npm - @atlashub/smartstack-cli - Versions diffs - 3.4.0 → 3.5.0 - Mend

@atlashub/smartstack-cli 3.4.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/templates/skills/ralph-loop/steps/step-01-task.md CHANGED Viewed

@@ -136,7 +136,10 @@ function transformPrdJsonToRalphV2(prdJson, moduleCode) {
     { key: "tests",          category: "test" }
   ];
-  const filesToCreate = prdJson.implementation?.filesToCreate || {};
+  // Support BOTH formats: nested (from ss derive-prd) and flat (LLM-generated)
+  const filesToCreate = prdJson.implementation?.filesToCreate
+                     || prdJson.filesToCreate
+                     || {};
   // 1. Generate tasks from implementation.filesToCreate (primary source)
   //    CRITICAL: Frontend and i18n tasks are CONSOLIDATED into ONE module-level task each.
@@ -175,15 +178,23 @@ function transformPrdJsonToRalphV2(prdJson, moduleCode) {
       }
       // Build acceptance criteria from linked FRs and UCs
+      // Support both nested (requirements.functionalRequirements) and flat (functionalRequirements) formats
+      const allFRs = prdJson.requirements?.functionalRequirements || prdJson.functionalRequirements || [];
       const linkedFRs = (fileSpec.linkedFRs || [])
         .map(frId => {
-          const fr = prdJson.requirements?.functionalRequirements?.find(f => f.id === frId);
+          const fr = allFRs.find(f => f.id === frId);
           return fr ? fr.statement : frId;
         });
-      const criteria = linkedFRs.length > 0
+      let criteria = linkedFRs.length > 0
         ? `Implements: ${linkedFRs.join("; ")}`
         : `File ${fileSpec.path} created and compiles correctly`;
+      // Enhance acceptance criteria for API tasks with permission enforcement
+      const permMatrix = prdJson.architecture?.permissionMatrix || prdJson.permissionMatrix;
+      if (layer.category === "api" && permMatrix?.permissions?.length > 0) {
+        criteria += "; MANDATORY: [RequirePermission] attributes on every endpoint (NOT [Authorize])";
+      }
       tasks.push({
         id: taskId,
         description: fileSpec.description
@@ -273,18 +284,250 @@ function transformPrdJsonToRalphV2(prdJson, moduleCode) {
     taskId++;
   }
+  // 1d. GUARDRAIL: Inject missing layer tasks when filesToCreate is incomplete
+  //     This handles LLM-generated PRDs that omit layers present in the source data.
+  //     Uses architecture data (entities, apiEndpoints, sections, wireframes) as fallback.
+  const entities = prdJson.architecture?.entities || prdJson.entities || [];
+  const apiEndpoints = prdJson.architecture?.apiEndpoints || prdJson.apiEndpoints || [];
+  const sections = prdJson.architecture?.sections || prdJson.sections || [];
+  const wireframes = prdJson.specification?.uiWireframes || prdJson.uiWireframes || [];
+  const dashboards = prdJson.specification?.dashboards || prdJson.dashboards || [];
+  const hasDomainTasks = tasks.some(t => t.category === 'domain');
+  const hasInfraTasks = tasks.some(t => t.category === 'infrastructure');
+  const hasApiTasks = tasks.some(t => t.category === 'api');
+  const hasFrontendTasks = frontendFiles.length > 0; // Already handled in 1b
+  const hasTestTasks = tasks.some(t => t.category === 'test');
+  // INJECT consolidated infrastructure task if missing
+  if (!hasInfraTasks && entities.length > 0) {
+    const domainDepId = lastIdByCategory["domain"];
+    tasks.push({
+      id: taskId,
+      description: `[infrastructure] Create EF Core configurations, services, and seed data for module ${moduleCode} (${entities.length} entities)`,
+      status: "pending",
+      category: "infrastructure",
+      dependencies: domainDepId ? [domainDepId] : [],
+      acceptance_criteria: `EF Core configs for all ${entities.length} entities; Service implementations; DbSet in ExtensionsDbContext; DI registration; Seed data`,
