justtherip is a Jewels-only digital pack-opening platform for collectible trading cards (e.g. Magic: The Gathering, Pokémon). Users purchase non-withdrawable site credits ("Jewels"), open randomized digital packs, and receive physical cards shipped on-demand from third-party marketplaces.

This repository contains the Phase 1 MVP implementation.

⚠️ This project intentionally excludes cash-out, withdrawals, P2P trading, and inventory warehousing.

• SvelteKit (file-based routing)
• TypeScript
• Tailwind / CSS utilities (optional)

• Node.js API (authoritative logic layer)
• Secure server-side RNG
• Idempotent transactional endpoints

• Supabase

  • PostgreSQL
  • Supabase Auth (JWT)
  • Row Level Security (RLS)

• Stripe (Jewels purchase only)

• Non-withdrawable
• Non-transferable
• Purchased with fiat
• Spent only on packs

• Digitally opened
• Odds-based
• RNG-driven
• Results logged immutably

• Digital representation of physical cards
• Physical cards are sourced and shipped on-demand

.
├── src/
│   ├── routes/          # SvelteKit pages
│   ├── lib/             # UI components & helpers
│   ├── stores/          # Client-side state (read-only)
│   └── hooks.server.ts  # Auth/session handling
│
├── api/                 # Node.js API (server-side logic)
│   ├── routes/          # REST endpoints
│   ├── services/        # Business logic (packs, wallets, RNG)
│   └── utils/           # Idempotency, logging, helpers
│
├── supabase/            # SQL, RLS policies, migrations
└── README.md

• ❌ Frontend must never mutate wallets, packs, or cards directly
• ✅ All state changes happen via Node.js API
• ✅ All money-like operations are transactional
• ✅ All pack opens are idempotent
• ✅ Wallet balances must never go negative

If a feature violates any of the above, it does not belong in Phase 1.

Create a .env file with the following:

SUPABASE_URL=
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=

Never expose the service role key to the client.

Install dependencies:

npm install

Start the dev server:

npm run dev

The app will be available at:

http://localhost:5173

To create a production build:

npm run build

To preview the build:

npm run preview

• All wallet mutations are server-side only
• Supabase RLS restricts user access to their own data
• Logs are append-only
• No deletes on financial tables

• No withdrawals
• No cash-out
• No P2P trading
• No inventory warehousing
• No gambling terminology in UI

• Additional pack types
• Multi-game expansion
• Automated fulfillment
• Advanced EV tuning
• Fraud detection tooling

This repository is proprietary and intended for internal development of justtherip only.

This README reflects the architectural and contractual constraints defined in the Scope of Work. Any deviation should be reviewed carefully before implementation.