theslopmachine 0.6.2 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/MANUAL.md +21 -6
  2. package/README.md +55 -7
  3. package/RELEASE.md +16 -1
  4. package/assets/agents/developer.md +41 -1
  5. package/assets/agents/slopmachine-claude.md +101 -60
  6. package/assets/agents/slopmachine.md +40 -17
  7. package/assets/claude/agents/developer.md +42 -5
  8. package/assets/skills/clarification-gate/SKILL.md +25 -5
  9. package/assets/skills/claude-worker-management/SKILL.md +290 -57
  10. package/assets/skills/developer-session-lifecycle/SKILL.md +83 -38
  11. package/assets/skills/development-guidance/SKILL.md +21 -1
  12. package/assets/skills/evaluation-triage/SKILL.md +34 -23
  13. package/assets/skills/final-evaluation-orchestration/SKILL.md +88 -50
  14. package/assets/skills/hardening-gate/SKILL.md +17 -3
  15. package/assets/skills/integrated-verification/SKILL.md +3 -3
  16. package/assets/skills/planning-gate/SKILL.md +32 -3
  17. package/assets/skills/planning-guidance/SKILL.md +72 -13
  18. package/assets/skills/retrospective-analysis/SKILL.md +2 -2
  19. package/assets/skills/scaffold-guidance/SKILL.md +129 -124
  20. package/assets/skills/submission-packaging/SKILL.md +33 -27
  21. package/assets/skills/verification-gates/SKILL.md +44 -14
  22. package/assets/slopmachine/backend-evaluation-prompt.md +1 -1
  23. package/assets/slopmachine/frontend-evaluation-prompt.md +5 -5
  24. package/assets/slopmachine/scaffold-playbooks/android-kotlin-compose.md +81 -0
  25. package/assets/slopmachine/scaffold-playbooks/android-kotlin-views.md +191 -0
  26. package/assets/slopmachine/scaffold-playbooks/android-native-java.md +203 -0
  27. package/assets/slopmachine/scaffold-playbooks/angular-default.md +181 -0
  28. package/assets/slopmachine/scaffold-playbooks/backend-baseline.md +142 -0
  29. package/assets/slopmachine/scaffold-playbooks/backend-family-matrix.md +80 -0
  30. package/assets/slopmachine/scaffold-playbooks/database-module-matrix.md +80 -0
  31. package/assets/slopmachine/scaffold-playbooks/django-default.md +166 -0
  32. package/assets/slopmachine/scaffold-playbooks/docker-baseline.md +189 -0
  33. package/assets/slopmachine/scaffold-playbooks/docker-shared-contract.md +334 -0
  34. package/assets/slopmachine/scaffold-playbooks/electron-vite-default.md +124 -0
  35. package/assets/slopmachine/scaffold-playbooks/expo-react-native-default.md +73 -0
  36. package/assets/slopmachine/scaffold-playbooks/fastapi-default.md +134 -0
  37. package/assets/slopmachine/scaffold-playbooks/frontend-baseline.md +160 -0
  38. package/assets/slopmachine/scaffold-playbooks/frontend-family-matrix.md +134 -0
  39. package/assets/slopmachine/scaffold-playbooks/generic-unknown-tech-guide.md +136 -0
  40. package/assets/slopmachine/scaffold-playbooks/go-chi-default.md +160 -0
  41. package/assets/slopmachine/scaffold-playbooks/ios-linux-portable.md +93 -0
  42. package/assets/slopmachine/scaffold-playbooks/ios-native-objective-c.md +151 -0
  43. package/assets/slopmachine/scaffold-playbooks/ios-native-swift.md +188 -0
  44. package/assets/slopmachine/scaffold-playbooks/laravel-default.md +216 -0
  45. package/assets/slopmachine/scaffold-playbooks/livewire-default.md +265 -0
  46. package/assets/slopmachine/scaffold-playbooks/overlay-module-matrix.md +130 -0
  47. package/assets/slopmachine/scaffold-playbooks/platform-family-matrix.md +79 -0
  48. package/assets/slopmachine/scaffold-playbooks/selection-matrix.md +72 -0
  49. package/assets/slopmachine/scaffold-playbooks/spring-boot-default.md +182 -0
  50. package/assets/slopmachine/scaffold-playbooks/tauri-default.md +80 -0
  51. package/assets/slopmachine/scaffold-playbooks/vue-vite-default.md +162 -0
  52. package/assets/slopmachine/scaffold-playbooks/web-default.md +96 -0
  53. package/assets/slopmachine/templates/AGENTS.md +41 -3
  54. package/assets/slopmachine/templates/CLAUDE.md +111 -0
  55. package/assets/slopmachine/test-coverage-prompt.md +561 -0
  56. package/assets/slopmachine/utils/claude_create_session.mjs +3 -2
