@polymorphism-tech/morph-spec 2.4.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/CLAUDE.md +158 -26
  2. package/LICENSE +72 -72
  3. package/bin/detect-agents.js +225 -225
  4. package/bin/morph-spec.js +8 -0
  5. package/bin/render-template.js +302 -302
  6. package/bin/semantic-detect-agents.js +246 -246
  7. package/bin/validate-agents-skills.js +251 -251
  8. package/bin/validate-agents.js +69 -69
  9. package/bin/validate-phase.js +263 -263
  10. package/content/.azure/README.md +293 -293
  11. package/content/.azure/docs/azure-devops-setup.md +454 -454
  12. package/content/.azure/docs/branch-strategy.md +398 -398
  13. package/content/.azure/docs/local-development.md +515 -515
  14. package/content/.azure/pipelines/pipeline-variables.yml +34 -34
  15. package/content/.azure/pipelines/prod-pipeline.yml +319 -319
  16. package/content/.azure/pipelines/staging-pipeline.yml +234 -234
  17. package/content/.azure/pipelines/templates/build-dotnet.yml +75 -75
  18. package/content/.azure/pipelines/templates/deploy-app-service.yml +94 -94
  19. package/content/.azure/pipelines/templates/deploy-container-app.yml +120 -120
  20. package/content/.azure/pipelines/templates/infra-deploy.yml +90 -90
  21. package/content/.claude/commands/morph-archive.md +79 -79
  22. package/content/.claude/commands/morph-deploy.md +529 -0
  23. package/content/.claude/commands/morph-infra.md +209 -209
  24. package/content/.claude/commands/morph-preflight.md +227 -227
  25. package/content/.claude/commands/morph-troubleshoot.md +122 -122
  26. package/content/.claude/settings.local.json +15 -15
  27. package/content/.claude/skills/infra/azure-deploy-specialist.md +699 -0
  28. package/content/.claude/skills/level-0-meta/README.md +7 -0
  29. package/content/.claude/skills/{checklists → level-0-meta}/morph-checklist.md +117 -117
  30. package/content/.claude/skills/level-1-workflows/README.md +7 -0
  31. package/content/.claude/skills/{workflows → level-1-workflows}/morph-replicate.md +213 -213
  32. package/content/.claude/skills/{workflows → level-1-workflows}/phase-clarify.md +131 -131
  33. package/content/.claude/skills/{workflows → level-1-workflows}/phase-design.md +213 -205
  34. package/content/.claude/skills/{workflows → level-1-workflows}/phase-setup.md +106 -92
  35. package/content/.claude/skills/{workflows → level-1-workflows}/phase-tasks.md +164 -164
  36. package/content/.claude/skills/{workflows → level-1-workflows}/phase-uiux.md +169 -138
  37. package/content/.claude/skills/level-2-domains/README.md +14 -0
  38. package/content/.claude/skills/{specialists → level-2-domains/quality}/testing-specialist.md +126 -126
  39. package/content/.claude/skills/level-3-technologies/README.md +7 -0
  40. package/content/.claude/skills/level-4-patterns/README.md +7 -0
  41. package/content/.claude/skills/specialists/prompt-engineer.md +189 -0
  42. package/content/.claude/skills/specialists/seo-growth-hacker.md +320 -0
  43. package/content/.morph/.morphversion +5 -5
  44. package/content/.morph/archive/.gitkeep +25 -25
  45. package/content/.morph/config/agents.json +742 -358
  46. package/content/.morph/config/config.template.json +33 -0
  47. package/content/.morph/docs/STORY-DRIVEN-DEVELOPMENT.md +392 -392
  48. package/content/.morph/docs/workflows/enforcement-pipeline.md +668 -0
  49. package/content/.morph/examples/api-nextjs/README.md +241 -241
  50. package/content/.morph/examples/api-nextjs/contracts.ts +307 -307
  51. package/content/.morph/examples/api-nextjs/spec.md +399 -399
  52. package/content/.morph/examples/api-nextjs/tasks.md +168 -168
  53. package/content/.morph/examples/micro-saas/README.md +125 -125
  54. package/content/.morph/examples/micro-saas/contracts.cs +358 -358
  55. package/content/.morph/examples/micro-saas/decisions.md +246 -246
  56. package/content/.morph/examples/micro-saas/spec.md +236 -236
  57. package/content/.morph/examples/micro-saas/tasks.md +150 -150
  58. package/content/.morph/examples/multi-agent/README.md +309 -309
  59. package/content/.morph/examples/multi-agent/contracts.cs +433 -433
  60. package/content/.morph/examples/multi-agent/spec.md +479 -479
  61. package/content/.morph/examples/multi-agent/tasks.md +185 -185
  62. package/content/.morph/examples/scheduled-reports/decisions.md +158 -158
  63. package/content/.morph/examples/scheduled-reports/proposal.md +95 -95
  64. package/content/.morph/examples/scheduled-reports/spec.md +267 -267
  65. package/content/.morph/examples/state-v3.json +188 -188
  66. package/content/.morph/features/.gitkeep +25 -25
  67. package/content/.morph/hooks/README.md +158 -0
  68. package/content/.morph/hooks/pre-commit-all.sh +48 -48
  69. package/content/.morph/hooks/pre-commit-specs.sh +49 -49
  70. package/content/.morph/hooks/pre-commit-tests.sh +60 -60
  71. package/content/.morph/hooks/task-completed.js +73 -0
  72. package/content/.morph/hooks/teammate-idle.js +68 -0
  73. package/content/.morph/project.md +160 -160
  74. package/content/.morph/schemas/agent.schema.json +296 -296
  75. package/content/.morph/schemas/tasks.schema.json +220 -220
  76. package/content/.morph/specs/.gitkeep +20 -20
  77. package/content/.morph/standards/agent-teams-workflow.md +474 -0
  78. package/content/.morph/standards/coding.md +377 -377
