feat: add prompt library

[mkczarkowski]

Description

Complete implementation of a feature-flagged, organization-based prompt library system for curated content sharing within the 10xDevs community.

Core Features

🔐 Multi-tenant Access Control

• Organization-based access with admin/member roles
• Feature flag: PROMPT_LIBRARY_ENABLED (disabled by default)
• Middleware-enforced authentication and authorization
• Complete row-level security (RLS) on all tables

📝 Prompt Management

• Full CRUD operations with draft/published workflow
• Markdown content with preview and syntax highlighting
• Organization-scoped collections and segments
• Copy to clipboard and download as .md files
• Multi-language support (i18n with locale fallback)

🔗 Invite System

• Time-limited invite links with usage tracking
• Admin dashboard for invite management
• Redemption flow with automatic organization assignment
• Real-time analytics (total/redeemed/expired invites)

🎨 User Interfaces

Admin (/prompts/admin):

• Inline prompt editor with markdown preview
• Collection/segment assignment
• Publish/unpublish controls
• Invite link generation and stats

Member (/prompts):

• Browse published prompts by organization
• Filter by collection and segment
• Search across titles and content (all languages)
• Copy/download actions

Database Schema

New tables (all with RLS):

organizations
organization_members (role: admin | member)
prompt_collections
prompt_collection_segments
prompts (with locale support)
organization_invites

API Routes

Admin (/api/prompts/admin/*):

• GET/POST /prompts - List/create
• GET/PUT/DELETE /prompts/:id - Manage
• POST /prompts/:id/publish - Publish/unpublish
• GET/POST /invites - Invite management
• GET /invites/:id/stats - Analytics

Member (/api/prompts/*):

• GET /prompts - List published
• GET /collections - Browse collections
• GET /collections/:id/segments - Browse segments

Security

• RLS: Comprehensive row-level security on all tables
• Middleware: Pre-route validation for auth, feature flags, and org membership
• Service Role Separation: Admin operations use elevated permissions
• Organization Isolation: Complete data separation between organizations
• Invite Tokens: Cryptographically secure, time-limited tokens

Testing

✅ Unit Tests (8 suites):

• Feature flags, middleware, access control
• Invite service, language service, prompt service
• Collection service, keyboard activation hook

✅ Integration Tests (3 flows):

• Complete admin flow (create → publish → view)
• Multi-language prompt management
• Invite link redemption with org assignment

Key Refactors

1. Collections Disambiguation: Renamed existing "collections" to "rule collections" to avoid naming conflicts

   • collectionsStore → ruleCollectionsStore
   • /api/collections → /api/rule-collections

2. Shared Markdown Builders: Extracted common markdown generation logic into reusable module

3. Test Infrastructure: Comprehensive Supabase client mocking with chainable query builders

Known Limitations

• No prompt versioning/history (single active version per prompt)
• No usage telemetry (planned future enhancement)
• No bulk operations UI (e.g., bulk publish)
• Manual organization member management (no external roster integration)

Review Focus Areas

1. Security: RLS policies in supabase/migrations/20251004000000_consolidated_rls.sql
2. API Design: REST endpoints structure and error handling
3. Access Control: Middleware logic in src/middleware/index.ts
4. State Management: Race conditions in src/store/promptsStore.ts
5. Migration Safety: Production deployment readiness

Pre-Merge Checklist

• All tests passing (unit + integration)
• Linter clean, build successful
• Database migrations tested locally
• RLS policies validated
• Feature flag tested (on/off states)
• End-to-end flows tested (admin/member/invite)
• Documentation complete

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting

• @codex fix this CI failure
• @codex address that feedback

[github-actions]

✅ All checks have passed successfully!

• Lint: ✅
• Unit Tests: ✅
• E2E Tests: ✅

Coverage reports have been uploaded as artifacts.