@atlashub/smartstack-cli 3.28.0 → 3.29.0

package/templates/skills/business-analyse/references/agent-module-prompt.md

@@ -132,17 +132,19 @@ Execute ALL compilation sections:
 - Functional Requirements
 - Permission matrix (CRUD per entity + module admin)
 - Navigation seed data (7 arrays — CRITICAL)
-- i18n keys (4 languages: fr, en, nl, de)
+- i18n keys (4 languages: fr, en, it, de)
 - API endpoints summary
 
-**CRITICAL for seed data — 7 mandatory arrays:**
-1. navigationModules (1 entry)
-2. navigationSections (1 per section)
-3. navigationResources (1+ per section)
-4. navigationTranslations (4 languages × all entries)
-5. permissions (CRUD per entity)
-6. rolePermissions (admin=all, manager=most, contributor=create+read+update, viewer=read)
-7. permissionConstants (C# constant names)
+**CRITICAL for seed data — 9 mandatory arrays:**
+1. navigationApplications (1 entry — application-level, created ONCE per app)
+2. applicationRoles (4 entries — admin, manager, contributor, viewer)
+3. navigationModules (1 entry per module)
+4. navigationSections (1 per section)
+5. navigationResources (1+ per section)
+6. navigationTranslations (4 languages × all entries)
+7. permissions (wildcard + CRUD per module — {path, action, description} format)
+8. rolePermissions (admin=wildcard, manager=CRU, contributor=CR, viewer=R)
+9. permissionConstants (C# constant names)
 
 ### Step 5: Validate & Propose (step-03d-validate.md)
 Load: `templates/skills/business-analyse/steps/step-03d-validate.md`

package/templates/skills/business-analyse/references/consolidation-structural-checks.md

@@ -23,7 +23,7 @@
 | `specification.seedDataBusiness` | YES | Must define reference/lookup seed data for testing (types, categories, statuses) |
 | `specification.gherkinScenarios` | YES | Must be `{feature, scenarios[]}` (NOT flat array) |
 | `specification.navigation` | YES | Must have entries[] |
-| `specification.i18nKeys[]` | YES | Must have >=1 key with fr, en, nl, de |
+| `specification.i18nKeys[]` | YES | Must have >=1 key with fr, en, it, de |
 | `validation` | YES | Must have completenessChecks, consistencyChecks, semanticChecks, decision |
 
 ## B. Field Name Conformity
@@ -46,7 +46,8 @@
 | BR | `BR-(VAL\|CALC\|WF\|SEC\|DATA)-{PREFIX}-\d{3}` | BR-VAL-RM-001 |
 | UC | `UC-{PREFIX}-\d{3}` | UC-RM-001 |
 | FR | `FR-{PREFIX}-\d{3}` | FR-RM-001 |
-| Permissions | `business.{app}.{module}.{resource}.{action}` | business.freebike.repairs.create |
+| Permissions (module) | `business.{app}.{module}.{action}` | business.freebike.repairs.create |
+| Permissions (section) | `business.{app}.{module}.{section}.{action}` | business.freebike.repairs.dashboard.read |
 
 ## D. Cross-Module ID Uniqueness
 
@@ -71,7 +72,7 @@ FOR each region: IF missing position or components[] -> ERROR
 
 ```
 FOR each navigationModules[].code:
-  FOR each language in [fr, en, nl, de]:
+  FOR each language in [fr, en, it, de]:
     IF NOT EXISTS navigationTranslations[] with moduleCode AND language -> ERROR
 ```
 

package/templates/skills/business-analyse/references/deploy-modes.md

@@ -37,7 +37,7 @@ Focused handoff for changes:
 |-------|-----------|
 | All modules missing handoff data | Return to step-05a-handoff.md. Handoff MUST be written to each module feature.json. |
 | prd.json generation failed | Verify ss derive-prd command is installed and feature.json path is correct. |
-| progress.txt incomplete | Ensure all 5 CORE SeedData entries are present per module. Check topological order. |
+| progress.txt incomplete | Ensure all CORE SeedData entries are present: 2 app-level (NavigationApplication + ApplicationRoles) + per module (NavigationModule + NavigationSections + Permissions + Roles). Check topological order. |
 | BA manifest not found | Create docs/business/index.json if missing. Use schema provided in section 3. |
 | Manifest entries incorrect | Verify appCode, moduleCode, and version match feature.json metadata exactly. |
 | ba-interactive.html is too small (< 100KB) | FEATURE_DATA not serialized correctly. Verify JSON structure. Re-run FEATURE_DATA build. |

package/templates/skills/business-analyse/references/handoff-file-templates.md

@@ -90,16 +90,16 @@ From `specification.uiWireframes[]`, `specification.dashboards[]` and `analysis.
 
