minutework 0.1.19 → 0.1.21

package/assets/claude-local/skills/vuilder-discovery-output-contract/SKILL.md

@@ -0,0 +1,136 @@
+---
+name: vuilder-discovery-output-contract
+description: "Constrain Vuilder discovery to AI-native service operations and MinuteWork-buildable delivery systems instead of generic startup ideas."
+---
+
+# Vuilder Discovery Output Contract
+
+Use this skill when Vuilder discovery is deciding what to propose from a user's
+profile, resume, pasted context, or refinement request.
+
+Discovery is pre-workspace. It must produce a buildable service direction that
+can flow into the paid Planning Blueprint and later Builder handoff. It must not
+pretend to create projects, runtimes, releases, packages, secrets, or live
+published surfaces.
+
+## Core Output
+
+Discovery cards are build cards, not founder idea cards.
+
+Each card must describe:
+
+- an AI-native service outcome the operator can credibly deliver
+- the buyer or internal team receiving that service outcome
+- evidence from the user's profile that makes the operator credible
+- the MinuteWork delivery system Builder can prepare
+- the first workflow the system should support
+- the runtime records, AI workers, Builder surfaces, and artifacts involved
+- capability gap candidates for unsupported substrate
+
+Discovery should ask:
+
+> What service outcome can this operator credibly deliver, and what
+> MinuteWork-supported system can Builder create to help deliver it?
+
+Do not ask:
+
+> What SaaS startup should this person found?
+
+## Builder Constraints
+
+- Compose shared MinuteWork substrate before bespoke code.
+- Treat the app pack as the shipped product unit.
+- Check shell fit first for member-facing collaboration and operator work.
+- Use `tenant-app` only for public surfaces or explicit standalone UI
+  exceptions after shell fit has been checked.
+- Use `sidecar` only for concrete backend/runtime responsibilities such as
+  webhooks, workers, schedulers, external sync, or Python-heavy compute.
+- Reuse runtime AI for drafting/generation before proposing bespoke provider
+  calls in `tenant-app` or `sidecar`.
+- Per-customer deliverables should come from runtime data/content/workflows, not
+  fresh Builder/codegen work for each customer.
+- Unsupported substrate becomes a capability gap candidate, not a polished
+  promise.
+
+## Banned Framing
+
+Do not make these the primary discovery output:
+
+- generic SaaS ideas
+- founder coaching
+- TAM-first or ARR-first startup cards
+- broad knowledge-management products without a specific service workflow
+- unsupported "Builder can build anything" claims
+
+Service packaging, pricing, market notes, or revenue hypotheses may appear as
+secondary context only after the service outcome and buildable system are clear.
+
+## Discovery Tool Use
+
+The discovery agent may use read-only evaluation and research tools to sharpen
+cards before it saves proposal fields:
+
+- `extract_workflows_from_context` for repeatable work, bottlenecks, buyers, and
+  AI workforce jobs already implied by the user's context.
+- `search_industry_examples` for curated MinuteWork service-business patterns.
+  This is not open web search.
+- `estimate_market_pricing` for bounded pilot and retainer ranges with explicit
+  assumptions and uncertainty.
+- `score_service_card_fit` for use-it-first fit, sell-it-back potential, buyer
+  urgency, founder advantage, implementation difficulty, and jargon risk.
+- `rewrite_card_for_plain_language` for advisory rewrites of user-facing fields.
+- `validate_discovery_proposal` before saving or marking a proposal ready.
+- `research_unknown_entity` only as a confidence-gated fallback for an obscure
+  company, product, acronym, vendor, or niche workflow already present in the
+  resume, pasted context, or user message.
+
+Do not use web research for well-known entities or general concepts the model
+already understands, such as ADP, Workday, Fidelity, COBRA, or 401k, unless the
+user explicitly asks for current/recent information. Web results are cited
+context evidence, not authority for market-size or revenue claims.
+
+## Required Build Card Fields
+
+Use the `DiscoveryBuildCardV1` shape:
+
+- `id`
+- `plain_title`
+- `plain_summary`
+- `work_you_already_do`
+- `ai_workforce_summary`
+- `use_it_first`
+- `sell_it_back`
+- `first_pilot`
+- `market_size_estimate`
+- `yearly_revenue_potential`
+- `pilot_pricing`
+- `why_you_can_win`
+- `who_it_helps`
+- `what_minutework_helps_with`
+- `service_outcome`
+- `buyer`
+- `operator_fit_summary`
+- `evidence_from_profile`
+- `minute_work_build`
+- `builder_surfaces`
+- `shell_fit`
+- `shell_surface`
+- `standalone_ui_exception_reason`
+- `first_workflow`
+- `runtime_records`
+- `ai_workforce`
+- `expected_artifact_graph`
+- `required_capabilities`
+- `capability_gap_candidates`
+- `paid_blueprint_will_create`
+- optional `service_packaging`
+
+Plain-language fields are user-facing. They must express MinuteWork's loop:
+build the AI workforce from work the operator already does, use it first under
+their own judgment, then sell it back to their industry. Do not expose Builder
+jargon such as app pack, schemas, runtime records, right rail, runtime agent seed,
+or capability gaps in those fields.
+
+Capability gap candidates use the same layer vocabulary as
+`MinuteWorkCapabilityGapReportV1`, but they are not the workspace gap report.
+The actual gap report is created later inside the generated Builder workspace.

