packwise-skills 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.cursorrules +23 -0
- package/CLAUDE.md +25 -0
- package/README.md +295 -0
- package/audit.md +224 -0
- package/bin/packwise.js +155 -0
- package/package.json +31 -0
- package/skill.md +719 -0
- package/sub-skills/ai/local-llm.md +183 -0
- package/sub-skills/ai/python-ml.md +164 -0
- package/sub-skills/backend/go-server.md +184 -0
- package/sub-skills/backend/java-spring.md +241 -0
- package/sub-skills/backend/node-server.md +164 -0
- package/sub-skills/backend/php-laravel.md +175 -0
- package/sub-skills/backend/python-server.md +164 -0
- package/sub-skills/backend/rust-backend.md +118 -0
- package/sub-skills/cli/python-cli.md +236 -0
- package/sub-skills/cli/sdk-library.md +497 -0
- package/sub-skills/cloud/ci-cd-pipelines.md +350 -0
- package/sub-skills/cloud/docker.md +191 -0
- package/sub-skills/cloud/kubernetes.md +277 -0
- package/sub-skills/cloud/payment-integration.md +307 -0
- package/sub-skills/cross-platform/multiplatform.md +252 -0
- package/sub-skills/desktop/electron.md +783 -0
- package/sub-skills/desktop/game-dev.md +443 -0
- package/sub-skills/desktop/native-app.md +123 -0
- package/sub-skills/desktop/scenarios.md +443 -0
- package/sub-skills/desktop/smart-platforms.md +324 -0
- package/sub-skills/desktop/tauri.md +428 -0
- package/sub-skills/desktop/vr-ar.md +252 -0
- package/sub-skills/desktop/web-to-desktop.md +153 -0
- package/sub-skills/embedded/car-infotainment.md +129 -0
- package/sub-skills/embedded/esp32.md +184 -0
- package/sub-skills/embedded/ros.md +150 -0
- package/sub-skills/embedded/stm32.md +160 -0
- package/sub-skills/mobile/android.md +322 -0
- package/sub-skills/mobile/capacitor.md +232 -0
- package/sub-skills/mobile/flutter-mobile.md +138 -0
- package/sub-skills/mobile/harmonyos.md +150 -0
- package/sub-skills/mobile/ios.md +245 -0
- package/sub-skills/mobile/react-native.md +443 -0
- package/sub-skills/mobile/wearables.md +230 -0
- package/sub-skills/plugins/browser-extension.md +308 -0
- package/sub-skills/plugins/jetbrains-plugin.md +226 -0
- package/sub-skills/plugins/vscode-extension.md +204 -0
- package/sub-skills/security/security-tools.md +174 -0
- package/sub-skills/web/monorepo.md +274 -0
- package/sub-skills/web/pwa.md +220 -0
- package/sub-skills/web/serverless-edge.md +295 -0
- package/sub-skills/web/spa.md +266 -0
- package/sub-skills/web/ssr.md +228 -0
- package/sub-skills/web/wasm.md +243 -0
package/skill.md
ADDED
|
@@ -0,0 +1,719 @@
|
|
|
1
|
+
# Package Skills Plugin — Universal Build & Packaging Orchestrator
|
|
2
|
+
|
|
3
|
+
Covers all **build and packaging** scenarios for indie developers, startups, and small-to-medium software companies: desktop, mobile, web, backend, AI/ML, CLI, plugins, embedded, security tools, containerization, cross-platform frameworks, monorepos, WebAssembly, VR/AR, wearables, smart platforms, serverless, CI/CD, and payment integration.
|
|
4
|
+
|
|
5
|
+
> **Scope**: This skill focuses on **building and packaging** source code into distributable artifacts (`.apk`, `.exe`, `.dmg`, `.vsix`, Docker images, WASM modules, etc.). Production operations and infrastructure provisioning are outside its scope.
|
|
6
|
+
|
|
7
|
+
## Trigger Words
|
|
8
|
+
|
|
9
|
+
"package", "build", "bundle", "compile", "installer", "desktop app", "generate exe", "build software", "client packaging", "develop plugin", "app packaging", "embedded", "publish to store", "containerize", "Docker", "WASM", "monorepo build", "cross-compile"
|
|
10
|
+
|
|
11
|
+
## Plugin Architecture
|
|
12
|
+
|
|
13
|
+
```
|
|
14
|
+
package/
|
|
15
|
+
├── skill.md ← Main orchestrator: scan → classify → guide → dispatch
|
|
16
|
+
├── audit.md ← Post-build audit (top-level, mandatory)
|
|
17
|
+
└── sub-skills/
|
|
18
|
+
├── desktop/ ← Desktop apps (9)
|
|
19
|
+
│ ├── electron.md ← Electron (security, path resolution, packaging, signing, auto-update, CI/CD, pitfalls)
|
|
20
|
+
│ ├── tauri.md ← Tauri 2.0 (Rust backend, minimal footprint)
|
|
21
|
+
│ ├── native-app.md ← Qt/Flutter/.NET (performance-critical)
|
|
22
|
+
│ ├── web-to-desktop.md ← Web-to-desktop (Pake/Neutralinojs)
|
|
23
|
+
│ ├── game-dev.md ← Game dev (Unity/Unreal/Godot)
|
|
24
|
+
│ ├── vr-ar.md ← VR/AR (Meta Quest/Vision Pro/SteamVR)
|
|
25
|
+
│ ├── smart-platforms.md ← Smart TV/Car/RPi (Android TV/tvOS/webOS/Tizen)
|
|
26
|
+
│ └── scenarios.md ← Desktop scenarios (AI/ERP/trading/IoT/IM)
|
|
27
|
+
├── mobile/ ← Mobile (7)
|
|
28
|
+
│ ├── android.md ← Android native (Kotlin/Java)
|
|
29
|
+
│ ├── ios.md ← iOS/iPadOS (Swift/ObjC)
|
|
30
|
+
│ ├── harmonyos.md ← HarmonyOS (ArkTS)
|
|
31
|
+
│ ├── flutter-mobile.md ← Flutter mobile
|
|
32
|
+
│ ├── react-native.md ← React Native
|
|
33
|
+
│ ├── capacitor.md ← Capacitor (Web → mobile)
|
|
34
|
+
│ └── wearables.md ← Wearables (watchOS/Wear OS/Galaxy Watch)
|
|
35
|
+
├── web/ ← Web apps (6)
|
|
36
|
+
│ ├── spa.md ← SPA (React/Vue/Angular/Svelte)
|
|
37
|
+
│ ├── ssr.md ← SSR (Next.js/Nuxt/Remix)
|
|
38
|
+
│ ├── pwa.md ← PWA (Progressive Web App)
|
|
39
|
+
│ ├── serverless-edge.md ← Serverless & Edge (Lambda/CF Workers/Vercel)
|
|
40
|
+
│ ├── monorepo.md ← Monorepo (Turborepo/Nx/pnpm workspaces)
|
|
41
|
+
│ └── wasm.md ← WebAssembly (Rust/Go/C → WASM)
|
|
42
|
+
├── backend/ ← Backend services (6)
|
|
43
|
+
│ ├── node-server.md ← Node.js (Express/Nest/Fastify)
|
|
44
|
+
│ ├── python-server.md ← Python (Flask/Django/FastAPI)
|
|
45
|
+
│ ├── go-server.md ← Go (Gin/Echo/Fiber)
|
|
46
|
+
│ ├── rust-backend.md ← Rust (Axum/Actix-Web/Rocket)
|
|
47
|
+
│ ├── java-spring.md ← Java (Spring Boot/Quarkus/Micronaut)
|
|
48
|
+
│ └── php-laravel.md ← PHP (Laravel/Symfony/Slim)
|
|
49
|
+
├── ai/ ← AI/ML (2)
|
|
50
|
+
│ ├── python-ml.md ← Python ML model packaging
|
|
51
|
+
│ └── local-llm.md ← Local LLM applications
|
|
52
|
+
├── cli/ ← CLI tools & Libraries (2)
|
|
53
|
+
│ ├── python-cli.md ← Python CLI tools
|
|
54
|
+
│ └── sdk-library.md ← SDK/Library publishing (npm/PyPI/crates.io/Maven/NuGet/Go)
|
|
55
|
+
├── plugins/ ← Plugins (3)
|
|
56
|
+
│ ├── browser-extension.md ← Chrome/Edge/Firefox extensions
|
|
57
|
+
│ ├── vscode-extension.md ← VS Code extensions
|
|
58
|
+
│ └── jetbrains-plugin.md ← JetBrains plugins
|
|
59
|
+
├── embedded/ ← Embedded (4)
|
|
60
|
+
│ ├── esp32.md ← ESP32 (Arduino/ESP-IDF)
|
|
61
|
+
│ ├── stm32.md ← STM32 (Keil/CubeIDE)
|
|
62
|
+
│ ├── ros.md ← ROS/ROS2 robotics
|
|
63
|
+
│ └── car-infotainment.md ← Car infotainment (HarmonyOS/Auto/QNX)
|
|
64
|
+
├── security/ ← Security tools (1)
|
|
65
|
+
│ └── security-tools.md ← Pentest / scanners / SIEM
|
|
66
|
+
├── cloud/ ← Cloud & Infrastructure (4)
|
|
67
|
+
│ ├── docker.md ← Docker containerization
|
|
68
|
+
│ ├── kubernetes.md ← Kubernetes/Helm/K3s
|
|
69
|
+
│ ├── ci-cd-pipelines.md ← CI/CD (GitHub Actions/GitLab CI/Jenkins)
|
|
70
|
+
│ └── payment-integration.md ← Payment (Stripe/Alipay/WeChat Pay/IAP)
|
|
71
|
+
└── cross-platform/ ← Cross-platform frameworks (1)
|
|
72
|
+
└── multiplatform.md ← .NET MAUI / Kotlin Multiplatform / Compose Multiplatform
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
## Core Workflow
|
|
76
|
+
|
|
77
|
+
```
|
|
78
|
+
1. Project Scan → Identify project type, language, dependencies, architecture
|
|
79
|
+
2. Report & Intake → Report findings to user → Ask key questions interactively
|
|
80
|
+
3. Analyze & Research → Combine scan results + user answers + online research (if needed)
|
|
81
|
+
4. Recommend & Guide → Present RECOMMENDED solution + 2-3 alternatives with reasoning → discuss with user
|
|
82
|
+
5. Confirm Plan → User selects final approach → generate confirmation summary
|
|
83
|
+
6. Execute → Load sub-skill → run build process (≤15% deviation without approval)
|
|
84
|
+
7. Audit → Execute audit.md (mandatory, cannot be skipped)
|
|
85
|
+
8. Final Report → Output structured build report
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
> **Guidance Philosophy**: The LLM acts as a **build consultant**, not a form-filler. After scanning and asking questions, the LLM MUST synthesize all information, perform targeted research if needed, and present a clear recommendation with reasoning. The user should feel guided, not interrogated.
|
|
89
|
+
|
|
90
|
+
### Step 2: Report & Intake
|
|
91
|
+
|
|
92
|
+
After scanning, the AI reports findings and asks questions **in one interactive session**. Do NOT split across multiple steps.
|
|
93
|
+
|
|
94
|
+
**Format**: Present each question as a numbered list. Mark the **⭐ Recommended** option with reasoning. Let the user reply with numbers (e.g., "1,2,4,3,1,2") or answer conversationally. If the user says "skip", use the recommended option.
|
|
95
|
+
|
|
96
|
+
---
|
|
97
|
+
|
|
98
|
+
#### Part A: Project Summary (Tell the User What You Found)
|
|
99
|
+
|
|
100
|
+
> **Scanning is the foundation of everything.** If the scan is wrong, all downstream decisions will be wrong. The LLM MUST scan thoroughly before asking any questions. If the scan reveals issues (missing dependencies, .env files, outdated configs), **flag them immediately** — don't wait until build time.
|
|
101
|
+
|
|
102
|
+
```
|
|
103
|
+
📋 Project Scan Results:
|
|
104
|
+
- Framework: [detected framework]
|
|
105
|
+
- Language: [detected language]
|
|
106
|
+
- Estimated complexity: [L1/L2/L3]
|
|
107
|
+
- Key dependencies: [list]
|
|
108
|
+
- Source files: [count]
|
|
109
|
+
- Notable: [any special findings — native modules, env files, game engine, etc.]
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
**Dependency Completeness Check** (auto-run during scan):
|
|
113
|
+
|
|
114
|
+
The LLM MUST verify that all required dependencies for the detected framework are present. If anything is missing, **tell the user before proceeding**:
|
|
115
|
+
|
|
116
|
+
| Framework | Required Dependencies | Check Command |
|
|
117
|
+
|-----------|----------------------|---------------|
|
|
118
|
+
| Tauri | `@tauri-apps/api` in package.json | `grep "@tauri-apps/api" package.json` |
|
|
119
|
+
| Electron | `electron` + `electron-builder` in devDependencies | `grep "electron" package.json` |
|
|
120
|
+
| React Native | `react-native` + `@react-native-community/cli` | `grep "react-native" package.json` |
|
|
121
|
+
| Capacitor | `@capacitor/core` + `@capacitor/cli` | `grep "@capacitor" package.json` |
|
|
122
|
+
| Vue + Vite | `vue` + `@vitejs/plugin-vue` + `vite` | `grep "vue\|vite" package.json` |
|
|
123
|
+
| Next.js | `next` + `react` + `react-dom` | `grep "next\|react" package.json` |
|
|
124
|
+
|
|
125
|
+
**Security Scan** (auto-run during scan):
|
|
126
|
+
|
|
127
|
+
| What to check | Why | Action if found |
|
|
128
|
+
|---------------|-----|----------------|
|
|
129
|
+
| `.env` / `.env.*` files | May contain API keys, tokens | ⚠️ Flag to user: "Found .env with sensitive data — will remove before packaging" |
|
|
130
|
+
| Hardcoded `sk-` / `api_key` / `secret` in source | Credential leak | ⚠️ Flag to user: "Found hardcoded credentials in [file]" |
|
|
131
|
+
| `node_modules` in git | Bloat, potential secret leak | ⚠️ Suggest adding to `.gitignore` |
|
|
132
|
+
| Missing `.gitignore` | May accidentally commit secrets | ⚠️ Suggest creating one |
|
|
133
|
+
|
|
134
|
+
---
|
|
135
|
+
|
|
136
|
+
#### Part B: Key Questions
|
|
137
|
+
|
|
138
|
+
**Q1. Who are the target users?**
|
|
139
|
+
- 1. ⭐ General consumers → One-click installer (NSIS/DMG/APK)
|
|
140
|
+
- 2. Enterprise internal → MSI/Group Policy/MDM
|
|
141
|
+
- 3. Developers → npm/pip/cargo
|
|
142
|
+
- 4. Government/military → Domestic platform adaptation
|
|
143
|
+
|
|
144
|
+
**Q2. Distribution channel?**
|
|
145
|
+
- 1. ⭐ Website download → Code signing + auto-update
|
|
146
|
+
- 2. App Store → Store signing + review compliance
|
|
147
|
+
- 3. Enterprise internal → MDM/Group Policy
|
|
148
|
+
- 4. Open source → GitHub Releases / npm / PyPI
|
|
149
|
+
|
|
150
|
+
**Q3. Target platform(s)?** (multi-select)
|
|
151
|
+
- 1. ⭐ Windows
|
|
152
|
+
- 2. macOS
|
|
153
|
+
- 3. Linux
|
|
154
|
+
- 4. All desktop (1+2+3)
|
|
155
|
+
- 5. Android
|
|
156
|
+
- 6. iOS/iPadOS
|
|
157
|
+
|
|
158
|
+
**Q3b. Architecture per platform?** (ask for EACH platform selected in Q3)
|
|
159
|
+
|
|
160
|
+
> Example: If user selected "Windows + macOS" in Q3, ask:
|
|
161
|
+
> "You selected Windows and macOS. Now choose architecture for each:"
|
|
162
|
+
|
|
163
|
+
- **Windows architecture?**
|
|
164
|
+
- 1. ⭐ x64 only (most common, covers 99% of PCs)
|
|
165
|
+
- 2. ARM64 only (Surface Pro X, Snapdragon laptops)
|
|
166
|
+
- 3. Both x64 + ARM64 (two installers output)
|
|
167
|
+
- **macOS architecture?**
|
|
168
|
+
- 1. ⭐ Universal Binary (x64 + ARM64 in one file, works on all Macs)
|
|
169
|
+
- 2. ARM64 only (Apple Silicon M1+, no Intel Mac support)
|
|
170
|
+
- 3. x64 only (Intel Macs only, not recommended)
|
|
171
|
+
- **Linux architecture?**
|
|
172
|
+
- 1. ⭐ x64 only (most common)
|
|
173
|
+
- 2. ARM64 only (Raspberry Pi 4/5, ARM servers)
|
|
174
|
+
- 3. Both x64 + ARM64 (two packages output)
|
|
175
|
+
- **Android architecture?**
|
|
176
|
+
- 1. ⭐ ARM64 (v8a) — covers 95%+ of modern devices
|
|
177
|
+
- 2. ARM64 + ARMv7 (for older devices, larger APK)
|
|
178
|
+
- 3. Universal APK (all architectures, largest size)
|
|
179
|
+
- **iOS architecture?**
|
|
180
|
+
- 1. ⭐ ARM64 (all modern Apple devices, automatic)
|
|
181
|
+
|
|
182
|
+
> All selected architecture packages will be output to the same target folder (Q11).
|
|
183
|
+
|
|
184
|
+
**Q4. App name, version, copyright holder?**
|
|
185
|
+
|
|
186
|
+
**Q5. Logo/icon ready?**
|
|
187
|
+
- 1. ⭐ Yes, I have icons → Ask for path, format, sizes
|
|
188
|
+
- 2. Need to generate → Recommend tool based on platform
|
|
189
|
+
- 3. Use default → Not recommended for production
|
|
190
|
+
|
|
191
|
+
**Q6. Source code protection (anti-reverse-engineering)?**
|
|
192
|
+
|
|
193
|
+
> This determines how hard it is for someone to decompile and read your source code from the packaged app.
|
|
194
|
+
|
|
195
|
+
- 1. ⭐ **Standard packaging** — Code bundled but extractable with basic tools. Fine for most apps. (Electron: ASAR; Tauri: already compiled Rust, very hard to reverse)
|
|
196
|
+
- 2. **Obfuscation** — JavaScript/TypeScript code is scrambled (variable names mangled, control flow flattened). Takes minutes to hours to reverse. Adds ~1 min build time.
|
|
197
|
+
- 3. **Bytecode compilation** — Source code compiled to V8 binary bytecode (.jsc). Cannot be read as text. Must match Electron's Node.js version. Takes ~2 min build time. (Electron only)
|
|
198
|
+
- 4. **Full protection scheme** — All of the above + AES-256-CBC encryption of config files + image base64 embedding. Recommended for commercial software with proprietary algorithms. Adds ~5 min build time.
|
|
199
|
+
- 5. **None** — Open source project, no protection needed. Anyone can read the code.
|
|
200
|
+
|
|
201
|
+
**Q7. Clear test data and hardcoded keys before packaging?**
|
|
202
|
+
- 1. ⭐ Yes, clean everything
|
|
203
|
+
- 2. No (dev build only)
|
|
204
|
+
|
|
205
|
+
**Q8. Code signing?**
|
|
206
|
+
- 1. ⭐ Yes, I have certificates
|
|
207
|
+
- 2. No signing (will show security warnings)
|
|
208
|
+
- 3. Help me understand what I need
|
|
209
|
+
|
|
210
|
+
**Q9. Auto-update?**
|
|
211
|
+
- 1. ⭐ Yes
|
|
212
|
+
- 2. No
|
|
213
|
+
|
|
214
|
+
**Q10. Budget / team capability?**
|
|
215
|
+
- 1. ⭐ Zero budget, individual developer
|
|
216
|
+
- 2. Has Apple Developer account ($99/year)
|
|
217
|
+
- 3. Has code signing certificate
|
|
218
|
+
- 4. Team has Rust experience
|
|
219
|
+
- 5. Team has only frontend experience
|
|
220
|
+
|
|
221
|
+
**Q11. Output location?**
|
|
222
|
+
- 1. ⭐ `./release/` (default)
|
|
223
|
+
- 2. Custom path
|
|
224
|
+
|
|
225
|
+
**Q12. Any special requirements?**
|
|
226
|
+
- (Open-ended: custom protocol, system tray, multi-window, offline-first, etc.)
