catalyst-os 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/.catalyst/main/project-config.yaml +11 -0
  2. package/.catalyst/spec-structure.yaml +241 -0
  3. package/.catalyst/specs/spec-config.yaml +109 -0
  4. package/.catalyst/standards/coding.md +187 -0
  5. package/.catalyst/standards/git-workflow.md +181 -0
  6. package/.catalyst/standards/testing.md +185 -0
  7. package/.catalyst/workflows/approve-spec.md +413 -0
  8. package/.catalyst/workflows/build-spec.md +527 -0
  9. package/.catalyst/workflows/build-task.md +434 -0
  10. package/.catalyst/workflows/catalyze-project.md +212 -0
  11. package/.catalyst/workflows/catalyze-spec.md +265 -0
  12. package/.catalyst/workflows/validate-spec.md +388 -0
  13. package/.claude/agents/alchemist.md +84 -0
  14. package/.claude/agents/arbiter.md +142 -0
  15. package/.claude/agents/catalyst.md +102 -0
  16. package/.claude/agents/enforcer.md +62 -0
  17. package/.claude/agents/forge-master.md +318 -0
  18. package/.claude/agents/forger.md +216 -0
  19. package/.claude/agents/inquisitor.md +70 -0
  20. package/.claude/agents/necromancer.md +84 -0
  21. package/.claude/agents/oracle.md +67 -0
  22. package/.claude/agents/scout.md +74 -0
  23. package/.claude/agents/scribe.md +163 -0
  24. package/.claude/agents/seer.md +108 -0
  25. package/.claude/agents/sentinel.md +58 -0
  26. package/.claude/agents/shaper.md +85 -0
  27. package/.claude/agents/smith.md +85 -0
  28. package/.claude/agents/surveyor.md +52 -0
  29. package/.claude/agents/watcher.md +69 -0
  30. package/.claude/commands/approve-spec.md +383 -0
  31. package/.claude/commands/build-spec.md +381 -0
  32. package/.claude/commands/build-task.md +210 -0
  33. package/.claude/commands/catalyze-project.md +112 -0
  34. package/.claude/commands/catalyze-spec.md +197 -0
  35. package/.claude/commands/mission.md +48 -0
  36. package/.claude/commands/reject-spec.md +125 -0
  37. package/.claude/commands/roadmap.md +62 -0
  38. package/.claude/commands/status-spec.md +289 -0
  39. package/.claude/commands/tech-stack.md +75 -0
  40. package/.claude/commands/update-spec.md +265 -0
  41. package/.claude/commands/validate-spec.md +265 -0
  42. package/.claude/settings.local.json +13 -0
  43. package/.claude/skills/catalysts/build-orchestration/SKILL.md +54 -0
  44. package/.claude/skills/catalysts/spec-orchestration/SKILL.md +52 -0
  45. package/.claude/skills/catalysts/validation-orchestration/SKILL.md +50 -0
  46. package/.claude/skills/guardians/browser-automation/SKILL.md +58 -0
  47. package/.claude/skills/guardians/code-review/SKILL.md +60 -0
  48. package/.claude/skills/guardians/dependency-audit/SKILL.md +63 -0
  49. package/.claude/skills/guardians/e2e-test-execution/SKILL.md +52 -0
  50. package/.claude/skills/guardians/lint-checking/SKILL.md +46 -0
  51. package/.claude/skills/guardians/secret-scanning/SKILL.md +69 -0
  52. package/.claude/skills/guardians/test-fixture-creation/SKILL.md +54 -0
  53. package/.claude/skills/guardians/unit-test-writing/SKILL.md +57 -0
  54. package/.claude/skills/seekers/codebase-analysis/SKILL.md +67 -0
  55. package/.claude/skills/seekers/context7-lookup/SKILL.md +59 -0
  56. package/.claude/skills/seekers/documentation-management/SKILL.md +190 -0
  57. package/.claude/skills/seekers/figma-analysis/SKILL.md +57 -0
  58. package/.claude/skills/seekers/github-research/SKILL.md +57 -0
  59. package/.claude/skills/seekers/reddit-research/SKILL.md +55 -0
  60. package/.claude/skills/seekers/requirement-elicitation/SKILL.md +53 -0
  61. package/.claude/skills/seekers/ui-pattern-hunting/SKILL.md +62 -0
  62. package/.claude/skills/seekers/web-research/SKILL.md +61 -0
  63. package/.claude/skills/technologists/ai-integration/SKILL.md +53 -0
  64. package/.claude/skills/technologists/api-development/SKILL.md +51 -0
  65. package/.claude/skills/technologists/migration-creation/SKILL.md +58 -0
  66. package/.claude/skills/technologists/ml-pipeline/SKILL.md +54 -0
  67. package/.claude/skills/technologists/react-development/SKILL.md +61 -0
  68. package/.claude/skills/technologists/schema-design/SKILL.md +54 -0
  69. package/.claude/skills/technologists/service-implementation/SKILL.md +49 -0
  70. package/.claude/skills/technologists/task-breakdown/SKILL.md +60 -0
  71. package/.claude/skills/technologists/ui-component-building/SKILL.md +58 -0
  72. package/.claude-plugin/plugin.json +43 -0
  73. package/README.md +440 -0
  74. package/bin/install.js +174 -0
  75. package/package.json +40 -0
package/.catalyst/workflows/catalyze-spec.md ADDED
@@ -0,0 +1,265 @@
1
+ # /catalyze-spec Workflow
2
+
3
+ > Shape a new specification from a feature request.
