packwise-skills 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/.cursorrules +23 -23
  2. package/CLAUDE.md +25 -25
  3. package/LICENSE +21 -0
  4. package/README.md +404 -295
  5. package/audit.md +224 -224
  6. package/bin/packwise.js +322 -155
  7. package/install.sh +123 -0
  8. package/package.json +32 -31
  9. package/skill.md +944 -719
  10. package/sub-skills/ai/local-llm.md +183 -183
  11. package/sub-skills/ai/python-ml.md +164 -164
  12. package/sub-skills/backend/go-server.md +184 -184
  13. package/sub-skills/backend/java-spring.md +241 -241
  14. package/sub-skills/backend/node-server.md +164 -164
  15. package/sub-skills/backend/php-laravel.md +175 -175
  16. package/sub-skills/backend/python-server.md +164 -164
  17. package/sub-skills/backend/rust-backend.md +118 -118
  18. package/sub-skills/cli/python-cli.md +236 -236
  19. package/sub-skills/cli/sdk-library.md +497 -497
  20. package/sub-skills/cloud/ci-cd-pipelines.md +350 -350
  21. package/sub-skills/cloud/docker.md +191 -191
  22. package/sub-skills/cloud/kubernetes.md +277 -277
  23. package/sub-skills/cloud/payment-integration.md +307 -307
  24. package/sub-skills/cross-platform/multiplatform.md +252 -252
  25. package/sub-skills/desktop/electron.md +783 -783
  26. package/sub-skills/desktop/game-dev.md +443 -443
  27. package/sub-skills/desktop/native-app.md +123 -123
  28. package/sub-skills/desktop/scenarios.md +443 -443
  29. package/sub-skills/desktop/smart-platforms.md +324 -324
  30. package/sub-skills/desktop/tauri.md +428 -428
  31. package/sub-skills/desktop/vr-ar.md +252 -252
  32. package/sub-skills/desktop/web-to-desktop.md +153 -153
  33. package/sub-skills/embedded/car-infotainment.md +129 -129
  34. package/sub-skills/embedded/esp32.md +184 -184
  35. package/sub-skills/embedded/ros.md +150 -150
  36. package/sub-skills/embedded/stm32.md +160 -160
  37. package/sub-skills/mobile/android.md +322 -322
  38. package/sub-skills/mobile/capacitor.md +232 -232
  39. package/sub-skills/mobile/flutter-mobile.md +138 -138
  40. package/sub-skills/mobile/harmonyos.md +150 -150
  41. package/sub-skills/mobile/ios.md +245 -245
  42. package/sub-skills/mobile/react-native.md +443 -443
  43. package/sub-skills/mobile/wearables.md +230 -230
  44. package/sub-skills/plugins/browser-extension.md +308 -308
  45. package/sub-skills/plugins/jetbrains-plugin.md +226 -226
  46. package/sub-skills/plugins/vscode-extension.md +204 -204
  47. package/sub-skills/security/security-tools.md +174 -174
  48. package/sub-skills/web/monorepo.md +274 -274
  49. package/sub-skills/web/pwa.md +220 -220
  50. package/sub-skills/web/serverless-edge.md +295 -295
  51. package/sub-skills/web/spa.md +266 -266
  52. package/sub-skills/web/ssr.md +228 -228
  53. package/sub-skills/web/wasm.md +243 -243
package/skill.md CHANGED
@@ -1,719 +1,944 @@
1
- # Package Skills Plugin — Universal Build & Packaging Orchestrator
2
-
3
- Covers all **build and packaging** scenarios for indie developers, startups, and small-to-medium software companies: desktop, mobile, web, backend, AI/ML, CLI, plugins, embedded, security tools, containerization, cross-platform frameworks, monorepos, WebAssembly, VR/AR, wearables, smart platforms, serverless, CI/CD, and payment integration.
4
-
5
- > **Scope**: This skill focuses on **building and packaging** source code into distributable artifacts (`.apk`, `.exe`, `.dmg`, `.vsix`, Docker images, WASM modules, etc.). Production operations and infrastructure provisioning are outside its scope.
6
-
7
- ## Trigger Words
8
-
9
- "package", "build", "bundle", "compile", "installer", "desktop app", "generate exe", "build software", "client packaging", "develop plugin", "app packaging", "embedded", "publish to store", "containerize", "Docker", "WASM", "monorepo build", "cross-compile"
10
-
11
- ## Plugin Architecture
12
-
13
- ```
14
- package/
15
- ├── skill.md ← Main orchestrator: scan → classify → guide → dispatch
16
- ├── audit.md ← Post-build audit (top-level, mandatory)
17
- └── sub-skills/
18
- ├── desktop/ ← Desktop apps (9)
19
- │ ├── electron.md ← Electron (security, path resolution, packaging, signing, auto-update, CI/CD, pitfalls)
20
- │ ├── tauri.md ← Tauri 2.0 (Rust backend, minimal footprint)
21
- │ ├── native-app.md ← Qt/Flutter/.NET (performance-critical)
22
- │ ├── web-to-desktop.md ← Web-to-desktop (Pake/Neutralinojs)
23
- │ ├── game-dev.md ← Game dev (Unity/Unreal/Godot)
24
- │ ├── vr-ar.md ← VR/AR (Meta Quest/Vision Pro/SteamVR)
25
- │ ├── smart-platforms.md ← Smart TV/Car/RPi (Android TV/tvOS/webOS/Tizen)
26
- │ └── scenarios.md ← Desktop scenarios (AI/ERP/trading/IoT/IM)
27
- ├── mobile/ ← Mobile (7)
28
- │ ├── android.md ← Android native (Kotlin/Java)
29
- │ ├── ios.md ← iOS/iPadOS (Swift/ObjC)
30
- │ ├── harmonyos.md ← HarmonyOS (ArkTS)
31
- │ ├── flutter-mobile.md ← Flutter mobile
32
- │ ├── react-native.md ← React Native
33
- │ ├── capacitor.md ← Capacitor (Web → mobile)
34
- │ └── wearables.md ← Wearables (watchOS/Wear OS/Galaxy Watch)
35
- ├── web/ ← Web apps (6)
36
- │ ├── spa.md ← SPA (React/Vue/Angular/Svelte)
37
- │ ├── ssr.md ← SSR (Next.js/Nuxt/Remix)
38
- │ ├── pwa.md ← PWA (Progressive Web App)
39
- │ ├── serverless-edge.md ← Serverless & Edge (Lambda/CF Workers/Vercel)
40
- │ ├── monorepo.md ← Monorepo (Turborepo/Nx/pnpm workspaces)
41
- │ └── wasm.md ← WebAssembly (Rust/Go/C → WASM)
42
- ├── backend/ ← Backend services (6)
43
- │ ├── node-server.md ← Node.js (Express/Nest/Fastify)
44
- │ ├── python-server.md ← Python (Flask/Django/FastAPI)
45
- │ ├── go-server.md ← Go (Gin/Echo/Fiber)
46
- │ ├── rust-backend.md ← Rust (Axum/Actix-Web/Rocket)
47
- │ ├── java-spring.md ← Java (Spring Boot/Quarkus/Micronaut)
48
- │ └── php-laravel.md ← PHP (Laravel/Symfony/Slim)
49
- ├── ai/ ← AI/ML (2)
50
- │ ├── python-ml.md ← Python ML model packaging
51
- │ └── local-llm.md ← Local LLM applications
52
- ├── cli/ ← CLI tools & Libraries (2)
53
- │ ├── python-cli.md ← Python CLI tools
54
- │ └── sdk-library.md ← SDK/Library publishing (npm/PyPI/crates.io/Maven/NuGet/Go)
55
- ├── plugins/ ← Plugins (3)
56
- │ ├── browser-extension.md ← Chrome/Edge/Firefox extensions
57
- │ ├── vscode-extension.md ← VS Code extensions
58
- │ └── jetbrains-plugin.md ← JetBrains plugins
59
- ├── embedded/ ← Embedded (4)
60
- │ ├── esp32.md ← ESP32 (Arduino/ESP-IDF)
61
- │ ├── stm32.md ← STM32 (Keil/CubeIDE)
62
- │ ├── ros.md ← ROS/ROS2 robotics
63
- │ └── car-infotainment.md ← Car infotainment (HarmonyOS/Auto/QNX)
64
- ├── security/ ← Security tools (1)
65
- │ └── security-tools.md ← Pentest / scanners / SIEM
66
- ├── cloud/ ← Cloud & Infrastructure (4)
67
- │ ├── docker.md ← Docker containerization
68
- │ ├── kubernetes.md ← Kubernetes/Helm/K3s
69
- │ ├── ci-cd-pipelines.md ← CI/CD (GitHub Actions/GitLab CI/Jenkins)
70
- │ └── payment-integration.md ← Payment (Stripe/Alipay/WeChat Pay/IAP)
71
- └── cross-platform/ ← Cross-platform frameworks (1)
72
- └── multiplatform.md ← .NET MAUI / Kotlin Multiplatform / Compose Multiplatform
73
- ```
74
-
75
- ## Core Workflow
76
-
77
- ```
78
- 1. Project Scan → Identify project type, language, dependencies, architecture
79
- 2. Report & Intake → Report findings to user → Ask key questions interactively
80
- 3. Analyze & Research → Combine scan results + user answers + online research (if needed)
81
- 4. Recommend & Guide → Present RECOMMENDED solution + 2-3 alternatives with reasoning → discuss with user
82
- 5. Confirm Plan → User selects final approach → generate confirmation summary
83
- 6. Execute Load sub-skillrun build process (≤15% deviation without approval)
84
- 7. Audit Execute audit.md (mandatory, cannot be skipped)
85
- 8. Final Report Output structured build report
86
- ```
87
-
88
- > **Guidance Philosophy**: The LLM acts as a **build consultant**, not a form-filler. After scanning and asking questions, the LLM MUST synthesize all information, perform targeted research if needed, and present a clear recommendation with reasoning. The user should feel guided, not interrogated.
89
-
90
- ### Step 2: Report & Intake
91
-
92
- After scanning, the AI reports findings and asks questions **in one interactive session**. Do NOT split across multiple steps.
93
-
94
- **Format**: Present each question as a numbered list. Mark the **⭐ Recommended** option with reasoning. Let the user reply with numbers (e.g., "1,2,4,3,1,2") or answer conversationally. If the user says "skip", use the recommended option.
95
-
96
- ---
97
-
98
- #### Part A: Project Summary (Tell the User What You Found)
99
-
100
- > **Scanning is the foundation of everything.** If the scan is wrong, all downstream decisions will be wrong. The LLM MUST scan thoroughly before asking any questions. If the scan reveals issues (missing dependencies, .env files, outdated configs), **flag them immediately** — don't wait until build time.
101
-
102
- ```
103
- 📋 Project Scan Results:
104
- - Framework: [detected framework]
105
- - Language: [detected language]
106
- - Estimated complexity: [L1/L2/L3]
107
- - Key dependencies: [list]
108
- - Source files: [count]
109
- - Notable: [any special findings — native modules, env files, game engine, etc.]
