Dicklesworthstone
diff --git a/‎.beads/issues.jsonl‎
Lines changed: 1 addition & 1 deletion b/‎.beads/issues.jsonl‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/manifest/src/generate.ts‎
Lines changed: 7 additions & 0 deletions b/‎packages/manifest/src/generate.ts‎
Lines changed: 7 additions & 0 deletions
@@ -1122,7 +1122,7 @@
 {"id":"bd-vmmc","title":"Update onboard.sh TUI lesson arrays","description":"# Task: Add RU Lesson to Onboard TUI\n\n## Location\nFile: packages/onboard/onboard.sh\n\n## Background\nThe onboard.sh script is a bash TUI that teaches users the ACFS workflow.\nIt has 9 lessons currently (0-8). We're adding RU as lesson 9.\n\n## Changes Required\n\n### 1. LESSON_TITLES array (~line 39)\nAdd at end:\n```bash\ndeclare -a LESSON_TITLES=(\n    \"Welcome & Overview\"\n    \"Linux Navigation\"\n    \"SSH & Persistence\"\n    \"tmux Basics\"\n    \"Agent Commands (cc, cod, gmi)\"\n    \"NTM Command Center\"\n    \"NTM Prompt Palette\"\n    \"The Flywheel Loop\"\n    \"Keeping Updated\"\n    \"RU: Multi-Repo Sync\"  # NEW - lesson 9\n)\n```\n\n### 2. LESSON_FILES array (~line 52)\nAdd at end:\n```bash\ndeclare -a LESSON_FILES=(\n    \"00_welcome.md\"\n    \"01_linux_basics.md\"\n    \"02_ssh_basics.md\"\n    \"03_tmux_basics.md\"\n    \"04_agents_login.md\"\n    \"05_ntm_core.md\"\n    \"06_ntm_command_palette.md\"\n    \"07_flywheel_loop.md\"\n    \"08_keeping_updated.md\"\n    \"09_ru.md\"  # NEW\n)\n```\n\n### 3. LESSON_SUMMARIES array (~line 65)\nAdd entry for lesson 9:\n```bash\n[9]=\"Syncing multiple repos with ru|Agent Sweep for AI commits|Parallel workers and resume\"\n```\n\n## Why TUI Lesson Matters\nUsers running 'onboard' on their VPS get this interactive tutorial.\nIt's often their first exposure to each tool.\n\n## Verification\n- Run: onboard 10 (should show RU lesson)\n- Run: onboard status (should show 10 lessons total)\n- Lesson navigation works (next/prev)","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-11T04:03:08.216513022Z","created_by":"ubuntu","updated_at":"2026-01-11T04:27:11.826100384Z","closed_at":"2026-01-11T04:27:11.826100384Z","close_reason":"Added RU to TUI: LESSON_TITLES[9], LESSON_FILES[9], LESSON_SUMMARIES[9], help text, case pattern","source_repo":".","compaction_level":0,"original_size":0,"dependencies":[{"issue_id":"bd-vmmc","depends_on_id":"bd-30am","type":"blocks","created_at":"2026-01-11T04:05:42.607765718Z","created_by":"ubuntu","metadata":"","thread_id":""}]}
 {"id":"bd-vqr","title":"Create SSH troubleshooting guide","description":"# Task: Create SSH Troubleshooting Guide\n\n## Description\nComprehensive guide for common SSH connection failures.\n\n## Location\n- Website: Embedded in wizard step 6\n- Installer: ~/.acfs/docs/ssh_troubleshooting.md\n\n## Common Issues Covered\n\n### Permission denied (publickey)\n**Symptoms:** `Permission denied (publickey)`\n**Causes:**\n1. Wrong key file specified\n2. Key not added to VPS\n3. Wrong username\n\n**Fixes:**\n```bash\n# Verify key exists\nls -la ~/.ssh/acfs_ed25519*\n\n# Try with verbose output\nssh -v -i ~/.ssh/acfs_ed25519 ubuntu@IP\n```\n\n### Connection refused\n**Symptoms:** `Connection refused`\n**Causes:**\n1. SSH service not running\n2. Firewall blocking port 22\n3. Wrong IP address\n\n**Fixes:**\n- Check IP is correct\n- VPS provider may need firewall rule\n\n### Connection timeout\n**Symptoms:** `Connection timed out`\n**Causes:**\n1. Wrong IP\n2. VPS not fully booted\n3. Network issue\n\n**Fixes:**\n- Wait 2-3 minutes for VPS to boot\n- Verify IP in provider dashboard\n\n### Host key verification failed\n**Symptoms:** `Host key verification failed`\n**Causes:** \n- VPS was recreated with same IP\n- Man-in-the-middle warning\n\n**Fixes:**\n```bash\nssh-keygen -R IP_ADDRESS\n```\n\n## Acceptance Criteria\n- [ ] All common issues documented\n- [ ] Clear cause → fix structure\n- [ ] Commands are copy-paste ready\n- [ ] Integrated in website step 6","status":"closed","priority":1,"issue_type":"task","created_at":"2025-12-20T03:39:03.569312Z","updated_at":"2025-12-20T16:30:24.161611Z","closed_at":"2025-12-20T16:30:24.161611Z","close_reason":"Created comprehensive SSH troubleshooting guide at acfs/docs/ssh_troubleshooting.md covering all common issues","source_repo":".","compaction_level":0,"original_size":0,"labels":["documentation","task"]}
