Complete Asset Browser V2 and harden V2 validation with targeted evidence - PR 11.197B.

Author: DavidQ

docs/dev/codex_commands.md

@@ -1,40 +1,84 @@
-# Codex Commands — PR_11_196
+# Codex Commands — PR_11_197B
 
 Model: GPT-5.4-codex
 Reasoning: high
 
-## Command
-
-```text
-You are implementing PR_11_196 — V2 Runtime Validation + Cleanup Pass.
-
-Follow docs/pr/PR_11_196_V2_RUNTIME_VALIDATION_CLEANUP.md exactly.
-
-Important:
-- ChatGPT did not write implementation code in this bundle.
-- You write the implementation fixes.
-- Keep the PR testable.
-- Do not modify schemas, samples, games, Workspace Manager v1, platformShell, or tools/shared/*.
-- Do not copy/paste legacy tool code.
-- Re-engineer only the V2 runtime structure.
-
-Target tools:
-- Palette Manager V2
-- SVG Asset Studio V2
-- Vector Map Editor V2
-- Tilemap Studio V2
-- Asset Browser V2
-
-Required implementation behavior:
-- HTML owns static layout, CSS links, shared header mount, and module script tags.
-- JS owns session read, validation, DOM population, rendering, and empty/error states only.
-- No fallback data.
-- No default sample data.
-- No v1 coupling.
-
-After implementation:
-1. Run targeted syntax checks for changed JS files.
-2. Run text checks that verify target HTML and JS compliance.
-3. Write report to docs/dev/reports/pr_11_196_v2_runtime_validation_cleanup_report.md.
-4. Create final ZIP at tmp/PR_11_196.zip with repo-relative structure.
-```
+## Execute
+
+Use this PR as a Codex implementation task. Do not ask questions. Make the smallest scoped valid change.
+
+### Required Task
+Complete Asset Browser V2 as the testable implementation target and bundle it with V2 validation hardening.
+
+### Scope Lock
+Only edit files required for:
+- `tools/asset-browser-v2/index.html`
+- `tools/asset-browser-v2/index.js`
+- narrowly scoped V2 validation/test files if needed
+- docs/dev/reports evidence
+- docs/dev/roadmaps/MASTER_ROADMAP_ENGINE.md status-only marker change if execution-backed
+
+Do not edit schemas, samples, games, Workspace Manager v1, platformShell, or `tools/shared/*`.
+
+### Implementation Rules
+- Re-engineer the tool. Do not copy/paste legacy Asset Browser code.
+- `index.html` owns static shell, CSS links, header mount, layout, and DOM nodes.
+- `index.js` owns behavior only.
+- Use `data-tool-id="asset-browser-v2"`.
+- Header mount must be `<div id="shared-theme-header"></div>`.
+- Use existing `src/engine/theme` and existing accordion styling where applicable.
+- Use two menu areas only if needed: `menuTool` and `menuWorkspace`.
+- Read session data only, using the established V2 hostContextId/session pattern.
+- Do not fetch, guess, synthesize, default, or fallback data.
+- Empty state and invalid state must be explicit and actionable.
+- No helper classes. Single class only.
+- No alias/pass-through variables.
+- No abstraction layers.
+
+### Banned Patterns
+Reject your own diff if it includes:
+- `document.body.innerHTML` for page construction
+- `document.head.insertAdjacentHTML` for CSS/style injection
+- dynamic header script injection from JS
+- `platformShell`
+- `assetUsageIntegration`
+- `tools/shared/`
+- Workspace Manager v1 wiring
+- fallback/default/sample data
+- copied legacy code blocks
+
+### Validation Commands
+Run targeted validation only:
+
+1. Syntax checks for changed JS files.
+2. Static checks for V2 shell compliance:
+   - Asset Browser V2 `index.html` includes `shared-theme-header`.
+   - Asset Browser V2 `index.js` does not include `document.body.innerHTML`.
+   - Asset Browser V2 `index.js` does not include `document.head.insertAdjacentHTML`.
+   - Asset Browser V2 references `asset-browser-v2`.
+3. Manual/UAT or lightweight browser validation evidence for:
+   - direct open empty state
+   - invalid session state
+   - valid session state render
+   - shared header visible
+
+Do not run full samples smoke unless a broad shared sample loader/framework file is changed. If skipped, document why.
+
+### Evidence
+Write results to:
+
+`docs/dev/reports/PR_11_197B_v2_asset_browser_validation.md`
+
+Include:
+- files changed
+- validation commands run
+- pass/fail results
+- full samples smoke skipped/running decision and reason
+- screenshots/log snippets if available
+
+### Final Artifact
+Create final ZIP at:
+
+`tmp/PR_11_197B.zip`
+
+The ZIP must preserve repo-relative structure and include implementation changes and evidence.

