@softspark/ai-toolkit 1.0.0

package/app/skills/ubiquitous-language/SKILL.md

@@ -0,0 +1,74 @@
+---
+name: ubiquitous-language
+description: "Extract a DDD-style ubiquitous language glossary from the conversation, flagging ambiguities and proposing canonical terms. Saves to UBIQUITOUS_LANGUAGE.md. Use when user wants to define domain terms, build a glossary, harden terminology, or mentions DDD or domain model."
+user-invocable: true
+effort: medium
+argument-hint: "[domain or context to extract terms from]"
+allowed-tools: Read, Write, Edit, Grep, Glob
+---
+
+# Ubiquitous Language
+
+$ARGUMENTS
+
+Extract and formalize domain terminology into a consistent glossary.
+
+## Usage
+
+```
+/ubiquitous-language [domain or context]
+```
+
+## What This Command Does
+
+1. **Scans** conversation for domain-relevant nouns, verbs, and concepts
+2. **Identifies** ambiguities, synonyms, and overloaded terms
+3. **Proposes** canonical glossary with opinionated term choices
+4. **Writes** to `UBIQUITOUS_LANGUAGE.md`
+
+## Process
+
+1. Scan conversation for domain terms
+2. Identify problems:
+   - Same word used for different concepts (ambiguity)
+   - Different words used for same concept (synonyms)
+   - Vague or overloaded terms
+3. Propose canonical glossary
+4. Write to `UBIQUITOUS_LANGUAGE.md`
+5. Output summary inline
+
+## Output Format
+
+```markdown
+# Ubiquitous Language
+
+## {Domain Group}
+
+| Term | Definition | Aliases to avoid |
+|------|-----------|-----------------|
+| **Order** | A customer's request to purchase one or more items | Purchase, transaction |
+
+## Relationships
+
+- An **Invoice** belongs to exactly one **Customer**
+
+## Example dialogue
+
+> **Dev:** "When a **Customer** places an **Order**..."
+> **Domain expert:** "..."
+
+## Flagged ambiguities
+
+- "account" was used to mean both **Customer** and **User** — ...
+```
+
+## Rules
+
+- **Be opinionated** — pick the best term, list others as aliases to avoid
+- **Flag conflicts explicitly** — call out ambiguous usage with clear recommendations
+- **Domain terms only** — skip generic programming concepts (array, function, endpoint)
+- **Tight definitions** — one sentence max, define what it IS not what it does
+- **Show relationships** — bold term names, express cardinality
+- **Group naturally** — multiple tables when clusters emerge, one table if cohesive
+- **Example dialogue** — 3-5 exchanges showing terms used precisely
+- **Keep existing** — when re-running, read existing file and update incrementally

package/app/skills/verification-before-completion/SKILL.md

@@ -0,0 +1,108 @@
+---
+name: verification-before-completion
+description: "Loaded when agent is about to claim work is complete, fixed, or passing — requires running verification commands and confirming output before making any success claims. Evidence before assertions, always."
+user-invocable: false
+---
+
+# Verification Before Completion
+
+## The Iron Law
+
+```
+NO COMPLETION CLAIMS WITHOUT FRESH VERIFICATION EVIDENCE
+```
+
+If you haven't run the verification command in this message, you cannot claim it passes.
+
+Claiming work is complete without verification is dishonesty, not efficiency.
+
+## The Gate Function
+
+```
+BEFORE claiming any status or expressing satisfaction:
+
+1. IDENTIFY: What command proves this claim?
+2. RUN: Execute the FULL command (fresh, complete)
+3. READ: Full output, check exit code, count failures
+4. VERIFY: Does output confirm the claim?
+   - If NO: State actual status with evidence
+   - If YES: State claim WITH evidence
+5. ONLY THEN: Make the claim
+
+Skip any step = lying, not verifying
+```
+
+## When To Apply
+
+**ALWAYS before:**
+- ANY variation of success/completion claims
+- ANY expression of satisfaction ("Great!", "Perfect!", "Done!")
