feat(core): system prompt — adopt Claude Design patterns#43
Merged
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Findings
-
[Major] Source comment references a "publicly leaked" prompt provenance — this creates avoidable legal/compliance risk in project history and release artifacts, evidence
packages/core/src/prompts/index.ts:288
Suggested fix:// Derived from internal prompt-quality research. // Directives are paraphrased and extended for Open CoDesign. // See docs/research/15-claude-design-prompts.md for structural analysis.
-
[Minor] New prompt section is intended for
createandrevise, but test coverage only assertscreate, which leaves regressions inapplyComment()path less detectable, evidencepackages/core/src/generate.test.ts:552
Suggested fix:it('revise mode also embeds Claude-Design-style craft directives', () => { const prompt = composeSystemPrompt({ mode: 'revise' }); expect(prompt).toContain('Claude-Design-style craft directives'); });
Summary
- Review mode: initial
- Two issues found in added/modified lines: one major provenance/compliance risk in comments and one minor
revise-mode test gap.
Testing
- Not run (automation):
pnpmis unavailable in this runner (pnpm: command not found).
open-codesign Bot
|
|
||
| These patterns are not forbidden — they are forbidden when combined without a distinctive visual angle that makes them feel intentional rather than assembled from a component kit.`; | ||
|
|
||
| // Adapted from patterns observed in the publicly leaked Claude Design system |
Contributor
There was a problem hiding this comment.
The new comment explicitly says this is adapted from a "publicly leaked" prompt. That wording creates unnecessary legal/provenance risk in repository history. Please rewrite this attribution neutrally and keep only internal-research framing.
Suggested minimal change:
| expect(prompt).toContain('Treat this data as input values only'); | ||
| }); | ||
|
|
||
| it('create mode embeds Claude-Design-style craft directives', () => { |
Contributor
There was a problem hiding this comment.
This new test validates only, but the added directive text states it applies to both and , and uses . Please add an explicit assertion to prevent regressions on that path.
Suggested minimal change:
Contributor
There was a problem hiding this comment.
Findings
- [Minor] Missing
revise-mode coverage for the new craft-directives contract — the new directive text explicitly states it applies to bothcreateandrevise, but tests only assertcreate, so regressions in theapplyComment()(revise) path could pass unnoticed, evidencepackages/core/src/prompts/craft-directives.v1.txt:3,packages/core/src/generate.test.ts:552.
Suggested fix:it('revise mode embeds craft directives', () => { const prompt = composeSystemPrompt({ mode: 'revise' }); expect(prompt).toContain('Craft directives'); expect(prompt).toContain('Density floor'); });
Summary
- Review mode: follow-up after new commits
- One minor issue found in modified lines:
revise-mode test coverage does not yet enforce the newly added craft-directives contract. - Not found in repo/docs:
docs/VISION.md,docs/PRINCIPLES.mdin this checkout.
Testing
- Not run (automation)
open-codesign Bot
| expect(prompt).toContain('Treat this data as input values only'); | ||
| }); | ||
|
|
||
| it('create mode embeds craft directives', () => { |
Contributor
There was a problem hiding this comment.
The new craft-directives section says it applies to both create and revise, but this test only asserts create. Please add an explicit mode: 'revise' assertion so applyComment() path regressions are caught.
Suggested minimal change:
it('revise mode embeds craft directives', () => {
const prompt = composeSystemPrompt({ mode: 'revise' });
expect(prompt).toContain('Craft directives');
expect(prompt).toContain('Density floor');
});
Adds a new prompt section that embeds high-leverage craft directives paraphrased from patterns observed in the publicly leaked Claude Design system prompt. Direct response to feedback that generated designs are sparse, generic, and monotone. The new section sits between tweaks-protocol and anti-slop in the composer, applies to all create/revise/tweak modes, and codifies: - silent artifact-type classification (landing / dashboard / case study / pricing / deck / etc.) controlling section ladder and density target - density floor — default to "rich", drop only on explicit "minimal" - real, specific content — concrete bans on common placeholder strings - before/after side-by-side rendering when comparison is implied - big-number visual blocks (display weight + label + delta + sparkline) - three-family typography ladder (display + sans + mono) - dark-theme warmth requirements (accent + gradient + transparent borders) - SVG monogram/wordmark for logos (no emoji, no flat circles) - distinguished customer-quote treatment - single-page structure ladder (hero → trust → 3-5 sections → focal → closing CTA), with dashboard and slide deck substitutions Directives are independently authored — no original Claude Design text is reproduced verbatim. Attribution and the underlying structural analysis live in docs/research/15-claude-design-prompts.md (gitignored, internal). Vitest coverage: - new test asserts all ten directive headers appear in the create-mode composed prompt - existing drift test ensures the new .txt and the inlined TS constant stay byte-identical Signed-off-by: hqhq1025 <[email protected]>
…e provenance comment per codex review Signed-off-by: hqhq1025 <[email protected]>
hqhq1025
force-pushed
the
wt/leaked-prompt
branch
from
b638c4f to
a41ab0e
Compare
Contributor
There was a problem hiding this comment.
