@appsforgood/next-supabase-kit 0.1.1 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +33 -0
- package/README.md +20 -3
- package/REPOSITORY_SETTINGS.md +1 -0
- package/UPGRADE.md +9 -5
- package/antigravity/commands/audit.toml +16 -0
- package/antigravity/commands/copy.toml +16 -0
- package/antigravity/commands/frontend.toml +17 -0
- package/antigravity/commands/handoff.toml +16 -0
- package/antigravity/commands/plan.toml +18 -0
- package/antigravity/commands/security.toml +16 -0
- package/antigravity/commands/setup.toml +16 -0
- package/antigravity/commands/ship.toml +17 -0
- package/antigravity/commands/upgrade.toml +17 -0
- package/antigravity/plugin.json +58 -0
- package/assistant-adapters/README.md +1 -0
- package/assistant-adapters/antigravity.md +56 -0
- package/assistant-adapters/claude-code-subagents.md +1 -1
- package/assistant-adapters/codex-agents.md +17 -1
- package/assistant-adapters/cursor-agent-kit.mdc +3 -2
- package/assistant-adapters/cursor-frontend.mdc +16 -0
- package/assistant-adapters/cursor-planner.mdc +14 -0
- package/assistant-adapters/cursor-security.mdc +18 -0
- package/assistant-adapters/github-copilot-instructions.md +1 -1
- package/assistant-adapters/github-next-supabase.instructions.md +1 -1
- package/assistant-adapters/model-selection/codex-config.example.toml +3 -0
- package/dist/index.js +5036 -1838
- package/dist/index.js.map +1 -1
- package/dist/studio/office/assets/office.css +551 -0
- package/dist/studio/office/assets/office.js +1105 -0
- package/dist/studio/wizard/assets/wizard.css +525 -0
- package/dist/studio/wizard/assets/wizard.js +692 -0
- package/examples/next-supabase-installed/.agent-kit/manifest.json +59 -58
- package/examples/next-supabase-installed/.agent-kit/model-routing.json +7 -0
- package/examples/next-supabase-installed/.agent-kit/overrides.json +1 -7
- package/examples/next-supabase-installed/audit-output.json +360 -1
- package/examples/next-supabase-installed/tree.txt +6 -0
- package/model-routing/default-model-routing.json +7 -0
- package/package.json +13 -5
- package/runtime-skills/README.md +7 -0
- package/runtime-skills/accessibility-wcag/SKILL.md +8 -0
- package/runtime-skills/agent-handoff-tracing/SKILL.md +8 -0
- package/runtime-skills/best-practice-maturity-review/SKILL.md +8 -0
- package/runtime-skills/content-first-design/SKILL.md +8 -0
- package/runtime-skills/conversion-copywriting/SKILL.md +8 -0
- package/runtime-skills/deployment-observability/SKILL.md +8 -0
- package/runtime-skills/docs-maintainer/SKILL.md +8 -0
- package/runtime-skills/frontend-design-system/SKILL.md +8 -0
- package/runtime-skills/frontend-distinctiveness-benchmark/SKILL.md +8 -0
- package/runtime-skills/frontend-product-quality-rubric/SKILL.md +8 -0
- package/runtime-skills/landing-page-copy/SKILL.md +8 -0
- package/runtime-skills/nextjs-app-router/SKILL.md +8 -0
- package/runtime-skills/onboarding-empty-state-copy/SKILL.md +8 -0
- package/runtime-skills/owasp-security-review/SKILL.md +8 -0
- package/runtime-skills/planning-council/SKILL.md +8 -0
- package/runtime-skills/positioning-messaging/SKILL.md +8 -0
- package/runtime-skills/postgres-migrations/SKILL.md +8 -0
- package/runtime-skills/product-voice-tone/SKILL.md +8 -0
- package/runtime-skills/reference-led-design-critique/SKILL.md +8 -0
- package/runtime-skills/supabase-auth-rls/SKILL.md +8 -0
- package/runtime-skills/testing-qa/SKILL.md +8 -0
- package/runtime-skills/upgrade-maintenance/SKILL.md +8 -0
- package/runtime-skills/visual-regression-qa/SKILL.md +8 -0
- package/schemas/onboarding-state.schema.json +33 -0
- package/templates/next-supabase/.github/workflows/agent-kit-audit.yml +35 -0
- package/templates/next-supabase/AGENTS.md +1 -1
- package/templates/next-supabase/ASSISTANT_ADAPTERS.md +46 -4
- package/templates/next-supabase/CLAUDE.md +39 -0
- package/templates/next-supabase/DECISIONS.md +14 -0
- package/templates/next-supabase/DOCS.md +4 -0
- package/templates/next-supabase/MODEL_ROUTING.md +12 -0
- package/templates/next-supabase/QUALITY_GATES.md +4 -0
- package/templates/next-supabase/SPEC.md +2 -0
- package/templates/next-supabase/TESTING.md +3 -0
- package/templates/next-supabase/UPGRADE.md +4 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,38 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.1.4
|
|
4
|
+
|
|
5
|
+
- Added true multi-agent IDE activation for **Cursor** (`.cursor/agents/*.md`, `.cursor/skills/*/SKILL.md`, scoped rules) and **Codex** (`.codex/agents/*.toml` with model routing effort) via `agent-kit init --activate cursor|codex`.
|
|
6
|
+
- Added shared roster adapter generation (`roster-adapters.ts`) and assistant adapter table parsing so audit and `adapter validate` warn when Active Cursor/Codex rows lack specialist files.
|
|
7
|
+
- Fixed setup wizard IDE activation order so `present` is detected after files are generated and conflicts are returned in the API response.
|
|
8
|
+
- Quoted YAML frontmatter in generated Cursor/Claude subagents and Cursor skills so descriptions with colons or quotes remain valid.
|
|
9
|
+
- Stopped post-copy mutation of existing `.codex/config.toml`; conflict-safe copy behavior now protects customized Codex config.
