npm - @luanpdd/kit-mcp - Versions diffs - 1.28.0 → 1.30.0 - Mend

@luanpdd/kit-mcp 1.28.0 → 1.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (332) hide show

package/LICENSE +21 -21
package/README.md +168 -168
package/gates/agent-no-recursive-dispatch.md +82 -82
package/kit/COMANDOS.md +138 -138
package/kit/README.md +76 -76
package/kit/agents/advisor-researcher.md +106 -106
package/kit/agents/assumptions-analyzer.md +107 -107
package/kit/agents/audit-log-implementer.md +313 -313
package/kit/agents/auditor-consistencia-isolamento.md +413 -413
package/kit/agents/b2b-saas-architect.md +156 -156
package/kit/agents/cascading-failures-auditor.md +298 -298
package/kit/agents/codebase-mapper.md +768 -768
package/kit/agents/crm-pipeline-implementer.md +256 -256
package/kit/agents/debugger.md +813 -813
package/kit/agents/detector-tenant-quente.md +337 -337
package/kit/agents/evolution-go-integrator.md +200 -200
package/kit/agents/example-reviewer.md +21 -21
package/kit/agents/executor.md +564 -564
package/kit/agents/integration-checker.md +200 -200
package/kit/agents/invite-flow-implementer.md +189 -189
package/kit/agents/legacy-characterizer.md +368 -368
package/kit/agents/lgpd-compliance-auditor.md +295 -295
package/kit/agents/multi-tenant-isolation-auditor.md +253 -253
package/kit/agents/multi-tenant-rls-writer.md +340 -340
package/kit/agents/nyquist-auditor.md +178 -178
package/kit/agents/observability-coverage-auditor.md +315 -315
package/kit/agents/org-onboarding-implementer.md +223 -223
package/kit/agents/payload-capture-instrumenter.md +273 -273
package/kit/agents/phase-researcher.md +696 -696
package/kit/agents/plan-checker.md +272 -272
package/kit/agents/planner.md +922 -922
package/kit/agents/project-researcher.md +652 -652
package/kit/agents/refactor-safety-auditor.md +404 -404
package/kit/agents/research-synthesizer.md +245 -245
package/kit/agents/roadmapper.md +677 -677
package/kit/agents/seam-finder.md +359 -359
package/kit/agents/shotgun-surgery-detector.md +349 -349
package/kit/agents/supabase-branching-architect.md +562 -562
package/kit/agents/supabase-cicd-pipeline-implementer.md +777 -777
package/kit/agents/supabase-column-privileges-writer.md +399 -399
package/kit/agents/supabase-edge-fn-tester.md +287 -0
package/kit/agents/supabase-edge-fn-writer.md +239 -210
package/kit/agents/supabase-migration-writer.md +385 -385
package/kit/agents/supabase-rbac-implementer.md +392 -392
package/kit/agents/supabase-realtime-implementer.md +363 -267
package/kit/agents/supabase-rls-hardener.md +521 -521
package/kit/agents/supabase-rls-writer.md +323 -323
package/kit/agents/supabase-roles-implementer.md +355 -355
package/kit/agents/super-admin-implementer.md +281 -281
package/kit/agents/ui-auditor.md +437 -437
package/kit/agents/ui-checker.md +302 -302
package/kit/agents/ui-researcher.md +355 -355
package/kit/agents/user-profiler.md +175 -175
package/kit/agents/validador-evolucao-schema.md +335 -335
package/kit/agents/verifier.md +728 -728
package/kit/commands/adicionar-backlog.md +75 -75
package/kit/commands/adicionar-fase.md +42 -42
package/kit/commands/adicionar-tarefa.md +45 -45
package/kit/commands/adicionar-testes.md +41 -41
package/kit/commands/ajuda.md +21 -21
package/kit/commands/atualizar.md +37 -37
package/kit/commands/auditar-cascading.md +111 -111
package/kit/commands/auditar-marco.md +179 -179
package/kit/commands/auditar-observabilidade-cobertura.md +183 -183
package/kit/commands/auditar-refactor.md +219 -219
package/kit/commands/auditar-release.md +109 -109
package/kit/commands/auditar-uat.md +23 -23
package/kit/commands/autonomo.md +40 -40
package/kit/commands/branch-pr.md +24 -24
package/kit/commands/burn-rate-status.md +408 -408
package/kit/commands/capturar-payloads.md +193 -193
package/kit/commands/caracterizar.md +212 -212
package/kit/commands/concluir-marco.md +247 -247
package/kit/commands/configuracoes.md +36 -36
package/kit/commands/dados-distribuidos.md +188 -188
package/kit/commands/definir-perfil.md +10 -10
package/kit/commands/depurar.md +190 -190
package/kit/commands/detectar-duplicacao.md +197 -197
package/kit/commands/discutir-fase.md +131 -131
package/kit/commands/encontrar-seams.md +136 -136
package/kit/commands/entrar-discord.md +17 -17
package/kit/commands/estatisticas.md +18 -18
package/kit/commands/example-greeting.md +33 -33
package/kit/commands/executar-fase.md +58 -58
package/kit/commands/expresso.md +56 -56
package/kit/commands/fase-ui.md +34 -34
package/kit/commands/fazer.md +57 -57
package/kit/commands/fio.md +125 -125
package/kit/commands/fluxos-trabalho.md +64 -64
package/kit/commands/forense.md +176 -176
