npm - @luanpdd/kit-mcp - Versions diffs - 1.20.0 → 1.21.0 - Mend

@luanpdd/kit-mcp 1.20.0 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/LICENSE +21 -21
package/README.md +648 -648
package/gates/dept-cycle-prevention.md +179 -0
package/gates/multi-tenant-rls-coverage.md +102 -0
package/gates/service-role-not-in-user-facing.md +113 -0
package/kit/COMANDOS.md +138 -138
package/kit/README.md +52 -52
package/kit/agents/advisor-researcher.md +106 -106
package/kit/agents/assumptions-analyzer.md +107 -107
package/kit/agents/audit-log-implementer.md +175 -0
package/kit/agents/b2b-saas-architect.md +156 -0
package/kit/agents/codebase-mapper.md +768 -768
package/kit/agents/crm-pipeline-implementer.md +150 -0
package/kit/agents/debugger.md +772 -772
package/kit/agents/evolution-go-integrator.md +179 -0
package/kit/agents/example-reviewer.md +21 -21
package/kit/agents/executor.md +523 -523
package/kit/agents/integration-checker.md +200 -200
package/kit/agents/invite-flow-implementer.md +137 -0
package/kit/agents/lgpd-compliance-auditor.md +206 -0
package/kit/agents/multi-tenant-isolation-auditor.md +243 -0
package/kit/agents/multi-tenant-rls-writer.md +262 -0
package/kit/agents/nyquist-auditor.md +178 -178
package/kit/agents/org-onboarding-implementer.md +202 -0
package/kit/agents/phase-researcher.md +696 -696
package/kit/agents/plan-checker.md +272 -272
package/kit/agents/planner.md +891 -891
package/kit/agents/project-researcher.md +652 -652
package/kit/agents/research-synthesizer.md +245 -245
package/kit/agents/roadmapper.md +677 -677
package/kit/agents/super-admin-implementer.md +182 -0
package/kit/agents/ui-auditor.md +437 -437
package/kit/agents/ui-checker.md +302 -302
package/kit/agents/ui-researcher.md +355 -355
package/kit/agents/user-profiler.md +175 -175
package/kit/agents/verifier.md +728 -728
package/kit/commands/adicionar-backlog.md +75 -75
package/kit/commands/adicionar-fase.md +42 -42
package/kit/commands/adicionar-tarefa.md +45 -45
package/kit/commands/adicionar-testes.md +41 -41
package/kit/commands/ajuda.md +21 -21
package/kit/commands/atualizar.md +37 -37
package/kit/commands/auditar-marco.md +179 -179
package/kit/commands/auditar-uat.md +23 -23
package/kit/commands/autonomo.md +40 -40
package/kit/commands/branch-pr.md +24 -24
package/kit/commands/concluir-marco.md +247 -247
package/kit/commands/configuracoes.md +36 -36
package/kit/commands/definir-perfil.md +10 -10
package/kit/commands/depurar.md +190 -190
package/kit/commands/discutir-fase.md +131 -131
package/kit/commands/entrar-discord.md +17 -17
package/kit/commands/estatisticas.md +18 -18
package/kit/commands/example-greeting.md +33 -33
package/kit/commands/executar-fase.md +58 -58
package/kit/commands/expresso.md +56 -56
package/kit/commands/fase-ui.md +34 -34
package/kit/commands/fazer.md +57 -57
package/kit/commands/fio.md +125 -125
package/kit/commands/fluxos-trabalho.md +64 -64
package/kit/commands/forense.md +176 -176
package/kit/commands/gerenciador.md +38 -38
package/kit/commands/inserir-fase.md +31 -31
package/kit/commands/limpeza.md +17 -17
package/kit/commands/listar-hipoteses-fase.md +45 -45
package/kit/commands/listar-workspaces.md +18 -18
package/kit/commands/mapear-codebase.md +70 -70
package/kit/commands/multi-tenant.md +163 -0
package/kit/commands/nota.md +33 -33
package/kit/commands/novo-marco.md +43 -43
package/kit/commands/novo-projeto.md +41 -41
package/kit/commands/novo-workspace.md +43 -43
package/kit/commands/pausar-trabalho.md +37 -37
package/kit/commands/perfil-usuario.md +45 -45
package/kit/commands/pesquisar-fase.md +195 -195
package/kit/commands/planejar-fase.md +67 -67
package/kit/commands/planejar-lacunas.md +33 -33
package/kit/commands/plantar-ideia.md +25 -25
package/kit/commands/progresso.md +24 -24
package/kit/commands/proximo.md +30 -30
package/kit/commands/publicar.md +490 -490
package/kit/commands/rapido.md +35 -35
package/kit/commands/reaplicar-patches.md +124 -124
package/kit/commands/relatorio-sessao.md +19 -19
package/kit/commands/remover-fase.md +31 -31
package/kit/commands/remover-workspace.md +26 -26
package/kit/commands/resumo-marco.md +50 -50
package/kit/commands/retomar-trabalho.md +40 -40
package/kit/commands/revisar-backlog.md +60 -60
package/kit/commands/revisar-ui.md +32 -32
package/kit/commands/revisar.md +37 -37
package/kit/commands/saude.md +21 -21
package/kit/commands/setup-notion.md +93 -93
package/kit/commands/sync-main.md +68 -68
package/kit/commands/validar-fase.md +35 -35
package/kit/commands/verificar-tarefas.md +44 -44
package/kit/commands/verificar-trabalho.md +64 -64
package/kit/file-manifest.json +30 -3
package/kit/framework/bin/lib/commands.cjs +959 -959
