npm - @atlashub/smartstack-cli - Versions diffs - 3.27.0 → 3.29.0 - Mend

@atlashub/smartstack-cli 3.27.0 → 3.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/templates/skills/ralph-loop/steps/step-02-execute.md CHANGED Viewed

@@ -99,6 +99,20 @@ if [ -n "$UPPERCASE_ROUTES" ]; then
   echo "Fix: Use ToKebabCase() helper in route generation (see core-seed-data.md)"
   exit 1
 fi
+# Search for multi-word route segments missing hyphens (e.g., "humanresources" instead of "human-resources")
+MULTI_WORD_ROUTES=$(grep -oP 'Route\s*=\s*"([^"]+)"' Infrastructure/Persistence/Seeding/Data/*/NavigationSeedData.cs 2>/dev/null | grep -P '"[^"]*(?:human(?:resources|resource)|time(?:management|tracking)|project(?:management|member)|leave(?:balance|request))[^"]*"')
+if [ -n "$MULTI_WORD_ROUTES" ]; then
+  echo "❌ BLOCKING: Route segments contain concatenated multi-word names without hyphens"
+  echo "Found: $MULTI_WORD_ROUTES"
+  echo ""
+  echo "Convention: multi-word segments MUST use kebab-case"
+  echo "  humanresources → human-resources"
+  echo "  timemanagement → time-management"
+  echo "Fix: Apply ToKebabCase() to all route segments in NavigationSeedData"
+  exit 1
+fi
 ```
 **Why this matters:**
@@ -164,6 +178,102 @@ fi
 - If `auth_Permissions` is empty → all authorization checks reject → 403 on every endpoint
 - These are **foundational** — without them, ALL subsequent features (frontend, API, tests) are useless
+**POST-CHECK: Section route/permission completeness (BLOCKING — when sections defined)**
+After generating section seed data, verify completeness:
+```bash
+# 1. Verify every NavigationSection seed route has a frontend route match
+SECTION_SEED_FILES=$(find src/ -path "*/Seeding/Data/*" -name "*NavigationSeedData.cs" -exec grep -l 'GetSectionEntries' {} \; 2>/dev/null)
+if [ -n "$SECTION_SEED_FILES" ]; then
+  echo "Sections defined — verifying frontend route matches..."
+  SECTION_ROUTES=$(grep -ohP 'Route\s*=\s*ToKebabCase\(\$?"([^"]+)"\)' $SECTION_SEED_FILES 2>/dev/null | grep -i section)
+  APP_TSX="$WEB_SRC/App.tsx"
+  if [ -n "$APP_TSX" ] && [ -n "$SECTION_ROUTES" ]; then
+    while IFS= read -r ROUTE; do
+      ROUTE_PATH=$(echo "$ROUTE" | grep -oP '"([^"]+)"' | tr -d '"')
+      if [ -n "$ROUTE_PATH" ] && ! grep -q "$ROUTE_PATH" "$APP_TSX" 2>/dev/null; then
+        echo "WARNING: Section route '$ROUTE_PATH' not found in App.tsx — add frontend route"
+      fi
+    done <<< "$SECTION_ROUTES"
+  fi
+  # 2. Verify section-level permissions exist when sections are defined
+  PERM_SEED=$(find . -path "*/Seeding/Data/*" -name "PermissionsSeedData.cs" 2>/dev/null)
+  if [ -n "$PERM_SEED" ]; then
+    for PS in $PERM_SEED; do
+      HAS_SECTION_PERMS=$(grep -c 'sectionCode\|SectionPascal\|Level = PermissionLevel.Section' "$PS" 2>/dev/null)
+      if [ "$HAS_SECTION_PERMS" -eq 0 ]; then
+        echo "BLOCKING: Sections defined but PermissionsSeedData missing section-level permissions: $PS"
+        echo "Fix: Add section-level permission GUIDs and entries per core-seed-data.md Step C2"
+        exit 1
+      fi
