@atlashub/smartstack-cli 4.74.0 → 4.76.0

package/templates/skills/business-analyse/questionnaire.md

@@ -3,7 +3,7 @@
 > **Usage:** Structured questions for step-01-cadrage and step-03-specify
 > **Standard:** BABOK v3 - Elicitation Techniques (Interactive analysis)
 > **Model:** OPUS with ULTRATHINK
-> **Total:** ~20 targeted questions across 4 active questionnaire files
+> **Total:** ~15 targeted questions across 4 active questionnaire files
 
 ---
 
@@ -32,10 +32,55 @@
 
 ## Questionnaire Files (v2)
 
+### Classification des questions
+
+| Marqueur | Signification |
+|----------|---------------|
+| **OBLIGATOIRE** | DOIT etre posee dans tous les cas |
+| **CONDITIONNEL** | Posee uniquement si la condition est remplie |
+| **RELANCE** | Posee si la reponse precedente est vague |
+
+#### Questionnaire 01 (cadrage)
+- Q1.1 : OBLIGATOIRE
+- Q1.4 : CONDITIONNEL (si problem_type = "replace" ou "automate" — pas pour systemes neufs)
+- Q1.8 : OBLIGATOIRE
+
+#### Questionnaire 02 (cadrage)
+- Q2.1 : OBLIGATOIRE
+- Q2.5 : OBLIGATOIRE
+- Q2.9 : OBLIGATOIRE
+- Q2.10 : OBLIGATOIRE
+- Q2.11 : OBLIGATOIRE
+- Q2.15 : OBLIGATOIRE
+- Q2.19 : CONDITIONNEL (si brief mentionne un systeme externe ou integration)
+- Q2.20 : CONDITIONNEL (si brief mentionne migration ou import de donnees)
+
+> **Questions SUPPRIMEES (v3) :**
+> - Q2.12 (lister features) : redondant — l'IA detecte les modules depuis le brief, la reformulation (phase 2) sert de validation
+> - Q2.13 (classifier vital/important/optionnel) : inutile — SmartStack construit tous les modules, la classification ne change rien au code genere
+> - Q2.16-Q2.18 (parcours, decisions, erreurs) : **deplaces vers step-03** — alimentent directement les use cases, evite la duplication
+
+#### Questionnaire 03 (specification, par module)
+- Q3.1 : OBLIGATOIRE
+- Q3.2 : OBLIGATOIRE
+- Q3.3 : OBLIGATOIRE
+- Q3.5 : OBLIGATOIRE
+- Q3.7 : OBLIGATOIRE
+- Q3.8 : CONDITIONNEL (si entites avec relations temporelles)
+- Q3.9 : OBLIGATOIRE
+- Q3.10 : CONDITIONNEL (premier module uniquement, reutilise ensuite)
+- Q3.11-Q3.13 : CONDITIONNEL (couvert par /business-analyse-design)
+- Q3.14-Q3.16 : CONDITIONNEL (si dashboard mentionne dans cadrage)
+- Q3.17 : OBLIGATOIRE
+- Q3.19 : OBLIGATOIRE
+- Q3.20 : OBLIGATOIRE
+- Q3.21 : OBLIGATOIRE
+- Q3.22 : CONDITIONNEL (si Q3.21 = oui)
+
 | File | Questions | Phase | Focus |
 |------|-----------|-------|-------|
-| `questionnaire/01-context.md` | 3 | step-01-cadrage | Business process, friction points, vision |
-| `questionnaire/02-stakeholders-scope.md` | 10 | step-01-cadrage | User profiles, access levels, scope boundaries |
+| `questionnaire/01-context.md` | 2-3 | step-01-cadrage | Business process, vision (+ friction points si remplacement) |
+| `questionnaire/02-stakeholders-scope.md` | 6-8 | step-01-cadrage | User profiles, access levels, exclusions (+ integrations/import si pertinent) |
 | `questionnaire/03-data-ui.md` | ~15 | step-03-specify (per module) | Data entities, UI expectations, dashboards |
 | `questionnaire/04-risks-metrics.md` | — | NOT USED | Risks/metrics out of BA scope |
 | `questionnaire/05-cross-module.md` | ~8 | step-03-specify (conditional) | Cross-module dependencies, integration impact |
@@ -51,13 +96,23 @@
 | step-01-cadrage | 01-context, 02-stakeholders-scope |
 | step-03-specify (par module) | 03-data-ui, conditionnellement 05-cross-module |
 
