npm - @polymorphism-tech/morph-spec - Versions diffs - 3.0.0 → 3.0.1 - Mend

@polymorphism-tech/morph-spec 3.0.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (160) hide show

package/CLAUDE.md +75 -371
package/LICENSE +72 -72
package/bin/detect-agents.js +225 -225
package/bin/render-template.js +302 -302
package/bin/semantic-detect-agents.js +246 -246
package/bin/validate-agents-skills.js +251 -251
package/bin/validate-agents.js +69 -69
package/bin/validate-phase.js +263 -263
package/content/.azure/README.md +293 -293
package/content/.azure/docs/azure-devops-setup.md +454 -454
package/content/.azure/docs/branch-strategy.md +398 -398
package/content/.azure/docs/local-development.md +515 -515
package/content/.azure/pipelines/pipeline-variables.yml +34 -34
package/content/.azure/pipelines/prod-pipeline.yml +319 -319
package/content/.azure/pipelines/staging-pipeline.yml +234 -234
package/content/.azure/pipelines/templates/build-dotnet.yml +75 -75
package/content/.azure/pipelines/templates/deploy-app-service.yml +94 -94
package/content/.azure/pipelines/templates/deploy-container-app.yml +120 -120
package/content/.azure/pipelines/templates/infra-deploy.yml +90 -90
package/content/.claude/commands/morph-archive.md +79 -79
package/content/.claude/commands/morph-deploy.md +529 -529
package/content/.claude/commands/morph-infra.md +209 -209
package/content/.claude/commands/morph-preflight.md +227 -227
package/content/.claude/commands/morph-troubleshoot.md +122 -122
package/content/.claude/settings.local.json +15 -15
package/content/.claude/skills/{specialists → level-2-domains/architecture}/prompt-engineer.md +189 -189
package/content/.claude/skills/{specialists → level-2-domains/architecture}/seo-growth-hacker.md +320 -320
package/content/.claude/skills/{infra → level-2-domains/infrastructure}/azure-deploy-specialist.md +699 -699
package/content/.morph/.morphversion +5 -5
package/content/.morph/archive/.gitkeep +25 -25
package/content/.morph/config/agents.json +7 -5
package/content/.morph/docs/STORY-DRIVEN-DEVELOPMENT.md +392 -392
package/content/.morph/examples/api-nextjs/README.md +241 -241
package/content/.morph/examples/api-nextjs/contracts.ts +307 -307
package/content/.morph/examples/api-nextjs/spec.md +399 -399
package/content/.morph/examples/api-nextjs/tasks.md +168 -168
package/content/.morph/examples/micro-saas/README.md +125 -125
package/content/.morph/examples/micro-saas/contracts.cs +358 -358
package/content/.morph/examples/micro-saas/decisions.md +246 -246
package/content/.morph/examples/micro-saas/spec.md +236 -236
package/content/.morph/examples/micro-saas/tasks.md +150 -150
package/content/.morph/examples/multi-agent/README.md +309 -309
package/content/.morph/examples/multi-agent/contracts.cs +433 -433
package/content/.morph/examples/multi-agent/spec.md +479 -479
package/content/.morph/examples/multi-agent/tasks.md +185 -185
package/content/.morph/examples/state-v3.json +188 -188
package/content/.morph/features/.gitkeep +25 -25
package/content/.morph/hooks/pre-commit-all.sh +48 -48
package/content/.morph/hooks/pre-commit-specs.sh +49 -49
package/content/.morph/hooks/pre-commit-tests.sh +60 -60
package/content/.morph/project.md +160 -160
package/content/.morph/schemas/agent.schema.json +296 -296
package/content/.morph/specs/.gitkeep +20 -20
package/content/.morph/standards/coding.md +377 -377
package/content/.morph/standards/fluent-ui-setup.md +590 -590
package/content/.morph/standards/migration-guide.md +514 -514
package/content/.morph/standards/passkeys-auth.md +423 -423
package/content/.morph/standards/vector-search-rag.md +536 -536
package/content/.morph/state.json +17 -17
package/content/.morph/templates/FluentDesignTheme.cs +149 -149
package/content/.morph/templates/MudTheme.cs +281 -281
package/content/.morph/templates/component.razor +239 -239
package/content/.morph/templates/contracts.cs +217 -217
package/content/.morph/templates/design-system.css +226 -226
package/content/.morph/templates/infra/.dockerignore.example +89 -89