|
|
10
|
+
- Fixed `cursor-planner.mdc` scoped rule frontmatter and expanded adapter validation, IDE activation, and SSE stream tests.
|
|
11
|
+
|
|
12
|
+
## 0.1.3
|
|
13
|
+
|
|
14
|
+
- Added Antigravity runtime adapter support with `agent-kit init --activate antigravity`, `antigravity/plugin.json`, native `/setup`, `/audit`, `/plan`, `/handoff`, `/frontend`, `/security`, `/copy`, `/ship`, and `/upgrade` command files, and portable `runtime-skills/*/SKILL.md` wrappers.
|
|
15
|
+
- Added `agent-kit adapter validate` and `agent-kit package validate` so runtime adapter assets, package allowlists, portable skills, examples, and source-package audit behavior are release-gated.
|
|
16
|
+
- Fixed package-source audit mode so the source repository validates shipped templates and package assets without requiring installed-project root docs such as `AGENTS.md` or `.agent-kit/manifest.json`.
|
|
17
|
+
- Updated development dependencies for TypeScript 6 and Node 25 type coverage, while preserving the package runtime floor at Node 20.
|
|
18
|
+
- Hardened GitHub CI by keeping OpenSSF Scorecard write scopes at job level and documenting Dependency Review's dependency-graph requirement.
|
|
19
|
+
- Updated `actions/upload-artifact` to v7 in release and research workflows to avoid the GitHub Actions Node 20 runtime deprecation window.
|
|
20
|
+
- Added an `esbuild` override to clear the release-gate dependency audit without downgrading `tsup`.
|
|
21
|
+
- Hardened npm Trusted Publishing by scrubbing inherited `NODE_AUTH_TOKEN` state and publishing with a token-free npm config.
|
|
22
|
+
- Added **`agent-kit init --activate`** for Claude Code (`.claude/agents/*.md`, `CLAUDE.md`), Copilot (`.github/copilot-instructions.md`), and Codex (`.codex/config.toml`) IDE parity.
|
|
23
|
+
- Plain **`agent-kit init`** now always creates `.agent-kit/project-context.json` and ships `.github/workflows/agent-kit-audit.yml`.
|
|
24
|
+
- Added code-aware audit tier (`project-reality` vs `docs-hygiene`): Supabase migration RLS parsing, test-script verification, and secret-pattern scanning.
|
|
25
|
+
- Added **`agent-kit session checkpoint --file`** batch API for council evidence logging.
|
|
26
|
+
- Reference `.agent-kit/agent-briefs.md` in all assistant adapters.
|
|
27
|
+
- Release workflow publishes through npm Trusted Publishing/OIDC without `NODE_AUTH_TOKEN`, avoiding OTP-bound token automation.
|
|
28
|
+
|
|
29
|
+
## 0.1.2
|
|
30
|
+
|
|
31
|
+
- Added pixel **Agent Office** as the default `agent-kit setup` view with canvas agents, break-room amenities (coffee, water cooler), agent movement, and high-res floor rendering.
|
|
32
|
+
- Added local setup wizard form fallback at `/wizard`, progressive depth (Quick/Standard/Complete), resume state, and agent briefing drafts.
|
|
33
|
+
- Fixed setup routing so `/setup` serves the office; added form-to-office navigation, port-in-use CLI warnings, and `data-view` markers for debugging.
|
|
34
|
+
- Added **`agent-kit studio serve`** — localhost live session viewer with SSE event stream, speech bubbles, and transcript panel reusing the office canvas.
|
|
35
|
+
|
|
3
36
|
## 0.1.1
|
|
4
37
|
|
|
5
38
|
- Completed npm package rename from `@agent-skills/next-supabase-kit` to `@appsforgood/next-supabase-kit` across CLI defaults, shipped docs, templates, examples, tests, and release scripts.
|
package/README.md
CHANGED
|
@@ -17,11 +17,20 @@ It also includes a local Agent Studio workflow: project context, durable human c
|
|
|
17
17
|
Use this in a Next.js + Supabase project after the public package is available on npm:
|
|
18
18
|
|
|
19
19
|
```bash
|
|
20
|
-
npx @appsforgood/next-supabase-kit init --stack next-supabase
|
|
20
|
+
npx @appsforgood/next-supabase-kit init --stack next-supabase --setup --open
|
|
21
21
|
npx @appsforgood/next-supabase-kit audit
|
|
22
22
|
npx @appsforgood/next-supabase-kit audit --min-readiness baseline-setup
|
|
23
23
|
```
|
|
24
24
|
|
|
25
|
+
After install, the **Agent Office** setup view teaches agents about your project (~10 min). Resume anytime:
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
npx @appsforgood/next-supabase-kit setup --open
|
|
29
|
+
npx @appsforgood/next-supabase-kit setup --status
|
|
30
|
+
npx @appsforgood/next-supabase-kit init --activate antigravity
|
|
31
|
+
npx @appsforgood/next-supabase-kit adapter validate antigravity
|
|
32
|
+
```
|
|
33
|
+
|
|
25
34
|
The installer preserves existing docs. If a file already exists and differs from the template, the new version is written to `.agent-kit/conflicts/` for review.
|
|
26
35
|
|
|
27
36
|
For local development of this repo:
|
|
@@ -64,6 +73,7 @@ For meaningful multi-agent work, record the decision, risk, next handoff, requir
|
|
|
64
73
|
For local Agent Studio sessions, use:
|
|
65
74
|
|
|
66
75
|
```bash
|
|
76
|
+
agent-kit setup
|
|
67
77
|
agent-kit init --guided
|
|
68
78
|
agent-kit context validate
|
|
69
79
|
agent-kit session start "Build checkout flow" --workflow frontend-change
|
|
@@ -108,8 +118,9 @@ The `.agent-kit/` folder includes:
|
|
|
108
118
|
- `model-routing.json` for provider-neutral model profile routing.
|
|
109
119
|
- `project-context.json`, `project-context.md`, `corrections/`, and `council-sessions/` for local Agent Studio context, correction rules, session events, and rendered transcripts.
