theslopmachine 0.6.2 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/MANUAL.md +21 -6
- package/README.md +55 -7
- package/RELEASE.md +16 -1
- package/assets/agents/developer.md +41 -1
- package/assets/agents/slopmachine-claude.md +101 -60
- package/assets/agents/slopmachine.md +40 -17
- package/assets/claude/agents/developer.md +42 -5
- package/assets/skills/clarification-gate/SKILL.md +25 -5
- package/assets/skills/claude-worker-management/SKILL.md +290 -57
- package/assets/skills/developer-session-lifecycle/SKILL.md +83 -38
- package/assets/skills/development-guidance/SKILL.md +21 -1
- package/assets/skills/evaluation-triage/SKILL.md +34 -23
- package/assets/skills/final-evaluation-orchestration/SKILL.md +88 -50
- package/assets/skills/hardening-gate/SKILL.md +17 -3
- package/assets/skills/integrated-verification/SKILL.md +3 -3
- package/assets/skills/planning-gate/SKILL.md +32 -3
- package/assets/skills/planning-guidance/SKILL.md +72 -13
- package/assets/skills/retrospective-analysis/SKILL.md +2 -2
- package/assets/skills/scaffold-guidance/SKILL.md +129 -124
- package/assets/skills/submission-packaging/SKILL.md +33 -27
- package/assets/skills/verification-gates/SKILL.md +44 -14
- package/assets/slopmachine/backend-evaluation-prompt.md +1 -1
- package/assets/slopmachine/frontend-evaluation-prompt.md +5 -5
- package/assets/slopmachine/scaffold-playbooks/android-kotlin-compose.md +81 -0
- package/assets/slopmachine/scaffold-playbooks/android-kotlin-views.md +191 -0
- package/assets/slopmachine/scaffold-playbooks/android-native-java.md +203 -0
- package/assets/slopmachine/scaffold-playbooks/angular-default.md +181 -0
- package/assets/slopmachine/scaffold-playbooks/backend-baseline.md +142 -0
- package/assets/slopmachine/scaffold-playbooks/backend-family-matrix.md +80 -0
- package/assets/slopmachine/scaffold-playbooks/database-module-matrix.md +80 -0
- package/assets/slopmachine/scaffold-playbooks/django-default.md +166 -0
- package/assets/slopmachine/scaffold-playbooks/docker-baseline.md +189 -0
- package/assets/slopmachine/scaffold-playbooks/docker-shared-contract.md +334 -0
- package/assets/slopmachine/scaffold-playbooks/electron-vite-default.md +124 -0
- package/assets/slopmachine/scaffold-playbooks/expo-react-native-default.md +73 -0
- package/assets/slopmachine/scaffold-playbooks/fastapi-default.md +134 -0
- package/assets/slopmachine/scaffold-playbooks/frontend-baseline.md +160 -0
- package/assets/slopmachine/scaffold-playbooks/frontend-family-matrix.md +134 -0
- package/assets/slopmachine/scaffold-playbooks/generic-unknown-tech-guide.md +136 -0
- package/assets/slopmachine/scaffold-playbooks/go-chi-default.md +160 -0
- package/assets/slopmachine/scaffold-playbooks/ios-linux-portable.md +93 -0
- package/assets/slopmachine/scaffold-playbooks/ios-native-objective-c.md +151 -0
- package/assets/slopmachine/scaffold-playbooks/ios-native-swift.md +188 -0
- package/assets/slopmachine/scaffold-playbooks/laravel-default.md +216 -0
- package/assets/slopmachine/scaffold-playbooks/livewire-default.md +265 -0
- package/assets/slopmachine/scaffold-playbooks/overlay-module-matrix.md +130 -0
- package/assets/slopmachine/scaffold-playbooks/platform-family-matrix.md +79 -0
- package/assets/slopmachine/scaffold-playbooks/selection-matrix.md +72 -0
- package/assets/slopmachine/scaffold-playbooks/spring-boot-default.md +182 -0
- package/assets/slopmachine/scaffold-playbooks/tauri-default.md +80 -0
- package/assets/slopmachine/scaffold-playbooks/vue-vite-default.md +162 -0
- package/assets/slopmachine/scaffold-playbooks/web-default.md +96 -0
- package/assets/slopmachine/templates/AGENTS.md +41 -3
- package/assets/slopmachine/templates/CLAUDE.md +111 -0
- package/assets/slopmachine/test-coverage-prompt.md +561 -0
- package/assets/slopmachine/utils/claude_create_session.mjs +3 -2
- package/assets/slopmachine/utils/claude_live_channel.mjs +188 -0
- package/assets/slopmachine/utils/claude_live_common.mjs +411 -0
- package/assets/slopmachine/utils/claude_live_hook.py +47 -0
- package/assets/slopmachine/utils/claude_live_launch.mjs +187 -0
- package/assets/slopmachine/utils/claude_live_status.mjs +25 -0
- package/assets/slopmachine/utils/claude_live_stop.mjs +46 -0
- package/assets/slopmachine/utils/claude_live_turn.mjs +277 -0
- package/assets/slopmachine/utils/claude_resume_session.mjs +3 -2
- package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.mjs +23 -0
- package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.sh +5 -0
- package/assets/slopmachine/utils/claude_worker_common.mjs +361 -4
- package/assets/slopmachine/utils/cleanup_delivery_artifacts.py +4 -0
- package/assets/slopmachine/utils/export_ai_session.mjs +1 -1
- package/assets/slopmachine/utils/normalize_claude_session.py +153 -0
- package/assets/slopmachine/utils/package_claude_session.mjs +123 -0
- package/assets/slopmachine/utils/prepare_strict_audit_workspace.mjs +65 -0
- package/package.json +1 -1
- package/src/constants.js +42 -3
- package/src/init.js +173 -28
- package/src/install.js +156 -8
- package/src/send-data.js +56 -57
|
@@ -0,0 +1,334 @@
|
|
|
1
|
+
# Docker Shared Contract For Scaffold Families
|
|
2
|
+
|
|
3
|
+
This document defines the **shared Docker contract** that every scaffold family must satisfy.
