@atlashub/smartstack-cli 3.37.0 → 3.39.0

package/templates/skills/business-analyse/steps/step-03c-compile.md

@@ -48,42 +48,20 @@ Compile all data collected in step-03a (data) and step-03b (UI) into the module
 
 Generate the complete specification for this module. **Each subsection below includes a STRUCTURE CARD showing the EXACT JSON format. Follow them precisely.**
 
+> **Reference:** Load `references/compilation-structure-cards.md` for all STRUCTURE CARD definitions and type inference guidance.
+
 #### ENTITY ATTRIBUTE SCHEMA (MANDATORY — applies to ALL entities in section 6b of step-03a)
 
 > **CRITICAL:** Entity attributes MUST use STRUCTURED properties, not free-text validation strings.
 > The ralph-loop needs parseable types to generate correct C# code.
 
-> **STRUCTURE CARD: analysis.entities[].attributes[]**
-> ```json
-> {
->   "name": "occupancyRate",
->   "description": "Employee occupancy percentage",
->   "type": "decimal",
->   "maxLength": null,
->   "nullable": true,
->   "required": false,
->   "unique": false,
->   "indexed": false,
->   "defaultValue": "100",
->   "validation": "min:0, max:100, step:0.01",
->   "foreignKey": null
-> }
-> ```
-> **MANDATORY fields:** `name`, `type`
-> **type values:** `string`, `int`, `long`, `decimal`, `double`, `bool`, `DateTime`, `DateOnly`, `TimeOnly`, `Guid`, `enum:{EnumName}`, `byte[]`
-> **For FK attributes:**
-> ```json
-> {
->   "name": "departmentId",
->   "description": "FK to Department",
->   "type": "Guid",
->   "required": true,
->   "foreignKey": { "targetEntity": "Department", "targetField": "Id", "onDelete": "restrict" }
-> }
-> ```
-> **FORBIDDEN:** Free-text-only validation like `"FK vers Employee"` or `"Max 100 caractères"` without corresponding structured properties.
->
-> **BaseEntity inheritance:** All entities inherit `tenantId`, `createdAt`, `updatedAt`, `createdBy`, `updatedBy` from SmartStack.BaseEntity. Do NOT redeclare these. Document this once at the top of the entities section.
+**MANDATORY fields:** `name`, `type`
+**type values:** `string`, `int`, `long`, `decimal`, `double`, `bool`, `DateTime`, `DateOnly`, `TimeOnly`, `Guid`, `enum:{EnumName}`, `byte[]`
+
+The reference includes:
+- Detailed STRUCTURE CARD for entity attributes (with FK examples)
+- Type inference priority table for auto-fixing missing types
+- BaseEntity inheritance rules (tenantId, createdAt, updatedAt, createdBy, updatedBy)
 
 #### ENTITY ATTRIBUTE FORMAT POST-CHECK (BLOCKING — runs for EVERY module including the first)
 
@@ -91,85 +69,33 @@ Generate the complete specification for this module. **Each subsection below inc
 > It runs for ALL modules, not just modules 2+. The first module is NOT exempt.
 > Without `type`, ralph-loop cannot generate correct C# properties, EF configurations, or validators.
 
-After compiling entities for this module, verify and auto-fix:
+**Reference:** Load `references/compilation-structure-cards.md` § "Type Inference Priority Table" for the complete auto-fix logic and inference patterns.
 
