supaguard

Create, test, and deploy synthetic monitoring checks from source code using the supaguard CLI. Triggers on monitoring setup, Playwright script generation, uptime checks, health checks, and production observability workflows.

What is supaguard?

Quick Start

Open your terminal or command prompt
Run: npx skills add AbsolutelySkilled/AbsolutelySkilled --skill supaguard
Start your AI coding agent (Claude Code, Cursor, Gemini CLI, or any supported agent)
The supaguard skill is now active and ready to use

Overview Files

supaguard

supaguard is a production-ready AI agent skill for claude-code, gemini-cli, openai-codex. Creating synthetic monitoring checks from source code, generating Playwright monitoring scripts, deploying checks via CLI, setting up alerting, and managing uptime monitoring.

Quick Facts

Field	Value
Category	monitoring
Version	0.1.0
Platforms	claude-code, gemini-cli, openai-codex
License	MIT

How to Install

Make sure you have Node.js installed on your machine.
Run the following command in your terminal:

npx skills add AbsolutelySkilled/AbsolutelySkilled --skill supaguard

The supaguard skill is now available in your AI coding agent (Claude Code, Gemini CLI, OpenAI Codex, etc.).

Overview

supaguard is a synthetic monitoring platform that lets you monitor production applications by running Playwright scripts on a schedule from multiple regions. This skill teaches your AI coding agent to read your source code, identify critical user journeys, generate resilient Playwright monitoring scripts, and deploy them as recurring checks - all without committing any test scripts to your repository.

The workflow is fully interactive: the agent analyzes your codebase for routes, forms, and testable elements, generates a script, tests it in the cloud runner, and walks you through deployment options (scheduling, regions, alerting) one step at a time.

Platforms

claude-code
gemini-cli
openai-codex

Related Skills

Pair supaguard with these complementary skills:

Frequently Asked Questions

What is supaguard?

supaguard is a synthetic monitoring skill that enables AI coding agents to create, test, and deploy production monitoring checks from your source code. It generates Playwright scripts that run on a schedule from multiple global regions, monitoring critical user flows like login, checkout, and page loads.

How do I install supaguard?

Run npx skills add AbsolutelySkilled/AbsolutelySkilled --skill supaguard in your terminal. The skill will be immediately available in your AI coding agent.

What AI agents support supaguard?

This skill works with claude-code, gemini-cli, openai-codex. Install it once and use it across any supported AI coding agent.

Do I need the supaguard CLI?

Yes. The skill requires the supaguard CLI to test and deploy checks. Install it with npm install -g supaguard and authenticate with supaguard login.

Does it write files to my project?

No. All monitoring scripts are written to /tmp/sg-check-*.ts and never committed to your repository.

Maintainers

@maddhruv

Generated from AbsolutelySkilled

SKILL.md

supaguard - synthetic monitoring from your codebase

supaguard is a synthetic monitoring platform. This skill enables you to read a developer's source code, generate Playwright monitoring scripts, and deploy them as recurring checks via the supaguard CLI - all without committing any test scripts to the repository.

When to use this skill

Trigger this skill when the user:

Wants to set up synthetic monitoring for their app
Asks about uptime monitoring, health checks, or production observability
Wants to generate Playwright scripts for monitoring (not testing)
Asks about the supaguard CLI or mentions supaguard commands
Wants to monitor login flows, checkout flows, or critical user journeys
Needs to create, test, update, or manage monitoring checks
Asks about alerting for monitoring failures

Do NOT trigger this skill for:

Writing Playwright tests for CI/CD pipelines - use playwright-testing skill
General testing or QA workflows unrelated to production monitoring
Building monitoring dashboards or custom observability platforms

Workflow

Follow these steps every time a user asks you to create a monitoring check:

Read source code - scan components, routes, data-testids, API endpoints, and forms in the user's codebase
Identify the critical flow - determine what user journey to monitor (login, checkout, page load, etc.)
Ask for the production URL - if not obvious from code, env files, or package.json homepage field
Run pre-flight checks - verify CLI is installed and user is authenticated (see below)
Generate a Playwright script - use the templates and best practices from this skill's references
Write script to /tmp/sg-check-{random}.ts - NEVER write to the project directory
Test via CLI - supaguard checks test /tmp/sg-check-{random}.ts --json
If test fails - read the error output, adjust the script, retry (max 3 attempts before asking user)
If test passes - ask about deployment (see deployment flow below)
Deploy - run the CLI command with collected options
Celebrate - show the success banner and dashboard link (see success banner below)

Pre-flight checks

Before generating any script, verify:

CLI installed: run which supaguard. If missing, tell the user: npm install -g supaguard
Authenticated: run supaguard whoami --json. If not logged in, tell the user to run ! supaguard login (the ! prefix runs it in the current session for Claude Code)
Note the active org from the whoami output - you'll need the org slug for API context

Source code analysis

When analyzing the user's codebase, look for these patterns in priority order:

DOM selectors (use the most stable available)

data-testid attributes - most stable, purpose-built for testing
aria-label and role attributes - accessible and stable
id attributes - stable but sometimes dynamic
Text content via getByText() - readable but locale-dependent
CSS classes - LAST RESORT, fragile and changes with redesigns

Route discovery

Next.js App Router: scan app/ for page.tsx files, extract route patterns from directory structure
Next.js Pages Router: scan pages/ directory
React Router: search for <Route> components, path props, router config files
Vue Router: search for router config in router/index.ts or similar
Generic: look for <a href> patterns, navigation components

Form discovery

Search for <form>, <input>, <select>, <textarea> elements
Note form actions, validation patterns, submit handlers
Identify auth forms (login, signup, password reset)

API endpoint discovery

Next.js: scan app/api/ or pages/api/ for route handlers
Express/Fastify: search for app.get(), app.post(), router definitions
Client-side: look for fetch/axios calls to identify external API dependencies

Critical flows to monitor

Authentication (login, signup, logout, password reset)
Core product flows (dashboard load, data CRUD, search)
Checkout/payment flows
User settings and profile management

Deployment flow

After a test passes, do NOT auto-deploy. Instead, ask the user interactively using AskUserQuestion - one question at a time, in this order:

Step 1: Ask for a check name

Ask what they want to name this check. Suggest a sensible default based on the flow being monitored (e.g., "Login Flow", "Homepage Load", "Checkout").

Step 2: Ask about scheduling

Use AskUserQuestion with these options:

Scheduled (recurring) - runs automatically on a cron schedule from multiple regions
On-demand only - no schedule, triggered manually via supaguard checks run or the dashboard

Step 3: If scheduled - ask for regions

Use AskUserQuestion with multi-select. Options:

US East (Virginia) - eastus
EU North (Ireland) - northeurope
India Central (Pune) - centralindia

Recommend selecting 2+ regions for geographic coverage.

Step 4: If scheduled - ask for frequency

Use AskUserQuestion with options:

Every 5 minutes (recommended)
Every 10 minutes
Every 15 minutes
Every 30 minutes
Every hour
Other (let user specify a cron expression)

Step 5: Deploy

For scheduled checks:

supaguard checks create /tmp/sg-check-{random}.ts --name "Check Name" --locations eastus,northeurope --cron "*/5 * * * *" --skip-test --json

For on-demand checks, deploy with a very long interval then pause:

supaguard checks create /tmp/sg-check-{random}.ts --name "Check Name" --locations eastus --cron "0 0 1 1 *" --skip-test --json

Then immediately pause it:

supaguard checks pause <checkId> --json

Tell the user they can trigger runs manually with supaguard checks run <checkId> --json or from the dashboard.

Note: use --skip-test since we already tested the script in step 7.

Step 6: Offer alerting

After deployment, ask if they want to set up alerting. See references/modules-and-alerting.md for details.

Success banner

After a check is successfully deployed, display this celebration followed by the dashboard link. Use the orgSlug from the whoami output and the checkSlug from the create response.

╔═════════════════════════════════════════╗
║ supaguard check deployed successfully  ║
╚═════════════════════════════════════════╝

Then output:

name:      {checkName}
schedule:  {frequency or "on-demand"}
regions:   {region list or "paused"}
dashboard: https://supaguard.app/dashboard/{orgSlug}/checks/{checkSlug}

The dashboard URL format is https://supaguard.app/dashboard/{orgSlug}/checks/{checkSlug} where:

orgSlug comes from supaguard whoami --json (the org.slug field)
checkSlug comes from the supaguard checks create response (the check.slug field)

Constraints

These are hard rules. Follow them without exception:

NEVER write Playwright scripts to the user's project directory - always use /tmp/sg-check-*.ts
NEVER commit monitoring scripts to git
Scripts MUST contain import { test, expect } from "@playwright/test"
Scripts MUST contain at least one test() or test.describe() block
Scripts MUST NOT import from forbidden Node.js modules: child_process, fs, net, dgram, cluster, worker_threads, vm, http, https
Scripts MUST NOT use eval(), Function(), process.exit, process.kill, or dynamic import()
Scripts MUST NOT use console.log - use Playwright assertions instead
Scripts should complete in under 60 seconds (runner timeout is 60s, per-test timeout is 30s)
Always use --json flag when calling supaguard CLI commands - parse JSON output to determine success/failure
When a test fails, iterate on the script (read error output, fix, retry) - max 3 attempts before asking the user for help
Always include the production URL in scripts - ask the user if not obvious from code or environment configs
DO NOT use React Testing Library APIs (getByDisplayValue, queryByText, findByRole, etc.) - use Playwright's native page.getBy*() methods

Anti-patterns / common mistakes

Mistake	Why it is wrong	What to do instead
Writing scripts to project directory	Pollutes the codebase with monitoring artifacts	Always write to `/tmp/sg-check-*.ts`
Using `page.waitForTimeout()`	Makes checks flaky and wastes runner time	Use `waitForSelector()`, `waitForResponse()`, or Playwright assertions
Asserting on CSS classes	Breaks on redesigns, not meaningful for monitoring	Assert on text content, roles, testids, or visibility
Using React Testing Library APIs	Not available in Playwright runner	Use `page.getBy*()` methods: `getByTestId`, `getByRole`, `getByText`
Monitoring too many flows in one check	Hard to diagnose failures, exceeds timeout	Keep one logical flow per check
Hardcoding credentials in scripts	Security risk, scripts are stored in the cloud	Use test accounts or environment variables
Skipping pre-flight checks	Leads to confusing errors mid-workflow	Always verify CLI install and auth first
Auto-deploying without asking	User should control scheduling and regions	Always ask before deploying
Omitting `--json` flag	Human-readable output is hard to parse programmatically	Always use `--json` for structured output

Gotchas

Forbidden module imports - The supaguard runner sandboxes scripts and blocks fs, child_process, net, http, https, vm, and other Node.js built-ins. Scripts that import these will fail at runtime with a cryptic error. Stick to @playwright/test and the allowed npm packages listed in references/playwright-guide.md.
Runner timeout is 60 seconds - Scripts that navigate through too many pages or wait on slow third-party resources will time out. Keep checks focused on a single flow and set individual test timeouts to 30 seconds.
React Testing Library confusion - Methods like getByDisplayValue, queryByText, and findByRole are NOT Playwright APIs. Playwright has similarly named but different methods: page.getByTestId(), page.getByRole(), page.getByText(). Mixing these up causes runtime errors.
On-demand checks still need a cron - The CLI requires --cron even for on-demand checks. Use a far-future cron ("0 0 1 1 *") and immediately pause the check after creation.
Cookie consent banners - Production sites often have cookie banners that block interaction. Always handle these before proceeding with the main flow. Look for common patterns: [data-testid="cookie-accept"], buttons with text "Accept", or known cookie consent libraries.

References

For detailed guidance, load these reference files as needed:

references/cli-reference.md - full CLI command reference with flags and --json output shapes
references/playwright-guide.md - monitoring best practices, anti-patterns, and script templates
references/framework-patterns.md - framework-specific code analysis patterns
references/modules-and-alerting.md - shared modules, alerting, regions, and scheduling

Only load a references file if the current task requires it - they are long and will consume context.

References

cli-reference.md

supaguard CLI reference

IMPORTANT: Always use --json flag when calling CLI commands. Parse JSON output for structured data. Errors go to stderr as { "error": "message" }. Exit code 0 = success, 1 = failure.

auth

supaguard login

Opens browser for OAuth authentication. No --json flag.

supaguard logout [--json]

Revokes token and clears local config.

{ "success": true }

supaguard whoami [--json]

Shows current user and active organization.

{ "user": { "name": "...", "email": "..." }, "org": { "id": "uuid", "slug": "acme-corp", "name": "Acme Corp" } }

supaguard orgs [--json]

Lists organizations. In interactive mode, allows switching the active org.

{ "organizations": [{ "id": "uuid", "slug": "...", "name": "..." }], "activeOrg": { "id": "...", "slug": "...", "name": "..." } }

checks

supaguard checks list [--status STATUS] [--limit N] [--json]

Lists monitoring checks for the active organization.

{ "checks": [{ "id": "...", "slug": "...", "name": "...", "status": "ACTIVE", "type": "browser", "latestRun": {...} }], "total": 10, "limit": 50, "offset": 0 }

supaguard checks test <file> [--json]

Tests a Playwright script in the cloud runner. Does NOT deploy.

{ "status": "passed" | "failed", "durationMs": 1234, "error": "...", "artifactUrls": { "recording": "...", "screenshot": "...", "trace": "..." } }

On failure, read error for a friendly message and artifactUrls for debugging artifacts.

supaguard checks create <file> --name NAME --locations LOCATIONS --cron CRON [--alert-policy ID] [--skip-test] [--json]

Tests the script first (unless --skip-test), then deploys as a recurring monitoring check.

--name (required): human-readable check name
--locations (required): comma-separated region IDs (e.g., eastus,northeurope)
--cron (required): cron expression for schedule (e.g., "*/5 * * * *")
--alert-policy: alert policy ID to attach
--skip-test: skip the test-before-deploy step

{ "check": { "id": "uuid", "slug": "abc123", "name": "...", "status": "ACTIVE", "type": "browser", "dashboardUrl": "https://supaguard.app/dashboard/..." } }

supaguard checks update <id> [--name NAME] [--script FILE] [--locations LOCATIONS] [--cron CRON] [--alert-policy ID] [--json]

Updates an existing check. If --script is provided, the new script is tested first.

{ "check": { "id": "...", "slug": "...", "name": "...", "status": "..." } }

supaguard checks delete <id> [--force] [--json]

Deletes a check. Prompts for confirmation unless --force is set.

{ "deleted": true }

supaguard checks status <id> [--json]

Shows check details and recent executions.

{ "check": { "id": "...", "name": "...", "status": "...", "type": "..." }, "executions": [{ "id": "...", "status": "...", "durationMs": 1234, "createdAt": "..." }] }

supaguard checks run <id> [--region REGION] [--json]

Triggers an on-demand execution of the check.

{ "executionId": "uuid", "url": "https://supaguard.app/dashboard/..." }

supaguard checks pause <id> [--json]

Pauses a check (sets status to DISABLED).

{ "checkId": "...", "status": "DISABLED" }

supaguard checks resume <id> [--json]

Resumes a paused check (sets status to ACTIVE).

{ "checkId": "...", "status": "ACTIVE" }

modules

supaguard modules list [--json]

Lists shared modules for the active organization.

{ "modules": [{ "id": "...", "path": "pages/LoginPage.ts", "updatedAt": "..." }] }

supaguard modules push <file> [--path MODULE_PATH] [--json]

Uploads or updates a shared module. --path sets the module's import path (e.g., pages/LoginPage.ts).

{ "module": { "id": "...", "path": "...", "createdAt": "..." } }

supaguard modules delete <id> [--force] [--json]

Deletes a module. Prompts for confirmation unless --force.

{ "deleted": true }

alerts

supaguard alerts list [--json]

Lists alert policies for the active organization.

{ "policies": [{ "id": "...", "name": "...", "isDefault": false, "steps": [...] }] }

supaguard alerts create --name NAME --channel TYPE:TARGET [--json]

Creates a simple single-channel alert policy.

Channel formats:

Slack: --channel slack:#channel-name
Email: --channel email:team@company.com
Webhook: --channel webhook:https://hooks.example.com/alert

{ "policy": { "id": "...", "name": "...", "steps": [...] } }

For complex escalation chains (multi-step, delays, SMS, phone), direct the user to the supaguard dashboard.

framework-patterns.md

Framework-specific source code patterns

When analyzing a user's codebase, use these patterns to quickly find routes, components, and testable elements.

Next.js (App Router)

Routes: app/ directory - each page.tsx is a route, directory structure = URL path
Components: co-located in app/ or shared in components/
API routes: app/api/ directory - each route.ts is an endpoint
data-testid: look in client components ("use client" directive) - server components may not have testids
Layout: layout.tsx files for shared UI (navbars, sidebars)

Next.js (Pages Router)

Routes: pages/ directory - each file is a route
Global layout: _app.tsx
API routes: pages/api/
Components: typically in components/ directory

React SPA (CRA / Vite)

Routes: defined in router config, usually React Router
Look for route definitions in App.tsx, routes.tsx, or router.tsx
Single entry point with client-side routing
Components: src/components/ or feature-based directories

Vue

Routes: router/index.ts or router/index.js
Components: components/ or views/ directories
Look for data-testid or data-test attributes (Vue convention)
Templates in .vue single-file components

Generic HTML / MPA

Each HTML file is a page
Look for <a href> for navigation paths
Forms are usually the critical flows to monitor
Check for data-testid attributes in any framework

modules-and-alerting.md

Shared modules, alerting, regions, and scheduling

shared modules

when to suggest modules

Suggest modules when you notice:

2+ checks that share login logic
Same selectors used across multiple checks (page objects)
Helper functions reused across checks (waitForAuth, dismissCookieBanner)

module workflow

Write the module to /tmp/sg-module-{name}.ts
Push: supaguard modules push /tmp/sg-module-{name}.ts --path "pages/LoginPage.ts" --json
Import in scripts: import { LoginPage } from './pages/LoginPage';

IMPORTANT: Always ask the user before pushing modules. Suggest, don't auto-push.

module path rules

Must end in .ts or .js
Can only contain alphanumeric characters, underscores, hyphens, forward slashes
Cannot contain .. (no path traversal)
Cannot start with / (must be relative)
Pattern: [a-zA-Z0-9_\-/.]+\.(ts|js)

module content rules

Modules follow the same forbidden-import rules as scripts:

No child_process, fs, net, dgram, cluster, worker_threads, vm, http, https
No eval(), Function(), process.exit, process.kill, dynamic import()

alerting

basic alerting via CLI

After deploying a check, offer to set up alerting:

# Create an alert policy
supaguard alerts create --name "Critical Alerts" --channel slack:#monitoring --json

# Link the alert policy to a check
supaguard checks update <checkId> --alert-policy <policyId> --json

supported channels

Slack: --channel slack:#channel-name
Email: --channel email:team@company.com
Webhook: --channel webhook:https://hooks.example.com/alert

recommended setup

Set consecutiveFailuresRequired to 2 (avoids alerting on transient failures)
Use Slack for immediate notification, email for escalation
For complex escalation chains (multi-step, delays, SMS, phone): direct the user to the supaguard dashboard

regions

Available regions (use these exact IDs in --locations flag):

ID	Label
`eastus`	US East (Virginia)
`northeurope`	EU North (Ireland)
`centralindia`	India Central (Pune)

For most monitoring: use 2+ regions for geographic coverage.

scheduling

Common cron presets (use in --cron flag):

Cron	Frequency
`/5 * * *`	Every 5 minutes
`/10 * * *`	Every 10 minutes
`/15 * * *`	Every 15 minutes
`/30 * * *`	Every 30 minutes
`0 * * * *`	Every hour
`0 /6 * *`	Every 6 hours
`0 /12 * *`	Every 12 hours
`0 0 * * *`	Every 24 hours

Recommended default: */5 * * * * (every 5 minutes) with 2+ regions.

playwright-guide.md

Playwright monitoring best practices

monitoring scripts vs test scripts

Monitoring scripts run on a schedule against production. They must be:

Resilient: handle transient failures (network blips, slow loads, cookie banners)
Fast: complete in under 60 seconds (runner timeout). Keep scripts lean.
Observable: meaningful assertions that detect real breakage, not flaky checks

best practices

Always start with import { test, expect } from "@playwright/test";
Use page.goto(url, { waitUntil: "networkidle" }) for initial page loads
Prefer page.getByTestId("x") over CSS selectors
Use await expect(element).toBeVisible() before interacting with an element
Use explicit waits: page.waitForSelector(), page.waitForResponse()
NEVER use page.waitForTimeout() or sleep() - these make checks flaky and waste time
Keep one logical flow per check (e.g., login only, not login + checkout + logout)
Assert on user-visible outcomes, not internal DOM state
Handle common obstacles before proceeding:
- Cookie consent banners: dismiss or accept
- Popups/modals: close or interact as needed
- Loading states: wait for spinners to disappear with await expect(spinner).not.toBeVisible()
Use descriptive test names: test("user can complete checkout", ...)

