docs(claude-md): structurally reorganize project guidance

.claude/agents/cleanup-analyzer.md

@@ -4,6 +4,8 @@ description: Use this agent to run static analysis tools and get structured clea
 color: green
 ---
 
+<!-- JCC-specific: overrides global code-fixer (different role — analysis not fixing). Knows shadcn/Radix/Tauri keep-list, Rust idiom patterns, and JCC tool scripts. -->
+
 ## Purpose
 
 Run static analysis tools (knip, jscpd, check:all), investigate each finding in the codebase, and return structured recommendations to the main agent.

.claude/agents/docs-reviewer.md

@@ -4,6 +4,8 @@ description: Use this agent to review developer documentation for accuracy, cons
 color: yellow
 ---
 
+<!-- JCC-specific: overrides global doc-reviewer (different scope — docs/developer/ prose review vs JSDoc/README checks). Knows JCC doc structure and writing-docs.md standards. -->
+
 ## Purpose
 
 Review developer documentation in `docs/developer/` for accuracy, consistency with actual codebase patterns, and overall quality. Identify what needs updating.

.claude/agents/plan-checker.md

@@ -4,6 +4,8 @@ description: Use this agent to validate implementation plans against documented
 color: blue
 ---
 
+<!-- JCC-specific: no global equivalent. Validates plans against JCC architecture docs (Tauri IPC, state onion, command system, i18n, testing patterns). -->
+
 ## Purpose
 
 Validate implementation plans against the documented architecture patterns in `docs/developer/`. Identify violations, missing steps, and anti-pattern risks.

.claude/agents/userguide-reviewer.md

@@ -4,6 +4,8 @@ description: Use this agent to review user guide documentation against actual sy
 color: purple
 ---
 
+<!-- JCC-specific: no global equivalent. Reviews docs/userguide/ against JCC UI (src/components/, src/stores/, src/lib/commands/, src/lib/shortcuts.ts, src/i18n/locales/). -->
+
 ## Purpose
 
 Review user guide documentation against actual system features. Identify gaps, outdated content, and areas needing improvement. Return specific recommendations for updates.

.claude/skills/api-design

@@ -0,0 +1 @@
+/Users/d/.claude/portable-skills/api-design

.claude/skills/migration

@@ -0,0 +1 @@
+/Users/d/.claude/portable-skills/migration

.claude/skills/notarize

@@ -0,0 +1 @@
+/Users/d/.claude/portable-skills/notarize

.claude/skills/tauri-release

@@ -0,0 +1 @@
+/Users/d/.claude/portable-skills/tauri-release

.github/workflows/test-python.yml

@@ -0,0 +1,19 @@
+name: Test (Python Sidecar)
+on:
+  push:
+    branches: [main, 'feat/**']
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: sidecar/requirements.txt
+      - run: cd sidecar && pip install -r requirements.txt && pip install -e .[test]
+      - run: cd sidecar && pytest

.github/workflows/test.yml

@@ -0,0 +1,43 @@
+name: Test (Tauri)
+on:
+  push:
+    branches: [main, 'feat/**']
+  pull_request:
+    branches: [main]
+
+jobs:
+  test-frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+          cache: 'pnpm'
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm tsc --noEmit
+      - run: pnpm test
+
+  test-backend:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Tauri Linux system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            libgtk-3-dev \
+            libwebkit2gtk-4.1-dev \
+            libsoup-3.0-dev \
+            libjavascriptcoregtk-4.1-dev \
+            librsvg2-dev \
+            libayatana-appindicator3-dev
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+      - run: cd src-tauri && cargo clippy -- -D warnings
+      - run: cd src-tauri && cargo nextest run || cargo test

AGENTS.md

@@ -4,141 +4,82 @@
 
 This repository is a template with sensible defaults for building Tauri React apps.
 
