@atlashub/smartstack-cli 2.2.0 → 2.3.0

package/templates/skills/business-analyse/schemas/feature-schema.json

@@ -227,7 +227,7 @@
                   "required": ["target", "type"],
                   "properties": {
                     "target": { "type": "string" },
-                    "type": { "type": "string", "enum": ["1:1", "1:N", "N:M"] },
+                    "type": { "type": "string", "enum": ["1:1", "1:N", "N:1", "N:M"] },
                     "description": { "type": "string" }
                   }
                 }
@@ -521,6 +521,118 @@
               "permissionsRequired": { "type": "array", "items": { "type": "string" } }
             }
           }
+        },
+        "messages": {
+          "type": "array",
+          "description": "Business messages (success, error, warning, info) with i18n keys. MANDATORY: ≥4 messages.",
+          "items": {
+            "type": "object",
+            "required": ["code", "type", "i18nKey"],
+            "properties": {
+              "code": { "type": "string", "description": "SCREAMING_SNAKE_CASE identifier (e.g., VEHICLE_CREATED_SUCCESS)" },
+              "type": { "type": "string", "enum": ["success", "error", "warning", "info"] },
+              "title": { "type": "string" },
+              "message": { "type": "string", "description": "User-facing message with {placeholders}" },
+              "i18nKey": { "type": "string", "description": "Dot-separated i18n key (e.g., freebike.messages.vehicleCreated)" }
+            }
+          }
+        },
+        "lifeCycles": {
+          "type": "array",
+          "description": "Per-entity state machines for entities with Status fields. MANDATORY: ≥1 entity.",
+          "items": {
+            "type": "object",
+            "required": ["entity", "states"],
+            "properties": {
+              "entity": { "type": "string", "description": "PascalCase entity name" },
+              "states": {
+                "type": "array",
+                "items": {
+                  "type": "object",
+                  "required": ["id", "allowedTransitions"],
+                  "properties": {
+                    "id": { "type": "string", "description": "State code (e.g., Draft, Active, Completed)" },
+                    "displayName": { "type": "string" },
+                    "description": { "type": "string" },
+                    "allowedTransitions": { "type": "array", "items": { "type": "string" } },
+                    "isTerminal": { "type": "boolean", "default": false }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "seedDataCore": {
+          "type": "object",
+          "description": "5 mandatory SmartStack core SeedData definitions derived from navigation + permissionMatrix. CRITICAL: without these, module is invisible (403).",
+          "properties": {
+            "navigationModules": {
+              "type": "array",
+              "description": "Entries for nav_Modules table (HasData). Derived from navigation.entries.",
+              "items": {
+                "type": "object",
+                "required": ["code", "label", "icon", "route"],
+                "properties": {
+                  "code": { "type": "string" },
+                  "label": { "type": "string" },
+                  "icon": { "type": "string" },
+                  "route": { "type": "string" },
+                  "parentCode": { "type": ["string", "null"] },
+                  "sort": { "type": "integer" }
+                }
+              }
+            },
+            "navigationTranslations": {
+              "type": "array",
+              "description": "Translations for nav_Translations table (HasData). One entry per module per language.",
+              "items": {
+                "type": "object",
+                "required": ["moduleCode", "language", "label"],
+                "properties": {
+                  "moduleCode": { "type": "string" },
+                  "language": { "type": "string", "enum": ["fr", "en", "it", "de"] },
+                  "label": { "type": "string" }
+                }
+              }
+            },
+            "permissions": {
+              "type": "array",
+              "description": "Entries for nav_Permissions table (HasData). Full paths from permissionMatrix.permissions.",
+              "items": {
+                "type": "object",
+                "required": ["path", "action"],
+                "properties": {
+                  "path": { "type": "string", "description": "Full permission path (business.{app}.{module}.{resource}.{action})" },
+                  "action": { "type": "string" },
+                  "description": { "type": "string" }
+                }
+              }
+            },
+            "rolePermissions": {
+              "type": "array",
+              "description": "Entries for auth_RolePermissions table (HasData). Derived from permissionMatrix.roleAssignments.",
+              "items": {
+                "type": "object",
+                "required": ["role", "permissionPath"],
+                "properties": {
+                  "role": { "type": "string" },
+                  "permissionPath": { "type": "string", "description": "Full permission path (must match permissions[].path)" }
+                }
+              }
+            },
+            "permissionConstants": {
+              "type": "array",
+              "description": "Compile-time constants for Permissions.cs (Application layer). Used in [RequirePermission] attributes.",
+              "items": {
+                "type": "object",
+                "required": ["constantName", "path"],
+                "properties": {
+                  "constantName": { "type": "string", "description": "PascalCase constant (e.g., VehiclesRead)" },
+                  "path": { "type": "string", "description": "Matching permission path" }
+                }
+              }
+            }
+          }
         }
       }
     },
@@ -529,53 +641,74 @@
       "type": "object",
       "description": "Enriched by step-03-validate",
       "properties": {
-        "decision": { "type": "string", "enum": ["approved", "rejected", "pending"] },
         "validatedAt": { "type": ["string", "null"], "format": "date-time" },
-        "completeness": {
-          "type": "object",
-          "properties": {
-            "discovery": { "type": "boolean" },
-            "analysis": { "type": "boolean" },
-            "specification": { "type": "boolean" },
-            "score": { "type": "integer" },
-            "total": { "type": "integer" },
-            "details": { "type": "array", "items": { "type": "string" } }
+        "completenessChecks": {
+          "type": "array",
+          "description": "Per-section completeness verification",
