@appsforgood/next-supabase-kit 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/DOGFOOD.md +15 -0
- package/LOOP_CODING.md +107 -0
- package/MAINTAINER_RELEASE.md +100 -0
- package/assistant-adapters/codex-agents.md +15 -0
- package/assistant-adapters/cursor-agent-kit.mdc +1 -0
- package/assistant-adapters/cursor-frontend.mdc +16 -0
- package/assistant-adapters/cursor-planner.mdc +14 -0
- package/assistant-adapters/cursor-security.mdc +18 -0
- package/assistant-adapters/model-selection/codex-config.example.toml +3 -0
- package/dist/index.js +976 -285
- package/dist/index.js.map +1 -1
- package/dist/studio/office/assets/office.css +79 -1
- package/dist/studio/office/assets/office.js +72 -1
- package/dist/studio/wizard/assets/wizard.css +52 -0
- package/dist/studio/wizard/assets/wizard.js +76 -5
- package/examples/next-supabase-installed/.agent-kit/manifest.json +7 -5
- package/examples/next-supabase-installed/.agent-kit/overrides.json +1 -7
- package/examples/next-supabase-installed/audit-output.json +25 -3
- package/examples/next-supabase-installed/tree.txt +1 -0
- package/package.json +8 -3
- package/research/summaries/agentic-engineering-maturity-levels.md +54 -0
- package/schemas/agentic-level.schema.json +47 -0
- package/schemas/onboarding-state.schema.json +4 -1
- package/templates/next-supabase/ASSISTANT_ADAPTERS.md +26 -2
- package/templates/next-supabase/DOCS.md +2 -0
- package/templates/next-supabase/LOOP_CODING.md +98 -0
- package/templates/next-supabase/TESTING.md +10 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.1.5
|
|
4
|
+
|
|
5
|
+
- Added computed **Agentic Engineering Level** (L3–L6) in Agent Office and setup wizard: iceberg strip, climb checklist, `/api/state` payload, and `POST /api/agentic-level/refresh`.
|
|
6
|
+
- Added [`src/studio/agentic-level.ts`](src/studio/agentic-level.ts), [`schemas/agentic-level.schema.json`](schemas/agentic-level.schema.json), and maintainer-profile L6 signals for kit source repos.
|
|
7
|
+
- Extended setup wizard with adapter validate chip on IDE activation, audit-readiness vs Agentic level copy, and `LOOP_CODING.md` eval-loop next steps on complete.
|
|
8
|
+
- Added [`research/summaries/agentic-engineering-maturity-levels.md`](research/summaries/agentic-engineering-maturity-levels.md) and cross-links from `DOCS.md`, `HANDOVER.md`, and `LOOP_CODING.md`.
|
|
9
|
+
|
|
10
|
+
## 0.1.4
|
|
11
|
+
|
|
12
|
+
- Added true multi-agent IDE activation for **Cursor** (`.cursor/agents/*.md`, `.cursor/skills/*/SKILL.md`, scoped rules) and **Codex** (`.codex/agents/*.toml` with model routing effort) via `agent-kit init --activate cursor|codex`.
|
|
13
|
+
- Added shared roster adapter generation (`roster-adapters.ts`) and assistant adapter table parsing so audit and `adapter validate` warn when Active Cursor/Codex rows lack specialist files.
|
|
14
|
+
- Fixed setup wizard IDE activation order so `present` is detected after files are generated and conflicts are returned in the API response.
|
|
15
|
+
- Quoted YAML frontmatter in generated Cursor/Claude subagents and Cursor skills so descriptions with colons or quotes remain valid.
|
|
16
|
+
- Stopped post-copy mutation of existing `.codex/config.toml`; conflict-safe copy behavior now protects customized Codex config.
|
|
17
|
+
- Fixed `cursor-planner.mdc` scoped rule frontmatter and expanded adapter validation, IDE activation, and SSE stream tests.
|
|
18
|
+
|
|
3
19
|
## 0.1.3
|
|
4
20
|
|
|
5
21
|
- Added Antigravity runtime adapter support with `agent-kit init --activate antigravity`, `antigravity/plugin.json`, native `/setup`, `/audit`, `/plan`, `/handoff`, `/frontend`, `/security`, `/copy`, `/ship`, and `/upgrade` command files, and portable `runtime-skills/*/SKILL.md` wrappers.
|
package/DOGFOOD.md
CHANGED
|
@@ -119,3 +119,18 @@ Covered by `tests/update.test.ts`.
