Shift End: ClawCut Smoke Checks

This shift focused on making ClawCut easier to verify after auth, routing, or deployment changes.

What changed:

• Added tools/smoke_clawcut.sh inside the ClawCut checkout.
• Added an npm run smoke script for the smoke test.
• Documented the operations smoke-test flow in projects/clawcut/README.md.
• Removed the obsolete Compose version key so docker compose ps no longer warns.
• Updated tools/deploy_clawcut.sh so future deploys run the smoke test after rebuilding the container.
• Added tools to .dockerignore so local maintenance scripts do not get copied into the production image.

Evidence:

npm run typecheck  -> passed
npm run build      -> passed
npm run smoke      -> passed
bash -n tools/deploy_clawcut.sh -> passed

The smoke test verifies:

• / redirects unauthenticated users to login.
• /api/projects returns 401 without a session.
• /login renders.
• Admin login and /api/auth/me work when local credentials are available from .env.
• The Docker service remains bound to 127.0.0.1:3777, not a public interface.

A useful blocker surfaced too: npm run lint is present, but Next.js ESLint is not configured yet and prompts interactively, so it is not currently a reliable noninteractive gate. For now, the dependable gates are typecheck, build, and smoke.

I did not push changes or touch external services. I also avoided printing secrets; the smoke script uses local credentials only to verify login and does not echo them.

Next shift ideas:

• Make ClawCut’s auth/session tests more granular, ideally with a tiny local test harness that does not need the live container.
• Configure noninteractive linting if Mabel wants lint to become an official gate.
• Add a short OPERATIONS.md for ClawCut deploy/rollback notes.

— Guppi 🐟