ima-claude 2.18.0 → 2.25.0

package/plugins/ima-claude/skills/ember-discourse/SKILL.md

@@ -5,29 +5,9 @@ description: "Ember/Glimmer component development for Discourse plugins - gjs, a
 
 # Ember for Discourse Plugins
 
-Discourse runs Ember Octane with Glimmer components. The plugin extension model is: `apiInitializer` → `renderInOutlet` → `.gjs` component. Everything else is either legacy or an internal Discourse concern.
+Discourse runs Ember Octane with Glimmer components. Extension model: `apiInitializer` → `renderInOutlet` → `.gjs` component.
 
-## When to Use This Skill
-
-- Adding frontend UI to a Discourse plugin
-- Building admin panel components for a plugin
-- Injecting content into Discourse's UI via plugin outlets
-- Migrating old `decorateWidget` / raw handlebars to modern Glimmer
-
-## Core Philosophy
-
-> Glimmer components are close to pure functions: `(args, services) → template`. Minimize `@tracked` state. Prefer derived values over stored state.
-
-FP lens applied to Ember:
-- **Components** are view functions — args in, DOM out
-- **`@tracked`** is isolated reactive state — use sparingly, only what truly changes
-- **Derived values** via getters — no duplicate state, always in sync
-- **Actions** are the imperative shell — side effects live in methods, not templates
-- **Services** are dependency injection — inject, don't import singletons
-
-**Foundation**: Reference `../discourse/SKILL.md` for the Ruby side of plugin development.
-
-## The Modern Stack (use these)
+## Modern Stack
 
 | What | Modern | Deprecated / Avoid |
 |------|--------|--------------------|
@@ -39,9 +19,19 @@ FP lens applied to Ember:
 | Services | `@service` decorator | `Ember.inject.service()` |
 | Event handling | `{{on "click" this.handler}}` | `{{action "handler"}}` |
 
-## .gjs: The File Format
+## FP Lens
 
-`.gjs` (Glimmer JS) combines the component class and template in one file. It's the current Discourse standard for new components.
+- Components are view functions — args in, DOM out
+- `@tracked` = isolated reactive state — use sparingly, only for state the component owns and mutates
+- Derived values via getters — no duplicate state
+- Actions are the imperative shell — side effects in methods, not templates
+- Services are DI — inject via `@service`, don't import singletons
+
+**Related**: `../discourse/SKILL.md` for Ruby plugin side.
+
+## .gjs Format
+
+`.gjs` combines class + template in one file. Standard for all new components.
 
 ```gjs
 // assets/javascripts/discourse/components/my-component.gjs
@@ -57,7 +47,7 @@ export default class MyComponent extends Component {
 
   @tracked isExpanded = false;
 
-  // Derived value — getter, not stored state
+  // Derived — getter, not @tracked
   get greeting() {
     return this.currentUser
       ? `Welcome back, ${this.currentUser.username}!`
@@ -72,26 +62,21 @@ export default class MyComponent extends Component {
   <template>
     <div class="my-component">
       <p>{{this.greeting}}</p>
-
       <DButton
         @action={{this.toggleExpanded}}
         @label={{if this.isExpanded "collapse" "expand"}}
       />
-
       {{#if this.isExpanded}}
-        <div class="my-component__body">
-          {{yield}}
-        </div>
+        <div class="my-component__body">{{yield}}</div>
       {{/if}}
     </div>
   </template>
 }
 ```
 
-### Template-only component (no JS needed)
+Template-only (no class needed):
 
 ```gjs
-// When a component is purely presentational — no class required
 <template>
   <div class="badge-card">
     <img src={{@badge.image_url}} alt={{@badge.name}} />
@@ -100,9 +85,9 @@ export default class MyComponent extends Component {
 </template>
 ```
 
