@atlashub/smartstack-cli 4.74.0 → 4.76.0

package/templates/skills/dev-start/SKILL.md

@@ -3,7 +3,7 @@ name: dev-start
 description: Launch SmartStack dev environment (backend + frontend + admin credentials)
 argument-hint: "[--stop] [--reset] [--backend-only] [--frontend-only]"
 model: haiku
-allowed-tools: Read, Bash, Glob, Write, TaskOutput
+allowed-tools: Read, Bash, Write, TaskOutput
 ---
 
 ## Arguments
@@ -16,345 +16,189 @@ $ARGUMENTS
 - Ports running: !`netstat.exe -ano 2>/dev/null | grep -E "LISTENING" | grep -E ":(5[0-9]{3}|6173|3000) " | head -5 || echo "none"`
 
 <objective>
-Launch the SmartStack development environment in one command: detect configuration, validate config coherence, check SQL connectivity, start backend + frontend, and provide admin credentials.
-Idempotent: safe to run multiple times. Detects already-running processes.
-Uses a config cache to skip re-detection on subsequent runs when config files haven't changed.
+Launch SmartStack dev environment FAST. The injected state above is already loaded — use it directly, never re-read those files. Target: 0 tool calls if everything running, 2-3 to launch, 5 max cold start.
 </objective>
 
 <quick_start>
 ```bash
-/dev-start                  # Launch everything (idempotent)
-/dev-start --stop           # Stop backend + frontend
-/dev-start --reset          # Force admin password reset + re-detect config
-/dev-start --backend-only   # Launch only the backend
-/dev-start --frontend-only  # Launch only the frontend
+/dev-start                  # Launch all (idempotent, reuses cache+session)
+/dev-start --stop           # Stop all services
+/dev-start --reset          # Force re-detect config + reset password
+/dev-start --backend-only   # Launch backend only
+/dev-start --frontend-only  # Launch frontend only
 ```
 </quick_start>
 
 <subcommands>
 
-| Command | Description |
-|---------|-------------|
-| `/dev-start` | Launch all (idempotent) + validate configs |
-| `/dev-start --stop` | Stop backend + frontend via taskkill.exe |
-| `/dev-start --reset` | Force reset admin password + re-detect config |
-| `/dev-start --backend-only` | Launch only backend |
-| `/dev-start --frontend-only` | Launch only frontend |
+| Command | Effect |
+|---------|--------|
+| `/dev-start` | Launch all services (0 tool calls if all running) |
+| `/dev-start --stop` | Kill backend + frontend |
+| `/dev-start --reset` | Re-detect config + reset admin password |
+| `/dev-start --backend-only` | Launch backend only |
+| `/dev-start --frontend-only` | Launch frontend only |
 
 </subcommands>
 
 <workflow>
 
-## Handle --stop
+## Handle --stop (Exit After)
 
