minutework 0.1.40 → 0.1.41

package/EXTERNAL_ALPHA.md

@@ -19,6 +19,12 @@ The shipped `tenant-app` starter is the combined web surface: public routes at
 the root, a private `/app` workspace, and a MinuteWork-managed public-content
 path over the runtime-baseline `mw.core.site` contract.
 
+Vuilder authoring workspaces can scaffold `vuilder-app` plus `vuilder-shell`.
+`vuilder-app` is the public acquisition/onboarding site and `vuilder-shell` is
+the branded customer tenant shell. The customer signup path remains
+server-authoritative: central SSO and the platform `customer_vertical_signup`
+intent decide provisioning and app-pack install metadata.
+
 ### Developer-local broker lane
 
 Use `minutework session` when you want MinuteWork to assemble the workspace
@@ -103,10 +109,20 @@ React Native client that authenticates directly against the platform with the
 native session-token flow; it is distributed through EAS/App Store/Play Store
 instead of `minutework deploy`.
 
+For Vuilder verticals, scaffold both Vuilder starters:
+
+```bash
+npx minutework init my-vertical --starter vuilder-app --starter vuilder-shell
+```
+
+The Vuilder shell can customize tenant UX and routes such as
+`/w/[workspace_slug]` and `/w/[workspace_slug]/connect`; it does not own central
+identity, runtime provisioning, app-pack install authority, or billing policy.
+
 Anything outside these lanes remains deferred, including `--live`,
 runtime-backed deploy targets, and additional local coding engines.
 
-If you run `minutework init` **without** `--starter` in an interactive terminal, the CLI prompts for tenant-app, sidecar, mobile, common combinations, or base-only. In CI or scripts, use `--starter` or set `MW_CLI_NONINTERACTIVE=1` to skip the prompt (base-only scaffold).
+If you run `minutework init` **without** `--starter` in an interactive terminal, the CLI prompts for tenant-app, Vuilder app/shell, sidecar, mobile, common combinations, or base-only. In CI or scripts, use `--starter` or set `MW_CLI_NONINTERACTIVE=1` to skip the prompt (base-only scaffold).
 
 ## What `link` does
 

package/README.md

@@ -8,7 +8,10 @@ The npm package and primary command are `minutework`. The `pandawork` command re
 
 The current external alpha is intentionally narrow:
 
-- Starters: `tenant-app` (the deployable web surface), `sidecar` (local/internal runtime surface), and `mobile` (init-only native client)
+- Starters: `tenant-app` (combined public/private web surface), `vuilder-app`
+  plus `vuilder-shell` (Vuilder public site plus branded customer shell),
+  `sidecar` (local/internal runtime surface), and `mobile` (init-only native
+  client)
 - Developer-local broker surface: `minutework session start|resume|status`
 - Hosted release class: `ssr_container`
 - Deploy surface: `minutework deploy --preview`
@@ -22,6 +25,12 @@ The shipped `tenant-app` starter is the combined web surface: public routes at
 the root plus a private `/app` workspace. Public-site content follows the
 MinuteWork-managed `mw.core.site` baseline and published-snapshot flow.
 
+For Vuilder verticals, scaffold `vuilder-app` and `vuilder-shell` together.
+`vuilder-app` is the public landing/blog/onboarding site; `vuilder-shell` is the
+branded customer tenant shell opened after central SSO and platform-owned
+`customer_vertical_signup` completion. Browser intake never chooses package
+refs, manifest refs, runtime provider, billing policy, or provisioning kind.
+
 The CLI fails closed when the backend cannot provide typed release metadata, deploy status, receipts, activation state, or rollback state. It does not claim a successful deploy when the provider substrate is unavailable.
 
 ## Install
@@ -65,6 +74,17 @@ keychain), not the `tenant-app` BFF cookie path. There is no `link`/`deploy`
 lane for it — distribution is your own EAS pipeline (`eas build`/`eas submit`,
 EAS Update), not `minutework deploy`.
 
