@appsforgood/next-supabase-kit 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,12 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.1.5
4
+
5
+ - Added computed **Agentic Engineering Level** (L3–L6) in Agent Office and setup wizard: iceberg strip, climb checklist, `/api/state` payload, and `POST /api/agentic-level/refresh`.
6
+ - Added [`src/studio/agentic-level.ts`](src/studio/agentic-level.ts), [`schemas/agentic-level.schema.json`](schemas/agentic-level.schema.json), and maintainer-profile L6 signals for kit source repos.
7
+ - Extended setup wizard with adapter validate chip on IDE activation, audit-readiness vs Agentic level copy, and `LOOP_CODING.md` eval-loop next steps on complete.
8
+ - Added [`research/summaries/agentic-engineering-maturity-levels.md`](research/summaries/agentic-engineering-maturity-levels.md) and cross-links from `DOCS.md`, `HANDOVER.md`, and `LOOP_CODING.md`.
9
+
3
10
  ## 0.1.4
4
11
 
5
12
  - Added true multi-agent IDE activation for **Cursor** (`.cursor/agents/*.md`, `.cursor/skills/*/SKILL.md`, scoped rules) and **Codex** (`.codex/agents/*.toml` with model routing effort) via `agent-kit init --activate cursor|codex`.
package/DOGFOOD.md CHANGED
@@ -119,3 +119,18 @@ Covered by `tests/update.test.ts`.
119
119
  - Activate at least one assistant adapter in a real project and record whether the chosen tool loads the canonical council instructions.
120
120
  - Apply the reference-led design critique gate to one real frontend change with desktop/mobile screenshot evidence.
121
121
  - After public publish, run `npm run publish:verify` to verify registry visibility, public `npx doctor`, clean temp `init`, and `audit --json` with zero failures.
122
+
123
+ ## BaseRepo Maintainer Dogfood Policy
124
+
125
+ Date: 2026-06-17
126
+ Policy: **gitignored local overlay + bootstrap script** (not committed to kit source)
127
+
128
+ | Item | Detail |
129
+ | --- | --- |
130
+ | Bootstrap | `npm run dogfood:init` runs `agent-kit init --stack next-supabase --activate cursor --activate codex` against the repo root |
131
+ | Gitignore | `.agent-kit/`, `.codex/`, init-generated council docs at repo root, and local pack tarballs — see `.gitignore` and [DOCS.md](DOCS.md#maintainer-dogfood) |
132
+ | Validation | `node dist/index.js adapter validate cursor\|codex` after bootstrap |
133
+ | Release evidence | [MAINTAINER_RELEASE.md](MAINTAINER_RELEASE.md) session checklist; loop patterns in [LOOP_CODING.md](LOOP_CODING.md) |
134
+ | Rationale | Kit source stays in `templates/` and tracked maintainer docs; overlay proves Tier B activation without polluting commit history |
135
+
136
+ This policy closes the gap where the kit shipped Level 5 IDE surfaces but BaseRepo maintainers operated at Level 4 day-to-day.
package/LOOP_CODING.md ADDED
@@ -0,0 +1,107 @@
1
+ # Loop Coding
2
+
3
+ Loop coding means the agent repeats **plan → act → check → fix** until a stop condition, instead of finishing in one chat turn. The Agent Kit is opinionated about **which loops are safe** and **which checkpoints must stay in place**.
4
+
5
+ This document describes loop types, kit-safe patterns, and limits. It is the canonical reference for eval-driven development with `@appsforgood/next-supabase-kit`.
6
+
7
+ ## Loop Types
8
+
9
+ | Loop type | What it means | Kit-safe version |
10
+ | --- | --- | --- |
11
+ | **Agent loop** | Same agent iterates on feedback until done | Use scoped prompts (for example `.agent-kit/prompts/implement-feature.md`); review each turn; do not remove Security Reviewer or QA gates |
12
+ | **Eval-driven loop** | Code changes until **tests, audit, or evals pass** | `npm test` + `agent-kit audit` + CI — BaseRepo uses `npm run release:check` as the maintainer merge gate |
13
+ | **Self-improving loop** | Agent critiques its own output and revises | Manual: delegate to `@qa-engineer` or run tests between passes; **avoid fully unsupervised self-critique on auth, RLS, or release tooling** |
14
+ | **Council / team loop** | Planner → specialist → Security → QA handoffs | `agent-kit session handoff` + IDE subagents — the kit's core operating model |
15
+ | **Background / overnight loop** | Runs without a human present | **Defer by default** — requires worktree policy, cost caps, kill switches, and stronger eval gates than agent freedom |
16
+
17
+ ## Practical Rule
18
+
19
+ Climb maturity by adding **checkpoints** (tests, audit, guards, human review), not by removing them. Unsupervised loops are only healthy when **eval gates are stronger than the agent's freedom**.
20
+
21
+ ## Eval-Driven PR Loop (recommended)
22
+
23
+ For feature work in a kit-consuming project:
24
+
25
+ 1. **Plan** — Planner classifies scope; Lead Architect maps affected layers when the change is core.
