@atlashub/smartstack-cli 4.75.0 → 4.76.0

package/templates/skills/apex-verify/steps/step-03-perm-audit.md

@@ -0,0 +1,119 @@
+---
+name: step-03-perm-audit
+description: Cross-reference permissions between controllers, Permissions.cs, seed data, and roles
+next_step: steps/step-04-route-audit.md
+---
+
+# Step 3: Permission Audit
+
+## YOUR TASK:
+Cross-reference permissions across 4 sources to ensure complete coverage:
+1. Controller `[RequirePermission]` attributes → what the API enforces
+2. `Permissions.cs` static constants → what the code defines
+3. `PermissionsSeedData` → what gets seeded to the database
+4. `RolesSeedData` → what roles have which permissions
+
+---
+
+## EXECUTION SEQUENCE:
+
+### 1. Extract Controller Permissions
+
+For each file in {controller_files}:
+
+Grep for `[RequirePermission(` and extract the permission string:
+```csharp
+[RequirePermission(Permissions.Employees.Read)]
+[RequirePermission(Permissions.AbsenceManagement.Create)]
+```
+
+Build a set: `{controller_permissions}` = all unique permission references.
+
+Also note which controller and HTTP method uses each permission (for context in findings).
+
+### 2. Extract Permissions.cs Constants
+
+Read {permissions_file} and extract all `public const string` values:
+```csharp
+public const string Read = "human-resources.employees.read";
+public const string Wildcard = "human-resources.employees.*";
+```
+
+Build a set: `{defined_permissions}` = all permission path strings.
+Also track the constant name → path mapping.
+
+### 3. Extract Seed Data Permissions
+
+For each file in {perm_seed_files}:
+
+Grep for permission path patterns:
+```csharp
+Path = "human-resources.employees.read"
+new PermissionSeedEntry { ... Path = "..." }
+"human-resources.employees.read"  // in HasData() or SeedPermissionsAsync
+```
+
+Build a set: `{seeded_permissions}` = all permission paths in seed data.
+
+### 4. Extract Role Mappings
+
+For each file in {role_seed_files}:
+
+Grep for role-permission associations. Look for patterns:
+```csharp
+// Role assignment patterns
+new { RoleId = ..., PermissionId = ... }
+SeedRolePermissionsAsync
+rolePermissions.Add(...)
+```
+
+Build a map: `{role_mappings}` = { permission_path: [role_names] }
+
+### 5. Cross-Reference Matrix
+
+**Check A: Controllers → Permissions.cs**
+For each permission in {controller_permissions}:
+- Verify it resolves to a constant in {defined_permissions}
+- If missing → BLOCKING (controller references undefined permission)
+
+**Check B: Permissions.cs → Seed Data**
+For each permission in {defined_permissions} (excluding wildcards):
+- Verify it exists in {seeded_permissions}
+- If missing → BLOCKING (permission defined but never seeded = always 403)
+
+**Check C: Seed Data → Roles**
+For each permission in {seeded_permissions}:
+- Verify it has at least one role mapping in {role_mappings}
+- If missing → CRITICAL (permission seeded but no role has it = always 403)
+
+**Check D: Admin Role Wildcard**
+- Verify admin role has wildcard (`*`) permissions for each module
+- If missing → CRITICAL (admin cannot access module)
+
+**Check E: Role Matrix Sanity**
+- Viewer role must NOT have write permissions (create, update, delete)
+- Admin must have wildcard or all individual permissions
+
+### 6. Record Findings
+
+| ID | Severity | Rule |
+|----|----------|------|
+| PERM-001 | BLOCKING | Controller uses permission not defined in Permissions.cs |
+| PERM-002 | BLOCKING | Permissions.cs constant not seeded in PermissionsSeedData |
+| PERM-003 | CRITICAL | Seeded permission has no role mapping (always 403 for all users) |
+| PERM-004 | CRITICAL | Admin role missing wildcard for module |
+| PERM-005 | WARNING | Permission path segments not in kebab-case |
+| PERM-006 | WARNING | Viewer role has write permission (create/update/delete) |
+| PERM-007 | WARNING | Permission defined in Permissions.cs but unused by any controller (dead code) |
+
+---
+
+## SUCCESS METRICS:
+- All 4 sources extracted completely
+- Cross-reference matrix fully evaluated
+- Role matrix sanity checked
+- Findings recorded with file:line evidence
+
+## NEXT STEP:
+If {scope} is `all` or `route` → proceed to `./step-04-route-audit.md`
+If {scope} is `perm` → skip to `./step-05-report.md`