 ## 4.6 SeedData Files
 
-**OBLIGATORY: 6 CORE (1 app-level + 5 per module) + business per module:**
+**OBLIGATORY: 2 app-level CORE + per module CORE (NavigationModule + NavigationSections + Permissions + Roles) + business per module:**
 
 ```json
 "seedData": [
   { "path": "src/Infrastructure/Persistence/Seeding/Data/NavigationApplicationSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.navigationApplications", "module": "shared", "description": "Application-level navigation seed data. Created ONCE per application (FIRST). Provides ApplicationId for modules and roles." },
+  { "path": "src/Infrastructure/Persistence/Seeding/Data/ApplicationRolesSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.rolePermissions", "module": "shared", "description": "Application-scoped role definitions (admin, manager, contributor, viewer). Created ONCE per application. Provides role entries for SeedRolesAsync()." },
   { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/NavigationModuleSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.navigationModules", "module": "{moduleCode}" },
+  { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/NavigationSectionSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.navigationSections", "module": "{moduleCode}", "description": "MANDATORY when sections defined. Seeds section-level navigation entries (list, dashboard, etc.) with full absolute routes." },
   { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/PermissionsSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.permissions", "module": "{moduleCode}" },
-  { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/RolesSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.roles", "module": "{moduleCode}" },
-  { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/TenantSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.tenants", "module": "{moduleCode}" },
-  { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/UserSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.users", "module": "{moduleCode}" },
+  { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/RolesSeedData.cs", "type": "SeedData", "category": "core", "source": "specification.seedDataCore.rolePermissions", "module": "{moduleCode}" },
   { "path": "src/Infrastructure/Persistence/Seeding/Data/{ModuleName}/{Entity}SeedData.cs", "type": "SeedData", "category": "business", "source": "specification.seedDataBusiness.{module}", "module": "{moduleCode}" }
 ]
 ```

package/templates/skills/business-analyse/references/robustness-checks.md

@@ -17,7 +17,7 @@ This document consolidates all robustness checks implemented across the business
 
 Ensures each module has ALL required components before being marked as "specified". Prevents incomplete modules from reaching step-04 consolidation.
 
-### Checks (30 total)
+### Checks (31 total)
 
 #### SECTION 1: Data Model (3 checks)
 
@@ -50,38 +50,41 @@ Ensures each module has ALL required components before being marked as "specifie
 | # | Check | Minimum | Blocking | Rationale |
 |---|-------|---------|----------|-----------|
 | 4.1 | Permissions count | ≥5 | YES | CRUD (4) + 1 business action minimum |
-| 4.2 | Permission format | `business.{app}.{module}.{resource}.{action}` | YES | Wrong format breaks RBAC system |
+| 4.2 | Permission format | Module: `business.{app}.{module}.{action}` or Section: `business.{app}.{module}.{section}.{action}` | YES | Wrong format breaks RBAC system |
 | 4.3 | Role permissions | All roles have ≥1 permission | YES | Roles without permissions are useless |
 
-#### SECTION 5: UI & Navigation (3 checks)
+#### SECTION 5: UI & Navigation (4 checks)
 
 | # | Check | Minimum | Blocking | Rationale |
 |---|-------|---------|----------|-----------|
 | 5.1 | Sections count | ≥2 | YES | Modules need list + form minimum |
 | 5.2 | Wireframes count | 1 per section | YES | EVERY section MUST have wireframe |
 | 5.3 | Navigation entries | ≥1 | YES | Module must be accessible in menu |
+| 5.4 | Navigation route patterns | No `/list` or `/detail/:id` suffixes | YES | list route = module route (index), detail route = module + /:id. FORBIDDEN: `/module/list`, `/module/detail/:id` |
 
 #### SECTION 6: I18N & Messages (3 checks)
 
 | # | Check | Minimum | Blocking | Rationale |
 |---|-------|---------|----------|-----------|
 | 6.1 | i18n keys count | ≥42 | YES | Entities, fields, messages, validation, navigation |
-| 6.2 | i18n languages | All keys have 4 languages (fr/en/nl/de) | YES | Missing translations break multi-language |
+| 6.2 | i18n languages | All keys have 4 languages (fr/en/it/de) | YES | Missing translations break multi-language |
 | 6.3 | Messages count | ≥4 | YES | 1 success, 1 error, 1 warning, 1 info minimum |
 
 #### SECTION 7: Seed Data (2 checks)
 
 | # | Check | Minimum | Blocking | Rationale |
 |---|-------|---------|----------|-----------|
-| 7.1 | CORE seed data sections | All 5 sections present | YES | Missing CORE data breaks deployment |
+| 7.1 | CORE seed data sections | All 7 sections present | YES | Missing CORE data breaks deployment |
 | 7.2 | Business seed data | Template defined | NO (WARNING) | Helps with testing |
 
 **CORE sections required:**
 1. `navigationModules`
-2. `navigationTranslations`
-3. `permissions`
-4. `rolePermissions`
-5. `permissionConstants`
+2. `navigationSections`
+3. `navigationResources`
+4. `navigationTranslations`
+5. `permissions`
+6. `rolePermissions`
+7. `permissionConstants`
 