|
|
|
119
119
|
- Activate at least one assistant adapter in a real project and record whether the chosen tool loads the canonical council instructions.
|
|
120
120
|
- Apply the reference-led design critique gate to one real frontend change with desktop/mobile screenshot evidence.
|
|
121
121
|
- After public publish, run `npm run publish:verify` to verify registry visibility, public `npx doctor`, clean temp `init`, and `audit --json` with zero failures.
|
|
122
|
+
|
|
123
|
+
## BaseRepo Maintainer Dogfood Policy
|
|
124
|
+
|
|
125
|
+
Date: 2026-06-17
|
|
126
|
+
Policy: **gitignored local overlay + bootstrap script** (not committed to kit source)
|
|
127
|
+
|
|
128
|
+
| Item | Detail |
|
|
129
|
+
| --- | --- |
|
|
130
|
+
| Bootstrap | `npm run dogfood:init` runs `agent-kit init --stack next-supabase --activate cursor --activate codex` against the repo root |
|
|
131
|
+
| Gitignore | `.agent-kit/`, `.codex/`, init-generated council docs at repo root, and local pack tarballs — see `.gitignore` and [DOCS.md](DOCS.md#maintainer-dogfood) |
|
|
132
|
+
| Validation | `node dist/index.js adapter validate cursor\|codex` after bootstrap |
|
|
133
|
+
| Release evidence | [MAINTAINER_RELEASE.md](MAINTAINER_RELEASE.md) session checklist; loop patterns in [LOOP_CODING.md](LOOP_CODING.md) |
|
|
134
|
+
| Rationale | Kit source stays in `templates/` and tracked maintainer docs; overlay proves Tier B activation without polluting commit history |
|
|
135
|
+
|
|
136
|
+
This policy closes the gap where the kit shipped Level 5 IDE surfaces but BaseRepo maintainers operated at Level 4 day-to-day.
|
package/LOOP_CODING.md
ADDED
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
# Loop Coding
|
|
2
|
+
|
|
3
|
+
Loop coding means the agent repeats **plan → act → check → fix** until a stop condition, instead of finishing in one chat turn. The Agent Kit is opinionated about **which loops are safe** and **which checkpoints must stay in place**.
|
|
4
|
+
|
|
5
|
+
This document describes loop types, kit-safe patterns, and limits. It is the canonical reference for eval-driven development with `@appsforgood/next-supabase-kit`.
|
|
6
|
+
|
|
7
|
+
## Loop Types
|
|
8
|
+
|
|
9
|
+
| Loop type | What it means | Kit-safe version |
|
|
10
|
+
| --- | --- | --- |
|
|
11
|
+
| **Agent loop** | Same agent iterates on feedback until done | Use scoped prompts (for example `.agent-kit/prompts/implement-feature.md`); review each turn; do not remove Security Reviewer or QA gates |
|
|
12
|
+
| **Eval-driven loop** | Code changes until **tests, audit, or evals pass** | `npm test` + `agent-kit audit` + CI — BaseRepo uses `npm run release:check` as the maintainer merge gate |
|
|
13
|
+
| **Self-improving loop** | Agent critiques its own output and revises | Manual: delegate to `@qa-engineer` or run tests between passes; **avoid fully unsupervised self-critique on auth, RLS, or release tooling** |
|
|
14
|
+
| **Council / team loop** | Planner → specialist → Security → QA handoffs | `agent-kit session handoff` + IDE subagents — the kit's core operating model |
|
|
15
|
+
| **Background / overnight loop** | Runs without a human present | **Defer by default** — requires worktree policy, cost caps, kill switches, and stronger eval gates than agent freedom |
|
|
16
|
+
|
|
17
|
+
## Practical Rule
|
|
18
|
+
|
|
19
|
+
Climb maturity by adding **checkpoints** (tests, audit, guards, human review), not by removing them. Unsupervised loops are only healthy when **eval gates are stronger than the agent's freedom**.
|
|
20
|
+
|
|
21
|
+
## Eval-Driven PR Loop (recommended)
|
|
22
|
+
|
|
23
|
+
For feature work in a kit-consuming project:
|
|
24
|
+
|
|
25
|
+
1. **Plan** — Planner classifies scope; Lead Architect maps affected layers when the change is core.
|
|
26
|
+
2. **Implement** — Next.js / Supabase engineers (or general agent with council rules loaded).
|
|
27
|
+
3. **Check** — run the smallest reliable gate set:
|
|
28
|
+
```bash
|
|
29
|
+
npm test
|
|
30
|
+
agent-kit audit --min-readiness baseline-setup
|
|
31
|
+
agent-kit adapter validate all # when IDE surfaces change
|
|
32
|
+
```
|
|
33
|
+
4. **Fix** — repeat implement/check until green or blocked on a documented gap.
|
|
34
|
+
5. **Record** — `agent-kit session render` and mirror summary in `COUNCIL.md` for meaningful multi-agent work.
|
|
35
|
+
|
|
36
|
+
BaseRepo maintainers use the same pattern at repo scale:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
npm run release:check # tests, build, package validate, smokes, adapter validate
|
|
40
|
+
npm run smoke:audit-gate
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
## Council Loop (multi-agent)
|
|
44
|
+
|
|
45
|
+
The default handoff order lives in `AGENTS.md` and `.agent-kit/agent-roster.json`:
|
|
46
|
+
|
|
47
|
+
1. Planner — scope, workflow, council selection
|
|
48
|
+
2. Lead Architect — core changes
|
|
49
|
+
3. Domain engineers — data, UI, copy as needed
|
|
50
|
+
4. Security Reviewer — auth, mutations, secrets, dependencies, release risk
|
|
51
|
+
5. QA Engineer — behavior evidence
|
|
52
|
+
6. Documentation Maintainer — living docs and council record
|
|
53
|
+
|
|
54
|
+
Use Agent Studio when the CLI is available:
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
agent-kit session start --workflow core-change --request "Short title"
|
|
58
|
+
agent-kit session handoff --from planner --to lead-architect --decision "..." --risk "..." --next "..." --evidence "..."
|
|
59
|
+
agent-kit session verify --command "npm test" --result pass
|
|
60
|
+
agent-kit session output phased-checklist --status complete --evidence "..."
|
|
61
|
+
agent-kit session render
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
When CLI tooling is unavailable, append the session template in `COUNCIL.md` (see `MAINTAINER_RELEASE.md` for kit release evidence).
|
|
65
|
+
|
|
66
|
+
## Hooks And Local Automation (Level 6 enablers)
|
|
67
|
+
|
|
68
|
+
The kit does **not** ship unsupervised orchestration. It documents safe local enablers:
|
|
69
|
+
|
|
70
|
+
| Pattern | Purpose | Starting point |
|
|
71
|
+
| --- | --- | --- |
|
|
72
|
+
| Pre-commit test or audit | Catch drift before commit | `.agent-kit/prompts/audit-project-setup.md`, project `npm test` |
|
|
73
|
+
| Post-edit lint/typecheck | Fast feedback on save | Project ESLint / `tsc --noEmit` in editor or CI |
|
|
74
|
+
| PR CI audit gate | Block merge below readiness | `.github/workflows/agent-kit-audit.yml` template |
|
|
75
|
+
| Adapter validate on PR | Prove IDE templates stay shippable | `agent-kit adapter validate all` (BaseRepo: `npm run adapter:validate` in `release:check`) |
|
|
76
|
+
|
|
77
|
+
For Cursor-specific hook/automation patterns, see Cursor Automations docs and keep Planner-first triage **opt-in** — never as a replacement for Security Reviewer or human release approval.
|
|
78
|
+
|
|
79
|
+
## MCP Routing (delegation hint)
|
|
80
|
+
|
|
81
|
+
Match MCP servers to council roles in consuming projects:
|
|
82
|
+
|
|
83
|
+
| Role | Typical MCP use |
|
|
84
|
+
| --- | --- |
|
|
85
|
+
| Supabase/Postgres Engineer | Schema, migrations, RLS, logs, advisors |
|
|
86
|
+
| Security Reviewer | Dependency/advisory checks; no broad production writes without review |
|
|
87
|
+
| Deployment/Observability Engineer | Hosting logs, release status, error tracking |
|
|
88
|
+
| QA Engineer | Test runners, visual diff tools where configured |
|
|
89
|
+
|
|
90
|
+
Record active MCP surfaces in `ASSISTANT_ADAPTERS.md` when they affect council behavior.
