@appsforgood/next-supabase-kit 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. package/CHANGELOG.md +31 -1
  2. package/DOGFOOD.md +1 -1
  3. package/README.md +24 -7
  4. package/REPOSITORY_SETTINGS.md +2 -1
  5. package/SUPPLY_CHAIN.md +5 -5
  6. package/UPGRADE.md +14 -10
  7. package/antigravity/commands/audit.toml +16 -0
  8. package/antigravity/commands/copy.toml +16 -0
  9. package/antigravity/commands/frontend.toml +17 -0
  10. package/antigravity/commands/handoff.toml +16 -0
  11. package/antigravity/commands/plan.toml +18 -0
  12. package/antigravity/commands/security.toml +16 -0
  13. package/antigravity/commands/setup.toml +16 -0
  14. package/antigravity/commands/ship.toml +17 -0
  15. package/antigravity/commands/upgrade.toml +17 -0
  16. package/antigravity/plugin.json +58 -0
  17. package/assistant-adapters/README.md +1 -0
  18. package/assistant-adapters/antigravity.md +56 -0
  19. package/assistant-adapters/claude-code-subagents.md +1 -1
  20. package/assistant-adapters/codex-agents.md +2 -1
  21. package/assistant-adapters/cursor-agent-kit.mdc +2 -2
  22. package/assistant-adapters/github-copilot-instructions.md +1 -1
  23. package/assistant-adapters/github-next-supabase.instructions.md +1 -1
  24. package/dist/index.js +3956 -1105
  25. package/dist/index.js.map +1 -1
  26. package/dist/studio/office/assets/office.css +551 -0
  27. package/dist/studio/office/assets/office.js +1105 -0
  28. package/dist/studio/wizard/assets/wizard.css +525 -0
  29. package/dist/studio/wizard/assets/wizard.js +692 -0
  30. package/examples/next-supabase-installed/.agent-kit/manifest.json +13 -12
  31. package/examples/next-supabase-installed/.agent-kit/model-routing.json +7 -0
  32. package/examples/next-supabase-installed/README.md +3 -3
  33. package/examples/next-supabase-installed/audit-output.json +24 -7
  34. package/examples/next-supabase-installed/tree.txt +6 -0
  35. package/model-routing/default-model-routing.json +7 -0
  36. package/package.json +13 -5
  37. package/runtime-skills/README.md +7 -0
  38. package/runtime-skills/accessibility-wcag/SKILL.md +8 -0
  39. package/runtime-skills/agent-handoff-tracing/SKILL.md +8 -0
  40. package/runtime-skills/best-practice-maturity-review/SKILL.md +8 -0
  41. package/runtime-skills/content-first-design/SKILL.md +8 -0
  42. package/runtime-skills/conversion-copywriting/SKILL.md +8 -0
  43. package/runtime-skills/deployment-observability/SKILL.md +8 -0
  44. package/runtime-skills/docs-maintainer/SKILL.md +8 -0
  45. package/runtime-skills/frontend-design-system/SKILL.md +8 -0
  46. package/runtime-skills/frontend-distinctiveness-benchmark/SKILL.md +8 -0
  47. package/runtime-skills/frontend-product-quality-rubric/SKILL.md +8 -0
  48. package/runtime-skills/landing-page-copy/SKILL.md +8 -0
  49. package/runtime-skills/nextjs-app-router/SKILL.md +8 -0
  50. package/runtime-skills/onboarding-empty-state-copy/SKILL.md +8 -0
  51. package/runtime-skills/owasp-security-review/SKILL.md +8 -0
  52. package/runtime-skills/planning-council/SKILL.md +8 -0
  53. package/runtime-skills/positioning-messaging/SKILL.md +8 -0
  54. package/runtime-skills/postgres-migrations/SKILL.md +8 -0
  55. package/runtime-skills/product-voice-tone/SKILL.md +8 -0
  56. package/runtime-skills/reference-led-design-critique/SKILL.md +8 -0
  57. package/runtime-skills/supabase-auth-rls/SKILL.md +8 -0
  58. package/runtime-skills/testing-qa/SKILL.md +8 -0
  59. package/runtime-skills/upgrade-maintenance/SKILL.md +8 -0
  60. package/runtime-skills/visual-regression-qa/SKILL.md +8 -0
  61. package/schemas/onboarding-state.schema.json +33 -0
  62. package/templates/next-supabase/.github/workflows/agent-kit-audit.yml +35 -0
  63. package/templates/next-supabase/AGENTS.md +1 -1
  64. package/templates/next-supabase/ASSISTANT_ADAPTERS.md +21 -3
  65. package/templates/next-supabase/CLAUDE.md +39 -0
  66. package/templates/next-supabase/DECISIONS.md +14 -0
  67. package/templates/next-supabase/DOCS.md +4 -0
  68. package/templates/next-supabase/MODEL_ROUTING.md +12 -0
  69. package/templates/next-supabase/QUALITY_GATES.md +4 -0
  70. package/templates/next-supabase/SPEC.md +2 -0
  71. package/templates/next-supabase/TESTING.md +3 -0
  72. package/templates/next-supabase/UPGRADE.md +8 -4
package/CHANGELOG.md CHANGED
@@ -1,5 +1,35 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.1.3
4
+
5
+ - Added Antigravity runtime adapter support with `agent-kit init --activate antigravity`, `antigravity/plugin.json`, native `/setup`, `/audit`, `/plan`, `/handoff`, `/frontend`, `/security`, `/copy`, `/ship`, and `/upgrade` command files, and portable `runtime-skills/*/SKILL.md` wrappers.
6
+ - Added `agent-kit adapter validate` and `agent-kit package validate` so runtime adapter assets, package allowlists, portable skills, examples, and source-package audit behavior are release-gated.
7
+ - Fixed package-source audit mode so the source repository validates shipped templates and package assets without requiring installed-project root docs such as `AGENTS.md` or `.agent-kit/manifest.json`.
8
+ - Updated development dependencies for TypeScript 6 and Node 25 type coverage, while preserving the package runtime floor at Node 20.
9
+ - Hardened GitHub CI by keeping OpenSSF Scorecard write scopes at job level and documenting Dependency Review's dependency-graph requirement.
10
+ - Updated `actions/upload-artifact` to v7 in release and research workflows to avoid the GitHub Actions Node 20 runtime deprecation window.
11
+ - Added an `esbuild` override to clear the release-gate dependency audit without downgrading `tsup`.
12
+ - Hardened npm Trusted Publishing by scrubbing inherited `NODE_AUTH_TOKEN` state and publishing with a token-free npm config.
13
+ - Added **`agent-kit init --activate`** for Claude Code (`.claude/agents/*.md`, `CLAUDE.md`), Copilot (`.github/copilot-instructions.md`), and Codex (`.codex/config.toml`) IDE parity.
14
+ - Plain **`agent-kit init`** now always creates `.agent-kit/project-context.json` and ships `.github/workflows/agent-kit-audit.yml`.
15
+ - Added code-aware audit tier (`project-reality` vs `docs-hygiene`): Supabase migration RLS parsing, test-script verification, and secret-pattern scanning.
16
+ - Added **`agent-kit session checkpoint --file`** batch API for council evidence logging.
17
+ - Reference `.agent-kit/agent-briefs.md` in all assistant adapters.
18
+ - Release workflow publishes through npm Trusted Publishing/OIDC without `NODE_AUTH_TOKEN`, avoiding OTP-bound token automation.
19
+
20
+ ## 0.1.2
21
+
22
+ - Added pixel **Agent Office** as the default `agent-kit setup` view with canvas agents, break-room amenities (coffee, water cooler), agent movement, and high-res floor rendering.
23
+ - Added local setup wizard form fallback at `/wizard`, progressive depth (Quick/Standard/Complete), resume state, and agent briefing drafts.
24
+ - Fixed setup routing so `/setup` serves the office; added form-to-office navigation, port-in-use CLI warnings, and `data-view` markers for debugging.
25
+ - Added **`agent-kit studio serve`** — localhost live session viewer with SSE event stream, speech bubbles, and transcript panel reusing the office canvas.
26
+
27
+ ## 0.1.1
28
+
29
+ - Completed npm package rename from `@agent-skills/next-supabase-kit` to `@appsforgood/next-supabase-kit` across CLI defaults, shipped docs, templates, examples, tests, and release scripts.
30
+ - Fixed Windows post-publish verification to use `npm exec -- agent-kit` so public install checks work with an isolated npm cache.
31
+ - Regenerated committed install examples and audit output for the `@appsforgood` package identity.
32
+
3
33
  ## 0.1.0
4
34
 