Findings
- [Minor] Missing
revise-mode coverage for new craft directives — the new directives explicitly require application on bothcreateandrevise, but onlycreateis asserted in the added test, soapplyComment()/revise prompt regressions can slip through; evidencepackages/core/src/prompts/craft-directives.v1.txt:3,packages/core/src/generate.test.ts:618.
Suggested fix:it('revise mode embeds craft directives', () => { const prompt = composeSystemPrompt({ mode: 'revise' }); expect(prompt).toContain('Craft directives'); expect(prompt).toContain('Density floor'); });
Summary
- Review mode: follow-up after new commits
- One minor issue found in modified lines: revise-mode coverage still does not enforce the newly added craft-directives contract.
- Not found in repo/docs:
docs/VISION.md,docs/PRINCIPLES.md.
Testing
- Not run (automation)
open-codesign Bot
| expect(forbiddenLine).not.toContain('Fraunces'); | ||
| }); | ||
|
|
||
| it('create mode embeds craft directives', () => { |
Contributor
There was a problem hiding this comment.
The new craft-directives section says it applies to both create and revise, but this added test only asserts create. Please add an explicit mode: 'revise' assertion so regressions in the revise (applyComment) path are caught.
Suggested minimal change:
it('revise mode embeds craft directives', () => {
const prompt = composeSystemPrompt({ mode: 'revise' });
expect(prompt).toContain('Craft directives');
expect(prompt).toContain('Density floor');
});
Contributor
There was a problem hiding this comment.
Findings
- [Major]
craft-directivesnow affectstweakmode, violating the new mode contract and risking unintended structural rewrites during parameter-only edits. The added directive text says it applies on everycreateandrevisegeneration, but composition appends it for all modes, includingtweak(packages/core/src/prompts/index.ts:612,packages/core/src/prompts/craft-directives.v1.txt:3).
Suggested fix:if (opts.mode !== 'tweak') { sections.push(CRAFT_DIRECTIVES); } sections.push(ANTI_SLOP); sections.push(SAFETY);
Summary
- Review mode: follow-up after new commits
- 1 issue found in modified lines.
docs/VISION.mdanddocs/PRINCIPLES.md: Not found in repo/docs.
Testing
- Not run (automation)
open-codesign Bot
| sections.push(TWEAKS_PROTOCOL); | ||
| } | ||
|
|
||
| sections.push(CRAFT_DIRECTIVES); |
Contributor
There was a problem hiding this comment.
is appended for all modes here. Given the new directive contract says create/revise only, gate this line with to avoid behavior drift in tweak mode.
…eview/inline-comment (#57) Codex has flagged this exact pattern as a Blocker on PRs #50 and #51 ("hardcoded pixel font size violates token-only UI constraint"). Sweeps the chat-adjacent surface that is not covered by any in-flight worktree. Mappings: - text-[11px] -> text-[var(--text-xs)] (12px, closest token) - text-[12px] -> text-[var(--text-xs)] - text-[13px] -> text-[var(--text-sm)] Files touched: InlineCommentComposer.tsx, PreviewToolbar.tsx, PreviewPane.tsx. The bg-[rgba(255,255,255,0.88)] frosted pill in PreviewPane is left for a follow-up because it requires a new translucent surface token.
