feat: add robust theme switcher

 (#41)

* feat: add robust runtime theme switching

* Implement feature X to enhance user experience and optimize performance

* pr review

* updates from pr revew

* fix: address theme switcher review comments

* fix: resolve blocking issue with remote Bootswatch metadata enrichment and add regression tests

Author: markhazleton

.documentation/specs/001-robust-theme-switcher/checklists/requirements.md

@@ -0,0 +1,34 @@
+# Specification Quality Checklist: Robust Theme Switcher
+
+**Purpose**: Validate specification completeness and quality before proceeding to planning
+**Created**: 2026-04-13
+**Feature**: [spec.md](../spec.md)
+
+## Content Quality
+
+- [x] No implementation details (languages, frameworks, APIs)
+- [x] Focused on user value and business needs
+- [x] Written for non-technical stakeholders
+- [x] All mandatory sections completed
+
+## Requirement Completeness
+
+- [x] No [NEEDS CLARIFICATION] markers remain
+- [x] Requirements are testable and unambiguous
+- [x] Success criteria are measurable
+- [x] Success criteria are technology-agnostic (no implementation details)
+- [x] All acceptance scenarios are defined
+- [x] Edge cases are identified
+- [x] Scope is clearly bounded
+- [x] Dependencies and assumptions identified
+
+## Feature Readiness
+
+- [x] All functional requirements have clear acceptance criteria
+- [x] User scenarios cover primary flows
+- [x] Feature meets measurable outcomes defined in Success Criteria
+- [x] No implementation details leak into specification
+
+## Notes
+
+- Validation passed on first iteration. The spec keeps external catalog behavior at the outcome level and avoids prescribing a specific implementation approach.

.documentation/specs/001-robust-theme-switcher/contracts/theme-catalog-contract.md

@@ -0,0 +1,85 @@
+# Contract: Theme Catalog and Selection
+
+## Purpose
+
+Define the contract between the theme selector UI, theme runtime state, local curated catalog, and optional Bootswatch metadata mapping.
+
+## Internal Catalog Contract
+
+Each supported theme must be normalized into the following shape before the selector or `ThemeContext` consumes it.
+
+```ts
+type ThemeCatalogContract = {
+  version: string;
+  themes: ThemeOptionContract[];
+};
+
+type ThemeOptionContract = {
+  id: string;
+  name: string;
+  description: string;
+  source: "first-party" | "bootswatch";
+  isDefault: boolean;
+  isSupported: boolean;
+  stylesheetHref: string;
+  previewUrl?: string;
+  thumbnailUrl?: string;
+  colorModeHint: "light" | "dark" | "mixed";
+  order: number;
+};
+```
+
+## Bootswatch API Mapping Contract
+
+When Bootswatch API data is consumed during curation or refresh, only the fields required by the app contract are mapped forward.
+
+| Bootswatch API field | Internal field | Notes |
+| ----- | ----- | ----- |
+| `name` | `name` | Display name preserved |
+| derived slug | `id` | Normalized stable identifier |
+| `description` | `description` | Shown in selector cards |
+| `thumbnail` | `thumbnailUrl` | Optional selector thumbnail |
+| `preview` | `previewUrl` | Optional external preview reference |
+| curated stylesheet path | `stylesheetHref` | Resolved to the app's hosted static asset, not the remote API URL |
+
+The following Bootswatch fields are not required for runtime correctness in the first implementation: `css`, `cssMin`, `cssCdn`, `scss`, `scssVariables`, RTL variants.
+
+## Theme Selection Contract
+
+### Input
+
+- `themeId: string`
+
+### Output
+
+- Active stylesheet target updated
+- Persisted `ThemePreference.themeId`
+- Active-theme state updated for UI affordances
+
+### Rules
+
+1. Selecting a valid supported theme must apply and persist in the same interaction.
+2. Selecting an invalid or unsupported theme ID must resolve to the default theme.
+3. Failure to enrich metadata must not block selection of supported themes.
+4. Failure to resolve a non-default theme asset must recover to the default theme and expose a user-safe error state.
+
+## UI Contract
+
+The dedicated selector must receive enough data to:
+
+- display the active theme clearly,
+- distinguish first-party and external themes,
+- render optional preview metadata when available,
+- present only supported themes as selectable,
+- remain usable on mobile and desktop layouts.
+
+Minimum selector view model:
+
+```ts
+type ThemeSelectorViewModel = {
+  activeThemeId: string;
+  themes: ThemeOptionContract[];
+  status: "loading" | "ready" | "fallback" | "error";
+  errorMessage?: string;
+};
+```

