aios-core 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.aios-core/.session/current-session.json +14 -0
- package/.aios-core/cli/commands/generate/index.js +222 -0
- package/.aios-core/cli/commands/manifest/index.js +46 -0
- package/.aios-core/cli/commands/manifest/regenerate.js +96 -0
- package/.aios-core/cli/commands/manifest/validate.js +66 -0
- package/.aios-core/cli/commands/mcp/add.js +234 -0
- package/.aios-core/cli/commands/mcp/index.js +76 -0
- package/.aios-core/cli/commands/mcp/link.js +217 -0
- package/.aios-core/cli/commands/mcp/setup.js +164 -0
- package/.aios-core/cli/commands/mcp/status.js +183 -0
- package/.aios-core/cli/commands/metrics/cleanup.js +91 -0
- package/.aios-core/cli/commands/metrics/index.js +65 -0
- package/.aios-core/cli/commands/metrics/record.js +154 -0
- package/.aios-core/cli/commands/metrics/seed.js +126 -0
- package/.aios-core/cli/commands/metrics/show.js +209 -0
- package/.aios-core/cli/commands/migrate/analyze.js +353 -0
- package/.aios-core/cli/commands/migrate/backup.js +352 -0
- package/.aios-core/cli/commands/migrate/execute.js +292 -0
- package/.aios-core/cli/commands/migrate/index.js +441 -0
- package/.aios-core/cli/commands/migrate/rollback.js +323 -0
- package/.aios-core/cli/commands/migrate/update-imports.js +396 -0
- package/.aios-core/cli/commands/migrate/validate.js +452 -0
- package/.aios-core/cli/commands/qa/index.js +56 -0
- package/.aios-core/cli/commands/qa/run.js +163 -0
- package/.aios-core/cli/commands/qa/status.js +195 -0
- package/.aios-core/cli/commands/workers/formatters/info-formatter.js +274 -0
- package/.aios-core/cli/commands/workers/formatters/list-table.js +265 -0
- package/.aios-core/cli/commands/workers/formatters/list-tree.js +159 -0
- package/.aios-core/cli/commands/workers/index.js +56 -0
- package/.aios-core/cli/commands/workers/info.js +194 -0
- package/.aios-core/cli/commands/workers/list.js +214 -0
- package/.aios-core/cli/commands/workers/search-filters.js +185 -0
- package/.aios-core/cli/commands/workers/search-keyword.js +310 -0
- package/.aios-core/cli/commands/workers/search-semantic.js +293 -0
- package/.aios-core/cli/commands/workers/search.js +154 -0
- package/.aios-core/cli/commands/workers/utils/pagination.js +102 -0
- package/.aios-core/cli/index.js +128 -0
- package/.aios-core/cli/utils/output-formatter-cli.js +232 -0
- package/.aios-core/cli/utils/score-calculator.js +221 -0
- package/.aios-core/core/README.md +229 -0
- package/.aios-core/core/config/config-cache.js +233 -0
- package/.aios-core/core/config/config-loader.js +277 -0
- package/.aios-core/core/data/agent-config-requirements.yaml +368 -0
- package/.aios-core/core/data/aios-kb.md +924 -0
- package/.aios-core/core/data/workflow-patterns.yaml +267 -0
- package/.aios-core/core/docs/SHARD-TRANSLATION-GUIDE.md +335 -0
- package/.aios-core/core/docs/component-creation-guide.md +458 -0
- package/.aios-core/core/docs/session-update-pattern.md +307 -0
- package/.aios-core/core/docs/template-syntax.md +267 -0
- package/.aios-core/core/docs/troubleshooting-guide.md +625 -0
- package/.aios-core/core/elicitation/agent-elicitation.js +272 -0
- package/.aios-core/core/elicitation/elicitation-engine.js +479 -0
- package/.aios-core/core/elicitation/session-manager.js +320 -0
- package/.aios-core/core/elicitation/task-elicitation.js +281 -0
- package/.aios-core/core/elicitation/workflow-elicitation.js +315 -0
- package/.aios-core/core/index.esm.js +42 -0
- package/.aios-core/core/index.js +76 -0
- package/.aios-core/core/manifest/manifest-generator.js +386 -0
- package/.aios-core/core/manifest/manifest-validator.js +429 -0
- package/.aios-core/core/mcp/config-migrator.js +340 -0
- package/.aios-core/core/mcp/global-config-manager.js +369 -0
- package/.aios-core/core/mcp/index.js +34 -0
- package/.aios-core/core/mcp/os-detector.js +188 -0
- package/.aios-core/core/mcp/symlink-manager.js +413 -0
- package/.aios-core/core/migration/migration-config.yaml +83 -0
- package/.aios-core/core/migration/module-mapping.yaml +89 -0
- package/.aios-core/core/quality-gates/base-layer.js +134 -0
- package/.aios-core/core/quality-gates/checklist-generator.js +329 -0
- package/.aios-core/core/quality-gates/focus-area-recommender.js +359 -0
- package/.aios-core/core/quality-gates/human-review-orchestrator.js +529 -0
- package/.aios-core/core/quality-gates/layer1-precommit.js +336 -0
- package/.aios-core/core/quality-gates/layer2-pr-automation.js +324 -0
- package/.aios-core/core/quality-gates/layer3-human-review.js +348 -0
- package/.aios-core/core/quality-gates/notification-manager.js +550 -0
- package/.aios-core/core/quality-gates/quality-gate-config.yaml +86 -0
- package/.aios-core/core/quality-gates/quality-gate-manager.js +601 -0
- package/.aios-core/core/registry/README.md +179 -0
- package/.aios-core/core/registry/build-registry.js +452 -0
- package/.aios-core/core/registry/registry-loader.js +330 -0
- package/.aios-core/core/registry/registry-schema.json +166 -0
- package/.aios-core/core/registry/service-registry.json +6586 -0
- package/.aios-core/core/registry/validate-registry.js +340 -0
- package/.aios-core/core/session/context-detector.js +229 -0
- package/.aios-core/core/session/context-loader.js +288 -0
- package/.aios-core/core/utils/output-formatter.js +298 -0
- package/.aios-core/core/utils/security-utils.js +333 -0
- package/.aios-core/core/utils/yaml-validator.js +419 -0
- package/.aios-core/core-config.yaml +382 -0
- package/.aios-core/data/agent-config-requirements.yaml +368 -0
- package/.aios-core/data/aios-kb.md +924 -0
- package/.aios-core/data/technical-preferences.md +4 -0
- package/.aios-core/data/workflow-patterns.yaml +267 -0
- package/.aios-core/development/README.md +142 -0
- package/.aios-core/development/agent-teams/team-all.yaml +15 -0
- package/.aios-core/development/agent-teams/team-fullstack.yaml +18 -0
- package/.aios-core/development/agent-teams/team-ide-minimal.yaml +10 -0
- package/.aios-core/development/agent-teams/team-no-ui.yaml +13 -0
- package/.aios-core/development/agent-teams/team-qa-focused.yaml +155 -0
- package/.aios-core/development/agents/aios-master.md +339 -0
- package/.aios-core/development/agents/analyst.md +195 -0
- package/.aios-core/development/agents/architect.md +359 -0
- package/.aios-core/development/agents/data-engineer.md +468 -0
- package/.aios-core/development/agents/dev.md +390 -0
- package/.aios-core/development/agents/devops.md +398 -0
- package/.aios-core/development/agents/pm.md +198 -0
- package/.aios-core/development/agents/po.md +256 -0
- package/.aios-core/development/agents/qa.md +312 -0
- package/.aios-core/development/agents/sm.md +220 -0
- package/.aios-core/development/agents/ux-design-expert.md +451 -0
- package/.aios-core/development/scripts/agent-assignment-resolver.js +231 -0
- package/.aios-core/development/scripts/agent-config-loader.js +624 -0
- package/.aios-core/development/scripts/agent-exit-hooks.js +96 -0
- package/.aios-core/development/scripts/apply-inline-greeting-all-agents.js +146 -0
- package/.aios-core/development/scripts/audit-agent-config.js +380 -0
- package/.aios-core/development/scripts/backlog-manager.js +404 -0
- package/.aios-core/development/scripts/batch-update-agents-session-context.js +95 -0
- package/.aios-core/development/scripts/decision-context.js +228 -0
- package/.aios-core/development/scripts/decision-log-generator.js +293 -0
- package/.aios-core/development/scripts/decision-log-indexer.js +284 -0
- package/.aios-core/development/scripts/decision-recorder.js +168 -0
- package/.aios-core/development/scripts/dev-context-loader.js +297 -0
- package/.aios-core/development/scripts/generate-greeting.js +160 -0
- package/.aios-core/development/scripts/greeting-builder.js +866 -0
- package/.aios-core/development/scripts/greeting-config-cli.js +85 -0
- package/.aios-core/development/scripts/greeting-preference-manager.js +145 -0
- package/.aios-core/development/scripts/migrate-task-to-v2.js +377 -0
- package/.aios-core/development/scripts/story-index-generator.js +337 -0
- package/.aios-core/development/scripts/story-manager.js +375 -0
- package/.aios-core/development/scripts/story-update-hook.js +259 -0
- package/.aios-core/development/scripts/task-identifier-resolver.js +145 -0
- package/.aios-core/development/scripts/test-greeting-system.js +142 -0
- package/.aios-core/development/scripts/validate-task-v2.js +319 -0