-### Phase de cadrage (step-01)
+### Phase de cadrage (step-01) — 3 batches
+
+> **Principe vibe coding :** L'utilisateur decrit son besoin, l'IA deduit et propose. Les questions servent a CONFIRMER et APPROFONDIR, pas a interroger.
+
+**Batch 1 — Contexte & Vision** (Q1.1, Q1.8, + Q1.4 si remplacement) :
+- Processus metier, vision cible, frictions (si applicable)
 
-1. **Début :** Commencer par 01-context (contexte métier, identité application)
-2. **Adapter :** Sauter les questions non pertinentes selon le contexte
-3. **Approfondir :** Poser des questions de relance sur les réponses vagues
-4. **Challenger :** Ne pas accepter "on verra plus tard" sur les fonctionnalités indispensables
-5. **Par lots :** Présenter 3 a 4 questions par interaction (AskUserQuestion)
+**Batch 2 — Utilisateurs & Acces** (Q2.1, Q2.5, Q2.9-Q2.11) :
+- Profils, taches, restrictions, droits, validations
+
+**Batch 3 — Perimetre & Limites** (Q2.15, + Q2.19/Q2.20 si pertinent) :
+- Exclusions, integrations (conditionnel), import (conditionnel)
+
+**Regles :**
+1. **Adapter :** Sauter les questions non pertinentes selon le contexte
+2. **Approfondir :** Poser des questions de relance sur les reponses vagues
+3. **Challenger :** Ne pas accepter "on verra plus tard" sur les fonctionnalites indispensables
 
 ### Phase de specification (step-03)
 
@@ -72,6 +127,28 @@ Pour chaque réponse vague, utiliser :
 - "Que se passe-t-il si cette règle n'est pas respectée ?"
 - "Qui est impacté par cette décision ?"
 
+### Mode Auto-déduction (step-03)
+
+> **Par défaut, step-03 utilise l'auto-déduction avec confirmation groupée.**
+> L'IA propose entités, règles, UCs et permissions basées sur le cadrage + recherche domaine,
+> puis demande une confirmation par lot au lieu de poser chaque question individuellement.
+
+| Mode | Déclencheur | Comportement |
+|------|------------|-------------|
+| **Auto-déduction** (défaut) | Cadrage complet + domaine clair | Proposition → confirmation groupée → questions ciblées si ambigu |
+| **Interactif** | Cadrage incomplet ou domaine inconnu | Questions individuelles Q3.1-Q3.22 |
+
+**Workflow auto-déduction :**
+1. L'IA construit la proposition à partir du cadrage + recherche domaine (A-bis)
+2. Présente le LOT complet : "Voici ce que je propose. Corrections ?"
+3. Le client valide, corrige ou demande des détails
+4. Les questions détaillées ne sont posées QUE pour les points ambigus
+
+**Traçabilité :** Le mode utilisé est tracé dans `config.json` : `specificationMode: "auto-deduction" | "interactive"`
+
+> **IMPORTANT :** L'auto-déduction ne dispense PAS de la validation client.
+> Chaque lot (entités, règles, UCs, permissions) DOIT être confirmé avant écriture.
+
 ### Filtre de pertinence
 