4
+
5
+ ---
6
+
7
+ ## Quick Reference
8
+
9
+ ```
10
+ Command: /catalyze-spec "feature description"
11
+ Orchestrator: Catalyst (Opus)
12
+ Agents: Oracle → [Seer + Scout + Surveyor] → Scribe
13
+ Output: .catalyst/specs/YYYY-MM-DD-{slug}/
14
+ ```
15
+
16
+ ---
17
+
18
+ ## Workflow Diagram
19
+
20
+ ```
21
+ ┌─────────────────────────────────────────────────────────────────────────────┐
22
+ │ /catalyze-spec "Login pages and supabase auth" │
23
+ └─────────────────────────────────────────────────────────────────────────────┘
24
+
25
+
26
+ ┌─────────────────────────────────────────────────────────────────────────────┐
27
+ │ 🎯 CATALYST (Orchestrator) │
28
+ └─────────────────────────────────────────────────────────────────────────────┘
29
+
30
+ ┌──────────────────────────────┼──────────────────────────────┐
31
+ ▼ ▼ ▼
32
+ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐
33
+ │ PHASE 0 │ │ PHASE 1 │ │ PHASE 2 │
34
+ │ Roadmap │───────────▶│ Initialize │───────────▶│ Oracle │
35
+ │ Assessment │ │ Spec Folder │ │ (Sequential)│
36
+ └───────────────┘ └───────────────┘ └───────────────┘
37
+
38
+
39
+ ┌────────────────────────────────────────────────┐
40
+ │ PHASE 3: PARALLEL RESEARCH │
41
+ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
42
+ │ │ SEER │ │ SCOUT │ │ SURVEYOR│ │
43
+ │ │Codebase │ │ Web │ │ UI │ │
44
+ │ └─────────┘ └─────────┘ └─────────┘ │
45
+ └────────────────────────────────────────────────┘
46
+
47
+
48
+ ┌───────────────┐ ┌───────────────┐
49
+ │ PHASE 4 │ │ │
50
+ │ Scribe │───────────▶│ OUTPUT │
51
+ │ (Compile) │ │ │
52
+ └───────────────┘ └───────────────┘
53
+ ```
54
+
55
+ ---
56
+
57
+ ## Phase Details
58
+
59
+ ### Phase 0: Roadmap Impact Assessment
60
+
61
+ ```
62
+ ┌─────────────────────────────────────────────────────────────────┐
63
+ │ 📍 ROADMAP ASSESSMENT │
64
+ │ ───────────────────── │
65
+ │ │
66
+ │ 1. Read existing roadmap (if present) │
67
+ │ └── Check .catalyst/main/roadmap.md │
68
+ │ │
69
+ │ 2. Analyze request scope: │
70
+ │ │
71
+ │ ┌─────────────────────┬─────────────────────────────────┐ │
72
+ │ │ SMALL REQUEST │ LARGE REQUEST │ │
73
+ │ ├─────────────────────┼─────────────────────────────────┤ │
74
+ │ │ • Dark mode toggle │ • Stripe integration │ │
75
+ │ │ • Fix button style │ • Authentication system │ │
76
+ │ │ • Add validation │ • Database migration │ │
77
+ │ │ │ │ │
78
+ │ │ → Proceed directly │ → Update roadmap first │ │
79
+ │ └─────────────────────┴─────────────────────────────────┘ │
80
+ │ │
81
+ └─────────────────────────────────────────────────────────────────┘
82
+ ```
83
+
84
+ ### Phase 1: Initialize Spec Folder
85
+
86
+ ```
87
+ ┌─────────────────────────────────────────────────────────────────┐
88
+ │ 📍 INITIALIZE SPEC FOLDER │
89
+ │ ───────────────────────── │
90
+ │ │
91
+ │ Create structure: │
92
+ │ │
93
+ │ .catalyst/specs/2026-01-11-supabase-auth/ │
94
+ │ ├── spec.md ← Requirements (empty, Scribe fills) │
95
+ │ ├── research.md ← Research findings (empty) │
96
+ │ ├── handoff.md ← Living document (created now) │
97
+ │ └── assets/ ← Images, diagrams, mockups │