+          "items": {
+            "type": "object",
+            "properties": {
+              "section": { "type": "string" },
+              "count": { "type": "integer" },
+              "minimum": { "type": "integer" },
+              "status": { "type": "string", "enum": ["PASS", "FAIL", "WARNING"] }
+            }
           }
         },
-        "consistency": {
-          "type": "object",
-          "description": "Cross-reference validation results",
-          "properties": {
-            "rulesToRequirements": { "type": "boolean", "description": "All BR mapped to FR" },
-            "useCasesToActors": { "type": "boolean", "description": "All UC have valid actors" },
-            "requirementsToRules": { "type": "boolean", "description": "All FR trace to BR" },
-            "entitiesToEndpoints": { "type": "boolean", "description": "All entities have CRUD endpoints" },
-            "details": { "type": "array", "items": { "type": "string" } }
+        "consistencyChecks": {
+          "type": "array",
+          "description": "Cross-reference consistency checks (UC↔FR, FR↔BR, Actor↔Matrix, etc.)",
+          "items": {
+            "type": "object",
+            "properties": {
+              "check": { "type": "string" },
+              "passed": { "type": "integer" },
+              "warnings": { "type": "integer" },
+              "errors": { "type": "integer" },
+              "status": { "type": "string", "enum": ["PASS", "FAIL", "WARNING"] }
+            }
           }
         },
-        "conventions": {
-          "type": "object",
-          "description": "SmartStack convention validation",
-          "properties": {
-            "permissionPaths": { "type": "boolean" },
-            "navRoutes": { "type": "boolean" },
-            "entityNaming": { "type": "boolean" },
-            "folderStructure": { "type": "boolean" },
-            "seedDataComplete": { "type": "boolean" },
-            "details": { "type": "array", "items": { "type": "string" } }
+        "conventionChecks": {
+          "type": "array",
+          "description": "SmartStack convention validation (naming, permissions, routes, etc.)",
+          "items": {
+            "type": "object",
+            "properties": {
+              "check": { "type": "string" },
+              "status": { "type": "string", "enum": ["PASS", "FAIL", "WARNING"] },
+              "details": { "type": "string" }
+            }
           }
         },
-        "issues": {
+        "riskAssessments": {
           "type": "array",
+          "description": "Scope and complexity risk evaluation",
           "items": {
             "type": "object",
             "properties": {
-              "severity": { "type": "string", "enum": ["critical", "warning", "info"] },
-              "category": { "type": "string" },
-              "description": { "type": "string" },
-              "suggestion": { "type": "string" }
+              "risk": { "type": "string" },
+              "value": { "type": "integer" },
+              "threshold": { "type": "integer" },
+              "status": { "type": "string", "enum": ["ACCEPTABLE", "WARNING", "CRITICAL", "MONITORED"] }
             }
           }
+        },
+        "warnings": {
+          "type": "array",
+          "description": "Non-blocking warnings and observations",
+          "items": { "type": "string" }
+        },
+        "decision": {
+          "type": "object",
+          "description": "Final approval decision",
+          "properties": {
+            "approved": { "type": "boolean" },
+            "reason": { "type": "string" },
+            "approvalMode": { "type": "string", "enum": ["standard", "micro", "delta", "force"] },
+            "approvedBy": { "type": "string" },
+            "approvedAt": { "type": "string", "format": "date-time" }
+          }
         }
       }
     },
@@ -599,12 +732,40 @@
         },
         "brToCodeMapping": {
           "type": "array",
+          "description": "Maps each business rule to its implementation points across layers. Derived from analysis.businessRules[].",
+          "items": {
+            "type": "object",
+            "required": ["ruleId", "implementationPoints"],
+            "properties": {
+              "ruleId": { "type": "string", "description": "BR-XXX identifier from analysis.businessRules" },
+              "title": { "type": "string", "description": "Business rule title" },
+              "implementationPoints": {
+                "type": "array",
+                "items": {
+                  "type": "object",
+                  "required": ["layer", "component"],
+                  "properties": {
+                    "layer": { "type": "string", "description": "Architecture layer (Domain, Application, Infrastructure, API, Frontend)" },
+                    "component": { "type": "string", "description": "File name (e.g., Order.cs, OrdersController.cs)" },
+                    "method": { "type": "string", "description": "Method or attribute (e.g., Validate(), [Authorize])" },
+                    "implementation": { "type": "string", "description": "How the rule is enforced" }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "apiEndpointSummary": {
+          "type": "array",
+          "description": "Subset of specification.apiEndpoints enriched with linkedUC. MUST use EXACT same routes as specification.",
           "items": {
             "type": "object",
             "properties": {
-              "ruleId": { "type": "string" },
-              "implementationFile": { "type": "string" },
-              "pattern": { "type": "string" }
+              "operation": { "type": "string" },
+              "method": { "type": "string", "enum": ["GET", "POST", "PUT", "DELETE", "PATCH"] },
+              "route": { "type": "string", "description": "MUST match specification.apiEndpoints[].path exactly" },
+              "linkedUC": { "type": "string" },
+              "permissions": { "type": "string" }
             }
           }
         },
@@ -619,7 +780,7 @@
                 "properties": {
                   "id": { "type": "integer" },
                   "description": { "type": "string" },
-                  "category": { "type": "string", "enum": ["domain", "application", "infrastructure", "api", "frontend", "i18n", "test", "validation"] },
+                  "category": { "type": "string", "enum": ["domain", "seedData", "seedDataCore", "application", "infrastructure", "api", "frontend", "i18n", "test", "validation"] },
                   "dependencies": { "type": "array", "items": { "type": "integer" } },
                   "acceptanceCriteria": { "type": "string" }
                 }
@@ -654,15 +815,18 @@
 
