npm - @atlashub/smartstack-cli - Versions diffs - 4.76.0 → 4.79.0 - Mend

@atlashub/smartstack-cli 4.76.0 → 4.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@atlashub/smartstack-cli",
-  "version": "4.76.0",
+  "version": "4.79.0",
   "description": "SmartStack Claude Code automation toolkit - GitFlow, EF Core migrations, prompts and more",
   "author": {
     "name": "SmartStack",

package/templates/project/claude-md/root.CLAUDE.md.template CHANGED Viewed

@@ -96,7 +96,7 @@ Application → Module → Section → Resource
                       Permission: myapp.orders.{action}
 ```
-> **Note**: Applications have an `ApplicationZone` property (enum: `Platform`, `Personal`, `Business`) used for UI layout grouping only. It does NOT appear in routes or permissions.
+> **Note (v3.46+)**: The legacy `ApplicationZone` enum has been removed. Applications now have two boolean flags : `IsPersonal` (default `false`) — when `true`, the app belongs to the user's personal scope (e.g. myspace) and bypasses tenant catalog filtering / permission checks ; `IsOpen` (default `false`) — when `true`, the app is accessible without permission checks (replaces the legacy hardcoded OPEN_APPS list in the frontend RouteGuard). Neither flag appears in routes or permission paths — they only steer access control.
 ### Permission Actions
 `access` | `read` | `create` | `update` | `delete` | `export` | `import` | `approve` | `reject` | `assign` | `execute`

package/templates/skills/ai-prompt/SKILL.md CHANGED Viewed

@@ -58,6 +58,61 @@ Configured instance: Code, Name, SystemContext, DefaultModel, MonthlyBudgetLimit
 ### OutputSchema
 JSON Schema for validation: Code, Name, JsonSchema, DotNetType
+### AiAgent (R17 — v3.46+)
+Multi-step agent with reasoning modes. See [references/ai-agent-modes.md](references/ai-agent-modes.md).
+- **AiAgentMode** : `Sequential` (0), `ReAct` (1), `PlanAndExecute` (2), `SelfCorrection` (3)
+- **AiAgentStepRole** : `Worker` (0), `Planner` (1), `Reasoner` (2), `Critic` (3), `Synthesizer` (4)
+- **MaxIterations** (default 5, range 1-20) — protects against infinite loops
+- **QualityThreshold** (default 0.8) — used by `SelfCorrection` mode
+- **AiSkill.CacheTtlSeconds** + **AiSkillBlock.IsCacheable** — caching for idempotent outputs
+Default to `Sequential` ; switch to `ReAct`/`PlanAndExecute`/`SelfCorrection` only when needed (cost/latency impact).
+### AiTool — function calling (R2 — v3.46+)
+Server-side function the model can decide to invoke during a completion. Tools turn skills from one-shot prompts into agentic workflows that can read live data, call external APIs, and condition output on the result.
+```csharp
+class AiTool : BaseEntity, IAuditableEntity
+{
+    public string Name { get; }                  // Snake_case, presented to model: "search_database"
+    public string DisplayName { get; }           // Admin UI label
+    public string Description { get; }           // Drives model decision — short, action-oriented
+    public string ParametersSchemaJson { get; }  // JSON Schema of tool arguments
+    public string HandlerKey { get; }            // Stable key → IToolHandler dispatcher
+    public Guid ModuleId { get; }                // Module owns the tool (permissions + admin grouping)
+    public bool IsActive { get; }
+}
+```
+- **Many-to-many** with `AiSkill` via `AiSkillTool` (kept as own entity for future per-attachment overrides : required flag, parameter aliasing, max-call budget).
+- **HandlerKey** decouples definition from C# class name (handlers can be renamed without breaking the catalog).
+- When `IsActive = false`, the orchestrator skips the tool even if a skill still references it.
+**DO / DON'T:**
+- DO author tool descriptions for the model — short, action-oriented, with preconditions
+- DO snake_case the `Name` (LLM convention)
+- DON'T expose long-running or heavy tools via function calling — prefer Workflow steps
+- DON'T duplicate tool logic across skills — attach the same `AiTool` via `AiSkillTool`
+### AiAgentExecution — runtime tracking
+Each execution of an `AiAgent` is recorded via `AiAgentExecution` with:
+- `Status` : `Running` / `Completed` / `Failed` / `PartiallyCompleted` / `Cancelled`
+- `ExecutedSteps` / `TotalSteps`
+- `InputStateJson` / `FinalStateJson` (audit trail)
+- **Usage tracking** : `TotalInputTokens`, `TotalOutputTokens`, `TotalCost` (decimal), `TotalExecutionTimeMs`
+- `_stepExecutions` : per-step `AiAgentStepExecution` (with own status, tokens, cost)
+Service methods : `IncrementExecutedSteps()`, `MarkCompleted(json)`, `MarkFailed(msg)`, `MarkPartiallyCompleted(json, msg)`, `MarkCancelled(msg)`, `AccumulateUsage(in, out, cost, ms)`, `AddStepExecution(step)`.
