@atlashub/smartstack-cli 2.0.0 → 2.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atlashub/smartstack-cli",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "SmartStack Claude Code automation toolkit - GitFlow, APEX, EF Core migrations, prompts and more",
   "author": {
     "name": "SmartStack",

package/templates/skills/business-analyse/_shared.md

@@ -70,14 +70,15 @@ Route pattern : `/business/{application}/{module}/{section}`
 
 ### Classes de Base des Entités
 
-| Classe | Champs auto-inclus | Quand utiliser |
-|--------|--------------------|----------------|
-| `Entity` | `Id` (Guid) | Entité simple sans audit |
-| `AuditableEntity` | + `CreatedBy`, `CreatedDate`, `ModifiedBy`, `ModifiedDate` | **Défaut pour toute entité métier** |
-| `SoftDeletableEntity` | + `IsDeleted`, `DeletedBy`, `DeletedDate` | Entité avec suppression logique |
-| `HierarchicalEntity` | + `ParentId`, `Level`, `Path` | Arborescences (catégories, menus) |
+| Classe | Interface | Champs auto-inclus | Quand utiliser |
+|--------|-----------|---------------------|----------------|
+| `BaseEntity` | - | `Id` (Guid), `TenantId`, `CreatedAt`, `UpdatedAt` | **Défaut pour toute entité métier** |
+| `BaseEntity` | `IAuditableEntity` | + `CreatedBy`, `UpdatedBy` | Entité avec audit complet |
+| `SystemEntity` | - | `Id` (Guid), `CreatedAt` (pas de TenantId) | Entités système (navigation, permissions) |
+| `BaseEntity` | `ISoftDeletable` | + `IsDeleted`, `DeletedBy`, `DeletedAt` | Entité avec suppression logique |
+| `HierarchicalEntity` | - | + `ParentId`, `Level`, `Path` | Arborescences (catégories, menus) |
 
-> **IMPORTANT :** Ne JAMAIS proposer `CreatedBy`, `ModifiedBy`, `IsDeleted` comme champs explicites — ils sont AUTOMATIQUES via la classe de base.
+> **IMPORTANT :** Ne JAMAIS proposer `CreatedBy`, `UpdatedBy`, `IsDeleted`, `TenantId` comme champs explicites — ils sont AUTOMATIQUES via la classe de base ou l'interface.
 