|
|
4
|
+
|
|
5
|
+
It is **not** one universal `compose.yaml`. Different scaffold families may need different service graphs, images, profiles, and host helpers. The shared requirement is that every scaffold exposes the same **honest, reusable contract surface** to owners and developers.
|
|
6
|
+
|
|
7
|
+
Applies to:
|
|
8
|
+
|
|
9
|
+
- web scaffolds
|
|
10
|
+
- backend/API scaffolds
|
|
11
|
+
- Android scaffolds
|
|
12
|
+
- iOS-on-Linux scaffolds
|
|
13
|
+
- desktop scaffolds
|
|
14
|
+
|
|
15
|
+
## Core contract
|
|
16
|
+
|
|
17
|
+
Every scaffold family must provide and document these two commands:
|
|
18
|
+
|
|
19
|
+
- `docker compose up --build`
|
|
20
|
+
- `./run_tests.sh`
|
|
21
|
+
|
|
22
|
+
Those commands must be:
|
|
23
|
+
|
|
24
|
+
- real
|
|
25
|
+
- repeatable
|
|
26
|
+
- containerized
|
|
27
|
+
- documented in `README.md`
|
|
28
|
+
- honest about what they do and do **not** prove
|
|
29
|
+
|
|
30
|
+
Recommended automation/readiness variant:
|
|
31
|
+
|
|
32
|
+
- `docker compose up --build --wait`
|
|
33
|
+
|
|
34
|
+
The required user-facing runtime command remains:
|
|
35
|
+
|
|
36
|
+
- `docker compose up --build`
|
|
37
|
+
|
|
38
|
+
## What `docker compose up --build` must prove
|
|
39
|
+
|
|
40
|
+
`docker compose up --build` must prove that the scaffold's primary Docker-backed baseline is wired correctly.
|
|
41
|
+
|
|
42
|
+
That proof differs by family, but it must always be **meaningful**:
|
|
43
|
+
|
|
44
|
+
- **web/backend:** a real long-running runtime becomes healthy and reachable through the intended edge surface
|
|
45
|
+
- **Android:** a real containerized build/support environment works, and any claimed preview/dev/support service becomes healthy
|
|
46
|
+
- **iOS-on-Linux:** a real Linux-verifiable build/export/support path works without pretending to prove native Xcode runtime
|
|
47
|
+
- **desktop:** a real containerized build/package/smoke path works without pretending Docker proves a native interactive desktop session by itself
|
|
48
|
+
|
|
49
|
+
At minimum, `docker compose up --build` must prove all of the following:
|
|
50
|
+
|
|
51
|
+
- images build from source in the repo
|
|
52
|
+
- declared runtime or support services start without hidden host setup
|
|
53
|
+
- readiness can be observed through healthchecks, predictable logs, or explicit successful artifact production
|
|
54
|
+
- the stack reaches a meaningful healthy state without manual container surgery
|
|
55
|
+
- rerunning the command is predictably convergent
|
|
56
|
+
|
|
57
|
+
`docker compose up --build` does **not** need to prove full product completion. It **does** need to prove that the baseline scaffold is operational and honest.
|
|
58
|
+
|
|
59
|
+
## What `./run_tests.sh` must prove
|
|
60
|
+
|
|
61
|
+
`./run_tests.sh` owns the **broad portable verification path**.
|
|
62
|
+
|
|
63
|
+
It must prove that the scaffold can be verified from a clean-enough developer or CI environment without relying on undocumented host tools beyond Docker and the documented baseline prerequisites.
|
|
64
|
+
|
|
65
|
+
`./run_tests.sh` should, as appropriate for the family:
|
|
66
|
+
|
|
67
|
+
- build or reuse the Compose images
|
|
68
|
+
- start any required services with Compose
|
|
69
|
+
- wait for real readiness
|
|
70
|
+
- run the scaffold's minimum real tests
|
|
71
|
+
- run smoke checks against the actual baseline contract
|
|
72
|
+
- clean up one-off test containers and temporary runtime state
|
|
73
|
+
|
|
74
|
+
`./run_tests.sh` must not be a fake wrapper that only prints TODOs, only runs lint when runtime proof is expected, or silently skips the meaningful part of verification.
|
|
75
|
+
|
|
76
|
+
Minimum proof by family:
|
|
77
|
+
|
|
78
|
+
- **web:** served app shell or app endpoint is reachable, plus real test/build verification
|
|
79
|
+
- **backend:** readiness endpoint and one persistence/integration-shaped path are proven, plus real tests
|
|
80
|
+
- **Android:** Linux-portable build/test path is proven, plus any claimed support service or artifact generation
|
|
81
|
+
- **iOS-on-Linux:** Linux-portable shared-code tests/typechecks/build-shape proof is real, with scope limits stated clearly
|
|
82
|
+
- **desktop:** build/package/smoke path is real, with at least one honest automated desktop-adjacent smoke proof when claimed
|
|
83
|
+
|
|
84
|
+
## Meaningful healthy state
|
|
85
|
+
|
|
86
|
+
A scaffold is in a meaningful healthy state when it has crossed from “containers started” into “baseline contract actually proven.”
