@appsforgood/next-supabase-kit 0.1.0

package/examples/next-supabase-installed/.agent-kit/agent-roster.json

@@ -0,0 +1,228 @@
+{
+  "schemaVersion": 1,
+  "id": "next-supabase-default-council",
+  "stack": "next-supabase",
+  "required": true,
+  "defaultWorkflow": "planning",
+  "principle": "Planner routes work by default; Lead Architect convenes council for core changes before implementation.",
+  "agents": [
+    {
+      "id": "planner",
+      "name": "Planner",
+      "file": ".agent-kit/agents/planner.md",
+      "defaultFor": ["planning", "roadmap", "scope", "ambiguous-request", "handoff"],
+      "skills": ["planning-council", "best-practice-maturity-review", "agent-handoff-tracing", "docs-maintainer", "upgrade-maintenance"],
+      "handsOffTo": ["lead-architect", "frontend-design-lead", "qa-engineer", "docs-maintainer"]
+    },
+    {
+      "id": "lead-architect",
+      "name": "Lead Architect",
+      "file": ".agent-kit/agents/lead-architect.md",
+      "defaultFor": ["core-change", "architecture", "cross-layer-change", "technical-decision"],
+      "skills": [
+        "planning-council",
+        "best-practice-maturity-review",
+        "agent-handoff-tracing",
+        "nextjs-app-router",
+        "supabase-auth-rls",
+        "postgres-migrations",
+        "owasp-security-review",
+        "upgrade-maintenance"
+      ],
+      "handsOffTo": ["supabase-postgres-engineer", "nextjs-engineer", "security-reviewer", "qa-engineer", "docs-maintainer"]
+    },
+    {
+      "id": "supabase-postgres-engineer",
+      "name": "Supabase/Postgres Engineer",
+      "file": ".agent-kit/agents/supabase-postgres-engineer.md",
+      "defaultFor": ["schema", "migration", "rls", "auth", "storage", "sql"],
+      "skills": ["supabase-auth-rls", "postgres-migrations", "owasp-security-review"],
+      "handsOffTo": ["security-reviewer", "qa-engineer", "docs-maintainer", "deployment-observability-engineer"]
+    },
+    {
+      "id": "nextjs-engineer",
+      "name": "Next.js Engineer",
+      "file": ".agent-kit/agents/nextjs-engineer.md",
+      "defaultFor": ["app-router", "server-components", "route-handler", "server-action", "forms", "ui-state"],
+      "skills": ["nextjs-app-router", "content-first-design", "frontend-design-system", "accessibility-wcag", "testing-qa"],
+      "handsOffTo": ["frontend-design-lead", "security-reviewer", "qa-engineer", "docs-maintainer"]
+    },
+    {
+      "id": "frontend-design-lead",
+      "name": "Frontend Design Lead",
+      "file": ".agent-kit/agents/frontend-design-lead.md",
+      "defaultFor": [
+        "brand-content-intake",
+        "creative-direction",
+        "reference-led-critique",
+        "distinctiveness-benchmark",
+        "product-quality-scorecard",
+        "visual-design",
+        "component-system",
+        "visual-regression",
+        "accessibility",
+        "anti-generic-ui",
+        "screenshot-review"
+      ],
+      "skills": [
+        "content-first-design",
+        "reference-led-design-critique",
+        "frontend-distinctiveness-benchmark",
+        "frontend-product-quality-rubric",
+        "frontend-design-system",
+        "visual-regression-qa",
+        "accessibility-wcag"
+      ],
+      "handsOffTo": ["marketing-copy-lead", "nextjs-engineer", "qa-engineer", "docs-maintainer"]
+    },
+    {
+      "id": "marketing-copy-lead",
+      "name": "Marketing Copy Lead",
+      "file": ".agent-kit/agents/marketing-copy-lead.md",
+      "defaultFor": [
+        "copy",
+        "copywriting",
+        "marketing",