- package/.aios-core/development/scripts/workflow-navigator.js +214 -0
- package/.aios-core/development/tasks/add-mcp.md +319 -0
- package/.aios-core/development/tasks/advanced-elicitation.md +319 -0
- package/.aios-core/development/tasks/analyst-facilitate-brainstorming.md +342 -0
- package/.aios-core/development/tasks/analyze-framework.md +697 -0
- package/.aios-core/development/tasks/analyze-performance.md +637 -0
- package/.aios-core/development/tasks/apply-qa-fixes.md +340 -0
- package/.aios-core/development/tasks/architect-analyze-impact.md +827 -0
- package/.aios-core/development/tasks/audit-codebase.md +429 -0
- package/.aios-core/development/tasks/audit-tailwind-config.md +270 -0
- package/.aios-core/development/tasks/audit-utilities.md +358 -0
- package/.aios-core/development/tasks/bootstrap-shadcn-library.md +286 -0
- package/.aios-core/development/tasks/brownfield-create-epic.md +486 -0
- package/.aios-core/development/tasks/brownfield-create-story.md +357 -0
- package/.aios-core/development/tasks/build-component.md +478 -0
- package/.aios-core/development/tasks/calculate-roi.md +455 -0
- package/.aios-core/development/tasks/ci-cd-configuration.md +764 -0
- package/.aios-core/development/tasks/cleanup-utilities.md +670 -0
- package/.aios-core/development/tasks/collaborative-edit.md +1109 -0
- package/.aios-core/development/tasks/compose-molecule.md +284 -0
- package/.aios-core/development/tasks/consolidate-patterns.md +414 -0
- package/.aios-core/development/tasks/correct-course.md +280 -0
- package/.aios-core/development/tasks/create-agent.md +322 -0
- package/.aios-core/development/tasks/create-brownfield-story.md +727 -0
- package/.aios-core/development/tasks/create-deep-research-prompt.md +499 -0
- package/.aios-core/development/tasks/create-doc.md +316 -0
- package/.aios-core/development/tasks/create-next-story.md +774 -0
- package/.aios-core/development/tasks/create-suite.md +284 -0
- package/.aios-core/development/tasks/create-task.md +372 -0
- package/.aios-core/development/tasks/create-workflow.md +371 -0
- package/.aios-core/development/tasks/db-analyze-hotpaths.md +572 -0
- package/.aios-core/development/tasks/db-apply-migration.md +381 -0
- package/.aios-core/development/tasks/db-bootstrap.md +642 -0
- package/.aios-core/development/tasks/db-domain-modeling.md +693 -0
- package/.aios-core/development/tasks/db-dry-run.md +293 -0
- package/.aios-core/development/tasks/db-env-check.md +260 -0
- package/.aios-core/development/tasks/db-expansion-pack-integration.md +663 -0
- package/.aios-core/development/tasks/db-explain.md +631 -0
- package/.aios-core/development/tasks/db-impersonate.md +495 -0
- package/.aios-core/development/tasks/db-load-csv.md +593 -0
- package/.aios-core/development/tasks/db-policy-apply.md +653 -0
- package/.aios-core/development/tasks/db-rls-audit.md +411 -0
- package/.aios-core/development/tasks/db-rollback.md +739 -0
- package/.aios-core/development/tasks/db-run-sql.md +613 -0
- package/.aios-core/development/tasks/db-schema-audit.md +1011 -0
- package/.aios-core/development/tasks/db-seed.md +390 -0
- package/.aios-core/development/tasks/db-smoke-test.md +351 -0
- package/.aios-core/development/tasks/db-snapshot.md +569 -0
- package/.aios-core/development/tasks/db-supabase-setup.md +712 -0
- package/.aios-core/development/tasks/db-verify-order.md +515 -0
- package/.aios-core/development/tasks/deprecate-component.md +957 -0
- package/.aios-core/development/tasks/dev-apply-qa-fixes.md +318 -0
- package/.aios-core/development/tasks/dev-backlog-debt.md +469 -0
- package/.aios-core/development/tasks/dev-develop-story.md +846 -0
- package/.aios-core/development/tasks/dev-improve-code-quality.md +873 -0
- package/.aios-core/development/tasks/dev-optimize-performance.md +1034 -0
- package/.aios-core/development/tasks/dev-suggest-refactoring.md +871 -0
- package/.aios-core/development/tasks/dev-validate-next-story.md +349 -0
- package/.aios-core/development/tasks/document-project.md +553 -0
- package/.aios-core/development/tasks/environment-bootstrap.md +1311 -0
- package/.aios-core/development/tasks/execute-checklist.md +301 -0
- package/.aios-core/development/tasks/export-design-tokens-dtcg.md +274 -0
- package/.aios-core/development/tasks/extend-pattern.md +269 -0
- package/.aios-core/development/tasks/extract-tokens.md +467 -0
- package/.aios-core/development/tasks/facilitate-brainstorming-session.md +518 -0
- package/.aios-core/development/tasks/generate-ai-frontend-prompt.md +261 -0
- package/.aios-core/development/tasks/generate-documentation.md +284 -0
- package/.aios-core/development/tasks/generate-migration-strategy.md +522 -0
- package/.aios-core/development/tasks/generate-shock-report.md +501 -0
- package/.aios-core/development/tasks/github-devops-github-pr-automation.md +427 -0
- package/.aios-core/development/tasks/github-devops-pre-push-quality-gate.md +733 -0
- package/.aios-core/development/tasks/github-devops-repository-cleanup.md +374 -0
- package/.aios-core/development/tasks/github-devops-version-management.md +483 -0
- package/.aios-core/development/tasks/improve-self.md +823 -0
- package/.aios-core/development/tasks/index-docs.md +388 -0
- package/.aios-core/development/tasks/init-project-status.md +506 -0
- package/.aios-core/development/tasks/integrate-expansion-pack.md +314 -0
- package/.aios-core/development/tasks/kb-mode-interaction.md +284 -0
- package/.aios-core/development/tasks/learn-patterns.md +901 -0
- package/.aios-core/development/tasks/mcp-workflow.md +437 -0
- package/.aios-core/development/tasks/modify-agent.md +382 -0
- package/.aios-core/development/tasks/modify-task.md +425 -0
- package/.aios-core/development/tasks/modify-workflow.md +466 -0
- package/.aios-core/development/tasks/po-backlog-add.md +370 -0
- package/.aios-core/development/tasks/po-manage-story-backlog.md +523 -0
- package/.aios-core/development/tasks/po-pull-story-from-clickup.md +540 -0
- package/.aios-core/development/tasks/po-pull-story.md +316 -0
- package/.aios-core/development/tasks/po-stories-index.md +351 -0
- package/.aios-core/development/tasks/po-sync-story-to-clickup.md +457 -0
- package/.aios-core/development/tasks/po-sync-story.md +303 -0
- package/.aios-core/development/tasks/pr-automation.md +701 -0
- package/.aios-core/development/tasks/propose-modification.md +843 -0
- package/.aios-core/development/tasks/qa-backlog-add-followup.md +425 -0
- package/.aios-core/development/tasks/qa-gate.md +374 -0
- package/.aios-core/development/tasks/qa-generate-tests.md +1175 -0
- package/.aios-core/development/tasks/qa-nfr-assess.md +558 -0
- package/.aios-core/development/tasks/qa-review-proposal.md +1158 -0
- package/.aios-core/development/tasks/qa-review-story.md +683 -0
- package/.aios-core/development/tasks/qa-risk-profile.md +567 -0
- package/.aios-core/development/tasks/qa-run-tests.md +277 -0
- package/.aios-core/development/tasks/qa-test-design.md +388 -0
- package/.aios-core/development/tasks/qa-trace-requirements.md +477 -0
- package/.aios-core/development/tasks/release-management.md +723 -0
- package/.aios-core/development/tasks/security-audit.md +554 -0
- package/.aios-core/development/tasks/security-scan.md +790 -0
- package/.aios-core/development/tasks/setup-database.md +741 -0
- package/.aios-core/development/tasks/setup-design-system.md +462 -0
- package/.aios-core/development/tasks/setup-github.md +874 -0
- package/.aios-core/development/tasks/setup-llm-routing.md +229 -0
- package/.aios-core/development/tasks/setup-mcp-docker.md +584 -0
- package/.aios-core/development/tasks/shard-doc.md +538 -0
- package/.aios-core/development/tasks/sm-create-next-story.md +480 -0
- package/.aios-core/development/tasks/sync-documentation.md +865 -0
- package/.aios-core/development/tasks/tailwind-upgrade.md +294 -0
- package/.aios-core/development/tasks/test-as-user.md +621 -0
- package/.aios-core/development/tasks/test-validation-task.md +171 -0
- package/.aios-core/development/tasks/undo-last.md +347 -0
- package/.aios-core/development/tasks/update-manifest.md +410 -0
- package/.aios-core/development/tasks/ux-create-wireframe.md +617 -0
- package/.aios-core/development/tasks/ux-ds-scan-artifact.md +672 -0
- package/.aios-core/development/tasks/ux-user-research.md +559 -0
- package/.aios-core/development/tasks/validate-next-story.md +423 -0
- package/.aios-core/development/tasks/validate-structure.md +243 -0
