@atlashub/smartstack-cli 3.37.0 → 3.39.0

package/templates/skills/business-analyse/references/agent-module-prompt.md

@@ -73,9 +73,8 @@ Reference their entities for FK relationships:
 ## Project Context
 
 - Language: {language}
-- Context: business
 - Docs directory: {docsDir}
-- Master feature.json: docs/business/{appName}/business-analyse/v{version}/feature.json
+- Master feature.json: docs/{appName}/business-analyse/v{version}/feature.json
 
 ## Execution Steps
 
@@ -351,7 +350,7 @@ NEVER use bare IDs (UC-001, BR-VAL-001) — always prefixed.
 - [ ] All sections have at least 1 resource
 - [ ] All sections have a wireframe (+ create/edit wireframes for data-centric sections)
 - [ ] seedDataCore has all 7 arrays with content
-- [ ] Permissions follow {context}.{app}.{module}.{entity}.{action} pattern
+- [ ] Permissions follow {app}.{module}.{entity}.{action} pattern
 - [ ] i18n has all keys in **4 languages (fr, en, it, de)** — not just fr/en
 - [ ] At least 2 actors, 2 use cases, 4 functional requirements
 - [ ] Gherkin scenarios are arrays (not objects)

package/templates/skills/business-analyse/references/analysis-semantic-checks.md

@@ -0,0 +1,190 @@
+# Semantic Validation Checks for Analysis
+
+Complete reference for step-04b semantic validation, permission coherence, and complexity assessment.
+
+## Semantic Validation Checks (13 checks total)
+
+Execute for EACH module feature.json:
+
+| # | Check | Rule | Severity |
+|---|-------|------|----------|
+| 1 | Permission orpheline | Every permissionMatrix.permissions[].path is used by at least one useCases[].permission | WARNING |
+| 2 | UC sans FR | Every useCases[].id is referenced by at least one functionalRequirements[].linkedUseCases[] | WARNING |
+| 3 | Entity sans endpoint | Every entities[].name has at least one endpoint in apiEndpoints[] | WARNING |
+| 4 | UC sans scenario | Every useCases[].mainScenario has at least 2 steps | WARNING |
+| 5 | Role sans permissions | Every applicationRole has at least one entry in roleAssignments[] | WARNING |
+| 6 | Navigation sans traduction | Every navigation.entries[].code has translations in 4 languages in seedDataCore.navigationTranslations[] | ERROR |
+| 7 | LifeCycle terminal | Every lifeCycles[].states[] has at least one state with isTerminal: true | WARNING |
+| 8 | Schema conformity | No custom fields outside defined schema (no KPIDefinitions, ChartConfigurations, etc.) | ERROR |
+| 9 | Wireframe coverage | Every navigation section has a corresponding uiWireframes[].screen | ERROR |
+| 10 | Doublon entity | No entity with same name in two different modules (unless shared via dependencyGraph) | ERROR |
+| 11 | Permission fantome | Every action used in applicationRoles pattern (read, create, update, delete, assign, export, approve) MUST exist as a permission path in permissionMatrix.permissions[].action for at least one module | ERROR |
+| 12 | Dashboard coverage | If cadrage mentions dashboard for a module OR navigation includes "dashboard" section, then specification.dashboards[] MUST NOT be empty | WARNING |
+| 13 | Permission-UC alignment | Every permission.action (except "read" and wildcard "*") MUST have at least one UC where that permission is referenced in useCases[].permission | WARNING |
+
+## Result Storage Format
+
+```json
+{
+  "check": "permission-orpheline",
+  "module": "RepairManagement",
+  "status": "PASS|WARNING|ERROR",
+  "details": "Permission freebike.repairmanagement.export not referenced by any UC",
+  "autoFixed": false
+}
+```
+
+## Blocking Rules
+
+- 0 ERROR → PASS
+- ≥1 ERROR → BLOCK (fix before handoff, ask user for each)
+- WARNING only → PASS with user notification
+
+## Complexity Calculation
+
+For each module in feature.json.modules[], calculate:
+
+```json
+{
+  "complexity": "simple|medium|complex",
+  "complexityDetails": {
+    "entities": {count},
+    "useCases": {count},
+    "businessRules": {count},
+    "calculated": "{level} (≤X entities, ≤Y UCs, ≤Z BRs)"
+  }
+}
+```
+
+### Criteria
+
+| Criteria | Simple | Medium | Complex |
+|----------|--------|--------|---------|
+| Entities | ≤3 | ≤6 | >6 |
+| Use Cases | ≤5 | ≤12 | >12 |
+| Business Rules | ≤10 | ≤20 | >20 |
+
+**Global complexity** = highest complexity across all modules.
+
+## Permission Coherence Checks
