# CoopGameChooser Task List

- [x] Initialize git repository.

## Foundation
- [x] Add `.gitignore` for .NET / IIS publish artifacts.
- [x] Scaffold .NET 10 minimal API project with static file hosting (`wwwroot`).
- [x] Configure SQLite connection pointing to `App_Data` with EF Core migrations folder under `Data/`.
- [x] Define domain models in `Domain/`: `Player`, `Suggestion`, `Vote`, `AppState`, `Phase` enum.
- [x] Implement `AppDbContext` in `Data/` with DbSets and simple seeding of `AppState`.

## Identity & Middleware
- [ ] Middleware to issue/read HttpOnly `player` cookie with Guid; SameSite=Strict; secure in production.
- [ ] Minimal API filters/helpers to resolve current player and ensure existence in DB.
- [ ] Global exception/validation handling and basic logging.

## Phase Enforcement
- [ ] Store current phase in `AppState`; default to Suggest.
- [ ] Central guard ensuring endpoints respect allowed phase (server-side blindness, no client trust).

## API Endpoints (see API.md)
- [ ] `GET /api/state` returns phase and counts.
- [ ] `GET /api/me` and `POST /api/me/name` to set display name.
- [ ] Suggestion endpoints: mine/create/all with per-player visibility rules.
- [ ] Vote endpoints: mine/create with per-player visibility and phase gating.
- [ ] Results endpoint aggregates totals and vote counts (optionally averages) sorted desc.
- [ ] Admin endpoints: switch phase, reset data; protect via env password.

## Frontend (wwwroot)
- [ ] `index.html` shell with phase-driven sections.
- [ ] `app.js` API client, polling, and render functions per phase; enforce blindness in UI.
- [ ] `styles.css` basic responsive layout (desktop + mobile).

## Persistence & Migrations
- [ ] Create initial EF Core migration for SQLite schema.
- [ ] Add startup migration application.

## Testing & Quality
- [ ] Happy-path smoke test script (manual or minimal automated) for phase flow.
- [ ] Lint/format via `dotnet format` (optional) and ensure build succeeds.

## Deployment
- [ ] Add minimal publish profile/notes for IIS (respect `ASPNETCORE_ENVIRONMENT`, admin password env var, writable App_Data).

## Stretch (later)
- [ ] Support multiple sessions/rooms.
- [ ] Add rate limiting or spam safeguards.