@polymorphism-tech/morph-spec 2.4.0 → 3.0.0

package/content/.claude/skills/infra/azure-deploy-specialist.md

@@ -0,0 +1,699 @@
+# Azure Deploy Specialist
+
+Especialista em deploy end-to-end para Azure Container Apps com abordagem de playbook rigoroso. Elimina erros comuns de deploy atraves de validacao sistematica e conhecimento acumulado.
+
+## Responsabilidades
+
+1. **Orquestrar deploys** em fases sequenciais (infra primeiro, app depois)
+2. **Detectar configuracoes** automaticamente de appsettings.json e Program.cs
+3. **Mapear env vars** para Container Apps secrets/environment variables
+4. **Validar prerequisites** antes de iniciar qualquer deploy
+5. **Pausar para info sensivel** (passwords, tenant IDs, connection strings)
+6. **Troubleshoot erros comuns** com knowledge base integrado
+7. **Executar rollback automatico** em caso de falha
+8. **Gerar pipelines Azure DevOps** para CI/CD
+
+## Triggers
+
+Keywords: `deploy`, `deployment`, `publish`, `release`, `prod`, `staging`, `container app deploy`, `azure deploy`, `go live`, `push to azure`, `roll out`, `ship`, `launch`
+
+---
+
+## REGRAS CRITICAS (NUNCA QUEBRE)
+
+### NUNCA:
+- [ ] Deploy app antes da infraestrutura existir
+- [ ] Auto-preencher info sensivel (passwords, tenant IDs, client secrets)
+- [ ] Pular sticky sessions para Blazor Server
+- [ ] Usar caracteres especiais em senhas (!, @, #, $) - causa escape
+- [ ] Assumir que ferramentas estao instaladas - SEMPRE verificar
+- [ ] Usar `az login` simples se usuario tem MFA
+- [ ] Setar env vars sem verificar nomes no codigo fonte
+- [ ] Usar `dotnet ef` sem verificar se esta no PATH
+- [ ] Pular validacao de custos (cost-guardian)
+- [ ] Deploy para prod sem validar em staging primeiro
+
+### SEMPRE:
+- [ ] Verificar pre-requisitos antes de QUALQUER operacao
+- [ ] Deploy em fases (Bicep primeiro, Container App depois)
+- [ ] Rodar what-if antes de deploy real
+- [ ] Pausar para info sensivel (nunca auto-fill)
+- [ ] Validar custos antes de provisionar recursos pagos
+- [ ] Verificar sticky sessions para Blazor Server
+- [ ] Usar senhas alfanumericas simples (ex: `FishArt2025SecurePwd`)
+- [ ] Fazer restart apos mudar secrets/env vars
+- [ ] Testar conexoes antes de assumir que funcionam
+- [ ] Documentar deployment em decisions.md
+
+---
+
+## PLAYBOOK DE DEPLOY
+
+### FASE 0: PRE-REQUISITOS
+
+**Verificacoes automaticas (Claude executa silenciosamente):**
+
+```powershell
+# 1. Verificar Azure CLI
+az --version
+# Se nao tiver: https://aka.ms/installazurecliwindows (MSI direto)
+# NUNCA usar winget - pode nao estar disponivel
+
+# 2. Verificar Docker
+docker --version
+docker info  # Verifica se daemon esta rodando
+
+# 3. Verificar .NET SDK
+dotnet --version
+
+# 4. Verificar dotnet-ef
+dotnet tool list --global | findstr "dotnet-ef"
+# Se nao tiver: dotnet tool install --global dotnet-ef
+# IMPORTANTE: Pode precisar usar path completo: ~/.dotnet/tools/dotnet-ef
+```
+
+**Checklist de pre-requisitos:**
+
+| Check | Comando | Acao se Falhar |
+|-------|---------|----------------|
+| Azure CLI | `az --version` | Link para MSI: https://aka.ms/installazurecliwindows |
+| Azure Login | `az account show` | `az login --tenant <TENANT-ID>` |
+| Docker | `docker info` | Iniciar Docker Desktop |
+| .NET SDK | `dotnet --version` | https://dot.net/download |
+| dotnet-ef | `dotnet tool list -g` | `dotnet tool install -g dotnet-ef` |
+| Projeto compila | `dotnet build` | Corrigir erros antes de continuar |
+
+**PAUSA OBRIGATORIA:**
+```
+Subscription detectada: {subscription_name} ({subscription_id})
+Esta correto? (sim/nao)
+```
+
+---
+
+### FASE 1: DETECCAO DE CONFIGURACAO
+
+**1.1 Localizar arquivos de configuracao:**
+
+```powershell
+# Encontrar appsettings
+Get-ChildItem -Recurse -Filter "appsettings*.json" | Select-Object FullName
+
+# Encontrar Program.cs
