opencode-skills-antigravity 1.0.20 → 1.0.22

package/bundled-skills/claude-monitor/scripts/api_bench.py

@@ -34,6 +34,17 @@ ENDPOINTS = [
 ]
 
 
+def create_tls_context():
+    """Cria contexto TLS restringindo conexoes a TLS 1.2+."""
+    context = ssl.create_default_context()
+    if hasattr(ssl, "TLSVersion"):
+        context.minimum_version = ssl.TLSVersion.TLSv1_2
+    else:
+        context.options |= getattr(ssl, "OP_NO_TLSv1", 0)
+        context.options |= getattr(ssl, "OP_NO_TLSv1_1", 0)
+    return context
+
+
 def test_tcp_latency(host, port, timeout=5):
     """Testa latência TCP para um host:port."""
     try:
@@ -49,7 +60,7 @@ def test_tcp_latency(host, port, timeout=5):
 def test_tls_handshake(host, port=443, timeout=5):
     """Testa tempo do handshake TLS."""
     try:
-        context = ssl.create_default_context()
+        context = create_tls_context()
         start = time.time()
         with socket.create_connection((host, port), timeout=timeout) as sock:
             with context.wrap_socket(sock, server_hostname=host) as ssock:

package/bundled-skills/docs/integrations/jetski-cortex.md

@@ -1,9 +1,9 @@
 ---
 title: Jetski/Cortex + Gemini Integration Guide
-description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.329+ skill."
+description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.331+ skill."
 ---
 
-# Jetski/Cortex + Gemini: integrazione sicura con 1.329+ skill
+# Jetski/Cortex + Gemini: integrazione sicura con 1.331+ skill
 
 Questa guida mostra come integrare il repository `antigravity-awesome-skills` con un agente basato su **Jetski/Cortex + Gemini** (o framework simili) **senza superare il context window** del modello.
 
@@ -23,7 +23,7 @@ Non bisogna mai:
 - concatenare il contenuto di tutte le `SKILL.md` in un singolo system prompt;
 - reiniettare l’intera libreria per **ogni** richiesta.
 
-Con oltre 1.329 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
+Con oltre 1.331 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
 
 ---
 

package/bundled-skills/docs/integrations/jetski-gemini-loader/README.md

@@ -20,7 +20,7 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je
 - How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`.
 - How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`.
 
-This pattern avoids context overflow when you have 1,329+ skills installed.
+This pattern avoids context overflow when you have 1,331+ skills installed.
 
 ---
 

package/bundled-skills/docs/maintainers/repo-growth-seo.md

@@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t
 
 Preferred positioning:
 
-> Installable GitHub library of 1,329+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
+> Installable GitHub library of 1,331+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
 
 Key framing:
 
@@ -20,7 +20,7 @@ Key framing:
 
 Preferred description:
 
-> Installable GitHub library of 1,329+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
+> Installable GitHub library of 1,331+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
 
 Preferred homepage:
 
@@ -28,7 +28,7 @@ Preferred homepage:
 
 Preferred social preview:
 
-- use a clean preview image that says `1,329+ Agentic Skills`;
+- use a clean preview image that says `1,331+ Agentic Skills`;
 - mention Claude Code, Cursor, Codex CLI, and Gemini CLI;
 - avoid dense text and tiny logos that disappear in social cards.
 

package/bundled-skills/docs/maintainers/skills-update-guide.md

@@ -69,7 +69,7 @@ For manual updates, you need:
 The update process refreshes:
 - Skills index (`skills_index.json`)
 - Web app skills data (`apps\web-app\public\skills.json`)
-- All 1,329+ skills from the skills directory
+- All 1,331+ skills from the skills directory
 
 ## When to Update
 

package/bundled-skills/docs/users/bundles.md

@@ -673,4 +673,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open
 
 ---
 
-_Last updated: March 2026 | Total Skills: 1,329+ | Total Bundles: 37_
+_Last updated: March 2026 | Total Skills: 1,331+ | Total Bundles: 37_

package/bundled-skills/docs/users/claude-code-skills.md

@@ -12,7 +12,7 @@ Install the library into Claude Code, then invoke focused skills directly in the
 