+**Use** : surface in admin UI (run history, cost dashboard, debug trace). Each agent run produces one `AiAgentExecution` + N `AiAgentStepExecution`.
+### AI Evaluation Framework (R10)
+For benchmarking skills against expected outputs, see [references/eval-framework.md](references/eval-framework.md). Pattern: `AiEvalDataset` (test cases) + `AiEvaluation` (one run) + `AiEvalResult` (per-item outcome). Provider/model agnostic — same dataset can compare 2 versions of the same skill code.
 ## Implementation
 Start with [steps/step-00-init.md](steps/step-00-init.md) to gather requirements, then proceed to [steps/step-01-implementation.md](steps/step-01-implementation.md) for:
@@ -95,7 +150,16 @@ Start with [steps/step-00-init.md](steps/step-00-init.md) to gather requirements
 | `Domain/AI/Prompts/Prompt.cs` | Prompt entity |
 | `Domain/AI/Schemas/OutputSchema.cs` | Schema validation |
 | `Domain/AI/AiProviderInstance.cs` | Configured instance |
+| `Domain/AI/Agents/AiAgent.cs` | Multi-step agent (R17 — v3.46+) |
+| `Domain/AI/Agents/AiAgentStep.cs` | Agent step with `Role` (Worker/Planner/Reasoner/Critic/Synthesizer) |
+| `Domain/AI/Agents/AiAgentExecution.cs` | Run tracking (status, tokens, cost, step executions) |
+| `Domain/AI/Skills/AiSkill.cs` | Reusable skill (`CacheTtlSeconds` for cache hint) |
+| `Domain/AI/Tools/AiTool.cs` | Function-calling tool (R2 — v3.46+) |
+| `Domain/AI/Tools/AiSkillTool.cs` | Many-to-many AiSkill ↔ AiTool |
+| `Domain/AI/Evaluations/AiEvalDataset.cs` | Eval dataset (R10 — v3.46+) |
+| `Domain/AI/Evaluations/AiEvaluation.cs` | Eval run with rollup stats |
 | `Application/Common/Interfaces/IAiCompletionService.cs` | Service interface |
+| `Application/Common/Interfaces/IToolHandler.cs` | Tool handler interface (resolved via HandlerKey) |
 | `Infrastructure/Services/AI/AiCompletionService.cs` | Implementation |
 | `web/src/services/api/aiApi.ts` | Frontend API |

package/templates/skills/ai-prompt/references/ai-agent-modes.md ADDED Viewed

@@ -0,0 +1,89 @@
+# AI Agent Modes & Step Roles (R17 — v3.46)
+> **Reference for `ai-prompt` skill** — how to choose `AiAgentMode` and `AiAgentStepRole` when scaffolding multi-step AI agents.
+## When This Reference Applies
+- You create an `AiAgent` with more than one step
+- You need a non-Sequential reasoning mode (loop, plan-then-execute, self-correct)
+- The user asks "how do I make the agent retry", "how do I make it plan first", "what is ReAct"
+For single-prompt skills, the basic `Prompt + Block + OutputSchema` pattern is enough — no agent, no mode.
+---
+## `AiAgentMode` (4 values)
+| Mode | Value | Use case | Latency | Cost |
+|---|---|---|---|---|
+| `Sequential` | 0 | Known DAG fan-out / fan-in (analyze → summarize → email) | Low | Low |
+| `ReAct` | 1 | Reasoning + tool loop, plan unknown ahead of time | High | High |
+| `PlanAndExecute` | 2 | Task that can be planned upfront then executed | Medium | Medium |
+| `SelfCorrection` | 3 | Output that can be critiqued and replayed | Medium | Medium-High |
+### Recommended configuration
+| Field | Default | Range |
+|---|---|---|
+| `MaxIterations` | 5 | [1..20] — protects against infinite loops |
+| `QualityThreshold` | 0.8 | [0..1] — used by `SelfCorrection` to decide replay |
+---
+## `AiAgentStepRole` (5 values)
+| Role | Value | Expected output schema |
+|---|---|---|
+| `Worker` | 0 | Standard skill output (used in `Sequential` mode) |
+| `Planner` | 1 | `{ plan: [{ skillCode, label }] }` — produces the plan in `PlanAndExecute` |
+| `Reasoner` | 2 | `{ action, input }` or `{ final_answer }` — used in `ReAct` |
+| `Critic` | 3 | `{ score: 0..1, feedback?: string }` — used in `SelfCorrection` |
+| `Synthesizer` | 4 | Final aggregated output (`PlanAndExecute` after parallel workers) |
+---
+## Cache hint (R-cache)
+| Field | Type | Purpose |
+|---|---|---|
+| `AiSkill.CacheTtlSeconds` | `int?` | TTL for caching this skill's output (per input hash). Null = no cache. |
+| `AiSkillBlock.IsCacheable` | `bool` | Marks an idempotent block whose output can be reused across executions. |
+Only mark a skill / block cacheable when the output is **deterministic for a given input** — otherwise stale answers will be served.