|
|
227
|
+
|
|
228
|
+
---
|
|
229
|
+
|
|
230
|
+
### Step 3: Analyze & Research
|
|
231
|
+
|
|
232
|
+
After collecting the user's answers, the LLM **MUST**:
|
|
233
|
+
|
|
234
|
+
1. **Synthesize** — Combine scan results (Step 1) + user answers (Step 2) + complexity assessment
|
|
235
|
+
2. **Research if needed** — If the project type is niche or the user has unusual requirements, search for official documentation or community solutions (time-boxed to 2-3 minutes)
|
|
236
|
+
3. **Determine the best approach** — Based on ALL available information, identify the optimal packaging strategy
|
|
237
|
+
4. **Identify alternatives** — Find 2-3 viable alternatives with clear trade-offs
|
|
238
|
+
|
|
239
|
+
**When to research online:**
|
|
240
|
+
- User's framework/version is not covered by any sub-skill
|
|
241
|
+
- User has requirements that conflict with standard approaches
|
|
242
|
+
- Latest best practices may have changed (check official docs)
|
|
243
|
+
|
|
244
|
+
**When NOT to research:**
|
|
245
|
+
- The project clearly matches an existing sub-skill
|
|
246
|
+
- User's requirements are straightforward
|
|
247
|
+
- Research would add no value beyond what the sub-skill already covers
|
|
248
|
+
|
|
249
|
+
---
|
|
250
|
+
|
|
251
|
+
### Step 4: Recommend & Guide (THE KEY STEP)
|
|
252
|
+
|
|
253
|
+
This is where the LLM acts as a **consultant**. Present the analysis as a conversation, not a data dump.
|
|
254
|
+
|
|
255
|
+
**Output format:**
|
|
256
|
+
|
|
257
|
+
```
|
|
258
|
+
═══════════════════════════════════════════════
|
|
259
|
+
PACKAGING RECOMMENDATION
|
|
260
|
+
═══════════════════════════════════════════════
|
|
261
|
+
|
|
262
|
+
Based on your project scan and requirements, here is my analysis:
|
|
263
|
+
|
|
264
|
+
[Project Analysis]
|
|
265
|
+
Your [framework] project has [complexity] complexity with [key characteristics].
|
|
266
|
+
The main challenge will be [identified challenge].
|
|
267
|
+
|
|
268
|
+
⭐ RECOMMENDED: [Solution Name]
|
|
269
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
270
|
+
Why this approach:
|
|
271
|
+
- [Reason 1 — e.g., "Your team has only frontend experience, so Electron is the lowest barrier"]
|
|
272
|
+
- [Reason 2 — e.g., "You need SQLite native module, which requires Node.js runtime"]
|
|
273
|
+
- [Reason 3 — e.g., "Target size ~150MB is acceptable for your use case"]
|
|
274
|
+
|
|
275
|
+
Configuration:
|
|
276
|
+
- Framework: [Electron 43 + React + Express + SQLite]
|
|
277
|
+
- Build tool: [electron-builder 26]
|
|
278
|
+
- Platforms: [Windows + macOS]
|
|
279
|
+
- Architecture: [Windows x64, macOS Universal]
|
|
280
|
+
- Package format: [NSIS for Windows x64, DMG for macOS Universal]
|
|
281
|
+
- Source protection: [ASAR + JavaScript obfuscation]
|
|
282
|
+
- Signing: [Windows EV cert + macOS Developer ID]
|
|
283
|
+
- Auto-update: [electron-updater via GitHub Releases]
|
|
284
|
+
- Output folder: [./release/]
|
|
285
|
+
- Expected size: [~150MB per platform]
|
|
286
|
+
|
|
287
|
+
Alternative A: [Tauri 2.11]
|
|
288
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
289
|
+
- Pro: Much smaller (3-10MB), better performance
|
|
290
|
+
- Con: Requires Rust rewrite of backend, higher learning curve
|
|
291
|
+
- When to choose: If team can learn Rust and package size is critical
|
|
292
|
+
|
|
293
|
+
Alternative B: [Neutralinojs]
|
|
294
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
295
|
+
- Pro: Minimal footprint (~2MB)
|
|
296
|
+
- Con: Limited native module support, smaller ecosystem
|
|
297
|
+
- When to choose: If app is mostly a web wrapper with no backend
|
|
298
|
+
|
|
299
|
+
═══════════════════════════════════════════════
|
|
300
|
+
Which approach would you like to proceed with?
|
|
301
|
+
1. ⭐ Recommended ([Solution Name])
|
|
302
|
+
2. Alternative A
|
|
303
|
+
3. Alternative B
|
|
304
|
+
4. Custom combination (tell me what you want)
|
|
305
|
+
═══════════════════════════════════════════════
|
|
306
|
+
```
|
|
307
|
+
|
|
308
|
+
**Key principles for the recommendation:**
|
|
309
|
+
- **Lead with WHY** — Don't just say "use Electron". Explain WHY based on the user's specific answers.
|
|
310
|
+
- **Be specific** — Reference the user's actual requirements (target users, platform, budget).
|
|
311
|
+
- **Quantify** — Give expected package size, build time, complexity.
|
|
312
|
+
- **Honest trade-offs** — Don't hide downsides. "Electron is 150MB but Tauri is 3MB" is better than pretending size doesn't matter.
|
|
313
|
+
- **Conditional advice** — "If X changes, switch to Y" helps the user understand the decision tree.
|
|
314
|
+
- **Don't rush** — If the user wants to discuss, engage. Answer questions before proceeding.
|
|
315
|
+
|
|
316
|
+
---
|
|
317
|
+
|
|
318
|
+
### Step 5: Confirm Plan
|
|
319
|
+
|
|
320
|
+
After the user selects an approach, generate a final confirmation summary:
|
|
321
|
+
|
|
322
|
+
```
|
|
323
|
+
═══════════════════════════════════════════════
|
|
324
|
+
FINAL BUILD PLAN
|
|
325
|
+
═══════════════════════════════════════════════
|
|
326
|
+
|
|
327
|
+
[App] MyApp v1.0.0
|
|
328
|
+
[Framework] Electron 43 + React + Express + SQLite
|
|
329
|
+
[Platform] Windows + macOS
|
|
330
|
+
[Architecture] Windows: x64 | macOS: Universal (x64+ARM64)
|
|
331
|
+
[Installer] NSIS (.exe) for Win x64 + DMG for macOS Universal
|
|
332
|
+
[Logo] icon.png (256x256, PNG with alpha, rounded corners applied)
|
|
333
|
+
[Output] ./release/ (all installers in this folder)
|
|
334
|
+
[Protection] ASAR + JavaScript obfuscation
|
|
335
|
+
[Test Data] ✅ Cleared
|
|
336
|
+
[API Keys] ✅ Cleared
|
|
337
|
+
[Signing] Windows EV cert + macOS Developer ID + notarization
|
|
338
|
+
[Auto-update] electron-updater via GitHub Releases
|
|
339
|
+
|
|
340
|
+
═══════════════════════════════════════════════
|
|
341
|
+
Reply 'yes' to start building, or tell me what to change.
|
|
342
|
+
═══════════════════════════════════════════════
|
|
343
|
+
```
|
|
344
|
+
|
|
345
|
+
Only proceed to execution after the user explicitly confirms.
|
|
346
|
+
|
|
347
|
+
---
|
|
348
|
+
|
|
349
|
+
**Dynamic Adaptation Rules:**
|
|
350
|
+
- Do NOT lock into rigid rules. If the user has special requirements (e.g., "I need to support both Windows XP and the latest macOS"), provide a viable approach rather than saying "not supported"
|
|
351
|
+
- If the standard sub-skill approach does not fit, provide a custom solution based on general engineering knowledge
|
|
352
|
+
- Every recommendation MUST explain **why** this approach is recommended and **under what circumstances** to switch to an alternative
|
|
353
|
+
- When the user asks about **deployment or hosting** (e.g., "How do I deploy this Docker image?", "Which platform should I host on?"), provide guidance on WHERE and HOW to deploy, but do NOT execute the deployment — that is outside this skill's scope. This skill handles building and packaging only.
