Synthex

The engineering navigation layer for Synthex — holds the mission, the current course, the rules of the ship, and routes work to the right existing specialist. Load at the START of any planning, prioritisation, "what's next", roadmap, scope, or new-feature decision. NEVER let work drift off the critical path or add capabilities the ship already carries (see dependency-discipline). NEVER claim done without the verification gate. NEVER merge to production or change prod data without a human gate. ALWAYS trace a task to the NorthStar, the live Linear epic, and an existing system before writing code.

Authenticated browser automation for Synthex — drive real Chrome to log in, screenshot, and audit dashboard/integration surfaces. Use for live visual verification, "audit the dashboard", "check what's connected", or closing the verification gate on /dashboard/* routes. Two backends: the Playwright MCP server (interactive, in-session tools) and the committed CLI scripts (scripts/browser/*.mjs, reliable + headless). RUNS WHERE THE BROWSER + NETWORK + AUTH EXIST — i.e. a local machine, not a network-restricted sandbox.

Synthex API testing enforcer. NEVER mock the database in integration tests — use real Supabase. NEVER skip the 401 (unauthenticated) or 403 (wrong org) test cases. NEVER use pnpm. ALWAYS structure tests as: 401 → 403 → 400 → 200/201 happy path. Activate on ANY request to write API tests, validate endpoints, add test coverage, or check test quality.

Synthex database operations enforcer. NEVER use prisma db push for schema changes — use migrate diff + db execute. NEVER add non-nullable columns without defaults. NEVER write Prisma queries without organizationId scope. ALWAYS use backward-compatible migrations and validate with prisma validate first. Activate on ANY request to change schema, write a query, create a migration, add a model, or modify database operations.

Synthex design system enforcer. NEVER use Inter as a heading font, purple (#8B5CF6) gradients on white, or generic glassmorphism without Synthex tokens. ALWAYS use Space Grotesk headings, #f97316 brand orange, #0f172a slate background, and the Synthex glass token set. Activate on ANY request involving UI, components, styling, layout, visual design, colour, typography, spacing, shadows, animations, or anything a user will see on screen.

Synthex security posture enforcer. NEVER apply generic OWASP checklists without grounding in Synthex's specific threat model. NEVER suggest any auth system other than Supabase. ALWAYS audit: SSRF via validateExternalUrl, JWT tier elevation via resolveVerifiedTier, CORS via CORS_ORIGIN exact-match, org-scope bypass in Prisma. Activate on ANY request to harden security, audit vulnerabilities, review auth patterns, check for injection risks, or assess an attack surface.

Synthex campaign content enforcer. NEVER open posts with "Excited to announce", use "leverage", "game-changing", or "revolutionary", produce platform-agnostic copy, or generate content that scores below 80. ALWAYS write platform-distinct hooks, use specific numbers over superlatives, and enforce exactly one CTA per piece. Activate on ANY request to create a campaign, generate posts, write social content, or launch content for a product, offer, or event.

Synthex brand DNA extractor. NEVER produce surface-level brand descriptions ("professional and friendly"), generic persona archetypes ("busy professional aged 25–45"), or tone descriptions that could apply to any brand. ALWAYS extract vocabulary the brand actually uses, describe what the brand explicitly is NOT, and ground the audience in a specific outcome they are seeking. Activate on ANY request to extract brand identity, build a DNA profile, define a brand voice, analyse a website for brand signals, or create a persona profile.

Synthex campaign planning enforcer. NEVER produce generic Mon-announcement, Wed-educational, Fri-promotional calendar arcs, or fill slots with placeholder content types without brand-specific reasoning. ALWAYS derive the content arc from the brand's DNA and campaign goal, vary cadence by platform, and name the specific hook angle for every calendar slot. Activate on ANY request to plan a campaign, build a content calendar, schedule posts, or map out a 30/60/90-day content strategy.

Synthex code quality enforcer. NEVER flag Synthex conventions as bugs (Australian English, Supabase-only auth, SWR with credentials:'include', selective error boundaries). NEVER suggest Redux, Zustand, tRPC, or any pattern absent from this codebase. ALWAYS enforce: useRouter from next/navigation, no window.location.href, SWR for client data fetching, { error: string } response shape. Activate on ANY request to review code, audit a PR, check a component, or validate an implementation.

AI content generation pipeline guide for SYNTHEX. Documents the model registry, provider abstraction, BYOK key injection, content scoring, and repurposing flow. Use when working on AI-powered content features or debugging model selection issues.

HeyGen avatar-video provider reference for Synthex. Documents the real env-driven HeyGen v2 client and its ElevenLabs voice pairing. NEVER call createAvatarVideo without a consent record. NEVER hard-code HEYGEN_API_KEY (Vercel env only). NEVER silently mock a live call — no key hard-blocks unless allowMockFallback is explicitly set. ALWAYS prefer an ElevenLabs audio_url (lip-sync) over HeyGen text TTS. Activate on ANY request to generate, poll, or debug HeyGen avatar videos, or wire avatar+voice generation.

