SESSION-PRIME: paste body's fenced block into a fresh Claude session to orient fast

[TortoiseWolfe]

Purpose: this issue is the durable roadmap for TortoiseWolfe/ScriptHammer. The body below is always-current — active arc, next 3 sessions queued, backlog. Comments are the audit trail. The prime prompt at the top tells a fresh Claude session to read this body first.

✅ Reconciled 2026-05-29 against real repo state (was previously inferred). PR #114 confirmed merged; fork-experience arc complete; un-deferred backlog triaged. Active arc + queued sessions below reflect verified state, not guesses.

---

Prime prompt (copy from here into a fresh Claude session)

/prep

Then check this issue (TortoiseWolfe/ScriptHammer#115) — its BODY is the current roadmap. Read everything below the prime prompt: active arc, next 3 sessions queued, backlog. The most recent COMMENT on this issue is the audit trail of what changed since the previous session.

Supplementary context (read if the body's roadmap references them or if the user's first message takes us off-roadmap):
1. `~/.claude/projects/-home-TurtleWolfe-repos-ScriptHammer/memory/MEMORY.md` — top of the index lists NON-NEGOTIABLE user preferences. Read these first; they're binding.
2. `git log --oneline -20` — what shipped recently.
3. Open issues (`gh issue list --repo TortoiseWolfe/ScriptHammer --state open`) — most are tagged `template-v1-out-of-scope` (Eval-Backlog / Gap-Audit). Treat those as deferred backlog, not active work.
4. Open PRs (`gh pr list --repo TortoiseWolfe/ScriptHammer --state open`).

Operational reminders from MEMORY.md / CLAUDE.md you'll trip over otherwise:
- ALWAYS prefer cleaner long-term solutions over quick hacks. Never offer a hack as the primary recommendation.
- NEVER propose shortcuts, bypasses, or workarounds — fix root cause.
- SECURITY DEFINER to bypass RLS is a hack, not a fix.
- Follow CLAUDE.md principles #1 (Proper Solutions Over Quick Fixes) and #2 (Root Cause Analysis).

Then either start on the roadmap's "next session should" item, or ask the user if they want to deviate.

Stop reading here when priming — everything below is the roadmap

---

Roadmap

Active arc

Work the un-deferred backlog. The fork-experience cleanup arc is DONE — PR #114 merged 2026-05-28 (cb35131), 0 open PRs. The next focus is clearing the small set of open issues that are NOT tagged template-v1-out-of-scope (i.e. real, un-deferred work), triaged 2026-05-29 against actual repo state.

Status: main clean, 0 open PRs. ~33 open issues, but 24 are template-v1-out-of-scope (deferred). Triage scoped to the un-deferred set: #116, #80, #48, #109, #45 (plus the payments Phase 0c–0f arc #103–106/#100, which is P1 but deferred-tagged — surface separately when the user wants it).

Triage outcome (verified, not inferred):

• [Feature] 047 Three.js Game #48 Three.js game — already shipped (c24b9f6/PR feat: #48 Three.js Game at /game/3d (047 — full SpecKit cascade) #95, route /game/3d, all components + tests present) → close as done
• [Round 14b] Seed deterministic conversation data for messaging-scroll spec (~2h, follow-up) #109 Seed messaging-scroll E2E data (round 14b) — ready-now, ~2–4h, has a copy-able seeding pattern → do next
• Live a11y overlay (dev-time axe overlay panel) #80 Dev-time axe a11y overlay — ready-now, ~2–4h, nothing exists yet
• perf: messaging E2E suite runs 10x slower than gen shards (23-32min vs 2-4min) #116 Messaging E2E 10× slow — needs a scoping decision (trace-profile → split shards vs. reduce Argon2 cost vs. mock data)
• [Gap-Audit] 044 Error Handler Integrations: Sentry/LogRocket integration + PII scrubbing + session replay #45 Sentry/LogRocket error monitoring — blocked on Sentry-vs-LogRocket decision + account/DSN