+      started_at: null, completed_at: null, iteration: null, commit_hash: null,
+      files_changed: { created: [], modified: [] },
+      validation: null, error: null, module: moduleCode
+    });
+    lastIdByCategory["infrastructure"] = taskId;
+    taskId++;
+    console.log(`⚠️ GUARDRAIL: Injected missing [infrastructure] task from ${entities.length} entities`);
+  }
+  // INJECT consolidated API task if missing
+  if (!hasApiTasks && apiEndpoints.length > 0) {
+    const appDepId = lastIdByCategory["application"] || lastIdByCategory["infrastructure"];
+    const permMatrix = prdJson.architecture?.permissionMatrix || prdJson.permissionMatrix;
+    const hasPermissions = permMatrix?.permissions?.length > 0;
+    tasks.push({
+      id: taskId,
+      description: `[api] Create API controllers for module ${moduleCode} (${apiEndpoints.length} endpoints)`,
+      status: "pending",
+      category: "api",
+      dependencies: appDepId ? [appDepId] : [],
+      acceptance_criteria: [
+        `Controllers for all ${apiEndpoints.length} endpoints`,
+        hasPermissions
+          ? "MANDATORY: [RequirePermission(Permissions.{Action})] on EVERY endpoint (NOT generic [Authorize])"
+          : "Authorization attributes",
+        "Swagger docs"
+      ].join("; "),
+      started_at: null, completed_at: null, iteration: null, commit_hash: null,
+      files_changed: { created: [], modified: [] },
+      validation: null, error: null, module: moduleCode
+    });
+    lastIdByCategory["api"] = taskId;
+    taskId++;
+    console.log(`⚠️ GUARDRAIL: Injected missing [api] task from ${apiEndpoints.length} endpoints`);
+  }
+  // CRITICAL: INJECT consolidated frontend task if missing
+  // This is the MOST COMMON failure mode — LLM-generated PRDs often omit frontend
+  if (!hasFrontendTasks && (sections.length > 0 || wireframes.length > 0 || apiEndpoints.length > 0)) {
+    const apiDepId = lastIdByCategory["api"] || lastIdByCategory["application"];
+    // Derive frontend file list from available data sources
+    const derivedFrontendFiles = [];
+    // From wireframes → pages
+    for (const wf of wireframes) {
+      const screenId = wf.screen || wf.id;
+      derivedFrontendFiles.push({
+        path: `web/src/pages/${moduleCode}/${screenId}.tsx`,
+        type: screenId.includes('dashboard') ? 'DashboardPage' : 'Page',
+        linkedWireframes: [screenId],
+        linkedUCs: wf.linkedUCs || [],
+      });
+    }
+    // From dashboards → dashboard pages (if not already from wireframes)
+    for (const dash of dashboards) {
+      const dashId = dash.code || dash.id;
+      if (!derivedFrontendFiles.some(f => f.path.includes(dashId))) {
+        derivedFrontendFiles.push({
+          path: `web/src/pages/${moduleCode}/${dashId}.tsx`,
+          type: 'DashboardPage',
+          linkedWireframes: [dashId],
+          dashboardRef: dashId,
+        });
+      }
+    }
+    // From API endpoints → API client service
+    if (apiEndpoints.length > 0) {
+      derivedFrontendFiles.push({
+        path: `web/src/services/api/${moduleCode}Api.ts`,
+        type: 'ApiService',
+      });
+    }
+    const allWireframeIds = derivedFrontendFiles.flatMap(f => f.linkedWireframes || []);
+    tasks.push({
+      id: taskId,
+      description: `[frontend] Generate COMPLETE frontend for module ${moduleCode} via MCP scaffold tools (${derivedFrontendFiles.length} files: pages, components, hooks, API client)`,
+      status: "pending",
+      category: "frontend",
+      dependencies: apiDepId ? [apiDepId] : [],
+      acceptance_criteria: [
+        "MCP scaffold_api_client called → API client + types generated",
+        "MCP scaffold_routes called → routes.tsx updated with nested routes inside Layout wrapper",