package/kit/framework/bin/lib/config.cjs +442 -442
package/kit/framework/bin/lib/core.cjs +1230 -1230
package/kit/framework/bin/lib/frontmatter.cjs +336 -336
package/kit/framework/bin/lib/init.cjs +1442 -1442
package/kit/framework/bin/lib/milestone.cjs +252 -252
package/kit/framework/bin/lib/model-profiles.cjs +68 -68
package/kit/framework/bin/lib/phase.cjs +888 -888
package/kit/framework/bin/lib/profile-output.cjs +952 -952
package/kit/framework/bin/lib/profile-pipeline.cjs +539 -539
package/kit/framework/bin/lib/roadmap.cjs +329 -329
package/kit/framework/bin/lib/security.cjs +382 -382
package/kit/framework/bin/lib/state.cjs +1031 -1031
package/kit/framework/bin/lib/template.cjs +222 -222
package/kit/framework/bin/lib/uat.cjs +282 -282
package/kit/framework/bin/lib/verify.cjs +888 -888
package/kit/framework/bin/lib/workstream.cjs +491 -491
package/kit/framework/bin/tools.cjs +918 -918
package/kit/framework/commands/workstreams.md +63 -63
package/kit/framework/references/checkpoints.md +778 -778
package/kit/framework/references/continuation-format.md +249 -249
package/kit/framework/references/decimal-phase-calculation.md +64 -64
package/kit/framework/references/git-integration.md +295 -295
package/kit/framework/references/git-planning-commit.md +38 -38
package/kit/framework/references/model-profile-resolution.md +36 -36
package/kit/framework/references/model-profiles.md +139 -139
package/kit/framework/references/phase-argument-parsing.md +61 -61
package/kit/framework/references/planning-config.md +202 -202
package/kit/framework/references/questioning.md +162 -162
package/kit/framework/references/tdd.md +263 -263
package/kit/framework/references/ui-brand.md +160 -160
package/kit/framework/references/user-profiling.md +657 -657
package/kit/framework/references/verification-patterns.md +612 -612
package/kit/framework/references/workstream-flag.md +58 -58
package/kit/framework/templates/DEBUG.md +164 -164
package/kit/framework/templates/UAT.md +265 -265
package/kit/framework/templates/UI-SPEC.md +100 -100
package/kit/framework/templates/VALIDATION.md +76 -76
package/kit/framework/templates/claude-md.md +122 -122
package/kit/framework/templates/codebase/architecture.md +185 -185
package/kit/framework/templates/codebase/concerns.md +205 -205
package/kit/framework/templates/codebase/conventions.md +204 -204
package/kit/framework/templates/codebase/integrations.md +192 -192
package/kit/framework/templates/codebase/stack.md +158 -158
package/kit/framework/templates/codebase/structure.md +199 -199
package/kit/framework/templates/codebase/testing.md +301 -301
package/kit/framework/templates/config.json +44 -44
package/kit/framework/templates/context.md +352 -352
package/kit/framework/templates/continue-here.md +78 -78
package/kit/framework/templates/copilot-instructions.md +7 -7
package/kit/framework/templates/debug-subagent-prompt.md +91 -91
package/kit/framework/templates/dev-preferences.md +20 -20
package/kit/framework/templates/discovery.md +146 -146
package/kit/framework/templates/discussion-log.md +63 -63
package/kit/framework/templates/milestone-archive.md +123 -123
package/kit/framework/templates/milestone.md +115 -115
package/kit/framework/templates/phase-prompt.md +610 -610
package/kit/framework/templates/planner-subagent-prompt.md +117 -117
package/kit/framework/templates/project.md +186 -186
package/kit/framework/templates/requirements.md +231 -231
package/kit/framework/templates/research-project/ARCHITECTURE.md +204 -204
package/kit/framework/templates/research-project/FEATURES.md +147 -147
package/kit/framework/templates/research-project/PITFALLS.md +200 -200
package/kit/framework/templates/research-project/STACK.md +120 -120
package/kit/framework/templates/research-project/SUMMARY.md +170 -170
package/kit/framework/templates/research.md +419 -419
package/kit/framework/templates/retrospective.md +54 -54
package/kit/framework/templates/roadmap.md +202 -202
package/kit/framework/templates/state.md +176 -176
package/kit/framework/templates/summary-complex.md +59 -59
package/kit/framework/templates/summary-minimal.md +41 -41
package/kit/framework/templates/summary-standard.md +48 -48
package/kit/framework/templates/summary.md +209 -209
package/kit/framework/templates/user-profile.md +146 -146
package/kit/framework/templates/user-setup.md +256 -256
package/kit/framework/templates/verification-report.md +258 -258
package/kit/framework/workflows/add-phase.md +112 -112
package/kit/framework/workflows/add-tests.md +351 -351
package/kit/framework/workflows/add-todo.md +158 -158
package/kit/framework/workflows/audit-milestone.md +340 -340
package/kit/framework/workflows/audit-uat.md +109 -109
