@appsforgood/next-supabase-kit 0.1.0

package/examples/next-supabase-installed/audit-output.json

@@ -0,0 +1,336 @@
+{
+  "summary": {
+    "pass": 60,
+    "warn": 3,
+    "fail": 0
+  },
+  "readiness": {
+    "level": "baseline-setup",
+    "summary": "Agent kit setup is valid, but project-specific evidence still needs to replace starter placeholders.",
+    "nextActions": [
+      "Run agent-kit onboard or agent-kit init --guided so agents can start with project-specific context.",
+      "Replace TBD adapter rows with date, owner, evidence, model-selection status, and known limitations for each active IDE.",
+      "Replace TBD/example rows with real project evidence, or document why an item is not applicable before claiming strong or best-practice maturity."
+    ]
+  },
+  "findings": [
+    {
+      "level": "pass",
+      "area": "install",
+      "message": "Agent kit installed at version 0.1.0."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "AGENTS.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "AGENT_ROSTER.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "ASSISTANT_ADAPTERS.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "COUNCIL.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "SKILLS.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "SPEC.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "DECISIONS.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "DOCS.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "DESIGN.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "MESSAGING.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "MODEL_ROUTING.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "QUALITY_GATES.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "STYLE_GUIDE.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "SECURITY.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "TESTING.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "DEPLOYMENT.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "templates",
+      "message": "UPGRADE.md matches the current bundled template."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "Agent roster matches the schema-backed runtime contract."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "Agent roster contains the required default council agents."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "Agent roster maps default agents to required skills."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "Core-change workflow requires architect-led council handoff."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "Frontend-change workflow requires content-first design, reference-led critique, distinctiveness benchmarking, product-quality scoring, and creative-direction evidence."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "Marketing-copy workflow requires question-led positioning, value proposition, proof, objections, voice, and conversion evidence."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "Agent roster requires auditable handoff evidence."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/agent-roster.schema.json is present and parseable."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/council-session.schema.json is present and parseable."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/audit-report.schema.json is present and parseable."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/model-routing.schema.json is present and parseable."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/project-context.schema.json is present and parseable."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/correction-rules.schema.json is present and parseable."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/session-event.schema.json is present and parseable."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/schemas/studio-session.schema.json is present and parseable."
+    },
+    {
+      "level": "warn",
+      "area": "studio",
+      "message": ".agent-kit/project-context.json is missing.",
+      "remediation": "Run agent-kit onboard or agent-kit init --guided so agents can start with project-specific context."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "AGENTS.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "AGENT_ROSTER.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "ASSISTANT_ADAPTERS.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "COUNCIL.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "SKILLS.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "SPEC.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "DECISIONS.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "DOCS.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "DESIGN.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "MESSAGING.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "MODEL_ROUTING.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "QUALITY_GATES.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "STYLE_GUIDE.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "SECURITY.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "TESTING.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "DEPLOYMENT.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "docs",
+      "message": "UPGRADE.md exists."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "COUNCIL.md defines council-session handoff evidence."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": ".agent-kit/assistant-adapters is installed."
+    },
+    {
+      "level": "pass",
+      "area": "agents",
+      "message": "ASSISTANT_ADAPTERS.md maps the council roster to tool-specific instruction surfaces."
+    },
+    {
+      "level": "warn",
+      "area": "models",
+      "message": "ASSISTANT_ADAPTERS.md still has unverified tool-surface rows.",
+      "remediation": "Replace TBD adapter rows with date, owner, evidence, model-selection status, and known limitations for each active IDE."
+    },
+    {
+      "level": "pass",
+      "area": "models",
+      "message": "MODEL_ROUTING.md documents agent model profiles and IDE enforcement limits."
+    },
+    {
+      "level": "pass",
+      "area": "models",
+      "message": "Model routing matches the schema-backed runtime contract."
+    },
+    {
+      "level": "pass",
+      "area": "models",
+      "message": "Model routing maps every default council agent to a profile."
+    },
+    {
+      "level": "pass",
+      "area": "messaging",
+      "message": "MESSAGING.md captures question-led positioning and value-proposition inputs."
+    },
+    {
+      "level": "pass",
+      "area": "messaging",
+      "message": "MESSAGING.md connects claims, proof, objections, and CTA hierarchy."
+    },
+    {
+      "level": "pass",
+      "area": "quality",
+      "message": "QUALITY_GATES.md defines a multi-area best-practice maturity model."
+    },
+    {
+      "level": "pass",
+      "area": "upgrade",
+      "message": "UPGRADE.md defines a reviewable upgrade, migration, audit, and rollback lifecycle."
+    },
+    {
+      "level": "warn",
+      "area": "evidence",
+      "message": "Project evidence docs still contain starter placeholders: COUNCIL.md, SPEC.md, DESIGN.md, MESSAGING.md, SECURITY.md, DEPLOYMENT.md, ASSISTANT_ADAPTERS.md, UPGRADE.md.",
+      "remediation": "Replace TBD/example rows with real project evidence, or document why an item is not applicable before claiming strong or best-practice maturity."
+    }
+  ]
+}

package/examples/next-supabase-installed/tree.txt

@@ -0,0 +1,38 @@
+.
+|-- AGENTS.md
+|-- AGENT_ROSTER.md
+|-- ASSISTANT_ADAPTERS.md
+|-- COUNCIL.md
+|-- SKILLS.md
+|-- SPEC.md
+|-- DECISIONS.md
+|-- DOCS.md
+|-- DESIGN.md
+|-- MESSAGING.md
+|-- MODEL_ROUTING.md
+|-- QUALITY_GATES.md
+|-- STYLE_GUIDE.md
+|-- SECURITY.md
+|-- TESTING.md
+|-- DEPLOYMENT.md
+|-- UPGRADE.md
+|-- .cursor
+|   `-- rules
+|       |-- cursor-agent-kit.mdc
+|       `-- cursor-model-selection.mdc
+`-- .agent-kit
+    |-- manifest.json
+    |-- agent-roster.json
+    |-- model-routing.json
+    |-- config.json
+    |-- overrides.json
+    |-- agents/
+    |-- skills/
+    |-- prompts/
+    |-- checklists/
+    |-- design-adapters/
+    |-- assistant-adapters/
+    |-- design-briefs/
+    |-- profiles/
+    |-- rosters/
+    `-- schemas/

package/model-routing/default-model-routing.json

@@ -0,0 +1,164 @@
+{
+  "schemaVersion": 1,
+  "id": "next-supabase-default-model-routing",
+  "stack": "next-supabase",
+  "reviewedAt": "2026-06-03",
+  "reviewCadence": "Review quarterly or whenever the active IDE/model provider changes model availability.",
+  "principle": "Select model depth by agent responsibility. Keep role behavior in the roster and skills; keep tool-specific model names in dated adapter setup notes.",
+  "profiles": [
+    {
+      "id": "fast-targeted",
+      "label": "Fast Targeted",
+      "intent": "Use for narrow edits, doc cleanup, simple command interpretation, and low-risk repeated checks.",
+      "reasoningEffort": "low",
+      "contextWindow": "medium",
+      "latency": "low",
+      "cost": "low",
+      "preferredFor": ["docs-maintainer", "deployment-observability-engineer"]
+    },
+    {
+      "id": "balanced-reasoning",
+      "label": "Balanced Reasoning",
+      "intent": "Use for planning, normal implementation, review synthesis, and tasks where speed and judgment both matter.",
+      "reasoningEffort": "medium",
+      "contextWindow": "large",
+      "latency": "medium",
+      "cost": "medium",
+      "preferredFor": ["planner", "nextjs-engineer", "qa-engineer"]
+    },
+    {
+      "id": "coding-large-context",
+      "label": "Coding Large Context",
+      "intent": "Use for multi-file Next.js implementation, Server Component boundaries, form flows, and repo-wide code changes.",
+      "reasoningEffort": "medium",
+      "contextWindow": "large",
+      "latency": "medium",
+      "cost": "medium",
+      "preferredFor": ["nextjs-engineer"]
+    },
+    {
+      "id": "deep-reasoning-large-context",
+      "label": "Deep Reasoning Large Context",
+      "intent": "Use for architecture, cross-layer changes, migrations, security-sensitive work, and ambiguous decisions with high blast radius.",
+      "reasoningEffort": "high",
+      "contextWindow": "very-large",
+      "latency": "high",
+      "cost": "high",
+      "preferredFor": ["lead-architect", "security-reviewer", "supabase-postgres-engineer"]
+    },
+    {
+      "id": "creative-vision-large-context",
+      "label": "Creative Vision Large Context",
+      "intent": "Use for frontend creative direction, screenshot critique, content-first design, distinctiveness benchmarking, and product-quality review.",
+      "reasoningEffort": "high",
+      "contextWindow": "large",
+      "latency": "medium",
+      "cost": "medium",
+      "preferredFor": ["frontend-design-lead", "marketing-copy-lead"]
+    }
+  ],
+  "agentRoutes": [
+    {
+      "agentId": "planner",
+      "profileId": "balanced-reasoning",
+      "defaultEffort": "medium",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Escalate when the plan changes architecture, auth, data model, release workflow, or public package behavior."
+    },
+    {
+      "agentId": "lead-architect",
+      "profileId": "deep-reasoning-large-context",
+      "defaultEffort": "high",
+      "notes": "Use for core-change council review and cross-layer decisions."
+    },
+    {
+      "agentId": "supabase-postgres-engineer",
+      "profileId": "deep-reasoning-large-context",
+      "defaultEffort": "high",
+      "notes": "Use high reasoning for schema, RLS, migration ordering, rollback, and authorization boundaries."
