@mindstudio-ai/remy 0.1.8 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/dist/compiled/design.md +34 -38
  2. package/dist/compiled/media-cdn.md +2 -2
  3. package/dist/compiled/msfm.md +58 -2
  4. package/dist/compiled/platform.md +4 -2
  5. package/dist/headless.js +881 -140
  6. package/dist/index.js +1097 -298
  7. package/dist/prompt/.notes.md +138 -0
  8. package/dist/prompt/actions/buildFromInitialSpec.md +7 -0
  9. package/dist/prompt/actions/publish.md +12 -0
  10. package/dist/prompt/actions/sync.md +19 -0
  11. package/dist/prompt/compiled/README.md +100 -0
  12. package/dist/prompt/compiled/auth.md +77 -0
  13. package/dist/prompt/compiled/design.md +250 -0
  14. package/dist/prompt/compiled/dev-and-deploy.md +69 -0
  15. package/dist/prompt/compiled/interfaces.md +238 -0
  16. package/dist/prompt/compiled/manifest.md +107 -0
  17. package/dist/prompt/compiled/media-cdn.md +51 -0
  18. package/dist/prompt/compiled/methods.md +225 -0
  19. package/dist/prompt/compiled/msfm.md +189 -0
  20. package/dist/prompt/compiled/platform.md +103 -0
  21. package/dist/prompt/compiled/scenarios.md +103 -0
  22. package/dist/prompt/compiled/sdk-actions.md +146 -0
  23. package/dist/prompt/compiled/tables.md +211 -0
  24. package/dist/prompt/sources/frontend-design-notes.md +162 -0
  25. package/dist/prompt/sources/media-cdn.md +46 -0
  26. package/dist/prompt/static/authoring.md +57 -0
  27. package/dist/prompt/static/coding.md +29 -0
  28. package/dist/prompt/static/identity.md +1 -0
  29. package/dist/prompt/static/instructions.md +29 -0
  30. package/dist/prompt/static/intake.md +44 -0
  31. package/dist/prompt/static/lsp.md +4 -0
  32. package/dist/static/authoring.md +6 -2
  33. package/dist/static/instructions.md +2 -1
  34. package/dist/static/projectContext.ts +9 -4
  35. package/dist/subagents/browserAutomation/prompt.md +2 -1
  36. package/dist/subagents/designExpert/.notes.md +253 -0
  37. package/dist/subagents/designExpert/data/compile-inspiration.sh +126 -0
  38. package/dist/subagents/designExpert/data/fonts.json +2855 -0
  39. package/dist/subagents/designExpert/data/inspiration.json +540 -0
  40. package/dist/subagents/designExpert/data/inspiration.raw.json +112 -0
  41. package/dist/subagents/designExpert/prompt.md +19 -0
  42. package/dist/subagents/designExpert/prompts/animation.md +19 -0
  43. package/dist/subagents/designExpert/prompts/color.md +35 -0
  44. package/dist/subagents/designExpert/prompts/frontend-design-notes.md +162 -0
  45. package/dist/subagents/designExpert/prompts/icons.md +27 -0
  46. package/dist/subagents/designExpert/prompts/identity.md +71 -0
  47. package/dist/subagents/designExpert/prompts/images.md +50 -0
  48. package/dist/subagents/designExpert/prompts/instructions.md +16 -0
  49. package/dist/subagents/designExpert/prompts/layout.md +34 -0
  50. package/package.json +1 -1
@@ -0,0 +1,138 @@
1
+ # Prompt System — Design Notes & Decisions
2
+
3
+ Notes from the initial build of the prompt system (March 2026).
4
+
5
+ ## Architecture Decisions
6
+
7
+ ### Source → Compile → Include pipeline
8
+
9
+ We have a two-stage pipeline for platform documentation:
10
+
11
+ 1. **Sources** (`docs/developer-guide/` at project root) — raw platform docs, maintained directly in the repo
12
+ 2. **Compiled** (`compiled/`) — distilled fragments optimized for agent consumption
13
+ 3. **Template** (`index.ts`) — assembles everything into the final prompt
14
+
15
+ Compiled fragments are generated in a human-in-the-loop LLM session and committed to git. The compilation step lets us optimize for the agent audience without cluttering the source docs.
16
+
17
+ ### Compilation is manual and sequential
18
+
19
+ The `compiled/README.md` has detailed instructions for the LLM doing compilation. Key rules:
20
+ - Work through one source file at a time, sequentially
21
+ - Present each draft for review before moving on
22
+ - Preserve specifics when condensing — examples, edge cases, and enumerated constraints are the highest-value content. "Ensure data integrity, including checking for duplicate keys and null foreign references" should NOT become "ensure data integrity"
23
+ - Manual sources (design notes, media CDN) are already prompt-ready and may go in nearly as-is
24
+
25
+ ### Prompt section ordering
26
+
27
+ Based on Anthropic's long-context research and analysis of Claude Code / Codex / Cursor prompts:
28
+
29
+ 1. **Identity** (top — primacy effect, anchors persona)
30
+ 2. **Reference docs** (bulk — platform docs, SDK, MSFM, project context)
31
+ 3. **Behavioral instructions** (bottom — recency effect, 30% improvement per Anthropic)
32
+
33
+ The model attends most strongly to the beginning and end (U-shaped curve). Large reference docs go in the middle where they're available for lookup. Actionable instructions go at the end where the model follows them most precisely.