98
+ │ │
99
+ └─────────────────────────────────────────────────────────────────┘
100
+ ```
101
+
102
+ ### Phase 2: Requirements Gathering (Oracle) - SEQUENTIAL
103
+
104
+ ```
105
+ ┌─────────────────────────────────────────────────────────────────┐
106
+ │ 📍 REQUIREMENTS GATHERING │
107
+ │ ───────────────────────── │
108
+ │ │
109
+ │ ⚠️ THIS PHASE MUST COMPLETE BEFORE RESEARCH BEGINS │
110
+ │ │
111
+ │ ┌──────────────────────────────────────────────────────────┐ │
112
+ │ │ 🔮 ORACLE │ │
113
+ │ │ │ │
114
+ │ │ For "Login pages and supabase auth": │ │
115
+ │ │ │ │
116
+ │ │ ❓ Auth methods? (Email/password, OAuth providers?) │ │
117
+ │ │ ❓ Password reset flow needed? │ │
118
+ │ │ ❓ Session management preferences? │ │
119
+ │ │ ❓ Role-based access control? │ │
120
+ │ │ ❓ MFA requirements? │ │
121
+ │ │ │ │
122
+ │ │ ⏳ Wait for user responses │ │
123
+ │ │ │ │
124
+ │ │ 📋 Synthesize requirements │ │
125
+ │ │ └── Hand off to Scribe │ │
126
+ │ └──────────────────────────────────────────────────────────┘ │
127
+ │ │
128
+ └─────────────────────────────────────────────────────────────────┘
129
+ ```
130
+
131
+ ### Phase 3: Research (PARALLEL)
132
+
133
+ ```
134
+ ┌─────────────────────────────────────────────────────────────────┐
135
+ │ 📍 PARALLEL RESEARCH │
136
+ │ ──────────────────── │
137
+ │ │
138
+ │ ⚡ ALL THREE AGENTS RUN SIMULTANEOUSLY │
139
+ │ │
140
+ │ ┌────────────────────┐ ┌────────────────────┐ ┌──────────────┐ │
141
+ │ │ 👁️ SEER │ │ 🔍 SCOUT │ │ 📐 SURVEYOR │ │
142
+ │ │ Codebase Analysis │ │ Web Research │ │ UI Research │ │
143
+ │ ├────────────────────┤ ├────────────────────┤ ├──────────────┤ │
144
+ │ │ │ │ │ │ │ │
145
+ │ │ • Find existing │ │ • Supabase Auth │ │ • Login page │ │
146
+ │ │ auth code │ │ best practices │ │ patterns │ │
147
+ │ │ │ │ │ │ │ │
148
+ │ │ • Analyze project │ │ • Next.js + │ │ • Auth form │ │
149
+ │ │ structure │ │ Supabase │ │ designs │ │
150
+ │ │ │ │ patterns │ │ │ │
151
+ │ │ • Check env │ │ │ │ • Error │ │
152
+ │ │ config patterns │ │ • SSR auth │ │ states │ │
153
+ │ │ │ │ strategies │ │ │ │
154
+ │ │ • Find route │ │ │ │ • OAuth │ │
155
+ │ │ protection │ │ • Common security │ │ buttons │ │
156
+ │ │ patterns │ │ pitfalls │ │ │ │
157
+ │ │ │ │ │ │ │ │
158
+ │ └────────────────────┘ └────────────────────┘ └──────────────┘ │
159
+ │ │ │ │ │
160
+ │ └──────────────────────┼────────────────────┘ │
161
+ │ ▼ │
162
+ │ research.md │
163
+ │ (all findings appended) │
164
+ │ │
165
+ └─────────────────────────────────────────────────────────────────┘
166
+ ```
167
+
168
+ ### Phase 4: Compile Specification (Scribe)
169
+
170
+ ```
171
+ ┌─────────────────────────────────────────────────────────────────┐
172
+ │ 📍 COMPILE SPECIFICATION │
173
+ │ ──────────────────────── │
174
+ │ │
175
+ │ ┌──────────────────────────────────────────────────────────┐ │
176
+ │ │ 📜 SCRIBE │ │
177
+ │ │ │ │
178
+ │ │ Compiles all findings into spec.md: │ │
179
+ │ │ │ │
180
+ │ │ ┌────────────────────────────────────────────────────┐ │ │
181
+ │ │ │ # Supabase Authentication System │ │ │