 #### SECTION 8: API Endpoints (2 checks)
 

package/templates/skills/business-analyse/references/spec-auto-inference.md

@@ -90,15 +90,15 @@ IF entity has lifeCycles:
 ### Detail section auto-generation
 
 When auto-generating the detail section, create:
-- `specification.sections[]` entry with `code: "detail"`, `navigation: "hidden"`, route `/business/{app}/{module}/detail/:id`
+- `specification.sections[]` entry with `code: "detail"`, `navigation: "hidden"`, route `/business/{app}/{module}/:id`
 - `specification.uiWireframes[]` entry with `section: "detail"` and ASCII mockup showing all tabs
 - Resources: `{module}-detail-header` (DetailHeader), `{module}-detail-tabs` (TabPanel), `{module}-info-card` (DetailCard), one `{module}-{relation}-grid` per relation tab, `{module}-history` (Timeline if auditable)
 
 ### Detail page navigation wiring
 
 The detail page is NOT a sidebar entry. Navigation is handled by:
-- **From list**: row click action `navigate:detail` → `/business/{app}/{module}/detail/{id}`
-- **Back button**: detail header → `/business/{app}/{module}/list`
+- **From list**: row click action `navigate:detail` → `/business/{app}/{module}/{id}`
+- **Back button**: detail header → `/business/{app}/{module}`
 - **Route registration**: route MUST be registered in frontend routing with `:id` parameter
 
 ## Status/Lifecycle Enhancement

package/templates/skills/business-analyse/references/ui-resource-cards.md

@@ -8,7 +8,7 @@
 {
   "code": "list",
   "labels": { "fr": "Liste", "en": "List", "it": "Elenco", "de": "Liste" },
-  "route": "/business/{app}/{module}/list",
+  "route": "/business/{app}/{module}",
   "icon": "list",
   "permission": "business.{app}.{module}.read",
   "wireframe": "{module}-list",
@@ -81,7 +81,7 @@
 {
   "code": "detail",
   "labels": { "fr": "Détail", "en": "Detail", "it": "Dettaglio", "de": "Detail" },
-  "route": "/business/{app}/{module}/detail/:id",
+  "route": "/business/{app}/{module}/:id",
   "icon": "file-text",
   "permission": "business.{app}.{module}.read",
   "wireframe": "{module}-detail",
@@ -238,7 +238,7 @@ A wireframe without `componentMapping` or `layout` will FAIL validation in step
     "type": "page",
     "regions": [
       { "id": "header", "position": "top", "components": [
-        { "type": "BackButton", "target": "/business/{app}/{module}/list" },
+        { "type": "BackButton", "target": "/business/{app}/{module}" },
         { "type": "DetailHeader", "resourceRef": "{module}-detail-header" },
         { "type": "StatusBadge", "resourceRef": "{module}-status" }
       ]},

package/templates/skills/business-analyse/references/validation-checklist.md

@@ -115,10 +115,10 @@ const checklist = {
   },
 
   permissionFormat: {
-    check: "All permissions use full format: business.{app}.{module}.{resource}.{action}",
+    check: "All permissions use correct format: module-level business.{app}.{module}.{action} or section-level business.{app}.{module}.{section}.{action}",
     status: validatePermissionFormat() ? "PASS" : "FAIL",
     blocking: true,
-    details: "Wrong format breaks RBAC system"
+    details: "Wrong format breaks RBAC system. Module-level = 4 segments, section-level = 5 segments."
   },
 
   rolePermissions: {
@@ -168,6 +168,24 @@ const checklist = {
     details: "Module must be accessible in menu"
   },
 
+  navigationRoutePatterns: {
+    check: "Navigation routes do NOT contain CRUD suffixes (/list, /detail/:id)",
+    status: (() => {
+      const allRoutes = [
+        ...(specification.seedDataCore?.navigationSections || []).map(s => s.route),
+        ...(specification.sections || []).map(s => s.route),
+        ...(specification.navigation?.entries || []).map(e => e.route)
+      ].filter(Boolean);
+      const forbidden = allRoutes.filter(r => r.match(/\/list$/) || r.match(/\/detail\/:id$/));
+      return forbidden.length === 0 ? "PASS" : "FAIL";
+    })(),
+    blocking: true,
+    details: "FORBIDDEN: /module/list (use /module), /module/detail/:id (use /module/:id). " +
+             "list route = module route (React Router index route). " +
+             "detail route = module route + /:id (React Router :id child). " +
+             "Other sections (dashboard, approve) add /{section} normally."
+  },
+
   // SECTION 6: I18N & MESSAGES (BLOCKING)
   i18nKeys: {
     minimum: 42,  // Realistic minimum for a module
@@ -178,7 +196,7 @@ const checklist = {
   },
 
   i18nLanguages: {
-    check: "All i18n keys have 4 languages (fr, en, nl, de)",
+    check: "All i18n keys have 4 languages (fr, en, it, de)",
     status: validateI18nCompleteness() ? "PASS" : "FAIL",
     blocking: true,
     details: "Missing translations break multi-language support"

package/templates/skills/business-analyse/schemas/sections/specification-schema.json