 ## Why use this repo for Claude Code
 
-- It includes 1,329+ skills instead of a narrow single-domain starter pack.
+- It includes 1,331+ skills instead of a narrow single-domain starter pack.
 - It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow.
 - It also ships generated bundle plugins so teams can install focused packs like `Essentials` or `Security Developer` from the marketplace metadata.
 - It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin.

package/bundled-skills/docs/users/gemini-cli-skills.md

@@ -12,7 +12,7 @@ Install into the Gemini skills path, then ask Gemini to apply one skill at a tim
 
 - It installs directly into the expected Gemini skills path.
 - It includes both core software engineering skills and deeper agent/LLM-oriented skills.
-- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,329+ files.
+- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,331+ files.
 - It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly.
 
 ## Install Gemini CLI Skills

package/bundled-skills/docs/users/getting-started.md

@@ -1,4 +1,4 @@
-# Getting Started with Antigravity Awesome Skills (V9.0.0)
+# Getting Started with Antigravity Awesome Skills (V9.1.0)
 
 **New here? This guide will help you supercharge your AI Agent in 5 minutes.**
 

package/bundled-skills/docs/users/kiro-integration.md

@@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines:
 
 Kiro's agentic capabilities are enhanced by skills that provide:
 
-- **Domain expertise** across 1,329+ specialized areas
+- **Domain expertise** across 1,331+ specialized areas
 - **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS
 - **Workflow automation** for common development tasks
 - **AWS-specific patterns** for serverless, infrastructure, and cloud architecture

package/bundled-skills/docs/users/usage.md

@@ -14,7 +14,7 @@ If you came in through a **Claude Code** or **Codex** plugin instead of a full l
 
 When you ran `npx antigravity-awesome-skills` or cloned the repository, you:
 
-✅ **Downloaded 1,329+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
+✅ **Downloaded 1,331+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
 ✅ **Made them available** to your AI assistant  
 ❌ **Did NOT enable them all automatically** (they're just sitting there, waiting)
 
@@ -34,7 +34,7 @@ Bundles are **curated groups** of skills organized by role. They help you decide
 
 **Analogy:**
 
-- You installed a toolbox with 1,329+ tools (✅ done)
+- You installed a toolbox with 1,331+ tools (✅ done)
 - Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools"
 - You can either **pick skills from the tray** or install that tray as a focused marketplace bundle plugin
 
@@ -212,7 +212,7 @@ Let's actually use a skill right now. Follow these steps:
 
 ## Step 5: Picking Your First Skills (Practical Advice)
 
-Don't try to use all 1,329+ skills at once. Here's a sensible approach:
+Don't try to use all 1,331+ skills at once. Here's a sensible approach:
 
 If you want a tool-specific starting point before choosing skills, use:
 
@@ -343,7 +343,7 @@ Usually no, but if your AI doesn't recognize a skill:
 
 ### "Can I load all skills into the model at once?"
 
-No. Even though you have 1,329+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
+No. Even though you have 1,331+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
 
 The intended pattern is:
 

package/bundled-skills/docs/users/visual-guide.md

@@ -34,7 +34,7 @@ antigravity-awesome-skills/
 ├── 📄 CONTRIBUTING.md                  ← Contributor workflow
 ├── 📄 CATALOG.md                       ← Full generated catalog
 │
-├── 📁 skills/                          ← 1,329+ skills live here
+├── 📁 skills/                          ← 1,331+ skills live here
 │   │
 │   ├── 📁 brainstorming/
 │   │   └── 📄 SKILL.md                 ← Skill definition
@@ -47,7 +47,7 @@ antigravity-awesome-skills/
 │   │   └── 📁 2d-games/
 │   │       └── 📄 SKILL.md             ← Nested skills also supported
 │   │
-│   └── ... (1,329+ total)
+│   └── ... (1,331+ total)
 │
 ├── 📁 apps/
 │   └── 📁 web-app/                     ← Interactive browser
@@ -100,7 +100,7 @@ antigravity-awesome-skills/
 
 ```
                     ┌─────────────────────────┐
-                    │  1,329+ SKILLS          │
+                    │  1,331+ SKILLS          │
                     └────────────┬────────────┘
                                  │
         ┌────────────────────────┼────────────────────────┐
@@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill
 │   ├── 📁 brainstorming/                 │
 │   ├── 📁 stripe-integration/            │
 │   ├── 📁 react-best-practices/          │
-│   └── ... (1,329+ total)                │
+│   └── ... (1,331+ total)                │
 └─────────────────────────────────────────┘
 ```
 