182
+ │ │ │ │ │ │
183
+ │ │ │ > Status: DRAFT │ │ │
184
+ │ │ │ │ │ │
185
+ │ │ │ ## Overview │ │ │
186
+ │ │ │ Complete auth system with login/signup pages │ │ │
187
+ │ │ │ │ │ │
188
+ │ │ │ ## User Stories │ │ │
189
+ │ │ │ - As a user, I want to sign up with email... │ │ │
190
+ │ │ │ - As a user, I want to login with Google... │ │ │
191
+ │ │ │ │ │ │
192
+ │ │ │ ## Requirements │ │ │
193
+ │ │ │ ### Functional │ │ │
194
+ │ │ │ - [ ] REQ-001: Email/password authentication │ │ │
195
+ │ │ │ - [ ] REQ-002: OAuth with Google provider │ │ │
196
+ │ │ │ │ │ │
197
+ │ │ │ ### Non-Functional │ │ │
198
+ │ │ │ - [ ] SEC-001: Passwords never stored plaintext │ │ │
199
+ │ │ │ - [ ] PERF-001: Auth check < 50ms │ │ │
200
+ │ │ │ │ │ │
201
+ │ │ │ ## Acceptance Criteria │ │ │
202
+ │ │ │ 1. User can sign up with valid email │ │ │
203
+ │ │ │ 2. Invalid login shows error message │ │ │
204
+ │ │ └────────────────────────────────────────────────────┘ │ │
205
+ │ └──────────────────────────────────────────────────────────┘ │
206
+ │ │
207
+ └─────────────────────────────────────────────────────────────────┘
208
+ ```
209
+
210
+ ---
211
+
212
+ ## Output
213
+
214
+ ```
215
+ ✅ Spec shaped successfully!
216
+
217
+ Created: .catalyst/specs/2026-01-11-supabase-auth/
218
+ ├── spec.md ← Requirements documented
219
+ ├── research.md ← Research findings
220
+ ├── handoff.md ← Living document
221
+ └── assets/ ← UI references
222
+
223
+ [If roadmap was updated:]
224
+ 📝 Roadmap updated: .catalyst/main/roadmap.md
225
+
226
+ ⚠️ REMINDER: /build-spec follows strict TDD
227
+ 1. Tests written FIRST (Enforcer)
228
+ 2. Tests must FAIL (red phase)
229
+ 3. Then implement (Builders)
230
+ 4. Tests must PASS (green phase)
231
+
232
+ ➡️ Next: Run /build-spec @2026-01-11-supabase-auth
233
+ ```
234
+
235
+ ---
236
+
237
+ ## Agents Involved
238
+
239
+ | Agent | Role | Model | Execution |
240
+ |-------|------|-------|-----------|
241
+ | **Catalyst** | Orchestrator | Opus | Coordinates all |
242
+ | **Oracle** | Requirements | Sonnet | Sequential (first) |
243
+ | **Seer** | Codebase | Sonnet | Parallel |
244
+ | **Scout** | Web Research | Sonnet | Parallel |
245
+ | **Surveyor** | UI Research | Sonnet | Parallel |
246
+ | **Scribe** | Documentation | Sonnet | Sequential (last) |
247
+
248
+ ---
249
+
250
+ ## Execution Flow
251
+
252
+ ```
253
+ HYBRID EXECUTION (Sequential + Parallel)
254
+
255
+ ┌─────────────────────────────────────────┐
256
+ │ PARALLEL BLOCK │
257
+ │ ┌───────┐ ┌───────┐ ┌───────┐ │
258
+ Oracle ────────────▶│ │ Seer │ │ Scout │ │Surveyor│ │────────▶ Scribe
259
+ (must complete │ └───────┘ └───────┘ └───────┘ │ (compile)
260
+ first) │ (run simultaneously) │
261
+ └─────────────────────────────────────────┘
262
+
263
+ WRONG: Oracle → Seer → Scout → Surveyor → Scribe (one by one)
264
+ RIGHT: Oracle → [Seer + Scout + Surveyor] → Scribe (parallel research)
265
+ ```
package/.catalyst/workflows/validate-spec.md ADDED
@@ -0,0 +1,388 @@
1
+ # /validate-spec Workflow
2
+
3
+ > Run validation checks on a completed implementation.
