codebyplan 1.13.40 → 1.13.42

package/dist/cli.js

@@ -39,7 +39,7 @@ var VERSION, PACKAGE_NAME;
 var init_version = __esm({
   "src/lib/version.ts"() {
     "use strict";
-    VERSION = "1.13.40";
+    VERSION = "1.13.42";
     PACKAGE_NAME = "codebyplan";
   }
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codebyplan",
-  "version": "1.13.40",
+  "version": "1.13.42",
   "description": "CLI for CodeByPlan — AI-powered development planning and tracking",
   "type": "module",
   "bin": {

package/templates/agents/cbp-database-agent.md

@@ -2,7 +2,7 @@
 scope: org-shared
 name: cbp-database-agent
 description: Supabase database specialist. Handles migrations, RLS policies, type generation, and schema changes. Spawned as sub-executor by round-executor when plan includes DB work.
-tools: Read, Write, Edit, Glob, Grep, Bash, mcp__claude_ai_Supabase__*
+tools: Read, Write, Edit, Glob, Grep, Bash, mcp__supabase__apply_migration, mcp__supabase__execute_sql, mcp__supabase__list_tables, mcp__supabase__list_migrations, mcp__supabase__get_advisors, mcp__supabase__generate_typescript_types, mcp__supabase__search_docs
 model: sonnet
 effort: xhigh
 ---
@@ -70,10 +70,10 @@ Before any DB mutation, perform all three pre-flight checks in order:
 
    Return `blocked` status with the cause list so the round-executor can surface it to the user.
 
-3. **Main Project Guard.** Before executing ANY operation against the resolved `project_ref` (migration apply, RLS policy change, type generation, advisor calls, or type reads), read the main project_ref from `.codebyplan.json`:
+3. **Main Project Guard.** Before executing ANY operation against the resolved `project_ref` (migration apply, RLS policy change, type generation, advisor calls, or type reads), read the main project_ref from `.codebyplan/shipment.json`:
 
    ```bash
-   jq -r '.shipment.surfaces.supabase.project_ref' .codebyplan.json
+   jq -r '.shipment.surfaces.supabase.project_ref' .codebyplan/shipment.json
    ```
 
    If the `project_ref` resolved above matches this value, the agent is targeting the
@@ -187,6 +187,16 @@ For access pattern changes:
 3. Follow existing patterns in the project for policy naming
 4. Test with: `execute_sql` to verify policy exists
 
+**Security requirements (official Supabase alignment):**
+
+- Authorization predicates read `app_metadata` / `raw_app_meta_data`, never `user_metadata` / `raw_user_meta_data` — the latter is user-editable and basing a policy on it is a privilege-escalation hole.
+- `update` policies must declare BOTH a `using` clause and a `with check` clause. `using` gates which existing rows are updatable; `with check` gates the new row values. Omitting `with check` lets a caller rewrite a row (e.g. reassign its owner) to a value that escapes the policy.
+- `auth.role()` is deprecated — scope policies to roles with the `to` clause (`to authenticated`, `to anon`) instead of comparing `auth.role()` inside the predicate.
+- Views in an exposed schema must be created with `security_invoker = true` (Postgres 15+); otherwise the view runs as its owner and bypasses the querying user's row-level security.
+- Prefer `security invoker` functions. A `security definer` function bypasses row-level security and runs as its owner — reserve it for the recursion-break helper in Step 2.75, keep it in a non-exposed schema, guard it with an `auth.uid()` ownership check, and harden `search_path` per `rules/migration-security.md`.
+- Capture any ad-hoc schema change made interactively via `execute_sql` during iteration back into a migration file (Step 2) — never leave a change preview-branch-only.
+- When the correct syntax for a policy, view, or function construct is uncertain, call `search_docs` to consult authoritative Supabase documentation before authoring.
+
 ### Step 4: Generate TypeScript Types
 
 After schema changes:
@@ -225,5 +235,6 @@ Populate all output contract fields. Include every file changed.
 
 - **Spawned by**: `round-executor` (as sub-executor when plan includes DB work)
 - **Returns to**: `round-executor`
-- **Tools**: Supabase MCP tools (`apply_migration`, `execute_sql`, `list_tables`, `list_migrations`, `generate_typescript_types`), Bash for CLI commands
+- **Tools**: Supabase MCP tools (`apply_migration`, `execute_sql`, `list_tables`, `list_migrations`, `get_advisors`, `generate_typescript_types`, `search_docs`), Bash for CLI commands
 - **Rule**: `migration-infrastructure.md` — cross-agent mandate for migration push verification, backfill, and error resolution
+- **Official skills** (vendored, for deeper guidance): `supabase` — Supabase security checklist, MCP surface, RLS/auth policy authoring; `supabase-postgres-best-practices` — Postgres query optimization, schema/index design, RLS performance.

