From 1a756462ef100626d1365c3b849064197d3b41ca Mon Sep 17 00:00:00 2001
From: Shay Palachy <shaypal5@users.noreply.github.com>
Date: Sun, 24 May 2026 22:59:47 +0300
Subject: [PATCH 1/4] feat(scripts): ShmuggingFace preview site builder +
 Cloudflare Pages deploy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- scripts/build_shmuggingface_site.py (new): reads the three public release
  tiers, renders release/README.md → HTML via markdown-it-py (linkify
  disabled), loads per-tier manifest/metrics/feature-dict/sample rows, emits
  a shmuggingface.config.mjs and drives ShmuggingFaceCore to produce a
  HuggingFace+Kaggle mock static site, then deploys via wrangler pages deploy.

- ShmuggingFaceCore is auto-cloned to /tmp/shmuggingface-core on first run
  and git-pulled on subsequent runs; no npm dep installation required.

- Config includes descriptionHtml (full README as HTML), coverImage,
  splits/subsets arrays, files[].about descriptions, and 8 sample rows.
  All file references use relative sourcePath so ShmuggingFaceCore copies
  real release files into the dist.

- Cloudflare Pages project 'leadforge-lead-scoring-v1-preview' created on
  the adanim account; live at:
  https://leadforge-lead-scoring-v1-preview.pages.dev

- pyproject.toml: per-file-ignores for S603/S607/S108/E501 on the script
  (subprocess calls with controlled inputs; long data strings).
- .gitignore: add release/_shmuggingface/ and .wrangler/
- .agent-plan.md: mark PR 7.2.2 complete; update PR 7.3 to cite preview site

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .agent-plan.md                      |   3 +-
 .gitignore                          |   5 +
 pyproject.toml                      |   4 +
 scripts/build_shmuggingface_site.py | 478 ++++++++++++++++++++++++++++
 4 files changed, 489 insertions(+), 1 deletion(-)
 create mode 100644 scripts/build_shmuggingface_site.py

diff --git a/.agent-plan.md b/.agent-plan.md
index 0a55f90..718daf8 100644
--- a/.agent-plan.md
+++ b/.agent-plan.md
@@ -66,7 +66,8 @@ Goal: ship a best-in-class educational synthetic CRM lead-scoring dataset family
 - [x] PR 7.1: LLM critique module + prompt + driver landed.  `leadforge/validation/llm_critique.py` (new) — single-provider Anthropic critique core via an `LLMCritiqueClient` protocol (no preemptive OpenAI/Gemini stubs); `_AnthropicCritiqueClient` lazy-imports the SDK so the module imports cleanly even on machines without `anthropic` installed (the skip-cleanly path needs to work without the SDK).  `has_anthropic_credentials` / `api_key_or_skip` treat unset and empty-after-strip identically as "absent", explicitly to handle the `env -i` / stale `.envrc` case where the shell sets `ANTHROPIC_API_KEY=""` and the SDK would otherwise 401 instead of cleanly skipping.  Default model `claude-opus-4-7` with `thinking={"type": "adaptive", "display": "summarized"}` (only mode supported on Opus 4.7 — manual `budget_tokens` 400s) and `output_config={"effort": "high"}` (recommended minimum for intelligence-sensitive work per the `claude-api` skill); two prompt-cache breakpoints (rubric + input bundle) per the design doc's caching strategy so the common adjudication-loop workflow hits cache on both layers; streamed via `messages.stream(...).get_final_message()` to dodge the 10-min idle-connection timeout on long adaptive-thinking responses.  `build_input_bundle` is pure (same `release_dir` → byte-identical bytes → identical `sha256`) and assembles eleven blocks: `release/README.md`, per-tier `dataset_card.md`, `docs/release/generation_method.md`, `manifest.json`, `feature_dictionary.csv`, `validation_report.{md,json}`, the first 100 test-split rows rendered as deterministic CSV, the public/instructor diff summary (live-derived from the `BANNED_LEAD_COLUMNS` / `BANNED_OPP_COLUMNS` / `BANNED_TABLES` / `SNAPSHOT_FILTERED_TABLES` constants in `leakage_probes.py` — single source of truth, auto-stays-in-sync, sync-tested), the public-safe mechanism summary (motif family **names** + difficulty knob **names**, never values — same redaction posture as `student_public`), and the break-me guide verbatim ("avoid re-deriving" the existing nine patterns).  `parse_critique_response` schema-validator pins eleven malformations (missing required field, wrong severity, wrong category, wrong rubric dimension, finding-id collision, findings non-list, top-level non-object, non-JSON, score out of range, defensive code-fence stripping, empty findings list valid) and returns every problem in one error rather than the first one.  Output schema is a frozen dataclass (no pydantic dependency) with the nine-value `category` vocabulary lifted **verbatim** from `break_me_guide.md` so findings route to existing issue-template labels without translation; `rubric_dimension: str` is required on every finding (D1-D14) so reviewers can audit clustering.  Provenance triple (`model` / `effort` / `thinking_mode`) plus per-source-file `bundle_hashes` and the assembled `input_bundle_sha256` are carried on every result for audit-artifact-sync — re-runs on the same RC produce the same bundle hashes.  `docs/release/llm_critique_prompt.md` (new) — the rubric document the driver feeds to Claude, parseable via `<system_prompt>` / `<user_cue>` section markers with surrounding prose ignored; fourteen rubric dimensions (D1 documentation truthfulness · D2 leakage discipline · D3 realism vs disclosure · D4 difficulty signal · D5 calibration / value-aware ranking · D6 cohort/time-window discipline · D7 notebook integrity · D8 platform packaging hygiene · D9 adversarial-framing completeness · D10 pedagogy of the documented `total_touches_all` trap · D11 effective semantic diversity per recommendation #12 v1 scope · D12 Datasheets-for-Datasets composition · D13 manifest/provenance integrity · D14 out-of-scope guard).  Severity calibration explicitly written to discourage padding the report with low-severity nits and to surface "no high-severity findings" as a positive signal vs "the critique didn't surface any".  `scripts/run_llm_critique.py` (new) — driver mirroring `validate_release_candidate.py`'s posture (free-function `parse_args`, frozen `DriverConfig`, `run_critique(config) -> DriverResult`, `main(argv)` returning an exit code).  Skip-cleanly path triggers BEFORE any I/O — no rubric read, no bundle build, no out-dir creation; tested explicitly with `not (tmp_path / "out").exists()` after the skip.  Three modes alongside the live path: `--dry-run` writes the rendered input bundle to `<out-dir>/llm_critique_input_<ts>.md` for human inspection (different filename from the real raw JSON, can't be confused); `--no-execute` calls `api_key_or_skip` + `build_anthropic_client()` to prove the SDK is installed and creds are present without burning an API call (CI smoke); `--out-tag` suffixes the raw filename so adjudication re-runs don't shadow the canonical run.  Outputs: timestamped `llm_critique_raw_<UTC-iso>.json` (accumulates per run, no clobber) + canonical `llm_critique_summary.md` (overwritten in place so dataset-card links don't rot).  Exit codes mirror `validate_release_candidate.py`: 0 pass (skip-cleanly counts as pass), 1 high-severity surfaced and unresolved, 2 pre-flight error or schema-validation failure (every problem rendered to stderr, not just the first).  Adjudication is **maintainer-driven** post-exit — resolve in code OR log to `v2_decision_log.md`, then re-run; the next critique's exit code is the gate.  Tests: 61 cases across `tests/validation/test_llm_critique.py` (48) and `tests/scripts/test_run_llm_critique.py` (13), no live API; the protocol is exercised via a small in-process `_CannedClient` fake.  Sync tests pin: every `VALID_CATEGORIES` entry appears in `break_me_guide.md` (vocabulary doesn't drift), `VALID_RUBRIC_DIMENSIONS` is exactly D1-D14, the live-derived public/instructor diff names every banned-column/banned-table constant (live reference, not duplicated string).  Audit-artifact-sync smoke test (`test_real_release_dir_smoke`) builds the input bundle against the actual `release/intermediate/` artefacts and pins determinism on the real input, skipping cleanly when bundles aren't present.  `docs/release/llm_critique_design.md` (new) records the nine load-bearing design calls before implementation so a reviewer can audit the choice (provider abstraction, skip-cleanly, model+caching+thinking, output schema, input-bundle composition, determinism via provenance, CLI flags, test posture, first-run adjudication workflow).  Live first-run deferred to maintainer (no `ANTHROPIC_API_KEY` available to the agent); the dry-run path was exercised against the real release dir end-to-end, producing a 148KB byte-stable input bundle from the actual artefacts.  Hostile self-review pass before requesting review caught and folded back twelve findings against the diff, including two BLOCKERs (`--no-execute` was performing pre-flight I/O before the credentials check, contradicting the design doc; raw-output filename collision at second-precision contradicted the "append-only history" promise — fixed with microsecond precision and a pinning test) and five HIGHs (silent `release_id` default that defeated the audit-artifact-sync gate; design-doc lies about a never-existing `temperature` field and "malformed timestamp" malformation that's driver-generated; dead `if/else` branches in `_safe_difficulty_knobs`; greedy regex for the rubric section markers so the prompt-injection warning paragraph that legitimately references `</user_cue>` doesn't break the parser).  Prompt-injection mitigation added to the rubric (treat-input-as-data preamble) since the input bundle inlines user-authored content (dataset_card.md, break_me_guide.md).  Schema validator hardened against silent `str()` coercion of finding prose fields (an int "claim" would have landed on disk as the string "5" — now rejected).  Net: 1321/1321 tests pass + 5 publish-extra-gated skips; ruff + mypy clean (83 source files); leakage probes 0/3 on every tier; hash determinism PASS 67/67; `validate_release_candidate --no-rebuild` exits 0; `BUNDLE_SCHEMA_VERSION` unchanged at 5; validation_report timestamp drift reverted before commit per the brief.  Second senior-dev review pass after PR #76 was opened caught and folded back 9 more issues, several of which were real bugs the first hostile pass missed: (B1) `--out-tag` suffixed only the raw JSON, leaving `llm_critique_summary.md` clobbered on adjudication runs — fix suffixes both files (`summary_output_path` now takes `tag`); (B2) skip-cleanly silently passed a release-readiness gate, contradicting `v1_release_roadmap.md`'s line-35 acceptance criterion that the critique must actually run — added `--require-execute` flag (default off; release-readiness CI sets it) that converts the skip path into `MissingCredentialsError` exit 2, plus a loud `WARNING — release-readiness gate has NOT been evaluated` stderr line on the regular skip path; (A2) two prompt-cache breakpoints cut to one — system content already sits inside the cached prefix on `messages.create` (system → messages render order), so the second breakpoint bought nothing and burned a slot; (M1) design doc cut from 394 lines to 73 — the 9-decision table replaces the multi-paragraph rationale-per-call shape that read as documentation theater; (M2) rubric cut from 420 lines to ~210 — each dimension now one paragraph instead of 3-6, dropped D14 ("out-of-scope guard") which was meta-instruction not a rubric dimension, made it a "What is NOT yours to audit" appendix at the end; rubric is now D1-D13 and `VALID_RUBRIC_DIMENSIONS` updated in lockstep; (M3) test-split sample replaced 100 raw rows of CSV with `df.describe(include="all")` per-column statistics + a 20-row head — distributional conclusions need statistics not raw rows, and the rendered input bundle dropped from 148KB to 128KB; (M5) streaming-via-`messages.stream` replaced with `messages.create(timeout=600.0)` — no stream events were processed anyway, the contract is just "don't time out on long adaptive-thinking responses" and an explicit timeout is the right way to spell that; (M6) `render_input_bundle_text` free function moved to `InputBundle.render()` method — leaky abstraction; the audit-artifact-sync framing was misleading (no committed-artefact diff) and was renamed to "smoke test against the real release dir" / "staleness check vs committed result" throughout the module and design doc.  Net after the second pass: 1323/1323 tests pass + 5 publish-extra-gated skips; ruff + mypy clean; leakage probes 0/3 on every tier; hash determinism PASS 67/67; `validate_release_candidate --no-rebuild` exits 0; `BUNDLE_SCHEMA_VERSION` unchanged at 5; validation_report timestamp drift reverted again before this commit.  