 ### Services d'Intégration Disponibles
 
@@ -91,13 +92,53 @@ Route pattern : `/business/{application}/{module}/{section}`
 
 ### Conventions Base de Données
 
-| Aspect | Convention |
-|--------|------------|
-| Schema | `core` (socle) vs `ext` (extensions/métier) |
-| Tables | PascalCase au pluriel (`Orders`, `OrderLines`) |
-| FK | `{Entity}Id` (ex: `ClientId`, `OrderId`) |
-| Index | `IX_{Table}_{Column}` |
-| Migration | 1 migration par feature, nommée via MCP |
+| Aspect | Convention | Exemple |
+|--------|------------|---------|
+| Schema | `core` (socle SmartStack) vs `extensions` (entités client/métier) | `core.auth_Roles`, `extensions.bik_FreeBickes` |
+| Tables | `{prefix}_{EntityPlural}` (préfixe domaine + PascalCase pluriel) | `auth_Users`, `nav_Applications`, `supp_Tickets` |
+| Préfixes domaine | `auth_` (auth), `nav_` (navigation), `cfg_` (config), `ref_` (références), `wkf_` (workflows), `ai_` (IA), `loc_` (i18n), `lic_` (licences), `tenant_` (tenants), `support_` (support) | Pour un nouveau module métier : choisir un préfixe court (3-5 chars) |
+| FK | `{Entity}Id` (ex: `ClientId`, `OrderId`) | |
+| Index | `IX_{Table}_{Column}` | `IX_bik_FreeBickes_TenantId_Code` |
+| Migration | 1 migration par feature, nommée via MCP (`suggest_migration`) | `extensions_v1.0.0_001_AddFreeBicke` |
+
+### Conventions de Dossiers (Clean Architecture)
+
+| Couche | Pattern de dossiers | Exemple (module FreeBicke dans business > operations) |
+|--------|--------------------|---------------------------------------------------------|
+| **Domain** | `{Project}.Domain/Business/{Application}/{Module}/` | `Domain/Business/Operations/FreeBicke/FreeBicke.cs` |
+| **Application/DTOs** | `{Project}.Application/Business/{Application}/{Module}/DTOs/` | `Application/Business/Operations/FreeBicke/DTOs/FreeBickeDto.cs` |
+| **Application/Interfaces** | `{Project}.Application/Common/Interfaces/` | `Application/Common/Interfaces/IFreeBickeService.cs` |
+| **Infrastructure/Config** | `{Project}.Infrastructure/Persistence/Configurations/{Module}/` | `Configurations/FreeBicke/FreeBickeConfiguration.cs` |
+| **Infrastructure/Services** | `{Project}.Infrastructure/Services/{Module}/` | `Services/FreeBicke/FreeBickeService.cs` |
+| **Infrastructure/SeedData** | `{Project}.Infrastructure/Persistence/Seeding/Data/{Module}/` | `Seeding/Data/FreeBicke/FreeBickeSeedData.cs` |
+| **API/Controllers** | `{Project}.Api/Controllers/Business/{Application}/` | `Controllers/Business/Operations/FreeBickeController.cs` |
+| **Frontend/Pages** | `web/src/pages/business/{application}/{module}/` | `pages/business/operations/freebicke/page.tsx` |
+| **Frontend/i18n** | `web/src/i18n/locales/{lang}/{module}.json` | `locales/fr/freebicke.json` |
+
+> **IMPORTANT :** Chaque module a son **propre sous-dossier** dans chaque couche. Ne JAMAIS mettre tous les fichiers à la racine d'une couche.
+
+### SeedData Core (Obligatoire pour chaque feature)
+
+> **Chaque nouvelle feature nécessite des SeedData dans 5 fichiers core** pour être fonctionnelle (navigation visible, permissions actives, rôles assignés).
+
+| # | Fichier | Contenu | Mécanisme |
+|---|---------|---------|-----------|
+| 1 | `NavigationModuleConfiguration.cs` | Entrée module dans `nav_Modules` (HasData) | EF Core Migration |
+| 2 | `NavigationTranslationConfiguration.cs` | Traductions du module (4 langues × chaque entité nav) | EF Core Migration |
+| 3 | `PermissionConfiguration.cs` | Permissions CRUD + wildcards dans `nav_Permissions` (HasData) | EF Core Migration |
+| 4 | `Permissions.cs` (Application layer) | Constantes compile-time pour `[RequirePermission]` | Code |
+| 5 | `RolePermissionConfiguration.cs` | Associations rôle-permission dans `auth_RolePermissions` (HasData) | EF Core Migration |
+
+**Rôles par défaut pour chaque application (4 niveaux) :**
+
+| Rôle | Permissions | Description |
+|------|-------------|-------------|
+| **{App} Admin** | `{context}.{app}.*` (wildcard) | Accès complet à l'application |
+| **{App} Manager** | `read`, `create`, `update`, `assign` | Gestion complète sans suppression |
+| **{App} Contributor** | `read`, `create`, `update` | Contribution active |
+| **{App} Viewer** | `read` uniquement | Consultation seule |
+
+> **CRITIQUE :** Si les SeedData ne sont pas créés, le module sera invisible dans la navigation et les permissions retourneront 403.
 
 ### Contraintes Non-Négociables
 

package/templates/skills/business-analyse/steps/step-03-specify.md

@@ -169,6 +169,69 @@ For each BR, create corresponding FR:
 