 Chaque question conservée passe ce test :

package/templates/skills/business-analyse/references/03-json-schemas.md

@@ -0,0 +1,221 @@
+# JSON Schemas (step-03-specify)
+
+## Entity Schema Format
+
+```json
+{
+  "name": "Employee",
+  "description": "Représente un employé de l'entreprise",
+  "personRoleConfig": { "variant": "mandatory", "userFields": ["firstName", "lastName", "email"] },
+  "attributes": [
+    { "name": "code", "type": "string", "required": true, "unique": true, "searchable": true, "description": "Identifiant unique auto-généré" },
+    { "name": "userId", "type": "string", "required": true, "unique": true, "description": "FK vers auth_Users (ASP.NET Identity — type string, NOT guid)" },
+    { "name": "departmentId", "type": "guid", "required": true, "description": "Département d'affectation" },
+    { "name": "hireDate", "type": "date", "required": true, "searchable": true, "description": "Date d'embauche" },
+    { "name": "position", "type": "string", "searchable": true, "description": "Poste occupé" },
+    { "name": "status", "type": "enum", "options": ["Active", "Inactive", "OnLeave", "Terminated"], "defaultValue": "Active", "searchable": true, "description": "Statut de l'employé" }
+  ],
+  "versionedAttributes": [
+    { "entity": "Salary", "attributes": ["grossAmount", "netAmount", "effectiveDate", "currency"], "reason": "Historique salarial versionné" }
+  ],
+  "estimatedVolume": { "monthly": 50, "total2y": 1200 },
+  "searchableFields": ["code", "position", "status"],
+  "defaultFilters": ["status"],
+  "relationships": [
+    { "target": "Department", "type": "ManyToOne", "description": "Appartient à un département" },
+    { "target": "Contract", "type": "OneToMany", "description": "Possède plusieurs contrats" },
+    { "target": "Salary", "type": "OneToMany", "description": "Historique de salaires versionnés" }
+  ]
+}
+```
+
+**Attribute flags (OPTIONAL, default: false):**
+- `unique: true` — attribute has uniqueness constraint (e.g., `code`, `userId`)
+- `searchable: true` — attribute appears in search/filter results (e.g., `code`, `status`, `position`)
+- `computed: true` — attribute value is calculated (e.g., `subtotal`, `total`). **MUST** have a corresponding `BR-CALC` rule with `formula` field
+
+Omit flags when `false` (default). Include explicitly when `true`.
+
+## Business Rules Schema Format
+
+> **Source of truth:** `schemas/sections/analysis-schema.json` property `businessRules`.
+
+```json
+{
+  "id": "BR-VAL-EMPLOYEES-001",
+  "name": "Validation date embauche",
+  "category": "validation",
+  "sectionCode": "list",
+  "statement": "La date d'embauche ne peut pas être dans le futur",
+  "severity": "blocking",
+  "entities": ["Employee"],
+  "examples": [{ "input": "hireDate = 2027-01-01", "expected": "Erreur : date dans le futur" }],
+  "domainSpecific": false
+}
+```
+
+Categories: `validation`, `calculation`, `workflow`, `security`, `data`, `notification`
+
+**Mandatory requirements:**
+- Each enum attribute MUST have a `defaultValue`
+- Each bounded numeric attribute MUST have `validation.min/max`
+- FK attributes to Identity (userId) MUST use type `string` (ASP.NET Identity convention)
+- Each attribute marked "computed" in entities.json MUST have a rule with `category: "calculation"` and `formula` field
+
+**Calculation rule example:**
+```json
+{
+  "id": "BR-CALC-INV-003",
+  "name": "Calcul reste à payer",
+  "category": "calculation",
+  "sectionCode": "detail",
+  "statement": "Le reste à payer = total - montant payé",
+  "severity": "blocking",
+  "formula": "remainingAmount = total - paidAmount",
+  "entities": ["Invoice"],
+  "examples": [{ "input": "total=1000, paidAmount=300", "expected": "remainingAmount = 700" }],
+  "domainSpecific": false
+}
+```
+
+**MANDATORY enrichment fields (added in v2):**
+- `severity` : `"blocking"` | `"warning"` | `"info"` — impact level of the rule
+- `sectionCode` : section where this rule applies (e.g., `"list"`, `"approve"`)
+- `examples[]` : structured as `{input: string, expected: string}` — at least 1 per rule
+  ```json
+  "examples": [{ "input": "debut=15/03 fin=12/03", "expected": "Erreur : date de fin avant date de debut" }]
+  ```
+
+**RECOMMENDED enrichment fields:**
+- `conditions[]` : structured IF conditions — `{entity, field, operator, value}`
+  ```json
+  "conditions": [{ "entity": "Absence", "field": "duration", "operator": ">", "value": 3 }]
+  ```
+- `consequences[]` : side effects when rule fires — `{type, target, description}`
+  ```json
+  "consequences": [{ "type": "notification", "target": "RH Manager", "description": "Certificat medical requis" }]
+  ```
