@jaimevalasek/aioson 1.30.0 → 1.30.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/CHANGELOG.md +18 -0
  2. package/docs/design-previews/cognitive-core-ui-auth.html +95 -0
  3. package/docs/design-previews/cognitive-core-ui-kanban.html +231 -0
  4. package/docs/design-previews/cognitive-core-ui-list-detail.html +174 -0
  5. package/docs/design-previews/cognitive-core-ui-preview.css +1315 -0
  6. package/docs/design-previews/cognitive-core-ui-settings.html +142 -0
  7. package/docs/design-previews/cognitive-core-ui-website.html +190 -1009
  8. package/docs/design-previews/cognitive-core-ui.html +281 -463
  9. package/docs/design-previews/index.html +83 -31
  10. package/package.json +1 -1
  11. package/src/constants.js +578 -514
  12. package/template/.aioson/docs/integrations/dashboard-app-form-publish-mapping.md +183 -0
  13. package/template/.aioson/docs/play/README.md +74 -0
  14. package/template/.aioson/docs/play/agent-usage-guide.md +112 -0
  15. package/template/.aioson/docs/play/app-compatibility-guide.md +117 -0
  16. package/template/.aioson/docs/play/auth-services-and-testing.md +235 -0
  17. package/template/.aioson/docs/play/llm-data-and-bindings.md +238 -0
  18. package/template/.aioson/docs/play/manifest-and-runtime.md +267 -0
  19. package/template/.aioson/docs/play/source-map.md +104 -0
  20. package/template/.aioson/skills/design/aurora-command-ui/SKILL.md +266 -243
  21. package/template/.aioson/skills/design/aurora-command-ui/references/art-direction.md +293 -293
  22. package/template/.aioson/skills/design/aurora-command-ui/references/components.md +827 -827
  23. package/template/.aioson/skills/design/aurora-command-ui/references/dashboards.md +250 -250
  24. package/template/.aioson/skills/design/aurora-command-ui/references/design-tokens.md +585 -585
  25. package/template/.aioson/skills/design/aurora-command-ui/references/motion.md +365 -365
  26. package/template/.aioson/skills/design/aurora-command-ui/references/patterns.md +485 -482
  27. package/template/.aioson/skills/design/aurora-command-ui/references/websites.md +386 -387
  28. package/template/.aioson/skills/design/bold-editorial-ui/SKILL.md +228 -205
  29. package/template/.aioson/skills/design/bold-editorial-ui/references/art-direction.md +338 -338
  30. package/template/.aioson/skills/design/bold-editorial-ui/references/components.md +977 -977
  31. package/template/.aioson/skills/design/bold-editorial-ui/references/dashboards.md +218 -218
  32. package/template/.aioson/skills/design/bold-editorial-ui/references/design-tokens.md +326 -326
  33. package/template/.aioson/skills/design/bold-editorial-ui/references/motion.md +461 -461
  34. package/template/.aioson/skills/design/bold-editorial-ui/references/patterns.md +293 -293
  35. package/template/.aioson/skills/design/bold-editorial-ui/references/websites.md +352 -352
  36. package/template/.aioson/skills/design/clean-saas-ui/SKILL.md +233 -210
  37. package/template/.aioson/skills/design/clean-saas-ui/references/art-direction.md +319 -319
  38. package/template/.aioson/skills/design/clean-saas-ui/references/components.md +365 -365
  39. package/template/.aioson/skills/design/clean-saas-ui/references/dashboards.md +196 -196
  40. package/template/.aioson/skills/design/clean-saas-ui/references/design-tokens.md +244 -244
  41. package/template/.aioson/skills/design/clean-saas-ui/references/motion.md +235 -235
  42. package/template/.aioson/skills/design/clean-saas-ui/references/patterns.md +215 -215
  43. package/template/.aioson/skills/design/clean-saas-ui/references/websites.md +295 -295
  44. package/template/.aioson/skills/design/cognitive-core-ui/SKILL.md +239 -203
  45. package/template/.aioson/skills/design/cognitive-core-ui/references/art-direction.md +339 -339
  46. package/template/.aioson/skills/design/cognitive-core-ui/references/components.md +417 -407
  47. package/template/.aioson/skills/design/cognitive-core-ui/references/dashboards.md +289 -272
  48. package/template/.aioson/skills/design/cognitive-core-ui/references/design-tokens.md +525 -524
  49. package/template/.aioson/skills/design/cognitive-core-ui/references/motion.md +279 -279
  50. package/template/.aioson/skills/design/cognitive-core-ui/references/patterns.md +355 -289
  51. package/template/.aioson/skills/design/cognitive-core-ui/references/websites.md +443 -437
  52. package/template/.aioson/skills/design/glassmorphism-ui/SKILL.md +245 -222
  53. package/template/.aioson/skills/design/glassmorphism-ui/references/art-direction.md +159 -159
  54. package/template/.aioson/skills/design/glassmorphism-ui/references/components.md +498 -498
