@atlashub/smartstack-cli 1.13.2 → 1.14.0

package/templates/skills/review-code/references/feedback-patterns.md

@@ -0,0 +1,149 @@
+<overview>
+Code review feedback patterns based on research from Google, Microsoft, and academic studies on effective code review communication.
+</overview>
+
+<what_why_how_pattern>
+Every valuable comment includes three components:
+
+1. **What**: The specific issue
+2. **Why**: Why it matters
+3. **How**: Concrete fix or direction
+
+<good_example>
+```
+[BLOCKING] SQL injection vulnerability at line 34.
+The query uses string concatenation with user input, allowing attackers to modify the query.
+Fix: Use parameterized query: db.query('SELECT * FROM users WHERE id = ?', [userId])
+```
+</good_example>
+
+<bad_example>
+```
+This query looks unsafe.
+```
+</bad_example>
+</what_why_how_pattern>
+
+<priority_labels>
+Use consistent labels so authors know severity:
+
+| Label | Meaning | Merge? |
+|-------|---------|--------|
+| `[BLOCKING]` | Must fix - security, bugs, missing requirements | No |
+| `[CRITICAL]` | Strongly recommended - architecture, major issues | Discuss |
+| `[SUGGESTION]` | Would improve code - not required | Yes |
+| `[NIT]` | Minor preference - skip if busy | Yes |
+| `[QUESTION]` | Need clarification - not blocking | Yes |
+</priority_labels>
+
+<feedback_value>
+<high_value>
+High-value feedback (36-43% implementation rate):
+
+- Security vulnerabilities with exploit scenario
+- Logic errors with failing test case
+- Missing error handling with consequences
+- Performance issues with measurements
+</high_value>
+
+<wasteful>
+Wasteful feedback (damages team dynamics):
+
+- Style preferences covered by linters
+- Renaming suggestions without clear benefit
+- "I would do it differently" without why
+- Comments on code outside the diff
+</wasteful>
+</feedback_value>
+
+<communication_patterns>
+<collaborative_framing>
+Use collaborative, question-based framing:
+
+```
+✓ "Have you considered using a Map here for O(1) lookup?"
+✓ "This could throw if user is null - should we add a check?"
+✓ "I'm not sure I understand this logic - could you explain?"
+
+✗ "You need to fix this."
+✗ "This is wrong."
+✗ "Obviously this should be..."
+```
+</collaborative_framing>
+
+<avoid_belittling>
+Remove belittling words: "just", "simply", "obviously", "easy", "only"
+
+```
+✗ "Just add a null check"
+✗ "This is obviously wrong"
+✓ "Add a null check for user.profile"
+```
+</avoid_belittling>
+</communication_patterns>
+
+<merge_decisions>
+<block_merge>
+Block merge for:
+
+- Security vulnerabilities (any severity)
+- Logic bugs that affect functionality
+- Missing required tests
+- Breaking API changes without migration
+</block_merge>
+
+<approve_with_comments>
+Approve with comments for:
+
+- Suggestions for future improvement
+- Minor refactoring opportunities
+- Documentation improvements
+- Style preferences (should be in linter)
+</approve_with_comments>
+
+<approve_clean>
+Approve cleanly when:
+
+- Code meets requirements
+- Tests pass
+- No security issues
+- Follows project conventions
+</approve_clean>
+</merge_decisions>
+
+<avoiding_nitpick_culture>
+**Research finding**: Nitpicking damages team relationships more than it improves code quality. Developers become defensive and less receptive to legitimate feedback.
+
+<solution>
+1. Automate style enforcement (linters, formatters)
+2. Block CI on lint failures, not PR comments
+3. Reserve human review for logic and design
+4. Mark true nitpicks with `[NIT]` prefix
+5. Limit to 3-5 critical items per review
+</solution>
+</avoiding_nitpick_culture>
+
+<review_efficiency>
+<google_data>
+Google's review data shows:
+
+- 90% of reviews: <10 files changed
+- Average turnaround: 4 hours
+- 75% need only one reviewer
+</google_data>
+
+<best_practices>
+Efficiency best practices:
+
+- Small PRs get better feedback
+- Review within 4 hours if possible
+- Focus on changed code only
+- One pass, thorough, then done
+</best_practices>
+</review_efficiency>
+
+<sources>
+- [Google Code Review Guide](https://google.github.io/eng-practices/review/)
+- [Microsoft Reviewer Guidance](https://microsoft.github.io/code-with-engineering-playbook/code-reviews/)
+- [Conventional Comments](https://conventionalcomments.org/)
+</sources>

