diff --git a/.agents/skills b/.agents/skills new file mode 120000 index 00000000..6838a116 --- /dev/null +++ b/.agents/skills @@ -0,0 +1 @@ +../.ai/skills \ No newline at end of file diff --git a/.ai/LANGUAGE.md b/.ai/LANGUAGE.md new file mode 100644 index 00000000..38e51d74 --- /dev/null +++ b/.ai/LANGUAGE.md @@ -0,0 +1,53 @@ +# MDCMS vocabulary + +Use these terms exactly. Do not coin synonyms. If a needed concept is missing, add it here in the same change that introduces it to the code. + +## Domain terms + +| Term | Meaning | Don't say | +| ---------------- | ---------------------------------------------------------------------------------- | --------------------------- | +| **Document** | A single piece of editable content (a row in `documents`) | entry, item, record, post | +| **Content type** | A schema definition for documents (e.g. `BlogPost`) | model, collection, kind | +| **Field** | A typed property on a content type | column, attribute, property | +| **Reference** | A field whose value points to another document | relation, link, fk | +| **Project** | A top-level isolation boundary (a tenant) | workspace, org, site | +| **Environment** | A named state within a project (e.g. `draft`, `prod`) | branch, stage | +| **Locale** | A language/region pair on a translatable document | language, i18n target | +| **Schema** | The combined typed surface (content types + fields) for a project | config, definition | +| **Module** | A first-party or third-party extension that mounts server, CLI, or Studio surfaces | plugin, addon, extension | +| **Manifest** | A module's declaration file (`manifest.ts`) | descriptor, config | + +## Operations + +| Term | Meaning | Don't say | +| --------------- | -------------------------------------------------------------------- | -------------------------------- | +| **Pull** | Fetch documents from server to local files (CLI direction) | download, sync down, fetch | +| **Push** | Upload local file changes to server | upload, sync up, deploy | +| **Sync** | Two-sided reconciliation (push + pull with conflict resolution) | use only when actually two-sided | +| **Publish** | Move a draft document to the published environment | release, ship | +| **Schema sync** | Reconcile local `mdcms.config.ts` schema with server schema registry | schema migrate, schema deploy | + +## Authorization + +| Term | Meaning | Don't say | +| ----------------------- | ------------------------------------------------------------------------------------- | ----------------------------------- | +| **API key** | Long-lived bearer token for non-interactive clients | token, secret | +| **Session** | Browser-based interactive auth | cookie, login | +| **Loopback OAuth flow** | CLI's browser-based auth handoff using OAuth2 with a localhost callback (`127.0.0.1`) | device flow, OAuth flow, login flow | +| **Scope** | A permission claim attached to a key or session | permission, role, capability | + +## Codebase shape + +| Term | Meaning | Don't say | +| ----------------------------- | ------------------------------------------------------------------- | --------------------------------------------------------- | +| **Workspace** | A Bun + Nx package in the monorepo | project (overloaded), package (use only for npm packages) | +| **`@mdcms/source` condition** | Custom export condition that resolves to TypeScript source for dev | source export, dev export | +| **Studio** | The embeddable React component (`@mdcms/studio`) | admin UI, dashboard, panel | +| **Studio review** | `apps/studio-review` — internal contract-consumer for preview mocks | studio test, review app | + +## Forbidden + +- "Entry" — always use **document**. +- "Workspace" when referring to **project** — they're different concepts. ("Workspace" is fine when referring to a Bun + Nx package in the monorepo.) +- "Plugin" when referring to a first-party **module** — modules are first-class. (Third-party concepts that genuinely call themselves plugins, e.g. TipTap plugins, can keep that name.) +- "Device flow" for the CLI auth handoff — it is a **loopback OAuth flow** (RFC 8252), not RFC 8628 device authorization grant. diff --git a/.ai/memory/README.md b/.ai/memory/README.md new file mode 100644 index 00000000..4ca0772d --- /dev/null +++ b/.ai/memory/README.md @@ -0,0 +1,63 @@ +# Memory + +Persistent team knowledge about MDCMS — the product, the architecture, the integrations, the major efforts in flight, and the lessons we've already learned. Read this when you need _durable_ knowledge. For _volatile_ state (what someone is working on right now, current sprint, blockers), use the issue tracker — that's the right tool for it, and trying to mirror that state here causes merge conflicts on every concurrent PR. + +## Layout + +| Path | Contents | Update cadence | +| ------------------------------------ | --------------------------------------------------------------------- | -------------------------------------------------------- | +| [`product.md`](product.md) | Vision, audience, scope, why MDCMS exists | Rarely — only when product itself changes | +| [`architecture.md`](architecture.md) | System patterns, invariants, hard rules | When architecture decisions change | +| [`stack.md`](stack.md) | Runtime, deps, infrastructure, constraints | On dependency upgrades or infra changes | +| [`lessons.md`](lessons.md) | Append-only dev-time pitfalls | Append on discovery | +| [`topics/`](topics/) | Cross-cutting domain knowledge — auth flow, sync, multi-tenancy, etc. | When a topic stabilizes or changes meaningfully | +| [`integrations/`](integrations/) | External systems we depend on (Docker, GitHub Actions) | When config or auth changes | +| [`initiatives/`](initiatives/) | One file per major team effort — active and completed | When an initiative kicks off, hits a milestone, or wraps | + +Vocabulary lives at [`../LANGUAGE.md`](../LANGUAGE.md). Architecture decision rationale lives at `docs/adrs/` (canonical product docs). Specs live at `docs/specs/`. Per-package guidance lives at `apps/*/AGENTS.md` and `packages/*/AGENTS.md`. + +## How an agent should read this + +```text +First-time / onboarding + └─ product.md → architecture.md → stack.md → skim topics/ index → skim initiatives/ active + +Starting a feature + └─ architecture.md (invariants) → topics/ (relevant cross-cutting) → initiatives/ (does this fit something?) + → docs/specs/.md (canonical scope, NOT in memory/) + +Debugging a thing that broke + └─ lessons.md (have we seen this?) → topics/ (cross-cutting flow) → integrations/ (external system?) + +Wondering why something is the way it is + └─ architecture.md (patterns) → docs/adrs/ (decision rationale) → initiatives/ (which effort drove this?) +``` + +## How to update + +- **product.md / architecture.md / stack.md** — directly, in the PR that changes the underlying reality. Docs, not state. Reviewed in PR. +- **lessons.md** — append at the bottom on discovery. Lead with the rule, then `Why:` and `How to apply:`. +- **topics/** — add a new file when a cross-cutting concept stabilizes; update existing files when the flow changes. One topic per file. +- **integrations/** — add a new file when integrating a new external system; update on config/auth changes. +- **initiatives/** — create on kickoff, update on milestones, mark `Status: completed` on wrap. One initiative per file (no shared write surface = no merge conflicts). + +## Why this shape (and not something more sophisticated) + +Two reference systems we considered: + +- **Hermes Agent** — minimalist 2-file (MEMORY.md + USER.md, ~3.6KB total), frozen-snapshot system-prompt injection, FTS5 over session history, designed for solo use. +- **Magic Context** — sophisticated 4-layer SQLite + vector embeddings + 5 access tools, designed for solo use. + +Both are user-local. Neither is committed to a team git repo. SQLite databases don't merge cleanly; user-home memory doesn't share with the team. + +Our system trades runtime sophistication (no semantic search yet, no auto-injection beyond `@AGENTS.md`) for **team-shareability and version control**. If we later want semantic search, the right move is an MCP server that indexes these markdown files — the files stay the source of truth. + +## What this is _not_ + +- Not a substitute for issue tracking or todo lists — both belong in the issue tracker. +- Specs live at `docs/specs/`, not here. +- Don't treat this as a changelog — git log and PR descriptions cover that. +- Operator runbooks belong in package READMEs. +- Personal journals (Hermes-style `USER.md`) stay in user-home, not in the repo. + +This is the **shared mental model** the team and its agents maintain about MDCMS. diff --git a/.ai/memory/architecture.md b/.ai/memory/architecture.md new file mode 100644 index 00000000..8a725d2e --- /dev/null +++ b/.ai/memory/architecture.md @@ -0,0 +1,56 @@ +# System patterns + +Architecture invariants and key technical decisions. Update when one changes. + +## Source of truth + +- **Database is canonical**, not the filesystem. The server is the only thing that owns truth. +- The CLI's local files are a working copy. Pull/push reconciles against the server, not vice versa. +- Schema (content types + fields) lives in the server's schema registry. The local `mdcms.config.ts` is the developer's authoring surface; `schema sync` reconciles it to the registry. + +## Module system + +- First-party modules live under `packages/modules//`. +- Each module ships `manifest.ts`, `server/index.ts`, `cli/index.ts`. Some also ship `studio/index.tsx`. +- The `installedModules` registry in `packages/modules/src/index.ts` is **deterministic and sorted by `manifest.id`**. Don't introduce ordering coupling. +- Server and CLI each have their own `module-loader.ts`. Both auto-mount at startup. +- Cross-module dependencies go through declared interfaces in `@mdcms/shared`, never direct imports between module packages. + +## Package boundaries (hard rules) + +- `@mdcms/shared` exports types, validators, pure utilities. **No runtime side effects, no HTTP, no DB.** +- `@mdcms/sdk` is read-only. Bearer-token client. **No write methods.