+---
+## Choosing a mode (decision tree)
+```
+Question: do I know the steps in advance?
+  Yes → Sequential
+  No  → Question: can the LLM decide the steps once, then execute?
+          Yes → PlanAndExecute
+          No  → Question: must I let the LLM iterate with tools?
+                  Yes → ReAct
+                  No  → SelfCorrection (single attempt + critique loop)
+```
+---
+## DO / DON'T
+| ✅ DO | ❌ DON'T |
+|---|---|
+| Start with `Sequential` — switch to other modes only when needed | Default to `ReAct` (expensive, hard to debug) |
+| Cap `MaxIterations` at the smallest number that satisfies your case | Leave the default 5 for `ReAct` on long-running tasks (set 10-15) |
+| Set `QualityThreshold` based on prompt evaluation results | Pick `0.8` blindly — measure on your eval dataset |
+| Use `Critic` role with a structured output schema | Let the critic return free-form text |
+| Cache only deterministic, idempotent skills | Cache anything that uses `now()` or randomness |
+---
+## Reference source files (read-only)
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Agents\AiAgent.cs`
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Agents\AiAgentMode.cs`
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Agents\AiAgentStep.cs`
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Agents\AiAgentStepRole.cs`
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Skills\AiSkill.cs` (CacheTtlSeconds)
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Skills\AiSkillBlock.cs` (IsCacheable)

package/templates/skills/ai-prompt/references/eval-framework.md ADDED Viewed

@@ -0,0 +1,129 @@
+# AI Evaluation Framework (R10 — v3.46+)
+> **Reference for `ai-prompt` skill** — how to evaluate AI skills against expected outputs.
+## When This Reference Applies
+- You are about to ship a new prompt or change an existing one
+- You need to compare two versions of the same skill (`v1.0.0` vs `v1.1.0`)
+- You want to benchmark the same prompt across providers/models (OpenAI vs Claude vs Gemini)
+- The user asks "how do I test my prompt", "how do I prevent regression", "how do I A/B prompts"
+For one-shot manual testing during development, the eval framework is overkill — call the skill directly. Use this framework when you want **reproducible, scored, auditable** runs.
+---
+## The 4 entities
+### `AiEvalDataset` — collection of test cases
+```csharp
+class AiEvalDataset : BaseEntity, IAuditableEntity
+{
+    public string Code { get; }                  // kebab-case stable id, e.g. "support-classification-v1"
+    public string Name { get; }
+    public string? Description { get; }
+    public IReadOnlyCollection<AiEvalDatasetItem> Items { get; }
+}
+```
+**Provider/model agnostic** : the same dataset can be replayed against multiple skills, providers and models to compare quality and cost.
+### `AiEvalDatasetItem` — one test case
+```csharp
+class AiEvalDatasetItem
+{
+    public Guid DatasetId { get; }
+    public string Label { get; }                 // Human-readable name for the case
+    public string VariablesJson { get; }         // Inputs to feed into the skill
+    public string ExpectedOutputJson { get; }    // Expected result (for grading)
+}
+```
+### `AiEvaluation` — one run
+```csharp
+class AiEvaluation : BaseEntity, IAuditableEntity
+{
+    public Guid SkillId { get; }                 // Which skill was tested
+    public Guid DatasetId { get; }               // Which dataset was replayed
+    public AiEvaluationStatus Status { get; }    // Running / Completed / Failed
+    public DateTime StartedAt { get; }
+    public DateTime? CompletedAt { get; }
+    public int ProcessedItems { get; }
+    public int TotalItems { get; }
+    public int PassedItems { get; }              // Items whose actual output matched expected
+    public double? AverageScore { get; }         // [0..1], null while in progress
+    public IReadOnlyCollection<AiEvalResult> Results { get; }
+}
+enum AiEvaluationStatus { Running = 0, Completed = 1, Failed = 2 }
+```
+Service methods : `RecordResult(AiEvalResult)`, `MarkCompleted()`, `MarkFailed(reason)`. The aggregate computes `AverageScore` from the per-item `Score` values when completed.
+### `AiEvalResult` — per-item outcome
+Records actual output vs expected, the score (0..1), pass/fail flag, and any tokens/cost incurred.
