theslopmachine 0.6.2 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/MANUAL.md +21 -6
  2. package/README.md +55 -7
  3. package/RELEASE.md +16 -1
  4. package/assets/agents/developer.md +41 -1
  5. package/assets/agents/slopmachine-claude.md +101 -60
  6. package/assets/agents/slopmachine.md +40 -17
  7. package/assets/claude/agents/developer.md +42 -5
  8. package/assets/skills/clarification-gate/SKILL.md +25 -5
  9. package/assets/skills/claude-worker-management/SKILL.md +290 -57
  10. package/assets/skills/developer-session-lifecycle/SKILL.md +83 -38
  11. package/assets/skills/development-guidance/SKILL.md +21 -1
  12. package/assets/skills/evaluation-triage/SKILL.md +34 -23
  13. package/assets/skills/final-evaluation-orchestration/SKILL.md +88 -50
  14. package/assets/skills/hardening-gate/SKILL.md +17 -3
  15. package/assets/skills/integrated-verification/SKILL.md +3 -3
  16. package/assets/skills/planning-gate/SKILL.md +32 -3
  17. package/assets/skills/planning-guidance/SKILL.md +72 -13
  18. package/assets/skills/retrospective-analysis/SKILL.md +2 -2
  19. package/assets/skills/scaffold-guidance/SKILL.md +129 -124
  20. package/assets/skills/submission-packaging/SKILL.md +33 -27
  21. package/assets/skills/verification-gates/SKILL.md +44 -14
  22. package/assets/slopmachine/backend-evaluation-prompt.md +1 -1
  23. package/assets/slopmachine/frontend-evaluation-prompt.md +5 -5
  24. package/assets/slopmachine/scaffold-playbooks/android-kotlin-compose.md +81 -0
  25. package/assets/slopmachine/scaffold-playbooks/android-kotlin-views.md +191 -0
  26. package/assets/slopmachine/scaffold-playbooks/android-native-java.md +203 -0
  27. package/assets/slopmachine/scaffold-playbooks/angular-default.md +181 -0
  28. package/assets/slopmachine/scaffold-playbooks/backend-baseline.md +142 -0
  29. package/assets/slopmachine/scaffold-playbooks/backend-family-matrix.md +80 -0
  30. package/assets/slopmachine/scaffold-playbooks/database-module-matrix.md +80 -0
  31. package/assets/slopmachine/scaffold-playbooks/django-default.md +166 -0
  32. package/assets/slopmachine/scaffold-playbooks/docker-baseline.md +189 -0
  33. package/assets/slopmachine/scaffold-playbooks/docker-shared-contract.md +334 -0
  34. package/assets/slopmachine/scaffold-playbooks/electron-vite-default.md +124 -0
  35. package/assets/slopmachine/scaffold-playbooks/expo-react-native-default.md +73 -0
  36. package/assets/slopmachine/scaffold-playbooks/fastapi-default.md +134 -0
  37. package/assets/slopmachine/scaffold-playbooks/frontend-baseline.md +160 -0
  38. package/assets/slopmachine/scaffold-playbooks/frontend-family-matrix.md +134 -0
  39. package/assets/slopmachine/scaffold-playbooks/generic-unknown-tech-guide.md +136 -0
  40. package/assets/slopmachine/scaffold-playbooks/go-chi-default.md +160 -0
  41. package/assets/slopmachine/scaffold-playbooks/ios-linux-portable.md +93 -0
  42. package/assets/slopmachine/scaffold-playbooks/ios-native-objective-c.md +151 -0
  43. package/assets/slopmachine/scaffold-playbooks/ios-native-swift.md +188 -0
  44. package/assets/slopmachine/scaffold-playbooks/laravel-default.md +216 -0
  45. package/assets/slopmachine/scaffold-playbooks/livewire-default.md +265 -0
  46. package/assets/slopmachine/scaffold-playbooks/overlay-module-matrix.md +130 -0
  47. package/assets/slopmachine/scaffold-playbooks/platform-family-matrix.md +79 -0
  48. package/assets/slopmachine/scaffold-playbooks/selection-matrix.md +72 -0
  49. package/assets/slopmachine/scaffold-playbooks/spring-boot-default.md +182 -0
  50. package/assets/slopmachine/scaffold-playbooks/tauri-default.md +80 -0
  51. package/assets/slopmachine/scaffold-playbooks/vue-vite-default.md +162 -0
  52. package/assets/slopmachine/scaffold-playbooks/web-default.md +96 -0
  53. package/assets/slopmachine/templates/AGENTS.md +41 -3
  54. package/assets/slopmachine/templates/CLAUDE.md +111 -0
  55. package/assets/slopmachine/test-coverage-prompt.md +561 -0
  56. package/assets/slopmachine/utils/claude_create_session.mjs +3 -2
  57. package/assets/slopmachine/utils/claude_live_channel.mjs +188 -0