  55. package/template/.aioson/skills/design/glassmorphism-ui/references/dashboards.md +236 -236
  56. package/template/.aioson/skills/design/glassmorphism-ui/references/design-tokens.md +274 -274
  57. package/template/.aioson/skills/design/glassmorphism-ui/references/motion.md +355 -355
  58. package/template/.aioson/skills/design/glassmorphism-ui/references/patterns.md +198 -198
  59. package/template/.aioson/skills/design/glassmorphism-ui/references/websites.md +307 -307
  60. package/template/.aioson/skills/design/interface-design/SKILL.md +68 -47
  61. package/template/.aioson/skills/design/interface-design/references/components-and-states.md +105 -105
  62. package/template/.aioson/skills/design/interface-design/references/design-directions.md +101 -101
  63. package/template/.aioson/skills/design/interface-design/references/handoff-and-quality.md +92 -71
  64. package/template/.aioson/skills/design/interface-design/references/intent-and-domain.md +74 -74
  65. package/template/.aioson/skills/design/interface-design/references/tokens-and-depth.md +173 -173
  66. package/template/.aioson/skills/design/neo-brutalist-ui/SKILL.md +236 -213
  67. package/template/.aioson/skills/design/neo-brutalist-ui/references/art-direction.md +228 -228
  68. package/template/.aioson/skills/design/neo-brutalist-ui/references/components.md +855 -855
  69. package/template/.aioson/skills/design/neo-brutalist-ui/references/dashboards.md +334 -334
  70. package/template/.aioson/skills/design/neo-brutalist-ui/references/design-tokens.md +342 -342
  71. package/template/.aioson/skills/design/neo-brutalist-ui/references/motion.md +286 -286
  72. package/template/.aioson/skills/design/neo-brutalist-ui/references/patterns.md +458 -458
  73. package/template/.aioson/skills/design/neo-brutalist-ui/references/websites.md +723 -723
  74. package/template/.aioson/skills/design/premium-command-center-ui/SKILL.md +83 -62
  75. package/template/.aioson/skills/design/premium-command-center-ui/references/operations.md +74 -74
  76. package/template/.aioson/skills/design/premium-command-center-ui/references/patterns.md +116 -116
  77. package/template/.aioson/skills/design/premium-command-center-ui/references/validation.md +47 -47
  78. package/template/.aioson/skills/design/premium-command-center-ui/references/visual-system.md +215 -215
  79. package/template/.aioson/skills/design/pt.squarespace.com/.skill-meta.json +31 -31
  80. package/template/.aioson/skills/design/pt.squarespace.com/SKILL.md +94 -66
  81. package/template/.aioson/skills/design/pt.squarespace.com/references/components.md +366 -366
  82. package/template/.aioson/skills/design/pt.squarespace.com/references/design-tokens.md +150 -150
  83. package/template/.aioson/skills/design/pt.squarespace.com/references/motion.md +270 -270
  84. package/template/.aioson/skills/design/pt.squarespace.com/references/patterns.md +189 -189
  85. package/template/.aioson/skills/design/pt.squarespace.com/references/websites.md +161 -161
  86. package/template/.aioson/skills/design/warm-craft-ui/SKILL.md +232 -209
  87. package/template/.aioson/skills/design/warm-craft-ui/references/art-direction.md +324 -324
  88. package/template/.aioson/skills/design/warm-craft-ui/references/components.md +508 -508
  89. package/template/.aioson/skills/design/warm-craft-ui/references/dashboards.md +223 -223
  90. package/template/.aioson/skills/design/warm-craft-ui/references/design-tokens.md +374 -374
  91. package/template/.aioson/skills/design/warm-craft-ui/references/motion.md +356 -356
  92. package/template/.aioson/skills/design/warm-craft-ui/references/patterns.md +288 -288
  93. package/template/.aioson/skills/design/warm-craft-ui/references/websites.md +289 -289
@@ -0,0 +1,183 @@
1
+ ---
2
+ description: "Mapping between the aioson.com dashboard app edit form and aioson system:publish --build listing fields."
3
+ scope: "global"
4
+ agents: [dev, architect, product, qa]
5
+ triggers: [system publish, marketplace app, dashboard app form, integrations, app listing]
6
+ ---
7
+
8
+ # Integração — Formulário "Editar app" (dashboard) × `aioson system:publish --build`
9
+
10
+ > Objetivo: mapear **cada campo do formulário de edição de app** no dashboard do
11
+ > aioson.com aos dados que o `aioson system:publish --build` já captura (ou
12
+ > poderia capturar) do app em desenvolvimento, para que a publicação preencha o
13
+ > cadastro da loja de forma mais completa e o dev não tenha que digitar à mão.
14
+
15
+ Doc-irmã: [`apps-publish-marketplace.md`](../../../docs/integrations/apps-publish-marketplace.md)
16
+ (fluxo geral do publish). Aqui o foco é o **mapeamento campo-a-campo** do form.