package/assets/claude-local/skills/vuilder-public-site-authoring/SKILL.md

@@ -0,0 +1,76 @@
+---
+name: vuilder-public-site-authoring
+description: "Vuilder-owned public websites, public-dj CMS manifests, vuilder-public-site template work, or customer onboarding from a Vuilder vertical site."
+---
+
+# Vuilder Public Site Authoring
+
+Use this skill when the request touches a Vuilder-owned public website,
+`vuilder-public-site`, public-dj CMS content, or customer signup through a
+Vuilder vertical.
+
+## System Boundary
+
+- Vuilder public sites are authored in a Vuilder builder/operator workspace.
+- Generated React, Next.js, route, component, and styling code belongs in the
+  workspace/template source tree, not in public-dj database rows.
+- public-dj is the CMS and revision store for Vuilder-owned public content:
+  pages, blog posts, onboarding flow content, navigation, brand profile, media,
+  theme tokens, and approved package/install metadata.
+- Platform owns `PublishedWebProperty`, `SiteRelease`, domains, hosted
+  deployment receipts, onboarding intents, billing disposition, and runtime
+  provisioning.
+- Tenant/customer runtime content after customer provisioning remains
+  runtime-canonical through `mw.core.site` and app-pack data.
+
+## Template Contract
+
+- Use `runtime/builder/templates/vuilder-public-site` for Vuilder-owned landing,
+  blog, public onboarding, and other public marketing routes.
+- The template reads public-dj through a server-only CMS adapter.
+- Expected release env includes `MW_PUBLIC_DJ_BASE_URL`,
+  `MW_PUBLIC_CONTENT_REF`, `MW_PUBLIC_CONTENT_DIGEST`, and
+  `MW_PUBLIC_DJ_READ_TOKEN`.
+- Resolve CMS data by immutable `content_ref + digest`; do not render live
+  public pages from mutable drafts.
+- The template may be released as `static_export` or `ssr_container` behind the
+  hosted deployment provider abstraction.
+
+## Onboarding Intent Rules
+
+- Vuilder authoring signup uses `vuilder_authoring`: create workspace/profile,
+  no runtime VM.
+- Vuilder upgrade uses `vuilder_operator_runtime`: provision the Vuilder's own
+  builder/operator VM and materialize the public-site template.
+- Customer signup through the Vuilder site uses `customer_vertical_signup`:
+  provision the customer's tenant runtime and install the approved vertical
+  package.
+- The public-site BFF creates customer onboarding intents from server-pinned
+  release context: property/release refs, manifest ref/digest, package
+  ref/digest, onboarding flow ref/digest, and Vuilder workspace context.
+- Browser intake answers are untrusted input. Browsers must not author package
+  refs, manifest refs, provisioning kind, or workspace identity.
+
+## Release Rules
+
+- Platform `SiteRelease.content_source` should be `shared_public_content` for a
+  Vuilder public site.
+- `shared_public_content_ref` and `shared_public_content_digest` point to the
+  public-dj `PublicSiteManifestRevision`.
+- Live activation remains a platform/manual approval action using approved
+  public content and package refs.
+- Public-dj may store markdown/content/media/theme revisions; it must not store
+  or execute generated React component code as database content.
+
+## Hard Rules
+
+- Do not use tenant `/w/*`, `/app`, or the universal tenant shell in
+  `vuilder-public-site`.
+- Do not use runtime `mw.core.site` as the CMS for Vuilder-owned public
+  websites.
+- Do not infer provisioning behavior from browser labels, hostnames, or query
+  params; use platform-owned onboarding intents.
+- Do not expose platform credentials, public-dj tokens, package refs, or
+  OpenRouter/provider keys to browser bundles.
+- Do not let public-dj execute tenant runtime code or import runtime Django
+  apps for public-site rendering.