Synthex platform showcase enforcer. NEVER describe features with generic marketing language ("powerful AI", "seamless integration") or produce wall-of-bullets capability lists. ALWAYS lead with a specific client outcome, use concrete numbers, and write in Australian English. Activate on ANY request to showcase a platform, explain a feature, demonstrate capability, or create platform presentation content.

Synthex UX enforcer. NEVER produce generic bullet-list audit reports, recite WCAG rules without grounding them in Synthex's dark glassmorphic interface, or reference pnpm (this project uses npm). ALWAYS ground findings in Synthex's #0f172a dark background, Radix UI primitive semantics, and 4px spacing scale. Activate on ANY request to audit UX, review accessibility, optimise flows, check interactions, or validate usability.

Video generation pipeline guide for Synthex. Documents the 4-provider architecture (Runway, Synthesia, D-ID, Remotion), FFmpeg post-processing, media library integration, and God Mode gating.

Synthex visual content enforcer. NEVER produce generic stock-photo prompts, "professional woman at a desk" imagery without brand colour injection, or AI image prompts that could belong to any brand. ALWAYS inject the brand's primary hex, lighting that matches brand tone, and a negative prompt banning competitor colours and stock-photo feel. Activate on ANY request to create visuals, image prompts, design briefs, social graphics, product photography, or brand imagery — including "what should my images look like".

Synthex brand consistency enforcer. NEVER produce vague feedback ("sounds on-brand", "good feel", "consistent with your voice"). ALWAYS score against specific criteria: vocabulary match percentage, anti-pattern phrase count, and CTA quality. Every feedback item must be specific enough to act on immediately. Activate on ANY request to check brand consistency, audit content against brand guidelines, review voice alignment, or validate that content matches a Business DNA profile.

Autonomous per-client avatar+voice content engine (HeyGen + ElevenLabs) that turns a paying client's project activity into constant client-focused updates, published and measured per client through the Synthex dashboard. NEVER publish client-facing content without the human-approval gate. NEVER generate a HeyGen avatar without a recorded consent record. NEVER report fabricated client metrics (views/engagement) — only real or DATA_REQUIRED. ALWAYS scope per client and one-source→many-surfaces. Activate on ANY request to generate client video/voice updates, onboard a client to the studio, build the autonomous content loop, or work on the HeyGen/ElevenLabs pipeline.

Campaign and client data management via Prisma ORM. Handles CRUD operations on campaigns, posts, projects, and user preferences. Tracks analytics and API usage. Use when user says "create campaign", "list campaigns", "update post", "delete project", "client data", or "manage analytics".

Competitor gap analysis, displacement tactics, benchmarking, citation gaps, and quarterly strategy reviews for local businesses. Use when analysing competitors, planning market positioning, or building competitive advantage in local search.

Listing optimisation, review response strategy, Google Posts, local pack ranking factors, NAP consistency, and category selection for Google Business Profile. Use when optimising GBP listings, managing reviews, or improving local search visibility.

GSC data interpretation, indexing triage, coverage analysis, sitemap strategy, and diagnostic decision trees for search performance issues. Use when working with Search Console data, debugging indexing problems, or analysing search analytics trends.

Algorithm update types, diagnosis workflows, recovery strategies, and proactive hardening for Google algorithm changes. Use when diagnosing traffic drops, responding to algorithm updates, or hardening sites against future updates.

Orchestrates google-search-console, google-business-profile, competitive-local-strategy, and google-updates-sentinel skills into a unified local SEO strategy with monthly audit cadence. Use when running local SEO campaigns, onboarding new clients, or performing monthly audits.

Diagnose Synthex Vercel production build failures from the actual build logs, not guesses. Pulls the failed deployment's logs via the Vercel REST API, classifies the failure against a known-error table (OOM/exit 137, type-check, schema drift, module-not-found, function-size, timeout), and applies the proven fix. Use whenever a Vercel deploy shows "failure"/ERROR, the GitHub "Vercel – synthex" check is red, or someone says "we're still getting Vercel errors".

Turn a plain-English vision or task into a verified, build-ready spec before any code. Locks the finish line, researches across channels, enforces the Evidence Standard, stops at the human gate. Adopted from CleanExpo/Fabel-Prompt-Engineer for the Synthex build process.

Connection token-health for Synthex integrations. Diagnoses "what's connected / why is the dashboard empty" by reading live connection state from the DB (no login needed), explains the refresh/monitor crons that keep tokens alive, and gives the reconnect runbook for connections that can't self-heal. Use on ANY "is X connected", "nothing's working", "tokens expired", "GA4/GSC/LinkedIn not loading", or integration-health question.

