@polymorphism-tech/morph-spec 4.9.0 → 4.10.1

package/framework/commands/morph-infra.md

@@ -1,8 +1,14 @@
+---
+description: Manage Azure infrastructure with Bicep templates — provision, update, and monitor cloud resources
+argument-hint: [up|down|plan|status]
+allowed-tools: Read, Write, Edit, Bash, Glob, AskUserQuestion
+---
+
 # /morph-infra - Infrastructure Management
 
-Gerencia infraestrutura Azure usando Bicep templates.
+Manage Azure infrastructure using Bicep templates.
 
-## Uso
+## Usage
 
 ```
 /morph-infra [action] [options]
@@ -10,23 +16,23 @@ Gerencia infraestrutura Azure usando Bicep templates.
 
 ### Actions
 
-| Action | Descrição |
-|--------|-----------|
-| `init` | Inicializa estrutura IaC no projeto |
-| `validate` | Valida templates Bicep |
-| `plan` | Mostra what-if de mudanças |
-| `deploy` | Executa deploy dos recursos |
-| `destroy` | Remove todos os recursos |
+| Action | Description |
+|--------|-------------|
+| `init` | Initialize IaC structure in the project |
+| `validate` | Validate Bicep templates |
+| `plan` | Show what-if of changes |
+| `deploy` | Execute resource deployment |
+| `destroy` | Remove all resources |
 
 ---
 
 ## Workflow
 
-### 1. INIT - Inicializar IaC
+### 1. INIT - Initialize IaC
 
-Quando o usuário solicitar `/morph-infra init`:
+When the user requests `/morph-infra init`:
 
-1. Criar estrutura `infra/` no projeto:
+1. Create the `infra/` structure in the project:
    ```
    infra/
    ├── main.bicep
@@ -41,42 +47,42 @@ Quando o usuário solicitar `/morph-infra init`:
        └── app-insights.bicep
    ```
 
-2. Copiar templates de `.morph/framework/templates/infrastructure/...`
+2. Copy templates from `.morph/framework/templates/infrastructure/...`
 
-3. Substituir placeholders:
-   - `{{APP_NAME}}` → nome do projeto
-   - `{{SUBSCRIPTION_ID}}` → solicitar ao usuário
-   - `{{RESOURCE_GROUP}}` → sugerir padrão `rg-{app}-{env}`
+3. Replace placeholders:
+   - `{{APP_NAME}}` → project name
+   - `{{SUBSCRIPTION_ID}}` → request from user
+   - `{{RESOURCE_GROUP}}` → suggest default `rg-{app}-{env}`
 
-4. Documentar no `decisions.md` a estrutura criada
+4. Document the created structure in `decisions.md`
 
 ---
 
-### 2. VALIDATE - Validar Templates
+### 2. VALIDATE - Validate Templates
 
-Quando o usuário solicitar `/morph-infra validate`:
+When the user requests `/morph-infra validate`:
 
-1. Executar validação Bicep:
+1. Run Bicep validation:
    ```bash
    az bicep build --file infra/main.bicep
    ```
 
-2. Verificar parâmetros necessários
+2. Check required parameters
 
-3. Reportar erros ou sucesso
+3. Report errors or success
 
 ---
 
-### 3. PLAN - Preview de Mudanças
+### 3. PLAN - Preview Changes
 
-Quando o usuário solicitar `/morph-infra plan [env]`:
+When the user requests `/morph-infra plan [env]`:
 
-1. Verificar se Azure CLI está autenticado:
+1. Check if Azure CLI is authenticated:
    ```bash
    az account show
    ```
 
-2. Executar what-if:
+2. Run what-if:
    ```bash
    az deployment group what-if \
      --resource-group rg-{app}-{env} \
@@ -84,28 +90,28 @@ Quando o usuário solicitar `/morph-infra plan [env]`:
      --parameters @infra/parameters.{env}.json
    ```
 
-3. Apresentar resumo de mudanças:
-   - Recursos a criar
-   - Recursos a modificar
-   - Recursos a deletar
-   - Custos estimados
+3. Present change summary:
+   - Resources to create
+   - Resources to modify
+   - Resources to delete
+   - Estimated costs
 
-4. ⛔ **PARE e aguarde aprovação** para deploy
+4. **STOP and wait for approval** before deploy
 
 ---
 
-### 4. DEPLOY - Executar Deploy
+### 4. DEPLOY - Execute Deploy
 
-Quando o usuário solicitar `/morph-infra deploy [env]`:
+When the user requests `/morph-infra deploy [env]`:
 
-1. Verificar aprovação do plan
+1. Verify plan was approved
 
-2. Criar resource group se não existir:
+2. Create resource group if it doesn't exist:
    ```bash
    az group create --name rg-{app}-{env} --location brazilsouth
    ```
 
-3. Executar deploy:
+3. Execute deploy:
    ```bash
    az deployment group create \
      --resource-group rg-{app}-{env} \
@@ -113,75 +119,75 @@ Quando o usuário solicitar `/morph-infra deploy [env]`:
      --parameters @infra/parameters.{env}.json
    ```
 
-4. Capturar outputs:
+4. Capture outputs:
    - Container App URL
    - SQL Connection String
    - Key Vault URI
 
-5. Atualizar documentação com informações do deploy
+5. Update documentation with deploy information
 
 ---
 
-### 5. DESTROY - Remover Recursos
+### 5. DESTROY - Remove Resources
 
-Quando o usuário solicitar `/morph-infra destroy [env]`:
+When the user requests `/morph-infra destroy [env]`:
 
-1. ⚠️ **ALERTAR** que esta ação é irreversível
+1. **WARN** that this action is irreversible
 
-2. Listar recursos que serão deletados
+2. List resources that will be deleted
 
-3. ⛔ **PARE e aguarde confirmação explícita** ("sim, deletar")
+3. **STOP and wait for explicit confirmation** ("yes, delete")
 
-4. Executar:
+4. Execute:
    ```bash
    az group delete --name rg-{app}-{env} --yes --no-wait
    ```
 
 ---
 
-## Regras de Segurança
+## Security Rules
 
-### NUNCA:
-- Expor secrets em logs
-- Commitar arquivos com secrets
-- Deletar recursos de produção sem confirmação explícita
-- Criar recursos fora do Bicep (zero portal)
+### NEVER:
+- Expose secrets in logs
+- Commit files with secrets
+- Delete production resources without explicit confirmation
+- Create resources outside Bicep (zero portal)
 
-### SEMPRE:
-- Usar Key Vault para secrets
-- Validar Bicep antes de deploy
-- Executar what-if antes de deploy
-- Documentar custos estimados
-- Manter parameters.json separados por ambiente
+### ALWAYS:
+- Use Key Vault for secrets
+- Validate Bicep before deploy
+- Run what-if before deploy
+- Document estimated costs
+- Keep parameters.json separated by environment
 
 ---
 
 ## Cost Guardian Integration
 
-Antes de qualquer deploy, verificar com Cost Guardian:
+Before any deploy, check with Cost Guardian:
 
-1. Estimar custos mensais dos recursos
-2. Verificar se está dentro dos limites aprovados:
-   - Free tier: sem aprovação
-   - Até $10/mês: requer confirmação
-   - Acima de $10: requer ADR
+1. Estimate monthly resource costs
+2. Verify it's within approved limits:
+   - Free tier: no approval needed
+   - Up to $10/month: requires confirmation
+   - Above $10: requires ADR
 
 ---
 
-## Exemplo de Uso
+## Usage Example
 