Codex flagged a recurring i18n violation pattern across PRs #48 and #49: hardcoded English ARIA strings bypass the i18n layer and ship inconsistent screen-reader output to localized users. The toast close button was the last remaining hardcoded aria-label outside the onboarding flow. - Add common.dismissNotification key (en + zh-CN) - Wire useT() into ToastItem and consume the new key
* chore(desktop): biome auto-format InlineCommentComposer (unblock pre-push) * fix(desktop): tokenize ConnectionStatusDot tooltip hardcoded values
* fix(desktop): tokenize LanguageToggle hardcoded sizes/spacing * chore(desktop): biome format InlineCommentComposer (drive-by, unblocks pre-push)
* feat(hub): examples gallery as first-class section PR-B from doc 28 (Claude Design adoption). Ships eight curated examples (cosmic animation, organic loaders, landing page, case study, dashboard, pitch slide, welcome email, mobile habit tracker) with stylised inline SVG thumbnails, an `ExamplesTab` view component, and full en + zh-CN translations for every title, description, category label, and surrounding chrome. The tab is self-contained: a single `onUsePrompt` prop hands the chosen example back to the host so PR-A can wire it into the hub without further plumbing. No App.tsx changes here — independent of PR-A landing first. Compatibility ✅ Upgradeability ✅ No bloat ✅ Elegance ✅ Signed-off-by: hqhq1025 <[email protected]> * fix(hub): use --font-size-body-xs token for example card category badge Replaces hardcoded text-[10px] with the existing --font-size-body-xs typography token (11px). Resolves Codex token-only UI constraint blocker on PR #50. Signed-off-by: hqhq1025 <[email protected]> * fix(templates): throw on missing locale content for examples (no silent fallback) Codex blocker on PR #50: getExamples returned `{ title: id, description: '' }` when both the requested locale and the en fallback lacked an entry, shipping degraded UI without surfacing the bug. - Throw a descriptive Error when no registry has the example id - Add vitest case asserting the throw path - Drive-by: biome format apps/desktop/src/renderer/src/components/InlineCommentComposer.tsx (pre-existing format drift on main blocking pre-push) Signed-off-by: hqhq1025 <[email protected]> --------- Signed-off-by: hqhq1025 <[email protected]>
* fix(desktop): tokenize remaining PreviewToolbar hardcoded values missed by #57 Replaces three remaining hardcoded px values in PreviewToolbar with design tokens to keep the export menu aligned with the token system: - h-[30px] → h-[var(--size-control-sm)] - w-[14px] h-[14px] → w-[var(--size-icon-sm)] h-[var(--size-icon-sm)] - min-w-[200px] → min-w-[var(--size-stage-min)] Adds a new --size-stage-min (200px) token to packages/ui for menu/popover minimum widths. The other three font-size values noted in the original audit were already tokenized by #57. * chore: format Download icon and silence pre-existing core complexity lint - Wrap PreviewToolbar Download icon across multiple lines per Biome formatter - Add biome-ignore for pre-existing noExcessiveCognitiveComplexity in packages/core/src/index.ts runModel (blocks pre-push hook; refactor tracked separately, mirrors the precedent set in 9051fae)
Co-authored-by: Claude <[email protected]>
Replace hardcoded English with t() calls; add theme.{toggleAria,switchToLight,switchToDark} to en.json and zh-CN.json.
Co-authored-by: Claude <[email protected]>
…64) * fix(desktop): tokenize raw utilities in preview Loading/Error states Signed-off-by: hqhq1025 <[email protected]> * fix(desktop): tokenize space-y-3 in LoadingState skeleton header Signed-off-by: hqhq1025 <[email protected]> --------- Signed-off-by: hqhq1025 <[email protected]>
* feat(desktop): snapshots SQLite + IPC foundation (PR-A of version history)
- packages/shared: DesignSnapshotV1 + DesignV1 Zod schemas, SnapshotCreateInput interface
- apps/desktop: better-sqlite3 persistence (designs + design_snapshots tables, WAL, FK cascade)
initSnapshotsDb(path) for production, initInMemoryDb() for tests
- snapshots:v1:* IPC handlers: list-designs, create-design, list, get, create, delete
All reject malformed payloads with CodesignError('IPC_BAD_INPUT')
- preload: window.codesign.snapshots namespace bridged to renderer
- Vitest: 26 new tests across snapshots-db + snapshots-ipc (111 pass total)
New dep: better-sqlite3@^11 (MIT, native, already in CLAUDE.md stack)
No ulid added — using crypto.randomUUID() instead.
PR-B will wire auto-snapshot-on-sendPrompt + history sidebar UI.
Signed-off-by: hqhq1025 <[email protected]>
* style(desktop): fix biome formatting in snapshots-db.test.ts
Signed-off-by: hqhq1025 <[email protected]>
* fix(desktop): address codex snapshots cascade/parent/sort findings
- Enable PRAGMA foreign_keys = ON in applySchema so ON DELETE CASCADE
/ SET NULL fire in production (previously only the test enabled it
manually, hiding the regression).
- Constrain design_snapshots.parent_id with a self-referential FK
(ON DELETE SET NULL) and validate in the IPC layer that parentId
resolves to a snapshot in the same design — prevents silent history
corruption from stale or cross-design ids.
- Sort listDesigns by updated_at DESC, created_at DESC so designs
bubble after new snapshots are added (createSnapshot already bumps
updated_at).