package/kit/commands/gerenciador.md +38 -38
package/kit/commands/inserir-fase.md +31 -31
package/kit/commands/legacy.md +263 -263
package/kit/commands/limpeza.md +17 -17
package/kit/commands/listar-hipoteses-fase.md +45 -45
package/kit/commands/listar-workspaces.md +18 -18
package/kit/commands/load-shedding.md +117 -117
package/kit/commands/mapear-codebase.md +70 -70
package/kit/commands/multi-tenant.md +163 -163
package/kit/commands/nota.md +33 -33
package/kit/commands/novo-marco.md +43 -43
package/kit/commands/novo-projeto.md +41 -41
package/kit/commands/novo-workspace.md +43 -43
package/kit/commands/pausar-trabalho.md +37 -37
package/kit/commands/perfil-usuario.md +45 -45
package/kit/commands/pesquisar-fase.md +195 -195
package/kit/commands/planejar-fase.md +67 -67
package/kit/commands/planejar-lacunas.md +33 -33
package/kit/commands/plantar-ideia.md +25 -25
package/kit/commands/progresso.md +24 -24
package/kit/commands/proximo.md +30 -30
package/kit/commands/publicar.md +490 -490
package/kit/commands/rapido.md +35 -35
package/kit/commands/reaplicar-patches.md +124 -124
package/kit/commands/refactor-seguro.md +321 -321
package/kit/commands/relatorio-sessao.md +19 -19
package/kit/commands/remover-fase.md +31 -31
package/kit/commands/remover-workspace.md +26 -26
package/kit/commands/resumo-marco.md +50 -50
package/kit/commands/retomar-trabalho.md +40 -40
package/kit/commands/revisar-backlog.md +60 -60
package/kit/commands/revisar-ui.md +32 -32
package/kit/commands/revisar.md +37 -37
package/kit/commands/saude.md +21 -21
package/kit/commands/setup-notion.md +93 -93
package/kit/commands/storytelling.md +179 -179
package/kit/commands/supabase.md +30 -7
package/kit/commands/sync-main.md +68 -68
package/kit/commands/validar-fase.md +35 -35
package/kit/commands/verificar-tarefas.md +44 -44
package/kit/commands/verificar-trabalho.md +64 -64
package/kit/file-manifest.json +14 -8
package/kit/framework/bin/lib/commands.cjs +959 -959
package/kit/framework/bin/lib/config.cjs +442 -442
package/kit/framework/bin/lib/core.cjs +1230 -1230
package/kit/framework/bin/lib/frontmatter.cjs +336 -336
package/kit/framework/bin/lib/init.cjs +1442 -1442
package/kit/framework/bin/lib/milestone.cjs +252 -252
package/kit/framework/bin/lib/model-profiles.cjs +68 -68
package/kit/framework/bin/lib/phase.cjs +888 -888
package/kit/framework/bin/lib/profile-output.cjs +952 -952
package/kit/framework/bin/lib/profile-pipeline.cjs +539 -539
package/kit/framework/bin/lib/roadmap.cjs +329 -329
package/kit/framework/bin/lib/security.cjs +382 -382
package/kit/framework/bin/lib/state.cjs +1031 -1031
package/kit/framework/bin/lib/template.cjs +222 -222
package/kit/framework/bin/lib/uat.cjs +282 -282
package/kit/framework/bin/lib/verify.cjs +888 -888
package/kit/framework/bin/lib/workstream.cjs +491 -491
package/kit/framework/bin/tools.cjs +918 -918
package/kit/framework/commands/workstreams.md +63 -63
package/kit/framework/references/checkpoints.md +778 -778
package/kit/framework/references/continuation-format.md +249 -249
package/kit/framework/references/decimal-phase-calculation.md +64 -64
package/kit/framework/references/git-integration.md +295 -295
package/kit/framework/references/git-planning-commit.md +38 -38
package/kit/framework/references/model-profile-resolution.md +36 -36
package/kit/framework/references/model-profiles.md +139 -139
package/kit/framework/references/phase-argument-parsing.md +61 -61
package/kit/framework/references/planning-config.md +202 -202
package/kit/framework/references/questioning.md +162 -162
package/kit/framework/references/tdd.md +263 -263
package/kit/framework/references/ui-brand.md +160 -160
package/kit/framework/references/user-profiling.md +657 -657
package/kit/framework/references/verification-patterns.md +612 -612
package/kit/framework/references/workstream-flag.md +58 -58
package/kit/framework/templates/DEBUG.md +164 -164
package/kit/framework/templates/UAT.md +265 -265
package/kit/framework/templates/UI-SPEC.md +100 -100
package/kit/framework/templates/VALIDATION.md +76 -76
package/kit/framework/templates/claude-md.md +122 -122
package/kit/framework/templates/codebase/architecture.md +185 -185
package/kit/framework/templates/codebase/concerns.md +205 -205
package/kit/framework/templates/codebase/conventions.md +204 -204
package/kit/framework/templates/codebase/integrations.md +192 -192
package/kit/framework/templates/codebase/stack.md +158 -158
package/kit/framework/templates/codebase/structure.md +199 -199
package/kit/framework/templates/codebase/testing.md +301 -301
package/kit/framework/templates/config.json +44 -44
