packwise-skills 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/.cursorrules +23 -0
  2. package/CLAUDE.md +25 -0
  3. package/README.md +295 -0
  4. package/audit.md +224 -0
  5. package/bin/packwise.js +155 -0
  6. package/package.json +31 -0
  7. package/skill.md +719 -0
  8. package/sub-skills/ai/local-llm.md +183 -0
  9. package/sub-skills/ai/python-ml.md +164 -0
  10. package/sub-skills/backend/go-server.md +184 -0
  11. package/sub-skills/backend/java-spring.md +241 -0
  12. package/sub-skills/backend/node-server.md +164 -0
  13. package/sub-skills/backend/php-laravel.md +175 -0
  14. package/sub-skills/backend/python-server.md +164 -0
  15. package/sub-skills/backend/rust-backend.md +118 -0
  16. package/sub-skills/cli/python-cli.md +236 -0
  17. package/sub-skills/cli/sdk-library.md +497 -0
  18. package/sub-skills/cloud/ci-cd-pipelines.md +350 -0
  19. package/sub-skills/cloud/docker.md +191 -0
  20. package/sub-skills/cloud/kubernetes.md +277 -0
  21. package/sub-skills/cloud/payment-integration.md +307 -0
  22. package/sub-skills/cross-platform/multiplatform.md +252 -0
  23. package/sub-skills/desktop/electron.md +783 -0
  24. package/sub-skills/desktop/game-dev.md +443 -0
  25. package/sub-skills/desktop/native-app.md +123 -0
  26. package/sub-skills/desktop/scenarios.md +443 -0
  27. package/sub-skills/desktop/smart-platforms.md +324 -0
  28. package/sub-skills/desktop/tauri.md +428 -0
  29. package/sub-skills/desktop/vr-ar.md +252 -0
  30. package/sub-skills/desktop/web-to-desktop.md +153 -0
  31. package/sub-skills/embedded/car-infotainment.md +129 -0
  32. package/sub-skills/embedded/esp32.md +184 -0
  33. package/sub-skills/embedded/ros.md +150 -0
  34. package/sub-skills/embedded/stm32.md +160 -0
  35. package/sub-skills/mobile/android.md +322 -0
  36. package/sub-skills/mobile/capacitor.md +232 -0
  37. package/sub-skills/mobile/flutter-mobile.md +138 -0
  38. package/sub-skills/mobile/harmonyos.md +150 -0
  39. package/sub-skills/mobile/ios.md +245 -0
  40. package/sub-skills/mobile/react-native.md +443 -0
  41. package/sub-skills/mobile/wearables.md +230 -0
  42. package/sub-skills/plugins/browser-extension.md +308 -0
  43. package/sub-skills/plugins/jetbrains-plugin.md +226 -0
  44. package/sub-skills/plugins/vscode-extension.md +204 -0
  45. package/sub-skills/security/security-tools.md +174 -0
  46. package/sub-skills/web/monorepo.md +274 -0
  47. package/sub-skills/web/pwa.md +220 -0
  48. package/sub-skills/web/serverless-edge.md +295 -0
  49. package/sub-skills/web/spa.md +266 -0
  50. package/sub-skills/web/ssr.md +228 -0
  51. package/sub-skills/web/wasm.md +243 -0
package/skill.md ADDED
@@ -0,0 +1,719 @@
1
+ # Package Skills Plugin — Universal Build & Packaging Orchestrator
2
+
3
+ Covers all **build and packaging** scenarios for indie developers, startups, and small-to-medium software companies: desktop, mobile, web, backend, AI/ML, CLI, plugins, embedded, security tools, containerization, cross-platform frameworks, monorepos, WebAssembly, VR/AR, wearables, smart platforms, serverless, CI/CD, and payment integration.
4
+
5
+ > **Scope**: This skill focuses on **building and packaging** source code into distributable artifacts (`.apk`, `.exe`, `.dmg`, `.vsix`, Docker images, WASM modules, etc.). Production operations and infrastructure provisioning are outside its scope.
6
+
7
+ ## Trigger Words
8
+
9
+ "package", "build", "bundle", "compile", "installer", "desktop app", "generate exe", "build software", "client packaging", "develop plugin", "app packaging", "embedded", "publish to store", "containerize", "Docker", "WASM", "monorepo build", "cross-compile"
10
+
11
+ ## Plugin Architecture
12
+
13
+ ```
14
+ package/
15
+ ├── skill.md ← Main orchestrator: scan → classify → guide → dispatch
16
+ ├── audit.md ← Post-build audit (top-level, mandatory)
17
+ └── sub-skills/
18
+ ├── desktop/ ← Desktop apps (9)
19
+ │ ├── electron.md ← Electron (security, path resolution, packaging, signing, auto-update, CI/CD, pitfalls)
20
+ │ ├── tauri.md ← Tauri 2.0 (Rust backend, minimal footprint)
21
+ │ ├── native-app.md ← Qt/Flutter/.NET (performance-critical)
22
+ │ ├── web-to-desktop.md ← Web-to-desktop (Pake/Neutralinojs)
23
+ │ ├── game-dev.md ← Game dev (Unity/Unreal/Godot)
24
+ │ ├── vr-ar.md ← VR/AR (Meta Quest/Vision Pro/SteamVR)
25
+ │ ├── smart-platforms.md ← Smart TV/Car/RPi (Android TV/tvOS/webOS/Tizen)
26
+ │ └── scenarios.md ← Desktop scenarios (AI/ERP/trading/IoT/IM)
27
+ ├── mobile/ ← Mobile (7)
28
