natureco-cli 5.18.3 → 5.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/package.json +1 -1
- package/skills/a-b-testing/SKILL.md +34 -0
- package/skills/accessibility-audit/SKILL.md +34 -0
- package/skills/agent-memory/SKILL.md +34 -0
- package/skills/agent-orchestration/SKILL.md +34 -0
- package/skills/airunway-aks-setup/SKILL.md +73 -0
- package/skills/algorithmic-art/SKILL.md +405 -0
- package/skills/analytics-setup/SKILL.md +34 -0
- package/skills/api-design/SKILL.md +34 -0
- package/skills/api-versioning/SKILL.md +34 -0
- package/skills/appinsights-instrumentation/SKILL.md +76 -0
- package/skills/audio-transcription/SKILL.md +34 -0
- package/skills/authentication-patterns/SKILL.md +34 -0
- package/skills/authorization-rbac/SKILL.md +34 -0
- package/skills/azure-ai/SKILL.md +71 -0
- package/skills/azure-aigateway/SKILL.md +129 -0
- package/skills/azure-cloud-migrate/SKILL.md +52 -0
- package/skills/azure-compliance/SKILL.md +108 -0
- package/skills/azure-compute/SKILL.md +46 -0
- package/skills/azure-cost/SKILL.md +45 -0
- package/skills/azure-deploy/SKILL.md +97 -0
- package/skills/azure-diagnostics/SKILL.md +151 -0
- package/skills/azure-enterprise-infra-planner/SKILL.md +54 -0
- package/skills/azure-hosted-copilot-sdk/SKILL.md +89 -0
- package/skills/azure-kubernetes/SKILL.md +153 -0
- package/skills/azure-kusto/SKILL.md +231 -0
- package/skills/azure-messaging/SKILL.md +57 -0
- package/skills/azure-prepare/SKILL.md +165 -0
- package/skills/azure-quotas/SKILL.md +276 -0
- package/skills/azure-rbac/SKILL.md +17 -0
- package/skills/azure-reliability/SKILL.md +387 -0
- package/skills/azure-resource-lookup/SKILL.md +108 -0
- package/skills/azure-resource-visualizer/SKILL.md +183 -0
- package/skills/azure-storage/SKILL.md +100 -0
- package/skills/azure-upgrade/SKILL.md +91 -0
- package/skills/azure-validate/SKILL.md +72 -0
- package/skills/backup-strategy/SKILL.md +34 -0
- package/skills/bash-scripting/SKILL.md +34 -0
- package/skills/batch-api-calls/SKILL.md +34 -0
- package/skills/batch-processing/SKILL.md +34 -0
- package/skills/brainstorming/SKILL.md +159 -0
- package/skills/brand-guidelines/SKILL.md +73 -0
- package/skills/brandkit/SKILL.md +798 -0
- package/skills/brutalist-skill/SKILL.md +92 -0
- package/skills/bulk-file-operations/SKILL.md +34 -0
- package/skills/cache-responses/SKILL.md +34 -0
- package/skills/caching-strategy/SKILL.md +34 -0
- package/skills/calendar-optimization/SKILL.md +34 -0
- package/skills/canvas-design/SKILL.md +130 -0
- package/skills/cavecrew/SKILL.md +82 -0
- package/skills/caveman-commit/SKILL.md +65 -0
- package/skills/caveman-help/SKILL.md +63 -0
- package/skills/caveman-review/SKILL.md +55 -0
- package/skills/caveman-stats/SKILL.md +10 -0
- package/skills/changelog-generation/SKILL.md +34 -0
- package/skills/chat-bot-design/SKILL.md +34 -0
- package/skills/chunking-strategy/SKILL.md +34 -0
- package/skills/ci-cd-pipeline/SKILL.md +34 -0
- package/skills/classification-pipeline/SKILL.md +34 -0
- package/skills/claude-api/SKILL.md +356 -0
- package/skills/clipboard-master/SKILL.md +34 -0
- package/skills/code-explanation/SKILL.md +34 -0
- package/skills/code-generation/SKILL.md +34 -0
- package/skills/code-migration/SKILL.md +34 -0
- package/skills/code-review-checklist/SKILL.md +34 -0
- package/skills/composition-patterns/SKILL.md +89 -0
- package/skills/contact-management/SKILL.md +34 -0
- package/skills/content-generation/SKILL.md +34 -0
- package/skills/context-pruning/SKILL.md +34 -0
- package/skills/context-window-management/SKILL.md +34 -0
- package/skills/continuous-improvement/SKILL.md +34 -0
- package/skills/cron-scheduling/SKILL.md +34 -0
- package/skills/cross-platform-compat/SKILL.md +34 -0
- package/skills/csv-processing/SKILL.md +34 -0
- package/skills/daily-journal/SKILL.md +34 -0
- package/skills/data-analysis/SKILL.md +34 -0
- package/skills/data-backup/SKILL.md +34 -0
- package/skills/data-cleaning/SKILL.md +34 -0
- package/skills/data-extraction/SKILL.md +34 -0
- package/skills/data-validation/SKILL.md +34 -0
- package/skills/database-migrations/SKILL.md +34 -0
- package/skills/database-schema-design/SKILL.md +34 -0
- package/skills/decision-mapping/SKILL.md +84 -0
- package/skills/decision-matrix/SKILL.md +34 -0
- package/skills/dependency-management/SKILL.md +34 -0
- package/skills/deploy-to-vercel/SKILL.md +296 -0
- package/skills/design-an-interface/SKILL.md +94 -0
- package/skills/design-doc-mermaid/SKILL.md +498 -0
- package/skills/dev-environment-setup/SKILL.md +34 -0
- package/skills/develop-userscripts/SKILL.md +84 -0
- package/skills/distraction-blocker/SKILL.md +34 -0
- package/skills/doc-coauthoring/SKILL.md +375 -0
- package/skills/docker-optimization/SKILL.md +34 -0
- package/skills/document-template/SKILL.md +34 -0
- package/skills/documentation/SKILL.md +109 -0
- package/skills/documentation-gen/SKILL.md +34 -0
- package/skills/docx/SKILL.md +590 -0
- package/skills/edit-article/SKILL.md +15 -0
- package/skills/efficient-formatting/SKILL.md +34 -0
- package/skills/email-management/SKILL.md +34 -0
- package/skills/email-service/SKILL.md +34 -0
- package/skills/embedding-generation/SKILL.md +34 -0
- package/skills/entity-extraction/SKILL.md +34 -0
- package/skills/entra-agent-id/SKILL.md +356 -0
- package/skills/entra-app-registration/SKILL.md +191 -0
- package/skills/environment-config/SKILL.md +34 -0
- package/skills/error-handling/SKILL.md +34 -0
- package/skills/estimation-techniques/SKILL.md +34 -0
- package/skills/event-driven-architecture/SKILL.md +34 -0
- package/skills/excel-automation/SKILL.md +34 -0
- package/skills/execution-monitoring/SKILL.md +34 -0
- package/skills/expense-tracking/SKILL.md +34 -0
- package/skills/faceless-explainer/SKILL.md +202 -0
- package/skills/fastify/SKILL.md +75 -0
- package/skills/feature-engineering/SKILL.md +34 -0
- package/skills/feature-flags/SKILL.md +34 -0
- package/skills/file-conversion/SKILL.md +34 -0
- package/skills/file-upload-handling/SKILL.md +34 -0
- package/skills/fine-tuning-prep/SKILL.md +34 -0
- package/skills/focus-mode/SKILL.md +34 -0
- package/skills/form-validation/SKILL.md +34 -0
- package/skills/function-calling/SKILL.md +34 -0
- package/skills/general-video/SKILL.md +143 -0
- package/skills/git-guardrails-claude-code/SKILL.md +95 -0
- package/skills/git-workflow/SKILL.md +34 -0
- package/skills/github-actions-docs/SKILL.md +98 -0
- package/skills/goal-setting/SKILL.md +34 -0
- package/skills/gpt-tasteskill/SKILL.md +74 -0
- package/skills/graphql-design/SKILL.md +34 -0
- package/skills/grill-me/SKILL.md +7 -0