First live critique run executed by the maintainer with a dedicated Anthropic project key (`leadforge-llm-critique-v1-prod`): score 7/10, six findings (1 high, 4 medium, 1 low), exit code 1 as designed for unresolved high-severity findings.  Adjudication: F001 high-severity (93 % `account_id` overlap between train/test documented only in break_me_guide §5, missing from README/dataset_card) — **resolved in code** by adding a "Group-leakage warning" paragraph to `release/README.md` "Splits" subsection citing the 518/557 figure and a `GroupKFold(account_id)` recipe; the parallel disclosure on the auto-rendered `dataset_card.md` is logged as `accepted-for-v2` because the renderer change is out of scope for PR 7.1's no-bundle-regen rule.  F004 medium (break_me_guide pattern 5 covered `account_id` but not `contact_id`, despite contacts being shared across the lead-keyed split at the same magnitude) — **resolved in code** by extending §5 to enumerate both keys and any reusable foreign-key column as group-leakage axes.  F006 low (README "Conversion rate (recipe band)" column header didn't make clear it was a recipe-acceptance window not an observed range) — **resolved in code** by renaming to "(acceptance band, gate G7.\*)" and adding a one-sentence note that observed five-seed spreads sit comfortably inside the band.  F002 medium (Gaussian noise produces non-physical values: negative ACV, negative day-deltas, day-deltas > snapshot_day=30, undisclosed in dataset card) — `accepted-for-v2`; requires `leadforge/narrative/dataset_card.py` change.  F003 medium (`](../foo)` relative links would 404 on Kaggle/HF) — `wont-fix`: already treated by `scripts/_release_common.py::rewrite_release_links()` which both platform packagers (PR 5.1, 5.2) call at packaging time; the LLM didn't have visibility into the platform packagers and made a wrong inference.  F005 medium (advanced-tier `calibration_max_bin_error = 0.5234` driven by an n=2 high-probability bin, no minimum-bin-count footnote) — `accepted-for-v2`; not a 1-line change, touches `release_quality.py` metric definition and would require regenerating `validation_report.{json,md}` which PR 7.1's brief explicitly forbids.  Three missing-section callouts (Datasheets §Biases, §Privacy, per-bundle group-split warning) and three maintainer questions (noise/windowing interaction, `top_decile_rate` naming, Kaggle/HF docs subtree) all logged to `docs/release/v2_decision_log.md`.  README edits cascaded into the platform packager artefacts; `release/kaggle/dataset-metadata.json` and `release/huggingface/README.md` regenerated cleanly via the existing packagers (`scripts/package_{kaggle,hf}_release.py`).  Critique run output committed to `release/validation/llm_critique_raw_20260508T204359.124834Z.json` + `release/validation/llm_critique_summary.md`.  Final net: 1325/1325 tests pass + 5 publish-extra-gated skips; ruff + mypy clean (83 source files); leakage probes 0/3 on every tier; hash determinism PASS 67/67; `validate_release_candidate --no-rebuild` exits 0; `BUNDLE_SCHEMA_VERSION` unchanged at 5.  Phase 7 PR 7.1 closed; PR 7.2 (local Kaggle/HF mock-page preview) is next.
 - [x] PR 7.2: local Kaggle + HuggingFace mock-page preview tooling landed.  `scripts/preview_kaggle_page.py` (new) — reads the *exact* artefacts the publish PR will upload (`release/kaggle/dataset-metadata.json` + the inlined README body + the cover image, prefer `release/kaggle/dataset-cover-image.png` then fall back to the gitignore-resilient `release/dataset-cover-image.png` master copy) and renders an offline HTML page mocking the public Kaggle dataset view: header (title / subtitle / id pill / licence / update-frequency / visibility), cover image, rendered description (the inlined README body), file tree of declared resources grouped by tier with per-tier counts, schema/columns table for every tabular resource (`resources[].schema.fields[].name/type/description`) with per-table column counts in the heading, user-specified-sources block (rendered only when present), keywords + licence footer.  Serves on `http://localhost:8765` via stdlib `http.server.ThreadingHTTPServer` (the threading variant inherits `allow_reuse_address=True` from `HTTPServer`, so Ctrl-C → re-run within ~60s does not raise `OSError [Errno 48] Address already in use` while the socket sits in TIME_WAIT — caught and folded back in self-review pass 1, the initial draft used `socketserver.ThreadingTCPServer` which defaults to `False`).  `--no-serve` builds the HTML and exits (CI / inspection mode); `--open-browser` pops a tab on startup; `--port` / `--release-dir` / `--out-dir` round out the surface.  `scripts/preview_hf_page.py` (new) — reads `release/huggingface/README.md` (or `release/huggingface-instructor/README.md` per `--variant=public|instructor`) and parses YAML frontmatter + Markdown body via a single anchored regex (`r"\A---\n(?P<yaml>.*?)\n---\n(?P<body>.*)\Z"` with `re.DOTALL`); renders the analogous HF view: header pills (pretty_name + license + task_categories + size_categories + language), tag chips, configs dropdown (one details-block per `configs[]` entry with the default config flagged via a single `badge--default` instance, data_files split→path table per config), file tree of declared YAML paths bucketed by config, README body, footer carrying the variant for human visual confirmation.  `--variant` defaults `--out-dir` to `release/_preview/huggingface/` (public) or `release/_preview/huggingface-instructor/` (instructor); the instructor path also reads its README from a different location (`huggingface-instructor/README.md`) and looks for the cover under the variant directory first.  Both scripts share the validation discipline from the Phase 5 packagers: build → validate → write; pre-flight failures (missing metadata, malformed JSON / YAML, unknown variant, missing cover) raise and the CLI converts to rc=2 without touching disk; runtime success exits 0.  Markdown rendering via `markdown-it-py` in `gfm-like` preset (tables / fenced code / strikethrough on; `linkify` explicitly disabled so the optional `linkify-it-py` transitive dep is not required); the dep is added to the `[publish]` extra alongside `datasets` / `kaggle` (mirrors the PR 5.1 / 5.2 gating posture for publish-pipeline tooling), and absent imports raise a clean `ImportError` pointing at `pip install -e ".[publish]"` instead of a cryptic stdlib `ModuleNotFoundError`.  Both renderers are pure: same `(metadata|doc, cover_filename|variant)` → byte-identical HTML (no `now()`, no random, no clock).  Output landing at `release/_preview/<platform>/index.html` is gitignored (`.gitignore` adds `release/_preview/`); the audit-artefact-sync gate lives at `release/_preview_committed/{kaggle,huggingface_public,huggingface_instructor}.html` (committed alongside the scripts, mirrors the PR 4.1 / 5.1 / 5.2 / 7.1 audit-sync pattern).  HTML is wrapped in a single self-contained file (CSS inlined, no external stylesheet) so each committed sample is human-inspectable directly from `git show` or a browser without a server.  XSS-safety: every user-controlled string passes through a hand-rolled `_escape` (`&`, `<`, `>`, `"`, `'`); kept hand-rolled rather than `html.escape` so the committed samples' `&#39;` (decimal) escapes don't churn against `html.escape`'s `&#x27;` (hex) entity.  Tests: 48 cases across `tests/scripts/test_preview_kaggle_page.py` (20) and `tests/scripts/test_preview_hf_page.py` (28); no live HTTP, no network, no socket open.  The four roadmap-mandated checks per script: required field labels appear in rendered HTML (Kaggle: title / subtitle / id / license / file count / schema column count; HF: pretty_name / license / configs / tags); every Markdown link in the source resolves to a non-allowlisted URL pattern fails the test (allow-list: `https://github.com/leadforge-dev/leadforge`, `https://huggingface.co/datasets/leadforge`, sibling-relative `LICENSE`, in-document `#` anchors — anything else is a 404 risk on the live page); the Kaggle schema table lists every column declared in `resources[].schema.fields` (iterates the committed metadata, asserts each `<code>{name}</code>` appears); every `configs[]` block in the HF YAML round-trips into the rendered dropdown.  Determinism is double-tested: `test_render_is_byte_deterministic` runs two passes against the real release artefact and pins equality; `test_committed_*_sample_matches_fresh_regeneration` pins the committed HTML against fresh regeneration byte-for-byte (the audit-sync gate).  Pre-flight error paths exercised end-to-end: missing artefact (`FileNotFoundError`), malformed JSON / YAML (`ValueError`), unknown variant, missing cover image — all return rc=2 via `main()` with informative stderr.  HTML escape coverage: `test_render_escapes_html_in_field_values` asserts a `<script>` payload in the title / pretty_name field is rendered as `&lt;script&gt;`, not as a live tag (XSS guard for any future recipe that surfaces unescaped user content).  `parse_hf_readme` rejects missing-frontmatter and non-mapping-frontmatter inputs explicitly so the renderer never sees half-parsed input.  `pyproject.toml` `[tool.ruff.lint.per-file-ignores]` adds `E501` for both preview scripts — inlined CSS strings inside f-string templates are the rendered product, not source code that benefits from a 100c wrap (mirrors the existing `scripts/build_release_notebook_*.py` ignore for the same reason).  `docs/release/preview_pages_design.md` (new, 59 lines) records the ten load-bearing design calls in the same decision-table shape as `llm_critique_design.md`: two scripts vs unified renderer, stdlib server vs Flask, f-string templates vs Jinja2, `markdown-it-py` via `[publish]` extra (with rationale for why this differs from the PR 5.1 / 5.2 *test* gating — preview scripts' runtime path requires the renderer, not just the smoke test), output-dir convention, cover-image inlining, HF variant flag, CLI shape, audit-sync, test posture (no live HTTP, no BeautifulSoup dep), plus the link-resolution rule (every rendered href must be in the allow-list — guards against the rewrite-stops-firing regression for `](../foo)` and `](validation/...)`).  Hostile self-review pass 1 caught and folded back three findings: (B1) BUG — `socketserver.ThreadingTCPServer` defaults `allow_reuse_address=False`, restart-after-Ctrl-C would 60-second TIME_WAIT; switched to `http.server.ThreadingHTTPServer`; (D1) DEAD CODE — `COMMITTED_SAMPLE_PATH` (Kaggle) and `_VARIANT_SAMPLE_PATH` (HF) module-level constants defined but never read at runtime (tests use their own `_REPO_ROOT`-rooted paths); deleted both, dropped the now-unused `socketserver` import; (M1) DOC LIE — `_resolve_cover_image` Kaggle docstring claimed "we prefer the kaggle-tree copy" without acknowledging that `release/kaggle/dataset-cover-image.png` is gitignored on a fresh checkout (only the committed master copy at `release/dataset-cover-image.png` is guaranteed present); reworded to call out the lookup order + gitignore reality.  Pass 2 found no significant architectural / scope issues — the ~30 lines of intentional duplication between the two scripts (`_escape`, `_serve`, `_make_handler_factory`, partly-duplicated CSS) are below the threshold where a `_preview_common.py` extraction would pay back; the Phase 5 `_release_common.py` exists for things shared between two callers, and a third caller is not on the horizon.  Net: 1373/1373 tests pass (1325 baseline + 48 new) + 5 publish-extra-gated skips; ruff + mypy clean (83 source files); leakage probes 0/3 on every tier; hash determinism PASS 67/67; `validate_release_candidate --no-rebuild` exits 0 (3 tiers, 5 seeds, 0 leakage findings); `BUNDLE_SCHEMA_VERSION` unchanged at 5; validation_report timestamp drift reverted before commit per the brief.  Phase 7 PR 7.2 closed; PR 7.3 (`publish_kaggle.py` + `publish_hf.py` + `docs/release/v1_release_notes.md` + tag `leadforge-lead-scoring-v1`) is next, and its publish runbook will cite the two preview commands as a required pre-flight step before `kaggle datasets create` / `huggingface-cli upload`.