-If `--stop` argument detected, execute the stop workflow and exit:
-
-1. Determine ports to stop:
-   - If `.claude/config/dev-run.json` exists → read `api_port` and `web_port` from cache
-   - Otherwise → scan default ports: 5142, 5290 (API) and 6173, 3000 (Web)
-
-2. Find backend PID:
-   ```bash
-   netstat.exe -ano | grep ":${API_PORT} .*LISTENING" | awk '{print $5}' | head -1
-   ```
-3. If found: `taskkill.exe /PID $PID /F`
-4. Find frontend PID:
-   ```bash
-   netstat.exe -ano | grep ":${WEB_PORT} .*LISTENING" | awk '{print $5}' | head -1
-   ```
-5. If found: `taskkill.exe /PID $PID /F`
-6. Display stopped status and exit.
-
-If no processes found, display "Nothing running" and exit.
-
-## Step 0: Load cache
-
-If `--stop` argument → skip this step entirely (--stop uses netstat only).
-
-1. Read cache file:
-   ```bash
-   cat .claude/config/dev-run.json 2>/dev/null
-   ```
-
-2. **If no cache OR `--reset` argument** → CACHE_HIT=false, go to Step 1.
-
-3. **If cache exists**, verify config files haven't changed:
-   ```bash
-   API_DIR=$(grep -o '"api_dir": *"[^"]*"' .claude/config/dev-run.json | cut -d'"' -f4)
-   WEB_DIR=$(grep -o '"web_dir": *"[^"]*"' .claude/config/dev-run.json | cut -d'"' -f4)
-   MODE=$(grep -o '"mode": *"[^"]*"' .claude/config/dev-run.json | cut -d'"' -f4)
-
-   if [ "$MODE" = "Local" ]; then
-     CURRENT_HASH=$(stat -c %Y "$API_DIR/appsettings.Local.json" "$WEB_DIR/.env.standalone" "$API_DIR/Properties/launchSettings.json" 2>/dev/null | md5sum | cut -d' ' -f1)
-   else
-     CURRENT_HASH=$(stat -c %Y "$API_DIR/appsettings.json" "$WEB_DIR/.env.development" "$API_DIR/Properties/launchSettings.json" 2>/dev/null | md5sum | cut -d' ' -f1)
-   fi
-
-   CACHED_HASH=$(grep -o '"config_hash": *"[^"]*"' .claude/config/dev-run.json | cut -d'"' -f4)
-   ```
-
-4. **If CURRENT_HASH = CACHED_HASH** → CACHE_HIT=true :
-   - Load all values from cache (api_dir, web_dir, mode, ports, commands, sql_status)
-   - Display: `[CACHE] Using cached config (from {cached_at})`
-   - **Skip directly to Step 4** (check if already running)
-
-5. **If hash mismatch** → CACHE_HIT=false :
-   - Display: `[CACHE] Config changed, re-detecting...`
-   - Continue to Step 1
-
-## Step 1: Detect project
-
-**Skip if CACHE_HIT=true (values loaded from cache in Step 0).**
-
-Find the API and Web directories using bash (Glob doesn't match directories):
+Extract api_port, web_port from injected cache (default 5142, 6173). Single Bash:
 ```bash
-API_DIR=$(ls -d src/*.Api 2>/dev/null | head -1)
-WEB_DIR=$(ls -d web/*-web 2>/dev/null | head -1)
+AP={api_port from cache, default 5142}
+WP={web_port from cache, default 6173}
+APID=$(netstat.exe -ano | grep ":${AP} .*LISTENING" | awk '{print $5}' | head -1)
+WPID=$(netstat.exe -ano | grep ":${WP} .*LISTENING" | awk '{print $5}' | head -1)
+[ -n "$APID" ] && taskkill.exe /PID $APID /F 2>&1 && echo "Backend stopped (PID $APID)"
+[ -n "$WPID" ] && taskkill.exe /PID $WPID /F 2>&1 && echo "Frontend stopped (PID $WPID)"
+[ -z "$APID" ] && [ -z "$WPID" ] && echo "Nothing running"
 ```
+Display result. Done. Exit.
 
-If neither found, display error and exit.
-
-## Step 2: Detect environment and ports
-
-**Skip if CACHE_HIT=true (values loaded from cache in Step 0).**
+---
 
-Check if `appsettings.Local.json` exists in the API directory:
+## Step 0: Cache Decision
 
-| Condition | Mode | Backend | Frontend | Backend command | Frontend command |
-|-----------|------|---------|----------|-----------------|------------------|
-| `appsettings.Local.json` exists | **Local** | Port from `Kestrel:Endpoints:Http:Url` | Port from `.env.standalone` or `package.json` local script | `dotnet run --launch-profile Local` | `npm run local` |
-| No local config | **Development** | Port 5142 (launchSettings http profile) | Port 6173 (vite default) | `dotnet run --environment Development` | `npm run dev` |
+**CRITICAL: The injected state above IS your data source. NEVER re-read cache or session files.**
 
