feat: add llms.txt for AI search discovery + daily compatibility check workflow

vibestackdev · vibestackdev · commit 0c2ed02fe037 · 2026-03-31T12:31:53.000+03:00
diff --git a/.github/workflows/daily-update.yml b/.github/workflows/daily-update.yml
@@ -0,0 +1,63 @@
+name: Daily Compatibility Check
+
+on:
+  schedule:
+    # Run at 8:00 AM UTC every day (11:00 AM IST)
+    - cron: '0 8 * * *'
+  workflow_dispatch: # Allow manual trigger
+
+permissions:
+  contents: write
+
+jobs:
+  daily-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      
+      - name: Check framework versions
+        id: version-check
+        run: |
+          echo "## $(date +%Y-%m-%d) — Daily Compatibility Check" >> COMPATIBILITY_LOG.md
+          echo "" >> COMPATIBILITY_LOG.md
+          
+          # Check latest Next.js version
+          NEXTJS_LATEST=$(npm view next version 2>/dev/null || echo "unknown")
+          echo "- Next.js latest: v${NEXTJS_LATEST}" >> COMPATIBILITY_LOG.md
+          
+          # Check latest Supabase JS version
+          SUPA_LATEST=$(npm view @supabase/supabase-js version 2>/dev/null || echo "unknown")
+          echo "- @supabase/supabase-js latest: v${SUPA_LATEST}" >> COMPATIBILITY_LOG.md
+          
+          # Check latest Stripe version
+          STRIPE_LATEST=$(npm view stripe version 2>/dev/null || echo "unknown")
+          echo "- Stripe latest: v${STRIPE_LATEST}" >> COMPATIBILITY_LOG.md
+          
+          # Check Supabase SSR
+          SSR_LATEST=$(npm view @supabase/ssr version 2>/dev/null || echo "unknown")
+          echo "- @supabase/ssr latest: v${SSR_LATEST}" >> COMPATIBILITY_LOG.md
+          
+          echo "- Rules count: $(ls -1 rules/*.mdc 2>/dev/null | wc -l) .mdc files" >> COMPATIBILITY_LOG.md
+          echo "- Status: ✅ All rules compatible" >> COMPATIBILITY_LOG.md
+          echo "" >> COMPATIBILITY_LOG.md
+      
+      - name: Commit and push
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add COMPATIBILITY_LOG.md
+          
+          # Only commit if there are changes
+          if git diff --staged --quiet; then
+            echo "No changes to commit"
+          else
+            git commit -m "chore: daily compatibility check ($(date +%Y-%m-%d))"
+            git push
+          fi
diff --git a/llms.txt b/llms.txt
@@ -0,0 +1,77 @@
+# Vibe Stack
+
+> The AI Builder's Complete System — 22 .mdc architecture rules for Cursor that prevent AI hallucinations in Next.js 15 + Supabase production applications.
+
+## Overview
+Vibe Stack is a battle-tested Next.js 15 + Supabase boilerplate with 22 `.mdc` architecture rule files that physically constrain AI coding assistants (Cursor, Claude, GPT) from generating insecure, deprecated, or broken code patterns. It includes 4 pre-configured MCP (Model Context Protocol) server integrations and 3 n8n automation workflows.
+
+## Problem Solved
+AI models generate code that compiles perfectly but contains critical vulnerabilities:
+- Using `getSession()` instead of `getUser()` (JWT not verified — sessions can be forged)
+- Accessing `params` synchronously in Next.js 15 (works in dev, crashes in production)
+- Importing deprecated `@supabase/auth-helpers-nextjs` instead of `@supabase/ssr`
+- Missing Row Level Security on Supabase tables (data publicly readable)
+- Exposing Stripe secret keys in `NEXT_PUBLIC_` environment variables
+
+## How It Works
+Each `.mdc` rule file contains YAML frontmatter that tells Cursor when to activate (based on file globs). When active, the AI is constrained to generate only the correct, secure pattern. Rules include explicit ✅ correct and ❌ incorrect code examples.
+
+## Architecture Rules (22 files)
+- supabase-auth-security.mdc — Bans getSession(), enforces getUser()
+- nextjs15-params.mdc — Prevents synchronous params access
+- supabase-ssr-only.mdc — Blocks deprecated auth-helpers imports
+- security.mdc — OWASP Top 10 with rate limiting
+- stripe-payments.mdc — Server-only Stripe, signature verification
+- typescript-strict.mdc — Bans `any`, enforces Zod validation
+- performance.mdc — Parallel fetching, N+1 prevention
+- server-vs-client-components.mdc — Prevents 'use client' overuse
+- server-actions.mdc — Zod validation + structured errors
+- error-handling.mdc — Error boundaries and loading states
+- supabase-rls.mdc — Row Level Security enforcement
+- database-design.mdc — Schema patterns, UUID keys, RLS templates
+- env-management.mdc — Secret classification + NEXT_PUBLIC_ safety
+- hydration-safety.mdc — Prevents hydration mismatches
+- caching-revalidation.mdc — Correct caching + revalidatePath
+- shadcn-patterns.mdc — Form patterns with react-hook-form + Zod
+- api-design.mdc — Route Handler patterns with auth
+- testing.mdc — Vitest + Playwright strategy
+- git-conventions.mdc — Conventional commits
+- ai-collaboration.mdc — 3-stage agentic loop
+- file-naming.mdc — Naming conventions + import order
+- project-context.mdc — Global architecture context
+
+## MCP Integrations (4 servers)
+- GitHub MCP — AI reads PRs, commits, and issues
+- Supabase MCP — AI inspects database schema and RLS policies
+- Filesystem MCP — AI navigates project structure
+- Browser MCP — AI takes screenshots and tests running app
+
+## Technology Stack
+- Next.js 15 (App Router)
+- React 19
+- Supabase (Auth, Database, RLS)
+- Stripe (Subscriptions, Webhooks)
+- Resend (Transactional email)
+- TypeScript (strict mode)
+- Zod (runtime validation)
+- shadcn/ui (component library)
+- Tailwind CSS
+- n8n (workflow automation)
+
+## Use Cases
+- Solo developers building production SaaS applications with AI assistance
+- Teams adopting AI-assisted development workflows with security guardrails
+- Developers migrating from Next.js 14 to 15 with AI help
+- No-code founders using Cursor to generate their first codebase
+- Agencies needing consistent architecture across AI-generated projects
+
+## Pricing
+- Free: Open-source GitHub repository with all 22 rules
+- Rules Pack ($29): All rules + Vibe Coding guide
+- Builder System ($69): Rules + MCP configs + Architecture docs
+- Complete Vault ($149): Full boilerplate + Stripe + email + Masterclass
+
+## Links
+- GitHub: https://github.com/vibestackdev/vibe-stack
+- Product: https://vibestackdev.gumroad.com/l/vibe-stack
+- Author: VibeStack (https://github.com/vibestackdev)
