create-workframe 0.1.0 → 0.1.2

package/scripts/set-compose-public-url.mjs

@@ -1,92 +1,92 @@
-#!/usr/bin/env node
-/**
- * Set public URL keys in compose .env (APP_BASE_URL, WORKFRAME_PUBLIC_HOST, CORS, ALLOWED_HOSTS).
- * HERMES_DASHBOARD_PUBLIC_URL is derived from APP_BASE_URL in docker-compose.yml.
- * Usage: node set-compose-public-url.mjs https://dev.example.com [--env path/to/.env]
- */
-import fs from 'node:fs';
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-
-const args = process.argv.slice(2);
-
-if (args.includes('--self-check')) {
-  function normalizePublicUrl(raw) {
-    let u = String(raw || '').trim();
-    if (!u) throw new Error('url required');
-    if (!/^https?:\/\//i.test(u)) u = `https://${u}`;
-    const parsed = new URL(u);
-    if (!parsed.hostname) throw new Error('invalid hostname');
-    return `https://${parsed.hostname}`;
-  }
-  if (normalizePublicUrl('dev.example.com') !== 'https://dev.example.com') {
-    throw new Error('normalizePublicUrl failed');
-  }
-  console.log('self-check ok');
-  process.exit(0);
-}
-
-const envFlag = args.indexOf('--env');
-let envPath =
-  envFlag >= 0 ? args[envFlag + 1] : path.join(path.dirname(fileURLToPath(import.meta.url)), '../../infra/compose/workframe/.env');
-const urlArg = args.find((a) => !a.startsWith('--') && a !== envPath);
-
-if (!urlArg?.trim()) {
-  console.error('Usage: node set-compose-public-url.mjs <https://host> [--env path/to/.env]');
-  process.exit(1);
-}
-
-function normalizePublicUrl(raw) {
-  let u = String(raw || '').trim();
-  if (!u) throw new Error('url required');
-  if (!/^https?:\/\//i.test(u)) u = `https://${u}`;
-  const parsed = new URL(u);
-  if (!parsed.hostname) throw new Error('invalid hostname');
-  return `https://${parsed.hostname}`;
-}
-
-function hostnameFromUrl(url) {
-  return new URL(url).hostname;
-}
-
-function setKv(text, key, val) {
-  const line = `${key}=${val}`;
-  const re = new RegExp(`^${key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}=.*$`, 'm');
-  if (re.test(text)) return text.replace(re, line);
-  return `${text}${text.endsWith('\n') || !text ? '' : '\n'}${line}\n`;
-}
-
-const publicUrl = normalizePublicUrl(urlArg);
-const host = hostnameFromUrl(publicUrl);
-
-if (!fs.existsSync(envPath)) {
-  const example = `${envPath}.example`;
-  if (fs.existsSync(example)) {
-    fs.mkdirSync(path.dirname(envPath), { recursive: true });
-    fs.copyFileSync(example, envPath);
-    console.log(`Created ${envPath} from example`);
-  } else {
-    throw new Error(`Missing env file: ${envPath}`);
-  }
-}
-
-let text = fs.readFileSync(envPath, 'utf8');
-text = setKv(text, 'APP_BASE_URL', publicUrl);
-text = setKv(text, 'WORKFRAME_PUBLIC_HOST', host);
-text = setKv(text, 'ALLOWED_HOSTS', host);
-text = setKv(text, 'CORS_ALLOW_ORIGIN', publicUrl);
-fs.writeFileSync(envPath, text);
-
-console.log(
-  JSON.stringify(
-    {
-      ok: true,
-      env: envPath,
-      app_base_url: publicUrl,
-      hermes_dashboard_public_url: `${publicUrl}/hermes-dashboard`,
-      host,
-    },
-    null,
-    2,
-  ),
-);
+#!/usr/bin/env node
+/**
+ * Set public URL keys in compose .env (APP_BASE_URL, WORKFRAME_PUBLIC_HOST, CORS, ALLOWED_HOSTS).
+ * HERMES_DASHBOARD_PUBLIC_URL is derived from APP_BASE_URL in docker-compose.yml.
+ * Usage: node set-compose-public-url.mjs https://dev.example.com [--env path/to/.env]
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const args = process.argv.slice(2);
+
+if (args.includes('--self-check')) {
+  function normalizePublicUrl(raw) {
+    let u = String(raw || '').trim();
+    if (!u) throw new Error('url required');
+    if (!/^https?:\/\//i.test(u)) u = `https://${u}`;
+    const parsed = new URL(u);
+    if (!parsed.hostname) throw new Error('invalid hostname');
+    return `https://${parsed.hostname}`;
+  }
+  if (normalizePublicUrl('dev.example.com') !== 'https://dev.example.com') {
+    throw new Error('normalizePublicUrl failed');
+  }
+  console.log('self-check ok');
+  process.exit(0);
+}
+
+const envFlag = args.indexOf('--env');
+let envPath =
+  envFlag >= 0 ? args[envFlag + 1] : path.join(path.dirname(fileURLToPath(import.meta.url)), '../../infra/compose/workframe/.env');
+const urlArg = args.find((a) => !a.startsWith('--') && a !== envPath);
+
+if (!urlArg?.trim()) {
+  console.error('Usage: node set-compose-public-url.mjs <https://host> [--env path/to/.env]');
+  process.exit(1);
+}
+
+function normalizePublicUrl(raw) {
+  let u = String(raw || '').trim();
+  if (!u) throw new Error('url required');
+  if (!/^https?:\/\//i.test(u)) u = `https://${u}`;
+  const parsed = new URL(u);
+  if (!parsed.hostname) throw new Error('invalid hostname');
+  return `https://${parsed.hostname}`;
+}
+
+function hostnameFromUrl(url) {
+  return new URL(url).hostname;
+}
+
+function setKv(text, key, val) {
+  const line = `${key}=${val}`;
+  const re = new RegExp(`^${key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}=.*$`, 'm');
+  if (re.test(text)) return text.replace(re, line);
+  return `${text}${text.endsWith('\n') || !text ? '' : '\n'}${line}\n`;
+}
+
+const publicUrl = normalizePublicUrl(urlArg);
+const host = hostnameFromUrl(publicUrl);
+
+if (!fs.existsSync(envPath)) {
+  const example = `${envPath}.example`;
+  if (fs.existsSync(example)) {
+    fs.mkdirSync(path.dirname(envPath), { recursive: true });
+    fs.copyFileSync(example, envPath);
+    console.log(`Created ${envPath} from example`);
+  } else {
+    throw new Error(`Missing env file: ${envPath}`);
+  }
+}
+
+let text = fs.readFileSync(envPath, 'utf8');
+text = setKv(text, 'APP_BASE_URL', publicUrl);
+text = setKv(text, 'WORKFRAME_PUBLIC_HOST', host);
+text = setKv(text, 'ALLOWED_HOSTS', host);
+text = setKv(text, 'CORS_ALLOW_ORIGIN', publicUrl);
+fs.writeFileSync(envPath, text);
+
+console.log(
+  JSON.stringify(
+    {
+      ok: true,
+      env: envPath,
+      app_base_url: publicUrl,
+      hermes_dashboard_public_url: `${publicUrl}/hermes-dashboard`,
+      host,
+    },
+    null,
+    2,
+  ),
+);

