docs: handoff snapshot for /clear

[fbmoulin]

Snapshot for the next session after /clear. Covers: 7-commit chronology, audit status (9/9 P1 closed), 74-test inventory, CI pipeline, architecture facts, conventions, Phase 4 prerequisites, quick-start commands, memory cross-pointers, multi-agent review log.

Mirror saved to ~/.claude/projects/-home-fbmoulin/memory/handoff_kratos-clone_2026-04-27.md (auto-loaded by Claude on session start). MEMORY.md project index updated.

Test plan

• Doc-only change, no code touched
• CI green (Lint + Smoke + pytest + pip-audit — should sail through)

Summary by CodeRabbit

• Documentation
  • Added comprehensive handoff documentation including repository context, architectural conventions, contribution workflow, and setup guidance.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new contributor handoff document is added, capturing repository context, shipped commits, architectural conventions including capture paths and Flask patterns, critical gotchas, Phase 4 personalization requirements, security considerations, setup commands, contribution workflow, documentation locations, and pending questions for future development.

Changes

Cohort / File(s)	Summary
Contributor Handoff Documentation docs/HANDOFF.md	New comprehensive handoff snapshot document containing repository state, shipped commits, architectural conventions (capture paths, Flask factory pattern), Phase 4 personalization execution requirements, security must-haves, quick-start commands, contribution workflow, documentation references, review log, and pending questions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A handoff note so clear and bright,
With context, paths, and gotchas in sight,
For those who come to carry the load,
A map through the code, a well-paved road! 📋✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a handoff snapshot document for the /clear command context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/handoff-2026-04-27

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive handoff document (docs/HANDOFF.md) that outlines the project's current state, architecture, and future roadmap. The feedback suggests improving the document's portability by replacing environment-specific absolute paths with generic placeholders and correcting references to non-existent AI models (gpt-5-mini) to ensure the technical plan is accurate.

[gemini-code-assist]

The documentation contains hardcoded absolute paths (e.g., /home/fbmoulin/Website-Downloader/) which are specific to the current author's environment. To make this handoff document useful for other contributors, these should be replaced with relative paths or placeholders. This also occurs on lines 91 and 194.

Suggested change

	| Local path | `/home/fbmoulin/Website-Downloader/` |
	| Local path | Project root directory |

[gemini-code-assist]

The model gpt-5-mini is referenced here. As of now, this model does not exist. It is likely a typo for gpt-4o-mini or a placeholder for a future model. Using an existing model name ensures the technical plan is accurate.

Suggested change

	2. Brief structuring (gpt-5-mini, 1 call, ~$0.005)
	2. Brief structuring (gpt-4o-mini, 1 call, ~$0.005)

[gemini-code-assist]

The model gpt-5-mini Vision is referenced here. As of now, this model does not exist. It is likely a typo for gpt-4o-mini or a placeholder. Using an existing model name ensures the technical plan is accurate.

Suggested change

	5. Personalize call (gpt-5-mini Vision + `text.format: json_schema strict=True`)
	5. Personalize call (gpt-4o-mini Vision + text.format: json_schema strict=True)

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/HANDOFF.md`:
- Around line 77-85: The fenced code block that lists test files (the
triple-backtick block beginning with "tests/") needs a language tag to satisfy
markdownlint MD040; update the opening fence from ``` to ```text so the block
reads as a text code fence (e.g., change the opening ``` before the "tests/"
listing to ```text).
- Around line 210-211: Replace the invalid shell command "uv run ruff check +
format" with two proper commands that run sequentially, e.g. "uv run ruff check
&& uv run ruff format" (or "uv run ruff check; uv run ruff format") so the
linter check and formatting run correctly; keep the next line "uv run pytest -q"
as-is. Update the text that currently contains "uv run ruff check + format" to
use the corrected command string.
- Around line 37-47: The heading "## What was shipped (5 commits on `main`, in
order)" disagrees with the seven rows listed (e.g., `c3e2c90`, `02b32df`,
`d4f7e99`, `885fee0`, `b54939a`, `ea6cf1a`, `9f4c453`); update the heading to
reflect the correct commit count (change "5 commits" to "7 commits") or remove
the numeric count entirely so the table and the heading remain consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c4f11c48-973a-4c25-80e7-14e3e202d9d6

📥 Commits

Reviewing files that changed from the base of the PR and between 9f4c453 and 06aad60.

📒 Files selected for processing (1)

• docs/HANDOFF.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix commit-count mismatch in shipped history section.

Line 37 says “5 commits,” but Lines 41-47 list 7 commits. Please align the heading with the table to avoid confusing handoff readers.

