@atlashub/smartstack-cli 1.14.2 → 1.16.0

package/templates/skills/application/steps/step-02-permissions.md

@@ -0,0 +1,159 @@
+---
+name: step-02-permissions
+description: Generate RBAC permissions using MCP generate_permissions
+prev_step: steps/step-01-navigation.md
+next_step: steps/step-03-roles.md
+---
+
+# Step 2: Permissions Generation
+
+## MANDATORY EXECUTION RULES
+
+- ALWAYS use MCP `generate_permissions` tool - NEVER use templates
+- ALWAYS generate BOTH Permissions.cs constants AND PermissionConfiguration.cs HasData
+- NEVER skip this step - permissions are MANDATORY for security
+- YOU ARE AN ORCHESTRATOR calling MCP, not a generator
+
+## YOUR TASK
+
+Call the SmartStack MCP `generate_permissions` tool to generate:
+1. Permissions.cs nested class with constants
+2. PermissionConfiguration.cs HasData() entries
+
+---
+
+## AVAILABLE STATE
+
+From previous steps:
+
+| Variable | Description |
+|----------|-------------|
+| `{level}` | context, application, module, or section |
+| `{full_path}` | Complete navigation path (navRoute) |
+| `{navigation_guid}` | GUID of the navigation entity |
+| `{labels}` | Object with fr, en, it, de |
+
+---
+
+## EXECUTION SEQUENCE
+
+### 1. Determine NavRoute
+
+For permissions, the navRoute is the `{full_path}`:
+
+```
+navRoute = "{full_path}"
+Example: "erp.sales.products"
+```
+
+### 2. Call MCP generate_permissions
+
+```
+Tool: mcp__smartstack__generate_permissions
+Args:
+  navRoute: "{full_path}"
+  includeStandardActions: true
+  includeWildcard: true
+```
+
+### 3. Parse MCP Response
+
+The tool returns:
+- Permissions.cs nested class structure
+- PermissionConfiguration.cs HasData() entries
+- Deterministic GUIDs for each permission
+
+### 4. Present Permissions.cs Output
+
+```markdown
+## Permissions.cs Constants
+
+Add to `Application/Common/Authorization/Permissions.cs`:
+
+[Show Permissions.cs nested class from MCP response]
+
+**Usage in Controller:**
+```csharp
+[RequirePermission(Permissions.{Context}.{Application}.{Module}.Read)]
+public async Task<ActionResult> GetAll() { ... }
+```
+```
+
+### 5. Present PermissionConfiguration.cs Output
+
+```markdown
+## PermissionConfiguration.cs HasData
+
+Add to `Infrastructure/Persistence/Configurations/PermissionConfiguration.cs`:
+
+[Show HasData entries from MCP response]
+```
+
+### 6. Store Permission GUIDs
+
+Store the permission GUIDs for use in step-03-roles:
+
+```
+{permission_guids} = {
+  wildcard: "guid-for-wildcard",
+  read: "guid-for-read",
+  create: "guid-for-create",
+  update: "guid-for-update",
+  delete: "guid-for-delete"
+}
+```
+
+---
+
+## TWO-FILE REQUIREMENT
+
+**CRITICAL:** SmartStack requires permissions in TWO files:
+
+| File | Layer | Content |
+|------|-------|---------|
+| `Permissions.cs` | Application | Compile-time constants |
+| `PermissionConfiguration.cs` | Infrastructure | EF Core HasData seeds |
+
+Both MUST be kept in sync. Missing one = runtime 403 errors.
