@appsforgood/next-supabase-kit 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/DOGFOOD.md +40 -0
  3. package/README.md +246 -43
  4. package/REPOSITORY_SETTINGS.md +7 -3
  5. package/SUPPLY_CHAIN.md +5 -5
  6. package/UPGRADE.md +2 -1
  7. package/antigravity/commands/accessibility-pass.toml +16 -0
  8. package/antigravity/commands/browser-qa.toml +18 -0
  9. package/antigravity/commands/distinctiveness-pass.toml +16 -0
  10. package/antigravity/commands/frontend.toml +5 -4
  11. package/antigravity/commands/layout-cleanup.toml +16 -0
  12. package/antigravity/commands/responsive-cleanup.toml +16 -0
  13. package/antigravity/commands/review.toml +16 -0
  14. package/antigravity/commands/screenshot-critique.toml +16 -0
  15. package/antigravity/commands/spec.toml +17 -0
  16. package/antigravity/commands/test.toml +17 -0
  17. package/antigravity/commands/ui-audit.toml +17 -0
  18. package/antigravity/commands/ui-polish.toml +17 -0
  19. package/antigravity/plugin.json +13 -1
  20. package/assistant-adapters/antigravity.md +7 -0
  21. package/checklists/ui-acceptance-rubric.md +58 -0
  22. package/checklists/ui-detectors.md +75 -0
  23. package/dist/index.js +796 -458
  24. package/dist/index.js.map +1 -1
  25. package/dist/studio/office/assets/office.css +109 -28
  26. package/dist/studio/office/assets/office.js +14 -63
  27. package/dist/studio/wizard/assets/wizard.css +105 -26
  28. package/dist/studio/wizard/assets/wizard.js +22 -85
  29. package/examples/next-supabase-installed/.agent-kit/agent-roster.json +53 -14
  30. package/examples/next-supabase-installed/.agent-kit/manifest.json +12 -12
  31. package/examples/next-supabase-installed/audit-output.json +380 -375
  32. package/package.json +21 -5
  33. package/prompts/lifecycle-command-index.md +180 -0
  34. package/prompts/ui-command-index.md +124 -0
  35. package/rosters/next-supabase-default-council.json +53 -14
  36. package/runtime-skills/ui-improvement-harness/SKILL.md +12 -0
  37. package/skills/ui-improvement-harness.md +96 -0
  38. package/templates/next-supabase/AGENT_ROSTER.md +6 -3
  39. package/templates/next-supabase/ASSISTANT_ADAPTERS.md +3 -1
  40. package/templates/next-supabase/DECISIONS.md +14 -0
  41. package/templates/next-supabase/DESIGN.md +3 -0
  42. package/templates/next-supabase/DOCS.md +5 -1
  43. package/templates/next-supabase/QUALITY_GATES.md +4 -2
  44. package/templates/next-supabase/SKILLS.md +14 -0
  45. package/templates/next-supabase/SPEC.md +5 -1
  46. package/templates/next-supabase/STYLE_GUIDE.md +3 -1
  47. package/templates/next-supabase/TESTING.md +4 -0
@@ -44,6 +44,20 @@ Runtime command files are adapters. `AGENTS.md`, `.agent-kit/agent-roster.json`,
44
44
 
45
45
  Native commands improve invocation ergonomics, but project policy, security gates, handoff rules, model routing, and documentation contracts stay centralized in Agent Kit files.
46
46
 
47
+ ## UI Improvement Harness Rule
48
+
49
+ ### Context
50
+
51
+ Frontend work needs repeatable audit, polish, screenshot, responsive, accessibility, distinctiveness, and browser QA loops rather than one-off taste review.
52
+
53
+ ### Decision
54
+
55
+ Use `.agent-kit/prompts/ui-command-index.md`, `.agent-kit/checklists/ui-detectors.md`, `.agent-kit/checklists/ui-acceptance-rubric.md`, and `.agent-kit/skills/ui-improvement-harness.md` as the source of truth for UI improvement commands and detector severity.
56
+
57
+ ### Consequences
58
+
59
+ Meaningful UI work must classify blocker, major, and minor findings, require desktop and mobile screenshot evidence, and include authenticated or permission-state evidence for protected screens.
60
+
47
61
  ## Agent Kit Model Routing
48
62
 