|
|
354
|
+
- If the user skips a question (says "skip" or "default"), use the ⭐ recommended option and note it in the confirmation summary
|
|
355
|
+
|
|
356
|
+
---
|
|
357
|
+
|
|
358
|
+
### Step 1.5: Handling Uncovered Projects (Online Research)
|
|
359
|
+
|
|
360
|
+
When the user's project does NOT match any existing sub-skill (e.g., a niche framework, emerging technology, or proprietary platform):
|
|
361
|
+
|
|
362
|
+
1. **Search for official documentation** — Find the framework/platform's official build guide
|
|
363
|
+
2. **Search for community solutions** — Look for GitHub repos, blog posts, or Stack Overflow answers from experienced developers
|
|
364
|
+
3. **Adapt a similar sub-skill** — Find the closest matching sub-skill and adapt its patterns
|
|
365
|
+
4. **Time-box the research** — Spend no more than 2-3 minutes on research. If no clear guide is found, tell the user honestly and suggest they consult the platform's official documentation
|
|
366
|
+
5. **Document the approach** — Present the found approach to the user for confirmation before proceeding
|
|
367
|
+
|
|
368
|
+
**Priority for research sources:**
|
|
369
|
+
1. Official documentation (docs.xxx.com)
|
|
370
|
+
2. Official GitHub repository (README, wiki, examples)
|
|
371
|
+
3. Well-known tech blogs (with verifiable code examples)
|
|
372
|
+
4. Stack Overflow answers with high vote counts
|
|
373
|
+
5. **Never** use unverified random blog posts or outdated tutorials
|
|
374
|
+
|
|
375
|
+
---
|
|
376
|
+
|
|
377
|
+
# Phase 1: Project Scan
|
|
378
|
+
|
|
379
|
+
Execute the following scan commands before any decision-making:
|
|
380
|
+
|
|
381
|
+
```bash
|
|
382
|
+
# ── Project structure detection ──
|
|
383
|
+
find . -maxdepth 2 -name "package.json" -o -name "Cargo.toml" -o -name "pubspec.yaml" \
|
|
384
|
+
-o -name "*.csproj" -o -name "go.mod" -o -name "CMakeLists.txt" \
|
|
385
|
+
-o -name "build.gradle" -o -name "pom.xml" -o -name "pyproject.toml" \
|
|
386
|
+
-o -name "requirements.txt" -o -name "Gemfile" -o -name "setup.py" 2>/dev/null
|
|
387
|
+
|
|
388
|
+
# ── Backend presence ──
|
|
389
|
+
ls server/ src/server/ backend/ api/ api-rs/ src-tauri/ app/ cmd/ internal/ 2>/dev/null
|
|
390
|
+
|
|
391
|
+
# ── Language detection ──
|
|
392
|
+
ls *.py *.go *.rs *.java *.cs *.dart *.swift *.c *.cpp *.h *.hpp *.kt *.ets 2>/dev/null
|
|
393
|
+
|
|
394
|
+
# ── Node.js dependency analysis ──
|
|
395
|
+
if [ -f package.json ]; then
|
|
396
|
+
echo "=== Frontend ==="
|
|
397
|
+
cat package.json | grep -oE '"(react|vue|svelte|angular|tailwindcss|vite|webpack|esbuild)[^"]*"' 2>/dev/null
|
|
398
|
+
echo "=== Native Modules ==="
|
|
399
|
+
cat package.json | grep -oE '"(better-sqlite3|sharp|bcrypt|canvas|node-gyp|serialport|usb)[^"]*"' 2>/dev/null
|
|
400
|
+
echo "=== Database ==="
|
|
401
|
+
cat package.json | grep -oE '"(sqlite|mysql|postgres|mongo|prisma|drizzle|redis|better-sqlite3)[^"]*"' 2>/dev/null
|
|
402
|
+
echo "=== Cloud Services ==="
|
|
403
|
+
cat package.json | grep -oE '"(openai|anthropic|google.*ai|deepseek|azure|aws|firebase)[^"]*"' 2>/dev/null
|
|
404
|
+
echo "=== Realtime ==="
|
|
405
|
+
cat package.json | grep -oE '"(socket\.io|ws:|websocket|mqtt|nats|sse)[^"]*"' 2>/dev/null
|
|
406
|
+
echo "=== Mobile ==="
|
|
407
|
+
cat package.json | grep -oE '"(react-native|expo|@capacitor|ionic|nativescript)[^"]*"' 2>/dev/null
|
|
408
|
+
echo "=== Scripts ==="
|
|
409
|
+
cat package.json | grep -oE '"(dev|build|start|electron|tauri|package|release|deploy)[^"]*"' 2>/dev/null
|
|
410
|
+
fi
|
|
411
|
+
|
|
412
|
+
# ── Game engine detection ──
|
|
413
|
+
find . -maxdepth 2 -name "*.uproject" -o -name "ProjectSettings" -o -name "*.godot" 2>/dev/null
|
|
414
|
+
|
|
415
|
+
# ── C/C++ detection ──
|
|
416
|
+
find . -maxdepth 2 -name "CMakeLists.txt" -o -name "*.sln" -o -name "*.vcxproj" 2>/dev/null
|
|
417
|
+
|
|
418
|
+
# ── Embedded detection ──
|
|
419
|
+
ls platformio.ini sdkconfig prj.conf 2>/dev/null
|
|
420
|
+
find . -maxdepth 3 -name "*.ino" -o -name "sdkconfig" 2>/dev/null
|
|
421
|
+
|
|
422
|
+
# ── Plugin detection ──
|
|
423
|
+
ls manifest.json content.js background.js popup.html 2>/dev/null
|
|
424
|
+
|
|
425
|
+
# ── HarmonyOS detection ──
|
|
426
|
+
ls oh-package.json5 module.json5 2>/dev/null
|
|
427
|
+
|
|
428
|
+
# ── Environment variables ──
|
|
429
|
+
ls .env .env.* .env.example 2>/dev/null
|
|
430
|
+
|
|
431
|
+
# ── Code volume estimate ──
|
|
432
|
+
find . -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.py" -o -name "*.go" \
|
|
433
|
+
-o -name "*.rs" -o -name "*.java" -o -name "*.kt" -o -name "*.swift" -o -name "*.dart" \
|
|
434
|
+
-o -name "*.cpp" -o -name "*.c" -o -name "*.cs" -o -name "*.ets" 2>/dev/null \
|
|
435
|
+
| grep -v node_modules | grep -v .git | wc -l
|
|
436
|
+
```
|
|
437
|
+
|
|
438
|
+
---
|
|
439
|
+
|
|
440
|
+
# Phase 2: Platform Classification
|
|
441
|
+
|
|
442
|
+
After scanning, classify the project into one or more categories:
|
|
443
|
+
|
|
444
|
+
| Category | Detection Signals | Sub-skill |
|
|
445
|
+
|----------|-------------------|-----------|
|
|
446
|
+
| **Desktop App** | Electron/Tauri/Qt/Flutter desktop | `desktop/*.md` |
