Step 5/17 av Playground v3-leveransen (Session 2, Wave 2).
5 grouped sections (organization/technology/security/architecture/business)
rendered with Tier 3 .form-progress sidebar and .expansion components per
group. Validation via .error-summary with click-to-focus links.
ONBOARDING_SCHEMA mirrors agents/onboarding-agent.md Phase 1-5 (18 fields
total). commitOnboarding() writes to state.shared.<group>.<field> via
Proxy → throttled IDB/localStorage write. Re-onboard is just navigate
back to onboarding — pre-fills from state automatically.
Verified via vm sandbox: bootstrap auto-routes to onboarding when no
org.name, commitOnboarding produces >=5 keys in shared.organization,
validation catches required-empty (2) and accepts filled (0).
Surface routing: showSurface() toggles [hidden] across data-surface
sections. scheduleRender batches via queueMicrotask. Action router
dispatches data-action attributes to ACTIONS map. README/CLAUDE.md-update
deferred til Step 17 (Session 5).
Step 3/17 av Playground v3-leveransen.
Eksport:
- buildEnvelope(): { appId, schemaVersion, exportedAt, shared, projects,
activeProjectId, activeSurface, preferences } — JSON.parse(JSON.stringify(...))
for å strippe Proxy-wrappere
- exportState(): Blob + URL.createObjectURL + programmatisk <a download>-klikk
+ revokeObjectURL etter 0ms timeout. File System Access API krever HTTPS
(secure context) og er ikke tilgjengelig på file:// — derfor Blob-pattern.
- Filnavn-format: ms-ai-architect-playground-<ISO-stamp>.json
Import:
- importState(File): file.text() -> JSON.parse -> envelope-validering (appId
+ schemaVersion required) -> migrateState() -> persistence.save() -> in-place
state-update (Proxy-binding må bevares — kan ikke bytte raw-referansen)
-> manuell 'change'-event-dispatch så subscribers re-rendrer
- file.text() er Promise<string> som fungerer på file:// uten secure context
MIGRATIONS-pipeline:
- Eager: alle migrasjoner kjøres sekvensielt fra fil-versjon til SCHEMA_VERSION
ved import (ikke lazy ved access)
- Nøkkel-format: 'N->M' (fortløpende). Aldri hopp over et steg.
- Kaster eksplisitt feil ved manglende migrasjons-funksjon eller ved
funksjon som ikke setter schemaVersion korrekt — silent corruption
unngås (brief Risk High).
Eksponerte globals: __buildEnvelope, __exportState, __importState, __MIGRATIONS.
Verify-assert: JSON.parse(JSON.stringify(window.__buildEnvelope())).schemaVersion === 1
Plan: .claude/projects/2026-05-03-playground-v3-architecture/plan.md (Step 3)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Step 2/17 av Playground v3-leveransen.
State-skjelett:
- StateBus extends EventTarget (sharedBus + projectBus)
- Dyp Proxy med set/deleteProperty-traps som batcher dispatchEvent via
queueMicrotask (N synkrone mutasjoner -> én change-event per tick)
- Path tracking: subscribers får detail.paths for å filtrere relevante grener
- INITIAL_STATE med shared.{organization,technology,security,architecture,
business} + projects[] + activeProjectId/Surface + preferences.theme
Persistens:
- IDB primær: én DB ('ms-ai-architect-playground-v1') med 3 stores
(shared, projects, meta). Promise-wrapper rundt indexedDB.open.
- Synkrone migrasjoner i onupgradeneeded med oldVersion-guards (callback-stil
cursor — async cursor-iterasjon er forbudt per w3c/IndexedDB#282)
- db.onversionchange = () => db.close() defensivt på alle koblinger
- localStorage-fallback ved IDB-feil (Safari private mode, kvote): rå JSON
i STATE_KEY, warn ved >4.5 MB nær 5 MiB cap
- Throttled writer: debounce 300 ms etter siste mutasjon
Bootstrap:
- Auto-kjørt på slutten av <body> (DOM allerede parsed)
- window.__store + window.__persistence eksponert for Verify-asserts
Verify-asserts (i nettleser-konsoll på file://-åpnet HTML):
typeof window.__store !== 'undefined' && window.__store.state.schemaVersion === 1
Plan: .claude/projects/2026-05-03-playground-v3-architecture/plan.md (Step 2)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Step 1/17 av Playground v3-leveransen (Session 1, Wave 1).