package/bundled-skills/loki-mode/examples/todo-app-generated/backend/package-lock.json

@@ -1110,9 +1110,9 @@
       }
     },
     "node_modules/path-to-regexp": {
-      "version": "0.1.12",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
-      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==",
+      "version": "0.1.13",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz",
+      "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==",
       "license": "MIT"
     },
     "node_modules/prebuild-install": {

package/bundled-skills/loki-mode/examples/todo-app-generated/backend/package.json

@@ -24,6 +24,7 @@
   },
   "overrides": {
     "diff": "4.0.4",
+    "path-to-regexp": "0.1.13",
     "qs": "^6.15.0"
   }
 }

package/bundled-skills/loki-mode/examples/todo-app-generated/frontend/package-lock.json

@@ -1527,9 +1527,9 @@
       "license": "ISC"
     },
     "node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {

package/bundled-skills/loki-mode/examples/todo-app-generated/frontend/package.json

@@ -23,6 +23,7 @@
     "react-dom": "^19.2.3"
   },
   "overrides": {
+    "picomatch": "4.0.4",
     "rollup": "^4.59.0"
   }
 }

package/bundled-skills/phase-gated-debugging/SKILL.md

@@ -0,0 +1,70 @@
+---
+name: phase-gated-debugging
+description: "Use when debugging any bug. Enforces a 5-phase protocol where code edits are blocked until root cause is confirmed. Prevents premature fix attempts."
+risk: safe
+source: community
+date_added: "2026-03-28"
+---
+
+# Phase-Gated Debugging
+
+## Overview
+
+AI coding agents see an error and immediately edit code. They guess at fixes, get it wrong, and spiral. This skill enforces a strict 5-phase protocol where you CANNOT edit source code until the root cause is identified and confirmed.
+
+Based on [claude-debug](https://github.com/krabat-l/claude-debug) (full plugin with PreToolUse hook enforcement).
+
+## When to Use
+
+Use this skill when:
+
+- a bug keeps getting "fixed" without resolving the underlying issue
+- you need to slow an agent down and force disciplined debugging before code edits
+- the failure is intermittent, a regression, performance-related, or otherwise hard to isolate
+- you want an explicit user confirmation checkpoint before any fix is applied
+
+## The Protocol
+
+### Phase 1: REPRODUCE
+Run the failing command/test. Capture the exact error. Run 2-3 times for consistency.
+- Do NOT read source code
+- Do NOT hypothesize
+- Do NOT edit any files
+
+### Phase 2: ISOLATE
+Read code. Add diagnostic logging marked `// DEBUG`. Re-run with diagnostics. Binary search to narrow down.
+- Only `// DEBUG` marked logging is allowed
+- Do NOT fix the bug even if you see it
+
+### Phase 3: ROOT CAUSE
+Analyze WHY at the isolated location. Use "5 Whys" technique. Remove debug logging.
+
+State: "This is my root cause analysis: [explanation]. Do you agree, or should I investigate further?"
+
+**WAIT for user confirmation. Do NOT proceed without it.**
+
+### Phase 4: FIX
+Remove all `// DEBUG` lines. Apply minimal change addressing confirmed root cause.
+- Only edit files related to root cause
+- Do NOT refactor unrelated code
+
+### Phase 5: VERIFY
+Run original failing test — must pass. Run related tests. For intermittent bugs, run 5+ times.
+If verification fails: root cause was wrong, go back to Phase 2.
+
+## Bug-Type Strategies
+
+| Type | Technique |
+|------|-----------|
+| Crash/Panic | Stack trace backward — trace the bad value to its source |
+| Wrong Output | Binary search — log midpoint, halve search space each iteration |
+| Intermittent | Compare passing vs failing run logs — find ordering divergence |
+| Regression | `git bisect` — find the offending commit |
+| Performance | Timing at stage boundaries — find the bottleneck |
+
+## Key Rules
+
+1. NEVER edit source code in phases 1-3 (except `// DEBUG` in phase 2)
+2. NEVER proceed past phase 3 without user confirmation
+3. ALWAYS reproduce before investigating
+4. ALWAYS verify after fixing