+- `formula` : for BR-CALC rules (e.g., `"remaining = entitled + carried - taken"`)
+- `domainSpecific` : `true` if from domain research, `false` if generic CRUD validation
+
+## Use Cases Schema Format
+
+**CANONICAL FORMAT (MANDATORY):** The usecases.json file MUST use these exact keys:
+- Root key: `"useCases"` (camelCase, NOT "usecases")
+- Actor field: `"primaryActor"` (NOT "actor")
+- Steps field: `"mainScenario"` (string[], NOT "steps" with objects)
+- Alternatives: `"alternativeScenarios"` (object[] with `{name, steps}`, NOT "alternative" as flat string)
+- This matches specification-schema.json. Deviation causes normalization overhead in 4+ downstream skills.
+
+```json
+{
+  "useCases": [
+    {
+      "id": "UC-EMPLOYEES-001",
+      "name": "Créer un employé",
+      "sectionCode": "list",
+      "primaryActor": "Responsable RH",
+      "preconditions": ["L'utilisateur a la permission HumanResources.Employees.Create"],
+      "mainScenario": [
+        "L'utilisateur ouvre la page de création",
+        "Il remplit les champs obligatoires (nom, département, date embauche)",
+        "Il valide le formulaire",
+        "Le système vérifie les règles métier (BR-VAL-EMPLOYEES-001)",
+        "Le système crée l'employé et affiche la fiche"
+      ],
+      "alternativeScenarios": [
+        {
+          "name": "Données invalides",
+          "steps": ["Le système affiche les erreurs de validation", "L'utilisateur corrige et re-soumet"]
+        }
+      ],
+      "businessRules": ["BR-VAL-EMPLOYEES-001"],
+      "result": "L'employé est créé avec le statut 'Actif'"
+    }
+  ]
+}
+```
+
+**MANDATORY enrichment fields (activated in v2):**
+- `postconditions[]` : effects AFTER the UC completes (schema field exists, now mandatory)
+  ```json
+  "postconditions": ["Absence.status = Approved", "AbsenceBalance.taken += duration", "Notification envoyee"]
+  ```
+- `errorScenarios[]` : error paths — MANDATORY for workflow UCs (schema field exists, now mandatory)
+  ```json
+  "errorScenarios": [{ "name": "Solde insuffisant", "steps": ["Systeme affiche le solde restant", "Soumission bloquee"] }]
+  ```
+
+**Minimum requirements:**
+- Workflow UCs: `mainScenario[]` >= 5 steps, `errorScenarios[]` >= 1, `postconditions[]` required
+- CRUD UCs: `mainScenario[]` >= 3 steps, `postconditions[]` required
+
+## Permissions Schema Format
+
+```json
+{
+  "roles": ["RH Admin", "Manager", "Employee"],
+  "matrix": [
+    { "role": "RH Admin", "permissions": ["Read", "Create", "Update", "Delete", "Export"] },
+    { "role": "Manager", "permissions": ["Read", "Export"] },
+    { "role": "Employee", "permissions": ["Read"] }
+  ],
+  "permissionPaths": [
+    "HumanResources.Employees.Read",
+    "HumanResources.Employees.Create",
+    "HumanResources.Employees.Update",
+    "HumanResources.Employees.Delete",
+    "HumanResources.Employees.Export"
+  ]
+}
+```
+
+**Auto-detection rules:**
+- If the cadrage mentions "export", "Excel", "CSV", or "télécharger" → automatically add `.export` permission and an export use case (UC-{PREFIX}-EXPORT)
+- If the cadrage mentions "import", "importer", "upload" → automatically add `.import` permission and an import use case (UC-{PREFIX}-IMPORT)
+
+## LifeCycle Schema Format
+
+> Source: `specification-schema.json` `lifeCycles[]`
+> **MANDATORY** for each entity with a status enum attribute.
+> Generated in step-03 section F-bis. Consumed by Mermaid diagram generation (step-04) and code generation (handoff/develop).
+
+```json
+{
+  "entity": "EntityName",
+  "field": "status",
+  "initialState": "Draft",
+  "states": [
+    {
+      "id": "Draft",
+      "displayName": "Brouillon",
+      "color": "gray",
+      "allowedTransitions": ["Submitted"],
+      "isTerminal": false
+    }
+  ],
+  "transitions": [
+    {
+      "from": "Draft",
+      "to": "Submitted",
+      "action": "submit",
+      "permission": "App.Module.Action",
+      "guards": ["BR-VAL-XXX"],
+      "effects": [
+        { "type": "notification", "target": "Manager", "template": "entity-submitted" },
+        { "type": "field-update", "target": "Entity.field", "template": "= value" }
+      ],
+      "confirm": false
+    }
+  ]
+}
+```
+
+**Generation rules:**
+- Extract states from entity's status enum `options[]`
+- Extract transitions from BR-WF-* rules
+- Link `guards[]` to BR-VAL-* rules that must pass before transition
+- Link `effects[]` to BR-NOTIF-* and BR-CALC-* triggered by the transition
+- Link `permission` from permissions.json for each transition action
+- Set `color` based on state semantic: gray=draft, blue=active, green=success, red=error, yellow=warning
+- Set `isTerminal: true` for states with no allowed transitions