17
+
18
+ ---
19
+
20
+ ## Onde fica cada peça
21
+
22
+ | Peça | Caminho (repo) |
23
+ |------|----------------|
24
+ | Rota do form | `aioson-com/app/dashboard/ws/apps/[id]/edit/page.tsx` (ex.: `…/apps/cmqe2pnvw0005koa7ak5mbkge/edit`) |
25
+ | Componente do form | `aioson-com/app/admin/services/service-app-form.tsx` (`ServiceAppForm`) |
26
+ | Server action | `aioson-com/app/dashboard/ws/apps/actions.ts` → `updateWorkspaceAppAction` |
27
+ | Modelo de dados do form | `ServiceApp` em `aioson-com/prisma/schema.prisma` |
28
+ | Comando de publish (CLI) | `aioson/src/commands/store-system.js` → `runSystemPublish` |
29
+ | Validação do manifest (CLI) | `store-system.js` → `validateListingFields` |
30
+ | Recepção no servidor | `aioson-com/lib/store.ts` → `storePublishSystem` |
31
+ | Extração de listing → `System` | `lib/store.ts` → `extractListingFields` |
32
+ | Sync `System` → `ServiceApp` | `lib/store.ts` → `ensureServiceAppForSystemRecord` |
33
+
34
+ ---
35
+
36
+ ## Arquitetura: dois modelos, duas superfícies
37
+
38
+ O publish e o formulário **não escrevem no mesmo registro**:
39
+
40
+ - `aioson system:publish` envia o `system.json` inteiro como `manifest` e grava em
41
+ **`System` / `SystemVersion`**. Os campos de listing da loja
42
+ (`summary`, `category`, `tags`, `screenshots`, `purpose`, `iconUrl`,
43
+ `homepageUrl`, `supportEmail`, `supportUrl`, `privacyUrl`, `permissionsNote`)
44
+ são extraídos do manifest por `extractListingFields` e gravados em **`System`**.
45
+ - O **formulário de "Editar app"** edita **`ServiceApp`** — outro modelo, com
46
+ outro conjunto de campos (descrição longa, features, emoji, SEO, vídeo, etc.).
47
+ - Na publicação de app **não-privado**, `ensureServiceAppForSystemRecord` cria/atualiza
48
+ um `ServiceApp` espelhando o `System`, **mas só copia 5–7 campos**
49
+ (`name`, `description`, `price`, `visibility`, `ownerId`, `ownerProjectId`,
50
+ `trialDays`, `requiresLicense`). Todo o resto do form fica **manual**.
51
+
52
+ > Resultado prático: hoje o dev publica via CLI e depois ainda precisa abrir o
53
+ > form e preencher descrição longa, features, ícone, SEO e links na mão. É essa
54
+ > lacuna que o "preenchimento via harness" fecha.
55
+
56
+ ---
57
+
58
+ ## Mapeamento campo-a-campo do formulário
59
+
60
+ Legenda da coluna **Auto hoje?**: ✅ já preenchido na publicação · ⚠️ parcial · ❌ manual.
61
+
62
+ | Campo do form | `name=` | Coluna `ServiceApp` | Limite | Obrig. | Auto hoje? | Origem de captura sugerida (harness / manifest) |
63
+ |---|---|---|---|---|---|---|
64
+ | Nome | `name` | `name` | 120 | sim | ✅ | `manifest.name` (já obrigatório) |
65
+ | Slug | `slug` | `slug` | 140 (`[a-z0-9-]+`) | sim | ✅ | `manifest.slug` (já obrigatório) |
66
+ | Descrição curta | `description` | `description` | 280 | sim | ✅ | `manifest.description` (ou `manifest.summary`) |
67
+ | Descrição longa | `longDescription` | `longDescription` (Text) | — | não | ❌ | corpo do `README.md` (sem o 1º heading) · `manifest.long_description` · bootstrap `what-it-does.md` |
68
+ | Features | `features` | `features` (Text) | — | não | ❌ | `manifest.features[]` (lista) · seção `## Features`/`## Funcionalidades` do README |
69
+ | Preço | `price` | `price` (Decimal) | ≥ 0 | sim | ✅ | `System.priceInCents/100` ← `manifest.priceInCents`/`price` |
70
+ | Ordem | `sortOrder` | `sortOrder` (Int) | — | não (0) | ❌ | manual (sem sinal confiável no app) — manter default 0 |
71
+ | Ícone (emoji) | `icon` | `icon` VarChar(**8**) | 8 | não | ❌ | `manifest.icon_emoji` — **emoji**, NÃO a URL de ícone (essa é `System.iconUrl` ← `manifest.icon`) |
72
+ | Status | `status` | `status` (enum) | active/coming_soon/inactive | não | ⚠️ | derivado da `visibility`; geralmente manual — default `active` |
73
+ | Caminho do dashboard | `dashboardPath` | `dashboardPath` VarChar(255) | 255 | não | ❌ | `manifest.dashboard_path` · detectar rota admin do app (presença de `dashboard/`) |
74
+ | Vídeo demo | `urlVideoDemo` | `urlVideoDemo` VarChar(512) | 512 | não | ❌ | `manifest.url_video_demo` (manual — não dá pra inferir do código) |
75
+ | Storefront | `storefrontUrl` | `storefrontUrl` VarChar(**512**) | form aceita 1024 ⚠️ | não | ❌ | `manifest.storefront_url` (manual) |
76
+ | SEO título | `seoTitle` | `seoTitle` VarChar(70) | 70 | não | ❌ | `manifest.seo_title` · derivar `${name} — ${summary}` truncado em 70 |
77
+ | SEO descrição | `seoDescription` | `seoDescription` VarChar(160) | 160 | não | ❌ | `manifest.seo_description` · `manifest.summary` truncado em 160 |
78
+
79
+ **Lacunas reais (❌) a fechar:** `longDescription`, `features`, `icon` (emoji),
80
+ `dashboardPath`, `urlVideoDemo`, `storefrontUrl`, `seoTitle`, `seoDescription`.