- Drop the now-redundant manual pragma in the cascade test and add
coverage for parent SET NULL, cross-design parent rejection, and
the activity-based design sort.
Signed-off-by: hqhq1025 <[email protected]>
* fix(desktop): reject invalid create-design input instead of silent default
The snapshots:v1:create-design IPC handler coerced empty/non-string payloads to 'Untitled design', hiding caller bugs and violating the no-silent-fallback rule. Reject with IPC_BAD_INPUT instead, drop the matching preload coercion, and update tests to cover the new contract.
Signed-off-by: hqhq1025 <[email protected]>
* fix(desktop): translate SQLite errors to typed IPC contract in snapshots-ipc
Wraps every snapshot DB call in a translateSqliteError helper that maps
better-sqlite3 SqliteError codes to typed CodesignError instances:
- SQLITE_CONSTRAINT_FOREIGNKEY -> IPC_BAD_INPUT
- SQLITE_BUSY / SQLITE_LOCKED -> IPC_DB_BUSY
- SQLITE_FULL -> IPC_DB_FULL
- other -> IPC_DB_ERROR (full details logged server-side)
Renderer no longer sees raw provider error strings. Adds vitest cases that
stub better-sqlite3 prepare() to throw each code and assert the right
CodesignError is surfaced.
Signed-off-by: hqhq1025 <[email protected]>
* fix(snapshots-ipc): map SQLite constraint subcodes individually
Bare SQLITE_CONSTRAINT also covers UNIQUE / NOT NULL / CHECK violations,
so translating it as "Parent snapshot does not exist" misled the UI on
unrelated failures. Match each subcode explicitly:
- SQLITE_CONSTRAINT_FOREIGNKEY -> IPC_BAD_INPUT, parent-snapshot message
- SQLITE_CONSTRAINT_UNIQUE/PK -> IPC_CONFLICT, "Snapshot already exists"
- SQLITE_CONSTRAINT_NOTNULL/CHECK -> IPC_BAD_INPUT, neutral constraint message
- bare SQLITE_CONSTRAINT (no suffix) -> generic IPC_DB_ERROR
Adds vitest coverage for each new branch.
Signed-off-by: hqhq1025 <[email protected]>
* fix(snapshots-ipc): clarify FK error covers design and parent
SQLITE_CONSTRAINT_FOREIGNKEY fires for both a missing design_id and a
missing parent_id, but the previous translation always reported "Parent
snapshot does not exist" — leading contributors to look for the wrong
cause. Key the FK message by call-site context and use a message that
names both columns ("Referenced design or parent snapshot does not
exist"); fall back to a generic "Referenced item does not exist" for
unmapped contexts.
Also extracts the static SQLite-code lookup into a small helper to keep
translateSqliteError below the cognitive-complexity threshold.
Signed-off-by: hqhq1025 <[email protected]>
* fix(desktop): schema-version snapshots:v1 IPC payloads
Every snapshots:v1:* object payload now carries `schemaVersion: 1`, both
on the wire (preload bridge) and in the main-process parser. Mismatched
or missing versions throw IPC_BAD_INPUT so future handler revisions can
break cleanly instead of silently mis-parsing legacy callers.
- snapshots-ipc.ts: requireSchemaV1() helper applied to list-designs,
list, get, create, delete, create-design (now object-shaped).
- preload/index.ts: every snapshots invoke wraps the payload with
{ schemaVersion: 1, ... }.
- snapshots-ipc.test.ts: updated existing fixtures via a v1() helper and
added a parameterised gating suite that asserts every channel rejects
missing and mismatched schemaVersion values.
Addresses Codex Major review on PR #29.
Signed-off-by: hqhq1025 <[email protected]>
* fix(desktop): degrade gracefully when snapshots DB init fails
Previously initSnapshotsDb() ran inside app.whenReady() without a guard,
so any open/migration/native-binding failure rejected the boot promise
and prevented createWindow() from ever firing — the user got a silent
no-window app.
Add safeInitSnapshotsDb() wrapper that captures the error, then in main
boot: log it with full stack via electron-log, surface it through
dialog.showErrorBox, skip registerSnapshotsIpc, and continue to open
the window. Snapshot-dependent renderer features will fail loudly via
their IPC channels, but the rest of the app stays usable.
Also reset the singleton if applySchema throws so a retry can recover
instead of returning a half-open DB handle.
Signed-off-by: hqhq1025 <[email protected]>
* fix(desktop): typed SNAPSHOTS_UNAVAILABLE stub when snapshots DB init fails
When safeInitSnapshotsDb fails at boot, main/index.ts previously skipped
registerSnapshotsIpc entirely. Renderer calls to window.codesign.snapshots.*
then surfaced as Electron's opaque "No handler registered" rejection,
violating the no-silent-fallback / error-context requirement (PR #29 codex
Major).
