Handbook
Prompt 00 — Repository discovery and baseline
Run in Cursor Ask or Plan mode. Do not edit product code. Documentation-only changes are allowed after the repository has been inspected.
Updated
Attach or reference
AGENTS.mdif already present- The supplied screenshot pack and descriptions
- The adaptive framework pack
- Existing README, architecture docs, package manifests, deployment files, and test configuration
Prompt
You are conducting the first enterprise-uplift pass for Capablio. Do not implement, refactor, rename, install dependencies, change schemas, or modify runtime behavior in this step.
Inspect the repository thoroughly and build a factual baseline. Use non-mutating commands unless running an existing test/build command is safe. Do not infer a framework or service merely from filenames; confirm it from manifests and code.
1. Map the repository
Identify and document:
- Monorepo/workspace structure
- Frontend applications and frameworks
- Backend services, jobs, workers, and functions
- Package manager and build system
- Shared UI/component packages
- Routing model and public/authenticated route boundaries
- Authentication/session providers
- Tenant-resolution model
- Authorization model and where checks occur
- Database, migrations, ORM/query layer, and tenant-isolation mechanism
- Object storage, queues, email, analytics, logging, monitoring, and error tracking
- Encryption/key-management implementation
- Existing feature flags and entitlement checks
- Existing docs, ADRs, OpenAPI/schema files, generated clients, and release notes
- Test suites and CI/CD pipelines
- Deployment environments and configuration pattern
2. Map current user experiences
Create an inventory of all existing routes and classify each as:
- Public marketing
- Documentation/help
- Authentication/onboarding
- Individual workspace
- Manager workspace
- HR workspace
- Tenant administration
- Global platform operations
- External-rater flow
- Development-only or diagnostics
For each route record:
- Route
- Page/component entry point
- Persona/role
- Tenant/scope assumptions
- Server-side permission check
- Data classes accessed
- Empty/loading/error behavior
- Responsive status
- Test coverage
- Screenshot correspondence where available
3. Compare the code to the supplied screens and framework
Record which screenshot capabilities are:
- Fully implemented
- Fixture/mock only
- Partially implemented
- Missing
- Implemented differently from the screenshot description
Map the adaptive framework concepts already present in code:
- Construct, question family, variant, pack, bundle
- Cadence and schedule
- Exposure cooldown
- Exposure ledger
- Anchor/rotation/PDP composition
- Coverage cycle and feasibility
- Tenant overlays and versions
- 180/360 relationships and thresholds
- Imported Thomas evidence
- PDP recurrence overrides
- Entitlements and active-subject seats
4. Establish the quality baseline
Run existing checks where safe and report exact commands and results:
- Type checking
- Linting
- Unit/integration tests
- End-to-end tests
- Build
- Documentation build
- Accessibility tests if present
- Security/static analysis if present
Do not fix failures. Separate pre-existing failures from inability to run due to missing local services or secrets.
5. Create documentation outputs
Create or update only these documentation files:
wiki/internal/architecture/repository-baseline.md
wiki/internal/architecture/current-system-map.md
wiki/internal/architecture/baseline-test-results.md
wiki/internal/product/current-capability-gap.md
wiki/shared/route-map.md
wiki/shared/decision-log.md
If the dual wiki does not exist yet, create only the minimal folders and files needed for these outputs; prompt 01 will formalize the structure.
Required content
repository-baseline.md must contain:
- Confirmed stack table
- Repository tree summary
- Commands for local development and tests
- Environment/service dependencies
- Unknowns and blockers
current-system-map.md must contain:
- Mermaid context/container diagram
- Request/session/tenant flow
- Primary data stores and jobs
- Trust boundaries
- Current encryption path
current-capability-gap.md must contain:
- Screenshot-by-screenshot implementation status
- Public marketing/docs gap
- Role-workspace gap
- Adaptive framework gap
- Enterprise administration/operations gap
- Prioritized risk list: security/privacy, data integrity, usability, commercial credibility, maintainability
Stop conditions
Stop and report rather than guess if:
- The uploaded pack is not present in the workspace and no equivalent source exists.
- There are multiple application roots with no clear production entry point.
- Tenant resolution or authentication cannot be determined.
- Baseline tests require destructive setup.
- Credentials or production access would be needed.
Completion response
Use the response format required by AGENTS.md. Include a concise list of the ten highest-risk findings and the exact documentation files created. Do not propose implementation estimates yet.