- Single-file HTML med klassisk inline-script (file://-kompatibel per WHATWG
html#8121: external type=module-scripts feiler på file:// i Chrome+Firefox)
- 7 vendored CSS-link-tags i korrekt rekkefølge: fonts, tokens, base, components,
components-tier2, components-tier3, components-tier3-supplement
- 4 placeholder-overflater (#surface-onboarding, #surface-home, #surface-catalog,
#surface-project) — fylles ut i Steps 5-7
- IIFE med STATE_KEY ('ms-ai-architect-state-v1') og SCHEMA_VERSION (1) konstanter
- Eksponerer __STATE_KEY og __SCHEMA_VERSION på window for Verify-asserts
- v2-fila beholdes parallelt frem til Step 17 (sletting)
Plan: .claude/projects/2026-05-03-playground-v3-architecture/plan.md
Brief: .claude/projects/2026-05-03-playground-v3-architecture/brief.md
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Establish a single governance document at marketplace root and copy
it into each of the 9 plugins so every plugin folder remains 100%
self-contained. Replace the inconsistent provocative blurb across
all READMEs with a uniform fork-and-own paragraph that links to
the local GOVERNANCE.md.
[skip-docs]
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Renames playground/azure-ai-playground.html to
playground/ms-ai-architect-playground.html (history preserved via git mv).
Old name was too narrow — plugin covers the full Microsoft AI stack
(Foundry, Copilot Studio, M365 Copilot, Power Platform, Agent Framework).
Replaces the inline <style> block with seven <link> tags pointing at the
vendored design-system under playground/vendor/playground-design-system/:
fonts.css, tokens.css, base.css, components.css, components-tier2.css,
components-tier3.css, components-tier3-supplement.css.
A small inline shim maps legacy playground tokens (--bg, --surface,
--accent, --gradient1) onto design-system tokens (--color-bg,
--color-surface, --color-primary-500, etc.), keeping all existing
playground-specific class CSS (.hero, .wizard-card, .scenario-card,
.item-card, ...) working without rewrites. <html data-theme="dark">
preserves v2's dark visual identity; light-mode toggle is deferred.
DOM, JS logic, scenario data, and command pipelines are unchanged.
Also includes .gitleaks.toml at repo root (path allowlist for vendored
MANIFEST.json files — SHA-256 file hashes are not secrets) which was
missed in the previous commit due to global git ignore.
Docs updated:
- README.md (root): notes the vendoring sync script + ms-ai-architect
Playground subsection
- plugins/ms-ai-architect/README.md: new Playground section with sync
workflow and standalone guarantee
- plugins/ms-ai-architect/CLAUDE.md: Playground section updated with
vendored design-system details + new filename
Initial sync of shared/playground-design-system/ into
plugins/ms-ai-architect/playground/vendor/playground-design-system/
via scripts/sync-design-system.mjs.
Source commit: f1fecf39b8
Files: 25 (7 CSS + 11 fonts/licenses + 3 schemas + README + MANIFEST)
Vendored copy keeps the plugin standalone — playground will load CSS
from ./vendor/ regardless of where the plugin is installed.
Also adds .gitleaks.toml at repo root with a path allowlist for
vendored MANIFEST.json files (SHA-256 file hashes are not secrets).
Docs updated together with the playground HTML refactor that actually
consumes the vendored CSS (next commit). This commit is internal-only.
Phase 2 bulk replace produced a few factually wrong attributions where
real publicly known sector documents/datasets/personas were incorrectly
re-attributed to the fictional generic entity. Genericize those
references instead.