+
+---
+
+## MCP RESPONSE HANDLING
+
+### Success Case
+
+If MCP returns successfully:
+- Display Permissions.cs code
+- Display PermissionConfiguration.cs HasData code
+- Store `{permission_guids}` for next step
+- Proceed to step-03-roles.md
+
+### Error Case
+
+If MCP call fails:
+- Display error message
+- Suggest checking navRoute format
+- Do NOT proceed automatically
+
+---
+
+## SUCCESS METRICS
+
+- MCP generate_permissions called successfully
+- Permissions.cs code displayed
+- PermissionConfiguration.cs HasData displayed
+- Deterministic GUIDs (not placeholders)
+- Permission GUIDs stored for role assignment
+- Proceeded to step-03-roles.md
+
+## FAILURE MODES
+
+- MCP call failed (display error, stop)
+- Invalid navRoute format (must be context.application.module)
+- Missing navigation entity (return to step-01)
+
+---
+
+## NEXT STEP
+
+After displaying permission code, proceed to `./step-03-roles.md`

package/templates/skills/application/steps/step-03-roles.md

@@ -0,0 +1,158 @@
+---
+name: step-03-roles
+description: Generate role-permission mappings using MCP scaffold_role_permissions
+prev_step: steps/step-02-permissions.md
+next_step: steps/step-04-backend.md
+---
+
+# Step 3: Role-Permission Mapping
+
+## MANDATORY EXECUTION RULES
+
+- ALWAYS use MCP `scaffold_role_permissions` tool - NEVER use templates
+- ALWAYS assign permissions to default roles
+- NEVER leave permissions without role assignments
+- YOU ARE AN ORCHESTRATOR calling MCP, not a generator
+
+## YOUR TASK
+
+Call the SmartStack MCP `scaffold_role_permissions` tool to generate:
+1. RolePermissionConfiguration.cs HasData() entries
+2. Default role assignments (PlatformAdmin, TenantAdmin, StandardUser)
+
+---
+
+## AVAILABLE STATE
+
+From previous steps:
+
+| Variable | Description |
+|----------|-------------|
+| `{full_path}` | Complete navigation path (navRoute) |
+| `{level}` | context, application, module, or section |
+| `{permission_guids}` | GUIDs for generated permissions |
+
+---
+
+## EXECUTION SEQUENCE
+
+### 1. Determine Default Role Assignments
+
+Based on navigation context, apply default role mappings:
+
+| Context | PlatformAdmin | TenantAdmin | StandardUser |
+|---------|---------------|-------------|--------------|
+| `platform.*` | Full CRUD | Read only | None |
+| `business.*` | Full CRUD | Full CRUD | Read only |
+| `personal.*` | None | Full CRUD | Full CRUD |
+
+### 2. Call MCP scaffold_role_permissions
+
+```
+Tool: mcp__smartstack__scaffold_role_permissions
+Args:
+  navRoute: "{full_path}"
+  roles:
+    platformAdmin: ["read", "create", "update", "delete"]  # Adjust based on context
+    tenantAdmin: ["read", "create", "update"]              # Adjust based on context
+    standardUser: ["read"]                                  # Adjust based on context
+  includeWildcard: true
+```
+
+### 3. Parse MCP Response
+
+The tool returns:
+- RolePermissionConfiguration.cs HasData() entries
+- Permission ID variable references
+- Role ID variable references
+
+### 4. Present Output to User
+
+```markdown
+## Role-Permission Mappings
+
+### Assigned Permissions
+
+| Role | Permissions |
+|------|-------------|
+| SuperAdmin | `{full_path}.*` (via wildcard) |
+| PlatformAdmin | `{full_path}.read`, `.create`, `.update`, `.delete` |
+| TenantAdmin | `{full_path}.read`, `.create`, `.update` |
+| StandardUser | `{full_path}.read` |
+
+### RolePermissionConfiguration.cs HasData
+
+Add to `Infrastructure/Persistence/Configurations/RolePermissionConfiguration.cs`:
+
+[Show HasData entries from MCP response]
+```
+
+### 5. Confirm with User (Optional)
+
+If the default role assignments don't match the user's needs:
+
+```yaml
+questions:
+  - header: "Role Access"
+    question: "Adjust role permissions for {full_path}?"