+---
+## Workflow
+```
+1. Curate dataset
+   └─ AiEvalDataset.Create("support-classification-v1", "Support classification — 50 cases")
+      └─ AddItem("simple billing question", { "ticket": "..." }, { "category": "billing" })
+      └─ AddItem("urgent outage report",   { "ticket": "..." }, { "category": "incident" })
+      └─ … 48 more items
+2. Run evaluation against current skill version
+   └─ AiEvaluation.Create(skillId, datasetId, totalItems: 50)
+      └─ For each item: invoke skill, grade output, RecordResult(actual, expected, score)
+      └─ MarkCompleted()
+      └─ Stored AverageScore = 0.86 (43/50 passed)
+3. Iterate — change prompt / blocks / model
+   └─ New AiEvaluation against same dataset
+   └─ Compare AverageScore : 0.86 → 0.92 (+0.06)
+4. Decide
+   └─ If new score significantly higher : promote prompt version
+   └─ If equal or lower : revert
+```
+---
+## DO / DON'T
+| ✅ DO | ❌ DON'T |
+|---|---|
+| Build datasets from real production examples (anonymised) | Use synthetic / hallucinated test cases as the only ones |
+| Stabilise dataset.Code — never rename, only add new datasets | Mutate dataset items after first run (compromises history) |
+| Grade with structured comparison (JSON match, key fields, semantic distance) | Grade with substring search / regex |
+| Track cost per evaluation — reject prompt changes that 3× cost for marginal score | Optimise for score alone |
+| Run evals as part of the prompt-change PR review | Ship prompt changes without an eval baseline |
+| Keep `AverageScore` as the single headline metric | Multiply scoring criteria — pick one and stick to it |
+---
+## Wiring into a release pipeline
+A prompt change should run the relevant evaluation as part of CI:
+1. PR opens with a new prompt version (`v1.1.0`).
+2. CI invokes a Command that creates an `AiEvaluation(skillId, datasetId, totalItems)` against `v1.1.0`.
+3. CI compares `AverageScore` of `v1.1.0` vs the latest passing eval of `v1.0.0`.
+4. PR is annotated with the delta. Score regression > 5% → PR blocked.
+---
+## Reference source files (read-only)
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Evaluations\AiEvalDataset.cs`
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Evaluations\AiEvalDatasetItem.cs`
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Evaluations\AiEvaluation.cs`
+- `D:\01 - projets\SmartStack.app\features\IA-Workflow\src\SmartStack.Domain\AI\Evaluations\AiEvalResult.cs`
+See also [ai-agent-modes.md](ai-agent-modes.md) for `MaxIterations` / `QualityThreshold` (used by `SelfCorrection` mode in conjunction with eval scores).

package/templates/skills/apex/references/checks/frontend-checks.sh CHANGED Viewed

@@ -191,28 +191,74 @@ if [ -n "$ALL_PAGES" ]; then
   fi
 fi
-# POST-CHECK C9: No hardcoded Tailwind colors in generated pages (WARNING)
+# POST-CHECK C9: No hardcoded Tailwind colors in generated pages (BLOCKING)
+# v3.46+ : tightened enforcement. Theme system via CSS variables is mandatory.
 ALL_PAGES=$(find src/pages/ src/components/ -name "*.tsx" 2>/dev/null | grep -v node_modules | grep -v "\.test\." || true)
 if [ -n "$ALL_PAGES" ]; then
-  HARDCODED=$(grep -Pn '(bg|text|border)-(?!\[)(red|blue|green|gray|white|black|slate|zinc|neutral|stone)-' $ALL_PAGES 2>/dev/null || true)
+  # Extended palette: catches Tailwind 22 named colors + white/black
+  # Excludes status `text-white`/`text-black` ONLY when used as foreground over a CSS-var background (rare)
+  HARDCODED=$(grep -Pn '(bg|text|border)-(?!\[)(red|blue|green|gray|white|black|slate|zinc|neutral|stone|amber|yellow|orange|purple|indigo|violet|cyan|pink|emerald|rose|sky|teal|lime|fuchsia)-' $ALL_PAGES 2>/dev/null || true)
   if [ -n "$HARDCODED" ]; then
-    echo "WARNING: Pages MUST use CSS variables instead of hardcoded Tailwind colors"
-    echo "SmartStack uses a theme system — hardcoded colors break dark mode and custom themes"
+    echo "BLOCKING (C9): Pages MUST use CSS variables instead of hardcoded Tailwind colors."
+    echo "SmartStack uses a theme system — hardcoded colors break dark mode and custom themes."