package/kit/framework/templates/context.md +352 -352
package/kit/framework/templates/continue-here.md +78 -78
package/kit/framework/templates/copilot-instructions.md +7 -7
package/kit/framework/templates/debug-subagent-prompt.md +91 -91
package/kit/framework/templates/dev-preferences.md +20 -20
package/kit/framework/templates/discovery.md +146 -146
package/kit/framework/templates/discussion-log.md +63 -63
package/kit/framework/templates/milestone-archive.md +123 -123
package/kit/framework/templates/milestone.md +115 -115
package/kit/framework/templates/phase-prompt.md +610 -610
package/kit/framework/templates/planner-subagent-prompt.md +117 -117
package/kit/framework/templates/project.md +186 -186
package/kit/framework/templates/requirements.md +231 -231
package/kit/framework/templates/research-project/ARCHITECTURE.md +204 -204
package/kit/framework/templates/research-project/FEATURES.md +147 -147
package/kit/framework/templates/research-project/PITFALLS.md +200 -200
package/kit/framework/templates/research-project/STACK.md +120 -120
package/kit/framework/templates/research-project/SUMMARY.md +170 -170
package/kit/framework/templates/research.md +419 -419
package/kit/framework/templates/retrospective.md +54 -54
package/kit/framework/templates/roadmap.md +202 -202
package/kit/framework/templates/state.md +176 -176
package/kit/framework/templates/summary-complex.md +59 -59
package/kit/framework/templates/summary-minimal.md +41 -41
package/kit/framework/templates/summary-standard.md +48 -48
package/kit/framework/templates/summary.md +209 -209
package/kit/framework/templates/user-profile.md +146 -146
package/kit/framework/templates/user-setup.md +256 -256
package/kit/framework/templates/verification-report.md +258 -258
package/kit/framework/workflows/add-phase.md +112 -112
package/kit/framework/workflows/add-tests.md +351 -351
package/kit/framework/workflows/add-todo.md +158 -158
package/kit/framework/workflows/audit-milestone.md +340 -340
package/kit/framework/workflows/audit-uat.md +109 -109
package/kit/framework/workflows/autonomous.md +891 -891
package/kit/framework/workflows/check-todos.md +177 -177
package/kit/framework/workflows/cleanup.md +152 -152
package/kit/framework/workflows/complete-milestone.md +696 -696
package/kit/framework/workflows/diagnose-issues.md +231 -231
package/kit/framework/workflows/discovery-phase.md +289 -289
package/kit/framework/workflows/discuss-phase-assumptions.md +653 -653
package/kit/framework/workflows/discuss-phase.md +784 -784
package/kit/framework/workflows/do.md +104 -104
package/kit/framework/workflows/execute-phase.md +838 -838
package/kit/framework/workflows/execute-plan.md +510 -510
package/kit/framework/workflows/fast.md +102 -102
package/kit/framework/workflows/forensics.md +265 -265
package/kit/framework/workflows/health.md +181 -181
package/kit/framework/workflows/help.md +619 -619
package/kit/framework/workflows/insert-phase.md +130 -130
package/kit/framework/workflows/list-phase-assumptions.md +178 -178
package/kit/framework/workflows/list-workspaces.md +56 -56
package/kit/framework/workflows/manager.md +362 -362
package/kit/framework/workflows/map-codebase.md +377 -377
package/kit/framework/workflows/milestone-summary.md +223 -223
package/kit/framework/workflows/new-milestone.md +486 -486
package/kit/framework/workflows/new-project.md +1159 -1159
package/kit/framework/workflows/new-workspace.md +237 -237
package/kit/framework/workflows/next.md +97 -97
package/kit/framework/workflows/node-repair.md +92 -92
package/kit/framework/workflows/note.md +156 -156
package/kit/framework/workflows/pause-work.md +176 -176
package/kit/framework/workflows/plan-milestone-gaps.md +273 -273
package/kit/framework/workflows/plan-phase.md +765 -765
package/kit/framework/workflows/plant-seed.md +169 -169
package/kit/framework/workflows/pr-branch.md +129 -129
package/kit/framework/workflows/profile-user.md +450 -450
package/kit/framework/workflows/progress.md +507 -507
package/kit/framework/workflows/quick.md +757 -757
package/kit/framework/workflows/remove-phase.md +155 -155
package/kit/framework/workflows/remove-workspace.md +90 -90
package/kit/framework/workflows/research-phase.md +82 -82
package/kit/framework/workflows/resume-project.md +326 -326
package/kit/framework/workflows/review.md +228 -228
package/kit/framework/workflows/session-report.md +146 -146
package/kit/framework/workflows/settings.md +283 -283
package/kit/framework/workflows/ship.md +228 -228
package/kit/framework/workflows/stats.md +60 -60
package/kit/framework/workflows/transition.md +671 -671
package/kit/framework/workflows/ui-phase.md +302 -302
