natureco-cli 5.18.3 → 5.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/package.json +1 -1
- package/skills/a-b-testing/SKILL.md +34 -0
- package/skills/accessibility-audit/SKILL.md +34 -0
- package/skills/agent-memory/SKILL.md +34 -0
- package/skills/agent-orchestration/SKILL.md +34 -0
- package/skills/airunway-aks-setup/SKILL.md +73 -0
- package/skills/algorithmic-art/SKILL.md +405 -0
- package/skills/analytics-setup/SKILL.md +34 -0
- package/skills/api-design/SKILL.md +34 -0
- package/skills/api-versioning/SKILL.md +34 -0
- package/skills/appinsights-instrumentation/SKILL.md +76 -0
- package/skills/audio-transcription/SKILL.md +34 -0
- package/skills/authentication-patterns/SKILL.md +34 -0
- package/skills/authorization-rbac/SKILL.md +34 -0
- package/skills/azure-ai/SKILL.md +71 -0
- package/skills/azure-aigateway/SKILL.md +129 -0
- package/skills/azure-cloud-migrate/SKILL.md +52 -0
- package/skills/azure-compliance/SKILL.md +108 -0
- package/skills/azure-compute/SKILL.md +46 -0
- package/skills/azure-cost/SKILL.md +45 -0
- package/skills/azure-deploy/SKILL.md +97 -0
- package/skills/azure-diagnostics/SKILL.md +151 -0
- package/skills/azure-enterprise-infra-planner/SKILL.md +54 -0
- package/skills/azure-hosted-copilot-sdk/SKILL.md +89 -0
- package/skills/azure-kubernetes/SKILL.md +153 -0
- package/skills/azure-kusto/SKILL.md +231 -0
- package/skills/azure-messaging/SKILL.md +57 -0
- package/skills/azure-prepare/SKILL.md +165 -0
- package/skills/azure-quotas/SKILL.md +276 -0
- package/skills/azure-rbac/SKILL.md +17 -0
- package/skills/azure-reliability/SKILL.md +387 -0
- package/skills/azure-resource-lookup/SKILL.md +108 -0
- package/skills/azure-resource-visualizer/SKILL.md +183 -0
- package/skills/azure-storage/SKILL.md +100 -0
- package/skills/azure-upgrade/SKILL.md +91 -0
- package/skills/azure-validate/SKILL.md +72 -0
- package/skills/backup-strategy/SKILL.md +34 -0
- package/skills/bash-scripting/SKILL.md +34 -0
- package/skills/batch-api-calls/SKILL.md +34 -0
- package/skills/batch-processing/SKILL.md +34 -0
- package/skills/brainstorming/SKILL.md +159 -0
- package/skills/brand-guidelines/SKILL.md +73 -0
- package/skills/brandkit/SKILL.md +798 -0
- package/skills/brutalist-skill/SKILL.md +92 -0
- package/skills/bulk-file-operations/SKILL.md +34 -0
- package/skills/cache-responses/SKILL.md +34 -0
- package/skills/caching-strategy/SKILL.md +34 -0
- package/skills/calendar-optimization/SKILL.md +34 -0
- package/skills/canvas-design/SKILL.md +130 -0
- package/skills/cavecrew/SKILL.md +82 -0
- package/skills/caveman-commit/SKILL.md +65 -0
- package/skills/caveman-help/SKILL.md +63 -0
- package/skills/caveman-review/SKILL.md +55 -0
- package/skills/caveman-stats/SKILL.md +10 -0
- package/skills/changelog-generation/SKILL.md +34 -0
- package/skills/chat-bot-design/SKILL.md +34 -0
- package/skills/chunking-strategy/SKILL.md +34 -0
- package/skills/ci-cd-pipeline/SKILL.md +34 -0
- package/skills/classification-pipeline/SKILL.md +34 -0
- package/skills/claude-api/SKILL.md +356 -0
- package/skills/clipboard-master/SKILL.md +34 -0
- package/skills/code-explanation/SKILL.md +34 -0
- package/skills/code-generation/SKILL.md +34 -0
- package/skills/code-migration/SKILL.md +34 -0
- package/skills/code-review-checklist/SKILL.md +34 -0
- package/skills/composition-patterns/SKILL.md +89 -0
- package/skills/contact-management/SKILL.md +34 -0
- package/skills/content-generation/SKILL.md +34 -0
- package/skills/context-pruning/SKILL.md +34 -0
- package/skills/context-window-management/SKILL.md +34 -0
- package/skills/continuous-improvement/SKILL.md +34 -0
- package/skills/cron-scheduling/SKILL.md +34 -0
- package/skills/cross-platform-compat/SKILL.md +34 -0
- package/skills/csv-processing/SKILL.md +34 -0
- package/skills/daily-journal/SKILL.md +34 -0
- package/skills/data-analysis/SKILL.md +34 -0
- package/skills/data-backup/SKILL.md +34 -0
- package/skills/data-cleaning/SKILL.md +34 -0
- package/skills/data-extraction/SKILL.md +34 -0
- package/skills/data-validation/SKILL.md +34 -0
- package/skills/database-migrations/SKILL.md +34 -0
- package/skills/database-schema-design/SKILL.md +34 -0
- package/skills/decision-mapping/SKILL.md +84 -0
- package/skills/decision-matrix/SKILL.md +34 -0
- package/skills/dependency-management/SKILL.md +34 -0
- package/skills/deploy-to-vercel/SKILL.md +296 -0
- package/skills/design-an-interface/SKILL.md +94 -0
- package/skills/design-doc-mermaid/SKILL.md +498 -0
- package/skills/dev-environment-setup/SKILL.md +34 -0
- package/skills/develop-userscripts/SKILL.md +84 -0
- package/skills/distraction-blocker/SKILL.md +34 -0
- package/skills/doc-coauthoring/SKILL.md +375 -0
- package/skills/docker-optimization/SKILL.md +34 -0
- package/skills/document-template/SKILL.md +34 -0
- package/skills/documentation/SKILL.md +109 -0
- package/skills/documentation-gen/SKILL.md +34 -0
- package/skills/docx/SKILL.md +590 -0
- package/skills/edit-article/SKILL.md +15 -0
- package/skills/efficient-formatting/SKILL.md +34 -0
- package/skills/email-management/SKILL.md +34 -0
- package/skills/email-service/SKILL.md +34 -0
- package/skills/embedding-generation/SKILL.md +34 -0
- package/skills/entity-extraction/SKILL.md +34 -0
- package/skills/entra-agent-id/SKILL.md +356 -0
- package/skills/entra-app-registration/SKILL.md +191 -0
- package/skills/environment-config/SKILL.md +34 -0
- package/skills/error-handling/SKILL.md +34 -0
- package/skills/estimation-techniques/SKILL.md +34 -0
- package/skills/event-driven-architecture/SKILL.md +34 -0
- package/skills/excel-automation/SKILL.md +34 -0
- package/skills/execution-monitoring/SKILL.md +34 -0
- package/skills/expense-tracking/SKILL.md +34 -0
- package/skills/faceless-explainer/SKILL.md +202 -0
- package/skills/fastify/SKILL.md +75 -0
- package/skills/feature-engineering/SKILL.md +34 -0
- package/skills/feature-flags/SKILL.md +34 -0
- package/skills/file-conversion/SKILL.md +34 -0