-**Reading ports:**
-- **Local backend port**: Parse `appsettings.Local.json` -> `Kestrel.Endpoints.Http.Url` -> extract port from URL (e.g., `http://localhost:5290` -> `5290`)
-- **Local frontend port**: Parse `.env.standalone` -> look for port in `VITE_API_URL`, or parse `package.json` -> `scripts.local` for `--port` flag
-- **Dev backend port**: Default `5142`
-- **Dev frontend port**: Default `6173`
+**If injected cache = "no cache" OR --reset flag → CACHE_HIT=false, go to Step 1 (cold start).**
 
-**IMPORTANT: Read config files in parallel.** Use a single message with multiple Read tool calls for:
-- `{API_DIR}/appsettings.json` (or `appsettings.Local.json`)
-- `{WEB_DIR}/.env.development` (or `.env.standalone`)
-- `{API_DIR}/Properties/launchSettings.json`
+**If injected cache has JSON values AND no --reset:**
+- Extract directly from injected cache: api_dir, web_dir, api_port, web_port, backend_cmd, frontend_cmd, connection_string, sql_server, sql_database
+- CACHE_HIT=true
+- **Skip directly to Step 4 (check ports)**
 
-## Step 3: Validate config coherence
+---
 
-**Skip if CACHE_HIT=true (values loaded from cache in Step 0).**
+## Step 1: Detect project (Cold Start Only)
 
-**CRITICAL: Verify that backend and frontend configs are consistent.**
+**Only if CACHE_HIT=false.**
 
-### Rules to check:
+Single message with 3 PARALLEL tool calls:
 
-| Rule | Backend source | Frontend source | Validation |
-|------|---------------|-----------------|------------|
-| Frontend calls correct backend | Port API (Kestrel or launchSettings) | `VITE_API_URL` in `.env.standalone` (Local) or `.env.development` (Dev) | Port in VITE_API_URL must match API port |
-| Backend allows frontend (CORS) | `SmartStack:CorsOrigins[]` in appsettings | Frontend port | CorsOrigins must contain `http://localhost:{WEB_PORT}` |
-| OAuth redirects to correct frontend | `Authentication:FrontendUrl` in appsettings | Frontend port | FrontendUrl must point to `http://localhost:{WEB_PORT}` |
-| Local files exist in pairs | `appsettings.Local.json` | `.env.standalone` | If one exists, the other must too |
+1. **Read** `src/SmartStack.Api/appsettings.json` (limit: 40 lines — connection string, CORS, FrontendUrl)
+2. **Read** `src/SmartStack.Api/Properties/launchSettings.json`
+3. **Bash** — detect mode + frontend env + SQL check:
+```bash
+echo "=== MODE ==="
+[ -f src/SmartStack.Api/appsettings.Local.json ] && echo "Local" || echo "Development"
+echo "=== ENV ==="
+cat web/smartstack-web/.env.development 2>/dev/null || cat web/smartstack-web/.env.standalone 2>/dev/null || echo "NONE"
+echo "=== SQL ==="
+CS=$(sed -n 's/.*"DefaultConnection":\s*"\([^"]*\)".*/\1/p' src/SmartStack.Api/appsettings.json 2>/dev/null)
+SN=$(echo "$CS" | sed -n 's/.*[Ss]erver=\([^;]*\).*/\1/p' | sed 's/(local)/./')
+DB=$(echo "$CS" | sed -n 's/.*[Dd]atabase=\([^;]*\).*/\1/p')
+sqlcmd -S "$SN" -Q "SET NOCOUNT ON;SELECT name FROM sys.databases WHERE name='$DB'" -t 5 -E -C -h -1 -W 2>/dev/null | grep -q "$DB" && echo "ok $SN $DB" || echo "warn $SN $DB"
+```
 
-### In Local mode:
+Determine config from results:
 