package/bundled-skills/saas-multi-tenant/SKILL.md

@@ -0,0 +1,183 @@
+---
+name: saas-multi-tenant
+description: "Design and implement multi-tenant SaaS architectures with row-level security, tenant-scoped queries, shared-schema isolation, and safe cross-tenant admin patterns in PostgreSQL and TypeScript."
+risk: safe
+source: community
+date_added: "2026-03-28"
+tags: [multi-tenancy, saas, row-level-security, postgresql, tenant-isolation]
+tools: [claude, cursor, gemini]
+---
+
+# SaaS Multi-Tenant Architecture
+
+## When to Use This Skill
+
+- The user is building a SaaS application where multiple customers share the same database
+- The user asks about tenant isolation, row-level security, or data leakage prevention
+- The user needs to scope every database query to a specific tenant without manual WHERE clauses
+- The user asks about shared-schema vs schema-per-tenant vs database-per-tenant tradeoffs
+- The user is implementing admin endpoints that must access data across tenants
+- The user needs to add `tenant_id` columns to an existing single-tenant application
+- The user asks about PostgreSQL RLS policies for tenant isolation
+- The user is building tenant-aware middleware in Express, Fastify, or Next.js API routes
+
+Do NOT use this skill when:
+- The user is building a single-user application with no shared infrastructure
+- The user asks about authentication only without tenant scoping (use an auth skill instead)
+- The user needs general database schema design without multi-tenancy requirements
+
+## Core Workflow
+
+1. Determine the tenancy model. Ask the user about their scale expectations and isolation requirements. For most SaaS apps under 1000 tenants, shared-schema with a `tenant_id` column on every table is the correct default. Schema-per-tenant adds operational overhead (migrations run N times). Database-per-tenant is only justified when tenants have regulatory data residency requirements.
+
+2. Add `tenant_id` to every tenant-scoped table. The column must be `NOT NULL`, type `UUID` or `TEXT`, and included in every composite index. Never allow a tenant-scoped table to exist without this column — a missing `tenant_id` is a data leak waiting to happen.
+
+3. Set up PostgreSQL Row-Level Security (RLS). Create a policy on each tenant-scoped table that filters rows by `current_setting('app.current_tenant_id')`. This acts as a database-level safety net — even if application code forgets a WHERE clause, RLS blocks cross-tenant reads.
+
+4. Build tenant-aware middleware. At the start of every request, extract the `tenant_id` from the authenticated session or JWT claims. Set it on the database connection using `SET LOCAL app.current_tenant_id = '...'` inside a transaction. Every subsequent query in that request inherits the tenant scope automatically.
+
+5. Scope all ORM queries by tenant. If using Prisma, apply a global middleware that injects `where: { tenantId }` into every `findMany`, `findFirst`, `update`, and `delete` call. If using Drizzle, create a base query builder that includes the tenant filter. Never rely on developers remembering to add the filter manually.
+
+6. Handle tenant-aware migrations. Every new table migration must include `tenant_id` as a column. Write a linting rule or CI check that rejects any migration creating a table without `tenant_id` unless the table is explicitly marked as global (e.g., `plans`, `feature_flags`).
+
+7. Build cross-tenant admin routes separately. Admin endpoints that aggregate data across tenants must bypass RLS explicitly using `SET LOCAL role = 'admin_bypass'` or a dedicated database role. These routes must be protected by a separate admin authentication flow — never reuse tenant user sessions for admin access.
+
+8. Implement tenant provisioning. When a new customer signs up, create their tenant record, seed default data (roles, settings, onboarding state), and assign the founding user. Wrap this in a database transaction so partial provisioning never leaves orphan records.
+
+## Examples
+
+### Example 1: PostgreSQL RLS Policy for Tenant Isolation
+
+```sql
+-- Enable RLS on the table
+ALTER TABLE projects ENABLE ROW LEVEL SECURITY;
+ALTER TABLE projects FORCE ROW LEVEL SECURITY;
+
+-- Policy: users can only see rows where tenant_id matches the session variable