 ```
-Usuário: /morph-infra init
-Claude: Criando estrutura IaC...
+User: /morph-infra init
+Claude: Creating IaC structure...
         - infra/main.bicep
         - infra/parameters.dev.json
         - infra/modules/*.bicep
-        Pronto! Execute /morph-infra validate para verificar.
+        Done! Run /morph-infra validate to verify.
 
-Usuário: /morph-infra plan dev
-Claude: Analisando mudanças para ambiente dev...
+User: /morph-infra plan dev
+Claude: Analyzing changes for dev environment...
 
-        CRIAR:
+        CREATE:
         + Container App Environment
         + Container App
         + SQL Server (Free)
@@ -189,14 +195,14 @@ Claude: Analisando mudanças para ambiente dev...
         + Key Vault
         + Application Insights
 
-        CUSTO ESTIMADO: ~$0/mês (Free tier)
+        ESTIMATED COST: ~$0/month (Free tier)
 
-        Aprovar deploy? (sim/não)
+        Approve deploy? (yes/no)
 
-Usuário: sim
-Claude: Executando deploy...
-        ✓ Resource Group criado
-        ✓ Deploy concluído em 3m 45s
+User: yes
+Claude: Executing deploy...
+        ✓ Resource Group created
+        ✓ Deploy completed in 3m 45s
 
         OUTPUTS:
         - URL: https://myapp-dev.azurecontainerapps.io

package/framework/commands/morph-preflight.md

@@ -1,34 +1,76 @@
+---
+description: Validate project readiness before Azure deploy — checks specs, contracts, tests, and infrastructure
+argument-hint: [feature-name]
+allowed-tools: Read, Bash, Glob, Grep
+---
+
 # Pre-Flight Check for Azure Deployment
 
 Validates project readiness before deploying to Azure.
 