|
|
110
120
|
- `schemas/` for agent roster, council-session, model-routing, project context, correction rules, session events, studio sessions, and audit-report contracts.
|
|
111
|
-
- `agents/`, `skills/`, `prompts/`, and `checklists/`.
|
|
112
|
-
- `assistant-adapters/` for Codex/AGENTS.md-compatible tools, GitHub Copilot/VS Code, Cursor,
|
|
121
|
+
- `agents/`, `skills/`, `runtime-skills/`, `prompts/`, and `checklists/`.
|
|
122
|
+
- `assistant-adapters/` for Codex/AGENTS.md-compatible tools, GitHub Copilot/VS Code, Cursor, Claude Code, and Antigravity.
|
|
123
|
+
- `antigravity/` for native command and plugin assets.
|
|
113
124
|
- `design-briefs/` for SaaS, admin, marketplace, content, tool, ecommerce, portfolio/venue, education, community/social, and AI workflow surfaces.
|
|
114
125
|
- `profiles/` for product-type and adjacent-stack adaptation.
|
|
115
126
|
|
|
@@ -119,6 +130,8 @@ The `.agent-kit/` folder includes:
|
|
|
119
130
|
agent-kit audit
|
|
120
131
|
agent-kit audit --json
|
|
121
132
|
agent-kit audit --min-readiness baseline-setup
|
|
133
|
+
agent-kit adapter validate antigravity
|
|
134
|
+
agent-kit package validate
|
|
122
135
|
agent-kit context init
|
|
123
136
|
agent-kit session start "Short task name"
|
|
124
137
|
agent-kit session output "verification evidence" --status complete --evidence "npm test"
|
|
@@ -147,6 +160,8 @@ Agent Kit separates the mechanisms that make AI coding repeatable:
|
|
|
147
160
|
- Instructions: `AGENTS.md`, assistant adapters, and IDE-specific rule files.
|
|
148
161
|
- Roster: `.agent-kit/agent-roster.json` chooses agents, workflows, and handoffs.
|
|
149
162
|
- Skills: `.agent-kit/skills/` keeps specialist workflows reusable.
|
|
163
|
+
- Runtime commands: Antigravity `commands/*.toml` expose `/setup`, `/audit`, `/plan`, `/handoff`, `/frontend`, `/security`, `/copy`, `/ship`, and `/upgrade` as native adapter entrypoints.
|
|
164
|
+
- Portable skills: `runtime-skills/*/SKILL.md` wraps canonical `skills/*.md` files for runtimes that discover skill directories.
|
|
150
165
|
- Model routing: `MODEL_ROUTING.md` and `.agent-kit/model-routing.json` map agents to model profiles.
|
|
151
166
|
- Messaging: `MESSAGING.md` records audience, pain, outcome, proof, objections, voice, and conversion evidence for public-facing copy.
|
|
152
167
|
- Local Agent Studio: `.agent-kit/project-context.*`, `.agent-kit/corrections/*.json`, and `.agent-kit/council-sessions/*` keep context, corrections, decisions, handoffs, required-output status, artifacts, verification, and rendered Markdown transcripts local.
|
|
@@ -155,6 +170,8 @@ Agent Kit separates the mechanisms that make AI coding repeatable:
|
|
|
155
170
|
|
|
156
171
|
Some IDEs can partially enforce model settings; others only let project files advise the user. The kit records that difference instead of pretending every tool can force per-agent model selection.
|
|
157
172
|
|
|
173
|
+
Runtime command files are adapters only. `AGENTS.md`, `.agent-kit/agent-roster.json`, `QUALITY_GATES.md`, and Agent Studio session evidence remain the canonical operating model.
|
|
174
|
+
|
|
158
175
|
## Frontend Quality Bar
|
|
159
176
|
|
|
160
177
|
The kit is intentionally strict about frontend work because normal AI output often looks generic.
|
package/REPOSITORY_SETTINGS.md
CHANGED
|
@@ -33,6 +33,7 @@ Create environment `npm-publish` with:
|
|
|
33
33
|
- Deployment branches restricted to `main` and release events.
|
|
34
34
|
- No npm publish token secret for the trusted-publishing flow.
|
|
35
35
|
- Any legacy npm token secrets deleted after Trusted Publishing is confirmed.
|
|
36
|
+
- Optional fallback: a maintainer npm publish token secret on the `npm-publish` environment when trusted publishing returns 404 on PUT.
|
|
36
37
|
|
|
37
38
|
The npm trusted publisher must match:
|
|
38
39
|
|
package/UPGRADE.md
CHANGED
|
@@ -16,9 +16,10 @@ Before publishing a new package version:
|
|
|
16
16
|
1. Update `CHANGELOG.md` with user-visible changes, migration notes, and deprecations.
|
|
17
17
|
2. Update `ROADMAP.md` and `BEST_PRACTICE_EVIDENCE.md` when a research finding becomes enforced behavior.
|
|
18
18
|
3. Run `npm run release:check`.
|
|
19
|
-
4.
|
|
20
|
-
5.
|
|
21
|
-
6.
|
|
19
|
+
4. Run `agent-kit package validate` from the source repository when runtime adapter or package assets changed.
|
|
20
|
+
5. Confirm the pack dry run includes only public-safe files.
|
|
21
|
+
6. Publish through npm Trusted Publishing.
|
|
22
|
+
7. Verify public install with `npx @appsforgood/next-supabase-kit`.
|
|
22
23
|
|
|
23
24
|
## Downstream Upgrade Checklist
|
|
24
25
|
|
|
@@ -28,6 +29,7 @@ From a downstream project:
|
|
|
28
29
|
npx @appsforgood/next-supabase-kit@latest doctor
|
|
29
30
|
npx @appsforgood/next-supabase-kit@latest diff
|
|
30
31
|
npx @appsforgood/next-supabase-kit@latest update
|
|
32
|
+
npx @appsforgood/next-supabase-kit@latest adapter validate antigravity
|
|
31
33
|
npx @appsforgood/next-supabase-kit@latest audit --min-readiness baseline-setup
|
|
32
34
|
```
|
|
33
35
|
|
|
@@ -48,8 +50,9 @@ npx @appsforgood/next-supabase-kit@latest audit --min-readiness best-practice-ca
|
|
|
48
50
|
3. Check `.agent-kit/conflicts/` before accepting template updates.
|
|
49
51
|
4. Preserve valid local customizations in `.agent-kit/overrides.json`.
|
|
50
52
|
5. Review `AGENTS.md`, `AGENT_ROSTER.md`, `ASSISTANT_ADAPTERS.md`, `MODEL_ROUTING.md`, `COUNCIL.md`, `QUALITY_GATES.md`, `SECURITY.md`, `TESTING.md`, `DEPLOYMENT.md`, and this file.