 - [x] PR 7.2.1: agent-reviewable release artifacts landed.  Net effect: the published Kaggle / HuggingFace bundle is now self-contained for AI / offline review — every numeric or structural claim in the README is verifiable without following a `github.com/blob/main/...` link.  Six gaps closed.  (1) `release/metrics.json` (root) + `release/<tier>/metrics.json` (per tier) — deterministic JSON view of the headline LR AUC / AP / P@100 / Brier / conversion rate / cohort-shift / cross-tier ordering medians, with explicit JSON-path back-references to `release/validation/validation_report.json`.  Built by new `scripts/build_release_metrics.py` (idempotent, `--check` mode for CI).  (2) `release/docs/` vendored copies of `generation_method.md`, `channel_signal_audit.md`, `break_me_guide.md`, `feature_dictionary.md`, `v1_acceptance_gates_bands.yaml`, `v2_decision_log.md`, synced from `docs/release/` by new `scripts/sync_release_docs.py` (`--check` mode for CI).  (3) `release/docs/relational_table_schemas.csv` — hand-authored per-column documentation for all 9 relational tables (64 columns); validated against live parquet schemas in the new test suite.  The Kaggle packager now wires these descriptions into `resources[].schema.fields[].description` so the previously-empty `col__desc` cells in the mock preview are populated for `tables/*.parquet`.  (4) `release/claims_register_source.yaml` (hand-edited) + `release/claims_register.{md,json}` (rendered by new `scripts/build_claims_register.py`) — every numerical / structural claim in `release/README.md` paired with its backing artifact and JSON / YAML path; the JSON output carries a `schema` block describing its own field semantics so an agent landing on the file with no context can interpret it.  Twenty-six claims across nine categories (composition, calibration, redaction, difficulty, limitations, splits, provenance, out_of_scope, intended_use).  (5) `schema.org/Dataset` JSON-LD block injected into the `<head>` of both Kaggle and HuggingFace preview HTML pages; shared `render_jsonld_dataset` helper in `scripts/_preview_common.py` HTML-escapes `<` / `>` / `&` inside the rendered JSON to keep XSS-safety equivalent to the body-text path, and the HF variant builds the same block for `public` and `instructor` so variant differences stay localised to the footer marker (the existing regression-guard test).  (6) Instructor HF README beefed up with an "Agent-reviewable artifacts" section pointing reviewers at `docs/`, `claims_register.{md,json}`, `intermediate/manifest.json`, and `intermediate/feature_dictionary.csv`; cross-tier `metrics.json` intentionally omitted (single-tier dataset — cross-tier medians would mislead).  Both platform packagers extended: `scripts/package_kaggle_release.py::assemble_upload_dir` and `scripts/package_hf_release.py::assemble_upload_dir` copy the new root-level files (`metrics.json`, `claims_register.*`) and the `docs/` subtree into their upload trees so Kaggle / HF agents see the same files an offline reviewer would.  Kaggle additionally enumerates them in `resources[]` so the published dataset's "Data Files" panel surfaces them.  Shared infrastructure in `scripts/_release_common.py`: new `AGENT_REVIEWABLE_ROOT_FILES` tuple, new `AGENT_REVIEWABLE_DOCS_DIR` constant, and new `load_relational_column_descriptions(release_dir) -> dict[(table,col), str]` helper (single-sourced; both packagers consume the same map).  `SOURCE_TREE_BLOCK` updated in lockstep (the source-side tree diagram in `release/README.md` is the silent-failure trap the existing `validate_readme_substitution` guard catches — kept in sync).  Public `release/README.md` gains an "Agent-reviewable artifacts" subsection under "What's inside" pointing readers at the same files.  Tests: 28 new cases across `tests/scripts/test_sync_release_docs.py` (8), `tests/scripts/test_build_release_metrics.py` (9), `tests/scripts/test_build_claims_register.py` (11) covering happy path, idempotence, check-mode drift, missing-source error paths, invalid YAML rejection (missing keys, duplicate IDs, invalid categories), per-tier-skipping when bundle dirs aren't materialised, audit-sync gates against the real `release/` tree.  `tests/scripts/test_preview_{kaggle,hf}_page.py` extended (4 new cases) to pin JSON-LD presence in `<head>`, byte-equality across HF variants, and SPDX URL form (`https://opensource.org/licenses/MIT` rather than the bare `mit` token HF uses).  `tests/scripts/test_package_kaggle_release.py` extended to assert per-table parquet schemas now carry column descriptions and that the new agent-reviewable root resources land in the metadata's `resources[]`.  Committed previews (`release/_preview_committed/*.html`) regenerated.  Net: 1400/1400 tests pass + 5 publish-extra-gated skips; ruff clean across the touched scripts; mypy has the two pre-existing `_render_markdown` no-any-return warnings from PR 7.2 that are unrelated to this PR.  Hostile self-review after the PR opened caught and folded back six more gaps before merge: (B1) **no actual claims verifier** — the original PR shipped a claims register pointing at backing artifacts but nothing checked that the values matched.  `scripts/verify_claims_register.py` (new) walks every claim, expands `<tier>` placeholders + brace/comma multi-paths + `*` glob wildcards, resolves the JSON path inside each backing artifact, and compares numerics embedded in claim prose against the resolved value within `1e-3` tolerance.  Real bugs surfaced by the verifier during development and folded back: tier-placeholder expansion only fired on the artifact side (not the path side); brace + comma multi-paths weren't decomposed; `$.tables.*.sha256` glob wasn't supported by the walker; sentence-ending period (`advanced 0.351.`) was eating the last digit of the captured numeric.  Wired into CI as a new gate.  Gitignored bundle dirs (`release/{intro,intermediate,advanced,intermediate_instructor}/`) are soft-skipped when missing (fresh-checkout posture); `--strict` upgrades them back to hard errors for release-readiness runs.  (B2) **hardcoded difficulty knobs** in `build_release_metrics.py` would drift the moment someone retuned the recipe — replaced with a `load_difficulty_knobs` helper that reads from `leadforge/recipes/b2b_saas_procurement_v1/difficulty_profiles.yaml` live; each tier metrics file records a `difficulty_knobs_source` JSON-path pointer so the recipe-yaml's authoritative role is documented in the artifact itself.  (B3) **doc-vendoring footgun** — `sync_release_docs.py` would silently overwrite a destination edited in place; now returns a `_SyncResult` dataclass and refuses to clobber a destination whose mtime is newer than the source, with `--force` bypassing the guard.  `release/docs/README.md` (new) explains the vendoring direction loudly at the front of the directory so a reader landing on the wrong copy gets the right pointer.  (B4) **JSON-LD strings duplicated** in both preview scripts — single-sourced `LICENSE_URL_MIT` / `JSONLD_CITATION` / `JSONLD_CREATOR` / `JSONLD_VERSION` in `scripts/_preview_common.py`.  (B5) **no CI integration** — three `--check` modes existed but nothing ran them; new `release-artifacts-sync` job in `.github/workflows/ci.yml` runs all four (sync_release_docs --check, build_release_metrics --check, build_claims_register --check, verify_claims_register).  (B6) **weak validation of `relational_table_schemas.csv`** — `tests/release/test_relational_table_schemas.py` (new) enforces descriptions ≥12 chars and non-TODO, closed-vocabulary dtype (`{string, int64, bool, float64}`), closed-vocabulary `bundle_visibility` (`{public+instructor, instructor_only}`), no duplicate rows, and parity with live parquet arrow types against the instructor bundle.  Final tests: 1425/1425 + 5 publish-extra-gated skips; ruff clean; CI green.  Phase 7 PR 7.2.1 closed; PR 7.3 next.
-- [ ] **PR 7.3** — `scripts/{publish_kaggle,publish_hf}.py` (dry-run → local mock-page review → private/draft → public). Tag `leadforge-lead-scoring-v1`; `docs/release/v1_release_notes.md` (cites PR 7.2's preview commands as required pre-flight).
+- [x] **PR 7.2.2** — `scripts/build_shmuggingface_site.py` (new) — live Cloudflare Pages preview site for pre-publish review.  Reads the three public release tiers, renders `release/README.md` → HTML via `markdown-it-py` (linkify disabled; already in `[publish]` extra), loads per-tier `manifest.json` / `metrics.json` / `feature_dictionary.csv` / sample rows from `lead_scoring.csv`, and emits a `shmuggingface.config.mjs` under `release/_shmuggingface/` (gitignored alongside `_preview/`).  Drives `ShmuggingFaceCore` (auto-cloned to `/tmp/shmuggingface-core` on first run, `git pull` on subsequent) to generate 48-file static site, then deploys via `wrangler pages deploy` using the `adanim` Cloudflare account (`~/.config/adanim/cloudflare_api_token.env`).  CLI: `--release-dir`, `--out-dir`, `--smf-core`, `--deploy`, `--cf-env`, `--project-name`.  Config carries `descriptionHtml` (full README rendered as HTML), `coverImage` (cover image path), `splits`/`subsets` arrays (Dataset Viewer menus), `files[].about` (per-file descriptions), 8 sample rows, all using `sourcePath` relative paths so ShmuggingFaceCore copies real release files into the dist.  Live site deployed at `https://leadforge-lead-scoring-v1-preview.pages.dev` on the adanim account.
+- [ ] **PR 7.3** — `scripts/{publish_kaggle,publish_hf}.py` (dry-run → local mock-page review → private/draft → public). Tag `leadforge-lead-scoring-v1`; `docs/release/v1_release_notes.md` (cites PR 7.2's preview commands and ShmuggingFace preview site as required pre-flight).
 