+For a first-class Vuilder workspace, scaffold both web starters:
+
+```bash
+npx minutework init fleet-template --starter vuilder-app --starter vuilder-shell
+```
+
+The Vuilder public site redirects onboarding into central SSO. The approved
+app-pack marketplace coordinate is emitted by `minutework publish` and consumed
+by the platform customer-signup intent; the Vuilder shell customizes tenant UX,
+not platform identity/provisioning authority.
+
 ### Developer-local broker lane
 
 Use this lane when you want MinuteWork to assemble a bounded workspace context,

package/assets/claude-local/skills/README.md

@@ -15,6 +15,8 @@ receive:
 
 - Builder should compose shared substrate before generating bespoke tenant code
 - `tenant-app` is the combined public plus private web starter
+- `vuilder-app` plus `vuilder-shell` are the default first-class Vuilder
+  workspace web starters around app-pack source
 - `tenant-app` auth/data uses `@minutework/web-auth` and thin `src/mw/`
   substrate, not per-app auth/gateway BFF routes
 - `tenant-app` uses cookie-backed `signUp` / `signInWithPassword` aliases and
@@ -25,6 +27,8 @@ receive:
 - tenant public authoring is runtime/CMS-backed through `mw.core.site`
 - Vuilder-owned public sites use `vuilder-public-site` and public-dj CMS
   manifests
+- Vuilder workspace tasks should load `vuilder-workspace-architecture` before
+  the public-site, shell, or app-pack task skill
 - anonymous live delivery should prefer published snapshots
 - AI drafting/generation should reuse existing runtime AI capability before new
   model/provider integrations
@@ -43,6 +47,7 @@ Generated-workspace-first guidance should live here, especially:
 
 - `project-overview-and-strategy/SKILL.md`
 - `generated-workspace-architecture/SKILL.md`
+- `vuilder-workspace-architecture/SKILL.md`
 - `vuilder-public-site-authoring/SKILL.md`
 - `workspace-guidance-refresh/SKILL.md`
 - `shell-architecture/SKILL.md`

package/assets/claude-local/skills/app-pack-authoring/SKILL.md

@@ -10,6 +10,21 @@ An `app pack` is the shipped product unit.
 - Compose shared MinuteWork substrate first: baseline capabilities, runtime
   primitives, reviewed capability skills, app packs, overlays, and hosted
   publication flows.
+- In a Vuilder workspace, app-pack source is the reusable vertical product that
+  customer runtimes receive after `customer_vertical_signup`. The public
+  `vuilder-app` and branded `vuilder-shell` are web surfaces around that pack;
+  they are not substitutes for the installable app-pack contract.
+- `vuilder-shell` is a platform member shell reached after central SSO and
+  app-pack install gating. It uses shell-origin state plus a one-use handoff
+  code exchange to obtain a tenant-bound shell token resolved by the platform
+  shell-context endpoint. Do not reuse the `tenant-app` `@minutework/web-auth`
+  customer-session profile for it, forward raw platform session/CSRF cookies,
+  or add a local password-login BFF.
+- Vuilder publish must produce the marketplace coordinate consumed by customer
+  signup:
+  `core:app_pack_catalog:<publisherTenantId>:<appId>:<appVersion>`. The
+  public-site manifest/release context pins that coordinate and digest; browser
+  code must not invent or modify it.
 - Templates are governed starters, not the full limit of what Builder may use.
 - Builder may adopt open-source libraries, frameworks, and products inside the
   sandbox when that reduces bespoke code and still preserves the MinuteWork

package/assets/claude-local/skills/generated-workspace-architecture/SKILL.md

@@ -19,8 +19,9 @@ the monorepo or a live tenant runtime.
   - app packs
   - skills
   - tenant overlays
-- `tenant-app`, optional `sidecar`, and the optional `mobile` starter are
-  implementation surfaces inside the tenant product, not the whole architecture.
+- `tenant-app`, `vuilder-app`, `vuilder-shell`, optional `sidecar`, and the
+  optional `mobile` starter are implementation surfaces inside the generated
+  workspace, not the whole architecture.
 - `tenant-app` is the combined public plus private web starter.
 - In `tenant-app`, keep MinuteWork web auth/data access inside the thin
   `src/mw/` substrate and `@minutework/web-auth`. Product UI may call that
@@ -61,12 +62,26 @@ the monorepo or a live tenant runtime.
   same-named method to return tokens.
 - If the `mobile` starter is enabled (`starters.mobile.enabled`), read
   `standalone-mobile-client/SKILL.md` before proposing the mobile surface.
-- `vuilder-public-site` is a Vuilder-owned public-site authoring workspace for
-  landing, blog, and onboarding routes backed by public-dj CMS manifests.
-- If `template_kind` is `vuilder-public-site`, or the workspace profile says
-  `public_dj_cms`, read `vuilder-public-site-authoring/SKILL.md`.
-- `vuilder-public-site` does not own tenant `/app`, `/w/*`, or runtime
-  `mw.core.site`; it renders public-dj content pinned by manifest ref/digest.
+- A first-class Vuilder workspace defaults to `vuilder-app`, `vuilder-shell`,
+  app-pack source, and optional `sidecar` / `mobile` starters when selected.
+  FleetRun is an example vertical, not a hardcoded product.
+- If the workspace has `starters.vuilderApp.enabled`,
+  `starters.vuilderShell.enabled`, `vuilder-app/`, or `vuilder-shell/`, read
+  `vuilder-workspace-architecture/SKILL.md` first.
+- `vuilder-app` is a Vuilder-owned public-site authoring workspace for landing,
+  blog, and onboarding routes backed by public-dj CMS manifests. It is
+  materialized from `vuilder-public-site`.
+- `vuilder-app` does not own tenant `/app`, `/w/*`, or runtime `mw.core.site`;
+  it renders public-dj content pinned by manifest ref/digest and redirects
+  customer signup into central SSO.
+- `vuilder-shell` is a Vuilder-branded customer tenant shell under
+  `/w/[workspace_slug]`; it customizes tenant UX while platform owns identity,
+  provisioning, and app-pack install authority. Use central SSO, shell-origin
+  state, a short-lived one-use handoff code, and the tenant-bound
+  `mw_vuilder_shell_session` context endpoint for `vuilder-shell`; do not use
+  `@minutework/web-auth`, raw platform session/CSRF cookies, same-origin `/_mw`
+  tenant customer routes, local password forms, or local credential-login BFF
+  routes there. Preserve the requested workspace in the SSO return URL.
 - For member-facing collaboration and operator work, the primary product surface
   is the gateway shell under `/w/[workspace_slug]`. Do not default to a bespoke
   standalone tenant frontend when the work belongs in shell threads, cards, or
@@ -96,7 +111,8 @@ the monorepo or a live tenant runtime.
   itineraries, proposals, pages, and generated assets should usually come from
   runtime data/content/workflow, not fresh product rebuilds.
 - Current external alpha constraints matter:
-  - local authoring supports `tenant-app`, `sidecar`, or both
+  - local authoring supports `tenant-app`, `vuilder-app`, `vuilder-shell`,
+    `sidecar`, `mobile`, or selected combinations
   - hosted deploy is preview-first
   - live public delivery and sidecar/runtime-backed deploys are not implied from
     the current external lane

package/assets/claude-local/skills/shell-architecture/SKILL.md

@@ -12,6 +12,16 @@ threads, channels, inboxes, guest collaboration, approvals, dashboards, or
 - Default to the member shell first. For collaboration and operator work, the
   primary product surface is the gateway shell under `/w/[workspace_slug]`, not
   a bespoke standalone tenant frontend.
+- `vuilder-shell` is the generated Vuilder-branded customer tenant shell. It
+  keeps `/w/[workspace_slug]` and `/w/[workspace_slug]/connect` as branded
+  customer workspace routes, but it must still rely on platform identity,
+  provisioning, and app-pack install authority. It is a platform member shell
+  using central SSO plus a tenant-bound `mw_vuilder_shell_session` token, not a
+  `tenant-app` `@minutework/web-auth` customer session surface and not raw
+  platform session/CSRF cookies. Its `/login` route sets a shell-origin state
+  cookie before redirecting to central SSO; SSO returns a short-lived one-use
+  code, and the shell exchanges that code server-side before setting the
+  host-only session cookie. Do not add local password-login BFF routes.
 - Treat these nouns as the default mental model:
   - **Server**: the product-facing private tenant space
   - **Channel**: a conversation surface inside the shell
@@ -47,6 +57,11 @@ threads, channels, inboxes, guest collaboration, approvals, dashboards, or
   - the surface is a mobile app (Expo / React Native / native iOS/Android) ->
     author in the `mobile` starter, not `tenant-app`; see
     `standalone-mobile-client/SKILL.md`
+- Do not confuse shell surfaces:
+  - central platform shell: first-party MinuteWork member shell substrate
+  - `vuilder-shell`: generated branded customer tenant shell for a Vuilder
+    vertical, backed by platform member sessions
+  - `tenant-app`: combined public/private web starter for ordinary tenant apps
 - If shell fit is correct but this generated workspace cannot directly author
   the shell extension, keep the shell-first recommendation and record a
   capability gap instead of silently converting the request into standalone