 {"id":"bd-vsg0","title":"Feature: Supplemental Content Creation","status":"closed","priority":3,"issue_type":"feature","created_at":"2025-12-23T04:44:19.529414Z","updated_at":"2025-12-23T18:28:56.277448Z","closed_at":"2025-12-23T18:28:56.277448Z","close_reason":"Created comprehensive troubleshooting page at /troubleshooting with 10 common issues covering SSH, installation, AI agents, and network problems. Includes search, category filters, and expandable solutions.","source_repo":".","compaction_level":0,"original_size":0,"dependencies":[{"issue_id":"bd-vsg0","depends_on_id":"bd-9dl9","type":"blocks","created_at":"2025-12-23T04:45:11.039330Z","created_by":"jemanuel","metadata":"{}","thread_id":""},{"issue_id":"bd-vsg0","depends_on_id":"bd-qxj8","type":"blocks","created_at":"2025-12-23T04:44:55.289914Z","created_by":"jemanuel","metadata":"{}","thread_id":""},{"issue_id":"bd-vsg0","depends_on_id":"bd-r1z5","type":"blocks","created_at":"2025-12-23T04:45:00.545891Z","created_by":"jemanuel","metadata":"{}","thread_id":""},{"issue_id":"bd-vsg0","depends_on_id":"bd-r6xz","type":"blocks","created_at":"2025-12-23T04:45:16.290036Z","created_by":"jemanuel","metadata":"{}","thread_id":""},{"issue_id":"bd-vsg0","depends_on_id":"bd-sk9c","type":"blocks","created_at":"2025-12-23T04:45:05.794152Z","created_by":"jemanuel","metadata":"{}","thread_id":""}]}
-{"id":"bd-vv8x5","title":"Generate installer doctor and web metadata from validated plugins","description":"## What\nIntegrate validated plugin modules into generation without manual edits to generated files.\n\n## Why\nACFS generated files must remain reproducible. Plugin support must extend the generator pipeline rather than asking maintainers to patch generated Bash or web data.\n\n## Approach\n- Add an explicit plugin input path or registry file consumed by `packages/manifest`.\n- Merge plugin modules after validation and before generated installer/doctor/web outputs.\n- Record plugin provenance in generated metadata and release-doctor reports.\n- Keep first-party manifest behavior unchanged when no plugins are configured.\n\n## Tests\nGenerator tests must prove deterministic output, plugin provenance, drift detection, and no change with empty plugin set.\n\n## Success Criteria\nPlugins participate in install, doctor, web, and plan generation through the same checked pipeline.\n\n## Acceptance Criteria\n- Scope in this bead is implemented or documented without hidden compatibility shims.\n- Unit, script, Playwright, VM, or fixture tests are added according to the affected surface; skipped live/provider tests name the required environment.\n- Logs and artifacts are detailed enough for support or CI triage and redact credentials, tokens, IPs, and provider-sensitive values where applicable.\n- Website, installer, generated-manifest, onboarding, support-bundle, and docs surfaces stay consistent when the change touches more than one of them.\n- Required quality gates for touched surfaces pass, including shellcheck for Bash, Bun type-check/lint/build for web work, `br lint`, dependency-cycle checks, and `ubs` before commit.","acceptance_criteria":"- Scope in the description is implemented or documented with no hidden compatibility shim.\n- Unit, script, Playwright, VM, or fixture tests are added according to the affected surface; skipped live/provider tests must name the required environment.\n- Logs and artifacts are detailed enough for support or CI triage and redact credentials, tokens, IPs, and provider-sensitive values where applicable.\n- Website, installer, generated-manifest, onboarding, support-bundle, and docs surfaces stay consistent when the change touches more than one of them.