 ---
 
diff --git a/.gitignore b/.gitignore
index e9893bd..9c2eecd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -239,3 +239,8 @@ release/huggingface-instructor/*
 # under release/_preview_committed/ is the audit-artefact-sync gate
 # and is checked into git separately.
 release/_preview/
+
+# Generated ShmuggingFace site output (PR 7.3) — config + dist built by
+# scripts/build_shmuggingface_site.py; deployed to Cloudflare Pages.
+release/_shmuggingface/
+.wrangler/
diff --git a/pyproject.toml b/pyproject.toml
index 871cd2a..1fe6af4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -121,6 +121,10 @@ select = ["E", "F", "I", "N", "W", "UP", "B", "C4", "PT", "S"]
 "scripts/preview_hf_page.py" = ["E501"]
 # _preview_common is plain Python (no inline HTML / CSS); leaving
 # E501 enabled.
+# ShmuggingFace site builder shells out to git / node / wrangler with
+# fixed, repo-controlled command lists; S603/S607/S108 are intentional.
+# E501: DISCUSSIONS strings are data (rendered as page content), not source.
+"scripts/build_shmuggingface_site.py" = ["S603", "S607", "S108", "E501"]
 
 [tool.mypy]
 python_version = "3.11"
diff --git a/scripts/build_shmuggingface_site.py b/scripts/build_shmuggingface_site.py
new file mode 100644
index 0000000..8aacf5a
--- /dev/null
+++ b/scripts/build_shmuggingface_site.py
@@ -0,0 +1,478 @@
+#!/usr/bin/env python3
+"""Build a ShmuggingFace review minisite from leadforge release artifacts.
+
+Reads the three public release tiers (intro / intermediate / advanced),
+renders the release README to HTML, and generates a static site via
+ShmuggingFaceCore that mirrors how the dataset will look on Kaggle and
+Hugging Face.  The site can then be deployed to Cloudflare Pages.
+
+Usage::
+
+    python scripts/build_shmuggingface_site.py [OPTIONS]
+
+Options
+-------
+--release-dir PATH
+    Root of the release directory.  Default: ``release/``.
+--out-dir PATH
+    Output directory for the generated static site.
+    Default: ``release/_shmuggingface/dist``.
+--smf-core PATH
+    Path to a local ShmuggingFaceCore checkout.  If absent the repo is
+    cloned to ``/tmp/shmuggingface-core`` (and pulled on subsequent runs).
+--deploy
+    Deploy the built site to Cloudflare Pages after building.
+--cf-env PATH
+    Cloudflare env file to source before wrangler.
+    Default: ``~/.config/adanim/cloudflare_api_token.env``.
+--project-name NAME
+    Cloudflare Pages project name.
+    Default: ``leadforge-lead-scoring-v1-preview``.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+import re
+import subprocess
+import sys
+from pathlib import Path
+
+try:
+    from markdown_it import MarkdownIt
+except ImportError:
+    sys.exit("markdown-it-py is required: pip install -e '.[publish]'")
+
+import pandas as pd
+
+# ---------------------------------------------------------------------------
+# Constants
+# ---------------------------------------------------------------------------
+
+TIERS = ["intro", "intermediate", "advanced"]
+TASK = "converted_within_90_days"
+
+GITHUB_BLOB_BASE = "https://github.com/leadforge-dev/leadforge/blob/main"
+SMF_CORE_REPO = "https://github.com/ShmuggingFace/ShmuggingFaceCore.git"
+SMF_CORE_CACHE = Path("/tmp/shmuggingface-core")
+DEFAULT_CF_ENV = Path.home() / ".config/adanim/cloudflare_api_token.env"
+DEFAULT_PROJECT = "leadforge-lead-scoring-v1-preview"
+
+TIER_LABEL = {"intro": "Intro", "intermediate": "Intermediate", "advanced": "Advanced"}
+TIER_USABILITY = {"intro": "9.4", "intermediate": "9.1", "advanced": "8.9"}
+TIER_MEDAL = {"intro": "Gold", "intermediate": "Silver", "advanced": "Bronze"}
+
+DISCUSSIONS = [
+    "What is `snapshot_day = 30` and how does it affect which features are valid at inference time?",
+    "Is `total_touches_all` a safe feature or a time-window leakage trap?",
+    "LR and GBM AUCs are very close across tiers — does relational feature engineering help?",
+    "How would you set a probability threshold for a team that can only work 50 leads per week?",
+    "What happens to AUC when you evaluate on a chronological hold-out instead of a random split?",
+]
+
+# ---------------------------------------------------------------------------
+# README rendering
+# ---------------------------------------------------------------------------
+
+_PARENT_LINK_RE = re.compile(r"\]\(\.\./([^)]+)\)")
+_VALIDATION_LINK_RE = re.compile(r"\]\(validation/validation_report\.md\)")
+
+
+def _rewrite_links(text: str) -> str:
+    """Rewrite relative markdown links to GitHub blob URLs."""
+    text = _PARENT_LINK_RE.sub(rf"]({GITHUB_BLOB_BASE}/\1)", text)
+    text = _VALIDATION_LINK_RE.sub(
+        f"]({GITHUB_BLOB_BASE}/release/validation/validation_report.md)", text
+    )
+    return text
+
+
+def render_readme_html(release_dir: Path) -> str:
+    """Render release/README.md to HTML with link rewriting."""
+    readme_text = (release_dir / "README.md").read_text(encoding="utf-8")
+    readme_text = _rewrite_links(readme_text)
+    md = MarkdownIt("gfm-like").disable("linkify")
+    return md.render(readme_text)
+
+
+# ---------------------------------------------------------------------------
+# Tier metadata loading
+# ---------------------------------------------------------------------------
+
+
+def load_tier(release_dir: Path, tier: str) -> dict:
+    """Load manifest, metrics, feature dictionary, and sample rows for one tier."""
+    tier_dir = release_dir / tier
+    manifest = json.loads((tier_dir / "manifest.json").read_text())
+    metrics = json.loads((tier_dir / "metrics.json").read_text())
+
+    fd = pd.read_csv(tier_dir / "feature_dictionary.csv")
+    columns = list(fd["name"])
+
+    df = pd.read_csv(tier_dir / "lead_scoring.csv")
+    # Stringify every cell so JSON serialization is clean
+    sample_rows = [
+        {k: ("" if str(v) in ("nan", "None") else str(v)) for k, v in row.items()}
+        for row in df.head(8).to_dict("records")
+    ]
+
+    return {
+        "tier": tier,
+        "tier_dir": tier_dir,
+        "task_dir": tier_dir / "tasks" / TASK,
+        "manifest": manifest,
+        "metrics": metrics,
+        "columns": columns,
+        "sample_rows": sample_rows,
+        "n_rows": int(df.shape[0]),
+    }
+
+
+# ---------------------------------------------------------------------------
+# Config building
+# ---------------------------------------------------------------------------
+
+
+def _rel(path: Path, from_dir: Path) -> str:
+    """Relative POSIX path from from_dir to path."""
+    return os.path.relpath(path, from_dir).replace(os.sep, "/")
+
+
+def make_dataset_config(tier_data: dict, config_dir: Path, readme_html: str) -> dict:
+    """Build a ShmuggingFace dataset config dict for one tier."""
+    tier = tier_data["tier"]
+    tier_dir = tier_data["tier_dir"]
+    task_dir = tier_data["task_dir"]
+    manifest = tier_data["manifest"]
+    metrics = tier_data["metrics"]
+    label = TIER_LABEL[tier]
+    medians = metrics.get("medians", {})
+
+    cr = medians.get("conversion_rate_test", 0.0)
+    lr_auc = medians.get("lr_auc", 0.0)
+    n_leads = manifest.get("n_leads", 5000)
+    snapshot_day = manifest.get("snapshot_day", 30)
+
+    task_info = manifest.get("tasks", {}).get(TASK, {})
+    train_rows = task_info.get("train_rows", 0)
+    valid_rows = task_info.get("valid_rows", 0)
+    test_rows = task_info.get("test_rows", 0)
+
+    def kb(path: Path) -> str:
+        return f"{max(1, path.stat().st_size // 1024)} KB"
+
+    files = [
+        {
+            "path": "lead_scoring.csv",
+            "size": kb(tier_dir / "lead_scoring.csv"),
+            "kind": "CSV",
+            "sourcePath": _rel(tier_dir / "lead_scoring.csv", config_dir),
+            "about": (
+                f"Flat ML-ready snapshot CSV: {n_leads:,} leads × "
+                f"{len(tier_data['columns'])} features, "
+                f"snapshot day {snapshot_day}.  Includes a 'split' column "
+                f"(train / valid / test) for conventional ML workflows."
+            ),
+        },
+        {
+            "path": "feature_dictionary.csv",
+            "size": kb(tier_dir / "feature_dictionary.csv"),
+            "kind": "CSV",
+            "sourcePath": _rel(tier_dir / "feature_dictionary.csv", config_dir),
+            "about": (
+                "Per-column documentation: dtype, analytical category, "
+                "leakage-risk flag, and plain-language description."
+            ),
+        },
+        {
+            "path": "tasks/converted_within_90_days/train.parquet",
+            "size": kb(task_dir / "train.parquet"),
+            "kind": "Parquet",
+            "sourcePath": _rel(task_dir / "train.parquet", config_dir),
+            "about": (
+                f"Training split — {train_rows:,} leads, "
+                f"stratified by conversion rate.  Target column: "
+                f"`converted_within_90_days` (bool)."
+            ),
+        },
+        {
+            "path": "tasks/converted_within_90_days/valid.parquet",
+            "size": kb(task_dir / "valid.parquet"),
+            "kind": "Parquet",
+            "sourcePath": _rel(task_dir / "valid.parquet", config_dir),
+            "about": f"Validation split — {valid_rows:,} leads.",
+        },
+        {
+            "path": "tasks/converted_within_90_days/test.parquet",
+            "size": kb(task_dir / "test.parquet"),
+            "kind": "Parquet",
+            "sourcePath": _rel(task_dir / "test.parquet", config_dir),
+            "about": (f"Test split — {test_rows:,} leads, held out for final evaluation only."),
+        },
+        {
+            "path": "dataset_card.md",