-1. Read `appsettings.Local.json` -> extract `Kestrel:Endpoints:Http:Url` (API port)
-2. Read `appsettings.Local.json` -> extract `Authentication:FrontendUrl` (expected frontend URL)
-3. Read `.env.standalone` -> extract `VITE_API_URL` (expected API URL by frontend)
-4. Verify `VITE_API_URL` port matches Kestrel port
-5. Verify `Authentication:FrontendUrl` port matches frontend port
-6. If `appsettings.Local.json` exists but NOT `.env.standalone` -> **create `.env.standalone`** with correct values (ask user first)
-7. If `.env.standalone` exists but NOT `appsettings.Local.json` -> **warn** (config incomplete)
+| | Development (no Local config) | Local (appsettings.Local.json exists) |
+|--|-------------------------------|--------------------------------------|
+| api_port | 5142 (launchSettings "http") | Port from launchSettings "Local" |
+| web_port | 6173 | From .env.standalone or 5305 |
+| backend_cmd | `dotnet run --launch-profile http` | `dotnet run --launch-profile Local` |
+| frontend_cmd | `npm run dev` | `npm run local` |
 
-### In Development mode:
+## Step 2: Validate config coherence (Cold Start Only)
 
-1. Verify `.env.development` contains `VITE_API_URL=http://localhost:5142` (NOT 5290 which is Local profile)
-2. Verify `appsettings.json` -> `SmartStack:CorsOrigins` contains `http://localhost:6173`
-3. Verify `Authentication:FrontendUrl` = `http://localhost:6173`
+**Only if CACHE_HIT=false.**
 
-### If incoherence detected:
+Display one line per check, continue even on warnings:
+- VITE_API_URL port matches api_port → `[OK]` or `[WARN] expected X, got Y`
+- CorsOrigins includes `http://localhost:{web_port}` → `[OK]` or `[WARN]`
+- Authentication:FrontendUrl = `http://localhost:{web_port}` → `[OK]` or `[WARN]`
+- SQL status → `[OK] {server}/{db}` or `[WARN] SQL unreachable`
 
-1. Display a clear WARNING with detected values vs expected values
-2. Propose to auto-correct (write the correct files)
-3. If user refuses, continue with a warning
+## Step 3: Write cache (Cold Start Only)
 