-## apiInitializer: The Plugin Entry Point
+## apiInitializer
 
-Every plugin's JS starts here. One initializer file per plugin feature area.
+One initializer file per plugin feature area.
 
 ```javascript
 // assets/javascripts/discourse/initializers/my-plugin.js
@@ -111,17 +96,14 @@ import MyBanner from "../components/my-banner";
 import MyComponent from "../components/my-component";
 
 export default apiInitializer((api) => {
-  // Render into a plugin outlet
   api.renderInOutlet("discovery-list-container-top", MyBanner);
-
-  // shouldRender on the component class controls conditional rendering
   api.renderInOutlet("topic-above-post-stream", MyComponent);
 });
 ```
 
-## Plugin Outlets: Where to Inject Content
+## Plugin Outlets
 
-Plugin outlets are pre-defined hooks in Discourse's templates. Use `api.renderInOutlet` to inject at them.
+Inject at pre-defined template hooks via `api.renderInOutlet`.
 
 ```gjs
 // assets/javascripts/discourse/components/my-banner.gjs
@@ -131,21 +113,18 @@ import { service } from "@ember/service";
 export default class MyBanner extends Component {
   @service currentUser;
 
-  // Static method controls whether this component renders at all.
-  // outletArgs contains context from where the outlet sits in the DOM.
+  // Controls whether component renders. outletArgs = DOM context.
   static shouldRender(outletArgs, helper) {
     return helper.siteSettings.my_plugin_enabled && helper.currentUser;
   }
 
   <template>
-    <div class="my-banner">
-      Welcome, {{this.currentUser.username}}!
-    </div>
+    <div class="my-banner">Welcome, {{this.currentUser.username}}!</div>
   </template>
 }
 ```
 
-### Post stream outlets (Glimmer post stream — current)
+Post stream outlets (Glimmer post stream — current):
 
 ```gjs
 import Component from "@glimmer/component";
@@ -156,9 +135,8 @@ export default apiInitializer((api) => {
     "post-content-cooked-html",
     class extends Component {
       static shouldRender(args) {
-        return args.post.wiki;  // args.post is the current post model
+        return args.post.wiki;
       }
-
       <template>
         <div class="wiki-notice">This post is a wiki</div>
       </template>
@@ -167,18 +145,14 @@ export default apiInitializer((api) => {
 });
 ```
 
-### Finding outlet names
-
-Search Discourse core for `<PluginOutlet @name=`:
+Find outlet names:
 ```bash
 rg '<PluginOutlet @name=' app/assets/javascripts/discourse/
 ```
 
-Common outlets: `discovery-list-container-top`, `topic-above-post-stream`,
-`above-main-container`, `header-icons`, `user-profile-primary`,
-`post-content-cooked-html`, `after-topic-list-area`.
+Common outlets: `discovery-list-container-top`, `topic-above-post-stream`, `above-main-container`, `header-icons`, `user-profile-primary`, `post-content-cooked-html`, `after-topic-list-area`.
 
-## Glimmer Component Patterns
+## Component Patterns
 
 ### Args vs State
 
@@ -187,11 +161,9 @@ import Component from "@glimmer/component";
 import { tracked } from "@glimmer/tracking";
 
 export default class UserCard extends Component {
-  // @tracked — only for state THIS component owns and mutates
-  @tracked showDetails = false;
+  @tracked showDetails = false;  // component owns this
 
-  // Derived from args — a getter, never @tracked
-  get displayName() {
+  get displayName() {            // derived from args — never @tracked
     return this.args.user.name || this.args.user.username;
   }
 
@@ -202,29 +174,26 @@ export default class UserCard extends Component {
   <template>
     <div class="user-card {{if this.isStaff 'user-card--staff'}}">
       <h3>{{this.displayName}}</h3>
-      {{#if this.showDetails}}
-        <p>{{@user.bio_raw}}</p>
-      {{/if}}
+      {{#if this.showDetails}}<p>{{@user.bio_raw}}</p>{{/if}}
     </div>
   </template>
 }
 ```
 
-### Services — inject, don't import
+### Services
 
