diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..f27098d
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+.git
+.gradle
+build
+.idea
+*.iml
+.env
\ No newline at end of file
diff --git a/.github/workflows/backend-manual-build.yml b/.github/workflows/backend-manual-build.yml
new file mode 100644
index 0000000..7b3ed5d
--- /dev/null
+++ b/.github/workflows/backend-manual-build.yml
@@ -0,0 +1,42 @@
+name: Backend Manual Build
+
+on:
+  workflow_dispatch:
+
+jobs:
+  backend-manual-build:
+    runs-on: ubuntu-latest
+
+    env:
+      DB_URL: ${{ secrets.DB_URL }}
+      DB_USERNAME: ${{ secrets.DB_USERNAME }}
+      DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+      JWT_SECRET: ${{ secrets.JWT_SECRET }}
+      JWT_ACCESS_TOKEN_VALIDITY_SECONDS: ${{ secrets.JWT_ACCESS_TOKEN_VALIDITY_SECONDS }}
+      JWT_REFRESH_TOKEN_VALIDITY_SECONDS: ${{ secrets.JWT_REFRESH_TOKEN_VALIDITY_SECONDS }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: "21"
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Cache Gradle
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: Build with Gradle
+        run: ./gradlew clean build
diff --git a/.github/workflows/code-style-test.yml b/.github/workflows/code-style-test.yml
new file mode 100644
index 0000000..b389c45
--- /dev/null
+++ b/.github/workflows/code-style-test.yml
@@ -0,0 +1,43 @@
+name: Java Code Style Check
+
+on:
+  pull_request:
+    branches: ['**']
+  push:
+    branches: ['**']
+  workflow_dispatch:
+
+jobs:
+  style-check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Run Spotless and Checkstyle
+        run: |
+          set -e
+          ./gradlew spotlessCheck --no-daemon
+          ./gradlew checkstyleMain checkstyleTest --no-daemon
+        shell: bash
+
+      - name: Show summary
+        run: |
+          if [ $? -eq 0 ]; then
+            echo "🎉 Code style checks passed!"
+          else
+            echo "❌ Code style violations detected!"
+            echo "Please run './gradlew spotlessApply' locally and fix Checkstyle issues."
+            exit 1
+          fi
+        shell: bash
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..c92e12d
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,44 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["main", "develop"]
+  pull_request:
+    branches: ["main", "develop"]
+  schedule:
+    - cron: '0 8 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['java']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          cache: 'gradle'
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 0000000..015f665
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,23 @@
+name: Dependency Review
+
+on:
+  pull_request:
+    branches: ["main", "develop"]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    name: Audit dependencies
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Review dependencies
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: critical
diff --git a/.github/workflows/dockercompose-test.yml b/.github/workflows/dockercompose-test.yml
new file mode 100644
index 0000000..b3c5d53
--- /dev/null
+++ b/.github/workflows/dockercompose-test.yml
@@ -0,0 +1,127 @@
+name: Docker Compose Test
+
+on:
+  pull_request:
+    push:
+      branches:
+        - main
+        - develop
+    paths:
+      - 'docker-compose.yml'
+      - 'Dockerfile.backend'
+      - 'src/**'
+  push:
+    branches:
+      - main
+      - develop
+  workflow_dispatch:
+
+jobs:
+  docker-compose-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Build with Gradle
+        run: ./gradlew bootJar
+
+      - name: Create .env file from secrets
+        run: |
+          cat > .env << EOF
+          # Database Configuration
+          DB_PASSWORD=${{ secrets.DB_PASSWORD }}
+          DB_USERNAME=${{ secrets.DB_USERNAME }}
+          DB_URL=${{ secrets.DB_URL }}
+          
+          # JWT Configuration
+          JWT_SECRET=${{ secrets.JWT_SECRET }}
+          JWT_ACCESS_TOKEN_VALIDITY_SECONDS=${{ secrets.JWT_ACCESS_TOKEN_VALIDITY_SECONDS }}
+          JWT_REFRESH_TOKEN_VALIDITY_SECONDS=${{ secrets.JWT_REFRESH_TOKEN_VALIDITY_SECONDS }}
+          EOF
+
+      - name: Start Docker Compose
+        run: docker compose up -d
+
+      - name: Check running containers
+        run: docker compose ps
+
+      - name: Wait for services to be ready
+        run: |
+            echo "⏳ Waiting for MySQL to be ready..."
+            timeout 30 bash -c 'until docker compose exec -T db mysqladmin ping \
+              -h localhost -uroot -p"${{ secrets.DB_PASSWORD }}" --silent 2>/dev/null; do sleep 2; done'
+            echo "✅ MySQL is ready!"
+            
+            echo "⏳ Waiting for Valkey to be ready..."
+            timeout 30 bash -c 'until docker compose exec -T keystore valkey-cli ping 2>/dev/null | grep -q PONG; do sleep 2; done'
+            echo "✅ Valkey is ready!"
+            
+            echo "⏳ Waiting for application to be ready..."
+            timeout 90 bash -c 'until curl -f http://localhost:8080/actuator/health 2>/dev/null; do sleep 3; done'
+            echo "✅ Application is ready!"
+
+      - name: Health check
+        run: |
+          response=$(curl -s http://localhost:8080/actuator/health)
+          echo "Health check response: $response"
+          if echo "$response" | grep -q '"status":"UP"'; then
+            echo "✅ Health check passed!"
+          else
+            echo "❌ Health check failed!"
+            exit 1
+          fi
+
+      - name: Test MySQL connection
+        env:
+          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+          DB_USERNAME: ${{ secrets.DB_USERNAME }}
+        run: |
+          echo "Testing MySQL connection..."
+          docker compose exec -T db mysql -u"$DB_USERNAME" -p"$DB_PASSWORD" -e "SELECT 1;" && \
+          echo "✅ MySQL connection successful!" || \
+          (echo "❌ MySQL connection failed!" && exit 1)
+
+      - name: Test Valkey connection
+        run: |
+          echo "Testing Valkey connection..."
+          result=$(docker compose exec -T keystore valkey-cli ping)
+          if [ "$result" = "PONG" ]; then
+            echo "✅ Valkey connection successful!"
+          else
+            echo "❌ Valkey connection failed!"
+            exit 1
+          fi
+
+      - name: Show container logs on failure
+        if: failure()
+        run: |
+          echo "=== Application Logs ==="
+          docker compose logs app
+          echo "=== Database Logs ==="
+          docker compose logs db
+          echo "=== Valkey Logs ==="
+          docker compose logs keystore
+
+      - name: Stop Docker Compose
+        if: always()
+        run: docker compose down -v
+
+      - name: Test Summary
+        if: success()
+        run: |
+          echo "🎉 All Docker Compose tests passed!"
+          echo "✅ MySQL connection verified"
+          echo "✅ Valkey connection verified"
+          echo "✅ Application health check passed"
+          echo "✅ All services running correctly"
\ No newline at end of file
diff --git a/BACKEND_DEPLOYMENT.md b/BACKEND_DEPLOYMENT.md
new file mode 100644
index 0000000..48ab1c8
--- /dev/null
+++ b/BACKEND_DEPLOYMENT.md
@@ -0,0 +1,61 @@
+## 개요
+당 문서는 Bravest 백엔드를 컨테이너 이미지로 패키징하는 `Dockerfile.backend`에 대해 설명합니다.
+
+작성자 @semi-yu
+
+## 상세
+
+### 사전 지식
+
+자바 애플리케이션은 배포 전에 먼저 바이트코드(JAR)로 컴파일되어야 합니다. 이 과정에서 의존성 해소 등을 위해 Gradle이 관여하지만, 이 프로젝트에서는 `Dockerfile.backend`가 `./gradlew bootJar`를 실행하도록 설정되어 있으므로 별도로 신경 쓸 필요는 없습니다.
+
+다만, 이 컴파일(빌드) 과정을 전용 Dockerfile로 따로 분리하면 설정이 중복되거나 빌드 파이프라인이 복잡해질 수 있습니다. 따라서 하나의 Dockerfile에서 **빌드 스테이지와 실행 스테이지를 모두 정의하는 멀티 스테이지 빌드**를 사용합니다. 이를 통해 어플리케이션 JAR 파일을 생성한 뒤, 실행에 필요한 JDK(내부에 JRE 포함)만 포함하는 컨테이너 이미지를 바로 만들 수 있으며, 결과 이미지 크기 또한 줄일 수 있습니다.
+
+### 기타 통제 사항
+`Dockerfile.backend`는 여러분이 요청하신 대로 21 버전의 JDK를 사용하도록 정의하였습니다. 배포판은 Temurin을 사용합니다.
+### 실행
+
+한편, 멀티 스테이지 빌드는 **이미지 빌드 시점의 구조**에만 영향을 줄 뿐, 이후 컨테이너를 실행하는 과정 자체에는 특별한 차이를 만들지 않습니다. 아래 절차를 따르면 됩니다.
+
+#### 이미지를 빌드하기 위해서…
+
+- 작업 디렉토리를 `Dockerfile.backend`가 존재하는 프로젝트 루트로 이동한 뒤, 다음 명령어를 실행합니다:
+
+```bash
+docker build \
+  -f Dockerfile.backend \
+  -t bravest-backend \
+  .
+```
+위 명령어는 `Dockerfile.backend`를 참조하여 백엔드 애플리케이션 이미지를 빌드합니다.
+
+#### 컨테이너 인스턴스를 실행하기 위해서...
+
+- `.env` 파일을 `Dockerfile.backend`가 존재하는 경로에 두고, 다음 명령어를 실행합니다:
+```bash
+docker run -d \
+  --name bravest-backend \
+  -p 8080:8080 \
+  --env-file .env \
+  bravest-backend
+```
+- 위 명령어는 빌드된 bravest-backend 이미지를 기반으로 컨테이너 인스턴스를 실행합니다.
+- 컨테이너 인스턴스가 외부 DB에 접속하기 위해 필요한 접속 정보는 `.env` 파일에 정의되어 있어야 하며, `--env-file .env` 옵션을 통해 컨테이너에 주입됩니다.
+  - 이를 통해 중요한 정보를 배포 환경의 파일 시스템에 저장하지 않고 환경 변수로 주입할 수 있습니다.
+  - 해당 파일을 얻으려면 팀원에게 연락해주세요.
+#### 현재는...
+- 스프링 부트로 작성된 백엔드의 Dockerfile만 정의되어 있습니다.
+- 가까운 시일 내에, 전체 서비스를 정의하는 `docker-compose.yml`를 정의하겠습니다.
+### 요약
+
+#### 빌드 및 실행
+```bash
+# 빌드
+docker build -f Dockerfile.backend -t bravest-backend .
+
+# 실행
+docker run -d --name bravest-backend -p 8080:8080 --env-file .env bravest-backend
+
+```
+- 사전 조건
+  - 프로젝트 루트에 `.env` 파일이 있어야 합니다. 파일이 없다면 팀원에게 요청하세요.
\ No newline at end of file
diff --git a/Dockerfile.backend b/Dockerfile.backend
new file mode 100644
index 0000000..e635dcb
--- /dev/null
+++ b/Dockerfile.backend
@@ -0,0 +1,31 @@
+# 빌드와 실행을 동시에 수행합니다.
+
+# 빌드 단계
+FROM eclipse-temurin:21-jdk-jammy AS build
+WORKDIR /workspace
+
+COPY gradlew .
+COPY gradle ./gradle
+
+COPY build.gradle settings.gradle ./
+
+RUN chmod +x gradlew
+
+RUN ./gradlew --no-daemon dependencies || true
+
+COPY . .