     "changelog": {
       "type": "array",
-      "description": "Version history and change tracking",
+      "description": "Version history and change tracking. Each step adds an entry.",
       "items": {
         "type": "object",
-        "required": ["version", "timestamp", "changes"],
+        "required": ["timestamp", "changes"],
         "properties": {
-          "version": { "type": "string" },
+          "step": { "type": "string", "description": "Step identifier (e.g., step-01-analyse, step-02-specify, step-03-validate, step-04-handoff)" },
+          "version": { "type": "string", "description": "Feature version at this point" },
           "timestamp": { "type": "string", "format": "date-time" },
           "author": { "type": "string" },
-          "changes": { "type": "array", "items": { "type": "string" } }
+          "changes": { "type": "array", "items": { "type": "string" } },
+          "warnings": { "type": "array", "items": { "type": "string" }, "description": "Non-blocking warnings from this step" },
+          "decision": { "type": "string", "description": "Step decision outcome (e.g., approved, rejected)" }
         }
       }
     }
@@ -679,8 +843,14 @@
     },
     "fileSpec": {
       "type": "object",
+      "required": ["path", "type"],
       "properties": {
         "path": { "type": "string", "description": "Relative file path" },
+        "type": { "type": "string", "description": "File type (Entity, Service, DTO, Repository, Migration, HasData, Constants, ApiController, Page, Component, ApiClient, ReduxSlice, UnitTests, IntegrationTests, Enum)" },
+        "linkedFRs": { "type": "array", "items": { "type": "string" }, "description": "Linked functional requirement IDs (FR-XXX)" },
+        "linkedUCs": { "type": "array", "items": { "type": "string" }, "description": "Linked use case IDs (UC-XXX)" },
+        "category": { "type": "string", "enum": ["core", "business"], "description": "SeedData category: core (navigation/permissions) or business (lookup tables)" },
+        "source": { "type": "string", "description": "Source path in feature.json for derivation (e.g., specification.seedDataCore.permissions)" },
         "description": { "type": "string" },
         "pattern": { "type": "string", "description": "Reference pattern from existing codebase" },
         "instructions": { "type": "string" }

