Skip to content

Adept power server-side validation (PP totals, prerequisites, duplicates) #255

New issue
New issue
Closed
Closed
Adept power server-side validation (PP totals, prerequisites, duplicates)#255
Assignees
Jasrags
Labels
creationcriticalUrgent - security vulnerability or blocking issueenhancementNew feature or requestvalidationValidation rules and error checking
Milestone
0.9 - Character Creation Validation
@Jasrags

Description

@Jasrags
Jasrags
opened on Feb 4, 2026

Problem

The server-side magicValidator only checks that adepts/mystic adepts have powers (a warning), but does not validate:

  1. Power point totals: No server check that total PP cost ≤ Magic rating. This is tracked client-side in the budget context but not verified server-side.
  2. Power prerequisites: Some adept powers require a minimum Magic rating or specific skills. Not checked.
  3. Duplicate powers: No check for duplicate power selections (some powers can be taken multiple times with different options, but identical duplicates should be blocked).
  4. Fractional PP values: Powers cost in 0.25 PP increments. No validation of correct fractional costs.

Acceptance Criteria

  • Server-side validator checks total PP cost does not exceed Magic rating
  • Server-side validator checks power prerequisites where defined in catalog data
  • Server-side validator rejects identical duplicate power selections
  • Server-side validator verifies power IDs exist in the ruleset catalog
  • Tests for overspent PP, missing prerequisites, duplicates, invalid power IDs

Priority

P1 — Critical — Adept powers are entirely unvalidated server-side despite being a resource-constrained selection.

Files

  • lib/rules/validation/character-validator.ts (extend or new validator)
  • Adept power catalog data in core-rulebook.json

Metadata

Metadata

Assignees

Labels

creationcriticalUrgent - security vulnerability or blocking issueenhancementNew feature or requestvalidationValidation rules and error checking

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions