fix: harden unicode safety checks

skills/ai-regression-testing/SKILL.md

@@ -39,7 +39,7 @@ Fix 3: Changed to SELECT *
   → Fixed production path, forgot sandbox path
   → AI reviewed and missed it AGAIN (4th occurrence)
 
-Fix 4: Test caught it instantly on first run ✅
+Fix 4: Test caught it instantly on first run PASS:
 ```
 
 The pattern: **sandbox/production path inconsistency** is the #1 AI-introduced regression.
@@ -249,14 +249,14 @@ User: "バグチェックして" (or "/bug-check")
 **Frequency**: Most common (observed in 3 out of 4 regressions)
 
 ```typescript
-// ❌ AI adds field to production path only
+// FAIL: AI adds field to production path only
 if (isSandboxMode()) {
   return { data: { id, email, name } };  // Missing new field
 }
 // Production path
 return { data: { id, email, name, notification_settings } };
 
-// ✅ Both paths must return the same shape
+// PASS: Both paths must return the same shape
 if (isSandboxMode()) {
   return { data: { id, email, name, notification_settings: null } };
 }
@@ -282,7 +282,7 @@ it("sandbox and production return same fields", async () => {
 **Frequency**: Common with Supabase/Prisma when adding new columns
 
 ```typescript
-// ❌ New column added to response but not to SELECT
+// FAIL: New column added to response but not to SELECT
 const { data } = await supabase
   .from("users")
   .select("id, email, name")  // notification_settings not here
@@ -291,7 +291,7 @@ const { data } = await supabase
 return { data: { ...data, notification_settings: data.notification_settings } };
 // → notification_settings is always undefined
 
-// ✅ Use SELECT * or explicitly include new columns
+// PASS: Use SELECT * or explicitly include new columns
 const { data } = await supabase
   .from("users")
   .select("*")
@@ -303,13 +303,13 @@ const { data } = await supabase
 **Frequency**: Moderate — when adding error handling to existing components
 
 ```typescript
-// ❌ Error state set but old data not cleared
+// FAIL: Error state set but old data not cleared
 catch (err) {
   setError("Failed to load");
   // reservations still shows data from previous tab!
 }
 
-// ✅ Clear related state on error
+// PASS: Clear related state on error
 catch (err) {
   setReservations([]);  // Clear stale data
   setError("Failed to load");
@@ -319,14 +319,14 @@ catch (err) {
 ### Pattern 4: Optimistic Update Without Proper Rollback
 
 ```typescript
-// ❌ No rollback on failure
+// FAIL: No rollback on failure
 const handleRemove = async (id: string) => {
   setItems(prev => prev.filter(i => i.id !== id));
   await fetch(`/api/items/${id}`, { method: "DELETE" });
   // If API fails, item is gone from UI but still in DB
 };
 
-// ✅ Capture previous state and rollback on failure
+// PASS: Capture previous state and rollback on failure
 const handleRemove = async (id: string) => {
   const prevItems = [...items];
   setItems(prev => prev.filter(i => i.id !== id));
@@ -362,11 +362,11 @@ No bug in /api/user/notifications  → Don't write test (yet)
 
 | AI Regression Pattern | Test Strategy | Priority |
 |---|---|---|
-| Sandbox/production mismatch | Assert same response shape in sandbox mode | 🔴 High |
-| SELECT clause omission | Assert all required fields in response | 🔴 High |
-| Error state leakage | Assert state cleanup on error | 🟡 Medium |
-| Missing rollback | Assert state restored on API failure | 🟡 Medium |
-| Type cast masking null | Assert field is not undefined | 🟡 Medium |
+| Sandbox/production mismatch | Assert same response shape in sandbox mode |  High |
+| SELECT clause omission | Assert all required fields in response |  High |
+| Error state leakage | Assert state cleanup on error |  Medium |
+| Missing rollback | Assert state restored on API failure |  Medium |
+| Type cast masking null | Assert field is not undefined |  Medium |
 
 ## DO / DON'T