devakone
diff --git a/‎.github/workflows/security.yml‎
Lines changed: 38 additions & 0 deletions b/‎.github/workflows/security.yml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 8 additions & 0 deletions b/‎.gitignore‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎.release-please-manifest.develop.json‎
Lines changed: 3 additions & 3 deletions b/‎.release-please-manifest.develop.json‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎Agents.md‎
Lines changed: 41 additions & 104 deletions b/‎Agents.md‎
Lines changed: 41 additions & 104 deletions
diff --git a/‎CHANGELOG-DEVELOP.md‎
Lines changed: 38 additions & 0 deletions b/‎CHANGELOG-DEVELOP.md‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎CLAUDE.local.example.md‎
Lines changed: 50 additions & 0 deletions b/‎CLAUDE.local.example.md‎
Lines changed: 50 additions & 0 deletions
@@ -0,0 +1,38 @@
+name: Security checks
+
+on:
+  push:
+    branches:
+      - develop
+      - main
+  pull_request:
+    branches:
+      - develop
+      - main
+
+jobs:
+  audit-and-secret-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22.13.0
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: NPM audit (moderate)
+        run: npm audit --audit-level=moderate
+
+      - name: Trufflehog git history scan
+        uses: trufflesecurity/trufflehog@main
+        with:
+          extra_args: --only-verified
@@ -1,5 +1,6 @@
 # Dependencies
 node_modules/
+.npm-cache/
 /.pnp
 .pnp.*
 .yarn/*
@@ -36,6 +37,13 @@ supabase/.temp/
 *~
 .cursor-memory
 
+# Claude Code
+CLAUDE.local.md
+.claude/settings.local.json
+
+# Personal workflow
+docs/WorkflowJournal.md
+
 # OS
 .DS_Store
 Thumbs.db
 
@@ -1,5 +1,5 @@
 {
-  ".": "0.1.0-alpha.4",
-  "apps/web": "0.1.0-alpha.4",
-  "apps/worker": "0.1.0-alpha.2"
+  ".": "0.1.0-alpha.6",
+  "apps/web": "0.1.0-alpha.6",
+  "apps/worker": "0.1.0-alpha.3"
 }
@@ -63,7 +63,7 @@ npm run dev
 Copy the example env file and fill in values:
 
 ```bash
-cp .env.example .env.local
+cp .env.example apps/web/.env.local
 ```
 
 Required variables:
@@ -108,45 +108,21 @@ psql "postgresql://postgres:postgres@127.0.0.1:XXXXX/postgres" -c "YOUR SQL HERE
 - Always use `psql` with the local DB URL from `npm run supabase:status`
 - The MCP Supabase tools are for remote database operations only
 
-### Supabase Project References
-
-| Environment | Project Ref | Dashboard URL | Branch |
-|-------------|-------------|---------------|--------|
-| Local | N/A | `npm run supabase:start` → http://127.0.0.1:54423 | - |
-| Development | `ljxvzqjkwwwsgdnvgpgm` | https://supabase.com/dashboard/project/ljxvzqjkwwwsgdnvgpgm | `develop` |
-| Production | `idjewtwnfrufbxoxulmq` | https://supabase.com/dashboard/project/idjewtwnfrufbxoxulmq | `main` |
-
-**Default remote:** Development (`ljxvzqjkwwwsgdnvgpgm`)
-
 ### Switching Between Environments
 
-By default, the Supabase CLI points to the **development** remote. You only need to explicitly link when switching to production.
+The project may have multiple remote environments (development, staging, production). Use the Supabase CLI to switch:
 
 ```bash
 # Check which environment is currently linked
-npm run supabase:which
-
-# Link to production (CAUTION: only for production deployments)
-npm run supabase:link:prod
-
-# Link back to development (restore default)
-npm run supabase:link:dev
-```
+npx supabase projects list
 
-Add these scripts to `package.json`:
-```json
-{
-  "scripts": {
-    "supabase:which": "npx supabase projects list",
-    "supabase:link:dev": "npx supabase link --project-ref <DEV_PROJECT_REF>",
-    "supabase:link:prod": "npx supabase link --project-ref <PROD_PROJECT_REF>"
-  }
-}
+# Link to a specific project
+npx supabase link --project-ref <PROJECT_REF>
 ```
 
 **When to use each:**
 - **Local:** Default for all development work
-- **Development remote (default):** Testing against shared dev data, deploying previews, pushing migrations
+- **Development remote:** Testing against shared dev data, deploying previews, pushing migrations
 - **Production remote:** Only for production deployments or critical debugging
 
 ---
@@ -232,26 +208,21 @@ npx supabase migration list --linked
 
 ### Local Dev Test User
 
-For testing authenticated flows locally, create this test user:
-
-| Field | Value |
-|-------|-------|
-| Email | `testuser@vibed.coding` |
-| Password | `TestPass123!` |
+For testing authenticated flows locally, you can create a test user in the local Supabase instance.
 
-**To create the test user:**
+**To create a test user:**
 
 1. Start local Supabase: `npm run supabase:start`
 2. Go to local Supabase Studio: `http://127.0.0.1:54323`
 3. Navigate to Authentication → Users
-4. Click "Add User" and enter the credentials above
+4. Click "Add User" and enter test credentials
 
 **Alternative via SQL:**
 ```bash
 # Get DB URL first
 npm run supabase:status
 
-# Create user (replace XXXXX with actual port)
+# Create user (replace XXXXX with actual port, EMAIL and PASSWORD with your values)
 psql "postgresql://postgres:postgres@127.0.0.1:XXXXX/postgres" -c "
 INSERT INTO auth.users (
   id,
@@ -262,8 +233,8 @@ INSERT INTO auth.users (
   updated_at
 ) VALUES (
   gen_random_uuid(),
-  'testuser@vibed.coding',
-  crypt('TestPass123!', gen_salt('bf')),
+  'YOUR_TEST_EMAIL',
+  crypt('YOUR_TEST_PASSWORD', gen_salt('bf')),
   now(),
   now(),
   now()
@@ -275,8 +246,8 @@ INSERT INTO auth.users (
 
 For GitHub OAuth testing locally:
 1. Create a GitHub OAuth App at https://github.com/settings/developers
-2. Set callback URL to `http://localhost:54421/auth/v1/callback`
-3. Add credentials to `.env.local`
+2. Set callback URL to `http://localhost:54321/auth/v1/callback`
+3. Add credentials to `apps/web/.env.local`
 
 ---
 
@@ -498,9 +469,9 @@ npx supabase migration repair --status applied <version>
 
 1. **Most common cause:** Supabase was started without env vars. Restart with `npm run supabase:stop && npm run supabase:start`
 2. **Stale browser state:** Clear cookies and site data for `localhost` in your browser, then try again
-3. Check callback URL in GitHub OAuth App matches: `http://localhost:54421/auth/v1/callback`
+3. Check callback URL in GitHub OAuth App matches: `http://localhost:54321/auth/v1/callback`
 4. Verify `GITHUB_CLIENT_ID` and `GITHUB_CLIENT_SECRET` are set in `apps/web/.env.local`
-5. Check Supabase Auth settings in local Studio: `http://127.0.0.1:54423`
+5. Check Supabase Auth settings in local Studio: `http://127.0.0.1:54323`
 6. Use `localhost:8108` consistently (not `127.0.0.1:8108`) to avoid OAuth state mismatches
 
 ### MCP Tools Not Connecting
@@ -535,71 +506,37 @@ MCP Supabase tools connect to remote projects, not local. For local development:
 - **Keep PRD.md current** if requirements change
 - **This file (Agents.md)** is the source of truth for agent behavior
 
----
-
-## Workflow Capture
-
-**IMPORTANT:** This project is also a learning tool for improving the development process.
 
-### When to Log
+## Code Review Protocol
 
-Add entries to `docs/WorkflowJournal.md` when you observe:
+When reviewing code or PRs, apply deep analysis ("ultrathink") to validate reasonableness:
 
-| Tag | When to Use |
-|-----|-------------|
-| `[MANUAL]` | User or agent did something by hand that could be scripted |
-| `[REPETITIVE]` | Did something that's been done in other projects |
-| `[FRICTION]` | Hit a snag, needed a workaround, or found unexpected complexity |
-| `[INSIGHT]` | Learned something worth remembering for future projects |
-| `[DECISION]` | Made a choice between alternatives (capture the reasoning) |
-
-### Entry Format
-
-```markdown
-### YYYY-MM-DD HH:MM - [TAG] Short title
-**Context:** What were you trying to do?
-**Action:** What did you actually do?
-**Time spent:** Estimate
-**Automation opportunity:** None | Low | Medium | High
-**Notes:** Any additional context
-```
-
-### Examples of What to Capture
-
-**Do log:**
-- Creating a new file that follows a pattern from other projects
-- Running a manual command that could be in a script
-- Discovering a gotcha or workaround
-- Choosing between libraries, approaches, or patterns
-- Anything that took longer than expected
-
-**Don't log:**
-- Routine code edits
-- Standard git operations
-- Things already documented elsewhere
