sequant 1.0.0 → 1.1.1

package/templates/skills/qa/references/code-quality-exemplars.md

@@ -1,36 +1,31 @@
 # Code Quality Exemplars
 
-## ✅ Good Example: Content Ideas Queue (Issue #146)
+## ✅ Good Example: Feature Dashboard (Complex Feature)
 
-
-
-**AC:** Content Ideas Queue with filtering, pagination, bulk actions, and scoring (17 AC items)
+**AC:** Dashboard with filtering, pagination, bulk actions, and analytics (17 AC items)
 
 **Changes** (1553 net LOC, 20 files):
-- `components/admin/news/ContentIdeasList.tsx` (new, 349 LOC) - Main queue interface
-- `components/admin/news/IdeaDetailModal.tsx` (new, 205 LOC) - Full-screen review modal
-- `components/admin/news/IdeaScoringForm.tsx` (new, 160 LOC) - Interactive scoring UI
-- `components/admin/news/IdeasFilters.tsx` (new, 134 LOC) - Multi-criteria filtering
-- `components/admin/news/IdeaCard.tsx` (new, 125 LOC) - Compact card view
-- `components/admin/news/IdeaActions.tsx` (new, 44 LOC) - Action buttons
-- `lib/queries/news.ts` (modified, +318 LOC) - Database queries for ideas
-- `app/admin/news/ideas/page.tsx` (modified, +137 LOC) - Main route
-- `types/database.ts` (modified, type regeneration with +383/-554 LOC)
-- `types/news.ts` (new, 87 LOC) - Type definitions
-- 5 API routes (promote, archive, score, bulk actions)
+- `components/feature/Dashboard.tsx` (new, 349 LOC) - Main interface
+- `components/feature/DetailModal.tsx` (new, 205 LOC) - Full-screen detail view
+- `components/feature/FilterPanel.tsx` (new, 134 LOC) - Multi-criteria filtering
+- `components/feature/ItemCard.tsx` (new, 125 LOC) - Compact card view
+- `components/feature/ActionButtons.tsx` (new, 44 LOC) - Action buttons
+- `lib/queries/feature.ts` (modified, +318 LOC) - Database queries
+- `app/dashboard/page.tsx` (modified, +137 LOC) - Main route
+- `types/feature.ts` (new, 87 LOC) - Type definitions
+- 5 API routes (create, update, delete, bulk actions)
 
 **Why it's A+:**
 - ✅ Every file directly serves an AC item (17 AC → ~1500 LOC = 88 LOC/AC)
 - ✅ Size proportional to scope (complex feature with 6 components + 5 API routes)
 - ✅ Zero scope creep - no refactoring of unrelated code
-- ✅ Type safety improved (removed all 'as never' assertions, added proper types)
-- ✅ Follows existing admin patterns (List + Card + Modal + Actions)
+- ✅ Type safety maintained (proper types, no `any` usage)
+- ✅ Follows existing patterns in codebase
 - ✅ Clear separation of concerns (UI, data, types, API)
-- ✅ Comprehensive: filtering, pagination, bulk operations, scoring
-- ✅ Build succeeds, all 280 tests pass
+- ✅ Build succeeds, all tests pass
 
 **Automated Checks:**
-- Type issues: 0 (actually improved type safety)
+- Type issues: 0
 - Deleted tests: 0
 - Files changed: 20
 - Diff size: +2107 -554 (net: +1553)
@@ -42,17 +37,17 @@
 
 ## ⚠️ Acceptable but Not A+
 
-**AC:** Add bulk edit modal for shops (6 AC items)
+**AC:** Add bulk edit modal (6 AC items)
 
 **Changes** (420 net LOC, 12 files):
-- `components/admin/shops/BulkEditModal.tsx` (new, 280 LOC)
-- `lib/queries/shops.ts` (modified, +85 LOC)
-- `app/admin/shops/review/actions.ts` (modified, +45 LOC)
+- `components/feature/BulkEditModal.tsx` (new, 280 LOC)
+- `lib/queries/items.ts` (modified, +85 LOC)
+- `app/feature/actions.ts` (modified, +45 LOC)
 - 9 other files (minor changes, imports, types)
 
 **Issues:**
 - ⚠️ BulkEditModal is 280 LOC - could be split into smaller components
-- ⚠️ Added 3 utility functions to `lib/utils/formatting.ts` not directly used
+- ⚠️ Added 3 utility functions not directly used by AC
 - ⚠️ Changed formatting in 2 unrelated files ("while I was here" changes)
 