** +- `@mdcms/cli` owns push/pull/sync logic and the loopback OAuth flow. +- `@mdcms/studio` runs inside the host app's process — embedded React component, not a separate page. +- `@mdcms/server` is the only thing that talks to the database. + +## Conditional exports + +Every package uses `@mdcms/source` as a custom condition pointing to TypeScript source for development. `import` and `default` point to `dist/` for production. **Don't break this convention** — dev-time source imports rely on it. + +## Validation + +- All inputs validated with **Zod 4** at module boundaries. +- Content schemas use **Standard Schema** for ecosystem interop. +- No double-validation; once a value is parsed, downstream code trusts the type. + +## Tests + +- **`*.test.ts`** — unit tests, co-located with source. +- **`*.contract.test.ts`** — Drizzle schema validated against actual SQL migrations. Catches drift between ORM definitions and migration outputs. +- **Integration:** `bun run integration` runs Docker health + migration check. +- **CI gate:** `bun run ci:required`. + +## Studio review app + +`apps/studio-review` is a maintained internal consumer of Studio + backend contracts, used to keep preview mocks aligned. Whenever a contract changes, update `apps/studio-review` handlers/fixtures/tests in the same commit. Don't let it drift. + +## Standalone specs + +Files under `docs/specs/` are **standalone canonical product documentation**. No task IDs, no external planning references, no "this task" language. Spec rationale either stays self-contained or moves to an ADR. + +## Multi-tenant boundaries + +- **Project** is the isolation unit. Every persistable entity carries `project_id`. +- **Environment** is a state within a project (e.g. `draft`, `prod`). Reads default to the published environment unless explicit. +- Tenant scoping is enforced at the route layer — every authenticated request resolves a project context before reaching domain code. diff --git a/.ai/memory/initiatives/README.md b/.ai/memory/initiatives/README.md new file mode 100644 index 00000000..9887f686 --- /dev/null +++ b/.ai/memory/initiatives/README.md @@ -0,0 +1,30 @@ +# Initiatives + +A file per major team effort — active and completed. Initiatives are bigger than tasks (which live in the issue tracker) and longer-running than features. Examples: a multi-quarter platform migration, an open-source release, a customer-driven SLA push. + +## File format + +`YYYY-MM-DD-kebab-case-name.md` for the start date. + +Each file has these sections: + +- **Status:** `active` | `completed` | `paused` | `abandoned` +- **Goal** — one paragraph, what success looks like +- **Why** — the constraint or opportunity that drove this +- **Scope** — in / out, with explicit "out" list +- **Key decisions** — bullets, with cross-refs to ADRs/specs/PRs +- **Outcome** (added when status moves off `active`) — what actually shipped, what lessons came out + +Keep each file under ~200 lines. If it grows beyond that, split it into a parent + sub-initiatives. + +## Active + +(none yet) + +## Completed + +(none yet) + +## Why initiatives instead of just commits + Jira + +Jira tickets are scoped tasks. Commits are atomic changes. Neither captures the **why** of a multi-week / multi-month effort, the **scope boundary** that prevents drift, or the **outcomes** in a queryable form. A future agent (or new team member) asking "why did MDCMS adopt X?" gets a better answer from an initiative file than from twenty Jira tickets and forty commits. diff --git a/.ai/memory/integrations/README.md b/.ai/memory/integrations/README.md new file mode 100644 index 00000000..8a3a20e1 --- /dev/null +++ b/.ai/memory/integrations/README.md @@ -0,0 +1,18 @@ +# Integrations + +External systems MDCMS depends on or integrates with. One file per system. Document what we use it for, how it's configured, and what failure modes look like — so a new contributor (or agent) can debug or replicate the setup without reverse-engineering it from config files. + +## Index + +- [`docker-stack.md`](docker-stack.md) — Local infrastructure (postgres, redis, minio, mailhog) via `docker-compose.yml`. +- [`github-actions.md`](github-actions.md) — CI gates and workflow files in `.github/workflows/`. + +## Format + +For each integration: + +1. **What it is + why we use it.** +2. **Configuration** — where the config lives, what's in it, what's local-only vs committed. +3. **How agents interact with it** (if applicable) — MCP servers, CLI tools, auth setup. +4. **Failure modes** — common breakages and how to recognize them. +5. **Cross-refs.** diff --git a/.ai/memory/integrations/docker-stack.md b/.ai/memory/integrations/docker-stack.md new file mode 100644 index 00000000..a93d5997 --- /dev/null +++ b/.ai/memory/integrations/docker-stack.md @@ -0,0 +1,52 @@ +# Docker stack + +## What it is + why + +Local infrastructure for development. MDCMS depends on PostgreSQL, Redis, MinIO (S3-compatible object storage), and MailHog (SMTP catch-all for dev email testing). All four run via `docker-compose.yml` at the repo root. + +## Configuration + +```bash +docker compose up -d --build # Bring up the stack +docker compose down # Tear down +docker compose logs -f # Tail a service +``` + +Services: + +- **postgres** — PostgreSQL 16. Used for content, auth, sessions, and audit logs. +- **redis** — Provisioned for caching, queues, and rate-limiting. Not currently a session store. +- **minio** — Media uploads (S3-compatible). +- **mailhog** — Dev-only SMTP capture; web UI at `localhost:8025`. + +The server expects this stack on default ports. Ports and credentials live in `docker-compose.yml` and the server's `.env` (local-only). + +## How agents interact + +Mostly indirectly — agents run server commands that assume the stack is up: + +```bash +bun --cwd apps/server run start # Server on :4000, expects docker stack up +bun run integration # Runs Docker health + migration check +``` + +For a clean re-run during debugging: + +```bash +docker compose down -v && docker compose up -d --build +``` + +The `-v` flag drops volumes — useful when starting from a clean DB state, **not safe** if you want to preserve seeded content. + +## Failure modes + +- **Port conflicts.** If Postgres 5432 or Redis 6379 are already in use locally, `docker compose up` fails. Check with `lsof -i :5432`. +- **Volume corruption from killed containers.** `docker compose down -v` resets state. +- **Stale image after dependency upgrades.** `--build` rebuilds; without it, you might run an outdated server image. +- **MinIO bucket missing.** First-time setup may need explicit bucket creation (`mc mb local/mdcms`); check server logs for `NoSuchBucket`. + +## Cross-refs + +- Compose file: `docker-compose.yml` +- Per-package: `apps/server/AGENTS.md` +- Related: [`../stack.md`](../stack.md) for the broader stack context. diff --git a/.ai/memory/integrations/github-actions.md b/.ai/memory/integrations/github-actions.md new file mode 100644 index 00000000..5bc50f84 --- /dev/null +++ b/.ai/memory/integrations/github-actions.md @@ -0,0 +1,38 @@ +# GitHub Actions + +## What it is + why + +CI gates running on push and PR. Defined in `.github/workflows/`. The required gate is `bun run ci:required` — anything that fails this blocks merge. + +## Configuration + +Workflow files live at `.github/workflows/*.yml`. Each workflow declares triggers (push, pull_request, schedule) and jobs. + +## Required gate + +`bun run ci:required` runs: + +1. `bun run format:check` — Prettier check. +2. `bun run check` — Build + typecheck combined. +3. `bun run unit` — Unit tests via `bun test` orchestrated by Nx. +4. `bun run integration` — Docker health + migration check. + +No git hook auto-runs this locally; running it manually before pushing avoids the round-trip wait of seeing failures in CI. + +## How agents interact + +- Read workflow files to understand what CI runs. +- Run `ci:required` locally before pushing — if it fails, the PR will too. +- Use `gh pr checks` or `gh run list` to inspect a PR's CI status without leaving the terminal. + +## Failure modes + +- **Format check failing** — almost always a missed `bun run format` before commit. Run it, commit the diff. +- **Typecheck failing on a PR but not locally** — usually means dependencies got out of sync; `bun install` and re-run. +- **Integration step timing out** — Docker stack startup is slow on cold caches. Local runs may pass while CI fails. Inspect the run logs for the specific service that didn't come up. + +## Cross-refs + +- Workflows: `.github/workflows/` +- AGENTS.md "Working in this repo" section — describes the local pre-push procedure. +- Per-package AGENTS.md — package-specific test/build commands. diff --git a/.ai/memory/lessons.md b/.ai/memory/lessons.md new file mode 100644 index 00000000..b4cfcddd --- /dev/null +++ b/.ai/memory/lessons.md @@ -0,0 +1,19 @@ +# Lessons + +Append a new entry whenever you discover a non-obvious pitfall. Lead with the rule, then a `Why:` line, then a `How to apply:` line. Keep entries one short paragraph each — link to a commit or PR for full context if needed. + +Entries are reverse-chronological (newest first). + +--- + + diff --git a/.ai/memory/product.md b/.ai/memory/product.md new file mode 100644 index 00000000..aa5b4390 --- /dev/null +++ b/.ai/memory/product.md @@ -0,0 +1,33 @@ +# Project brief + +## What MDCMS is + +A collaborative CMS built around Markdown/MDX for React-based frameworks. The database is the source of truth (not the filesystem). Editors work in a browser-based Studio, developers work with local `.md`/`.mdx` files synced via CLI, and consumer applications fetch via SDK or REST. All three surfaces share the same data layer, validation, permissions, and version history. + +## Why it exists + +Existing headless CMSes force one of two compromises: filesystem-based tools (Contentlayer, MDX bundlers) lose multi-user collaboration and permissions; database-first tools (Sanity, Contentful, Strapi) lose the developer-friendly file editing flow. MDCMS keeps both — the database is canonical, but the local file experience is real, not a sync hack. + +## Who it's for + +- **Developers** building React/Next.js/Remix sites who want to edit content in their editor and ship it through git-like workflows. +- **Editors** in those teams who need a real GUI for content work — Studio is for them. +- **AI agents** that want a typed, scoped HTTP API to read and write content without scraping a UI. + +The core thesis is that **none of the three should block the others**. An editor publishing a page and an agent rewriting 500 posts at once go through the same validation, the same permissions, and the same version history. + +## Core architecture + +- **`apps/server`** is the canonical