  58. package/assets/slopmachine/utils/claude_live_common.mjs +411 -0
  59. package/assets/slopmachine/utils/claude_live_hook.py +47 -0
  60. package/assets/slopmachine/utils/claude_live_launch.mjs +187 -0
  61. package/assets/slopmachine/utils/claude_live_status.mjs +25 -0
  62. package/assets/slopmachine/utils/claude_live_stop.mjs +46 -0
  63. package/assets/slopmachine/utils/claude_live_turn.mjs +277 -0
  64. package/assets/slopmachine/utils/claude_resume_session.mjs +3 -2
  65. package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.mjs +23 -0
  66. package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.sh +5 -0
  67. package/assets/slopmachine/utils/claude_worker_common.mjs +361 -4
  68. package/assets/slopmachine/utils/cleanup_delivery_artifacts.py +4 -0
  69. package/assets/slopmachine/utils/export_ai_session.mjs +1 -1
  70. package/assets/slopmachine/utils/normalize_claude_session.py +153 -0
  71. package/assets/slopmachine/utils/package_claude_session.mjs +123 -0
  72. package/assets/slopmachine/utils/prepare_strict_audit_workspace.mjs +65 -0
  73. package/package.json +1 -1
  74. package/src/constants.js +42 -3
  75. package/src/init.js +173 -28
  76. package/src/install.js +156 -8
  77. package/src/send-data.js +56 -57
@@ -0,0 +1,334 @@
1
+ # Docker Shared Contract For Scaffold Families
2
+
3
+ This document defines the **shared Docker contract** that every scaffold family must satisfy.
4
+
5
+ It is **not** one universal `compose.yaml`. Different scaffold families may need different service graphs, images, profiles, and host helpers. The shared requirement is that every scaffold exposes the same **honest, reusable contract surface** to owners and developers.
6
+
7
+ Applies to:
8
+
9
+ - web scaffolds
10
+ - backend/API scaffolds
11
+ - Android scaffolds
12
+ - iOS-on-Linux scaffolds
13
+ - desktop scaffolds
14
+
15
+ ## Core contract
16
+
17
+ Every scaffold family must provide and document these two commands:
18
+
19
+ - `docker compose up --build`
20
+ - `./run_tests.sh`
21
+
22
+ Those commands must be:
23
+
24
+ - real
25
+ - repeatable
26
+ - containerized
27
+ - documented in `README.md`
28
+ - honest about what they do and do **not** prove
29
+
30
+ Recommended automation/readiness variant:
31
+
32
+ - `docker compose up --build --wait`
33
+
34
+ The required user-facing runtime command remains:
35
+
36
+ - `docker compose up --build`
37
+
38
+ ## What `docker compose up --build` must prove
39
+
40
+ `docker compose up --build` must prove that the scaffold's primary Docker-backed baseline is wired correctly.
41
+
42
+ That proof differs by family, but it must always be **meaningful**:
43
+
44
+ - **web/backend:** a real long-running runtime becomes healthy and reachable through the intended edge surface
45
+ - **Android:** a real containerized build/support environment works, and any claimed preview/dev/support service becomes healthy
46
+ - **iOS-on-Linux:** a real Linux-verifiable build/export/support path works without pretending to prove native Xcode runtime
47
+ - **desktop:** a real containerized build/package/smoke path works without pretending Docker proves a native interactive desktop session by itself
48
+
49
+ At minimum, `docker compose up --build` must prove all of the following:
50
+
51
+ - images build from source in the repo
52
+ - declared runtime or support services start without hidden host setup
53
+ - readiness can be observed through healthchecks, predictable logs, or explicit successful artifact production
54
+ - the stack reaches a meaningful healthy state without manual container surgery
55
+ - rerunning the command is predictably convergent
56
+
57
+ `docker compose up --build` does **not** need to prove full product completion. It **does** need to prove that the baseline scaffold is operational and honest.
58
+
59
+ ## What `./run_tests.sh` must prove
60
+
61
+ `./run_tests.sh` owns the **broad portable verification path**.
62
+
63
+ It must prove that the scaffold can be verified from a clean-enough developer or CI environment without relying on undocumented host tools beyond Docker and the documented baseline prerequisites.
