- Client
- Stuart DaCosta, Mumbai
- Engagement
- Full build, ongoing support
- Stack
- Next.js 16, Supabase, Razorpay, Vercel
- Status
- Production hardening · Q2 FY26 launch
The brief.
Stuart needed a single platform that did three things at once: showcase his film and ad scoring portfolio with persistent audio playback, sell sample packs and stems through a real checkout, and let him publish new work without engineering involvement. Existing template solutions broke at the persistent-audio requirement; existing storefronts broke at the audio-portfolio requirement.
The architecture.
A Next.js App Router build with Server Components for the catalogue and a single Client Component island for the persistent audio player, lifted to the root layout so it survives navigation. Supabase handles auth, product catalogue, order records, and asset storage with row-level security policies. Razorpay handles checkout. The admin dashboard is a separate authenticated route that lets Stuart upload tracks, set prices, and ship sample packs without writing code.
What I hardened before handover.
- Supabase RLS policies for every table.
- Rate limiting on the inquiry form and checkout endpoints.
- Full audit logging for admin actions.
- A security dossier delivered as a separate document.
- Contracts under the Indian Contract Act and DPDP Act 2023.
Launch milestones.
| Milestone | Status | |---|---| | Razorpay checkout (test mode) | ✓ Complete | | Admin upload dashboard | ✓ Delivered to Stuart | | Audio persistence across navigation | ✓ Production hardened | | Supabase RLS audit + security dossier | ✓ Delivered | | Contracts (ICA + DPDP Act 2023) | ✓ Executed | | Public launch | Q2 FY26 · awaiting Stuart’s go-live |
What got drawn that didn’t get built.
This section is intentionally left as a placeholder until the deviation note is written from the engagement journal. The drawing exposed trade-offs; this is where they get named.