# Codex Project Notes

## Project

`WatchLink` is a Dockerized Next.js + Postgres web app for persistent shared watch rooms with accounts, friends, roles, permissions, admin setup, persistent realtime playback sync, invites, room chat, and profile uploads.

Repository:

```text
MrSphay/WatchLink
```

## Commands

```text
Install: npm install
Dev: npm run dev
Lint: npm run lint
Typecheck: npm run typecheck
Test: npm run test
Build: npm run build
Audit: npm run audit
Release check: npm run release:check
Docker: docker compose up --build
Database migrate: npm run db:migrate
```

## Stack

```text
Next.js App Router, React, TypeScript, Prisma, Postgres, Socket.IO, Docker
```

Database setup:

```text
Prisma migrations live in prisma/migrations and are applied in Docker with prisma migrate deploy.
```

Runtime uploads:

```text
Avatar uploads are stored in /app/public/uploads and mounted through the avatar-uploads Docker volume.
```

Package manager:

```text
npm
```

## Build Artifacts

Next.js standalone build output:

```text
.next/standalone
```

Docker image:

```text
git.wilkensxl.de/mrsphay/watchlink:latest
```

## Security Rules

- Do not commit secrets, `.env` files, tokens, private keys, or certificates.
- Use `.env.example` for documentation only.
- Review `docs/security-review.md` before release work.
- Keep package publishing secrets in Gitea secrets as `REGISTRY_TOKEN`.

## Release Rules

Before a release:

1. run `npm run release:check`,
2. verify Docker build,
3. verify Gitea Actions are green,
4. verify the pushed container image can be pulled,
5. update README and changelog,
6. create tags/releases only when explicitly requested.