+ │ ├── android.md ← Android native (Kotlin/Java)
29
+ │ ├── ios.md ← iOS/iPadOS (Swift/ObjC)
30
+ │ ├── harmonyos.md ← HarmonyOS (ArkTS)
31
+ │ ├── flutter-mobile.md ← Flutter mobile
32
+ │ ├── react-native.md ← React Native
33
+ │ ├── capacitor.md ← Capacitor (Web → mobile)
34
+ │ └── wearables.md ← Wearables (watchOS/Wear OS/Galaxy Watch)
35
+ ├── web/ ← Web apps (6)
36
+ │ ├── spa.md ← SPA (React/Vue/Angular/Svelte)
37
+ │ ├── ssr.md ← SSR (Next.js/Nuxt/Remix)
38
+ │ ├── pwa.md ← PWA (Progressive Web App)
39
+ │ ├── serverless-edge.md ← Serverless & Edge (Lambda/CF Workers/Vercel)
40
+ │ ├── monorepo.md ← Monorepo (Turborepo/Nx/pnpm workspaces)
41
+ │ └── wasm.md ← WebAssembly (Rust/Go/C → WASM)
42
+ ├── backend/ ← Backend services (6)
43
+ │ ├── node-server.md ← Node.js (Express/Nest/Fastify)
44
+ │ ├── python-server.md ← Python (Flask/Django/FastAPI)
45
+ │ ├── go-server.md ← Go (Gin/Echo/Fiber)
46
+ │ ├── rust-backend.md ← Rust (Axum/Actix-Web/Rocket)
47
+ │ ├── java-spring.md ← Java (Spring Boot/Quarkus/Micronaut)
48
+ │ └── php-laravel.md ← PHP (Laravel/Symfony/Slim)
49
+ ├── ai/ ← AI/ML (2)
50
+ │ ├── python-ml.md ← Python ML model packaging
51
+ │ └── local-llm.md ← Local LLM applications
52
+ ├── cli/ ← CLI tools & Libraries (2)
53
+ │ ├── python-cli.md ← Python CLI tools
54
+ │ └── sdk-library.md ← SDK/Library publishing (npm/PyPI/crates.io/Maven/NuGet/Go)
55
+ ├── plugins/ ← Plugins (3)
56
+ │ ├── browser-extension.md ← Chrome/Edge/Firefox extensions
57
+ │ ├── vscode-extension.md ← VS Code extensions
58
+ │ └── jetbrains-plugin.md ← JetBrains plugins
59
+ ├── embedded/ ← Embedded (4)
60
+ │ ├── esp32.md ← ESP32 (Arduino/ESP-IDF)
61
+ │ ├── stm32.md ← STM32 (Keil/CubeIDE)
62
+ │ ├── ros.md ← ROS/ROS2 robotics
63
+ │ └── car-infotainment.md ← Car infotainment (HarmonyOS/Auto/QNX)
64
+ ├── security/ ← Security tools (1)
65
+ │ └── security-tools.md ← Pentest / scanners / SIEM
66
+ ├── cloud/ ← Cloud & Infrastructure (4)
67
+ │ ├── docker.md ← Docker containerization
68
+ │ ├── kubernetes.md ← Kubernetes/Helm/K3s
69
+ │ ├── ci-cd-pipelines.md ← CI/CD (GitHub Actions/GitLab CI/Jenkins)
70
+ │ └── payment-integration.md ← Payment (Stripe/Alipay/WeChat Pay/IAP)
71
+ └── cross-platform/ ← Cross-platform frameworks (1)
72
+ └── multiplatform.md ← .NET MAUI / Kotlin Multiplatform / Compose Multiplatform
73
+ ```
74
+
75
+ ## Core Workflow
76
+
77
+ ```
78
+ 1. Project Scan → Identify project type, language, dependencies, architecture
79
+ 2. Report & Intake → Report findings to user → Ask key questions interactively
80
+ 3. Analyze & Research → Combine scan results + user answers + online research (if needed)
81
+ 4. Recommend & Guide → Present RECOMMENDED solution + 2-3 alternatives with reasoning → discuss with user
82
+ 5. Confirm Plan → User selects final approach → generate confirmation summary
83
+ 6. Execute → Load sub-skill → run build process (≤15% deviation without approval)
84
+ 7. Audit → Execute audit.md (mandatory, cannot be skipped)
85
+ 8. Final Report → Output structured build report
86
+ ```
87
+
88
+ > **Guidance Philosophy**: The LLM acts as a **build consultant**, not a form-filler. After scanning and asking questions, the LLM MUST synthesize all information, perform targeted research if needed, and present a clear recommendation with reasoning. The user should feel guided, not interrogated.
89
+
90
+ ### Step 2: Report & Intake
91
+
92
+ After scanning, the AI reports findings and asks questions **in one interactive session**. Do NOT split across multiple steps.
93
+
94
+ **Format**: Present each question as a numbered list. Mark the **⭐ Recommended** option with reasoning. Let the user reply with numbers (e.g., "1,2,4,3,1,2") or answer conversationally. If the user says "skip", use the recommended option.
95
+
96
+ ---
97
+
98
+ #### Part A: Project Summary (Tell the User What You Found)
99
+
100
+ > **Scanning is the foundation of everything.** If the scan is wrong, all downstream decisions will be wrong. The LLM MUST scan thoroughly before asking any questions. If the scan reveals issues (missing dependencies, .env files, outdated configs), **flag them immediately** — don't wait until build time.
101
+
102
+ ```
103
+ 📋 Project Scan Results:
104
+ - Framework: [detected framework]
105
+ - Language: [detected language]
106
+ - Estimated complexity: [L1/L2/L3]
107
+ - Key dependencies: [list]
108
+ - Source files: [count]
109
+ - Notable: [any special findings — native modules, env files, game engine, etc.]