4
+
5
+ ---
6
+
7
+ ## Quick Reference
8
+
9
+ ```
10
+ Command: /validate-spec @2026-01-11-supabase-auth
11
+ Orchestrator: Arbiter (Opus)
12
+ Agents: [Enforcer + Sentinel + Inquisitor + Watcher] (parallel)
13
+ Output: validation.md, handoff.md
14
+ ```
15
+
16
+ ---
17
+
18
+ ## TDD Compliance Check
19
+
20
+ ```
21
+ ╔═══════════════════════════════════════════════════════════════════════════╗
22
+ ║ ║
23
+ ║ ⚠️ BEFORE VALIDATION BEGINS, VERIFY TDD WAS FOLLOWED ║
24
+ ║ ║
25
+ ║ 1. Check tasks.md has test locations for each task ║
26
+ ║ 2. Verify all tests pass ║
27
+ ║ 3. Verify tests were written before implementation ║
28
+ ║ ║
29
+ ║ If TDD was skipped → REJECT and return to /build-spec ║
30
+ ║ ║
31
+ ╚═══════════════════════════════════════════════════════════════════════════╝
32
+ ```
33
+
34
+ ---
35
+
36
+ ## Workflow Diagram
37
+
38
+ ```
39
+ ┌─────────────────────────────────────────────────────────────────────────────┐
40
+ │ /validate-spec @2026-01-11-supabase-auth │
41
+ └─────────────────────────────────────────────────────────────────────────────┘
42
+
43
+
44
+ ┌─────────────────────────────────────────────────────────────────────────────┐
45
+ │ ⚖️ ARBITER (Validation Orchestrator) │
46
+ └─────────────────────────────────────────────────────────────────────────────┘
47
+
48
+
49
+ ┌──────────────────────────────────┐
50
+ │ PHASE 0: TDD COMPLIANCE CHECK │
51
+ │ (Sequential - MUST pass first) │
52
+ └──────────────────────────────────┘
53
+
54
+ ┌─────────────┴─────────────┐
55
+ │ │
56
+ PASS ▼ FAIL ▼
57
+ │ │
58
+ ┌──────────────────┐ ┌──────────────────┐
59
+ │ Continue to │ │ ❌ BLOCKED │
60
+ │ validation │ │ Return to │
61
+ │ │ │ /build-spec │
62
+ └──────────────────┘ └──────────────────┘
63
+
64
+
65
+ ┌─────────────────────────────────────────────────────────────┐
66
+ │ PHASES 1-4: PARALLEL VALIDATION │
67
+ │ │
68
+ │ ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────┐ │
69
+ │ │ ENFORCER │ │ SENTINEL │ │ INQUISITOR│ │ WATCHER │ │
70
+ │ │ (Unit) │ │ (E2E) │ │ (Lint) │ │ (Security)│ │
71
+ │ └───────────┘ └───────────┘ └───────────┘ └───────────┘ │
72
+ │ │
73
+ └─────────────────────────────────────────────────────────────┘
74
+
75
+
76
+ ┌──────────────────┐
77
+ │ PHASE 5: │
78
+ │ Compile Results │
79
+ │ (Arbiter) │
80
+ └──────────────────┘
81
+
82
+
83
+ ┌──────────────────┐
84
+ │ PHASE 6: │
85
+ │ Generate │
86
+ │ handoff.md │
87
+ └──────────────────┘
88
+
89
+
90
+ ┌──────────────────┐
91
+ │ OUTPUT │
92
+ └──────────────────┘
93
+ ```
94
+
95
+ ---
96
+
97
+ ## Phase Details
98
+
99
+ ### Phase 0: TDD Compliance Verification (BLOCKING)
100
+
101
+ ```
102
+ ┌─────────────────────────────────────────────────────────────────┐
103
+ │ 📍 TDD COMPLIANCE CHECK │
104
+ │ ─────────────────────── │
105
+ │ │
106
+ │ ⚠️ THIS PHASE MUST PASS BEFORE ANY VALIDATION BEGINS │
107
+ │ │
108
+ │ ┌──────────────────────────────────────────────────────────┐ │
109
+ │ │ Verification Steps: │ │
110
