This is a submission for the DEV April Fools Challenge
What I built
I built a full-stack AI app that gives you the superpower you ask for, then ruins it with one tiny condition.
- You open the site.
- You rub a magical lamp.
- A genie shows up.
- You make a wish.
- The app grants it in a way that makes the whole thing basically useless.
- You can become invisible, but only your internal organs.
- You can shape-shift, but only into a slightly uglier version of yourself.
- You can hear other people's thoughts, but only in extinct languages.
So yes, it works.
It just works toward a completely worthless outcome.
The idea was simple. I wanted to interpret "useless" a little sideways.
Instead of making something broken, I made something polished whose output is useless on purpose.
The app does what it says. The infrastructure is real. The end result is still nonsense.
So I did not build a useless app.
I built an app that mass-produces uselessness.
And because I apparently cannot leave a joke alone once it starts working, I also over-engineered it.
Demo
Code
The repo includes the app code, infra setup, docs, ADRs, API design, tests, and enough delivery process to make the whole thing feel weirdly official.
Cursed Powers
Every superpower has a catchβ’
Cursed Powers is a full-stack web application that combines AI with interactive storytelling. Users rub a magic lamp to summon a genie, make a superpower wish, and receive a hilariously cursed interpretation of their wish powered by AI.
The engineering is production-grade. The usefulness is thoroughly cursed.
Features
- Interactive Lamp Experience: Animated lamp-rubbing interface that triggers genie summoning
- Dual AI Providers: Fallback-capable integration with Google Gemini 2.5 Flash and OpenAI GPT-4o-mini
- Security-First Backend: Rate limiting, abuse detection, request signing, CAPTCHA verification, and content moderation
- Real-Time Results: WebSocket-ready architecture with progressive result streaming
- Enterprise Deployment: Production-ready infrastructure with AWS ECS Fargate, CloudFront CDN, WAF, and automated scaling
- Comprehensive Testing: 192 unit tests (100% API coverage) + 14 E2E browser tests
- Type-Safe: 100% TypeScript with strict mode across frontend and backend
Architecture
ββββββββββββββββββββββββββββββββ
β CloudFront CDN β
βHow I built it
Because the infrastructure is part of the punchline, I wanted to show not just the app, but the machinery behind it.
This project only works as a joke if the output is ridiculous and the implementation is treated with an unreasonable amount of seriousness.
Architecture, unfortunately
Under the magical lamp and cursed wishes, this project runs on a stack that is much more serious than the idea deserves.
That is part of the joke too. This entire system exists to reliably produce unusable superpowers.
ββββββββββββββββββββββββββββββββ
β CloudFront CDN β
β + WAF (4 rule groups) β
ββββββββββββββββ¬ββββββββββββββββ
β
ββββββββββββββββΌββββββββββββββββββ
β Application Load Balancer β
β (TLS 1.3, path-based routing)β
βββββββββ¬βββββββββββββββ¬ββββββββββ
β β
/api/* β β /*
βββββββββββββββΌβββ ββββββββΌβββββββββββββ
β ECS Fargate β β ECS Fargate β
β Fastify API β β Next.js Web β
β β β β
β ββββββββββββ β β Security Headers β
β β Helmet β β β HSTS, CSP, etc. β
β β Rate Lim β β βββββββββββββββββββββ
β β Circuit β β
β β Breakers β β
β ββββββββββββ β
βββββββββ¬βββββββββ
β
ββββββββββββββΌβββββββββββββ
β EFS (Encrypted) β
β SQLite + WAL mode β
β Daily backups β
βββββββββββββββββββββββββββ
β
ββββββββββββββββΌβββββββββββββββ
β β β
βββββββΌββββββ βββββββΌββββββ βββββββΌβββββββ
β Gemini β β OpenAI β β OpenAI β
β 2.5 Flashβ β GPT-4o β β Moderationβ
β (primary) β β (backup) β β API β
βββββββββββββ βββββββββββββ ββββββββββββββ
If someone only looked at the infrastructure, they might assume it powers something financially important.