package/assets/claude-local/skills/vuilder-public-site-authoring/SKILL.md

@@ -6,8 +6,9 @@ description: "Vuilder-owned public websites, public-dj CMS manifests, vuilder-pu
 # Vuilder Public Site Authoring
 
 Use this skill when the request touches a Vuilder-owned public website,
-`vuilder-public-site`, public-dj CMS content, or customer signup through a
-Vuilder vertical.
+`vuilder-app`, `vuilder-public-site`, public-dj CMS content, or customer signup
+through a Vuilder vertical. If the workspace also includes `vuilder-shell` or
+app-pack source, read `vuilder-workspace-architecture/SKILL.md` first.
 
 ## System Boundary
 
@@ -25,8 +26,10 @@ Vuilder vertical.
 
 ## Template Contract
 
-- Use `runtime/builder/templates/vuilder-public-site` for Vuilder-owned landing,
-  blog, public onboarding, and other public marketing routes.
+- Use `vuilder-app/` as the generated public starter directory. It is
+  materialized from `runtime/builder/templates/vuilder-public-site` for
+  Vuilder-owned landing, blog, public onboarding, and other public marketing
+  routes.
 - The template reads public-dj through a server-only CMS adapter.
 - Expected release env includes `MW_PUBLIC_DJ_BASE_URL`,
   `MW_PUBLIC_CONTENT_REF`, `MW_PUBLIC_CONTENT_DIGEST`, and
@@ -48,6 +51,9 @@ Vuilder vertical.
 - The public-site BFF creates customer onboarding intents from server-pinned
   release context: property/release refs, manifest ref/digest, package
   ref/digest, onboarding flow ref/digest, and Vuilder workspace context.
+- After creating the intent, redirect the browser to central SSO at an opaque
+  route like `/onboarding/vertical/[intent_id]`. The public site does not log
+  in users or complete provisioning itself.
 - Browser intake answers are untrusted input. Browsers must not author package
   refs, manifest refs, provisioning kind, or workspace identity.
 