34
+
35
+ ### XML tags for structure
36
+
37
+ All reference doc blocks are wrapped in descriptive XML tags (`<platform_docs>`, `<mindstudio_agent_sdk_docs>`, etc.) per Anthropic's guidance. Claude is specifically tuned to attend to XML structure. Each compiled fragment gets its own inner tag (`<platform>`, `<tables>`, `<methods>`, etc.) for clear delineation.
38
+
39
+ ### Template system
40
+
41
+ The prompt builder uses a simple `{{filename}}` include syntax resolved by a single regex. Dynamic parts (project context, phase flag, LSP conditional) use standard JS template literals. No handlebars library, no condition blocks — just string interpolation + file includes.
42
+
43
+ All static/compiled files are loaded with `requireFile` which throws on missing files. Only project-level context (CLAUDE.md, mindstudio.json, file listing) uses soft loading since those depend on the working directory.
44
+
45
+ ## Research-Informed Decisions
46
+
47
+ ### Prompt engineering for coding agents
48
+
49
+ From extensive research into Claude Code, Codex, Cursor, Aider, and academic papers:
50
+
51
+ - **Negative instructions perform worse than positive ones.** "Don't add comments" activates "adding comments." We rewrote all negatives as positive directives.
52
+ - **Tool-specific guidance belongs in tool descriptions, not the system prompt.** Avoids duplication and keeps the prompt focused on principles.
53
+ - **The "AI Purple Problem"** — LLMs converge on generic aesthetics (Inter font, purple gradients, three-boxes-with-icons layout). The design fragment explicitly calls these out as anti-patterns and pushes for distinctiveness.
54
+ - **Examples in prompts are high-value but expensive.** We keep code examples in the compiled fragments (the agent copies patterns directly) but removed style/formatting examples from the base instructions.
55
+
56
+ ### LSP tool simplification
57
+
58
+ Research showed agents rarely use position-dependent LSP tools (definition, references, hover, symbols) — they require knowing the file and line first, which means the agent already read the file. We slimmed down to just `lspDiagnostics` (with code actions for suggested fixes) and `restartProcess`.
59
+
60
+ ### Design quality prompting
61
+
62
+ From research into v0, Lovable, Bolt, and Anthropic's `<frontend_aesthetics>` cookbook:
63
+
64
+ - LLMs converge on the statistical median of training data — explicitly override generic defaults
65
+ - Specific avoidance lists work: ban generic fonts, purple gradients, predictable layouts
66
+ - Committed color palettes beat timid even distribution
67
+ - Typography is the single fastest way to give an interface identity
68
+ - The design fragment references iOS, Stripe, Notion, Linear as quality benchmarks and Dribbble/Behance/Mobbin as visual standards
69
+
70
+ ## SDK Usage
71
+
72
+ The source docs originally showed `mindstudio.executeStep('generateText', ...)` which was wrong. The correct API is `new MindStudioAgent()` with direct method calls (`agent.generateText(...)`, `agent.sendEmail(...)`, etc.). No constructor args needed inside methods — credentials come from the execution environment. We fixed both the compiled fragment and the upstream source doc in youai-api.
73
+
74
+ The SDK ships `llms.txt` at the package root with full signatures for all 170+ actions. The compiled fragment references this path (`dist/methods/node_modules/@mindstudio-ai/agent/llms.txt`) so the agent knows where to look up specific action details.
75
+
76
+ ## Behavioral Instruction Architecture (March 21, 2026)
77
+
78
+ ### Splitting behavioral instructions by concern
79
+
80
+ The original `instructions.md` was a catch-all for workflow, principles, communication, verification details, log paths, and coding conventions. It was overloaded — too many concerns in one file, which likely diluted the signal on individual rules.
81
+
82
+ We split into three behavioral files in the recency zone (bottom of the prompt):
83
+ - **`intake.md`** — intake mode behavior (already existed)
84
+ - **`authoring.md`** — spec authoring behavior (already existed)
85
+ - **`coding.md`** — code authoring behavior (new)
86
+ - **`instructions.md`** — workflow, general principles, communication style (trimmed)
87
+
88
+ The parallel between `authoring.md` (how to write specs) and `coding.md` (how to write code) is intentional. Two distinct disciplines, two files.
