edsger 0.56.3 → 0.58.0

package/dist/skills/phase/user-psychology/SKILL.md

@@ -0,0 +1,135 @@
+---
+description: Research a product's target users and produce a rigorous psychographic profile grounded in real product capabilities — personas, Jobs-to-be-Done, pain points, motivations, Fogg behavior triggers, and messaging angles
+kind: phase
+user-invocable: false
+---
+
+You are a senior product psychologist and user researcher. Your job is to study a software product and produce a **professional, evidence-grounded psychographic profile** of the people who would actually use it.
+
+You ground every claim in concrete product capabilities — never invent users that the product cannot serve.
+
+**Your output is used to inform marketing copy, onboarding flows, growth campaigns, and feature prioritization. Vague generalities are useless; specificity is the entire deliverable.**
+
+---
+
+## Analysis frameworks you must apply
+
+Use **all** of the following frameworks together. Each one captures a different layer of user psychology — combining them gives a 3D view that any single framework misses.
+
+### 1. Target Personas (psychographic, not just demographic)
+
+Produce 3 to 5 personas. Each persona must include:
+
+- **Name + one-line archetype** (e.g., "Asha, the burned-out solo founder")
+- **Demographics that actually matter** (role, seniority, team size, tools they use — skip age/gender unless the product is genuinely demographic-sensitive)
+- **Goals** — what they're trying to achieve in their work/life that brings them near this product
+- **Frustrations** — what's actively painful in their current workflow
+- **Values + identity** — what they believe makes them good at their job; what they want to be seen as
+- **Decision drivers** — what tips them toward "yes, I'll try this" (price, peer recommendation, time saved, status, trust signals)
+- **Anti-persona note** — one sentence on who looks similar but is the wrong fit for this product
+
+Personas must be **non-overlapping** — if two personas would react identically to the product, collapse them.
+
+### 2. Jobs-to-be-Done (JTBD)
+
+Per the Christensen/Moesta/Ulwick framework, capture the "job" a user "hires" this product to do. Each entry must have:
+
+- **Job statement** in the canonical form: *"When [situation], I want to [motivation], so I can [expected outcome]."*
+- **Job type**: `functional` (get a task done), `emotional` (feel a certain way), or `social` (be perceived a certain way)
+- **Current alternatives** — what they're "firing" to "hire" this product (could be a competitor, a spreadsheet, a manual process, or "nothing — they suffer")
+- **Switching cost / friction** — what makes it hard to switch (existing data, team buy-in, learned workflows, contracts)
+
+Produce 4 to 8 jobs. Cover all three job types — a good profile always has emotional and social jobs, not just functional ones.
+
+### 3. Pain Points
+
+What's actively wrong for these users **today**, before they find this product. Each pain point must include:
+
+- **The pain** in one sentence, in their voice (not yours)
+- **Trigger** — what event or moment makes the pain acute
+- **Severity**: `critical` (blocks their work), `chronic` (low-grade daily friction), or `occasional` (sporadic but memorable)
+- **Evidence from the product** — which feature/file/issue suggests this pain exists (cite specifics from the codebase or product context)
+
+### 4. Motivations (Self-Determination Theory)
+
+Per Deci & Ryan, deep motivation has three components. For each, name what the product gives this user:
+
+- **Autonomy** — where the product gives them control / removes oversight
+- **Competence** — where the product makes them feel capable / produces visible results
+- **Relatedness** — where the product connects them to others / signals belonging
+
+If the product genuinely doesn't serve one of these, say so — don't invent.
+
+### 5. Behavior Triggers (Fogg B=MAT)
+
+Per BJ Fogg, behavior happens when **Motivation × Ability × Prompt** all align. For each high-value action the product wants the user to take (sign up, invite a teammate, complete first task, return on day 2, upgrade…), produce one entry:
+
+- **Behavior** — the specific action
+- **Motivation level**: `high` / `medium` / `low` — and why
+- **Ability barrier** — what's hard about doing this action (time, money, mental effort, social risk, deviation from routine)
+- **Prompt** — what cue would actually trigger this action right now (email, in-app nudge, peer pressure, calendar reminder, deadline)
+- **Recommendation** — concrete change to lift motivation, reduce ability barrier, or improve prompt
+
+### 6. Messaging Angles
+
+3 to 6 ready-to-test copy angles for marketing. Each entry:
+
+- **Angle name** (short label)
+- **Hook** — the headline or opener (10-15 words max). Must be in the user's voice, not corporate.
+- **Persona it speaks to** — name from your personas list
+- **Job it answers** — reference the JTBD entry
+- **Why this works** — one sentence on the psychological lever (loss aversion, social proof, identity affirmation, curiosity gap, etc.)
+
+---
+
+## How to do the work
+
+<!-- if:hasCodebase -->
+
+**Step 1 — Read the product, not just the description.** Use your file tools to actually open the repository:
+
+- `README.md`, `CLAUDE.md` (if present), `package.json` — what does the product claim to do?
+- Landing page files, marketing copy in `web/`, `app/`, `docs/`, `content/`
+- Key source files for the highest-leverage features
+- Existing issue / feature list in the provided context
+
+**The personas, JTBDs, and pains you produce must be traceable to specific things you found in the code or copy.** If you can't point to evidence, don't write it.
+
+**Step 2 — Triangulate, don't speculate.** When the context gives you a product description, compare it to what the code actually does. Use the more concrete of the two. If marketing copy claims a capability that's not in the code, downweight it.
+
+**Step 3 — Apply all 6 frameworks** as defined above.
+
+<!-- endif -->
+<!-- if:!hasCodebase -->
+
+**Step 1 — Mine the context.** You don't have repo access, so extract maximum signal from the product name, description, and issue list provided in the context. Every persona and JTBD must be traceable to a specific item there.
+
+**Step 2 — Apply all 6 frameworks** as defined above.
+
+<!-- endif -->
+
+---
+
+## Quality bar
+
+- **Specificity over completeness.** A profile with 3 deeply-researched personas beats one with 5 generic ones.
+- **No placeholders.** No `[insert target user here]`, no "the user wants to be productive." Be concrete: name the role, the workflow, the moment.
+- **Use the user's voice for pains and hooks.** Not "users struggle with X" — instead "I keep losing track of which PR I'm supposed to review."
+- **Cite evidence.** When you make a claim, point at the file, feature, or context line that supports it.
+- **Honour the guidance.** If the human provided guidance (audience focus, market, segment), it overrides your defaults.
+
+---
+
+## Common pitfalls (avoid these)
+
+- Demographic-only personas ("25-34 year old male software engineer"). Skip demographics that don't change behavior; lean on psychographics.
+- Listing the same pain three times with different wording. Consolidate.
+- JTBDs that are just feature descriptions in disguise. A JTBD is about the *outcome the user is hiring for*, not the product's feature.
+- Confusing motivation with intent. "User wants to save time" is intent. The motivation underneath is autonomy ("I want to control my own day").
+- Inventing users the product cannot actually serve. If the product is a developer tool, your personas are not non-technical marketers.
+
+---
+
+## Typical tools
+
+`Read`, `Grep`, `Glob`, `Bash` (for `git log`, `cat`, `head`), `WebSearch` (only if the product context suggests a public-facing product whose market you can verify).

package/dist/supabase/client.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Shared Supabase SDK client for direct-RLS calls from the CLI.
+ *
+ * See packages/edsger-agents/src/supabase/client.ts for the full design
+ * notes (refresh ownership, file-watcher invalidation, etc.) — both packages
+ * follow the same pattern so they stay in sync.
+ */
+import { type SupabaseClient } from '@supabase/supabase-js';
+/**
+ * Get (or lazily create) the shared SupabaseClient.
+ *
+ * Throws if the desktop-app has not yet synced a session. Callers should
+ * catch this and fall back to the MCP edge function path for endpoints not
+ * yet migrated.
+ */
+export declare function getSupabase(): SupabaseClient;
+/**
+ * Returns true if the desktop-app has synced a Supabase session that's
+ * usable for direct-SDK calls.
+ */
+export declare function hasSupabaseSession(): boolean;
+/** Reset module state. Test-only. */
+export declare function resetSupabaseClient(): void;

package/dist/supabase/client.js

@@ -0,0 +1,90 @@
+/**
+ * Shared Supabase SDK client for direct-RLS calls from the CLI.
+ *
+ * See packages/edsger-agents/src/supabase/client.ts for the full design
+ * notes (refresh ownership, file-watcher invalidation, etc.) — both packages
+ * follow the same pattern so they stay in sync.
+ */
+import { createClient } from '@supabase/supabase-js';
+import { watch } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+import { getAccessToken, getRefreshToken, getSupabaseAnonKey, getSupabaseUrl, invalidateAuthCache, } from '../auth/auth-store.js';
+const AUTH_FILE = join(homedir(), '.edsger', 'auth.json');
+let _client = null;
+let _watcherInstalled = false;
+let _lastAppliedAccessToken;
+/**
+ * Get (or lazily create) the shared SupabaseClient.
+ *
+ * Throws if the desktop-app has not yet synced a session. Callers should
+ * catch this and fall back to the MCP edge function path for endpoints not
+ * yet migrated.
+ */
+export function getSupabase() {
+    if (_client) {
+        return _client;
+    }
+    const url = getSupabaseUrl();
+    const anonKey = getSupabaseAnonKey();
+    const accessToken = getAccessToken();
+    const refreshToken = getRefreshToken();
+    if (!url || !anonKey || !accessToken) {
+        throw new Error('Supabase session unavailable. Sign in to the Edsger desktop app to authorize the CLI.');
+    }
+    _client = createClient(url, anonKey, {
+        auth: {
+            persistSession: false,
+            autoRefreshToken: false,
+            detectSessionInUrl: false,
+        },
+    });
+    void _client.auth.setSession({
+        access_token: accessToken,
+        refresh_token: refreshToken ?? '',
+    });
+    _lastAppliedAccessToken = accessToken;
+    installAuthWatcher();
+    return _client;
+}
+/**
+ * Returns true if the desktop-app has synced a Supabase session that's
+ * usable for direct-SDK calls.
+ */
+export function hasSupabaseSession() {
+    return Boolean(getSupabaseUrl() && getSupabaseAnonKey() && getAccessToken());
+}
+function installAuthWatcher() {
+    if (_watcherInstalled) {
+        return;
+    }
+    _watcherInstalled = true;
+    try {
+        const watcher = watch(AUTH_FILE, () => {
+            invalidateAuthCache();
+            const nextAccess = getAccessToken();
+            const nextRefresh = getRefreshToken();
+            if (!_client ||
+                !nextAccess ||
+                nextAccess === _lastAppliedAccessToken) {
+                return;
+            }
+            _lastAppliedAccessToken = nextAccess;
+            void _client.auth.setSession({
+                access_token: nextAccess,
+                refresh_token: nextRefresh ?? '',
+            });
+            _client.realtime.setAuth(nextAccess);
+        });
+        watcher.unref();
+    }
+    catch {
+        // File missing or watch unsupported — best effort.
+    }
+}
+/** Reset module state. Test-only. */
+export function resetSupabaseClient() {
+    _client = null;
+    _watcherInstalled = false;
+    _lastAppliedAccessToken = undefined;
+}

package/dist/system/session-manager.js

@@ -8,7 +8,9 @@
  */
 import { hostname } from 'os';
 import { callMcpEndpoint } from '../api/mcp-client.js';
+import { getUserId } from '../auth/auth-store.js';
 import { getVersion } from '../constants.js';
+import { getSupabase, hasSupabaseSession } from '../supabase/client.js';
 import { initLogSync, logInfo, logWarning, stopLogSync, } from '../utils/logger.js';
 let currentSessionId = null;
 let heartbeatTimer;
@@ -31,19 +33,45 @@ export async function registerSession(options) {
     const sessionId = generateSessionId();
     currentSessionId = sessionId;
     try {
-        const payload = {
-            session_id: sessionId,
-            hostname: hostname(),
-            version: getVersion(),
-            status: 'running',
-        };
-        if (options?.command) {
-            payload.command = options.command;
+        const userId = getUserId();
+        if (hasSupabaseSession() && userId) {
+            const row = {
+                session_id: sessionId,
+                user_id: userId,
+                hostname: hostname(),
+                version: getVersion(),
+                status: 'running',
+                started_at: new Date().toISOString(),
+                last_heartbeat: new Date().toISOString(),
+            };
+            if (options?.command) {
+                row.command = options.command;
+            }
+            if (options?.productId) {
+                row.product_id = options.productId;
+            }
+            const { error } = await getSupabase()
+                .from('cli_sessions')
+                .upsert(row, { onConflict: 'session_id' });
+            if (error) {
+                throw new Error(error.message);
+            }
         }
-        if (options?.productId) {
-            payload.product_id = options.productId;
+        else {
+            const payload = {
+                session_id: sessionId,
+                hostname: hostname(),
+                version: getVersion(),
+                status: 'running',
+            };
+            if (options?.command) {
+                payload.command = options.command;
+            }
+            if (options?.productId) {
+                payload.product_id = options.productId;
+            }
+            await callMcpEndpoint('cli_sessions/register', payload);
         }
-        await callMcpEndpoint('cli_sessions/register', payload);
         logInfo(`CLI session registered: ${sessionId}`);
     }
     catch {
@@ -62,17 +90,43 @@ export async function sendHeartbeat(currentIssueId, currentIssueName) {
         return 'running';
     }
     try {
-        const result = (await callMcpEndpoint('cli_sessions/heartbeat', {
-            session_id: currentSessionId,
-            version: getVersion(),
-            status: _sessionStatus,
-            current_issue_id: currentIssueId,
-            current_issue_name: currentIssueName,
-        }));
+        let serverStatus;
+        const userId = getUserId();
+        if (hasSupabaseSession() && userId) {
+            // Single UPDATE...RETURNING reads back the row's current status, which
+            // the dashboard may have flipped to 'paused' / 'stopped' since the
+            // last heartbeat.
+            const { data, error } = await getSupabase()
+                .from('cli_sessions')
+                .update({
+                last_heartbeat: new Date().toISOString(),
+                version: getVersion(),
+                current_issue_id: currentIssueId ?? null,
+                current_issue_name: currentIssueName ?? null,
+            })
+                .eq('session_id', currentSessionId)
+                .eq('user_id', userId)
+                .select('status')
+                .maybeSingle();
+            if (error) {
+                throw new Error(error.message);
+            }
+            serverStatus = data?.status ?? undefined;
+        }
+        else {
+            const result = (await callMcpEndpoint('cli_sessions/heartbeat', {
+                session_id: currentSessionId,
+                version: getVersion(),
+                status: _sessionStatus,
+                current_issue_id: currentIssueId,
+                current_issue_name: currentIssueName,
+            }));
+            serverStatus = result.status;
+        }
         // Server may respond with a new status (e.g., 'paused' or 'stopped')
-        if (result.status && result.status !== _sessionStatus) {
-            logInfo(`Session status changed: ${_sessionStatus} -> ${result.status}`);
-            _sessionStatus = result.status;
+        if (serverStatus && serverStatus !== _sessionStatus) {
+            logInfo(`Session status changed: ${_sessionStatus} -> ${serverStatus}`);
+            _sessionStatus = serverStatus;
         }
         return _sessionStatus;
     }
@@ -111,9 +165,28 @@ export async function deregisterSession() {
     // Flush remaining logs before deregistering
     await stopLogSync();
     try {
-        await callMcpEndpoint('cli_sessions/deregister', {
-            session_id: currentSessionId,
-        });
+        const userId = getUserId();
+        if (hasSupabaseSession() && userId) {
+            // Match the MCP handler's behaviour: keep the row so historical logs
+            // can still link to it, just mark it stopped + clear current issue.
+            const { error } = await getSupabase()
+                .from('cli_sessions')
+                .update({
+                status: 'stopped',
+                current_issue_id: null,
+                current_issue_name: null,
+            })
+                .eq('session_id', currentSessionId)
+                .eq('user_id', userId);
+            if (error) {
+                throw new Error(error.message);
+            }
+        }
+        else {
+            await callMcpEndpoint('cli_sessions/deregister', {
+                session_id: currentSessionId,
+            });
+        }
     }
     catch {
         // Best-effort

package/dist/types/index.d.ts

@@ -45,6 +45,9 @@ export interface CliOptions {
     growthAnalysisId?: string;
     financingDeck?: string;
     financingTargetStage?: string;
+    userPsychology?: string;
+    userPsychologyGuidance?: string;
+    userPsychologyAnalysisId?: string;
     productLevel?: boolean;
     concurrency?: number;
     watchTasks?: string;

package/dist/utils/logger.js

@@ -1,5 +1,7 @@
 import { callMcpEndpoint } from '../api/mcp-client.js';
+import { getUserId } from '../auth/auth-store.js';
 import { getVersion } from '../constants.js';
+import { getSupabase, hasSupabaseSession } from '../supabase/client.js';
 export const colors = {
     reset: '\x1b[0m',
     bright: '\x1b[1m',
@@ -48,10 +50,28 @@ export async function flushLogs() {
     }
     const batch = _logBuffer.splice(0);
     try {
-        await callMcpEndpoint('cli_logs/batch', {
-            session_id: _logSyncSessionId,
-            logs: batch,
-        });
+        const userId = getUserId();
+        if (hasSupabaseSession() && userId) {
+            // Direct-SDK path. user_id is set explicitly per row to satisfy the
+            // cli_logs RLS check (auth.uid() = user_id).
+            const rows = batch.slice(0, 200).map((log) => ({
+                session_id: _logSyncSessionId,
+                user_id: userId,
+                level: log.level,
+                message: log.message,
+                created_at: log.created_at,
+            }));
+            const { error } = await getSupabase().from('cli_logs').insert(rows);
+            if (error) {
+                throw new Error(error.message);
+            }
+        }
+        else {
+            await callMcpEndpoint('cli_logs/batch', {
+                session_id: _logSyncSessionId,
+                logs: batch,
+            });
+        }
     }
     catch {
         // Best-effort: put logs back if send fails (drop if buffer is huge)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edsger",
-  "version": "0.56.3",
+  "version": "0.58.0",
   "type": "module",
   "bin": {
     "edsger": "dist/index.js"
@@ -44,13 +44,14 @@
   "dependencies": {
     "@anthropic-ai/claude-agent-sdk": "0.2.141",
     "@octokit/plugin-retry": "8.1.0",
+    "@supabase/supabase-js": "^2.47.10",
     "@octokit/plugin-throttling": "11.0.3",
     "@octokit/rest": "^20.0.0",
     "commander": "^12.0.0",
     "cosmiconfig": "^9.0.0",
     "dotenv": "^16.4.5",
-    "edsger-contract": "0.3.1",
-    "edsger-tools": "0.3.1",
+    "edsger-contract": "0.4.0",
+    "edsger-tools": "0.4.0",
     "gray-matter": "^4.0.3",
     "zod": "^4.0.0"
   },

package/vitest.config.ts

@@ -15,6 +15,7 @@ export default defineConfig({
       'src/phases/sync-github-issues/__tests__/**/*.test.ts',
       'src/phases/sync-sentry-issues/__tests__/**/*.test.ts',
       'src/phases/sync-shared/__tests__/**/*.test.ts',
+      'src/phases/screen-flow/__tests__/**/*.test.ts',
       'src/types/__tests__/**/*.test.ts',
       'src/commands/find-smells/__tests__/**/*.test.ts',
     ],