  57. package/assets/slopmachine/utils/claude_live_channel.mjs +188 -0
  58. package/assets/slopmachine/utils/claude_live_common.mjs +411 -0
  59. package/assets/slopmachine/utils/claude_live_hook.py +47 -0
  60. package/assets/slopmachine/utils/claude_live_launch.mjs +187 -0
  61. package/assets/slopmachine/utils/claude_live_status.mjs +25 -0
  62. package/assets/slopmachine/utils/claude_live_stop.mjs +46 -0
  63. package/assets/slopmachine/utils/claude_live_turn.mjs +277 -0
  64. package/assets/slopmachine/utils/claude_resume_session.mjs +3 -2
  65. package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.mjs +23 -0
  66. package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.sh +5 -0
  67. package/assets/slopmachine/utils/claude_worker_common.mjs +361 -4
  68. package/assets/slopmachine/utils/cleanup_delivery_artifacts.py +4 -0
  69. package/assets/slopmachine/utils/export_ai_session.mjs +1 -1
  70. package/assets/slopmachine/utils/normalize_claude_session.py +153 -0
  71. package/assets/slopmachine/utils/package_claude_session.mjs +123 -0
  72. package/assets/slopmachine/utils/prepare_strict_audit_workspace.mjs +65 -0
  73. package/package.json +1 -1
  74. package/src/constants.js +42 -3
  75. package/src/init.js +173 -28
  76. package/src/install.js +156 -8
  77. package/src/send-data.js +56 -57
@@ -0,0 +1,182 @@
1
+ # Spring Boot Default Scaffold Playbook
2
+
3
+ Use this playbook when the prompt explicitly asks for Spring Boot, Java backend conventions, or a JVM-first backend baseline.
4
+
5
+ ## Goal
6
+
7
+ Create a Spring Boot scaffold baseline that:
8
+
9
+ - starts from the official Spring Initializr bootstrap path
10
+ - keeps defaults pinned and boring
11
+ - proves one real API plus one real persistence path
12
+ - exposes `docker compose up --build` as the runtime contract
13
+ - exposes `./run_tests.sh` as the broad containerized verification path
14
+ - stays baseline-only and honest about exclusions
15
+
16
+ Verified lab: `/Users/yohannesakd/code/eaglepoint/demonstration/scaffold-lab/spring-boot-baseline`
17
+
18
+ ## Chosen baseline defaults
19
+
20
+ - Spring Boot `3.5.13`
21
+ - Java `21`
22
+ - Maven Wrapper `3.9.14`
23
+ - dependencies: `web`, `actuator`, `data-jpa`, `validation`, `h2`
24
+ - database pattern: file-backed H2 stored in Docker-managed volumes
25
+
26
+ Why these defaults:
27
+
28
+ - Spring Initializr is the official bootstrap path and yields the wrapper, parent BOM, and baseline Maven layout cleanly
29
+ - Spring Boot `3.5.x` is the safer practical line than jumping straight to Boot `4.x` for a neutral baseline
30
+ - Java `21` is a current LTS choice with wide container availability
31
+ - H2 file mode gives real persistence without introducing credentials or a second infrastructure service
32
+
33
+ ## Official bootstrap command
34
+
35
+ Use the official starter generator, then adapt only what is needed for Docker, DB wiring, tests, and README honesty:
36
+
37
+ ```bash
38
+ curl -fsSL "https://start.spring.io/starter.zip?type=maven-project&language=java&bootVersion=3.5.13&baseDir=spring-boot-baseline&groupId=com.eaglepoint&artifactId=spring-boot-baseline&name=spring-boot-baseline&description=Verified%20Spring%20Boot%20baseline%20lab&packageName=com.eaglepoint.springbaseline&packaging=jar&javaVersion=21&dependencies=web,actuator,data-jpa,h2,validation" -o /tmp/spring-boot-baseline.zip
39
+ unzip -q /tmp/spring-boot-baseline.zip -d .
40
+ ```
41
+
42
+ ## Safe config / database pattern
43
+
44
+ - do not require `.env`
45
+ - import optional runtime config from `/runtime/config/application-runtime.properties`
46
+ - generate that file at container startup and before containerized tests
47
+ - point Spring Data at `jdbc:h2:file:/runtime/db/spring-boot-baseline...`
48
+ - keep runtime config and DB files in named Docker volumes
49
+ - expose only the app port to loopback with a random host port
50
+
51
+ This is the recommended local-only baseline when the prompt does not require Postgres/MySQL yet.