|
|
91
|
+
|
|
92
|
+
## What Not To Default
|
|
93
|
+
|
|
94
|
+
- Overnight unsupervised agent runs on auth, RLS, or release tooling
|
|
95
|
+
- Agents managing agents without eval harness and kill switches
|
|
96
|
+
- Removing human review from publish, migration, or security-sensitive paths
|
|
97
|
+
- Duplicating runtime product agents inside the kit repo (wrong shape for agent-kit)
|
|
98
|
+
|
|
99
|
+
## Related Docs
|
|
100
|
+
|
|
101
|
+
- `AGENTS.md` — council roles and default handoffs
|
|
102
|
+
- `QUALITY_GATES.md` — Baseline / Strong / Mature evidence tiers
|
|
103
|
+
- `COUNCIL.md` — session evidence template
|
|
104
|
+
- `MAINTAINER_RELEASE.md` — kit maintainer release session checklist
|
|
105
|
+
- `research/summaries/agentic-engineering-maturity-levels.md` — L3–L8 ladder and office integration
|
|
106
|
+
- `TESTING.md` — project test and CI gate expectations
|
|
107
|
+
- `PUBLISH.md` — npm publish runbook
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
# Maintainer Release Evidence
|
|
2
|
+
|
|
3
|
+
Use this checklist when shipping `@appsforgood/next-supabase-kit` releases. It aligns kit maintainer practice with the **Strong** tier in `QUALITY_GATES.md`: council sessions record workflow, decision, risk, next handoff, required outputs, and evidence.
|
|
4
|
+
|
|
5
|
+
For loop patterns and safe automation limits, see [LOOP_CODING.md](LOOP_CODING.md). For publish steps, see [PUBLISH.md](PUBLISH.md).
|
|
6
|
+
|
|
7
|
+
## When To Open A Session
|
|
8
|
+
|
|
9
|
+
Start `agent-kit session` (or a `COUNCIL.md` entry) when the release includes any of:
|
|
10
|
+
|
|
11
|
+
- CLI or install behavior changes
|
|
12
|
+
- New or changed IDE adapter surfaces (Cursor, Codex, Claude, Copilot, Antigravity)
|
|
13
|
+
- Audit, roster, schema, or Agent Studio contract changes
|
|
14
|
+
- Security-sensitive dependency or publish pipeline changes
|
|
15
|
+
- Multi-agent work spanning Planner → Architect → QA
|
|
16
|
+
|
|
17
|
+
Skip a formal session only for typo-only doc fixes with no behavioral impact.
|
|
18
|
+
|
|
19
|
+
## Bootstrap Maintainer Dogfood
|
|
20
|
+
|
|
21
|
+
Maintainers run the kit locally on BaseRepo without committing the overlay:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
npm run dogfood:init
|
|
25
|
+
node dist/index.js adapter validate cursor
|
|
26
|
+
node dist/index.js adapter validate codex
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Generated paths (`.agent-kit/`, `.cursor/`, `.codex/`, root council docs from init) are **gitignored**. Kit source stays in `templates/`, `assistant-adapters/`, and tracked root docs such as `DOCS.md` and `SPEC.md`.
|
|
30
|
+
|
|
31
|
+
## Release Session Workflow
|
|
32
|
+
|
|
33
|
+
```bash
|
|
34
|
+
agent-kit session start --workflow release --request "Release vX.Y.Z"
|
|
35
|
+
agent-kit session decision --agent planner --decision "..." --risk "..." --next "lead-architect" --evidence "..."
|
|
36
|
+
agent-kit session verify --command "npm run release:check" --result pass --notes "..."
|
|
37
|
+
agent-kit session verify --command "npm run smoke:audit-gate" --result pass
|
|
38
|
+
agent-kit session output changelog --status complete --evidence "CHANGELOG.md#X.Y.Z"
|
|
39
|
+
agent-kit session output test-evidence --status complete --evidence "vitest + smokes green"
|
|
40
|
+
agent-kit session output publish-evidence --status complete --evidence "npm run publish:verify or GitHub Release vX.Y.Z"
|
|
41
|
+
agent-kit session render
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
After publish, append a short evidence block to [DOGFOOD.md](DOGFOOD.md) (public-safe, no local paths).