26
+ 2. **Implement** — Next.js / Supabase engineers (or general agent with council rules loaded).
27
+ 3. **Check** — run the smallest reliable gate set:
28
+ ```bash
29
+ npm test
30
+ agent-kit audit --min-readiness baseline-setup
31
+ agent-kit adapter validate all # when IDE surfaces change
32
+ ```
33
+ 4. **Fix** — repeat implement/check until green or blocked on a documented gap.
34
+ 5. **Record** — `agent-kit session render` and mirror summary in `COUNCIL.md` for meaningful multi-agent work.
35
+
36
+ BaseRepo maintainers use the same pattern at repo scale:
37
+
38
+ ```bash
39
+ npm run release:check # tests, build, package validate, smokes, adapter validate
40
+ npm run smoke:audit-gate
41
+ ```
42
+
43
+ ## Council Loop (multi-agent)
44
+
45
+ The default handoff order lives in `AGENTS.md` and `.agent-kit/agent-roster.json`:
46
+
47
+ 1. Planner — scope, workflow, council selection
48
+ 2. Lead Architect — core changes
49
+ 3. Domain engineers — data, UI, copy as needed
50
+ 4. Security Reviewer — auth, mutations, secrets, dependencies, release risk
51
+ 5. QA Engineer — behavior evidence
52
+ 6. Documentation Maintainer — living docs and council record
53
+
54
+ Use Agent Studio when the CLI is available:
55
+
56
+ ```bash
57
+ agent-kit session start --workflow core-change --request "Short title"
58
+ agent-kit session handoff --from planner --to lead-architect --decision "..." --risk "..." --next "..." --evidence "..."
59
+ agent-kit session verify --command "npm test" --result pass
60
+ agent-kit session output phased-checklist --status complete --evidence "..."
61
+ agent-kit session render
62
+ ```
63
+
64
+ When CLI tooling is unavailable, append the session template in `COUNCIL.md` (see `MAINTAINER_RELEASE.md` for kit release evidence).
65
+
66
+ ## Hooks And Local Automation (Level 6 enablers)
67
+
68
+ The kit does **not** ship unsupervised orchestration. It documents safe local enablers:
69
+
70
+ | Pattern | Purpose | Starting point |
71
+ | --- | --- | --- |
72
+ | Pre-commit test or audit | Catch drift before commit | `.agent-kit/prompts/audit-project-setup.md`, project `npm test` |
73
+ | Post-edit lint/typecheck | Fast feedback on save | Project ESLint / `tsc --noEmit` in editor or CI |
74
+ | PR CI audit gate | Block merge below readiness | `.github/workflows/agent-kit-audit.yml` template |
75
+ | Adapter validate on PR | Prove IDE templates stay shippable | `agent-kit adapter validate all` (BaseRepo: `npm run adapter:validate` in `release:check`) |
76
+
77
+ For Cursor-specific hook/automation patterns, see Cursor Automations docs and keep Planner-first triage **opt-in** — never as a replacement for Security Reviewer or human release approval.
78
+
79
+ ## MCP Routing (delegation hint)
80
+
81
+ Match MCP servers to council roles in consuming projects:
82
+
83
+ | Role | Typical MCP use |
84
+ | --- | --- |
85
+ | Supabase/Postgres Engineer | Schema, migrations, RLS, logs, advisors |
86
+ | Security Reviewer | Dependency/advisory checks; no broad production writes without review |
87
+ | Deployment/Observability Engineer | Hosting logs, release status, error tracking |
88
+ | QA Engineer | Test runners, visual diff tools where configured |
89
+
90
+ Record active MCP surfaces in `ASSISTANT_ADAPTERS.md` when they affect council behavior.
91
+
92
+ ## What Not To Default
93
+
94
+ - Overnight unsupervised agent runs on auth, RLS, or release tooling
95
+ - Agents managing agents without eval harness and kill switches
96
+ - Removing human review from publish, migration, or security-sensitive paths
97
+ - Duplicating runtime product agents inside the kit repo (wrong shape for agent-kit)
98
+
99
+ ## Related Docs
100
+
101
+ - `AGENTS.md` — council roles and default handoffs
102
+ - `QUALITY_GATES.md` — Baseline / Strong / Mature evidence tiers
103
+ - `COUNCIL.md` — session evidence template
104
+ - `MAINTAINER_RELEASE.md` — kit maintainer release session checklist
105
+ - `research/summaries/agentic-engineering-maturity-levels.md` — L3–L8 ladder and office integration
106
+ - `TESTING.md` — project test and CI gate expectations
107
+ - `PUBLISH.md` — npm publish runbook
@@ -0,0 +1,100 @@
1
+ # Maintainer Release Evidence
2
+
3
+ Use this checklist when shipping `@appsforgood/next-supabase-kit` releases. It aligns kit maintainer practice with the **Strong** tier in `QUALITY_GATES.md`: council sessions record workflow, decision, risk, next handoff, required outputs, and evidence.
4
+
5
+ For loop patterns and safe automation limits, see [LOOP_CODING.md](LOOP_CODING.md). For publish steps, see [PUBLISH.md](PUBLISH.md).