     echo ""
-    echo "Fix mapping:"
+    echo "Fix mapping (canonical SmartStack tokens):"
     echo "  bg-white         → bg-[var(--bg-card)]"
     echo "  bg-gray-50       → bg-[var(--bg-primary)]"
+    echo "  bg-gray-100      → bg-[var(--bg-secondary)]"
+    echo "  bg-gray-200      → bg-[var(--bg-tertiary)]"
     echo "  text-gray-900    → text-[var(--text-primary)]"
-    echo "  text-gray-500    → text-[var(--text-secondary)]"
+    echo "  text-gray-700    → text-[var(--text-secondary)]"
+    echo "  text-gray-500    → text-[var(--text-tertiary)]"
+    echo "  text-gray-400    → text-[var(--text-muted)]"
     echo "  border-gray-200  → border-[var(--border-color)]"
-    echo "  bg-blue-600      → bg-[var(--color-accent-500)]"
-    echo "  text-blue-600    → text-[var(--color-accent-500)]"
-    echo "  text-red-500     → text-[var(--error-text)]"
-    echo "  bg-green-500     → bg-[var(--success-bg)]"
+    echo "  border-gray-100  → border-[var(--border-subtle)]"
+    echo "  bg-blue-*        → bg-[var(--info-bg)]   (semantic info)"
+    echo "  bg-blue-600      → bg-[var(--color-accent-600)] (action button)"
+    echo "  text-blue-600    → text-[var(--color-accent-600)]"
+    echo "  text-red-*       → text-[var(--error-text)]"
+    echo "  bg-red-500/10    → bg-[var(--error-bg)]"
+    echo "  text-yellow-*    → text-[var(--warning-text)]"
+    echo "  bg-amber-500/10  → bg-[var(--warning-bg)]"
+    echo "  bg-green-*       → bg-[var(--success-bg)]"
+    echo "  text-green-*     → text-[var(--success-text)]"
     echo ""
-    echo "See references/smartstack-frontend.md section 4 for full variable reference"
+    echo "Status badges → use the 4 status token sets : --success-*, --warning-*, --error-*, --info-*"
+    echo "  Example: 'bg-[var(--info-bg)] text-[var(--info-text)] border border-[var(--info-border)]'"
+    echo ""
+    echo "Avoid Tailwind \`dark:\` prefix — SmartStack toggles a \`.dark\` class on <html> and CSS vars adapt automatically."
+    echo ""
+    echo "References:"
+    echo "  - templates/skills/application/references/themes-db-driven.md (full token list)"
+    echo "  - templates/skills/ui-components/style-guide.md (DO/DON'T)"
     echo ""
     echo "$HARDCODED"
+    FAIL=true
+  fi
+fi
+# POST-CHECK C9b: Avoid Tailwind dark: prefix — SmartStack uses .dark class on root (BLOCKING)
+ALL_PAGES=$(find src/pages/ src/components/ -name "*.tsx" 2>/dev/null | grep -v node_modules | grep -v "\.test\." || true)
+if [ -n "$ALL_PAGES" ]; then
+  DARK_PREFIX=$(grep -PnH '\bdark:(bg|text|border)-' $ALL_PAGES 2>/dev/null || true)
+  if [ -n "$DARK_PREFIX" ]; then
+    echo "BLOCKING (C9b): Tailwind 'dark:' prefix detected — incompatible with SmartStack theme system."
+    echo "SmartStack toggles a '.dark' class on <html> ; CSS vars (var(--bg-*), var(--text-*)) adapt automatically."
+    echo "Fix: remove 'dark:' prefix and rely on CSS vars instead."
+    echo "$DARK_PREFIX"
+    FAIL=true
+  fi
+fi
+# POST-CHECK C9c: No hex colors in className (BLOCKING)
+ALL_PAGES=$(find src/pages/ src/components/ -name "*.tsx" 2>/dev/null | grep -v node_modules | grep -v "\.test\." || true)
+if [ -n "$ALL_PAGES" ]; then
+  HEX_CN=$(grep -PnH 'className=[^>]*\[(#[0-9a-fA-F]{3,8})\]' $ALL_PAGES 2>/dev/null || true)
+  if [ -n "$HEX_CN" ]; then
+    echo "BLOCKING (C9c): Hex colors in className detected — must use CSS vars."
+    echo "Fix: replace #xxxxxx by var(--xxx) from the SmartStack token set."
+    echo "$HEX_CN"
+    FAIL=true
   fi
 fi
@@ -324,6 +370,46 @@ if [ -n "$TSX_PAGES" ] && [ -z "$DOC_DATA" ]; then
   echo "The DocToggleButton in page headers will link to this documentation"
 fi
+# POST-CHECK C28: i18n namespace consistency across the 4 languages (BLOCKING)
+# Each language directory must have the same set of JSON namespaces.
+# Reference language is the one with the most files (usually fr or en).