.documentation/specs/001-robust-theme-switcher/data-model.md

@@ -0,0 +1,96 @@
+# Data Model: Robust Theme Switcher
+
+## ThemeOption
+
+Represents one officially supported theme in the selector and runtime theme system.
+
+### Fields
+
+| Field | Type | Required | Description |
+| ----- | ---- | -------- | ----------- |
+| `id` | string | Yes | Stable internal identifier used for persistence, routing state, and stylesheet lookup |
+| `name` | string | Yes | User-facing display name |
+| `description` | string | Yes | Short summary shown in the selector |
+| `source` | `first-party` or `bootswatch` | Yes | Indicates whether the theme is maintained by BootstrapSpark or mapped from Bootswatch |
+| `isDefault` | boolean | Yes | Marks the canonical BootstrapSpark fallback theme |
+| `isSupported` | boolean | Yes | Marks whether the theme is selectable in production |
+| `stylesheetHref` | string | Yes | Path to the static CSS asset that should be applied when the theme is active |
+| `previewUrl` | string | No | Optional preview reference derived from Bootswatch metadata |
+| `thumbnailUrl` | string | No | Optional thumbnail image used in selector cards |
+| `colorModeHint` | `light` or `dark` or `mixed` | Yes | Helps the selector group themes and choose fallback affordances |
+| `order` | number | Yes | Stable display ordering in curated lists |
+
+### Validation Rules
+
+- `id` must be unique within the supported catalog.
+- Exactly one `ThemeOption` must have `isDefault = true`.
+- All selectable themes must have `isSupported = true` and a valid `stylesheetHref`.
+- Unsupported or experimental themes may exist in source metadata but must not be exposed in the selector.
+
+## ThemePreference
+
+Represents the user's persisted selection.
+
+### Fields
+
+| Field | Type | Required | Description |
+| ----- | ---- | -------- | ----------- |
+| `themeId` | string | Yes | Selected `ThemeOption.id` |
+| `savedAt` | string | No | ISO timestamp of the last persisted update |
+| `catalogVersion` | string | No | Optional version marker used to detect stale selections against a changed catalog |
+
+### Validation Rules
+
+- `themeId` must resolve to a current supported theme before activation.
+- Invalid or stale preferences fall back to the single default theme.
+
+## ThemeCatalog
+
+Represents the validated collection of `ThemeOption` records used by the application.
+
+### Fields
+
+| Field | Type | Required | Description |
+| ----- | ---- | -------- | ----------- |
+| `version` | string | Yes | Version or revision identifier for the curated catalog |
+| `themes` | ThemeOption[] | Yes | Ordered supported theme list |
+| `generatedFrom` | string | No | Notes whether metadata originated from Bootswatch API mapping, manual curation, or mixed sources |
+
+### Relationships
+
+- One `ThemeCatalog` contains many `ThemeOption` records.
+- One `ThemePreference` references exactly one valid `ThemeOption` by `themeId`.
+
+## ThemeLoadState
+
+Represents the active runtime state managed by `ThemeContext`.
+
+### Fields
+
+| Field | Type | Required | Description |
+| ----- | ---- | -------- | ----------- |
+| `activeTheme` | ThemeOption | Yes | Currently applied theme |
+| `catalog` | ThemeCatalog | Yes | Current validated supported list |
+| `status` | `idle` or `loading` or `ready` or `fallback` or `error` | Yes | State for startup and failure handling |
+| `errorMessage` | string | No | User-safe message when enrichment or asset loading fails |
+
+### State Transitions
+
+1. `idle` → `loading` when the app initializes theme data.
+2. `loading` → `ready` when the catalog validates and the active theme asset is applied.
+3. `loading` → `fallback` when optional enrichment fails but the local catalog remains usable.
+4. `loading` → `error` only if both catalog resolution and default-theme recovery fail.
+5. `ready`/`fallback` → `loading` when a user selects a different theme.
+6. `loading` → `ready` when the new theme asset applies and the preference is persisted.
+
+## ThemeSupportMatrix
+
+Represents the checklist of application surfaces that must remain valid under each supported theme.
+
+### Coverage Dimensions
+
+- Shared shell: header, footer, skip link, navigation, update notification
+- Primary routes: home, about, projects, articles, joke, weather, community
+- Showcase routes: components, advanced-components, data-tables
+- Site demos: SaaS dashboard, team collaboration, product catalog
+- UI states: hover, focus, active, disabled, alerts, cards, forms, dropdowns, tables