+    },
+    {
+      "agentId": "nextjs-engineer",
+      "profileId": "coding-large-context",
+      "defaultEffort": "medium",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Escalate when server/client boundaries, caching, auth, or data mutation behavior is uncertain."
+    },
+    {
+      "agentId": "frontend-design-lead",
+      "profileId": "creative-vision-large-context",
+      "defaultEffort": "high",
+      "notes": "Use with screenshots, reference sets, content inventory, and product-specific design evidence."
+    },
+    {
+      "agentId": "marketing-copy-lead",
+      "profileId": "creative-vision-large-context",
+      "defaultEffort": "high",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Use for positioning, value proposition, conversion copy, voice/tone, proof review, and public-facing copy handoff."
+    },
+    {
+      "agentId": "security-reviewer",
+      "profileId": "deep-reasoning-large-context",
+      "defaultEffort": "high",
+      "notes": "Use high reasoning for OWASP, IDOR, SSRF, injection, broken auth, dependency, secret, and release-risk review."
+    },
+    {
+      "agentId": "qa-engineer",
+      "profileId": "balanced-reasoning",
+      "defaultEffort": "medium",
+      "escalationProfileId": "deep-reasoning-large-context",
+      "notes": "Escalate for flaky tests, concurrency, auth flows, visual regression, or hard-to-reproduce bugs."
+    },
+    {
+      "agentId": "docs-maintainer",
+      "profileId": "fast-targeted",
+      "defaultEffort": "low",
+      "escalationProfileId": "balanced-reasoning",
+      "notes": "Use balanced reasoning when docs encode decisions, migration order, or security-sensitive setup."
+    },
+    {
+      "agentId": "deployment-observability-engineer",
+      "profileId": "fast-targeted",
+      "defaultEffort": "low",
+      "escalationProfileId": "balanced-reasoning",
+      "notes": "Escalate for release gates, rollback paths, env var review, logs, or production incidents."
+    }
+  ],
+  "toolSurfaces": [
+    {
+      "tool": "Codex",
+      "instructionSurface": "AGENTS.md, .codex/config.toml, and optional .codex/agents/*.toml custom agents",
+      "modelSelection": "Default model in config.toml, temporary /model or --model selection, and optional custom-agent model/model_reasoning_effort fields",
+      "enforcement": "partial",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/codex-config.example.toml"
+    },
+    {
+      "tool": "Claude Code",
+      "instructionSurface": "CLAUDE.md and .claude/agents/*.md project subagents",
+      "modelSelection": "Subagent frontmatter can document or select model where supported by the installed Claude Code version",
+      "enforcement": "partial",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/claude-code-subagents-with-models.md"
+    },
+    {
+      "tool": "Cursor",
+      "instructionSurface": ".cursor/rules/*.mdc",
+      "modelSelection": "Use Cursor model picker or team setting; project rules advise which profile to pick but do not force the picker",
+      "enforcement": "advisory",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/cursor-model-selection.mdc"
+    },
+    {
+      "tool": "GitHub Copilot",
+      "instructionSurface": ".github/copilot-instructions.md and .github/instructions/*.instructions.md",
+      "modelSelection": "Use Copilot chat or coding-agent model selection where available; repo instructions advise but do not force model selection",
+      "enforcement": "advisory",
+      "adapter": ".agent-kit/assistant-adapters/model-selection/github-copilot-model-selection.md"
+    }
+  ],
+  "updatePolicy": [
+    "Treat model names as dated recommendations, not permanent product truth.",
+    "Do not store API keys, tokens, billing data, or private model entitlement notes in model-routing files.",
+    "When model availability changes, update adapter examples, MODEL_ROUTING.md, DECISIONS.md, and audit tests in the same change.",
+    "If an IDE cannot enforce per-agent model choice, record that limitation in ASSISTANT_ADAPTERS.md instead of pretending the package can force it."
+  ]
+}