64
+
65
+ `./run_tests.sh` should, as appropriate for the family:
66
+
67
+ - build or reuse the Compose images
68
+ - start any required services with Compose
69
+ - wait for real readiness
70
+ - run the scaffold's minimum real tests
71
+ - run smoke checks against the actual baseline contract
72
+ - clean up one-off test containers and temporary runtime state
73
+
74
+ `./run_tests.sh` must not be a fake wrapper that only prints TODOs, only runs lint when runtime proof is expected, or silently skips the meaningful part of verification.
75
+
76
+ Minimum proof by family:
77
+
78
+ - **web:** served app shell or app endpoint is reachable, plus real test/build verification
79
+ - **backend:** readiness endpoint and one persistence/integration-shaped path are proven, plus real tests
80
+ - **Android:** Linux-portable build/test path is proven, plus any claimed support service or artifact generation
81
+ - **iOS-on-Linux:** Linux-portable shared-code tests/typechecks/build-shape proof is real, with scope limits stated clearly
82
+ - **desktop:** build/package/smoke path is real, with at least one honest automated desktop-adjacent smoke proof when claimed
83
+
84
+ ## Meaningful healthy state
85
+
86
+ A scaffold is in a meaningful healthy state when it has crossed from “containers started” into “baseline contract actually proven.”
87
+
88
+ Healthy state must mean one of these, depending on family:
89
+
90
+ ### Runtime-serving families
91
+
92
+ For web and backend scaffolds, healthy means:
93
+
94
+ - long-running services are up
95
+ - dependency services are healthy first
96
+ - app/edge service is healthy after its dependencies
97
+ - the intended smoke route, readiness route, or entry surface actually responds successfully
98
+ - the stack is not crash-looping
99
+
100
+ ### Build/support families
101
+
102
+ For Android, iOS-on-Linux, and desktop scaffolds, healthy may mean:
103
+
104
+ - a long-running support service is healthy and usable, **or**
105
+ - a containerized build/export/package/smoke flow completed successfully and produced the documented artifact/output, **or**
106
+ - both
107
+
108
+ If the family cannot honestly prove native runtime from Linux or Docker alone, the healthy state must stop at the strongest truthful boundary and document that boundary.
109
+
110
+ Healthy does **not** mean:
111
+
112
+ - container process exists but no readiness proof exists
113
+ - only dependencies are up while the app/tooling contract is still unusable
114
+ - manual shelling into containers is required to finish bootstrap
115
+ - the stack is “probably fine” because logs look quiet
116
+
117
+ ## Loopback host binding defaults
118
+
119
+ When a service is published to the host, default to loopback-only binding:
120
+
121
+ - `127.0.0.1:HOST_PORT:CONTAINER_PORT`
122
+
123
+ Default expectations:
124
+
125
+ - prefer loopback over `0.0.0.0`
126
+ - prefer one edge-facing published service when an edge exists
127
+ - prefer high or automatically assigned local ports to reduce collisions
128
+ - if no host-facing service is needed, publish **no** ports
129
+
130
+ Deviations from loopback-only defaults must be intentional and disclosed in `README.md`.
131
+
132
+ ## Port exposure rules
133
+
134
+ - publish only the minimum host surface required for the scaffold's honest baseline
135
+ - use `expose` for internal-only services
136
+ - databases, workers, and internal APIs should stay off the host unless the prompt explicitly requires host access
137
+ - Android/iOS-on-Linux/desktop scaffolds may publish zero host ports when the Docker path is build/support oriented rather than user-runtime oriented
138
+ - if multiple published ports are necessary, `README.md` must explain why each exists
139
+
140
+ The default posture is: **minimal, loopback-bound, owner-readable exposure**.
141
+
142
+ ## Healthchecks and readiness rules
143
+
144
+ Every long-running service that matters to the baseline must have a real readiness strategy.
145
+
146
+ Preferred rules:
147
+
148
+ - use Compose healthchecks for long-running services
149
+ - use native readiness commands for infrastructure services when available (`pg_isready`, `mysqladmin ping`, etc.)
150
+ - use in-container localhost readiness endpoints or commands for app services
151
+ - gate dependent services with health-based readiness, not arbitrary sleep loops
152
+ - use `docker compose up --build --wait` in automation when available
153
+
154
+ Readiness must be tied to actual usefulness:
155
+
156
+ - a backend readiness check should verify critical dependencies it claims are required
157
+ - a web edge readiness check should confirm the served surface is actually available
158
+ - a support service readiness check should confirm the advertised support function is actually usable
159
+
160
+ If a family relies on a one-shot build/export container instead of a long-running service, the success condition must be explicit and documented:
161
+
162
+ - expected artifact path
163
+ - expected exit status
164
+ - expected follow-up smoke proof, if any
165
+
166
+ ## Cache and volume strategy
167
+
168
+ Use caches and volumes to make reruns materially faster without hiding state in surprising places.