 ---
 
+### 6b. Specify Navigation Hierarchy & SeedData Requirements
+
+> **CRITICAL:** Every new feature requires navigation entries and seed data to be functional.
+> Without these, the module will be invisible and permissions will block all access (403).
+
+**Navigation hierarchy for this feature:**
+
+```markdown
+### Navigation Hierarchy
+
+| Level | Code | Label (EN) | Label (FR) | Route | Icon | New? |
+|-------|------|-----------|-----------|-------|------|------|
+| Context | business | Business | Métier | /business | Briefcase | Existing/New |
+| Application | {application_name} | {App Label EN} | {App Label FR} | /business/{app} | {Icon} | Existing/New |
+| Module | {module_name} | {Module Label EN} | {Module Label FR} | /business/{app}/{module} | {Icon} | **NEW** |
+| Section (opt.) | {section} | {Section Label EN} | {Section Label FR} | /business/{app}/{module}/{section} | {Icon} | **NEW** |
+```
+
+> **Rule:** Only create entries marked "New". Existing entries are reused from the database.
+> Provide labels in 4 languages: FR, EN, IT, DE.
+
+**Permission hierarchy for this module:**
+
+```markdown
+### Permission Hierarchy (HasData seeds)
+
+| Permission Path | Level | Action | Description |
+|----------------|-------|--------|-------------|
+| `business.{app}.{module}.*` | Module | Wildcard | Full module access |
+| `business.{app}.{module}.read` | Module | Read | View list and details |
+| `business.{app}.{module}.create` | Module | Create | Create new entries |
+| `business.{app}.{module}.update` | Module | Update | Modify existing |
+| `business.{app}.{module}.delete` | Module | Delete | Remove entries |
+| `business.{app}.{module}.export` | Module | Execute | Export data (if needed) |
+```
+
+**Role-Permission assignments (default matrix):**
+
+| Permission | {App} Admin | {App} Manager | {App} Contributor | {App} Viewer |
+|------------|-------------|---------------|-------------------|--------------|
+| `*.{module}.*` | X | - | - | - |
+| `*.{module}.read` | - | X | X | X |
+| `*.{module}.create` | - | X | X | - |
+| `*.{module}.update` | - | X | X | - |
+| `*.{module}.delete` | - | - | - | - |
+| `*.{module}.export` | - | X | - | - |
+
+> **Note:** Admin gets wildcard (includes all actions). SuperAdmin inherits via `*` wildcard.
+
+**SeedData files to create/modify:**
+
+> **5 mandatory files** for every new module (4 EF Core HasData + 1 Application code):
+
+| # | File | Layer | Action | Content |
+|---|------|-------|--------|---------|
+| 1 | `NavigationModuleConfiguration.cs` | Infrastructure (HasData) | Add entry | Module in `nav_Modules` |
+| 2 | `NavigationTranslationConfiguration.cs` | Infrastructure (HasData) | Add entries | 4 translations (fr, en, it, de) per nav entity |
+| 3 | `PermissionConfiguration.cs` | Infrastructure (HasData) | Add entries | All permissions listed above |
+| 4 | `Permissions.cs` | Application (code) | Add static class | Compile-time constants for `[RequirePermission]` |
+| 5 | `RolePermissionConfiguration.cs` | Infrastructure (HasData) | Add entries | Role→Permission for {App} Admin, {App} Manager, {App} Contributor, {App} Viewer |
+
+---
+
 ### 7. Create UI Wireframes
 
 **Main screen wireframe:**

package/templates/skills/business-analyse/steps/step-04-validate.md

@@ -50,6 +50,9 @@ Read `{output_dir}/digest-03.md` for compressed context from previous step.
 - [ ] UI wireframes provided
 - [ ] Gherkin scenarios cover happy path + errors
 - [ ] i18n keys defined for messages
+- [ ] Navigation hierarchy defined (Context/Application/Module/Section)
+- [ ] SeedData requirements identified (navigation, permissions, roles, rolePermissions)
+- [ ] Role-Permission assignment matrix specified (4 default roles)
 
 ---
 
@@ -88,6 +91,23 @@ INVALID: {app}.{module}.{action}
 - PascalCase for entity names
 - Matches module naming convention
 