package/templates/skills/business-analyse/references/03-post-check-validation.md

@@ -0,0 +1,208 @@
+# POST-CHECK Validation (step-03-specify)
+
+Before advancing to step 04, run these validations for EACH module:
+
+```javascript
+const errors = [];
+const warnings = [];
+
+for (const mod of modules) {
+  // mod.dir = resolveModuleDir(applicationCode, mod.code)
+  // e.g., docs/projet-rh/v1.0/human-resources/employees/
+  const ent = READ(mod.dir + '/entities.json')?.entities || [];
+  const ucs = READ(mod.dir + '/usecases.json')?.useCases || [];
+  const brs = READ(mod.dir + '/rules.json')?.rules || [];
+  const perms = READ(mod.dir + '/permissions.json');
+  const sections = mod.anticipatedSections || [];
+  const sectionCodes = new Set(sections.map(s => s.code));
+
+  // Mandatory checks (BLOCKING)
+  if (ent.length === 0) errors.push(mod.code + ": 0 entities");
+  if (ucs.length === 0) errors.push(mod.code + ": 0 use cases");
+  if (brs.length === 0) errors.push(mod.code + ": 0 business rules");
+  if (!perms?.permissionPaths?.length) errors.push(mod.code + ": no permissions");
+
+  // sectionCode validation
+  for (const uc of ucs) {
+    if (!uc.sectionCode) errors.push(mod.code + ": UC '" + uc.id + "' missing sectionCode");
+    else if (!sectionCodes.has(uc.sectionCode)) errors.push(mod.code + ": UC '" + uc.id + "' sectionCode '" + uc.sectionCode + "' not in anticipatedSections");
+  }
+  for (const br of brs) {
+    if (!br.sectionCode) errors.push(mod.code + ": BR '" + br.id + "' missing sectionCode");
+    else if (!sectionCodes.has(br.sectionCode)) errors.push(mod.code + ": BR '" + br.id + "' sectionCode '" + br.sectionCode + "' not in anticipatedSections");
+  }
+
+  // Entity attribute checks
+  for (const e of ent) {
+    for (const a of (e.attributes || [])) {
+      if (!a.type) warnings.push(mod.code + ": entity " + e.name + " attr '" + a.name + "' missing type");
+      if (a.type === 'enum' && !a.defaultValue) errors.push(mod.code + ": enum attr '" + a.name + "' missing defaultValue");
+      // FK naming convention: must end with "Id"
+      if ((a.type === 'guid' || a.type === 'string') && a.foreignKey && !a.name.endsWith('Id'))
+        warnings.push(mod.code + ": entity " + e.name + " FK attr '" + a.name + "' should end with 'Id'");
+    }
+    // Person Extension Pattern check
+    const personFields = ['firstName', 'lastName', 'email', 'phoneNumber', 'phone'];
+    const foundPersonFields = (e.attributes || []).filter(a => personFields.includes(a.name));
+    if (foundPersonFields.length >= 3 && !e.personRoleConfig) {
+      errors.push(mod.code + ": entity '" + e.name + "' has " + foundPersonFields.length +
+        " person fields (" + foundPersonFields.map(f => f.name).join(", ") +
+        ") but no personRoleConfig — use Person Extension Pattern (entity-architecture-decision.md section 0). " +
+        "Person fields (firstName, lastName, email) belong on auth_Users, not on the domain entity.");
+    }
+  }
+
+  // Canonical usecases key check
+  const rawUCFile = READ(mod.dir + '/usecases.json');
+  if (rawUCFile && !rawUCFile.useCases && rawUCFile.usecases) {
+    errors.push(mod.code + ": usecases.json uses 'usecases' key instead of canonical 'useCases' — fix before proceeding");
+  }
+  // Check steps serialization format
+  for (const uc of ucs) {
+    if (uc.steps && Array.isArray(uc.steps) && uc.steps.length > 0 && typeof uc.steps[0] === 'object') {
+      errors.push(mod.code + ": UC '" + uc.id + "' uses steps[] with objects — must use mainScenario[] with strings");