Blockers / decisions needed:

• perf: messaging E2E suite runs 10x slower than gen shards (23-32min vs 2-4min) #116: pick the fix approach after Playwright trace profiling (medium, 1–2d)
• [Gap-Audit] 044 Error Handler Integrations: Sentry/LogRocket integration + PII scrubbing + session replay #45: choose Sentry vs LogRocket; provision account + NEXT_PUBLIC_SENTRY_DSN (large, >2d)

---

Next 3 sessions queued

From the 2026-05-29 triage (verified against repo state), in dependency/readiness order.

Session +1: Clear the ready-now un-deferred issues

• Why: [Feature] 047 Three.js Game #48 is dead weight (already shipped), [Round 14b] Seed deterministic conversation data for messaging-scroll spec (~2h, follow-up) #109 + Live a11y overlay (dev-time axe overlay panel) #80 are both ready with no blockers and ~2–4h each.
• First action: close [Feature] 047 Three.js Game #48 with a comment citing c24b9f6/PR feat: #48 Three.js Game at /game/3d (047 — full SpecKit cascade) #95. Then start [Round 14b] Seed deterministic conversation data for messaging-scroll spec (~2h, follow-up) #109 (branch off main, add a beforeAll that seeds 30 messages into the test conversation using the getAdminClient() pattern from auth.setup.ts, verify T007-T008 enters its assertion branch, open a PR). Then Live a11y overlay (dev-time axe overlay panel) #80 (dev-only axe overlay panel).

Session +2: Scope + fix #116 (messaging E2E perf)

• Why: real pain (msg shards forced 1/1 due to a data race; Argon2id 20–45s/test; 10-retry Realtime loops). Medium effort but needs a decision first.
• First action: pull Playwright traces, profile the top 3–5 messaging specs by duration, then pick: split msg into sub-shards vs. lower Argon2 cost for tests vs. mock data. Bring the options to the user before implementing.

Session +3: #45 error monitoring (after a decision)

• Why: ConsentContext + ErrorBoundary scaffolding already exist; only the monitoring lib is unwired. Large, but well-specced (features/code-quality/044-error-handler-integrations/spec.md).
• First action: get the user's Sentry-vs-LogRocket call + DSN, add NEXT_PUBLIC_SENTRY_DSN to .env.example, then wire client-side-only init gated on ConsentContext.

---

Backlog (no scheduled position)

Categories of work that exist as open issues but aren't currently queued.