package/templates/skills/apex-verify/steps/step-04-route-audit.md

@@ -0,0 +1,98 @@
+---
+name: step-04-route-audit
+description: Verify route alignment between navigation seed data, componentRegistry, and controllers
+next_step: steps/step-05-report.md
+---
+
+# Step 4: Route Audit
+
+## YOUR TASK:
+Verify that routes are consistent across 3 sources: navigation seed data, componentRegistry (PageRegistry), and backend controllers (NavRoute attributes).
+
+---
+
+## EXECUTION SEQUENCE:
+
+### 1. Extract Seed Data Routes
+
+From {seed_files}, extract all section routes:
+```
+{seed_routes} = [
+  { code: "departments", route: "/human-resources/employees/departments", file: "...", line: N },
+  { code: "list", route: "/human-resources/employees", file: "...", line: N },
+  ...
+]
+```
+
+### 2. Extract PageRegistry Keys
+
+From {registry_file}, extract all `PageRegistry.register()` calls:
+```typescript
+PageRegistry.register('human-resources.employees.departments', ...)
+PageRegistry.register('human-resources.employees', ...)
+```
+
+Build: `{registry_keys}` = all registered page keys.
+
+### 3. Extract Controller NavRoutes
+
+From {controller_files}, extract `[NavRoute("...")]` attributes:
+```csharp
+[NavRoute("human-resources.employees")]
+[NavRoute("human-resources.employees.departments")]
+```
+
+Build: `{controller_navroutes}` = all NavRoute values.
+
+### 4. Cross-Reference
+
+**Check A: Seed Routes → PageRegistry**
+For each seed route (excluding reserved sections and /:id routes):
+- Convert route to PageRegistry key: `/human-resources/employees/departments` → `human-resources.employees.departments`
+- Verify key exists in {registry_keys}
+- If missing → BLOCKING (seed route has no frontend page)
+
+**Check B: Controller NavRoutes → Seed Data**
+For each NavRoute:
+- Convert to route path: `human-resources.employees` → `/human-resources/employees`
+- Verify exists in seed data routes
+- If missing → WARNING (controller exists but no navigation entry)
+
+**Check C: PageRegistry → Page Files**
+For each registry entry:
+- Verify the imported component file exists on disk
+- If missing → BLOCKING (registry references non-existent page)
+
+**Check D: Orphan Pages**
+For each page file in {page_files}:
+- Check if it's registered in componentRegistry
+- If NOT registered → WARNING (page exists but has no route — unreachable)
+
+**Check E: DynamicRouter Convention Routes**
+For each section with a list page:
+- Verify these implicit routes are handled (either by registry or DynamicRouter convention):
+  - `{section}/:id` → detail page
+  - `{section}/create` → create page
+  - `{section}/:id/edit` → edit page
+- Note: DynamicRouter may resolve these by convention without explicit registry entries. Only flag if BOTH registry AND convention are missing.
+
+### 5. Record Findings
+
+| ID | Severity | Rule |
+|----|----------|------|
+| ROUTE-001 | BLOCKING | Seed data route has no matching PageRegistry entry |
+| ROUTE-002 | WARNING | Controller NavRoute has no matching seed data entry |
+| ROUTE-003 | BLOCKING | PageRegistry references non-existent page file |
+| ROUTE-004 | WARNING | Orphan page — exists on disk but not registered (unreachable) |
+| ROUTE-005 | WARNING | Implicit route (detail/create/edit) not resolvable |
+
+---
+
+## SUCCESS METRICS:
+- All 3 sources extracted completely
+- Cross-reference completed for all combinations
+- Orphan detection completed
+- DynamicRouter conventions accounted for
+
+## NEXT STEP:
+Proceed to `./step-05-report.md`