+
+RUN ./gradlew --no-daemon bootJar
+
+# 실행 단계
+FROM eclipse-temurin:21-jdk-jammy
+
+WORKDIR /app
+
+COPY --from=build /workspace/build/libs/*.jar app.jar
+
+ENV JAVA_OPTS="-Dspring.profiles.active=prod"
+
+EXPOSE 8080
+
+ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]
diff --git a/build.gradle b/build.gradle
index 327e68a..922a33a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,6 +2,8 @@ plugins {
 	id 'java'
 	id 'org.springframework.boot' version '3.5.7'
 	id 'io.spring.dependency-management' version '1.1.7'
+	id 'com.diffplug.spotless' version '6.25.0'
+	id 'checkstyle'
 }
 
 group = 'opensource'
@@ -28,18 +30,66 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
-	compileOnly 'org.projectlombok:lombok'
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
+    compileOnly 'org.projectlombok:lombok'
 	developmentOnly 'org.springframework.boot:spring-boot-devtools'
 	runtimeOnly 'com.mysql:mysql-connector-j'
 	annotationProcessor 'org.projectlombok:lombok'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+	implementation 'org.springframework.boot:spring-boot-starter-websocket'
+	implementation 'me.paulschwarz:spring-dotenv:4.0.0'
+	implementation 'org.springframework.boot:spring-boot-starter-web'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+	implementation 'org.springframework.boot:spring-boot-starter-actuator'
+	implementation 'com.mysql:mysql-connector-j'
+	// Swagger (springdoc)
+	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.14'
+	// JWT (jjwt 0.12.x)
+	implementation 'io.jsonwebtoken:jjwt-api:0.12.5'
+	runtimeOnly   'io.jsonwebtoken:jjwt-impl:0.12.5'
+	runtimeOnly   'io.jsonwebtoken:jjwt-jackson:0.12.5'
+
+
+	// Lombok
+	compileOnly 'org.projectlombok:lombok'
+	annotationProcessor 'org.projectlombok:lombok'
+
+	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'org.springframework.security:spring-security-test'
+
+	//env
 	implementation 'me.paulschwarz:spring-dotenv:4.0.0'
 
-	//swagger 세팅입니다
-	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0'
 }
 
 tasks.named('test') {
 	useJUnitPlatform()
 }
+
+tasks.register("checkstyle") {
+	dependsOn("checkstyleMain", "checkstyleTest")
+}
+
+checkstyle {
+	toolVersion = "10.12.0"
+
+	configFile = file("${rootDir}/config/checkstyle/google_checks.xml")
+}
+
+tasks.withType(Checkstyle).configureEach {
+	reports {
+		xml.required.set(true)
+		html.required.set(true)
+	}
+}
+
+spotless {
+	java {
+		eclipse().configFile file("${rootDir}/config/checkstyle/checkstyle_eclipse_format.xml")
+		target 'src/**/*.java'
+		trimTrailingWhitespace()
+		endWithNewline()
+	}
+}
\ No newline at end of file
diff --git a/compose.yaml b/compose.yaml
deleted file mode 100644
index 4d2047e..0000000
--- a/compose.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-services:
-  mysql:
-    image: 'mysql:latest'
-    environment:
-      - 'MYSQL_DATABASE=mydatabase'
-      - 'MYSQL_PASSWORD=secret'
-      - 'MYSQL_ROOT_PASSWORD=verysecret'
-      - 'MYSQL_USER=myuser'
-    ports:
-      - '3306'
diff --git a/config/checkstyle/checkstyle_eclipse_format.xml b/config/checkstyle/checkstyle_eclipse_format.xml
new file mode 100644
index 0000000..b13dbcb
--- /dev/null
+++ b/config/checkstyle/checkstyle_eclipse_format.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<profiles version="12">
+    <profile kind="CodeFormatterProfile" name="CheckstyleCompliant_v3" version="12">
+
+        <setting id="org.eclipse.jdt.core.formatter.tabulation.char" value="space"/>
+        <setting id="org.eclipse.jdt.core.formatter.tabulation.size" value="4"/>
+        <setting id="org.eclipse.jdt.core.formatter.indentation.size" value="4"/>
+        <setting id="org.eclipse.jdt.core.formatter.lineSplit" value="120"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.continuation_indentation" value="4"/>
+        <setting id="org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer" value="4"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer" value="16"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_type_declaration" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_method_declaration" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_enum_constant" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_array_initializer" value="insert"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.insert_new_line_in_empty_type_declaration" value="false"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_new_line_in_empty_method_body" value="false"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_new_line_in_empty_block" value="false"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.brace_position_for_type_declaration" value="end_of_line"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.brace_position_for_method_declaration" value="end_of_line"/>
+        <setting id="org.eclipse.jdt.core.formatter.brace_position_for_constructor_declaration" value="end_of_line"/>
+        <setting id="org.eclipse.jdt.core.formatter.brace_position_for_block" value="end_of_line"/>
+        <setting id="org.eclipse.jdt.core.formatter.brace_position_for_switch" value="end_of_line"/>
+        <setting id="org.eclipse.jdt.core.formatter.brace_position_for_lambda_body" value="end_of_line"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_invocation_arguments" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_parameters" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_type_declaration" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_method_declaration" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_block" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_around_assignment_operator" value="insert"/>
+        <setting id="org.eclipse.jdt.core.formatter.insert_space_around_binary_operator" value="insert"/>
+
+        <setting id="org.eclipse.jdt.core.formatter.comment.line_length" value="120"/>
+    </profile>
+</profiles>
\ No newline at end of file
diff --git a/config/checkstyle/google_checks.xml b/config/checkstyle/google_checks.xml
new file mode 100644
index 0000000..1013d86
--- /dev/null
+++ b/config/checkstyle/google_checks.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE module PUBLIC
+        "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+        "https://checkstyle.org/dtds/configuration_1_3.dtd">
+
+<module name="Checker">
+    <property name="charset" value="UTF-8"/>
+
+    <module name="FileLength">
+        <property name="max" value="3000"/>
+    </module>
+
+    <module name="FileTabCharacter">
+        <property name="eachLine" value="true"/>
+    </module>
+
+    <module name="LineLength">
+        <property name="max" value="200"/>
+    </module>
+
+    <module name="TreeWalker">
+        <module name="WhitespaceAfter"/>
+
+        <module name="Indentation">
+            <property name="basicOffset" value="4"/>
+            <property name="braceAdjustment" value="0"/>
+            <property name="caseIndent" value="4"/>
+            <property name="tabWidth" value="4"/>
+            <property name="arrayInitIndent" value="16"/>
+        </module>
+
+        <module name="UnusedImports"/>
+
+        <module name="TypeName"/>
+        <module name="MethodName"/>
+        <module name="ParameterName"/>
+        <module name="LocalVariableName"/>
+        <module name="MemberName"/>
+
+        <module name="LeftCurly"/>
+        <module name="RightCurly"/>
+
+        <module name="EmptyStatement"/>
+        <module name="FallThrough"/>
+    </module>
+</module>
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..5d4c6f4
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,48 @@
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile.backend
+    env_file:
+      - .env
+    container_name: bravest-backend
+    ports:
+      - "8080:8080"
+    networks:
+      - bravest-net
+    depends_on:
+      db:
+        condition: service_healthy
+      keystore:
+        condition: service_started
+
+  db:
+    image: mysql:8.0
+    env_file:
+      - .env
+    container_name: bravest-db
+    ports:
+      - "3306:3306"
+    networks:
+      - bravest-net
+    environment:
+      MYSQL_DATABASE: db
+      MYSQL_ROOT_PASSWORD: ${DB_PASSWORD}
+    healthcheck:
+      test: [ "CMD", "mysqladmin", "ping", "-h", "localhost", "-uroot", "-prootpw" ]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+      start_period: 10s
+
+  keystore:
+    image: valkey/valkey:9.0.0
+    container_name: bravest-keystore
+    ports:
+      - "6379:6379"
+    networks:
+      - bravest-net
+
+networks:
+  bravest-net:
+    driver: bridge
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..498fcc3
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,4 @@
+FROM ubuntu:latest
+LABEL authors="user"
+
+ENTRYPOINT ["top", "-b"]
\ No newline at end of file
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 0000000..0d1ca75
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,19 @@
+version: "3.8"
+
+services:
+  mysql:
+    image: mysql:8
+    container_name: mydb
+    ports:
+      - "3306:3306"
+    environment:
+      MYSQL_ROOT_PASSWORD: root
+      MYSQL_DATABASE: mydb
+      MYSQL_USER: myuser
+      MYSQL_PASSWORD: mypassword
+    volumes:
+      - db-data:/var/lib/mysql
+    restart: always
+
+volumes:
+  db-data:
\ No newline at end of file
diff --git a/src/main/java/opensource/bravest/BravestApplication.java b/src/main/java/opensource/bravest/BravestApplication.java
index 58c22c0..15912ca 100644
--- a/src/main/java/opensource/bravest/BravestApplication.java
+++ b/src/main/java/opensource/bravest/BravestApplication.java
@@ -6,8 +6,7 @@
 @SpringBootApplication
 public class BravestApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(BravestApplication.class, args);
-	}
-
+    public static void main(String[] args) {
+        SpringApplication.run(BravestApplication.class, args);
+    }
 }
diff --git a/src/main/java/opensource/bravest/config/SwaggerConfig.java b/src/main/java/opensource/bravest/config/SwaggerConfig.java
index c207f19..91fb3e6 100644
--- a/src/main/java/opensource/bravest/config/SwaggerConfig.java
+++ b/src/main/java/opensource/bravest/config/SwaggerConfig.java
@@ -13,15 +13,10 @@ public class SwaggerConfig {
 
     @Bean
     public OpenAPI openAPI() {
-        return new OpenAPI()
-                .components(new Components())
-                .info(apiInfo());
+        return new OpenAPI().components(new Components()).info(apiInfo());
     }
 
     private Info apiInfo() {
-        return new Info()
-                .title("Bravest")
-                .description("오픈소스 프로젝트 Bravest api 명세서입니다.")