6
+
7
+ ## When To Open A Session
8
+
9
+ Start `agent-kit session` (or a `COUNCIL.md` entry) when the release includes any of:
10
+
11
+ - CLI or install behavior changes
12
+ - New or changed IDE adapter surfaces (Cursor, Codex, Claude, Copilot, Antigravity)
13
+ - Audit, roster, schema, or Agent Studio contract changes
14
+ - Security-sensitive dependency or publish pipeline changes
15
+ - Multi-agent work spanning Planner → Architect → QA
16
+
17
+ Skip a formal session only for typo-only doc fixes with no behavioral impact.
18
+
19
+ ## Bootstrap Maintainer Dogfood
20
+
21
+ Maintainers run the kit locally on BaseRepo without committing the overlay:
22
+
23
+ ```bash
24
+ npm run dogfood:init
25
+ node dist/index.js adapter validate cursor
26
+ node dist/index.js adapter validate codex
27
+ ```
28
+
29
+ Generated paths (`.agent-kit/`, `.cursor/`, `.codex/`, root council docs from init) are **gitignored**. Kit source stays in `templates/`, `assistant-adapters/`, and tracked root docs such as `DOCS.md` and `SPEC.md`.
30
+
31
+ ## Release Session Workflow
32
+
33
+ ```bash
34
+ agent-kit session start --workflow release --request "Release vX.Y.Z"
35
+ agent-kit session decision --agent planner --decision "..." --risk "..." --next "lead-architect" --evidence "..."
36
+ agent-kit session verify --command "npm run release:check" --result pass --notes "..."
37
+ agent-kit session verify --command "npm run smoke:audit-gate" --result pass
38
+ agent-kit session output changelog --status complete --evidence "CHANGELOG.md#X.Y.Z"
39
+ agent-kit session output test-evidence --status complete --evidence "vitest + smokes green"
40
+ agent-kit session output publish-evidence --status complete --evidence "npm run publish:verify or GitHub Release vX.Y.Z"
41
+ agent-kit session render
42
+ ```
43
+
44
+ After publish, append a short evidence block to [DOGFOOD.md](DOGFOOD.md) (public-safe, no local paths).
45
+
46
+ ## COUNCIL.md Mirror Template
47
+
48
+ When Agent Studio CLI is unavailable, paste this block into root `COUNCIL.md` (maintainer overlay, gitignored) or into the PR description:
49
+
50
+ ```md
51
+ ## YYYY-MM-DD - Release vX.Y.Z
52
+
53
+ - Workflow: release
54
+ - Status: complete
55
+ - Request: Ship @appsforgood/next-supabase-kit@X.Y.Z
56
+ - Affected layers: CLI, install, adapters, docs, CI, deployment
57
+
58
+ ### Required Outputs
59
+
60
+ | Output | Status | Evidence |
61
+ | --- | --- | --- |
62
+ | Phased checklist | Complete | ROADMAP / PR scope |
63
+ | Architecture decision | Complete/N/A | DECISIONS.md or PR note |
64
+ | Security review | Complete | Dependency audit in release:check; no secret in adapters |
65
+ | Test evidence | Complete | npm run release:check; npm run smoke:audit-gate |
66
+ | Adapter validation | Complete | npm run adapter:validate (all IDE templates) |
67
+ | Docs impact | Complete | CHANGELOG.md, DOCS.md, PUBLISH.md if process changed |
68
+ | Publish verification | Complete | npm run publish:verify or Release workflow green |
69
+
70
+ ### Handoffs
71
+
72
+ | Agent | Decision | Risk | Next Handoff | Evidence |
73
+ | --- | --- | --- | --- | --- |
74
+ | Planner | Release scope approved | Missed breaking change | Lead Architect / QA | PR + CHANGELOG |
75
+ | QA Engineer | release:check green | Residual flake | Documentation Maintainer | CI logs |
76
+ | Documentation Maintainer | CHANGELOG + DOGFOOD updated | Stale public evidence | Deployment/Observability | DOGFOOD.md entry |
77
+
78
+ ### Verification
79
+
80
+ | Command Or Review | Result | Notes |
81
+ | --- | --- | --- |
82
+ | npm run release:check | Pass | Includes adapter:validate |
83
+ | npm run smoke:audit-gate | Pass | baseline-setup, 0 failures |
84
+ | npm run publish:verify | Pass/Skipped | Required after registry publish |
85
+ ```
86
+
87
+ ## Pre-Merge Gate (BaseRepo)
88
+
89
+ Every release PR must pass:
90
+
91
+ 1. `npm run release:check` (tests, build, package validate, smokes, **adapter validate all**, audit, pack dry-run)
92
+ 2. `npm run smoke:audit-gate`
93
+ 3. CHANGELOG section for the target version
94
+ 4. Session render or COUNCIL mirror with verification table filled in
95
+
96
+ ## Post-Publish
97
+
98
+ 1. Run `npm run publish:verify` after registry propagation (or confirm Release workflow verification).
99
+ 2. Update `DOGFOOD.md` with publish verification snapshot (no machine paths).
100
+ 3. Mark release items in `ROADMAP.md`.