: Medium
TODO
-
Database Setup
- Create
creator_rewards_pendingtable - Create
content_interactionstable - Create
verified_usersmaterialized view - Setup daily refresh for materialized view
- Create
-
Fraud Detection Service
- Create
FraudDetectionService - Implement fraud signal detection
- Implement fraud score calculation
- Setup scheduled job für 14-day evaluation
- Create
-
Backend (mana-auth)
- Create
CreatorRewardsModule - Create
CreatorRewardsService:trackInteraction(contentType, contentId, creatorId, interactingUserId)evaluatePendingRewards()- Scheduled jobprocessApprovedRewards()getCreatorStats(userId)
- Create Admin endpoints für Manual Review Queue
- Create
-
Integration in Content Apps
- Cardecky: Track deck copies
- Quotes: Track quote submissions/views
- Presi: Track template usage
-
Admin Dashboard
- Review Queue UI
- Fraud Signal Visualization
- Approve/Reject Workflow
- Creator Stats Overview
-
Testing
- Fraud Detection Unit Tests
- Integration Tests für Reward Flow
- Manual QA für Edge Cases
Phase 3: Community Bounties
Priority: Medium | Effort: Medium | Risk: Low
TODO
-
Database Setup
- Create
communityschema - Create
bug_reportstable - Create
feature_suggestionstable - Create
bounty_pooltable
- Create
-
Bug Report System
- Create
BugReportModule - Create
BugReportService:submitReport(userId, report)checkDuplicate(report)- Similarity checktriageReport(reportId, severity)awardBounty(reportId)
- Implement duplicate detection (embedding similarity?)
- Create Triage Dashboard
- Create
-
Feature Suggestion System
- Create
FeatureSuggestionService - Voting System (verified users only)
- Roadmap Integration
- Create
-
Frontend
- Bug Report Form Component
- Bug Report Status Tracker
- Feature Suggestion Board
- Bug Hunter Hall of Fame
-
Testing
- Duplicate Detection Tests
- Bounty Payout Tests
- Rate Limiting Tests
Phase 4: Polish & Analytics
Priority: Low | Effort: Low | Risk: Low
TODO
-
Analytics Dashboard
- XP Distribution Charts
- Creator Reward Stats
- Fraud Detection Metrics
- Bounty Pool Usage
-
Notifications
- Level Up Notifications
- Reward Payout Notifications
- Streak Warning (about to lose)
- Bug Report Status Updates
-
Gamification Polish
- Profile Badges/Frames
- Public Profile with Stats
- Share Achievements
- Seasonal Themes
API Endpoints Summary
Karma/XP
GET /api/v1/karma/balance → KarmaBalance
GET /api/v1/karma/leaderboard → LeaderboardResponse
GET /api/v1/karma/history → KarmaTransaction[]
POST /api/v1/karma/claim-streak → StreakClaimResponse
Creator Rewards
GET /api/v1/creator/stats → CreatorStats
GET /api/v1/creator/pending-rewards → PendingReward[]
GET /api/v1/creator/history → CreatorReward[]
# Admin
GET /api/v1/admin/creator-rewards/queue → PendingReward[]
POST /api/v1/admin/creator-rewards/:id/approve
POST /api/v1/admin/creator-rewards/:id/reject
Bug Bounty
POST /api/v1/bugs/report → BugReport
GET /api/v1/bugs/my-reports → BugReport[]
GET /api/v1/bugs/hall-of-fame → BugHunter[]
# Admin
GET /api/v1/admin/bugs/triage-queue → BugReport[]
POST /api/v1/admin/bugs/:id/triage → { severity, credits }
POST /api/v1/admin/bugs/:id/close → { status, reason }
Feature Suggestions
POST /api/v1/features/suggest → FeatureSuggestion
GET /api/v1/features/list → FeatureSuggestion[]
POST /api/v1/features/:id/vote → { success, voteCount }
GET /api/v1/features/my-suggestions → FeatureSuggestion[]
Monitoring & Alerts
Metrics to Track
// Karma System
karma_xp_awarded_total // Counter: Total XP awarded
karma_level_ups_total // Counter: Level ups
karma_active_streaks // Gauge: Users with active streaks
// Creator Rewards
creator_rewards_pending // Gauge: Pending rewards count
creator_rewards_approved // Counter: Approved rewards
creator_rewards_rejected // Counter: Rejected (fraud)
creator_fraud_score_avg // Gauge: Average fraud score
// Bug Bounty
bugs_submitted_total // Counter: Total reports
bugs_confirmed_total // Counter: Confirmed bugs
bugs_bounty_paid_total // Counter: Credits paid
bugs_triage_queue_size // Gauge: Pending triage
Alerts
# Fraud Alert: Too many high-value rewards pending
- alert: CreatorRewardsFraudSpike
expr: increase(creator_rewards_rejected[1h]) > 10
labels:
severity: warning
annotations:
summary: "High fraud rejection rate"
# Bug Bounty: Queue backlog
- alert: BugTriageBacklog
expr: bugs_triage_queue_size > 50
labels:
severity: warning
annotations:
summary: "Bug triage queue growing"
Security Considerations
Rate Limits
| Endpoint | Limit |
|---|---|
| XP Award (internal) | 100/user/day |
| Bug Report Submit | 5/user/day |
| Feature Suggest | 3/user/day |
| Feature Vote | 20/user/day |
Anti-Gaming Measures
- XP: Daily caps prevent grinding
- Creator Rewards: 14-day delay + fraud detection
- Bug Bounty: Manual review required
- All: Verified user requirements where applicable
Data Privacy
- IP addresses stored as hashes only
- No tracking of specific content viewed
- Fraud signals anonymized in logs
- GDPR: All data exportable/deletable
Open Questions
- XP Decay? Sollte XP über Zeit verfallen wenn User inaktiv?
- Negative XP? Sollte Spam/Abuse XP kosten?
- XP → Credits Conversion? Zu einem späteren Zeitpunkt möglich?
- Creator Tiers? Sollten Top-Creator bessere Rates bekommen?
- Bug Bounty Scope? Nur eigene Apps oder auch Dependencies?