-
-### Proactive Capture
-
-When completing a task, briefly consider:
-1. Was any part of this manual when it could be automated?
-2. Have I done this exact thing in another project?
-3. Did I learn something that would help next time?
-
-If yes to any, add a journal entry before moving on.
-
----
+### 1. Plan/PRD Validation
+- **Check alignment**: Does the code match the plan or PRD?
+- **Identify gaps**: What will NOT work? What will break?
+- **Surface oversights**: What was overlooked or not considered?
+- **Edge cases**: Are all edge cases handled?
 
-## Related Workflow Documents
+### 2. Simplification Analysis
+- **Reduce complexity**: Is there a simpler approach that achieves the same outcome?
+- **Remove redundancy**: Are there unnecessary abstractions or indirections?
+- **Question scope**: Is the change doing more than required?
 
-| Document | Purpose |
-|----------|---------|
-| `docs/Workflow.md` | The playbook—how projects are started (template for future) |
-| `docs/WorkflowJournal.md` | Real-time capture during this project |
-| `docs/PRD.md` | Product requirements |
-| `docs/Agents.md` | This file—agent instructions |
+### 3. Regression Risk Assessment
+- **Existing functionality**: Will this break current behavior?
+- **Dependent code**: What other code relies on the modified paths?
+- **Test coverage**: Are existing tests still valid? Do they need updates?
+- **Backward compatibility**: Are APIs/interfaces preserved or properly versioned?
 
-The journal feeds insights back into the playbook. Over time, high-automation-opportunity items become scripts or templates.
+### Review Checklist
+- [ ] Code matches PRD/plan intent
+- [ ] No obvious failure modes overlooked
+- [ ] Simplest reasonable approach used
+- [ ] No unnecessary scope creep
+- [ ] Existing tests still pass
+- [ ] New tests cover changed behavior
+- [ ] No breaking changes to existing functionality (or documented if intentional)
 
 ---
 
-*Last updated: Phase 0 initialization*
+*Last updated: 2026-01-22*
@@ -1,5 +1,43 @@
 # Changelog
 
+## [0.1.0-alpha.6](https://github.com/devakone/vibe-coding-profiler/compare/vibed-coding-v0.1.0-alpha.5...vibed-coding-v0.1.0-alpha.6) (2026-01-29)
+
+
+### Features
+
+* Add a new section outlining the code review protocol and checklist. ([069337c](https://github.com/devakone/vibe-coding-profiler/commit/069337c486c97d08a1f031a442c67851453ed712))
+* **settings/repos:** improve UX with platform filtering and simplified view ([61db163](https://github.com/devakone/vibe-coding-profiler/commit/61db163a2006046a0fe99d9a3b57fa66b6eec480))
+* **supabase:** enable GitLab and Bitbucket OAuth providers locally ([36229c8](https://github.com/devakone/vibe-coding-profiler/commit/36229c8ac875c28d87eebc9d33396ad0be5e1055))
+
+
+### Bug Fixes
+
+* address code review observations for multi-platform integration ([3d67b0f](https://github.com/devakone/vibe-coding-profiler/commit/3d67b0f93dbddeab5c4ca176401d0f4b3a5d0f38))
+* handle object format for narrative highlights in UnifiedInsightSection ([bc9686a](https://github.com/devakone/vibe-coding-profiler/commit/bc9686aac4ae5b7adca1b725d63e227549fef4d0))
+* resolve hydration mismatch in NotificationDropdown ([f987526](https://github.com/devakone/vibe-coding-profiler/commit/f98752674e1e81f9f5a43e173a01d4b42ff67017))
+
+## [0.1.0-alpha.5](https://github.com/devakone/vibe-coding-profiler/compare/vibed-coding-v0.1.0-alpha.4...vibed-coding-v0.1.0-alpha.5) (2026-01-23)
+
+
+### ⚠ BREAKING CHANGES
+
+* The `github_accounts` table has been renamed to `platform_connections`. All queries referencing `github_accounts` must be updated to use `platform_connections` with the additional `platform` column filter.
+
+### Features
+
