theslopmachine 0.6.2 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/MANUAL.md +21 -6
  2. package/README.md +55 -7
  3. package/RELEASE.md +16 -1
  4. package/assets/agents/developer.md +41 -1
  5. package/assets/agents/slopmachine-claude.md +101 -60
  6. package/assets/agents/slopmachine.md +40 -17
  7. package/assets/claude/agents/developer.md +42 -5
  8. package/assets/skills/clarification-gate/SKILL.md +25 -5
  9. package/assets/skills/claude-worker-management/SKILL.md +290 -57
  10. package/assets/skills/developer-session-lifecycle/SKILL.md +83 -38
  11. package/assets/skills/development-guidance/SKILL.md +21 -1
  12. package/assets/skills/evaluation-triage/SKILL.md +34 -23
  13. package/assets/skills/final-evaluation-orchestration/SKILL.md +88 -50
  14. package/assets/skills/hardening-gate/SKILL.md +17 -3
  15. package/assets/skills/integrated-verification/SKILL.md +3 -3
  16. package/assets/skills/planning-gate/SKILL.md +32 -3
  17. package/assets/skills/planning-guidance/SKILL.md +72 -13
  18. package/assets/skills/retrospective-analysis/SKILL.md +2 -2
  19. package/assets/skills/scaffold-guidance/SKILL.md +129 -124
  20. package/assets/skills/submission-packaging/SKILL.md +33 -27
  21. package/assets/skills/verification-gates/SKILL.md +44 -14
  22. package/assets/slopmachine/backend-evaluation-prompt.md +1 -1
  23. package/assets/slopmachine/frontend-evaluation-prompt.md +5 -5
  24. package/assets/slopmachine/scaffold-playbooks/android-kotlin-compose.md +81 -0
  25. package/assets/slopmachine/scaffold-playbooks/android-kotlin-views.md +191 -0
  26. package/assets/slopmachine/scaffold-playbooks/android-native-java.md +203 -0
  27. package/assets/slopmachine/scaffold-playbooks/angular-default.md +181 -0
  28. package/assets/slopmachine/scaffold-playbooks/backend-baseline.md +142 -0
  29. package/assets/slopmachine/scaffold-playbooks/backend-family-matrix.md +80 -0
  30. package/assets/slopmachine/scaffold-playbooks/database-module-matrix.md +80 -0
  31. package/assets/slopmachine/scaffold-playbooks/django-default.md +166 -0
  32. package/assets/slopmachine/scaffold-playbooks/docker-baseline.md +189 -0
  33. package/assets/slopmachine/scaffold-playbooks/docker-shared-contract.md +334 -0
  34. package/assets/slopmachine/scaffold-playbooks/electron-vite-default.md +124 -0
  35. package/assets/slopmachine/scaffold-playbooks/expo-react-native-default.md +73 -0
  36. package/assets/slopmachine/scaffold-playbooks/fastapi-default.md +134 -0
  37. package/assets/slopmachine/scaffold-playbooks/frontend-baseline.md +160 -0
  38. package/assets/slopmachine/scaffold-playbooks/frontend-family-matrix.md +134 -0
  39. package/assets/slopmachine/scaffold-playbooks/generic-unknown-tech-guide.md +136 -0
  40. package/assets/slopmachine/scaffold-playbooks/go-chi-default.md +160 -0
  41. package/assets/slopmachine/scaffold-playbooks/ios-linux-portable.md +93 -0
  42. package/assets/slopmachine/scaffold-playbooks/ios-native-objective-c.md +151 -0
  43. package/assets/slopmachine/scaffold-playbooks/ios-native-swift.md +188 -0
  44. package/assets/slopmachine/scaffold-playbooks/laravel-default.md +216 -0
  45. package/assets/slopmachine/scaffold-playbooks/livewire-default.md +265 -0
  46. package/assets/slopmachine/scaffold-playbooks/overlay-module-matrix.md +130 -0
  47. package/assets/slopmachine/scaffold-playbooks/platform-family-matrix.md +79 -0
  48. package/assets/slopmachine/scaffold-playbooks/selection-matrix.md +72 -0
  49. package/assets/slopmachine/scaffold-playbooks/spring-boot-default.md +182 -0
  50. package/assets/slopmachine/scaffold-playbooks/tauri-default.md +80 -0
  51. package/assets/slopmachine/scaffold-playbooks/vue-vite-default.md +162 -0
  52. package/assets/slopmachine/scaffold-playbooks/web-default.md +96 -0
  53. package/assets/slopmachine/templates/AGENTS.md +41 -3
  54. package/assets/slopmachine/templates/CLAUDE.md +111 -0
  55. package/assets/slopmachine/test-coverage-prompt.md +561 -0
  56. package/assets/slopmachine/utils/claude_create_session.mjs +3 -2
  57. package/assets/slopmachine/utils/claude_live_channel.mjs +188 -0
  58. package/assets/slopmachine/utils/claude_live_common.mjs +411 -0
  59. package/assets/slopmachine/utils/claude_live_hook.py +47 -0
  60. package/assets/slopmachine/utils/claude_live_launch.mjs +187 -0
  61. package/assets/slopmachine/utils/claude_live_status.mjs +25 -0
  62. package/assets/slopmachine/utils/claude_live_stop.mjs +46 -0
  63. package/assets/slopmachine/utils/claude_live_turn.mjs +277 -0
  64. package/assets/slopmachine/utils/claude_resume_session.mjs +3 -2
  65. package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.mjs +23 -0
  66. package/assets/slopmachine/utils/claude_wait_for_rate_limit_reset.sh +5 -0
  67. package/assets/slopmachine/utils/claude_worker_common.mjs +361 -4
  68. package/assets/slopmachine/utils/cleanup_delivery_artifacts.py +4 -0
  69. package/assets/slopmachine/utils/export_ai_session.mjs +1 -1
  70. package/assets/slopmachine/utils/normalize_claude_session.py +153 -0
  71. package/assets/slopmachine/utils/package_claude_session.mjs +123 -0
  72. package/assets/slopmachine/utils/prepare_strict_audit_workspace.mjs +65 -0
  73. package/package.json +1 -1
  74. package/src/constants.js +42 -3
  75. package/src/init.js +173 -28
  76. package/src/install.js +156 -8
  77. package/src/send-data.js +56 -57
@@ -7,145 +7,150 @@ description: Developer-facing scaffold guidance for slopmachine.
7
7
 