-                .version("1.0.0");
+        return new Info().title("Bravest").description("오픈소스 프로젝트 Bravest api 명세서입니다.").version("1.0.0");
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/java/opensource/bravest/domain/chatList/controller/ChatListController.java b/src/main/java/opensource/bravest/domain/chatList/controller/ChatListController.java
new file mode 100644
index 0000000..8c51ad4
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/chatList/controller/ChatListController.java
@@ -0,0 +1,58 @@
+package opensource.bravest.domain.chatList.controller;
+
+import static opensource.bravest.domain.chatList.dto.ChatListDto.ChatListCreateRequest;
+import static opensource.bravest.domain.chatList.dto.ChatListDto.ChatListResponse;
+import static opensource.bravest.domain.chatList.dto.ChatListDto.ChatListUpdateRequest;
+
+import jakarta.validation.Valid;
+import java.util.List;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.chatList.service.ChatListService;
+import opensource.bravest.global.apiPayload.ApiResponse;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/chatlists")
+@RequiredArgsConstructor
+public class ChatListController {
+
+    private final ChatListService chatListService;
+
+    @PostMapping
+    public ApiResponse<ChatListResponse> createChatList(@Valid @RequestBody ChatListCreateRequest request) {
+        ChatListResponse response = chatListService.createChatList(request);
+        return ApiResponse.onSuccess(response);
+    }
+
+    @GetMapping("/room/{roomId}")
+    public ApiResponse<List<ChatListResponse>> getChatListsByRoomId(@PathVariable Long roomId) {
+        List<ChatListResponse> response = chatListService.getChatListsByRoomId(roomId);
+        return ApiResponse.onSuccess(response);
+    }
+
+    @GetMapping("/{id}")
+    public ApiResponse<ChatListResponse> getChatListById(@PathVariable Long id) {
+        ChatListResponse response = chatListService.getChatListById(id);
+        return ApiResponse.onSuccess(response);
+    }
+
+    @PutMapping("/{id}")
+    public ApiResponse<ChatListResponse> updateChatList(@PathVariable Long id,
+                    @Valid @RequestBody ChatListUpdateRequest request) {
+        ChatListResponse response = chatListService.updateChatList(id, request);
+        return ApiResponse.onSuccess(response);
+    }
+
+    @DeleteMapping("/{id}")
+    public ApiResponse<Void> deleteChatList(@PathVariable Long id) {
+        chatListService.deleteChatList(id);
+        return ApiResponse.onSuccess(null);
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/chatList/dto/ChatListDto.java b/src/main/java/opensource/bravest/domain/chatList/dto/ChatListDto.java
new file mode 100644
index 0000000..ff012ac
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/chatList/dto/ChatListDto.java
@@ -0,0 +1,47 @@
+package opensource.bravest.domain.chatList.dto;
+
+import java.time.LocalDateTime;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import opensource.bravest.domain.chatList.entity.ChatList;
+
+public class ChatListDto {
+
+    // 1. 아이디어 생성 요청 DTO (Create Request)
+    @Getter
+    @Setter
+    public static class ChatListCreateRequest {
+
+        private Long roomId;
+
+        private String content;
+
+        private Long registeredBy;
+    }
+
+    // 2. 아이디어 수정 요청 DTO (Update Request)
+    @Getter
+    @Setter
+    public static class ChatListUpdateRequest {
+
+        // 아이디어 내용 수정만 가정
+        private String content;
+    }
+
+    @Getter
+    @Builder
+    public static class ChatListResponse {
+        private Long id;
+        private Long roomId;
+        private String content;
+        private Long registeredBy;
+        private LocalDateTime createdAt;
+
+        public static ChatListResponse fromEntity(ChatList chatList) {
+            return ChatListResponse.builder().id(chatList.getId()).roomId(chatList.getRoomId())
+                            .content(chatList.getContent()).registeredBy(chatList.getRegisteredBy().getId())
+                            .createdAt(chatList.getCreatedAt()).build();
+        }
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/chatList/entity/ChatList.java b/src/main/java/opensource/bravest/domain/chatList/entity/ChatList.java
new file mode 100644
index 0000000..d4a93d8
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/chatList/entity/ChatList.java
@@ -0,0 +1,65 @@
+package opensource.bravest.domain.chatList.entity;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+import jakarta.validation.constraints.NotNull;
+import java.time.LocalDateTime;
+import lombok.AccessLevel;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import org.hibernate.annotations.CreationTimestamp;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@Table(name = "chat_list")
+public class ChatList {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "room_id", nullable = false)
+    private AnonymousRoom room;
+
+    @NotNull
+    @Column(length = 255)
+    private String content;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "profile_id", nullable = false)
+    private AnonymousProfile registeredBy;
+
+    @CreationTimestamp
+    private LocalDateTime createdAt;
+
+    @Builder
+    public ChatList(AnonymousRoom room, String content, AnonymousProfile registeredBy) {
+        this.room = room;
+        this.content = content;
+        this.registeredBy = registeredBy;
+    }
+
+    public void updateContent(String content) {
+        this.content = content;
+    }
+
+    public Long getRoomId() {
+        return this.room.getId();
+    }
+
+    public Long getProfileId() {
+        return this.registeredBy.getId();
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/chatList/repository/ChatListRepository.java b/src/main/java/opensource/bravest/domain/chatList/repository/ChatListRepository.java
new file mode 100644
index 0000000..b005041
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/chatList/repository/ChatListRepository.java
@@ -0,0 +1,12 @@
+package opensource.bravest.domain.chatList.repository;
+
+import java.util.List;
+import opensource.bravest.domain.chatList.entity.ChatList;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+
+public interface ChatListRepository extends JpaRepository<ChatList, Long> {
+
+    @Query("SELECT c FROM ChatList c WHERE c.room.id = :roomId ORDER BY c.createdAt DESC")
+    List<ChatList> findAllByRoomId(Long roomId);
+}
diff --git a/src/main/java/opensource/bravest/domain/chatList/service/ChatListService.java b/src/main/java/opensource/bravest/domain/chatList/service/ChatListService.java
new file mode 100644
index 0000000..4443986
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/chatList/service/ChatListService.java
@@ -0,0 +1,72 @@
+package opensource.bravest.domain.chatList.service;
+
+import static opensource.bravest.domain.chatList.dto.ChatListDto.ChatListCreateRequest;
+import static opensource.bravest.domain.chatList.dto.ChatListDto.ChatListResponse;
+import static opensource.bravest.domain.chatList.dto.ChatListDto.ChatListUpdateRequest;
+import static opensource.bravest.global.apiPayload.code.status.ErrorStatus._CHATLIST_NOT_FOUND;
+import static opensource.bravest.global.apiPayload.code.status.ErrorStatus._CHATROOM_NOT_FOUND;
+import static opensource.bravest.global.apiPayload.code.status.ErrorStatus._USER_NOT_FOUND;
+
+import java.util.List;
+import java.util.stream.Collectors;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.chatList.entity.ChatList;
+import opensource.bravest.domain.chatList.repository.ChatListRepository;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.profile.repository.AnonymousProfileRepository;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import opensource.bravest.domain.room.repository.AnonymousRoomRepository;
+import opensource.bravest.global.exception.CustomException;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+@RequiredArgsConstructor
+@Transactional(readOnly = true)
+public class ChatListService {
+
+    private final ChatListRepository chatListRepository;
+    private final AnonymousRoomRepository anonymousRoomRepository;
+    private final AnonymousProfileRepository anonymousProfileRepository;
+
+    @Transactional
+    public ChatListResponse createChatList(ChatListCreateRequest request) {
+        AnonymousRoom room = anonymousRoomRepository.findById(request.getRoomId())
+                        .orElseThrow(() -> new CustomException(_CHATROOM_NOT_FOUND));
+
+        AnonymousProfile profile = anonymousProfileRepository.findById(request.getRegisteredBy())
+                        .orElseThrow(() -> new CustomException(_USER_NOT_FOUND));
+
+        ChatList chatList = ChatList.builder().room(room).registeredBy(profile).content(request.getContent()).build();
+
+        ChatList savedList = chatListRepository.save(chatList);
+        return ChatListResponse.fromEntity(savedList);
+    }
+
+    public List<ChatListResponse> getChatListsByRoomId(Long roomId) {
+        List<ChatList> chatLists = chatListRepository.findAllByRoomId(roomId);
+        return chatLists.stream().map(ChatListResponse::fromEntity).collect(Collectors.toList());
+    }
+
+    public ChatListResponse getChatListById(Long id) {
+        ChatList chatList = chatListRepository.findById(id).orElseThrow(() -> new CustomException(_CHATLIST_NOT_FOUND));
+        return ChatListResponse.fromEntity(chatList);
+    }
+
+    @Transactional
+    public ChatListResponse updateChatList(Long id, ChatListUpdateRequest request) {
+        ChatList chatList = chatListRepository.findById(id).orElseThrow(() -> new CustomException(_CHATLIST_NOT_FOUND));
+
+        chatList.updateContent(request.getContent());
+
+        return ChatListResponse.fromEntity(chatList);
+    }
+
+    @Transactional
+    public void deleteChatList(Long id) {
+        if (!chatListRepository.existsById(id)) {
+            throw new CustomException(_CHATLIST_NOT_FOUND);
+        }
+        chatListRepository.deleteById(id);
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/message/controller/ChatMessageController.java b/src/main/java/opensource/bravest/domain/message/controller/ChatMessageController.java
new file mode 100644
index 0000000..a80df92
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/message/controller/ChatMessageController.java
@@ -0,0 +1,33 @@
+package opensource.bravest.domain.message.controller;
+
+import static opensource.bravest.domain.message.dto.MessageDto.MessageRequest;
+import static opensource.bravest.domain.message.dto.MessageDto.MessageResponse;
+
+import java.security.Principal;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import opensource.bravest.domain.message.service.ChatMessageService;
+import opensource.bravest.global.apiPayload.ApiResponse;
+import org.springframework.messaging.handler.annotation.MessageMapping;
+import org.springframework.messaging.handler.annotation.SendTo;
+import org.springframework.messaging.simp.SimpMessagingTemplate;
+import org.springframework.stereotype.Controller;
+
+@Slf4j
+@Controller
+@RequiredArgsConstructor
+public class ChatMessageController {
+    private final ChatMessageService chatMessageService;
+    private final SimpMessagingTemplate messagingTemplate;
+
+    @MessageMapping("/send")
+    @SendTo("/subs/chat-rooms")
+    public void receiveMessage(MessageRequest request, Principal principal) {
+        Long id = Long.parseLong(principal.getName());
+        MessageResponse response = chatMessageService.send(request, id);
+
+        // 특정 채팅방 구독자들에게 메시지 전송
+        messagingTemplate.convertAndSend("/subs/chat-rooms/" + request.getChatRoomId(),
+                        ApiResponse.onSuccess(response));
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/message/dto/MessageDto.java b/src/main/java/opensource/bravest/domain/message/dto/MessageDto.java
new file mode 100644
index 0000000..f44edbb
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/message/dto/MessageDto.java
@@ -0,0 +1,40 @@
+package opensource.bravest.domain.message.dto;
+
+import java.time.LocalDateTime;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.message.entity.ChatMessage;
+
+public class MessageDto {
+
+    @Getter
+    public static class SendMessageRequest {
+        private String content;
+    }
+
+    @Getter
+    @RequiredArgsConstructor
+    public static class MessageResponse {
+        private final String senderName; // 익명 닉네임
+        private final String content;
+        private final LocalDateTime createdAt;
+
+        public static MessageResponse from(ChatMessage chatMessage) {
+            return new MessageResponse(chatMessage.getSender().getAnonymousName(), chatMessage.getContent(),
+                            chatMessage.getCreatedAt());
+        }
+    }
+
+    @Getter
+    @RequiredArgsConstructor
+    public static class MessageRequest {
+        private final Long chatRoomId;
+        private final String content;
+    }
+
+    @Getter
+    @RequiredArgsConstructor
+    public static class ChatReadRequest {
+        private final Long chatRoomId;
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/message/entity/ChatMessage.java b/src/main/java/opensource/bravest/domain/message/entity/ChatMessage.java
new file mode 100644
index 0000000..2544637
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/message/entity/ChatMessage.java
@@ -0,0 +1,34 @@
+package opensource.bravest.domain.message.entity;
+
+import jakarta.persistence.*;
+import java.time.LocalDateTime;
+import lombok.*;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+@Builder
+public class ChatMessage {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    // 어느 방의 메시지인지
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "room_id", nullable = false)
+    private AnonymousRoom room;
+
+    // 누가 보냈는지 (익명 프로필 기준)
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "anonymous_profile_id", nullable = false)
+    private AnonymousProfile sender;
+
+    @Column(nullable = false, length = 1000)
+    private String content;
+
+    private LocalDateTime createdAt;
+}
diff --git a/src/main/java/opensource/bravest/domain/message/repository/ChatMessageRepository.java b/src/main/java/opensource/bravest/domain/message/repository/ChatMessageRepository.java
new file mode 100644
index 0000000..4621641
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/message/repository/ChatMessageRepository.java
@@ -0,0 +1,12 @@
+package opensource.bravest.domain.message.repository;
+
+import java.util.List;
+import opensource.bravest.domain.message.entity.ChatMessage;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface ChatMessageRepository extends JpaRepository<ChatMessage, Long> {
+
+    // 방 기준으로 최근 메시지 목록
+    List<ChatMessage> findByRoomOrderByCreatedAtAsc(AnonymousRoom room);
+}
diff --git a/src/main/java/opensource/bravest/domain/message/service/ChatMessageService.java b/src/main/java/opensource/bravest/domain/message/service/ChatMessageService.java
new file mode 100644
index 0000000..a5a64de
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/message/service/ChatMessageService.java
@@ -0,0 +1,55 @@
+package opensource.bravest.domain.message.service;
+
+import static opensource.bravest.domain.message.dto.MessageDto.MessageRequest;
+import static opensource.bravest.domain.message.dto.MessageDto.MessageResponse;
+import static opensource.bravest.global.apiPayload.code.status.ErrorStatus._CHATROOM_NOT_FOUND;
+import static opensource.bravest.global.apiPayload.code.status.ErrorStatus._USER_NOT_FOUND;
+
+import jakarta.transaction.Transactional;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.message.entity.ChatMessage;
+import opensource.bravest.domain.message.repository.ChatMessageRepository;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.profile.repository.AnonymousProfileRepository;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import opensource.bravest.domain.room.repository.AnonymousRoomRepository;
+import opensource.bravest.global.exception.CustomException;
+import org.springframework.stereotype.Service;
+
+@Service
+@Transactional
+@RequiredArgsConstructor
+public class ChatMessageService {
+
+    private final AnonymousProfileRepository memberRepository;
+    private final AnonymousRoomRepository chatRoomRepository;
+    private final ChatMessageRepository chatMessageRepository;
+
+    // 메시지 전송
+    public MessageResponse send(MessageRequest request, Long id) {
+        AnonymousProfile sender = memberRepository.findById(id).orElseThrow(() -> new CustomException(_USER_NOT_FOUND));
+
+        AnonymousRoom chatRoom = chatRoomRepository.findById(request.getChatRoomId())
+                        .orElseThrow(() -> new CustomException(_CHATROOM_NOT_FOUND));
+
+        ChatMessage chatMessage = ChatMessage.builder().room(chatRoom).sender(sender).content(request.getContent())
+                        .build();
+
+        chatMessageRepository.save(chatMessage);
+
+        return MessageResponse.from(chatMessage);
+    }
+
+    @Transactional
+    public void readMessages(Long chatRoomId, Long memberId) {
+        AnonymousRoom chatRoom = chatRoomRepository.findById(chatRoomId)
+                        .orElseThrow(() -> new CustomException(_CHATROOM_NOT_FOUND));
+
+        // if (!Objects.equals(chatRoom.getMember1().getId(), memberId) &&
+        // !Objects.equals(chatRoom.getMember2().getId(),
+        // memberId)) {
+        // throw new BaseException(ChatExceptionType.CHAT_ROOM_ACCESS_DENIED);
+        // }
+        // messageReceiptRepository.bulkUpdateStatusToRead(chatRoomId, memberId);
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/profile/controller/AnonymousProfileController.java b/src/main/java/opensource/bravest/domain/profile/controller/AnonymousProfileController.java
new file mode 100644
index 0000000..02dcb41
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/profile/controller/AnonymousProfileController.java
@@ -0,0 +1,35 @@
+package opensource.bravest.domain.profile.controller;
+
+import io.swagger.v3.oas.annotations.Operation;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.profile.dto.AnonymousProfileResponse;
+import opensource.bravest.domain.profile.dto.CreateAnonymousProfileRequest;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.profile.service.AnonymousProfileService;
+import opensource.bravest.global.apiPayload.ApiResponse;
+import opensource.bravest.global.apiPayload.code.status.SuccessStatus;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/anonymous-profiles")
+public class AnonymousProfileController {
+
+    private final AnonymousProfileService anonymousProfileService;
+
+    @Operation(summary = "익명 프로필 생성", description = "특정 채팅방에 대한 새로운 익명 프로필을 생성합니다.")