|
|
87
|
+
|
|
88
|
+
Healthy state must mean one of these, depending on family:
|
|
89
|
+
|
|
90
|
+
### Runtime-serving families
|
|
91
|
+
|
|
92
|
+
For web and backend scaffolds, healthy means:
|
|
93
|
+
|
|
94
|
+
- long-running services are up
|
|
95
|
+
- dependency services are healthy first
|
|
96
|
+
- app/edge service is healthy after its dependencies
|
|
97
|
+
- the intended smoke route, readiness route, or entry surface actually responds successfully
|
|
98
|
+
- the stack is not crash-looping
|
|
99
|
+
|
|
100
|
+
### Build/support families
|
|
101
|
+
|
|
102
|
+
For Android, iOS-on-Linux, and desktop scaffolds, healthy may mean:
|
|
103
|
+
|
|
104
|
+
- a long-running support service is healthy and usable, **or**
|
|
105
|
+
- a containerized build/export/package/smoke flow completed successfully and produced the documented artifact/output, **or**
|
|
106
|
+
- both
|
|
107
|
+
|
|
108
|
+
If the family cannot honestly prove native runtime from Linux or Docker alone, the healthy state must stop at the strongest truthful boundary and document that boundary.
|
|
109
|
+
|
|
110
|
+
Healthy does **not** mean:
|
|
111
|
+
|
|
112
|
+
- container process exists but no readiness proof exists
|
|
113
|
+
- only dependencies are up while the app/tooling contract is still unusable
|
|
114
|
+
- manual shelling into containers is required to finish bootstrap
|
|
115
|
+
- the stack is “probably fine” because logs look quiet
|
|
116
|
+
|
|
117
|
+
## Loopback host binding defaults
|
|
118
|
+
|
|
119
|
+
When a service is published to the host, default to loopback-only binding:
|
|
120
|
+
|
|
121
|
+
- `127.0.0.1:HOST_PORT:CONTAINER_PORT`
|
|
122
|
+
|
|
123
|
+
Default expectations:
|
|
124
|
+
|
|
125
|
+
- prefer loopback over `0.0.0.0`
|
|
126
|
+
- prefer one edge-facing published service when an edge exists
|
|
127
|
+
- prefer high or automatically assigned local ports to reduce collisions
|
|
128
|
+
- if no host-facing service is needed, publish **no** ports
|
|
129
|
+
|
|
130
|
+
Deviations from loopback-only defaults must be intentional and disclosed in `README.md`.
|
|
131
|
+
|
|
132
|
+
## Port exposure rules
|
|
133
|
+
|
|
134
|
+
- publish only the minimum host surface required for the scaffold's honest baseline
|
|
135
|
+
- use `expose` for internal-only services
|
|
136
|
+
- databases, workers, and internal APIs should stay off the host unless the prompt explicitly requires host access
|
|
137
|
+
- Android/iOS-on-Linux/desktop scaffolds may publish zero host ports when the Docker path is build/support oriented rather than user-runtime oriented
|
|
138
|
+
- if multiple published ports are necessary, `README.md` must explain why each exists
|
|
139
|
+
|
|
140
|
+
The default posture is: **minimal, loopback-bound, owner-readable exposure**.
|
|
141
|
+
|
|
142
|
+
## Healthchecks and readiness rules
|
|
143
|
+
|
|
144
|
+
Every long-running service that matters to the baseline must have a real readiness strategy.
|
|
145
|
+
|
|
146
|
+
Preferred rules:
|
|
147
|
+
|
|
148
|
+
- use Compose healthchecks for long-running services
|
|
149
|
+
- use native readiness commands for infrastructure services when available (`pg_isready`, `mysqladmin ping`, etc.)
|
|
150
|
+
- use in-container localhost readiness endpoints or commands for app services
|
|
151
|
+
- gate dependent services with health-based readiness, not arbitrary sleep loops
|
|
152
|
+
- use `docker compose up --build --wait` in automation when available
|
|
153
|
+
|
|
154
|
+
Readiness must be tied to actual usefulness:
|
|
155
|
+
|
|
156
|
+
- a backend readiness check should verify critical dependencies it claims are required
|
|
157
|
+
- a web edge readiness check should confirm the served surface is actually available
|
|
158
|
+
- a support service readiness check should confirm the advertised support function is actually usable
|
|
159
|
+
|
|
160
|
+
If a family relies on a one-shot build/export container instead of a long-running service, the success condition must be explicit and documented:
|
|
161
|
+
|
|
162
|
+
- expected artifact path
|
|
163
|
+
- expected exit status
|
|
164
|
+
- expected follow-up smoke proof, if any
|
|
165
|
+
|
|
166
|
+
## Cache and volume strategy
|
|
167
|
+
|
|
168
|
+
Use caches and volumes to make reruns materially faster without hiding state in surprising places.
|
|
169
|
+
|
|
170
|
+
Rules:
|
|
171
|
+
|
|
172
|
+
- use **named volumes** for mutable runtime state that should survive container replacement
|
|
173
|
+
- use **BuildKit cache mounts** for package-manager and compiler caches when supported
|
|
174
|
+
- keep disposable test containers stateless by default
|
|
175
|
+
- do not require developers to manually pre-create cache directories
|
|
176
|
+
- do not make ordinary reruns depend on bind-mounted host cache internals
|
|
177
|
+
|
|
178
|
+
Good default uses for named volumes:
|
|
179
|
+
|
|
180
|
+
- database data
|
|
181
|
+
- generated local-only runtime config or bootstrap state
|
|
182
|
+
- tool caches that are intentionally persisted across runs and clearly documented
|
|
183
|
+
|
|
184
|
+
Avoid by default:
|
|
185
|
+
|
|
186
|
+
- bind-mounting whole home directories
|
|
187
|
+
- bind-mounting package-manager caches as the main scaffold strategy
|
|
188
|
+
- persisting everything just to mask slow builds
|
|
189
|
+
|
|
190
|
+
## BuildKit and cache-mount guidance
|
|
191
|
+
|
|
192
|
+
Dockerfiles should be written to reward reruns.