package/templates/skills/review-code/references/security-checklist.md

@@ -0,0 +1,127 @@
+<overview>
+Security code review checklist based on OWASP Code Review Guide and Top 10 2025. Comprehensive vulnerability patterns and search techniques.
+</overview>
+
+<critical_vulnerabilities>
+<a01_broken_access_control priority="most_critical">
+Authorization checks on **every request** (not just UI):
+
+- [ ] Server-side enforcement (never trust client)
+- [ ] IDOR protection: Users can't access others' data by changing IDs
+- [ ] No privilege escalation paths
+- [ ] Default deny policy (explicit allow required)
+</a01_broken_access_control>
+
+<a02_security_misconfiguration>
+Configuration hardening:
+
+- [ ] No default credentials
+- [ ] Debug mode disabled in production
+- [ ] Secure headers present (CSP, X-Frame-Options, HSTS)
+- [ ] Error messages don't expose internals
+</a02_security_misconfiguration>
+
+<a04_cryptographic_failures>
+Encryption requirements:
+
+- [ ] TLS 1.2+ for data in transit
+- [ ] AES-256 for data at rest
+- [ ] Password hashing: bcrypt/Argon2/scrypt (NOT MD5/SHA1)
+- [ ] No hardcoded encryption keys
+</a04_cryptographic_failures>
+
+<a05_injection>
+Injection prevention:
+
+- [ ] SQL: Parameterized queries only (no string concatenation)
+- [ ] Command: No `eval()`, `exec()`, `system()` with user input
+- [ ] XSS: Output encoding context-appropriate
+- [ ] Template: No user input in template names
+</a05_injection>
+</critical_vulnerabilities>
+
+<input_validation>
+Server-side validation checklist:
+
+✓ Server-side validation on ALL inputs
+✓ Allowlist approach (whitelist known-good)
+✓ Validate: type, length, format, range
+✓ File uploads: extension + MIME + content inspection
+✓ Regex reviewed for ReDoS vulnerabilities
+</input_validation>
+
+<authentication>
+| Check | Requirement |
+|-------|-------------|
+| Password Storage | bcrypt/Argon2 with salt |
+| Session Tokens | ≥128 bits entropy, HttpOnly+Secure+SameSite |
+| Error Messages | Generic ("Invalid credentials"), no enumeration |
+| MFA | Required for sensitive accounts |
+| Lockout | Exponential delay after failed attempts |
+</authentication>
+
+<authorization>
+Access control requirements:
+
+✓ Default deny (explicit allow required)
+✓ Checks on EVERY request
+✓ Server-side only (never trust client roles)
+✓ Centralized access control logic
+✓ No horizontal escalation (user → other user's data)
+✓ No vertical escalation (user → admin functions)
+</authorization>
+
+<search_patterns>
+Grep patterns for vulnerability detection:
+
+<hardcoded_secrets>
+```bash
+grep -rE "(password|api[_-]?key|secret|token)\s*=\s*['\"]" --include="*.{js,ts,py,java}"
+```
+</hardcoded_secrets>
+
+<dangerous_functions>
+```bash
+grep -rE "(eval|exec|system|shell_exec)\s*\(" --include="*.{js,ts,py,php}"
+```
+</dangerous_functions>
+
+<sql_injection_risk>
+```bash
+grep -rE "query\s*\(\s*['\"].*\+|execute\s*\(\s*f['\"]" --include="*.{js,ts,py}"
+```
+</sql_injection_risk>
+</search_patterns>
+
+<csrf_protection>
+CSRF prevention requirements:
+
+✓ Tokens in state-changing requests (POST, PUT, DELETE)
+✓ Token validated server-side
+✓ SameSite=Lax minimum on cookies
+✓ GET requests have no side effects
+</csrf_protection>
+
+<logging_security>
+<must_log>
+Events that must be logged:
+
+- Authentication events (login, logout, failed attempts)
+- Authorization failures
+- Sensitive data access
+</must_log>
+
+<never_log>
+Sensitive data to never log:
+
+- Passwords, API keys, session tokens
+- Full credit card numbers
+- PII without masking
+</never_log>
+</logging_security>
+
+<sources>
+- [OWASP Code Review Guide](https://owasp.org/www-project-code-review-guide/)
+- [OWASP Top 10:2025](https://owasp.org/Top10/)
+- [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/)
+</sources>

