Menu
">"
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Basé sur la classification professionnelle SOC
Apply this skill for Unite-Hub Supabase migrations, PostgREST/Data API visibility, founder-scoped Playwright journeys, or errors such as PGRST205, access=denied, stale Supabase linked refs, or migration history drift. Prevents repeating the SQL/cache/auth loop by enforcing the exact verification sequence for core journeys.
The compass for Unite-Hub's road to /shipit. Defines the single NorthStar (a real, comprehensive, working founder CRM in production, every section GREEN), the binding definition of GREEN, and the No-Invaders Manifest that keeps the build honest and surgical. Consult BEFORE deciding what to build/skip/finish — it resolves "200 ≠ real" temptations and scope-creep pressure. P1, auto-loaded.
Apply this skill WHEN scaffolding a new cron "pull" route that syncs external/derived data into Supabase on a schedule (Vercel cron). Encodes the Unite-Hub cron invariants: CRON_SECRET auth, FOUNDER_USER_ID actor, overlap safety, idempotent upsert, last-sync timestamp, and failure surfacing. Generic `cron-scheduler` covers scheduling; this covers the PULL handler body. P3.
Apply this skill WHEN verifying that a route, page, or integration serves REAL data and not silent mock/placeholder data. Detects the "false-green" failure mode: an endpoint returns 200 (or a page renders) while the underlying data is fabricated because a provider is unconnected. Trigger WHENEVER classifying a section's readiness, reviewing integration wrappers, or before marking anything GREEN. P2 — load on audit/verify tasks.
Manifest-first context isolation — each subagent receives only its scope, never the full codebase
Apply this skill for ANY decision with non-obvious tradeoffs: architectural choices, debugging without a clear root cause, performance strategies, security decisions, feature design with competing constraints, refactoring scope decisions. Forces multi-perspective analysis before committing to a solution. P1 auto-load — always active on complex reasoning tasks.
| id | definition-of-done-builder |
| name | definition-of-done-builder |
| type | Capability Uplift |
| version | 1.0.0 |
| created | 20/03/2026 |
| modified | 20/03/2026 |
| status | active |
| triggers | ["what does done mean","define done","what needs to be true","when is it finished","what are the success criteria","build a definition of done","what criteria","acceptance criteria"] |
| description | > |
Purpose: Transform vague outcome language into measurable, verifiable DoD criteria. Every criterion must be binary: either PROVEN or not. No "mostly done."
Use this skill when:
Do NOT use this skill for:
Map the goal to one or more of these production categories:
| Category | Scope |
|---|---|
| Frontend | Pages, components, auth flows, responsiveness, visual quality |
| Backend | API endpoints, health checks, auth middleware, error handling |
| Data / Security | Database, migrations, backups, CORS, rate limiting, JWT |
| Payments | Provider mode, webhooks, test transactions, refund flow |
| Integrations | Third-party APIs, email, webhooks |
| Deployment | CI/CD, SSL, DNS, rollback |
| Business | Support, legal, analytics, monitoring |
| Visual | Design system compliance, screenshot proof |
For each relevant category, write criteria as binary statements:
Format: □ [Verb] [measurable condition] — Proof: [exact artifact]
Examples (good):
□ Production URL responds with HTTP 200 — Proof: curl -I output□ Test suite passes with 0 failures — Proof: pytest/vitest output□ No rounded-lg classes in component — Proof: grep search outputExamples (bad — rejected):
□ The UI looks nice (not measurable)□ Tests are passing (no proof specified)□ It works (not binary)For each criterion, assign status based on current evidence:
| Status | Meaning | Required |
|---|---|---|
PROVEN | Evidence exists and has been verified | Proof artifact on file |
UNKNOWN | Not yet verified — could be true or false | Must verify before claiming done |
MISSING | Confirmed absent or broken | Must fix before claiming done |
For every UNKNOWN item, specify:
UNKNOWN — requires: [exact command or action to verify]
Example:
UNKNOWN — requires: curl -I https://production-url.com
UNKNOWN — requires: Run pnpm test and capture full output
UNKNOWN — requires: Screenshot of production login flow
DEFINITION OF DONE
═══════════════════════════════════════════════════
Goal: [restated goal]
Scope: [categories included]
FRONTEND
─────────
□ [criterion] — PROVEN | Proof: [artifact]
□ [criterion] — UNKNOWN | requires: [action]
□ [criterion] — MISSING | Fix: [remediation]
BACKEND
─────────
□ [criterion] — PROVEN | Proof: [artifact]
...
[CONTINUE FOR EACH RELEVANT CATEGORY]
SUMMARY
─────────
PROVEN: [N] criteria
UNKNOWN: [N] criteria — must verify
MISSING: [N] criteria — must fix
GATE: ALL criteria must be PROVEN before completion can be claimed.
═══════════════════════════════════════════════════
Before outputting the DoD:
pnpm test and capture output")| Failure | Recovery |
|---|---|
| Goal is too vague to categorise | Ask: "What does success look like for a user?" |
| Criteria are subjective | Rewrite as binary observable outcomes |
| Proof artifact is vague | Specify exact command, file path, or screenshot requirement |
| Too many criteria (> 30) | Split into Phase 1 (critical) and Phase 2 (nice-to-have) |
Input: "The auth flow is done"
Output:
DEFINITION OF DONE
═══════════════════════════════════════════════════
Goal: Authentication flow complete
Scope: Frontend, Backend, Security
FRONTEND
─────────
□ Login page renders without console errors — UNKNOWN | requires: Browser screenshot + console log
□ Login form submits and redirects to dashboard — UNKNOWN | requires: Playwright test run
□ Logout clears JWT cookie and redirects to login — UNKNOWN | requires: Browser network tab screenshot
BACKEND
─────────
□ POST /api/auth/login returns 200 with JWT — UNKNOWN | requires: curl -X POST output
□ Invalid credentials return 401 — UNKNOWN | requires: curl with wrong password output
□ Protected routes reject requests without JWT — UNKNOWN | requires: curl without Authorization header output
SECURITY
─────────
□ JWT secret is not the default value — UNKNOWN | requires: Check JWT_SECRET_KEY env var
□ Token expiry is set to <= 60 minutes — UNKNOWN | requires: Check JWT_EXPIRE_MINUTES env var
□ Rate limiting active on /api/auth/login — UNKNOWN | requires: 10 rapid requests + response log
SUMMARY
─────────
PROVEN: 0 criteria
UNKNOWN: 9 criteria — must verify
MISSING: 0 criteria
GATE: ALL criteria must be PROVEN before auth flow can be claimed complete.
═══════════════════════════════════════════════════
Input: "Is auth done?" Output: "The auth looks complete, tests are passing."
Reason rejected: No criteria listed, no proof artifacts, vague summary.