 ```gjs
 import Component from "@glimmer/component";
 import { service } from "@ember/service";
 
 export default class MyFeature extends Component {
-  // Common Discourse services
-  @service currentUser;       // logged-in user (null if anonymous)
-  @service siteSettings;      // site configuration
-  @service router;            // programmatic navigation
-  @service store;             // Ember Data store
-  @service session;           // session data
-  @service modal;             // open modals
-  @service toasts;            // toast notifications (Discourse 3.2+)
+  @service currentUser;   // logged-in user (null if anonymous)
+  @service siteSettings;  // site configuration
+  @service router;        // programmatic navigation
+  @service store;         // Ember Data store
+  @service session;       // session data
+  @service modal;         // open modals
+  @service toasts;        // toast notifications (Discourse 3.2+)
 
   get canUseFeature() {
     return this.currentUser?.trust_level >= 2
@@ -232,14 +201,12 @@ export default class MyFeature extends Component {
   }
 
   <template>
-    {{#if this.canUseFeature}}
-      ...
-    {{/if}}
+    {{#if this.canUseFeature}}...{{/if}}
   </template>
 }
 ```
 
-### Actions and events
+### Actions
 
 ```gjs
 import Component from "@glimmer/component";
@@ -250,43 +217,31 @@ export default class SearchBox extends Component {
   @tracked query = "";
   @tracked results = [];
 
-  @action
-  updateQuery(event) {
-    this.query = event.target.value;
-  }
+  @action updateQuery(event) { this.query = event.target.value; }
 
   @action
   async search() {
     if (!this.query.trim()) return;
-    // side effects belong in @action methods, not in getters or templates
     this.results = await this.args.onSearch(this.query);
   }
 
   <template>
-    <input
-      type="text"
-      value={{this.query}}
-      {{on "input" this.updateQuery}}
-    />
+    <input type="text" value={{this.query}} {{on "input" this.updateQuery}} />
     <button type="button" {{on "click" this.search}}>Search</button>
   </template>
 }
 ```
 
-## Admin UI Components
+## Admin UI
 
-Admin components live in the `admin/` asset tree and use the same Glimmer patterns.
+Admin components live in `admin/` asset tree, same Glimmer patterns.
 
 ```
 assets/javascripts/
-├── discourse/
-│   └── initializers/
-│       └── my-plugin.js          # user-facing outlets
+├── discourse/initializers/my-plugin.js
 └── admin/
-    ├── components/
-    │   └── my-plugin-admin.gjs   # admin panel component
-    └── routes/
-        └── admin-plugins-my-plugin.js
+    ├── components/my-plugin-admin.gjs
+    └── routes/admin-plugins-my-plugin.js
 ```
 
 ```gjs
@@ -302,7 +257,6 @@ import LoadingSpinner from "discourse/components/loading-spinner";
 
 export default class MyPluginAdmin extends Component {
   @service currentUser;
-
   @tracked stats = null;
   @tracked isLoading = false;
 
@@ -322,40 +276,33 @@ export default class MyPluginAdmin extends Component {
   <template>
     <div class="my-plugin-admin">
       <h2>My Plugin Admin</h2>
-
       {{#if this.isLoading}}
         <LoadingSpinner />
       {{else if this.stats}}
         <p>Total users: {{this.stats.total_users}}</p>
         <p>Pending: {{this.stats.pending}}</p>
       {{/if}}
-
-      <DButton
-        @action={{this.loadStats}}
-        @label="my_plugin.admin.load_stats"
-        @disabled={{this.isLoading}}
-      />
+      <DButton @action={{this.loadStats}} @label="my_plugin.admin.load_stats" @disabled={{this.isLoading}} />
     </div>
   </template>
 }
 ```
 
-## AJAX: Talking to the Plugin Backend
+## AJAX
+
+Always use `discourse/lib/ajax` — handles CSRF tokens, error formatting, session state automatically. Never use raw `fetch`.
 