+**Folder structure conventions:**
+- Domain entities in `Domain/Business/{Application}/{Module}/` (not flat `Entities/`)
+- Application DTOs in `Application/Business/{Application}/{Module}/DTOs/` (not `Features/`)
+- Infrastructure configs in `Configurations/{Module}/` (subfolder per module)
+- Infrastructure services in `Services/{Module}/` (subfolder per module)
+- Infrastructure seeds in `Seeding/Data/{Module}/` (subfolder per module)
+- Controllers in `Controllers/Business/{Application}/` (grouped by context)
+- Table naming: `{prefix}_{EntityPlural}` in correct schema (`core` or `extensions`)
+
+**SeedData completeness:**
+- [ ] Navigation hierarchy specified (new Context/Application/Module/Section entries)
+- [ ] Translations specified for all 4 languages (fr, en, it, de)
+- [ ] Permission paths follow format `business.{app}.{module}.{action}`
+- [ ] Wildcard permission included (`business.{app}.{module}.*`)
+- [ ] Role-Permission matrix covers 4 default roles (Admin, Manager, Contributor, Viewer)
+- [ ] SeedData files listed in FRD section 6b
+
 ---
 
 ### 5. Documentation Freshness Check
@@ -207,7 +227,9 @@ INVALID: {app}.{module}.{action}
   "conventions": {
     "permissions": "OK",
     "navRoute": "OK",
-    "naming": "OK"
+    "naming": "OK",
+    "folderStructure": "OK",
+    "seedData": "OK"
   },
   "risks": [
     {

package/templates/skills/business-analyse/steps/step-05-handoff.md

@@ -54,27 +54,33 @@ Read: templates/tpl-handoff.md    # ~100 lines
 
 **CRITICAL: Handoff must reference ACTUAL code patterns!**
 
+> **NOTE:** Use `{project_namespace}` (from 00-context.md) instead of hardcoded "SmartStack".
+> For client projects, namespace is typically `{ProjectName}` (e.g., `demo_multitenant`).
+
 If `{economy_mode}` = false, launch parallel agents:
 
 ```
 Agent 1: Backend patterns
-  "Explore src/SmartStack.Domain/Entities/ and
-   src/SmartStack.Application/Features/ to document:
-   - Entity naming pattern
-   - CQRS handler pattern
-   - Validation pattern
-   - Repository pattern"
+  "Explore src/{project_namespace}.Domain/Business/ and
+   src/{project_namespace}.Application/Business/ to document:
+   - Entity naming pattern and folder hierarchy (Domain/{Context}/{App}/{Module}/)
+   - Service interface pattern (Application/Common/Interfaces/)
+   - DTO pattern (Application/{Context}/{App}/{Module}/DTOs/)
+   - Validation pattern"
 
 Agent 2: Frontend patterns
-  "Explore web/smartstack-web/src/pages/business/ to document:
+  "Explore web/src/pages/business/ to document:
    - Page component structure
    - API service pattern
    - i18n usage pattern
    - Form handling pattern"
 
 Agent 3: Infrastructure patterns
-  "Explore src/SmartStack.Infrastructure/ to document:
-   - EF Core configuration pattern
+  "Explore src/{project_namespace}.Infrastructure/ to document:
+   - EF Core configuration pattern (Persistence/Configurations/{Module}/)
+   - Service implementation pattern (Services/{Module}/)
+   - SeedData pattern (Persistence/Seeding/Data/{Module}/)
+   - Navigation/Permission/RolePermission seed files
    - DbContext registration
    - Migration naming convention"
 ```
@@ -87,25 +93,46 @@ If `{economy_mode}` = true:
 
 ### 5. Map Specifications to Files
 
+> **IMPORTANT:** Replace `{project_namespace}` with the actual project namespace (from 00-context.md).
+> Use the folder hierarchy `{Context}/{Application}/{Module}/` — NEVER put files at the root of a layer.
+
 **Backend files to create:**
 
