Last updated: 2026-03-11
- Product identity, UX tone, copy rules, and prioritization tie-breakers live in
docs/brand-story.md. - Future PRDs, TRDs, onboarding copy, empty states, error messages, and marketing copy should use that document as the single brand source of truth.
- App security rules, trust boundaries, and required
Security Notesbehavior live indocs/security/app-security.md. - Future work that touches files, URLs, subprocesses, IPC, WebView, model downloads, updates, or cache/export behavior should reference that document before implementation.
- Code Security and SBOM retention baselines live in
docs/security/code-security.mdanddocs/security/sbom-policy.md.
- Dependency and SBOM policy lives in
docs/security/dependency-policy.md. - Intended required checks for
mainanddeveloplive indocs/security/github-required-checks.md.
- Repository completion criteria live in
docs/engineering/acceptance-criteria.md. - Harness/runtime verification guidance lives in
docs/engineering/harness-engineering.md. - Canonical delivery flow lives in
docs/workflow/one-day-delivery-plan.md. - PR canonicalization and duplicate-handling policy lives in
docs/workflow/pr-continuity.md.
- Agent/subagent/skill usage baseline lives in
docs/agents/README.md. - CodeRabbit command and review handling baseline lives in
docs/coderabbit/review-commands.md.
- Deployment/release/runtime verification runbook lives in
docs/operations/deploy-runbook.md.
- Windows and macOS build security policy lives in
docs/security/cross-platform-build-policy.md. - Target-OS builds are merge gates and release-validation controls, not optional compatibility checks.
- Windows amd64 + arm64 and macOS amd64 + arm64 are all part of the protected-branch and release-validation build baseline.
- Windows build runners should verify antivirus protection before native packaging begins.
- GitHub bootstrap execution policy lives in
docs/workflow/github-bootstrap-execution-policy.md. - Repository governance and Gitflow execution details live in
docs/repository/governance.md,docs/repository/bootstrap-plan.md, anddocs/repository/gitflow.md. - The harness should treat missing local git state or missing GitHub repo state as bootstrap work when the task requires GitHub execution.
- Treat files, URLs, metadata, project files, model artifacts, exports, and remote responses as untrusted.
- Keep security-sensitive capabilities narrow and allowlisted rather than generic.
- Prefer local processing, predictable storage locations, and minimal network use.
- Split privilege where feasible across UI, analysis workers, subprocesses, model delivery, and updater behavior.
- Fail safely when a link, file, artifact, or boundary cannot be validated.
apps/desktop- desktop shell and user-facing React UIpackages/shared-types- stable cross-layer types shared by the UI and orchestration layerservices/analysis-engine- Python analysis service for source separation and music analysisscripts/harness- fail-fast repo verificationscripts/checks- small doc and structure checks
- BandScope is not only a shell around chord labels, stems, and ranges.
- The technical scope includes rehearsal-facing outputs for harmony, section roadmap, groove cues, role entry and dropout cues, simplification guidance, transposition or setup guidance, confidence flags, and rehearsal priority.
- These outputs must stay aligned with
docs/brand-story.mdrather than drifting back to a song-summary-only analyzer.
- The analysis target is a
song -> section -> rolehierarchy, not a single song-wide chord track. - A
rolecan represent an instrument, a vocal function, or a hand-specific subdivision when the arrangement exposes it clearly. - Typical roles include bass, guitar, keyboard players, keyboard left hand, keyboard right hand, lead vocal, backing vocal, horns, strings, and other arrangement-carrying parts.
- Shared contracts should be able to carry different harmonic guidance for simultaneous roles in the same section.
- Core rehearsal artifacts should include:
- likely harmony by section and by role
- section roadmap with entries, dropouts, pickups, stops, tags, and handoffs
- groove and timing cues relevant to locking the band together
- playable ranges and density or overlap warnings
- simplification, transposition, capo, tuning, or setup cues where applicable
- role-specific rehearsal priorities and confidence flags
- cue-sheet or chart-style exports that summarize the analysis in rehearsal-friendly form
- Confidence must be representable at the section and role level.
- Automatic analysis should remain editable without losing provenance of what was model-generated versus user-confirmed.
- Future shared contracts should preserve manual overrides, confidence markers, and export-safe summaries of those states.
- The harness uses
npmworkspaces for JavaScript/TypeScript anduvfor Python. - The desktop app is scaffolded as
Tauri + Vite + React, but initial verification keeps Rust packaging out of the default quickcheck path. - The desktop shell uses an explicit Tauri CSP that only allows self-hosted assets, inline styles, Tauri IPC, and loopback development traffic.
- Mechanical gates focus on lint, typecheck, unit tests, coverage for Python, and documentation presence.
- Python quality gates also require 100% docstring coverage via
package.jsonscriptcheck:python-docstrings, enforced with Ruff rulesD100throughD107across tracked packages, modules, classes, nested classes, functions, methods (including__init__),services/analysis-enginetests, and repo-owned Python scripts. - Mechanical gates also enforce security document presence, plan
Security Notes, and basic forbidden-pattern checks. - Security context is part of architecture, not just implementation detail; docs and plans must record the trust boundary touched by risky changes.
- Supply-chain controls are part of the bootstrap architecture, not a release-afterthought.
- Dependency review, audit, supply-chain inventory validation, and SBOM generation are expected protected-branch gates for both
developandmain. - Cross-platform Windows and macOS build coverage is part of the bootstrap security architecture.
- Release artifacts, checksums, and manifests should encode both OS and architecture so packaged binaries remain traceable.
- Exact Windows 10 and macOS 24/25 GitHub-hosted coverage is a platform-capability constraint today; the current hosted baseline uses the closest published explicit runner labels and must move to self-hosted or larger runners if exact-version enforcement becomes mandatory.
- GitHub-facing setup is staged: no-git -> local-git -> GitHub-connected -> protected-branches with required checks.
- Shared contracts live in
packages/shared-typesso the UI can evolve without importing Python internals. - Shared contracts should ultimately model section, role, cue, confidence, and export artifacts explicitly enough that desktop UI and analysis outputs do not invent their own parallel schemas.
- The current shared-types baseline includes a rehearsal-domain fixture that exercises section, role, cue, confidence, provenance, and export-summary fields in the desktop shell before the full analysis pipeline lands.
- Local analysis orchestration uses typed Tauri IPC commands and a Python subprocess over stdin/stdout rather than a loopback HTTP listener.
- Local audio intake bootstraps a project by validating a user-selected file in Rust, creating app-owned temp/cache/project roots, and referencing the original source file rather than copying it in this phase.
- Those bootstrap roots should resolve from app-owned Tauri data/cache paths instead of the shared system temp namespace.
- Product and UX decisions should prefer rehearsal-first simplicity while still maintaining high analytical accuracy.
- Security decisions should prefer allowlisted narrow capabilities over generic convenience APIs.
scripts/harness/quickcheck.shis the primary local verification entrypoint.scripts/checks/check_rust.shis an opt-in local Rust/Tauri gate used when the host has the native desktop toolchain ready.- CI mirrors the default sequence for JS and Python, and adds dedicated Windows/macOS native build coverage for both amd64 and arm64 runners.
- Smoke-grade app verification is currently the React shell render plus Python engine health report.
- Security docs and checks are part of the default quickcheck path so design drift is caught early.
- Supply-chain docs, workflow pinning, and lockfile verification are part of the default quickcheck path so dependency drift is caught early.
- Quickcheck and CI are expected to verify dependency review, audit, supplemental inventory, and SBOM baseline presence as part of bootstrap.
- Cross-platform build workflow presence and trigger coverage are part of the default supply-chain verification path.