110
+ ```
111
+
112
+ **Dependency Completeness Check** (auto-run during scan):
113
+
114
+ The LLM MUST verify that all required dependencies for the detected framework are present. If anything is missing, **tell the user before proceeding**:
115
+
116
+ | Framework | Required Dependencies | Check Command |
117
+ |-----------|----------------------|---------------|
118
+ | Tauri | `@tauri-apps/api` in package.json | `grep "@tauri-apps/api" package.json` |
119
+ | Electron | `electron` + `electron-builder` in devDependencies | `grep "electron" package.json` |
120
+ | React Native | `react-native` + `@react-native-community/cli` | `grep "react-native" package.json` |
121
+ | Capacitor | `@capacitor/core` + `@capacitor/cli` | `grep "@capacitor" package.json` |
122
+ | Vue + Vite | `vue` + `@vitejs/plugin-vue` + `vite` | `grep "vue\|vite" package.json` |
123
+ | Next.js | `next` + `react` + `react-dom` | `grep "next\|react" package.json` |
124
+
125
+ **Security Scan** (auto-run during scan):
126
+
127
+ | What to check | Why | Action if found |
128
+ |---------------|-----|----------------|
129
+ | `.env` / `.env.*` files | May contain API keys, tokens | ⚠️ Flag to user: "Found .env with sensitive data — will remove before packaging" |
130
+ | Hardcoded `sk-` / `api_key` / `secret` in source | Credential leak | ⚠️ Flag to user: "Found hardcoded credentials in [file]" |
131
+ | `node_modules` in git | Bloat, potential secret leak | ⚠️ Suggest adding to `.gitignore` |
132
+ | Missing `.gitignore` | May accidentally commit secrets | ⚠️ Suggest creating one |
133
+
134
+ ---
135
+
136
+ #### Part B: Key Questions
137
+
138
+ **Q1. Who are the target users?**
139
+ - 1. ⭐ General consumers → One-click installer (NSIS/DMG/APK)
140
+ - 2. Enterprise internal → MSI/Group Policy/MDM
141
+ - 3. Developers → npm/pip/cargo
142
+ - 4. Government/military → Domestic platform adaptation
143
+
144
+ **Q2. Distribution channel?**
145
+ - 1. ⭐ Website download → Code signing + auto-update
146
+ - 2. App Store → Store signing + review compliance
147
+ - 3. Enterprise internal → MDM/Group Policy
148
+ - 4. Open source → GitHub Releases / npm / PyPI
149
+
150
+ **Q3. Target platform(s)?** (multi-select)
151
+ - 1. ⭐ Windows
152
+ - 2. macOS
153
+ - 3. Linux
154
+ - 4. All desktop (1+2+3)
155
+ - 5. Android
156
+ - 6. iOS/iPadOS
157
+
158
+ **Q3b. Architecture per platform?** (ask for EACH platform selected in Q3)
159
+
160
+ > Example: If user selected "Windows + macOS" in Q3, ask:
161
+ > "You selected Windows and macOS. Now choose architecture for each:"
162
+
163
+ - **Windows architecture?**
164
+ - 1. ⭐ x64 only (most common, covers 99% of PCs)
165
+ - 2. ARM64 only (Surface Pro X, Snapdragon laptops)
166
+ - 3. Both x64 + ARM64 (two installers output)
167
+ - **macOS architecture?**
168
+ - 1. ⭐ Universal Binary (x64 + ARM64 in one file, works on all Macs)
169
+ - 2. ARM64 only (Apple Silicon M1+, no Intel Mac support)
170
+ - 3. x64 only (Intel Macs only, not recommended)
171
+ - **Linux architecture?**
172
+ - 1. ⭐ x64 only (most common)
173
+ - 2. ARM64 only (Raspberry Pi 4/5, ARM servers)
174
+ - 3. Both x64 + ARM64 (two packages output)
175
+ - **Android architecture?**
176
+ - 1. ⭐ ARM64 (v8a) — covers 95%+ of modern devices
177
+ - 2. ARM64 + ARMv7 (for older devices, larger APK)
178
+ - 3. Universal APK (all architectures, largest size)
179
+ - **iOS architecture?**
180
+ - 1. ⭐ ARM64 (all modern Apple devices, automatic)
181
+
182
+ > All selected architecture packages will be output to the same target folder (Q11).
183
+
184
+ **Q4. App name, version, copyright holder?**
185
+
186
+ **Q5. Logo/icon ready?**
187
+ - 1. ⭐ Yes, I have icons → Ask for path, format, sizes
188
+ - 2. Need to generate → Recommend tool based on platform
189
+ - 3. Use default → Not recommended for production
190
+
191
+ **Q6. Source code protection (anti-reverse-engineering)?**
192
+
193
+ > This determines how hard it is for someone to decompile and read your source code from the packaged app.
194
+
195
+ - 1. ⭐ **Standard packaging** — Code bundled but extractable with basic tools. Fine for most apps. (Electron: ASAR; Tauri: already compiled Rust, very hard to reverse)
196
+ - 2. **Obfuscation** — JavaScript/TypeScript code is scrambled (variable names mangled, control flow flattened). Takes minutes to hours to reverse. Adds ~1 min build time.
197
+ - 3. **Bytecode compilation** — Source code compiled to V8 binary bytecode (.jsc). Cannot be read as text. Must match Electron's Node.js version. Takes ~2 min build time. (Electron only)
198
+ - 4. **Full protection scheme** — All of the above + AES-256-CBC encryption of config files + image base64 embedding. Recommended for commercial software with proprietary algorithms. Adds ~5 min build time.
199
+ - 5. **None** — Open source project, no protection needed. Anyone can read the code.
200
+
201
+ **Q7. Clear test data and hardcoded keys before packaging?**
202
+ - 1. ⭐ Yes, clean everything
203
+ - 2. No (dev build only)
204
+
205
+ **Q8. Code signing?**
206
+ - 1. ⭐ Yes, I have certificates
207
+ - 2. No signing (will show security warnings)
208
+ - 3. Help me understand what I need
209
+
210
+ **Q9. Auto-update?**
211
+ - 1. ⭐ Yes
212
+ - 2. No
213
+
214
+ **Q10. Budget / team capability?**
215
+ - 1. ⭐ Zero budget, individual developer
216
+ - 2. Has Apple Developer account ($99/year)
217
+ - 3. Has code signing certificate
218
+ - 4. Team has Rust experience
219
+ - 5. Team has only frontend experience
220
+
221
+ **Q11. Output location?**
222
+ - 1. ⭐ `./release/` (default)
223
+ - 2. Custom path
224
+
225
+ **Q12. Any special requirements?**
226
+ - (Open-ended: custom protocol, system tray, multi-window, offline-first, etc.)