-## Uso
+## Usage
 
 ```
 /morph-preflight azure
 ```
 
-## Objetivo
+## Purpose
+
+Detect problems **before** deploy that would cause production failures. Saves time and avoids debugging in Azure environment.
+
+---
+
+## MORPH-SPEC Validation (run before all other checks)
+
+These checks verify that the morph-spec workflow is complete for the feature being deployed. Skip only if deploying a non-morph-spec project.
+
+```bash
+# Verify implementation is complete
+npx morph-spec state get {feature}
+npx morph-spec approval-status {feature}
+npx morph-spec validate-feature {feature}
+```
+
+| Check | Command | Pass Criteria |
+|-------|---------|---------------|
+| Phase is implement or later | `state get` | phase derived as `implement` |
+| All gates approved | `approval-status` | design, plan, tasks gates all approved |
+| Feature validation passes | `validate-feature` | 100% pass rate |
+| All tasks complete | `state get` → tasks array | 0 tasks in `pending` or `in_progress` |
+| Recap generated | Read `5-implement/recap.md` | File exists and is non-empty |
+
+**If any MORPH check fails:** Show which check failed and recommend: `Run /morph-apply {feature} to complete implementation before deploying.`
+
+---
+
+## Test Suite (run before infrastructure checks)
+
+```bash
+dotnet test --verbosity normal
+```
 
-Detectar problemas **antes** do deploy que causariam falhas em produção. Economiza tempo e evita debugging em ambiente Azure.
+**Pass criteria:** 100% test pass rate. Zero tolerance — any failing test blocks deployment. If tests fail, categorize each failure:
+- **Genuine bug** → fix implementation
+- **Flaky/environment test** → isolate and fix
+- **Outdated assertion** → update test to match correct new behavior
 
 ---
 
-## Validações Executadas
+## Validations Performed
 
 ### 1. Package Version Conflicts
 
-**O que verifica:**
-- `Azure.Identity` especificado explicitamente
-- Sem conflitos de versão (NU1605, NU1608)
-- Packages críticos com versões compatíveis
+**What it checks:**
+- `Azure.Identity` explicitly specified
+- No version conflicts (NU1605, NU1608)
+- Critical packages with compatible versions
 
-**Como verificar:**
+**How to check:**
 ```bash
 dotnet restore --verbosity normal 2>&1 | grep -E "(NU1605|NU1608|warning)"
 ```
 
-**Fix comum:**
+**Common fix:**
 ```xml
 <PackageReference Include="Azure.Identity" Version="1.14.2" />
 ```
@@ -37,19 +79,19 @@ dotnet restore --verbosity normal 2>&1 | grep -E "(NU1605|NU1608|warning)"
 
 ### 2. EF Core Migrations
 
-**O que verifica:**
-- Sem pending model changes
-- Migrations aplicáveis existem
-- Migration scripts são válidos
+**What it checks:**
+- No pending model changes
+- Applicable migrations exist
+- Migration scripts are valid
 
-**Como verificar:**
+**How to check:**
 ```bash
 dotnet ef migrations has-pending-model-changes \
   --project src/Infrastructure \
   --startup-project src/Web
 ```
 