package/templates/skills/apex-verify/steps/step-05-report.md

@@ -0,0 +1,110 @@
+---
+name: step-05-report
+description: Generate consolidated audit report with all findings
+---
+
+# Step 5: Consolidated Report
+
+## YOUR TASK:
+Compile all findings from previous steps into a structured, actionable report.
+
+---
+
+## REPORT FORMAT:
+
+Display the following report to the user:
+
+```
+============================================================
+       APEX VERIFICATION REPORT
+============================================================
+
+Project: {project_name}
+Scope:   {scope}
+Date:    {current_date}
+
+------------------------------------------------------------
+  SUMMARY
+------------------------------------------------------------
+
+| Category     | BLOCKING | CRITICAL | WARNING | PASS |
+|-------------|----------|----------|---------|------|
+| Navigation  | {count}  | {count}  | {count} | {Y/N}|
+| CRUD        | {count}  | {count}  | {count} | {Y/N}|
+| Permissions | {count}  | {count}  | {count} | {Y/N}|
+| Routes      | {count}  | {count}  | {count} | {Y/N}|
+| **TOTAL**   | {total}  | {total}  | {total} |      |
+
+Result: {PASS / FAIL (N blocking issues)}
+
+------------------------------------------------------------
+  BLOCKING FINDINGS (must fix)
+------------------------------------------------------------
+
+[{ID}] {message}
+  File: {file_path}:{line}
+  Fix:  {fix_description}
+
+... (repeat for each blocking finding)
+
+------------------------------------------------------------
+  CRITICAL FINDINGS (should fix)
+------------------------------------------------------------
+
+[{ID}] {message}
+  File: {file_path}:{line}
+  Fix:  {fix_description}
+
+... (repeat for each critical finding)
+
+------------------------------------------------------------
+  WARNINGS (nice to fix)
+------------------------------------------------------------
+
+[{ID}] {message}
+  File: {file_path}:{line}
+  Fix:  {fix_description}
+
+... (repeat for each warning)
+
+============================================================
+```
+
+## ADDITIONAL SECTIONS (if --fix):
+
+When {fix_mode} is true, add a "FIX COMMANDS" section after the findings:
+
+```
+------------------------------------------------------------
+  FIX COMMANDS
+------------------------------------------------------------
+
+# NAV-001: Remove reserved section 'detail' from menu
+# File: src/.../EmployeesNavigationSeedData.cs
+# Action: Remove the section entry with code "detail" from Sections[] array
+
+# CRUD-004: Add Create button to EmployeeListPage
+# File: web/.../EmployeeListPage.tsx
+# Action: Add in the page header:
+#   <button onClick={() => navigate('create')} className="...">
+#     New Employee
+#   </button>
+
+... (repeat for each finding with specific fix instructions)
+```
+
+## RULES FOR REPORT GENERATION:
+
+1. **Sort by severity**: BLOCKING first, then CRITICAL, then WARNING
+2. **Within same severity**: Sort by category (NAV, CRUD, PERM, ROUTE)
+3. **No false positives**: Only include findings with concrete evidence (file:line)
+4. **No duplicates**: Merge findings that point to the same root cause
+5. **Actionable fixes**: Every finding must have a clear, specific fix instruction
+6. **If no findings in a category**: Display "PASS — No issues found" for that category
+
+## SUCCESS CRITERIA:
+- Report is complete and properly formatted
+- All findings from steps 1-4 are included
+- Pass/fail status is correct
+- Fix commands are included if --fix was specified
+- Report is immediately actionable by the developer

package/templates/skills/application/templates-frontend.md

@@ -114,7 +114,7 @@ export function $MODULE_PASCALDetailPage() {
     } finally {
       setLoading(false);
     }
-  }, [$entityId, t]);
+  }, [$entityId]);
 
   useEffect(() => {
     loadData();
@@ -239,7 +239,7 @@ export function $MODULE_PASCALEditPage() {
     } finally {
       setLoading(false);
     }
-  }, [$entityId, t]);
+  }, [$entityId]);
 
   useEffect(() => {
     loadData();

