npm - @luanpdd/kit-mcp - Versions diffs - 1.29.0 → 1.30.1 - Mend

@luanpdd/kit-mcp 1.29.0 → 1.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (331) hide show

package/LICENSE +21 -21
package/README.md +168 -168
package/gates/agent-no-recursive-dispatch.md +82 -82
package/kit/COMANDOS.md +138 -138
package/kit/README.md +76 -76
package/kit/agents/advisor-researcher.md +106 -106
package/kit/agents/assumptions-analyzer.md +107 -107
package/kit/agents/audit-log-implementer.md +313 -313
package/kit/agents/auditor-consistencia-isolamento.md +413 -413
package/kit/agents/b2b-saas-architect.md +156 -156
package/kit/agents/cascading-failures-auditor.md +298 -298
package/kit/agents/codebase-mapper.md +768 -768
package/kit/agents/crm-pipeline-implementer.md +256 -256
package/kit/agents/debugger.md +813 -813
package/kit/agents/detector-tenant-quente.md +337 -337
package/kit/agents/evolution-go-integrator.md +200 -200
package/kit/agents/example-reviewer.md +21 -21
package/kit/agents/executor.md +564 -564
package/kit/agents/integration-checker.md +200 -200
package/kit/agents/invite-flow-implementer.md +189 -189
package/kit/agents/legacy-characterizer.md +368 -368
package/kit/agents/lgpd-compliance-auditor.md +295 -295
package/kit/agents/multi-tenant-isolation-auditor.md +253 -253
package/kit/agents/multi-tenant-rls-writer.md +340 -340
package/kit/agents/nyquist-auditor.md +178 -178
package/kit/agents/observability-coverage-auditor.md +315 -315
package/kit/agents/org-onboarding-implementer.md +223 -223
package/kit/agents/payload-capture-instrumenter.md +273 -273
package/kit/agents/phase-researcher.md +696 -696
package/kit/agents/plan-checker.md +272 -272
package/kit/agents/planner.md +922 -922
package/kit/agents/project-researcher.md +652 -652
package/kit/agents/refactor-safety-auditor.md +404 -404
package/kit/agents/research-synthesizer.md +245 -245
package/kit/agents/roadmapper.md +677 -677
package/kit/agents/seam-finder.md +359 -359
package/kit/agents/shotgun-surgery-detector.md +349 -349
package/kit/agents/supabase-branching-architect.md +562 -562
package/kit/agents/supabase-cicd-pipeline-implementer.md +777 -777
package/kit/agents/supabase-column-privileges-writer.md +399 -399
package/kit/agents/supabase-edge-fn-tester.md +287 -0
package/kit/agents/supabase-edge-fn-writer.md +239 -210
package/kit/agents/supabase-migration-writer.md +385 -385
package/kit/agents/supabase-rbac-implementer.md +392 -392
package/kit/agents/supabase-realtime-implementer.md +363 -267
package/kit/agents/supabase-rls-hardener.md +521 -521
package/kit/agents/supabase-rls-writer.md +323 -323
package/kit/agents/supabase-roles-implementer.md +355 -355
package/kit/agents/super-admin-implementer.md +281 -281
package/kit/agents/ui-auditor.md +437 -437
package/kit/agents/ui-checker.md +302 -302
package/kit/agents/ui-researcher.md +355 -355
package/kit/agents/user-profiler.md +175 -175
package/kit/agents/validador-evolucao-schema.md +335 -335
package/kit/agents/verifier.md +728 -728
package/kit/commands/adicionar-backlog.md +75 -75
package/kit/commands/adicionar-fase.md +42 -42
package/kit/commands/adicionar-tarefa.md +45 -45
package/kit/commands/adicionar-testes.md +41 -41
package/kit/commands/ajuda.md +21 -21
package/kit/commands/atualizar.md +37 -37
package/kit/commands/auditar-cascading.md +111 -111
package/kit/commands/auditar-marco.md +179 -179
package/kit/commands/auditar-observabilidade-cobertura.md +183 -183
package/kit/commands/auditar-refactor.md +219 -219
package/kit/commands/auditar-release.md +109 -109
package/kit/commands/auditar-uat.md +23 -23
package/kit/commands/autonomo.md +40 -40
package/kit/commands/branch-pr.md +24 -24
package/kit/commands/burn-rate-status.md +408 -408
package/kit/commands/capturar-payloads.md +193 -193
package/kit/commands/caracterizar.md +212 -212
package/kit/commands/concluir-marco.md +247 -247
package/kit/commands/configuracoes.md +36 -36
package/kit/commands/dados-distribuidos.md +188 -188
package/kit/commands/definir-perfil.md +10 -10
package/kit/commands/depurar.md +190 -190
package/kit/commands/detectar-duplicacao.md +197 -197
package/kit/commands/discutir-fase.md +131 -131
package/kit/commands/encontrar-seams.md +136 -136
