Histórico append-only

Changelog

CHANGELOG, Mudanças no Framework

Registro append-only de mudanças no framework. Module added/renamed/removed, prereqs alterados, capstones revisados, protocolos atualizados, referências canônicas adicionadas.

Não é changelog de produto Logística (esse é seu repo separado). É changelog do próprio framework como artefato.

Formato: [YYYY-MM-DD] | tipo | descrição em ordem cronológica reversa (mais recente no topo).

Tipos:

add: módulo, capstone, meta, protocolo novo.
edit: conteúdo alterado em arquivo existente.
rename: arquivo renomeado.
remove: arquivo deletado.
prereqs: dependências de módulo alteradas.
capstone: escopo de capstone alterado.
protocol: STUDY-PROTOCOL ou MENTOR.md alterado.
ref: adição em reading-list ou elite-references.

2026

2026-05-01, Review wave 29 — runtime, resilience, supply chain (Node profiling deep, Postgres JSONB advanced, chaos engineering practices, OSS supply chain Sigstore, Apache Flink stateful)

Vigésima-nona onda do audit cross-stage. Foca em runtime/resilience/supply chain — frentes Senior+ com código copy-paste-pronto, decision trees pragmáticos, numbers reais 2026 e anti-patterns observados em produção.

edit framework/02-plataforma/02-07-nodejs-internals.md §2.19, performance profiling deep — clinic.js, 0x flamegraphs, V8 deopts, heap snapshots — profiling stack 2026 (clinic.js 13+ NearForm Doctor + Bubbleprof + Flame + Heap; 0x 5+ single-tool flamegraph; node --inspect Chrome DevTools; --cpu-prof / --heap-prof built-in; Pyroscope/Parca continuous; autocannon NearForm load); clinic.js workflow Doctor-first investigation (categorizes EventLoop/GC/IO/CPU + recommends next tool); 0x flamegraph reading (width ∝ CPU; depth call stack); V8 deoptimization detection (--trace-deopt; common causes polymorphic call sites + try/catch hot loops + arguments + with/eval + prototype mutation); pattern Logística fix polymorphic deopt monomorphic interface PricedItem; heap snapshots memory leaks (v8.writeHeapSnapshot + --heapsnapshot-near-heap-limit; 2-snapshot comparison view; retention path GC root); continuous profiling production Pyroscope (~1-2% CPU overhead; aggregated flamegraphs UI; diff over time); profiling production safely (sampling vs tracing; single instance behind LB drain; avoid synthetic dev data); investigation real Logística (orders endpoint p99 100ms → 800ms post v3.4; clinic Doctor → event loop blocking; Flame → JSON.parse 60% CPU; refactor selective fields; p99 back 95ms; Pyroscope continuous catches v3.5 within 1h); 10 anti-patterns observados.
edit framework/02-plataforma/02-09-postgres-deep.md §2.22, JSONB advanced patterns — jsonpath, GIN indexes, expression indexes, jsonb_path_query 2026 — JSONB vs JSON vs schema (JSONB binary parsed once + indexed; JSON text preserves order slow parse; schema wins known fields; hybrid structured + JSONB extras 80% time); JSONB column setup Logística orders.metadata variable data; JSONB operators Postgres 16+ (-> -> > #> #>> @> <@ ? ?| ?&); GIN indexes jsonb_ops default vs jsonb_path_ops smaller 30% (decision matrix por query patterns); expression indexes index specific path (metadata->>'source'); jsonb_path_query Postgres 12+ mature 2026 SQL/JSON path language (@? path exists + @@ path predicate + jsonb_path_query function + jsonb_path_query_first); JSONB updates partial paths (jsonb_set + concat array + remove key + nested remove #-; atomicity via SELECT FOR UPDATE); performance considerations (TOAST > 2KB rewrite expensive; cap < 2KB hot tables; GIN write 5-30% slowdown; 10M-row @> com GIN ~1-5ms vs sequential ~1-10s); JSONB validation via CHECK enforce schema partial; stack Logística (orders.metadata + GIN jsonb_path_ops + expression index source + jsonb_path_query analytics + CHECK source enum + audit_log JSONB-only details); 10 anti-patterns observados.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.29, chaos engineering practices — Gamedays, ChaosMonkey/Toxiproxy, FIS, blast radius management — why chaos engineering (hypothesis unknown failure modes; Netflix Chaos Monkey 2010; Principles of Chaos manifesto 2014; SRE standard 2026); hierarchy L0-L4 (manual tabletop → controlled gameday → automated game days → continuous chaos → production chaos Netflix-tier); tools 2026 (Chaos Monkey legacy; AWS FIS managed; Gremlin commercial; Litmus CNCF K8s-native CRDs; Chaos Mesh CNCF; Toxiproxy Shopify network-layer integration tests; PowerfulSeal); Toxiproxy pattern Logística integration tests completo (latency 500ms + jitter; disable Redis test fallback memory cache); AWS FIS experiment template JSON Logística terminate 1 EC2 ordersAsg + stop conditions CloudWatch alarm; K8s chaos via Litmus YAML pod-delete 20%; gameday playbook (pre 1 week define hypothesis + blast radius + stop criteria + notify ops + identify observers; day 30min preflight + single failure first + 15-30min observe + halt criteria + deliberate rollback; post document findings + action items P0/P1 Linear); blast radius management (staging-first; single dimension; smallest scope first; time-bounded auto-rollback; reversible failures preferred; observed full monitoring); programa Logística Q1-Q4 trimestral (Toxiproxy CI integration → monthly staging gameday → AWS FIS continuous staging → first production gameday); common findings (cascade failures + retry storms + connection pool starvation + timeout > caller + missing fallbacks + health check too strict); 10 anti-patterns observados.
edit framework/04-sistemas/04-15-oss-maintainership.md §2.19, OSS supply chain security — Sigstore, OIDC trusted publishers, SBOM, provenance attestations — supply chain attacks 2020-2026 timeline (SolarWinds 2020 18k orgs; event-stream 2018; Log4Shell 2021; 3CX 2023; xz-utils 2024 3-year social engineering; pattern trust chain breaks); Sigstore keyless signing (OIDC-based GitHub Actions/Google OAuth; Cosign CLI + Fulcio CA short-lived 10min certs + Rekor transparent log); GitHub Actions Sigstore signing pattern YAML completo (id-token: write OIDC + npm publish --provenance flag npm 9.5+); Cosign for container images (sign keyless OIDC + syft SBOM + cosign attest CycloneDX + verify-attestation); SBOM (CycloneDX OWASP vs SPDX Linux Foundation; Syft + CycloneDX CLI + SPDX SBOM generator; vulnerability scan + license audit + executive order 14028 mandates); OIDC trusted publishers npm + PyPI 2024+ (registry verifies OIDC token directly; no secret needed; even repo compromise can't publish from arbitrary workflow); aplicação Logística @logistica/idempotency-kit (release pipeline OIDC + npm provenance + cosign sign + SBOM CycloneDX attested + trusted publisher tags only + npm audit signatures consumers); SLSA framework levels (L0 no requirements; L1 documented + provenance; L2 hosted build + signed provenance; L3 hardened auditable; L4 reproducible 2-person review; 2026 industry target L2 minimum); continuous vulnerability scanning (Grype/Trivy/Snyk static + VEX false positives + Dependabot/Renovate auto-PR); 10 anti-patterns observados.
edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.19, Apache Flink stateful streaming deep — watermarks, savepoints, CEP, exactly-once — Flink vs Kafka Streams vs Spark Streaming decision (Flink dedicated runtime sub-millisecond complex state; Kafka Streams library Kafka-only Java simpler; Spark micro-batch 100ms-2s polyglot ML pipelines); Flink core concepts 2026 (DataStream API typed; Table API + SQL; State ValueState/ListState/MapState keyed RocksDB; Watermarks event-time progress; Checkpoints periodic snapshots S3/HDFS recovery; Savepoints manual upgrades preserve state); watermark fundamentals (event time vs processing time; W(t) assertion; late events dropped or side output; allowed lateness grace); watermark generation Java (BoundedOutOfOrderness Duration.ofSeconds(30) com Logística courier ping device; MonotonousTimestamps faster but error-prone); stateful operators with keyed state (CourierIdleDetector KeyedProcessFunction completo Java com ValueState lastPingTime + event-time timer 10min; sinkTo alertsSink); CEP Complex Event Processing patterns (Logística fraud detection 3 cancellations within 5min Pattern.begin/followedBy/within); exactly-once semantics Flink + Kafka 2PC (pre-commit + commit after checkpoint + recovery from last checkpoint; transactionTimeout < transaction.max.timeout.ms); savepoints upgrade with state (flink savepoint + cancel + run -s restore; operator UID required state migration; schema evolution Avro/JSON Schema); stack Logística (Kafka source + 4 Flink jobs CourierIdleDetector + FraudPatternDetector CEP + OrderJoinEnrichment + RealtimeMetrics → ClickHouse; RocksDB state backend + S3 checkpoints 60s + savepoints nightly + 3-node TaskManager K8s ~$300/mês); 10 anti-patterns observados.

2026-05-01, Review wave 28 — advanced craft (React Compiler + state mgmt 2026, Lambda runtime + EventBridge, zero trust + mTLS service mesh, LLM eval + fine-tuning, graph algorithms applied)

Vigésima-oitava onda do audit cross-stage. Foca em advanced craft — frentes Senior+ com código copy-paste-pronto, decision trees pragmáticos, numbers reais 2026 e anti-patterns observados em produção.

edit framework/02-plataforma/02-04-react-deep.md §2.14, React Compiler (RC) + state management 2026 — Zustand vs Jotai vs Valtio vs Redux Toolkit — React Compiler stable 2024+/2025 default-enabled em Next.js 15+ Remix 2026 (auto-memoization compiler detects pure components/values; auto-wraps memo/useMemo/useCallback equivalents; 90%+ manual annotations become unnecessary; migration via Babel plugin + codemod); configuration Next.js 15+ experimental.reactCompiler true + babel-plugin-react-compiler; what RC does (tracks dependencies; component memoization auto + stable callbacks); what RC does NOT (side effects useEffect; useSyncExternalStore; async; refs/forwardRef; eslint-plugin-react-compiler flags Rules of React violations); state management 2026 landscape (useState/useReducer + Context API + Zustand 5+ ~3KB selector hooks + Jotai 2.10+ atoms granular + Valtio 2+ proxy mutate-style + Redux Toolkit 2 enterprise + TanStack Query 5.60+ server state); Zustand pattern Logística completo (devtools + persist + selector); Jotai pattern (atoms + atomWithStorage + derived auto-computed); Valtio pattern (proxy mutate + useSnapshot); decision matrix por bundle/API style/devtools; server state vs UI state separation (TanStack Query for server; Zustand/Jotai for UI; anti-pattern storing server data em Redux/Zustand sem invalidation); stack Logística (TanStack Query orders/couriers/dashboard; Zustand stores per feature; Jotai theme/locale/sidebar; React Compiler enabled removed 80% manual memos via codemod); 10 anti-patterns observados.
edit framework/03-producao/03-05-aws-core.md §2.22, Lambda runtime tuning + EventBridge schemas + Step Functions vs Lambda choreography — Lambda runtime decision 2026 (Node 22 LTS + JIT warmup ~50-100ms; Python 3.13 data/ML; Java 21 SnapStart cold start ~200ms was 2-5s; Go via custom runtime ~50-100ms; Rust cargo-lambda 10-30ms smallest binary; Bun experimental); cold start optimization (memory = vCPU proportional; Power Tuning Step Function sweet spot; Provisioned Concurrency pre-warmed; SnapStart 10x faster); Lambda function URL vs API Gateway HTTP API v2 $1/1M; Lambda Powertools production-grade utilities (structured logging + tracing + metrics + idempotency middy stack) com pattern Logística; EventBridge fundamentals (event bus + rules pattern → targets; Schema Registry auto-generate code bindings; Archive + Replay 14d-1y); schema-first event design Logística OrderPlaced versioned; EventBridge Pipes 2022+ (source → filter → enrich → target); Step Functions vs Lambda choreography decision tree; Step Functions ASL JSON Logística order saga completo (ReserveInventory + ChargePayment + AssignCourier + compensation Catch); Express vs Standard cost ($25/M Express vs $0.025/1k Standard); stack Logística serverless ($50-200/mês 10k orders/dia); 10 anti-patterns observados.
edit framework/03-producao/03-08-applied-security.md §2.22, zero trust architecture + mTLS service mesh (SPIFFE/SPIRE, Istio, Linkerd) production — Zero Trust NIST SP 800-207 (every request authenticated + authorized "never trust always verify"; Google BeyondCorp 2014 pioneered; standard cloud-native enterprises 2026); workload identity SPIFFE/SPIRE CNCF graduated 2022 (SPIFFE ID URI; SVID X.509/JWT; attestation auto K8s ServiceAccount/AWS instance role; rotation 1h auto); mTLS deep (mutual TLS confidentiality + authenticity intra-service; service mesh sidecar proxy transparent vs app-level boilerplate); service mesh comparison 2026 (Istio Envoy heavy ~5-10ms p99; Linkerd Rust micro-proxy light ~1-2ms; Cilium eBPF kernel-level; AWS App Mesh; Consul Connect); Linkerd setup simplest path completo (linkerd install + annotate namespace inject); Istio AuthorizationPolicy cross-service authz default deny + explicit allow ServiceAccounts; Network Policies K8s + Cilium L7 HTTP path filtering; zero trust user-side BeyondCorp model (Cloudflare Access/Pomerium/AWS Verified Access; SSO; device posture; continuous verification); stack Logística (K8s + Linkerd auto mTLS; AuthorizationPolicy; Cilium L3/L4 + L7; API Gateway edge OAuth2; PostgreSQL sslmode=verify-full + IAM auth); 10 anti-patterns observados.
edit framework/04-sistemas/04-10-ai-llm.md §2.22, LLM evaluation deep + fine-tuning decision tree (LoRA, PEFT, RLHF) — when each wins 2026 — eval hierarchy 6 levels (L0 eyeball; L1 golden dataset regression threshold; L2 LLM-as-judge; L3 online eval 1-5% async; L4 human review panel weekly; L5 A/B test); eval frameworks 2026 (RAGAS Python; DeepEval pytest; Promptfoo CLI YAML; OpenAI Evals; LangSmith; Phoenix); Promptfoo example completo Logística intent classification + assertions; fine-tuning decision tree (NÃO se < 1000 examples + prompt não exhausted + general; SIM se specific output format + domain language + latency/cost-critical); techniques (full FT $1k-100k; LoRA 1% params $10-100; QLoRA 4-bit consumer GPU; PEFT umbrella; DPO simpler RLHF); OpenAI/Anthropic fine-tuning APIs (gpt-4o-mini ~$3/1M training tokens + 2x base inference); self-hosted LoRA Llama Python completo (transformers + peft + trl; 70B 1x H100 80GB; 4-bit 1x A100 40GB; ~$5-50 per run); decision Prompt eng vs RAG vs Fine-tune (prompt first 80%; RAG current/specific; fine-tune structured output + cost/latency); Logística applied (golden 300; CI gate regression > 2% block; online 5% async; intent classifier fine-tuned gpt-4o-mini 5k labeled → 5x cost + 200ms vs 800ms); 10 anti-patterns observados.
edit framework/02-plataforma/02-16-graph-databases.md §2.17, graph algorithms applied (PageRank, community detection, shortest path, fraud rings) — why graph algorithms (SQL recursive CTEs wall beyond 3 hops + 100k nodes; scale millions + complex traversals); tools 2026 (Neo4j GDS 60+ algorithms; Memgraph MAGE OSS; Apache AGE Postgres immature; NetworkX Python <100k; GraphFrames Spark distributed billions; TigerGraph enterprise); PageRank Logística most influential lojistas + dampingFactor 0.85; community detection (Louvain hierarchical + Label Propagation faster + Leiden improvement); pattern courier collaboration clusters; shortest path Dijkstra weighted + Yen's k-shortest top-K alternative routes; fraud detection cycle finding com depth limit; pattern referral fraud rings 3-cycle; centrality (betweenness bridges + closeness + eigenvector); link prediction (Common Neighbors + Adamic-Adar); pattern courier-courier collaboration suggestions; GraphRAG 2024+ (entity + relationship extraction + traverse graph enrich LLM; Microsoft OSS); stack Logística (Neo4j 5.x + GDS; recommendation PageRank + Common Neighbors; fraud nightly cycle + Louvain; route Yen's; Aura ~$200/mo OR self-host $100/mo); 10 anti-patterns observados.

2026-05-01, Review wave 27 — engineering mastery (Fastify + Hono plugin authoring, Redis Lua + Functions 7, visual regression + Playwright, Strangler Fig migration, HATEOAS + HTMX)

Vigésima-sétima onda do audit cross-stage. Foca em engineering mastery — frentes Senior+ com código copy-paste-pronto, decision trees pragmáticos, numbers reais 2026 e anti-patterns observados em produção.