+
+### 3a. Role Consistency
+
+Verify all modules use the applicationRoles defined in cadrage:
+```
+FOR each module in completedModules:
+  FOR each role in module.specification.permissionMatrix.roles:
+    IF role NOT IN cadrage.applicationRoles → ERROR
+```
+
+### 3b. Permission Path Format
+
+Verify all permission paths follow one of these patterns:
+- Module-level: `{app}.{module}.{action}` (3 segments)
+- Section-level: `{app}.{module}.{section}.{action}` (4 segments)
+
+Check for:
+- Inconsistent app prefix → ERROR
+- Missing module segment → ERROR
+- Fewer than 3 segments (shortcut paths) → ERROR
+- More than 4 segments → ERROR
+
+### 3c. Role Hierarchy Coherence
+
+Verify the role hierarchy is respected across all modules:
+```
+Admin ⊃ Manager ⊃ Contributor ⊃ Viewer
+
+FOR each module:
+  IF Admin has fewer permissions than Manager → ERROR
+  IF Manager has fewer permissions than Contributor → ERROR
+  IF Contributor has fewer permissions than Viewer → ERROR
+```
+
+### 3d. Permission Conflicts
+
+Detect conflicting permission assignments:
+```json
+{
+  "conflicts": [
+    {
+      "role": "Manager",
+      "module1": "Orders",
+      "permission1": "sales.orders.approve",
+      "module2": "Invoices",
+      "permission2": "sales.invoices.approve",
+      "issue": "Manager can approve orders but not invoices - is this intentional?"
+    }
+  ]
+}
+```
+
+### 3e. Permission-Role Coherence Across Modules (WARNING)
+
+For each role defined in `cadrage.applicationRoles`, verify the permission PATTERN is consistent across ALL modules:
+
+```javascript
+// Build role-to-actions matrix per module
+const roleActions = {};
+for (const module of completedModules) {
+  const pm = module.specification.permissionMatrix;
+  for (const ra of pm.roleAssignments || []) {
+    const key = ra.role;
+    if (!roleActions[key]) roleActions[key] = {};
+    roleActions[key][module.code] = ra.permissions.map(p => p.split('.').pop()); // extract action
+  }
+}
+
+// Detect inconsistencies: role has action X in module A but not in module B
+for (const [role, modules] of Object.entries(roleActions)) {
+  const allActions = new Set(Object.values(modules).flat());
+  for (const [mod, actions] of Object.entries(modules)) {
+    for (const action of allActions) {
+      if (!actions.includes(action)) {
+        // Role has this action in other modules but NOT in this one
+        const otherMods = Object.entries(modules).filter(([m, a]) => a.includes(action)).map(([m]) => m);
+        console.warn(`WARNING: permission-role-coherence: ${role} has "${action}" in [${otherMods.join(', ')}] but NOT in ${mod}`);
+      }
+    }
+  }
+}
+```
+
+Store as semantic check with severity WARNING (not ERROR — some permission differences may be intentional).
+
+## Global Risk Assessment Metrics
+
+| Risk | Metric | Threshold | Status |
+|------|--------|-----------|--------|
+| Total entities | {sum across modules} | ≤20 | PASS/WARNING |
+| Total BRs | {sum across modules} | ≤50 | PASS/WARNING |
+| Cross-module dependencies | {edge count} | ≤10 | PASS/WARNING |
+| Shared entities | {count} | ≤5 | PASS/WARNING |
+| E2E flow length | {max steps} | ≤8 | PASS/WARNING |
+| Permission paths | {total} | ≤100 | PASS/WARNING |
+
+## E2E Flow Template
+
+```json
+{
+  "name": "Order to Invoice",
+  "steps": [
+    { "module": "Customers", "action": "Customer exists", "permission": "customers.read" },
+    { "module": "Products", "action": "Products selected", "permission": "products.read" },
+    { "module": "Orders", "action": "Order created", "permission": "orders.create" },
+    { "module": "Orders", "action": "Order approved", "permission": "orders.approve" },
+    { "module": "Invoices", "action": "Invoice generated", "permission": "invoices.create" },
+    { "module": "Invoices", "action": "Invoice sent", "permission": "invoices.update" }
+  ],
+  "actors": ["Contributor (create)", "Manager (approve)"],
+  "data": "Customer → Order → OrderLines (Products) → Invoice → InvoiceLines"
+}
+```
+
+## Single-Module Mode Simplifications
+
+When only 1 module:
+1. Skip permission coherence check (only one module)
+2. Skip E2E flows (single module)
+3. Execute semantic validation (still required)
+4. Auto-approve global risks (no cross-module complexity)

