npm - @polymorphism-tech/morph-spec - Versions diffs - 1.0.4 → 2.0.0 - Mend

@polymorphism-tech/morph-spec 1.0.4 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (152) hide show

package/CLAUDE.md +1381 -0
package/LICENSE +72 -0
package/README.md +89 -6
package/bin/detect-agents.js +225 -0
package/bin/morph-spec.js +120 -0
package/bin/render-template.js +302 -0
package/bin/semantic-detect-agents.js +246 -0
package/bin/validate-agents-skills.js +239 -0
package/bin/validate-agents.js +69 -0
package/bin/validate-phase.js +263 -0
package/content/.azure/README.md +293 -0
package/content/.azure/docs/azure-devops-setup.md +454 -0
package/content/.azure/docs/branch-strategy.md +398 -0
package/content/.azure/docs/local-development.md +515 -0
package/content/.azure/pipelines/pipeline-variables.yml +34 -0
package/content/.azure/pipelines/prod-pipeline.yml +319 -0
package/content/.azure/pipelines/staging-pipeline.yml +234 -0
package/content/.azure/pipelines/templates/build-dotnet.yml +75 -0
package/content/.azure/pipelines/templates/deploy-app-service.yml +94 -0
package/content/.azure/pipelines/templates/deploy-container-app.yml +120 -0
package/content/.azure/pipelines/templates/infra-deploy.yml +90 -0
package/content/.claude/commands/morph-apply.md +118 -26
package/content/.claude/commands/morph-archive.md +9 -9
package/content/.claude/commands/morph-clarify.md +184 -0
package/content/.claude/commands/morph-design.md +275 -0
package/content/.claude/commands/morph-proposal.md +56 -15
package/content/.claude/commands/morph-setup.md +100 -0
package/content/.claude/commands/morph-status.md +47 -32
package/content/.claude/commands/morph-tasks.md +319 -0
package/content/.claude/commands/morph-uiux.md +211 -0
package/content/.claude/skills/specialists/ai-system-architect.md +604 -0
package/content/.claude/skills/specialists/ms-agent-expert.md +143 -89
package/content/.claude/skills/specialists/ui-ux-designer.md +744 -9
package/content/.claude/skills/stacks/dotnet-blazor.md +244 -8
package/content/.claude/skills/stacks/dotnet-nextjs.md +2 -2
package/content/.morph/.morphversion +5 -0
package/content/.morph/config/agents.json +101 -8
package/content/.morph/config/azure-pricing.json +70 -0
package/content/.morph/config/azure-pricing.schema.json +50 -0
package/content/.morph/config/config.template.json +15 -3
package/content/.morph/docs/STORY-DRIVEN-DEVELOPMENT.md +392 -0
package/content/.morph/hooks/README.md +239 -0
package/content/.morph/hooks/pre-commit-agents.sh +24 -0
package/content/.morph/hooks/pre-commit-all.sh +48 -0
package/content/.morph/hooks/pre-commit-costs.sh +91 -0
package/content/.morph/hooks/pre-commit-specs.sh +49 -0
package/content/.morph/hooks/pre-commit-tests.sh +60 -0
package/content/.morph/project.md +5 -4
package/content/.morph/schemas/agent.schema.json +296 -0
package/content/.morph/standards/agent-framework-setup.md +453 -0
package/content/.morph/standards/architecture.md +142 -7
package/content/.morph/standards/azure.md +218 -23
package/content/.morph/standards/coding.md +47 -12
package/content/.morph/standards/dotnet10-migration.md +494 -0
package/content/.morph/standards/fluent-ui-setup.md +590 -0
package/content/.morph/standards/migration-guide.md +514 -0
package/content/.morph/standards/passkeys-auth.md +423 -0
package/content/.morph/standards/vector-search-rag.md +536 -0
package/content/.morph/state.json +18 -0
package/content/.morph/templates/FluentDesignTheme.cs +149 -0
package/content/.morph/templates/MudTheme.cs +281 -0
package/content/.morph/templates/contracts.cs +55 -55
package/content/.morph/templates/decisions.md +4 -4
package/content/.morph/templates/design-system.css +226 -0
package/content/.morph/templates/infra/.dockerignore.example +89 -0
package/content/.morph/templates/infra/Dockerfile.example +82 -0
package/content/.morph/templates/infra/README.md +286 -0
package/content/.morph/templates/infra/app-service.bicep +164 -0
package/content/.morph/templates/infra/deploy.ps1 +229 -0
package/content/.morph/templates/infra/deploy.sh +208 -0
package/content/.morph/templates/infra/main.bicep +41 -7
package/content/.morph/templates/infra/parameters.dev.json +6 -0
package/content/.morph/templates/infra/parameters.prod.json +6 -0
package/content/.morph/templates/infra/parameters.staging.json +29 -0
package/content/.morph/templates/proposal.md +3 -3
package/content/.morph/templates/recap.md +3 -3
package/content/.morph/templates/spec.md +9 -8
package/content/.morph/templates/sprint-status.yaml +68 -0
package/content/.morph/templates/state.template.json +222 -0
package/content/.morph/templates/story.md +143 -0
package/content/.morph/templates/tasks.md +1 -1
package/content/.morph/templates/ui-components.md +276 -0
package/content/.morph/templates/ui-design-system.md +286 -0
package/content/.morph/templates/ui-flows.md +336 -0
package/content/.morph/templates/ui-mockups.md +133 -0
package/content/.morph/test-infra/example.bicep +59 -0
package/content/CLAUDE.md +124 -0
package/content/README.md +79 -0
package/detectors/config-detector.js +223 -0
package/detectors/conversation-analyzer.js +163 -0
package/detectors/index.js +84 -0
package/detectors/standards-generator.js +275 -0
package/detectors/structure-detector.js +221 -0
package/docs/README.md +149 -0
package/docs/api/cost-calculator.js.html +513 -0
package/docs/api/design-system-generator.js.html +382 -0
package/docs/api/fonts/Montserrat/Montserrat-Bold.eot +0 -0
package/docs/api/fonts/Montserrat/Montserrat-Bold.ttf +0 -0
package/docs/api/fonts/Montserrat/Montserrat-Bold.woff +0 -0
package/docs/api/fonts/Montserrat/Montserrat-Bold.woff2 +0 -0
package/docs/api/fonts/Montserrat/Montserrat-Regular.eot +0 -0
package/docs/api/fonts/Montserrat/Montserrat-Regular.ttf +0 -0
package/docs/api/fonts/Montserrat/Montserrat-Regular.woff +0 -0
package/docs/api/fonts/Montserrat/Montserrat-Regular.woff2 +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-light-webfont.eot +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-light-webfont.svg +978 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-light-webfont.ttf +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-light-webfont.woff +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-light-webfont.woff2 +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-regular-webfont.eot +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-regular-webfont.svg +1049 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-regular-webfont.ttf +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-regular-webfont.woff +0 -0
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-regular-webfont.woff2 +0 -0
package/docs/api/global.html +5263 -0
package/docs/api/index.html +96 -0
package/docs/api/scripts/collapse.js +39 -0
package/docs/api/scripts/commonNav.js +28 -0
package/docs/api/scripts/linenumber.js +25 -0
package/docs/api/scripts/nav.js +12 -0
package/docs/api/scripts/polyfill.js +4 -0
package/docs/api/scripts/prettify/Apache-License-2.0.txt +202 -0
package/docs/api/scripts/prettify/lang-css.js +2 -0
package/docs/api/scripts/prettify/prettify.js +28 -0
package/docs/api/scripts/search.js +99 -0
package/docs/api/state-manager.js.html +423 -0
package/docs/api/styles/jsdoc.css +776 -0
package/docs/api/styles/prettify.css +80 -0
package/docs/examples.md +328 -0
package/docs/getting-started.md +302 -0
package/docs/installation.md +361 -0
package/docs/templates.md +418 -0
package/docs/validation-checklist.md +266 -0
package/package.json +39 -12
package/src/commands/cost.js +181 -0
package/src/commands/create-story.js +283 -0
package/src/commands/detect.js +104 -0
package/src/commands/doctor.js +67 -0
package/src/commands/generate.js +149 -0
package/src/commands/init.js +69 -45
package/src/commands/shard-spec.js +224 -0
package/src/commands/sprint-status.js +250 -0
package/src/commands/state.js +333 -0
package/src/commands/sync.js +167 -0
package/src/commands/update-pricing.js +206 -0
package/src/commands/update.js +88 -13
package/src/lib/complexity-analyzer.js +292 -0
package/src/lib/cost-calculator.js +429 -0
package/src/lib/design-system-generator.js +298 -0
package/src/lib/state-manager.js +340 -0
package/src/utils/file-copier.js +59 -0
package/src/utils/version-checker.js +175 -0

package/content/.morph/standards/passkeys-auth.md ADDED Viewed

@@ -0,0 +1,423 @@
+# Passkeys/WebAuthn - Autenticação Sem Senhas (.NET 10)
+> **Novidade .NET 10:** Suporte nativo a Passkeys/WebAuthn integrado no ASP.NET Core Identity.
