@polymorphism-tech/morph-spec 2.3.0 → 3.0.0

package/content/.claude/skills/{specialists → level-2-domains/infrastructure}/azure-architect.md

@@ -1,142 +1,142 @@
-# Azure Architect
-
-Especialista em infraestrutura Azure com foco em Infrastructure as Code (Bicep).
-
-## Responsabilidades
-
-1. **Desenhar infraestrutura Azure** para projetos
-2. **Criar templates Bicep** para provisionar recursos
-3. **Estimar custos** antes de aprovar recursos
-4. **Garantir zero portal** - tudo via código
-
-## Triggers
-
-Ativado automaticamente em todo projeto MORPH-SPEC (Core Agent).
-
-Keywords: `azure`, `infrastructure`, `bicep`, `deploy`, `container apps`, `sql`, `storage`, `provision`
-
-## Princípio: Zero Portal
-
-> **NUNCA** criar recursos Azure manualmente no portal. Tudo via Bicep.
-
-## Estrutura IaC
-
-```
-infra/
-├── main.bicep                # Entry point
-├── parameters.dev.json       # Ambiente dev
-├── parameters.prod.json      # Ambiente prod
-└── modules/
-    ├── container-app.bicep   # Container Apps
-    ├── sql-database.bicep    # Azure SQL
-    ├── storage.bicep         # Storage Account
-    ├── key-vault.bicep       # Key Vault
-    ├── app-insights.bicep    # Monitoring
-    └── service-bus.bicep     # Mensageria
-```
-
-## Template Bicep Base
-
-```bicep
-// infra/main.bicep
-targetScope = 'resourceGroup'
-
-@description('Environment name')
-param environment string = 'dev'
-
-@description('Location for resources')
-param location string = resourceGroup().location
-
-@description('Application name')
-param appName string
-
-// Variables
-var resourcePrefix = '${appName}-${environment}'
-
-// Container App Environment
-module containerAppEnv 'modules/container-app-env.bicep' = {
-  name: 'containerAppEnv'
-  params: {
-    name: '${resourcePrefix}-env'
-    location: location
-  }
-}
-
-// Container App
-module containerApp 'modules/container-app.bicep' = {
-  name: 'containerApp'
-  params: {
-    name: resourcePrefix
-    location: location
-    environmentId: containerAppEnv.outputs.id
-  }
-}
-```
-
-## Recursos Recomendados por Tier
-
-### Free Tier (Sem aprovação)
-
-| Recurso | Config | Custo |
-|---------|--------|-------|
-| Azure SQL | Free 32GB | $0 |
-| Container Apps | Scale to zero | ~$0 |
-| Storage | LRS 5GB | ~$0 |
-| App Insights | Free tier | $0 |
-
-### Basic Tier (Até $10/mês)
-
-| Recurso | Config | Custo |
-|---------|--------|-------|
-| Azure SQL | Basic DTU | ~$5 |
-| Service Bus | Basic | ~$0.05 |
-| Key Vault | Standard | ~$0.03 |
-
-## Comandos de Deploy
-
-```powershell
-# Criar resource group
-az group create --name rg-{app}-{env} --location brazilsouth
-
-# Deploy com Bicep
-az deployment group create \
-  --resource-group rg-{app}-{env} \
-  --template-file infra/main.bicep \
-  --parameters @infra/parameters.{env}.json
-
-# Validar antes de deploy
-az deployment group what-if \
-  --resource-group rg-{app}-{env} \
-  --template-file infra/main.bicep \
-  --parameters @infra/parameters.{env}.json
-```
-
-## Quando usar SDK .NET vs Bicep
-
-| Recurso | Abordagem | Motivo |
-|---------|-----------|--------|
-| SQL, Storage, Container Apps | Bicep | Infra estática, declarativa |
-| Azure AI, Fabric | SDK .NET | Recursos dinâmicos, runtime |
-| Secrets | Key Vault + Bicep | Segurança |
-
-## Documentação de Referência
-
-- [Azure Bicep](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/)
-- [Container Apps](https://learn.microsoft.com/en-us/azure/container-apps/)
-- [Azure SQL](https://learn.microsoft.com/en-us/azure/azure-sql/)
-- [Azure SDK for .NET](https://learn.microsoft.com/en-us/dotnet/azure/)
-- [Pricing Calculator](https://azure.microsoft.com/en-us/pricing/calculator/)
-
-## Checklist de Infraestrutura
-
-- [ ] Bicep válido (`az bicep build`)
-- [ ] Parâmetros para dev e prod
-- [ ] Custos estimados e documentados
-- [ ] Secrets no Key Vault (não hardcoded)
-- [ ] Logs configurados (App Insights)
-- [ ] Scale-to-zero onde possível
-- [ ] Naming convention consistente
-
----
-
-*MORPH-SPEC by Polymorphism Tech*
+# Azure Architect
+
+Especialista em infraestrutura Azure com foco em Infrastructure as Code (Bicep).