52
+
53
+ ## Docker / Compose pattern
54
+
55
+ - `compose.yaml` with one `app` service and one `test` service behind the `test` profile
56
+ - multi-stage Dockerfile: Maven test/build stages plus a smaller runtime stage
57
+ - real app healthcheck against `http://127.0.0.1:8080/actuator/health`
58
+ - host port binding: `127.0.0.1::8080`
59
+ - named volumes for runtime config and file-backed H2 state
60
+
61
+ ## Minimum API surface
62
+
63
+ At scaffold time include at least:
64
+
65
+ - `GET /health` proving app boot and DB query success
66
+ - `POST /items` creating one persisted record
67
+ - `GET /items` listing persisted records
68
+
69
+ This is enough to prove API routing, JSON handling, persistence, and Docker readiness without pretending the app is product-ready.
70
+
71
+ ## Minimum test floor
72
+
73
+ - `./run_tests.sh` must start the app container, wait for health, and smoke the real routes with `curl`
74
+ - the test container must run `./mvnw -q verify`
75
+ - JUnit tests should use `@SpringBootTest(webEnvironment = RANDOM_PORT)` or equivalent so HTTP and DB wiring are both exercised
76
+
77
+ ## README requirements
78
+
79
+ `README.md` must explicitly state:
80
+
81
+ - that the scaffold is baseline-only
82
+ - the pinned Spring Boot / Java / Maven defaults
83
+ - required runtime command: `docker compose up --build`
84
+ - required broad test command: `./run_tests.sh`
85
+ - how the runtime config file is generated without `.env`
86
+ - why H2 file mode is the chosen default database pattern
87
+ - what is intentionally excluded
88
+
89
+ ## Verification commands actually run
90
+
91
+ Experimentally verified: **yes**.
92
+
93
+ Commands run in `/Users/yohannesakd/code/eaglepoint/demonstration/scaffold-lab/spring-boot-baseline`:
94
+
95
+ ```bash
96
+ docker compose build
97
+ docker compose up --build -d && docker compose ps && docker compose port app 8080
98
+ python3 - <<'PY'
99
+ import json, time, urllib.request
100
+ base = 'http://127.0.0.1:32785'
101
+ last_error = None
102
+ for _ in range(60):
103
+ try:
104
+ with urllib.request.urlopen(base + '/health', timeout=5) as response:
105
+ payload = json.load(response)
106
+ if payload.get('status') == 'ok' and payload.get('database') == 'ok':
107
+ print('HEALTH', json.dumps(payload, separators=(',', ':')))
108
+ break
109
+ except Exception as exc:
110
+ last_error = exc
111
+ time.sleep(2)
112
+ else:
113
+ raise SystemExit(f'Health endpoint never became ready: {last_error}')
114
+
115
+ req = urllib.request.Request(base + '/items', data=b'{"name":"manual-smoke-item"}', headers={'Content-Type': 'application/json'}, method='POST')
116
+ with urllib.request.urlopen(req, timeout=5) as response:
117
+ created = json.load(response)
118
+ print('CREATE', json.dumps(created, separators=(',', ':')))
119
+ with urllib.request.urlopen(base + '/items', timeout=5) as response:
120
+ items = json.load(response)
121
+ print('LIST', json.dumps(items, separators=(',', ':')))
122
+ PY
123
+ docker compose down --volumes --remove-orphans
124
+ ./run_tests.sh
125
+ python3 - <<'PY'
126
+ import json
127
+ import signal
128
+ import subprocess
129
+ import time
130
+ import urllib.request
131
+
132
+ cwd = '/Users/yohannesakd/code/eaglepoint/demonstration/scaffold-lab/spring-boot-baseline'
133
+ proc = subprocess.Popen(['docker', 'compose', 'up', '--build'], cwd=cwd)
134
+ error = None
135
+ try:
136
+ deadline = time.time() + 240
137
+ while time.time() < deadline:
138
+ try:
139
+ port_output = subprocess.check_output(['docker', 'compose', 'port', 'app', '8080'], cwd=cwd, stderr=subprocess.DEVNULL, text=True).strip()
140
+ if port_output:
141
+ host, port = port_output.rsplit(':', 1)
142
+ base_url = f'http://127.0.0.1:{port}'
143
+ with urllib.request.urlopen(base_url + '/health', timeout=3) as response:
144
+ payload = json.load(response)
145
+ if payload.get('status') == 'ok' and payload.get('database') == 'ok':
146
+ print(f'interactive compose reached ready health at {base_url}')
147
+ break
148
+ except Exception as exc:
149
+ error = exc
150
+ time.sleep(2)
151
+ else:
152
+ raise RuntimeError(f'interactive docker compose up --build never reached readiness: {error}')
153
+ finally:
154
+ proc.send_signal(signal.SIGINT)
155
+ try:
156
+ proc.wait(timeout=30)
157
+ except subprocess.TimeoutExpired:
158
+ proc.kill()
159
+ proc.wait(timeout=30)
160
+ subprocess.run(['docker', 'compose', 'down', '--volumes', '--remove-orphans'], cwd=cwd, check=True)
161
+ PY