-```javascript
-const entities = analysis.entities || [];
-let autoFixCount = 0;
-for (const entity of entities) {
-  for (const attr of entity.attributes || []) {
-    if (!attr.type) {
-      // BLOCKING: attribute has no type — likely free-text validation only
-      console.error(`BLOCKING: ${entity.name}.${attr.name} has no "type" field`);
-      console.error(`  Found: ${JSON.stringify(attr)}`);
-      console.error(`  Expected: { "name": "${attr.name}", "type": "string|int|decimal|...", "maxLength": ..., "required": ... }`);
-      // AUTO-FIX: Infer type from validation string or attribute name
-      if (attr.validation?.match(/max\s*\d+/i) || attr.name.match(/name|title|code|description|label|email|phone|address/i)) {
-        attr.type = "string";
-        const maxMatch = attr.validation?.match(/max\s*(\d+)/i);
-        if (maxMatch) attr.maxLength = parseInt(maxMatch[1]);
-      } else if (attr.name.match(/id$/i)) {
-        attr.type = "Guid";
-      } else if (attr.name.match(/date|At$/i)) {
-        attr.type = "DateTime";
-      } else if (attr.name.match(/is[A-Z]|has[A-Z]|active|enabled/)) {
-        attr.type = "bool";
-      } else if (attr.name.match(/amount|salary|rate|price|total/i)) {
-        attr.type = "decimal";
-      } else if (attr.name.match(/count|number|order|sort|index/i)) {
-        attr.type = "int";
-      }
-      // Default to string if no pattern matched
-      if (!attr.type) attr.type = "string";
-      autoFixCount++;
-    }
-    // Normalize free-text validation into structured maxLength
-    if (typeof attr.validation === 'string' && !attr.maxLength) {
-      const maxMatch = attr.validation.match(/max\s*(\d+)/i);
-      if (maxMatch) attr.maxLength = parseInt(maxMatch[1]);
-    }
-    // Ensure required defaults to true if absent
-    if (attr.required === undefined) attr.required = true;
-  }
-}
-if (autoFixCount > 0) {
-  console.warn(`AUTO-FIXED ${autoFixCount} attributes with missing type — verify correctness`);
-}
-```
-
-> **Type inference priority table:**
->
-> | Attribute name pattern | Inferred type | Example |
-> |----------------------|---------------|---------|
-> | `name\|title\|code\|description\|label\|email\|phone\|address` | `string` | `positionTitle` → `string` |
-> | `*Id` (ends with Id) | `Guid` | `departmentId` → `Guid` |
-> | `*date\|*At` (ends with date/At) | `DateTime` | `hireDate` → `DateTime` |
-> | `is*\|has*\|active\|enabled` | `bool` | `isActive` → `bool` |
-> | `amount\|salary\|rate\|price\|total` | `decimal` | `hourlyRate` → `decimal` |
-> | `count\|number\|order\|sort\|index` | `int` | `displayOrder` → `int` |
-> | `validation` contains `max NNN` | `string` + `maxLength: NNN` | `"Max 200"` → `string`, `200` |
-> | No match | `string` (safe default) | — |
+After compiling entities for this module:
+1. Verify every entity attribute has a `type` field (not free-text only)
+2. Apply auto-fix logic (infer from validation string or attribute name patterns)
+3. Normalize free-text validation into structured maxLength/validation properties
+4. Ensure required defaults to true if absent
 
 ---
 
-#### 8a. Actors
+#### 8a-8l. Specification Structure Cards
 
-Inherited from application roles → mapped to module permissions.
+> **Reference:** Load `references/compilation-structure-cards.md` for all STRUCTURE CARD definitions.
 
-> **STRUCTURE CARD: specification.actors[]**
-> ```json
-> {
->   "role": "Sales Manager",
->   "description": "Creates and approves orders",
->   "permissions": [
->     "business.{app}.{module}.read",
->     "business.{app}.{module}.create",
->     "business.{app}.{module}.update"
->   ]
-> }
-> ```
-> **MANDATORY fields:** `role`, `permissions` (array of permission paths)
-> **FORBIDDEN fields:** Do NOT use `systemRole`. Use `permissions` array.
+The reference includes detailed JSON templates for:
+- **8a. Actors** — role and permissions mapping
+- **8b. Use Cases** — UC-{PREFIX}-NNN format with scenarios
+- **8c. Functional Requirements** — FR-{PREFIX}-NNN format
+- **8d. Permission Matrix** — role assignments and paths
+- **8e. Navigation** — module, sections, and resources
+- **8f. SeedData Core** — 9 mandatory arrays
+- **8g. Gherkin Scenarios** — BDD format (MUST be array)
+- **8h. Validations** — field rules and error keys
+- **8i. Messages** — success/error/warning/info types
+- **8j. Entity Lifecycle** — state machines
+- **8k. API Endpoints** — RESTful routes
+- **8l. i18n Keys** — 4 languages (fr, en, it, de)
 
