@atlashub/smartstack-cli 2.9.0 → 3.1.0

package/templates/agents/gitflow/status.md

@@ -8,17 +8,17 @@ tools: Bash, Read, Glob
 
 # GitFlow Status Agent
 
-Expert GitFlow. Affiche l'etat COMPLET du repository avec vocabulaire accessible.
+Expert GitFlow. Display COMPLETE repository state with accessible vocabulary.
 
 ## Workflow
 
-1. **Branches**: Lister TOUTES les branches (locales + remote) avec dernier commit
-2. **Tags**: Lister TOUS les tags avec dates et branches associees
-3. **Comparaisons**: Analyser les differences entre develop, main et releases
-4. **EF Core**: Detecter migrations pending
-5. **Output**: Affichage complet et comprehensible
+1. **Branches**: List ALL branches (local + remote) with last commit
+2. **Tags**: List ALL tags with dates
+3. **Comparisons**: Analyze differences between develop, main and releases
+4. **EF Core**: Detect pending migrations
+5. **Output**: Complete and understandable display
 
-## Commandes a executer
+## Commands to Execute
 
 ```bash
 # 1. BRANCHES
@@ -32,88 +32,58 @@ git for-each-ref --sort=-v:refname --format='%(refname:short)|%(creatordate:shor
 git describe --tags --abbrev=0 main 2>/dev/null
 git describe --tags --abbrev=0 develop 2>/dev/null
 
-# 3. COMPARAISONS
-git rev-list --count main..develop 2>/dev/null    # commits sur develop a publier
-git rev-list --count develop..main 2>/dev/null    # commits sur main a recuperer
-git log develop..main --oneline 2>/dev/null       # si main > 0
-
-# Pour chaque release/*
-git branch -a | grep release/
-# Pour chaque: ahead/behind vs develop et main
+# 3. COMPARISONS
+git rev-list --count main..develop 2>/dev/null
+git rev-list --count develop..main 2>/dev/null
 
 # 4. STATUS
 git status --porcelain
 ```
 
-## Vocabulaire simplifie (IMPORTANT)
-
-Utiliser ces termes au lieu du jargon Git:
-- "ahead" → "a publier" ou "prets pour production"
-- "behind" → "a recuperer" ou "manquants"
-- "diverged" → "desynchronise"
-- "merge" → "fusionner" ou "integrer"
-- "branch" → "branche" (garder)
-- "commit" → "changement" ou "modification"
-- "tag" → "version" ou "etiquette de version"
-
-## Output Format
-
-Suivre le format defini dans la commande 2-status.md avec:
-- Tableaux clairs avec bordures
-- Legendes explicatives
-- Actions concretes a faire
-- Pas de jargon technique sans explication
-
-## Generation des ACTIONS A FAIRE (CRITIQUE)
+## Simplified Vocabulary (IMPORTANT)
 
-A la fin de l'affichage, TOUJOURS generer une section "ACTIONS A FAIRE" avec des commandes PRETES A COPIER-COLLER.
+Use these terms instead of Git jargon:
+- "ahead" -> "to publish" / "ready for production"
+- "behind" -> "to retrieve" / "missing"
+- "diverged" -> "desynchronized"
+- "merge" -> "integrate"
+- "commit" -> "change" / "modification"
+- "tag" -> "version"
 
-### Regles de generation:
+## ACTIONS TO DO Generation (CRITICAL)
 
-1. **Analyser l'etat** et generer UNIQUEMENT les actions pertinentes
-2. **Inclure le nom exact** de la branche/feature/release dans la commande
-3. **Format obligatoire** - UNE commande par ligne, facilement copiable:
+At the end, ALWAYS generate an "ACTIONS TO DO" section with READY-TO-COPY commands.
 
-```
-{emoji} {Description claire avec contexte}
-{commande complete prete a copier}
-```
-
-**IMPORTANT**: La commande doit etre sur SA PROPRE LIGNE, sans prefixe, pour etre copiable en un clic.
+### Detection Logic:
 
-### Logique de detection:
-
-| Condition detectee | Action a proposer |
+| Detected Condition | Action to Propose |
 |--------------------|-------------------|
-| `main → develop > 0` | `git merge main` |
-| `develop → main > 0` | `/gitflow:start release v{next_version}` |
-| `feature/* ahead > 0 && behind == 0` | `/gitflow:finish feature/{name}` |
-| `feature/* behind > 5` | `/gitflow:rebase feature/{name}` |
-| `release/* ahead == 0` | `/gitflow:cleanup release/{name}` |
-| `git status dirty` | `/gitflow:commit "{contexte}"` |
-| `local ahead of remote` | `/gitflow:sync {branch}` |
-| `local behind remote` | `/gitflow:sync {branch}` |
-| `migrations pending` | `/efcore:db-deploy` |
-
-### Exemple de sortie:
+| `main -> develop > 0` | `git merge main` |
+| `develop -> main > 0` | `/gitflow -r v{next_version}` |
+| `feature/* ahead > 0 && behind == 0` | `/gitflow finish` |
+| `feature/* behind > 5` | Rebase recommended |
+| `release/* ahead == 0` | `/gitflow cleanup` |
+| `git status dirty` | `/gitflow commit` |
+| `local ahead of remote` | Push recommended |
+| `local behind remote` | Pull recommended |
+| `migrations pending` | Database deploy recommended |
+
+### Example Output:
 
 ```
-══════════════════════════════════════════════════════════════════════════════
- ACTIONS A FAIRE
-══════════════════════════════════════════════════════════════════════════════
+==============================================================================
+ ACTIONS TO DO
+==============================================================================
 
-⚠️ Recuperer 3 commits de main dans develop
+  Retrieve 3 commits from main into develop
 git merge main
 
-🗑️ Nettoyer release/v1.5.1 (terminee, 0 commits uniques)
-/gitflow:cleanup release/v1.5.1
-
-🗑️ Nettoyer release/v1.4.2 (terminee, 0 commits uniques)
-/gitflow:cleanup release/v1.4.2
+  Clean up release/v1.5.1 (finished, 0 unique commits)
+/gitflow cleanup
 
-══════════════════════════════════════════════════════════════════════════════
+==============================================================================
 ```
 
 ## Priority
 
-Completude + Clarte > Vitesse. L'utilisateur doit comprendre TOUT l'etat du repo ET savoir exactement quoi faire ensuite.
+Completeness + Clarity > Speed. User must understand the FULL repo state AND know exactly what to do next.

package/templates/hooks/appsettings-guard.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# Appsettings Guard - PreToolUse Hook
+# Blocks Write operations that would remove top-level sections from appsettings*.json
+# Uses node -e for JSON parsing (no jq dependency)
+
+set -euo pipefail
+
+# Read hook input from stdin
+HOOK_INPUT=$(cat)
+
+# Quick exit: only care about appsettings*.json files (~2ms for non-matching calls)
+case "$HOOK_INPUT" in
+  *appsettings*) ;; # proceed to full check
+  *) exit 0 ;;      # fast exit - not an appsettings file
+esac
+
+# Full check using node (guaranteed available in SmartStack projects)
+RESULT=$(echo "$HOOK_INPUT" | node -e "
+  const fs = require('fs');
+  const input = JSON.parse(fs.readFileSync(0, 'utf8'));
+
+  const toolName = input.tool_name || '';
+  const filePath = (input.tool_input && input.tool_input.file_path) || '';
+  const basename = require('path').basename(filePath);
+
+  // Only guard appsettings*.json files
+  if (!/^appsettings.*\.json$/i.test(basename)) {
+    process.exit(0);
+  }
+
+  // Allow creation of new files (e.g. appsettings.Local.json from /gitflow start)
+  if (!fs.existsSync(filePath)) {
+    process.exit(0);
+  }
+
+  // Only guard Write tool (Edit is safe by design - targeted replacement)
+  if (toolName !== 'Write') {
+    process.exit(0);
+  }
+
+  const newContent = (input.tool_input && input.tool_input.content) || '';
+
+  try {
+    const currentContent = fs.readFileSync(filePath, 'utf8');
+    const currentObj = JSON.parse(currentContent);
+    const newObj = JSON.parse(newContent);
+
+    const currentKeys = Object.keys(currentObj);
+    const newKeys = new Set(Object.keys(newObj));
+    const missing = currentKeys.filter(k => !newKeys.has(k));
+
+    if (missing.length > 0) {
+      const output = {
+        continue: true,
+        hookSpecificOutput: {
+          hookEventName: 'PreToolUse',
+          permissionDecision: 'block',
+          permissionDecisionReason: 'APPSETTINGS GUARD: Write supprimerait ' + missing.length + ' section(s) top-level: ' + missing.join(', ') + '. Utilise le tool Edit pour modifier des valeurs specifiques au lieu de reecrire le fichier entier. Si tu dois ajouter une section, utilise Edit pour inserer avant le } fermant.'
+        }
+      };
+      process.stdout.write(JSON.stringify(output));
+      process.exit(2);
+    }
+  } catch (e) {
+    // JSON parse error on current or new content - allow (tool will handle the error)
+    process.exit(0);
+  }
+" 2>/dev/null) || true
+
+if [ -n "$RESULT" ]; then
+  echo "$RESULT"
+  exit 2
+fi
+
+exit 0