-### Output format for coherence:
+**Only if CACHE_HIT=false.**
 
-```
-Config Coherence Check:
-  [OK] VITE_API_URL matches backend port (5290)
-  [OK] CORS allows frontend (http://localhost:3000)
-  [OK] OAuth redirect matches frontend
-  [OK] Local config files paired
-
-  -- OR --
-
-  [WARN] VITE_API_URL=http://localhost:5290 but backend runs on port 5142
-         Expected: VITE_API_URL=http://localhost:5142
-  [WARN] .env.standalone missing (appsettings.Local.json exists)
-         -> Creating .env.standalone with correct values...
+Use Bash to write (avoids Write tool read-first requirement):
+```bash
+mkdir -p .claude/config && cat > .claude/config/dev-run.json << 'EOF'
+{"version":2,"api_dir":"{api_dir}","web_dir":"{web_dir}","mode":"{mode}","api_port":{api_port},"web_port":{web_port},"backend_cmd":"{backend_cmd}","frontend_cmd":"{frontend_cmd}","connection_string":"{conn_str}","sql_server":"{srv}","sql_database":"{db}","sql_status":"{status}","cached_at":"{ISO now}"}
+EOF
 ```
 
-### Rule 5: SQL Server connectivity
-
-1. Extract connection string from appsettings:
-   - **Local mode**: `appsettings.Local.json` → `ConnectionStrings.DefaultConnection`
-   - **Dev mode**: `appsettings.json` → `ConnectionStrings.DefaultConnection`
-
-2. Parse server and database:
-   ```bash
-   SQL_SERVER=$(echo "$CONN_STR" | grep -oiP '(?:Server|Data Source)=\K[^;]+')
-   SQL_DATABASE=$(echo "$CONN_STR" | grep -oiP '(?:Database|Initial Catalog)=\K[^;]+')
-   USE_WIN_AUTH=$(echo "$CONN_STR" | grep -qi 'Integrated Security=true\|Trusted_Connection=true' && echo "true" || echo "false")
-   ```
-
-3. Test connectivity (5s timeout):
-   ```bash
-   # Normalize (local) → .
-   SQL_SERVER_NORM=$(echo "$SQL_SERVER" | sed 's/(local)/./')
-
-   if [ "$USE_WIN_AUTH" = "true" ]; then
-     sqlcmd -S "$SQL_SERVER_NORM" -d master -Q "SELECT 1" -t 5 -E -C -h -1 -W 2>/dev/null
-   else
-     SQL_USER=$(echo "$CONN_STR" | grep -oiP '(?:User Id|Uid)=\K[^;]+')
-     SQL_PASS=$(echo "$CONN_STR" | grep -oiP '(?:Password|Pwd)=\K[^;]+')
-     sqlcmd -S "$SQL_SERVER_NORM" -d master -Q "SELECT 1" -t 5 -U "$SQL_USER" -P "$SQL_PASS" -C -h -1 -W 2>/dev/null
-   fi
-   ```
-
-4. If reachable, check database exists:
-   ```bash
-   sqlcmd -S "$SQL_SERVER_NORM" -Q "SET NOCOUNT ON; SELECT name FROM sys.databases WHERE name = '$SQL_DATABASE'" -t 5 -E -C -h -1 -W 2>/dev/null
-   ```
-
-5. Output format:
-   | Scenario | Output | Blocking? |
-   |----------|--------|-----------|
-   | Server OK + DB exists | `[OK] SQL Server (server) — Database 'db' exists` | No |
-   | Server OK + DB missing | `[WARN] Database 'db' not found (AutoMigrate will create it)` | No |
-   | Server unreachable | `[FAIL] SQL Server (server) unreachable — Is the service running?` | No |
-   | sqlcmd not installed | `[SKIP] sqlcmd not found — SQL check skipped` | No |
-   | No connection string | `[SKIP] No connection string — SQL check skipped` | No |
-
-## Step 3b: Write cache
-
-**Only execute if CACHE_HIT=false (Steps 1-3 were executed).**
-
-1. Ensure directory exists: `mkdir -p .claude/config`
-
-2. Compute config hash:
-   ```bash
-   if [ "$MODE" = "Local" ]; then
-     CONFIG_HASH=$(stat -c %Y "$API_DIR/appsettings.Local.json" "$WEB_DIR/.env.standalone" "$API_DIR/Properties/launchSettings.json" 2>/dev/null | md5sum | cut -d' ' -f1)
-   else
-     CONFIG_HASH=$(stat -c %Y "$API_DIR/appsettings.json" "$WEB_DIR/.env.development" "$API_DIR/Properties/launchSettings.json" 2>/dev/null | md5sum | cut -d' ' -f1)
-   fi
-   ```
-
-3. Write `.claude/config/dev-run.json` using the Write tool with all detected values:
-   ```json
-   {
-     "version": 2,
-     "api_dir": "{API_DIR}",
-     "web_dir": "{WEB_DIR}",
-     "mode": "{MODE}",
-     "api_port": {API_PORT},
-     "web_port": {WEB_PORT},
-     "backend_cmd": "{BACKEND_CMD}",
-     "frontend_cmd": "{FRONTEND_CMD}",
-     "connection_string": "{CONN_STR}",
-     "sql_server": "{SQL_SERVER}",
-     "sql_database": "{SQL_DATABASE}",
-     "sql_status": "{ok|unreachable|db_missing|skipped}",
-     "config_hash": "{CONFIG_HASH}",
-     "cached_at": "{ISO_TIMESTAMP}"
-   }
-   ```
+**IMPORTANT:** This Bash call can be parallelized with Step 5/6 launches in a single message.
 
 ## Step 4: Check if already running
 
-```bash
-netstat.exe -ano | grep ":${API_PORT} .*LISTENING"
-netstat.exe -ano | grep ":${WEB_PORT} .*LISTENING"
-```
+Check the injected "Ports running" state to see what's already listening:
+- Backend running = api_port appears in Ports
+- Frontend running = web_port appears in Ports
 
 If `--backend-only`: skip frontend checks.
 If `--frontend-only`: skip backend checks.
 
-## Step 5: Launch backend
+**If both running → skip to Step 7.** ZERO tool calls needed.
 
-Track whether the backend was just launched: `BACKEND_JUST_LAUNCHED=true/false`. This is used in Step 7 for cache invalidation.
+## Step 5: Launch backend
 
-If NOT already running and NOT `--frontend-only` (set `BACKEND_JUST_LAUNCHED=true`):
+If NOT already running and NOT `--frontend-only`:
 