81
+ (`sortOrder` e `status` ficam manuais por design.)
82
+
83
+ **Já capturado, mas em `System` (não neste form):** `summary`, `category`, `tags`,
84
+ `screenshots`, `purpose`, `iconUrl`, `homepageUrl`, `supportEmail`, `supportUrl`,
85
+ `privacyUrl`, `permissionsNote` — via `extractListingFields`. Reaproveitáveis:
86
+ `summary`→`seoDescription`, `iconUrl` já existe (o form usa emoji separado).
87
+
88
+ ⚠️ **Inconsistência a anotar:** o input `storefrontUrl` no form aceita
89
+ `maxLength=1024`, mas a coluna é `VarChar(512)`. Truncar/alinhar ao gravar.
90
+
91
+ ---
92
+
93
+ ## Chaves de `system.json` propostas (fonte única)
94
+
95
+ O publish já envia o `manifest` inteiro, então **basta o harness escrever estas
96
+ chaves no `system.json`** e o servidor mapeá-las no `ServiceApp`. Todas opcionais
97
+ (apps antigos seguem publicando):
98
+
99
+ ```jsonc
100
+ {
101
+ "slug": "meu-app",
102
+ "name": "Meu App",
103
+ "version": "1.0.0",
104
+ // — listing já suportado (vai pra System) —
105
+ "summary": "Resumo até 160 chars",
106
+ "category": "atendimento",
107
+ "tags": ["whatsapp", "crm"],
108
+ "icon": "https://.../icon.png", // URL → System.iconUrl
109
+ "screenshots": ["https://.../1.png"],
110
+ // — novas chaves p/ preencher o form ServiceApp —
111
+ "long_description": "Texto longo (markdown ok).",
112
+ "features": ["Recurso A", "Recurso B"], // → join em ServiceApp.features
113
+ "icon_emoji": "💬", // → ServiceApp.icon (≤8)
114
+ "dashboard_path": "/dashboard/atendimento",
115
+ "url_video_demo": "https://youtube.com/watch?v=...",
116
+ "storefront_url": "https://minha-loja.com",
117
+ "seo_title": "Meu App — atendimento no WhatsApp",
118
+ "seo_description": "Descrição SEO até 160 chars"
119
+ }
120
+ ```
121
+
122
+ ---
123
+
124
+ ## O que faltaria implementar (3 pontos) — NÃO feito ainda
125
+
126
+ Isto é o plano de fechamento da lacuna; **este doc só mapeia, não altera código**.
127
+
128
+ 1. **CLI — `validateListingFields`** (`store-system.js`): aceitar/validar as novas
129
+ chaves opcionais (`long_description`, `features[]`, `icon_emoji` ≤8,
130
+ `dashboard_path`, `url_video_demo`, `storefront_url`, `seo_title` ≤70,
131
+ `seo_description` ≤160). O envio em si já acontece (manifest viaja inteiro).
132
+ 2. **Servidor — `ensureServiceAppForSystemRecord`** (`lib/store.ts`): estender o
133
+ objeto `data` para mapear essas chaves do manifest nas colunas do `ServiceApp`
134
+ (respeitando "não sobrescrever edição manual" se desejado — ex.: só preencher
135
+ quando o campo no `ServiceApp` estiver vazio).
136
+ 3. **Harness — montagem do `system.json` antes do publish**: popular as chaves a
137
+ partir das fontes da tabela (README, rotas, living-memory). Candidato natural:
138
+ um passo de "enriquecer manifest" dentro de `runSystemPublish` (modo `--build`)
139
+ ou um agente/skill que rode antes do publish.
140
+
141
+ ### Estratégia de captura pelo harness (resumo)
142
+
143
+ - `long_description` ← corpo do `README.md` (remover 1º heading) ou bootstrap `what-it-does.md`.