- package/.aios-core/development/workflows/README.md +84 -0
- package/.aios-core/development/workflows/brownfield-fullstack.yaml +297 -0
- package/.aios-core/development/workflows/brownfield-service.yaml +187 -0
- package/.aios-core/development/workflows/brownfield-ui.yaml +197 -0
- package/.aios-core/development/workflows/greenfield-fullstack.yaml +333 -0
- package/.aios-core/development/workflows/greenfield-service.yaml +206 -0
- package/.aios-core/development/workflows/greenfield-ui.yaml +235 -0
- package/.aios-core/docs/SHARD-TRANSLATION-GUIDE.md +335 -0
- package/.aios-core/docs/component-creation-guide.md +458 -0
- package/.aios-core/docs/session-update-pattern.md +307 -0
- package/.aios-core/docs/standards/AGENT-PERSONALIZATION-STANDARD-V1.md +572 -0
- package/.aios-core/docs/standards/AIOS-COLOR-PALETTE-QUICK-REFERENCE.md +185 -0
- package/.aios-core/docs/standards/AIOS-COLOR-PALETTE-V2.1.md +354 -0
- package/.aios-core/docs/standards/AIOS-FRAMEWORK-MASTER.md +1963 -0
- package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.1-COMPLETE.md +821 -0
- package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.1-SUMMARY.md +1190 -0
- package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.1.md +439 -0
- package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.2-SUMMARY.md +1339 -0
- package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO.md +5398 -0
- package/.aios-core/docs/standards/EXECUTOR-DECISION-TREE.md +697 -0
- package/.aios-core/docs/standards/OPEN-SOURCE-VS-SERVICE-DIFFERENCES.md +511 -0
- package/.aios-core/docs/standards/QUALITY-GATES-SPECIFICATION.md +556 -0
- package/.aios-core/docs/standards/STANDARDS-INDEX.md +210 -0
- package/.aios-core/docs/standards/STORY-TEMPLATE-V2-SPECIFICATION.md +550 -0
- package/.aios-core/docs/standards/TASK-FORMAT-SPECIFICATION-V1.md +1414 -0
- package/.aios-core/docs/standards/V3-ARCHITECTURAL-DECISIONS.md +523 -0
- package/.aios-core/docs/template-syntax.md +267 -0
- package/.aios-core/docs/troubleshooting-guide.md +625 -0
- package/.aios-core/elicitation/agent-elicitation.js +272 -0
- package/.aios-core/elicitation/task-elicitation.js +281 -0
- package/.aios-core/elicitation/workflow-elicitation.js +315 -0
- package/.aios-core/index.d.ts +8 -0
- package/.aios-core/index.esm.js +16 -0
- package/.aios-core/index.js +16 -0
- package/.aios-core/infrastructure/README.md +126 -0
- package/.aios-core/infrastructure/index.js +199 -0
- package/.aios-core/infrastructure/integrations/pm-adapters/README.md +59 -0
- package/.aios-core/infrastructure/integrations/pm-adapters/clickup-adapter.js +345 -0
- package/.aios-core/infrastructure/integrations/pm-adapters/github-adapter.js +392 -0
- package/.aios-core/infrastructure/integrations/pm-adapters/jira-adapter.js +448 -0
- package/.aios-core/infrastructure/integrations/pm-adapters/local-adapter.js +175 -0
- package/.aios-core/infrastructure/scripts/_archived/final-todo-count.js +122 -0
- package/.aios-core/infrastructure/scripts/_archived/fix-yaml-formatting.js +89 -0
- package/.aios-core/infrastructure/scripts/_archived/migration-generator.js +780 -0
- package/.aios-core/infrastructure/scripts/_archived/migration-path-generator.js +950 -0
- package/.aios-core/infrastructure/scripts/_archived/phase2-entrada-saida-errors.js +425 -0
- package/.aios-core/infrastructure/scripts/_archived/phase2-spot-check.js +132 -0
- package/.aios-core/infrastructure/scripts/_archived/phase3-tools-scripts-validation.js +381 -0
- package/.aios-core/infrastructure/scripts/_archived/phase4-metadata-performance.js +203 -0
- package/.aios-core/infrastructure/scripts/_archived/test-yaml-parsing.js +24 -0
- package/.aios-core/infrastructure/scripts/_archived/verify-yaml-fix.js +51 -0
- package/.aios-core/infrastructure/scripts/aios-validator.js +294 -0
- package/.aios-core/infrastructure/scripts/approval-workflow.js +643 -0
- package/.aios-core/infrastructure/scripts/atomic-layer-classifier.js +308 -0
- package/.aios-core/infrastructure/scripts/backup-manager.js +607 -0
- package/.aios-core/infrastructure/scripts/batch-creator.js +608 -0
- package/.aios-core/infrastructure/scripts/branch-manager.js +391 -0
- package/.aios-core/infrastructure/scripts/capability-analyzer.js +535 -0
- package/.aios-core/infrastructure/scripts/clickup-helpers.js +226 -0
- package/.aios-core/infrastructure/scripts/code-quality-improver.js +1312 -0
- package/.aios-core/infrastructure/scripts/commit-message-generator.js +850 -0
- package/.aios-core/infrastructure/scripts/component-generator.js +738 -0
- package/.aios-core/infrastructure/scripts/component-metadata.js +627 -0
- package/.aios-core/infrastructure/scripts/component-search.js +277 -0
- package/.aios-core/infrastructure/scripts/config-cache.js +322 -0
- package/.aios-core/infrastructure/scripts/config-loader.js +349 -0
- package/.aios-core/infrastructure/scripts/conflict-resolver.js +675 -0
- package/.aios-core/infrastructure/scripts/coverage-analyzer.js +882 -0
- package/.aios-core/infrastructure/scripts/dependency-analyzer.js +638 -0
- package/.aios-core/infrastructure/scripts/dependency-impact-analyzer.js +703 -0
- package/.aios-core/infrastructure/scripts/diff-generator.js +129 -0
- package/.aios-core/infrastructure/scripts/documentation-integrity/brownfield-analyzer.js +501 -0
- package/.aios-core/infrastructure/scripts/documentation-integrity/config-generator.js +329 -0
- package/.aios-core/infrastructure/scripts/documentation-integrity/deployment-config-loader.js +282 -0
- package/.aios-core/infrastructure/scripts/documentation-integrity/doc-generator.js +331 -0
- package/.aios-core/infrastructure/scripts/documentation-integrity/gitignore-generator.js +313 -0
- package/.aios-core/infrastructure/scripts/documentation-integrity/index.js +74 -0
- package/.aios-core/infrastructure/scripts/documentation-integrity/mode-detector.js +358 -0
- package/.aios-core/infrastructure/scripts/documentation-synchronizer.js +1432 -0
- package/.aios-core/infrastructure/scripts/framework-analyzer.js +746 -0
- package/.aios-core/infrastructure/scripts/git-config-detector.js +293 -0
- package/.aios-core/infrastructure/scripts/git-wrapper.js +443 -0
- package/.aios-core/infrastructure/scripts/improvement-engine.js +758 -0
- package/.aios-core/infrastructure/scripts/improvement-validator.js +710 -0
- package/.aios-core/infrastructure/scripts/llm-routing/install-llm-routing.js +267 -0
- package/.aios-core/infrastructure/scripts/llm-routing/templates/claude-free.cmd +80 -0
- package/.aios-core/infrastructure/scripts/llm-routing/templates/claude-free.sh +62 -0
- package/.aios-core/infrastructure/scripts/llm-routing/templates/claude-max.cmd +26 -0
- package/.aios-core/infrastructure/scripts/llm-routing/templates/claude-max.sh +18 -0
- package/.aios-core/infrastructure/scripts/modification-risk-assessment.js +970 -0
- package/.aios-core/infrastructure/scripts/modification-validator.js +555 -0
- package/.aios-core/infrastructure/scripts/output-formatter.js +297 -0
- package/.aios-core/infrastructure/scripts/performance-analyzer.js +758 -0
- package/.aios-core/infrastructure/scripts/performance-and-error-resolver.js +258 -0
- package/.aios-core/infrastructure/scripts/performance-optimizer.js +1902 -0
- package/.aios-core/infrastructure/scripts/performance-tracker.js +452 -0
- package/.aios-core/infrastructure/scripts/pm-adapter-factory.js +181 -0
- package/.aios-core/infrastructure/scripts/pm-adapter.js +134 -0
- package/.aios-core/infrastructure/scripts/project-status-loader.js +445 -0
- package/.aios-core/infrastructure/scripts/refactoring-suggester.js +1139 -0
- package/.aios-core/infrastructure/scripts/repository-detector.js +64 -0
- package/.aios-core/infrastructure/scripts/sandbox-tester.js +618 -0
- package/.aios-core/infrastructure/scripts/security-checker.js +359 -0
- package/.aios-core/infrastructure/scripts/source-tree-guardian/index.js +375 -0
- package/.aios-core/infrastructure/scripts/source-tree-guardian/manifest-generator.js +410 -0
- package/.aios-core/infrastructure/scripts/source-tree-guardian/rules/naming-rules.yaml +285 -0
- package/.aios-core/infrastructure/scripts/source-tree-guardian/rules/placement-rules.yaml +262 -0
- package/.aios-core/infrastructure/scripts/source-tree-guardian/validator.js +468 -0
- package/.aios-core/infrastructure/scripts/spot-check-validator.js +149 -0