110
- ```
111
-
112
- **Dependency Completeness Check** (auto-run during scan):
113
-
114
- The LLM MUST verify that all required dependencies for the detected framework are present. If anything is missing, **tell the user before proceeding**:
115
-
116
- | Framework | Required Dependencies | Check Command |
117
- |-----------|----------------------|---------------|
118
- | Tauri | `@tauri-apps/api` in package.json | `grep "@tauri-apps/api" package.json` |
119
- | Electron | `electron` + `electron-builder` in devDependencies | `grep "electron" package.json` |
120
- | React Native | `react-native` + `@react-native-community/cli` | `grep "react-native" package.json` |
121
- | Capacitor | `@capacitor/core` + `@capacitor/cli` | `grep "@capacitor" package.json` |
122
- | Vue + Vite | `vue` + `@vitejs/plugin-vue` + `vite` | `grep "vue\|vite" package.json` |
123
- | Next.js | `next` + `react` + `react-dom` | `grep "next\|react" package.json` |
124
-
125
- **Security Scan** (auto-run during scan):
126
-
127
- | What to check | Why | Action if found |
128
- |---------------|-----|----------------|
129
- | `.env` / `.env.*` files | May contain API keys, tokens | ⚠️ Flag to user: "Found .env with sensitive data — will remove before packaging" |
130
- | Hardcoded `sk-` / `api_key` / `secret` in source | Credential leak | ⚠️ Flag to user: "Found hardcoded credentials in [file]" |
131
- | `node_modules` in git | Bloat, potential secret leak | ⚠️ Suggest adding to `.gitignore` |
132
- | Missing `.gitignore` | May accidentally commit secrets | ⚠️ Suggest creating one |
133
-
134
- ---
135
-
136
- #### Part B: Key Questions
137
-
138
- **Q1. Who are the target users?**
139
- - 1. ⭐ General consumers → One-click installer (NSIS/DMG/APK)
140
- - 2. Enterprise internal → MSI/Group Policy/MDM
141
- - 3. Developers npm/pip/cargo
142
- - 4. Government/military → Domestic platform adaptation
143
-
144
- **Q2. Distribution channel?**
145
- - 1. Website download Code signing + auto-update
146
- - 2. App Store Store signing + review compliance
147
- - 3. Enterprise internal → MDM/Group Policy
148
- - 4. Open source → GitHub Releases / npm / PyPI
149
-
150
- **Q3. Target platform(s)?** (multi-select)
151
- - 1. ⭐ Windows
152
- - 2. macOS
153
- - 3. Linux
154
- - 4. All desktop (1+2+3)
155
- - 5. Android
156
- - 6. iOS/iPadOS
157
-
158
- **Q3b. Architecture per platform?** (ask for EACH platform selected in Q3)
159
-
160
- > Example: If user selected "Windows + macOS" in Q3, ask:
161
- > "You selected Windows and macOS. Now choose architecture for each:"
162
-
163
- - **Windows architecture?**
164
- - 1. ⭐ x64 only (most common, covers 99% of PCs)
165
- - 2. ARM64 only (Surface Pro X, Snapdragon laptops)
166
- - 3. Both x64 + ARM64 (two installers output)
167
- - **macOS architecture?**
168
- - 1. ⭐ Universal Binary (x64 + ARM64 in one file, works on all Macs)
169
- - 2. ARM64 only (Apple Silicon M1+, no Intel Mac support)
170
- - 3. x64 only (Intel Macs only, not recommended)
171
- - **Linux architecture?**
172
- - 1. x64 only (most common)
173
- - 2. ARM64 only (Raspberry Pi 4/5, ARM servers)
174
- - 3. Both x64 + ARM64 (two packages output)
175
- - **Android architecture?**
176
- - 1. ARM64 (v8a) covers 95%+ of modern devices
177
- - 2. ARM64 + ARMv7 (for older devices, larger APK)
178
- - 3. Universal APK (all architectures, largest size)
179
- - **iOS architecture?**
180
- - 1. ARM64 (all modern Apple devices, automatic)
181
-
182
- > All selected architecture packages will be output to the same target folder (Q11).
183
-
184
- **Q4. App name, version, copyright holder?**
185
-
186
- **Q5. Logo/icon ready?**
187
- - 1. ⭐ Yes, I have icons → Ask for path, format, sizes
188
- - 2. Need to generate → Recommend tool based on platform
189
- - 3. Use defaultNot recommended for production
190
-
191
- **Q6. Source code protection (anti-reverse-engineering)?**
192
-
193
- > This determines how hard it is for someone to decompile and read your source code from the packaged app.
194
-
195
- - 1. ⭐ **Standard packaging** — Code bundled but extractable with basic tools. Fine for most apps. (Electron: ASAR; Tauri: already compiled Rust, very hard to reverse)
196
- - 2. **Obfuscation** — JavaScript/TypeScript code is scrambled (variable names mangled, control flow flattened). Takes minutes to hours to reverse. Adds ~1 min build time.
197
- - 3. **Bytecode compilation** — Source code compiled to V8 binary bytecode (.jsc). Cannot be read as text. Must match Electron's Node.js version. Takes ~2 min build time. (Electron only)
198
- - 4. **Full protection scheme** — All of the above + AES-256-CBC encryption of config files + image base64 embedding. Recommended for commercial software with proprietary algorithms. Adds ~5 min build time.
199
- - 5. **None** — Open source project, no protection needed. Anyone can read the code.
200
-
201
- **Q7. Clear test data and hardcoded keys before packaging?**
202
- - 1. ⭐ Yes, clean everything
203
- - 2. No (dev build only)
204
-
205
- **Q8. Code signing?**
206
- - 1. Yes, I have certificates
207
- - 2. No signing (will show security warnings)
208
- - 3. Help me understand what I need
209
-
210
- **Q9. Auto-update?**
211
- - 1. Yes
212
- - 2. No
213
-
214
- **Q10. Budget / team capability?**
215
- - 1. Zero budget, individual developer
216
- - 2. Has Apple Developer account ($99/year)
217
- - 3. Has code signing certificate
218
- - 4. Team has Rust experience
219
- - 5. Team has only frontend experience
220
-
221
- **Q11. Output location?**
222
- - 1. ⭐ `./release/` (default)
223
- - 2. Custom path
224
-
225
- **Q12. Any special requirements?**
226
- - (Open-ended: custom protocol, system tray, multi-window, offline-first, etc.)
227
-
228
- ---
229
-
230
- ### Step 3: Analyze & Research
231
-
232
- After collecting the user's answers, the LLM **MUST**:
233
-
234
- 1. **Synthesize** — Combine scan results (Step 1) + user answers (Step 2) + complexity assessment
235
- 2. **Research if needed** If the project type is niche or the user has unusual requirements, search for official documentation or community solutions (time-boxed to 2-3 minutes)
236
- 3. **Determine the best approach** — Based on ALL available information, identify the optimal packaging strategy
237
- 4. **Identify alternatives** Find 2-3 viable alternatives with clear trade-offs
238
-
239
- **When to research online:**
240
- - User's framework/version is not covered by any sub-skill
241
- - User has requirements that conflict with standard approaches
242
- - Latest best practices may have changed (check official docs)
243
-
244
- **When NOT to research:**
245
- - The project clearly matches an existing sub-skill
246
- - User's requirements are straightforward
247
- - Research would add no value beyond what the sub-skill already covers
248
-
249
- ---
250
-
251
- ### Step 4: Recommend & Guide (THE KEY STEP)
252
-
253
- This is where the LLM acts as a **consultant**. Present the analysis as a conversation, not a data dump.
254
-
255
- **Output format:**
256
-
257
- ```
258
- ═══════════════════════════════════════════════
259
- PACKAGING RECOMMENDATION
260
- ═══════════════════════════════════════════════
261
-
262
- Based on your project scan and requirements, here is my analysis:
263
-
264
- [Project Analysis]
265
- Your [framework] project has [complexity] complexity with [key characteristics].
266
- The main challenge will be [identified challenge].
267
-
268
- RECOMMENDED: [Solution Name]
269
- ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
270
- Why this approach:
271
- - [Reason 1 — e.g., "Your team has only frontend experience, so Electron is the lowest barrier"]
272
- - [Reason 2 e.g., "You need SQLite native module, which requires Node.js runtime"]
273
- - [Reason 3 — e.g., "Target size ~150MB is acceptable for your use case"]
274
-
275
- Configuration:
276
- - Framework: [Electron 43 + React + Express + SQLite]
277
- - Build tool: [electron-builder 26]
278
- - Platforms: [Windows + macOS]
279
- - Architecture: [Windows x64, macOS Universal]
280
- - Package format: [NSIS for Windows x64, DMG for macOS Universal]
281
- - Source protection: [ASAR + JavaScript obfuscation]
282
- - Signing: [Windows EV cert + macOS Developer ID]
283
- - Auto-update: [electron-updater via GitHub Releases]
284
- - Output folder: [./release/]
285
- - Expected size: [~150MB per platform]
286
-
287
- Alternative A: [Tauri 2.11]
288
- ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
289
- - Pro: Much smaller (3-10MB), better performance
290
- - Con: Requires Rust rewrite of backend, higher learning curve
291
- - When to choose: If team can learn Rust and package size is critical
292
-
293
- Alternative B: [Neutralinojs]
294
- ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
295
- - Pro: Minimal footprint (~2MB)
296
- - Con: Limited native module support, smaller ecosystem
297
- - When to choose: If app is mostly a web wrapper with no backend
298
-
299
- ═══════════════════════════════════════════════
300
- Which approach would you like to proceed with?
301
- 1. Recommended ([Solution Name])
302
- 2. Alternative A
303
- 3. Alternative B
304
- 4. Custom combination (tell me what you want)
305
- ═══════════════════════════════════════════════
306
- ```
307
-
308
- **Key principles for the recommendation:**
309
- - **Lead with WHY** Don't just say "use Electron". Explain WHY based on the user's specific answers.
310
- - **Be specific** — Reference the user's actual requirements (target users, platform, budget).
311
- - **Quantify** Give expected package size, build time, complexity.
312
- - **Honest trade-offs** Don't hide downsides. "Electron is 150MB but Tauri is 3MB" is better than pretending size doesn't matter.
313
- - **Conditional advice** "If X changes, switch to Y" helps the user understand the decision tree.
314
- - **Don't rush** — If the user wants to discuss, engage. Answer questions before proceeding.
315
-
316
- ---
317
-
318
- ### Step 5: Confirm Plan
319
-
320
- After the user selects an approach, generate a final confirmation summary:
321
-
322
- ```
323
- ═══════════════════════════════════════════════
324
- FINAL BUILD PLAN
325
- ═══════════════════════════════════════════════
326
-
327
- [App] MyApp v1.0.0
328
- [Framework] Electron 43 + React + Express + SQLite
329
- [Platform] Windows + macOS
330
- [Architecture] Windows: x64 | macOS: Universal (x64+ARM64)
331
- [Installer] NSIS (.exe) for Win x64 + DMG for macOS Universal
332
- [Logo] icon.png (256x256, PNG with alpha, rounded corners applied)
333
- [Output] ./release/ (all installers in this folder)
334
- [Protection] ASAR + JavaScript obfuscation
335
- [Test Data] ✅ Cleared
336
- [API Keys] ✅ Cleared
337
- [Signing] Windows EV cert + macOS Developer ID + notarization
338
- [Auto-update] electron-updater via GitHub Releases
339
-
340
- ═══════════════════════════════════════════════
341
- Reply 'yes' to start building, or tell me what to change.
342
- ═══════════════════════════════════════════════
343
- ```
344
-
345
- Only proceed to execution after the user explicitly confirms.
346
-
347
- ---
348
-
349
- **Dynamic Adaptation Rules:**
350
- - Do NOT lock into rigid rules. If the user has special requirements (e.g., "I need to support both Windows XP and the latest macOS"), provide a viable approach rather than saying "not supported"
351
- - If the standard sub-skill approach does not fit, provide a custom solution based on general engineering knowledge
352
- - Every recommendation MUST explain **why** this approach is recommended and **under what circumstances** to switch to an alternative
353
- - When the user asks about **deployment or hosting** (e.g., "How do I deploy this Docker image?", "Which platform should I host on?"), provide guidance on WHERE and HOW to deploy, but do NOT execute the deployment that is outside this skill's scope. This skill handles building and packaging only.