+---
+## 🎯 O Que São Passkeys?
+**Passkeys** são credenciais criptográficas que substituem senhas tradicionais.
+### Características
+| Aspecto | Descrição |
+|---------|-----------|
+| **Segurança** | Resistentes a phishing, não podem ser roubadas |
+| **Usabilidade** | Login com biometria ou PIN do dispositivo |
+| **Privacidade** | Chave privada nunca sai do dispositivo |
+| **Padrão** | WebAuthn (W3C) + FIDO2 |
+### Como Funciona
+```
+1. Usuário solicita criação de passkey
+2. Sistema gera par de chaves (pública/privada)
+3. Chave pública → Servidor
+4. Chave privada → Authenticator (Windows Hello, smartphone, security key)
+5. Login: Servidor desafia → Authenticator assina → Servidor verifica
+```
+**Authenticators suportados:**
+- Windows Hello
+- Face ID / Touch ID (Apple)
+- Biometria Android
+- Security keys (YubiKey, etc.)
+---
+## 🚀 Setup em Blazor Web App
+### 1. Criar Projeto com Identity
+```bash
+dotnet new blazor --auth Individual -o MyApp
+cd MyApp
+```
+**Importante:** Escolher "Individual User Accounts" habilita passkeys automaticamente.
+### 2. Estrutura Gerada
+```
+MyApp/
+├── Components/
+│   └── Account/
+│       ├── Pages/
+│       │   ├── Manage/
+│       │   │   └── Passkeys.razor  ← Gerenciamento de passkeys
+│       │   ├── Login.razor         ← Login com passkey
+│       │   └── Register.razor
+│       └── IdentityUserAccessor.cs
+├── Data/
+│   ├── ApplicationDbContext.cs
+│   └── ApplicationUser.cs
+└── Program.cs
+```
+### 3. Configuração Automática no Program.cs
+```csharp
+// Já vem configurado no template
+builder.Services.AddIdentityCore<ApplicationUser>(options =>
+{
+    options.SignIn.RequireConfirmedAccount = true;
+    // Passkeys habilitados por padrão
+    options.Stores.MaxLengthForKeys = 128;
+})
+.AddEntityFrameworkStores<ApplicationDbContext>()
+.AddSignInManager()
+.AddDefaultTokenProviders();
+// WebAuthn/Passkeys configurado automaticamente
+builder.Services.AddAuthentication(options =>
+{
+    options.DefaultScheme = IdentityConstants.ApplicationScheme;
+    options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
+})
+.AddIdentityCookies();
+```
+---
+## 📱 Fluxo de Uso
+### Criar Passkey
+1. Usuário loga com email/senha (primeira vez)
+2. Acessa perfil → Aba "Passkeys"
+3. Clica "Add Passkey"
+4. Sistema solicita authenticator (Windows Hello, celular, etc.)