5
35
  - Initial public package scaffold.
@@ -15,7 +45,7 @@
15
45
  - Fixed package bin metadata so `agent-kit` is preserved during npm publish.
16
46
  - Replaced publish-token CI authentication with npm Trusted Publishing and optional read-token install verification.
17
47
  - Added a Planner agent, Planning and Agent Council skill, and machine-readable default council roster enforced by audit.
18
- - Rebranded package for public OSS as `@agent-skills/next-supabase-kit` with MIT license, citation policy, and public-readiness tests.
48
+ - Rebranded package for public OSS as `@appsforgood/next-supabase-kit` with MIT license, citation policy, and public-readiness tests.
19
49
  - Added content-first design, visual QA, schema-backed council traceability, and public OSS repo-health hardening.
20
50
  - Added issue forms, PR template, CODEOWNERS, Dependabot, CodeQL, support, conduct, governance docs, and repo-health research signals.
21
51
  - Added label source of truth, PR labeler workflow, and repository-settings checklist for branch protection, release environment, private vulnerability reporting, and required labels.
package/DOGFOOD.md CHANGED
@@ -72,7 +72,7 @@ Result: passed locally on Windows after assistant adapter install on init, basel
72
72
  | Install smoke | IDE adapter rules installed, `baseline-setup`, 0 failures |
73
73
  | Agent Studio smoke | `baseline-setup`, 0 failures |
74
74
  | Baseline audit gate smoke | `baseline-setup`, 0 failures |
75
- | npm pack dry run | `@agent-skills/next-supabase-kit@0.1.0` tarball validated |
75
+ | npm pack dry run | `@appsforgood/next-supabase-kit@0.1.1` tarball validated |
76
76
 
77
77
  Remaining publish action: execute [PUBLISH.md](PUBLISH.md), then run `npm run publish:verify`.
78
78
 
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Agent Skills Next/Supabase Kit
2
2
 
3
- `@agent-skills/next-supabase-kit` installs an agent operating system for Next.js + Supabase projects.
3
+ `@appsforgood/next-supabase-kit` installs an agent operating system for Next.js + Supabase projects.
4
4
 
5
5
  It gives agentic coders a default council roster, reusable skills, handoff rules, model-routing guidance, markdown docs, frontend design gates, Supabase/RLS security checks, upgrade workflows, and audit commands.
6
6
 