package/kit/commands/entrar-discord.md +17 -17
package/kit/commands/estatisticas.md +18 -18
package/kit/commands/example-greeting.md +33 -33
package/kit/commands/executar-fase.md +58 -58
package/kit/commands/expresso.md +56 -56
package/kit/commands/fase-ui.md +34 -34
package/kit/commands/fazer.md +57 -57
package/kit/commands/fio.md +125 -125
package/kit/commands/fluxos-trabalho.md +64 -64
package/kit/commands/forense.md +176 -176
package/kit/commands/gerenciador.md +38 -38
package/kit/commands/inserir-fase.md +31 -31
package/kit/commands/legacy.md +263 -263
package/kit/commands/limpeza.md +17 -17
package/kit/commands/listar-hipoteses-fase.md +45 -45
package/kit/commands/listar-workspaces.md +18 -18
package/kit/commands/load-shedding.md +117 -117
package/kit/commands/mapear-codebase.md +70 -70
package/kit/commands/multi-tenant.md +163 -163
package/kit/commands/nota.md +33 -33
package/kit/commands/novo-marco.md +43 -43
package/kit/commands/novo-projeto.md +41 -41
package/kit/commands/novo-workspace.md +43 -43
package/kit/commands/pausar-trabalho.md +37 -37
package/kit/commands/perfil-usuario.md +45 -45
package/kit/commands/pesquisar-fase.md +195 -195
package/kit/commands/planejar-fase.md +67 -67
package/kit/commands/planejar-lacunas.md +33 -33
package/kit/commands/plantar-ideia.md +25 -25
package/kit/commands/progresso.md +24 -24
package/kit/commands/proximo.md +30 -30
package/kit/commands/publicar.md +490 -490
package/kit/commands/rapido.md +35 -35
package/kit/commands/reaplicar-patches.md +124 -124
package/kit/commands/refactor-seguro.md +321 -321
package/kit/commands/relatorio-sessao.md +19 -19
package/kit/commands/remover-fase.md +31 -31
package/kit/commands/remover-workspace.md +26 -26
package/kit/commands/resumo-marco.md +50 -50
package/kit/commands/retomar-trabalho.md +40 -40
package/kit/commands/revisar-backlog.md +60 -60
package/kit/commands/revisar-ui.md +32 -32
package/kit/commands/revisar.md +37 -37
package/kit/commands/saude.md +21 -21
package/kit/commands/setup-notion.md +93 -93
package/kit/commands/storytelling.md +179 -179
package/kit/commands/supabase.md +30 -7
package/kit/commands/sync-main.md +68 -68
package/kit/commands/validar-fase.md +35 -35
package/kit/commands/verificar-tarefas.md +44 -44
package/kit/commands/verificar-trabalho.md +64 -64
package/kit/file-manifest.json +15 -8
package/kit/framework/bin/lib/commands.cjs +959 -959
package/kit/framework/bin/lib/config.cjs +442 -442
package/kit/framework/bin/lib/core.cjs +1230 -1230
package/kit/framework/bin/lib/frontmatter.cjs +336 -336
package/kit/framework/bin/lib/init.cjs +1442 -1442
package/kit/framework/bin/lib/milestone.cjs +252 -252
package/kit/framework/bin/lib/model-profiles.cjs +68 -68
package/kit/framework/bin/lib/phase.cjs +888 -888
package/kit/framework/bin/lib/profile-output.cjs +952 -952
package/kit/framework/bin/lib/profile-pipeline.cjs +539 -539
package/kit/framework/bin/lib/roadmap.cjs +329 -329
package/kit/framework/bin/lib/security.cjs +382 -382
package/kit/framework/bin/lib/state.cjs +1031 -1031
package/kit/framework/bin/lib/template.cjs +222 -222
package/kit/framework/bin/lib/uat.cjs +282 -282
package/kit/framework/bin/lib/verify.cjs +888 -888
package/kit/framework/bin/lib/workstream.cjs +491 -491
package/kit/framework/bin/tools.cjs +918 -918
package/kit/framework/commands/workstreams.md +63 -63
package/kit/framework/references/checkpoints.md +778 -778
package/kit/framework/references/continuation-format.md +249 -249
package/kit/framework/references/decimal-phase-calculation.md +64 -64
package/kit/framework/references/git-integration.md +295 -295
package/kit/framework/references/git-planning-commit.md +38 -38
package/kit/framework/references/model-profile-resolution.md +36 -36
package/kit/framework/references/model-profiles.md +139 -139
package/kit/framework/references/phase-argument-parsing.md +61 -61
package/kit/framework/references/planning-config.md +202 -202
package/kit/framework/references/questioning.md +162 -162
package/kit/framework/references/tdd.md +263 -263
package/kit/framework/references/ui-brand.md +160 -160
package/kit/framework/references/user-profiling.md +657 -657
package/kit/framework/references/verification-patterns.md +612 -612
package/kit/framework/references/workstream-flag.md +58 -58