package/templates/skills/ui-components/SKILL.md

@@ -1,60 +1,60 @@
 ---
 name: ui-components
 description: |
-  Génère des composants UI SmartStack standardisés.
-  Utiliser ce skill quand:
-  - Création de page React (.tsx) dans src/pages/
-  - Création de composant React dans src/components/
-  - L'utilisateur demande de créer des cards, grilles, tableaux, ou Kanban
-  - Claude détecte la création d'une liste d'entités avec affichage
-  - L'utilisateur mentionne "card", "grille", "tableau", "liste", "kanban"
-  - L'utilisateur demande des tooltips ou infobulles
-  - Création d'une page avec affichage d'entités
-  - Gestion des états désactivés avec messages explicatifs
+  Generates standardized SmartStack UI components.
+  Use this skill when:
+  - Creating React page (.tsx) in src/pages/
+  - Creating React component in src/components/
+  - User asks to create cards, grids, tables, or Kanban
+  - Claude detects creation of an entity list with display
+  - User mentions "card", "grid", "table", "list", "kanban"
+  - User asks for tooltips or infobubbles
+  - Creating a page with entity display
+  - Managing disabled states with explanatory messages
   Scope: Pages, Components, Cards, Tables, Grids, Kanban boards, Tooltips
 ---
 
 # Skill UI Components SmartStack
 
-**Référence:** [_shared.md](../_shared.md) pour architecture, i18n
+**Reference:** [_shared.md](../_shared.md) for architecture, i18n
 
-## QUAND CE SKILL S'ACTIVE
+## WHEN THIS SKILL ACTIVATES
 
-| Déclencheur | Exemple |
-|-------------|---------|
-| Création page/composant React | Fichier dans `src/pages/**/*.tsx` ou `src/components/**/*.tsx` |
-| Création de liste | "Affiche les produits en cards" |
-| Mots-clés | "card", "grille", "tableau", "kanban", "tooltip" |
-| États désactivés | "Désactive le bouton avec un message explicatif" |
+| Trigger | Example |
+|---------|---------|
+| React page/component creation | File in `src/pages/**/*.tsx` or `src/components/**/*.tsx` |
+| List creation | "Display products in cards" |
+| Keywords | "card", "grid", "table", "kanban", "tooltip" |
+| Disabled states | "Disable button with explanatory message" |
 
-## COMPOSANT OBLIGATOIRE: EntityCard
+## MANDATORY COMPONENT: EntityCard
 
-**TOUJOURS utiliser `EntityCard` pour les cards d'entités. JAMAIS de cards custom avec divs.**
+**ALWAYS use `EntityCard` for entity cards. NEVER use custom cards with divs.**
 
 ```typescript
 import { EntityCard, ProviderCard, TemplateCard } from '@/components/ui/EntityCard';
 ```
 
-### Usage EntityCard
+### EntityCard Usage
 ```tsx
 <EntityCard
   avatar={{ letter: 'O', color: '#10a37f' }}
   title="OpenAI" subtitle="openai"
   description="OpenAI GPT models"
-  stats="15 modèle(s)"
-  badge={{ icon: Shield, tooltip: 'API Admin supportée' }}
-  links={[{ icon: ExternalLink, label: 'Site', href: 'https://...' }]}
+  stats="15 model(s)"
+  badge={{ icon: Shield, tooltip: 'Admin API supported' }}
+  links={[{ icon: ExternalLink, label: 'Website', href: 'https://...' }]}
   actions={[{ label: 'Config', onClick: () => {}, variant: 'primary' }]}
 />
 ```
 
-### Usage ProviderCard (AI Providers)
+### ProviderCard Usage (AI Providers)
 ```tsx
 <ProviderCard name="OpenAI" code="openai" description="..." modelCount={15} color="#10a37f"
   websiteUrl="..." docsUrl="..." apiKeyUrl="..." hasAdminKey />
 ```
 
-### Usage TemplateCard (Templates)
+### TemplateCard Usage (Templates)
 ```tsx
 <TemplateCard name="Welcome" code="welcome" category="Transactional" isActive isSystem
   icon={Mail} translationsCount={3} onClick={() => {}} onEdit={() => {}} onDelete={() => {}} />
@@ -77,7 +77,7 @@ import { EntityCard, ProviderCard, TemplateCard } from '@/components/ui/EntityCa
 | `secondary` | `bg-accent-700 text-white` |
 | `ghost` | `border bg-transparent` |
 
-## GRILLE RESPONSIVE
+## RESPONSIVE GRID
 