|
|
51
|
-
6.
|
|
52
|
-
7.
|
|
53
|
+
6. If using Antigravity, review `.antigravity/agent-kit/plugin.json`, `.antigravity/agent-kit/commands/*.toml`, and `.antigravity/runtime-skills/*/SKILL.md`.
|
|
54
|
+
7. Run project tests and release checks before merging.
|
|
55
|
+
8. Record any accepted deviations in `DECISIONS.md`.
|
|
53
56
|
|
|
54
57
|
## Next.js And Supabase Stack Upgrades
|
|
55
58
|
|
|
@@ -74,4 +77,5 @@ Keep rollback evidence next to the upgrade:
|
|
|
74
77
|
|
|
75
78
|
| Date | From | To | Scope | Evidence | Owner |
|
|
76
79
|
| --- | --- | --- | --- | --- | --- |
|
|
80
|
+
| 2026-06-14 | TypeScript 5 / Node 22 types | TypeScript 6 / Node 25 types | Dev dependency update for package validation and CI parity | `npm run typecheck`, `npm test`, `npm audit --audit-level=moderate` | Maintainers |
|
|
77
81
|
| TBD | TBD | TBD | TBD | TBD | TBD |
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
name = "audit"
|
|
2
|
+
description = "Run the Agent Kit maturity audit and convert findings into concrete follow-up work."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the Agent Kit audit workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: QUALITY_GATES.md, AGENTS.md, .agent-kit/agent-roster.json, SPEC.md, SECURITY.md, TESTING.md, DEPLOYMENT.md, and ASSISTANT_ADAPTERS.md.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Run `agent-kit audit --json`.
|
|
11
|
+
2. Classify failures before warnings.
|
|
12
|
+
3. Map each finding to the responsible council role.
|
|
13
|
+
4. Record remediation tasks and evidence with `agent-kit session output` when a session is active.
|
|
14
|
+
|
|
15
|
+
Required outputs: readiness level, failures, warnings, owner/council role, remediation order, verification command.
|
|
16
|
+
"""
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
name = "copy"
|
|
2
|
+
description = "Route public-facing and conversion-facing copy through messaging and proof gates."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the marketing-copy workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: MESSAGING.md, DESIGN.md, QUALITY_GATES.md, .agent-kit/agent-roster.json, .agent-kit/skills/positioning-messaging.md, and .agent-kit/skills/conversion-copywriting.md.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Start with Marketing Copy Lead for public-facing, onboarding, pricing, CTA, landing, empty-state, or conversion-facing copy.
|
|
11
|
+
2. Confirm audience, pain, outcome, differentiator, proof, objections, voice, and conversion goal.
|
|
12
|
+
3. Mark unsupported claims as assumptions.
|
|
13
|
+
4. Handoff accepted copy to Frontend Design Lead for hierarchy and layout fit.
|
|
14
|
+
|
|
15
|
+
Required outputs: audience, problem/pain/outcome, value proposition, proof, objections, voice/tone, CTA hierarchy, risky-claim review.
|
|
16
|
+
"""
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
name = "frontend"
|
|
2
|
+
description = "Route frontend work through content-first design, accessibility, and visual QA gates."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the frontend-change workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: DESIGN.md, STYLE_GUIDE.md, MESSAGING.md, QUALITY_GATES.md, .agent-kit/agent-roster.json, .agent-kit/design-briefs/, .agent-kit/prompts/screenshot-review.md, and .agent-kit/skills/frontend-design-system.md.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Start with Frontend Design Lead before implementation.
|
|
11
|
+
2. Confirm brand/content intake, user needs, real content, creative direction, references, anti-references, and source-safety notes.
|
|
12
|
+
3. Require distinctiveness benchmark and product-quality scorecard for significant UI.
|
|
13
|
+
4. Preserve WCAG 2.1 AA, keyboard flow, responsive states, and loading/error/empty/success states.
|
|
14
|
+
5. Record visual QA and accessibility evidence with `agent-kit session output`.
|
|
15
|
+
|
|
16
|
+
Required outputs: design direction, reference evidence, product-specific UI rationale, state coverage, accessibility checks, desktop/mobile visual QA.
|
|
17
|
+
"""
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
name = "handoff"
|
|
2
|
+
description = "Record durable Agent Studio handoff evidence between council roles."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the Agent Kit handoff workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: COUNCIL.md, .agent-kit/council-sessions/, .agent-kit/schemas/session-event.schema.json, AGENT_ROSTER.md, and .agent-kit/agent-roster.json.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Identify source agent, target agent, decision, risk, and evidence.
|
|
11
|
+
2. Use `agent-kit session handoff --from <agent> --to <agent> --decision <decision> --risk <risk> --evidence <evidence>`.
|
|
12
|
+
3. Mark required outputs with `agent-kit session output`.
|
|
13
|
+
4. Run `agent-kit session render`.
|
|
14
|
+
|
|
15
|
+
Required outputs: source agent, target agent, decision, risk, evidence path, required-output status, rendered session path.
|
|
16
|
+
"""
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
name = "plan"
|
|
2
|
+
description = "Create an implementation-ready Agent Kit plan through Planner and Lead Architect routing."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the planning workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: AGENTS.md, AGENT_ROSTER.md, .agent-kit/agent-roster.json, MODEL_ROUTING.md, .agent-kit/model-routing.json, .agent-kit/project-context.md, .agent-kit/corrections/project-rules.json, COUNCIL.md, and QUALITY_GATES.md.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Start with Planner.