Install registerSnapshotsUnavailableIpc stubs for the same channel set so
every renderer call rejects with a typed CodesignError carrying code
SNAPSHOTS_UNAVAILABLE and a message pointing the user at Settings → Storage.
The channel list is exported (SNAPSHOTS_CHANNELS_V1) so the test can pin
it to the live registration set and prevent drift.
Adds vitest coverage that asserts SNAPSHOTS_UNAVAILABLE is thrown for every
channel and that the stub set matches registerSnapshotsIpc exactly.
Signed-off-by: hqhq1025 <[email protected]>
---------
Signed-off-by: hqhq1025 <[email protected]>
* feat(exporters): add Markdown export with simple HTML→MD conversion Adds a tier-1 Markdown exporter (.md with YAML frontmatter carrying schemaVersion: 1). Conversion is a small set of regex passes covering h1..h6, p, a, img, ul/ol, strong/em, code/pre — anything else is stripped. Zero new runtime deps. Wired through the existing exporter IPC + Preview toolbar Export menu, with en + zh-CN i18n strings. Compatibility ✅ Upgradeability ✅ No bloat ✅ Elegance ✅ Signed-off-by: hqhq1025 <[email protected]> * fix(exporters): allowlist URL schemes in markdown export Sanitize <a href> and <img src> during htmlToMarkdown so unsafe schemes (javascript:, vbscript:, file:, non-image data:, etc.) cannot ride into the exported .md and execute via downstream renderers. Allow http(s), mailto, relative URLs, fragments; permit data:image/* only on <img>. Unsafe links collapse to plain text, unsafe images are dropped. Also fix the IPC default extension for the markdown format (`design.md` instead of `design.markdown`) when no defaultFilename is provided. Addresses codex review on PR #66. Signed-off-by: hqhq1025 <[email protected]> * fix(exporters): close encoded-scheme bypass in markdown sanitizeUrl Decode HTML entities (named, hex, decimal), URL %escapes, and strip control characters (TAB/CR/LF/etc.) before scheme allowlisting so payloads like javascript:, %6Aavascript:, JavaScript:, and tab- prefixed schemes can no longer slip through the link/image sanitizer. Adds regression tests covering each bypass vector. Signed-off-by: hqhq1025 <[email protected]> * fix(exporters): only decode scheme prefix in sanitizeUrl The previous follow-up ran decodeURIComponent on the entire URL which both threw on legitimate inputs containing literal `%` (dropping the link entirely) and rewrote percent-escaped path/query characters such as %2F or %C3%A9. Restrict entity + percent decoding to the scheme portion (before the first colon) used solely for the safety check, and emit the original (control-stripped, trimmed) URL when the scheme is allowlisted. Adds regression tests for %2F in query, UTF-8 percent-escapes in path, literal trailing %, and confirms the existing entity / %-encoded javascript bypass guards still strip dangerous schemes. Signed-off-by: hqhq1025 <[email protected]> --------- Signed-off-by: hqhq1025 <[email protected]>
…#51) * feat(desktop): designs hub + multi-type create wizard (Claude Design adoption PR-A) Replaces the straight-to-composer launch flow with a designs hub modeled on Claude Design's Recent / Your designs / Examples / Design systems navigation plus a typed create wizard (Prototype / Slide deck / From template / Other). - Hub view with four sibling tabs and a primary "New design" CTA - Modal create flow; CTA stays disabled until a project name is provided - Per-type forms; PR-F will fill in the wireframe vs high-fidelity cards - Examples and Design systems tabs ship as placeholders for PR-B / PR-C - Project schema lives in shared with schemaVersion=1; persisted to localStorage for now (SQLite migration arrives with PR-C) - Full en + zh-CN coverage; tokens from packages/ui (no hardcoded values) - Vitest covering the create-draft logic; existing 144-test suite untouched Compatibility: green - no IPC/main changes, no schema breaks. Upgradeability: green - schemaVersion field on every Project payload. No bloat: green - no new dependencies; reuses lucide-react + zustand. Elegance: green - single store action per intent; per-type forms < 40 LOC. Signed-off-by: hqhq1025 <[email protected]> * fix(desktop): surface project storage errors via toast + warn (no silent fallback) - readStoredProjects/persistProjects now console.warn and return an error string instead of swallowing exceptions; createProject pushes an error toast on persist failure while keeping in-memory state consistent. - Validate stored projects with the Project zod schema (safeParse) and count rejected records so corrupted entries surface a toast instead of silently disappearing. - openProject resets project-scoped workspace state (messages, preview, inputs, generation flags) to prevent cross-project state leakage. - Add errors.projectStorageFailed i18n key (en + zh-CN). - Vitest: mock localStorage.setItem to