package/templates/skills/business-analyse/steps/step-01-analyse.md

@@ -150,7 +150,7 @@ Skip categories already answered in previous version.
 **ULTRATHINK checkpoints during elicitation:**
 - After Q1: If answer is solution-oriented → reframe to problem
 - After Q2: If only 1-2 stakeholder types → probe for hidden users
-- After Q3: If > 5 Must-Have → ask to prioritize for v1
+- After Q3: If > 5 Must-Have → ask to prioritize implementation order
 - If answer is vague → apply Technique 3 (Concrete Scenario)
 - If any answer contains permission attributes → flag as RBAC violation
 
@@ -428,6 +428,24 @@ Use **ba-writer** agent to enrich:
 - `discovery` section: problem, asIs, toBe, trigger, stakeholders, scope, risks, codebaseContext, openQuestions
 - `analysis` section: objectives, businessRules, entities, processFlow, integrations, crossModuleImpact, dataLifecycle, suggestions
 - Update `metadata.steps.analyse.status = "completed"`
+- **Initialize changelog** with first entry:
+
+```json
+{
+  "changelog": [
+    {
+      "step": "step-01-analyse",
+      "timestamp": "2025-02-01T09:00:00Z",
+      "changes": [
+        "Discovery: {stakeholder_count} stakeholders, {scope_must} must-haves",
+        "Analysis: {br_count} business rules, {entity_count} entities, {obj_count} objectives",
+        "Suggestions: {accepted_count}/{total_count} accepted",
+        "Risks: {risk_count} identified ({critical_count} critical)"
+      ]
+    }
+  ]
+}
+```
 
 ---
 

package/templates/skills/business-analyse/steps/step-02-specify.md

@@ -386,6 +386,55 @@ These tables are:
 