89
+
90
+ ### XML tags vs. bare markdown for behavioral sections
91
+
92
+ The behavioral instruction files at the bottom of the prompt are wrapped in XML tags (`<intake_mode_instructions>`, `<spec_authoring_instructions>`, `<code_authoring_instructions>`) — except for `instructions.md`, which is left as bare markdown at the very end. The reasoning: XML tags create a subtle framing of "here's a reference block to consult," while bare text at the terminal position reads more like direct commands. Leaving `instructions.md` unwrapped may give it additional weight on top of the recency effect. This is a hypothesis worth testing, not a proven fact.
93
+
94
+ The LSP guidance (`lsp.md`) is nested inside `<code_authoring_instructions>` since it's only relevant during code work.
95
+
96
+ ### Verification calibration: the 80/20 problem
97
+
98
+ The agent was going overboard on post-build verification — screenshotting every page, running browser tests on every flow, being extremely thorough when "mostly working" would be sufficient. The issue was that `instructions.md` listed every verification tool with guidance on when to use each one, which the agent interpreted as "use all of these after every build."
99
+
100
+ The fix was moving verification guidance to `coding.md` with an explicit 80/20 framing: spot-check the main happy paths, and if those work, trust that the edges are probably fine. The user can surface issues in chat. `runAutomatedBrowserTest` is reserved for interactive flows that can't be verified from a screenshot, or when the user reports something broken. This reframes the default posture from "verify everything" to "verify the critical path."
101
+
102
+ ### Mandatory SDK tool usage for model IDs
103
+
104
+ The agent was guessing model IDs when writing code that calls AI models via the MindStudio SDK. Model IDs change frequently across providers (OpenAI, Anthropic, Google, etc.) and plausible-looking IDs are often wrong.
105
+
106
+ The fix was three-layered:
107
+ 1. **`coding.md`** — hard rule in the behavioral instructions (recency zone): always use `askMindStudioSdk` before writing any SDK code, with expanded guidance on preferring the SDK over custom API connectors
108
+ 2. **`askMindStudioSdk.ts` tool description** — strengthened to frame model ID lookup as mandatory, not optional
109
+ 3. **`sdk-actions.md`** — existing mentions kept as reinforcement (middle zone, lower attention, but contextually relevant when the model is looking at SDK reference)
110
+
111
+ The redundancy across three locations is intentional. The model might skip the behavioral instruction, or might not consult the reference docs, but the tool description is right there at decision time when it's choosing whether to call the tool or guess.
112
+
113
+ ### Negative vs. positive instruction framing — a more nuanced take
114
+
115
+ Our initial research said "negative instructions perform worse than positive ones" and we rewrote all negatives as positives. After further discussion, the picture is more nuanced. There are two distinct mechanisms:
116
+
117
+ **Case 1: Tendencies the model already has.** Overengineering, gold-plating, verbose output, adding unnecessary abstractions. The model is already inclined to do these things. Naming them in a negative instruction ("don't overengineer") activates the exact concept you're trying to suppress, but the concept was already active anyway. The real issue here is that negative framing is weaker than positive framing — "keep solutions minimal" gives the model something to aim for, while "don't overengineer" only says what to avoid. **For ingrained tendencies, prefer positive framing** because the activation cost is zero (already activated) and the positive frame gives better behavioral guidance.
118
+
119
+ **Case 2: Specific things the model wasn't considering.** "Don't use regex backtracking," "don't use xyz-framework." If the model wasn't going to reach for this concept, mentioning it introduces it into the context window and primes the model to consider it. This is the classic "don't think about elephants" problem. **For things the model wouldn't do unprompted, don't mention them at all.**
120
+
121
+ **The exception to Case 2: common defaults the model gravitates toward.** Purple gradients, Inter font, three-box-with-icons layouts, `useEffect` for data fetching. These are statistical medians from training data that the model will produce unprompted. Naming them as anti-patterns is worth the activation cost because they were going to happen anyway. This is why the design fragment's avoidance list works.
122
+
123
+ **Where we landed on overengineering in `coding.md`:** We use a hybrid approach — lead with the positive directive ("match the scope of changes to what was asked, solve the current problem with the minimum code required") then follow with specific negative examples that draw bright lines ("a bug fix is just a bug fix, not an opportunity to refactor the surrounding code"). The negatives here aren't introducing new concepts; they're pushing back against things the model was already going to do.
124
+
125
+ ### Efficiency: avoiding redundant exploration
126
+
127
+ Coding agents waste significant context and tool calls re-reading files they've already seen or re-researching things a subagent already looked up. We added a principle to `instructions.md`: "Work with what you already know." This applies broadly (spec work, intake, coding) so it lives in the general principles rather than `coding.md`. The framing is positive ("prefer acting on information you have") rather than negative ("don't re-read files").
128
+
129
+ This was inspired by similar guidance in Claude Code's own system prompt, which is explicit about not duplicating work that subagents have done and not re-reading files unnecessarily.