+    @PostMapping("/rooms/{roomId}")
+    public ApiResponse<AnonymousProfileResponse> createAnonymousProfile(@PathVariable Long roomId,
+                    @RequestBody CreateAnonymousProfileRequest request) {
+        AnonymousProfile profile = anonymousProfileService.createAnonymousProfile(roomId, request);
+        AnonymousProfileResponse response = AnonymousProfileResponse.from(profile);
+        return ApiResponse.of(SuccessStatus._CREATED, SuccessStatus._CREATED.getMessage(), response);
+    }
+
+    @DeleteMapping("/{profileId}")
+    @Operation(summary = "익명 프로필 삭제", description = "ID로 특정 익명 프로필을 삭제합니다.")
+    public ApiResponse<?> deleteAnonymousProfile(@PathVariable Long profileId) {
+        anonymousProfileService.deleteAnonymousProfile(profileId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), null);
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/profile/dto/AnonymousProfileResponse.java b/src/main/java/opensource/bravest/domain/profile/dto/AnonymousProfileResponse.java
new file mode 100644
index 0000000..de5ba8c
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/profile/dto/AnonymousProfileResponse.java
@@ -0,0 +1,20 @@
+package opensource.bravest.domain.profile.dto;
+
+import lombok.Builder;
+import lombok.Getter;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+
+@Getter
+@Builder
+public class AnonymousProfileResponse {
+    private Long id;
+    private Long roomId;
+    private String nickname;
+
+    // 필요한 필드만
+
+    public static AnonymousProfileResponse from(AnonymousProfile profile) {
+        return AnonymousProfileResponse.builder().id(profile.getId()).roomId(profile.getRoom().getId())
+                        .nickname(profile.getAnonymousName()).build();
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/profile/dto/CreateAnonymousProfileRequest.java b/src/main/java/opensource/bravest/domain/profile/dto/CreateAnonymousProfileRequest.java
new file mode 100644
index 0000000..4b06c9e
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/profile/dto/CreateAnonymousProfileRequest.java
@@ -0,0 +1,11 @@
+package opensource.bravest.domain.profile.dto;
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor
+public class CreateAnonymousProfileRequest {
+    private Long realUserId;
+    private String anonymousName;
+}
diff --git a/src/main/java/opensource/bravest/domain/profile/entity/AnonymousProfile.java b/src/main/java/opensource/bravest/domain/profile/entity/AnonymousProfile.java
new file mode 100644
index 0000000..1c95fdd
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/profile/entity/AnonymousProfile.java
@@ -0,0 +1,30 @@
+package opensource.bravest.domain.profile.entity;
+
+import jakarta.persistence.*;
+import lombok.*;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+@Builder
+public class AnonymousProfile {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    // 어떤 방에 속한 익명 프로필인지
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "room_id", nullable = false)
+    private AnonymousRoom room;
+
+    // 실제 유저 PK (User 테이블 없다면 JWT의 userId 기준으로)
+    @Column(nullable = false)
+    private Long realUserId;
+
+    // 방 안에서 보여줄 익명 닉네임 (예: BlueTiger12)
+    @Column(nullable = false, length = 50)
+    private String anonymousName;
+}
diff --git a/src/main/java/opensource/bravest/domain/profile/repository/AnonymousProfileRepository.java b/src/main/java/opensource/bravest/domain/profile/repository/AnonymousProfileRepository.java
new file mode 100644
index 0000000..103c514
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/profile/repository/AnonymousProfileRepository.java
@@ -0,0 +1,12 @@
+package opensource.bravest.domain.profile.repository;
+
+import java.util.Optional;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface AnonymousProfileRepository extends JpaRepository<AnonymousProfile, Long> {
+
+    // 같은 방 + 같은 실제 유저라면 익명 프로필 하나만 사용
+    Optional<AnonymousProfile> findByRoomAndRealUserId(AnonymousRoom room, Long realUserId);
+}
diff --git a/src/main/java/opensource/bravest/domain/profile/service/AnonymousProfileService.java b/src/main/java/opensource/bravest/domain/profile/service/AnonymousProfileService.java
new file mode 100644
index 0000000..6547577
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/profile/service/AnonymousProfileService.java
@@ -0,0 +1,46 @@
+package opensource.bravest.domain.profile.service;
+
+import java.util.Optional;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.profile.dto.CreateAnonymousProfileRequest;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.profile.repository.AnonymousProfileRepository;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import opensource.bravest.domain.room.repository.AnonymousRoomRepository;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+@RequiredArgsConstructor
+@Transactional(readOnly = true)
+public class AnonymousProfileService {
+
+    private final AnonymousProfileRepository anonymousProfileRepository;
+    private final AnonymousRoomRepository anonymousRoomRepository;
+
+    @Transactional
+    public AnonymousProfile createAnonymousProfile(Long roomId, CreateAnonymousProfileRequest request) {
+        AnonymousRoom room = anonymousRoomRepository.findById(roomId)
+                        .orElseThrow(() -> new RuntimeException("방을 찾을 수 없음.뿡"));
+
+        // 중복 프로필 체크
+        Optional<AnonymousProfile> existingProfile = anonymousProfileRepository.findByRoomAndRealUserId(room,
+                        request.getRealUserId());
+        if (existingProfile.isPresent()) {
+            throw new RuntimeException("이미 방에 존재하는 유저임. 다른걸로 접속하셈.");
+        }
+
+        AnonymousProfile newProfile = AnonymousProfile.builder().room(room).realUserId(request.getRealUserId())
+                        .anonymousName(request.getAnonymousName()).build();
+
+        return anonymousProfileRepository.save(newProfile);
+    }
+
+    @Transactional
+    public void deleteAnonymousProfile(Long profileId) {
+        if (!anonymousProfileRepository.existsById(profileId)) {
+            throw new RuntimeException("없는 사용자임. 너~ 누구야!");
+        }
+        anonymousProfileRepository.deleteById(profileId);
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/room/controller/RoomController.java b/src/main/java/opensource/bravest/domain/room/controller/RoomController.java
new file mode 100644
index 0000000..d0faf85
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/room/controller/RoomController.java
@@ -0,0 +1,69 @@
+package opensource.bravest.domain.room.controller;
+
+import io.swagger.v3.oas.annotations.Operation;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.room.dto.RoomDto;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import opensource.bravest.domain.room.service.RoomService;
+import opensource.bravest.global.apiPayload.ApiResponse;
+import opensource.bravest.global.apiPayload.code.status.SuccessStatus;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/rooms")
+public class RoomController {
+
+    private final RoomService roomService;
+
+    @PostMapping
+    @Operation(summary = "채팅방 생성", description = "새로운 채팅방을 생성합니다.")
+    public ApiResponse<RoomDto.RoomResponse> createRoom(@RequestBody RoomDto.CreateRoomRequest request) {
+        AnonymousRoom room = roomService.createRoom(request);
+        return ApiResponse.of(SuccessStatus._CREATED, SuccessStatus._CREATED.getMessage(),
+                        RoomDto.RoomResponse.builder().id(room.getId()).roomCode(room.getRoomCode())
+                                        .title(room.getTitle()).createdAt(room.getCreatedAt()).build());
+    }
+
+    @GetMapping("/{roomId}")
+    @Operation(summary = "채팅방 조회", description = "ID로 특정 채팅방의 정보를 조회합니다.")
+    public ApiResponse<RoomDto.RoomResponse> getRoom(@PathVariable Long roomId) {
+        AnonymousRoom room = roomService.getRoom(roomId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(),
+                        RoomDto.RoomResponse.builder().id(room.getId()).roomCode(room.getRoomCode())
+                                        .title(room.getTitle()).createdAt(room.getCreatedAt()).build());
+    }
+
+    @PutMapping("/{roomId}")
+    @Operation(summary = "채팅방 정보 수정", description = "ID로 특정 채팅방의 정보를 수정합니다.")
+    public ApiResponse<RoomDto.RoomResponse> updateRoom(@PathVariable Long roomId,
+                    @RequestBody RoomDto.UpdateRoomRequest request) {
+        AnonymousRoom room = roomService.updateRoom(roomId, request);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(),
+                        RoomDto.RoomResponse.builder().id(room.getId()).roomCode(room.getRoomCode())
+                                        .title(room.getTitle()).createdAt(room.getCreatedAt()).build());
+    }
+
+    @DeleteMapping("/{roomId}")
+    @Operation(summary = "채팅방 삭제", description = "ID로 특정 채팅방을 삭제합니다.")
+    public ApiResponse<?> deleteRoom(@PathVariable Long roomId) {
+        roomService.deleteRoom(roomId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), null);
+    }
+
+    @GetMapping("/{roomId}/invite-code")
+    @Operation(summary = "초대 코드 조회", description = "ID로 특정 채팅방의 초대 코드를 조회합니다.")
+    public ApiResponse<String> getInviteCode(@PathVariable Long roomId) {
+        String inviteCode = roomService.getInviteCode(roomId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), inviteCode);
+    }
+
+    @PostMapping("/join")
+    @Operation(summary = "초대 코드로 채팅방 참여", description = "초대 코드를 사용하여 특정 채팅방에 참여합니다.")