docs/dev/commit_comment.txt

@@ -1 +1 @@
-Validate and clean up V2 runtime shell separation after HTML-first re-engineer batch - PR 11.196
+Complete Asset Browser V2 and harden V2 validation with targeted evidence - PR 11.197B

docs/dev/reports/PR_11_197B_expected_evidence.md

@@ -0,0 +1,13 @@
+# PR_11_197B Expected Evidence - Fulfilled
+
+Execution evidence was written to:
+
+```text
+docs/dev/reports/PR_11_197B_v2_asset_browser_validation.md
+```
+
+Final ZIP artifact:
+
+```text
+tmp/PR_11_197B.zip
+```

docs/dev/reports/PR_11_197B_v2_asset_browser_validation.md

@@ -0,0 +1,87 @@
+# PR_11_197B Asset Browser V2 Validation
+
+## Purpose
+Complete Asset Browser V2 as the focused, testable V2 implementation target while preserving the HTML-first/static-shell and session-only runtime architecture.
+
+## Files Changed
+- `tools/asset-browser-v2/index.js`
+- `docs/dev/reports/PR_11_197B_v2_asset_browser_validation.md`
+- `docs/dev/reports/PR_11_197B_expected_evidence.md`
+
+Unchanged but packaged for review context:
+- `tools/asset-browser-v2/index.html`
+
+## Implementation Summary
+- Kept `tools/asset-browser-v2/index.html` as the static shell owner: CSS links, shared header mount, page layout, menu regions, state containers, and module script tags remain in HTML.
+- Kept `tools/asset-browser-v2/index.js` behavior-only: title/tool id setup, session read, validation, DOM population, event binding, dynamic render, empty state, and invalid state.
+- Tightened valid session contract to require explicit `assetCatalog.entries[]` fields: `id`, `label`, `kind`, and `path`.
+- Removed auto-previewing the first asset as an implicit selection. Valid sessions now render list/count and instruct the user to select an entry to inspect session-backed metadata.
+- No legacy Asset Browser implementation code was copied.
+- No fallback/default/sample data was introduced.
+
+## Validation Commands Run
+
+```powershell
+node --check tools/asset-browser-v2/index.js
+```
+
+Result: passed.
+
+Static banned-pattern check:
+
+```powershell
+rg -n "document\.body\.innerHTML|document\.head\.insertAdjacentHTML|createElement\(|appendChild\(|platformShell|assetUsageIntegration|tools/shared/|\.\.\/shared|Workspace Manager|fallback|default data|sample data|demo data" -- tools/asset-browser-v2/index.js
+```
+
+Result: passed. No matches.
+
+HTML shell marker check verified:
+- `id="shared-theme-header"`
+- `src="../../src/engine/theme/mount-shared-header.js"`
+- `src="./index.js"`
+- `data-tool-id="asset-browser-v2"`
+- `<title>Asset Browser V2</title>`
+
+Result: passed.
+
+## Lightweight Browser Validation Evidence
+A Node VM harness executed `tools/asset-browser-v2/index.js` with minimal browser/session mocks and verified direct empty, invalid session, and valid session states.
+
+Log snippets:
+
+```text
+[ASSET_BROWSER_V2_UAT_EMPTY] No hostContextId was provided. Open Asset Browser V2 with a valid Tool V2 session URL.
+[ASSET_BROWSER_V2_UAT_INVALID] Asset catalog session data is invalid. Every entry requires id, label, kind, and path.
+[ASSET_BROWSER_V2_UAT_VALID] Session Asset Catalog 1 asset
+[ASSET_BROWSER_V2_LOGS] [ASSET_BROWSER_V2_ENTRY] | [SESSION_CONTEXT_READ] | [ASSET_BROWSER_V2_CONTRACT_LOADED]
+```
+
+Manual/UAT coverage from the harness:
+- Direct open empty state: passed.
+- Invalid session state: passed.
+- Valid session render: passed.
+- Shared header visible: passed by static HTML marker check for `#shared-theme-header`.
+
+## Banned Path Check Result
+Scoped status check found no changes under:
+- schemas
+- samples
+- games
+- `start_of_day/**`
+- Workspace Manager v1
+- `tools/shared/**`
+- `platformShell`
+- `assetUsageIntegration`
+
+No schema, sample, game, Workspace Manager v1, platformShell, or tools/shared files were changed.
+
+## Full Samples Smoke Decision
+Full samples smoke test skipped.
+
+Reason: PR_11_197B changes only isolated Asset Browser V2 behavior and report evidence. It does not modify shared sample loader/framework code.
+
+## Final ZIP
+
+```text
+tmp/PR_11_197B.zip
+```