+    done
+  fi
+  # 3. Verify section-level role mappings exist
+  ROLE_SEED=$(find . -path "*/Seeding/Data/*" -name "RolesSeedData.cs" 2>/dev/null)
+  if [ -n "$ROLE_SEED" ]; then
+    for RS in $ROLE_SEED; do
+      HAS_SECTION_ROLES=$(grep -c 'sectionCode' "$RS" 2>/dev/null)
+      if [ "$HAS_SECTION_ROLES" -eq 0 ]; then
+        echo "BLOCKING: Sections defined but RolesSeedData missing section-level role mappings: $RS"
+        echo "Fix: Add section-level role-permission entries per core-seed-data.md section 5"
+        exit 1
+      fi
+    done
+  fi
+fi
+```
+**POST-CHECK: Navigation section route CRUD suffix detection (BLOCKING)**
+After generating NavigationSeedData files with sections, verify no route contains `/list` or `/detail` suffixes:
+```bash
+# Detect CRUD suffixes in navigation section routes
+CRUD_ROUTES=$(grep -rn 'Route.*=.*\/list\b\|Route.*=.*\/detail' Infrastructure/Persistence/Seeding/Data/ 2>/dev/null | grep -v '//.*Route')
+if [ -n "$CRUD_ROUTES" ]; then
+  echo "BLOCKING: Navigation section routes contain CRUD suffixes"
+  echo "Convention:"
+  echo "  - 'list' section route = module route (NO /list suffix)"
+  echo "  - 'detail' section route = module route + /:id (NOT /detail/:id)"
+  echo "  - Other sections = module route + /{section-kebab}"
+  echo ""
+  echo "Found:"
+  echo "$CRUD_ROUTES"
+  echo ""
+  echo "Fix: Remove /list suffix (use module route), replace /detail/:id with /:id"
+  exit 1
+fi
+```
+**Why this matters:**
+- React Router defines NO `/list` child route — the module route IS the list view
+- React Router uses `/:id` for detail views, NOT `/detail/:id`
+- Mismatch causes 404 on navigation menu click
+**POST-CHECK: Permission path segment count (WARNING — when permissions defined)**
+```bash
+PERM_FILES=$(find Infrastructure/Persistence/Seeding/Data/ -name "PermissionsSeedData.cs" 2>/dev/null)
+if [ -n "$PERM_FILES" ]; then
+  MALFORMED=$(grep -oP 'Path\s*=\s*"([^"]+)"' $PERM_FILES | grep -oP '"[^"]+"' | tr -d '"' | while read -r path; do
+    DOTS=$(echo "$path" | tr -cd '.' | wc -c)
+    if echo "$path" | grep -qP '\.\*$'; then continue; fi
+    if [ "$DOTS" -lt 3 ] || [ "$DOTS" -gt 5 ]; then
+      echo "  Unexpected segment count ($((DOTS+1))): $path"
+    fi
+  done)
+  if [ -n "$MALFORMED" ]; then
+    echo "WARNING: Permission paths with unexpected segment count:"
+    echo "$MALFORMED"
+    echo "  Expected: 4 segments (module-level) or 5 segments (section-level)"
+  fi
+fi
+```
 **POST-CHECK: DefaultTenantId cross-schema FK validation (WARNING)**
 After generating SeedConstants.cs and DevDataSeeder, verify that `DefaultTenantId` is not a phantom GUID that doesn't exist in `core.tenant_Tenants`:
@@ -244,9 +354,22 @@ npm run lint         # ESLint — MUST exit 0
 If FAIL → read errors → fix TSX/TS files → re-run → loop until pass.
 **Frontend POST-CHECKs (BLOCKING for frontend category):**
+> **Path resolution:** Web projects may live in subdirectories (e.g., `web/app-web/src/pages/`).
+> All POST-CHECKs below use dynamic path discovery instead of hardcoded `src/pages/`.