package/assets/templates/fastapi-sidecar/README.md

@@ -1,6 +1,12 @@
 # FastAPI Sidecar Template
 
-This directory is the canonical internal FastAPI sidecar scaffold for Builder. Builder will later materialize this bundle into `BuilderWorkspace.sandbox_root/sidecar/` and edit only that workspace copy.
+This directory is the canonical internal FastAPI sidecar scaffold for Builder.
+Builder will later materialize this bundle into
+`BuilderWorkspace.sandbox_root/sidecar/` and edit only that workspace copy.
+
+On managed tenant VMs, `BuilderWorkspace.sandbox_root` normally lives under
+`/srv/minutework/workspaces/<workspace_id>/`, so the Builder-edited sidecar copy
+is typically `/srv/minutework/workspaces/<workspace_id>/sidecar/`.
 
 `seed_source` intentionally points back to this directory because the canonical bundle itself is the v1 source of truth. There is no separate `apps/*` seed app for this template.
 

package/assets/templates/fastapi-sidecar/template.schema.json

@@ -25,14 +25,16 @@
       "enum": [
         "sidecar_nextjs_private",
         "sidecar_fastapi_internal",
-        "combined_web"
+        "combined_web",
+        "public_site"
       ]
     },
     "template_profile": {
       "type": "string",
       "enum": [
         "platform_session_bff",
-        "bridge_internal"
+        "bridge_internal",
+        "public_dj_cms"
       ]
     },
     "template_version": {

package/assets/templates/mobile-app/.env.example

@@ -0,0 +1,16 @@
+# DEVELOPER-OWNED — replace freely. Only src/mw/ is MinuteWork substrate.
+#
+# Copy this file to `.env` and set the values for your environment.
+#
+# Only EXPO_PUBLIC_* variables are exposed to the app bundle. They are NOT
+# secret — anyone with the app binary can read them. Put only non-secret config
+# here. Never add API keys, client secrets, or tokens as EXPO_PUBLIC_* values;
+# the platform issues short-lived bearer tokens at runtime via the native
+# device flow.
+
+# Base URL of the MinuteWork platform this app talks to directly
+# (e.g. https://platform.minutework.dev). The app calls /api/v1/native/... here.
+EXPO_PUBLIC_MW_PLATFORM_BASE_URL=https://<your-platform-base-url>
+
+# Optional display name shown in the UI. Defaults to "MinuteWork".
+# EXPO_PUBLIC_MW_APP_NAME=MinuteWork