 **Why it's acceptable:**
@@ -79,12 +74,12 @@
 
 ## ❌ Needs Rework
 
-**AC:** Display shop reviews on detail page (3 simple AC items)
+**AC:** Display reviews on detail page (3 simple AC items)
 
 **Changes** (890 net LOC, 23 files):
 - Rewrote entire reviews system (not in AC)
-- Added new reviews API routes (not in AC)
-- Refactored unrelated shop queries (not in AC)
+- Added new API routes (not in AC)
+- Refactored unrelated queries (not in AC)
 - Changed database schema without migration (BLOCKER)
 - Removed type annotations from 5 functions (type safety violation)
 - Deleted 2 test files to "make build pass" (BLOCKER)

package/templates/skills/qa/references/code-review-checklist.md

@@ -21,7 +21,7 @@ git diff main...HEAD --name-only | grep "^scripts/"
 
 ### 2. Pattern Compliance
 Do new scripts follow existing patterns?
-- Scripts: Inline Supabase client, env validation, CLI flags (`--dry-run`, `--limit`)
+- Scripts: Database client setup, env validation, CLI flags (`--dry-run`, `--limit`)
 - Components: Follow established admin patterns (List + Card + Modal)
 - Compare with similar files: `ls scripts/fix/` or `ls components/admin/`
 
@@ -42,23 +42,12 @@ If adding new scripts/commands, should they be documented?
 
 Skip trivial formatting if the repo already has automated formatting tools.
 
-## RLS-Protected Table Access Check
+## Database Access Check
 
-Admin pages must use `supabaseAdmin`:
-
-```bash
-rls_tables="content_updates|content_ideas|fact_check_logs"
-admin_files=$(git diff main...HEAD --name-only | grep -E "^app/admin/")
-if [[ -n "$admin_files" ]]; then
-  for file in $admin_files; do
-    if [[ -f "$file" ]]; then
-      if grep -q "from '@/lib/supabase'" "$file" && grep -qE "\.from\(['\"]($rls_tables)['\"]" "$file"; then
-        echo "❌ BLOCKER: $file uses anon client for RLS-protected table"
-      fi
-    fi
-  done
-fi
-```
+If project uses a database with access controls:
+- Verify admin pages use admin/service client (not anonymous client)
+- Check that sensitive tables are accessed with proper permissions
+- Review any new database queries for proper authorization
 
 ## Integration Check
 

package/templates/skills/qa/scripts/quality-checks.sh

@@ -45,26 +45,13 @@ else
   echo "❌ Size: Very large (>500 net LOC) - may indicate scope creep"
 fi
 
-# 6. RLS-protected table access check (admin pages must use supabaseAdmin)
+# 6. Database access check (admin pages should use proper access controls)
 echo ""
-echo "🔒 Checking RLS-protected table access..."
-rls_tables="content_updates|content_ideas|fact_check_logs"
+echo "🔒 Checking database access patterns..."
 admin_files=$(git diff main...HEAD --name-only | grep -E "^app/admin/" || true)
 if [[ -n "$admin_files" ]]; then
-  rls_violations=0
-  for file in $admin_files; do
-    if [[ -f "$file" ]]; then
-      # Check if file imports anon client and queries RLS-protected tables
-      if grep -q "from '@/lib/supabase'" "$file" && grep -qE "\.from\(['\"]($rls_tables)['\"]" "$file"; then
-        echo "❌ BLOCKER: $file uses anon client for RLS-protected table"
-        echo "   Fix: Use supabaseAdmin from '@/lib/supabase-admin' instead"
-        rls_violations=$((rls_violations + 1))
-      fi
-    fi
-  done
-  if [[ $rls_violations -eq 0 ]]; then
-    echo "✅ RLS access: No violations found in admin files"
-  fi
+  echo "   Admin files modified - manually verify proper database access controls"
+  echo "   (admin pages should use service/admin clients, not anonymous clients)"
 else
   echo "   No admin files modified"
 fi

package/templates/skills/reflect/SKILL.md

@@ -10,7 +10,6 @@ allowed-tools:
   - Write
   - Glob
   - Grep
-  - mcp__supabase__execute_sql
 ---
 
 # Reflection Agent
@@ -137,7 +136,10 @@ Generate a checklist:
 
 ## Workflow Analytics
 
-For `/reflect workflow`, use the SQL queries in [workflow-queries.ts](scripts/workflow-queries.ts) to analyze historical data.
+For `/reflect workflow`, analyze:
+- Log files in `/tmp/claude-issue-*.log`
+- Git history and commit patterns
+- Issue comments and PR history
 
 See [phase-reflection.md](references/phase-reflection.md) for phase-specific guidance.
 