- package/skills/grilling/SKILL.md +10 -0
- package/skills/habit-tracker/SKILL.md +34 -0
- package/skills/hallucination-detection/SKILL.md +34 -0
- package/skills/handoff/SKILL.md +16 -0
- package/skills/hyperframes/SKILL.md +152 -0
- package/skills/hyperframes-animation/SKILL.md +82 -0
- package/skills/hyperframes-cli/SKILL.md +109 -0
- package/skills/hyperframes-core/SKILL.md +78 -0
- package/skills/hyperframes-creative/SKILL.md +68 -0
- package/skills/hyperframes-media/SKILL.md +97 -0
- package/skills/image-processing/SKILL.md +34 -0
- package/skills/image-to-code-skill/SKILL.md +1228 -0
- package/skills/imagegen-frontend-mobile/SKILL.md +1465 -0
- package/skills/imagegen-frontend-web/SKILL.md +987 -0
- package/skills/implement/SKILL.md +15 -0
- package/skills/init/SKILL.md +91 -0
- package/skills/internal-comms/SKILL.md +32 -0
- package/skills/json-transformation/SKILL.md +34 -0
- package/skills/keyboard-shortcuts/SKILL.md +34 -0
- package/skills/knowledge-base/SKILL.md +34 -0
- package/skills/knowledge-graph/SKILL.md +34 -0
- package/skills/kubernetes-deployment/SKILL.md +34 -0
- package/skills/language-translation/SKILL.md +34 -0
- package/skills/lark-approval/SKILL.md +56 -0
- package/skills/lark-base/SKILL.md +157 -0
- package/skills/lark-doc/SKILL.md +81 -0
- package/skills/lark-shared/SKILL.md +168 -0
- package/skills/lark-workflow-meeting-summary/SKILL.md +122 -0
- package/skills/linting-neostandard-eslint9/SKILL.md +64 -0
- package/skills/llm-chaining/SKILL.md +34 -0
- package/skills/localization-i18n/SKILL.md +34 -0
- package/skills/logging-best-practices/SKILL.md +34 -0
- package/skills/loop-me/SKILL.md +32 -0
- package/skills/machine-learning-pipeline/SKILL.md +34 -0
- package/skills/meeting-notes/SKILL.md +34 -0
- package/skills/meeting-scheduler/SKILL.md +34 -0
- package/skills/message-queues/SKILL.md +34 -0
- package/skills/message-summarization/SKILL.md +34 -0
- package/skills/microservices-architecture/SKILL.md +34 -0
- package/skills/microsoft-foundry/SKILL.md +262 -0
- package/skills/migrate-to-shoehorn/SKILL.md +118 -0
- package/skills/milestone-tracking/SKILL.md +34 -0
- package/skills/minimalist-skill/SKILL.md +85 -0
- package/skills/model-deployment/SKILL.md +34 -0
- package/skills/model-evaluation/SKILL.md +34 -0
- package/skills/monitoring-setup/SKILL.md +34 -0
- package/skills/monorepo-setup/SKILL.md +34 -0
- package/skills/motion-graphics/SKILL.md +170 -0
- package/skills/multi-agent-systems/SKILL.md +34 -0
- package/skills/music-to-video/SKILL.md +197 -0
- package/skills/network-troubleshooting/SKILL.md +34 -0
- package/skills/node/SKILL.md +94 -0
- package/skills/nodejs-core/SKILL.md +156 -0
- package/skills/note-organization/SKILL.md +34 -0
- package/skills/oauth/SKILL.md +186 -0
- package/skills/obsidian-vault/SKILL.md +59 -0
- package/skills/octocat/SKILL.md +93 -0
- package/skills/openclaw-secure-linux-cloud/SKILL.md +157 -0
- package/skills/opensource-guide-coach/SKILL.md +218 -0
- package/skills/output-skill/SKILL.md +49 -0
- package/skills/package-publishing/SKILL.md +34 -0
- package/skills/password-generator/SKILL.md +34 -0
- package/skills/pdf/SKILL.md +314 -0
- package/skills/pdf-processing/SKILL.md +34 -0
- package/skills/performance-optimization/SKILL.md +34 -0
- package/skills/pomodoro-timer/SKILL.md +34 -0
- package/skills/powershell-automation/SKILL.md +34 -0
- package/skills/pptx/SKILL.md +232 -0
- package/skills/pr-to-video/SKILL.md +235 -0
- package/skills/priority-filtering/SKILL.md +34 -0
- package/skills/product-launch-video/SKILL.md +205 -0
- package/skills/project-tracking/SKILL.md +34 -0
- package/skills/prompt-compression/SKILL.md +34 -0
- package/skills/prompt-engineering/SKILL.md +34 -0
- package/skills/push-notifications/SKILL.md +34 -0
- package/skills/python-appservice-deploy/SKILL.md +36 -0
- package/skills/qa/SKILL.md +130 -0
- package/skills/rag-implementation/SKILL.md +34 -0
- package/skills/rate-limiting/SKILL.md +34 -0
- package/skills/react-best-practices/SKILL.md +149 -0
- package/skills/react-native-skills/SKILL.md +121 -0
- package/skills/react-view-transitions/SKILL.md +320 -0
- package/skills/readme-i18n/SKILL.md +176 -0
- package/skills/real-time-communication/SKILL.md +34 -0
- package/skills/redesign-skill/SKILL.md +178 -0
- package/skills/refactoring-strategy/SKILL.md +34 -0
- package/skills/regex-mastery/SKILL.md +34 -0
- package/skills/remotion/SKILL.md +364 -0
- package/skills/report-generation/SKILL.md +34 -0
- package/skills/request-refactor-plan/SKILL.md +68 -0
- package/skills/research-compiler/SKILL.md +34 -0
- package/skills/resolving-merge-conflicts/SKILL.md +14 -0
- package/skills/responsive-design/SKILL.md +34 -0
- package/skills/rest-api-patterns/SKILL.md +34 -0
- package/skills/retrospectives/SKILL.md +34 -0
- package/skills/risk-assessment/SKILL.md +34 -0
- package/skills/roadmap-creation/SKILL.md +34 -0
- package/skills/running-claude-code-via-litellm-copilot/SKILL.md +263 -0
- package/skills/scaffold-exercises/SKILL.md +106 -0
- package/skills/search-implementation/SKILL.md +34 -0
- package/skills/secrets-management/SKILL.md +34 -0
- package/skills/secure-linux-web-hosting/SKILL.md +162 -0
- package/skills/security-audit/SKILL.md +34 -0
- package/skills/selective-memory/SKILL.md +34 -0
- package/skills/semantic-search/SKILL.md +34 -0
- package/skills/semantic-versioning/SKILL.md +34 -0
- package/skills/sentiment-analysis/SKILL.md +34 -0
- package/skills/seo-optimization/SKILL.md +34 -0
- package/skills/setup-pre-commit/SKILL.md +91 -0
- package/skills/shadcn/SKILL.md +267 -0
- package/skills/simple/SKILL.md +52 -0
- package/skills/skill-creator/SKILL.md +485 -0
- package/skills/skill-optimizer/SKILL.md +47 -0
- package/skills/skills-cli/SKILL.md +281 -0
- package/skills/slack-gif-creator/SKILL.md +254 -0
- package/skills/snipgrapher/SKILL.md +58 -0
- package/skills/snippet-manager/SKILL.md +34 -0
- package/skills/soft-skill/SKILL.md +98 -0
- package/skills/sprint-planning/SKILL.md +34 -0
- package/skills/sql-query-optimization/SKILL.md +34 -0
- package/skills/stakeholder-communication/SKILL.md +34 -0
- package/skills/state-management/SKILL.md +34 -0
- package/skills/statistical-analysis/SKILL.md +34 -0
- package/skills/stitch-skill/SKILL.md +184 -0
- package/skills/streaming-responses/SKILL.md +34 -0
- package/skills/structured-output/SKILL.md +34 -0
- package/skills/summarization-techniques/SKILL.md +34 -0
- package/skills/supabase/SKILL.md +135 -0
- package/skills/supabase-postgres-best-practices/SKILL.md +64 -0
- package/skills/system-diagnostics/SKILL.md +34 -0