169
+
170
+ Rules:
171
+
172
+ - use **named volumes** for mutable runtime state that should survive container replacement
173
+ - use **BuildKit cache mounts** for package-manager and compiler caches when supported
174
+ - keep disposable test containers stateless by default
175
+ - do not require developers to manually pre-create cache directories
176
+ - do not make ordinary reruns depend on bind-mounted host cache internals
177
+
178
+ Good default uses for named volumes:
179
+
180
+ - database data
181
+ - generated local-only runtime config or bootstrap state
182
+ - tool caches that are intentionally persisted across runs and clearly documented
183
+
184
+ Avoid by default:
185
+
186
+ - bind-mounting whole home directories
187
+ - bind-mounting package-manager caches as the main scaffold strategy
188
+ - persisting everything just to mask slow builds
189
+
190
+ ## BuildKit and cache-mount guidance
191
+
192
+ Dockerfiles should be written to reward reruns.
193
+
194
+ Preferred guidance:
195
+
196
+ - copy dependency manifests before copying full source trees
197
+ - use slim official base images unless the platform genuinely needs something heavier
198
+ - enable BuildKit-friendly layers and cache mounts for package managers and build tools
199
+ - keep image stages single-purpose and deterministic
200
+ - avoid invalidating heavy dependency layers for every source edit
201
+
202
+ Typical cache-mount examples include:
203
+
204
+ - npm/pnpm/yarn caches
205
+ - pip/uv caches
206
+ - Gradle caches
207
+ - Cargo registry/target caches when appropriate
208
+ - compiler/build caches where they are stable and worth persisting
209
+
210
+ The contract goal is qualitative:
211
+
212
+ - first run may be heavier
213
+ - reruns should be materially faster
214
+ - reruns should not look like full clean-room rebuilds unless the user explicitly asked for that
215
+
216
+ ## No `.env` policy
217
+
218
+ Baseline scaffolds must not depend on a checked-in `.env` or hidden env-file workflow.
219
+
220
+ Required stance:
221
+
222
+ - no committed `.env`
223
+ - no required manual `cp .env.example .env` step just to make the scaffold baseline work
224
+ - no hidden reliance on developer shell exports that are not documented
225
+
226
+ If configuration is needed, prefer:
227
+
228
+ - safe local defaults in Compose for non-sensitive values
229
+ - generated ignored config files
230
+ - mounted secret files
231
+ - Docker-managed volumes for runtime-generated local bootstrap state
232
+ - external overrides for non-baseline environments
233
+
234
+ ## Secret and bootstrap policy
235
+
236
+ Secrets and bootstrap inputs must be explicit, non-magical, and safe.
237
+
238
+ Rules:
239
+
240
+ - never bake real secrets into images, Compose files, or the repo
241
+ - never require undocumented host-side secret setup for the baseline local path
242
+ - local bootstrap must generate any required local-only runtime values into ignored paths or Docker-managed runtime state instead of pre-seeding placeholder literals into tracked files
243
+ - production or shared-environment secrets must come from external secret stores, CI injection, ignored generated files, or explicit operator overrides
244
+ - bootstrap generation must be idempotent and predictable
245
+
246
+ Acceptable bootstrap behavior:
247
+
248
+ - generate local-only config into ignored paths or Docker-managed volumes
249
+ - create empty local databases or seed minimal non-sensitive baseline state
250
+ - generate disposable internal-network credentials at runtime when they are clearly local-only, documented, and not written into tracked files
251
+
252
+ Unacceptable bootstrap behavior:
253
+
254
+ - hidden interactive prompts during normal Compose startup
255
+ - writing secrets into tracked files
256
+ - requiring users to guess missing inputs from failures
257
+
258
+ ## First-run vs rerun expectations
259
+
260
+ The contract is qualitative but strict enough to guide owner acceptance.
