chore: add agentic web proof guidance

Author: Oba-One

.plans/active/public-website-design-implementation/reports/modern-web-ui-follow-up-2026-05-24.md

@@ -0,0 +1,42 @@
+# Modern Web UI Follow-Up
+
+Date: 2026-05-24
+
+Source audit: `/Users/afo/Documents/Codex/2026-05-23/i-m-watching-this-great-video/modern-css-web-ui-audit.md`
+
+## Summary
+
+The active `public-website-design-implementation` hub remains the correct owner for Greenpill Network's modern CSS/Web UI follow-up. The website already has the strongest written CSS contract among the audited repos: token-only styling, container queries, dynamic viewport units, touch target rules, reduced-motion handling, and UI verification.
+
+This report does not create a competing plan hub and does not authorize runtime changes ahead of the current P0 public map/design work.
+
+## Production Posture
+
+Already aligned with the Web UI audit:
+
+- `packages/website/src/styles/gp-tokens.css` owns cascade layers, tokens, fluid type, reduced motion, and base behavior.
+- `packages/website/DESIGN.md` and `packages/website/CLAUDE.md` define token-only CSS, container-query use, 44px targets, dynamic viewport units, and visual proof expectations.
+- `GpLayout.astro` gives page content a query-container root.
+- `bun run ui:verify` provides multi-width UI proof for the public site.
+
+## Follow-Up Candidates
+
+Progressive candidates:
+
+- Add `<meta name="text-scale" content="scale">` only after auditing root font-size assumptions and proving large text at 375, 1024, and 1440 widths.
+- Add Astro MPA View Transitions via `@view-transition { navigation: auto; }` only as progressive enhancement with reduced-motion fallback.
+- Use CSS scroll spy for long story, library, garden, or chapter pages with in-page navigation.
+- Use scroll-state queries for sticky header reveal/hide behavior only if it reduces noise without hiding orientation.
+- Add `closedby="any"` to simple dialogs such as HomeMap add-node only with existing escape/click fallback behavior preserved.
+- Review `packages/website/src/scripts/parallax.ts` against the current `GpLayout.astro` CSS-only background approach and remove or realign stale JS only through a future implementation lane.
+
+Research-only candidates:
+
+- overscroll gestures, HTML-in-Canvas, CSS `@function`, CSS `if()`, broad style-query architecture, `corner-shape`, `shape()`, `border-shape`, and `fit-text`.
+
+## Guardrails
+
+- Do not reintroduce fake map density, fake counts, or decorative-only network complexity.
+- Do not use modern CSS primitives to bypass the existing `DESIGN.md` standard.
+- Do not make Chromium-first features required for core content access.
+- Keep browser proof multi-width and reduced-motion aware.

.plans/active/public-website-design-implementation/reports/webmcp-strategy-2026-05-24.md

@@ -0,0 +1,23 @@
+# Greenpill Network WebMCP Strategy
+
+Status: strategy only. Do not ship runtime WebMCP tools in v1.
+
+## Candidate Visible Tools
+
+- Public website: summarize visible chapters, guilds, projects, locations, impact sources, and homepage sections from rendered content.
+- Map and directory surfaces: filter or focus visible map/list items using normal page controls.
+- Public JSON routes: explain `/locations.json` and `/impact-sources.json` as approved public projections.
+- Editorial docs: retrieve visible public page headings and links for navigation help.
+
+## Forbidden Tools
+
+- Directus private reads or writes, database access, pending intake, steward review notes, emails, IP addresses, user agents, spam metadata, or internal admin state.
+- Private Fly service actions, environment variables, deploy actions, migrations, or credential inspection.
+- Hidden actions outside the visible public website UI.
+- Destructive operations, bulk content edits, or publishing actions.
+
+## Proof Before Runtime
+
+- `bun run agentic:check` and the relevant `bun run agentic:verify <route>` loop pass on representative routes.
+- Axe/accessibility checks from the existing UI verify script remain clean or explicitly triaged.
+- Tool descriptions name only public projections and visibly available controls.

AGENTS.md

@@ -81,6 +81,13 @@ Before UI or CSS work in `packages/website`, load the design system sources in t
 Use `bun run ui:check` as the fast static guardrail for source CSS drift. Use
 `bun run ui:verify <route>` when the rendered surface must be proven in-browser.
 