package/scripts/sync-canonical-to-package.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 /**
  * Copy canonical Workframe BFF into create-workframe package tree before npm pack.
- * Run from ProjectX root: node packages/create-workframe/scripts/sync-canonical-to-package.mjs
+ * Run from repository root: node packages/create-workframe/scripts/sync-canonical-to-package.mjs
  */
 import fs from 'node:fs';
 import path from 'node:path';
@@ -9,14 +9,15 @@ import { fileURLToPath } from 'node:url';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const PKG_ROOT = path.resolve(__dirname, '..');
-const PROJECTX_ROOT = path.resolve(PKG_ROOT, '../..');
-const CANONICAL_API = path.join(PROJECTX_ROOT, 'services/workframe-api');
+const REPO_ROOT = path.resolve(PKG_ROOT, '../..');
+const CANONICAL_API = path.join(REPO_ROOT, 'services/workframe-api');
 const PKG_API = path.join(PKG_ROOT, 'workframe-api');
-const CANONICAL_SUPERVISOR = path.join(PROJECTX_ROOT, 'services/workframe-supervisor');
+const CANONICAL_SUPERVISOR = path.join(REPO_ROOT, 'services/workframe-supervisor');
 const PKG_SUPERVISOR = path.join(PKG_ROOT, 'workframe-supervisor');
 