package/templates/skills/business-analyse/references/cache-warming-strategy.md

@@ -47,7 +47,7 @@ Cache creation input tokens: 857 (0.8% of total)
 
 **Files:**
 ```
-docs/business/{app}/business-analyse/schemas/
+docs/{app}/business-analyse/schemas/
 ├── feature-schema.json              (~8KB)
 ├── application-schema.json          (~6KB)
 ├── sections/
@@ -76,7 +76,7 @@ Total: ~42KB, 9 files
 **Implementation:**
 ```javascript
 // Step-00 initialization
-const schemaFiles = glob("docs/business/{app}/business-analyse/schemas/**/*.json");
+const schemaFiles = glob("docs/{app}/business-analyse/schemas/**/*.json");
 for (const file of schemaFiles) {
   read(file);  // Pre-load into cache
 }

package/templates/skills/business-analyse/references/cadrage-challenge-patterns.md

@@ -0,0 +1,41 @@
+# Cadrage Challenge Patterns
+
+Reference material for identifying and challenging implicit assumptions in business requirements analysis.
+
+## Challenge Question Examples by Domain Pattern
+
+| Brief statement | Implicit assumption | Challenge question |
+|----------------|--------------------|--------------------|
+| "Entities are 1:1 extensions of X" | Cardinality is always 1:1 | "Can a user be linked to multiple employee records (temp contracts, part-time multi-position)? Can an employee NOT have a user account?" |
+| "Entry split into activity and absence" | Binary decomposition is sufficient | "What granularity? Day, half-day, hour? Are activities linked to projects or clients? Are there other entry types (training, travel, on-call)?" |
+| "A reports section" | Reports are a simple addition | "Which reports exactly? For whom? How often? PDF/Excel export? Real-time dashboards? Aggregated or detailed?" |
+| "Module X manages Y" | The scope of "manages" is clear | "What does 'manage' mean concretely? Create, read, update, delete? Approve? Archive? Import/export?" |
+
+## Elicitation Techniques
+
+**Technique 3 (Concrete Scenario):** "Walk me through a typical day of [role] using this module"
+
+**Technique 4 (Absence Test):** "If [feature] didn't exist, how would you handle it?"
+
+**Technique 8 (Impact Escalation):** "With 50 records this works, but with 500? 5000? Does the process stay the same?"
+
+## MoSCoW Prioritization Template
+
+When client classifies ALL features as "must-have", apply this blocking challenge:
+
+```
+question: "{language == 'fr'
+  ? 'Toutes les fonctionnalités sont marquées indispensables. Si vous ne pouviez livrer que 60% du périmètre en v1, lesquelles pourraient attendre la v2 ?'
+  : 'All features are marked must-have. If you could only deliver 60% of scope in v1, which ones could wait for v2?'}"
+header: "Priorisation"
+multiSelect: true
+options:
+  - label: "{feature_1}"
+    description: "{language == 'fr' ? 'Pourrait passer en Important (v1.x)' : 'Could move to Important (v1.x)'}"
+  - label: "{feature_2}"
+    description: "{language == 'fr' ? 'Pourrait passer en Optionnel (v2)' : 'Could move to Optional (v2)'}"
+  - label: "{language == 'fr' ? 'Tout est vraiment indispensable' : 'Everything is truly must-have'}"
+    description: "{language == 'fr' ? 'Je confirme que toutes les fonctionnalités sont critiques pour la v1' : 'I confirm all features are critical for v1'}"
+```
+
+If client moves items → update categories. If client confirms ALL mustHave → accept but log in changelog.