package/kit/framework/workflows/ui-review.md +165 -165
package/kit/framework/workflows/update.md +323 -323
package/kit/framework/workflows/validate-phase.md +174 -174
package/kit/framework/workflows/verify-phase.md +252 -252
package/kit/framework/workflows/verify-work.md +637 -637
package/kit/hooks/check-update.js +118 -118
package/kit/hooks/context-monitor.js +163 -163
package/kit/hooks/prompt-guard.js +103 -103
package/kit/hooks/statusline.js +125 -125
package/kit/hooks/workflow-guard.js +101 -101
package/kit/settings.json +45 -45
package/kit/skills/_shared-supabase/glossary.md +17 -0
package/kit/skills/ai-prompt-characterization/SKILL.md +335 -335
package/kit/skills/armadilhas-sistemas-distribuidos/SKILL.md +447 -447
package/kit/skills/audit-log-multi-tenant/SKILL.md +340 -340
package/kit/skills/b2b-saas-architecture/SKILL.md +300 -300
package/kit/skills/consistencia-leitura-replica/SKILL.md +385 -385
package/kit/skills/crm-lead-pipeline-patterns/SKILL.md +343 -343
package/kit/skills/escolha-modelo-consistencia/SKILL.md +494 -494
package/kit/skills/evolucao-schema-compativel/SKILL.md +448 -448
package/kit/skills/evolution-go-whatsapp-integration/SKILL.md +322 -322
package/kit/skills/example-skill/SKILL.md +42 -42
package/kit/skills/legacy-api-only-applications/SKILL.md +358 -358
package/kit/skills/legacy-characterization-tests/SKILL.md +330 -330
package/kit/skills/legacy-effect-analysis/SKILL.md +331 -331
package/kit/skills/legacy-extract-class/SKILL.md +203 -203
package/kit/skills/legacy-programming-by-difference/SKILL.md +252 -252
package/kit/skills/legacy-seams-and-test-harness/SKILL.md +460 -460
package/kit/skills/legacy-shotgun-surgery/SKILL.md +286 -286
package/kit/skills/legacy-sprout-wrap-techniques/SKILL.md +434 -434
package/kit/skills/legacy-storytelling-naked-crc/SKILL.md +270 -270
package/kit/skills/lgpd-multi-tenant-compliance/SKILL.md +340 -340
package/kit/skills/member-invite-flow/SKILL.md +305 -305
package/kit/skills/member-management-react-shadcn/SKILL.md +328 -328
package/kit/skills/multi-tenant-performance-scaling/SKILL.md +316 -316
package/kit/skills/multi-tenant-rls-hierarchy/SKILL.md +342 -342
package/kit/skills/org-onboarding-flow/SKILL.md +257 -257
package/kit/skills/org-switcher-react-pattern/SKILL.md +349 -349
package/kit/skills/permission-gate-react-pattern/SKILL.md +271 -271
package/kit/skills/postgres-isolamento-concorrencia/SKILL.md +552 -552
package/kit/skills/pre-refactor-characterization/SKILL.md +421 -421
package/kit/skills/rbac-permissions-matrix-supabase/SKILL.md +338 -338
package/kit/skills/streams-eventos-cdc/SKILL.md +711 -711
package/kit/skills/supabase-branching-workflow/SKILL.md +544 -544
package/kit/skills/supabase-ci-cd-github-actions/SKILL.md +880 -880
package/kit/skills/supabase-column-level-security/SKILL.md +426 -426
package/kit/skills/supabase-config-toml-remotes/SKILL.md +807 -807
package/kit/skills/supabase-custom-claims-rbac/SKILL.md +472 -472
package/kit/skills/supabase-edge-functions/SKILL.md +229 -141
package/kit/skills/supabase-edge-functions-auth/SKILL.md +309 -0
package/kit/skills/supabase-edge-functions-limits/SKILL.md +302 -0
package/kit/skills/supabase-edge-functions-mcp-server/SKILL.md +279 -0
package/kit/skills/supabase-edge-functions-testing/SKILL.md +277 -0
package/kit/skills/supabase-edge-runtime-builtins/SKILL.md +357 -0
package/kit/skills/supabase-migration-repair/SKILL.md +823 -823
package/kit/skills/supabase-migrations/SKILL.md +297 -297
package/kit/skills/supabase-pgtap-testing/SKILL.md +1053 -1053
package/kit/skills/supabase-postgres-roles/SKILL.md +392 -392
package/kit/skills/supabase-realtime/SKILL.md +460 -236
package/kit/skills/supabase-rls-defense-in-depth/SKILL.md +418 -418
package/kit/skills/supabase-rls-policies/SKILL.md +635 -635
package/kit/skills/super-admin-platform-pattern/SKILL.md +326 -326
package/kit/skills/tenant-quente-mitigacao/SKILL.md +605 -605
package/kit/skills/whatsapp-conversation-state-machine/SKILL.md +287 -287
package/package.json +1 -1
package/src/cli/index.js +33 -0
package/src/core/kit.js +216 -216
package/src/core/reflect.js +247 -247
package/src/core/reverse-sync.js +372 -372
package/src/core/sync.js +418 -418
package/src/core/watch.js +121 -121
package/src/mcp-server/index.js +693 -490
package/src/mcp-server/roots.js +124 -0

package/kit/skills/org-onboarding-flow/SKILL.md CHANGED Viewed

@@ -1,257 +1,257 @@
----
-name: org-onboarding-flow
-description: Use ao implementar fluxo signup → criar org → primeiro admin → setup wizard em B2B SaaS Supabase. Atomicidade na criação (org + first member em 1 trx). Slug imutável + redirect trail.