+```bash
+# Resolve frontend directories dynamically (handles web/ prefix and varied project structures)
+PAGE_DIR=$(find . -path "*/src/pages" -not -path "*/node_modules/*" -type d 2>/dev/null | head -1)
+HOOK_DIR=$(find . -path "*/src/hooks" -not -path "*/node_modules/*" -type d 2>/dev/null | head -1)
+COMP_DIR=$(find . -path "*/src/components" -not -path "*/node_modules/*" -type d 2>/dev/null | head -1)
+WEB_SRC=$(find . -name "App.tsx" -not -path "*/node_modules/*" -exec dirname {} \; 2>/dev/null | head -1)
+# All POST-CHECKs below use $PAGE_DIR, $HOOK_DIR, $COMP_DIR, $WEB_SRC instead of hardcoded paths
+```
 ```bash
 # POST-CHECK: Forms must be full pages — ZERO modals/popups/drawers
-PAGE_FILES=$(find src/pages/ -name "*.tsx" 2>/dev/null)
+PAGE_FILES=$(find "$PAGE_DIR" -name "*.tsx" 2>/dev/null)
 if [ -n "$PAGE_FILES" ]; then
   MODAL_IMPORTS=$(grep -Pn "import.*(?:Modal|Dialog|Drawer|Popup|Sheet)" $PAGE_FILES 2>/dev/null)
   if [ -n "$MODAL_IMPORTS" ]; then
@@ -257,8 +380,92 @@ if [ -n "$PAGE_FILES" ]; then
   fi
 fi
+# POST-CHECK: No raw HTML <table> in page files — MUST use SmartTable/DataTable (BLOCKING)
+PAGE_FILES=$(find "$PAGE_DIR" -name "*.tsx" 2>/dev/null)
+if [ -n "$PAGE_FILES" ]; then
+  RAW_TABLES=$(grep -Pn '<table[\s>]|<thead[\s>]|<tbody[\s>]' $PAGE_FILES 2>/dev/null)
+  if [ -n "$RAW_TABLES" ]; then
+    echo "BLOCKING: Raw HTML <table> detected in page files — MUST use SmartTable or DataTable"
+    echo "SmartStack convention: Lists MUST use SmartTable + SmartFilter (see /ui-components skill)"
+    echo "Import: import { DataTable } from '@/components/ui/DataTable'"
+    echo ""
+    echo "Found:"
+    echo "$RAW_TABLES"
+    exit 1
+  fi
+fi
+# POST-CHECK: No hardcoded Tailwind colors — MUST use CSS variables (BLOCKING)
+PAGE_FILES=$(find "$PAGE_DIR" -name "*.tsx" -o -name "*.tsx" 2>/dev/null | sort -u)
+COMPONENT_FILES=$(find "$COMP_DIR" -name "*.tsx" 2>/dev/null)
+ALL_TSX="$PAGE_FILES $COMPONENT_FILES"
+if [ -n "$ALL_TSX" ]; then
+  # Match bg-{color}-{shade} or text-{color}-{shade} patterns (excluding bg-white, bg-black, bg-transparent, bg-current)
+  HARDCODED_COLORS=$(grep -Pn '(?:bg|text|border|ring|from|to|via)-(?:red|blue|green|yellow|orange|purple|pink|indigo|teal|cyan|emerald|violet|fuchsia|rose|amber|lime|sky|slate|gray|zinc|neutral|stone)-\d{2,3}' $ALL_TSX 2>/dev/null | head -20)
+  if [ -n "$HARDCODED_COLORS" ]; then
+    echo "BLOCKING: Hardcoded Tailwind colors detected — MUST use CSS variables"
+    echo "SmartStack convention: ALL colors via CSS variables for theming support"
+    echo "  bg-blue-600    → bg-[var(--color-accent-600)]"
+    echo "  text-red-500   → text-[var(--error-text)]"
+    echo "  bg-green-100   → bg-[var(--success-bg)]"
+    echo "  bg-gray-50     → bg-[var(--bg-secondary)]"
+    echo ""
+    echo "Found:"
+    echo "$HARDCODED_COLORS"
+    exit 1
+  fi
+fi
+# POST-CHECK: List pages must import SmartTable/DataTable OR EntityCard (WARNING)
+LIST_PAGES=$(find "$PAGE_DIR" -name "*ListPage.tsx" -o -name "*sPage.tsx" 2>/dev/null | grep -v test)