package/templates/skills/business-analyse/references/cadrage-coverage-matrix.md

@@ -0,0 +1,74 @@
+# Coverage Matrix with Sections & Resources
+
+Reference for building and validating the coverage matrix that maps requirements to modules, sections, and resources.
+
+## Section Rule (CRITICAL)
+
+Sections are functional zones (list, dashboard, approve, import, rapport...).
+- `create` and `edit` are SEPARATE PAGES with their own URL routes (`/create` and `/:id/edit`)
+- `detail` is a page with tabs accessible by clicking a row in `list`, NOT a standalone section
+
+## Coverage Matrix Template
+
+Print a markdown table with columns: **Fonctionnalité | Priorité | Module | Section | Resources clés | Onglets détail**
+
+### Example
+
+```
+| Fonctionnalité | Priorité | Module | Section | Resources clés | Onglets détail |
+|---|---|---|---|---|---|
+| Gestion des employés | mustHave | Employees | list | employee-grid, employee-filters, employee-form | Infos, Contrats, Documents |
+| Suivi des activités | mustHave | TimeTracking | list | activity-grid, activity-filters, activity-form | Infos, Imputations |
+| Saisie d'absences | mustHave | TimeTracking | list | absence-grid, absence-form, absence-calendar | Infos, Justificatifs |
+| Rapports temps | shouldHave | TimeTracking | dashboard | time-kpi-cards, time-summary-chart | — |
+| Validation absences | shouldHave | TimeTracking | approve | approval-queue, status-timeline | — |
+| Export PDF/Excel | couldHave | TimeTracking | rapport | export-panel | — |
+| Intégration paie | outOfScope | — | — | — | — |
+```
+
+## Priority Distribution POST-CHECK (BLOCKING)
+
+```javascript
+coverageItems = cadrage.coverageMatrix[]
+mustHaveCount = coverageItems.filter(i => i.category === "mustHave").length
+shouldHaveCount = coverageItems.filter(i => i.category === "shouldHave").length
+couldHaveCount = coverageItems.filter(i => i.category === "couldHave").length
+outOfScopeCount = coverageItems.filter(i => i.category === "outOfScope").length
+
+IF shouldHaveCount === 0 AND couldHaveCount === 0 AND outOfScopeCount === 0:
+  → FAIL: ALL {mustHaveCount} items are mustHave — no distribution.
+  → ACTION: Return to Phase 3 section 4c and apply MoSCoW question.
+  → DO NOT write cadrage until at least shouldHave OR outOfScope has ≥ 1 item.
+  → EXCEPTION: If client explicitly confirmed "tout est indispensable" during
+    Phase 3 section 4c, accept but ADD a changelog entry:
+    "Client confirmed all {N} features as mustHave after MoSCoW challenge"
+```
+
+## Cross-Cutting Coverage POST-CHECK (WARNING)
+
+```javascript
+FOR each item in coverageMatrix WHERE item.module === null:
+  IF item.category === "mustHave":
+    → WARNING: "{item.item}" is mustHave but has no assigned module.
+    → Ensure it is covered by infrastructure or a cross-cutting concern.
+    → Add a note explaining HOW it will be implemented (e.g., "handled by platform notification service").
+  IF item.anticipatedSections.length === 0 AND item.category !== "outOfScope":
+    → WARNING: "{item.item}" has no anticipated sections — will it be implemented?
+```
+
+## Building Coverage Matrix from Feature Analysis
+
+For EACH distinct feature/requirement identified during phases 2-4:
+
+1. Create an entry in `cadrage.coverageMatrix[]`
+2. Assign it to mustHave, shouldHave, couldHave, or outOfScope
+3. Assign the module that will cover it (or null if cross-cutting)
+4. **List anticipated sections** (Level 4) — ONLY functional zones
+5. **List anticipated resources** (Level 5) for each section
+6. **List detail page tabs** — for entities accessible via click from `list`
+
+### Validation
+
+- Every line of the original prompt must map to at least one coverageMatrix entry.
+- If a feature is in mustHave → it MUST have at least one anticipated section.
+- Accepted suggestions from Phase 4 must appear in the matrix.

