@luanpdd/kit-mcp 1.33.0 → 1.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (379) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +168 -168
  3. package/gates/agent-no-recursive-dispatch.md +84 -84
  4. package/kit/COMANDOS.md +138 -138
  5. package/kit/COMPATIBILITY.md +70 -70
  6. package/kit/README.md +76 -76
  7. package/kit/agents/advisor-researcher.md +109 -109
  8. package/kit/agents/ai-mutation-tester.md +289 -289
  9. package/kit/agents/assumptions-analyzer.md +110 -110
  10. package/kit/agents/audit-log-implementer.md +314 -314
  11. package/kit/agents/auditor-consistencia-isolamento.md +414 -414
  12. package/kit/agents/b2b-saas-architect.md +157 -157
  13. package/kit/agents/burn-rate-forecaster.md +153 -153
  14. package/kit/agents/cascading-failures-auditor.md +299 -299
  15. package/kit/agents/codebase-mapper.md +769 -769
  16. package/kit/agents/crm-pipeline-implementer.md +257 -257
  17. package/kit/agents/debugger.md +814 -814
  18. package/kit/agents/designer-ui.md +216 -216
  19. package/kit/agents/detector-tenant-quente.md +338 -338
  20. package/kit/agents/evolution-go-integrator.md +201 -201
  21. package/kit/agents/example-reviewer.md +22 -22
  22. package/kit/agents/executor.md +565 -565
  23. package/kit/agents/golden-signals-instrumenter.md +232 -232
  24. package/kit/agents/incident-investigator.md +238 -238
  25. package/kit/agents/integration-checker.md +203 -203
  26. package/kit/agents/invite-flow-implementer.md +190 -190
  27. package/kit/agents/legacy-characterizer.md +369 -369
  28. package/kit/agents/lgpd-compliance-auditor.md +296 -296
  29. package/kit/agents/load-shedding-instrumenter.md +290 -290
  30. package/kit/agents/multi-tenant-isolation-auditor.md +254 -254
  31. package/kit/agents/multi-tenant-rls-writer.md +341 -341
  32. package/kit/agents/nyquist-auditor.md +181 -181
  33. package/kit/agents/observability-coverage-auditor.md +316 -316
  34. package/kit/agents/observability-instrumenter.md +191 -191
  35. package/kit/agents/omm-auditor.md +291 -291
  36. package/kit/agents/org-onboarding-implementer.md +224 -224
  37. package/kit/agents/payload-capture-instrumenter.md +274 -274
  38. package/kit/agents/phase-researcher.md +697 -697
  39. package/kit/agents/plan-checker.md +275 -275
  40. package/kit/agents/planner.md +923 -923
  41. package/kit/agents/postmortem-writer.md +273 -273
  42. package/kit/agents/project-researcher.md +653 -653
  43. package/kit/agents/prr-conductor.md +287 -287
  44. package/kit/agents/refactor-safety-auditor.md +405 -405
  45. package/kit/agents/release-pipeline-auditor.md +364 -364
  46. package/kit/agents/research-synthesizer.md +246 -246
  47. package/kit/agents/roadmapper.md +678 -678
  48. package/kit/agents/schema-checker.md +160 -160
  49. package/kit/agents/seam-finder.md +360 -360
  50. package/kit/agents/shotgun-surgery-detector.md +350 -350
  51. package/kit/agents/slo-engineer.md +217 -217
  52. package/kit/agents/storytelling-analyst.md +300 -300
  53. package/kit/agents/supabase-architect.md +249 -249
  54. package/kit/agents/supabase-auth-bootstrapper.md +400 -400
  55. package/kit/agents/supabase-auth-hook-writer.md +418 -418
  56. package/kit/agents/supabase-branching-architect.md +563 -563
  57. package/kit/agents/supabase-cicd-pipeline-implementer.md +778 -778
  58. package/kit/agents/supabase-column-privileges-writer.md +400 -400
  59. package/kit/agents/supabase-edge-fn-tester.md +288 -288
  60. package/kit/agents/supabase-edge-fn-writer.md +341 -341
  61. package/kit/agents/supabase-mfa-implementer.md +439 -439
  62. package/kit/agents/supabase-migration-writer.md +386 -386
  63. package/kit/agents/supabase-oauth-server-implementer.md +507 -507
  64. package/kit/agents/supabase-rbac-implementer.md +393 -393
  65. package/kit/agents/supabase-realtime-implementer.md +364 -364
  66. package/kit/agents/supabase-rls-hardener.md +522 -522
  67. package/kit/agents/supabase-rls-writer.md +324 -324
  68. package/kit/agents/supabase-roles-implementer.md +356 -356
  69. package/kit/agents/supabase-social-auth-implementer.md +451 -451
  70. package/kit/agents/supabase-sso-saml-architect.md +549 -549
  71. package/kit/agents/supabase-storage-implementer.md +407 -407
  72. package/kit/agents/super-admin-implementer.md +282 -282
  73. package/kit/agents/toil-auditor.md +268 -268
  74. package/kit/agents/ui-auditor.md +438 -438
  75. package/kit/agents/ui-checker.md +305 -305
  76. package/kit/agents/ui-researcher.md +356 -356
  77. package/kit/agents/user-profiler.md +176 -176
  78. package/kit/agents/validador-evolucao-schema.md +336 -336
  79. package/kit/agents/verifier.md +729 -729
  80. package/kit/agents/workflow-generator.md +167 -0
  81. package/kit/commands/adicionar-backlog.md +75 -75
  82. package/kit/commands/adicionar-fase.md +42 -42
  83. package/kit/commands/adicionar-tarefa.md +45 -45
  84. package/kit/commands/adicionar-testes.md +41 -41
  85. package/kit/commands/ajuda.md +21 -21
  86. package/kit/commands/atualizar.md +37 -37
  87. package/kit/commands/auditar-cascading.md +111 -111
  88. package/kit/commands/auditar-marco.md +179 -179
  89. package/kit/commands/auditar-observabilidade-cobertura-workflow.md +121 -0
  90. package/kit/commands/auditar-observabilidade-cobertura.md +183 -183
  91. package/kit/commands/auditar-refactor.md +219 -219
  92. package/kit/commands/auditar-release.md +109 -109
  93. package/kit/commands/auditar-uat.md +23 -23
  94. package/kit/commands/autonomo.md +40 -40
  95. package/kit/commands/branch-pr.md +24 -24
  96. package/kit/commands/burn-rate-status.md +408 -408
  97. package/kit/commands/capturar-payloads.md +193 -193
  98. package/kit/commands/caracterizar.md +212 -212
  99. package/kit/commands/concluir-marco.md +247 -247
  100. package/kit/commands/configuracoes.md +36 -36
  101. package/kit/commands/criar-workflow.md +158 -0
  102. package/kit/commands/dados-distribuidos.md +188 -188
  103. package/kit/commands/definir-perfil.md +10 -10
  104. package/kit/commands/depurar.md +190 -190
  105. package/kit/commands/detectar-duplicacao.md +197 -197
  106. package/kit/commands/discutir-fase.md +131 -131
  107. package/kit/commands/encontrar-seams.md +136 -136
  108. package/kit/commands/entrar-discord.md +17 -17
  109. package/kit/commands/estatisticas.md +18 -18
  110. package/kit/commands/example-greeting.md +33 -33
  111. package/kit/commands/executar-fase.md +58 -58
  112. package/kit/commands/expresso.md +56 -56
  113. package/kit/commands/fase-ui.md +34 -34
  114. package/kit/commands/fazer.md +57 -57
  115. package/kit/commands/fio.md +125 -125
  116. package/kit/commands/fluxos-trabalho.md +64 -64
  117. package/kit/commands/forense.md +176 -176
  118. package/kit/commands/gerenciador.md +38 -38
  119. package/kit/commands/inserir-fase.md +31 -31
  120. package/kit/commands/legacy.md +263 -263
  121. package/kit/commands/limpeza.md +17 -17