+ │ │ │ │
111
+ │ │ 1. Read tasks.md │ │
112
+ │ │ └── Check Progress section │ │
113
+ │ │ │ │
114
+ │ │ 2. Verify each task has associated tests │ │
115
+ │ │ ┌──────────────────────────────────────────────┐ │ │
116
+ │ │ │ Task │ Test Location │ │ │
117
+ │ │ ├─────────┼────────────────────────────────────┤ │ │
118
+ │ │ │ T-001 │ tests/db/user-profiles.test.ts │ │ │
119
+ │ │ │ T-002 │ tests/db/sessions.test.ts │ │ │
120
+ │ │ │ T-003 │ tests/services/auth.test.ts │ │ │
121
+ │ │ │ ... │ ... │ │ │
122
+ │ │ └──────────────────────────────────────────────┘ │ │
123
+ │ │ │ │
124
+ │ │ 3. Run all tests to confirm they pass │ │
125
+ │ │ $ npm test │ │
126
+ │ │ Expected: 45 passed, 0 failed │ │
127
+ │ │ │ │
128
+ │ └──────────────────────────────────────────────────────────┘ │
129
+ │ │
130
+ │ ┌──────────────────────────────────────────────────────────┐ │
131
+ │ │ IF NOT COMPLIANT: │ │
132
+ │ │ │ │
133
+ │ │ ❌ VALIDATION BLOCKED │ │
134
+ │ │ │ │
135
+ │ │ TDD compliance not verified. │ │
136
+ │ │ - Tests missing for tasks: T-003, T-005 │ │
137
+ │ │ - OR tests written after implementation │ │
138
+ │ │ │ │
139
+ │ │ Action: Return to /build-spec and follow TDD process │ │
140
+ │ └──────────────────────────────────────────────────────────┘ │
141
+ │ │
142
+ └─────────────────────────────────────────────────────────────────┘
143
+ ```
144
+
145
+ ### Phases 1-4: Parallel Validation
146
+
147
+ ```
148
+ ┌─────────────────────────────────────────────────────────────────┐
149
+ │ 📍 PARALLEL VALIDATION │
150
+ │ ────────────────────── │
151
+ │ │
152
+ │ ⚡ ALL FOUR GUARDIANS RUN SIMULTANEOUSLY │
153
+ │ │
154
+ │ ┌────────────────┐ ┌────────────────┐ │
155
+ │ │ 🛡️ ENFORCER │ │ 🏰 SENTINEL │ │
156
+ │ │ Unit Tests │ │ E2E Tests │ │
157
+ │ ├────────────────┤ ├────────────────┤ │
158
+ │ │ │ │ │ │
159
+ │ │ • Run all unit │ │ • Run full E2E │ │
160
+ │ │ tests │ │ test suite │ │
161
+ │ │ │ │ │ │
162
+ │ │ • Check │ │ • Test user │ │
163
+ │ │ coverage │ │ flows │ │
164
+ │ │ thresholds │ │ │ │
165
+ │ │ │ │ • Capture │ │
166
+ │ │ • Verify test │ │ screenshots │ │
167
+ │ │ quality │ │ on failure │ │
168
+ │ │ │ │ │ │
169
+ │ │ Result: │ │ Result: │ │
170
+ │ │ 45/45 (87%) │ │ 12/12 passing │ │
171
+ │ └────────────────┘ └────────────────┘ │
172
+ │ │
173
+ │ ┌────────────────┐ ┌────────────────┐ │
174
+ │ │ 🔍 INQUISITOR │ │ 👁️ WATCHER │ │
175
+ │ │ Code Quality │ │ Security │ │
176
+ │ ├────────────────┤ ├────────────────┤ │
177
+ │ │ │ │ │ │
178
+ │ │ • Run linters │ │ • Dependency │ │
179
+ │ │ │ │ audit │ │
180
+ │ │ • Code review │ │ │ │
181
+ │ │ checks │ │ • Secret │ │
182
+ │ │ │ │ scanning │ │
183
+ │ │ • Check │ │ │ │
184
+ │ │ documentation│ │ • Input │ │
185
+ │ │ gaps │ │ validation │ │
186
+ │ │ │ │ checks │ │
187
+ │ │ Result: │ │ │ │
188
+ │ │ 0 errors │ │ Result: │ │
189
+ │ │ 2 warnings │ │ No vulns │ │
190
+ │ └────────────────┘ └────────────────┘ │
191
+ │ │
192
+ └─────────────────────────────────────────────────────────────────┘