+    public ApiResponse<RoomDto.RoomResponse> joinRoom(@RequestBody RoomDto.JoinRoomRequest request) {
+        AnonymousRoom room = roomService.joinRoom(request.getRoomCode());
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(),
+                        RoomDto.RoomResponse.builder().id(room.getId()).roomCode(room.getRoomCode())
+                                        .title(room.getTitle()).createdAt(room.getCreatedAt()).build());
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/room/dto/RoomDto.java b/src/main/java/opensource/bravest/domain/room/dto/RoomDto.java
new file mode 100644
index 0000000..e0e02dc
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/room/dto/RoomDto.java
@@ -0,0 +1,39 @@
+package opensource.bravest.domain.room.dto;
+
+import java.time.LocalDateTime;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+public class RoomDto {
+
+    @Getter
+    @NoArgsConstructor
+    public static class CreateRoomRequest {
+        private String title;
+    }
+
+    @Getter
+    @NoArgsConstructor
+    public static class UpdateRoomRequest {
+        private String title;
+    }
+
+    @Getter
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class RoomResponse {
+        private Long id;
+        private String roomCode;
+        private String title;
+        private LocalDateTime createdAt;
+    }
+
+    @Getter
+    @NoArgsConstructor
+    public static class JoinRoomRequest {
+        private String roomCode;
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/room/entity/AnonymousRoom.java b/src/main/java/opensource/bravest/domain/room/entity/AnonymousRoom.java
new file mode 100644
index 0000000..ce9b74e
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/room/entity/AnonymousRoom.java
@@ -0,0 +1,38 @@
+package opensource.bravest.domain.room.entity;
+
+import jakarta.persistence.*;
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.List;
+import lombok.*;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+@Builder
+public class AnonymousRoom {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    // 친구들에게 공유하는 코드 (예: ABC123)
+    @Column(nullable = false, unique = true, length = 20)
+    private String roomCode;
+
+    // 방 제목 (선택)
+    @Column(nullable = false, length = 100)
+    private String title;
+
+    @OneToMany(mappedBy = "room", cascade = CascadeType.ALL, orphanRemoval = true)
+    @Builder.Default
+    private List<AnonymousProfile> profiles = new ArrayList<>();
+
+    private LocalDateTime createdAt;
+
+    public void updateTitle(String title) {
+        this.title = title;
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/room/repository/AnonymousRoomRepository.java b/src/main/java/opensource/bravest/domain/room/repository/AnonymousRoomRepository.java
new file mode 100644
index 0000000..d58c838
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/room/repository/AnonymousRoomRepository.java
@@ -0,0 +1,12 @@
+package opensource.bravest.domain.room.repository;
+
+import java.util.Optional;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface AnonymousRoomRepository extends JpaRepository<AnonymousRoom, Long> {
+
+    Optional<AnonymousRoom> findByRoomCode(String roomCode);
+
+    boolean existsByRoomCode(String roomCode);
+}
diff --git a/src/main/java/opensource/bravest/domain/room/service/RoomService.java b/src/main/java/opensource/bravest/domain/room/service/RoomService.java
new file mode 100644
index 0000000..5ea299b
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/room/service/RoomService.java
@@ -0,0 +1,63 @@
+package opensource.bravest.domain.room.service;
+
+import java.time.LocalDateTime;
+import java.util.UUID;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.room.dto.RoomDto;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import opensource.bravest.domain.room.repository.AnonymousRoomRepository;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+@RequiredArgsConstructor
+@Transactional(readOnly = true)
+public class RoomService {
+
+    private final AnonymousRoomRepository anonymousRoomRepository;
+
+    @Transactional
+    public AnonymousRoom createRoom(RoomDto.CreateRoomRequest request) {
+        String roomCode = generateUniqueRoomCode();
+        AnonymousRoom room = AnonymousRoom.builder().title(request.getTitle()).roomCode(roomCode)
+                        .createdAt(LocalDateTime.now()).build();
+        return anonymousRoomRepository.save(room);
+    }
+
+    public AnonymousRoom getRoom(Long roomId) {
+        return anonymousRoomRepository.findById(roomId).orElseThrow(() -> new RuntimeException("Room not found"));
+    }
+
+    @Transactional
+    public AnonymousRoom updateRoom(Long roomId, RoomDto.UpdateRoomRequest request) {
+        AnonymousRoom room = getRoom(roomId);
+        room.updateTitle(request.getTitle());
+        return room;
+    }
+
+    @Transactional
+    public void deleteRoom(Long roomId) {
+        if (!anonymousRoomRepository.existsById(roomId)) {
+            throw new RuntimeException("Room not found");
+        }
+        anonymousRoomRepository.deleteById(roomId);
+    }
+
+    public String getInviteCode(Long roomId) {
+        AnonymousRoom room = getRoom(roomId);
+        return room.getRoomCode();
+    }
+
+    public AnonymousRoom joinRoom(String roomCode) {
+        return anonymousRoomRepository.findByRoomCode(roomCode)
+                        .orElseThrow(() -> new RuntimeException("Room not found with code: " + roomCode));
+    }
+
+    private String generateUniqueRoomCode() {
+        String roomCode;
+        do {
+            roomCode = UUID.randomUUID().toString().substring(0, 6).toUpperCase();
+        } while (anonymousRoomRepository.existsByRoomCode(roomCode));
+        return roomCode;
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/vote/controller/VoteController.java b/src/main/java/opensource/bravest/domain/vote/controller/VoteController.java
new file mode 100644
index 0000000..bf40633
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/controller/VoteController.java
@@ -0,0 +1,62 @@
+package opensource.bravest.domain.vote.controller;
+
+import io.swagger.v3.oas.annotations.Operation;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.vote.dto.VoteDto;
+import opensource.bravest.domain.vote.entity.Vote;
+import opensource.bravest.domain.vote.service.VoteService;
+import opensource.bravest.global.apiPayload.ApiResponse;
+import opensource.bravest.global.apiPayload.code.status.SuccessStatus;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/votes")
+public class VoteController {
+
+    private final VoteService voteService;
+
+    @PostMapping
+    @Operation(summary = "투표 생성", description = "새로운 투표를 생성합니다.")
+    public ApiResponse<VoteDto.VoteResponse> createVote(@RequestBody VoteDto.CreateVoteRequest request) {
+        Vote vote = voteService.createVote(request);
+        // The response DTO needs to be built manually
+        VoteDto.VoteResponse responseDto = voteService.getVoteResult(vote.getId());
+        return ApiResponse.of(SuccessStatus._CREATED, SuccessStatus._CREATED.getMessage(), responseDto);
+    }
+
+    @GetMapping("/{voteId}")
+    @Operation(summary = "투표 조회", description = "ID로 특정 투표의 정보를 조회합니다.")
+    public ApiResponse<VoteDto.VoteResponse> getVote(@PathVariable Long voteId) {
+        VoteDto.VoteResponse responseDto = voteService.getVoteResult(voteId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), responseDto);
+    }
+
+    @PostMapping("/{voteId}/cast")
+    @Operation(summary = "투표 참여", description = "특정 투표 항목에 투표합니다.")
+    public ApiResponse<?> castVote(@PathVariable Long voteId, @RequestBody VoteDto.CastVoteRequest request) {
+        voteService.castVote(voteId, request);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), null);
+    }
+
+    @PostMapping("/{voteId}/end")
+    @Operation(summary = "투표 종료", description = "특정 투표를 종료합니다.")
+    public ApiResponse<?> endVote(@PathVariable Long voteId) {
+        voteService.endVote(voteId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), null);
+    }
+
+    @GetMapping("/{voteId}/result")
+    @Operation(summary = "투표 결과 조회", description = "종료된 투표의 결과를 조회합니다.")
+    public ApiResponse<VoteDto.VoteResponse> getVoteResult(@PathVariable Long voteId) {
+        VoteDto.VoteResponse responseDto = voteService.getVoteResult(voteId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), responseDto);
+    }
+
+    @DeleteMapping("/{voteId}")
+    @Operation(summary = "투표 삭제", description = "ID로 특정 투표를 삭제합니다.")
+    public ApiResponse<?> deleteVote(@PathVariable Long voteId) {
+        voteService.deleteVote(voteId);
+        return ApiResponse.of(SuccessStatus._OK, SuccessStatus._OK.getMessage(), null);
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/vote/dto/VoteDto.java b/src/main/java/opensource/bravest/domain/vote/dto/VoteDto.java
new file mode 100644
index 0000000..7c31382
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/dto/VoteDto.java
@@ -0,0 +1,42 @@
+package opensource.bravest.domain.vote.dto;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+public class VoteDto {
+
+    @Getter
+    @NoArgsConstructor
+    public static class CreateVoteRequest {
+        private Long roomId;
+        private List<String> messages;
+    }
+
+    @Getter
+    @NoArgsConstructor
+    public static class CastVoteRequest {
+        private Long voteOptionId;
+        private Long anonymousProfileId;
+    }
+
+    @Getter
+    @Builder
+    public static class VoteResponse {
+        private Long id;
+        private String title;
+        private boolean isActive;
+        private LocalDateTime createdAt;
+        private List<VoteOptionResponse> options;
+    }
+
+    @Getter
+    @Builder
+    public static class VoteOptionResponse {
+        private Long id;
+        private String messageContent;
+        private int voteCount;
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/vote/entity/UserVote.java b/src/main/java/opensource/bravest/domain/vote/entity/UserVote.java
new file mode 100644
index 0000000..21c4b9e
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/entity/UserVote.java
@@ -0,0 +1,29 @@
+package opensource.bravest.domain.vote.entity;
+
+import jakarta.persistence.*;
+import lombok.*;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+@Builder
+public class UserVote {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "vote_id", nullable = false)
+    private Vote vote;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "vote_option_id", nullable = false)
+    private VoteOption voteOption;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "anonymous_profile_id", nullable = false)
+    private AnonymousProfile voter;
+}
diff --git a/src/main/java/opensource/bravest/domain/vote/entity/Vote.java b/src/main/java/opensource/bravest/domain/vote/entity/Vote.java
new file mode 100644
index 0000000..cb115db
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/entity/Vote.java
@@ -0,0 +1,39 @@
+package opensource.bravest.domain.vote.entity;
+
+import jakarta.persistence.*;
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.List;
+import lombok.*;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+@Builder
+public class Vote {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "room_id", nullable = false)
+    private AnonymousRoom room;
+
+    @Column(nullable = false, length = 100)
+    private String title;
+
+    @Builder.Default
+    @OneToMany(mappedBy = "vote", cascade = CascadeType.ALL, orphanRemoval = true)
+    private List<VoteOption> options = new ArrayList<>();
+
+    private boolean isActive;
+
+    private LocalDateTime createdAt;
+
+    public void endVote() {
+        this.isActive = false;
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/vote/entity/VoteOption.java b/src/main/java/opensource/bravest/domain/vote/entity/VoteOption.java
new file mode 100644
index 0000000..50a9ea0
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/entity/VoteOption.java
@@ -0,0 +1,30 @@
+package opensource.bravest.domain.vote.entity;
+
+import jakarta.persistence.*;
+import lombok.*;
+
+@Entity
+@Getter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+@AllArgsConstructor
+@Builder
+public class VoteOption {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "vote_id", nullable = false)
+    private Vote vote;
+
+    @Column(name = "message_content", nullable = false)
+    private String messageContent;
+
+    @Column(nullable = false)
+    private int voteCount;
+
+    public void incrementVoteCount() {
+        this.voteCount++;
+    }
+}
diff --git a/src/main/java/opensource/bravest/domain/vote/repository/UserVoteRepository.java b/src/main/java/opensource/bravest/domain/vote/repository/UserVoteRepository.java
new file mode 100644
index 0000000..9ead3ee
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/repository/UserVoteRepository.java
@@ -0,0 +1,11 @@