package/kit/framework/workflows/autonomous.md +891 -891
package/kit/framework/workflows/check-todos.md +177 -177
package/kit/framework/workflows/cleanup.md +152 -152
package/kit/framework/workflows/complete-milestone.md +696 -696
package/kit/framework/workflows/diagnose-issues.md +231 -231
package/kit/framework/workflows/discovery-phase.md +289 -289
package/kit/framework/workflows/discuss-phase-assumptions.md +653 -653
package/kit/framework/workflows/discuss-phase.md +784 -784
package/kit/framework/workflows/do.md +104 -104
package/kit/framework/workflows/execute-phase.md +838 -838
package/kit/framework/workflows/execute-plan.md +510 -510
package/kit/framework/workflows/fast.md +102 -102
package/kit/framework/workflows/forensics.md +265 -265
package/kit/framework/workflows/health.md +181 -181
package/kit/framework/workflows/help.md +619 -619
package/kit/framework/workflows/insert-phase.md +130 -130
package/kit/framework/workflows/list-phase-assumptions.md +178 -178
package/kit/framework/workflows/list-workspaces.md +56 -56
package/kit/framework/workflows/manager.md +362 -362
package/kit/framework/workflows/map-codebase.md +377 -377
package/kit/framework/workflows/milestone-summary.md +223 -223
package/kit/framework/workflows/new-milestone.md +486 -486
package/kit/framework/workflows/new-project.md +1159 -1159
package/kit/framework/workflows/new-workspace.md +237 -237
package/kit/framework/workflows/next.md +97 -97
package/kit/framework/workflows/node-repair.md +92 -92
package/kit/framework/workflows/note.md +156 -156
package/kit/framework/workflows/pause-work.md +176 -176
package/kit/framework/workflows/plan-milestone-gaps.md +273 -273
package/kit/framework/workflows/plan-phase.md +765 -765
package/kit/framework/workflows/plant-seed.md +169 -169
package/kit/framework/workflows/pr-branch.md +129 -129
package/kit/framework/workflows/profile-user.md +450 -450
package/kit/framework/workflows/progress.md +507 -507
package/kit/framework/workflows/quick.md +757 -757
package/kit/framework/workflows/remove-phase.md +155 -155
package/kit/framework/workflows/remove-workspace.md +90 -90
package/kit/framework/workflows/research-phase.md +82 -82
package/kit/framework/workflows/resume-project.md +326 -326
package/kit/framework/workflows/review.md +228 -228
package/kit/framework/workflows/session-report.md +146 -146
package/kit/framework/workflows/settings.md +283 -283
package/kit/framework/workflows/ship.md +228 -228
package/kit/framework/workflows/stats.md +60 -60
package/kit/framework/workflows/transition.md +671 -671
package/kit/framework/workflows/ui-phase.md +302 -302
package/kit/framework/workflows/ui-review.md +165 -165
package/kit/framework/workflows/update.md +323 -323
package/kit/framework/workflows/validate-phase.md +174 -174
package/kit/framework/workflows/verify-phase.md +252 -252
package/kit/framework/workflows/verify-work.md +637 -637
package/kit/hooks/check-update.js +118 -118
package/kit/hooks/context-monitor.js +163 -163
package/kit/hooks/prompt-guard.js +103 -103
package/kit/hooks/statusline.js +125 -125
package/kit/hooks/workflow-guard.js +101 -101
package/kit/settings.json +45 -45
package/kit/skills/_shared-multi-tenant/glossary.md +186 -0
package/kit/skills/audit-log-multi-tenant/SKILL.md +334 -0
package/kit/skills/b2b-saas-architecture/SKILL.md +300 -0
package/kit/skills/crm-lead-pipeline-patterns/SKILL.md +326 -0
package/kit/skills/evolution-go-whatsapp-integration/SKILL.md +322 -0
package/kit/skills/example-skill/SKILL.md +42 -42
package/kit/skills/lgpd-multi-tenant-compliance/SKILL.md +340 -0
package/kit/skills/member-invite-flow/SKILL.md +305 -0
package/kit/skills/member-management-react-shadcn/SKILL.md +328 -0
package/kit/skills/multi-tenant-performance-scaling/SKILL.md +312 -0
package/kit/skills/multi-tenant-rls-hierarchy/SKILL.md +338 -0
package/kit/skills/org-onboarding-flow/SKILL.md +257 -0
package/kit/skills/org-switcher-react-pattern/SKILL.md +349 -0
package/kit/skills/permission-gate-react-pattern/SKILL.md +271 -0
package/kit/skills/rbac-permissions-matrix-supabase/SKILL.md +301 -0
package/kit/skills/super-admin-platform-pattern/SKILL.md +322 -0
package/kit/skills/whatsapp-conversation-state-machine/SKILL.md +287 -0
package/package.json +63 -63
package/src/core/kit.js +216 -216
package/src/core/reflect.js +247 -247
package/src/core/reverse-sync.js +372 -372
package/src/core/sync.js +418 -418
package/src/core/watch.js +121 -121

package/kit/hooks/workflow-guard.js CHANGED Viewed

@@ -1,101 +1,101 @@
-#!/usr/bin/env node
-// hook-version: 1.30.1
-// SEC-13-05: flush-before-exit category = A (stdout.write + immediate exit)
-// Fix applied: process.stdout.write(payload, () => process.exit(0)) on warning path.