anti-patterns

Don't assert on CSS classes or style properties (they change with redesigns)
Don't assert on exact text that includes dynamic data (dates, counts, prices)
Don't navigate to more than 3-4 pages in a single check
Don't fill forms with real credentials - use test accounts or environment variables
Don't use page.evaluate() for assertions - use Playwright's built-in matchers
Don't use React Testing Library methods (getByDisplayValue, queryByText, findByRole, getAllByTestId, etc.) - these are NOT Playwright APIs
Don't use getBySelector(), getByCssSelector(), or getByXPath() - use page.locator() or page.getByRole()

script templates

login flow monitoring

import { test, expect } from "@playwright/test";

test("login flow works", async ({ page }) => {
  await page.goto("https://YOUR_APP_URL/login", { waitUntil: "networkidle" });

  // Fill credentials
  await page.getByTestId("email-input").fill("monitor@example.com");
  await page.getByTestId("password-input").fill("test-password");
  await page.getByTestId("login-button").click();

  // Verify successful login
  await expect(page.getByTestId("dashboard")).toBeVisible({ timeout: 10000 });
  await expect(page).toHaveURL(/dashboard/);
});

page load monitoring

import { test, expect } from "@playwright/test";

test("homepage loads correctly", async ({ page }) => {
  const response = await page.goto("https://YOUR_APP_URL", { waitUntil: "networkidle" });

  // Verify page loaded
  expect(response?.status()).toBeLessThan(400);
  await expect(page.getByRole("heading", { level: 1 })).toBeVisible();

  // Verify key content is present
  await expect(page.getByTestId("hero-section")).toBeVisible();
  await expect(page.getByTestId("nav-menu")).toBeVisible();
});

form submission monitoring

import { test, expect } from "@playwright/test";

test("contact form submits successfully", async ({ page }) => {
  await page.goto("https://YOUR_APP_URL/contact", { waitUntil: "networkidle" });

  // Fill form
  await page.getByTestId("name-input").fill("Monitor Bot");
  await page.getByTestId("email-input").fill("monitor@example.com");
  await page.getByTestId("message-input").fill("Automated monitoring check");
  await page.getByTestId("submit-button").click();

  // Verify submission
  await expect(page.getByTestId("success-message")).toBeVisible({ timeout: 10000 });
});

API health check

API checks use a different approach - no Playwright script needed. Use the CLI directly:

supaguard checks create --type api \
  --name "API Health" \
  --url "https://api.example.com/health" \
  --method GET \
  --assert-status 200 \
  --assert-response-time 5000 \
  --locations eastus,northeurope \
  --cron "*/5 * * * *" \
  --json

allowed npm packages in scripts

Scripts can import these packages (they're available in the runner):

@playwright/test (always available)
@faker-js/faker / faker - for generating test data
dayjs / date-fns - for date manipulation
lodash / lodash-es - for utility functions
uuid - for generating UUIDs
zod - for schema validation

Frequently Asked Questions

What is supaguard?

How do I install supaguard?

Run npx skills add AbsolutelySkilled/AbsolutelySkilled --skill supaguard in your terminal. The skill will be immediately available in your AI coding agent.

What AI agents support supaguard?

supaguard works with claude-code, gemini-cli, openai-codex. Install it once and use it across any supported AI coding agent.

Is supaguard free?

Yes, supaguard is completely free and open source under the MIT license. Install it with a single command and start using it immediately.

What is the difference between supaguard and similar tools?

supaguard is an AI agent skill that teaches your coding agent specialized monitoring knowledge. Unlike standalone tools, it integrates directly into claude-code, gemini-cli, openai-codex and other AI agents.

Can I use supaguard with Cursor or Windsurf?

supaguard works with any AI coding agent that supports the skills protocol, including Claude Code, Cursor, Windsurf, GitHub Copilot, Gemini CLI, and 40+ more.