 #### 8b. Use Cases (UC-{PREFIX}-NNN)
 
@@ -181,7 +107,7 @@ Per section: list, create, read, update, delete, approve, etc.
 >   "id": "UC-{PREFIX}-001",
 >   "name": "Create Order",
 >   "primaryActor": "Sales Representative",
->   "permission": "business.{app}.{module}.create",
+>   "permission": "{app}.{module}.create",
 >   "preconditions": ["Customer exists", "Products in stock"],
 >   "postconditions": ["Order created with Draft status"],
 >   "mainScenario": [
@@ -232,35 +158,35 @@ Roles × resources × operations with full paths.
 > ```json
 > {
 >   "permissions": [
->     { "path": "business.{app}.{module}.read", "action": "read", "description": "View records" },
->     { "path": "business.{app}.{module}.create", "action": "create", "description": "Create new records" },
->     { "path": "business.{app}.{module}.update", "action": "update", "description": "Update existing records" },
->     { "path": "business.{app}.{module}.delete", "action": "delete", "description": "Delete records" },
->     { "path": "business.{app}.{module}.export", "action": "export", "description": "Export data" },
->     { "path": "business.{app}.{module}.dashboard.read", "action": "read", "description": "View dashboard (section-level)" }
+>     { "path": "{app}.{module}.read", "action": "read", "description": "View records" },
+>     { "path": "{app}.{module}.create", "action": "create", "description": "Create new records" },
+>     { "path": "{app}.{module}.update", "action": "update", "description": "Update existing records" },
+>     { "path": "{app}.{module}.delete", "action": "delete", "description": "Delete records" },
+>     { "path": "{app}.{module}.export", "action": "export", "description": "Export data" },
+>     { "path": "{app}.{module}.dashboard.read", "action": "read", "description": "View dashboard (section-level)" }
 >   ],
 >   "roleAssignments": [
->     { "role": "{App} Admin", "permissions": ["business.{app}.{module}.read", "business.{app}.{module}.create", "business.{app}.{module}.update", "business.{app}.{module}.delete", "business.{app}.{module}.export", "business.{app}.{module}.dashboard.read"] },
->     { "role": "{App} Manager", "permissions": ["business.{app}.{module}.read", "business.{app}.{module}.create", "business.{app}.{module}.update", "business.{app}.{module}.dashboard.read"] },
->     { "role": "{App} Viewer", "permissions": ["business.{app}.{module}.read"] }
+>     { "role": "{App} Admin", "permissions": ["{app}.{module}.read", "{app}.{module}.create", "{app}.{module}.update", "{app}.{module}.delete", "{app}.{module}.export", "{app}.{module}.dashboard.read"] },
+>     { "role": "{App} Manager", "permissions": ["{app}.{module}.read", "{app}.{module}.create", "{app}.{module}.update", "{app}.{module}.dashboard.read"] },
+>     { "role": "{App} Viewer", "permissions": ["{app}.{module}.read"] }
 >   ]
 > }
 > ```
 > **STRUCTURE:** Object with 2 arrays: `permissions[]` and `roleAssignments[]`
-> **Permission levels:** Module-level = `business.{app}.{module}.{action}` (4 segments). Section-level = `business.{app}.{module}.{section}.{action}` (5 segments, for sections needing distinct access like dashboard, approve, import).
+> **Permission levels:** Module-level = `{app}.{module}.{action}` (3 segments). Section-level = `{app}.{module}.{section}.{action}` (4 segments, for sections needing distinct access like dashboard, approve, import).
 > **FORBIDDEN:** Do NOT use a flat array with `resource`/`roles` fields. Always use the nested structure above.
 
 #### 8e. Navigation
 
-Module → Sections → Resources (levels 3-4-5 of the hierarchy).
+Module → Sections → Resources (levels 2-3-4 of the hierarchy).
 