227
+
228
+ ---
229
+
230
+ ### Step 3: Analyze & Research
231
+
232
+ After collecting the user's answers, the LLM **MUST**:
233
+
234
+ 1. **Synthesize** — Combine scan results (Step 1) + user answers (Step 2) + complexity assessment
235
+ 2. **Research if needed** — If the project type is niche or the user has unusual requirements, search for official documentation or community solutions (time-boxed to 2-3 minutes)
236
+ 3. **Determine the best approach** — Based on ALL available information, identify the optimal packaging strategy
237
+ 4. **Identify alternatives** — Find 2-3 viable alternatives with clear trade-offs
238
+
239
+ **When to research online:**
240
+ - User's framework/version is not covered by any sub-skill
241
+ - User has requirements that conflict with standard approaches
242
+ - Latest best practices may have changed (check official docs)
243
+
244
+ **When NOT to research:**
245
+ - The project clearly matches an existing sub-skill
246
+ - User's requirements are straightforward
247
+ - Research would add no value beyond what the sub-skill already covers
248
+
249
+ ---
250
+
251
+ ### Step 4: Recommend & Guide (THE KEY STEP)
252
+
253
+ This is where the LLM acts as a **consultant**. Present the analysis as a conversation, not a data dump.
254
+
255
+ **Output format:**
256
+
257
+ ```
258
+ ═══════════════════════════════════════════════
259
+ PACKAGING RECOMMENDATION
260
+ ═══════════════════════════════════════════════
261
+
262
+ Based on your project scan and requirements, here is my analysis:
263
+
264
+ [Project Analysis]
265
+ Your [framework] project has [complexity] complexity with [key characteristics].
266
+ The main challenge will be [identified challenge].
267
+
268
+ ⭐ RECOMMENDED: [Solution Name]
269
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
270
+ Why this approach:
271
+ - [Reason 1 — e.g., "Your team has only frontend experience, so Electron is the lowest barrier"]
272
+ - [Reason 2 — e.g., "You need SQLite native module, which requires Node.js runtime"]
273
+ - [Reason 3 — e.g., "Target size ~150MB is acceptable for your use case"]
274
+
275
+ Configuration:
276
+ - Framework: [Electron 43 + React + Express + SQLite]
277
+ - Build tool: [electron-builder 26]
278
+ - Platforms: [Windows + macOS]
279
+ - Architecture: [Windows x64, macOS Universal]
280
+ - Package format: [NSIS for Windows x64, DMG for macOS Universal]
281
+ - Source protection: [ASAR + JavaScript obfuscation]
282
+ - Signing: [Windows EV cert + macOS Developer ID]
283
+ - Auto-update: [electron-updater via GitHub Releases]
284
+ - Output folder: [./release/]
285
+ - Expected size: [~150MB per platform]
286
+
287
+ Alternative A: [Tauri 2.11]
288
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
289
+ - Pro: Much smaller (3-10MB), better performance
290
+ - Con: Requires Rust rewrite of backend, higher learning curve
291
+ - When to choose: If team can learn Rust and package size is critical
292
+
293
+ Alternative B: [Neutralinojs]
294
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
295
+ - Pro: Minimal footprint (~2MB)
296
+ - Con: Limited native module support, smaller ecosystem
297
+ - When to choose: If app is mostly a web wrapper with no backend
298
+
299
+ ═══════════════════════════════════════════════
300
+ Which approach would you like to proceed with?
301
+ 1. ⭐ Recommended ([Solution Name])
302
+ 2. Alternative A
303
+ 3. Alternative B
304
+ 4. Custom combination (tell me what you want)
305
+ ═══════════════════════════════════════════════
306
+ ```
307
+
308
+ **Key principles for the recommendation:**
309
+ - **Lead with WHY** — Don't just say "use Electron". Explain WHY based on the user's specific answers.
310
+ - **Be specific** — Reference the user's actual requirements (target users, platform, budget).
311
+ - **Quantify** — Give expected package size, build time, complexity.
312
+ - **Honest trade-offs** — Don't hide downsides. "Electron is 150MB but Tauri is 3MB" is better than pretending size doesn't matter.
313
+ - **Conditional advice** — "If X changes, switch to Y" helps the user understand the decision tree.
314
+ - **Don't rush** — If the user wants to discuss, engage. Answer questions before proceeding.
315
+
316
+ ---
317
+
318
+ ### Step 5: Confirm Plan
319
+
320
+ After the user selects an approach, generate a final confirmation summary:
321
+
322
+ ```
323
+ ═══════════════════════════════════════════════
324
+ FINAL BUILD PLAN
325
+ ═══════════════════════════════════════════════
326
+
327
+ [App] MyApp v1.0.0
328
+ [Framework] Electron 43 + React + Express + SQLite
329
+ [Platform] Windows + macOS
330
+ [Architecture] Windows: x64 | macOS: Universal (x64+ARM64)
331
+ [Installer] NSIS (.exe) for Win x64 + DMG for macOS Universal
332
+ [Logo] icon.png (256x256, PNG with alpha, rounded corners applied)
333
+ [Output] ./release/ (all installers in this folder)
334
+ [Protection] ASAR + JavaScript obfuscation
335
+ [Test Data] ✅ Cleared
336
+ [API Keys] ✅ Cleared
337
+ [Signing] Windows EV cert + macOS Developer ID + notarization
338
+ [Auto-update] electron-updater via GitHub Releases
339
+
340
+ ═══════════════════════════════════════════════
341
+ Reply 'yes' to start building, or tell me what to change.