docs/pr/PR_11_197B_V2_ASSET_BROWSER_AND_VALIDATION.md

@@ -0,0 +1,70 @@
+# PR_11_197B — Asset Browser V2 Completion + V2 Validation Hardening
+
+## Purpose
+Bundle the rejected validation-only PR with a concrete testable V2 implementation target.
+
+Codex must complete Asset Browser V2 using the active V2 architecture and add/execute targeted validation evidence for the V2 lane.
+
+## Scope
+- Complete/repair `tools/asset-browser-v2/` only as the testable implementation target.
+- Add or update targeted validation that verifies V2 tool shell boundaries.
+- Keep the validation focused on V2 tools touched by PR_11_188 through PR_11_196.
+
+## Mandatory Architecture
+- Tool directory name and display name must end with `V2`.
+- `tools/asset-browser-v2/index.html` owns static shell, CSS links, header mount, page layout, and root DOM nodes.
+- `tools/asset-browser-v2/index.js` owns behavior only.
+- Header mount must be exactly: `<div id="shared-theme-header"></div>`.
+- Tool must read session-backed data only.
+- Tool must not fetch, guess, synthesize, default, or fallback data.
+- Tool must show explicit empty/error states when session data is missing or invalid.
+
+## Banned
+- No schema changes.
+- No sample changes.
+- No game changes.
+- No Workspace Manager v1 work.
+- No platformShell.
+- No `tools/shared/*` imports.
+- No assetUsageIntegration.
+- No legacy code copy/paste.
+- No helper classes.
+- No alias/pass-through variables.
+- No `document.body.innerHTML` page construction.
+- No `document.head.insertAdjacentHTML` CSS injection.
+- No dynamic header script injection from JS.
+
+## Testable Change Required
+Codex must produce real implementation edits for Asset Browser V2 and run targeted validation.
+
+Minimum acceptance:
+- Asset Browser V2 opens directly.
+- Direct open with no session shows actionable empty state.
+- Session-backed open renders valid asset list from session data.
+- Invalid session data shows actionable error state.
+- Header renders through shared theme header mount.
+- `index.js` does not build the page shell.
+
+## Validation Required
+Codex must run targeted validation only, not full sample smoke.
+
+Required checks:
+- Syntax check changed JS files.
+- Static grep/check that V2 `index.html` contains `shared-theme-header`.
+- Static grep/check that V2 `index.js` does not contain `document.body.innerHTML` or `document.head.insertAdjacentHTML`.
+- Tool-specific manual/UAT evidence for Asset Browser V2 empty, invalid, and valid session states.
+
+## Full Samples Smoke
+Do not run full samples smoke for this PR.
+Reason: change is scoped to one V2 tool plus targeted V2 validation. Full samples smoke is too broad and takes about 20 minutes.
+
+## Roadmap
+If roadmap status is updated, only change status markers in `docs/dev/roadmaps/MASTER_ROADMAP_ENGINE.md` using `[ ] -> [.]` or `[.] -> [x]`.
+Do not rewrite, reflow, delete, or paraphrase roadmap text.
+
+## Deliverables
+Codex must create the final repo ZIP at:
+
+`<project folder>/tmp/PR_11_197B.zip`
+
+The final ZIP must include implementation changes, validation evidence, and any report files generated by Codex.