+- ANY positive statement about work state
+- Committing, PR creation, task completion
+- Moving to next task
+- Delegating to agents
+
+## Common Failures
+
+| Claim | Requires | Not Sufficient |
+|-------|----------|----------------|
+| Tests pass | Test command output: 0 failures | Previous run, "should pass" |
+| Linter clean | Linter output: 0 errors | Partial check, extrapolation |
+| Build succeeds | Build command: exit 0 | Linter passing, logs look good |
+| Bug fixed | Test original symptom: passes | Code changed, assumed fixed |
+| Regression test works | Red-green cycle verified | Test passes once |
+| Agent completed | VCS diff shows changes | Agent reports "success" |
+| Requirements met | Line-by-line checklist | Tests passing |
+
+## Red Flags — STOP
+
+- Using "should", "probably", "seems to"
+- Expressing satisfaction before verification
+- About to commit/push/PR without verification
+- Trusting agent success reports without independent check
+- Relying on partial verification
+- Thinking "just this once"
+
+## Rationalization Prevention
+
+| Excuse | Reality |
+|--------|---------|
+| "Should work now" | RUN the verification |
+| "I'm confident" | Confidence is not evidence |
+| "Just this once" | No exceptions |
+| "Linter passed" | Linter is not compiler |
+| "Agent said success" | Verify independently |
+| "Partial check is enough" | Partial proves nothing |
+| "Different words so rule doesn't apply" | Spirit over letter |
+
+## Key Patterns
+
+**Tests:**
+```
+CORRECT:  [Run test command] [See: 34/34 pass] "All tests pass"
+WRONG:    "Should pass now" / "Looks correct"
+```
+
+**Regression tests (TDD Red-Green):**
+```
+CORRECT:  Write → Run (pass) → Revert fix → Run (MUST FAIL) → Restore → Run (pass)
+WRONG:    "I've written a regression test" (without red-green verification)
+```
+
+**Requirements:**
+```
+CORRECT:  Re-read plan → Create checklist → Verify each → Report gaps or completion
+WRONG:    "Tests pass, phase complete"
+```
+
+**Agent delegation:**
+```
+CORRECT:  Agent reports success → Check VCS diff → Verify changes → Report actual state
+WRONG:    Trust agent report at face value
+```
+
+## The Bottom Line
+
+Run the command. Read the output. THEN claim the result.
+
+This is non-negotiable.

package/app/skills/workflow/SKILL.md

@@ -0,0 +1,250 @@
+---
+name: workflow
+description: "Start and manage autonomous agent workflows"
+user-invocable: true
+effort: max
+argument-hint: "[type] [task description]"
+context: fork
+agent: orchestrator
+model: opus
+allowed-tools: Bash, Read, Write, Edit, Glob, Grep, Agent, TeamCreate, TeamDelete, SendMessage, TaskCreate, TaskList, TaskUpdate
+---
+
+# /workflow - Autonomous Agent Workflow
+
+$ARGUMENTS
+
+## Step 1 — Select workflow type
+
+```
+Is production DOWN?               → incident-response
+Performance degraded >50%?        → performance-optimization
+Bug spanning multiple layers?     → debugging
+Warning / trend?                  → proactive-troubleshooting
+Planned infra change?             → infrastructure-change
+Planned app deploy?               → application-deploy
+New feature (full stack)?         → feature-development
+New feature (backend only)?       → backend-feature
+New feature (frontend only)?      → frontend-feature
+New API endpoint?                 → api-design
+Schema / migration change?        → database-evolution
+Boost test coverage?              → test-coverage
+Security assessment?              → security-audit
+Exploring unfamiliar codebase?    → codebase-onboarding
+Technical research / spike?       → spike
+```
+
+## Step 2 — Define success criteria (MANDATORY)
+
+Cannot proceed without:
+
+```yaml
+Deliverables: [what outputs are expected]
+Verification: [how to verify — tests, metrics, commands]
+Definition of done: [quality bar]
+```
+
+Present to user and wait for approval.
+
+## Step 3 — Spawn agents via Agent tool
+
+Launch agents **in parallel where independent, sequentially where dependent**. Use the `Agent` tool — never do the work inline.
+
+---
+
+### Existing workflows
+
+**`debugging`**
+```
+# Sequential diagnosis:
+Agent(subagent_type="debugger",              prompt="Diagnose issue, 5 Whys, propose solution options. READ-ONLY.")
+Agent(subagent_type="explorer-agent",        prompt="Trace call path across layers. READ-ONLY.")
+# Parallel fix:
+Agent(subagent_type="backend-specialist",    prompt="Implement fix. Own files: src/")
+Agent(subagent_type="test-engineer",         prompt="Write regression test. Own files: tests/")
+# Sequential:
+Agent(subagent_type="documenter",            prompt="Document in kb/troubleshooting/ if recurring.")