 const SKIP_DIRS = new Set([
   'data',
+  'tests',
   '__pycache__',
   '.pytest_cache',
   '.venv',
@@ -56,6 +57,17 @@ function removeIfExists(p) {
   if (fs.existsSync(p)) fs.rmSync(p, { recursive: true, force: true });
 }
 
+/** Alpine sh breaks on CRLF (then\r). Normalize at pack time — Windows checkout is CRLF. */
+function copyIntoPackage(src, dst) {
+  fs.mkdirSync(path.dirname(dst), { recursive: true });
+  if (dst.endsWith('.sh')) {
+    const text = fs.readFileSync(src, 'utf8').replace(/\r\n/g, '\n').replace(/\r/g, '\n');
+    fs.writeFileSync(dst, text, 'utf8');
+  } else {
+    fs.copyFileSync(src, dst);
+  }
+}
+
 console.log(`Sync canonical BFF: ${CANONICAL_API} -> ${PKG_API}`);
 copyTree(CANONICAL_API, PKG_API);
 
@@ -103,15 +115,21 @@ const applyScripts = [
   'ensure-compose-host-paths.mjs',
 ];
 for (const name of applyScripts) {
-  const src = path.join(PROJECTX_ROOT, 'scripts/workframe', name);
+  const src = path.join(REPO_ROOT, 'scripts/workframe', name);
   const dst = path.join(PKG_ROOT, 'scripts', name);
   if (!fs.existsSync(src)) throw new Error(`Missing apply script: ${src}`);
-  fs.mkdirSync(path.dirname(dst), { recursive: true });
-  fs.copyFileSync(src, dst);
+  copyIntoPackage(src, dst);
   console.log(`Synced ${name} -> package/scripts/`);
 }
 
-const publicDeploySrc = path.join(PROJECTX_ROOT, 'infra/compose/workframe/PUBLIC_DEPLOY.md');
+for (const sh of fs.readdirSync(path.join(PKG_ROOT, 'scripts')).filter((n) => n.endsWith('.sh'))) {
+  const p = path.join(PKG_ROOT, 'scripts', sh);
+  if (fs.readFileSync(p).includes(0x0d)) {
+    throw new Error(`CRLF remains in package script after sync: ${sh}`);
+  }
+}
+
+const publicDeploySrc = path.join(REPO_ROOT, 'infra/compose/workframe/PUBLIC_DEPLOY.md');
 const publicDeployDst = path.join(PKG_ROOT, 'docs/PUBLIC_DEPLOY.md');
 if (fs.existsSync(publicDeploySrc)) {
   fs.mkdirSync(path.dirname(publicDeployDst), { recursive: true });
@@ -120,7 +138,7 @@ if (fs.existsSync(publicDeploySrc)) {
 }
 
 for (const name of ['LICENSE', 'NOTICE', 'SECURITY.md']) {
-  const src = path.join(PROJECTX_ROOT, name);
+  const src = path.join(REPO_ROOT, name);
   const dst = path.join(PKG_ROOT, name);
   if (!fs.existsSync(src)) throw new Error(`Missing publish file: ${src}`);
   fs.copyFileSync(src, dst);

package/shared/WORKFRAME_AGENT_LIBRARY.md

@@ -8,23 +8,23 @@ Canonical behavior location
 - Runtime: `Agents/profiles/{nativeProfileSlug}/SOUL.md`
 - Bootstrap seed: `scripts/seed/profiles/{nativeProfileSlug}/SOUL.md`
 