+
+## Responsabilidades
+
+1. **Desenhar infraestrutura Azure** para projetos
+2. **Criar templates Bicep** para provisionar recursos
+3. **Estimar custos** antes de aprovar recursos
+4. **Garantir zero portal** - tudo via código
+
+## Triggers
+
+Ativado automaticamente em todo projeto MORPH-SPEC (Core Agent).
+
+Keywords: `azure`, `infrastructure`, `bicep`, `deploy`, `container apps`, `sql`, `storage`, `provision`
+
+## Princípio: Zero Portal
+
+> **NUNCA** criar recursos Azure manualmente no portal. Tudo via Bicep.
+
+## Estrutura IaC
+
+```
+infra/
+├── main.bicep                # Entry point
+├── parameters.dev.json       # Ambiente dev
+├── parameters.prod.json      # Ambiente prod
+└── modules/
+    ├── container-app.bicep   # Container Apps
+    ├── sql-database.bicep    # Azure SQL
+    ├── storage.bicep         # Storage Account
+    ├── key-vault.bicep       # Key Vault
+    ├── app-insights.bicep    # Monitoring
+    └── service-bus.bicep     # Mensageria
+```
+
+## Template Bicep Base
+
+```bicep
+// infra/main.bicep
+targetScope = 'resourceGroup'
+
+@description('Environment name')
+param environment string = 'dev'
+
+@description('Location for resources')
+param location string = resourceGroup().location
+
+@description('Application name')
+param appName string
+
+// Variables
+var resourcePrefix = '${appName}-${environment}'
+
+// Container App Environment
+module containerAppEnv 'modules/container-app-env.bicep' = {
+  name: 'containerAppEnv'
+  params: {
+    name: '${resourcePrefix}-env'
+    location: location
+  }
+}
+
+// Container App
+module containerApp 'modules/container-app.bicep' = {
+  name: 'containerApp'
+  params: {
+    name: resourcePrefix
+    location: location
+    environmentId: containerAppEnv.outputs.id
+  }
+}
+```
+
+## Recursos Recomendados por Tier
+
+### Free Tier (Sem aprovação)
+
+| Recurso | Config | Custo |
+|---------|--------|-------|
+| Azure SQL | Free 32GB | $0 |
+| Container Apps | Scale to zero | ~$0 |
+| Storage | LRS 5GB | ~$0 |
+| App Insights | Free tier | $0 |
+
+### Basic Tier (Até $10/mês)
+
+| Recurso | Config | Custo |
+|---------|--------|-------|
+| Azure SQL | Basic DTU | ~$5 |
+| Service Bus | Basic | ~$0.05 |
+| Key Vault | Standard | ~$0.03 |
+
+## Comandos de Deploy
+
+```powershell
+# Criar resource group
+az group create --name rg-{app}-{env} --location brazilsouth
+
+# Deploy com Bicep
+az deployment group create \
+  --resource-group rg-{app}-{env} \
+  --template-file infra/main.bicep \
+  --parameters @infra/parameters.{env}.json
+
+# Validar antes de deploy
+az deployment group what-if \
+  --resource-group rg-{app}-{env} \
+  --template-file infra/main.bicep \
+  --parameters @infra/parameters.{env}.json
+```
+
+## Quando usar SDK .NET vs Bicep
+
+| Recurso | Abordagem | Motivo |
+|---------|-----------|--------|
+| SQL, Storage, Container Apps | Bicep | Infra estática, declarativa |
+| Azure AI, Fabric | SDK .NET | Recursos dinâmicos, runtime |
+| Secrets | Key Vault + Bicep | Segurança |
+
+## Documentação de Referência
+
+- [Azure Bicep](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/)
+- [Container Apps](https://learn.microsoft.com/en-us/azure/container-apps/)
+- [Azure SQL](https://learn.microsoft.com/en-us/azure/azure-sql/)
+- [Azure SDK for .NET](https://learn.microsoft.com/en-us/dotnet/azure/)
+- [Pricing Calculator](https://azure.microsoft.com/en-us/pricing/calculator/)
+
+## Checklist de Infraestrutura
+
+- [ ] Bicep válido (`az bicep build`)
+- [ ] Parâmetros para dev e prod
+- [ ] Custos estimados e documentados
+- [ ] Secrets no Key Vault (não hardcoded)
+- [ ] Logs configurados (App Insights)
+- [ ] Scale-to-zero onde possível
+- [ ] Naming convention consistente
+
+---
+
+*MORPH-SPEC by Polymorphism Tech*

package/content/.claude/skills/level-2-domains/infrastructure/bicep-architect.md

@@ -0,0 +1,126 @@
+# Bicep Architect
+
+> **Layer:** 2 | **Load:** on-keyword | **Keywords:** bicep, iac, infrastructure as code, provision, azure resource, deploy
+
+Especialista em Infrastructure as Code com Azure Bicep. **Zero Portal** — all infra via code.