|
|
11
|
+
2. Name the active workflow and maturity target from QUALITY_GATES.md.
|
|
12
|
+
3. Map affected layers: data, business logic, presentation, auth, deployment, docs, and tests.
|
|
13
|
+
4. Name preserved behavior and compatibility constraints.
|
|
14
|
+
5. Route core changes through Lead Architect before implementation.
|
|
15
|
+
6. Record decision, risk, next handoff, and required outputs with `agent-kit session ...` when available.
|
|
16
|
+
|
|
17
|
+
Required outputs: goal, affected layers, preserved capabilities, implementation sequence, risks, tests, docs, handoffs, acceptance criteria.
|
|
18
|
+
"""
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
name = "security"
|
|
2
|
+
description = "Run OWASP, auth, RLS, dependency, secret, and external-call review before acceptance."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the security-review workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: SECURITY.md, .agent-kit/checklists/owasp.md, .agent-kit/checklists/rls.md, .agent-kit/skills/owasp-security-review.md, AGENTS.md, and .agent-kit/agent-roster.json.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Route through Security Reviewer for auth, RLS, API, Server Action, data mutation, dependency, secret, external-call, upload, or release-risk changes.
|
|
11
|
+
2. Check OWASP Top 10, IDOR, SSRF, injection, broken auth, unsafe output rendering, secret leakage, and vulnerable dependencies.
|
|
12
|
+
3. Verify service-role access stays server-only.
|
|
13
|
+
4. Record findings with severity, exploit path, affected behavior, and remediation.
|
|
14
|
+
|
|
15
|
+
Required outputs: reviewed boundaries, findings, severity, exploit path, mitigation, negative authorization tests or skipped rationale.
|
|
16
|
+
"""
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
name = "setup"
|
|
2
|
+
description = "Onboard the project into Agent Kit context and verify runtime adapter setup."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run Agent Kit setup as a runtime command.
|
|
6
|
+
|
|
7
|
+
Canonical sources: AGENTS.md, AGENT_ROSTER.md, .agent-kit/agent-roster.json, MODEL_ROUTING.md, .agent-kit/model-routing.json, QUALITY_GATES.md, and ASSISTANT_ADAPTERS.md.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Run or recommend `agent-kit setup --open` when project context is missing.
|
|
11
|
+
2. Validate context with `agent-kit context validate`.
|
|
12
|
+
3. Confirm adapter evidence in ASSISTANT_ADAPTERS.md.
|
|
13
|
+
4. Record setup evidence in an Agent Studio session when meaningful work starts.
|
|
14
|
+
|
|
15
|
+
Required outputs: project context status, active IDE/runtime surface, model-selection status, remaining setup gaps, verification command.
|
|
16
|
+
"""
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
name = "ship"
|
|
2
|
+
description = "Make a GO/NO-GO release call from council, security, QA, docs, deployment, and rollback evidence."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the ship workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: QUALITY_GATES.md, TESTING.md, SECURITY.md, DEPLOYMENT.md, UPGRADE.md, COUNCIL.md, .agent-kit/council-sessions/, and .agent-kit/agent-roster.json.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Confirm implementation scope and preserved behavior.
|
|
11
|
+
2. Require code review, Security Reviewer signoff, QA/test evidence, accessibility evidence when UI changed, docs evidence, deployment/observability review, and rollback plan.
|
|
12
|
+
3. Run the project release gate, normally `npm run release:check` for this package or the project-specific equivalent.
|
|
13
|
+
4. Record verification with `agent-kit session verify`.
|
|
14
|
+
5. Return GO only when required outputs are complete or explicitly not-applicable.
|
|
15
|
+
|
|
16
|
+
Required outputs: code review, security review, QA/test review, accessibility/doc/deployment checks, rollback plan, release command, GO/NO-GO verdict.
|
|
17
|
+
"""
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
name = "upgrade"
|
|
2
|
+
description = "Plan and verify Agent Kit, framework, dependency, and adapter upgrades with rollback evidence."
|
|
3
|
+
|
|
4
|
+
prompt = """
|
|
5
|
+
Run the upgrade-maintenance workflow.
|
|
6
|
+
|
|
7
|
+
Canonical sources: UPGRADE.md, CHANGELOG.md, DECISIONS.md, DEPLOYMENT.md, .agent-kit/skills/upgrade-maintenance.md, and QUALITY_GATES.md.
|
|
8
|
+
|
|
9
|
+
Workflow:
|
|
10
|
+
1. Run `agent-kit diff` before accepting template changes.
|
|
11
|
+
2. Preserve local overrides and review `.agent-kit/conflicts/`.
|
|
12
|
+
3. Check framework release notes, codemods, migrations, generated types, RLS impact, and rollback risk when applicable.
|
|
13
|
+
4. Run `agent-kit audit --min-readiness baseline-setup` after update.
|
|
14
|
+
5. Record version, migration impact, verification, owner, and rollback evidence.
|
|
15
|
+
|
|
16
|
+
Required outputs: version change, conflict review, migration impact, generated files/types, audit result, rollback plan, owner/date.