|
|
193
|
+
|
|
194
|
+
Preferred guidance:
|
|
195
|
+
|
|
196
|
+
- copy dependency manifests before copying full source trees
|
|
197
|
+
- use slim official base images unless the platform genuinely needs something heavier
|
|
198
|
+
- enable BuildKit-friendly layers and cache mounts for package managers and build tools
|
|
199
|
+
- keep image stages single-purpose and deterministic
|
|
200
|
+
- avoid invalidating heavy dependency layers for every source edit
|
|
201
|
+
|
|
202
|
+
Typical cache-mount examples include:
|
|
203
|
+
|
|
204
|
+
- npm/pnpm/yarn caches
|
|
205
|
+
- pip/uv caches
|
|
206
|
+
- Gradle caches
|
|
207
|
+
- Cargo registry/target caches when appropriate
|
|
208
|
+
- compiler/build caches where they are stable and worth persisting
|
|
209
|
+
|
|
210
|
+
The contract goal is qualitative:
|
|
211
|
+
|
|
212
|
+
- first run may be heavier
|
|
213
|
+
- reruns should be materially faster
|
|
214
|
+
- reruns should not look like full clean-room rebuilds unless the user explicitly asked for that
|
|
215
|
+
|
|
216
|
+
## No `.env` policy
|
|
217
|
+
|
|
218
|
+
Baseline scaffolds must not depend on a checked-in `.env` or hidden env-file workflow.
|
|
219
|
+
|
|
220
|
+
Required stance:
|
|
221
|
+
|
|
222
|
+
- no committed `.env`
|
|
223
|
+
- no required manual `cp .env.example .env` step just to make the scaffold baseline work
|
|
224
|
+
- no hidden reliance on developer shell exports that are not documented
|
|
225
|
+
|
|
226
|
+
If configuration is needed, prefer:
|
|
227
|
+
|
|
228
|
+
- safe local defaults in Compose for non-sensitive values
|
|
229
|
+
- generated ignored config files
|
|
230
|
+
- mounted secret files
|
|
231
|
+
- Docker-managed volumes for runtime-generated local bootstrap state
|
|
232
|
+
- external overrides for non-baseline environments
|
|
233
|
+
|
|
234
|
+
## Secret and bootstrap policy
|
|
235
|
+
|
|
236
|
+
Secrets and bootstrap inputs must be explicit, non-magical, and safe.
|
|
237
|
+
|
|
238
|
+
Rules:
|
|
239
|
+
|
|
240
|
+
- never bake real secrets into images, Compose files, or the repo
|
|
241
|
+
- never require undocumented host-side secret setup for the baseline local path
|
|
242
|
+
- local bootstrap must generate any required local-only runtime values into ignored paths or Docker-managed runtime state instead of pre-seeding placeholder literals into tracked files
|
|
243
|
+
- production or shared-environment secrets must come from external secret stores, CI injection, ignored generated files, or explicit operator overrides
|
|
244
|
+
- bootstrap generation must be idempotent and predictable
|
|
245
|
+
|
|
246
|
+
Acceptable bootstrap behavior:
|
|
247
|
+
|
|
248
|
+
- generate local-only config into ignored paths or Docker-managed volumes
|
|
249
|
+
- create empty local databases or seed minimal non-sensitive baseline state
|
|
250
|
+
- generate disposable internal-network credentials at runtime when they are clearly local-only, documented, and not written into tracked files
|
|
251
|
+
|
|
252
|
+
Unacceptable bootstrap behavior:
|
|
253
|
+
|
|
254
|
+
- hidden interactive prompts during normal Compose startup
|
|
255
|
+
- writing secrets into tracked files
|
|
256
|
+
- requiring users to guess missing inputs from failures
|
|
257
|
+
|
|
258
|
+
## First-run vs rerun expectations
|
|
259
|
+
|
|
260
|
+
The contract is qualitative but strict enough to guide owner acceptance.
|
|
261
|
+
|
|
262
|
+
### First run
|
|
263
|
+
|
|
264
|
+
First run may reasonably include:
|
|
265
|
+
|
|
266
|
+
- pulling base images
|
|
267
|
+
- installing dependencies
|
|
268
|
+
- building the initial toolchain layers
|
|
269
|
+
- one-time local bootstrap generation
|
|
270
|
+
|
|
271
|
+
First run must still be:
|
|
272
|
+
|
|
273
|
+
- reasonable for a scaffold baseline
|
|
274
|
+
- visibly progressing
|
|
275
|
+
- documented if a specific platform stack is known to be heavier than usual
|
|
276
|
+
|
|
277
|
+
### Reruns
|
|
278
|
+
|
|
279
|
+
Reruns must be:
|
|
280
|
+
|
|
281
|
+
- predictably convergent
|
|
282
|
+
- materially faster than first run in ordinary cases
|
|
283
|
+
- free from repeated heavyweight bootstrap that should have been cached or persisted
|
|
284
|
+
|
|
285
|
+
## What must not happen
|
|
286
|
+
|
|
287
|
+
The shared contract forbids these failure patterns by default:
|
|
288
|
+
|
|
289
|
+
- hour-long silent hangs or long silent stalls without visible progress
|
|
290
|
+
- repeated full SDK/toolchain reinstall on ordinary reruns
|
|
291
|
+
- default clean builds on every run when cacheable layers should have been reused
|
|
292
|
+
- hidden setup steps outside documented commands
|
|
293
|
+
- hidden dependence on host-global state
|
|
294
|
+
- fake healthchecks that only prove a process exists
|
|
295
|
+
- fake `./run_tests.sh` wrappers that skip meaningful runtime/build proof
|
|
296
|
+
- crash-looping services presented as acceptable because Compose eventually started
|
|
297
|
+
- requiring owners to manually exec into containers to finish bootstrap
|
|
298
|
+
- publishing unnecessary host ports
|
|
299
|
+
- pretending Docker proves native mobile or desktop runtime when it does not
|
|
300
|
+
|
|
301
|
+
If the stack has an unavoidable expensive step, the scaffold must say so plainly and still keep reruns as efficient as reasonably possible.