 ```tsx
 // Standard
@@ -85,9 +85,9 @@ import { EntityCard, ProviderCard, TemplateCard } from '@/components/ui/EntityCa
   {items.map(item => <EntityCard key={item.id} {...mapToCardProps(item)} />)}
 </div>
 
-// Avec état vide
+// With empty state
 {items.length === 0 ? (
-  <div className="text-center py-12"><p>Aucun élément</p></div>
+  <div className="text-center py-12"><p>No items</p></div>
 ) : (
   <div className="grid ...">...</div>
 )}
@@ -95,25 +95,25 @@ import { EntityCard, ProviderCard, TemplateCard } from '@/components/ui/EntityCa
 
 ## CUSTOM CARDS (Status, Dashboard)
 
-Pattern alignement boutons en bas (obligatoire pour custom cards):
+Button alignment pattern at bottom (mandatory for custom cards):
 
 ```tsx
-// ⚠️ OBLIGATOIRE: h-full flex flex-col + flex-1 + mt-auto
+// WARNING: h-full flex flex-col + flex-1 + mt-auto
 <div className="h-full flex flex-col rounded-[var(--radius-card)] border ...">
   {/* Header */}
   <div className="px-4 py-3 bg-gradient-to-r from-[var(--color-accent-500)]/10 ...">
     {/* ... */}
   </div>
-  {/* Content avec flex-1 */}
+  {/* Content with flex-1 */}
   <div className="flex-1 flex flex-col p-4">
-    {/* Contenu variable */}
-    {/* ⚠️ OBLIGATOIRE: mt-auto pour bouton en bas */}
+    {/* Variable content */}
+    {/* WARNING: mt-auto for button at bottom */}
     <button className="mt-auto w-full ...">Action</button>
   </div>
 </div>
 ```
 
-## COMPOSANT: DataTable
+## COMPONENT: DataTable
 
 ```tsx
 import { DataTable } from '@/components/ui/DataTable';
@@ -121,8 +121,8 @@ import { DataTable } from '@/components/ui/DataTable';
 <DataTable
   data={users}
   columns={[
-    { key: 'name', label: 'Nom', sortable: true },
-    { key: 'role', label: 'Rôle', render: (user) => <Badge>{user.role}</Badge> }
+    { key: 'name', label: 'Name', sortable: true },
+    { key: 'role', label: 'Role', render: (user) => <Badge>{user.role}</Badge> }
   ]}
   pagination={{ pageSize: 10 }}
   searchable
@@ -130,20 +130,20 @@ import { DataTable } from '@/components/ui/DataTable';
 />
 ```
 
-## COMPOSANT: Tooltip
+## COMPONENT: Tooltip
 
 ```tsx
 import { Tooltip } from '@/components/ui/Tooltip';
 
-// Variantes: default, error, warning, success, info
+// Variants: default, error, warning, success, info
 // Positions: top, bottom, left, right
 
-<Tooltip content="Permission requise" variant="error">
-  <button disabled>Action protégée</button>
+<Tooltip content="Permission required" variant="error">
+  <button disabled>Protected action</button>
 </Tooltip>
 ```
 
-### Pattern Bouton Désactivé avec Explication
+### Disabled Button with Explanation Pattern
 ```tsx
 const canExecute = hasPermission('module.action.execute');
 <Tooltip content={!canExecute ? t('errors.noPermission') : undefined} variant="error" disabled={canExecute}>
@@ -151,20 +151,20 @@ const canExecute = hasPermission('module.action.execute');
 </Tooltip>
 ```
 
-## QUAND UTILISER EntityCard vs Custom
+## WHEN TO USE EntityCard vs Custom
 
-| EntityCard pour | Custom pour |
-|-----------------|-------------|
-| Listes entités homogènes | Dashboard stats cards |
-| Catalogues | Cards avec états interactifs complexes |
-| Grilles cliquables | Cards avec formulaires intégrés |
+| EntityCard for | Custom for |
+|----------------|------------|
+| Homogeneous entity lists | Dashboard stats cards |
+| Catalogs | Cards with complex interactive states |
+| Clickable grids | Cards with integrated forms |
 
