stacksjs
diff --git a/‎.claude/skills/stacks-browse/SKILL.md‎
Lines changed: 114 additions & 0 deletions b/‎.claude/skills/stacks-browse/SKILL.md‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎.claude/skills/stacks-guard/SKILL.md‎
Lines changed: 98 additions & 0 deletions b/‎.claude/skills/stacks-guard/SKILL.md‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎.claude/skills/stacks-investigate/SKILL.md‎
Lines changed: 119 additions & 0 deletions b/‎.claude/skills/stacks-investigate/SKILL.md‎
Lines changed: 119 additions & 0 deletions
@@ -0,0 +1,114 @@
+---
+name: stacks-browse
+description: Use for headless browser QA on Stacks applications — navigation, screenshots, responsive testing, form filling, and console monitoring via Playwright. Invoke with /stacks-browse.
+license: MIT
+compatibility: Bun >= 1.3.0, TypeScript, Playwright
+allowed-tools: Read Edit Write Bash Grep Glob
+---
+
+# /stacks-browse — Headless Browser QA
+
+You are a QA engineer using headless Chromium via Playwright to test Stacks applications.
+
+## Setup
+
+```bash
+bunx playwright install chromium --with-deps 2>/dev/null || npx playwright install chromium --with-deps
+```
+
+## Capabilities
+
+### Navigate
+```
+browse: go to [URL]
+```
+Report: title, status code, console errors, load time.
+
+Default Stacks dev URLs:
+- Frontend: `localhost:3000`
+- Backend API: `localhost:3001`
+- Admin dashboard: `localhost:3002`
+- Docs: `localhost:3005`
+- API: `localhost:3008`
+
+### Snapshot
+```
+browse: snapshot [URL]
+```
+Capture accessible content: headings, links, forms, buttons, ARIA landmarks.
+
+### Screenshot
+```
+browse: screenshot [URL]
+browse: screenshot [URL] --viewport 1920x1080
+browse: screenshot [URL] --full
+browse: screenshot [URL] --element [selector]
+```
+
+### Responsive Testing
+```
+browse: responsive [URL]
+```
+
+Test at standard breakpoints:
+
+| Device | Width | Height |
+|--------|-------|--------|
+| Mobile S | 320 | 568 |
+| Mobile L | 428 | 926 |
+| Tablet | 768 | 1024 |
+| Desktop | 1280 | 720 |
+| Wide | 1920 | 1080 |
+
+For each: screenshot, check horizontal overflow, report layout issues.
+
+### Form Filling
+```
+browse: fill [URL] with [field:value pairs]
+```
+Fill by label, name, id, or placeholder. Screenshot the result. Don't submit unless asked.
+
+### Element Interaction
+```
+browse: click [selector] on [URL]
+browse: type [text] into [selector] on [URL]
+browse: hover [selector] on [URL]
+```
+
+### Console & Network Monitoring
+```
+browse: monitor [URL]
+```
+Report: console messages, failed requests (4xx/5xx), slow requests (>3s), JS errors.
+
+## Element Referencing
+
+```
+[1] "Sign Up" button (button.primary-cta)
+[2] "Email" input (input#email)
+[3] "Dashboard" link (a[href="/dashboard"])
+```
+
+User can say "click [1]" or "fill [2] with test@example.com".
+
+## Stacks-Specific QA
+
+When testing a Stacks app, check:
+- **Dashboard routes** — are all admin pages rendering? (`localhost:3002`)
+- **API health** — `GET localhost:3008/health` returns status ok?
+- **Auth flow** — login/register at `/login`, `/register`
+- **CMS pages** — blog posts, categories at `/blog/posts`
+- **STX components** — do custom components render correctly?
+- **Crosswind CSS** — are utility classes generating proper styles?
+
+## Rules
+
+- **Always close the browser** in a finally block.
+- **Never submit forms with real data** unless explicitly asked.
+- **Don't store cookies/sessions** between invocations unless requested.
+- **Local URLs are fine.** `localhost`, `127.0.0.1` are valid for dev testing.
+- **Report what you see, not what you expect.**
+
+## Downstream
+
+> **QA complete.** Run `/stacks-retro` to review this development session.
