Add Springboard docs CLI and jamapp support infrastructure

[mickmister]

Summary

This PR prepares Springboard and JamTools Core to support the new standalone jamapp workflow by adding bundled Springboard documentation tooling, improving generated app guidance, exposing browser/session APIs, and making JamTools IO dependencies platform-aware.

What changed

• Added a new sb docs command to the Springboard CLI with:
  • sb docs context for AI-agent-oriented framework context
  • sb docs list / sb docs get for section discovery and retrieval
  • sb docs types for core TypeScript reference output
  • sb docs examples list / show for bundled example modules
• Added bundled Springboard documentation and example module content covering module APIs, routing, state management, lifecycle, actions/RPC, platforms, patterns, anti-patterns, and module communication.
• Updated create-springboard-app to generate AGENTS.md and CLAUDE.md with instructions to run sb docs context before development.
• Packaged the Springboard CLI with the main springboard package by adding the sb bin entry, including cli/dist in published files, and updating the package build flow to build the CLI alongside the core package and Vite plugin.
• Added browser session storage support:
  • new BrowserSessionKVStoreService
  • optional storage.session core dependency
  • StatesAPI.createLocalSessionState(...)
  • wiring for online, offline, and generated web entrypoints.
• Added a typed useModule(...) React hook for component-level module access.
• Split JamTools IO dependency creation into platform-specific exports for browser, node, and default/mock environments, and exported those paths from @jamtools/core.
• Added an export for the JamTools MIDI files module and adjusted MIDI file parsing to work with the package’s default import shape.
• Updated Vite plugin/dev infrastructure to:
  • re-initialize the Springboard engine after user-code HMR changes
  • honor PORT in generated node entrypoints
  • include session storage in generated web entrypoints.
• Added local Verdaccio helper/config changes used to publish and consume the dev package versions needed by the jamapp migration.

Why

The task context is to move the app currently represented by packages/jamtools/features into a new jamapp repository created with create-springboard-app. To make that practical, Springboard needs to ship enough framework docs and examples for agents/developers working in the generated app, publish the CLI/docs with the package, and expose the runtime APIs that the copied JamTools feature modules need when consumed from a separate application.

Important implementation details

• The documentation system is bundled inside the CLI package and loaded from local files, so generated apps can ask the installed sb binary for framework context without relying on external documentation services.
• Generated apps now include agent-facing instructions in both AGENTS.md and CLAUDE.md, pointing contributors to the sb docs workflow.
• Session state is implemented as an optional KV store dependency; browser entrypoints provide a sessionStorage-backed implementation, while createLocalSessionState falls back to user-agent storage when session storage is unavailable.
• JamTools IO dependency selection now uses package export conditions instead of inline platform-marker blocks, which makes the copied features easier to bundle from another repo.
• The package publish flow now builds the main Springboard package, CLI, and Vite plugin so the published package contains the new sb binary and docs assets.

[claude]

Claude finished @mickmister's task —— View job

---

PR Review Progress

Reviewing PR #71 "Update @jamtools/core for Jam App" with 53 changed files and 4642 additions.

Todo List:

• Check for repository guidelines (CLAUDE.md)
• Review @jamtools/core package changes
• Review springboard CLI and documentation changes
• Review platform-specific modules and browser services
• Check for security vulnerabilities
• Assess performance implications
• Evaluate test coverage
• Provide comprehensive feedback and recommendations

PR Review Summary

This is a substantial PR that includes important updates to both @jamtools/core and the springboard framework. Below is my comprehensive review:

✅ Positive Aspects

1. Good Architecture: Platform-specific dependency injection pattern in io_dependencies.* files is well-designed
2. Comprehensive Documentation: Extensive new docs in packages/springboard/cli/src/docs/content/ provide valuable context
3. Type Safety: Strong TypeScript usage throughout with proper interfaces and generics
4. Modular Design: Clean separation between browser, node, and mock implementations

🚨 Critical Issues

Security Concerns

1. packages/springboard/src/platforms/browser/services/browser_session_kvstore_service.ts:13-17

   try {
       entriesAsRecord[key] = JSON.parse(value);
   } catch (e) {
       // eslint-disable-line no-empty
   }

   Risk: Silent JSON parsing failures could hide corruption. Should log errors or handle gracefully.

2. packages/jamtools/core/src/modules/io/io_dependencies.node.ts:8

   if (process.env.DISABLE_IO === 'true') {

   Risk: Environment variable controls are security-sensitive. Ensure this is documented and intended.

Potential Bugs

1. packages/springboard/src/core/engine/engine.tsx:72-77

   if ('confirm' in globalThis) {
       if (confirm('failed to connect to websocket server. run in local browser mode?')) {
           this.coreDeps.isMaestro = () => true;
       }
   }

   Issue: Mutating isMaestro function at runtime is problematic. This could cause inconsistent state.