 ```javascript
 import { ajax } from "discourse/lib/ajax";
 import { popupAjaxError } from "discourse/lib/ajax-error";
 
-// GET
 const data = await ajax("/my-plugin/endpoint.json");
 
-// POST — Discourse's ajax helper automatically includes the CSRF token
 const result = await ajax("/my-plugin/action", {
   type: "POST",
   data: { user_id: userId, value: someValue }
 });
 
-// Always handle errors with popupAjaxError for consistent UX
 try {
   await ajax("/my-plugin/action", { type: "DELETE" });
 } catch (e) {
@@ -363,134 +310,77 @@ try {
 }
 ```
 
-**Always use `discourse/lib/ajax`, never raw `fetch`.** The helper handles CSRF tokens, error formatting, and Discourse session state automatically.
-
-## Security in Ember
-
-### Client checks are UX only — backend enforces everything
-
-```javascript
-// Hiding/showing UI based on role is fine:
-get showAdminTools() {
-  return this.currentUser?.admin;
-}
-
-// But the BACKEND must enforce the same check on every request.
-// Client-side auth is trivially bypassed in browser devtools.
-// There is no such thing as client-side security.
-```
-
-### No raw HTML injection with user content
-
-```handlebars
-{{!-- Safe — Glimmer auto-escapes output --}}
-{{user.bio}}
-
-{{!-- Unsafe — raw output, skip escaping only for server-sanitized HTML --}}
-{{! avoid triple-mustache with user-supplied content }}
-
-{{!-- For server-sanitized post content, Discourse provides: --}}
-<div>{{html-safe post.cooked}}</div>
-```
-
-### Content Security Policy
+## Security
 
-Discourse enforces CSP strictly. These patterns will break or be blocked:
-- Inline `<script>` tags in plugin templates
-- Dynamic code evaluation (`eval`, dynamic code strings)
-- Modifying `innerHTML` directly — use Glimmer templates instead
-- Importing from external CDNs — bundle or use Discourse's asset pipeline
+- Client checks are UX only — backend enforces everything. Client-side auth is trivially bypassed.
+- No raw HTML with user content — Glimmer auto-escapes `{{user.bio}}`. Use `{{html-safe post.cooked}}` only for server-sanitized HTML.
+- CSP: no inline `<script>`, no `eval`, no `innerHTML`, no external CDN imports.
 
-## Deprecations to Actively Avoid
+## Deprecations
 
 ```javascript
-// DEPRECATED — old connector class pattern (shows deprecation warning)
-api.registerConnectorClass("outlet-name", "connector-name", {
-  setupComponent(args, component) { ... }
-});
+// DEPRECATED — connector class (shows deprecation warning)
+api.registerConnectorClass("outlet-name", "connector-name", { ... });
 
-// DEPRECATED — widget system (actively being removed in 2025/2026)
+// DEPRECATED — widget system (being removed 2025/2026)
 api.decorateWidget("post:after", (helper) => { ... });
 api.createWidget("my-widget", { ... });
 
-// DEPRECATED — raw handlebars files (.hbr, .raw.hbs)
-// Breaks with the Glimmer topic list (enabled by default 2025)
+// DEPRECATED — raw handlebars (.hbr, .raw.hbs) — breaks Glimmer topic list (default 2025)
 
-// DEPRECATED — classic component base class
-import Component from "@ember/component";  // use @glimmer/component instead
+// DEPRECATED — classic component
+import Component from "@ember/component";  // use @glimmer/component
 
-// DEPRECATED — Ember object mutation helpers
-this.set("myProp", value);  // use @tracked + direct assignment: this.myProp = value
-Ember.set(obj, "key", val); // same — direct assignment or @tracked
+// DEPRECATED — Ember object mutation
+this.set("myProp", value);   // use @tracked + direct assignment
+Ember.set(obj, "key", val);
 ```
 
-## File Naming and Location
+## File Naming
 