  122. package/kit/commands/listar-hipoteses-fase.md +45 -45
  123. package/kit/commands/listar-workspaces.md +18 -18
  124. package/kit/commands/load-shedding.md +117 -117
  125. package/kit/commands/mapear-codebase.md +70 -70
  126. package/kit/commands/multi-tenant.md +163 -163
  127. package/kit/commands/nota.md +33 -33
  128. package/kit/commands/novo-marco.md +43 -43
  129. package/kit/commands/novo-projeto.md +41 -41
  130. package/kit/commands/novo-workspace.md +43 -43
  131. package/kit/commands/pausar-trabalho.md +37 -37
  132. package/kit/commands/perfil-usuario.md +45 -45
  133. package/kit/commands/pesquisar-fase.md +195 -195
  134. package/kit/commands/planejar-fase.md +67 -67
  135. package/kit/commands/planejar-lacunas.md +33 -33
  136. package/kit/commands/plantar-ideia.md +25 -25
  137. package/kit/commands/progresso.md +24 -24
  138. package/kit/commands/proximo.md +30 -30
  139. package/kit/commands/publicar.md +490 -490
  140. package/kit/commands/rapido.md +35 -35
  141. package/kit/commands/reaplicar-patches.md +124 -124
  142. package/kit/commands/refactor-seguro.md +321 -321
  143. package/kit/commands/relatorio-sessao.md +19 -19
  144. package/kit/commands/remover-fase.md +31 -31
  145. package/kit/commands/remover-workspace.md +26 -26
  146. package/kit/commands/resumo-marco.md +50 -50
  147. package/kit/commands/retomar-trabalho.md +40 -40
  148. package/kit/commands/revisar-backlog.md +60 -60
  149. package/kit/commands/revisar-ui.md +32 -32
  150. package/kit/commands/revisar.md +37 -37
  151. package/kit/commands/saude.md +21 -21
  152. package/kit/commands/setup-notion.md +93 -93
  153. package/kit/commands/storytelling.md +179 -179
  154. package/kit/commands/supabase.md +238 -238
  155. package/kit/commands/sync-main.md +68 -68
  156. package/kit/commands/validar-fase.md +35 -35
  157. package/kit/commands/verificar-tarefas.md +44 -44
  158. package/kit/commands/verificar-trabalho.md +64 -64
  159. package/kit/file-manifest.json +424 -419
  160. package/kit/framework/bin/lib/commands.cjs +959 -959
  161. package/kit/framework/bin/lib/config.cjs +442 -442
  162. package/kit/framework/bin/lib/core.cjs +1230 -1230
  163. package/kit/framework/bin/lib/frontmatter.cjs +336 -336
  164. package/kit/framework/bin/lib/init.cjs +1442 -1442
  165. package/kit/framework/bin/lib/milestone.cjs +252 -252
  166. package/kit/framework/bin/lib/model-profiles.cjs +68 -68
  167. package/kit/framework/bin/lib/phase.cjs +888 -888
  168. package/kit/framework/bin/lib/profile-output.cjs +952 -952
  169. package/kit/framework/bin/lib/profile-pipeline.cjs +539 -539
  170. package/kit/framework/bin/lib/roadmap.cjs +329 -329
  171. package/kit/framework/bin/lib/security.cjs +382 -382
  172. package/kit/framework/bin/lib/state.cjs +1031 -1031
  173. package/kit/framework/bin/lib/template.cjs +222 -222
  174. package/kit/framework/bin/lib/uat.cjs +282 -282
  175. package/kit/framework/bin/lib/verify.cjs +888 -888
  176. package/kit/framework/bin/lib/workstream.cjs +491 -491
  177. package/kit/framework/bin/tools.cjs +918 -918
  178. package/kit/framework/commands/workstreams.md +63 -63
  179. package/kit/framework/references/checkpoints.md +778 -778
  180. package/kit/framework/references/continuation-format.md +249 -249
  181. package/kit/framework/references/decimal-phase-calculation.md +64 -64
  182. package/kit/framework/references/git-integration.md +295 -295
  183. package/kit/framework/references/git-planning-commit.md +38 -38
  184. package/kit/framework/references/model-profile-resolution.md +36 -36
  185. package/kit/framework/references/model-profiles.md +139 -139
  186. package/kit/framework/references/phase-argument-parsing.md +61 -61
  187. package/kit/framework/references/planning-config.md +202 -202
  188. package/kit/framework/references/questioning.md +162 -162
  189. package/kit/framework/references/tdd.md +263 -263
  190. package/kit/framework/references/ui-brand.md +160 -160
  191. package/kit/framework/references/user-profiling.md +657 -657
  192. package/kit/framework/references/verification-patterns.md +612 -612
  193. package/kit/framework/references/workstream-flag.md +58 -58
  194. package/kit/framework/templates/DEBUG.md +164 -164
  195. package/kit/framework/templates/UAT.md +265 -265
  196. package/kit/framework/templates/UI-SPEC.md +100 -100
  197. package/kit/framework/templates/VALIDATION.md +76 -76
  198. package/kit/framework/templates/claude-md.md +122 -122
  199. package/kit/framework/templates/codebase/architecture.md +185 -185
  200. package/kit/framework/templates/codebase/concerns.md +205 -205
  201. package/kit/framework/templates/codebase/conventions.md +204 -204
  202. package/kit/framework/templates/codebase/integrations.md +192 -192
  203. package/kit/framework/templates/codebase/stack.md +158 -158
  204. package/kit/framework/templates/codebase/structure.md +199 -199
  205. package/kit/framework/templates/codebase/testing.md +301 -301
  206. package/kit/framework/templates/config.json +44 -44
  207. package/kit/framework/templates/context.md +352 -352
  208. package/kit/framework/templates/continue-here.md +78 -78
  209. package/kit/framework/templates/copilot-instructions.md +7 -7
  210. package/kit/framework/templates/debug-subagent-prompt.md +91 -91
  211. package/kit/framework/templates/dev-preferences.md +20 -20
  212. package/kit/framework/templates/discovery.md +146 -146
  213. package/kit/framework/templates/discussion-log.md +63 -63
  214. package/kit/framework/templates/milestone-archive.md +123 -123
  215. package/kit/framework/templates/milestone.md +115 -115
  216. package/kit/framework/templates/phase-prompt.md +610 -610
  217. package/kit/framework/templates/planner-subagent-prompt.md +117 -117
  218. package/kit/framework/templates/project.md +186 -186
  219. package/kit/framework/templates/requirements.md +231 -231
  220. package/kit/framework/templates/research-project/ARCHITECTURE.md +204 -204
  221. package/kit/framework/templates/research-project/FEATURES.md +147 -147
  222. package/kit/framework/templates/research-project/PITFALLS.md +200 -200
  223. package/kit/framework/templates/research-project/STACK.md +120 -120
  224. package/kit/framework/templates/research-project/SUMMARY.md +170 -170
  225. package/kit/framework/templates/research.md +419 -419
  226. package/kit/framework/templates/retrospective.md +54 -54
  227. package/kit/framework/templates/roadmap.md +202 -202
  228. package/kit/framework/templates/state.md +176 -176
  229. package/kit/framework/templates/summary-complex.md +59 -59
  230. package/kit/framework/templates/summary-minimal.md +41 -41
  231. package/kit/framework/templates/summary-standard.md +48 -48
  232. package/kit/framework/templates/summary.md +209 -209
  233. package/kit/framework/templates/user-profile.md +146 -146
  234. package/kit/framework/templates/user-setup.md +256 -256
  235. package/kit/framework/templates/verification-report.md +258 -258
  236. package/kit/framework/workflows/add-phase.md +112 -112
  237. package/kit/framework/workflows/add-tests.md +351 -351
  238. package/kit/framework/workflows/add-todo.md +158 -158
  239. package/kit/framework/workflows/audit-milestone.md +340 -340
  240. package/kit/framework/workflows/audit-uat.md +109 -109
  241. package/kit/framework/workflows/autonomous.md +891 -891
  242. package/kit/framework/workflows/check-todos.md +177 -177
  243. package/kit/framework/workflows/cleanup.md +152 -152
  244. package/kit/framework/workflows/complete-milestone.md +696 -696
  245. package/kit/framework/workflows/diagnose-issues.md +231 -231
  246. package/kit/framework/workflows/discovery-phase.md +289 -289
  247. package/kit/framework/workflows/discuss-phase-assumptions.md +653 -653
  248. package/kit/framework/workflows/discuss-phase.md +784 -784
  249. package/kit/framework/workflows/do.md +104 -104
  250. package/kit/framework/workflows/execute-phase.md +838 -838
  251. package/kit/framework/workflows/execute-plan.md +510 -510
  252. package/kit/framework/workflows/fast.md +102 -102
  253. package/kit/framework/workflows/forensics.md +265 -265
  254. package/kit/framework/workflows/health.md +181 -181
  255. package/kit/framework/workflows/help.md +619 -619
  256. package/kit/framework/workflows/insert-phase.md +130 -130
  257. package/kit/framework/workflows/list-phase-assumptions.md +178 -178
  258. package/kit/framework/workflows/list-workspaces.md +56 -56
  259. package/kit/framework/workflows/manager.md +362 -362
  260. package/kit/framework/workflows/map-codebase.md +377 -377
  261. package/kit/framework/workflows/milestone-summary.md +223 -223
  262. package/kit/framework/workflows/new-milestone.md +486 -486
  263. package/kit/framework/workflows/new-project.md +1159 -1159
  264. package/kit/framework/workflows/new-workspace.md +237 -237
  265. package/kit/framework/workflows/next.md +97 -97
  266. package/kit/framework/workflows/node-repair.md +92 -92
  267. package/kit/framework/workflows/note.md +156 -156
  268. package/kit/framework/workflows/pause-work.md +176 -176
  269. package/kit/framework/workflows/plan-milestone-gaps.md +273 -273
  270. package/kit/framework/workflows/plan-phase.md +765 -765
  271. package/kit/framework/workflows/plant-seed.md +169 -169
  272. package/kit/framework/workflows/pr-branch.md +129 -129
  273. package/kit/framework/workflows/profile-user.md +450 -450
  274. package/kit/framework/workflows/progress.md +507 -507
  275. package/kit/framework/workflows/quick.md +757 -757
  276. package/kit/framework/workflows/remove-phase.md +155 -155
  277. package/kit/framework/workflows/remove-workspace.md +90 -90
  278. package/kit/framework/workflows/research-phase.md +82 -82
  279. package/kit/framework/workflows/resume-project.md +326 -326
  280. package/kit/framework/workflows/review.md +228 -228
  281. package/kit/framework/workflows/session-report.md +146 -146
  282. package/kit/framework/workflows/settings.md +283 -283
  283. package/kit/framework/workflows/ship.md +228 -228
  284. package/kit/framework/workflows/stats.md +60 -60
  285. package/kit/framework/workflows/transition.md +671 -671
  286. package/kit/framework/workflows/ui-phase.md +302 -302
  287. package/kit/framework/workflows/ui-review.md +165 -165
  288. package/kit/framework/workflows/update.md +323 -323
  289. package/kit/framework/workflows/validate-phase.md +174 -174
  290. package/kit/framework/workflows/verify-phase.md +252 -252
  291. package/kit/framework/workflows/verify-work.md +637 -637
  292. package/kit/hooks/check-update.js +118 -118
  293. package/kit/hooks/context-monitor.js +163 -163
  294. package/kit/hooks/kit-attribution-reminder.cjs +92 -92
  295. package/kit/hooks/kit-router.cjs +137 -137
  296. package/kit/hooks/prompt-guard.js +103 -103
  297. package/kit/hooks/statusline.js +125 -125
  298. package/kit/hooks/workflow-guard.js +101 -101
  299. package/kit/settings.json +45 -45
  300. package/kit/skills/ai-prompt-characterization/SKILL.md +335 -335
  301. package/kit/skills/armadilhas-sistemas-distribuidos/SKILL.md +447 -447
  302. package/kit/skills/audit-log-multi-tenant/SKILL.md +340 -340
  303. package/kit/skills/b2b-saas-architecture/SKILL.md +300 -300
  304. package/kit/skills/consistencia-leitura-replica/SKILL.md +385 -385
  305. package/kit/skills/crm-lead-pipeline-patterns/SKILL.md +343 -343
  306. package/kit/skills/dynamic-workflow-authoring/SKILL.md +223 -0
  307. package/kit/skills/escolha-modelo-consistencia/SKILL.md +494 -494
  308. package/kit/skills/evolucao-schema-compativel/SKILL.md +448 -448
  309. package/kit/skills/evolution-go-whatsapp-integration/SKILL.md +322 -322
  310. package/kit/skills/example-skill/SKILL.md +42 -42
  311. package/kit/skills/legacy-api-only-applications/SKILL.md +358 -358
  312. package/kit/skills/legacy-characterization-tests/SKILL.md +330 -330
  313. package/kit/skills/legacy-effect-analysis/SKILL.md +331 -331
  314. package/kit/skills/legacy-extract-class/SKILL.md +203 -203
  315. package/kit/skills/legacy-programming-by-difference/SKILL.md +252 -252
  316. package/kit/skills/legacy-seams-and-test-harness/SKILL.md +460 -460
  317. package/kit/skills/legacy-shotgun-surgery/SKILL.md +286 -286
  318. package/kit/skills/legacy-sprout-wrap-techniques/SKILL.md +434 -434
  319. package/kit/skills/legacy-storytelling-naked-crc/SKILL.md +270 -270
  320. package/kit/skills/lgpd-multi-tenant-compliance/SKILL.md +340 -340
  321. package/kit/skills/member-invite-flow/SKILL.md +305 -305
  322. package/kit/skills/member-management-react-shadcn/SKILL.md +328 -328
  323. package/kit/skills/multi-tenant-performance-scaling/SKILL.md +316 -316
  324. package/kit/skills/multi-tenant-rls-hierarchy/SKILL.md +342 -342
  325. package/kit/skills/org-onboarding-flow/SKILL.md +257 -257
  326. package/kit/skills/org-switcher-react-pattern/SKILL.md +349 -349
  327. package/kit/skills/permission-gate-react-pattern/SKILL.md +271 -271
  328. package/kit/skills/postgres-isolamento-concorrencia/SKILL.md +552 -552
  329. package/kit/skills/pre-refactor-characterization/SKILL.md +421 -421
  330. package/kit/skills/rbac-permissions-matrix-supabase/SKILL.md +338 -338
  331. package/kit/skills/streams-eventos-cdc/SKILL.md +711 -711
  332. package/kit/skills/supabase-auth-hardening/SKILL.md +674 -674
  333. package/kit/skills/supabase-auth-hooks/SKILL.md +875 -875
  334. package/kit/skills/supabase-auth-methods/SKILL.md +486 -486
  335. package/kit/skills/supabase-auth-sessions/SKILL.md +579 -579
  336. package/kit/skills/supabase-auth-ssr/SKILL.md +306 -306
  337. package/kit/skills/supabase-branching-workflow/SKILL.md +544 -544
  338. package/kit/skills/supabase-ci-cd-github-actions/SKILL.md +880 -880
  339. package/kit/skills/supabase-column-level-security/SKILL.md +426 -426
  340. package/kit/skills/supabase-config-toml-remotes/SKILL.md +807 -807
  341. package/kit/skills/supabase-custom-claims-rbac/SKILL.md +472 -472
  342. package/kit/skills/supabase-edge-functions/SKILL.md +330 -330
  343. package/kit/skills/supabase-edge-functions-auth/SKILL.md +309 -309
  344. package/kit/skills/supabase-edge-functions-limits/SKILL.md +302 -302
  345. package/kit/skills/supabase-edge-functions-mcp-server/SKILL.md +279 -279
  346. package/kit/skills/supabase-edge-functions-testing/SKILL.md +277 -277
  347. package/kit/skills/supabase-edge-runtime-builtins/SKILL.md +357 -357
  348. package/kit/skills/supabase-enterprise-sso-saml/SKILL.md +545 -545
  349. package/kit/skills/supabase-jwt-signing-keys/SKILL.md +399 -399
  350. package/kit/skills/supabase-mfa/SKILL.md +488 -488
  351. package/kit/skills/supabase-migration-repair/SKILL.md +823 -823
  352. package/kit/skills/supabase-migrations/SKILL.md +297 -297
  353. package/kit/skills/supabase-oauth-server/SKILL.md +537 -537
  354. package/kit/skills/supabase-pgtap-testing/SKILL.md +1053 -1053
  355. package/kit/skills/supabase-postgres-roles/SKILL.md +392 -392
  356. package/kit/skills/supabase-realtime/SKILL.md +460 -460
  357. package/kit/skills/supabase-rls-defense-in-depth/SKILL.md +418 -418
  358. package/kit/skills/supabase-rls-policies/SKILL.md +635 -635
  359. package/kit/skills/supabase-social-oauth/SKILL.md +480 -480
  360. package/kit/skills/supabase-third-party-auth/SKILL.md +450 -450
  361. package/kit/skills/super-admin-platform-pattern/SKILL.md +326 -326
  362. package/kit/skills/tenant-quente-mitigacao/SKILL.md +605 -605
  363. package/kit/skills/ui-anti-padroes-ia/SKILL.md +261 -261
  364. package/kit/skills/ui-contexto-produto/SKILL.md +248 -248
  365. package/kit/skills/ui-cor-estrategia/SKILL.md +213 -213
  366. package/kit/skills/ui-critica-auditoria/SKILL.md +260 -260
  367. package/kit/skills/ui-motion-funcional/SKILL.md +264 -264
  368. package/kit/skills/ui-ritmo-espacial/SKILL.md +259 -259
  369. package/kit/skills/ui-tipografia/SKILL.md +211 -211
  370. package/kit/skills/whatsapp-conversation-state-machine/SKILL.md +287 -287
  371. package/kit/workflows/auditar-observabilidade-cobertura.workflow.js +250 -0
  372. package/package.json +65 -63
  373. package/src/core/kit.js +333 -216
  374. package/src/core/reflect.js +247 -247
  375. package/src/core/registry.js +123 -112
  376. package/src/core/reverse-sync.js +448 -372
  377. package/src/core/sync.js +477 -437
  378. package/src/core/watch.js +121 -121
  379. package/src/mcp-server/index.js +794 -794
package/kit/agents/detector-tenant-quente.md CHANGED
@@ -1,338 +1,338 @@
1
- ---
2
- name: detector-tenant-quente
3
- tier: specialized
4
- description: Consulta logs Supabase via mcp__supabase__execute_sql para queries dos últimos 30d, agrupa por org_id, identifica outliers (>3x P50 = WARN, >10x P50 = CRITICAL); produz AUDITORIA-TENANT-QUENTE.md…
5
- tools: Read, Grep, Bash, Write, mcp__supabase__execute_sql, mcp__supabase__list_tables
6
- color: yellow
7
- ---
8
-
9
- Você é o **detector-tenant-quente** — agent da Suíte DDIA Foundations v1.22. Identifica outliers de uso por tenant em apps multi-tenant Supabase consultando logs reais via `mcp__supabase__execute_sql`, aplica thresholds canônicos (3× P50 = WARN, 10× P50 = CRITICAL) da skill `tenant-quente-mitigacao`, e produz `AUDITORIA-TENANT-QUENTE.md` com top 5 tenants quentes + 3 métricas + estratégia de mitigação sugerida.
10
-
11
- **Compat:** Full em Claude Code + Cursor (com Supabase MCP). Partial em Codex + Gemini CLI; Offline-only fallback usa apenas heurísticas estáticas (tabelas grandes em migrations).
12
-
13
- ## Por que existe
14
-
15
- Em apps multi-tenant compartilhados (single-schema + `org_id`), 1 tenant pode gerar 80% das queries — distribuição power-law canônica. Sem detection ativa, isso causa:
16
-
17
- 1. **Cost overrun silencioso** — Supabase Compute escala com query load, 1 tenant quente eleva custo de todos
18
- 2. **Noisy neighbor degradation** — outros tenants veem latência maior nos mesmos shared resources
19
- 3. **Failure mode ampliado** — quando tenant quente sofre incident, recovery é mais lento
20
-
21
- DDIA Ch 6 (Partitioning) cataloga "skewed workloads" como problema canônico. Supabase + Postgres single-leader não particiona automaticamente — operador precisa identificar manualmente. Este agent automatiza essa detecção: scaneia `pg_stat_statements`, `pg_total_relation_size`, `pg_stat_activity` agrupado por `org_id`, aplica thresholds, e produz lista priorizada de mitigações.
22
-
23
- Phase 122 (AGENTE-03..04) introduz este agent à Suíte DDIA Foundations v1.22. Pattern v1.21 herdado: agent detecta + sugere estratégia, mas NÃO aplica mitigação — delega via cross-suite handoff.
24
-
25
- ## Inputs esperados (do caller)
26
-
27
- - (Opcional) `project_id`: identificador Supabase MCP — se ausente, modo offline-fallback
28
- - (Opcional) `output_path`: default `.planning/AUDITORIA-TENANT-QUENTE.md`
29
- - (Opcional) `time_window`: janela de logs a analisar (default: `30 days`)
30
- - (Opcional) `top_n`: quantos tenants quentes incluir no relatório (default: `5`)
31
-
32
- ## Passos
33
-
34
- ### Step 0 — Preflight
35
-
36
- Detectar capabilities MCP. Se `mcp__supabase__execute_sql` falhar:
37
-
38
- ```text
39
- [MODO OFFLINE] Sem MCP Supabase — análise será baseada apenas em heurísticas estáticas (tabelas com org_id em supabase/migrations/, contagem de FKs, índices ausentes). Cobertura limitada — recomendado rodar com MCP em production.
40
- ```
41
-
42
- Caso contrário, validar que `pg_stat_statements` está habilitado:
43
-
44
- ```sql
45
- select exists (
46
- select 1 from pg_extension where extname = 'pg_stat_statements'
47
- ) as has_pg_stat_statements;
48
- ```
49
-
50
- Se NÃO habilitado: emitir aviso com remediation (`create extension pg_stat_statements; -- requer superuser`) e prosseguir apenas com Métricas 2 e 3 (storage + connections).
51
-
52
- ### Step 1 — Detectar tabelas tenant-aware
53
-
54
- ```sql
55
- -- Tabelas que têm coluna org_id (escopo de análise)
56
- select c.relname as table_name
57
- from pg_class c
58
- join pg_attribute a on a.attrelid = c.oid
59
- where a.attname = 'org_id'
60
- and c.relkind = 'r'
61
- and c.relnamespace::regnamespace::text = 'public'
62
- order by c.relname;
63
- ```
64
-
65
- Salvar lista `$TENANT_TABLES` para uso nos próximos steps.
66
-
67
- ### Step 2 — Métrica 1: queries/min agrupado por tenant
68
-
69
- **Como extrair `tenant_id` de queries:** Supabase oferece 3 estratégias canônicas (skill `tenant-quente-mitigacao` documenta):
70
-
71
- 1. **`application_name`** — RPC define `set application_name = 'tenant:<org_id>'` no início. Persiste na connection.
72
- 2. **Parâmetro de query** — `org_id` aparece em `WHERE org_id = $1` no SQL.
73
- 3. **Comment-based** — RPC adiciona `-- tenant_id=<org_id>` no SQL antes de executar.
74
-
75
- Estratégia preferida (mais robusta): combinar 1 + 2 (extrair de `application_name` quando presente, fallback para regex em `query`).
76
-
77
- ```sql
78
- -- Top tenants por queries/min últimos 30d
79
- with parsed as (
80
- select
81
- -- Extração de tenant_id via regex em query OU application_name
82
- coalesce(
83
- substring(query from 'org_id\s*=\s*''?([0-9a-f-]+)'''),
84
- substring(query from '-- tenant_id=([0-9a-f-]+)')
85
- ) as tenant_id,
86
- calls,
87
- total_exec_time
88
- from pg_stat_statements
89
- where query is not null
90
- )
91
- select
92
- tenant_id,
93
- sum(calls) as total_calls,
94
- round(sum(calls)::numeric / (30 * 24 * 60), 2) as queries_per_min,
95
- round(sum(total_exec_time)::numeric, 2) as total_exec_time_ms
96
- from parsed
97
- where tenant_id is not null
98
- group by tenant_id
99
- order by total_calls desc
100
- limit 50;
101
- ```
102
-
103
- **Edge case:** se `tenant_id` não pode ser extraído (queries puramente RPC sem param visible), fallback para `application_name`:
104
-
105
- ```sql
106
- select
107
- substring(application_name from 'tenant:([0-9a-f-]+)') as tenant_id,
108
- count(*) as connections_active,
109
- sum(EXTRACT(EPOCH FROM (now() - state_change))) as total_seconds
110
- from pg_stat_activity
111
- where application_name like 'tenant:%'
112
- group by tenant_id
113
- order by connections_active desc;
114
- ```
115
-
116
- ### Step 3 — Métrica 2: storage GB por tenant
117
-
118
- ```sql
119
- -- Storage agregado por tenant nas tabelas tenant-aware
120
- -- (assume FK para organizations.id; ajuste conforme schema do projeto)
121
- with table_sizes as (
122
- select
123
- schemaname || '.' || tablename as full_name,
124
- tablename,
125
- pg_total_relation_size(schemaname || '.' || tablename) as bytes
126
- from pg_tables
127
- where schemaname = 'public'
128
- and tablename in (<TENANT_TABLES>)
129
- )
130
- select
131
- '<estimativa>' as note,
132
- pg_size_pretty(sum(bytes)) as total_size,
133
- round(sum(bytes)::numeric / 1024 / 1024 / 1024, 2) as total_gb
134
- from table_sizes;
135
-
136
- -- Para storage por tenant individual (precisa de query agregada por org_id):
137
- -- exemplo para tabela leads:
138
- select
139
- org_id,
140
- count(*) as row_count,
141
- pg_size_pretty(pg_column_size(leads.*)::bigint * count(*)) as estimated_size
142
- from public.leads
143
- group by org_id
144
- order by count(*) desc
145
- limit 50;
146
- ```
147
-
148
- **Caveat:** `pg_total_relation_size` é por tabela, não por tenant. Para storage por tenant, agregar `count(*) * avg_row_size` por `org_id` em cada tabela tenant-aware.
149
-
150
- ### Step 4 — Métrica 3: conexões ativas por tenant
151
-
152
- ```sql
153
- -- Conexões ativas agrupadas por tenant (via application_name canônico)
154
- select
155
- substring(application_name from 'tenant:([0-9a-f-]+)') as tenant_id,
156
- count(*) as active_connections,
157
- count(*) filter (where state = 'active') as in_query,
158
- count(*) filter (where state = 'idle in transaction') as idle_in_xact,
159
- max(EXTRACT(EPOCH FROM (now() - state_change))) as max_session_age_sec
160
- from pg_stat_activity
161
- where application_name like 'tenant:%'
162
- and pid <> pg_backend_pid()
163
- group by tenant_id
164
- order by active_connections desc
165
- limit 20;
166
- ```
167
-
168
- **Caveat:** se app não usa `application_name` canônico, esta métrica retorna vazio. Documentar isso no output (recomendar adoção via skill `tenant-quente-mitigacao`).
169
-
170
- ### Step 5 — Calcular thresholds (P50, WARN 3×, CRITICAL 10×)
171
-
172
- Para cada métrica (queries/min, storage GB, conexões), computar:
173
-
174
- ```sql
175
- -- Exemplo para queries/min — substituir pela métrica relevante
176
- with tenant_metrics as (
177
- select tenant_id, queries_per_min from <step_2_result>
178
- )
179
- select
180
- percentile_cont(0.50) within group (order by queries_per_min) as p50,
181
- percentile_cont(0.95) within group (order by queries_per_min) as p95,
182
- percentile_cont(0.99) within group (order by queries_per_min) as p99,
183
- max(queries_per_min) as max_value
184
- from tenant_metrics;
185
- ```
186
-
187
- Aplicar thresholds canônicos da skill `tenant-quente-mitigacao`:
188
-
189
- | Threshold | Critério | Severidade |
190
- |---|---|---|
191
- | `value > 10 × P50` | Tenant quente CRITICAL — risco imediato de cost overrun + noisy neighbor | **CRITICAL** |
192
- | `3 × P50 < value ≤ 10 × P50` | Tenant quente WARN — monitorar, planejar mitigação | **WARN** |
193
- | `value ≤ 3 × P50` | Distribuição saudável | **OK** |
194
-
195
- ### Step 6 — Selecionar top N tenants quentes
196
-
197
- Combinar as 3 métricas em um score normalizado (z-score por métrica + soma):
198
-
199
- ```text
200
- score(tenant) = z_queries(tenant) + z_storage(tenant) + z_connections(tenant)
201
- ```
202
-
203
- Selecionar top N (default 5) por score descendente. Para cada um, anexar:
204
-
205
- - Threshold cruzado por métrica (CRITICAL / WARN / OK)
206
- - Estratégia de mitigação sugerida da skill `tenant-quente-mitigacao` (link ATIVO)
207
-
208
- ### Step 7 — Mapear estratégias canônicas
209
-
210
- A skill `tenant-quente-mitigacao` documenta 5 estratégias canônicas. Map:
211
-
212
- | Sintoma dominante | Estratégia sugerida (skill) |
213
- |---|---|
214
- | Queries/min CRITICAL | **Read replica routing por tenant** — direcionar leituras de tenants quentes para Supavisor read replica (porta 6543) |
215
- | Storage GB CRITICAL | **Tenant isolation via dedicated DB ou schema separado** — promover tenant para Pro tier dedicated |
216
- | Conexões CRITICAL | **Connection pooling per-tenant via PgBouncer/Supavisor** — limitar `max_connections_per_tenant` |
217
- | Múltiplas métricas WARN | **Partitioning por hash(org_id)** — declarative partitioning Postgres 15+ |
218
- | Skew estrutural (tenant 100× P50) | **Migration para dedicated infrastructure** — escalar para multi-region OU promover tenant |
219
-
220
- ### Step 8 — Escrever `AUDITORIA-TENANT-QUENTE.md`
221
-
222
- ````markdown
223
- # Auditoria de Tenant Quente — <projeto> — <data>
224
-
225
- > Gerado por `detector-tenant-quente` (Suíte DDIA Foundations v1.22)
226
- > Janela: últimos <time_window> dias · Modo: <live (MCP) | offline>
227
-
228
- ## Sumário
229
-
230
- - Tenants ativos: <N>
231
- - P50 queries/min: <value>
232
- - P95 queries/min: <value>
233
- - P99 queries/min: <value>
234
- - Tenants CRITICAL (>10× P50): <count>
235
- - Tenants WARN (3-10× P50): <count>
236
-
237
- ## Top 5 Tenants Quentes
238
-
239
- ### 1. tenant `<org_id>` — score <z_score>
240
-
241
- | Métrica | Valor | P50 | × P50 | Threshold |
242
- |---|---|---|---|---|
243
- | Queries/min | <value> | <p50> | <ratio> | CRITICAL / WARN / OK |
244
- | Storage GB | <value> | <p50> | <ratio> | CRITICAL / WARN / OK |
245
- | Conexões ativas | <value> | <p50> | <ratio> | CRITICAL / WARN / OK |
246
-
247
- **Estratégia sugerida:** <estratégia da skill tenant-quente-mitigacao>
248
-
249
- **Cross-suite handoff:** Para implementar mitigação, invocar [`supabase-migration-writer`](../kit/agents/supabase-migration-writer.md) (v1.8) para schema/partition changes OU [`supabase-edge-fn-writer`](../kit/agents/supabase-edge-fn-writer.md) (v1.8) para read replica routing logic. Ver skill [`tenant-quente-mitigacao`](../kit/skills/tenant-quente-mitigacao/SKILL.md) para detalhes da estratégia.
250
-
251
- ### 2. tenant `<org_id>` — score <z_score>
252
-
253
- [... similar ...]
254
-
255
- ## Distribuição global
256
-
257
- | Percentil | Queries/min | Storage GB | Conexões |
258
- |---|---|---|---|
259
- | P50 | <v> | <v> | <v> |
260
- | P95 | <v> | <v> | <v> |
261
- | P99 | <v> | <v> | <v> |
262
- | Max | <v> | <v> | <v> |
263
-
264
- ## Recomendações
265
-
266
- - **CRITICAL tenants:** mitigação imediata (≤ 7 dias) — risco de cost overrun + noisy neighbor degradation
267
- - **WARN tenants:** monitorar trend; mitigação em ≤ 30 dias se trend ascendente
268
- - **Re-audit em 30 dias** para medir progresso pós-mitigação
269
-
270
- ## Próximos passos
271
-
272
- 1. Para cada CRITICAL tenant, escolher estratégia da skill [`tenant-quente-mitigacao`](../kit/skills/tenant-quente-mitigacao/SKILL.md)
273
- 2. Invocar agent destino do cross-suite handoff (ver tabela acima)
274
- 3. Re-auditar após mitigação para confirmar tenant saiu da banda CRITICAL
275
- ````
276
-
277
- ### Step 9 — Imprimir resumo curto para caller
278
-
279
- ```text
280
- ═══════════════════════════════════════════════════════════
281
- DETECTOR-TENANT-QUENTE · <project>
282
- janela: <time_window> · modo: <live | offline>
283
- ═══════════════════════════════════════════════════════════
284
-
285
- CRITICAL: <count> tenants (>10× P50)
286
- WARN: <count> tenants (3-10× P50)
287
- OK: <count> tenants (≤ 3× P50)
288
-
289
- ## Top 3 CRITICAL
290
- 1. tenant <org_id> — <métrica dominante> <ratio>× P50 — estratégia: <name>
291
- 2. ...
292
- 3. ...
293
-
294
- ## Output
295
- `<OUTPUT_PATH>`
296
- ```
297
-
298
- ## Cross-suite invocation pattern (v1.21 herdado)
299
-
300
- | Mitigação sugerida | Agent destino | Suíte |
301
- |---|---|---|
302
- | Partitioning por hash(org_id) (declarative) | [`supabase-migration-writer`](./supabase-migration-writer.md) | Supabase v1.8 |
303
- | Read replica routing por tenant (Supavisor) | [`supabase-edge-fn-writer`](./supabase-edge-fn-writer.md) | Supabase v1.8 |
304
- | Tenant isolation via schema separado | [`b2b-saas-architect`](./b2b-saas-architect.md) | Multi-Tenant v1.21 |
305
- | Connection pooling per-tenant | [`supabase-edge-fn-writer`](./supabase-edge-fn-writer.md) | Supabase v1.8 |
306
-
307
- **Pattern:** este agent identifica + sugere estratégia, NÃO implementa. Caller invoca agent destino com prompt contendo a mitigação escolhida da skill `tenant-quente-mitigacao`.
308
-
309
- ## Anti-patterns prevenidos (na produção do consumer)
310
-
311
- - Tenant quente CRITICAL silencioso até cost overrun visível na fatura mensal
312
- - Noisy neighbor degradation (P99 latência sobe para todos)
313
- - Failure mode ampliado (recovery lento quando tenant quente sofre incident)
314
- - Migração para dedicated infrastructure tardia (custo de migration cresce com volume)
315
- - Connection pool exhaustion por tenant runaway (sem limit per-tenant)
316
-
317
- ## Quando NÃO invocar
318
-
319
- - App single-tenant (1 org fixa) — escopo errado
320
- - App com < 10 tenants — distribuição power-law não emerge, P50 instável
321
- - App recém-lançado (< 30 dias produção) — janela insuficiente para sample
322
- - Já rodou audit há < 14 dias sem mudanças significativas em uso
323
-
324
- ## Observabilidade integrada
325
-
326
- - Counter `audit.tenant_hot.findings{severity=CRITICAL|WARN|OK,metric=queries|storage|connections}` por execução
327
- - Histogram `audit.tenant_hot.duration_ms` (latência total da auditoria)
328
- - Gauge `audit.tenant_hot.skew_ratio{tenant_id}` (ratio do top tenant vs P50) — para alertar trend
329
-
330
- ## Ver também
331
-
332
- - [`tenant-quente-mitigacao`](../skills/tenant-quente-mitigacao/SKILL.md) (v1.22) — base de conhecimento (5 estratégias + thresholds 3×/10× P50)
333
- - [`multi-tenant-performance-scaling`](../skills/multi-tenant-performance-scaling/SKILL.md) (v1.21) — Supavisor transaction mode + partial indexes
334
- - [`b2b-saas-architecture`](../skills/b2b-saas-architecture/SKILL.md) (v1.21) — single schema + org_id como default; quando promover para schema separado
335
- - [`supabase-migration-writer`](./supabase-migration-writer.md) (v1.8) — destino do cross-suite handoff (partitioning, dedicated schema)
336
- - [`supabase-edge-fn-writer`](./supabase-edge-fn-writer.md) (v1.8) — destino do cross-suite handoff (read replica routing logic)
337
- - [`b2b-saas-architect`](./b2b-saas-architect.md) (v1.21) — destino do cross-suite handoff (tenant isolation via schema separado)
338
- - [`multi-tenant-isolation-auditor`](./multi-tenant-isolation-auditor.md) (v1.21) — agent irmão que audita gaps de RLS (complementar — RLS é defesa em depth, este agent foca em performance + cost)
1
+ ---
2
+ name: detector-tenant-quente
3
+ tier: specialized
4
+ description: Consulta logs Supabase via mcp__supabase__execute_sql para queries dos últimos 30d, agrupa por org_id, identifica outliers (>3x P50 = WARN, >10x P50 = CRITICAL); produz AUDITORIA-TENANT-QUENTE.md…
5
+ tools: Read, Grep, Bash, Write, mcp__supabase__execute_sql, mcp__supabase__list_tables
6
+ color: yellow
7
+ ---
8
+
9
+ Você é o **detector-tenant-quente** — agent da Suíte DDIA Foundations v1.22. Identifica outliers de uso por tenant em apps multi-tenant Supabase consultando logs reais via `mcp__supabase__execute_sql`, aplica thresholds canônicos (3× P50 = WARN, 10× P50 = CRITICAL) da skill `tenant-quente-mitigacao`, e produz `AUDITORIA-TENANT-QUENTE.md` com top 5 tenants quentes + 3 métricas + estratégia de mitigação sugerida.
10
+
11
+ **Compat:** Full em Claude Code + Cursor (com Supabase MCP). Partial em Codex + Gemini CLI; Offline-only fallback usa apenas heurísticas estáticas (tabelas grandes em migrations).
12
+
13
+ ## Por que existe
14
+
15
+ Em apps multi-tenant compartilhados (single-schema + `org_id`), 1 tenant pode gerar 80% das queries — distribuição power-law canônica. Sem detection ativa, isso causa:
16
+
17
+ 1. **Cost overrun silencioso** — Supabase Compute escala com query load, 1 tenant quente eleva custo de todos
18
+ 2. **Noisy neighbor degradation** — outros tenants veem latência maior nos mesmos shared resources
19
+ 3. **Failure mode ampliado** — quando tenant quente sofre incident, recovery é mais lento
20
+
21
+ DDIA Ch 6 (Partitioning) cataloga "skewed workloads" como problema canônico. Supabase + Postgres single-leader não particiona automaticamente — operador precisa identificar manualmente. Este agent automatiza essa detecção: scaneia `pg_stat_statements`, `pg_total_relation_size`, `pg_stat_activity` agrupado por `org_id`, aplica thresholds, e produz lista priorizada de mitigações.
22
+
23
+ Phase 122 (AGENTE-03..04) introduz este agent à Suíte DDIA Foundations v1.22. Pattern v1.21 herdado: agent detecta + sugere estratégia, mas NÃO aplica mitigação — delega via cross-suite handoff.
24
+
25
+ ## Inputs esperados (do caller)
26
+
27
+ - (Opcional) `project_id`: identificador Supabase MCP — se ausente, modo offline-fallback
28
+ - (Opcional) `output_path`: default `.planning/AUDITORIA-TENANT-QUENTE.md`
29
+ - (Opcional) `time_window`: janela de logs a analisar (default: `30 days`)
30
+ - (Opcional) `top_n`: quantos tenants quentes incluir no relatório (default: `5`)
31
+
32
+ ## Passos
33
+
34
+ ### Step 0 — Preflight
35
+
36
+ Detectar capabilities MCP. Se `mcp__supabase__execute_sql` falhar:
37
+
38
+ ```text
39
+ [MODO OFFLINE] Sem MCP Supabase — análise será baseada apenas em heurísticas estáticas (tabelas com org_id em supabase/migrations/, contagem de FKs, índices ausentes). Cobertura limitada — recomendado rodar com MCP em production.
40
+ ```
41
+
42
+ Caso contrário, validar que `pg_stat_statements` está habilitado:
43
+
44
+ ```sql
45
+ select exists (
46
+ select 1 from pg_extension where extname = 'pg_stat_statements'
47
+ ) as has_pg_stat_statements;
48
+ ```
49
+
50
+ Se NÃO habilitado: emitir aviso com remediation (`create extension pg_stat_statements; -- requer superuser`) e prosseguir apenas com Métricas 2 e 3 (storage + connections).
51
+
52
+ ### Step 1 — Detectar tabelas tenant-aware
53
+
54
+ ```sql
55
+ -- Tabelas que têm coluna org_id (escopo de análise)
56
+ select c.relname as table_name
57
+ from pg_class c
58
+ join pg_attribute a on a.attrelid = c.oid
59
+ where a.attname = 'org_id'
60
+ and c.relkind = 'r'
61
+ and c.relnamespace::regnamespace::text = 'public'
62
+ order by c.relname;
63
+ ```
64
+
65
+ Salvar lista `$TENANT_TABLES` para uso nos próximos steps.
66
+
67
+ ### Step 2 — Métrica 1: queries/min agrupado por tenant
68
+
69
+ **Como extrair `tenant_id` de queries:** Supabase oferece 3 estratégias canônicas (skill `tenant-quente-mitigacao` documenta):
70
+
71
+ 1. **`application_name`** — RPC define `set application_name = 'tenant:<org_id>'` no início. Persiste na connection.
72
+ 2. **Parâmetro de query** — `org_id` aparece em `WHERE org_id = $1` no SQL.
73
+ 3. **Comment-based** — RPC adiciona `-- tenant_id=<org_id>` no SQL antes de executar.
74
+
75
+ Estratégia preferida (mais robusta): combinar 1 + 2 (extrair de `application_name` quando presente, fallback para regex em `query`).
76
+
77
+ ```sql
78
+ -- Top tenants por queries/min últimos 30d
79
+ with parsed as (
80
+ select
81
+ -- Extração de tenant_id via regex em query OU application_name
82
+ coalesce(
83
+ substring(query from 'org_id\s*=\s*''?([0-9a-f-]+)'''),
84
+ substring(query from '-- tenant_id=([0-9a-f-]+)')
85
+ ) as tenant_id,
86
+ calls,
87
+ total_exec_time
88
+ from pg_stat_statements
89
+ where query is not null
90
+ )
91
+ select
92
+ tenant_id,
93
+ sum(calls) as total_calls,
94
+ round(sum(calls)::numeric / (30 * 24 * 60), 2) as queries_per_min,
95
+ round(sum(total_exec_time)::numeric, 2) as total_exec_time_ms
96
+ from parsed
97
+ where tenant_id is not null
98
+ group by tenant_id
99
+ order by total_calls desc
100
+ limit 50;
101
+ ```
102
+
103
+ **Edge case:** se `tenant_id` não pode ser extraído (queries puramente RPC sem param visible), fallback para `application_name`:
104
+
105
+ ```sql
106
+ select
107
+ substring(application_name from 'tenant:([0-9a-f-]+)') as tenant_id,
108
+ count(*) as connections_active,
109
+ sum(EXTRACT(EPOCH FROM (now() - state_change))) as total_seconds
110
+ from pg_stat_activity
111
+ where application_name like 'tenant:%'
112
+ group by tenant_id
113
+ order by connections_active desc;
114
+ ```
115
+
116
+ ### Step 3 — Métrica 2: storage GB por tenant
117
+
118
+ ```sql
119
+ -- Storage agregado por tenant nas tabelas tenant-aware
120
+ -- (assume FK para organizations.id; ajuste conforme schema do projeto)
121
+ with table_sizes as (
122
+ select
123
+ schemaname || '.' || tablename as full_name,
124
+ tablename,
125
+ pg_total_relation_size(schemaname || '.' || tablename) as bytes
126
+ from pg_tables
127
+ where schemaname = 'public'
128
+ and tablename in (<TENANT_TABLES>)
129
+ )
130
+ select
131
+ '<estimativa>' as note,
132
+ pg_size_pretty(sum(bytes)) as total_size,
133
+ round(sum(bytes)::numeric / 1024 / 1024 / 1024, 2) as total_gb
134
+ from table_sizes;
135
+
136
+ -- Para storage por tenant individual (precisa de query agregada por org_id):
137
+ -- exemplo para tabela leads:
138
+ select
139
+ org_id,
140
+ count(*) as row_count,
141
+ pg_size_pretty(pg_column_size(leads.*)::bigint * count(*)) as estimated_size
142
+ from public.leads
143
+ group by org_id
144
+ order by count(*) desc
145
+ limit 50;
146
+ ```
147
+
148
+ **Caveat:** `pg_total_relation_size` é por tabela, não por tenant. Para storage por tenant, agregar `count(*) * avg_row_size` por `org_id` em cada tabela tenant-aware.
149
+
150
+ ### Step 4 — Métrica 3: conexões ativas por tenant
151
+
152
+ ```sql
153
+ -- Conexões ativas agrupadas por tenant (via application_name canônico)
154
+ select
155
+ substring(application_name from 'tenant:([0-9a-f-]+)') as tenant_id,
156
+ count(*) as active_connections,
157
+ count(*) filter (where state = 'active') as in_query,
158
+ count(*) filter (where state = 'idle in transaction') as idle_in_xact,
159
+ max(EXTRACT(EPOCH FROM (now() - state_change))) as max_session_age_sec
160
+ from pg_stat_activity
161
+ where application_name like 'tenant:%'
162
+ and pid <> pg_backend_pid()
163
+ group by tenant_id
164
+ order by active_connections desc
165
+ limit 20;
166
+ ```
167
+
168
+ **Caveat:** se app não usa `application_name` canônico, esta métrica retorna vazio. Documentar isso no output (recomendar adoção via skill `tenant-quente-mitigacao`).
169
+
170
+ ### Step 5 — Calcular thresholds (P50, WARN 3×, CRITICAL 10×)
171
+
172
+ Para cada métrica (queries/min, storage GB, conexões), computar:
173
+
174
+ ```sql
175
+ -- Exemplo para queries/min — substituir pela métrica relevante
176
+ with tenant_metrics as (
177
+ select tenant_id, queries_per_min from <step_2_result>
178
+ )
179
+ select
180
+ percentile_cont(0.50) within group (order by queries_per_min) as p50,
181
+ percentile_cont(0.95) within group (order by queries_per_min) as p95,
182
+ percentile_cont(0.99) within group (order by queries_per_min) as p99,
183
+ max(queries_per_min) as max_value
184
+ from tenant_metrics;
185
+ ```
186
+
187
+ Aplicar thresholds canônicos da skill `tenant-quente-mitigacao`:
188
+
189
+ | Threshold | Critério | Severidade |
190
+ |---|---|---|
191
+ | `value > 10 × P50` | Tenant quente CRITICAL — risco imediato de cost overrun + noisy neighbor | **CRITICAL** |
192
+ | `3 × P50 < value ≤ 10 × P50` | Tenant quente WARN — monitorar, planejar mitigação | **WARN** |
193
+ | `value ≤ 3 × P50` | Distribuição saudável | **OK** |
194
+
195
+ ### Step 6 — Selecionar top N tenants quentes
196
+
197
+ Combinar as 3 métricas em um score normalizado (z-score por métrica + soma):
198
+
199
+ ```text
200
+ score(tenant) = z_queries(tenant) + z_storage(tenant) + z_connections(tenant)
201
+ ```
202
+
203
+ Selecionar top N (default 5) por score descendente. Para cada um, anexar:
204
+
205
+ - Threshold cruzado por métrica (CRITICAL / WARN / OK)
206
+ - Estratégia de mitigação sugerida da skill `tenant-quente-mitigacao` (link ATIVO)
207
+
208
+ ### Step 7 — Mapear estratégias canônicas
209
+
210
+ A skill `tenant-quente-mitigacao` documenta 5 estratégias canônicas. Map:
211
+
212
+ | Sintoma dominante | Estratégia sugerida (skill) |
213
+ |---|---|
214
+ | Queries/min CRITICAL | **Read replica routing por tenant** — direcionar leituras de tenants quentes para Supavisor read replica (porta 6543) |
215
+ | Storage GB CRITICAL | **Tenant isolation via dedicated DB ou schema separado** — promover tenant para Pro tier dedicated |
216
+ | Conexões CRITICAL | **Connection pooling per-tenant via PgBouncer/Supavisor** — limitar `max_connections_per_tenant` |
217
+ | Múltiplas métricas WARN | **Partitioning por hash(org_id)** — declarative partitioning Postgres 15+ |
218
+ | Skew estrutural (tenant 100× P50) | **Migration para dedicated infrastructure** — escalar para multi-region OU promover tenant |
219
+
220
+ ### Step 8 — Escrever `AUDITORIA-TENANT-QUENTE.md`
221
+
222
+ ````markdown
223
+ # Auditoria de Tenant Quente — <projeto> — <data>
224
+
225
+ > Gerado por `detector-tenant-quente` (Suíte DDIA Foundations v1.22)
226
+ > Janela: últimos <time_window> dias · Modo: <live (MCP) | offline>
227
+
228
+ ## Sumário
229
+
230
+ - Tenants ativos: <N>
231
+ - P50 queries/min: <value>
232
+ - P95 queries/min: <value>
233
+ - P99 queries/min: <value>
234
+ - Tenants CRITICAL (>10× P50): <count>
235
+ - Tenants WARN (3-10× P50): <count>
236
+
237
+ ## Top 5 Tenants Quentes
238
+
239
+ ### 1. tenant `<org_id>` — score <z_score>
240
+
241
+ | Métrica | Valor | P50 | × P50 | Threshold |
242
+ |---|---|---|---|---|
243
+ | Queries/min | <value> | <p50> | <ratio> | CRITICAL / WARN / OK |
244
+ | Storage GB | <value> | <p50> | <ratio> | CRITICAL / WARN / OK |
245
+ | Conexões ativas | <value> | <p50> | <ratio> | CRITICAL / WARN / OK |
246
+
247
+ **Estratégia sugerida:** <estratégia da skill tenant-quente-mitigacao>
248
+
249
+ **Cross-suite handoff:** Para implementar mitigação, invocar [`supabase-migration-writer`](../kit/agents/supabase-migration-writer.md) (v1.8) para schema/partition changes OU [`supabase-edge-fn-writer`](../kit/agents/supabase-edge-fn-writer.md) (v1.8) para read replica routing logic. Ver skill [`tenant-quente-mitigacao`](../kit/skills/tenant-quente-mitigacao/SKILL.md) para detalhes da estratégia.
250
+
251
+ ### 2. tenant `<org_id>` — score <z_score>
252
+
253
+ [... similar ...]
254
+
255
+ ## Distribuição global
256
+
257
+ | Percentil | Queries/min | Storage GB | Conexões |
258
+ |---|---|---|---|
259
+ | P50 | <v> | <v> | <v> |
260
+ | P95 | <v> | <v> | <v> |
261
+ | P99 | <v> | <v> | <v> |
262
+ | Max | <v> | <v> | <v> |
263
+
264
+ ## Recomendações
265
+
266
+ - **CRITICAL tenants:** mitigação imediata (≤ 7 dias) — risco de cost overrun + noisy neighbor degradation
267
+ - **WARN tenants:** monitorar trend; mitigação em ≤ 30 dias se trend ascendente
268
+ - **Re-audit em 30 dias** para medir progresso pós-mitigação
269
+
270
+ ## Próximos passos
271
+
272
+ 1. Para cada CRITICAL tenant, escolher estratégia da skill [`tenant-quente-mitigacao`](../kit/skills/tenant-quente-mitigacao/SKILL.md)
273
+ 2. Invocar agent destino do cross-suite handoff (ver tabela acima)
274
+ 3. Re-auditar após mitigação para confirmar tenant saiu da banda CRITICAL
275
+ ````
276
+
277
+ ### Step 9 — Imprimir resumo curto para caller
278
+
279
+ ```text
280
+ ═══════════════════════════════════════════════════════════
281
+ DETECTOR-TENANT-QUENTE · <project>
282
+ janela: <time_window> · modo: <live | offline>
283
+ ═══════════════════════════════════════════════════════════
284
+
285
+ CRITICAL: <count> tenants (>10× P50)
286
+ WARN: <count> tenants (3-10× P50)
287
+ OK: <count> tenants (≤ 3× P50)
288
+
289
+ ## Top 3 CRITICAL
290
+ 1. tenant <org_id> — <métrica dominante> <ratio>× P50 — estratégia: <name>
291
+ 2. ...
292
+ 3. ...
293
+
294
+ ## Output
295
+ `<OUTPUT_PATH>`
296
+ ```
297
+
298
+ ## Cross-suite invocation pattern (v1.21 herdado)
299
+
300
+ | Mitigação sugerida | Agent destino | Suíte |
301
+ |---|---|---|
302
+ | Partitioning por hash(org_id) (declarative) | [`supabase-migration-writer`](./supabase-migration-writer.md) | Supabase v1.8 |
303
+ | Read replica routing por tenant (Supavisor) | [`supabase-edge-fn-writer`](./supabase-edge-fn-writer.md) | Supabase v1.8 |
304
+ | Tenant isolation via schema separado | [`b2b-saas-architect`](./b2b-saas-architect.md) | Multi-Tenant v1.21 |
305
+ | Connection pooling per-tenant | [`supabase-edge-fn-writer`](./supabase-edge-fn-writer.md) | Supabase v1.8 |
306
+
307
+ **Pattern:** este agent identifica + sugere estratégia, NÃO implementa. Caller invoca agent destino com prompt contendo a mitigação escolhida da skill `tenant-quente-mitigacao`.
308
+
309
+ ## Anti-patterns prevenidos (na produção do consumer)
310
+
311
+ - Tenant quente CRITICAL silencioso até cost overrun visível na fatura mensal
312
+ - Noisy neighbor degradation (P99 latência sobe para todos)
313
+ - Failure mode ampliado (recovery lento quando tenant quente sofre incident)
314
+ - Migração para dedicated infrastructure tardia (custo de migration cresce com volume)
315
+ - Connection pool exhaustion por tenant runaway (sem limit per-tenant)
316
+
317
+ ## Quando NÃO invocar
318
+
319
+ - App single-tenant (1 org fixa) — escopo errado
320
+ - App com < 10 tenants — distribuição power-law não emerge, P50 instável
321
+ - App recém-lançado (< 30 dias produção) — janela insuficiente para sample
322
+ - Já rodou audit há < 14 dias sem mudanças significativas em uso
323
+
324
+ ## Observabilidade integrada
325
+
326
+ - Counter `audit.tenant_hot.findings{severity=CRITICAL|WARN|OK,metric=queries|storage|connections}` por execução
327
+ - Histogram `audit.tenant_hot.duration_ms` (latência total da auditoria)
328
+ - Gauge `audit.tenant_hot.skew_ratio{tenant_id}` (ratio do top tenant vs P50) — para alertar trend
329
+
330
+ ## Ver também
331
+
332
+ - [`tenant-quente-mitigacao`](../skills/tenant-quente-mitigacao/SKILL.md) (v1.22) — base de conhecimento (5 estratégias + thresholds 3×/10× P50)
333
+ - [`multi-tenant-performance-scaling`](../skills/multi-tenant-performance-scaling/SKILL.md) (v1.21) — Supavisor transaction mode + partial indexes
334
+ - [`b2b-saas-architecture`](../skills/b2b-saas-architecture/SKILL.md) (v1.21) — single schema + org_id como default; quando promover para schema separado
335
+ - [`supabase-migration-writer`](./supabase-migration-writer.md) (v1.8) — destino do cross-suite handoff (partitioning, dedicated schema)
336
+ - [`supabase-edge-fn-writer`](./supabase-edge-fn-writer.md) (v1.8) — destino do cross-suite handoff (read replica routing logic)
337
+ - [`b2b-saas-architect`](./b2b-saas-architect.md) (v1.21) — destino do cross-suite handoff (tenant isolation via schema separado)
338
+ - [`multi-tenant-isolation-auditor`](./multi-tenant-isolation-auditor.md) (v1.21) — agent irmão que audita gaps de RLS (complementar — RLS é defesa em depth, este agent foca em performance + cost)