144
+ - `features` ← bullets da seção `## Features`/`## Funcionalidades` do README.
145
+ - `dashboard_path` ← detecção de rota admin (presença de `dashboard/`, `app/admin`, etc.).
146
+ - `seo_title`/`seo_description` ← derivar de `name` + `summary` com truncamento.
147
+ - `icon_emoji`, `url_video_demo`, `storefront_url` ← declarados pelo dev (manual no manifest).
148
+
149
+ ### ⚠️ Pré-condições e pegadinhas (descobertas na investigação)
150
+
151
+ Antes de implementar, dois fatos do código atual que mudam o "quando" e o "onde":
152
+
153
+ 1. **`ServiceApp` só nasce em `status=PUBLISHED` + `FREE/PAID`.**
154
+ `ensureServiceAppForSystemRecord` retorna `null` se `status !== "PUBLISHED"` ou
155
+ `visibility === "PRIVATE"` (e também ignora `DEV/PRO/BUSINESS` — só FREE/PAID).
156
+ Para **publisher novo**, a 1ª publicação é quarentenada (`createStatus = "DRAFT"`),
157
+ então o `ServiceApp` **não é criado na primeira vez** — só quando o app sai da
158
+ quarentena e vira `PUBLISHED`. ⇒ O preenchimento precisa acontecer **no momento
159
+ da criação do `ServiceApp`** (que pode ser uma publicação posterior), não
160
+ necessariamente na 1ª chamada de `system:publish`.
161
+
162
+ 2. **`ownerProjectId` está `null` hardcoded no publish (linha ~1037 de `store.ts`).**
163
+ O CLI manda `workspaceSlug` (lido de `.aioson/workspace.json`), mas
164
+ `storePublishSystem` **não** o usa para vincular o app a um workspace: tanto o
165
+ `System` quanto o `ServiceApp` são criados com `ownerProjectId: null`.
166
+ ⇒ App publicado via CLI **não aparece** no form WS-scoped
167
+ (`/dashboard/ws/apps/[id]/edit` filtra por `app.ownerProjectId === ws.id`).
168
+ Apps que aparecem lá foram criados pelo form "novo app" (`createWorkspaceAppAction`),
169
+ que seta `ownerProjectId = ws.id`. **Não existe "workspace default" no publish hoje.**
170
+
171
+ Para o publish alimentar esse form, falta um **4º ponto de implementação**:
172
+ resolver `workspaceSlug → project.id` no servidor e setar `ownerProjectId`
173
+ (no `System` e no `ServiceApp`) em vez de `null`.
174
+
175
+ ---
176
+
177
+ ## Como verificar (quando implementado)
178
+
179
+ 1. `aioson system:publish ./app --dry-run` deve listar o manifest com as novas chaves.
180
+ 2. Após publish de app **não-privado**, abrir `…/apps/<id>/edit` e conferir que
181
+ `longDescription`, `features`, `icon`, SEO e links vieram preenchidos.
182
+ 3. App **privado** não gera `ServiceApp` (`ensureServiceAppForSystemRecord` só roda
183
+ para `visibility !== PRIVATE`) — não esperar preenchimento nesse caso.
@@ -0,0 +1,74 @@
1
+ ---
2
+ description: "Entry point for AIOSON agents implementing apps compatible with AIOSON Play runtime, integrations, data bindings, LLM connections, auth, services, ports, and local testing."
3
+ scope: "global"
4
+ agents: [dev, deyvin, architect, analyst, qa, tester, product, sheldon]
5
+ task_types: [aioson-play-app, app-compatibility, integration]
6
+ triggers: [AIOSON Play, Play runtime, app compatible with Play, Play integrations, data bindings, ProductBridge]
7
+ ---
8
+
9
+ # AIOSON Play App Compatibility
10
+
11
+ Use this folder when the user says the app will run inside AIOSON Play, will be installed by AIOSON Play, is being built in a Play draft, or must consume Play integrations.
12
+
13
+ These docs are an AIOSON-side operational layer. They do not replace the canonical Play contracts in:
14
+
15
+ ```text
16
+ C:\dev\aioson-play\.aioson\docs\integrations\
17
+ ```
18
+
19
+ If that source repo exists and the task touches a precise Play contract, read the canonical doc listed in `source-map.md`. If it is not available, this folder is the stable fallback for agents.
20
+
21
+ ## Installed Play docs are not a harness contract
22
+
23
+ Do not assume a harness working in a random app project can access docs embedded in a user's installed AIOSON Play. A desktop install may package resources differently, may not expose `.aioson/docs/integrations/` as a normal source path, and the harness may be running in another cwd.
24
+
25
+ For AIOSON agents, the stable contract is:
26
+
27
+ 1. Load this folder when the task is Play-targeted.
28
+ 2. Use `source-map.md` to know which canonical Play document owns each topic.
29
+ 3. Only read `C:\dev\aioson-play\.aioson\docs\integrations\...` when the repo is locally available and exact contract detail matters.