package/templates/hooks/validate-structure-patterns.sh

@@ -9,9 +9,11 @@
 
 # ===== Path-pattern enforcement =====
 # Each row: enforce_path_pattern <prefix> <full_pattern> <block_msg> <expected_hint>
-_SUB='(templates|examples|reference|scripts)/[a-z0-9.-]+\.(md|sh|json|ya?ml)'
-enforce_path_pattern '^/\.claude/skills/' "^/\.claude/skills/[a-z0-9-]+/(SKILL\.md|[a-z0-9-]+\.md|${_SUB})$" 'Invalid skill path' "Pattern: /.claude/skills/{name}/SKILL.md | /.claude/skills/{name}/{file}.md | /.claude/skills/{name}/(templates|examples|reference|scripts)/{file}.{md,sh,json,yaml}"
-enforce_path_pattern '^/\.claude/agents/' "^/\.claude/agents/([a-z0-9-]+\.md|[a-z0-9-]+/(AGENT\.md|[a-z0-9-]+\.md|${_SUB}))$" 'Invalid agent path' "Pattern: /.claude/agents/{name}.md | /.claude/agents/{name}/AGENT.md | /.claude/agents/{name}/{file}.md | /.claude/agents/{name}/(templates|examples|reference|scripts)/{file}.{md,sh,json,yaml}"
+# references/ (plural) + assets/ subdirs and leading-underscore filenames (e.g. references/_sections.md)
+# are carried by vendored upstream skills (.claude/skills/supabase*, supabase-postgres-best-practices).
+_SUB='(templates|examples|reference|references|scripts|assets)/[a-z0-9._-]+\.(md|sh|json|ya?ml)'
+enforce_path_pattern '^/\.claude/skills/' "^/\.claude/skills/[a-z0-9-]+/(SKILL\.md|PROVENANCE\.md|CHANGELOG\.md|[a-z0-9-]+\.md|${_SUB})$" 'Invalid skill path' "Pattern: /.claude/skills/{name}/SKILL.md | /.claude/skills/{name}/(PROVENANCE|CHANGELOG).md | /.claude/skills/{name}/{file}.md | /.claude/skills/{name}/(templates|examples|reference|references|scripts|assets)/{file}.{md,sh,json,yaml}"
+enforce_path_pattern '^/\.claude/agents/' "^/\.claude/agents/([a-z0-9-]+\.md|[a-z0-9-]+/(AGENT\.md|PROVENANCE\.md|CHANGELOG\.md|[a-z0-9-]+\.md|${_SUB}))$" 'Invalid agent path' "Pattern: /.claude/agents/{name}.md | /.claude/agents/{name}/AGENT.md | /.claude/agents/{name}/(PROVENANCE|CHANGELOG).md | /.claude/agents/{name}/{file}.md | /.claude/agents/{name}/(templates|examples|reference|references|scripts|assets)/{file}.{md,sh,json,yaml}"
 enforce_path_pattern '^/\.claude/rules/' '^/\.claude/rules/[a-z0-9-]+\.md$' 'Invalid native rule path' 'Pattern: /.claude/rules/{name}.md'
 if match_path '^/\.claude/hooks/' && ! match_path '^/\.claude/hooks/__test-fixtures__/'; then
   if ! match_path '^/\.claude/hooks/[a-z-]+\.sh$'; then

package/templates/hooks/validate-structure.sh

@@ -48,10 +48,11 @@ esac
 FILENAME=$(basename "$FILE_PATH" ".$EXT")
 
 if match_path '^/(\.claude|docs)/'; then
-  # Skip special naming patterns (SKILL/AGENT/CLAUDE/MEMORY/TASK-N/CHK-NNN/date/week-N/research phase/README/INDEX)
+  # Skip special naming patterns (SKILL/AGENT/CLAUDE/MEMORY/TASK-N/CHK-NNN/date/week-N/research phase/README/INDEX/PROVENANCE/CHANGELOG)
+  # PROVENANCE/CHANGELOG: uppercase filenames carried by vendored upstream skills (e.g. .claude/skills/supabase/*)
   # CHK formats: CHK-001 (generic) or CHK-H001/CHK-A001/CHK-B001 (launch: Homepage/Application/Backdoor)
   # INDEX: grep-native registry filename used by the architecture-map pipeline (.claude/architecture/INDEX.md) and vendor docs
-  if ! echo "$FILENAME" | grep -qE '^(SKILL|AGENT|CLAUDE|MEMORY|TASK-[1-9]|[0-9]{2}-[0-9]{2}-[0-9]{2}-CHK-([0-9]{3}|[HAB][0-9]{3})|CHK-([0-9]{3}|[HAB][0-9]{3})|[0-9]{2}-[0-9]{2}-[0-9]{2}|week-[0-9]+|[1-8]-|README|INDEX)'; then
+  if ! echo "$FILENAME" | grep -qE '^(SKILL|AGENT|CLAUDE|MEMORY|TASK-[1-9]|[0-9]{2}-[0-9]{2}-[0-9]{2}-CHK-([0-9]{3}|[HAB][0-9]{3})|CHK-([0-9]{3}|[HAB][0-9]{3})|[0-9]{2}-[0-9]{2}-[0-9]{2}|week-[0-9]+|[1-8]-|README|INDEX|PROVENANCE|CHANGELOG)'; then
     if echo "$FILENAME" | grep -qE '[A-Z]|_'; then
       block "Filename must be kebab-case (lowercase with hyphens)" "Got: $FILENAME, Expected: $(echo "$FILENAME" | tr '[:upper:]' '[:lower:]' | tr '_' '-')"
     fi

package/templates/settings.project.base.json

@@ -133,6 +133,8 @@
       "Skill(cbp-task-start)",
       "Skill(cbp-task-testing)",
       "Skill(cbp-todo)",
+      "Skill(supabase)",
+      "Skill(supabase-postgres-best-practices)",
       "mcp__codebyplan__get_checkpoints",
       "mcp__codebyplan__get_current_task",
       "mcp__codebyplan__get_eslint_presets",

package/templates/skills/cbp-build-cc-skill/SKILL.md

@@ -76,6 +76,14 @@ Pick the pattern that fits. This drives frontmatter choices:
 
 Concrete templates: [examples/task-skill.md](examples/task-skill.md), [examples/knowledge-skill.md](examples/knowledge-skill.md), [examples/fork-skill.md](examples/fork-skill.md), [examples/dynamic-context.md](examples/dynamic-context.md).
 
+#### Convention: User-only / permission-gated finalizer
+
+A Task-pattern skill that must only run on explicit user confirmation is a **permission-gated finalizer**:
+
+- MUST carry `disable-model-invocation: true` — the model cannot invoke it; only the user can (via `/skill-name`).
+- Any upstream skill that auto-triggers it MUST instead emit a `Next: /skill-name` directive and STOP — model invocation of a `disable-model-invocation` skill is blocked at the runtime level.
+- Canonical example: `/cbp-round-complete` (the round finalizer). `/cbp-round-update` routes a clean triage via a `Next: /cbp-round-complete` directive and stops — it cannot invoke round-complete directly.
+
 ### Step 5 — Fill the frontmatter
 
 Read `${CLAUDE_SKILL_DIR}/templates/skill.md` as the canonical frontmatter. Fill only the fields you need — every field except `description` is optional, and even `description` falls back to the first markdown paragraph.

package/templates/skills/cbp-build-cc-skill/reference/frontmatter-fields.md

@@ -9,7 +9,7 @@ Source: official Claude Code skills spec. All fields are optional; `description`
 | `when_to_use` | Additional trigger phrases. Appended to `description` in the listing |
 | `argument-hint` | Autocomplete hint, e.g. `[issue-number]` |
 | `arguments` | Named positional args, e.g. `[file mode]` → `$file`, `$mode` |
-| `disable-model-invocation` | `true` → only user can invoke (via `/name`) |
+| `disable-model-invocation` | `true` → only user can invoke (via `/name`). Upstream skills that auto-trigger this skill MUST emit a `Next: /name` directive instead — model invocation is blocked by the runtime; see SKILL.md Step 4 "Convention: User-only / permission-gated finalizer" |
 | `user-invocable` | `false` → hidden from `/` menu, Claude-only |
 | `allowed-tools` | Pre-approve tools while the skill is active |
 | `model` | Override model for this skill's turn. **CBP skills normally OMIT this** so the skill inherits the active session model. Pinning a model (e.g. `sonnet`) forces that model and can carry the session's 1M `[1m]` context tier onto the skill, triggering "usage credits required for 1M context". Set it only as a deliberate, documented exception — see [/cbp-build-cc-mode](../../build-cc-mode/SKILL.md) |
@@ -33,3 +33,5 @@ Total skill-description budget in context: 1% of the context window (fallback 8,
 | (default) | Yes | Yes | Description in context; body loads on invoke |
 | `disable-model-invocation: true` | Yes | No | Description NOT in context; body loads on user invoke |
 | `user-invocable: false` | No | Yes | Description in context; body loads on auto-invoke |
+
+> **Upstream-directive rule**: a skill with `disable-model-invocation: true` cannot be invoked by another skill. Any upstream skill that auto-triggers it MUST emit a `Next: /skill-name` close-out directive and stop. See "Convention: User-only / permission-gated finalizer" in SKILL.md Step 4 for the full pattern and canonical example.

package/templates/skills/cbp-round-complete/SKILL.md

@@ -3,6 +3,7 @@ scope: org-shared
 name: cbp-round-complete
 description: Reconcile user git-add approvals, complete the round, and route to the next step
 argument-hint: [chk-task-round | task-round]
+disable-model-invocation: true
 triggers: [cbp-task-check, cbp-standalone-task-check, cbp-round-input]
 effort: low
 ---
@@ -28,9 +29,9 @@ Set `KIND` for the rest of this skill. MCP tool names vary by KIND:
 
 # Round Complete Command
 
-The **permission-gated finalizer** for a round that `/cbp-round-update` triaged as clean. It reconciles which files the **user** approved via `git add`, completes the round, and routes to the next step.
+The **user-invoked finalizer** for a round that `/cbp-round-update` triaged as clean. round-complete carries `disable-model-invocation: true`, so the model cannot invoke it — `/cbp-round-update` *directs* the user here with a `Next: /cbp-round-complete` directive, and the user runs it. It reconciles which files the **user** approved via `git add`, completes the round, and routes to the next step.
 
-This skill is gated by an `ask`-tier `Skill(cbp-round-complete)` permission rule in `settings.json`. **The permission prompt IS the user confirmation** — there is NO AskUserQuestion inside this skill. If the user declines the permission, the skill does not run: nothing is synced, no round is completed, and the user can stage files and re-invoke (directly or by re-running `/cbp-round-update`) when ready.
+This skill is gated by an `ask`-tier `Skill(cbp-round-complete)` permission rule in `settings.json`. **The permission prompt IS the user confirmation** on the user's direct invoke — there is NO AskUserQuestion inside this skill. If the user declines the permission, the skill does not run: nothing is synced, no round is completed, and the user can stage files and re-invoke `/cbp-round-complete` when ready.
 
 ## HARD GATE — Every Step Must Execute
 
@@ -153,16 +154,16 @@ Payload: `round.context.round_complete = { staged_count, unstaged_count, route,
 
 ## Key Rules
 
-- **Permission prompt = confirmation** — gated by `ask`-tier `Skill(cbp-round-complete)`. NEVER add an AskUserQuestion to confirm running; the harness prompt is the gate. A declined permission is a clean no-op.
+- **User-invoked only** — round-complete carries `disable-model-invocation: true`, so the model cannot invoke it. `/cbp-round-update` *directs* the user here on a clean triage (a `Next: /cbp-round-complete` directive); the user runs the skill.
+- **Permission prompt = confirmation** — gated by `ask`-tier `Skill(cbp-round-complete)`. Because the skill is `disable-model-invocation: true`, this gate applies to the user's **direct** `/cbp-round-complete` invocation. NEVER add an AskUserQuestion to confirm running; the harness prompt is the gate. A declined permission is a clean no-op.
 - **Step 2 (CLI) must exit 0** — if it fails, STOP before `complete_round`. The merge semantics are enforced by the CLI.
 - **NEVER ask the user to git add files** — Step 2 only reads staging status. **NEVER stage files** — Claude does not touch the git staging area; the user's `git add` is the approval signal.
 - **standalone KIND Step 3**: `caller_worktree_id` is REQUIRED for `complete_standalone_round` — always resolve and pass it.
-- **Auto-triggered by `/cbp-round-update`** (clean triage), or run manually by the user.
 
 ## Integration
 
-- **Gates**: `ask`-tier `Skill(cbp-round-complete)` permission prompt — the harness confirms before the skill runs; a decline makes NO writes. There is no in-skill AskUserQuestion.
-- **Triggered by**: `/cbp-round-update` (auto, clean triage), or user manually
+- **Gates**: `ask`-tier `Skill(cbp-round-complete)` permission prompt on the user's direct invoke — the harness confirms before the skill runs; a decline makes NO writes. There is no in-skill AskUserQuestion.
+- **Invoked by**: the user only — round-complete carries `disable-model-invocation: true`, so the model cannot invoke it. `/cbp-round-update` *directs* the user here on a clean triage (a `Next: /cbp-round-complete` directive) but does not invoke it.
 - **Reads (checkpoint KIND)**: `.codebyplan/state/checkpoints/<id>.json`, `.codebyplan/state/checkpoints/<id>/tasks/<id>.json`, `.codebyplan/state/checkpoints/<id>/tasks/<id>/rounds/<id>.json` (local-first; run `npx codebyplan sync` if missing; break-glass: MCP `get_current_task` / `get_rounds`). Delegates git+approval sync to `npx codebyplan round sync-approvals`.
 - **Reads (standalone KIND)**: MCP `get_current_standalone_task` / `get_standalone_rounds` (standalone KIND still uses MCP until a later task).
 - **Writes (checkpoint KIND)**: `codebyplan round complete` (Step 3); `codebyplan round update` (Step 4 breadcrumb). Break-glass: MCP `complete_round` / `update_round`. Round+task `files_changed` written by the CLI sync-approvals.

package/templates/skills/cbp-round-end/SKILL.md

@@ -141,7 +141,7 @@ Example tables and the in-scope/out-of-scope classification: see `reference/find
 - Skip the polish-spiral stop-gate (auto-loop has its own cap-exhausted termination).
 - Skip Step 7's inline auto-apply (findings are deferred to the next loop round, not applied this round).
 - Save findings via `update_round` exactly as in manual mode.
-- Auto-trigger `/cbp-round-update` immediately. round-update triages the round and either routes to `/cbp-round-input` (spawn another round) or `/cbp-round-complete` (clean exit) — see cbp-round-update SKILL.md Step 2/3.
+- Auto-trigger `/cbp-round-update` immediately. round-update triages the round and either routes to `/cbp-round-input` (spawn another round) or **directs the user to run** `/cbp-round-complete` on a clean exit — see cbp-round-update SKILL.md Step 2/3.
 
