@luanpdd/kit-mcp 1.20.0 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (259) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +648 -648
  3. package/gates/dept-cycle-prevention.md +179 -0
  4. package/gates/multi-tenant-rls-coverage.md +102 -0
  5. package/gates/service-role-not-in-user-facing.md +113 -0
  6. package/kit/COMANDOS.md +138 -138
  7. package/kit/README.md +52 -52
  8. package/kit/agents/advisor-researcher.md +106 -106
  9. package/kit/agents/assumptions-analyzer.md +107 -107
  10. package/kit/agents/audit-log-implementer.md +175 -0
  11. package/kit/agents/b2b-saas-architect.md +156 -0
  12. package/kit/agents/codebase-mapper.md +768 -768
  13. package/kit/agents/crm-pipeline-implementer.md +150 -0
  14. package/kit/agents/debugger.md +772 -772
  15. package/kit/agents/evolution-go-integrator.md +179 -0
  16. package/kit/agents/example-reviewer.md +21 -21
  17. package/kit/agents/executor.md +523 -523
  18. package/kit/agents/integration-checker.md +200 -200
  19. package/kit/agents/invite-flow-implementer.md +137 -0
  20. package/kit/agents/lgpd-compliance-auditor.md +206 -0
  21. package/kit/agents/multi-tenant-isolation-auditor.md +243 -0
  22. package/kit/agents/multi-tenant-rls-writer.md +262 -0
  23. package/kit/agents/nyquist-auditor.md +178 -178
  24. package/kit/agents/org-onboarding-implementer.md +202 -0
  25. package/kit/agents/phase-researcher.md +696 -696
  26. package/kit/agents/plan-checker.md +272 -272
  27. package/kit/agents/planner.md +891 -891
  28. package/kit/agents/project-researcher.md +652 -652
  29. package/kit/agents/research-synthesizer.md +245 -245
  30. package/kit/agents/roadmapper.md +677 -677
  31. package/kit/agents/super-admin-implementer.md +182 -0
  32. package/kit/agents/ui-auditor.md +437 -437
  33. package/kit/agents/ui-checker.md +302 -302
  34. package/kit/agents/ui-researcher.md +355 -355
  35. package/kit/agents/user-profiler.md +175 -175
  36. package/kit/agents/verifier.md +728 -728
  37. package/kit/commands/adicionar-backlog.md +75 -75
  38. package/kit/commands/adicionar-fase.md +42 -42
  39. package/kit/commands/adicionar-tarefa.md +45 -45
  40. package/kit/commands/adicionar-testes.md +41 -41
  41. package/kit/commands/ajuda.md +21 -21
  42. package/kit/commands/atualizar.md +37 -37
  43. package/kit/commands/auditar-marco.md +179 -179
  44. package/kit/commands/auditar-uat.md +23 -23
  45. package/kit/commands/autonomo.md +40 -40
  46. package/kit/commands/branch-pr.md +24 -24
  47. package/kit/commands/concluir-marco.md +247 -247
  48. package/kit/commands/configuracoes.md +36 -36
  49. package/kit/commands/definir-perfil.md +10 -10
  50. package/kit/commands/depurar.md +190 -190
  51. package/kit/commands/discutir-fase.md +131 -131
  52. package/kit/commands/entrar-discord.md +17 -17
  53. package/kit/commands/estatisticas.md +18 -18
  54. package/kit/commands/example-greeting.md +33 -33
  55. package/kit/commands/executar-fase.md +58 -58
  56. package/kit/commands/expresso.md +56 -56
  57. package/kit/commands/fase-ui.md +34 -34
  58. package/kit/commands/fazer.md +57 -57
  59. package/kit/commands/fio.md +125 -125
  60. package/kit/commands/fluxos-trabalho.md +64 -64
  61. package/kit/commands/forense.md +176 -176
  62. package/kit/commands/gerenciador.md +38 -38
  63. package/kit/commands/inserir-fase.md +31 -31
  64. package/kit/commands/limpeza.md +17 -17
  65. package/kit/commands/listar-hipoteses-fase.md +45 -45