261
+
262
+ ### First run
263
+
264
+ First run may reasonably include:
265
+
266
+ - pulling base images
267
+ - installing dependencies
268
+ - building the initial toolchain layers
269
+ - one-time local bootstrap generation
270
+
271
+ First run must still be:
272
+
273
+ - reasonable for a scaffold baseline
274
+ - visibly progressing
275
+ - documented if a specific platform stack is known to be heavier than usual
276
+
277
+ ### Reruns
278
+
279
+ Reruns must be:
280
+
281
+ - predictably convergent
282
+ - materially faster than first run in ordinary cases
283
+ - free from repeated heavyweight bootstrap that should have been cached or persisted
284
+
285
+ ## What must not happen
286
+
287
+ The shared contract forbids these failure patterns by default:
288
+
289
+ - hour-long silent hangs or long silent stalls without visible progress
290
+ - repeated full SDK/toolchain reinstall on ordinary reruns
291
+ - default clean builds on every run when cacheable layers should have been reused
292
+ - hidden setup steps outside documented commands
293
+ - hidden dependence on host-global state
294
+ - fake healthchecks that only prove a process exists
295
+ - fake `./run_tests.sh` wrappers that skip meaningful runtime/build proof
296
+ - crash-looping services presented as acceptable because Compose eventually started
297
+ - requiring owners to manually exec into containers to finish bootstrap
298
+ - publishing unnecessary host ports
299
+ - pretending Docker proves native mobile or desktop runtime when it does not
300
+
301
+ If the stack has an unavoidable expensive step, the scaffold must say so plainly and still keep reruns as efficient as reasonably possible.
302
+
303
+ ## Required README disclosures
304
+
305
+ Every scaffold `README.md` must disclose the shared Docker contract in scaffold-specific terms.
306
+
307
+ At minimum, `README.md` must state:
308
+
309
+ - this is a scaffold/baseline and not full product completion
310
+ - what `docker compose up --build` proves for this family
311
+ - what `./run_tests.sh` proves for this family
312
+ - the expected healthy state
313
+ - any published host ports and why they exist
314
+ - loopback-only default behavior when ports are published
315
+ - any meaningful proof boundary Docker cannot cross for this family
316
+ - config/bootstrap behavior without `.env`
317
+ - where secrets come from in local vs non-local environments
318
+ - any known heavy first-run behavior worth expecting
319
+ - cleanup expectations if volumes or caches are intentionally retained
320
+
321
+ ## Owner acceptance checklist
322
+
323
+ A scaffold family satisfies this shared contract when all of the following are true:
324
+
325
+ - `docker compose up --build` is real and meaningful
326
+ - `./run_tests.sh` is real and meaningful
327
+ - healthy state is observable and honest
328
+ - host exposure is minimal and loopback-bound by default
329
+ - readiness uses real healthchecks or explicit successful one-shot proof
330
+ - cache and volume strategy supports materially faster reruns
331
+ - the scaffold does not depend on `.env`
332
+ - secret/bootstrap behavior is explicit and safe
333
+ - the baseline does not hide setup or repeated heavyweight reinstall work
334
+ - `README.md` tells the truth about scope, proof, limits, and operator expectations
@@ -0,0 +1,124 @@
1
+ # Electron Vite Default Scaffold Playbook
2
+
3
+ Use this playbook for desktop app requests unless the prompt or existing repo clearly dictates another desktop stack.
4
+
5
+ ## Goal
6
+
7
+ Create a simple Electron baseline that:
8
+
9
+ - uses Electron + Vite + TypeScript by default
10
+ - has an honest Linux Docker verification wrapper
11
+ - has a portable broad test/build wrapper
12
+ - wires the baseline desktop test path without pretending the product is complete
13
+
14
+ ## Runtime contract
15
+
16
+ - required Docker command: `docker compose up --build`
17
+ - required broad test command: `./run_tests.sh`
18
+ - both commands must be real and working
19
+ - `./run_app.sh` may exist as a helper for host-side convenience, but it does not replace the required Docker baseline
20
+
21
+ ## Safe default stack
22
+
23
+ - Electron
24
+ - Vite
25
+ - TypeScript
26
+ - selected local test runner
27
+ - Playwright Electron support or equivalent when UI-bearing proof is part of the baseline test shape
28
+
29
+ ## Verified baseline notes
30
+
31
+ From a real lab verification on 2026-04-14:
32
+
33
+ - the official `@quick-start/electron` `vanilla-ts` bootstrap is a good starting shape, but it is interactive even when the template is passed, so scaffold automation should expect prompt handling or a follow-up hardening pass
34
+ - the generated starter's default dependency set did not install cleanly in this environment via plain `npm install`; the verified baseline pinned current working Electron/tooling versions and replaced the generated `@electron-toolkit` runtime helpers with a small explicit preload bridge
35
+ - for Linux-oriented desktop scaffold, treat `docker compose up --build` as a meaningful containerized build/package/smoke gate rather than pretending it proves a native long-running desktop runtime