package/assets/claude-local/skills/vuilder-workspace-architecture/SKILL.md

@@ -0,0 +1,78 @@
+---
+name: vuilder-workspace-architecture
+description: "First skill for generated Vuilder workspaces: vuilder-app public site, vuilder-shell branded customer shell, app-pack source, and customer signup/install flow."
+---
+
+# Vuilder Workspace Architecture
+
+Use this skill first when a generated workspace is a Vuilder workspace or when
+the request mentions Vuilder verticals, Vuilder public sites, branded tenant
+shells, customer vertical signup, or app-pack publishing for customer install.
+
+## Default Workspace Shape
+
+A first-class Vuilder workspace is vertical-neutral. FleetRun is an example
+vertical name, not a platform hardcode.
+
+Expected generated layout:
+
+- `vuilder-app/`: public landing, blog, and onboarding site. It uses the
+  `vuilder-public-site` template and public-dj CMS manifests.
+- `vuilder-shell/`: Vuilder-branded customer tenant shell. It opens customer
+  workspace routes like `/w/[workspace_slug]` and
+  `/w/[workspace_slug]/connect`. Its `/login` route sets a host-only shell
+  handoff state cookie, redirects to central platform SSO, receives a
+  short-lived one-use handoff code, exchanges that code server-side for a
+  tenant-bound shell token, and stores that token as a host-only
+  `mw_vuilder_shell_session` cookie. It never receives raw platform session
+  cookies and is not the `tenant-app` `@minutework/web-auth` customer-session
+  profile.
+- App-pack source: schemas, agents, flows, views, seed data, and package
+  metadata under the workspace authoring layer.
+- Optional `sidecar/` and `mobile/` starters when selected.
+
+## Flow
+
+The acquisition and install path is:
+
+1. Customer lands on the Vuilder public site (`vuilder-app`).
+2. The public-site BFF creates `customer_vertical_signup` using
+   server-pinned release context.
+3. The browser is redirected to central SSO.
+4. SSO handles login/signup and completes the opaque onboarding intent
+   server-side.
+5. Platform provisions the customer tenant runtime VM.
+6. Platform installs the approved app pack from the marketplace coordinate.
+7. The branded `vuilder-shell` opens the customer workspace.
+
+## Hard Boundary
+
+`vuilder-shell` customizes tenant UX, navigation, copy, branding, and customer
+workspace presentation. It does not own identity, tenant creation, runtime
+provider selection, billing policy, provisioning, package refs, manifest refs,
+attestation, digest checks, or app-pack install authority.
+
+Do not wire `vuilder-shell` to same-origin `/_mw` tenant customer auth routes.
+Do not render a local password form or expose a local credential-login BFF in
+`vuilder-shell`. `/login` is only a redirect handoff to central SSO with a
+trusted return URL and shell-origin state for the requested workspace. SSO
+completion creates a platform `Membership` and returns a one-use handoff code;
+the shell validates the echoed state, exchanges the code server-side, stores the
+returned `mw_vuilder_shell_session`, and resolves server-authored shell context
+from that token. It must fail closed for missing or mismatched state, missing
+tokens, mismatched workspace slugs, missing member capabilities, or blocked
+workspace-open affordance.
+
+Browser intake is untrusted. Do not let browser code choose package refs,
+manifest refs, Vuilder workspace ids, provisioning kind, runtime provider,
+billing policy, or install coordinates.
+
+## Related Skills
+
+- Use `vuilder-public-site-authoring` for `vuilder-app`, public-dj manifests,
+  and onboarding-intent creation.
+- Use `shell-architecture` for `vuilder-shell` customer workspace routes.
+- Use `app-pack-authoring` for schemas, agents, flows, package metadata, and
+  marketplace publish output.
+- Use `generated-workspace-architecture` for general local workspace trust
+  boundaries.

package/assets/templates/vuilder-public-site/.env.example

@@ -0,0 +1,11 @@
+MW_PUBLIC_DJ_BASE_URL=http://127.0.0.1:8003
+MW_AUTH_BASE_URL=http://127.0.0.1:3400
+MW_PLATFORM_BASE_URL=http://127.0.0.1:8000
+MW_PUBLIC_BASE_URL=http://127.0.0.1:3300
+MW_PUBLIC_SITE_PROPERTY_KEY=main-site
+MW_PUBLIC_SITE_ENV=preview
+MW_PUBLIC_RELEASE_CLASS=ssr_container
+MW_PUBLIC_CONTENT_REF=
+MW_PUBLIC_CONTENT_DIGEST=
+MW_PUBLIC_DJ_READ_TOKEN=
+MW_VUILDER_ONBOARDING_INTENT_TOKEN=

package/assets/templates/vuilder-public-site/README.md

@@ -0,0 +1,15 @@
+# Vuilder Public Site Template
+
+`vuilder-public-site` is the public website template for Vuilder-owned websites.
+Builder edits normal Next.js code in this workspace. Public content comes from
+public-dj through an immutable site manifest ref and digest.
+
+The template supports two release classes:
+
+- `static_export`: content is resolved during build and emitted as static output.
+- `ssr_container`: server code resolves the pinned public-dj manifest at runtime.
+
+The browser never receives public-dj credentials or platform intent credentials.
+Onboarding starts through the server route at `/api/onboarding/start`, which asks
+platform to create a `customer_vertical_signup` intent from release-pinned
+server context.