package/content/.morph/templates/infra/Dockerfile.example +82 -82
package/content/.morph/templates/infra/README.md +286 -286
package/content/.morph/templates/infra/app-insights.bicep +63 -63
package/content/.morph/templates/infra/app-service.bicep +164 -164
package/content/.morph/templates/infra/azure-pipelines-deploy.yml +480 -480
package/content/.morph/templates/infra/container-app-env.bicep +49 -49
package/content/.morph/templates/infra/container-app.bicep +156 -156
package/content/.morph/templates/infra/deploy-checklist.md +426 -426
package/content/.morph/templates/infra/deploy.ps1 +229 -229
package/content/.morph/templates/infra/deploy.sh +208 -208
package/content/.morph/templates/infra/key-vault.bicep +91 -91
package/content/.morph/templates/infra/main.bicep +189 -189
package/content/.morph/templates/infra/parameters.dev.json +29 -29
package/content/.morph/templates/infra/parameters.prod.json +29 -29
package/content/.morph/templates/infra/parameters.staging.json +29 -29
package/content/.morph/templates/infra/sql-database.bicep +103 -103
package/content/.morph/templates/infra/storage.bicep +106 -106
package/content/.morph/templates/integrations/asaas-client.cs +387 -387
package/content/.morph/templates/integrations/asaas-webhook.cs +351 -351
package/content/.morph/templates/integrations/azure-identity-config.cs +288 -288
package/content/.morph/templates/integrations/clerk-config.cs +258 -258
package/content/.morph/templates/job.cs +171 -171
package/content/.morph/templates/migration.cs +83 -83
package/content/.morph/templates/repository.cs +141 -141
package/content/.morph/templates/saas/subscription.cs +347 -347
package/content/.morph/templates/saas/tenant.cs +338 -338
package/content/.morph/templates/service.cs +139 -139
package/content/.morph/templates/sprint-status.yaml +68 -68
package/content/.morph/templates/story.md +143 -143
package/content/.morph/templates/test.cs +239 -239
package/content/.morph/templates/ui-design-system.md +286 -286
package/content/.morph/templates/ui-flows.md +336 -336
package/content/.morph/templates/ui-mockups.md +133 -133
package/content/.morph/test-infra/example.bicep +59 -59
package/content/README.md +79 -79
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-light-webfont.svg +977 -977
package/docs/api/fonts/Source-Sans-Pro/sourcesanspro-regular-webfont.svg +1048 -1048
package/docs/api/scripts/collapse.js +38 -38
package/docs/api/scripts/commonNav.js +28 -28
package/docs/api/scripts/linenumber.js +25 -25
package/docs/api/scripts/nav.js +12 -12
package/docs/api/scripts/polyfill.js +3 -3
package/docs/api/scripts/prettify/Apache-License-2.0.txt +202 -202
package/docs/api/scripts/prettify/lang-css.js +2 -2
package/docs/api/scripts/prettify/prettify.js +28 -28
package/docs/api/scripts/search.js +98 -98
package/docs/api/styles/jsdoc.css +776 -776
package/docs/api/styles/prettify.css +80 -80
package/docs/examples.md +328 -328
package/docs/templates.md +418 -418
package/package.json +1 -2
package/scripts/postinstall.js +132 -132
package/scripts/reorganize-skills.cjs +175 -0
package/scripts/validate-agents-structure.cjs +52 -0
package/scripts/validate-skills.cjs +180 -0
package/src/commands/analyze-blazor-concurrency.js +193 -193
package/src/commands/create-story.js +351 -351
package/src/commands/deploy.js +780 -780
package/src/commands/detect-agents.js +9 -0
package/src/commands/detect.js +104 -104
package/src/commands/generate.js +149 -149
package/src/commands/lint-fluent.js +352 -352
package/src/commands/rollback-phase.js +185 -185
package/src/commands/session-summary.js +291 -291
package/src/commands/shard-spec.js +224 -224
package/src/commands/sprint-status.js +250 -250
package/src/commands/state.js +334 -333
package/src/commands/sync.js +167 -167
package/src/commands/troubleshoot.js +222 -222
package/src/commands/update.js +13 -1
package/src/commands/validate-blazor-state.js +210 -210
package/src/commands/validate-blazor.js +156 -156
package/src/commands/validate-css.js +84 -84
package/src/commands/validate-phase.js +221 -221
package/src/lib/blazor-concurrency-analyzer.js +288 -288
package/src/lib/blazor-state-validator.js +291 -291
package/src/lib/blazor-validator.js +374 -374
package/src/lib/css-validator.js +352 -352
package/src/lib/design-system-generator.js +298 -298
package/{detectors → src/lib/detectors}/config-detector.js +223 -223
package/{detectors → src/lib/detectors}/conversation-analyzer.js +163 -163
package/{detectors → src/lib/detectors}/index.js +84 -84
package/{detectors → src/lib/detectors}/standards-generator.js +275 -275
package/src/lib/learning-system.js +520 -520
package/src/lib/mockup-generator.js +366 -366
package/src/lib/state-manager.js +21 -4
package/src/lib/troubleshoot-grep.js +194 -194
package/src/lib/troubleshoot-index.js +144 -144
package/src/lib/ui-detector.js +350 -350
package/src/lib/validators/architecture-validator.js +387 -387
package/src/lib/validators/package-validator.js +360 -360
package/src/lib/validators/ui-contrast-validator.js +422 -422
package/src/utils/logger.js +32 -32
package/src/utils/version-checker.js +175 -175
/package/{detectors → src/lib/detectors}/structure-detector.js +0 -0

package/content/.azure/docs/azure-devops-setup.md CHANGED Viewed

@@ -1,454 +1,454 @@
-# Azure DevOps Setup - Workload Identity Federation
-> **MORPH-SPEC Framework**
-> Configuração de CI/CD com autenticação moderna (sem secrets)
----
-## 📋 Índice
-1. [Pré-requisitos](#pré-requisitos)
-2. [Configurar Workload Identity Federation](#configurar-workload-identity-federation)
-3. [Criar Service Connections](#criar-service-connections)
-4. [Configurar Pipelines](#configurar-pipelines)
-5. [Configurar Environments e Aprovações](#configurar-environments-e-aprovações)
-6. [Troubleshooting](#troubleshooting)
----
-## 🔑 Pré-requisitos
-### Azure
-- ✅ Subscription Azure ativa
-- ✅ Permissões de Owner ou User Access Administrator na subscription
-- ✅ Azure CLI instalado: https://aka.ms/azure-cli
-### Azure DevOps
-- ✅ Organização Azure DevOps criada
-- ✅ Projeto criado
-- ✅ Permissões de administrador do projeto
-###Informações Necessárias
-```bash
-# Azure
-SUBSCRIPTION_ID="<sua-subscription-id>"
-TENANT_ID="<seu-tenant-id>"
-# Azure DevOps
-ADO_ORG="<sua-org>"          # Ex: polymorphismtech
-ADO_PROJECT="<seu-projeto>"   # Ex: morph-app
-# Application
-APP_NAME="<nome-da-app>"      # Ex: myapp
-```
----
-## 🌐 Configurar Workload Identity Federation
-### Passo 1: Criar App Registration
-```bash
-# Login no Azure
-az login
-az account set --subscription $SUBSCRIPTION_ID
-# Criar App Registration para Dev
-APP_DEV_NAME="${APP_NAME}-dev-pipeline"
-APP_DEV_ID=$(az ad app create \
-  --display-name "$APP_DEV_NAME" \
-  --query appId -o tsv)
-echo "Dev App ID: $APP_DEV_ID"
-# Criar Service Principal
-SP_DEV_ID=$(az ad sp create \
-  --id $APP_DEV_ID \
-  --query id -o tsv)
-echo "Dev Service Principal ID: $SP_DEV_ID"
-# Repetir para Staging e Prod
-APP_STAGING_NAME="${APP_NAME}-staging-pipeline"
-APP_STAGING_ID=$(az ad app create --display-name "$APP_STAGING_NAME" --query appId -o tsv)
-SP_STAGING_ID=$(az ad sp create --id $APP_STAGING_ID --query id -o tsv)
-APP_PROD_NAME="${APP_NAME}-prod-pipeline"
-APP_PROD_ID=$(az ad app create --display-name "$APP_PROD_NAME" --query appId -o tsv)
-SP_PROD_ID=$(az ad sp create --id $APP_PROD_ID --query id -o tsv)
-```
-### Passo 2: Configurar Federated Credentials
-```bash
-# DEV Environment
-cat <<EOF > federated-credential-dev.json
-{
-  "name": "dev-pipeline-federated",
-  "issuer": "https://vstoken.dev.azure.com/<ADO_ORG_ID>",
-  "subject": "sc://$ADO_ORG/$ADO_PROJECT/Azure-Dev-Connection",
-  "description": "Federated credential for dev pipeline",
-  "audiences": [
-    "api://AzureADTokenExchange"
-  ]
-}
-EOF
-az ad app federated-credential create \
-  --id $APP_DEV_ID \
-  --parameters federated-credential-dev.json
-# STAGING Environment
-cat <<EOF > federated-credential-staging.json
-{
-  "name": "staging-pipeline-federated",
-  "issuer": "https://vstoken.dev.azure.com/<ADO_ORG_ID>",
-  "subject": "sc://$ADO_ORG/$ADO_PROJECT/Azure-Staging-Connection",
-  "description": "Federated credential for staging pipeline",
-  "audiences": [
-    "api://AzureADTokenExchange"
-  ]
-}
-EOF
-az ad app federated-credential create \
-  --id $APP_STAGING_ID \
-  --parameters federated-credential-staging.json
-# PROD Environment
-cat <<EOF > federated-credential-prod.json
-{
-  "name": "prod-pipeline-federated",
-  "issuer": "https://vstoken.dev.azure.com/<ADO_ORG_ID>",
-  "subject": "sc://$ADO_ORG/$ADO_PROJECT/Azure-Prod-Connection",
-  "description": "Federated credential for prod pipeline",
-  "audiences": [
-    "api://AzureADTokenExchange"
-  ]
-}
-EOF
-az ad app federated-credential create \
-  --id $APP_PROD_ID \
-  --parameters federated-credential-prod.json
-```
-**📌 Como obter ADO_ORG_ID:**
-```bash
-# Via Azure DevOps UI
-# Vá em: Organization Settings → Overview → Organization ID
-# Ou via API:
-curl -u ":${AZURE_DEVOPS_PAT}" \
-  "https://dev.azure.com/${ADO_ORG}/_apis/connectionData"
-```
-### Passo 3: Atribuir Permissões Azure
-```bash
-# DEV - Contributor na resource group
-RG_DEV="rg-${APP_NAME}-dev"
-az role assignment create \
-  --assignee $SP_DEV_ID \
-  --role Contributor \
-  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_DEV"
-# STAGING - Contributor na resource group
-RG_STAGING="rg-${APP_NAME}-staging"
-az role assignment create \
-  --assignee $SP_STAGING_ID \
-  --role Contributor \
-  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_STAGING"
-# PROD - Contributor na resource group
-RG_PROD="rg-${APP_NAME}-prod"
-az role assignment create \
-  --assignee $SP_PROD_ID \
-  --role Contributor \
-  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_PROD"
-# ACR - AcrPush para todos
-ACR_ID="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/<rg-acr>/providers/Microsoft.ContainerRegistry/registries/<acr-name>"
-az role assignment create --assignee $SP_DEV_ID --role AcrPush --scope $ACR_ID
-az role assignment create --assignee $SP_STAGING_ID --role AcrPush --scope $ACR_ID
-az role assignment create --assignee $SP_PROD_ID --role AcrPush --scope $ACR_ID
-```
----
-## 🔗 Criar Service Connections
-### Via Azure DevOps UI
-#### 1. Service Connection para Azure (Dev)
-1. Vá em: **Project Settings** → **Service connections** → **New service connection**
-2. Selecione: **Azure Resource Manager**
-3. Authentication method: **Workload Identity federation (automatic)**
-4. Scope level: **Subscription**
-5. Preencha:
-   - **Subscription ID**: `<sua-subscription-id>`
-   - **Service connection name**: `Azure-Dev-Connection`
-   - **Service Principal ID**: `$APP_DEV_ID` (do Passo 1)
-6. Marque: **Grant access permission to all pipelines** (ou configure por pipeline)
-7. Click: **Save**
-#### 2. Repetir para Staging e Prod
-- **Staging**: Nome `Azure-Staging-Connection`, usar `$APP_STAGING_ID`
-- **Prod**: Nome `Azure-Prod-Connection`, usar `$APP_PROD_ID`
-#### 3. Service Connection para ACR
-1. **New service connection** → **Docker Registry**
-2. Registry type: **Azure Container Registry**
-3. Authentication type: **Workload Identity federation**
-4. Preencha:
-   - **Azure subscription**: Selecione a subscription
-   - **Azure container registry**: Selecione seu ACR
-   - **Service connection name**: `ACR-Connection`
-5. **Save**
-### Via Azure CLI (Alternativa)
-```bash
-# Requer Azure DevOps extension
-az extension add --name azure-devops
-# Login
-az devops configure --defaults organization=https://dev.azure.com/$ADO_ORG project=$ADO_PROJECT
-# Criar service connection (exemplo simplificado)
-# Nota: Workload Identity via CLI é complexo, recomenda-se usar UI
-```
----
-## ⚙️ Configurar Pipelines
-### Passo 1: Importar Pipelines
-1. Vá em: **Pipelines** → **New pipeline**
-2. Selecione: **Azure Repos Git** (ou seu SCM)
-3. Selecione seu repositório
-4. **Existing Azure Pipelines YAML file**
-5. Path: `.azure/pipelines/dev-pipeline.yml`
-6. **Continue** → **Save** (não run ainda)
-Repetir para:
-- `.azure/pipelines/staging-pipeline.yml`
-- `.azure/pipelines/prod-pipeline.yml`