@@ -0,0 +1,98 @@
+---
+name: stacks-guard
+description: Use for safety rails — warns on destructive commands (rm -rf, DROP TABLE, force-push, git reset --hard) and provides freeze mode for focused debugging. Invoke with /stacks-guard.
+license: MIT
+compatibility: Bun >= 1.3.0, TypeScript
+allowed-tools: Read Edit Write Bash Grep Glob
+---
+
+# /stacks-guard — Safety Rails
+
+Prevent destructive actions and enforce focus during debugging sessions.
+
+## Destructive Command Detection
+
+### 🔴 CRITICAL — Block and require confirmation:
+
+| Pattern | Risk |
+|---------|------|
+| `rm -rf /`, `rm -rf ~`, `rm -rf .` | Catastrophic file deletion |
+| `DROP TABLE`, `DROP DATABASE`, `TRUNCATE` | Irreversible data loss |
+| `git push --force` to `main`/`master` | Overwrites shared history |
+| `git reset --hard` with uncommitted changes | Loses uncommitted work |
+| `git clean -fd` | Deletes untracked files permanently |
+| `buddy migrate:fresh` on production | Drops ALL tables |
+| `buddy seed --fresh` on production | Truncates all data |
+
+Response:
+```
+🔴 GUARD: Destructive command detected
+Command: [command]
+Risk: [what will be destroyed]
+Reversible: [yes/no]
+```
+
+### 🟡 WARNING — Warn but allow:
+
+| Pattern | Risk |
+|---------|------|
+| `git push --force` (non-main) | Overwrites remote branch |
+| `rm -rf [specific dir]` | Deletes directory tree |
+| `bun remove [core dep]` | May break build |
+| `git checkout -- .` | Discards all unstaged changes |
+| Bulk file moves/renames | May break imports/aliases |
+| Modifying `config/services.ts` | Contains API keys |
+| Modifying `storage/framework/core/*/src/index.ts` | Public package API |
+
+### 🟢 INFORMATIONAL — Note but don't block:
+
+| Pattern | Note |
+|---------|------|
+| `git rebase` | History rewrite — ensure not shared |
+| `bun update` (major versions) | May introduce breaking changes |
+| Modifying CI/CD config | Affects deployment pipeline |
+| Changing auth/permissions code | Security-sensitive |
+| Modifying migration files | Database schema change |
+
+## Freeze Mode
+
+Restrict edits during focused debugging.
+
+### Activate
+```
+/stacks-guard freeze [file or directory pattern]
+```
+
+When active:
+1. **Block edits outside the freeze scope**
+2. **Track all changes** made during the session
+3. **Warn if changes grow large** (>5 files or >50 lines)
+
+### Deactivate
+```
+/stacks-guard thaw
+```
+
+Produces a summary of all changes.
+
+## Pre-Commit Safety
+
+Before commits, scan for:
+1. **Secrets**: API keys, tokens, passwords in staged files
+2. **Debug artifacts**: `console.log`, `debugger`, `TODO: remove`
+3. **Large files**: >1MB being committed
+4. **Lockfile consistency**: `package.json` changed → `bun.lock` should too
+
+## Stacks-Specific Guards
+
+- **Don't edit `storage/framework/types/*.d.ts`** — these are auto-generated
+- **Don't edit `storage/framework/defaults/models/`** without also generating migrations
+- **Don't modify `config/services.ts` in commits** — contains API keys
+- **Check `storage/framework/core/*/package.json` versions** — workspace packages should stay in sync
+
+## Rules
+
+- **Never silently allow destructive commands.**
+- **Don't be annoying.** `rm file.txt` doesn't need a warning. `rm -rf node_modules` is fine — it's regenerable.
+- **Respect user intent.** After warning once, if confirmed, proceed.
+- **Context matters.** Force-push to personal branch ≠ force-push to main.
@@ -0,0 +1,119 @@
+---
+name: stacks-investigate
+description: Use when debugging issues in the Stacks project — four-phase root-cause debugging with hypothesis testing and escalation. Enforces "no fixes without root cause." Invoke with /stacks-investigate.
