npm - usemint-cli - Versions diffs - 0.2.0-beta.4 → 0.2.0-beta.5 - Mend

usemint-cli 0.2.0-beta.4 → 0.2.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli/index.js CHANGED Viewed

@@ -110,6 +110,174 @@ var init_config = __esm({
   }
 });
+// src/cli/commands/auth.ts
+var auth_exports = {};
+__export(auth_exports, {
+  login: () => login,
+  logout: () => logout,
+  signup: () => signup,
+  whoami: () => whoami
+});
+import chalk from "chalk";
+import boxen from "boxen";
+import { createServer } from "http";
+async function login() {
+  if (config2.isAuthenticated()) {
+    const email = config2.get("email");
+    console.log(chalk.yellow(`
+  Already logged in as ${email}`));
+    console.log(chalk.dim("  Run `mint logout` to switch accounts.\n"));
+    return;
+  }
+  console.log(chalk.cyan("\n  Opening browser to sign in...\n"));
+  const token = await waitForOAuthCallback();
+  if (!token) {
+    console.log(chalk.red("\n  Login failed. Try again with `mint login`.\n"));
+    return;
+  }
+  try {
+    const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
+      headers: {
+        "apikey": SUPABASE_ANON_KEY,
+        "Authorization": `Bearer ${token}`
+      }
+    });
+    if (!res.ok) {
+      console.log(chalk.red("\n  Invalid token received. Try again.\n"));
+      return;
+    }
+    const user = await res.json();
+    config2.setAll({
+      apiKey: token,
+      userId: user.id,
+      email: user.email
+    });
+    console.log(boxen(
+      `${chalk.bold.green("Signed in!")}
+Email: ${chalk.cyan(user.email)}
+Plan:  ${chalk.dim("Free \u2014 20 tasks/day")}
+${chalk.dim("Run `mint` to start coding.")}`,
+      { padding: 1, borderColor: "green", borderStyle: "round" }
+    ));
+  } catch (err) {
+    console.log(chalk.red(`
+  Error: ${err.message}
+`));
+  }
+}
+function waitForOAuthCallback() {
+  return new Promise((resolve12) => {
+    const timeout = setTimeout(() => {
+      server.close();
+      resolve12(null);
+    }, 12e4);
+    const server = createServer(async (req, res) => {
+      const url = new URL(req.url ?? "/", `http://localhost:${CALLBACK_PORT}`);
+      if (url.pathname === "/callback") {
+        let token = null;
+        if (req.method === "POST") {
+          const body = await new Promise((r) => {
+            let data = "";
+            req.on("data", (chunk) => {
+              data += chunk.toString();
+            });
+            req.on("end", () => r(data));
+          });
+          try {
+            const parsed = JSON.parse(body);
+            token = parsed.access_token ?? parsed.token ?? null;
+          } catch {
+            token = null;
+          }
+        } else {
+          token = url.searchParams.get("access_token") ?? url.searchParams.get("token");
+        }
+        res.setHeader("Access-Control-Allow-Origin", "*");
+        res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
+        res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(`
+          <html>
+            <body style="background:#07090d;color:#c8dae8;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0">
+              <div style="text-align:center">
+                <h1 style="color:#00d4ff">Connected!</h1>
+                <p>You can close this tab and return to the terminal.</p>
+              </div>
+            </body>
+          </html>
+        `);
+        clearTimeout(timeout);
+        server.close();
+        resolve12(token);
+        return;
+      }
+      if (req.method === "OPTIONS") {
+        res.setHeader("Access-Control-Allow-Origin", "*");
+        res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
+        res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+        res.writeHead(204);
+        res.end();
+        return;
+      }
+      res.writeHead(404);
+      res.end("Not found");
+    });
+    server.listen(CALLBACK_PORT, () => {
+      const callbackUrl = `http://localhost:${CALLBACK_PORT}/callback`;
+      const authUrl = `${AUTH_PAGE_URL}?callback=${encodeURIComponent(callbackUrl)}`;
+      import("child_process").then(({ execFile }) => {
+        const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+        execFile(cmd, [authUrl]);
+      });
+    });
+    server.on("error", () => {
+      clearTimeout(timeout);
+      resolve12(null);
+    });
+  });
+}
+async function signup() {
+  await login();
+}
+async function logout() {
+  if (!config2.isAuthenticated()) {
+    console.log(chalk.yellow("\n  Not logged in.\n"));
+    return;
+  }
+  const email = config2.get("email");
+  config2.clear();
+  console.log(chalk.green(`
+  Logged out from ${email}
+`));
+}
+async function whoami() {
+  if (!config2.isAuthenticated()) {
+    console.log(chalk.yellow("\n  Not logged in."));
+    console.log(chalk.dim("  Run `mint login` to sign in.\n"));
+    return;
+  }
+  const email = config2.get("email");
+  console.log(boxen(
+    `${chalk.bold("Signed in")}
+Email: ${chalk.cyan(email)}`,
+    { padding: 1, borderColor: "cyan", borderStyle: "round" }
+  ));
+}
+var SUPABASE_URL, SUPABASE_ANON_KEY, AUTH_PAGE_URL, CALLBACK_PORT;
+var init_auth = __esm({
+  "src/cli/commands/auth.ts"() {
+    "use strict";
+    init_config();
+    SUPABASE_URL = process.env.MINT_SUPABASE_URL ?? "https://srhoryezzsjmjdgfoxgd.supabase.co";
+    SUPABASE_ANON_KEY = process.env.MINT_SUPABASE_ANON_KEY ?? "";
+    AUTH_PAGE_URL = "https://usemint.dev/auth";
+    CALLBACK_PORT = 9876;
+  }
+});
 // src/providers/types.ts
 var types_exports = {};
 __export(types_exports, {
@@ -3409,7 +3577,550 @@ describe("projectService.create", () => {
 - [ ] Assertions are specific (not just "toBeTruthy")
 `;
 }
-var cache, SKILL_STYLE, SKILL_PYTHON, SKILL_GENERAL;
+function SKILL_ANDROID(hasCompose) {
+  const uiSection = hasCompose ? ANDROID_COMPOSE_SECTION : ANDROID_XML_SECTION;
+  return `---
+applies_to: [android, mobile]
+---
+# Android / Kotlin \u2014 Production Quality Standard
+All generated code must match Google's best Android apps (Gmail, Drive, Maps).