.documentation/specs/001-robust-theme-switcher/gates/analyze.md

@@ -0,0 +1,55 @@
+---
+gate: analyze
+status: pass
+blocking: false
+severity: info
+summary: "Artifacts are aligned after task-plan mitigation updates; requirements, plan, and tasks now consistently cover fallback, rollback, responsive validation, and performance evidence."
+---
+
+# Specification Analysis Report
+
+No blocking consistency issues remain after the artifact updates.
+
+## Coverage Summary Table
+
+| Requirement Key | Has Task? | Task IDs | Notes |
+| --- | --- | --- | --- |
+| dedicated-theme-switching-experience | Yes | T020, T022, T023, T024 | Core selector workflow is covered. |
+| safe-default-theme-experience | Yes | T005, T007, T008, T010, T013 | Default recovery is covered. |
+| bootstrapspark-first-class-option | Yes | T005, T006, T020 | Covered in catalog and selector tasks. |
+| identifying-information-per-theme | Yes | T005, T007, T018, T020, T024 | Covered through catalog metadata and selector presentation. |
+| immediate-theme-activation | Yes | T008, T011, T013, T015, T020 | Covered by runtime and integration tasks. |
+| apply-and-persist-same-interaction | Yes | T010, T011, T012, T013, T014, T015 | Covered by provider and preference tasks. |
+| recover-invalid-saved-preferences | Yes | T007, T008, T010, T012, T013, T014 | Covered by fallback and validation tasks. |
+| local-catalog-when-external-metadata-unavailable | Yes | T007, T012, T024 | Functional and automated validation coverage exist. |
+| preserve-readability-usability-across-supported-themes | Yes | T025, T026, T028, T029, T030 | Covered by audit and regression tasks. |
+| preserve-clear-interactive-states | Yes | T017, T025, T026, T028, T029, T030 | Covered through regression and remediation phases. |
+| accessible-active-theme-and-switching-affordance | Yes | T016, T017, T020, T023, T024 | Covered by header, selector UI, and tests. |
+| mobile-desktop-theme-browsing-support | Yes | T019, T021, T024, T031 | Explicit responsive coverage exists. |
+| bounded-curated-supported-theme-list | Yes | T005, T007, T018 | Covered by catalog and contract tasks. |
+| review-and-correct-theme-related-markup-styling | Yes | T028, T029, T030 | Covered by route and shell remediation tasks. |
+| supported-theme-set-covers-shell-primary-showcase-demo-surfaces | Yes | T025, T026, T028, T029, T030, T031 | Covered by verification and review tasks. |
+| stylesheet-load-failure-recovery | Yes | T008, T012, T024 | Explicit rollback coverage exists. |
+| pre-release-fallback-responsive-validation | Yes | T012, T019, T027, T031 | Release validation coverage exists. |
+| capture-switch-latency-evidence | Yes | T027, T031, T035 | Performance evidence capture exists. |
+
+**Constitution Alignment Issues:**
+
+- No constitution alignment issues remain in the current artifact set.
+
+**Unmapped Tasks:**
+
+- None that appear accidental. T001-T003 and T029-T031 are legitimate setup/polish tasks that support multiple requirements rather than mapping to exactly one requirement.
+
+**Metrics:**
+
+- Total Requirements: 18
+- Total Tasks: 35
+- Coverage % (requirements with >=1 task): 100%
+- Ambiguity Count: 0
+- Duplication Count: 0
+- Critical Issues Count: 0
+
+## Next Actions
+
+- Proceed with implementation against the updated task plan.