+5. Usuário confirma identidade (biometria/PIN)
+6. Passkey é criada e nomeada
+7. Salva no banco de dados
+### Login com Passkey
+1. Usuário acessa página de login
+2. Clica "Login with Passkey"
+3. Sistema envia desafio
+4. Authenticator assina desafio
+5. Servidor verifica assinatura
+6. Usuário autenticado
+---
+## 💻 Implementação Customizada
+### Adicionar Passkeys a Projeto Existente
+Se você tem um projeto Blazor sem passkeys, use o **scaffolder**:
+```bash
+dotnet tool install -g dotnet-aspnet-codegenerator
+dotnet aspnet-codegenerator identity \
+    --useDefaultUI \
+    --dbContext ApplicationDbContext \
+    --files "Account.Manage.Passkeys;Account.Login"
+```
+Isso adiciona:
+- `Components/Account/Pages/Manage/Passkeys.razor`
+- `Components/Account/Pages/Login.razor` (atualizado)
+### Verificar Suporte a Passkeys
+```csharp
+@inject IPasskeyService PasskeyService
+@code {
+    private bool _supportsPasskeys;
+    protected override async Task OnInitializedAsync()
+    {
+        _supportsPasskeys = await PasskeyService.IsSupportedAsync();
+    }
+}
+```
+### Listar Passkeys do Usuário
+```csharp
+@page "/manage/passkeys"
+@inject IPasskeyService PasskeyService
+@inject UserManager<ApplicationUser> UserManager
+<h3>Minhas Passkeys</h3>
+@if (_passkeys is null)
+{
+    <p>Carregando...</p>
+}
+else if (!_passkeys.Any())
+{
+    <p>Você não tem passkeys configuradas.</p>
+}
+else
+{
+    <ul>
+        @foreach (var passkey in _passkeys)
+        {
+            <li>
+                @passkey.Name (@passkey.CreatedAt.ToString("dd/MM/yyyy"))
+                <button @onclick="() => RemovePasskey(passkey.Id)">Remover</button>
+            </li>
+        }
+    </ul>
+}
+<button @onclick="AddPasskey">Adicionar Passkey</button>
+@code {
+    private List<Passkey>? _passkeys;
+    protected override async Task OnInitializedAsync()
+    {
+        var user = await UserManager.GetUserAsync(User);
+        _passkeys = await PasskeyService.GetUserPasskeysAsync(user!.Id);
+    }
+    private async Task AddPasskey()
+    {
+        var user = await UserManager.GetUserAsync(User);
+        await PasskeyService.CreatePasskeyAsync(user!.Id);
+        await OnInitializedAsync(); // Recarregar lista
+    }
+    private async Task RemovePasskey(string passkeyId)
+    {
+        await PasskeyService.RemovePasskeyAsync(passkeyId);
+        await OnInitializedAsync(); // Recarregar lista
+    }
+}
+```
+---
+## 🗄️ Modelo de Dados
+### Entidade Passkey
+```csharp
+public class Passkey
+{
+    public string Id { get; set; } = Guid.NewGuid().ToString();
+    public string UserId { get; set; } = null!;
+    public string Name { get; set; } = "Passkey";
+    public byte[] CredentialId { get; set; } = Array.Empty<byte>();
+    public byte[] PublicKey { get; set; } = Array.Empty<byte>();
+    public int SignatureCounter { get; set; }
+    public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
+    public DateTime? LastUsedAt { get; set; }
+    // Relacionamento
+    public ApplicationUser User { get; set; } = null!;
+}
+```
+### DbContext
+```csharp
+public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
+{
+    public DbSet<Passkey> Passkeys { get; set; }
+    protected override void OnModelCreating(ModelBuilder builder)
+    {
+        base.OnModelCreating(builder);
+        builder.Entity<Passkey>(entity =>
+        {
+            entity.HasKey(p => p.Id);
+            entity.HasIndex(p => p.UserId);
+            entity.HasIndex(p => p.CredentialId).IsUnique();
+            entity.HasOne(p => p.User)
+                .WithMany()
+                .HasForeignKey(p => p.UserId)
+                .OnDelete(DeleteBehavior.Cascade);
+        });
+    }
+}
+```
+### Migration
+```bash
+dotnet ef migrations add AddPasskeys
+dotnet ef database update
+```
+---
+## 🔒 Segurança
+### Configurações Recomendadas
+```csharp
+builder.Services.AddAuthentication()
+    .AddWebAuthn(options =>
+    {
+        // Nome do site (aparece no authenticator)
+        options.RelyingPartyId = "myapp.com";
+        options.RelyingPartyName = "My Application";
+        // Origem permitida
+        options.Origins = new[] { "https://myapp.com" };
+        // Timeout de autenticação
+        options.Timeout = TimeSpan.FromSeconds(60);
+        // Tipo de authenticator
+        options.AuthenticatorSelection = new()
+        {
+            RequireResidentKey = false,
+            UserVerification = UserVerificationRequirement.Preferred
+        };
+    });
+```
+### User Verification
+| Modo | Descrição | Quando Usar |
+|------|-----------|-------------|
+| `Required` | Exige biometria/PIN sempre | Alto risco |
+| `Preferred` | Prefere biometria mas aceita alternativa | Padrão recomendado |
+| `Discouraged` | Não solicita verificação | Não use |
+### Attestation
+```csharp
+options.Attestation = AttestationConveyancePreference.None;
+```
+**Valores:**
+- `None`: Não requer attestation (mais compatível)
+- `Indirect`: Valida authenticator via CA
+- `Direct`: Requer attestation direta (mais restritivo)
+**Recomendação:** Use `None` para máxima compatibilidade.