|
|
447
|
+
| **Mobile App** | React Native/Flutter/Kotlin/Swift/HarmonyOS | `mobile/*.md` |
|
|
448
|
+
| **Web App** | React/Vue/Angular/Next.js/Nuxt | `web/*.md` |
|
|
449
|
+
| **Backend Service** | Express/Django/FastAPI/Gin/Spring/Axum/Laravel | `backend/*.md` |
|
|
450
|
+
| **AI/ML App** | PyTorch/TensorFlow/Transformers/Ollama | `ai/*.md` |
|
|
451
|
+
| **CLI Tool** | Command-line tool, script | `cli/python-cli.md` |
|
|
452
|
+
| **SDK/Library** | npm package, PyPI, crates.io, Maven, NuGet, Go module | `cli/sdk-library.md` |
|
|
453
|
+
| **Browser Plugin** | manifest.json + content.js | `plugins/browser-extension.md` |
|
|
454
|
+
| **IDE Plugin** | VS Code/JetBrains/WebStorm extension | `plugins/*.md` |
|
|
455
|
+
| **Embedded** | ESP32/STM32/RTOS/Linux embedded | `embedded/*.md` |
|
|
456
|
+
| **Car Software** | HarmonyOS Car/QNX/Android Automotive | `embedded/car-infotainment.md` |
|
|
457
|
+
| **Robotics** | ROS/ROS2/SLAM/navigation | `embedded/ros.md` |
|
|
458
|
+
| **Security Tool** | Pentest/vulnerability scanner/SIEM | `security/*.md` |
|
|
459
|
+
| **Docker/Container** | Dockerfile, docker-compose | `cloud/docker.md` |
|
|
460
|
+
| **Kubernetes** | K8s manifests, Helm charts | `cloud/kubernetes.md` |
|
|
461
|
+
| **CI/CD Pipeline** | GitHub Actions, GitLab CI, Jenkins | `cloud/ci-cd-pipelines.md` |
|
|
462
|
+
| **Payment System** | Stripe/Alipay/WeChat Pay/IAP | `cloud/payment-integration.md` |
|
|
463
|
+
| **Monorepo** | Multiple packages in one repo | `web/monorepo.md` |
|
|
464
|
+
| **WebAssembly** | Rust/Go/C compiled to WASM | `web/wasm.md` |
|
|
465
|
+
| **PWA** | Service Worker + Web Manifest | `web/pwa.md` |
|
|
466
|
+
| **Serverless/Edge** | Lambda/CF Workers/Vercel Functions | `web/serverless-edge.md` |
|
|
467
|
+
| **VR/AR** | Meta Quest/Vision Pro/SteamVR | `desktop/vr-ar.md` |
|
|
468
|
+
| **Wearable** | watchOS/Wear OS/Galaxy Watch | `mobile/wearables.md` |
|
|
469
|
+
| **Smart Platform** | Android TV/tvOS/webOS/Tizen/CarPlay | `desktop/smart-platforms.md` |
|
|
470
|
+
| **Cross-Platform** | .NET MAUI / Kotlin Multiplatform | `cross-platform/multiplatform.md` |
|
|
471
|
+
|
|
472
|
+
If the project spans multiple categories (e.g., desktop + mobile + backend), dispatch to each corresponding sub-skill separately.
|
|
473
|
+
|
|
474
|
+
---
|
|
475
|
+
|
|
476
|
+
# Phase 3: Complexity Assessment
|
|
477
|
+
|
|
478
|
+
## L1 — Simple Tool (1–2 hours)
|
|
479
|
+
- Pure frontend or simple full-stack
|
|
480
|
+
- No native modules
|
|
481
|
+
- < 50 source files
|
|
482
|
+
- No database or localStorage only
|
|
483
|
+
- **Typical**: Calculator, Markdown editor, Pomodoro timer, simple notes, bookmark tool
|
|
484
|
+
- **Strategy**: Standard template, no customization needed
|
|
485
|
+
|
|
486
|
+
## L2 — Standard Application (4–8 hours)
|
|
487
|
+
- Full-stack (frontend + backend + database)
|
|
488
|
+
- Native modules or external APIs present
|
|
489
|
+
- 50–500 source files
|
|
490
|
+
- Complex state management
|
|
491
|
+
- **Typical**: AI chatbot, project manager, data dashboard, local ERP, API debugger, IoT panel, IM client, SaaS desktop, DB manager
|
|
492
|
+
- **Strategy**: Path adaptation, image embedding, source encryption
|
|
493
|
+
|
|
494
|
+
## L3 — Complex Application (1–5 days)
|
|
495
|
+
- Multi-module architecture (plugin system, extension system)
|
|
496
|
+
- Realtime communication (WebSocket, MQTT, WebRTC)
|
|
497
|
+
- Multiple databases
|
|
498
|
+
- GPU acceleration or audio/video processing
|
|
499
|
+
- 500+ source files
|
|
500
|
+
- **Typical**: IDE, video editor, design tool, full ERP, quantitative trading platform, indie game, HarmonyOS app, car infotainment
|
|
501
|
+
- **Strategy**: Deep architecture adaptation, process isolation, performance optimization
|
|
502
|
+
|
|
503
|
+
---
|
|
504
|
+
|
|
505
|
+
# Phase 4: Competitive Benchmarking
|
|
506
|
+
|
|
507
|
+
Present similar products and their packaging approaches to help the user decide.
|
|
508
|
+
|
|
509
|
+
| Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
|
|
510
|
+
|----------|------------------|---------------|-------------------|-------------|
|
|
511
|
+
| AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
|
|
512
|
+
| Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
|
|
513
|
+
| ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
|
|
514
|
+
| Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
|
|
515
|
+
| IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
|
|
516
|
+
| IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
|
|
517
|
+
| SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
|
|
518
|
+
| Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
|
|
519
|
+
| Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
|
|
520
|
+
| Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
|
|
521
|
+
|
|
522
|
+
---
|
|
523
|
+
|
|
524
|
+
# Phase 5: Recommendation & Confirmation
|
|
525
|
+
|
|
526
|
+
> **Note**: Platform decision (Q5), info collection (Q6-Q14), and all user-facing questions are now handled in **Step 2: Unified User Intake** above. This phase focuses ONLY on presenting recommendations after the intake is complete.