+
+## Structure
+
+```
+infra/
+├── main.bicep              # Entry point
+├── main.bicepparam         # Parameters (alt to JSON)
+├── parameters.dev.json
+├── parameters.prod.json
+└── modules/
+    ├── container-app.bicep
+    ├── container-app-env.bicep
+    ├── sql-database.bicep
+    ├── storage.bicep
+    ├── key-vault.bicep
+    ├── app-insights.bicep
+    ├── service-bus.bicep
+    └── redis-cache.bicep
+```
+
+## Main Template Pattern
+
+```bicep
+targetScope = 'resourceGroup'
+
+@allowed(['dev', 'staging', 'prod'])
+param environment string = 'dev'
+param location string = resourceGroup().location
+@minLength(3) @maxLength(20) param appName string
+@secure() param sqlAdminPassword string
+
+var resourcePrefix = '${appName}-${environment}'
+var tags = { environment: environment, application: appName, managedBy: 'bicep' }
+
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: '${resourcePrefix}-logs'
+  location: location
+  tags: tags
+  properties: { sku: { name: 'PerGB2018' }, retentionInDays: 30 }
+}
+
+module appInsights 'modules/app-insights.bicep' = { name: 'appInsights', params: { ... } }
+module containerAppEnv 'modules/container-app-env.bicep' = { name: 'env', params: { ... } }
+module containerApp 'modules/container-app.bicep' = { name: 'app', params: { ... } }
+module sqlDatabase 'modules/sql-database.bicep' = { name: 'sql', params: { ... } }
+module keyVault 'modules/key-vault.bicep' = { name: 'kv', params: { ... } }
+
+output containerAppUrl string = containerApp.outputs.url
+output sqlConnectionString string = sqlDatabase.outputs.connectionString
+```
+
+## SQL Database Module (Free Tier)
+
+```bicep
+// modules/sql-database.bicep
+param serverName string
+param databaseName string
+param location string
+param tags object = {}
+param adminUsername string = 'sqladmin'
+@secure() param adminPassword string
+param useFree bool = true
+
+resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
+  name: serverName
+  location: location
+  tags: tags
+  properties: { administratorLogin: adminUsername, administratorLoginPassword: adminPassword,
+    version: '12.0', minimalTlsVersion: '1.2', publicNetworkAccess: 'Enabled' }
+}
+
+resource db 'Microsoft.Sql/servers/databases@2023-05-01-preview' = {
+  parent: sqlServer
+  name: databaseName
+  location: location
+  sku: useFree ? { name: 'Free', tier: 'Free' } : { name: 'Basic', tier: 'Basic' }
+}
+
+resource firewall 'Microsoft.Sql/servers/firewallRules@2023-05-01-preview' = {
+  parent: sqlServer
+  name: 'AllowAllAzureIps'
+  properties: { startIpAddress: '0.0.0.0', endIpAddress: '0.0.0.0' }
+}
+```
+
+> **Container App module:** See `container-specialist.md` for full Container App + ACR Bicep.
+
+## Commands
+
+```bash
+az bicep build --file infra/main.bicep                                    # Validate
+az deployment group what-if -g rg-app-dev -f infra/main.bicep -p @infra/parameters.dev.json  # Preview
+az deployment group create -g rg-app-dev -f infra/main.bicep -p @infra/parameters.dev.json   # Deploy
+```
+
+## Parameters File
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "environment": { "value": "dev" },
+    "appName": { "value": "myapp" },
+    "sqlAdminPassword": { "reference": { "keyVault": { "id": "/subscriptions/.../vaults/{kv}" }, "secretName": "sql-admin-password" } }
+  }
+}
+```
+
+## Checklist
+- [ ] Bicep valid (`az bicep build`)
+- [ ] Modules for reusable resources
+- [ ] Parameters for dev and prod
+- [ ] Secrets referenced from Key Vault
+- [ ] Tags on all resources
+- [ ] What-if executed before deploy
+- [ ] Outputs for important values
+
+---
+
+*MORPH-SPEC by Polymorphism Tech*

package/content/.claude/skills/level-2-domains/infrastructure/container-specialist.md

@@ -0,0 +1,131 @@
+# Container Specialist
+
+> **Layer:** 2 | **Load:** on-keyword | **Keywords:** docker, container, containerize, container apps, acr, registry, image
+
+Especialista em containerização com Docker e deploy para Azure Container Apps.