@@ -26,7 +26,7 @@
           "id": { "type": "string", "pattern": "^UC-[A-Z]{2,4}-\\d{3}$", "description": "Module-prefixed UC ID (e.g., UC-RM-001)" },
           "name": { "type": "string" },
           "primaryActor": { "type": "string" },
-          "permission": { "type": "string", "description": "business.{app}.{module}.{action}" },
+          "permission": { "type": "string", "description": "Module-level: business.{app}.{module}.{action} or section-level: business.{app}.{module}.{section}.{action}" },
           "preconditions": { "type": "array", "items": { "type": "string" } },
           "postconditions": { "type": "array", "items": { "type": "string" } },
           "mainScenario": { "type": "array", "items": { "type": "string" } },
@@ -82,7 +82,7 @@
             "type": "object",
             "required": ["path", "action"],
             "properties": {
-              "path": { "type": "string", "description": "business.{app}.{module}.{action}" },
+              "path": { "type": "string", "description": "Module-level: business.{app}.{module}.{action} or section-level: business.{app}.{module}.{section}.{action}" },
               "action": { "type": "string", "enum": ["read", "create", "update", "delete", "export", "import", "admin", "*"] },
               "description": { "type": "string" }
             }
@@ -382,8 +382,36 @@
     },
     "seedDataCore": {
       "type": "object",
-      "description": "7 mandatory SmartStack core SeedData definitions (modules, sections, resources, translations, permissions, rolePermissions, permissionConstants)",
+      "description": "9 mandatory SmartStack core SeedData definitions (navigationApplications, applicationRoles, modules, sections, resources, translations, permissions, rolePermissions, permissionConstants)",
       "properties": {
+        "navigationApplications": {
+          "type": "array",
+          "description": "Level 2 (Application) navigation entry for core.nav_Applications table. Created ONCE per application (FIRST). Provides ApplicationId for modules and roles.",
+          "items": {
+            "type": "object",
+            "required": ["code", "label", "icon", "route"],
+            "properties": {
+              "code": { "type": "string", "description": "Application code (PascalCase, e.g., HumanResources)" },
+              "label": { "type": "string", "description": "Application label in default language" },
+              "icon": { "type": "string", "description": "Lucide icon name" },
+              "route": { "type": "string", "description": "Full route path (e.g., /business/human-resources)" },
+              "sort": { "type": "integer", "description": "Display order" }
+            }
+          }
+        },
+        "applicationRoles": {
+          "type": "array",
+          "description": "Application-scoped role definitions (admin, manager, contributor, viewer). Created ONCE per application. Used by SeedRolesAsync() in IClientSeedDataProvider.",
+          "items": {
+            "type": "object",
+            "required": ["code", "name", "permissions"],
+            "properties": {
+              "code": { "type": "string", "description": "Role code (e.g., admin, manager, contributor, viewer)" },
+              "name": { "type": "string", "description": "Human-readable role name" },
+              "permissions": { "type": "string", "description": "Permission level: wildcard(*), CRU, CR, R" }
+            }
+          }
+        },
         "navigationModules": {
           "type": "array",
           "items": {
@@ -406,7 +434,7 @@
             "type": "object",
             "required": ["code", "label", "icon", "route", "parentCode", "permission"],
             "properties": {
-              "code": { "type": "string", "description": "Section code (list, detail, create, dashboard)" },
+              "code": { "type": "string", "description": "Section code (list, detail, dashboard, approve, import, etc.)" },
               "label": { "type": "string", "description": "Section label in default language (fr)" },
               "icon": { "type": "string", "description": "Lucide icon name" },
               "route": { "type": "string", "description": "Full route path" },
@@ -486,7 +514,7 @@
         "type": "object",
         "required": ["code", "labels", "route", "permission", "wireframe", "useCases", "resources"],
         "properties": {
-          "code": { "type": "string", "description": "Section code (kebab-case: list, detail, create, dashboard)" },
+          "code": { "type": "string", "description": "Section code (kebab-case: list, detail, dashboard, approve, import, etc.)" },
           "labels": {
             "type": "object",
             "properties": {

package/templates/skills/business-analyse/steps/step-03b-ui.md

@@ -243,7 +243,7 @@ A wireframe without `componentMapping` or `layout` will FAIL validation in step
 
 Adaptation rules for the detail mockup:
 - **Header**: entity code + name + status badge (if lifeCycles) + action buttons (edit, delete)
-- **Back button**: navigates to `/business/{app}/{module}/list`
+- **Back button**: navigates to `/business/{app}/{module}`
 - **Tabs**: one per identified tab (Info + relations + history)
 - **Info tab content**: all entity attributes as label:value pairs (read-only by default)
 - **Edit button**: toggles the Info tab into SmartForm edit mode
@@ -261,7 +261,7 @@ Transition buttons are contextual: only show actions allowed from the current st
 5. **Store** in `specification.uiWireframes[]` with `section: "detail"`.
    See [references/ui-resource-cards.md](../references/ui-resource-cards.md) "Detail Page Wireframe" for exact JSON format.
 