- package/skills/file-upload-handling/SKILL.md +34 -0
- package/skills/fine-tuning-prep/SKILL.md +34 -0
- package/skills/focus-mode/SKILL.md +34 -0
- package/skills/form-validation/SKILL.md +34 -0
- package/skills/function-calling/SKILL.md +34 -0
- package/skills/general-video/SKILL.md +143 -0
- package/skills/git-guardrails-claude-code/SKILL.md +95 -0
- package/skills/git-workflow/SKILL.md +34 -0
- package/skills/github-actions-docs/SKILL.md +98 -0
- package/skills/goal-setting/SKILL.md +34 -0
- package/skills/gpt-tasteskill/SKILL.md +74 -0
- package/skills/graphql-design/SKILL.md +34 -0
- package/skills/grill-me/SKILL.md +7 -0
- package/skills/grilling/SKILL.md +10 -0
- package/skills/habit-tracker/SKILL.md +34 -0
- package/skills/hallucination-detection/SKILL.md +34 -0
- package/skills/handoff/SKILL.md +16 -0
- package/skills/hyperframes/SKILL.md +152 -0
- package/skills/hyperframes-animation/SKILL.md +82 -0
- package/skills/hyperframes-cli/SKILL.md +109 -0
- package/skills/hyperframes-core/SKILL.md +78 -0
- package/skills/hyperframes-creative/SKILL.md +68 -0
- package/skills/hyperframes-media/SKILL.md +97 -0
- package/skills/image-processing/SKILL.md +34 -0
- package/skills/image-to-code-skill/SKILL.md +1228 -0
- package/skills/imagegen-frontend-mobile/SKILL.md +1465 -0
- package/skills/imagegen-frontend-web/SKILL.md +987 -0
- package/skills/implement/SKILL.md +15 -0
- package/skills/init/SKILL.md +91 -0
- package/skills/internal-comms/SKILL.md +32 -0
- package/skills/json-transformation/SKILL.md +34 -0
- package/skills/keyboard-shortcuts/SKILL.md +34 -0
- package/skills/knowledge-base/SKILL.md +34 -0
- package/skills/knowledge-graph/SKILL.md +34 -0
- package/skills/kubernetes-deployment/SKILL.md +34 -0
- package/skills/language-translation/SKILL.md +34 -0
- package/skills/lark-approval/SKILL.md +56 -0
- package/skills/lark-base/SKILL.md +157 -0
- package/skills/lark-doc/SKILL.md +81 -0
- package/skills/lark-shared/SKILL.md +168 -0
- package/skills/lark-workflow-meeting-summary/SKILL.md +122 -0
- package/skills/linting-neostandard-eslint9/SKILL.md +64 -0
- package/skills/llm-chaining/SKILL.md +34 -0
- package/skills/localization-i18n/SKILL.md +34 -0
- package/skills/logging-best-practices/SKILL.md +34 -0
- package/skills/loop-me/SKILL.md +32 -0
- package/skills/machine-learning-pipeline/SKILL.md +34 -0
- package/skills/meeting-notes/SKILL.md +34 -0
- package/skills/meeting-scheduler/SKILL.md +34 -0
- package/skills/message-queues/SKILL.md +34 -0
- package/skills/message-summarization/SKILL.md +34 -0
- package/skills/microservices-architecture/SKILL.md +34 -0
- package/skills/microsoft-foundry/SKILL.md +262 -0
- package/skills/migrate-to-shoehorn/SKILL.md +118 -0
- package/skills/milestone-tracking/SKILL.md +34 -0
- package/skills/minimalist-skill/SKILL.md +85 -0
- package/skills/model-deployment/SKILL.md +34 -0
- package/skills/model-evaluation/SKILL.md +34 -0
- package/skills/monitoring-setup/SKILL.md +34 -0
- package/skills/monorepo-setup/SKILL.md +34 -0
- package/skills/motion-graphics/SKILL.md +170 -0
- package/skills/multi-agent-systems/SKILL.md +34 -0
- package/skills/music-to-video/SKILL.md +197 -0
- package/skills/network-troubleshooting/SKILL.md +34 -0
- package/skills/node/SKILL.md +94 -0
- package/skills/nodejs-core/SKILL.md +156 -0
- package/skills/note-organization/SKILL.md +34 -0
- package/skills/oauth/SKILL.md +186 -0
- package/skills/obsidian-vault/SKILL.md +59 -0
- package/skills/octocat/SKILL.md +93 -0
- package/skills/openclaw-secure-linux-cloud/SKILL.md +157 -0
- package/skills/opensource-guide-coach/SKILL.md +218 -0
- package/skills/output-skill/SKILL.md +49 -0
- package/skills/package-publishing/SKILL.md +34 -0
- package/skills/password-generator/SKILL.md +34 -0
- package/skills/pdf/SKILL.md +314 -0
- package/skills/pdf-processing/SKILL.md +34 -0
- package/skills/performance-optimization/SKILL.md +34 -0
- package/skills/pomodoro-timer/SKILL.md +34 -0
- package/skills/powershell-automation/SKILL.md +34 -0
- package/skills/pptx/SKILL.md +232 -0
- package/skills/pr-to-video/SKILL.md +235 -0
- package/skills/priority-filtering/SKILL.md +34 -0
- package/skills/product-launch-video/SKILL.md +205 -0
- package/skills/project-tracking/SKILL.md +34 -0
- package/skills/prompt-compression/SKILL.md +34 -0
- package/skills/prompt-engineering/SKILL.md +34 -0
- package/skills/push-notifications/SKILL.md +34 -0
- package/skills/python-appservice-deploy/SKILL.md +36 -0
- package/skills/qa/SKILL.md +130 -0
- package/skills/rag-implementation/SKILL.md +34 -0
- package/skills/rate-limiting/SKILL.md +34 -0
- package/skills/react-best-practices/SKILL.md +149 -0
- package/skills/react-native-skills/SKILL.md +121 -0
- package/skills/react-view-transitions/SKILL.md +320 -0
- package/skills/readme-i18n/SKILL.md +176 -0
- package/skills/real-time-communication/SKILL.md +34 -0
- package/skills/redesign-skill/SKILL.md +178 -0
- package/skills/refactoring-strategy/SKILL.md +34 -0
- package/skills/regex-mastery/SKILL.md +34 -0
- package/skills/remotion/SKILL.md +364 -0
- package/skills/report-generation/SKILL.md +34 -0
- package/skills/request-refactor-plan/SKILL.md +68 -0
- package/skills/research-compiler/SKILL.md +34 -0
- package/skills/resolving-merge-conflicts/SKILL.md +14 -0
- package/skills/responsive-design/SKILL.md +34 -0
- package/skills/rest-api-patterns/SKILL.md +34 -0
- package/skills/retrospectives/SKILL.md +34 -0
- package/skills/risk-assessment/SKILL.md +34 -0
- package/skills/roadmap-creation/SKILL.md +34 -0
- package/skills/running-claude-code-via-litellm-copilot/SKILL.md +263 -0
- package/skills/scaffold-exercises/SKILL.md +106 -0
- package/skills/search-implementation/SKILL.md +34 -0
- package/skills/secrets-management/SKILL.md +34 -0
- package/skills/secure-linux-web-hosting/SKILL.md +162 -0
- package/skills/security-audit/SKILL.md +34 -0
- package/skills/selective-memory/SKILL.md +34 -0