package/templates/hooks/ef-migration-check.md

@@ -99,7 +99,7 @@ exit 0
 
 ## Integration Claude Code
 
-Dans le workflow `/gitflow:3-commit`, avant le commit :
+Dans le workflow `/gitflow commit`, avant le commit :
 
 ```
 1. Detecter migrations modifiees

package/templates/hooks/hooks.json

@@ -18,6 +18,15 @@
             "command": "${CLAUDE_HOOKS_DIR}/ralph-mcp-logger.sh"
           }
         ]
+      },
+      {
+        "matcher": "Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_HOOKS_DIR}/appsettings-guard.sh"
+          }
+        ]
       }
     ],
     "Stop": [

package/templates/project/appsettings.json.template

@@ -8,7 +8,6 @@
     "EnableDevSeeding": false
   },
   "Jwt": {
-    "Secret": "{{GenerateRandomSecret}}",
     "Issuer": "{{ProjectName}}",
     "Audience": "{{ProjectName}}",
     "AccessTokenExpirationMinutes": 60,
@@ -132,6 +131,10 @@
       "SenderAddress": ""
     }
   },
+  "Zefix": {
+    "Username": "",
+    "Password": ""
+  },
   "Entra": {
     "TenantId": "",
     "ClientId": "",
@@ -140,10 +143,13 @@
     "SyncIntervalMinutes": 60,
     "UseDeltaSync": true,
     "DefaultConflictResolution": "ManualReview",
-    "AutoCreateReferences": true
+    "AutoCreateReferences": true,
+    "BackgroundSyncEnabled": false,
+    "BackgroundSyncIntervalMinutes": 60
   },
   "MultiTenant": {
     "Enabled": true,
+    "EnableB2B": true,
     "EnableB2C": true,
     "SystemTenantSlug": "default",
     "SystemTenantName": "Default Workspace",

package/templates/project/test-frontend/msw/handlers.ts

@@ -0,0 +1,58 @@
+import { http, HttpResponse } from 'msw';
+
+/**
+ * Default MSW handlers for SmartStack API endpoints.
+ * These handlers mock common API calls used across the application.
+ *
+ * Override these in individual tests using server.use().
+ *
+ * @example
+ * // In a test file:
+ * server.use(
+ *   http.get('/api/products', () =>
+ *     HttpResponse.json({
+ *       items: [{ id: '1', code: 'P-01', name: 'Test Product' }],
+ *       totalCount: 1,
+ *       pageNumber: 1,
+ *       pageSize: 10,
+ *     })
+ *   )
+ * );
+ */
+export const handlers = [
+  // Auth endpoints
+  http.get('/api/auth/me', () =>
+    HttpResponse.json({
+      id: 'test-user-id',
+      email: 'test-admin@smartstack.io',
+      name: 'Test Admin',
+      role: 'Administrator',
+      permissions: ['*'],
+    })
+  ),
+
+  http.post('/api/auth/login', () =>
+    HttpResponse.json({
+      token: 'test-jwt-token',
+      user: {
+        id: 'test-user-id',
+        email: 'test-admin@smartstack.io',
+        name: 'Test Admin',
+      },
+    })
+  ),
+
+  // Navigation endpoints
+  http.get('/api/navigation', () =>
+    HttpResponse.json([])
+  ),
+
+  // User preferences
+  http.get('/api/users/preferences', () =>
+    HttpResponse.json({})
+  ),
+
+  http.put('/api/users/preferences', () =>
+    HttpResponse.json({ success: true })
+  ),
+];

package/templates/project/test-frontend/msw/server.ts

@@ -0,0 +1,25 @@
+import { setupServer } from 'msw/node';
+import { handlers } from './handlers';
+
+/**
+ * MSW (Mock Service Worker) server for intercepting API calls in tests.