package/templates/skills/business-analyse/SKILL.md

@@ -38,7 +38,7 @@ Path A — FAST (small module, < 5 min)          Path B — FULL (multi-module,
           │                                               │
           ▼                                               ▼
   ┌──────────────┐                               ┌──────────────────┐
-  │   /sketch    │  0-2 questions                 │ /business-analyse│  ~40 questions
+  │   /business-analyse-quick│  0-2 questions                 │ /business-analyse│  ~40 questions
   │  (2 min)     │  Pure inference                │  (steps 00-04)   │  JSON output
   └──────┬───────┘                               └────────┬─────────┘
          │ Natural language prompt                        │ entities/rules/usecases.json
@@ -84,7 +84,7 @@ Path A — FAST (small module, < 5 min)          Path B — FULL (multi-module,
 
 | From | To | Data | Format |
 |------|----|------|--------|
-| `/sketch` | `/apex` | Inferred design (entities, FK, labels, code patterns) | Natural language prompt |
+| `/business-analyse-quick` | `/apex` | Inferred design (entities, FK, labels, code patterns) | Natural language prompt |
 | `/business-analyse` | `/business-analyse-design` | Entities, use cases, permissions | JSON (`entities.json`, `usecases.json`, `permissions.json`) |
 | `/business-analyse-design` | `/business-analyse-html` | Screen specs, wireframes, navigation | JSON (`screens.json`, `navigation.json`) |
 | `/business-analyse-html` | Client | Interactive review document | HTML (`ba-interactive.html`) |
@@ -104,7 +104,7 @@ Path A — FAST (small module, < 5 min)          Path B — FULL (multi-module,
 | Cadrage/scope only | `/business-analyse-html` | Just regenerate HTML |
 | No corrections (approved) | `/business-analyse-handoff` | Proceed to code generation |
 
-> **Rule:** Path A (`/sketch` → `/apex`) is for quick, single-module additions. Path B (full cycle) is for multi-module projects or when the client needs a formal review process.
+> **Rule:** Path A (`/business-analyse-quick` → `/apex`) is for quick, single-module additions. Path B (full cycle) is for multi-module projects or when the client needs a formal review process.
 > **PRD generation:** Handoff data and PRD files are generated by the `/business-analyse-handoff` skill.
 
 ## JSON Architecture — Granular files + Index

package/templates/skills/business-analyse/_shared.md

@@ -13,6 +13,8 @@
    (date validation, required fields) are the MINIMUM baseline. Domain rules
    (half-day absences, team capacity, carry-over limits, credit note linking,
    sequential invoice numbering) are what make an analysis valuable.
+   **Target: >= 2 domain-specific rules per business module (`domainSpecific: true`).**
+   Post-check C19 enforces this as a WARNING.
 
 4. **ALWAYS propose contextual views.** A workflow module without filtered
    views (open-requests, rejected, history, my-{entity}) is incomplete.
@@ -25,6 +27,41 @@
    "standard billing also includes credit notes, payment tracking, and
    dunning. Would you like to add these?" The user came to you for expertise.
 
+7. **NEVER compress or batch module processing in step-03.** Each module MUST be
+   processed sequentially in the main context. Sub-agents do NOT have access to the
+   JSON schema and WILL produce inconsistent formats. If there are 15+ modules, the
+   correct approach is to maintain sequential processing, NOT to "accelerate" by
+   batching. The ba-012 audit proved that batching reduced schema conformity from
+   95% to 35% — the rework cost exceeded any time saved.
+
+8. **ALL generated JSON content values MUST be in `{language}`** (from metadata or config).
+   This applies to ALL text values written to JSON files:
+   - Entity `description`, attribute `description`, relationship `description`
+   - Business rule `name`, `statement`, `examples[].input`, `examples[].expected`
+   - Use case `name`, `mainScenario[]` steps, `alternativeScenarios[].steps[]`, `errorScenarios[].steps[]`, `preconditions[]`, `postconditions[]`
+   - Permission `description`, role `description`
+   - Lifecycle state `displayName`
+   - Section and resource labels
+
+   **Mixed-language content across modules is a BLOCKING quality defect.**
+   If `language == "fr"` : write "Créer une absence", NOT "Create an absence".
+   If `language == "en"` : write "Create an absence", NOT "Créer une absence".
+   Technical identifiers (entity names, field names, enum values, IDs) remain in English/PascalCase.
+
+9. **BR `examples[]` are TEST DATA, not documentation.** Each example must be a
+   concrete test case with the `{scenario, given, when, then}` format:
+   - `given`: object with `Entity.field: concreteValue` pairs (initial state)
+   - `when`: string action (`"create"`, `"submit"`, `"calculate_remaining"`)
+   - `then`: object with expected outcome (`{result: "success"|"error", Entity.field: value}`)
+
+   These examples directly feed:
+   - Gherkin `Examples:` tables (step-03, F-ter)
+   - `brToCodeMapping` in handoff
+   - Automated unit/integration tests in `/business-analyse-develop`
+
+   A rule without test-ready examples = a test gap in development.
+   Prose examples like `"code déjà existant"` are INSUFFICIENT — use concrete values.
+
 ---
 