36
+ - the practical convergence strategy was **multi-stage Docker verification**: run lint/unit/package/headless-smoke during image build, then start a tiny long-running report service from the verified artifacts so Compose can reach a stable healthy state instead of exiting immediately after a one-shot container
37
+ - pin the Docker toolchain explicitly (the verified lab used `node:24.13.0-bookworm-slim` plus pinned Electron/electron-vite/electron-builder/Playwright versions)
38
+ - keep Linux packaging at scaffold stage to `electron-builder --linux dir` so verification stays real but time-bounded
39
+ - use Xvfb plus Playwright's `_electron` support for the minimum real headless desktop smoke path inside Docker
40
+ - use BuildKit cache mounts for npm, Electron, and electron-builder caches so reruns are materially faster and avoid repeated heavyweight downloads
41
+
42
+ ## Required scripts
43
+
44
+ - `docker compose up --build`
45
+ - `./run_tests.sh`
46
+ - `./run_app.sh` when useful for host-side convenience
47
+
48
+ ## Preferred Docker strategy for desktop baseline
49
+
50
+ For Linux desktop scaffolds, prefer this shape unless the prompt requires something heavier:
51
+
52
+ 1. **verify stage** in the Dockerfile that runs:
53
+ - dependency install from lockfile
54
+ - lint/type/unit checks as applicable
55
+ - `electron-vite build`
56
+ - `electron-builder --linux dir`
57
+ - one headless Electron smoke test under Xvfb
58
+ 2. **runtime/report stage** that copies only the verified artifacts and a tiny report/health surface.
59
+ 3. Compose service healthcheck that validates the verification summary and packaged artifact still exist.
60
+ 4. Optional loopback-only report port if it helps operators inspect proof without shelling into the container.
61
+
62
+ This keeps `docker compose up --build` honest and reusable:
63
+
64
+ - first run may be heavier
65
+ - reruns should reuse cached layers/downloads
66
+ - Compose ends in a stable healthy service instead of an immediately exited verification container
67
+ - the stack does not claim Docker proves full interactive desktop runtime
68
+
69
+ ## Security baseline
70
+
71
+ At scaffold, preserve the safe desktop defaults:
72
+
73
+ - `contextIsolation` on
74
+ - no unnecessary `nodeIntegration` in renderer
75
+ - preload boundary explicit
76
+ - prefer `sandbox` on unless the existing app or prompt explicitly requires a different choice
77
+
78
+ ## Minimal real test floor
79
+
80
+ At scaffold, include at least:
81
+
82
+ - one real unit or renderer/main-process test
83
+ - one real build/smoke invocation in `./run_tests.sh`
84
+ - one honest Docker-backed runtime/build path behind `docker compose up --build`
85
+ - for Linux-oriented Electron baseline, prefer one pure unit test plus one headless Electron smoke test that launches the built app through Playwright under Xvfb
86
+ - package proof should stay at the strongest honest/time-bounded Linux checkpoint, usually `electron-builder --linux dir`
87
+
88
+ ## README floor
89
+
90
+ `README.md` must already state:
91
+
92
+ - scaffold status versus implemented scope
93
+ - required Docker command: `docker compose up --build`
94
+ - broad test command: `./run_tests.sh`
95
+ - desktop-only scope and current proof boundary
96
+ - host-side helper command: `./run_app.sh` when present
97
+ - main process / preload / renderer layout at a high level
98
+ - expected healthy state after Compose converges
99
+ - any loopback-only port used by a report/support service and why it exists
100
+ - first-run versus rerun expectations when Docker caches are intentionally used
101
+
102
+ ## Common pitfalls
103
+
104
+ - unsafe renderer defaults
105
+ - pretending scaffold proves full desktop interaction quality
106
+ - skipping the broad Linux build/test path
107
+ - leaving runtime/test commands dependent on undocumented host setup
108
+ - leaving the default generator dependency versions unverified
109
+ - making Linux packaging too heavy at scaffold time by requiring deb/snap/AppImage before the baseline is proven
110
+ - using a one-shot verification container as the only Compose service so `docker compose up --build` exits instead of converging to a stable healthy state
111
+ - forcing repeated clean installs/downloads on ordinary reruns when BuildKit cache mounts or layered installs would avoid it
112
+
113
+ ## Acceptance checklist
114
+
115
+ Scaffold is acceptable when:
116
+
117
+ - `docker compose up --build` works
118
+ - `./run_tests.sh` works
119
+ - safe desktop defaults are preserved
120
+ - baseline desktop tests exist
121
+ - README is honest
122
+ - the Docker path proves build, unpacked Linux packaging, and one real headless Electron window smoke check
123
+ - the Compose path reaches a stable healthy state that truthfully represents the verified boundary
124
+ - reruns avoid obvious full clean-room rebuild loops except when dependency manifests or toolchain pins actually change
@@ -0,0 +1,73 @@
1
+ # Expo React Native Default Scaffold Playbook
2
+
3
+ Use this playbook for cross-platform mobile requests unless the prompt explicitly requires native-only Android or iOS work.