source of truth. Elysia + PostgreSQL + Drizzle. Every read/write hits this. +- **`apps/cli`** owns push/pull/sync — file ↔ database reconciliation, auth via loopback OAuth flow. +- **`packages/studio`** is an embeddable React component the host app mounts at a catch-all route. +- **`packages/sdk`** is a thin read-only client. +- **`packages/shared`** holds Zod contracts and types every other package imports. +- **`packages/modules`** is the first-party module registry — both server-side (`installedModules`) and CLI-side discovery is deterministic and ordered. + +## Out of scope (current) + +- Real-time multi-user collaboration via CRDTs — Post-MVP. +- Live preview (real-time content rendering in the consumer frontend) — upcoming. +- MCP integration for agent-driven content operations — upcoming. +- Multiple spaces (team-scoped content organization) — upcoming. diff --git a/.ai/memory/stack.md b/.ai/memory/stack.md new file mode 100644 index 00000000..59e79882 --- /dev/null +++ b/.ai/memory/stack.md @@ -0,0 +1,56 @@ +# Stack + +Runtime, dependencies, and infrastructure. Update when any of them change. + +## Runtime + tooling + +- **Bun** is the package manager AND the test runner (`bun test`). +- **Nx 22.5** orchestrates tasks across the monorepo with `@nx/js/typescript` plugin. +- **TypeScript 5.9**, strict mode, `nodenext` module resolution, `composite` projects (project references). + +## Backend + +- **Elysia** (HTTP framework) running on Bun. +- **Drizzle ORM** with `postgres.js` driver against **PostgreSQL 16**. Sessions, content, auth, and audit logs all live in Postgres. +- **Redis** is provisioned in the dev stack (`REDIS_URL` env var); reserved for future use (caching, queues, rate-limiting). Not currently a session store. +- **MinIO** (S3-compatible) for media. + +## Frontend + +- **React** for Studio. +- **TanStack Query** for client-side data fetching. +- **TipTap** for the editor with MDX component support. + +## Validation + +- **Zod 4** for runtime validation. +- **Standard Schema** for content type definitions (ecosystem interop). + +## Infrastructure (dev) + +- `docker compose up -d --build` brings up postgres, redis, minio, mailhog. +- Server runs on port 4000. + +## Custom export condition + +`@mdcms/source` resolves to TypeScript source files during development. Production builds resolve through `import`/`default` to `dist/`. Every package's `package.json` exports must include this condition. + +## Constraints worth knowing + +- **Bun-only.** Do not introduce Node-only dependencies that don't run on Bun. +- **No runtime ORM relationships across modules.** First-party modules in `packages/modules//` use foreign-key IDs only — never direct relations between modules. (Hard rule from architecture.) +- **Tenant scoping is mandatory.** Every tenant-scoped row carries `project_id` (or equivalent boundary key); queries against tenant tables must filter on it. Auth tables (sessions, accounts, users) are user-bound and don't carry `project_id`. +- **Pre-push procedure (manual):** run `bun run ci:required` locally before pushing — typecheck + format check + unit tests + integration must all pass. CI runs the same gate on the PR. +- **Pre-commit checks:** `bun run format:check` and `bun run check`. + +## Things that are NOT in the stack (yet) + +- No CRDT library (real-time collab is Post-MVP). +- No MCP server (AI agent integration is upcoming, separate work). +- No live preview pipeline (upcoming). + +## Repository services + +- Issue tracker: GitHub Issues. +- CI: GitHub Actions (see `.github/workflows/`). +- Docs deploy: `docs.mdcms.ai` (separate pipeline). diff --git a/.ai/memory/topics/README.md b/.ai/memory/topics/README.md new file mode 100644 index 00000000..6e3e8a23 --- /dev/null +++ b/.ai/memory/topics/README.md @@ -0,0 +1,26 @@ +# Topics + +Cross-cutting domain knowledge — things that don't belong to a single package. Per-package details live in `apps/*/AGENTS.md` and `packages/*/AGENTS.md`. Architectural decisions live in `docs/adrs/`. Specs live in `docs/specs/`. **Topics here are integration-level**: how concepts flow across packages, what guarantees the system makes, what's idiomatic. + +## Format + +One file per topic. Filename `kebab-case.md`. Each file should answer four questions: + +1. **What is it?** — one paragraph; the concept and its boundaries. +2. **How does it work?** — the actual flow, with cross-refs to packages and files. +3. **What guarantees / invariants?** — what must always be true. +4. **Cross-refs.** — pointers to specs, ADRs, code, and other topics. + +Keep each file under ~150 lines. If it grows beyond that, split it. + +## Index + +- [`auth-flow.md`](auth-flow.md) — How session / API key / loopback-OAuth auth weaves across `apps/server`, `apps/cli`, and `packages/studio`. +- [`push-pull-sync.md`](push-pull-sync.md) — The CLI's file ↔ database reconciliation lifecycle. +- [`schema-sync.md`](schema-sync.md) — How `mdcms.config.ts` definitions reach the server schema registry. +- [`multi-tenancy.md`](multi-tenancy.md) — Project + environment scoping rules across the data layer. +- [`module-system.md`](module-system.md) — How first-party modules mount surfaces in server, CLI, and Studio. + +## When to add a topic + +When you find yourself explaining a cross-cutting concept twice — to a teammate, to an AI agent, in a PR description — that's the signal. Write it down here once and link from the next conversation. diff --git a/.ai/memory/topics/auth-flow.md b/.ai/memory/topics/auth-flow.md new file mode 100644 index 00000000..ba2eef07 --- /dev/null +++ b/.ai/memory/topics/auth-flow.md @@ -0,0 +1,50 @@ +# Auth flow + +## What it is + +Three authentication modes coexist in MDCMS, each suited to a different surface: + +- **Session** — browser-based, used by Studio. Server-issued, cookie-bound, stored in the Postgres `sessions` table. +- **API key** — long-lived bearer token. Used by SDK consumers and any non-interactive client. Carries scopes. +- **Loopback OAuth flow** — CLI's browser-based auth handoff using OAuth2 with a localhost callback (RFC 8252). Trades a one-time authorization code (with `state` validation) for an API key stored in the user's local CLI config. + +All three resolve to the same internal concept downstream: an authenticated principal with a project context and a set of scopes. + +## How it works + +### Session (Studio) + +Browser sessions are persisted server-side; the `sessions` table in `apps/server/src/lib/db/schema.ts` holds them with a unique-token index. Studio fetches the active principal on mount and caches it in its TanStack Query layer; writes carry CSRF protection. + +### API key (SDK / non-interactive) + +Clients construct `createClient({ url, apiKey, project, environment })` and send `Authorization: Bearer ` on every request. The server resolves `key → principal → project ACL → scopes → request`. The SDK is read-only by design; writes go directly to the server. + +### Loopback OAuth flow (CLI) + +1. `mdcms login` starts a local HTTP listener (`createCallbackListener` in `apps/cli/src/lib/login.ts`) bound to `127.0.0.1` on an ephemeral port. Callback path is `/callback`. +2. CLI opens a browser to the server's authorization page with the `redirectUri` (e.g. `http://127.0.0.1:54321/callback`), a one-time `state` value, and a server-issued `challengeId`. +3. User authenticates in the browser. Server redirects to the loopback URL with `code` + `state`. +4. The local listener validates that the inbound `state` matches the value the CLI sent (CSRF protection). +5. CLI exchanges the `code` with the server for an API key. +6. Key is stored in the user's CLI credential store. Subsequent CLI commands use it as a bearer token. + +If the listener doesn't receive a callback within a timeout, the CLI surfaces "Timed out waiting for browser callback. Please retry `mdcms login`." + +## Guarantees / invariants + +- Every authenticated request resolves a project context **before** reaching domain code. No cross-tenant leak via missing scoping. +- API keys carry scopes; sessions inherit scopes from the user's role. +- The loopback flow validates `state` to defeat CSRF; binding to `127.0.0.1` confines redirect targets to the local machine. +- API keys are revocable; sessions are revocable; both invalidate immediately on the server. + +## Cross-refs + +- Spec: `docs/specs/SPEC-005-auth-authorization-and-request-routing.md` +- Per-package: `apps/server/AGENTS.md`, `apps/cli/AGENTS.md` +- Implementation: `apps/cli/src/lib/login.ts` (loopback listener), `apps/server/src/lib/auth.ts`, `apps/server/src/lib/db/schema.ts` (sessions table) +- Related topic: [`multi-tenancy.md`](multi-tenancy.md) for how `project_id` scoping interacts with auth + +## Open extensions + +OIDC and SAML provider support are upcoming-work items; see `docs/specs/` for the current spec inventory and check whether a dedicated spec has landed before assuming behavior. diff --git a/.ai/memory/topics/module-system.md b/.ai/memory/topics/module-system.md new file mode 100644 index 00000000..1fb7b717 --- /dev/null +++ b/.ai/memory/topics/module-system.md @@ -0,0 +1,45 @@ +# Module system + +## What it is + +The extensibility mechanism. New capabilities — server actions, CLI commands, Studio UI surfaces, content types, validation hooks — are added as **modules** rather than by patching core code. First-party modules (e.g. `core.system`, `domain.content`) live in `packages/modules//`. Third-party modules are external npm packages that register against the same contract. + +## How it works + +### Module shape + +Every module ships: + +- `manifest.ts` — metadata (id, version, capabilities, dependencies). +- `server/index.ts` — server-side surfaces (HTTP routes, event handlers, jobs). +- `cli/index.ts` — CLI subcommands. +- Optional `studio/index.tsx` — UI surfaces. + +### Registration + +- The `installedModules` registry in `packages/modules/src/index.ts` is a deterministic, sorted-by-`manifest.id` array. +- Server and CLI each have their own `module-loader.ts` that walks the registry at startup and mounts each module's surfaces. +- Studio loads its module bundle from the server at runtime — the host app doesn't bundle modules at build time. + +### Cross-module dependencies + +- Modules **must not** create direct ORM relationships across module boundaries. Use foreign-key IDs only. +- Cross-module communication goes through declared interfaces in `@mdcms/shared`, never direct imports between module packages. +- A module can declare it depends on another module's interface; the loader fails fast if a dependency is missing. + +## Guarantees / invariants + +- **Deterministic load order.