+```
+
+**`incident-response`**
+```
+Agent(subagent_type="incident-responder",    prompt="Triage, root cause, immediate mitigation. READ-ONLY.")
+# After triage:
+Agent(subagent_type="backend-specialist",    prompt="Apply fix. Own files: src/")
+Agent(subagent_type="documenter",            prompt="Write postmortem (MANDATORY). Own files: kb/")
+```
+
+**`performance-optimization`**
+```
+Agent(subagent_type="performance-optimizer", prompt="Profile, identify bottlenecks, propose fixes. READ-ONLY.")
+Agent(subagent_type="backend-specialist",    prompt="Implement optimizations. Own files: src/")
+Agent(subagent_type="test-engineer",         prompt="Benchmark before/after. Own files: tests/benchmarks/")
+Agent(subagent_type="documenter",            prompt="Document baseline and results. Own files: kb/")
+```
+
+**`infrastructure-change`**
+```
+Agent(subagent_type="infrastructure-architect", prompt="Design change, create architecture note. Own files: docs/")
+Agent(subagent_type="devops-implementer",       prompt="Implement infra changes. Own files: docker/, .github/, infra/")
+Agent(subagent_type="security-auditor",         prompt="Review for security issues. READ-ONLY.")
+Agent(subagent_type="test-engineer",            prompt="Smoke tests and health checks. Own files: tests/")
+Agent(subagent_type="documenter",               prompt="Runbook + deployment docs. Own files: kb/")
+```
+
+**`application-deploy`**
+```
+Agent(subagent_type="devops-implementer",    prompt="Execute deployment. Own files: .github/, scripts/")
+Agent(subagent_type="test-engineer",         prompt="Post-deploy smoke tests.")
+Agent(subagent_type="documenter",            prompt="Release notes. Own files: kb/")
+```
+
+**`proactive-troubleshooting`**
+```
+Agent(subagent_type="debugger",              prompt="Investigate warning/trend, assess risk. READ-ONLY.")
+Agent(subagent_type="performance-optimizer", prompt="Check performance metrics. READ-ONLY.")
+Agent(subagent_type="backend-specialist",    prompt="Apply preventive fix if needed. Own files: src/")
+Agent(subagent_type="documenter",            prompt="Update monitoring/alerting docs. Own files: kb/")
+```
+
+---
+
+### New workflows
+
+**`feature-development`** — full stack feature, plan → implement → test → ship
+```
+# Sequential planning:
+Agent(subagent_type="project-planner",       prompt="Requirements, acceptance criteria, task breakdown. Own files: docs/")
+Agent(subagent_type="explorer-agent",        prompt="Find integration points in codebase. READ-ONLY.")
+# Parallel implementation:
+Agent(subagent_type="backend-specialist",    prompt="API routes, business logic, data layer. Own files: src/api/, src/services/")
+Agent(subagent_type="frontend-specialist",   prompt="UI components, state management. Own files: src/components/, src/pages/")
+Agent(subagent_type="database-architect",    prompt="Schema changes + migrations if needed. Own files: migrations/")
+# Parallel validation:
+Agent(subagent_type="test-engineer",         prompt="Unit + integration tests. Own files: tests/")
+Agent(subagent_type="security-auditor",      prompt="Security review of new attack surface. READ-ONLY.")
+# Sequential finalization:
+Agent(subagent_type="documenter",            prompt="API docs, KB update, changelog. Own files: kb/, docs/")
+```
+
+**`backend-feature`** — backend only: API + logic + tests
+```
+Agent(subagent_type="explorer-agent",        prompt="Find integration points and patterns. READ-ONLY.")
+Agent(subagent_type="backend-specialist",    prompt="Implement endpoint + business logic. Own files: src/")
+Agent(subagent_type="database-architect",    prompt="Schema/query changes if needed. Own files: migrations/")
+Agent(subagent_type="test-engineer",         prompt="Unit + integration tests. Own files: tests/")
+Agent(subagent_type="security-auditor",      prompt="Auth/authz, input validation review. READ-ONLY.")
+```
+
+**`frontend-feature`** — UI feature: component + state + tests
+```
+Agent(subagent_type="explorer-agent",        prompt="Find existing components and patterns. READ-ONLY.")
