# Project Info ## Purpose MovieDice is a mobile-first web app that helps friend groups collaboratively build a shared movie watchlist and randomly select movies using an animated "Roll the Dice" mechanic. ## Tech Stack | Layer | Technology | Version | | ---------------- | ----------------------------------------------------------------------------- | ----------- | | Frontend | Next.js (App Router, React), output: standalone | 15.x | | Styling | Tailwind CSS | v3/v4 | | Backend/Database | Supabase self-hosted Docker (Postgres + GoTrue + Realtime + PostgREST + Kong) | self-hosted | | Auth | Supabase Anonymous Sign-In (signInAnonymously()) | — | | Movie Data | TMDB API (free tier) | v3 | | State Management | TanStack Query v5 | v5 | | Admin Sessions | iron-session v8 | v8 | | 2FA (Admin) | TOTP via otplib | v12.x | | PWA | @serwist/next | current | | Password Hashing | argon2 (Argon2id) | current | | Background Jobs | Supabase pg_cron + Edge Functions (Deno) | — | | Reverse Proxy | Caddy | current | | Runtime | Node.js 22 LTS | 22.x | | Env Validation | t3-env (@t3-oss/env-nextjs) + zod | current | | Testing | Vitest (unit) + Playwright (E2E) | current | | Deployment | Self-hosted Docker via docker-compose | — | ## Key Directories - Project is pre-implementation; no source directories exist yet ## Architecture Notes - Anonymous auth with UUID-based accounts, no email/password - Recovery codes for cross-device account restoration - Groups with invite codes as sole access control for regular users - Master Admin with TOTP 2FA, credentials via environment variables - Real-time sync via Supabase subscriptions - PWA with offline graceful degradation - Two distinct roll animations: landing page slot-machine reels, in-app scatter/eliminate ## Review History | Date | Type | Report | | ---------- | -------------------------------------------------------------- | ---------------------------------------------------------------- | | 2026-04-05 | Pre-implementation architecture review | ./research/COMPLIANCE.md | | 2026-04-05 | Full tech stack audit (Report Mode) — Docker/self-hosted focus | ./research/TECHFILE.md | | 2026-04-05 | Second review -- technology verification on updated scope | ./research/TECHFILE.md (Second Review) | | 2026-04-05 | Second security review -- updated architecture analysis | ./research/SECFILE.md (Second Review) | | 2026-04-05 | Second compliance review -- updated scope (15 new findings) | ./research/COMPLIANCE.md (Second Review) | | 2026-05-07 | programmer | Realtime UPDATE (3.8), offline search (5.6), pre-push hook (1.1) |