# Codex Agent Guide — CoopGameChooser This repo is a tiny, purpose-built web app for a closed Discord group to: 1) submit game suggestions blindly 2) reveal all suggestions with authors 3) vote 0–10 blindly 4) reveal totals sorted by score Tech constraints: - .NET 10 - ASP.NET Core Minimal API - Static HTML/CSS/JS (no Razor Pages, no Blazor, no HTMX) - SQLite via EF Core - Cookie-based anonymous identity (no accounts) - Single active “session” (one room) unless extended later - Runs on IIS (Windows Server) This file tells Codex how to work in this repo. Also see the other related files: API.md, IIS.md, SPEC.md --- ## Operating Principles ### Non-negotiables - **Server-side enforcement of phase rules** (clients must not be trusted). - **Blindness**: - Suggest phase: player can only read/write their own suggestions. - Vote phase: player can only read/write their own votes. - Results phase: only aggregated totals are shown. - **Minimal moving parts**: prefer `Program.cs` + a few small files over frameworks. ### “Ridiculously fast” bias - Prefer “ship a working MVP” over architecture purity. - Avoid introducing new dependencies unless they remove complexity. --- ## Repo Layout Target - `Program.cs` — Minimal API endpoints, middleware, cookie identity, admin endpoints - `Data/` — EF Core DbContext and migrations (optional for MVP) - `Domain/` — Plain models: Player, Suggestion, Vote, AppState, Phase enum - `wwwroot/` - `index.html` — app shell; loads phase-specific views - `app.js` — API client + render functions + polling - `styles.css` — minimal styling Do not introduce MVC controllers, Razor Pages, Blazor, or SPA frameworks. --- ## Implementation Checklist (Codex should follow this order) 1. App boots and serves static files 2. Cookie-based anonymous identity 3. Phase gating (server-side) 4. Suggest phase (blind input) 5. Reveal phase (read-only) 6. Vote phase (blind scoring) 7. Results phase (aggregated leaderboard) 8. Admin controls (phase switch, reset) 9. Factory reset (clear all data including players) for fresh testing/deploy 10. Suggest delete (players can delete their own suggestions during Suggest phase) --- ## Security Notes - Cookie must be HttpOnly and SameSite=Strict - Use HTTPS in production - No client-side trust for blindness --- ## Codex Working Style - Implement API first, UI second - Keep changes small and testable - Prefer clarity over abstraction - After every iteration, do a git commit with a brief summary of the changes as a commit message.