CategoryItemStatusNext Step
Domain And InfrastructureVerify emtree.live in Resend DNSDoneKeep DNS records stable and test live signup/reset delivery after deploy.
Domain And InfrastructureFinish Vercel environment variables for productionExternal SetupConfirm Production and Preview values in Vercel project settings.
Domain And InfrastructureKeep GitHub connected to Vercel auto-deployExternal SetupConfirm main branch deploys automatically in Vercel.
Domain And InfrastructureSet separate Production, Preview, and local env valuesScaffoldedKeep .env.local for local only and mirror safe values in Vercel.
Domain And InfrastructureAdd uptime and error monitoring laterPlannedAdd Sentry or Vercel monitoring after core auth/profile flows stabilize.
Domain And InfrastructureKeep DNS ownership clearExternal SetupDo not edit records in GoDaddy while Vercel nameservers own DNS.
Domain And InfrastructureKeep all secrets out of GitHubDoneNever commit .env.local, API keys, service role keys, or SMTP/Resend secrets.
Domain And InfrastructureMaintain staging or preview deployment before production changesExternal SetupTest major changes on Vercel Preview before promoting production.
Supabase BackendRun all required Supabase SQL filesExternal SetupRun updated SQL in Supabase SQL Editor and save migration history.
Supabase BackendProfiles, wallets, transactions, KYC, limits, audit logs, sessions, support, games, bets, and messages tablesScaffoldedConfirm each table exists in Supabase Table Editor after running SQL.
Supabase BackendEnable RLS on all user tablesScaffoldedRe-run SQL and test policies with a real user.
Supabase BackendSafe RLS policies for user-owned dataScaffoldedAdd automated RLS tests before real-money launch.
Supabase BackendAdmin or service-only private review workflowsScaffoldedBuild role-based admin dashboard with 2FA and service-role API routes.
Supabase BackendStorage bucket for profile picturesScaffoldedRun storage SQL and test upload/delete with a user.
Supabase BackendWallet ledger tables, not editable balance onlyScaffoldedRoute all balance changes through server-side ledger writes.
Supabase BackendConstraints for money, bet, transaction, and user ownership statesScaffoldedAdd database functions for atomic bet settlement and withdrawal holds.
Supabase BackendIndexes for user ID, email, transaction status, game ID, bet ID, and created dateScaffoldedValidate query plans as data grows.
Supabase BackendAudit logging for sensitive eventsScaffoldedWire wallet, admin, game, payment, and social actions into audit writes.
Auth SystemRegister with email, password, DOB, jurisdiction, terms, privacy, and 21+ confirmationDoneTest with a fresh email on production after redeploy.
Auth SystemEmail verification with 6-digit Resend codeScaffoldedConfirm RESEND_API_KEY and verified support@emtree.live sender work in production.
Auth SystemLogin and logoutDoneTest in local and Vercel after database schema is applied.
Auth SystemForgot password with Resend reset emailScaffoldedRetest after Resend DNS verification.
Auth SystemReset passwordDoneConfirm redirect URL points to https://emtree.live in Supabase and Vercel.
Auth SystemHide login/signup buttons when logged inDoneVerify on production after env vars are deployed.
Auth SystemShow profile/avatar when logged inDoneTest avatar upload and cached profile summary.
Auth SystemAdd 2FA laterPlannedChoose TOTP/SMS/email approach after account basics are stable.
Auth SystemSession and device historyScaffoldedRecord session rows on login and revoke stale devices.
Auth SystemAccount lock and suspension statesScaffoldedBuild admin restriction actions.
Auth SystemResend-verification cooldownsDoneAdd server-side login endpoint for failed-login throttling.
Auth SystemFailed-login rate limitingPlannedAdd server middleware or provider-level protection for login attempts.
Auth SystemAccount recovery loggingScaffoldedLog forgot-password requests, reset completion, and support-assisted recovery.
Profile SystemProfile page with username, display name, email, avatar, rank, and verification statusDonePolish mobile layout and empty states after more testing.
Profile SystemUpload or change profile pictureScaffoldedRun profile-storage SQL and test upload in Supabase Storage.
