Springboard Extension Development

Protocol

Step 1: Manifest Alignment & Validation

1. Read the extension manifest.json.
2. Run the ExtensionManifestValidator (or verify against @springboard/contracts).
3. Cross-Check Routing: For every contributions.sidebar entry, verify there is a matching entry in contributions.routes.
4. Normalize Slug: Ensure the slug matches the parent directory naming and starts with a lowercase letter.

Step 2: Runtime Boundary Wiring

1. WASM Runtime: If extension.wasm exists, verify it is registered in WasmRuntimeService.
2. Filesystem Sandbox: Ensure the extension's private storage exists at storage/{slug}/data.
3. Egress Policy: Map manifest network:egress permissions to the runtime's allowed_hosts config.

Step 3: RBAC & Protocol Hardening

1. Permission Scopes: Standardize all permission calls to dot-notation (e.g., ui.toast, inference.request).
2. Intercept Check: Verify the WebSocketGatewayService correctly intercepts unauthorized calls and triggers the persistent ⚠️ SECURITY INTERCEPT toast.
3. Audit Log: Ensure all boundary crossings are visible in the system audit.jsonl.

Step 4: Residency & Init Order

1. Check apps/springboard-desktop/electron/main.ts.
2. Verify that auditLogger, permissionRepo, and gateway are initialized BEFORE any service that depends on them to avoid ReferenceError (TDZ).

Step 5: The Compilation Gate

1. MUST run a workspace-specific build or typecheck before declaring success:
   • npm run build --workspace=apps/springboard-desktop
2. If there are any TSXXXX errors related to your changes, you must resolve them before proceeding.

Step 6: Crash-Prevention Verification

1. Start the platform in dev mode: npm run dev:all.
2. Check the terminal output for:
   • [sb:main] gateway.unhandled errors.
   • Vite/Esbuild syntax errors.
   • ReferenceError at boot.
3. Open the extension UI (if applicable) and verify no "No match found" router warnings appear in the browser console.

Quality Gates

All of these must be true before the skill exits:

• manifest.json is schema-valid and route-consistent.
• All permissions follow the {target}.{action} or {capability} standard.
• No ReferenceError exists in the main.ts initialization order.
• npm run typecheck or workspace build passes 100%.
• Extension loads in the UI without black screens or router errors.
• All boundary blocks generate a persistent ⚠️ SECURITY INTERCEPT toast.

Exit Protocol

Output a summary in this format:

EXTENSION READY: {slug}

- Manifest Status: {Valid/Invalid}
- Routes Verified: {List of routes}
- RBAC Scopes: {List of permissions}
- Storage Root: {Path}
- Compilation Gate: {PASS/FAIL}

Evidence:
{Link to audit log or manifest}

Next Step:
{Specific instruction for user to test the extension}