|
|
527
|
+
|
|
528
|
+
Based on the user's answers in Step 2, present:
|
|
529
|
+
|
|
530
|
+
1. **Primary recommendation** — the best approach with clear reasoning
|
|
531
|
+
2. **2-3 alternatives** — with trade-offs explained
|
|
532
|
+
3. **Size estimate** — expected package size for the chosen approach
|
|
533
|
+
4. **Reference products** — similar apps that use the same approach
|
|
534
|
+
|
|
535
|
+
| Scenario | Recommended Stack | Package Method | Reference Products | Typical Size |
|
|
536
|
+
|----------|------------------|---------------|-------------------|-------------|
|
|
537
|
+
| AI Chatbot | React + Express + SQLite | Electron | Claude Desktop, ChatGPT Desktop | 130-180MB |
|
|
538
|
+
| Cloud Monitor | Vue/React + Go/Rust | Electron/Tauri | AWS Console, Portainer | 100-150MB |
|
|
539
|
+
| ERP/OA | Vue/React + Java/Go/Node | Electron | Kingdee, Yonyou | 150-200MB |
|
|
540
|
+
| Quantitative Trading | React + Python/C++ | Electron | JoinQuant, QMT | 100-200MB |
|
|
541
|
+
| IoT Panel | Vue + Go/MQTT | Tauri/Electron | Tuya Smart, Home Assistant | 50-100MB |
|
|
542
|
+
| IM Client | React + Go/Rust | Electron/Tauri | Feishu, Telegram Desktop | 100-200MB |
|
|
543
|
+
| SaaS Desktop | React/Vue + Backend API | Electron/Tauri | Notion, Linear | 100-150MB |
|
|
544
|
+
| Database Tool | React + Go/Rust | Electron/Tauri | Navicat, DBeaver | 100-200MB |
|
|
545
|
+
| Note App | React + SQLite | Electron/Tauri | Obsidian, Logseq | 100-150MB |
|
|
546
|
+
| Indie Game | Unity/Godot | Engine Built-in | Stardew Valley, Hollow Knight | 200-500MB |
|
|
547
|
+
|
|
548
|
+
Present the confirmation summary (from Step 2 Part D) and wait for user approval before proceeding.
|
|
549
|
+
|
|
550
|
+
---
|
|
551
|
+
|
|
552
|
+
# Phase 6: Dispatch to Sub-skill
|
|
553
|
+
|
|
554
|
+
| User Choice | Sub-skill to Dispatch |
|
|
555
|
+
|------------|----------------------|
|
|
556
|
+
| Electron | `desktop/electron.md` |
|
|
557
|
+
| Tauri 2.0 | `desktop/tauri.md` |
|
|
558
|
+
| Game (Unity/Godot/Unreal) | `desktop/game-dev.md` |
|
|
559
|
+
| VR/AR (Meta Quest/Vision Pro) | `desktop/vr-ar.md` |
|
|
560
|
+
| Smart TV/Car/RPi | `desktop/smart-platforms.md` |
|
|
561
|
+
| Qt / Flutter / .NET | `desktop/native-app.md` |
|
|
562
|
+
| Pake / Neutralinojs | `desktop/web-to-desktop.md` |
|
|
563
|
+
| Android | `mobile/android.md` |
|
|
564
|
+
| iOS/iPadOS | `mobile/ios.md` |
|
|
565
|
+
| HarmonyOS | `mobile/harmonyos.md` |
|
|
566
|
+
| Flutter Mobile | `mobile/flutter-mobile.md` |
|
|
567
|
+
| React Native | `mobile/react-native.md` |
|
|
568
|
+
| Capacitor | `mobile/capacitor.md` |
|
|
569
|
+
| Wearable (watchOS/Wear OS) | `mobile/wearables.md` |
|
|
570
|
+
| SPA (React/Vue) | `web/spa.md` |
|
|
571
|
+
| SSR (Next.js/Nuxt) | `web/ssr.md` |
|
|
572
|
+
| PWA | `web/pwa.md` |
|
|
573
|
+
| Serverless / Edge | `web/serverless-edge.md` |
|
|
574
|
+
| Monorepo (Turborepo/Nx) | `web/monorepo.md` |
|
|
575
|
+
| WebAssembly (WASM) | `web/wasm.md` |
|
|
576
|
+
| Node.js Backend | `backend/node-server.md` |
|
|
577
|
+
| Python Backend | `backend/python-server.md` |
|
|
578
|
+
| Go Backend | `backend/go-server.md` |
|
|
579
|
+
| Rust Backend (Axum/Actix) | `backend/rust-backend.md` |
|
|
580
|
+
| Java/Spring Boot | `backend/java-spring.md` |
|
|
581
|
+
| PHP/Laravel | `backend/php-laravel.md` |
|
|
582
|
+
| Python ML | `ai/python-ml.md` |
|
|
583
|
+
| Local LLM | `ai/local-llm.md` |
|
|
584
|
+
| Python CLI | `cli/python-cli.md` |
|
|
585
|
+
| SDK / Library (npm/PyPI/crates.io/Maven/NuGet) | `cli/sdk-library.md` |
|
|
586
|
+
| Browser Extension | `plugins/browser-extension.md` |
|
|
587
|
+
| VS Code Extension | `plugins/vscode-extension.md` |
|
|
588
|
+
| JetBrains Plugin | `plugins/jetbrains-plugin.md` |
|
|
589
|
+
| ESP32 | `embedded/esp32.md` |
|
|
590
|
+
| STM32 | `embedded/stm32.md` |
|
|
591
|
+
| ROS/ROS2 | `embedded/ros.md` |
|
|
592
|
+
| Car Infotainment | `embedded/car-infotainment.md` |
|
|
593
|
+
| Security Tools | `security/security-tools.md` |
|
|
594
|
+
| Docker | `cloud/docker.md` |
|
|
595
|
+
| Kubernetes / Helm | `cloud/kubernetes.md` |
|
|
596
|
+
| CI/CD Pipeline | `cloud/ci-cd-pipelines.md` |
|
|
597
|
+
| Payment Integration | `cloud/payment-integration.md` |
|
|
598
|
+
| .NET MAUI | `cross-platform/multiplatform.md` |
|
|
599
|
+
| Kotlin Multiplatform | `cross-platform/multiplatform.md` |
|
|
600
|
+
| Compose Multiplatform | `cross-platform/multiplatform.md` |
|
|
601
|
+
|
|
602
|
+
## Deviation Threshold
|
|
603
|
+
|
|
604
|
+
The AI may deviate from the sub-skill document by **≤15%** during execution. Deviations exceeding 15% must be explained to the user and require explicit approval.
|
|
605
|
+
|
|
606
|
+
---
|
|
607
|
+
|
|
608
|
+
# Phase 7: Mandatory Audit
|
|
609
|
+
|
|
610
|
+
After packaging is complete, the AI **MUST** load and execute `audit.md`. The audit cannot be skipped under any circumstances.
|
|
611
|
+
|
|
612
|
+
---
|
|
613
|
+
|
|
614
|
+
# Phase 8: Final Output
|
|
615
|
+
|
|
616
|
+
```
|
|
617
|
+
═══════════════════════════════════════════════
|
|
618
|
+
BUILD REPORT
|
|
619
|
+
═══════════════════════════════════════════════
|
|
620
|
+
|
|
621
|
+
[TECH STACK]
|
|
622
|
+
Framework: [Electron / Tauri / ...]
|
|
623
|
+
Frontend: [React + Vite / ...]
|
|
624
|
+
Backend: [Express + SQLite / ...]
|
|
625
|
+
Build: [esbuild / cargo / ...]
|
|
626
|
+
|
|
627
|
+
[PACKAGE INFO]
|
|
628
|
+
Filename: [AppName-Setup-1.0.0.exe]
|
|
629
|
+
Size: [XXX MB]
|
|
630
|
+
Platform: [Windows x64 / ...]