** Same registry → same load order across machines. No environment-dependent ordering. +- **No cross-module ORM relations.** Hard rule. Enforced by code review (and ideally a lint rule eventually). +- **Server / CLI / Studio share the same registry source of truth.** The list of installed modules is one decision, not three. +- **Modules don't patch core.** If a feature would require modifying core, it's not a module — promote to core or rethink the abstraction. + +## Cross-refs + +- Spec: `docs/specs/SPEC-002-system-architecture-and-extensibility.md` +- Per-package: `packages/modules/`, `apps/server/AGENTS.md`, `apps/cli/AGENTS.md` +- Related: [`schema-sync.md`](schema-sync.md) — content types are typically delivered via modules + +## Why this matters + +A CMS without an extensibility story becomes a monolith customers fork to extend. The module contract forces "it's a module or it's core" decisions early, which keeps the core surface small. diff --git a/.ai/memory/topics/multi-tenancy.md b/.ai/memory/topics/multi-tenancy.md new file mode 100644 index 00000000..ad51282f --- /dev/null +++ b/.ai/memory/topics/multi-tenancy.md @@ -0,0 +1,49 @@ +# Multi-tenancy + +## What it is + +Project is the top-level isolation boundary in MDCMS. Every **tenant-scoped** entity — documents, content types, schemas, API keys, audit-log entries — carries a `project_id`. (User-bound entities like sessions and accounts are not project-scoped; they resolve a project context per request based on the explicit project parameter or the API key's binding.) Within a project, **environment** (e.g. `draft`, `prod`) is a state dimension that further scopes reads and writes. + +This is the multi-tenant model — a single MDCMS server hosts arbitrary projects, and tenant code never sees data from another tenant. + +## How it works + +### Project resolution + +1. Every authenticated request resolves a project context **before** reaching domain code. +2. Project comes from one of: + - Explicit header / parameter (SDK clients pass `project` in `createClient`). + - The api key's bound project (api keys are project-scoped). + - The session's active project (Studio). +3. If a request can't resolve a project, it errors at the route layer — no domain code runs without a tenant. + +### Environment scoping + +1. Reads default to the **published environment** unless the request explicitly opts into another. +2. Writes target a specific environment — usually `draft` for editorial workflows, `prod` after publish. +3. Publishing is a state transition that copies/promotes a draft document into the prod environment. +4. Locales further scope translatable documents — a single document has a per-locale variant, all sharing the same project + environment context. + +### Storage layer + +- Every **tenant-scoped** row has a `project_id` (foreign key) plus, where relevant, `environment` and `locale` columns. Auth tables (`authUsers`, `authSessions`, `authAccounts`, `authVerifications`) are user-bound rather than project-bound and don't carry a `project_id`. +- Drizzle queries against tenant-scoped tables **must** filter by `project_id`. There's no global query path for tenant data. +- Indexes on tenant-scoped tables are composite, leading with `project_id`. + +## Guarantees / invariants + +- **No cross-tenant data leak.** A misconfigured query that omits `project_id` is a bug; should be caught in code review and ideally by lint rules. +- **API keys are project-bound.** A leaked key compromises one project, not all projects on the server. +- **Project deletion cascades.** Deleting a project removes all its documents, schemas, audit entries, and api keys. +- **Environment isolation is logical, not physical.** All environments share the same database tables; isolation comes from the `environment` column, not separate schemas/databases. + +## Cross-refs + +- Spec: `docs/specs/SPEC-001-platform-overview-and-scope.md`, `docs/specs/SPEC-002-system-architecture-and-extensibility.md` +- Per-package: `apps/server/AGENTS.md` +- Related: [`auth-flow.md`](auth-flow.md) for how project resolution interacts with each auth mode +- Related: [`push-pull-sync.md`](push-pull-sync.md) for how environment scoping affects CLI operations + +## Future scope + +**Multiple spaces** (team-scoped content organization within a project) is on the upcoming-work list. The shape and exact column names are not yet specified — defer to the relevant spec under `docs/specs/` once it lands. Until then, don't assume a particular schema or boundary; just keep tenant-scoping code shaped for additional future scopes without restructuring. diff --git a/.ai/memory/topics/push-pull-sync.md b/.ai/memory/topics/push-pull-sync.md new file mode 100644 index 00000000..93b9bc9f --- /dev/null +++ b/.ai/memory/topics/push-pull-sync.md @@ -0,0 +1,56 @@ +# Push / pull sync + +## What it is + +The CLI's file ↔ database reconciliation. The database is canonical (server-side); local `.md`/`.mdx` files are a working copy. The two operations are deliberately one-directional: + +- **`mdcms pull`** — fetch documents from the server to local files. Overwrites local with server state for the targeted scope. +- **`mdcms push`** — upload local file changes back to the server. Conflict-checked against the server's current state via document version headers. + +The full CLI command set is `init`, `login`, `logout`, `pull`, `push`, `schema sync`, `status` (registered in `apps/cli/src/lib/framework.ts`). + +## How it works + +### Pull + +1. CLI authenticates with the stored API key from the credential store. +2. CLI requests document set scoped to project + environment + locale + content-type filters. +3. Server returns documents with their current version metadata. +4. CLI writes `.md`/`.mdx` files to the configured local directory (`mdcms.config.ts` `contentDir`). +5. Each file's frontmatter carries metadata: id, version, environment, locale, references. + +### Push + +1. CLI scans local files in `contentDir`. +2. For each changed file, CLI sends the request with version-tracking headers: + - `x-mdcms-project` and `x-mdcms-environment` for routing context + - `x-mdcms-schema-hash` to pin against the schema the file was authored under + - `x-mdcms-draft-revision` and `x-mdcms-published-version` to detect server-side drift since the last pull +3. Server validates against the current schema, applies edits, returns the new version. +4. CLI updates local cache to the new version. +5. If the server's version moved since the last pull, the request is rejected as a conflict; CLI surfaces a structured conflict and stops. User resolves manually. + +### Status + +`mdcms status` shows pending local changes and known conflicts without writing anything. + +## Guarantees / invariants + +- **Database is the source of truth.** Pull overwrites local; push commits to server with version checks. +- **No silent merge.** Conflicts halt push; resolution is explicit. +- **Schema-checked at push.** The `x-mdcms-schema-hash` header pins the request against the schema the file was authored under (see ADR-006). Server rejects pushes against stale schemas before any partial write. +- **Environment + locale isolation.** Pull/push are scoped — pulling `prod` never overwrites `draft` and vice versa. + +## Cross-refs + +- Spec: `docs/specs/SPEC-008-cli-and-sdk.md`, `docs/specs/SPEC-003-content-storage-versioning-and-migrations.md` +- ADR: `docs/adrs/ADR-006-schema-hash-pinning-for-write-clients.md` +- Per-package: `apps/cli/AGENTS.md` +- Implementation: `apps/cli/src/lib/push.ts`, `apps/cli/src/lib/pull.ts`, `apps/cli/src/lib/framework.ts` +- Related: [`schema-sync.md`](schema-sync.md) for the schema-side equivalent flow + +## What this is _not_ + +- Not a CRDT or real-time collab system — that's Post-MVP. +- Not git. Doesn't track history client-side beyond the last-pull cache. Server holds the version history. +- Not symmetric — pull and push are one-way each. There's no "merge" command. diff --git a/.ai/memory/topics/schema-sync.md b/.ai/memory/topics/schema-sync.md new file mode 100644 index 00000000..659bdb1a --- /dev/null +++ b/.ai/memory/topics/schema-sync.md @@ -0,0 +1,35 @@ +# Schema sync + +## What it is + +How content type definitions in the user's `mdcms.config.ts` reach the server's schema registry. Schema is what gives MDCMS its typed editing surface — Studio forms, validation rules, and component catalogs are all generated from it. + +Schema sync is **schema-first**: developers edit `mdcms.config.ts`, run `mdcms schema sync`, and the server's registry catches up. The server never invents schema unilaterally. + +## How it works + +1. Developer edits `mdcms.config.ts` (defines content types, fields, references via `defineConfig`, `defineType`, `reference` from `@mdcms/shared`). +2. `mdcms schema sync` parses the config, computes a content-addressable hash of the resulting Standard Schema definitions, and POSTs to the server's schema endpoint. +3. Server compares incoming hash with the registry's current hash for that project. +4. If matched → no-op, success. +5. If different → server validates the new schema (no breaking changes without an explicit override flag), persists the new schema record, and updates the active hash. +6. Subsequent reads/writes use the new schema. Documents authored against an old hash get migrated lazily or rejected based on the change type. + +## Guarantees / invariants + +- **Schema hash pinning** for write clients (per ADR-006). Writes carry the schema hash they were authored against; mismatch is detected and surfaced. +- **No silent breaking changes.** Removing a required field or changing a type without a migration path requires an explicit override. +- **Standard Schema interop.** Internal representation uses Standard Schema so adapters into Zod, Valibot, Arktype etc. work out of the box. +- **Project-scoped.