- package/skills/systematic-debugging/SKILL.md +296 -0
- package/skills/talking-head-recut/SKILL.md +1191 -0
- package/skills/task-decomposition/SKILL.md +34 -0
- package/skills/task-prioritization/SKILL.md +34 -0
- package/skills/taste-skill/SKILL.md +1206 -0
- package/skills/taste-skill-v1/SKILL.md +226 -0
- package/skills/tdd/SKILL.md +108 -0
- package/skills/teach/SKILL.md +140 -0
- package/skills/template-library/SKILL.md +34 -0
- package/skills/test-driven-development/SKILL.md +371 -0
- package/skills/test-generation/SKILL.md +34 -0
- package/skills/testing-strategy/SKILL.md +34 -0
- package/skills/text-expansion/SKILL.md +34 -0
- package/skills/theme-factory/SKILL.md +59 -0
- package/skills/time-blocking/SKILL.md +34 -0
- package/skills/to-prd/SKILL.md +75 -0
- package/skills/token-budgeting/SKILL.md +34 -0
- package/skills/token-optimization/SKILL.md +34 -0
- package/skills/tool-calling-patterns/SKILL.md +34 -0
- package/skills/typescript-magician/SKILL.md +117 -0
- package/skills/tzst/SKILL.md +68 -0
- package/skills/ubiquitous-language/SKILL.md +93 -0
- package/skills/use-my-browser/SKILL.md +110 -0
- package/skills/using-superpowers/SKILL.md +121 -0
- package/skills/vector-database-setup/SKILL.md +34 -0
- package/skills/vercel-cli-with-tokens/SKILL.md +353 -0
- package/skills/vercel-optimize/SKILL.md +322 -0
- package/skills/video-editing/SKILL.md +34 -0
- package/skills/viral-instagram-reels/SKILL.md +180 -0
- package/skills/viral-short-form/SKILL.md +147 -0
- package/skills/viral-short-form-ideas/SKILL.md +184 -0
- package/skills/viral-tiktok-content/SKILL.md +180 -0
- package/skills/visualization-creation/SKILL.md +34 -0
- package/skills/web-artifacts-builder/SKILL.md +74 -0
- package/skills/web-design-guidelines/SKILL.md +39 -0
- package/skills/web-scraping/SKILL.md +34 -0
- package/skills/webapp-testing/SKILL.md +96 -0
- package/skills/webhook-handling/SKILL.md +34 -0
- package/skills/website-to-video/SKILL.md +145 -0
- package/skills/weekly-review/SKILL.md +34 -0
- package/skills/workflow-automation/SKILL.md +34 -0
- package/skills/writing-beats/SKILL.md +67 -0
- package/skills/writing-fragments/SKILL.md +79 -0
- package/skills/writing-great-skills/SKILL.md +82 -0
- package/skills/writing-guidelines/SKILL.md +39 -0
- package/skills/writing-plans/SKILL.md +174 -0
- package/skills/writing-shape/SKILL.md +79 -0
- package/skills/xdrop/SKILL.md +78 -0
- package/skills/xget/SKILL.md +87 -0
- package/skills/xlsx/SKILL.md +292 -0
- package/src/commands/code_v5.js +377 -73
- package/src/commands/repl.js +505 -86
- package/src/providers/model/anthropic.js +84 -0
- package/src/providers/model/gemini.js +49 -0
- package/src/providers/model/minimax.js +48 -0
- package/src/providers/model/ollama.js +42 -0
- package/src/providers/model/openai.js +49 -0
- package/src/providers/search/duckduckgo.js +45 -0
- package/src/providers/search/exa.js +52 -0
- package/src/providers/search/searxng.js +51 -0
- package/src/providers/search/tavily.js +47 -0
- package/src/tools/model_provider.js +71 -0
- package/src/tools/parallel_search.js +40 -49
- package/src/tools/search_provider.js +79 -0
- package/src/tools/skills_download.js +217 -0
- package/src/tools/web_search.js +42 -62
- package/src/tools/workflow.js +21 -9
- package/src/utils/cron.js +82 -126
- package/src/utils/effort-levels.js +42 -0
- package/src/utils/fallback-chain.js +72 -0
- package/src/utils/file-history.js +78 -0
- package/src/utils/model-provider.js +113 -0
- package/src/utils/permissions.js +147 -0
- package/src/utils/plan-mode.js +164 -0
- package/src/utils/provider-detect.js +7 -32
- package/src/utils/sandbox.js +60 -0
- package/src/utils/search-provider.js +62 -0
- package/src/utils/session-search.js +66 -0
- package/src/utils/structured-output.js +20 -0
- package/src/utils/system-prompt.js +28 -2
- package/src/utils/tasks.js +132 -0
- package/src/utils/tool-hooks.js +154 -0
- package/src/utils/tools.js +18 -2
- package/src/utils/ultra-review.js +59 -0
- package/src/utils/worktree.js +192 -0
|
@@ -0,0 +1,353 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: vercel-cli-with-tokens
|
|
3
|
+
description: Deploy and manage projects on Vercel using token-based authentication. Use when working with Vercel CLI using access tokens rather than interactive login — e.g. "deploy to vercel", "set up vercel", "add environment variables to vercel".
|
|
4
|
+
metadata:
|
|
5
|
+
author: vercel
|
|
6
|
+
version: "1.0.0"
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Vercel CLI with Tokens
|
|
10
|
+
|
|
11
|
+
Deploy and manage projects on Vercel using the CLI with token-based authentication, without relying on `vercel login`.
|
|
12
|
+
|
|
13
|
+
## Step 1: Locate the Vercel Token
|
|
14
|
+
|
|
15
|
+
Before running any Vercel CLI commands, identify where the token is coming from. Work through these scenarios in order:
|
|
16
|
+
|
|
17
|
+
### A) `VERCEL_TOKEN` is already set in the environment
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
printenv VERCEL_TOKEN
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
If this returns a value, you're ready. Skip to Step 2.
|
|
24
|
+
|
|
25
|
+
### B) Token is in a `.env` file under `VERCEL_TOKEN`
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
grep '^VERCEL_TOKEN=' .env 2>/dev/null
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
If found, export it:
|
|
32
|
+
|
|
33
|
+
```bash
|
|
34
|
+
export VERCEL_TOKEN=$(grep '^VERCEL_TOKEN=' .env | cut -d= -f2-)
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
### C) Token is in a `.env` file under a different name
|
|
38
|
+
|
|
39
|
+
Look for any variable that looks like a Vercel token (Vercel tokens typically start with `vca_`):
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
grep -i 'vercel' .env 2>/dev/null
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Inspect the output to identify which variable holds the token, then export it as `VERCEL_TOKEN`:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
export VERCEL_TOKEN=$(grep '^<VARIABLE_NAME>=' .env | cut -d= -f2-)
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
### D) No token found — ask the user
|
|
52
|
+
|
|
53
|
+
If none of the above yield a token, ask the user to provide one. They can create a Vercel access token at vercel.com/account/tokens.
|
|
54
|
+
|
|
55
|
+
---
|
|
56
|
+
|
|
57
|
+
**Important:** Once `VERCEL_TOKEN` is exported as an environment variable, the Vercel CLI reads it natively — **do not pass it as a `--token` flag**. Putting secrets in command-line arguments exposes them in shell history and process listings.