package/kit/framework/templates/DEBUG.md +164 -164
package/kit/framework/templates/UAT.md +265 -265
package/kit/framework/templates/UI-SPEC.md +100 -100
package/kit/framework/templates/VALIDATION.md +76 -76
package/kit/framework/templates/claude-md.md +122 -122
package/kit/framework/templates/codebase/architecture.md +185 -185
package/kit/framework/templates/codebase/concerns.md +205 -205
package/kit/framework/templates/codebase/conventions.md +204 -204
package/kit/framework/templates/codebase/integrations.md +192 -192
package/kit/framework/templates/codebase/stack.md +158 -158
package/kit/framework/templates/codebase/structure.md +199 -199
package/kit/framework/templates/codebase/testing.md +301 -301
package/kit/framework/templates/config.json +44 -44
package/kit/framework/templates/context.md +352 -352
package/kit/framework/templates/continue-here.md +78 -78
package/kit/framework/templates/copilot-instructions.md +7 -7
package/kit/framework/templates/debug-subagent-prompt.md +91 -91
package/kit/framework/templates/dev-preferences.md +20 -20
package/kit/framework/templates/discovery.md +146 -146
package/kit/framework/templates/discussion-log.md +63 -63
package/kit/framework/templates/milestone-archive.md +123 -123
package/kit/framework/templates/milestone.md +115 -115
package/kit/framework/templates/phase-prompt.md +610 -610
package/kit/framework/templates/planner-subagent-prompt.md +117 -117
package/kit/framework/templates/project.md +186 -186
package/kit/framework/templates/requirements.md +231 -231
package/kit/framework/templates/research-project/ARCHITECTURE.md +204 -204
package/kit/framework/templates/research-project/FEATURES.md +147 -147
package/kit/framework/templates/research-project/PITFALLS.md +200 -200
package/kit/framework/templates/research-project/STACK.md +120 -120
package/kit/framework/templates/research-project/SUMMARY.md +170 -170
package/kit/framework/templates/research.md +419 -419
package/kit/framework/templates/retrospective.md +54 -54
package/kit/framework/templates/roadmap.md +202 -202
package/kit/framework/templates/state.md +176 -176
package/kit/framework/templates/summary-complex.md +59 -59
package/kit/framework/templates/summary-minimal.md +41 -41
package/kit/framework/templates/summary-standard.md +48 -48
package/kit/framework/templates/summary.md +209 -209
package/kit/framework/templates/user-profile.md +146 -146
package/kit/framework/templates/user-setup.md +256 -256
package/kit/framework/templates/verification-report.md +258 -258
package/kit/framework/workflows/add-phase.md +112 -112
package/kit/framework/workflows/add-tests.md +351 -351
package/kit/framework/workflows/add-todo.md +158 -158
package/kit/framework/workflows/audit-milestone.md +340 -340
package/kit/framework/workflows/audit-uat.md +109 -109
package/kit/framework/workflows/autonomous.md +891 -891
package/kit/framework/workflows/check-todos.md +177 -177
package/kit/framework/workflows/cleanup.md +152 -152
package/kit/framework/workflows/complete-milestone.md +696 -696
package/kit/framework/workflows/diagnose-issues.md +231 -231
package/kit/framework/workflows/discovery-phase.md +289 -289
package/kit/framework/workflows/discuss-phase-assumptions.md +653 -653
package/kit/framework/workflows/discuss-phase.md +784 -784
package/kit/framework/workflows/do.md +104 -104
package/kit/framework/workflows/execute-phase.md +838 -838
package/kit/framework/workflows/execute-plan.md +510 -510
package/kit/framework/workflows/fast.md +102 -102
package/kit/framework/workflows/forensics.md +265 -265
package/kit/framework/workflows/health.md +181 -181
package/kit/framework/workflows/help.md +619 -619
package/kit/framework/workflows/insert-phase.md +130 -130
package/kit/framework/workflows/list-phase-assumptions.md +178 -178
package/kit/framework/workflows/list-workspaces.md +56 -56
package/kit/framework/workflows/manager.md +362 -362
package/kit/framework/workflows/map-codebase.md +377 -377
package/kit/framework/workflows/milestone-summary.md +223 -223
package/kit/framework/workflows/new-milestone.md +486 -486
package/kit/framework/workflows/new-project.md +1159 -1159
package/kit/framework/workflows/new-workspace.md +237 -237
package/kit/framework/workflows/next.md +97 -97
package/kit/framework/workflows/node-repair.md +92 -92
package/kit/framework/workflows/note.md +156 -156
package/kit/framework/workflows/pause-work.md +176 -176
package/kit/framework/workflows/plan-milestone-gaps.md +273 -273
package/kit/framework/workflows/plan-phase.md +765 -765
package/kit/framework/workflows/plant-seed.md +169 -169
package/kit/framework/workflows/pr-branch.md +129 -129
package/kit/framework/workflows/profile-user.md +450 -450
package/kit/framework/workflows/progress.md +507 -507
package/kit/framework/workflows/quick.md +757 -757
package/kit/framework/workflows/remove-phase.md +155 -155
package/kit/framework/workflows/remove-workspace.md +90 -90
package/kit/framework/workflows/research-phase.md +82 -82
package/kit/framework/workflows/resume-project.md +326 -326
package/kit/framework/workflows/review.md +228 -228
package/kit/framework/workflows/session-report.md +146 -146
package/kit/framework/workflows/settings.md +283 -283
package/kit/framework/workflows/ship.md +228 -228
package/kit/framework/workflows/stats.md +60 -60
package/kit/framework/workflows/transition.md +671 -671
package/kit/framework/workflows/ui-phase.md +302 -302
package/kit/framework/workflows/ui-review.md +165 -165
package/kit/framework/workflows/update.md +323 -323
package/kit/framework/workflows/validate-phase.md +174 -174
package/kit/framework/workflows/verify-phase.md +252 -252
package/kit/framework/workflows/verify-work.md +637 -637
package/kit/hooks/check-update.js +118 -118
package/kit/hooks/context-monitor.js +163 -163
package/kit/hooks/kit-attribution-reminder.cjs +98 -0
package/kit/hooks/prompt-guard.js +103 -103
package/kit/hooks/statusline.js +125 -125
package/kit/hooks/workflow-guard.js +101 -101
package/kit/settings.json +45 -45
package/kit/skills/_shared-supabase/glossary.md +17 -0
package/kit/skills/ai-prompt-characterization/SKILL.md +335 -335
package/kit/skills/armadilhas-sistemas-distribuidos/SKILL.md +447 -447
package/kit/skills/audit-log-multi-tenant/SKILL.md +340 -340
package/kit/skills/b2b-saas-architecture/SKILL.md +300 -300
package/kit/skills/consistencia-leitura-replica/SKILL.md +385 -385
package/kit/skills/crm-lead-pipeline-patterns/SKILL.md +343 -343
package/kit/skills/escolha-modelo-consistencia/SKILL.md +494 -494
package/kit/skills/evolucao-schema-compativel/SKILL.md +448 -448
package/kit/skills/evolution-go-whatsapp-integration/SKILL.md +322 -322
package/kit/skills/example-skill/SKILL.md +42 -42
package/kit/skills/legacy-api-only-applications/SKILL.md +358 -358
package/kit/skills/legacy-characterization-tests/SKILL.md +330 -330
package/kit/skills/legacy-effect-analysis/SKILL.md +331 -331
package/kit/skills/legacy-extract-class/SKILL.md +203 -203
package/kit/skills/legacy-programming-by-difference/SKILL.md +252 -252
package/kit/skills/legacy-seams-and-test-harness/SKILL.md +460 -460
package/kit/skills/legacy-shotgun-surgery/SKILL.md +286 -286
package/kit/skills/legacy-sprout-wrap-techniques/SKILL.md +434 -434
package/kit/skills/legacy-storytelling-naked-crc/SKILL.md +270 -270
package/kit/skills/lgpd-multi-tenant-compliance/SKILL.md +340 -340
package/kit/skills/member-invite-flow/SKILL.md +305 -305
package/kit/skills/member-management-react-shadcn/SKILL.md +328 -328
package/kit/skills/multi-tenant-performance-scaling/SKILL.md +316 -316
package/kit/skills/multi-tenant-rls-hierarchy/SKILL.md +342 -342
package/kit/skills/org-onboarding-flow/SKILL.md +257 -257
package/kit/skills/org-switcher-react-pattern/SKILL.md +349 -349
package/kit/skills/permission-gate-react-pattern/SKILL.md +271 -271
package/kit/skills/postgres-isolamento-concorrencia/SKILL.md +552 -552
package/kit/skills/pre-refactor-characterization/SKILL.md +421 -421
package/kit/skills/rbac-permissions-matrix-supabase/SKILL.md +338 -338
package/kit/skills/streams-eventos-cdc/SKILL.md +711 -711
package/kit/skills/supabase-branching-workflow/SKILL.md +544 -544
package/kit/skills/supabase-ci-cd-github-actions/SKILL.md +880 -880
package/kit/skills/supabase-column-level-security/SKILL.md +426 -426
package/kit/skills/supabase-config-toml-remotes/SKILL.md +807 -807
package/kit/skills/supabase-custom-claims-rbac/SKILL.md +472 -472
