Run any Skill in Manus with one click

cron-pull-template

Stars1

Forks0

UpdatedMay 29, 2026 at 11:30

Apply this skill WHEN scaffolding a new cron "pull" route that syncs external/derived data into Supabase on a schedule (Vercel cron). Encodes the Unite-Hub cron invariants: CRON_SECRET auth, FOUNDER_USER_ID actor, overlap safety, idempotent upsert, last-sync timestamp, and failure surfacing. Generic `cron-scheduler` covers scheduling; this covers the PULL handler body. P3.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

CleanExpo

CleanExpo/Unite-Hub

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Software DevelopersComputer and Mathematical Occupations·SOC 15-1252

SKILL.md

readonly

name	cron-pull-template
category	backend
version	1.0.0
priority	P3
auto_load	false
triggers	["creating a new scheduled data-sync / \"pull\" cron route","a section depends on external data but has no refresh cron","adding an entry to vercel.json crons"]
description	Apply this skill WHEN scaffolding a new cron "pull" route that syncs external/derived data into Supabase on a schedule (Vercel cron). Encodes the Unite-Hub cron invariants: CRON_SECRET auth, FOUNDER_USER_ID actor, overlap safety, idempotent upsert, last-sync timestamp, and failure surfacing. Generic `cron-scheduler` covers scheduling; this covers the PULL handler body. P3.
context	fork

Cron Pull Template

The Default Being Overridden

Left unchecked, LLMs default to:

Cron handlers with no auth (anyone can trigger them)
Non-idempotent inserts that duplicate rows on re-run
Silent failures — a broken pull looks identical to "no new data"

This skill overrides those with: authenticated, idempotent, observable pulls.

ABSOLUTE RULES (Never Violate)

NEVER ship a cron route without the CRON_SECRET Bearer guard. NEVER use a session/getUser() in a cron — there is no session; use FOUNDER_USER_ID. ALWAYS upsert idempotently (on a natural key) so a re-run cannot duplicate data. ALWAYS record a last-sync timestamp and surface failures (do not swallow).

Canonical handler shape

// src/app/api/cron/<section>-sync/route.ts
import { NextResponse } from 'next/server'
import { createServiceClient } from '@/lib/supabase/service'  // service-role, bypasses RLS

export const dynamic = 'force-dynamic'
export const maxDuration = 300  // long pulls

export async function GET(request: Request) {
  const authHeader = request.headers.get('authorization')
  if (authHeader !== `Bearer ${process.env.CRON_SECRET?.trim()}`) {
    return NextResponse.json({ error: 'Unauthorised' }, { status: 401 })
  }
  const founderId = process.env.FOUNDER_USER_ID
  if (!founderId) return NextResponse.json({ error: 'FOUNDER_USER_ID unset' }, { status: 500 })

  const supabase = createServiceClient()
  try {
    const rows = await fetchExternal()            // 1. pull
    const mapped = rows.map(r => ({ ...r, founder_id: founderId }))  // 2. scope
    const { error } = await supabase               // 3. idempotent upsert
      .from('<table>')
      .upsert(mapped, { onConflict: 'founder_id,external_id' })
    if (error) throw error
    await supabase.from('sync_log').insert({       // 4. observability
      founder_id: founderId, section: '<section>', synced: mapped.length, at: new Date().toISOString(),
    })
    return NextResponse.json({ ok: true, synced: mapped.length, source: 'live' })
  } catch (e) {
    await supabase.from('sync_log').insert({
      founder_id: founderId, section: '<section>', error: String(e), at: new Date().toISOString(),
    })
    return NextResponse.json({ ok: false, error: String(e) }, { status: 502 })  // fail loud
  }
}

Register in vercel.json

{ "path": "/api/cron/<section>-sync", "schedule": "0 17 * * *" }

Stagger schedules so pulls don't all fire at once (existing strategy-daily crons are offset by 5 min).

Done-gate

CRON_SECRET guard + FOUNDER_USER_ID + maxDuration
idempotent upsert on a natural key (no dupes on re-run)
sync_log row on success AND failure
returns source: 'live' (never silent mock)
entry added to vercel.json with a staggered schedule

More from this repository

same repository

unite-supabase-journey-guard

CleanExpo/Unite-Hub

Apply this skill for Unite-Hub Supabase migrations, PostgREST/Data API visibility, founder-scoped Playwright journeys, or errors such as PGRST205, access=denied, stale Supabase linked refs, or migration history drift. Prevents repeating the SQL/cache/auth loop by enforcing the exact verification sequence for core journeys.

