Patrick Bass Area: Engagement (audit p9) · Surface: /achievements, achievements schema, AchievementController · Dimension: existing-feature-improvement · Severity: enhancement
Discourse, Steam, and most modern achievement systems ship a subset of 'secret' achievements rendered as '???' until unlocked — they create delight-on-discovery and reward exploration rather than checklist-grinding. Right now nothing on our wall surprises a member; they can see and grind every single criterion. A handful of hidden achievements ('Night Owl', 'First to react', easter eggs) would add a discovery layer at near-zero cost since the grant logic already exists.
Evidence
The achievements table has no is_secret/is_hidden column (database/schema.sql:72-80 — slug/name/description/icon/category only); the FEATURE_FLAGS map (Achievement.php:23-69) only hides whole achievements when an underlying feature is off, it is not a per-achievement 'mystery' toggle. The catalog renders every locked card's full name + description + exact criteria (templates/achievements/index.php:157-168). The detail page likewise reveals the full description for unearned achievements (templates/achievements/users.php:26).Suggested fix. Add an is_secret flag to achievements; for secret + unearned, render the card as '???' with a generic 'Hidden achievement' tooltip and hide the description until earned. Reveal fully once unlocked.
Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.
Patrick Bass
@mobieus