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
# Bad — token visible in shell history and process listings
|
|
61
|
+
vercel deploy --token "vca_abc123"
|
|
62
|
+
|
|
63
|
+
# Good — CLI reads VERCEL_TOKEN from the environment
|
|
64
|
+
export VERCEL_TOKEN="vca_abc123"
|
|
65
|
+
vercel deploy
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
## Step 2: Locate the Project and Team
|
|
69
|
+
|
|
70
|
+
Similarly, check for the project ID and team scope. These let the CLI target the right project without needing `vercel link`.
|
|
71
|
+
|
|
72
|
+
```bash
|
|
73
|
+
# Check environment
|
|
74
|
+
printenv VERCEL_PROJECT_ID
|
|
75
|
+
printenv VERCEL_ORG_ID
|
|
76
|
+
|
|
77
|
+
# Or check .env
|
|
78
|
+
grep -i 'vercel' .env 2>/dev/null
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
**If you have a project URL** (e.g. `https://vercel.com/my-team/my-project`), extract the team slug:
|
|
82
|
+
|
|
83
|
+
```bash
|
|
84
|
+
# e.g. "my-team" from "https://vercel.com/my-team/my-project"
|
|
85
|
+
echo "$PROJECT_URL" | sed 's|https://vercel.com/||' | cut -d/ -f1
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
**If you have both `VERCEL_ORG_ID` and `VERCEL_PROJECT_ID` in your environment**, export them — the CLI will use these automatically and skip any `.vercel/` directory:
|
|
89
|
+
|
|
90
|
+
```bash
|
|
91
|
+
export VERCEL_ORG_ID="<org-id>"
|
|
92
|
+
export VERCEL_PROJECT_ID="<project-id>"
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
Note: `VERCEL_ORG_ID` and `VERCEL_PROJECT_ID` must be set together — setting only one causes an error.
|
|
96
|
+
|
|
97
|
+
## CLI Setup
|
|
98
|
+
|
|
99
|
+
Ensure the Vercel CLI is installed and up to date:
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
npm install -g vercel
|
|
103
|
+
vercel --version
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
## Deploying a Project
|
|
107
|
+
|
|
108
|
+
Always deploy as **preview** unless the user explicitly requests production. Choose a method based on what you have available.
|
|
109
|
+
|
|
110
|
+
### Quick Deploy (have project ID — no linking needed)
|
|
111
|
+
|
|
112
|
+
When `VERCEL_TOKEN` and `VERCEL_PROJECT_ID` are set in the environment, deploy directly:
|
|
113
|
+
|
|
114
|
+
```bash
|
|
115
|
+
vercel deploy -y --no-wait
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
With a team scope (either via `VERCEL_ORG_ID` or `--scope`):
|
|
119
|
+
|
|
120
|
+
```bash
|
|
121
|
+
vercel deploy --scope <team-slug> -y --no-wait
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
Production (only when explicitly requested):
|
|
125
|
+
|
|
126
|
+
```bash
|
|
127
|
+
vercel deploy --prod --scope <team-slug> -y --no-wait
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
Check status:
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
vercel inspect <deployment-url>
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
### Full Deploy Flow (no project ID — need to link)
|
|
137
|
+
|
|
138
|
+
Use this when you have a token and team but no pre-existing project ID.
|
|
139
|
+
|
|
140
|
+
#### Check project state first
|
|
141
|
+
|
|
142
|
+
```bash
|
|
143
|
+
# Does the project have a git remote?
|
|
144
|
+
git remote get-url origin 2>/dev/null
|
|
145
|
+
|
|
146
|
+
# Is it already linked to a Vercel project?
|
|
147
|
+
cat .vercel/project.json 2>/dev/null || cat .vercel/repo.json 2>/dev/null
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
#### Link the project
|
|
151
|
+
|
|
152
|
+
**With git remote (preferred):**
|
|
153
|
+
|
|
154
|
+
```bash
|
|
155
|
+
vercel link --repo --scope <team-slug> -y
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
Reads the git remote and connects to the matching Vercel project. Creates `.vercel/repo.json`. More reliable than plain `vercel link`, which matches by directory name.
|
|
159
|
+
|
|
160
|
+
**Without git remote:**
|
|
161
|
+
|
|
162
|
+
```bash
|
|
163
|
+
vercel link --scope <team-slug> -y
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
Creates `.vercel/project.json`.
|
|
167
|
+
|
|
168
|
+
**Link to a specific project by name:**
|
|
169
|
+
|
|
170
|
+
```bash
|
|
171
|
+
vercel link --project <project-name> --scope <team-slug> -y
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
If the project is already linked, check `orgId` in `.vercel/project.json` or `.vercel/repo.json` to verify it matches the intended team.
|
|
175
|
+
|
|
176
|
+
#### Deploy after linking
|
|
177
|
+
|
|
178
|
+
**A) Git Push Deploy — has git remote (preferred)**
|
|
179
|
+
|
|
180
|
+
Git pushes trigger automatic Vercel deployments.
|
|
181
|
+
|
|
182
|
+
1. **Ask the user before pushing.** Never push without explicit approval.
|
|
183
|
+
2. Commit and push:
|
|
184
|
+
```bash
|
|
185
|
+
git add .
|
|
186
|
+
git commit -m "deploy: <description of changes>"
|
|
187
|
+
git push
|
|
188
|
+
```
|
|
189
|
+
3. Vercel builds automatically. Non-production branches get preview deployments.
|
|
190
|
+
4. Retrieve the deployment URL:
|
|
191
|
+
```bash
|
|
192
|
+
sleep 5
|
|
193
|
+
vercel ls --format json --scope <team-slug>
|
|
194
|
+
```
|
|
195
|
+
Find the latest entry in the `deployments` array.
|
|
196
|
+
|
|
197
|
+
**B) CLI Deploy — no git remote**
|
|
198
|
+
|
|
199
|
+
```bash
|
|
200
|
+
vercel deploy --scope <team-slug> -y --no-wait
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
Check status:
|
|
204
|
+
|
|
205
|
+
```bash
|
|
206
|
+
vercel inspect <deployment-url>
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
### Deploying from a Remote Repository (code not cloned locally)
|
|
210
|
+
|
|
211
|
+
1. Clone the repository:
|
|
212
|
+
```bash
|
|
213
|
+
git clone <repo-url>
|
|
214
|
+
cd <repo-name>
|
|
215
|
+
```
|
|
216
|
+
2. Link to Vercel:
|
|
217
|
+
```bash
|
|
218
|
+
vercel link --repo --scope <team-slug> -y
|
|
219
|
+
```
|
|
220
|
+
3. Deploy via git push (if you have push access) or CLI deploy.
|
|
221
|
+
|
|
222
|
+
### About `.vercel/` Directory
|
|
223
|
+
|
|
224
|
+
A linked project has either:
|
|
225
|
+
- `.vercel/project.json` — from `vercel link`. Contains `projectId` and `orgId`.
|
|
226
|
+
- `.vercel/repo.json` — from `vercel link --repo`. Contains `orgId`, `remoteName`, and a `projects` map.
|
|
227
|
+
|
|
228
|
+
Not needed when `VERCEL_ORG_ID` + `VERCEL_PROJECT_ID` are both set in the environment.