-Default specialist catalog
-- visionary
-- architect
-- docs
-- dev
-- research
-- designer
-
-Install-time starter packs
-- Recorded in `workframe-manifest.json` (`pack`, `profiles`, `native_agent`)
-- Default scaffold pack is `native` (native agent only)
-- Reference packs can still be chosen explicitly
-- See `docs/SETUP.md` for the pack chosen at install
-
-Extension pattern
-- Add niche specialists only when recurring demand exists.
-- Preferred path: spawn specialists on demand through botfather/lifecycle flows instead of preinstalling the whole crew.
+Default specialist catalog
+- visionary
+- architect
+- docs
+- dev
+- research
+- designer
+
+Install-time starter packs
+- Recorded in `workframe-manifest.json` (`pack`, `profiles`, `native_agent`)
+- Default scaffold pack is `native` (native agent only)
+- Reference packs can still be chosen explicitly
+- See `docs/SETUP.md` for the pack chosen at install
+
+Extension pattern
+- Add niche specialists only when recurring demand exists.
+- Preferred path: spawn specialists on demand through botfather/lifecycle flows instead of preinstalling the whole crew.
 
 Curation rule
 - Keep role-specific skill/tool bundles lean.

package/shared/WORKFRAME_AGENT_OPERATIONS.md

@@ -3,11 +3,11 @@
 Goal
 - keep the agent library dynamic but controlled.
 
-Concierge responsibilities
-- detect recurring specialist needs
-- propose profile add/remove/swap
-- route work through existing profiles until approved change lands
-- spawn specialists only when a real role gap exists
+Concierge responsibilities
+- detect recurring specialist needs
+- propose profile add/remove/swap
+- route work through existing profiles until approved change lands
+- spawn specialists only when a real role gap exists
 
 Profile operations policy
 - Add profile: when repeated tasks do not fit existing specialists.
@@ -17,13 +17,13 @@ Profile operations policy
 Approval
 - owner/admin approves profile topology changes in team environments.
 
-Preferred implementation path
-1) Update runtime profile SOUL under `Agents/profiles/`.
-2) Update bootstrap seeds under `scripts/seed/profiles/` when templates change.
-3) Spawn or update the runtime profile set through lifecycle/botfather flows.
-4) Announce changed routing behavior in docs and chat status.
-
-Default topology policy
-- Start native-only.
-- Treat specialist packs as reference presets, not mandatory first boot state.
-- Keep the installed crew as small as possible until real demand appears.
+Preferred implementation path
+1) Update runtime profile SOUL under `Agents/profiles/`.
+2) Update bootstrap seeds under `scripts/seed/profiles/` when templates change.
+3) Spawn or update the runtime profile set through lifecycle/botfather flows.
+4) Announce changed routing behavior in docs and chat status.
+
+Default topology policy
+- Start native-only.
+- Treat specialist packs as reference presets, not mandatory first boot state.
+- Keep the installed crew as small as possible until real demand appears.

package/shared/WORKFRAME_AGENT_PACKS.json

@@ -1,17 +1,17 @@
 {
-  "version": 2,
-  "packs": {
-    "native": {
-      "description": "One native project agent only. Spawn specialists later through Workframe botfather flows.",
-      "profiles": [
-        "project-agent"
-      ]
-    },
-    "vanilla": {
-      "description": "Reference default crew pack (native project agent + all core specialists)",
-      "profiles": [
-        "project-agent",
-        "visionary",
+  "version": 2,
+  "packs": {
+    "native": {
+      "description": "One native project agent only. Spawn specialists later through Workframe botfather flows.",
+      "profiles": [
+        "project-agent"
+      ]
+    },
+    "vanilla": {
+      "description": "Reference default crew pack (native project agent + all core specialists)",
+      "profiles": [
+        "project-agent",
+        "visionary",
         "architect",
         "docs",
         "dev",
@@ -48,11 +48,11 @@
         "research"
       ]
     },
-    "full": {
-      "description": "Alias of vanilla for compatibility",
-      "profiles": [
-        "project-agent",
-        "visionary",
+    "full": {
+      "description": "Alias of vanilla for compatibility",
+      "profiles": [
+        "project-agent",
+        "visionary",
         "architect",
         "docs",
         "dev",