8
8
  Use this skill during `P3 Scaffold` before prompting the developer.
9
9
 
10
- ## Scaffold standard
10
+ ## Core idea
11
11
 
12
- - create real foundations, not decorative boilerplate
13
- - establish the real runtime contract
14
- - establish the local verification path and the standardized gate path
15
- - make prompt-critical baseline behavior real where required
16
- - keep repo-local `README.md` honest from the start
17
- - make the selected-stack primary runtime command and the universal `./run_tests.sh` broad test command real from the scaffold stage
18
- - make the first scaffold pass strong enough that owner scaffold acceptance can rely on a narrow checklist rather than rereading the whole scaffold broadly
12
+ Scaffold is a simple baseline bootstrap step.
19
13
 
20
- For web projects using the default runtime model, scaffold must make these commands real and working before scaffold can pass:
14
+ - do not treat scaffold as early product implementation
15
+ - do not require prompt-specific business flows during scaffold unless they are necessary to choose the stack, runtime contract, required technologies, or baseline verification path
16
+ - the goal is a safe baseline that boots, tests, and documents itself honestly
17
+ - for web projects, that baseline must always include working `docker compose up --build` and containerized `./run_tests.sh`
18
+ - for Android, iOS, and desktop projects, that baseline must also include working `docker compose up --build` plus containerized `./run_tests.sh`, even when the app's true product proof is platform-specific and differs from web runtime semantics
21
19
 
22
- - `docker compose up --build`
23
- - `./run_tests.sh`
20
+ ## Scaffold contract
24
21
 
25
- ## Scaffold and foundation guidance
22
+ Scaffold should deliver only the baseline needed to start real implementation safely:
26
23
 