162
+ docker compose --profile test run --rm test sh -lc 'sh /workspace/scripts/bootstrap_config.sh && ./mvnw -U test'
163
+ docker compose down --volumes --remove-orphans
164
+ ```
165
+
166
+ Observed results:
167
+
168
+ - `docker compose up --build -d` published the app on `127.0.0.1:32785`
169
+ - smoke verification returned healthy JSON plus a persisted `manual-smoke-item`
170
+ - `./run_tests.sh` passed and printed `Spring Boot baseline smoke and container tests passed at http://127.0.0.1:32787`
171
+ - interactive `docker compose up --build` reached ready health at `http://127.0.0.1:32789`
172
+ - `docker compose --profile test run --rm test ... ./mvnw -U test` reported `Tests run: 2, Failures: 0, Errors: 0, Skipped: 0` and `BUILD SUCCESS`
173
+
174
+ ## Acceptance checklist
175
+
176
+ Baseline is acceptable when:
177
+
178
+ - `docker compose up --build` works
179
+ - `./run_tests.sh` works
180
+ - a real API route and a real persistence route are verified
181
+ - the Docker path does not require `.env`
182
+ - the README is honest about scope and exclusions
@@ -0,0 +1,80 @@
1
+ # Tauri Default Scaffold Playbook
2
+
3
+ Use this playbook only when the prompt explicitly requires Tauri or the existing repo is already Tauri-based.
4
+
5
+ ## Current status
6
+
7
+ This family is now **experimentally verified** for an honest Linux Docker baseline.
8
+
9
+ Verified lab:
10
+
11
+ - `/Users/yohannesakd/code/eaglepoint/demonstration/scaffold-lab/tauri-baseline`
12
+
13
+ ## What was achieved in the verified lab
14
+
15
+ The verified lab now proves all of the following:
16
+
17
+ - Tauri + Vite + TypeScript scaffold exists
18
+ - Rust shell under `src-tauri/` exists
19
+ - Dockerfile and Compose report-service strategy exist
20
+ - `run_tests.sh` exists
21
+ - built frontend assets exist under `dist/`
22
+ - verification helper scripts exist under `.docker/`
23
+ - README documents a plausible Linux Docker verification boundary
24
+ - `docker compose up --build --wait` reaches a stable healthy report service
25
+ - containerized `./run_tests.sh` passes
26
+ - a Linux `.deb` bundle is generated and preserved under the verified artifact path
27
+ - the packaged Tauri binary passes the documented headless smoke path
28
+
29
+ ## Safe default stack
30
+
31
+ - Tauri `2.x`
32
+ - Vite `8.x`
33
+ - TypeScript `6.x`
34
+ - Rust stable compatible with the chosen Tauri version
35
+
36
+ ## Runtime contract
37
+
38
+ - required Docker command: `docker compose up --build`
39
+ - required broad test command: `./run_tests.sh`
40
+ - both are now confirmed working in the verified lab
41
+
42
+ ## Intended Docker strategy
43
+
44
+ This family should follow the desktop shared contract with a Tauri-specific interpretation:
45
+
46
+ 1. build frontend assets inside Docker
47
+ 2. compile the Rust/Tauri shell inside Docker
48
+ 3. produce a meaningful Linux-side artifact or bundle
49
+ 4. run one honest Linux smoke/proof path if feasible
50
+ 5. converge Compose to a stable report/support service rather than a one-shot exited container
51
+
52
+ ## Honest Linux proof boundary
53
+
54
+ For the verified Linux baseline, Docker honestly proves only:
55
+
56
+ - Tauri frontend builds
57
+ - Rust shell compiles
58
+ - Linux-side bundle/build path works
59
+ - any documented smoke path actually runs
60
+
61
+ It should **not** claim full cross-platform desktop UX proof outside Linux.
62
+
63
+ ## Verified rerun evidence
64
+
65
+ The successful rerun established these concrete facts:
66
+
67
+ - the multi-stage Docker build completed end-to-end
68
+ - `npm run test:unit` passed
69
+ - `npx tauri build --bundles deb --ci` passed
70
+ - `cargo test --release --manifest-path src-tauri/Cargo.toml` passed
71
+ - the headless smoke path passed under `dbus-run-session` + `Xvfb`
72
+ - verification artifacts were copied out of the cache-mounted build target into `.verified/`
73
+ - the final Compose service reached `Healthy`
74
+ - `./run_tests.sh` returned a verified summary endpoint
75
+
76
+ ## Guidance
77
+
78
+ - treat Tauri as explicit opt-in only
79
+ - do not auto-select it for open-ended desktop work yet because Electron remains the lighter generic default
80
+ - it is now safe to treat this family as experimentally verified rather than partial
@@ -0,0 +1,162 @@
1
+ # Vue Vite Default Scaffold Playbook
2
+
3
+ Use this when the prompt explicitly wants a Vue frontend on top of Vite and does not already require a broader runtime such as Nuxt.