|
|
229
|
+
|
|
230
|
+
**Do NOT** run `vercel project inspect` or `vercel link` in an unlinked directory to detect state — they will interactively prompt or silently link as a side-effect. `vercel ls` is safe (in an unlinked directory it defaults to showing all deployments for the scope). `vercel whoami` is safe anywhere.
|
|
231
|
+
|
|
232
|
+
## Managing Environment Variables
|
|
233
|
+
|
|
234
|
+
```bash
|
|
235
|
+
# Set for all environments
|
|
236
|
+
echo "value" | vercel env add VAR_NAME --scope <team-slug>
|
|
237
|
+
|
|
238
|
+
# Set for a specific environment (production, preview, development)
|
|
239
|
+
echo "value" | vercel env add VAR_NAME production --scope <team-slug>
|
|
240
|
+
|
|
241
|
+
# List environment variables
|
|
242
|
+
vercel env ls --scope <team-slug>
|
|
243
|
+
|
|
244
|
+
# Pull env vars to local .env.local file
|
|
245
|
+
vercel env pull --scope <team-slug>
|
|
246
|
+
|
|
247
|
+
# Remove a variable
|
|
248
|
+
vercel env rm VAR_NAME --scope <team-slug> -y
|
|
249
|
+
```
|
|
250
|
+
|
|
251
|
+
## Inspecting Deployments
|
|
252
|
+
|
|
253
|
+
```bash
|
|
254
|
+
# List recent deployments
|
|
255
|
+
vercel ls --format json --scope <team-slug>
|
|
256
|
+
|
|
257
|
+
# Inspect a specific deployment
|
|
258
|
+
vercel inspect <deployment-url>
|
|
259
|
+
|
|
260
|
+
# View build logs (requires Vercel CLI v35+)
|
|
261
|
+
vercel inspect <deployment-url> --logs
|
|
262
|
+
|
|
263
|
+
# View runtime request logs (follows live by default; add --no-follow for a one-shot snapshot)
|
|
264
|
+
vercel logs <deployment-url>
|
|
265
|
+
```
|
|
266
|
+
|
|
267
|
+
## Managing Domains
|
|
268
|
+
|
|
269
|
+
```bash
|
|
270
|
+
# List domains
|
|
271
|
+
vercel domains ls --scope <team-slug>
|
|
272
|
+
|
|
273
|
+
# Add a domain to the project — linked or env-linked directory (1 arg)
|
|
274
|
+
vercel domains add <domain> --scope <team-slug>
|
|
275
|
+
|
|
276
|
+
# Add a domain — unlinked directory (requires <project> positional)
|
|
277
|
+
vercel domains add <domain> <project> --scope <team-slug>
|
|
278
|
+
```
|
|
279
|
+
|
|
280
|
+
## Stripe Projects Plan Changes
|
|
281
|
+
|
|
282
|
+
If this project is managed by Stripe Projects. **Ask the user before running any paid or destructive plan change** — upgrades bill a real card, downgrades remove seats.
|
|
283
|
+
|
|
284
|
+
First run `stripe projects status --json` to confirm the Vercel resource's local name. The examples below assume the default (`vercel-plan`); substitute the actual name if it was renamed at `stripe projects add` time.
|
|
285
|
+
|
|
286
|
+
- **Upgrade to Pro:** `stripe projects add vercel/pro` (or `stripe projects upgrade vercel-plan pro`)
|
|
287
|
+
- **Downgrade to Hobby:** `stripe projects downgrade vercel-plan hobby`
|
|
288
|
+
|
|
289
|
+
### What Pro gives you
|
|
290
|
+
|
|
291
|
+
- $20/month platform fee, includes $20/month of usage credit.
|
|
292
|
+
- Turbo build machines (30 vCPUs, 60 GB memory) by default for new projects — significantly faster builds than Hobby.
|
|
293
|
+
- 1 deploying seat + unlimited free Viewer seats (read-only collaborators, preview comments).
|
|
294
|
+
- Higher included allocations (1 TB Fast Data Transfer, 10M Edge Requests per month).
|
|
295
|
+
- Paid add-ons available: SAML SSO, HIPAA BAA, Flags Explorer, Observability Plus, Speed Insights, Web Analytics Plus.
|
|
296
|
+
|
|
297
|
+
Full details: https://vercel.com/docs/plans/pro-plan
|
|
298
|
+
|
|
299
|
+
## Working Agreement
|
|
300
|
+
|
|
301
|
+
- **Never pass `VERCEL_TOKEN` as a `--token` flag.** Export it as an environment variable and let the CLI read it natively.
|
|
302
|
+
- **Check the environment for tokens before asking the user.** Look in the current env and `.env` files first.
|
|
303
|
+
- **Default to preview deployments.** Only deploy to production when explicitly asked.
|
|
304
|
+
- **Ask before pushing to git.** Never push commits without the user's approval.
|
|
305
|
+
- **Do not modify `.vercel/` files directly.** The CLI manages this directory. Reading them (e.g. to verify `orgId`) is fine.
|
|
306
|
+
- **Do not curl/fetch deployed URLs to verify.** Just return the link to the user.
|
|
307
|
+
- **Use `--format json`** when structured output will help with follow-up steps.
|
|
308
|
+
- **Use `-y`** on commands that prompt for confirmation to avoid interactive blocking.
|
|
309
|
+
|
|
310
|
+
## Troubleshooting
|
|
311
|
+
|
|
312
|
+
### Token not found
|
|
313
|
+
|
|
314
|
+
Check the environment and any `.env` files present:
|
|
315
|
+
|
|
316
|
+
```bash
|
|
317
|
+
printenv | grep -i vercel
|
|
318
|
+
grep -i vercel .env 2>/dev/null
|
|
319
|
+
```
|
|
320
|
+
|
|
321
|
+
### Authentication error
|
|
322
|
+
|
|
323
|
+
If the CLI fails with `Authentication required`:
|
|
324
|
+
- The token may be expired or invalid.
|
|
325
|
+
- Verify: `vercel whoami` (uses `VERCEL_TOKEN` from environment).
|
|
326
|
+
- Ask the user for a fresh token.
|
|
327
|
+
|
|
328
|
+
### Wrong team
|
|
329
|
+
|
|
330
|
+
Verify the scope is correct:
|
|
331
|
+
|
|
332
|
+
```bash
|
|
333
|
+
vercel whoami --scope <team-slug>
|
|
334
|
+
```
|
|
335
|
+
|
|
336
|
+
### Build failure
|
|
337
|
+
|
|
338
|
+
Check the build logs:
|
|
339
|
+
|
|
340
|
+
```bash
|
|
341
|
+
vercel inspect <deployment-url> --logs
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
Common causes:
|
|
345
|
+
- Missing dependencies — ensure `package.json` is complete and committed.
|
|
346
|
+
- Missing environment variables — add with `vercel env add`.
|
|
347
|
+
- Framework misconfiguration — check `vercel.json`. Vercel auto-detects frameworks (Next.js, Remix, Vite, etc.) from `package.json`; override with `vercel.json` if detection is wrong.
|
|
348
|
+
|
|
349
|
+
### CLI not installed
|
|
350
|
+
|
|
351
|
+
```bash
|
|
352
|
+
npm install -g vercel
|
|
353
|
+
```
|
|
@@ -0,0 +1,322 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: vercel-optimize
|
|
3
|
+
description: "Use for Vercel cost and performance optimization on deployed projects, especially Next.js, SvelteKit, Nuxt, and limited Astro apps. Collect Vercel metrics, usage, project config, and code scan results first; investigate only metric-backed candidates; produce ranked recommendations grounded in verified files and version-aware Vercel/framework docs. Trigger for Vercel bill reduction, slow or expensive routes, caching opportunities, Function Invocations, Build Minutes, Fast Data Transfer, Core Web Vitals, Bot Management, Fluid compute, or cost breakdown requests."