 ```bash
-# cd into the API directory first
-cd {API_DIR} && dotnet run {LAUNCH_ARGS}
+cd {api_dir} && {backend_cmd}
 ```
 
-Use `Bash(run_in_background=true)` so it runs in background. **Save the task ID** returned by the background command.
-
-### Fail-fast crash detection
-
-After launching, wait 5 seconds then check if the process crashed:
-```bash
-sleep 5
-```
-Then call `TaskOutput(task_id="{TASK_ID}", block=false)` to read the background output.
+Use `Bash(run_in_background=true)`. Track: `BACKEND_LAUNCHED=true`.
 
-**If the output contains a stack trace, "Unhandled exception", or the process has already exited:**
-1. Display the error output to the user
-2. Display: `[FAIL] Backend crashed on startup. Fix the error above and retry /dev-start`
-3. **STOP immediately. Do NOT attempt to diagnose, fix, rebuild, or retry.**
+**Launch backend AND frontend in the SAME message as parallel Bash(run_in_background) calls.**
 
 ## Step 6: Launch frontend
 
 If NOT already running and NOT `--backend-only`:
 
 ```bash
-# cd into the Web directory first
-cd {WEB_DIR} && npm run {SCRIPT}
+cd {web_dir} && {frontend_cmd}
 ```
 
-Use `Bash(run_in_background=true)` so it runs in background.
+Use `Bash(run_in_background=true)`.
+
+**This MUST be in the same message as Step 5 (parallel launches).**
+**If cold start, also include Step 3 (cache write) in the same message.**
 
 ## Step 7: Handle admin password
 
-**Cache invalidation rule:** If the backend was just launched in Step 5 (i.e., it was NOT already running), the cache is STALE because `MigrateAsync()` + `HasData()` may have re-seeded the admin user with the default password hash, overwriting any previously set password. In this case, ALWAYS run a fresh admin reset regardless of `dev-session.json`.
-
-1. If `.claude/dev-session.json` exists and contains a password AND `--reset` NOT specified AND the backend was already running (NOT launched in Step 5) -> reuse stored credentials
-2. If `--reset` OR no stored password OR backend was just launched in Step 5:
-   a. If backend was just launched, wait for it to be UP first.
-      Run the full wait in a **single bash command** to avoid multiple tool calls:
-      ```bash
-      # Phase 1: Wait for port to be bound (up to 30s)
-      echo "Waiting for backend port ${API_PORT}..."
-      for i in $(seq 1 10); do
-        netstat.exe -ano | grep ":${API_PORT} .*LISTENING" > /dev/null 2>&1 && echo "Port bound." && break
-        sleep 3
-      done
-      # Phase 2: Wait for API to respond (up to 30s) — accept 200 or 302
-      echo "Waiting for API to respond..."
-      for i in $(seq 1 10); do
-        HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${API_PORT}/scalar" 2>/dev/null)
-        [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "302" ] && echo "API ready (HTTP $HTTP_CODE)." && break
-        sleep 3
-      done
-      ```
-      If `/scalar` does not respond after 30s, warn the user and attempt the reset anyway.
-   b. Run admin reset using the connection string extracted from appsettings (Step 3):
-      ```bash
-      smartstack admin reset --connection '{CONN_STR}' --force --json
-      ```
-      **IMPORTANT:** Always pass `--connection` with the full connection string (single-quoted to avoid shell expansion). Without it, the CLI shows an interactive environment picker that blocks execution.
-   c. Parse JSON output to extract email and password
-   d. Write `.claude/dev-session.json`:
-      ```json