-6. **Create the detail section** in `specification.sections[]` with `navigation: "hidden"` and route `/business/{app}/{module}/detail/:id`.
+6. **Create the detail section** in `specification.sections[]` with `navigation: "hidden"` and route `/business/{app}/{module}/:id`.
    See [references/ui-resource-cards.md](../references/ui-resource-cards.md) "Detail Page section" for exact JSON format.
 
 ### 3b-bis. Wireframe-to-Component Mapping

package/templates/skills/business-analyse/steps/step-03c-compile.md

@@ -236,16 +236,18 @@ Roles × resources × operations with full paths.
 >     { "path": "business.{app}.{module}.create", "action": "create", "description": "Create new records" },
 >     { "path": "business.{app}.{module}.update", "action": "update", "description": "Update existing records" },
 >     { "path": "business.{app}.{module}.delete", "action": "delete", "description": "Delete records" },
->     { "path": "business.{app}.{module}.export", "action": "export", "description": "Export data" }
+>     { "path": "business.{app}.{module}.export", "action": "export", "description": "Export data" },
+>     { "path": "business.{app}.{module}.dashboard.read", "action": "read", "description": "View dashboard (section-level)" }
 >   ],
 >   "roleAssignments": [
->     { "role": "{App} Admin", "permissions": ["business.{app}.{module}.read", "business.{app}.{module}.create", "business.{app}.{module}.update", "business.{app}.{module}.delete", "business.{app}.{module}.export"] },
->     { "role": "{App} Manager", "permissions": ["business.{app}.{module}.read", "business.{app}.{module}.create", "business.{app}.{module}.update"] },
+>     { "role": "{App} Admin", "permissions": ["business.{app}.{module}.read", "business.{app}.{module}.create", "business.{app}.{module}.update", "business.{app}.{module}.delete", "business.{app}.{module}.export", "business.{app}.{module}.dashboard.read"] },
+>     { "role": "{App} Manager", "permissions": ["business.{app}.{module}.read", "business.{app}.{module}.create", "business.{app}.{module}.update", "business.{app}.{module}.dashboard.read"] },
 >     { "role": "{App} Viewer", "permissions": ["business.{app}.{module}.read"] }
 >   ]
 > }
 > ```
 > **STRUCTURE:** Object with 2 arrays: `permissions[]` and `roleAssignments[]`
+> **Permission levels:** Module-level = `business.{app}.{module}.{action}` (4 segments). Section-level = `business.{app}.{module}.{section}.{action}` (5 segments, for sections needing distinct access like dashboard, approve, import).
 > **FORBIDDEN:** Do NOT use a flat array with `resource`/`roles` fields. Always use the nested structure above.
 