+
+## Dockerfile (.NET Multi-stage)
+
+```dockerfile
+FROM mcr.microsoft.com/dotnet/sdk:10.0-alpine AS build
+WORKDIR /src
+COPY ["src/Web/Web.csproj", "src/Web/"]
+COPY ["src/Application/Application.csproj", "src/Application/"]
+COPY ["src/Domain/Domain.csproj", "src/Domain/"]
+COPY ["src/Infrastructure/Infrastructure.csproj", "src/Infrastructure/"]
+RUN dotnet restore "src/Web/Web.csproj"
+COPY . .
+WORKDIR "/src/src/Web"
+RUN dotnet publish "Web.csproj" -c Release -o /app/publish /p:UseAppHost=false
+
+FROM mcr.microsoft.com/dotnet/aspnet:10.0-alpine AS final
+WORKDIR /app
+RUN addgroup -g 1000 appgroup && adduser -u 1000 -G appgroup -D appuser
+COPY --from=publish /app/publish .
+RUN chown -R appuser:appgroup /app
+USER appuser
+EXPOSE 8080
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --quiet --tries=1 --spider http://localhost:8080/health || exit 1
+ENTRYPOINT ["dotnet", "Web.dll"]
+```
+
+### Image Sizes
+| Base Image | Size |
+|------------|------|
+| `aspnet:10.0` | ~220MB |
+| `aspnet:10.0-alpine` | ~110MB |
+| `aspnet:10.0-chiseled` | ~80MB (most secure) |
+
+## ACR (Azure Container Registry)
+
+```bash
+az acr create -g rg-myapp -n myappacr --sku Basic
+az acr login -n myappacr
+az acr build --registry myappacr --image myapp:v1 .
+```
+
+## Container App (Bicep)
+
+```bicep
+param name string
+param location string
+param tags object = {}
+param environmentId string
+param containerImage string
+param registryServer string
+param registryUsername string
+@secure() param registryPassword string
+
+resource containerApp 'Microsoft.App/containerApps@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    managedEnvironmentId: environmentId
+    configuration: {
+      ingress: { external: true, targetPort: 8080, transport: 'http', allowInsecure: false }
+      registries: [{ server: registryServer, username: registryUsername, passwordSecretRef: 'reg-pwd' }]
+      secrets: [{ name: 'reg-pwd', value: registryPassword }]
+    }
+    template: {
+      containers: [{
+        name: name, image: containerImage
+        resources: { cpu: json('0.25'), memory: '0.5Gi' }
+        probes: [
+          { type: 'Liveness', httpGet: { path: '/health', port: 8080 }, initialDelaySeconds: 10 }
+          { type: 'Readiness', httpGet: { path: '/health/ready', port: 8080 }, initialDelaySeconds: 5 }
+        ]
+      }]
+      scale: { minReplicas: 0, maxReplicas: 5
+        rules: [{ name: 'http-scale', http: { metadata: { concurrentRequests: '100' } } }]
+      }
+    }
+  }
+}
+output url string = 'https://${containerApp.properties.configuration.ingress.fqdn}'
+```
+
+## Health Checks (ASP.NET)
+
+```csharp
+builder.Services.AddHealthChecks()
+    .AddSqlServer(connString, name: "database", tags: new[] { "ready" });
+
+app.MapHealthChecks("/health");
+app.MapHealthChecks("/health/ready", new() { Predicate = c => c.Tags.Contains("ready") });
+app.MapHealthChecks("/health/live", new() { Predicate = _ => false }); // Always healthy
+```
+
+## Docker Compose (Dev)
+
+```yaml
+services:
+  web:
+    build: { context: ., dockerfile: Dockerfile }
+    ports: ["8080:8080"]
+    environment:
+      - ConnectionStrings__Default=Server=db;Database=App;User=sa;Password=Pass!;TrustServerCertificate=true
+    depends_on: { db: { condition: service_healthy } }
+  db:
+    image: mcr.microsoft.com/mssql/server:2022-latest
+    environment: [ACCEPT_EULA=Y, SA_PASSWORD=YourStrong!Passw0rd]
+    ports: ["1433:1433"]
+    volumes: [sqldata:/var/opt/mssql]
+volumes:
+  sqldata:
+```
+
+## Checklist
+- [ ] Dockerfile multi-stage with alpine/chiseled
+- [ ] .dockerignore configured
+- [ ] Non-root user in container
+- [ ] Health checks (liveness + readiness)
+- [ ] Docker Compose for dev
+- [ ] ACR created and configured
+- [ ] Container App with scale-to-zero
+- [ ] Probes configured
+
+---
+
+*MORPH-SPEC by Polymorphism Tech*

package/content/.claude/skills/level-2-domains/infrastructure/devops-engineer.md

@@ -0,0 +1,119 @@
+# DevOps Engineer
+
+> **Layer:** 2 | **Load:** on-keyword | **Keywords:** pipeline, ci/cd, deploy, release, azure devops, github actions, build, automation
+
+Especialista em CI/CD, pipelines e automação de deploy.