-// framework Workflow Guard — PreToolUse hook
-// Detects when Claude attempts file edits outside a framework workflow context
-// (no active / command or Task subagent) and injects an advisory warning.
-//
-// This is a SOFT guard — it advises, not blocks. The edit still proceeds.
-// The warning nudges Claude to use /quick or /fast instead of
-// making direct edits that bypass state tracking.
-//
-// Enable via config: hooks.workflow_guard: true (default: false)
-// Only triggers on Write/Edit tool calls to non-.planning/ files.
-const fs = require('fs');
-const path = require('path');
-let input = '';
-const stdinTimeout = setTimeout(() => process.exit(0), 3000);
-process.stdin.setEncoding('utf8');
-process.stdin.on('data', chunk => input += chunk);
-process.stdin.on('end', () => {
-  clearTimeout(stdinTimeout);
-  try {
-    const data = JSON.parse(input);
-    const toolName = data.tool_name;
-    // Only guard Write and Edit tool calls
-    if (toolName !== 'Write' && toolName !== 'Edit') {
-      process.exit(0);
-    }
-    // Check if we're inside a framework workflow (Task subagent or / command)
-    // Subagents have a session_id that differs from the parent
-    // and typically have a description field set by the orchestrator
-    if (data.tool_input?.is_subagent || data.session_type === 'task') {
-      process.exit(0);
-    }
-    // Check the file being edited
-    const filePath = data.tool_input?.file_path || data.tool_input?.path || '';
-    // Allow edits to .planning/ files (framework state management)
-    if (filePath.includes('.planning/') || filePath.includes('.planning\\')) {
-      process.exit(0);
-    }
-    // Allow edits to common config/docs files that don't need framework tracking
-    const allowedPatterns = [
-      /\.gitignore$/,
-      /\.env/,
-      /CLAUDE\.md$/,
-      /AGENTS\.md$/,
-      /GEMINI\.md$/,
-      /settings\.json$/,
-    ];
-    if (allowedPatterns.some(p => p.test(filePath))) {
-      process.exit(0);
-    }
-    // Check if workflow guard is enabled
-    const cwd = data.cwd || process.cwd();
-    const configPath = path.join(cwd, '.planning', 'config.json');
-    if (fs.existsSync(configPath)) {
-      try {
-        const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
-        if (!config.hooks?.workflow_guard) {
-          process.exit(0); // Guard disabled (default)
-        }
-      } catch (e) {
-        process.exit(0);
-      }
-    } else {
-      process.exit(0); // No framework project — don't guard
-    }
-    // If we get here: framework project, guard enabled, file edit outside .planning/,
-    // not in a subagent context. Inject advisory warning.
-    const output = {
-      hookSpecificOutput: {
-        hookEventName: "PreToolUse",
-        additionalContext: `⚠️ AVISO DE FLUXO DE TRABALHO: Você está editando ${path.basename(filePath)} diretamente sem um comando do framework. ` +
-          'Esta edição não será rastreada no STATE.md nem produzirá um SUMMARY.md. ' +
-          'Considere usar /fast para correções triviais ou /quick para mudanças maiores ' +
-          'para manter o rastreamento de estado do projeto. ' +
-          'Se isso for intencional (ex.: usuário solicitou explicitamente uma edição direta), prossiga normalmente.'
-      }
-    };
-    // SEC-13-05: aguardar flush do stdout antes do exit. Sem callback, em
-    // pipes lentos (CI/Windows/Git Bash) o JSON pode ser dropado quando o
-    // process termina antes do kernel drenar o buffer.
-    process.stdout.write(JSON.stringify(output), () => {
-      process.exit(0);
-    });
-  } catch (e) {
-    // Silent fail — never block tool execution
-    process.exit(0);
-  }
-});
+#!/usr/bin/env node
+// hook-version: 1.30.1
+// SEC-13-05: flush-before-exit category = A (stdout.write + immediate exit)
+// Fix applied: process.stdout.write(payload, () => process.exit(0)) on warning path.
+// framework Workflow Guard — PreToolUse hook
+// Detects when Claude attempts file edits outside a framework workflow context
+// (no active / command or Task subagent) and injects an advisory warning.
+//
+// This is a SOFT guard — it advises, not blocks. The edit still proceeds.
+// The warning nudges Claude to use /quick or /fast instead of
+// making direct edits that bypass state tracking.
+//
+// Enable via config: hooks.workflow_guard: true (default: false)
+// Only triggers on Write/Edit tool calls to non-.planning/ files.
+const fs = require('fs');
+const path = require('path');
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 3000);
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name;
+    // Only guard Write and Edit tool calls
+    if (toolName !== 'Write' && toolName !== 'Edit') {
+      process.exit(0);
+    }
+    // Check if we're inside a framework workflow (Task subagent or / command)
+    // Subagents have a session_id that differs from the parent
+    // and typically have a description field set by the orchestrator
+    if (data.tool_input?.is_subagent || data.session_type === 'task') {
+      process.exit(0);
+    }
+    // Check the file being edited
+    const filePath = data.tool_input?.file_path || data.tool_input?.path || '';
+    // Allow edits to .planning/ files (framework state management)
+    if (filePath.includes('.planning/') || filePath.includes('.planning\\')) {
+      process.exit(0);
+    }
+    // Allow edits to common config/docs files that don't need framework tracking
+    const allowedPatterns = [
+      /\.gitignore$/,
+      /\.env/,
+      /CLAUDE\.md$/,
+      /AGENTS\.md$/,
+      /GEMINI\.md$/,
+      /settings\.json$/,
+    ];
+    if (allowedPatterns.some(p => p.test(filePath))) {
+      process.exit(0);
+    }
+    // Check if workflow guard is enabled
+    const cwd = data.cwd || process.cwd();
+    const configPath = path.join(cwd, '.planning', 'config.json');
+    if (fs.existsSync(configPath)) {
+      try {
+        const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+        if (!config.hooks?.workflow_guard) {
+          process.exit(0); // Guard disabled (default)
+        }
+      } catch (e) {
+        process.exit(0);
+      }
+    } else {
+      process.exit(0); // No framework project — don't guard
+    }
+    // If we get here: framework project, guard enabled, file edit outside .planning/,
+    // not in a subagent context. Inject advisory warning.
+    const output = {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        additionalContext: `⚠️ AVISO DE FLUXO DE TRABALHO: Você está editando ${path.basename(filePath)} diretamente sem um comando do framework. ` +
+          'Esta edição não será rastreada no STATE.md nem produzirá um SUMMARY.md. ' +
+          'Considere usar /fast para correções triviais ou /quick para mudanças maiores ' +
+          'para manter o rastreamento de estado do projeto. ' +
+          'Se isso for intencional (ex.: usuário solicitou explicitamente uma edição direta), prossiga normalmente.'
+      }
+    };
+    // SEC-13-05: aguardar flush do stdout antes do exit. Sem callback, em
+    // pipes lentos (CI/Windows/Git Bash) o JSON pode ser dropado quando o
+    // process termina antes do kernel drenar o buffer.
+    process.stdout.write(JSON.stringify(output), () => {
+      process.exit(0);
+    });
+  } catch (e) {
+    // Silent fail — never block tool execution
+    process.exit(0);
+  }
+});

package/kit/settings.json CHANGED Viewed

@@ -1,45 +1,45 @@
-{
-  "permissions": {
-    "allow": []
-  },
-  "hooks": {
-    "SessionStart": [
-      {
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node .claude/hooks/check-update.js"
-          }
-        ]
-      }
-    ],
-    "PostToolUse": [
-      {
-        "matcher": "Bash|Edit|Write|MultiEdit|Agent|Task",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node .claude/hooks/context-monitor.js",
-            "timeout": 10
-          }
-        ]
-      }
-    ],
-    "PreToolUse": [
-      {
-        "matcher": "Write|Edit",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node .claude/hooks/prompt-guard.js",
-            "timeout": 5
-          }
-        ]
-      }
-    ]
-  },
-  "statusLine": {
-    "type": "command",
-    "command": "node .claude/hooks/statusline.js"
-  }
-}
+{
+  "permissions": {
+    "allow": []
+  },
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node .claude/hooks/check-update.js"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Bash|Edit|Write|MultiEdit|Agent|Task",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node .claude/hooks/context-monitor.js",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node .claude/hooks/prompt-guard.js",
+            "timeout": 5
+          }
+        ]
+      }
+    ]
+  },
+  "statusLine": {
+    "type": "command",
+    "command": "node .claude/hooks/statusline.js"
+  }
+}

package/kit/skills/_shared-multi-tenant/glossary.md ADDED Viewed

@@ -0,0 +1,186 @@
+# Glossário Multi-Tenant SaaS B2B — Termos, Patterns e Convenções
+> Arquivo de referência compartilhado pelas skills da Suíte Multi-Tenant v1.21. **NÃO é skill** — não tem `description:` triggerável; não aparece em `listKit`. Cross-referenciado pelas 15 skills via Markdown link relativo.
+>
+> **Cross-suite reference ATIVO:** termos Supabase já definidos em [`_shared-supabase/glossary.md`](../_shared-supabase/glossary.md) — esta skill **não duplica**, apenas linka. Termos como `RLS`, `auth.uid()`, `app_metadata`, `service_role`, `pg_cron`, `pgmq`, `STABLE`, `SECURITY INVOKER`, `search_path = ''` são definidos lá.
+---
+## (a) Termos PT-BR ↔ EN — Multi-Tenancy Core
+### Tenancy
+| EN | PT-BR / Significado |
+|---|---|
+| **tenant** | Inquilino — entidade de top-level que isola dados entre clientes (organização/escritório). Em B2B SaaS = `organizations` row. |
+| **`org_id`** | Coluna canônica em **toda tabela multi-tenant** que identifica a qual `organizations.id` aquela linha pertence. RLS sempre filtra por `org_id`. |
+| **multi-tenant** | App que serve N tenants do mesmo deployment, com isolamento de dados entre eles (tipicamente via RLS). |
+| **single-tenant** | App que serve 1 tenant por deployment (típico enterprise on-prem). |
+| **isolation strategy** | Como tenants são separados — **single schema + `org_id`** (default 90% B2B), schema-per-tenant, ou DB-per-tenant. Ver skill [`b2b-saas-architecture`](../b2b-saas-architecture/SKILL.md). |
+| **cross-tenant query** | Query que toca dados de mais de um tenant — apenas super_admin pode executar. Sempre auditada. |
+| **tenant routing** | Mapeamento URL → tenant. Padrão canônico: `/orgs/[slug]/...`. |
+### Hierarquia
+| EN | PT-BR / Significado |
+|---|---|
+| **organization** | Tenant root. Tabela `public.organizations`. Tem `owner_id`, `plan`, `slug` (imutável). |
+| **department** | Sub-divisão opcional de uma org. Tabela `public.departments` com `org_id` FK + `parent_id` para hierarquia (até 5 níveis máx por convenção). |
+| **member** | User pertencente a uma org. Tabela `public.organization_members(org_id, user_id, role_id)`. |
+| **department member** | User pertencente a um dept. Tabela `public.department_members(dept_id, user_id, role_id)`. `role_id` NULL = herda do `organization_members`. |
+| **leader** | Membro de departamento com flag `is_leader = true`. Não é uma role — é capability adicional dentro do dept. |
+### RBAC
+| EN | PT-BR / Significado |
+|---|---|
+| **RBAC** | Role-Based Access Control — autorização por role (não por user direto). Cada user tem 1 role por org. |
+| **role** | Função/cargo dentro de uma org. Tabela `public.roles(org_id, name)`. 3 built-in (owner/admin/member) + custom permitidos. |
+| **permission** | Capacidade granular — string `<resource>:<action>` (ex: `leads:create`, `members:invite`). Tabela `public.permissions(action, resource)`. |
+| **permission matrix** | Mapeamento N:M de roles ↔ permissions. Tabela `public.role_permissions(role_id, permission_id)`. |
+| **role inheritance** | Department member sem role própria herda role do organization_members. NULL → herda; preenchido → sobrescreve. |
+| **role escalation rule** | Regra canônica: usuário só pode atribuir roles ≤ ao próprio role (admin não cria owner; member não cria admin). |
+### Super-admin
+| EN | PT-BR / Significado |
+|---|---|
+| **super_admin** | Usuário com `app_metadata.super_admin = true` (set apenas via service_role). Bypassa todas as RLS via helper function `private.is_super_admin()`. |
+| **impersonation** | Super-admin assume identidade de outro user temporariamente para suporte. **Sempre** com banner visual + reason obrigatório + TTL 30min. |
+| **platform admin** | Sinônimo de super_admin no contexto B2B SaaS. |
+| **cross-tenant view** | Lista todos tenants para super_admin (Settings → All Organizations). Apenas super_admin enxerga. |
+### Invite Flow
+| EN | PT-BR / Significado |
+|---|---|
+| **invitation token** | Hash SHA-256 de uma string aleatória de 32 bytes. Armazenado no banco; raw token enviado por email. Single-use, TTL 7 dias. |
+| **invite state machine** | `pending → accepted | rejected | cancelled | expired`. Transições enforced via trigger ou check constraint. |
+| **email-locked invite** | Invite válido apenas se quem clica está logado com email destino. Anti-pattern: link compartilhável (qualquer um aceita). |
+| **first admin** | Usuário criador da org — ganha role `owner` na criação, sem invite. |
+| **bulk invite** | UI permite invite N emails de uma vez. Cada um gera linha em `org_invites` independente. |
+### Audit Log
+| EN | PT-BR / Significado |
+|---|---|
+| **audit log** | Tabela `public.audit_logs` append-only registrando eventos críticos com `tenant_id` indexado. |
+| **append-only table** | Tabela onde `DELETE` e `UPDATE` são revogados via `REVOKE DELETE, UPDATE FROM authenticated`. Apenas service_role pode mutar (via partition swap, raramente). |
+| **event taxonomy** | 7 eventos canônicos mínimos: `login`, `member_invited`, `role_changed`, `data_exported`, `member_removed`, `settings_changed`, `super_admin_action`. |
+| **legal hold** | Flag boolean `legal_hold` em row de audit_log que **bloqueia** delete enquanto DSR LGPD está pendente. |
+| **PII sanitization** | Antes de armazenar em audit_log, hash de `actor_email` e `target_phone` (SHA-256). Nunca raw PII em log. |
+### LGPD
+| EN | PT-BR / Significado |
+|---|---|
+| **LGPD** | Lei Geral de Proteção de Dados (Brasil) — Lei 13.709/2018. Equivalente brasileiro do GDPR. |
+| **DSR** | Data Subject Request — pedido formal do titular dos dados exercendo direito previsto em Art. 18 LGPD. SLA legal 15 dias (Art. 19). |
+| **9 direitos LGPD Art. 18** | Confirmação · Acesso · Correção · Anonimização/Bloqueio/Eliminação · Portabilidade · Eliminação · Informação sobre compartilhamento · Revogação de consentimento · Revisão de decisão automatizada |
+| **anonymization** | Padrão de erasure: preservar UUID, apagar PII (`name → NULL`, `email → SHA-256 hash`, `phone → NULL`). Permite manter audit trail sem violar LGPD. |
+| **consent grain** | Granularidade do consentimento — separado por finalidade (analytics ≠ marketing ≠ third-party-share). Default opt-out (Art. 8 §5 LGPD). |
+| **adequacy decision** | Decisão da ANPD/comissão equivalente reconhecendo país como destino seguro de transferência internacional. Brasil-UE estabelecida em jan/2026. |
+### Webhooks (Evolution Go / Meta Cloud)
+| EN | PT-BR / Significado |
+|---|---|
+| **Evolution Go** | Implementação alternativa do WhatsApp via biblioteca `whatsmeow` (Go) — usa protocolo WhatsApp Web não-oficial. Não é Meta Cloud API. |
+| **Meta Cloud API** | API oficial WhatsApp Business da Meta. Requer Business Account, número aprovado, custo por conversa. |
+| **HMAC-SHA256 signature** | Validação de webhook Meta — header `X-Hub-Signature-256: sha256=<hmac>`. Computar HMAC sobre **raw body antes de JSON.parse**. |
+| **timing-safe comparison** | Comparação de strings em tempo constante (`crypto.timingSafeEqual`) para evitar timing attacks na validação HMAC. |
+| **idempotency key** | `(org_id, message_id)` unique constraint — `ON CONFLICT DO NOTHING` evita duplicatas em retry Meta (entrega at-least-once). |
+| **webhook event types** | 19 tipos documentados Evolution Go: `messages.upsert`, `messages.update`, `groups.upsert`, etc. |
+| **rate limit Meta** | 80 msg/s default. Exceder = erro 131056, escala para 24h ban. |
+| **throttle Evolution Go** | 1 msg/s (manual, biblioteca não enforce). Acima disso = ban Meta de qualquer forma (mesma infra subjacente). |
+| **conversation state machine** | Modelagem de fluxo conversa WhatsApp (lead → qualified → opt-in → conversation → action). Estados persistidos em PG (não em memória). Implementado com `xstate v5`. |
+### CRM Lead Pipeline
+| EN | PT-BR / Significado |
+|---|---|
+| **lead** | Contato em estágio inicial do funil de vendas. Tabela `public.leads(org_id, contact_email, contact_phone, stage, owner_id)`. |
+| **stages canônicos** | `lead → qualified → proposal → negotiation → won | lost`. Transições enforced via trigger BEFORE UPDATE (não só CHECK constraint que client pode burlar). |
+| **ownership transfer** | Mudar `owner_id` de um lead. Sempre dispara: notificação ao novo owner + entry em audit_log com `previous_owner_id, new_owner_id, reason`. |
+| **lead dedup** | Unique constraint `(org_id, contact_phone)` + `(org_id, contact_email)`. Lookup obrigatório antes de criar lead via integração WhatsApp. |
+| **scoring** | Pontuação de lead (manual ou auto). Diferenciador (não table stakes). Out-of-scope v1.21. |
+### React Patterns
+| EN | PT-BR / Significado |
+|---|---|
+| **org switcher** | Componente UI que troca tenant ativo. Padrão canônico: URL `/orgs/[slug]/...` (Next.js middleware) ou `useParams()` (Vite SPA). |
+| **permission gate** | Componente declarativo `<PermissionGate permission="leads:create">` que esconde UI quando user não tem permission. **Apenas UX** — server-side enforcement obrigatório via RLS. |
+| **CASL** | Biblioteca canônica RBAC para React 2026. `@casl/ability` 6.8 + `@casl/react` 4.x. Isomorfica (frontend + backend). |
+| **JWT stale** | Após mudança de role, JWT do client ainda tem role antiga até refresh (~1h). Mitigação: `supabase.auth.refreshSession()` imediatamente após operação de role change + RLS como enforcement final. |
+| **shadcn/ui** | Component library copy-paste (não NPM package). Componentes para member management: `data-table`, `dialog`, `select`, `badge`, `dropdown-menu`, `avatar`, `command`, `form`, `toast`. |
+---
+## (b) Decisões Arquiteturais Vinculantes (cristalizadas em Phase 106)
+1. **Single Schema + `org_id` + RLS** é estratégia default (90% B2B). Schema-per-tenant é exceção justificada por compliance.