-      {
-        "admin_password": "...",
-        "admin_email": "local.admin@smartstack.local",
-        "last_reset": "2026-03-10T14:30:00Z",
-        "api_port": 5142,
-        "web_port": 6173,
-        "environment": "Development"
-      }
-      ```
-   e. Verify `.claude/dev-session.json` is in `.gitignore`. If not, warn the user (contains credentials).
+Choose ONE path based on BACKEND_LAUNCHED and session state:
+
+### Path A: Backend just launched (ALWAYS reset — session or not)
+The backend may have re-seeded the database on startup, invalidating any cached password.
+Single Bash — wait for API then reset:
+```bash
+echo "Waiting for backend..."
+for i in $(seq 1 20); do
+  HTTP=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:{api_port}/scalar 2>/dev/null)
+  [ "$HTTP" = "200" ] || [ "$HTTP" = "302" ] && echo "API ready" && break
+  [ $i -eq 20 ] && echo "API timeout — continuing anyway"
+  sleep 2
+done
+RESULT=$(timeout 20 smartstack admin reset --connection '{connection_string}' --force --json 2>&1 | grep -E '^\{')
+EMAIL=$(echo "$RESULT" | sed -n 's/.*"email":"\([^"]*\)".*/\1/p')
+PASS=$(echo "$RESULT" | sed -n 's/.*"password":"\([^"]*\)".*/\1/p')
+cat > .claude/dev-session.json << SESSEOF
+{"admin_email":"$EMAIL","admin_password":"$PASS","last_reset":"$(date -Iseconds)","api_port":{api_port},"web_port":{web_port},"environment":"{mode}","status":"ready"}
+SESSEOF
+echo "CREDENTIALS: $EMAIL / $PASS"
+```
+
+### Path B: Backend already running + no session (or --reset)
+Single Bash — reset only (no wait needed):
+```bash
+RESULT=$(timeout 20 smartstack admin reset --connection '{connection_string}' --force --json 2>&1 | grep -E '^\{')
+EMAIL=$(echo "$RESULT" | sed -n 's/.*"email":"\([^"]*\)".*/\1/p')
+PASS=$(echo "$RESULT" | sed -n 's/.*"password":"\([^"]*\)".*/\1/p')
+cat > .claude/dev-session.json << SESSEOF
+{"admin_email":"$EMAIL","admin_password":"$PASS","last_reset":"$(date -Iseconds)","api_port":{api_port},"web_port":{web_port},"environment":"{mode}","status":"ready"}
+SESSEOF
+echo "CREDENTIALS: $EMAIL / $PASS"
+```
+
+### Path C: Everything running + session exists (no --reset)
+ZERO tool calls. Use email + password from injected session directly.
 
 ## Step 8: Display connection info
 
@@ -362,18 +206,15 @@ Use `Bash(run_in_background=true)` so it runs in background.
 ================================================================
           SMARTSTACK DEV ENVIRONMENT
 ================================================================
+  Backend:     http://localhost:{api_port}       [{RUNNING|LAUNCHED}]
+  Frontend:    http://localhost:{web_port}       [{RUNNING|LAUNCHED}]
+  Swagger:     http://localhost:{api_port}/scalar
+  SQL Server:  {sql_server}/{sql_database}       [{OK|WARN}]
 
-  Backend:     http://localhost:{API_PORT}       [RUNNING|STARTING]
-  Frontend:    http://localhost:{WEB_PORT}       [RUNNING|STARTING]
-  Swagger:     http://localhost:{API_PORT}/scalar
-  SQL Server:  {SQL_SERVER}/{SQL_DATABASE}       [OK|WARN|FAIL|SKIP]
-
-  Email:       local.admin@smartstack.local
-  Password:    xxxxxxxxxxxxxx
+  Email:       {email}
+  Password:    {password}
 
-  Environment: {Development|Local}
-  Config:      OK | WARNING (details)
-  Cache:       HIT (from {cached_at}) | MISS (re-detected)
+  Mode:        {Development|Local}
 ================================================================
 ```
 
@@ -381,27 +222,22 @@ Use `Bash(run_in_background=true)` so it runs in background.
 