+    }
+    if (uc.actor && !uc.primaryActor) {
+      warnings.push(mod.code + ": UC '" + uc.id + "' uses 'actor' instead of canonical 'primaryActor'");
+    }
+  }
+
+  // Cross-reference checks
+  for (const uc of ucs) {
+    for (const brRef of (uc.businessRules || [])) {
+      if (!brs.find(br => br.id === brRef)) warnings.push(mod.code + ": UC '" + uc.id + "' references non-existent BR '" + brRef + "'");
+    }
+  }
+
+  // Section permission checks
+  for (const section of sections) {
+    if (section.sectionType === 'view') {
+      const viewPerms = (perms?.permissionPaths || []).filter(p => p.includes('.' + section.code + '.'));
+      if (viewPerms.length > 0) errors.push(mod.code + ": view section '" + section.code + "' has " + viewPerms.length + " permissions (should inherit)");
+    }
+  }
+
+  // Quality gate: UC count (C6 — BLOCKING if < 4, WARNING if < 6)
+  if (ucs.length > 0 && ucs.length < 4) {
+    errors.push(mod.code + ": only " + ucs.length + " use cases (minimum: 4)");
+  } else if (ucs.length > 0 && ucs.length < 6) {
+    warnings.push(mod.code + ": only " + ucs.length + " use cases (recommended: >= 6)");
+  }
+
+  // Quality gate: Permission path count (C7 — WARNING if < 5)
+  const permPaths = perms?.permissionPaths || [];
+  if (permPaths.length > 0 && permPaths.length < 5) {
+    warnings.push(mod.code + ": only " + permPaths.length + " permission paths (recommended: >= 5 — check for missing Export/Import)");
+  }
+
+  // Quality gate: Entity count (C9 — WARNING if single entity)
+  if (ent.length === 1) {
+    warnings.push(mod.code + ": single entity module — verify this is intentional (config/lookup OK)");
+  }
+
+  // Quality gate: BR-CALC must have formula (C13 — BLOCKING)
+  for (const br of brs) {
+    if ((br.category === 'calculation' || (br.id && br.id.includes('CALC'))) && !br.formula) {
+      errors.push(mod.code + ": BR '" + br.id + "' is a calculation rule but missing 'formula' field");
+    }
+  }
+
+  // Quality gate: Computed attributes must have BR-CALC (C11 — BLOCKING)
+  for (const e of ent) {
+    for (const a of (e.attributes || [])) {
+      if (a.computed === true) {
+        const hasBRCalc = brs.some(br =>
+          (br.category === 'calculation' || (br.id && br.id.includes('CALC'))) &&
+          (br.entities || []).includes(e.name)
+        );
+        if (!hasBRCalc) errors.push(mod.code + ": " + e.name + ".'" + a.name + "' is computed:true but no BR-CALC references " + e.name);
+      }
+    }
+  }
+
+  // Quality gate: Versioned attributes detection (C15 — WARNING)
+  for (const e of ent) {
+    for (const a of (e.attributes || [])) {
+      if (['salary', 'rate', 'grade', 'price', 'tarif'].some(k => a.name.toLowerCase().includes(k))) {
+        if (!e.versionedAttributes?.length)
+          warnings.push(mod.code + ": " + e.name + ".'" + a.name + "' may need versioning but no versionedAttributes defined");
+      }
+    }
+  }
+
+  // ── Business Rules Schema Conformity (C16-C21) ──────────────────────
+
+  // Quality gate: BR schema field conformity (C16 — BLOCKING)
+  for (const br of brs) {
+    if (!br.id) errors.push(mod.code + ": BR missing 'id' field");
+    else if (!/^BR-(VAL|CALC|WF|SEC|DATA|NOTIF)-[A-Z]{2,4}-\d{3}$/.test(br.id))
+      errors.push(mod.code + ": BR '" + br.id + "' does not match ID pattern BR-{CAT}-{MOD}-{NNN}");
+    if (!br.name) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'name'");
+    if (!br.category) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'category'");