+    options:
+      - label: "Keep defaults (Recommended)"
+        description: "PlatformAdmin: CRUD, TenantAdmin: CRU, StandardUser: R"
+      - label: "All roles full access"
+        description: "All roles get full CRUD access"
+      - label: "Custom"
+        description: "I'll specify custom permissions"
+    multiSelect: false
+```
+
+---
+
+## DEFAULT ROLE GUIDS
+
+SmartStack uses well-known GUIDs for default roles:
+
+| Role | GUID |
+|------|------|
+| SuperAdmin | `11111111-1111-1111-1111-111111111111` |
+| PlatformAdmin | `22222222-2222-2222-2222-222222222222` |
+| TenantAdmin | `33333333-3333-3333-3333-333333333333` |
+| StandardUser | `44444444-4444-4444-4444-444444444444` |
+
+---
+
+## MCP RESPONSE HANDLING
+
+### Success Case
+
+If MCP returns successfully:
+- Display RolePermission HasData code
+- Show role-permission summary table
+- Proceed to step-04-backend.md
+
+### Error Case
+
+If MCP call fails:
+- Display error message
+- Suggest checking permission GUIDs
+- Provide manual template as fallback
+
+---
+
+## SUCCESS METRICS
+
+- MCP scaffold_role_permissions called successfully
+- Role-permission mappings displayed
+- All default roles have appropriate access
+- Proceeded to step-04-backend.md
+
+## FAILURE MODES
+
+- MCP call failed (display error, suggest fallback)
+- Permission GUIDs not available (return to step-02)
+- Invalid navRoute (return to step-00)
+
+---
+
+## NEXT STEP
+
+After displaying role-permission mappings, proceed to `./step-04-backend.md`

package/templates/skills/application/steps/step-04-backend.md

@@ -0,0 +1,202 @@
+---
+name: step-04-backend
+description: Generate backend code using MCP scaffold_extension
+prev_step: steps/step-03-roles.md
+next_step: steps/step-05-frontend.md
+---
+
+# Step 4: Backend Generation
+
+## MANDATORY EXECUTION RULES
+
+- ALWAYS use MCP `scaffold_extension` tool - NEVER use templates
+- ALWAYS generate Entity + Service + Controller as a unit
+- NEVER skip controller generation - API is required
+- YOU ARE AN ORCHESTRATOR calling MCP, not a generator
+
+## YOUR TASK
+
+Call the SmartStack MCP `scaffold_extension` tool with type "feature" to generate:
+1. Domain Entity with EF Configuration
+2. Application Service (Interface + Implementation)
+3. API Controller with NavRoute attribute
+4. DTOs (Response, Create, Update)
+
+---
+
+## AVAILABLE STATE
+
+From previous steps:
+
+| Variable | Description |
+|----------|-------------|
+| `{level}` | context, application, module, or section |
+| `{code}` | kebab-case identifier |
+| `{full_path}` | Complete navigation path (navRoute) |
+| `{labels}` | Object with fr, en, it, de |
+
+---
+
+## EXECUTION SEQUENCE
+
+### 1. Derive Entity Name
+
+Convert `{code}` to PascalCase for entity name:
+
+```
+code: "products"        → entityName: "Product"
+code: "order-items"     → entityName: "OrderItem"
+code: "user-profiles"   → entityName: "UserProfile"
+```
+
+### 2. Determine Table Prefix
+
+Based on navigation context:
+
+| Context | Prefix |
+|---------|--------|
+| platform.administration | `auth_` or `cfg_` |
+| platform.support | `support_` |
+| business.* | `ref_` or domain-specific |
+| personal.* | `usr_` |
+
+### 3. Call MCP scaffold_extension
+
+```
+Tool: mcp__smartstack__scaffold_extension
+Args:
+  type: "feature"
+  name: "{entityName}"  # PascalCase
+  options:
+    navRoute: "{full_path}"