-## REGLES ABSOLUES
+## ABSOLUTE RULES
 
 | DO | DON'T |
 |----|-------|
-| EntityCard pour entités | Cards custom avec divs manuels |
-| Header coloré distinct | rounded-full pour avatar (c'est table) |
-| Grille responsive 1→2→3→4 | Grille fixe non-responsive |
-| h-full + flex-1 + mt-auto | Boutons non alignés en grille |
-| États vide et loading | Tooltip natif HTML |
+| EntityCard for entities | Custom cards with manual divs |
+| Distinct colored header | rounded-full for avatar (that's table) |
+| Responsive grid 1→2→3→4 | Fixed non-responsive grid |
+| h-full + flex-1 + mt-auto | Unaligned buttons in grid |
+| Empty and loading states | Native HTML tooltip |

package/templates/skills/workflow/SKILL.md

@@ -1,12 +1,12 @@
 ---
 name: workflow
 description: |
-  Cree et configure des workflows automatises SmartStack.
-  Utiliser ce skill quand:
-  - L'utilisateur veut automatiser des actions (emails, webhooks)
-  - L'utilisateur mentionne "workflow", "automatisation", "trigger"
-  - Creation d'un processus metier avec etapes
-  - Integration d'emails transactionnels
+  Creates and configures automated SmartStack workflows.
+  Use this skill when:
+  - User wants to automate actions (emails, webhooks)
+  - User mentions "workflow", "automation", "trigger"
+  - Creating a business process with steps
+  - Integrating transactional emails
   Types: SendEmail, Wait, Condition, Webhook
 ---
 
@@ -14,16 +14,16 @@ description: |
 
 > **Architecture:** Trigger → Steps → Actions (Email/Wait/Condition/Webhook)
 
-**Référence:** [_shared.md](../_shared.md) pour services communs
+**Reference:** [_shared.md](../_shared.md) for common services
 
-## QUAND CE SKILL S'ACTIVE
+## WHEN THIS SKILL ACTIVATES
 
-| Declencheur | Exemple |
-|-------------|---------|
-| Demande explicite | "Cree un workflow pour l'inscription" |
-| Email automatique | "Envoie un email quand un ticket est cree" |
-| Enchainement | "Apres 24h sans reponse, envoyer un rappel" |
-| Mots-cles | "workflow", "trigger", "automatisation", "email template" |
+| Trigger | Example |
+|---------|---------|
+| Explicit request | "Create a workflow for registration" |
+| Automatic email | "Send an email when a ticket is created" |
+| Chaining | "After 24h without response, send a reminder" |
+| Keywords | "workflow", "trigger", "automation", "email template" |
 
 ## FLOW
 
@@ -35,7 +35,7 @@ IWorkflowService.TriggerAsync(code, variables)
 Workflow Steps: SendEmail → Wait → Condition → Webhook
 ```
 
-## TRIGGERS DISPONIBLES
+## AVAILABLE TRIGGERS
 
 ### User Events
 | Trigger | Variables |
@@ -52,17 +52,17 @@ Workflow Steps: SendEmail → Wait → Condition → Webhook
 | `ticket.resolved/assigned` | ticketId, ticketNumber, assigneeName |
 | `ticket.sla-warning/breached` | ticketId, deadline, remainingMinutes |
 
-### Ajouter un Trigger
+### Add a Trigger
 ```csharp
 // WorkflowTriggerConfiguration.cs - GetSeedData()
 new { Id = Guid.Parse("..."), Code = "entity.event", Name = "Entity Event",
     AvailableVariablesJson = JsonSerializer.Serialize(new[]{ ... }), ... }
 
-// Declenchement
-await _workflowService.TriggerAsync("entity.event", new Dictionary<string, object>{...}, language: "fr");
+// Trigger
+await _workflowService.TriggerAsync("entity.event", new Dictionary<string, object>{...}, language: "en");
 ```
 
-## TYPES DE STEPS
+## STEP TYPES
 
 ### 1. SendEmail
 ```csharp
@@ -81,7 +81,7 @@ WorkflowStep.CreateConditionStep("Check premium", JsonSerializer.Serialize(new {
     condition = "{{userType}} == 'Premium'",
     trueStepOrder = 3, falseStepOrder = 4
 }), order: 2);
-// Operateurs: ==, !=, >, <, contains, &&, ||
+// Operators: ==, !=, >, <, contains, &&, ||
 ```
 
 ### 4. Webhook
@@ -97,10 +97,10 @@ WorkflowStep.CreateWebhookStep("Notify CRM", JsonSerializer.Serialize(new {
 ## WORKFLOW CREATION
 