** Schema is per project (multi-tenant boundary). Two projects with identical schemas are still separate registry entries. + +## Cross-refs + +- Spec: `docs/specs/SPEC-004-schema-system-and-sync.md` +- ADR: `docs/adrs/ADR-006-schema-hash-pinning-for-write-clients.md` +- Per-package: `apps/cli/AGENTS.md`, `packages/shared/AGENTS.md` +- Related: [`push-pull-sync.md`](push-pull-sync.md) — schema sync runs separately from content push/pull + +## What this is _not_ + +- Not a database migration tool. The server's Drizzle migrations are independent. +- Not pushed automatically by Studio or SDK consumers. Studio reads the active schema; SDK reads documents typed against it. Schema authoring is CLI-only. diff --git a/.ai/plans/.gitkeep b/.ai/plans/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.ai/research/.gitkeep b/.ai/research/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.ai/skills/LICENSE.superpowers b/.ai/skills/LICENSE.superpowers new file mode 100644 index 00000000..abf03903 --- /dev/null +++ b/.ai/skills/LICENSE.superpowers @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Jesse Vincent + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/.ai/skills/README.md b/.ai/skills/README.md new file mode 100644 index 00000000..5658abd8 --- /dev/null +++ b/.ai/skills/README.md @@ -0,0 +1,41 @@ +# Skills + +This directory holds the canonical skill set for this repo. Every supported agent (Claude Code, Codex, Cursor) discovers it via a symlink: + +- `.claude/skills` → `../.ai/skills` +- `.agents/skills` → `../.ai/skills` +- `.cursor/skills` → `../.ai/skills` + +Skill format is the [Anthropic Agent Skill (`SKILL.md`)](https://platform.claude.com/docs/en/agents-and-tools/agent-skills/overview) standard. + +## Vendored skills + +The skills below are vendored from [obra/superpowers](https://github.com/obra/superpowers) v5.0.7, MIT-licensed (see `LICENSE.superpowers`). Copyright (c) 2025 Jesse Vincent. To bump the version: + +```bash +SP_VER=5.x.x +cp -r ~/.claude/plugins/cache/claude-plugins-official/superpowers/$SP_VER/skills/* .ai/skills/ +cp ~/.claude/plugins/cache/claude-plugins-official/superpowers/$SP_VER/LICENSE .ai/skills/LICENSE.superpowers +# Update the version above and verify by running a smoke test in a fresh session +``` + +Vendored skills: + +- `brainstorming/` +- `dispatching-parallel-agents/` +- `executing-plans/` +- `finishing-a-development-branch/` +- `receiving-code-review/` +- `requesting-code-review/` +- `subagent-driven-development/` +- `systematic-debugging/` +- `test-driven-development/` +- `using-git-worktrees/` +- `using-superpowers/` +- `verification-before-completion/` +- `writing-plans/` +- `writing-skills/` + +## Why a vendored copy + +The global `superpowers` plugin is disabled at the project level via `.claude/settings.json` so the vendored copy is the only set of skills active when working in this repo. This makes the agent harness reproducible: clone the repo, you get the same skill set, no "did you install the plugin globally" failure mode. diff --git a/.ai/skills/brainstorming/SKILL.md b/.ai/skills/brainstorming/SKILL.md new file mode 100644 index 00000000..d2ceb507 --- /dev/null +++ b/.ai/skills/brainstorming/SKILL.md @@ -0,0 +1,164 @@ +--- +name: brainstorming +description: "You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation." +--- + +# Brainstorming Ideas Into Designs + +Help turn ideas into fully formed designs and specs through natural collaborative dialogue. + +Start by understanding the current project context, then ask questions one at a time to refine the idea. Once you understand what you're building, present the design and get user approval. + + +Do NOT invoke any implementation skill, write any code, scaffold any project, or take any implementation action until you have presented a design and the user has approved it. This applies to EVERY project regardless of perceived simplicity. + + +## Anti-Pattern: "This Is Too Simple To Need A Design" + +Every project goes through this process. A todo list, a single-function utility, a config change — all of them. "Simple" projects are where unexamined assumptions cause the most wasted work. The design can be short (a few sentences for truly simple projects), but you MUST present it and get approval. + +## Checklist + +You MUST create a task for each of these items and complete them in order: + +1. **Explore project context** — check files, docs, recent commits +2. **Offer visual companion** (if topic will involve visual questions) — this is its own message, not combined with a clarifying question. See the Visual Companion section below. +3. **Ask clarifying questions** — one at a time, understand purpose/constraints/success criteria +4. **Propose 2-3 approaches** — with trade-offs and your recommendation +5. **Present design** — in sections scaled to their complexity, get user approval after each section +6. **Write design doc** — save to `.ai/research/YYYY-MM-DD--design.md` and commit +7. **Spec self-review** — quick inline check for placeholders, contradictions, ambiguity, scope (see below) +8. **User reviews written spec** — ask user to review the spec file before proceeding +9. **Transition to implementation** — invoke writing-plans skill to create implementation plan + +## Process Flow + +```dot +digraph brainstorming { + "Explore project context" [shape=box]; + "Visual questions ahead?" [shape=diamond]; + "Offer Visual Companion\n(own message, no other content)" [shape=box]; + "Ask clarifying questions" [shape=box]; + "Propose 2-3 approaches" [shape=box]; + "Present design sections" [shape=box]; + "User approves design?" [shape=diamond]; + "Write design doc" [shape=box]; + "Spec self-review\n(fix inline)" [shape=box]; + "User reviews spec?" [shape=diamond]; + "Invoke writing-plans skill" [shape=doublecircle]; + + "Explore project context" -> "Visual questions ahead?"; + "Visual questions ahead?" -> "Offer Visual Companion\n(own message, no other content)" [label="yes"]; + "Visual questions ahead?" -> "Ask clarifying questions" [label="no"]; + "Offer Visual Companion\n(own message, no other content)" -> "Ask clarifying questions"; + "Ask clarifying questions" -> "Propose 2-3 approaches"; + "Propose 2-3 approaches" -> "Present design sections"; + "Present design sections" -> "User approves design?"; + "User approves design?" -> "Present design sections" [label="no, revise"]; + "User approves design?" -> "Write design doc" [label="yes"]; + "Write design doc" -> "Spec self-review\n(fix inline)"; + "Spec self-review\n(fix inline)" -> "User reviews spec?"; + "User reviews spec?" -> "Write design doc" [label="changes requested"]; + "User reviews spec?" -> "Invoke writing-plans skill" [label="approved"]; +} +``` + +**The terminal state is invoking writing-plans.** Do NOT invoke frontend-design, mcp-builder, or any other implementation skill. The ONLY skill you invoke after brainstorming is writing-plans. + +## The Process + +**Understanding the idea:** + +- Check out the current project state first (files, docs, recent commits) +- Before asking detailed questions, assess scope: if the request describes multiple independent subsystems (e.g., "build a platform with chat, file storage, billing, and analytics"), flag this immediately. Don't spend questions refining details of a project that needs to be decomposed first. +- If the project is too large for a single spec, help the user decompose into sub-projects: what are the independent pieces, how do they relate, what order should they be built? Then brainstorm the first sub-project through the normal design flow. Each sub-project gets its own spec → plan → implementation cycle. +- For appropriately-scoped projects, ask questions one at a time to refine the idea +- Prefer multiple choice questions when possible, but open-ended is fine too +- Only one question per message - if a topic needs more exploration, break it into multiple questions +- Focus on understanding: purpose, constraints, success criteria + +**Exploring approaches:** + +- Propose 2-3 different approaches with trade-offs +- Present options conversationally with your recommendation and reasoning +- Lead with your recommended option and explain why + +**Presenting the design:** + +- Once you believe you understand what you're building, present the design +- Scale each section to its complexity: a few sentences if straightforward, up to 200-300 words if nuanced +- Ask after each section whether it looks right so far +- Cover: architecture, components, data flow, error handling, testing +- Be ready to go back and clarify if something doesn't make sense + +**Design for isolation and clarity:** + +- Break the system into smaller units that each have one clear purpose, communicate through well-defined interfaces, and can be understood and tested independently +- For each unit, you should be able to answer: what does it do, how do you use it, and what does it depend on? +- Can someone understand what a unit does without reading its internals? Can you change the internals without breaking consumers? If not, the boundaries need work. +- Smaller, well-bounded units are also easier for you to work with - you reason better about code you can hold in context at once, and your edits are more reliable when files are focused. When a file grows large, that's often a signal that it's doing too much. + +**Working in existing codebases:** + +- Explore the current structure before proposing changes. Follow existing patterns. +- Where existing code has problems that affect the work (e.g., a file that's grown too large, unclear boundaries, tangled responsibilities), include targeted improvements as part of the design - the way a good developer improves code they're working in. +- Don't propose unrelated refactoring. Stay focused on what serves the current goal. + +## After the Design + +**Documentation:** + +- Write the validated design (spec) to `.ai/research/YYYY-MM-DD--design.md` + - (User preferences for spec location override this default) +- Use elements-of-style:writing-clearly-and-concisely skill if available +- Commit the design document to git + +**Spec Self-Review:** +After writing the spec document, look at it with fresh eyes: + +1. **Placeholder scan:** Any "TBD", "TODO", incomplete sections, or vague requirements? Fix them. +2. **Internal consistency:** Do any sections contradict each other? Does the architecture match the feature descriptions? +3. **Scope check:** Is this focused enough for a single implementation plan, or does it need decomposition? +4. **Ambiguity check:** Could any requirement be interpreted two different ways? If so, pick one and make it explicit. + +Fix any issues inline. No need to re-review — just fix and move on. + +**User Review Gate:** +After the spec review loop passes, ask