package/assets/templates/mobile-app/AGENTS.md

@@ -0,0 +1,44 @@
+# AGENTS.md — mobile-app starter
+
+You are working in a **bring-your-own-UI Expo (React Native + Expo Router)**
+app. **You own all UI/UX.** The only MinuteWork-managed code is the thin
+substrate under `src/mw/`.
+
+## The one rule
+
+**Only `src/mw/` is MinuteWork substrate.** Build your product in `app/` and your
+own components/modules. Do not move product logic into `src/mw/`, and do not
+build a parallel/local auth stack — the platform owns identity. The mobile app
+is a **direct platform native API client** (bearer token to `/api/v1/native/...`),
+**not** a `tenant-app` BFF cookie client and **not** a `sidecar`.
+
+## Use your IDE's Expo skills
+
+For the native craft (UI, data, build/release), lean on your local IDE skills:
+
+- `building-native-ui` — Expo Router UI, styling, navigation, animations
+- `native-data-fetching` — fetch/React Query/SWR, caching, offline, loaders
+- `expo-deployment` — App Store / Play Store / EAS distribution
+- `expo-dev-client` — custom dev client (needed for the browser-assisted auth flow)
+- `expo-tailwind-setup` — NativeWind/Tailwind if you want utility styling
+- `push-notification-setup` — APNs/FCM push
+- `upgrading-expo` — SDK upgrades and dependency fixes
+- `expo-cicd-workflows` — EAS build/deploy pipelines (`.eas/workflows/`)
+
+## MinuteWork integration shape
+
+For how this app fits the platform (the standalone-client exception, the native
+session token, and the device flow), read the Builder skill
+**`standalone-mobile-client`** (in the Builder bundle) and the auth contract
+`reference/mwv3-dj6-docs/auth_and_credential_contract.md` (Rule 7: non-browser
+clients mint explicit scoped tokens after browser-assisted login / a device
+flow).
+
+## Status
+
+`src/mw/client.ts` and `src/mw/session.ts` are **implemented**: a real
+browser-assisted PKCE device flow against the platform native session endpoints
+(`/api/v1/native/session/*`), with tokens persisted in the device keychain via
+`expo-secure-store`. Wire your UI against the documented client methods
+(`authorize` -> `exchange`, `loadSession`, `logout`). Set `app.json` `expo.scheme`
+to your own unique scheme — that is the OAuth-style redirect target.