342
+ ═══════════════════════════════════════════════
343
+ ```
344
+
345
+ Only proceed to execution after the user explicitly confirms.
346
+
347
+ ---
348
+
349
+ **Dynamic Adaptation Rules:**
350
+ - Do NOT lock into rigid rules. If the user has special requirements (e.g., "I need to support both Windows XP and the latest macOS"), provide a viable approach rather than saying "not supported"
351
+ - If the standard sub-skill approach does not fit, provide a custom solution based on general engineering knowledge
352
+ - Every recommendation MUST explain **why** this approach is recommended and **under what circumstances** to switch to an alternative
353
+ - When the user asks about **deployment or hosting** (e.g., "How do I deploy this Docker image?", "Which platform should I host on?"), provide guidance on WHERE and HOW to deploy, but do NOT execute the deployment — that is outside this skill's scope. This skill handles building and packaging only.
354
+ - If the user skips a question (says "skip" or "default"), use the ⭐ recommended option and note it in the confirmation summary
355
+
356
+ ---
357
+
358
+ ### Step 1.5: Handling Uncovered Projects (Online Research)
359
+
360
+ When the user's project does NOT match any existing sub-skill (e.g., a niche framework, emerging technology, or proprietary platform):
361
+
362
+ 1. **Search for official documentation** — Find the framework/platform's official build guide
363
+ 2. **Search for community solutions** — Look for GitHub repos, blog posts, or Stack Overflow answers from experienced developers
364
+ 3. **Adapt a similar sub-skill** — Find the closest matching sub-skill and adapt its patterns
365
+ 4. **Time-box the research** — Spend no more than 2-3 minutes on research. If no clear guide is found, tell the user honestly and suggest they consult the platform's official documentation
366
+ 5. **Document the approach** — Present the found approach to the user for confirmation before proceeding
367
+
368
+ **Priority for research sources:**
369
+ 1. Official documentation (docs.xxx.com)
370
+ 2. Official GitHub repository (README, wiki, examples)
371
+ 3. Well-known tech blogs (with verifiable code examples)
372
+ 4. Stack Overflow answers with high vote counts
373
+ 5. **Never** use unverified random blog posts or outdated tutorials
374
+
375
+ ---
376
+
377
+ # Phase 1: Project Scan
378
+
379
+ Execute the following scan commands before any decision-making:
380
+
381
+ ```bash
382
+ # ── Project structure detection ──
383
+ find . -maxdepth 2 -name "package.json" -o -name "Cargo.toml" -o -name "pubspec.yaml" \
384
+ -o -name "*.csproj" -o -name "go.mod" -o -name "CMakeLists.txt" \
385
+ -o -name "build.gradle" -o -name "pom.xml" -o -name "pyproject.toml" \
386
+ -o -name "requirements.txt" -o -name "Gemfile" -o -name "setup.py" 2>/dev/null
387
+
388
+ # ── Backend presence ──
389
+ ls server/ src/server/ backend/ api/ api-rs/ src-tauri/ app/ cmd/ internal/ 2>/dev/null
390
+
391
+ # ── Language detection ──
392
+ ls *.py *.go *.rs *.java *.cs *.dart *.swift *.c *.cpp *.h *.hpp *.kt *.ets 2>/dev/null
393
+
394
+ # ── Node.js dependency analysis ──
395
+ if [ -f package.json ]; then
396
+ echo "=== Frontend ==="
397
+ cat package.json | grep -oE '"(react|vue|svelte|angular|tailwindcss|vite|webpack|esbuild)[^"]*"' 2>/dev/null
398
+ echo "=== Native Modules ==="
399
+ cat package.json | grep -oE '"(better-sqlite3|sharp|bcrypt|canvas|node-gyp|serialport|usb)[^"]*"' 2>/dev/null
400
+ echo "=== Database ==="
401
+ cat package.json | grep -oE '"(sqlite|mysql|postgres|mongo|prisma|drizzle|redis|better-sqlite3)[^"]*"' 2>/dev/null
402
+ echo "=== Cloud Services ==="
403
+ cat package.json | grep -oE '"(openai|anthropic|google.*ai|deepseek|azure|aws|firebase)[^"]*"' 2>/dev/null
404
+ echo "=== Realtime ==="
405
+ cat package.json | grep -oE '"(socket\.io|ws:|websocket|mqtt|nats|sse)[^"]*"' 2>/dev/null
406
+ echo "=== Mobile ==="
407
+ cat package.json | grep -oE '"(react-native|expo|@capacitor|ionic|nativescript)[^"]*"' 2>/dev/null
408
+ echo "=== Scripts ==="
409
+ cat package.json | grep -oE '"(dev|build|start|electron|tauri|package|release|deploy)[^"]*"' 2>/dev/null
410
+ fi
411
+
412
+ # ── Game engine detection ──
413
+ find . -maxdepth 2 -name "*.uproject" -o -name "ProjectSettings" -o -name "*.godot" 2>/dev/null
414
+
415
+ # ── C/C++ detection ──
416
+ find . -maxdepth 2 -name "CMakeLists.txt" -o -name "*.sln" -o -name "*.vcxproj" 2>/dev/null
417
+
418
+ # ── Embedded detection ──
419
+ ls platformio.ini sdkconfig prj.conf 2>/dev/null
420
+ find . -maxdepth 3 -name "*.ino" -o -name "sdkconfig" 2>/dev/null
421
+
422
+ # ── Plugin detection ──
423
+ ls manifest.json content.js background.js popup.html 2>/dev/null
424
+
425
+ # ── HarmonyOS detection ──
426
+ ls oh-package.json5 module.json5 2>/dev/null
427
+
428
+ # ── Environment variables ──
429
+ ls .env .env.* .env.example 2>/dev/null
430
+
431
+ # ── Code volume estimate ──
432
+ find . -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.py" -o -name "*.go" \
433
+ -o -name "*.rs" -o -name "*.java" -o -name "*.kt" -o -name "*.swift" -o -name "*.dart" \
434