+            "size": kb(tier_dir / "dataset_card.md"),
+            "kind": "Dataset card",
+            "sourcePath": _rel(tier_dir / "dataset_card.md", config_dir),
+            "about": "Auto-generated tier-specific dataset card.",
+        },
+    ]
+
+    cover_rel = _rel(tier_dir.parent / "dataset-cover-image.png", config_dir)
+
+    return {
+        "slug": f"leadforge-lead-scoring-v1-{tier}",
+        "title": f"LeadForge Lead Scoring v1 — {label}",
+        "owner": "leadforge-dev",
+        "subtitle": (
+            f"{label} difficulty · {n_leads:,} leads · ~{cr:.0%} conversion rate · "
+            f"LR AUC {lr_auc:.3f} (5-seed median)"
+        ),
+        "license": "MIT",
+        "task": "tabular-classification",
+        "language": "English",
+        "rowCount": n_leads,
+        "splits": ["train", "valid", "test"],
+        "subsets": ["leadforge-lead-scoring-v1"],
+        "coverImage": cover_rel,
+        "descriptionHtml": readme_html,
+        "tags": [
+            "tabular",
+            "lead-scoring",
+            "synthetic-data",
+            "crm",
+            "b2b",
+            "datasets",
+            "pandas",
+            tier,
+        ],
+        "columns": tier_data["columns"],
+        "rows": tier_data["sample_rows"],
+        "files": files,
+        "discussions": DISCUSSIONS,
+        "downloads": "0",
+        "likes": "0",
+        "kaggleUsability": TIER_USABILITY[tier],
+        "kaggleMedals": TIER_MEDAL[tier],
+    }
+
+
+# ---------------------------------------------------------------------------
+# Config file writing
+# ---------------------------------------------------------------------------
+
+
+def write_config(site_config: dict, datasets: list[dict], config_path: Path) -> None:
+    """Write shmuggingface.config.mjs."""
+    full_config = {"site": site_config, "datasets": datasets}
+    config_json = json.dumps(full_config, indent=2, ensure_ascii=False)
+    config_path.write_text(f"export default {config_json};\n", encoding="utf-8")
+    print(f"  Config → {config_path}", file=sys.stderr)
+
+
+# ---------------------------------------------------------------------------
+# ShmuggingFaceCore management
+# ---------------------------------------------------------------------------
+
+
+def ensure_smf_core(smf_core: Path | None) -> Path:
+    """Return path to a working ShmuggingFaceCore checkout, cloning if needed."""
+    if smf_core is not None:
+        entry = smf_core / "bin/shmuggingface.mjs"
+        if not entry.exists():
+            sys.exit(f"ShmuggingFaceCore entry point not found at {entry}")
+        return smf_core
+
+    entry = SMF_CORE_CACHE / "bin/shmuggingface.mjs"
+    if SMF_CORE_CACHE.exists() and entry.exists():
+        print(f"  Updating ShmuggingFaceCore cache at {SMF_CORE_CACHE}", file=sys.stderr)
+        subprocess.run(
+            ["git", "-C", str(SMF_CORE_CACHE), "pull", "--quiet"],
+            check=False,
+        )
+    else:
+        print(f"  Cloning ShmuggingFaceCore → {SMF_CORE_CACHE}", file=sys.stderr)
+        subprocess.run(
+            ["git", "clone", "--depth=1", SMF_CORE_REPO, str(SMF_CORE_CACHE)],
+            check=True,
+        )
+    return SMF_CORE_CACHE
+
+
+# ---------------------------------------------------------------------------
+# Build and deploy
+# ---------------------------------------------------------------------------
+
+
+def build_site(config_path: Path, out_dir: Path, smf_core: Path) -> None:
+    """Run the ShmuggingFaceCore generator."""
+    out_dir.mkdir(parents=True, exist_ok=True)
+    print(f"  Building static site → {out_dir}", file=sys.stderr)
+    subprocess.run(  # noqa: S603, S607
+        [
+            "node",
+            str(smf_core / "bin/shmuggingface.mjs"),
+            "build",
+            "--config",
+            str(config_path),
+            "--out",
+            str(out_dir),
+        ],
+        check=True,
+    )
+
+
+def _load_cf_env(cf_env_path: Path) -> dict:
+    """Parse a shell env file and return a dict of variable overrides."""
+    env = os.environ.copy()
+    for raw_line in cf_env_path.read_text().splitlines():
+        line = raw_line.strip()
+        if line.startswith("#") or not line:
+            continue
+        if line.startswith("export "):
+            line = line[len("export ") :]
+        if "=" in line:
+            key, _, val = line.partition("=")
+            env[key.strip()] = val.strip().strip("'\"")
+    return env
+
+
+def deploy_site(out_dir: Path, project_name: str, cf_env_path: Path) -> None:
+    """Deploy the built site to Cloudflare Pages via wrangler."""
+    if not cf_env_path.exists():
+        sys.exit(
+            f"Cloudflare env file not found: {cf_env_path}\n"
+            f"Expected format:\n"
+            f"  export CLOUDFLARE_ACCOUNT_ID='...'\n"
+            f"  export CLOUDFLARE_API_TOKEN='...'"
+        )
+
+    env = _load_cf_env(cf_env_path)
+    account_id = env.get("CLOUDFLARE_ACCOUNT_ID", "(not set)")
+    print(
+        f"  Deploying to Cloudflare Pages\n"
+        f"    project : {project_name}\n"
+        f"    account : {account_id}\n"
+        f"    source  : {out_dir}",
+        file=sys.stderr,
+    )
+    result = subprocess.run(
+        ["wrangler", "pages", "deploy", str(out_dir), "--project-name", project_name],
+        env=env,
+    )
+    if result.returncode != 0:
+        sys.exit(f"Deployment failed (wrangler exit code {result.returncode})")
+
+    print(
+        f"\n  Live at: https://{project_name}.pages.dev",
+        file=sys.stderr,
+    )
+
+
+# ---------------------------------------------------------------------------
+# CLI
+# ---------------------------------------------------------------------------
+
+
+def main() -> None:
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description="Build (and optionally deploy) the ShmuggingFace review minisite.",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.add_argument(
+        "--release-dir",
+        default="release",
+        type=Path,
+        metavar="PATH",
+        help="Root of the release directory (default: release/)",
+    )
+    parser.add_argument(
+        "--out-dir",
+        type=Path,
+        metavar="PATH",
+        help="Output directory for the static site (default: release/_shmuggingface/dist)",
+    )
+    parser.add_argument(
+        "--smf-core",
+        type=Path,
+        default=None,
+        metavar="PATH",
+        help="Path to a local ShmuggingFaceCore checkout (auto-cloned if absent)",
+    )
+    parser.add_argument(
+        "--deploy",
+        action="store_true",
+        help="Deploy to Cloudflare Pages after building",
+    )
+    parser.add_argument(
+        "--cf-env",
+        type=Path,
+        default=DEFAULT_CF_ENV,
+        metavar="PATH",
+        help=f"Cloudflare env file (default: {DEFAULT_CF_ENV})",
+    )
+    parser.add_argument(
+        "--project-name",
+        default=DEFAULT_PROJECT,
+        metavar="NAME",
+        help=f"Cloudflare Pages project name (default: {DEFAULT_PROJECT})",
+    )
+    args = parser.parse_args()
+
+    release_dir = args.release_dir.resolve()
+    if not release_dir.is_dir():
+        sys.exit(f"Release directory not found: {release_dir}")
+
+    config_dir = release_dir / "_shmuggingface"
+    config_dir.mkdir(parents=True, exist_ok=True)
+    config_path = config_dir / "shmuggingface.config.mjs"
+    out_dir = args.out_dir.resolve() if args.out_dir else (config_dir / "dist")
+
+    # --- Render README -------------------------------------------------------
+    print("Rendering README.md → HTML …", file=sys.stderr)
+    readme_html = render_readme_html(release_dir)
+    print(f"  {len(readme_html):,} bytes of HTML", file=sys.stderr)
+
+    # --- Load tiers ----------------------------------------------------------
+    print("Loading release tiers …", file=sys.stderr)
+    datasets = []
+    for tier in TIERS:
+        print(f"  {tier}", file=sys.stderr)
+        tier_data = load_tier(release_dir, tier)
+        ds = make_dataset_config(tier_data, config_dir, readme_html)
+        datasets.append(ds)
+
+    # --- Write config --------------------------------------------------------
+    print("Writing shmuggingface.config.mjs …", file=sys.stderr)
+    site_config = {
+        "title": "LeadForge Lead Scoring v1 — Pre-Publication Review",
+        "owner": "leadforge-dev",
+        "visibility": "Pre-publication review mock — not yet live on Kaggle or Hugging Face",
+        "reviewerHint": (
+            "Review the dataset card copy, metadata accuracy, file listings, column "
+            "preview, and download behaviour across all three difficulty tiers. "
+            "The Shmaggle tab mirrors the Kaggle page; the ShmuggingFace tab mirrors "
+            "the Hugging Face page.  Flag anything that looks wrong before the real publish."
+        ),
+    }
+    write_config(site_config, datasets, config_path)
+
+    # --- Ensure ShmuggingFaceCore --------------------------------------------
+    smf_core = ensure_smf_core(args.smf_core)
+
+    # --- Build ---------------------------------------------------------------
+    print("Building static site …", file=sys.stderr)
+    build_site(config_path, out_dir, smf_core)
+    print(f"Done.  Site at: {out_dir}", file=sys.stderr)
+
+    # --- Deploy --------------------------------------------------------------
+    if args.deploy:
+        print("Deploying to Cloudflare Pages …", file=sys.stderr)
+        deploy_site(out_dir, args.project_name, args.cf_env)
+
+
+if __name__ == "__main__":
+    main()