package/shared/WORKFRAME_AGENT_PACKS.yaml

@@ -1,11 +1,11 @@
-version: 2
-packs:
-  native:
-    description: One native project agent only. Spawn specialists later through Workframe botfather flows.
-    profiles: [project-agent]
-  vanilla:
-    description: Reference default crew pack (native project agent + all core specialists)
-    profiles: [project-agent, visionary, architect, docs, dev, research, designer]
+version: 2
+packs:
+  native:
+    description: One native project agent only. Spawn specialists later through Workframe botfather flows.
+    profiles: [project-agent]
+  vanilla:
+    description: Reference default crew pack (native project agent + all core specialists)
+    profiles: [project-agent, visionary, architect, docs, dev, research, designer]
   core:
     description: Minimal operational baseline
     profiles: [project-agent, docs, dev]

package/shared/WORKFRAME_SKILL_CURATION.md

@@ -21,7 +21,7 @@ Tool curation rules
 3) Add a skill only after repeated need.
 4) Remove stale skills quarterly.
 
-Install-time selection
-- default to the `native` starter pack unless a larger reference pack is explicitly requested
-- reference packs remain available (`core` / `product` / `engineering` / `full`)
-- concierge can request profile add/remove later with owner approval.
+Install-time selection
+- default to the `native` starter pack unless a larger reference pack is explicitly requested
+- reference packs remain available (`core` / `product` / `engineering` / `full`)
+- concierge can request profile add/remove later with owner approval.

package/workframe-api/README.md

@@ -1,28 +1,26 @@
-# Workframe API Service
-
-**Version:** `0.1.0` (`workframe-api-0.1.0`). See `docs/VERSION.md`.
-
-Active backend service for the transplanted Workframe vertical slice.
-
-This is intentionally preserved as the current Python BFF instead of being rewritten into `apps/api`.
-
-## Local
-
-```bash
-cd services/workframe-api
-python3 -m venv .venv
-. .venv/bin/activate
-pip install -r requirements.txt
-HOST=0.0.0.0 PORT=8080 HERMES_DATA=/opt/data WORKSPACE=/workspace python3 server.py
-```
-
-## Runtime state
-
-Runtime files are intentionally not committed:
-
-- `data/*.db`
-- `data/.auth_keys`
-- Hermes `Agents/`
-- workspace `Files/`
-
-For VPS deployment, mount clean persistent volumes into `/opt/data` and `/workspace`.
+# Workframe API Service
+
+Python BFF for the Workframe UI. See [docs/VERSION.md](../../docs/VERSION.md) for release version.
+
+Canonical implementation — not rewritten into a separate `apps/api` service.
+
+## Local (outside Docker)
+
+```bash
+cd services/workframe-api
+python3 -m venv .venv
+. .venv/bin/activate   # Windows: .venv\Scripts\activate
+pip install -r requirements.txt
+HOST=0.0.0.0 PORT=8080 HERMES_DATA=/opt/data WORKSPACE=/workspace python3 server.py
+```
+
+## Runtime state (not committed)
+
+- `data/*.db`, vault files under `WORKFRAME_API_DATA_DIR`
+- Hermes `Agents/` tree on mounted volume
+
+## Docs
+
+- [Runtime operations](../../docs/public/runtime-operations.md)
+- [Security](../../docs/public/security.md)
+- [BFF route map](../../docs/public/bff-route-map.md)