package/assets/templates/mobile-app/README.md

@@ -0,0 +1,123 @@
+# Mobile App Starter (Expo, bring-your-own-UI)
+
+A minimal **Expo (React Native + Expo Router)** starter for building a native
+MinuteWork client. **You own all of the UI/UX.** The only MinuteWork-managed
+code is the thin substrate under `src/mw/`. Everything else in this template is
+a deliberately plain placeholder meant to be replaced.
+
+There is **no MinuteWork design system here** — bring your own. Style with
+whatever you like (plain `StyleSheet`, NativeWind/Tailwind, Tamagui, etc.). The
+plain screens use `StyleSheet` only so there is nothing to rip out.
+
+## What's substrate vs. yours
+
+| Path | Owner | Notes |
+| --- | --- | --- |
+| `src/mw/env.ts` | **MinuteWork substrate** | Validates `EXPO_PUBLIC_MW_PLATFORM_BASE_URL` (+ optional app name) |
+| `src/mw/endpoints.ts` | **MinuteWork substrate** | Builds platform `/api/v1/native/...` URLs |
+| `src/mw/contracts.ts` | **MinuteWork substrate** | Zod schemas for native session + token payloads |
+| `src/mw/client.ts` | **MinuteWork substrate** | Native token client — real browser-assisted PKCE device flow |
+| `src/mw/session.ts` | **MinuteWork substrate** | Secure-store token wrapper (`expo-secure-store`) |
+| `tools/template/` | **MinuteWork substrate** | Template-governance tooling, not shipped app code |
+| `app/**` | **You** | Expo Router screens — replace freely |
+| `package.json`, `app.json`, `eas.json` | **You** | App config — replace freely |
+| `tsconfig.json`, `babel.config.js`, `metro.config.js` | **You** | Tooling config — replace freely |
+
+Rule of thumb: **only `src/mw/` is MinuteWork substrate.** If you find yourself
+editing `src/mw/` to add product behavior, that behavior probably belongs in
+your own `app/` / components instead.
+
+## Auth model (read this)
+
+This app authenticates as a **direct platform native client**:
+
+- The platform issues a **bearer token** to the device through a
+  **browser-assisted PKCE device flow**: `GET /api/v1/native/session/authorize/`
+  (with a PKCE `code_challenge`) opens in a system browser; after login/consent
+  the platform redirects back with a one-time `code`, which you exchange at
+  `POST /api/v1/native/session/token-exchange/` (with the PKCE `code_verifier`)
+  for an `{access, refresh, expires_at}` pair, then store in the device keychain
+  via `expo-secure-store`.
+- The app then calls the platform **directly** (e.g.
+  `GET /api/v1/native/session/me/` or `.../context/`) with
+  `Authorization: Bearer <access>`, and on `401` mints a fresh pair at
+  `POST /api/v1/native/session/refresh/` (rotating — persist the new pair) before
+  retrying. `POST /api/v1/native/session/logout/` revokes the token family.
+
+This is **NOT** the Next.js `tenant-app` model. The tenant-app uses a
+server-owned **BFF session cookie** (`platform_session_bff`) because a browser
+can't safely hold tokens. A native app has secure device storage and no
+per-app server in front of it, so it talks to the platform API directly with a
+token instead of a cookie. **Do not** try to reuse the BFF cookie path here, and
+**do not** build a parallel/local auth stack (no JWT minting, no local user
+table) — the platform owns identity.
+
+The token is bound to a single tenant + membership, and that binding **is**
+enforced. The optional `audience` and `device_id` fields are **informational
+only**: the platform carries them through the flow but does **not** validate or
+compare them, so do not rely on them as a security boundary.
+
+### The auth client is real — configure your redirect scheme
+
+`src/mw/client.ts` and `src/mw/session.ts` are **implemented**. The client:
+
+- generates a PKCE `code_verifier` + S256 `code_challenge` (`expo-crypto`),
+- opens the platform `authorize` URL in a system browser
+  (`expo-web-browser`'s `openAuthSessionAsync`) with an anti-forgery `state`,
+- captures the returned one-time `code` from the deep-link redirect, exchanges
+  it (plus the `code_verifier`) for a token pair, and stores it in the device
+  keychain (`expo-secure-store`),
+- sends `Authorization: Bearer <access>` on every platform call and
+  auto-refreshes once on a `401`, and
+- revokes + clears local storage on `logout()`.
+
+The redirect target is your app's deep-link scheme. The starter ships
+`"scheme": "mobileapp"` in `app.json`, so the redirect is
+`mobileapp://auth/native-callback` (built at runtime via `expo-linking`'s
+`createURL`). **Set `app.json` `expo.scheme` to your own unique scheme** before
+shipping; the client follows whatever you configure, and a unique scheme avoids
+collisions with other apps that could intercept the callback. The browser-based
+flow needs a custom dev client (not stock Expo Go) — see the `expo-dev-client`
+IDE skill.
+
+The full flow is documented in the doc-comment at the top of `src/mw/client.ts`.
+
+## Environment
+
+Copy `.env.example` to `.env` and set:
+
+```
+EXPO_PUBLIC_MW_PLATFORM_BASE_URL=https://<your-platform-base-url>
+```
+
+Only `EXPO_PUBLIC_*` variables are bundled into the app, and they are **not
+secret** — never put keys/tokens in them. `src/mw/env.ts` validates this value
+at startup with zod and fails fast if it's missing or not a URL.
+
+## Running locally
+
+```
+npm install        # or pnpm/yarn/bun
+npm run start       # Expo dev server (then press i / a, or scan with Expo Go)
+npm run ios
+npm run android
+npm run typecheck   # tsc --noEmit
+```
+
+The native auth flow opens a system browser, which needs a custom dev client
+rather than stock Expo Go; see the `expo-dev-client` IDE skill.
+
+## Distribution
+
+**Distribution is your EAS pipeline, not `minutework deploy`.** This starter is
+not a hosted web/sidecar deployable; it produces native binaries. Build and ship
+with EAS (`eas build`, `eas submit`, EAS Update). `eas.json` ships minimal
+`preview` and `production` profiles to start from. See the `expo-deployment` and
+`expo-cicd-workflows` IDE skills.
+
+## Template manifest
+
+`template.json` declares `template_kind: "mobile-app"` and `deployable: false`.
+Because mobile is not a web/sidecar deployable, it is validated by
+`tools/template/validate-template.mjs` (run `node tools/template/validate-template.mjs`),
+**not** the strict shared `runtime/builder/templates/template.schema.json`.

