Merge of #706

Author: mergify[bot]

.coderabbitai.yaml .coderabbit.yaml.coderabbitai.yaml renamed to .coderabbit.yaml

@@ -0,0 +1,2 @@
+# Managed by Tessl
+tessl__*.mdc

.cursor/rules/.gitignore

@@ -1,32 +1,11 @@
 # Auto generated by Reeks --todo flag
 ---
 detectors:
-  BooleanParameter:
-    exclude:
-    - Railsboot::Accordion::ItemComponent#initialize
-    - Railsboot::AccordionComponent#initialize
-    - Railsboot::AlertComponent#initialize
-    - Railsboot::BadgeComponent#initialize
-    - Railsboot::Breadcrumb::ItemComponent#initialize
-    - Railsboot::ButtonComponent#initialize
-    - Railsboot::Carousel::ItemComponent#initialize
-    - Railsboot::CloseButtonComponent#initialize
-    - Railsboot::ContainerComponent#initialize
-    - Railsboot::Dropdown::LinkComponent#initialize
-    - Railsboot::FormField::ValidationComponent#initialize
-    - Railsboot::FormFieldComponent#initialize
-    - Railsboot::ListGroup::ItemComponent#initialize
-    - Railsboot::ListGroupComponent#initialize
-    - Railsboot::ModalComponent#initialize
-    - Railsboot::Nav::ItemComponent#initialize
-    - Railsboot::Stepper::ItemComponent#initialize
   ControlParameter:
     exclude:
     - BootstrapIconHelper#boolean_icon
   DuplicateMethodCall:
     exclude:
-    - Railsboot::ContainerComponent#initialize
-    - Railsboot::HeadingComponent#initialize
     - AdminController#create_user
     - AgentsController#create
     - AgentsController#update
@@ -70,7 +49,6 @@ detectors:
     - InitSchema#up
   FeatureEnvy:
     exclude:
-    - Railsboot::Component#fetch_or_raise
     - ViewComponentHelper#component_class_for
     - Attack#percentage_complete
     - HashList#uncracked_list_checksum
@@ -109,76 +87,6 @@ detectors:
     - ApplicationViewComponentPreview
     - NavbarDropdownComponent
     - ProgressBarComponent
-    - Railsboot::Accordion::ItemComponent
-    - Railsboot::AccordionComponent
-    - Railsboot::AlertComponent
-    - Railsboot::BadgeComponent
-    - Railsboot::BaseComponent
-    - Railsboot::BlankSlateComponent
-    - Railsboot::Breadcrumb::ItemComponent
-    - Railsboot::BreadcrumbComponent
-    - Railsboot::Button::ButtonComponent
-    - Railsboot::Button::InputComponent
-    - Railsboot::Button::LinkComponent
-    - Railsboot::ButtonComponent
-    - Railsboot::ButtonGroupComponent
-    - Railsboot::Card::BodyComponent
-    - Railsboot::Card::FooterComponent
-    - Railsboot::Card::HeaderComponent
-    - Railsboot::CardComponent
-    - Railsboot::Carousel::ItemComponent
-    - Railsboot::CarouselComponent
-    - Railsboot::CloseButtonComponent
-    - Railsboot::ContainerComponent
-    - Railsboot::Dropdown::ActionComponent
-    - Railsboot::Dropdown::DividerComponent
-    - Railsboot::Dropdown::HeaderComponent
-    - Railsboot::Dropdown::LinkComponent
-    - Railsboot::DropdownComponent
-    - Railsboot::ErrorsComponent
-    - Railsboot::FlashComponent
-    - Railsboot::FormField::CaptionComponent
-    - Railsboot::FormField::ColorFieldComponent
-    - Railsboot::FormField::DateFieldComponent
-    - Railsboot::FormField::EmailFieldComponent
-    - Railsboot::FormField::LabelComponent
-    - Railsboot::FormField::PasswordFieldComponent
-    - Railsboot::FormField::PhoneFieldComponent
-    - Railsboot::FormField::SelectComponent
-    - Railsboot::FormField::TextAreaComponent
-    - Railsboot::FormField::TextFieldComponent
-    - Railsboot::FormField::ValidationComponent
-    - Railsboot::FormFieldComponent
-    - Railsboot::HeaderComponent
-    - Railsboot::HeadingComponent
-    - Railsboot::ListGroup::ItemComponent
-    - Railsboot::ListGroupComponent
-    - Railsboot::Modal::BodyComponent
-    - Railsboot::Modal::FooterComponent
-    - Railsboot::Modal::HeaderComponent
-    - Railsboot::ModalComponent
-    - Railsboot::Nav::ItemComponent
-    - Railsboot::NavComponent
-    - Railsboot::Navbar::BrandComponent
-    - Railsboot::Navbar::NavComponent
-    - Railsboot::Navbar::TogglerComponent
-    - Railsboot::NavbarComponent
-    - Railsboot::Offcanvas::BodyComponent
-    - Railsboot::Offcanvas::HeaderComponent
-    - Railsboot::OffcanvasComponent
-    - Railsboot::PaginationComponent
-    - Railsboot::ProgressComponent
-    - Railsboot::SpinnerComponent
-    - Railsboot::Stepper::ItemComponent
-    - Railsboot::StepperComponent
-    - Railsboot::Table::BodyComponent
-    - Railsboot::Table::CellComponent
-    - Railsboot::Table::HeadComponent
-    - Railsboot::Table::RowComponent
-    - Railsboot::TableComponent
-    - Railsboot::Toast::BodyComponent
-    - Railsboot::Toast::HeaderComponent
-    - Railsboot::ToastComponent
     - StatusPillComponent
     - Admin::AgentsController
     - Admin::ApplicationController
@@ -247,7 +155,6 @@ detectors:
     - AttackResource
     - HashcatBenchmark
     - HashcatStatus
-    - Railsboot::HeadingComponentTest
     - ChangeWordListsSensitiveNullConstraint
     - ChangeWordListsProcessedNullConstraint
     - ChangeRuleListsSensitiveNullConstraint
@@ -322,12 +229,6 @@ detectors:
     - AddCascadeToCampaignHashLists
     - AddCascadeFromCampaignToProjects
     - AddCascadeFromAttackToCampaign
-  LongParameterList:
-    exclude:
-    - Railsboot::ButtonComponent#initialize
-    - Railsboot::FormField::SelectComponent#initialize
-    - Railsboot::Nav::ItemComponent#initialize
-    - Railsboot::ProgressComponent#initialize
   NestedIterators:
     exclude:
     - Api::V1::Client::TasksController#submit_crack
@@ -364,23 +265,13 @@ detectors:
     - Api::V1::Client::TasksController
     - ApplicationController
     - Attack
-  TooManyConstants:
-    exclude:
-    - Railsboot::ButtonComponent
   TooManyInstanceVariables:
     exclude:
-    - Railsboot::ButtonComponent
-    - Railsboot::Dropdown::LinkComponent
-    - Railsboot::FormField::SelectComponent
-    - Railsboot::ListGroup::ItemComponent
-    - Railsboot::Nav::ItemComponent
-    - Railsboot::ProgressComponent
     - Api::V1::Client::CrackersController
     - AttacksController
   TooManyStatements:
     exclude:
     - initialize
-    - Railsboot::Navbar::TogglerComponent#before_render
     - StatusPillComponent#status_class
     - StatusPillComponent#status_icon
     - Admin::ApplicationController#not_authorized
@@ -461,7 +352,6 @@ detectors:
     - HabtmProjectsMaskLists#change
   UtilityFunction:
     exclude:
-    - Railsboot::Component#fetch_or_fallback
     - AgentDashboard#display_resource
     - AttackDashboard#display_resource
     - CampaignDashboard#display_resource