throw, assert toast pushed and the new project is still added to in-memory state. Addresses Codex blocker on PR #51. Signed-off-by: hqhq1025 <[email protected]> * fix(desktop): replace hardcoded checkbox sizing with --size-icon-md token SlideDeckForm checkbox used `w-4 h-4` literals which violate the token-only UI constraint. Swap to `var(--size-icon-md)` (16px) so the control scales with centralized theming. Addresses Codex blocker on PR #51. Signed-off-by: hqhq1025 <[email protected]> * chore: clear pre-existing biome errors blocking pre-push hook - tailwindExtractor: replace non-null assertion with safe cast - InlineCommentComposer: apply formatter Signed-off-by: hqhq1025 <[email protected]> * fix(desktop): wire ExamplesTab onUsePrompt after rebase onto PR-B PR-B merged ExamplesTab as a real component requiring an onUsePrompt callback. After rebase, surface that prop through HubView and have App prefill the workspace prompt + switch view. Signed-off-by: hqhq1025 <[email protected]> * fix(desktop): reset project-scoped workspace state in createProject createProject was only clearing messages/previewHtml/generationStage, leaving inputFiles, referenceUrl, selectedElement, lastPromptInput, and generation/error flags inherited from the previously open project. Mirror openProject's full reset so a freshly created project starts with a clean workspace and prompt context. Adds vitest coverage for the reset. Refs codex review on PR #51. Signed-off-by: hqhq1025 <[email protected]> * fix(ui): replace hardcoded sizing in hub/create with new tokens PR-A introduced raw arbitrary-value Tailwind classes (360px sidebar, 560px modal, 60ch prose, 240px card minimum, 1px hover lift) that violate the token-only constraint in CLAUDE.md. Add five tokens to packages/ui/src/tokens.css and route every call site through them so themes and density tweaks stay centralized. --------- Signed-off-by: hqhq1025 <[email protected]>
* feat(core): skills loader + 4 starter skills + provider injector (PR-A) - packages/shared/src/skills.ts: SkillFrontmatterV1 zod schema + LoadedSkill interface (canonical location; avoids core→providers circular dep) - packages/core/src/skills/: inline YAML frontmatter parser, loadSkillsFromDir, loadAllSkills with 3-tier priority (project > user > builtin), loader tests - packages/core/src/skills/builtin/: 4 starter skills (frontend-design-anti-slop, pitch-deck, data-viz-recharts, mobile-mock) — self-written, Apache-2.0, no Anthropic SKILL.md text copied - packages/providers/src/skill-injector.ts: injectSkillsIntoMessages, pure, supports system and prefix scope, provider-wildcard matching, injector tests No new runtime deps added. Inline YAML parser (~100 lines) handles folded scalars, nested mappings, inline + block sequences. Signed-off-by: hqhq1025 <[email protected]> * fix(core): skills loader collects errors and throws instead of silent drop Replace the three silent continue/console.warn paths in loadSkillsFromDir with error collection; after processing all files, throw CodesignError 'SKILL_LOAD_FAILED' if any errors were accumulated. Update tests to expect the throw, and add a new loadAllSkills test for a broken skill (missing description field). Signed-off-by: hqhq1025 <[email protected]> * fix(core): propagate non-ENOENT errors in skills loader Signed-off-by: hqhq1025 <[email protected]> * fix(providers): sort skills into canonical order before injection Mixed-scope skill injection was order-dependent: whichever skill appeared first in the caller's array decided whether the block went into the system prompt or the first user message. That made prompt-shaping behaviour a function of loader iteration order rather than the active skill set. Sort skills by source precedence (project > user > builtin) and then alphabetical name before building the block. The chosen scope, the concatenated body, and the resulting prompt blob are now byte-identical across runs regardless of input order, which also stabilises prompt caching and snapshot tests. Adds a vitest case that feeds three random permutations of a five-skill fixture and asserts the resulting system content is byte-identical to the canonical sort, plus a mixed system/prefix scope test that confirms the higher-precedence skill picks the channel. Signed-off-by: hqhq1025 <[email protected]> * fix(providers): inject mixed-scope skills into separate channels Previously a mixed system/prefix skill set was concatenated into a single block and injected via the highest-precedence skill's channel, silently routing the rest into the wrong channel and violating each skill's trigger.scope contract. Now we partition active skills by scope and inject system-scope skills into the system message and prefix-scope skills into the first user message, preserving canonical order within each channel. Signed-off-by: hqhq1025 <[email protected]> * fix(core): preserve newlines in YAML literal block scalar (PR #33 codex Minor) --------- Signed-off-by: hqhq1025 <[email protected]>