 <important_notes>
 
-1. **NEVER debug or fix code** - This skill ONLY starts processes. If the backend or frontend fails to start, display the error and STOP. Do NOT attempt to: clean/restore/rebuild, upgrade packages, inspect DLLs, clear NuGet cache, read .csproj files, or any other diagnostic/repair action. The user will fix the issue themselves.
-2. **Fail-fast on crash** - After launching backend in background, wait 5s then check TaskOutput. If the process already exited or shows errors, report and STOP immediately.
-3. **Backend must be READY before admin reset** - First poll the port (netstat), then poll the `/scalar` endpoint (HTTP 200/302) to confirm the API is fully initialized. Kestrel binds the port before the app finishes starting, so port-only checks are insufficient.
-4. **Admin reset requires --connection** - Always pass `--connection '{CONN_STR}'` (single-quoted to avoid shell expansion) to avoid the interactive environment picker.
-5. **Read config files in parallel** - When reading appsettings, .env, and launchSettings, use multiple Read calls in a single message.
-6. **Cross-worktree support** - Detect the correct API directory regardless of which worktree we're in.
-7. **No MCP required** - This skill only uses bash commands and the `smartstack` CLI.
-8. **Config coherence is critical** - Mismatched ports between backend/frontend is the #1 cause of "it doesn't work" issues.
-9. **Idempotent** - Running twice should detect already-running processes and reuse stored credentials.
-10. **dev-session.json contains secrets** - Must be in `.gitignore`.
-11. **Cache** - Config detection is cached in `.claude/config/dev-run.json`. Cache is invalidated when config files change (mtime-based hash). Use `--reset` to force re-detection.
-12. **SQL check is non-blocking** - A failed SQL check displays a warning but does not prevent launch. AutoMigrate may create the database on startup.
+1. **Injected state IS source of truth** — Cache, session, and ports are already loaded above. NEVER re-read these files. This is the #1 speed optimization.
+2. **NEVER debug or fix code** — If backend/frontend fails to start, display the error and STOP. No rebuilds, no NuGet restore, no diagnosis.
+3. **Parallel launches** — Backend + frontend MUST be launched in the same message (parallel Bash background calls).
+4. **Timeout = warn** — If API doesn't respond after 40s, warn user and show what you have.
+5. **Admin reset needs --connection** — Single-quoted: `--connection '{conn_str}'`. Without it, CLI blocks on interactive picker.
+6. **dev-session.json has secrets** — Must be in .gitignore.
+7. **SQL check non-blocking** — Warnings don't prevent launch.
+8. **Cold start writes cache** — So next run uses CACHED path (fast).
+9. **Idempotent** — Running twice detects already-running processes via injected Ports.
 
 </important_notes>
 
 <success_criteria>
-- Backend and frontend detected and launched (or already running)
-- Config coherence validated (or warnings displayed)
-- Admin credentials available (reused or freshly reset)
-- Connection info displayed in clear format
-- No errors on repeated invocations (idempotent)
-- Cache written on first run, reused on subsequent runs
-- SQL Server connectivity reported
+- Path C (all running + session): 0 tool calls — instant display
+- Path A (cached, backend launched): 3 tool calls — launch + wait + reset ~25s
+- Path B (running, no session): 1 tool call — reset only ~10s
+- Cold start: 5 tool calls max — ~30s
+- NEVER more than 5 tool calls total
 </success_criteria>

package/templates/skills/efcore/SKILL.md

@@ -94,6 +94,19 @@ Pattern: `{context}_v{version}_{sequence}_{Description}`
 
 </shared>
 
+<success_criteria>
+- Command displays its summary block with no ERROR lines
+- db-status: both contexts report migration counts (no connection failure)
+- db-deploy: 0 pending migrations after execution
+- db-reset: database recreated, all migrations applied for both contexts
+- db-seed: seed method detected and executed, records inserted
+- scan: all worktree branches analyzed with risk levels
+- conflicts: EXIT CODE 0 (no HIGH/CRITICAL)
+- migration: MCP-named migration created, compiles, applies cleanly
+- squash: consolidated migration compiles and applies identically
+- rebase-snapshot: ModelSnapshot aligned with parent branch
+</success_criteria>
+
 <command-db-status>
 
 ## db-status — Fast migration state check