package/kit/skills/supabase-edge-functions/SKILL.md +229 -141
package/kit/skills/supabase-edge-functions-auth/SKILL.md +309 -0
package/kit/skills/supabase-edge-functions-limits/SKILL.md +302 -0
package/kit/skills/supabase-edge-functions-mcp-server/SKILL.md +279 -0
package/kit/skills/supabase-edge-functions-testing/SKILL.md +277 -0
package/kit/skills/supabase-edge-runtime-builtins/SKILL.md +357 -0
package/kit/skills/supabase-migration-repair/SKILL.md +823 -823
package/kit/skills/supabase-migrations/SKILL.md +297 -297
package/kit/skills/supabase-pgtap-testing/SKILL.md +1053 -1053
package/kit/skills/supabase-postgres-roles/SKILL.md +392 -392
package/kit/skills/supabase-realtime/SKILL.md +460 -236
package/kit/skills/supabase-rls-defense-in-depth/SKILL.md +418 -418
package/kit/skills/supabase-rls-policies/SKILL.md +635 -635
package/kit/skills/super-admin-platform-pattern/SKILL.md +326 -326
package/kit/skills/tenant-quente-mitigacao/SKILL.md +605 -605
package/kit/skills/whatsapp-conversation-state-machine/SKILL.md +287 -287
package/package.json +1 -1
package/src/core/kit.js +216 -216
package/src/core/reflect.js +247 -247
package/src/core/reverse-sync.js +372 -372
package/src/core/sync.js +418 -418
package/src/core/watch.js +121 -121
package/src/mcp-server/index.js +715 -693

package/kit/agents/invite-flow-implementer.md CHANGED Viewed

@@ -1,189 +1,189 @@
----
-name: invite-flow-implementer
-description: Materializa invite flow B2B — tabela org_invites + RPC create_invite (token raw retornado) + RPC accept_invite (idempotente via FOR UPDATE) + cron expire pending.
-tools: Read, Write, Edit, Bash, Grep, Glob, Task, AskUserQuestion, mcp__supabase__execute_sql
-color: green
----
-Você é o **invite-flow-implementer**. Materializa fluxo completo de invite — tabela + RPCs + cron expiração + Edge Function de envio email. Lê skill [`member-invite-flow`](../skills/member-invite-flow/SKILL.md). **Delega SQL para `supabase-migration-writer`** e Edge Function para `supabase-edge-fn-writer`.
-**Compat:** Full em Claude Code + Cursor (com Supabase MCP); Partial em Codex + Gemini CLI.
-## Inputs
-- (Opcional) `email_provider`: `supabase` (default — usa Supabase Auth Email API), `resend`, `sendgrid`, `postmark`
-- (Opcional) `ttl_days`: default 7
-- (Opcional) `bulk_limit_per_hour`: default 50
-## Passos
-### Step 0 — Preflight
-- MCP detection
-- Validar Phase 106 (organizations, organization_members, roles existem)
-- Validar Phase 109 (audit_logs + private.audit_log function existem)
-### Step 1 — Email provider via AskUserQuestion (se ausente)
-```
-- Supabase Auth Email (Recomendado para start) — usa supabase.auth.admin.inviteUserByEmail OU email customizado via service role
-- Resend — moderno, simples, 3000 emails/mês free
-- SendGrid — enterprise, alta entregabilidade
-- Postmark — alta entregabilidade, focused em transactional
-```
-### Step 2 — Migration brief para supabase-migration-writer
-```
-[Migration brief — invite-flow-implementer]
-Artefatos:
-1. Tabela public.org_invites (DDL completo da skill member-invite-flow)
-   - 3 indexes + 1 unique partial (pending duplicate prevention)
-   - 3 RLS policies (member view + insert with permission + super_admin bypass)
-2. RPC public.create_invite(p_org_id, p_email, p_role_name) → returns token text
-3. RPC public.accept_invite(p_token) → returns jsonb com status
-4. pg_cron schedule 'expire-pending-invites' diário 01:00 UTC
-Validações no INSERT:
-- Email format check
-- Role exists na org
-- Permission members:invite via RLS
-- Bulk rate limit: <bulk_limit_per_hour> invites/hora por org_id
-```
-Delegar.
-### Step 3 — Edge Function brief para supabase-edge-fn-writer
-```
-[Edge Function brief — invite-flow-implementer]
-Function name: send-invite-email
-verify_jwt: true (caller must be authenticated)
-Path: supabase/functions/send-invite-email/index.ts
-Behavior:
-1. POST com body { invite_id: uuid, token: text, base_url: text }
-2. Buscar invite em org_invites (RLS preserva permission)
-3. Construir URL accept: <base_url>/invites/<token>
-4. Enviar email via <email_provider> com:
-   - Subject: "Convite para <org.name>"
-   - Body: "Você foi convidado a entrar em <org.name>. Clique para aceitar: <url>. O link expira em <ttl_days> dias."