.documentation/specs/001-robust-theme-switcher/gates/critic.md

@@ -0,0 +1,107 @@
+---
+gate: critic
+status: pass
+blocking: false
+severity: info
+summary: "The design remains viable and the strengthened task plan now explicitly covers failure-path resilience, stylesheet rollback, responsive selector validation, and measurable switch-latency evidence."
+---
+
+## Technical Risk Assessment
+
+**Analysis Date:** 2026-04-13  
+**Risk Posture:** YELLOW  
+**Detected Stack:** TypeScript + React 19 + Vite 7 + React Router 7 + Bootstrap 5.3/Bootswatch + browser localStorage
+
+### Executive Summary
+
+The overall architecture remains reasonable for the stated scope: local catalog ownership, precompiled theme assets, and optional Bootswatch enrichment are the right high-level decisions. The previously identified planning risks have been mitigated in the updated spec, plan, and tasks, so implementation can proceed without known blocking design risks.
+
+### Showstopper Risks (Must Fix Before Implementation)
+
+| ID | Category | Location | Risk Description | Likely Impact | Mitigation Required |
+| --- | --- | --- | --- | --- | --- |
+| None | None | N/A | No constitution-level showstoppers were identified in the current artifacts. | N/A | N/A |
+
+### Critical Risks (High Probability of Costly Issues)
+
+| ID | Category | Location | Risk Description | Likely Impact | Recommended Action |
+| --- | --- | --- | --- | --- | --- |
+| None | None | N/A | No critical pre-implementation risks remain after the artifact updates. | N/A | N/A |
+
+### High-Priority Concerns
+
+| ID | Category | Location | Issue | Impact | Suggestion |
+| --- | --- | --- | --- | --- | --- |
+| HP1 | Accessibility | spec.md (FR-011), tasks.md (T017, T024) | Accessibility validation is now planned through keyboard-navigation testing and active-theme status messaging, but practical implementation still needs careful attention. | The selector could still meet task coverage while missing some assistive-technology nuance. | Verify screen-reader wording and focus visibility during implementation. |
+
+### Framework-Specific Red Flags
+
+Node.js + React/Vite web checklist:
+
+- [x] TypeScript strict mode is planned and constitutionally required.
+- [x] No new server-side connection pool or async I/O hazards are introduced by this feature.
+- [x] Theme asset load failure handling is explicitly planned.
+- [x] Responsive selector validation is explicitly planned.
+- [x] Measurable performance validation for theme switching is explicitly planned.
+- [x] Accessibility validation for the new selector interaction is explicitly planned.
+
+### Architecture Red Flags
+
+- [ ] Over-engineered for stated requirements
+- [ ] Under-engineered for implied validation burden
+- [ ] Single point of failure without redundancy
+- [ ] Missing standard patterns for problem domain
+- [ ] Inadequate async/concurrency handling
+
+Notes:
+
+- The stylesheet-swap path still deserves careful implementation, but rollback behavior and validation are now explicitly part of the plan.
+
+### Missing Critical Tasks
+
+- **Observability:** Theme-switch timing evidence is now captured in planned validation work.
+- **Operations:** Packaged theme asset validation is now planned.
+- **Testing:** Failure-path, responsive, performance, and accessibility validation tasks are now planned.
+- **Documentation:** Quickstart validation notes are planned; no additional permanent documentation need is known yet.
+- **Security:** No additional security gaps were identified beyond the existing requirement to keep CSP synchronized if runtime origins change.
+
+### Questionable Assumptions
+
+1. **"Rollback behavior will work without dedicated implementation care."** → Why this can still fail: stylesheet load events are easy to mishandle if link replacement and status updates are not sequenced correctly.
+2. **"Keyboard coverage alone guarantees accessibility quality."** → Why this can still fail: visible focus treatment and status phrasing still need implementation-level review.
+
+### Dependencies Risk Assessment
+
+| Dependency | Concern | Alternative to Consider |
+| --- | --- | --- |
+| Bootswatch 5.3 package assets | Asset path drift or packaging mismatch can break runtime stylesheet lookup. | Lock exact package version and validate built asset presence in CI or quickstart checks. |
+| Bootswatch API metadata | Optional enrichment can still introduce schema drift or partial metadata gaps. | Keep strict Zod mapping and prefer local catalog fields when metadata is absent or invalid. |
+| localStorage | Invalid or stale persisted values can create confusing startup behavior. | Version stored preference objects and test stale/unknown theme IDs explicitly. |
+
+### Estimated Technical Debt at Launch
+
+- **Code Debt:** Selector/runtime fallback logic may need refactoring once real failure cases are exercised.
+- **Operational Debt:** Deployment-time asset verification is currently manual.
+- **Documentation Debt:** Quickstart can hold execution notes, but no permanent documentation update is yet planned if theming becomes a maintained subsystem.
+- **Testing Debt:** Failure-path, responsive, accessibility, and measurable performance coverage are all lighter than the spec implies.
+
+### Metrics
+
+- Showstopper Count: 0
+- Critical Risk Count: 0
+- Missing Operational Tasks: 0
+- Underspecified Security Requirements: 0
+- Scale Bottlenecks Identified: 1
+
+**GO/NO-GO RECOMMENDATION:**
+
+```text
+[ ] STOP - Showstoppers present, cannot proceed to implementation
+[ ] CONDITIONAL - Fix critical risks first, then reassess
+[x] PROCEED WITH CAUTION - Document acknowledged risks, add mitigation tasks
+```
+
+**Required Actions Before Implementation:**
+
+1. Implement the planned fallback, rollback, responsive, and performance validation tasks carefully.
+2. Confirm the selector's accessibility wording and focus treatment during implementation.