27
- - create the initial project structure intentionally
28
- - follow the original prompt and existing repository first; only use the package defaults below when they do not already specify the platform or stack
29
- - when the selected stack has an official or clearly best-known bootstrap command, prefer using that bootstrap path instead of hand-creating the project tree from scratch
30
- - prefer the modern recommended bootstrap variant for the chosen stack rather than an outdated minimal skeleton when the prompt leaves room
31
- - use Context7 first and targeted web research second to choose the strongest bootstrap command, starter, or tooling combination when the stack has multiple viable setup paths
32
- - treat the generator-created project as the starting foundation, then adapt and harden it to satisfy the runtime, test, E2E, security, infra, and documentation rules below
33
- - when using an official or best-known bootstrap path, make sure the resulting scaffold also installs and wires the local verification tooling needed for ordinary iteration rather than leaving test/tool setup half-finished
34
- - only hand-build the scaffold from scratch when no credible bootstrap path exists, the existing repository already dictates a different structure, or the generated scaffold would clearly fight the prompt requirements
35
- - when the prompt leaves stack or framework details open, choose defaults that maximize execution speed, ecosystem stability, onboarding quality, and compatibility with the required runtime and verification model
36
- - when the prompt leaves stack or framework details open, make the chosen default stack and bootstrap command explicit before generating the scaffold
37
- - create `./run_tests.sh` during scaffold for every project as the single broad test entrypoint
38
- - for web projects, default scaffold to Docker-first runtime foundations unless the prompt or existing repository clearly dictates another model
39
- - for web projects, make `docker compose up --build` real as the primary runtime command during scaffold unless the prompt or existing repository clearly dictates otherwise
40
- - for Dockerized web projects, create a dev-only runtime bootstrap script during scaffold and make the Docker startup path call it automatically
41
- - for Dockerized web projects, the local user should not need any manual `export ...` step before `docker compose up --build`
42
- - for Dockerized web projects, do not use `.env` files or hardcoded runtime values to satisfy local startup
43
- - for Dockerized web projects, use the bootstrap script to generate or inject local-development runtime values during startup instead of committing them to the repo
44
- - for Dockerized web projects, do not pre-seed secret literals in Compose files, config files, Dockerfiles, or startup scripts even if they are labeled dev-only, test-only, or non-production
45
- - for Dockerized web projects, if runtime values must persist across restarts, persist them only in Docker-managed runtime state rather than committed repo files
46
- - for Dockerized web projects, place a clear comment in that bootstrap script that it is for local development bootstrap only and is not the production secret-management path
47
- - when `docker compose up --build` is not the runtime contract, create `./run_app.sh` during scaffold as the single primary runtime wrapper
48
- - make `./run_tests.sh` self-sufficient from a clean Linux VM that only has Docker and curl available by default
49
- - do not rely on host package managers or preinstalled host language runtimes for the broad test path when Docker can provide the execution environment instead
50
- - for web projects using the default Docker-first runtime model, `./run_tests.sh` must execute the broad test path through Docker and should own that Dockerized test flow directly instead of requiring separate manual pre-setup
51
- - for Dockerized web projects, `./run_tests.sh` must use the same bootstrap path or an equivalent path with the same generated-value rules as `docker compose up --build`
52
- - when host-level setup would otherwise be required, prefer a Dockerized `./run_tests.sh` path so the broad test remains portable on a bare machine
53
- - for non-web or non-Docker projects, `./run_tests.sh` must execute the selected stack's platform-equivalent broad test flow while preserving the same single-command interface
54
- - local non-Docker test commands should still be installed and working for normal development iteration
55
- - for Electron or other Linux-targetable desktop projects, make `./run_tests.sh` own a Dockerized broad path that covers build, tests, packaging smoke checks, and headless UI/runtime verification through Xvfb or an equivalent Linux-capable desktop harness
56
- - for Android projects, make `./run_tests.sh` own a Dockerized broad path that covers Gradle build, lint, unit tests, and local Android JVM-side tests such as Robolectric without depending on an emulator
57
- - for iOS-targeted projects, still create `./run_tests.sh`, but make it the portable Linux verification wrapper for lint, typecheck, shared logic tests, JS/UI-level tests when applicable, and static config/build-shape validation rather than fake native iOS runtime proof
58
- - create required testing directories and baseline docs structure
59
- - create the owner-maintained external docs structure under parent-root `../docs/`
60
- - do not create documentation files inside `repo/` beyond `README.md`
61
- - put baseline config, logging, validation, and error-normalization structure in place
62
- - install and configure the local test tooling needed for ordinary iteration during scaffold rather than deferring local testing setup to later phases
63
- - create baseline test structure intentionally during scaffold so the project can grow toward at least 90 percent meaningful coverage instead of retrofitting tests late
64
- - when API tests are material, scaffold them so they hit real endpoints and print simple useful response evidence such as status codes and message/body summaries instead of hiding the real API behavior behind helper-only checks
65
- - for frontend-bearing web projects, install the local browser E2E tooling plus the component/page-or-route frontend test layer during scaffold when the project will need them
66
- - for mobile projects, install the local mobile testing layer during scaffold, defaulting to Jest plus React Native Testing Library for Expo/React Native work
67
- - for desktop projects, install the local desktop testing layer during scaffold, defaulting to the selected project test runner and Playwright Electron support or an equivalent desktop UI/E2E tool when UI verification is required
68
- - for Android projects, install the local Android testing layers needed for the Dockerized broad path during scaffold without relying on an emulator
69
- - for iOS-targeted projects, install the portable test layers that can run on Linux during scaffold and document any native iOS runtime/build gap honestly instead of hiding it
70
- - put migrations, worker/job foundation, and real runtime health surfaces in place when the project needs them
71
- - when the project has database dependencies, create `./init_db.sh` during scaffold as the only project-standard database initialization path
72
- - if the project has database dependencies, make `./init_db.sh` handle the real database setup already known at scaffold time rather than leaving a placeholder shell
73
- - if the project has database dependencies, wire the runtime and test entrypoints to call `./init_db.sh` whenever database preparation is required
74
- - if the project has database dependencies, treat `./init_db.sh` as a living project artifact that must be expanded as migrations, schema setup, bootstrap data, and other database dependencies become real through implementation
75
- - do not hardcode database connection values or database bootstrap values in the repo; drive database setup through `./init_db.sh`
76
- - when the project has database dependencies, do not package local database dependency files or local database state as part of delivery; the delivery should rely on the initialization-script path instead
77
- - treat prompt-critical security controls as real baseline runtime behavior, not placeholder checks or visual wiring
78
- - if a requirement implies enforcement, persistence, statefulness, or rejection behavior, make that behavior real in the scaffold unless the prompt clearly scopes it down
79
- - do not accept shape-only security implementations such as header presence checks, passive constants, or partially wired middleware when the requirement implies real protection
80
- - when applicable at scaffold time, require platform-appropriate real security baselines rather than shape-only placeholders
81
- - for web service flows, examples include nonce replay rejection, real lockout behavior, CSRF rejection on protected mutations, and meaningful server-side state when the protection model depends on it
82
- - for mobile flows, examples include safe auth-state handling, no bundled secrets, secure token storage when runtime tokens must be persisted, and protected deep-link or privileged screen behavior when applicable
83
- - for desktop flows, examples include secure preload/contextBridge boundaries, `contextIsolation` preserved, `nodeIntegration` not exposed by default in the renderer, and privileged actions kept out of untrusted renderer reach
84
- - remove prototype residue from runtime foundations: no placeholder titles, hidden setup, fake defaults, or seeded live-path assumptions
85
- - make prompt-critical runtime behavior visible in the scaffold instead of hand-waving it for later, especially offline, worker, backup, or HTTPS requirements
86
- - for Dockerized web projects, keep runtime isolation clean in shared environments: use self-contained Compose namespacing, avoid fragile generic project names, and prefer Compose-managed service naming over unnecessary hardcoded `container_name` values
87
- - for Dockerized web projects, derive a unique `COMPOSE_PROJECT_NAME` from the repo or worktree identity for runtime wrappers, and use a separate unique test namespace for `./run_tests.sh` so parallel local projects do not collide
88
- - for Dockerized web projects, expose only the primary app-facing port to the host by default, keep databases/cache/internal services off host ports unless the prompt truly requires exposure, and bind exposed ports to `127.0.0.1`
89
- - for Dockerized web projects, prefer Docker-assigned random host ports for the default host binding so plain `docker compose up --build` can run without host-port collisions; if the prompt requires a fixed host port, support an overrideable host-port variable and make the runtime or test wrapper fall back to a free port automatically when needed
90
- - for Dockerized web projects, keep image, network, and volume naming under Compose project scoping; if explicit image names are needed, namespace them with the Compose project name instead of using generic shared names
91
- - for Dockerized web projects, add healthchecks and make runtime or test wrappers wait for service readiness before proceeding so startup is reliable on slower machines
92
- - require reproducible build and tooling foundations: prefer lockfile-driven installs where the stack supports them, keep source and build outputs clearly separated, and do not allow generated runtime artifacts to drift back into source directories
93
- - for typed build pipelines, keep source-of-truth boundaries clean so compiled output does not create TS/JS or similar dual-source drift in the working tree
94
- - establish README structure early instead of leaving it until the end
95
- - ensure `README.md` clearly documents the primary runtime command and the broad `./run_tests.sh` contract for the selected stack
96
- - ensure `README.md` focuses on what the project does, how to run it, how to test it, the main repo contents, and any important new-developer information rather than trying to replace the full API catalog
97
- - ensure `README.md` also explains the delivered architecture and major implementation structure clearly enough for code review and handoff
98
- - ensure `README.md` stands on its own and does not tell users or reviewers to rely on parent-root docs for core repo understanding
99
- - for Dockerized web projects, ensure `README.md` explains that local runtime values are bootstrapped automatically by the development startup path and that this is local-development behavior rather than production secret management
100
- - maintain the seeded parent-root `../docs/design.md` as the owner-maintained planning/design contract from the start
101
- - maintain the seeded parent-root `../docs/test-coverage.md` as the owner-maintained evaluator-facing test matrix from the start
102
- - when API surfaces are material, fill in the seeded parent-root `../docs/api-spec.md` instead of treating it as a later add-on
103
- - if the project uses mock, stub, fake, interception, or local-data behavior, disclose that scope in `README.md` during scaffold instead of waiting until late phases
104
- - if mock or interception behavior is enabled by default, disclose that default state in `README.md` during scaffold
105
- - if feature flags, debug or demo surfaces, or default-enabled config toggles exist, disclose them in `README.md` during scaffold and record the fuller reference in parent-root docs when needed
106
- - establish a shared logging path during scaffold with meaningful categories, redaction expectations, and no reliance on random print statements as the long-term logging surface
107
- - establish a shared validation path during scaffold so forms, requests, boundary checks, and normalized error behavior do not get invented ad hoc later
108
- - prove the scaffold in a clean state before deeper feature work
109
- - verify clean startup and teardown behavior under the selected stack's runtime contract
110
- - make the scaffold handoff compact and checklist-driven: the developer should be able to state runtime proof, test proof, docs honesty, and required repo-surface proof without a long narrative dump
111
- - for Dockerized web projects, verify clean startup and teardown behavior under the chosen project namespace
112
- - when the architecture materially depends on infrastructure capabilities such as rate limiting, encryption, offline support, or browser-storage policy, put the baseline framework and policy in place during scaffold rather than deferring it to late implementation
113
- - for backend integration paths, prefer production-equivalent test infrastructure when practical rather than silently substituting a weaker database or runtime model that can hide real defects
114
- - do not treat scaffold as placeholder boilerplate or rely on hidden setup
115
-
116
- ## Current policy
24
+ - chosen stack and bootstrap path are explicit
25
+ - requested platform and required technologies are installed and wired
26
+ - the primary runtime command is real
27
+ - `./run_tests.sh` is real as the portable broad test wrapper
28
+ - `docker compose up --build` is real and working
29
+ - `./run_tests.sh` is containerized and working
30
+ - `./run_app.sh` may exist as an additional platform helper when useful, but it does not replace the Docker-based baseline contract
31
+ - minimal real tests exist so the scaffold is not mostly `NO-SOURCE`
32
+ - `README.md` is honest about scaffold status, runtime, tests, and main module layout
33
+ - `README.md` already includes the baseline section shape needed for the final README audit, even if many sections are still marked scaffold-level
34
+
35
+ ## What scaffold is not
36
+
37
+ Do not turn scaffold into feature delivery.
38
+
39
+ At scaffold time, do not require:
40
+
41
+ - prompt-specific business workflows
42
+ - full auth/role/product enforcement unless the runtime baseline genuinely depends on it
43
+ - final module completion
44
+ - integrated product polish
45
+ - deep domain behavior beyond what the chosen stack/runtime/tests need immediately
46
+
47
+ ## Runtime selection rule
48
+
49
+ - follow the original prompt and existing repository first
50
+ - for web projects, `docker compose up --build` is always required as the runtime baseline contract
51
+ - for Android, iOS, and desktop projects, `docker compose up --build` is also required, but it may start a meaningful containerized build, artifact, preview, or support environment rather than pretending to be native runtime proof
52
+ - `./run_tests.sh` must exist for every project and be containerized
53
+ - when helpful, non-web projects may also provide `./run_app.sh` for host-side convenience or platform-specific local flow, but that does not replace the required Docker commands
54
+
55
+ ## Playbook rule
56
+
57
+ - use the packaged scaffold docs under `~/slopmachine/scaffold-playbooks/` as owner-side source material
58
+ - start with `~/slopmachine/scaffold-playbooks/selection-matrix.md`
59
+ - use `docker-shared-contract.md` as the common Docker/runtime/test contract
60
+ - when no exact stack playbook exists yet, use `generic-unknown-tech-guide.md` before falling back to nearest-family improvisation
61
+ - use the family matrices to resolve placeholders, language-only prompts, and open-ended stack selections before choosing a concrete playbook
62
+ - do not tell the developer to read those files directly if they are outside `repo/`; restate the relevant directives in the developer prompt
63
+ - when a matching playbook exists, prefer following it over inventing a new scaffold contract from scratch
64
+ - if no exact playbook exists, choose the nearest platform family playbook plus the framework-specific bootstrap command that best matches the prompt
65
+
66
+ ## Bootstrap rule
67
+
68
+ - when the selected stack has an official or clearly best-known bootstrap command, prefer it
69
+ - prefer the current recommended bootstrap variant rather than an outdated minimal skeleton
70
+ - only hand-build from scratch when no credible bootstrap path exists or the existing repo already dictates a different structure
71
+ - after generation, adapt only enough to make the baseline runtime, tests, wrapper scripts, and README contract real
72
+
73
+ ## Safe defaults
117
74
 