+* add foundational documentation and security measures ([d10c5c4](https://github.com/devakone/vibe-coding-profiler/commit/d10c5c4ca46a36bf006deee23776ae9b5a8ad7c6))
+* add GitHub Actions workflow for security checks ([686ea44](https://github.com/devakone/vibe-coding-profiler/commit/686ea445bb53cce8e95f1e2c8ee3edeb08b2d6b0))
+* add multi-platform support for repositories and connections ([266a717](https://github.com/devakone/vibe-coding-profiler/commit/266a71713c6ab96865d170fd70bbdc9dee87ef27))
+* **core:** add platform client abstraction for multi-platform support ([1b8c152](https://github.com/devakone/vibe-coding-profiler/commit/1b8c15274ab5316dd1fce21a64b6472984124519))
+* **db:** add platform support and LLM usage tracking ([a82acb7](https://github.com/devakone/vibe-coding-profiler/commit/a82acb7ed4e4abb925d8d8fa7de8b065669c7cdb))
+* multi-platform repository integration ([ff0a993](https://github.com/devakone/vibe-coding-profiler/commit/ff0a99388238d02e246553559e96bb655324a939))
+* **oauth:** add GitLab and Bitbucket OAuth support ([75a5009](https://github.com/devakone/vibe-coding-profiler/commit/75a500931dafcd5780acf9b4376a471d4e5d7c2e))
+* **platforms:** add API endpoints and UI for managing platform connections ([b8a2948](https://github.com/devakone/vibe-coding-profiler/commit/b8a294825156a7954f815408cf297ce530f54007))
+* **platforms:** implement Bitbucket and GitLab API clients ([0692731](https://github.com/devakone/vibe-coding-profiler/commit/06927315459b77397b11acffc4d6d2f3f1a6a7a5))
+* **settings:** add platforms page and extract settings tabs component ([29f9082](https://github.com/devakone/vibe-coding-profiler/commit/29f9082110f790e84d6995c7d1781f5fc63797cb))
+* unify repo management for multiple platforms ([d22dd27](https://github.com/devakone/vibe-coding-profiler/commit/d22dd279be5011deb00aaf6126dbe8ea01f9c14c))
+* **worker:** support multiple git platforms in fallback worker ([7fc5b95](https://github.com/devakone/vibe-coding-profiler/commit/7fc5b951a2f337e33376ee8ae5b1b4cf0585b7e5))
+
 ## [0.1.0-alpha.4](https://github.com/devakone/vibe-coding-profiler/compare/vibed-coding-v0.1.0-alpha.3...vibed-coding-v0.1.0-alpha.4) (2026-01-22)
 
 
 
@@ -0,0 +1,50 @@
+# Personal Claude Configuration (Template)
+
+Copy this file to `CLAUDE.local.md` and fill in your personal configuration.
+The `CLAUDE.local.md` file is gitignored and will not be committed.
+
+---
+
+## Supabase Project References
+
+| Environment | Project Ref | Dashboard URL | Branch |
+|-------------|-------------|---------------|--------|
+| Local | N/A | `npm run supabase:start` → http://127.0.0.1:54323 | - |
+| Development | `<YOUR_DEV_PROJECT_REF>` | https://supabase.com/dashboard/project/<YOUR_DEV_PROJECT_REF> | `develop` |
+| Production | `<YOUR_PROD_PROJECT_REF>` | https://supabase.com/dashboard/project/<YOUR_PROD_PROJECT_REF> | `main` |
+
+### Quick Link Commands
+
+```bash
+# Link to development
+npx supabase link --project-ref <YOUR_DEV_PROJECT_REF>
+
+# Link to production
+npx supabase link --project-ref <YOUR_PROD_PROJECT_REF>
+```
+
+---
+
+## Test Credentials
+
+### Local Dev Test User
+
+| Field | Value |
+|-------|-------|
+| Email | `your-test-email@example.com` |
+| Password | `YourTestPassword123!` |
+
+---
+
+## Personal Workflow Preferences
+
+Add any personal workflow preferences here, such as:
+- Preferred editor settings
+- Custom scripts you use
+- Personal reminders or notes
+
+---
+
+## MCP Tool Configurations
+
+If you have specific MCP tools configured, document them here for reference.
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- ".": "0.1.0-alpha.4",`
`3`		`- "apps/web": "0.1.0-alpha.4",`
`4`		`- "apps/worker": "0.1.0-alpha.2"`
	`2`	`+ ".": "0.1.0-alpha.6",`
	`3`	`+ "apps/web": "0.1.0-alpha.6",`
	`4`	`+ "apps/worker": "0.1.0-alpha.3"`
`5`	`5`	`}`