package/package.json

@@ -0,0 +1,98 @@
+{
+  "name": "@appsforgood/next-supabase-kit",
+  "version": "0.1.0",
+  "description": "Open agent council, skills, prompts, checklists, and markdown templates for Next.js and Supabase projects.",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/lukey662/agentsandskills.git"
+  },
+  "bugs": {
+    "url": "https://github.com/lukey662/agentsandskills/issues"
+  },
+  "homepage": "https://github.com/lukey662/agentsandskills#readme",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
+  },
+  "bin": {
+    "agent-kit": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "templates",
+    "agents",
+    "skills",
+    "prompts",
+    "checklists",
+    "design-adapters",
+    "assistant-adapters",
+    "model-routing",
+    "design-briefs",
+    "profiles",
+    "rosters",
+    "schemas",
+    "examples/next-supabase-installed/.agent-kit/agent-roster.json",
+    "examples/next-supabase-installed/.agent-kit/model-routing.json",
+    "examples/next-supabase-installed/.agent-kit/manifest.json",
+    "examples/next-supabase-installed/.agent-kit/overrides.json",
+    "examples/next-supabase-installed/audit-output.json",
+    "examples/next-supabase-installed/README.md",
+    "examples/next-supabase-installed/tree.txt",
+    "research/scan-config.json",
+    "research/scan-plan.md",
+    "research/summaries",
+    "research/proposed-updates.md",
+    "README.md",
+    "CHANGELOG.md",
+    "CONTRIBUTING.md",
+    "CODE_OF_CONDUCT.md",
+    "SUPPORT.md",
+    "GOVERNANCE.md",
+    "REPOSITORY_SETTINGS.md",
+    "SUPPLY_CHAIN.md",
+    "BEST_PRACTICE_EVIDENCE.md",
+    "DOGFOOD.md",
+    "RESEARCH_CITATION_POLICY.md",
+    "UPGRADE.md",
+    "SECURITY.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "packageManager": "npm@11.6.2",
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsx src/cli/index.ts",
+    "typecheck": "tsc --noEmit",
+    "lint": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "smoke": "node dist/index.js doctor",
+    "smoke:install": "node scripts/smoke-install.mjs",
+    "smoke:studio": "node scripts/smoke-studio.mjs",
+    "smoke:audit-gate": "node scripts/smoke-audit-gate.mjs",
+    "examples:check": "node scripts/example-check.mjs",
+    "version:check": "node scripts/version-check.mjs",
+    "sbom:check": "node scripts/sbom-check.mjs",
+    "sbom:generate": "node scripts/sbom-check.mjs --output sbom.cdx.json",
+    "publish:verify": "node scripts/post-publish-verify.mjs",
+    "release:check": "node scripts/release-check.mjs",
+    "pack:check": "npm pack --dry-run"
+  },
+  "dependencies": {
+    "@octokit/rest": "^21.1.1",
+    "commander": "^12.1.0",
+    "simple-git": "^3.27.0",
+    "zod": "^3.24.1"
+  },
+  "devDependencies": {
+    "@rolldown/binding-win32-x64-msvc": "^1.0.3",
+    "@types/node": "^22.10.5",
+    "tsup": "^8.3.5",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.3",
+    "vitest": "^4.1.8"
+  }
+}

package/profiles/admin-app.md

@@ -0,0 +1,17 @@
+# Admin App Compatibility Profile
+
+Use for internal operations consoles, support tools, moderation systems, and analytics back offices.
+
+## Required Emphasis
+
+- Least-privilege admin access, audit logs, impersonation controls, and destructive-action review.
+- RLS and server-side authorization for admin-only data and actions.
+- Clear stale-data, partial-data, rate-limit, and permission-denied states.
+- Smoke tests for admin login, core queue processing, audit logging, and access control.
+
+## Agent Handoff
+
+- Architect owns admin boundaries and workflow invariants.
+- Supabase/Postgres engineer owns policy bypass strategy, audit tables, and queue schema.
+- Security reviewer owns privilege escalation, logging integrity, service-role use, and secrets.
+- Frontend design lead owns dense scanning, filters, bulk actions, and safe destructive flows.

package/profiles/content-app.md

@@ -0,0 +1,17 @@
+# Content App Compatibility Profile
+
+Use for publishing systems, editorial workflows, knowledge bases, newsletters, and media apps.
+
+## Required Emphasis
+
+- Content lifecycle, author/editor roles, source attribution, publishing permissions, and moderation.
+- RLS policies for drafts, private notes, scheduled content, and editorial-only metadata.
+- Empty, unavailable-source, failed-import, scheduled, published, and archived states.
+- Smoke tests for content creation, review, publish, rollback, and reader access.
+
+## Agent Handoff
+
+- Architect owns content model, lifecycle, and public/private boundaries.
+- Supabase/Postgres engineer owns versioning, indexing, search, and RLS policies.
+- Security reviewer owns stored content safety, upload handling, SSRF, and admin boundaries.
+- Frontend design lead owns reading rhythm, editorial status, attribution, and mobile presentation.