354
- - If the user skips a question (says "skip" or "default"), use the ⭐ recommended option and note it in the confirmation summary
355
-
356
- ---
357
-
358
- ### Step 1.5: Handling Uncovered Projects (Online Research)
359
-
360
- When the user's project does NOT match any existing sub-skill (e.g., a niche framework, emerging technology, or proprietary platform):
361
-
362
- 1. **Search for official documentation** — Find the framework/platform's official build guide
363
- 2. **Search for community solutions** Look for GitHub repos, blog posts, or Stack Overflow answers from experienced developers
364
- 3. **Adapt a similar sub-skill** — Find the closest matching sub-skill and adapt its patterns
365
- 4. **Time-box the research** — Spend no more than 2-3 minutes on research. If no clear guide is found, tell the user honestly and suggest they consult the platform's official documentation
366
- 5. **Document the approach** — Present the found approach to the user for confirmation before proceeding
367
-
368
- **Priority for research sources:**
369
- 1. Official documentation (docs.xxx.com)
370
- 2. Official GitHub repository (README, wiki, examples)
371
- 3. Well-known tech blogs (with verifiable code examples)
372
- 4. Stack Overflow answers with high vote counts
373
- 5. **Never** use unverified random blog posts or outdated tutorials
374
-
375
- ---
376
-
377
- # Phase 1: Project Scan
378
-
379
- Execute the following scan commands before any decision-making:
380
-
381
- ```bash
382
- # ── Project structure detection ──
383
- find . -maxdepth 2 -name "package.json" -o -name "Cargo.toml" -o -name "pubspec.yaml" \
384
- -o -name "*.csproj" -o -name "go.mod" -o -name "CMakeLists.txt" \
385
- -o -name "build.gradle" -o -name "pom.xml" -o -name "pyproject.toml" \
386
- -o -name "requirements.txt" -o -name "Gemfile" -o -name "setup.py" 2>/dev/null
387
-
388
- # ── Backend presence ──
389
- ls server/ src/server/ backend/ api/ api-rs/ src-tauri/ app/ cmd/ internal/ 2>/dev/null
390
-
391
- # ── Language detection ──
392
- ls *.py *.go *.rs *.java *.cs *.dart *.swift *.c *.cpp *.h *.hpp *.kt *.ets 2>/dev/null
393
-
394
- # ── Node.js dependency analysis ──
395
- if [ -f package.json ]; then
396
- echo "=== Frontend ==="
397
- cat package.json | grep -oE '"(react|vue|svelte|angular|tailwindcss|vite|webpack|esbuild)[^"]*"' 2>/dev/null
398
- echo "=== Native Modules ==="
399
- cat package.json | grep -oE '"(better-sqlite3|sharp|bcrypt|canvas|node-gyp|serialport|usb)[^"]*"' 2>/dev/null
400
- echo "=== Database ==="
401
- cat package.json | grep -oE '"(sqlite|mysql|postgres|mongo|prisma|drizzle|redis|better-sqlite3)[^"]*"' 2>/dev/null
402
- echo "=== Cloud Services ==="
403
- cat package.json | grep -oE '"(openai|anthropic|google.*ai|deepseek|azure|aws|firebase)[^"]*"' 2>/dev/null
404
- echo "=== Realtime ==="
405
- cat package.json | grep -oE '"(socket\.io|ws:|websocket|mqtt|nats|sse)[^"]*"' 2>/dev/null
406
- echo "=== Mobile ==="
407
- cat package.json | grep -oE '"(react-native|expo|@capacitor|ionic|nativescript)[^"]*"' 2>/dev/null
408
- echo "=== Scripts ==="
409
- cat package.json | grep -oE '"(dev|build|start|electron|tauri|package|release|deploy)[^"]*"' 2>/dev/null
410
- fi
411
-
412
- # ── Game engine detection ──
413
- find . -maxdepth 2 -name "*.uproject" -o -name "ProjectSettings" -o -name "*.godot" 2>/dev/null
414
-
415
- # ── C/C++ detection ──
416
- find . -maxdepth 2 -name "CMakeLists.txt" -o -name "*.sln" -o -name "*.vcxproj" 2>/dev/null
417
-
418
- # ── Embedded detection ──
419
- ls platformio.ini sdkconfig prj.conf 2>/dev/null
420
- find . -maxdepth 3 -name "*.ino" -o -name "sdkconfig" 2>/dev/null
421
-
422
- # ── Plugin detection ──
423
- ls manifest.json content.js background.js popup.html 2>/dev/null
424
-
425
- # ── HarmonyOS detection ──
426
- ls oh-package.json5 module.json5 2>/dev/null
427
-
428
- # ── Environment variables ──
429
- ls .env .env.* .env.example 2>/dev/null
430
-
431
- # ── Code volume estimate ──
432
- find . -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.py" -o -name "*.go" \
433
- -o -name "*.rs" -o -name "*.java" -o -name "*.kt" -o -name "*.swift" -o -name "*.dart" \
434
- -o -name "*.cpp" -o -name "*.c" -o -name "*.cs" -o -name "*.ets" 2>/dev/null \
435
- | grep -v node_modules | grep -v .git | wc -l
436
- ```
437
-
438
- ---
439
-
440
- # Phase 2: Platform Classification
441
-
442
- After scanning, classify the project into one or more categories:
443
-
444
- | Category | Detection Signals | Sub-skill |
445
- |----------|-------------------|-----------|
446
- | **Desktop App** | Electron/Tauri/Qt/Flutter desktop | `desktop/*.md` |
447
- | **Mobile App** | React Native/Flutter/Kotlin/Swift/HarmonyOS | `mobile/*.md` |
448
- | **Web App** | React/Vue/Angular/Next.js/Nuxt | `web/*.md` |
449
- | **Backend Service** | Express/Django/FastAPI/Gin/Spring/Axum/Laravel | `backend/*.md` |
450
- | **AI/ML App** | PyTorch/TensorFlow/Transformers/Ollama | `ai/*.md` |
451
- | **CLI Tool** | Command-line tool, script | `cli/python-cli.md` |
452
- | **SDK/Library** | npm package, PyPI, crates.io, Maven, NuGet, Go module | `cli/sdk-library.md` |
453
- | **Browser Plugin** | manifest.json + content.js | `plugins/browser-extension.md` |
454
- | **IDE Plugin** | VS Code/JetBrains/WebStorm extension | `plugins/*.md` |
455
- | **Embedded** | ESP32/STM32/RTOS/Linux embedded | `embedded/*.md` |
456
- | **Car Software** | HarmonyOS Car/QNX/Android Automotive | `embedded/car-infotainment.md` |
457
- | **Robotics** | ROS/ROS2/SLAM/navigation | `embedded/ros.md` |
458
- | **Security Tool** | Pentest/vulnerability scanner/SIEM | `security/*.md` |
459
- | **Docker/Container** | Dockerfile, docker-compose | `cloud/docker.md` |
460
- | **Kubernetes** | K8s manifests, Helm charts | `cloud/kubernetes.md` |
461
- | **CI/CD Pipeline** | GitHub Actions, GitLab CI, Jenkins | `cloud/ci-cd-pipelines.md` |
462
- | **Payment System** | Stripe/Alipay/WeChat Pay/IAP | `cloud/payment-integration.md` |
463
- | **Monorepo** | Multiple packages in one repo | `web/monorepo.md` |
464
- | **WebAssembly** | Rust/Go/C compiled to WASM | `web/wasm.md` |
465
- | **PWA** | Service Worker + Web Manifest | `web/pwa.md` |
466
- | **Serverless/Edge** | Lambda/CF Workers/Vercel Functions | `web/serverless-edge.md` |
467
- | **VR/AR** | Meta Quest/Vision Pro/SteamVR | `desktop/vr-ar.md` |
468
- | **Wearable** | watchOS/Wear OS/Galaxy Watch | `mobile/wearables.md` |
469
- | **Smart Platform** | Android TV/tvOS/webOS/Tizen/CarPlay | `desktop/smart-platforms.md` |
470
- | **Cross-Platform** | .NET MAUI / Kotlin Multiplatform | `cross-platform/multiplatform.md` |
471
-
472
- If the project spans multiple categories (e.g., desktop + mobile + backend), dispatch to each corresponding sub-skill separately.
473
-
474
- ---
475
-
476
- # Phase 3: Complexity Assessment
477
-
478
- ## L1 Simple Tool (1–2 hours)
479
- - Pure frontend or simple full-stack
480
- - No native modules
481
- - < 50 source files
482
- - No database or localStorage only
483
- - **Typical**: Calculator, Markdown editor, Pomodoro timer, simple notes, bookmark tool
484
- - **Strategy**: Standard template, no customization needed
485
-
486
- ## L2 — Standard Application (4–8 hours)
487
- - Full-stack (frontend + backend + database)
488
- - Native modules or external APIs present
489
- - 50–500 source files
490
- - Complex state management
491
- - **Typical**: AI chatbot, project manager, data dashboard, local ERP, API debugger, IoT panel, IM client, SaaS desktop, DB manager
492
- - **Strategy**: Path adaptation, image embedding, source encryption
493
-
494
- ## L3 — Complex Application (1–5 days)
495
- - Multi-module architecture (plugin system, extension system)
496
- - Realtime communication (WebSocket, MQTT, WebRTC)
497
- - Multiple databases
498
- - GPU acceleration or audio/video processing
499
- - 500+ source files
500
- - **Typical**: IDE, video editor, design tool, full ERP, quantitative trading platform, indie game, HarmonyOS app, car infotainment
501
- - **Strategy**: Deep architecture adaptation, process isolation, performance optimization
502
-
503
- ---
504
-
505
- # Phase 4: Competitive Benchmarking
506
-
507
- Present similar products and their packaging approaches to help the user decide.
508
-
509
- | Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
510
- |----------|------------------|---------------|-------------------|-------------|
511
- | AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
512
- | Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
513
- | ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
514
- | Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
515
- | IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
516
- | IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
517
- | SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
518
- | Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
519
- | Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
520
- | Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
521
-
522
- ---
523
-
524
- # Phase 5: Recommendation & Confirmation
525
-
526
- > **Note**: Platform decision (Q5), info collection (Q6-Q14), and all user-facing questions are now handled in **Step 2: Unified User Intake** above. This phase focuses ONLY on presenting recommendations after the intake is complete.
527
-
528
- Based on the user's answers in Step 2, present:
529
-
530
- 1. **Primary recommendation** the best approach with clear reasoning
531
- 2. **2-3 alternatives** with trade-offs explained
532
- 3. **Size estimate** — expected package size for the chosen approach
533
- 4. **Reference products** similar apps that use the same approach
534
-
535
- | Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
536
- |----------|------------------|---------------|-------------------|-------------|
537
- | AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
538
- | Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
539
- | ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
540
- | Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
541
- | IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
542
- | IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
543
- | SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
544
- | Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
545
- | Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
546
- | Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
547
-
548
- Present the confirmation summary (from Step 2 Part D) and wait for user approval before proceeding.
549
-
550
- ---
551
-
552
- # Phase 6: Dispatch to Sub-skill
553
-
554
- | User Choice | Sub-skill to Dispatch |
555
- |------------|----------------------|
556
- | Electron | `desktop/electron.md` |
557
- | Tauri 2.0 | `desktop/tauri.md` |
558
- | Game (Unity/Godot/Unreal) | `desktop/game-dev.md` |
559
- | VR/AR (Meta Quest/Vision Pro) | `desktop/vr-ar.md` |
560
- | Smart TV/Car/RPi | `desktop/smart-platforms.md` |
561
- | Qt / Flutter / .NET | `desktop/native-app.md` |
562
- | Pake / Neutralinojs | `desktop/web-to-desktop.md` |
563
- | Android | `mobile/android.md` |
564
- | iOS/iPadOS | `mobile/ios.md` |
565
- | HarmonyOS | `mobile/harmonyos.md` |
566
- | Flutter Mobile | `mobile/flutter-mobile.md` |
567
- | React Native | `mobile/react-native.md` |
568
- | Capacitor | `mobile/capacitor.md` |
569
- | Wearable (watchOS/Wear OS) | `mobile/wearables.md` |
570
- | SPA (React/Vue) | `web/spa.md` |
571
- | SSR (Next.js/Nuxt) | `web/ssr.md` |
572
- | PWA | `web/pwa.md` |
573
- | Serverless / Edge | `web/serverless-edge.md` |
574
- | Monorepo (Turborepo/Nx) | `web/monorepo.md` |
575
- | WebAssembly (WASM) | `web/wasm.md` |
576
- | Node.js Backend | `backend/node-server.md` |
577
- | Python Backend | `backend/python-server.md` |
578
- | Go Backend | `backend/go-server.md` |
579
- | Rust Backend (Axum/Actix) | `backend/rust-backend.md` |
580
- | Java/Spring Boot | `backend/java-spring.md` |
581
- | PHP/Laravel | `backend/php-laravel.md` |
582
- | Python ML | `ai/python-ml.md` |
583
- | Local LLM | `ai/local-llm.md` |
584
- | Python CLI | `cli/python-cli.md` |
585
- | SDK / Library (npm/PyPI/crates.io/Maven/NuGet) | `cli/sdk-library.md` |
586
- | Browser Extension | `plugins/browser-extension.md` |
587
- | VS Code Extension | `plugins/vscode-extension.md` |
588
- | JetBrains Plugin | `plugins/jetbrains-plugin.md` |
589
- | ESP32 | `embedded/esp32.md` |
590
- | STM32 | `embedded/stm32.md` |
591
- | ROS/ROS2 | `embedded/ros.md` |
592
- | Car Infotainment | `embedded/car-infotainment.md` |
593
- | Security Tools | `security/security-tools.md` |
594
- | Docker | `cloud/docker.md` |
595
- | Kubernetes / Helm | `cloud/kubernetes.md` |
596
- | CI/CD Pipeline | `cloud/ci-cd-pipelines.md` |
597
- | Payment Integration | `cloud/payment-integration.md` |
598
- | .NET MAUI | `cross-platform/multiplatform.md` |
599
- | Kotlin Multiplatform | `cross-platform/multiplatform.md` |
600
- | Compose Multiplatform | `cross-platform/multiplatform.md` |
601
-
602
- ## Deviation Threshold
603
-
604
- The AI may deviate from the sub-skill document by **≤15%** during execution. Deviations exceeding 15% must be explained to the user and require explicit approval.
605
-
606
- ---
607
-
608
- # Phase 7: Mandatory Audit
609
-
610
- After packaging is complete, the AI **MUST** load and execute `audit.md`. The audit cannot be skipped under any circumstances.
611
-
612
- ---
613
-
614
- # Phase 8: Final Output
615
-
616
- ```
617
- ═══════════════════════════════════════════════
618
- BUILD REPORT
619
- ═══════════════════════════════════════════════
620
-
621
- [TECH STACK]
622
- Framework: [Electron / Tauri / ...]
623
- Frontend: [React + Vite / ...]
624
- Backend: [Express + SQLite / ...]
625
- Build: [esbuild / cargo / ...]
626
-
627
- [PACKAGE INFO]
628
- Filename: [AppName-Setup-1.0.0.exe]
629
- Size: [XXX MB]
630
- Platform: [Windows x64 / ...]
631
-
632
- [FILE ARCHITECTURE]
633
- [key directory structure]
634
-
635
- [SECURITY]
636
- Encryption: [AES-256-CBC + obfuscation + image embedding]
637
- Decryption: [server-side automatic]
638
-
639
- [AUDIT RESULTS]
640
- Package valid and installable
641
- App launches without errors
642
- ✅ Data persistence works
643
- No credential leaks
644
- No residual build artifacts
645
- All user requirements met
646
-
647
- [PACKAGE LOCATION]
648
- [absolute path]
649
- ═══════════════════════════════════════════════
650
- ```
651
-
652
- ---
653
- ---
654
-
655
- # Appendix: Best Practices & Common Mistakes
656
-
657
- ## Common Mistakes (from Industry Survey)
658
-
659
- 1. **Not code-signing binaries** macOS Gatekeeper and Windows SmartScreen will block unsigned apps. Always sign with a valid certificate.
660
- 2. **Hardcoding paths** Use platform APIs (`app.getPath()`, `XDG_*` env vars) instead of absolute paths.
661
- 3. **Bundling node_modules wholesale** — Use ASAR, tree-shaking, and exclude dev dependencies.
662
- 4. **Ignoring platform-specific behavior** — Line endings, path separators, case sensitivity, default shell differences.
663
- 5. **Not testing the packaged build** — Always test on a clean VM without dev tools installed.
664
- 6. **Missing/broken auto-update** — Implement from day one using `electron-updater` or equivalent.
665
- 7. **ASAR integrity issue** — Native modules (better-sqlite3, sharp) must be in `asarUnpack`.
666
- 8. **Not handling first-run** — Create default config/data directories, handle missing files gracefully.
667
- 9. **Over-bundling** Include only target-platform binaries, not all platforms.
668
- 10. **Insufficient production logging** — Use crash reporter (Sentry, electron-log) for debugging.
669
-
670
- ## Best Practices (2025-2026)
671
-
672
- | Practice | Description |
673
- |----------|-------------|
674
- | **Code signing** | macOS: Developer ID + notarization. Windows: EV/OV certificate. Linux: GPG signing. |
675
- | **ASAR bundling** | Protect source code, simplify file layout. Configure `asarUnpack` for native modules. |
676
- | **Auto-update from day one** | `electron-updater` (electron-builder) or `autoUpdater` (electron-forge). Use GitHub Releases or custom server. |
677
- | **Test on clean machines** | Fresh VM without dev tools catches missing runtime dependencies. |
678
- | **Separate main/renderer processes** | Heavy computation in main or utility process. Keep renderer free for UI. |
679
- | **Minimize bundle size** | Tree-shaking, exclude dev deps, compress assets, minimize native modules. |
680
- | **Handle permissions/sandboxing** | macOS: entitlements. Windows: UAC. Linux: Flatpak portals. |
681
- | **Provide uninstallers** | NSIS: configure `deleteAppDataOnUninstall`. MSIX: auto-uninstall. AppImage: document removal. |
682
- | **Use CI/CD** | GitHub Actions/Azure Pipelines. Build on each platform natively. |
683
- | **Version lock packaging tools** | Pin electron-builder/forge/tauri-cli versions to avoid surprise breakage. |
684
- | **Include crash reporter** | `@sentry/electron` or `electron-log` for production error tracking. |
685
-
686
- ## Framework Version Reference (2025-2026)
687
-
688
- | Framework | Version | Key Features |
689
- |-----------|---------|-------------|
690
- | Electron | 43.x | Chromium 150, Node.js 24, clipboard removed from renderer (v44), 32-bit dropped (v44) |
691
- | electron-builder | 26.x | YAML/JSON config, NSIS/MSI/AppImage/DMG (compatible with Electron 43) |
692
- | electron-forge | 7.x | Official Electron team recommendation, plugin architecture |
693
- | electron-updater | 6.x | Auto-update with differential downloads |
694
- | Tauri | 2.11.x | Mobile (iOS/Android) stable, Rust backend, 2-6MB bundles |
695
- | Node.js | 26.x LTS / 22.x LTS | require(esm) default (v23+), Temporal API (v26), Undici 8 |
696
- | Vite | 8.x | Latest build tool (verify plugin compatibility for v7/v8 migrations) |
697
- | Next.js | 16.x | App Router, RSC, standalone output |
698
- | React Native | 0.86.x | New Architecture default, Hermes engine |
699
- | Flutter | 3.44.x / Dart 3.12 | Impeller renderer default, desktop GA, WebAssembly support |
700
- | Go | 1.26.x | Latest stable (check stdlib breaking changes) |
701
- | Spring Boot | 3.5.x | GraalVM native image improvements |
702
- | Capacitor | 8.x | Web → mobile bridge (verify config format changes from v6) |
703
- | Wails | 2.10.x | Go backend, v3 beta available |
704
- | Neutralinojs | 5.6.x | 1-3MB binaries, minimal footprint |
705
- | Dioxus | 0.6.x | React-like Rust UI, pre-1.0 |
706
- | Pake/PakePlus | 2.7.x | Rust+Tauri wrapper, 3-10MB |
707
-
708
- ## electron-builder vs electron-forge
709
-
710
- | Aspect | electron-builder (26.x) | electron-forge (7.x) |
711
- |--------|------------------------|---------------------|
712
- | Config | YAML/JSON/JS | forge.config.js (JS/TS) |
713
- | Output | NSIS, MSI, AppImage, DMG, DEB, RPM, Snap, Flatpak | DMG, ZIP, Squirrel, DEB, RPM, Snap, Flatpak, MSI, AppX, MSIX |
714
- | Plugin system | Limited (custom afterPack) | Rich plugin architecture |
715
- | Community | Very mature, widely used | Official Electron team recommendation |
716
- | Code signing | Good, manual macOS notarization tweaks | Tight integration with osxSign/osxNotarize |
717
- | Auto-update | electron-updater (built-in) | @electron/update-electron-app |
718
- | **When to prefer** | Complex packaging rules, existing projects | New projects, first-party support |
719
-
1
+ # Package Skills Plugin — Universal Build & Packaging Orchestrator
2
+
3
+ Covers all **build and packaging** scenarios for indie developers, startups, and small-to-medium software companies: desktop, mobile, web, backend, AI/ML, CLI, plugins, embedded, security tools, containerization, cross-platform frameworks, monorepos, WebAssembly, VR/AR, wearables, smart platforms, serverless, CI/CD, and payment integration.
4
+
5
+ > **Scope**: This skill focuses on **building and packaging** source code into distributable artifacts (`.apk`, `.exe`, `.dmg`, `.vsix`, Docker images, WASM modules, etc.). Production operations and infrastructure provisioning are outside its scope.
6
+
7
+ ## Trigger Words
8
+
9
+ "package", "build", "bundle", "compile", "installer", "desktop app", "generate exe", "build software", "client packaging", "develop plugin", "app packaging", "embedded", "publish to store", "containerize", "Docker", "WASM", "monorepo build", "cross-compile"
10
+
11
+ ## Plugin Architecture
12
+
13
+ ```
14
+ package/
15
+ ├── skill.md ← Main orchestrator: scan → classify → guide → dispatch
16
+ ├── audit.md ← Post-build audit (top-level, mandatory)
17
+ └── sub-skills/
18
+ ├── desktop/ ← Desktop apps (9)
19
+ │ ├── electron.md ← Electron (security, path resolution, packaging, signing, auto-update, CI/CD, pitfalls)
20
+ │ ├── tauri.md ← Tauri 2.0 (Rust backend, minimal footprint)
21
+ │ ├── native-app.md ← Qt/Flutter/.NET (performance-critical)
22
+ │ ├── web-to-desktop.md ← Web-to-desktop (Pake/Neutralinojs)
23
+ │ ├── game-dev.md ← Game dev (Unity/Unreal/Godot)
24
+ │ ├── vr-ar.md ← VR/AR (Meta Quest/Vision Pro/SteamVR)
25
+ │ ├── smart-platforms.md ← Smart TV/Car/RPi (Android TV/tvOS/webOS/Tizen)
26
+ │ └── scenarios.md ← Desktop scenarios (AI/ERP/trading/IoT/IM)
27
+ ├── mobile/ ← Mobile (7)
28
+ │ ├── android.md ← Android native (Kotlin/Java)
29
+ │ ├── ios.md ← iOS/iPadOS (Swift/ObjC)
30
+ │ ├── harmonyos.md ← HarmonyOS (ArkTS)
31
+ │ ├── flutter-mobile.md ← Flutter mobile
32
+ │ ├── react-native.md ← React Native
33
+ │ ├── capacitor.md ← Capacitor (Web → mobile)
34
+ │ └── wearables.md ← Wearables (watchOS/Wear OS/Galaxy Watch)
35
+ ├── web/ ← Web apps (6)
36
+ │ ├── spa.md ← SPA (React/Vue/Angular/Svelte)
37
+ │ ├── ssr.md ← SSR (Next.js/Nuxt/Remix)
38
+ │ ├── pwa.md ← PWA (Progressive Web App)
39
+ │ ├── serverless-edge.md ← Serverless & Edge (Lambda/CF Workers/Vercel)
40
+ │ ├── monorepo.md ← Monorepo (Turborepo/Nx/pnpm workspaces)
41
+ │ └── wasm.md ← WebAssembly (Rust/Go/C → WASM)
42
+ ├── backend/ ← Backend services (6)
43
+ │ ├── node-server.md ← Node.js (Express/Nest/Fastify)
44
+ │ ├── python-server.md ← Python (Flask/Django/FastAPI)
45
+ │ ├── go-server.md ← Go (Gin/Echo/Fiber)
46
+ │ ├── rust-backend.md ← Rust (Axum/Actix-Web/Rocket)
47
+ │ ├── java-spring.md ← Java (Spring Boot/Quarkus/Micronaut)
48
+ │ └── php-laravel.md ← PHP (Laravel/Symfony/Slim)
49
+ ├── ai/ ← AI/ML (2)
50
+ │ ├── python-ml.md ← Python ML model packaging
51
+ │ └── local-llm.md ← Local LLM applications
52
+ ├── cli/ ← CLI tools & Libraries (2)
53
+ │ ├── python-cli.md ← Python CLI tools
54
+ │ └── sdk-library.md ← SDK/Library publishing (npm/PyPI/crates.io/Maven/NuGet/Go)
55
+ ├── plugins/ ← Plugins (3)
56
+ │ ├── browser-extension.md ← Chrome/Edge/Firefox extensions
57
+ │ ├── vscode-extension.md ← VS Code extensions
58
+ │ └── jetbrains-plugin.md ← JetBrains plugins
59
+ ├── embedded/ ← Embedded (4)
60
+ │ ├── esp32.md ← ESP32 (Arduino/ESP-IDF)
61
+ │ ├── stm32.md ← STM32 (Keil/CubeIDE)
62
+ │ ├── ros.md ← ROS/ROS2 robotics
63
+ │ └── car-infotainment.md ← Car infotainment (HarmonyOS/Auto/QNX)
64
+ ├── security/ ← Security tools (1)
65
+ │ └── security-tools.md ← Pentest / scanners / SIEM
66
+ ├── cloud/ ← Cloud & Infrastructure (4)
67
+ │ ├── docker.md ← Docker containerization
68
+ │ ├── kubernetes.md ← Kubernetes/Helm/K3s
69
+ │ ├── ci-cd-pipelines.md ← CI/CD (GitHub Actions/GitLab CI/Jenkins)
70
+ │ └── payment-integration.md ← Payment (Stripe/Alipay/WeChat Pay/IAP)
71
+ └── cross-platform/ ← Cross-platform frameworks (1)
72
+ └── multiplatform.md ← .NET MAUI / Kotlin Multiplatform / Compose Multiplatform
73
+ ```
74
+
75
+ ## Core Workflow
76
+
77
+ ```
78
+ 1. Project Scan → Identify project type, language, dependencies, architecture
79
+ 2. Report & Intake → Report findings to user → Ask key questions interactively
80
+ 3. Analyze & Research → Combine scan results + user answers + online research (if needed)
81
+ 4. Recommend & Guide → Present RECOMMENDED solution + 2-3 alternatives with reasoning → discuss with user
82
+ 5. Confirm Plan → User selects final approach → generate confirmation summary
83
+ 6. Prepare Project Detect config gaps propose modifications user approves each change → apply
84
+ 7. Execute Load sub-skill → run build process (≤15% deviation without approval)
85
+ 8. Audit Execute audit.md (mandatory, cannot be skipped)
86
+ 9. Final Report → Output structured build report
87
+ ```
88
+
89
+ > **Guidance Philosophy**: The LLM acts as a **build consultant**, not a form-filler. After scanning and asking questions, the LLM MUST synthesize all information, perform targeted research if needed, and present a clear recommendation with reasoning. The user should feel guided, not interrogated.
90
+
91
+ ### Step 2: Report & Intake
92
+
93
+ After scanning, the AI reports findings and asks questions **in one interactive session**. Do NOT split across multiple steps.