 **Micro mode:** Minimal: Status and Category only. Skip Priority, Type, Department.
 
+### 6.4 SeedData Core (OBLIGATOIRE)
+
+> **CRITIQUE :** Sans ces SeedData, le module sera invisible dans la navigation et toutes les API retourneront 403.
+
+En plus des 5 tables metier ci-dessus, generer une section `specification.seedDataCore` derivee automatiquement de `specification.navigation` et `specification.permissionMatrix` :
+
+```json
+{
+  "seedDataCore": {
+    "navigationModules": [
+      {
+        "code": "fleet",
+        "label": "Fleet Management",
+        "icon": "Truck",
+        "route": "/business/freebike/fleet",
+        "parentCode": "freebike",
+        "sort": 1
+      }
+    ],
+    "navigationTranslations": [
+      { "moduleCode": "fleet", "language": "fr", "label": "Gestion de Flotte" },
+      { "moduleCode": "fleet", "language": "en", "label": "Fleet Management" }
+    ],
+    "permissions": [
+      { "path": "business.freebike.fleetmanagement.vehicles.read", "action": "read", "description": "Consulter vehicules" }
+    ],
+    "rolePermissions": [
+      { "role": "FreeBike Admin", "permissionPath": "business.freebike.fleetmanagement.*" },
+      { "role": "FreeBike Manager", "permissionPath": "business.freebike.fleetmanagement.vehicles.read" }
+    ],
+    "permissionConstants": [
+      { "constantName": "VehiclesRead", "path": "business.freebike.fleetmanagement.vehicles.read" }
+    ]
+  }
+}
+```
+
+**Regles de derivation :**
+
+1. **navigationModules** : Prendre chaque entree de `specification.navigation.entries[]` avec level = module ou section
+2. **navigationTranslations** : Prendre chaque entree de navigation et generer une traduction par langue definie dans `labels`
+3. **permissions** : Copier EXACTEMENT `specification.permissionMatrix.permissions[]` (chemins complets)
+4. **rolePermissions** : Pour chaque `roleAssignments[]`, expander les wildcards et raccourcis en chemins complets. Chaque `permissionPath` DOIT correspondre a un `permissions[].path` existant
+5. **permissionConstants** : Pour chaque permission, generer un nom PascalCase (ex: `business.freebike.fleetmanagement.vehicles.read` → `VehiclesRead`)
+
+**Verification :** Chaque `rolePermissions[].permissionPath` doit exister dans `permissions[].path`. Si un raccourci est utilise (ex: `vehicles.read` au lieu du chemin complet), c'est une ERREUR.
+
+**Micro mode :** Generer avec les permissions CRUD minimales pour le role Admin uniquement.
+
 ---
 
 ## 7. Section 5: UI Wireframes
@@ -578,7 +627,15 @@ For each input field, specify validation rules:
 }
 ```
 
-### 9.2 Business Messages
+### 9.2 Business Messages (OBLIGATOIRE - minimum 4 messages)
+
+> **OBLIGATOIRE :** Generer au minimum 4 messages metier dans `specification.messages[]` :
+> - 1 success (ex: RESOURCE_CREATED_SUCCESS)
+> - 1 error CRUD (ex: RESOURCE_CREATION_FAILED)
+> - 1 error validation (ex: RESOURCE_NOT_FOUND)
+> - 1 error permission (ex: PERMISSION_DENIED)
+>
+> Pour les modules complexes, ajouter des messages warning (ex: STOCK_LOW_WARNING, SYNC_FAILED_WARNING).
 
 Define user-facing messages for operations:
 
@@ -621,7 +678,11 @@ Define user-facing messages for operations:
 
 ## 10. Section 8: Data Lifecycle & Cross-Module Patterns
 
-### 10.1 Entity Lifecycle States
+### 10.1 Entity Lifecycle States (OBLIGATOIRE - minimum 1 entite)
+
+> **OBLIGATOIRE :** Pour chaque entite ayant un attribut `Status` ou `State` (enum), definir une state machine dans `specification.lifeCycles[]`.
+> Identifier les entites candidates en parcourant `analysis.entities[].attributes[]` pour trouver celles avec un champ de type enum representant un statut.
+> Minimum : 1 entite avec state machine. Pour un full-module, typiquement 2-4 entites.
 
 Define state transitions for key entities:
 
@@ -776,6 +837,8 @@ Ensure:
 
 Use `ba-writer.updateSpecification()` to write:
 
+> **INTERDIT :** Ne JAMAIS generer de fichier `specification.json` separe. Toute la specification DOIT rester dans `feature.json.specification`. Un fichier specification.json separe cree une double source de verite et sera ecrase/ignore.
+
 ```json
 {
   "specification": {
@@ -790,6 +853,7 @@ Use `ba-writer.updateSpecification()` to write:
     "validations": [...],
     "messages": [...],
     "lifeCycles": [...],
+    "seedDataCore": {...},
     "crossModuleDependencies": [...],
     "auditingPolicy": {...},
     "archivalPolicy": {...}
@@ -813,6 +877,8 @@ Use cases created:  8 (UC-001 → UC-008)
 Requirements:       12 FRs linked to business rules
 Permission matrix:  3 resources × 4 actors
 SeedData tables:    5 mandatory (Status, Priority, Category, Type, Department)
+SeedData Core:      5 files (Navigation, Translations, Permissions, RolePermissions, Constants)
+Messages:           6 business messages (success, error, warning)
 UI screens:         6 wireframes (List, Create, Detail, Reports, etc.)
 Gherkin scenarios:  18 scenarios across all UCs
 Validations:        24 field validation rules