edit framework/02-plataforma/02-08-backend-frameworks.md §2.19, plugin authoring deep — Fastify encapsulation, Hono middleware composition, type-safe DI patterns — Fastify encapsulation model deep (each plugin own context; fastify-plugin wrapper skip encapsulation; decorators + module augmentation typed access; hooks lifecycle onRequest → preParsing → preValidation → preHandler → preSerialization → onSend → onResponse → onError); plugin pattern Logística db.plugin.ts completo com Drizzle + onClose graceful shutdown; plugin with dependencies (auth depends on db; dependencies array runtime check); encapsulated routes sub-app pattern (each prefix encapsulated; auth scoped); Zod schemas typed (compile-time + runtime validation + auto OpenAPI); Hono 4+ middleware composition (Variables generic typed; logger + cors + jwt + csrf middlewares); Hono custom middleware authoring (createMiddleware factory + tenant resolver subdomain); type-safe DI alternatives 2026 (Awilix vanilla; tsyringe Microsoft decorators; NestJS full framework; framework-native Fastify decorators / Hono Variables sweet spot até ~50 routes); plugin testing app.inject in-process; stack Logística (Fastify plugins db/auth/tenant/audit/metrics/errorHandler + encapsulated routes /orders/couriers/admin/webhooks; Hono alternative edge functions; OpenAPI auto-gen Zod + @fastify/swagger-ui); 10 anti-patterns observados.
edit framework/02-plataforma/02-11-redis.md §2.20, Lua scripting advanced + Redis Functions 7+ + atomic compound operations — why Lua scripting (atomicity single execution context; latency 1 round-trip vs N; consistency read-then-write sem race; use cases distributed locks + rate limiters + atomic counters + conditional updates); EVAL vs EVALSHA (full script vs SHA1 lookup pre-cached; SCRIPT LOAD pre-load; clients ioredis abstract NOSCRIPT retry); atomic counter rate limit fixed window completo Lua + ioredis call; sliding window rate limit (sorted set + ZREMRANGEBYSCORE + ZCARD + ZADD com timestamp + unique request ID); distributed lock Redlock-lite acquire/release (token-based release prevents accidental); idempotency key with response cache; Redis Functions 7+ (Library named collection persisted across restarts vs scripts re-load; FUNCTION LOAD + FCALL; replication library + RDB/AOF; performance same as Lua); compound operations (move courier between zones atomically; SISMEMBER + SREM + SADD); pegadinhas (SCRIPT KILL doesn't work after writes; long scripts block single-threaded; redis.call vs redis.pcall; no RANDOMKEY non-deterministic; cluster KEYS same hash slot via tag); stack Logística (rate limiting sliding window per IP+user_id ~5μs/call; idempotency every POST /orders; distributed locks schedule recalc; ~10k calls/sec sustainable ~$50/mo); 10 anti-patterns observados.
edit framework/03-producao/03-01-testing.md §2.20, visual regression testing + Playwright advanced patterns + flake elimination — visual regression when worth it (design systems + critical user-facing pages; NÃO every page + data-driven UI); tools 2026 comparison (Playwright toHaveScreenshot() free integrated E2E; Storybook + Chromatic $149+/mo design systems; Percy $599+/mo cross-browser; Applitools $299+/mo AI-based diff; Reg-suit OSS; BackstopJS legacy); Playwright toHaveScreenshot() practical com mask dynamic content + maxDiffPixelRatio + Docker for CI consistency (mcr.microsoft.com/playwright pin version); Storybook + Chromatic pattern (story per state + viewports + delay; Chromatic auto-detects + PR review UI); Playwright advanced Page Object Model + fixtures (test.extend OrdersPage class with goto/filterByStatus/createOrder methods); flake elimination patterns (NÃO setTimeout; auto-waiting actionable; network-aware waits; retries CI-only; trace viewer debug); common flake sources + fixes (animation race CSS injection; fonts not loaded document.fonts.ready; Date.now mock addInitScript; random IDs deterministic; network flakiness page.route stub); stack Logística (Storybook + Chromatic component visual; Playwright toHaveScreenshot 3 critical pages; 8 E2E flows POM + fixtures; Maestro mobile 10 flows; Playwright Docker container ~12min CI suite); 10 anti-patterns observados.
edit framework/04-sistemas/04-08-services-monolith-serverless.md §2.22, Strangler Fig migration deep — extracting services from monolith without downtime — Strangler Fig pattern Martin Fowler 2004 (vine grows around host tree replacing it; new service alongside legacy; gradual migrate; eventually retire; ~70% big-bang rewrites fail Joel Spolsky); 5-phase migration anatomy (Façade routing layer; Extract build new service + traffic subset; Verify shadow + canary; Cutover route 100%; Retire delete legacy); Phase 1 Façade pattern nginx config; Phase 2 Extract dual-write pattern Logística com transaction (better outbox cobre 04-02); Phase 3 Verify shadow + canary + diff testing GitHub Scientist; Phase 4 Cutover (big bang vs gradual via Argo Rollouts traffic split 10→25→50→100%); Phase 5 Retire (2-4 weeks wait period; code archaeology delete tests + remove from build; database read-only first deprecation eventually drop); ACL deep (cruza com 04-06 §2.18; new service NÃO inherit legacy schema warts; LegacyOrderAdapter fromLegacy/toLegacy bidirectional + mapStatus PEND→placed); database migration patterns (same DB separate schemas cheap; database per service full isolation cleaner; CDC sync Debezium → materialized view; logical replication subset); stack Logística timeline (Phase 1 Week 1-2 façade; Phase 2 Week 3-6 build + dual-write; Phase 3 Week 7-10 shadow + ACL fixes; Phase 4 Week 11-14 canary; Phase 5 Week 15-18 retire; total 4-5 meses zero-downtime); 10 anti-patterns observados.
edit framework/04-sistemas/04-05-api-design.md §2.27, HATEOAS + hypermedia + JSON:API spec — when hypermedia wins, when REST-Lite suffices — HATEOAS what it is (Roy Fielding REST level 4; client doesn't hardcode URLs; server returns relevant links per resource state; ~5% public APIs implement true HATEOAS 2026; OpenAPI covers most discoverability); Richardson Maturity Model (Level 0 single endpoint RPC; Level 1 resources nouns; Level 2 HTTP verbs + status codes; Level 3 HATEOAS; most APIs sit Level 2 REST-Lite pragmatic); JSON:API spec jsonapi.org 1.1 (standardized format; data envelope + included/relationships + links + meta + sparse fieldsets + sorting + pagination; Logística order example completo); practical hypermedia REST-Lite Stripe-style com expand parameter; HAL Hypertext Application Language (lightweight; _links + _embedded; Spring HATEOAS support); HTMX renaissance 2024+ (server returns HTML fragments; hx-* attributes partial updates; pattern Logística admin panel Hono HTML response cancel button hx-post; compelling for admin panels + CRUD-heavy; trade-off less suitable highly interactive UI); when HATEOAS / hypermedia wins (long-lived APIs many clients; server-driven UI; workflow APIs state machines; NÃO simple CRUD single client); pragmatic recommendation 2026 (default REST-Lite Level 2 + OpenAPI + Stripe-style expand; stretch JSON:API cross-team consistency; HATEOAS only workflow API or HTMX-driven UI; GraphQL prefer client-driven querying); stack Logística (public API REST-Lite + OpenAPI + expand; admin panel HTMX Hono HTML fragments; mobile semi-HATEOAS com actions field per order state machine; webhook events JSON:API-inspired envelope); 10 anti-patterns observados.

2026-05-01, Review wave 26 — deep systems II (Mongo aggregation advanced, K8s operators kubebuilder, Rust async + Zig, Kafka Streams + ksqlDB, PIX + Stripe Connect marketplace)

Vigésima-sexta onda do audit cross-stage. Foca em deep systems II — frentes Senior+ com código copy-paste-pronto, decision trees operacionais, numbers reais 2026 e anti-patterns observados em produção.

edit framework/02-plataforma/02-12-mongodb.md §2.19, aggregation pipeline advanced ($lookup, $graphLookup, $facet, time-series, $merge analytics) — pipeline mental model (stages sequence; $match first reduces input; index usage só em early stages; 100MB stage limit + allowDiskUse); $lookup deep (basic localField/foreignField + pipeline-form com $expr conditions; pegadinha index em foreignField mandatory pra evitar O(N×M) scan); $graphLookup recursive traversal (Logística courier referral chain maxDepth 3 + connectFromField/connectToField + index obrigatório); $facet multi-pipeline single query (Logística dashboard cards counts por status + top 5 couriers + revenue total em parallel; same input scanned once vs N separate queries 10x faster); time-series collections Mongo 7+ (createCollection com timeseries timeField/metaField/granularity + expireAfterSeconds auto-purge; storage savings 10-50x vs regular collection; limitations no UPDATE/DELETE per-document); $merge materialized views (Logística monthly_reports nightly cron com whenMatched/whenNotMatched UPSERT incremental; vs $out replace full collection); $expr complex conditional logic (pegadinha doesn't use indexes < 4.4); aggregation diagnostics ($explain executionStats + $hint + maxTimeMS + allowDiskUse); stack Logística (real-time dashboard $facet < 200ms + materialized views nightly cron + time-series 30x storage savings + $graphLookup fraud detection); 10 anti-patterns observados.
edit framework/03-producao/03-03-kubernetes.md §2.22, custom controllers + operators deep (kubebuilder, controller-runtime, CRD design) — operators vs Helm/Kustomize (operators continuous reconciliation loop + day-2 ops; use cases stateful workloads + complex multi-step + domain automation; CoreOS 2016 Operator Pattern); reconciliation loop fundamentals (Reconcile(req) idempotent + level-triggered NÃO edge-triggered + eventual consistency one step per Reconcile + requeue); CRD design (Spec desired + Status actual; OpenAPI v3 schema validation com types/ranges/enums/defaults; subresources /status e /scale separate RBAC); LogisticaTenant CRD example completo (tier free/pro/enterprise + region + replicas + status phase + conditions); kubebuilder + controller-runtime Go skeleton (kubebuilder init + create api scaffold + Reconcile function step-by-step Namespace + Deployment + Status update + RequeueAfter 30s); owner references + garbage collection (SetControllerReference cascade delete); watching dependencies (Owns vs Watches + predicates filter events); status conditions pattern Kubernetes API conventions (Available/Progressing/Degraded standard); operator distribution (OperatorHub.io + Helm chart + OLM + Direct YAML); LogisticaTenant operator applied (CRD + Reconcile creates Namespace + Deployment + Service + ConfigMap + RoleBinding; day-2 ops nightly backup + tier upgrade HPA + tenant deletion archive; 1000+ tenants same effort as 10); 10 anti-patterns observados.
edit framework/03-producao/03-11-systems-languages.md §2.19, Rust async runtimes deep (Tokio, async-std, smol) + Zig as systems alternative 2026 — Rust async fundamentals (Future trait lazy state machine + async fn desugars + .await suspends + no runtime built-in + Send + Sync constraints multi-thread runtime); Tokio production standard 2026 (multi-threaded work-stealing scheduler #[tokio::main] 1 thread per CPU + current_thread CLI; pillars spawn + select! + sync Mutex/RwLock/mpsc/oneshot/broadcast/watch); pattern Logística concurrent fetch + process com JoinSet + timeout + error handling (sustains 1M+ concurrent tasks per node sub-microsecond spawn); tokio::select! race + cancellation (branches not selected CANCELED futures dropped; ensure idempotent); Pin + Send + 'static common gotchas (Rc/RefCell across .await compile error; scope to before .await); async-std vs smol vs Tokio comparison (Tokio largest ecosystem Hyper/Axum/Reqwest/sqlx/redis-rs production proven; async-std maintenance mode 2024+; smol minimal CLI/embedded < 1MB binary); Axum Tokio-based web framework Logística orders endpoint completo (sustains 100k+ rps modest hardware p99 < 5ms); performance characteristics 2026 (sub-millisecond p99 + 1-5x faster Node.js Fastify + 2x faster Go Gin + ~5-10MB baseline + ~10ms cold start); Zig 0.13+ as systems alternative (C replacement; comptime compile-time code execution; no hidden control flow predictable; C interop trivial @cImport; cross-compilation excellent zig cc; use cases embedded + build tooling + Wasm targets; NÃO replaces Rust safety-critical no borrow checker); decision tree systems language 2026 (Rust long-running servers; Go pragmatic backend; Zig embedded + build tooling; C/C++ legacy only); 10 anti-patterns observados.
edit framework/04-sistemas/04-02-messaging.md §2.19, Kafka Streams + ksqlDB practical (windowing, joins, exactly-once, state stores) — when stream processing vs simple consumer (windowed counts + joins + enrichment + alerting; Logística real-time dashboard + fraud detection + enrichment + alerting); Kafka Streams architecture (library NOT separate cluster; topology DAG operations; state stores RocksDB-backed local key-value replicated via changelog topics; tasks parallelism unit auto-scale; EOS v2 exactly-once semantics processing.guarantee Kafka 2.5+); KStream vs KTable mental model (KStream append-only event stream; KTable changelog → current state per key; GlobalKTable replicated all instances pra small reference data); windowing fundamentals (tumbling fixed non-overlapping; hopping fixed overlapping; session gap-based; sliding custom); pattern Logística orders/min per tenant windowed count completo Java DSL; stream-stream joins windowed (Logística order placed + courier assigned within 5min com JoinWindows); stream-KTable joins always-on enrichment (orders × couriers profile); ksqlDB SQL on streams (CREATE STREAM event log vs CREATE TABLE compacted; tenant_revenue_per_hour com WINDOW TUMBLING; EMIT CHANGES push vs EMIT FINAL window closes; pull vs push queries); EOS v2 (transactional producer + consumer offset commit em mesma transaction; cost 5-10% throughput overhead + 20-50ms latency; pegadinha side effects fora Kafka NÃO exactly-once need idempotent consumer); stack Logística completo (source topics + Streams app Java + ksqlDB ad-hoc + output topics dashboard + alerts; cost ~$300/mês Kafka 3-node + $150/mês Streams 3 replicas K8s); 10 anti-patterns observados.
edit framework/02-plataforma/02-18-payments-billing.md §2.20, PIX integration deep + Stripe Connect marketplace + multi-party payments 2026 — PIX fundamentals 2026 (instant payment Bacen 2020+ < 10s settlement + 60%+ B2C 2025-2026; modalidades PIX Cobrança + PIX Saque/Troco + PIX Automático recurring 2024+ + PIX Garantido 2025+); PIX integration via PSP vs direct Bacen ($1M+ initial cost direct; PSPs 0.5-1.5% fee Stripe + Stark Bank + Mercado Pago + Asaas/Pagar.me); PIX Charge API pattern Stark Bank example completo (DynamicBrcode create + webhook handler ECDSA signature verification + tags reconciliation); PIX QR code rendering BR Code spec EMV-compatible (TXID reconciliation embedded order_id mandatory); Stripe Connect marketplace deep Logística (lojistas pay → Stripe → split → courier payout + Logística fee); account types Standard vs Express vs Custom (Express sweet spot ~80% marketplaces); Stripe Connect flow Logística completo (create Express account + accountLinks onboarding KYC + paymentIntents com application_fee_amount + transfer_data destination courier); marketplace compliance (KYC/KYB Stripe handles Express + AML PSP primary + tax reporting 1099/DARF + payout cadence T+1); reconciliation marketplace pattern (triple-entry ledger DB + Stripe + accounting; daily cron diff > 0.1% alert); stack Logística completo (Stripe + Stark Bank + Connect Express + 85/12/3 split; numbers 10k orders/dia × R$50 = R$500k/dia GMV); 10 anti-patterns observados.

2026-05-01, Review wave 25 — system craft (zero-downtime migrations, LLM-augmented search, BuildKit + multi-arch + distroless, database sharding strategies, PMF + retention metrics)

Vigésima-quinta onda do audit cross-stage. Foca em system craft — frentes Senior+ com código copy-paste-pronto, decision matrices operacionais, numbers reais 2026 e anti-patterns observados em produção.

edit framework/02-plataforma/02-10-orms.md §2.17, zero-downtime schema migrations — expand-migrate-contract pragmatic — three-step lifecycle (Phase 1 Expand add nullable + dual-write; Phase 2 Migrate backfill + switch reads; Phase 3 Contract remove old) com regra rollback safe at any phase; Postgres operations cheat sheet (lock impact por operation: ADD COLUMN NULL instant Postgres 11+; ALTER COLUMN TYPE rewrites long; DROP COLUMN logical instant; CREATE INDEX CONCURRENTLY non-blocking; ADD CONSTRAINT NOT VALID + VALIDATE non-blocking pattern); concrete patterns rename column + add NOT NULL safe + add foreign key safe; Drizzle migrations integration (schema-only migrations + data migration scripts fora); backfill chunking pattern com throttle replication lag pause; migration tooling 2026 (gh-ost MySQL; pt-online-schema-change Percona; pg_repack Postgres; Sqitch SQL-first; Atlas Ariga 2024+ declarative + auto-diff + production policies; Drizzle/Prisma/TypeORM framework-integrated mas need manual care); Logística applied complete migration (split orders.address → pickup_address + dropoff_address em 3 releases ~6 weeks zero downtime); 10 anti-patterns observados (ALTER COLUMN TYPE em large table; ADD COLUMN NOT NULL DEFAULT pre-PG11 rewrite; backfill single UPDATE 100M rows; RENAME COLUMN em release ativo; trigger-based dual-write overhead; backfill sem chunking + throttle).
edit framework/02-plataforma/02-15-search-engines.md §2.19, LLM-augmented search 2026 (semantic + keyword fusion, query understanding, conversational refinement) — why LLM-augmented (pure vector falha exact match + rare entities; pure keyword BM25 falha synonyms + conceptual; hybrid + LLM bridges 5-10%); query understanding pipeline LLM as parser (Logística "pedidos atrasados acima de R$200 nos últimos 7 dias" → Zod schema structured filters + sort com gpt-4o-mini + cache hash 1h TTL; latency 200-500ms); hybrid retrieval + LLM rerank (top-50 hybrid → Cohere Rerank v3.5 top-10 → optional RAG summary; numbers 70% relevance hybrid alone vs 85% +rerank vs 92% +query understanding); query expansion LLM (variants + RRF merge; pegadinha NÃO em strict-match SKU domains); conversational search multi-turn refinement com state previous query + filters; implementation stack 2026 (vector DB pgvector/Qdrant/Weaviate/Pinecone/Milvus; embedding OpenAI text-embedding-3-small $0.02/1M / Cohere embed-v3 / bge-m3 multilingual / Voyage 3 SOTA; rerank Cohere v3.5 / bge-reranker / cross-encoder; LLM gpt-4o-mini / Claude Haiku 4.5 / Llama 3.3 70B vLLM); caching strategy critical (query understanding hash 1h; embedding 7d; result 5min; conversation 1h; Logística 80% queries repetições → cache hit ~70%; cost reduction 5-10x); eval discipline (golden dataset 200-500; metrics filter accuracy + Recall@10 + NDCG@10 + LLM-as-judge; CI gate regression > 2% block); stack Logística completo (50k queries/dia × ~$100/mês com 70% cache hit); 10 anti-patterns observados.
edit framework/03-producao/03-02-docker.md §2.21, BuildKit cache mounts + multi-arch builds + distroless images deep — BuildKit fundamentals 2026 (default Docker 23+; concurrent stage execution + cache mounts + secret mounts + SSH agent forwarding; # syntax=docker/dockerfile:1.7+ directive); cache mounts deep (RUN --mount=type=cache,target=... persistent between builds NÃO em image layer; pattern Node.js npm cache /root/.npm + Go cache /go/pkg/mod + /root/.cache/go-build; cache id sharing entre Dockerfiles; build subsequente ~30s vs ~3min cold); bind mounts build-time read-only files; multi-stage builds optimized stages paralelos; multi-arch builds linux/amd64 + linux/arm64 (Apple Silicon devs + AWS Graviton/Ampere prod 20-40% cheaper; QEMU emulation slow 5-10x; Depot.dev cloud builders native ARM 5min full build; cross-compile via Go --platform=$BUILDPLATFORM faster); distroless images deep (gcr.io/distroless/* minimal NO shell + NO package manager; variants static/base/cc/java/python3/nodejs + :nonroot/:debug; sizes static ~2MB / nodejs22-debian12 ~150MB; security wins no shell post-RCE + reduced CVE surface Trivy scan ~5 vs Alpine ~20 vs Ubuntu 100+); Chainguard Images (Wolfi-based glibc-compat; daily zero-CVE rebuilds; signed cosign + provenance/SBOM included); SBOM + provenance attestations (docker buildx build --sbom=true --provenance=true + cosign verify-attestation SLSA); stack Logística (4-stage Dockerfile + cache mounts + distroless nodejs22 nonroot ~150MB + Depot.dev multi-arch + Railway linux/arm64 Ampere 30% cheaper + cosign sign + Trivy CI gate; build ~3min cold → ~30s warm); 10 anti-patterns observados.
edit framework/04-sistemas/04-09-scaling.md §2.21, database sharding strategies (range, hash, directory; Vitess, Citus, CockroachDB comparison) — when sharding (vertical scaling cap ~$50k/mo db.r7g.16xlarge 512GB/64 vCPU; read replicas solve reads NÃO writes; threshold pragmático 2026 shard quando primary > 5TB OR writes > 50k qps sustained); three strategies (range pros range queries cons hot shards; hash pros uniform cons range queries scatter; directory pros flexible rebalancing cons lookup overhead); sharding key critical decision (wrong = 99% queries hit single shard; right = uniform distribute OR colocate related data; Logística example by tenant_id pros multi-tenant isolation cons large tenants hot); Vitess + PlanetScale architecture (CNCF graduated; VTGate query router + VTTablet per-shard MySQL proxy + VSchema declarative vindex; resharding online MoveTables zero-downtime; PlanetScale managed branching Git-like + scale 1B+ rows; users Square/GitHub/Etsy); Citus Postgres extension architecture (coordinator + workers; create_distributed_table('orders', 'tenant_id'); reference tables replicated all workers; rebalance_table_shards online via logical replication; Azure Cosmos DB for Postgres = managed Citus; users Heap/Adjust); CockroachDB / TiDB / YugabyteDB NewSQL (Postgres-compatible auto-sharding raft consensus strict serializable; 30-50% slower OLTP cost premium $$$$; multi-region strong consistency); custom application-level sharding (Drizzle SHARDS map + shardForTenant hash; cross-shard JOIN slow; reshard manual months); decision matrix com costs 2026; Logística v1 single Postgres 5TB cap → v2 read replicas → v3 Citus shard tenant_id 4 shards → v4 multi-region; 10 anti-patterns observados.
edit framework/04-sistemas/04-16-product-business-economics.md §2.20, Product-Market Fit measurement + retention metrics + activation funnels — PMF definitions (Marc Andreessen 1.0 vague; Sean Ellis test "How would you feel if you could no longer use product?" PMF > 40% Very disappointed; Rahul Vohra Superhuman Engine segment by answer ICP+benefits+barriers; quantitative PMF retention curves flatten + organic growth + category leadership); Sean Ellis test implementation SQL após 3+ uses qualified threshold + sample 100+ pra signal estatístico + quarterly cadence; retention metrics Day-N curves (D1/D7/D30/D90; cohort retention curves; pattern interpretation flatten = PMF, decay zero = leaky bucket, smile curve rare); B2B SaaS benchmarks 2026 (excellent D30 > 80% / D90 > 60%; good D30 60-80% / D90 40-60%; marginal 30-60%; bad < 30%); B2C consumer (excellent D30 > 30% / D90 > 15%); cohort retention SQL Postgres completo copy-paste com cohorts + activity + sizes JOIN; activation funnel discover "Aha moment" (action correlated com long-term retention; Logística aha lojista que cria 5+ pedidos no first week + integra Stripe → 85% D90 vs 8% só signup; Slack 2000 messages org-level; Dropbox 1 file + 1 device); A/B test reduzindo onboarding friction (12 steps → 5 steps activation 35% → 58%); MAU/DAU + DAU/MAU ratio (consumer addiction-tier > 50%; excellent SaaS 30-50%; B2B good 15-30%; "active" must be qualified action NÃO login); Net Revenue Retention NRR B2B critical (formula start ARR + expansion - downgrade - churn; world-class > 130% Snowflake/Datadog; excellent 110-130%; bad < 90%); programa Logística (Sean Ellis quarterly survey in-app + cohort dashboard Grafana + Aha discovery top 100 retained vs churned + activation goal 5 orders week 1 currently 32% goal 50% + NRR monthly tracking); tools 2026 (Posthog OSS + Amplitude + Mixpanel + Heap + June.so B2B + custom Postgres + Grafana); 10 anti-patterns observados.