130
+
131
+ ## What's Not Done
132
+
133
+ - **Streaming tool output** — writeSpec and editSpec are tagged as streaming candidates but execute with full input for now. Deferred until the platform API supports streaming tool input fields.
134
+ - **Auto-diagnostics after edit** — could auto-run lspDiagnostics after editFile/writeFile and append errors to the tool result. Depends on sidecar latency.
135
+
136
+ ### Removed: compile/recompile tools
137
+
138
+ We removed the compile and recompile tools. Instead of a separate "compile" step, the flow is: intake conversation → write spec → pause for user review → build everything in one turn using the spec as the master plan. The agent writes methods, tables, interfaces, and manifest updates directly, guided by the spec. No separate compiler agent needed.
@@ -0,0 +1,7 @@
1
+ This is an automated action triggered by the user pressing "Build" in the editor after reviewing the spec.
2
+
3
+ The user has reviewed the spec and is ready to build. Build everything in one turn: methods, tables, interfaces, manifest updates, and scenarios, using the spec as the master plan.
4
+
5
+ When code generation is complete, verify your work: use `runScenario` to seed test data, then use `runMethod` to confirm a method works, then use `runAutomatedBrowserTest` to smoke-test the main UI flow. The dev database is a disposable snapshot, so don't worry about being destructive. Fix any errors before finishing.
6
+
7
+ When everything is working, call `setProjectOnboardingState({ state: "onboardingFinished" })`.
@@ -0,0 +1,12 @@
1
+ This is an automated action triggered by the user pressing "Publish" in the editor.
2
+
3
+ The user wants to deploy their app. Pushing to the `main` branch triggers a production deploy.
4
+
5
+ Review the current state of the working tree — what has changed since the last commit, what's been committed since the last push, and the overall shape of recent work. Write a user-friendly changelog with `presentPublishPlan` — summarize what changed in plain language ("added vendor approval workflow", "fixed invoice totals", "updated the dashboard layout"). Reference specific code or file paths only when it helps clarity. This is what the user will see before deploying.
6
+
7
+ If approved:
8
+ - Stage and commit any uncommitted changes with a clean, descriptive commit message
9
+ - Push to main
10
+ - Let the user know their app is deploying
11
+
12
+ If dismissed, acknowledge and do nothing.
@@ -0,0 +1,19 @@
1
+ This is an automated action triggered by the user pressing "Sync" in the editor.
2
+
3
+ The user has manually edited files since the last sync. The `refs/sync-point` git ref marks the last known-good sync state. It's created using a temporary git index that captures the full working tree (including unstaged changes) as a tree object — so it represents exactly what the files looked like at sync time, not just what was committed.
4
+
5
+ To see what the user changed, run: `git diff refs/sync-point -- src/ dist/`
6
+
7
+ This compares the sync-point tree against the current working tree. Do not add `HEAD` or any other ref — the command as written diffs directly against the working tree, which is what you want.
8
+
9
+ In the diff output: lines prefixed with `-` are what was in the file at last sync. Lines prefixed with `+` are the user's current edits. Sync should bring the other side in line with the `+` side.
10
+
11
+ Analyze the changes and write a sync plan with `presentSyncPlan` — a clear markdown summary of what changed and what you intend to update. Write it for a human: describe changes in plain language ("renamed the greeting field", "added a note about error handling"), not as a list of file paths and code diffs. Reference specific code or file paths only when it helps clarity. The user will review and approve before you make changes.
12
+
13
+ If approved:
14
+ - If spec files (`src/`) changed, update the corresponding code in `dist/` to match
15
+ - If code files (`dist/`) changed, update the corresponding spec in `src/` to match
16
+ - If both changed, reconcile — spec is the source of truth for intent, but respect code changes that add implementation detail
17
+ - When all files are synced, call `clearSyncStatus`
18
+
19
+ If dismissed, acknowledge and do nothing.
@@ -0,0 +1,100 @@
1
+ # Compiled Prompt Fragments
2
+
3
+ This directory contains distilled prompt fragments generated from the source
4
+ docs in `docs/developer-guide/` (project root). These are loaded by `../index.ts` and injected
5
+ into Remy's system prompt at runtime.
6
+
7
+ ## How to compile
8
+
9
+ The compilation is done manually in a session with an LLM (Claude Code or
10
+ similar). Work through the source docs and compile them into prompt-ready
11
+ fragments.
12
+
13
+ ### Step 1: Compile with an LLM
14
+
15
+ Open a session and ask it to work through the compilation. Give it these
16
+ instructions:
17
+
18
+ ---
19
+
20
+ **You will compile source docs into prompt fragments for Remy, a coding agent
21
+ that builds MindStudio apps. The compiled fragments go in `src/prompt/compiled/`
22
+ and are loaded into the agent's system prompt at runtime.**
23
+
24
+ **Work through this one source file at a time, sequentially.** For each one:
25
+ 1. Read the source doc thoroughly
26
+ 2. Decide whether it should become its own fragment, be merged with a related
27
+ source, or be skipped entirely
28
+ 3. Present your draft of the compiled fragment
29
+ 4. Wait for review and feedback before moving to the next one
30
+
31
+ Do not parallelize this work. Do not generate multiple fragments at once. Each
32
+ fragment deserves careful attention — these are the instructions a coding agent
33
+ will follow to build real products, and mistakes here propagate into every app
34
+ it builds.