|
|
302
|
+
|
|
303
|
+
## Required README disclosures
|
|
304
|
+
|
|
305
|
+
Every scaffold `README.md` must disclose the shared Docker contract in scaffold-specific terms.
|
|
306
|
+
|
|
307
|
+
At minimum, `README.md` must state:
|
|
308
|
+
|
|
309
|
+
- this is a scaffold/baseline and not full product completion
|
|
310
|
+
- what `docker compose up --build` proves for this family
|
|
311
|
+
- what `./run_tests.sh` proves for this family
|
|
312
|
+
- the expected healthy state
|
|
313
|
+
- any published host ports and why they exist
|
|
314
|
+
- loopback-only default behavior when ports are published
|
|
315
|
+
- any meaningful proof boundary Docker cannot cross for this family
|
|
316
|
+
- config/bootstrap behavior without `.env`
|
|
317
|
+
- where secrets come from in local vs non-local environments
|
|
318
|
+
- any known heavy first-run behavior worth expecting
|
|
319
|
+
- cleanup expectations if volumes or caches are intentionally retained
|
|
320
|
+
|
|
321
|
+
## Owner acceptance checklist
|
|
322
|
+
|
|
323
|
+
A scaffold family satisfies this shared contract when all of the following are true:
|
|
324
|
+
|
|
325
|
+
- `docker compose up --build` is real and meaningful
|
|
326
|
+
- `./run_tests.sh` is real and meaningful
|
|
327
|
+
- healthy state is observable and honest
|
|
328
|
+
- host exposure is minimal and loopback-bound by default
|
|
329
|
+
- readiness uses real healthchecks or explicit successful one-shot proof
|
|
330
|
+
- cache and volume strategy supports materially faster reruns
|
|
331
|
+
- the scaffold does not depend on `.env`
|
|
332
|
+
- secret/bootstrap behavior is explicit and safe
|
|
333
|
+
- the baseline does not hide setup or repeated heavyweight reinstall work
|
|
334
|
+
- `README.md` tells the truth about scope, proof, limits, and operator expectations
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
# Electron Vite Default Scaffold Playbook
|
|
2
|
+
|
|
3
|
+
Use this playbook for desktop app requests unless the prompt or existing repo clearly dictates another desktop stack.
|
|
4
|
+
|
|
5
|
+
## Goal
|
|
6
|
+
|
|
7
|
+
Create a simple Electron baseline that:
|
|
8
|
+
|
|
9
|
+
- uses Electron + Vite + TypeScript by default
|
|
10
|
+
- has an honest Linux Docker verification wrapper
|
|
11
|
+
- has a portable broad test/build wrapper
|
|
12
|
+
- wires the baseline desktop test path without pretending the product is complete
|
|
13
|
+
|
|
14
|
+
## Runtime contract
|
|
15
|
+
|
|
16
|
+
- required Docker command: `docker compose up --build`
|
|
17
|
+
- required broad test command: `./run_tests.sh`
|
|
18
|
+
- both commands must be real and working
|
|
19
|
+
- `./run_app.sh` may exist as a helper for host-side convenience, but it does not replace the required Docker baseline
|
|
20
|
+
|
|
21
|
+
## Safe default stack
|
|
22
|
+
|
|
23
|
+
- Electron
|
|
24
|
+
- Vite
|
|
25
|
+
- TypeScript
|
|
26
|
+
- selected local test runner
|
|
27
|
+
- Playwright Electron support or equivalent when UI-bearing proof is part of the baseline test shape
|
|
28
|
+
|
|
29
|
+
## Verified baseline notes
|
|
30
|
+
|
|
31
|
+
From a real lab verification on 2026-04-14:
|
|
32
|
+
|
|
33
|
+
- the official `@quick-start/electron` `vanilla-ts` bootstrap is a good starting shape, but it is interactive even when the template is passed, so scaffold automation should expect prompt handling or a follow-up hardening pass
|
|
34
|
+
- the generated starter's default dependency set did not install cleanly in this environment via plain `npm install`; the verified baseline pinned current working Electron/tooling versions and replaced the generated `@electron-toolkit` runtime helpers with a small explicit preload bridge
|
|
35
|
+
- for Linux-oriented desktop scaffold, treat `docker compose up --build` as a meaningful containerized build/package/smoke gate rather than pretending it proves a native long-running desktop runtime
|
|
36
|
+
- the practical convergence strategy was **multi-stage Docker verification**: run lint/unit/package/headless-smoke during image build, then start a tiny long-running report service from the verified artifacts so Compose can reach a stable healthy state instead of exiting immediately after a one-shot container
|
|
37
|
+
- pin the Docker toolchain explicitly (the verified lab used `node:24.13.0-bookworm-slim` plus pinned Electron/electron-vite/electron-builder/Playwright versions)
|
|
38
|
+
- keep Linux packaging at scaffold stage to `electron-builder --linux dir` so verification stays real but time-bounded
|
|
39
|
+
- use Xvfb plus Playwright's `_electron` support for the minimum real headless desktop smoke path inside Docker
|
|
40
|
+
- use BuildKit cache mounts for npm, Electron, and electron-builder caches so reruns are materially faster and avoid repeated heavyweight downloads
|
|
41
|
+
|
|
42
|
+
## Required scripts
|
|
43
|
+
|
|
44
|
+
- `docker compose up --build`
|
|
45
|
+
- `./run_tests.sh`
|
|
46
|
+
- `./run_app.sh` when useful for host-side convenience
|
|
47
|
+
|
|
48
|
+
## Preferred Docker strategy for desktop baseline
|
|
49
|
+
|
|
50
|
+
For Linux desktop scaffolds, prefer this shape unless the prompt requires something heavier:
|
|
51
|
+
|
|
52
|
+
1. **verify stage** in the Dockerfile that runs:
|
|
53
|
+
- dependency install from lockfile
|
|
54
|
+
- lint/type/unit checks as applicable
|
|
55
|
+
- `electron-vite build`
|
|
56
|
+
- `electron-builder --linux dir`
|
|
57
|
+
- one headless Electron smoke test under Xvfb
|
|
58
|
+
2. **runtime/report stage** that copies only the verified artifacts and a tiny report/health surface.
