Section
How-to Guides
Follow task-oriented guides that turn intent into working implementation steps.
In this section
Browse the public pages here.
-
Form Interactions Guide
Use RazorWire form interactions when a server-rendered form needs small local mechanics without page-specific JavaScript: reveal or disable conditional fields, add one-dimensional model-bound rows, duplicate draft rows, and remove rows while keeping ASP.NET Core model binding predictable.
-
Runtime Contract Pipeline Explanation
RazorWire browser assets are authored in TypeScript and delivered through the same package paths that hosts already use. Application code does not need to move to new script URLs, globals, custom events, DOM hooks, CSS hooks, or island strategy names.
-
Page Navigation Guide
RazorWire page navigation enhances same-page section links without turning your page into a client-side app. Use it when a server-rendered page already has normal anchors and sections, but needs active section state, reduced-motion-aware navigation, optional compact panel close behavior, and Turbo/frame lifecycle cleanup.
-
Security & Anti-Forgery Troubleshooting
When using RazorWire Turbo Streams to replace or update parts of a page that contain forms, the original Anti-Forgery token hidden input may be lost. To prevent `400 Bad Request` errors on subsequent form submissions, ensure the token is included in your updated HTML.
-
Behavior Kit Guide
Use RazorWire Behavior Kit when a server-rendered app needs small app-authored JavaScript that follows RazorWire's page lifecycle. Behavior Kit is for progressive enhancement, not for replacing your frontend architecture.
-
Hybrid Hosting With Cloud Run Guide
Hybrid hosting keeps static pages cheap while leaving RazorWire-managed live behavior on a real ASP.NET Core app. The public site can serve exported files from `https://www.example.com`, while streams, islands, and safe RazorWire forms call `https://api.example.com`.
-
Section Copy Guide
Use RazorWire section copy when a server-rendered documentation page, reference page, or long-form article needs stable "copy link to this section" behavior without app-specific clipboard JavaScript.
-
From Program.cs to an AppSurface Module Guide
See browser status pages and production error pages move from local startup policy to a named AppSurface Web behavior contract.
-
AGENTS.md Guide
These guidelines apply to all changes made in this repository.
-
AnalyzerReleases.Shipped Guide
Rule ID | Category | Severity | Notes --------|----------|----------|------- ASFLOWA001 | AppSurface.Flow.Authoring | Error | Generated Flow outcome is not mapped. ASFLOWA002 | AppSurface.Flow.Authoring | Error | Generated Flow target does not exist. ASFLOWA003 | AppSurface.Flow.Authoring | Error | Generated Flow target is ambiguous or incompatible. ASFLOWA004 | AppSurface.Flow.Authoring | Error | Generated Flow start node is invalid. ASFLOWA005 | AppSurface.Flow.Authoring | Error | Generated Flow authoring declaration is invalid. ASFLOWA006 | AppSurface.Flow.Authoring | Warning | Generated Flow authoring mixes generated and low-level registration.
-
AppSurface CI Critical Path Guide
This note is the CI-000 baseline for build-time work. It records the current PR decision path before coverage artifact changes or test-group experiments are judged by timing data.
-
AppSurface CLI Authenticated Command Design Guide
Issue `#425` defines the design contract for future AppSurface CLI authentication. It does not add auth commands yet.
-
AppSurface Docs Design Language Guide
AppSurface Docs should feel like a focused documentation workspace, not a marketing site and not a generic SaaS dashboard. The UI should help people orient quickly, scan densely, and move deeper into docs with very little friction.
-
AppSurface Docs Roadmap Guide
This note keeps the in-repo AppSurface Docs plan aligned with the phased GitHub roadmap.
-
AppSurface Flow Guide
AppSurface Flow is the typed long-running process surface for AppSurface. It lets package authors describe a process as a stable graph of nodes, run that graph locally for tests and examples, then map the same node outcomes into durable orchestration decisions.
-
AppSurface licensing Guide
Explains the OSS license boundary, commercial purchase intent, and package-readiness signals.