94
+
95
+ **Format**: Every question MUST be presented via an interactive selection mechanism. Group 3-4 questions per call when possible.
96
+
97
+ **Language**: ALL questions and options MUST be bilingual (Chinese + English). Every question text, option label, and option description must appear in both languages. Example: `Q1. Who are the target users? / 目标用户是谁?`
98
+
99
+ **Agent-specific interaction patterns:**
100
+ - **Claude Code**: Use `AskUserQuestion` tool (popup with selectable options + input field)
101
+ - **Cursor**: Present questions as numbered options in chat; user replies with numbers
102
+ - **OpenCode / OpenClaw / Trae**: Use structured option lists in chat; user replies with numbers
103
+ - **Codex CLI**: Present questions as numbered options; user replies with numbers
104
+ - **GitHub Copilot**: Present questions as numbered options; user replies with numbers
105
+ - **Hermes / LangChain**: Present questions as numbered options; user replies with numbers
106
+ - **WorkBuddy / Windsurf / Zed AI**: Present questions as numbered options; user replies with numbers
107
+
108
+ > **Rule**: Every question MUST offer selectable options (never open-ended text). Include a default option (LLM auto-detected value) and a custom option for free-text input. The LLM should never ask questions without providing choices.
109
+
110
+ ---
111
+
112
+ #### Part A: Project Summary (Tell the User What You Found)
113
+
114
+ > **Scanning is the foundation of everything.** If the scan is wrong, all downstream decisions will be wrong. The LLM MUST scan thoroughly before asking any questions. If the scan reveals issues (missing dependencies, .env files, outdated configs), **flag them immediately** don't wait until build time.
115
+
116
+ ```
117
+ 📋 Project Scan Results:
118
+ - Framework: [detected framework]
119
+ - Language: [detected language]
120
+ - Estimated complexity: [L1/L2/L3]
121
+ - Key dependencies: [list]
122
+ - Source files: [count]
123
+ - Notable: [any special findings native modules, env files, game engine, etc.]
124
+ ```
125
+
126
+ **Dependency Completeness Check** (auto-run during scan):
127
+
128
+ The LLM MUST verify that all required dependencies for the detected framework are present. If anything is missing, **tell the user before proceeding**:
129
+
130
+ | Framework | Required Dependencies | Check Command |
131
+ |-----------|----------------------|---------------|
132
+ | Tauri | `@tauri-apps/api` in package.json | `grep "@tauri-apps/api" package.json` |
133
+ | Electron | `electron` + `electron-builder` in devDependencies | `grep "electron" package.json` |
134
+ | React Native | `react-native` + `@react-native-community/cli` | `grep "react-native" package.json` |
135
+ | Capacitor | `@capacitor/core` + `@capacitor/cli` | `grep "@capacitor" package.json` |
136
+ | Vue + Vite | `vue` + `@vitejs/plugin-vue` + `vite` | `grep "vue\|vite" package.json` |
137
+ | Next.js | `next` + `react` + `react-dom` | `grep "next\|react" package.json` |
138
+
139
+ **Security Scan** (auto-run during scan):
140
+
141
+ | What to check | Why | Action if found |
142
+ |---------------|-----|----------------|
143
+ | `.env` / `.env.*` files | May contain API keys, tokens | ⚠️ Flag to user: "Found .env with sensitive data — will remove before packaging" |
144
+ | Hardcoded `sk-` / `api_key` / `secret` in source | Credential leak | ⚠️ Flag to user: "Found hardcoded credentials in [file]" |
145
+ | `node_modules` in git | Bloat, potential secret leak | ⚠️ Suggest adding to `.gitignore` |
146
+ | Missing `.gitignore` | May accidentally commit secrets | ⚠️ Suggest creating one |
147
+
148
+ ---
149
+
150
+ #### Part B: Build Overview Confirmation
151
+
152
+ > After scanning, the FIRST thing the LLM MUST do is present a build overview and ask the user to confirm, correct, or supplement before asking any other questions. This ensures the LLM correctly understood the project scope.
153
+
154
+ ```
155
+ 📋 Build Overview / 构建总览
156
+
157
+ Project type / 项目类型: [detected type / 检测到的类型]
158
+ Framework / 框架: [detected framework / 检测到的框架]
159
+ Language / 语言: [detected language / 检测到的语言]
160
+ Entry point / 入口文件: [detected entry / 检测到的入口]
161
+ Build config / 构建配置: [detected config files / 检测到的配置文件]
162
+ Dependencies / 依赖: [key dependencies / 关键依赖]
163
+ Output expected / 预期产出: [e.g., desktop installer / 例如:桌面安装包]
164
+
165
+ Is this correct? Any files to add or exclude?
166
+ 以上信息是否正确?是否需要添加或排除某些文件?
167
+ ```
168
+
169
+ Present the build overview and options using the agent's interactive selection mechanism (see format guidelines above):
170
+
171
+ - **Correct, proceed / 正确,继续**
172
+ - 📝 **Need to add files / 需要添加文件** → type the files after selecting
173
+ - 🗑️ **Need to exclude files / 需要排除文件** → type the files after selecting
174
+ - 🔄 **Need to correct / 需要修正** describe the corrections after selecting
175
+
176
+ > Only proceed to Q1 after the user confirms the build overview. If the user requests changes, update the overview and re-confirm.
177
+
178
+ ---
179
+
180
+ #### Part C: Key Questions
181
+
182
+ **Q1. Who are the target users? / 目标用户是谁?**
183
+ - 1. ⭐ General consumers → One-click installer (NSIS/DMG/APK) / 普通消费者 → 一键安装包
184
+ - 2. Enterprise internal MSI/Group Policy/MDM / 企业内部 → MSI/组策略/MDM
185
+ - 3. Developers → npm/pip/cargo / 开发者 → npm/pip/cargo
186
+ - 4. Government/military → Domestic platform adaptation / 政府军工 → 国产化平台适配
187
+
188
+ **Q2. Distribution channel? / 分发渠道?**
189
+ - 1. Website download Code signing + auto-update / 官网下载 → 代码签名 + 自动更新
190
+ - 2. App Store → Store signing + review compliance / 应用商店 → 商店签名 + 审核合规
191
+ - 3. Enterprise internal MDM/Group Policy / 企业内部 → MDM/组策略
192
+ - 4. Open source → GitHub Releases / npm / PyPI / 开源 → GitHub Releases / npm / PyPI
193
+
194
+ **Q3a. Desktop platform(s)? / 桌面端平台?** (multi-select / 多选)
195
+ - 1. ⭐ Windows
196
+ - 2. macOS
197
+ - 3. Linux
198
+ - 4. None / 不需要桌面端
199
+
200
+ **Q3b. Mobile platform(s)? / 移动端平台?** (multi-select / 多选)
201
+ - 1. Android
202
+ - 2. iOS/iPadOS
203
+ - 3. HarmonyOS / 鸿蒙
204
+ - 4. None / 不需要移动端
205
+
206
+ **Q3c. Architecture per platform? / 各平台架构?** (ask for EACH platform selected in Q3a/Q3b / 按 Q3a/Q3b 选择的平台逐个询问)
207
+
208
+ > Example: If user selected "Windows + macOS" in Q3a, ask:
209
+ > "You selected Windows and macOS. Now choose architecture for each:"
210
+ > 示例:如果用户在 Q3a 选择了 "Windows + macOS",询问:
211
+ > "您选择了 Windows 和 macOS,请为每个平台选择架构:"
212
+
213
+ - **Windows 架构?**
214
+ - 1. x64 only / x64(最常见,覆盖 99% 电脑)
215
+ - 2. ARM64 only / ARM64(Surface Pro X、骁龙笔记本)
216
+ - 3. Both x64 + ARM64 / 同时输出 x64 + ARM64 两个安装包
217
+ - **macOS 架构?**
218
+ - 1. Universal Binary / 通用二进制(x64 + ARM64 合并,兼容所有 Mac)
219
+ - 2. ARM64 only / 仅 ARM64(Apple Silicon M1+,不支持 Intel Mac)
220
+ - 3. x64 only / 仅 x64(仅 Intel Mac,不推荐)
221
+ - **Linux 架构?**
222
+ - 1. ⭐ x64 only / 仅 x64(最常见)
223
+ - 2. ARM64 only / 仅 ARM64(树莓派 4/5、ARM 服务器)
224
+ - 3. Both x64 + ARM64 / 同时输出 x64 + ARM64 两个包
225
+ - **Android 架构?**
226
+ - 1. ⭐ ARM64 (v8a) covers 95%+ devices / 覆盖 95%+ 现代设备
227
+ - 2. ARM64 + ARMv7 — for older devices / 兼容旧设备,APK 体积更大
228
+ - 3. Universal APK — all architectures / 全架构,体积最大
229
+ - **iOS 架构?**
230
+ - 1. ARM64 (all modern Apple devices, automatic) / 所有现代 Apple 设备,自动适配
231
+
232
+ > All selected architecture packages will be output to the same target folder (see output location in Step 6).
233
+ > 所有选中的架构包将输出到同一目标文件夹(见 Step 6 输出位置)。
234
+
235
+ **Q3d. Architecture output mode? / 架构输出模式?** (only ask when user selected 2+ architectures for a platform in Q3c / 仅当用户在 Q3c 中为某平台选择了 2 个以上架构时才询问)
236
+
237
+ > **Interaction flow / 交互流程**: First ask "Separate or Merged?" per platform. If user selects "Separate", follow up with a second question to select which specific architectures to output. Do NOT try to combine both questions into one call.
238
+ > 先按平台询问"分开还是合并?"。如果用户选择"分开",再用第二个问题选择具体输出哪些架构。不要把两个问题合并在一次调用中。
239
+
240
+ > This determines how multi-architecture builds are packaged. Based on your Q3c selections, here is what will be output:
241
+ > 决定多架构构建如何打包。根据您在 Q3c 的选择,以下是输出预览:
242
+
243
+ **Example / 示例:** If you selected Windows (x64 + ARM64) + macOS (Universal Binary) in Q3c:
244
+
245
+ | Mode / 模式 | Output / 输出 | Count / 数量 |
246
+ |------|--------|:-----:|
247
+ | **Separate / 分开** | `MyApp-v1.0.0-windows-x64.exe` + `MyApp-v1.0.0-windows-arm64.exe` + `MyApp-v1.0.0-macos-universal.dmg` | 3 files |
248
+ | **Merged / 合并** | `MyApp-v1.0.0-windows.exe` (x64+ARM64) + `MyApp-v1.0.0-macos-universal.dmg` | 2 files |
249
+
250
+ - **Windows (if x64 + ARM64 selected in Q3c)? / Windows(如在 Q3c 选择了 x64 + ARM64)?**
251
+ - 1. Separate select which to output (multi-select) / 分开 — 选择输出哪些(多选):
252
+ - x64
253
+ - ARM64
254
+ - 2. Merged — single installer / 合并 — 单个安装包
255
+ - **macOS (if Universal Binary NOT selected in Q3c)? / macOS(如未选择通用二进制)?**
256
+ - 1. ⭐ Separate — select which to output (multi-select) / 分开 — 选择输出哪些(多选):
257
+ - x64 (Intel)
258
+ - ARM64 (Apple Silicon)
259
+ - 2. Merged — single `.dmg` / 合并 — 单个 `.dmg`
260
+ - **Linux (if x64 + ARM64 selected in Q3c)? / Linux(如选择了 x64 + ARM64)?**
261
+ - 1. ⭐ Separate — select which to output (multi-select) / 分开 — 选择输出哪些(多选):
262
+ - x64
263
+ - ARM64
264
+ - 2. Merged — single package / 合并 — 单个包
265
+ - **Android (if multiple architectures selected in Q3c)? / Android(如选择了多个架构)?**
266
+ - 1. Separate select which to output (multi-select) / 分开 — 选择输出哪些(多选):
267
+ - ARM64 (v8a)
268
+ - ARMv7
269
+ - Universal / 全架构
270
+ - 2. Single APK — all architectures merged / 单个 APK — 全架构合并
271
+
272
+ > **Naming convention / 命名规范** (auto-applied for separate output / 分开输出时自动应用):
273
+ > `[AppName]-v[Version]-[OS]-[Arch].[ext]`
274
+ > Examples / 示例: `MyApp-v1.0.0-windows-x64.exe`, `MyApp-v1.0.0-macos-arm64.dmg`
275
+
276
+ > **After user selects, show final output list / 用户选择后,展示最终输出列表**:
277
+ > ```
278
+ > 📦 Build output / 构建输出 (2 files):
279
+ > 1. MyApp-v1.0.0-windows-x64.exe (Windows x64)
280
+ > 2. MyApp-v1.0.0-macos-arm64.dmg (macOS ARM64)
281
+ > ```
282
+ > If user deselects an architecture, it is excluded from the build entirely.