package/templates/skills/business-analyse/steps/step-03-validate.md

@@ -123,6 +123,56 @@ Validate 5 mandatory SeedData tables defined in navigationHierarchy:
 
 **Issue:** Missing SeedData table → validation ERROR, must specify before approval.
 
+### 2.4 SeedData Core Presence (BLOQUANT)
+
+> **CRITIQUE :** Cette validation est BLOQUANTE. Si `specification.seedDataCore` est absent ou incomplet, la validation DOIT echouer avec une ERREUR (pas un warning). Sans ces fichiers, le module sera invisible et toutes les API retourneront 403.
+
+Verifier la presence et le contenu de `specification.seedDataCore` :
+
+```json
+{
+  "seedDataCoreChecks": [
+    {
+      "section": "navigationModules",
+      "minimum": 1,
+      "status": "PASS|FAIL",
+      "description": "Au moins 1 entree de navigation module"
+    },
+    {
+      "section": "navigationTranslations",
+      "minimum": 1,
+      "status": "PASS|FAIL",
+      "description": "Au moins 1 traduction par module"
+    },
+    {
+      "section": "permissions",
+      "minimum": 3,
+      "status": "PASS|FAIL",
+      "description": "Au moins 3 permissions (Read, Create, Update minimum)"
+    },
+    {
+      "section": "rolePermissions",
+      "minimum": 2,
+      "status": "PASS|FAIL",
+      "description": "Au moins 2 associations role-permission (Admin + 1 autre role)"
+    },
+    {
+      "section": "permissionConstants",
+      "minimum": 3,
+      "status": "PASS|FAIL",
+      "description": "Au moins 3 constantes compile-time"
+    }
+  ]
+}
+```
+
+**Regles :**
+- Chaque `rolePermissions[].permissionPath` DOIT exister dans `permissions[].path` → ERREUR sinon
+- Chaque `permissions[].path` DOIT utiliser le format complet `business.{app}.{module}.{resource}.{action}` → ERREUR sinon
+- Les `permissionConstants[].path` DOIVENT correspondre a `permissions[].path` → ERREUR sinon
+
+**Issue:** Section seedDataCore absente ou incomplete → validation ERREUR BLOQUANTE, retour a step-02.
+
 ---
 
 ## 3. Consistency Checks
@@ -307,6 +357,63 @@ Cross-check all BR references:
 - ✓ PASS: UC has ≥2 scenarios
 - ✗ FAIL: Add Gherkin scenarios or remove UC
 