 #### 8e. Navigation
@@ -257,7 +259,7 @@ Module → Sections → Resources (levels 3-4-5 of the hierarchy).
 > {
 >   "entries": [
 >     { "level": "module", "code": "{module}", "labels": {"fr": "...", "en": "..."}, "route": "/business/{app}/{module}", "icon": "list" },
->     { "level": "section", "code": "list", "labels": {"fr": "Liste", "en": "List", "it": "Elenco", "de": "Liste"}, "route": "/business/{app}/{module}/list", "icon": "list" },
+>     { "level": "section", "code": "list", "labels": {"fr": "Liste", "en": "List", "it": "Elenco", "de": "Liste"}, "route": "/business/{app}/{module}", "icon": "list" },
 >     { "level": "section", "code": "dashboard", "labels": {"fr": "Dashboard", "en": "Dashboard"}, "route": "/business/{app}/{module}/dashboard", "icon": "chart-bar", "isNew": true }
 >   ]
 > }
@@ -274,13 +276,12 @@ Module → Sections → Resources (levels 3-4-5 of the hierarchy).
 >     { "code": "{module}", "label": "{Module Name}", "icon": "list", "route": "/business/{app}/{module}", "parentCode": "{app}", "sort": 1 }
 >   ],
 >   "navigationSections": [
->     { "code": "list", "label": "Liste", "icon": "List", "route": "/business/{app}/{module}/list", "parentCode": "{module}", "permission": "business.{app}.{module}.read", "sort": 1 },
->     { "code": "detail", "label": "Détail", "icon": "FileText", "route": "/business/{app}/{module}/detail/:id", "parentCode": "{module}", "permission": "business.{app}.{module}.read", "sort": 2 },
->     { "code": "create", "label": "Créer", "icon": "Plus", "route": "/business/{app}/{module}/create", "parentCode": "{module}", "permission": "business.{app}.{module}.create", "sort": 3 }
+>     { "code": "list", "label": "Liste", "icon": "List", "route": "/business/{app}/{module}", "parentCode": "{module}", "permission": "business.{app}.{module}.read", "sort": 1 },
+>     { "code": "detail", "label": "Détail", "icon": "FileText", "route": "/business/{app}/{module}/:id", "parentCode": "{module}", "permission": "business.{app}.{module}.read", "sort": 2, "navigation": "hidden" },
+>     { "code": "dashboard", "label": "Dashboard", "icon": "BarChart", "route": "/business/{app}/{module}/dashboard", "parentCode": "{module}", "permission": "business.{app}.{module}.dashboard.read", "sort": 3 }
 >   ],
 >   "navigationResources": [
 >     { "code": "{module}-grid", "type": "SmartTable", "entity": "{Entity}", "parentCode": "list", "permission": "business.{app}.{module}.read" },
->     { "code": "{module}-form", "type": "SmartForm", "entity": "{Entity}", "parentCode": "create", "permission": "business.{app}.{module}.create" },
 >     { "code": "{module}-detail-card", "type": "DetailCard", "entity": "{Entity}", "parentCode": "detail", "permission": "business.{app}.{module}.read" }
 >   ],
 >   "navigationTranslations": [
@@ -291,7 +292,8 @@ Module → Sections → Resources (levels 3-4-5 of the hierarchy).
 >   ],
 >   "permissions": [
 >     { "path": "business.{app}.{module}.read", "action": "read", "description": "View {module}" },
->     { "path": "business.{app}.{module}.create", "action": "create", "description": "Create {module}" }
+>     { "path": "business.{app}.{module}.create", "action": "create", "description": "Create {module}" },
+>     { "path": "business.{app}.{module}.dashboard.read", "action": "read", "description": "View {module} dashboard (section-level)" }
 >   ],
 >   "rolePermissions": [
 >     { "role": "{App} Admin", "permissionPath": "business.{app}.{module}.*" },
@@ -305,7 +307,13 @@ Module → Sections → Resources (levels 3-4-5 of the hierarchy).
 > ```
 > **MANDATORY:** All 7 arrays must be present. Each element must be an object, NOT a string.
 > **CRITICAL:** `navigationSections` and `navigationResources` are DERIVED from `specification.sections[]` — use the transform algorithm below (section 8f-bis).
+> **IMPORTANT:** `create` and `edit` are NEVER sections — they are action pages reached via buttons. Do NOT include them in `navigationSections`. Only include actual sidebar sections (list, dashboard, approve, import, etc.) and hidden route sections (detail).
 > **FORBIDDEN:** Do NOT use `navigationModule` (singular string), `permissions` as flat string array, `rolePermissions` as flat object, `permissionsConstants` as comma-separated string.
+>
+> **FORBIDDEN in navigation routes:**
+> - `/business/{app}/{module}/list` → use `/business/{app}/{module}` (list IS the module route)
+> - `/business/{app}/{module}/detail/:id` → use `/business/{app}/{module}/:id`
+> - Navigation routes must match React Router paths exactly
 
 #### 8f-bis. Transform Sections into Navigation SeedData
 

package/templates/skills/business-analyse/steps/step-03d-validate.md

@@ -85,7 +85,7 @@ IF failures.length > 0:
 - Every FR has ≥1 linked BR
 - All BR references exist in analysis.businessRules
 - All actors appear in permissionMatrix
-- Permission paths use full format: `business.{app}.{module}.{resource}.{action}`
+- Permission paths use correct format: module-level `business.{app}.{module}.{action}` or section-level `business.{app}.{module}.{section}.{action}`
 - rolePermissions paths match permissions paths
 - API routes use consistent prefix
 

package/templates/skills/business-analyse/steps/step-04b-analyze.md

@@ -36,13 +36,15 @@ FOR each module in completedModules:
 
 **3b. Permission Path Format**
 
-Verify all permission paths follow the pattern:
-`business.{app}.{module}.{resource}.{action}`
+Verify all permission paths follow one of these patterns:
+- Module-level: `business.{app}.{module}.{action}` (4 segments)
+- Section-level: `business.{app}.{module}.{section}.{action}` (5 segments)
 
 Check for:
 - Inconsistent app prefix → ERROR
 - Missing module segment → ERROR
-- Shortcut paths (not full format) → ERROR
+- Fewer than 4 segments (shortcut paths) → ERROR
+- More than 5 segments → ERROR
 
 **3c. Role Hierarchy Coherence**
 

package/templates/skills/business-analyse/steps/step-05a-handoff.md

@@ -17,7 +17,7 @@ next_step: steps/step-05b-deploy.md
 - **NEVER** invent entities/FRs/BRs not in feature.json
 - **ALL** API routes from specification.apiEndpoints (exact copy)
 - **Permission** paths from specification.permissionMatrix (full format)
-- **ALWAYS** generate 5 CORE SeedData task entries per module
+- **ALWAYS** generate CORE SeedData entries: 2 app-level (NavigationApplication + ApplicationRoles) + per module (NavigationModule + NavigationSections + Permissions + Roles)
 