.reek.yml

@@ -2,8 +2,12 @@
 
 This file provides guidance to Agents when working with code in this repository.
 
+@GOTCHAS.md
+
 > **See also:** [GOTCHAS.md](GOTCHAS.md) — edge cases, hard-won lessons, and "watch out for" patterns organized by domain. Read the relevant section before working in that area.
 
+@DESIGN.md
+
 ## Project Overview
 
 CipherSwarm is a distributed hash cracking system built on Rails 8.1+ inspired by Hashtopolis. It manages hash-cracking tasks across multiple agents using a web-based interface with real-time capabilities via Hotwire.
@@ -159,6 +163,15 @@ just assets-build
 just assets-watch
 ```
 
+### Catppuccin Macchiato Theme
+
+- `_catppuccin.scss` defines the full palette + Bootstrap variable overrides — imported BEFORE `@import "bootstrap"`
+- Primary accent: `$ctp-violet: #a855f7` (DarkViolet lightened), not Catppuccin's Mauve
+- Surface hierarchy: Crust (navbar) → Mantle (sidebar) → Base (body) → Surface0 (cards/inputs)
+- `application.bootstrap.scss` adds component-level dark theme overrides (cards, tables, dropdowns, inputs, Tom Select)
+- Self-hosted fonts via `@fontsource`: Space Grotesk (headings), IBM Plex Sans (body), JetBrains Mono (code) — air-gap safe
+- Font woff2 files copied to `app/assets/builds/` by `build:css:fonts` script in package.json
+
 ### API Documentation
 