+    tablePrefix: "{prefix}"
+    schema: "core"
+    withDtos: true
+    withValidation: true
+    withRepository: false  # Use service pattern
+    skipComponent: true    # Frontend in next step
+    dryRun: false
+```
+
+### 4. Parse MCP Response
+
+The tool generates:
+- `Domain/{EntityName}.cs` - Entity with BaseEntity
+- `Infrastructure/Persistence/Configurations/{EntityName}Configuration.cs` - EF Config
+- `Application/Services/I{EntityName}Service.cs` - Interface
+- `Application/Services/{EntityName}Service.cs` - Implementation
+- `Api/Controllers/{EntityName}Controller.cs` - REST Controller
+- `Application/DTOs/{EntityName}Dto.cs` - Response DTO
+- `Application/DTOs/Create{EntityName}Dto.cs` - Create request
+- `Application/DTOs/Update{EntityName}Dto.cs` - Update request
+
+### 5. Present Output to User
+
+```markdown
+## Backend Code Generated
+
+### Domain Layer
+- `Domain/{EntityName}.cs`
+
+### Infrastructure Layer
+- `Persistence/Configurations/{EntityName}Configuration.cs`
+
+### Application Layer
+- `Services/I{EntityName}Service.cs`
+- `Services/{EntityName}Service.cs`
+- `DTOs/{EntityName}Dto.cs`
+- `DTOs/Create{EntityName}Dto.cs`
+- `DTOs/Update{EntityName}Dto.cs`
+
+### API Layer
+- `Controllers/{EntityName}Controller.cs`
+  - NavRoute: `{full_path}`
+  - Endpoints:
+    - GET /api/{code} - List all
+    - GET /api/{code}/{id} - Get by ID
+    - POST /api/{code} - Create
+    - PUT /api/{code}/{id} - Update
+    - DELETE /api/{code}/{id} - Delete
+
+### Next Steps
+1. Add DbSet to ICoreDbContext: `public DbSet<{EntityName}> {EntityName}s => Set<{EntityName}>();`
+2. Register service in DI: `services.AddScoped<I{EntityName}Service, {EntityName}Service>();`
+3. Run: `dotnet ef migrations add core_vX.X.X_XXX_Add{EntityName}`
+```
+
+### 6. Store Entity Info
+
+Store entity information for frontend generation:
+
+```
+{entity_name} = "{EntityName}"
+{entity_code} = "{code}"
+{api_route} = "/api/{code}"
+```
+
+---
+
+## CONTROLLER NAVROUTE
+
+The generated controller uses NavRoute attribute:
+
+```csharp
+[NavRoute("{full_path}")]
+[ApiController]
+[Authorize]
+public class {EntityName}Controller : ControllerBase
+{
+    [HttpGet]
+    [RequirePermission(Permissions.{Context}.{Application}.{Module}.Read)]
+    public async Task<ActionResult<IEnumerable<{EntityName}Dto>>> GetAll() { ... }
+
+    // ... other CRUD methods
+}
+```
+
+This ensures:
+- API route is derived from navigation path
+- Permissions use the constants from Permissions.cs
+- Frontend can discover API path from NavRoute registry
+
+---
+
+## MCP RESPONSE HANDLING
+
+### Success Case
+
+If MCP returns successfully:
+- Display all generated files
+- Show DbSet and DI registration instructions
+- Store entity info for frontend
+- Proceed to step-05-frontend.md
+
+### Error Case
+
+If MCP call fails:
+- Display error message
+- Suggest checking entity name format
+- Do NOT proceed automatically
+
+---
+
+## SUCCESS METRICS
+
+- MCP scaffold_extension called successfully
+- Entity, Service, Controller generated
+- DTOs generated
+- NavRoute attribute included
+- Entity info stored for frontend
+- Proceeded to step-05-frontend.md
+
+## FAILURE MODES
+
+- MCP call failed (display error, stop)
+- Invalid entity name (must be PascalCase)
+- Invalid navRoute format
+
+---
+
+## NEXT STEP
+
+After displaying backend code, proceed to `./step-05-frontend.md`