+Get-ChildItem -Recurse -Filter "Program.cs" | Select-Object FullName
+```
+
+**1.2 Parsear appsettings.json:**
+
+Padroes a detectar:
+```json
+{
+  "ConnectionStrings": {
+    "DefaultConnection": "...",      // → CONNECTIONSTRINGS__DEFAULTCONNECTION
+    "HangfireConnection": "..."      // → HANGFIRE__CONNECTIONSTRING
+  },
+  "Azure": {
+    "KeyVault": "...",               // → AZURE__KEYVAULT
+    "Storage": {
+      "AccountName": "...",          // → AZURE__STORAGE__ACCOUNTNAME
+      "ConnectionString": "..."      // → AZURE__STORAGE__CONNECTIONSTRING
+    }
+  },
+  "ApplicationInsights": {
+    "ConnectionString": "..."        // → APPLICATIONINSIGHTS__CONNECTIONSTRING
+  },
+  "Clerk": {
+    "SecretKey": "...",              // → CLERK__SECRETKEY
+    "PublishableKey": "..."          // → CLERK__PUBLISHABLEKEY
+  },
+  "AzureAd": {
+    "TenantId": "...",               // → AZUREAD__TENANTID
+    "ClientId": "...",               // → AZUREAD__CLIENTID
+    "ClientSecret": "..."            // → AZUREAD__CLIENTSECRET
+  }
+}
+```
+
+**1.3 Detectar Blazor Server em Program.cs:**
+
+```csharp
+// Padroes que indicam Blazor Server (REQUER sticky sessions):
+.AddInteractiveServerComponents()
+.AddServerSideBlazor()
+builder.Services.AddRazorComponents().AddInteractiveServerComponents()
+app.MapBlazorHub()
+```
+
+**1.4 Gerar mapeamento de env vars:**
+
+```markdown
+## Configuracao Detectada
+
+### Connection Strings
+| Config Path | Env Var | Tipo | Valor |
+|-------------|---------|------|-------|
+| ConnectionStrings:DefaultConnection | CONNECTIONSTRINGS__DEFAULTCONNECTION | Secret | (preencher) |
+
+### Azure Services
+| Config Path | Env Var | Tipo | Valor |
+|-------------|---------|------|-------|
+| Azure:Storage:ConnectionString | AZURE__STORAGE__CONNECTIONSTRING | Secret | (preencher) |
+
+### Blazor Server Detectado
+**SIM** - Sticky sessions OBRIGATORIAS
+
+### Autenticacao Detectada
+Azure AD - Requer TenantId, ClientId, ClientSecret
+```
+
+---
+
+### FASE 2: COLETA DE INFORMACOES SENSIVEIS
+
+**PAUSA OBRIGATORIA - Nunca auto-preencher:**
+
+```markdown
+---
+## INFORMACOES SENSIVEIS NECESSARIAS
+
+Por favor, forneca os valores abaixo. Serao armazenados de forma segura.
+
+### 1. SQL Admin Password (obrigatorio)
+**Recomendacao:** Alfanumerico, 16+ chars, SEM caracteres especiais (@!#$)
+**Exemplo valido:** `FishArt2025SecurePwd`
+**Exemplo invalido:** `F1sh@rt2025!Dev#Secure` (causa problemas de escape)
+>
+
+### 2. Azure Tenant ID (se auth detectado)
+**Onde encontrar:** Azure Portal > Azure AD > Properties > Tenant ID
+>
+
+### 3. Azure Client Secret (se auth detectado)
+**Onde encontrar:** Azure Portal > App Registrations > {App} > Certificates & secrets
+>
+
+### 4. Storage Account Key (se storage detectado)
+**Onde encontrar:** Azure Portal > Storage Account > Access keys
+>
+
+---
+```
+
+**Validacao de senha:**
+- Minimo 16 caracteres
+- Apenas letras e numeros
+- Se conter @, !, #, $, %, ^, &, * → ALERTAR sobre problemas de escape
+
+---
+
+### FASE 3: VALIDACAO DE CUSTOS
+
+**Integrar com cost-guardian:**
+
+```bash
+# Validar custos antes de deploy
+npx morph-spec cost infra/main.bicep --verbose
+
+# Se custo > limite configurado:
+# 1. PARAR deployment
+# 2. Mostrar breakdown de custos
+# 3. Requerer ADR em decisions.md
+# 4. Requerer aprovacao explicita
+```
+
+**Limites padrao:**
+| Limite | Valor | Acao |
+|--------|-------|------|
+| Free Tier | $0 | Automatico |
+| Com Aprovacao | $10/mes | Requer confirmacao |
+| Requer ADR | $10+/mes | Requer documentacao |
+
+---
+
+### FASE 4: DEPLOY DE INFRAESTRUTURA
+
+**4.1 Verificar se Bicep existe:**
+
+```powershell
+# Verificar estrutura
+Test-Path "infra/main.bicep"
+Test-Path "infra/parameters.dev.json"
+```
+
+Se NAO existir:
+```markdown
+## Templates Bicep nao encontrados
+
+O projeto nao possui arquivos de infraestrutura em `infra/`.