- package/.aios-core/infrastructure/scripts/status-mapper.js +115 -0
- package/.aios-core/infrastructure/scripts/template-engine.js +240 -0
- package/.aios-core/infrastructure/scripts/template-validator.js +279 -0
- package/.aios-core/infrastructure/scripts/test-generator.js +844 -0
- package/.aios-core/infrastructure/scripts/test-quality-assessment.js +1081 -0
- package/.aios-core/infrastructure/scripts/test-utilities-fast.js +126 -0
- package/.aios-core/infrastructure/scripts/test-utilities.js +200 -0
- package/.aios-core/infrastructure/scripts/tool-resolver.js +360 -0
- package/.aios-core/infrastructure/scripts/transaction-manager.js +590 -0
- package/.aios-core/infrastructure/scripts/usage-analytics.js +634 -0
- package/.aios-core/infrastructure/scripts/validate-output-pattern.js +213 -0
- package/.aios-core/infrastructure/scripts/visual-impact-generator.js +1056 -0
- package/.aios-core/infrastructure/scripts/yaml-validator.js +397 -0
- package/.aios-core/infrastructure/templates/coderabbit.yaml.template +279 -0
- package/.aios-core/infrastructure/templates/core-config/core-config-brownfield.tmpl.yaml +182 -0
- package/.aios-core/infrastructure/templates/core-config/core-config-greenfield.tmpl.yaml +127 -0
- package/.aios-core/infrastructure/templates/github-workflows/README.md +109 -0
- package/.aios-core/infrastructure/templates/github-workflows/ci.yml.template +169 -0
- package/.aios-core/infrastructure/templates/github-workflows/pr-automation.yml.template +330 -0
- package/.aios-core/infrastructure/templates/github-workflows/release.yml.template +196 -0
- package/.aios-core/infrastructure/templates/gitignore/gitignore-aios-base.tmpl +63 -0
- package/.aios-core/infrastructure/templates/gitignore/gitignore-brownfield-merge.tmpl +18 -0
- package/.aios-core/infrastructure/templates/gitignore/gitignore-node.tmpl +85 -0
- package/.aios-core/infrastructure/templates/gitignore/gitignore-python.tmpl +145 -0
- package/.aios-core/infrastructure/templates/project-docs/coding-standards-tmpl.md +346 -0
- package/.aios-core/infrastructure/templates/project-docs/source-tree-tmpl.md +177 -0
- package/.aios-core/infrastructure/templates/project-docs/tech-stack-tmpl.md +267 -0
- package/.aios-core/infrastructure/tests/project-status-loader.test.js +394 -0
- package/.aios-core/infrastructure/tests/regression-suite-v2.md +621 -0
- package/.aios-core/infrastructure/tests/utilities-audit-results.json +501 -0
- package/.aios-core/infrastructure/tests/validate-module.js +97 -0
- package/.aios-core/infrastructure/tools/README.md +222 -0
- package/.aios-core/infrastructure/tools/cli/github-cli.yaml +200 -0
- package/.aios-core/infrastructure/tools/cli/llm-routing.yaml +126 -0
- package/.aios-core/infrastructure/tools/cli/railway-cli.yaml +260 -0
- package/.aios-core/infrastructure/tools/cli/supabase-cli.yaml +224 -0
- package/.aios-core/infrastructure/tools/local/ffmpeg.yaml +261 -0
- package/.aios-core/infrastructure/tools/mcp/21st-dev-magic.yaml +127 -0
- package/.aios-core/infrastructure/tools/mcp/browser.yaml +103 -0
- package/.aios-core/infrastructure/tools/mcp/clickup.yaml +534 -0
- package/.aios-core/infrastructure/tools/mcp/context7.yaml +78 -0
- package/.aios-core/infrastructure/tools/mcp/desktop-commander.yaml +180 -0
- package/.aios-core/infrastructure/tools/mcp/exa.yaml +103 -0
- package/.aios-core/infrastructure/tools/mcp/google-workspace.yaml +930 -0
- package/.aios-core/infrastructure/tools/mcp/n8n.yaml +551 -0
- package/.aios-core/infrastructure/tools/mcp/supabase.yaml +808 -0
- package/.aios-core/install-manifest.yaml +347 -0
- package/.aios-core/manifests/agents.csv +1 -0
- package/.aios-core/manifests/schema/manifest-schema.json +190 -0
- package/.aios-core/manifests/tasks.csv +121 -0
- package/.aios-core/manifests/workers.csv +204 -0
- package/.aios-core/package.json +103 -0
- package/.aios-core/product/README.md +56 -0
- package/.aios-core/product/checklists/architect-checklist.md +444 -0
- package/.aios-core/product/checklists/change-checklist.md +183 -0
- package/.aios-core/product/checklists/database-design-checklist.md +119 -0
- package/.aios-core/product/checklists/dba-predeploy-checklist.md +97 -0
- package/.aios-core/product/checklists/dba-rollback-checklist.md +99 -0
- package/.aios-core/product/checklists/pm-checklist.md +376 -0
- package/.aios-core/product/checklists/po-master-checklist.md +442 -0
- package/.aios-core/product/checklists/pre-push-checklist.md +108 -0
- package/.aios-core/product/checklists/release-checklist.md +122 -0
- package/.aios-core/product/checklists/story-dod-checklist.md +102 -0
- package/.aios-core/product/checklists/story-draft-checklist.md +216 -0
- package/.aios-core/product/data/brainstorming-techniques.md +37 -0
- package/.aios-core/product/data/elicitation-methods.md +135 -0
- package/.aios-core/product/data/mode-selection-best-practices.md +471 -0
- package/.aios-core/product/data/test-levels-framework.md +149 -0
- package/.aios-core/product/data/test-priorities-matrix.md +175 -0
- package/.aios-core/product/templates/1mcp-config.yaml +225 -0
- package/.aios-core/product/templates/activation-instructions-inline-greeting.yaml +63 -0
- package/.aios-core/product/templates/activation-instructions-template.md +258 -0
- package/.aios-core/product/templates/adr.hbs +125 -0
- package/.aios-core/product/templates/agent-template.yaml +121 -0
- package/.aios-core/product/templates/architecture-tmpl.yaml +651 -0
- package/.aios-core/product/templates/brainstorming-output-tmpl.yaml +156 -0
- package/.aios-core/product/templates/brownfield-architecture-tmpl.yaml +476 -0
- package/.aios-core/product/templates/brownfield-prd-tmpl.yaml +280 -0
- package/.aios-core/product/templates/changelog-template.md +134 -0
- package/.aios-core/product/templates/command-rationalization-matrix.md +152 -0
- package/.aios-core/product/templates/competitor-analysis-tmpl.yaml +293 -0
- package/.aios-core/product/templates/component-react-tmpl.tsx +98 -0
- package/.aios-core/product/templates/dbdr.hbs +241 -0
- package/.aios-core/product/templates/design-story-tmpl.yaml +587 -0
- package/.aios-core/product/templates/ds-artifact-analysis.md +70 -0
- package/.aios-core/product/templates/engine/elicitation.js +298 -0
- package/.aios-core/product/templates/engine/index.js +308 -0
- package/.aios-core/product/templates/engine/loader.js +231 -0
- package/.aios-core/product/templates/engine/renderer.js +343 -0
- package/.aios-core/product/templates/engine/schemas/adr.schema.json +102 -0
- package/.aios-core/product/templates/engine/schemas/dbdr.schema.json +205 -0
- package/.aios-core/product/templates/engine/schemas/epic.schema.json +175 -0
- package/.aios-core/product/templates/engine/schemas/pmdr.schema.json +175 -0
- package/.aios-core/product/templates/engine/schemas/prd-v2.schema.json +300 -0
- package/.aios-core/product/templates/engine/schemas/prd.schema.json +152 -0
- package/.aios-core/product/templates/engine/schemas/story.schema.json +222 -0
- package/.aios-core/product/templates/engine/schemas/task.schema.json +154 -0
- package/.aios-core/product/templates/engine/validator.js +294 -0
- package/.aios-core/product/templates/epic.hbs +212 -0
- package/.aios-core/product/templates/eslintrc-security.json +32 -0
- package/.aios-core/product/templates/front-end-architecture-tmpl.yaml +206 -0
- package/.aios-core/product/templates/front-end-spec-tmpl.yaml +349 -0
- package/.aios-core/product/templates/fullstack-architecture-tmpl.yaml +805 -0
- package/.aios-core/product/templates/github-actions-cd.yml +212 -0
- package/.aios-core/product/templates/github-actions-ci.yml +172 -0
- package/.aios-core/product/templates/github-pr-template.md +67 -0
- package/.aios-core/product/templates/gordon-mcp.yaml +140 -0
- package/.aios-core/product/templates/ide-rules/antigravity-rules.md +115 -0
- package/.aios-core/product/templates/ide-rules/claude-rules.md +221 -0
- package/.aios-core/product/templates/ide-rules/cline-rules.md +84 -0
- package/.aios-core/product/templates/ide-rules/copilot-rules.md +92 -0
- package/.aios-core/product/templates/ide-rules/cursor-rules.md +115 -0
- package/.aios-core/product/templates/ide-rules/gemini-rules.md +85 -0
- package/.aios-core/product/templates/ide-rules/roo-rules.md +86 -0
- package/.aios-core/product/templates/ide-rules/trae-rules.md +104 -0
- package/.aios-core/product/templates/ide-rules/windsurf-rules.md +80 -0