4
+
5
+ ## Decision summary
6
+
7
+ - **chosen default:** Vue 3 + Vite + TypeScript via `create-vue`
8
+ - **why:** official Vue-owned bootstrap path, easy to keep baseline-only, and straightforward to verify with Docker plus Vitest component tests
9
+ - **verified runtime:** `docker compose up --build`
10
+ - **verified broad test path:** `./run_tests.sh`
11
+ - **experimentally verified lab:** `/Users/yohannesakd/code/eaglepoint/demonstration/scaffold-lab/vue-vite-baseline`
12
+
13
+ ## Official bootstrap matrix
14
+
15
+ | Stack | Official/bootstrap path | Good fit | Why not the default prototype here |
16
+ | --- | --- | --- | --- |
17
+ | Vue + Vite via `create-vue` | `npm create vue@latest <project-name> -- --ts --vitest --eslint --bare` | Best Vue-first SPA baseline with first-party feature flags | Chosen default |
18
+ | Vite Vue TypeScript template | `npm create vite@latest <project-name> -- --template vue-ts` | Good fallback when only a raw Vue/Vite template is needed | Slightly less aligned with Vue's recommended starter path |
19
+ | Nuxt | `npm exec nuxi@latest init <project-name>` | Best when SSR, file routing, or server APIs are required | Larger runtime model than a baseline SPA needs |
20
+
21
+ ## Evidence basis for the matrix
22
+
23
+ - Vue docs recommend `npm create vue@latest` for scaffolding a Vue SPA locally.
24
+ - The `create-vue` repository describes itself as the recommended way to start a Vite-powered Vue project and documents feature flags such as `--ts`, `--vitest`, `--eslint`, and `--bare`.
25
+ - Vite docs document `npm create vite@latest <project-name> -- --template vue` / `vue-ts` as the direct template path and surface the Vue starter as the official Vue option.
26
+
27
+ For a **Vue-specific frontend baseline**, the safest verified prototype is the smallest official Vue-owned starter that still prewires type-checking, linting, and unit tests. That is `create-vue` with `--ts --vitest --eslint --bare` here.
28
+
29
+ ## Chosen default stack and version pins
30
+
31
+ Verified prototype pins:
32
+
33
+ - Node image: `node:22.21.1-alpine3.22`
34
+ - Vue: `3.5.32`
35
+ - Vite: `8.0.8`
36
+ - TypeScript: `6.0.2`
37
+ - `@vitejs/plugin-vue`: `6.0.6`
38
+ - Vitest: `4.1.4`
39
+ - `@vue/test-utils`: `2.4.6`
40
+ - ESLint: `10.2.0`
41
+ - `@vue/eslint-config-typescript`: `14.7.0`
42
+ - `@vitest/eslint-plugin`: `1.6.15`
43
+ - `oxlint`: `1.57.0`
44
+ - `vue-tsc`: `3.2.6`
45
+ - `jsdom`: `29.0.2`
46
+
47
+ Compatibility pins used in this verified lab:
48
+
49
+ - `@emnapi/core`: `1.9.2`
50
+ - `@emnapi/runtime`: `1.9.2`
51
+ - `@rolldown/binding-darwin-arm64`: `1.0.0-rc.15` as an optional dependency for current macOS arm64 local installs
52
+
53
+ ## Safe defaults
54
+
55
+ - no `.env` file required
56
+ - no secrets committed
57
+ - baseline-only SPA, not a feature-complete product
58
+ - no router, state store, API client, SSR, or E2E browser tooling by default
59
+ - Docker host port bound to `127.0.0.1` with a random host port to reduce local collisions
60
+ - healthcheck required before the smoke step proceeds
61
+ - exact dependency versions pinned in `package.json` and `package-lock.json`
62
+
63
+ ## Docker / Compose pattern
64
+
65
+ Recommended baseline pattern:
66
+
67
+ 1. **multi-stage Dockerfile**
68
+ - shared `npm ci` base
69
+ - `development` target runs `vite` on `0.0.0.0:5173`
70
+ - `verify` target runs `npm run verify`
71
+ 2. **Compose services**
72
+ - `web` service for `docker compose up --build`
73
+ - `test` service behind a `test` profile for containerized verification
74
+ 3. **port strategy**
75
+ - expose only the app port
76
+ - prefer `127.0.0.1::5173` so parallel local worktrees do not collide
77
+ 4. **health strategy**
78
+ - wait for `wget http://127.0.0.1:5173` healthcheck before curl smoke tests
79
+
80
+ ## Testing baseline
81
+
82
+ Minimum real testing floor for this playbook:
83
+
84
+ - Vitest component tests
85
+ - Vue Test Utils rendering assertions
86
+ - one small interaction test (`Show verification commands` toggle)
87
+ - one containerized smoke check that confirms the app shell is served through Compose
88
+ - one containerized broad path that runs lint + unit tests + production build
89
+
90
+ Suggested scripts:
91
+
92
+ - `npm run test:unit`
93
+ - `npm run verify`
94
+ - `./run_tests.sh`
95
+
96
+ `./run_tests.sh` should:
97
+
98
+ 1. build Docker images
99
