From RGS to HTML5 Frontend and Compliance Infrastructure
Though the conventional Provider – Platform – Casino distribution model remains a foundational structure of the industry, over the past few years there have been increasing signals of a strategic shift among iGaming market players toward building their own vertically integrated ecosystems.
More reasonable CAPEX requirements for building proprietary platforms, combined with faster and more affordable game production, are becoming key enablers of this shift. Starting some scale point, the benefits include drastically improved profitability, greater control over marketing and distribution decisions, and the ability to scale hard-earned, business-specific know-how and approaches – unique insights and operational practices developed over time to survive and outperform the competition.
One of our customers approached CGS with the objective of building such an ecosystem.
The task involved designing and implementing a production-grade platform covering:
The customer’s existing business and technology landscape had evolved over time through several breakthrough decisions across both mainstream and niche iGaming markets. The customer established solid distribution and promotional channels and continued building and expanding operations. At the same time, it became clear that this approach was associated with significant OPEX and royalty payments to third parties, while operating on only a fraction of the GGR.
Recognizing the opportunities ahead, the customer nevertheless moved cautiously. By the time critical strategic decisions had to be made, the customer had already tested the waters in proprietary game production by creating a compact in-house creative studio, while outsourcing a major portion of game development services to CGS. The broader landscape consisted of fragmented, experiment-driven solutions, including a zoo of third-party integrations, RGS-less setups, and revenue-sharing partnerships with several technology providers supplying more or less ready-to-use components.
While these experiments and the conservative approach produced promising results, several operational and technical challenges gradually began affecting both content delivery and system maintainability:
The customer needed a platform capable of supporting long-term expansion — one that would:
In other words, the customer began transitioning toward its own RGS with a broad set of accompanying platform components and solutions.
Following the context, the architecture developed by CGS was designed around several foundational principles
The realization followed a modular architecture where gameplay rendering, transaction orchestration, outcome calculation, RNG provisioning, auditability, and integrations were separated into dedicated layers.
All core services were designed as containerized workloads deployable across Kubernetes clusters with regional scalability and “operator”-level logical isolation.
This architecture ensured that gameplay outcomes, transaction consistency, and replayability remained centrally controlled and independently auditable. Instead of creating another monolithic backend, CGS proposed a modular architecture separating gameplay presentation, outcome generation, integrations, compliance, and operational tooling.
The RGS was implemented as the sole public trust boundary of the platform.
Every player-affecting operation — including gameplay actions, wallet communication, configuration delivery, and audit logging — passed through the RGS layer. The game engine and wallet systems were never exposed directly to the client.
The RGS became the orchestration layer responsible for coordinating gameplay sessions, wallets, transactions, configuration, monitoring, and compliance-related operations.
The architecture was designed to support both direct integrations and adapter-based integrations with third-party operators and wallet providers.
The architecture was daSpecial attention was given to transaction consistency and operational transparency. Every gameplay round, financial operation, and critical state transition could be traced and audited.esigned to support both direct integrations and adapter-based integrations with third-party operators and wallet providers.
The architecture was daSpecial attention was given to transaction consistency and operational transparency. Every gameplay round, financial operation, and critical state transition could be traced and audited.esigned to support both direct integrations and adapter-based integrations with third-party operators and wallet providers.
The RGS state model supported forward recovery through all gameplay phases:
Requested → Validated → BetDebited → EngineCalled → WinCredited → AuditCommitted → Returned
Each transition was persisted into the event stream, allowing deterministic replay, operational investigations, and reconciliation workflows.
The engine layer included:
The separation between presentation and outcome generation significantly simplified maintenance and future extensibility.
Math models could evolve independently from frontend implementations, while gameplay balancing and RTP adjustments could be controlled through configuration and versioning workflows.
Each math package was versioned, signature-verified, and content-addressed using immutable package hashes. RTP variants were pre-validated and selected per operator configuration rather than adjusted dynamically at runtime.
This architecture also improved testing and certification processes by isolating critical gameplay calculations into deterministic backend services.
The RNG is pluggable, not a fixed platform component. The engine speaks to it via a narrow interface: round context + byte count in, bytes + stable seedReference out. The sidecar runs alongside the engine for low-latency calls and can be developed, audited, or replaced without modifying engine code.
Deterministic PRNG
Unit tests, replay verification, demos. Bit-exact reproducible from a seed.
Reference DRBG
Production starting point. Cryptographically strong; entropy from kernel and (where available) hardware sources.
Any implementation honouring the RNG interface plugs in — internally developed, third-party licensed, or hardware-backed. Replacement is a deployment-config change.
The seedReference is recorded in the audit row; replay re-issues the same request and asserts the same seedReference resolves to the same bytes.
The Wallet/PAM tier is pluggable. Two deployment modes, one canonical contract:
External PAM (default)
Operator already has a Player Account Management system and wallet.
A thin wallet adapter translates between the canonical contract and the operator's dialect(envelope, signing, transport). One adapter per PAM.
Platform-provided PAM (optional)
Slots delivery plus account & wallet setup; no existing PAM.
Reference implementation covering what a slots-only deployment needs: player accounts and authentication, real-money and bonus wallets (multi-currency), deposit/withdrawal ledger with pluggable payment connectors, transaction history, and player-limit enforcement at the wallet boundary. Same canonical contract toward the RGS as any external PAM. Opt-in; deployments using an external PAM do not deploy it.