|
|
59
|
+
3. Compose service healthcheck that validates the verification summary and packaged artifact still exist.
|
|
60
|
+
4. Optional loopback-only report port if it helps operators inspect proof without shelling into the container.
|
|
61
|
+
|
|
62
|
+
This keeps `docker compose up --build` honest and reusable:
|
|
63
|
+
|
|
64
|
+
- first run may be heavier
|
|
65
|
+
- reruns should reuse cached layers/downloads
|
|
66
|
+
- Compose ends in a stable healthy service instead of an immediately exited verification container
|
|
67
|
+
- the stack does not claim Docker proves full interactive desktop runtime
|
|
68
|
+
|
|
69
|
+
## Security baseline
|
|
70
|
+
|
|
71
|
+
At scaffold, preserve the safe desktop defaults:
|
|
72
|
+
|
|
73
|
+
- `contextIsolation` on
|
|
74
|
+
- no unnecessary `nodeIntegration` in renderer
|
|
75
|
+
- preload boundary explicit
|
|
76
|
+
- prefer `sandbox` on unless the existing app or prompt explicitly requires a different choice
|
|
77
|
+
|
|
78
|
+
## Minimal real test floor
|
|
79
|
+
|
|
80
|
+
At scaffold, include at least:
|
|
81
|
+
|
|
82
|
+
- one real unit or renderer/main-process test
|
|
83
|
+
- one real build/smoke invocation in `./run_tests.sh`
|
|
84
|
+
- one honest Docker-backed runtime/build path behind `docker compose up --build`
|
|
85
|
+
- for Linux-oriented Electron baseline, prefer one pure unit test plus one headless Electron smoke test that launches the built app through Playwright under Xvfb
|
|
86
|
+
- package proof should stay at the strongest honest/time-bounded Linux checkpoint, usually `electron-builder --linux dir`
|
|
87
|
+
|
|
88
|
+
## README floor
|
|
89
|
+
|
|
90
|
+
`README.md` must already state:
|
|
91
|
+
|
|
92
|
+
- scaffold status versus implemented scope
|
|
93
|
+
- required Docker command: `docker compose up --build`
|
|
94
|
+
- broad test command: `./run_tests.sh`
|
|
95
|
+
- desktop-only scope and current proof boundary
|
|
96
|
+
- host-side helper command: `./run_app.sh` when present
|
|
97
|
+
- main process / preload / renderer layout at a high level
|
|
98
|
+
- expected healthy state after Compose converges
|
|
99
|
+
- any loopback-only port used by a report/support service and why it exists
|
|
100
|
+
- first-run versus rerun expectations when Docker caches are intentionally used
|
|
101
|
+
|
|
102
|
+
## Common pitfalls
|
|
103
|
+
|
|
104
|
+
- unsafe renderer defaults
|
|
105
|
+
- pretending scaffold proves full desktop interaction quality
|
|
106
|
+
- skipping the broad Linux build/test path
|
|
107
|
+
- leaving runtime/test commands dependent on undocumented host setup
|
|
108
|
+
- leaving the default generator dependency versions unverified
|
|
109
|
+
- making Linux packaging too heavy at scaffold time by requiring deb/snap/AppImage before the baseline is proven
|
|
110
|
+
- using a one-shot verification container as the only Compose service so `docker compose up --build` exits instead of converging to a stable healthy state
|
|
111
|
+
- forcing repeated clean installs/downloads on ordinary reruns when BuildKit cache mounts or layered installs would avoid it
|
|
112
|
+
|
|
113
|
+
## Acceptance checklist
|
|
114
|
+
|
|
115
|
+
Scaffold is acceptable when:
|
|
116
|
+
|
|
117
|
+
- `docker compose up --build` works
|
|
118
|
+
- `./run_tests.sh` works
|
|
119
|
+
- safe desktop defaults are preserved
|
|
120
|
+
- baseline desktop tests exist
|
|
121
|
+
- README is honest
|
|
122
|
+
- the Docker path proves build, unpacked Linux packaging, and one real headless Electron window smoke check
|
|
123
|
+
- the Compose path reaches a stable healthy state that truthfully represents the verified boundary
|
|
124
|
+
- reruns avoid obvious full clean-room rebuild loops except when dependency manifests or toolchain pins actually change
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
# Expo React Native Default Scaffold Playbook
|
|
2
|
+
|
|
3
|
+
Use this playbook for cross-platform mobile requests unless the prompt explicitly requires native-only Android or iOS work.