- package/skills/semantic-search/SKILL.md +34 -0
- package/skills/semantic-versioning/SKILL.md +34 -0
- package/skills/sentiment-analysis/SKILL.md +34 -0
- package/skills/seo-optimization/SKILL.md +34 -0
- package/skills/setup-pre-commit/SKILL.md +91 -0
- package/skills/shadcn/SKILL.md +267 -0
- package/skills/simple/SKILL.md +52 -0
- package/skills/skill-creator/SKILL.md +485 -0
- package/skills/skill-optimizer/SKILL.md +47 -0
- package/skills/skills-cli/SKILL.md +281 -0
- package/skills/slack-gif-creator/SKILL.md +254 -0
- package/skills/snipgrapher/SKILL.md +58 -0
- package/skills/snippet-manager/SKILL.md +34 -0
- package/skills/soft-skill/SKILL.md +98 -0
- package/skills/sprint-planning/SKILL.md +34 -0
- package/skills/sql-query-optimization/SKILL.md +34 -0
- package/skills/stakeholder-communication/SKILL.md +34 -0
- package/skills/state-management/SKILL.md +34 -0
- package/skills/statistical-analysis/SKILL.md +34 -0
- package/skills/stitch-skill/SKILL.md +184 -0
- package/skills/streaming-responses/SKILL.md +34 -0
- package/skills/structured-output/SKILL.md +34 -0
- package/skills/summarization-techniques/SKILL.md +34 -0
- package/skills/supabase/SKILL.md +135 -0
- package/skills/supabase-postgres-best-practices/SKILL.md +64 -0
- package/skills/system-diagnostics/SKILL.md +34 -0
- package/skills/systematic-debugging/SKILL.md +296 -0
- package/skills/talking-head-recut/SKILL.md +1191 -0
- package/skills/task-decomposition/SKILL.md +34 -0
- package/skills/task-prioritization/SKILL.md +34 -0
- package/skills/taste-skill/SKILL.md +1206 -0
- package/skills/taste-skill-v1/SKILL.md +226 -0
- package/skills/tdd/SKILL.md +108 -0
- package/skills/teach/SKILL.md +140 -0
- package/skills/template-library/SKILL.md +34 -0
- package/skills/test-driven-development/SKILL.md +371 -0
- package/skills/test-generation/SKILL.md +34 -0
- package/skills/testing-strategy/SKILL.md +34 -0
- package/skills/text-expansion/SKILL.md +34 -0
- package/skills/theme-factory/SKILL.md +59 -0
- package/skills/time-blocking/SKILL.md +34 -0
- package/skills/to-prd/SKILL.md +75 -0
- package/skills/token-budgeting/SKILL.md +34 -0
- package/skills/token-optimization/SKILL.md +34 -0
- package/skills/tool-calling-patterns/SKILL.md +34 -0
- package/skills/typescript-magician/SKILL.md +117 -0
- package/skills/tzst/SKILL.md +68 -0
- package/skills/ubiquitous-language/SKILL.md +93 -0
- package/skills/use-my-browser/SKILL.md +110 -0
- package/skills/using-superpowers/SKILL.md +121 -0
- package/skills/vector-database-setup/SKILL.md +34 -0
- package/skills/vercel-cli-with-tokens/SKILL.md +353 -0
- package/skills/vercel-optimize/SKILL.md +322 -0
- package/skills/video-editing/SKILL.md +34 -0
- package/skills/viral-instagram-reels/SKILL.md +180 -0
- package/skills/viral-short-form/SKILL.md +147 -0
- package/skills/viral-short-form-ideas/SKILL.md +184 -0
- package/skills/viral-tiktok-content/SKILL.md +180 -0
- package/skills/visualization-creation/SKILL.md +34 -0
- package/skills/web-artifacts-builder/SKILL.md +74 -0
- package/skills/web-design-guidelines/SKILL.md +39 -0
- package/skills/web-scraping/SKILL.md +34 -0
- package/skills/webapp-testing/SKILL.md +96 -0
- package/skills/webhook-handling/SKILL.md +34 -0
- package/skills/website-to-video/SKILL.md +145 -0
- package/skills/weekly-review/SKILL.md +34 -0
- package/skills/workflow-automation/SKILL.md +34 -0
- package/skills/writing-beats/SKILL.md +67 -0
- package/skills/writing-fragments/SKILL.md +79 -0
- package/skills/writing-great-skills/SKILL.md +82 -0
- package/skills/writing-guidelines/SKILL.md +39 -0
- package/skills/writing-plans/SKILL.md +174 -0
- package/skills/writing-shape/SKILL.md +79 -0
- package/skills/xdrop/SKILL.md +78 -0
- package/skills/xget/SKILL.md +87 -0
- package/skills/xlsx/SKILL.md +292 -0
- package/src/commands/code_v5.js +377 -73
- package/src/commands/repl.js +505 -86
- package/src/providers/model/anthropic.js +84 -0
- package/src/providers/model/gemini.js +49 -0
- package/src/providers/model/minimax.js +48 -0
- package/src/providers/model/ollama.js +42 -0
- package/src/providers/model/openai.js +49 -0
- package/src/providers/search/duckduckgo.js +45 -0
- package/src/providers/search/exa.js +52 -0
- package/src/providers/search/searxng.js +51 -0
- package/src/providers/search/tavily.js +47 -0
- package/src/tools/model_provider.js +71 -0
- package/src/tools/parallel_search.js +40 -49
- package/src/tools/search_provider.js +79 -0
- package/src/tools/skills_download.js +217 -0
- package/src/tools/web_search.js +42 -62
- package/src/tools/workflow.js +21 -9
- package/src/utils/cron.js +82 -126
- package/src/utils/effort-levels.js +42 -0
- package/src/utils/fallback-chain.js +72 -0
- package/src/utils/file-history.js +78 -0
- package/src/utils/model-provider.js +113 -0
- package/src/utils/permissions.js +147 -0
- package/src/utils/plan-mode.js +164 -0
- package/src/utils/provider-detect.js +7 -32
- package/src/utils/sandbox.js +60 -0
- package/src/utils/search-provider.js +62 -0
- package/src/utils/session-search.js +66 -0
- package/src/utils/structured-output.js +20 -0
- package/src/utils/system-prompt.js +28 -2
- package/src/utils/tasks.js +132 -0
- package/src/utils/tool-hooks.js +154 -0
- package/src/utils/tools.js +18 -2
- package/src/utils/ultra-review.js +59 -0
- package/src/utils/worktree.js +192 -0
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: supabase
|
|
3
|
+
description: "Use when doing ANY task involving Supabase. Triggers: Supabase products (Database, Auth, Edge Functions, Realtime, Storage, Vectors, Cron, Queues); client libraries and SSR integrations (supabase-js, @supabase/ssr) in Next.js, React, SvelteKit, Astro, Remix; auth issues (login, logout, sessions, JWT, cookies, getSession, getUser, getClaims, RLS); Supabase CLI or MCP server; schema changes, migrations, security audits, Postgres extensions (pg_graphql, pg_cron, pg_vector)."