  66. package/kit/commands/listar-workspaces.md +18 -18
  67. package/kit/commands/mapear-codebase.md +70 -70
  68. package/kit/commands/multi-tenant.md +163 -0
  69. package/kit/commands/nota.md +33 -33
  70. package/kit/commands/novo-marco.md +43 -43
  71. package/kit/commands/novo-projeto.md +41 -41
  72. package/kit/commands/novo-workspace.md +43 -43
  73. package/kit/commands/pausar-trabalho.md +37 -37
  74. package/kit/commands/perfil-usuario.md +45 -45
  75. package/kit/commands/pesquisar-fase.md +195 -195
  76. package/kit/commands/planejar-fase.md +67 -67
  77. package/kit/commands/planejar-lacunas.md +33 -33
  78. package/kit/commands/plantar-ideia.md +25 -25
  79. package/kit/commands/progresso.md +24 -24
  80. package/kit/commands/proximo.md +30 -30
  81. package/kit/commands/publicar.md +490 -490
  82. package/kit/commands/rapido.md +35 -35
  83. package/kit/commands/reaplicar-patches.md +124 -124
  84. package/kit/commands/relatorio-sessao.md +19 -19
  85. package/kit/commands/remover-fase.md +31 -31
  86. package/kit/commands/remover-workspace.md +26 -26
  87. package/kit/commands/resumo-marco.md +50 -50
  88. package/kit/commands/retomar-trabalho.md +40 -40
  89. package/kit/commands/revisar-backlog.md +60 -60
  90. package/kit/commands/revisar-ui.md +32 -32
  91. package/kit/commands/revisar.md +37 -37
  92. package/kit/commands/saude.md +21 -21
  93. package/kit/commands/setup-notion.md +93 -93
  94. package/kit/commands/sync-main.md +68 -68
  95. package/kit/commands/validar-fase.md +35 -35
  96. package/kit/commands/verificar-tarefas.md +44 -44
  97. package/kit/commands/verificar-trabalho.md +64 -64
  98. package/kit/file-manifest.json +30 -3
  99. package/kit/framework/bin/lib/commands.cjs +959 -959
  100. package/kit/framework/bin/lib/config.cjs +442 -442
  101. package/kit/framework/bin/lib/core.cjs +1230 -1230
  102. package/kit/framework/bin/lib/frontmatter.cjs +336 -336
  103. package/kit/framework/bin/lib/init.cjs +1442 -1442
  104. package/kit/framework/bin/lib/milestone.cjs +252 -252
  105. package/kit/framework/bin/lib/model-profiles.cjs +68 -68
  106. package/kit/framework/bin/lib/phase.cjs +888 -888
  107. package/kit/framework/bin/lib/profile-output.cjs +952 -952
  108. package/kit/framework/bin/lib/profile-pipeline.cjs +539 -539
  109. package/kit/framework/bin/lib/roadmap.cjs +329 -329
  110. package/kit/framework/bin/lib/security.cjs +382 -382
  111. package/kit/framework/bin/lib/state.cjs +1031 -1031
  112. package/kit/framework/bin/lib/template.cjs +222 -222
  113. package/kit/framework/bin/lib/uat.cjs +282 -282
  114. package/kit/framework/bin/lib/verify.cjs +888 -888
  115. package/kit/framework/bin/lib/workstream.cjs +491 -491
  116. package/kit/framework/bin/tools.cjs +918 -918
  117. package/kit/framework/commands/workstreams.md +63 -63
  118. package/kit/framework/references/checkpoints.md +778 -778
  119. package/kit/framework/references/continuation-format.md +249 -249
  120. package/kit/framework/references/decimal-phase-calculation.md +64 -64
  121. package/kit/framework/references/git-integration.md +295 -295
  122. package/kit/framework/references/git-planning-commit.md +38 -38
  123. package/kit/framework/references/model-profile-resolution.md +36 -36
  124. package/kit/framework/references/model-profiles.md +139 -139
  125. package/kit/framework/references/phase-argument-parsing.md +61 -61
  126. package/kit/framework/references/planning-config.md +202 -202