+Agent(subagent_type="frontend-specialist",   prompt="Build component, state, routing. Own files: src/components/, src/pages/")
+Agent(subagent_type="test-engineer",         prompt="Component tests, E2E if needed. Own files: tests/")
+Agent(subagent_type="documenter",            prompt="Component docs / Storybook if applicable.")
+```
+
+**`api-design`** — design + implement + test + document a new API
+```
+# Sequential design:
+Agent(subagent_type="tech-lead",             prompt="API contract, versioning, error format. Own files: docs/api-spec.md")
+Agent(subagent_type="database-architect",    prompt="Data model for new resources. Own files: migrations/")
+# Parallel implementation + validation:
+Agent(subagent_type="backend-specialist",    prompt="Implement endpoint, validation, business logic. Own files: src/")
+Agent(subagent_type="test-engineer",         prompt="Contract tests, integration tests. Own files: tests/")
+Agent(subagent_type="security-auditor",      prompt="Auth/authz, rate limiting, input validation. READ-ONLY.")
+Agent(subagent_type="performance-optimizer", prompt="Response time benchmark. READ-ONLY.")
+# Sequential:
+Agent(subagent_type="documenter",            prompt="OpenAPI spec, API reference docs. Own files: docs/")
+```
+
+**`database-evolution`** — schema change: design + migrate + update code + validate
+```
+# Sequential analysis:
+Agent(subagent_type="database-architect",    prompt="Design schema change, migration + rollback plan. Own files: migrations/")
+Agent(subagent_type="explorer-agent",        prompt="Find all code referencing affected tables/columns. READ-ONLY.")
+# Parallel implementation:
+Agent(subagent_type="backend-specialist",    prompt="Update ORM models, queries, data access layer. Own files: src/")
+Agent(subagent_type="test-engineer",         prompt="Migration tests, data integrity checks. Own files: tests/")
+# Parallel validation:
+Agent(subagent_type="performance-optimizer", prompt="EXPLAIN ANALYZE on new queries, index efficiency. READ-ONLY.")
+Agent(subagent_type="security-auditor",      prompt="SQL injection vectors in new query patterns. READ-ONLY.")
+# Sequential:
+Agent(subagent_type="documenter",            prompt="Update schema docs, migration changelog. Own files: kb/")
+```
+
+**`test-coverage`** — systematically boost test coverage for a module
+```
+# Sequential analysis:
+Agent(subagent_type="explorer-agent",        prompt="Map untested code paths, find coverage gaps. READ-ONLY.")
+# Parallel writing:
+Agent(subagent_type="test-engineer",         prompt="Write unit tests for uncovered functions. Own files: tests/unit/")
+Agent(subagent_type="backend-specialist",    prompt="Add integration test fixtures, mock external services. Own files: tests/integration/")
+# Sequential review:
+Agent(subagent_type="code-reviewer",         prompt="Review test quality — no false positives, deterministic. READ-ONLY.")
+```
+
+**`security-audit`** — comprehensive multi-vector security assessment
+```
+# Sequential recon:
+Agent(subagent_type="explorer-agent",        prompt="Map attack surface, entry points, data flows. READ-ONLY.")
+# Parallel audit:
+Agent(subagent_type="security-auditor",      prompt="OWASP Top 10, injection, auth review. READ-ONLY.")
+Agent(subagent_type="code-reviewer",         prompt="Secrets in code, error handling, logging gaps. READ-ONLY.")
+Agent(subagent_type="devops-implementer",    prompt="Infra misconfig, Docker hardening, network. READ-ONLY.")
+Agent(subagent_type="database-architect",    prompt="SQL injection vectors, access controls, encryption. READ-ONLY.")
+# Sequential:
+Agent(subagent_type="tech-lead",             prompt="Prioritize findings, assign severity (CVSS).")
+Agent(subagent_type="documenter",            prompt="Security audit report + remediation checklist. Own files: kb/")
+```
+
+**`codebase-onboarding`** — understand an unfamiliar codebase fast (READ-ONLY)
+```
+# Parallel discovery:
+Agent(subagent_type="explorer-agent",        prompt="Project structure, tech stack, entry points. READ-ONLY.")
+Agent(subagent_type="tech-lead",             prompt="Architecture patterns, design decisions, conventions. READ-ONLY.")
+Agent(subagent_type="database-architect",    prompt="Data model, relationships, migration history. READ-ONLY.")