  79. package/content/.morph/standards/fluent-ui-setup.md +590 -590
  80. package/content/.morph/standards/migration-guide.md +514 -514
  81. package/content/.morph/standards/passkeys-auth.md +423 -423
  82. package/content/.morph/standards/vector-search-rag.md +536 -536
  83. package/content/.morph/state.json +17 -17
  84. package/content/.morph/templates/CONTEXT-FEATURE.md +276 -0
  85. package/content/.morph/templates/CONTEXT.md +170 -0
  86. package/content/.morph/templates/FluentDesignTheme.cs +149 -149
  87. package/content/.morph/templates/MudTheme.cs +281 -281
  88. package/content/.morph/templates/clarify-questions.md +159 -159
  89. package/content/.morph/templates/component.razor +239 -239
  90. package/content/.morph/templates/contracts/Commands.cs +74 -74
  91. package/content/.morph/templates/contracts/Entities.cs +25 -25
  92. package/content/.morph/templates/contracts/Queries.cs +74 -74
  93. package/content/.morph/templates/contracts/README.md +74 -74
  94. package/content/.morph/templates/contracts.cs +217 -217
  95. package/content/.morph/templates/design-system.css +226 -226
  96. package/content/.morph/templates/infra/.dockerignore.example +89 -89
  97. package/content/.morph/templates/infra/Dockerfile.example +82 -82
  98. package/content/.morph/templates/infra/README.md +286 -286
  99. package/content/.morph/templates/infra/app-insights.bicep +63 -63
  100. package/content/.morph/templates/infra/app-service.bicep +164 -164
  101. package/content/.morph/templates/infra/azure-pipelines-deploy.yml +480 -0
  102. package/content/.morph/templates/infra/container-app-env.bicep +49 -49
  103. package/content/.morph/templates/infra/container-app.bicep +156 -156
  104. package/content/.morph/templates/infra/deploy-checklist.md +426 -426
  105. package/content/.morph/templates/infra/deploy.ps1 +229 -229
  106. package/content/.morph/templates/infra/deploy.sh +208 -208
  107. package/content/.morph/templates/infra/key-vault.bicep +91 -91
  108. package/content/.morph/templates/infra/main.bicep +189 -189
  109. package/content/.morph/templates/infra/parameters.dev.json +29 -29
  110. package/content/.morph/templates/infra/parameters.prod.json +29 -29
  111. package/content/.morph/templates/infra/parameters.staging.json +29 -29
  112. package/content/.morph/templates/infra/sql-database.bicep +103 -103
  113. package/content/.morph/templates/infra/storage.bicep +106 -106
  114. package/content/.morph/templates/integrations/asaas-client.cs +387 -387
  115. package/content/.morph/templates/integrations/asaas-webhook.cs +351 -351
  116. package/content/.morph/templates/integrations/azure-identity-config.cs +288 -288
  117. package/content/.morph/templates/integrations/clerk-config.cs +258 -258
  118. package/content/.morph/templates/job.cs +171 -171
  119. package/content/.morph/templates/migration.cs +83 -83
  120. package/content/.morph/templates/repository.cs +141 -141
  121. package/content/.morph/templates/saas/subscription.cs +347 -347
  122. package/content/.morph/templates/saas/tenant.cs +338 -338
  123. package/content/.morph/templates/service.cs +139 -139
  124. package/content/.morph/templates/sprint-status.yaml +68 -68
  125. package/content/.morph/templates/story.md +143 -143
  126. package/content/.morph/templates/test.cs +239 -239
  127. package/content/.morph/templates/ui-design-system.md +286 -286
  128. package/content/.morph/templates/ui-flows.md +336 -336
  129. package/content/.morph/templates/ui-mockups.md +133 -133
  130. package/content/.morph/test-infra/example.bicep +59 -59
  131. package/content/README.md +79 -79
  132. package/detectors/config-detector.js +223 -223
  133. package/detectors/conversation-analyzer.js +163 -163
  134. package/detectors/index.js +84 -84
  135. package/detectors/standards-generator.js +275 -275
  136. package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-light-webfont.svg +977 -977
  137. package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-regular-webfont.svg +1048 -1048
  138. package/docs/api/scripts/collapse.js +38 -38
  139. package/docs/api/scripts/commonNav.js +28 -28
  140. package/docs/api/scripts/linenumber.js +25 -25
  141. package/docs/api/scripts/nav.js +12 -12
  142. package/docs/api/scripts/polyfill.js +3 -3
  143. package/docs/api/scripts/prettify/Apache-License-2.0.txt +202 -202
  144. package/docs/api/scripts/prettify/lang-css.js +2 -2
  145. package/docs/api/scripts/prettify/prettify.js +28 -28
  146. package/docs/api/scripts/search.js +98 -98
  147. package/docs/api/styles/jsdoc.css +776 -776
  148. package/docs/api/styles/prettify.css +80 -80
  149. package/docs/examples.md +328 -328
  150. package/docs/templates.md +418 -418
  151. package/package.json +1 -1
  152. package/scripts/postinstall.js +132 -132
  153. package/src/commands/advance-phase.js +83 -0
  154. package/src/commands/analyze-blazor-concurrency.js +193 -193
  155. package/src/commands/create-story.js +351 -351
  156. package/src/commands/deploy.js +780 -0
  157. package/src/commands/detect-agents.js +34 -6
  158. package/src/commands/detect.js +104 -104
  159. package/src/commands/generate-context.js +40 -0
  160. package/src/commands/generate.js +149 -149
  161. package/src/commands/lint-fluent.js +352 -352
  162. package/src/commands/rollback-phase.js +185 -185
  163. package/src/commands/session-summary.js +291 -291