4
+
5
+ ## Goal
6
+
7
+ Create a simple Expo + React Native + TypeScript baseline that:
8
+
9
+ - boots cleanly for local development
10
+ - exposes one honest runtime wrapper
11
+ - exposes one portable broad test command
12
+ - installs the baseline mobile test layer
13
+
14
+ ## Runtime contract
15
+
16
+ - required Docker command: `docker compose up --build`
17
+ - required broad test command: `./run_tests.sh`
18
+ - both commands must be real and working
19
+ - `./run_app.sh` may exist as a helper for host-side convenience, but it does not replace the required Docker baseline
20
+
21
+ ## Safe default stack
22
+
23
+ - Expo
24
+ - React Native
25
+ - TypeScript
26
+ - Jest
27
+ - React Native Testing Library
28
+
29
+ ## Bootstrap rule
30
+
31
+ - use the current official Expo TypeScript bootstrap path unless the prompt or existing repo clearly dictates another mobile starter
32
+ - adapt the generated project only enough to make runtime, tests, and README honest
33
+
34
+ ## Required scripts
35
+
36
+ - `docker compose up --build`
37
+ - `./run_tests.sh`
38
+ - `./run_app.sh` when useful for local Expo convenience
39
+
40
+ ## Minimal real test floor
41
+
42
+ At scaffold, include at least:
43
+
44
+ - one real component or state test
45
+ - one real Jest invocation in `./run_tests.sh`
46
+ - one real Docker-backed runtime/build path behind `docker compose up --build`
47
+
48
+ ## README floor
49
+
50
+ `README.md` must already state:
51
+
52
+ - scaffold status versus implemented scope
53
+ - required Docker command: `docker compose up --build`
54
+ - broad test command: `./run_tests.sh`
55
+ - host-side helper command: `./run_app.sh` when present
56
+ - whether the current baseline is Expo/local-device focused
57
+ - any platform-proof limits that still exist at scaffold time
58
+
59
+ ## Common pitfalls
60
+
61
+ - pretending scaffold already proves real device flow quality
62
+ - skipping RN test setup until later
63
+ - hiding mock/local-only data defaults
64
+ - letting runtime depend on undocumented global host state
65
+
66
+ ## Acceptance checklist
67
+
68
+ Scaffold is acceptable when:
69
+
70
+ - `docker compose up --build` works
71
+ - `./run_tests.sh` works
72
+ - baseline RN tests exist
73
+ - README is honest about the current mobile proof boundary
@@ -0,0 +1,134 @@
1
+ # FastAPI Default Scaffold Playbook
2
+
3
+ Use this playbook when the request explicitly asks for a FastAPI baseline or when the backend family has already been narrowed to FastAPI.