Both modes expose debit / credit / rollback / getRoundStatus to the RGS — idempotent on transaction id, integer minor units, currency-aware. The RGS does not know which mode is wired in.
Compliance and replayability were treated as first-class architectural concerns rather than secondary operational features.
One of the most important business requirements was ensuring operational transparency.
The customer required infrastructure capable of supporting internal investigations, regulatory audits, dispute resolution, and gameplay verification.
To address these needs, CGS implemented:
The audit architecture relied on append-only event streams and hash-chained audit records where every row referenced the previous audit hash. Chain heads could be externally timestamped, making tampering detectable and improving regulatory confidence.
Audit & Replay Service сonsumes the round-event stream. Writes an append-only audit table with row-level immutability and per-row hashchaining (H(n) = SHA-256(H(n-1) ‖ row)), and a cold archive in object storage with write-once-read-many guarantees. Retention configurable per operator. The replay endpoint reconstructs any historical round from its audit row plus the pinned math package version.
The resulting ecosystem enabled support and compliance teams to trace gameplay flows, validate transactions, and investigate anomalies without engineering intervention.
The back-office layer was implemented as an internal operational access point focused on compliance, support workflows, and operational visibility across the gaming ecosystem.
Access to the system was protected through SSO integration, MFA, and IP allow-list restrictions, while role-based access control separated responsibilities between operator administrators, compliance teams, support agents, and read-only audit users.
The tooling exposed operational capabilities such as:
Administrative operations were treated with the same auditability standards as gameplay actions (the admin user is the actor). Every change, override, export, or operational intervention was recorded in the immutable audit stream with full actor attribution and traceability.
The frontend layer was developed as a lightweight yet highly configurable HTML5 application framework capable of supporting multiple casino game categories.
The realization covered:
One of the key architectural principles was minimizing trust on the client side. The frontend contract was designed around signed outcome envelopes, signature verification, idempotent action calls, and HTTPS communication. No RNG logic, payout calculations, reel strips, or probabilistic systems were exposed to the client layer.
Every round is reconstructable from stored inputs alone — never from stored outcomes. This is what makes disputesresolvable and the engine auditable end-to-end.
Per-round flow: RGS allocates roundId. Engine requests an RNG block keyed on (operatorId, roundId, gameId, mathVersion); sidecar returns bytes + seedReference. Engine computes the outcome. The audit row records roundId, rngProvider, seedReference, mathPkgHash, inputs[], outcomeHash, prevAuditHash, signature — the hash of the outcome, never the outcome itself.
Replay: Look up the audit row → pull the math package by hash → re-issue the RNG request and assert the stored seedReference resolves to the same bytes → run the engine with the stored inputs → compare the produced outcome hash against the stored value. A mismatch indicates either tampered audit data or engine non-determinism; both are surfaced by the same procedure.
The Wallet/PAM tier is pluggable. The same canonical contract applies whether the platform is calling an external operator PAM or the platform-provided PAM — the RGS, engine, and audit pipelines do not know which side of the boundary the wallet lives on.
Canonical contract: debit, credit, rollback, getRoundStatus. All idempotent on a stable transaction id. All amounts integer minor units. Currency code on every call.
Round flow: Never blindly retry on timeout — always getRoundStatus first. A credit succeeding after believed failure is a real failure mode; a reconciler runs periodically and heals discrepancies. The adapter handles per-PAM dialects; the core RGS speaks only the canonical contract. Operator clocks can drift; the platform sends its own timestamp with an accepted tolerance window.
Reconciliation: A periodic file (format per operator) produced from the transaction event stream. SLA-breachingdiscrepancies open a support ticket and an auditable incident with operator notification.
The platform was designed as a cloud-agnostic, Kubernetes-native ecosystem capable of running consistently across regional deployments, private infrastructure, and multi-tenant operator environments.
Regional deployments supported data residency requirements and low-latency gameplay delivery, while maintaining a unified deployment model where infrastructure differences were configuration-driven rather than architecture-specific.
The infrastructure layer was separated into workload-oriented node pools optimized for different operational characteristics:
Autoscaling strategies were driven by request latency and operational SLOs instead of raw CPU utilization, improving platform stability during gameplay spikes and traffic bursts.
Slot spin: engine compute
(Pure math + RNG)
P95 < 30 ms
Slot spin: full round-trip
(Including wallet and network)
P95 < 150 ms
Slot spin: P99 tail
(Including occasional pauses, retries, jitter)
< 250 ms
Wallet round-trip
(Provider-dependent)
P95 < 100 ms
Operator identifiers acted as partitioning keys throughout the platform data model, allowing infrastructure reuse without sacrificing operational separation, reporting boundaries, or audit traceability.
Physical isolation was supported for deployments with stricter contractual or regulatory requirements, but the default operational model prioritized efficient multi-tenant scalability.
Operational observability was implemented across the entire gameplay flow — from client requests and RGS orchestration to engine execution and wallet processing.
The gaming industry thrives on innovation and partnerships. Whether you’re interested in our services, exploring new game concepts, or discussing other business opportunities, we’re always open to conversations. Drop us a line!