|
|
4
|
+
|
|
5
|
+
## Goal
|
|
6
|
+
|
|
7
|
+
Create a simple Expo + React Native + TypeScript baseline that:
|
|
8
|
+
|
|
9
|
+
- boots cleanly for local development
|
|
10
|
+
- exposes one honest runtime wrapper
|
|
11
|
+
- exposes one portable broad test command
|
|
12
|
+
- installs the baseline mobile test layer
|
|
13
|
+
|
|
14
|
+
## Runtime contract
|
|
15
|
+
|
|
16
|
+
- required Docker command: `docker compose up --build`
|
|
17
|
+
- required broad test command: `./run_tests.sh`
|
|
18
|
+
- both commands must be real and working
|
|
19
|
+
- `./run_app.sh` may exist as a helper for host-side convenience, but it does not replace the required Docker baseline
|
|
20
|
+
|
|
21
|
+
## Safe default stack
|
|
22
|
+
|
|
23
|
+
- Expo
|
|
24
|
+
- React Native
|
|
25
|
+
- TypeScript
|
|
26
|
+
- Jest
|
|
27
|
+
- React Native Testing Library
|
|
28
|
+
|
|
29
|
+
## Bootstrap rule
|
|
30
|
+
|
|
31
|
+
- use the current official Expo TypeScript bootstrap path unless the prompt or existing repo clearly dictates another mobile starter
|
|
32
|
+
- adapt the generated project only enough to make runtime, tests, and README honest
|
|
33
|
+
|
|
34
|
+
## Required scripts
|
|
35
|
+
|
|
36
|
+
- `docker compose up --build`
|
|
37
|
+
- `./run_tests.sh`
|
|
38
|
+
- `./run_app.sh` when useful for local Expo convenience
|
|
39
|
+
|
|
40
|
+
## Minimal real test floor
|
|
41
|
+
|
|
42
|
+
At scaffold, include at least:
|
|
43
|
+
|
|
44
|
+
- one real component or state test
|
|
45
|
+
- one real Jest invocation in `./run_tests.sh`
|
|
46
|
+
- one real Docker-backed runtime/build path behind `docker compose up --build`
|
|
47
|
+
|
|
48
|
+
## README floor
|
|
49
|
+
|
|
50
|
+
`README.md` must already state:
|
|
51
|
+
|
|
52
|
+
- scaffold status versus implemented scope
|
|
53
|
+
- required Docker command: `docker compose up --build`
|
|
54
|
+
- broad test command: `./run_tests.sh`
|
|
55
|
+
- host-side helper command: `./run_app.sh` when present
|
|
56
|
+
- whether the current baseline is Expo/local-device focused
|
|
57
|
+
- any platform-proof limits that still exist at scaffold time
|
|
58
|
+
|
|
59
|
+
## Common pitfalls
|
|
60
|
+
|
|
61
|
+
- pretending scaffold already proves real device flow quality
|
|
62
|
+
- skipping RN test setup until later
|
|
63
|
+
- hiding mock/local-only data defaults
|
|
64
|
+
- letting runtime depend on undocumented global host state
|
|
65
|
+
|
|
66
|
+
## Acceptance checklist
|
|
67
|
+
|
|
68
|
+
Scaffold is acceptable when:
|
|
69
|
+
|
|
70
|
+
- `docker compose up --build` works
|
|
71
|
+
- `./run_tests.sh` works
|
|
72
|
+
- baseline RN tests exist
|
|
73
|
+
- README is honest about the current mobile proof boundary
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
# FastAPI Default Scaffold Playbook
|
|
2
|
+
|
|
3
|
+
Use this playbook when the request explicitly asks for a FastAPI baseline or when the backend family has already been narrowed to FastAPI.
|
|
4
|
+
|
|
5
|
+
## Goal
|
|
6
|
+
|
|
7
|
+
Create a FastAPI-only baseline that:
|
|
8
|
+
|
|
9
|
+
- follows the official or best-known FastAPI bootstrap path honestly
|
|
10
|
+
- keeps dependency versions pinned
|
|
11
|
+
- uses a safe default database pattern with real persistence
|
|
12
|
+
- makes `docker compose up --build` the primary runtime command
|
|
13
|
+
- makes `./run_tests.sh` the portable broad verification command
|
|
14
|
+
- stops at baseline infrastructure instead of product features
|
|
15
|
+
|
|
16
|
+
## Bootstrap rule
|
|
17
|
+
|
|
18
|
+
- FastAPI does not provide an official full-project generator for this baseline shape
|
|
19
|
+
- use the official docs pattern: create the Python environment, install pinned FastAPI dependencies, write the app module, and run `uvicorn app.main:app --host 0.0.0.0 --port 8000`
|
|
20
|
+
- do not invent extra framework layers or boilerplate generators just to make the tree look bigger
|
|
21
|
+
|
|
22
|
+
Reusable bootstrap commands:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
python3 -m venv .venv
|
|
26
|
+
. .venv/bin/activate
|
|
27
|
+
python -m pip install --upgrade pip
|
|
28
|
+
python -m pip install -r requirements.txt
|
|
29
|
+
python -m uvicorn app.main:app --host 0.0.0.0 --port 8000
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
## Safe pinned defaults
|
|
33
|
+
|
|
34
|
+
- Python `3.12.11`
|
|
35
|
+
- FastAPI `0.122.0`
|
|
36
|
+
- Uvicorn `0.38.0`
|
|
37
|
+