+if [ -n "$LIST_PAGES" ]; then
+  for LP in $LIST_PAGES; do
+    HAS_TABLE=$(grep -c 'SmartTable\|DataTable' "$LP" 2>/dev/null)
+    HAS_CARD=$(grep -c 'EntityCard' "$LP" 2>/dev/null)
+    if [ "$HAS_TABLE" -eq 0 ] && [ "$HAS_CARD" -eq 0 ]; then
+      echo "WARNING: List page missing SmartTable/DataTable or EntityCard: $LP"
+      echo "List pages MUST use SmartStack UI components from /ui-components skill"
+      echo "  Tables: import { DataTable } from '@/components/ui/DataTable'"
+      echo "  Cards:  import { EntityCard } from '@/components/ui/EntityCard'"
+    fi
+  done
+fi
+# POST-CHECK: No window.confirm() — MUST use confirmation component (BLOCKING)
+PAGE_FILES=$(find "$PAGE_DIR" -name "*.tsx" 2>/dev/null)
+if [ -n "$PAGE_FILES" ]; then
+  BAD_CONFIRM=$(grep -Pn 'window\.confirm\s*\(|(?<!\w)confirm\s*\(' $PAGE_FILES 2>/dev/null | grep -v '//' | grep -v test)
+  if [ -n "$BAD_CONFIRM" ]; then
+    echo "BLOCKING: window.confirm() detected — MUST use a SmartStack confirmation component"
+    echo "Native browser dialogs break theming and i18n"
+    echo "Use a ConfirmDialog component with translated messages"
+    echo ""
+    echo "Found:"
+    echo "$BAD_CONFIRM"
+    exit 1
+  fi
+fi
+# POST-CHECK: Pages must handle loading, error, and empty states (WARNING)
+PAGE_FILES=$(find "$PAGE_DIR" -name "*ListPage.tsx" -o -name "*sPage.tsx" 2>/dev/null | grep -v test)
+if [ -n "$PAGE_FILES" ]; then
+  for LP in $PAGE_FILES; do
+    HAS_LOADING=$(grep -c 'loading\|isLoading\|skeleton\|Skeleton\|PageLoader\|spinner' "$LP" 2>/dev/null)
+    HAS_ERROR=$(grep -c 'error\|Error' "$LP" 2>/dev/null)
+    HAS_EMPTY=$(grep -c 'empty\|Empty\|no.*found\|length === 0' "$LP" 2>/dev/null)
+    MISSING=""
+    [ "$HAS_LOADING" -eq 0 ] && MISSING="${MISSING}loading "
+    [ "$HAS_ERROR" -eq 0 ] && MISSING="${MISSING}error "
+    [ "$HAS_EMPTY" -eq 0 ] && MISSING="${MISSING}empty "
+    if [ -n "$MISSING" ]; then
+      echo "WARNING: List page missing state handling ($MISSING): $LP"
+      echo "All list pages MUST handle: loading skeleton, error with retry, empty state"
+    fi
+  done
+fi
 # POST-CHECK: Create/Edit pages must exist for each module with a list page
-LIST_PAGES=$(find src/pages/ -name "*ListPage.tsx" -o -name "*sPage.tsx" 2>/dev/null | grep -v test)
+LIST_PAGES=$(find "$PAGE_DIR" -name "*ListPage.tsx" -o -name "*sPage.tsx" 2>/dev/null | grep -v test)
 if [ -n "$LIST_PAGES" ]; then
   for LP in $LIST_PAGES; do
     DIR=$(dirname "$LP"); MOD=$(basename "$DIR")
@@ -272,9 +479,9 @@ if [ -n "$LIST_PAGES" ]; then
 fi
 # First check: at least one test file must exist in pages/
-PAGE_FILES=$(find src/pages/ -name "*.tsx" ! -name "*.test.tsx" 2>/dev/null)
+PAGE_FILES=$(find "$PAGE_DIR" -name "*.tsx" ! -name "*.test.tsx" 2>/dev/null)
 if [ -n "$PAGE_FILES" ]; then
-  TEST_FILES=$(find src/pages/ -name "*.test.tsx" 2>/dev/null)
+  TEST_FILES=$(find "$PAGE_DIR" -name "*.test.tsx" 2>/dev/null)
   if [ -z "$TEST_FILES" ]; then
     echo "BLOCKING: No frontend test files found in src/pages/"