|
|
631
|
+
|
|
632
|
+
[FILE ARCHITECTURE]
|
|
633
|
+
[key directory structure]
|
|
634
|
+
|
|
635
|
+
[SECURITY]
|
|
636
|
+
Encryption: [AES-256-CBC + obfuscation + image embedding]
|
|
637
|
+
Decryption: [server-side automatic]
|
|
638
|
+
|
|
639
|
+
[AUDIT RESULTS]
|
|
640
|
+
✅ Package valid and installable
|
|
641
|
+
✅ App launches without errors
|
|
642
|
+
✅ Data persistence works
|
|
643
|
+
✅ No credential leaks
|
|
644
|
+
✅ No residual build artifacts
|
|
645
|
+
✅ All user requirements met
|
|
646
|
+
|
|
647
|
+
[PACKAGE LOCATION]
|
|
648
|
+
[absolute path]
|
|
649
|
+
═══════════════════════════════════════════════
|
|
650
|
+
```
|
|
651
|
+
|
|
652
|
+
---
|
|
653
|
+
---
|
|
654
|
+
|
|
655
|
+
# Appendix: Best Practices & Common Mistakes
|
|
656
|
+
|
|
657
|
+
## Common Mistakes (from Industry Survey)
|
|
658
|
+
|
|
659
|
+
1. **Not code-signing binaries** — macOS Gatekeeper and Windows SmartScreen will block unsigned apps. Always sign with a valid certificate.
|
|
660
|
+
2. **Hardcoding paths** — Use platform APIs (`app.getPath()`, `XDG_*` env vars) instead of absolute paths.
|
|
661
|
+
3. **Bundling node_modules wholesale** — Use ASAR, tree-shaking, and exclude dev dependencies.
|
|
662
|
+
4. **Ignoring platform-specific behavior** — Line endings, path separators, case sensitivity, default shell differences.
|
|
663
|
+
5. **Not testing the packaged build** — Always test on a clean VM without dev tools installed.
|
|
664
|
+
6. **Missing/broken auto-update** — Implement from day one using `electron-updater` or equivalent.
|
|
665
|
+
7. **ASAR integrity issue** — Native modules (better-sqlite3, sharp) must be in `asarUnpack`.
|
|
666
|
+
8. **Not handling first-run** — Create default config/data directories, handle missing files gracefully.
|
|
667
|
+
9. **Over-bundling** — Include only target-platform binaries, not all platforms.
|
|
668
|
+
10. **Insufficient production logging** — Use crash reporter (Sentry, electron-log) for debugging.
|
|
669
|
+
|
|
670
|
+
## Best Practices (2025-2026)
|
|
671
|
+
|
|
672
|
+
| Practice | Description |
|
|
673
|
+
|----------|-------------|
|
|
674
|
+
| **Code signing** | macOS: Developer ID + notarization. Windows: EV/OV certificate. Linux: GPG signing. |
|
|
675
|
+
| **ASAR bundling** | Protect source code, simplify file layout. Configure `asarUnpack` for native modules. |
|
|
676
|
+
| **Auto-update from day one** | `electron-updater` (electron-builder) or `autoUpdater` (electron-forge). Use GitHub Releases or custom server. |
|
|
677
|
+
| **Test on clean machines** | Fresh VM without dev tools catches missing runtime dependencies. |
|
|
678
|
+
| **Separate main/renderer processes** | Heavy computation in main or utility process. Keep renderer free for UI. |
|
|
679
|
+
| **Minimize bundle size** | Tree-shaking, exclude dev deps, compress assets, minimize native modules. |
|
|
680
|
+
| **Handle permissions/sandboxing** | macOS: entitlements. Windows: UAC. Linux: Flatpak portals. |
|
|
681
|
+
| **Provide uninstallers** | NSIS: configure `deleteAppDataOnUninstall`. MSIX: auto-uninstall. AppImage: document removal. |
|
|
682
|
+
| **Use CI/CD** | GitHub Actions/Azure Pipelines. Build on each platform natively. |
|
|
683
|
+
| **Version lock packaging tools** | Pin electron-builder/forge/tauri-cli versions to avoid surprise breakage. |
|
|
684
|
+
| **Include crash reporter** | `@sentry/electron` or `electron-log` for production error tracking. |
|
|
685
|
+
|
|
686
|
+
## Framework Version Reference (2025-2026)
|
|
687
|
+
|
|
688
|
+
| Framework | Version | Key Features |
|
|
689
|
+
|-----------|---------|-------------|
|
|
690
|
+
| Electron | 43.x | Chromium 150, Node.js 24, clipboard removed from renderer (v44), 32-bit dropped (v44) |
|
|
691
|
+
| electron-builder | 26.x | YAML/JSON config, NSIS/MSI/AppImage/DMG (compatible with Electron 43) |
|
|
692
|
+
| electron-forge | 7.x | Official Electron team recommendation, plugin architecture |
|
|
693
|
+
| electron-updater | 6.x | Auto-update with differential downloads |
|
|
694
|
+
| Tauri | 2.11.x | Mobile (iOS/Android) stable, Rust backend, 2-6MB bundles |
|
|
695
|
+
| Node.js | 26.x LTS / 22.x LTS | require(esm) default (v23+), Temporal API (v26), Undici 8 |
|
|
696
|
+
| Vite | 8.x | Latest build tool (verify plugin compatibility for v7/v8 migrations) |
|
|
697
|
+
| Next.js | 16.x | App Router, RSC, standalone output |
|
|
698
|
+
| React Native | 0.86.x | New Architecture default, Hermes engine |
|
|
699
|
+
| Flutter | 3.44.x / Dart 3.12 | Impeller renderer default, desktop GA, WebAssembly support |
|
|
700
|
+
| Go | 1.26.x | Latest stable (check stdlib breaking changes) |
|
|
701
|
+
| Spring Boot | 3.5.x | GraalVM native image improvements |
|
|
702
|
+
| Capacitor | 8.x | Web → mobile bridge (verify config format changes from v6) |
|
|
703
|
+
| Wails | 2.10.x | Go backend, v3 beta available |
|
|
704
|
+
| Neutralinojs | 5.6.x | 1-3MB binaries, minimal footprint |
|
|
705
|
+
| Dioxus | 0.6.x | React-like Rust UI, pre-1.0 |
|
|
706
|
+
| Pake/PakePlus | 2.7.x | Rust+Tauri wrapper, 3-10MB |
|
|
707
|
+
|
|
708
|
+
## electron-builder vs electron-forge
|
|
709
|
+
|
|
710
|
+
| Aspect | electron-builder (26.x) | electron-forge (7.x) |
|
|
711
|
+
|--------|------------------------|---------------------|
|
|
712
|
+
| Config | YAML/JSON/JS | forge.config.js (JS/TS) |
|
|
713
|
+
| Output | NSIS, MSI, AppImage, DMG, DEB, RPM, Snap, Flatpak | DMG, ZIP, Squirrel, DEB, RPM, Snap, Flatpak, MSI, AppX, MSIX |
|
|
714
|
+
| Plugin system | Limited (custom afterPack) | Rich plugin architecture |
|
|
715
|
+
| Community | Very mature, widely used | Official Electron team recommendation |
|
|
716
|
+
| Code signing | Good, manual macOS notarization tweaks | Tight integration with osxSign/osxNotarize |
|
|
717
|
+
| Auto-update | electron-updater (built-in) | @electron/update-electron-app |
|
|
718
|
+
| **When to prefer** | Complex packaging rules, existing projects | New projects, first-party support |
|
|
719
|
+
|