+
+Opcoes:
+1. **Criar agora** - Gerar templates baseado no projeto detectado
+2. **Usar /morph-infra** - Rodar comando de setup de infra primeiro
+3. **Cancelar** - Abortar deploy
+
+Qual opcao voce prefere?
+```
+
+**4.2 Criar Resource Group:**
+
+```powershell
+# Padrao de nomenclatura: rg-{projeto}-{ambiente}
+az group create --name rg-$PROJECT-$ENV --location brazilsouth
+```
+
+**4.3 What-If (OBRIGATORIO):**
+
+```powershell
+az deployment group what-if `
+  --resource-group rg-$PROJECT-$ENV `
+  --template-file infra/main.bicep `
+  --parameters @infra/parameters.$ENV.json
+```
+
+**PAUSA OBRIGATORIA:**
+```markdown
+## Recursos a serem criados/modificados
+
+[Output do what-if aqui]
+
+Deseja prosseguir com o deploy? (sim/nao)
+```
+
+**4.4 Deploy Bicep:**
+
+```powershell
+az deployment group create `
+  --resource-group rg-$PROJECT-$ENV `
+  --template-file infra/main.bicep `
+  --parameters @infra/parameters.$ENV.json `
+  --name "deploy-$(Get-Date -Format 'yyyyMMdd-HHmmss')"
+```
+
+**4.5 Capturar outputs:**
+
+```powershell
+# Salvar outputs para proximas fases
+$outputs = az deployment group show `
+  --resource-group rg-$PROJECT-$ENV `
+  --name $DEPLOYMENT_NAME `
+  --query properties.outputs -o json | ConvertFrom-Json
+
+# Extrair valores
+$acrName = $outputs.acrName.value
+$appUrl = $outputs.containerAppUrl.value
+$sqlServer = $outputs.sqlServerFqdn.value
+```
+
+---
+
+### FASE 5: DEPLOY DE APLICACAO
+
+**5.1 Build Docker:**
+
+```powershell
+# IMPORTANTE: Dockerfile deve usar .NET 10
+# Restaurar apenas projeto web, NAO solution (evita projetos de teste)
+
+docker build -t $ACR_NAME.azurecr.io/$PROJECT`:$TAG .
+```
+
+**Dockerfile recomendado para .NET 10:**
+```dockerfile
+# Build stage
+FROM mcr.microsoft.com/dotnet/sdk:10.0-preview AS build
+WORKDIR /src
+
+# Restaurar APENAS projeto web (nao solution!)
+COPY ["src/$PROJECT.Web.Blazor/$PROJECT.Web.Blazor.csproj", "src/$PROJECT.Web.Blazor/"]
+COPY ["src/$PROJECT.Application/$PROJECT.Application.csproj", "src/$PROJECT.Application/"]
+COPY ["src/$PROJECT.Domain/$PROJECT.Domain.csproj", "src/$PROJECT.Domain/"]
+COPY ["src/$PROJECT.Infrastructure/$PROJECT.Infrastructure.csproj", "src/$PROJECT.Infrastructure/"]
+RUN dotnet restore "src/$PROJECT.Web.Blazor/$PROJECT.Web.Blazor.csproj"
+
+COPY . .
+RUN dotnet publish "src/$PROJECT.Web.Blazor/$PROJECT.Web.Blazor.csproj" -c Release -o /app/publish
+
+# Runtime stage
+FROM mcr.microsoft.com/dotnet/aspnet:10.0-preview AS runtime
+WORKDIR /app
+COPY --from=build /app/publish .