- ros-sector-checklists.md: V440 håndbok citation -> "sektorvise
faglige håndbøker"; tilsynsmyndighet list -> generic phrasing
- master-data-management-ai.md: NVDB row -> generic "sektor-/fagregistre"
- ai-center-of-excellence-setup.md: NVDB integration line -> generic
"sektorvise nasjonale registre"
- multimodal-prompt-engineering.md: system_message persona -> generic
"fagingeniør i norsk offentleg sektor"
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Transparency: all code in this marketplace is produced by Claude Code
through dialog-driven development. Root README gets a full disclosure
section; each plugin README gets a one-line disclosure linking back to
the marketplace section.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Remove file limit (was 10, now processes all critical+high+medium)
- Increase max-turns to 200 and timeout to 60min
- Add medium priority to update filter
- Update README KB note to reflect automated weekly updates
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Additional factual updates from batch 3 research:
- responsible-ai-training-awareness.md: module renamed
"Azure AI Studio" → "Microsoft Foundry" (3 occurrences)
- transparency-documentation-standards.md: ISO/IEC 42001 scope expanded
to include Copilot Studio, Microsoft Foundry, Security Copilot,
GitHub Copilot, Dragon Copilot
- ai-act-compliance-guide.md: same ISO 42001 scope expansion
- human-in-the-loop-oversight.md: AI approval stages in Copilot Studio
(GPT-o3 as AI approver, new Human in the loop connector)
- continuous-improvement-feedback-loops.md: MLflow 3 Feedback vs
Expectation assessment types, Genie Code trace analysis
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wrapper script that polls Microsoft Learn sitemaps and spawns a local
Claude session to update stale reference files. Designed for crontab,
zero cloud dependencies.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sitemap-based KB change detection system: weekly polling of Microsoft
Learn sitemaps, prioritized change reports, new page discovery.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a zero-dependency Node.js pipeline that polls Microsoft Learn sitemaps
weekly to detect when source documentation changes. Replaces the broken
mtime-based staleness check (all files had identical mtime after release).
Components:
- build-registry.mjs: extracts 1342 URLs from 387 reference files
- poll-sitemaps.mjs: streams ~18 child sitemaps, matches against registry
- report-changes.mjs: prioritized change report (critical/high/medium/low)
- discover-new-urls.mjs: finds relevant new MS Learn pages not yet covered
- run-weekly-update.mjs: orchestrator with --force/--discover/--dry-run
Integration:
- session-start hook reads change-report.json instead of broken mtime check
- hook triggers background poll if >7 days since last check
- generate-skills --update reads change report for targeted MCP updates
Current stats: 69% match rate (924/1342 URLs tracked via sitemaps).
~31% unmatched due to Microsoft URL restructuring (ai-foundry/openai paths).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 6 plugin READMEs now use identical installation section:
marketplace-first approach with /plugin browsing, then direct
settings.json as alternative. Replaces inconsistent mix of
git clone, plugin add, and JSON-only instructions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Allow name field to match either 'command' or 'plugin:command' format.
The architect: prefix is the correct convention for namespaced commands.
Also make auto_discover optional (not required in marketplace format).
Result: 215 PASS, 0 FAIL.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds complete version history (1.0.0-1.6.0) sourced from README version
history table. Adds 1.7.0 entry documenting the open-source release changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
commands/dpia.md: fix gdpr-compliance-ai-systems.md path
from: references/norwegian-public-sector-governance/
to: references/responsible-ai/ (where the file actually lives)
hooks/scripts/pre-edit-secrets.mjs: remove orphaned script that was
never registered in hooks.json. Secrets scanning handled by llm-security.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bump version to 1.7.0 (open-source release). Add author full name,
license, repository URL, and keywords to plugin.json.
Modernize .gitignore: remove dead orchestrator/ entries, add .claude/,
node_modules/, *.pdf, *.log, secrets.*.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Initial addition of ms-ai-architect plugin to the open-source marketplace.
Private content excluded: orchestrator/ (Linear tooling), docs/utredning/
(client investigation), generated test reports and PDF export script.
skill-gen tooling moved from orchestrator/ to scripts/skill-gen/.
Security scan: WARNING (risk 20/100) — no secrets, no injection found.
False positive fixed: added gitleaks:allow to Python variable reference
in output-validation-grounding-verification.md line 109.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