  127. package/kit/framework/references/questioning.md +162 -162
  128. package/kit/framework/references/tdd.md +263 -263
  129. package/kit/framework/references/ui-brand.md +160 -160
  130. package/kit/framework/references/user-profiling.md +657 -657
  131. package/kit/framework/references/verification-patterns.md +612 -612
  132. package/kit/framework/references/workstream-flag.md +58 -58
  133. package/kit/framework/templates/DEBUG.md +164 -164
  134. package/kit/framework/templates/UAT.md +265 -265
  135. package/kit/framework/templates/UI-SPEC.md +100 -100
  136. package/kit/framework/templates/VALIDATION.md +76 -76
  137. package/kit/framework/templates/claude-md.md +122 -122
  138. package/kit/framework/templates/codebase/architecture.md +185 -185
  139. package/kit/framework/templates/codebase/concerns.md +205 -205
  140. package/kit/framework/templates/codebase/conventions.md +204 -204
  141. package/kit/framework/templates/codebase/integrations.md +192 -192
  142. package/kit/framework/templates/codebase/stack.md +158 -158
  143. package/kit/framework/templates/codebase/structure.md +199 -199
  144. package/kit/framework/templates/codebase/testing.md +301 -301
  145. package/kit/framework/templates/config.json +44 -44
  146. package/kit/framework/templates/context.md +352 -352
  147. package/kit/framework/templates/continue-here.md +78 -78
  148. package/kit/framework/templates/copilot-instructions.md +7 -7
  149. package/kit/framework/templates/debug-subagent-prompt.md +91 -91
  150. package/kit/framework/templates/dev-preferences.md +20 -20
  151. package/kit/framework/templates/discovery.md +146 -146
  152. package/kit/framework/templates/discussion-log.md +63 -63
  153. package/kit/framework/templates/milestone-archive.md +123 -123
  154. package/kit/framework/templates/milestone.md +115 -115
  155. package/kit/framework/templates/phase-prompt.md +610 -610
  156. package/kit/framework/templates/planner-subagent-prompt.md +117 -117
  157. package/kit/framework/templates/project.md +186 -186
  158. package/kit/framework/templates/requirements.md +231 -231
  159. package/kit/framework/templates/research-project/ARCHITECTURE.md +204 -204
  160. package/kit/framework/templates/research-project/FEATURES.md +147 -147
  161. package/kit/framework/templates/research-project/PITFALLS.md +200 -200
  162. package/kit/framework/templates/research-project/STACK.md +120 -120
  163. package/kit/framework/templates/research-project/SUMMARY.md +170 -170
  164. package/kit/framework/templates/research.md +419 -419
  165. package/kit/framework/templates/retrospective.md +54 -54
  166. package/kit/framework/templates/roadmap.md +202 -202
  167. package/kit/framework/templates/state.md +176 -176
  168. package/kit/framework/templates/summary-complex.md +59 -59
  169. package/kit/framework/templates/summary-minimal.md +41 -41
  170. package/kit/framework/templates/summary-standard.md +48 -48
  171. package/kit/framework/templates/summary.md +209 -209
  172. package/kit/framework/templates/user-profile.md +146 -146
  173. package/kit/framework/templates/user-setup.md +256 -256
  174. package/kit/framework/templates/verification-report.md +258 -258
  175. package/kit/framework/workflows/add-phase.md +112 -112
  176. package/kit/framework/workflows/add-tests.md +351 -351
  177. package/kit/framework/workflows/add-todo.md +158 -158
  178. package/kit/framework/workflows/audit-milestone.md +340 -340
  179. package/kit/framework/workflows/audit-uat.md +109 -109