 **Else (manual mode — flag absent or false):**
 
@@ -156,7 +156,7 @@ Step 7 already auto-applied in-scope findings and logged them to `round.context.
      }
    }
    ```
-3. Auto-trigger `/cbp-round-update`. round-update triages the round: if out-of-scope findings (or a hard-fail) remain it routes to `/cbp-round-input` (which picks up the findings from round context and includes them in the new round's requirements automatically); if the round is clean it routes to `/cbp-round-complete` (the permission-gated finalizer that reconciles the user's `git add`s and completes the round).
+3. Auto-trigger `/cbp-round-update`. round-update triages the round: if out-of-scope findings (or a hard-fail) remain it routes to `/cbp-round-input` (which picks up the findings from round context and includes them in the new round's requirements automatically); if the round is clean it **directs the user to run** `/cbp-round-complete` (the user-invoked finalizer that reconciles the user's `git add`s and completes the round).
 
 ## Key Rules
 

package/templates/skills/cbp-round-update/SKILL.md

@@ -1,9 +1,9 @@
 ---
 scope: org-shared
 name: cbp-round-update
-description: Triage a finished round (Claude-only) and route to round-complete or round-input
+description: Triage a finished round (Claude-only); direct user to run round-complete on a clean round, or trigger round-input when more work is needed
 argument-hint: [chk-task-round | task-round]
-triggers: [cbp-round-complete, cbp-round-input]
+triggers: [cbp-round-input]
 effort: low
 ---
 
@@ -35,7 +35,7 @@ The completion + file-approval reconcile (`sync-approvals`, `complete_round` / `
 
 ## Routing in one line
 
-- **Round is clean** → trigger `/cbp-round-complete` (the permission-gated finalizer reconciles your `git add`s and completes the round).
+- **Round is clean** → **direct the user to run** `/cbp-round-complete` (the user-invoked finalizer reconciles your `git add`s and completes the round; round-update cannot invoke it — round-complete is `disable-model-invocation: true`).
 - **Round needs more work** → trigger `/cbp-round-input` (more changes / planning).
 
 ## Instructions
@@ -93,7 +93,7 @@ Display a one-line triage summary, e.g. `"ROUND-N triage: clean"` or `"ROUND-N t
 
 ### Step 3: Route
 
-**3a — Clean → `/cbp-round-complete`.** Auto-trigger `/cbp-round-complete`. round-complete is `ask`-tier: the harness shows a permission prompt (the user's confirmation to finalize the round). round-complete then reconciles the user's `git add`s, completes the round, and routes onward (all files staged → task-check; some withheld → round-input). round-update writes nothing here beyond the Step 2 summary. In `auto_loop_mode`, a clean triage is the loop's success exit — the loop continues only via the not-clean path in 3b; round-complete owns the degenerate clean-but-unstaged guard.
+**3a — Clean → direct the user to `/cbp-round-complete`.** STOP and surface the directive: `Round clean. Next: run /cbp-round-complete to reconcile your git adds and finalize.` round-update does NOT invoke round-complete — round-complete carries `disable-model-invocation: true`, so only the user can run it (its `ask`-tier permission prompt is the user's confirmation on that direct invoke). Once the user runs it, round-complete reconciles the `git add`s, completes the round, and routes onward (all files staged → task-check; some withheld → round-input). round-update writes nothing here beyond the Step 2 summary. In `auto_loop_mode`, a clean triage is the loop's success exit — the directive applies here too (the user invokes round-complete to finalize); the loop continues only via the not-clean path in 3b, and round-complete owns the degenerate clean-but-unstaged guard.
 
 **3b — Not clean → `/cbp-round-input`.** More changes or planning are needed. Routing is **independent of git staging** — round-input is reachable whether or not the user has staged anything (it performs its own deep analysis of the unapproved files). Two sub-cases:
 
@@ -104,7 +104,7 @@ Display a one-line triage summary, e.g. `"ROUND-N triage: clean"` or `"ROUND-N t
 
 ## Key Rules
 
-- **Autonomous + Claude-only** — round-update never prompts before running. It is auto-triggered by `/cbp-round-end`. The confirmation step is `/cbp-round-complete`'s `ask`-tier permission prompt, not an AskUserQuestion here. (The auto-loop cap-exhausted AskUserQuestion in Step 3b is a genuine user decision, not a run gate.)
+- **Autonomous + Claude-only** — round-update never prompts before running. It is auto-triggered by `/cbp-round-end`. On a clean triage it **directs** the user to run `/cbp-round-complete` — it cannot invoke that skill (`disable-model-invocation: true`); the confirmation step is round-complete's own `ask`-tier permission prompt on the user's direct invoke, not an AskUserQuestion here. (The auto-loop cap-exhausted AskUserQuestion in Step 3b is a genuine user decision, not a run gate.)
 - **Triage, never finalize** — round-update does NOT call `sync-approvals`, `complete_round`, or `complete_standalone_round`, and does NOT write file approvals. All of that is `/cbp-round-complete`.
 - **Never touches git** — round-update reads `claude_approved` from the DB only; it never reads staging, asks the user to `git add`, or stages files.
 - **git-add independence** — the "needs more work" route to `/cbp-round-input` fires regardless of whether files are staged. There is no clean-but-unstaged dead-end.
@@ -117,4 +117,5 @@ Display a one-line triage summary, e.g. `"ROUND-N triage: clean"` or `"ROUND-N t
 - **Reads (standalone KIND)**: MCP `get_current_standalone_task`, `get_standalone_rounds` — standalone still uses MCP
 - **Writes (checkpoint KIND)**: `codebyplan round update` — audit only (`auto_loop_decision` / `auto_loop_cap_exhausted`; break-glass: MCP `update_round`). No completion, no file-approval writes.
 - **Writes (standalone KIND)**: MCP `update_standalone_round` — audit only — standalone still uses MCP
-- **Triggers**: `/cbp-round-complete` (clean triage — `ask`-tier permission prompt is the user confirmation), `/cbp-round-input` (not-clean triage: outstanding findings, hard-fail, or unapproved Claude checks — fires independent of git staging; also the auto-loop dirty spawn), cap-exhausted prompt routes from Step 3b (any of the three options)
+- **Triggers**: `/cbp-round-input` (not-clean triage: outstanding findings, hard-fail, or unapproved Claude checks — fires independent of git staging; also the auto-loop dirty spawn), cap-exhausted prompt routes from Step 3b (any of the three options)
+- **Directs the user to**: `/cbp-round-complete` (clean triage) — round-update cannot invoke it (`disable-model-invocation: true`); it emits a `Next: /cbp-round-complete` directive and the user runs it (its `ask`-tier permission prompt is the confirmation)