package/assets/templates/vuilder-public-site/eslint.config.mjs

@@ -0,0 +1,6 @@
+import nextVitals from "eslint-config-next/core-web-vitals";
+import nextTs from "eslint-config-next/typescript";
+
+const eslintConfig = [...nextVitals, ...nextTs];
+
+export default eslintConfig;

package/assets/templates/vuilder-public-site/next-env.d.ts

@@ -0,0 +1,4 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+
+// This file is automatically generated by Next.js.

package/assets/templates/vuilder-public-site/next.config.mjs

@@ -0,0 +1,28 @@
+import path from "node:path";
+import { existsSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+function resolveTurbopackRoot(startDirectory) {
+  let directory = startDirectory;
+  while (true) {
+    if (existsSync(path.join(directory, "pnpm-workspace.yaml"))) {
+      return directory;
+    }
+    const parent = path.dirname(directory);
+    if (parent === directory) return startDirectory;
+    directory = parent;
+  }
+}
+
+const nextConfig = {
+  reactStrictMode: true,
+  typedRoutes: true,
+  ...(process.env.MW_PUBLIC_RELEASE_CLASS === "static_export" ? { output: "export" } : {}),
+  turbopack: {
+    root: resolveTurbopackRoot(__dirname),
+  },
+};
+
+export default nextConfig;

package/assets/templates/vuilder-public-site/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "vuilder-public-site",
+  "version": "0.1.0",
+  "private": true,
+  "packageManager": "pnpm@9.0.0",
+  "engines": {
+    "node": ">=20.9.0"
+  },
+  "scripts": {
+    "dev": "next dev --hostname 127.0.0.1 --port 3300",
+    "build": "next build",
+    "start": "next start -p 3300",
+    "lint": "eslint .",
+    "test": "vitest run",
+    "typegen": "next typegen",
+    "template:validate": "node tools/template/validate-template.mjs",
+    "typecheck": "tsc --noEmit",
+    "validate": "pnpm template:validate && pnpm typegen && pnpm typecheck && pnpm lint && pnpm test && pnpm build"
+  },
+  "dependencies": {
+    "next": "^16.2.0",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
+    "server-only": "^0.0.1",
+    "zod": "^3.24.1"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "ajv": "^8.17.1",
+    "eslint": "^9.39.1",
+    "eslint-config-next": "^16.2.0",
+    "postcss": "^8.5.6",
+    "tailwindcss": "^4.2.0",
+    "typescript": "^5.6.0",
+    "vitest": "^3.2.4"
+  }
+}

package/assets/templates/vuilder-public-site/postcss.config.mjs

@@ -0,0 +1,5 @@
+const config = {
+  plugins: {},
+};
+
+export default config;

package/assets/templates/vuilder-public-site/src/app/api/onboarding/start/route.ts

@@ -0,0 +1,19 @@
+import { NextResponse } from "next/server";
+
+import { env } from "@/lib/env.server";
+import { createCustomerVerticalSignupIntent } from "@/lib/platform.server";
+
+export async function POST(request: Request) {
+  const formData = await request.formData();
+  const payload = await createCustomerVerticalSignupIntent({
+    email: String(formData.get("email") ?? ""),
+    name: String(formData.get("name") ?? ""),
+  });
+
+  const nextUrl = new URL(
+    `/onboarding/vertical/${encodeURIComponent(String(payload.intent.id))}`,
+    env.MW_AUTH_BASE_URL,
+  );
+
+  return NextResponse.redirect(nextUrl, { status: 303 });
+}

package/assets/templates/vuilder-public-site/src/app/blog/[slug]/page.tsx

@@ -0,0 +1,25 @@
+import { notFound } from "next/navigation";
+
+import { getSiteManifest } from "@/lib/public-dj.server";
+
+export default async function BlogPostPage({
+  params,
+}: {
+  params: Promise<{ slug: string }>;
+}) {
+  const { slug } = await params;
+  const manifest = await getSiteManifest();
+  const index = Number(slug.replace(/^post-/, "")) - 1;
+  const post = manifest.payload.blog_posts[index];
+  if (!post) notFound();
+
+  return (
+    <main className="site-main">
+      <p className="eyebrow">Blog</p>
+      <h1>{post.content_ref}</h1>
+      <div className="panel">
+        <p>Digest: {post.digest}</p>
+      </div>
+    </main>
+  );
+}