• Payments Phase 0c–0f arc ([Phase 0c] PayPal one-off: create-paypal-order + capture-paypal-order (~4h) #103, [Phase 0d] PayPal subscription: create-paypal-subscription (~2h) #104, [Phase 0e] Subscription lifecycle: cancel-subscription + resume-subscription (~3h) #105, [Phase 0f] Shared infra + un-skip 86 E2E payment tests (~2h) #106, [Phase 0] Implement 8 missing outbound Edge Functions for payment integration #100) — priority:p1 but tagged template-v1-out-of-scope. Phase 0a/0b shipped (6180134, 174e5ac); the arc is mid-stream. Promote as a dedicated arc when the user wants payments next.
• Gap-Audit P2 issues ([Gap-Audit] 005 Security Hardening: complete session-timeout UI + audit dashboard + secret detection #23, [Gap-Audit] 012 + 014: welcome message admin gate end-to-end flow #27, [Gap-Audit] 016 Messaging Critical Fixes: 5 separate UX issues, none shipped #30, [Gap-Audit] 020 PWA Background Sync: Firefox/Safari fallback + retry UI + storage warnings #32, [Gap-Audit] 023 EmailJS Integration: provider health dashboard + rate-limit handling #34, [Gap-Audit] 026 Unified Messaging Sidebar: mobile drawer transitions + badge sync latency #35, [Gap-Audit] 029 SEO Editorial Assistant: technical.ts test coverage + import-bundle conflict UX + offline autosave #38, [Gap-Audit] 030 Calendar Integration: per-fork env vars + 32-DaisyUI-theme mapping #39, [Gap-Audit] 045 Disqus Theme: 32 DaisyUI theme mapping + smooth transitions + contrast verification #46, [Gap-Audit] gdpr-compliance.spec.ts:126 fails with ENOTFOUND scripthammer-supabase-kong-1 #47, [Gap-Audit] auth_audit_logs sign_up events not written for all signup paths #49, [Gap-Audit] tests/e2e/payment/: 84 test.skip — index by blocker #53) — all template-v1-out-of-scope; promote individually based on user priority.
• Gap-Audit P3 issues ([Gap-Audit] 010 Unified Blog: implement offline editing + sync + conflict resolution + migration tooling #25, [Gap-Audit] 011 + 043 Group Chats / Group Service: implement 8 stub member-management methods #26, [Gap-Audit] 028 Enhanced Geolocation: address search + mobile GPS + click-to-set + accuracy viz + IP fallback #37, [Gap-Audit] 035 Messaging Service Tests: cover 4 untested services #41 — out-of-scope; [Gap-Audit] 044 Error Handler Integrations: Sentry/LogRocket integration + PII scrubbing + session replay #45, [Round 14b] Seed deterministic conversation data for messaging-scroll spec (~2h, follow-up) #109 are un-deferred and already queued above) — lower priority.
• Eval-Backlog ([Eval-Backlog] PAYMENT-DASHBOARD: user-facing payment dashboard route #3, [Eval-Backlog] PAYMENT-OFFLINE-UI: UI layer for existing offline payment queue #4, [Eval-Backlog] SUBSCRIPTION-MGMT: subscription management route + 4 edge functions + grace-period wiring #5) — payment dashboard / offline UI / subscription management; template-v1-out-of-scope, large scope, treat as separate arcs when surfaced.
• Three.js game — DONE: shipped c24b9f6 (PR feat: #48 Three.js Game at /game/3d (047 — full SpecKit cascade) #95) at /game/3d. Tracking issue [Feature] 047 Three.js Game #48 should be closed (see Active arc). Any future enhancement would be a new issue.
• E2E test stability — recurring concern (fix-rounds 10–14a). perf: messaging E2E suite runs 10x slower than gen shards (23-32min vs 2-4min) #116 (perf) + [Round 14b] Seed deterministic conversation data for messaging-scroll spec (~2h, follow-up) #109 (seed data) are the current live threads; capture new flake as named items.

---

Next session should

Close #48 (already shipped — cite c24b9f6/PR #95), then start #109 (seed messaging-scroll E2E data, ~2–4h, ready-now): branch off main, add a beforeAll seeding 30 messages via the getAdminClient() pattern in auth.setup.ts, verify T007-T008 asserts, open a PR. Then #80 (axe a11y overlay).

Override: if the user's first message has a different priority, follow the user.

---

Why this exists

Sessions end. The next session starts cold. Without a single canonical "what was the world like when we last stopped + here's what to do next" pointer, the new model wastes context wandering. This issue is the one URL to paste into a fresh chat. The BODY carries the plan; comments form the audit trail.

How to maintain

Run /session-prime at session-end. The skill rewrites the body to reflect what changed in the roadmap and appends a comment with the audit trail.

If the prime prompt itself becomes stale (memory file renamed, project changed shape), edit the body's prime-prompt block directly.

[TortoiseWolfe]

Issue seeded 2026-05-28 ~19:30 EDT

This is the baseline, not a session-end log. The rolling-prime issue was created via /session-prime from a different repo's session. No work happened on ScriptHammer this session. Use this comment as the starting snapshot; future /session-prime runs will add real session-end deltas on top.

Current branch: chore/fork-experience-cleanup (not main).