-## Core Rules
-
-### New Sessions
-
-- Read @docs/tasks.md for task management
-- Review `docs/developer/architecture-guide.md` for high-level patterns
-- Check `docs/developer/README.md` for the full documentation index
-- Check git status and project structure
-
-### Development Practices
-
-**CRITICAL:** Follow these strictly:
-
-0. **Use npm only**: This project uses `npm`, NOT `pnpm`. Always use `npm install`, `npm run`, etc.
-1. **Read Before Editing**: Always read files first to understand context
-2. **Follow Established Patterns**: Use patterns from this file and `docs/developer`
-3. **Senior Architect Mindset**: Consider performance, maintainability, testability
-4. **Batch Operations**: Use multiple tool calls in single responses
-5. **Match Code Style**: Follow existing formatting and patterns
-6. **Test Coverage**: Write comprehensive tests for business logic
-7. **Quality Gates**: Run `npm run check:all` after significant changes
-8. **No Dev Server**: Ask user to run and report back
-9. **No Unsolicited Commits**: Only when explicitly requested
-10. **Documentation**: Update relevant `docs/developer/` files for new patterns
-11. **Removing files**: Always use `rm -f`
-
-**CRITICAL:** Use Tauri v2 docs only. Always use modern Rust formatting: `format!("{variable}")`
-
-## Architecture Patterns (CRITICAL)
-
-### State Management Onion
-
-```
-useState (component) → Zustand (global UI) → TanStack Query (persistent data)
-```
-
-**Decision**: Is data needed across components? → Does it persist between sessions?
-
-### Performance Pattern (CRITICAL)
-
-```typescript
-// ✅ GOOD: Selector syntax - only re-renders when specific value changes
-const leftSidebarVisible = useUIStore(state => state.leftSidebarVisible)
-
-// ❌ BAD: Destructuring causes render cascades (caught by ast-grep)
-const { leftSidebarVisible } = useUIStore()
-
-// ✅ GOOD: Use getState() in callbacks for current state
-const handleAction = () => {
-  const { data, setData } = useStore.getState()
-  setData(newData)
-}
-```
-
-### Static Analysis
-
-- **React Compiler**: Handles memoization automatically - no manual `useMemo`/`useCallback` needed
-- **ast-grep**: Enforces architecture patterns (e.g., no Zustand destructuring). See `docs/developer/static-analysis.md`
-- **Knip/jscpd**: Periodic cleanup tools. Use `/cleanup` command (Claude Code)
-
-### Event-Driven Bridge
-
-- **Rust → React**: `app.emit("event-name", data)` → `listen("event-name", handler)`
-- **React → Rust**: Use typed commands from `@/lib/tauri-bindings` (tauri-specta)
-- **Commands**: All actions flow through centralized command system
-
-### Tauri Command Pattern (tauri-specta)
+## First Read
 
-```typescript
-// ✅ GOOD: Type-safe commands with Result handling
-import { commands } from '@/lib/tauri-bindings'
+- Read `docs/tasks.md` for task management.
+- Review `docs/developer/architecture-guide.md` for high-level patterns.
+- Check `docs/developer/README.md` for the full documentation index.
+- Check git status and project structure before editing.
+- Use `.codex/verify.commands` as the canonical verification source.
 