package/assets/templates/mobile-app/app/(app)/_layout.tsx

@@ -0,0 +1,10 @@
+// DEVELOPER-OWNED — replace freely. Only src/mw/ is MinuteWork substrate.
+//
+// Authed area layout. This is where you'd guard on a loaded MinuteWork session
+// (via `mwClient.loadSession()`) and redirect to /(auth)/login when there is no
+// valid token. Left as a plain Stack so you can build your own gating/UX.
+import { Stack } from "expo-router";
+
+export default function AppLayout() {
+  return <Stack screenOptions={{ headerShown: false }} />;
+}

package/assets/templates/mobile-app/app/(app)/index.tsx

@@ -0,0 +1,72 @@
+// DEVELOPER-OWNED — replace freely. Only src/mw/ is MinuteWork substrate.
+//
+// Trivial authed screen. Replace with your real product home. Build your data
+// fetching against the platform native API using the bearer token from
+// `src/mw/` (see the `native-data-fetching` IDE skill).
+import { Pressable, StyleSheet, Text, View } from "react-native";
+import { router } from "expo-router";
+
+import { mwClient } from "@/mw/client";
+
+export default function HomeScreen() {
+  async function onSignOut() {
+    try {
+      await mwClient.logout();
+    } finally {
+      router.replace("/(auth)/login");
+    }
+  }
+
+  return (
+    <View style={styles.container}>
+      <Text style={styles.title}>You are in.</Text>
+      <Text style={styles.body}>
+        Replace this screen with your product. Only `src/mw/` is MinuteWork
+        substrate — everything else is yours.
+      </Text>
+
+      <Pressable
+        accessibilityRole="button"
+        onPress={onSignOut}
+        style={({ pressed }) => [styles.button, pressed && styles.buttonPressed]}
+      >
+        <Text style={styles.buttonText}>Sign out</Text>
+      </Pressable>
+    </View>
+  );
+}
+
+const styles = StyleSheet.create({
+  container: {
+    flex: 1,
+    alignItems: "center",
+    justifyContent: "center",
+    padding: 24,
+    gap: 12,
+  },
+  title: {
+    fontSize: 24,
+    fontWeight: "700",
+  },
+  body: {
+    fontSize: 15,
+    opacity: 0.7,
+    textAlign: "center",
+  },
+  button: {
+    marginTop: 16,
+    paddingVertical: 12,
+    paddingHorizontal: 20,
+    borderRadius: 10,
+    borderWidth: 1,
+    borderColor: "#111827",
+  },
+  buttonPressed: {
+    opacity: 0.6,
+  },
+  buttonText: {
+    fontSize: 15,
+    fontWeight: "600",
+    color: "#111827",
+  },
+});