+package opensource.bravest.domain.vote.repository;
+
+import java.util.Optional;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.vote.entity.UserVote;
+import opensource.bravest.domain.vote.entity.Vote;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface UserVoteRepository extends JpaRepository<UserVote, Long> {
+    Optional<UserVote> findByVoteAndVoter(Vote vote, AnonymousProfile voter);
+}
diff --git a/src/main/java/opensource/bravest/domain/vote/repository/VoteOptionRepository.java b/src/main/java/opensource/bravest/domain/vote/repository/VoteOptionRepository.java
new file mode 100644
index 0000000..ccc2c49
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/repository/VoteOptionRepository.java
@@ -0,0 +1,6 @@
+package opensource.bravest.domain.vote.repository;
+
+import opensource.bravest.domain.vote.entity.VoteOption;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface VoteOptionRepository extends JpaRepository<VoteOption, Long> {}
diff --git a/src/main/java/opensource/bravest/domain/vote/repository/VoteRepository.java b/src/main/java/opensource/bravest/domain/vote/repository/VoteRepository.java
new file mode 100644
index 0000000..8dcfded
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/repository/VoteRepository.java
@@ -0,0 +1,6 @@
+package opensource.bravest.domain.vote.repository;
+
+import opensource.bravest.domain.vote.entity.Vote;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface VoteRepository extends JpaRepository<Vote, Long> {}
diff --git a/src/main/java/opensource/bravest/domain/vote/service/VoteService.java b/src/main/java/opensource/bravest/domain/vote/service/VoteService.java
new file mode 100644
index 0000000..0a05107
--- /dev/null
+++ b/src/main/java/opensource/bravest/domain/vote/service/VoteService.java
@@ -0,0 +1,101 @@
+package opensource.bravest.domain.vote.service;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.domain.profile.entity.AnonymousProfile;
+import opensource.bravest.domain.profile.repository.AnonymousProfileRepository;
+import opensource.bravest.domain.room.entity.AnonymousRoom;
+import opensource.bravest.domain.room.repository.AnonymousRoomRepository;
+import opensource.bravest.domain.vote.dto.VoteDto;
+import opensource.bravest.domain.vote.entity.UserVote;
+import opensource.bravest.domain.vote.entity.Vote;
+import opensource.bravest.domain.vote.entity.VoteOption;
+import opensource.bravest.domain.vote.repository.UserVoteRepository;
+import opensource.bravest.domain.vote.repository.VoteRepository;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+@RequiredArgsConstructor
+@Transactional(readOnly = true)
+public class VoteService {
+
+    private final VoteRepository voteRepository;
+    private final UserVoteRepository userVoteRepository;
+    private final AnonymousRoomRepository anonymousRoomRepository;
+    private final AnonymousProfileRepository anonymousProfileRepository;
+
+    @Transactional
+    public Vote createVote(VoteDto.CreateVoteRequest request) {
+        AnonymousRoom room = anonymousRoomRepository.findById(request.getRoomId())
+                        .orElseThrow(() -> new RuntimeException("Room not found"));
+
+        Vote vote = Vote.builder().room(room).title(room.getTitle()).isActive(true).createdAt(LocalDateTime.now())
+                        .build();
+
+        List<VoteOption> options = request.getMessages().stream()
+                        .map(message -> VoteOption.builder().vote(vote).messageContent(message).voteCount(0).build())
+                        .collect(Collectors.toList());
+
+        vote.getOptions().addAll(options);
+
+        return voteRepository.save(vote);
+    }
+
+    @Transactional
+    public void castVote(Long voteId, VoteDto.CastVoteRequest request) {
+        Vote vote = voteRepository.findById(voteId).orElseThrow(() -> new RuntimeException("Vote not found"));
+        if (!vote.isActive()) {
+            throw new RuntimeException("Vote is not active");
+        }
+
+        AnonymousProfile voter = anonymousProfileRepository.findById(request.getAnonymousProfileId())
+                        .orElseThrow(() -> new RuntimeException("AnonymousProfile not found"));
+
+        if (userVoteRepository.findByVoteAndVoter(vote, voter).isPresent()) {
+            throw new RuntimeException("User has already voted");
+        }
+
+        VoteOption voteOption = vote.getOptions().stream()
+                        .filter(option -> option.getId().equals(request.getVoteOptionId())).findFirst()
+                        .orElseThrow(() -> new RuntimeException("VoteOption not found"));
+
+        voteOption.incrementVoteCount();
+
+        UserVote userVote = UserVote.builder().vote(vote).voteOption(voteOption).voter(voter).build();
+        userVoteRepository.save(userVote);
+    }
+
+    @Transactional
+    public void endVote(Long voteId) {
+        Vote vote = voteRepository.findById(voteId).orElseThrow(() -> new RuntimeException("Vote not found"));
+        vote.endVote();
+    }
+
+    public VoteDto.VoteResponse getVoteResult(Long voteId) {
+        Vote vote = voteRepository.findById(voteId).orElseThrow(() -> new RuntimeException("Vote not found"));
+
+        return buildVoteResponse(vote);
+    }
+
+    @Transactional
+    public void deleteVote(Long voteId) {
+        if (!voteRepository.existsById(voteId)) {
+            throw new RuntimeException("Vote not found");
+        }
+        voteRepository.deleteById(voteId);
+    }
+
+    private VoteDto.VoteResponse buildVoteResponse(Vote vote) {
+        List<VoteDto.VoteOptionResponse> optionResponses = vote.getOptions().stream()
+                        .map(option -> VoteDto.VoteOptionResponse.builder().id(option.getId())
+                                        .messageContent(option.getMessageContent()).voteCount(option.getVoteCount())
+                                        .build())
+                        .collect(Collectors.toList());
+
+        return VoteDto.VoteResponse.builder().id(vote.getId()).title(vote.getTitle()).isActive(vote.isActive())
+                        .createdAt(vote.getCreatedAt()).options(optionResponses).build();
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/apiPayload/ApiResponse.java b/src/main/java/opensource/bravest/global/apiPayload/ApiResponse.java
new file mode 100644
index 0000000..859bbaa
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/apiPayload/ApiResponse.java
@@ -0,0 +1,43 @@
+package opensource.bravest.global.apiPayload;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import opensource.bravest.global.apiPayload.code.BaseCode;
+import opensource.bravest.global.apiPayload.code.BaseErrorCode;
+import opensource.bravest.global.apiPayload.code.ErrorReasonDto;
+import opensource.bravest.global.apiPayload.code.status.SuccessStatus;
+
+@Getter
+@AllArgsConstructor
+@JsonPropertyOrder({"isSuccess", "code", "message", "data"})
+public class ApiResponse<T> {
+    @JsonProperty("isSuccess")
+    private final boolean isSuccess;
+
+    private final String code;
+    private final String message;
+
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private T data;
+
+    public static <T> ApiResponse<T> onSuccess(T data) {
+        return new ApiResponse<>(true, SuccessStatus._OK.getCode(), SuccessStatus._OK.getMessage(), data);
+    }
+
+    public static <T> ApiResponse<T> of(BaseCode code, String message, T data) {
+        return new ApiResponse<>(true, code.getReasonHttpStatus().getCode(), code.getReasonHttpStatus().getMessage(),
+                        data);
+    }
+
+    public static <T> ApiResponse<T> onFailure(BaseErrorCode errorCode, T data) {
+        ErrorReasonDto reason = errorCode.getReasonHttpStatus();
+        return new ApiResponse<>(reason.getIsSuccess(), reason.getCode(), reason.getMessage(), data);
+    }
+
+    public static <T> ApiResponse<T> onFailure(String code, String message, T data) {
+        return new ApiResponse<>(false, code, message, data);
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/apiPayload/code/BaseCode.java b/src/main/java/opensource/bravest/global/apiPayload/code/BaseCode.java
new file mode 100644
index 0000000..81444ee
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/apiPayload/code/BaseCode.java
@@ -0,0 +1,7 @@
+package opensource.bravest.global.apiPayload.code;
+
+public interface BaseCode {
+    ReasonDto getReason();
+
+    ReasonDto getReasonHttpStatus();
+}
diff --git a/src/main/java/opensource/bravest/global/apiPayload/code/BaseErrorCode.java b/src/main/java/opensource/bravest/global/apiPayload/code/BaseErrorCode.java
new file mode 100644
index 0000000..6607ad0
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/apiPayload/code/BaseErrorCode.java
@@ -0,0 +1,7 @@
+package opensource.bravest.global.apiPayload.code;
+
+public interface BaseErrorCode {
+    ErrorReasonDto getReason();
+
+    ErrorReasonDto getReasonHttpStatus();
+}
diff --git a/src/main/java/opensource/bravest/global/apiPayload/code/ErrorReasonDto.java b/src/main/java/opensource/bravest/global/apiPayload/code/ErrorReasonDto.java
new file mode 100644
index 0000000..2172a3c
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/apiPayload/code/ErrorReasonDto.java
@@ -0,0 +1,14 @@
+package opensource.bravest.global.apiPayload.code;
+
+import lombok.Builder;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@Getter
+@Builder
+public class ErrorReasonDto {
+    private HttpStatus httpStatus;
+    private final Boolean isSuccess;
+    private final String message;
+    private final String code;
+}
diff --git a/src/main/java/opensource/bravest/global/apiPayload/code/ReasonDto.java b/src/main/java/opensource/bravest/global/apiPayload/code/ReasonDto.java
new file mode 100644
index 0000000..e8ba0a0
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/apiPayload/code/ReasonDto.java
@@ -0,0 +1,14 @@
+package opensource.bravest.global.apiPayload.code;
+
+import lombok.Builder;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@Getter
+@Builder
+public class ReasonDto {
+    private HttpStatus httpStatus;
+    private final Boolean isSuccess;
+    private final String code;
+    private final String message;
+}
diff --git a/src/main/java/opensource/bravest/global/apiPayload/code/status/ErrorStatus.java b/src/main/java/opensource/bravest/global/apiPayload/code/status/ErrorStatus.java
new file mode 100644
index 0000000..3b7b59e
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/apiPayload/code/status/ErrorStatus.java
@@ -0,0 +1,41 @@
+package opensource.bravest.global.apiPayload.code.status;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import opensource.bravest.global.apiPayload.code.BaseErrorCode;
+import opensource.bravest.global.apiPayload.code.ErrorReasonDto;
+import org.springframework.http.HttpStatus;
+
+@Getter
+@AllArgsConstructor
+public enum ErrorStatus implements BaseErrorCode {
+    _INTERNAL_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "COMMON500", "서버 에러, 관리자에게 문의 바랍니다."), _BAD_REQUEST(
+                    HttpStatus.BAD_REQUEST, "COMMON400",
+                    "잘못된 요청입니다."), _UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "COMMON401", "인증이 필요합니다."), _FORBIDDEN(
+                                    HttpStatus.FORBIDDEN, "COMMON403",
+                                    "금지된 요청입니다."), _NOT_FOUND(HttpStatus.NOT_FOUND, "COMMON404",
+                                                    "요청한 리소스를 찾을 수 없습니다."), _FAMILY_NOT_FOUND(HttpStatus.NOT_FOUND,
+                                                                    "FAMILY404", "유효하지 않은 초대 코드입니다."), _USER_NOT_FOUND(
+                                                                                    HttpStatus.NOT_FOUND, "USER404",
+                                                                                    "사용자를 찾을 수 없습니다."), _CHATROOM_NOT_FOUND(
+                                                                                                    HttpStatus.NOT_FOUND,
+                                                                                                    "USER404",
+                                                                                                    "채팅방을 찾을 수 없습니다."), _CHATLIST_NOT_FOUND(
+                                                                                                                    HttpStatus.NOT_FOUND,
+                                                                                                                    "USER404",
+                                                                                                                    "리스트를 찾을 수 없습니다."),;
+
+    private final HttpStatus httpStatus;
+    private final String code;
+    private final String message;
+
+    @Override
+    public ErrorReasonDto getReason() {
+        return ErrorReasonDto.builder().isSuccess(false).message(message).code(code).build();
+    }
+
+    @Override
+    public ErrorReasonDto getReasonHttpStatus() {