2. packages/jamtools/core/src/modules/io/io_module.tsx:99

   this.ensureListening();

   Issue: Async function called without await in sendMidiEvent. Should be await this.ensureListening();

3. packages/jamtools/core/src/modules/midi_files/midi_file_parser/midi_file_parser.ts:3

   import tonejs from '@tonejs/midi';

   Issue: Default import followed by destructuring is inconsistent with the fix mentioned in commit "Fix @tonejs/midi import"

Performance Issues

1. packages/springboard/src/core/engine/engine.tsx:128-149
   Sequential module registration could be parallelized for better startup performance.

2. packages/springboard/src/platforms/browser/services/browser_session_kvstore_service.ts:6-21
   getAll() method reads all sessionStorage keys synchronously, which could be slow with many entries.

⚠️ Code Quality Issues

1. Commented Code: Multiple files contain large blocks of commented code that should be removed
2. CLI Implementation: Most CLI commands in packages/springboard/cli/src/cli.ts are commented out
3. Error Handling: Inconsistent error handling patterns across modules

🧪 Test Coverage Concerns

1. Limited Tests: Only found 5 test files for the scope of changes
2. Missing Tests: No tests for new browser services, CLI commands, or documentation features
3. Build Issue: turbo command not found when running tests

📦 Package.json Issues

1. @jamtools/core: Good export structure but heavy peer dependency on springboard
2. Missing Dependencies: Some imports may not have corresponding dependencies declared

🔧 Recommendations

1. Fix async/await bug in IoModule.sendMidiEvent() - line 99
2. Add proper error handling in BrowserSessionKVStoreService
3. Remove commented code throughout the codebase
4. Add comprehensive tests for new functionality
5. Document security implications of environment variables
6. Consider parallelizing module initialization for better performance
7. Fix build/test configuration - resolve turbo dependency issue

✅ Final Assessment

This PR introduces valuable functionality and good architectural patterns, but has several critical bugs and security concerns that should be addressed before merging. The most critical issues are:

• Async/await bug in MIDI handling
• Runtime mutation of core dependencies
• Silent error swallowing in JSON parsing

Recommendation: Request fixes for critical issues before approval.

---

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 48723f5210

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore platform-specific IO dependency loading

IoModule now imports createIoDependencies from ./io_dependencies, but that file is the test fallback that always returns MockQwertyService/MockMidiService. Because this is a relative import, Node/browser conditional exports are not applied, so production builds will never instantiate the real browser/node IO services unless tests manually override the creator.

Useful? React with 👍 / 👎.

[mickmister]

Because this is a relative import, Node/browser conditional exports are not applied

@codex Are you sure this is true?

[chatgpt-codex-connector]

Remove localhost registry override from repo config

Committing a root .npmrc with registry=http://localhost:4873/ forces all package installs/publishes in this repo to use a local Verdaccio instance. In normal developer/CI environments where Verdaccio is not running, dependency resolution will fail outright, making the repository unusable without extra local setup.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Export io_dependencies types from declaration with value

The ./modules/io/io_dependencies export maps types to io_dependencies_types.d.ts, which defines only type aliases and does not declare the createIoDependencies value export that the runtime files provide. TypeScript consumers importing createIoDependencies from this subpath will get missing-export type errors even though the JS export exists.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Implement sb start server launch instead of no-op

The start command now only logs a message and exits without launching any server process. Since the command description still says it starts the production server, users invoking sb start will get a successful-looking no-op and no running application.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 48723f5210

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Route IO dependency import through package exports

Because io_module.tsx imports ./io_dependencies via a relative specifier, the resolver never consults the package.json conditional exports you added for ./modules/io/io_dependencies. As a result, browser and node runtimes both load io_dependencies.ts (the mock implementation) instead of the .browser/.node variants, so real MIDI/QWERTY services are never initialized unless tests manually override the creator.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Remove hardcoded localhost registry from root npmrc

This root .npmrc forces registry=http://localhost:4873/ for the entire repo, which makes installs and publishes depend on a locally running Verdaccio instance. In CI or any developer environment without that service, package resolution will fail against localhost and standard dependency workflows break by default.

Useful? React with 👍 / 👎.

[cloudflare-workers-and-pages]

Deploying jamtools-docs-new with    Cloudflare Pages

Latest commit:	32c43a1
Status:	✅  Deploy successful!
Preview URL:	https://82de325b.jamtools-docs-new.pages.dev
Branch Preview URL:	https://vk-e1e4-copy-jamtools-fe.jamtools-docs-new.pages.dev

View logs