283
+ > 如果用户取消勾选某个架构,该架构将完全不参与构建。
284
+
285
+ **Q3e. Minimum OS version? / 最低系统版本?** (ask for EACH platform selected in Q3a/Q3b / 按 Q3a/Q3b 选择的平台逐个询问)
286
+
287
+ - **Windows (if selected)?**
288
+ - 1. ⭐ Windows 10 (most common, Electron 31+ requires) / 最常见,Electron 31+ 要求
289
+ - 2. Windows 11
290
+ - 3. Custom / 自定义 type version in tool / 在工具中输入版本号
291
+ - **macOS (if selected)?**
292
+ - 1. ⭐ macOS 10.15 (Catalina, Electron 31 default) / Electron 31 默认
293
+ - 2. macOS 12 (Monterey)
294
+ - 3. Custom / 自定义 → type version in tool / 在工具中输入版本号
295
+ - **Linux (if selected)?**
296
+ - 1. No specific requirement / 无特殊要求
297
+ - 2. Custom / 自定义 type requirement in tool / 在工具中输入要求
298
+ - **Android (if selected)?**
299
+ - 1. ⭐ Android 8.0 (API 26, covers 95%+ devices) / 覆盖 95%+ 设备
300
+ - 2. Android 10 (API 29)
301
+ - 3. Custom / 自定义 → type API level in tool / 在工具中输入 API 级别
302
+ - **iOS (if selected)?**
303
+ - 1. iOS 15.0 (minimum for modern SwiftUI features) / 现代 SwiftUI 最低要求
304
+ - 2. iOS 16.0
305
+ - 3. Custom / 自定义 → type version in tool / 在工具中输入版本号
306
+
307
+ **Q4. App name? / 应用名称?**
308
+ - 1. [detected folder name] / [检测到的文件夹名称]
309
+ - 2. Custom / 自定义 type name in tool / 在工具中输入名称
310
+
311
+ **Q4b. Version? / 版本号?**
312
+ - 1. [detected from package.json or default 1.0.0] / [从 package.json 检测或默认 1.0.0]
313
+ - 2. Custom / 自定义 type version in tool / 在工具中输入版本号
314
+
315
+ **Q4c. Copyright holder? / 版权持有者?**
316
+ - 1. ⭐ [detected from git config user.name] / [从 git 配置的用户名检测]
317
+ - 2. Custom / 自定义 → type name in tool / 在工具中输入名称
318
+
319
+ **Q4d. Language / Localization? / 语言 / 本地化?**
320
+ - 1. English only / 仅英文(默认)
321
+ - 2. Chinese / 中文(简体 + 繁体)
322
+ - 3. Multi-language / 多语言(English + Chinese)
323
+ - 4. Custom / 自定义 → type languages in tool / 在工具中输入语言
324
+
325
+ **Q4e. License file? / 许可证文件?**
326
+ - 1. ⭐ [detected from LICENSE file, e.g., MIT] / [从 LICENSE 文件检测,如 MIT]
327
+ - 2. Open source (Apache/GPL/其他) / 开源协议 → type in tool / 在工具中输入
328
+ - 3. Proprietary / Commercial / 商业 / 专有
329
+ - 4. None / 无 — do not include license in package / 不在安装包中包含许可证
330
+
331
+ **Q4f. Installer UI customization? / 安装界面自定义?**
332
+ - 1. Default theme / 默认主题(简洁标准外观)
333
+ - 2. Custom branding / 自定义品牌 describe in tool / 在工具中描述需求(如自定义欢迎页、背景图、文字颜色等)
334
+ - 3. Minimal / unbranded / 极简无品牌 — 无 logo、无自定义文字,纯功能性安装器
335
+
336
+ **Q6. Source code protection level? / 源码保护等级?**
337
+
338
+ > This determines how hard it is for someone to decompile and read your source code.
339
+ > 决定他人反编译和读取源码的难度。
340
+
341
+ - 1. **Standard / 标准** Code bundled (ASAR for Electron; Rust compiled for Tauri) / 代码打包(Electron: ASAR; Tauri: 已编译 Rust,反编译难度高)
342
+ - 2. **Obfuscation / 混淆** — JS/TS code scrambled, adds ~1 min build time / 代码混淆,增加约 1 分钟构建时间
343
+ - 3. **Full protection / 完整保护** — Obfuscation + AES encryption + image embedding, adds ~5 min / 混淆 + AES 加密 + 图片嵌入,增加约 5 分钟
344
+ - 4. **None / 不保护** — Open source, no protection needed / 开源项目,无需保护
345
+
346
+ **Q7. Clear test data and hardcoded keys? / 清除测试数据和硬编码密钥?**
347
+ - 1. ⭐ Yes, clean everything / 是,全部清除
348
+ - 2. No (dev build only) / 否(仅开发构建)
349
+
350
+ **Q8. Code signing? / 代码签名?**
351
+ - 1. Yes, I have certificates / 是,我有证书
352
+ - 2. No signing (will show security warnings to users) / 不签名(用户将看到安全警告)
353
+ - 3. Not yet, guide me through the process / 还没有,引导我完成申请流程
354
+
355
+ **Q9. Auto-update and release type? / 自动更新与发布类型?**
356
+ - 1. ⭐ First publish + auto-update / 首次发布 + 自动更新
357
+ - 2. First publish, no auto-update / 首次发布,不自动更新
358
+ - 3. Update existing app + auto-update / 更新已有应用 + 自动更新
359
+ - 4. Update existing app, no auto-update / 更新已有应用,不自动更新
360
+
361
+ **Q10. Any special requirements? / 特殊需求?**
362
+ - 1. None /
363
+ - 2. Custom / 自定义 describe in tool / 在工具中描述需求
364
+
365
+ ---
366
+
367
+ ### Step 3: Analyze & Research
368
+
369
+ After collecting the user's answers, the LLM **MUST**:
370
+
371
+ 1. **Synthesize** Combine scan results (Step 1) + user answers (Step 2) + complexity assessment
372
+ 2. **Research if needed** If the project type is niche or the user has unusual requirements, search for official documentation or community solutions (time-boxed to 2-3 minutes)
373
+ 3. **Determine the best approach** Based on ALL available information, identify the optimal packaging strategy
374
+ 4. **Identify alternatives** — Find 2-3 viable alternatives with clear trade-offs
375
+
376
+ **When to research online:**
377
+ - User's framework/version is not covered by any sub-skill
378
+ - User has requirements that conflict with standard approaches
379
+ - Latest best practices may have changed (check official docs)
380
+
381
+ **When NOT to research:**
382
+ - The project clearly matches an existing sub-skill
383
+ - User's requirements are straightforward
384
+ - Research would add no value beyond what the sub-skill already covers
385
+
386
+ ---
387
+
388
+ ### Step 4: Recommend & Guide (THE KEY STEP)
389
+
390
+ This is where the LLM acts as a **consultant**. Present the analysis as a conversation, not a data dump.
391
+
392
+ **Output format:**
393
+
394
+ ```
395
+ ═══════════════════════════════════════════════
396
+ PACKAGING RECOMMENDATION
397
+ ═══════════════════════════════════════════════
398
+
399
+ Based on your project scan and requirements, here is my analysis:
400
+
401
+ [Project Analysis]
402
+ Your [framework] project has [complexity] complexity with [key characteristics].
403
+ The main challenge will be [identified challenge].
404
+
405
+ RECOMMENDED: [Solution Name]
406
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
407
+ Why this approach:
408
+ - [Reason 1 — e.g., "Your team has only frontend experience, so Electron is the lowest barrier"]
409
+ - [Reason 2 — e.g., "You need SQLite native module, which requires Node.js runtime"]
410
+ - [Reason 3 — e.g., "Target size ~150MB is acceptable for your use case"]
411
+
412
+ Configuration:
413
+ - Framework: [Electron 43 + React + Express + SQLite]
414
+ - Build tool: [electron-builder 26]
415
+ - Platforms: [Windows + macOS]
416
+ - Architecture: [Windows x64, macOS Universal]
417
+ - Package format: [NSIS for Windows x64, DMG for macOS Universal]
418
+ - Source protection: [ASAR + JavaScript obfuscation]
419
+ - Signing: [Windows EV cert + macOS Developer ID]
420
+ - Auto-update: [electron-updater via GitHub Releases]
421
+ - Output folder: [./release/]
422
+ - Expected size: [~150MB per platform]
423
+
424
+ Alternative A: [Tauri 2.11]
425
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
426
+ - Pro: Much smaller (3-10MB), better performance
427
+ - Con: Requires Rust rewrite of backend, higher learning curve
428
+ - When to choose: If team can learn Rust and package size is critical
429
+
430
+ Alternative B: [Neutralinojs]
431
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
432
+ - Pro: Minimal footprint (~2MB)
433
+ - Con: Limited native module support, smaller ecosystem
434
+ - When to choose: If app is mostly a web wrapper with no backend
435
+
436
+ ═══════════════════════════════════════════════
437
+ Which approach would you like to proceed with?
438
+ 1. ⭐ Recommended ([Solution Name])
439
+ 2. Alternative A
440
+ 3. Alternative B
441
+ 4. Custom combination (tell me what you want)
442
+ ═══════════════════════════════════════════════
443
+ ```
444
+
445
+ **Key principles for the recommendation:**
446
+ - **Lead with WHY** Don't just say "use Electron". Explain WHY based on the user's specific answers.
447
+ - **Be specific** Reference the user's actual requirements (target users, platform, budget).
448
+ - **Quantify** Give expected package size, build time, complexity.
449
+ - **Honest trade-offs** Don't hide downsides. "Electron is 150MB but Tauri is 3MB" is better than pretending size doesn't matter.
450
+ - **Conditional advice** "If X changes, switch to Y" helps the user understand the decision tree.
451
+ - **Don't rush** If the user wants to discuss, engage. Answer questions before proceeding.
452
+
453
+ ---
454
+
455
+ ### Step 5: Confirm Plan
456
+
457
+ After the user selects an approach, generate a final confirmation summary:
458
+
459
+ ```
460
+ ═══════════════════════════════════════════════
461
+ FINAL BUILD PLAN
462
+ ═══════════════════════════════════════════════
463
+
464
+ [App] MyApp v1.0.0
465
+ [Framework] Electron 43 + React + Express + SQLite
466
+ [Platform] Windows + macOS
467
+ [Architecture] Windows: x64 | macOS: Universal (x64+ARM64)
468
+ [Installer] NSIS (.exe) for Win x64 + DMG for macOS Universal
469
+ [Logo] icon.png (256x256, PNG with alpha, rounded corners applied)
470
+ [Output] ./release/ (all installers in this folder)
471
+ [Protection] ASAR + JavaScript obfuscation
472
+ [Test Data] ✅ Cleared
473
+ [API Keys] ✅ Cleared
474
+ [Signing] Windows EV cert + macOS Developer ID + notarization
475
+ [Auto-update] electron-updater via GitHub Releases
476
+
477
+ ═══════════════════════════════════════════════
478
+ Reply 'yes' to start building, or tell me what to change.
479
+ ═══════════════════════════════════════════════
480
+ ```
481
+
482
+ Only proceed to execution after the user explicitly confirms.
483
+
484
+ ---
485
+
486
+ **Dynamic Adaptation Rules:**
487
+ - Do NOT lock into rigid rules. If the user has special requirements (e.g., "I need to support both Windows XP and the latest macOS"), provide a viable approach rather than saying "not supported"
488
+ - If the standard sub-skill approach does not fit, provide a custom solution based on general engineering knowledge
489
+ - Every recommendation MUST explain **why** this approach is recommended and **under what circumstances** to switch to an alternative
490
+ - When the user asks about **deployment or hosting** (e.g., "How do I deploy this Docker image?", "Which platform should I host on?"), provide guidance on WHERE and HOW to deploy, but do NOT execute the deployment — that is outside this skill's scope. This skill handles building and packaging only.
491
+ - If the user skips a question (says "skip" or "default"), use the recommended option and note it in the confirmation summary
492
+
493
+ ---
494
+
495
+ ### Step 6: Prepare Project
496
+
497
+ After the user confirms the build plan, the LLM MUST check whether the project is ready for the chosen packaging strategy. Many projects require configuration changes, dependency additions, or file modifications before they can be built successfully.
498
+
499
+ > **Core rule**: Every modification to the user's project requires explicit approval. Never auto-apply changes.