+ 2. start `web`
100
+ 3. wait for health
101
+ 4. `curl` the served HTML shell
102
+ 5. run the `test` profile container
103
+ 6. tear down cleanly
104
+
105
+ ## README requirements
106
+
107
+ The scaffold `README.md` should explicitly state:
108
+
109
+ - that this is a **baseline scaffold**
110
+ - chosen stack and why it was picked
111
+ - exact bootstrap command used
112
+ - `docker compose up --build`
113
+ - `./run_tests.sh`
114
+ - any optional local iteration commands
115
+ - what is included now vs intentionally deferred
116
+ - no `.env` / no secrets policy
117
+ - main files worth reusing later
118
+
119
+ ## Verification commands actually run in the verified prototype
120
+
121
+ User-facing commands verified:
122
+
123
+ ```bash
124
+ npm create vue@latest vue-vite-baseline -- --ts --vitest --eslint --bare
125
+ npm install
126
+ npm run verify
127
+ docker compose up --build
128
+ ./run_tests.sh
129
+ ```
130
+
131
+ Supporting commands used during verification:
132
+
133
+ ```bash
134
+ docker compose port web 5173
135
+ curl -fsS http://127.0.0.1:<mapped-port>
136
+ docker compose down --remove-orphans
137
+ ```
138
+
139
+ Observed verification results in the prototype lab:
140
+
141
+ - local `npm run verify`: passed
142
+ - containerized `./run_tests.sh`: passed
143
+ - runtime `docker compose up --build`: passed and served the app shell
144
+
145
+ ## Known caveats
146
+
147
+ - The curl smoke check validates the served HTML shell, not hydrated browser DOM behavior. Keep Vitest component tests for actual UI assertions.
148
+ - `create-vue` is interactive by default; the verified baseline uses feature flags so the scaffold stays reproducible and baseline-only.
149
+ - Nuxt remains a documented alternative, not the verified prototype, because its runtime model is intentionally broader than a baseline SPA.
150
+
151
+ ## What to reuse later
152
+
153
+ Reuse these parts directly for later Vue frontend prompts:
154
+
155
+ - the official `create-vue` bootstrap path with baseline-only flags
156
+ - the multi-stage Dockerfile pattern
157
+ - random localhost host-port mapping
158
+ - healthcheck + curl smoke test flow
159
+ - `./run_tests.sh` as the canonical broad-path wrapper
160
+ - the README honesty checklist
161
+
162
+ Do **not** treat this playbook as a signal to pre-add routing, Pinia, auth, API clients, or E2E browsers unless the prompt explicitly needs them.
@@ -0,0 +1,96 @@
1
+ # Web Default Scaffold Playbook
2
+
3
+ Use this playbook for web frontend, backend, or fullstack requests unless the prompt or existing repo clearly requires a different runtime model.
4
+
5
+ ## Goal
6
+
7
+ Create a simple web baseline that:
8
+
9
+ - uses the requested framework or safest default bootstrap path
10
+ - runs through one honest primary runtime contract
11
+ - exposes one portable broad test command
12
+ - wires required baseline technologies without starting product-specific feature work
13
+
14
+ ## Runtime contract
15
+
16
+ - required runtime command: `docker compose up --build`
17
+ - required broad test command: `./run_tests.sh`
18
+ - both commands must be real and working
19
+
20
+ ## Bootstrap rule
21
+
22
+ - use the official or best-known bootstrap command for the requested web framework
23
+ - if the prompt leaves the framework open, choose the safest maintained default for the requested surface
24
+ - after bootstrap, adapt only enough to make the runtime, test path, config path, and README honest
25
+
26
+ ## Required scripts
27
+
28
+ - `./run_tests.sh`
29
+ - `./init_db.sh` when the project has database dependencies
30
+
31
+ ## Safe defaults
32
+
33
+ - no `.env` files in the repo
34
+ - no hardcoded secrets
35
+ - Docker runtime is mandatory for web delivery
36
+ - only app-facing services exposed to host by default
37
+ - internal services kept off host ports unless genuinely needed
38
+ - `COMPOSE_PROJECT_NAME` namespaced cleanly when Docker is used
39
+
40
+ ## Baseline structure
41
+
42
+ - app/runtime entrypoints are real
43
+ - test tooling is installed
44
+ - config flow is explicit
45
+ - logging/validation baseline exists where the stack obviously needs it
46
+ - repo `README.md` is honest from day one
47
+
48
+ ## `./run_tests.sh`
49
+
50
+ For the default Docker-first model, `./run_tests.sh` should own the portable broad path and remain runnable on a clean Linux machine with Docker and curl.