2026-05-01, Review wave 24 — database, performance, leadership (Postgres replication + partitioning, Speculation Rules + INP 2026, incident command + postmortem, hexagonal vs clean vs onion, EM vs IC track Staff+ ladder)

Vigésima-quarta onda do audit cross-stage. Foca em database/performance/leadership — frentes Senior+ com código copy-paste-pronto, decision matrices, frameworks operacionais e anti-patterns.

edit framework/02-plataforma/02-09-postgres-deep.md §2.21, logical replication + table partitioning + read replicas production deep — physical vs logical replication trade-off (Postgres 17 stable; row-level via decoded WAL com publication/subscription; selective tables; cross-version + cross-architecture; DDL não replicada limitation); use cases logical replication (multi-region read replicas; major version upgrade sem downtime; lakehouse sync source; multi-tenant per-tenant DB); native partitioning deep (RANGE time-series; LIST categorical tenant_id; HASH uniform distribution; sub-partitioning); range partitioning Logística tracking_pings por mês com pg_partman 5+ auto-create + retention; detach + drop pattern com CONCURRENTLY (Postgres 14+); hash partitioning 16 partitions sweet spot pra 1k-100k inserts/sec; read replicas + connection routing (hot standby; PgBouncer transaction-mode + pool_size 50; PgCat Rust + Supavisor Elixir 2026 alternatives; Drizzle/Prisma replicaUrl config); read-after-write consistency com replication lag handling; vacuum strategy com partitions (autovacuum_vacuum_scale_factor 0.02 active partition; FREEZE em old partitions read-only); stack Logística completo (Railway Postgres 17 master + 1 replica per region + tracking_pings RANGE + events HASH + audit_log RANGE + pg_partman retention); 10 anti-patterns observados.
edit framework/03-producao/03-09-frontend-performance.md §2.20, Speculation Rules API + INP optimization 2026 + Long Animation Frames — Speculation Rules API Baseline Chrome 2024+ substituindo <link rel="prerender"> deprecated com JSON declarativo (prerender + prefetch com eagerness levels immediate/eager/moderate/conservative; where matchers href_matches + selector_matches; document.prerendering flag pra evitar analytics duplicado via prerenderingchange listener); Logística applied hover orders list → moderate prerender /orders/:id (95% prerendered hits → INP p75 ~50ms vs ~200ms cold); INP substituiu FID since 2024-03 (worst interaction latency em session; <= 200ms good; <= 500ms needs improvement; > 500ms poor CrUX p75); INP optimization playbook (scheduler.yield() Baseline 2024+ pra yield event loop; scheduler.postTask() priority hints user-blocking/visible/background; requestIdleCallback legacy; useTransition React 18+ marca non-urgent; pre-compute durante idle; debounce/throttle handlers); Long Animation Frames API LoAF Baseline 2024+ (substitui Long Tasks; mede frames > 50ms + breakdown script/style/layout/paint/render-blocking + attribution scripts: [{ name, sourceLocation, duration }]); pattern PerformanceObserver collect → Grafana dashboard top scripts blocking; tree-shaking + code-splitting 2026 (route-based + dynamic import modals + bundle analyzer + selective re-export date-fns/format); critical CSS + font loading 2026 (font-display: swap vs optional; preload critical fonts; variable fonts 30-40KB savings; self-host Cloudflare > Google Fonts privacy + perf); 10 anti-patterns observados.
edit framework/03-producao/03-15-incident-response.md §2.19, incident command structure + blameless postmortem template + RCA techniques — Incident Command System adapted (IC owns coordination + decisions + comms NÃO debugs; Operations Lead hands-on remediation; Comms Lead external + internal; Scribe timeline real-time critical pra postmortem; SME pulled in pra system-specific knowledge; SEV1 minimum 1 IC + 1 Ops + 1 Comms; SEV2 = 1 IC + 1 Ops); SEV0-SEV4 levels com customer impact + response time + Logística examples; incident lifecycle (Detect → Acknowledge → Triage → Mitigate ≠ Resolve → Postmortem within 5 business days → Action items tracked); real-time response checklist IC playbook (open channel inc-YYYY-MM-DD; status page < 5min; pin top message; comms cadence 30min); blameless postmortem template completo copy-paste (Summary + Timeline UTC + Impact + RCA NÃO "human error" + What went well + What went poorly + Action Items priority/owner/due/tracked); RCA techniques (5 Whys Toyota linear single-chain; Fishbone Ishikawa 6 categorias visual; Fault tree top-down distributed; Causal Loop Diagrams feedback loops); blameless culture practices (no human error; Just Culture Sidney Dekker honest mistakes vs gross negligence vs sabotage; reward incident reporting; no name-and-shame use roles); postmortem rituals (5 business days schedule; 30-60min meeting; company-wide distribution; monthly action items review); programa Logística 2026 (PagerDuty rotation + SEV docs runbook + auto-create channel + Statuspage + postmortems/ repo + Linear action items); 10 anti-patterns observados.
edit framework/04-sistemas/04-07-architectures.md §2.19, hexagonal vs clean vs onion architecture comparison — three philosophies (Hexagonal Cockburn 2005 ports + adapters symmetric; Onion Palermo 2008 concentric circles dependencies inward; Clean Martin 2012 refinement combining DDD + Hexagonal + Onion com Use Cases central layer); all share Dependency Inversion Principle; Hexagonal anatomy completa (Domain pure + Primary ports driving + Secondary ports driven + Adapters swappable) com exemplo TypeScript Logística OrderApplicationService + PostgresOrderRepository + REST controller; Onion anatomy (Center Domain Model + Domain Services + Application Services + Infrastructure outermost); Clean Architecture anatomy (Entities + Use Cases + Interface Adapters + Frameworks & Drivers; Boundary classes cross layers); comparison matrix (year, layers, symmetry, use case explicit, best for, verbosity, test ease); when each wins (Hexagonal apps com many integrations + easy swap; Onion domain-heavy + few integrations; Clean large team + explicit use case boundaries); common pitfalls (anemic domain model derrota purpose; over-abstraction em CRUD; domain importing infrastructure cycle; thin Use Case wrappers; ports per CRUD operation explosão); pragmatic application Logística (MVP Modular Monolith + Hexagonal lite skip Use Case until needed; Growth adicionar Use Case classes em modules complex; Scale extract bounded contexts em services); testing implications (Domain pure unit fast; Application unit mocked ports; Infrastructure integration Testcontainers; Interface E2E Playwright; Logística numbers 2000+ unit < 30s; 200+ integration < 2min; 50 E2E < 5min); 10 anti-patterns observados.
edit framework/04-sistemas/04-12-tech-leadership.md §2.23, Engineering Manager vs IC track Staff+ ladder archetypes decision criteria — two tracks distinct skills (EM track people management 1:1s + performance + hiring + project mgmt; IC track post-Senior technical leadership without direct reports + architecture + mentorship via influence + cross-team coordination; both ladders pay parity em companies sérias); Tanya Reilly "The Staff Engineer's Path" 4 archetypes (Tech Lead leads team/project hands-on; Architect cross-team technical direction less hands-on; Solver tackles ambiguous high-impact; Right Hand alongside senior leader multiplier); Staff Engineer responsibilities cross-archetype (technical strategy 6-18 months + big rocks decisions + cross-team coordination + mentorship at scale via artifacts + glue work Reilly's term critical mas under-rewarded); Principal/Distinguished/Fellow next levels (Principal company-wide impact 1-3 per 500-eng; Distinguished industry-level impact via papers/OSS/talks 1 per 1000-eng); Engineering Manager M1-M4+ ladder responsibilities; decision framework Senior at crossroads (energy gain test; calendar test; skill leverage 90th percentile coder vs listener/writer/decision-maker; optionality Manager → IC harder than IC → Manager 12-24 months tech atrophy); transitions and pitfalls (Senior → EM micromanaging; Senior → Staff IC staying hands-on; EM → IC manager hiatus deliberate practice; Staff → Principal must demonstrate cross-org); levels.fyi reality check 2026 (Senior $300-400k; Staff $450-650k; Principal $650-1M; Distinguished $1M+; varies 30-50% by region/sector); Logística applied career planning conversation Staff promotion 6-9 months; 10 anti-patterns observados (promotion sem opt-in; glue work invisible em promo packets; compensation parity not real causa IC drain; "going to IC" framed as demotion).

Vigésima-terceira onda do audit cross-stage. Foca em applied engineering — frentes Senior+ com código copy-paste-pronto, numbers reais 2026 e anti-patterns de produção.

edit framework/03-producao/03-16-estimation-planning.md §2.19, Monte Carlo forecasting + flow metrics + #NoEstimates math — Monte Carlo > story points (probabilística, traduz a datas reais "85% confidence shipping 30 items em 8 weeks"); flow metrics Daniel Vacanti (throughput, cycle time, lead time, WIP, Little's Law, aging WIP); Monte Carlo implementations Python + TypeScript copy-paste-ready com both directions (when ship N items? OR how many items by date?); CFD diagramming pra bottleneck signal; #NoEstimates math (variance throughput ~ comparable to SP-weighted; just count em well-broken-down backlog); Logística applied quarterly planning (Q4 47 items + throughput last 12 weeks → forecast {p50: 7w, p85: 8w, p95: 10w}); pegadinhas (change point, outliers, items sizing, deadline planning); tools 2026 (Actionable Agile $25/user/mo, Linear pro $14, custom + Grafana); 10 anti-patterns observados.
edit framework/03-producao/03-18-cognitive-accessibility.md §2.21, readability automation + dyslexia/ADHD/autism design + cognitive performance metrics — WCAG 2.2 cognitive coverage gap (9 success criteria adicionados; WebAIM Million 2024 95.9% sites têm WCAG failures; cognitive deeper); WCAG 3.0 draft 2024+ scoring substituindo pass/fail; readability metrics (Flesch Reading Ease 0-100; FRE 70+ target UI Logística; FRE 60+ docs técnicas; pt-BR adaptado Martins 1996; libs textstat Python + text-readability JS); CI automation (Vale linter + textstat pytest assertions + Hemingway CLI + alex.js inclusive); dyslexia design patterns (fonts Atkinson Hyperlegible/OpenDyslexic/Lexend; line height 1.5+; letter-spacing 0.12em+; contrast 7:1+; cream background); ADHD design (1 primary action; progress indicators; auto-save IndexedDB; remove time pressure WCAG 2.2 SC 2.2.6); autism design (predictability, literal language, no abstract metaphors, sensory considerations, clear errors); cognitive load metrics product instrumentation (TTC + error rate per form + abandonment funnel + help/docs usage); media queries prefers-reduced-motion/-data/-contrast; stack Logística com Vale CI + Atkinson default + modo leitura toggle + multi-step auto-save + cognitive metrics dashboard; 10 anti-patterns observados.
edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.18, lakehouse 2026 deep (Iceberg vs Delta vs Hudi, CDC pipelines, time travel + branching) — lakehouse status 2026 (Apache Iceberg dominou enterprise após Snowflake/Databricks/AWS/Google/MS/Cloudflare R2 nativos; Delta UniForm 2024+ Iceberg compat; Hudi niche CDC-heavy; AWS S3 Tables re:Invent 2024 Iceberg-native ~3x faster; Cloudflare R2 Iceberg 2025+ zero egress); decision matrix Iceberg vs Delta vs Hudi (engine support, schema evolution, time travel, branching, streaming, compaction, OSS health); Iceberg architecture (Catalog REST recommended + metadata file JSON + manifest list + manifest file + Parquet data files; atomic commit via new metadata pointer); CDC pipeline pattern Postgres → Iceberg (Debezium → Kafka → Flink/Spark Structured Streaming OR PeerDB direct sem Kafka OR Estuary Flow managed); MERGE INTO upserts em Iceberg copy-paste; time travel + branching Iceberg 1.4+ (snapshot timestamp/version + tags release-stable + branches experimental + FAST FORWARD merge); WAP pattern (Write-Audit-Publish branch staging + audit queries + publish via FAST FORWARD); schema evolution patterns; compaction + maintenance (rewrite_data_files + expire_snapshots + remove_orphan_files via Airflow nightly/weekly); stack Logística completo PeerDB → Iceberg S3 (~30s latency) + REST catalog Apache Polaris OSS 2024+ + Trino ad-hoc + ClickHouse dashboards 24.x+ Iceberg engine + ~$300/mo total stack; 10 anti-patterns observados.
edit framework/02-plataforma/02-05-nextjs.md §2.22, parallel routes + intercepting routes + advanced middleware patterns — parallel routes @slot convention pra render multiple pages simultaneously em mesma layout (dashboard @analytics + @team + @notifications) com default.tsx mandatory em sub-routes; independent loading + error boundaries per slot streaming independente; conditional slot rendering baseado em session/role; intercepting routes (.)/(..)/(...) pra override route navigation render route X em context atual (modal pattern); pattern Logística order detail modal (/orders/[id] modal sobre lista; refresh = full page deep linking; file structure com @modal/(.)/[id]/page.tsx); advanced middleware patterns (Edge Runtime by default subset Node API; matcher config; multi-tenant resolver Logística completo com subdomain tenant + locale negotiation @formatjs/intl-localematcher + auth gate + tenant header injection); middleware limitations 2026 (Edge constraints no Node APIs/native modules; bundle size 1MB Vercel/4MB Cloudflare; latency cap < 50ms; waitUntil API pra fire-and-forget); Server Actions advanced patterns (form action progressive enhancement sem JS; useActionState React 19 cobre wave 21; revalidatePath/revalidateTag granular; encrypted action IDs Next.js 14+); stack Logística completo (parallel routes dashboard streaming + intercepting modal order detail + middleware tenant/locale/auth + Server Actions com Zod + revalidateTag); 10 anti-patterns observados.
edit framework/02-plataforma/02-13-auth.md §2.20, Passkeys (WebAuthn) production deep — registration, authentication, account recovery — why passkeys over passwords + SMS OTP (phishing-resistant cryptographic origin binding; no shared secret; SMS imune SIM swap/SS7; UX Touch ID/Face ID/Windows Hello; adoption 2026 Apple/Google/MS sync via iCloud Keychain/Password Manager/Hello cross-device + caBLE QR cross-platform); spec hierarchy (WebAuthn Level 3 W3C Mar 2024 + CTAP 2.2 + FIDO2 = WebAuthn + CTAP + Passkey synced credential subtype); registration flow server-side TS com SimpleWebAuthn 11+ (generateRegistrationOptions + Touch ID prompt browser + verifyRegistrationResponse) + client startRegistration; authentication flow login (generateAuthenticationOptions + startAuthentication + verifyAuthenticationResponse + counter increment + session cookie); conditional UI (Autofill UI moderna com autocomplete="username webauthn" + isConditionalMediationAvailable browser shows passkey suggestion direto autofill); account recovery patterns (lost device com no synced passkey: backup email magic link + recovery codes 8-10 single-use + KYC re-verification + multi-passkey enrollment 2-3 devices recommended; cross-device caBLE QR Bluetooth); multi-passkey management UI; migration strategy from password + SMS (phase 1 opt-in + phase 2 prompt enrollment + phase 3 primary fallback + phase 4 passwordless mandatory; adoption rates 50-70% B2C / 30-50% B2B em 12 meses); stack Logística (lojista web Next.js + courier RN react-native-passkey + 2 mandatory passkeys signup + 8 recovery codes + audit log device fingerprint; goal 80% adoption em 6 meses); 10 anti-patterns observados.