  164. package/src/commands/shard-spec.js +224 -224
  165. package/src/commands/sprint-status.js +250 -250
  166. package/src/commands/state.js +333 -333
  167. package/src/commands/sync.js +167 -167
  168. package/src/commands/troubleshoot.js +222 -222
  169. package/src/commands/validate-blazor-state.js +210 -210
  170. package/src/commands/validate-blazor.js +156 -156
  171. package/src/commands/validate-css.js +84 -84
  172. package/src/commands/validate-phase.js +221 -221
  173. package/src/lib/blazor-concurrency-analyzer.js +288 -288
  174. package/src/lib/blazor-state-validator.js +291 -291
  175. package/src/lib/blazor-validator.js +374 -374
  176. package/src/lib/context-generator.js +513 -0
  177. package/src/lib/css-validator.js +352 -352
  178. package/src/lib/design-system-detector.js +187 -0
  179. package/src/lib/design-system-generator.js +298 -298
  180. package/src/lib/design-system-scaffolder.js +299 -0
  181. package/src/lib/hook-executor.js +256 -0
  182. package/src/lib/learning-system.js +520 -520
  183. package/src/lib/mockup-generator.js +366 -366
  184. package/src/lib/spec-validator.js +258 -0
  185. package/src/lib/standards-context-injector.js +287 -0
  186. package/src/lib/team-orchestrator.js +322 -0
  187. package/src/lib/troubleshoot-grep.js +194 -194
  188. package/src/lib/troubleshoot-index.js +144 -144
  189. package/src/lib/ui-detector.js +350 -350
  190. package/src/lib/validation-runner.js +65 -13
  191. package/src/lib/validators/architecture-validator.js +387 -387
  192. package/src/lib/validators/design-system-validator.js +231 -0
  193. package/src/lib/validators/package-validator.js +360 -360
  194. package/src/lib/validators/ui-contrast-validator.js +422 -422
  195. package/src/utils/file-copier.js +9 -1
  196. package/src/utils/logger.js +32 -32
  197. package/src/utils/version-checker.js +175 -175
  198. /package/content/.claude/skills/{checklists → level-0-meta}/code-review.md +0 -0
  199. /package/content/.claude/skills/{checklists → level-0-meta}/simulation-checklist.md +0 -0
  200. /package/content/.claude/skills/{specialists → level-2-domains/ai-agents}/ai-system-architect.md +0 -0
  201. /package/content/.claude/skills/{specialists → level-2-domains/architecture}/po-pm-advisor.md +0 -0
  202. /package/content/.claude/skills/{specialists → level-2-domains/architecture}/standards-architect.md +0 -0
  203. /package/content/.claude/skills/{specialists → level-2-domains/backend}/dotnet-senior.md +0 -0
  204. /package/content/.claude/skills/{specialists → level-2-domains/backend}/ef-modeler.md +0 -0
  205. /package/content/.claude/skills/{specialists → level-2-domains/backend}/hangfire-orchestrator.md +0 -0
  206. /package/content/.claude/skills/{specialists → level-2-domains/backend}/ms-agent-expert.md +0 -0
  207. /package/content/.claude/skills/{stacks/dotnet-blazor.md → level-2-domains/frontend/blazor-builder.md} +0 -0
  208. /package/content/.claude/skills/{stacks/dotnet-nextjs.md → level-2-domains/frontend/nextjs-expert.md} +0 -0
  209. /package/content/.claude/skills/{specialists → level-2-domains/frontend}/ui-ux-designer.md +0 -0
  210. /package/content/.claude/skills/{specialists → level-2-domains/infrastructure}/azure-architect.md +0 -0
  211. /package/content/.claude/skills/{infra → level-2-domains/infrastructure}/bicep-architect.md +0 -0
  212. /package/content/.claude/skills/{infra → level-2-domains/infrastructure}/container-specialist.md +0 -0
  213. /package/content/.claude/skills/{infra → level-2-domains/infrastructure}/devops-engineer.md +0 -0
  214. /package/content/.claude/skills/{integrations → level-2-domains/integrations}/asaas-financial.md +0 -0
  215. /package/content/.claude/skills/{integrations → level-2-domains/integrations}/azure-identity.md +0 -0
  216. /package/content/.claude/skills/{integrations → level-2-domains/integrations}/clerk-auth.md +0 -0
  217. /package/content/.claude/skills/{integrations → level-2-domains/integrations}/resend-email.md +0 -0
  218. /package/content/.claude/skills/{specialists → level-2-domains/quality}/code-analyzer.md +0 -0
package/content/.morph/standards/passkeys-auth.md CHANGED
@@ -1,423 +1,423 @@
1
- # Passkeys/WebAuthn - Autenticação Sem Senhas (.NET 10)
2
-
3
- > **Novidade .NET 10:** Suporte nativo a Passkeys/WebAuthn integrado no ASP.NET Core Identity.
4
-
5
- ---
6
-
7
- ## 🎯 O Que São Passkeys?
8
-
9
- **Passkeys** são credenciais criptográficas que substituem senhas tradicionais.
10
-
11
- ### Características
12
-
13
- | Aspecto | Descrição |
14
- |---------|-----------|
15
- | **Segurança** | Resistentes a phishing, não podem ser roubadas |
16
- | **Usabilidade** | Login com biometria ou PIN do dispositivo |
17
- | **Privacidade** | Chave privada nunca sai do dispositivo |
18
- | **Padrão** | WebAuthn (W3C) + FIDO2 |
19
-
20
- ### Como Funciona
21
-
22
- ```
23
- 1. Usuário solicita criação de passkey
24
- 2. Sistema gera par de chaves (pública/privada)
25
- 3. Chave pública → Servidor
26
- 4. Chave privada → Authenticator (Windows Hello, smartphone, security key)
27
- 5. Login: Servidor desafia → Authenticator assina → Servidor verifica
28
- ```
29
-
30
- **Authenticators suportados:**
31
- - Windows Hello
32
- - Face ID / Touch ID (Apple)
33
- - Biometria Android
34
- - Security keys (YubiKey, etc.)