+CREATE POLICY tenant_isolation ON projects
+  USING (tenant_id = current_setting('app.current_tenant_id')::uuid);
+
+-- Policy for INSERT: new rows must match the current tenant
+CREATE POLICY tenant_insert ON projects
+  FOR INSERT
+  WITH CHECK (tenant_id = current_setting('app.current_tenant_id')::uuid);
+```
+
+### Example 2: Express Middleware That Sets Tenant Context per Request
+
+```typescript
+import { Pool } from "pg";
+
+const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+
+async function tenantMiddleware(req, res, next) {
+  const tenantId = req.auth?.tenantId; // extracted from JWT during auth
+  if (!tenantId) return res.status(403).json({ error: "No tenant context" });
+
+  const client = await pool.connect();
+  try {
+    await client.query("BEGIN");
+    // Use set_config — SET LOCAL does not accept bind placeholders ($1)
+    await client.query("SELECT set_config('app.current_tenant_id', $1, true)", [tenantId]);
+    req.db = client;
+    req.tenantId = tenantId;
+
+    // Cleanup on response finish — guarantees release even if handler skips next()
+    res.on("finish", async () => {
+      try { await client.query("COMMIT"); } catch { await client.query("ROLLBACK"); }
+      client.release();
+    });
+
+    next();
+  } catch (err) {
+    await client.query("ROLLBACK").catch(() => {});
+    client.release();
+    next(err);
+  }
+}
+```
+
+### Example 3: Prisma Middleware for Automatic Tenant Scoping
+
+```typescript
+import { PrismaClient } from "@prisma/client";
+
+// Tables that do NOT have tenant_id (global tables)
+const GLOBAL_TABLES = new Set(["Plan", "FeatureFlag", "SystemConfig"]);
+
+function createTenantPrisma(tenantId: string): PrismaClient {
+  const prisma = new PrismaClient();
+
+  prisma.$use(async (params, next) => {
+    if (GLOBAL_TABLES.has(params.model ?? "")) return next(params);
+
+    // Initialize args.where — Prisma passes undefined args for calls like findMany()
+    params.args = params.args ?? {};
+    params.args.where = params.args.where ?? {};
+
+    // Inject tenant filter on reads (skip findUnique — it only accepts unique-field selectors)
+    if (["findMany", "findFirst", "count", "aggregate"].includes(params.action)) {
+      params.args.where = { ...params.args.where, tenantId };
+    }
+
+    // Inject tenant_id on creates
+    if (["create", "createMany"].includes(params.action)) {
+      params.args.data = params.args.data ?? {};
+      if (params.action === "createMany") {
+        params.args.data = params.args.data.map((d: any) => ({ ...d, tenantId }));
+      } else {
+        params.args.data = { ...params.args.data, tenantId };
+      }
+    }
+
+    // Scope updates and deletes
+    if (["update", "updateMany", "delete", "deleteMany"].includes(params.action)) {
+      params.args.where = { ...params.args.where, tenantId };
+    }
+
+    return next(params);
+  });
+
+  return prisma;
+}
+```
+
+## Never Do This
+
+1. **Never query a tenant-scoped table without a `tenant_id` filter.** Even if your ORM middleware handles it, raw SQL queries bypass middleware entirely. Every raw query must include `WHERE tenant_id = $1` or rely on RLS. A single unscoped `SELECT * FROM invoices` leaks every customer's billing data.
+
+2. **Never store `tenant_id` only in the application session without enforcing it at the database level.** Application-layer filtering is a suggestion. RLS is enforcement. If a bug in your middleware skips the tenant filter, only RLS prevents the data leak. Run both layers.
+
+3. **Never use auto-incrementing integer IDs for tenant-scoped resources.** Sequential IDs (`invoice #1042`) let attackers enumerate other tenants' resources by incrementing the ID. Use UUIDs for all tenant-scoped primary keys. Reserve integer IDs for internal-only tables.
+
+4. **Never let tenant users access admin aggregation endpoints.** A route like `GET /admin/metrics` that queries across all tenants must never be reachable with a regular tenant JWT. Use a separate authentication mechanism (API key, admin role claim with a different issuer) for cross-tenant routes.
+