the user to review the written spec before proceeding: + +> "Spec written and committed to ``. Please review it and let me know if you want to make any changes before we start writing out the implementation plan." + +Wait for the user's response. If they request changes, make them and re-run the spec review loop. Only proceed once the user approves. + +**Implementation:** + +- Invoke the writing-plans skill to create a detailed implementation plan +- Do NOT invoke any other skill. writing-plans is the next step. + +## Key Principles + +- **One question at a time** - Don't overwhelm with multiple questions +- **Multiple choice preferred** - Easier to answer than open-ended when possible +- **YAGNI ruthlessly** - Remove unnecessary features from all designs +- **Explore alternatives** - Always propose 2-3 approaches before settling +- **Incremental validation** - Present design, get approval before moving on +- **Be flexible** - Go back and clarify when something doesn't make sense + +## Visual Companion + +A browser-based companion for showing mockups, diagrams, and visual options during brainstorming. Available as a tool — not a mode. Accepting the companion means it's available for questions that benefit from visual treatment; it does NOT mean every question goes through the browser. + +**Offering the companion:** When you anticipate that upcoming questions will involve visual content (mockups, layouts, diagrams), offer it once for consent: +> "Some of what we're working on might be easier to explain if I can show it to you in a web browser. I can put together mockups, diagrams, comparisons, and other visuals as we go. This feature is still new and can be token-intensive. Want to try it? (Requires opening a local URL)" + +**This offer MUST be its own message.** Do not combine it with clarifying questions, context summaries, or any other content. The message should contain ONLY the offer above and nothing else. Wait for the user's response before continuing. If they decline, proceed with text-only brainstorming. + +**Per-question decision:** Even after the user accepts, decide FOR EACH QUESTION whether to use the browser or the terminal. The test: **would the user understand this better by seeing it than reading it?** + +- **Use the browser** for content that IS visual — mockups, wireframes, layout comparisons, architecture diagrams, side-by-side visual designs +- **Use the terminal** for content that is text — requirements questions, conceptual choices, tradeoff lists, A/B/C/D text options, scope decisions + +A question about a UI topic is not automatically a visual question. "What does personality mean in this context?" is a conceptual question — use the terminal. "Which wizard layout works better?" is a visual question — use the browser. + +If they agree to the companion, read the detailed guide before proceeding: +`skills/brainstorming/visual-companion.md` diff --git a/.ai/skills/brainstorming/scripts/frame-template.html b/.ai/skills/brainstorming/scripts/frame-template.html new file mode 100644 index 00000000..dcfe0181 --- /dev/null +++ b/.ai/skills/brainstorming/scripts/frame-template.html @@ -0,0 +1,214 @@ + + + + + Superpowers Brainstorming + + + +
+

Superpowers Brainstorming

+
Connected
+
+ +
+
+ +
+
+ +
+ Click an option above, then return to the terminal +
+ + + diff --git a/.ai/skills/brainstorming/scripts/helper.js b/.ai/skills/brainstorming/scripts/helper.js new file mode 100644 index 00000000..111f97f5 --- /dev/null +++ b/.ai/skills/brainstorming/scripts/helper.js @@ -0,0 +1,88 @@ +(function() { + const WS_URL = 'ws://' + window.location.host; + let ws = null; + let eventQueue = []; + + function connect() { + ws = new WebSocket(WS_URL); + + ws.onopen = () => { + eventQueue.forEach(e => ws.send(JSON.stringify(e))); + eventQueue = []; + }; + + ws.onmessage = (msg) => { + const data = JSON.parse(msg.data); + if (data.type === 'reload') { + window.location.reload(); + } + }; + + ws.onclose = () => { + setTimeout(connect, 1000); + }; + } + + function sendEvent(event) { + event.timestamp = Date.now(); + if (ws && ws.readyState === WebSocket.OPEN) { + ws.send(JSON.stringify(event)); + } else { + eventQueue.push(event); + } + } + + // Capture clicks on choice elements + document.addEventListener('click', (e) => { + const target = e.target.closest('[data-choice]'); + if (!target) return; + + sendEvent({ + type: 'click', + text: target.textContent.trim(), + choice: target.dataset.choice, + id: target.id || null + }); + + // Update indicator bar (defer so toggleSelect runs first) + setTimeout(() => { + const indicator = document.getElementById('indicator-text'); + if (!indicator) return; + const container = target.closest('.options') || target.closest('.cards'); + const selected = container ? container.querySelectorAll('.selected') : []; + if (selected.length === 0) { + indicator.textContent = 'Click an option above, then return to the terminal'; + } else if (selected.length === 1) { + const label = selected[0].querySelector('h3, .content h3, .card-body h3')?.textContent?.trim() || selected[0].dataset.choice; + indicator.innerHTML = '' + label + ' selected — return to terminal to continue'; + } else { + indicator.innerHTML = '' + selected.length + ' selected — return to terminal to continue'; + } + }, 0); + }); + + // Frame UI: selection tracking + window.selectedChoice = null; + + window.toggleSelect = function(el) { + const container = el.closest('.options') || el.closest('.cards'); + const multi = container && container.dataset.multiselect !== undefined; + if (container && !multi) { + container.querySelectorAll('.option, .card').forEach(o => o.classList.remove('selected')); + } + if (multi) { + el.classList.toggle('selected'); + } else { + el.classList.add('selected'); + } + window.selectedChoice = el.dataset.choice; + }; + + // Expose API for explicit use + window.brainstorm = { + send: sendEvent, + choice: (value, metadata = {}) => sendEvent({ type: 'choice', value, ...metadata }) + }; + + connect(); +})(); diff --git a/.ai/skills/brainstorming/scripts/server.cjs b/.ai/skills/brainstorming/scripts/server.cjs new file mode 100644 index 00000000..562c17f8 --- /dev/null +++ b/.ai/skills/brainstorming/scripts/server.cjs @@ -0,0 +1,354 @@ +const crypto = require('crypto'); +const http = require('http'); +const fs = require('fs'); +const path = require('path'); + +// ========== WebSocket Protocol (RFC 6455) ========== + +const OPCODES = { TEXT: 0x01, CLOSE: 0x08, PING: 0x09, PONG: 0x0A }; +const WS_MAGIC = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11'; + +function computeAcceptKey(clientKey) { + return crypto.createHash('sha1').update(clientKey + WS_MAGIC).digest('base64'); +} + +function encodeFrame(opcode, payload) { + const fin = 0x80; + const len = payload.length; + let header; + + if (len < 126) { + header = Buffer.alloc(2); + header[0] = fin | opcode; + header[1] = len; + } else if (len < 65536) { + header = Buffer.alloc(4); + header[0] = fin | opcode; + header[1] = 126; + header.writeUInt16BE(len, 2); + } else { + header = Buffer.alloc(10); + header[0] = fin | opcode; + header[1] = 127; + header.writeBigUInt64BE(BigInt(len), 2); + } + + return Buffer.concat([header, payload]); +} + +function decodeFrame(buffer) { + if (buffer.length < 2) return null; + + const secondByte = buffer[1]; + const opcode = buffer[0] & 0x0F; + const masked = (secondByte & 0x80) !== 0; + let payloadLen = secondByte & 0x7F; + let offset = 2; + + if (!masked) throw new Error('Client frames must be masked'); + + if (payloadLen === 126) { + if (buffer.length < 4) return null; + payloadLen = buffer.readUInt16BE(2); + offset = 4; + } else if (payloadLen === 127) { + if (buffer.length < 10) return null; + payloadLen = Number(buffer.readBigUInt64BE(2)); + offset = 10; + } + + const maskOffset = offset; + const dataOffset = offset + 4; + const totalLen = dataOffset + payloadLen; + if (buffer.length < totalLen) return null; + + const mask = buffer.slice(maskOffset, dataOffset); + const data = Buffer.alloc(payloadLen); + for (let i = 0; i < payloadLen; i++) { + data[i] = buffer[dataOffset + i] ^ mask[i % 4]; + } + + return { opcode, payload: data, bytesConsumed: totalLen }; +} + +// ========== Configuration ========== + +const PORT = process.env.BRAINSTORM_PORT || (49152 + Math.floor(Math.random() * 16383)); +const HOST = process.env.BRAINSTORM_HOST || '127.0.0.1'; +const URL_HOST = process.env.BRAINSTORM_URL_HOST || (HOST === '127.0.0.1' ? 'localhost' : HOST); +const SESSION_DIR = process.env.BRAINSTORM_DIR || '/tmp/brainstorm'; +const CONTENT_DIR = path.join(SESSION_DIR, 'content'); +const STATE_DIR = path.join(SESSION_DIR, 'state'); +let ownerPid = process.env.BRAINSTORM_OWNER_PID ? Number(process.env.BRAINSTORM_OWNER_PID) : null; + +const MIME_TYPES = { + '.html': 'text/html', '.css': 'text/css', '.js': 'application/javascript', + '.json': 'application/json', '.png': 'image/png', '.jpg': 'image/jpeg', + '.jpeg': 'image/jpeg', '.gif': 'image/gif', '.svg': 'image/svg+xml' +}; + +// ========== Templates and Constants ========== + +const WAITING_PAGE = ` + +Brainstorm Companion + + +

Brainstorm Companion

+

Waiting for the agent to push a screen...

