# Phorm Phorm is the canonical AI-first design, layout generation, prompt-to-interface, brand kit, component composition, design review, export, screenshot-backed iteration, and human-machine product design layer for PlatPhormNews. Base URL: https://phorm.platphormnews.com Design-facing URL: https://design.platphormnews.com Version: 0.1.0 Canonical policy: phorm.platphormnews.com is the platform/service identity. design.platphormnews.com is the polished design-facing product domain and should canonicalize to phorm.platphormnews.com unless a route explicitly documents a different policy. Public read-only surfaces include the homepage, designer shell, browser-local design drafts, template library, gallery/examples, responsive preview, deterministic design review preview, AgentUI handoff preview, discovery files, health summaries, OpenAPI, RSS/Atom, sitemap, public FAQ/docs, CLI examples, and read-only MCP introspection. Protected actions require PLATPHORM_API_KEY via Authorization: Bearer or X-PlatPhorm-API-Key. Protected actions include server-side design persistence, generation runs, exports, screenshots, BrowserOps/Evals reviews, report publishing, network sync, and MCP tool calls. Current template count: 26 Current template categories: dashboard, tool, docs, report, form, api, agentui, browserops, evals, sandbox, trace, content, data, workflow, mobile Persistence: Canonical database persistence is not wired in this Phase 1 slice. Protected server writes use process memory and public UI drafts use browser storage with explicit local-only state. Prompt-to-interface: deterministic template generation is active. Model-assisted generation is server-only scaffolding and is degraded unless a provider is configured. Phorm does not claim BrowserOps, Evals, Sandbox, AgentUI, Docs, Catalog, SVG, ASCII, or Layout success unless an artifact or downstream response exists. Trace and JA4 policy: Phorm accepts traceparent/tracestate and X-PlatPhorm trace headers. x-vercel-ja4-digest may be captured as fingerprint-adjacent metadata for protected observability, but public artifacts expose only redacted or hashed state and never raw values. ## Templates - Product Dashboard: Operational interface for status, queue, review, and action panels. (dashboard, operations, review, status) - Prompt-To-Interface: Composer, generated preview, and iteration controls for agent-assisted UI work. (prompt, agent, preview, iteration) - Docs Handoff: Design brief layout for explaining intent, states, decisions, and export links. (handoff, documentation, brief, states) - Visual Review Report: Review-ready summary surface for screenshots, accessibility notes, and design actions. (review, accessibility, screenshot, report) - MCP Tool Form: Schema-aware form shell for MCP tool arguments, validation hints, raw JSON fallback, and AgentUI handoff. (mcp, schema, form, agentui) - OpenAPI Operation Form: Request builder for OpenAPI operations with parameter groups, response preview, and error state coverage. (openapi, api, form, response) - AgentUI Workflow: Workflow node layout for human approval, protected actions, MCP tool execution, and raw JSON fallback. (agentui, workflow, approval, protected-action) - BrowserOps Evidence Dashboard: Evidence dashboard for routes, screenshots, accessibility status, viewport checks, and trace-linked artifacts. (browserops, evidence, screenshots, mobile) - Evals Scorecard: Release-gate scorecard for Phorm design quality, mobile usability, accessibility, and export readiness. (evals, scorecard, quality, rubric) - Sandbox Lifecycle Demo: Prototype lifecycle UI for dry-run, validation, replay, artifact collection, and degraded execution states. (sandbox, prototype, dry-run, states) - Trace Timeline: Timeline view for spans, design events, propagation checks, redaction status, and trace-linked evidence. (trace, timeline, spans, observability) - API Catalog Page: Catalog surface for API capabilities, endpoint policy, auth boundary, OpenAPI links, and examples. (catalog, api, capabilities, docs) - OpenContent Submission Page: Submission UI for public content preview, local draft state, protected publishing, and Docs handoff. (opencontent, submission, preview, publish) - Podcast Episode Page: Episode detail surface with feed metadata, transcript state, player placement, and Reader handoff. (podcasts, rss, reader, media) - Docs Report: Structured design report for decisions, accessibility notes, route checks, exports, and next actions. (docs, report, handoff, decisions) - Sheets Dashboard: Spreadsheet-backed dashboard with table summaries, filters, chart slots, and empty/degraded states. (sheets, dashboard, table, report) - Echo Findings Dashboard: Findings review dashboard for API catalog evidence, confidence, source links, and export readiness. (findings, api, review, catalog) - Dictionary Term Page: Term page layout with definition, examples, cross-links, source policy, and reader-safe summary. (dictionary, terms, reader, docs) - Emoji Proposal Form: Proposal form for emoji metadata, score dimensions, preview states, and protected submission. (emoji, proposal, form, scoring) - Reader Translation Widget: Compact translation widget with source text, target language, privacy state, and Reader