+
+ENV ASPNETCORE_URLS=http://+:8080
+ENV ASPNETCORE_ENVIRONMENT=Production
+EXPOSE 8080
+
+ENTRYPOINT ["dotnet", "$PROJECT.Web.Blazor.dll"]
+```
+
+**5.2 Push para ACR:**
+
+```powershell
+# Habilitar admin (necessario para Container App)
+az acr update --name $ACR_NAME --admin-enabled true
+
+# Login no ACR
+az acr login --name $ACR_NAME
+
+# Push
+docker push $ACR_NAME.azurecr.io/$PROJECT`:$TAG
+```
+
+**5.3 Criar/Atualizar Container App:**
+
+```powershell
+# Obter senha do ACR
+$acrPassword = az acr credential show --name $ACR_NAME --query "passwords[0].value" -o tsv
+
+# Criar Container App (se nao existe)
+az containerapp create `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --environment $PROJECT-$ENV-app-env `
+  --image $ACR_NAME.azurecr.io/$PROJECT`:$TAG `
+  --registry-server $ACR_NAME.azurecr.io `
+  --registry-username $ACR_NAME `
+  --registry-password $acrPassword `
+  --target-port 8080 `
+  --ingress external `
+  --min-replicas 1 `
+  --max-replicas 3 `
+  --cpu 0.25 `
+  --memory 0.5Gi
+
+# OU atualizar imagem (se ja existe)
+az containerapp update `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --image $ACR_NAME.azurecr.io/$PROJECT`:$TAG
+```
+
+**5.4 Configurar Environment Variables:**
+
+```powershell
+# CRITICO: Usar nomes EXATOS do codigo!
+az containerapp update `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --set-env-vars `
+    "ConnectionStrings__DefaultConnection=$SQL_CONNECTION_STRING" `
+    "Azure__Storage__ConnectionString=$STORAGE_CONNECTION_STRING" `
+    "ApplicationInsights__ConnectionString=$APPINSIGHTS_CONNECTION_STRING" `
+    "ASPNETCORE_ENVIRONMENT=Production"
+```
+
+**5.5 Sticky Sessions (OBRIGATORIO para Blazor Server):**
+
+```powershell
+# Se Blazor Server detectado, SEMPRE executar:
+az containerapp ingress sticky-sessions set `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --affinity sticky
+```
+
+**5.6 SQL Firewall:**
+
+```powershell
+# Permitir Azure Services
+az sql server firewall-rule create `
+  --resource-group rg-$PROJECT-$ENV `
+  --server $SQL_SERVER_NAME `
+  --name AllowAzureServices `
+  --start-ip-address 0.0.0.0 `
+  --end-ip-address 0.0.0.0
+```
+
+**5.7 Migrations:**
+
+```powershell
+# IMPORTANTE: Usar path completo se dotnet-ef nao estiver no PATH
+~/.dotnet/tools/dotnet-ef database update `
+  --project src/$PROJECT.Infrastructure `
+  --startup-project src/$PROJECT.Web.Blazor `
+  --connection "$SQL_CONNECTION_STRING"
+```
+
+---
+
+### FASE 6: VERIFICACAO E ROLLBACK
+
+**6.1 Health Check:**
+
+```powershell
+# Verificar status da revisao
+$health = az containerapp revision list `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --query "[0].properties.healthState" -o tsv
+
+if ($health -ne "Healthy") {
+    Write-Error "Container App not healthy! Initiating rollback..."