----
-# Org Onboarding Flow — B2B SaaS Multi-Tenant
-## Quando usar
-LLM carrega esta skill ao implementar onboarding de novo tenant em B2B SaaS Supabase. Trigger phrases:
-- "org onboarding", "criar organização", "primeiro admin"
-- "setup wizard", "tenant signup", "first user becomes admin"
-- "create org transaction", "organization creation atomic"
-- "owner role assignment", "org slug strategy"
-Esta skill é consumida pelo agent `org-onboarding-implementer` (Phase 107) que materializa migration + Edge Function.
-## Regras absolutas
-**REGRA #1 (atomicidade):** Criação de `organizations` row + insert em `organization_members` (com role 'owner') **DEVEM** estar na **mesma transação SQL**. Janela entre criar org e adicionar membership = race condition (request paralelo pode ver org sem owner = inconsistente).
-**REGRA #2 (primeiro admin = creator):** Usuário que criou a org ganha `role = 'owner'` automaticamente. Sem invite, sem aprovação. Se org tem `owner_id` field, ele = `auth.uid()`.
-**REGRA #3 (slug imutável após criação):** Mutação requer `organization_slug_history` entry + redirect 301 (ver skill [`b2b-saas-architecture`](../b2b-saas-architecture/SKILL.md) REGRA #3).
-**REGRA #4 (setup wizard async):** Setup wizard (logo, branding, member invites iniciais) **NÃO bloqueia** signup. User pode usar org imediatamente após criação. Wizard é "complete in background" pattern.
-**REGRA #5 (slug uniqueness):** Constraint UNIQUE em `organizations.slug` + check `slug ~ '^[a-z0-9-]+$'` + length 2-60. Reservar slugs sistêmicos (`api`, `admin`, `app`, `www`, `dashboard`, `support`, `help`).
-## Patterns canônicos
-### SQL — criação atômica (RPC function)
-```sql
--- RPC chamada pelo frontend após signup
-create or replace function public.create_organization(
-  p_name text,
-  p_slug text
-)
-returns uuid
-language plpgsql
-security invoker  -- usa permissions do user autenticado
-set search_path = ''
-as $$
-declare
-  new_org_id uuid;
-  owner_role_id uuid;
-begin
-  -- 1. validar slug não está reservado
-  if p_slug = any (array['api', 'admin', 'app', 'www', 'dashboard', 'support', 'help', 'docs', 'blog', 'auth']) then
-    raise exception 'slug % is reserved', p_slug;
-  end if;
-  -- 2. criar organization
-  insert into public.organizations (name, slug, owner_id, plan, status)
-  values (p_name, p_slug, (select auth.uid()), 'free', 'active')
-  returning id into new_org_id;
-  -- 3. criar role 'owner' built-in para esta org
-  insert into public.roles (org_id, name, description, is_built_in)
-  values (new_org_id, 'owner', 'Owner — full control of organization', true)
-  returning id into owner_role_id;
-  -- 4. criar role 'admin' built-in
-  insert into public.roles (org_id, name, description, is_built_in)
-  values (new_org_id, 'admin', 'Admin — manage members and settings', true);
-  -- 5. criar role 'member' built-in
-  insert into public.roles (org_id, name, description, is_built_in)
-  values (new_org_id, 'member', 'Member — standard access', true);
-  -- 6. criar membership do creator como owner
-  insert into public.organization_members (org_id, user_id, role_id, status)
-  values (new_org_id, (select auth.uid()), owner_role_id, 'active');
-  return new_org_id;
-end;
-$$;
--- Permitir que authenticated chame esta RPC
-grant execute on function public.create_organization(text, text) to authenticated;
-```
-**Uso no client (TypeScript + @supabase/ssr):**
-```typescript
-const { data: orgId, error } = await supabase
-  .rpc('create_organization', { p_name: 'Acme Corp', p_slug: 'acme' })
-if (error) throw error
-// Redirect para /orgs/acme/dashboard
-```
-### Edge Function — setup wizard async
-```typescript
-// supabase/functions/org-setup-wizard/index.ts
-// PT-BR: Edge Function para inicializar dados default da org após criação
-// (categorias, templates, sample data, etc.) — NÃO bloqueia signup
-import { createClient } from 'jsr:@supabase/supabase-js@2'
-Deno.serve(async (req) => {
-  const auth = req.headers.get('Authorization')
-  if (!auth) return new Response('unauthorized', { status: 401 })
-  const supabase = createClient(
-    Deno.env.get('SUPABASE_URL')!,
-    Deno.env.get('SUPABASE_ANON_KEY')!,  // anon — preserva RLS
-    { global: { headers: { Authorization: auth } } }
-  )
-  const { org_id } = await req.json()
-  // Validar que user é owner da org via RLS
-  const { data: membership } = await supabase
-    .from('organization_members')
-    .select('id, roles(name)')
-    .eq('org_id', org_id)
-    .eq('user_id', (await supabase.auth.getUser()).data.user!.id)
-    .single()
-  if (!membership || (membership.roles as any).name !== 'owner') {
-    return new Response('only owner can run setup wizard', { status: 403 })
-  }
-  // Inicializar dados default (categorias, etc.)
-  await supabase.from('default_categories').insert([...])