 ## YOUR TASK
 
@@ -197,7 +197,7 @@ See [references/handoff-file-templates.md](../references/handoff-file-templates.
 | **4.3 Infrastructure** | `analysis.entities[]` | EF Configurations, DbSet, DI. **DEPENDENCY:** Each EF config task MUST `dependsOn` its corresponding domain entity task. |
 | **4.4 API** | `specification.apiEndpoints[]` | Controllers with `{ContextShort}` mapping |
 | **4.5 Frontend** | `specification.uiWireframes[]` | Pages, Components, Hooks + wireframe traceability |
-| **4.6 SeedData** | `specification.seedDataCore` | 5 CORE + business + IClientSeedDataProvider |
+| **4.6 SeedData** | `specification.seedDataCore` | 2 app-level + per module CORE (NavigationModule + NavigationSections + Permissions + Roles) + business + IClientSeedDataProvider |
 | **4.7 Tests** | All layers | Unit, Integration, Security tests |
 
 #### Route Convention (CRITICAL)
@@ -252,7 +252,7 @@ For NavigationSeedData tasks in `handoff.filesToCreate`, add:
 **Critical rules:**
 - All backend paths include `{ContextPascal}/{ApplicationName}/` hierarchy
 - Frontend pages MUST have `linkedWireframes[]` + `wireframeAcceptanceCriteria`
-- SeedData: 5 CORE entries ALWAYS + IClientSeedDataProvider for client projects
+- SeedData: 2 app-level CORE (NavigationApplication + ApplicationRoles) + per-module CORE (NavigationModule + NavigationSections + Permissions + Roles) + IClientSeedDataProvider for client projects
 - **Acceptance Criteria Mapping:** Each task's `acceptanceCriteria` MUST be derived from its own `linkedFRs[]` entries (lookup FR → `acceptanceCriteria`). NEVER map by sequential FR index — use the task's explicit linkedFRs to resolve the correct criteria.
 - Path convention: `Persistence/Seeding/Data/` (NEVER `Data/SeedData/`)
 
@@ -462,7 +462,7 @@ const seedDataCore = {
     description: m.description,
     icon: inferIconFromModule(m) || "folder",  // MUST be non-null — use sensible default
     iconType: "lucide",
-    route: `/business/${master.metadata.application.toLowerCase()}/${m.code.toLowerCase()}`,
+    route: `/${contextCode}/${toKebabCase(appCode)}/${toKebabCase(m.code)}`,
     displayOrder: (i + 1) * 10
   })),
 
@@ -472,7 +472,11 @@ const seedDataCore = {
       code: s.code,
       label: s.description?.split(':')[0] || s.code,
       description: s.description || "",
-      route: s.code === "detail" ? null : `/${s.code}`,
+      route: s.code === "list"
+        ? `/${contextCode}/${toKebabCase(appCode)}/${toKebabCase(m.code)}`
+        : s.code === "detail"
+          ? `/${contextCode}/${toKebabCase(appCode)}/${toKebabCase(m.code)}/:id`
+          : `/${contextCode}/${toKebabCase(appCode)}/${toKebabCase(m.code)}/${toKebabCase(s.code)}`,
       displayOrder: (j + 1) * 10,
       navigation: s.code === "detail" ? "hidden" : "visible"
     }))
@@ -500,22 +504,26 @@ const seedDataCore = {
     }));
   }),
 
-  permissions: master.cadrage.applicationRoles.flatMap(role =>
-    master.modules.map(m => ({
-      role: role.role,
-      module: m.code,
-      pattern: role.permissionPattern.replace('*', `${m.code.toLowerCase()}.*`),
-      level: role.level
-    }))
-  ),
+  permissions: master.modules.flatMap(m => {
+    const basePath = `business.${master.metadata.application.toLowerCase()}.${m.code.toLowerCase()}`;
+    const actions = ['read', 'create', 'update', 'delete'];
+    return [
+      { path: `${basePath}.*`, action: '*', description: `Full ${m.name || m.code} access` },
+      ...actions.map(action => ({
+        path: `${basePath}.${action}`,
+        action: action,
+        description: `${action.charAt(0).toUpperCase() + action.slice(1)} ${m.name || m.code}`
+      }))
+    ];
+  }),
 
   rolePermissions: master.cadrage.applicationRoles.map(role => ({
     role: role.role,
     level: role.level,
     permissions: master.modules.map(m => `business.${master.metadata.application.toLowerCase()}.${m.code.toLowerCase()}.${
       role.level === 'admin' ? '*' :
-      role.level === 'manager' ? 'read,create,update,validate' :
-      role.level === 'contributor' ? 'read,create,update' : 'read'
+      role.level === 'manager' ? 'read,create,update' :
+      role.level === 'contributor' ? 'read,create' : 'read'
     }`)
   })),
 

package/templates/skills/business-analyse/templates/tpl-handoff.md

@@ -84,16 +84,17 @@ FRONTEND:
 ### 3.2 SeedData Core (CRITICAL -- without these, module is invisible and returns 403)
 