+ * Configured with default handlers that mock common SmartStack API endpoints.
+ *
+ * Usage:
+ * - Default handlers are loaded from ./handlers.ts
+ * - Override handlers per-test using server.use()
+ *
+ * @example
+ * import { server } from '@/test/msw/server';
+ * import { http, HttpResponse } from 'msw';
+ *
+ * test('custom handler', () => {
+ *   server.use(
+ *     http.get('/api/products', () =>
+ *       HttpResponse.json({ items: [], totalCount: 0 })
+ *     )
+ *   );
+ *   // ... test code
+ * });
+ */
+export const server = setupServer(...handlers);

package/templates/project/test-frontend/setup.ts

@@ -0,0 +1,16 @@
+import '@testing-library/jest-dom/vitest';
+import { cleanup } from '@testing-library/react';
+import { afterEach, beforeAll, afterAll } from 'vitest';
+import { server } from './msw/server';
+
+// Start MSW server before all tests
+beforeAll(() => server.listen({ onUnhandledRequest: 'warn' }));
+
+// Reset handlers after each test (to not leak state between tests)
+afterEach(() => {
+  cleanup();
+  server.resetHandlers();
+});
+
+// Close MSW server after all tests
+afterAll(() => server.close());

package/templates/project/test-frontend/test-utils.tsx

@@ -0,0 +1,59 @@
+import React, { type ReactElement } from 'react';
+import { render, type RenderOptions } from '@testing-library/react';
+import { BrowserRouter } from 'react-router-dom';
+import { I18nextProvider } from 'react-i18next';
+import i18n from '../i18n'; // Adjust path to your i18n config
+
+/**
+ * AuthContext mock for tests.
+ * Provides a default authenticated user with admin permissions.
+ */
+const mockAuthContext = {
+  user: {
+    id: 'test-user-id',
+    email: 'test-admin@smartstack.io',
+    name: 'Test Admin',
+    role: 'Administrator',
+  },
+  isAuthenticated: true,
+  isLoading: false,
+  login: async () => {},
+  logout: async () => {},
+  hasPermission: () => true,
+  refreshPermissions: async () => {},
+};
+
+/**
+ * Wraps components with all necessary providers for testing.
+ * Includes: Router, i18n, Auth context.
+ */
+function AllProviders({ children }: { children: React.ReactNode }) {
+  return (
+    <BrowserRouter>
+      <I18nextProvider i18n={i18n}>
+        {children}
+      </I18nextProvider>
+    </BrowserRouter>
+  );
+}
+
+/**
+ * Custom render function that wraps components with test providers.
+ * Use this instead of @testing-library/react's render.
+ *
+ * @example
+ * import { renderWithProviders, screen } from '@/test/test-utils';
+ * renderWithProviders(<MyComponent />);
+ * expect(screen.getByText('Hello')).toBeInTheDocument();
+ */
+function renderWithProviders(
+  ui: ReactElement,
+  options?: Omit<RenderOptions, 'wrapper'>
+) {
+  return render(ui, { wrapper: AllProviders, ...options });
+}
+
+// Re-export everything from testing-library
+export * from '@testing-library/react';
+export { renderWithProviders };
+export { mockAuthContext };

package/templates/project/test-frontend/vitest.config.ts

@@ -0,0 +1,31 @@
+/// <reference types="vitest/config" />
+import { defineConfig } from 'vite';
+import react from '@vitejs/plugin-react';