-  return new Response(JSON.stringify({ ok: true }), {
-    headers: { 'Content-Type': 'application/json' }
-  })
-})
-```
-### State machine — signup → org → admin → ready
-```
-signup_completed
-    ↓
-RPC create_organization (atomic)
-    ↓
-org_created + first_admin_created  (mesma transação)
-    ↓
-[redirect /orgs/<slug>/dashboard]    ← user já pode usar
-    ↓
-[background: setup_wizard Edge Function]
-    ↓
-wizard_completed
-```
-User vê o dashboard imediatamente. Wizard roda em background fire-and-forget (`EdgeRuntime.waitUntil` ou client-side promise sem await).
-### Slug history — suporte a redirect 301
-```sql
--- Trigger registra mudança de slug (ver b2b-saas-architecture)
--- App side (Next.js middleware):
-import { NextRequest, NextResponse } from 'next/server'
-import { createClient } from '@/lib/supabase/server'
-export async function middleware(req: NextRequest) {
-  const slug = req.nextUrl.pathname.split('/')[2] // /orgs/[slug]/...
-  if (!slug) return NextResponse.next()
-  const supabase = await createClient()
-  const { data: org } = await supabase
-    .from('organizations')
-    .select('slug')
-    .eq('slug', slug)
-    .maybeSingle()
-  if (org) return NextResponse.next() // slug atual existe
-  // Procurar em slug_history (slug antigo)
-  const { data: oldSlug } = await supabase
-    .from('organization_slug_history')
-    .select('new_slug')
-    .eq('old_slug', slug)
-    .order('changed_at', { ascending: false })
-    .maybeSingle()
-  if (oldSlug) {
-    const newPath = req.nextUrl.pathname.replace(`/orgs/${slug}/`, `/orgs/${oldSlug.new_slug}/`)
-    return NextResponse.redirect(new URL(newPath, req.url), 301)
-  }
-  return NextResponse.next() // 404 será servido pela page
-}
-export const config = {
-  matcher: '/orgs/:slug/:path*'
-}
-```
-## Anti-patterns
-### Anti-pattern 1: Criar org sem owner (race window)
-**Errado:**
-```typescript
-// 2 requests separados — janela de race
-const { data: org } = await supabase.from('organizations').insert({ ... }).select().single()
-await supabase.from('organization_members').insert({ org_id: org.id, user_id: ..., role_id: ... })
-```
-**Por quê:** entre os 2 requests, query paralela pode ler org sem owner (`select * from organizations` retorna a row, mas `organization_members` ainda não tem). Trigger ou outra Edge Function pode disparar e ver inconsistência.
-**Certo:** RPC `create_organization` faz ambos em transação SQL única.
-### Anti-pattern 2: Setup wizard bloqueia signup
-**Errado:**
-```typescript
-// User espera 30s+ para wizard completar antes de ver dashboard
-const { data: org } = await supabase.rpc('create_organization', { ... })
-await supabase.functions.invoke('org-setup-wizard', { body: { org_id: org.id } }) // BLOCKING!
-router.push(`/orgs/${slug}/dashboard`)
-```
-**Por quê:** UX terrível — first impression é "app é lento". Conversion cai (study Stripe: cada 1s atraso = 7% drop em signup completion).
-**Certo:** dashboard renderiza imediatamente; wizard roda em background com indicador subtle ("preparando seu workspace..." que some quando termina).
-### Anti-pattern 3: Slug pode mudar sem trail
-**Errado:**
-```sql
-update organizations set slug = 'new-acme' where id = '...';
--- Sem entry em organization_slug_history
-```
-**Por quê:** ver Anti-pattern 2 em [`b2b-saas-architecture`](../b2b-saas-architecture/SKILL.md). Bookmarks/webhooks/OAuth callbacks quebram silenciosamente.
-**Certo:** trigger `track_org_slug_change` automático + middleware redirect 301.
-### Anti-pattern 4: Slugs sistêmicos não-reservados
-**Errado:**
-```sql
--- User cria org com slug = 'admin' → URL /orgs/admin/dashboard conflita com /admin/* da plataforma
-```
-**Por quê:** roteamento ambíguo, conflito com Vercel preview deployments (`*-vercel.app`), conflito com cookies/CORS.
-**Certo:** allowlist em RPC `create_organization` ou check constraint na coluna `slug`.
-## Ver também
-- [b2b-saas-architecture](../b2b-saas-architecture/SKILL.md) — schema canônico de `organizations`, `organization_members`, `organization_slug_history`
-- [member-invite-flow](../member-invite-flow/SKILL.md) — Phase 110, fluxo de invite após onboarding
-- [super-admin-platform-pattern](../super-admin-platform-pattern/SKILL.md) — Phase 111, super-admin pode criar orgs em nome de outros (impersonation)
-- [supabase-migration-writer](../../agents/supabase-migration-writer.md) — agent invocado por `org-onboarding-implementer` para escrever migration
-- [supabase-edge-fn-writer](../../agents/supabase-edge-fn-writer.md) — agent invocado para escrever Edge Function setup wizard
-- [supabase-auth-ssr](../supabase-auth-ssr/SKILL.md) — middleware Next.js v16 que faz redirect 301 do slug history
-- [_shared-multi-tenant/glossary.md](../_shared-multi-tenant/glossary.md) — termos `tenant`, `org_id`, `first admin`, `bulk invite`
+---
+name: org-onboarding-flow
+description: Use ao implementar fluxo signup → criar org → primeiro admin → setup wizard em B2B SaaS Supabase. Atomicidade na criação (org + first member em 1 trx). Slug imutável + redirect trail.