@@ -17,9 +17,18 @@ It also includes a local Agent Studio workflow: project context, durable human c
17
17
  Use this in a Next.js + Supabase project after the public package is available on npm:
18
18
 
19
19
  ```bash
20
- npx @agent-skills/next-supabase-kit init --stack next-supabase
21
- npx @agent-skills/next-supabase-kit audit
22
- npx @agent-skills/next-supabase-kit audit --min-readiness baseline-setup
20
+ npx @appsforgood/next-supabase-kit init --stack next-supabase --setup --open
21
+ npx @appsforgood/next-supabase-kit audit
22
+ npx @appsforgood/next-supabase-kit audit --min-readiness baseline-setup
23
+ ```
24
+
25
+ After install, the **Agent Office** setup view teaches agents about your project (~10 min). Resume anytime:
26
+
27
+ ```bash
28
+ npx @appsforgood/next-supabase-kit setup --open
29
+ npx @appsforgood/next-supabase-kit setup --status
30
+ npx @appsforgood/next-supabase-kit init --activate antigravity
31
+ npx @appsforgood/next-supabase-kit adapter validate antigravity
23
32
  ```
24
33
 
25
34
  The installer preserves existing docs. If a file already exists and differs from the template, the new version is written to `.agent-kit/conflicts/` for review.
@@ -64,6 +73,7 @@ For meaningful multi-agent work, record the decision, risk, next handoff, requir
64
73
  For local Agent Studio sessions, use:
65
74
 