118
75
  - no `.env` files or env-file variants in the repo
119
- - do not edit `AGENTS.md` or other workflow/rulebook files unless explicitly asked
76
+ - no committed secrets or plaintext bootstrap credentials
120
77
  - keep generated artifacts out of source-of-truth paths
121
- - keep real secrets out of the repository and use the selected stack's runtime/platform mechanism for sensitive values
122
- - if the stack requires env-file format at runtime, generate it ephemerally from the selected runtime environment rather than storing it in the repo or package
123
- - for Dockerized web projects, `docker compose up --build` must work as a single command without user-side exports
124
- - for Dockerized web projects, `./run_tests.sh` must work under the same no-export, no-`.env`, no-pre-seeded-secret-literals model
125
- - if the project has database dependencies, `./init_db.sh` must exist from scaffold onward and stay current with the real database setup
126
- - if the project uses mock, stub, fake, interception, or local-data behavior, the scaffold must already make those boundaries statically visible in docs and code structure
127
- - the repo must not depend on parent-root docs or sibling artifacts for startup, testing, build/preview, config, security understanding, or evaluator traceability
78
+ - make the repo self-sufficient through code plus `README.md`
79
+ - do not create extra in-repo docs beyond `README.md`
80
+ - use one bootstrap source of truth when seed/setup data is needed
81
+ - keep runtime/test/bootstrap paths aligned instead of inventing separate hidden setup flows
128
82
 