-5. Retornar { sent: true }
-Anti-pitfalls:
-- ANON_KEY com JWT (não service_role)
-- Token recebido via body, NÃO loggar token raw
-- Email provider key via Deno.env (Vault secret)
-```
-Delegar.
-### Step 4 — Output integrado
-```
-═══════════════════════════════════════════════════════════
-INVITE-FLOW-IMPLEMENTER · output integrado
-═══════════════════════════════════════════════════════════
-## 1. Decisões
-- Email provider: <chosen>
-- TTL: <ttl_days> dias
-- Bulk limit: <bulk_limit_per_hour>/hora
-## 2. Migration entregue
-<output supabase-migration-writer>
-## 3. Edge Function entregue
-<output supabase-edge-fn-writer>
-## 4. Frontend integration sketch
-- Code create_invite + send-invite-email
-- Code accept_invite ao clicar no email link
-- Code listing de invites pending para admin UI
-## 5. Próximos passos
-- Configurar email provider key (Vault: supabase secrets set <PROVIDER>_API_KEY=...)
-- Test: criar invite + verificar email recebido + clicar link + accept
-```
-## Anti-patterns prevenidos
-- Token raw em banco → REGRA #1 enforced no migration brief
-- Link sem email-lock → REGRA #3 enforced no accept_invite RPC
-- Race em accept → REGRA #4 (FOR UPDATE) enforced
-- Expire não automatizado → cron schedule incluído
-- Bulk spam → rate limit no migration brief
-## Quando NÃO invocar
-- Phase 106 ou 109 não implementadas → ABORT
-- App single-user (sem invites) → escopo errado
-- Invite via approval workflow (não token) → diferente, fora deste escopo
-## Observabilidade integrada
-- Counter `invite.created.count{org_id, role}`
-- Counter `invite.accepted.count{org_id, role}`
-- Histogram `invite.accept_latency_ms` (tempo entre create e accept)
-- Alarme se `invite.created.count > bulk_limit_per_hour` por org → suspeita de abuso
-## Cooperative handoff to supabase-rls-hardener (v1.23)
-Após gerar CREATE TABLE org_invites + RPC create_invite/accept_invite + cron expire pending, faça handoff cooperativo para SQL bloco:
-```python
-Task(subagent_type="supabase-rls-hardener", prompt=f"""
-<upstream_intent>
-Source agent: invite-flow-implementer
-Original goal: implementar invite flow B2B com token-based para {org_context}
-Constraints: token SHA-256 (raw enviado por email, hash no banco); TTL 7d single-use; state machine 5 estados (pending→accepted|rejected|cancelled|expired); email-lock obrigatório; idempotência via FOR UPDATE em transação
-</upstream_intent>
-<draft_sql>{generated_invites_sql}</draft_sql>
-<user_facing_caller>true</user_facing_caller>
-""")
-```
-Hardener valida token security (hash apenas no DB), RPC com SECURITY DEFINER em schema private, RLS por org_id. **NUNCA descarte intent upstream silenciosamente**.
-## Cooperative handoff column-level (v1.24 — CROSS-15)
-`org_invites.token_raw` é gerado durante create do invite (raw enviado por email, hash armazenado). Após email enviado, **nenhum role além de service_role** deve poder ler o raw — é segredo de uso único. Aplique handoff cooperativo column-level:
-```python
-Task(subagent_type="supabase-column-privileges-writer", prompt=f"""
-<upstream_intent>
-Source agent: invite-flow-implementer
-Original goal: token raw column (org_invites.token_raw) legível APENAS para service_role pós-criação
-Constraints: token_raw é segredo único, enviado por email durante create; hash armazenado para validation em accept; raw NUNCA visível em REST API; member_invited audit event não logga token_raw
-</upstream_intent>
-<table>schema: public, name: org_invites</table>
-<sensitive_columns>
-- token_raw (text — segredo, apenas service_role)
-</sensitive_columns>
-<allowed_roles>
-- service_role: SELECT all (incluindo token_raw — usado durante envio de email)
-- authenticated: SELECT (id, org_id, email, role, status, expires_at, created_at, accepted_at) — sem token_raw
-- anon: SELECT (status) — minimal, para "this invite is still valid?" check pre-login
-</allowed_roles>
-<user_facing_caller>true</user_facing_caller>
-""")
-```
-**Caveat:** mesmo com column-level, considere também armazenar APENAS o hash do token (não o raw) na tabela. token_raw fica em memory durante envio do email e descartado. Isso é defense-in-depth Camada 9 (não armazenar segredos).