 ```bash
@@ -284,7 +297,7 @@ Business logic is extracted into service objects and models:
 - All paginated views must use `<%== @pagy.series_nav(:bootstrap) %>` with a `<noscript><%== @pagy.series_nav %></noscript>` fallback
 - Some views use a local `pagy` variable (from partials) instead of `@pagy` — same API applies
 - Guard both `series_nav` and `<noscript>` inside `if pagy.pages > 1` (see `campaigns/_error_log.html.erb` for reference)
-- `Railsboot::PaginationComponent` wraps `series_nav(:bootstrap)` with noscript fallback for reuse in view components
+- Pagination uses inline `series_nav(:bootstrap)` calls directly in views (no wrapper component)
 
 ### Caching & Real-Time Backend
 
@@ -490,6 +503,20 @@ From .cursor/rules/core-principals.mdc and rails.mdc:
 
 ### Common Patterns
 
+**Layout Grid (Logged-In vs Logged-Out):**
+
+- Main content column is conditional: `col-md-10` when sidebar present (logged in), `col-12` when not
+- Sidebar uses `d-none d-md-block` (hidden on mobile) + Bootstrap offcanvas (`#sidebarOffcanvas`) for mobile navigation
+- Mobile offcanvas includes sidebar nav AND navbar items (Tools, Account) via `_sidebar_navbar_items.html.erb`
+- Flash messages rendered inline in layout: `notice` → `alert-success`, `alert` → `alert-danger`, `info` → `alert-info`
+- Skip link (`visually-hidden-focusable`) is first child of `<body>`, targets `id="main-content"` on `<main>`
+
+**Toast Notifications:**
+
+- Error/danger toasts persist (no auto-hide) — users must manually dismiss via close button
+- Success/warning/info toasts auto-dismiss after 5 seconds
+- `ToastNotificationComponent#autohide?` returns `false` for `danger` variant
+
 **Nested Resources:**
 
 - Attacks are nested under Campaigns: `/campaigns/:campaign_id/attacks`
@@ -544,6 +571,12 @@ From .cursor/rules/core-principals.mdc and rails.mdc:
 
 > **More pattern gotchas** (CanCanCan nesting, nullable params, Redis locks, logging, upsert_all, FK cascades, transactions) — see [GOTCHAS.md § Database & ActiveRecord](GOTCHAS.md#database--activerecord) and [GOTCHAS.md § Infrastructure](GOTCHAS.md#infrastructure)
 
+**Railsboot Component Removal (Complete):**
+
+- Railsboot components (`app/components/railsboot/`) have been fully removed
+- All views now use plain ERB + Bootstrap utility classes directly
+- Bootstrap JS dependencies: dropdowns, offcanvas, toasts (via Stimulus), modals, collapse
+
 ### Development Workflow
 
 1. Use `just dev` to start the development server (Rails + assets + Sidekiq)
@@ -630,3 +663,7 @@ TEST_DATABASE_URL=postgres://root:password@localhost:5432/cipher_swarm_test bund
 - Logging Guide: docs/development/logging-guide.md
 - API Documentation: /api-docs (when server running)
 - Justfile Documentation: .kiro/steering/justfile.md
+
+## Agent Rules <!-- tessl-managed -->
+
+@.tessl/RULES.md follow the [instructions](.tessl/RULES.md)