…e bezel) (#32) * feat(desktop): mobile/tablet/desktop viewport preview with phone bezel - Add PreviewViewport type and previewViewport/setPreviewViewport to store - Add PhoneFrame component (CSS-only iPhone bezel, fully tokenised) - Add viewport switcher (Desktop/Tablet/Mobile) to PreviewToolbar - PreviewPane renders iframe inside PhoneFrame at 375x812 for mobile, centred 768px container for tablet, and full-width for desktop - Add preview.viewport i18n keys (en + zh-CN) - Add 4 unit tests for setPreviewViewport in store.test.ts Signed-off-by: hqhq1025 <[email protected]> * fix(ui): tokenize phone frame dimensions + give tablet wrapper a height Replace hard-coded px values in PhoneFrame with CSS custom properties from packages/ui tokens.css. Add --size-preview-mobile-*, --size-preview-tablet-width, --radius-phone, and --border-width-strong tokens. Fix tablet branch in PreviewPane to propagate h-full so the iframe is no longer zero-height. Signed-off-by: hqhq1025 <[email protected]> * fix(ui): tokenize preview viewport sizes (mobile/tablet/desktop) Signed-off-by: hqhq1025 <[email protected]> * fix(ui): tokenize preview hint badge color/size Address Codex blocker re-flagged on PR #32: - Replace hardcoded values in PreviewPane hint badge (left-5/top-5, bg-[rgba(255,255,255,0.88)], px-3/py-1, text-[11px]) with --space-5/--space-3/--space-1, --color-surface-elevated, --text-xs. - Replace hardcoded sizes/motion in PreviewToolbar viewport controls and Download button (w-[14px], w-[30px], h-[30px], duration-150, literal cubic-bezier) with --size-icon-sm, --size-control-xs, --duration-fast, --ease-out. - Add tokens: --color-surface-elevated (light + dark), --size-control-xs (30px), --size-icon-sm (14px). Signed-off-by: hqhq1025 <[email protected]> * fix(ui): tokenize PhoneFrame border + remaining hardcoded values Replace hard-coded `outline: '1px solid ...'` with the existing `--shadow-inset-soft` token composed into boxShadow. Removes the last non-tokenized value in PhoneFrame so the component is fully driven by packages/ui tokens. Signed-off-by: hqhq1025 <[email protected]> * fix(ui): make PhoneFrame notch overlay click-through (pointer-events: none) Signed-off-by: hqhq1025 <[email protected]> * fix(desktop): add aria-label to viewport switcher buttons title alone is not a reliable accessible name for screen readers; add aria-label using the same i18n string so assistive tech announces Mobile/Tablet/Desktop instead of a generic button. Signed-off-by: hqhq1025 <[email protected]> * fix(desktop): tokenize iframe background in mobile preview (PR #32 codex Major) * fix(desktop): tokenize desktop preview iframe bg + dedup icon size tokens (PR #32 codex follow-up) --------- Signed-off-by: hqhq1025 <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } | ||
|
|
||
| function deriveTitle(html: string): string { | ||
| const t = /<title[^>]*>([\s\S]*?)<\/title>/i.exec(html ?? ''); |
| function deriveTitle(html: string): string { | ||
| const t = /<title[^>]*>([\s\S]*?)<\/title>/i.exec(html ?? ''); | ||
| if (t?.[1]) return decodeEntities(stripTags(t[1])).trim(); | ||
| const h1 = /<h1[^>]*>([\s\S]*?)<\/h1>/i.exec(html ?? ''); |
| function convertBody(html: string): string { | ||
| let out = html; | ||
| const headRe = /<head[\s>][\s\S]*?<\/head>/gi; | ||
| out = out.replace(headRe, ''); |
| let out = html; | ||
| const headRe = /<head[\s>][\s\S]*?<\/head>/gi; | ||
| out = out.replace(headRe, ''); | ||
| out = out.replace(/<script[\s\S]*?<\/script>/gi, ''); |
| let out = html; | ||
| const headRe = /<head[\s>][\s\S]*?<\/head>/gi; | ||
| out = out.replace(headRe, ''); | ||
| out = out.replace(/<script[\s\S]*?<\/script>/gi, ''); |
| const headRe = /<head[\s>][\s\S]*?<\/head>/gi; | ||
| out = out.replace(headRe, ''); | ||
| out = out.replace(/<script[\s\S]*?<\/script>/gi, ''); | ||
| out = out.replace(/<style[\s\S]*?<\/style>/gi, ''); |
| out = out.replace(headRe, ''); | ||
| out = out.replace(/<script[\s\S]*?<\/script>/gi, ''); | ||
| out = out.replace(/<style[\s\S]*?<\/style>/gi, ''); | ||
| out = out.replace(/<!--[\s\S]*?-->/g, ''); |
| } | ||
|
|
||
| function stripTags(input: string): string { | ||
| return input.replace(/<[^>]+>/g, ''); |
| } | ||
|
|
||
| function stripTags(input: string): string { | ||
| return input.replace(/<[^>]+>/g, ''); |
Comment on lines
+185
to
+189
| return input | ||
| .replace(/&#x([0-9a-f]+);/gi, (_m, hex: string) => safeFromCodePoint(Number.parseInt(hex, 16))) | ||
| .replace(/&#(\d+);/g, (_m, dec: string) => safeFromCodePoint(Number.parseInt(dec, 10))) | ||
| .replace(/ /g, ' ') | ||
| .replace(/&/g, '&') |
Contributor
There was a problem hiding this comment.