 > **STRUCTURE CARD: specification.navigation**
 > ```json
 > {
 >   "entries": [
->     { "level": "module", "code": "{module}", "labels": {"fr": "...", "en": "...", "it": "...", "de": "..."}, "route": "/business/{app}/{module}", "icon": "list" },
->     { "level": "section", "code": "list", "labels": {"fr": "Liste", "en": "List", "it": "Elenco", "de": "Liste"}, "route": "/business/{app}/{module}", "icon": "list" },
->     { "level": "section", "code": "dashboard", "labels": {"fr": "Tableau de bord", "en": "Dashboard", "it": "Cruscotto", "de": "Dashboard"}, "route": "/business/{app}/{module}/dashboard", "icon": "chart-bar", "isNew": true }
+>     { "level": "module", "code": "{module}", "labels": {"fr": "...", "en": "...", "it": "...", "de": "..."}, "route": "/{app}/{module}", "icon": "list" },
+>     { "level": "section", "code": "list", "labels": {"fr": "Liste", "en": "List", "it": "Elenco", "de": "Liste"}, "route": "/{app}/{module}", "icon": "list" },
+>     { "level": "section", "code": "dashboard", "labels": {"fr": "Tableau de bord", "en": "Dashboard", "it": "Cruscotto", "de": "Dashboard"}, "route": "/{app}/{module}/dashboard", "icon": "chart-bar", "isNew": true }
 >   ]
 > }
 > ```
@@ -275,14 +201,14 @@ if (!nav || !nav.entries || nav.entries.length === 0) {
   console.warn('AUTO-FIX: navigation.entries is empty — generating from sections');
   const sections = specification.sections || [];
   const entries = [
-    { level: "module", code: "{module}", labels: {fr: "{ModuleName}", en: "{ModuleName}", it: "{ModuleName}", de: "{ModuleName}"}, route: "/business/{app}/{module}", icon: "list" }
+    { level: "module", code: "{module}", labels: {fr: "{ModuleName}", en: "{ModuleName}", it: "{ModuleName}", de: "{ModuleName}"}, route: "/{app}/{module}", icon: "list" }
   ];
   for (const section of sections) {
     entries.push({
       level: "section",
       code: section.code,
       labels: {fr: section.name || section.code, en: section.name || section.code, it: section.name || section.code, de: section.name || section.code},
-      route: section.route || `/business/{app}/{module}/${section.code}`,
+      route: section.route || `/{app}/{module}/${section.code}`,
       icon: section.icon || "file-text"
     });
   }
@@ -307,7 +233,7 @@ for (const entry of specification.navigation.entries) {
 > ```json
 > {
 >   "navigationApplications": [
->     { "code": "{app}", "label": "{Application Name}", "icon": "{icon}", "route": "/business/{app-kebab}", "sort": 1 }
+>     { "code": "{app}", "label": "{Application Name}", "icon": "{icon}", "route": "/{app-kebab}", "sort": 1 }
 >   ],
 >   "applicationRoles": [
 >     { "code": "admin", "name": "{App} Admin", "permissions": "*" },
@@ -316,16 +242,16 @@ for (const entry of specification.navigation.entries) {
 >     { "code": "viewer", "name": "{App} Viewer", "permissions": "R" }
 >   ],
 >   "navigationModules": [
->     { "code": "{module}", "label": "{Module Name}", "icon": "list", "route": "/business/{app}/{module}", "parentCode": "{app}", "sort": 1 }
+>     { "code": "{module}", "label": "{Module Name}", "icon": "list", "route": "/{app}/{module}", "parentCode": "{app}", "sort": 1 }
 >   ],
 >   "navigationSections": [
->     { "code": "list", "label": "Liste", "icon": "List", "route": "/business/{app}/{module}", "parentCode": "{module}", "permission": "business.{app}.{module}.read", "sort": 1 },
->     { "code": "detail", "label": "Détail", "icon": "FileText", "route": "/business/{app}/{module}/:id", "parentCode": "{module}", "permission": "business.{app}.{module}.read", "sort": 2, "navigation": "hidden" },
->     { "code": "dashboard", "label": "Dashboard", "icon": "BarChart", "route": "/business/{app}/{module}/dashboard", "parentCode": "{module}", "permission": "business.{app}.{module}.dashboard.read", "sort": 3 }
+>     { "code": "list", "label": "Liste", "icon": "List", "route": "/{app}/{module}", "parentCode": "{module}", "permission": "{app}.{module}.read", "sort": 1 },
+>     { "code": "detail", "label": "Détail", "icon": "FileText", "route": "/{app}/{module}/:id", "parentCode": "{module}", "permission": "{app}.{module}.read", "sort": 2, "navigation": "hidden" },
+>     { "code": "dashboard", "label": "Dashboard", "icon": "BarChart", "route": "/{app}/{module}/dashboard", "parentCode": "{module}", "permission": "{app}.{module}.dashboard.read", "sort": 3 }
 >   ],
 >   "navigationResources": [
->     { "code": "{module}-grid", "type": "SmartTable", "entity": "{Entity}", "parentCode": "list", "permission": "business.{app}.{module}.read" },
->     { "code": "{module}-detail-card", "type": "DetailCard", "entity": "{Entity}", "parentCode": "detail", "permission": "business.{app}.{module}.read" }
+>     { "code": "{module}-grid", "type": "SmartTable", "entity": "{Entity}", "parentCode": "list", "permission": "{app}.{module}.read" },
+>     { "code": "{module}-detail-card", "type": "DetailCard", "entity": "{Entity}", "parentCode": "detail", "permission": "{app}.{module}.read" }
 >   ],
 >   "navigationTranslations": [
 >     { "moduleCode": "{module}", "language": "fr", "label": "..." },
@@ -334,17 +260,17 @@ for (const entry of specification.navigation.entries) {
 >     { "moduleCode": "{module}", "language": "de", "label": "..." }
 >   ],
 >   "permissions": [
->     { "path": "business.{app}.{module}.read", "action": "read", "description": "View {module}" },
->     { "path": "business.{app}.{module}.create", "action": "create", "description": "Create {module}" },
->     { "path": "business.{app}.{module}.dashboard.read", "action": "read", "description": "View {module} dashboard (section-level)" }
+>     { "path": "{app}.{module}.read", "action": "read", "description": "View {module}" },
+>     { "path": "{app}.{module}.create", "action": "create", "description": "Create {module}" },
+>     { "path": "{app}.{module}.dashboard.read", "action": "read", "description": "View {module} dashboard (section-level)" }
 >   ],
 >   "rolePermissions": [
->     { "role": "{App} Admin", "permissionPath": "business.{app}.{module}.*" },
->     { "role": "{App} Manager", "permissionPath": "business.{app}.{module}.read" }
+>     { "role": "{App} Admin", "permissionPath": "{app}.{module}.*" },
+>     { "role": "{App} Manager", "permissionPath": "{app}.{module}.read" }
 >   ],
 >   "permissionConstants": [
->     { "constantName": "{Module}Read", "path": "business.{app}.{module}.read" },
->     { "constantName": "{Module}Create", "path": "business.{app}.{module}.create" }
+>     { "constantName": "{Module}Read", "path": "{app}.{module}.read" },
+>     { "constantName": "{Module}Create", "path": "{app}.{module}.create" }
 >   ]
 > }
 > ```
@@ -355,8 +281,8 @@ for (const entry of specification.navigation.entries) {
 > **FORBIDDEN:** Do NOT use `navigationModule` (singular string), `permissions` as flat string array, `rolePermissions` as flat object, `permissionsConstants` as comma-separated string.
 >
 > **FORBIDDEN in navigation routes:**
-> - `/business/{app}/{module}/list` → use `/business/{app}/{module}` (list IS the module route)
-> - `/business/{app}/{module}/detail/:id` → use `/business/{app}/{module}/:id`
+> - `/{app}/{module}/list` → use `/{app}/{module}` (list IS the module route)
+> - `/{app}/{module}/detail/:id` → use `/{app}/{module}/:id`
 > - Navigation routes must match React Router paths exactly
 