+I18N_BASE=$(find src/i18n/locales -maxdepth 1 -type d 2>/dev/null | grep -E "/(fr|en|it|de)$" || true)
+if [ -n "$I18N_BASE" ]; then
+  # Build sorted file lists per language (basename only, .json suffix)
+  FR_FILES=$(find src/i18n/locales/fr -maxdepth 1 -name "*.json" -exec basename {} \; 2>/dev/null | sort -u || true)
+  EN_FILES=$(find src/i18n/locales/en -maxdepth 1 -name "*.json" -exec basename {} \; 2>/dev/null | sort -u || true)
+  IT_FILES=$(find src/i18n/locales/it -maxdepth 1 -name "*.json" -exec basename {} \; 2>/dev/null | sort -u || true)
+  DE_FILES=$(find src/i18n/locales/de -maxdepth 1 -name "*.json" -exec basename {} \; 2>/dev/null | sort -u || true)
+  # Pick the largest set as the canonical reference (excludes *_tmp.json which is intentionally orphan)
+  REF_FILES=$(echo -e "$FR_FILES\n$EN_FILES\n$IT_FILES\n$DE_FILES" | grep -v "_tmp\." | sort -u)
+  if [ -n "$REF_FILES" ]; then
+    FAIL_C28=false
+    for LANG in fr en it de; do
+      LANG_FILES=$(find src/i18n/locales/$LANG -maxdepth 1 -name "*.json" -exec basename {} \; 2>/dev/null | grep -v "_tmp\." | sort -u || true)
+      MISSING=$(comm -23 <(echo "$REF_FILES") <(echo "$LANG_FILES") || true)
+      if [ -n "$MISSING" ]; then
+        echo "BLOCKING (C28): i18n language '$LANG' is missing namespaces present in other languages:"
+        echo "$MISSING" | sed 's/^/  - /'
+        echo "  Fix: create the missing JSON file(s) in src/i18n/locales/$LANG/ — even a stub {} is better than the runtime crash on a missing namespace."
+        FAIL_C28=true
+      fi
+    done
+    # Detect orphan _tmp.json files (intentional but should be cleaned up)
+    ORPHAN=$(find src/i18n/locales -name "*_tmp.json" 2>/dev/null || true)
+    if [ -n "$ORPHAN" ]; then
+      echo "WARNING (C28): orphan *_tmp.json file(s) detected — clean up after migration:"
+      echo "$ORPHAN" | sed 's/^/  - /'
+    fi
+    if [ "$FAIL_C28" = true ]; then
+      FAIL=true
+    fi
+  fi
+fi
 # POST-CHECK C36: Frontend navigate() calls must have matching route definitions (CRITICAL)
 PAGE_FILES=$(find web/ -name "*.tsx" -path "*/pages/*" ! -name "*.test.tsx" 2>/dev/null || true)
 if [ -n "$PAGE_FILES" ]; then

package/templates/skills/apex/references/checks/seed-checks.sh CHANGED Viewed

@@ -571,6 +571,40 @@ if [ -n "$SEED_NAV_FILES" ]; then
   done
 fi
+# POST-CHECK C66: ApplicationZone enum removed in v3.46 (BLOCKING)
+# Detects any leftover reference to the removed ApplicationZone enum or Zone column.
+SEED_FILES=$(find src/ -path "*/Seeding/Data/*" -name "*.cs" 2>/dev/null)
+DOMAIN_FILES=$(find src/ -path "*/Domain/Navigation/*" -name "*.cs" 2>/dev/null)
+INFRA_FILES=$(find src/ -path "*/Infrastructure/Persistence/Configurations/Navigation/*" -name "*.cs" 2>/dev/null)
+APP_FILES=$(find src/ -path "*/Application/Navigation/*" -name "*.cs" 2>/dev/null)
+ALL_NAV_FILES="$SEED_FILES $DOMAIN_FILES $INFRA_FILES $APP_FILES"
+if [ -n "$ALL_NAV_FILES" ]; then
+  BAD_ZONE=$(grep -Pn 'ApplicationZone\.\w+|public\s+ApplicationZone\s+Zone|HasColumnName\("Zone"\)|Zone\s*=\s*ApplicationZone' $ALL_NAV_FILES 2>/dev/null || true)
+  if [ -n "$BAD_ZONE" ]; then
+    echo "BLOCKING (C66): ApplicationZone enum has been removed in SmartStack v3.46."
+    echo "Replace by IsPersonal (bool, true => myspace scope) and/or IsOpen (bool, true => bypass permissions)."
+    echo "$BAD_ZONE"
+    echo "Fix: NavigationApplication.Create(code, label, ..., isOpen: false, isPersonal: false)"
+    echo "Reference: templates/skills/apex/references/core-seed-data.md (v3.46+ section)"
+    FAIL=true
+  fi
+fi
+# POST-CHECK C67: Legacy domain-specific layouts removed in v3.46 (BLOCKING)
+# AdminLayout / BusinessLayout / UserLayout / HRLayout / SalesLayout no longer exist.
+TSX_FILES=$(find web/ -name "*.tsx" -not -path "*/node_modules/*" 2>/dev/null; find src/ -name "*.tsx" -not -path "*/node_modules/*" 2>/dev/null)
+if [ -n "$TSX_FILES" ]; then
+  BAD_LAYOUT=$(grep -PnH '<\s*(AdminLayout|BusinessLayout|UserLayout|HRLayout|SalesLayout)\b|from\s+["'\''][^"'\'']*\/(AdminLayout|BusinessLayout|UserLayout|HRLayout|SalesLayout)["'\'']' $TSX_FILES 2>/dev/null || true)
+  if [ -n "$BAD_LAYOUT" ]; then
+    echo "BLOCKING (C67): Legacy layouts (AdminLayout/BusinessLayout/UserLayout/HRLayout/SalesLayout) have been removed in v3.46."