`; + +const frameTemplate = fs.readFileSync(path.join(__dirname, 'frame-template.html'), 'utf-8'); +const helperScript = fs.readFileSync(path.join(__dirname, 'helper.js'), 'utf-8'); +const helperInjection = ''; + +// ========== Helper Functions ========== + +function isFullDocument(html) { + const trimmed = html.trimStart().toLowerCase(); + return trimmed.startsWith('', content); +} + +function getNewestScreen() { + const files = fs.readdirSync(CONTENT_DIR) + .filter(f => f.endsWith('.html')) + .map(f => { + const fp = path.join(CONTENT_DIR, f); + return { path: fp, mtime: fs.statSync(fp).mtime.getTime() }; + }) + .sort((a, b) => b.mtime - a.mtime); + return files.length > 0 ? files[0].path : null; +} + +// ========== HTTP Request Handler ========== + +function handleRequest(req, res) { + touchActivity(); + if (req.method === 'GET' && req.url === '/') { + const screenFile = getNewestScreen(); + let html = screenFile + ? (raw => isFullDocument(raw) ? raw : wrapInFrame(raw))(fs.readFileSync(screenFile, 'utf-8')) + : WAITING_PAGE; + + if (html.includes('')) { + html = html.replace('', helperInjection + '\n'); + } else { + html += helperInjection; + } + + res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' }); + res.end(html); + } else if (req.method === 'GET' && req.url.startsWith('/files/')) { + const fileName = req.url.slice(7); + const filePath = path.join(CONTENT_DIR, path.basename(fileName)); + if (!fs.existsSync(filePath)) { + res.writeHead(404); + res.end('Not found'); + return; + } + const ext = path.extname(filePath).toLowerCase(); + const contentType = MIME_TYPES[ext] || 'application/octet-stream'; + res.writeHead(200, { 'Content-Type': contentType }); + res.end(fs.readFileSync(filePath)); + } else { + res.writeHead(404); + res.end('Not found'); + } +} + +// ========== WebSocket Connection Handling ========== + +const clients = new Set(); + +function handleUpgrade(req, socket) { + const key = req.headers['sec-websocket-key']; + if (!key) { socket.destroy(); return; } + + const accept = computeAcceptKey(key); + socket.write( + 'HTTP/1.1 101 Switching Protocols\r\n' + + 'Upgrade: websocket\r\n' + + 'Connection: Upgrade\r\n' + + 'Sec-WebSocket-Accept: ' + accept + '\r\n\r\n' + ); + + let buffer = Buffer.alloc(0); + clients.add(socket); + + socket.on('data', (chunk) => { + buffer = Buffer.concat([buffer, chunk]); + while (buffer.length > 0) { + let result; + try { + result = decodeFrame(buffer); + } catch (e) { + socket.end(encodeFrame(OPCODES.CLOSE, Buffer.alloc(0))); + clients.delete(socket); + return; + } + if (!result) break; + buffer = buffer.slice(result.bytesConsumed); + + switch (result.opcode) { + case OPCODES.TEXT: + handleMessage(result.payload.toString()); + break; + case OPCODES.CLOSE: + socket.end(encodeFrame(OPCODES.CLOSE, Buffer.alloc(0))); + clients.delete(socket); + return; + case OPCODES.PING: + socket.write(encodeFrame(OPCODES.PONG, result.payload)); + break; + case OPCODES.PONG: + break; + default: { + const closeBuf = Buffer.alloc(2); + closeBuf.writeUInt16BE(1003); + socket.end(encodeFrame(OPCODES.CLOSE, closeBuf)); + clients.delete(socket); + return; + } + } + } + }); + + socket.on('close', () => clients.delete(socket)); + socket.on('error', () => clients.delete(socket)); +} + +function handleMessage(text) { + let event; + try { + event = JSON.parse(text); + } catch (e) { + console.error('Failed to parse WebSocket message:', e.message); + return; + } + touchActivity(); + console.log(JSON.stringify({ source: 'user-event', ...event })); + if (event.choice) { + const eventsFile = path.join(STATE_DIR, 'events'); + fs.appendFileSync(eventsFile, JSON.stringify(event) + '\n'); + } +} + +function broadcast(msg) { + const frame = encodeFrame(OPCODES.TEXT, Buffer.from(JSON.stringify(msg))); + for (const socket of clients) { + try { socket.write(frame); } catch (e) { clients.delete(socket); } + } +} + +// ========== Activity Tracking ========== + +const IDLE_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes +let lastActivity = Date.now(); + +function touchActivity() { + lastActivity = Date.now(); +} + +// ========== File Watching ========== + +const debounceTimers = new Map(); + +// ========== Server Startup ========== + +function startServer() { + if (!fs.existsSync(CONTENT_DIR)) fs.mkdirSync(CONTENT_DIR, { recursive: true }); + if (!fs.existsSync(STATE_DIR)) fs.mkdirSync(STATE_DIR, { recursive: true }); + + // Track known files to distinguish new screens from updates. + // macOS fs.watch reports 'rename' for both new files and overwrites, + // so we can't rely on eventType alone. + const knownFiles = new Set( + fs.readdirSync(CONTENT_DIR).filter(f => f.endsWith('.html')) + ); + + const server = http.createServer(handleRequest); + server.on('upgrade', handleUpgrade); + + const watcher = fs.watch(CONTENT_DIR, (eventType, filename) => { + if (!filename || !filename.endsWith('.html')) return; + + if (debounceTimers.has(filename)) clearTimeout(debounceTimers.get(filename)); + debounceTimers.set(filename, setTimeout(() => { + debounceTimers.delete(filename); + const filePath = path.join(CONTENT_DIR, filename); + + if (!fs.existsSync(filePath)) return; // file was deleted + touchActivity(); + + if (!knownFiles.has(filename)) { + knownFiles.add(filename); + const eventsFile = path.join(STATE_DIR, 'events'); + if (fs.existsSync(eventsFile)) fs.unlinkSync(eventsFile); + console.log(JSON.stringify({ type: 'screen-added', file: filePath })); + } else { + console.log(JSON.stringify({ type: 'screen-updated', file: filePath })); + } + + broadcast({ type: 'reload' }); + }, 100)); + }); + watcher.on('error', (err) => console.error('fs.watch error:', err.message)); + + function shutdown(reason) { + console.log(JSON.stringify({ type: 'server-stopped', reason })); + const infoFile = path.join(STATE_DIR, 'server-info'); + if (fs.existsSync(infoFile)) fs.unlinkSync(infoFile); + fs.writeFileSync( + path.join(STATE_DIR, 'server-stopped'), + JSON.stringify({ reason, timestamp: Date.now() }) + '\n' + ); + watcher.close(); + clearInterval(lifecycleCheck); + server.close(() => process.exit(0)); + } + + function ownerAlive() { + if (!ownerPid) return true; + try { process.kill(ownerPid, 0); return true; } catch (e) { return e.code === 'EPERM'; } + } + + // Check every 60s: exit if owner process died or idle for 30 minutes + const lifecycleCheck = setInterval(() => { + if (!ownerAlive()) shutdown('owner process exited'); + else if (Date.now() - lastActivity > IDLE_TIMEOUT_MS) shutdown('idle timeout'); + }, 60 * 1000); + lifecycleCheck.unref(); + + // Validate owner PID at startup. If it's already dead, the PID resolution + // was wrong (common on WSL, Tailscale SSH, and cross-user scenarios). + // Disable monitoring and rely on the idle timeout instead. + if (ownerPid) { + try { process.kill(ownerPid, 0); } + catch (e) { + if (e.code !== 'EPERM') { + console.log(JSON.stringify({ type: 'owner-pid-invalid', pid: ownerPid, reason: 'dead at startup' })); + ownerPid = null; + } + } + } + + server.listen(PORT, HOST, () => { + const info = JSON.stringify({ + type: 'server-started', port: Number(PORT), host: HOST, + url_host: URL_HOST, url: 'http://' + URL_HOST + ':' + PORT, + screen_dir: CONTENT_DIR, state_dir: STATE_DIR + }); + console.log(info); + fs.writeFileSync(path.join(STATE_DIR, 'server-info'), info + '\n'); + }); +} + +if (require.main === module) { + startServer(); +} + +module.exports = { computeAcceptKey, encodeFrame, decodeFrame, OPCODES }; diff --git a/.ai/skills/brainstorming/scripts/start-server.sh b/.ai/skills/brainstorming/scripts/start-server.sh new file mode 100755 index 00000000..9ef6dcb9 --- /dev/null +++ b/.ai/skills/brainstorming/scripts/start-server.sh @@ -0,0 +1,148 @@ +#!/usr/bin/env bash +# Start the brainstorm server and output connection info +# Usage: start-server.sh [--project-dir ] [--host ] [--url-host ] [--foreground] [--background] +# +# Starts server on a random high port, outputs JSON with URL. +# Each session gets its own directory to avoid conflicts. +# +# Options: +# --project-dir Store session files under /.superpowers/brainstorm/ +# instead of /tmp. Files persist after server stops. +# --host Host/interface to bind (default: 127.0.0.1). +# Use 0.0.0.0 in remote/containerized environments. +# --url-host Hostname shown in returned URL JSON. +# --foreground Run server in the current terminal (no backgrounding). +# --background Force background mode (overrides Codex auto-foreground). + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" + +# Parse arguments +PROJECT_DIR="" +FOREGROUND="false" +FORCE_BACKGROUND="false" +BIND_HOST="127.0.0.1" +URL_HOST="" +while [[ $# -gt 0 ]]; do + case "$1" in + --project-dir) + PROJECT_DIR="$2" + shift 2 + ;; + --host) + BIND_HOST="$2" + shift 2 + ;; + --url-host) + URL_HOST="$2" + shift 2 + ;; + --foreground|--no-daemon) + FOREGROUND="true" + shift + ;; + --background|--daemon) + FORCE_BACKGROUND="true" + shift + ;; + *) + echo "{\"error\": \"Unknown argument: $1\"}" + exit 1 + ;; + esac +done + +if [[ -z "$URL_HOST" ]]; then + if [[ "$BIND_HOST" == "127.0.0.1" || "$BIND_HOST" == "localhost" ]]; then + URL_HOST="localhost" + else + URL_HOST="$BIND_HOST" + fi +fi + +# Some environments reap detached/background processes. Auto-foreground when detected. +if [[ -n "${CODEX_CI:-}" && "$FOREGROUND" != "true" && "$FORCE_BACKGROUND" != "true" ]]; then + FOREGROUND="true" +fi + +# Windows/Git Bash reaps nohup background processes. Auto-foreground when detected. +if [[ "$FOREGROUND" != "true" && "$FORCE_BACKGROUND" != "true" ]]; then + case "${OSTYPE:-}" in + msys*|cygwin*|mingw*) FOREGROUND="true" ;; + esac + if [[ -n "${MSYSTEM:-}" ]]; then + FOREGROUND="true" + fi +fi + +# Generate unique session directory +SESSION_ID="$$-$(date +%s)" + +if [[ -n "$PROJECT_DIR" ]]; then + SESSION_DIR="${PROJECT_DIR}/.superpowers/brainstorm/${SESSION_ID}" +else + SESSION_DIR="/tmp/brainstorm-${SESSION_ID}" +fi + +STATE_DIR="${SESSION_DIR}/state" +PID_FILE="${STATE_DIR}/server.pid" +LOG_FILE="${STATE_DIR}/server.log" + +# Create fresh session directory with content and state peers +mkdir -p "${SESSION_DIR}/content" "$STATE_DIR" + +# Kill any existing server +if [[ -f "$PID_FILE" ]]; then + old_pid=$(cat "$PID_FILE") + kill "$old_pid" 2>/dev/null + rm -f "$PID_FILE" +fi + +cd "$SCRIPT_DIR" + +# Resolve the harness PID (grandparent of this script). +# $PPID is the ephemeral shell the harness spawned to run us — it dies +# when this script exits. The harness itself is $PPID's parent. +OWNER_PID="$(ps -o ppid= -p "$PPID" 2>/dev/null | tr -d ' ')" +if [[ -z "$OWNER_PID" || "$OWNER_PID" == "1" ]]; then + OWNER_PID="$PPID" +fi + +# Foreground mode for environments that reap detached/background processes. +if [[ "$FOREGROUND" == "true" ]]; then + echo "$$" > "$PID_FILE" + env BRAINSTORM_DIR="$SESSION_DIR" BRAINSTORM_HOST="$BIND_HOST" BRAINSTORM_URL_HOST="$URL_HOST" BRAINSTORM_OWNER_PID="$OWNER_PID" node server.cjs + exit $? +fi + +# Start server, capturing output to log file +# Use nohup to survive shell exit; disown to remove from job table +nohup env BRAINSTORM_DIR="$SESSION_DIR" BRAINSTORM_HOST="$BIND_HOST" BRAINSTORM_URL_HOST="$URL_HOST" BRAINSTORM_OWNER_PID="$OWNER_PID" node server.cjs > "$LOG_FILE" 2>&1 & +SERVER_PID=$! +disown "$SERVER_PID" 2>/dev/null +echo "$SERVER_PID" > "$PID_FILE" + +# Wait for server-started message (check log file) +for i in {1..50}; do + if grep -q "server-started" "$LOG_FILE" 2>/dev/null; then + # Verify server is still alive after a short window (catches process reapers) + alive="true" + for _ in {1..20}; do + if ! kill -0 "$SERVER_PID" 2>/dev/null; then + alive="false" + break + fi + sleep 0.1 + done + if [[ "$alive" != "true" ]]; then + echo "{\"error\": \"Server started but was killed. Retry in a persistent terminal with: $SCRIPT_DIR/start-server.sh${PROJECT_DIR:+ --project-dir $PROJECT_DIR} --host $BIND_HOST --url-host $URL_HOST --foreground\"}" + exit 1 + fi + grep "server-started" "$LOG_FILE" | head -1 + exit 0 + fi + sleep 0.1 +done + +# Timeout - server didn't start +echo '{"error": "Server failed to start within 5 seconds"}' +exit 1 diff --git a/.ai/skills/brainstorming/scripts/stop-server.sh b/.ai/skills/brainstorming/scripts/stop-server.sh new file mode 100755 index 00000000..a6b94e65 --- /dev/null +++ b/.ai/skills/brainstorming/scripts/stop-server.