-### Passo 2: Configurar Variáveis
-#### Variáveis no Pipeline Level
-Para cada pipeline, adicione as variáveis:
-**Dev Pipeline** → **Edit** → **Variables**:
-```
-ACR_NAME: <seu-acr-name>
-APP_NAME: <seu-app-name>
-SUBSCRIPTION_ID: <subscription-id>
-```
-**Staging Pipeline** - mesmas variáveis
-**Prod Pipeline** - mesmas variáveis
-#### Variáveis no Group Level (Opcional)
-1. **Pipelines** → **Library** → **+ Variable group**
-2. Nome: `morph-common-vars`
-3. Adicionar:
-   ```
-   ACR_NAME: <seu-acr>
-   APP_NAME: <seu-app>
-   SUBSCRIPTION_ID: <subscription-id>
-   ```
-4. Linkar aos pipelines:
-   ```yaml
-   variables:
-     - group: morph-common-vars
-     - template: pipeline-variables.yml
-   ```
----
-## 🛡️ Configurar Environments e Aprovações
-### Passo 1: Criar Environments
-1. **Pipelines** → **Environments** → **New environment**
-2. Criar 3 environments:
-**Dev Environment:**
-- Name: `dev`
-- Resource: None
-- Approvals: **Nenhuma** (deploy automático)
-**Staging Environment:**
-- Name: `staging`
-- Resource: None
-- Approvals: **Opcional** (recomendado nenhuma para deploy rápido)
-  - Se desejar: Add approver selecione você mesmo
-  - Timeout: 24 hours
-**Production Environment:**
-- Name: `production`
-- Resource: None
-- Approvals: **OBRIGATÓRIO**
-  - Add approvers: Selecione você mesmo
-  - Timeout: 48 hours
-  - **Checks**: Adicionar "Invoke REST API" para verificações adicionais (opcional)
-### Passo 2: Configurar Branch Policies (Opcional)
-Para `main` branch:
-1. **Repos** → **Branches** → `main` → **Branch policies**
-2. Habilitar:
-   - **Require a minimum number of reviewers**: 0 (self-review via approval gate)
-   - **Check for linked work items**: Recommended
-   - **Build validation**: Link prod pipeline
----
-## 🧪 Testar Configuração
-### Teste 1: Dev Pipeline
-```bash
-# Criar branch develop
-git checkout -b develop
-git push origin develop
-# Fazer um commit qualquer
-echo "test" > test.txt
-git add test.txt
-git commit -m "test: trigger dev pipeline"
-git push origin develop
-```
-**Verificar:**
-- Pipeline triggou automaticamente
-- Build passou
-- Deploy para App Service Free foi bem-sucedido
-- Health check passou
-### Teste 2: Staging Pipeline
-```bash
-# Merge develop em main
-git checkout main
-git merge develop
-git push origin main
-```
-**Verificar:**
-- Staging pipeline triggou
-- Container foi buildado e pushed para ACR
-- Deploy para Container Apps funcionou
-- Integration tests passaram
-### Teste 3: Prod Pipeline (Manual)
-1. **Pipelines** → **prod-pipeline** → **Run pipeline**
-2. Verificar aprovação manual aparece
-3. Aprovar deploy
-4. Verificar deployment bem-sucedido
----
-## 🆘 Troubleshooting
-### Erro: "Failed to get federated token"
-**Causa:** Subject no federated credential não match com service connection.
-**Solução:**
-```bash
-# Verificar subject correto
-# Deve ser: sc://<ORG>/<PROJECT>/<SERVICE_CONNECTION_NAME>
-# Recriar federated credential com subject correto
-az ad app federated-credential delete \
-  --id $APP_ID \
-  --federated-credential-id <credential-id>
-# Criar novamente com subject correto
-az ad app federated-credential create \
-  --id $APP_ID \
-  --parameters federated-credential.json
-```
-### Erro: "Insufficient permissions"
-**Causa:** Service Principal não tem permissões na subscription/resource group.
-**Solução:**
-```bash
-# Verificar role assignments
-az role assignment list \
-  --assignee $SP_ID \
-  --output table
-# Adicionar Contributor se necessário
-az role assignment create \
-  --assignee $SP_ID \
-  --role Contributor \
-  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_NAME"
-```
-### Erro: "Container registry not found"
-**Causa:** Service Principal não tem permissão no ACR.
-**Solução:**
-```bash
-# Adicionar AcrPush role
-az role assignment create \
-  --assignee $SP_ID \
-  --role AcrPush \
-  --scope $ACR_ID
-```
-### Erro: "Pipeline not authorized to access service connection"
-**Causa:** Pipeline não foi autorizado a usar a service connection.