 ```csharp
-// 1. Creer workflow
+// 1. Create workflow
 var workflow = Workflow.Create("welcome-sequence", "Welcome Sequence", description, triggerId, null, false, 10);
 
-// 2. Ajouter steps
+// 2. Add steps
 workflow.AddStep(WorkflowStep.CreateEmailStep("Welcome", templateId, 1));
 workflow.AddStep(WorkflowStep.CreateWaitStep("Wait 24h", 1440, 2));
 workflow.AddStep(WorkflowStep.CreateEmailStep("Follow-up", followUpTemplateId, 3));
@@ -109,16 +109,16 @@ workflow.AddStep(WorkflowStep.CreateEmailStep("Follow-up", followUpTemplateId, 3
 builder.HasData(new { Id = ..., Code = "welcome-sequence", TriggerId = ..., IsActive = true, ... });
 ```
 
-## DECLENCHEMENT
+## TRIGGERING
 
 ```csharp
-// Dans Service ou Controller
+// In Service or Controller
 await _workflowService.TriggerAsync("user.registered", new Dictionary<string, object>
 {
     ["userId"] = user.Id,
     ["email"] = user.Email,
     ["confirmUrl"] = GenerateConfirmUrl(user.Id)
-}, language: "fr", ct);
+}, language: "en", ct);
 ```
 
 ## EMAIL TEMPLATES
@@ -129,10 +129,10 @@ EmailTemplate: Code, Name, Category, IsActive, Translations[]
 EmailTemplateTranslation: LanguageCode, Subject, HtmlBody, TextBody
 ```
 
-### Syntaxe (Handlebars)
+### Syntax (Handlebars)
 ```html
-<h1>Bienvenue {{userName}}!</h1>
-{{#if isPremium}}<p>Merci Premium!</p>{{else}}<p>Offres Premium...</p>{{/if}}
+<h1>Welcome {{userName}}!</h1>
+{{#if isPremium}}<p>Thank you Premium member!</p>{{else}}<p>Premium offers...</p>{{/if}}
 {{#each items}}<li>{{this.name}}</li>{{/each}}
 ```
 
@@ -148,31 +148,31 @@ workflowsApi.execute(workflowId, variables)
 ## CHECKLIST
 
 ```
-□ Trigger identifie (existant ou nouveau dans WorkflowTriggerConfiguration.cs)
-□ Workflow cree: Code unique, Trigger lie, Priority (10=standard, 20+=prioritaire)
+□ Trigger identified (existing or new in WorkflowTriggerConfiguration.cs)
+□ Workflow created: Unique code, Linked trigger, Priority (10=standard, 20+=priority)
 □ Steps: SendEmail+templateId, Wait+delayMinutes, Condition+expression, Webhook+url
-□ Email templates crees (si SendEmail)
-□ Declenchement ajoute dans code source
+□ Email templates created (if SendEmail)
+□ Trigger added to source code
 □ Tests: trigger, emails, variables
 ```
 
-## REGLES ABSOLUES
+## ABSOLUTE RULES
 
 | DO | DON'T |
 |----|-------|
-| IWorkflowService.TriggerAsync | Execution directe |
-| Toutes variables du trigger | URLs hardcodees dans templates |
-| Specifier langue pour emails | Secrets dans variables |
-| Codes kebab-case uniques | Boucles infinies (A→B→A) |
-| Logger executions | Oublier email templates |
-
-## FICHIERS CLES
-
-| Fichier | Role |
-|---------|------|
-| `Domain/Communications/Workflow.cs` | Entite workflow |
-| `Domain/Communications/WorkflowStep.cs` | Entite step |
-| `Domain/Communications/WorkflowTrigger.cs` | Entite trigger |
+| IWorkflowService.TriggerAsync | Direct execution |
+| All trigger variables | Hardcoded URLs in templates |
+| Specify language for emails | Secrets in variables |
+| Unique kebab-case codes | Infinite loops (A→B→A) |
+| Log executions | Forget email templates |
+
+## KEY FILES
+
+| File | Role |
+|------|------|
+| `Domain/Communications/Workflow.cs` | Workflow entity |
+| `Domain/Communications/WorkflowStep.cs` | Step entity |
+| `Domain/Communications/WorkflowTrigger.cs` | Trigger entity |
 | `Application/Common/Interfaces/IWorkflowService.cs` | Interface |
 | `Infrastructure/Services/Workflow/WorkflowExecutionService.cs` | Implementation |
 | `Infrastructure/.../WorkflowConfiguration.cs` | EF Config + Seed |