+        "positioning",
+        "messaging",
+        "value-proposition",
+        "landing-page-copy",
+        "headline",
+        "cta",
+        "conversion",
+        "onboarding-copy",
+        "empty-state-copy",
+        "voice-tone",
+        "pricing-copy"
+      ],
+      "skills": [
+        "positioning-messaging",
+        "conversion-copywriting",
+        "landing-page-copy",
+        "product-voice-tone",
+        "onboarding-empty-state-copy"
+      ],
+      "handsOffTo": ["frontend-design-lead", "nextjs-engineer", "qa-engineer", "docs-maintainer"]
+    },
+    {
+      "id": "security-reviewer",
+      "name": "Security Reviewer",
+      "file": ".agent-kit/agents/security-reviewer.md",
+      "defaultFor": ["security-review", "auth-boundary", "data-mutation", "external-call", "dependency", "secret"],
+      "skills": ["owasp-security-review", "supabase-auth-rls", "postgres-migrations"],
+      "handsOffTo": ["lead-architect", "qa-engineer", "docs-maintainer", "deployment-observability-engineer"]
+    },
+    {
+      "id": "qa-engineer",
+      "name": "QA Engineer",
+      "file": ".agent-kit/agents/qa-engineer.md",
+      "defaultFor": ["testing", "regression", "smoke", "acceptance-evidence"],
+      "skills": ["testing-qa", "best-practice-maturity-review", "visual-regression-qa", "accessibility-wcag"],
+      "handsOffTo": ["docs-maintainer", "deployment-observability-engineer"]
+    },
+    {
+      "id": "docs-maintainer",
+      "name": "Documentation Maintainer",
+      "file": ".agent-kit/agents/docs-maintainer.md",
+      "defaultFor": ["docs", "decisions", "spec", "style-guide", "roadmap", "upgrade-evidence"],
+      "skills": ["docs-maintainer", "planning-council", "best-practice-maturity-review", "agent-handoff-tracing", "upgrade-maintenance"],
+      "handsOffTo": ["deployment-observability-engineer"]
+    },
+    {
+      "id": "deployment-observability-engineer",
+      "name": "Deployment/Observability Engineer",
+      "file": ".agent-kit/agents/deployment-observability-engineer.md",
+      "defaultFor": ["release", "deployment", "environment", "logs", "rollback", "monitoring"],
+      "skills": ["deployment-observability", "testing-qa", "upgrade-maintenance"],
+      "handsOffTo": ["qa-engineer", "docs-maintainer"]
+    }
+  ],
+  "workflows": [
+    {
+      "id": "planning",
+      "triggers": ["plan", "roadmap", "phase", "scope", "what should we do", "break this down"],
+      "sequence": ["planner", "lead-architect", "qa-engineer", "docs-maintainer"],
+      "council": ["planner", "lead-architect"],
+      "requiredOutputs": ["phased checklist", "maturity target", "affected layers", "preserved capabilities", "verification plan", "docs impact"]
+    },
+    {
+      "id": "core-change",
+      "triggers": ["schema", "auth", "rls", "api", "route handler", "server action", "dependency", "upgrade", "release workflow", "package behavior", "cross-layer"],
+      "sequence": [
+        "planner",
+        "lead-architect",
+        "supabase-postgres-engineer",
+        "nextjs-engineer",
+        "security-reviewer",
+        "qa-engineer",
+        "docs-maintainer",
+        "deployment-observability-engineer"
+      ],
+      "council": ["lead-architect", "security-reviewer", "qa-engineer", "docs-maintainer"],
+      "requiredOutputs": [
+        "architecture decision",
+        "maturity evidence",
+        "security review",
+        "test evidence",
+        "doc updates",
+        "upgrade evidence when applicable",
+        "release or rollback notes"
+      ]
+    },
+    {
+      "id": "frontend-change",
+      "triggers": ["screen", "component", "layout", "design", "responsive", "accessibility", "screenshot"],
+      "sequence": ["planner", "frontend-design-lead", "marketing-copy-lead", "nextjs-engineer", "qa-engineer", "docs-maintainer"],
+      "council": ["frontend-design-lead", "marketing-copy-lead", "qa-engineer"],
+      "requiredOutputs": [
+        "brand/content intake",
+        "copy/value-proposition brief when public-facing or conversion-facing",
+        "creative-direction rationale",
+        "reference-set evidence",
+        "distinctiveness benchmark",
+        "design critique verdict",
+        "frontend product-quality scorecard",
+        "domain-specific UI rationale",
+        "visual QA evidence",
+        "state coverage",
+        "accessibility checks",
+        "desktop/mobile verification"
+      ]
+    },
+    {
+      "id": "marketing-copy",
+      "triggers": ["copy", "copywriting", "marketing", "positioning", "messaging", "value prop", "value proposition", "landing page", "headline", "cta", "conversion", "onboarding", "empty state", "pricing"],
+      "sequence": ["planner", "marketing-copy-lead", "frontend-design-lead", "qa-engineer", "docs-maintainer"],
+      "council": ["marketing-copy-lead", "frontend-design-lead"],
+      "requiredOutputs": [
+        "discovery questions answered or explicitly marked unknown",
+        "audience and segment assumptions",
+        "problem, pain, desired outcome, and value proposition",
+        "differentiators, proof points, objections, and counter-messaging",
+        "voice/tone guidance",
+        "page or flow copy inventory",
+        "CTA and conversion hypothesis",
+        "handoff notes for design and implementation"
+      ]
+    },
+    {
+      "id": "security-review",
+      "triggers": ["security", "owasp", "secret", "token", "permission", "ssrf", "idor", "dependency"],
+      "sequence": ["planner", "security-reviewer", "lead-architect", "qa-engineer", "docs-maintainer"],
+      "council": ["security-reviewer", "lead-architect"],
+      "requiredOutputs": ["finding severity", "attack path", "mitigation", "verification evidence"]
+    }
+  ],
+  "handoffRules": [
+    "Each agent must state its decision, risk, and required next handoff before passing work on.",
+    "Planner must classify meaningful work against QUALITY_GATES.md as baseline, strong, or best-practice before completion is claimed.",
+    "Meaningful multi-agent work must record council-session evidence in COUNCIL.md or a structured record that follows .agent-kit/schemas/council-session.schema.json.",
+    "Planner starts planning and ambiguous requests by default.",
+    "Lead Architect must review core changes before implementation.",
+    "Frontend Design Lead must record reference-set evidence, anti-references, a design critique verdict, a distinctiveness benchmark, and a frontend product-quality scorecard before accepting significant frontend work.",
+    "Marketing Copy Lead must ask discovery questions and record audience, pain, outcome, value proposition, proof, objections, voice/tone, and conversion goal before accepting public-facing or conversion-facing copy.",
+    "Security Reviewer must review auth, data mutation, external-call, dependency, secret, and release-risk changes.",
+    "QA Engineer must verify behavior changes before completion.",
+    "Documentation Maintainer must update living markdown when behavior, architecture, release, or standards change."