tools/asset-browser-v2/index.js

@@ -1,12 +1,14 @@
 class AssetBrowserV2 {
   constructor() {
     console.log("[ASSET_BROWSER_V2_ENTRY]");
+    this.assets = [];
     this.start();
   }
 
   start() {
     document.title = "Asset Browser V2";
     document.body.dataset.toolId = "asset-browser-v2";
+    this.bindAssetSelection();
     this.readSession();
   }
 
@@ -54,37 +56,51 @@ class AssetBrowserV2 {
       return;
     }
     if (assetCatalog.entries.length === 0) {
-      this.renderEmpty("Asset Browser V2 loaded a valid asset catalog with zero entries.");
+      this.assets = [];
+      document.getElementById("assetBrowserV2SessionReadout").textContent = `Session: loaded\nContext: ${new URL(window.location.href).searchParams.get("hostContextId")}\nTool: ${typeof sessionContext.toolId === "string" && sessionContext.toolId.trim() ? sessionContext.toolId.trim() : "not provided"}`;
+      document.getElementById("assetBrowserV2ContractReadout").textContent = "payloadJson loaded\npayloadJson.assetCatalog valid\nentries[] valid but empty";
+      document.getElementById("assetBrowserV2WorkspaceReadout").textContent = "Workspace session context was read. Workspace writes are deferred for this isolated V2 entry.";
+      document.getElementById("assetBrowserV2Title").textContent = assetCatalog.name.trim();
+      document.getElementById("assetBrowserV2Count").textContent = "0 assets";
+      document.getElementById("assetBrowserV2State").textContent = "Asset Browser V2 loaded a valid session asset catalog with zero entries. Add explicit entries to assetCatalog.entries[].";
+      document.getElementById("assetBrowserV2List").innerHTML = "";
+      document.getElementById("assetBrowserV2Preview").textContent = "";
       return;
     }
-    if (assetCatalog.entries.some((entry) => !entry || typeof entry !== "object" || Array.isArray(entry) || typeof entry.id !== "string" || !entry.id.trim() || typeof entry.path !== "string" || !entry.path.trim())) {
-      this.renderError("Asset catalog session data is invalid. Every entry requires id and path.");
+    if (assetCatalog.entries.some((entry) => !entry || typeof entry !== "object" || Array.isArray(entry) || typeof entry.id !== "string" || !entry.id.trim() || typeof entry.label !== "string" || !entry.label.trim() || typeof entry.kind !== "string" || !entry.kind.trim() || typeof entry.path !== "string" || !entry.path.trim())) {
+      this.renderError("Asset catalog session data is invalid. Every entry requires id, label, kind, and path.");
       return;
     }
+    this.assets = assetCatalog.entries.map((entry) => ({
+      id: entry.id.trim(),
+      label: entry.label.trim(),
+      kind: entry.kind.trim(),
+      path: entry.path.trim()
+    }));
     document.getElementById("assetBrowserV2SessionReadout").textContent = `Session: loaded\nContext: ${new URL(window.location.href).searchParams.get("hostContextId")}\nTool: ${typeof sessionContext.toolId === "string" && sessionContext.toolId.trim() ? sessionContext.toolId.trim() : "not provided"}`;
     document.getElementById("assetBrowserV2ContractReadout").textContent = "payloadJson loaded\npayloadJson.assetCatalog valid\nentries[] valid";
     document.getElementById("assetBrowserV2WorkspaceReadout").textContent = "Workspace session context was read. Workspace writes are deferred for this isolated V2 entry.";
     document.getElementById("assetBrowserV2Title").textContent = assetCatalog.name.trim();
-    document.getElementById("assetBrowserV2Count").textContent = `${assetCatalog.entries.length} asset${assetCatalog.entries.length === 1 ? "" : "s"}`;
+    document.getElementById("assetBrowserV2Count").textContent = `${this.assets.length} asset${this.assets.length === 1 ? "" : "s"}`;
     document.getElementById("assetBrowserV2State").textContent = "Asset Browser V2 loaded the session asset catalog.";
-    document.getElementById("assetBrowserV2List").innerHTML = assetCatalog.entries.map((entry) => `<button type="button" data-asset-id="${this.escapeHtml(entry.id.trim())}">${this.escapeHtml(entry.id.trim())}<br><span>${this.escapeHtml(entry.path.trim())}</span></button>`).join("");
-    document.getElementById("assetBrowserV2Preview").textContent = JSON.stringify(assetCatalog.entries[0], null, 2);
-    this.bindAssetSelection(assetCatalog.entries);
+    document.getElementById("assetBrowserV2List").innerHTML = this.assets.map((entry) => `<button type="button" data-asset-id="${this.escapeHtml(entry.id)}"><strong>${this.escapeHtml(entry.label)}</strong><br><span>${this.escapeHtml(entry.kind)} | ${this.escapeHtml(entry.path)}</span></button>`).join("");
+    document.getElementById("assetBrowserV2Preview").textContent = "Select an asset entry to inspect its session-backed metadata.";
   }
 