 ## JSON-First Architecture

package/templates/skills/business-analyse/references/03-json-schemas.md

@@ -38,6 +38,8 @@ Omit flags when `false` (default). Include explicitly when `true`.
 
 ## Business Rules Schema Format
 
+> **Source of truth:** `schemas/sections/analysis-schema.json` property `businessRules`.
+
 ```json
 {
   "id": "BR-VAL-EMPLOYEES-001",
@@ -45,9 +47,10 @@ Omit flags when `false` (default). Include explicitly when `true`.
   "category": "validation",
   "sectionCode": "list",
   "statement": "La date d'embauche ne peut pas être dans le futur",
-  "example": "Date embauche = 2027-01-01 → erreur car > date du jour",
+  "severity": "blocking",
   "entities": ["Employee"],
-  "severity": "blocking"
+  "examples": [{ "input": "hireDate = 2027-01-01", "expected": "Erreur : date dans le futur" }],
+  "domainSpecific": false
 }
 ```
 
@@ -63,10 +66,15 @@ Categories: `validation`, `calculation`, `workflow`, `security`, `data`, `notifi
 ```json
 {
   "id": "BR-CALC-INV-003",
+  "name": "Calcul reste à payer",
   "category": "calculation",
+  "sectionCode": "detail",
   "statement": "Le reste à payer = total - montant payé",
+  "severity": "blocking",
   "formula": "remainingAmount = total - paidAmount",
-  "entities": ["Invoice"]
+  "entities": ["Invoice"],
+  "examples": [{ "input": "total=1000, paidAmount=300", "expected": "remainingAmount = 700" }],
+  "domainSpecific": false
 }
 ```
 