+ -o -name "*.cpp" -o -name "*.c" -o -name "*.cs" -o -name "*.ets" 2>/dev/null \
435
+ | grep -v node_modules | grep -v .git | wc -l
436
+ ```
437
+
438
+ ---
439
+
440
+ # Phase 2: Platform Classification
441
+
442
+ After scanning, classify the project into one or more categories:
443
+
444
+ | Category | Detection Signals | Sub-skill |
445
+ |----------|-------------------|-----------|
446
+ | **Desktop App** | Electron/Tauri/Qt/Flutter desktop | `desktop/*.md` |
447
+ | **Mobile App** | React Native/Flutter/Kotlin/Swift/HarmonyOS | `mobile/*.md` |
448
+ | **Web App** | React/Vue/Angular/Next.js/Nuxt | `web/*.md` |
449
+ | **Backend Service** | Express/Django/FastAPI/Gin/Spring/Axum/Laravel | `backend/*.md` |
450
+ | **AI/ML App** | PyTorch/TensorFlow/Transformers/Ollama | `ai/*.md` |
451
+ | **CLI Tool** | Command-line tool, script | `cli/python-cli.md` |
452
+ | **SDK/Library** | npm package, PyPI, crates.io, Maven, NuGet, Go module | `cli/sdk-library.md` |
453
+ | **Browser Plugin** | manifest.json + content.js | `plugins/browser-extension.md` |
454
+ | **IDE Plugin** | VS Code/JetBrains/WebStorm extension | `plugins/*.md` |
455
+ | **Embedded** | ESP32/STM32/RTOS/Linux embedded | `embedded/*.md` |
456
+ | **Car Software** | HarmonyOS Car/QNX/Android Automotive | `embedded/car-infotainment.md` |
457
+ | **Robotics** | ROS/ROS2/SLAM/navigation | `embedded/ros.md` |
458
+ | **Security Tool** | Pentest/vulnerability scanner/SIEM | `security/*.md` |
459
+ | **Docker/Container** | Dockerfile, docker-compose | `cloud/docker.md` |
460
+ | **Kubernetes** | K8s manifests, Helm charts | `cloud/kubernetes.md` |
461
+ | **CI/CD Pipeline** | GitHub Actions, GitLab CI, Jenkins | `cloud/ci-cd-pipelines.md` |
462
+ | **Payment System** | Stripe/Alipay/WeChat Pay/IAP | `cloud/payment-integration.md` |
463
+ | **Monorepo** | Multiple packages in one repo | `web/monorepo.md` |
464
+ | **WebAssembly** | Rust/Go/C compiled to WASM | `web/wasm.md` |
465
+ | **PWA** | Service Worker + Web Manifest | `web/pwa.md` |
466
+ | **Serverless/Edge** | Lambda/CF Workers/Vercel Functions | `web/serverless-edge.md` |
467
+ | **VR/AR** | Meta Quest/Vision Pro/SteamVR | `desktop/vr-ar.md` |
468
+ | **Wearable** | watchOS/Wear OS/Galaxy Watch | `mobile/wearables.md` |
469
+ | **Smart Platform** | Android TV/tvOS/webOS/Tizen/CarPlay | `desktop/smart-platforms.md` |
470
+ | **Cross-Platform** | .NET MAUI / Kotlin Multiplatform | `cross-platform/multiplatform.md` |
471
+
472
+ If the project spans multiple categories (e.g., desktop + mobile + backend), dispatch to each corresponding sub-skill separately.
473
+
474
+ ---
475
+
476
+ # Phase 3: Complexity Assessment
477
+
478
+ ## L1 — Simple Tool (1–2 hours)
479
+ - Pure frontend or simple full-stack
480
+ - No native modules
481
+ - < 50 source files
482
+ - No database or localStorage only
483
+ - **Typical**: Calculator, Markdown editor, Pomodoro timer, simple notes, bookmark tool
484
+ - **Strategy**: Standard template, no customization needed
485
+
486
+ ## L2 — Standard Application (4–8 hours)
487
+ - Full-stack (frontend + backend + database)
488
+ - Native modules or external APIs present
489
+ - 50–500 source files
490
+ - Complex state management
491
+ - **Typical**: AI chatbot, project manager, data dashboard, local ERP, API debugger, IoT panel, IM client, SaaS desktop, DB manager
492
+ - **Strategy**: Path adaptation, image embedding, source encryption
493
+
494
+ ## L3 — Complex Application (1–5 days)
495
+ - Multi-module architecture (plugin system, extension system)
496
+ - Realtime communication (WebSocket, MQTT, WebRTC)
497
+ - Multiple databases
498
+ - GPU acceleration or audio/video processing
499
+ - 500+ source files
500
+ - **Typical**: IDE, video editor, design tool, full ERP, quantitative trading platform, indie game, HarmonyOS app, car infotainment
501
+ - **Strategy**: Deep architecture adaptation, process isolation, performance optimization
502
+
503
+ ---
504
+
505
+ # Phase 4: Competitive Benchmarking
506
+
507
+ Present similar products and their packaging approaches to help the user decide.
508
+
509
+ | Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
510
+ |----------|------------------|---------------|-------------------|-------------|
511
+ | AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
512
+ | Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
513
+ | ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
514
+ | Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
515
+ | IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
516
+ | IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
517
+ | SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
518
+ | Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
519
+ | Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
520
+ | Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
521
+
522
+ ---
523
+
524
+ # Phase 5: Recommendation & Confirmation
525
+
526
+ > **Note**: Platform decision (Q5), info collection (Q6-Q14), and all user-facing questions are now handled in **Step 2: Unified User Intake** above. This phase focuses ONLY on presenting recommendations after the intake is complete.