- package/.aios-core/product/templates/index-strategy-tmpl.yaml +53 -0
- package/.aios-core/product/templates/market-research-tmpl.yaml +252 -0
- package/.aios-core/product/templates/mcp-workflow.js +271 -0
- package/.aios-core/product/templates/migration-plan-tmpl.yaml +1022 -0
- package/.aios-core/product/templates/migration-strategy-tmpl.md +524 -0
- package/.aios-core/product/templates/personalized-agent-template.md +258 -0
- package/.aios-core/product/templates/personalized-checklist-template.md +340 -0
- package/.aios-core/product/templates/personalized-task-template-v2.md +905 -0
- package/.aios-core/product/templates/personalized-task-template.md +344 -0
- package/.aios-core/product/templates/personalized-template-file.yaml +322 -0
- package/.aios-core/product/templates/personalized-workflow-template.yaml +460 -0
- package/.aios-core/product/templates/pmdr.hbs +186 -0
- package/.aios-core/product/templates/prd-tmpl.yaml +202 -0
- package/.aios-core/product/templates/prd-v2.0.hbs +216 -0
- package/.aios-core/product/templates/prd.hbs +201 -0
- package/.aios-core/product/templates/project-brief-tmpl.yaml +221 -0
- package/.aios-core/product/templates/qa-gate-tmpl.yaml +240 -0
- package/.aios-core/product/templates/rls-policies-tmpl.yaml +1203 -0
- package/.aios-core/product/templates/schema-design-tmpl.yaml +428 -0
- package/.aios-core/product/templates/shock-report-tmpl.html +502 -0
- package/.aios-core/product/templates/state-persistence-tmpl.yaml +219 -0
- package/.aios-core/product/templates/story-tmpl.yaml +332 -0
- package/.aios-core/product/templates/story.hbs +263 -0
- package/.aios-core/product/templates/task-execution-report.md +495 -0
- package/.aios-core/product/templates/task-template.md +123 -0
- package/.aios-core/product/templates/task.hbs +170 -0
- package/.aios-core/product/templates/tmpl-comment-on-examples.sql +158 -0
- package/.aios-core/product/templates/tmpl-migration-script.sql +91 -0
- package/.aios-core/product/templates/tmpl-rls-granular-policies.sql +104 -0
- package/.aios-core/product/templates/tmpl-rls-kiss-policy.sql +10 -0
- package/.aios-core/product/templates/tmpl-rls-roles.sql +135 -0
- package/.aios-core/product/templates/tmpl-rls-simple.sql +77 -0
- package/.aios-core/product/templates/tmpl-rls-tenant.sql +152 -0
- package/.aios-core/product/templates/tmpl-rollback-script.sql +77 -0
- package/.aios-core/product/templates/tmpl-seed-data.sql +140 -0
- package/.aios-core/product/templates/tmpl-smoke-test.sql +16 -0
- package/.aios-core/product/templates/tmpl-staging-copy-merge.sql +139 -0
- package/.aios-core/product/templates/tmpl-stored-proc.sql +140 -0
- package/.aios-core/product/templates/tmpl-trigger.sql +152 -0
- package/.aios-core/product/templates/tmpl-view-materialized.sql +133 -0
- package/.aios-core/product/templates/tmpl-view.sql +177 -0
- package/.aios-core/product/templates/token-exports-css-tmpl.css +240 -0
- package/.aios-core/product/templates/token-exports-tailwind-tmpl.js +395 -0
- package/.aios-core/product/templates/tokens-schema-tmpl.yaml +305 -0
- package/.aios-core/product/templates/workflow-template.yaml +134 -0
- package/.aios-core/quality/metrics-collector.js +572 -0
- package/.aios-core/quality/metrics-hook.js +260 -0
- package/.aios-core/quality/schemas/quality-metrics.schema.json +233 -0
- package/.aios-core/quality/seed-metrics.js +336 -0
- package/.aios-core/scripts/README.md +354 -0
- package/.aios-core/scripts/aios-doc-template.md +325 -0
- package/.aios-core/scripts/batch-migrate-phase1.ps1 +36 -0
- package/.aios-core/scripts/batch-migrate-phase2.ps1 +88 -0
- package/.aios-core/scripts/batch-migrate-phase3.ps1 +45 -0
- package/.aios-core/scripts/command-execution-hook.js +201 -0
- package/.aios-core/scripts/context-detector.js +226 -0
- package/.aios-core/scripts/elicitation-engine.js +385 -0
- package/.aios-core/scripts/elicitation-session-manager.js +300 -0
- package/.aios-core/scripts/migrate-framework-docs.sh +300 -0
- package/.aios-core/scripts/session-context-loader.js +286 -0
- package/.aios-core/scripts/test-template-system.js +941 -0
- package/.aios-core/scripts/validate-phase1.ps1 +35 -0
- package/.aios-core/scripts/workflow-management.md +69 -0
- package/.aios-core/tasks/find-component.md.legacy +391 -0
- package/.aios-core/tasks/generate-commit-message.md.legacy +426 -0
- package/.aios-core/tasks/generate-migration.md.legacy +382 -0
- package/.aios-core/tasks/rollback-modification.md.legacy +307 -0
- package/.aios-core/tasks/update-tests.md.legacy +283 -0
- package/.aios-core/user-guide.md +1413 -0
- package/.aios-core/working-in-the-brownfield.md +361 -0
- package/.claude/CLAUDE.md +221 -0
- package/LICENSE +48 -0
- package/README.md +703 -0
- package/bin/aios-init-old.js +532 -0
- package/bin/aios-init-v4.js +390 -0
- package/bin/aios-init.backup-v1.1.4.js +352 -0
- package/bin/aios-init.js +736 -0
- package/bin/aios-minimal.js +26 -0
- package/bin/aios.js +279 -0
- package/bin/migrate-pm-config.js +219 -0
- package/bin/modules/env-config.js +436 -0
- package/bin/modules/mcp-installer.js +383 -0
- package/bin/utils/install-errors.js +339 -0
- package/bin/utils/install-transaction.js +445 -0
- package/index.d.ts +19 -0
- package/index.esm.js +21 -0
- package/index.js +94 -0
- package/package.json +161 -0
- package/packages/installer/package.json +39 -0
- package/packages/installer/src/config/configure-environment.js +312 -0
- package/packages/installer/src/config/templates/core-config-template.js +183 -0
- package/packages/installer/src/config/templates/env-template.js +127 -0
- package/packages/installer/src/config/validation/config-validator.js +243 -0
- package/packages/installer/src/detection/detect-project-type.js +81 -0
- package/packages/installer/src/wizard/wizard.js +244 -0
- package/packages/installer/tests/integration/environment-configuration.test.js +328 -0
- package/packages/installer/tests/integration/wizard-detection.test.js +349 -0
- package/packages/installer/tests/unit/config-validator.test.js +315 -0
- package/packages/installer/tests/unit/detection/detect-project-type.test.js +401 -0
- package/packages/installer/tests/unit/env-template.test.js +185 -0
- package/src/config/ide-configs.js +189 -0
- package/src/installer/aios-core-installer.js +319 -0
- package/src/installer/dependency-installer.js +335 -0
- package/src/utils/aios-colors.js +234 -0
- package/src/wizard/feedback.js +218 -0
- package/src/wizard/ide-config-generator.js +488 -0
- package/src/wizard/ide-selector.js +84 -0
- package/src/wizard/index.js +589 -0
- package/src/wizard/questions.js +249 -0
- package/src/wizard/validation/index.js +120 -0
- package/src/wizard/validation/report-generator.js +269 -0
- package/src/wizard/validation/troubleshooting-system.js +346 -0
- package/src/wizard/validation/validators/config-validator.js +362 -0
- package/src/wizard/validation/validators/dependency-validator.js +333 -0
- package/src/wizard/validation/validators/file-structure-validator.js +181 -0
- package/src/wizard/validation/validators/mcp-health-checker.js +310 -0
- package/src/wizard/validators.js +274 -0
- package/templates/squad/LICENSE +21 -0
- package/templates/squad/README.md +37 -0
- package/templates/squad/agents/example-agent.yaml +36 -0
- package/templates/squad/package.json +19 -0
- package/templates/squad/squad.yaml +25 -0
- package/templates/squad/tasks/example-task.yaml +46 -0
- package/templates/squad/templates/example-template.md +24 -0
- package/templates/squad/tests/example-agent.test.js +53 -0
- package/templates/squad/workflows/example-workflow.yaml +54 -0
- package/tools/package-builder.js +35 -0
|
@@ -0,0 +1,653 @@
|
|
|
1
|
+
# Task: Apply RLS Policy Template
|
|
2
|
+
|
|
3
|
+
**Purpose**: Install KISS or granular RLS policies on a table
|
|
4
|
+
|
|
5
|
+
**Elicit**: true
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## Execution Modes
|
|
10
|
+
|
|
11
|
+
**Choose your execution mode:**
|
|
12
|
+
|
|
13
|
+
### 1. YOLO Mode - Fast, Autonomous (0-1 prompts)
|
|
14
|
+
- Autonomous decision making with logging
|
|
15
|
+
- Minimal user interaction
|
|
16
|
+
- **Best for:** Simple, deterministic tasks
|
|
17
|
+
|
|
18
|
+
### 2. Interactive Mode - Balanced, Educational (5-10 prompts) **[DEFAULT]**
|
|
19
|
+
- Explicit decision checkpoints
|
|
20
|
+
- Educational explanations
|
|
21
|
+
- **Best for:** Learning, complex decisions
|
|
22
|
+
|
|
23
|
+