+
+## Azure Pipelines
+
+```yaml
+trigger:
+  branches: { include: [main, develop] }
+  paths: { exclude: ['**/*.md'] }
+
+variables:
+  buildConfiguration: 'Release'
+  dotnetVersion: '10.0.x'
+
+stages:
+  - stage: Build
+    jobs:
+      - job: BuildJob
+        pool: { vmImage: 'ubuntu-latest' }
+        steps:
+          - task: UseDotNet@2
+            inputs: { version: '$(dotnetVersion)' }
+          - task: DotNetCoreCLI@2
+            displayName: 'Restore'
+            inputs: { command: 'restore', projects: '**/*.csproj' }
+          - task: DotNetCoreCLI@2
+            displayName: 'Build'
+            inputs: { command: 'build', arguments: '-c $(buildConfiguration) --no-restore' }
+          - task: DotNetCoreCLI@2
+            displayName: 'Test'
+            inputs: { command: 'test', projects: '**/tests/**/*.csproj', arguments: '--collect:"XPlat Code Coverage"' }
+          - task: DotNetCoreCLI@2
+            displayName: 'Publish'
+            inputs: { command: 'publish', publishWebProjects: true, arguments: '-c $(buildConfiguration) -o $(Build.ArtifactStagingDirectory)' }
+          - task: PublishBuildArtifacts@1
+            inputs: { pathToPublish: '$(Build.ArtifactStagingDirectory)', artifactName: 'drop' }
+
+  - stage: DeployDev
+    dependsOn: Build
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))
+    jobs:
+      - deployment: Deploy
+        environment: 'development'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - task: AzureCLI@2
+                  inputs:
+                    scriptType: 'bash'
+                    inlineScript: 'az containerapp update --name app-dev -g rg-dev --image $(image)'
+```
+
+## GitHub Actions
+
+```yaml
+name: CI/CD
+on:
+  push: { branches: [main, develop] }
+  pull_request: { branches: [main] }
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-dotnet@v4
+        with: { dotnet-version: '10.0.x' }
+      - run: dotnet restore && dotnet build -c Release --no-restore && dotnet test -c Release --no-build
+      - run: dotnet publish src/Web/Web.csproj -c Release -o ./publish
+
+  docker:
+    needs: build
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+    permissions: { contents: read, packages: write }
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        with: { registry: ghcr.io, username: '${{ github.actor }}', password: '${{ secrets.GITHUB_TOKEN }}' }
+      - uses: docker/build-push-action@v5
+        with: { push: true, tags: 'ghcr.io/${{ github.repository }}:${{ github.sha }}' }
+
+  deploy:
+    needs: docker
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - uses: azure/login@v2
+        with: { creds: '${{ secrets.AZURE_CREDENTIALS }}' }
+      - uses: azure/container-apps-deploy-action@v1
+        with: { resourceGroup: rg-prod, containerAppName: app-prod, imageToDeploy: 'ghcr.io/${{ github.repository }}:${{ github.sha }}' }
+```
+
+> **Dockerfile:** See `container-specialist.md` for optimized multi-stage Dockerfile.
+
+## Secrets Management
+
+| Platform | Method |
+|----------|--------|
+| Azure DevOps | Variable Groups + Key Vault references |
+| GitHub Actions | Repository/Environment Secrets |
+
+## Checklist
+- [ ] Trigger configured (branches, paths)
+- [ ] Build: restore, build, test, publish
+- [ ] Code coverage published
+- [ ] Deploy to dev automatic (develop branch)
+- [ ] Deploy to prod with approval (main branch)
+- [ ] Secrets in Key Vault or variable groups
+- [ ] Health check after deploy
+
+---
+
+*MORPH-SPEC by Polymorphism Tech*