Vigésima-segunda onda do audit cross-stage. Foca em craft rigor — frentes operacionais Senior+ com código copy-paste-pronto, numbers reais 2026, decision matrices e anti-patterns observados.

edit framework/02-plataforma/02-19-internationalization.md §2.19, ICU MessageFormat + RTL + locale negotiation production deep — ICU MessageFormat (Unicode CLDR 44) substituindo naive interpolation com grammatical rules built-in (plural one/two/few/many/other; gender; nested select); plural categories per locale (pt 2 categories, ru 4, ar 6, ja/zh/ko 1, pl 4) com Intl.PluralRules('locale').select(n) em test; RTL deep com CSS Logical Properties Baseline 2024 (padding-inline-start, margin-inline-end), <bdi> isolando user content em mixed-direction, Tailwind v4 dir-* variants, mirror seletivo (icons direcionais yes; logos/photos/code no); locale negotiation RFC 4647 lookup algorithm + URL-based vs cookie-based + per-user preference override + CDN Vary: Accept-Language cardinality explosion mitigation via Worker normalization; Intl APIs Baseline (DateTimeFormat/NumberFormat/RelativeTimeFormat/ListFormat) + Temporal proposal Stage 3 estável 2026 mid; timezone-aware pegadinhas (TIMESTAMPTZ Postgres + IANA TZ names; Brazil DST aboliu 2019); stack Logística (pt-BR primary + es-419 + en + next-intl + URL strategy /pt-BR/orders/:id; BRL primário com tenant cross-border config); 10 anti-patterns observados.
edit framework/04-sistemas/04-06-domain-driven-design.md §2.18, bounded contexts identification + Event Storming workshop deep — heuristics pra identificar BC borders (linguistic shifts, team boundaries Conway's Law, lifecycle differences, stakeholder alignment, data ownership), Context Map types canônicos Eric Evans (Partnership, Shared Kernel, Customer-Supplier, Conformist, ACL, Open Host Service, Published Language, Separate Ways, Big Ball of Mud), Event Storming Brandolini ~2013 com 3 níveis (Big Picture 1-2 dias; Process Modelling 4-8h; Software Design multi-week) + materiais (post-its laranja events past tense; roxo policies; amarelo actors; azul commands; rosa hot spots; verde read models) + workshop steps (chaotic exploration → enforce timeline → hot spots → pivotal events → walking the timeline → identify BCs ~5-9 em domínio médio) + facilitation rules (mix participants 1-2 senior dev + PM + business + ops + designer; standing only; time-box rigorous; photo-document; NÃO codar durante), Logística applied 6 BCs identificados (Catalog, Orders, Routing, Tracking, Billing, Identity) + pivotal events OrderPlaced/CourierAssigned/Delivered + Context Map (Orders↔ACL→Catalog; Orders↔Customer/Supplier→Routing; Orders↔Open Host events→Billing; Tracking↔Conformist→Orders) + aggregate borders (Order per pickup-delivery cycle, Courier, Subscription per tenant), refactoring legacy → DDD via Strangler Fig + module-before-split + database-per-context (timeline real 6-12 meses não semanas), 10 anti-patterns observados.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.28, resilience patterns deep tuning (timeouts, retries, hedging, fallbacks com production numbers) — timeout discipline (deadline propagation header X-Request-Deadline cada hop subtrai network buffer; tiered timeouts 1.5x server-side = 2x DB; per-call NÃO per-retry; numbers reais HTTP API 1-3s p99, Postgres 100-500ms, Redis 50-100ms, external API 5-10s, LLM 15-60s long-tail), retry strategy (idempotency PREREQUISITE; only retryable 5xx + network timeout; exponential backoff + jitter min(maxMs, base * 2^attempt) * (0.5 + random*0.5); decorrelated jitter AWS pattern random(base, prev*3); retry budget 10% baseline RPS preventing storm), hedging requests cruza com adaptive hedging wave 11 (cópia request a SECOND replica APÓS p99 expira; primeiro response wins; saving p99 → ~p95 effective; cost ~5% extra; NÃO hedge writes/expensive ops; AbortController implementation TS), circuit breaker production state machine (Closed/Open/Half-Open com 50% threshold em 20+ requests window NÃO 2; cooldown 30-60s; half-open 1-3 probes; per-endpoint NOT per-service; lib opossum 8+ Node), fallback hierarchy (Primary → Cached Redis → Default degraded UX → Error last resort; cached aceitável 90% reads NEVER writes), bulkhead concrete (connection pools per dependency Postgres 100/Redis 200/external 20; thread pool isolation JVM/CLR; K8s separate Deployment per consumer), load shedding (adaptive concurrency Netflix; priority-based shedding free tier first; CPU% inadequate signal → use queue-depth/in-flight-requests), stack Logística completo (Mapbox circuit breaker + cached fallback + retry; Stripe idempotency-key + decorrelated jitter NO hedging; Postgres pool 50 + statement_timeout 5s; Redis 100ms timeout + pipeline; deadline propagation client 5s → BFF 4.5s → orders-api 4s → Postgres 3s → external 1s), 10 anti-patterns observados.
edit framework/03-producao/03-17-accessibility-testing.md §2.21, a11y testing automation pipeline (axe + Playwright + Storybook + manual screen reader workflow) — automated catches ~30-57% WCAG 2.2 (axe-core + Lighthouse); manual SR + keyboard cobre rest (focus management, semantic correctness, cognitive coherence); strategy automate catchable + manual gates critical journeys + user testing PWD trimestral; axe-core + Playwright integration (@axe-core/playwright AxeBuilder com tags wcag2a/aa/2.1/2.2; ~5-10ms per page CI; signal/noise alta; page-state testing snapshot-only must run cada important state); Storybook a11y addon @storybook/addon-a11y rodando axe em background panel + test-runner --runner playwright em CI testando cada story; Lighthouse CI a11y score gating (@lhci/cli config categories:accessibility minScore 0.95 block merge regression); manual screen reader workflow mandatory critical journeys (NVDA + Firefox Windows free primary target; JAWS + Chrome enterprise; VoiceOver + Safari Apple; TalkBack + Chrome Android) + workflow Logística "criar pedido" 4 passos (Tab através form anuncia label/hint/error; submit announce role+state; success aria-live without focus moving; modal focus return ao trigger); keyboard-only navigation (focus visible :focus-visible; skip links primeiro tab stop; modal trap Tab cycla + Esc fecha); color contrast automation axe rule 4.5:1 normal AA / 3:1 large; CI pipeline Logística completo (PR gate axe Playwright em 5 critical journeys + Storybook stories + Lighthouse 95; pre-release manual SR + user testing PWD; production a11y@logistica.example.com + audit 3rd party $5-15k/ano), 10 anti-patterns observados.
edit framework/03-producao/03-13-time-series-analytical-dbs.md §2.19, time-series storage decision matrix 2026 (Prometheus, VictoriaMetrics, Mimir, ClickHouse, TimescaleDB) — workload categorization (operational metrics RED+USE 1k-100k series; application analytics 1M+ series; IoT high write rate; APM traces high cardinality; logs schemaless), decision matrix com cost @ 1M series 1mo retention (Prometheus vanilla OSS ~16GB RAM/$50/mo até 500k series; Thanos +25% Prom cost long-retention S3; Mimir Grafana OSS multi-tenant 1M-1B series; VictoriaMetrics drop-in 5-10x storage efficiency 30% Prom cost; InfluxDB 3.0 Lakehouse Iceberg + Apache Arrow Cloud $0.25/GB; TimescaleDB Postgres extension JOIN relational; ClickHouse high cardinality ad-hoc $0.05/GB/mo S3-backed; DataDog $5/host + $0.20/MM custom $$$), cardinality #1 cost driver (1M series ~16GB RAM Prom; 100M ~16TB; 1B impractical self-host) com mitigation (path template /orders/:id not /orders/123; aggregate by tenant_id NOT user_id; histograms NOT raw observations), VictoriaMetrics deep (single binary 32GB serves 5M series; PromQL + MetricsQL extensions; migration zero-friction com remoteWrite), Mimir deep (distributor → ingester → querier → store-gateway; multi-tenant X-Scope-OrgID; compactor downsamples 5min after 1d / 1h after 1w; 5-15 services overhead vale apenas > 10M series), ClickHouse application analytics + TimescaleDB JOIN relational + InfluxDB 3.0 tagless cardinality decision per workload, long-retention strategy (tiered storage hot/warm/cold + downsampling 5min/1h/1d save 99% storage), stack Logística completo ($300/mês total observability self-hosted vs $3k/mês Datadog equivalente), 10 anti-patterns observados.

2026-05-01, Review wave 21 — frontier skills (Web3 reality 2026, React 19 Forms/Actions, deployment strategies progressive delivery, OWASP 2025 + CSP + JWT, RAG architectures + eval)

Vigésima-primeira onda do audit cross-stage. Foca em frontier skills — frentes onde Senior+ precisa diferenciar hype de production-ready, com código copy-paste-pronto, numbers reais 2026 e anti-patterns observados.

edit framework/04-sistemas/04-11-web3.md §2.20, Web3 reality check 2026 (smart contract auditing, gas optimization, account abstraction ERC-4337) — TVL DeFi recovered $80-120B (vs 2021 peak $180B), 5-10M daily wallets vs 100M+ web2 logins, real adoption stablecoins ($150B USDC/USDT supply) + tokenized treasuries + FX corridors, smart contract auditing process (Foundry forge test --gas-report + Slither + Mythril + Echidna; tier list Trail of Bits/OpenZeppelin/ConsenSys + competitive Code4rena/Sherlock $50-500k pool); audit checklist (reentrancy, integer over/underflow Solidity 0.8+ checked default, access control, oracle manipulation, front-running MEV, upgrade pattern, storage collision em proxies); attack vectors 2024-2026 com cifras reais (Ronin $625M, Wormhole $325M, Multichain $210M; Compound flash-loan governance 2022); gas optimization patterns (storage SSTORE 22.1k gas zero→non-zero, struct packing, external > public, unchecked blocks, custom errors, bitmaps; ~30-50% gas savings); L2 reality 2026 (Optimistic rollups 7-day challenge; ZK rollups instant finality; Base $2B TVL; cost $0.05-1 vs $5-50 mainnet); Account Abstraction ERC-4337 production deep (UserOperation + Bundler + EntryPoint + Smart Account + Paymaster; gas sponsorship + session keys + social recovery + batch ops; Stackup/Pimlico/Alchemy/Biconomy bundler infra + Safe/Kernel/Privy smart account libs); honest comparison Web2 alternativas (DID + verifiable credentials NÃO precisam blockchain; audit trail = append-only + Merkle + RFC 3161 timestamping 1000x cheaper; cross-border = Wise/Revolut resolve 95%); verdict Logística (NÃO blockchain MVP; considerar V3+ apenas cross-border settlement); 8 anti-patterns observados.
edit framework/02-plataforma/02-04-react-deep.md §2.13, React 19 Forms + Actions + concurrent rendering deep — React 19 stable Maio 2025+ (<form action={fn}> accept function directly + auto-pending + auto-reset + ErrorBoundary integration substituindo ~80% form library use cases), useActionState hook (formerly useFormState) com signature [state, dispatch, isPending] = useActionState(action, initial) + pattern Logística order create form com Zod safeParse + revalidatePath + error handling, useFormStatus form-scoped pending sem prop drilling (deve ser CHILD do form), useOptimistic deep com pattern Logística "marcar entregue" (apply optimistic + action + auto-revert em throw), useTransition concurrent rendering pattern (urgent input feedback vs non-urgent list re-render via startTransition + isPending spinner; useSyncExternalStore pra Zustand/Jotai tearing prevention), Suspense boundaries production (1 boundary por unit independente; nested boundaries dashboard Metrics + OrdersList streaming paralelo), ErrorBoundary integration (catch sync + actions + async unexpected; useActionState pra errors esperados), useDeferredValue vs useTransition decision (controle imperative vs marcar value), stack Logística completo (Server Action + Zod + revalidatePath; useOptimistic + auto-revert; useTransition search filter; nested Suspense), 10 anti-patterns observados.
edit framework/03-producao/03-04-cicd.md §2.20, deployment strategies (blue/green, canary, progressive delivery, feature flags) — strategy decision matrix (recreate dev only; rolling K8s default; blue/green 2x infra zero-downtime; canary +20% infra observable metrics; progressive +20% automated gate; shadow 2x no traffic), rolling K8s tuning (maxSurge + maxUnavailable: 0 em prod + readinessProbe reading actual app state), blue/green pattern com Service selector swap + DB migration challenge (backward-compat schema MANDATORY; expand-migrate-contract), canary com Argo Rollouts YAML completo (setWeight 10/25/50/100 + pause + analysis templates Prometheus), Flagger alternativa, Service Mesh integration (Istio VirtualService weights + Linkerd traffic split), AnalysisTemplate queries pra success rate + latency p99 + error budget burn, progressive delivery auto-promote/auto-rollback baseado em SLI metrics + tooling 2026 (Argo Rollouts + Prometheus + Flagger + Spinnaker legacy), shadow/dark launch via Istio mirror pra perf testing real load sem user impact, feature flags em produção (decoupling deploy de release; tooling LaunchDarkly $20/seat + Unleash OSS + Statsig + OpenFeature vendor-neutral + PostHog; server-side eval pra business logic; Logística rollout per tenant), database migrations (expand-migrate-contract pattern; gh-ost MySQL + pg_repack Postgres + native PG 12+ ALTER TABLE optimizations), stack Logística completo (Argo Rollouts 10%→100% com 10min pause + analysis gate + auto-rollback error rate > 2% sustain 2min OR latency p99 > 600ms; Statsig flags per cohort), 10 anti-patterns observados.
edit framework/03-producao/03-08-applied-security.md §2.21, OWASP Top 10 2025 applied + CSP modern + CSRF + JWT pitfalls — OWASP Top 10 2025 mapeado a Logística (A01 Broken Access Control #1 since 2017 com RLS multi-tenant + integration test cross-tenant; A02 Cryptographic Failures TLS 1.3 + Argon2id 2025 rec > bcrypt; A03 Injection inclui Prompt injection LLM; A04 Insecure Design rate limit + tenant isolation; A05-A10), CSP modern 2026 com strict-dynamic + nonces substituindo whitelisting (defeats XSS bypass via redirect) + Trusted Types Baseline 2024 (eliminates DOM XSS via trustedTypes.createPolicy + DOMPurify + require-trusted-types-for 'script') + Reporting-Endpoints + report-to directive, CSRF protection 2026 (SameSite=Lax cookie default Chrome 2020+ mitiga 95% CSRF naturally; Strict pra high-value; None+Secure cross-origin; Synchronizer Token + Origin/Referer check Fastify hook completo + Double-submit cookie SPA), JWT pitfalls produção (NEVER secrets em payload; alg:none attack ALWAYS hardcode algorithms; HS256/RS256 confusion; long-lived JWT > 30d revogation impossible; NEVER localStorage XSS; HttpOnly cookie pra SPA + Bearer pra mobile; kid rotation), rate limit patterns (per-IP + per-user + per-endpoint + adaptive + failed-auth backoff exponential), headers de segurança production-ready (HSTS 2y preload + nosniff + Permissions-Policy + COOP same-origin + COEP require-corp), stack Logística (Fastify @fastify/helmet + JWT RS256 access 15min + refresh httpOnly 30d rotated + CSP report-only staging → enforce prod + Snyk + Semgrep + Socket supply chain), pen test focus areas (IDOR cross-tenant + JWT manipulation + CSRF + SSRF AWS metadata IMDS v1 + prompt injection LLM), 10 anti-patterns observados.
edit framework/04-sistemas/04-10-ai-llm.md §2.21, RAG architectures + evaluation harnesses + production patterns — RAG architecture spectrum 5 levels (L0 naive 50% queries → L1 hybrid dense+sparse RRF 70% → L2 + reranker 80% → L3 query rewriting + multi-query +5% → L4 agentic +5%; cost decay tradeoff), hybrid retrieval implementation Postgres pgvector + tsvector com schema completo + RRF SQL query (Cormack 2009 k=60 canônico) + HNSW index, chunking strategy deep (fixed-size simples mas quebra meaning; semantic boundaries; recursive splitter LangChain; sentence-window context preservation; late chunking Jina 2024+; sweet spot 256-512 tokens com 10-20% overlap), reranker production (Cohere Rerank v3.5 $1/1k searches latency ~200ms vs BGE-Reranker self-host TEI), query rewriting + multi-query + HyDE pattern (LLM gera resposta sintética pra search docs), RAG evaluation harness (golden dataset 100-500 pares + metrics Recall@K/MRR/NDCG retrieval + faithfulness/answer-relevance/context-precision generation; tools RAGAS 0.2+ Python LLM-as-judge + Phoenix + DeepEval + Promptfoo; CI gate regressão > 2% blocks merge; online eval 1-5% sampled async), cost optimization 2026 (embedding $0.02/1M tokens; LLM Haiku 4.5 $0.80/1M input; prompt caching reduz 90% input cost em hit; tiered routing cheap → expensive; Logística 10k queries/dia $1800/mês → $500/mês com caching), Logística applied (KB docs query → embed → hybrid + rerank → top-5 → LLM com citation enforcement [doc_id] + refusal pattern), streaming UI (SSE retrieval 1-2s → "Pesquisando docs..." → stream LLM chunks), 10 anti-patterns observados.

2026-05-01, Review wave 20 — deep systems (Swift Concurrency + Kotlin Coroutines, CDN + edge + image opt, Wasm Component Model + WASI Preview 2, WebGPU + WebCodecs, formal methods TLA+/Alloy/P)

Vigésima onda do audit cross-stage. Foca em deep systems — frentes onde Senior+ precisa código copy-paste-pronto em APIs modernas (mobile concurrency nativo, edge runtime, Wasm composability, GPU compute, formal verification industrial), com numbers reais 2026 e anti-patterns observados.