 #### 8f-bis. Transform Sections into Navigation SeedData
@@ -500,7 +426,7 @@ State machines for entities with status/state.
 >     {
 >       "from": "draft", "to": "submitted", "action": "submit",
 >       "label": { "fr": "Soumettre", "en": "Submit" },
->       "permission": "business.{app}.{module}.update",
+>       "permission": "{app}.{module}.update",
 >       "guards": ["BR-VAL-{PREFIX}-001"],
 >       "effects": [{ "type": "notification", "target": "role:manager", "template": "{module}-submitted" }],
 >       "confirm": true
@@ -520,8 +446,8 @@ RESTful routes following SmartStack patterns.
 > ```json
 > {
 >   "method": "GET|POST|PUT|PATCH|DELETE",
->   "path": "/api/business/{app}/{module}",
->   "permission": "business.{app}.{module}.read",
+>   "path": "/api/{app}/{module}",
+>   "permission": "{app}.{module}.read",
 >   "requestDto": "Get{Module}Query",
 >   "responseDto": "{Module}Dto[]",
 >   "description": "List all records with pagination and filters"

package/templates/skills/business-analyse/steps/step-03d-validate.md

@@ -106,7 +106,7 @@ IF failures.length > 0:
 - Every FR has ≥1 linked BR
 - All BR references exist in analysis.businessRules
 - All actors appear in permissionMatrix
-- Permission paths use correct format: module-level `business.{app}.{module}.{action}` or section-level `business.{app}.{module}.{section}.{action}`
+- Permission paths use correct format: module-level `{app}.{module}.{action}` or section-level `{app}.{module}.{section}.{action}`
 - rolePermissions paths match permissions paths
 - API routes use consistent prefix
 
@@ -339,7 +339,7 @@ Display comprehensive summary:
 ### Rôles & Permissions pour {currentModule}
 | Rôle | Permissions |
 |------|------------|
-| {App} Admin | business.{app}.{module}.* |
+| {App} Admin | {app}.{module}.* |
 | {App} Manager | read, create, update, assign |
 | {App} Contributor | read, create, update |
 | {App} Viewer | read |

package/templates/skills/business-analyse/steps/step-04a-collect.md

@@ -327,9 +327,9 @@ IF workflow.mode !== "project":
 
 3. **Cross-Application Permission Path Consistency:**
    ```javascript
-   // Verify permission paths use correct context per application
+   // Verify permission paths use correct prefix per application
    for (const app of applications) {
-     const expectedPrefix = `${app.context}.${toKebabCase(app.code)}`;
+     const expectedPrefix = toKebabCase(app.code);
      for (const mod of app.modules) {
        for (const perm of mod.permissions || []) {
          if (!perm.path.startsWith(expectedPrefix)) {

package/templates/skills/business-analyse/steps/step-04b-analyze.md

@@ -23,140 +23,44 @@ Validate permission coherence, execute semantic checks, identify E2E business fl
 
 ### 3. Permission Coherence
 
-> **All modules MUST use the same application-level roles.**
+> **Reference:** Load `references/analysis-semantic-checks.md` § "Permission Coherence Checks" for complete validation logic.
 
-**3a. Role Consistency**
+**All modules MUST use the same application-level roles.**
 
-Verify all modules use the applicationRoles defined in cadrage:
-```
-FOR each module in completedModules:
-  FOR each role in module.specification.permissionMatrix.roles:
-    IF role NOT IN cadrage.applicationRoles → ERROR
-```
-
-**3b. Permission Path Format**
+Execute these checks:
 
-Verify all permission paths follow one of these patterns:
-- Module-level: `business.{app}.{module}.{action}` (4 segments)
-- Section-level: `business.{app}.{module}.{section}.{action}` (5 segments)
+**3a. Role Consistency** — Verify all modules use the applicationRoles defined in cadrage
 
-Check for:
-- Inconsistent app prefix → ERROR
-- Missing module segment → ERROR
-- Fewer than 4 segments (shortcut paths) → ERROR
-- More than 5 segments → ERROR
+**3b. Permission Path Format** — Verify paths follow 3-segment (module-level) or 4-segment (section-level) patterns
 
-**3c. Role Hierarchy Coherence**
+**3c. Role Hierarchy Coherence** — Verify: Admin ⊃ Manager ⊃ Contributor ⊃ Viewer
 
-Verify the role hierarchy is respected across all modules:
-```
-Admin ⊃ Manager ⊃ Contributor ⊃ Viewer
+**3d. Permission Conflicts** — Detect conflicts (e.g., Manager can approve in Orders but not Invoices)
+- Present conflicts to user via AskUserQuestion for intentionality confirmation
 