package/templates/skills/business-analyse/references/cadrage-shared-modules.md

@@ -0,0 +1,69 @@
+# Cross-Application Shared Module Detection
+
+Reference for detecting and extracting shared modules when `workflow_mode = "project"`.
+
+## Detection Algorithm
+
+Build module inventory per candidate application:
+
+```javascript
+// From candidateApplications (step-00) + enriched by cadrage phases 1-4
+const modulesByApp = {};
+for (const app of candidate_applications) {
+  modulesByApp[app.name] = app.modules;  // e.g., { "RH": ["Employes", "Conges", "Temps"], "Projet": ["Projets", "Temps"] }
+}
+```
+
+Detect modules appearing in 2+ applications:
+
+```javascript
+const allModules = Object.values(modulesByApp).flat();
+const moduleCounts = {};
+for (const mod of allModules) {
+  const normalized = normalizeModuleName(mod);  // "Temps", "Saisie du temps", "Time Tracking" → same concept
+  moduleCounts[normalized] = (moduleCounts[normalized] || 0) + 1;
+}
+const sharedModules = Object.entries(moduleCounts)
+  .filter(([_, count]) => count >= 2)
+  .map(([name, count]) => ({ name, appearsIn: count, applications: findAppsContaining(name) }));
+```
+
+## Extraction Logic
+
+If shared modules found, propose extraction:
+
+```javascript
+for (const shared of sharedModules) {
+  // Create new candidate application
+  candidate_applications.push({
+    name: shared.name,
+    description: `Application transversale pour ${shared.name}`,
+    modules: [shared.name],
+    context: "business",
+    isTransversal: true,
+    consumedBy: shared.applications
+  });
+
+  // Remove the shared module from original applications
+  for (const appName of shared.applications) {
+    const app = candidate_applications.find(a => a.name === appName);
+    app.modules = app.modules.filter(m => normalizeModuleName(m) !== shared.name);
+    app.dependencies = app.dependencies || [];
+    app.dependencies.push({ target: shared.name, type: "data-dependency" });
+  }
+}
+```
+
+Update `candidate_applications` in the project feature.json.
+
+## Question Template
+
+```
+question: "{language == 'fr' ? 'Souhaitez-vous extraire les modules partagés en application(s) dédiée(s) ?' : 'Do you want to extract shared modules as dedicated application(s)?'}"
+header: "Extraction"
+options:
+  - label: "{language == 'fr' ? 'Oui, extraire' : 'Yes, extract'}"
+    description: "{language == 'fr' ? 'Créer {sharedModules.length} application(s) transversale(s) supplémentaire(s)' : 'Create {sharedModules.length} additional cross-cutting application(s)'}"
+  - label: "{language == 'fr' ? 'Non, garder en l\'état' : 'No, keep as-is'}"
+    description: "{language == 'fr' ? 'Chaque application garde sa propre version du module' : 'Each application keeps its own version of the module'}"
+```

package/templates/skills/business-analyse/references/cadrage-structure-cards.md

@@ -25,7 +25,7 @@
   "role": "{App} Admin",
   "description": "Full access to all modules",
   "level": "admin",
-  "permissionPattern": "business.{app}.*"
+  "permissionPattern": "{app}.*"
 }
 ```
 **MANDATORY fields:** `role`, `level`, `permissionPattern`