 | Layer | File | Template/Pattern |
 |-------|------|------------------|
-| Domain | `src/SmartStack.Domain/Entities/Business/{Entity}.cs` | Standard entity |
-| Application | `src/SmartStack.Application/Features/{Module}/Commands/` | CQRS pattern |
-| Application | `src/SmartStack.Application/Features/{Module}/Queries/` | CQRS pattern |
-| Application | `src/SmartStack.Application/Features/{Module}/DTOs/` | Request/Response DTOs |
-| Application | `src/SmartStack.Application/Features/{Module}/Validators/` | FluentValidation |
-| Infrastructure | `src/SmartStack.Infrastructure/Persistence/Configurations/` | EF Core config |
-| API | `src/SmartStack.Api/Controllers/Business/{Module}Controller.cs` | NavRoute controller |
+| Domain | `src/{project_namespace}.Domain/Business/{Application}/{Module}/{Entity}.cs` | BaseEntity + IAuditableEntity |
+| Application/DTOs | `src/{project_namespace}.Application/Business/{Application}/{Module}/DTOs/{Entity}Dto.cs` | Record DTOs (Response, Create, Update) |
+| Application/DTOs | `src/{project_namespace}.Application/Business/{Application}/{Module}/DTOs/{Entity}MappingExtensions.cs` | Entity ↔ DTO mapping |
+| Application/Interface | `src/{project_namespace}.Application/Common/Interfaces/I{Entity}Service.cs` | Service interface |
+| Application/Permissions | `src/{project_namespace}.Application/Business/{Application}/{Module}/Permissions.cs` | Static permission constants |
+| Infrastructure/Config | `src/{project_namespace}.Infrastructure/Persistence/Configurations/{Module}/{Entity}Configuration.cs` | EF Core config + HasData |
+| Infrastructure/Service | `src/{project_namespace}.Infrastructure/Services/{Module}/{Entity}Service.cs` | Service implementation |
+| API | `src/{project_namespace}.Api/Controllers/Business/{Application}/{Module}Controller.cs` | NavRoute + RequirePermission |
+
+**SeedData files to create/modify (CRITICAL — without these, module is invisible and returns 403):**
+
+| Layer | File | Content |
+|-------|------|---------|
+> **5 mandatory seed files** for every new module. 4 are EF Core Configurations (HasData → migrations), 1 is Application layer code.
+
+| # | Layer | File | Type | Content |
+|---|-------|------|------|---------|
+| 1 | Infrastructure | `Persistence/Configurations/Navigation/NavigationModuleConfiguration.cs` | HasData (migration) | Module entry in `nav_Modules` |
+| 2 | Infrastructure | `Persistence/Configurations/Navigation/NavigationTranslationConfiguration.cs` | HasData (migration) | 4 translations (fr, en, it, de) per new nav entity |
+| 3 | Infrastructure | `Persistence/Configurations/Navigation/PermissionConfiguration.cs` | HasData (migration) | Wildcard + CRUD permissions in `nav_Permissions` |
+| 4 | Application | `Application/Business/{Application}/{Module}/Permissions.cs` | Code (compile-time) | Static constants for `[RequirePermission]` |
+| 5 | Infrastructure | `Persistence/Configurations/Authorization/RolePermissionConfiguration.cs` | HasData (migration) | Role→Permission for {App} Admin, {App} Manager, {App} Contributor, {App} Viewer |
+
+**Optional :** `Persistence/Seeding/Data/{Module}/{Entity}SeedData.cs` — Demo data for development (runtime, not migration)
 
 **Frontend files to create:**
 
 | Layer | File | Pattern |
 |-------|------|---------|
-| Pages | `web/smartstack-web/src/pages/business/{app}/{module}/` | Page components |
-| Services | `web/smartstack-web/src/services/api/{module}Api.ts` | Axios service |
-| i18n | `web/smartstack-web/src/i18n/locales/{lang}/{module}.json` | 4 languages |
+| Pages | `web/src/pages/business/{app}/{module}/page.tsx` | Page component (list + actions) |
+| Components | `web/src/components/business/{module}/` | Entity-specific components |
+| Services | `web/src/services/api/{module}Api.ts` | Axios service (typed) |
+| i18n | `web/src/i18n/locales/{lang}/{module}.json` | 4 languages (fr, en, it, de) |
 