66
75
  ```bash
76
+ agent-kit setup
67
77
  agent-kit init --guided
68
78
  agent-kit context validate
69
79
  agent-kit session start "Build checkout flow" --workflow frontend-change
@@ -108,8 +118,9 @@ The `.agent-kit/` folder includes:
108
118
  - `model-routing.json` for provider-neutral model profile routing.
109
119
  - `project-context.json`, `project-context.md`, `corrections/`, and `council-sessions/` for local Agent Studio context, correction rules, session events, and rendered transcripts.
110
120
  - `schemas/` for agent roster, council-session, model-routing, project context, correction rules, session events, studio sessions, and audit-report contracts.
111
- - `agents/`, `skills/`, `prompts/`, and `checklists/`.
112
- - `assistant-adapters/` for Codex/AGENTS.md-compatible tools, GitHub Copilot/VS Code, Cursor, and Claude Code.
121
+ - `agents/`, `skills/`, `runtime-skills/`, `prompts/`, and `checklists/`.
122
+ - `assistant-adapters/` for Codex/AGENTS.md-compatible tools, GitHub Copilot/VS Code, Cursor, Claude Code, and Antigravity.
123
+ - `antigravity/` for native command and plugin assets.
113
124
  - `design-briefs/` for SaaS, admin, marketplace, content, tool, ecommerce, portfolio/venue, education, community/social, and AI workflow surfaces.
114
125
  - `profiles/` for product-type and adjacent-stack adaptation.
115
126
 
@@ -119,6 +130,8 @@ The `.agent-kit/` folder includes:
119
130
  agent-kit audit
120
131
  agent-kit audit --json
121
132
  agent-kit audit --min-readiness baseline-setup
133
+ agent-kit adapter validate antigravity
134
+ agent-kit package validate
122
135
  agent-kit context init
123
136
  agent-kit session start "Short task name"
124
137
  agent-kit session output "verification evidence" --status complete --evidence "npm test"
@@ -147,6 +160,8 @@ Agent Kit separates the mechanisms that make AI coding repeatable:
147
160
  - Instructions: `AGENTS.md`, assistant adapters, and IDE-specific rule files.
148
161
  - Roster: `.agent-kit/agent-roster.json` chooses agents, workflows, and handoffs.
149
162
  - Skills: `.agent-kit/skills/` keeps specialist workflows reusable.
163
+ - Runtime commands: Antigravity `commands/*.toml` expose `/setup`, `/audit`, `/plan`, `/handoff`, `/frontend`, `/security`, `/copy`, `/ship`, and `/upgrade` as native adapter entrypoints.
164
+ - Portable skills: `runtime-skills/*/SKILL.md` wraps canonical `skills/*.md` files for runtimes that discover skill directories.
150
165
  - Model routing: `MODEL_ROUTING.md` and `.agent-kit/model-routing.json` map agents to model profiles.
151
166
  - Messaging: `MESSAGING.md` records audience, pain, outcome, proof, objections, voice, and conversion evidence for public-facing copy.
152
167
  - Local Agent Studio: `.agent-kit/project-context.*`, `.agent-kit/corrections/*.json`, and `.agent-kit/council-sessions/*` keep context, corrections, decisions, handoffs, required-output status, artifacts, verification, and rendered Markdown transcripts local.
@@ -155,6 +170,8 @@ Agent Kit separates the mechanisms that make AI coding repeatable:
155
170
 
156
171
  Some IDEs can partially enforce model settings; others only let project files advise the user. The kit records that difference instead of pretending every tool can force per-agent model selection.
157
172
 
173
+ Runtime command files are adapters only. `AGENTS.md`, `.agent-kit/agent-roster.json`, `QUALITY_GATES.md`, and Agent Studio session evidence remain the canonical operating model.
174
+
158
175
  ## Frontend Quality Bar
159
176
 
160
177
  The kit is intentionally strict about frontend work because normal AI output often looks generic.
@@ -226,7 +243,7 @@ Detailed per-repo findings are committed for repository development, but the pub
226
243
  Public package name:
227
244
 
228
245
  ```text
229
- @agent-skills/next-supabase-kit
246
+ @appsforgood/next-supabase-kit
230
247
  ```
231
248
 
232
249
  Release expectations:
@@ -33,10 +33,11 @@ Create environment `npm-publish` with:
33
33
  - Deployment branches restricted to `main` and release events.
34
34
  - No npm publish token secret for the trusted-publishing flow.
35
35
  - Any legacy npm token secrets deleted after Trusted Publishing is confirmed.
36
+ - Optional fallback: a maintainer npm publish token secret on the `npm-publish` environment when trusted publishing returns 404 on PUT.
36
37
 
37
38
  The npm trusted publisher must match:
38
39
 
39
- - Package: `@agent-skills/next-supabase-kit`
40
+ - Package: `@appsforgood/next-supabase-kit`
40
41
  - Provider: GitHub Actions
41
42
  - Repository: `lukey662/agentsandskills`
42
43
  - Workflow: `release.yml`
package/SUPPLY_CHAIN.md CHANGED
@@ -4,7 +4,7 @@ This package is intended for public npm distribution and downstream project boot
4
4
 
5
5
  ## Publish Identity
6
6
 
7
- - Public package: `@agent-skills/next-supabase-kit`.
7
+ - Public package: `@appsforgood/next-supabase-kit`.
8
8
  - Publish path: GitHub Actions release workflow through npm Trusted Publishing.
9
9
  - Authentication: OIDC trusted publisher, not a long-lived npm automation token.
10
10
  - Environment: `npm-publish`.
@@ -28,10 +28,10 @@ Before publish:
28
28
 
29
29
  After publish:
30
30
 
31
- - `npm view @agent-skills/next-supabase-kit@<version> version`
32
- - `npx --yes @agent-skills/next-supabase-kit@<version> doctor`
33
- - `npx --yes @agent-skills/next-supabase-kit@<version> init --stack next-supabase` in a clean temp project
34
- - `npx --yes @agent-skills/next-supabase-kit@<version> audit --json` with zero failures
31
+ - `npm view @appsforgood/next-supabase-kit@<version> version`
32
+ - `npx --yes @appsforgood/next-supabase-kit@<version> doctor`
33
+ - `npx --yes @appsforgood/next-supabase-kit@<version> init --stack next-supabase` in a clean temp project
34
+ - `npx --yes @appsforgood/next-supabase-kit@<version> audit --json` with zero failures
35
35
 
36
36
  The release workflow and `npm run publish:verify` both use `scripts/post-publish-verify.mjs` for this post-publish verification path.
37
37
 
package/UPGRADE.md CHANGED
@@ -16,19 +16,21 @@ Before publishing a new package version:
16
16
  1. Update `CHANGELOG.md` with user-visible changes, migration notes, and deprecations.
17
17
  2. Update `ROADMAP.md` and `BEST_PRACTICE_EVIDENCE.md` when a research finding becomes enforced behavior.
18
18
  3. Run `npm run release:check`.
19
- 4. Confirm the pack dry run includes only public-safe files.