49
63
  ### Context
@@ -103,6 +103,7 @@ Run `.agent-kit/prompts/frontend-distinctiveness-benchmark.md` before accepting
103
103
  | Asset provenance | Real, generated, licensed, and placeholder assets identified with usage constraints |
104
104
  | State proof | Loading, empty, error, disabled, success, permission, and focus states captured where relevant |
105
105
  | Visual QA proof | Desktop, mobile, and high-risk state evidence reviewed for the change risk |
106
+ | UI detector proof | `.agent-kit/checklists/ui-detectors.md` completed with blocker, major, minor, pass, and not-applicable findings |
106
107
 
107
108
  Distinctiveness verdict:
108
109
 
@@ -166,6 +167,8 @@ Frontend work is not accepted until the following evidence exists:
166
167
  - A frontend distinctiveness benchmark records first-screen proof, content fingerprint, reference benchmark, creative divergence, asset provenance, state proof, visual QA proof, generic-risk, and source-safety risks.
167
168
  - A product-quality scorecard records user/task fit, content specificity, visual identity, information architecture, component states, accessibility and interaction, source safety, total score, and verdict.
168
169
  - Desktop and mobile screenshots were reviewed.
170
+ - UI detector findings were classified and blockers were resolved.
171
+ - Authenticated or permission-state screenshots were reviewed when the changed surface requires login, roles, tenant context, or permissions.
169
172
  - Accessibility risks and component states were reviewed.
170
173
  - Visual QA tier is documented in `TESTING.md` for high-risk UI changes.
171
174
  - Baseline visual changes are approved intentionally when visual regression tooling exists.
@@ -42,6 +42,8 @@ Document primary workflows, including:
42
42
  - Planning and core-change handoffs from `AGENT_ROSTER.md`
43
43
  - Tool-specific assistant activation from `ASSISTANT_ADAPTERS.md`
44
44
  - Runtime command validation with `agent-kit adapter validate antigravity` when Antigravity is active
45
+ - UI improvement command workflows from `.agent-kit/prompts/ui-command-index.md`
46
+ - Deterministic UI detector and acceptance review from `.agent-kit/checklists/ui-detectors.md` and `.agent-kit/checklists/ui-acceptance-rubric.md`
45
47
  - Model-selection setup, enforcement status, and limitations from `MODEL_ROUTING.md`
46
48
  - Council-session evidence capture from `COUNCIL.md`
47
49
  - Upgrade review, conflict handling, migration review, and rollback evidence from `UPGRADE.md`
@@ -57,7 +59,9 @@ Document primary workflows, including:
57
59
  - Data creation and update workflow
58
60
  - Deployment workflow
59
61
 
60
- Runtime command files are adapters only. Native commands such as `/plan`, `/security`, `/frontend`, `/copy`, `/handoff`, `/audit`, `/setup`, `/upgrade`, and `/ship` should point back to `AGENTS.md`, `.agent-kit/agent-roster.json`, `QUALITY_GATES.md`, `.agent-kit/skills/`, and Agent Studio evidence.
62
+ Runtime command files are adapters only. Native commands such as `/plan`, `/security`, `/frontend`, `/ui-audit`, `/ui-polish`, `/layout-cleanup`, `/responsive-cleanup`, `/accessibility-pass`, `/distinctiveness-pass`, `/screenshot-critique`, `/browser-qa`, `/copy`, `/handoff`, `/audit`, `/setup`, `/upgrade`, and `/ship` should point back to `AGENTS.md`, `.agent-kit/agent-roster.json`, `QUALITY_GATES.md`, `.agent-kit/skills/`, and Agent Studio evidence.
63
+
64
+ High-risk UI work must include desktop and mobile screenshots plus authenticated or permission-state evidence when the surface requires login, roles, tenant context, or permissions.
61
65
 