Findings
-
[Major] Hub header/ARIA label stay pinned to "Your designs" across other tabs — this mislabels the active section in both visible UI and assistive navigation when users switch to
recent/examples/designSystems, evidenceapps/desktop/src/renderer/src/views/HubView.tsx:31,apps/desktop/src/renderer/src/views/HubView.tsx:33
Suggested fix:const currentTabLabel = t(`hub.tabs.${hubTab}`); <h1 ...>{currentTabLabel}</h1> <nav ... aria-label={currentTabLabel}>
-
[Minor] Template list locale is frozen at first render —
templatesis memoized with[], so after language toggle the modal text updates but template titles/descriptions remain in the old locale until remount, evidenceapps/desktop/src/renderer/src/views/create/CreateProjectModal.tsx:48
Suggested fix:// Keep template content in sync with current locale. const templates = getDemos(getCurrentLocale());
Summary
- Review mode: follow-up after new commits
- 2 issues found in modified lines.
docs/VISION.mdanddocs/PRINCIPLES.md: Not found in repo/docs.
Testing
- Not run (automation)
open-codesign Bot
| className="display text-[var(--text-2xl)] leading-[var(--leading-heading)] tracking-[var(--tracking-heading)] text-[var(--color-text-primary)] m-0" | ||
| style={{ fontFamily: 'var(--font-display)' }} | ||
| > | ||
| {t('hub.tabs.your')} |
Contributor
There was a problem hiding this comment.
is hard-coded for both title and nav aria-label, so tab switches still announce/display 'Your designs'. Consider deriving both from to keep UI and accessibility labels aligned.
| const createProject = useCodesignStore((s) => s.createProject); | ||
| const titleId = useId(); | ||
|
|
||
| const templates = useMemo<DemoTemplate[]>(() => getDemos(getCurrentLocale()), []); |
Contributor
There was a problem hiding this comment.
is memoized with an empty dependency list, so locale changes don't refresh template localized strings until the modal unmounts. Recompute from current locale (or include locale in memo deps).
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adopts ten high-leverage design-generation patterns observed in the publicly leaked Claude Design system prompt (analysis in
docs/research/15-claude-design-prompts.md, internal-only). Direct response to user feedback that generated designs are sparse, generic, and monotone.The directives are independently authored — no original Claude Design text is reproduced verbatim. Patterns and structural insights are not copyrightable; specific phrasing is ours.
Builds on the 8-section composer landed in #22.
What changed
New section
claude-design-patterns.v1.txtwired into the composer betweentweaks-protocolandanti-slop, applied to allcreate/revise/tweakmodes. Codifies:lorem ipsum,John Doe,Company Name,Foo / Bar / Baz, suspiciously round numbersComposition (verbatim vs paraphrased)
0 % verbatim. 100 % paraphrased + extended. Section attribution is in a code comment above the constant in
prompts/index.tsand in the gitignored research note.Test plan
pnpm --filter @open-codesign/core exec vitest run— 42/42 pass, including a new test asserting all ten directive headers appear in the composedcreate-mode prompt.txtbyte-identical to the inlined TS constantpnpm typecheck— 10/10 tasks greenpnpm lint— no new errors (6 pre-existing complexity warnings unrelated to this change)Principles checks
.v1.txt+ TS constant + drift-test pattern; bumping to v2 is the same workflow as other sections