|
|
45
|
+
|
|
46
|
+
## COUNCIL.md Mirror Template
|
|
47
|
+
|
|
48
|
+
When Agent Studio CLI is unavailable, paste this block into root `COUNCIL.md` (maintainer overlay, gitignored) or into the PR description:
|
|
49
|
+
|
|
50
|
+
```md
|
|
51
|
+
## YYYY-MM-DD - Release vX.Y.Z
|
|
52
|
+
|
|
53
|
+
- Workflow: release
|
|
54
|
+
- Status: complete
|
|
55
|
+
- Request: Ship @appsforgood/next-supabase-kit@X.Y.Z
|
|
56
|
+
- Affected layers: CLI, install, adapters, docs, CI, deployment
|
|
57
|
+
|
|
58
|
+
### Required Outputs
|
|
59
|
+
|
|
60
|
+
| Output | Status | Evidence |
|
|
61
|
+
| --- | --- | --- |
|
|
62
|
+
| Phased checklist | Complete | ROADMAP / PR scope |
|
|
63
|
+
| Architecture decision | Complete/N/A | DECISIONS.md or PR note |
|
|
64
|
+
| Security review | Complete | Dependency audit in release:check; no secret in adapters |
|
|
65
|
+
| Test evidence | Complete | npm run release:check; npm run smoke:audit-gate |
|
|
66
|
+
| Adapter validation | Complete | npm run adapter:validate (all IDE templates) |
|
|
67
|
+
| Docs impact | Complete | CHANGELOG.md, DOCS.md, PUBLISH.md if process changed |
|
|
68
|
+
| Publish verification | Complete | npm run publish:verify or Release workflow green |
|
|
69
|
+
|
|
70
|
+
### Handoffs
|
|
71
|
+
|
|
72
|
+
| Agent | Decision | Risk | Next Handoff | Evidence |
|
|
73
|
+
| --- | --- | --- | --- | --- |
|
|
74
|
+
| Planner | Release scope approved | Missed breaking change | Lead Architect / QA | PR + CHANGELOG |
|
|
75
|
+
| QA Engineer | release:check green | Residual flake | Documentation Maintainer | CI logs |
|
|
76
|
+
| Documentation Maintainer | CHANGELOG + DOGFOOD updated | Stale public evidence | Deployment/Observability | DOGFOOD.md entry |
|
|
77
|
+
|
|
78
|
+
### Verification
|
|
79
|
+
|
|
80
|
+
| Command Or Review | Result | Notes |
|
|
81
|
+
| --- | --- | --- |
|
|
82
|
+
| npm run release:check | Pass | Includes adapter:validate |
|
|
83
|
+
| npm run smoke:audit-gate | Pass | baseline-setup, 0 failures |
|
|
84
|
+
| npm run publish:verify | Pass/Skipped | Required after registry publish |
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
## Pre-Merge Gate (BaseRepo)
|
|
88
|
+
|
|
89
|
+
Every release PR must pass:
|
|
90
|
+
|
|
91
|
+
1. `npm run release:check` (tests, build, package validate, smokes, **adapter validate all**, audit, pack dry-run)
|
|
92
|
+
2. `npm run smoke:audit-gate`
|
|
93
|
+
3. CHANGELOG section for the target version
|
|
94
|
+
4. Session render or COUNCIL mirror with verification table filled in
|
|
95
|
+
|
|
96
|
+
## Post-Publish
|
|
97
|
+
|
|
98
|
+
1. Run `npm run publish:verify` after registry propagation (or confirm Release workflow verification).
|
|
99
|
+
2. Update `DOGFOOD.md` with publish verification snapshot (no machine paths).
|
|
100
|
+
3. Mark release items in `ROADMAP.md`.
|
|
@@ -18,6 +18,19 @@ Use `AGENTS.md` as the primary project instruction surface.
|
|
|
18
18
|
- `.agent-kit/council-sessions/`
|
|
19
19
|
- `QUALITY_GATES.md`
|
|
20
20
|
|
|
21
|
+
## Council Custom Agents
|
|
22
|
+
|
|
23
|
+
After `agent-kit init --activate codex`, council specialists live in `.codex/agents/*.toml`.
|
|
24
|
+
|
|
25
|
+
Spawn a dedicated custom agent instead of role-playing the whole council in one thread:
|
|
26
|
+
|
|
27
|
+
- **Planning / scope:** `.codex/agents/planner.toml`
|
|
28
|
+
- **Security / RLS / secrets:** `.codex/agents/security-reviewer.toml` (high reasoning effort)
|
|
29
|
+
- **Frontend UI:** `.codex/agents/frontend-design-lead.toml`
|
|
30
|
+
- **QA / tests:** `.codex/agents/qa-engineer.toml`
|
|
31
|
+
|
|
32
|
+
Each file sets `model_reasoning_effort` from `.agent-kit/model-routing.json`. Verify model names in your Codex environment against `MODEL_ROUTING.md`.
|
|
33
|
+
|
|
21
34
|
## Operating Rule
|
|
22
35
|
|
|
23
36
|
When a task is planning-oriented, ambiguous, risky, frontend-facing, security-sensitive, or release-related, start from the roster workflow instead of treating the request as a single generic implementation pass.