Drives an authenticated browser session on synthex.social (or localhost) WITHOUT the flaky Chrome extension. The reliable path is a committed Playwright script (scripts/browser/dashboard-audit.mjs) that logs in with the SYNTHEX_TEST_EMAIL / SYNTHEX_TEST_PASSWORD test account and audits every integration surface. Use whenever asked to "log in", "authenticate", "audit the dashboard", "check what's connected", or before browser-verify / site-smoke-test on /dashboard/* routes.

The "no invaders" gate for Synthex. The ship already carries everything it needs. NEVER add a new npm dependency, external SaaS, framework, datastore, or auth system to solve a problem an existing system already solves — adding one is a CEO-gated decision. ALWAYS prove the capability isn't already present (grep package.json, lib/, the skills list, Vercel env) before integrating anything new. Activate on ANY request to "add a package / install / npm i / integrate X / we need a tool / use library Y / add a provider / new database".

Research → verify → score → plan → improve loop for SEO / AEO / GEO across the Unite-Group portfolio. Ingests Obsidian source data and (when supplied) YouTube channels, cross-verifies every claim against ≥4 sources, scores ranking opportunity / decay / freshness / GEO visibility with confidence-adjusted prioritisation, and produces human-gated site-improvement tickets. Never fabricates metrics. Orchestrates — does not duplicate — the existing google-search-console, google-business-profile, local-seo-agent, google-updates-sentinel, competitive-local-strategy and algorithm-knowledge-base skills.

Fix Cursor beforeShellExecution hooks on Windows when stdout is invalid JSON or empty. Use for hooks-allow.bat, validate-mounted-env-files.sh, 1Password plugin, or "blocked for safety" agent terminal errors on Synthex (Windows 11).

Orchestrates end-to-end video production for board session episodes. Accepts a script JSON path, runs the full production pipeline (script doctor → audio → visual → render → QA → publish), and records all output URLs.

Build + type-check + lint child loop for ship-loop-master. Runs `npm run type-check && npm run lint && npm run build`, records pass/fail per command into ship-loop-state.json, applies one recovery recipe on failure (from ship-loop-shared/recovery-recipes.md), retries once, escalates on second failure. Use standalone via /loop ship-loop-build for debugging or wired into the master orchestrator.

24/7 ~1.5-day autonomous shipping orchestrator for Synthex. Drives 7 child loops (build, test, sanity, watch, smoke, pr, merge) on differentiated cadences. Reads state from .claude/scratchpad/ship-loop-state.json on every tick, dispatches the next eligible child loop, and exits cleanly after 36 hours OR when state.completion === 'merged'. Use when the CEO says "/loop ship-loop-master" to start an autonomous shipping run.

Merge to main child loop. Default mode (auto_merge=false) HALTS at "ready for human review" — escalates to ship-loop-escalations.md and lets the master loop continue monitoring CI. Auto-merge mode (auto_merge=true) requires literal --enable-auto-merge flag at master-loop activation; runs `gh pr merge --squash --delete-branch` only when CI is green. Use standalone via /loop ship-loop-merge or wired into the master orchestrator.

Push + open PR child loop. Pre-conditions all five inner layers (build, test, sanity, watch, smoke) green AND staged/uncommitted local changes detected. Refuses to push from main branch. On non-fast-forward push rejection, rebases on origin and retries once. Records PR URL into ship-loop-state.json. Use standalone via /loop ship-loop-pr or wired into the master orchestrator.

Security/quality gate child loop. Runs auth ratchet test, npm audit, parallel auth-coverage script, and a secret-leak diff-scan. Updates ship-loop-state.json with per-gate state. On failure applies one recovery recipe (typically auth ratchet triage or audit fix), retries once, escalates. Use standalone via /loop ship-loop-sanity or wired into the master orchestrator.

Full system smoke child loop. Wraps scripts/overnight-smoke.mjs --iterations=1 to run the existing 4-layer rig (surface health + CSP hydration + API contract + fault injection) once per tick. Aggregates JSONL output into ship-loop-state.json. Lifts P0/P1 findings into ship-loop-escalations.md. "Until 100% green" = if any P0/P1 detected, sets state to red so master re-triggers next cycle. Use standalone via /loop ship-loop-smoke or wired into the master orchestrator.

Jest test suite child loop. Runs `npm test` (uses jest.worktree.cjs per package.json), records pass/fail counts and failing suite paths into ship-loop-state.json. Only fires if last ship-loop-build was green. Applies one recovery recipe (jest config / mock generation / worktree cleanup) on failure, retries once, escalates. Use standalone via /loop ship-loop-test or wired into the master orchestrator.

Chrome MCP browser-watch child loop. Navigates synthex.social surfaces, captures console errors / CSP violations / 4xx-5xx network requests / hydration failures. Runs on a 15-min cadence via the master orchestrator. Classifies findings using the browser-debug skill mappings, applies recipe lookups for known patterns. Use standalone via /loop ship-loop-watch for production-side debugging or wired into the master orchestrator.