### 3. Pre-Flight Planning - Comprehensive Upfront Planning
|
|
24
|
+
- Task analysis phase (identify all ambiguities)
|
|
25
|
+
- Zero ambiguity execution
|
|
26
|
+
- **Best for:** Ambiguous requirements, critical work
|
|
27
|
+
|
|
28
|
+
**Parameter:** `mode` (optional, default: `interactive`)
|
|
29
|
+
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## Task Definition (AIOS Task Format V1.0)
|
|
33
|
+
|
|
34
|
+
```yaml
|
|
35
|
+
task: dbPolicyApply()
|
|
36
|
+
responsável: Dara (Sage)
|
|
37
|
+
responsavel_type: Agente
|
|
38
|
+
atomic_layer: Config
|
|
39
|
+
|
|
40
|
+
**Entrada:**
|
|
41
|
+
- campo: query
|
|
42
|
+
tipo: string
|
|
43
|
+
origem: User Input
|
|
44
|
+
obrigatório: true
|
|
45
|
+
validação: Valid SQL query
|
|
46
|
+
|
|
47
|
+
- campo: params
|
|
48
|
+
tipo: object
|
|
49
|
+
origem: User Input
|
|
50
|
+
obrigatório: false
|
|
51
|
+
validação: Query parameters
|
|
52
|
+
|
|
53
|
+
- campo: connection
|
|
54
|
+
tipo: object
|
|
55
|
+
origem: config
|
|
56
|
+
obrigatório: true
|
|
57
|
+
validação: Valid PostgreSQL connection via Supabase
|
|
58
|
+
|
|
59
|
+
**Saída:**
|
|
60
|
+
- campo: query_result
|
|
61
|
+
tipo: array
|
|
62
|
+
destino: Memory
|
|
63
|
+
persistido: false
|
|
64
|
+
|
|
65
|
+
- campo: records_affected
|
|
66
|
+
tipo: number
|
|
67
|
+
destino: Return value
|
|
68
|
+
persistido: false
|
|
69
|
+
|
|
70
|
+
- campo: execution_time
|
|
71
|
+
tipo: number
|
|
72
|
+
destino: Memory
|
|
73
|
+
persistido: false
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
|
|
78
|
+
## Pre-Conditions
|
|
79
|
+
|
|
80
|
+
**Purpose:** Validate prerequisites BEFORE task execution (blocking)
|
|
81
|
+
|
|
82
|
+
**Checklist:**
|
|
83
|
+
|
|
84
|
+
```yaml
|
|
85
|
+
pre-conditions:
|
|
86
|
+
- [ ] Database connection established; query syntax valid
|
|
87
|
+
tipo: pre-condition
|
|
88
|
+
blocker: true
|
|
89
|
+
validação: |
|
|
90
|
+
Check database connection established; query syntax valid
|
|
91
|
+
error_message: "Pre-condition failed: Database connection established; query syntax valid"
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
---
|
|
95
|
+
|
|
96
|
+
## Post-Conditions
|
|
97
|
+
|
|
98
|
+
**Purpose:** Validate execution success AFTER task completes
|
|
99
|
+
|
|
100
|
+
**Checklist:**
|
|
101
|
+
|
|
102
|
+
```yaml
|
|
103
|
+
post-conditions:
|
|
104
|
+
- [ ] Query executed; results returned; transaction committed
|
|
105
|
+
tipo: post-condition
|
|
106
|
+
blocker: true
|
|
107
|
+
validação: |
|
|
108
|
+
Verify query executed; results returned; transaction committed
|
|
109
|
+
error_message: "Post-condition failed: Query executed; results returned; transaction committed"
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Acceptance Criteria
|
|
115
|
+
|
|
116
|
+
**Purpose:** Definitive pass/fail criteria for task completion
|
|
117
|
+
|
|
118
|
+
**Checklist:**
|
|
119
|
+
|
|
120
|
+
```yaml
|
|
121
|
+
acceptance-criteria:
|
|
122
|
+
- [ ] Data persisted correctly; constraints respected; no orphaned data
|
|
123
|
+
tipo: acceptance-criterion
|
|
124
|
+
blocker: true
|
|
125
|
+
validação: |
|
|
126
|
+
Assert data persisted correctly; constraints respected; no orphaned data
|
|
127
|
+
error_message: "Acceptance criterion not met: Data persisted correctly; constraints respected; no orphaned data"
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
---
|
|
131
|
+
|
|
132
|
+
## Tools
|
|
133
|
+
|
|
134
|
+
**External/shared resources used by this task:**
|
|
135
|
+
|
|
136
|
+
- **Tool:** neo4j-driver
|
|
137
|
+
- **Purpose:** Neo4j database connection and query execution
|
|
138
|
+
- **Source:** npm: neo4j-driver
|
|
139
|
+
|
|
140
|
+
- **Tool:** query-validator
|
|
141
|
+
- **Purpose:** Cypher query syntax validation
|
|
142
|
+
- **Source:** .aios-core/utils/db-query-validator.js
|
|
143
|
+
|
|
144
|
+
---
|
|
145
|
+
|
|
146
|
+
## Scripts
|
|
147
|
+
|
|
148
|
+
**Agent-specific code for this task:**
|
|
149
|
+
|
|
150
|
+
- **Script:** db-query.js
|
|
151
|
+
- **Purpose:** Execute Neo4j queries with error handling
|
|
152
|
+
- **Language:** JavaScript
|
|
153
|
+
- **Location:** .aios-core/scripts/db-query.js
|
|
154
|
+
|
|
155
|
+
---
|
|
156
|
+
|
|
157
|
+
## Error Handling
|
|
158
|
+
|
|
159
|
+
**Strategy:** abort
|
|
160
|
+
|
|
161
|
+
**Common Errors:**
|
|
162
|
+
|
|
163
|
+
1. **Error:** Connection Failed
|
|
164
|
+
- **Cause:** Unable to connect to Neo4j database
|
|
165
|
+
- **Resolution:** Check connection string, credentials, network
|
|
166
|
+
- **Recovery:** Retry with exponential backoff (max 3 attempts)
|
|
167
|
+
|
|
168
|
+
2. **Error:** Query Syntax Error
|
|
169
|
+
- **Cause:** Invalid Cypher query syntax
|
|
170
|
+
- **Resolution:** Validate query syntax before execution
|
|
171
|
+
- **Recovery:** Return detailed syntax error, suggest fix
|
|
172
|
+
|
|
173
|
+
3. **Error:** Transaction Rollback
|
|
174
|
+
- **Cause:** Query violates constraints or timeout
|
|
175
|
+
- **Resolution:** Review query logic and constraints
|
|
176
|
+
- **Recovery:** Automatic rollback, preserve data integrity
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## Performance
|
|
181
|
+
|
|
182
|
+
**Expected Metrics:**
|
|
183
|
+
|
|
184
|
+
```yaml
|
|
185
|
+
duration_expected: 2-10 min (estimated)
|
|
186
|
+
cost_estimated: $0.001-0.008
|
|
187
|
+
token_usage: ~800-2,500 tokens
|
|
188
|
+
```
|
|
189
|
+
|
|
190
|
+
**Optimization Notes:**
|
|
191
|
+
- Validate configuration early; use atomic writes; implement rollback checkpoints
|
|
192
|
+
|
|
193
|
+
---
|
|
194
|
+
|
|
195
|
+
## Metadata
|
|
196
|
+
|
|
197
|
+
```yaml
|
|
198
|
+
story: N/A
|
|
199
|
+
version: 1.0.0
|
|
200
|
+
dependencies:
|
|
201
|
+
- N/A
|
|
202
|
+
tags:
|
|
203
|
+
- database
|
|
204
|
+
- infrastructure
|
|
205
|
+
updated_at: 2025-11-17
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
---
|
|
209
|
+
|
|
210
|
+
|
|
211
|
+
## 🚀 NEW: Use Automated RLS Policy Installer (RECOMMENDED)
|
|
212
|
+
|
|
213
|
+
**Token Savings: 89% | Time Savings: ~85%**
|
|
214
|
+
|
|
215
|
+
```bash
|
|
216
|
+
# Use the rls-policy-installer script
|
|
217
|
+
./expansion-packs/super-agentes/scripts/database-operations/rls-policy-installer.sh {table} {mode}
|
|
218
|
+
|
|
219
|
+
# Examples:
|
|
220
|
+
./expansion-packs/super-agentes/scripts/database-operations/rls-policy-installer.sh minds kiss
|
|
221
|
+
./expansion-packs/super-agentes/scripts/database-operations/rls-policy-installer.sh sources read-only
|
|
222
|
+
./expansion-packs/super-agentes/scripts/database-operations/rls-policy-installer.sh fragments private
|
|
223
|
+
|
|
224
|
+
# Available modes: kiss, read-only, private, team, custom
|
|
225
|
+
|
|
226
|
+
# Benefits:
|
|
227
|
+
# - Standardized policy templates
|
|
228
|
+
# - Automatic testing after installation
|
|
229
|
+
# - Safety checks for existing policies
|
|
230
|
+
# - 89% token savings
|
|
231
|
+
```
|
|
232
|
+
|
|
233
|
+
**OR continue with manual policy installation below:**
|
|
234
|
+
|
|
235
|
+
---
|
|
236
|
+
|
|
237
|
+
## Inputs
|
|
238
|
+
|
|
239
|
+
- `table` (string): Table name to apply policy to
|
|
240
|
+
- `mode` (string): 'kiss' or 'granular' - policy type
|
|
241
|
+
|
|
242
|
+
---
|
|
243
|
+
|
|
244
|
+
## Process (Manual Method)
|
|
245
|
+
|
|
246
|
+
### 1. Validate Inputs
|
|
247
|
+
|
|
248
|
+
Check table exists and mode is valid:
|
|
249
|
+
|
|
250
|
+
```bash
|
|
251
|
+
echo "Validating inputs..."
|
|
252
|
+
|
|
253
|
+
# Check table exists
|
|
254
|
+
psql "$SUPABASE_DB_URL" -c \
|
|
255
|
+
"SELECT EXISTS (
|
|
256
|
+
SELECT 1 FROM information_schema.tables
|
|
257
|
+
WHERE table_schema = 'public' AND table_name = '{table}'
|
|
258
|
+
);" | grep -q t || {
|
|
259
|
+
echo "❌ Table '{table}' not found"
|
|
260
|
+
exit 1
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
# Check mode
|
|
264
|
+
if [[ "{mode}" != "kiss" && "{mode}" != "granular" ]]; then
|
|
265
|
+
echo "❌ Invalid mode: {mode}"
|
|
266
|
+
echo " Use 'kiss' or 'granular'"
|
|
267
|
+
exit 1
|
|
268
|
+
fi
|
|
269
|
+
|
|
270
|
+
echo "✓ Table exists: {table}"
|
|
271
|
+
echo "✓ Mode: {mode}"
|
|
272
|
+
```
|
|
273
|
+
|
|
274
|
+
### 2. Check Existing Policies
|
|
275
|
+
|
|
276
|
+
Display current RLS status:
|
|
277
|
+
|
|
278
|
+
```bash
|
|
279
|
+
echo "Checking existing RLS policies..."