35
+
36
+ Source files are in `docs/developer-guide/` at the project root.
37
+
38
+ ## How to think about compilation
39
+
40
+ **Your audience is an LLM acting as a coding agent.** It needs to produce
41
+ correct code, not learn concepts. Everything you write should be optimized
42
+ for an agent that is actively building a MindStudio app and needs to get
43
+ the details right.
44
+
45
+ ### What to keep
46
+
47
+ - **API signatures, parameter types, return types, and code examples.**
48
+ These must be exactly right. The agent will copy these patterns directly
49
+ into the code it writes. A wrong type or a missing parameter means broken
50
+ code in production.
51
+ - **Concrete examples, specific error cases, explicit constraints, enumerated
52
+ edge cases.** These are the highest-value content. A source doc that says
53
+ "ensure data integrity, including checking for duplicate keys, null foreign
54
+ references, and orphaned records" — the specific checks ARE the value.
55
+ Collapsing that to "ensure data integrity" loses the actionable detail.
56
+ - **Tables and structured reference data.** Manifest fields, db predicates,
57
+ interface config schemas, role API methods — these are lookup references
58
+ the agent will consult while writing code. Keep them complete.
59
+ - **Rules and constraints that affect correctness.** "Only packages declared
60
+ in package.json are available at runtime" is the kind of detail that
61
+ prevents hard-to-debug errors.
62
+
63
+ ### What to strip
64
+
65
+ - **Setup instructions, installation steps, CLI commands.** The agent isn't
66
+ setting up a dev environment — it's writing code inside one.
67
+ - **Platform internals and deployment pipeline details.** How the platform
68
+ builds and deploys is not the agent's concern.
69
+ - **Conceptual explanations and philosophy.** "Why" something was designed
70
+ a certain way is rarely useful mid-task. Keep the "what" and "how."
71
+ - **Marketing language, feature pitches, comparative positioning.**
72
+ - **Cross-references to other docs** ("see Section X for details"). The
73
+ fragment should be self-contained.
74
+
75
+ ### Fragment format
76
+
77
+ ```markdown
78
+ # Fragment Title
79
+
80
+ Brief one-line context.
81
+
82
+ ## Section
83
+ ...content...
84
+ ```
85
+
86
+ No YAML frontmatter. No meta-commentary. Just the reference content the
87
+ agent needs. Each fragment should make sense on its own — the agent may
88
+ not see all fragments in every session.
89
+
90
+ ---
91
+
92
+ ### Step 2: Review
93
+
94
+ Read through the compiled fragments and verify code examples are accurate.
95
+ The LLM may hallucinate API details — cross-check against the source docs.
96
+
97
+ ### Step 3: Commit
98
+
99
+ The compiled fragments are committed to git. They're the snapshot the agent
100
+ uses at runtime.
@@ -0,0 +1,77 @@
1
+ # Roles & Auth
2
+
3
+ MindStudio apps use role-based access control. Roles are defined in the manifest, assigned to users in the editor, and enforced in methods. The backend is the authority — methods enforce access control via `auth.requireRole()`. The frontend can read roles for conditional rendering, but enforcement always happens server-side.
4
+
5
+ **Roles are optional.** Many apps don't need them — single-user apps, internal tools, simple utilities. If the app doesn't have multiple user types with different permissions, skip roles entirely. Only add them when the app explicitly needs to distinguish who can do what.
6
+
7
+ ## Defining Roles
8
+
9
+ In `mindstudio.json`:
10
+
11
+ ```json
12
+ {
13
+ "roles": [
14
+ { "id": "requester", "name": "Requester", "description": "Can submit vendor requests and purchase orders." },
15
+ { "id": "approver", "name": "Approver", "description": "Reviews and approves purchase orders." },
16
+ { "id": "admin", "name": "Administrator", "description": "Full access to all app functions." },
17
+ { "id": "ap", "name": "Accounts Payable", "description": "Processes invoices and payments." }
18
+ ]
19
+ }
20
+ ```
21
+
22
+ - `id` — kebab-case, used in code (`auth.requireRole('admin')`)
23
+ - `name` — display name shown in the editor
24
+ - `description` — what this role can do (useful for the agent and for users in the role assignment UI)
25
+
26
+ Roles are synced to the platform on deploy. Adding or removing roles in the manifest creates or deletes them on the next push.
27
+
28
+ ## Backend Auth API
29
+
30
+ ```typescript
31
+ import { auth } from '@mindstudio-ai/agent';
32
+ ```
33
+
34
+ ### `auth.requireRole(...roles)`
35
+
36
+ Throws a 403 error if the current user doesn't have **any** of the specified roles. Use at the top of methods to gate access.
37
+
38
+ ```typescript
39
+ auth.requireRole('admin'); // single role
40
+ auth.requireRole('admin', 'approver'); // any of these
41
+ ```
42
+
43
+ ### `auth.hasRole(...roles)`
44
+
45
+ Returns `boolean`. Same logic as `requireRole` but doesn't throw. Use for conditional behavior within a method.
46
+
47
+ ### `auth.userId`
48
+
49
+ The current user's UUID. Always available.
50
+
51
+ ### `auth.roles`
52
+
53
+ Array of role names assigned to the current user.
54
+
55
+ ### `auth.getUsersByRole(role)`
56
+
57
+ Returns an array of user IDs that have the specified role. Useful for things like "notify all admins."
58
+
59
+ ## Frontend Auth
60
+
61
+ ```typescript
62
+ import { auth } from '@mindstudio-ai/interface';
63
+
64
+ auth.userId; // current user's ID
65
+ auth.name; // display name
66
+ auth.email; // email address
67
+ auth.profilePictureUrl; // URL or null
68
+ ```
69
+
70
+ The frontend SDK provides display-only auth context. Role checking for UI purposes (showing/hiding elements) is done by reading role data from the backend:
71
+
72
+ ```typescript
73
+ const { isAdmin, pendingCount } = await api.getDashboard();
74
+ {isAdmin && <AdminPanel />}
75
+ ```
76
+
77
+ The frontend is untrusted — anyone can modify JavaScript in the browser. Access control must be enforced server-side in methods. The frontend shows or hides UI based on role data from the backend, but the backend is the authority.
@@ -0,0 +1,250 @@
1
+ # Frontend Design Notes
2
+
3
+ Design standards for web interfaces in MindStudio apps.
4
+
5
+ ## Quality Bar
6
+
7
+ Every interface must feel like a polished, shipping product — not a
8
+ prototype, not a starter template, not a homework assignment. The standard
9
+ is iOS and Apple's bundled iOS apps, Notion, Stripe. If it wouldn't look
10
+ good on Dribbble, Behance, or Mobbin, it's not done.
11
+
12
+ MindStudio apps are end-user products. The interface is the product. Users
13
+ judge the entire app by how it looks and feels in the first 3 seconds.
14
+
15
+ ## Design System from the Spec
16
+
17
+ The brand spec files in `src/interfaces/@brand/` define the app's visual identity at the brand level: a small palette of named colors and font choices with one or two anchor styles. These are brand decisions, not implementation details. Derive the full design system (CSS variables, component styles, spacing, borders, etc.) from these foundations.
18
+
19
+ Set up a lightweight theme layer early (CSS variables or a small tokens file) so brand colors and type styles are defined once and referenced everywhere. Map brand colors to semantic roles (background, text, accent, surface, border) and derive any additional shades you need. Keep it simple: a handful of CSS variables for colors and a few reusable text style classes or utilities for typography.
20
+
21
+ **When brand spec files are present, always use the defined fonts and colors in generated code.** Do not pick your own fonts or colors when the spec defines them. Reference colors semantically (as CSS variables or named constants) rather than scattering raw hex values through the codebase.
22
+
23
+ ### Colors block format
24
+
25
+ A `` ```colors `` fenced block in a `type: design/color` spec file declares 3-5 brand colors with evocative names, hex values, and descriptions. The names are brand identity names (not CSS property names), and the descriptions explain the color's role in the brand:
26
+
27
+ ```colors
28
+ Midnight:
29
+ value: "#000000"
30
+ description: Primary background and dark surfaces
31
+ Charcoal:
32
+ value: "#1C1C1E"
33
+ description: Elevated surfaces and containers
34
+ Snow:
35
+ value: "#F5F5F7"
36
+ description: Primary text and foreground elements
37
+ Smoke:
38
+ value: "#86868B"
39
+ description: Secondary text and supporting content
40
+ ```
41
+
42
+ Derive additional implementation colors (borders, focus states, hover states, disabled states) from the brand palette rather than expecting them to be specified.
43
+
44
+ ### Typography block format
45
+
46
+ A `` ```typography `` fenced block in a `type: design/typography` spec file declares fonts (with source URLs) and one or two anchor styles (typically Display and Body). Derive additional styles (labels, buttons, captions, overlines) from these anchors:
47
+
48
+ ```typography
49
+ fonts:
50
+ Satoshi:
51
+ src: https://api.fontshare.com/v2/css?f[]=satoshi@400,500,600,700&display=swap
52
+ Clash Grotesk:
53
+ src: https://api.fontshare.com/v2/css?f[]=clash-grotesk@400,500,600&display=swap
54
+
55
+ styles:
56
+ Display:
57
+ font: Satoshi
58
+ size: 40px
59
+ weight: 600
60
+ letterSpacing: -0.03em
61
+ lineHeight: 1.1
62
+ description: Page titles and hero text
63
+ Body:
64
+ font: Satoshi
65
+ size: 16px
66
+ weight: 400
67
+ lineHeight: 1.5
68
+ description: Default reading text
69
+ ```
70
+
71
+ ## Be Distinctive
72
+
73
+ AI-generated interfaces tend to converge on the same generic look: safe
74
+ fonts, timid colors, predictable layouts. Fight this actively. Every
75
+ interface should have character and intentionality — it should look like a
76
+ designer made deliberate choices, not like it was generated from a template.