30
+
31
+ ## Loading order
32
+
33
+ For implementation:
34
+
35
+ 1. `agent-usage-guide.md`
36
+ 2. `app-compatibility-guide.md`
37
+ 3. `manifest-and-runtime.md`
38
+ 4. `llm-data-and-bindings.md` if the app touches LLM, app DB, external data, Global Connectors, MCPI, REST connectors, MCP tools, or `app-config.yaml`
39
+ 5. `auth-services-and-testing.md` if the app touches auth, billing/trial, Play Services, dev-link, local installation, or smoke testing
40
+ 6. `source-map.md` when a canonical source must be checked
41
+
42
+ For QA/review:
43
+
44
+ 1. `app-compatibility-guide.md`
45
+ 2. `manifest-and-runtime.md`
46
+ 3. Topic-specific docs for touched surfaces
47
+
48
+ ## Core rule
49
+
50
+ AIOSON can build any kind of app. Apply this Play compatibility layer only when the user explicitly or clearly targets AIOSON Play.
51
+
52
+ ## Covered surfaces
53
+
54
+ - App identity and `manifest.json`
55
+ - Runtime selection, scripts, `pnpm`, Next.js, Vite, Node, split-stack processes
56
+ - Dynamic ports and ProductBridge at `http://localhost:5180`
57
+ - `GET /api/aioson-play` capability declaration
58
+ - LLM connections and fallback chain expectations
59
+ - App operational database via `DATABASE_URL`
60
+ - Data Bindings and Global Connectors via `app-config.yaml`
61
+ - MCPI/API/MCP connector execution through the Play registry
62
+ - Local operator auth via `aioson-auth` and `@aioson/auth-sdk`
63
+ - App-owned RBAC catalog via `manifest.json` `auth.permissions[]`
64
+ - Cloud owner/trial auth via `AIOSON_COM_TOKEN`
65
+ - Play Services via `service.json` and `requires_services`
66
+ - Dev-link and local smoke testing
67
+
68
+ ## Non-goals
69
+
70
+ - Do not copy the whole Play integration directory into app projects.
71
+ - Do not make apps depend on source-repo-only files from `aioson-play`.
72
+ - Do not invent Play env vars, port ranges, manifest fields, or connector APIs.
73
+ - Do not infer app permissions by scanning source code; Play apps declare the catalog in `manifest.json` `auth.permissions[]`.
74
+ - Do not treat `llm-chain.json` or `aioson-models.json` in the app cwd as the primary credential contract for installed apps.
@@ -0,0 +1,112 @@
1
+ ---
2
+ description: "How AIOSON agents should decide when and how to apply AIOSON Play app compatibility docs during product, architecture, implementation, QA, and review work."
3
+ scope: "global"
4
+ agents: [dev, deyvin, architect, analyst, qa, tester, product, sheldon]
5
+ task_types: [aioson-play-app, app-compatibility, integration]
6
+ triggers: [AIOSON Play, Play app, Play-compatible app, Play integrations, ProductBridge, data_bindings]
7
+ ---
8
+
9
+ # Agent Usage Guide
10
+
11
+ ## Trigger phrases
12
+
13
+ Load this folder when the user mentions:
14
+
15
+ - "AIOSON Play"
16
+ - "play"
17
+ - "draft"
18
+ - "app compativel com o Play"
19
+ - "runtime do Play"
20
+ - "instalar no Play"
21
+ - "marketplace do Play"
22
+ - "Global Connector"
23
+ - "Data Binding"
24
+ - "MCPI"
25
+ - "ProductBridge"
26
+ - `manifest.json` for Play apps
27
+ - `app-config.yaml`
28
+ - `requires_services`
29
+ - `auth.permissions`
30
+ - `/api/aioson-play`
31
+
32
+ Do not load it for generic web apps unless the user connects the app to Play.
33
+
34
+ ## First decision
35
+
36
+ Before coding, classify the work:
37
+
38
+ | User intent | Agent behavior |
39
+ |---|---|
40
+ | New app for Play | Use all docs in this folder. Start from `app-compatibility-guide.md`. |
41
+ | Existing app should become Play-compatible | Audit `manifest.json`, scripts, port usage, `app-config.yaml`, auth and test path. |
42
+ | App only needs Play data connectors | Load `llm-data-and-bindings.md`; do not redesign auth/runtime. |
43
+ | App only needs Play auth | Load `auth-services-and-testing.md`; do not add data bindings unless needed. |
44
+ | App only runs as standalone | Do not apply Play constraints unless user asks. |
45
+ | Play runtime itself is being changed | Read canonical docs in `C:\dev\aioson-play\.aioson\docs\integrations\` if available. |
46
+
47
+ ## Four questions before implementation
48
+
49
+ For a Play-targeted app, answer these before creating files:
50
+
51
+ 1. Does the app have a visual UI?