\n- Required quality gates for touched surfaces pass, including shellcheck for Bash, Bun type-check/lint/build for web work, `br lint`, dependency-cycle checks, and `ubs` before commit.","notes":"## Refinement Safety Notes\n- Plugin support must remain declarative until validation has accepted schema, provenance, checksums, and runner constraints.\n- Generated installer, doctor, and web output must label plugin provenance distinctly from first-party modules.\n- CI must fail closed on missing checksum, unsupported runner, ID collision, untrusted URL, or generated drift.","status":"open","priority":1,"issue_type":"feature","created_at":"2026-05-08T19:51:23.412844442Z","created_by":"ubuntu","updated_at":"2026-05-08T20:06:51.325425645Z","source_repo":".","compaction_level":0,"original_size":0,"labels":["generator","manifest","plugins","tests"],"dependencies":[{"issue_id":"bd-vv8x5","depends_on_id":"bd-wbziz","type":"blocks","created_at":"2026-05-08T19:51:29.376238004Z","created_by":"ubuntu","metadata":"{}","thread_id":""}]}
+{"id":"bd-vv8x5","title":"Generate installer doctor and web metadata from validated plugins","description":"## What\nIntegrate validated plugin modules into generation without manual edits to generated files.\n\n## Why\nACFS generated files must remain reproducible. Plugin support must extend the generator pipeline rather than asking maintainers to patch generated Bash or web data.\n\n## Approach\n- Add an explicit plugin input path or registry file consumed by `packages/manifest`.\n- Merge plugin modules after validation and before generated installer/doctor/web outputs.\n- Record plugin provenance in generated metadata and release-doctor reports.\n- Keep first-party manifest behavior unchanged when no plugins are configured.\n\n## Tests\nGenerator tests must prove deterministic output, plugin provenance, drift detection, and no change with empty plugin set.\n\n## Success Criteria\nPlugins participate in install, doctor, web, and plan generation through the same checked pipeline.\n\n## Acceptance Criteria\n- Scope in this bead is implemented or documented without hidden compatibility shims.\n- Unit, script, Playwright, VM, or fixture tests are added according to the affected surface; skipped live/provider tests name the required environment.\n- Logs and artifacts are detailed enough for support or CI triage and redact credentials, tokens, IPs, and provider-sensitive values where applicable.\n- Website, installer, generated-manifest, onboarding, support-bundle, and docs surfaces stay consistent when the change touches more than one of them.\n- Required quality gates for touched surfaces pass, including shellcheck for Bash, Bun type-check/lint/build for web work, `br lint`, dependency-cycle checks, and `ubs` before commit.","acceptance_criteria":"- Scope in the description is implemented or documented with no hidden compatibility shim.\n- Unit, script, Playwright, VM, or fixture tests are added according to the affected surface; skipped live/provider tests must name the required environment.\n- Logs and artifacts are detailed enough for support or CI triage and redact credentials, tokens, IPs, and provider-sensitive values where applicable.\n- Website, installer, generated-manifest, onboarding, support-bundle, and docs surfaces stay consistent when the change touches more than one of them.\n- Required quality gates for touched surfaces pass, including shellcheck for Bash, Bun type-check/lint/build for web work, `br lint`, dependency-cycle checks, and `ubs` before commit.","notes":"## Refinement Safety Notes\n- Plugin support must remain declarative until validation has accepted schema, provenance, checksums, and runner constraints.\n- Generated installer, doctor, and web output must label plugin provenance distinctly from first-party modules.\n- CI must fail closed on missing checksum, unsupported runner, ID collision, untrusted URL, or generated drift.","status":"in_progress","priority":1,"issue_type":"feature","created_at":"2026-05-08T19:51:23.412844442Z","created_by":"ubuntu","updated_at":"2026-05-08T23:08:24.555714287Z","source_repo":".","compaction_level":0,"original_size":0,"labels":["generator","manifest","plugins","tests"],"dependencies":[{"issue_id":"bd-vv8x5","depends_on_id":"bd-wbziz","type":"blocks","created_at":"2026-05-08T19:51:29.376238004Z","created_by":"ubuntu","metadata":"{}","thread_id":""}]}