     echo "Every module with pages MUST have at least one .test.tsx file"
@@ -283,7 +490,7 @@ if [ -n "$PAGE_FILES" ]; then
 fi
 # POST-CHECK: Form pages must have companion test files
-FORM_PAGES=$(find src/pages/ -name "*CreatePage.tsx" -o -name "*EditPage.tsx" 2>/dev/null | grep -v test)
+FORM_PAGES=$(find "$PAGE_DIR" -name "*CreatePage.tsx" -o -name "*EditPage.tsx" 2>/dev/null | grep -v test)
 if [ -n "$FORM_PAGES" ]; then
   for FP in $FORM_PAGES; do
     TEST="${FP%.tsx}.test.tsx"
@@ -295,7 +502,7 @@ if [ -n "$FORM_PAGES" ]; then
 fi
 # POST-CHECK: FK fields must NOT be plain text inputs — use EntityLookup
-FORM_PAGES=$(find src/pages/ -name "*CreatePage.tsx" -o -name "*EditPage.tsx" 2>/dev/null | grep -v test | grep -v node_modules)
+FORM_PAGES=$(find "$PAGE_DIR" -name "*CreatePage.tsx" -o -name "*EditPage.tsx" 2>/dev/null | grep -v test | grep -v node_modules)
 if [ -n "$FORM_PAGES" ]; then
   # Match any input with name ending in "Id" (except hidden inputs)
   FK_TEXT_INPUTS=$(grep -Pn '<input[^>]*name=["\x27][a-zA-Z]*Id["\x27]' $FORM_PAGES 2>/dev/null | grep -v 'type=["\x27]hidden["\x27]')
@@ -326,15 +533,34 @@ if [ -n "$CTRL_FILES" ]; then
   done
 fi
-# POST-CHECK: Route seed data vs frontend cross-validation
+# POST-CHECK: Route seed data vs frontend cross-validation (CONVENTION + EXISTENCE)
 SEED_NAV_FILES=$(find src/ -path "*/Seeding/Data/*" -name "*NavigationSeedData.cs" 2>/dev/null)
-APP_TSX=$(find src/ -name "App.tsx" -not -path "*/node_modules/*" 2>/dev/null | head -1)
+APP_TSX="$WEB_SRC/App.tsx"
 if [ -n "$SEED_NAV_FILES" ] && [ -n "$APP_TSX" ]; then
   SEED_ROUTES=$(grep -ohP 'Route\s*=\s*"([^"]+)"' $SEED_NAV_FILES | sed 's/Route\s*=\s*"//' | sed 's/"//' | sort -u)
   CLIENT_PATHS=$(grep -ohP "path:\s*['\"]([^'\"]+)['\"]" "$APP_TSX" | sed "s/path:\s*['\"]//;s/['\"]//" | sort -u)
   if [ -n "$SEED_ROUTES" ] && [ -z "$CLIENT_PATHS" ]; then
     echo "WARNING: Seed data has navigation routes but App.tsx has no client routes defined"
   fi
+  # Cross-check: frontend paths must use same kebab-case segments as backend API routes
+  API_CONTROLLERS=$(find src/ -path "*/Controllers/*" -name "*Controller.cs" 2>/dev/null)
+  if [ -n "$API_CONTROLLERS" ] && [ -n "$CLIENT_PATHS" ]; then
+    API_SEGMENTS=$(grep -ohP '\[Route\("api/([^"]+)"\)\]' $API_CONTROLLERS | sed 's/\[Route("api\///;s/")\]//' | tr '/' '\n' | sort -u)
+    for SEG in $API_SEGMENTS; do
+      # Check if frontend path contains same segment (kebab-case match)
+      if echo "$SEG" | grep -qP '[a-z]+-[a-z]+'; then
+        # Multi-word segment like "human-resources" — verify frontend uses same convention
+        NO_HYPHEN=$(echo "$SEG" | tr -d '-')
+        if echo "$CLIENT_PATHS" | grep -q "$NO_HYPHEN"; then
+          echo "BLOCKING: Frontend route uses '$NO_HYPHEN' but backend API uses '$SEG' (kebab-case)"
+          echo "Fix: Frontend paths MUST match backend route convention"
+          echo "  Backend: api/business/$SEG/..."
+          echo "  Frontend: /business/$SEG/... (NOT /business/$NO_HYPHEN/...)"