+        allWireframeIds.length > 0 ? "Pages match wireframes: " + allWireframeIds.join(", ") : "Pages created for all UI sections",
+        "SmartTable for lists (NOT HTML tables), EntityCard for grids (NOT custom divs)",
+        "CSS variables ONLY (NO hardcoded Tailwind colors like bg-blue-600)",
+        "useNavigate + useParams for routing, NOT window.location",
+        "Loading/error/empty states on all pages",
+        "4-language i18n keys (fr, en, it, de)",
+        "npm run typecheck passes"
+      ].join("; "),
+      started_at: null, completed_at: null, iteration: null, commit_hash: null,
+      files_changed: { created: derivedFrontendFiles.map(f => f.path), modified: [] },
+      validation: null, error: null, module: moduleCode,
+      _frontendMeta: {
+        wireframes: allWireframeIds,
+        filesToCreate: derivedFrontendFiles,
+        source: "guardrail-derived"
+      }
+    });
+    lastIdByCategory["frontend"] = taskId;
+    taskId++;
+    console.log(`⚠️ GUARDRAIL: Injected missing [frontend] task derived from ${wireframes.length} wireframes + ${dashboards.length} dashboards + ${apiEndpoints.length} endpoints`);
+    // Also inject i18n task if not already present
+    if (i18nFiles.length === 0) {
+      tasks.push({
+        id: taskId,
+        description: `[i18n] Generate i18n translations for module ${moduleCode} (4 languages: fr, en, it, de)`,
+        status: "pending",
+        category: "i18n",
+        dependencies: [lastIdByCategory["frontend"]],
+        acceptance_criteria: "4 JSON files (fr, en, it, de) with identical keys; all UI labels translated",
+        started_at: null, completed_at: null, iteration: null, commit_hash: null,
+        files_changed: { created: [], modified: [] },
+        validation: null, error: null, module: moduleCode
+      });
+      lastIdByCategory["i18n"] = taskId;
+      taskId++;
+    }
+  }
+  // INJECT consolidated test task if missing
+  if (!hasTestTasks && entities.length > 0) {
+    const apiDepId = lastIdByCategory["api"] || lastIdByCategory["application"];
+    tasks.push({
+      id: taskId,
+      description: `[test] Create unit and integration tests for module ${moduleCode}`,
+      status: "pending",
+      category: "test",
+      dependencies: apiDepId ? [apiDepId] : [],
+      acceptance_criteria: "Domain unit tests + service unit tests + controller integration tests; dotnet test passes; coverage >= 80%",
+      started_at: null, completed_at: null, iteration: null, commit_hash: null,
+      files_changed: { created: [], modified: [] },
+      validation: null, error: null, module: moduleCode
+    });
+    lastIdByCategory["test"] = taskId;
+    taskId++;
+    console.log(`⚠️ GUARDRAIL: Injected missing [test] task`);
+  }
+  // 1e. GUARDRAIL: Inject seedData tasks when core seed data exists but filesToCreate.seedData is empty
+  //     This is the MOST CRITICAL guardrail — without core seed data, the application has:
+  //     - No navigation menu entries
+  //     - No RBAC permissions in the database
+  //     - No role-permission mappings
+  //     - Controllers accessible to ANY authenticated user
+  const coreSeedData = prdJson.seedData?.core
+                    || prdJson.seedDataCore
+                    || prdJson.specification?.seedDataCore;
+  const hasSeedDataTasks = (filesToCreate["seedData"]?.length ?? 0) > 0;
+  const hasSeedDataInTasks = tasks.some(t =>
+    t.description?.includes("SeedData") || t.description?.includes("seed data"));
+  if (coreSeedData && !hasSeedDataTasks && !hasSeedDataInTasks) {
+    const infraDepId = lastIdByCategory["infrastructure"] || lastIdByCategory["domain"];
+    // Derive navigation/permissions/roles from coreSeedData
+    const navModules = coreSeedData.navigationModules || coreSeedData.navigation || [];
+    const permissions = coreSeedData.permissions || [];