+---
+# Org Onboarding Flow — B2B SaaS Multi-Tenant
+## Quando usar
+LLM carrega esta skill ao implementar onboarding de novo tenant em B2B SaaS Supabase. Trigger phrases:
+- "org onboarding", "criar organização", "primeiro admin"
+- "setup wizard", "tenant signup", "first user becomes admin"
+- "create org transaction", "organization creation atomic"
+- "owner role assignment", "org slug strategy"
+Esta skill é consumida pelo agent `org-onboarding-implementer` (Phase 107) que materializa migration + Edge Function.
+## Regras absolutas
+**REGRA #1 (atomicidade):** Criação de `organizations` row + insert em `organization_members` (com role 'owner') **DEVEM** estar na **mesma transação SQL**. Janela entre criar org e adicionar membership = race condition (request paralelo pode ver org sem owner = inconsistente).
+**REGRA #2 (primeiro admin = creator):** Usuário que criou a org ganha `role = 'owner'` automaticamente. Sem invite, sem aprovação. Se org tem `owner_id` field, ele = `auth.uid()`.
+**REGRA #3 (slug imutável após criação):** Mutação requer `organization_slug_history` entry + redirect 301 (ver skill [`b2b-saas-architecture`](../b2b-saas-architecture/SKILL.md) REGRA #3).
+**REGRA #4 (setup wizard async):** Setup wizard (logo, branding, member invites iniciais) **NÃO bloqueia** signup. User pode usar org imediatamente após criação. Wizard é "complete in background" pattern.
+**REGRA #5 (slug uniqueness):** Constraint UNIQUE em `organizations.slug` + check `slug ~ '^[a-z0-9-]+$'` + length 2-60. Reservar slugs sistêmicos (`api`, `admin`, `app`, `www`, `dashboard`, `support`, `help`).
+## Patterns canônicos
+### SQL — criação atômica (RPC function)
+```sql
+-- RPC chamada pelo frontend após signup
+create or replace function public.create_organization(
+  p_name text,
+  p_slug text
+)
+returns uuid
+language plpgsql
+security invoker  -- usa permissions do user autenticado
+set search_path = ''
+as $$
+declare
+  new_org_id uuid;
+  owner_role_id uuid;
+begin
+  -- 1. validar slug não está reservado
+  if p_slug = any (array['api', 'admin', 'app', 'www', 'dashboard', 'support', 'help', 'docs', 'blog', 'auth']) then
+    raise exception 'slug % is reserved', p_slug;
+  end if;
+  -- 2. criar organization
+  insert into public.organizations (name, slug, owner_id, plan, status)
+  values (p_name, p_slug, (select auth.uid()), 'free', 'active')
+  returning id into new_org_id;
+  -- 3. criar role 'owner' built-in para esta org
+  insert into public.roles (org_id, name, description, is_built_in)
+  values (new_org_id, 'owner', 'Owner — full control of organization', true)
+  returning id into owner_role_id;
+  -- 4. criar role 'admin' built-in
+  insert into public.roles (org_id, name, description, is_built_in)
+  values (new_org_id, 'admin', 'Admin — manage members and settings', true);
+  -- 5. criar role 'member' built-in
+  insert into public.roles (org_id, name, description, is_built_in)
+  values (new_org_id, 'member', 'Member — standard access', true);
+  -- 6. criar membership do creator como owner
+  insert into public.organization_members (org_id, user_id, role_id, status)
+  values (new_org_id, (select auth.uid()), owner_role_id, 'active');
+  return new_org_id;
+end;
+$$;
+-- Permitir que authenticated chame esta RPC
+grant execute on function public.create_organization(text, text) to authenticated;
+```
+**Uso no client (TypeScript + @supabase/ssr):**
+```typescript
+const { data: orgId, error } = await supabase
+  .rpc('create_organization', { p_name: 'Acme Corp', p_slug: 'acme' })
+if (error) throw error
+// Redirect para /orgs/acme/dashboard
+```
+### Edge Function — setup wizard async
+```typescript
+// supabase/functions/org-setup-wizard/index.ts
+// PT-BR: Edge Function para inicializar dados default da org após criação
+// (categorias, templates, sample data, etc.) — NÃO bloqueia signup
+import { createClient } from 'jsr:@supabase/supabase-js@2'
+Deno.serve(async (req) => {
+  const auth = req.headers.get('Authorization')
+  if (!auth) return new Response('unauthorized', { status: 401 })
+  const supabase = createClient(
+    Deno.env.get('SUPABASE_URL')!,
+    Deno.env.get('SUPABASE_ANON_KEY')!,  // anon — preserva RLS
+    { global: { headers: { Authorization: auth } } }
+  )
+  const { org_id } = await req.json()
+  // Validar que user é owner da org via RLS
+  const { data: membership } = await supabase
+    .from('organization_members')
+    .select('id, roles(name)')
+    .eq('org_id', org_id)
+    .eq('user_id', (await supabase.auth.getUser()).data.user!.id)
+    .single()
+  if (!membership || (membership.roles as any).name !== 'owner') {
+    return new Response('only owner can run setup wizard', { status: 403 })
+  }
+  // Inicializar dados default (categorias, etc.)
+  await supabase.from('default_categories').insert([...])