193
+ ```
194
+
195
+ ### Phase 5: Compile Results (Arbiter)
196
+
197
+ ```
198
+ ┌─────────────────────────────────────────────────────────────────┐
199
+ │ 📍 COMPILE RESULTS │
200
+ │ ────────────────── │
201
+ │ │
202
+ │ Arbiter creates validation.md: │
203
+ │ │
204
+ │ ┌──────────────────────────────────────────────────────────┐ │
205
+ │ │ # Validation: Supabase Authentication │ │
206
+ │ │ │ │
207
+ │ │ ## Date: 2026-01-11 │ │
208
+ │ │ │ │
209
+ │ │ ## TDD Compliance │ │
210
+ │ │ - [x] Tests written before implementation │ │
211
+ │ │ - [x] All tasks have tests │ │
212
+ │ │ - [x] All tests pass │ │
213
+ │ │ │ │
214
+ │ │ ## Test Results │ │
215
+ │ │ │ │
216
+ │ │ ### Unit Tests (Enforcer) │ │
217
+ │ │ - Total: 45 │ │
218
+ │ │ - Passing: 45 │ │
219
+ │ │ - Coverage: 87% │ │
220
+ │ │ │ │
221
+ │ │ ### E2E Tests (Sentinel) │ │
222
+ │ │ - Total: 12 │ │
223
+ │ │ - Passing: 12 │ │
224
+ │ │ │ │
225
+ │ │ ## Quality Checks │ │
226
+ │ │ │ │
227
+ │ │ ### Lint (Inquisitor) │ │
228
+ │ │ - Status: PASS │ │
229
+ │ │ - Errors: 0 │ │
230
+ │ │ - Warnings: 2 │ │
231
+ │ │ │ │
232
+ │ │ ### Security (Watcher) │ │
233
+ │ │ - Dependencies: No vulnerabilities │ │
234
+ │ │ - Secrets: None exposed │ │
235
+ │ │ - Inputs: Sanitized │ │
236
+ │ │ │ │
237
+ │ │ ## Overall Status: PASS ✅ │ │
238
+ │ └──────────────────────────────────────────────────────────┘ │
239
+ │ │
240
+ └─────────────────────────────────────────────────────────────────┘
241
+ ```
242
+
243
+ ### Phase 6: Generate handoff.md (On Success)
244
+
245
+ ```
246
+ ┌─────────────────────────────────────────────────────────────────┐
247
+ │ 📍 GENERATE HANDOFF │
248
+ │ ─────────────────── │
249
+ │ │
250
+ │ If all validation passes, Arbiter generates handoff.md: │
251
+ │ │
252
+ │ ┌──────────────────────────────────────────────────────────┐ │
253
+ │ │ # Supabase Authentication - Handoff │ │
254
+ │ │ │ │
255
+ │ │ > Generated: 2026-01-11 │ │
256
+ │ │ │ │
257
+ │ │ ## Summary │ │
258
+ │ │ Complete authentication system using Supabase Auth │ │
259
+ │ │ with email/password and Google OAuth support. │ │
260
+ │ │ │ │
261
+ │ │ ## What Changed │ │
262
+ │ │ - Added user profiles and sessions tables │ │
263
+ │ │ - Created auth service with Supabase integration │ │
264
+ │ │ - Built login and signup pages with forms │ │
265
+ │ │ - Implemented protected route middleware │ │
266
+ │ │ │ │
267
+ │ │ ## Key Decisions │ │
268
+ │ │ | Decision | Why | │ │
269
+ │ │ |-----------------------|------------------------------|│ │
270
+ │ │ | JWT in httpOnly | Security best practice | │ │
271
+ │ │ | Server-side sessions | SSR compatibility | │ │
272
+ │ │ │ │
273
+ │ │ ## Files Modified │ │
274
+ │ │ - src/lib/supabase.ts - Supabase client setup │ │
275
+ │ │ - src/services/auth.ts - Auth service wrapper │ │
276
+ │ │ - src/pages/login.tsx - Login page │ │
277
+ │ │ - src/pages/signup.tsx - Signup page │ │
278
+ │ │ - src/middleware.ts - Auth middleware │ │
279
+ │ │ │ │