|
|
4
|
+
metadata:
|
|
5
|
+
version: "1.2.0"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Vercel Optimize
|
|
9
|
+
|
|
10
|
+
Run an observability-first Vercel optimization audit. Do not inspect source files until `signals.json` exists and a deterministic gate points to a route, file, or project setting.
|
|
11
|
+
|
|
12
|
+
Core doctrine: read [references/doctrine.md](references/doctrine.md) if any rule is unclear.
|
|
13
|
+
|
|
14
|
+
- Metrics first. Recommendations start from Vercel production signals, not repo-wide grep.
|
|
15
|
+
- Deterministic gates. `scripts/gate-investigations.mjs` decides what deserves investigation.
|
|
16
|
+
- Candidate-bound scope. Read only files named by a candidate or a route-local import chain.
|
|
17
|
+
- Version-aware citations. Use only `references/docs-library.json`; invalid or version-mismatched citations are stripped.
|
|
18
|
+
- Customer copy. Read [references/voice.md](references/voice.md) before writing report text or chat output.
|
|
19
|
+
|
|
20
|
+
## Prerequisites
|
|
21
|
+
|
|
22
|
+
- Vercel CLI v53+ with `vercel metrics`, `vercel usage`, `vercel contract`, and `vercel api`.
|
|
23
|
+
- Authenticated CLI session: `vercel login`.
|
|
24
|
+
- Linked app directory: `vercel link`. `VERCEL_PROJECT_ID` can help resolve project config, but `vercel metrics` still requires directory linkage. The link or environment must include the intended project org/team/user scope so the collector can resolve a CLI-safe `--scope` and keep `vercel metrics`, `vercel usage`, and `vercel contract` on the same account.
|
|
25
|
+
- Node.js 20+.
|
|
26
|
+
- Observability Plus for route-level metric-backed recommendations.
|
|
27
|
+
|
|
28
|
+
Never put auth tokens in shell commands. Do not type `VERCEL_TOKEN=...`, `--token ...`, or `Authorization: Bearer ...` into commands that may be echoed in chat.
|
|
29
|
+
|
|
30
|
+
## Framework Support
|
|
31
|
+
|
|
32
|
+
The preflight reads `package.json` and sets expectations before metric fan-out.
|
|
33
|
+
|
|
34
|
+
| Framework | Status | Notes |
|
|
35
|
+
|---|---|---|
|
|
36
|
+
| Next.js App Router | supported | strongest route mapping, scanners, playbooks, citations |
|
|
37
|
+
| Next.js Pages Router | supported | scoped to Pages Router idioms when detected |
|
|
38
|
+
| SvelteKit | supported | route mapping for `src/routes` files and SvelteKit scanner |
|
|
39
|
+
| Nuxt | supported | route mapping plus generic/platform checks; fewer framework-specific recs |
|
|
40
|
+
| Astro | limited | route mapping plus generic checks; fewer framework-specific recs |
|
|
41
|
+
| Hono / Remix / unknown | blocked by default | continue only if the user accepts a limited platform/code-only audit |
|
|
42
|
+
|
|
43
|
+
If unsupported, stop and ask before scanning or gating:
|
|
44
|
+
|
|
45
|
+
```text
|
|
46
|
+
This project uses <framework>. Vercel Optimize supports metric-backed code recommendations for Next.js, SvelteKit, and Nuxt. Astro support is limited. For <framework>, I can still run a limited platform/scanner audit, but route-level Vercel metrics may not map back to source files.
|
|
47
|
+
|
|
48
|
+
Do you want me to continue with the limited audit, or stop here?
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
If the user continues, rerun collection with `--continue-unsupported-framework`.
|
|
52
|
+
|
|
53
|
+
## Run Directory
|
|
54
|
+
|
|
55
|
+
Use a fresh run directory for every audit. Do not reuse briefs, sub-agent outputs, or reports across runs.
|
|
56
|
+
|
|
57
|
+
```bash
|
|
58
|
+
RUN_DIR="$(mktemp -d -t vercel-optimize-XXXXXX)"
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
## Pipeline
|
|
62
|
+
|
|
63
|
+
### 1. Collect, scan, and merge signals
|
|
64
|
+
|
|
65
|
+
Run from the linked app directory or pass `--cwd` where a script supports it. Keep stdout JSON separate from stderr logs. Do not combine streams.
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
node scripts/collect-signals.mjs [projectId] > "$RUN_DIR/vercel-signals.json" 2> "$RUN_DIR/collect.stderr"
|
|
69
|
+
node -e 'JSON.parse(require("fs").readFileSync(process.argv[1], "utf8"))' "$RUN_DIR/vercel-signals.json"
|
|
70
|
+
|
|
71
|
+
node scripts/scan-codebase.mjs <repo-root> > "$RUN_DIR/codebase.json"
|
|
72
|
+
node scripts/merge-signals.mjs "$RUN_DIR/vercel-signals.json" "$RUN_DIR/codebase.json" --out "$RUN_DIR/signals.json"
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
Collection details, schemas, metric IDs, and degradation behavior live in [references/data-collection.md](references/data-collection.md). The metric registry is [lib/queries.mjs](lib/queries.mjs); keep all queries on the shared 14-day window.
|
|
76
|
+
|
|
77
|
+
`collect-signals.mjs` resolves the linked project owner to `commandScope.cliScope` and verifies that the resolved account can read the resolved project before it checks Observability Plus. Downstream scripts reuse that scope for every Vercel CLI command that accepts `--scope`. Do not run `vercel usage`, `vercel metrics`, or `vercel contract` manually without the same scope; unscoped usage can report the user's personal organization while route metrics come from the team project.
|
|
78
|
+
|
|
79
|
+
If project or scope resolution is ambiguous, stop and ask the user which Vercel project and team/personal scope they want audited. Do not infer the intended scope from the current `vercel whoami` team, and do not proceed with metrics, usage, or contract collection until the link, an exact project match in `.vercel/repo.json`, or `VERCEL_PROJECT_ID` + `VERCEL_ORG_ID` identifies the intended account.
|
|
80
|
+
|
|
81
|
+
Use this prompt for `PROJECT_SCOPE_UNRESOLVED`, `SCOPE_UNRESOLVED`, or `PROJECT_SCOPE_MISMATCH`:
|
|
82
|
+
|
|
83
|
+
```text
|
|
84
|
+
I can't safely identify the Vercel project and account for this audit yet.
|
|
85
|
+
|
|
86
|
+
Please confirm the Vercel project name or ID and the team slug/name, or tell me it's under your personal account. Once confirmed, I'll relink or rerun collection against that exact scope before checking metrics.