52
+ - Yes: it needs a webview-facing process, usually Vite/Next or split-stack.
53
+ - No: it may be a CLI/sidecar-style app.
54
+
55
+ 2. Does the app expose an HTTP API?
56
+ - Yes: `manifest.json` needs `has_api: true`, the app must read `PORT`, and it should expose `GET /api/aioson-play`.
57
+ - No: skip `/api/aioson-play` unless another Play feature requires endpoint discovery.
58
+
59
+ 3. Does the app need external domain data?
60
+ - Yes: declare `data_bindings` in `app-config.yaml` and consume Global Connectors through ProductBridge.
61
+ - No: do not create connector UI or fake bindings.
62
+
63
+ 4. Does the app need users/operators?
64
+ - Owner/trial/billing: use `AIOSON_COM_TOKEN` and backend proxy routes.
65
+ - Local operators/RBAC: use `aioson-auth` as Play Service, declare `manifest.json` `auth.permissions[]`, and use `@aioson/auth-sdk`.
66
+ - No auth: do not add login just because it is a Play app.
67
+
68
+ ## Source priority
69
+
70
+ Use this priority order:
71
+
72
+ 1. Project rule `.aioson/rules/aioson-play-conventions.md` for AIOSON-authored Play drafts.
73
+ 2. These `.aioson/docs/play/` docs for AIOSON agents implementing apps.
74
+ 3. Canonical Play docs in `C:\dev\aioson-play\.aioson\docs\integrations\` for exact or current runtime contracts.
75
+ 4. Existing app code patterns, only when they do not violate the above.
76
+
77
+ ## What agents must not infer
78
+
79
+ - Do not infer fixed app ports.
80
+ - Do not invent env vars.
81
+ - Do not expose Database Connection creation inside the app UI.
82
+ - Do not put provider API keys in `llm-chain.json`, `tools.json`, manifest, app docs, or frontend code.
83
+ - Do not make browser code call `https://aioson.com` directly with a token.
84
+ - Do not treat `aioson-auth` and `aioson.com` auth as the same system.
85
+ - Do not create app permissions only in the Auth dashboard. For Play apps, the app declares the permission catalog in `manifest.json` `auth.permissions[]`; the dashboard assigns those permissions to roles.
86
+ - Do not ask Auth or Play to scan source code for policies/permissions.
87
+ - Do not add `@tauri-apps/api` to Play Services. Services are standalone background processes.
88
+ - Do not assume SSO operator token injection is implemented unless the canonical Play docs and code confirm it.
89
+
90
+ ## Expected agent output
91
+
92
+ For implementation, produce or verify:
93
+
94
+ - `manifest.json`
95
+ - `package.json` scripts that work under Play spawn
96
+ - `app-config.yaml` when the app has database config or data bindings
97
+ - `/api/aioson-play` when `has_api: true`
98
+ - Lazy LLM client initialization when the app uses LLM providers
99
+ - Degraded state when required bindings are absent
100
+ - `manifest.json` `auth.permissions[]` when the app uses `aioson-auth`
101
+ - Frontend/backend permission gates implemented with `@aioson/auth-sdk`
102
+ - Local smoke steps through dev-link or standalone `PORT=...` run
103
+
104
+ For QA, verify:
105
+
106
+ - No hardcoded Play-managed port
107
+ - No invented `VITE_AIOSON_*` env var
108
+ - No secret in frontend or package artifact
109
+ - Data bindings use alias names that match `app-config.yaml`
110
+ - Auth path uses the right system: `aioson-auth` for operators, `aioson.com` for owner/trial
111
+ - Apps using `aioson-auth` declare permissions in `manifest.json`, and those declared permissions match implemented route/API gates.
112
+ - `manifest.compatibility` exists for publishable apps
@@ -0,0 +1,117 @@
1
+ ---
2
+ description: "Operational checklist and implementation path for making an app compatible with AIOSON Play."
3
+ scope: "global"
4
+ agents: [dev, deyvin, architect, analyst, qa, tester, product, sheldon]
5
+ task_types: [aioson-play-app, app-compatibility, implementation]
6
+ triggers: [AIOSON Play, compatible app, app manifest, /api/aioson-play, Play draft, Play install]
7
+ ---
8
+
9
+ # App Compatibility Guide
10
+
11
+ ## Mental model
12
+
13
+ An AIOSON Play app is a child process managed by Play. It can be a frontend, backend, split-stack app, CLI/sidecar app, or app with Play Services. Play owns process launch, ports, registry, installed app lifecycle, and shared integration surfaces.
14
+
15
+ The app owns its domain behavior, UI, operational database, migrations, API routes, and degraded mode.
16
+
17
+ ## Minimum app contract
18
+
19
+ Every Play-compatible app should have:
20
+
21
+ ```text
22
+ app/
23
+ manifest.json
24
+ package.json
25
+ app-config.yaml # when it has database config or data bindings
26
+ ```
27
+
28
+ If `has_api: true`, also expose:
29
+
30
+ ```text
31
+ GET /api/aioson-play
32
+ GET /api/health # strongly recommended for debug/loading states
33
+ ```
34
+
35
+ If the app has a UI, the Play webview must be able to load the UI from the process selected by the manifest.