 ---
 
@@ -116,25 +143,49 @@ For each file, provide explicit instructions:
 ```markdown
 ### Backend: {Entity}.cs
 
-**Path:** `src/SmartStack.Domain/Entities/Business/{Entity}.cs`
+**Path:** `src/{project_namespace}.Domain/Business/{Application}/{Module}/{Entity}.cs`
 
-**Reference:** Copy pattern from `src/SmartStack.Domain/Entities/Business/[ExistingEntity].cs`
+**Reference:** Copy pattern from existing entity in same layer (use Explore agent to find)
 
-**Properties to add:**
+**Base class:** `BaseEntity` + `IAuditableEntity` (provides Id, TenantId, CreatedAt, UpdatedAt, CreatedBy, UpdatedBy)
+
+**Properties to add (business properties ONLY — base class fields are automatic):**
 | Property | Type | Attributes | From BR |
 |----------|------|------------|---------|
-| Id | Guid | [Key] | - |
 | {attr1} | string | [Required, MaxLength(100)] | BR-001 |
 | {attr2} | decimal | [Precision(18,2)] | BR-002 |
-| TenantId | Guid | [Required] | Multi-tenant |
-| CreatedAt | DateTime | Audit | - |
-| UpdatedAt | DateTime | Audit | - |
+| Code | string | [Required, MaxLength(50)] | Unique per tenant |
+
+> **DO NOT add:** Id, TenantId, CreatedAt, UpdatedAt, CreatedBy, UpdatedBy — these are automatic via BaseEntity/IAuditableEntity.
 
 **Business rules to implement:**
 - BR-001: {rule} -> Implement in Validator
 - BR-002: {rule} -> Implement in Entity method
 ```
 
+```markdown
+### SeedData: Navigation + Permissions + Roles
+
+**CRITICAL: These seeds make the module visible and accessible. Without them → 403 errors.**
+
+**Step 1 — Navigation seeds:**
+- Add module entry in `NavigationModuleConfiguration.cs` (HasData)
+- Add 4 translations per nav entity in `NavigationTranslationConfiguration.cs`
+- Use deterministic GUIDs (SHA256 of full_path or sequential pattern)
+
+**Step 2 — Permission seeds:**
+- Add CRUD permissions + wildcard in `PermissionConfiguration.cs` (HasData)
+- Add compile-time constants in `Permissions.cs` (Application layer)
+
+**Step 3 — Role-Permission seeds:**
+- Add associations in `RolePermissionConfiguration.cs` (HasData)
+- Default: Admin=wildcard, Manager=read+create+update, Contributor=read+create+update, Viewer=read
+
+**Step 4 — Migration:**
+- Run MCP `suggest_migration` for naming
+- Create migration with `dotnet ef migrations add`
+```
+
 ---
 
 ### 7. Map Business Rules to Code
@@ -272,12 +323,32 @@ Ce document est un prompt autonome pour Claude Code.
 
 ## 7. POST-IMPLEMENTATION CHECKLIST
 
-- [ ] Build backend OK (`dotnet build`)
-- [ ] Build frontend OK (`pnpm build`)
+**Build & Tests:**
+- [ ] Backend build OK (`dotnet build`)
+- [ ] Frontend build OK (`pnpm build`)
 - [ ] Tests pass (`dotnet test`)
-- [ ] EF Core migration created
-- [ ] Permissions in PermissionConfiguration.cs
+
+**Folder Conventions:**
+- [ ] Domain entities in `Domain/Business/{Application}/{Module}/` (not flat)
+- [ ] Application DTOs in `Application/Business/{Application}/{Module}/DTOs/`
+- [ ] Infrastructure configs in `Configurations/{Module}/` (subfolder)
+- [ ] Infrastructure services in `Services/{Module}/` (subfolder)
+- [ ] Controller in `Controllers/Business/{Application}/`
+
+**SeedData Core (CRITICAL):**
+- [ ] Navigation module entry in `NavigationModuleConfiguration.cs` (HasData)
+- [ ] Navigation translations in `NavigationTranslationConfiguration.cs` (4 langues)
+- [ ] Permissions in `PermissionConfiguration.cs` (HasData: CRUD + wildcard)
+- [ ] Permission constants in `Permissions.cs` (Application layer)
+- [ ] Role-Permission assignments in `RolePermissionConfiguration.cs` (HasData: 4 roles)
+- [ ] EF Core migration created (includes all HasData seeds)
+
+**Frontend & i18n:**
 - [ ] i18n complete (FR, EN, IT, DE)
+- [ ] Nested routes (NOT flat routes)
+- [ ] Pages in `pages/business/{app}/{module}/`
+
+**Documentation:**
 - [ ] Documentation: `/business-analyse:6-doc-html {feature_id}`
 - [ ] Documentation manifest updated: `docs-manifest.json`
 