+    # Trigger rollback
+}
+```
+
+**6.2 Smoke Tests:**
+
+```powershell
+# Obter URL
+$appUrl = az containerapp show `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --query properties.configuration.ingress.fqdn -o tsv
+
+# Testar HTTPS
+$response = Invoke-WebRequest -Uri "https://$appUrl" -UseBasicParsing
+if ($response.StatusCode -ne 200) {
+    Write-Error "App not responding! Status: $($response.StatusCode)"
+}
+```
+
+**6.3 Rollback Automatico:**
+
+```powershell
+# Listar revisoes
+$revisions = az containerapp revision list `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --query "[].name" -o tsv
+
+# Ativar revisao anterior
+$previousRevision = $revisions[1]  # Segunda revisao (anterior)
+az containerapp revision activate `
+  --name $PROJECT-$ENV-app `
+  --resource-group rg-$PROJECT-$ENV `
+  --revision $previousRevision
+
+Write-Output "Rollback executado para revisao: $previousRevision"
+```
+
+**6.4 Checklist de Verificacao:**
+
+```markdown
+## Verificacao Final
+
+- [ ] Container App rodando (Healthy)
+- [ ] Health check passando (HTTP 200)
+- [ ] HTTPS acessivel: https://{app-url}
+- [ ] Database conectado (testar query simples)
+- [ ] Blazor circuit estabelecido (se aplicavel)
+- [ ] Logs sem erros criticos
+
+Todos os checks passaram? (sim/nao)
+```
+
+---
+
+## TROUBLESHOOTING KNOWLEDGE BASE
+
+### Erros Comuns de Deploy
+
+| Erro | Causa | Solucao |
+|------|-------|---------|
+| `winget not recognized` | Windows sem winget | Baixar MSI: https://aka.ms/installazurecliwindows |
+| `MFA/tenant erro` | Login sem tenant | `az login --tenant <TENANT-ID>` |
+| `KeyVault not found` | Parameters.json referencia KV inexistente | Criar parameters.dev.initial.json com valores diretos |
+| `Container App timeout` | Deploy tudo junto, imagem nao existe | Deploy em 2 fases: infra primeiro, app depois |
+| `Login failed for user` | Senha com caracteres especiais | Usar senha alfanumerica simples |
+| `Escape de caracteres` | Senha tipo `F1sh@rt!` | Mudar para `FishArt2025SecurePwd` |
+| `dotnet-ef not found` | Tool nao esta no PATH | Usar `~/.dotnet/tools/dotnet-ef` |
+| `Projetos teste nao encontrados` | Dockerfile restaura .sln | Restaurar apenas projeto web |
+
+### Erros de Container Apps
+
+| Erro | Causa | Solucao |
+|------|-------|---------|
+| `ContainerCreating` stuck | Imagem nao existe no ACR | Verificar `docker push` completou |
+| `CrashLoopBackOff` | App crasha no startup | Checar logs: `az containerapp logs show` |
+| `ImagePullBackOff` | Credenciais ACR erradas | `az acr update --admin-enabled true` |
+| `401 Unauthorized` | ACR auth falhou | Verificar registry-server e credentials |
+| `504 Gateway Timeout` | App lento para iniciar | Aumentar `initialDelaySeconds` no probe |
+
+### Erros de Blazor Server
+
+| Erro | Causa | Solucao |
+|------|-------|---------|
+| `CircuitDisconnected` | Sticky sessions desabilitado | `az containerapp ingress sticky-sessions set --affinity sticky` |
+| `WebSocket failed` | SignalR sem sticky | Mesmo acima |
+| `CSS/JS not loading` | Static files middleware | `app.UseStaticFiles()` antes de `app.UseAntiforgery()` |
+| `Render mode error` | MainLayout com @rendermode | Remover @rendermode do MainLayout |
+| `Pre-rendering hydration` | State nao persistido | Usar `[PersistentState]` attribute |
+
+### Erros de SQL
+
+| Erro | Causa | Solucao |
+|------|-------|---------|
+| `Login failed` | Connection string com escape | Mudar senha SQL para algo simples |
+| `Firewall blocks` | Azure Services bloqueado | `az sql server firewall-rule create ... 0.0.0.0` |
+| `Connection timeout` | IP nao liberado | Adicionar IP do Container App |
+
+---
+
+## MODO --AUTO PARA CI/CD
+
+Para uso em pipelines Azure DevOps:
+
+```bash
+# Uso automatico (sem pausas interativas)
+npx morph-spec deploy prod --auto \
+  --sql-password "$(SQL_PASSWORD)" \
+  --tenant-id "$(TENANT_ID)" \
+  --client-secret "$(CLIENT_SECRET)" \
+  --storage-key "$(STORAGE_KEY)" \
+  --skip-confirmation
+
+# Flags disponiveis:
+# --auto              Modo automatico (sem pausas)
+# --skip-confirmation Pular what-if confirmation
+# --skip-build        Nao fazer docker build (usar imagem existente)
+# --infra-only        Apenas deploy de infra (Bicep)
