level-up-mcp-server-cn 0.4.0

package/supabase/migrations/20260314000001_ownership_rpcs.sql

@@ -0,0 +1,382 @@
+-- ============================================================
+-- Migration: Ownership-checking RPC functions
+-- ============================================================
+-- These SECURITY DEFINER functions replace direct UPDATE calls.
+-- Anon role has no UPDATE policies — all modifications go through
+-- these RPCs which verify ownership before making changes.
+--
+-- Depends on: 20260314000000_anon_rls_policies.sql
+-- ============================================================
+
+-- ============================================================
+-- RPC 1: update_user_profile
+-- Updates safe user fields. Cannot modify XP, level, or timestamps.
+-- ============================================================
+CREATE OR REPLACE FUNCTION update_user_profile(
+  p_user_id UUID,
+  p_updates JSONB
+) RETURNS JSONB AS $$
+DECLARE
+  v_user RECORD;
+  v_sql TEXT := 'UPDATE users SET ';
+  v_sets TEXT[] := ARRAY[]::TEXT[];
+  v_key TEXT;
+  v_allowed TEXT[] := ARRAY[
+    'username', 'handle', 'email',
+    'is_searchable_by_email', 'wallet_address', 'metadata'
+  ];
+BEGIN
+  -- Verify user exists
+  SELECT id INTO v_user FROM users WHERE id = p_user_id;
+  IF NOT FOUND THEN
+    RETURN jsonb_build_object('success', false, 'error', 'User not found');
+  END IF;
+
+  -- Build dynamic update from allowed fields only
+  FOR v_key IN SELECT jsonb_object_keys(p_updates) LOOP
+    IF v_key = ANY(v_allowed) THEN
+      v_sets := array_append(v_sets, format('%I = %L', v_key, p_updates->>v_key));
+    END IF;
+  END LOOP;
+
+  IF array_length(v_sets, 1) IS NULL THEN
+    RETURN jsonb_build_object('success', false, 'error', 'No valid fields to update');
+  END IF;
+
+  v_sql := v_sql || array_to_string(v_sets, ', ') || format(' WHERE id = %L', p_user_id);
+  EXECUTE v_sql;
+
+  RETURN jsonb_build_object('success', true, 'user_id', p_user_id);
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================================
+-- RPC 2: update_agent_profile
+-- Updates safe agent fields. Verifies owner_user_id matches.
+-- Cannot modify XP, level, integrity_score, or timestamps.
+-- ============================================================
+CREATE OR REPLACE FUNCTION update_agent_profile(
+  p_agent_id UUID,
+  p_owner_user_id UUID,
+  p_updates JSONB
+) RETURNS JSONB AS $$
+DECLARE
+  v_agent RECORD;
+  v_sql TEXT := 'UPDATE agents SET ';
+  v_sets TEXT[] := ARRAY[]::TEXT[];
+  v_key TEXT;
+  v_allowed TEXT[] := ARRAY[
+    'name', 'description', 'agent_class', 'platform',
+    'is_public', 'status', 'metadata'
+  ];
+BEGIN
+  -- Verify agent exists and caller is the owner
+  SELECT id, owner_user_id INTO v_agent FROM agents WHERE id = p_agent_id;
+  IF NOT FOUND THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Agent not found');
+  END IF;
+  IF v_agent.owner_user_id != p_owner_user_id THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Not the agent owner');
+  END IF;
+
+  -- Build dynamic update from allowed fields only
+  FOR v_key IN SELECT jsonb_object_keys(p_updates) LOOP
+    IF v_key = ANY(v_allowed) THEN
+      v_sets := array_append(v_sets, format('%I = %L', v_key, p_updates->>v_key));
+    END IF;
+  END LOOP;
+
+  IF array_length(v_sets, 1) IS NULL THEN
+    RETURN jsonb_build_object('success', false, 'error', 'No valid fields to update');
+  END IF;
+
+  v_sql := v_sql || array_to_string(v_sets, ', ') || format(' WHERE id = %L', p_agent_id);
+  EXECUTE v_sql;
+
+  RETURN jsonb_build_object('success', true, 'agent_id', p_agent_id);
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================================
+-- RPC 3: update_task_status
+-- Updates task fields. Verifies the caller owns the task
+-- (matches user_id or agent's owner_user_id).
+-- ============================================================
+CREATE OR REPLACE FUNCTION update_task_status(
+  p_task_id UUID,
+  p_caller_id UUID,
+  p_updates JSONB
+) RETURNS JSONB AS $$
+DECLARE
+  v_task RECORD;
+  v_is_owner BOOLEAN := false;
+  v_sql TEXT := 'UPDATE tasks SET ';
+  v_sets TEXT[] := ARRAY[]::TEXT[];
+  v_key TEXT;
+  v_allowed TEXT[] := ARRAY[
+    'status', 'completion_pct', 'milestones_completed',
+    'output_type', 'completed_at', 'duration_seconds', 'metadata'
+  ];
+BEGIN
+  -- Fetch task
+  SELECT id, user_id, agent_id INTO v_task FROM tasks WHERE id = p_task_id;
+  IF NOT FOUND THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Task not found');
+  END IF;
+
+  -- Check ownership: caller is the user, or caller owns the agent
+  IF v_task.user_id = p_caller_id THEN
+    v_is_owner := true;
+  ELSIF v_task.agent_id IS NOT NULL THEN
+    IF EXISTS (SELECT 1 FROM agents WHERE id = v_task.agent_id AND owner_user_id = p_caller_id) THEN
+      v_is_owner := true;
+    END IF;
+  END IF;
+
+  IF NOT v_is_owner THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Not the task owner');
+  END IF;
+
+  -- Build dynamic update from allowed fields only
+  FOR v_key IN SELECT jsonb_object_keys(p_updates) LOOP
+    IF v_key = ANY(v_allowed) THEN
+      IF v_key IN ('completion_pct', 'milestones_completed', 'duration_seconds') THEN
+        v_sets := array_append(v_sets, format('%I = %s', v_key, (p_updates->>v_key)::numeric));
+      ELSE
+        v_sets := array_append(v_sets, format('%I = %L', v_key, p_updates->>v_key));
+      END IF;
+    END IF;
+  END LOOP;
+
+  IF array_length(v_sets, 1) IS NULL THEN
+    RETURN jsonb_build_object('success', false, 'error', 'No valid fields to update');
+  END IF;
+
+  v_sql := v_sql || array_to_string(v_sets, ', ') || format(' WHERE id = %L', p_task_id);
+  EXECUTE v_sql;
+
+  RETURN jsonb_build_object('success', true, 'task_id', p_task_id);
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================================
+-- RPC 4: award_xp_direct
+-- Awards XP through the ledger — used by quests and weekly bonuses.
+-- Replaces awardXpWithLock() in TypeScript.
+-- ============================================================
+CREATE OR REPLACE FUNCTION award_xp_direct(
+  p_entity_type TEXT,
+  p_entity_id UUID,
+  p_amount INTEGER,
+  p_source_type TEXT,
+  p_description TEXT,
+  p_source_id UUID DEFAULT NULL
+) RETURNS JSONB AS $$
+DECLARE
+  v_running_total BIGINT;
+BEGIN
+  -- Validate entity exists
+  IF p_entity_type = 'user' THEN
+    IF NOT EXISTS (SELECT 1 FROM users WHERE id = p_entity_id) THEN
+      RETURN jsonb_build_object('success', false, 'error', 'User not found');
+    END IF;
+  ELSIF p_entity_type = 'agent' THEN
+    IF NOT EXISTS (SELECT 1 FROM agents WHERE id = p_entity_id) THEN
+      RETURN jsonb_build_object('success', false, 'error', 'Agent not found');
+    END IF;
+  ELSE
+    RETURN jsonb_build_object('success', false, 'error', 'Invalid entity_type');
+  END IF;
+
+  -- Validate amount is positive
+  IF p_amount <= 0 THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Amount must be positive');
+  END IF;
+
+  -- Get current running total
+  SELECT COALESCE(running_total, 0) INTO v_running_total
+  FROM xp_ledger
+  WHERE entity_type = p_entity_type AND entity_id = p_entity_id
+  ORDER BY created_at DESC
+  LIMIT 1;
+
+  IF NOT FOUND THEN
+    v_running_total := 0;
+  END IF;
+
+  v_running_total := v_running_total + p_amount;
+
+  -- Insert ledger entry
+  INSERT INTO xp_ledger (
+    entity_type, entity_id, xp_type, amount,
+    source_type, source_id, description, running_total
+  ) VALUES (
+    p_entity_type, p_entity_id, 'main', p_amount,
+    p_source_type, p_source_id, p_description, v_running_total
+  );
+
+  -- Update entity XP column
+  IF p_entity_type = 'user' THEN
+    UPDATE users SET main_xp = v_running_total WHERE id = p_entity_id;
+  ELSE
+    UPDATE agents SET xp = v_running_total WHERE id = p_entity_id;
+  END IF;
+
+  RETURN jsonb_build_object(
+    'success', true,
+    'running_total', v_running_total,
+    'amount', p_amount
+  );
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================================
+-- RPC 5: update_integrity_score
+-- Updates agent integrity_score from rating events.
+-- ============================================================
+CREATE OR REPLACE FUNCTION update_integrity_score(
+  p_agent_id UUID,
+  p_delta INTEGER
+) RETURNS JSONB AS $$
+DECLARE
+  v_current INTEGER;
+  v_new INTEGER;
+BEGIN
+  SELECT integrity_score INTO v_current FROM agents WHERE id = p_agent_id;
+  IF NOT FOUND THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Agent not found');
+  END IF;
+
+  v_new := GREATEST(0, LEAST(100, v_current + p_delta));
+  UPDATE agents SET integrity_score = v_new WHERE id = p_agent_id;
+
+  RETURN jsonb_build_object(
+    'success', true,
+    'agent_id', p_agent_id,
+    'old_score', v_current,
+    'new_score', v_new
+  );
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================================
+-- RPC 6: record_level_up_timestamp
+-- Records last_leveled_at after a level-up. Called by check_level_up.
+-- ============================================================
+CREATE OR REPLACE FUNCTION record_level_up_timestamp(
+  p_entity_type TEXT,
+  p_entity_id UUID
+) RETURNS JSONB AS $$
+BEGIN
+  IF p_entity_type = 'user' THEN
+    UPDATE users SET last_leveled_at = now() WHERE id = p_entity_id;
+  ELSIF p_entity_type = 'agent' THEN
+    UPDATE agents SET last_leveled_at = now() WHERE id = p_entity_id;
+  ELSE
+    RETURN jsonb_build_object('success', false, 'error', 'Invalid entity_type');
+  END IF;
+
+  RETURN jsonb_build_object('success', true);
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================================
+-- RPC 7: merge_user_profiles
+-- Handles the profile merge operation atomically.
+-- Moves agents, identities, XP ledger, quest participations,
+-- recalculates XP, and soft-deletes the secondary user.
+-- ============================================================
+CREATE OR REPLACE FUNCTION merge_user_profiles(
+  p_primary_user_id UUID,
+  p_secondary_user_id UUID
+) RETURNS JSONB AS $$
+DECLARE
+  v_agents_moved INTEGER;
+  v_identities_moved INTEGER;
+  v_total_xp BIGINT;
+  v_sc RECORD;
+  v_pc RECORD;
+BEGIN
+  -- Verify both users exist
+  IF NOT EXISTS (SELECT 1 FROM users WHERE id = p_primary_user_id) THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Primary user not found');
+  END IF;
+  IF NOT EXISTS (SELECT 1 FROM users WHERE id = p_secondary_user_id) THEN
+    RETURN jsonb_build_object('success', false, 'error', 'Secondary user not found');
+  END IF;
+
+  -- Move agents
+  WITH moved AS (
+    UPDATE agents SET owner_user_id = p_primary_user_id
+    WHERE owner_user_id = p_secondary_user_id
+    RETURNING id
+  ) SELECT count(*) INTO v_agents_moved FROM moved;
+
+  -- Move identities
+  WITH moved AS (
+    UPDATE user_identities SET user_id = p_primary_user_id
+    WHERE user_id = p_secondary_user_id
+    RETURNING id
+  ) SELECT count(*) INTO v_identities_moved FROM moved;
+
+  -- Move XP ledger
+  UPDATE xp_ledger SET entity_id = p_primary_user_id
+  WHERE entity_type = 'user' AND entity_id = p_secondary_user_id;
+
+  -- Move quest participations
+  UPDATE quest_participants SET user_id = p_primary_user_id
+  WHERE user_id = p_secondary_user_id;
+
+  -- Recalculate XP
+  SELECT COALESCE(SUM(amount), 0) INTO v_total_xp
+  FROM xp_ledger
+  WHERE entity_type = 'user' AND entity_id = p_primary_user_id;
+
+  UPDATE users SET main_xp = v_total_xp WHERE id = p_primary_user_id;
+
+  -- Merge class XP
+  FOR v_sc IN
+    SELECT class_name, class_xp FROM user_class_progress
+    WHERE user_id = p_secondary_user_id
+  LOOP
+    SELECT id, class_xp INTO v_pc FROM user_class_progress
+    WHERE user_id = p_primary_user_id AND class_name = v_sc.class_name;
+    IF FOUND THEN
+      UPDATE user_class_progress SET class_xp = v_pc.class_xp + v_sc.class_xp
+      WHERE id = v_pc.id;
+    END IF;
+  END LOOP;
+
+  -- Soft-delete secondary user
+  UPDATE users SET
+    username = '[MERGED] ' || left(p_secondary_user_id::text, 8),
+    handle = NULL,
+    metadata = jsonb_build_object(
+      'merged_into', p_primary_user_id,
+      'merged_at', now()
+    )
+  WHERE id = p_secondary_user_id;
+
+  DELETE FROM user_class_progress WHERE user_id = p_secondary_user_id;
+
+  RETURN jsonb_build_object(
+    'success', true,
+    'primary_user_id', p_primary_user_id,
+    'secondary_user_id', p_secondary_user_id,
+    'agents_moved', v_agents_moved,
+    'identities_moved', v_identities_moved,
+    'total_xp', v_total_xp
+  );
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- ============================================================
+-- Grant EXECUTE to anon role for all RPCs
+-- ============================================================
+GRANT EXECUTE ON FUNCTION update_user_profile(UUID, JSONB) TO anon;
+GRANT EXECUTE ON FUNCTION update_agent_profile(UUID, UUID, JSONB) TO anon;
+GRANT EXECUTE ON FUNCTION update_task_status(UUID, UUID, JSONB) TO anon;
+GRANT EXECUTE ON FUNCTION award_xp_direct(TEXT, UUID, INTEGER, TEXT, TEXT, UUID) TO anon;
+GRANT EXECUTE ON FUNCTION update_integrity_score(UUID, INTEGER) TO anon;
+GRANT EXECUTE ON FUNCTION record_level_up_timestamp(TEXT, UUID) TO anon;
+GRANT EXECUTE ON FUNCTION merge_user_profiles(UUID, UUID) TO anon;

package/supabase/migrations/20260314000002_evidence_and_growth_plan.sql

@@ -0,0 +1,97 @@
+-- ============================================================
+-- Migration: Evidence system + Growth plan cache
+-- ============================================================
+-- Adds:
+--   1. task_evidence table (Table 47) — verifiable output per task
+--   2. growth_plan_cache table (Table 46) — cached growth plans
+--   3. Two new columns on tasks: evidence_required, evidence_quality
+--   4. RLS policies for anon access
+-- ============================================================
+
+-- ============================================================
+-- 1. NEW COLUMNS ON tasks
+-- ============================================================
+
+ALTER TABLE tasks
+  ADD COLUMN IF NOT EXISTS evidence_required boolean NOT NULL DEFAULT true,
+  ADD COLUMN IF NOT EXISTS evidence_quality text;
+
+COMMENT ON COLUMN tasks.evidence_required IS 'Whether evidence must be attached. Default true for agent_reported tasks.';
+COMMENT ON COLUMN tasks.evidence_quality IS 'Computed at complete_task: strong, medium, low, none.';
+
+-- ============================================================
+-- 2. task_evidence TABLE (Table 47)
+-- ============================================================
+
+CREATE TABLE IF NOT EXISTS task_evidence (
+  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  task_id uuid NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+  evidence_type text NOT NULL CHECK (evidence_type IN (
+    'deliverable_url', 'platform_reference', 'screenshot',
+    'code_output', 'api_response', 'text_summary', 'external_link'
+  )),
+  content text NOT NULL,
+  label text,
+  verified boolean NOT NULL DEFAULT false,
+  verified_at timestamptz,
+  added_at timestamptz NOT NULL DEFAULT now(),
+  metadata jsonb
+);
+
+CREATE INDEX IF NOT EXISTS idx_task_evidence_task_id ON task_evidence(task_id);
+CREATE INDEX IF NOT EXISTS idx_task_evidence_type_verified ON task_evidence(evidence_type, verified);
+
+COMMENT ON TABLE task_evidence IS 'Verifiable evidence attached to completed tasks. One or more items per task.';
+
+-- ============================================================
+-- 3. growth_plan_cache TABLE (Table 46)
+-- ============================================================
+
+CREATE TABLE IF NOT EXISTS growth_plan_cache (
+  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  agent_id uuid NOT NULL REFERENCES agents(id) ON DELETE CASCADE,
+  target_hash text NOT NULL,
+  plan jsonb NOT NULL,
+  generated_at timestamptz NOT NULL DEFAULT now(),
+  expires_at timestamptz NOT NULL DEFAULT (now() + interval '7 days'),
+  invalidated boolean NOT NULL DEFAULT false
+);
+
+CREATE INDEX IF NOT EXISTS idx_growth_plan_cache_lookup
+  ON growth_plan_cache(agent_id, target_hash, invalidated, expires_at);
+
+COMMENT ON TABLE growth_plan_cache IS 'Cached growth plans per agent+target. Invalidated on agent state changes.';
+
+-- ============================================================
+-- 4. RLS POLICIES
+-- ============================================================
+
+ALTER TABLE task_evidence ENABLE ROW LEVEL SECURITY;
+ALTER TABLE growth_plan_cache ENABLE ROW LEVEL SECURITY;
+
+-- task_evidence: anon can read and insert (MCP server enforces rules)
+CREATE POLICY "anon_select_task_evidence" ON task_evidence
+  FOR SELECT TO anon USING (true);
+
+CREATE POLICY "anon_insert_task_evidence" ON task_evidence
+  FOR INSERT TO anon WITH CHECK (true);
+
+CREATE POLICY "anon_update_task_evidence" ON task_evidence
+  FOR UPDATE TO anon USING (true) WITH CHECK (true);
+
+-- growth_plan_cache: anon can read, insert, and update (invalidation)
+CREATE POLICY "anon_select_growth_plan_cache" ON growth_plan_cache
+  FOR SELECT TO anon USING (true);
+
+CREATE POLICY "anon_insert_growth_plan_cache" ON growth_plan_cache
+  FOR INSERT TO anon WITH CHECK (true);
+
+CREATE POLICY "anon_update_growth_plan_cache" ON growth_plan_cache
+  FOR UPDATE TO anon USING (true) WITH CHECK (true);
+
+-- ============================================================
+-- 5. UPDATE tasks RLS (allow updating new columns)
+-- ============================================================
+-- The existing anon UPDATE policy on tasks should already cover
+-- evidence_required and evidence_quality since they're new columns
+-- on the same table. No additional policy needed.

package/supabase/migrations/20260317000000_seed_quests.sql

@@ -0,0 +1,62 @@
+-- ============================================================
+-- Seed 35 quests across 6 categories
+-- ============================================================
+
+-- Onboarding Track (sequential, order 1-7)
+INSERT INTO quests (title, description, source, quest_type, target_type, base_xp_reward, requirements, safe_for_autonomous, status, metadata)
+VALUES
+  ('First Steps', 'Register your Level-Up profile to start tracking XP and progress.', 'internal', 'default', 'user', 5, '{"type":"registration","target":1}', true, 'active', '{"category":"onboarding","order":1}'),
+  ('Equip Your Agent', 'Add 3 skills to your agent. Skills improve task quality and reduce leveling costs.', 'internal', 'default', 'both', 15, '{"type":"skill_count","target":3}', true, 'active', '{"category":"onboarding","order":2}'),
+  ('Tool Collector', 'Install 3 MCP tools. Each install awards +20 XP and unlocks new skill categories.', 'internal', 'default', 'both', 20, '{"type":"mcp_install","target":3}', true, 'active', '{"category":"onboarding","order":3}'),
+  ('First Delivery', 'Complete your first task with evidence. This is where real XP starts flowing.', 'internal', 'default', 'both', 15, '{"type":"task_count","target":1,"filter":{"status":"completed"}}', true, 'active', '{"category":"onboarding","order":4}'),
+  ('Quality Work', 'Complete a task with a quality score above 3.5. Evidence and proper difficulty help.', 'internal', 'default', 'both', 20, '{"type":"quality_score","target":3.5}', true, 'active', '{"category":"onboarding","order":5}'),
+  ('Evidence Keeper', 'Complete a standard or higher task with strong evidence (URL, code output, or platform reference).', 'internal', 'default', 'both', 15, '{"type":"evidence_quality","target":1,"filter":{"quality":"strong"}}', true, 'active', '{"category":"onboarding","order":6}'),
+  ('Rising Star', 'Reach Level 5. You''re no longer a beginner — complex tasks are now unlocked.', 'internal', 'default', 'agent', 30, '{"type":"level","target":5}', true, 'active', '{"category":"onboarding","order":7}');
+
+-- Skill Development Track (unlocks at level 3)
+INSERT INTO quests (title, description, source, quest_type, target_type, base_xp_reward, requirements, safe_for_autonomous, min_user_level, status, metadata)
+VALUES
+  ('Code Warrior', 'Complete 5 coding tasks (Bug Fix, Feature Build, or Code Review).', 'internal', 'default', 'both', 25, '{"type":"task_count","target":5,"filter":{"task_types":["Bug Fix","Feature Build","Code Review"]}}', true, 3, 'active', '{"category":"skill"}'),
+  ('Wordsmith', 'Complete 5 writing tasks (Documentation, Email Draft, or Content Writing).', 'internal', 'default', 'both', 25, '{"type":"task_count","target":5,"filter":{"task_types":["Process Documentation","Email Draft","Content Writing"]}}', true, 3, 'active', '{"category":"skill"}'),
+  ('Researcher', 'Complete 3 research tasks (Research Report or Competitive Analysis).', 'internal', 'default', 'both', 20, '{"type":"task_count","target":3,"filter":{"task_types":["Research Report","Competitive Analysis"]}}', true, 3, 'active', '{"category":"skill"}'),
+  ('Ops Master', 'Complete 3 infrastructure tasks (Deployment or Pipeline Build).', 'internal', 'default', 'both', 30, '{"type":"task_count","target":3,"filter":{"task_types":["Deployment","Pipeline Build"]}}', true, 3, 'active', '{"category":"skill"}'),
+  ('Multi-Talented', 'Have 5+ skills on your agent at proficiency 2 or higher.', 'internal', 'default', 'agent', 25, '{"type":"skill_proficiency_count","target":5,"filter":{"min_proficiency":2}}', true, 3, 'active', '{"category":"skill"}'),
+  ('Specialist', 'Reach proficiency 5 in any single skill. Deep expertise pays off.', 'internal', 'default', 'agent', 35, '{"type":"skill_proficiency_max","target":5}', true, 3, 'active', '{"category":"skill"}');
+
+-- Automation Track (unlocks at level 5)
+INSERT INTO quests (title, description, source, quest_type, target_type, base_xp_reward, requirements, safe_for_autonomous, min_user_level, status, metadata)
+VALUES
+  ('Hands Off', 'Complete a task with agent_solo performer type. Let the agent fly solo.', 'internal', 'default', 'agent', 20, '{"type":"performer_type","target":1,"filter":{"performer_type":"agent_solo"}}', true, 5, 'active', '{"category":"automation"}'),
+  ('Dynamic Duo', 'Complete 10 tasks together as user_with_agent. Teamwork makes the dream work.', 'internal', 'default', 'both', 30, '{"type":"performer_type","target":10,"filter":{"performer_type":"user_with_agent"}}', true, 5, 'active', '{"category":"automation"}'),
+  ('Orchestrator', 'Complete a task with orchestrated performer type involving multiple agents.', 'internal', 'default', 'both', 50, '{"type":"performer_type","target":1,"filter":{"performer_type":"orchestrated"}}', false, 5, 'active', '{"category":"automation"}'),
+  ('Deployer', 'Complete a task with output_type deployed. Ship something live.', 'internal', 'default', 'both', 40, '{"type":"output_type","target":1,"filter":{"output_type":"deployed"}}', true, 5, 'active', '{"category":"automation"}'),
+  ('Chain Reaction', 'Complete 3 different task types in a single day. Variety is the spice of XP.', 'internal', 'default', 'both', 25, '{"type":"daily_task_diversity","target":3}', true, 5, 'active', '{"category":"automation"}');
+
+-- Weekly Challenges (recurring)
+INSERT INTO quests (title, description, source, quest_type, target_type, base_xp_reward, requirements, safe_for_autonomous, status, metadata)
+VALUES
+  ('Productive Week', 'Complete 5 tasks in 7 days. Consistency beats intensity.', 'internal', 'recurring', 'both', 25, '{"type":"task_count","target":5,"filter":{"period":"week"}}', true, 'active', '{"category":"weekly"}'),
+  ('Skill Builder', 'Increase any skill proficiency by 1 level this week.', 'internal', 'recurring', 'agent', 15, '{"type":"skill_proficiency_gain","target":1,"filter":{"period":"week"}}', true, 'active', '{"category":"weekly"}'),
+  ('Streak Keeper', 'Complete at least 1 task per day for 5 consecutive days.', 'internal', 'recurring', 'both', 30, '{"type":"streak","target":5}', true, 'active', '{"category":"weekly"}'),
+  ('Diversity Bonus', 'Complete 3 different task types this week. Breadth earns bonus XP.', 'internal', 'recurring', 'both', 20, '{"type":"weekly_task_diversity","target":3}', true, 'active', '{"category":"weekly"}'),
+  ('High Standards', 'Achieve an average quality score above 4.0 across all tasks this week.', 'internal', 'recurring', 'both', 25, '{"type":"quality_score_avg","target":4.0,"filter":{"period":"week"}}', true, 'active', '{"category":"weekly"}');
+
+-- Achievement Quests (one-off milestones)
+INSERT INTO quests (title, description, source, quest_type, target_type, base_xp_reward, requirements, safe_for_autonomous, status, metadata)
+VALUES
+  ('Century', 'Earn 100 total XP. Your first major milestone.', 'internal', 'one_off', 'both', 10, '{"type":"total_xp","target":100}', true, 'active', '{"category":"achievement"}'),
+  ('Rank D Achiever', 'Reach Rank D — Pathfinder. You''re finding your way.', 'internal', 'one_off', 'agent', 20, '{"type":"rank","target":1,"filter":{"rank":"D"}}', true, 'active', '{"category":"achievement"}'),
+  ('Rank C Achiever', 'Reach Rank C — Specialist. Real expertise recognized.', 'internal', 'one_off', 'agent', 40, '{"type":"rank","target":1,"filter":{"rank":"C"}}', true, 'active', '{"category":"achievement"}'),
+  ('Half Century Tasks', 'Complete 50 tasks total. Dedication pays off.', 'internal', 'one_off', 'both', 30, '{"type":"task_count","target":50}', true, 'active', '{"category":"achievement"}'),
+  ('Century Tasks', 'Complete 100 tasks total. You''re a machine (or working with one).', 'internal', 'one_off', 'both', 50, '{"type":"task_count","target":100}', true, 'active', '{"category":"achievement"}'),
+  ('Integrity Champion', 'Maintain integrity score above 80 for 30 consecutive days.', 'internal', 'one_off', 'agent', 40, '{"type":"integrity_duration","target":30,"filter":{"min_score":80}}', true, 'active', '{"category":"achievement"}'),
+  ('Community Builder', 'Have your work reviewed by another agent. Collaboration earns respect.', 'internal', 'one_off', 'both', 25, '{"type":"peer_review","target":1}', false, 'active', '{"category":"achievement"}');
+
+-- Exploration Quests (discover features)
+INSERT INTO quests (title, description, source, quest_type, target_type, base_xp_reward, requirements, safe_for_autonomous, status, metadata)
+VALUES
+  ('Growth Minded', 'Check your growth plan to see the path to the next rank.', 'internal', 'one_off', 'both', 5, '{"type":"tool_call","target":1,"filter":{"tool":"levelup_get_growth_plan"}}', true, 'active', '{"category":"exploration"}'),
+  ('Skill Browser', 'Browse recommended skillsets for 3 or more ability categories.', 'internal', 'one_off', 'both', 10, '{"type":"tool_call","target":3,"filter":{"tool":"levelup_browse_skillsets"}}', true, 'active', '{"category":"exploration"}'),
+  ('Leaderboard Climber', 'Check the leaderboard to see where you stand.', 'internal', 'one_off', 'both', 5, '{"type":"tool_call","target":1,"filter":{"tool":"levelup_get_leaderboard"}}', true, 'active', '{"category":"exploration"}'),
+  ('Self Aware', 'Submit an agent self-evaluation after completing a task.', 'internal', 'one_off', 'agent', 10, '{"type":"tool_call","target":1,"filter":{"tool":"levelup_submit_agent_evaluation"}}', true, 'active', '{"category":"exploration"}'),
+  ('Profile Complete', 'Set a vanity handle and link an identity to your profile.', 'internal', 'one_off', 'user', 10, '{"type":"profile_complete","target":1}', true, 'active', '{"category":"exploration"}');

package/supabase/migrations/20260317000001_star_cooldown_and_fixes.sql

@@ -0,0 +1,16 @@
+-- ============================================================
+-- Add last_leveled_at for star cooldown enforcement
+-- Fix quest_completions split_pct default
+-- ============================================================
+
+-- Add last_leveled_at columns for star cooldown tracking
+ALTER TABLE users ADD COLUMN IF NOT EXISTS last_leveled_at timestamptz;
+ALTER TABLE agents ADD COLUMN IF NOT EXISTS last_leveled_at timestamptz;
+
+-- Set default for quest_completions.split_pct so it doesn't require explicit value
+ALTER TABLE quest_completions ALTER COLUMN split_pct SET DEFAULT 100;
+
+-- Add user_star_cooldown_hours config if missing (matches agent version)
+INSERT INTO xp_config (config_key, config_value, description)
+VALUES ('user_star_cooldown_hours', '{"E":0,"D":12,"C":72,"B":168,"A":504,"S":504}', 'Hours between level-ups per rank for users')
+ON CONFLICT (config_key) DO NOTHING;

package/supabase/migrations/20260318000000_restore_rank_names.sql

@@ -0,0 +1,25 @@
+-- ============================================================
+-- Restore canonical rank names for users and agents
+-- ============================================================
+-- User ranks:  Analyst → Tactician → Strategist → Commander → Grandmaster → Supreme
+-- Agent ranks: Novice → Pathfinder → Enlightened → Paragon → Transcendent → Celestial
+--
+-- These are the original rank names designed for the Level-Up system.
+-- This migration ensures they are correct regardless of prior DB state.
+-- ============================================================
+
+-- User ranks (entity_type = 'user')
+UPDATE rank_definitions SET rank_name = 'Analyst'      WHERE rank_letter = 'E' AND entity_type = 'user';
+UPDATE rank_definitions SET rank_name = 'Tactician'    WHERE rank_letter = 'D' AND entity_type = 'user';
+UPDATE rank_definitions SET rank_name = 'Strategist'   WHERE rank_letter = 'C' AND entity_type = 'user';
+UPDATE rank_definitions SET rank_name = 'Commander'    WHERE rank_letter = 'B' AND entity_type = 'user';
+UPDATE rank_definitions SET rank_name = 'Grandmaster'  WHERE rank_letter = 'A' AND entity_type = 'user';
+UPDATE rank_definitions SET rank_name = 'Supreme'      WHERE rank_letter = 'S' AND entity_type = 'user';
+
+-- Agent ranks (entity_type = 'agent')
+UPDATE rank_definitions SET rank_name = 'Novice'        WHERE rank_letter = 'E' AND entity_type = 'agent';
+UPDATE rank_definitions SET rank_name = 'Pathfinder'    WHERE rank_letter = 'D' AND entity_type = 'agent';
+UPDATE rank_definitions SET rank_name = 'Enlightened'   WHERE rank_letter = 'C' AND entity_type = 'agent';
+UPDATE rank_definitions SET rank_name = 'Paragon'       WHERE rank_letter = 'B' AND entity_type = 'agent';
+UPDATE rank_definitions SET rank_name = 'Transcendent'  WHERE rank_letter = 'A' AND entity_type = 'agent';
+UPDATE rank_definitions SET rank_name = 'Celestial'     WHERE rank_letter = 'S' AND entity_type = 'agent';

package/supabase/migrations/20260320000000_chinese_rank_names.sql

@@ -0,0 +1,24 @@
+-- ============================================================
+-- Migration: Chinese (zh) rank names for Level-Up CN
+-- ============================================================
+-- User ranks: 分析师 → 战术师 → 策略师 → 指挥官 → 大师 → 至尊
+-- Agent ranks (xianxia cultivation): 练器境 → 筑基期 → 金丹期 → 元婴期 → 大乘期 → 人工大能
+-- ============================================================
+
+INSERT INTO rank_definitions (rank_letter, entity_type, rank_name, min_level, max_level, locale)
+VALUES
+  -- User ranks (zh)
+  ('E', 'user', '分析师', 1, 5, 'zh'),
+  ('D', 'user', '战术师', 6, 10, 'zh'),
+  ('C', 'user', '策略师', 11, 15, 'zh'),
+  ('B', 'user', '指挥官', 16, 20, 'zh'),
+  ('A', 'user', '大师', 21, 25, 'zh'),
+  ('S', 'user', '至尊', 26, 30, 'zh'),
+  -- Agent ranks (zh) — xianxia cultivation realms
+  ('E', 'agent', '练器境', 1, 5, 'zh'),
+  ('D', 'agent', '筑基期', 6, 10, 'zh'),
+  ('C', 'agent', '金丹期', 11, 15, 'zh'),
+  ('B', 'agent', '元婴期', 16, 20, 'zh'),
+  ('A', 'agent', '大乘期', 21, 25, 'zh'),
+  ('S', 'agent', '人工大能', 26, 30, 'zh')
+ON CONFLICT DO NOTHING;

package/vitest.config.ts

@@ -0,0 +1,11 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    globals: true,
+    environment: "node",
+    include: ["src/**/*.test.ts"],
+    testTimeout: 15000,
+    pool: "threads",
+  },
+});