-const result = await commands.loadPreferences()
-if (result.status === 'ok') {
-  console.log(result.data.theme)
-}
-
-// ❌ BAD: String-based invoke (no type safety)
-const prefs = await invoke('load_preferences')
-```
-
-**Adding commands**: See `docs/developer/tauri-commands.md`
-
-### Internationalization (i18n)
-
-```typescript
-// ✅ GOOD: Use useTranslation hook in React components
-import { useTranslation } from 'react-i18next'
-
-function MyComponent() {
-  const { t } = useTranslation()
-  return <h1>{t('myFeature.title')}</h1>
-}
-
-// ✅ GOOD: Non-React contexts - bind for many calls, or use directly
-import i18n from '@/i18n/config'
-const t = i18n.t.bind(i18n)  // Bind once for many translations
-i18n.t('key')                 // Or call directly for occasional use
-```
-
-- **Translations**: All strings in `/locales/*.json`
-- **RTL Support**: Use CSS logical properties (`text-start` not `text-left`)
-- **Adding strings**: See `docs/developer/i18n-patterns.md`
-
-### Documentation & Versions
-
-- **Context7 First**: Always use Context7 for framework docs before WebSearch
-- **Version Requirements**: Tauri v2.x, shadcn/ui v4.x, Tailwind v4.x, React 19.x, Zustand v5.x, Vite v7.x, Vitest v4.x
-
-## Developer Documentation
-
-For complete patterns and detailed guidance, see `docs/developer/README.md`.
-
-Key documents:
-
-- `architecture-guide.md` - Mental models, security, anti-patterns
-- `state-management.md` - State onion, getState() pattern details
-- `tauri-commands.md` - Adding new Rust commands
-- `static-analysis.md` - All linting tools and quality gates
-
-## Claude Code Commands & Agents
-
-These are specific to Claude Code but documented here for context.
-
-### Commands
-
-- `/check` - Check work against architecture, run `npm run check:all`, suggest commit message
-- `/cleanup` - Run static analysis (knip, jscpd, check:all), get structured recommendations
-- `/init` - One-time template initialization
-
-### Agents
-
-Task-focused agents that leverage separate context for focused work:
+## Core Rules
 
-- `plan-checker` - Validate implementation plans against documented architecture
-- `docs-reviewer` - Review developer docs for accuracy and codebase consistency
-- `userguide-reviewer` - Review user guide against actual system features
-- `cleanup-analyzer` - Analyze static analysis output (used by `/cleanup`)
+- Use `npm` only. This project does not use `pnpm`.
+- Read files before editing and follow established repo patterns.
+- Keep changes scoped to the requested task.
+- Consider performance, maintainability, and testability for non-trivial changes.
+- Match existing formatting and code style.
+- Write meaningful tests for business logic.
+- Run `npm run check:all` after significant changes when validation is approved.
+- Do not start a dev server unless the user asks for it or says they will run it.
+- Do not commit unless explicitly requested.
+- Update relevant `docs/developer/` files when adding or changing durable patterns.
+- Use Tauri v2 docs only.
+- Use modern Rust formatting: `format!("{variable}")`.
+
+## Architecture Guardrails
+
+- State follows the onion model: component `useState`, global UI state in Zustand, persistent data through TanStack Query.
+- Avoid Zustand destructuring that causes render cascades; use selectors and `getState()` where appropriate. See `docs/developer/state-management.md`.
+- All user actions should flow through the command system. See `docs/developer/architecture-guide.md` and `docs/developer/command-system.md`.
+- Rust and React communicate through typed Tauri commands and events.
+- Use typed commands from `@/lib/tauri-bindings`; do not use string-based `invoke` directly for app commands.
+- Keep UI strings in `/locales/*.json` and use CSS logical properties for RTL support. See `docs/developer/i18n-patterns.md`.
+
+## Static Analysis And Quality
+
+- `npm run check:all` is the main quality gate.
+- `check:all` includes TypeScript, ESLint, ast-grep, Prettier check, Rust fmt/clippy, Vitest, and Rust tests.
+- React Compiler handles memoization; do not add manual `useMemo`, `useCallback`, or `React.memo` unless there is a clear local reason.
+- ast-grep enforces architecture patterns such as no Zustand destructuring.
+- knip and jscpd are periodic cleanup tools, not part of `check:all`.
+- See `docs/developer/static-analysis.md` for details.
+
+## Tauri And Rust
+
+- Use Tauri v2 patterns.
+- Add Rust commands through the documented tauri-specta flow.
+- Regenerate and commit TypeScript bindings when command surfaces change.
+- See `docs/developer/tauri-commands.md` and `docs/developer/rust-architecture.md`.
+
+## Documentation
+
+- Developer docs live under `docs/developer/`.
+- Update docs when new patterns, systems, commands, or user-visible workflows are introduced.
+- Claude Code-specific commands and agents are contextual tooling references, not universal Codex instructions. See `docs/developer/ai-tooling.md`.
+
+## Codex App Usage
+
+- Use Codex App Projects for repo-specific implementation, review, and verification in this checkout.
+- Use a Worktree when the task changes core architecture, command wiring, Rust/Tauri boundaries, or multiple docs/code surfaces at once.
+- Use the in-app browser or Playwright for UI workflows, responsive behavior, accessibility, and visual checks.
+- Use computer use only for GUI-only desktop behavior that cannot be verified through tests, browser tooling, MCP, or CLI commands.
+- Use artifacts for durable developer notes, screenshots, release packets, and handoff summaries.
+- Keep connectors read-first and task-scoped. Do not pull external context unless it directly supports the current repo task.
+- Keep `.codex/verify.commands` and `npm run check:all` as the verification authority; Codex App tools add evidence but do not replace the repo gate.
+
+## Verification
+
+- `.codex/verify.commands` is the canonical verifier for routine Codex work.
+- Current canonical verifier:
+  - `npm ci`
+  - `npm run check:all`
+  - `npm run build`
+- If a command is missing, unclear, or unsafe to run, stop and report the blocker instead of guessing.
+
+## Boundaries
+
+- Do not broaden scope into unrelated cleanup.
+- Do not run destructive commands without explicit approval.
+- Do not change package managers.
+- Do not touch secrets, credentials, `.env` files, OAuth files, or build artifacts unless explicitly requested.