129
- ## Acceptance target
83
+ ## Baseline requirements
84
+
85
+ - create the initial project structure intentionally
86
+ - wire the required technologies named by the prompt or selected by the default stack
87
+ - install local targeted test tooling needed for ordinary development iteration
88
+ - create baseline test structure intentionally during scaffold
89
+ - when backend or fullstack API surfaces already exist at scaffold time, create the test structure in a way that later endpoint-by-endpoint mapping and true no-mock HTTP testing can grow without churn
90
+ - create `./run_tests.sh` during scaffold for every project
91
+ - create `./run_app.sh` during scaffold for non-web platforms when it helps expose the host-side or platform-specific local flow, but keep `docker compose up --build` and containerized `./run_tests.sh` as required baseline commands
92
+ - if the project has database dependencies, create `./init_db.sh` during scaffold as the only project-standard database initialization path
93
+ - make the scaffold handoff compact and checklist-driven rather than a long narrative dump
94
+
95
+ ## Minimal real test floor
96
+
97
+ Do not leave the broad path mostly empty.
98
+
99
+ At scaffold, require at least:
100
+
101
+ - one or more real tests for a core baseline contract or rules/helper layer
102
+ - one real runtime/build verification path in `./run_tests.sh`
103
+ - one real smoke-level proof that the chosen stack is wired correctly
104
+ - any static verification tasks that the selected platform needs to keep the baseline honest, such as schema export verification, lint, typecheck, or package/build health
105
+ - one real Docker-backed runtime/build path behind `docker compose up --build`
106
+
107
+ ## README floor
108
+
109
+ `README.md` inside `repo/` must already state:
110
+
111
+ - project type near the top using one of `backend`, `fullstack`, `web`, `android`, `ios`, or `desktop`
112
+ - scaffold status versus implemented product scope
113
+ - primary runtime command
114
+ - required Docker command: `docker compose up --build`
115
+ - broad test command
116
+ - startup instructions
117
+ - access method
118
+ - verification method
119
+ - authentication section with demo credentials for known roles or the exact statement `No authentication required`
120
+ - tech stack clarity and brief architecture explanation
121
+ - important roles or workflows when relevant
122
+ - major module or repo layout
123
+ - important bootstrap/setup notes
124
+ - any major honesty boundaries such as local-only, mock-only, offline-only, no-emulator, or no-native-runtime proof when those limits apply
125
+
126
+ When the project type requires extra README shape for the final audit:
127
+
128
+ - backend, fullstack, and web projects should include the exact legacy compatibility string `docker-compose up` somewhere in startup guidance in addition to the canonical `docker compose up --build` contract
129
+ - Android projects should include a host-side build or emulator or device guidance section even though Docker remains required for the final broad contract
130
+ - iOS projects should include Xcode or simulator or device guidance when applicable even though Docker remains part of the broader SlopMachine contract
131
+ - desktop projects should include host-side run or build guidance when applicable even though Docker remains part of the broader SlopMachine contract
132
+
133
+ ## Parallelism rule
134
+
135
+ - once the stack, runtime contract, and wrapper-script shape are fixed, use parallel branches for independent scaffold foundations when that materially reduces elapsed time
136
+ - good scaffold parallel candidates include app shell, test harness, config wiring, and README baseline work that touch different areas
137
+ - do not parallelize overlapping generator churn or shared foundation invention before the baseline contract is stable
130
138
 