+    if (!br.statement) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'statement'");
+    if (!br.severity) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'severity'");
+    if (!br.entities || br.entities.length === 0)
+      errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'entities[]'");
+    // Reject deprecated field names (common drift from sub-agent schema ignorance)
+    if (br.code && !br.id) errors.push(mod.code + ": BR uses 'code' instead of canonical 'id'");
+    if (br.label && !br.name) errors.push(mod.code + ": BR uses 'label' instead of canonical 'name'");
+    if (br.description && !br.statement) errors.push(mod.code + ": BR uses 'description' instead of canonical 'statement'");
+    if (br.rule && !br.statement) errors.push(mod.code + ": BR uses 'rule' instead of canonical 'statement'");
+    if (br.type && !br.category) errors.push(mod.code + ": BR uses 'type' instead of canonical 'category'");
+  }
+
+  // Quality gate: BR examples format (C17 — BLOCKING)
+  for (const br of brs) {
+    if (!br.examples || br.examples.length === 0)
+      errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'examples[]' (min 1 required)");
+    if (br.example && !br.examples)
+      errors.push(mod.code + ": BR '" + (br.id||'?') + "' uses deprecated 'example' string — use 'examples[]' array of {input, expected}");
+    if (br.examples) {
+      for (const ex of br.examples) {
+        if (typeof ex === 'string')
+          errors.push(mod.code + ": BR '" + (br.id||'?') + "' has string in examples[] — must be {input, expected}");
+      }
+    }
+  }
+
+  // Quality gate: BR count minimum (C18 — BLOCKING if < 4)
+  if (brs.length > 0 && brs.length < 4) {
+    errors.push(mod.code + ": only " + brs.length + " business rules (minimum: 4)");
+  }
+
+  // Quality gate: Domain-specific ratio (C19 — WARNING if < 2)
+  const domainBRs = brs.filter(br => br.domainSpecific === true);
+  if (brs.length >= 4 && domainBRs.length < 2) {
+    warnings.push(mod.code + ": only " + domainBRs.length + " domain-specific rules out of " + brs.length +
+      " (minimum: 2 — see _shared.md rule 3)");
+  }
+
+  // Quality gate: domainSpecific flag presence (C20 — WARNING)
+  const brsMissingFlag = brs.filter(br => typeof br.domainSpecific === 'undefined');
+  if (brsMissingFlag.length > 0) {
+    warnings.push(mod.code + ": " + brsMissingFlag.length + "/" + brs.length +
+      " BRs missing 'domainSpecific' flag");
+  }
+
+  // Quality gate: Structured conditions for conditional rules (C21 — WARNING)
+  const conditionalBRs = brs.filter(br =>
+    br.category === 'workflow' || br.category === 'security' ||
+    (br.statement && /\b(IF|Si |si |Quand |quand |Lorsqu)/i.test(br.statement)));
+  const brsWithConditions = conditionalBRs.filter(br => br.conditions && br.conditions.length > 0);
+  if (conditionalBRs.length > 2 && brsWithConditions.length < 2) {
+    warnings.push(mod.code + ": " + brsWithConditions.length + "/" + conditionalBRs.length +
+      " conditional BRs have structured conditions[] (recommended: >= 2)");
+  }
+}
+
+if (errors.length > 0) {
+  Display("POST-CHECK FAILED (" + errors.length + " errors):");
+  errors.forEach(e => Display("  ✗ " + e));
+  BLOCKING_ERROR("Fix all errors before advancing to step 04");
+}
+if (warnings.length > 0) {
+  Display("POST-CHECK warnings (" + warnings.length + "):");
+  warnings.forEach(w => Display("  ⚠ " + w));
+}
+Display("POST-CHECK PASS: " + modules.length + " modules validated");
+```