-FOR each module:
-  IF Admin has fewer permissions than Manager → ERROR
-  IF Manager has fewer permissions than Contributor → ERROR
-  IF Contributor has fewer permissions than Viewer → ERROR
-```
-
-**3d. Permission Conflicts**
-
-Detect conflicting permission assignments:
-```json
-{
-  "conflicts": [
-    {
-      "role": "Manager",
-      "module1": "Orders",
-      "permission1": "business.sales.orders.approve",
-      "module2": "Invoices",
-      "permission2": "business.sales.invoices.approve",
-      "issue": "Manager can approve orders but not invoices - is this intentional?"
-    }
-  ]
-}
-```
-
-Present conflicts to user via AskUserQuestion:
-```
-question: "Le Manager peut approuver les commandes mais pas les factures. Est-ce intentionnel ?"
-header: "Permissions"
-options:
-  - label: "Oui, intentionnel"
-    description: "Les factures nécessitent un niveau d'approbation supérieur"
-  - label: "Non, corriger"
-    description: "Le Manager devrait aussi pouvoir approuver les factures"
-```
-
-**3e. Permission-Role Coherence Across Modules (WARNING)**
-
-For each role defined in `cadrage.applicationRoles`, verify the permission PATTERN is consistent across ALL modules:
-
-```javascript
-// Build role-to-actions matrix per module
-const roleActions = {};
-for (const module of completedModules) {
-  const pm = module.specification.permissionMatrix;
-  for (const ra of pm.roleAssignments || []) {
-    const key = ra.role;
-    if (!roleActions[key]) roleActions[key] = {};
-    roleActions[key][module.code] = ra.permissions.map(p => p.split('.').pop()); // extract action
-  }
-}
-
-// Detect inconsistencies: role has action X in module A but not in module B
-for (const [role, modules] of Object.entries(roleActions)) {
-  const allActions = new Set(Object.values(modules).flat());
-  for (const [mod, actions] of Object.entries(modules)) {
-    for (const action of allActions) {
-      if (!actions.includes(action)) {
-        // Role has this action in other modules but NOT in this one
-        const otherMods = Object.entries(modules).filter(([m, a]) => a.includes(action)).map(([m]) => m);
-        console.warn(`WARNING: permission-role-coherence: ${role} has "${action}" in [${otherMods.join(', ')}] but NOT in ${mod}`);
-      }
-    }
-  }
-}
-```
-
-Store as semantic check with severity WARNING (not ERROR — some permission differences may be intentional):
-```json
-{
-  "check": "permission-role-coherence",
-  "status": "WARNING",
-  "details": "Contributor has 'create' in [Projects, TimeManagement] but NOT in Employees — verify if intentional"
-}
-```
+**3e. Permission-Role Coherence Across Modules (WARNING)** — For each role, verify permission PATTERN is consistent across ALL modules
+- Some permission differences may be intentional (store as WARNING, not ERROR)
 
 ### 4. Semantic Validation (MANDATORY)
 
-For EACH module feature.json, execute these checks:
-
-| # | Check | Rule | Severity |
-|---|-------|------|----------|
-| 1 | Permission orpheline | Every permissionMatrix.permissions[].path is used by at least one useCases[].permission | WARNING |
-| 2 | UC sans FR | Every useCases[].id is referenced by at least one functionalRequirements[].linkedUseCases[] | WARNING |
-| 3 | Entity sans endpoint | Every entities[].name has at least one endpoint in apiEndpoints[] | WARNING |
-| 4 | UC sans scenario | Every useCases[].mainScenario has at least 2 steps | WARNING |
-| 5 | Role sans permissions | Every applicationRole has at least one entry in roleAssignments[] | WARNING |
-| 6 | Navigation sans traduction | Every navigation.entries[].code has translations in 4 languages in seedDataCore.navigationTranslations[] | ERROR |
-| 7 | LifeCycle terminal | Every lifeCycles[].states[] has at least one state with isTerminal: true | WARNING |
-| 8 | Schema conformity | No custom fields outside defined schema (no KPIDefinitions, ChartConfigurations, etc.) | ERROR |
-| 9 | Wireframe coverage | Every navigation section has a corresponding uiWireframes[].screen | ERROR |
-| 10 | Doublon entity | No entity with same name in two different modules (unless shared via dependencyGraph) | ERROR |
-| 11 | Permission fantome | Every action used in applicationRoles pattern (read, create, update, delete, assign, export, approve) MUST exist as a permission path in permissionMatrix.permissions[].action for at least one module | ERROR |
-| 12 | Dashboard coverage | If cadrage mentions dashboard for a module OR navigation includes "dashboard" section, then specification.dashboards[] MUST NOT be empty | WARNING |
-| 13 | Permission-UC alignment | Every permission.action (except "read" and wildcard "*") MUST have at least one UC where that permission is referenced in useCases[].permission | WARNING |
-
-Store results in consolidation.semanticChecks[]:
-```json
-{
-  "check": "permission-orpheline",
-  "module": "RepairManagement",
-  "status": "PASS|WARNING|ERROR",
-  "details": "Permission business.freebike.repairmanagement.export not referenced by any UC",
-  "autoFixed": false
-}
-```
+> **Reference:** Load `references/analysis-semantic-checks.md` for complete semantic check definitions and blocking rules.
+
+For EACH module feature.json, execute 13 checks:
+- Permission orpheline (WARNING)
+- UC sans FR (WARNING)
+- Entity sans endpoint (WARNING)
+- UC sans scenario (WARNING)
+- Role sans permissions (WARNING)
+- Navigation sans traduction (ERROR)
+- LifeCycle terminal (WARNING)
+- Schema conformity (ERROR)
+- Wireframe coverage (ERROR)
+- Doublon entity (ERROR)
+- Permission fantome (ERROR)
+- Dashboard coverage (WARNING)
+- Permission-UC alignment (WARNING)
+
+Store results in consolidation.semanticChecks[] with format: {check, module, status, details, autoFixed}
 