Suggested doc fix

-## What was shipped (5 commits on `main`, in order)
+## What was shipped (7 commits on `main`, in order)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	## What was shipped (5 commits on `main`, in order)
	| SHA | Phase | Summary |
	|-----|-------|---------|
	| `c3e2c90` | (initial fork+features) | kratos_clone capture module · scripts/ generators · docs/PROMPT_v2 + WORKFLOW + PERSONALIZATION |
	| `02b32df` | (chore) | MIT LICENSE + NOTICE attribution + first CI (ruff lint + smoke) |
	| `d4f7e99` | (observability) | structlog backend · `/api/client-errors` · inline browser logger (sendBeacon batching) |
	| `885fee0` | **Phase 0** | doc honesty pass — README rewrite + AUDIT + ROADMAP + TODO + CLAUDE.md |
	| `b54939a` | **Phase 1** | `create_app()` factory pattern (no side effects on `import app`) + 52-case pytest suite |
	| `ea6cf1a` | **Phase 2** | 5 P1 structural fixes (Patch D shadow walker · asset write race · semantic generators · same-origin · iframe srcdoc length compare) |
	| `9f4c453` | **Phase 3** | production hardening (gunicorn CVE · content-type 415 · client-side PII strip · ANSI sanitize · disk caps · scroll budget · BS4 rewrite · Flask-Limiter · pip-audit) |
	## What was shipped (7 commits on `main`, in order)
	| SHA | Phase | Summary |
	|-----|-------|---------|
	| `c3e2c90` | (initial fork+features) | kratos_clone capture module · scripts/ generators · docs/PROMPT_v2 + WORKFLOW + PERSONALIZATION |
	| `02b32df` | (chore) | MIT LICENSE + NOTICE attribution + first CI (ruff lint + smoke) |
	| `d4f7e99` | (observability) | structlog backend · `/api/client-errors` · inline browser logger (sendBeacon batching) |
	| `885fee0` | **Phase 0** | doc honesty pass — README rewrite + AUDIT + ROADMAP + TODO + CLAUDE.md |
	| `b54939a` | **Phase 1** | `create_app()` factory pattern (no side effects on `import app`) + 52-case pytest suite |
	| `ea6cf1a` | **Phase 2** | 5 P1 structural fixes (Patch D shadow walker · asset write race · semantic generators · same-origin · iframe srcdoc length compare) |
	| `9f4c453` | **Phase 3** | production hardening (gunicorn CVE · content-type 415 · client-side PII strip · ANSI sanitize · disk caps · scroll budget · BS4 rewrite · Flask-Limiter · pip-audit) |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/HANDOFF.md` around lines 37 - 47, The heading "## What was shipped (5
commits on `main`, in order)" disagrees with the seven rows listed (e.g.,
`c3e2c90`, `02b32df`, `d4f7e99`, `885fee0`, `b54939a`, `ea6cf1a`, `9f4c453`);
update the heading to reflect the correct commit count (change "5 commits" to "7
commits") or remove the numeric count entirely so the table and the heading
remain consistent.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add language to fenced code block for markdownlint compliance.

The fenced block should declare a language (MD040).

Suggested markdown fix

-```
+```text
 tests/
 ├── __init__.py
 ├── conftest.py                    # flask_app + client fixtures via create_app(side-effect-free)
 ├── test_post.py                   # 19 cases — rewrite_html_assets + strip_scroll_fix + P1-F regressions
 ├── test_capture_helpers.py        # 16 cases — asset_filename + hash_url + WCAG contrast (inline)
 ├── test_client_errors.py          # 29 cases — /api/client-errors happy + RFC 9110 + content-type + ANSI + PII
 └── test_generator_helpers.py      # 10 cases — find_button_by_classes semantic lookup

</details>

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>

[warning] 77-77: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @docs/HANDOFF.md around lines 77 - 85, The fenced code block that lists test
files (the triple-backtick block beginning with "tests/") needs a language tag
to satisfy markdownlint MD040; update the opening fence from totext so
the block reads as a text code fence (e.g., change the opening before the "tests/" listing totext).

</details>

<!-- fingerprinting:phantom:triton:hawk:a5711539-f6bd-46a1-b8ce-ec96404ff956 -->

<!-- d98c2f50 -->

<!-- This is an auto-generated comment by CodeRabbit -->

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Correct invalid quick-start lint command.

uv run ruff check + format won’t execute as intended in shell. This is copy/paste-critical in onboarding steps.

Suggested command fix

-uv run ruff check + format
+uv run ruff check && uv run ruff format --check

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uv run ruff check + format
	uv run pytest -q
	uv run ruff check && uv run ruff format --check
	uv run pytest -q

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/HANDOFF.md` around lines 210 - 211, Replace the invalid shell command
"uv run ruff check + format" with two proper commands that run sequentially,
e.g. "uv run ruff check && uv run ruff format" (or "uv run ruff check; uv run
ruff format") so the linter check and formatting run correctly; keep the next
line "uv run pytest -q" as-is. Update the text that currently contains "uv run
ruff check + format" to use the corrected command string.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 06aad60d31

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Replace invalid combined Ruff command

The quick-start command uv run ruff check + format is not a valid Ruff invocation, so contributors following this handoff will hit a failing lint step before they can push. ruff check --help documents the syntax as ruff check [OPTIONS] [FILES]..., which means + and format are parsed as file paths (and ruff check + format errors with E902 No such file or directory). This should be split into explicit commands (e.g., check then format check) to keep the onboarding flow executable.

Useful? React with 👍 / 👎.