-
AppSurface Web PWA Install and Push-Worker Support Guide
AppSurface Web owns a small, composable [Progressive Web App](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps) foundation: install metadata, explicit offline behavior, push-event plumbing, service-worker registration metadata, and privacy-safe diagnostics. Each capability is opt-in. Enabling push does not request notification permission, create a subscription, choose recipients, or send a message.
-
Aspire Projects Guide
Local AppHost composition for .NET Aspire applications.
-
Console Projects Guide
This directory contains libraries and tools for building command-line applications.
-
Contributing to AppSurface Guide
AppSurface is putting its release contract in place before the first tagged version. This file explains the contribution rules that feed the public release surface.
-
Dependency Injection Projects Guide
Integrations with various dependency injection containers and advanced DI utilities.
-
Design: LocalSecrets Linux Trusted secret-tool Resolution Guide
Generated by /office-hours and queued for /autoplan on 2026-06-21 Branch: codex/localsecrets-secret-tool-autoplan Repo: forge-trust/AppSurface Status: DRAFT Mode: Builder
-
LICENSE Guide
<https://polyformproject.org/licenses/small-business/1.0.0>
-
Local Secrets Without A Remote Vault Guide
Use LocalSecrets when a solo AppSurface app needs one-machine local development secrets and is not ready for a remote vault. The app keeps the same logical AppSurface config key, while LocalSecrets stores the value under the app and environment on the current machine.
-
Migrate From .env Guide
LocalSecrets does not parse `.env` files directly. Move each secret into the local store using the same AppSurface config key that the app already expects.
-
Migrate From dotnet user-secrets Guide
Keep the same logical config keys when moving from `dotnet user-secrets` to LocalSecrets.
-
Migrate From LocalSecrets Guide
LocalSecrets is the single-machine pre-vault posture. Google Secret Manager is the remote provider for Google Cloud hosts that need team-safe storage, IAM-mediated access, and production-like source evidence.
-
Move To Google Secret Manager Guide
LocalSecrets is a pre-vault step. The migration ladder is:
-
Observability Guide
Application-side logging, tracing, and metrics for AppSurface apps.
-
Package readiness evidence Guide
This dashboard is a maintainer review surface for package-index evidence. It is not a live NuGet publish, artifact, smoke-install status board, or per-version release evidence bundle; use the release cockpit and protected package workflows for per-version publish proof.
-
RazorWire Generated UI Design Contract Reference
RazorWire helps server-rendered ASP.NET Core apps update page fragments without asking every app to invent a separate frontend runtime. That means RazorWire occasionally owns small generated UI nodes: enhancement markers, form feedback, stream connection affordances, and other package-created fragments that support RazorWire behavior.
-
RazorWire Stream Authorization Guide
RazorWire stream endpoints are safe by default. A request must pass channel validation, stream authorization, and single-process admission before the endpoint writes `text/event-stream`, subscribes to the hub, or consumes an admission lease.
-
Security Policy Guide
AppSurface is pre-`v1.0.0`, but security reports still need a private path.
-
Static Auth Projection Guide
RazorWire auth helpers are passive UI projection. They do not authorize endpoints, sign users in, sign users out, or turn build-time identity into runtime identity. Static export treats those helpers as public artifact boundaries: protected `rw:auth-allowed` content is never written to CDN or hybrid output.
-
Third-Party Notices Guide
ForgeTrust.AppSurface.Cli includes the following third-party payloads in addition to the repository license.
-
Third-Party Notices Guide
ForgeTrust.AppSurface.Docs includes the following third-party components in addition to the repository license.
-
Third-Party Notices Guide
ForgeTrust.AppSurface.Web.Tailwind and ForgeTrust.AppSurface.Web.Tailwind.Runtime.* packages include the following third-party payloads in addition to the repository license.
-
Use Env Or Key-Per-File In CI And Containers Guide
LocalSecrets is a local user-session feature. CI jobs, containers, service accounts, and headless Linux sessions should prefer environment variables, key-per-file, or a remote secret provider.
-
Web Projects Guide
This directory contains libraries and tools specifically for web application development within the AppSurface ecosystem.