77
+
78
+ **Typography must be a conscious choice.** Pick fonts that are beautiful,
79
+ distinctive, and appropriate for the product's personality. Generic system
80
+ fonts and overused defaults make everything look the same. Typography is
81
+ the single fastest way to give an interface identity.
82
+
83
+ **Commit to a color palette.** One or two dominant colors with sharp accents
84
+ outperform timid, evenly-distributed palettes. Draw inspiration from the
85
+ app's domain — a finance tool might use deep greens and golds; a creative
86
+ tool might use bold, saturated primaries. The palette should feel intentional
87
+ and owned, not randomly selected.
88
+
89
+ **Backgrounds create atmosphere.** Solid white or solid gray is the safe
90
+ default and the enemy of distinctiveness. Layer subtle gradients, use warm
91
+ or cool tints, add geometric patterns or contextual textures. The background
92
+ sets the mood before the user reads a single word.
93
+
94
+ **Layouts should surprise.** Avoid the predictable patterns: three equal
95
+ boxes with icons, centered hero with subtitle, generic card grid. Use
96
+ asymmetry, varied column widths, creative negative space, unexpected
97
+ compositions. Study Behance and Mobbin for layout inspiration. Every screen
98
+ should feel considered, not generated.
99
+
100
+ ## App-Like, Not Web-Page-Like
101
+
102
+ Interfaces run fullscreen in the user's browser or a wrapped webview mobile
103
+ app. They should feel like native apps, not websites.
104
+
105
+ - **No long scrolling pages.** Use structured layouts: cards, split panes,
106
+ steppers, tabs, grouped sections that fit the viewport. The interface
107
+ should feel like a single-purpose tool, not a document.
108
+ - **On mobile**, scrolling may be necessary, but use sticky headers, fixed
109
+ CTAs, and anchored navigation to keep key actions within reach.
110
+ - Think of every screen as something the user opens, uses, and closes —
111
+ not something they read.
112
+
113
+ ## Visual Design
114
+
115
+ - **Typography:** Strong hierarchy — clear distinction between headings,
116
+ body, labels, and captions. Use weight and size, not just color, to
117
+ create hierarchy. Choose fonts that elevate the interface and give it
118
+ personality.
119
+ - **Color:** Clean, vibrant, intentional. Use color to communicate state
120
+ and guide attention, not to decorate. Commit to a direction — bold and
121
+ saturated, or muted and editorial — and follow through consistently.
122
+ - **Spacing:** Consistent and generous. Padding and margins should be
123
+ uniform across all components — nothing should feel cramped or uneven.
124
+ White space is a feature, not wasted space.
125
+ - **Components:** Every component (buttons, inputs, cards, modals, lists)
126
+ should look like it belongs to the same design system. Consistent border
127
+ radii, consistent shadows, consistent padding. If two buttons on the
128
+ same screen look different for no reason, that's a bug.
129
+
130
+ ## Animation
131
+
132
+ Use motion to make interactions feel polished, not to show off. Focus on
133
+ high-impact moments: a well-orchestrated page load with staggered reveals
134
+ creates more delight than scattered micro-interactions everywhere.
135
+
136
+ - Transitions between states should be smooth but fast.
137
+ - Streaming content should flow into containers that grow naturally without
138
+ pushing sibling elements around.
139
+ - No parallax, no cheesy scroll effects, no bounce/elastic easing, no
140
+ gratuitous loading animations.
141
+
142
+ ## Layout Stability
143
+
144
+ Layout shift is never acceptable. Elements jumping around as content loads
145
+ or streams in makes an interface feel broken.
146
+
147
+ - Reserve space for content that hasn't arrived yet. Use fixed/min-height
148
+ containers, skeletons, or aspect-ratio boxes.
149
+ - Images must always have explicit dimensions so the browser reserves space
150
+ before the image loads.
151
+ - Loading-to-loaded transitions should swap content in-place without
152
+ changing container size.
153
+ - Buttons must not change size during loading states. Use a fixed width or
154
+ `min-width`, and swap the label for a spinner or short text that fits the
155
+ same space. "Submit" becoming "Submitting..." should not make the button
156
+ wider and push adjacent elements around.
157
+ - Conditional UI should use opacity/overlay transitions, not insertion into
158
+ flow that displaces existing content.