 {"id":"bd-vwv","title":"Build ERROR_PATTERNS database with suggested fixes","description":"# Task: Build ERROR_PATTERNS database with suggested fixes\n\n## Context\nPart of EPIC: Per-Phase Error Reporting (agentic_coding_flywheel_setup-fkf)\n\n## What to Do\nCreate a database of known error patterns and their fixes:\n\n### Error Patterns to Include\n```bash\ndeclare -A ERROR_PATTERNS=(\n    [\"curl: (7) Failed to connect\"]=\"Network issue. Check: curl -I https://google.com\"\n    [\"curl: (6) Could not resolve\"]=\"DNS failed. Check: cat /etc/resolv.conf\"\n    [\"E: Unable to locate package\"]=\"Package not found. Try: sudo apt-get update\"\n    [\"Permission denied\"]=\"Permission issue. Ensure running as root or with sudo.\"\n    [\"No space left on device\"]=\"Disk full. Free up space: df -h\"\n    [\"gpg: keyserver receive failed\"]=\"GPG keyserver unreachable. Retry or check firewall.\"\n    [\"Connection timed out\"]=\"Network timeout. Check firewall for outbound HTTPS.\"\n    [\"checksum mismatch\"]=\"Upstream script changed. See GitHub issues.\"\n    [\"rate limit\"]=\"API rate limited. Wait 60 seconds and retry.\"\n)\n```\n\n### get_suggested_fix() Function\nMatch error text against patterns and return fix suggestion.\n\n## Acceptance Criteria\n- At least 10 common error patterns covered\n- get_suggested_fix() returns actionable text\n- Fallback message for unknown errors\n- Easy to extend with new patterns\n\n## Files to Create\n- scripts/lib/errors.sh","status":"closed","priority":0,"issue_type":"task","created_at":"2025-12-21T17:43:59.387392Z","updated_at":"2025-12-21T19:39:10.792761Z","closed_at":"2025-12-21T19:39:10.792761Z","close_reason":"Created scripts/lib/errors.sh with 33 error patterns and get_suggested_fix() function. All tests pass.","source_repo":".","compaction_level":0,"original_size":0}
 {"id":"bd-vxor","title":"jfp: Add webapp/wizard content","description":"# Add jfp Webapp/Wizard Content\n\n## Context\njfp needs visibility for prompt discovery workflow.\n\n## Locations to Update\n\n### 1. Tool Card\n```typescript\n{\n  id: 'jfp',\n  name: 'jfp (jeffreysprompts.com CLI)',\n  description: 'Discover and install prompts as Claude Code skills',\n  category: 'agents',\n  icon: 'prompt',\n  links: {\n    docs: '/docs/tools/jfp',\n    website: 'https://jeffreysprompts.com'\n  }\n}\n```\n\n### 2. Wizard Step: Skills & Prompts\n- Explain ms (local) vs jfp (remote) distinction\n- Show workflow: browse → install → use\n- Demo installing a popular prompt\n\n### 3. Architecture Diagram\n- Add jfp to skills ecosystem\n- Show: jfp → jeffreysprompts.com → ~/.config/claude/skills/\n\n## Acceptance Criteria\n- [ ] Tool card created\n- [ ] Wizard content distinguishes from ms\n- [ ] Link to jeffreysprompts.com","status":"closed","priority":2,"issue_type":"task","owner":"jeff141421@gmail.com","created_at":"2026-01-15T18:21:37.807825539Z","created_by":"Dicklesworthstone","updated_at":"2026-01-15T18:55:07.505658633Z","closed_at":"2026-01-15T18:55:07.505658633Z","close_reason":"Added jfp to tool-data.tsx","source_repo":".","compaction_level":0,"original_size":0,"labels":["jfp","webapp","wizard"],"dependencies":[{"issue_id":"bd-vxor","depends_on_id":"bd-kijt","type":"blocks","created_at":"2026-01-15T18:38:35.776654460Z","created_by":"Dicklesworthstone","metadata":"","thread_id":""}]}