Profile SystemStore avatar in Supabase StorageScaffoldedConfirm bucket and policies in Supabase.
Profile SystemResponsible gaming settingsDoneEnforce limits in wallet and betting APIs.
Profile SystemSecurity settingsScaffoldedWire password-change, 2FA, and recovery logs fully.
Profile SystemUser activity and audit historyScaffoldedExpand event sources beyond auth/profile.
Profile SystemPrivacy controls for social featuresDoneEnforce privacy in messaging, friend, and voice APIs.
Profile SystemDisplay-name editing rulesScaffoldedAdd cooldown and profanity/moderation checks.
Profile SystemUsername uniquenessDoneShow nicer duplicate-username errors in UI.
Profile SystemAvatar file size/type validationDoneMirror validation in server/storage policy where possible.
Profile SystemProfile completion statusDoneTune required items once KYC/payment flows are final.
Profile SystemEquippable rank banner overlayDoneReuse the same overlay in poker/social seat cards.
Compliance And Safety21+ age gateDoneConfirm KYC provider also validates DOB.
Compliance And SafetyPhilippines-only jurisdiction gateDoneAdd geolocation provider before real-money access.
Compliance And SafetyKYC before deposits, withdrawals, voice tables, or real bettingScaffoldedEnforce gates server-side before wallet/game/social unlock.
Compliance And SafetyAML risk trackingScaffoldedCreate scoring rules and admin workflows.
Compliance And SafetyDevice, VPN, and proxy risk checksPlannedChoose provider and score risky sessions.
Compliance And SafetyPayment owner match for GCash/MayaScaffoldedRequire legal-name match before approving deposits/withdrawals.
Compliance And SafetyResponsible gaming limitsScaffoldedBlock wallet/game actions when limits are reached.
Compliance And SafetyAdmin review queue for KYC, withdrawals, suspicious activityScaffoldedBuild authenticated admin decision screens.
Compliance And SafetyFull audit logs for account, wallet, game, and admin actionsScaffoldedMake audit writing mandatory in all server mutations.
Compliance And SafetyLegal review before real-money launchBlockedHire qualified PH gaming counsel before accepting real funds.
Compliance And SafetyTerms, privacy, responsible gaming, AML, KYC, payment, dispute, underage, and suspicious-activity policiesScaffoldedHave counsel review and approve exact final text.
Payments And WalletPHP-only wallet balanceDoneKeep all display and ledger formatting in PHP.
Payments And WalletDeposit page for Maya and GCashScaffoldedConnect provider or manual review workflow after approval.
Payments And WalletWithdrawal page for Maya and GCashScaffoldedGate by KYC, owner match, risk, and admin approval.
Payments And WalletPending, approved, and rejected transaction statesScaffoldedExpose status changes through server APIs.
Payments And WalletTransaction history and betting historyDoneWire to ledger/bet records after DB is populated.
Payments And WalletBalance updates through ledger entries onlyScaffoldedCreate atomic ledger functions and ban direct client updates.
Payments And WalletManual review workflow firstScaffoldedBuild approve/reject/hold UI with audit logging.
Payments And WalletOfficial payment provider integration laterBlockedSecure Maya/GCash approved gambling merchant route.
Payments And WalletReceipt/reference upload or payment reference matchingPlannedAdd upload/reference entry form and review page.
Payments And WalletAdmin payout approval systemPlannedAdd dual approval for withdrawals.
Payments And WalletWithdrawal holds, owner-name match, min/max limits, duplicate detection, refunds, reversals, and transaction audit trailScaffoldedImplement rules before enabling any real-money payment.
Provably Fair And RandomnessGenerate server seed, client seed, and nonce per betScaffoldedMove seed generation to server APIs for real bets.
Provably Fair And RandomnessHash server seed before game startsScaffoldedCommit hash before bet lock and store audit ID.
Provably Fair And RandomnessReveal server seed after resultScaffoldedReveal only after settlement.
Provably Fair And RandomnessShow result verification panelScaffoldedAdd reusable verify-fairness modal/page tied to DB records.
Provably Fair And RandomnessStore seed, nonce, bet, result, payout, and hashScaffoldedPersist every play-money and future real-money round.