159
+
160
+ ## Responsive Design
161
+
162
+ Every interface must work on both desktop and mobile.
163
+
164
+ - Use the full viewport. Backgrounds should extend to edges.
165
+ - On desktop, use the space — multi-column layouts, sidebars, spacious
166
+ cards. Avoid narrow centered columns with empty gutters on a wide screen.
167
+ - On mobile, stack gracefully. Prioritize content and actions.
168
+ - Test at both extremes. A layout that only looks good at one breakpoint
169
+ is not done.
170
+
171
+ ## Forms
172
+
173
+ Forms should feel like interactions, not paperwork.
174
+
175
+ - Group related fields visually. Use cards or sections, not a flat list.
176
+ - Inline validation — show errors as the user types, not after submit.
177
+ Validation must never introduce layout shift.
178
+ - Loading states after submission. Always indicate that something is
179
+ happening.
180
+ - Disabled states should be visually distinct but not jarring.
181
+ - Even data entry can be beautiful. Pay attention to alignment, padding,
182
+ and spacing. Consistency is key.
183
+
184
+ ## Data Fetching and Updates
185
+
186
+ The UI should feel instant. Never make the user wait for a server round-trip
187
+ to see the result of their own action.
188
+
189
+ - **Optimistic updates.** When a user adds a row, toggles a setting, or
190
+ submits a form, update the UI immediately and let the backend confirm
191
+ in the background. If the backend fails, revert and show an error.
192
+ - **Use SWR for data fetching** (`useSWR` from the `swr` package). It
193
+ handles caching, revalidation, and stale-while-revalidate out of the box.
194
+ Prefer SWR over manual `useEffect` + `useState` fetch patterns.
195
+ - **Mutate after actions.** After a successful create/update/delete, call
196
+ `mutate()` to revalidate the relevant SWR cache rather than manually
197
+ updating local state.
198
+ - **Skeleton loading.** Show skeletons that mirror the layout on initial
199
+ load. Never show a blank page or centered spinner while data is loading.
200
+
201
+ ## What Good Looks Like
202
+
203
+ - A dashboard that feels like Linear — clean data, clear hierarchy, every
204
+ pixel intentional.
205
+ - A form that feels like Stripe Checkout — focused, calm, confident.
206
+ - A settings page that feels like iOS Settings — organized, scannable,
207
+ no clutter.
208
+ - A list view that feels like Notion — flexible, spacious, information-dense
209
+ without feeling crowded.
210
+
211
+ ## What to Actively Avoid
212
+
213
+ These are the hallmarks of generic AI-generated interfaces. Every one of
214
+ them makes an interface look like it was auto-generated rather than designed.
215
+
216
+ - **Generic fonts.** Overused defaults that strip away all personality.
217
+ Instead: pick a distinctive Google Font that fits the app's character.
218
+ - **Purple or indigo anything.** Purple gradients, purple buttons, purple
219
+ accents. This is the #1 AI-generated aesthetic cliché. Instead: use
220
+ a color palette that fits the app's domain — greens for finance, warm
221
+ neutrals for productivity, bold primaries for creative tools, or just
222
+ confident grayscale.
223
+ - **Colored left-border callout boxes.** Rounded divs with a thick colored
224
+ `border-left` — the generic "info card" pattern. Instead: use typography,
225
+ spacing, and background tints to create hierarchy. If you need to call
226
+ something out, use a full subtle background or a top border.
227
+ - **Three equal boxes with icons.** The default AI landing page layout.
228
+ Instead: use asymmetric layouts, varied column widths, or a single
229
+ focused content area.
230
+ - **Timid color palettes.** Evenly distributed, non-committal colors.
231
+ Instead: one or two dominant colors with sharp accents. Commit to a
232
+ direction.
233
+ - **Card-heavy nested layouts.** Cards inside cards, everything boxed.
234
+ Instead: use space, typography, and dividers to create hierarchy without
235
+ extra containers.
236
+ - **Inconsistent spacing.** 12px here, 20px there, 8px somewhere else.
237
+ Instead: define a spacing scale (4/8/12/16/24/32/48/64) and use it
238
+ everywhere.
239
+ - **Components from different visual languages.** Rounded buttons next to
240
+ square inputs, shadows mixed with flat design. Instead: pick one system
241
+ and apply it consistently.
242
+ - **Long scrolling forms with no visual grouping.** Instead: group fields
243
+ into sections with clear headings, cards, or stepped flows.
244
+ - **Cramped layouts.** Text pressed against edges, no room to breathe.
245
+ Instead: generous padding, comfortable margins, let the content float.
246
+ - **Loading states that are just a centered spinner on a blank page.**
247
+ Instead: use skeletons that mirror the layout, or keep the existing
248
+ structure visible with a subtle loading indicator.
249
+ - **Any interface where the first reaction is "this looks like a demo" or
250
+ "this looks like it was made with a website builder."**