package/assets/templates/mobile-app/app/(auth)/login.tsx

@@ -0,0 +1,91 @@
+// DEVELOPER-OWNED — replace freely. Only src/mw/ is MinuteWork substrate.
+//
+// This screen is intentionally plain and is meant to be REWRITTEN. It exists to
+// show the one integration seam you care about: kicking off MinuteWork's
+// browser-assisted native sign-in through `src/mw/client.ts`.
+//
+// Pressing "Sign in" runs the real device flow: authorize in a system browser ->
+// exchange the returned code for a platform bearer token pair -> route into the
+// authed stack. Wire your own UI/UX around this call.
+import { useState } from "react";
+import { Alert, Pressable, StyleSheet, Text, View } from "react-native";
+import { router } from "expo-router";
+
+import { mwClient } from "@/mw/client";
+import { mwEnv } from "@/mw/env";
+
+export default function LoginScreen() {
+  const [busy, setBusy] = useState(false);
+
+  async function onSignIn() {
+    setBusy(true);
+    try {
+      // Device flow: authorize (browser) -> exchange code+verifier for tokens
+      // (stored in the keychain by the client), then route into the authed stack.
+      const { code, codeVerifier, redirectUri } = await mwClient.authorize();
+      await mwClient.exchange(code, codeVerifier, redirectUri);
+      router.replace("/(app)");
+    } catch (error) {
+      Alert.alert(
+        "Sign in unavailable",
+        error instanceof Error ? error.message : "Unknown error",
+      );
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  return (
+    <View style={styles.container}>
+      <Text style={styles.title}>{mwEnv.appName}</Text>
+      <Text style={styles.subtitle}>Sign in to continue</Text>
+
+      <Pressable
+        accessibilityRole="button"
+        disabled={busy}
+        onPress={onSignIn}
+        style={({ pressed }) => [
+          styles.button,
+          (pressed || busy) && styles.buttonPressed,
+        ]}
+      >
+        <Text style={styles.buttonText}>
+          {busy ? "Opening sign in…" : "Sign in with MinuteWork"}
+        </Text>
+      </Pressable>
+    </View>
+  );
+}
+
+const styles = StyleSheet.create({
+  container: {
+    flex: 1,
+    alignItems: "center",
+    justifyContent: "center",
+    padding: 24,
+    gap: 12,
+  },
+  title: {
+    fontSize: 28,
+    fontWeight: "700",
+  },
+  subtitle: {
+    fontSize: 16,
+    opacity: 0.7,
+    marginBottom: 12,
+  },
+  button: {
+    backgroundColor: "#111827",
+    paddingVertical: 14,
+    paddingHorizontal: 24,
+    borderRadius: 10,
+  },
+  buttonPressed: {
+    opacity: 0.6,
+  },
+  buttonText: {
+    color: "#ffffff",
+    fontSize: 16,
+    fontWeight: "600",
+  },
+});

package/assets/templates/mobile-app/app/_layout.tsx

@@ -0,0 +1,15 @@
+// DEVELOPER-OWNED — replace freely. Only src/mw/ is MinuteWork substrate.
+import { Stack } from "expo-router";
+import { StatusBar } from "expo-status-bar";
+
+export default function RootLayout() {
+  return (
+    <>
+      <Stack screenOptions={{ headerShown: false }}>
+        <Stack.Screen name="(auth)/login" />
+        <Stack.Screen name="(app)" />
+      </Stack>
+      <StatusBar style="auto" />
+    </>
+  );
+}

package/assets/templates/mobile-app/app.json

@@ -0,0 +1,31 @@
+{
+  "//": "DEVELOPER-OWNED — replace freely. Only src/mw/ is MinuteWork substrate.",
+  "//scheme": "expo.scheme is the OAuth-style redirect target for the native auth device flow (src/mw/client.ts builds <scheme>://auth/native-callback). Set a unique scheme before shipping.",
+  "expo": {
+    "name": "mobile-app",
+    "slug": "mobile-app",
+    "scheme": "mobileapp",
+    "version": "0.1.0",
+    "orientation": "portrait",
+    "userInterfaceStyle": "automatic",
+    "newArchEnabled": true,
+    "ios": {
+      "supportsTablet": true,
+      "bundleIdentifier": "com.example.mobileapp"
+    },
+    "android": {
+      "package": "com.example.mobileapp"
+    },
+    "web": {
+      "bundler": "metro",
+      "output": "static"
+    },
+    "plugins": [
+      "expo-router",
+      "expo-secure-store"
+    ],
+    "experiments": {
+      "typedRoutes": true
+    }
+  }
+}

package/assets/templates/mobile-app/babel.config.js

@@ -0,0 +1,7 @@
+// DEVELOPER-OWNED — replace freely. Only src/mw/ is MinuteWork substrate.
+module.exports = function (api) {
+  api.cache(true);
+  return {
+    presets: ["babel-preset-expo"],
+  };
+};