4
+
5
+ ## Goal
6
+
7
+ Create a FastAPI-only baseline that:
8
+
9
+ - follows the official or best-known FastAPI bootstrap path honestly
10
+ - keeps dependency versions pinned
11
+ - uses a safe default database pattern with real persistence
12
+ - makes `docker compose up --build` the primary runtime command
13
+ - makes `./run_tests.sh` the portable broad verification command
14
+ - stops at baseline infrastructure instead of product features
15
+
16
+ ## Bootstrap rule
17
+
18
+ - FastAPI does not provide an official full-project generator for this baseline shape
19
+ - use the official docs pattern: create the Python environment, install pinned FastAPI dependencies, write the app module, and run `uvicorn app.main:app --host 0.0.0.0 --port 8000`
20
+ - do not invent extra framework layers or boilerplate generators just to make the tree look bigger
21
+
22
+ Reusable bootstrap commands:
23
+
24
+ ```bash
25
+ python3 -m venv .venv
26
+ . .venv/bin/activate
27
+ python -m pip install --upgrade pip
28
+ python -m pip install -r requirements.txt
29
+ python -m uvicorn app.main:app --host 0.0.0.0 --port 8000
30
+ ```
31
+
32
+ ## Safe pinned defaults
33
+
34
+ - Python `3.12.11`
35
+ - FastAPI `0.122.0`
36
+ - Uvicorn `0.38.0`
37
+ - SQLAlchemy `2.0.44`
38
+ - Pydantic `2.12.3`
39
+ - pytest `8.4.2`
40
+ - httpx `0.28.1`
41
+ - Docker image: `python:3.12.11-slim-bookworm`
42
+
43
+ ## Database pattern
44
+
45
+ - default to SQLite for the baseline because it keeps the local runtime secret-free and easy to verify
46
+ - place the SQLite file in a Docker-managed volume, not in the repo
47
+ - generate the runtime config file at container startup instead of committing `.env`
48
+ - keep `./init_db.sh` as the single database bootstrap entrypoint
49
+ - use SQLAlchemy with one shared engine and per-request sessions
50
+
51
+ ## Required runtime contract
52
+
53
+ - runtime: `docker compose up --build`
54
+ - tests: `./run_tests.sh`
55
+ - DB bootstrap: `./init_db.sh`
56
+ - all three commands must be real
57
+
58
+ ## Minimum API floor
59
+
60
+ At baseline, include all of the following:
61
+
62
+ - `GET /health` proving API boot and database connectivity
63
+ - `POST /items` creating a persisted record
64
+ - `GET /items` returning persisted records
65
+ - at least two real tests hitting those routes
66
+
67
+ ## Compose pattern
68
+
69
+ - one `app` service
70
+ - one optional `test` service behind the `test` profile
71
+ - expose only the API port to `127.0.0.1`
72
+ - prefer Docker-assigned random host ports to avoid collisions
73
+ - include an app healthcheck
74
+ - store generated config and DB state in named volumes
75
+
76
+ ## README requirements
77
+
78
+ `README.md` must state:
79
+
80
+ - that this is baseline only
81
+ - the exact pinned stack
82
+ - the exact runtime command
83
+ - the exact test command
84
+ - the exact DB bootstrap command
85
+ - that no `.env` file is used
86
+ - what is intentionally excluded
87
+
88
+ ## Experimental verification for this lab
89
+
90
+ Commands run in `/Users/yohannesakd/code/eaglepoint/demonstration/scaffold-lab/fastapi-baseline`:
91
+
92
+ ```bash
93
+ docker compose build
94
+ docker compose up --build -d
95
+ docker compose ps
96
+ docker compose port app 8000
97
+ curl -fsS "http://127.0.0.1:32778/health"
98
+ curl -fsS -X POST "http://127.0.0.1:32778/items" -H "content-type: application/json" -d '{"name":"manual-smoke-item"}'
99
+ curl -fsS "http://127.0.0.1:32778/items"
100
+ docker compose down --volumes --remove-orphans
101
+ python3 -c 'import subprocess, sys, time; cmd=["docker","compose","up","--build"]; proc=subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True); seen=False; start=time.time();
102
+ while True:
103
+ line=proc.stdout.readline()
104
+ if line:
105
+ sys.stdout.write(line)
106
+ sys.stdout.flush()
107
+ if "Application startup complete." in line or "Uvicorn running on" in line:
108
+ seen=True
109
+ break
110
+ elif proc.poll() is not None:
111
+ break
112
+ elif time.time()-start>120:
113
+ break
114
+ if not seen:
115
+ proc.terminate(); proc.wait(timeout=20); sys.exit(1)
116
+ subprocess.run(["docker","compose","stop","app"], check=True)
117
+ rc=proc.wait(timeout=60)
118
+ sys.exit(rc if rc is not None else 1)'
119
+ docker compose down --volumes --remove-orphans
120
+ ./run_tests.sh
121
+ ```
122
+
123
+ Observed result:
124
+
125
+ - detached startup reached healthy state on `127.0.0.1:32778`
126
+ - `GET /health`, `POST /items`, and `GET /items` all returned successful real API responses
127
+ - attached `docker compose up --build` reached `Application startup complete.` before controlled shutdown
128
+ - `./run_tests.sh` finished with `2 passed in 0.53s` and printed `FastAPI smoke check passed at http://127.0.0.1:32779`
129
+
130
+ ## Expected caveats
131
+
132
+ - upgrade from schema creation to migrations only when the prompt starts requiring schema evolution
133
+ - switch to a network database only when the prompt actually needs multi-service or production-shaped DB behavior
134
+ - keep the config-file pattern even if the DB backend changes