npm - superkit-mcp-server - Versions diffs - 1.2.4 → 1.2.5 - Mend

superkit-mcp-server 1.2.4 → 1.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/ARCHITECTURE.md +102 -102
package/README.md +71 -71
package/SUPERKIT.md +168 -168
package/agents/code-archaeologist.md +106 -106
package/agents/coder.md +90 -90
package/agents/data-engineer.md +28 -28
package/agents/devops-engineer.md +242 -242
package/agents/git-manager.md +203 -203
package/agents/orchestrator.md +420 -420
package/agents/penetration-tester.md +188 -188
package/agents/performance-optimizer.md +187 -187
package/agents/planner.md +270 -270
package/agents/qa-automation-engineer.md +103 -103
package/agents/quant-developer.md +32 -32
package/agents/reviewer.md +100 -100
package/agents/scout.md +222 -222
package/agents/tester.md +274 -274
package/agents/ui-designer.md +208 -208
package/build/index.js +88 -45
package/build/tools/todoTools.js +39 -39
package/build/tools/validators/__tests__/apiSchema.test.js +23 -23
package/build/tools/validators/__tests__/convertRules.test.js +5 -5
package/build/tools/validators/__tests__/frontendDesign.test.js +12 -12
package/build/tools/validators/__tests__/geoChecker.test.js +19 -19
package/build/tools/validators/__tests__/mobileAudit.test.js +12 -12
package/build/tools/validators/__tests__/reactPerformanceChecker.test.js +17 -17
package/build/tools/validators/__tests__/securityScan.test.js +6 -6
package/build/tools/validators/__tests__/seoChecker.test.js +16 -16
package/build/tools/validators/__tests__/typeCoverage.test.js +14 -14
package/commands/README.md +122 -122
package/commands/ask.toml +72 -72
package/commands/brainstorm.toml +119 -119
package/commands/chat.toml +77 -77
package/commands/code-preview.toml +37 -37
package/commands/code.toml +28 -28
package/commands/content.toml +200 -200
package/commands/cook.toml +77 -77
package/commands/copywrite.toml +131 -131
package/commands/db.toml +192 -192
package/commands/debug.toml +166 -166
package/commands/design.toml +158 -158
package/commands/dev-rules.toml +14 -14
package/commands/do.toml +117 -117
package/commands/doc-rules.toml +14 -14
package/commands/docs.toml +148 -148
package/commands/fix.toml +440 -440
package/commands/fullstack.toml +175 -175
package/commands/git.toml +235 -235
package/commands/help.toml +84 -84
package/commands/integrate.toml +127 -127
package/commands/journal.toml +136 -136
package/commands/kit-setup.toml +40 -40
package/commands/mcp.toml +183 -183
package/commands/orchestration.toml +15 -15
package/commands/plan.toml +206 -172
package/commands/pm.toml +148 -148
package/commands/pr.toml +50 -50
package/commands/project.toml +32 -32
package/commands/research.toml +117 -117
package/commands/review-pr.toml +63 -63
package/commands/review.toml +190 -190
package/commands/scout-ext.toml +97 -97
package/commands/scout.toml +79 -79
package/commands/screenshot.toml +65 -65
package/commands/session.toml +102 -102
package/commands/skill.toml +384 -384
package/commands/status.toml +22 -22
package/commands/team.toml +56 -56
package/commands/test.toml +164 -164
package/commands/ticket.toml +70 -70
package/commands/use.toml +106 -106
package/commands/video.toml +83 -83
package/commands/watzup.toml +71 -71
package/commands/workflow.toml +14 -14
package/package.json +35 -35
package/skills/meta/README.md +30 -30
package/skills/meta/api-design/SKILL.md +134 -134
package/skills/meta/code-review/SKILL.md +44 -44
package/skills/meta/code-review/checklists/pre-merge.md +25 -25
package/skills/meta/code-review/workflows/architecture-pass.md +26 -26
package/skills/meta/code-review/workflows/performance-pass.md +27 -27
package/skills/meta/code-review/workflows/security-pass.md +29 -29
package/skills/meta/compound-docs/SKILL.md +133 -133
package/skills/meta/debug/SKILL.md +40 -40
package/skills/meta/debug/templates/bug-report.template.md +31 -31
package/skills/meta/debug/workflows/reproduce-issue.md +20 -20
package/skills/meta/docker/SKILL.md +126 -126
package/skills/meta/examples/supabase/SKILL.md +46 -46
package/skills/meta/examples/supabase/references/best-practices.md +319 -319
package/skills/meta/examples/supabase/references/common-patterns.md +373 -373
package/skills/meta/examples/supabase/templates/migration-template.sql +49 -49
package/skills/meta/examples/supabase/templates/rls-policy-template.sql +77 -77