+        return ErrorReasonDto.builder().httpStatus(httpStatus).isSuccess(false).code(code).message(message).build();
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/apiPayload/code/status/SuccessStatus.java b/src/main/java/opensource/bravest/global/apiPayload/code/status/SuccessStatus.java
new file mode 100644
index 0000000..25d02ed
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/apiPayload/code/status/SuccessStatus.java
@@ -0,0 +1,26 @@
+package opensource.bravest.global.apiPayload.code.status;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import opensource.bravest.global.apiPayload.code.BaseCode;
+import opensource.bravest.global.apiPayload.code.ReasonDto;
+import org.springframework.http.HttpStatus;
+
+@Getter
+@AllArgsConstructor
+public enum SuccessStatus implements BaseCode {
+    _OK(HttpStatus.OK, "COMMON2000", "성공입니다."), _CREATED(HttpStatus.CREATED, "COMMON201", "생성되었습니다."),;
+    private final HttpStatus httpStatus;
+    private final String code;
+    private final String message;
+
+    @Override
+    public ReasonDto getReason() {
+        return ReasonDto.builder().isSuccess(true).message(message).code(code).build();
+    }
+
+    @Override
+    public ReasonDto getReasonHttpStatus() {
+        return ReasonDto.builder().httpStatus(httpStatus).isSuccess(true).code(code).message(message).build();
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/config/OpenApiConfig.java b/src/main/java/opensource/bravest/global/config/OpenApiConfig.java
new file mode 100644
index 0000000..c791d78
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/config/OpenApiConfig.java
@@ -0,0 +1,31 @@
+package opensource.bravest.global.config;
+
+import io.swagger.v3.oas.models.Components;
+import io.swagger.v3.oas.models.ExternalDocumentation;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.info.License;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class OpenApiConfig {
+
+    private static final String SECURITY_SCHEME_NAME = "bearerAuth";
+
+    @Bean
+    public OpenAPI baseOpenAPI() {
+        return new OpenAPI()
+                        // 1) 전역으로 "이 API는 이 인증 방식을 쓴다" 선언
+                        .addSecurityItem(new SecurityRequirement().addList(SECURITY_SCHEME_NAME))
+                        // 2) JWT Bearer 스키마 정의
+                        .components(new Components().addSecuritySchemes(SECURITY_SCHEME_NAME,
+                                        new SecurityScheme().name(SECURITY_SCHEME_NAME).type(SecurityScheme.Type.HTTP)
+                                                        .scheme("bearer").bearerFormat("JWT")))
+                        .info(new Info().title("openSource Bravest API").description("openSource Bravest 백엔드 API 문서")
+                                        .version("v1.0.0").license(new License().name("MIT")))
+                        .externalDocs(new ExternalDocumentation().description("README"));
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/config/SecurityConfig.java b/src/main/java/opensource/bravest/global/config/SecurityConfig.java
new file mode 100644
index 0000000..e087085
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/config/SecurityConfig.java
@@ -0,0 +1,117 @@
+package opensource.bravest.global.config;
+
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.global.apiPayload.code.status.ErrorStatus;
+import opensource.bravest.global.security.jwt.JwtAuthenticationFilter;
+import opensource.bravest.global.security.jwt.JwtTokenProvider;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.*;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+    private final JwtTokenProvider jwtTokenProvider;
+
+    // Swagger
+    private static final String[] SWAGGER = {"/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html"};
+
+    // 로그인/토큰 교환/리다이렉트/헬스체크 등 공개 경로
+    private static final String[] PUBLIC = {"/", "/actuator/health", "/api/auth/**", // 카카오 코드 교환 API 등
+                    "/oauth2/**", "/login/**", "/login/oauth2/**", "/api/test/auth/**", "/rooms/**", "/chatlists/**",
+                    "/anonymous-profiles/**", "/votes/**", "/ws-connect/**", "/chat-test", "/pub/**", "/sub/**"};
+
+    // 정적 리소스
+    private static final String[] STATIC = {"/favicon.ico", "/assets/**", "/css/**", "/js/**", "/images/**"};
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        // Jwt 필터에서 건너뛸(스킵) 경로 패턴 통합
+        List<String> skip = new ArrayList<>();
+        addAll(skip, SWAGGER);
+        addAll(skip, PUBLIC);
+        addAll(skip, STATIC);
+
+        JwtAuthenticationFilter jwtFilter = new JwtAuthenticationFilter(jwtTokenProvider, skip);
+
+        http
+                        // REST API 기본 세팅
+                        .csrf(csrf -> csrf.disable()).cors(Customizer.withDefaults())
+                        .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                        .httpBasic(basic -> basic.disable()).formLogin(form -> form.disable())
+                        .logout(lo -> lo.disable()).requestCache(cache -> cache.disable())
+
+                        // 권한 규칙
+                        .authorizeHttpRequests(auth -> auth.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() // CORS
+                                        // preflight
+                                        // 허용
+                                        .requestMatchers(SWAGGER).permitAll().requestMatchers(PUBLIC).permitAll()
+                                        .requestMatchers(STATIC).permitAll().anyRequest().authenticated())
+
+                        // 인증/인가 실패 공통 응답(JSON) - ApiResponse 형식
+                        .exceptionHandling(ex -> ex.authenticationEntryPoint((req, res, ex1) -> {
+                            ErrorStatus errorStatus = ErrorStatus._UNAUTHORIZED;
+                            res.setStatus(errorStatus.getReasonHttpStatus().getHttpStatus().value());
+                            res.setContentType("application/json;charset=UTF-8");
+                            try (PrintWriter w = res.getWriter()) {
+                                w.write(String.format(
+                                                "{\"isSuccess\":false,\"code\":\"%s\",\"message\":\"%s\",\"data\":null}",
+                                                errorStatus.getCode(), errorStatus.getMessage()));
+                            }
+                        }).accessDeniedHandler((req, res, ex2) -> {
+                            ErrorStatus errorStatus = ErrorStatus._FORBIDDEN;
+                            res.setStatus(errorStatus.getReasonHttpStatus().getHttpStatus().value());
+                            res.setContentType("application/json;charset=UTF-8");
+                            try (PrintWriter w = res.getWriter()) {
+                                w.write(String.format(
+                                                "{\"isSuccess\":false,\"code\":\"%s\",\"message\":\"%s\",\"data\":null}",
+                                                errorStatus.getCode(), errorStatus.getMessage()));
+                            }
+                        }))
+
+                        // JWT 필터 등록(UsernamePasswordAuthenticationFilter 앞)
+                        .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+
+    private static void addAll(List<String> target, String[] arr) {
+        for (String s : arr)
+            target.add(s);
+    }
+
+    // CORS (개발용: 필요 시 도메인 고정/축소)
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration c = new CorsConfiguration();
+        c.setAllowedOrigins(List.of("http://localhost:3000", "http://127.0.0.1:3000", "http://localhost:5173"));
+        c.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        c.setAllowedHeaders(List.of("*"));
+        c.setExposedHeaders(List.of("Authorization", "Location"));
+        c.setAllowCredentials(true);
+        c.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", c);
+        return source;
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/config/ValkeyConfig.java b/src/main/java/opensource/bravest/global/config/ValkeyConfig.java
new file mode 100644
index 0000000..2be6ffa
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/config/ValkeyConfig.java
@@ -0,0 +1,15 @@
+package opensource.bravest.global.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.StringRedisTemplate;
+
+@Configuration
+public class ValkeyConfig {
+
+    @Bean
+    public StringRedisTemplate stringRedisTemplate(RedisConnectionFactory connectionFactory) {
+        return new StringRedisTemplate(connectionFactory);
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/config/WebSocketConfig.java b/src/main/java/opensource/bravest/global/config/WebSocketConfig.java
new file mode 100644
index 0000000..449d017
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/config/WebSocketConfig.java
@@ -0,0 +1,34 @@
+package opensource.bravest.global.config;
+
+import lombok.RequiredArgsConstructor;
+import opensource.bravest.global.handler.StompHandler;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.messaging.simp.config.ChannelRegistration;
+import org.springframework.messaging.simp.config.MessageBrokerRegistry;
+import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
+import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
+
+@Configuration
+@RequiredArgsConstructor
+@EnableWebSocketMessageBroker
+public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
+
+    private final StompHandler stompHandler;
+
+    @Override
+    public void registerStompEndpoints(StompEndpointRegistry registry) {
+        registry.addEndpoint("/ws-connect").setAllowedOriginPatterns("*").withSockJS();
+    }
+
+    @Override
+    public void configureMessageBroker(MessageBrokerRegistry registry) {
+        registry.enableSimpleBroker("/subs");
+        registry.setApplicationDestinationPrefixes("/pubs");
+    }
+
+    @Override
+    public void configureClientInboundChannel(ChannelRegistration registration) {
+        registration.interceptors(stompHandler);
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/exception/CustomException.java b/src/main/java/opensource/bravest/global/exception/CustomException.java
new file mode 100644
index 0000000..1b8ab2e
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/exception/CustomException.java
@@ -0,0 +1,16 @@
+package opensource.bravest.global.exception;
+
+import lombok.Getter;
+import opensource.bravest.global.apiPayload.code.BaseErrorCode;
+
+/** 서비스/도메인 레이어에서 표준화된 에러코드를 던지기 위한 예외 */
+@Getter
+public class CustomException extends RuntimeException {
+
+    private final BaseErrorCode errorCode;
+
+    public CustomException(BaseErrorCode errorCode) {
+        super(errorCode.getReason().getMessage());
+        this.errorCode = errorCode;
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/exception/GlobalExceptionHandler.java b/src/main/java/opensource/bravest/global/exception/GlobalExceptionHandler.java
new file mode 100644
index 0000000..be2b96b
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/exception/GlobalExceptionHandler.java
@@ -0,0 +1,52 @@
+package opensource.bravest.global.exception;
+
+import lombok.extern.slf4j.Slf4j;
+import opensource.bravest.global.apiPayload.ApiResponse;
+import opensource.bravest.global.apiPayload.code.status.ErrorStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+@Slf4j
+@RestControllerAdvice
+public class GlobalExceptionHandler {
+
+    @ExceptionHandler(CustomException.class)
+    public ResponseEntity<ApiResponse<Object>> handleCustomException(CustomException e) {
+        log.warn("CustomException: {}", e.getMessage());
+        return ResponseEntity.status(e.getErrorCode().getReasonHttpStatus().getHttpStatus())
+                        .body(ApiResponse.onFailure(e.getErrorCode(), null));
+    }
+
+    @ExceptionHandler(RuntimeException.class)
+    public ResponseEntity<ApiResponse<Object>> handleRuntimeException(RuntimeException e) {
+        String message = e.getMessage();
+
+        // 메시지에 따라 적절한 에러 코드 결정
+        if (message != null) {
+            if (message.contains("유효하지 않은 초대 코드") || message.contains("가족을 찾을 수 없습니다")) {
+                log.warn("Family not found: {}", message);
+                return ResponseEntity.status(ErrorStatus._FAMILY_NOT_FOUND.getReasonHttpStatus().getHttpStatus())
+                                .body(ApiResponse.onFailure(ErrorStatus._FAMILY_NOT_FOUND, null));
+            }
+
+            if (message.contains("사용자를 찾을 수 없습니다")) {
+                log.warn("User not found: {}", message);
+                return ResponseEntity.status(ErrorStatus._USER_NOT_FOUND.getReasonHttpStatus().getHttpStatus())
+                                .body(ApiResponse.onFailure(ErrorStatus._USER_NOT_FOUND, null));
+            }
+        }
+
+        // 기본값: 500 Internal Server Error
+        log.error("RuntimeException: ", e);
+        return ResponseEntity.status(ErrorStatus._INTERNAL_SERVER_ERROR.getReasonHttpStatus().getHttpStatus())