20
- 5. Publish through npm Trusted Publishing.
21
- 6. Verify public install with `npx @agent-skills/next-supabase-kit`.
19
+ 4. Run `agent-kit package validate` from the source repository when runtime adapter or package assets changed.
20
+ 5. Confirm the pack dry run includes only public-safe files.
21
+ 6. Publish through npm Trusted Publishing.
22
+ 7. Verify public install with `npx @appsforgood/next-supabase-kit`.
22
23
 
23
24
  ## Downstream Upgrade Checklist
24
25
 
25
26
  From a downstream project:
26
27
 
27
28
  ```bash
28
- npx @agent-skills/next-supabase-kit@latest doctor
29
- npx @agent-skills/next-supabase-kit@latest diff
30
- npx @agent-skills/next-supabase-kit@latest update
31
- npx @agent-skills/next-supabase-kit@latest audit --min-readiness baseline-setup
29
+ npx @appsforgood/next-supabase-kit@latest doctor
30
+ npx @appsforgood/next-supabase-kit@latest diff
31
+ npx @appsforgood/next-supabase-kit@latest update
32
+ npx @appsforgood/next-supabase-kit@latest adapter validate antigravity
33
+ npx @appsforgood/next-supabase-kit@latest audit --min-readiness baseline-setup
32
34
  ```
33
35
 
34
36
  The package includes an older-install regression fixture that exercises this path. The fixture proves update preserves customized docs, writes conflict templates, installs new current baseline docs and `.agent-kit/` assets, then audits with zero failures.
@@ -38,7 +40,7 @@ The package includes an older-install regression fixture that exercises this pat
38
40
  For mature projects, raise the gate after local evidence is updated:
39
41
 
40
42
  ```bash
41
- npx @agent-skills/next-supabase-kit@latest audit --min-readiness best-practice-candidate
43
+ npx @appsforgood/next-supabase-kit@latest audit --min-readiness best-practice-candidate
42
44
  ```
43
45
 
44
46
  ## Review Order
@@ -48,8 +50,9 @@ npx @agent-skills/next-supabase-kit@latest audit --min-readiness best-practice-c
48
50
  3. Check `.agent-kit/conflicts/` before accepting template updates.
49
51
  4. Preserve valid local customizations in `.agent-kit/overrides.json`.
50
52
  5. Review `AGENTS.md`, `AGENT_ROSTER.md`, `ASSISTANT_ADAPTERS.md`, `MODEL_ROUTING.md`, `COUNCIL.md`, `QUALITY_GATES.md`, `SECURITY.md`, `TESTING.md`, `DEPLOYMENT.md`, and this file.
51
- 6. Run project tests and release checks before merging.
52
- 7. Record any accepted deviations in `DECISIONS.md`.
53
+ 6. If using Antigravity, review `.antigravity/agent-kit/plugin.json`, `.antigravity/agent-kit/commands/*.toml`, and `.antigravity/runtime-skills/*/SKILL.md`.
54
+ 7. Run project tests and release checks before merging.
55
+ 8. Record any accepted deviations in `DECISIONS.md`.
53
56
 
54
57
  ## Next.js And Supabase Stack Upgrades
55
58
 
@@ -74,4 +77,5 @@ Keep rollback evidence next to the upgrade:
74
77
 
75
78
  | Date | From | To | Scope | Evidence | Owner |
76
79
  | --- | --- | --- | --- | --- | --- |
80
+ | 2026-06-14 | TypeScript 5 / Node 22 types | TypeScript 6 / Node 25 types | Dev dependency update for package validation and CI parity | `npm run typecheck`, `npm test`, `npm audit --audit-level=moderate` | Maintainers |
77
81
  | TBD | TBD | TBD | TBD | TBD | TBD |
@@ -0,0 +1,16 @@
1
+ name = "audit"
2
+ description = "Run the Agent Kit maturity audit and convert findings into concrete follow-up work."
3
+
4
+ prompt = """
5
+ Run the Agent Kit audit workflow.
6
+
7
+ Canonical sources: QUALITY_GATES.md, AGENTS.md, .agent-kit/agent-roster.json, SPEC.md, SECURITY.md, TESTING.md, DEPLOYMENT.md, and ASSISTANT_ADAPTERS.md.
8
+
9
+ Workflow:
10
+ 1. Run `agent-kit audit --json`.
11
+ 2. Classify failures before warnings.
12
+ 3. Map each finding to the responsible council role.
13
+ 4. Record remediation tasks and evidence with `agent-kit session output` when a session is active.
14
+
15
+ Required outputs: readiness level, failures, warnings, owner/council role, remediation order, verification command.
16
+ """
@@ -0,0 +1,16 @@
1
+ name = "copy"
2
+ description = "Route public-facing and conversion-facing copy through messaging and proof gates."
3
+
4
+ prompt = """
5
+ Run the marketing-copy workflow.
6
+
7
+ Canonical sources: MESSAGING.md, DESIGN.md, QUALITY_GATES.md, .agent-kit/agent-roster.json, .agent-kit/skills/positioning-messaging.md, and .agent-kit/skills/conversion-copywriting.md.
8
+
9
+ Workflow:
10
+ 1. Start with Marketing Copy Lead for public-facing, onboarding, pricing, CTA, landing, empty-state, or conversion-facing copy.
11
+ 2. Confirm audience, pain, outcome, differentiator, proof, objections, voice, and conversion goal.
12
+ 3. Mark unsupported claims as assumptions.
13
+ 4. Handoff accepted copy to Frontend Design Lead for hierarchy and layout fit.
14
+
15
+ Required outputs: audience, problem/pain/outcome, value proposition, proof, objections, voice/tone, CTA hierarchy, risky-claim review.
16
+ """
@@ -0,0 +1,17 @@
1
+ name = "frontend"
2
+ description = "Route frontend work through content-first design, accessibility, and visual QA gates."
3
+
4
+ prompt = """
5
+ Run the frontend-change workflow.
6
+
7
+ Canonical sources: DESIGN.md, STYLE_GUIDE.md, MESSAGING.md, QUALITY_GATES.md, .agent-kit/agent-roster.json, .agent-kit/design-briefs/, .agent-kit/prompts/screenshot-review.md, and .agent-kit/skills/frontend-design-system.md.
8
+
9
+ Workflow:
10
+ 1. Start with Frontend Design Lead before implementation.
11
+ 2. Confirm brand/content intake, user needs, real content, creative direction, references, anti-references, and source-safety notes.
12
+ 3. Require distinctiveness benchmark and product-quality scorecard for significant UI.
13
+ 4. Preserve WCAG 2.1 AA, keyboard flow, responsive states, and loading/error/empty/success states.
14
+ 5. Record visual QA and accessibility evidence with `agent-kit session output`.
15
+
16
+ Required outputs: design direction, reference evidence, product-specific UI rationale, state coverage, accessibility checks, desktop/mobile visual QA.
17
+ """
@@ -0,0 +1,16 @@
1
+ name = "handoff"
2
+ description = "Record durable Agent Studio handoff evidence between council roles."
3
+
4
+ prompt = """
5
+ Run the Agent Kit handoff workflow.
6
+
7
+ Canonical sources: COUNCIL.md, .agent-kit/council-sessions/, .agent-kit/schemas/session-event.schema.json, AGENT_ROSTER.md, and .agent-kit/agent-roster.json.
8
+
9
+ Workflow:
10
+ 1. Identify source agent, target agent, decision, risk, and evidence.
11