-**Fix comum:**
+**Common fix:**
 ```bash
 dotnet ef migrations add <MigrationName> \
   --project src/Infrastructure \
@@ -58,30 +100,30 @@ dotnet ef migrations add <MigrationName> \
 
 ---
 
-### 3. Dockerfile Validation (se Container Apps)
+### 3. Dockerfile Validation (if Container Apps)
 
-**O que verifica:**
-- Dockerfile existe
-- Base image é válida
-- Multi-stage build configurado
-- EXPOSE ports corretos
-- ENTRYPOINT definido
+**What it checks:**
+- Dockerfile exists
+- Base image is valid
+- Multi-stage build configured
+- EXPOSE ports correct
+- ENTRYPOINT defined
 
-**Como verificar:**
+**How to check:**
 ```bash
 docker build --check .
-# Ou validação manual do Dockerfile
+# Or manual Dockerfile validation
 ```
 
 ---
 
 ### 4. Blazor .NET 10 Assets
 
-**O que verifica:**
-- `RequiresAspNetWebAssets` está `true` (se Blazor + .NET 10)
-- Static web assets configurados corretamente
+**What it checks:**
+- `RequiresAspNetWebAssets` is `true` (if Blazor + .NET 10)
+- Static web assets configured correctly
 
-**Como verificar:**
+**How to check:**
 ```bash
 grep -r "RequiresAspNetWebAssets" *.csproj
 ```
@@ -97,12 +139,12 @@ grep -r "RequiresAspNetWebAssets" *.csproj
 
 ### 5. Bicep Syntax Validation
 
-**O que verifica:**
-- Arquivos `.bicep` sem erros de sintaxe
-- Parâmetros obrigatórios definidos
-- Resources com nomes válidos
+**What it checks:**
+- `.bicep` files without syntax errors
+- Required parameters defined
+- Resources with valid names
 
-**Como verificar:**
+**How to check:**
 ```bash
 az bicep build --file infra/main.bicep --stdout > /dev/null
 ```
@@ -111,20 +153,20 @@ az bicep build --file infra/main.bicep --stdout > /dev/null
 
 ### 6. Key Vault Configuration
 
-**O que verifica:**
-- Key Vault URI configurado em `appsettings.json` ou environment
-- Não condiciona Key Vault ao ambiente (bug comum)
-- Managed Identity habilitada
+**What it checks:**
+- Key Vault URI configured in `appsettings.json` or environment
+- Key Vault not conditioned on environment (common bug)
+- Managed Identity enabled
 
-**Como verificar:**
+**How to check:**
 ```bash
 grep -r "KeyVaultUri\|AzureKeyVault" appsettings*.json
 grep -r "IsDevelopment()" Program.cs | grep -i keyvault
 ```
 
-**Anti-pattern a detectar:**
+**Anti-pattern to detect:**
 ```csharp
-// ❌ ERRADO - Não carrega Key Vault em dev!
+// ❌ WRONG - Doesn't load Key Vault in dev!
 if (!builder.Environment.IsDevelopment())
 {
     builder.Configuration.AddAzureKeyVault(...);
@@ -135,20 +177,20 @@ if (!builder.Environment.IsDevelopment())
 
 ### 7. Connection Strings Security
 
-**O que verifica:**
-- Connection strings não hardcoded em código
-- Secrets em Key Vault ou User Secrets
-- Sem credentials em `appsettings.json` (exceto Development)
+**What it checks:**
+- Connection strings not hardcoded in code
+- Secrets in Key Vault or User Secrets
+- No credentials in `appsettings.json` (except Development)
 
-**Como verificar:**
+**How to check:**
 ```bash
-# Detectar passwords em appsettings
+# Detect passwords in appsettings
 grep -rE "(Password=|Pwd=|Secret=)" appsettings*.json | grep -v Development
 ```
 
 ---
 
-## Output Exemplo
+## Example Output
 
 ```
 🔍 MORPH Pre-Flight Check: Azure Deployment
@@ -175,15 +217,15 @@ Recommended fixes:
 
 ---
 
-## Workflow de Uso
+## Usage Workflow
 
-### Antes de criar PR para produção
+### Before creating PR for production
 
 ```bash
 /morph-preflight azure
 ```
 
-### No pipeline CI/CD
+### In CI/CD pipeline
 
 ```yaml
 - script: |
@@ -206,9 +248,9 @@ Recommended fixes:
 
 ---
 
-## Validações Futuras (Roadmap)
+## Future Validations (Roadmap)
 
-- [ ] Cost estimation validation (dentro do budget)
+- [ ] Cost estimation validation (within budget)
 - [ ] RBAC permissions check
 - [ ] Network security rules validation
 - [ ] Health probe endpoint exists
@@ -216,9 +258,9 @@ Recommended fixes:
 
 ---
 
-## Referências
+## References
 
-- [azure.md](../../standards/azure.md) - Padrões Azure
+- [azure.md](../../standards/azure.md) - Azure Standards
 - [dotnet10-migration.md](../../standards/dotnet10-migration.md) - Breaking changes .NET 10
 - [blazor-efcore.md](../../../../framework/standards/blazor-efcore.md) - EF Core patterns