|
|
17
|
+
"""
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schemaVersion": 1,
|
|
3
|
+
"name": "agent-kit-next-supabase",
|
|
4
|
+
"displayName": "Agent Kit Next/Supabase",
|
|
5
|
+
"version": "0.1.3",
|
|
6
|
+
"description": "Runtime commands and portable skills for the Agent Kit Next/Supabase council workflow.",
|
|
7
|
+
"homepage": "https://github.com/lukey662/agentsandskills",
|
|
8
|
+
"sourceOfTruth": [
|
|
9
|
+
"AGENTS.md",
|
|
10
|
+
"AGENT_ROSTER.md",
|
|
11
|
+
".agent-kit/agent-roster.json",
|
|
12
|
+
"MODEL_ROUTING.md",
|
|
13
|
+
".agent-kit/model-routing.json",
|
|
14
|
+
"QUALITY_GATES.md",
|
|
15
|
+
"COUNCIL.md",
|
|
16
|
+
".agent-kit/council-sessions/"
|
|
17
|
+
],
|
|
18
|
+
"commands": [
|
|
19
|
+
{ "name": "setup", "path": "commands/setup.toml" },
|
|
20
|
+
{ "name": "audit", "path": "commands/audit.toml" },
|
|
21
|
+
{ "name": "plan", "path": "commands/plan.toml" },
|
|
22
|
+
{ "name": "handoff", "path": "commands/handoff.toml" },
|
|
23
|
+
{ "name": "frontend", "path": "commands/frontend.toml" },
|
|
24
|
+
{ "name": "security", "path": "commands/security.toml" },
|
|
25
|
+
{ "name": "copy", "path": "commands/copy.toml" },
|
|
26
|
+
{ "name": "ship", "path": "commands/ship.toml" },
|
|
27
|
+
{ "name": "upgrade", "path": "commands/upgrade.toml" }
|
|
28
|
+
],
|
|
29
|
+
"skills": [
|
|
30
|
+
{ "name": "accessibility-wcag", "path": "../runtime-skills/accessibility-wcag/SKILL.md" },
|
|
31
|
+
{ "name": "agent-handoff-tracing", "path": "../runtime-skills/agent-handoff-tracing/SKILL.md" },
|
|
32
|
+
{ "name": "best-practice-maturity-review", "path": "../runtime-skills/best-practice-maturity-review/SKILL.md" },
|
|
33
|
+
{ "name": "content-first-design", "path": "../runtime-skills/content-first-design/SKILL.md" },
|
|
34
|
+
{ "name": "conversion-copywriting", "path": "../runtime-skills/conversion-copywriting/SKILL.md" },
|
|
35
|
+
{ "name": "deployment-observability", "path": "../runtime-skills/deployment-observability/SKILL.md" },
|
|
36
|
+
{ "name": "docs-maintainer", "path": "../runtime-skills/docs-maintainer/SKILL.md" },
|
|
37
|
+
{ "name": "frontend-design-system", "path": "../runtime-skills/frontend-design-system/SKILL.md" },
|
|
38
|
+
{ "name": "frontend-distinctiveness-benchmark", "path": "../runtime-skills/frontend-distinctiveness-benchmark/SKILL.md" },
|
|
39
|
+
{ "name": "frontend-product-quality-rubric", "path": "../runtime-skills/frontend-product-quality-rubric/SKILL.md" },
|
|
40
|
+
{ "name": "landing-page-copy", "path": "../runtime-skills/landing-page-copy/SKILL.md" },
|
|
41
|
+
{ "name": "nextjs-app-router", "path": "../runtime-skills/nextjs-app-router/SKILL.md" },
|
|
42
|
+
{ "name": "onboarding-empty-state-copy", "path": "../runtime-skills/onboarding-empty-state-copy/SKILL.md" },
|
|
43
|
+
{ "name": "owasp-security-review", "path": "../runtime-skills/owasp-security-review/SKILL.md" },
|
|
44
|
+
{ "name": "planning-council", "path": "../runtime-skills/planning-council/SKILL.md" },
|
|
45
|
+
{ "name": "positioning-messaging", "path": "../runtime-skills/positioning-messaging/SKILL.md" },
|
|
46
|
+
{ "name": "postgres-migrations", "path": "../runtime-skills/postgres-migrations/SKILL.md" },
|
|
47
|
+
{ "name": "product-voice-tone", "path": "../runtime-skills/product-voice-tone/SKILL.md" },
|
|
48
|
+
{ "name": "reference-led-design-critique", "path": "../runtime-skills/reference-led-design-critique/SKILL.md" },
|
|
49
|
+
{ "name": "supabase-auth-rls", "path": "../runtime-skills/supabase-auth-rls/SKILL.md" },
|
|
50
|
+
{ "name": "testing-qa", "path": "../runtime-skills/testing-qa/SKILL.md" },
|
|
51
|
+
{ "name": "upgrade-maintenance", "path": "../runtime-skills/upgrade-maintenance/SKILL.md" },
|
|
52
|
+
{ "name": "visual-regression-qa", "path": "../runtime-skills/visual-regression-qa/SKILL.md" }
|
|
53
|
+
],
|
|
54
|
+
"validation": {
|
|
55
|
+
"agentKit": "agent-kit adapter validate antigravity",
|
|
56
|
+
"nativeOptional": "agy plugin validate"
|
|
57
|
+
}
|
|
58
|
+
}
|
|
@@ -21,6 +21,7 @@ Adapters should point back to those files. Do not maintain separate policy, secu
|
|
|
21
21
|
- `github-next-supabase.instructions.md`: path-aware Copilot/VS Code instructions for Next.js and Supabase files.
|
|
22
22
|
- `cursor-agent-kit.mdc`: Cursor project-rule template.
|
|
23
23
|
- `claude-code-subagents.md`: Claude Code project subagent template guidance.
|
|
24
|
+
- `antigravity.md`: Antigravity plugin, command, runtime skill, and validation guidance.
|
|
24
25
|
- `model-selection/`: dated setup examples for Codex, Claude Code, Cursor, and GitHub Copilot model routing.
|
|
25
26
|
|
|
26
27
|
## Activation Rule
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
# Antigravity Adapter
|
|
2
|
+
|
|
3
|
+
This adapter packages Agent Kit as native Antigravity-style plugin assets while keeping the Agent Kit council contract canonical.