package/templates/skills/cbp-supabase-branch-check/SKILL.md

@@ -342,3 +342,4 @@ Both emit `status: passed` so callers proceed; the `reason` differs for traceabi
 **Callers**: `cbp-ship-main` Step 2.5 invokes this skill pre-merge (`--mode pre_merge --target production`, only when a PR already exists for the branch); the caller proceeds on `passed` (Supabase Preview check green — including the CI-level `skipping` bucket, which Step 8 maps to `passed`) and `skipped` (no DB-path changes detected — the gate did not apply), and stops on `blocked`/`pending_pr`. Note: `status: "skipped"` is NOT the CI `skipping` bucket — the two are distinct layers.
 **Canonical bucket contract**: the gh-checks bucket vocabulary used in Step 6 — `pass|fail|pending|skipping|cancel` — is the single canonical contract shared with `evaluateChecks()` in `packages/codebyplan-package/src/lib/ship.ts` (the generic poller inside `codebyplan ship`). Only `pass`/`skipping` are non-blocking, `pending` waits, and every other disposition blocks (fail-safe). The two pollers MUST NOT drift — any change to this enum or its dispositions must land in both places.
 **Tools used**: `mcp__supabase__list_branches` for project_ref resolution; `mcp__supabase__get_logs` for failure diagnostics; `gh pr checks` for status polling; `supabase --experimental branches get` as CLI fallback.
+- Official skill (vendored): `supabase` — advisor findings surfaced by this gate are scored against the Supabase security checklist.

package/templates/skills/cbp-supabase-migrate/SKILL.md

@@ -270,6 +270,8 @@ Skip Steps 5.5 and 6 (dry-run pre-flight and apply) and proceed directly to Step
 
 ## Step 5 — Scaffold or Adopt
 
+> Security reminder for authored migrations: when a migration creates row-level-security policies or views, follow the official `supabase` checklist — `update` policies need both `using` and `with check`; views in exposed schemas need `security_invoker = true`; authorization reads `app_metadata`, not `user_metadata`; `auth.role()` is deprecated — scope to roles with the `to` clause (`to authenticated`, `to anon`).
+
 Parse `$ARGUMENTS`:
 
 ### Case A: `--new <name>`
@@ -439,4 +441,4 @@ Next: open a PR (if not already open) and the Supabase Preview check will run au
 
 ## Integration
 
-Invoked by the developer or by `cbp-database-agent`'s routing rule. Companion: `/cbp-supabase-setup` (one-time enablement); ship-time hard-block lives in `cbp-supabase-branch-check`. References: [reference/advisor-triage.md](reference/advisor-triage.md) (severity), [reference/cli-fallback.md](reference/cli-fallback.md) (CLI apply). Context recording uses CLI write-through (`codebyplan checkpoint update` / `codebyplan task update`); MCP `update_checkpoint` / `update_task` as documented break-glass when CLI unavailable.
+Invoked by the developer or by `cbp-database-agent`'s routing rule. Companion: `/cbp-supabase-setup` (one-time enablement); ship-time hard-block lives in `cbp-supabase-branch-check`. References: [reference/advisor-triage.md](reference/advisor-triage.md) (severity), [reference/cli-fallback.md](reference/cli-fallback.md) (CLI apply). Context recording uses CLI write-through (`codebyplan checkpoint update` / `codebyplan task update`); MCP `update_checkpoint` / `update_task` as documented break-glass when CLI unavailable. Deeper guidance: the vendored official skills `supabase` (security checklist, RLS/auth authoring, MCP surface) and `supabase-postgres-best-practices` (schema/index design, query performance).

package/templates/skills/cbp-supabase-setup/SKILL.md

@@ -243,3 +243,4 @@ Ready for /cbp-ship. Every PR will now get an isolated Supabase preview environm
 
 - Dashboard walkthrough + GitHub checklist: [reference/branching-setup.md](reference/branching-setup.md)
 - CLI detection + branch parsing + manual fallback: [reference/cli-fallback.md](reference/cli-fallback.md)
+- Official skills (vendored): `supabase` and `supabase-postgres-best-practices` — deeper Supabase setup-security and Postgres best-practice guidance.