+5. **Never run migrations with RLS enabled on the migration connection.** The migration user needs to create tables, add columns, and modify policies. If RLS is active on the migration connection, `ALTER TABLE` commands may silently fail or affect only the "current tenant's" view. Use a dedicated superuser or `bypassrls` role for migrations.
+
+6. **Never share connection pools across tenants when using `SET LOCAL`.** If you use `SET LOCAL app.current_tenant_id` inside a transaction, that setting is scoped to the transaction. But if a previous request's transaction was not properly committed or rolled back, the connection returns to the pool with stale tenant context. Always `RESET app.current_tenant_id` in the cleanup path.
+
+## Edge Cases
+
+1. **Tenant deletion and data retention.** When a tenant cancels their subscription, you cannot simply `DELETE FROM tenants WHERE id = $1`. Foreign key cascades may time out on large datasets. Instead, soft-delete the tenant (set `deleted_at`), revoke all user sessions, then run a background job that deletes tenant data in batches over hours or days.
+
+2. **Tenant data export for GDPR/compliance.** When a tenant requests a full data export, you need to query every tenant-scoped table for that `tenant_id` and package it. Build a registry of all tenant-scoped tables (parse your migration files or maintain a manifest) so the export job doesn't miss tables added after the export feature was built.
+
+3. **Shared resources between tenants.** Some features require shared state — e.g., a marketplace where Tenant A's products are visible to Tenant B's users. These tables need a different RLS policy: read access is public (no tenant filter), but write access is still scoped to the owning tenant. Model these as `owner_tenant_id` instead of `tenant_id`.
+
+4. **Tenant-aware background jobs.** When a cron job or queue worker processes tasks, there is no HTTP request to extract `tenant_id` from. The job payload must include `tenant_id`, and the worker must set the database session variable before processing. Never run background jobs without tenant context — they will either fail on RLS or bypass it entirely.
+
+5. **Connection pool exhaustion with schema-per-tenant.** If you use one PostgreSQL schema per tenant and each schema requires its own connection pool, 500 tenants means 500 pools. This exhausts `max_connections` fast. Use a connection pooler like PgBouncer in transaction mode, or switch to shared-schema before hitting this wall.
+
+## Best Practices
+
+1. **Create a `tenants` table as the single source of truth.** Every `tenant_id` foreign key in every table points back to `tenants.id`. Include columns for `name`, `slug` (for subdomain routing), `plan_id`, `created_at`, and `deleted_at`. This table is the root of your entire data model.
+
+2. **Index `tenant_id` as the first column in every composite index.** PostgreSQL uses leftmost prefix matching for composite indexes. An index on `(tenant_id, created_at)` serves both "all items for tenant X" and "items for tenant X sorted by date." An index on `(created_at, tenant_id)` only helps date-range queries across all tenants.
+
+3. **Use subdomains or path prefixes for tenant routing.** `acme.yourapp.com` or `yourapp.com/org/acme` — both work. Map the subdomain or path to a `tenant_id` lookup at the edge (middleware or reverse proxy). This lookup should be cached (Redis or in-memory with 60s TTL) since it runs on every single request.
+
+4. **Separate tenant-scoped tables from global tables explicitly.** Maintain a list (code constant or database table) of which tables are global (no `tenant_id`) and which are tenant-scoped. Use this list in your ORM middleware, your migration linter, and your data export job. If a table isn't in either list, the CI check should fail.
+
+5. **Test with at least 3 tenants in your seed data.** A single tenant in development hides every multi-tenancy bug. Two tenants hides bugs where the first tenant's data leaks to the second but not vice versa. Three tenants catches ordering and filtering bugs that only appear with multiple peers.
+
+6. **Rate-limit and quota per tenant, not globally.** A global rate limit of 1000 requests/minute means one noisy tenant can exhaust the quota for everyone. Implement per-tenant rate limiting using a Redis key pattern like `ratelimit:{tenant_id}:{endpoint}` with a sliding window counter.