+2. **JWT minimal** — apenas `super_admin: bool` em `app_metadata`. Lista de orgs no JWT é anti-pattern.
+3. **Helper functions PG STABLE** — todas as funções `private.is_member_of`, `private.has_role`, `private.has_permission`, `private.is_super_admin` marcadas `STABLE`. VOLATILE = re-execução por linha.
+4. **7 tabelas core** — `organizations`, `departments`, `roles`, `permissions`, `role_permissions`, `organization_members`, `department_members` (+ auxiliar `organization_slug_history`).
+5. **Slug imutável** com redirect trail via `organization_slug_history`. Mutação direta = bookmarks/webhooks/OAuth quebram.
+6. **Audit log append-only** — REVOKE DELETE, UPDATE para `authenticated`. Apenas service_role pode mutar.
+7. **DSR erasure via anonymization** — preserva UUID, apaga PII. Hard delete destrói audit trail.
+8. **HMAC validation antes de JSON.parse** — sobre raw body. Validar após parse = inválido.
+---
+## (c) Convenções de Naming (todas as tabelas multi-tenant)
+| Padrão | Exemplo |
+|---|---|
+| Tabelas em snake_case plural | `organizations`, `organization_members`, `department_members`, `role_permissions` |
+| Colunas em snake_case singular | `org_id`, `user_id`, `role_id`, `created_at`, `is_leader` |
+| FK naming `<entidade>_id` | `org_id`, `user_id`, `dept_id`, `role_id`, `permission_id` |
+| Boolean prefix `is_` ou `has_` | `is_leader`, `is_super_admin`, `is_built_in`, `has_permission` |
+| Timestamps ISO 8601 | `created_at`, `updated_at`, `joined_at`, `expires_at`, `accepted_at` |
+| Helper functions em schema `private` | `private.is_member_of`, `private.has_role`, `private.has_permission`, `private.is_super_admin` |
+| Audit triggers em schema `private` | `private.track_org_slug_change`, `private.create_audit_partition`, `private.on_org_created` |
+---
+## (d) Cross-Refs Externos
+- [Supabase RLS Best Practices](https://makerkit.dev/blog/tutorials/supabase-rls-best-practices)
+- [Supabase Custom Access Token Hook](https://supabase.com/docs/guides/auth/auth-hooks/custom-access-token-hook)
+- [Supabase Supavisor 1M Connections](https://supabase.com/blog/supavisor-1-million)
+- [Meta Developers — WhatsApp Webhooks](https://developers.facebook.com/docs/whatsapp/cloud-api/guides/set-up-webhooks/)
+- [Meta Developers — Messaging Limits](https://developers.facebook.com/docs/whatsapp/messaging-limits/)
+- [Evolution API Documentation](https://doc.evolution-api.com/v2/en/configuration/webhooks)
+- [LGPD Brazil — Lei 13.709/2018](https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm)
+- [ANPD — International Data Transfers Deadline 2025](https://www.mydata-trust.com/2025/08/19/brazil-data-transfers-deadline/)
+- [CASL Documentation](https://casl.js.org/)
+- [shadcn/ui](https://ui.shadcn.com/)
+---
+## (e) Cross-Suite Invocation Pattern (introduzido v1.21)
+Agents da Suíte Multi-Tenant **não duplicam** lógica Supabase. Padrão canônico de delegação:
+```
+b2b-saas-architect (v1.21)
+  └─→ Task(supabase-architect)         # plano de migration + tier/branches
+      └─→ Task(supabase-migration-writer) # SQL final
+multi-tenant-rls-writer (v1.21)
+  ├─ herda anti-pitfalls supabase-rls-writer (v1.8) via cross-ref Markdown
+  └─ adiciona helper functions hierárquicas + super_admin bypass
+evolution-go-integrator (v1.21)
+  └─→ Task(supabase-edge-fn-writer)     # Deno code da Edge Function
+audit-log-implementer (v1.21)
+  └─ usa skill supabase-cron-queues (v1.8) para retention scheduling
+org-onboarding-implementer (v1.21)
+  ├─→ Task(supabase-migration-writer)   # migration de criação de org
+  └─→ Task(supabase-edge-fn-writer)     # Edge Function setup wizard
+```
+**Anti-pattern:** agent v1.21 reescrever lógica de RLS do zero (deve herdar e estender). Agent v1.21 escrever Edge Function direto (deve delegar para `supabase-edge-fn-writer`).