From ce37b1e7072f939bd791e6c7c9f654d1a6db6fc4 Mon Sep 17 00:00:00 2001
From: Shay Palachy <shaypal5@users.noreply.github.com>
Date: Sun, 24 May 2026 23:04:25 +0300
Subject: [PATCH 2/4] fix(scripts): deploy to production branch (--branch main)
 on Cloudflare Pages

Without --branch main wrangler derives the branch name from the git checkout
(feat/shmuggingface-preview-site) and deploys to a preview slot, leaving the
root pages.dev URL serving Cloudflare's 'Nothing is here yet' placeholder.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 scripts/build_shmuggingface_site.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/scripts/build_shmuggingface_site.py b/scripts/build_shmuggingface_site.py
index 8aacf5a..e910f36 100644
--- a/scripts/build_shmuggingface_site.py
+++ b/scripts/build_shmuggingface_site.py
@@ -358,7 +358,17 @@ def deploy_site(out_dir: Path, project_name: str, cf_env_path: Path) -> None:
         file=sys.stderr,
     )
     result = subprocess.run(
-        ["wrangler", "pages", "deploy", str(out_dir), "--project-name", project_name],
+        [
+            "wrangler",
+            "pages",
+            "deploy",
+            str(out_dir),
+            "--project-name",
+            project_name,
+            "--branch",
+            "main",  # deploy to production slot, not a branch preview
+            "--commit-dirty=true",  # suppress the "uncommitted changes" warning
+        ],
         env=env,
     )
     if result.returncode != 0:

From 76ef379e889aab1aea0afc9e19600dbe2e3d1353 Mon Sep 17 00:00:00 2001
From: Shay Palachy <shaypal5@users.noreply.github.com>
Date: Mon, 25 May 2026 00:01:42 +0300
Subject: [PATCH 3/4] chore(deps): pin ShmuggingFaceCore to npm v1.0.0; drop
 git-clone fallback

- package.json (new): declares @shmuggingface/core via the GitHub release tag
    "github:ShmuggingFace/ShmuggingFaceCore#v1.0.0"
- package-lock.json (new): lockfile pinning the resolved SHA
- scripts/build_shmuggingface_site.py: ensure_smf_core() now resolves via
  node_modules/@shmuggingface/core (npm install path) as the canonical source;
  --smf-core PATH override kept for local dev; git-clone-to-/tmp fallback
  removed in favour of a clear error pointing at npm install.
  Logs 'Using npm-installed @shmuggingface/core vX.Y.Z' for traceability.
- .gitignore: add node_modules/ (package.json + lock are committed, not the tree)