package/templates/skills/business-analyse/references/03-post-check-validation.md

@@ -129,6 +129,70 @@ for (const mod of modules) {
       }
     }
   }
+
+  // ── Business Rules Schema Conformity (C16-C21) ──────────────────────
+
+  // Quality gate: BR schema field conformity (C16 — BLOCKING)
+  for (const br of brs) {
+    if (!br.id) errors.push(mod.code + ": BR missing 'id' field");
+    else if (!/^BR-(VAL|CALC|WF|SEC|DATA|NOTIF)-[A-Z]{2,4}-\d{3}$/.test(br.id))
+      errors.push(mod.code + ": BR '" + br.id + "' does not match ID pattern BR-{CAT}-{MOD}-{NNN}");
+    if (!br.name) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'name'");
+    if (!br.category) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'category'");
+    if (!br.statement) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'statement'");
+    if (!br.severity) errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'severity'");
+    if (!br.entities || br.entities.length === 0)
+      errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'entities[]'");
+    // Reject deprecated field names (common drift from sub-agent schema ignorance)
+    if (br.code && !br.id) errors.push(mod.code + ": BR uses 'code' instead of canonical 'id'");
+    if (br.label && !br.name) errors.push(mod.code + ": BR uses 'label' instead of canonical 'name'");
+    if (br.description && !br.statement) errors.push(mod.code + ": BR uses 'description' instead of canonical 'statement'");
+    if (br.rule && !br.statement) errors.push(mod.code + ": BR uses 'rule' instead of canonical 'statement'");
+    if (br.type && !br.category) errors.push(mod.code + ": BR uses 'type' instead of canonical 'category'");
+  }
+
+  // Quality gate: BR examples format (C17 — BLOCKING)
+  for (const br of brs) {
+    if (!br.examples || br.examples.length === 0)
+      errors.push(mod.code + ": BR '" + (br.id||'?') + "' missing 'examples[]' (min 1 required)");
+    if (br.example && !br.examples)
+      errors.push(mod.code + ": BR '" + (br.id||'?') + "' uses deprecated 'example' string — use 'examples[]' array of {input, expected}");
+    if (br.examples) {
+      for (const ex of br.examples) {
+        if (typeof ex === 'string')
+          errors.push(mod.code + ": BR '" + (br.id||'?') + "' has string in examples[] — must be {input, expected}");
+      }
+    }
+  }
+
+  // Quality gate: BR count minimum (C18 — BLOCKING if < 4)
+  if (brs.length > 0 && brs.length < 4) {
+    errors.push(mod.code + ": only " + brs.length + " business rules (minimum: 4)");
+  }
+
+  // Quality gate: Domain-specific ratio (C19 — WARNING if < 2)
+  const domainBRs = brs.filter(br => br.domainSpecific === true);
+  if (brs.length >= 4 && domainBRs.length < 2) {
+    warnings.push(mod.code + ": only " + domainBRs.length + " domain-specific rules out of " + brs.length +
+      " (minimum: 2 — see _shared.md rule 3)");
+  }
+
+  // Quality gate: domainSpecific flag presence (C20 — WARNING)
+  const brsMissingFlag = brs.filter(br => typeof br.domainSpecific === 'undefined');
+  if (brsMissingFlag.length > 0) {
+    warnings.push(mod.code + ": " + brsMissingFlag.length + "/" + brs.length +
+      " BRs missing 'domainSpecific' flag");
+  }
+
+  // Quality gate: Structured conditions for conditional rules (C21 — WARNING)
+  const conditionalBRs = brs.filter(br =>
+    br.category === 'workflow' || br.category === 'security' ||
+    (br.statement && /\b(IF|Si |si |Quand |quand |Lorsqu)/i.test(br.statement)));
+  const brsWithConditions = conditionalBRs.filter(br => br.conditions && br.conditions.length > 0);
+  if (conditionalBRs.length > 2 && brsWithConditions.length < 2) {
+    warnings.push(mod.code + ": " + brsWithConditions.length + "/" + conditionalBRs.length +
+      " conditional BRs have structured conditions[] (recommended: >= 2)");
+  }
 }
 
 if (errors.length > 0) {

package/templates/skills/business-analyse/references/canonical-json-formats.md

@@ -83,9 +83,10 @@
       "category": "validation",
       "sectionCode": "list",
       "statement": "La date ne peut pas être dans le futur",
-      "example": "Date = 2027-01-01 → erreur",
+      "severity": "blocking",
       "entities": ["Employee"],
-      "severity": "blocking"
+      "examples": [{ "input": "date = 2027-01-01", "expected": "Erreur : date dans le futur" }],
+      "domainSpecific": false
     }
   ]
 }
@@ -95,7 +96,10 @@
 |---------------|------------------------|
 | `rules` (root) | `businessRules` |
 | `statement` | `description` |
-| `id` | `name` (as identifier) |
+| `id` | `name` (as identifier), `code` |
+| `examples` (array of `{input, expected}`) | `example` (singular string) |
+| `category` | `type` |
+| `name` | `label` |
 
 Categories: `validation`, `calculation`, `workflow`, `security`, `data`, `notification`
 

package/templates/skills/business-analyse/references/robustness-checks.md

@@ -61,7 +61,7 @@ Ensures each module has ALL required components before being marked as "specifie
 | 5.1 | Sections count | ≥2 | YES | Modules need list + form minimum |
 | 5.2 | Wireframes count | 1 per section | YES | EVERY section MUST have wireframe |
 | 5.3 | Navigation entries | ≥1 | YES | Module must be accessible in menu |
-| 5.4 | Navigation route patterns | No `/list` or `/detail/:id` suffixes | YES | list route = module route (index), detail route = module + /:id. FORBIDDEN: `/module/list`, `/module/detail/:id` |
+| 5.4 | Navigation route patterns | No `/detail/:id` suffix | YES | ALL sections use uniform route: module route + /{section-code}. list route MUST end with `/list`. FORBIDDEN: `/module/detail/:id` (detail is implicit) |
 