package/assets/templates/vuilder-public-site/src/app/blog/page.tsx

@@ -0,0 +1,26 @@
+import Link from "next/link";
+
+import { getSiteManifest } from "@/lib/public-dj.server";
+import { appRoutes } from "@/lib/routes";
+
+export default async function BlogIndexPage() {
+  const manifest = await getSiteManifest();
+
+  return (
+    <main className="site-main">
+      <p className="eyebrow">Blog</p>
+      <h1>Updates</h1>
+      <div className="panel">
+        {manifest.payload.blog_posts.length === 0 ? (
+          <p>No published posts are pinned to this release yet.</p>
+        ) : (
+          manifest.payload.blog_posts.map((post, index) => (
+            <p key={`${post.content_ref}:${post.digest}`}>
+              <Link href={appRoutes.blogPost(`post-${index + 1}`)}>{post.content_ref}</Link>
+            </p>
+          ))
+        )}
+      </div>
+    </main>
+  );
+}

package/assets/templates/vuilder-public-site/src/app/globals.css

@@ -0,0 +1,103 @@
+:root {
+  color-scheme: light;
+  --background: #f8f5ef;
+  --foreground: #25231f;
+  --muted: #6d675f;
+  --line: #ded6ca;
+  --accent: #335c67;
+  --accent-strong: #1f3f46;
+  --surface: #fffdf8;
+}
+
+* {
+  box-sizing: border-box;
+}
+
+body {
+  margin: 0;
+  background: var(--background);
+  color: var(--foreground);
+  font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+}
+
+a {
+  color: inherit;
+}
+
+.site-shell {
+  min-height: 100vh;
+}
+
+.site-header,
+.site-main,
+.site-footer {
+  width: min(1120px, calc(100vw - 40px));
+  margin: 0 auto;
+}
+
+.site-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 24px 0;
+  border-bottom: 1px solid var(--line);
+}
+
+.site-main {
+  padding: 72px 0;
+}
+
+.hero {
+  display: grid;
+  gap: 24px;
+  max-width: 760px;
+}
+
+.eyebrow {
+  margin: 0;
+  color: var(--accent);
+  font-size: 0.82rem;
+  font-weight: 700;
+  letter-spacing: 0.08em;
+  text-transform: uppercase;
+}
+
+h1 {
+  margin: 0;
+  font-family: Georgia, "Times New Roman", serif;
+  font-size: clamp(3rem, 8vw, 6.75rem);
+  font-weight: 500;
+  line-height: 0.95;
+}
+
+p {
+  color: var(--muted);
+  font-size: 1.08rem;
+  line-height: 1.7;
+}
+
+.button {
+  display: inline-flex;
+  min-height: 44px;
+  width: fit-content;
+  align-items: center;
+  justify-content: center;
+  border: 1px solid var(--accent-strong);
+  background: var(--accent-strong);
+  color: white;
+  padding: 0 18px;
+  text-decoration: none;
+}
+
+.panel {
+  margin-top: 40px;
+  border: 1px solid var(--line);
+  background: var(--surface);
+  padding: 24px;
+}
+
+.site-footer {
+  padding: 32px 0;
+  border-top: 1px solid var(--line);
+  color: var(--muted);
+}

package/assets/templates/vuilder-public-site/src/app/layout.tsx

@@ -0,0 +1,18 @@
+import type { Metadata } from "next";
+
+import "@/app/globals.css";
+import { env } from "@/lib/env.server";
+
+export const metadata: Metadata = {
+  metadataBase: new URL(env.MW_PUBLIC_BASE_URL),
+  title: "Vuilder Public Site",
+  description: "A Vuilder public website backed by public-dj content revisions.",
+};
+
+export default function RootLayout({ children }: Readonly<{ children: React.ReactNode }>) {
+  return (
+    <html lang="en">
+      <body>{children}</body>
+    </html>
+  );
+}