51
+
52
+ Typical baseline coverage:
53
+
54
+ - install/build health
55
+ - lint or typecheck when applicable
56
+ - one or more real baseline tests
57
+ - app or API smoke-level verification
58
+
59
+ ## Minimal real test floor
60
+
61
+ At scaffold, include at least:
62
+
63
+ - one real unit or route/component test
64
+ - one real smoke-level proof that the chosen framework wiring works
65
+ - one real broad-path build/test invocation in `./run_tests.sh`
66
+
67
+ Do not leave the broad path mostly empty.
68
+
69
+ ## README floor
70
+
71
+ `README.md` must already state:
72
+
73
+ - scaffold status versus implemented scope
74
+ - required Docker command: `docker compose up --build`
75
+ - broad test command
76
+ - main repo layout
77
+ - any mock/local-only or scaffold honesty boundaries
78
+
79
+ ## Common pitfalls
80
+
81
+ - pretending a non-Docker web runtime is acceptable as the final baseline contract
82
+ - checked-in `.env` files
83
+ - hardcoded secret literals in Compose or startup scripts
84
+ - exposing every service port to host by default
85
+ - generating a giant scaffold with almost no real tests
86
+
87
+ ## Acceptance checklist
88
+
89
+ Scaffold is acceptable when:
90
+
91
+ - `docker compose up --build` works
92
+ - `./run_tests.sh` works
93
+ - required baseline technologies are wired
94
+ - minimal real tests exist
95
+ - README is honest
96
+ - no `.env` or hardcoded secret residue exists
@@ -16,6 +16,28 @@ This file is the repo-local engineering rulebook for `slopmachine` projects.
16
16
  - Work in meaningful vertical slices.
17
17
  - Do not call work complete while it is still shaky.
18
18
  - Reuse and extend shared cross-cutting patterns instead of inventing incompatible local ones.
19
+ - Before coding, identify the actors or personas touched by the change and the concrete path to success for each one.
20
+ - Make important business rules explicit before coding: defaults, limits, allowed transitions, uniqueness, conflicts, reversals, retries, and ownership rules when they matter.
21
+ - When the product has meaningful workflow state, define or confirm the relevant state machine before treating the flow as implemented.
22
+ - Keep a concrete out-of-scope boundary in mind so you do not overbuild speculative features.
23
+ - Do not introduce convenience-based `v1` scope cuts, role simplifications, or workflow omissions unless they were explicitly authorized.
24
+ - When backend or fullstack API endpoints are added or changed, prefer real HTTP tests for the exact `METHOD + PATH` over controller or service bypasses when practical.
25
+ - If mocked HTTP tests or unit-only tests still exist for an API surface, do not overstate them as equivalent to true no-mock endpoint coverage.
26
+
27
+ ## Requirements Fidelity
28
+
29
+ - Preserve the full prompt intent, including implied business constraints.
30
+ - Do not weaken required actor models, operator flows, security controls, or lifecycle behavior for implementation convenience.
31
+ - If a requirement is ambiguous, choose the safest prompt-faithful behavior or surface the ambiguity instead of guessing lazily.
32
+ - If the feature depends on business rules, make those rules traceable in code, tests, and `README.md` rather than leaving them implicit.
33
+
34
+ ## Architecture Rules
35
+
36
+ - For backend or fullstack projects, route configuration through a central config module instead of scattering direct environment reads through business logic.
37
+ - Keep database operations, business logic, transport layers, and UI surfaces separated clearly enough for static review.
38
+ - Use a shared logging path and shared validation/error-normalization path when the project is large enough for those concerns to matter.
39
+ - When a third-party service is required but real integration is not explicitly demanded, prefer an internal stub or adaptor boundary over shipping brittle real credentials or uncontrolled external dependencies.
40
+ - If a feature requires auth or privileged access, enforce it across route, controller or handler, and object scope where applicable.
19
41
 
20
42
  ## Runtime And Verification
21
43
 
@@ -26,8 +48,9 @@ This file is the repo-local engineering rulebook for `slopmachine` projects.