edit framework/02-plataforma/02-17-native-mobile.md §2.19, Swift Concurrency + Kotlin Coroutines deep + structured concurrency patterns — Swift 5.9+ / Swift 6 strict 2024+ com async/await + Task + actor substituindo locks + Sendable enforce + @MainActor UI thread + cancellation via Task.checkCancellation(), pattern produção iOS Logística JobsViewModel com cancel-previous + start-new (latest wins) em refresh, AsyncSequence/AsyncStream consumindo WebSocket reactive (CLLocationUpdate.liveUpdates() iOS 17+), Kotlin Coroutines 1.7+ com Dispatchers.Main/IO/Default + structured concurrency coroutineScope { } cancel propagation + supervisorScope { } siblings independentes, viewModelScope + lifecycleScope.launch { repeatOnLifecycle(STARTED) } collect Flow só em foreground, pattern Android Logística JobsViewModel com MutableStateFlow exposto via asStateFlow(), Flow/StateFlow/SharedFlow decision (cold vs hot vs replay), NDK + JNI quando necessário (ML on-device TF Lite via JNI; ~100ns per call overhead; GlobalRef leak pegadinha), Universal Links iOS + App Links Android unified pattern com apple-app-site-association + assetlinks.json + autoVerify="true" + Cloudflare cache invalidation gotcha, custom URI scheme inseguro, 10 anti-patterns observados.
edit framework/03-producao/03-10-backend-performance.md §2.20, CDN deep + edge transformations + image optimization 2026 — CDN decision matrix 2026 (Cloudflare 300+ PoPs free 1TB; Vercel Edge Network Next.js-focused $0.40/GB; Fastly VCL/Compute@Edge purge < 150ms; AWS CloudFront $0.085/GB egress; Bunny cheap challenger; Akamai enterprise), cache key composition deep com Vary header pegadinha + cookie bucketize tiers (anon/auth_basic/auth_premium) via Worker pra preservar cache hit rate, TTL strategy (max-age=31536000, immutable static; s-maxage=60, stale-while-revalidate=300 HTML; stale-if-error=300 API resilience), tag-based invalidation Cloudflare Cache Tags + Fastly Surrogate Keys + Vercel revalidateTag() (purge tenant-X em < 200ms global), edge transformations (Cloudflare Workers V8 50ms CPU/req sem cold start; Vercel Edge Runtime; Fastly Compute@Edge Wasm; Lambda@Edge full Lambda), image optimization 2026 (AVIF Baseline 2024 30-50% smaller than WebP; WebP fallback; JPEG legacy; format negotiation via Accept; Cloudflare Images $5/100k stored; Vercel next/image; Imgproxy self-host $0 license), origin shield + tiered caching (Cloudflare reduz origin RPS 80%; CloudFront $0.0075/10k req), Brotli vs gzip vs zstd (Brotli 15-25% smaller; zstd 2-3x faster compression em dynamic), stack Logística (Cloudflare front + Imgproxy Railway + Vercel Edge Next.js + 99% cache hit static / 75% HTML / 30% API), 10 anti-patterns observados.
edit framework/03-producao/03-12-webassembly.md §2.17, Component Model + WASI Preview 2 deep (composability + capability-based security) — Component Model W3C 2024+ stable em wasmtime 19+/wasmer 5+/JCO 1+ supera core Wasm com types alto nível (string/list/record/variant/option/result) cruzando boundaries sem manual ABI shim, WIT (Wasm Interface Type) language declarativa + tooling gera bindings Rust/Go/JS/Python automaticamente, wac compose liga componentes (A imports B exports), exemplo WIT completo Logística routing engine package + interface + world, WASI Preview 2 stable 2024+ com standard interfaces capability-based (wasi:filesystem/http/cli/sockets/logging/io) onde componente NÃO tem ambient authority — host explicitly grants (sandbox por default, malicious code sem fs grant NÃO consegue ler /etc/passwd), wasi:http/incoming-handler pattern Rust com wit_bindgen::generate! + LogisticaApi impl rodando mesmo .wasm em wasmtime/Fastly Compute@Edge/Cosmonic/Wasmer Edge sem mudança código, JCO (@bytecodealliance/jco) transpile Wasm component → JS module preservando types + d.ts auto, composition multi-componente (auth-service exports auth.verify-token; orders-service imports + exports list; wac compose produz binário único; vantagem: testar isolado com mock auth + trocar impl sem rebuild), Logística applied (Rust → wasm32-wasip2 → Fastly Compute@Edge $0.50/M req cold start ~0ms p99 ~5ms VRP solver), limitations 2026 (multi-threading WIP; GC integration browser-only stable; async story estável mid-2026; binary 500KB-2MB; debug source maps WIP), 8 anti-patterns observados.
edit framework/03-producao/03-14-graphics-audio-codecs.md §2.18, WebGPU compute shaders + WebCodecs API (media processing pipelines) — WebGPU Baseline 2023 Chrome/Edge desktop, 2024 Safari iOS 17.4+/macOS 14.4+ + Firefox flag substituindo WebGL com compute shaders + storage buffers + bindless textures + async error handling, compute shader exemplo Logística diff entre delivery proof e expected (WGSL @compute @workgroup_size(8,8) + atomicAdd) com 4MP image em ~5ms desktop GPU vs 200-500ms CPU, WebGPU vs WebGL trade-off (WebGPU 80-85% browsers 2026; WebGL 95% legacy fallback) com pattern feature detection, WebCodecs API Baseline 2024 Chromium/Safari/Firefox 130+ direct hardware-accelerated encode/decode VideoEncoder/VideoDecoder/AudioEncoder/AudioDecoder substituindo MediaRecorder hacks, pipeline produção Logística compress delivery proof video em-browser antes de upload (canvas.captureStream(30) + MediaStreamTrackProcessor + VideoEncoder('avc1.42E01E', 1080p, 2Mbps, 30fps) + keyFrame regular + mp4-muxer + streaming upload; 1080p 30s → 5MB H.264 vs 50MB raw; encode 0.5x realtime mobile A14+, 0.2x desktop GPU), OffscreenCanvas + WebGPU + Worker (main thread transferControlToOffscreen(); Worker request seu próprio adapter/device), WebGPU mobile gotchas (iOS 17.4+ A14+ only; Android Vulkan-capable; battery throttling sustained load), HDR + wide-color (HDR10/HLG metadata via WebCodecs colorSpace; Display-P3 + CSS color-gamut: p3), stack Logística (courier WebCodecs encode delivery proof; dashboard WebGPU diff pickup/delivery em < 50ms client-side), 8 anti-patterns observados.
edit framework/04-sistemas/04-14-formal-methods.md §2.18, TLA+ vs Alloy vs P language — choosing the right tool — three tools three philosophies (TLA+ Lamport/MSR state-transition math-heavy industry-proven AWS S3 DynamoDB Cosmos DB Azure; Alloy MIT relational logic declarative structural invariants instant counterexamples; P language MSR event-driven state machines actors com code-gen C#/Go/Java verified Azure Storage USB driver), decision tree (distributed protocol = TLA+; schema/permission/structural = Alloy; event-driven actor = P; fast PoC = Alloy; production rigor = TLA+; code-gen needed = P), TLA+/PlusCal exemplo concreto Logística Saga AssignOrderToCourier (módulo completo Init/ReserveCourier/ChargeFee com compensation branch + Spec + invariant NoDoubleAssignment) rodando via TLC ou Apalache symbolic SMT-based, Alloy exemplo Logística multi-tenant access control (sig Tenant/User/Role/Order + pred canRead + assert NoCrossTenantRead + check), P language exemplo distributed lock acquire/release LockServer machine + spec MutualExclusion observer, workflow integrado formal methods em CI (specs em formal/ + TLC em PR de concurrency-critical change + counterexample = blocking review), state explosion mitigation (symmetry reduction Couriers indistinguíveis 100x reduction; bound model config small + smoke; Apalache symbolic; state constraint cap log growth), industry success cases (DynamoDB multi-region replication bug pre-prod; Cosmos DB 5 consistency levels; MongoDB Raft; Azure Storage P code-gen; Confluent exactly-once design), Logística applied 3 protocolos validáveis (Outbox + idempotent consumer = exactly-once business effect; Saga compensations ordem reversa + courier nunca duplo-reservado; multi-tenant zero cross-tenant leak), 8 anti-patterns observados.

2026-05-01, Review wave 19 — mobile, realtime, infra (RN Hermes + JSI + Reanimated 3 + Skia, presence at scale + message ordering cross-region, Terraform/OpenTofu modules, event sourcing operacional, OSS becoming maintainer)

Décima-nona onda do audit cross-stage. Foca em frentes operacionais Senior+ — mobile performance interna, realtime em scale, IaC module engineering, event sourcing pragmático e career path em OSS — com código copy-paste-pronto, números reais 2026 e anti-patterns observados.

edit framework/02-plataforma/02-06-react-native.md §2.18, Hermes engine + JSI + Reanimated 3 + Skia (RN performance deep) — Hermes bytecode AOT vs JSC JIT trade-off (cold start 25-40% melhor + RAM menor mas peak throughput 2x pior em pure JS), enable_hermes_jit opcional, Static Hermes 2025+ experimental (typed JS → native), JSI substituindo bridge JSON com TurboModule custom completo (3 partes: spec TS + codegenConfig + native impl ObjC++/Kotlin), Fabric renderer concurrent + C++ shadow tree + pegadinha setNativeProps legacy NÃO funciona, Reanimated 3 worklets em UI thread com restriction de capture (objetos ricos viram undefined), gesture pattern Logística order card expandindo via Gesture.Pan().onChange() + useAnimatedStyle(), runOnJS/runOnUI cruzando threads, Skia GPU-accelerated 2D pra mapa custom Logística com courier markers + polyline animada (60fps mesmo low-end Android), MMKV via JSI 30x faster que AsyncStorage (sync API sem await), 8 anti-patterns observados (JSC em prod, setNativeProps em Fabric, worklet capturando objeto rico, shared value sem withTiming, runOnJS em hot gesture, AsyncStorage em hot reads, Skia em UI estática, TurboModule sem codegenConfig).
edit framework/02-plataforma/02-14-realtime.md §2.17, presence at scale + message ordering cross-region — naive presence (TTL refresh) explode em > 10k concurrent (200k ops/s só de heartbeat), pattern hierárquico Discord/Slack com presence shards per-channel reduzindo 50x, presence diff strategy via Redis Set + Lua atomic + Pub/Sub {joined,left} (recovery via SMEMBERS + diff stream), message ordering cross-region trade-off (total ordering global = 100-300ms cross-region inaceitável; per-conversation home region via consistent hash = pragmático em 99% chat apps; HLC tags pra ordering local cliente), sharding fan-out com Redis Cluster pegadinha (Pub/Sub classic é cluster-wide custoso → Sharded Pub/Sub Redis 7+ via SSUBSCRIBE evita cross-node), WS connection sharding com Linux tuning (ulimit -n, somaxconn, ephemeral ports), L4 NLB ip-hash vs L7 ALB stickiness pra WebSocket sticky, comparativo 2026 Soketi/Centrifugo/Pusher/Ably (self-host threshold < 50k concurrent vs Centrifugo cluster vs Ably managed multi-region), stack Logística completo (Centrifugo 3 nodes, ~250k subs, per-tenant home region via consistent hash by tenant_id), 8 anti-patterns observados.
edit framework/03-producao/03-06-iac.md §2.19, Terraform module patterns + OpenTofu fork status 2026 — OpenTofu fork após HashiCorp BSL change (Aug 2023 → Linux Foundation Jan 2024), drop-in compat com Terraform 1.5.x + features TF não-terá (state encryption nativo, test framework rico, for_each em providers), migration terraform init → tofu init zero-friction, decision tree (greenfield = OpenTofu; legacy TF Cloud heavy = TF até migrar), module design composition over inheritance + inputs com validation blocks (precondition TF 1.2+) + outputs como API estável + sem provider blocks dentro de modules (anti-pattern famoso), source pinning OBRIGATÓRIO (?ref=v2.1.3 ou Registry version), for_each vs count blast radius rule (count re-cria índices subsequentes em delete; for_each map keys estáveis), refactoring sem destroy/recreate via moved block (TF 1.1+/OpenTofu 1.6+) + removed block (TF 1.7+) + import declarative block (TF 1.5+), lifecycle meta-args (prevent_destroy em RDS prod, ignore_changes em tags CI, create_before_destroy em LT/TG, replace_triggered_by), módulo ecs-service Logística completo com validation CPU + lifecycle CI-driven, 10 anti-patterns observados.
edit framework/04-sistemas/04-03-event-driven-patterns.md §2.18, event sourcing operacional (versioning, snapshots, projection rebuild) — event store Postgres schema canonical com (stream_id, version) PK + global_seq BIGSERIAL pra projection consumers + INSERT ON CONFLICT DO NOTHING retry pra optimistic concurrency, 5 strategies de event versioning (weak schema additive only, upcast on read em aggregate, lazy migration background re-write, multiple events per change deprecation, snapshot bump invalidando schema_version) com decision tree por size + cost, snapshot pattern (cache derivado a cada N=50-100 events; NUNCA fonte de verdade, sempre re-apply), Logística snapshot Order com 200+ status events reduz hydration 200ms → 5ms, projection rebuild greenfield zero-downtime via global_seq=0 catch-up + sharding por stream_id hash (10M events × 1ms = 3h single-thread; paralelizado 30min), concurrency control + idempotency com command_id em metadata pra dedup retry, outbox + projection consumers idempotent UPSERT + lag monitoring SLO p99 < 500ms, 5 event design rules (past tense + entity, immutable, self-contained, bounded context naming, no FK em payload), end-to-end Logística Order aggregate com OrderPlaced/CourierAssigned/PickedUp/Delivered/Cancelled + 3 projections (orders_view, dashboard_aggregate, delivery_eta) + CourierAssignedV1 → V2 upcast inferindo vehicle_type, 9 anti-patterns observados.
edit framework/04-sistemas/04-15-oss-maintainership.md §2.18, becoming a maintainer (PR triage, RFC participation, trust ladder) — trust ladder observada em projetos sérios (Node.js/React/Postgres/Linux): external contributor → frequent → triager → reviewer → committer → core/TSC com numbers reais (12-24 meses + 30+ PRs significantes + 100+ reviews), choosing project decision framework (alignment com prod usage + health signals PR < 30d / issues < 7d / 3+ active maintainers + sweet spot > 10k stars + visibility) e avoid (bus factor 1, governance opaca), first contribution playbook (CONTRIBUTING.md linha por linha, good first issue claim antes de codar, PR < 200 LOC single concern, conventional commit, description responde O QUE/POR QUE/COMO testar/BREAKING), receiving review (engage substantively NÃO performance, address each comment explicit, squash norm por projeto, "nit" ainda merece fix), RFC participation (search closed antes de propor, structure problem→motivation→3+ alternatives→chosen→migration→drawbacks, engage early antes de implementação completa), reputation building (review antes de pedir review, triage sem permission, data-driven em discussions), when to walk away (silent maintainer 30d, hostile culture, vision misalignment, burnout), Logística applied @logistica/idempotency-kit extraído após 6+ meses prod, 8 anti-patterns observados.

2026-05-01, Review wave 18 — platform fluency (CSS layers + container queries, modern Web APIs, Redis Streams consumer groups, contract testing + fuzzing, OTel SDK + Collector)

Décima-oitava onda do audit cross-stage. Foca em fluência de plataforma — APIs modernas e padrões operacionais onde Senior+ precisa código copy-paste-pronto, números reais 2026 e anti-patterns observados em produção.

edit framework/02-plataforma/02-01-html-css-tailwind.md §2.14, CSS layer architecture + container queries 2026 — @layer (CSS Cascade Level 5) com 5-layer canonical architecture (reset, base, tokens, components, utilities, overrides) defeating specificity wars sem !important, Tailwind v4 three-layer model (theme/base/components/utilities), @container deep com inline-size vs size (containment trade-off com intrinsic-sized children) e exemplo OrderCard Logística adaptando entre sidebar wide e lista densa via container queries em vez de viewport, container query units (cqw/cqi/cqb/cqmin), :has() Selectors L4 com 3 patterns produção (form :invalid highlight, card featured-badge, layout swap sidebar empty) + perf warning, color spaces oklch perceptual uniform substituindo hsl + color-mix() pra variants + light-dark() Baseline 2024 dispensando media query, Tailwind v4 native CSS com @theme (config.js descontinuado), 8 anti-patterns observados.
edit framework/02-plataforma/02-03-dom-web-apis.md §2.13, Modern Web APIs 2026 (View Transitions, Popover, @starting-style, Web Locks, OPFS) — View Transitions API same-document (document.startViewTransition) e cross-document MPA via @view-transition, view-transition-name + pseudo-elements ::view-transition-old/new/group(name), pattern Logística lista pedidos → detalhe com hero crossfade + prefers-reduced-motion cancel + promise interface (ready/finished/updateCallbackDone), Popover API Baseline 2024 substituindo Floating UI/Radix com popover attribute + popovertarget + native top-layer/light-dismiss/focus management, ::backdrop styling, 3 padrões produção (tooltip, menu, modal substitute), @starting-style permite animar IN sem JS hack via transition-behavior: allow-discrete, Web Locks API pra leader election cross-tab (Logística decide qual tab mantém WebSocket courier tracking), OPFS sandboxed filesystem privado por origin com sync API em Worker pra SQLite WASM/blobs grandes, 8 anti-patterns observados.
edit framework/02-plataforma/02-11-redis.md §2.19, Redis Streams + consumer groups production deep — fundamentals revisited (IDs <ms>-<seq>, MAXLEN approximate ~, persistence AOF/RDB, vs Pub/Sub sem retention vs Kafka sem partitioning real), consumer groups (XGROUP CREATE, XREADGROUP COUNT N BLOCK 5000 STREAMS > , PEL pendentes, XACK confirma, XAUTOCLAIM Redis 6.2+ reassign messages órfãs, idle time detection), worker pattern TypeScript completo com loop XREADGROUP + reclaim cron 60s + try/catch ack-only-success + DLQ via XADD outro stream + graceful shutdown, caso real Logística courier location ingest com producer XADD + consumer group dispatchers × 3 workers paralelos + grupo analytics independente offset próprio + MAXLEN ~1M retention 24h, Cluster + Streams (key vai pra UM slot) com particionamento manual via hashtag {shard0}, decision table Streams vs Kafka/NATS JetStream/RabbitMQ Streams/SQS FIFO, 8 anti-patterns observados (Pub/Sub event sourcing crítico, ACK antes de processar, sem XAUTOCLAIM cron, MAXLEN exato sem ~, consumer name não estável, mistura XREAD/XREADGROUP, sem hashtag em Cluster, sem DLQ permanent failures).
edit framework/03-producao/03-01-testing.md §2.19, contract testing (Pact) + fuzzing patterns — por que CDC vence integration test entre serviços (latência E2E + flakiness + cross-team coordination), Pact JS 12 + Pact Spec v4 + Pactflow broker workflow consumer/provider com can-i-deploy CLI gate em CD pipeline, código TypeScript consumer (Pact.given().uponReceiving().withRequest().willRespondWith()) + provider Verifier, Logística applied backend↔courier mobile com GET /jobs?lat=&lng=&radius_km= retornando payout_cents + breaking change scenario (rename → payout_value) bloqueado por can-i-deploy --to-environment production, schema-first vs Pact decision (consumer count × deploy independence), bidirectional contract testing Pactflow (provider OpenAPI + consumer Pact, sem provider verifier rodando), fuzzing patterns Schemathesis (OpenAPI fuzzer 5000 inputs em minutos), Restler stateful (Microsoft), Jazzer.js (libFuzzer Node), fast-check + Zod-fuzz, Logística applied fuzzing (webhooks POST /webhooks/:source Unicode em CPF crash + POST /orders Zod schema), 9 anti-patterns observados (timestamps reais, sem provider_states, sem can-i-deploy gate, fuzzer sem corpus seed, Schemathesis em DB compartilhado, etc.).
edit framework/03-producao/03-07-observability.md §2.20, OTel SDK + Collector pipeline + structured logging — SDK Node setup production-ready com auto-instrumentation HTTP/pg/redis/fetch + manual NodeSDK em tracing.ts carregado via --require antes do app code, OTLPTraceExporter/MetricExporter/LogExporter pra Collector gRPC :4317 + resource attributes obrigatórios (service.name/version, deployment.environment, service.instance.id), Collector como pipeline central (Agent DaemonSet vs Gateway centralizado) com 3 estágios receivers→processors→exporters + YAML config completo (otlp + memory_limiter + attributes/redact PII + tail_sampling 5% + 100% errors + 100% slow + batch + exporters Tempo/Mimir/Loki), trace propagation cross-service W3C traceparent automático em HTTP/gRPC mas manual em messaging via @opentelemetry/instrumentation-kafkajs, structured logging pino + trace correlation via mixin extraindo trace.getActiveSpan()?.spanContext() (clica log abre trace bidi em Grafana), sampling decision tree head-based parentbased(traceidratio(0.1)) vs tail-based Collector decision_wait 30s + numbers reais 2026 (10k req/s sem sampling = $3-5k/mês SaaS; com tail-based 5% + errors = $300/mês com signal preservado), cardinality control http.route template baixa cardinality vs http.target IDs explosion, stack Logística completo Apps→DaemonSet Collector→Gateway Collector tail-sampling+PII mask→Tempo+Mimir+Loki S3-backed→Grafana, 9 anti-patterns observados (SDK init pós app, service.name genérico, propagation ausente em messaging, head 1% low-traffic, tail sem memory_limiter, http.target cardinality $20k, logs sem trace_id, pino-pretty em prod, Collector sem batch).