131
- Scaffold should make later slices easier, not force them to retrofit missing fundamentals.
139
+ ## Acceptance target
132
140
 
133
- Before scaffold is handed back for owner acceptance, the developer should already have a compact answer for these scaffold checklist items:
141
+ Scaffold is acceptable when:
134
142
 
135
- - runtime bootstrap works
136
- - database/bootstrap path works when relevant
137
- - `./run_tests.sh` works at the broad-scaffold level
138
- - frontend/backend wiring shape is real
139
- - config/env/bootstrap path is honest
140
- - `README.md` and scaffold docs are honest about what is and is not implemented
141
- - required scaffold files and directories exist
143
+ - `docker compose up --build` works
144
+ - `./run_tests.sh` works at the scaffold baseline level
145
+ - required wrapper scripts exist and are honest
146
+ - required technologies are wired
147
+ - minimal real tests exist
148
+ - `README.md` is honest and traceable
142
149
  - prohibited shortcuts or residue are not present
143
150
 
144
151
  ## Verification cadence
145
152
 
146
153
  - use local and narrow checks while correcting scaffold work
147
154
  - reserve one broad owner-run scaffold gate for actual scaffold acceptance
148
- - do not spend extra broad reruns once the acceptance question is already answered
149
- - for web projects using the default Docker-first runtime model, the owner must run `docker compose up --build` and `./run_tests.sh` once after scaffold completion to confirm the baseline actually works
150
- - after that single scaffold proof, ordinary development should use only local fast verification until development-complete / integrated-verification entry unless a real blocker forces earlier broad reruns
151
- - after that scaffold confirmation, do not run Docker again during ordinary development work; the next Docker-based run should be at development completion when integrated behavior is checked
155
+ - for web projects, the owner should run `docker compose up --build` and `./run_tests.sh` once after scaffold completion
156
+ - after scaffold acceptance, return to local fast verification until the next major gate unless a real blocker forces earlier escalation
@@ -28,15 +28,21 @@ The final delivery layout in the parent project root must be:
28
28
  - `api-spec.md` when applicable
29
29
  - `test-coverage.md`
30
30
  - `questions.md`
31
- - `sessions/`
32
- - `<label>.json` for every tracked developer session, including `develop-N.json` and `bugfix-N.json` when present
33
- - `session-<label>.json` for every tracked developer session
31
+ - for non-Claude developer sessions:
32
+ - `sessions/`
33
+ - `sessions/<label>.json` for every tracked developer session, including `develop-N.json` and `bugfix-N.json` when present
34
+ - for Claude-backed developer sessions:
35
+ - `claude-sessions.zip` in the parent root containing the whole Claude project session folder once
36
+ - no `sessions/` directory is required when all tracked developer sessions are Claude-backed
34
37
  - `metadata.json`
35
- - `self_test_reports/`
36
- - `cycle-0/`
37
- - `cycle-1/`
38
+ - `.tmp/`
39
+ - `audit_report-<N>.md` only for bugfix-triggering `partial pass` audits
40
+ - `audit_report-<N>-fix_check-<M>.md` when present
41
+ - `test_coverage_and_readme_audit_report.md`
38
42
  - `repo/`
39
43
 