+ 2. Use `agent-kit session handoff --from <agent> --to <agent> --decision <decision> --risk <risk> --evidence <evidence>`.
12
+ 3. Mark required outputs with `agent-kit session output`.
13
+ 4. Run `agent-kit session render`.
14
+
15
+ Required outputs: source agent, target agent, decision, risk, evidence path, required-output status, rendered session path.
16
+ """
@@ -0,0 +1,18 @@
1
+ name = "plan"
2
+ description = "Create an implementation-ready Agent Kit plan through Planner and Lead Architect routing."
3
+
4
+ prompt = """
5
+ Run the planning workflow.
6
+
7
+ Canonical sources: AGENTS.md, AGENT_ROSTER.md, .agent-kit/agent-roster.json, MODEL_ROUTING.md, .agent-kit/model-routing.json, .agent-kit/project-context.md, .agent-kit/corrections/project-rules.json, COUNCIL.md, and QUALITY_GATES.md.
8
+
9
+ Workflow:
10
+ 1. Start with Planner.
11
+ 2. Name the active workflow and maturity target from QUALITY_GATES.md.
12
+ 3. Map affected layers: data, business logic, presentation, auth, deployment, docs, and tests.
13
+ 4. Name preserved behavior and compatibility constraints.
14
+ 5. Route core changes through Lead Architect before implementation.
15
+ 6. Record decision, risk, next handoff, and required outputs with `agent-kit session ...` when available.
16
+
17
+ Required outputs: goal, affected layers, preserved capabilities, implementation sequence, risks, tests, docs, handoffs, acceptance criteria.
18
+ """
@@ -0,0 +1,16 @@
1
+ name = "security"
2
+ description = "Run OWASP, auth, RLS, dependency, secret, and external-call review before acceptance."
3
+
4
+ prompt = """
5
+ Run the security-review workflow.
6
+
7
+ Canonical sources: SECURITY.md, .agent-kit/checklists/owasp.md, .agent-kit/checklists/rls.md, .agent-kit/skills/owasp-security-review.md, AGENTS.md, and .agent-kit/agent-roster.json.
8
+
9
+ Workflow:
10
+ 1. Route through Security Reviewer for auth, RLS, API, Server Action, data mutation, dependency, secret, external-call, upload, or release-risk changes.
11
+ 2. Check OWASP Top 10, IDOR, SSRF, injection, broken auth, unsafe output rendering, secret leakage, and vulnerable dependencies.
12
+ 3. Verify service-role access stays server-only.
13
+ 4. Record findings with severity, exploit path, affected behavior, and remediation.
14
+
15
+ Required outputs: reviewed boundaries, findings, severity, exploit path, mitigation, negative authorization tests or skipped rationale.
16
+ """
@@ -0,0 +1,16 @@
1
+ name = "setup"
2
+ description = "Onboard the project into Agent Kit context and verify runtime adapter setup."
3
+
4
+ prompt = """
5
+ Run Agent Kit setup as a runtime command.
6
+
7
+ Canonical sources: AGENTS.md, AGENT_ROSTER.md, .agent-kit/agent-roster.json, MODEL_ROUTING.md, .agent-kit/model-routing.json, QUALITY_GATES.md, and ASSISTANT_ADAPTERS.md.
8
+
9
+ Workflow:
10
+ 1. Run or recommend `agent-kit setup --open` when project context is missing.
11
+ 2. Validate context with `agent-kit context validate`.
12
+ 3. Confirm adapter evidence in ASSISTANT_ADAPTERS.md.
13
+ 4. Record setup evidence in an Agent Studio session when meaningful work starts.
14
+
15
+ Required outputs: project context status, active IDE/runtime surface, model-selection status, remaining setup gaps, verification command.
16
+ """
@@ -0,0 +1,17 @@
1
+ name = "ship"
2
+ description = "Make a GO/NO-GO release call from council, security, QA, docs, deployment, and rollback evidence."
3
+
4
+ prompt = """
5
+ Run the ship workflow.
6
+
7
+ Canonical sources: QUALITY_GATES.md, TESTING.md, SECURITY.md, DEPLOYMENT.md, UPGRADE.md, COUNCIL.md, .agent-kit/council-sessions/, and .agent-kit/agent-roster.json.
8
+
9
+ Workflow:
10
+ 1. Confirm implementation scope and preserved behavior.
11
+ 2. Require code review, Security Reviewer signoff, QA/test evidence, accessibility evidence when UI changed, docs evidence, deployment/observability review, and rollback plan.
12
+ 3. Run the project release gate, normally `npm run release:check` for this package or the project-specific equivalent.
13
+ 4. Record verification with `agent-kit session verify`.
14
+ 5. Return GO only when required outputs are complete or explicitly not-applicable.
15
+
16
+ Required outputs: code review, security review, QA/test review, accessibility/doc/deployment checks, rollback plan, release command, GO/NO-GO verdict.
17
+ """
@@ -0,0 +1,17 @@
1
+ name = "upgrade"
2
+ description = "Plan and verify Agent Kit, framework, dependency, and adapter upgrades with rollback evidence."
3
+
4
+ prompt = """
5
+ Run the upgrade-maintenance workflow.
6
+
7
+ Canonical sources: UPGRADE.md, CHANGELOG.md, DECISIONS.md, DEPLOYMENT.md, .agent-kit/skills/upgrade-maintenance.md, and QUALITY_GATES.md.
8
+
9
+ Workflow:
10
+ 1. Run `agent-kit diff` before accepting template changes.
11
+ 2. Preserve local overrides and review `.agent-kit/conflicts/`.
12
+ 3. Check framework release notes, codemods, migrations, generated types, RLS impact, and rollback risk when applicable.
13
+ 4. Run `agent-kit audit --min-readiness baseline-setup` after update.
14
+ 5. Record version, migration impact, verification, owner, and rollback evidence.
15
+
16
+ Required outputs: version change, conflict review, migration impact, generated files/types, audit result, rollback plan, owner/date.
17
+ """
@@ -0,0 +1,58 @@
1
+ {
2
+ "schemaVersion": 1,
3
+ "name": "agent-kit-next-supabase",
4
+ "displayName": "Agent Kit Next/Supabase",
5
+ "version": "0.1.3",
6
+ "description": "Runtime commands and portable skills for the Agent Kit Next/Supabase council workflow.",
7
+ "homepage": "https://github.com/lukey662/agentsandskills",
8
+ "sourceOfTruth": [
9
+ "AGENTS.md",
10
+ "AGENT_ROSTER.md",
11
+ ".agent-kit/agent-roster.json",
12
+ "MODEL_ROUTING.md",
13
+ ".agent-kit/model-routing.json",
14
+ "QUALITY_GATES.md",
15
+ "COUNCIL.md",
16
+ ".agent-kit/council-sessions/"
17
+ ],
18
+ "commands": [
19
+ { "name": "setup", "path": "commands/setup.toml" },
20
+ { "name": "audit", "path": "commands/audit.toml" },
21
+ { "name": "plan", "path": "commands/plan.toml" },
22
+ { "name": "handoff", "path": "commands/handoff.toml" },
23
+ { "name": "frontend", "path": "commands/frontend.toml" },
24
+ { "name": "security", "path": "commands/security.toml" },
25
+ { "name": "copy", "path": "commands/copy.toml" },
26
+ { "name": "ship", "path": "commands/ship.toml" },
27
+ { "name": "upgrade", "path": "commands/upgrade.toml" }
28
+ ],
29