527
+
528
+ Based on the user's answers in Step 2, present:
529
+
530
+ 1. **Primary recommendation** — the best approach with clear reasoning
531
+ 2. **2-3 alternatives** — with trade-offs explained
532
+ 3. **Size estimate** — expected package size for the chosen approach
533
+ 4. **Reference products** — similar apps that use the same approach
534
+
535
+ | Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
536
+ |----------|------------------|---------------|-------------------|-------------|
537
+ | AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
538
+ | Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
539
+ | ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
540
+ | Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
541
+ | IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
542
+ | IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
543
+ | SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
544
+ | Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
545
+ | Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
546
+ | Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
547
+
548
+ Present the confirmation summary (from Step 2 Part D) and wait for user approval before proceeding.
549
+
550
+ ---
551
+
552
+ # Phase 6: Dispatch to Sub-skill
553
+
554
+ | User Choice | Sub-skill to Dispatch |
555
+ |------------|----------------------|
556
+ | Electron | `desktop/electron.md` |
557
+ | Tauri 2.0 | `desktop/tauri.md` |
558
+ | Game (Unity/Godot/Unreal) | `desktop/game-dev.md` |
559
+ | VR/AR (Meta Quest/Vision Pro) | `desktop/vr-ar.md` |
560
+ | Smart TV/Car/RPi | `desktop/smart-platforms.md` |
561
+ | Qt / Flutter / .NET | `desktop/native-app.md` |
562
+ | Pake / Neutralinojs | `desktop/web-to-desktop.md` |
563
+ | Android | `mobile/android.md` |
564
+ | iOS/iPadOS | `mobile/ios.md` |
565
+ | HarmonyOS | `mobile/harmonyos.md` |
566
+ | Flutter Mobile | `mobile/flutter-mobile.md` |
567
+ | React Native | `mobile/react-native.md` |
568
+ | Capacitor | `mobile/capacitor.md` |
569
+ | Wearable (watchOS/Wear OS) | `mobile/wearables.md` |
570
+ | SPA (React/Vue) | `web/spa.md` |
571
+ | SSR (Next.js/Nuxt) | `web/ssr.md` |
572
+ | PWA | `web/pwa.md` |
573
+ | Serverless / Edge | `web/serverless-edge.md` |
574
+ | Monorepo (Turborepo/Nx) | `web/monorepo.md` |
575
+ | WebAssembly (WASM) | `web/wasm.md` |
576
+ | Node.js Backend | `backend/node-server.md` |
577
+ | Python Backend | `backend/python-server.md` |
578
+ | Go Backend | `backend/go-server.md` |
579
+ | Rust Backend (Axum/Actix) | `backend/rust-backend.md` |
580
+ | Java/Spring Boot | `backend/java-spring.md` |
581
+ | PHP/Laravel | `backend/php-laravel.md` |
582
+ | Python ML | `ai/python-ml.md` |
583
+ | Local LLM | `ai/local-llm.md` |
584
+ | Python CLI | `cli/python-cli.md` |
585
+ | SDK / Library (npm/PyPI/crates.io/Maven/NuGet) | `cli/sdk-library.md` |
586
+ | Browser Extension | `plugins/browser-extension.md` |
587
+ | VS Code Extension | `plugins/vscode-extension.md` |
588
+ | JetBrains Plugin | `plugins/jetbrains-plugin.md` |
589
+ | ESP32 | `embedded/esp32.md` |
590
+ | STM32 | `embedded/stm32.md` |
591
+ | ROS/ROS2 | `embedded/ros.md` |
592
+ | Car Infotainment | `embedded/car-infotainment.md` |
593
+ | Security Tools | `security/security-tools.md` |
594
+ | Docker | `cloud/docker.md` |
595
+ | Kubernetes / Helm | `cloud/kubernetes.md` |
596
+ | CI/CD Pipeline | `cloud/ci-cd-pipelines.md` |
597
+ | Payment Integration | `cloud/payment-integration.md` |
598
+ | .NET MAUI | `cross-platform/multiplatform.md` |
599
+ | Kotlin Multiplatform | `cross-platform/multiplatform.md` |
600
+ | Compose Multiplatform | `cross-platform/multiplatform.md` |
601
+
602
+ ## Deviation Threshold
603
+
604
+ The AI may deviate from the sub-skill document by **≤15%** during execution. Deviations exceeding 15% must be explained to the user and require explicit approval.
605
+
606
+ ---
607
+
608
+ # Phase 7: Mandatory Audit
609
+
610
+ After packaging is complete, the AI **MUST** load and execute `audit.md`. The audit cannot be skipped under any circumstances.
611
+
612
+ ---
613
+
614
+ # Phase 8: Final Output
615
+
616
+ ```
617
+ ═══════════════════════════════════════════════
618
+ BUILD REPORT
619
+ ═══════════════════════════════════════════════
620
+
621
+ [TECH STACK]
622
+ Framework: [Electron / Tauri / ...]
623
+ Frontend: [React + Vite / ...]
624
+ Backend: [Express + SQLite / ...]
625
+ Build: [esbuild / cargo / ...]
626
+
627
+ [PACKAGE INFO]
628
+ Filename: [AppName-Setup-1.0.0.exe]
629
+ Size: [XXX MB]
630
+ Platform: [Windows x64 / ...]