500
+
501
+ #### 6a. Detect Gaps
502
+
503
+ Based on the confirmed build plan and the selected sub-skill, scan for:
504
+
505
+ | Check | Examples |
506
+ |-------|---------|
507
+ | **Missing config files** | `electron-builder.yml`, `tauri.conf.json`, `Dockerfile`, `.github/workflows/build.yml` |
508
+ | **Missing dependencies** | `electron-builder` not in `devDependencies`, `tauri-cli` not installed |
509
+ | **Outdated or incorrect config** | Wrong `main` field in `package.json`, missing `build` scripts |
510
+ | **Missing build assets** | App icon not found or wrong format, no `entitlements.plist` for macOS |
511
+ | **Signing prerequisites** | No signing certificates configured, missing env vars |
512
+ | **Framework-specific requirements** | iOS: no `ExportOptions.plist`; Tauri: Rust toolchain not detected |
513
+
514
+ #### 6b. Ask User Preferences
515
+
516
+ Before presenting the modification plan, the LLM MUST ask the following questions using the agent's interactive selection mechanism (see format guidelines above):
517
+
518
+ **Logo / Icon / Logo 图标:**
519
+ - 1. I have a logo / 我有 logo type file path in tool / 在工具中输入文件路径
520
+ - 2. Need to generate / 需要生成 Recommend tool based on platform / 根据平台推荐工具
521
+ - 3. Use default / 使用默认 → Not recommended for production / 不建议用于正式发布
522
+
523
+ **Output location / 输出位置:**
524
+ - 1. `./release/` (default / 默认)
525
+ - 2. Custom path / 自定义路径 → type path in tool / 在工具中输入路径
526
+
527
+ > When multiple architectures are output separately (Q3d), filenames automatically include platform and architecture: `[AppName]-v[Version]-[OS]-[Arch].[ext]`
528
+ > 当多架构分开输出时(Q3d),文件名自动包含平台和架构信息。
529
+
530
+ > **Note**: Encryption/protection level (Q6) was already confirmed in Step 2. Use that answer directly — do NOT ask again.
531
+ > **注意**:加密/保护等级(Q6)已在 Step 2 确认,直接使用,不要重复询问。
532
+
533
+ **After logo path is provided / 提供 logo 路径后,追问:**
534
+ - 1. ⭐ Crop and round corners for installer icon / 裁切圆角用于安装包图标
535
+ - 2. Use original as-is / 使用原图不处理
536
+ - 3. Skip / 跳过
537
+
538
+ #### 6c. Present Modification Plan
539
+
540
+ Present ALL required changes to the user in a structured checklist **before making any changes**, then use the agent's interactive selection mechanism for confirmation:
541
+
542
+ ```
543
+ 📋 Pre-Build Preparation / 构建前准备 [Framework] [Platform]
544
+
545
+ App icon / 应用图标: Please provide the logo file path / 请提供 logo 文件路径
546
+ Crop and round corners? / 是否裁切圆角?(yes/no)
547
+
548
+ Config changes needed / 需要的配置变更:
549
+
550
+ [1] Add file / 添加文件: electron-builder.yml
551
+ → NSIS installer, code signing, auto-update
552
+ [2] Add dependency / 添加依赖: electron-builder (devDependency)
553
+ → Required build tool / 构建必需工具
554
+ [3] Modify / 修改: package.json add "build" script
555
+ → "build": "electron-builder --win --mac"
556
+ ```
557
+
558
+ Then use the agent's interactive selection mechanism:
559
+
560
+ - **Approve all / 全部同意**
561
+ - ☑️ **Approve selectively / 选择性同意** type the numbers in tool / 在工具中输入编号 (e.g., "1,3")
562
+ - **Need to add changes / 需要补充修改** describe the additional changes in tool / 在工具中描述补充内容
563
+ - **Reject all / 全部拒绝** → explain what to change in tool / 在工具中说明需要修改的内容
564
+
565
+ > Only apply changes the user explicitly approved. If user adds new changes, append them to the plan and re-confirm.
566
+
567
+ #### 6c. Apply Approved Changes
568
+
569
+ - Only apply changes the user explicitly approved
570
+ - For each applied change, show a brief confirmation
571
+ - If the user skips a critical change, warn about potential build failure but respect the decision
572
+ - After all changes are applied, re-confirm readiness before proceeding to Execute
573
+
574
+ #### 6d. What This Step Does NOT Do
575
+
576
+ - Does NOT modify business logic or application source code
577
+ - Does NOT change framework version or architecture decisions (those were finalized in Step 5)
578
+ - Does NOT install system-level tools (e.g., Xcode, Android SDK) — those are user's responsibility
579
+ - Does NOT create signing certificates or provisioning profiles
580
+
581
+ > **Why this step exists**: Skipping project preparation is the #1 cause of build failures. A missing config file or wrong dependency version can waste hours of debugging. This step catches those issues early and fixes them with user approval.
582
+
583
+ ---
584
+
585
+ When the user's project does NOT match any existing sub-skill (e.g., a niche framework, emerging technology, or proprietary platform):
586
+
587
+ 1. **Search for official documentation** — Find the framework/platform's official build guide
588
+ 2. **Search for community solutions** — Look for GitHub repos, blog posts, or Stack Overflow answers from experienced developers
589
+ 3. **Adapt a similar sub-skill** — Find the closest matching sub-skill and adapt its patterns
590
+ 4. **Time-box the research** — Spend no more than 2-3 minutes on research. If no clear guide is found, tell the user honestly and suggest they consult the platform's official documentation
591
+ 5. **Document the approach** — Present the found approach to the user for confirmation before proceeding
592
+
593
+ **Priority for research sources:**
594
+ 1. Official documentation (docs.xxx.com)
595
+ 2. Official GitHub repository (README, wiki, examples)
596
+ 3. Well-known tech blogs (with verifiable code examples)
597
+ 4. Stack Overflow answers with high vote counts
598
+ 5. **Never** use unverified random blog posts or outdated tutorials
599
+
600
+ ---
601
+
602
+ # Phase 1: Project Scan
603
+
604
+ Execute the following scan commands before any decision-making:
605
+
606
+ ```bash
607
+ # ── Project structure detection ──
608
+ find . -maxdepth 2 -name "package.json" -o -name "Cargo.toml" -o -name "pubspec.yaml" \
609
+ -o -name "*.csproj" -o -name "go.mod" -o -name "CMakeLists.txt" \
610
+ -o -name "build.gradle" -o -name "pom.xml" -o -name "pyproject.toml" \
611
+ -o -name "requirements.txt" -o -name "Gemfile" -o -name "setup.py" 2>/dev/null
612
+
613
+ # ── Backend presence ──
614
+ ls server/ src/server/ backend/ api/ api-rs/ src-tauri/ app/ cmd/ internal/ 2>/dev/null
615
+
616
+ # ── Language detection ──
617
+ ls *.py *.go *.rs *.java *.cs *.dart *.swift *.c *.cpp *.h *.hpp *.kt *.ets 2>/dev/null
618
+
619
+ # ── Node.js dependency analysis ──
620
+ if [ -f package.json ]; then
621
+ echo "=== Frontend ==="
622
+ cat package.json | grep -oE '"(react|vue|svelte|angular|tailwindcss|vite|webpack|esbuild)[^"]*"' 2>/dev/null
623
+ echo "=== Native Modules ==="
624
+ cat package.json | grep -oE '"(better-sqlite3|sharp|bcrypt|canvas|node-gyp|serialport|usb)[^"]*"' 2>/dev/null
625
+ echo "=== Database ==="
626
+ cat package.json | grep -oE '"(sqlite|mysql|postgres|mongo|prisma|drizzle|redis|better-sqlite3)[^"]*"' 2>/dev/null
627
+ echo "=== Cloud Services ==="
628
+ cat package.json | grep -oE '"(openai|anthropic|google.*ai|deepseek|azure|aws|firebase)[^"]*"' 2>/dev/null
629
+ echo "=== Realtime ==="
630
+ cat package.json | grep -oE '"(socket\.io|ws:|websocket|mqtt|nats|sse)[^"]*"' 2>/dev/null
631
+ echo "=== Mobile ==="
632
+ cat package.json | grep -oE '"(react-native|expo|@capacitor|ionic|nativescript)[^"]*"' 2>/dev/null
633
+ echo "=== Scripts ==="
634
+ cat package.json | grep -oE '"(dev|build|start|electron|tauri|package|release|deploy)[^"]*"' 2>/dev/null
635
+ fi
636
+
637
+ # ── Game engine detection ──
638
+ find . -maxdepth 2 -name "*.uproject" -o -name "ProjectSettings" -o -name "*.godot" 2>/dev/null
639
+
640
+ # ── C/C++ detection ──
641
+ find . -maxdepth 2 -name "CMakeLists.txt" -o -name "*.sln" -o -name "*.vcxproj" 2>/dev/null
642
+
643
+ # ── Embedded detection ──
644
+ ls platformio.ini sdkconfig prj.conf 2>/dev/null
645
+ find . -maxdepth 3 -name "*.ino" -o -name "sdkconfig" 2>/dev/null
646
+
647
+ # ── Plugin detection ──
648
+ ls manifest.json content.js background.js popup.html 2>/dev/null
649
+
650
+ # ── HarmonyOS detection ──
651
+ ls oh-package.json5 module.json5 2>/dev/null
652
+
653
+ # ── Environment variables ──
654
+ ls .env .env.* .env.example 2>/dev/null
655
+
656
+ # ── Code volume estimate ──
657
+ find . -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.py" -o -name "*.go" \
658
+ -o -name "*.rs" -o -name "*.java" -o -name "*.kt" -o -name "*.swift" -o -name "*.dart" \
659
+ -o -name "*.cpp" -o -name "*.c" -o -name "*.cs" -o -name "*.ets" 2>/dev/null \
660
+ | grep -v node_modules | grep -v .git | wc -l
661
+ ```
662
+
663
+ ---
664
+
665
+ # Phase 2: Platform Classification
666
+
667
+ After scanning, classify the project into one or more categories:
668
+
669
+ | Category | Detection Signals | Sub-skill |
670
+ |----------|-------------------|-----------|
671
+ | **Desktop App** | Electron/Tauri/Qt/Flutter desktop | `desktop/*.md` |
672
+ | **Mobile App** | React Native/Flutter/Kotlin/Swift/HarmonyOS | `mobile/*.md` |
673
+ | **Web App** | React/Vue/Angular/Next.js/Nuxt | `web/*.md` |
674
+ | **Backend Service** | Express/Django/FastAPI/Gin/Spring/Axum/Laravel | `backend/*.md` |
675
+ | **AI/ML App** | PyTorch/TensorFlow/Transformers/Ollama | `ai/*.md` |
676
+ | **CLI Tool** | Command-line tool, script | `cli/python-cli.md` |
677
+ | **SDK/Library** | npm package, PyPI, crates.io, Maven, NuGet, Go module | `cli/sdk-library.md` |
678
+ | **Browser Plugin** | manifest.json + content.js | `plugins/browser-extension.md` |
679
+ | **IDE Plugin** | VS Code/JetBrains/WebStorm extension | `plugins/*.md` |
680
+ | **Embedded** | ESP32/STM32/RTOS/Linux embedded | `embedded/*.md` |
681
+ | **Car Software** | HarmonyOS Car/QNX/Android Automotive | `embedded/car-infotainment.md` |
682
+ | **Robotics** | ROS/ROS2/SLAM/navigation | `embedded/ros.md` |
683
+ | **Security Tool** | Pentest/vulnerability scanner/SIEM | `security/*.md` |
684
+ | **Docker/Container** | Dockerfile, docker-compose | `cloud/docker.md` |
685
+ | **Kubernetes** | K8s manifests, Helm charts | `cloud/kubernetes.md` |
686
+ | **CI/CD Pipeline** | GitHub Actions, GitLab CI, Jenkins | `cloud/ci-cd-pipelines.md` |
687
+ | **Payment System** | Stripe/Alipay/WeChat Pay/IAP | `cloud/payment-integration.md` |
688
+ | **Monorepo** | Multiple packages in one repo | `web/monorepo.md` |
689
+ | **WebAssembly** | Rust/Go/C compiled to WASM | `web/wasm.md` |
690
+ | **PWA** | Service Worker + Web Manifest | `web/pwa.md` |
691
+ | **Serverless/Edge** | Lambda/CF Workers/Vercel Functions | `web/serverless-edge.md` |
692
+ | **VR/AR** | Meta Quest/Vision Pro/SteamVR | `desktop/vr-ar.md` |
693
+ | **Wearable** | watchOS/Wear OS/Galaxy Watch | `mobile/wearables.md` |
694
+ | **Smart Platform** | Android TV/tvOS/webOS/Tizen/CarPlay | `desktop/smart-platforms.md` |
695
+ | **Cross-Platform** | .NET MAUI / Kotlin Multiplatform | `cross-platform/multiplatform.md` |
696
+
697
+ If the project spans multiple categories (e.g., desktop + mobile + backend), dispatch to each corresponding sub-skill separately.