- SQLAlchemy `2.0.44`
|
|
38
|
+
- Pydantic `2.12.3`
|
|
39
|
+
- pytest `8.4.2`
|
|
40
|
+
- httpx `0.28.1`
|
|
41
|
+
- Docker image: `python:3.12.11-slim-bookworm`
|
|
42
|
+
|
|
43
|
+
## Database pattern
|
|
44
|
+
|
|
45
|
+
- default to SQLite for the baseline because it keeps the local runtime secret-free and easy to verify
|
|
46
|
+
- place the SQLite file in a Docker-managed volume, not in the repo
|
|
47
|
+
- generate the runtime config file at container startup instead of committing `.env`
|
|
48
|
+
- keep `./init_db.sh` as the single database bootstrap entrypoint
|
|
49
|
+
- use SQLAlchemy with one shared engine and per-request sessions
|
|
50
|
+
|
|
51
|
+
## Required runtime contract
|
|
52
|
+
|
|
53
|
+
- runtime: `docker compose up --build`
|
|
54
|
+
- tests: `./run_tests.sh`
|
|
55
|
+
- DB bootstrap: `./init_db.sh`
|
|
56
|
+
- all three commands must be real
|
|
57
|
+
|
|
58
|
+
## Minimum API floor
|
|
59
|
+
|
|
60
|
+
At baseline, include all of the following:
|
|
61
|
+
|
|
62
|
+
- `GET /health` proving API boot and database connectivity
|
|
63
|
+
- `POST /items` creating a persisted record
|
|
64
|
+
- `GET /items` returning persisted records
|
|
65
|
+
- at least two real tests hitting those routes
|
|
66
|
+
|
|
67
|
+
## Compose pattern
|
|
68
|
+
|
|
69
|
+
- one `app` service
|
|
70
|
+
- one optional `test` service behind the `test` profile
|
|
71
|
+
- expose only the API port to `127.0.0.1`
|
|
72
|
+
- prefer Docker-assigned random host ports to avoid collisions
|
|
73
|
+
- include an app healthcheck
|
|
74
|
+
- store generated config and DB state in named volumes
|
|
75
|
+
|
|
76
|
+
## README requirements
|
|
77
|
+
|
|
78
|
+
`README.md` must state:
|
|
79
|
+
|
|
80
|
+
- that this is baseline only
|
|
81
|
+
- the exact pinned stack
|
|
82
|
+
- the exact runtime command
|
|
83
|
+
- the exact test command
|
|
84
|
+
- the exact DB bootstrap command
|
|
85
|
+
- that no `.env` file is used
|
|
86
|
+
- what is intentionally excluded
|
|
87
|
+
|
|
88
|
+
## Experimental verification for this lab
|
|
89
|
+
|
|
90
|
+
Commands run in `/Users/yohannesakd/code/eaglepoint/demonstration/scaffold-lab/fastapi-baseline`:
|
|
91
|
+
|
|
92
|
+
```bash
|
|
93
|
+
docker compose build
|
|
94
|
+
docker compose up --build -d
|
|
95
|
+
docker compose ps
|
|
96
|
+
docker compose port app 8000
|
|
97
|
+
curl -fsS "http://127.0.0.1:32778/health"
|
|
98
|
+
curl -fsS -X POST "http://127.0.0.1:32778/items" -H "content-type: application/json" -d '{"name":"manual-smoke-item"}'
|
|
99
|
+
curl -fsS "http://127.0.0.1:32778/items"
|
|
100
|
+
docker compose down --volumes --remove-orphans
|
|
101
|
+
python3 -c 'import subprocess, sys, time; cmd=["docker","compose","up","--build"]; proc=subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True); seen=False; start=time.time();
|
|
102
|
+
while True:
|
|
103
|
+
line=proc.stdout.readline()
|
|
104
|
+
if line:
|
|
105
|
+
sys.stdout.write(line)
|
|
106
|
+
sys.stdout.flush()
|
|
107
|
+
if "Application startup complete." in line or "Uvicorn running on" in line:
|
|
108
|
+
seen=True
|
|
109
|
+
break
|
|
110
|
+
elif proc.poll() is not None:
|
|
111
|
+
break
|
|
112
|
+
elif time.time()-start>120:
|
|
113
|
+
break
|
|
114
|
+
if not seen:
|
|
115
|
+
proc.terminate(); proc.wait(timeout=20); sys.exit(1)
|
|
116
|
+
subprocess.run(["docker","compose","stop","app"], check=True)
|
|
117
|
+
rc=proc.wait(timeout=60)
|
|
118
|
+
sys.exit(rc if rc is not None else 1)'
|
|
119
|
+
docker compose down --volumes --remove-orphans
|
|
120
|
+
./run_tests.sh
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
Observed result:
|
|
124
|
+
|
|
125
|
+
- detached startup reached healthy state on `127.0.0.1:32778`
|
|
126
|
+
- `GET /health`, `POST /items`, and `GET /items` all returned successful real API responses
|
|
127
|
+
- attached `docker compose up --build` reached `Application startup complete.` before controlled shutdown
|
|
128
|
+
- `./run_tests.sh` finished with `2 passed in 0.53s` and printed `FastAPI smoke check passed at http://127.0.0.1:32779`
|
|
129
|
+
|
|
130
|
+
## Expected caveats
|
|
131
|
+
|
|
132
|
+
- upgrade from schema creation to migrations only when the prompt starts requiring schema evolution
|
|
133
|
+
- switch to a network database only when the prompt actually needs multi-service or production-shaped DB behavior
|
|
134
|
+
- keep the config-file pattern even if the DB backend changes
|