@@ -157,3 +159,17 @@ At the end of reflection, ask:
 - Did I identify root causes or just symptoms?
 - Will these changes be maintainable long-term?
 - Am I in the right workflow phase for this reflection focus?
+
+---
+
+## Output Verification
+
+**Before responding, verify your output includes ALL of these:**
+
+- [ ] **Session Summary** - What was accomplished, what went well, friction points
+- [ ] **Effectiveness Analysis** - Token efficiency, context gathering, pattern reuse
+- [ ] **Proposed Changes** - Specific changes with target files and rationale
+- [ ] **Documentation Health** - Line count, bloat assessment, recommendations
+- [ ] **Action Items** - Checklist of concrete next steps
+
+**DO NOT respond until all items are verified.**

package/templates/skills/reflect/references/documentation-tiers.md

@@ -25,9 +25,9 @@ Organize information by access frequency:
 - Review quarterly
 
 **Current specialized docs:**
-- `CITY_COVERAGE.md` - Coverage analysis workflow
-- `SHOP_DISCOVERY.md` - Discovery & enrichment pipeline
-- `TESTING.md` - UI testing patterns
+- `ARCHITECTURE.md` - System architecture overview
+- `DATA_PIPELINE.md` - Data processing workflows
+- `TESTING.md` - Testing patterns and strategies
 - `ADMIN_CMS_ARCHITECTURE.md` - Full CMS architecture
 
 ## Tier 3: Archive (docs/archive/)

package/templates/skills/security-review/SKILL.md

@@ -342,3 +342,18 @@ EOF
 - Trace session lifecycle
 - Review token handling
 - Check for timing vulnerabilities
+
+---
+
+## Output Verification
+
+**Before responding, verify your output includes ALL of these:**
+
+- [ ] **Security Domain** - Identified domains (Auth, API, Admin, Data, Infra)
+- [ ] **Threat Model Summary** - Attack surface, threat actors, attack vectors
+- [ ] **Findings by Severity** - Critical, High, Medium, Low/Informational
+- [ ] **Checklist Status Table** - Passed/Failed/Manual counts per domain
+- [ ] **Verdict** - SECURE, WARNINGS, or ISSUES_FOUND
+- [ ] **GitHub Comment** - Security review posted to issue
+
+**DO NOT respond until all items are verified.**

package/templates/skills/security-review/references/security-checklists.md

@@ -151,8 +151,8 @@ if (user.role !== 'admin') throw new ForbiddenError()
 
 **Bad:**
 ```typescript
-const shop = await db.shops.findUnique({ where: { id: shopId } })
-// Missing: .eq('owner_id', user.id)
+const item = await db.items.findUnique({ where: { id: itemId } })
+// Missing: ownership verification (e.g., where: { id: itemId, owner_id: user.id })
 ```
 
 ### AUTHZ-4: Horizontal Privilege Escalation
@@ -174,12 +174,12 @@ const shop = await db.shops.findUnique({ where: { id: shopId } })
 
 **How to Verify:**
 ```bash
-grep -r "audit\|logAction\|shop_enrichment_log" lib/ app/admin/
+grep -r "audit\|logAction\|createAuditLog" lib/ app/admin/
 ```
 
 **Good:**
 ```typescript
-await logAuditEvent({ action: 'approve_shop', actor: userId, target: shopId })
+await logAuditEvent({ action: 'approve_item', actor: userId, target: itemId })
 ```
 
 ---
@@ -217,18 +217,20 @@ const { name } = req.body // No validation
 
 **How to Verify:**
 ```bash
-grep -r "\.from\(" lib/ app/ | grep -v "supabase"
 grep -r "raw\|execute\|query" lib/ app/
 ```
 
 **Good:**
 ```typescript
-supabase.from('shops').select('*').eq('id', shopId)
+// Using ORM with parameterized queries
+db.items.findUnique({ where: { id: itemId } })
+// Or query builder with parameters
+db.from('items').select('*').eq('id', itemId)
 ```
 
 **Bad:**
 ```typescript
-db.query(`SELECT * FROM shops WHERE id = ${shopId}`)
+db.query(`SELECT * FROM items WHERE id = ${itemId}`)
 ```
 
 ### API-4: Rate Limiting
@@ -290,7 +292,7 @@ if (file.size > 5 * 1024 * 1024) throw Error
 **Requirement:** Sensitive data must be encrypted in database.
 
 **How to Verify:**
-- Supabase uses encryption by default
+- Verify database uses encryption at rest (most cloud providers enable by default)
 - Check for additional encryption on highly sensitive fields
 
 ### DATA-2: Encryption in Transit