 #### SECTION 6: I18N & Messages (3 checks)
 

package/templates/skills/business-analyse/references/validation-checklist.md

@@ -169,20 +169,20 @@ const checklist = {
   },
 
   navigationRoutePatterns: {
-    check: "Navigation routes do NOT contain CRUD suffixes (/list, /detail/:id)",
+    check: "Navigation routes do NOT contain forbidden patterns (/detail/:id)",
     status: (() => {
       const allRoutes = [
         ...(specification.seedDataCore?.navigationSections || []).map(s => s.route),
         ...(specification.sections || []).map(s => s.route),
         ...(specification.navigation?.entries || []).map(e => e.route)
       ].filter(Boolean);
-      const forbidden = allRoutes.filter(r => r.match(/\/list$/) || r.match(/\/detail\/:id$/));
+      const forbidden = allRoutes.filter(r => r.match(/\/detail\/:id$/));
       return forbidden.length === 0 ? "PASS" : "FAIL";
     })(),
     blocking: true,
-    details: "FORBIDDEN: /module/list (use /module), /module/detail/:id (use /module/:id). " +
-             "list route = module route (React Router index route). " +
-             "detail route = module route + /:id (React Router :id child). " +
+    details: "FORBIDDEN: /module/detail/:id (detail is implicit, not a section). " +
+             "ALL sections use uniform route: module route + /{section-code}. " +
+             "list route = module route + /list. " +
              "Other sections (dashboard, approve) add /{section} normally."
   },
 

package/templates/skills/business-analyse/schemas/sections/analysis-schema.json

@@ -24,9 +24,9 @@
         "type": "object",
         "required": ["id", "name", "category", "statement"],
         "properties": {
-          "id": { "type": "string", "pattern": "^BR-(VAL|CALC|WF|SEC|DATA)-[A-Z]{2,4}-\\d{3}$", "description": "Module-prefixed BR ID (e.g., BR-VAL-RM-001)" },
+          "id": { "type": "string", "pattern": "^BR-(VAL|CALC|WF|SEC|DATA|NOTIF)-[A-Z]{2,4}-\\d{3}$", "description": "Module-prefixed BR ID (e.g., BR-VAL-RM-001)" },
           "name": { "type": "string" },
-          "category": { "type": "string", "enum": ["validation", "calculation", "workflow", "security", "data"] },
+          "category": { "type": "string", "enum": ["validation", "calculation", "workflow", "security", "data", "notification"] },
           "statement": { "type": "string", "description": "IF ... THEN ... ELSE ..." },
           "priority": { "type": "string", "enum": ["must", "should", "could"] },
           "conditions": {
@@ -48,15 +48,26 @@
           },
           "examples": {
             "type": "array",
+            "description": "Test-ready examples: each example = a test case with concrete values. Minimum 2 per rule (happy_path + error). These feed Gherkin generation and automated tests.",
             "items": {
               "type": "object",
               "required": ["input", "expected"],
               "properties": {
-                "input": { "type": "string", "description": "Concrete input values" },
-                "expected": { "type": "string", "description": "Expected result/behavior" }
+                "input": { "type": "string", "description": "LEGACY fallback. Prefer given/when/then format." },
+                "expected": { "type": "string", "description": "LEGACY fallback. Prefer given/when/then format." },
+                "scenario": { "type": "string", "enum": ["happy_path", "error", "boundary", "calculation", "security"], "description": "Test scenario type" },
+                "description": { "type": "string", "description": "Human-readable test case description" },
+                "given": { "type": "object", "description": "Initial state: Entity.field → concrete value. Ex: {\"Employee.code\": \"EMP-001\", \"existingCodes\": [\"EMP-001\"]}", "additionalProperties": true },
+                "when": { "type": "string", "description": "Triggering action. Ex: 'create', 'update', 'submit', 'calculate_remaining'" },
+                "then": { "type": "object", "description": "Expected outcome: {result: 'success'|'error', Entity.field: value, message: '...', field: '...'}", "additionalProperties": true }
               }
             }
           },
+          "entities": {
+            "type": "array",
+            "items": { "type": "string" },
+            "description": "Entity names this rule applies to"
+          },
           "testability": { "type": "string" },
           "formula": { "type": "string", "description": "BR-CALC calculation formulas" },
           "sectionCode": { "type": "string", "description": "Section code the rule applies to" },