|
|
4
|
+
metadata:
|
|
5
|
+
author: supabase
|
|
6
|
+
version: "0.1.2"
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Supabase
|
|
10
|
+
|
|
11
|
+
## Core Principles
|
|
12
|
+
|
|
13
|
+
**1. Supabase changes frequently — verify against changelog and current docs before implementing.**
|
|
14
|
+
Do not rely on training data for Supabase features. Function signatures, config.toml settings, and API conventions change between versions.
|
|
15
|
+
|
|
16
|
+
First, fetch `https://supabase.com/changelog.md` (a lightweight summary index — not a heavy pull), scan for `breaking-change` tags relevant to your task, and follow the linked page for any that apply. Then look up the relevant topic using the documentation access methods below.
|
|
17
|
+
|
|
18
|
+
**2. Verify your work.**
|
|
19
|
+
After implementing any fix, run a test query to confirm the change works. A fix without verification is incomplete.
|
|
20
|
+
|
|
21
|
+
**3. Recover from errors, don't loop.**
|
|
22
|
+
If an approach fails after 2-3 attempts, stop and reconsider. Try a different method, check documentation, inspect the error more carefully, and review relevant logs when available. Supabase issues are not always solved by retrying the same command, and the answer is not always in the logs, but logs are often worth checking before proceeding.
|
|
23
|
+
|
|
24
|
+
**4. Exposing tables to the Data API:** Depending on the user's [Data API settings](https://supabase.com/dashboard/project/<ref>/integrations/data_api/settings), newly created tables may not be automatically exposed via the Data (REST) API. If this is the case, `anon` and `authenticated` roles will need to be explicitly granted access.
|
|
25
|
+
|
|
26
|
+
> Note that this is separate from RLS, which controls which _rows_ are visible once a table is accessible, not whether the table is accessible at all.
|
|
27
|
+
|
|
28
|
+
When a user reports a SQL-created table is unexpectedly inaccessible, check their Data API settings and whether the roles have been granted access via explicit `GRANT` SQL. When granting public (`anon`/`authenticated`) access, always enable RLS too. See [Exposing a Table to the Data API](https://supabase.com/docs/guides/api/securing-your-api.md) for the full setup workflow.
|
|
29
|
+
|
|
30
|
+
**5. RLS in exposed schemas.**
|
|
31
|
+
Enable RLS on every table in any exposed schema, which includes `public` by default. This is critical in Supabase because tables in exposed schemas can be reachable through the Data API when the `anon`/`authenticated` roles have access (see [Exposing a Table to the Data API](https://supabase.com/docs/guides/api/securing-your-api.md)). For private schemas, prefer RLS as defense in depth. After enabling RLS, create policies that match the actual access model rather than defaulting every table to the same `auth.uid()` pattern.
|
|
32
|
+
|
|
33
|
+
**6. Security checklist.**
|
|
34
|
+
When working on any Supabase task that touches auth, RLS, views, storage, or user data, run through this checklist. These are Supabase-specific security traps that silently create vulnerabilities:
|
|
35
|
+
|
|
36
|
+
- **Auth and session security**
|
|
37
|
+
- **Never use `user_metadata` claims in JWT-based authorization decisions.** In Supabase, `raw_user_meta_data` is user-editable and can appear in `auth.jwt()`, so it is unsafe for RLS policies or any other authorization logic. Store authorization data in `raw_app_meta_data` / `app_metadata` instead.
|
|
38
|
+
- **Deleting a user does not invalidate existing access tokens.** Sign out or revoke sessions first, keep JWT expiry short for sensitive apps, and for strict guarantees validate `session_id` against `auth.sessions` on sensitive operations.
|
|
39
|
+
- **If you use `app_metadata` or `auth.jwt()` for authorization, remember JWT claims are not always fresh until the user's token is refreshed.**
|
|
40
|
+
|
|
41
|
+
- **API key and client exposure**
|
|
42
|
+
- **Never expose the `service_role` or secret key in public clients.** Prefer publishable keys for frontend code. Legacy `anon` keys are only for compatibility. In Next.js, any `NEXT_PUBLIC_` env var is sent to the browser.
|
|
43
|
+
|
|
44
|
+
- **RLS, views, and privileged database code**
|
|
45
|
+
- **Views bypass RLS by default.** In Postgres 15 and above, use `CREATE VIEW ... WITH (security_invoker = true)`. In older versions of Postgres, protect your views by revoking access from the `anon` and `authenticated` roles, or by putting them in an unexposed schema.
|
|
46
|
+
- **UPDATE requires a SELECT policy.** In Postgres RLS, an UPDATE needs to first SELECT the row. Without a SELECT policy, updates silently return 0 rows — no error, just no change.
|
|
47
|
+
- **`auth.role()` is deprecated — use the `TO` clause instead.** Supabase has deprecated `auth.role()` in favour of specifying the target role directly on the policy with `TO authenticated` or `TO anon`. Beyond deprecation, `auth.role() = 'authenticated'` breaks silently when anonymous sign-ins are enabled, because anonymous users carry the `authenticated` Postgres role and pass the check regardless of whether the user is genuinely signed in.
|
|
48
|
+
```sql
|
|
49
|
+
-- Deprecated (do not use)
|
|
50
|
+
create policy "example" on table_name for select
|
|
51
|
+
using ( auth.role() = 'authenticated' );
|
|
52
|
+
```
|
|
53
|
+
- **`TO authenticated` alone is authentication without authorization (BOLA / IDOR).** Using `TO authenticated` only checks the role — it does not restrict which rows a user can access. The correct pattern combines `TO authenticated` with an ownership predicate in `USING`:
|
|
54
|
+
```sql
|
|
55
|
+
create policy "example" on table_name for select
|
|
56
|
+
to authenticated
|
|
57
|
+
using ( (select auth.uid()) = user_id );
|
|
58
|
+
```
|
|
59
|
+
- **UPDATE policies require both `USING` and `WITH CHECK`.** Without `WITH CHECK`, a user can reassign a row's `user_id` to another user:
|
|
60
|
+
```sql
|
|
61
|
+
create policy "example" on table_name for update
|
|
62
|
+
to authenticated
|
|
63
|
+
using ( (select auth.uid()) = user_id )
|
|
64
|
+
with check ( (select auth.uid()) = user_id );
|
|
65
|
+
```
|
|
66
|
+
- **`SECURITY DEFINER` functions bypass RLS.** A `SECURITY DEFINER` function runs with its creator's privileges — typically a role with `bypassrls` (e.g., `postgres`). Never add `SECURITY DEFINER` to resolve a permission error; it silently removes access control without fixing the underlying cause. Prefer `SECURITY INVOKER`.