-**Solução:**
-1. **Project Settings** → **Service connections**
-2. Click na service connection
-3. **Security** → Adicionar pipeline específico ou marcar "Grant access to all pipelines"
----
-## 📚 Referências
-- [Workload Identity Federation](https://learn.microsoft.com/azure/devops/pipelines/library/connect-to-azure)
-- [Azure Pipelines YAML Schema](https://learn.microsoft.com/azure/devops/pipelines/yaml-schema)
-- [Environments](https://learn.microsoft.com/azure/devops/pipelines/process/environments)
-- [Service Connections](https://learn.microsoft.com/azure/devops/pipelines/library/service-endpoints)
----
-## ✅ Checklist Final
-Antes de ir para produção:
-- [ ] Workload Identity configurada para dev/staging/prod
-- [ ] Service connections criadas e testadas
-- [ ] Variáveis configuradas (ACR_NAME, APP_NAME, SUBSCRIPTION_ID)
-- [ ] Environments criados (dev, staging, production)
-- [ ] Aprovações configuradas (production requer aprovação manual)
-- [ ] Dev pipeline testado com sucesso
-- [ ] Staging pipeline testado com sucesso
-- [ ] Prod pipeline testado com aprovação
-- [ ] Health checks funcionando
-- [ ] Monitoring configurado (Application Insights)
-- [ ] Rollback plan documentado
----
-*MORPH-SPEC by Polymorphism Tech*
+# Azure DevOps Setup - Workload Identity Federation
+> **MORPH-SPEC Framework**
+> Configuração de CI/CD com autenticação moderna (sem secrets)
+---
+## 📋 Índice
+1. [Pré-requisitos](#pré-requisitos)
+2. [Configurar Workload Identity Federation](#configurar-workload-identity-federation)
+3. [Criar Service Connections](#criar-service-connections)
+4. [Configurar Pipelines](#configurar-pipelines)
+5. [Configurar Environments e Aprovações](#configurar-environments-e-aprovações)
+6. [Troubleshooting](#troubleshooting)
+---
+## 🔑 Pré-requisitos
+### Azure
+- ✅ Subscription Azure ativa
+- ✅ Permissões de Owner ou User Access Administrator na subscription
+- ✅ Azure CLI instalado: https://aka.ms/azure-cli
+### Azure DevOps
+- ✅ Organização Azure DevOps criada
+- ✅ Projeto criado
+- ✅ Permissões de administrador do projeto
+###Informações Necessárias
+```bash
+# Azure
+SUBSCRIPTION_ID="<sua-subscription-id>"
+TENANT_ID="<seu-tenant-id>"
+# Azure DevOps
+ADO_ORG="<sua-org>"          # Ex: polymorphismtech
+ADO_PROJECT="<seu-projeto>"   # Ex: morph-app
+# Application
+APP_NAME="<nome-da-app>"      # Ex: myapp
+```
+---
+## 🌐 Configurar Workload Identity Federation
+### Passo 1: Criar App Registration
+```bash
+# Login no Azure
+az login
+az account set --subscription $SUBSCRIPTION_ID
+# Criar App Registration para Dev
+APP_DEV_NAME="${APP_NAME}-dev-pipeline"
+APP_DEV_ID=$(az ad app create \
+  --display-name "$APP_DEV_NAME" \
+  --query appId -o tsv)
+echo "Dev App ID: $APP_DEV_ID"
+# Criar Service Principal
+SP_DEV_ID=$(az ad sp create \
+  --id $APP_DEV_ID \
+  --query id -o tsv)
+echo "Dev Service Principal ID: $SP_DEV_ID"
+# Repetir para Staging e Prod
+APP_STAGING_NAME="${APP_NAME}-staging-pipeline"
+APP_STAGING_ID=$(az ad app create --display-name "$APP_STAGING_NAME" --query appId -o tsv)
+SP_STAGING_ID=$(az ad sp create --id $APP_STAGING_ID --query id -o tsv)
+APP_PROD_NAME="${APP_NAME}-prod-pipeline"
+APP_PROD_ID=$(az ad app create --display-name "$APP_PROD_NAME" --query appId -o tsv)
+SP_PROD_ID=$(az ad sp create --id $APP_PROD_ID --query id -o tsv)
+```
+### Passo 2: Configurar Federated Credentials
+```bash
+# DEV Environment
+cat <<EOF > federated-credential-dev.json
+{
+  "name": "dev-pipeline-federated",
+  "issuer": "https://vstoken.dev.azure.com/<ADO_ORG_ID>",
+  "subject": "sc://$ADO_ORG/$ADO_PROJECT/Azure-Dev-Connection",
+  "description": "Federated credential for dev pipeline",
+  "audiences": [
+    "api://AzureADTokenExchange"
+  ]
+}
+EOF
+az ad app federated-credential create \
+  --id $APP_DEV_ID \
+  --parameters federated-credential-dev.json
+# STAGING Environment
+cat <<EOF > federated-credential-staging.json
+{
+  "name": "staging-pipeline-federated",
+  "issuer": "https://vstoken.dev.azure.com/<ADO_ORG_ID>",
+  "subject": "sc://$ADO_ORG/$ADO_PROJECT/Azure-Staging-Connection",
+  "description": "Federated credential for staging pipeline",
+  "audiences": [
+    "api://AzureADTokenExchange"
+  ]
+}
+EOF
+az ad app federated-credential create \
+  --id $APP_STAGING_ID \
+  --parameters federated-credential-staging.json
+# PROD Environment
+cat <<EOF > federated-credential-prod.json
+{
+  "name": "prod-pipeline-federated",