package/skills/meta/examples/supabase/workflows/debugging.md +260 -260
package/skills/meta/examples/supabase/workflows/migration-workflow.md +211 -211
package/skills/meta/examples/supabase/workflows/rls-policies.md +244 -244
package/skills/meta/examples/supabase/workflows/schema-design.md +321 -321
package/skills/meta/file-todos/SKILL.md +88 -88
package/skills/meta/mobile/SKILL.md +140 -140
package/skills/meta/nextjs/SKILL.md +101 -101
package/skills/meta/performance/SKILL.md +130 -130
package/skills/meta/react-patterns/SKILL.md +83 -83
package/skills/meta/security/SKILL.md +114 -114
package/skills/meta/session-resume/SKILL.md +96 -96
package/skills/meta/tailwind/SKILL.md +139 -139
package/skills/meta/testing/SKILL.md +43 -43
package/skills/meta/testing/references/vitest-patterns.md +45 -45
package/skills/meta/testing/templates/component-test.template.tsx +37 -37
package/skills/tech/alpha-vantage/SKILL.md +142 -142
package/skills/tech/alpha-vantage/references/commodities.md +153 -153
package/skills/tech/alpha-vantage/references/economic-indicators.md +158 -158
package/skills/tech/alpha-vantage/references/forex-crypto.md +154 -154
package/skills/tech/alpha-vantage/references/fundamentals.md +223 -223
package/skills/tech/alpha-vantage/references/intelligence.md +138 -138
package/skills/tech/alpha-vantage/references/options.md +93 -93
package/skills/tech/alpha-vantage/references/technical-indicators.md +374 -374
package/skills/tech/alpha-vantage/references/time-series.md +157 -157
package/skills/tech/financial-modeling/SKILL.md +18 -18
package/skills/tech/financial-modeling/skills/3-statements/SKILL.md +368 -368
package/skills/tech/financial-modeling/skills/3-statements/references/formatting.md +118 -118
package/skills/tech/financial-modeling/skills/3-statements/references/formulas.md +292 -292
package/skills/tech/financial-modeling/skills/3-statements/references/sec-filings.md +125 -125
package/skills/tech/financial-modeling/skills/dcf-model/SKILL.md +1210 -1210
package/skills/tech/financial-modeling/skills/dcf-model/TROUBLESHOOTING.md +40 -40
package/skills/tech/financial-modeling/skills/dcf-model/requirements.txt +8 -8
package/skills/tech/financial-modeling/skills/dcf-model/scripts/validate_dcf.py +292 -292
package/skills/tech/financial-modeling/skills/lbo-model/SKILL.md +236 -236
package/skills/tech/financial-modeling/skills/merger-model/SKILL.md +108 -108
package/skills/workflows/README.md +203 -203
package/skills/workflows/adr.md +174 -174
package/skills/workflows/changelog.md +74 -74
package/skills/workflows/compound.md +323 -323
package/skills/workflows/compound_health.md +74 -74
package/skills/workflows/create-agent-skill.md +138 -138
package/skills/workflows/cycle.md +144 -144
package/skills/workflows/deploy-docs.md +84 -84
package/skills/workflows/development-rules.md +42 -42
package/skills/workflows/doc.md +95 -95
package/skills/workflows/documentation-management.md +34 -34
package/skills/workflows/explore.md +146 -146
package/skills/workflows/generate_command.md +106 -106
package/skills/workflows/heal-skill.md +97 -97
package/skills/workflows/housekeeping.md +229 -229
package/skills/workflows/kit-setup.md +102 -102
package/skills/workflows/map-codebase.md +78 -78
package/skills/workflows/orchestration-protocol.md +43 -43
package/skills/workflows/plan-compound.md +439 -439
package/skills/workflows/plan_review.md +269 -269
package/skills/workflows/primary-workflow.md +37 -37
package/skills/workflows/promote_pattern.md +86 -86
package/skills/workflows/release-docs.md +82 -82
package/skills/workflows/report-bug.md +135 -135
package/skills/workflows/reproduce-bug.md +118 -118
package/skills/workflows/resolve_pr.md +133 -133
package/skills/workflows/resolve_todo.md +128 -128
package/skills/workflows/review-compound.md +376 -376
package/skills/workflows/skill-review.md +127 -127
package/skills/workflows/specs.md +257 -257
package/skills/workflows/triage-sprint.md +102 -102
package/skills/workflows/triage.md +152 -152
package/skills/workflows/work.md +399 -399
package/skills/workflows/xcode-test.md +93 -93

package/skills/meta/examples/supabase/workflows/rls-policies.md CHANGED Viewed

@@ -1,244 +1,244 @@
-# Row Level Security (RLS) Policy Design
-Systematic approach to designing and implementing secure RLS policies in Supabase.