+---
+## 🧪 Testando Passkeys
+### Ambiente de Desenvolvimento
+1. **HTTPS obrigatório:** WebAuthn só funciona com HTTPS (ou localhost)
+2. **Windows Hello:** Habilite no Windows
+3. **Chrome DevTools:** Use Virtual Authenticator para testes
+### Virtual Authenticator (Chrome)
+1. F12 → More Tools → WebAuthn
+2. Enable virtual authenticator environment
+3. Add authenticator (escolha tipo: USB, NFC, Internal)
+4. Teste criação e login
+### Smartphone como Authenticator
+1. Use HTTPS (não localhost)
+2. Escaneie QR code gerado
+3. Confirme com biometria do celular
+---
+## 🐛 Troubleshooting
+### Erro: "WebAuthn not supported"
+**Causa:** Navegador antigo ou HTTP (não HTTPS)
+**Solução:**
+- Use HTTPS em produção
+- Localhost funciona com HTTP (somente dev)
+- Atualize navegador
+### Erro: "User verification failed"
+**Causa:** Authenticator não configurado ou cancelado
+**Solução:**
+- Configure Windows Hello / Touch ID
+- Tente outro authenticator
+- Verifique `UserVerification = Preferred`
+### Passkey não aparece em outro dispositivo
+**Causa:** Passkeys não sincronizam automaticamente (depende do authenticator)
+**Solução:**
+- Use authenticator com sync (ex: Google Password Manager)
+- Ou crie passkey separada por dispositivo
+---
+## 📊 Migração Gradual
+### Permitir Email/Senha + Passkeys
+```csharp
+// Login.razor
+<EditForm Model="Input" OnValidSubmit="LoginAsync">
+    <InputText @bind-Value="Input.Email" />
+    <InputText @bind-Value="Input.Password" type="password" />
+    <button type="submit">Login with Password</button>
+</EditForm>
+<hr />
+<button @onclick="LoginWithPasskey">Login with Passkey</button>
+@code {
+    private async Task LoginAsync()
+    {
+        // Login tradicional com senha
+    }
+    private async Task LoginWithPasskey()
+    {
+        // Login com WebAuthn
+    }
+}
+```
+**Estratégia:** Mantenha senha como fallback, incentive passkeys.
+---
+## ✅ Checklist de Implementação
+- [ ] Projeto criado com `--auth Individual` ou scaffolder usado
+- [ ] DbContext inclui tabela `Passkeys`
+- [ ] Migration executada
+- [ ] HTTPS habilitado (dev e prod)
+- [ ] Página de gerenciamento de passkeys funcional
+- [ ] Login com passkey funcional
+- [ ] Fallback para email/senha disponível
+- [ ] Testado com Windows Hello ou smartphone
+- [ ] `RelyingPartyId` configurado corretamente
+---
+## 📚 Referências
+- [WebAuthn Specification (W3C)](https://w3c.github.io/webauthn/)
+- [FIDO Alliance](https://fidoalliance.org/)
+- [ASP.NET Core Identity - Passkeys](https://learn.microsoft.com/aspnet/core/security/authentication/identity/passkeys)
+- [Chrome WebAuthn DevTools](https://developer.chrome.com/docs/devtools/webauthn/)
+---
+*MORPH-SPEC by Polymorphism Tech*