Décima-sétima onda do audit cross-stage. Foca em strategic depth — frentes onde Senior+ precisa argumentar com CFO/founder sobre $$, escolher framework deliberadamente, evoluir arquitetura por estágio sem prematurar, e cobrir frentes invisible (a11y + cost) que custam caro depois.

edit framework/04-sistemas/04-16-product-business-economics.md §2.19, unit economics deep — fórmula CAC com inclusões/exclusões corretas (sales+marketing salaries, ads, ferramentas; NÃO customer success/eng/infra), 3 níveis de LTV (quick com gross margin × 1/churn; cohort-adjusted; discounted NPV pra valuation série B+), CAC payback period (< 12m saudável SaaS B2B), LTV:CAC ratio (3:1 mínimo, 5:1+ excelente), cohort analysis em SQL completo (CTE com cohorts × activity × cohort_size), COGS per request decomposed em compute/db/storage/network/3rd party, engineering ROI rule (infra < 15% revenue → growth; > 25% → cost optimization), modelo Logística end-to-end com numbers reais ($500 ARPU × 75% margin × 1/0.03 churn = $12,500 LTV), 8 anti-patterns observados.
edit framework/02-plataforma/02-08-backend-frameworks.md §2.18, backend frameworks 2026 deep — benchmarks reais de RPS + latência p99 (Bun.serve 250k, Hono+Bun 240k, Elysia+Bun 220k, Fastify+Node 85k, Express 25k, Next.js Route Handlers 20k) com disclaimer (DB queries dominate em prod), Fastify production-ready com Zod schema-first + hooks lifecycle, Hono universal runtime (Workers/Bun/Deno/Node/Lambda), Elysia TypeScript-first em Bun nativo, Next.js Route Handlers pra fullstack, decision tree por workload, migration patterns (Express→Fastify shim, Express→Hono rewrite, Node→Bun compat), plugins ecosystem comparison table, 7 anti-patterns observados.
edit framework/04-sistemas/04-07-architectures.md §2.18, architecture decision por estágio — v1 PMF (modular monolith Logística com monorepo + 1 API + 1 Postgres + Railway, equipe 2-8), v2 growth (extract notifications/image processing/cron pra serviços; API ainda monolítico 80%, equipe 8-25), v3 service-oriented (8-15 services bounded contexts via DDD + API Gateway + DB per service + Kafka spinal cord + outbox pattern, equipe 25-100), v4 multi-region (regional deploys US/EU/BR + edge functions + serverless bursty workloads + multi-cluster K8s, equipe 100+), decision tree de quando extrair serviço (5 critérios), signals de estágio errado, custo real de cada transição (v1→v2 2-3 meses, v2→v3 9-12 meses, v3→v4 6-12 meses), 8 anti-patterns observados.
edit framework/02-plataforma/02-02-accessibility.md §2.17, ARIA patterns aplicados + screen reader testing + automated CI a11y — first rule "no ARIA é melhor que bad ARIA", 5 patterns canônicos com TSX completo (Modal com focus trap + restore focus + portal, Combobox com aria-activedescendant, Live region polite/assertive, Disclosure accordion, Tabs com Home/End/Arrow), screen reader testing workflow real (NVDA/JAWS/VoiceOver/TalkBack), automated CI com axe-core + Playwright + Storybook a11y addon (axe cobre ~57% WCAG; manual obrigatório resto), checklist Logística a11y por feature (12 itens), 10 anti-patterns observados (div onClick, outline:none sem replacement, aria-label em texto visível, modal sem focus trap, etc.).
edit framework/03-producao/03-05-aws-core.md §2.21, AWS cost optimization deep — 5 alavancas com numbers 2026 (RI/Savings Plans 30-72%, Spot 50-90%, S3 lifecycle 40-95%, NAT Gateway $0.045/GB armadilha invisível, egress $0.09/GB internet vs free CloudFront), Compute Savings Plan 1-year no-upfront como default, Spot pra Karpenter/CI/staging com interruption notice handling, S3 lifecycle policy JSON Logística (Standard → IA 30d → Glacier IR 90d → Deep 365d), VPC Endpoints (S3/DDB free gateway; ECR/Secrets/KMS interface) substituindo NAT, CloudFront free tier 1TB/mês egress + cache hit rate, Lambda tuning (memory sweet spot via Power Tuning, ARM Graviton 20% cheaper, SnapStart), Aurora Serverless v2 + I/O-Optimized decision, FinOps tooling (Cost Explorer/Budgets/Anomaly Detection/CUR Athena/Vantage/infracost em PR), tagging strategy obrigatória, stack saving Logística completo (-62%: $40k → $15k/mês em 2 semanas eng work), 10 anti-patterns observados.

2026-05-01, Review wave 16 — data rigor (Mongo schema design, Node event loop, logical clocks, payment webhooks, graph DBs Cypher)

Décima-sexta onda do audit cross-stage. Foca em rigor de dados e sistemas — patterns onde Senior+ paga preço caro com schema/ordering errado, código copy-paste-pronto e anti-patterns reais.

edit framework/02-plataforma/02-12-mongodb.md §2.18, schema design deep — embed vs reference decision matrix por padrão de acesso, embed pattern com Order + items + courier snapshot (snapshot de campos imutáveis-no-contexto + ref pra source of truth), reference pattern com tracking_pings em time-series collection (Mongo 6+ com expireAfterSeconds), schema versioning via schemaVersion field + lazy migration, aggregation patterns ($match first + $lookup com pipeline + $facet + $merge pra materialized views), allowDiskUse e maxTimeMS em pipelines pesados, transactions com withTransaction + retry em TransientTransactionError + custo 2-5x latência, 9 anti-patterns observados.
edit framework/02-plataforma/02-07-nodejs-internals.md §2.18, event loop blocking detection + worker_threads vs cluster + libuv pool — monitorEventLoopDelay com Prometheus gauge (p99 < 50ms healthy), monitorEventLoopUtilization (Node 14.10+) pra capacity, worker_threads + Piscina pool pra CPU-bound (offload sem block), cluster pra paralelismo I/O fora-K8s (em K8s usar HPA), libuv UV_THREADPOOL_SIZE tuning pra DNS/crypto/fs/zlib, diagnostic toolkit production (--cpu-prof, --heap-prof, clinic.js, 0x), stack Logística com Fastify + Piscina pool, 8 anti-patterns observados.
edit framework/04-sistemas/04-01-distributed-systems-theory.md §2.21, logical clocks deep — Lamport timestamp (total ordering simples mas perde causalidade real), vector clocks (causalidade exata mas O(N) bytes com pruning trick), Hybrid Logical Clocks HLC (Kulkarni 2014, wall-clock + logical em 64-bit, usado em CockroachDB/MongoDB clusterTime/YugabyteDB), código TypeScript completo com compare() static pra cada, decisão por uso Logística (LWW status → HLC, multi-master sibling → vector, audit log readable → HLC, CRDT → vector), production gotchas (NTP skew, leap seconds smear, VM migration clock jump, persistence ao restart), integração com message broker via headers, 7 anti-patterns observados.
edit framework/02-plataforma/02-18-payments-billing.md §2.19, webhook security + reconciliation + dispute handling — 5 layers de webhook security (signature verification com stripe.webhooks.constructEvent em raw body, replay attack via timestamp tolerance 300s, idempotent processing com processedWebhooks table TX, out-of-order handling via event.created timestamp comparison, quick ack < 5s + async processing via inbox), reconciliation diária cron com diff Stripe ↔ DB ↔ ledger, triple-entry ledger pattern (PSP + DB + accounting double-entry SQL imutável), dispute (chargeback) handling com evidence package + win rate típico (Stripe 30-50% pra fraud), Pix-specific Brasil (SPI/Bacen reconciliation), webhook retry policy table por PSP (Stripe 3 dias, Adyen 8 retries 12h), end-to-end Logística pipeline payment + webhook + ledger, 9 anti-patterns observados.
edit framework/02-plataforma/02-16-graph-databases.md §2.16, Cypher patterns aplicados — 4 cenários canônicos onde graph vence SQL (multi-hop traversal 4+ hops, pathfinding, pattern matching subgraphs, variable depth com filter), 5 patterns Cypher production-ready (multi-hop friend recommendation Logística couriers com WORKED_WITH*2..3, fraud detection cycle kickback ring com duration filter, shortest path Dijkstra via APOC, variable-depth recommendation com filter, subgraph extraction pra GNN ML feature engineering), decisão graph dedicado vs Postgres (Neo4j/Memgraph/Apache AGE/Postgres recursive CTE/ltree), padrão híbrido recomendado (Postgres source + CDC + Neo4j projection), schema design no graph (minimal node properties + edge properties + index obrigatório), comparação tooling 2026 (Neo4j 5.x/Memgraph/AGE/TigerGraph/Neptune/Dgraph), 8 anti-patterns observados.

2026-05-01, Review wave 15 — engineering rigor (Next.js PPR + cache layers, ORM N+1 + DataLoader, idempotent consumer, Saga patterns, K8s production resilience)

Décima-quinta onda do audit cross-stage. Foca em rigor de engenharia — patterns operacionais onde Senior+ paga preço caro por implementação ingênua, com código copy-paste-pronto e anti-patterns reais.

edit framework/02-plataforma/02-05-nextjs.md §2.21, Partial Pre-Rendering (PPR) + 4 cache layers — Request Memoization (per-request dedup), Data Cache (cross-request com revalidate/tags), Full Route Cache (static HTML), Router Cache (client-side com staleTime), PPR híbrido static/dynamic com Suspense em rota única, código completo Logística com unstable_cache + revalidateTag granular + Server Action, cache observability (x-nextjs-cache, build log, Cache-Control), distributed cache handler com Redis + tag-based invalidation pra multi-instance, 8 anti-patterns observados (fetch sem wrapper, router.refresh esquecido, revalidate em endpoint volátil, multi-instance sem handler, cookies em layout root, unstable_cache sem keyParts, tag genérica, build-time fetch volátil).
edit framework/02-plataforma/02-10-orms.md §2.16, N+1 detection + DataLoader pattern + query analysis — anatomy de N+1 com Drizzle/Prisma, 3 fixes (eager via with/include, SELECT IN batch quando JOIN é cartesian, DataLoader per-request), detection via logger + AsyncLocalStorage counter + APM (Datadog/Sentry/New Relic), query analysis tooling (pg_stat_statements, PgHero, pganalyze, EXPLAIN ANALYZE em ORM-generated query), 5 eager loading anti-patterns (over-fetch, cartesian explosion, getter lazy, DataLoader compartilhado, sem maxBatchSize), query budget per endpoint como SLO, stack pragmático Logística completo com Drizzle + DataLoader.
edit framework/04-sistemas/04-02-messaging.md §2.18, idempotent consumer + 4 deduplication strategies — fundamento "exactly-once = at-least-once + idempotent consumer" (FLP impossibility), 4 strategies em código (idempotency table com TX atomic + cleanup cron, natural idempotency via UPSERT condicional para LWW, inbox pattern com FOR UPDATE SKIP LOCKED desacoplando receiver de processor, external side effect com Stripe idempotencyKey), decision tree por cenário, DLQ + poison message handling com max attempts + alert, pipeline Logística end-to-end Order Outbox + Inbox + Notification, 8 anti-patterns observados (trust em "exactly-once" do broker, ack antes de processar, check fora de TX, sem cleanup, DLQ sem alert, replay sem partial assumption, message_id de timestamp, external sem idempotency key).
edit framework/04-sistemas/04-08-services-monolith-serverless.md §2.21, Saga patterns deep — choreography (event-driven Kafka, loosely coupled mas business logic distribuído) vs orchestration (central coordinator, business logic visível mas tight coupling), Temporal workflow durável com proxyActivities + retry automatic + compensation array em LIFO, compensating transaction design rules (idempotente, ordem reverso, não-undo perfeito, pivotal step), state machine vs free-form workflow, decisão híbrida Logística (PlaceOrder = Temporal orchestration; status propagation = Kafka choreography), 7 anti-patterns observados (distributed monolith, sem timeout, compensation falha em silêncio, coordinator em-memória, sem saga ID, cyclic events, refund-then-charge), tooling 2026 (Temporal/Restate/Step Functions/Camunda 8/Inngest).
edit framework/03-producao/03-03-kubernetes.md §2.21, K8s production resilience — PodDisruptionBudget com unhealthyPodEvictionPolicy: AlwaysAllow (1.27+), Topology Spread Constraints com maxSkew + matchLabelKeys (1.27+) protegendo AZ failure, anti-affinity como complemento, PriorityClass pra eviction order (critical-prod 100k vs best-effort-batch 1k) + system critical reservados, QoS classes (Guaranteed/Burstable/BestEffort) com regra prod, descheduler com LowNodeUtilization + RemovePodsViolatingTopologySpreadConstraint, eviction thresholds tuning kubelet (hard vs soft), stack Logística completo orders-api com todas defenses ligadas (PriorityClass + topology spread zone + Guaranteed QoS + 3 probes + PDB minAvailable 4 + grace 60s), 9 anti-patterns observados, validation toolkit (kubectl drain dry-run, kubent, kubescape, chaos-mesh).

2026-05-01, Review wave 14 — platform edges (OAuth2 PKCE mobile, ADR deep, RUM web-vitals, backpressure end-to-end, Docker secrets)

Décima-quarta onda do audit cross-stage. Foca em fronteiras de plataforma — handoffs entre layers (browser↔server, app↔queue, build↔runtime) onde Senior+ paga preço caro se trata superficialmente.

edit framework/02-plataforma/02-13-auth.md §2.19, OAuth2 PKCE para mobile com Authorization Code Grant deep — mecânica code_verifier/code_challenge SHA256 (RFC 7636 + OAuth 2.1 BCP 2025), código Expo/React Native completo (PKCE pair generation, AuthSession.startAsync, token exchange, SecureStore com keychainAccessible WHEN_PASSCODE_SET), refresh rotation handling com singleflight pra evitar race em parallel requests, Universal/App Links vs custom URI scheme (code intercept attack), logout completo RFC 7009 token revocation + RP-initiated end-session, 8 anti-patterns observados (PKCE plain method, state faltando, refresh em AsyncStorage, implicit flow, static client_secret, custom URI sem app links, sem singleflight, token em deep link log), config minimal AS compatible Hydra/Keycloak/Auth0.
edit framework/04-sistemas/04-12-tech-leadership.md §2.22, Architectural Decision Records (ADR) deep — quando ADR é obrigatório (heurística hard-to-reverse, cross-team, controversial, viola pattern), template MADR completo (Status/Date/Deciders/Consulted/Informed + Context + Decision Drivers + Considered Options + Decision Outcome + Pros/Cons + Links + Notes) com exemplo Iceberg adoption, lifecycle workflow (Proposed → Accepted → Deprecated/Superseded/Rejected) e regra de manter rejected docs, repo structure 4-digit numbering + slug verb-forte, tooling (adr-tools + log4brains + CI label needs-adr), padrão RFC vs ADR por size de time, exemplo Logística track de 12 meses, 7 anti-patterns observados (ADR pra tudo, sem alternativas, escrito após implementação, status nunca atualiza, design doc gigante, sem template enforced, sem reviewer), 4 métricas de programa (throughput, diversity de autores, superseded ratio, time-to-decision).
edit framework/03-producao/03-09-frontend-performance.md §2.19, Real User Monitoring (RUM) deep — Core Web Vitals 2026 com INP substituindo FID em 2024-03 (thresholds e percentile p75 origin), web-vitals v4 código completo com sendBeacon + keepalive fallback, attribution data por métrica (LCP element/url/loadDelay; INP eventTarget/inputDelay/processingDuration/longestScript; CLS largestShiftTarget/loadState) que vira ação concreta, backend Edge runtime + sampling client-side (10% high-traffic + 100% low-traffic ou per-session persistent), 3 dashboards essenciais (p75 trend, distribution histogram, attribution heatmap), Logística por user journey (pickup-confirm vs homepage), comparação stack 2026 (SpeedCurve LUX/Datadog RUM/Sentry/Cloudflare WA/OTel+ClickHouse com custos 1M PV/mês), 8 anti-patterns observados (Lighthouse-driven sem RUM, sem attribution, CrUX só, sampling sem persistência, send sem keepalive, reportAllChanges true em prod, sem device/connection metadata, CLS sem loadState), performance budget enforcement no CI.
edit framework/04-sistemas/04-09-scaling.md §2.20, backpressure end-to-end deep — 4 layers cascateados (TCP slow-start + cwnd/rwnd com pegadinha tcp_rmem em high-RTT, app Reactive Streams com RxJS/async iterator + p-limit bounded parallelism, queue prefetch + manual ack RabbitMQ/Kafka eachBatchAutoResolve false/SQS visibility timeout, producer load shedding 503 + Retry-After + adaptive concurrency Netflix), decision tree drop/buffer/throttle/backpressure por workload (analytics drop, financial backpressure, API load shed, background throttle, bulk cursor), pipeline Logística stack completo end-to-end com backpressure ativo em cada hop, observability obrigatório por layer (TCP via ss/eBPF, app via gauges, queue lag/depth, producer 503 rate), 8 anti-patterns observados (buffer unbounded, drop silencioso sem métrica, retry sem backoff em saturação, for...of em stream, Kafka sem manual offset, RabbitMQ prefetch unlimited, load shed por CPU%, backpressure só em uma camada).
edit framework/03-producao/03-02-docker.md §2.20, secrets em containers — anti-patterns Dockerfile (ENV/ARG/COPY .env vazam em layers/history/inspect), build-time correto com BuildKit --mount=type=secret + SSH agent forwarding (--mount=type=ssh), 4 padrões runtime (env vars caveat, env-file, tmpfs mount, IMDS/Vault/SecretsManager com cache 5min e IRSA/Workload Identity), Docker Swarm secrets pra legacy, K8s 3 padrões (Secret resource com encryption-at-rest etcd config, External Secrets Operator sync de Vault/AWS, CSI Secret Store Driver mount sem K8s Secret), detecção via gitleaks pre-commit + trufflehog --only-verified em CI, 8 anti-patterns observados (ENV em Dockerfile, ARG pra secret, COPY .env, process.env dump em exception, connection string em log, K8s Secret sem encryption etcd, SA cluster-admin, sem rotation policy), validation bash pra secret leak audit local.

2026-05-01, Review wave 13 — systems craft (Go concurrency, ClickHouse query opt, search relevance tuning, SLO burn rate, Postgres tuning sob carga)

Décima-terceira onda do audit cross-stage. Foca em craft de sistemas — patterns operacionais de produção onde Senior+ precisa código copy-paste-pronto, números reais, e anti-patterns que mordem em scale.

edit framework/03-producao/03-11-systems-languages.md §2.18, Go concurrency patterns aplicados — 7 patterns production-ready (errgroup com context cancellation + SetLimit, select com timeout + ctx.Done() evitando time.After leak, context propagation cross-service com r.Context() e WithValue, pipeline channels fan-out/fan-in com defer close + select em send, graceful shutdown com signal.NotifyContext + shutdown ctx separado, goroutine leak detection com goleak + pprof, sync.Pool com Reset obrigatório), 7 anti-patterns observados (goroutine sem ctx.Done, time.After em loop, lock across channel send, channel não-buffered fan-out, recover sem propagação, context.Background em handler HTTP, errgroup sem SetLimit), race detector + linters obrigatórios.
edit framework/03-producao/03-13-time-series-analytical-dbs.md §2.18, ClickHouse query optimization deep — sorting key escolhido como filtro frequente (tenant-first, not timestamp-first), 5 tipos de skip indexes (minmax/set/bloom_filter/tokenbf_v1/ngrambf_v1) com matriz de quando cada um vence, projections como segunda cópia ordenada transparente, materialized views com AggregatingMergeTree + uniqState/uniqMerge HLL, caso real Logística fact_tracking_pings com TTL hot/cold tiers, query rewrite patterns (PREWHERE, SAMPLE, LIMIT N BY), 7 anti-patterns observados (SELECT *, fact-fact JOIN, skip index sem EXPLAIN validation, sorting key 10 colunas, update/delete frequente em MergeTree, ORDER BY sem LIMIT, sem PARTITION BY), diagnostic toolbox via system tables.
edit framework/02-plataforma/02-15-search-engines.md §2.18, relevance tuning operacional — métricas offline (NDCG@10, MRR, MAP@K, Recall@K), construção de golden dataset (100-500 query/relevant_docs com Argilla/Label Studio), código TypeScript de NDCG@10 pra CI guardrail, synonyms 2-tier (bidirectional vs one-way) com Elasticsearch synonym_graph + pegadinha de só no search_analyzer, boosting com function_score (field_value_factor + gauss decay) com cap em 2-3x pra evitar spam, learning-to-rank quando vale (clickstream > 100k events/mês, baseline saturou) com Elasticsearch LTR plugin + LightGBM pipeline, online A/B test com guardrails (latency p99, zero-result rate), 6 anti-patterns observados (synonym bidirectional sem cuidado, popularity boost sem freshness penalty, LTR sem golden dataset, embedding sem rerank, esquecer query understanding, NDCG offline melhora online degrada).
edit framework/03-producao/03-15-incident-response.md §2.18, SLO error budget burn rate alerts — tabela canônica Google SRE de 4 alerts MWMBR (14.4x/6x/3x/1x com long+short windows pareados), PromQL recording rules + alerting rules completos pra orders endpoint, Alertmanager routing por severity (PagerDuty critical, Linear/Jira warning), 3 panels Grafana essenciais, SLO definition YAML template processável por Pyrra/Sloth/OpenSLO spec CNCF, error budget policy template (< 50% normal, 50-80% extra review, 80-100% freeze non-critical, > 100% hard freeze + postmortem), 6 anti-patterns observados (single window, sem short window check, target irreal 99.999%, SLO de coisa não-customer, sem error budget policy, alert sem runbook).
edit framework/02-plataforma/02-09-postgres-deep.md §2.20, Postgres tuning sob carga — formula pragmática 32GB RAM (shared_buffers 25% RAM, effective_cache_size 75%, work_mem por NÓ não conn), pgbouncer transaction-mode obrigatório com max_connections baixo, autovacuum tuning com per-table override pra hot tables (autovacuum_vacuum_scale_factor 0.02 + fillfactor 90), bloat detection via pg_stat_user_tables + pgstattuple + pg_repack online, checkpoint tuning anti-spike (timeout 15min + max_wal_size 8GB + completion_target 0.9), config Logística production completo (32GB/8 vCPU/SSD), diagnostic queries (top por exec_time, cache hit ratio, wait events, connection state), 7 anti-patterns observados (shared_buffers > 40% RAM, work_mem alto global, max_connections 500 sem pgbouncer, autovacuum desligado, checkpoint sem max_wal_size, sem log_min_duration_statement, tunar via blog sem medir), validation toolkit (pgbench, pg_stat_statements, auto_explain, pgbadger, PgHero).