-## When To Use
-- Creating new tables with sensitive data
-- Implementing multi-tenancy
-- Setting up role-based access control
-- Reviewing security requirements
----
-## Prerequisites
-- [ ] Understand data access requirements
-- [ ] Know user roles and permissions
-- [ ] Have auth.uid() available (Supabase auth enabled)
----
-## Workflow
-### Step 1: Define Access Requirements
-**Questions to answer:**
-1. **Who can READ this data?**
-   - Own data only?
-   - All users in same fund?
-   - Fund managers only?
-   - Public data?
-2. **Who can WRITE (INSERT/UPDATE/DELETE)?**
-   - Owner only?
-   - Fund managers?
-   - System/service role only?
-3. **What's the ownership model?**
-   - User-owned (profiles, preferences)
-   - Fund-owned (investments, transactions)
-   - Shared (multi-tenancy)
----
-### Step 2: Enable RLS on Table
-```sql
--- Always enable RLS first
-ALTER TABLE schema.table ENABLE ROW LEVEL SECURITY;
-```
-> **Critical:** Without RLS enabled, data is publicly accessible!
----
-### Step 3: Implement Policies
-**Choose the appropriate pattern:**
-#### Pattern A: User Owns Data
-```sql
--- Policy: Users can view own data
-CREATE POLICY "Users can view own data"
-ON schema.table
-FOR SELECT
-TO authenticated
-USING (user_id = auth.uid());
--- Policy: Users can update own data
-CREATE POLICY "Users can update own data"
-ON schema.table
-FOR UPDATE
-TO authenticated
-USING (user_id = auth.uid())
-WITH CHECK (user_id = auth.uid());
-```
-#### Pattern B: Role-Based Access
-```sql
--- Policy: Fund Managers can view all
-CREATE POLICY "Fund Managers can view all"
-ON schema.table
-FOR SELECT
-TO authenticated
-USING (
-    EXISTS (
-        SELECT 1 FROM public.profiles
-        WHERE profiles.id = auth.uid()
-        AND profiles.role = 'fund_manager'
-    )
-);
-```
-#### Pattern C: Fund-Scoped Multi-Tenancy
-```sql
--- Policy: Users see data from their funds only
-CREATE POLICY "Users see own fund data"
-ON schema.table
-FOR SELECT
-TO authenticated
-USING (
-    fund_id IN (
-        SELECT fund_id FROM user_fund_access
-        WHERE user_id = auth.uid()
-    )
-);
-```
-#### Pattern D: Insert with Service Role
-```sql
--- Policy: Service role can insert (for automated processes)
-CREATE POLICY "Service role can insert"
-ON schema.table
-FOR INSERT
-TO authenticated
-WITH CHECK (true);
-```
----
-### Step 4: Test Policies
-**Test matrix:**
-| User Type | Can Read? | Can Write? | Expected Result |
-|-----------|-----------|------------|-----------------|
-| Owner | ✓ | ✓ | See own data only |
-| Fund Manager | ✓ | ✓ | See all fund data |
-| Other User | ✗ | ✗ | No access |
-| Anonymous | ✗ | ✗ | No access |
-**Testing approach:**
-1. Create test users with different roles
-2. Attempt access with each role
-3. Verify policies enforce expected behavior
-```sql
--- Test as specific user
-SET LOCAL role authenticated;
-SET LOCAL request.jwt.claims.sub = '{user_id}';
--- Run query
-SELECT * FROM schema.table;
--- Reset
-RESET role;
-```
----
-### Step 5: Document Policies
-**Add policy documentation:**
-```sql
-COMMENT ON POLICY "Policy name" ON schema.table IS
-'Description of who can access and why';
-```
----
-## Security Checklist
-Before deploying RLS policies:
-- [ ] RLS enabled on all sensitive tables?