Provably Fair And RandomnessPrevent client-side result manipulationPlannedServer-authoritative result APIs required before money.
Provably Fair And RandomnessPublic explanation, audit IDs, and algorithm versioningScaffoldedWrite public verification copy and freeze algorithm versions.
Social And MessagingUser-to-user messagingScaffoldedAdd realtime message send/read APIs with RLS.
Social And MessagingFriend systemPlannedAdd friends, blocks, and requests tables.
Social And MessagingInvite friends to game tablesPlannedAdd table invitations and notifications.
Social And MessagingVoice chat rooms for friend tablesPlannedChoose voice provider and add room permissions.
Social And MessagingMute, block, report, chat logs, moderation, online status, invite notifications, anti-spam, reporting workflow, admin moderation dashboardPlannedBuild moderation-first social APIs before public launch.
Social And MessagingSocial poker and small tables as a major featureScaffoldedPrioritize social poker after auth/profile/wallet basics stabilize.
Frontend PagesHome, login, register, forgot password, reset password, verify emailDoneRetest after Vercel and Supabase env changes.
Frontend PagesProfile, KYC verification, deposit, withdraw, transaction history, betting historyDoneWire more live data as backend APIs mature.
Frontend PagesRank system and leaderboardDoneConnect ranks to real progression events.
Frontend PagesGames lobby and individual game pagesDoneConvert prototypes to server-authoritative game loops.
Frontend PagesMessaging, customer support, FAQ, about, responsible gaming, terms/privacy, account settings/security/sessions/limits, game rules, admin dashboardDoneDeepen live data, permissions, and error states.
Design And UXFinalize brand guide implementationScaffoldedReview every page against the guide after feature changes.
Design And UXUse Norwester for display/headline/money labels and Atkinson Hyperlegible for body/UIDoneSpot-check remaining components for font leakage.
Design And UXKeep top nav consistent and mobile layouts improvedScaffoldedPlaywright-check mobile pages before production.
Design And UXLoading skeletons, empty states, error states, and disabled statesScaffoldedAdd route-specific empty/error states where API data loads.
Design And UXProfessional casino/game UI, readable ranks, consistent controls, compliance messages, hover/focus accessibilityScaffoldedRun a full visual QA pass across desktop/mobile.
Deployment ChecklistResend domain verifiedDoneSend fresh production signup and password reset tests.
Deployment ChecklistVercel and Supabase env vars completeExternal SetupSet values in Vercel and local .env.local without committing secrets.
Deployment ChecklistSupabase URL redirects correctExternal SetupSet Supabase Auth URL and redirect URLs to emtree.live plus local dev.
Deployment ChecklistDatabase schema applied and RLS testedExternal SetupRun SQL in Supabase and test as multiple users.
Deployment ChecklistBuild passesDoneKeep typecheck/build green before every push.
Deployment ChecklistRegister/login/verify/reset/support/profile upload testedBlockedRun end-to-end test after external setup is verified.
Deployment ChecklistDeposit/withdraw disabled or sandboxed until legal/payment approvalDoneDo not remove launch blockers until legal and provider approval is complete.
Immediate Next Build PrioritiesVerify Resend DNS and add missing Vercel env varsScaffoldedConfirm Vercel env vars and redeploy Vercel.
Immediate Next Build PrioritiesTest signup with fresh email and confirm 6-digit verification arrivesExternal SetupUse a never-before-used email after redeploy.
Immediate Next Build PrioritiesConfirm login after verification and forgot-password emailBlockedTest both local and production URLs.
Immediate Next Build PrioritiesRun Supabase SQL schemasExternal SetupRun all schema files in Supabase SQL Editor.
Immediate Next Build PrioritiesTest profile avatar uploadBlockedRun storage SQL, then upload a small PNG/JPG.
Immediate Next Build PrioritiesFinish wallet ledger APIs and balance displayPlannedBuild server routes for deposits, withdrawals, bets, payouts, and ledger reads.
Immediate Next Build PrioritiesStart admin review toolsPlannedBuild protected admin routes for users, KYC, payments, support, and risk.