package/bundled-skills/threejs-animation/SKILL.md

@@ -12,22 +12,23 @@ source: community
 ```javascript
 import * as THREE from "three";
 
-// Simple procedural animation
-const clock = new THREE.Clock();
+// Simple procedural animation with Timer (recommended in r183)
+const timer = new THREE.Timer();
 
-function animate() {
-  const delta = clock.getDelta();
-  const elapsed = clock.getElapsedTime();
+renderer.setAnimationLoop(() => {
+  timer.update();
+  const delta = timer.getDelta();
+  const elapsed = timer.getElapsed();
 
   mesh.rotation.y += delta;
   mesh.position.y = Math.sin(elapsed) * 0.5;
 
-  requestAnimationFrame(animate);
   renderer.render(scene, camera);
-}
-animate();
+});
 ```
 
+**Note:** `THREE.Timer` is recommended over `THREE.Clock` as of r183. Timer pauses when the page is hidden and has a cleaner API. `THREE.Clock` still works but is considered legacy.
+
 ## Animation System Overview
 
 Three.js animation system has three main components:
@@ -118,6 +119,10 @@ track.setInterpolation(THREE.InterpolateSmooth); // Cubic spline
 track.setInterpolation(THREE.InterpolateDiscrete); // Step function
 ```
 
+### BezierInterpolant (r183)
+
+Three.js r183 adds `THREE.BezierInterpolant` for bezier curve interpolation in keyframe tracks, enabling smoother animation curves with tangent control.
+
 ## AnimationMixer
 
 Plays animations on an object and its descendants.

package/bundled-skills/threejs-fundamentals/SKILL.md

@@ -416,7 +416,24 @@ function dispose() {
 }
 ```
 
-### Clock for Animation
+### Timer and Clock for Animation
+
+**Timer (recommended in r183)** - pauses when tab is hidden, cleaner API:
+
+```javascript
+const timer = new THREE.Timer();
+
+renderer.setAnimationLoop(() => {
+  timer.update();
+  const delta = timer.getDelta();
+  const elapsed = timer.getElapsed();
+
+  mesh.rotation.y += delta * 0.5;
+  renderer.render(scene, camera);
+});
+```
+
+**Clock (legacy, still works):**
 
 ```javascript
 const clock = new THREE.Clock();
@@ -432,6 +449,17 @@ function animate() {
 }
 ```
 
+### Animation Loop
+
+Prefer `renderer.setAnimationLoop()` over manual `requestAnimationFrame`. It handles WebXR compatibility and is the standard Three.js pattern:
+
+```javascript
+renderer.setAnimationLoop(() => {
+  controls.update();
+  renderer.render(scene, camera);
+});
+```
+
 ### Responsive Canvas
 
 ```javascript
@@ -483,6 +511,21 @@ lod.addLevel(lowDetailMesh, 100);
 scene.add(lod);
 ```
 
+## WebGPU Renderer (r183)
+
+Three.js includes an experimental WebGPU renderer as an alternative to WebGL:
+
+```javascript
+import { WebGPURenderer } from "three/addons/renderers/webgpu/WebGPURenderer.js";
+
+const renderer = new WebGPURenderer({ antialias: true });
+await renderer.init();
+renderer.setSize(window.innerWidth, window.innerHeight);
+document.body.appendChild(renderer.domElement);
+```
+
+WebGPU uses TSL (Three.js Shading Language) instead of GLSL. The WebGL renderer remains the default and is fully supported.
+
 ## See Also
 
 - `threejs-geometry` - Geometry creation and manipulation