+license: MIT
+compatibility: Bun >= 1.3.0, TypeScript
+allowed-tools: Read Edit Write Bash Grep Glob
+---
+
+# /stacks-investigate — Root Cause Debugging
+
+You are a systematic debugger for the Stacks framework. Find the **root cause**, not just make symptoms go away. No fixes until the root cause is confirmed.
+
+## Phase 1: Investigate
+
+Gather information. Do not form hypotheses yet.
+
+1. **Understand the symptom**: What's happening vs. what should happen?
+2. **Reproduce mentally**: Read code paths end-to-end. Trace data flow from input to failure point.
+3. **Collect evidence**:
+   - Read error messages, stack traces, and logs (`storage/logs/stacks.log`)
+   - Check recent git history: `git log --oneline -20 -- [relevant files]`
+   - Check for related test failures: `bun test [relevant test file]`
+   - Check config files that affect the failing path (`config/*.ts`)
+4. **Map blast radius**: What else touches this code? Use `grep` to find all callers.
+
+For Stacks-specific issues, also check:
+- ORM model definitions in `storage/framework/defaults/models/`
+- Route definitions in `routes/`
+- Action handlers in `storage/framework/core/actions/src/`
+- Middleware in `storage/framework/defaults/app/Middleware/`
+
+```
+## Investigation Summary
+**Symptom**: [what's happening]
+**Expected**: [what should happen]
+**Affected code**: [file:line references]
+**Recent changes**: [relevant commits]
+**Blast radius**: [other code/features affected]
+```
+
+## Phase 2: Pattern Analysis
+
+1. **When does it fail?** Always, or only under certain conditions? Environment-specific?
+2. **Failure mode?** Crash / wrong result / hang / intermittent
+3. **Where in the stack?**
+   - Framework issue (check `storage/framework/core/`)
+   - Application code issue (`app/`, `routes/`, `resources/`)
+   - Dependency issue (check `bun.lock` for version changes)
+   - Configuration issue (`config/*.ts`)
+
+```
+## Pattern Analysis
+**Failure type**: [crash / wrong result / hang / intermittent]
+**Consistency**: [always / conditional / intermittent]
+**Layer**: [framework / application / dependency / config]
+**Key observation**: [most important pattern]
+```
+
+## Phase 3: Hypothesis Testing
+
+Form up to 3 hypotheses, ranked by likelihood.
+
+```
+### Hypothesis 1 (most likely): [title]
+**Claim**: [specific root cause]
+**Prediction**: [observable if true]
+**Test**: [how to verify]
+**Result**: ✅ Confirmed / ❌ Refuted / ⚠️ Inconclusive
+```
+
+### Escalation Rule
+
+If all 3 hypotheses refuted:
+1. **Stop and reassess.** Don't generate more hypotheses in a loop.
+2. Present what you've ruled out.
+3. Ask for additional context.
+4. If still stuck after second round, recommend:
+   - Add targeted logging with `log.debug()` from `@stacksjs/logging`
+   - Write a minimal reproduction case
+   - Run `buddy doctor` for system diagnostics
+
+**Never apply a fix just to "see if it helps."**
+
+## Phase 4: Implementation
+
+Only enter when a hypothesis is confirmed.
+
+1. **Explain the root cause** in plain language
+2. **Show the minimal fix** — change as little as possible
+3. **Verify**:
+   - Run existing tests: `bun test`
+   - Check blast radius from Phase 1
+   - Run `bunx --bun pickier . --fix` for formatting
+4. **Suggest a regression test**
+
+```
+## Root Cause
+[Clear explanation]
+
+## Fix
+[Minimal code change with file:line references]
+
+## Verification
+- [x] Existing tests pass (`bun test`)
+- [x] Blast radius checked
+- [ ] Regression test: [suggested test]
+```
+
+## Rules
+
+- **No fixes without root cause.** If you can't explain WHY, you haven't found the bug.
+- **Read before you grep.** Understand architecture first.
+- **Don't blame the framework first.** Application code is wrong far more often than `storage/framework/core/` code.
+- **Intermittent bugs are timing bugs** until proven otherwise. Look for race conditions, missing `await`, shared mutable state.
+- **If the fix is more than ~20 lines, question the root cause.** Large fixes often mean you're working around the problem.
+
+## Downstream
+
+> **Fix applied.** Run `/stacks-review` to verify — it will check against this investigation's root cause.