631
+
632
+ [FILE ARCHITECTURE]
633
+ [key directory structure]
634
+
635
+ [SECURITY]
636
+ Encryption: [AES-256-CBC + obfuscation + image embedding]
637
+ Decryption: [server-side automatic]
638
+
639
+ [AUDIT RESULTS]
640
+ ✅ Package valid and installable
641
+ ✅ App launches without errors
642
+ ✅ Data persistence works
643
+ ✅ No credential leaks
644
+ ✅ No residual build artifacts
645
+ ✅ All user requirements met
646
+
647
+ [PACKAGE LOCATION]
648
+ [absolute path]
649
+ ═══════════════════════════════════════════════
650
+ ```
651
+
652
+ ---
653
+ ---
654
+
655
+ # Appendix: Best Practices & Common Mistakes
656
+
657
+ ## Common Mistakes (from Industry Survey)
658
+
659
+ 1. **Not code-signing binaries** — macOS Gatekeeper and Windows SmartScreen will block unsigned apps. Always sign with a valid certificate.
660
+ 2. **Hardcoding paths** — Use platform APIs (`app.getPath()`, `XDG_*` env vars) instead of absolute paths.
661
+ 3. **Bundling node_modules wholesale** — Use ASAR, tree-shaking, and exclude dev dependencies.
662
+ 4. **Ignoring platform-specific behavior** — Line endings, path separators, case sensitivity, default shell differences.
663
+ 5. **Not testing the packaged build** — Always test on a clean VM without dev tools installed.
664
+ 6. **Missing/broken auto-update** — Implement from day one using `electron-updater` or equivalent.
665
+ 7. **ASAR integrity issue** — Native modules (better-sqlite3, sharp) must be in `asarUnpack`.
666
+ 8. **Not handling first-run** — Create default config/data directories, handle missing files gracefully.
667
+ 9. **Over-bundling** — Include only target-platform binaries, not all platforms.
668
+ 10. **Insufficient production logging** — Use crash reporter (Sentry, electron-log) for debugging.
669
+
670
+ ## Best Practices (2025-2026)
671
+
672
+ | Practice | Description |
673
+ |----------|-------------|
674
+ | **Code signing** | macOS: Developer ID + notarization. Windows: EV/OV certificate. Linux: GPG signing. |
675
+ | **ASAR bundling** | Protect source code, simplify file layout. Configure `asarUnpack` for native modules. |
676
+ | **Auto-update from day one** | `electron-updater` (electron-builder) or `autoUpdater` (electron-forge). Use GitHub Releases or custom server. |
677
+ | **Test on clean machines** | Fresh VM without dev tools catches missing runtime dependencies. |
678
+ | **Separate main/renderer processes** | Heavy computation in main or utility process. Keep renderer free for UI. |
679
+ | **Minimize bundle size** | Tree-shaking, exclude dev deps, compress assets, minimize native modules. |
680
+ | **Handle permissions/sandboxing** | macOS: entitlements. Windows: UAC. Linux: Flatpak portals. |
681
+ | **Provide uninstallers** | NSIS: configure `deleteAppDataOnUninstall`. MSIX: auto-uninstall. AppImage: document removal. |
682
+ | **Use CI/CD** | GitHub Actions/Azure Pipelines. Build on each platform natively. |
683
+ | **Version lock packaging tools** | Pin electron-builder/forge/tauri-cli versions to avoid surprise breakage. |
684
+ | **Include crash reporter** | `@sentry/electron` or `electron-log` for production error tracking. |
685
+
686
+ ## Framework Version Reference (2025-2026)
687
+
688
+ | Framework | Version | Key Features |
689
+ |-----------|---------|-------------|
690
+ | Electron | 43.x | Chromium 150, Node.js 24, clipboard removed from renderer (v44), 32-bit dropped (v44) |
691
+ | electron-builder | 26.x | YAML/JSON config, NSIS/MSI/AppImage/DMG (compatible with Electron 43) |
692
+ | electron-forge | 7.x | Official Electron team recommendation, plugin architecture |
693
+ | electron-updater | 6.x | Auto-update with differential downloads |
694
+ | Tauri | 2.11.x | Mobile (iOS/Android) stable, Rust backend, 2-6MB bundles |
695
+ | Node.js | 26.x LTS / 22.x LTS | require(esm) default (v23+), Temporal API (v26), Undici 8 |
696
+ | Vite | 8.x | Latest build tool (verify plugin compatibility for v7/v8 migrations) |
697
+ | Next.js | 16.x | App Router, RSC, standalone output |
698
+ | React Native | 0.86.x | New Architecture default, Hermes engine |
699
+ | Flutter | 3.44.x / Dart 3.12 | Impeller renderer default, desktop GA, WebAssembly support |
700
+ | Go | 1.26.x | Latest stable (check stdlib breaking changes) |
701
+ | Spring Boot | 3.5.x | GraalVM native image improvements |
702
+ | Capacitor | 8.x | Web → mobile bridge (verify config format changes from v6) |
703
+ | Wails | 2.10.x | Go backend, v3 beta available |
704
+ | Neutralinojs | 5.6.x | 1-3MB binaries, minimal footprint |
705
+ | Dioxus | 0.6.x | React-like Rust UI, pre-1.0 |
706
+ | Pake/PakePlus | 2.7.x | Rust+Tauri wrapper, 3-10MB |
707
+
708
+ ## electron-builder vs electron-forge
709
+
710
+ | Aspect | electron-builder (26.x) | electron-forge (7.x) |
711
+ |--------|------------------------|---------------------|
712
+ | Config | YAML/JSON/JS | forge.config.js (JS/TS) |
713
+ | Output | NSIS, MSI, AppImage, DMG, DEB, RPM, Snap, Flatpak | DMG, ZIP, Squirrel, DEB, RPM, Snap, Flatpak, MSI, AppX, MSIX |
714
+ | Plugin system | Limited (custom afterPack) | Rich plugin architecture |
715
+ | Community | Very mature, widely used | Official Electron team recommendation |
716
+ | Code signing | Good, manual macOS notarization tweaks | Tight integration with osxSign/osxNotarize |
717
+ | Auto-update | electron-updater (built-in) | @electron/update-electron-app |
718
+ | **When to prefer** | Complex packaging rules, existing projects | New projects, first-party support |
719
+