package/templates/skills/business-analyse/references/03-smartstack-entity-guards.md

@@ -0,0 +1,32 @@
+# SmartStack Entity Convention Guards (step-03-specify)
+
+Before finalizing each entity, apply these rules:
+
+## B-bis-1. Person Extension Pattern
+
+(ref: `entity-architecture-decision.md` section 0)
+
+IF the entity matches a person role (Employee, Customer, Manager, Consultant, etc.):
+- **DO NOT** add firstName, lastName, email, phoneNumber as direct attributes
+- **DO** add `userId` (type: `string`, FK to auth_Users — ASP.NET Identity uses string IDs)
+- **DO** add `personRoleConfig` metadata with variant (mandatory/optional)
+- Personal fields come from User, not from the domain entity
+
+## B-bis-2. Versioned Sensitive Data
+
+IF the entity has attributes that change over time with audit requirements (salary, rate, grade):
+- **DO NOT** put them directly on the entity as single fields
+- **DO** extract into a versioned satellite table (e.g., Employee → Salary with effectiveDate)
+- Mark with `"versionedAttributes"` in entity spec
+
+## B-bis-3. SmartStack Socle Entities (NEVER redefine)
+
+- Users/Identity → `auth_Users` (managed by SmartStack Identity)
+- Tenants → `tenant_Tenants` (managed by SmartStack Core)
+- Departments → `ref_Departments` or `rh_Departments` (check if exists in target DB)
+
+## B-bis-4. Foreign Key Conventions
+
+- All FK attributes MUST end with `Id` suffix (e.g., `departmentId`, `userId`)
+- FK to Identity users MUST use type `string` (ASP.NET Identity convention, NOT guid)
+- FK to domain entities MUST use type `guid`