26
48
  - During ordinary development slices, do not run Docker runtime commands, browser E2E, Playwright, full test suites, or `./run_tests.sh`.
27
49
  - Use targeted local tests during ordinary development slices and leave browser E2E plus broad-gate commands for later comprehensive verification.
28
50
  - When API tests are material, make them hit real endpoints and print simple useful response evidence such as status codes and message/body summaries.
29
- - For web projects, default the runtime contract to `docker compose up --build` unless the prompt or existing repository clearly dictates another model.
30
- - When `docker compose up --build` is not the runtime contract, provide `./run_app.sh` as the single primary runtime wrapper.
51
+ - For web projects, require the runtime contract to be `docker compose up --build`.
52
+ - For Android, mobile, desktop, and iOS-targeted projects, also require a meaningful `docker compose up --build` command even when platform-specific runtime proof differs from web semantics.
53
+ - For non-web projects, `./run_app.sh` may exist as a helper wrapper, but it does not replace the required Docker command.
31
54
  - If the project has database dependencies, keep `./init_db.sh` as the only project-standard database initialization path.
32
55
 
33
56
  ## Documentation Rules
@@ -35,17 +58,21 @@ This file is the repo-local engineering rulebook for `slopmachine` projects.
35
58
  - Keep `README.md` accurate.
36
59
  - The README must explain what the project is, what it does, how to run it, how to test it, the main repo contents, and any important information a new developer needs immediately.
37
60
  - The README must also explain the delivered architecture and major implementation structure clearly enough for review and handoff.
38
- - The README must clearly document whether the primary runtime command is `docker compose up --build` or `./run_app.sh`.
61
+ - The README must include project type near the top, startup instructions, access method, verification method, and demo credentials for every role or the exact statement `No authentication required`.
62
+ - The README must clearly document the required Docker command `docker compose up --build` and any additional helper runtime wrapper such as `./run_app.sh` when present.
39
63
  - The README must clearly document `./run_tests.sh` as the broad test command.
64
+ - For backend, fullstack, and web projects, the README should also contain the exact legacy compatibility string `docker-compose up` somewhere in startup guidance without replacing the canonical runtime contract.
40
65
  - The README must stand on its own for basic codebase use.
41
66
  - Keep `README.md` as the only documentation file inside the repo unless the user explicitly asks for something else.
42
67
  - Treat `README.md` as the primary documentation surface inside the repo.
43
68
  - The repo should be statically reviewable by a fresh reviewer: entry points, routes, config, test commands, and major module boundaries should be traceable from repository artifacts.
69
+ - The README should name the important actors, the main success paths, major limitations or out-of-scope boundaries, and any non-obvious business rules that affect usage.
44
70
  - If the project uses mock, stub, fake, interception, or local-data behavior, the README must disclose that scope accurately.
45
71
  - If mock or interception behavior is enabled by default, the README must say so clearly.
46
72
  - Feature flags, debug/demo surfaces, default enabled states, and mock/interception defaults must be disclosed in `README.md` when they exist.
47
73
  - Do not let a mock-only or local-data-only project look like undisclosed real backend or production integration.
48
74
  - Do not hide missing failure handling behind fake-success paths.
75
+ - Before final delivery, remove local-only setup traces and host-only dependency assumptions from the README and wrapper scripts.
49
76
 
50
77
  ## Secret And Runtime Rules
51
78
 
@@ -67,6 +94,17 @@ This file is the repo-local engineering rulebook for `slopmachine` projects.
67
94
  - Do not leave placeholder, setup, debug, or demo content in product-facing UI.
68
95
  - If a real user-facing or admin-facing surface is required, build that surface instead of bypassing it with API shortcuts.
69
96
  - Treat missing real surfaces as incomplete implementation.
97
+ - If multiple roles or personas exist, implement the real role-aware surfaces and permissions rather than collapsing them into a single generic flow.
98
+ - Do not replace prompt-required interaction models, lifecycle behavior, or data-integrity rules with easier substitutes unless explicitly authorized.
99
+
100
+ ## Security And Reliability Rules
101
+
102
+ - When multiple roles or privileged actions exist, use RBAC or stronger scoped authorization as required by the actual product behavior.
103
+ - Enforce object-level authorization when users should only see or mutate their own records.
104
+ - Keep sensitive data out of logs, errors, screenshots, and seeded runtime values.
105
+ - Return normalized user-safe errors; do not expose raw stack traces or internal file paths in normal product surfaces.
106
+ - Make request logging, exception logging, and background failure logging meaningful enough for operators to understand what failed without leaking secrets.
107
+ - If offline, queueing, retries, jobs, or resumability matter, implement explicit states and recovery behavior instead of vague best-effort logic.
70
108
 
71
109
  ## Rulebook Files
72
110