-  bindAssetSelection(entries) {
+  bindAssetSelection() {
     document.getElementById("assetBrowserV2List").addEventListener("click", (event) => {
       if (!(event.target instanceof Element) || !event.target.closest("[data-asset-id]")) {
         return;
       }
-      if (!entries.some((entry) => entry.id === event.target.closest("[data-asset-id]").dataset.assetId)) {
+      if (!this.assets.some((entry) => entry.id === event.target.closest("[data-asset-id]").dataset.assetId)) {
         return;
       }
-      document.getElementById("assetBrowserV2Preview").textContent = JSON.stringify(entries.find((entry) => entry.id === event.target.closest("[data-asset-id]").dataset.assetId), null, 2);
-    }, { once: false });
+      document.getElementById("assetBrowserV2Preview").textContent = JSON.stringify(this.assets.find((entry) => entry.id === event.target.closest("[data-asset-id]").dataset.assetId), null, 2);
+    });
   }
 
   renderEmpty(message) {
+    this.assets = [];
     document.getElementById("assetBrowserV2SessionReadout").textContent = "Session: missing";
     document.getElementById("assetBrowserV2ContractReadout").textContent = "payloadJson.assetCatalog not loaded";
     document.getElementById("assetBrowserV2WorkspaceReadout").textContent = "Workspace session context is not available.";
@@ -96,6 +112,7 @@ class AssetBrowserV2 {
   }
 
   renderError(message) {
+    this.assets = [];
     document.getElementById("assetBrowserV2SessionReadout").textContent = "Session: read attempted";
     document.getElementById("assetBrowserV2ContractReadout").textContent = "payloadJson.assetCatalog invalid";
     document.getElementById("assetBrowserV2WorkspaceReadout").textContent = "Workspace writes are disabled for invalid Asset Browser V2 session data.";