280
+ │ │ ## How to Test │ │
281
+ │ │ 1. Visit /login and enter credentials │ │
282
+ │ │ 2. Try accessing protected route without auth │ │
283
+ │ │ 3. Sign up with new email │ │
284
+ │ │ 4. Test Google OAuth flow │ │
285
+ │ │ │ │
286
+ │ │ ## Edge Cases & Gotchas │ │
287
+ │ │ - Session expires after 7 days │ │
288
+ │ │ - OAuth requires callback URL in Supabase dashboard │ │
289
+ │ │ │ │
290
+ │ │ ## Follow-up Items │ │
291
+ │ │ - [ ] Add password reset flow │ │
292
+ │ │ - [ ] Implement MFA │ │
293
+ │ └──────────────────────────────────────────────────────────┘ │
294
+ │ │
295
+ └─────────────────────────────────────────────────────────────────┘
296
+ ```
297
+
298
+ ---
299
+
300
+ ## Output
301
+
302
+ ### Success
303
+
304
+ ```
305
+ ✅ Validation complete!
306
+
307
+ Spec: 2026-01-11-supabase-auth
308
+
309
+ TDD Compliance: VERIFIED
310
+
311
+ Results:
312
+ ├── Unit Tests: 45/45 passing (87% coverage)
313
+ ├── E2E Tests: 12/12 passing
314
+ ├── Lint: No errors
315
+ ├── Code Quality: 2 suggestions
316
+ └── Security: No vulnerabilities
317
+
318
+ Status: READY FOR APPROVAL
319
+
320
+ Created:
321
+ ├── .catalyst/specs/2026-01-11-supabase-auth/validation.md
322
+ └── .catalyst/specs/2026-01-11-supabase-auth/handoff.md
323
+
324
+ ➡️ Next: Review handoff.md and run:
325
+ /approve-spec @2026-01-11-supabase-auth
326
+ Or: /reject-spec @2026-01-11-supabase-auth "reason"
327
+ ```
328
+
329
+ ### TDD Failure
330
+
331
+ ```
332
+ ❌ Validation blocked!
333
+
334
+ Spec: 2026-01-11-supabase-auth
335
+
336
+ TDD Compliance: FAILED
337
+ ├── Tests missing for tasks: T-003, T-005
338
+ └── OR tests written after implementation
339
+
340
+ Status: BLOCKED - RETURN TO BUILD
341
+
342
+ Action: Run /build-spec @2026-01-11-supabase-auth
343
+ Follow TDD process (tests BEFORE code)
344
+ Then re-run /validate-spec
345
+ ```
346
+
347
+ ### Validation Failure
348
+
349
+ ```
350
+ ❌ Validation failed!
351
+
352
+ Spec: 2026-01-11-supabase-auth
353
+
354
+ Failed Checks:
355
+ ├── E2E Tests: 2 failures
356
+ └── Security: 1 vulnerability found
357
+
358
+ Created: .catalyst/specs/2026-01-11-supabase-auth/validation.md
359
+
360
+ Action: Fix issues and re-run /validate-spec
361
+ ```
362
+
363
+ ---
364
+
365
+ ## Agents Involved
366
+
367
+ | Agent | Role | Model | Execution |
368
+ |-------|------|-------|-----------|
369
+ | **Arbiter** | Orchestrator | Opus | Coordinates |
370
+ | **Enforcer** | Unit Tests | Sonnet | Parallel |
371
+ | **Sentinel** | E2E Tests | Sonnet | Parallel |
372
+ | **Inquisitor** | Code Quality | Sonnet | Parallel |
373
+ | **Watcher** | Security | Sonnet | Parallel |
374
+
375
+ ---
376
+
377
+ ## Execution Flow
378
+
379
+ ```
380
+ SEQUENTIAL GATE THEN PARALLEL
381
+
382
+ TDD Check ──▶ [Enforcer + Sentinel + Inquisitor + Watcher] ──▶ Arbiter
383
+ (blocking) (all run simultaneously) (compile)
384
+ │ │ │
385
+ │ │ │
386
+ verify parallel validation.md
387
+ compliance validation handoff.md
388
+ ```