Site rebuilt from v1.0.0 and redeployed to:
  https://leadforge-lead-scoring-v1-preview.pages.dev
Both HF-style (12 pages) and Kaggle-style (12 pages) mocks confirmed present.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitignore                          |  6 +++-
 package-lock.json                   | 27 +++++++++++++++
 package.json                        | 12 +++++++
 scripts/build_shmuggingface_site.py | 52 ++++++++++++++++++-----------
 4 files changed, 76 insertions(+), 21 deletions(-)
 create mode 100644 package-lock.json
 create mode 100644 package.json

diff --git a/.gitignore b/.gitignore
index 9c2eecd..7f8bad7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -240,7 +240,11 @@ release/huggingface-instructor/*
 # and is checked into git separately.
 release/_preview/
 
-# Generated ShmuggingFace site output (PR 7.3) — config + dist built by
+# Generated ShmuggingFace site output (PR 7.2.2) — config + dist built by
 # scripts/build_shmuggingface_site.py; deployed to Cloudflare Pages.
 release/_shmuggingface/
 .wrangler/
+
+# Node tooling for ShmuggingFace preview (package.json + package-lock.json
+# are committed; node_modules/ is not).
+node_modules/
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..d810c69
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,27 @@
+{
+  "name": "leadforge-shmuggingface-tooling",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "leadforge-shmuggingface-tooling",
+      "dependencies": {
+        "@shmuggingface/core": "github:ShmuggingFace/ShmuggingFaceCore#v1.0.0"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/@shmuggingface/core": {
+      "version": "1.0.0",
+      "resolved": "git+ssh://git@github.com/ShmuggingFace/ShmuggingFaceCore.git#e319f9de7a06330ac910fd1bd5e8cf94048322e2",
+      "license": "MIT",
+      "bin": {
+        "shmuggingface": "bin/shmuggingface.mjs"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..da96d41
--- /dev/null
+++ b/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "leadforge-shmuggingface-tooling",
+  "private": true,
+  "description": "Node tooling for the LeadForge ShmuggingFace review site (not published to npm).",
+  "type": "module",
+  "dependencies": {
+    "@shmuggingface/core": "github:ShmuggingFace/ShmuggingFaceCore#v1.0.0"
+  },
+  "engines": {
+    "node": ">=20"
+  }
+}
diff --git a/scripts/build_shmuggingface_site.py b/scripts/build_shmuggingface_site.py
index e910f36..50fb67b 100644
--- a/scripts/build_shmuggingface_site.py
+++ b/scripts/build_shmuggingface_site.py
@@ -18,8 +18,9 @@
     Output directory for the generated static site.
     Default: ``release/_shmuggingface/dist``.
 --smf-core PATH
-    Path to a local ShmuggingFaceCore checkout.  If absent the repo is
-    cloned to ``/tmp/shmuggingface-core`` (and pulled on subsequent runs).
+    Path to a local ShmuggingFaceCore checkout.  Overrides the default,
+    which is the npm-installed package at ``node_modules/@shmuggingface/core``
+    (pinned to v1.0.0 via ``package.json``).  Run ``npm install`` first.
 --deploy
     Deploy the built site to Cloudflare Pages after building.
 --cf-env PATH
@@ -54,8 +55,8 @@
 TASK = "converted_within_90_days"
 
 GITHUB_BLOB_BASE = "https://github.com/leadforge-dev/leadforge/blob/main"
-SMF_CORE_REPO = "https://github.com/ShmuggingFace/ShmuggingFaceCore.git"
-SMF_CORE_CACHE = Path("/tmp/shmuggingface-core")
+# Pinned via package.json → package-lock.json; `npm install` resolves it.
+SMF_CORE_NPM = Path(__file__).parent.parent / "node_modules/@shmuggingface/core"
 DEFAULT_CF_ENV = Path.home() / ".config/adanim/cloudflare_api_token.env"
 DEFAULT_PROJECT = "leadforge-lead-scoring-v1-preview"
 
@@ -277,27 +278,35 @@ def write_config(site_config: dict, datasets: list[dict], config_path: Path) ->
 
 
 def ensure_smf_core(smf_core: Path | None) -> Path:
-    """Return path to a working ShmuggingFaceCore checkout, cloning if needed."""
+    """Return path to a working ShmuggingFaceCore installation.
+
+    Resolution order:
+    1. ``--smf-core PATH`` override (for local dev / CI with a custom checkout).
+    2. npm-installed package at ``node_modules/@shmuggingface/core`` — the
+       canonical path when ``npm install`` has been run from the repo root
+       (pinned to v1.0.0 via ``package.json`` / ``package-lock.json``).
+
+    Exits with an informative error if neither source is available.
+    """
     if smf_core is not None:
         entry = smf_core / "bin/shmuggingface.mjs"
         if not entry.exists():
             sys.exit(f"ShmuggingFaceCore entry point not found at {entry}")
         return smf_core
 
-    entry = SMF_CORE_CACHE / "bin/shmuggingface.mjs"
-    if SMF_CORE_CACHE.exists() and entry.exists():
-        print(f"  Updating ShmuggingFaceCore cache at {SMF_CORE_CACHE}", file=sys.stderr)
-        subprocess.run(
-            ["git", "-C", str(SMF_CORE_CACHE), "pull", "--quiet"],
-            check=False,
-        )
-    else:
-        print(f"  Cloning ShmuggingFaceCore → {SMF_CORE_CACHE}", file=sys.stderr)
-        subprocess.run(
-            ["git", "clone", "--depth=1", SMF_CORE_REPO, str(SMF_CORE_CACHE)],
-            check=True,
-        )
-    return SMF_CORE_CACHE
+    entry = SMF_CORE_NPM / "bin/shmuggingface.mjs"
+    if entry.exists():
+        pkg = SMF_CORE_NPM / "package.json"
+        version = json.loads(pkg.read_text()).get("version", "unknown")
+        print(f"  Using npm-installed @shmuggingface/core v{version}", file=sys.stderr)
+        return SMF_CORE_NPM
+
+    sys.exit(
+        "ShmuggingFaceCore not found.\n"
+        f"  Expected npm installation at: {SMF_CORE_NPM}\n"
+        "  Run `npm install` from the repo root to install the pinned v1.0.0 release,\n"
+        "  or pass --smf-core PATH to a local checkout."
+    )
 
 
 # ---------------------------------------------------------------------------
@@ -410,7 +419,10 @@ def main() -> None:
         type=Path,
         default=None,
         metavar="PATH",
-        help="Path to a local ShmuggingFaceCore checkout (auto-cloned if absent)",
+        help=(
+            "Path to a local ShmuggingFaceCore checkout "
+            "(default: node_modules/@shmuggingface/core from `npm install`)"
+        ),
     )
     parser.add_argument(
         "--deploy",

From 0a19970cfa940040cc464d3dc7c02ef80352455d Mon Sep 17 00:00:00 2001
From: Shay Palachy <shaypal5@users.noreply.github.com>
Date: Mon, 25 May 2026 00:04:45 +0300
Subject: [PATCH 4/4] fix(scripts): include tier in dataset subset notation

subsets was hardcoded to 'leadforge-lead-scoring-v1' for all three tiers,
making the HF Dataset Viewer's Subset dropdown show the same name regardless
of which tier page you were on.  Now each tier gets its own suffixed name:
  leadforge-lead-scoring-v1-intro
  leadforge-lead-scoring-v1-intermediate
  leadforge-lead-scoring-v1-advanced

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 scripts/build_shmuggingface_site.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/build_shmuggingface_site.py b/scripts/build_shmuggingface_site.py
index 50fb67b..32d5473 100644
--- a/scripts/build_shmuggingface_site.py
+++ b/scripts/build_shmuggingface_site.py
@@ -235,7 +235,7 @@ def kb(path: Path) -> str:
         "language": "English",
         "rowCount": n_leads,
         "splits": ["train", "valid", "test"],
-        "subsets": ["leadforge-lead-scoring-v1"],
+        "subsets": [f"leadforge-lead-scoring-v1-{tier}"],
         "coverImage": cover_rel,
         "descriptionHtml": readme_html,
         "tags": [