+  return new Response(JSON.stringify({ ok: true }), {
+    headers: { 'Content-Type': 'application/json' }
+  })
+})
+```
+### State machine — signup → org → admin → ready
+```
+signup_completed
+    ↓
+RPC create_organization (atomic)
+    ↓
+org_created + first_admin_created  (mesma transação)
+    ↓
+[redirect /orgs/<slug>/dashboard]    ← user já pode usar
+    ↓
+[background: setup_wizard Edge Function]
+    ↓
+wizard_completed
+```
+User vê o dashboard imediatamente. Wizard roda em background fire-and-forget (`EdgeRuntime.waitUntil` ou client-side promise sem await).
+### Slug history — suporte a redirect 301
+```sql
+-- Trigger registra mudança de slug (ver b2b-saas-architecture)
+-- App side (Next.js middleware):
+import { NextRequest, NextResponse } from 'next/server'
+import { createClient } from '@/lib/supabase/server'
+export async function middleware(req: NextRequest) {
+  const slug = req.nextUrl.pathname.split('/')[2] // /orgs/[slug]/...
+  if (!slug) return NextResponse.next()
+  const supabase = await createClient()
+  const { data: org } = await supabase
+    .from('organizations')
+    .select('slug')
+    .eq('slug', slug)
+    .maybeSingle()
+  if (org) return NextResponse.next() // slug atual existe
+  // Procurar em slug_history (slug antigo)
+  const { data: oldSlug } = await supabase
+    .from('organization_slug_history')
+    .select('new_slug')
+    .eq('old_slug', slug)
+    .order('changed_at', { ascending: false })
+    .maybeSingle()
+  if (oldSlug) {
+    const newPath = req.nextUrl.pathname.replace(`/orgs/${slug}/`, `/orgs/${oldSlug.new_slug}/`)
+    return NextResponse.redirect(new URL(newPath, req.url), 301)
+  }
+  return NextResponse.next() // 404 será servido pela page
+}
+export const config = {
+  matcher: '/orgs/:slug/:path*'
+}
+```
+## Anti-patterns
+### Anti-pattern 1: Criar org sem owner (race window)
+**Errado:**
+```typescript
+// 2 requests separados — janela de race
+const { data: org } = await supabase.from('organizations').insert({ ... }).select().single()
+await supabase.from('organization_members').insert({ org_id: org.id, user_id: ..., role_id: ... })
+```
+**Por quê:** entre os 2 requests, query paralela pode ler org sem owner (`select * from organizations` retorna a row, mas `organization_members` ainda não tem). Trigger ou outra Edge Function pode disparar e ver inconsistência.
+**Certo:** RPC `create_organization` faz ambos em transação SQL única.
+### Anti-pattern 2: Setup wizard bloqueia signup
+**Errado:**
+```typescript
+// User espera 30s+ para wizard completar antes de ver dashboard
+const { data: org } = await supabase.rpc('create_organization', { ... })
+await supabase.functions.invoke('org-setup-wizard', { body: { org_id: org.id } }) // BLOCKING!
+router.push(`/orgs/${slug}/dashboard`)
+```
+**Por quê:** UX terrível — first impression é "app é lento". Conversion cai (study Stripe: cada 1s atraso = 7% drop em signup completion).
+**Certo:** dashboard renderiza imediatamente; wizard roda em background com indicador subtle ("preparando seu workspace..." que some quando termina).
+### Anti-pattern 3: Slug pode mudar sem trail
+**Errado:**
+```sql
+update organizations set slug = 'new-acme' where id = '...';
+-- Sem entry em organization_slug_history
+```
+**Por quê:** ver Anti-pattern 2 em [`b2b-saas-architecture`](../b2b-saas-architecture/SKILL.md). Bookmarks/webhooks/OAuth callbacks quebram silenciosamente.
+**Certo:** trigger `track_org_slug_change` automático + middleware redirect 301.
+### Anti-pattern 4: Slugs sistêmicos não-reservados
+**Errado:**
+```sql
+-- User cria org com slug = 'admin' → URL /orgs/admin/dashboard conflita com /admin/* da plataforma
+```
+**Por quê:** roteamento ambíguo, conflito com Vercel preview deployments (`*-vercel.app`), conflito com cookies/CORS.
+**Certo:** allowlist em RPC `create_organization` ou check constraint na coluna `slug`.
+## Ver também
+- [b2b-saas-architecture](../b2b-saas-architecture/SKILL.md) — schema canônico de `organizations`, `organization_members`, `organization_slug_history`
+- [member-invite-flow](../member-invite-flow/SKILL.md) — Phase 110, fluxo de invite após onboarding
+- [super-admin-platform-pattern](../super-admin-platform-pattern/SKILL.md) — Phase 111, super-admin pode criar orgs em nome de outros (impersonation)
+- [supabase-migration-writer](../../agents/supabase-migration-writer.md) — agent invocado por `org-onboarding-implementer` para escrever migration
+- [supabase-edge-fn-writer](../../agents/supabase-edge-fn-writer.md) — agent invocado para escrever Edge Function setup wizard
+- [supabase-auth-ssr](../supabase-auth-ssr/SKILL.md) — middleware Next.js v16 que faz redirect 301 do slug history
+- [_shared-multi-tenant/glossary.md](../_shared-multi-tenant/glossary.md) — termos `tenant`, `org_id`, `first admin`, `bulk invite`