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
### 1.1 Stop on blockers
|
|
90
|
+
|
|
91
|
+
Check blockers before gating:
|
|
92
|
+
|
|
93
|
+
```bash
|
|
94
|
+
jq '{frameworkSupportBlocker, observabilityPlus, observabilityPlusUsable, observabilityPlusBlocker, observabilityPlusBlockerDetail}' "$RUN_DIR/signals.json"
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Required actions:
|
|
98
|
+
|
|
99
|
+
- `frameworkSupportBlocker === "unsupported_framework"`: use the unsupported-framework prompt above.
|
|
100
|
+
- `PROJECT_SCOPE_UNRESOLVED`, `SCOPE_UNRESOLVED`, or `PROJECT_SCOPE_MISMATCH`: stop and ask which Vercel project and team/personal scope the user wants audited. For team projects, rerun after `vercel link --yes --project <project-name-or-id> --team <team-slug>`; for personal projects, rerun after linking under the intended user account or after setting both `VERCEL_PROJECT_ID` and `VERCEL_ORG_ID`.
|
|
101
|
+
- `observabilityPlusBlocker === null`: continue.
|
|
102
|
+
- `no_traffic`: tell the user route metrics are sparse; continue only if they accept limited output.
|
|
103
|
+
- `payment_required` or `no_oplus_probe`: render [references/observability-plus.md](references/observability-plus.md) verbatim and ask.
|
|
104
|
+
- `project_disabled`: tell the user to enable Observability Plus for the project or accept a limited audit.
|
|
105
|
+
- `daily_quota_exceeded`: stop and tell the user the Observability query quota is exhausted; retry after the next UTC midnight reset, or ask whether to continue with a limited code-only audit.
|
|
106
|
+
- `not_linked`: link the app directory, then rerun Step 1. If app path and project are known:
|
|
107
|
+
|
|
108
|
+
```bash
|
|
109
|
+
vercel link --yes --project <project-name-or-id> --cwd <app-dir>
|
|
110
|
+
# add --team <team-id-or-slug> when known
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
- `forbidden` or `project_not_found`: fix auth/team scope. Do not pitch Observability Plus.
|
|
114
|
+
- `all_failed_other`: show the raw error code and ask whether to continue in limited code-only mode.
|
|
115
|
+
|
|
116
|
+
Do not silently fall back to code-only mode. If the user accepts a limited audit, rerun collection with:
|
|
117
|
+
|
|
118
|
+
```bash
|
|
119
|
+
node scripts/collect-signals.mjs [projectId] --continue-without-observability > "$RUN_DIR/vercel-signals.json" 2> "$RUN_DIR/collect.stderr"
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
Then scan and merge again.
|
|
123
|
+
|
|
124
|
+
### 2. Gate candidates
|
|
125
|
+
|
|
126
|
+
```bash
|
|
127
|
+
node scripts/gate-investigations.mjs "$RUN_DIR/signals.json" > "$RUN_DIR/gate.json"
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
Output shape:
|
|
131
|
+
|
|
132
|
+
- `toLaunch`: code-scope candidates to investigate.
|
|
133
|
+
- `platform`: project/account-scope recommendations.
|
|
134
|
+
- `gated`: skipped, covered, or disqualified candidates that must still appear in the report.
|
|
135
|
+
- `budget`: candidate budget and selection mode.
|
|
136
|
+
|
|
137
|
+
Default budget is 6 code-scope candidates with a diversity guardrail. To expand:
|
|
138
|
+
|
|
139
|
+
```bash
|
|
140
|
+
node scripts/gate-investigations.mjs "$RUN_DIR/signals.json" --max-candidates 12 > "$RUN_DIR/gate.json"
|
|
141
|
+
node scripts/gate-investigations.mjs "$RUN_DIR/signals.json" --max-candidates all > "$RUN_DIR/gate.json"
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
Generated candidate docs: [references/candidates.md](references/candidates.md).
|
|
145
|
+
|
|
146
|
+
### 2.1 Ask about audit scope when needed
|
|
147
|
+
|
|
148
|
+
Before deep-dive, run:
|
|
149
|
+
|
|
150
|
+
```bash
|
|
151
|
+
node scripts/budget-summary.mjs "$RUN_DIR/gate.json" --format json > "$RUN_DIR/budget-summary.json"
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
If `shouldAsk` is false, continue.
|
|
155
|
+
|
|
156
|
+
If `shouldAsk` is true:
|
|
157
|
+
|
|
158
|
+
1. Print `exactChatMessage.body` exactly as returned. Do not summarize, truncate, reorder, or rewrite it.
|
|
159
|
+
2. Then ask `questionText` using `questionPayload` when the host supports structured questions.
|
|
160
|
+
3. If the user chooses a different number, rerun the gate with `--max-candidates <choice>`.
|
|
161
|
+
|
|
162
|
+
Never put the long preview inside the question field. The preview and the question are separate surfaces.
|
|
163
|
+
|
|
164
|
+
### 2.2 Deep-dive and reconcile
|
|
165
|
+
|
|
166
|
+
```bash
|
|
167
|
+
node scripts/deep-dive.mjs "$RUN_DIR/signals.json" "$RUN_DIR/gate.json" --cwd <project-dir> > "$RUN_DIR/investigation-evidence.json"
|
|
168
|
+
|
|
169
|
+
node scripts/reconcile-candidates.mjs "$RUN_DIR/investigation-evidence.json" \
|
|
170
|
+
--gate "$RUN_DIR/gate.json" \
|
|
171
|
+
--out "$RUN_DIR/reconciled-investigation.json"
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
`--cwd` must be the linked project directory so `deep-dive.mjs` can verify the same project link and reuse `signals.json.commandScope.cliScope` for any follow-up `vercel metrics` calls.
|
|
175
|
+
|
|
176
|
+
Reconciliation deterministically converts disproven candidates into observations before any source investigation:
|
|
177
|
+
|
|
178
|
+
- `metric_mismatch`
|
|
179
|
+
- `error_storm`
|
|
180
|
+
- `deployment_regression`
|
|
181
|
+
- `scanner_only_no_metric`
|
|
182
|
+
|
|
183
|
+
### 2.3 Generate briefs and investigate
|
|
184
|
+
|
|
185
|
+
List the work:
|
|
186
|
+
|
|
187
|
+
```bash
|
|
188
|
+
node scripts/prepare-investigation-brief.mjs "$RUN_DIR/signals.json" "$RUN_DIR/reconciled-investigation.json" --list > "$RUN_DIR/briefs-manifest.json"
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
Generate one brief for every entry in `briefs-manifest.json.briefs`. The `group` can be `toLaunch` or `platform`; do not generate only `toLaunch` briefs.
|
|
192
|
+
|
|
193
|
+
```bash
|
|
194
|
+
mkdir -p "$RUN_DIR/briefs" "$RUN_DIR/sub-agent-outputs"
|
|
195
|
+
node scripts/prepare-investigation-brief.mjs "$RUN_DIR/signals.json" "$RUN_DIR/reconciled-investigation.json" \
|
|
196
|
+
--group <brief.group> --index <brief.index> --out "$RUN_DIR/briefs/<brief.group>-<brief.index>.md"
|
|
197
|
+
```
|
|
198
|
+
|
|
199
|
+
Use `briefs-manifest.json.briefs[].label` for visible worker names, for example `Low cache-hit route on /docs/llm-digest/[...slug]`, not `toLaunch-7`.
|
|
200
|
+
|
|
201
|
+
Fan-out rule:
|
|
202
|
+
|
|
203
|
+
- 1-2 briefs: investigate inline.
|
|
204
|
+
- 3+ briefs: spawn one sub-agent per brief when the host supports it.
|
|
205
|
+
- Hosts without sub-agents: run inline serially.
|
|
206
|
+
|
|
207
|
+
Sub-agent contract:
|
|
208
|
+
|
|
209
|
+
- The brief is the whole prompt.
|
|
210
|
+
- Read only files listed in the brief, plus route-local imports when needed.
|
|
211
|
+
- Emit one JSON recommendation or one JSON no-change finding using [references/recommendations.md](references/recommendations.md).
|
|
212
|
+
- Do not cite URLs outside the provided citation subset.
|
|
213
|
+
- Do not recommend framework features unavailable in the detected version.
|
|
214
|
+
|
|
215
|
+
If a sub-agent reaches for repo-wide grep, the candidate is malformed; drop or abstain rather than widening scope.