+    echo "Use AppLayout — the sole shell for authenticated application routes."
+    echo "$BAD_LAYOUT"
+    echo "Fix: Replace by <AppLayout /> (no domain-specific shell anymore)."
+    echo "Reference: templates/skills/application/references/frontend-route-naming.md"
+    FAIL=true
+  fi
+fi
 if [ "$FAIL" = true ]; then
   exit 1
 fi

package/templates/skills/apex/references/core-seed-data.md CHANGED Viewed

@@ -109,7 +109,6 @@ public static class NavigationApplicationSeedData
         return new NavigationApplicationSeedEntry
         {
             Id = ApplicationId,
-            Zone = ApplicationZone.Business,
             Code = "{appCode}",
             Label = "{appLabel_en}",
             Description = "{appDesc_en}",
@@ -117,7 +116,9 @@ public static class NavigationApplicationSeedData
             IconType = IconType.Lucide,
             Route = ToKebabCase("/{appCode}"),
             DisplayOrder = 1,
-            IsActive = true
+            IsActive = true,
+            IsOpen = false,                  // true => bypass permission checks (system apps only)
+            IsPersonal = false               // true => belongs to user personal scope (myspace)
         };
     }
@@ -199,7 +200,6 @@ public static class NavigationApplicationSeedData
 public class NavigationApplicationSeedEntry
 {
     public Guid Id { get; init; }
-    public ApplicationZone Zone { get; init; }
     public string Code { get; init; } = null!;
     public string Label { get; init; } = null!;
     public string? Description { get; init; }
@@ -208,6 +208,9 @@ public class NavigationApplicationSeedEntry
     public string? Route { get; init; }
     public int DisplayOrder { get; init; }
     public bool IsActive { get; init; }
+    // v3.46+ : ApplicationZone enum removed. Replaced by 2 boolean flags.
+    public bool IsOpen { get; init; }       // true => app accessible without permission checks
+    public bool IsPersonal { get; init; }   // true => app in user personal scope (myspace)
 }
 ```
@@ -1369,7 +1372,7 @@ Before marking the task as completed, verify ALL:
 **Application-Level (FIRST — before modules):**
 - [ ] `NavigationApplicationSeedData.cs` created (once per application, at `Infrastructure/Persistence/Seeding/Data/`)
 - [ ] Application GUID is random (`Guid.NewGuid()`) — FK resolution is by Code lookup, not fixed ID
-- [ ] GetApplicationEntry() takes no parameters, includes `Zone = ApplicationZone.Business`
+- [ ] GetApplicationEntry() takes no parameters, includes `IsOpen = false` and `IsPersonal = false` (set `IsPersonal = true` only for myspace-scoped apps; set `IsOpen = true` only for public/system apps that should bypass permission checks). v3.46+ : `ApplicationZone` enum is removed — do NOT add `Zone = ...`
 - [ ] Application translations created (4 languages: fr, en, it, de, EntityType = Application), using `app.Id` (actual DB ID) for EntityId
 - [ ] `IClientSeedDataProvider.SeedNavigationAsync()` uses `NavigationApplicationSeedData` (NO hardcoded `{appLabel_en}` / `{appIcon}` placeholders)
 - [ ] `ApplicationRolesSeedData.ApplicationId` references `NavigationApplicationSeedData.ApplicationId` (DTO only — provider code resolves from DB by Code)

package/templates/skills/apex/references/domain-events-pattern.md ADDED Viewed

@@ -0,0 +1,45 @@
+# Domain Events (lightweight pub-sub)
+> Extracted from `smartstack-api.md` for clarity. Loaded only when generating code that needs events.
+SmartStack uses a minimal domain event pattern in `SmartStack.Domain.Support.Events`.
+## Interface + base class
+```csharp
+public interface IDomainEvent
+{
+    DateTime OccurredAt { get; }
+}
+public abstract class DomainEvent : IDomainEvent
+{
+    public DateTime OccurredAt { get; } = DateTime.UtcNow;
+}
+```
+## When to raise an event vs use a hook
+| Use case | Mechanism |
+|---|---|
+| Cross-cutting side effect tied to entity lifecycle (Create/Update/Delete) | Entity hook (`IAfterCreate<T>`, …) — see [entity-hooks-pattern.md](entity-hooks-pattern.md) |
+| Business event independent of CRUD (e.g. `WorkflowExecuted`, `LicenseRenewed`) | Domain event |
+| Need to handle multiple unrelated reactions to the same business fact | Domain event |
+| Reaction must be transactional with the entity write | Neither — code it inline in the handler |
+## Convention
+- One event class per business fact, named `{PastTense}Event` (e.g. `EmployeeOnboardedEvent`, `WorkflowExecutedEvent`).
+- Place events in `Domain/{Aggregate}/Events/`.
+- Inherit `DomainEvent` (gets `OccurredAt` for free).
+- Dispatched by handlers (no automatic publication from `SaveChangesAsync` in v3.46) — keep dispatch explicit so the handler controls timing.