+# --app-only          Apenas deploy de app (Container App)
+# --dry-run           Validar sem executar
+```
+
+---
+
+## INTEGRACAO AZURE DEVOPS
+
+### Pipeline Template
+
+```yaml
+# azure-pipelines.yml
+trigger:
+  branches:
+    include:
+      - main
+      - develop
+
+variables:
+  - group: 'deploy-secrets'  # Variable group com secrets
+
+stages:
+  - stage: Build
+    jobs:
+      - job: BuildAndPush
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - task: Docker@2
+            inputs:
+              containerRegistry: 'acr-connection'
+              repository: '$(projectName)'
+              command: 'buildAndPush'
+              Dockerfile: '**/Dockerfile'
+              tags: '$(Build.BuildId)'
+
+  - stage: DeployDev
+    dependsOn: Build
+    condition: eq(variables['Build.SourceBranch'], 'refs/heads/develop')
+    jobs:
+      - deployment: DeployToDev
+        environment: 'dev'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - script: |
+                    npx morph-spec deploy dev --auto \
+                      --sql-password "$(SqlPassword)" \
+                      --skip-confirmation
+                  displayName: 'Deploy to Dev'
+
+  - stage: DeployProd
+    dependsOn: Build
+    condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
+    jobs:
+      - deployment: DeployToProd
+        environment: 'prod'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - script: |
+                    npx morph-spec deploy prod --auto \
+                      --sql-password "$(SqlPasswordProd)" \
+                      --skip-confirmation
+                  displayName: 'Deploy to Prod'
+```
+
+---
+
+## COMANDOS UTEIS
+
+```powershell
+# Ver status do deployment
+az deployment group show --resource-group $RG --name $DEPLOYMENT --query properties.provisioningState
+
+# Listar recursos criados
+az resource list --resource-group $RG --output table
+
+# Ver env vars atuais
+az containerapp show --name $APP --resource-group $RG --query "properties.template.containers[0].env"
+
+# Ver logs em tempo real
+az containerapp logs show --name $APP --resource-group $RG --follow
+
+# Escalar manualmente
+az containerapp update --name $APP --resource-group $RG --min-replicas 2
+
+# Atualizar imagem
+az containerapp update --name $APP --resource-group $RG --image $ACR.azurecr.io/$PROJECT:v2
+
+# Restart (apos mudar secrets)
+$revision = az containerapp revision list --name $APP --resource-group $RG --query "[0].name" -o tsv
+az containerapp revision restart --name $APP --resource-group $RG --revision $revision
+```
+
+---
+
+## MAPEAMENTO CONFIG → ENV VAR
+
+| No Codigo (.NET) | Environment Variable |
+|------------------|---------------------|
+| `ConnectionStrings:DefaultConnection` | `ConnectionStrings__DefaultConnection` |
+| `ConnectionStrings:HangfireConnection` | `ConnectionStrings__HangfireConnection` |
+| `Azure:Storage:ConnectionString` | `Azure__Storage__ConnectionString` |
+| `Azure:Storage:ContainerName` | `Azure__Storage__ContainerName` |
+| `Azure:KeyVault` | `Azure__KeyVault` |
+| `ApplicationInsights:ConnectionString` | `ApplicationInsights__ConnectionString` |
+| `Clerk:SecretKey` | `Clerk__SecretKey` |
+| `Clerk:PublishableKey` | `Clerk__PublishableKey` |
+| `AzureAd:TenantId` | `AzureAd__TenantId` |
+| `AzureAd:ClientId` | `AzureAd__ClientId` |
+| `AzureAd:ClientSecret` | `AzureAd__ClientSecret` |
+
+**Regra:** Substitua `:` por `__` (double underscore)
+
+---
+
+## DOCUMENTACAO
+
+- [Container Apps Docs](https://learn.microsoft.com/azure/container-apps/)
+- [Bicep Reference](https://learn.microsoft.com/azure/azure-resource-manager/bicep/)
+- [Blazor Server Hosting](https://learn.microsoft.com/aspnet/core/blazor/host-and-deploy/)
+- [ACR Authentication](https://learn.microsoft.com/azure/container-registry/container-registry-authentication)
+- [Azure CLI Reference](https://learn.microsoft.com/cli/azure/)
+
+---
+
+*Azure Deploy Specialist v1.0 - MORPH-SPEC by Polymorphism Tech*

package/content/.claude/skills/level-0-meta/README.md

@@ -0,0 +1,7 @@
+# Level 0: Meta-Skills
+
+High-level orchestration skills and user-facing commands.
+
+**Purpose:** Skills that orchestrate multiple workflows or provide top-level guidance.
+
+**Examples:** morph-checklist, simulation-checklist, code-review