Last 10 commits on this branch:

• 82b264f — chore(auth): remove dead middleware; document client-side route protection
• 501567c — chore(rebrand): document the 5-reference threshold
• 8d85330 — docs(fork-checklist): fix rebrand.sh usage line
• 174e5ac — feat(payments): Phase 0b — create-stripe-subscription + fix webhook template_user_id ([Phase 0b] Stripe subscription: create-stripe-subscription (~3h) #102) (feat(payments): Phase 0b — create-stripe-subscription + fix webhook template_user_id (closes #102) #111)
• 6180134 — feat(payments): Phase 0a — create-stripe-checkout + verify-stripe-session ([Phase 0a] Stripe one-off: create-stripe-checkout + verify-stripe-session (~6h) #101) (feat(payments): Phase 0a — create-stripe-checkout + verify-stripe-session (closes #101) #110)
• 5a9bec8 — docs(payments): rewrite PAYMENT-DEPLOYMENT.md + add check-payment-config.sh (docs(payments): rewrite PAYMENT-DEPLOYMENT.md + add config verifier script #99)
• c6cb675 — fix(scroll): round 14a — data-show-scroll-button attribute for E2E observability (fix(scroll): round 14a — data-show-scroll-button attribute (E2E observability for the jump-button race) #108)
• a29d3b9 — fix(e2e): round 13 — exclude handleReAuthModal duration from SC-001 budget (fix(e2e): round 13 — SC-001 timing budget excludes handleReAuthModal duration #107)
• c24b9f6 — feat: [Feature] 047 Three.js Game #48 Three.js Game at /game/3d (047 — full SpecKit cascade) (feat: #48 Three.js Game at /game/3d (047 — full SpecKit cascade) #95)
• 95efd86 — fix(e2e): feat: #48 Three.js Game at /game/3d (047 — full SpecKit cascade) #95-blocker round 12 — handleReAuthModal retries when modal re-appears (fix(e2e): round 12 — handleReAuthModal retries when modal re-appears (WebKit Argon2id flake) #98)

Open PR: #114 — chore: fork-experience cleanup (the cleanup arc this branch is for)

Recently closed (last 7d): #101 (Phase 0a Stripe one-off), #102 (Phase 0b Stripe subscription)

Open issues: mostly template-v1-out-of-scope (Eval-Backlog + Gap-Audit categories — deferred backlog, not active work):

• [Eval-Backlog] PAYMENT-OFFLINE-UI: UI layer for existing offline payment queue #4, [Eval-Backlog] SUBSCRIPTION-MGMT: subscription management route + 4 edge functions + grace-period wiring #5 — payment offline UI + subscription management (Eval-Backlog)
• [Gap-Audit] 005 Security Hardening: complete session-timeout UI + audit dashboard + secret detection #23, [Gap-Audit] 010 Unified Blog: implement offline editing + sync + conflict resolution + migration tooling #25, [Gap-Audit] 011 + 043 Group Chats / Group Service: implement 8 stub member-management methods #26, [Gap-Audit] 012 + 014: welcome message admin gate end-to-end flow #27, [Gap-Audit] 016 Messaging Critical Fixes: 5 separate UX issues, none shipped #30, [Gap-Audit] 020 PWA Background Sync: Firefox/Safari fallback + retry UI + storage warnings #32, [Gap-Audit] 023 EmailJS Integration: provider health dashboard + rate-limit handling #34, [Gap-Audit] 026 Unified Messaging Sidebar: mobile drawer transitions + badge sync latency #35 — Gap-Audit items (P2/P3, deferred)
• And ~30+ more Gap-Audit issues open

Active work:

• Fork-experience cleanup on chore/fork-experience-cleanup (PR chore: fork-experience cleanup (#112, #113, dead middleware) #114 open)
• Payments phase arc — Phase 0a + 0b shipped, future phases TBD

Watch:

• Open PR chore: fork-experience cleanup (#112, #113, dead middleware) #114 — needs to land before fork-experience work concludes
• Phase 0c+ of Stripe payments — sequencing TBD

Next session should: Read memory/MEMORY.md (NON-NEGOTIABLE preferences at top), then check PR #114 status, then ask the user what to focus on (fork-experience cleanup, payments phase 0c, or pulling something off the Gap-Audit backlog).