-- [ ] Policies cover all operations (SELECT, INSERT, UPDATE, DELETE)?
-- [ ] Tested with different user roles?
-- [ ] No `WITH CHECK (true)` without justification?
-- [ ] Service roles explicitly documented?
-- [ ] Policies reference `auth.uid()` correctly?
-- [ ] Multi-tenancy enforced at data level?
----
-## Common Pitfalls
-### ❌ WRONG: Missing WITH CHECK
-```sql
--- Allows users to UPDATE to claim data they don't own
-CREATE POLICY "Users update own data"
-ON schema.table
-FOR UPDATE
-TO authenticated
-USING (user_id = auth.uid());
--- Missing: WITH CHECK (user_id = auth.uid())
-```
-### ✅ CORRECT: Enforce ownership on write
-```sql
-CREATE POLICY "Users update own data"
-ON schema.table
-FOR UPDATE
-TO authenticated
-USING (user_id = auth.uid())
-WITH CHECK (user_id = auth.uid());
-```
-### ❌ WRONG: Exposed service operations
-```sql
--- Too permissive - allows anyone to insert
-CREATE POLICY "Allow insert"
-ON schema.table
-FOR INSERT
-TO authenticated
-WITH CHECK (true);
-```
-### ✅ CORRECT: Document and limit
-```sql
--- Only specific operations should allow unrestricted insert
-CREATE POLICY "Service role can insert for registration"
-ON public.profiles
-FOR INSERT
-TO authenticated
-WITH CHECK (true);
--- Document: Required for user registration flow
-```
----
-## Reference
-**Existing RLS examples:**
-- `backend/migrations/20251203_create_profiles_and_app_role.sql`
-- `backend/migrations/20251129_multi_fund_architecture.sql`
-**Supabase client:**
-- Client enforces RLS: `lib/supabaseClient.ts` (uses anon key)
-- Service role bypasses RLS: Only for admin operations
-**See also:**
-- `workflows/migration-workflow.md` for creating migrations with RLS
-- `references/best-practices.md` for security guidelines
+# Row Level Security (RLS) Policy Design
+Systematic approach to designing and implementing secure RLS policies in Supabase.
+## When To Use
+- Creating new tables with sensitive data
+- Implementing multi-tenancy
+- Setting up role-based access control
+- Reviewing security requirements
+---
+## Prerequisites
+- [ ] Understand data access requirements
+- [ ] Know user roles and permissions
+- [ ] Have auth.uid() available (Supabase auth enabled)
+---
+## Workflow
+### Step 1: Define Access Requirements
+**Questions to answer:**
+1. **Who can READ this data?**
+   - Own data only?
+   - All users in same fund?
+   - Fund managers only?
+   - Public data?
+2. **Who can WRITE (INSERT/UPDATE/DELETE)?**
+   - Owner only?
+   - Fund managers?
+   - System/service role only?
+3. **What's the ownership model?**
+   - User-owned (profiles, preferences)
+   - Fund-owned (investments, transactions)
+   - Shared (multi-tenancy)
+---
+### Step 2: Enable RLS on Table
+```sql
+-- Always enable RLS first
+ALTER TABLE schema.table ENABLE ROW LEVEL SECURITY;
+```
+> **Critical:** Without RLS enabled, data is publicly accessible!