2026-05-01, Review wave 12 — applied depth (specification pattern, dbt incremental, SBOM/VEX, React 19 use()/cache(), agentic patterns)

Décima-segunda onda do audit cross-stage. Foca em padrões aplicados onde Senior+ encontra peso operacional real — escolhas que custam meses se erradas e onde framework precisa código copy-paste-pronto.

edit framework/04-sistemas/04-06-domain-driven-design.md §2.17, specification pattern e invariants no código — interface Specification<T> com and/or/not combinators, SqlSpecification com toSqlClause() (paridade in-memory ↔ SQL como killer feature), distinção operacional invariant/precondition/validation, encoding em código (smart constructors com Result<T, E>, value objects que validam uma vez, assertInvariants() ao fim de mutações), Order aggregate completo com pattern aplicado, 5 anti-patterns observados (anemic model, spec só in-memory virando OOM, validações duplicadas, if-statements espalhados), quando spec pattern é overkill (CRUD, app pequena, regras só UI).
edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.9.1, dbt incremental strategies decisão e código real — matriz comparativa append/merge/delete+insert/insert_overwrite (modelo, quando usa, DB suportado, race conditions), deep dive em cada strategy com SQL copy-paste-pronto, decision tree operacional, late-arriving data com lookback_window, backfill por janela com --vars, idempotency tests, monitoring com Elementary/re_data, 5 anti-patterns observados (incremental sem is_incremental(), unique_key sem constraint, append em source com retries, ignorar late data, delete+insert em horário de pico).
edit framework/03-producao/03-08-applied-security.md §2.20, SBOM lifecycle e VEX statements operacionais — formats CycloneDX/SPDX/SWID com escolha 2026 (CycloneDX 1.6+ com VEX nativo), geração no build (Dockerfile multi-stage + syft + cosign attest), anatomia CycloneDX com purl + dependency graph, VEX statuses com 9 NTIA-defined justifications (code_not_reachable, protected_at_perimeter, etc.), exemplo VEX completo, pipeline GHA integrada (syft → cosign → grype com --vex → Dependency-Track → OPA/Rego policy gate), SBOM diff entre releases, 6 anti-patterns observados (SBOM gerada uma vez, sem VEX virando alert fatigue, SBOM em S3 sem ingestão, justifications vazias, SBOM em dev workstation, cosign sem keyless OIDC).
edit framework/02-plataforma/02-04-react-deep.md §2.9.2, React 19 use() hook + cache() em RSC patterns — use() permite chamada conditional/em loop (impossível com hooks tradicionais), exemplo server component lendo promise, conditional use() em client com promise estável, cache() request-scoped resolvendo N+1 com 3 componentes batendo mesma cached promise, preload pattern fire-and-forget pra evitar waterfall, dashboard Logística completo com <Suspense> + cache() + use() streaming independente, 6 anti-patterns observados (use com promise inline em client, cache em client component, cache esperando cross-request, esquecer preload, mistura await+use(), key com objeto inline).
edit framework/04-sistemas/04-10-ai-llm.md §2.20, agentic patterns operacionais — 3 patterns que separam agent prod de protótipo: (1) planner-executor split (LLM gera JSON estruturado via Zod discriminated union, executor determinístico com budget cap + audit log), (2) critic loop (segundo LLM Haiku 4.5 valida output do planner Sonnet/Opus, retry ≤3 com errors como context, ~~70-80% das falhas resolvem), (3) tool selection com retrieval (vector search top-5 tools quando catalog > 20, fix degradação documentada Anthropic/OpenAI), pipeline end-to-end Logística (~~$0.04-0.08/session, p99 8-15s), 7 anti-patterns observados (single-LLM ReAct loop, critic mesmo modelo+prompt, sem budget caps, retrieval sem fallback fixed tools, audit sem latency por step, critic em loop infinito, esquecer logging de reasoning).

Décima-primeira onda do audit cross-stage. Foca em fronteiras onde Senior+ encontra peso operacional real — escolhas que custam meses se erradas e onde framework precisa código copy-paste-pronto, não conceito.

edit framework/03-producao/03-04-cicd.md §2.15, monorepo CI graph deep — comparação Turborepo / Nx / Bazel / Pants / Rush.js (modelo, hermetic, cache local/remoto, quando usar), 3 estratégias de affected detection (path-based com paths-filter, tool-based com turbo --filter='[origin/main]' + nx affected, Bazel target-based com bazel-diff), remote cache backends (Turbo open spec via Cloudflare Workers self-hosted, Nx Cloud, BuildBuddy/EngFlow com RBE), padrão Logística monorepo completo (estrutura + turbo.json + workflow GHA reduzindo CI 12min→90s), 4 caveats reais (cache hit rate como métrica primária, inputs implícitos quebrando cache, cache poisoning, cross-platform divergence).
edit framework/04-sistemas/04-12-tech-leadership.md §2.21, promotion Senior → Staff processo concreto — diferença operacional Senior vs Staff em 6 dimensões (Larson/Reilly), artifact requirements (2-3 cross-team projects com impact métrico, 3-5 ADRs lideradas, 1 RFC organizacional, 2-3 mentees promovidos, external signal, postmortem authoria, 5-10 endorsements), 30/60/90 day plan tipo após sinalizar intent ao manager, defense ritual de 30-45min com estrutura por bloco, anti-patterns que matam promo case (eu-fiz vs eu-liderei, métricas vagas, sem cross-team), quando NÃO buscar Staff (track fechado, quer 80% código, org instável), calibração emocional sobre promo ≠ valor pessoal.
edit framework/02-plataforma/02-19-internationalization.md §2.7 + §2.13, timezone edges + currency precision — half-hour/quarter-hour timezones (IST UTC+5:30, NPT UTC+5:45) que quebram filters por hour, DST spring-forward (timestamps inexistentes) e fall-back (ambíguos) com exemplos Brasil 2019, DST policy mudando + tzdata pin obrigatório em Dockerfile, recurring events como (rrule_text, tz_id) separados, padrão Luxon+Temporal API (TC39 Stage 3 2026); currency precision por ISO 4217 com 4 tipos (zero/two/three/four-decimal), toMinorUnits correto pra KWD/BHD/OMR (3 decimals), Intl.NumberFormat por locale, FX rate provider patterns com multi-provider fallback chain, settlement vs display (snapshot da rate dentro da transação), half-decimal/indexed currencies (CLF, UYI, XAU).
edit framework/02-plataforma/02-09-postgres-deep.md §2.7 + §2.7.1, partial index + JSONB indexing patterns — partial index quando vence (10M rows / 600MB → 50k / 3MB) com pegadinha de subset lógico no WHERE da query, audit em prod via pg_indexes; JSONB com jsonb_path_ops (containment-only, 2-3x menor), expression index sobre path conhecido (B-tree vence GIN em equality), composite expression+partial, gin_trgm_ops pra fuzzy em path, decision matrix por query pattern (containment/equality/fuzzy/key-exists/range com cast), caso real Logística events table com stack ótimo de 3 índices, 3 anti-patterns observados (single GIN cobrindo tudo, sem partial em time-series, B-tree em payload direto), maintenance com bloat audit + REINDEX CONCURRENTLY.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.19, hedging adaptive com backup-after-percentile — AdaptiveHedger TypeScript com TDigest pra estimar P95 dinâmico (substitui timeout fixo de 50ms hack), AbortController pattern pra cancelar replica losing, custo medido (5-10% extra requests) vs benefício real (Google Bigtable 2013: P99 lookup -30 a -43% sem aumentar load total), 5 anti-cases onde hedge HURTS (cache-warming, quorum reads cross-region, backend saturado, write não-idempotente sem dedupe, custo $$$ por request tipo Claude API), decisão pragmática por cenário (read replica ✅, LLM com cap+idempotency ⚠️, payment capture ❌, cache lookup ❌, cross-region ✅).

2026-05-01, Review wave 10 — execution patterns (dbt+Iceberg, step-up auth, Wasm prod, Suspense+ErrorBoundary, distributed cache invalidation)

Décima onda do audit cross-stage. Patterns de execução com código copy-paste-pronto pra Logística production.

edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.9, dbt + Iceberg pipeline real Logística — projeto estruturado (sources.yml + staging incremental com CDC dedup + intermediate + marts SummingMergeTree + tests + snapshots SCD2 + seeds), Iceberg em produção 2026 (multi-engine, time travel, schema/partition evolution, catalog Polaris emergente, compaction, vacuum), orquestração Dagster.
edit framework/02-plataforma/02-13-auth.md §2.8, step-up authentication completo — OIDC acr + amr + auth_time claims, middleware requireStepUp com policy por endpoint sensível (delete account exige acr 3 + max_age 5min + webauthn-only; update payout exige acr 2 + max_age 10min), frontend handling de 401 step_up_required com retry silencioso, CAEP emergente (continuous re-auth) + padrão pragmático antes (short-lived tokens + heartbeat + revocation list).
edit framework/03-producao/03-12-webassembly.md §2.6, Wasm produção real — Rust → wasm-pack pipeline completo (Cargo.toml otimizado pra size + lib.rs com wasm-bindgen + serde-wasm-bindgen), uso Next.js Client Component, bench real (100MB CSV: 12s JS → 800ms Wasm = 15x), Component Model + WIT bindings (Preview 2, future), Spin/Fermyon edge deploy, 5 caveats (boundary cost, DOM access, bundle size, async maturity, debug).
edit framework/02-plataforma/02-04-react-deep.md §2.8, Suspense + Error Boundaries em produção — hierarquia granular por widget (não 1 boundary global), retry com useQueryErrorResetBoundary (canonical React Query pattern), useTransition pra UI responsivo durante state mudança, useDeferredValue pra defer derivação cara, 6 pegadinhas em produção (event handlers + async, onReset sem reset query, boundary too broad, layout shift, streaming SSR error.tsx, Sentry integration).
edit framework/04-sistemas/04-09-scaling.md §2.5, distributed cache invalidation — 4 patterns em código (pub/sub broadcast Redis, CDC-based zero dual-write via Debezium → Kafka → cache-invalidator, versioned keys no-invalidation, tag-based Cloudflare-style), matriz de decisão por cenário, 3 anti-padrões (TTL longa "compensada", invalidate síncrono no path, sem observability).

2026-05-01, Review wave 9 — operational fluency (EXPLAIN forensic, cache stampede, IC rituals, OSS funding, jittered backoff)

Nona onda do audit cross-stage. Foca em fluência operacional — frentes onde dev mediano "sabe que existe" mas trava na hora de aplicar; código e templates production-ready.

edit framework/02-plataforma/02-09-postgres-deep.md §2.9, EXPLAIN ANALYZE forensic guide — workflow forense em 5 passos (identificar nó dominante, comparar rows estimado/actual, conferir Buffers, distinguir Filter vs Index Cond, comparar plano esperado), caso real Logística (query 4823ms → 0.4ms = ~12000x via composite + partial + INCLUDE index), 4 anti-patterns (EXPLAIN sem ANALYZE, otimizar por cost, CONCURRENTLY ausente, índice "pra todo filter"), ferramentas (explain.dalibo, depesz, pg_stat_statements, auto_explain).
edit framework/02-plataforma/02-11-redis.md §2.11, cache stampede protection completo — 4 patterns em código (Singleflight in-process, distributed lock com double-check + Lua atomic unlock, XFetch probabilistic refresh com beta tunable, stale-while-revalidate Cloudflare-style), matriz de decisão por cenário, anti-padrão de jittered TTL solo.
edit framework/03-producao/03-15-incident-response.md §2.6, IC playbook completo — first 15 minutes script (T+0 a T+15 com ações concretas), decision log template (What/Why/Risk/Reversal/Observed effect), nova §2.6.1 war-room rituals (pinned message, threaded discussions, voice channel paralelo, no silent investigation, timeboxing, eat/break protocol), 3 anti-patterns. §2.8 expandido com 4 templates concretos de status page (Investigating/Identified/Monitoring/Resolved) + customer email completo + 5 anti-patterns + canonical examples.
edit framework/04-sistemas/04-15-oss-maintainership.md §2.12, OSS sustainability deep — números reais 2026 por tier (hobby → hyperscaler-funded), reality check sobre burnout, dual-licensing armadilha legal (CLA mandatório vs DCO), 4 casos canônicos (Hashicorp BSL 2023 → OpenTofu fork, MongoDB SSPL 2018, Redis 2024 → Valkey, Sentry FSL sucesso), decisão pragmática por estágio de ARR.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.3, jittered exponential backoff implementação completa — TypeScript production-ready com decorrelated jitter (Marc Brooker AWS pattern 2015), comparação 3 estratégias (no jitter / full jitter / decorrelated), exemplo Logística com Stripe API + idempotencyKey + retryable error filter, 5 caveats que mordem em produção (idempotency obrigatório, Retry-After respect, layer-only retry, AbortSignal, jittered shutdown).

2026-05-01, Review wave 8 — staff rigor (refresh rotation, mutation testing, estimation, aggregate refactor, OLAP decision tree)

Oitava onda do audit cross-stage. Foca em rigor que separa Staff de Senior — execução defensável de patterns onde quem decide errado paga preço caro em produção.

edit framework/02-plataforma/02-13-auth.md §2.15, refresh token rotation com family-based replay detection (RFC 9700 BCP 2025) — schema Postgres com family_id + parent_jti + status, algoritmo atômico Postgres advisory lock, family invalidation em replay detection com security event, sliding vs absolute vs híbrido com cap, storage trade-off matrix (HttpOnly cookie / localStorage / in-memory + cookie / mobile keychain), detecção avançada (fingerprint check, geo-velocity, concurrent device cap).
edit framework/03-producao/03-01-testing.md §2.9, mutation testing com Stryker concretamente — config completa stryker.conf.json com incremental + thresholds, 9 operadores canônicos com exemplos (ArithmeticOperator, ConditionalExpression, EqualityOperator, etc.), interpretação de output (survived / killed / timeout / no coverage), 3 tipos de reação a survived mutants, anti-padrão da obsessão por 100%, threshold pragmático por tipo de código, onde rodar (PR-level / nightly / pre-release).
edit framework/04-sistemas/04-12-tech-leadership.md §2.12, estimation com data — matriz de decisão entre T-shirt / story points / 3-point PERT / NoEstimates com acurácia + tempo de cerimônia + quando, story points é mais caro não mais preciso em times novos (CMU research), erro sistemático 2x baixa de mediana (Hofstadter calibration), RICE pra priorização (não estimativa) com exemplo concreto Logística, planning poker variantes (async, magic estimation, bucket), comunicação de incerteza calibrada com 3 níveis.
edit framework/04-sistemas/04-06-domain-driven-design.md §2.8, aggregate design rules expandido com heurísticas concretas — 5 critérios em ordem de peso (invariant boundary, lifecycle, co-modificação, tamanho carregado, concurrency contention), 5 sinais de aggregate grande demais, caso real de refactor Logística (Order V1 anti-padrão com tracking pings dentro vs V2 com 5 aggregates separados), migração incremental sem big-bang, deploy reversível por passo.
edit framework/03-producao/03-13-time-series-analytical-dbs.md §2.15, decision tree analytics 2026 com 7 cenários — Postgres BRIN + matviews / TimescaleDB / ClickHouse / DuckDB embedded / BigQuery-Snowflake / Druid-Pinot real-time / lakehouse Iceberg + ClickHouse, com volume threshold + custo + curva de aprendizado + quando vira dor pra cada um. Matriz resumida por estágio Logística (v1 → v4) com recomendação específica.

2026-05-01, Review wave 7 — elite depth (Tokio internals, distributed rate limit, Apollo Router, BuildKit multi-arch, Server Actions)

Sétima onda do audit cross-stage. Profundidade técnica em frentes onde Senior+ precisa de rigor de elite — código de produção real, não demo de tutorial.

edit framework/03-producao/03-11-systems-languages.md §2.17, Tokio internals em profundidade — modelo de execução (tasks, reactor, scheduler, blocking), Pin e por que existe (state machine self-referential), Send vs !Send com exemplos compiláveis, holding lock across await como antipattern crítico (3 padrões de fix), function coloring custo real (block_on caveats), decisão runtime por workload, observability (tokio-console + tracing).
edit framework/04-sistemas/04-09-scaling.md nova §2.7.1, distributed rate limiting deep — comparação de 5 algoritmos (fixed window, sliding log, sliding counter, token bucket, leaky bucket), Lua script atomic completo pra sliding window log + token bucket, padrão Logística multi-tier com Retry-After + X-RateLimit headers, caveats em produção (Redis cluster slot tags, failover fail-closed vs fail-open, clock drift via redis.call('TIME')).
edit framework/04-sistemas/04-05-api-design.md §2.20, Apollo Router (Rust) deep — pipeline de query (parse → planner → execução → compose), exemplo de query plan Logística com _entities resolution, config TOML production-ready (timeouts por subgraph, retry, telemetry OTLP), caveats (N+1 cross-subgraph, schema evolution coordenada, composition errors, auth distribuído).
edit framework/03-producao/03-02-docker.md §2.6, BuildKit advanced — multi-arch builds (linux/amd64 + linux/arm64) com manifest list, ARM nativo runners GHA vs QEMU emulation, cache backends pra CI (registry, gha, s3) com mode=max vs min, secrets mount avançado (não vaza em layer/ARG/ENV), output formats (oci tarball, plain filesystem).
edit framework/02-plataforma/02-04-react-deep.md nova §2.9.1, Server Actions deep — modelo mental, exemplo Logística com 'use server' + Zod validation + RLS Postgres + revalidatePath, useActionState + useFormStatus + useOptimistic patterns, pegadinhas reais (encryption keys multi-instance, CSRF built-in, args serializáveis, validação server obrigatória, long-running actions com queue), quando NÃO usar Server Actions.