@@ -379,39 +450,51 @@ Each task must have: `id`, `description`, `status: "pending"`, `category`, `depe
 ```
 LAYER 1 - DOMAIN (if entities defined in handoff section 3/4):
   Task per entity:
-    description: "Create {Entity} entity in Domain/Entities/Business/ with properties: {property_list}"
+    description: "Create {Entity} entity in Domain/Business/{Application}/{Module}/{Entity}.cs with properties: {property_list}. Use BaseEntity + IAuditableEntity."
     category: "domain"
     dependencies: []
-    acceptance_criteria: "Entity compiles, properties match handoff spec, correct base class (SoftDeletableEntity/AuditableEntity)"
+    acceptance_criteria: "Entity compiles, properties match handoff spec, correct base class (BaseEntity + IAuditableEntity), correct namespace and folder hierarchy"
   Task (if enums needed):
     description: "Create domain enums for {Module}: {EnumList} in Domain/Enums/{Module}/"
     category: "domain"
     dependencies: []
     acceptance_criteria: "Enums compile, values match handoff spec"
 
-LAYER 2 - APPLICATION (if CQRS handlers defined in handoff section 3/4):
+LAYER 1.5 - SEED DATA (ALWAYS included for new modules):
+  Task 1 (navigation seeds):
+    description: "Create navigation seed data: add module entry in NavigationModuleConfiguration.cs (HasData) + 4-language translations in NavigationTranslationConfiguration.cs. Use deterministic GUIDs."
+    category: "seed-data"
+    dependencies: []
+    acceptance_criteria: "HasData entries compile, module visible in nav_Modules, translations in 4 languages (fr, en, it, de)"
+  Task 2 (permission seeds):
+    description: "Create permission seeds: add CRUD + wildcard permissions in PermissionConfiguration.cs (HasData) + compile-time constants in Permissions.cs (Application layer) for business.{app}.{module}"
+    category: "seed-data"
+    dependencies: [ID of navigation seed task]
+    acceptance_criteria: "HasData entries compile, Permissions.cs constants usable in [RequirePermission], wildcard + read/create/update/delete permissions present"
+  Task 3 (role-permission seeds):
+    description: "Create role-permission seed data: assign permissions to 4 default roles (Admin=wildcard, Manager=read+create+update, Contributor=read+create+update, Viewer=read) in RolePermissionConfiguration.cs (HasData)"
+    category: "seed-data"
+    dependencies: [ID of permission seed task]
+    acceptance_criteria: "HasData entries compile, 4 role levels assigned, Admin has wildcard access"
+
+LAYER 2 - APPLICATION (if service interfaces/DTOs defined in handoff section 3/4):
   Task per entity:
-    description: "Create CQRS for {Entity}: Commands ({Create/Update/Delete}Command + Handlers), Queries (GetAll/GetById + Handlers), DTOs ({Entity}Dto, Create/UpdateRequest), Validator"
+    description: "Create Application layer for {Entity}: Service interface (I{Entity}Service.cs), DTOs ({Entity}Dto, Create{Entity}Request, Update{Entity}Request in DTOs/), MappingExtensions"
     category: "application"
     dependencies: [ID of corresponding DOMAIN task for this entity]
-    acceptance_criteria: "Handlers compile, validators defined with business rules, DTOs match handoff properties"
-  Task (once per module):
-    description: "Register permissions in Permissions.cs and PermissionConfiguration.cs for business.{app}.{module}"
-    category: "application"
-    dependencies: [IDs of ALL application tasks for this module]
-    acceptance_criteria: "Permissions compile, HasData seed includes all permissions from handoff"
+    acceptance_criteria: "Interface compiles, DTOs match handoff properties, mapping extensions cover all properties"
 
 LAYER 3 - INFRASTRUCTURE (if EF Core config or services in handoff):
   Task per entity:
-    description: "Create EF Core configuration for {Entity} with indexes, relationships, and schema"
+    description: "Create EF Core configuration in Configurations/{Module}/{Entity}Configuration.cs with table prefix, indexes, relationships, and schema (core or extensions)"