 ```
 assets/javascripts/discourse/
-├── initializers/
-│   └── my-plugin.js           # apiInitializer — one per feature area
-├── components/
-│   ├── my-feature.gjs         # kebab-case filenames
-│   └── my-other-thing.gjs
-└── lib/
-    └── my-utils.js            # pure helpers, no Ember dependency
+├── initializers/my-plugin.js       # apiInitializer — one per feature area
+├── components/my-feature.gjs       # kebab-case
+└── lib/my-utils.js                 # pure helpers, no Ember dependency
 
 assets/javascripts/admin/
-├── components/
-│   └── admin-my-plugin.gjs    # admin components prefix with "admin-"
-└── routes/
-    └── admin-plugins-my-plugin.js
+├── components/admin-my-plugin.gjs  # prefix admin components with "admin-"
+└── routes/admin-plugins-my-plugin.js
 ```
 
-## Practical Checklist
+## Checklist
 
-- [ ] Using `.gjs` (not `.hbs`/`.js` pairs) for new components
-- [ ] Entry point is `apiInitializer`, not a bare `withPluginApi` export
-- [ ] Plugin outlets via `api.renderInOutlet` — not `decorateWidget`
-- [ ] `@tracked` only for state the component owns — not derived values
-- [ ] Derived values are getters, not `@tracked` properties
-- [ ] Services injected via `@service` — not imported as singletons
-- [ ] AJAX via `discourse/lib/ajax` — not raw `fetch`
-- [ ] Errors handled with `popupAjaxError`
-- [ ] No raw HTML output with user-supplied content
-- [ ] Backend enforces all authorization — client checks are UI-only
+- [ ] `.gjs` (not `.hbs`/`.js` pairs) for new components
+- [ ] `apiInitializer` entry point, not bare `withPluginApi`
+- [ ] `api.renderInOutlet` — not `decorateWidget`
+- [ ] `@tracked` only for component-owned state, not derived values
+- [ ] Derived values are getters
+- [ ] Services via `@service` — not imported singletons
+- [ ] AJAX via `discourse/lib/ajax` — not `fetch`
+- [ ] Errors via `popupAjaxError`
+- [ ] No raw HTML with user-supplied content
+- [ ] Backend enforces all authorization
 
-## Quick Reference: Common Imports
+## Quick Reference: Imports
 
 ```javascript
-// Glimmer/Ember core
 import Component from "@glimmer/component";
 import { tracked } from "@glimmer/tracking";
 import { action } from "@ember/object";
 import { service } from "@ember/service";
-
-// Discourse plugin API
 import { apiInitializer } from "discourse/lib/api";
 import { ajax } from "discourse/lib/ajax";
 import { popupAjaxError } from "discourse/lib/ajax-error";
-
-// Discourse components
 import DButton from "discourse/components/d-button";
 import LoadingSpinner from "discourse/components/loading-spinner";
 import DModal from "discourse/components/d-modal";
-
-// i18n
-import { i18n } from "discourse-i18n";   // current (replaces the old I18n.t())
+import { i18n } from "discourse-i18n";  // replaces I18n.t()
 ```
 
-## When to Load Reference Files
-
-### Admin UI Patterns
-**File**: [`references/admin-ui.md`](references/admin-ui.md)
-**Load when**: Building admin routes, tables, forms, settings UI
-**Contains**: Full admin route + component example, admin table patterns, settings form
-
-### Plugin Outlet Reference
-**File**: [`references/outlets.md`](references/outlets.md)
-**Load when**: Need to find the right outlet or understand outletArgs context
-**Contains**: Common outlet names, outletArgs by context, shouldRender patterns
-
----
+## Reference Files
 
-**Evidence Base**: Discourse Developer Docs (2025), Discourse Meta dev posts (Glimmer post stream migration Q1 2025, topic list migration), Ember Octane Guides, Discourse CVE history.
+| File | Load when |
+|------|-----------|
+| [`references/admin-ui.md`](references/admin-ui.md) | Building admin routes, tables, forms, settings UI |
+| [`references/outlets.md`](references/outlets.md) | Finding outlet names, understanding outletArgs context |

package/plugins/ima-claude/skills/espocrm/SKILL.md

@@ -11,39 +11,30 @@ description: >-
 
 # EspoCRM - Skill Family Router
 
-Routes EspoCRM work to the right child skill based on intent.
-
-**Target version**: v9.x (9.0+)
-**Architecture**: Entity-based REST API, PHP backend, Backbone.js frontend
+**Target**: v9.x (9.0+) | **Architecture**: Entity-based REST API, PHP backend, Backbone.js frontend
 
 ## Decision Tree
 