 **Blocking rule:**
 - 0 ERROR → PASS
@@ -179,47 +83,25 @@ See [references/consolidation-structural-checks.md](../references/consolidation-
 
 ### 5. End-to-End Flows
 
-Identify business processes that span multiple modules:
-
-```json
-{
-  "e2eFlows": [
-    {
-      "name": "Order to Invoice",
-      "steps": [
-        { "module": "Customers", "action": "Customer exists", "permission": "customers.read" },
-        { "module": "Products", "action": "Products selected", "permission": "products.read" },
-        { "module": "Orders", "action": "Order created", "permission": "orders.create" },
-        { "module": "Orders", "action": "Order approved", "permission": "orders.approve" },
-        { "module": "Invoices", "action": "Invoice generated", "permission": "invoices.create" },
-        { "module": "Invoices", "action": "Invoice sent", "permission": "invoices.update" }
-      ],
-      "actors": ["Contributor (create)", "Manager (approve)"],
-      "data": "Customer → Order → OrderLines (Products) → Invoice → InvoiceLines"
-    }
-  ]
-}
-```
+> **Reference:** Load `references/analysis-semantic-checks.md` § "E2E Flow Template" for the complete format.
 
-Display each E2E flow as a diagram:
-```
-Customer ──[read]──→ Order ──[create]──→ Order ──[approve]──→ Invoice ──[create]──→ Invoice ──[send]──→
-  (Customers)         (Orders)            (Orders)              (Invoices)            (Invoices)
-  Contributor         Contributor          Manager               System                Manager
-```
+Identify business processes that span multiple modules:
+- Build flow with module → action → permission chain
+- List actors involved and their roles
+- Map data flow (entities referenced across modules)
+- Display as diagrams for user understanding
 
 ### 6. Global Risk Assessment
 
-Evaluate application-level risks:
+> **Reference:** Load `references/analysis-semantic-checks.md` § "Global Risk Assessment Metrics" for complete evaluation.
 
-| Risk | Metric | Threshold | Status |
-|------|--------|-----------|--------|
-| Total entities | {sum across modules} | ≤20 | PASS/WARNING |
-| Total BRs | {sum across modules} | ≤50 | PASS/WARNING |
-| Cross-module dependencies | {edge count} | ≤10 | PASS/WARNING |
-| Shared entities | {count} | ≤5 | PASS/WARNING |
-| E2E flow length | {max steps} | ≤8 | PASS/WARNING |
-| Permission paths | {total} | ≤100 | PASS/WARNING |
+Evaluate application-level risks using these metrics:
+- Total entities (≤20)
+- Total BRs (≤50)
+- Cross-module dependencies (≤10)
+- Shared entities (≤5)
+- E2E flow length (≤8 steps max)
+- Permission paths (≤100)
 
 ### 7. Consolidation Summary
 

package/templates/skills/business-analyse/steps/step-04c-decide.md

@@ -80,7 +80,7 @@ ba-writer.enrichSection({
         "name": "Order to Invoice",
         "modules": ["Customers", "Orders", "Invoices"],
         "steps": [
-          { "module": "Orders", "action": "Create order", "permission": "business.sales.orders.create", "dataFlow": "Customer → Order" }
+          { "module": "Orders", "action": "Create order", "permission": "sales.orders.create", "dataFlow": "Customer → Order" }
         ]
       }
     ],