|
|
67
|
+
- **`SECURITY DEFINER` functions in `public` are callable by all roles.** Postgres grants `EXECUTE` to `PUBLIC` by default for every new function, so any `SECURITY DEFINER` function in `public` is a public API endpoint callable by `anon` and `authenticated` (which inherit from `PUBLIC`) without any additional grant. When `SECURITY DEFINER` is genuinely needed (e.g., bypassing RLS on an internal lookup table), keep the function in a non-exposed schema, always include an `auth.uid()` check in the function body, and run `supabase db advisors` after making changes.
|
|
68
|
+
|
|
69
|
+
- **Storage access control**
|
|
70
|
+
- **Storage upsert requires INSERT + SELECT + UPDATE.** Granting only INSERT allows new uploads but file replacement (upsert) silently fails. You need all three.
|
|
71
|
+
|
|
72
|
+
- **Dependency and supply-chain security**
|
|
73
|
+
- **Always pin package versions and commit lockfiles** when installing Supabase packages (`supabase-js`, `@supabase/ssr`, `supabase-py`, etc.). See the [npm security guide](https://supabase.com/docs/guides/security/npm-security.md) for the full checklist.
|
|
74
|
+
|
|
75
|
+
For any security concern not covered above, fetch the Supabase product security index: `https://supabase.com/docs/guides/security/product-security.md`
|
|
76
|
+
|
|
77
|
+
## Supabase CLI
|
|
78
|
+
|
|
79
|
+
Always discover commands via `--help` — never guess. The CLI structure changes between versions.
|
|
80
|
+
|
|
81
|
+
```bash
|
|
82
|
+
supabase --help # All top-level commands
|
|
83
|
+
supabase <group> --help # Subcommands (e.g., supabase db --help)
|
|
84
|
+
supabase <group> <command> --help # Flags for a specific command
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
**Supabase CLI Known gotchas:**
|
|
88
|
+
|
|
89
|
+
- `supabase db query` requires **CLI v2.79.0+** → use MCP `execute_sql` or `psql` as fallback
|
|
90
|
+
- `supabase db advisors` requires **CLI v2.81.3+** → use MCP `get_advisors` as fallback
|
|
91
|
+
- When you need a new migration SQL file, **always** create it with `supabase migration new <name>` first. Never invent a migration filename or rely on memory for the expected format.
|
|
92
|
+
|
|
93
|
+
**Version check and upgrade:** Run `supabase --version` to check. For CLI changelogs and version-specific features, consult the [CLI documentation](https://supabase.com/docs/reference/cli/introduction) or [GitHub releases](https://github.com/supabase/cli/releases).
|
|
94
|
+
|
|
95
|
+
## Supabase MCP Server
|
|
96
|
+
|
|
97
|
+
For setup instructions, server URL, and configuration, see the [MCP setup guide](https://supabase.com/docs/guides/getting-started/mcp).
|
|
98
|
+
|
|
99
|
+
**Troubleshooting connection issues** — follow these steps in order:
|
|
100
|
+
|
|
101
|
+
1. **Check if the server is reachable:**
|
|
102
|
+
`curl -so /dev/null -w "%{http_code}" https://mcp.supabase.com/mcp`
|
|
103
|
+
A `401` is expected (no token) and means the server is up. Timeout or "connection refused" means it may be down.
|
|
104
|
+
|
|
105
|
+
2. **Check `.mcp.json` configuration:**
|
|
106
|
+
Verify the project root has a valid `.mcp.json` with the correct server URL. If missing, create one pointing to `https://mcp.supabase.com/mcp`.
|
|
107
|
+
|
|
108
|
+
3. **Authenticate the MCP server:**
|
|
109
|
+
If the server is reachable and `.mcp.json` is correct but tools aren't visible, the user needs to authenticate. The Supabase MCP server uses OAuth 2.1 — tell the user to trigger the auth flow in their agent, complete it in the browser, and reload the session.
|
|
110
|
+
|
|
111
|
+
## Supabase Documentation
|
|
112
|
+
|
|
113
|
+
Before implementing any Supabase feature, find the relevant documentation. Use these methods in priority order:
|
|
114
|
+
|
|
115
|
+
1. **MCP `search_docs` tool** (preferred — returns relevant snippets directly)
|
|
116
|
+
2. **Fetch docs pages as markdown** — any docs page can be fetched by appending `.md` to the URL path.
|
|
117
|
+
3. **Web search** for Supabase-specific topics when you don't know which page to look at.
|
|
118
|
+
|
|
119
|
+
## Making and Committing Schema Changes
|
|
120
|
+
|
|
121
|
+
**To make schema changes, use `execute_sql` (MCP) or `supabase db query` (CLI).** These run SQL directly on the database without creating migration history entries, so you can iterate freely and generate a clean migration when ready.
|
|
122
|
+
|
|
123
|
+
Do NOT use `apply_migration` to change a local database schema — it writes a migration history entry on every call, which means you can't iterate, and `supabase db diff` / `supabase db pull` will produce empty or conflicting diffs. If you use it, you'll be stuck with whatever SQL you passed on the first try.
|
|
124
|
+
|
|
125
|
+
**When ready to commit** your changes to a migration file:
|
|
126
|
+
|
|
127
|
+
1. **Run advisors** → `supabase db advisors` (CLI v2.81.3+) or MCP `get_advisors`. Fix any issues.
|
|
128
|
+
2. **Review the Security Checklist above** if your changes involve views, functions, triggers, or storage.
|
|
129
|
+
3. **Generate the migration** → `supabase db pull <descriptive-name> --local --yes`
|
|
130
|
+
4. **Verify** → `supabase migration list --local`
|
|
131
|
+
|
|
132
|
+
## Reference Guides
|
|
133
|
+
|
|
134
|
+
- **Skill Feedback** → [references/skill-feedback.md](references/skill-feedback.md)
|
|
135
|
+
**MUST read when** the user reports that this skill gave incorrect guidance or is missing information.
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: supabase-postgres-best-practices
|
|
3
|
+
description: Postgres performance optimization and best practices from Supabase. Use this skill when writing, reviewing, or optimizing Postgres queries, schema designs, or database configurations.
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: supabase
|
|
7
|
+
version: "1.1.1"
|
|
8
|
+
organization: Supabase
|
|
9
|
+
date: January 2026
|
|
10
|
+
abstract: Comprehensive Postgres performance optimization guide for developers using Supabase and Postgres. Contains performance rules across 8 categories, prioritized by impact from critical (query performance, connection management) to incremental (advanced features). Each rule includes detailed explanations, incorrect vs. correct SQL examples, query plan analysis, and specific performance metrics to guide automated optimization and code generation.
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# Supabase Postgres Best Practices
|
|
14
|
+
|
|
15
|
+
Comprehensive performance optimization guide for Postgres, maintained by Supabase. Contains rules across 8 categories, prioritized by impact to guide automated query optimization and schema design.
|
|
16
|
+
|
|
17
|
+
## When to Apply
|
|
18
|
+
|
|
19
|
+
Reference these guidelines when:
|
|
20
|
+
- Writing SQL queries or designing schemas
|
|
21
|
+
- Implementing indexes or query optimization
|
|
22
|
+
- Reviewing database performance issues
|
|
23
|
+
- Configuring connection pooling or scaling
|
|
24
|
+
- Optimizing for Postgres-specific features
|
|
25
|
+
- Working with Row-Level Security (RLS)
|
|
26
|
+
|
|
27
|
+
## Rule Categories by Priority
|
|
28
|
+
|
|
29
|
+
| Priority | Category | Impact | Prefix |
|
|
30
|
+
|----------|----------|--------|--------|
|
|
31
|
+
| 1 | Query Performance | CRITICAL | `query-` |
|
|
32
|
+
| 2 | Connection Management | CRITICAL | `conn-` |
|
|
33
|
+
| 3 | Security & RLS | CRITICAL | `security-` |
|
|
34
|
+
| 4 | Schema Design | HIGH | `schema-` |
|
|
35
|
+
| 5 | Concurrency & Locking | MEDIUM-HIGH | `lock-` |
|
|
36
|
+
| 6 | Data Access Patterns | MEDIUM | `data-` |
|
|
37
|
+
| 7 | Monitoring & Diagnostics | LOW-MEDIUM | `monitor-` |
|
|
38
|
+
| 8 | Advanced Features | LOW | `advanced-` |
|
|
39
|
+
|
|
40
|
+
## How to Use
|
|
41
|
+
|
|
42
|
+
Read individual rule files for detailed explanations and SQL examples:
|
|
43
|
+
|
|
44
|
+
```
|
|
45
|
+
references/query-missing-indexes.md
|
|
46
|
+
references/query-partial-indexes.md
|
|
47
|
+
references/_sections.md
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
Each rule file contains:
|
|
51
|
+
- Brief explanation of why it matters
|
|
52
|
+
- Incorrect SQL example with explanation
|
|
53
|
+
- Correct SQL example with explanation
|
|
54
|
+
- Optional EXPLAIN output or metrics
|
|
55
|
+
- Additional context and references
|
|
56
|
+
- Supabase-specific notes (when applicable)
|
|
57
|
+
|
|
58
|
+
## References
|
|
59
|
+
|
|
60
|
+
- https://www.postgresql.org/docs/current/
|
|
61
|
+
- https://supabase.com/docs
|
|
62
|
+
- https://wiki.postgresql.org/wiki/Performance_Optimization
|
|
63
|
+
- https://supabase.com/docs/guides/database/overview
|
|
64
|
+
- https://supabase.com/docs/guides/auth/row-level-security
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: system-diagnostics
|
|
3
|
+
description: Diagnose system issues with logs, metrics, traces, and performance profiling
|
|
4
|
+
category: Intelligence & General
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# System Diagnostics
|
|
8
|
+
|
|
9
|
+
## Overview
|
|
10
|
+
Diagnose system issues with logs, metrics, traces, and performance profiling. This skill helps you apply structured, repeatable methods for consistent results.
|
|
11
|
+
|
|
12
|
+
## When to Use
|
|
13
|
+
- When you need to apply system diagnostics best practices
|
|
14
|
+
- When establishing processes or standards for your workflow
|
|
15
|
+
- When training team members on system diagnostics
|
|
16
|
+
- When automating or optimizing system diagnostics tasks
|
|
17
|
+
|
|
18
|
+
## Instructions
|
|
19
|
+
1. **Assess**: Evaluate the current state, requirements, and constraints
|
|
20
|
+
2. **Plan**: Define the approach, steps, and success criteria
|
|
21
|
+
3. **Execute**: Follow the established patterns and best practices
|
|
22
|
+
4. **Verify**: Check results against expected outcomes and quality standards
|
|
23
|
+
5. **Iterate**: Refine based on feedback and lessons learned
|
|
24
|
+
|
|
25
|
+
## Examples
|
|
26
|
+
```
|
|
27
|
+
User: Help me apply system diagnostics for my current project
|
|
28
|
+
Assistant: I'll help you apply system diagnostics step by step...
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
## Related Skills
|
|
32
|
+
- Use with `workflow` tool for orchestrated execution
|
|
33
|
+
- Combine with `task` tool for delegated processing
|
|
34
|
+
- Reference `system-prompt` for system-level integration
|
|
@@ -0,0 +1,296 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: systematic-debugging
|
|
3
|
+
description: Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Systematic Debugging
|
|
7
|
+
|
|
8
|
+
## Overview
|
|
9
|
+
|
|
10
|
+
Random fixes waste time and create new bugs. Quick patches mask underlying issues.
|
|
11
|
+
|
|
12
|
+
**Core principle:** ALWAYS find root cause before attempting fixes. Symptom fixes are failure.
|
|
13
|
+
|
|
14
|
+
**Violating the letter of this process is violating the spirit of debugging.**
|
|
15
|
+
|
|
16
|
+
## The Iron Law
|
|
17
|
+
|
|
18
|
+
```
|
|
19
|
+
NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
If you haven't completed Phase 1, you cannot propose fixes.
|
|
23
|
+
|
|
24
|
+
## When to Use
|
|
25
|
+
|
|
26
|
+
Use for ANY technical issue:
|
|
27
|
+
- Test failures
|
|
28
|
+
- Bugs in production
|
|
29
|
+
- Unexpected behavior
|
|
30
|
+
- Performance problems
|
|
31
|
+
- Build failures
|
|
32
|
+
- Integration issues
|
|
33
|
+
|
|
34
|
+
**Use this ESPECIALLY when:**
|
|
35
|
+
- Under time pressure (emergencies make guessing tempting)
|
|
36
|
+
- "Just one quick fix" seems obvious
|
|
37
|
+
- You've already tried multiple fixes
|
|
38
|
+
- Previous fix didn't work
|
|
39
|
+
- You don't fully understand the issue
|
|
40
|
+
|
|
41
|
+
**Don't skip when:**
|
|
42
|
+
- Issue seems simple (simple bugs have root causes too)
|
|
43
|
+
- You're in a hurry (rushing guarantees rework)
|
|
44
|
+
- Manager wants it fixed NOW (systematic is faster than thrashing)
|
|
45
|
+
|
|
46
|
+
## The Four Phases
|
|
47
|
+
|
|
48
|
+
You MUST complete each phase before proceeding to the next.