35
-
36
- ---
37
-
38
- ## 🚀 Setup em Blazor Web App
39
-
40
- ### 1. Criar Projeto com Identity
41
-
42
- ```bash
43
- dotnet new blazor --auth Individual -o MyApp
44
- cd MyApp
45
- ```
46
-
47
- **Importante:** Escolher "Individual User Accounts" habilita passkeys automaticamente.
48
-
49
- ### 2. Estrutura Gerada
50
-
51
- ```
52
- MyApp/
53
- ├── Components/
54
- │ └── Account/
55
- │ ├── Pages/
56
- │ │ ├── Manage/
57
- │ │ │ └── Passkeys.razor ← Gerenciamento de passkeys
58
- │ │ ├── Login.razor ← Login com passkey
59
- │ │ └── Register.razor
60
- │ └── IdentityUserAccessor.cs
61
- ├── Data/
62
- │ ├── ApplicationDbContext.cs
63
- │ └── ApplicationUser.cs
64
- └── Program.cs
65
- ```
66
-
67
- ### 3. Configuração Automática no Program.cs
68
-
69
- ```csharp
70
- // Já vem configurado no template
71
- builder.Services.AddIdentityCore<ApplicationUser>(options =>
72
- {
73
- options.SignIn.RequireConfirmedAccount = true;
74
-
75
- // Passkeys habilitados por padrão
76
- options.Stores.MaxLengthForKeys = 128;
77
- })
78
- .AddEntityFrameworkStores<ApplicationDbContext>()
79
- .AddSignInManager()
80
- .AddDefaultTokenProviders();
81
-
82
- // WebAuthn/Passkeys configurado automaticamente
83
- builder.Services.AddAuthentication(options =>
84
- {
85
- options.DefaultScheme = IdentityConstants.ApplicationScheme;
86
- options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
87
- })
88
- .AddIdentityCookies();
89
- ```
90
-
91
- ---
92
-
93
- ## 📱 Fluxo de Uso
94
-
95
- ### Criar Passkey
96
-
97
- 1. Usuário loga com email/senha (primeira vez)
98
- 2. Acessa perfil → Aba "Passkeys"
99
- 3. Clica "Add Passkey"
100
- 4. Sistema solicita authenticator (Windows Hello, celular, etc.)
101
- 5. Usuário confirma identidade (biometria/PIN)
102
- 6. Passkey é criada e nomeada
103
- 7. Salva no banco de dados
104
-
105
- ### Login com Passkey
106
-
107
- 1. Usuário acessa página de login
108
- 2. Clica "Login with Passkey"
109
- 3. Sistema envia desafio
110
- 4. Authenticator assina desafio
111
- 5. Servidor verifica assinatura
112
- 6. Usuário autenticado
113
-
114
- ---
115
-
116
- ## 💻 Implementação Customizada
117
-
118
- ### Adicionar Passkeys a Projeto Existente
119
-
120
- Se você tem um projeto Blazor sem passkeys, use o **scaffolder**:
121
-
122
- ```bash
123
- dotnet tool install -g dotnet-aspnet-codegenerator
124
-
125
- dotnet aspnet-codegenerator identity \
126
- --useDefaultUI \
127
- --dbContext ApplicationDbContext \
128
- --files "Account.Manage.Passkeys;Account.Login"
129
- ```
130
-
131
- Isso adiciona:
132
- - `Components/Account/Pages/Manage/Passkeys.razor`
133
- - `Components/Account/Pages/Login.razor` (atualizado)
134
-
135
- ### Verificar Suporte a Passkeys
136
-
137
- ```csharp
138
- @inject IPasskeyService PasskeyService
139
-
140
- @code {
141
- private bool _supportsPasskeys;
142
-
143
- protected override async Task OnInitializedAsync()
144
- {
145
- _supportsPasskeys = await PasskeyService.IsSupportedAsync();
146
- }
147
- }
148
- ```
149
-
150
- ### Listar Passkeys do Usuário
151
-
152
- ```csharp
153
- @page "/manage/passkeys"
154
- @inject IPasskeyService PasskeyService
155
- @inject UserManager<ApplicationUser> UserManager
156
-
157
- <h3>Minhas Passkeys</h3>
158
-
159
- @if (_passkeys is null)
160
- {
161
- <p>Carregando...</p>
162
- }
163
- else if (!_passkeys.Any())
164
- {
165
- <p>Você não tem passkeys configuradas.</p>
166
- }
167
- else
168
- {
169
- <ul>
170
- @foreach (var passkey in _passkeys)
171
- {
172
- <li>
173
- @passkey.Name (@passkey.CreatedAt.ToString("dd/MM/yyyy"))
174
- <button @onclick="() => RemovePasskey(passkey.Id)">Remover</button>
175
- </li>
176
- }
177
- </ul>
178
- }
179
-
180
- <button @onclick="AddPasskey">Adicionar Passkey</button>
181
-
182
- @code {
183
- private List<Passkey>? _passkeys;
184
-
185
- protected override async Task OnInitializedAsync()
186
- {
187
- var user = await UserManager.GetUserAsync(User);
188
- _passkeys = await PasskeyService.GetUserPasskeysAsync(user!.Id);
189
- }
190
-
191
- private async Task AddPasskey()
192
- {
193
- var user = await UserManager.GetUserAsync(User);
194
- await PasskeyService.CreatePasskeyAsync(user!.Id);
195
- await OnInitializedAsync(); // Recarregar lista
196
- }
197
-
198
- private async Task RemovePasskey(string passkeyId)
199
- {
200
- await PasskeyService.RemovePasskeyAsync(passkeyId);
201
- await OnInitializedAsync(); // Recarregar lista
202
- }
203
- }
204
- ```
205
-
206
- ---
207
-
208
- ## 🗄️ Modelo de Dados
209
-
210
- ### Entidade Passkey
211
-
212
- ```csharp
213
- public class Passkey
214
- {
215
- public string Id { get; set; } = Guid.NewGuid().ToString();
216
- public string UserId { get; set; } = null!;
217
- public string Name { get; set; } = "Passkey";
218
- public byte[] CredentialId { get; set; } = Array.Empty<byte>();
219