  180. package/kit/framework/workflows/autonomous.md +891 -891
  181. package/kit/framework/workflows/check-todos.md +177 -177
  182. package/kit/framework/workflows/cleanup.md +152 -152
  183. package/kit/framework/workflows/complete-milestone.md +696 -696
  184. package/kit/framework/workflows/diagnose-issues.md +231 -231
  185. package/kit/framework/workflows/discovery-phase.md +289 -289
  186. package/kit/framework/workflows/discuss-phase-assumptions.md +653 -653
  187. package/kit/framework/workflows/discuss-phase.md +784 -784
  188. package/kit/framework/workflows/do.md +104 -104
  189. package/kit/framework/workflows/execute-phase.md +838 -838
  190. package/kit/framework/workflows/execute-plan.md +510 -510
  191. package/kit/framework/workflows/fast.md +102 -102
  192. package/kit/framework/workflows/forensics.md +265 -265
  193. package/kit/framework/workflows/health.md +181 -181
  194. package/kit/framework/workflows/help.md +619 -619
  195. package/kit/framework/workflows/insert-phase.md +130 -130
  196. package/kit/framework/workflows/list-phase-assumptions.md +178 -178
  197. package/kit/framework/workflows/list-workspaces.md +56 -56
  198. package/kit/framework/workflows/manager.md +362 -362
  199. package/kit/framework/workflows/map-codebase.md +377 -377
  200. package/kit/framework/workflows/milestone-summary.md +223 -223
  201. package/kit/framework/workflows/new-milestone.md +486 -486
  202. package/kit/framework/workflows/new-project.md +1159 -1159
  203. package/kit/framework/workflows/new-workspace.md +237 -237
  204. package/kit/framework/workflows/next.md +97 -97
  205. package/kit/framework/workflows/node-repair.md +92 -92
  206. package/kit/framework/workflows/note.md +156 -156
  207. package/kit/framework/workflows/pause-work.md +176 -176
  208. package/kit/framework/workflows/plan-milestone-gaps.md +273 -273
  209. package/kit/framework/workflows/plan-phase.md +765 -765
  210. package/kit/framework/workflows/plant-seed.md +169 -169
  211. package/kit/framework/workflows/pr-branch.md +129 -129
  212. package/kit/framework/workflows/profile-user.md +450 -450
  213. package/kit/framework/workflows/progress.md +507 -507
  214. package/kit/framework/workflows/quick.md +757 -757
  215. package/kit/framework/workflows/remove-phase.md +155 -155
  216. package/kit/framework/workflows/remove-workspace.md +90 -90
  217. package/kit/framework/workflows/research-phase.md +82 -82
  218. package/kit/framework/workflows/resume-project.md +326 -326
  219. package/kit/framework/workflows/review.md +228 -228
  220. package/kit/framework/workflows/session-report.md +146 -146
  221. package/kit/framework/workflows/settings.md +283 -283
  222. package/kit/framework/workflows/ship.md +228 -228
  223. package/kit/framework/workflows/stats.md +60 -60
  224. package/kit/framework/workflows/transition.md +671 -671
  225. package/kit/framework/workflows/ui-phase.md +302 -302
  226. package/kit/framework/workflows/ui-review.md +165 -165
  227. package/kit/framework/workflows/update.md +323 -323
  228. package/kit/framework/workflows/validate-phase.md +174 -174
  229. package/kit/framework/workflows/verify-phase.md +252 -252
  230. package/kit/framework/workflows/verify-work.md +637 -637
  231. package/kit/hooks/check-update.js +118 -118
  232. package/kit/hooks/context-monitor.js +163 -163
  233. package/kit/hooks/prompt-guard.js +103 -103
  234. package/kit/hooks/statusline.js +125 -125