+ "skills": [
30
+ { "name": "accessibility-wcag", "path": "../runtime-skills/accessibility-wcag/SKILL.md" },
31
+ { "name": "agent-handoff-tracing", "path": "../runtime-skills/agent-handoff-tracing/SKILL.md" },
32
+ { "name": "best-practice-maturity-review", "path": "../runtime-skills/best-practice-maturity-review/SKILL.md" },
33
+ { "name": "content-first-design", "path": "../runtime-skills/content-first-design/SKILL.md" },
34
+ { "name": "conversion-copywriting", "path": "../runtime-skills/conversion-copywriting/SKILL.md" },
35
+ { "name": "deployment-observability", "path": "../runtime-skills/deployment-observability/SKILL.md" },
36
+ { "name": "docs-maintainer", "path": "../runtime-skills/docs-maintainer/SKILL.md" },
37
+ { "name": "frontend-design-system", "path": "../runtime-skills/frontend-design-system/SKILL.md" },
38
+ { "name": "frontend-distinctiveness-benchmark", "path": "../runtime-skills/frontend-distinctiveness-benchmark/SKILL.md" },
39
+ { "name": "frontend-product-quality-rubric", "path": "../runtime-skills/frontend-product-quality-rubric/SKILL.md" },
40
+ { "name": "landing-page-copy", "path": "../runtime-skills/landing-page-copy/SKILL.md" },
41
+ { "name": "nextjs-app-router", "path": "../runtime-skills/nextjs-app-router/SKILL.md" },
42
+ { "name": "onboarding-empty-state-copy", "path": "../runtime-skills/onboarding-empty-state-copy/SKILL.md" },
43
+ { "name": "owasp-security-review", "path": "../runtime-skills/owasp-security-review/SKILL.md" },
44
+ { "name": "planning-council", "path": "../runtime-skills/planning-council/SKILL.md" },
45
+ { "name": "positioning-messaging", "path": "../runtime-skills/positioning-messaging/SKILL.md" },
46
+ { "name": "postgres-migrations", "path": "../runtime-skills/postgres-migrations/SKILL.md" },
47
+ { "name": "product-voice-tone", "path": "../runtime-skills/product-voice-tone/SKILL.md" },
48
+ { "name": "reference-led-design-critique", "path": "../runtime-skills/reference-led-design-critique/SKILL.md" },
49
+ { "name": "supabase-auth-rls", "path": "../runtime-skills/supabase-auth-rls/SKILL.md" },
50
+ { "name": "testing-qa", "path": "../runtime-skills/testing-qa/SKILL.md" },
51
+ { "name": "upgrade-maintenance", "path": "../runtime-skills/upgrade-maintenance/SKILL.md" },
52
+ { "name": "visual-regression-qa", "path": "../runtime-skills/visual-regression-qa/SKILL.md" }
53
+ ],
54
+ "validation": {
55
+ "agentKit": "agent-kit adapter validate antigravity",
56
+ "nativeOptional": "agy plugin validate"
57
+ }
58
+ }
@@ -21,6 +21,7 @@ Adapters should point back to those files. Do not maintain separate policy, secu
21
21
  - `github-next-supabase.instructions.md`: path-aware Copilot/VS Code instructions for Next.js and Supabase files.
22
22
  - `cursor-agent-kit.mdc`: Cursor project-rule template.
23
23
  - `claude-code-subagents.md`: Claude Code project subagent template guidance.
24
+ - `antigravity.md`: Antigravity plugin, command, runtime skill, and validation guidance.
24
25
  - `model-selection/`: dated setup examples for Codex, Claude Code, Cursor, and GitHub Copilot model routing.
25
26
 
26
27
  ## Activation Rule
@@ -0,0 +1,56 @@
1
+ # Antigravity Adapter
2
+
3
+ This adapter packages Agent Kit as native Antigravity-style plugin assets while keeping the Agent Kit council contract canonical.
4
+
5
+ ## Source Of Truth
6
+
7
+ - `AGENTS.md`
8
+ - `AGENT_ROSTER.md`
9
+ - `.agent-kit/agent-roster.json`
10
+ - `MODEL_ROUTING.md`
11
+ - `.agent-kit/model-routing.json`
12
+ - `.agent-kit/project-context.json`
13
+ - `.agent-kit/project-context.md`
14
+ - `.agent-kit/corrections/project-rules.json`
15
+ - `.agent-kit/corrections/agent-rules.json`
16
+ - `COUNCIL.md`
17
+ - `.agent-kit/council-sessions/`
18
+ - `QUALITY_GATES.md`
19
+
20
+ Runtime command files must wrap those files. Do not fork role definitions, security policy, frontend quality rules, release gates, or session evidence rules into command prompts.
21
+
22
+ ## Activation
23
+
24
+ ```bash
25
+ agent-kit init --activate antigravity
26
+ agent-kit adapter validate antigravity
27
+ ```
28
+
29
+ This installs:
30
+
31
+ - `.antigravity/agent-kit/plugin.json`
32
+ - `.antigravity/agent-kit/commands/*.toml`
33
+ - `.antigravity/runtime-skills/*/SKILL.md`
34
+ - `.antigravity/agent-kit/README.md`
35
+
36
+ If the `agy` CLI is available, teams may additionally run its native plugin validation. Agent Kit only requires structural validation because many projects will not have Antigravity installed locally.
37
+
38
+ ## Command Contract
39
+
40
+ Commands expose short runtime entrypoints:
41
+
42
+ - `/setup`
43
+ - `/audit`
44
+ - `/plan`
45
+ - `/handoff`
46
+ - `/frontend`
47
+ - `/security`
48
+ - `/copy`
49
+ - `/ship`
50
+ - `/upgrade`
51
+
52
+ Each command must load project context and correction rules when present, select the appropriate roster workflow, record required outputs with `agent-kit session output`, and render sessions when evidence changes.
53
+
54
+ ## Security
55
+
56
+ Do not place tokens, credentials, private URLs, database URLs, customer data, or hidden model reasoning in Antigravity plugin files, command files, or runtime skills.
@@ -24,7 +24,7 @@ name: planner
24
24
  description: Use for planning, phasing, scope breakdown, workflow routing, and council setup in this repository.
25
25
  ---
26
26
 
27
- Read `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` before making routing decisions.
27
+ Read `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` before making routing decisions.
28
28
 
29
29
  Start with the Planner workflow. For core changes, hand off to Lead Architect. For frontend changes, require Frontend Design Lead evidence. For auth, RLS, secrets, dependency, external-call, or release-risk changes, require Security Reviewer. Record meaningful decisions, risks, handoffs, human corrections, artifacts, evidence, and verification through Agent Studio session files when available.
30
30
  ```
@@ -11,6 +11,7 @@ Use `AGENTS.md` as the primary project instruction surface.
11
11
  - `.agent-kit/model-routing.json`
12
12
  - `.agent-kit/project-context.json`
13
13
  - `.agent-kit/project-context.md`
14
+ - `.agent-kit/agent-briefs.md` when present
14
15
  - `.agent-kit/corrections/project-rules.json`
15
16
  - `.agent-kit/corrections/agent-rules.json`
16
17
  - `COUNCIL.md`
@@ -23,7 +24,7 @@ When a task is planning-oriented, ambiguous, risky, frontend-facing, security-se
23
24
 