 {"id":"bd-vydu","title":"[EPIC] Installation Resilience & Progress Feedback","description":"# Epic: Installation Resilience & Progress Feedback\n\n## Problem Statement\nThe 10-15 minute installation is anxiety-inducing for beginners:\n\n1. **SSH disconnection panic**: If their WiFi hiccups, they lose connection and think they broke the VPS. They don't know the installer keeps running.\n\n2. **Wall of text confusion**: Lots of output scrolling by. They don't know if it's working, failing, or what any of it means.\n\n3. **curl | bash skepticism**: Security-aware users worry about piping curl to bash. The \"View source\" link exists but isn't prominent enough.\n\n4. **Command gibberish**: `-fsSL` means nothing to them.\n\n## Background & Reasoning\nLong-running installations are inherently risky for beginners. Any unexpected behavior triggers panic. The installer IS idempotent and resilient, but users don't know that.\n\nWe need to:\n1. Set expectations BEFORE they run the command\n2. Explain what they'll see DURING installation\n3. Provide clear recovery instructions IF something goes wrong\n4. Address security concerns proactively\n\n## User Story\nAs a beginner running the installer,\nI want to understand what's happening and what to do if something goes wrong,\nSo that I can wait patiently and recover from any issues.\n\n## Success Criteria\n1. User knows that disconnection is recoverable (just SSH back in)\n2. User understands progress indicators (green checkmarks = good)\n3. User knows to wait for \"Installation complete\" message\n4. User can find and understand the install script source\n5. User understands the curl command parts at a high level\n\n## Scope\n- Add disconnection recovery instructions prominently\n- Add \"What you'll see\" section explaining output format\n- Make \"View source\" more prominent for security-conscious users\n- Add optional command breakdown for curious users\n- Consider adding a \"If something fails\" troubleshooting section\n\n## Dependencies\n- Epic D: First SSH Connection (user must be connected)\n\n## UI/UX Requirements\n- Maintain current polish for desktop and mobile\n- Disconnection warning should be AlertCard variant=\"warning\"\n- Output explanation should use OutputPreview component\n- Source link should be visually distinct (security/trust badge)\n\n## Technical Approach\n1. Add AlertCard about disconnection recovery near top\n2. Add OutputPreview showing example progress output\n3. Add expandable \"What is this command doing?\" with breakdown\n4. Enhance \"View source\" with trust badge styling\n5. Add GuideCaution for \"If installation seems stuck\"\n\n## Estimated Effort\nSmall-Medium (1 wizard page enhancement)\n\n## Priority Justification\nP1 (High) - Installation failure/abandonment means complete user loss.","status":"closed","priority":1,"issue_type":"feature","created_at":"2025-12-22T18:35:47.401107Z","updated_at":"2025-12-22T19:57:18.944330Z","closed_at":"2025-12-22T19:57:18.944330Z","close_reason":"Implemented command breakdown section explaining curl flags, | bash piping, and --yes/--mode options. Also addresses curl | bash security concerns. Page already had disconnection recovery, progress indicators, and view source links. All success criteria met.","source_repo":".","compaction_level":0,"original_size":0,"dependencies":[{"issue_id":"bd-vydu","depends_on_id":"bd-q7r3","type":"blocks","created_at":"2025-12-22T18:37:59.599308Z","created_by":"jemanuel","metadata":"{}","thread_id":""}]}
 
@@ -14,6 +14,12 @@ import { dirname, join, resolve } from 'node:path';
 import { fileURLToPath, pathToFileURL } from 'node:url';
 import { parse as parseYaml } from 'yaml';
 import { parseManifestFile, validateManifestData } from './parser.js';
+import {
+  validatePluginPackage,
+  formatPluginDiagnostics,
+  type PluginDiagnostic,
+  type PluginValidationTarget,
+} from './plugin.js';
 import {
   validateManifest as validateManifestAdvanced,
   formatValidationErrors,
@@ -39,6 +45,7 @@ const MANIFEST_PATH = join(PROJECT_ROOT, 'acfs.manifest.yaml');
 const OUTPUT_DIR = join(PROJECT_ROOT, 'scripts/generated');
 const WEB_OUTPUT_DIR = join(PROJECT_ROOT, 'apps/web/lib/generated');
 const CHECKSUMS_PATH = join(PROJECT_ROOT, 'checksums.yaml');
+const DEFAULT_PLUGIN_REGISTRY_PATH = join(PROJECT_ROOT, 'acfs.plugins.json');
 
 const HEADER = `#!/usr/bin/env bash
 # shellcheck disable=SC1091