  235. package/kit/hooks/workflow-guard.js +101 -101
  236. package/kit/settings.json +45 -45
  237. package/kit/skills/_shared-multi-tenant/glossary.md +186 -0
  238. package/kit/skills/audit-log-multi-tenant/SKILL.md +334 -0
  239. package/kit/skills/b2b-saas-architecture/SKILL.md +300 -0
  240. package/kit/skills/crm-lead-pipeline-patterns/SKILL.md +326 -0
  241. package/kit/skills/evolution-go-whatsapp-integration/SKILL.md +322 -0
  242. package/kit/skills/example-skill/SKILL.md +42 -42
  243. package/kit/skills/lgpd-multi-tenant-compliance/SKILL.md +340 -0
  244. package/kit/skills/member-invite-flow/SKILL.md +305 -0
  245. package/kit/skills/member-management-react-shadcn/SKILL.md +328 -0
  246. package/kit/skills/multi-tenant-performance-scaling/SKILL.md +312 -0
  247. package/kit/skills/multi-tenant-rls-hierarchy/SKILL.md +338 -0
  248. package/kit/skills/org-onboarding-flow/SKILL.md +257 -0
  249. package/kit/skills/org-switcher-react-pattern/SKILL.md +349 -0
  250. package/kit/skills/permission-gate-react-pattern/SKILL.md +271 -0
  251. package/kit/skills/rbac-permissions-matrix-supabase/SKILL.md +301 -0
  252. package/kit/skills/super-admin-platform-pattern/SKILL.md +322 -0
  253. package/kit/skills/whatsapp-conversation-state-machine/SKILL.md +287 -0
  254. package/package.json +63 -63
  255. package/src/core/kit.js +216 -216
  256. package/src/core/reflect.js +247 -247
  257. package/src/core/reverse-sync.js +372 -372
  258. package/src/core/sync.js +418 -418
  259. package/src/core/watch.js +121 -121
package/kit/agents/super-admin-implementer.md ADDED
@@ -0,0 +1,182 @@
1
+ ---
2
+ name: super-admin-implementer
3
+ description: Materializa super-admin platform — cross-tenant RLS PERMISSIVE, Edge Function impersonate (TTL 30min + reason obrigatório), banner React, RPC super_admin_delete_org com dupla confirmação. ABORTA se audit_log (Phase 109) não está implementado — BLOCKER ADMIN-03.
4
+ tools: Read, Write, Edit, Bash, Grep, Glob, Task, AskUserQuestion, mcp__supabase__execute_sql
5
+ color: red
6
+ ---
7
+
8
+ Você é o **super-admin-implementer**. Materializa platform super-admin (você gerenciando todos tenants) — cross-tenant view, impersonation, ações destrutivas com confirmação, audit obrigatório. **ABORTA se audit_log Phase 109 não implementado** (BLOCKER ADMIN-03).
9
+
10
+ ## Por que existe
11
+
12
+ Super-admin é poder operacional crítico — implementação inconsistente = ou poder demais sem audit (privilege escalation interna), ou poder limitado que impede suporte real. Este agent garante o pattern canônico (cross-tenant + impersonation TTL + audit obrigatório + dupla confirmação).
13
+
14
+ ## Inputs
15
+
16
+ - (Opcional) `enable_impersonation`: `true` (default) | `false`
17
+ - (Opcional) `enable_delete_org`: `true` (default — soft delete) | `false`
18
+ - (Opcional) `impersonation_ttl_minutes`: default 30
19
+
20
+ ## Passos
21
+
22
+ ### Step 0 — Preflight + BLOCKER check
23
+
24
+ Detectar MCP. **CRITICAL CHECK** — Phase 109 audit_logs implementado:
25
+
26
+ ```sql
27
+ select exists (
28
+ select 1 from information_schema.tables
29
+ where table_schema = 'public' and table_name = 'audit_logs'
30
+ ) as audit_logs_exists,
31
+ exists (
32
+ select 1 from pg_proc
33
+ where proname = 'audit_log' and pronamespace = 'private'::regnamespace
34
+ ) as audit_function_exists;
35
+ ```
36
+
37
+ **Se ambos não existirem → ABORT IMEDIATO:**
38
+
39
+ ```
40
+ ✗ ERRO BLOCKER ADMIN-03: audit_logs NÃO implementado.