 > **Source:** `feature.json.specification.seedDataCore` (generated in step-02)
-> **5 mandatory files** for every new module (4 EF Core HasData + 1 Application code).
-> Derive content EXACTLY from `specification.seedDataCore` sections (navigationModules, navigationTranslations, permissions, rolePermissions, permissionConstants).
+> **5 core files + NavigationSectionSeedData when sections are defined** for every new module.
+> Derive content EXACTLY from `specification.seedDataCore` sections (navigationModules, navigationSections, navigationTranslations, permissions, rolePermissions, permissionConstants).
 
 | # | File | Layer | Content |
 |---|------|-------|---------|
 | 1 | `NavigationModuleConfiguration.cs` | Infrastructure (HasData) | Module entry in `nav_Modules` |
-| 2 | `NavigationTranslationConfiguration.cs` | Infrastructure (HasData) | 4 translations (fr, en, it, de) per nav entity |
-| 3 | `PermissionConfiguration.cs` | Infrastructure (HasData) | Wildcard + CRUD permissions in `nav_Permissions` |
-| 4 | `Permissions.cs` | Application (code) | Compile-time constants for `[RequirePermission]` |
-| 5 | `RolePermissionConfiguration.cs` | Infrastructure (HasData) | Role->Permission for {App} Admin, {App} Manager, {App} Contributor, {App} Viewer |
+| 2 | `NavigationSectionSeedData.cs` | Infrastructure (HasData) | Section entries (list, dashboard, etc.) with full absolute routes. **MANDATORY when sections defined.** |
+| 3 | `NavigationTranslationConfiguration.cs` | Infrastructure (HasData) | 4 translations (fr, en, it, de) per nav entity |
+| 4 | `PermissionConfiguration.cs` | Infrastructure (HasData) | Wildcard + CRUD permissions in `nav_Permissions` |
+| 5 | `Permissions.cs` | Application (code) | Compile-time constants for `[RequirePermission]` |
+| 6 | `RolePermissionConfiguration.cs` | Infrastructure (HasData) | Role->Permission for {App} Admin, {App} Manager, {App} Contributor, {App} Viewer |
 
 ### 3.3 Frontend
 
@@ -136,7 +137,7 @@ From: `feature.specification.seedDataCore` (5 core files), `feature.specificatio
 > **IMPORTANT :** Les données des 5 fichiers SeedData Core doivent être dérivées de `specification.seedDataCore` :
 > - `navigationModules` → NavigationModuleConfiguration.cs
 > - `navigationTranslations` → NavigationTranslationConfiguration.cs
-> - `permissions` → PermissionConfiguration.cs (format complet : `business.{app}.{module}.{resource}.{action}`)
+> - `permissions` → PermissionConfiguration.cs (module-level: `business.{app}.{module}.{action}`, section-level: `business.{app}.{module}.{section}.{action}`)
 > - `rolePermissions` → RolePermissionConfiguration.cs
 > - `permissionConstants` → Permissions.cs (PascalCase constants)
 
@@ -163,8 +164,9 @@ From: `feature.specification.seedDataCore` (5 core files), `feature.specificatio
 
 **SeedData Core (CRITICAL):**
 - [ ] Navigation module entry (HasData in NavigationModuleConfiguration.cs)
+- [ ] Navigation section entries (NavigationSectionSeedData.cs — MANDATORY when sections defined, with full absolute routes)
 - [ ] Navigation translations (4 languages in NavigationTranslationConfiguration.cs)
-- [ ] Permissions (HasData in PermissionConfiguration.cs: wildcard + CRUD)
+- [ ] Permissions (HasData in PermissionConfiguration.cs: wildcard + CRUD + section-level)
 - [ ] Permission constants (Permissions.cs in Application layer)
 - [ ] Role-Permission assignments (HasData in RolePermissionConfiguration.cs: 4 roles)
 - [ ] EF Core migration created (includes all HasData seeds)

package/templates/skills/business-analyse/templates/tpl-progress.md

@@ -28,12 +28,13 @@
     □ Total: X tasks
 
   [SEEDDATA-CORE] Core Configuration (MANDATORY)
-    □ NavigationModuleConfiguration - Module navigation structure
-    □ PermissionsConfiguration - RBAC permissions setup
-    □ RolesConfiguration - Predefined roles
-    □ TenantConfiguration - Test tenants
-    □ UserConfiguration - Test users
-    Total: 5 CORE tasks
+    □ NavigationApplicationSeedData - Application navigation entry (once per app)
+    □ ApplicationRolesSeedData - Application-scoped roles (once per app)
+    □ NavigationModuleSeedData - Module navigation structure (per module)
+    □ PermissionsSeedData - RBAC permissions (per module)
+    □ RolesSeedData - Role-permission mappings (per module)
+    □ {App}SeedDataProvider - IClientSeedDataProvider (4 methods)
+    Total: 2 app-level + 3 per-module + 1 provider
 
   [SEEDDATA] Business Reference Data
     □ Seed {Entity1} reference data