+  "issuer": "https://vstoken.dev.azure.com/<ADO_ORG_ID>",
+  "subject": "sc://$ADO_ORG/$ADO_PROJECT/Azure-Prod-Connection",
+  "description": "Federated credential for prod pipeline",
+  "audiences": [
+    "api://AzureADTokenExchange"
+  ]
+}
+EOF
+az ad app federated-credential create \
+  --id $APP_PROD_ID \
+  --parameters federated-credential-prod.json
+```
+**📌 Como obter ADO_ORG_ID:**
+```bash
+# Via Azure DevOps UI
+# Vá em: Organization Settings → Overview → Organization ID
+# Ou via API:
+curl -u ":${AZURE_DEVOPS_PAT}" \
+  "https://dev.azure.com/${ADO_ORG}/_apis/connectionData"
+```
+### Passo 3: Atribuir Permissões Azure
+```bash
+# DEV - Contributor na resource group
+RG_DEV="rg-${APP_NAME}-dev"
+az role assignment create \
+  --assignee $SP_DEV_ID \
+  --role Contributor \
+  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_DEV"
+# STAGING - Contributor na resource group
+RG_STAGING="rg-${APP_NAME}-staging"
+az role assignment create \
+  --assignee $SP_STAGING_ID \
+  --role Contributor \
+  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_STAGING"
+# PROD - Contributor na resource group
+RG_PROD="rg-${APP_NAME}-prod"
+az role assignment create \
+  --assignee $SP_PROD_ID \
+  --role Contributor \
+  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_PROD"
+# ACR - AcrPush para todos
+ACR_ID="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/<rg-acr>/providers/Microsoft.ContainerRegistry/registries/<acr-name>"
+az role assignment create --assignee $SP_DEV_ID --role AcrPush --scope $ACR_ID
+az role assignment create --assignee $SP_STAGING_ID --role AcrPush --scope $ACR_ID
+az role assignment create --assignee $SP_PROD_ID --role AcrPush --scope $ACR_ID
+```
+---
+## 🔗 Criar Service Connections
+### Via Azure DevOps UI
+#### 1. Service Connection para Azure (Dev)
+1. Vá em: **Project Settings** → **Service connections** → **New service connection**
+2. Selecione: **Azure Resource Manager**
+3. Authentication method: **Workload Identity federation (automatic)**
+4. Scope level: **Subscription**
+5. Preencha:
+   - **Subscription ID**: `<sua-subscription-id>`
+   - **Service connection name**: `Azure-Dev-Connection`
+   - **Service Principal ID**: `$APP_DEV_ID` (do Passo 1)
+6. Marque: **Grant access permission to all pipelines** (ou configure por pipeline)
+7. Click: **Save**
+#### 2. Repetir para Staging e Prod
+- **Staging**: Nome `Azure-Staging-Connection`, usar `$APP_STAGING_ID`
+- **Prod**: Nome `Azure-Prod-Connection`, usar `$APP_PROD_ID`
+#### 3. Service Connection para ACR
+1. **New service connection** → **Docker Registry**
+2. Registry type: **Azure Container Registry**
+3. Authentication type: **Workload Identity federation**
+4. Preencha:
+   - **Azure subscription**: Selecione a subscription
+   - **Azure container registry**: Selecione seu ACR
+   - **Service connection name**: `ACR-Connection`
+5. **Save**
+### Via Azure CLI (Alternativa)
+```bash
+# Requer Azure DevOps extension
+az extension add --name azure-devops
+# Login
+az devops configure --defaults organization=https://dev.azure.com/$ADO_ORG project=$ADO_PROJECT
+# Criar service connection (exemplo simplificado)
+# Nota: Workload Identity via CLI é complexo, recomenda-se usar UI
+```
+---
+## ⚙️ Configurar Pipelines
+### Passo 1: Importar Pipelines
+1. Vá em: **Pipelines** → **New pipeline**
+2. Selecione: **Azure Repos Git** (ou seu SCM)
+3. Selecione seu repositório
+4. **Existing Azure Pipelines YAML file**
+5. Path: `.azure/pipelines/dev-pipeline.yml`
+6. **Continue** → **Save** (não run ainda)
+Repetir para:
+- `.azure/pipelines/staging-pipeline.yml`
+- `.azure/pipelines/prod-pipeline.yml`
+### Passo 2: Configurar Variáveis
+#### Variáveis no Pipeline Level
+Para cada pipeline, adicione as variáveis:
+**Dev Pipeline** → **Edit** → **Variables**:
+```
+ACR_NAME: <seu-acr-name>
+APP_NAME: <seu-app-name>
+SUBSCRIPTION_ID: <subscription-id>
+```
+**Staging Pipeline** - mesmas variáveis
+**Prod Pipeline** - mesmas variáveis
+#### Variáveis no Group Level (Opcional)
+1. **Pipelines** → **Library** → **+ Variable group**
+2. Nome: `morph-common-vars`
+3. Adicionar:
+   ```
+   ACR_NAME: <seu-acr>
+   APP_NAME: <seu-app>
+   SUBSCRIPTION_ID: <subscription-id>
+   ```
+4. Linkar aos pipelines:
+   ```yaml
+   variables:
+     - group: morph-common-vars
+     - template: pipeline-variables.yml
+   ```
+---
+## 🛡️ Configurar Environments e Aprovações
+### Passo 1: Criar Environments