+          exit 1
+        fi
+      fi
+    done
+  fi
 fi
 # POST-CHECK: HasQueryFilter anti-pattern
@@ -359,20 +585,78 @@ if [ -n "$SERVICE_FILES" ]; then
   fi
 fi
-# POST-CHECK: i18n required key structure
-FR_I18N_FILES=$(find src/i18n/locales/fr/ -name "*.json" 2>/dev/null)
-if [ -n "$FR_I18N_FILES" ]; then
-  for f in $FR_I18N_FILES; do
+# POST-CHECK: i18n file structure — per-module JSON files MUST exist (BLOCKING)
+WEB_DIR=$(find . -name "App.tsx" -not -path "*/node_modules/*" -exec dirname {} \; 2>/dev/null | head -1)
+if [ -n "$WEB_DIR" ]; then
+  I18N_DIR="$WEB_DIR/i18n/locales"
+  if [ -d "$I18N_DIR" ]; then
+    for LANG in fr en it de; do
+      LANG_DIR="$I18N_DIR/$LANG"
+      if [ ! -d "$LANG_DIR" ]; then
+        echo "BLOCKING: Missing i18n locale directory: $LANG_DIR"
+        echo "All 4 languages (fr, en, it, de) MUST have a dedicated directory"
+        exit 1
+      fi
+      # Check for at least one module-specific JSON (not just common.json)
+      MODULE_JSONS=$(find "$LANG_DIR" -name "*.json" ! -name "common.json" ! -name "navigation.json" 2>/dev/null)
+      if [ -z "$MODULE_JSONS" ]; then
+        echo "BLOCKING: No module translation files in $LANG_DIR/"
+        echo "Each module MUST have src/i18n/locales/$LANG/{moduleLower}.json"
+        exit 1
+      fi
+    done
+  else
+    echo "BLOCKING: Missing i18n/locales directory — i18n file structure not created"
+    echo "Expected: src/i18n/locales/{fr,en,it,de}/{module}.json"
+    exit 1
+  fi
+fi
+# POST-CHECK: i18n required key structure (BLOCKING — upgraded from WARNING)
+if [ -d "$I18N_DIR/fr" ]; then
+  for f in $(find "$I18N_DIR/fr/" -name "*.json" 2>/dev/null); do
     BASENAME=$(basename "$f")
     case "$BASENAME" in common.json|navigation.json) continue;; esac
-    for KEY in "actions" "labels" "errors"; do
+    for KEY in "actions" "labels" "errors" "messages" "empty"; do
       if ! grep -q "\"$KEY\"" "$f"; then
-        echo "WARNING: i18n file missing required key '$KEY': $f"
+        echo "BLOCKING: i18n file missing required key group '$KEY': $f"
+        echo "All module i18n files MUST contain: actions, labels, errors, messages, empty"
+        exit 1
       fi
     done
   done
 fi
+# POST-CHECK: Pages must NOT contain hardcoded English UI text (BLOCKING)
+PAGE_FILES=$(find "$PAGE_DIR" -name "*.tsx" ! -name "*.test.tsx" 2>/dev/null)
+if [ -n "$PAGE_FILES" ]; then
+  # Detect common hardcoded English patterns in JSX (excluding imports/comments/code)
+  HARDCODED_TEXT=$(grep -Pn '>\s*(Create|Edit|Delete|Save|Cancel|Search|Loading|Error|No .* found|Are you sure|Submit|Back|Actions|Status|Name|Description|Total)\s*<' $PAGE_FILES 2>/dev/null | grep -v '//' | grep -v 'test' | head -20)
+  if [ -n "$HARDCODED_TEXT" ]; then
+    echo "BLOCKING: Hardcoded English UI text found in page files"
+    echo "ALL visible text MUST use t() from useTranslation() — NEVER hardcode strings"
+    echo "Pattern: t('{module}:actions.create', 'Create') — namespace + fallback"
+    echo ""
+    echo "Found:"
+    echo "$HARDCODED_TEXT"
+    exit 1
+  fi
+fi
+# POST-CHECK: Hooks must NOT contain hardcoded error messages (BLOCKING)
+HOOK_FILES=$(find "$HOOK_DIR" -name "*.ts" -o -name "*.tsx" 2>/dev/null)
+if [ -n "$HOOK_FILES" ]; then
+  HARDCODED_ERRORS=$(grep -Pn "(setError|throw new Error)\(['\"](?!t\()[A-Z][a-z]+" $HOOK_FILES 2>/dev/null | head -15)
+  if [ -n "$HARDCODED_ERRORS" ]; then
+    echo "BLOCKING: Hardcoded error messages in hooks — MUST use i18n t() function"
+    echo "Hooks must import useTranslation and use t('{module}:errors.loadFailed') for all messages"
+    echo ""
+    echo "Found:"
+    echo "$HARDCODED_ERRORS"
+    exit 1
+  fi
+fi
 # POST-CHECK: SeedConstants must NOT contain ContextId (pre-seeded by SmartStack core)
 SEED_CONST_FILES=$(find src/ -path "*/Seeding/*" -name "SeedConstants.cs" 2>/dev/null)
 if [ -n "$SEED_CONST_FILES" ]; then
@@ -414,12 +698,24 @@ if [ -n "$SERVICE_FILES" ]; then
   BAD_PATTERN=$(grep -Pn 'TenantId!\s*\.Value|TenantId!\s*\.ToString|\.TenantId!' $SERVICE_FILES 2>/dev/null)
   if [ -n "$BAD_PATTERN" ]; then
     echo "BLOCKING: TenantId!.Value causes 500 when tenant context is missing"
-    echo "Fix: var tenantId = _currentTenant.TenantId ?? throw new UnauthorizedAccessException(\"Tenant context is required\");"
+    echo "Fix: var tenantId = _currentTenant.TenantId ?? throw new TenantContextRequiredException();"
+    echo "NEVER use UnauthorizedAccessException for tenant context — it returns 401 which clears the frontend token."