+import path from 'path';
+
+export default defineConfig({
+  plugins: [react()],
+  test: {
+    globals: true,
+    environment: 'jsdom',
+    setupFiles: ['./src/test/setup.ts'],
+    css: false,
+    include: ['src/**/*.{test,spec}.{ts,tsx}'],
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'json', 'html'],
+      include: ['src/**/*.{ts,tsx}'],
+      exclude: [
+        'src/test/**',
+        'src/**/*.d.ts',
+        'src/main.tsx',
+        'src/vite-env.d.ts',
+      ],
+    },
+  },
+  resolve: {
+    alias: {
+      '@': path.resolve(__dirname, './src'),
+    },
+  },
+});

package/templates/skills/_resources/config-safety.md

@@ -0,0 +1,61 @@
+# Configuration File Safety Rules
+
+## appsettings*.json Protection
+
+### MANDATORY Rules
+
+1. **NEVER use Write tool on `appsettings*.json`** — ALWAYS use Edit for targeted changes
+2. **NEVER remove existing top-level sections** — only add or modify values within existing structure
+3. **NEVER delete configuration keys** — replace secret VALUES with `<CONFIGURE_HERE>` placeholder
+4. **When adding a new section**, use Edit to insert at the correct location (before the closing `}`)
+
+### WHY
+
+Claude's Write tool replaces the entire file. If you read a 200-line appsettings.json but only reproduce 150 lines in the Write, 50 lines of configuration are permanently lost. This has caused production incidents where entire authentication, logging, or integration sections disappeared.
+
+### Correct Patterns
+
+| Action | Tool | Approach |
+|--------|------|----------|
+| Add new section | Edit | Find closing `}`, replace with new section + `}` |
+| Modify a value | Edit | Target the specific key-value pair |
+| Add a key to section | Edit | Find the section's closing `}`, add key before it |
+| Replace secrets | Edit | Replace the VALUE only, keep the key |
+
+### Example: Adding a New Section
+
+```
+// Use Edit tool with:
+// old_string:   "Serilog": { ... }\n}
+// new_string:   "Serilog": { ... },\n  "NewSection": { "Key": "<CONFIGURE_HERE>" }\n}
+```
+
+### Secret Value Handling
+
+```json
+// WRONG - removing the key entirely
+"Jwt": { }
+
+// WRONG - deleting the section
+// (section missing from file)
+
+// CORRECT - placeholder value preserving structure
+"Jwt": {
+  "SecretKey": "<CONFIGURE_HERE>",
+  "Issuer": "<CONFIGURE_HERE>",
+  "Audience": "<CONFIGURE_HERE>",
+  "ExpirationMinutes": 60
+}
+```
+
+### Exception: New File Creation
+
+Write is acceptable ONLY when creating a NEW `appsettings.*.json` file that does not yet exist on disk (e.g., `appsettings.Local.json` during `/gitflow start`). The PreToolUse hook automatically allows this case.
+
+### Protection Layers
+
+| Layer | Mechanism | When |
+|-------|-----------|------|
+| Hook `appsettings-guard.sh` | PreToolUse on Write | Blocks Write if top-level sections would be lost |
+| Commit agent step 2b | During `/gitflow commit` | Detects section removal vs HEAD before staging |
+| These instructions | During development | Prevents the issue from occurring |

package/templates/skills/_resources/formatting-guide.md

@@ -46,7 +46,7 @@ Always in simple code block:
 