+1. **Pipelines** → **Environments** → **New environment**
+2. Criar 3 environments:
+**Dev Environment:**
+- Name: `dev`
+- Resource: None
+- Approvals: **Nenhuma** (deploy automático)
+**Staging Environment:**
+- Name: `staging`
+- Resource: None
+- Approvals: **Opcional** (recomendado nenhuma para deploy rápido)
+  - Se desejar: Add approver selecione você mesmo
+  - Timeout: 24 hours
+**Production Environment:**
+- Name: `production`
+- Resource: None
+- Approvals: **OBRIGATÓRIO**
+  - Add approvers: Selecione você mesmo
+  - Timeout: 48 hours
+  - **Checks**: Adicionar "Invoke REST API" para verificações adicionais (opcional)
+### Passo 2: Configurar Branch Policies (Opcional)
+Para `main` branch:
+1. **Repos** → **Branches** → `main` → **Branch policies**
+2. Habilitar:
+   - **Require a minimum number of reviewers**: 0 (self-review via approval gate)
+   - **Check for linked work items**: Recommended
+   - **Build validation**: Link prod pipeline
+---
+## 🧪 Testar Configuração
+### Teste 1: Dev Pipeline
+```bash
+# Criar branch develop
+git checkout -b develop
+git push origin develop
+# Fazer um commit qualquer
+echo "test" > test.txt
+git add test.txt
+git commit -m "test: trigger dev pipeline"
+git push origin develop
+```
+**Verificar:**
+- Pipeline triggou automaticamente
+- Build passou
+- Deploy para App Service Free foi bem-sucedido
+- Health check passou
+### Teste 2: Staging Pipeline
+```bash
+# Merge develop em main
+git checkout main
+git merge develop
+git push origin main
+```
+**Verificar:**
+- Staging pipeline triggou
+- Container foi buildado e pushed para ACR
+- Deploy para Container Apps funcionou
+- Integration tests passaram
+### Teste 3: Prod Pipeline (Manual)
+1. **Pipelines** → **prod-pipeline** → **Run pipeline**
+2. Verificar aprovação manual aparece
+3. Aprovar deploy
+4. Verificar deployment bem-sucedido
+---
+## 🆘 Troubleshooting
+### Erro: "Failed to get federated token"
+**Causa:** Subject no federated credential não match com service connection.
+**Solução:**
+```bash
+# Verificar subject correto
+# Deve ser: sc://<ORG>/<PROJECT>/<SERVICE_CONNECTION_NAME>
+# Recriar federated credential com subject correto
+az ad app federated-credential delete \
+  --id $APP_ID \
+  --federated-credential-id <credential-id>
+# Criar novamente com subject correto
+az ad app federated-credential create \
+  --id $APP_ID \
+  --parameters federated-credential.json
+```
+### Erro: "Insufficient permissions"
+**Causa:** Service Principal não tem permissões na subscription/resource group.
+**Solução:**
+```bash
+# Verificar role assignments
+az role assignment list \
+  --assignee $SP_ID \
+  --output table
+# Adicionar Contributor se necessário
+az role assignment create \
+  --assignee $SP_ID \
+  --role Contributor \
+  --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG_NAME"
+```
+### Erro: "Container registry not found"
+**Causa:** Service Principal não tem permissão no ACR.
+**Solução:**
+```bash
+# Adicionar AcrPush role
+az role assignment create \
+  --assignee $SP_ID \
+  --role AcrPush \
+  --scope $ACR_ID
+```
+### Erro: "Pipeline not authorized to access service connection"
+**Causa:** Pipeline não foi autorizado a usar a service connection.
+**Solução:**
+1. **Project Settings** → **Service connections**
+2. Click na service connection
+3. **Security** → Adicionar pipeline específico ou marcar "Grant access to all pipelines"
+---
+## 📚 Referências
+- [Workload Identity Federation](https://learn.microsoft.com/azure/devops/pipelines/library/connect-to-azure)
+- [Azure Pipelines YAML Schema](https://learn.microsoft.com/azure/devops/pipelines/yaml-schema)
+- [Environments](https://learn.microsoft.com/azure/devops/pipelines/process/environments)
+- [Service Connections](https://learn.microsoft.com/azure/devops/pipelines/library/service-endpoints)
+---
+## ✅ Checklist Final
+Antes de ir para produção:
+- [ ] Workload Identity configurada para dev/staging/prod
+- [ ] Service connections criadas e testadas
+- [ ] Variáveis configuradas (ACR_NAME, APP_NAME, SUBSCRIPTION_ID)
+- [ ] Environments criados (dev, staging, production)
+- [ ] Aprovações configuradas (production requer aprovação manual)
+- [ ] Dev pipeline testado com sucesso
+- [ ] Staging pipeline testado com sucesso
+- [ ] Prod pipeline testado com aprovação
+- [ ] Health checks funcionando
+- [ ] Monitoring configurado (Application Insights)
+- [ ] Rollback plan documentado
+---
+*MORPH-SPEC by Polymorphism Tech*