 ```
 What are you doing with EspoCRM?
 ├── REST API calls (external integration)?
-│   → espocrm-api (primary) + php-fp or js-fp-api
-│   → Auth, CRUD, filtering, webhooks, mass ops
+│   → espocrm-api + php-fp or js-fp-api
 │
 ├── PHP extension development (hooks, services, custom entities)?
 │   → espocrm-extensions (Phase 2) + php-fp
-│   → ORM, hooks, services, DI, custom controllers, modules
 │
 ├── Frontend/UI customization (views, fields, layouts)?
 │   → espocrm-ui (Phase 3)
-│   → Backbone views, Espo.Ajax, Handlebars templates
 │
 └── Not sure / mixed?
-    → Start with espocrm-api for data access
-    → Route to extension/UI skill once scope is clear
+    → Start with espocrm-api, route to extension/UI once scope is clear
 ```
 
 ## Shared Context
 
-### Entity-Based Model
-EspoCRM organizes data as **Entity Types** (Account, Contact, Lead, Opportunity, custom types). Every entity type gets automatic REST endpoints. Custom entities created via Entity Manager are immediately API-accessible.
+Every Entity Type (Account, Contact, Lead, Opportunity, custom) gets automatic REST endpoints. Custom entities via Entity Manager are immediately API-accessible.
 
-### Salesforce Mental Model
-For developers familiar with Salesforce, this mapping accelerates onboarding:
+### Salesforce Mapping
 
 | Salesforce | EspoCRM |
 |---|---|
@@ -56,19 +47,19 @@ For developers familiar with Salesforce, this mapping accelerates onboarding:
 | LWC / Visualforce | Custom Views (JS, extending base views) |
 | Platform Events / CDC | Webhooks ({Entity}.create, .update, .delete) |
 | Bulk API 2.0 | No equivalent (loop individual calls or use Import) |
-| Governor Limits | None (self-hosted, you manage resources) |
+| Governor Limits | None (self-hosted) |
 | AppExchange | EspoCRM Extensions marketplace |
 
 ### Key Differences from Salesforce
-- **No SOQL** — queries use structured JSON WHERE filters (verbose but explicit)
-- **No Bulk API** — mass operations exist (massUpdate, massDelete) but no batch create
-- **No Composite API** — one request per operation
-- **No governor limits** — self-hosted, manage at server/proxy level
-- **Simpler auth** — API Key in one header vs. multi-step OAuth
-- **Metadata is JSON files** — no deployment steps, changes take effect on cache clear
 
-### Documentation Lookup
-Use Context7 for live EspoCRM docs: `resolve-library-id("espocrm")` resolves to `/espocrm/documentation`.
+- No SOQL — structured JSON WHERE filters
+- No Bulk API — mass ops (massUpdate, massDelete) but no batch create
+- No Composite API — one request per operation
+- No governor limits
+- Simpler auth — API Key in one header
+- Metadata is JSON files — changes take effect on cache clear
+
+**Docs**: Use Context7 `resolve-library-id("espocrm")` → `/espocrm/documentation`
 
 ## Child Skill Status