CHANGELOG.md

@@ -0,0 +1,35 @@
+# Changelog
+
+All notable changes to Job Command Center are documented here.
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+
+## [1.0.0] - 2026-04-12
+
+### Added
+
+- **Job tracker** — Kanban board with drag-and-drop cards for tracking applications across pipeline stages (Applied, Screening, Interview, Offer, Rejected). Create, edit, and delete jobs directly on the board.
+- **Ashby integration** — Automatically fetch job postings, map application fields, and submit directly via the Ashby API.
+- **Greenhouse integration** — Submit applications to Greenhouse ATS with automatic field detection and form-filling.
+- **LinkedIn Easy Apply** — Browser-based LinkedIn Easy Apply automation with AI-assisted field mapping via Claude.
+- **Indeed, Gem, Workday, and Generic browser adapters** — Playwright-powered form automation for four additional platforms; falls back to a generic adapter for any ATS not explicitly supported.
+- **Batch submission console** — Stream real-time submission progress across multiple platforms simultaneously with live status updates per application.
+- **Follow-up email pipeline** — Automatically drafts follow-up emails using Claude AI after configurable waiting periods and sends them via Gmail.
+- **Interview prep briefs** — One-click AI-generated interview preparation brief for any job in your pipeline, rendered as formatted Markdown.
+- **Analytics dashboard** — Visual overview of your job search: applications by week, pipeline funnel, response rate, average days to first response, and submissions by platform.
+- **Sidebar badges** — At-a-glance counts for follow-ups due and interview prep needed, always visible in the navigation sidebar.
+- **Keyboard shortcuts** — Cmd+1–6 to jump between views; Cmd+[ / Cmd+] to toggle sidebars.
+- **Profile management** — Store your name, contact info, resume path, and target role in a persistent profile used to pre-fill application forms.
+- **Credentials vault** — Securely store ATS platform credentials and API keys using the macOS Keychain.
+- **Configurable follow-up interval** — Set how many days to wait before a follow-up reminder appears, per job or globally in Settings.
+- **Personal notes** — Attach free-form notes to any job for interview prep, salary negotiation reminders, or recruiter context.
+
+### Fixed
+
+- Deleting a job now also removes all associated submissions, follow-ups, and notes — no orphaned data left behind.
+- Gmail authentication tokens are stored with owner-only file permissions, preventing other users or processes from reading your OAuth credentials.
+- Stale Gmail tokens are automatically refreshed rather than producing a silent authentication failure.
+
+### Security
+
+- Updated dependencies to resolve five security advisories, including a Starlette denial-of-service vulnerability and a cryptography library name-constraint bypass.
+- Sensitive files (`.env`, `token.json`, `client_secrets.json`, Playwright session data) are excluded from version control.