القائمة
">"
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Apply this skill for Unite-Hub Supabase migrations, PostgREST/Data API visibility, founder-scoped Playwright journeys, or errors such as PGRST205, access=denied, stale Supabase linked refs, or migration history drift. Prevents repeating the SQL/cache/auth loop by enforcing the exact verification sequence for core journeys.
The compass for Unite-Hub's road to /shipit. Defines the single NorthStar (a real, comprehensive, working founder CRM in production, every section GREEN), the binding definition of GREEN, and the No-Invaders Manifest that keeps the build honest and surgical. Consult BEFORE deciding what to build/skip/finish — it resolves "200 ≠ real" temptations and scope-creep pressure. P1, auto-loaded.
Apply this skill WHEN scaffolding a new cron "pull" route that syncs external/derived data into Supabase on a schedule (Vercel cron). Encodes the Unite-Hub cron invariants: CRON_SECRET auth, FOUNDER_USER_ID actor, overlap safety, idempotent upsert, last-sync timestamp, and failure surfacing. Generic `cron-scheduler` covers scheduling; this covers the PULL handler body. P3.
Apply this skill WHEN verifying that a route, page, or integration serves REAL data and not silent mock/placeholder data. Detects the "false-green" failure mode: an endpoint returns 200 (or a page renders) while the underlying data is fabricated because a provider is unconnected. Trigger WHENEVER classifying a section's readiness, reviewing integration wrappers, or before marking anything GREEN. P2 — load on audit/verify tasks.
Manifest-first context isolation — each subagent receives only its scope, never the full codebase
Apply this skill for ANY decision with non-obvious tradeoffs: architectural choices, debugging without a clear root cause, performance strategies, security decisions, feature design with competing constraints, refactoring scope decisions. Forces multi-perspective analysis before committing to a solution. P1 auto-load — always active on complex reasoning tasks.
| id | definition-of-done-builder |
| name | definition-of-done-builder |
| type | Capability Uplift |
| version | 1.0.0 |
| created | 20/03/2026 |
| modified | 20/03/2026 |
| status | active |
| triggers | ["what does done mean","define done","what needs to be true","when is it finished","what are the success criteria","build a definition of done","what criteria","acceptance criteria"] |
| description | > |
Purpose: Transform vague outcome language into measurable, verifiable DoD criteria. Every criterion must be binary: either PROVEN or not. No "mostly done."
Use this skill when:
Do NOT use this skill for:
Map the goal to one or more of these production categories:
| Category | Scope |
|---|---|
| Frontend | Pages, components, auth flows, responsiveness, visual quality |
| Backend | API endpoints, health checks, auth middleware, error handling |
| Data / Security | Database, migrations, backups, CORS, rate limiting, JWT |
| Payments | Provider mode, webhooks, test transactions, refund flow |
| Integrations | Third-party APIs, email, webhooks |
| Deployment | CI/CD, SSL, DNS, rollback |
| Business | Support, legal, analytics, monitoring |
| Visual | Design system compliance, screenshot proof |
For each relevant category, write criteria as binary statements:
Format: □ [Verb] [measurable condition] — Proof: [exact artifact]
Examples (good):
□ Production URL responds with HTTP 200 — Proof: curl -I output□ Test suite passes with 0 failures — Proof: pytest/vitest output□ No rounded-lg classes in component — Proof: grep search outputExamples (bad — rejected):
□ The UI looks nice (not measurable)□ Tests are passing (no proof specified)□ It works (not binary)For each criterion, assign status based on current evidence:
| Status | Meaning | Required |
|---|---|---|
PROVEN | Evidence exists and has been verified | Proof artifact on file |
UNKNOWN | Not yet verified — could be true or false | Must verify before claiming done |
MISSING | Confirmed absent or broken | Must fix before claiming done |
For every UNKNOWN item, specify:
UNKNOWN — requires: [exact command or action to verify]
Example:
UNKNOWN — requires: curl -I https://production-url.com
UNKNOWN — requires: Run pnpm test and capture full output
UNKNOWN — requires: Screenshot of production login flow
DEFINITION OF DONE
═══════════════════════════════════════════════════
Goal: [restated goal]
Scope: [categories included]
FRONTEND
─────────
□ [criterion] — PROVEN | Proof: [artifact]
□ [criterion] — UNKNOWN | requires: [action]
□ [criterion] — MISSING | Fix: [remediation]
BACKEND
─────────
□ [criterion] — PROVEN | Proof: [artifact]
...
[CONTINUE FOR EACH RELEVANT CATEGORY]
SUMMARY
─────────
PROVEN: [N] criteria
UNKNOWN: [N] criteria — must verify
MISSING: [N] criteria — must fix
GATE: ALL criteria must be PROVEN before completion can be claimed.
═══════════════════════════════════════════════════
Before outputting the DoD:
pnpm test and capture output")| Failure | Recovery |
|---|---|
| Goal is too vague to categorise | Ask: "What does success look like for a user?" |
| Criteria are subjective | Rewrite as binary observable outcomes |
| Proof artifact is vague | Specify exact command, file path, or screenshot requirement |
| Too many criteria (> 30) | Split into Phase 1 (critical) and Phase 2 (nice-to-have) |
Input: "The auth flow is done"
Output:
DEFINITION OF DONE
═══════════════════════════════════════════════════
Goal: Authentication flow complete
Scope: Frontend, Backend, Security
FRONTEND
─────────
□ Login page renders without console errors — UNKNOWN | requires: Browser screenshot + console log
□ Login form submits and redirects to dashboard — UNKNOWN | requires: Playwright test run
□ Logout clears JWT cookie and redirects to login — UNKNOWN | requires: Browser network tab screenshot
BACKEND
─────────
□ POST /api/auth/login returns 200 with JWT — UNKNOWN | requires: curl -X POST output
□ Invalid credentials return 401 — UNKNOWN | requires: curl with wrong password output
□ Protected routes reject requests without JWT — UNKNOWN | requires: curl without Authorization header output
SECURITY
─────────
□ JWT secret is not the default value — UNKNOWN | requires: Check JWT_SECRET_KEY env var
□ Token expiry is set to <= 60 minutes — UNKNOWN | requires: Check JWT_EXPIRE_MINUTES env var
□ Rate limiting active on /api/auth/login — UNKNOWN | requires: 10 rapid requests + response log
SUMMARY
─────────
PROVEN: 0 criteria
UNKNOWN: 9 criteria — must verify
MISSING: 0 criteria
GATE: ALL criteria must be PROVEN before auth flow can be claimed complete.
═══════════════════════════════════════════════════
Input: "Is auth done?" Output: "The auth looks complete, tests are passing."
Reason rejected: No criteria listed, no proof artifacts, vague summary.