- public byte[] PublicKey { get; set; } = Array.Empty<byte>();
220
- public int SignatureCounter { get; set; }
221
- public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
222
- public DateTime? LastUsedAt { get; set; }
223
-
224
- // Relacionamento
225
- public ApplicationUser User { get; set; } = null!;
226
- }
227
- ```
228
-
229
- ### DbContext
230
-
231
- ```csharp
232
- public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
233
- {
234
- public DbSet<Passkey> Passkeys { get; set; }
235
-
236
- protected override void OnModelCreating(ModelBuilder builder)
237
- {
238
- base.OnModelCreating(builder);
239
-
240
- builder.Entity<Passkey>(entity =>
241
- {
242
- entity.HasKey(p => p.Id);
243
- entity.HasIndex(p => p.UserId);
244
- entity.HasIndex(p => p.CredentialId).IsUnique();
245
-
246
- entity.HasOne(p => p.User)
247
- .WithMany()
248
- .HasForeignKey(p => p.UserId)
249
- .OnDelete(DeleteBehavior.Cascade);
250
- });
251
- }
252
- }
253
- ```
254
-
255
- ### Migration
256
-
257
- ```bash
258
- dotnet ef migrations add AddPasskeys
259
- dotnet ef database update
260
- ```
261
-
262
- ---
263
-
264
- ## 🔒 Segurança
265
-
266
- ### Configurações Recomendadas
267
-
268
- ```csharp
269
- builder.Services.AddAuthentication()
270
- .AddWebAuthn(options =>
271
- {
272
- // Nome do site (aparece no authenticator)
273
- options.RelyingPartyId = "myapp.com";
274
- options.RelyingPartyName = "My Application";
275
-
276
- // Origem permitida
277
- options.Origins = new[] { "https://myapp.com" };
278
-
279
- // Timeout de autenticação
280
- options.Timeout = TimeSpan.FromSeconds(60);
281
-
282
- // Tipo de authenticator
283
- options.AuthenticatorSelection = new()
284
- {
285
- RequireResidentKey = false,
286
- UserVerification = UserVerificationRequirement.Preferred
287
- };
288
- });
289
- ```
290
-
291
- ### User Verification
292
-
293
- | Modo | Descrição | Quando Usar |
294
- |------|-----------|-------------|
295
- | `Required` | Exige biometria/PIN sempre | Alto risco |
296
- | `Preferred` | Prefere biometria mas aceita alternativa | Padrão recomendado |
297
- | `Discouraged` | Não solicita verificação | Não use |
298
-
299
- ### Attestation
300
-
301
- ```csharp
302
- options.Attestation = AttestationConveyancePreference.None;
303
- ```
304
-
305
- **Valores:**
306
- - `None`: Não requer attestation (mais compatível)
307
- - `Indirect`: Valida authenticator via CA
308
- - `Direct`: Requer attestation direta (mais restritivo)
309
-
310
- **Recomendação:** Use `None` para máxima compatibilidade.
311
-
312
- ---
313
-
314
- ## 🧪 Testando Passkeys
315
-
316
- ### Ambiente de Desenvolvimento
317
-
318
- 1. **HTTPS obrigatório:** WebAuthn só funciona com HTTPS (ou localhost)
319
- 2. **Windows Hello:** Habilite no Windows
320
- 3. **Chrome DevTools:** Use Virtual Authenticator para testes
321
-
322
- ### Virtual Authenticator (Chrome)
323
-
324
- 1. F12 → More Tools → WebAuthn
325
- 2. Enable virtual authenticator environment
326
- 3. Add authenticator (escolha tipo: USB, NFC, Internal)
327
- 4. Teste criação e login
328
-
329
- ### Smartphone como Authenticator
330
-
331
- 1. Use HTTPS (não localhost)
332
- 2. Escaneie QR code gerado
333
- 3. Confirme com biometria do celular
334
-
335
- ---
336
-
337
- ## 🐛 Troubleshooting
338
-
339
- ### Erro: "WebAuthn not supported"
340
-
341
- **Causa:** Navegador antigo ou HTTP (não HTTPS)
342
-
343
- **Solução:**
344
- - Use HTTPS em produção
345
- - Localhost funciona com HTTP (somente dev)
346
- - Atualize navegador
347
-
348
- ### Erro: "User verification failed"
349
-
350
- **Causa:** Authenticator não configurado ou cancelado
351
-
352
- **Solução:**
353
- - Configure Windows Hello / Touch ID
354
- - Tente outro authenticator
355
- - Verifique `UserVerification = Preferred`
356
-
357
- ### Passkey não aparece em outro dispositivo
358
-
359
- **Causa:** Passkeys não sincronizam automaticamente (depende do authenticator)
360
-
361
- **Solução:**
362
- - Use authenticator com sync (ex: Google Password Manager)
363
- - Ou crie passkey separada por dispositivo
364
-
365
- ---
366
-
367
- ## 📊 Migração Gradual
368
-
369
- ### Permitir Email/Senha + Passkeys
370
-
371
- ```csharp
372
- // Login.razor
373
- <EditForm Model="Input" OnValidSubmit="LoginAsync">
374
- <InputText @bind-Value="Input.Email" />
375
- <InputText @bind-Value="Input.Password" type="password" />
376
- <button type="submit">Login with Password</button>
377
- </EditForm>
378
-
379
- <hr />
380
-
381
- <button @onclick="LoginWithPasskey">Login with Passkey</button>
382
-
383
- @code {
384
- private async Task LoginAsync()
385
- {
386
- // Login tradicional com senha
387
- }
388
-
389
- private async Task LoginWithPasskey()
390
- {
391
- // Login com WebAuthn
392
- }
393
- }
394
- ```
395
-
396
- **Estratégia:** Mantenha senha como fallback, incentive passkeys.