+# Parallel analysis:
+Agent(subagent_type="test-engineer",         prompt="Test coverage, test patterns, CI pipeline. READ-ONLY.")
+Agent(subagent_type="security-auditor",      prompt="Current security posture, credential management. READ-ONLY.")
+# Sequential synthesis:
+Agent(subagent_type="documenter",            prompt="Write onboarding guide + architecture overview. Own files: docs/ONBOARDING.md")
+```
+
+**`spike`** — time-boxed technical research to inform a decision
+```
+# Parallel research:
+Agent(subagent_type="explorer-agent",        prompt="Existing codebase patterns relevant to decision. READ-ONLY.")
+Agent(subagent_type="tech-lead",             prompt="Architecture implications, trade-off analysis. READ-ONLY.")
+Agent(subagent_type="backend-specialist",    prompt="Implementation feasibility, proof of concept.")
+# Sequential evaluation:
+Agent(subagent_type="security-auditor",      prompt="Security implications of each option. READ-ONLY.")
+Agent(subagent_type="performance-optimizer", prompt="Performance implications of each option. READ-ONLY.")
+# Sequential decision:
+Agent(subagent_type="tech-lead",             prompt="Comparison matrix, recommendation.")
+Agent(subagent_type="documenter",            prompt="Write architecture note + spike findings. Own files: kb/reference/")
+```
+
+---
+
+## Step 4 — Track status
+
+| Event | Action |
+|-------|--------|
+| Agent started | `TaskUpdate(status="in_progress")` |
+| Agent complete | `TaskUpdate(status="completed")` |
+| Blocked | Document blocker, reassign or escalate |
+
+## Step 5 — Exit gate
+
+Workflow is NOT done until:
+- [ ] Tests pass
+- [ ] Documentation updated in `kb/`
+- [ ] Postmortem written (incident-response only)
+- [ ] Plan archived to `kb/history/completed/`
+
+## Devil's Advocate (workflows >1h)
+
+Before implementation:
+- What could go wrong?
+- Hidden costs / tech debt?
+- At least 3 alternatives considered?

package/app/skills/write-a-prd/SKILL.md

@@ -0,0 +1,129 @@
+---
+name: write-a-prd
+description: "Create a Product Requirements Document through interactive interview, codebase exploration, and deep module design. Use when user wants to write a PRD, create product requirements, or plan a new feature from scratch."
+user-invocable: true
+effort: high
+argument-hint: "[feature or problem description]"
+allowed-tools: Read, Grep, Glob, Bash, Agent
+---
+
+# Write a PRD
+
+$ARGUMENTS
+
+Create a PRD through structured interview, codebase exploration, and module design, then submit as a GitHub issue.
+
+## Usage
+
+```
+/write-a-prd [feature or problem description]
+```
+
+## What This Command Does
+
+1. **Gathers** detailed problem description from user
+2. **Explores** the codebase to verify assertions and understand current state
+3. **Interviews** relentlessly about every design branch until shared understanding
+4. **Sketches** major modules — actively seeking deep modules (small interface, deep implementation)
+5. **Writes** the PRD and submits as GitHub issue via `gh issue create`
+
+## Process
+
+### 1. Gather Problem Description
+
+Ask the user for a detailed description of:
+- The problem they want to solve
+- Any potential ideas for solutions
+- Who the users/actors are
+
+### 2. Explore the Codebase
+
+Use Agent (subagent_type=Explore) to understand:
+- Current architecture relevant to the feature
+- Existing patterns and conventions
+- Integration points
+- Related code that might be affected
+
+### 3. Interview Relentlessly
+
+Walk down each branch of the design tree, resolving dependencies between decisions one-by-one. For each question, provide your recommended answer.
+
+Ask questions one at a time. If a question can be answered by exploring the codebase, explore instead of asking.
+
+### 4. Sketch Modules
+
+Identify major modules to build or modify. Look for opportunities to extract **deep modules** — modules that encapsulate significant functionality behind a simple, testable interface.
+
+Check with the user:
+- Do these modules match their expectations?
+- Which modules need tests?
+
+### 5. Write and Submit PRD
+
+Use the template below. Submit as GitHub issue via `gh issue create`. Share the URL.
+
+## PRD Template
+
+<prd-template>
+
+## Problem Statement
+
+The problem from the user's perspective.