     category: "infrastructure"
     dependencies: [ID of corresponding DOMAIN task for this entity]
-    acceptance_criteria: "Configuration compiles, DbSet registered in DbContext, indexes match handoff"
+    acceptance_criteria: "Configuration compiles, DbSet registered in DbContext, table uses {prefix}_{Entity}s naming, indexes match handoff"
   Task (once per module):
-    description: "Create EF Core migration for {Module} entities"
+    description: "Create EF Core migration for {Module} entities (includes navigation, permission, and role-permission seed data from HasData)"
     category: "infrastructure"
-    dependencies: [IDs of ALL EF Core configuration tasks]
-    acceptance_criteria: "Migration applies without errors, 3 files present (Migration.cs, Designer.cs, ModelSnapshot.cs)"
+    dependencies: [IDs of ALL EF Core configuration tasks + ALL seed-data tasks]
+    acceptance_criteria: "Migration applies without errors, 3 files present (Migration.cs, Designer.cs, ModelSnapshot.cs), HasData seeds included in migration"
   Task per service (if services needed):
     description: "Create {Service} implementing I{Service} with DI registration"
     category: "infrastructure"
@@ -420,27 +503,27 @@ LAYER 3 - INFRASTRUCTURE (if EF Core config or services in handoff):
 
 LAYER 4 - API (if endpoints defined in handoff section 8):
   Task per controller:
-    description: "Create {Entity}Controller with endpoints: {endpoint list} and [NavRoute] + [Authorize] attributes"
+    description: "Create {Entity}Controller in Controllers/Business/{Application}/ with endpoints: {endpoint list}, [NavRoute('business.{app}.{module}')] + [Authorize] + [RequirePermission(Permissions.{Module}.Read)] attributes"
     category: "api"
-    dependencies: [IDs of APPLICATION tasks for this entity + INFRASTRUCTURE migration task]
-    acceptance_criteria: "Controller compiles, endpoints respond, Swagger displays all routes"
+    dependencies: [IDs of APPLICATION tasks for this entity + INFRASTRUCTURE migration task + seed-data permission task]
+    acceptance_criteria: "Controller compiles, endpoints respond, Swagger displays all routes, [RequirePermission] uses Permissions.cs constants (not string literals)"
 
 LAYER 5 - FRONTEND (if frontend files in handoff section 5):
   Task (API service):
-    description: "Create {module}Api.ts API service with Axios calls for all endpoints"
+    description: "Create web/src/services/api/{module}Api.ts API service with Axios calls for all endpoints"
     category: "frontend"
     dependencies: [IDs of ALL API controller tasks]
     acceptance_criteria: "API service compiles, all endpoints covered, types match DTOs"
   Task per page:
-    description: "Create {PageName}.tsx with {description of page content}"
+    description: "Create web/src/pages/business/{app}/{module}/page.tsx with {description of page content}"
     category: "frontend"
     dependencies: [ID of frontend API service task]
     acceptance_criteria: "Page renders, API calls work, navigation functional"
   Task (routes):
-    description: "Add routes in App.tsx for business/{app}/{module} and register in navigation"
+    description: "Add NESTED routes (NOT flat) in App.tsx for business/{app}/{module} and register in navigation"
     category: "frontend"
     dependencies: [IDs of ALL frontend page tasks]
-    acceptance_criteria: "Routes resolve, navigation links appear in menu"
+    acceptance_criteria: "Nested routes resolve, navigation links appear in menu, no redirect to Home"
 
 LAYER 6 - I18N (if i18n keys in handoff section 10):
   Task:
@@ -510,7 +593,7 @@ Write to: `.ralph/prd.json`
   "tasks": [
     {
       "id": 1,
-      "description": "Create {Entity} entity in Domain layer with properties: {list}",
+      "description": "Create {Entity} entity in Domain/Business/{Application}/{Module}/{Entity}.cs with properties: {list}",
       "status": "pending",
       "category": "domain",
       "dependencies": [],