397
-
398
- ---
399
-
400
- ## ✅ Checklist de Implementação
401
-
402
- - [ ] Projeto criado com `--auth Individual` ou scaffolder usado
403
- - [ ] DbContext inclui tabela `Passkeys`
404
- - [ ] Migration executada
405
- - [ ] HTTPS habilitado (dev e prod)
406
- - [ ] Página de gerenciamento de passkeys funcional
407
- - [ ] Login com passkey funcional
408
- - [ ] Fallback para email/senha disponível
409
- - [ ] Testado com Windows Hello ou smartphone
410
- - [ ] `RelyingPartyId` configurado corretamente
411
-
412
- ---
413
-
414
- ## 📚 Referências
415
-
416
- - [WebAuthn Specification (W3C)](https://w3c.github.io/webauthn/)
417
- - [FIDO Alliance](https://fidoalliance.org/)
418
- - [ASP.NET Core Identity - Passkeys](https://learn.microsoft.com/aspnet/core/security/authentication/identity/passkeys)
419
- - [Chrome WebAuthn DevTools](https://developer.chrome.com/docs/devtools/webauthn/)
420
-
421
- ---
422
-
423
- *MORPH-SPEC by Polymorphism Tech*
1
+ # Passkeys/WebAuthn - Autenticação Sem Senhas (.NET 10)
2
+
3
+ > **Novidade .NET 10:** Suporte nativo a Passkeys/WebAuthn integrado no ASP.NET Core Identity.
4
+
5
+ ---
6
+
7
+ ## 🎯 O Que São Passkeys?
8
+
9
+ **Passkeys** são credenciais criptográficas que substituem senhas tradicionais.
10
+
11
+ ### Características
12
+
13
+ | Aspecto | Descrição |
14
+ |---------|-----------|
15
+ | **Segurança** | Resistentes a phishing, não podem ser roubadas |
16
+ | **Usabilidade** | Login com biometria ou PIN do dispositivo |
17
+ | **Privacidade** | Chave privada nunca sai do dispositivo |
18
+ | **Padrão** | WebAuthn (W3C) + FIDO2 |
19
+
20
+ ### Como Funciona
21
+
22
+ ```
23
+ 1. Usuário solicita criação de passkey
24
+ 2. Sistema gera par de chaves (pública/privada)
25
+ 3. Chave pública → Servidor
26
+ 4. Chave privada → Authenticator (Windows Hello, smartphone, security key)
27
+ 5. Login: Servidor desafia → Authenticator assina → Servidor verifica
28
+ ```
29
+
30
+ **Authenticators suportados:**
31
+ - Windows Hello
32
+ - Face ID / Touch ID (Apple)
33
+ - Biometria Android
34
+ - Security keys (YubiKey, etc.)
35
+
36
+ ---
37
+
38
+ ## 🚀 Setup em Blazor Web App
39
+
40
+ ### 1. Criar Projeto com Identity
41
+
42
+ ```bash
43
+ dotnet new blazor --auth Individual -o MyApp
44
+ cd MyApp
45
+ ```
46
+
47
+ **Importante:** Escolher "Individual User Accounts" habilita passkeys automaticamente.
48
+
49
+ ### 2. Estrutura Gerada
50
+
51
+ ```
52
+ MyApp/
53
+ ├── Components/
54
+ │ └── Account/
55
+ │ ├── Pages/
56
+ │ │ ├── Manage/
57
+ │ │ │ └── Passkeys.razor ← Gerenciamento de passkeys
58
+ │ │ ├── Login.razor ← Login com passkey
59
+ │ │ └── Register.razor
60
+ │ └── IdentityUserAccessor.cs
61
+ ├── Data/
62
+ │ ├── ApplicationDbContext.cs
63
+ │ └── ApplicationUser.cs
64
+ └── Program.cs
65
+ ```
66
+
67
+ ### 3. Configuração Automática no Program.cs
68
+
69
+ ```csharp
70
+ // Já vem configurado no template
71
+ builder.Services.AddIdentityCore<ApplicationUser>(options =>
72
+ {
73
+ options.SignIn.RequireConfirmedAccount = true;
74
+
75
+ // Passkeys habilitados por padrão
76
+ options.Stores.MaxLengthForKeys = 128;
77
+ })
78
+ .AddEntityFrameworkStores<ApplicationDbContext>()
79
+ .AddSignInManager()
80
+ .AddDefaultTokenProviders();
81
+
82
+ // WebAuthn/Passkeys configurado automaticamente
83
+ builder.Services.AddAuthentication(options =>
84
+ {
85
+ options.DefaultScheme = IdentityConstants.ApplicationScheme;
86
+ options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
87
+ })
88
+ .AddIdentityCookies();
89
+ ```
90
+
91
+ ---
92
+
93
+ ## 📱 Fluxo de Uso
94
+
95
+ ### Criar Passkey
96
+
97
+ 1. Usuário loga com email/senha (primeira vez)
98
+ 2. Acessa perfil → Aba "Passkeys"
99
+ 3. Clica "Add Passkey"
100
+ 4. Sistema solicita authenticator (Windows Hello, celular, etc.)
