@luanpdd/kit-mcp 1.30.2 → 1.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (347) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +168 -168
  3. package/gates/agent-no-recursive-dispatch.md +84 -82
  4. package/kit/COMANDOS.md +138 -138
  5. package/kit/README.md +76 -76
  6. package/kit/agents/advisor-researcher.md +107 -106
  7. package/kit/agents/ai-mutation-tester.md +1 -0
  8. package/kit/agents/assumptions-analyzer.md +108 -107
  9. package/kit/agents/audit-log-implementer.md +314 -313
  10. package/kit/agents/auditor-consistencia-isolamento.md +414 -413
  11. package/kit/agents/b2b-saas-architect.md +157 -156
  12. package/kit/agents/burn-rate-forecaster.md +1 -0
  13. package/kit/agents/cascading-failures-auditor.md +299 -298
  14. package/kit/agents/codebase-mapper.md +769 -768
  15. package/kit/agents/crm-pipeline-implementer.md +257 -256
  16. package/kit/agents/debugger.md +814 -813
  17. package/kit/agents/detector-tenant-quente.md +338 -337
  18. package/kit/agents/evolution-go-integrator.md +201 -200
  19. package/kit/agents/example-reviewer.md +22 -21
  20. package/kit/agents/executor.md +565 -564
  21. package/kit/agents/golden-signals-instrumenter.md +1 -0
  22. package/kit/agents/incident-investigator.md +1 -0
  23. package/kit/agents/integration-checker.md +201 -200
  24. package/kit/agents/invite-flow-implementer.md +190 -189
  25. package/kit/agents/legacy-characterizer.md +369 -368
  26. package/kit/agents/lgpd-compliance-auditor.md +296 -295
  27. package/kit/agents/load-shedding-instrumenter.md +1 -0
  28. package/kit/agents/multi-tenant-isolation-auditor.md +254 -253
  29. package/kit/agents/multi-tenant-rls-writer.md +341 -340
  30. package/kit/agents/nyquist-auditor.md +179 -178
  31. package/kit/agents/observability-coverage-auditor.md +316 -315
  32. package/kit/agents/observability-instrumenter.md +1 -0
  33. package/kit/agents/omm-auditor.md +1 -0
  34. package/kit/agents/org-onboarding-implementer.md +224 -223
  35. package/kit/agents/payload-capture-instrumenter.md +274 -273
  36. package/kit/agents/phase-researcher.md +697 -696
  37. package/kit/agents/plan-checker.md +273 -272
  38. package/kit/agents/planner.md +923 -922
  39. package/kit/agents/postmortem-writer.md +1 -0
  40. package/kit/agents/project-researcher.md +653 -652
  41. package/kit/agents/prr-conductor.md +1 -0
  42. package/kit/agents/refactor-safety-auditor.md +405 -404
  43. package/kit/agents/release-pipeline-auditor.md +1 -0
  44. package/kit/agents/research-synthesizer.md +246 -245
  45. package/kit/agents/roadmapper.md +678 -677
  46. package/kit/agents/schema-checker.md +1 -0
  47. package/kit/agents/seam-finder.md +360 -359
  48. package/kit/agents/shotgun-surgery-detector.md +350 -349
  49. package/kit/agents/slo-engineer.md +1 -0
  50. package/kit/agents/storytelling-analyst.md +1 -0
  51. package/kit/agents/supabase-architect.md +1 -0
  52. package/kit/agents/supabase-auth-bootstrapper.md +1 -0
  53. package/kit/agents/supabase-branching-architect.md +563 -562
  54. package/kit/agents/supabase-cicd-pipeline-implementer.md +778 -777
  55. package/kit/agents/supabase-column-privileges-writer.md +400 -399
  56. package/kit/agents/supabase-edge-fn-tester.md +2 -1
  57. package/kit/agents/supabase-edge-fn-writer.md +2 -1
  58. package/kit/agents/supabase-migration-writer.md +386 -385
  59. package/kit/agents/supabase-rbac-implementer.md +393 -392
  60. package/kit/agents/supabase-realtime-implementer.md +364 -363
  61. package/kit/agents/supabase-rls-hardener.md +522 -521
  62. package/kit/agents/supabase-rls-writer.md +324 -323
  63. package/kit/agents/supabase-roles-implementer.md +356 -355
  64. package/kit/agents/supabase-storage-implementer.md +1 -0
  65. package/kit/agents/super-admin-implementer.md +282 -281
  66. package/kit/agents/toil-auditor.md +1 -0
  67. package/kit/agents/ui-auditor.md +438 -437
  68. package/kit/agents/ui-checker.md +303 -302
  69. package/kit/agents/ui-researcher.md +356 -355
  70. package/kit/agents/user-profiler.md +176 -175
  71. package/kit/agents/validador-evolucao-schema.md +336 -335
  72. package/kit/agents/verifier.md +729 -728
  73. package/kit/commands/adicionar-backlog.md +75 -75
  74. package/kit/commands/adicionar-fase.md +42 -42
  75. package/kit/commands/adicionar-tarefa.md +45 -45
  76. package/kit/commands/adicionar-testes.md +41 -41
  77. package/kit/commands/ajuda.md +21 -21
  78. package/kit/commands/atualizar.md +37 -37
  79. package/kit/commands/auditar-cascading.md +111 -111
  80. package/kit/commands/auditar-marco.md +179 -179
  81. package/kit/commands/auditar-observabilidade-cobertura.md +183 -183
  82. package/kit/commands/auditar-refactor.md +219 -219
  83. package/kit/commands/auditar-release.md +109 -109
  84. package/kit/commands/auditar-uat.md +23 -23
  85. package/kit/commands/autonomo.md +40 -40
  86. package/kit/commands/branch-pr.md +24 -24
  87. package/kit/commands/burn-rate-status.md +408 -408
  88. package/kit/commands/capturar-payloads.md +193 -193
  89. package/kit/commands/caracterizar.md +212 -212
  90. package/kit/commands/concluir-marco.md +247 -247
  91. package/kit/commands/configuracoes.md +36 -36
  92. package/kit/commands/dados-distribuidos.md +188 -188
  93. package/kit/commands/definir-perfil.md +10 -10
  94. package/kit/commands/depurar.md +190 -190
  95. package/kit/commands/detectar-duplicacao.md +197 -197
  96. package/kit/commands/discutir-fase.md +131 -131
  97. package/kit/commands/encontrar-seams.md +136 -136
  98. package/kit/commands/entrar-discord.md +17 -17
  99. package/kit/commands/estatisticas.md +18 -18
  100. package/kit/commands/example-greeting.md +33 -33
  101. package/kit/commands/executar-fase.md +58 -58
  102. package/kit/commands/expresso.md +56 -56
  103. package/kit/commands/fase-ui.md +34 -34
  104. package/kit/commands/fazer.md +57 -57
  105. package/kit/commands/fio.md +125 -125
  106. package/kit/commands/fluxos-trabalho.md +64 -64
  107. package/kit/commands/forense.md +176 -176
  108. package/kit/commands/gerenciador.md +38 -38
  109. package/kit/commands/inserir-fase.md +31 -31
  110. package/kit/commands/legacy.md +263 -263
  111. package/kit/commands/limpeza.md +17 -17
  112. package/kit/commands/listar-hipoteses-fase.md +45 -45
  113. package/kit/commands/listar-workspaces.md +18 -18
  114. package/kit/commands/load-shedding.md +117 -117
  115. package/kit/commands/mapear-codebase.md +70 -70
  116. package/kit/commands/multi-tenant.md +163 -163
  117. package/kit/commands/nota.md +33 -33
  118. package/kit/commands/novo-marco.md +43 -43
  119. package/kit/commands/novo-projeto.md +41 -41
  120. package/kit/commands/novo-workspace.md +43 -43
  121. package/kit/commands/pausar-trabalho.md +37 -37
  122. package/kit/commands/perfil-usuario.md +45 -45
  123. package/kit/commands/pesquisar-fase.md +195 -195
  124. package/kit/commands/planejar-fase.md +67 -67
  125. package/kit/commands/planejar-lacunas.md +33 -33
  126. package/kit/commands/plantar-ideia.md +25 -25
  127. package/kit/commands/progresso.md +24 -24
  128. package/kit/commands/proximo.md +30 -30
  129. package/kit/commands/publicar.md +490 -490
  130. package/kit/commands/rapido.md +35 -35
  131. package/kit/commands/reaplicar-patches.md +124 -124
  132. package/kit/commands/refactor-seguro.md +321 -321
  133. package/kit/commands/relatorio-sessao.md +19 -19
  134. package/kit/commands/remover-fase.md +31 -31
  135. package/kit/commands/remover-workspace.md +26 -26
  136. package/kit/commands/resumo-marco.md +50 -50
  137. package/kit/commands/retomar-trabalho.md +40 -40
  138. package/kit/commands/revisar-backlog.md +60 -60
  139. package/kit/commands/revisar-ui.md +32 -32
  140. package/kit/commands/revisar.md +37 -37
  141. package/kit/commands/saude.md +21 -21
  142. package/kit/commands/setup-notion.md +93 -93
  143. package/kit/commands/storytelling.md +179 -179
  144. package/kit/commands/sync-main.md +68 -68
  145. package/kit/commands/validar-fase.md +35 -35
  146. package/kit/commands/verificar-tarefas.md +44 -44
  147. package/kit/commands/verificar-trabalho.md +64 -64
  148. package/kit/file-manifest.json +82 -81
  149. package/kit/framework/bin/lib/commands.cjs +959 -959
  150. package/kit/framework/bin/lib/config.cjs +442 -442
  151. package/kit/framework/bin/lib/core.cjs +1230 -1230
  152. package/kit/framework/bin/lib/frontmatter.cjs +336 -336
  153. package/kit/framework/bin/lib/init.cjs +1442 -1442
  154. package/kit/framework/bin/lib/milestone.cjs +252 -252
  155. package/kit/framework/bin/lib/model-profiles.cjs +68 -68
  156. package/kit/framework/bin/lib/phase.cjs +888 -888
  157. package/kit/framework/bin/lib/profile-output.cjs +952 -952
  158. package/kit/framework/bin/lib/profile-pipeline.cjs +539 -539
  159. package/kit/framework/bin/lib/roadmap.cjs +329 -329
  160. package/kit/framework/bin/lib/security.cjs +382 -382
  161. package/kit/framework/bin/lib/state.cjs +1031 -1031
  162. package/kit/framework/bin/lib/template.cjs +222 -222
  163. package/kit/framework/bin/lib/uat.cjs +282 -282
  164. package/kit/framework/bin/lib/verify.cjs +888 -888
  165. package/kit/framework/bin/lib/workstream.cjs +491 -491
  166. package/kit/framework/bin/tools.cjs +918 -918
  167. package/kit/framework/commands/workstreams.md +63 -63
  168. package/kit/framework/references/checkpoints.md +778 -778
  169. package/kit/framework/references/continuation-format.md +249 -249
  170. package/kit/framework/references/decimal-phase-calculation.md +64 -64
  171. package/kit/framework/references/git-integration.md +295 -295
  172. package/kit/framework/references/git-planning-commit.md +38 -38
  173. package/kit/framework/references/model-profile-resolution.md +36 -36
  174. package/kit/framework/references/model-profiles.md +139 -139
  175. package/kit/framework/references/phase-argument-parsing.md +61 -61
  176. package/kit/framework/references/planning-config.md +202 -202
  177. package/kit/framework/references/questioning.md +162 -162
  178. package/kit/framework/references/tdd.md +263 -263
  179. package/kit/framework/references/ui-brand.md +160 -160
  180. package/kit/framework/references/user-profiling.md +657 -657
  181. package/kit/framework/references/verification-patterns.md +612 -612
  182. package/kit/framework/references/workstream-flag.md +58 -58
  183. package/kit/framework/templates/DEBUG.md +164 -164
  184. package/kit/framework/templates/UAT.md +265 -265
  185. package/kit/framework/templates/UI-SPEC.md +100 -100
  186. package/kit/framework/templates/VALIDATION.md +76 -76
  187. package/kit/framework/templates/claude-md.md +122 -122
  188. package/kit/framework/templates/codebase/architecture.md +185 -185
  189. package/kit/framework/templates/codebase/concerns.md +205 -205
  190. package/kit/framework/templates/codebase/conventions.md +204 -204
  191. package/kit/framework/templates/codebase/integrations.md +192 -192
  192. package/kit/framework/templates/codebase/stack.md +158 -158
  193. package/kit/framework/templates/codebase/structure.md +199 -199
  194. package/kit/framework/templates/codebase/testing.md +301 -301
  195. package/kit/framework/templates/config.json +44 -44
  196. package/kit/framework/templates/context.md +352 -352
  197. package/kit/framework/templates/continue-here.md +78 -78
  198. package/kit/framework/templates/copilot-instructions.md +7 -7
  199. package/kit/framework/templates/debug-subagent-prompt.md +91 -91
  200. package/kit/framework/templates/dev-preferences.md +20 -20
  201. package/kit/framework/templates/discovery.md +146 -146
  202. package/kit/framework/templates/discussion-log.md +63 -63
  203. package/kit/framework/templates/milestone-archive.md +123 -123
  204. package/kit/framework/templates/milestone.md +115 -115
  205. package/kit/framework/templates/phase-prompt.md +610 -610
  206. package/kit/framework/templates/planner-subagent-prompt.md +117 -117
  207. package/kit/framework/templates/project.md +186 -186
  208. package/kit/framework/templates/requirements.md +231 -231
  209. package/kit/framework/templates/research-project/ARCHITECTURE.md +204 -204
  210. package/kit/framework/templates/research-project/FEATURES.md +147 -147
  211. package/kit/framework/templates/research-project/PITFALLS.md +200 -200
  212. package/kit/framework/templates/research-project/STACK.md +120 -120
  213. package/kit/framework/templates/research-project/SUMMARY.md +170 -170
  214. package/kit/framework/templates/research.md +419 -419
  215. package/kit/framework/templates/retrospective.md +54 -54
  216. package/kit/framework/templates/roadmap.md +202 -202
  217. package/kit/framework/templates/state.md +176 -176
  218. package/kit/framework/templates/summary-complex.md +59 -59
  219. package/kit/framework/templates/summary-minimal.md +41 -41
  220. package/kit/framework/templates/summary-standard.md +48 -48
  221. package/kit/framework/templates/summary.md +209 -209
  222. package/kit/framework/templates/user-profile.md +146 -146
  223. package/kit/framework/templates/user-setup.md +256 -256
  224. package/kit/framework/templates/verification-report.md +258 -258
  225. package/kit/framework/workflows/add-phase.md +112 -112
  226. package/kit/framework/workflows/add-tests.md +351 -351
  227. package/kit/framework/workflows/add-todo.md +158 -158
  228. package/kit/framework/workflows/audit-milestone.md +340 -340
  229. package/kit/framework/workflows/audit-uat.md +109 -109
  230. package/kit/framework/workflows/autonomous.md +891 -891
  231. package/kit/framework/workflows/check-todos.md +177 -177
  232. package/kit/framework/workflows/cleanup.md +152 -152
  233. package/kit/framework/workflows/complete-milestone.md +696 -696
  234. package/kit/framework/workflows/diagnose-issues.md +231 -231
  235. package/kit/framework/workflows/discovery-phase.md +289 -289
  236. package/kit/framework/workflows/discuss-phase-assumptions.md +653 -653
  237. package/kit/framework/workflows/discuss-phase.md +784 -784
  238. package/kit/framework/workflows/do.md +104 -104
  239. package/kit/framework/workflows/execute-phase.md +838 -838
  240. package/kit/framework/workflows/execute-plan.md +510 -510
  241. package/kit/framework/workflows/fast.md +102 -102
  242. package/kit/framework/workflows/forensics.md +265 -265
  243. package/kit/framework/workflows/health.md +181 -181
  244. package/kit/framework/workflows/help.md +619 -619
  245. package/kit/framework/workflows/insert-phase.md +130 -130
  246. package/kit/framework/workflows/list-phase-assumptions.md +178 -178
  247. package/kit/framework/workflows/list-workspaces.md +56 -56
  248. package/kit/framework/workflows/manager.md +362 -362
  249. package/kit/framework/workflows/map-codebase.md +377 -377
  250. package/kit/framework/workflows/milestone-summary.md +223 -223
  251. package/kit/framework/workflows/new-milestone.md +486 -486
  252. package/kit/framework/workflows/new-project.md +1159 -1159
  253. package/kit/framework/workflows/new-workspace.md +237 -237
  254. package/kit/framework/workflows/next.md +97 -97
  255. package/kit/framework/workflows/node-repair.md +92 -92
  256. package/kit/framework/workflows/note.md +156 -156
  257. package/kit/framework/workflows/pause-work.md +176 -176
  258. package/kit/framework/workflows/plan-milestone-gaps.md +273 -273
  259. package/kit/framework/workflows/plan-phase.md +765 -765
  260. package/kit/framework/workflows/plant-seed.md +169 -169
  261. package/kit/framework/workflows/pr-branch.md +129 -129
  262. package/kit/framework/workflows/profile-user.md +450 -450
  263. package/kit/framework/workflows/progress.md +507 -507
  264. package/kit/framework/workflows/quick.md +757 -757
  265. package/kit/framework/workflows/remove-phase.md +155 -155
  266. package/kit/framework/workflows/remove-workspace.md +90 -90
  267. package/kit/framework/workflows/research-phase.md +82 -82
  268. package/kit/framework/workflows/resume-project.md +326 -326
  269. package/kit/framework/workflows/review.md +228 -228
  270. package/kit/framework/workflows/session-report.md +146 -146
  271. package/kit/framework/workflows/settings.md +283 -283
  272. package/kit/framework/workflows/ship.md +228 -228
  273. package/kit/framework/workflows/stats.md +60 -60
  274. package/kit/framework/workflows/transition.md +671 -671
  275. package/kit/framework/workflows/ui-phase.md +302 -302
  276. package/kit/framework/workflows/ui-review.md +165 -165
  277. package/kit/framework/workflows/update.md +323 -323
  278. package/kit/framework/workflows/validate-phase.md +174 -174
  279. package/kit/framework/workflows/verify-phase.md +252 -252
  280. package/kit/framework/workflows/verify-work.md +637 -637
  281. package/kit/hooks/check-update.js +118 -118
  282. package/kit/hooks/context-monitor.js +163 -163
  283. package/kit/hooks/kit-attribution-reminder.cjs +29 -50
  284. package/kit/hooks/kit-router.cjs +137 -0
  285. package/kit/hooks/prompt-guard.js +103 -103
  286. package/kit/hooks/statusline.js +125 -125
  287. package/kit/hooks/workflow-guard.js +101 -101
  288. package/kit/settings.json +45 -45
  289. package/kit/skills/ai-prompt-characterization/SKILL.md +335 -335
  290. package/kit/skills/armadilhas-sistemas-distribuidos/SKILL.md +447 -447
  291. package/kit/skills/audit-log-multi-tenant/SKILL.md +340 -340
  292. package/kit/skills/b2b-saas-architecture/SKILL.md +300 -300
  293. package/kit/skills/consistencia-leitura-replica/SKILL.md +385 -385
  294. package/kit/skills/crm-lead-pipeline-patterns/SKILL.md +343 -343
  295. package/kit/skills/escolha-modelo-consistencia/SKILL.md +494 -494
  296. package/kit/skills/evolucao-schema-compativel/SKILL.md +448 -448
  297. package/kit/skills/evolution-go-whatsapp-integration/SKILL.md +322 -322
  298. package/kit/skills/example-skill/SKILL.md +42 -42
  299. package/kit/skills/legacy-api-only-applications/SKILL.md +358 -358
  300. package/kit/skills/legacy-characterization-tests/SKILL.md +330 -330
  301. package/kit/skills/legacy-effect-analysis/SKILL.md +331 -331
  302. package/kit/skills/legacy-extract-class/SKILL.md +203 -203
  303. package/kit/skills/legacy-programming-by-difference/SKILL.md +252 -252
  304. package/kit/skills/legacy-seams-and-test-harness/SKILL.md +460 -460
  305. package/kit/skills/legacy-shotgun-surgery/SKILL.md +286 -286
  306. package/kit/skills/legacy-sprout-wrap-techniques/SKILL.md +434 -434
  307. package/kit/skills/legacy-storytelling-naked-crc/SKILL.md +270 -270
  308. package/kit/skills/lgpd-multi-tenant-compliance/SKILL.md +340 -340
  309. package/kit/skills/member-invite-flow/SKILL.md +305 -305
  310. package/kit/skills/member-management-react-shadcn/SKILL.md +328 -328
  311. package/kit/skills/multi-tenant-performance-scaling/SKILL.md +316 -316
  312. package/kit/skills/multi-tenant-rls-hierarchy/SKILL.md +342 -342
  313. package/kit/skills/org-onboarding-flow/SKILL.md +257 -257
  314. package/kit/skills/org-switcher-react-pattern/SKILL.md +349 -349
  315. package/kit/skills/permission-gate-react-pattern/SKILL.md +271 -271
  316. package/kit/skills/postgres-isolamento-concorrencia/SKILL.md +552 -552
  317. package/kit/skills/pre-refactor-characterization/SKILL.md +421 -421
  318. package/kit/skills/rbac-permissions-matrix-supabase/SKILL.md +338 -338
  319. package/kit/skills/streams-eventos-cdc/SKILL.md +711 -711
  320. package/kit/skills/supabase-branching-workflow/SKILL.md +544 -544
  321. package/kit/skills/supabase-ci-cd-github-actions/SKILL.md +880 -880
  322. package/kit/skills/supabase-column-level-security/SKILL.md +426 -426
  323. package/kit/skills/supabase-config-toml-remotes/SKILL.md +807 -807
  324. package/kit/skills/supabase-custom-claims-rbac/SKILL.md +472 -472
  325. package/kit/skills/supabase-edge-functions/SKILL.md +1 -1
  326. package/kit/skills/supabase-edge-functions-auth/SKILL.md +1 -1
  327. package/kit/skills/supabase-edge-functions-limits/SKILL.md +1 -1
  328. package/kit/skills/supabase-edge-functions-mcp-server/SKILL.md +1 -1
  329. package/kit/skills/supabase-edge-functions-testing/SKILL.md +1 -1
  330. package/kit/skills/supabase-edge-runtime-builtins/SKILL.md +1 -1
  331. package/kit/skills/supabase-migration-repair/SKILL.md +823 -823
  332. package/kit/skills/supabase-migrations/SKILL.md +297 -297
  333. package/kit/skills/supabase-pgtap-testing/SKILL.md +1053 -1053
  334. package/kit/skills/supabase-postgres-roles/SKILL.md +392 -392
  335. package/kit/skills/supabase-realtime/SKILL.md +460 -460
  336. package/kit/skills/supabase-rls-defense-in-depth/SKILL.md +418 -418
  337. package/kit/skills/supabase-rls-policies/SKILL.md +635 -635
  338. package/kit/skills/super-admin-platform-pattern/SKILL.md +326 -326
  339. package/kit/skills/tenant-quente-mitigacao/SKILL.md +605 -605
  340. package/kit/skills/whatsapp-conversation-state-machine/SKILL.md +287 -287
  341. package/package.json +1 -1
  342. package/src/core/kit.js +216 -216
  343. package/src/core/reflect.js +247 -247
  344. package/src/core/reverse-sync.js +372 -372
  345. package/src/core/sync.js +437 -418
  346. package/src/core/watch.js +121 -121
  347. package/src/mcp-server/index.js +794 -746
package/kit/agents/invite-flow-implementer.md CHANGED
@@ -1,189 +1,190 @@
1
- ---
2
- name: invite-flow-implementer
3
- description: Materializa invite flow B2B — tabela org_invites + RPC create_invite (token raw retornado) + RPC accept_invite (idempotente via FOR UPDATE) + cron expire pending.
4
- tools: Read, Write, Edit, Bash, Grep, Glob, Task, AskUserQuestion, mcp__supabase__execute_sql
5
- color: green
6
- ---
7
-
8
- Você é o **invite-flow-implementer**. Materializa fluxo completo de invite — tabela + RPCs + cron expiração + Edge Function de envio email. Lê skill [`member-invite-flow`](../skills/member-invite-flow/SKILL.md). **Delega SQL para `supabase-migration-writer`** e Edge Function para `supabase-edge-fn-writer`.
9
-
10
- **Compat:** Full em Claude Code + Cursor (com Supabase MCP); Partial em Codex + Gemini CLI.
11
-
12
- ## Inputs
13
-
14
- - (Opcional) `email_provider`: `supabase` (default — usa Supabase Auth Email API), `resend`, `sendgrid`, `postmark`
15
- - (Opcional) `ttl_days`: default 7
16
- - (Opcional) `bulk_limit_per_hour`: default 50
17
-
18
- ## Passos
19
-
20
- ### Step 0 — Preflight
21
- - MCP detection
22
- - Validar Phase 106 (organizations, organization_members, roles existem)
23
- - Validar Phase 109 (audit_logs + private.audit_log function existem)
24
-
25
- ### Step 1 — Email provider via AskUserQuestion (se ausente)
26
-
27
- ```
28
- - Supabase Auth Email (Recomendado para start) — usa supabase.auth.admin.inviteUserByEmail OU email customizado via service role
29
- - Resendmoderno, simples, 3000 emails/mês free
30
- - SendGridenterprise, alta entregabilidade
31
- - Postmark — alta entregabilidade, focused em transactional
32
- ```
33
-
34
- ### Step 2 — Migration brief para supabase-migration-writer
35
-
36
- ```
37
- [Migration brief — invite-flow-implementer]
38
-
39
- Artefatos:
40
- 1. Tabela public.org_invites (DDL completo da skill member-invite-flow)
41
- - 3 indexes + 1 unique partial (pending duplicate prevention)
42
- - 3 RLS policies (member view + insert with permission + super_admin bypass)
43
- 2. RPC public.create_invite(p_org_id, p_email, p_role_name) returns token text
44
- 3. RPC public.accept_invite(p_token) → returns jsonb com status
45
- 4. pg_cron schedule 'expire-pending-invites' diário 01:00 UTC
46
-
47
- Validações no INSERT:
48
- - Email format check
49
- - Role exists na org
50
- - Permission members:invite via RLS
51
- - Bulk rate limit: <bulk_limit_per_hour> invites/hora por org_id
52
- ```
53
-
54
- Delegar.
55
-
56
- ### Step 3 — Edge Function brief para supabase-edge-fn-writer
57
-
58
- ```
59
- [Edge Function brief — invite-flow-implementer]
60
-
61
- Function name: send-invite-email
62
- verify_jwt: true (caller must be authenticated)
63
- Path: supabase/functions/send-invite-email/index.ts
64
-
65
- Behavior:
66
- 1. POST com body { invite_id: uuid, token: text, base_url: text }
67
- 2. Buscar invite em org_invites (RLS preserva permission)
68
- 3. Construir URL accept: <base_url>/invites/<token>
69
- 4. Enviar email via <email_provider> com:
70
- - Subject: "Convite para <org.name>"
71
- - Body: "Você foi convidado a entrar em <org.name>. Clique para aceitar: <url>. O link expira em <ttl_days> dias."
72
- 5. Retornar { sent: true }
73
-
74
- Anti-pitfalls:
75
- - ANON_KEY com JWT (não service_role)
76
- - Token recebido via body, NÃO loggar token raw
77
- - Email provider key via Deno.env (Vault secret)
78
- ```
79
-
80
- Delegar.
81
-
82
- ### Step 4 — Output integrado
83
-
84
- ```
85
- ═══════════════════════════════════════════════════════════
86
- INVITE-FLOW-IMPLEMENTER · output integrado
87
- ═══════════════════════════════════════════════════════════
88
-
89
- ## 1. Decisões
90
- - Email provider: <chosen>
91
- - TTL: <ttl_days> dias
92
- - Bulk limit: <bulk_limit_per_hour>/hora
93
-
94
- ## 2. Migration entregue
95
- <output supabase-migration-writer>
96
-
97
- ## 3. Edge Function entregue
98
- <output supabase-edge-fn-writer>
99
-
100
- ## 4. Frontend integration sketch
101
- - Code create_invite + send-invite-email
102
- - Code accept_invite ao clicar no email link
103
- - Code listing de invites pending para admin UI
104
-
105
- ## 5. Próximos passos
106
- - Configurar email provider key (Vault: supabase secrets set <PROVIDER>_API_KEY=...)
107
- - Test: criar invite + verificar email recebido + clicar link + accept
108
- ```
109
-
110
- ## Anti-patterns prevenidos
111
-
112
- - Token raw em banco → REGRA #1 enforced no migration brief
113
- - Link sem email-lock → REGRA #3 enforced no accept_invite RPC
114
- - Race em accept → REGRA #4 (FOR UPDATE) enforced
115
- - Expire não automatizadocron schedule incluído
116
- - Bulk spamrate limit no migration brief
117
-
118
- ## Quando NÃO invocar
119
-
120
- - Phase 106 ou 109 não implementadas → ABORT
121
- - App single-user (sem invites)escopo errado
122
- - Invite via approval workflow (não token) → diferente, fora deste escopo
123
-
124
- ## Observabilidade integrada
125
-
126
- - Counter `invite.created.count{org_id, role}`
127
- - Counter `invite.accepted.count{org_id, role}`
128
- - Histogram `invite.accept_latency_ms` (tempo entre create e accept)
129
- - Alarme se `invite.created.count > bulk_limit_per_hour` por org suspeita de abuso
130
-
131
- ## Cooperative handoff to supabase-rls-hardener (v1.23)
132
-
133
- Após gerar CREATE TABLE org_invites + RPC create_invite/accept_invite + cron expire pending, faça handoff cooperativo para SQL bloco:
134
-
135
- ```python
136
- Task(subagent_type="supabase-rls-hardener", prompt=f"""
137
- <upstream_intent>
138
- Source agent: invite-flow-implementer
139
- Original goal: implementar invite flow B2B com token-based para {org_context}
140
- Constraints: token SHA-256 (raw enviado por email, hash no banco); TTL 7d single-use; state machine 5 estados (pending→accepted|rejected|cancelled|expired); email-lock obrigatório; idempotência via FOR UPDATE em transação
141
- </upstream_intent>
142
-
143
- <draft_sql>{generated_invites_sql}</draft_sql>
144
-
145
- <user_facing_caller>true</user_facing_caller>
146
- """)
147
- ```
148
-
149
- Hardener valida token security (hash apenas no DB), RPC com SECURITY DEFINER em schema private, RLS por org_id. **NUNCA descarte intent upstream silenciosamente**.
150
-
151
- ## Cooperative handoff column-level (v1.24 — CROSS-15)
152
-
153
- `org_invites.token_raw` é gerado durante create do invite (raw enviado por email, hash armazenado). Após email enviado, **nenhum role além de service_role** deve poder ler o raw — é segredo de uso único. Aplique handoff cooperativo column-level:
154
-
155
- ```python
156
- Task(subagent_type="supabase-column-privileges-writer", prompt=f"""
157
- <upstream_intent>
158
- Source agent: invite-flow-implementer
159
- Original goal: token raw column (org_invites.token_raw) legível APENAS para service_role pós-criação
160
- Constraints: token_raw é segredo único, enviado por email durante create; hash armazenado para validation em accept; raw NUNCA visível em REST API; member_invited audit event não logga token_raw
161
- </upstream_intent>
162
-
163
- <table>schema: public, name: org_invites</table>
164
-
165
- <sensitive_columns>
166
- - token_raw (text — segredo, apenas service_role)
167
- </sensitive_columns>
168
-
169
- <allowed_roles>
170
- - service_role: SELECT all (incluindo token_raw — usado durante envio de email)
171
- - authenticated: SELECT (id, org_id, email, role, status, expires_at, created_at, accepted_at) — sem token_raw
172
- - anon: SELECT (status) minimal, para "this invite is still valid?" check pre-login
173
- </allowed_roles>
174
-
175
- <user_facing_caller>true</user_facing_caller>
176
- """)
177
- ```
178
-
179
- **Caveat:** mesmo com column-level, considere também armazenar APENAS o hash do token (não o raw) na tabela. token_raw fica em memory durante envio do email e descartado. Isso é defense-in-depth Camada 9 (não armazenar segredos).
180
-
181
- ## Ver também
182
-
183
- - [supabase-rls-hardener](./supabase-rls-hardener.md) — canonical handoff target v1.23
184
- - [supabase-column-privileges-writer](./supabase-column-privileges-writer.md) — canonical handoff target v1.24 (column-level token raw)
185
- - [member-invite-flow](../skills/member-invite-flow/SKILL.md) — base de conhecimento
186
- - [supabase-migration-writer](./supabase-migration-writer.md) — invoked via Task() para SQL
187
- - [supabase-edge-fn-writer](./supabase-edge-fn-writer.md) — invoked via Task() para Edge Function
188
- - [audit-log-implementer](./audit-log-implementer.md) — Phase 109, audit_logs consumed
189
- - [_shared-multi-tenant/glossary.md](../skills/_shared-multi-tenant/glossary.md) — termos `bulk invite`, `email-locked invite`
1
+ ---
2
+ name: invite-flow-implementer
3
+ tier: specialized
4
+ description: Materializa invite flow B2B tabela org_invites + RPC create_invite (token raw retornado) + RPC accept_invite (idempotente via FOR UPDATE) + cron expire pending.
5
+ tools: Read, Write, Edit, Bash, Grep, Glob, Task, AskUserQuestion, mcp__supabase__execute_sql
6
+ color: green
7
+ ---
8
+
9
+ Você é o **invite-flow-implementer**. Materializa fluxo completo de invite — tabela + RPCs + cron expiração + Edge Function de envio email. Lê skill [`member-invite-flow`](../skills/member-invite-flow/SKILL.md). **Delega SQL para `supabase-migration-writer`** e Edge Function para `supabase-edge-fn-writer`.
10
+
11
+ **Compat:** Full em Claude Code + Cursor (com Supabase MCP); Partial em Codex + Gemini CLI.
12
+
13
+ ## Inputs
14
+
15
+ - (Opcional) `email_provider`: `supabase` (default — usa Supabase Auth Email API), `resend`, `sendgrid`, `postmark`
16
+ - (Opcional) `ttl_days`: default 7
17
+ - (Opcional) `bulk_limit_per_hour`: default 50
18
+
19
+ ## Passos
20
+
21
+ ### Step 0 — Preflight
22
+ - MCP detection
23
+ - Validar Phase 106 (organizations, organization_members, roles existem)
24
+ - Validar Phase 109 (audit_logs + private.audit_log function existem)
25
+
26
+ ### Step 1 — Email provider via AskUserQuestion (se ausente)
27
+
28
+ ```
29
+ - Supabase Auth Email (Recomendado para start) usa supabase.auth.admin.inviteUserByEmail OU email customizado via service role
30
+ - Resendmoderno, simples, 3000 emails/mês free
31
+ - SendGridenterprise, alta entregabilidade
32
+ - Postmark — alta entregabilidade, focused em transactional
33
+ ```
34
+
35
+ ### Step 2 — Migration brief para supabase-migration-writer
36
+
37
+ ```
38
+ [Migration brief — invite-flow-implementer]
39
+
40
+ Artefatos:
41
+ 1. Tabela public.org_invites (DDL completo da skill member-invite-flow)
42
+ - 3 indexes + 1 unique partial (pending duplicate prevention)
43
+ - 3 RLS policies (member view + insert with permission + super_admin bypass)
44
+ 2. RPC public.create_invite(p_org_id, p_email, p_role_name) → returns token text
45
+ 3. RPC public.accept_invite(p_token) returns jsonb com status
46
+ 4. pg_cron schedule 'expire-pending-invites' diário 01:00 UTC
47
+
48
+ Validações no INSERT:
49
+ - Email format check
50
+ - Role exists na org
51
+ - Permission members:invite via RLS
52
+ - Bulk rate limit: <bulk_limit_per_hour> invites/hora por org_id
53
+ ```
54
+
55
+ Delegar.
56
+
57
+ ### Step 3 — Edge Function brief para supabase-edge-fn-writer
58
+
59
+ ```
60
+ [Edge Function brief — invite-flow-implementer]
61
+
62
+ Function name: send-invite-email
63
+ verify_jwt: true (caller must be authenticated)
64
+ Path: supabase/functions/send-invite-email/index.ts
65
+
66
+ Behavior:
67
+ 1. POST com body { invite_id: uuid, token: text, base_url: text }
68
+ 2. Buscar invite em org_invites (RLS preserva permission)
69
+ 3. Construir URL accept: <base_url>/invites/<token>
70
+ 4. Enviar email via <email_provider> com:
71
+ - Subject: "Convite para <org.name>"
72
+ - Body: "Você foi convidado a entrar em <org.name>. Clique para aceitar: <url>. O link expira em <ttl_days> dias."
73
+ 5. Retornar { sent: true }
74
+
75
+ Anti-pitfalls:
76
+ - ANON_KEY com JWT (não service_role)
77
+ - Token recebido via body, NÃO loggar token raw
78
+ - Email provider key via Deno.env (Vault secret)
79
+ ```
80
+
81
+ Delegar.
82
+
83
+ ### Step 4 — Output integrado
84
+
85
+ ```
86
+ ═══════════════════════════════════════════════════════════
87
+ INVITE-FLOW-IMPLEMENTER · output integrado
88
+ ═══════════════════════════════════════════════════════════
89
+
90
+ ## 1. Decisões
91
+ - Email provider: <chosen>
92
+ - TTL: <ttl_days> dias
93
+ - Bulk limit: <bulk_limit_per_hour>/hora
94
+
95
+ ## 2. Migration entregue
96
+ <output supabase-migration-writer>
97
+
98
+ ## 3. Edge Function entregue
99
+ <output supabase-edge-fn-writer>
100
+
101
+ ## 4. Frontend integration sketch
102
+ - Code create_invite + send-invite-email
103
+ - Code accept_invite ao clicar no email link
104
+ - Code listing de invites pending para admin UI
105
+
106
+ ## 5. Próximos passos
107
+ - Configurar email provider key (Vault: supabase secrets set <PROVIDER>_API_KEY=...)
108
+ - Test: criar invite + verificar email recebido + clicar link + accept
109
+ ```
110
+
111
+ ## Anti-patterns prevenidos
112
+
113
+ - Token raw em banco → REGRA #1 enforced no migration brief
114
+ - Link sem email-lock → REGRA #3 enforced no accept_invite RPC
115
+ - Race em acceptREGRA #4 (FOR UPDATE) enforced
116
+ - Expire não automatizado cron schedule incluído
117
+ - Bulk spam → rate limit no migration brief
118
+
119
+ ## Quando NÃO invocar
120
+
121
+ - Phase 106 ou 109 não implementadas ABORT
122
+ - App single-user (sem invites) → escopo errado
123
+ - Invite via approval workflow (não token) → diferente, fora deste escopo
124
+
125
+ ## Observabilidade integrada
126
+
127
+ - Counter `invite.created.count{org_id, role}`
128
+ - Counter `invite.accepted.count{org_id, role}`
129
+ - Histogram `invite.accept_latency_ms` (tempo entre create e accept)
130
+ - Alarme se `invite.created.count > bulk_limit_per_hour` por org → suspeita de abuso
131
+
132
+ ## Cooperative handoff to supabase-rls-hardener (v1.23)
133
+
134
+ Após gerar CREATE TABLE org_invites + RPC create_invite/accept_invite + cron expire pending, faça handoff cooperativo para SQL bloco:
135
+
136
+ ```python
137
+ Task(subagent_type="supabase-rls-hardener", prompt=f"""
138
+ <upstream_intent>
139
+ Source agent: invite-flow-implementer
140
+ Original goal: implementar invite flow B2B com token-based para {org_context}
141
+ Constraints: token SHA-256 (raw enviado por email, hash no banco); TTL 7d single-use; state machine 5 estados (pending→accepted|rejected|cancelled|expired); email-lock obrigatório; idempotência via FOR UPDATE em transação
142
+ </upstream_intent>
143
+
144
+ <draft_sql>{generated_invites_sql}</draft_sql>
145
+
146
+ <user_facing_caller>true</user_facing_caller>
147
+ """)
148
+ ```
149
+
150
+ Hardener valida token security (hash apenas no DB), RPC com SECURITY DEFINER em schema private, RLS por org_id. **NUNCA descarte intent upstream silenciosamente**.
151
+
152
+ ## Cooperative handoff column-level (v1.24 — CROSS-15)
153
+
154
+ `org_invites.token_raw` é gerado durante create do invite (raw enviado por email, hash armazenado). Após email enviado, **nenhum role além de service_role** deve poder ler o raw — é segredo de uso único. Aplique handoff cooperativo column-level:
155
+
156
+ ```python
157
+ Task(subagent_type="supabase-column-privileges-writer", prompt=f"""
158
+ <upstream_intent>
159
+ Source agent: invite-flow-implementer
160
+ Original goal: token raw column (org_invites.token_raw) legível APENAS para service_role pós-criação
161
+ Constraints: token_raw é segredo único, enviado por email durante create; hash armazenado para validation em accept; raw NUNCA visível em REST API; member_invited audit event não logga token_raw
162
+ </upstream_intent>
163
+
164
+ <table>schema: public, name: org_invites</table>
165
+
166
+ <sensitive_columns>
167
+ - token_raw (text — segredo, apenas service_role)
168
+ </sensitive_columns>
169
+
170
+ <allowed_roles>
171
+ - service_role: SELECT all (incluindo token_raw usado durante envio de email)
172
+ - authenticated: SELECT (id, org_id, email, role, status, expires_at, created_at, accepted_at) sem token_raw
173
+ - anon: SELECT (status) — minimal, para "this invite is still valid?" check pre-login
174
+ </allowed_roles>
175
+
176
+ <user_facing_caller>true</user_facing_caller>
177
+ """)
178
+ ```
179
+
180
+ **Caveat:** mesmo com column-level, considere também armazenar APENAS o hash do token (não o raw) na tabela. token_raw fica em memory durante envio do email e descartado. Isso é defense-in-depth Camada 9 (não armazenar segredos).
181
+
182
+ ## Ver também
183
+
184
+ - [supabase-rls-hardener](./supabase-rls-hardener.md) — canonical handoff target v1.23
185
+ - [supabase-column-privileges-writer](./supabase-column-privileges-writer.md) — canonical handoff target v1.24 (column-level token raw)
186
+ - [member-invite-flow](../skills/member-invite-flow/SKILL.md) — base de conhecimento
187
+ - [supabase-migration-writer](./supabase-migration-writer.md) — invoked via Task() para SQL
188
+ - [supabase-edge-fn-writer](./supabase-edge-fn-writer.md) — invoked via Task() para Edge Function
189
+ - [audit-log-implementer](./audit-log-implementer.md) — Phase 109, audit_logs consumed
190
+ - [_shared-multi-tenant/glossary.md](../skills/_shared-multi-tenant/glossary.md) — termos `bulk invite`, `email-locked invite`