[CLAUDE] Docs+Skill: chốt session 6 — 3 skill refresh + 2 rule audit định kỳ

Pure docs work — 0 thay đổi code/test. 77 test vẫn pass (Domain 54 + Infra 23).

3 skill refresh stale (audit định kỳ §6.4 + §9.4 phát hiện):
- form-engine: "Phase 2 MVP missing PDF + form builder" → "Tier 3 feature-complete"
  + bỏ section duplicate "Gen mã HĐ chưa implement" (đã DONE Phase 3+6)
- permission-matrix: 12 menu cũ → ~60 menu key (Bg_*/Pe_*/PeWf_*/Catalogs)
  + inheritance roots 4 group + Budgets KHÔNG inherit (gotcha #35)
- ef-core-migration: "24 DbSet" → "52 bảng (15 migration)"

2 rule mới chốt:
- rules.md §6.4 — Audit + compact MD định kỳ (cadence + checklist + anti-pattern)
  Triết lý: KHÔNG rewrite toàn bộ. Compact + patch drift.
  Cron solution-erp-skill-audit-monthly mở rộng scope (skill + doc drift combined)
- rules.md §9.4 mở rộng cross-ref §6.4

Update STATUS Session 7+ priority + HANDOFF cảnh báo session 7 + migration-todos
Phase 9 Session 6 done sub.

Cron 2026-05-01 fire mai → combined audit theo checklist §6.4 + §9.4.

Session log đầy đủ: docs/changelog/sessions/2026-04-30-chot-session-6-md-audit-compact.md

Commit MD-only → CI skip (path filter gotcha #41).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.claude/skills/ef-core-migration/SKILL.md

@@ -226,14 +226,14 @@ sqlcmd -S .\SQLEXPRESS -d SolutionErp -U vrapp -P <pw> -i migrate.sql
 
 ## Code pointers
 
-- `src/Backend/SolutionErp.Infrastructure/Persistence/ApplicationDbContext.cs` — 24 DbSet
+- `src/Backend/SolutionErp.Infrastructure/Persistence/ApplicationDbContext.cs` — DbSet cho 52 bảng (15 migration)
 - `src/Backend/SolutionErp.Infrastructure/Persistence/DesignTimeDbContextFactory.cs` — EF tooling factory
-- `src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs` — seed + warn + migrate runtime
-- `src/Backend/SolutionErp.Infrastructure/Persistence/Configurations/` — 24 IEntityTypeConfiguration
+- `src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs` — seed + warn + migrate runtime + backfill (idempotent reconcile pattern)
+- `src/Backend/SolutionErp.Infrastructure/Persistence/Configurations/` — IEntityTypeConfiguration<T> per entity
 - `src/Backend/SolutionErp.Application/Common/Interfaces/IApplicationDbContext.cs` — interface Application layer
 
 ## Related
 
 - `docs/database/database-guide.md` — conventions + migration workflow chi tiết
-- `docs/database/schema-diagram.md` — ERD 24 bảng
-- `docs/gotchas.md` #7, #17 — migration pitfalls
+- `docs/database/schema-diagram.md` — **ERD 52 bảng** + §11 PE module + §12 Budget module + §13 PEDeptOpinions
+- `docs/gotchas.md` #7, #17, #38 — migration pitfalls + Identity 4-field rename

.claude/skills/form-engine/SKILL.md

@@ -12,8 +12,9 @@ when-to-use:
 
 # Form Engine Skill
 
-> **Status:** Phase 2 implemented (MVP — placeholder replace cơ bản).
-> **Missing:** loop `{{#loop}}...{{/loop}}` cho table lặp, field spec JSON, PDF convert, form builder FE.
+> **Status (post Session 6 — 2026-04-30):** Tier 3 FEATURE-COMPLETE.
+> ✅ Placeholder replace + split-runs handling, ✅ FieldSpec JSON, ✅ Form builder FE (admin upload), ✅ DynamicForm renderer (Form↔JSON toggle), ✅ PDF export qua LibreOffice headless, ✅ .doc/.xls auto-convert tới .docx/.xlsx.
+> **Missing (low priority):** loop `{{#loop}}...{{/loop}}` cho table lặp (chưa cần — 8 form hiện không có table dynamic), Export PE phiếu PDF (Phase 9 carry over, không quan trọng).
 