-## Ver também
-- [supabase-rls-hardener](./supabase-rls-hardener.md) — canonical handoff target v1.23
-- [supabase-column-privileges-writer](./supabase-column-privileges-writer.md) — canonical handoff target v1.24 (column-level token raw)
-- [member-invite-flow](../skills/member-invite-flow/SKILL.md) — base de conhecimento
-- [supabase-migration-writer](./supabase-migration-writer.md) — invoked via Task() para SQL
-- [supabase-edge-fn-writer](./supabase-edge-fn-writer.md) — invoked via Task() para Edge Function
-- [audit-log-implementer](./audit-log-implementer.md) — Phase 109, audit_logs consumed
-- [_shared-multi-tenant/glossary.md](../skills/_shared-multi-tenant/glossary.md) — termos `bulk invite`, `email-locked invite`
+---
+name: invite-flow-implementer
+description: Materializa invite flow B2B — tabela org_invites + RPC create_invite (token raw retornado) + RPC accept_invite (idempotente via FOR UPDATE) + cron expire pending.
+tools: Read, Write, Edit, Bash, Grep, Glob, Task, AskUserQuestion, mcp__supabase__execute_sql
+color: green
+---
+Você é o **invite-flow-implementer**. Materializa fluxo completo de invite — tabela + RPCs + cron expiração + Edge Function de envio email. Lê skill [`member-invite-flow`](../skills/member-invite-flow/SKILL.md). **Delega SQL para `supabase-migration-writer`** e Edge Function para `supabase-edge-fn-writer`.
+**Compat:** Full em Claude Code + Cursor (com Supabase MCP); Partial em Codex + Gemini CLI.
+## Inputs
+- (Opcional) `email_provider`: `supabase` (default — usa Supabase Auth Email API), `resend`, `sendgrid`, `postmark`
+- (Opcional) `ttl_days`: default 7
+- (Opcional) `bulk_limit_per_hour`: default 50
+## Passos
+### Step 0 — Preflight
+- MCP detection
+- Validar Phase 106 (organizations, organization_members, roles existem)
+- Validar Phase 109 (audit_logs + private.audit_log function existem)
+### Step 1 — Email provider via AskUserQuestion (se ausente)
+```
+- Supabase Auth Email (Recomendado para start) — usa supabase.auth.admin.inviteUserByEmail OU email customizado via service role
+- Resend — moderno, simples, 3000 emails/mês free
+- SendGrid — enterprise, alta entregabilidade
+- Postmark — alta entregabilidade, focused em transactional
+```
+### Step 2 — Migration brief para supabase-migration-writer
+```
+[Migration brief — invite-flow-implementer]
+Artefatos:
+1. Tabela public.org_invites (DDL completo da skill member-invite-flow)
+   - 3 indexes + 1 unique partial (pending duplicate prevention)
+   - 3 RLS policies (member view + insert with permission + super_admin bypass)
+2. RPC public.create_invite(p_org_id, p_email, p_role_name) → returns token text
+3. RPC public.accept_invite(p_token) → returns jsonb com status
+4. pg_cron schedule 'expire-pending-invites' diário 01:00 UTC
+Validações no INSERT:
+- Email format check
+- Role exists na org
+- Permission members:invite via RLS
+- Bulk rate limit: <bulk_limit_per_hour> invites/hora por org_id
+```
+Delegar.
+### Step 3 — Edge Function brief para supabase-edge-fn-writer
+```
+[Edge Function brief — invite-flow-implementer]
+Function name: send-invite-email
+verify_jwt: true (caller must be authenticated)
+Path: supabase/functions/send-invite-email/index.ts
+Behavior:
+1. POST com body { invite_id: uuid, token: text, base_url: text }
+2. Buscar invite em org_invites (RLS preserva permission)
+3. Construir URL accept: <base_url>/invites/<token>
+4. Enviar email via <email_provider> com:
+   - Subject: "Convite para <org.name>"
+   - Body: "Você foi convidado a entrar em <org.name>. Clique para aceitar: <url>. O link expira em <ttl_days> dias."
+5. Retornar { sent: true }
+Anti-pitfalls:
+- ANON_KEY com JWT (não service_role)
+- Token recebido via body, NÃO loggar token raw
+- Email provider key via Deno.env (Vault secret)
+```
+Delegar.