+  ]
+}

package/examples/next-supabase-installed/.agent-kit/manifest.json

@@ -0,0 +1,58 @@
+{
+  "packageName": "@agent-skills/next-supabase-kit",
+  "packageVersion": "0.1.0",
+  "stack": "next-supabase",
+  "installedAt": "2026-06-07T11:22:09.937Z",
+  "docs": [
+    "AGENTS.md",
+    "AGENT_ROSTER.md",
+    "ASSISTANT_ADAPTERS.md",
+    "COUNCIL.md",
+    "SKILLS.md",
+    "SPEC.md",
+    "DECISIONS.md",
+    "DOCS.md",
+    "DESIGN.md",
+    "MESSAGING.md",
+    "MODEL_ROUTING.md",
+    "QUALITY_GATES.md",
+    "STYLE_GUIDE.md",
+    "SECURITY.md",
+    "TESTING.md",
+    "DEPLOYMENT.md",
+    "UPGRADE.md"
+  ],
+  "libraryFolders": [
+    "agents",
+    "skills",
+    "prompts",
+    "checklists",
+    "design-adapters",
+    "assistant-adapters",
+    "design-briefs",
+    "profiles",
+    "rosters",
+    "schemas"
+  ],
+  "agentRoster": ".agent-kit/agent-roster.json",
+  "modelRouting": ".agent-kit/model-routing.json",
+  "templateHashes": {
+    "AGENTS.md": "f9bb80554334f8466d4d0c0c5ae0fa1ed0e7fd5060ef28802e97ed96f76c1a98",
+    "AGENT_ROSTER.md": "fb88198d0a5f911ec8cbaa2850c1a47e1dbd1fe2c8144f9ce633bbfc1ec414d3",
+    "ASSISTANT_ADAPTERS.md": "d6154a64d77f37cdcfa1f6e59c7d30fc0728c07553551ea77c4fe8d14f1c7365",
+    "COUNCIL.md": "40bec9051664c9c38b8360ee16f21b5e4716030d19c493cdec67395ab06528e1",
+    "SKILLS.md": "3c3c2eb40438a42026479dccac7bbf084ba22e2d758c425dff59385d05eae3bd",
+    "SPEC.md": "8a12bae351b0ceda50dfb2e63ec68767e27f68ffdc15f25bb21bba189855578e",
+    "DECISIONS.md": "89b1c8d70450dae83d8b877d5c6acb6517a3555321fdc6fb7259726e06beebab",
+    "DOCS.md": "40a3f03278785b7edc8f43fc0c9a72f2ab33f966efe391039cda27c33b6899f1",
+    "DESIGN.md": "70f52e539073e7c4c1d37e63c9a21672a3221d2931d3ff284058dabf60243530",
+    "MESSAGING.md": "f1f7c0f11796820b60bb44e42a65749763f7167944ba6acf092a1cf7b59e50de",
+    "MODEL_ROUTING.md": "0835335a03c1c24275e4a1ddb7905062858035079f9010c14a6a9d70ce7831a7",
+    "QUALITY_GATES.md": "0de13d3add75dfa0c01b957cf6b3a1ae552dd7dab2a2e1c17be74263b6b6950d",
+    "STYLE_GUIDE.md": "dcaed2d7885e920060d74e4ba5a8d548a08a729a3efc178434a17b5a182fb628",
+    "SECURITY.md": "f046e4dc794f49700ddee4cb866e2ba1983a1b71268f2e244892d615b41714f8",
+    "TESTING.md": "183f9ca56b95f6390bcfda75a3da3bd22298c8c6ff0d815982022b2af74da75d",
+    "DEPLOYMENT.md": "c33d949c2b1850f8ee6c38e5ec565325c3d47f4daac13b81c75e1b35655ea174",
+    "UPGRADE.md": "e8393975a7a46c2020cd6afb4c4b4d2cc17807fbec1d33f52b7d159f4eb1e3a0"
+  }
+}

package/examples/next-supabase-installed/.agent-kit/model-routing.json

@@ -0,0 +1,164 @@
+{
+  "schemaVersion": 1,
+  "id": "next-supabase-default-model-routing",
+  "stack": "next-supabase",
+  "reviewedAt": "2026-06-03",
+  "reviewCadence": "Review quarterly or whenever the active IDE/model provider changes model availability.",
+  "principle": "Select model depth by agent responsibility. Keep role behavior in the roster and skills; keep tool-specific model names in dated adapter setup notes.",
+  "profiles": [
+    {
+      "id": "fast-targeted",
+      "label": "Fast Targeted",
+      "intent": "Use for narrow edits, doc cleanup, simple command interpretation, and low-risk repeated checks.",
+      "reasoningEffort": "low",
+      "contextWindow": "medium",
+      "latency": "low",
+      "cost": "low",
+      "preferredFor": ["docs-maintainer", "deployment-observability-engineer"]
+    },
+    {
+      "id": "balanced-reasoning",
+      "label": "Balanced Reasoning",
+      "intent": "Use for planning, normal implementation, review synthesis, and tasks where speed and judgment both matter.",
+      "reasoningEffort": "medium",
+      "contextWindow": "large",
+      "latency": "medium",
+      "cost": "medium",
+      "preferredFor": ["planner", "nextjs-engineer", "qa-engineer"]
+    },
+    {
+      "id": "coding-large-context",
+      "label": "Coding Large Context",