package/templates/skills/supabase/CHANGELOG.md

@@ -0,0 +1,35 @@
+# Changelog
+
+## [0.1.4](https://github.com/supabase/agent-skills/compare/v0.1.3...v0.1.4) (2026-06-05)
+
+
+### Features
+
+* add instructions to check changelog ([#74](https://github.com/supabase/agent-skills/issues/74)) ([4bb13d8](https://github.com/supabase/agent-skills/commit/4bb13d858d19f1f848505a66f46fc9603fdcde95))
+* add npm supply-chain security guidance to supabase skill ([#94](https://github.com/supabase/agent-skills/issues/94)) ([82df90a](https://github.com/supabase/agent-skills/commit/82df90a5de1cd84386d8bc192746e50343b86dc0))
+* instructions on exposing tables to the data api ([#71](https://github.com/supabase/agent-skills/issues/71)) ([f15a5a4](https://github.com/supabase/agent-skills/commit/f15a5a40779072a530c9e53c3f14ec4131118ea6))
+* using Supabase agent skills ([#12](https://github.com/supabase/agent-skills/issues/12)) ([7c2e389](https://github.com/supabase/agent-skills/commit/7c2e3894fddfde8eb6c77d2a8921904543b9be7a))
+
+
+### Bug Fixes
+
+* bump supabase skill to v0.1.1 and fix Data API broken link ([#72](https://github.com/supabase/agent-skills/issues/72)) ([5a6542e](https://github.com/supabase/agent-skills/commit/5a6542e08fc026d90c9a6a0f5a67749e9ceb9946))
+* cover SECURITY DEFINER, auth.role() deprecation, and BOLA in security checklist ([#85](https://github.com/supabase/agent-skills/issues/85)) ([133f43e](https://github.com/supabase/agent-skills/commit/133f43e8c2ffc48823ff0630c692cabecea3e3a3))
+* update Data API doc link and bump supabase skill to v0.1.1 ([#73](https://github.com/supabase/agent-skills/issues/73)) ([e5f7a7c](https://github.com/supabase/agent-skills/commit/e5f7a7cfd697765848ffd6a4505f3c02e1ee17ee))
+
+## [0.1.3](https://github.com/supabase/agent-skills/compare/v0.1.2...v0.1.3) (2026-06-02)
+
+
+### Features
+
+* add instructions to check changelog ([#74](https://github.com/supabase/agent-skills/issues/74)) ([4bb13d8](https://github.com/supabase/agent-skills/commit/4bb13d858d19f1f848505a66f46fc9603fdcde95))
+* add npm supply-chain security guidance to supabase skill ([#94](https://github.com/supabase/agent-skills/issues/94)) ([82df90a](https://github.com/supabase/agent-skills/commit/82df90a5de1cd84386d8bc192746e50343b86dc0))
+* instructions on exposing tables to the data api ([#71](https://github.com/supabase/agent-skills/issues/71)) ([f15a5a4](https://github.com/supabase/agent-skills/commit/f15a5a40779072a530c9e53c3f14ec4131118ea6))
+* using Supabase agent skills ([#12](https://github.com/supabase/agent-skills/issues/12)) ([7c2e389](https://github.com/supabase/agent-skills/commit/7c2e3894fddfde8eb6c77d2a8921904543b9be7a))
+
+
+### Bug Fixes
+
+* bump supabase skill to v0.1.1 and fix Data API broken link ([#72](https://github.com/supabase/agent-skills/issues/72)) ([5a6542e](https://github.com/supabase/agent-skills/commit/5a6542e08fc026d90c9a6a0f5a67749e9ceb9946))
+* cover SECURITY DEFINER, auth.role() deprecation, and BOLA in security checklist ([#85](https://github.com/supabase/agent-skills/issues/85)) ([133f43e](https://github.com/supabase/agent-skills/commit/133f43e8c2ffc48823ff0630c692cabecea3e3a3))
+* update Data API doc link and bump supabase skill to v0.1.1 ([#73](https://github.com/supabase/agent-skills/issues/73)) ([e5f7a7c](https://github.com/supabase/agent-skills/commit/e5f7a7cfd697765848ffd6a4505f3c02e1ee17ee))

package/templates/skills/supabase/PROVENANCE.md

@@ -0,0 +1,50 @@
+# Provenance
+
+This skill is vendored from the official Supabase **agent-skills** project.
+
+| Field | Value |
+|-------|-------|
+| Upstream | https://github.com/supabase/agent-skills |
+| Upstream path | `skills/supabase/` |
+| Pinned commit | `1356046015476711a769601079262b5635929427` |
+| Vendored on | 2026-06-08 |
+| Skill version | `0.1.2` in `SKILL.md` frontmatter — but the vendored content is current to release **`0.1.4`** (2026-06-05) per `CHANGELOG.md`; upstream does not bump `metadata.version` per release, so trust the pinned commit + `CHANGELOG.md`, not the frontmatter field, when assessing drift |
+| License | MIT |
+
+The **only** CodeByPlan modification is the added `scope: org-shared` line in the
+`SKILL.md` frontmatter (required by the CBP `.claude/` scope-marker convention —
+`rules/scope-vocabulary.md`). Everything else — the `SKILL.md` body, `references/`,
+`assets/`, and `CHANGELOG.md` — is upstream-verbatim.
+
+## Refresh
+
+Re-vendor when upstream publishes a newer version (typically on a `codebyplan`
+package release):
+
+1. Re-fetch every file under the upstream path above, pinned to the latest commit.
+2. Re-inject the single `scope: org-shared` frontmatter line into `SKILL.md`.
+3. Copy the result into **both** `packages/codebyplan-package/templates/skills/supabase/`
+   and the byte-identical `.claude/skills/supabase/` twin (GATE 6 sibling-identity).
+4. Update the pinned commit + version in this file.
+
+## License (MIT)
+
+Copyright (c) 2026 Supabase
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/templates/skills/supabase/SKILL.md