 ## Tech stack
 
@@ -99,14 +100,12 @@ foreach (var para in root.Descendants<Paragraph>()) {
 
 ## Known limitations
 
-| # | Limitation | Phase fix |
+| # | Limitation | Status |
 |---|---|---|
-| 1 | Không support `{{#loop}}...{{/loop}}` cho table lặp | Phase 2 iteration 2 |
-| 2 | Không có field spec JSON — form builder FE phải điền JSON thủ công | Phase 2 iteration 2 |
-| 3 | 3 file `.doc` (FO-002.02/03/06) chưa convert → IsActive=false | Convert offline qua Word COM |
-| 4 | Không có PDF convert → preview chỉ download .docx | Phase 4 |
-| 5 | Không handle `.docm` (macro) — chỉ accept `.docx` / `.xlsx` | By design |
-| 6 | Không convert format trong template (vd number → `150,000,000 VND`) — BE phải format trước khi pass data | Phase 3 khi gen mã HĐ |
+| 1 | Không support `{{#loop}}...{{/loop}}` cho table lặp | Pending (chưa cần) |
+| 2 | Không handle `.docm` (macro) — chỉ accept `.docx` / `.xlsx` | By design (security) |
+| 3 | BE phải format số/tiền trước khi pass data (template không format) | By design — caller responsibility |
+| 4 | PE Export phiếu PDF chưa wire | Phase 9 carry over (không quan trọng) |
 
 ## Common pitfalls (xem gotchas.md)
 
@@ -116,15 +115,8 @@ foreach (var para in root.Descendants<Paragraph>()) {
 - **SaveAs type conversion** — gotcha #11
 - **Template file không tồn tại** → throw `NotFoundException` ở RenderCommandHandler
 
-## Gen mã HĐ (RG-001) — chưa implement (Phase 3)
+## Gen mã HĐ (RG-001) — DONE Phase 3 + Phase 6 PE
 
-Xem [`docs/forms-spec.md §RG-001`](../../../docs/forms-spec.md). Tóm tắt format:
+Đã implement: `ContractCodeGenerator` + `PurchaseEvaluationCodeGenerator` (atomic SERIALIZABLE). Detail trong skill `contract-workflow` (HĐ) + format PE `PE/{YYYY}/{A|B}/{Seq:D3}`. 17 unit test cover (Infrastructure.Tests/Services).
 
-| Loại HĐ | Format |
-|---|---|
-| HĐ Thầu phụ | `{Project}/HĐTP/SOL&{Partner}/{Seq}` |
-| HĐ Giao khoán | `{Project}/HĐGK/SOL&{Partner}/{Seq}` |
-| HĐ NCC | `{Project}/NCC/SOL&{Partner}/{Seq}` |
-| HĐ Nguyên tắc | `{Year}/NCC/SOL&{Partner}/{Seq}` |
-
-Planned implementation: `IContractCodeGenerator.GenerateAsync()` với transaction SERIALIZABLE + `ContractCodeSequences` table để tránh race.
+Xem [`docs/forms-spec.md §RG-001`](../../../docs/forms-spec.md) cho format spec từng ContractType.

.claude/skills/permission-matrix/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: permission-matrix
-description: Hệ thống phân quyền Role × MenuKey × CRUD. Seed 12 menu + admin full. FE PermissionGuard + usePermission. BE AuthorizationHandler + 48 policy. Dùng khi debug access denied, gán role, menu không hiện.
+description: Hệ thống phân quyền Role × MenuKey × CRUD. ~60 menu key (12 root + Ct_*/Wf_*/Pe_*/PeWf_*/Bg_*/Catalogs). FE PermissionGuard + usePermission. BE AuthorizationHandler + ~240 policy. Dùng khi debug access denied, gán role, menu không hiện, inheritance không work.
 when-to-use:
   - "permission denied"
   - "access denied"
@@ -8,20 +8,19 @@ when-to-use:
   - "gán role cho user"
   - "seed permission"
   - "permission matrix edit"
+  - "menu inheritance không work"
 ---
 