+Study these reference examples \u2014 this is the bar.
+## Rules
+- Kotlin only \u2014 no Java in new code
+- MVVM with clean architecture: UI \u2192 ViewModel \u2192 UseCase \u2192 Repository \u2192 DataSource
+- Coroutines + Flow for all async work \u2014 no callbacks, no RxJava in new code
+- Hilt for dependency injection \u2014 no manual DI or service locators
+- Single Activity with Jetpack Navigation (or Compose Navigation)
+- Repository pattern: ViewModel never touches Room/Retrofit directly
+- Sealed classes for UI state \u2014 never nullable booleans for loading/error
+${uiSection}
+## Reference: ViewModel (Google-quality MVVM)
+\`\`\`kotlin
+@HiltViewModel
+class ProjectListViewModel @Inject constructor(
+    private val getProjects: GetProjectsUseCase,
+    private val deleteProject: DeleteProjectUseCase,
+) : ViewModel() {
+    private val _uiState = MutableStateFlow<ProjectListState>(ProjectListState.Loading)
+    val uiState: StateFlow<ProjectListState> = _uiState.asStateFlow()
+    private val _events = Channel<ProjectListEvent>(Channel.BUFFERED)
+    val events: Flow<ProjectListEvent> = _events.receiveAsFlow()
+    init {
+        loadProjects()
+    }
+    fun loadProjects() {
+        viewModelScope.launch {
+            _uiState.value = ProjectListState.Loading
+            getProjects()
+                .catch { e -> _uiState.value = ProjectListState.Error(e.toUserMessage()) }
+                .collect { projects ->
+                    _uiState.value = if (projects.isEmpty()) {
+                        ProjectListState.Empty
+                    } else {
+                        ProjectListState.Success(projects)
+                    }
+                }
+        }
+    }
+    fun onDeleteProject(projectId: String) {
+        viewModelScope.launch {
+            try {
+                deleteProject(projectId)
+                _events.send(ProjectListEvent.ProjectDeleted)
+                loadProjects()
+            } catch (e: Exception) {
+                _events.send(ProjectListEvent.ShowError(e.toUserMessage()))
+            }
+        }
+    }
+}
+sealed interface ProjectListState {
+    data object Loading : ProjectListState
+    data object Empty : ProjectListState
+    data class Success(val projects: List<Project>) : ProjectListState
+    data class Error(val message: String) : ProjectListState
+}
+sealed interface ProjectListEvent {
+    data object ProjectDeleted : ProjectListEvent
+    data class ShowError(val message: String) : ProjectListEvent
+}
+\`\`\`
+## Reference: Repository with offline-first caching
+\`\`\`kotlin
+class ProjectRepositoryImpl @Inject constructor(
+    private val api: ProjectApi,
+    private val dao: ProjectDao,
+    private val dispatcher: CoroutineDispatcher = Dispatchers.IO,
+) : ProjectRepository {
+    override fun getProjects(): Flow<List<Project>> = flow {
+        // Emit cached data immediately
+        val cached = dao.getAll().first()
+        if (cached.isNotEmpty()) {
+            emit(cached.map { it.toDomain() })
+        }
+        // Fetch fresh data from network
+        try {
+            val remote = withContext(dispatcher) { api.getProjects() }
+            dao.replaceAll(remote.map { it.toEntity() })
+        } catch (e: IOException) {
+            if (cached.isEmpty()) throw e
+            // Cached data already emitted \u2014 silently use stale data
+        }
+        // Emit fresh data from DB (single source of truth)
+        emitAll(dao.getAll().map { entities -> entities.map { it.toDomain() } })
+    }.flowOn(dispatcher)
+    override suspend fun delete(projectId: String) {
+        withContext(dispatcher) {
+            api.deleteProject(projectId)
+            dao.deleteById(projectId)
+        }
+    }
+}
+\`\`\`
+## Reference: UseCase (clean architecture boundary)
+\`\`\`kotlin
+class GetProjectsUseCase @Inject constructor(
+    private val repository: ProjectRepository,
+) {
+    operator fun invoke(): Flow<List<Project>> = repository.getProjects()
+}
+class DeleteProjectUseCase @Inject constructor(