+
+## Solution
+
+The solution from the user's perspective.
+
+## User Stories
+
+Extensive numbered list:
+
+1. As an <actor>, I want a <feature>, so that <benefit>
+
+Cover ALL aspects of the feature.
+
+## Implementation Decisions
+
+- Modules to build/modify
+- Interface designs for those modules
+- Architectural decisions
+- Schema changes
+- API contracts
+
+Do NOT include specific file paths or code snippets — they go stale quickly.
+
+## Testing Decisions
+
+- What makes a good test (external behavior, not implementation details)
+- Which modules to test
+- Prior art for tests in the codebase
+
+## Out of Scope
+
+What is explicitly NOT part of this PRD.
+
+## Further Notes
+
+Any additional context.
+
+</prd-template>
+
+## Visual Companion (Optional)
+
+When upcoming questions will involve visual content (mockups, layouts, diagrams), offer the browser companion:
+
+> "Some of what we're working on might be easier to explain visually. I can show mockups and diagrams in a browser. Want to try it?"
+
+**This offer MUST be its own message.** Do not combine with other questions. Wait for response.
+
+If accepted, start the server and use it for visual questions only. Text/conceptual questions stay in terminal.
+
+See [reference/visual-companion.md](reference/visual-companion.md) for details.
+
+## Rules
+
+- Interview relentlessly — don't settle for vague answers
+- No file paths or code snippets in the PRD (durability principle)
+- User stories must be extensive and cover all aspects
+- Submit immediately via `gh issue create` — don't ask for review
+- Deep modules over shallow modules

package/app/skills/write-a-prd/reference/visual-companion.md

@@ -0,0 +1,78 @@
+# Visual Companion
+
+Browser-based companion for showing mockups, diagrams, and layouts during PRD brainstorming sessions.
+
+## What
+
+A lightweight Node.js HTTP server that serves a dark-themed HTML page in the user's browser. The agent pushes HTML content to the page via a POST endpoint, enabling real-time display of mockups, wireframes, comparison tables, and diagrams alongside the terminal conversation.
+
+## When to Offer
+
+Anticipate visual questions during the PRD interview. Offer the companion when upcoming questions will involve:
+
+- UI mockups or wireframes
+- Layout comparisons (side-by-side options)
+- Architecture diagrams
+- Data flow visualizations
+- Feature comparison tables with visual elements
+
+## Consent Flow
+
+1. **Offer once, as its own message.** Do not combine with other questions.
+2. **Wait for the user's response** before proceeding.
+3. **Respect a "no"** — continue the interview entirely in the terminal.
+
+Example offer:
+
+> "Some of what we're working on might be easier to explain visually. I can show mockups and diagrams in a browser. Want to try it?"
+
+## Per-Question Decision
+
+After the companion is accepted, decide per question:
+
+| Content Type | Where |
+|---|---|
+| Mockups, wireframes, layouts | Browser |
+| Architecture diagrams | Browser |
+| Comparison tables (visual) | Browser |
+| Conceptual questions | Terminal |
+| Text-only decisions | Terminal |
+| Yes/no confirmations | Terminal |
+
+## How to Start
+
+```bash
+node scripts/visual-server.cjs
+```
+
+The server prints the URL to stdout:
+
+```
+Visual companion ready at http://localhost:PORT
+```
+
+Share this URL with the user so they can open it in their browser.
+
+## How to Update Content
+
+POST HTML to the `/update` endpoint:
+
+```bash
+curl -X POST http://localhost:PORT/update \
+  -H "Content-Type: application/json" \
+  -d '{"html": "<h2>Mockup A</h2><p>Description here...</p>"}'
+```
+
+The browser page polls `/content` every 2 seconds and updates automatically with a brief fade transition.
+
+## Auto-Shutdown
+
+The server automatically shuts down after 30 minutes of inactivity (no HTTP requests). It also responds to SIGINT and SIGTERM for graceful shutdown.
+
+## Technical Details
+
+- **Dependencies:** None. Uses Node.js built-in `http`, `fs`, `path` modules only.
+- **Port:** Binds to a random available port (falls back to 38888 on error).
+- **Template:** Served from `frame-template.html` in the same directory.
+- **Content endpoint:** GET `/content` returns `{"html": "..."}` for polling.
+- **Update endpoint:** POST `/update` accepts `{"html": "..."}` to change displayed content.