+## Example dispatch (handler)
+```csharp
+await _mediator.Publish(new EmployeeOnboardedEvent(employee.Id, employee.TenantId), ct);
+```
+## Source
+- `D:/01 - projets/SmartStack.app/features/IA-Workflow/src/SmartStack.Domain/Support/Events/IDomainEvent.cs`

package/templates/skills/apex/references/entity-hooks-pattern.md ADDED Viewed

@@ -0,0 +1,68 @@
+# Entity Lifecycle Hooks (v3.46+)
+> Extracted from `smartstack-api.md` for clarity. Loaded only when generating code that needs hooks.
+SmartStack exposes 6 typed hook interfaces + 1 executor in `SmartStack.Application.Common.Interfaces.Hooks`.
+## Interfaces
+```csharp
+public interface IBeforeCreate<in T>  where T : class { int Order => 0; Task ExecuteAsync(T entity, CancellationToken ct = default); }
+public interface IAfterCreate<in T>   where T : class { int Order => 0; Task ExecuteAsync(T entity, CancellationToken ct = default); }
+public interface IBeforeUpdate<in T>  where T : class { int Order => 0; Task ExecuteAsync(T entity, CancellationToken ct = default); }
+public interface IAfterUpdate<in T>   where T : class { int Order => 0; Task ExecuteAsync(T entity, CancellationToken ct = default); }
+public interface IBeforeDelete<in T>  where T : class { int Order => 0; Task ExecuteAsync(T entity, CancellationToken ct = default); }
+public interface IAfterDelete<in T>   where T : class { int Order => 0; Task ExecuteAsync(T entity, CancellationToken ct = default); }
+public interface IHookExecutor
+{
+    Task ExecuteBeforeCreateAsync<T>(T entity, CancellationToken ct = default) where T : class;
+    Task ExecuteAfterCreateAsync<T>(T entity,  CancellationToken ct = default) where T : class;
+    Task ExecuteBeforeUpdateAsync<T>(T entity, CancellationToken ct = default) where T : class;
+    Task ExecuteAfterUpdateAsync<T>(T entity,  CancellationToken ct = default) where T : class;
+    Task ExecuteBeforeDeleteAsync<T>(T entity, CancellationToken ct = default) where T : class;
+    Task ExecuteAfterDeleteAsync<T>(T entity,  CancellationToken ct = default) where T : class;
+}
+```
+## Semantics
+- **`IBefore*`** runs **before** the entity is persisted. May transform the entity. May `throw` to cancel the operation (the calling handler does NOT call `SaveChangesAsync`).
+- **`IAfter*`** runs **after** `SaveChangesAsync` completes. Side-effects only (notifications, indexing, caches, integrations). Throwing here does NOT roll back the DB write — wrap risky calls.
+- **`Order`** (default 0) — lower runs earlier. Use `Order = -100` to pre-empt validation, `Order = 100` to run last.
+## DI registration (Infrastructure DependencyInjection.cs)
+```csharp
+services.AddScoped<IHookExecutor, HookExecutor>();
+services.AddScoped<IBeforeCreate<Employee>,  EmployeeValidationHook>();
+services.AddScoped<IAfterCreate<Employee>,   EmployeeWelcomeNotificationHook>();
+services.AddScoped<IAfterUpdate<Employee>,   EmployeeUpdatedAuditHook>();
+```
+## Usage in service / handler
+```csharp
+public async Task<EmployeeDto> CreateAsync(CreateEmployeeDto dto, CancellationToken ct)
+{
+    var entity = Employee.Create(dto.TenantId, dto.Code, dto.Name);
+    await _hooks.ExecuteBeforeCreateAsync(entity, ct);   // may throw → cancel
+    _db.Employees.Add(entity);
+    await _db.SaveChangesAsync(ct);
+    await _hooks.ExecuteAfterCreateAsync(entity, ct);    // post-commit side effects
+    return _mapper.Map<EmployeeDto>(entity);
+}
+```
+## DO / DON'T
+- DO use hooks for cross-cutting concerns (notifications, audit beyond `IAuditableEntity`, cache invalidation)
+- DO keep hooks small and idempotent — `IAfter*` runs without DB transaction
+- DON'T use hooks for business validation that varies per command — keep that in the handler / FluentValidation
+- DON'T register the same hook twice — DI picks all of them, and they all execute
+## Sources
+- `D:/01 - projets/SmartStack.app/features/IA-Workflow/src/SmartStack.Application/Common/Interfaces/Hooks/IBeforeCreate.cs`
+- `D:/01 - projets/SmartStack.app/features/IA-Workflow/src/SmartStack.Application/Common/Interfaces/Hooks/IAfterCreate.cs`
+- `D:/01 - projets/SmartStack.app/features/IA-Workflow/src/SmartStack.Application/Common/Interfaces/Hooks/IHookExecutor.cs` (and 4 more)