24
25
  Use `MODEL_ROUTING.md` to choose the model profile or reasoning effort for the active role. Exact model names belong in dated config comments, not in the role definitions.
25
26
 
26
- Before meaningful work, load project context and active correction rules. For meaningful handoffs, record visible decisions and evidence with `agent-kit session ...` commands, then run `agent-kit session render`.
27
+ Before meaningful work, load project context, agent briefs when present, and active correction rules. For meaningful handoffs, record visible decisions and evidence with `agent-kit session checkpoint --file <json>` or individual `agent-kit session ...` commands, then run `agent-kit session render`.
27
28
 
28
29
  ## Verification
29
30
 
@@ -7,7 +7,7 @@ alwaysApply: true
7
7
 
8
8
  # Agent Kit Cursor Rule
9
9
 
10
- Use `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth.
10
+ Use `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth.
11
11
 
12
12
  ## Routing
13
13
 
@@ -19,7 +19,7 @@ Use `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTI
19
19
  - Significant changes require living markdown updates.
20
20
  - Meaningful work should read project context and active corrections first.
21
21
  - Human corrections should be recorded before continuing and promoted to durable project or agent correction rules when they should affect future work.
22
- - Meaningful multi-agent work should use `agent-kit session ...` commands and render Markdown evidence when available.
22
+ - Meaningful multi-agent work should use `agent-kit session checkpoint --file <json>` or individual `agent-kit session ...` commands and render Markdown evidence when available.
23
23
 
24
24
  ## Validation
25
25
 
@@ -1,6 +1,6 @@
1
1
  # Repository Instructions
2
2
 
3
- This repository uses Agent Kit. Treat `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth for agent routing, project context, correction rules, model profiles, quality gates, and handoff evidence.
3
+ This repository uses Agent Kit. Treat `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth for agent routing, project context, correction rules, model profiles, quality gates, and handoff evidence.
4
4
 
5
5
  ## Workflows
6
6
 
@@ -4,7 +4,7 @@ applyTo: "app/**/*.{ts,tsx},src/app/**/*.{ts,tsx},pages/**/*.{ts,tsx},src/pages/
4
4
 
5
5
  # Next.js + Supabase Agent Kit Instructions
6
6
 
7
- Follow `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md`.
7
+ Follow `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md`.
8
8
 
9
9
  ## Next.js
10
10