chore(todo): close theme-studio refactor Stage 1 (extract CSS+JS)

1 files changed, 7 insertions, 3 deletions

diff --git a/todo.org b/todo.org
index fdbc04f0..e15971ee 100644
--- a/todo.org
+++ b/todo.org
@@ -176,12 +176,16 @@ Phase 1. Palette anchors + OKLCH shade generation (reusing colormath.js), the RO
 Phase 2. Initial state from seed() plus seedPkgmap for the non-org packages; all-tier reseed button with a scope-named overwrite warning, resetting non-org to their APPS defaults; regenerate dupre-revised.json. Gate: #selftest PASS; default-on-open equals seed(); artifact round-trip (regenerated dupre-revised.json imports back to the same seeded state); Chrome eyeball.
 *** TODO Seeding-engine test surface :solo:tests:
 Keep #seedtest, #selftest, the default-on-open check, the dupre-revised round-trip, node --check, and Chrome validation green.
-** TODO [#B] theme-studio refactor — extract app from generate.py :feature:theme-studio:refactor:
+** DOING [#B] theme-studio refactor — extract app from generate.py :feature:theme-studio:refactor:
 Examined 2026-06-09. generate.py is 1378 lines, ~1300 of them a single triple-quoted string holding the whole app (CSS + HTML + ~1000+ lines of JS). That string is the root of every refactor here: the app logic can't be unit-tested (only =colormath.js= is, because it is the one extracted module); backslash-doubling in the string caused real bugs this session (the multi-line export strip, the =#deltatest= regex); and there is no lint, highlight, or brace-check until Chrome runs it. The rest of the directory is healthy: =colormath.js= (pure, 100/96 tested) and =build-theme.el= (13 small functions) are the model.
 
 Run the whole set in NO-APPROVALS mode: TDD per stage (characterization hash tests before each behavior-preserving move; node unit tests as extraction makes logic importable), commit + push at each green stage. Tooling committed at c7518d6f before starting. Order:
-*** TODO Stage 1 — characterization net + extract CSS and JS to files :solo:tests:
-First add hash tests pinning the behaviors the move must preserve: =#locktest= (locking a row disables its dropdown; clear-unlocked resets unlocked + skips locked, per tier) plus any gap the existing gates miss. Then move the =<style>= block to =styles.css= and the =<script>= body to =app.js= (or split: state / dropdowns / tables / picker / io), and have =generate.py= inline them exactly as it already inlines =colormath.js= (strip + placeholder + inline-integrity). =generate.py= shrinks to a templating shell. Gate: every hash gate + integrity check green; =node --check= each new .js; =make theme-studio-test= green. The keystone — unlocks unit-testing the app and kills the escaping-bug class.
+*** 2026-06-09 Tue @ 05:01:11 -0500 Stage 1 — #locktest net + extracted styles.css/app.js
+Added the =#locktest= browser gate first (commit d04f44dd): it pins, across all three tiers, that mkLockCell disables a row's control (syntax swatch div via data-locked, UI select via .disabled) and that clear-unlocked wipes unlocked rows while skipping locked ones. Proved it goes red when a lock guard is removed.
+
+Then extracted the =<style>= block to =styles.css= and the =<script>= body to =app.js= (commit eaf16904), inlined by =generate.py= through STYLES_CSS / APP_JS placeholders the same way =colormath.js= is. Used =ast= to pull the resolved string value so the escapes (single vs doubled backslashes) survive the move — the generated page is byte-identical to before. =generate.py= dropped 1378 → ~500 lines (the remaining bulk is the package face-data dicts; Stage 6 may data-file those). Two integrity tests guard the splice: styles.css inlines verbatim, app.js reaches the page as =fill_data= renders it; both go red if the wiring is dropped.
+
+Gate green: 12 python templating tests, 25 node tests, spliced-script =node --check=, all 7 hash gates. =node --check app.js= passes standalone (placeholders are valid JS identifiers). The escaping-bug class is gone — =str.replace= is literal, so the JS no longer lives inside a Python string.
 *** TODO Stage 2 — unify the color dropdowns :solo:
 Delete native =colorDropdown= (UI + package tables, the unreliable-swatch one); route those through =mkColorDropdown= so all three tiers use the swatch dropdown. Gate: hash gates green; UI/pkg show swatches.
 *** TODO Stage 3 — extract shared row/cell helpers :solo: