agent-devkit 0.1.5 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (606) hide show
  1. package/README.md +14 -2
  2. package/package.json +1 -1
  3. package/runtime/README.md +127 -6
  4. package/runtime/agent +5 -0
  5. package/runtime/agents/README.md +34 -0
  6. package/runtime/agents/agent-devkit-agent-builder/AGENTS.md +24 -0
  7. package/runtime/agents/agent-devkit-agent-builder/README.md +37 -0
  8. package/runtime/agents/agent-devkit-agent-builder/agent.yaml +46 -0
  9. package/runtime/agents/agent-devkit-agent-builder/capabilities/plan-agent/capability.yaml +29 -0
  10. package/runtime/agents/agent-devkit-agent-builder/capabilities/plan-agent/decision-rules.md +7 -0
  11. package/runtime/agents/agent-devkit-agent-builder/capabilities/plan-agent/runner.py +33 -0
  12. package/runtime/agents/agent-devkit-agent-builder/capabilities/plan-agent/workflow.md +8 -0
  13. package/runtime/agents/agent-devkit-agent-builder/capabilities/scaffold-agent/capability.yaml +31 -0
  14. package/runtime/agents/agent-devkit-agent-builder/capabilities/scaffold-agent/decision-rules.md +9 -0
  15. package/runtime/agents/agent-devkit-agent-builder/capabilities/scaffold-agent/runner.py +39 -0
  16. package/runtime/agents/agent-devkit-agent-builder/capabilities/scaffold-agent/workflow.md +8 -0
  17. package/runtime/agents/agent-devkit-agent-builder/capabilities/validate-agent-contract/capability.yaml +28 -0
  18. package/runtime/agents/agent-devkit-agent-builder/capabilities/validate-agent-contract/decision-rules.md +6 -0
  19. package/runtime/agents/agent-devkit-agent-builder/capabilities/validate-agent-contract/runner.py +33 -0
  20. package/runtime/agents/agent-devkit-agent-builder/capabilities/validate-agent-contract/workflow.md +7 -0
  21. package/runtime/agents/agent-devkit-agent-builder/infra/integrations/agent-devkit/agent_builder_repository.py +527 -0
  22. package/runtime/agents/agent-devkit-agent-builder/knowledge/context.md +15 -0
  23. package/runtime/agents/agent-devkit-agent-builder/knowledge/policies.yaml +11 -0
  24. package/runtime/agents/agent-devkit-agent-builder/knowledge/system.md +11 -0
  25. package/runtime/agents/agent-devkit-agent-builder/templates/agent-plan-output.md +20 -0
  26. package/runtime/agents/agent-devkit-agent-builder/templates/scaffold-plan-output.md +13 -0
  27. package/runtime/agents/agent-devkit-agent-builder/templates/validation-report-output.md +13 -0
  28. package/runtime/agents/agent-devkit-agent-builder/tests/test_runners.py +188 -0
  29. package/runtime/agents/automation-architect/AGENTS.md +11 -0
  30. package/runtime/agents/automation-architect/README.md +27 -0
  31. package/runtime/agents/automation-architect/agent.yaml +57 -0
  32. package/runtime/agents/automation-architect/capabilities/classify-automation-request/capability.yaml +35 -0
  33. package/runtime/agents/automation-architect/capabilities/classify-automation-request/decision-rules.md +10 -0
  34. package/runtime/agents/automation-architect/capabilities/classify-automation-request/runner.py +37 -0
  35. package/runtime/agents/automation-architect/capabilities/classify-automation-request/workflow.md +7 -0
  36. package/runtime/agents/automation-architect/capabilities/delegate-automation-build/capability.yaml +34 -0
  37. package/runtime/agents/automation-architect/capabilities/delegate-automation-build/decision-rules.md +7 -0
  38. package/runtime/agents/automation-architect/capabilities/delegate-automation-build/runner.py +37 -0
  39. package/runtime/agents/automation-architect/capabilities/delegate-automation-build/workflow.md +6 -0
  40. package/runtime/agents/automation-architect/capabilities/plan-automation-solution/capability.yaml +35 -0
  41. package/runtime/agents/automation-architect/capabilities/plan-automation-solution/decision-rules.md +7 -0
  42. package/runtime/agents/automation-architect/capabilities/plan-automation-solution/runner.py +37 -0
  43. package/runtime/agents/automation-architect/capabilities/plan-automation-solution/workflow.md +7 -0
  44. package/runtime/agents/automation-architect/capabilities/review-automation-solution/capability.yaml +36 -0
  45. package/runtime/agents/automation-architect/capabilities/review-automation-solution/decision-rules.md +7 -0
  46. package/runtime/agents/automation-architect/capabilities/review-automation-solution/runner.py +39 -0
  47. package/runtime/agents/automation-architect/capabilities/review-automation-solution/workflow.md +7 -0
  48. package/runtime/agents/automation-architect/infra/integrations/automation-architecture/automation_architecture_repository.py +481 -0
  49. package/runtime/agents/automation-architect/knowledge/context.md +22 -0
  50. package/runtime/agents/automation-architect/knowledge/policies.yaml +20 -0
  51. package/runtime/agents/automation-architect/knowledge/system.md +8 -0
  52. package/runtime/agents/automation-architect/templates/automation-classification.md +6 -0
  53. package/runtime/agents/automation-architect/templates/automation-plan.md +5 -0
  54. package/runtime/agents/automation-architect/tests/test_runners.py +135 -0
  55. package/runtime/agents/aws-architecture-analyst/agent.yaml +17 -4
  56. package/runtime/agents/aws-cloudwatch-log-analyzer/agent.yaml +12 -2
  57. package/runtime/agents/aws-cloudwatch-log-analyzer/capabilities/analyze-service-error/capability.yaml +16 -0
  58. package/runtime/agents/aws-lambda-builder/AGENTS.md +27 -0
  59. package/runtime/agents/aws-lambda-builder/README.md +21 -0
  60. package/runtime/agents/aws-lambda-builder/agent.yaml +46 -0
  61. package/runtime/agents/aws-lambda-builder/capabilities/deploy-lambda-plan/capability.yaml +18 -0
  62. package/runtime/agents/aws-lambda-builder/capabilities/deploy-lambda-plan/decision-rules.md +6 -0
  63. package/runtime/agents/aws-lambda-builder/capabilities/deploy-lambda-plan/runner.py +33 -0
  64. package/runtime/agents/aws-lambda-builder/capabilities/deploy-lambda-plan/workflow.md +6 -0
  65. package/runtime/agents/aws-lambda-builder/capabilities/generate-lambda-project/capability.yaml +20 -0
  66. package/runtime/agents/aws-lambda-builder/capabilities/generate-lambda-project/decision-rules.md +6 -0
  67. package/runtime/agents/aws-lambda-builder/capabilities/generate-lambda-project/runner.py +39 -0
  68. package/runtime/agents/aws-lambda-builder/capabilities/generate-lambda-project/workflow.md +7 -0
  69. package/runtime/agents/aws-lambda-builder/capabilities/package-lambda/capability.yaml +22 -0
  70. package/runtime/agents/aws-lambda-builder/capabilities/package-lambda/decision-rules.md +6 -0
  71. package/runtime/agents/aws-lambda-builder/capabilities/package-lambda/runner.py +41 -0
  72. package/runtime/agents/aws-lambda-builder/capabilities/package-lambda/workflow.md +6 -0
  73. package/runtime/agents/aws-lambda-builder/capabilities/plan-lambda/capability.yaml +18 -0
  74. package/runtime/agents/aws-lambda-builder/capabilities/plan-lambda/decision-rules.md +7 -0
  75. package/runtime/agents/aws-lambda-builder/capabilities/plan-lambda/runner.py +33 -0
  76. package/runtime/agents/aws-lambda-builder/capabilities/plan-lambda/workflow.md +6 -0
  77. package/runtime/agents/aws-lambda-builder/capabilities/review-lambda-security/capability.yaml +18 -0
  78. package/runtime/agents/aws-lambda-builder/capabilities/review-lambda-security/decision-rules.md +7 -0
  79. package/runtime/agents/aws-lambda-builder/capabilities/review-lambda-security/runner.py +33 -0
  80. package/runtime/agents/aws-lambda-builder/capabilities/review-lambda-security/workflow.md +5 -0
  81. package/runtime/agents/aws-lambda-builder/infra/integrations/aws-lambda/aws_lambda_repository.py +688 -0
  82. package/runtime/agents/aws-lambda-builder/knowledge/context.md +12 -0
  83. package/runtime/agents/aws-lambda-builder/knowledge/policies.yaml +23 -0
  84. package/runtime/agents/aws-lambda-builder/knowledge/system.md +10 -0
  85. package/runtime/agents/aws-lambda-builder/templates/lambda-deploy-plan.md +3 -0
  86. package/runtime/agents/aws-lambda-builder/templates/lambda-package.md +3 -0
  87. package/runtime/agents/aws-lambda-builder/templates/lambda-plan.md +3 -0
  88. package/runtime/agents/aws-lambda-builder/templates/lambda-readme.md +3 -0
  89. package/runtime/agents/aws-lambda-builder/templates/lambda-security-review.md +3 -0
  90. package/runtime/agents/aws-lambda-builder/tests/test_runners.py +355 -0
  91. package/runtime/agents/aws-operations-operator/agent.yaml +18 -6
  92. package/runtime/agents/aws-security-governance-auditor/agent.yaml +17 -5
  93. package/runtime/agents/azure-devops-orchestrator/agent.yaml +15 -2
  94. package/runtime/agents/azure-devops-orchestrator/capabilities/read-card/capability.yaml +29 -0
  95. package/runtime/agents/bpo-analyser/agent.yaml +12 -2
  96. package/runtime/agents/bpo-analyser/knowledge/policies.yaml +2 -2
  97. package/runtime/agents/data-scientist-analyst/agent.yaml +16 -4
  98. package/runtime/agents/data-scientist-analyst/capabilities/generate-data-report/capability.yaml +1 -1
  99. package/runtime/agents/data-scientist-analyst/capabilities/generate-reconciliation-report/capability.yaml +1 -1
  100. package/runtime/agents/data-scientist-analyst/capabilities/run-data-pipeline/capability.yaml +1 -1
  101. package/runtime/agents/data-scientist-analyst/infra/integrations/agent-bridge/methods/analyze-sql-source.yaml +1 -1
  102. package/runtime/agents/data-scientist-analyst/knowledge/policies.yaml +4 -4
  103. package/runtime/agents/data-scientist-analyst/knowledge/system.md +1 -1
  104. package/runtime/agents/data-scientist-analyst/tests/test_runners.py +1 -1
  105. package/runtime/agents/database-change-operator/agent.yaml +12 -1
  106. package/runtime/agents/docker-container-builder/AGENTS.md +27 -0
  107. package/runtime/agents/docker-container-builder/README.md +21 -0
  108. package/runtime/agents/docker-container-builder/agent.yaml +52 -0
  109. package/runtime/agents/docker-container-builder/capabilities/analyze-containerization-target/capability.yaml +18 -0
  110. package/runtime/agents/docker-container-builder/capabilities/analyze-containerization-target/decision-rules.md +6 -0
  111. package/runtime/agents/docker-container-builder/capabilities/analyze-containerization-target/runner.py +32 -0
  112. package/runtime/agents/docker-container-builder/capabilities/analyze-containerization-target/workflow.md +6 -0
  113. package/runtime/agents/docker-container-builder/capabilities/generate-compose/capability.yaml +18 -0
  114. package/runtime/agents/docker-container-builder/capabilities/generate-compose/decision-rules.md +7 -0
  115. package/runtime/agents/docker-container-builder/capabilities/generate-compose/runner.py +32 -0
  116. package/runtime/agents/docker-container-builder/capabilities/generate-compose/workflow.md +6 -0
  117. package/runtime/agents/docker-container-builder/capabilities/generate-container-project-files/capability.yaml +20 -0
  118. package/runtime/agents/docker-container-builder/capabilities/generate-container-project-files/decision-rules.md +7 -0
  119. package/runtime/agents/docker-container-builder/capabilities/generate-container-project-files/runner.py +38 -0
  120. package/runtime/agents/docker-container-builder/capabilities/generate-container-project-files/workflow.md +7 -0
  121. package/runtime/agents/docker-container-builder/capabilities/generate-dockerfile/capability.yaml +18 -0
  122. package/runtime/agents/docker-container-builder/capabilities/generate-dockerfile/decision-rules.md +6 -0
  123. package/runtime/agents/docker-container-builder/capabilities/generate-dockerfile/runner.py +32 -0
  124. package/runtime/agents/docker-container-builder/capabilities/generate-dockerfile/workflow.md +7 -0
  125. package/runtime/agents/docker-container-builder/capabilities/plan-image-build/capability.yaml +18 -0
  126. package/runtime/agents/docker-container-builder/capabilities/plan-image-build/decision-rules.md +6 -0
  127. package/runtime/agents/docker-container-builder/capabilities/plan-image-build/runner.py +32 -0
  128. package/runtime/agents/docker-container-builder/capabilities/plan-image-build/workflow.md +6 -0
  129. package/runtime/agents/docker-container-builder/capabilities/review-docker-security/capability.yaml +21 -0
  130. package/runtime/agents/docker-container-builder/capabilities/review-docker-security/decision-rules.md +6 -0
  131. package/runtime/agents/docker-container-builder/capabilities/review-docker-security/runner.py +43 -0
  132. package/runtime/agents/docker-container-builder/capabilities/review-docker-security/workflow.md +5 -0
  133. package/runtime/agents/docker-container-builder/infra/integrations/docker-container/docker_container_repository.py +837 -0
  134. package/runtime/agents/docker-container-builder/knowledge/context.md +21 -0
  135. package/runtime/agents/docker-container-builder/knowledge/policies.yaml +13 -0
  136. package/runtime/agents/docker-container-builder/knowledge/system.md +21 -0
  137. package/runtime/agents/docker-container-builder/templates/container-plan.md +4 -0
  138. package/runtime/agents/docker-container-builder/templates/container-review.md +4 -0
  139. package/runtime/agents/docker-container-builder/templates/docker-compose.md +5 -0
  140. package/runtime/agents/docker-container-builder/templates/docker-readme.md +3 -0
  141. package/runtime/agents/docker-container-builder/templates/dockerfile.md +5 -0
  142. package/runtime/agents/docker-container-builder/tests/test_runners.py +255 -0
  143. package/runtime/agents/drawio-diagram-builder/agent.yaml +11 -2
  144. package/runtime/agents/drawio-diagram-builder/capabilities/execute-diagram-delivery/capability.yaml +1 -1
  145. package/runtime/agents/drawio-diagram-builder/capabilities/read-azure-card-context/capability.yaml +1 -1
  146. package/runtime/agents/elasticsearch-log-analyzer/agent.yaml +14 -2
  147. package/runtime/agents/elasticsearch-log-analyzer/capabilities/analyze-service-errors/capability.yaml +14 -0
  148. package/runtime/agents/excel-workbook-builder/agent.yaml +10 -0
  149. package/runtime/agents/excel-workbook-builder/capabilities/create-template/capability.yaml +1 -1
  150. package/runtime/agents/excel-workbook-builder/capabilities/create-template/workflow.md +1 -1
  151. package/runtime/agents/excel-workbook-builder/capabilities/create-template-version/capability.yaml +1 -1
  152. package/runtime/agents/excel-workbook-builder/capabilities/generate-template-input-file/capability.yaml +1 -2
  153. package/runtime/agents/excel-workbook-builder/capabilities/refine-template/capability.yaml +1 -1
  154. package/runtime/agents/excel-workbook-builder/capabilities/register-template/capability.yaml +1 -2
  155. package/runtime/agents/excel-workbook-builder/capabilities/register-template/workflow.md +1 -1
  156. package/runtime/agents/execution-loop-builder/AGENTS.md +24 -0
  157. package/runtime/agents/execution-loop-builder/README.md +19 -0
  158. package/runtime/agents/execution-loop-builder/agent.yaml +49 -0
  159. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-project-files/capability.yaml +20 -0
  160. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-project-files/decision-rules.md +6 -0
  161. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-project-files/runner.py +38 -0
  162. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-project-files/workflow.md +7 -0
  163. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-runner/capability.yaml +18 -0
  164. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-runner/decision-rules.md +5 -0
  165. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-runner/runner.py +32 -0
  166. package/runtime/agents/execution-loop-builder/capabilities/generate-loop-runner/workflow.md +6 -0
  167. package/runtime/agents/execution-loop-builder/capabilities/plan-execution-loop/capability.yaml +18 -0
  168. package/runtime/agents/execution-loop-builder/capabilities/plan-execution-loop/decision-rules.md +6 -0
  169. package/runtime/agents/execution-loop-builder/capabilities/plan-execution-loop/runner.py +32 -0
  170. package/runtime/agents/execution-loop-builder/capabilities/plan-execution-loop/workflow.md +6 -0
  171. package/runtime/agents/execution-loop-builder/capabilities/register-loop-task/capability.yaml +19 -0
  172. package/runtime/agents/execution-loop-builder/capabilities/register-loop-task/decision-rules.md +6 -0
  173. package/runtime/agents/execution-loop-builder/capabilities/register-loop-task/runner.py +36 -0
  174. package/runtime/agents/execution-loop-builder/capabilities/register-loop-task/workflow.md +6 -0
  175. package/runtime/agents/execution-loop-builder/capabilities/review-loop-safety/capability.yaml +19 -0
  176. package/runtime/agents/execution-loop-builder/capabilities/review-loop-safety/decision-rules.md +6 -0
  177. package/runtime/agents/execution-loop-builder/capabilities/review-loop-safety/runner.py +39 -0
  178. package/runtime/agents/execution-loop-builder/capabilities/review-loop-safety/workflow.md +5 -0
  179. package/runtime/agents/execution-loop-builder/infra/integrations/execution-loop/execution_loop_repository.py +608 -0
  180. package/runtime/agents/execution-loop-builder/knowledge/context.md +26 -0
  181. package/runtime/agents/execution-loop-builder/knowledge/policies.yaml +13 -0
  182. package/runtime/agents/execution-loop-builder/knowledge/system.md +19 -0
  183. package/runtime/agents/execution-loop-builder/templates/loop-plan.md +3 -0
  184. package/runtime/agents/execution-loop-builder/templates/loop-readme.md +3 -0
  185. package/runtime/agents/execution-loop-builder/templates/loop-review.md +3 -0
  186. package/runtime/agents/execution-loop-builder/templates/loop-runner.py +2 -0
  187. package/runtime/agents/execution-loop-builder/tests/test_runners.py +274 -0
  188. package/runtime/agents/execution-reviewer/AGENTS.md +8 -0
  189. package/runtime/agents/execution-reviewer/README.md +13 -0
  190. package/runtime/agents/execution-reviewer/agent.yaml +27 -0
  191. package/runtime/agents/execution-reviewer/capabilities/review-agent-result/capability.yaml +14 -0
  192. package/runtime/agents/execution-reviewer/capabilities/review-agent-result/decision-rules.md +6 -0
  193. package/runtime/agents/execution-reviewer/capabilities/review-agent-result/workflow.md +7 -0
  194. package/runtime/agents/execution-reviewer/capabilities/review-final-output/capability.yaml +14 -0
  195. package/runtime/agents/execution-reviewer/capabilities/review-final-output/decision-rules.md +6 -0
  196. package/runtime/agents/execution-reviewer/capabilities/review-final-output/workflow.md +7 -0
  197. package/runtime/agents/execution-reviewer/capabilities/review-plan/capability.yaml +14 -0
  198. package/runtime/agents/execution-reviewer/capabilities/review-plan/decision-rules.md +6 -0
  199. package/runtime/agents/execution-reviewer/capabilities/review-plan/workflow.md +7 -0
  200. package/runtime/agents/execution-reviewer/infra/README.md +4 -0
  201. package/runtime/agents/execution-reviewer/knowledge/context.md +6 -0
  202. package/runtime/agents/execution-reviewer/knowledge/system.md +18 -0
  203. package/runtime/agents/execution-reviewer/templates/README.md +4 -0
  204. package/runtime/agents/figma-ui-ux-product-designer/agent.yaml +17 -5
  205. package/runtime/agents/figma-ui-ux-product-designer/capabilities/analyze-product-context/capability.yaml +1 -1
  206. package/runtime/agents/figma-ui-ux-product-designer/capabilities/conduct-design-interview/capability.yaml +1 -1
  207. package/runtime/agents/figma-ui-ux-product-designer/capabilities/conduct-design-review-session/capability.yaml +1 -1
  208. package/runtime/agents/figma-ui-ux-product-designer/capabilities/generate-dev-handoff/capability.yaml +1 -1
  209. package/runtime/agents/figma-ui-ux-product-designer/capabilities/generate-user-journey-diagram/capability.yaml +1 -1
  210. package/runtime/agents/figma-ui-ux-product-designer/capabilities/ingest-design-source/capability.yaml +1 -1
  211. package/runtime/agents/figma-ui-ux-product-designer/capabilities/triage-design-feedback/capability.yaml +1 -1
  212. package/runtime/agents/generic-agent-builder/AGENTS.md +20 -0
  213. package/runtime/agents/generic-agent-builder/README.md +40 -0
  214. package/runtime/agents/generic-agent-builder/agent.yaml +43 -0
  215. package/runtime/agents/generic-agent-builder/capabilities/generate-agent-instructions/capability.yaml +18 -0
  216. package/runtime/agents/generic-agent-builder/capabilities/generate-agent-instructions/decision-rules.md +5 -0
  217. package/runtime/agents/generic-agent-builder/capabilities/generate-agent-instructions/runner.py +33 -0
  218. package/runtime/agents/generic-agent-builder/capabilities/generate-agent-instructions/workflow.md +6 -0
  219. package/runtime/agents/generic-agent-builder/capabilities/generate-project-agent-files/capability.yaml +20 -0
  220. package/runtime/agents/generic-agent-builder/capabilities/generate-project-agent-files/decision-rules.md +6 -0
  221. package/runtime/agents/generic-agent-builder/capabilities/generate-project-agent-files/runner.py +39 -0
  222. package/runtime/agents/generic-agent-builder/capabilities/generate-project-agent-files/workflow.md +7 -0
  223. package/runtime/agents/generic-agent-builder/capabilities/generate-skill/capability.yaml +18 -0
  224. package/runtime/agents/generic-agent-builder/capabilities/generate-skill/decision-rules.md +5 -0
  225. package/runtime/agents/generic-agent-builder/capabilities/generate-skill/runner.py +33 -0
  226. package/runtime/agents/generic-agent-builder/capabilities/generate-skill/workflow.md +5 -0
  227. package/runtime/agents/generic-agent-builder/capabilities/plan-generic-agent/capability.yaml +18 -0
  228. package/runtime/agents/generic-agent-builder/capabilities/plan-generic-agent/decision-rules.md +6 -0
  229. package/runtime/agents/generic-agent-builder/capabilities/plan-generic-agent/runner.py +33 -0
  230. package/runtime/agents/generic-agent-builder/capabilities/plan-generic-agent/workflow.md +6 -0
  231. package/runtime/agents/generic-agent-builder/capabilities/review-generic-agent/capability.yaml +20 -0
  232. package/runtime/agents/generic-agent-builder/capabilities/review-generic-agent/decision-rules.md +6 -0
  233. package/runtime/agents/generic-agent-builder/capabilities/review-generic-agent/runner.py +40 -0
  234. package/runtime/agents/generic-agent-builder/capabilities/review-generic-agent/workflow.md +7 -0
  235. package/runtime/agents/generic-agent-builder/infra/integrations/generic-agent/generic_agent_repository.py +445 -0
  236. package/runtime/agents/generic-agent-builder/knowledge/context.md +11 -0
  237. package/runtime/agents/generic-agent-builder/knowledge/policies.yaml +12 -0
  238. package/runtime/agents/generic-agent-builder/knowledge/system.md +17 -0
  239. package/runtime/agents/generic-agent-builder/templates/generic-agent-instructions.md +17 -0
  240. package/runtime/agents/generic-agent-builder/templates/generic-review-report.md +13 -0
  241. package/runtime/agents/generic-agent-builder/templates/generic-skill.md +14 -0
  242. package/runtime/agents/generic-agent-builder/tests/test_runners.py +220 -0
  243. package/runtime/agents/github-pr-reviewer/agent.yaml +17 -5
  244. package/runtime/agents/github-pr-reviewer/capabilities/create-review-automation/capability.yaml +1 -1
  245. package/runtime/agents/github-pr-reviewer/capabilities/inspect-pr/capability.yaml +1 -1
  246. package/runtime/agents/github-pr-reviewer/capabilities/list-review-requests/capability.yaml +1 -1
  247. package/runtime/agents/github-pr-reviewer/capabilities/review-pr-diff/capability.yaml +1 -1
  248. package/runtime/agents/knowledge-generator/agent.yaml +13 -3
  249. package/runtime/agents/knowledge-generator/capabilities/generate-knowledge/capability.yaml +1 -1
  250. package/runtime/agents/local-llm-operator/AGENTS.md +8 -0
  251. package/runtime/agents/local-llm-operator/README.md +12 -0
  252. package/runtime/agents/local-llm-operator/agent.yaml +28 -0
  253. package/runtime/agents/local-llm-operator/capabilities/delegate-operational-task/capability.yaml +14 -0
  254. package/runtime/agents/local-llm-operator/capabilities/delegate-operational-task/decision-rules.md +6 -0
  255. package/runtime/agents/local-llm-operator/capabilities/delegate-operational-task/workflow.md +7 -0
  256. package/runtime/agents/local-llm-operator/capabilities/inspect-local-models/capability.yaml +14 -0
  257. package/runtime/agents/local-llm-operator/capabilities/inspect-local-models/decision-rules.md +5 -0
  258. package/runtime/agents/local-llm-operator/capabilities/inspect-local-models/workflow.md +6 -0
  259. package/runtime/agents/local-llm-operator/capabilities/select-local-worker/capability.yaml +14 -0
  260. package/runtime/agents/local-llm-operator/capabilities/select-local-worker/decision-rules.md +6 -0
  261. package/runtime/agents/local-llm-operator/capabilities/select-local-worker/workflow.md +7 -0
  262. package/runtime/agents/local-llm-operator/infra/README.md +4 -0
  263. package/runtime/agents/local-llm-operator/knowledge/context.md +6 -0
  264. package/runtime/agents/local-llm-operator/knowledge/system.md +18 -0
  265. package/runtime/agents/local-llm-operator/templates/README.md +4 -0
  266. package/runtime/agents/n1-support-agent/agent.yaml +40 -1
  267. package/runtime/agents/n2-support-agent/agent.yaml +41 -2
  268. package/runtime/agents/n2-support-agent/knowledge/policies.yaml +2 -2
  269. package/runtime/agents/notification-operator/AGENTS.md +11 -0
  270. package/runtime/agents/notification-operator/README.md +15 -0
  271. package/runtime/agents/notification-operator/agent.yaml +43 -0
  272. package/runtime/agents/notification-operator/capabilities/configure-notification-channel/capability.yaml +19 -0
  273. package/runtime/agents/notification-operator/capabilities/configure-notification-channel/decision-rules.md +6 -0
  274. package/runtime/agents/notification-operator/capabilities/configure-notification-channel/runner.py +33 -0
  275. package/runtime/agents/notification-operator/capabilities/configure-notification-channel/workflow.md +6 -0
  276. package/runtime/agents/notification-operator/capabilities/format-task-completion-notification/capability.yaml +25 -0
  277. package/runtime/agents/notification-operator/capabilities/format-task-completion-notification/decision-rules.md +7 -0
  278. package/runtime/agents/notification-operator/capabilities/format-task-completion-notification/runner.py +49 -0
  279. package/runtime/agents/notification-operator/capabilities/format-task-completion-notification/workflow.md +6 -0
  280. package/runtime/agents/notification-operator/capabilities/send-task-completion-notification/capability.yaml +27 -0
  281. package/runtime/agents/notification-operator/capabilities/send-task-completion-notification/decision-rules.md +6 -0
  282. package/runtime/agents/notification-operator/capabilities/send-task-completion-notification/runner.py +68 -0
  283. package/runtime/agents/notification-operator/capabilities/send-task-completion-notification/workflow.md +7 -0
  284. package/runtime/agents/notification-operator/infra/README.md +6 -0
  285. package/runtime/agents/notification-operator/knowledge/context.md +10 -0
  286. package/runtime/agents/notification-operator/knowledge/policies.yaml +9 -0
  287. package/runtime/agents/notification-operator/knowledge/system.md +7 -0
  288. package/runtime/agents/notification-operator/templates/README.md +6 -0
  289. package/runtime/agents/notification-operator/tests/test_runners.py +108 -0
  290. package/runtime/agents/playwright-automation-builder/AGENTS.md +23 -0
  291. package/runtime/agents/playwright-automation-builder/README.md +43 -0
  292. package/runtime/agents/playwright-automation-builder/agent.yaml +48 -0
  293. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-project-files/capability.yaml +20 -0
  294. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-project-files/decision-rules.md +6 -0
  295. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-project-files/runner.py +38 -0
  296. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-project-files/workflow.md +6 -0
  297. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-script/capability.yaml +18 -0
  298. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-script/decision-rules.md +6 -0
  299. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-script/runner.py +32 -0
  300. package/runtime/agents/playwright-automation-builder/capabilities/generate-playwright-script/workflow.md +6 -0
  301. package/runtime/agents/playwright-automation-builder/capabilities/plan-playwright-automation/capability.yaml +18 -0
  302. package/runtime/agents/playwright-automation-builder/capabilities/plan-playwright-automation/decision-rules.md +6 -0
  303. package/runtime/agents/playwright-automation-builder/capabilities/plan-playwright-automation/runner.py +32 -0
  304. package/runtime/agents/playwright-automation-builder/capabilities/plan-playwright-automation/workflow.md +6 -0
  305. package/runtime/agents/playwright-automation-builder/capabilities/review-playwright-artifacts/capability.yaml +19 -0
  306. package/runtime/agents/playwright-automation-builder/capabilities/review-playwright-artifacts/decision-rules.md +6 -0
  307. package/runtime/agents/playwright-automation-builder/capabilities/review-playwright-artifacts/runner.py +33 -0
  308. package/runtime/agents/playwright-automation-builder/capabilities/review-playwright-artifacts/workflow.md +6 -0
  309. package/runtime/agents/playwright-automation-builder/capabilities/run-playwright-check/capability.yaml +22 -0
  310. package/runtime/agents/playwright-automation-builder/capabilities/run-playwright-check/decision-rules.md +6 -0
  311. package/runtime/agents/playwright-automation-builder/capabilities/run-playwright-check/runner.py +40 -0
  312. package/runtime/agents/playwright-automation-builder/capabilities/run-playwright-check/workflow.md +6 -0
  313. package/runtime/agents/playwright-automation-builder/capabilities/wrap-playwright-as-capability/capability.yaml +22 -0
  314. package/runtime/agents/playwright-automation-builder/capabilities/wrap-playwright-as-capability/decision-rules.md +6 -0
  315. package/runtime/agents/playwright-automation-builder/capabilities/wrap-playwright-as-capability/runner.py +42 -0
  316. package/runtime/agents/playwright-automation-builder/capabilities/wrap-playwright-as-capability/workflow.md +6 -0
  317. package/runtime/agents/playwright-automation-builder/infra/integrations/playwright-automation/playwright_automation_repository.py +865 -0
  318. package/runtime/agents/playwright-automation-builder/knowledge/context.md +19 -0
  319. package/runtime/agents/playwright-automation-builder/knowledge/policies.yaml +25 -0
  320. package/runtime/agents/playwright-automation-builder/knowledge/system.md +19 -0
  321. package/runtime/agents/playwright-automation-builder/templates/capability-wrapper.md +4 -0
  322. package/runtime/agents/playwright-automation-builder/templates/playwright-automation.py +12 -0
  323. package/runtime/agents/playwright-automation-builder/templates/playwright-readme.md +13 -0
  324. package/runtime/agents/playwright-automation-builder/templates/playwright-review-report.md +9 -0
  325. package/runtime/agents/playwright-automation-builder/templates/playwright-test.py +2 -0
  326. package/runtime/agents/playwright-automation-builder/tests/test_runners.py +261 -0
  327. package/runtime/agents/postgres-data-analyzer/agent.yaml +13 -2
  328. package/runtime/agents/presentation-deck-builder/agent.yaml +14 -3
  329. package/runtime/agents/presentation-deck-builder/capabilities/create-template/capability.yaml +1 -1
  330. package/runtime/agents/presentation-deck-builder/capabilities/create-template-version/capability.yaml +1 -1
  331. package/runtime/agents/presentation-deck-builder/capabilities/generate-template-input-file/capability.yaml +1 -1
  332. package/runtime/agents/presentation-deck-builder/capabilities/refine-template/capability.yaml +1 -1
  333. package/runtime/agents/presentation-deck-builder/capabilities/register-template/capability.yaml +1 -1
  334. package/runtime/agents/presentation-deck-builder/knowledge/prompts/create-template.md +1 -1
  335. package/runtime/agents/presentation-deck-builder/knowledge/prompts/generate-template-input-file.md +1 -1
  336. package/runtime/agents/provider-configurator/AGENTS.md +8 -0
  337. package/runtime/agents/provider-configurator/README.md +5 -0
  338. package/runtime/agents/provider-configurator/agent.yaml +27 -0
  339. package/runtime/agents/provider-configurator/capabilities/collect-provider-credentials/capability.yaml +14 -0
  340. package/runtime/agents/provider-configurator/capabilities/collect-provider-credentials/decision-rules.md +6 -0
  341. package/runtime/agents/provider-configurator/capabilities/collect-provider-credentials/workflow.md +7 -0
  342. package/runtime/agents/provider-configurator/capabilities/configure-provider-source/capability.yaml +14 -0
  343. package/runtime/agents/provider-configurator/capabilities/configure-provider-source/decision-rules.md +6 -0
  344. package/runtime/agents/provider-configurator/capabilities/configure-provider-source/workflow.md +8 -0
  345. package/runtime/agents/provider-configurator/capabilities/validate-provider-readiness/capability.yaml +14 -0
  346. package/runtime/agents/provider-configurator/capabilities/validate-provider-readiness/decision-rules.md +6 -0
  347. package/runtime/agents/provider-configurator/capabilities/validate-provider-readiness/workflow.md +7 -0
  348. package/runtime/agents/provider-configurator/infra/README.md +5 -0
  349. package/runtime/agents/provider-configurator/knowledge/context.md +8 -0
  350. package/runtime/agents/provider-configurator/knowledge/system.md +19 -0
  351. package/runtime/agents/provider-configurator/templates/README.md +4 -0
  352. package/runtime/agents/pyautogui-automation-builder/AGENTS.md +32 -0
  353. package/runtime/agents/pyautogui-automation-builder/README.md +44 -0
  354. package/runtime/agents/pyautogui-automation-builder/agent.yaml +45 -0
  355. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-project-files/capability.yaml +20 -0
  356. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-project-files/decision-rules.md +6 -0
  357. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-project-files/runner.py +39 -0
  358. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-project-files/workflow.md +7 -0
  359. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-script/capability.yaml +18 -0
  360. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-script/decision-rules.md +7 -0
  361. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-script/runner.py +33 -0
  362. package/runtime/agents/pyautogui-automation-builder/capabilities/generate-pyautogui-script/workflow.md +7 -0
  363. package/runtime/agents/pyautogui-automation-builder/capabilities/plan-desktop-automation/capability.yaml +18 -0
  364. package/runtime/agents/pyautogui-automation-builder/capabilities/plan-desktop-automation/decision-rules.md +8 -0
  365. package/runtime/agents/pyautogui-automation-builder/capabilities/plan-desktop-automation/runner.py +33 -0
  366. package/runtime/agents/pyautogui-automation-builder/capabilities/plan-desktop-automation/workflow.md +9 -0
  367. package/runtime/agents/pyautogui-automation-builder/capabilities/review-pyautogui-script/capability.yaml +20 -0
  368. package/runtime/agents/pyautogui-automation-builder/capabilities/review-pyautogui-script/decision-rules.md +8 -0
  369. package/runtime/agents/pyautogui-automation-builder/capabilities/review-pyautogui-script/runner.py +43 -0
  370. package/runtime/agents/pyautogui-automation-builder/capabilities/review-pyautogui-script/workflow.md +7 -0
  371. package/runtime/agents/pyautogui-automation-builder/capabilities/wrap-pyautogui-as-capability/capability.yaml +22 -0
  372. package/runtime/agents/pyautogui-automation-builder/capabilities/wrap-pyautogui-as-capability/decision-rules.md +6 -0
  373. package/runtime/agents/pyautogui-automation-builder/capabilities/wrap-pyautogui-as-capability/runner.py +43 -0
  374. package/runtime/agents/pyautogui-automation-builder/capabilities/wrap-pyautogui-as-capability/workflow.md +7 -0
  375. package/runtime/agents/pyautogui-automation-builder/infra/integrations/pyautogui-automation/pyautogui_automation_repository.py +856 -0
  376. package/runtime/agents/pyautogui-automation-builder/knowledge/context.md +17 -0
  377. package/runtime/agents/pyautogui-automation-builder/knowledge/policies.yaml +24 -0
  378. package/runtime/agents/pyautogui-automation-builder/knowledge/system.md +13 -0
  379. package/runtime/agents/pyautogui-automation-builder/templates/capability-wrapper.md +3 -0
  380. package/runtime/agents/pyautogui-automation-builder/templates/pyautogui-automation.py +12 -0
  381. package/runtime/agents/pyautogui-automation-builder/templates/pyautogui-readme.md +3 -0
  382. package/runtime/agents/pyautogui-automation-builder/templates/pyautogui-review-report.md +3 -0
  383. package/runtime/agents/pyautogui-automation-builder/templates/pyautogui-test.py +2 -0
  384. package/runtime/agents/pyautogui-automation-builder/tests/test_runners.py +376 -0
  385. package/runtime/agents/python-automation-builder/AGENTS.md +25 -0
  386. package/runtime/agents/python-automation-builder/README.md +43 -0
  387. package/runtime/agents/python-automation-builder/agent.yaml +45 -0
  388. package/runtime/agents/python-automation-builder/capabilities/generate-automation-project-files/capability.yaml +20 -0
  389. package/runtime/agents/python-automation-builder/capabilities/generate-automation-project-files/decision-rules.md +6 -0
  390. package/runtime/agents/python-automation-builder/capabilities/generate-automation-project-files/runner.py +39 -0
  391. package/runtime/agents/python-automation-builder/capabilities/generate-automation-project-files/workflow.md +7 -0
  392. package/runtime/agents/python-automation-builder/capabilities/generate-python-automation/capability.yaml +18 -0
  393. package/runtime/agents/python-automation-builder/capabilities/generate-python-automation/decision-rules.md +5 -0
  394. package/runtime/agents/python-automation-builder/capabilities/generate-python-automation/runner.py +33 -0
  395. package/runtime/agents/python-automation-builder/capabilities/generate-python-automation/workflow.md +5 -0
  396. package/runtime/agents/python-automation-builder/capabilities/plan-python-automation/capability.yaml +18 -0
  397. package/runtime/agents/python-automation-builder/capabilities/plan-python-automation/decision-rules.md +6 -0
  398. package/runtime/agents/python-automation-builder/capabilities/plan-python-automation/runner.py +33 -0
  399. package/runtime/agents/python-automation-builder/capabilities/plan-python-automation/workflow.md +6 -0
  400. package/runtime/agents/python-automation-builder/capabilities/review-python-automation/capability.yaml +20 -0
  401. package/runtime/agents/python-automation-builder/capabilities/review-python-automation/decision-rules.md +6 -0
  402. package/runtime/agents/python-automation-builder/capabilities/review-python-automation/runner.py +43 -0
  403. package/runtime/agents/python-automation-builder/capabilities/review-python-automation/workflow.md +5 -0
  404. package/runtime/agents/python-automation-builder/capabilities/wrap-automation-as-capability/capability.yaml +22 -0
  405. package/runtime/agents/python-automation-builder/capabilities/wrap-automation-as-capability/decision-rules.md +6 -0
  406. package/runtime/agents/python-automation-builder/capabilities/wrap-automation-as-capability/runner.py +43 -0
  407. package/runtime/agents/python-automation-builder/capabilities/wrap-automation-as-capability/workflow.md +6 -0
  408. package/runtime/agents/python-automation-builder/infra/integrations/python-automation/python_automation_repository.py +717 -0
  409. package/runtime/agents/python-automation-builder/knowledge/context.md +15 -0
  410. package/runtime/agents/python-automation-builder/knowledge/policies.yaml +12 -0
  411. package/runtime/agents/python-automation-builder/knowledge/system.md +19 -0
  412. package/runtime/agents/python-automation-builder/templates/automation-readme.md +13 -0
  413. package/runtime/agents/python-automation-builder/templates/automation-review-report.md +13 -0
  414. package/runtime/agents/python-automation-builder/templates/automation-test.py +9 -0
  415. package/runtime/agents/python-automation-builder/templates/automation.py +19 -0
  416. package/runtime/agents/python-automation-builder/templates/capability-wrapper.md +4 -0
  417. package/runtime/agents/python-automation-builder/tests/test_runners.py +292 -0
  418. package/runtime/agents/selenium-automation-builder/AGENTS.md +27 -0
  419. package/runtime/agents/selenium-automation-builder/README.md +40 -0
  420. package/runtime/agents/selenium-automation-builder/agent.yaml +45 -0
  421. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-project-files/capability.yaml +20 -0
  422. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-project-files/decision-rules.md +6 -0
  423. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-project-files/runner.py +39 -0
  424. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-project-files/workflow.md +7 -0
  425. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-script/capability.yaml +18 -0
  426. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-script/decision-rules.md +6 -0
  427. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-script/runner.py +33 -0
  428. package/runtime/agents/selenium-automation-builder/capabilities/generate-selenium-script/workflow.md +6 -0
  429. package/runtime/agents/selenium-automation-builder/capabilities/plan-selenium-automation/capability.yaml +18 -0
  430. package/runtime/agents/selenium-automation-builder/capabilities/plan-selenium-automation/decision-rules.md +6 -0
  431. package/runtime/agents/selenium-automation-builder/capabilities/plan-selenium-automation/runner.py +33 -0
  432. package/runtime/agents/selenium-automation-builder/capabilities/plan-selenium-automation/workflow.md +6 -0
  433. package/runtime/agents/selenium-automation-builder/capabilities/review-selenium-script/capability.yaml +20 -0
  434. package/runtime/agents/selenium-automation-builder/capabilities/review-selenium-script/decision-rules.md +6 -0
  435. package/runtime/agents/selenium-automation-builder/capabilities/review-selenium-script/runner.py +40 -0
  436. package/runtime/agents/selenium-automation-builder/capabilities/review-selenium-script/workflow.md +6 -0
  437. package/runtime/agents/selenium-automation-builder/capabilities/wrap-selenium-as-capability/capability.yaml +22 -0
  438. package/runtime/agents/selenium-automation-builder/capabilities/wrap-selenium-as-capability/decision-rules.md +6 -0
  439. package/runtime/agents/selenium-automation-builder/capabilities/wrap-selenium-as-capability/runner.py +43 -0
  440. package/runtime/agents/selenium-automation-builder/capabilities/wrap-selenium-as-capability/workflow.md +6 -0
  441. package/runtime/agents/selenium-automation-builder/infra/integrations/selenium-automation/selenium_automation_repository.py +793 -0
  442. package/runtime/agents/selenium-automation-builder/knowledge/context.md +15 -0
  443. package/runtime/agents/selenium-automation-builder/knowledge/policies.yaml +17 -0
  444. package/runtime/agents/selenium-automation-builder/knowledge/system.md +18 -0
  445. package/runtime/agents/selenium-automation-builder/templates/capability-wrapper.md +4 -0
  446. package/runtime/agents/selenium-automation-builder/templates/selenium-automation.py +20 -0
  447. package/runtime/agents/selenium-automation-builder/templates/selenium-readme.md +13 -0
  448. package/runtime/agents/selenium-automation-builder/templates/selenium-review-report.md +13 -0
  449. package/runtime/agents/selenium-automation-builder/templates/selenium-test.py +9 -0
  450. package/runtime/agents/selenium-automation-builder/tests/test_runners.py +282 -0
  451. package/runtime/agents/software-specification-analyst/agent.yaml +17 -4
  452. package/runtime/agents/software-specification-analyst/capabilities/analyze-multiple-projects/capability.yaml +1 -1
  453. package/runtime/agents/software-specification-analyst/capabilities/analyze-project-context/capability.yaml +1 -1
  454. package/runtime/agents/software-specification-analyst/capabilities/conduct-requirements-interview/capability.yaml +1 -1
  455. package/runtime/agents/software-specification-analyst/capabilities/create-complete-spec/capability.yaml +1 -1
  456. package/runtime/agents/software-specification-analyst/capabilities/create-final-spec-from-analysis/capability.yaml +1 -1
  457. package/runtime/agents/software-specification-analyst/capabilities/create-functional-spec/capability.yaml +11 -0
  458. package/runtime/agents/software-specification-analyst/capabilities/create-technical-spec/capability.yaml +12 -0
  459. package/runtime/agents/software-specification-analyst/capabilities/refine-analysis-with-feedback/capability.yaml +1 -1
  460. package/runtime/agents/software-specification-analyst/capabilities/write-user-stories/capability.yaml +12 -0
  461. package/runtime/agents/sqlserver-change-operator/agent.yaml +12 -1
  462. package/runtime/agents/sqlserver-data-analyzer/agent.yaml +13 -2
  463. package/runtime/agents/supabase-project-analyst/AGENTS.md +29 -0
  464. package/runtime/agents/supabase-project-analyst/README.md +23 -0
  465. package/runtime/agents/supabase-project-analyst/agent.yaml +53 -0
  466. package/runtime/agents/supabase-project-analyst/capabilities/audit-auth-security/capability.yaml +18 -0
  467. package/runtime/agents/supabase-project-analyst/capabilities/audit-auth-security/decision-rules.md +5 -0
  468. package/runtime/agents/supabase-project-analyst/capabilities/audit-auth-security/runner.py +32 -0
  469. package/runtime/agents/supabase-project-analyst/capabilities/audit-auth-security/workflow.md +6 -0
  470. package/runtime/agents/supabase-project-analyst/capabilities/audit-rls-policies/capability.yaml +18 -0
  471. package/runtime/agents/supabase-project-analyst/capabilities/audit-rls-policies/decision-rules.md +6 -0
  472. package/runtime/agents/supabase-project-analyst/capabilities/audit-rls-policies/runner.py +32 -0
  473. package/runtime/agents/supabase-project-analyst/capabilities/audit-rls-policies/workflow.md +7 -0
  474. package/runtime/agents/supabase-project-analyst/capabilities/audit-storage-policies/capability.yaml +18 -0
  475. package/runtime/agents/supabase-project-analyst/capabilities/audit-storage-policies/decision-rules.md +5 -0
  476. package/runtime/agents/supabase-project-analyst/capabilities/audit-storage-policies/runner.py +32 -0
  477. package/runtime/agents/supabase-project-analyst/capabilities/audit-storage-policies/workflow.md +6 -0
  478. package/runtime/agents/supabase-project-analyst/capabilities/generate-supabase-report/capability.yaml +18 -0
  479. package/runtime/agents/supabase-project-analyst/capabilities/generate-supabase-report/decision-rules.md +6 -0
  480. package/runtime/agents/supabase-project-analyst/capabilities/generate-supabase-report/runner.py +32 -0
  481. package/runtime/agents/supabase-project-analyst/capabilities/generate-supabase-report/workflow.md +6 -0
  482. package/runtime/agents/supabase-project-analyst/capabilities/inspect-supabase-project/capability.yaml +19 -0
  483. package/runtime/agents/supabase-project-analyst/capabilities/inspect-supabase-project/decision-rules.md +6 -0
  484. package/runtime/agents/supabase-project-analyst/capabilities/inspect-supabase-project/runner.py +36 -0
  485. package/runtime/agents/supabase-project-analyst/capabilities/inspect-supabase-project/workflow.md +7 -0
  486. package/runtime/agents/supabase-project-analyst/capabilities/plan-supabase-fix/capability.yaml +18 -0
  487. package/runtime/agents/supabase-project-analyst/capabilities/plan-supabase-fix/decision-rules.md +6 -0
  488. package/runtime/agents/supabase-project-analyst/capabilities/plan-supabase-fix/runner.py +32 -0
  489. package/runtime/agents/supabase-project-analyst/capabilities/plan-supabase-fix/workflow.md +6 -0
  490. package/runtime/agents/supabase-project-analyst/capabilities/review-migrations/capability.yaml +18 -0
  491. package/runtime/agents/supabase-project-analyst/capabilities/review-migrations/decision-rules.md +6 -0
  492. package/runtime/agents/supabase-project-analyst/capabilities/review-migrations/runner.py +32 -0
  493. package/runtime/agents/supabase-project-analyst/capabilities/review-migrations/workflow.md +5 -0
  494. package/runtime/agents/supabase-project-analyst/infra/integrations/supabase-project/supabase_project_repository.py +589 -0
  495. package/runtime/agents/supabase-project-analyst/knowledge/context.md +11 -0
  496. package/runtime/agents/supabase-project-analyst/knowledge/policies.yaml +24 -0
  497. package/runtime/agents/supabase-project-analyst/knowledge/system.md +10 -0
  498. package/runtime/agents/supabase-project-analyst/templates/supabase-audit.md +3 -0
  499. package/runtime/agents/supabase-project-analyst/templates/supabase-fix-plan.md +3 -0
  500. package/runtime/agents/supabase-project-analyst/templates/supabase-inspection.md +3 -0
  501. package/runtime/agents/supabase-project-analyst/templates/supabase-report.md +3 -0
  502. package/runtime/agents/supabase-project-analyst/tests/test_runners.py +239 -0
  503. package/runtime/agents/task-orchestrator/AGENTS.md +8 -0
  504. package/runtime/agents/task-orchestrator/README.md +7 -0
  505. package/runtime/agents/task-orchestrator/agent.yaml +53 -0
  506. package/runtime/agents/task-orchestrator/capabilities/coordinate-execution/capability.yaml +15 -0
  507. package/runtime/agents/task-orchestrator/capabilities/coordinate-execution/decision-rules.md +6 -0
  508. package/runtime/agents/task-orchestrator/capabilities/coordinate-execution/workflow.md +7 -0
  509. package/runtime/agents/task-orchestrator/capabilities/plan-task/capability.yaml +14 -0
  510. package/runtime/agents/task-orchestrator/capabilities/plan-task/decision-rules.md +6 -0
  511. package/runtime/agents/task-orchestrator/capabilities/plan-task/workflow.md +8 -0
  512. package/runtime/agents/task-orchestrator/capabilities/select-specialists/capability.yaml +14 -0
  513. package/runtime/agents/task-orchestrator/capabilities/select-specialists/decision-rules.md +6 -0
  514. package/runtime/agents/task-orchestrator/capabilities/select-specialists/workflow.md +7 -0
  515. package/runtime/agents/task-orchestrator/infra/README.md +5 -0
  516. package/runtime/agents/task-orchestrator/knowledge/context.md +9 -0
  517. package/runtime/agents/task-orchestrator/knowledge/system.md +20 -0
  518. package/runtime/agents/task-orchestrator/templates/README.md +4 -0
  519. package/runtime/agents/technical-integration-analyst/agent.yaml +15 -2
  520. package/runtime/agents/topdesk-orchestrator/agent.yaml +10 -2
  521. package/runtime/cli/README.md +76 -11
  522. package/runtime/cli/aikit/__init__.py +1 -1
  523. package/runtime/cli/aikit/acceptance.py +166 -0
  524. package/runtime/cli/aikit/agent_executor.py +89 -0
  525. package/runtime/cli/aikit/agent_registry.py +319 -0
  526. package/runtime/cli/aikit/app_home.py +87 -2
  527. package/runtime/cli/aikit/architecture.py +84 -0
  528. package/runtime/cli/aikit/audit.py +216 -3
  529. package/runtime/cli/aikit/autonomy.py +237 -0
  530. package/runtime/cli/aikit/capability_runtime.py +522 -0
  531. package/runtime/cli/aikit/catalog.py +246 -0
  532. package/runtime/cli/aikit/cli_dispatch.py +1078 -0
  533. package/runtime/cli/aikit/cli_parser.py +409 -0
  534. package/runtime/cli/aikit/collaboration.py +359 -0
  535. package/runtime/cli/aikit/configuration_orchestrator.py +52 -26
  536. package/runtime/cli/aikit/contribution.py +105 -0
  537. package/runtime/cli/aikit/control_router.py +298 -0
  538. package/runtime/cli/aikit/core/__init__.py +1 -0
  539. package/runtime/cli/aikit/core/capability_contract.py +112 -0
  540. package/runtime/cli/aikit/core/requests.py +69 -0
  541. package/runtime/cli/aikit/core/runtime.py +64 -0
  542. package/runtime/cli/aikit/decision_store.py +17 -0
  543. package/runtime/cli/aikit/diagnostics.py +10 -3
  544. package/runtime/cli/aikit/doctor_runtime.py +79 -0
  545. package/runtime/cli/aikit/errors.py +7 -0
  546. package/runtime/cli/aikit/eval.py +158 -0
  547. package/runtime/cli/aikit/execution_reviewer.py +195 -0
  548. package/runtime/cli/aikit/extensions.py +140 -0
  549. package/runtime/cli/aikit/fallback.py +1 -0
  550. package/runtime/cli/aikit/github_pr.py +23 -0
  551. package/runtime/cli/aikit/guardrails.py +25 -10
  552. package/runtime/cli/aikit/human_output.py +1026 -0
  553. package/runtime/cli/aikit/impact_map.py +294 -0
  554. package/runtime/cli/aikit/install.py +4 -3
  555. package/runtime/cli/aikit/interactive_wizard.py +79 -0
  556. package/runtime/cli/aikit/local_llm_operator.py +146 -0
  557. package/runtime/cli/aikit/lock.py +4 -1
  558. package/runtime/cli/aikit/main.py +11 -2561
  559. package/runtime/cli/aikit/mcp_manifest.py +229 -0
  560. package/runtime/cli/aikit/mcp_server.py +132 -0
  561. package/runtime/cli/aikit/mcp_tools.py +262 -0
  562. package/runtime/cli/aikit/mini_brain.py +227 -0
  563. package/runtime/cli/aikit/model_router.py +193 -20
  564. package/runtime/cli/aikit/module_controller.py +335 -0
  565. package/runtime/cli/aikit/natural_prompt_runtime.py +538 -0
  566. package/runtime/cli/aikit/notifications.py +716 -2
  567. package/runtime/cli/aikit/ollama.py +1 -0
  568. package/runtime/cli/aikit/orchestrator.py +1225 -0
  569. package/runtime/cli/aikit/output.py +63 -2
  570. package/runtime/cli/aikit/permissions.py +14 -4
  571. package/runtime/cli/aikit/prompt_injection.py +57 -0
  572. package/runtime/cli/aikit/review_gate.py +38 -6
  573. package/runtime/cli/aikit/roadmap.py +195 -0
  574. package/runtime/cli/aikit/roadmap_cli.py +70 -0
  575. package/runtime/cli/aikit/router.py +41 -12
  576. package/runtime/cli/aikit/router_explain.py +152 -0
  577. package/runtime/cli/aikit/runtime_paths.py +11 -0
  578. package/runtime/cli/aikit/secrets.py +113 -0
  579. package/runtime/cli/aikit/sessions.py +125 -2
  580. package/runtime/cli/aikit/setup_wizard_payload.py +32 -0
  581. package/runtime/cli/aikit/sources.py +298 -46
  582. package/runtime/cli/aikit/tasks.py +449 -21
  583. package/runtime/cli/aikit/wizard_state.py +517 -0
  584. package/runtime/cli/aikit/workflows.py +115 -0
  585. package/runtime/cli/aikit/write_policy.py +108 -0
  586. package/runtime/plugins/claude-code-ai-devkit/README.md +17 -0
  587. package/runtime/plugins/claude-code-ai-devkit/agents/README.md +29 -2
  588. package/runtime/plugins/claude-code-ai-devkit/agents/agent-devkit-db-analyst.md +44 -0
  589. package/runtime/plugins/claude-code-ai-devkit/agents/agent-devkit-execution-reviewer.md +38 -0
  590. package/runtime/plugins/claude-code-ai-devkit/agents/agent-devkit-pr-reviewer.md +42 -0
  591. package/runtime/plugins/claude-code-ai-devkit/agents/agent-devkit-repo-explorer.md +40 -0
  592. package/runtime/plugins/claude-code-ai-devkit/agents/agent-devkit-support-triage.md +43 -0
  593. package/runtime/plugins/claude-code-ai-devkit/plugin.json +1 -1
  594. package/runtime/plugins/claude-code-ai-devkit/skills/ai-devkit-router/SKILL.md +16 -0
  595. package/runtime/plugins/claude-skill-ai-devkit/ai-devkit/SKILL.md +1 -0
  596. package/runtime/plugins/claude-skill-ai-devkit/ai-devkit/references/subagents.md +21 -0
  597. package/runtime/plugins/claude-skill-ai-devkit/plugin.json +1 -1
  598. package/runtime/providers/azure-devops.yaml +9 -0
  599. package/runtime/providers/github.yaml +4 -0
  600. package/runtime/providers/local-notification.yaml +5 -2
  601. package/runtime/providers/local-scheduler.yaml +1 -1
  602. package/runtime/providers/supabase.yaml +46 -0
  603. package/runtime/scripts/release-catalog-snapshot.json +543 -0
  604. package/runtime/scripts/release-gate.py +141 -1
  605. package/runtime/scripts/validate-repo.py +312 -0
  606. package/runtime/vendor/skills/napkin/napkin.md +15 -9
@@ -0,0 +1,589 @@
1
+ """Repository for local, read-only Supabase project analysis."""
2
+
3
+ from __future__ import annotations
4
+
5
+ import json
6
+ import os
7
+ import re
8
+ import shutil
9
+ import subprocess
10
+ import tomllib
11
+ from collections import Counter
12
+ from pathlib import Path
13
+ from typing import Any
14
+
15
+
16
+ EXPOSED_SCHEMAS = {"public"}
17
+ SECRET_KEY_PATTERN = re.compile(
18
+ r"(SUPABASE_ACCESS_TOKEN|SUPABASE_DB_URL|SUPABASE_SERVICE_ROLE_KEY|SUPABASE_ANON_KEY|SERVICE_ROLE_KEY|service_role|jwt_secret|anon_key)",
19
+ re.IGNORECASE,
20
+ )
21
+ SECRET_ASSIGNMENT_PATTERN = re.compile(
22
+ r"(?i)\b(SUPABASE_ACCESS_TOKEN|SUPABASE_DB_URL|SUPABASE_SERVICE_ROLE_KEY|SUPABASE_ANON_KEY|SERVICE_ROLE_KEY|JWT_SECRET|service_role|jwt_secret|anon_key)\b\s*[:=]\s*['\"]?([^'\"\n]+)"
23
+ )
24
+ POSTGRES_URL_PATTERN = re.compile(r"postgres(?:ql)?://[^\s'\"<>]+", re.IGNORECASE)
25
+ CREATE_TABLE_PATTERN = re.compile(
26
+ r"create\s+table\s+(?:if\s+not\s+exists\s+)?(?P<name>(?:\"?\w+\"?\.)?\"?\w+\"?)",
27
+ re.IGNORECASE,
28
+ )
29
+ ENABLE_RLS_PATTERN = re.compile(
30
+ r"alter\s+table\s+(?:only\s+)?(?P<name>(?:\"?\w+\"?\.)?\"?\w+\"?)\s+enable\s+row\s+level\s+security",
31
+ re.IGNORECASE,
32
+ )
33
+ POLICY_PATTERN = re.compile(
34
+ r"create\s+policy\s+(?P<name>.+?)\s+on\s+(?P<table>(?:\"?\w+\"?\.)?\"?\w+\"?)(?P<body>.*?);",
35
+ re.IGNORECASE | re.DOTALL,
36
+ )
37
+ CREATE_VIEW_PATTERN = re.compile(
38
+ r"create\s+(?:or\s+replace\s+)?view\s+(?P<name>(?:\"?\w+\"?\.)?\"?\w+\"?)(?P<body>.*?);",
39
+ re.IGNORECASE | re.DOTALL,
40
+ )
41
+ SECURITY_DEFINER_PATTERN = re.compile(
42
+ r"create\s+(?:or\s+replace\s+)?function\s+(?P<name>(?:\"?\w+\"?\.)?\"?\w+\"?)\s*\(.*?security\s+definer",
43
+ re.IGNORECASE | re.DOTALL,
44
+ )
45
+ DESTRUCTIVE_DDL_PATTERN = re.compile(
46
+ r"\b(drop\s+table|truncate\s+table|alter\s+table\s+.+?\s+drop\s+column|drop\s+schema)\b",
47
+ re.IGNORECASE | re.DOTALL,
48
+ )
49
+ GRANT_PUBLIC_PATTERN = re.compile(
50
+ r"grant\s+.+?\s+on\s+.+?\s+to\s+(anon|authenticated|public)\b",
51
+ re.IGNORECASE | re.DOTALL,
52
+ )
53
+
54
+
55
+ class SupabaseProjectError(RuntimeError):
56
+ """Raised when the project cannot be inspected."""
57
+
58
+
59
+ class SqlFile:
60
+ def __init__(self, *, path: Path, relative_path: str, text: str) -> None:
61
+ self.path = path
62
+ self.relative_path = relative_path
63
+ self.text = text
64
+
65
+
66
+ class SupabaseProjectRepository:
67
+ def inspect_supabase_project(
68
+ self,
69
+ *,
70
+ project_path: Path,
71
+ include_cli_status: bool = False,
72
+ ) -> dict[str, Any]:
73
+ project_root = self.resolve_project(project_path)
74
+ context = self.collect_context(project_root, include_cli_status=include_cli_status)
75
+ return {
76
+ "kind": "supabase-project-inspection",
77
+ "status": "ok",
78
+ "project_path": str(project_root),
79
+ "write_policy": "read_only",
80
+ "context": context,
81
+ "secret_exposure": self.secret_inventory(project_root),
82
+ }
83
+
84
+ def audit_rls_policies(self, *, project_path: Path) -> dict[str, Any]:
85
+ project_root = self.resolve_project(project_path)
86
+ sql_files = self.sql_files(project_root)
87
+ findings = self.find_rls_findings(sql_files)
88
+ return self.audit_payload("supabase-rls-audit", project_root, findings)
89
+
90
+ def audit_auth_security(self, *, project_path: Path) -> dict[str, Any]:
91
+ project_root = self.resolve_project(project_path)
92
+ findings = self.find_auth_findings(project_root, self.sql_files(project_root))
93
+ return self.audit_payload("supabase-auth-audit", project_root, findings)
94
+
95
+ def audit_storage_policies(self, *, project_path: Path) -> dict[str, Any]:
96
+ project_root = self.resolve_project(project_path)
97
+ findings = self.find_storage_findings(self.sql_files(project_root))
98
+ return self.audit_payload("supabase-storage-audit", project_root, findings)
99
+
100
+ def review_migrations(self, *, project_path: Path) -> dict[str, Any]:
101
+ project_root = self.resolve_project(project_path)
102
+ findings = self.find_migration_findings(self.sql_files(project_root))
103
+ return self.audit_payload("supabase-migration-review", project_root, findings)
104
+
105
+ def generate_supabase_report(self, *, project_path: Path) -> dict[str, Any]:
106
+ project_root = self.resolve_project(project_path)
107
+ findings = self.all_findings(project_root)
108
+ severity_counts = Counter(finding["severity"] for finding in findings)
109
+ category_counts = Counter(finding["category"] for finding in findings)
110
+ return {
111
+ "kind": "supabase-report",
112
+ "status": "ok",
113
+ "project_path": str(project_root),
114
+ "write_policy": "output_only",
115
+ "facts": self.collect_context(project_root, include_cli_status=False),
116
+ "summary": {
117
+ "findings": len(findings),
118
+ "by_severity": dict(sorted(severity_counts.items())),
119
+ "by_category": dict(sorted(category_counts.items())),
120
+ },
121
+ "findings": findings,
122
+ "recommendations": self.recommendations(findings),
123
+ }
124
+
125
+ def plan_supabase_fix(self, *, project_path: Path) -> dict[str, Any]:
126
+ project_root = self.resolve_project(project_path)
127
+ findings = self.all_findings(project_root)
128
+ actions = [self.fix_action_for(finding) for finding in findings]
129
+ actions = [action for action in actions if action]
130
+ return {
131
+ "kind": "supabase-fix-plan",
132
+ "status": "ok",
133
+ "project_path": str(project_root),
134
+ "write_policy": "dry_run",
135
+ "apply_real": False,
136
+ "findings_count": len(findings),
137
+ "actions": actions,
138
+ "blocked_actions": ["execute_sql", "apply_migration", "supabase db push", "supabase functions deploy"],
139
+ }
140
+
141
+ def resolve_project(self, project_path: Path) -> Path:
142
+ root = project_path.expanduser().resolve()
143
+ if not root.exists() or not root.is_dir():
144
+ raise SupabaseProjectError(f"project path not found: {root}")
145
+ return root
146
+
147
+ def collect_context(self, project_root: Path, *, include_cli_status: bool) -> dict[str, Any]:
148
+ supabase_dir = project_root / "supabase"
149
+ migrations_dir = supabase_dir / "migrations"
150
+ functions_dir = supabase_dir / "functions"
151
+ config_path = supabase_dir / "config.toml"
152
+ config = self.read_config(config_path)
153
+ return {
154
+ "has_supabase_dir": supabase_dir.exists(),
155
+ "config_path": str(config_path.relative_to(project_root)) if config_path.exists() else None,
156
+ "project_ref": self.redact_value(os.environ.get("SUPABASE_PROJECT_REF") or self.project_ref_from_config(config)),
157
+ "migrations_count": len(list(migrations_dir.glob("*.sql"))) if migrations_dir.exists() else 0,
158
+ "edge_functions": self.edge_functions(functions_dir),
159
+ "seed_present": (supabase_dir / "seed.sql").exists(),
160
+ "config": self.safe_config_summary(config),
161
+ "cli_status": self.cli_status() if include_cli_status else {"checked": False},
162
+ "mcp": self.mcp_status(project_root),
163
+ }
164
+
165
+ def read_config(self, config_path: Path) -> dict[str, Any]:
166
+ if not config_path.exists():
167
+ return {}
168
+ try:
169
+ return tomllib.loads(config_path.read_text(encoding="utf-8"))
170
+ except (tomllib.TOMLDecodeError, OSError) as exc:
171
+ return {"_error": str(exc)}
172
+
173
+ def project_ref_from_config(self, config: dict[str, Any]) -> str | None:
174
+ value = config.get("project_id") or config.get("project_ref") if isinstance(config, dict) else None
175
+ return str(value) if value else None
176
+
177
+ def safe_config_summary(self, config: dict[str, Any]) -> dict[str, Any]:
178
+ if not config:
179
+ return {}
180
+ return {
181
+ key: self.safe_config_value(value)
182
+ for key, value in config.items()
183
+ if not SECRET_KEY_PATTERN.search(str(key))
184
+ }
185
+
186
+ def safe_config_value(self, value: Any) -> Any:
187
+ if isinstance(value, str):
188
+ return self.redact_value(value)
189
+ if isinstance(value, dict):
190
+ return self.safe_config_summary(value)
191
+ if isinstance(value, list):
192
+ return [self.safe_config_value(item) for item in value]
193
+ return value
194
+
195
+ def edge_functions(self, functions_dir: Path) -> list[str]:
196
+ if not functions_dir.exists():
197
+ return []
198
+ return sorted(path.name for path in functions_dir.iterdir() if path.is_dir())
199
+
200
+ def mcp_status(self, project_root: Path) -> dict[str, Any]:
201
+ mcp_json = project_root / ".mcp.json"
202
+ return {
203
+ "config_present": mcp_json.exists(),
204
+ "supabase_server_declared": "supabase" in self.redact_text(mcp_json.read_text(encoding="utf-8")) if mcp_json.exists() else False,
205
+ "oauth_required": True,
206
+ }
207
+
208
+ def cli_status(self) -> dict[str, Any]:
209
+ executable = shutil.which("supabase")
210
+ if not executable:
211
+ return {"checked": True, "available": False}
212
+ return {
213
+ "checked": True,
214
+ "available": True,
215
+ "version": self.safe_command(["supabase", "--version"]),
216
+ "help_available": self.safe_command(["supabase", "--help"], max_chars=500)["returncode"] == 0,
217
+ "db_help_available": self.safe_command(["supabase", "db", "--help"], max_chars=500)["returncode"] == 0,
218
+ }
219
+
220
+ def safe_command(self, command: list[str], *, max_chars: int = 2000) -> dict[str, Any]:
221
+ try:
222
+ result = subprocess.run(
223
+ command,
224
+ check=False,
225
+ text=True,
226
+ stdout=subprocess.PIPE,
227
+ stderr=subprocess.PIPE,
228
+ timeout=10,
229
+ )
230
+ except (OSError, subprocess.TimeoutExpired) as exc:
231
+ return {"returncode": 1, "stdout": "", "stderr": self.redact_text(str(exc))}
232
+ return {
233
+ "returncode": result.returncode,
234
+ "stdout": self.redact_text(result.stdout[:max_chars]),
235
+ "stderr": self.redact_text(result.stderr[:max_chars]),
236
+ }
237
+
238
+ def sql_files(self, project_root: Path) -> list[SqlFile]:
239
+ supabase_dir = project_root / "supabase"
240
+ paths: list[Path] = []
241
+ migrations_dir = supabase_dir / "migrations"
242
+ if migrations_dir.exists():
243
+ paths.extend(sorted(migrations_dir.glob("*.sql")))
244
+ seed = supabase_dir / "seed.sql"
245
+ if seed.exists():
246
+ paths.append(seed)
247
+ sql_files: list[SqlFile] = []
248
+ for path in paths:
249
+ text = path.read_text(encoding="utf-8", errors="replace")
250
+ sql_files.append(SqlFile(path=path, relative_path=str(path.relative_to(project_root)), text=text))
251
+ return sql_files
252
+
253
+ def all_findings(self, project_root: Path) -> list[dict[str, Any]]:
254
+ sql_files = self.sql_files(project_root)
255
+ findings = [
256
+ *self.find_rls_findings(sql_files),
257
+ *self.find_auth_findings(project_root, sql_files),
258
+ *self.find_storage_findings(sql_files),
259
+ *self.find_migration_findings(sql_files),
260
+ ]
261
+ return self.dedupe_findings(findings)
262
+
263
+ def find_rls_findings(self, sql_files: list[SqlFile]) -> list[dict[str, Any]]:
264
+ findings: list[dict[str, Any]] = []
265
+ tables = self.created_tables(sql_files)
266
+ rls_enabled = self.rls_enabled_tables(sql_files)
267
+ for table, source in tables.items():
268
+ if self.schema_for(table) in EXPOSED_SCHEMAS and table not in rls_enabled:
269
+ findings.append(self.finding(
270
+ "high",
271
+ "rls",
272
+ "exposed_table_without_rls",
273
+ source,
274
+ f"Table `{table}` is in an exposed schema without ENABLE ROW LEVEL SECURITY.",
275
+ "Tables in exposed schemas can be reachable through the Data API.",
276
+ f"Enable RLS on `{table}` and add policies matching the access model.",
277
+ suggested_sql=f"alter table {table} enable row level security;",
278
+ ))
279
+ for sql_file in sql_files:
280
+ for policy in POLICY_PATTERN.finditer(sql_file.text):
281
+ body = policy.group("body")
282
+ table = self.normalize_identifier(policy.group("table"))
283
+ if "auth.role()" in body.lower():
284
+ findings.append(self.finding(
285
+ "medium",
286
+ "rls",
287
+ "deprecated_auth_role",
288
+ sql_file,
289
+ self.line_for(sql_file.text, policy.start()),
290
+ "`auth.role()` is used in an RLS policy.",
291
+ "Supabase recommends using the policy TO clause instead.",
292
+ "Replace auth.role() checks with explicit TO anon/authenticated and ownership predicates.",
293
+ ))
294
+ if re.search(r"\bto\s+authenticated\b", body, re.IGNORECASE) and not self.has_ownership_predicate(body):
295
+ findings.append(self.finding(
296
+ "high",
297
+ "rls",
298
+ "authenticated_without_ownership",
299
+ sql_file,
300
+ self.line_for(sql_file.text, policy.start()),
301
+ f"Policy on `{table}` targets authenticated without an ownership predicate.",
302
+ "Authentication without row ownership can create BOLA/IDOR exposure.",
303
+ "Add a USING predicate based on `(select auth.uid())` and tenant/user ownership.",
304
+ ))
305
+ if re.search(r"\bfor\s+update\b", body, re.IGNORECASE) and "with check" not in body.lower():
306
+ findings.append(self.finding(
307
+ "high",
308
+ "rls",
309
+ "update_policy_without_with_check",
310
+ sql_file,
311
+ self.line_for(sql_file.text, policy.start()),
312
+ f"UPDATE policy on `{table}` does not include WITH CHECK.",
313
+ "Users may be able to update ownership columns into unauthorized values.",
314
+ "Add a WITH CHECK predicate matching the USING ownership predicate.",
315
+ ))
316
+ return findings
317
+
318
+ def find_auth_findings(self, project_root: Path, sql_files: list[SqlFile]) -> list[dict[str, Any]]:
319
+ findings: list[dict[str, Any]] = []
320
+ searchable_files = [*sql_files, *self.edge_source_files(project_root)]
321
+ for source in searchable_files:
322
+ lower = source.text.lower()
323
+ if "raw_user_meta_data" in lower or "user_metadata" in lower:
324
+ findings.append(self.finding(
325
+ "high",
326
+ "auth",
327
+ "user_metadata_authorization",
328
+ source,
329
+ self.line_for(source.text, min(pos for pos in [lower.find("raw_user_meta_data"), lower.find("user_metadata")] if pos >= 0)),
330
+ "User-editable metadata appears in authorization-sensitive code.",
331
+ "Supabase user metadata can be edited by the user and is unsafe for authorization.",
332
+ "Move authorization attributes to app_metadata/raw_app_meta_data or server-side tables.",
333
+ ))
334
+ if re.search(r"service[_-]?role|SUPABASE_SERVICE_ROLE_KEY", source.text, re.IGNORECASE):
335
+ findings.append(self.finding(
336
+ "critical",
337
+ "auth",
338
+ "service_role_reference",
339
+ source,
340
+ self.line_for(source.text, re.search(r"service[_-]?role|SUPABASE_SERVICE_ROLE_KEY", source.text, re.IGNORECASE).start()),
341
+ "Service role key/reference appears in local project code or SQL.",
342
+ "Service role bypasses RLS and must never be exposed to public clients.",
343
+ "Move service role use to trusted server-only environments and verify it is not bundled.",
344
+ ))
345
+ for env_path in self.env_files(project_root):
346
+ text = env_path.read_text(encoding="utf-8", errors="replace")
347
+ if SECRET_KEY_PATTERN.search(text):
348
+ findings.append({
349
+ "severity": "medium",
350
+ "code": "local_env_secret_present",
351
+ "category": "auth",
352
+ "file": str(env_path.relative_to(project_root)),
353
+ "line": 1,
354
+ "evidence": "Local env file contains Supabase secret markers; values redacted.",
355
+ "risk": "Accidental commit or log exposure can leak credentials.",
356
+ "recommendation": "Ensure env files are ignored and never included in generated artifacts.",
357
+ "suggested_sql": None,
358
+ })
359
+ return findings
360
+
361
+ def find_storage_findings(self, sql_files: list[SqlFile]) -> list[dict[str, Any]]:
362
+ findings: list[dict[str, Any]] = []
363
+ storage_policies = []
364
+ for sql_file in sql_files:
365
+ for policy in POLICY_PATTERN.finditer(sql_file.text):
366
+ table = self.normalize_identifier(policy.group("table"))
367
+ if table == "storage.objects":
368
+ body = policy.group("body")
369
+ storage_policies.append(body.lower())
370
+ if re.search(r"\bto\s+(anon|public)\b", body, re.IGNORECASE) or re.search(r"using\s*\(\s*true\s*\)", body, re.IGNORECASE):
371
+ findings.append(self.finding(
372
+ "high",
373
+ "storage",
374
+ "storage_public_policy",
375
+ sql_file,
376
+ self.line_for(sql_file.text, policy.start()),
377
+ "Storage policy appears broadly public.",
378
+ "Public Storage access can expose private files or tenant data.",
379
+ "Restrict object paths by user/org and avoid `USING (true)` unless the bucket is intentionally public.",
380
+ ))
381
+ combined = "\n".join(storage_policies)
382
+ if "upsert" in combined and not all(token in combined for token in ("for select", "for insert", "for update")):
383
+ findings.append({
384
+ "severity": "medium",
385
+ "code": "storage_upsert_missing_policy_set",
386
+ "category": "storage",
387
+ "file": None,
388
+ "line": None,
389
+ "evidence": "Storage upsert is mentioned but SELECT/INSERT/UPDATE policy set is incomplete.",
390
+ "risk": "Supabase Storage upsert requires INSERT, SELECT and UPDATE permissions.",
391
+ "recommendation": "Define the full policy set for upload and replacement paths.",
392
+ "suggested_sql": None,
393
+ })
394
+ return findings
395
+
396
+ def find_migration_findings(self, sql_files: list[SqlFile]) -> list[dict[str, Any]]:
397
+ findings: list[dict[str, Any]] = []
398
+ for sql_file in sql_files:
399
+ for match in DESTRUCTIVE_DDL_PATTERN.finditer(sql_file.text):
400
+ findings.append(self.finding(
401
+ "high",
402
+ "migration",
403
+ "destructive_ddl",
404
+ sql_file,
405
+ self.line_for(sql_file.text, match.start()),
406
+ self.redact_text(match.group(0)),
407
+ "Destructive DDL can cause data loss or downtime.",
408
+ "Require rollback, backup, lock/timeout strategy and explicit confirmation before applying.",
409
+ ))
410
+ for match in SECURITY_DEFINER_PATTERN.finditer(sql_file.text):
411
+ name = self.normalize_identifier(match.group("name"))
412
+ severity = "critical" if self.schema_for(name) in EXPOSED_SCHEMAS else "high"
413
+ findings.append(self.finding(
414
+ severity,
415
+ "migration",
416
+ "security_definer_function",
417
+ sql_file,
418
+ self.line_for(sql_file.text, match.start()),
419
+ f"`SECURITY DEFINER` function `{name}` detected.",
420
+ "SECURITY DEFINER bypasses caller privileges and can bypass RLS.",
421
+ "Prefer SECURITY INVOKER; if needed, keep in non-exposed schema with explicit auth.uid() checks and grants.",
422
+ ))
423
+ for match in CREATE_VIEW_PATTERN.finditer(sql_file.text):
424
+ body = match.group("body")
425
+ if "security_invoker" not in body.lower():
426
+ name = self.normalize_identifier(match.group("name"))
427
+ findings.append(self.finding(
428
+ "medium",
429
+ "migration",
430
+ "view_without_security_invoker",
431
+ sql_file,
432
+ self.line_for(sql_file.text, match.start()),
433
+ f"View `{name}` is created without `security_invoker`.",
434
+ "Views can bypass RLS by default depending on ownership/Postgres version.",
435
+ "Use `WITH (security_invoker = true)` where supported or keep view outside exposed schemas.",
436
+ ))
437
+ for match in GRANT_PUBLIC_PATTERN.finditer(sql_file.text):
438
+ findings.append(self.finding(
439
+ "medium",
440
+ "migration",
441
+ "broad_grant_to_public_roles",
442
+ sql_file,
443
+ self.line_for(sql_file.text, match.start()),
444
+ self.redact_text(match.group(0)),
445
+ "Broad grants to anon/authenticated/public can expose Data API surfaces.",
446
+ "Pair grants with RLS and least-privilege access.",
447
+ ))
448
+ return findings
449
+
450
+ def edge_source_files(self, project_root: Path) -> list[SqlFile]:
451
+ functions_dir = project_root / "supabase" / "functions"
452
+ if not functions_dir.exists():
453
+ return []
454
+ files = []
455
+ for path in sorted(functions_dir.rglob("*")):
456
+ if path.suffix.lower() not in {".ts", ".js", ".tsx", ".jsx"} or not path.is_file():
457
+ continue
458
+ files.append(SqlFile(path=path, relative_path=str(path.relative_to(project_root)), text=path.read_text(encoding="utf-8", errors="replace")))
459
+ return files
460
+
461
+ def env_files(self, project_root: Path) -> list[Path]:
462
+ return [path for path in sorted(project_root.glob(".env*")) if path.is_file()]
463
+
464
+ def created_tables(self, sql_files: list[SqlFile]) -> dict[str, SqlFile]:
465
+ tables: dict[str, SqlFile] = {}
466
+ for sql_file in sql_files:
467
+ for match in CREATE_TABLE_PATTERN.finditer(sql_file.text):
468
+ name = self.normalize_identifier(match.group("name"))
469
+ if name.startswith("storage.") or name.startswith("auth."):
470
+ continue
471
+ tables[name] = sql_file
472
+ return tables
473
+
474
+ def rls_enabled_tables(self, sql_files: list[SqlFile]) -> set[str]:
475
+ enabled: set[str] = set()
476
+ for sql_file in sql_files:
477
+ for match in ENABLE_RLS_PATTERN.finditer(sql_file.text):
478
+ enabled.add(self.normalize_identifier(match.group("name")))
479
+ return enabled
480
+
481
+ def normalize_identifier(self, value: str) -> str:
482
+ cleaned = value.replace('"', "").strip().lower()
483
+ if "." not in cleaned:
484
+ return f"public.{cleaned}"
485
+ return cleaned
486
+
487
+ def schema_for(self, identifier: str) -> str:
488
+ return identifier.split(".", 1)[0] if "." in identifier else "public"
489
+
490
+ def has_ownership_predicate(self, value: str) -> bool:
491
+ lower = value.lower()
492
+ return "auth.uid()" in lower or "(select auth.uid())" in lower or "owner_id" in lower or "user_id" in lower or "tenant_id" in lower or "organization_id" in lower
493
+
494
+ def finding(
495
+ self,
496
+ severity: str,
497
+ category: str,
498
+ code: str,
499
+ source: SqlFile,
500
+ line_or_evidence: int | str,
501
+ evidence_or_risk: str,
502
+ risk_or_recommendation: str,
503
+ recommendation: str | None = None,
504
+ *,
505
+ suggested_sql: str | None = None,
506
+ ) -> dict[str, Any]:
507
+ if isinstance(line_or_evidence, int):
508
+ line = line_or_evidence
509
+ evidence = evidence_or_risk
510
+ risk = risk_or_recommendation
511
+ rec = recommendation or ""
512
+ else:
513
+ line = 1
514
+ evidence = line_or_evidence
515
+ risk = evidence_or_risk
516
+ rec = risk_or_recommendation
517
+ return {
518
+ "severity": severity,
519
+ "code": code,
520
+ "category": category,
521
+ "file": source.relative_path,
522
+ "line": line,
523
+ "evidence": self.redact_text(evidence),
524
+ "risk": risk,
525
+ "recommendation": rec,
526
+ "suggested_sql": suggested_sql,
527
+ }
528
+
529
+ def audit_payload(self, kind: str, project_root: Path, findings: list[dict[str, Any]]) -> dict[str, Any]:
530
+ severity_counts = Counter(finding["severity"] for finding in findings)
531
+ return {
532
+ "kind": kind,
533
+ "status": "ok",
534
+ "project_path": str(project_root),
535
+ "write_policy": "read_only",
536
+ "findings_count": len(findings),
537
+ "by_severity": dict(sorted(severity_counts.items())),
538
+ "findings": self.dedupe_findings(findings),
539
+ }
540
+
541
+ def recommendations(self, findings: list[dict[str, Any]]) -> list[str]:
542
+ by_code = {finding["code"]: finding["recommendation"] for finding in findings}
543
+ return [by_code[code] for code in sorted(by_code)]
544
+
545
+ def fix_action_for(self, finding: dict[str, Any]) -> dict[str, Any] | None:
546
+ return {
547
+ "finding_code": finding["code"],
548
+ "severity": finding["severity"],
549
+ "file": finding.get("file"),
550
+ "line": finding.get("line"),
551
+ "recommendation": finding["recommendation"],
552
+ "suggested_sql": finding.get("suggested_sql"),
553
+ "apply_real": False,
554
+ }
555
+
556
+ def secret_inventory(self, project_root: Path) -> dict[str, Any]:
557
+ markers = []
558
+ supabase_paths = list((project_root / "supabase").rglob("*")) if (project_root / "supabase").exists() else []
559
+ for path in [*self.env_files(project_root), *supabase_paths]:
560
+ if not path.is_file() or path.stat().st_size > 1024 * 1024:
561
+ continue
562
+ text = path.read_text(encoding="utf-8", errors="replace")
563
+ if SECRET_KEY_PATTERN.search(text) or POSTGRES_URL_PATTERN.search(text):
564
+ markers.append(str(path.relative_to(project_root)))
565
+ return {"files_with_secret_markers": sorted(set(markers)), "values_redacted": True}
566
+
567
+ def redact_value(self, value: Any) -> Any:
568
+ if value is None:
569
+ return None
570
+ return self.redact_text(str(value))
571
+
572
+ def redact_text(self, text: str) -> str:
573
+ redacted = POSTGRES_URL_PATTERN.sub("<redacted-postgres-url>", text)
574
+ redacted = SECRET_ASSIGNMENT_PATTERN.sub(lambda match: f"{match.group(1)}=<redacted>", redacted)
575
+ return redacted
576
+
577
+ def line_for(self, text: str, index: int) -> int:
578
+ return text.count("\n", 0, max(index, 0)) + 1
579
+
580
+ def dedupe_findings(self, findings: list[dict[str, Any]]) -> list[dict[str, Any]]:
581
+ seen: set[tuple[Any, ...]] = set()
582
+ unique = []
583
+ for finding in findings:
584
+ key = (finding.get("code"), finding.get("file"), finding.get("line"), finding.get("evidence"))
585
+ if key in seen:
586
+ continue
587
+ seen.add(key)
588
+ unique.append(finding)
589
+ return unique
@@ -0,0 +1,11 @@
1
+ # Contexto
2
+
3
+ O Agent DevKit ja possui:
4
+
5
+ - `postgres-data-analyzer`: analise PostgreSQL generica read-only.
6
+ - `database-change-operator`: mudancas PostgreSQL com confirmacao.
7
+
8
+ Este agente cobre particularidades Supabase: schemas expostos via Data API, RLS,
9
+ Auth/JWT, Storage policies, Edge Functions, migrations Supabase e readiness de
10
+ CLI/MCP. O provider Supabase e opcional; a primeira fase funciona apenas com
11
+ arquivos locais.
@@ -0,0 +1,24 @@
1
+ write_policy:
2
+ inspect: read_only
3
+ audit: read_only
4
+ report: output_only
5
+ fix_plan: dry_run
6
+ execute_sql: blocked_by_default
7
+ apply_migration: blocked_by_default
8
+ remote_config: blocked_by_default
9
+ security:
10
+ redact_secret_markers:
11
+ - SUPABASE_ACCESS_TOKEN
12
+ - SUPABASE_DB_URL
13
+ - SUPABASE_SERVICE_ROLE_KEY
14
+ - service_role
15
+ - jwt_secret
16
+ exposed_schemas:
17
+ - public
18
+ disallow_authorization_sources:
19
+ - raw_user_meta_data
20
+ - user_metadata
21
+ provider:
22
+ supabase_mcp_optional: true
23
+ cli_help_only_in_readiness: true
24
+ fallback: use_user_supplied_context
@@ -0,0 +1,10 @@
1
+ # System
2
+
3
+ Voce e o `supabase-project-analyst`, especialista em diagnostico read-only de
4
+ projetos Supabase. Supabase muda com frequencia; antes de orientar mudancas
5
+ sensiveis, verifique documentacao/changelog atual, CLI help ou MCP docs quando
6
+ disponivel.
7
+
8
+ Nunca execute SQL real, `apply_migration`, `supabase db push`, deploy de Edge
9
+ Functions ou alteracao remota. Gere somente fatos, findings, recomendacoes e
10
+ SQL sugerido marcado como nao aplicado.
@@ -0,0 +1,3 @@
1
+ # Supabase Audit
2
+
3
+ Template rendered by Supabase audit capabilities.
@@ -0,0 +1,3 @@
1
+ # Supabase Fix Plan
2
+
3
+ Template rendered by `plan-supabase-fix`.
@@ -0,0 +1,3 @@
1
+ # Supabase Inspection
2
+
3
+ Template rendered by `inspect-supabase-project`.
@@ -0,0 +1,3 @@
1
+ # Supabase Report
2
+
3
+ Template rendered by `generate-supabase-report`.