44
+ In the clean two-bugfix path, `.tmp/` should end with at least 5 required markdown reports once the final coverage/README audit is included: 2 kept partial-pass audit reports, at least 2 corresponding fix-check reports, and the final coverage/README audit report. Extra fix checks may legitimately increase that count.
45
+
40
46
  Inside the delivered `repo/`, the repository must remain self-sufficient:
41
47
 
42
48
  - `README.md`
@@ -64,34 +70,32 @@ No screenshots are required as packaging artifacts.
64
70
  - include `./run_tests.sh` and any supporting runner logic it needs to execute the project's broad test path from a clean environment
65
71
  - when the project has database dependencies, include `./init_db.sh` and ensure it reflects the final delivered database setup rather than an earlier scaffold placeholder
66
72
  - when the project has database dependencies, package the initialization-script path rather than raw environment-specific database dependency artifacts or local database state
67
- - verify parent-root `../self_test_reports/` exists and contains the required counted cycle directories
73
+ - verify parent-root `../.tmp/` exists and contains the required audit and fix-check reports
74
+ - verify parent-root `../.tmp/test_coverage_and_readme_audit_report.md` exists from the final post-bugfix coverage/README audit
68
75
  - export all tracked developer sessions before closing packaging
69
76
  - when packaging succeeds, update workflow metadata to mark `packaging_completed` as true
70
77
 
71
78
  ## Session export sequence
72
79
 
73
- Export every tracked developer session from metadata, keep a numbered cleaned root export, and convert each session into its lane-aware trajectory file.
74
-
75
- Use the tracked lane labels for converted developer sessions, for example:
80
+ Export tracked developer sessions from metadata using the tracked lane labels, for example:
76
81
 
77
82
  - `develop-1`
78
83
  - `bugfix-1`
79
84
 
80
- For each tracked developer session:
85
+ For session export:
81
86
 
82
- 1. if `<backend>` is `claude`, run `node ~/slopmachine/utils/export_ai_session.mjs --backend claude --cwd "$PWD" --session-id <session-id> --output ../session-<N>.json`
83
- 2. if `<backend>` is not `claude`, run `opencode export <session-id> > ../session-export-<label>.raw`
84
- 3. if `<backend>` is not `claude`, run `python3 ~/slopmachine/utils/strip_session_parent.py ../session-export-<label>.raw --output ../session-<N>.json`
85
- 4. `node ~/slopmachine/utils/convert_exported_ai_session.mjs --converter-script ~/slopmachine/utils/convert_ai_session.py --input ../session-<N>.json --output ../sessions/<label>.json`
87
+ 1. if at least one tracked developer session backend is `claude` or `claude-live`, run `node ~/slopmachine/utils/package_claude_session.mjs --cwd "$PWD" --session-id <any-claude-session-id> --label claude-sessions --output ../claude-sessions.zip`
88
+ 2. if `<backend>` is neither `claude` nor `claude-live`, run `opencode export <session-id> > ../session-export-<label>.raw`
89
+ 3. if `<backend>` is neither `claude` nor `claude-live`, run `python3 ~/slopmachine/utils/strip_session_parent.py ../session-export-<label>.raw --output ../sessions/<label>.json`
86
90
 
87
91
  Where `<backend>` comes from the tracked developer session record in metadata.
88
- Use `opencode` when no explicit backend field exists.
89
- Use the tracked developer-session order to assign `<N>`.
92
+ Use `opencode` when no explicit backend field exists or when the backend is not Claude-backed.
93
+ For Claude-backed sessions, the package helper resolves the Claude project folder under `~/.claude/projects/` from a tracked `session_id` plus the current project `cwd`, normalizes the copied JSONL session files by flattening channel-originated user turns, and packages that folder once.
90
94
 