62
66
  ## Integration Points
63
67
 
@@ -56,7 +56,7 @@ Best-practice means evidence can survive handoff, release, and later audit.
56
56
  - Multi-agent work has local Agent Studio evidence: context loaded, corrections considered, decisions and handoffs recorded, required outputs tracked, artifacts linked, verification captured, and rendered Markdown current.
57
57
  - Supabase RLS policies are inventory-backed, least-privilege, and tested for cross-user or cross-tenant access.
58
58
  - Production readiness covers Next.js routing/rendering, caching, error boundaries, metadata, accessibility, performance, security headers, and Core Web Vitals evidence.
59
- - Frontend work starts from brand/content intake, reference-set review, anti-references, and creative-direction options, then proves first-screen proof, content fingerprint, asset provenance, product-quality scorecard, distinctiveness, desktop, mobile, key states, keyboard flow, and visual QA evidence.
59
+ - Frontend work starts from brand/content intake, reference-set review, anti-references, and creative-direction options, then proves first-screen proof, content fingerprint, asset provenance, product-quality scorecard, distinctiveness, UI detector findings, desktop, mobile, key states, keyboard flow, and visual QA evidence.
60
60
  - Public-facing and conversion-facing copy starts from discovery questions, audience, pain, outcome, differentiator, proof, objections, voice/tone, and CTA hierarchy, with unsupported claims marked as assumptions.
61
61
  - Test evidence includes the smallest useful unit/regression checks plus critical-path smoke coverage.
62
62
  - Release evidence includes install or production smoke, migration order, dependency audit, package or deployment verification, logs, and rollback notes.
@@ -71,7 +71,7 @@ Best-practice means evidence can survive handoff, release, and later audit.
71
71
  | Planning or roadmap | Planner, Documentation Maintainer | Updated roadmap or checklist with owner, status, and acceptance evidence |
72
72
  | Core architecture | Planner, Lead Architect, QA, Docs | Affected-layer map, preserved contracts, tests, updated `SPEC.md` or `DECISIONS.md` |
73
73
  | Supabase/Auth/RLS | Lead Architect, Supabase/Postgres Engineer, Security Reviewer, QA | Migration notes, RLS inventory, negative authorization test, rollback risk |
74
- | Frontend/UI | Frontend Design Lead, QA, Docs | Brand/content intake, reference-set evidence, design critique verdict, distinctiveness benchmark, product-quality scorecard, creative direction, component states, accessibility, desktop/mobile visual QA |
74
+ | Frontend/UI | Frontend Design Lead, QA, Docs | Brand/content intake, reference-set evidence, design critique verdict, distinctiveness benchmark, product-quality scorecard, creative direction, UI detector severity findings, component states, accessibility, desktop/mobile visual QA, authenticated screen evidence when applicable |
75
75
  | Marketing/copy | Marketing Copy Lead, Frontend Design Lead, QA, Docs | `MESSAGING.md`, audience and pain, value proposition, proof, objections, voice/tone, CTA hierarchy, risky-claim review |
76
76
  | Security-sensitive | Security Reviewer, Lead Architect, QA | OWASP review, boundary validation, dependency/secret review, regression or smoke evidence |
77
77
  | Release/package | Deployment/Observability Engineer, Security Reviewer, QA, Docs | Release gate output, dependency audit, install/deploy smoke, provenance or publish identity evidence |
@@ -83,6 +83,8 @@ Best-practice means evidence can survive handoff, release, and later audit.
83
83
  - A checklist item is not done until the evidence is linked or named.
84
84
  - A test is not evidence unless it covers the behavior, risk, or contract being claimed.
85
85
  - A screenshot is not visual QA unless it covers the important viewport, state, and content.
86
+ - A UI detector pass is not complete until blockers, majors, minors, accepted exceptions, screenshots, viewport, auth state, and data state are named.
87
+ - A high-risk UI change is not accepted while blocker detector findings remain or authenticated workflow evidence is missing.
86
88
  - A research finding is not a best practice until it is promoted into templates, skills, checklists, audit checks, tests, release gates, or documented decisions.
87
89
  - A runtime command is not canonical policy; it is accepted only when it wraps `AGENTS.md`, `.agent-kit/agent-roster.json`, `QUALITY_GATES.md`, canonical skills, and Agent Studio evidence.
88
90
  - A fresh install can be baseline setup while still warning on `TBD`, example rows, or starter instruction text; those placeholders must be replaced before claiming strong or best-practice maturity.
@@ -108,6 +108,20 @@ Required checks:
108
108
  - Use the matching `.agent-kit/design-briefs/*` brief for SaaS, admin, marketplace, content, tool, ecommerce, portfolio/venue, education, community/social, or AI workflow surfaces.
109
109
  - Review final desktop and mobile screenshots with `.agent-kit/prompts/screenshot-review.md`.
110
110
 
111
+ ## UI Improvement Harness
112
+
113
+ Use for operational UI audit, polish, layout cleanup, responsive cleanup, accessibility pass, screenshot critique, visual distinctiveness pass, and live browser QA loops.
114
+
115
+ Required checks:
116
+ - Use `.agent-kit/prompts/ui-command-index.md` to pick the workflow: UI audit, UI polish, layout cleanup, responsive cleanup, accessibility pass, distinctiveness pass, screenshot critique, or browser QA.
117
+ - Run `.agent-kit/checklists/ui-detectors.md` and classify findings as blocker, major, minor, pass, or not applicable.
118
+ - Apply `.agent-kit/checklists/ui-acceptance-rubric.md` before release.
119
+ - Require desktop and mobile screenshot evidence for meaningful UI changes.
120
+ - Require authenticated or permission-state evidence for protected app screens.
121
+ - Block release when blocker detector findings remain.
122
+ - Fix major findings or document accepted exceptions before high-risk UI changes ship.
123
+ - Record route, viewport, auth state, data state, screenshots, detector findings, and residual risks.
124
+
111
125
  ## Content-First Creative Direction
112
126
 
113
127
  Use before designing or changing a user-facing site, product screen, dashboard, tool, marketplace, content experience, ecommerce flow, portfolio, venue page, education product, community surface, or AI workflow UI.
@@ -25,6 +25,7 @@ List behavior that must be preserved during changes:
25
25
  - Agent council routing in `.agent-kit/agent-roster.json`
26
26
  - Model profile routing in `MODEL_ROUTING.md` and `.agent-kit/model-routing.json`
27
27
  - Optional runtime adapter commands and portable `SKILL.md` wrappers, when activated
28
+ - UI improvement command workflows, detector severity findings, and acceptance rubric when frontend work is in scope
28
29
  - Council-session evidence in `COUNCIL.md`
29
30
  - Agent, council-session, model-routing, and audit-report schema contracts in `.agent-kit/schemas/`
30
31
  - Planner default ownership for planning and Lead Architect review for core changes
@@ -70,7 +71,7 @@ Record the current maturity target and evidence.
70
71
  | Architecture | TBD | TBD | TBD | Affected-layer map, `DECISIONS.md` |
71
72
  | Supabase/RLS | TBD | TBD | TBD | RLS inventory, migration tests |
72
73
  | Messaging | TBD | TBD | TBD | `MESSAGING.md`, proof map, objection handling, CTA hierarchy |
73
- | Frontend | TBD | TBD | TBD | `DESIGN.md`, reference-set evidence, design critique verdict, product-quality scorecard, screenshots, visual QA |
74
+ | Frontend | TBD | TBD | TBD | `DESIGN.md`, reference-set evidence, design critique verdict, product-quality scorecard, UI detector findings, screenshots, visual QA |
74
75
  | Testing | TBD | TBD | TBD | Unit, regression, smoke, visual evidence |
75
76
  | Release | TBD | TBD | TBD | `DEPLOYMENT.md`, logs, rollback notes |
76
77
 
@@ -83,6 +84,8 @@ Record the current maturity target and evidence.
83
84
  - Audience, pain, desired outcome, differentiator, proof, objections, voice, and CTA hierarchy are documented before public-facing or conversion-facing copy is accepted.
84
85
  - Reference set, anti-references, source-safety notes, and design critique verdict are documented before accepting significant frontend work.
85
86
  - Frontend product-quality scorecard is documented before accepting significant frontend work.
87
+ - UI detector findings are classified before accepting meaningful audit, polish, layout, responsive, accessibility, screenshot, distinctiveness, or browser QA work.
88
+ - Authenticated or permission-state screenshots are reviewed when the changed surface requires login, roles, tenant context, or permissions.
86
89
  - First screens show the real product, task, object, content, or workflow.
87
90
 
88
91
  ## Brand And Content Inventory
@@ -102,6 +105,7 @@ Track the inputs that make the UI specific to this product.
102
105
  | Chosen creative direction | TBD | Creative-direction matrix and screenshots |
103
106
  | Design critique verdict | TBD | `DESIGN.md`, critique-gate review |
104
107
  | Visual QA tier | TBD | `TESTING.md`, Storybook, Playwright report, visual-regression service, or screenshot artifacts |
108
+ | UI detector evidence | TBD | `.agent-kit/checklists/ui-detectors.md`, `.agent-kit/checklists/ui-acceptance-rubric.md`, browser QA notes |
105
109
 
106
110
  ## Component And State Inventory
107
111
 
@@ -51,7 +51,9 @@ Use `.agent-kit/prompts/design-critique-gate.md` before accepting significant fr
51
51
 
52
52
  Use `.agent-kit/prompts/frontend-distinctiveness-benchmark.md` before accepting significant frontend work. `DESIGN.md` should prove first-screen specificity, content fingerprint, reference benchmark, asset provenance, state proof, and visual QA proof so a design cannot pass while remaining interchangeable with another product in the same category.
53
53
 
54
- Use `.agent-kit/prompts/frontend-product-quality-scorecard.md` before accepting significant frontend work. `DESIGN.md` should score user/task fit, content specificity, visual identity, information architecture, component states, accessibility and interaction, and source safety. Reject work with critical zeroes or a total score below `10/14`; reserve best-practice claims for `12/14` or higher with desktop/mobile and visual QA evidence.
54
+ Use `.agent-kit/prompts/frontend-product-quality-scorecard.md` before accepting significant frontend work. `DESIGN.md` should score user/task fit, content specificity, visual identity, information architecture, component states, accessibility and interaction, and source safety. Reject work with critical zeroes or a total score below `10/14`; reserve best-practice claims for `12/14` or higher with desktop/mobile, authenticated screen evidence when applicable, UI detector findings, and visual QA evidence.
55
+
56
+ Use `.agent-kit/prompts/ui-command-index.md`, `.agent-kit/checklists/ui-detectors.md`, and `.agent-kit/checklists/ui-acceptance-rubric.md` for UI audit, polish, layout cleanup, responsive cleanup, accessibility pass, distinctiveness pass, screenshot critique, and browser QA loops.
55
57
 
56
58
  ## Messaging And Copy Rules
57
59
 
@@ -9,6 +9,7 @@ Testing should be proportional to risk. Auth, data mutations, payments, admin ac
9
9
  - Integration tests for API, Server Actions, and Supabase interactions where practical.
10
10
  - Playwright smoke tests for auth and critical user workflows.
11
11
  - Visual QA for important user-facing screens and reusable component states.
12
+ - UI detector review for audit, polish, layout, responsive, accessibility, screenshot, distinctiveness, and browser QA workflows.
12
13
  - Runtime adapter validation for plugin manifests, native commands, portable `SKILL.md` wrappers, source-of-truth references, package allowlists, and secret safety.
13
14
 
14
15
  ## Critical Smoke Paths
@@ -35,6 +36,8 @@ Choose the smallest reliable visual QA tier for the project:
35
36
  Required rules:
36
37
 
37
38
  - Capture default, loading, empty, error, disabled, success, permission-denied, and mobile states where relevant.
39
+ - Run `.agent-kit/checklists/ui-detectors.md` for meaningful UI audit or polish work and classify blocker, major, minor, pass, and not-applicable findings.
40
+ - High-risk UI changes require desktop and mobile screenshots plus authenticated or permission-state evidence when the workflow requires login, tenant context, roles, or permissions.
38
41
  - Stabilize dynamic data, animations, dates, avatars, generated media, and third-party widgets before visual comparison.
39
42
  - Review baseline updates as product changes; do not auto-accept visual diffs without rationale.
40
43
  - Keep accessibility, semantic, keyboard, auth, and data-boundary tests separate from visual checks.
@@ -53,6 +56,7 @@ Recommended baseline:
53
56
  - `agent-kit audit --min-readiness baseline-setup`
54
57
  - Playwright smoke tests for critical paths
55
58
  - Visual QA evidence for high-risk UI changes
59
+ - UI detector findings and accepted exceptions for meaningful UI changes
56
60
  - `agent-kit adapter validate antigravity` and `agent-kit package validate` when adapter/package assets change
57
61
 
58
62
  ### Eval-driven PR loop