It does not.
It powers a genie that grants wishes badly.
Frontend
On the surface, the app needed to feel magical before it felt stupid.
The frontend uses:
- Next.js 15
- React
- Tailwind CSS v4
- Framer Motion
I did not want this to feel like a generic AI textbox with a lamp pasted on top. I wanted it to feel a little ceremonial: arrive, rub the lamp, summon the genie, make a wish, then wait for the system to ruin it with confidence.
So the frontend is responsible for the parts that make the joke land:
- lamp animation
- genie reveal
- wish input flow
- result rendering
- validation
- API integration
- request handling
- enough theatricality to make the whole thing feel intentional
Backend
Once the frontend sets the mood, the backend does the deeply unserious serious work.
The backend uses:
- Fastify 5
- Drizzle ORM
- SQLite
- Zod
- Pino
- Helmet
- @fastify/rate-limit
- Cloudflare Turnstile verification
It handles:
- wish submission and validation
- AI orchestration
- cursed power generation
- result retrieval
- gallery and random wish endpoints
- health checks
- moderation
- rate limiting
- request validation
- diagnostics
Honestly, the backend is more serious than the premise deserves.
That was deliberate.
If the output is nonsense, the system producing that nonsense should still be solid.
Google AI / Gemini usage
At the center of all this is the actual wish-ruining engine.
Gemini is the main model behind the app.
I used:
- Google Gemini 2.5 Flash as the primary model
- OpenAI GPT-4o-mini as the fallback provider
- OpenAI Moderation in the safety pipeline
The AI flow is not just "say something random and funny." It follows a simple structure:
wish β interpret β curse β return a technically valid but practically useless power
That constraint helped a lot. The outputs became more consistent, easier to read, and usually much funnier.
The genie is not denying your wish.
The genie is honoring it as maliciously as possible.
Ridiculous over-engineering, on purpose
At this point, the second joke becomes obvious:
the implementation is wildly disproportionate to the value of the product.
So naturally, this cursed superpower generator includes:
- npm workspaces + Turborepo
- a shared type-safe schema package
- OpenAPI 3.1
- 9 architecture decision records
- Terraform-managed AWS infrastructure
- CloudFront CDN
- AWS WAF
- an Application Load Balancer with TLS 1.3
- ECS Fargate for both web and API
- encrypted EFS-backed SQLite in WAL mode
- multi-stage Dockerfiles
- docker-compose for local development
- CI with typecheck, lint, unit tests, E2E tests, and commitlint
- a tag-triggered release pipeline
- Husky pre-commit, commit-msg, and pre-push hooks
- Conventional Commits enforcement
- a deep health check endpoint
- a runbook
- an incident response guide
- a service level agreement
- HTCPCP compliance
A lot of joke projects stop at the concept.
I wanted this one to keep going until the engineering itself became part of the punchline.
Did I mention it also has 100% unit test coverage?
Security, because apparently even cursed wishes need governance
And since I was already making terrible but committed decisions, I also spent real time on security.
That includes:
- CloudFront + AWS WAF
- Helmet security headers
- rate limiting
- Cloudflare Turnstile CAPTCHA support
- Zod schema validation
- AI provider circuit breakers
- content moderation
- CORS configuration
- proxy awareness for real client IP handling
- vulnerability reporting documentation
- dependency monitoring through CI and GitHub alerts
Is this more security planning than most genie interactions require?
Yes.
Was I going to stop because of that?
Obviously not.
Teapot compliance
Is 418 and teapot a super power?
Prize category
I would like to be considered for:
- Best Google AI Usage
- Best Ode to Larry Masinter
- the main DEV April Fools Challenge
This app is not useless because it is broken.
It is useless because it is very good at producing unusable results.
That is the whole bit.
Some people use software to solve meaningful problems.
I used software to build a scalable platform for granting wishes badly.
The system is stable.
The infrastructure is serious.
The output is useless.
That is exactly what I set out to build.
Top comments (0)