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash +# Stop the brainstorm server and clean up +# Usage: stop-server.sh +# +# Kills the server process. Only deletes session directory if it's +# under /tmp (ephemeral). Persistent directories (.superpowers/) are +# kept so mockups can be reviewed later. + +SESSION_DIR="$1" + +if [[ -z "$SESSION_DIR" ]]; then + echo '{"error": "Usage: stop-server.sh "}' + exit 1 +fi + +STATE_DIR="${SESSION_DIR}/state" +PID_FILE="${STATE_DIR}/server.pid" + +if [[ -f "$PID_FILE" ]]; then + pid=$(cat "$PID_FILE") + + # Try to stop gracefully, fallback to force if still alive + kill "$pid" 2>/dev/null || true + + # Wait for graceful shutdown (up to ~2s) + for i in {1..20}; do + if ! kill -0 "$pid" 2>/dev/null; then + break + fi + sleep 0.1 + done + + # If still running, escalate to SIGKILL + if kill -0 "$pid" 2>/dev/null; then + kill -9 "$pid" 2>/dev/null || true + + # Give SIGKILL a moment to take effect + sleep 0.1 + fi + + if kill -0 "$pid" 2>/dev/null; then + echo '{"status": "failed", "error": "process still running"}' + exit 1 + fi + + rm -f "$PID_FILE" "${STATE_DIR}/server.log" + + # Only delete ephemeral /tmp directories + if [[ "$SESSION_DIR" == /tmp/* ]]; then + rm -rf "$SESSION_DIR" + fi + + echo '{"status": "stopped"}' +else + echo '{"status": "not_running"}' +fi diff --git a/.ai/skills/brainstorming/spec-document-reviewer-prompt.md b/.ai/skills/brainstorming/spec-document-reviewer-prompt.md new file mode 100644 index 00000000..98cedc41 --- /dev/null +++ b/.ai/skills/brainstorming/spec-document-reviewer-prompt.md @@ -0,0 +1,49 @@ +# Spec Document Reviewer Prompt Template + +Use this template when dispatching a spec document reviewer subagent. + +**Purpose:** Verify the spec is complete, consistent, and ready for implementation planning. + +**Dispatch after:** Spec document is written to .ai/research/ + +``` +Task tool (general-purpose): + description: "Review spec document" + prompt: | + You are a spec document reviewer. Verify this spec is complete and ready for planning. + + **Spec to review:** [SPEC_FILE_PATH] + + ## What to Check + + | Category | What to Look For | + |----------|------------------| + | Completeness | TODOs, placeholders, "TBD", incomplete sections | + | Consistency | Internal contradictions, conflicting requirements | + | Clarity | Requirements ambiguous enough to cause someone to build the wrong thing | + | Scope | Focused enough for a single plan — not covering multiple independent subsystems | + | YAGNI | Unrequested features, over-engineering | + + ## Calibration + + **Only flag issues that would cause real problems during implementation planning.** + A missing section, a contradiction, or a requirement so ambiguous it could be + interpreted two different ways — those are issues. Minor wording improvements, + stylistic preferences, and "sections less detailed than others" are not. + + Approve unless there are serious gaps that would lead to a flawed plan. + + ## Output Format + + ## Spec Review + + **Status:** Approved | Issues Found + + **Issues (if any):** + - [Section X]: [specific issue] - [why it matters for planning] + + **Recommendations (advisory, do not block approval):** + - [suggestions for improvement] +``` + +**Reviewer returns:** Status, Issues (if any), Recommendations diff --git a/.ai/skills/brainstorming/visual-companion.md b/.ai/skills/brainstorming/visual-companion.md new file mode 100644 index 00000000..2113863d --- /dev/null +++ b/.ai/skills/brainstorming/visual-companion.md @@ -0,0 +1,287 @@ +# Visual Companion Guide + +Browser-based visual brainstorming companion for showing mockups, diagrams, and options. + +## When to Use + +Decide per-question, not per-session. The test: **would the user understand this better by seeing it than reading it?** + +**Use the browser** when the content itself is visual: + +- **UI mockups** — wireframes, layouts, navigation structures, component designs +- **Architecture diagrams** — system components, data flow, relationship maps +- **Side-by-side visual comparisons** — comparing two layouts, two color schemes, two design directions +- **Design polish** — when the question is about look and feel, spacing, visual hierarchy +- **Spatial relationships** — state machines, flowcharts, entity relationships rendered as diagrams + +**Use the terminal** when the content is text or tabular: + +- **Requirements and scope questions** — "what does X mean?", "which features are in scope?" +- **Conceptual A/B/C choices** — picking between approaches described in words +- **Tradeoff lists** — pros/cons, comparison tables +- **Technical decisions** — API design, data modeling, architectural approach selection +- **Clarifying questions** — anything where the answer is words, not a visual preference + +A question *about* a UI topic is not automatically a visual question. "What kind of wizard do you want?" is conceptual — use the terminal. "Which of these wizard layouts feels right?" is visual — use the browser. + +## How It Works + +The server watches a directory for HTML files and serves the newest one to the browser. You write HTML content to `screen_dir`, the user sees it in their browser and can click to select options. Selections are recorded to `state_dir/events` that you read on your next turn. + +**Content fragments vs full documents:** If your HTML file starts with `/.superpowers/brainstorm/` for the session directory. + +**Note:** Pass the project root as `--project-dir` so mockups persist in `.superpowers/brainstorm/` and survive server restarts. Without it, files go to `/tmp` and get cleaned up. Remind the user to add `.superpowers/` to `.gitignore` if it's not already there. + +**Launching the server by platform:** + +**Claude Code (macOS / Linux):** +```bash +# Default mode works — the script backgrounds the server itself +scripts/start-server.sh --project-dir /path/to/project +``` + +**Claude Code (Windows):** +```bash +# Windows auto-detects and uses foreground mode, which blocks the tool call. +# Use run_in_background: true on the Bash tool call so the server survives +# across conversation turns. +scripts/start-server.sh --project-dir /path/to/project +``` +When calling this via the Bash tool, set `run_in_background: true`. Then read `$STATE_DIR/server-info` on the next turn to get the URL and port. + +**Codex:** +```bash +# Codex reaps background processes. The script auto-detects CODEX_CI and +# switches to foreground mode. Run it normally — no extra flags needed. +scripts/start-server.sh --project-dir /path/to/project +``` + +**Gemini CLI:** +```bash +# Use --foreground and set is_background: true on your shell tool call +# so the process survives across turns +scripts/start-server.sh --project-dir /path/to/project --foreground +``` + +**Other environments:** The server must keep running in the background across conversation turns. If your environment reaps detached processes, use `--foreground` and launch the command with your platform's background execution mechanism. + +If the URL is unreachable from your browser (common in remote/containerized setups), bind a non-loopback host: + +```bash +scripts/start-server.sh \ + --project-dir /path/to/project \ + --host 0.0.0.0 \ + --url-host localhost +``` + +Use `--url-host` to control what hostname is printed in the returned URL JSON. + +## The Loop + +1. **Check server is alive**, then **write HTML** to a new file in `screen_dir`: + - Before each write, check that `$STATE_DIR/server-info` exists. If it doesn't (or `$STATE_DIR/server-stopped` exists), the server has shut down — restart it with `start-server.sh` before continuing. The server auto-exits after 30 minutes of inactivity. + - Use semantic filenames: `platform.html`, `visual-style.html`, `layout.html` + - **Never reuse filenames** — each screen gets a fresh file + - Use Write tool — **never use cat/heredoc** (dumps noise into terminal) + - Server automatically serves the newest file + +2. **Tell user what to expect and end your turn:** + - Remind them of the URL (every step, not just first) + - Give a brief text summary of what's on screen (e.g., "Showing 3 layout options for the homepage") + - Ask them to respond in the terminal: "Take a look and let me know what you think. Click to select an option if you'd like." + +3. **On your next turn** — after the user responds in the terminal: + - Read `$STATE_DIR/events` if it exists — this contains the user's browser interactions (clicks, selections) as JSON lines + - Merge with the user's terminal text to get the full picture + - The terminal message is the primary feedback; `state_dir/events` provides structured interaction data + +4. **Iterate or advance** — if feedback changes current screen, write a new file (e.g., `layout-v2.html`). Only move to the next question when the current step is validated. + +5. **Unload when returning to terminal** — when the next step doesn't need the browser (e.g., a clarifying question, a tradeoff discussion), push a waiting screen to clear the stale content: + + ```html + +
+

Continuing in terminal...

+
+ ``` + + This prevents the user from staring at a resolved choice while the conversation has moved on. When the next visual question comes up, push a new content file as usual. + +6. Repeat until done. + +## Writing Content Fragments + +Write just the content that goes inside the page. The server wraps it in the frame template automatically (header, theme CSS, selection indicator, and all interactive infrastructure). + +**Minimal example:** + +```html +

Which layout works better?

+

Consider readability and visual hierarchy

+ +
+
+
A
+
+

Single Column

+

Clean, focused reading experience

+
+
+
+
B
+
+

Two Column

+

Sidebar navigation with main content

+
+
+
+``` + +That's it. No ``, no CSS, no `