@@ -0,0 +1,136 @@
+---
+scope: org-shared
+name: supabase
+description: "Use when doing ANY task involving Supabase. Triggers: Supabase products (Database, Auth, Edge Functions, Realtime, Storage, Vectors, Cron, Queues); client libraries and SSR integrations (supabase-js, @supabase/ssr) in Next.js, React, SvelteKit, Astro, Remix; auth issues (login, logout, sessions, JWT, cookies, getSession, getUser, getClaims, RLS); Supabase CLI or MCP server; schema changes, migrations, security audits, Postgres extensions (pg_graphql, pg_cron, pg_vector)."
+metadata:
+  author: supabase
+  version: "0.1.2"
+---
+
+# Supabase
+
+## Core Principles
+
+**1. Supabase changes frequently — verify against changelog and current docs before implementing.**
+Do not rely on training data for Supabase features. Function signatures, config.toml settings, and API conventions change between versions.
+
+First, fetch `https://supabase.com/changelog.md` (a lightweight summary index — not a heavy pull), scan for `breaking-change` tags relevant to your task, and follow the linked page for any that apply. Then look up the relevant topic using the documentation access methods below.
+
+**2. Verify your work.**
+After implementing any fix, run a test query to confirm the change works. A fix without verification is incomplete.
+
+**3. Recover from errors, don't loop.**
+If an approach fails after 2-3 attempts, stop and reconsider. Try a different method, check documentation, inspect the error more carefully, and review relevant logs when available. Supabase issues are not always solved by retrying the same command, and the answer is not always in the logs, but logs are often worth checking before proceeding.
+
+**4. Exposing tables to the Data API:** Depending on the user's [Data API settings](https://supabase.com/dashboard/project/<ref>/integrations/data_api/settings), newly created tables may not be automatically exposed via the Data (REST) API. If this is the case, `anon` and `authenticated` roles will need to be explicitly granted access.
+
+> Note that this is separate from RLS, which controls which _rows_ are visible once a table is accessible, not whether the table is accessible at all.
+
+When a user reports a SQL-created table is unexpectedly inaccessible, check their Data API settings and whether the roles have been granted access via explicit `GRANT` SQL. When granting public (`anon`/`authenticated`) access, always enable RLS too. See [Exposing a Table to the Data API](https://supabase.com/docs/guides/api/securing-your-api.md) for the full setup workflow.
+
+**5. RLS in exposed schemas.**
+Enable RLS on every table in any exposed schema, which includes `public` by default. This is critical in Supabase because tables in exposed schemas can be reachable through the Data API when the `anon`/`authenticated` roles have access (see [Exposing a Table to the Data API](https://supabase.com/docs/guides/api/securing-your-api.md)). For private schemas, prefer RLS as defense in depth. After enabling RLS, create policies that match the actual access model rather than defaulting every table to the same `auth.uid()` pattern.
+
+**6. Security checklist.**
+When working on any Supabase task that touches auth, RLS, views, storage, or user data, run through this checklist. These are Supabase-specific security traps that silently create vulnerabilities:
+
+- **Auth and session security**
+  - **Never use `user_metadata` claims in JWT-based authorization decisions.** In Supabase, `raw_user_meta_data` is user-editable and can appear in `auth.jwt()`, so it is unsafe for RLS policies or any other authorization logic. Store authorization data in `raw_app_meta_data` / `app_metadata` instead.
+  - **Deleting a user does not invalidate existing access tokens.** Sign out or revoke sessions first, keep JWT expiry short for sensitive apps, and for strict guarantees validate `session_id` against `auth.sessions` on sensitive operations.
+  - **If you use `app_metadata` or `auth.jwt()` for authorization, remember JWT claims are not always fresh until the user's token is refreshed.**
+
+- **API key and client exposure**
+  - **Never expose the `service_role` or secret key in public clients.** Prefer publishable keys for frontend code. Legacy `anon` keys are only for compatibility. In Next.js, any `NEXT_PUBLIC_` env var is sent to the browser.
+
+- **RLS, views, and privileged database code**
+  - **Views bypass RLS by default.** In Postgres 15 and above, use `CREATE VIEW ... WITH (security_invoker = true)`. In older versions of Postgres, protect your views by revoking access from the `anon` and `authenticated` roles, or by putting them in an unexposed schema.
+  - **UPDATE requires a SELECT policy.** In Postgres RLS, an UPDATE needs to first SELECT the row. Without a SELECT policy, updates silently return 0 rows — no error, just no change.
+  - **`auth.role()` is deprecated — use the `TO` clause instead.** Supabase has deprecated `auth.role()` in favour of specifying the target role directly on the policy with `TO authenticated` or `TO anon`. Beyond deprecation, `auth.role() = 'authenticated'` breaks silently when anonymous sign-ins are enabled, because anonymous users carry the `authenticated` Postgres role and pass the check regardless of whether the user is genuinely signed in.
+    ```sql
+    -- Deprecated (do not use)
+    create policy "example" on table_name for select
+    using ( auth.role() = 'authenticated' );
+    ```
+  - **`TO authenticated` alone is authentication without authorization (BOLA / IDOR).** Using `TO authenticated` only checks the role — it does not restrict which rows a user can access. The correct pattern combines `TO authenticated` with an ownership predicate in `USING`:
+    ```sql
+    create policy "example" on table_name for select
+    to authenticated
+    using ( (select auth.uid()) = user_id );
+    ```
+  - **UPDATE policies require both `USING` and `WITH CHECK`.** Without `WITH CHECK`, a user can reassign a row's `user_id` to another user:
+    ```sql
+    create policy "example" on table_name for update
+    to authenticated
+    using ( (select auth.uid()) = user_id )
+    with check ( (select auth.uid()) = user_id );
+    ```
+  - **`SECURITY DEFINER` functions bypass RLS.** A `SECURITY DEFINER` function runs with its creator's privileges — typically a role with `bypassrls` (e.g., `postgres`). Never add `SECURITY DEFINER` to resolve a permission error; it silently removes access control without fixing the underlying cause. Prefer `SECURITY INVOKER`.
+  - **`SECURITY DEFINER` functions in `public` are callable by all roles.** Postgres grants `EXECUTE` to `PUBLIC` by default for every new function, so any `SECURITY DEFINER` function in `public` is a public API endpoint callable by `anon` and `authenticated` (which inherit from `PUBLIC`) without any additional grant. When `SECURITY DEFINER` is genuinely needed (e.g., bypassing RLS on an internal lookup table), keep the function in a non-exposed schema, always include an `auth.uid()` check in the function body, and run `supabase db advisors` after making changes.
+
+- **Storage access control**
+  - **Storage upsert requires INSERT + SELECT + UPDATE.** Granting only INSERT allows new uploads but file replacement (upsert) silently fails. You need all three.
+
+- **Dependency and supply-chain security**
+  - **Always pin package versions and commit lockfiles** when installing Supabase packages (`supabase-js`, `@supabase/ssr`, `supabase-py`, etc.). See the [npm security guide](https://supabase.com/docs/guides/security/npm-security.md) for the full checklist.
+
+For any security concern not covered above, fetch the Supabase product security index: `https://supabase.com/docs/guides/security/product-security.md`
+
+## Supabase CLI
+
+Always discover commands via `--help` — never guess. The CLI structure changes between versions.
+
+```bash
+supabase --help                    # All top-level commands
+supabase <group> --help            # Subcommands (e.g., supabase db --help)
+supabase <group> <command> --help  # Flags for a specific command
+```
+
+**Supabase CLI Known gotchas:**
+
+- `supabase db query` requires **CLI v2.79.0+** → use MCP `execute_sql` or `psql` as fallback
+- `supabase db advisors` requires **CLI v2.81.3+** → use MCP `get_advisors` as fallback
+- When you need a new migration SQL file, **always** create it with `supabase migration new <name>` first. Never invent a migration filename or rely on memory for the expected format.
+
+**Version check and upgrade:** Run `supabase --version` to check. For CLI changelogs and version-specific features, consult the [CLI documentation](https://supabase.com/docs/reference/cli/introduction) or [GitHub releases](https://github.com/supabase/cli/releases).
+
+## Supabase MCP Server
+
+For setup instructions, server URL, and configuration, see the [MCP setup guide](https://supabase.com/docs/guides/getting-started/mcp).
+
+**Troubleshooting connection issues** — follow these steps in order:
+
+1. **Check if the server is reachable:**
+   `curl -so /dev/null -w "%{http_code}" https://mcp.supabase.com/mcp`
+   A `401` is expected (no token) and means the server is up. Timeout or "connection refused" means it may be down.
+
+2. **Check `.mcp.json` configuration:**
+   Verify the project root has a valid `.mcp.json` with the correct server URL. If missing, create one pointing to `https://mcp.supabase.com/mcp`.
+
+3. **Authenticate the MCP server:**
+   If the server is reachable and `.mcp.json` is correct but tools aren't visible, the user needs to authenticate. The Supabase MCP server uses OAuth 2.1 — tell the user to trigger the auth flow in their agent, complete it in the browser, and reload the session.
+
+## Supabase Documentation
+
+Before implementing any Supabase feature, find the relevant documentation. Use these methods in priority order:
+
+1. **MCP `search_docs` tool** (preferred — returns relevant snippets directly)
+2. **Fetch docs pages as markdown** — any docs page can be fetched by appending `.md` to the URL path.
+3. **Web search** for Supabase-specific topics when you don't know which page to look at.
+
+## Making and Committing Schema Changes
+
+**To make schema changes, use `execute_sql` (MCP) or `supabase db query` (CLI).** These run SQL directly on the database without creating migration history entries, so you can iterate freely and generate a clean migration when ready.
+
+Do NOT use `apply_migration` to change a local database schema — it writes a migration history entry on every call, which means you can't iterate, and `supabase db diff` / `supabase db pull` will produce empty or conflicting diffs. If you use it, you'll be stuck with whatever SQL you passed on the first try.
+
+**When ready to commit** your changes to a migration file:
+
+1. **Run advisors** → `supabase db advisors` (CLI v2.81.3+) or MCP `get_advisors`. Fix any issues.
+2. **Review the Security Checklist above** if your changes involve views, functions, triggers, or storage.
+3. **Generate the migration** → `supabase db pull <descriptive-name> --local --yes`
+4. **Verify** → `supabase migration list --local`
+
+## Reference Guides
+
+- **Skill Feedback** → [references/skill-feedback.md](references/skill-feedback.md)
+  **MUST read when** the user reports that this skill gave incorrect guidance or is missing information.