36
+
37
+ ## Required behavior
38
+
39
+ - Read `process.env.PORT` for the main Play-managed process.
40
+ - In split-stack, read the configured env names such as `PORT` and `BACKEND_PORT`.
41
+ - Keep browser-facing calls same-origin where possible. For split Vite apps, proxy `/api` and websocket routes through the frontend dev server instead of calling the backend port directly from browser code.
42
+ - Use `http://localhost:5180` or `VITE_AIOSON_PLAY_URL` for ProductBridge calls.
43
+ - Use `GET /api/registry` when discovering other apps or services dynamically.
44
+ - Use `requires_services` for Play Service dependencies.
45
+ - If the app uses `aioson-auth`, declare the permission catalog in `manifest.json` `auth.permissions[]` and implement matching gates in the app with `@aioson/auth-sdk`.
46
+ - Keep app-local operational DB separate from Play Global Connectors.
47
+ - Fail clearly or degrade gracefully when optional Play integrations are absent.
48
+
49
+ ## Do not do
50
+
51
+ - Do not hardcode app runtime ports.
52
+ - Do not assume `localhost:3000`, `5173`, `3301`, or any other port is stable for this app.
53
+ - Do not use `npm install` in Play drafts. Use `pnpm` per the AIOSON Play draft convention.
54
+ - Do not create a UI inside the app for creating global Database Connections or Data Connectors. Those live in Play Settings.
55
+ - Do not put LLM provider secrets in files shipped with the app.
56
+ - Do not call cloud APIs from browser code with `AIOSON_COM_TOKEN`.
57
+ - Do not rely on Auth/Play scanning source code to discover permissions.
58
+ - Do not create app permissions only in the Auth dashboard for manifest-driven Play apps.
59
+
60
+ ## Implementation sequence
61
+
62
+ 1. Add or audit `manifest.json`.
63
+ 2. Add or audit `package.json` scripts.
64
+ 3. Make every server listen on Play-injected env ports.
65
+ 4. Add `GET /api/aioson-play` if the app exposes API capabilities.
66
+ 5. Add `app-config.yaml` for operational DB defaults and/or `data_bindings`.
67
+ 6. Add Play auth only if the app needs it; include `requires_services: ["aioson-auth"]`, `auth.permissions[]`, and SDK gates.
68
+ 7. Add local smoke tests and dev-link run instructions.
69
+
70
+ ## Ready-for-Play checklist
71
+
72
+ - [ ] `manifest.json` has stable `slug`, `name`, `version`.
73
+ - [ ] Runtime fields match actual stack.
74
+ - [ ] `has_api` matches reality.
75
+ - [ ] `package.json` has a Play-compatible `dev` script.
76
+ - [ ] No app code hardcodes a Play-managed port.
77
+ - [ ] `GET /api/aioson-play` returns existing endpoints only.
78
+ - [ ] `app-config.yaml` declares `data_bindings` if the app needs external domain data.
79
+ - [ ] `app-config.yaml` declares `database.default_url` and `supported_drivers` if the app owns an operational DB.
80
+ - [ ] App handles missing bindings with degraded UI or a clear blocking state.
81
+ - [ ] LLM clients are lazy-initialized and read credentials from app config or injected env vars.
82
+ - [ ] Auth uses the correct path: `aioson-auth` for operators/RBAC, `aioson.com` for owner/trial/billing.
83
+ - [ ] Apps using `aioson-auth` declare `manifest.json` `auth.permissions[]`.
84
+ - [ ] Declared permissions match frontend/backend gates implemented by the app.
85
+ - [ ] Publishable apps declare `manifest.compatibility`.
86
+ - [ ] Dev-link smoke was run inside Play or the app was manually started with a test `PORT`.
87
+
88
+ ## Smoke commands
89
+
90
+ For an API app, run a standalone smoke before dev-link:
91
+
92
+ ```bash
93
+ PORT=3399 pnpm dev
94
+ curl http://localhost:3399/api/aioson-play
95
+ curl http://localhost:3399/api/health
96
+ ```
97
+
98
+ On Windows PowerShell:
99
+
100
+ ```powershell
101
+ $env:PORT = "3399"
102
+ pnpm dev
103
+ ```
104
+
105
+ Then install through Play:
106
+
107
+ ```text
108
+ AIOSON Play -> Instalar App -> Linkar pasta (dev) -> select app folder
109
+ ```
110
+
111
+ Validate:
112
+
113
+ - App appears with DEV badge.
114
+ - Webview renders.
115
+ - API endpoint responds.
116
+ - ProductBridge calls to `http://localhost:5180` work when Play is running.
117
+ - Missing connectors/auth produce clear degraded states.