|
|
280
|
+
|
|
281
|
+
psql "$SUPABASE_DB_URL" << EOF
|
|
282
|
+
SELECT
|
|
283
|
+
schemaname,
|
|
284
|
+
tablename,
|
|
285
|
+
policyname,
|
|
286
|
+
permissive,
|
|
287
|
+
roles,
|
|
288
|
+
cmd,
|
|
289
|
+
qual,
|
|
290
|
+
with_check
|
|
291
|
+
FROM pg_policies
|
|
292
|
+
WHERE tablename = '{table}';
|
|
293
|
+
EOF
|
|
294
|
+
|
|
295
|
+
echo ""
|
|
296
|
+
echo "RLS enabled on {table}?"
|
|
297
|
+
psql "$SUPABASE_DB_URL" -c \
|
|
298
|
+
"SELECT relrowsecurity FROM pg_class WHERE relname = '{table}';" \
|
|
299
|
+
| grep -q t && echo "✓ Yes" || echo "⚠️ No (will be enabled)"
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
### 3. Ask User Confirmation
|
|
303
|
+
|
|
304
|
+
Present policy that will be applied based on mode:
|
|
305
|
+
|
|
306
|
+
**If mode = 'kiss':**
|
|
307
|
+
```
|
|
308
|
+
Will apply KISS policy to {table}:
|
|
309
|
+
- Enable RLS
|
|
310
|
+
- Single policy: users can only access their own rows
|
|
311
|
+
- Uses: (select auth.uid()) = user_id [PERFORMANCE OPTIMIZED]
|
|
312
|
+
- Applies to: SELECT, INSERT, UPDATE, DELETE
|
|
313
|
+
|
|
314
|
+
⚠️ CRITICAL PERFORMANCE NOTE:
|
|
315
|
+
Wrapping auth.uid() in SELECT provides 99.99% performance improvement
|
|
316
|
+
by allowing PostgreSQL to cache the function result.
|
|
317
|
+
|
|
318
|
+
Continue? (yes/no)
|
|
319
|
+
```
|
|
320
|
+
|
|
321
|
+
**If mode = 'granular':**
|
|
322
|
+
```
|
|
323
|
+
Will apply granular policies to {table}:
|
|
324
|
+
- Enable RLS
|
|
325
|
+
- Separate policies for each operation (SELECT, INSERT, UPDATE, DELETE)
|
|
326
|
+
- Fine-grained control
|
|
327
|
+
- Uses: auth.uid() = user_id
|
|
328
|
+
|
|
329
|
+
Continue? (yes/no)
|
|
330
|
+
```
|
|
331
|
+
|
|
332
|
+
Get confirmation before proceeding.
|
|
333
|
+
|
|
334
|
+
### 4. Generate Policy SQL
|
|
335
|
+
|
|
336
|
+
Based on mode, generate appropriate SQL:
|
|
337
|
+
|
|
338
|
+
**KISS Mode:**
|
|
339
|
+
```sql
|
|
340
|
+
-- Enable RLS
|
|
341
|
+
ALTER TABLE {table} ENABLE ROW LEVEL SECURITY;
|
|
342
|
+
|
|
343
|
+
-- Drop existing policies (if any)
|
|
344
|
+
DROP POLICY IF EXISTS "{table}_policy" ON {table};
|
|
345
|
+
|
|
346
|
+
-- Create single KISS policy (PERFORMANCE OPTIMIZED)
|
|
347
|
+
CREATE POLICY "{table}_policy"
|
|
348
|
+
ON {table}
|
|
349
|
+
FOR ALL
|
|
350
|
+
TO authenticated
|
|
351
|
+
USING (
|
|
352
|
+
-- ✅ CRITICAL: Wrap auth.uid() in SELECT for 99.99% performance gain
|
|
353
|
+
-- This allows PostgreSQL to cache the function result per statement
|
|
354
|
+
(select auth.uid()) IS NOT NULL AND
|
|
355
|
+
(select auth.uid()) = user_id
|
|
356
|
+
)
|
|
357
|
+
WITH CHECK (
|
|
358
|
+
(select auth.uid()) IS NOT NULL AND
|
|
359
|
+
(select auth.uid()) = user_id
|
|
360
|
+
);
|
|
361
|
+
|
|
362
|
+
-- Add helpful comment
|
|
363
|
+
COMMENT ON POLICY "{table}_policy" ON {table} IS
|
|
364
|
+
'KISS policy: users can only access their own rows (performance optimized with cached auth.uid())';
|
|
365
|
+
```
|
|
366
|
+
|
|
367
|
+
**Granular Mode (PERFORMANCE OPTIMIZED):**
|
|
368
|
+
```sql
|
|
369
|
+
-- Enable RLS
|
|
370
|
+
ALTER TABLE {table} ENABLE ROW LEVEL SECURITY;
|
|
371
|
+
|
|
372
|
+
-- Drop existing policies (if any)
|
|
373
|
+
DROP POLICY IF EXISTS "{table}_select" ON {table};
|
|
374
|
+
DROP POLICY IF EXISTS "{table}_insert" ON {table};
|
|
375
|
+
DROP POLICY IF EXISTS "{table}_update" ON {table};
|
|
376
|
+
DROP POLICY IF EXISTS "{table}_delete" ON {table};
|
|
377
|
+
|
|
378
|
+
-- SELECT: Users read own rows
|
|
379
|
+
-- ✅ Wrapping auth.uid() in SELECT provides 99.99% performance improvement
|
|
380
|
+
CREATE POLICY "{table}_select"
|
|
381
|
+
ON {table}
|
|
382
|
+
FOR SELECT
|
|
383
|
+
TO authenticated
|
|
384
|
+
USING (
|
|
385
|
+
(select auth.uid()) IS NOT NULL AND
|
|
386
|
+
(select auth.uid()) = user_id
|
|
387
|
+
);
|
|
388
|
+
|
|
389
|
+
-- INSERT: Users create own rows
|
|
390
|
+
CREATE POLICY "{table}_insert"
|
|
391
|
+
ON {table}
|
|
392
|
+
FOR INSERT
|
|
393
|
+
TO authenticated
|
|
394
|
+
WITH CHECK (
|
|
395
|
+
(select auth.uid()) IS NOT NULL AND
|
|
396
|
+
(select auth.uid()) = user_id
|
|
397
|
+
);
|
|
398
|
+
|
|
399
|
+
-- UPDATE: Users update own rows
|
|
400
|
+
CREATE POLICY "{table}_update"
|
|
401
|
+
ON {table}
|
|
402
|
+
FOR UPDATE
|
|
403
|
+
TO authenticated
|
|
404
|
+
USING (
|
|
405
|
+
(select auth.uid()) IS NOT NULL AND
|
|
406
|
+
(select auth.uid()) = user_id
|
|
407
|
+
)
|
|
408
|
+
WITH CHECK (
|
|
409
|
+
(select auth.uid()) IS NOT NULL AND
|
|
410
|
+
(select auth.uid()) = user_id
|
|
411
|
+
);
|
|
412
|
+
|
|
413
|
+
-- DELETE: Users delete own rows
|
|
414
|
+
CREATE POLICY "{table}_delete"
|
|
415
|
+
ON {table}
|
|
416
|
+
FOR DELETE
|
|
417
|
+
TO authenticated
|
|
418
|
+
USING (
|
|
419
|
+
(select auth.uid()) IS NOT NULL AND
|
|
420
|
+
(select auth.uid()) = user_id
|
|
421
|
+
);
|
|
422
|
+
|
|
423
|
+
-- Add helpful comments
|
|
424
|
+
COMMENT ON POLICY "{table}_select" ON {table} IS 'Users can read own rows (cached auth.uid())';
|
|
425
|
+
COMMENT ON POLICY "{table}_insert" ON {table} IS 'Users can insert own rows (cached auth.uid())';
|
|
426
|
+
COMMENT ON POLICY "{table}_update" ON {table} IS 'Users can update own rows (cached auth.uid())';
|
|
427
|
+
COMMENT ON POLICY "{table}_delete" ON {table} IS 'Users can delete own rows (cached auth.uid())';
|
|
428
|
+
```
|
|
429
|
+
|
|
430
|
+
### 5. Create Migration File
|
|
431
|
+
|
|
432
|
+
Save policy SQL to migration file:
|
|
433
|
+
|
|
434
|
+
```bash
|
|
435
|
+
TS=$(date +%Y%m%d%H%M%S)
|
|
436
|
+
MIGRATION_FILE="supabase/migrations/${TS}_rls_${mode}__{table}.sql"
|
|
437
|
+
|
|
438
|
+
mkdir -p supabase/migrations
|
|
439
|
+
|
|
440
|
+
cat > "$MIGRATION_FILE" << 'EOF'
|
|
441
|
+
-- Migration: Apply {mode} RLS policy to {table}
|
|
442
|
+
-- Generated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
|
|
443
|
+
-- Table: {table}
|
|
444
|
+
-- Mode: {mode}
|
|
445
|
+
|
|
446
|
+
BEGIN;
|
|
447
|
+
|
|
448
|
+
[... SQL from step 4 ...]
|
|
449
|
+
|
|
450
|
+
COMMIT;
|
|
451
|
+
EOF
|
|
452
|
+
|
|
453
|
+
echo "✓ Migration created: $MIGRATION_FILE"
|
|
454
|
+
```
|
|
455
|
+
|
|
456
|
+
### 6. Apply Migration
|
|
457
|
+
|
|
458
|
+
Use existing db-apply-migration task:
|
|
459
|
+
|
|
460
|
+
```bash
|
|
461
|
+
echo "Applying migration..."