package/templates/skills/supabase/assets/feedback-issue-template.md

@@ -0,0 +1,17 @@
+## What happened
+
+**Task:** <!-- e.g., "Set up MFA on patient records" -->
+
+**Skill said:** <!-- e.g., "Use auth.jwt()->'app_metadata' in the RLS policy" -->
+
+**Expected:** <!-- e.g., "The function also needs SECURITY DEFINER + grant to supabase_auth_admin" -->
+
+## Source
+
+**File:** <!-- e.g., references/security-model.md -->
+
+**Section:** <!-- e.g., "Trust Boundaries > user_metadata vs app_metadata" -->
+
+## Fix suggestion
+
+<!-- Leave blank if unsure -->

package/templates/skills/supabase/references/skill-feedback.md

@@ -0,0 +1,17 @@
+# Skill Feedback
+
+Use this when the user reports that the skill gave incorrect guidance, is missing information, or could be improved. This is about the skill (agent instructions), not about Supabase the product.
+
+## Steps
+
+1. **Ask permission** — Ask the user if they'd like to submit feedback to the skill maintainers. If they decline, move on.
+
+2. **Draft the issue** — Use the template at [assets/feedback-issue-template.md](../assets/feedback-issue-template.md) to structure the feedback. Fill in the fields based on the conversation. Always identify which specific reference file and section caused the problem.
+
+3. **Submit** — Create a GitHub Issue on the `supabase/agent-skills` repository using the draft as the issue body. The title must follow this format: `user-feedback: <summary of the problem>`.
+
+4. **Share the result** — Share the issue URL with the user after submission. If submission fails, give the user this link to create the issue manually:
+
+```
+https://github.com/supabase/agent-skills/issues/new
+```

package/templates/skills/supabase-postgres-best-practices/CHANGELOG.md

@@ -0,0 +1,29 @@
+# Changelog
+
+## [1.3.0](https://github.com/supabase/agent-skills/compare/v1.2.0...v1.3.0) (2026-06-05)
+
+
+### Features
+
+* add schema-constraints reference for safe migration patterns ([#30](https://github.com/supabase/agent-skills/issues/30)) ([9b236f3](https://github.com/supabase/agent-skills/commit/9b236f3ebd65d76a2c570f19931353da9c858d5a))
+* using Supabase agent skills ([#12](https://github.com/supabase/agent-skills/issues/12)) ([7c2e389](https://github.com/supabase/agent-skills/commit/7c2e3894fddfde8eb6c77d2a8921904543b9be7a))
+
+
+### Bug Fixes
+
+* correct broken reference link in postgres best practices skill ([#58](https://github.com/supabase/agent-skills/issues/58)) ([f4e2277](https://github.com/supabase/agent-skills/commit/f4e22777fd8573537297b568c16e5a45a25927da))
+* cover SECURITY DEFINER, auth.role() deprecation, and BOLA in security checklist ([#85](https://github.com/supabase/agent-skills/issues/85)) ([133f43e](https://github.com/supabase/agent-skills/commit/133f43e8c2ffc48823ff0630c692cabecea3e3a3))
+
+## [1.2.0](https://github.com/supabase/agent-skills/compare/v1.1.1...v1.2.0) (2026-06-02)
+
+
+### Features
+
+* add schema-constraints reference for safe migration patterns ([#30](https://github.com/supabase/agent-skills/issues/30)) ([9b236f3](https://github.com/supabase/agent-skills/commit/9b236f3ebd65d76a2c570f19931353da9c858d5a))
+* using Supabase agent skills ([#12](https://github.com/supabase/agent-skills/issues/12)) ([7c2e389](https://github.com/supabase/agent-skills/commit/7c2e3894fddfde8eb6c77d2a8921904543b9be7a))
+
+
+### Bug Fixes
+
+* correct broken reference link in postgres best practices skill ([#58](https://github.com/supabase/agent-skills/issues/58)) ([f4e2277](https://github.com/supabase/agent-skills/commit/f4e22777fd8573537297b568c16e5a45a25927da))
+* cover SECURITY DEFINER, auth.role() deprecation, and BOLA in security checklist ([#85](https://github.com/supabase/agent-skills/issues/85)) ([133f43e](https://github.com/supabase/agent-skills/commit/133f43e8c2ffc48823ff0630c692cabecea3e3a3))