Provably fair rounds

Before outcomes are derived, the server publishes a SHA-256 hash of a secret server seed. You provide a client nonce. The shuffle (blackjack) or winning pocket (solo European roulette) is computed deterministically from the server seed, your nonce, and the round id using documented algorithms bj-v1 and rl-v1 in this codebase (lib/fairness/crypto.ts).

Shared roulette table (rl-v2)

The live lobby roulette uses one open round at a time. The server commits sha256(serverSeed) before betting closes. Every player who places a slip submits a random user nonce. When the timer ends, the server derives clientEntropy as sha256 of the sorted lines userId|userNonce (one line per bettor). If nobody bet, it uses sha256("rl-v2|no-bets|" + roundId). The winning pocket is then roulettePocket(serverSeed, clientEntropy, roundId, 37) — the same uniform index primitive as rl-v1, with combined player entropy instead of a single client nonce. After the spin, the API lists every userId and userNonce that contributed so you can recompute clientEntropy and verify the result.

After the round completes, the server reveals the server seed. Anyone can verify sha256(serverSeed) === commitment and recompute the outcome.

Live blackjack table (bj-table-v1)

Same pattern as shared roulette: one round at a time, posted sha256(serverSeed) while bets are open. Each seated player submits a user nonce. When betting closes, the server sets clientEntropy to sha256 of sorted userId|userNonce lines (or sha256("bj-table-v1|no-bets|" + roundId) if nobody sat). The 52-card shoe order is shuffleIndices(serverSeed, clientEntropy, roundId, 52) from lib/fairness/crypto.ts. After the hand, the server reveals the seed; you can recompute the shoe and follow the deal order in the app.

This is cryptographic transparency for friends — not a regulatory license. Play money only.