|
|
49
|
+
|
|
50
|
+
### Phase 1: Root Cause Investigation
|
|
51
|
+
|
|
52
|
+
**BEFORE attempting ANY fix:**
|
|
53
|
+
|
|
54
|
+
1. **Read Error Messages Carefully**
|
|
55
|
+
- Don't skip past errors or warnings
|
|
56
|
+
- They often contain the exact solution
|
|
57
|
+
- Read stack traces completely
|
|
58
|
+
- Note line numbers, file paths, error codes
|
|
59
|
+
|
|
60
|
+
2. **Reproduce Consistently**
|
|
61
|
+
- Can you trigger it reliably?
|
|
62
|
+
- What are the exact steps?
|
|
63
|
+
- Does it happen every time?
|
|
64
|
+
- If not reproducible → gather more data, don't guess
|
|
65
|
+
|
|
66
|
+
3. **Check Recent Changes**
|
|
67
|
+
- What changed that could cause this?
|
|
68
|
+
- Git diff, recent commits
|
|
69
|
+
- New dependencies, config changes
|
|
70
|
+
- Environmental differences
|
|
71
|
+
|
|
72
|
+
4. **Gather Evidence in Multi-Component Systems**
|
|
73
|
+
|
|
74
|
+
**WHEN system has multiple components (CI → build → signing, API → service → database):**
|
|
75
|
+
|
|
76
|
+
**BEFORE proposing fixes, add diagnostic instrumentation:**
|
|
77
|
+
```
|
|
78
|
+
For EACH component boundary:
|
|
79
|
+
- Log what data enters component
|
|
80
|
+
- Log what data exits component
|
|
81
|
+
- Verify environment/config propagation
|
|
82
|
+
- Check state at each layer
|
|
83
|
+
|
|
84
|
+
Run once to gather evidence showing WHERE it breaks
|
|
85
|
+
THEN analyze evidence to identify failing component
|
|
86
|
+
THEN investigate that specific component
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
**Example (multi-layer system):**
|
|
90
|
+
```bash
|
|
91
|
+
# Layer 1: Workflow
|
|
92
|
+
echo "=== Secrets available in workflow: ==="
|
|
93
|
+
echo "IDENTITY: ${IDENTITY:+SET}${IDENTITY:-UNSET}"
|
|
94
|
+
|
|
95
|
+
# Layer 2: Build script
|
|
96
|
+
echo "=== Env vars in build script: ==="
|
|
97
|
+
env | grep IDENTITY || echo "IDENTITY not in environment"
|
|
98
|
+
|
|
99
|
+
# Layer 3: Signing script
|
|
100
|
+
echo "=== Keychain state: ==="
|
|
101
|
+
security list-keychains
|
|
102
|
+
security find-identity -v
|
|
103
|
+
|
|
104
|
+
# Layer 4: Actual signing
|
|
105
|
+
codesign --sign "$IDENTITY" --verbose=4 "$APP"
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
**This reveals:** Which layer fails (secrets → workflow ✓, workflow → build ✗)
|
|
109
|
+
|
|
110
|
+
5. **Trace Data Flow**
|
|
111
|
+
|
|
112
|
+
**WHEN error is deep in call stack:**
|
|
113
|
+
|
|
114
|
+
See `root-cause-tracing.md` in this directory for the complete backward tracing technique.
|
|
115
|
+
|
|
116
|
+
**Quick version:**
|
|
117
|
+
- Where does bad value originate?
|
|
118
|
+
- What called this with bad value?
|
|
119
|
+
- Keep tracing up until you find the source
|
|
120
|
+
- Fix at source, not at symptom
|
|
121
|
+
|
|
122
|
+
### Phase 2: Pattern Analysis
|
|
123
|
+
|
|
124
|
+
**Find the pattern before fixing:**
|
|
125
|
+
|
|
126
|
+
1. **Find Working Examples**
|
|
127
|
+
- Locate similar working code in same codebase
|
|
128
|
+
- What works that's similar to what's broken?
|
|
129
|
+
|
|
130
|
+
2. **Compare Against References**
|
|
131
|
+
- If implementing pattern, read reference implementation COMPLETELY
|
|
132
|
+
- Don't skim - read every line
|
|
133
|
+
- Understand the pattern fully before applying
|
|
134
|
+
|
|
135
|
+
3. **Identify Differences**
|
|
136
|
+
- What's different between working and broken?
|
|
137
|
+
- List every difference, however small
|
|
138
|
+
- Don't assume "that can't matter"
|
|
139
|
+
|
|
140
|
+
4. **Understand Dependencies**
|
|
141
|
+
- What other components does this need?
|
|
142
|
+
- What settings, config, environment?
|
|
143
|
+
- What assumptions does it make?
|
|
144
|
+
|
|
145
|
+
### Phase 3: Hypothesis and Testing
|
|
146
|
+
|
|
147
|
+
**Scientific method:**
|
|
148
|
+
|
|
149
|
+
1. **Form Single Hypothesis**
|
|
150
|
+
- State clearly: "I think X is the root cause because Y"
|
|
151
|
+
- Write it down
|
|
152
|
+
- Be specific, not vague
|
|
153
|
+
|
|
154
|
+
2. **Test Minimally**
|
|
155
|
+
- Make the SMALLEST possible change to test hypothesis
|
|
156
|
+
- One variable at a time
|
|
157
|
+
- Don't fix multiple things at once
|
|
158
|
+
|
|
159
|
+
3. **Verify Before Continuing**
|
|
160
|
+
- Did it work? Yes → Phase 4
|
|
161
|
+
- Didn't work? Form NEW hypothesis
|
|
162
|
+
- DON'T add more fixes on top
|
|
163
|
+
|
|
164
|
+
4. **When You Don't Know**
|
|
165
|
+
- Say "I don't understand X"
|
|
166
|
+
- Don't pretend to know
|
|
167
|
+
- Ask for help
|
|
168
|
+
- Research more
|
|
169
|
+
|
|
170
|
+
### Phase 4: Implementation
|
|
171
|
+
|
|
172
|
+
**Fix the root cause, not the symptom:**
|
|
173
|
+
|
|
174
|
+
1. **Create Failing Test Case**
|
|
175
|
+
- Simplest possible reproduction
|
|
176
|
+
- Automated test if possible
|
|
177
|
+
- One-off test script if no framework
|
|
178
|
+
- MUST have before fixing
|
|
179
|
+
- Use the `superpowers:test-driven-development` skill for writing proper failing tests
|
|
180
|
+
|
|
181
|
+
2. **Implement Single Fix**
|
|
182
|
+
- Address the root cause identified
|
|
183
|
+
- ONE change at a time
|
|
184
|
+
- No "while I'm here" improvements
|
|
185
|
+
- No bundled refactoring
|
|
186
|
+
|
|
187
|
+
3. **Verify Fix**
|
|
188
|
+
- Test passes now?
|
|
189
|
+
- No other tests broken?