101
+ 5. Usuário confirma identidade (biometria/PIN)
102
+ 6. Passkey é criada e nomeada
103
+ 7. Salva no banco de dados
104
+
105
+ ### Login com Passkey
106
+
107
+ 1. Usuário acessa página de login
108
+ 2. Clica "Login with Passkey"
109
+ 3. Sistema envia desafio
110
+ 4. Authenticator assina desafio
111
+ 5. Servidor verifica assinatura
112
+ 6. Usuário autenticado
113
+
114
+ ---
115
+
116
+ ## 💻 Implementação Customizada
117
+
118
+ ### Adicionar Passkeys a Projeto Existente
119
+
120
+ Se você tem um projeto Blazor sem passkeys, use o **scaffolder**:
121
+
122
+ ```bash
123
+ dotnet tool install -g dotnet-aspnet-codegenerator
124
+
125
+ dotnet aspnet-codegenerator identity \
126
+ --useDefaultUI \
127
+ --dbContext ApplicationDbContext \
128
+ --files "Account.Manage.Passkeys;Account.Login"
129
+ ```
130
+
131
+ Isso adiciona:
132
+ - `Components/Account/Pages/Manage/Passkeys.razor`
133
+ - `Components/Account/Pages/Login.razor` (atualizado)
134
+
135
+ ### Verificar Suporte a Passkeys
136
+
137
+ ```csharp
138
+ @inject IPasskeyService PasskeyService
139
+
140
+ @code {
141
+ private bool _supportsPasskeys;
142
+
143
+ protected override async Task OnInitializedAsync()
144
+ {
145
+ _supportsPasskeys = await PasskeyService.IsSupportedAsync();
146
+ }
147
+ }
148
+ ```
149
+
150
+ ### Listar Passkeys do Usuário
151
+
152
+ ```csharp
153
+ @page "/manage/passkeys"
154
+ @inject IPasskeyService PasskeyService
155
+ @inject UserManager<ApplicationUser> UserManager
156
+
157
+ <h3>Minhas Passkeys</h3>
158
+
159
+ @if (_passkeys is null)
160
+ {
161
+ <p>Carregando...</p>
162
+ }
163
+ else if (!_passkeys.Any())
164
+ {
165
+ <p>Você não tem passkeys configuradas.</p>
166
+ }
167
+ else
168
+ {
169
+ <ul>
170
+ @foreach (var passkey in _passkeys)
171
+ {
172
+ <li>
173
+ @passkey.Name (@passkey.CreatedAt.ToString("dd/MM/yyyy"))
174
+ <button @onclick="() => RemovePasskey(passkey.Id)">Remover</button>
175
+ </li>
176
+ }
177
+ </ul>
178
+ }
179
+
180
+ <button @onclick="AddPasskey">Adicionar Passkey</button>
181
+
182
+ @code {
183
+ private List<Passkey>? _passkeys;
184
+
185
+ protected override async Task OnInitializedAsync()
186
+ {
187
+ var user = await UserManager.GetUserAsync(User);
188
+ _passkeys = await PasskeyService.GetUserPasskeysAsync(user!.Id);
189
+ }
190
+
191
+ private async Task AddPasskey()
192
+ {
193
+ var user = await UserManager.GetUserAsync(User);
194
+ await PasskeyService.CreatePasskeyAsync(user!.Id);
195
+ await OnInitializedAsync(); // Recarregar lista
196
+ }
197
+
198
+ private async Task RemovePasskey(string passkeyId)
199
+ {
200
+ await PasskeyService.RemovePasskeyAsync(passkeyId);
201
+ await OnInitializedAsync(); // Recarregar lista
202
+ }
203
+ }
204
+ ```
205
+
206
+ ---
207
+
208
+ ## 🗄️ Modelo de Dados
209
+
210
+ ### Entidade Passkey
211
+
212
+ ```csharp
213
+ public class Passkey
214
+ {
215
+ public string Id { get; set; } = Guid.NewGuid().ToString();
216
+ public string UserId { get; set; } = null!;
217
+ public string Name { get; set; } = "Passkey";
218
+ public byte[] CredentialId { get; set; } = Array.Empty<byte>();
219
+ public byte[] PublicKey { get; set; } = Array.Empty<byte>();
220
+ public int SignatureCounter { get; set; }
221
+ public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
222
+ public DateTime? LastUsedAt { get; set; }
223
+
224
+ // Relacionamento
225
+ public ApplicationUser User { get; set; } = null!;
226
+ }
227
+ ```
228
+
229
+ ### DbContext
230
+
231
+ ```csharp
232
+ public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
233
+ {
234
+ public DbSet<Passkey> Passkeys { get; set; }
235
+
236
+ protected override void OnModelCreating(ModelBuilder builder)
237
+ {
238
+ base.OnModelCreating(builder);
239
+
240
+ builder.Entity<Passkey>(entity =>
241
+ {
242
+ entity.HasKey(p => p.Id);
243
+ entity.HasIndex(p => p.UserId);
244
+ entity.HasIndex(p => p.CredentialId).IsUnique();
245
+
246
+ entity.HasOne(p => p.User)
247
+ .WithMany()
248
+ .HasForeignKey(p => p.UserId)
249
+ .OnDelete(DeleteBehavior.Cascade);
250
+ });
251
+ }
252
+ }
253
+ ```
254
+
255
+ ### Migration
256
+
257
+ ```bash
258
+ dotnet ef migrations add AddPasskeys
259
+ dotnet ef database update
260
+ ```
261
+
262
+ ---
263
+
264
+ ## 🔒 Segurança
265
+
266
+ ### Configurações Recomendadas
267
+
268
+ ```csharp
269
+ builder.Services.AddAuthentication()
270
+ .AddWebAuthn(options =>
271
+ {
272
+ // Nome do site (aparece no authenticator)
273
+ options.RelyingPartyId = "myapp.com";
274
+ options.RelyingPartyName = "My Application";
275
+
276
+ // Origem permitida
277
+ options.Origins = new[] { "https://myapp.com" };
278
+
279
+ // Timeout de autenticação
280
+ options.Timeout = TimeSpan.FromSeconds(60);
281
+
282
+ // Tipo de authenticator
283
+ options.AuthenticatorSelection = new()
284
+ {
285
+ RequireResidentKey = false,
286
+ UserVerification = UserVerificationRequirement.Preferred
287
+ };
288
+ });
289
+ ```
290
+
291
+ ### User Verification
292
+
293
+ | Modo | Descrição | Quando Usar |
294
+ |------|-----------|-------------|
295
+ | `Required` | Exige biometria/PIN sempre | Alto risco |
296
+ | `Preferred` | Prefere biometria mas aceita alternativa | Padrão recomendado |
297
+ | `Discouraged` | Não solicita verificação | Não use |
298
+
299
+ ### Attestation
300
+
301
+ ```csharp
302
+ options.Attestation = AttestationConveyancePreference.None;
303
+ ```
304
+
305
+ **Valores:**
306
+ - `None`: Não requer attestation (mais compatível)
307
+ - `Indirect`: Valida authenticator via CA
308
+ - `Direct`: Requer attestation direta (mais restritivo)
309
+
310
+ **Recomendação:** Use `None` para máxima compatibilidade.