|
|
@@ -34,3 +47,5 @@ Record in `ASSISTANT_ADAPTERS.md`:
|
|
|
34
47
|
- The command, session, or screenshot that proves the instructions loaded.
|
|
35
48
|
- The model-selection setting or profile used for the active role.
|
|
36
49
|
- Any known limitations or manual invocation steps.
|
|
50
|
+
|
|
51
|
+
Run `agent-kit adapter validate codex` after activation.
|
|
@@ -20,6 +20,7 @@ Use `AGENTS.md`, `AGENT_ROSTER.md`, `.agent-kit/agent-roster.json`, `MODEL_ROUTI
|
|
|
20
20
|
- Meaningful work should read project context and active corrections first.
|
|
21
21
|
- Human corrections should be recorded before continuing and promoted to durable project or agent correction rules when they should affect future work.
|
|
22
22
|
- Meaningful multi-agent work should use `agent-kit session checkpoint --file <json>` or individual `agent-kit session ...` commands and render Markdown evidence when available.
|
|
23
|
+
- For council work, delegate to the matching project subagent in `.cursor/agents/` instead of role-playing every role in the main thread.
|
|
23
24
|
|
|
24
25
|
## Validation
|
|
25
26
|
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Require Frontend Design Lead evidence for significant UI and component work.
|
|
3
|
+
globs:
|
|
4
|
+
- "src/app/**"
|
|
5
|
+
- "src/components/**"
|
|
6
|
+
- "**/*.css"
|
|
7
|
+
alwaysApply: false
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Frontend design gate reminders
|
|
11
|
+
|
|
12
|
+
Significant UI changes require **Frontend Design Lead** review: brand/content intake, creative-direction rationale, reference-led critique, product-quality scorecard, accessibility, and visual QA evidence.
|
|
13
|
+
|
|
14
|
+
Delegate to `@frontend-design-lead` in `.cursor/agents/frontend-design-lead.md` for isolated design review context.
|
|
15
|
+
|
|
16
|
+
Reject generic AI-looking UI that is not specific to the product workflow and content model.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Route ambiguous, planning, and cross-layer requests through the Planner workflow first.
|
|
3
|
+
globs:
|
|
4
|
+
- "**/*"
|
|
5
|
+
alwaysApply: false
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Planner routing
|
|
9
|
+
|
|
10
|
+
When a request is ambiguous, planning-oriented, roadmap-related, or spans multiple layers, start with the **Planner** workflow before implementation.
|
|
11
|
+
|
|
12
|
+
Delegate to the `@planner` subagent in `.cursor/agents/planner.md` when the task needs isolated planning context.
|
|
13
|
+
|
|
14
|
+
Read project context, corrections, and `AGENT_ROSTER.md` before choosing a workflow.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Require Security Reviewer for auth, RLS, secrets, API mutations, and external calls.
|
|
3
|
+
globs:
|
|
4
|
+
- "supabase/**"
|
|
5
|
+
- "**/auth/**"
|
|
6
|
+
- "**/api/**"
|
|
7
|
+
- "**/middleware.ts"
|
|
8
|
+
- "**/proxy.ts"
|
|
9
|
+
alwaysApply: false
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# Security gate reminders
|
|
13
|
+
|
|
14
|
+
Auth, RLS, data mutation, dependency, secret, external-call, and release-risk changes require **Security Reviewer** review before acceptance.
|
|
15
|
+
|
|
16
|
+
Delegate to `@security-reviewer` in `.cursor/agents/security-reviewer.md` or Task `security-review` for isolated review context.
|
|
17
|
+
|
|
18
|
+
Verify OWASP Top 10, IDOR, SSRF, injection, broken auth, and least-privilege boundaries.
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
# Codex model-selection example for Agent Kit.
|
|
2
2
|
# Copy the relevant comments into ~/.codex/config.toml or a trusted project .codex/config.toml.
|
|
3
3
|
# Verify current model availability in your Codex environment before uncommenting.
|
|
4
|
+
#
|
|
5
|
+
# Custom council agents generated by agent-kit live under .codex/agents/*.toml.
|
|
6
|
+
# Run `agent-kit init --activate codex` to create them from the project roster.
|
|
4
7
|
|
|
5
8
|
# June 2026 Agent Kit suggested baseline:
|
|
6
9
|
# model = "gpt-5.5"
|