|
|
4
|
+
|
|
5
|
+
## Source Of Truth
|
|
6
|
+
|
|
7
|
+
- `AGENTS.md`
|
|
8
|
+
- `AGENT_ROSTER.md`
|
|
9
|
+
- `.agent-kit/agent-roster.json`
|
|
10
|
+
- `MODEL_ROUTING.md`
|
|
11
|
+
- `.agent-kit/model-routing.json`
|
|
12
|
+
- `.agent-kit/project-context.json`
|
|
13
|
+
- `.agent-kit/project-context.md`
|
|
14
|
+
- `.agent-kit/corrections/project-rules.json`
|
|
15
|
+
- `.agent-kit/corrections/agent-rules.json`
|
|
16
|
+
- `COUNCIL.md`
|
|
17
|
+
- `.agent-kit/council-sessions/`
|
|
18
|
+
- `QUALITY_GATES.md`
|
|
19
|
+
|
|
20
|
+
Runtime command files must wrap those files. Do not fork role definitions, security policy, frontend quality rules, release gates, or session evidence rules into command prompts.
|
|
21
|
+
|
|
22
|
+
## Activation
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
agent-kit init --activate antigravity
|
|
26
|
+
agent-kit adapter validate antigravity
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
This installs:
|
|
30
|
+
|
|
31
|
+
- `.antigravity/agent-kit/plugin.json`
|
|
32
|
+
- `.antigravity/agent-kit/commands/*.toml`
|
|
33
|
+
- `.antigravity/runtime-skills/*/SKILL.md`
|
|
34
|
+
- `.antigravity/agent-kit/README.md`
|
|
35
|
+
|
|
36
|
+
If the `agy` CLI is available, teams may additionally run its native plugin validation. Agent Kit only requires structural validation because many projects will not have Antigravity installed locally.
|
|
37
|
+
|
|
38
|
+
## Command Contract
|
|
39
|
+
|
|
40
|
+
Commands expose short runtime entrypoints:
|
|
41
|
+
|
|
42
|
+
- `/setup`
|
|
43
|
+
- `/audit`
|
|
44
|
+
- `/plan`
|
|
45
|
+
- `/handoff`
|
|
46
|
+
- `/frontend`
|
|
47
|
+
- `/security`
|
|
48
|
+
- `/copy`
|
|
49
|
+
- `/ship`
|
|
50
|
+
- `/upgrade`
|
|
51
|
+
|
|
52
|
+
Each command must load project context and correction rules when present, select the appropriate roster workflow, record required outputs with `agent-kit session output`, and render sessions when evidence changes.
|
|
53
|
+
|
|
54
|
+
## Security
|
|
55
|
+
|
|
56
|
+
Do not place tokens, credentials, private URLs, database URLs, customer data, or hidden model reasoning in Antigravity plugin files, command files, or runtime skills.
|
|
@@ -24,7 +24,7 @@ name: planner
|
|
|
24
24
|
description: Use for planning, phasing, scope breakdown, workflow routing, and council setup in this repository.
|
|
25
25
|
---
|
|
26
26
|
|
|
27
|
-
Read `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` before making routing decisions.
|
|
27
|
+
Read `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` before making routing decisions.
|
|
28
28
|
|
|
29
29
|
Start with the Planner workflow. For core changes, hand off to Lead Architect. For frontend changes, require Frontend Design Lead evidence. For auth, RLS, secrets, dependency, external-call, or release-risk changes, require Security Reviewer. Record meaningful decisions, risks, handoffs, human corrections, artifacts, evidence, and verification through Agent Studio session files when available.
|
|
30
30
|
```
|
|
@@ -11,19 +11,33 @@ Use `AGENTS.md` as the primary project instruction surface.
|
|
|
11
11
|
- `.agent-kit/model-routing.json`
|
|
12
12
|
- `.agent-kit/project-context.json`
|
|
13
13
|
- `.agent-kit/project-context.md`
|
|
14
|
+
- `.agent-kit/agent-briefs.md` when present
|
|
14
15
|
- `.agent-kit/corrections/project-rules.json`
|
|
15
16
|
- `.agent-kit/corrections/agent-rules.json`
|
|
16
17
|
- `COUNCIL.md`
|
|
17
18
|
- `.agent-kit/council-sessions/`
|
|
18
19
|
- `QUALITY_GATES.md`
|
|
19
20
|
|
|
21
|
+
## Council Custom Agents
|
|
22
|
+
|
|
23
|
+
After `agent-kit init --activate codex`, council specialists live in `.codex/agents/*.toml`.
|
|
24
|
+
|
|
25
|
+
Spawn a dedicated custom agent instead of role-playing the whole council in one thread:
|
|
26
|
+
|
|
27
|
+
- **Planning / scope:** `.codex/agents/planner.toml`
|
|
28
|
+
- **Security / RLS / secrets:** `.codex/agents/security-reviewer.toml` (high reasoning effort)
|
|
29
|
+
- **Frontend UI:** `.codex/agents/frontend-design-lead.toml`
|
|
30
|
+
- **QA / tests:** `.codex/agents/qa-engineer.toml`
|
|
31
|
+
|
|
32
|
+
Each file sets `model_reasoning_effort` from `.agent-kit/model-routing.json`. Verify model names in your Codex environment against `MODEL_ROUTING.md`.
|
|
33
|
+
|
|
20
34
|
## Operating Rule
|
|
21
35
|
|
|
22
36
|
When a task is planning-oriented, ambiguous, risky, frontend-facing, security-sensitive, or release-related, start from the roster workflow instead of treating the request as a single generic implementation pass.
|
|
23
37
|
|
|
24
38
|
Use `MODEL_ROUTING.md` to choose the model profile or reasoning effort for the active role. Exact model names belong in dated config comments, not in the role definitions.
|
|
25
39
|
|
|
26
|
-
Before meaningful work, load project context and active correction rules. For meaningful handoffs, record visible decisions and evidence with `agent-kit session ...` commands, then run `agent-kit session render`.
|
|
40
|
+
Before meaningful work, load project context, agent briefs when present, and active correction rules. For meaningful handoffs, record visible decisions and evidence with `agent-kit session checkpoint --file <json>` or individual `agent-kit session ...` commands, then run `agent-kit session render`.
|
|
27
41
|
|
|
28
42
|
## Verification
|
|
29
43
|
|
|
@@ -33,3 +47,5 @@ Record in `ASSISTANT_ADAPTERS.md`:
|
|
|
33
47
|
- The command, session, or screenshot that proves the instructions loaded.