 # Permission Matrix Skill
 
-> **Status:** Phase 1 đợt 2 IMPLEMENTED + extended qua các phase sau (28 Ct_* + 7 Wf_* + Phase 6 thêm 13 Pe_*/PeWf_*).
+> **Status (post Session 6 — 2026-04-30):** Phase 1 đợt 2 base + extended qua mọi phase. ~60 menu key total:
+> - Core: Dashboard / Master+3 leaves / Forms / Reports / System+Users/Roles/Permissions (12 base)
+> - Contracts root + 28 Ct_* (7 type × {Group/List/Create/Pending}) + Workflows root + 7 Wf_*
+> - PurchaseEvaluations root + 6 Pe_* (2 type × 3 action) + PeWorkflows root + 2 PeWf_*
+> - Budgets root + 3 Bg_* (List/Create/Pending)
+> - Catalogs group + 4 leaves (Units/Materials/Services/WorkItems)
 >
-> **Phase 6 cross-ref (2026-04-23):** Thêm menu keys module Duyệt NCC:
-> - `PurchaseEvaluations` (root group) + `PeWorkflows` (admin root, WIP)
-> - `Pe_<Code>_<Action>` cho 2 type × 3 action = 6 leaf
->   (`Pe_DuyetNcc_List/Create/Pending`, `Pe_DuyetNccPhuongAn_List/Create/Pending`)
-> - `PeWf_<Code>` cho admin designer UI (FE chưa build)
-> - Inheritance: `PurchaseEvaluations.Read` → auto grant Pe_* descendants (pattern Contracts → Ct_*)
-> - FE resolver Layout.tsx: `Pe_<Code>_List` → `/purchase-evaluations?type=N` (1=NccOnly / 2=NccWithPlan)
-> - **TODO session tiếp:** grant non-admin role `PurchaseEvaluations.Read` qua `/system/permissions` để user thấy menu Pe_*.
+> **Inheritance roots (4 group, gotcha #35):** `Contracts` → Ct_*, `Workflows` → Wf_*, `PurchaseEvaluations` → Pe_*, `PeWorkflows` → PeWf_*. Khi thêm root mới có children → PHẢI extend 3 chỗ trong `GetMyMenuTreeQuery` (xem gotcha #35). Budgets KHÔNG inherit (Bg_* phải grant tay).
 
 ## Model
 
@@ -35,26 +34,40 @@ User ────< UserRoles ────< Role ────< Permissions ──
 - Union (OR) nhiều role → user có quyền nếu **bất kỳ role nào** cho quyền đó
 - Admin role → **bypass** check (luôn pass mọi policy)
 
-## Menu tree (seed)
-
-12 menu trong `MenuKeys.All`:
+## Menu tree (seed — ~60 key sau Phase 8)
 
 ```
 Dashboard
 Master
   ├── Suppliers
   ├── Projects
-  └── Departments
-Contracts
+  ├── Departments
+  └── Catalogs (group)
+       ├── UnitsOfMeasure
+       ├── MaterialItems
+       ├── ServiceItems
+       └── WorkItems
+Contracts (root inherit)
+  └── Ct_<Code>_<Group|List|Create|Pending>   × 7 type = 28 leaf
 Forms
+PurchaseEvaluations (root inherit)
+  └── Pe_<Code>_<List|Create|Pending>          × 2 type = 6 leaf
+Budgets (root, NO inherit — grant tay)
+  ├── Bg_List
+  ├── Bg_Create
+  └── Bg_Pending
 Reports
 System
   ├── Users
   ├── Roles
-  └── Permissions
+  ├── Permissions
+  ├── Workflows (root inherit)
+  │    └── Wf_<Code>                           × 7 type = 7 leaf
+  └── PeWorkflows (root inherit)
+       └── PeWf_<Code>                         × 2 type = 2 leaf
 ```
 
-Tree hierarchy qua `ParentKey` field. Seed trong `DbInitializer.SeedMenuTreeAsync`.
+Tree hierarchy qua `ParentKey` field. Seed trong `DbInitializer.SeedMenuTreeAsync` + Pe/Wf/Bg seeders riêng.
 
 ## Code pointers