AGENTS.md

@@ -0,0 +1,24 @@
+# Design Context
+
+## Users
+
+CipherSwarm serves red team operators, blue team analysts, infrastructure administrators, and project managers working in trusted LAN environments. They manage distributed hash-cracking campaigns across multiple agents. The primary job: orchestrate attacks, monitor progress in real time, and review results — often across long-running operations where checking in periodically matters more than constant attention.
+
+### Brand Personality
+
+**Technical, clean, efficient.** The interface should evoke **control and confidence** — operators should feel they know exactly what's happening at all times. Not flashy, not playful. An engineering tool that respects the user's expertise and gets out of the way.
+
+### Aesthetic Direction
+
+- **Theme**: Catppuccin Macchiato dark palette with DarkViolet accents (planned in v2-upgrade-overview.md)
+- **References**: Linear/Vercel (clean, minimal, fast developer tool aesthetic) + Grafana/Datadog (dense dashboards, real-time metrics, data-forward)
+- **Anti-references**: Generic Bootstrap apps, AI-generated "dashboard" aesthetics (gradient text, glassmorphism, hero metrics), overly playful or consumer-oriented SaaS
+- **Mode**: Dark-first (Catppuccin Macchiato). Light mode is a future consideration, not a priority.
+
+### Design Principles
+
+1. **Information density over decoration** — Show data, not chrome. Every pixel should earn its place. Dense is fine if it's scannable.
+2. **Hierarchy through typography, not ornamentation** — Use weight, size, and spacing to create hierarchy. Avoid borders, shadows, and containers when whitespace will do.
+3. **Status at a glance** — Campaign/task/agent state must be immediately readable. Color-coded status indicators are a core design element, not an afterthought.
+4. **Motion for feedback, not flair** — Animate state changes and loading. No decorative animations. Respect `prefers-reduced-motion`.
+5. **WCAG 2.1 AA compliance** — Accessibility is a hard requirement, not a goal. Skip links, proper ARIA, 4.5:1 contrast ratios, keyboard navigation.

DESIGN.md

@@ -4,6 +4,16 @@ Hard-won lessons, edge cases, and "watch out for" patterns. Organized by domain.
 
 Referenced from [AGENTS.md](AGENTS.md) — read the relevant section before working in that area.
 
+## Frontend & Accessibility
+
+- **Navbar dropdowns must use `<button>` not `<a href="#">`** — both `_navbar.html.erb` and `NavbarDropdownComponent` had `<a href="#" role="button">` which causes scroll-to-top and is semantically wrong. Always use `<button type="button" class="nav-link dropdown-toggle">`.
+- **Use Bootstrap z-index utilities (`z-1` through `z-3`)** instead of inline `style="z-index: ..."` — keeps values in sync with Bootstrap's layering system.
+- **Sidebar `<ul>` needs `aria-label="Main navigation"`** — the `<aside>` provides the landmark but doesn't describe the navigation purpose.
+- **Turbo morph preserves old DOM across navigations** — `data-turbo-permanent` on navbar collapse kept stale elements alive even after the template changed. When debugging layout changes, use cache-busting URLs (`?_=timestamp`) or `Turbo.visit(url, {action: "replace"})` to force a full re-render.
+- **Railsboot components fully removed** — all views now use plain ERB + Bootstrap classes. The Railsboot component layer was an abstraction that made customization harder (e.g., auto-rendering child components). When adding new UI, use Bootstrap HTML directly.
+- **Propshaft caches asset digests in-memory** — after `bun run build:css` or `just assets-build`, Propshaft continues serving the old fingerprinted CSS until the Rails server restarts. Use `touch tmp/restart.txt` to trigger Puma reload. Hard-refreshing the browser is NOT sufficient.
+- **`rails assets:clobber` deletes ALL build artifacts** — removes JS, CSS, and font files from `app/assets/builds/`. Must run `just assets-build` (full rebuild) to recover, not just `bun run build:css`.
+
 ## State Machines
 
 **Agent States:**

GOTCHAS.md

@@ -93,7 +93,7 @@ Implement comprehensive agent monitoring with real-time status updates, performa
 
 - [x] `AgentStatusCardComponent` created with status badge, hash rate, error count
 - [ ] `AgentDetailTabsComponent` created with slot rendering for tabs
-- [ ] Components follow existing Railsboot patterns
+- [ ] Components use plain Bootstrap HTML and utility classes (Railsboot abstraction layer has been removed)
 - [ ] Components tested with component specs
 
 ### Testing
@@ -161,6 +161,16 @@ Broadcast partials run in background jobs without access to `current_user`, sess
 - Test Turbo Stream broadcasts don't interfere with Stimulus controller
 - Ensure broadcasts work in air-gapped environment (no external dependencies)
 
+**Component Development Guidelines:**
+
+The Railsboot component abstraction layer has been fully removed from the codebase. All new components should follow this pattern:
+
+- Use plain ERB templates
+- Render direct Bootstrap classes and HTML structure
+- Use ViewComponent for reusable components, but render plain Bootstrap markup
+- Refer to [AGENTS.md](AGENTS.md) for frontend development patterns and layout guidelines
+- Refer to [GOTCHAS.md](GOTCHAS.md) for accessibility considerations and common pitfalls when building real-time UI updates
+
 ## Estimated Effort
 
 **2-3 days** (views + components + Turbo Streams + tests)