2026-06-171

northstar-navigator

CleanExpo/Unite-Hub

The compass for Unite-Hub's road to /shipit. Defines the single NorthStar (a real, comprehensive, working founder CRM in production, every section GREEN), the binding definition of GREEN, and the No-Invaders Manifest that keeps the build honest and surgical. Consult BEFORE deciding what to build/skip/finish — it resolves "200 ≠ real" temptations and scope-creep pressure. P1, auto-loaded.

2026-05-291

mock-vs-real-detector

CleanExpo/Unite-Hub

Apply this skill WHEN verifying that a route, page, or integration serves REAL data and not silent mock/placeholder data. Detects the "false-green" failure mode: an endpoint returns 200 (or a page renders) while the underlying data is fabricated because a provider is unconnected. Trigger WHENEVER classifying a section's readiness, reviewing integration wrappers, or before marking anything GREEN. P2 — load on audit/verify tasks.

2026-05-291

context-partitioning

CleanExpo/Unite-Hub

Manifest-first context isolation — each subagent receives only its scope, never the full codebase

2026-03-261

council-of-logic

CleanExpo/Unite-Hub

Apply this skill for ANY decision with non-obvious tradeoffs: architectural choices, debugging without a clear root cause, performance strategies, security decisions, feature design with competing constraints, refactoring scope decisions. Forces multi-perspective analysis before committing to a solution. P1 auto-load — always active on complex reasoning tasks.

2026-03-261

execution-guardian

CleanExpo/Unite-Hub

Apply this skill before executing ANY irreversible action: bash commands that delete, reset, or overwrite; database migrations; git destructive operations (push --force, reset --hard, branch -D); environment variable changes; deployment triggers. Apply before proposing solutions when requirements are ambiguous. Blocks unsafe execution defaults. P1 auto-load — always active.

2026-03-261

name	cron-pull-template
category	backend
version	1.0.0
priority	P3
auto_load	false
triggers	["creating a new scheduled data-sync / \"pull\" cron route","a section depends on external data but has no refresh cron","adding an entry to vercel.json crons"]
description	Apply this skill WHEN scaffolding a new cron "pull" route that syncs external/derived data into Supabase on a schedule (Vercel cron). Encodes the Unite-Hub cron invariants: CRON_SECRET auth, FOUNDER_USER_ID actor, overlap safety, idempotent upsert, last-sync timestamp, and failure surfacing. Generic `cron-scheduler` covers scheduling; this covers the PULL handler body. P3.
context	fork

Cron Pull Template

The Default Being Overridden

Left unchecked, LLMs default to:

Cron handlers with no auth (anyone can trigger them)
Non-idempotent inserts that duplicate rows on re-run
Silent failures — a broken pull looks identical to "no new data"

This skill overrides those with: authenticated, idempotent, observable pulls.

ABSOLUTE RULES (Never Violate)

Canonical handler shape

// src/app/api/cron/<section>-sync/route.ts
import { NextResponse } from 'next/server'
import { createServiceClient } from '@/lib/supabase/service'  // service-role, bypasses RLS

export const dynamic = 'force-dynamic'
export const maxDuration = 300  // long pulls

export async function GET(request: Request) {
  const authHeader = request.headers.get('authorization')
  if (authHeader !== `Bearer ${process.env.CRON_SECRET?.trim()}`) {
    return NextResponse.json({ error: 'Unauthorised' }, { status: 401 })
  }
  const founderId = process.env.FOUNDER_USER_ID
  if (!founderId) return NextResponse.json({ error: 'FOUNDER_USER_ID unset' }, { status: 500 })

  const supabase = createServiceClient()
  try {
    const rows = await fetchExternal()            // 1. pull
    const mapped = rows.map(r => ({ ...r, founder_id: founderId }))  // 2. scope
    const { error } = await supabase               // 3. idempotent upsert
      .from('<table>')
      .upsert(mapped, { onConflict: 'founder_id,external_id' })
    if (error) throw error
    await supabase.from('sync_log').insert({       // 4. observability
      founder_id: founderId, section: '<section>', synced: mapped.length, at: new Date().toISOString(),
    })
    return NextResponse.json({ ok: true, synced: mapped.length, source: 'live' })
  } catch (e) {
    await supabase.from('sync_log').insert({
      founder_id: founderId, section: '<section>', error: String(e), at: new Date().toISOString(),
    })
    return NextResponse.json({ ok: false, error: String(e) }, { status: 502 })  // fail loud
  }
}

Register in vercel.json

{ "path": "/api/cron/<section>-sync", "schedule": "0 17 * * *" }

Stagger schedules so pulls don't all fire at once (existing strategy-daily crons are offset by 5 min).

Done-gate

CRON_SECRET guard + FOUNDER_USER_ID + maxDuration
idempotent upsert on a natural key (no dupes on re-run)
sync_log row on success AND failure
returns source: 'live' (never silent mock)
entry added to vercel.json with a staggered schedule