+## Agentic Modern Web Standard
+
+- Baseline target: Baseline Widely Available. Before frontend, UI, CSS, accessibility, browser proof, or web-design changes in `packages/website`, search and retrieve current Chrome Modern Web Guidance, then apply `packages/website/DESIGN.md` and the website token system.
+- Prefer semantic HTML, native controls, platform CSS, and browser primitives before custom JavaScript. Keep landmarks, headings, links, forms, accessible names, focus states, touch targets, empty/error/loading states, and reduced-motion behavior clear in the rendered DOM and accessibility tree.
+- Run `bun run agentic:check` for the advisory source proof path (`plans:validate` plus `ui:check`). Use `bun run agentic:browser-proof <route>` (same rendered lane as `agentic:verify`) when layout, interaction, motion, or public routes need browser proof at the repo's 375 / 1024 / 1440 viewport loop.
+- WebMCP is strategy-only in v1. Do not ship runtime WebMCP tools unless explicitly requested; future tools must be visible, user-confirmable, public-safe, and must not expose Directus private state, database credentials, pending intake, steward notes, hidden admin actions, destructive operations, or background-only actions.
+
 Generated public JSON routes include `/locations.json` and `/impact-sources.json`, derived from the approved operational content snapshot. Keep those outputs public-safe.
 
 The agent package owns private runtime concerns. `/health` is process health, `/ready` checks `DATABASE_URL`, `/content/public-snapshot` exposes the approved operational snapshot, and the impact/map-node routes preserve public/private projection contracts.

CLAUDE.md

@@ -57,6 +57,13 @@ Website source and config live under `packages/website`:
 - `packages/website/src/scripts/` - browser interaction scripts.
 - `packages/website/src/styles/gp-tokens.css` - canonical design tokens + base styles (cascade layers, clamp() type). The UI standard is `packages/website/DESIGN.md`; `packages/website/CLAUDE.md` is the always-loaded rule digest. Verify UI with `bun run ui:verify` (`scripts/ui-verify.ts`, renders at 375/1024/1440 + axe) or the `greenpill-ui` skill.
 
+## Agentic Modern Web Standard
+
+- Baseline target: Baseline Widely Available. Before frontend, UI, CSS, accessibility, browser proof, or web-design changes in `packages/website`, search and retrieve current Chrome Modern Web Guidance, then apply `packages/website/DESIGN.md` and the website token system.
+- Prefer semantic HTML, native controls, platform CSS, and browser primitives before custom JavaScript. Keep landmarks, headings, links, forms, accessible names, focus states, touch targets, empty/error/loading states, and reduced-motion behavior clear in the rendered DOM and accessibility tree.
+- Run `bun run agentic:check` for the advisory source proof path (`plans:validate` plus `ui:check`). Use `bun run agentic:browser-proof <route>` (same rendered lane as `agentic:verify`) when layout, interaction, motion, or public routes need browser proof at the repo's 375 / 1024 / 1440 viewport loop.
+- WebMCP is strategy-only in v1. Do not ship runtime WebMCP tools unless explicitly requested; future tools must be visible, user-confirmable, public-safe, and must not expose Directus private state, database credentials, pending intake, steward notes, hidden admin actions, destructive operations, or background-only actions.
+
 Generated public JSON routes include `/locations.json` and `/impact-sources.json`, derived from the approved operational content snapshot. Keep those outputs public-safe.
 
 The agent package owns private runtime concerns. `/health` is process health, `/ready` checks `DATABASE_URL`, `/content/public-snapshot` exposes the approved operational snapshot, and the impact/map-node routes preserve public/private projection contracts.

package.json

@@ -39,6 +39,9 @@
     "directus:users:invite": "bun --env-file-if-exists=.env.local scripts/directus-users.ts invite",
     "plans:scaffold": "bun --no-env-file scripts/plan-hub.ts scaffold",
     "plans:validate": "bun --no-env-file scripts/plan-hub.ts validate",
+    "agentic:check": "bun run plans:validate && bun run ui:check",
+    "agentic:browser-proof": "bun run ui:verify",
+    "agentic:verify": "bun run ui:verify",
     "test:agent": "bun run build:packages && bun test scripts/agent-contract.test.ts",
     "test:chapter-impact": "bun run build:packages && bun test scripts/chapter-impact-contract.test.ts",
     "test:content": "bun run build:packages && bun test scripts/public-content-contract.test.ts",

packages/website/public/llms.txt

@@ -0,0 +1,16 @@
+# Greenpill Network
+
+Greenpill Network is a public website for Greenpill chapters, guilds, locations, initiatives, public steward profiles, and network impact context.
+
+Public surfaces:
+- Homepage and public website routes generated by `packages/website`.
+- Public JSON routes such as `/locations.json` and `/impact-sources.json`.
+- Approved operational content snapshots only.
+
+Agent guidance:
+- Treat the site as a public information surface.
+- Prefer cited public pages, static JSON, and approved snapshot data.
+- Respect the repo's Baseline Widely Available target and semantic, accessible HTML expectations when reasoning about UI.
+
+Do not infer or expose:
+- Private Directus records, pending intake, steward review notes, emails, IP addresses, user agents, spam metadata, database credentials, or internal admin-only procedures.