311
+
312
+ ---
313
+
314
+ ## 🧪 Testando Passkeys
315
+
316
+ ### Ambiente de Desenvolvimento
317
+
318
+ 1. **HTTPS obrigatório:** WebAuthn só funciona com HTTPS (ou localhost)
319
+ 2. **Windows Hello:** Habilite no Windows
320
+ 3. **Chrome DevTools:** Use Virtual Authenticator para testes
321
+
322
+ ### Virtual Authenticator (Chrome)
323
+
324
+ 1. F12 → More Tools → WebAuthn
325
+ 2. Enable virtual authenticator environment
326
+ 3. Add authenticator (escolha tipo: USB, NFC, Internal)
327
+ 4. Teste criação e login
328
+
329
+ ### Smartphone como Authenticator
330
+
331
+ 1. Use HTTPS (não localhost)
332
+ 2. Escaneie QR code gerado
333
+ 3. Confirme com biometria do celular
334
+
335
+ ---
336
+
337
+ ## 🐛 Troubleshooting
338
+
339
+ ### Erro: "WebAuthn not supported"
340
+
341
+ **Causa:** Navegador antigo ou HTTP (não HTTPS)
342
+
343
+ **Solução:**
344
+ - Use HTTPS em produção
345
+ - Localhost funciona com HTTP (somente dev)
346
+ - Atualize navegador
347
+
348
+ ### Erro: "User verification failed"
349
+
350
+ **Causa:** Authenticator não configurado ou cancelado
351
+
352
+ **Solução:**
353
+ - Configure Windows Hello / Touch ID
354
+ - Tente outro authenticator
355
+ - Verifique `UserVerification = Preferred`
356
+
357
+ ### Passkey não aparece em outro dispositivo
358
+
359
+ **Causa:** Passkeys não sincronizam automaticamente (depende do authenticator)
360
+
361
+ **Solução:**
362
+ - Use authenticator com sync (ex: Google Password Manager)
363
+ - Ou crie passkey separada por dispositivo
364
+
365
+ ---
366
+
367
+ ## 📊 Migração Gradual
368
+
369
+ ### Permitir Email/Senha + Passkeys
370
+
371
+ ```csharp
372
+ // Login.razor
373
+ <EditForm Model="Input" OnValidSubmit="LoginAsync">
374
+ <InputText @bind-Value="Input.Email" />
375
+ <InputText @bind-Value="Input.Password" type="password" />
376
+ <button type="submit">Login with Password</button>
377
+ </EditForm>
378
+
379
+ <hr />
380
+
381
+ <button @onclick="LoginWithPasskey">Login with Passkey</button>
382
+
383
+ @code {
384
+ private async Task LoginAsync()
385
+ {
386
+ // Login tradicional com senha
387
+ }
388
+
389
+ private async Task LoginWithPasskey()
390
+ {
391
+ // Login com WebAuthn
392
+ }
393
+ }
394
+ ```
395
+
396
+ **Estratégia:** Mantenha senha como fallback, incentive passkeys.
397
+
398
+ ---
399
+
400
+ ## ✅ Checklist de Implementação
401
+
402
+ - [ ] Projeto criado com `--auth Individual` ou scaffolder usado
403
+ - [ ] DbContext inclui tabela `Passkeys`
404
+ - [ ] Migration executada
405
+ - [ ] HTTPS habilitado (dev e prod)
406
+ - [ ] Página de gerenciamento de passkeys funcional
407
+ - [ ] Login com passkey funcional
408
+ - [ ] Fallback para email/senha disponível
409
+ - [ ] Testado com Windows Hello ou smartphone
410
+ - [ ] `RelyingPartyId` configurado corretamente
411
+
412
+ ---
413
+
414
+ ## 📚 Referências
415
+
416
+ - [WebAuthn Specification (W3C)](https://w3c.github.io/webauthn/)
417
+ - [FIDO Alliance](https://fidoalliance.org/)
418
+ - [ASP.NET Core Identity - Passkeys](https://learn.microsoft.com/aspnet/core/security/authentication/identity/passkeys)
419
+ - [Chrome WebAuthn DevTools](https://developer.chrome.com/docs/devtools/webauthn/)
420
+
421
+ ---
422
+
423
+ *MORPH-SPEC by Polymorphism Tech*