+    private val repository: ProjectRepository,
+    private val analytics: AnalyticsTracker,
+) {
+    suspend operator fun invoke(projectId: String) {
+        repository.delete(projectId)
+        analytics.track("project_deleted", mapOf("id" to projectId))
+    }
+}
+\`\`\`
+## Reference: Hilt module
+\`\`\`kotlin
+@Module
+@InstallIn(SingletonComponent::class)
+abstract class RepositoryModule {
+    @Binds
+    abstract fun bindProjectRepository(impl: ProjectRepositoryImpl): ProjectRepository
+}
+@Module
+@InstallIn(SingletonComponent::class)
+object NetworkModule {
+    @Provides
+    @Singleton
+    fun provideRetrofit(): Retrofit = Retrofit.Builder()
+        .baseUrl(BuildConfig.API_BASE_URL)
+        .addConverterFactory(MoshiConverterFactory.create())
+        .client(
+            OkHttpClient.Builder()
+                .addInterceptor(AuthInterceptor())
+                .addInterceptor(HttpLoggingInterceptor().apply {
+                    level = if (BuildConfig.DEBUG) Level.BODY else Level.NONE
+                })
+                .connectTimeout(15, TimeUnit.SECONDS)
+                .readTimeout(15, TimeUnit.SECONDS)
+                .build()
+        )
+        .build()
+    @Provides
+    @Singleton
+    fun provideProjectApi(retrofit: Retrofit): ProjectApi =
+        retrofit.create(ProjectApi::class.java)
+}
+\`\`\`
+## Reference: Room entity + DAO
+\`\`\`kotlin
+@Entity(tableName = "projects")
+data class ProjectEntity(
+    @PrimaryKey val id: String,
+    val name: String,
+    val description: String?,
+    @ColumnInfo(name = "team_id") val teamId: String,
+    @ColumnInfo(name = "created_at") val createdAt: Long,
+    @ColumnInfo(name = "updated_at") val updatedAt: Long,
+) {
+    fun toDomain() = Project(
+        id = id,
+        name = name,
+        description = description,
+        teamId = teamId,
+        createdAt = Instant.ofEpochMilli(createdAt),
+    )
+}
+@Dao
+interface ProjectDao {
+    @Query("SELECT * FROM projects ORDER BY updated_at DESC")
+    fun getAll(): Flow<List<ProjectEntity>>
+    @Insert(onConflict = OnConflictStrategy.REPLACE)
+    suspend fun insertAll(projects: List<ProjectEntity>)
+    @Query("DELETE FROM projects")
+    suspend fun deleteAll()
+    @Transaction
+    suspend fun replaceAll(projects: List<ProjectEntity>) {
+        deleteAll()
+        insertAll(projects)
+    }
+    @Query("DELETE FROM projects WHERE id = :id")
+    suspend fun deleteById(id: String)
+}
+\`\`\`
+## Quality checklist (reviewer must verify)
+- [ ] UI state is a sealed class/interface \u2014 no nullable boolean flags
+- [ ] ViewModel uses StateFlow (not LiveData) for new code
+- [ ] Coroutine scope is viewModelScope \u2014 never GlobalScope
+- [ ] Repository is the single source of truth (DB, not network)
+- [ ] Hilt @Inject on every constructor \u2014 no manual instantiation
+- [ ] Error messages are user-friendly \u2014 never raw exception text
+- [ ] Lifecycle-aware collection (collectAsStateWithLifecycle or repeatOnLifecycle)
+- [ ] No hardcoded strings in UI \u2014 use string resources
+- [ ] ProGuard/R8 rules for any reflection-based libraries
+`;
+}
+function SKILL_DEVOPS(hasDocker, hasCI, hasTerraform, hasK8s) {
+  const sections = [];
+  sections.push(`---
+applies_to: [devops, infrastructure]
+---
+# DevOps \u2014 Production Quality Standard
+Infrastructure as code, reproducible builds, zero-downtime deploys.`);
+  sections.push(`
+## Rules
+- Every environment is reproducible from code \u2014 no manual server config
+- Secrets in vault/env \u2014 never in code, never in Docker images, never in CI logs
+- Health checks on every service \u2014 liveness and readiness
+- Logs are structured JSON \u2014 never print() or console.log for production logging
+- Rollback plan exists for every deploy
+- Least privilege: containers run as non-root, IAM roles are scoped`);
+  if (hasDocker) {
+    sections.push(`
+## Reference: Production Dockerfile (multi-stage, secure)
+\`\`\`dockerfile
+# Build stage
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm ci --ignore-scripts
+COPY . .