91
95
  After those steps:
92
96
 
93
- - verify every tracked developer session has been exported and converted into `../sessions/` before continuing
94
- - keep `../session-<N>.json` in the parent root as the cleaned or direct exported session artifact
97
+ - verify every non-Claude developer session has been exported into `../sessions/<label>.json`
98
+ - verify Claude-backed sessions have been packaged once into `../claude-sessions.zip`
95
99
  - treat only the raw `../session-export-<label>.raw` files as temporary packaging intermediates
96
100
  - remove the raw `../session-export-<label>.raw` files before closing packaging
97
101
  - if the required utilities, metadata session ids, or output files are missing, packaging is not ready to continue
@@ -101,11 +105,12 @@ After those steps:
101
105
  - run `python3 ~/slopmachine/utils/cleanup_delivery_artifacts.py .` once near the end of packaging to remove known recursive cleanup targets from the delivered repo tree
102
106
  - remove runtime, editor, cache, tooling noise, generated artifacts, and environment junk recursively anywhere in the delivered repo tree
103
107
  - do not remove required delivery artifacts just because they look noisy
104
- - remove `.opencode/`, `.codex/`, `.vscode/`, env-file variants, caches, `node_modules/`, `.venv/`, `.net/`, build outputs not part of delivery, raw test artifact directories, `__pycache__/`, `.pytest_cache/`, repo-local `AGENTS.md`, and accidental in-repo docs directories or extra documentation files beyond `README.md`
108
+ - the cleanup helper removes common known targets such as `.opencode/`, `.codex/`, `.vscode/`, env-file variants, `node_modules/`, `.venv/`, `.net/`, common build/cache directories, `__pycache__/`, `.pytest_cache/`, and repo-local `AGENTS.md` / `CLAUDE.md`
105
109
  - remove environment-dependent content, local dependency trees, editor state, package-manager caches, and runtime caches anywhere in the delivery tree
106
110
  - do not package database dependency files or local database state when the delivered database setup is supposed to be injected through initialization scripts
107
- - do not package AI session conversion scripts or similar workflow utility scripts inside the delivered product attachment
108
- - remove repo-local `.tmp/` or parent-root `../.tmp/` if they exist; they are not part of the final delivery contract
111
+ - manually review for accidental in-repo docs directories or workflow utility scripts that the helper does not remove automatically, and remove them before closing packaging
112
+ - remove repo-local `.tmp/` if it exists and is not part of the delivered product
113
+ - do not remove parent-root `../.tmp/`; it now holds the required `P7` audit and fix-check artifacts
109
114
  - the cleanup is recursive; do not leave forbidden directories or generated junk buried deeper in the repo hierarchy after cleanup
110
115
 
111
116
  ## Validation checklist
@@ -120,11 +125,12 @@ After those steps:
120
125
  - when the project has database dependencies, confirm database setup is injected through initialization scripts rather than packaged local database dependency artifacts
121
126
  - confirm the cleanup helper has been run and that no known recursive cleanup targets remain in the delivered repo tree
122
127
  - confirm no environment-dependent dependency directories, editor-state folders, runtime caches, or workflow utility scripts are packaged into the delivered product
123
- - confirm parent-root `../self_test_reports/` exists and contains the required counted cycle directories
124
- - confirm each counted cycle directory contains the initial audit report plus any fix-check reports generated for that cycle
128
+ - confirm parent-root `../.tmp/` exists and contains the required kept `audit_report-<N>.md` files for partial-pass audits only
129
+ - confirm every bugfix-triggering audit number has its matching `audit_report-<N>-fix_check-<M>.md` files when fix checks were required
130
+ - confirm parent-root `../.tmp/test_coverage_and_readme_audit_report.md` exists and is the final replaced copy rather than a numbered variant
125
131
  - confirm parent-root `../docs/test-coverage.md` explains the tested flows, mapped tests, and coverage boundaries
126
- - confirm exported developer sessions exist under parent-root `../sessions/` using the tracked `<label>.json` names
127
- - confirm cleaned session exports exist in the parent root as numbered `../session-<N>.json` files
132
+ - confirm every non-Claude developer session exists under parent-root `../sessions/` using the tracked `<label>.json` names
133
+ - confirm Claude-backed developer sessions exist in the parent root as `claude-sessions.zip`
128
134
  - confirm parent-root `../docs/` remains consistent as an external reference set when workflow policy still requires it, but the delivered repo does not depend on it
129
135
  - confirm parent-root metadata fields are populated correctly
130
136
  - confirm workflow metadata marks `packaging_completed` as true
@@ -137,4 +143,4 @@ After those steps:
137
143
  - confirm the delivered project is actually runnable in the promised startup model, the documented tests are runnable, frontend behavior is usable when applicable, UI quality is acceptable, core logic is complete, and Docker startup works when Docker is the runtime contract
138
144
  - confirm the final git checkpoint can be created cleanly for the packaged state when a checkpoint is needed
139
145
  - if packaging reveals a real defect or missing artifact, fix it before closing the phase
140
- - do not close packaging until all required docs, session exports, self-test files, cleanup conditions, and final structure checks are satisfied
146
+ - do not close packaging until all required docs, session exports, audit/fix-check files, cleanup conditions, and final structure checks are satisfied