+    const rolePerms = coreSeedData.rolePermissions || [];
+    // Inject consolidated core seedData task
+    tasks.push({
+      id: taskId,
+      description: `[infrastructure] Create core seed data files for module ${moduleCode}: NavigationModuleSeedData, PermissionsSeedData, RolesSeedData, SeedConstants`,
+      status: "pending",
+      category: "infrastructure",
+      dependencies: infraDepId ? [infraDepId] : [],
+      acceptance_criteria: [
+        `NavigationModuleSeedData.cs with ${navModules.length} navigation module(s)`,
+        `PermissionsSeedData.cs with ${permissions.length} permission(s) from seedData.core`,
+        `RolesSeedData.cs with ${rolePerms.length} role-permission mapping(s)`,
+        "SeedConstants.cs with deterministic GUIDs",
+        "All seed data classes are static with GetSeedData() method"
+      ].join("; "),
+      started_at: null, completed_at: null, iteration: null, commit_hash: null,
+      files_changed: { created: [
+        `src/Infrastructure/Persistence/Seeding/Data/${moduleCode}/NavigationModuleSeedData.cs`,
+        `src/Infrastructure/Persistence/Seeding/Data/${moduleCode}/PermissionsSeedData.cs`,
+        `src/Infrastructure/Persistence/Seeding/Data/${moduleCode}/RolesSeedData.cs`,
+        "src/Infrastructure/Persistence/Seeding/Data/SeedConstants.cs"
+      ], modified: [] },
+      validation: null, error: null, module: moduleCode,
+      _seedDataMeta: { source: "guardrail-derived", coreSeedData }
+    });
+    lastIdByCategory["infrastructure"] = taskId;
+    taskId++;
+    console.log(`GUARDRAIL: Injected missing [infrastructure] core seed data task from seedData.core (${navModules.length} nav, ${permissions.length} perms, ${rolePerms.length} roles)`);
+  }
   // 2. Add IClientSeedDataProvider task for client projects (ExtensionsDbContext)
   // This is MANDATORY - without it, core seed data (navigation, permissions, roles) is dead code
   const hasClientSeedData = filesToCreate["seedData"]?.some(f =>
     f.type === "IClientSeedDataProvider" || f.path?.includes("SeedDataProvider"));
-  if (!hasClientSeedData && filesToCreate["seedData"]?.length > 0) {
+  const hasProviderInTasks = tasks.some(t =>
+    t.description?.includes("IClientSeedDataProvider") || t.description?.includes("SeedDataProvider"));
+  // Trigger when: seedData files exist OR coreSeedData exists (fallback for incomplete PRDs)
+  if (!hasClientSeedData && !hasProviderInTasks &&
+      (filesToCreate["seedData"]?.length > 0 || coreSeedData)) {
     tasks.push({
       id: taskId,
-      description: `[infrastructure] Create IClientSeedDataProvider to inject core seed data at runtime`,
+      description: `[infrastructure] Create IClientSeedDataProvider to inject core seed data (navigation, permissions, roles) at runtime`,
       status: "pending",
       category: "infrastructure",
       dependencies: [lastIdByCategory["infrastructure"] || lastIdByCategory["domain"]].filter(Boolean),
-      acceptance_criteria: "IClientSeedDataProvider implements SeedNavigationAsync, SeedPermissionsAsync, SeedRolePermissionsAsync; registered in DI",
+      acceptance_criteria: [
+        "Implements IClientSeedDataProvider with SeedNavigationAsync, SeedPermissionsAsync, SeedRolePermissionsAsync",
+        "Registered in DI: services.AddScoped<IClientSeedDataProvider, {AppPascalName}SeedDataProvider>()",
+        "All methods are idempotent (check existence before inserting)",
+        "Consumes seed data from NavigationModuleSeedData, PermissionsSeedData, RolesSeedData"
+      ].join("; "),
       started_at: null, completed_at: null, iteration: null, commit_hash: null,
       files_changed: { created: ["src/Infrastructure/Persistence/Seeding/{AppPascalName}SeedDataProvider.cs"], modified: ["src/Infrastructure/DependencyInjection.cs"] },
       validation: null, error: null, module: moduleCode