|
|
462
|
+
# Execute db-apply-migration task internally
|
|
463
|
+
# (This will create snapshots, apply, verify)
|
|
464
|
+
```
|
|
465
|
+
|
|
466
|
+
### 7. Test Policies
|
|
467
|
+
|
|
468
|
+
Verify policies work correctly:
|
|
469
|
+
|
|
470
|
+
```bash
|
|
471
|
+
echo "Testing RLS policies..."
|
|
472
|
+
|
|
473
|
+
# Test 1: Anonymous user should see nothing
|
|
474
|
+
psql "$SUPABASE_DB_URL" << EOF
|
|
475
|
+
SET ROLE anon;
|
|
476
|
+
SELECT COUNT(*) AS anon_count FROM {table};
|
|
477
|
+
RESET ROLE;
|
|
478
|
+
EOF
|
|
479
|
+
|
|
480
|
+
# Test 2: Authenticated user should see only their rows
|
|
481
|
+
# (Requires setting up test user - provide instructions)
|
|
482
|
+
|
|
483
|
+
echo ""
|
|
484
|
+
echo "✓ Policy tests complete"
|
|
485
|
+
echo " ⚠️ Manual testing recommended:"
|
|
486
|
+
echo " - Use *impersonate to test as specific user"
|
|
487
|
+
echo " - Verify each operation (SELECT, INSERT, UPDATE, DELETE)"
|
|
488
|
+
```
|
|
489
|
+
|
|
490
|
+
---
|
|
491
|
+
|
|
492
|
+
## Output
|
|
493
|
+
|
|
494
|
+
Display summary:
|
|
495
|
+
```
|
|
496
|
+
✅ RLS POLICY APPLIED
|
|
497
|
+
|
|
498
|
+
Table: {table}
|
|
499
|
+
Mode: {mode}
|
|
500
|
+
Migration: supabase/migrations/{TS}_rls_{mode}__{table}.sql
|
|
501
|
+
Policies: [list created policies]
|
|
502
|
+
|
|
503
|
+
Next steps:
|
|
504
|
+
1. Test policies manually: *impersonate {user_id}
|
|
505
|
+
2. Run RLS audit: *rls-audit
|
|
506
|
+
3. Update documentation
|
|
507
|
+
4. Commit migration to git
|
|
508
|
+
```
|
|
509
|
+
|
|
510
|
+
---
|
|
511
|
+
|
|
512
|
+
## Notes
|
|
513
|
+
|
|
514
|
+
### KISS vs Granular
|
|
515
|
+
|
|
516
|
+
**KISS** (Keep It Simple, Stupid):
|
|
517
|
+
- ✅ Single policy for all operations
|
|
518
|
+
- ✅ Easier to understand
|
|
519
|
+
- ✅ Less verbose
|
|
520
|
+
- ❌ Less flexible
|
|
521
|
+
|
|
522
|
+
**Granular**:
|
|
523
|
+
- ✅ Separate policies per operation
|
|
524
|
+
- ✅ Fine-grained control
|
|
525
|
+
- ✅ Can have different logic per operation
|
|
526
|
+
- ❌ More verbose
|
|
527
|
+
|
|
528
|
+
### Common Patterns
|
|
529
|
+
|
|
530
|
+
**Public Read, Authenticated Write (Performance Optimized):**
|
|
531
|
+
```sql
|
|
532
|
+
-- SELECT: Public
|
|
533
|
+
CREATE POLICY "{table}_select" ON {table}
|
|
534
|
+
FOR SELECT TO public
|
|
535
|
+
USING (true);
|
|
536
|
+
|
|
537
|
+
-- INSERT/UPDATE/DELETE: Authenticated users only
|
|
538
|
+
CREATE POLICY "{table}_write" ON {table}
|
|
539
|
+
FOR ALL TO authenticated
|
|
540
|
+
USING (
|
|
541
|
+
(select auth.uid()) IS NOT NULL AND
|
|
542
|
+
(select auth.uid()) = user_id
|
|
543
|
+
)
|
|
544
|
+
WITH CHECK (
|
|
545
|
+
(select auth.uid()) IS NOT NULL AND
|
|
546
|
+
(select auth.uid()) = user_id
|
|
547
|
+
);
|
|
548
|
+
```
|
|
549
|
+
|
|
550
|
+
**Tenant-Based (Performance Optimized):**
|
|
551
|
+
```sql
|
|
552
|
+
CREATE POLICY "{table}_tenant" ON {table}
|
|
553
|
+
FOR ALL TO authenticated
|
|
554
|
+
USING (
|
|
555
|
+
(select auth.uid()) IS NOT NULL AND
|
|
556
|
+
tenant_id IN (
|
|
557
|
+
SELECT tenant_id FROM user_tenants
|
|
558
|
+
WHERE user_id = (select auth.uid())
|
|
559
|
+
)
|
|
560
|
+
);
|
|
561
|
+
```
|
|
562
|
+
|
|
563
|
+
### Performance Tips
|
|
564
|
+
|
|
565
|
+
**Critical Performance Optimization:**
|
|
566
|
+
Always wrap `auth.uid()` in a `SELECT` statement:
|
|
567
|
+
```sql
|
|
568
|
+
-- ❌ SLOW (99.99% slower)
|
|
569
|
+
USING (auth.uid() = user_id)
|
|
570
|
+
|
|
571
|
+
-- ✅ FAST (cached per statement)
|
|
572
|
+
USING ((select auth.uid()) = user_id)
|
|
573
|
+
```
|
|
574
|
+
|
|
575
|
+
**Why it matters:**
|
|
576
|
+
- Without SELECT: PostgreSQL calls `auth.uid()` for EVERY row
|
|
577
|
+
- With SELECT: PostgreSQL caches the result for the entire statement
|
|
578
|
+
- Performance improvement: **99.99%** (essentially 10,000x faster on large tables)
|
|
579
|
+
|
|
580
|
+
**Index Recommendations:**
|
|
581
|
+
- Always index columns used in policies (e.g., `user_id`, `tenant_id`)
|
|
582
|
+
- Example: `CREATE INDEX idx_{table}_user_id ON {table}(user_id);`
|
|
583
|
+
- Performance improvement: **99.94%** when combined with wrapped auth functions
|
|
584
|
+
|
|
585
|
+
---
|
|
586
|
+
|
|
587
|
+
## Security Warnings ⚠️
|
|
588
|
+
|
|
589
|
+
### CRITICAL: Do NOT Use raw_user_meta_data in Policies
|
|
590
|
+
|
|
591
|
+
```sql
|
|
592
|
+
-- ❌ DANGEROUS - User can modify this data!
|
|
593
|
+
CREATE POLICY "bad_policy" ON {table}
|
|
594
|
+
USING (
|
|
595
|
+
(auth.jwt() -> 'user_metadata' ->> 'role') = 'admin'
|
|
596
|
+
);
|
|
597
|
+
```
|
|
598
|
+
|
|
599
|
+
**Why dangerous:** `raw_user_meta_data` can be modified by the user through Supabase Auth client. An attacker can set `{ "role": "admin" }` and bypass security!
|
|
600
|
+
|
|
601
|
+
**Safe alternative:** Use `raw_app_meta_data` (server-only):
|
|
602
|
+
```sql
|
|
603
|
+
-- ✅ SAFE - Only server can modify app_metadata
|
|
604
|
+
CREATE POLICY "safe_policy" ON {table}
|
|
605
|
+
USING (
|
|
606
|
+
(auth.jwt() -> 'app_metadata' ->> 'role') = 'admin'
|
|
607
|
+
);
|
|
608
|
+
```
|
|
609
|
+
|
|
610
|
+
### Auth NULL Check
|
|
611
|
+
|
|
612
|
+
Always check if user is authenticated:
|
|
613
|
+
```sql
|
|
614
|
+
-- ❌ Missing NULL check
|
|
615
|
+
USING (auth.uid() = user_id) -- Fails silently for anon users
|
|
616
|
+
|
|
617
|
+
-- ✅ Explicit authentication check
|
|
618
|
+
USING (
|
|
619
|
+
(select auth.uid()) IS NOT NULL AND
|
|
620
|
+
(select auth.uid()) = user_id
|
|
621
|
+
)
|
|
622
|
+
```
|
|
623
|
+
|
|
624
|
+
### Policy Debugging
|
|
625
|
+
|
|
626
|
+
Enable RLS policies in SQL Editor (dev only):
|
|
627
|
+
```sql
|
|
628
|
+
-- Temporarily disable RLS for debugging (DANGEROUS - dev only!)
|
|
629
|
+
ALTER TABLE {table} DISABLE ROW LEVEL SECURITY;
|
|
630
|
+
|
|
631
|
+
-- Re-enable when done
|
|
632
|
+
ALTER TABLE {table} ENABLE ROW LEVEL SECURITY;
|
|
633
|
+
```
|
|
634
|
+
|
|
635
|
+
---
|
|
636
|
+
|
|
637
|
+
## Prerequisites
|
|
638
|
+
|
|
639
|
+
Table must have:
|
|
640
|
+
- `user_id UUID` column (for user-based policies)
|
|
641
|
+
- Or `tenant_id` column (for tenant-based policies)
|
|
642
|
+
- **Indexes on all policy filter columns** (critical for performance!)
|
|
643
|
+
- `CREATE INDEX idx_{table}_user_id ON {table}(user_id);`
|
|
644
|
+
|
|
645
|
+
---
|
|
646
|
+
|
|
647
|
+
## Error Handling
|
|
648
|
+
|
|
649
|
+
If policy application fails:
|
|
650
|
+
1. Check table has required columns (user_id, etc.)
|
|
651
|
+
2. Verify auth.uid() is available (Supabase)
|
|
652
|
+
3. Check for existing policies with same names
|
|
653
|
+
4. Rollback migration if needed: `*rollback`
|