[TortoiseWolfe]

Body migrated to roadmap format 2026-05-28 ~20:00 EDT

The /session-prime skill was refined to make the issue body carry an explicit roadmap (active arc → next 3 sessions → backlog) instead of just being a pointer to memory. The body above now follows that structure.

Important caveat: ScriptHammer's roadmap is inferred from repo state, not user-confirmed. I haven't actually worked in this repo this session — I'm in Eduity. The active arc (fork-experience cleanup) and queued sessions (PR #114 → Payments Phase 0c → Gap-Audit P2) are guesses based on:

• Current branch chore/fork-experience-cleanup
• Open PR chore: fork-experience cleanup (#112, #113, dead middleware) #114
• Recent commits (payments Phase 0a + 0b shipped, fork-checklist polish)
• Pattern of fix-round commits suggesting E2E stability is recurring

First real session that sits down to work in ScriptHammer should:

1. Read the inferred roadmap
2. Correct the active arc + queued sessions to match real intent
3. Run /session-prime at session-end to lock in the corrected version

The body's "Next session should" line + the "Override: if the user's first message has a different priority" note are explicit about the inference uncertainty. Don't treat the roadmap as binding until a real ScriptHammer session has validated it.

[TortoiseWolfe]

Session 2026-05-29 — roadmap reconciled against real repo state

The body was previously flagged as inferred, not user-confirmed. This session verified it against the actual repo and corrected it:

• PR chore: fork-experience cleanup (#112, #113, dead middleware) #114 (fork-experience cleanup) confirmed MERGED 2026-05-28 (cb35131); 0 open PRs. The "land PR chore: fork-experience cleanup (#112, #113, dead middleware) #114" next-step was already done — removed.
• [Feature] 047 Three.js Game #48 (Three.js game) verified already shipped — c24b9f6 / PR feat: #48 Three.js Game at /game/3d (047 — full SpecKit cascade) #95, route src/app/game/3d/page.tsx, all 7 game components in the 5-file pattern, theme reactivity, reduced-motion, WebGL fallback, E2E + a11y tests, documented Pa11y exclusion. → marked close-as-done.
• Un-deferred backlog triaged (issues NOT tagged template-v1-out-of-scope): perf: messaging E2E suite runs 10x slower than gen shards (23-32min vs 2-4min) #116, Live a11y overlay (dev-time axe overlay panel) #80, [Feature] 047 Three.js Game #48, [Round 14b] Seed deterministic conversation data for messaging-scroll spec (~2h, follow-up) #109, [Gap-Audit] 044 Error Handler Integrations: Sentry/LogRocket integration + PII scrubbing + session replay #45. Verified each against repo state.

New queued order (ready/dependency-based):

1. Close [Feature] 047 Three.js Game #48 (done) → [Round 14b] Seed deterministic conversation data for messaging-scroll spec (~2h, follow-up) #109 (seed messaging-scroll E2E data, ready, ~2–4h) → Live a11y overlay (dev-time axe overlay panel) #80 (axe a11y overlay, ready, ~2–4h)
2. perf: messaging E2E suite runs 10x slower than gen shards (23-32min vs 2-4min) #116 (messaging E2E 10× slow) — needs a scoping decision (trace-profile → split shards vs. reduce Argon2 cost vs. mock data)
3. [Gap-Audit] 044 Error Handler Integrations: Sentry/LogRocket integration + PII scrubbing + session replay #45 (Sentry/LogRocket) — blocked on Sentry-vs-LogRocket decision + account/DSN

Payments Phase 0c–0f (#103–106, #100) is P1 but template-v1-out-of-scope → kept in Backlog as a promotable arc, not queued.

Active arc changed: fork-experience cleanup → work the un-deferred backlog.