+      "intent": "Use for multi-file Next.js implementation, Server Component boundaries, form flows, and repo-wide code changes.",
+      "reasoningEffort": "medium",
+      "contextWindow": "large",
+      "latency": "medium",
+      "cost": "medium",
+      "preferredFor": ["nextjs-engineer"]
+    },
+    {
+      "id": "deep-reasoning-large-context",
+      "label": "Deep Reasoning Large Context",
+      "intent": "Use for architecture, cross-layer changes, migrations, security-sensitive work, and ambiguous decisions with high blast radius.",
+      "reasoningEffort": "high",
+      "contextWindow": "very-large",
+      "latency": "high",
+      "cost": "high",
+      "preferredFor": ["lead-architect", "security-reviewer", "supabase-postgres-engineer"]
+    },
+    {
+      "id": "creative-vision-large-context",
+      "label": "Creative Vision Large Context",
+      "intent": "Use for frontend creative direction, screenshot critique, content-first design, distinctiveness benchmarking, and product-quality review.",
+      "reasoningEffort": "high",
+      "contextWindow": "large",
+      "latency": "medium",
+      "cost": "medium",
+      "preferredFor": ["frontend-design-lead", "marketing-copy-lead"]
+    }
+  ],
+  "agentRoutes": [
+    {
+      "agentId": "planner",
+      "profileId": "balanced-reasoning",
+      "defaultEffort": "medium",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Escalate when the plan changes architecture, auth, data model, release workflow, or public package behavior."
+    },
+    {
+      "agentId": "lead-architect",
+      "profileId": "deep-reasoning-large-context",
+      "defaultEffort": "high",
+      "notes": "Use for core-change council review and cross-layer decisions."
+    },
+    {
+      "agentId": "supabase-postgres-engineer",
+      "profileId": "deep-reasoning-large-context",
+      "defaultEffort": "high",
+      "notes": "Use high reasoning for schema, RLS, migration ordering, rollback, and authorization boundaries."
+    },
+    {
+      "agentId": "nextjs-engineer",
+      "profileId": "coding-large-context",
+      "defaultEffort": "medium",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Escalate when server/client boundaries, caching, auth, or data mutation behavior is uncertain."
+    },
+    {
+      "agentId": "frontend-design-lead",
+      "profileId": "creative-vision-large-context",
+      "defaultEffort": "high",
+      "notes": "Use with screenshots, reference sets, content inventory, and product-specific design evidence."
+    },
+    {
+      "agentId": "marketing-copy-lead",
+      "profileId": "creative-vision-large-context",
+      "defaultEffort": "high",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Use for positioning, value proposition, conversion copy, voice/tone, proof review, and public-facing copy handoff."
+    },
+    {
+      "agentId": "security-reviewer",
+      "profileId": "deep-reasoning-large-context",
+      "defaultEffort": "high",
+      "notes": "Use high reasoning for OWASP, IDOR, SSRF, injection, broken auth, dependency, secret, and release-risk review."
+    },
+    {
+      "agentId": "qa-engineer",
+      "profileId": "balanced-reasoning",
+      "defaultEffort": "medium",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Escalate for flaky tests, concurrency, auth flows, visual regression, or hard-to-reproduce bugs."
+    },
+    {
+      "agentId": "docs-maintainer",
+      "profileId": "fast-targeted",
+      "defaultEffort": "low",
+      "escalationProfileId": "balanced-reasoning",
+      "notes": "Use balanced reasoning when docs encode decisions, migration order, or security-sensitive setup."
+    },
+    {
+      "agentId": "deployment-observability-engineer",
+      "profileId": "fast-targeted",
+      "defaultEffort": "low",
+      "escalationProfileId": "balanced-reasoning",
+      "notes": "Escalate for release gates, rollback paths, env var review, logs, or production incidents."