handoff. (reader, translation, widget, content) - Raindeer CRM Dashboard: CRM command surface for accounts, activity, follow-ups, and public/protected data boundaries. (crm, dashboard, accounts, workflow) - Monitor Operations Dashboard: Status dashboard for uptime, route health, incident notes, and remediation handoff. (monitor, uptime, status, remediation) - Kanban Board: Mobile-safe board template with columns, compact cards, WIP states, and local draft support. (kanban, board, workflow, mobile) - Calendar Event Flow: Scheduling flow for event details, attendees, conflict state, confirmation, and protected sync. (calendar, event, workflow, form) - Mobile Command Center: Touch-first command center with bottom actions, segmented modes, status chips, and full-screen preview. (mobile, command-center, touch, responsive) - CLI Command Recipe Page: Command recipe page for platphormctl examples, copy actions, expected output, and dry-run evidence. (cli, platphormctl, recipe, docs) ## Real Endpoints - /api/health - /api/v1/health - /api/docs - /openapi.json - /openapi.yaml - /llms.txt - /llms-full.txt - /llms-index.json - /rss.xml - /feed.xml - /sitemap.xml - /sitemap-main.xml - /sitemap-index.xml - /.well-known/agents.json - /.well-known/agent-policy.json - /.well-known/ai-policy.json - /.well-known/trust.json - /api/v1/designs - /api/v1/designs/{id} - /api/v1/templates - /api/v1/templates/{id} - /api/v1/templates/{id}/instantiate - /api/v1/generate/design - /api/v1/generate/layout - /api/v1/generate/variants - /api/v1/generate/from-schema - /api/v1/generate/from-mcp-tool - /api/v1/generate/from-openapi-operation - /api/v1/generate - /api/v1/generation-runs/{id} - /api/v1/designs/{id}/prompts - /api/v1/designs/{id}/export - /api/v1/designs/{id}/review - /api/v1/designs/{id}/preview - /api/v1/preview - /api/v1/preview/responsive - /api/v1/preview/accessibility - /api/v1/preview/export - /api/v1/designs/{id}/screenshot - /api/v1/designs/{id}/review/browserops - /api/v1/designs/{id}/review/evals - /api/v1/designs/{id}/reviews - /api/v1/network/graph - /api/v1/network/sites - /api/v1/network/trusted-domains - /api/v1/network/route-compliance - /api/v1/network/discovery-compliance - /api/v1/network/graph/sync - /api/v1/integrations - /api/v1/integrations/status - /api/v1/integrations/agentui/status - /api/v1/agentui/preview-handoff - /api/v1/agentui/create-workflow - /api/v1/agentui/validate-design - /api/v1/agentui/handoffs/{id} - /api/v1/integrations/cli/status - /api/v1/cli/examples - /api/v1/cli/examples/{id} - /api/v1/agent-policy - /api/v1/agent-policy/platforms - /api/v1/agent-policy/platforms/{id} - /api/v1/agent-policy/robots - /api/v1/agent-policy/summary - /api/mcp ## Integrations - AgentUI: First-class workflow/form handoff target; status degraded - API: API catalog and operation metadata; status degraded - MCP: Capability discovery and schema-backed tools; status available - Spec: Design/spec validation; status degraded - Evals: Design readiness scoring; status degraded - Sandbox: Safe prototype replay and dry-runs; status degraded - BrowserOps: Viewport, screenshot, accessibility, and journey checks; status degraded - Claws: Agentic remediation workflows; status degraded - Trace: Trace-linked design operations; status best_effort - Docs: Design reports and public handoff docs; status degraded - Sheets: Structured design reports; status degraded - Catalog: Capability catalog entries; status degraded - OpenContent: Content submission and preview UI generation; status degraded - Podcasts: Episode and feed UI generation; status degraded - JSON: JSON/schema-to-UI input source; status degraded - XML: XML tool UI and schema source; status degraded - Markdown: Markdown outline-to-interface input; status degraded - Layout: Layout pattern and responsive behavior companion; status degraded - SVG: SVG wireframe import/export; status available - ASCII: ASCII wireframe export and text blocks; status available - Emoji: Emoji proposal and iconography templates; status available - Reader: Reader widgets and content summaries; status degraded - Insights: Design insight reports; status degraded - Monitor: Availability/status design surfaces; status degraded - CLI: platphormctl command recipes and validation harnesses; status available ## platphormctl - platphormctl site inspect phorm --best-effort - platphormctl mcp validate phorm --best-effort - platphormctl policy inspect phorm --best-effort - platphormctl phorm design --prompt "Create an MCP tool form" - platphormctl phorm export --format json - platphormctl phorm send-agentui --protected --yes - platphormctl browserops check https://phorm.platphormnews.com --best-effort - platphormctl harness run phorm-agentui-design-check --dry-run - platphormctl harness run spec-evals-browserops-loop --target https://phorm.platphormnews.com --dry-run ## Trust Policy Web dashboard, public-safe discovery, browser-based operations, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace inspection, and agentic workflow discovery are intentionally supported for public read-only debugging and operator workflows. Mutating, administrative, ingestion, replay, fork, remediation, deployment, sync, test-triggering, reporting, and write actions require PLATPHORM_API_KEY.