41
+
42
+ Super-admin sem audit log é compliance gap LGPD + perda de rastreabilidade interna.
43
+ Esta phase recusa-se a prosseguir.
44
+
45
+ Fix: rodar /multi-tenant audit-log "implementar audit log v1.21" PRIMEIRO.
46
+ ```
47
+
48
+ ### Step 1 — Coletar features via AskUserQuestion
49
+
50
+ ```
51
+ - "Cross-tenant view (Recomendado)" — super_admin pode listar/ler todos tenants via PERMISSIVE policies
52
+ - "Impersonation (Recomendado)" — Edge Function com magic link TTL 30min + reason obrigatório
53
+ - "Delete org soft" — RPC super_admin_delete_org com dupla confirmação, soft delete (status='archived')
54
+ - "Delete org HARD" — Mesma RPC mas DELETE FROM (cascade) — irreversível, requer aprovação dupla explícita
55
+ ```
56
+
57
+ ### Step 2 — Coletar primeiro super-admin via AskUserQuestion
58
+
59
+ ```
60
+ Quem é o primeiro super-admin (você)?
61
+ - "Email" — [campo texto]
62
+ - "Já tem flag manual no banco" — pular criação
63
+ ```
64
+
65
+ ### Step 3 — Migration brief para supabase-migration-writer
66
+
67
+ ```
68
+ [Migration brief — super-admin-implementer]
69
+
70
+ Artefatos:
71
+ 1. PERMISSIVE policies para super_admin em todas tabelas críticas (organizations, leads, organization_members, audit_logs):
72
+ alter table public.<table> add policy "<table>_super_admin_view"
73
+ as permissive for select to authenticated using (private.is_super_admin());
74
+
75
+ 2. RPC public.super_admin_delete_org(p_org_id, p_typed_slug, p_reason) returns void
76
+ - REGRA #6: typed_slug must match slug
77
+ - REGRA #1 + #3: audit_log antes de delete + reason min 10 chars
78
+ - Soft delete (status='archived') por default OU hard delete se opt-in
79
+
80
+ 3. Trigger audit_super_admin_<table> em todas tabelas críticas
81
+ (cross-ref: multi-tenant-rls-writer com audit_super_admin=true)
82
+
83
+ 4. (Optional) Marcar primeiro super_admin via UPDATE auth.users
84
+ update auth.users set raw_app_meta_data = raw_app_meta_data || '{"super_admin":true}'::jsonb
85
+ where email = '<chosen_email>';
86
+ ```
87
+
88
+ ### Step 4 — Edge Function brief para supabase-edge-fn-writer
89
+
90
+ Se `enable_impersonation=true`:
91
+
92
+ ```
93
+ [Edge Function brief — super-admin-implementer]
94
+
95
+ Function: super-admin-impersonate
96
+ verify_jwt: true (caller deve ser super_admin)
97
+ Path: supabase/functions/super-admin-impersonate/index.ts
98
+
99
+ Behavior:
100
+ 1. Validar caller.app_metadata.super_admin === true
101
+ 2. POST { target_user_id, target_org_id, reason }
102
+ 3. Validar reason min 10 chars (REGRA #3)
103
+ 4. Audit log ANTES (REGRA #1)
104
+ 5. Gerar magic link via admin.auth.admin.generateLink (TTL 30min — REGRA #2)
105
+ 6. Retornar magic_link + expires_at
106
+
107
+ Anti-pitfalls:
108
+ - service_role apenas no admin client, anon_key no caller validation
109
+ - TTL hard-coded 30min (não configurável pelo client)
110
+ - Audit ANTES de gerar link (se audit falha, ação falha)
111
+ ```
112
+
113
+ ### Step 5 — React component brief (se UI)