+    }
+  ],
+  "toolSurfaces": [
+    {
+      "tool": "Codex",
+      "instructionSurface": "AGENTS.md, .codex/config.toml, and optional .codex/agents/*.toml custom agents",
+      "modelSelection": "Default model in config.toml, temporary /model or --model selection, and optional custom-agent model/model_reasoning_effort fields",
+      "enforcement": "partial",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/codex-config.example.toml"
+    },
+    {
+      "tool": "Claude Code",
+      "instructionSurface": "CLAUDE.md and .claude/agents/*.md project subagents",
+      "modelSelection": "Subagent frontmatter can document or select model where supported by the installed Claude Code version",
+      "enforcement": "partial",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/claude-code-subagents-with-models.md"
+    },
+    {
+      "tool": "Cursor",
+      "instructionSurface": ".cursor/rules/*.mdc",
+      "modelSelection": "Use Cursor model picker or team setting; project rules advise which profile to pick but do not force the picker",
+      "enforcement": "advisory",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/cursor-model-selection.mdc"
+    },
+    {
+      "tool": "GitHub Copilot",
+      "instructionSurface": ".github/copilot-instructions.md and .github/instructions/*.instructions.md",
+      "modelSelection": "Use Copilot chat or coding-agent model selection where available; repo instructions advise but do not force model selection",
+      "enforcement": "advisory",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/github-copilot-model-selection.md"
+    }
+  ],
+  "updatePolicy": [
+    "Treat model names as dated recommendations, not permanent product truth.",
+    "Do not store API keys, tokens, billing data, or private model entitlement notes in model-routing files.",
+    "When model availability changes, update adapter examples, MODEL_ROUTING.md, DECISIONS.md, and audit tests in the same change.",
+    "If an IDE cannot enforce per-agent model choice, record that limitation in ASSISTANT_ADAPTERS.md instead of pretending the package can force it."
+  ]
+}

package/examples/next-supabase-installed/.agent-kit/overrides.json

@@ -0,0 +1,9 @@
+{
+  "templates": {
+    "AGENTS.md": {
+      "reason": "Project keeps a mature custom agent roster and only imports new kit roles selectively.",
+      "owner": "engineering",
+      "reviewedAt": "2026-06-02"
+    }
+  }
+}

package/examples/next-supabase-installed/README.md

@@ -0,0 +1,15 @@
+# Example Installed Output
+
+This directory shows the expected shape after running:
+
+```bash
+npx @agent-skills/next-supabase-kit init --stack next-supabase
+npx @agent-skills/next-supabase-kit audit --json
+npx @agent-skills/next-supabase-kit audit --min-readiness baseline-setup
+```
+
+The example is intentionally compact. It documents the generated structure, representative manifest metadata, Cursor adapter rules under `.cursor/rules/`, and expected audit shape without duplicating every template file. `npm run examples:check` verifies that these committed example files still match a clean install from the current built CLI.
+
+The installed `.agent-kit/agent-roster.json` is the machine-readable default council contract used by agents and validated by `agent-kit audit`. New installs also include `COUNCIL.md`, `ASSISTANT_ADAPTERS.md`, `MODEL_ROUTING.md`, `UPGRADE.md`, `.agent-kit/model-routing.json`, `.agent-kit/assistant-adapters/`, `.agent-kit/schemas/`, `DESIGN.md`, and `QUALITY_GATES.md` so handoffs, tool-specific assistant activation, model selection, upgrade review, frontend brand/content intake, reference-led critique, product-quality scoring, creative direction, visual QA, and maturity evidence are explicit before implementation is accepted. Optional `.agent-kit/council-sessions/*.json` records are validated when present.
+
+The sample audit intentionally reports `readiness.level: baseline-setup` with two warnings. A fresh install still contains starter placeholders and unverified assistant/model-selection rows; downstream projects should replace those with real project evidence before claiming strong or best-practice maturity.