+RUN npm run build && npm prune --production
+# Production stage
+FROM node:20-alpine AS runner
+WORKDIR /app
+# Security: non-root user
+RUN addgroup --system --gid 1001 appgroup && \\
+    adduser --system --uid 1001 appuser
+# Only copy what's needed
+COPY --from=builder --chown=appuser:appgroup /app/dist ./dist
+COPY --from=builder --chown=appuser:appgroup /app/node_modules ./node_modules
+COPY --from=builder --chown=appuser:appgroup /app/package.json ./
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \\
+    CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
+USER appuser
+EXPOSE 3000
+ENV NODE_ENV=production
+CMD ["node", "dist/server.js"]
+\`\`\`
+## Reference: docker-compose for local dev
+\`\`\`yaml
+services:
+  app:
+    build:
+      context: .
+      target: builder  # Use build stage for dev (has devDependencies)
+    ports:
+      - "3000:3000"
+    volumes:
+      - .:/app
+      - /app/node_modules  # Don't mount over node_modules
+    environment:
+      - DATABASE_URL=postgresql://postgres:postgres@db:5432/app_dev
+      - REDIS_URL=redis://redis:6379
+      - NODE_ENV=development
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+  db:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_DB: app_dev
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    ports:
+      - "5432:5432"
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 3s
+      retries: 5
+  redis:
+    image: redis:7-alpine
+    ports:
+      - "6379:6379"
+volumes:
+  pgdata:
+\`\`\``);
+  }
+  if (hasCI) {
+    sections.push(`
+## Reference: GitHub Actions CI/CD pipeline
+\`\`\`yaml
+name: CI/CD
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+concurrency:
+  group: \${{ github.workflow }}-\${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres:16-alpine
+        env:
+          POSTGRES_DB: test
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd "pg_isready"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - run: npm ci
+      - run: npm run typecheck
+      - run: npm run lint
+      - run: npm test
+        env:
+          DATABASE_URL: postgresql://postgres:postgres@localhost:5432/test
+  build:
+    needs: test
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: \${{ github.actor }}
+          password: \${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ghcr.io/\${{ github.repository }}:\${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    environment: production
+    steps:
+      - name: Deploy to production
+        run: |
+          # Replace with your deploy command
+          echo "Deploying ghcr.io/\${{ github.repository }}:\${{ github.sha }}"
+\`\`\``);
+  }
+  if (hasTerraform) {
+    sections.push(`
+## Reference: Terraform module structure
+\`\`\`hcl
+# main.tf
+terraform {
+  required_version = ">= 1.5"
+  required_providers {
+    aws = { source = "hashicorp/aws", version = "~> 5.0" }
+  }
+  backend "s3" {
+    bucket         = "myapp-terraform-state"
+    key            = "prod/terraform.tfstate"
+    region         = "us-east-1"
+    dynamodb_table = "terraform-locks"
+    encrypt        = true
+  }
+}
+resource "aws_ecs_service" "app" {
+  name            = "\${var.app_name}-\${var.environment}"
+  cluster         = aws_ecs_cluster.main.id
+  task_definition = aws_ecs_task_definition.app.arn
+  desired_count   = var.min_capacity
+  launch_type     = "FARGATE"
+  network_configuration {
+    subnets          = var.private_subnet_ids
+    security_groups  = [aws_security_group.app.id]
+    assign_public_ip = false
+  }
+  load_balancer {
+    target_group_arn = aws_lb_target_group.app.arn
+    container_name   = var.app_name
+    container_port   = var.container_port
+  }
+  deployment_circuit_breaker {
+    enable   = true
+    rollback = true
+  }
+  lifecycle {
+    ignore_changes = [desired_count]  # Managed by auto-scaling
+  }
+}
+\`\`\``);
+  }
+  if (hasK8s) {
+    sections.push(`
+## Reference: Kubernetes deployment with best practices
+\`\`\`yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+  labels:
+    app.kubernetes.io/name: app
+    app.kubernetes.io/version: "1.0.0"
+spec:
+  replicas: 3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: app
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: app
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1001
+        fsGroup: 1001
+      containers:
+        - name: app
+          image: ghcr.io/org/app:latest
+          ports:
+            - containerPort: 3000
+              protocol: TCP
+          env:
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: app-secrets
+                  key: database-url
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 3000
+            initialDelaySeconds: 10
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 3000
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+\`\`\``);
+  }
+  sections.push(`
+## Quality checklist (reviewer must verify)
+- [ ] No secrets in code, Dockerfiles, or CI logs \u2014 use env vars or secret stores
+- [ ] Containers run as non-root with read-only filesystem where possible
+- [ ] Health checks on every service (liveness + readiness)