+### 3.7 API Routes Format Consistency
+
+**Rule:** All routes in `specification.apiEndpoints[].path` MUST use the same prefix format. No mixing of `/api/freebike/...`, `/api/v1/...`, and `/api/...` in the same specification.
+
+```json
+{
+  "checks": [
+    {
+      "check": "API route prefix consistency",
+      "prefixes": ["/api/freebike/"],
+      "inconsistent": [],
+      "status": "PASS"
+    },
+    {
+      "check": "API route prefix consistency",
+      "prefixes": ["/api/freebike/", "/api/v1/"],
+      "inconsistent": ["GET /api/v1/vehicles conflicts with POST /api/freebike/vehicles"],
+      "status": "FAIL"
+    }
+  ]
+}
+```
+
+**Resolution:**
+- ✓ PASS: All routes use the same prefix
+- ✗ FAIL: Harmonize all routes to use a single prefix pattern
+
+### 3.8 Permission Format Consistency
+
+**Rule:** All permissions in `permissionMatrix.roleAssignments[].permissions[]` MUST use full path format matching `permissionMatrix.permissions[].path`. No shortcuts (e.g., `vehicles.read` instead of `business.freebike.fleetmanagement.vehicles.read`).
+
+```json
+{
+  "checks": [
+    {
+      "check": "Permission path format in roleAssignments",
+      "fullPaths": 15,
+      "shortcuts": 0,
+      "status": "PASS"
+    },
+    {
+      "check": "Permission path format in roleAssignments",
+      "fullPaths": 5,
+      "shortcuts": 10,
+      "inconsistentExamples": ["vehicles.read should be business.freebike.fleetmanagement.vehicles.read"],
+      "status": "FAIL"
+    }
+  ]
+}
+```
+
+**Exception:** Le wildcard `business.{app}.{module}.*` est accepte pour le role Admin.
+
+**Resolution:**
+- ✓ PASS: All roleAssignment permissions use full paths
+- ✗ FAIL: Replace shortcuts with full paths from permissionMatrix.permissions[].path
+
 ---
 
 ## 4. SmartStack Convention Validation
@@ -441,6 +548,22 @@ Check role escalation:
 }
 ```
 
+### 4.5 Orphan File Detection
+
+**Rule:** The feature.json is the SINGLE source of truth. No separate JSON files should exist.
+
+```
+CHECK orphan files:
+  - specification.json exists in output directory → WARNING ⚠
+    "Double source of vérité détectée : specification.json est un fichier orphelin.
+     Toute la spécification doit être dans feature.json.specification.
+     SUPPRIMER specification.json et vérifier que feature.json.specification est complet."
+  - analysis.json exists in output directory → WARNING ⚠
+    "Fichier analysis.json orphelin détecté. L'analyse doit être dans feature.json.analysis."
+```
+
+**Action :** Si un fichier orphelin est détecté, ajouter un WARNING dans `validation.warnings[]` et recommander la suppression.
+
 ---
 
 ## 5. Risk Assessment
@@ -836,7 +959,31 @@ Use `ba-writer.updateStatus("approved")` to mark validation complete.
 
 (Or keep status as "specified" if rejected.)
 
-### 9.3 User Confirmation (Standard Mode)
+### 9.3 Update Changelog
+
+**OBLIGATOIRE :** Ajouter une entrée changelog pour step-03 via `ba-writer` :
+
+```json
+{
+  "changelog": [
+    {
+      "step": "step-03-validate",
+      "timestamp": "2025-02-01T10:35:00Z",
+      "changes": [
+        "Validation complétude : X/Y sections présentes",
+        "Validation cohérence : X cross-references vérifiées",
+        "Validation conventions : nommage, RBAC, structure",
+        "Évaluation risques : NIVEAU (détails)",
+        "Décision : APPROVED/REJECTED (mode: standard/micro/force)"
+      ],
+      "warnings": ["Liste des warnings éventuels"],
+      "decision": "approved"
+    }
+  ]
+}
+```
+
+### 9.4 User Confirmation (Standard Mode)
 
 ```
 ✓ Validation complete - APPROVED