+### Step 4 — Output integrado
+```
+═══════════════════════════════════════════════════════════
+INVITE-FLOW-IMPLEMENTER · output integrado
+═══════════════════════════════════════════════════════════
+## 1. Decisões
+- Email provider: <chosen>
+- TTL: <ttl_days> dias
+- Bulk limit: <bulk_limit_per_hour>/hora
+## 2. Migration entregue
+<output supabase-migration-writer>
+## 3. Edge Function entregue
+<output supabase-edge-fn-writer>
+## 4. Frontend integration sketch
+- Code create_invite + send-invite-email
+- Code accept_invite ao clicar no email link
+- Code listing de invites pending para admin UI
+## 5. Próximos passos
+- Configurar email provider key (Vault: supabase secrets set <PROVIDER>_API_KEY=...)
+- Test: criar invite + verificar email recebido + clicar link + accept
+```
+## Anti-patterns prevenidos
+- Token raw em banco → REGRA #1 enforced no migration brief
+- Link sem email-lock → REGRA #3 enforced no accept_invite RPC
+- Race em accept → REGRA #4 (FOR UPDATE) enforced
+- Expire não automatizado → cron schedule incluído
+- Bulk spam → rate limit no migration brief
+## Quando NÃO invocar
+- Phase 106 ou 109 não implementadas → ABORT
+- App single-user (sem invites) → escopo errado
+- Invite via approval workflow (não token) → diferente, fora deste escopo
+## Observabilidade integrada
+- Counter `invite.created.count{org_id, role}`
+- Counter `invite.accepted.count{org_id, role}`
+- Histogram `invite.accept_latency_ms` (tempo entre create e accept)
+- Alarme se `invite.created.count > bulk_limit_per_hour` por org → suspeita de abuso
+## Cooperative handoff to supabase-rls-hardener (v1.23)
+Após gerar CREATE TABLE org_invites + RPC create_invite/accept_invite + cron expire pending, faça handoff cooperativo para SQL bloco:
+```python
+Task(subagent_type="supabase-rls-hardener", prompt=f"""
+<upstream_intent>
+Source agent: invite-flow-implementer
+Original goal: implementar invite flow B2B com token-based para {org_context}
+Constraints: token SHA-256 (raw enviado por email, hash no banco); TTL 7d single-use; state machine 5 estados (pending→accepted|rejected|cancelled|expired); email-lock obrigatório; idempotência via FOR UPDATE em transação
+</upstream_intent>
+<draft_sql>{generated_invites_sql}</draft_sql>
+<user_facing_caller>true</user_facing_caller>
+""")
+```
+Hardener valida token security (hash apenas no DB), RPC com SECURITY DEFINER em schema private, RLS por org_id. **NUNCA descarte intent upstream silenciosamente**.
+## Cooperative handoff column-level (v1.24 — CROSS-15)
+`org_invites.token_raw` é gerado durante create do invite (raw enviado por email, hash armazenado). Após email enviado, **nenhum role além de service_role** deve poder ler o raw — é segredo de uso único. Aplique handoff cooperativo column-level:
+```python
+Task(subagent_type="supabase-column-privileges-writer", prompt=f"""
+<upstream_intent>
+Source agent: invite-flow-implementer
+Original goal: token raw column (org_invites.token_raw) legível APENAS para service_role pós-criação
+Constraints: token_raw é segredo único, enviado por email durante create; hash armazenado para validation em accept; raw NUNCA visível em REST API; member_invited audit event não logga token_raw
+</upstream_intent>
+<table>schema: public, name: org_invites</table>
+<sensitive_columns>
+- token_raw (text — segredo, apenas service_role)
+</sensitive_columns>
+<allowed_roles>
+- service_role: SELECT all (incluindo token_raw — usado durante envio de email)
+- authenticated: SELECT (id, org_id, email, role, status, expires_at, created_at, accepted_at) — sem token_raw
+- anon: SELECT (status) — minimal, para "this invite is still valid?" check pre-login
+</allowed_roles>
+<user_facing_caller>true</user_facing_caller>
+""")
+```
+**Caveat:** mesmo com column-level, considere também armazenar APENAS o hash do token (não o raw) na tabela. token_raw fica em memory durante envio do email e descartado. Isso é defense-in-depth Camada 9 (não armazenar segredos).
+## Ver também
+- [supabase-rls-hardener](./supabase-rls-hardener.md) — canonical handoff target v1.23
+- [supabase-column-privileges-writer](./supabase-column-privileges-writer.md) — canonical handoff target v1.24 (column-level token raw)
+- [member-invite-flow](../skills/member-invite-flow/SKILL.md) — base de conhecimento
+- [supabase-migration-writer](./supabase-migration-writer.md) — invoked via Task() para SQL
+- [supabase-edge-fn-writer](./supabase-edge-fn-writer.md) — invoked via Task() para Edge Function
+- [audit-log-implementer](./audit-log-implementer.md) — Phase 109, audit_logs consumed
+- [_shared-multi-tenant/glossary.md](../skills/_shared-multi-tenant/glossary.md) — termos `bulk invite`, `email-locked invite`