+- [ ] CI runs typecheck + lint + test before deploy
+- [ ] Deploys are zero-downtime (rolling update, not recreate)
+- [ ] Resource limits set on all containers
+- [ ] State is external (DB, Redis, S3) \u2014 containers are stateless
+- [ ] Rollback is one command or automatic on failure
+`);
+  return sections.join("\n");
+}
+var cache, SKILL_STYLE, SKILL_PYTHON, ANDROID_COMPOSE_SECTION, ANDROID_XML_SECTION, SKILL_FULLSTACK, SKILL_GENERAL;
 var init_project_rules = __esm({
   "src/context/project-rules.ts"() {
     "use strict";
@@ -3559,6 +4270,349 @@ class ProjectService:
         member = await self._db.team_members.find_one(user_id=user_id, team_id=team_id)
         return member is not None
 \`\`\`
+`;
+    ANDROID_COMPOSE_SECTION = `
+## Reference: Compose UI (Material3 quality)
+\`\`\`kotlin
+@Composable
+fun ProjectListScreen(
+    viewModel: ProjectListViewModel = hiltViewModel(),
+    onNavigateToDetail: (String) -> Unit,
+) {
+    val uiState by viewModel.uiState.collectAsStateWithLifecycle()
+    val snackbarHostState = remember { SnackbarHostState() }
+    LaunchedEffect(Unit) {
+        viewModel.events.collect { event ->
+            when (event) {
+                is ProjectListEvent.ProjectDeleted ->
+                    snackbarHostState.showSnackbar("Project deleted")
+                is ProjectListEvent.ShowError ->
+                    snackbarHostState.showSnackbar(event.message)
+            }
+        }
+    }
+    Scaffold(
+        snackbarHost = { SnackbarHost(snackbarHostState) },
+        topBar = {
+            TopAppBar(title = { Text("Projects") })
+        },
+        floatingActionButton = {
+            FloatingActionButton(onClick = { /* navigate to create */ }) {
+                Icon(Icons.Default.Add, contentDescription = "Create project")
+            }
+        },
+    ) { padding ->
+        when (val state = uiState) {
+            is ProjectListState.Loading -> {
+                Box(Modifier.fillMaxSize().padding(padding), contentAlignment = Alignment.Center) {
+                    CircularProgressIndicator()
+                }
+            }
+            is ProjectListState.Empty -> {
+                EmptyState(
+                    modifier = Modifier.fillMaxSize().padding(padding),
+                    icon = Icons.Outlined.Folder,
+                    title = "No projects yet",
+                    subtitle = "Create your first project to get started",
+                )
+            }
+            is ProjectListState.Error -> {
+                ErrorState(
+                    modifier = Modifier.fillMaxSize().padding(padding),
+                    message = state.message,
+                    onRetry = viewModel::loadProjects,
+                )
+            }
+            is ProjectListState.Success -> {
+                LazyColumn(
+                    modifier = Modifier.fillMaxSize().padding(padding),
+                    contentPadding = PaddingValues(16.dp),
+                    verticalArrangement = Arrangement.spacedBy(8.dp),
+                ) {
+                    items(state.projects, key = { it.id }) { project ->
+                        ProjectCard(
+                            project = project,
+                            onClick = { onNavigateToDetail(project.id) },
+                            onDelete = { viewModel.onDeleteProject(project.id) },
+                        )
+                    }
+                }
+            }
+        }
+    }
+}
+@Composable
+private fun ProjectCard(
+    project: Project,
+    onClick: () -> Unit,
+    onDelete: () -> Unit,
+    modifier: Modifier = Modifier,
+) {
+    Card(
+        onClick = onClick,
+        modifier = modifier.fillMaxWidth(),
+    ) {
+        Row(
+            modifier = Modifier.padding(16.dp),
+            verticalAlignment = Alignment.CenterVertically,
+        ) {
+            Column(modifier = Modifier.weight(1f)) {
+                Text(
+                    text = project.name,
+                    style = MaterialTheme.typography.titleMedium,
+                    maxLines = 1,
+                    overflow = TextOverflow.Ellipsis,
+                )
+                Text(
+                    text = project.description ?: stringResource(R.string.no_description),
+                    style = MaterialTheme.typography.bodySmall,
+                    color = MaterialTheme.colorScheme.onSurfaceVariant,
+                    maxLines = 2,
+                    overflow = TextOverflow.Ellipsis,
+                )
+            }
+            IconButton(onClick = onDelete) {
+                Icon(Icons.Default.Delete, contentDescription = stringResource(R.string.delete))
+            }
+        }
+    }
+}
+\`\`\``;
+    ANDROID_XML_SECTION = `
+## Reference: Fragment with ViewBinding (XML UI)
+\`\`\`kotlin
+@AndroidEntryPoint
+class ProjectListFragment : Fragment(R.layout.fragment_project_list) {
+    private val viewModel: ProjectListViewModel by viewModels()
+    private var _binding: FragmentProjectListBinding? = null
+    private val binding get() = _binding!!