+---
+### Step 3: Implement Policies
+**Choose the appropriate pattern:**
+#### Pattern A: User Owns Data
+```sql
+-- Policy: Users can view own data
+CREATE POLICY "Users can view own data"
+ON schema.table
+FOR SELECT
+TO authenticated
+USING (user_id = auth.uid());
+-- Policy: Users can update own data
+CREATE POLICY "Users can update own data"
+ON schema.table
+FOR UPDATE
+TO authenticated
+USING (user_id = auth.uid())
+WITH CHECK (user_id = auth.uid());
+```
+#### Pattern B: Role-Based Access
+```sql
+-- Policy: Fund Managers can view all
+CREATE POLICY "Fund Managers can view all"
+ON schema.table
+FOR SELECT
+TO authenticated
+USING (
+    EXISTS (
+        SELECT 1 FROM public.profiles
+        WHERE profiles.id = auth.uid()
+        AND profiles.role = 'fund_manager'
+    )
+);
+```
+#### Pattern C: Fund-Scoped Multi-Tenancy
+```sql
+-- Policy: Users see data from their funds only
+CREATE POLICY "Users see own fund data"
+ON schema.table
+FOR SELECT
+TO authenticated
+USING (
+    fund_id IN (
+        SELECT fund_id FROM user_fund_access
+        WHERE user_id = auth.uid()
+    )
+);
+```
+#### Pattern D: Insert with Service Role
+```sql
+-- Policy: Service role can insert (for automated processes)
+CREATE POLICY "Service role can insert"
+ON schema.table
+FOR INSERT
+TO authenticated
+WITH CHECK (true);
+```
+---
+### Step 4: Test Policies
+**Test matrix:**
+| User Type | Can Read? | Can Write? | Expected Result |
+|-----------|-----------|------------|-----------------|
+| Owner | ✓ | ✓ | See own data only |
+| Fund Manager | ✓ | ✓ | See all fund data |
+| Other User | ✗ | ✗ | No access |
+| Anonymous | ✗ | ✗ | No access |
+**Testing approach:**
+1. Create test users with different roles
+2. Attempt access with each role
+3. Verify policies enforce expected behavior
+```sql
+-- Test as specific user
+SET LOCAL role authenticated;
+SET LOCAL request.jwt.claims.sub = '{user_id}';
+-- Run query
+SELECT * FROM schema.table;
+-- Reset
+RESET role;
+```
+---
+### Step 5: Document Policies
+**Add policy documentation:**
+```sql
+COMMENT ON POLICY "Policy name" ON schema.table IS
+'Description of who can access and why';
+```
+---
+## Security Checklist
+Before deploying RLS policies:
+- [ ] RLS enabled on all sensitive tables?
+- [ ] Policies cover all operations (SELECT, INSERT, UPDATE, DELETE)?
+- [ ] Tested with different user roles?
+- [ ] No `WITH CHECK (true)` without justification?
+- [ ] Service roles explicitly documented?
+- [ ] Policies reference `auth.uid()` correctly?
+- [ ] Multi-tenancy enforced at data level?
+---
+## Common Pitfalls
+### ❌ WRONG: Missing WITH CHECK
+```sql
+-- Allows users to UPDATE to claim data they don't own
+CREATE POLICY "Users update own data"
+ON schema.table
+FOR UPDATE
+TO authenticated
+USING (user_id = auth.uid());
+-- Missing: WITH CHECK (user_id = auth.uid())
+```
+### ✅ CORRECT: Enforce ownership on write
+```sql
+CREATE POLICY "Users update own data"
+ON schema.table
+FOR UPDATE
+TO authenticated
+USING (user_id = auth.uid())
+WITH CHECK (user_id = auth.uid());
+```
+### ❌ WRONG: Exposed service operations
+```sql
+-- Too permissive - allows anyone to insert
+CREATE POLICY "Allow insert"
+ON schema.table
+FOR INSERT
+TO authenticated
+WITH CHECK (true);
+```
+### ✅ CORRECT: Document and limit
+```sql
+-- Only specific operations should allow unrestricted insert
+CREATE POLICY "Service role can insert for registration"
+ON public.profiles
+FOR INSERT
+TO authenticated
+WITH CHECK (true);
+-- Document: Required for user registration flow
+```
+---
+## Reference
+**Existing RLS examples:**
+- `backend/migrations/20251203_create_profiles_and_app_role.sql`
+- `backend/migrations/20251129_multi_fund_architecture.sql`
+**Supabase client:**
+- Client enforces RLS: `lib/supabaseClient.ts` (uses anon key)
+- Service role bypasses RLS: Only for admin operations
+**See also:**
+- `workflows/migration-workflow.md` for creating migrations with RLS
+- `references/best-practices.md` for security guidelines