+                        .body(ApiResponse.onFailure(ErrorStatus._INTERNAL_SERVER_ERROR, null));
+    }
+
+    @ExceptionHandler(Exception.class)
+    public ResponseEntity<ApiResponse<Object>> handleException(Exception e) {
+        log.error("Unexpected exception: ", e);
+        return ResponseEntity.status(ErrorStatus._INTERNAL_SERVER_ERROR.getReasonHttpStatus().getHttpStatus())
+                        .body(ApiResponse.onFailure(ErrorStatus._INTERNAL_SERVER_ERROR, null));
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/handler/StompHandler.java b/src/main/java/opensource/bravest/global/handler/StompHandler.java
new file mode 100644
index 0000000..ff026ed
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/handler/StompHandler.java
@@ -0,0 +1,142 @@
+package opensource.bravest.global.handler;
+
+import java.security.Principal;
+import java.util.List;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import opensource.bravest.domain.profile.repository.AnonymousProfileRepository;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.messaging.Message;
+import org.springframework.messaging.MessageChannel;
+import org.springframework.messaging.simp.stomp.StompCommand;
+import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
+import org.springframework.messaging.support.ChannelInterceptor;
+import org.springframework.messaging.support.MessageHeaderAccessor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class StompHandler implements ChannelInterceptor {
+
+    private final AnonymousProfileRepository anonymousProfileRepository;
+    private final StringRedisTemplate redisTemplate;
+
+    private static final String USER_SUB_KEY_PREFIX = "ws:subs:user:"; // + anonymousId
+    private static final String METRIC_TOTAL_SUB = "ws:metrics:sub:total";
+    private static final String METRIC_DUP_SUB = "ws:metrics:sub:duplicate";
+
+    @Override
+    public Message<?> preSend(Message<?> message, MessageChannel channel) {
+        StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
+
+        if (accessor == null) {
+            return message;
+        }
+
+        StompCommand command = accessor.getCommand();
+
+        // 1) CONNECT: anonymousId를 Principal로 설정
+        if (StompCommand.CONNECT.equals(command)) {
+            String anonymousId = accessor.getFirstNativeHeader("anonymousId");
+            if (anonymousId == null || anonymousId.isBlank()) {
+                log.warn("STOMP CONNECT: anonymousId missing");
+                throw new IllegalArgumentException("anonymousId header is required");
+            }
+
+            anonymousProfileRepository.findById(Long.valueOf(anonymousId)).ifPresentOrElse(member -> {
+                Authentication auth = new UsernamePasswordAuthenticationToken(anonymousId, null,
+                                List.of(new SimpleGrantedAuthority("ROLE_ANONYMOUS")));
+                SecurityContextHolder.getContext().setAuthentication(auth);
+                accessor.setUser(auth);
+                log.info("STOMP CONNECT: anonymousId={} principal set", anonymousId);
+            }, () -> {
+                log.warn("STOMP CONNECT: invalid anonymousId={}", anonymousId);
+                throw new IllegalArgumentException("Invalid anonymousId");
+            });
+        }
+
+        // 2) SUBSCRIBE: Redis를 사용해 anonymousId 기준 중복 구독 방지 + 메트릭 기록
+        if (StompCommand.SUBSCRIBE.equals(command)) {
+            Principal user = accessor.getUser();
+            if (user == null) {
+                Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+                if (auth != null) {
+                    accessor.setUser(auth);
+                    user = auth;
+                }
+            }
+
+            String destination = accessor.getDestination();
+
+            if (user != null && destination != null) {
+                String anonymousId = user.getName();
+                String key = USER_SUB_KEY_PREFIX + anonymousId;
+
+                log.info("[SUBSCRIBE] handling: anonymousId={}, destination={}, key={}", anonymousId, destination, key);
+
+                try {
+                    Long total = redisTemplate.opsForValue().increment(METRIC_TOTAL_SUB);
+                    Long added = redisTemplate.opsForSet().add(key, destination);
+                    redisTemplate.expire(key, java.time.Duration.ofHours(1));
+
+                    log.info("[SUBSCRIBE] redis result: total={}, added={}", total, added);
+
+                    if (added != null && added == 0L) {
+                        Long dup = redisTemplate.opsForValue().increment(METRIC_DUP_SUB);
+                        log.warn("[SUBSCRIBE] duplicate detected: anonymousId={}, dest={}, dupCount={}", anonymousId,
+                                        destination, dup);
+                        return null;
+                    }
+
+                    log.info("[SUBSCRIBE] stored in Redis: key={}, member={}", key, destination);
+
+                } catch (Exception e) {
+                    log.error("Redis error while handling SUBSCRIBE", e);
+                }
+            } else {
+                log.warn("[SUBSCRIBE] skipped: user or destination is null (user={}, dest={})", user, destination);
+            }
+        }
+
+        // 3) SEND: Principal 비어 있으면 SecurityContext에서 복구
+        if (StompCommand.SEND.equals(command)) {
+            Principal user = accessor.getUser();
+            if (user == null) {
+                Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+                if (auth != null) {
+                    accessor.setUser(auth);
+                }
+            }
+        }
+
+        // 4) DISCONNECT: 유저별 구독 키를 정리할지 여부 (옵션)
+        // - 전체 방 전체 유저 수가 크지 않다면 TTL만으로도 충분.
+        if (StompCommand.DISCONNECT.equals(command)) {
+            Principal user = accessor.getUser();
+            if (user == null) {
+                Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+                if (auth != null) {
+                    user = auth;
+                }
+            }
+            if (user != null) {
+                String anonymousId = user.getName();
+                String key = USER_SUB_KEY_PREFIX + anonymousId;
+                try {
+                    // 완전히 정리하고 싶으면 delete
+                    redisTemplate.delete(key);
+                    log.info("DISCONNECT: cleared subscriptions for anonymousId={}", anonymousId);
+                } catch (Exception e) {
+                    log.error("Redis error while handling DISCONNECT", e);
+                }
+            }
+        }
+
+        return message;
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/security/jwt/JwtAuthenticationFilter.java b/src/main/java/opensource/bravest/global/security/jwt/JwtAuthenticationFilter.java
new file mode 100644
index 0000000..89e00b7
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/security/jwt/JwtAuthenticationFilter.java
@@ -0,0 +1,71 @@
+package opensource.bravest.global.security.jwt;
+
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * JWT가 필요한 보호 경로에만 동작하도록 만든 필터. - 화이트리스트(permitAll) 경로와 OPTIONS 프리플라이트는 필터를 건너뜀. - 토큰이 유효하면 SecurityContext 설정, 아니면 체인
+ * 진행 (401은 EntryPoint가 처리)
+ */
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtTokenProvider jwtTokenProvider;
+    private final List<String> skipPatterns; // 필터를 스킵할 경로 패턴들(ant style)
+    private final AntPathMatcher matcher = new AntPathMatcher();
+
+    public JwtAuthenticationFilter(JwtTokenProvider provider, Collection<String> skipPatterns) {
+        this.jwtTokenProvider = provider;
+        this.skipPatterns = skipPatterns == null ? List.of() : List.copyOf(skipPatterns);
+    }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        // 1) CORS preflight는 항상 스킵
+        if ("OPTIONS".equalsIgnoreCase(request.getMethod()))
+            return true;
+
+        // 2) 화이트리스트 패턴은 스킵
+        String path = request.getServletPath();
+        for (String p : skipPatterns) {
+            if (matcher.match(p, path))
+                return true;
+        }
+        return false;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+                    throws ServletException, IOException {
+
+        String header = request.getHeader(HttpHeaders.AUTHORIZATION);
+
+        if (header != null && header.startsWith("Bearer ")) {
+            String token = header.substring(7);
+            try {
+                Claims claims = jwtTokenProvider.parseClaims(token);
+                String subject = claims.getSubject();
+                if (subject != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+                    // 필요 시 roles/authorities를 claims에서 꺼내서 넣어도 됨
+                    var auth = new UsernamePasswordAuthenticationToken(subject, null, Collections.emptyList());
+                    SecurityContextHolder.getContext().setAuthentication(auth);
+                }
+            } catch (Exception ignored) {
+                // 유효하지 않으면 그냥 통과 -> 최종적으로 EntryPoint가 401 응답 처리
+            }
+        }
+
+        chain.doFilter(request, response);
+    }
+}
diff --git a/src/main/java/opensource/bravest/global/security/jwt/JwtTokenProvider.java b/src/main/java/opensource/bravest/global/security/jwt/JwtTokenProvider.java
new file mode 100644
index 0000000..6640e7a
--- /dev/null
+++ b/src/main/java/opensource/bravest/global/security/jwt/JwtTokenProvider.java
@@ -0,0 +1,79 @@
+package opensource.bravest.global.security.jwt;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import jakarta.annotation.PostConstruct;
+import java.nio.charset.StandardCharsets;
+import java.time.Instant;
+import java.util.Date;
+import java.util.Map;
+import javax.crypto.SecretKey;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class JwtTokenProvider {
+
+    @Value("${jwt.secret}")
+    private String secret;
+
+    @Value("${jwt.access-token-validity-seconds}")
+    private long accessValidity;
+
+    @Value("${jwt.refresh-token-validity-seconds}")
+    private long refreshValidity;
+
+    private SecretKey key;
+
+    @PostConstruct
+    void init() {
+        if (secret == null || secret.isBlank()) {
+            throw new IllegalStateException("jwt.secret is not configured. Check your application.yml / env.");
+        }
+
+        byte[] keyBytes;
+        try {
+            // secret이 Base64면 여기서 정상 디코딩
+            keyBytes = Decoders.BASE64.decode(secret);
+        } catch (IllegalArgumentException e) {
+            // Base64 아니면 그냥 문자열 바이트로 사용
+            keyBytes = secret.getBytes(StandardCharsets.UTF_8);
+        }
+
+        this.key = Keys.hmacShaKeyFor(keyBytes);
+    }
+
+    public String createAccessToken(String subject, Map<String, Object> claims) {
+        Instant now = Instant.now();
+        return Jwts.builder().subject(subject).claims(claims).issuedAt(Date.from(now))
+                        .expiration(Date.from(now.plusSeconds(accessValidity))).signWith(key).compact();
+    }
+
+    public String createRefreshToken(String subject) {
+        Instant now = Instant.now();
+        return Jwts.builder().subject(subject).issuedAt(Date.from(now))
+                        .expiration(Date.from(now.plusSeconds(refreshValidity))).signWith(key).compact();
+    }
+
+    public Long getIdFromToken(String token) {
+        Claims claims = Jwts.parser().verifyWith(key) // init()에서 만든 key 재사용
+                        .build().parseSignedClaims(token).getPayload();
+
+        return claims.get("id", Long.class);
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parser().verifyWith(key).build().parseSignedClaims(token);
+            return true;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    public Claims parseClaims(String token) {
+        return Jwts.parser().verifyWith(key).build().parseSignedClaims(token).getPayload();
+    }
+}
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index 087fee5..eeec720 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -14,9 +14,19 @@ spring:
         show_sql: true
         dialect: org.hibernate.dialect.MySQLDialect
 
+  data:
+    redis:
+      host: bravest-keystore
+      port: 6379
+      database: 0
+
 server:
   port: 8080
   servlet:
     encoding:
       charset: UTF-8
       force: true
+jwt:
+  secret: ${JWT_SECRET}
+  access-token-validity-seconds: ${JWT_ACCESS_TOKEN_VALIDITY_SECONDS}
+  refresh-token-validity-seconds: ${JWT_REFRESH_TOKEN_VALIDITY_SECONDS}
\ No newline at end of file
diff --git a/src/test/java/opensource/bravest/BravestApplicationTests.java b/src/test/java/opensource/bravest/BravestApplicationTests.java
index 6494944..ca77007 100644
--- a/src/test/java/opensource/bravest/BravestApplicationTests.java
+++ b/src/test/java/opensource/bravest/BravestApplicationTests.java
@@ -6,8 +6,6 @@
 @SpringBootTest
 class BravestApplicationTests {
 
-	@Test
-	void contextLoads() {
-	}
-
+    @Test
+    void contextLoads() {}
 }