+    private lateinit var adapter: ProjectAdapter
+    override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
+        super.onViewCreated(view, savedInstanceState)
+        _binding = FragmentProjectListBinding.bind(view)
+        adapter = ProjectAdapter(
+            onClick = { project -> findNavController().navigate(
+                ProjectListFragmentDirections.actionToDetail(project.id)
+            )},
+            onDelete = { project -> viewModel.onDeleteProject(project.id) },
+        )
+        binding.recyclerView.adapter = adapter
+        binding.recyclerView.layoutManager = LinearLayoutManager(requireContext())
+        viewLifecycleOwner.lifecycleScope.launch {
+            viewLifecycleOwner.repeatOnLifecycle(Lifecycle.State.STARTED) {
+                launch {
+                    viewModel.uiState.collect { state ->
+                        binding.progressBar.isVisible = state is ProjectListState.Loading
+                        binding.emptyView.isVisible = state is ProjectListState.Empty
+                        binding.errorView.isVisible = state is ProjectListState.Error
+                        binding.recyclerView.isVisible = state is ProjectListState.Success
+                        if (state is ProjectListState.Success) adapter.submitList(state.projects)
+                        if (state is ProjectListState.Error) binding.errorMessage.text = state.message
+                    }
+                }
+                launch {
+                    viewModel.events.collect { event ->
+                        when (event) {
+                            is ProjectListEvent.ProjectDeleted ->
+                                Snackbar.make(binding.root, "Deleted", Snackbar.LENGTH_SHORT).show()
+                            is ProjectListEvent.ShowError ->
+                                Snackbar.make(binding.root, event.message, Snackbar.LENGTH_LONG).show()
+                        }
+                    }
+                }
+            }
+        }
+        binding.fab.setOnClickListener {
+            findNavController().navigate(ProjectListFragmentDirections.actionToCreate())
+        }
+        binding.retryButton.setOnClickListener { viewModel.loadProjects() }
+    }
+    override fun onDestroyView() {
+        super.onDestroyView()
+        _binding = null
+    }
+}
+\`\`\``;
+    SKILL_FULLSTACK = `---
+applies_to: [fullstack]
+---
+# Fullstack \u2014 Production Quality Standard
+For projects with both frontend and backend. Patterns from Vercel, Linear, Cal.com.
+## Rules
+- Shared types between frontend and backend \u2014 define once, import in both
+- API client is a typed wrapper \u2014 never raw fetch() scattered in components
+- Environment variables: NEXT_PUBLIC_ for client, plain for server \u2014 never leak server secrets
+- Validation schemas shared: same Zod schema validates on client AND server
+- Error boundaries in frontend, structured errors from backend
+- Optimistic UI updates where latency matters, with rollback on failure
+## Reference: Shared types (single source of truth)
+\`\`\`ts
+// packages/shared/types.ts (or lib/types.ts)
+export interface Project {
+  id: string;
+  name: string;
+  description: string | null;
+  status: "active" | "paused" | "archived";
+  createdAt: string;
+  updatedAt: string;
+}
+export interface ApiResponse<T> {
+  success: boolean;
+  data: T | null;
+  error: string | null;
+}
+export interface PaginatedResponse<T> extends ApiResponse<T[]> {
+  meta: {
+    page: number;
+    limit: number;
+    total: number;
+    hasMore: boolean;
+  };
+}
+// Validation \u2014 used by both frontend forms and backend handlers
+export const CreateProjectSchema = z.object({
+  name: z.string().min(1, "Name is required").max(100).trim(),
+  description: z.string().max(500).optional(),
+});
+export type CreateProjectInput = z.infer<typeof CreateProjectSchema>;
+\`\`\`
+## Reference: Typed API client (frontend)
+\`\`\`ts
+// lib/api.ts
+class ApiClient {
+  private baseUrl: string;
+  constructor(baseUrl = "/api") {
+    this.baseUrl = baseUrl;
+  }
+  private async request<T>(path: string, opts: RequestInit = {}): Promise<T> {
+    const res = await fetch(\`\${this.baseUrl}\${path}\`, {
+      headers: {
+        "Content-Type": "application/json",
+        ...opts.headers,
+      },
+      ...opts,
+    });
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      throw new ApiError(body.error ?? "Request failed", res.status);
+    }
+    if (res.status === 204) return undefined as T;
+    return res.json();
+  }
+  projects = {
+    list: (params?: { page?: number; search?: string }) =>
+      this.request<PaginatedResponse<Project>>(
+        \`/projects?\${new URLSearchParams(params as Record<string, string>)}\`,
+      ),
+    getById: (id: string) =>
+      this.request<ApiResponse<Project>>(\`/projects/\${id}\`),
+    create: (input: CreateProjectInput) =>
+      this.request<ApiResponse<Project>>("/projects", {
+        method: "POST",