 ```markdown
 ```
-/gitflow:1-init --exec
+/gitflow init --exec
 ```
 ```
 
@@ -77,7 +77,7 @@ npm test
 
 ```markdown
 <!-- INCORRECT -->
-Execute `/gitflow:1-init`
+Execute `/gitflow init`
 Run the command `npm run build`
 ```
 

package/templates/skills/application/SKILL.md

@@ -48,7 +48,10 @@ This skill uses progressive step loading. Each step calls MCP tools for generati
 | `mcp__smartstack__scaffold_api_client` | TypeScript API client |
 | `mcp__smartstack__scaffold_routes` | React Router configuration |
 | `mcp__smartstack__suggest_migration` | Migration name suggestion |
-| `mcp__smartstack__scaffold_tests` | Test suite generation |
+| `mcp__smartstack__scaffold_tests` | Test suite generation (backend) |
+| `mcp__smartstack__scaffold_frontend_tests` | Test suite generation (frontend React) |
+| `mcp__smartstack__validate_conventions` | Post-generation convention check |
+| `mcp__smartstack__review_code` | Code quality audit |
 
 ## WHEN THIS SKILL ACTIVATES
 
@@ -88,14 +91,17 @@ WEB (React) → API (.NET) → Application → Infrastructure → Database
 3. ROLES (RolePermission mappings)
 3b. CLIENT SEED PROVIDER (client projects only - IClientSeedDataProvider)
 4. API (Controller + DTOs via /controller:create)
+   4b. VALIDATE (/validate - convention check on generated backend)
 5. SERVICES (Interface + Implementation)
 6. FRONTEND (Page + Components + Hooks)
 7. I18N (fr, en, it, de)
 8. ROUTES (nested routes mandatory)
 9. PREFERENCES (Hook pattern)
 10. MIGRATION (/efcore:migration)
-11. TESTS (scaffold_tests - 6 categories)
-12. DOCUMENTATION (in-app user doc via /documentation - if userDocRequired)
+11. TESTS - Backend (scaffold_tests - 7 categories including real integration)
+12. TESTS - Frontend (scaffold_frontend_tests - Vitest + Testing Library + MSW)
+13. REVIEW (/review-code - security + architecture + quality audit)
+14. DOCUMENTATION (in-app user doc via /documentation - if userDocRequired)
 ```
 
 ### 3b. Client Seed Provider (client projects only)
@@ -151,6 +157,9 @@ export function use{Module}Preferences() {
 | `/workflow` | Automated emails | IWorkflowService.TriggerAsync |
 | `/ai-prompt` | AI assistance | IAiCompletionService |
 | `/feature-full` | Complete feature | Orchestration all skills |
+| `/validate` | After step-04 (backend) | MCP `validate_conventions` on generated code |
+| `/review-code` | After step-07 (tests) | Security (OWASP), architecture, SOLID, performance audit |
+| `/validate-feature` | After step-07 (tests) | Compile + test + API smoke test |
 | `/documentation` | In-app user doc | Documentation page via doc-data.ts + DocRenderer |
 
 ### Notification Integration Pattern

package/templates/skills/application/steps/step-04-backend.md

@@ -13,6 +13,8 @@ next_step: steps/step-05-frontend.md
 - ALWAYS generate Entity + Service + Controller as a unit
 - NEVER skip controller generation - API is required
 - YOU ARE AN ORCHESTRATOR calling MCP, not a generator
+- **NEVER use Write on appsettings*.json** - ALWAYS use Edit (see _resources/config-safety.md)
+- **Replace secret VALUES with `<CONFIGURE_HERE>`** - NEVER delete keys or sections
 
 ## YOUR TASK
 
@@ -531,6 +533,25 @@ Scaffold the SQL objects infrastructure:
 
 **If SqlObjectHelper already exists:** Skip this check.
 
+### Check 6: Convention Validation (RECOMMENDED)
+
+Run MCP convention validation on the generated backend code:
+
+```
+Tool: mcp__smartstack__validate_conventions
+Args:
+  target: "backend"
+  scope: "{entity_name}"
+```
+
+This verifies:
+- Naming conventions (PascalCase entities, correct prefixes)
+- Architecture layers respected (no cross-layer violations)
+- Required attributes present (NavRoute, RequirePermission)
+- DTO patterns followed
+
+IF violations found: Fix them before proceeding to step-05.
+
 ---
 
 ## SUCCESS METRICS