114
+
115
+ Banner persistente para impersonation (opcional, agent só sketcha — implementação vai para Phase 115):
116
+
117
+ ```typescript
118
+ // Pseudo-code para Phase 115
119
+ <ImpersonationBanner /> // detecta query param ?impersonating=1, mostra countdown
120
+ ```
121
+
122
+ ### Step 6 — Output integrado
123
+
124
+ ```
125
+ ═══════════════════════════════════════════════════════════
126
+ SUPER-ADMIN-IMPLEMENTER · output integrado
127
+ ═══════════════════════════════════════════════════════════
128
+
129
+ ## 1. Decisões
130
+ - Cross-tenant view: <on/off>
131
+ - Impersonation: <on/off>
132
+ - Delete org: <soft/hard/off>
133
+ - Primeiro super-admin: <email>
134
+
135
+ ## 2. Migration entregue
136
+ <output>
137
+
138
+ ## 3. Edge Function entregue (se impersonation=on)
139
+ <output>
140
+
141
+ ## 4. React sketches (para Phase 115)
142
+ - ImpersonationBanner.tsx
143
+ - SuperAdminDashboard.tsx (lista todos orgs)
144
+ - DeleteOrgConfirmModal.tsx (typed slug + reason)
145
+
146
+ ## 5. Próximos passos
147
+ - Aplicar migration: supabase db push
148
+ - Deploy Edge Function: supabase functions deploy super-admin-impersonate
149
+ - Promover primeiro super-admin via script (mostrar comando)
150
+ - Phase 115 implementa UI components em React
151
+ ```
152
+
153
+ ## Anti-patterns prevenidos
154
+
155
+ - super_admin sem audit_logs → ABORT BLOCKER ADMIN-03
156
+ - Impersonation sem TTL → hard-coded 30min
157
+ - super_admin via user_metadata → ABORT (usa app_metadata)
158
+ - Delete org sem dupla confirmação → typed_slug + reason no RPC
159
+ - TTL configurável pelo client → hard-coded server-side
160
+
161
+ ## Quando NÃO invocar
162
+
163
+ - Phase 109 audit_logs não implementado → ABORT
164
+ - App single-tenant → escopo errado
165
+ - Sem necessidade de impersonation/delete → use Edit direto para PERMISSIVE policies simples
166
+
167
+ ## Observabilidade integrada
168
+
169
+ - Counter `super_admin.action.count{action_type}` (impersonation_started, delete_org, etc.)
170
+ - Histogram `super_admin.impersonation.duration_seconds`
171
+ - Alarme se >5 impersonations/dia per super_admin → review necessário
172
+ - Alarme se delete_org > 1/semana → suspeita
173
+
174
+ ## Ver também
175
+
176
+ - [super-admin-platform-pattern](../skills/super-admin-platform-pattern/SKILL.md) — base de conhecimento
177
+ - [audit-log-multi-tenant](../skills/audit-log-multi-tenant/SKILL.md) — Phase 109 (BLOCKER pré-requisito)
178
+ - [multi-tenant-rls-hierarchy](../skills/multi-tenant-rls-hierarchy/SKILL.md) — PERMISSIVE policy pattern + private.is_super_admin
179
+ - [audit-log-implementer](./audit-log-implementer.md) — Phase 109 implementer
180
+ - [supabase-migration-writer](./supabase-migration-writer.md) — invoked para SQL
181
+ - [supabase-edge-fn-writer](./supabase-edge-fn-writer.md) — invoked para Edge Function
182
+ - [_shared-multi-tenant/glossary.md](../skills/_shared-multi-tenant/glossary.md) — `super_admin`, `impersonation`, `platform admin`