+        body: JSON.stringify(input),
+      }),
+    delete: (id: string) =>
+      this.request<void>(\`/projects/\${id}\`, { method: "DELETE" }),
+  };
+}
+export const api = new ApiClient();
+\`\`\`
+## Reference: Data fetching hook with SWR/React Query pattern
+\`\`\`tsx
+function useProjects(params?: { page?: number; search?: string }) {
+  const [state, setState] = useState<{
+    data: Project[] | null;
+    meta: PaginatedResponse<Project>["meta"] | null;
+    loading: boolean;
+    error: string | null;
+  }>({ data: null, meta: null, loading: true, error: null });
+  const fetchProjects = useCallback(async () => {
+    setState((s) => ({ ...s, loading: true, error: null }));
+    try {
+      const res = await api.projects.list(params);
+      setState({ data: res.data, meta: res.meta, loading: false, error: null });
+    } catch (err) {
+      setState((s) => ({
+        ...s,
+        loading: false,
+        error: err instanceof ApiError ? err.message : "Failed to load projects",
+      }));
+    }
+  }, [params?.page, params?.search]);
+  useEffect(() => { fetchProjects(); }, [fetchProjects]);
+  return { ...state, refetch: fetchProjects };
+}
+\`\`\`
+## Reference: Optimistic delete with rollback
+\`\`\`tsx
+function useDeleteProject(onSuccess?: () => void) {
+  const [deleting, setDeleting] = useState<string | null>(null);
+  const deleteProject = async (id: string, projects: Project[], setProjects: (p: Project[]) => void) => {
+    // Optimistic: remove from UI immediately
+    const previous = projects;
+    setProjects(projects.filter((p) => p.id !== id));
+    setDeleting(id);
+    try {
+      await api.projects.delete(id);
+      onSuccess?.();
+    } catch {
+      // Rollback on failure
+      setProjects(previous);
+      toast.error("Failed to delete project");
+    } finally {
+      setDeleting(null);
+    }
+  };
+  return { deleteProject, deleting };
+}
+\`\`\`
+## Quality checklist (reviewer must verify)
+- [ ] Types shared between frontend and backend \u2014 not duplicated
+- [ ] API client is typed \u2014 no raw fetch() in components
+- [ ] Validation schemas used on both sides
+- [ ] Server secrets never in NEXT_PUBLIC_ or client bundle
+- [ ] Loading, error, empty states in every data-fetching component
+- [ ] API errors return structured { success, data, error } \u2014 not raw strings
 `;
     SKILL_GENERAL = `# Code Quality Standard
@@ -3849,7 +4903,7 @@ function getSkillsForSpecialist(skills, specialist) {
 function formatSkillsForPrompt(projectRoot) {
   const skills = loadSkills(projectRoot);
   if (skills.length === 0) return "";
-  const maxChars = 8e3;
+  const maxChars = 24e3;
   let totalChars = 0;
   const parts = [];
   for (const skill of skills) {
@@ -13330,6 +14384,42 @@ function App({ initialPrompt, modelPreference, agentMode: initialAgentMode, useO
     }));
     if (useOrchestrator) {
       setIsRouting(false);
+      if (!config2.isAuthenticated()) {
+        setMessages((prev) => [
+          ...prev.filter((m) => m.id !== assistantMsgIdRef.current),
+          {
+            id: nextId(),
+            role: "assistant",
+            content: "Sign in to continue \u2014 opening browser..."
+          }
+        ]);
+        busyRef.current = false;
+        setIsBusy(false);
+        try {
+          const { login: login2 } = await Promise.resolve().then(() => (init_auth(), auth_exports));
+          await login2();
+          if (config2.isAuthenticated()) {
+            setMessages((prev) => [
+              ...prev,
+              { id: nextId(), role: "assistant", content: `Signed in as ${config2.get("email")}. Running your task...` }
+            ]);
+            busyRef.current = true;
+            setIsBusy(true);
+          } else {
+            setMessages((prev) => [
+              ...prev,
+              { id: nextId(), role: "assistant", content: "Sign in failed. Try `/login` or run `mint login` in another terminal." }
+            ]);
+            return;
+          }
+        } catch {
+          setMessages((prev) => [
+            ...prev,
+            { id: nextId(), role: "assistant", content: "Could not open browser. Run `mint login` in another terminal." }
+          ]);
+          return;
+        }
+      }
       try {
         const { runOrchestrator: runOrchestrator2 } = await Promise.resolve().then(() => (init_loop2(), loop_exports));
         let responseText = "";
@@ -13772,6 +14862,7 @@ var init_App = __esm({
     init_useAgentEvents();
     init_tiers();
     init_types();
+    init_config();
     init_tracker();
     init_pipeline();
     initChalkLevel();
@@ -13912,166 +15003,12 @@ var init_dashboard = __esm({
 });
 // src/cli/index.ts
+init_auth();
 import { Command } from "commander";
 import chalk10 from "chalk";
 import { readFileSync as readFileSync11, writeFileSync as writeFileSync8, mkdirSync as mkdirSync7 } from "fs";
 import { dirname as dirname7, resolve as resolve11, sep as sep9 } from "path";
-// src/cli/commands/auth.ts