|
|
190
|
+
- Issue actually resolved?
|
|
191
|
+
|
|
192
|
+
4. **If Fix Doesn't Work**
|
|
193
|
+
- STOP
|
|
194
|
+
- Count: How many fixes have you tried?
|
|
195
|
+
- If < 3: Return to Phase 1, re-analyze with new information
|
|
196
|
+
- **If ≥ 3: STOP and question the architecture (step 5 below)**
|
|
197
|
+
- DON'T attempt Fix #4 without architectural discussion
|
|
198
|
+
|
|
199
|
+
5. **If 3+ Fixes Failed: Question Architecture**
|
|
200
|
+
|
|
201
|
+
**Pattern indicating architectural problem:**
|
|
202
|
+
- Each fix reveals new shared state/coupling/problem in different place
|
|
203
|
+
- Fixes require "massive refactoring" to implement
|
|
204
|
+
- Each fix creates new symptoms elsewhere
|
|
205
|
+
|
|
206
|
+
**STOP and question fundamentals:**
|
|
207
|
+
- Is this pattern fundamentally sound?
|
|
208
|
+
- Are we "sticking with it through sheer inertia"?
|
|
209
|
+
- Should we refactor architecture vs. continue fixing symptoms?
|
|
210
|
+
|
|
211
|
+
**Discuss with your human partner before attempting more fixes**
|
|
212
|
+
|
|
213
|
+
This is NOT a failed hypothesis - this is a wrong architecture.
|
|
214
|
+
|
|
215
|
+
## Red Flags - STOP and Follow Process
|
|
216
|
+
|
|
217
|
+
If you catch yourself thinking:
|
|
218
|
+
- "Quick fix for now, investigate later"
|
|
219
|
+
- "Just try changing X and see if it works"
|
|
220
|
+
- "Add multiple changes, run tests"
|
|
221
|
+
- "Skip the test, I'll manually verify"
|
|
222
|
+
- "It's probably X, let me fix that"
|
|
223
|
+
- "I don't fully understand but this might work"
|
|
224
|
+
- "Pattern says X but I'll adapt it differently"
|
|
225
|
+
- "Here are the main problems: [lists fixes without investigation]"
|
|
226
|
+
- Proposing solutions before tracing data flow
|
|
227
|
+
- **"One more fix attempt" (when already tried 2+)**
|
|
228
|
+
- **Each fix reveals new problem in different place**
|
|
229
|
+
|
|
230
|
+
**ALL of these mean: STOP. Return to Phase 1.**
|
|
231
|
+
|
|
232
|
+
**If 3+ fixes failed:** Question the architecture (see Phase 4.5)
|
|
233
|
+
|
|
234
|
+
## your human partner's Signals You're Doing It Wrong
|
|
235
|
+
|
|
236
|
+
**Watch for these redirections:**
|
|
237
|
+
- "Is that not happening?" - You assumed without verifying
|
|
238
|
+
- "Will it show us...?" - You should have added evidence gathering
|
|
239
|
+
- "Stop guessing" - You're proposing fixes without understanding
|
|
240
|
+
- "Ultra-think this" - Question fundamentals, not just symptoms
|
|
241
|
+
- "We're stuck?" (frustrated) - Your approach isn't working
|
|
242
|
+
|
|
243
|
+
**When you see these:** STOP. Return to Phase 1.
|
|
244
|
+
|
|
245
|
+
## Common Rationalizations
|
|
246
|
+
|
|
247
|
+
| Excuse | Reality |
|
|
248
|
+
|--------|---------|
|
|
249
|
+
| "Issue is simple, don't need process" | Simple issues have root causes too. Process is fast for simple bugs. |
|
|
250
|
+
| "Emergency, no time for process" | Systematic debugging is FASTER than guess-and-check thrashing. |
|
|
251
|
+
| "Just try this first, then investigate" | First fix sets the pattern. Do it right from the start. |
|
|
252
|
+
| "I'll write test after confirming fix works" | Untested fixes don't stick. Test first proves it. |
|
|
253
|
+
| "Multiple fixes at once saves time" | Can't isolate what worked. Causes new bugs. |
|
|
254
|
+
| "Reference too long, I'll adapt the pattern" | Partial understanding guarantees bugs. Read it completely. |
|
|
255
|
+
| "I see the problem, let me fix it" | Seeing symptoms ≠ understanding root cause. |
|
|
256
|
+
| "One more fix attempt" (after 2+ failures) | 3+ failures = architectural problem. Question pattern, don't fix again. |
|
|
257
|
+
|
|
258
|
+
## Quick Reference
|
|
259
|
+
|
|
260
|
+
| Phase | Key Activities | Success Criteria |
|
|
261
|
+
|-------|---------------|------------------|
|
|
262
|
+
| **1. Root Cause** | Read errors, reproduce, check changes, gather evidence | Understand WHAT and WHY |
|
|
263
|
+
| **2. Pattern** | Find working examples, compare | Identify differences |
|
|
264
|
+
| **3. Hypothesis** | Form theory, test minimally | Confirmed or new hypothesis |
|
|
265
|
+
| **4. Implementation** | Create test, fix, verify | Bug resolved, tests pass |
|
|
266
|
+
|
|
267
|
+
## When Process Reveals "No Root Cause"
|
|
268
|
+
|
|
269
|
+
If systematic investigation reveals issue is truly environmental, timing-dependent, or external:
|
|
270
|
+
|
|
271
|
+
1. You've completed the process
|
|
272
|
+
2. Document what you investigated
|
|
273
|
+
3. Implement appropriate handling (retry, timeout, error message)
|
|
274
|
+
4. Add monitoring/logging for future investigation
|
|
275
|
+
|
|
276
|
+
**But:** 95% of "no root cause" cases are incomplete investigation.
|
|
277
|
+
|
|
278
|
+
## Supporting Techniques
|
|
279
|
+
|
|
280
|
+
These techniques are part of systematic debugging and available in this directory:
|
|
281
|
+
|
|
282
|
+
- **`root-cause-tracing.md`** - Trace bugs backward through call stack to find original trigger
|
|
283
|
+
- **`defense-in-depth.md`** - Add validation at multiple layers after finding root cause
|
|
284
|
+
- **`condition-based-waiting.md`** - Replace arbitrary timeouts with condition polling
|
|
285
|
+
|
|
286
|
+
**Related skills:**
|
|
287
|
+
- **superpowers:test-driven-development** - For creating failing test case (Phase 4, Step 1)
|
|
288
|
+
- **superpowers:verification-before-completion** - Verify fix worked before claiming success
|
|
289
|
+
|
|
290
|
+
## Real-World Impact
|
|
291
|
+
|
|
292
|
+
From debugging sessions:
|
|
293
|
+
- Systematic approach: 15-30 minutes to fix
|
|
294
|
+
- Random fixes approach: 2-3 hours of thrashing
|
|
295
|
+
- First-time fix rate: 95% vs 40%
|
|
296
|
+
- New bugs introduced: Near zero vs common
|