     echo "$BAD_PATTERN"
     exit 1
   fi
 fi
+# POST-CHECK: Services must NOT use UnauthorizedAccessException for tenant context (causes token clearing)
+if [ -n "$SERVICE_FILES" ]; then
+  BAD_UNAUTH=$(grep -Pn 'UnauthorizedAccessException.*[Tt]enant' $SERVICE_FILES 2>/dev/null)
+  if [ -n "$BAD_UNAUTH" ]; then
+    echo "BLOCKING: Services use UnauthorizedAccessException for tenant context — causes 401 which clears the frontend token"
+    echo "$BAD_UNAUTH"
+    echo "Fix: var tenantId = _currentTenant.TenantId ?? throw new TenantContextRequiredException();"
+    exit 1
+  fi
+fi
 # POST-CHECK: IAuditableEntity + Validator pairing
 ENTITY_FILES=$(find src/ -path "*/Domain/Entities/Business/*" -name "*.cs" 2>/dev/null)
 if [ -n "$ENTITY_FILES" ]; then

package/templates/skills/ralph-loop/steps/step-03-commit.md CHANGED Viewed

@@ -24,9 +24,9 @@ if [ "{current_task_category}" != "frontend" ] && [ "{current_task_category}" !=
   dotnet build --no-restore --verbosity quiet
 fi
-# Frontend: typecheck must pass
+# Frontend: typecheck + lint must pass
 if [ "{current_task_category}" = "frontend" ]; then
-  npm run typecheck
+  npm run typecheck && npm run lint
 fi
 # Tests: full suite if test project exists

package/templates/skills/ralph-loop/steps/step-04-check.md CHANGED Viewed

@@ -80,7 +80,7 @@ fi
 ```javascript
 const presentCategories = new Set(prd.tasks.map(t => t.category));
-const REQUIRED_CATEGORIES = ['domain', 'infrastructure', 'application', 'api', 'frontend', 'test'];
+const REQUIRED_CATEGORIES = ['domain', 'infrastructure', 'application', 'api', 'seedData', 'frontend', 'test'];
 const missingFromPrd = REQUIRED_CATEGORIES.filter(c => !presentCategories.has(c));
 if (missingFromPrd.length > 0) {
@@ -90,6 +90,7 @@ if (missingFromPrd.length > 0) {
   let maxIdNum = Math.max(...prd.tasks.map(t => parseInt(t.id.replace(/[^0-9]/g, ''), 10) || 0));
   const prefix = prd.tasks[0]?.id?.replace(/[0-9]+$/, '') || 'GUARD-';
   const lastApiTask = prd.tasks.filter(t => t.category === 'api').pop()?.id;
+  const lastSeedDataTask = prd.tasks.filter(t => t.category === 'seedData').pop()?.id;
   for (const cat of missingFromPrd) {
     maxIdNum++;
@@ -98,7 +99,7 @@ if (missingFromPrd.length > 0) {
       id: taskId,
       description: `[GUARDRAIL] Generate missing ${cat} layer for ${prd.project?.module || 'module'}`,
       status: 'pending', category: cat,
-      dependencies: lastApiTask ? [lastApiTask] : [],
+      dependencies: lastSeedDataTask ? [lastSeedDataTask] : (lastApiTask ? [lastApiTask] : []),
       acceptance_criteria: [
         cat === 'frontend' ? 'React pages + routes wired to App.tsx (standard + tenant blocks)' :
         cat === 'test' ? 'Unit + integration test projects with passing dotnet test' :
@@ -179,7 +180,7 @@ if (fileExists(queuePath)) {
   // MODULE COMPLETENESS CHECK (lightweight — heavy check already done in section 1.7)
   // Verify all expected layers have completed tasks