-init_config();
-import chalk from "chalk";
-import boxen from "boxen";
-import { createServer } from "http";
-var SUPABASE_URL = process.env.MINT_SUPABASE_URL ?? "https://srhoryezzsjmjdgfoxgd.supabase.co";
-var SUPABASE_ANON_KEY = process.env.MINT_SUPABASE_ANON_KEY ?? "";
-var AUTH_PAGE_URL = "https://usemint.dev/auth";
-var CALLBACK_PORT = 9876;
-async function login() {
-  if (config2.isAuthenticated()) {
-    const email = config2.get("email");
-    console.log(chalk.yellow(`
-  Already logged in as ${email}`));
-    console.log(chalk.dim("  Run `mint logout` to switch accounts.\n"));
-    return;
-  }
-  console.log(chalk.cyan("\n  Opening browser to sign in...\n"));
-  const token = await waitForOAuthCallback();
-  if (!token) {
-    console.log(chalk.red("\n  Login failed. Try again with `mint login`.\n"));
-    return;
-  }
-  try {
-    const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
-      headers: {
-        "apikey": SUPABASE_ANON_KEY,
-        "Authorization": `Bearer ${token}`
-      }
-    });
-    if (!res.ok) {
-      console.log(chalk.red("\n  Invalid token received. Try again.\n"));
-      return;
-    }
-    const user = await res.json();
-    config2.setAll({
-      apiKey: token,
-      userId: user.id,
-      email: user.email
-    });
-    console.log(boxen(
-      `${chalk.bold.green("Signed in!")}
-Email: ${chalk.cyan(user.email)}
-Plan:  ${chalk.dim("Free \u2014 20 tasks/day")}
-${chalk.dim("Run `mint` to start coding.")}`,
-      { padding: 1, borderColor: "green", borderStyle: "round" }
-    ));
-  } catch (err) {
-    console.log(chalk.red(`
-  Error: ${err.message}
-`));
-  }
-}
-function waitForOAuthCallback() {
-  return new Promise((resolve12) => {
-    const timeout = setTimeout(() => {
-      server.close();
-      resolve12(null);
-    }, 12e4);
-    const server = createServer(async (req, res) => {
-      const url = new URL(req.url ?? "/", `http://localhost:${CALLBACK_PORT}`);
-      if (url.pathname === "/callback") {
-        let token = null;
-        if (req.method === "POST") {
-          const body = await new Promise((r) => {
-            let data = "";
-            req.on("data", (chunk) => {
-              data += chunk.toString();
-            });
-            req.on("end", () => r(data));
-          });
-          try {
-            const parsed = JSON.parse(body);
-            token = parsed.access_token ?? parsed.token ?? null;
-          } catch {
-            token = null;
-          }
-        } else {
-          token = url.searchParams.get("access_token") ?? url.searchParams.get("token");
-        }
-        res.setHeader("Access-Control-Allow-Origin", "*");
-        res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
-        res.setHeader("Access-Control-Allow-Headers", "Content-Type");
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(`
-          <html>
-            <body style="background:#07090d;color:#c8dae8;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0">
-              <div style="text-align:center">
-                <h1 style="color:#00d4ff">Connected!</h1>
-                <p>You can close this tab and return to the terminal.</p>
-              </div>
-            </body>
-          </html>
-        `);
-        clearTimeout(timeout);
-        server.close();
-        resolve12(token);
-        return;
-      }
-      if (req.method === "OPTIONS") {
-        res.setHeader("Access-Control-Allow-Origin", "*");
-        res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
-        res.setHeader("Access-Control-Allow-Headers", "Content-Type");
-        res.writeHead(204);
-        res.end();
-        return;
-      }
-      res.writeHead(404);
-      res.end("Not found");
-    });
-    server.listen(CALLBACK_PORT, () => {
-      const callbackUrl = `http://localhost:${CALLBACK_PORT}/callback`;
-      const authUrl = `${AUTH_PAGE_URL}?callback=${encodeURIComponent(callbackUrl)}`;
-      import("child_process").then(({ execFile }) => {
-        const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
-        execFile(cmd, [authUrl]);
-      });
-    });
-    server.on("error", () => {
-      clearTimeout(timeout);
-      resolve12(null);
-    });
-  });
-}
-async function signup() {
-  await login();
-}
-async function logout() {
-  if (!config2.isAuthenticated()) {
-    console.log(chalk.yellow("\n  Not logged in.\n"));
-    return;
-  }
-  const email = config2.get("email");
-  config2.clear();
-  console.log(chalk.green(`
-  Logged out from ${email}
-`));
-}
-async function whoami() {
-  if (!config2.isAuthenticated()) {
-    console.log(chalk.yellow("\n  Not logged in."));
-    console.log(chalk.dim("  Run `mint login` to sign in.\n"));
-    return;
-  }
-  const email = config2.get("email");
-  console.log(boxen(
-    `${chalk.bold("Signed in")}
-Email: ${chalk.cyan(email)}`,
-    { padding: 1, borderColor: "cyan", borderStyle: "round" }
-  ));
-}
 // src/cli/commands/config.ts
 init_config();
 import chalk2 from "chalk";