698
+
699
+ ---
700
+
701
+ # Phase 3: Complexity Assessment
702
+
703
+ ## L1 Simple Tool (1–2 hours)
704
+ - Pure frontend or simple full-stack
705
+ - No native modules
706
+ - < 50 source files
707
+ - No database or localStorage only
708
+ - **Typical**: Calculator, Markdown editor, Pomodoro timer, simple notes, bookmark tool
709
+ - **Strategy**: Standard template, no customization needed
710
+
711
+ ## L2 — Standard Application (4–8 hours)
712
+ - Full-stack (frontend + backend + database)
713
+ - Native modules or external APIs present
714
+ - 50–500 source files
715
+ - Complex state management
716
+ - **Typical**: AI chatbot, project manager, data dashboard, local ERP, API debugger, IoT panel, IM client, SaaS desktop, DB manager
717
+ - **Strategy**: Path adaptation, image embedding, source encryption
718
+
719
+ ## L3 — Complex Application (1–5 days)
720
+ - Multi-module architecture (plugin system, extension system)
721
+ - Realtime communication (WebSocket, MQTT, WebRTC)
722
+ - Multiple databases
723
+ - GPU acceleration or audio/video processing
724
+ - 500+ source files
725
+ - **Typical**: IDE, video editor, design tool, full ERP, quantitative trading platform, indie game, HarmonyOS app, car infotainment
726
+ - **Strategy**: Deep architecture adaptation, process isolation, performance optimization
727
+
728
+ ---
729
+
730
+ # Phase 4: Competitive Benchmarking
731
+
732
+ Present similar products and their packaging approaches to help the user decide.
733
+
734
+ | Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
735
+ |----------|------------------|---------------|-------------------|-------------|
736
+ | AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
737
+ | Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
738
+ | ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
739
+ | Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
740
+ | IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
741
+ | IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
742
+ | SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
743
+ | Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
744
+ | Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
745
+ | Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
746
+
747
+ ---
748
+
749
+ # Phase 5: Recommendation & Confirmation
750
+
751
+ > **Note**: All user-facing questions (Q1-Q10) are now handled in **Step 2: Intake** above. This phase focuses ONLY on presenting recommendations after the intake is complete.
752
+
753
+ Based on the user's answers in Step 2, present:
754
+
755
+ 1. **Primary recommendation** — the best approach with clear reasoning
756
+ 2. **2-3 alternatives** — with trade-offs explained
757
+ 3. **Size estimate** — expected package size for the chosen approach
758
+ 4. **Reference products** — similar apps that use the same approach
759
+
760
+ | Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
761
+ |----------|------------------|---------------|-------------------|-------------|
762
+ | AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
763
+ | Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
764
+ | ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
765
+ | Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
766
+ | IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
767
+ | IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
768
+ | SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
769
+ | Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
770
+ | Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
771
+ | Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
772
+
773
+ Present the confirmation summary (from Step 2 Part D) and wait for user approval before proceeding.
774
+
775
+ ---
776
+
777
+ # Phase 6: Dispatch to Sub-skill
778
+
779
+ | User Choice | Sub-skill to Dispatch |
780
+ |------------|----------------------|
781
+ | Electron | `desktop/electron.md` |
782
+ | Tauri 2.0 | `desktop/tauri.md` |
783
+ | Game (Unity/Godot/Unreal) | `desktop/game-dev.md` |
784
+ | VR/AR (Meta Quest/Vision Pro) | `desktop/vr-ar.md` |
785
+ | Smart TV/Car/RPi | `desktop/smart-platforms.md` |
786
+ | Qt / Flutter / .NET | `desktop/native-app.md` |
787
+ | Pake / Neutralinojs | `desktop/web-to-desktop.md` |
788
+ | Android | `mobile/android.md` |
789
+ | iOS/iPadOS | `mobile/ios.md` |
790
+ | HarmonyOS | `mobile/harmonyos.md` |
791
+ | Flutter Mobile | `mobile/flutter-mobile.md` |
792
+ | React Native | `mobile/react-native.md` |
793
+ | Capacitor | `mobile/capacitor.md` |
794
+ | Wearable (watchOS/Wear OS) | `mobile/wearables.md` |
795
+ | SPA (React/Vue) | `web/spa.md` |
796
+ | SSR (Next.js/Nuxt) | `web/ssr.md` |
797
+ | PWA | `web/pwa.md` |
798
+ | Serverless / Edge | `web/serverless-edge.md` |
799
+ | Monorepo (Turborepo/Nx) | `web/monorepo.md` |
800
+ | WebAssembly (WASM) | `web/wasm.md` |
801
+ | Node.js Backend | `backend/node-server.md` |
802
+ | Python Backend | `backend/python-server.md` |
803
+ | Go Backend | `backend/go-server.md` |
804
+ | Rust Backend (Axum/Actix) | `backend/rust-backend.md` |
805
+ | Java/Spring Boot | `backend/java-spring.md` |
806
+ | PHP/Laravel | `backend/php-laravel.md` |
807
+ | Python ML | `ai/python-ml.md` |
808
+ | Local LLM | `ai/local-llm.md` |
809
+ | Python CLI | `cli/python-cli.md` |
810
+ | SDK / Library (npm/PyPI/crates.io/Maven/NuGet) | `cli/sdk-library.md` |
811
+ | Browser Extension | `plugins/browser-extension.md` |
812
+ | VS Code Extension | `plugins/vscode-extension.md` |
813
+ | JetBrains Plugin | `plugins/jetbrains-plugin.md` |
814
+ | ESP32 | `embedded/esp32.md` |
815
+ | STM32 | `embedded/stm32.md` |
816
+ | ROS/ROS2 | `embedded/ros.md` |
817
+ | Car Infotainment | `embedded/car-infotainment.md` |
818
+ | Security Tools | `security/security-tools.md` |
819
+ | Docker | `cloud/docker.md` |
820
+ | Kubernetes / Helm | `cloud/kubernetes.md` |
821
+ | CI/CD Pipeline | `cloud/ci-cd-pipelines.md` |
822
+ | Payment Integration | `cloud/payment-integration.md` |
823
+ | .NET MAUI | `cross-platform/multiplatform.md` |
824
+ | Kotlin Multiplatform | `cross-platform/multiplatform.md` |
825
+ | Compose Multiplatform | `cross-platform/multiplatform.md` |
826
+
827
+ ## Deviation Threshold
828
+
829
+ The AI may deviate from the sub-skill document by **≤15%** during execution. Deviations exceeding 15% must be explained to the user and require explicit approval.
830
+
831
+ ---
832
+
833
+ # Phase 7: Mandatory Audit
834
+
835
+ After packaging is complete, the AI **MUST** load and execute `audit.md`. The audit cannot be skipped under any circumstances.
836
+
837
+ ---
838
+
839
+ # Phase 8: Final Output
840
+
841
+ ```
842
+ ═══════════════════════════════════════════════
843
+ BUILD REPORT
844
+ ═══════════════════════════════════════════════
845
+
846
+ [TECH STACK]
847
+ Framework: [Electron / Tauri / ...]
848
+ Frontend: [React + Vite / ...]
849
+ Backend: [Express + SQLite / ...]
850
+ Build: [esbuild / cargo / ...]
851
+
852
+ [PACKAGE INFO]
853
+ Filename: [AppName-Setup-1.0.0.exe]
854
+ Size: [XXX MB]
855
+ Platform: [Windows x64 / ...]
856
+
857
+ [FILE ARCHITECTURE]
858
+ [key directory structure]
859
+
860
+ [SECURITY]
861
+ Encryption: [AES-256-CBC + obfuscation + image embedding]
862
+ Decryption: [server-side automatic]
863
+
864
+ [AUDIT RESULTS]
865
+ ✅ Package valid and installable
866
+ ✅ App launches without errors
867
+ ✅ Data persistence works
868
+ ✅ No credential leaks
869
+ ✅ No residual build artifacts
870
+ ✅ All user requirements met
871
+
872
+ [PACKAGE LOCATION]
873
+ [absolute path]
874
+ ═══════════════════════════════════════════════
875
+ ```
876
+
877
+ ---
878
+ ---
879
+
880
+ # Appendix: Best Practices & Common Mistakes
881
+
882
+ ## Common Mistakes (from Industry Survey)
883
+
884
+ 1. **Not code-signing binaries** — macOS Gatekeeper and Windows SmartScreen will block unsigned apps. Always sign with a valid certificate.
885
+ 2. **Hardcoding paths** — Use platform APIs (`app.getPath()`, `XDG_*` env vars) instead of absolute paths.
886
+ 3. **Bundling node_modules wholesale** — Use ASAR, tree-shaking, and exclude dev dependencies.
887
+ 4. **Ignoring platform-specific behavior** — Line endings, path separators, case sensitivity, default shell differences.
888
+ 5. **Not testing the packaged build** — Always test on a clean VM without dev tools installed.
889
+ 6. **Missing/broken auto-update** — Implement from day one using `electron-updater` or equivalent.
890
+ 7. **ASAR integrity issue** — Native modules (better-sqlite3, sharp) must be in `asarUnpack`.
891
+ 8. **Not handling first-run** — Create default config/data directories, handle missing files gracefully.
892
+ 9. **Over-bundling** — Include only target-platform binaries, not all platforms.
893
+ 10. **Insufficient production logging** — Use crash reporter (Sentry, electron-log) for debugging.
894
+
895
+ ## Best Practices (2025-2026)
896
+
897
+ | Practice | Description |
898
+ |----------|-------------|
899
+ | **Code signing** | macOS: Developer ID + notarization. Windows: EV/OV certificate. Linux: GPG signing. |
900
+ | **ASAR bundling** | Protect source code, simplify file layout. Configure `asarUnpack` for native modules. |
901
+ | **Auto-update from day one** | `electron-updater` (electron-builder) or `autoUpdater` (electron-forge). Use GitHub Releases or custom server. |
902
+ | **Test on clean machines** | Fresh VM without dev tools catches missing runtime dependencies. |
903
+ | **Separate main/renderer processes** | Heavy computation in main or utility process. Keep renderer free for UI. |
904
+ | **Minimize bundle size** | Tree-shaking, exclude dev deps, compress assets, minimize native modules. |
905
+ | **Handle permissions/sandboxing** | macOS: entitlements. Windows: UAC. Linux: Flatpak portals. |
906
+ | **Provide uninstallers** | NSIS: configure `deleteAppDataOnUninstall`. MSIX: auto-uninstall. AppImage: document removal. |
907
+ | **Use CI/CD** | GitHub Actions/Azure Pipelines. Build on each platform natively. |
908
+ | **Version lock packaging tools** | Pin electron-builder/forge/tauri-cli versions to avoid surprise breakage. |
909
+ | **Include crash reporter** | `@sentry/electron` or `electron-log` for production error tracking. |
910
+
911
+ ## Framework Version Reference (2025-2026)
912
+
913
+ | Framework | Version | Key Features |
914
+ |-----------|---------|-------------|
915
+ | Electron | 43.x | Chromium 150, Node.js 24, clipboard removed from renderer (v44), 32-bit dropped (v44) |
916
+ | electron-builder | 26.x | YAML/JSON config, NSIS/MSI/AppImage/DMG (compatible with Electron 43) |
917
+ | electron-forge | 7.x | Official Electron team recommendation, plugin architecture |
918
+ | electron-updater | 6.x | Auto-update with differential downloads |
919
+ | Tauri | 2.11.x | Mobile (iOS/Android) stable, Rust backend, 2-6MB bundles |
920
+ | Node.js | 26.x LTS / 22.x LTS | require(esm) default (v23+), Temporal API (v26), Undici 8 |
921
+ | Vite | 8.x | Latest build tool (verify plugin compatibility for v7/v8 migrations) |
922
+ | Next.js | 16.x | App Router, RSC, standalone output |
923
+ | React Native | 0.86.x | New Architecture default, Hermes engine |
924
+ | Flutter | 3.44.x / Dart 3.12 | Impeller renderer default, desktop GA, WebAssembly support |
925
+ | Go | 1.26.x | Latest stable (check stdlib breaking changes) |
926
+ | Spring Boot | 3.5.x | GraalVM native image improvements |
927
+ | Capacitor | 8.x | Web → mobile bridge (verify config format changes from v6) |
928
+ | Wails | 2.10.x | Go backend, v3 beta available |
929
+ | Neutralinojs | 5.6.x | 1-3MB binaries, minimal footprint |
930
+ | Dioxus | 0.6.x | React-like Rust UI, pre-1.0 |
931
+ | Pake/PakePlus | 2.7.x | Rust+Tauri wrapper, 3-10MB |
932
+
933
+ ## electron-builder vs electron-forge
934
+
935
+ | Aspect | electron-builder (26.x) | electron-forge (7.x) |
936
+ |--------|------------------------|---------------------|
937
+ | Config | YAML/JSON/JS | forge.config.js (JS/TS) |
938
+ | Output | NSIS, MSI, AppImage, DMG, DEB, RPM, Snap, Flatpak | DMG, ZIP, Squirrel, DEB, RPM, Snap, Flatpak, MSI, AppX, MSIX |
939
+ | Plugin system | Limited (custom afterPack) | Rich plugin architecture |
940
+ | Community | Very mature, widely used | Official Electron team recommendation |
941
+ | Code signing | Good, manual macOS notarization tweaks | Tight integration with osxSign/osxNotarize |
942
+ | Auto-update | electron-updater (built-in) | @electron/update-electron-app |
943
+ | **When to prefer** | Complex packaging rules, existing projects | New projects, first-party support |
944
+