   const completedCats = new Set(prd.tasks.filter(t => t.status === 'completed').map(t => t.category));
-  const expected = ['domain', 'infrastructure', 'application', 'api', 'frontend', 'test'];
+  const expected = ['domain', 'infrastructure', 'application', 'api', 'seedData', 'frontend', 'test'];
   const missing = expected.filter(c => !completedCats.has(c));
   if (missing.length > 0) {

package/templates/skills/ralph-loop/steps/step-05-report.md CHANGED Viewed

@@ -70,7 +70,57 @@ if [ -d "$TEST_PROJECT" ]; then
 fi
 ```
-### 1e. Final DB Validation (if infrastructure/migration tasks were executed)
+### 1e. Frontend Quality Metrics (if frontend tasks were executed)
+```bash
+WEB_SRC=$(find . -name "App.tsx" -not -path "*/node_modules/*" -exec dirname {} \; 2>/dev/null | head -1)
+if [ -n "$WEB_SRC" ]; then
+  PAGE_DIR="$WEB_SRC/pages"
+  HOOK_DIR="$WEB_SRC/hooks"
+  COMP_DIR="$WEB_SRC/components"
+  I18N_DIR="$WEB_SRC/i18n/locales"
+  # Count metrics
+  PAGE_COUNT=$(find "$PAGE_DIR" -name "*.tsx" ! -name "*.test.tsx" 2>/dev/null | wc -l)
+  TEST_COUNT=$(find "$PAGE_DIR" -name "*.test.tsx" 2>/dev/null | wc -l)
+  HOOK_COUNT=$(find "$HOOK_DIR" -name "*.ts" -o -name "*.tsx" 2>/dev/null | wc -l)
+  # Quality checks
+  RAW_TABLES=$(grep -rl '<table[\s>]' "$PAGE_DIR" --include="*.tsx" 2>/dev/null | wc -l)
+  HARDCODED_COLORS=$(grep -rl '(?:bg|text|border)-(?:red|blue|green|gray|slate)-\d{2,3}' "$PAGE_DIR" "$COMP_DIR" --include="*.tsx" 2>/dev/null | wc -l)
+  CSS_VARS=$(grep -rl 'var(--' "$PAGE_DIR" "$COMP_DIR" --include="*.tsx" 2>/dev/null | wc -l)
+  WINDOW_CONFIRM=$(grep -rl 'window\.confirm' "$PAGE_DIR" --include="*.tsx" 2>/dev/null | wc -l)
+  HARDCODED_TEXT=$(grep -rl '>\s*\(Create\|Edit\|Delete\|Save\|Cancel\)\s*<' "$PAGE_DIR" --include="*.tsx" 2>/dev/null | wc -l)
+  USE_TRANSLATION=$(grep -rl 'useTranslation' "$PAGE_DIR" --include="*.tsx" 2>/dev/null | wc -l)
+  SMART_TABLE=$(grep -rl 'SmartTable\|DataTable' "$PAGE_DIR" --include="*.tsx" 2>/dev/null | wc -l)
+  # i18n coverage
+  I18N_LANGS=0
+  for LANG in fr en it de; do
+    [ -d "$I18N_DIR/$LANG" ] && I18N_LANGS=$((I18N_LANGS + 1))
+  done
+fi
+```
+Include frontend metrics in report section:
+```markdown
+## Frontend Quality
+| Metric | Value | Target |
+|--------|-------|--------|
+| Pages | {PAGE_COUNT} | — |
+| Tests | {TEST_COUNT} | ≥ {PAGE_COUNT/3} |
+| Hooks | {HOOK_COUNT} | — |
+| SmartTable/DataTable usage | {SMART_TABLE} files | All list pages |
+| Raw HTML tables | {RAW_TABLES} files | 0 |
+| CSS variable usage | {CSS_VARS} files | All TSX files |
+| Hardcoded colors | {HARDCODED_COLORS} files | 0 |
+| useTranslation() usage | {USE_TRANSLATION} files | All page files |
+| Hardcoded English text | {HARDCODED_TEXT} files | 0 |
+| window.confirm() usage | {WINDOW_CONFIRM} files | 0 |
+| i18n languages | {I18N_LANGS}/4 | 4 |
+```
+### 1f. Final DB Validation (if infrastructure/migration tasks were executed)
 ```bash
 INFRA_PROJECT=$(ls src/*Infrastructure*/*.csproj 2>/dev/null | head -1)