|
|
34
48
|
- The model-selection setting or profile used for the active role.
|
|
35
49
|
- Any known limitations or manual invocation steps.
|
|
50
|
+
|
|
51
|
+
Run `agent-kit adapter validate codex` after activation.
|
|
@@ -7,7 +7,7 @@ alwaysApply: true
|
|
|
7
7
|
|
|
8
8
|
# Agent Kit Cursor Rule
|
|
9
9
|
|
|
10
|
-
Use `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth.
|
|
10
|
+
Use `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth.
|
|
11
11
|
|
|
12
12
|
## Routing
|
|
13
13
|
|
|
@@ -19,7 +19,8 @@ Use `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTI
|
|
|
19
19
|
- Significant changes require living markdown updates.
|
|
20
20
|
- Meaningful work should read project context and active corrections first.
|
|
21
21
|
- Human corrections should be recorded before continuing and promoted to durable project or agent correction rules when they should affect future work.
|
|
22
|
-
- Meaningful multi-agent work should use `agent-kit session ...` commands and render Markdown evidence when available.
|
|
22
|
+
- Meaningful multi-agent work should use `agent-kit session checkpoint --file <json>` or individual `agent-kit session ...` commands and render Markdown evidence when available.
|
|
23
|
+
- For council work, delegate to the matching project subagent in `.cursor/agents/` instead of role-playing every role in the main thread.
|
|
23
24
|
|
|
24
25
|
## Validation
|
|
25
26
|
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Require Frontend Design Lead evidence for significant UI and component work.
|
|
3
|
+
globs:
|
|
4
|
+
- "src/app/**"
|
|
5
|
+
- "src/components/**"
|
|
6
|
+
- "**/*.css"
|
|
7
|
+
alwaysApply: false
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Frontend design gate reminders
|
|
11
|
+
|
|
12
|
+
Significant UI changes require **Frontend Design Lead** review: brand/content intake, creative-direction rationale, reference-led critique, product-quality scorecard, accessibility, and visual QA evidence.
|
|
13
|
+
|
|
14
|
+
Delegate to `@frontend-design-lead` in `.cursor/agents/frontend-design-lead.md` for isolated design review context.
|
|
15
|
+
|
|
16
|
+
Reject generic AI-looking UI that is not specific to the product workflow and content model.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Route ambiguous, planning, and cross-layer requests through the Planner workflow first.
|
|
3
|
+
globs:
|
|
4
|
+
- "**/*"
|
|
5
|
+
alwaysApply: false
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Planner routing
|
|
9
|
+
|
|
10
|
+
When a request is ambiguous, planning-oriented, roadmap-related, or spans multiple layers, start with the **Planner** workflow before implementation.
|
|
11
|
+
|
|
12
|
+
Delegate to the `@planner` subagent in `.cursor/agents/planner.md` when the task needs isolated planning context.
|
|
13
|
+
|
|
14
|
+
Read project context, corrections, and `AGENT_ROSTER.md` before choosing a workflow.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Require Security Reviewer for auth, RLS, secrets, API mutations, and external calls.
|
|
3
|
+
globs:
|
|
4
|
+
- "supabase/**"
|
|
5
|
+
- "**/auth/**"
|
|
6
|
+
- "**/api/**"
|
|
7
|
+
- "**/middleware.ts"
|
|
8
|
+
- "**/proxy.ts"
|
|
9
|
+
alwaysApply: false
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# Security gate reminders
|
|
13
|
+
|
|
14
|
+
Auth, RLS, data mutation, dependency, secret, external-call, and release-risk changes require **Security Reviewer** review before acceptance.
|
|
15
|
+
|
|
16
|
+
Delegate to `@security-reviewer` in `.cursor/agents/security-reviewer.md` or Task `security-review` for isolated review context.
|
|
17
|
+
|
|
18
|
+
Verify OWASP Top 10, IDOR, SSRF, injection, broken auth, and least-privilege boundaries.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Repository Instructions
|
|
2
2
|
|
|
3
|
-
This repository uses Agent Kit. Treat `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth for agent routing, project context, correction rules, model profiles, quality gates, and handoff evidence.
|
|
3
|
+
This repository uses Agent Kit. Treat `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md` as the source of truth for agent routing, project context, correction rules, model profiles, quality gates, and handoff evidence.
|
|
4
4
|
|
|
5
5
|
## Workflows
|
|
6
6
|
|
|
@@ -4,7 +4,7 @@ applyTo: "app/**/*.{ts,tsx},src/app/**/*.{ts,tsx},pages/**/*.{ts,tsx},src/pages/
|
|
|
4
4
|
|
|
5
5
|
# Next.js + Supabase Agent Kit Instructions
|
|
6
6
|
|
|
7
|
-
Follow `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md`.
|
|
7
|
+
Follow `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTING.md`, `.agent-kit/model-routing.json`, `.agent-kit/project-context.json`, `.agent-kit/project-context.md`, `.agent-kit/agent-briefs.md` when present, `.agent-kit/corrections/project-rules.json`, `.agent-kit/corrections/agent-rules.json`, `COUNCIL.md`, `.agent-kit/council-sessions/`, and `QUALITY_GATES.md`.
|
|
8
8
|
|
|
9
9
|
## Next.js
|
|
10
10
|
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
# Codex model-selection example for Agent Kit.
|
|
2
2
|
# Copy the relevant comments into ~/.codex/config.toml or a trusted project .codex/config.toml.
|
|
3
3
|
# Verify current model availability in your Codex environment before uncommenting.
|
|
4
|
+
#
|
|
5
|
+
# Custom council agents generated by agent-kit live under .codex/agents/*.toml.
|
|
6
|
+
# Run `agent-kit init --activate codex` to create them from the project roster.
|
|
4
7
|
|
|
5
8
|
# June 2026 Agent Kit suggested baseline:
|
|
6
9
|
# model = "gpt-5.5"
|