|
|
216
|
+
|
|
217
|
+
### 2.4 Collect outputs
|
|
218
|
+
|
|
219
|
+
Save each raw investigation result in `$RUN_DIR/sub-agent-outputs/`, then collect:
|
|
220
|
+
|
|
221
|
+
```bash
|
|
222
|
+
node scripts/collect-sub-agent-outputs.mjs \
|
|
223
|
+
--manifest "$RUN_DIR/briefs-manifest.json" \
|
|
224
|
+
--out "$RUN_DIR/recommendations.json" \
|
|
225
|
+
"$RUN_DIR/sub-agent-outputs/"
|
|
226
|
+
```
|
|
227
|
+
|
|
228
|
+
The collector extracts JSON, prepends pre-resolved records, enforces manifest order, and fails on missing, duplicate, unknown, or mismatched `candidateRef` values.
|
|
229
|
+
|
|
230
|
+
### 3. Verify recommendations
|
|
231
|
+
|
|
232
|
+
```bash
|
|
233
|
+
node scripts/verify-and-regen.mjs "$RUN_DIR/recommendations.json" \
|
|
234
|
+
--signals "$RUN_DIR/signals.json" \
|
|
235
|
+
--repo-root <project-dir> \
|
|
236
|
+
--out "$RUN_DIR/verify.json"
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
This script extracts claims, verifies files/citations/version fit, grades quality, applies sanitizers, emits `verifiedRecommendations`, `withheldRecommendations`, `renderableRecommendations`, and creates `regenPlan` for failed or unsafe recommendations.
|
|
240
|
+
|
|
241
|
+
Recommendation schema, writing rules, sanitizer order, and grading rules: [references/recommendations.md](references/recommendations.md). Verification rules: [references/verification.md](references/verification.md).
|
|
242
|
+
|
|
243
|
+
For each `regenPlan` entry, rerun the same brief with a `Previous attempt failed these checks` section listing `topFailures`. Keep the regenerated output only if verification improves without gutting citations.
|
|
244
|
+
|
|
245
|
+
### 4. Render report and final message
|
|
246
|
+
|
|
247
|
+
```bash
|
|
248
|
+
node scripts/render-report.mjs "$RUN_DIR/verify.json" "$RUN_DIR/gate.json" "$RUN_DIR/signals.json" \
|
|
249
|
+
--project <name> \
|
|
250
|
+
--out "$RUN_DIR/report.md" \
|
|
251
|
+
--message-out "$RUN_DIR/final-message.json"
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
Use `--debug-out "$RUN_DIR/debug.json"` only when developing the skill. Customer Markdown and chat output must not expose `passRate`, `quality`, sanitizer trails, raw sub-agent names, or other implementation fields.
|
|
255
|
+
|
|
256
|
+
After rendering, print `final-message.json.body` verbatim and stop. Do not add highlights, debug notes, raw counts, sub-agent summaries, or extra explanation. Render-time dedupe, platform caps, and hard-safety drops can change the customer-visible count, so never summarize from raw `verify.json`.
|
|
257
|
+
|
|
258
|
+
Report structure and impact framing: [references/scoring.md](references/scoring.md).
|
|
259
|
+
|
|
260
|
+
## Recommendation Rules
|
|
261
|
+
|
|
262
|
+
Every recommendation must:
|
|
263
|
+
|
|
264
|
+
- Trace to a launched candidate, platform candidate, pre-resolved observation, or verified traffic-independent scanner finding.
|
|
265
|
+
- Include observed metric evidence from `signals.json` or `evidence.deepDive`.
|
|
266
|
+
- Cite verified files with line numbers when code is involved.
|
|
267
|
+
- Include at least one allowed citation that applies to the detected framework/version.
|
|
268
|
+
- Use precise observed performance numbers.
|
|
269
|
+
- Use cost magnitude phrases only; never customer-facing `$N` savings.
|
|
270
|
+
- Do not recommend duration reductions for Vercel Workflow runtime endpoints (`/.well-known/workflow/v1/*`). These are generated orchestration routes for durable step/flow execution and should be hard-gated before investigation.
|
|
271
|
+
- Workflow recommendations must name the boundary being changed. Valid examples: enqueue durable work and return a run ID instead of awaiting completion, fix stream replay/closure/locks, or reduce verified excess Workflow Steps/Storage. Do not infer cost savings from Workflow endpoint wall-clock duration.
|
|
272
|
+
- For streaming, SSE, resumable chat, or other intentionally long-lived routes, do not frame wall-clock function duration as a problem by itself. Require evidence of avoidable pre-first-byte work, high active CPU, duplicate invocations, or post-response work that can move out of the user-visible path.
|
|
273
|
+
- Name a specific cache policy when recommending caching.
|
|
274
|
+
- Keep unsafe responses dynamic unless evidence proves they are safe to cache: auth-sensitive paths, errors, fallback responses, missing content, invalid requests, geolocation/device-varying output, and unversioned dynamic URLs.
|
|
275
|
+
|
|
276
|
+
Never recommend "verify X is on" for facts already present in `signals.project`, including Fluid compute status, memory tier, regions, in-function concurrency, and timeout.
|
|
277
|
+
|
|
278
|
+
## Scanner Rules
|
|
279
|
+
|
|
280
|
+
Scanner findings are supplementary. Drop findings annotated `COLD-PATH` or `NO-ROUTE-MAPPING` unless the scanner declares `metadata.trafficIndependent === true`.
|
|
281
|
+
|
|
282
|
+
Traffic-independent examples: middleware matcher, source maps, React Compiler config, build settings. Route-local cache or data-fetch patterns need route-level traffic evidence.
|
|
283
|
+
|
|
284
|
+
Scanner docs: [references/scanner-patterns.md](references/scanner-patterns.md).
|
|
285
|
+
|
|
286
|
+
## Final Customer Terms
|
|
287
|
+
|
|
288
|
+
Use:
|
|
289
|
+
|
|
290
|
+
- `recommendations ready`
|
|
291
|
+
- `observations from investigation`
|
|
292
|
+
- `investigated, no change recommended`
|
|
293
|
+
- `not investigated in this run`
|
|
294
|
+
|
|
295
|
+
Avoid:
|
|
296
|
+
|
|
297
|
+
- `sub-agent`
|
|
298
|
+
- `abstention`
|
|
299
|
+
- `passRate`
|
|
300
|
+
- `quality score`
|
|
301
|
+
- `gate`
|
|
302
|
+
- `LLM`
|
|
303
|
+
|
|
304
|
+
## Failure Copy
|
|
305
|
+
|
|
306
|
+
Use these messages without adding sales copy or process detail.
|
|
307
|
+
|
|
308
|
+
**No traffic in the last 14 days:**
|
|
309
|
+
|
|
310
|
+
> This project has no meaningful traffic in the last 14 days, so route-level metrics are sparse. I can still check traffic-independent scanner findings and project settings, but I cannot rank route fixes until traffic accumulates.
|
|
311
|
+
|
|
312
|
+
**Route-level metrics unavailable:**
|
|
313
|
+
|
|
314
|
+
> Use the verbatim choice template in [references/observability-plus.md](references/observability-plus.md). Do not silently fall back to code-only mode; present the two-path choice: enable Observability Plus and rerun the metric-backed audit, or accept a limited code-only run.
|
|
315
|
+
|
|
316
|
+
**Project is not linked:**
|
|
317
|
+
|
|
318
|
+
> This worktree is not linked to a Vercel project. Run `vercel link --yes --project <project-name-or-id> --cwd <app-dir>` and rerun the audit. If the team is known, add `--team <team-id-or-slug>`.
|
|
319
|
+
|
|
320
|
+
**Most route-to-file mappings failed:**
|
|
321
|
+
|
|
322
|
+
> The route inventory matched fewer than half of the routes we saw in observability. This is common in monorepos with custom routing. I've surfaced what I can match; the rest appear in the "Not investigated in this run" section.
|