2026-05-01, Review wave 6 — applied patterns (CRDTs, hybrid search, deadline propagation, bulkhead, chaos)

Sexta onda do audit cross-stage. Foca em código real e patterns aplicados que separam Senior de Staff — temas onde o framework já tinha conceito mas faltava implementação executável Monday morning.

edit framework/04-sistemas/04-01-distributed-systems-theory.md §2.18 (CRDT), exemplo concreto Logística com Yjs — server (y-websocket + LeveldbPersistence) e client (provider + awareness + CodeMirror integration) pra notas colaborativas em pedido. Pegadinhas em produção (GC tradeoff, auth no upgrade, permissões custom message types, storage scaling, Yjs vs Automerge decision).
edit framework/02-plataforma/02-15-search-engines.md §2.7, hybrid search com código copiável: schema Postgres com tsvector + pgvector HNSW, SQL CTE de RRF (k=60 padrão Cormack), TypeScript Cohere Rerank com top-50→10. Custos e latências reais 2026 (10-30ms hybrid + 100-300ms rerank, $2/1k searches Cohere). Alternativa local com cross-encoder GPU.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.2, deadline propagation com pseudocódigo TypeScript completo — withDeadline, remainingMs, call com AbortController + reserva de buffer, handler gateway Logística cascateando deadline em 4 hops, X-Request-Deadline header, pegadinha de clock skew, implementations canônicas (gRPC context, OTel baggage, Anthropic SDK).
edit framework/04-sistemas/04-04-resilience-patterns.md §2.24, bulkhead per-tenant em código — pools dedicados por tier (premium 20 conns, standard 10, free 5) com timeouts e statement_timeout próprios, middleware de roteamento, métricas Prometheus por tier, variantes (read/write split, per-feature pools, queue worker isolation), anti-pattern do pool global compartilhado.
edit framework/03-producao/03-15-incident-response.md §2.11, game day prático com toxiproxy — setup Docker, 5 cenários Logística runnable (Postgres latency, Redis down, payment provider partition, mobile bandwidth limit, TCP slow close), bash script game-day automation com abort condition em error rate > 5%, postmortem template pós-game-day.

2026-05-01, Review wave 5 — industrial depth (CDC/Patroni, real-time scaling, DORA, embedded Rust, hardware bring-up)

Quinta onda do audit cross-stage. Refinamentos cirúrgicos de profundidade industrial onde aluno Senior+ precisa de rigor operacional concreto.

edit framework/02-plataforma/02-09-postgres-deep.md §2.13.1, aplicação concreta de CDC pra Logística v2→v3 (Debezium + outbox table + Postgres publication + transação atômica + slot lag monitoring com SQL queries + alertas Prometheus). Patroni HA com synchronous standby names e PgBouncer. Cruza com 04-02 e 04-03.
edit framework/02-plataforma/02-14-realtime.md §2.8, expansão real-time scaling com Soketi vs Centrifugo deep (matriz de modelo/protocolo/forte/limita), exemplo Soketi setup pra Logística, Centrifugo unique strengths (history buffer + presence + GRPC), sticky session cookie hash vs IP hash com pegadinha mobile carrier NAT, cardinality de canais (problema de 1M canais one-to-one), padrão Logística (tenant/courier/order channels), presence em escala.
edit framework/03-producao/03-04-cicd.md §2.16, DORA metrics deep — definição operacional + fonte + cálculo de cada métrica, implementação prática em GitHub Actions + Postgres (workflow YAML + SQL query weekly), categorias DORA 2024 (Elite/High/Medium/Low) com thresholds, comparação de tools (LinearB, Sleuth, Faros, DIY Grafana), 3 anti-padrões (otimizar deploy freq isolado, lead-time errado, vanity metrics). Cruza com 03-15 e 04-12.
edit framework/05-amplitude/05-07-embedded-iot.md §2.12, embedded Rust em profundidade — HAL trait pattern com exemplo vendor-neutral, no_std vs std vs std-com-allocator, async runtimes (embassy + RTIC + Tock OS comparados), embassy Logística firmware example, defmt logging compactado, probe-rs debugger universal, decisão Rust vs C em 2026.
edit framework/05-amplitude/05-08-hardware-design.md §4, bring-up day playbook — sequência de 6 etapas (pre-power inspection → power-up isolado → programming interface → periférico por periférico → connectivity stack → soak test) com tempo estimado e armadilhas; tabela de common failures com sintomas/causas/tempo médio até fix; skills críticos não-óbvios (datasheet completo, scope/logic analyzer, hot air rework). Calibração realista: 1-3 dias primeiro bring-up, 4-8 horas quando experiente.

2026-05-01, Review wave 4 — modern frontiers (edge, supply chain, AI ops, vector DBs, PWA)

Quarta onda do audit cross-stage. Foca em fronteiras modernas que faltavam profundidade adequada — temas onde o framework precisa estar em 2026, não em 2022.

edit framework/03-producao/03-09-frontend-performance.md, nova §2.6.1 "Edge functions e edge rendering, deep" — players (Cloudflare Workers, Vercel Edge, Deno Deploy, Lambda@Edge) com matriz de runtime/limites/cold start/pricing, constraints reais (sem Node APIs, sem long-running connections, memory cap, CPU bilhado), padrão arquitetural pra Logística (edge auth + rate limit, origin pra DB pesado).
edit framework/03-producao/03-08-applied-security.md §2.14, supply chain reescrito do zero — 6 camadas de threat (CVEs, dependency confusion, typosquatting, compromised maintainer estilo xz-utils 2024, build system compromise SolarWinds, registry compromise), SLSA 1-4 com critérios, Sigstore stack (cosign + Fulcio + Rekor) com keyless OIDC, SBOM (CycloneDX + SPDX + syft) com exemplo, in-toto attestations, stack mínimo defensável 2026 em 9 itens.
edit framework/03-producao/03-07-observability.md, nova §2.19 "AI Ops & LLM observability" — métricas únicas (per-call/per-conversation/per-eval/per-tool), failure modes únicos (hallucination, tool argument drift, cost spike, latency tail, quality drift silencioso), OpenTelemetry GenAI semantic conventions, comparação de 5 tools (LangSmith, Langfuse, Helicone, Phoenix, W&B/Weave), padrão de span hierárquico, eval automation offline+online com golden dataset, cost trap de tracing exhaustivo.
edit framework/04-sistemas/04-10-ai-llm.md §2.8 (vector DBs), matriz comparativa expandida com 8 entradas (pgvector, Qdrant, Weaviate, Milvus, Pinecone, Chroma, LanceDB, Vespa) com modelo, indexes, hybrid search, filter perf, ops, quando usar. Heurística pragmática 2026 + anti-padrão "Pinecone porque é fácil".
edit framework/02-plataforma/02-03-dom-web-apis.md, nova §2.12 "Service Workers e PWA" deep — lifecycle (install/activate/fetch/message/push/sync), 5 caching strategies em matriz (cache-first, network-first, SWR, network-only, cache-only) com Workbox exemplo, Web Push (RFC 8030 + VAPID) com flow completo, Background Sync vs Periodic Sync, install prompt + Manifest mínimo, pegadinhas reais (versioning, update flow, scope, iOS limitações), quando NÃO usar PWA.

2026-05-01, Review wave 3 — operational meta docs + 05-07/05-08 integration

Terceira onda do audit cross-stage. Foca em meta docs operacionais que estavam ausentes (operação reativa do estudo) + clarificação de relação entre módulos opcionais.

add framework/00-meta/TROUBLESHOOTING.md, padrões reais de falha durante o estudo organizados em 7 categorias (portões repetidos, cadência insustentável, problemas de modo A/B/D, capstone scope creep, output público estagnado, mentees esgotando, recovery). Cada padrão tem sintoma + diagnóstico + ação concreta. Referência primária quando aluno trava.
add framework/00-meta/PEER-REVIEW-PROTOCOL.md, operacional concreto pro Modo B do MENTOR.md. Composição de cohort, 3 ritos semanais (standup async, sessão técnica síncrona, paper club mensal), procedimento detalhado pra conduzir e receber portões, padrão de feedback honesto sem destruir relação, calibração externa trimestral anti-eco-chamber, anti-patterns observados, quando dissolver cohort.
edit framework/05-amplitude/05-07-embedded-iot.md §4, header explícito sobre relação com 05-08: 05-07 cobre lado firmware, 05-08 cobre lado hardware do mesmo dispositivo. MCU e sensors devem ser consistentes.
edit framework/05-amplitude/05-08-hardware-design.md §4, integração explícita com 05-07: PCB hospeda firmware do 05-07; bring-up valida ambos. Critério "use mesmo MCU/sensors" elimina retrabalho.
edit framework/00-meta/INDEX.md, contagem de metas atualizada (17→19, considerando RUBRIC já adicionado em wave 1); links pra TROUBLESHOOTING e PEER-REVIEW-PROTOCOL adicionados na seção de "Outros documentos vivos".

2026-05-01, Review consolidado + ajustes de profundidade

Audit cross-stage retornou 12 ações prioritárias. Aplicado em 2 ondas neste ciclo:

Onda 1 — estruturais e críticas:

add framework/00-meta/RUBRIC.md, critério explícito de pass/fail nos 3 portões com pesos por dimensão e exemplos. MENTOR.md §3 e INDEX.md atualizados pra apontar pra RUBRIC.
edit framework/04-sistemas/04-02-messaging.md §2.12, Outbox encurtado pra "lado messaging"; ownership do padrão completo movido pra 04-03 §2.8.
edit framework/01-fundamentos/01-04-data-structures.md §2.4, adicionados blocos "Hash function: cryptographic vs distribution" e "Consistent hashing (sharding distribuído)" — fecha gap pré-requisito de 04-09 e 02-11.
edit framework/04-sistemas/04-14-formal-methods.md §2.9, Lean 4 reposicionado como "emergente, não-production-default"; PBT (fast-check, Hypothesis, PropEr) elevado como entrada saudável antes de TLA+.
edit framework/01-fundamentos/01-14-cpu-microarchitecture.md §2.8, expandido com condições de auto-vectorization, AoS vs SoA com exemplo C, e custo invisível de AVX-512 frequency throttling.
edit framework/04-sistemas/04-05-api-design.md §2.17, webhooks com Idempotency-Key obrigatório, replay defense via timestamp, ordering caveat, referência a AsyncAPI spec.
edit framework/04-sistemas/04-08-services-monolith-serverless.md, nova §2.19 Multi-tenancy (Pool/Bridge/Silo, RLS exemplo, noisy neighbor mitigations, game day Logística); §2.20 com critérios objetivos de extração.
protocol MENTOR.md §3, ponteiro adicionado pra RUBRIC.md.

Onda 2 — quantificação 2026 e rebalanceamentos:

edit framework/03-producao/03-03-kubernetes.md §2.15, Service Mesh expandido com matriz Istio/Linkerd/Cilium/Istio Ambient (overhead, decisão por número de services); §2.18.1 (Alternativas a K8s) movido pra README do estágio.
edit framework/03-producao/README.md, nova seção "Quando NOT usar K8s" com tabela completa de alternativas (ECS, Nomad, Fly.io, Cloud Run, Kamal), heurística por tamanho de time, e mito vs realidade. Apresentada antes do módulo 03-03 pra evitar K8s por default.
edit framework/04-sistemas/04-09-scaling.md §2.13, observability cost quantificado (Datadog, CloudWatch, OTel self-hosted) com padrões obrigatórios (head/tail-based sampling, retention tiers); §2.14 com tabela de categorias de custo AWS típicas e ordem de ataque pra cortar conta; §2.16 com números reais de WebSocket connections per server (100k-500k tuning, 1M+ benchmarks Soketi/Centrifugo).
edit framework/04-sistemas/04-10-ai-llm.md §2.14, self-hosted inference com espectro completo (Ollama → llama.cpp → vLLM → SGLang → managed open-weights), quantização GGUF, LoRA/QLoRA pricing; §2.16 com cálculo concreto de prompt caching savings (Sonnet 4.6 system prompt 5k tokens, 90% hit = $40k/mês de economia), model tiering, batch API; §2.17 com tabela TTFT/throughput, streaming UX, parallel tool calls.
ref framework/00-meta/reading-list.md, anos de edição adicionados em livros canônicos (CS:APP 3rd 2015, CLRS 4th 2022, SICP JS 2022, Effective TS 2nd 2024, Serious Cryptography 2nd 2024); RFCs novos referenciados (RFC 9700 OAuth BCP 2025, WebAuthn L3 2024); AI Engineering (Chip Huyen 2024) substituiu "Building LLM Applications" como referência canônica; Postgres 16 Internals + DDIA 2nd ed beta sinalizados; MCP spec adicionado.

2026-04-28, Content gap fill: 24+ subseções novas em 16 módulos

Expansão de conteúdo cobrindo gaps detectados em audit interno. Tópicos atualizados pra 2025-2026 reality.

Fundamentos (4 módulos):

01-02: §2.4.1 schedulers modernos (CFS→EEVDF Linux 6.6+, Windows Thread Director, hybrid CPUs P/E cores).
01-03: §2.6.1 QUIC deep, UDP user-space, 0-RTT replay attack, connection migration, custos vs TCP.
01-11: §2.17 modelos de concorrência comparados, CSP/Go vs Actors/Erlang vs async-await/Rust com tabela e quando usar cada.
01-12: §2.15 reescrito, NIST PQ standards 2024 (FIPS 203/204/205), TLS hybrid X25519MLKEM768, "harvest now decrypt later".

Plataforma (5 módulos):

02-04: §2.7 React Compiler deep, modelo mental novo, rules of React, bail-out behavior, migrações práticas.
02-07: §2.17 Node vs Bun vs Deno comparação real 2026, tabela de decisão, pegadinhas, veredicto pragmático.
02-09: §2.13.1 logical replication uso real (CDC, zero-downtime upgrade, pegadinhas) + §2.14 Postgres 17/18 features.
02-13: §2.9 Passkeys/WebAuthn deep, synced vs device-bound vs roaming, server flow, pegadinhas, migration strategy.
02-14: §2.14 WebTransport deep, modelo, API client, quando vs WebSocket, server libs 2026.

Professional (6 módulos):

03-03: §2.18 operators pattern + §2.18.1 alternativas a K8s (ECS, Nomad, Fly, Railway, Cloud Run, Kamal) com heurística pragmática.
03-05: §2.3.1 VPC deep, TGW, PrivateLink, egress VPC, IPv6, custos esquecidos. + §2.19 FinOps + §2.20 Sustainability.
03-07: §2.16 eBPF observability deep, tools 2026 (Pixie, Tetragon, Parca, Cilium, Coroot, bpftrace, Beyla), quando vale.
03-08: §2.17.1 privacy engineering, tokenization, field encryption, RTBF real, differential privacy, k-anonymity, antipatterns.
03-10: §2.19 perf JVM/.NET/Go, JIT tiers, GCs, AOT, virtual threads, comparação cross-runtime.
03-15: §2.11 chaos engineering tooling deep, Litmus, Chaos Mesh, Gremlin, FIS, Pumba; tipos de injeção; maturity ladder.

Senior (5 módulos):

04-01: §2.18 CRDT deep, famílias (CvRDT/CmRDT/delta), Yjs/Automerge, limitações, quando usar.
04-02: §2.7 Pulsar/Redpanda/NATS JetStream deep com tabela de decisão.
04-05: §2.13 tRPC + Connect-RPC, comparação com gRPC clássico e REST, quando escolher.
04-13: §2.2.1 streaming SQL incremental, Materialize, RisingWave, vs Flink.
04-14: §2.7-2.9 reescritos, P language, Alloy, Lean 4 (mathlib4, Cedar) deep.

Staff (3 módulos):

05-04: §2.7.1 must-read papers list, 35 papers ordenados por estágio (Plataforma→Staff→Foundations→Data/ML).
05-05: §2.2.1 YouTube/podcast como medium, formatos, setup, cadência, quando NÃO usar.
CAPSTONE-amplitude: Track G, AI Infrastructure Engineer (vLLM, training pipelines, vector DBs prod, evals, GPU cost).

Cross-cutting:

STUDY-PROTOCOL §17: Quarterly Review template com cadência fixa, 3 perguntas brutais, sinais de burnout.
SPRINT-NEXT entries SN-054 a SN-064 documentando gaps remanescentes (Anki decks, solution sketches, mock interviews, AI Infra track curriculum, etc.).

2026-04-28, Site público em apps/site/

add: apps/site/, Next.js 16 + React 19 + Tailwind 4 + Framer Motion. Mesma stack/visual do MyPersonalWebSite.
add: 12 rotas (/, /stages, /stages/[stage], /modules/[id], /progress, /now, /index, /library, /glossary, /docs/[slug], /about, /api/health).
add: Dockerfile multi-stage standalone + railway.json apontando pro app. Healthcheck em /api/health.
add: LICENSE CC BY-NC 4.0.
add: scripts/validate-content.mjs, pre-build validation hook (frontmatter + prereqs + links + line count). Flags --strict/--quiet/--json.
add: DECISION-LOG DL-018 documentando decisão de monorepo (site dentro do FATHOM).
add: SPRINT-NEXT entry SN-053 done.
edit: site lê framework/*.md + raiz .md via fs/promises. Single source of truth: edição segue sendo git commit no Markdown.
Features: CMD+K palette, mermaid render do DAG, library curada, glossary com search, prev/next nav, reading time, breadcrumbs, mobile menu, prefers-reduced-motion, OG images via next/og.

2026-04-28, Refactor: protocolo agnóstico de mentor + atribuição autoral única

remove: CLAUDE.md raiz (versão dependente de ferramenta específica). Conteúdo migrado/generalizado em MENTOR.md.
edit: MENTOR.md reescrito com 4 modos de mentor, A (self), B (peer/cohort), C (suplemento opcional de produtividade, sob restrições), D (hybrid recomendado). Sem nomear ferramentas específicas.
edit: limpeza de referências a ferramentas/fornecedores de IA específicos em todo o repo (README.md, PROGRESS.md, STUDY-PROTOCOL.md, capstones, metas). Linguagem agnóstica ("o mentor", "você", voz passiva). Referências técnicas legítimas em 04-10 (módulo sobre LLM systems), elite-references e reading-list (recursos de estudo) preservadas.
edit: RELEASE-NOTES.md, seção "Agradecimentos" substituída por "Autoria" (Nicolas De Nigris, único autor; síntese baseada em fontes canônicas).
add: DECISION-LOG.md DL-017, atribuição autoral única; ferramentas usadas no processo são instrumento, não co-autor.
edit: DECISION-LOG.md DL-005 reescrito como "Mentor flexível com modos self / peer / suplemento opcional"; entries que mencionavam ferramenta específica generalizadas.
edit: INDEX.md, contagem de raiz ajustada pra 4 arquivos (README, MENTOR, PROGRESS, STUDY-PROTOCOL); CLAUDE.md removido das listas.
protocol: protocolo de mentoria agora é agnóstico, disciplina e rigor independem da ferramenta usada.

2026-04-28, v1.0 SHIPPING

add: 00-meta/RELEASE-NOTES.md, marco de v1.0 shipping-ready. Documenta o que está pronto, limitações reconhecidas, como começar, filosofia.
add: 00-meta/STUDY-PLANS.md, 7 templates de plano por cenário (full-time, part-time, weekend, bootcamp grad, Senior→Staff, career switcher, executive).
edit: SPRINT-NEXT.md, SN-007 fechado com audit results dos restantes módulos shallow. Decisão: aprofundamento adicional triggered por uso real, não preemptivamente.
status: framework atinge versão 1.0: base estável shipping-ready. Modificações futuras são incrementos sobre essa base.

2026-04-28, Sprint 1 batch 1: Depth Leveling em 6 módulos

edit: 01-04 Data Structures, +10 subseções (B-Tree variants, persistent DS, cache-oblivious, skip list deep, HAMT, LSM-Tree, Bloom math, adjacency variants, Trie variants, Union-Find).
edit: 01-15 Math Foundations, +8 subseções deep (linear algebra concrete, probability cases, info theory, graphs com complexity, numerical, LA code, optimization, probabilistic DS math).
edit: 02-02 Accessibility, +4 subseções (WCAG 2.2 critérios, ARIA APG patterns, manual audit checklist, Brasil regional context).
edit: 02-05 Next.js, +8 subseções (Server Components mental model, RSC payload, streaming deep, Server Actions revalidation/optimistic/transitions, Edge runtime, ISR cache invalidation, Turbopack vs Webpack, errors/instrumentation).
edit: 04-05 API Design, +7 subseções (GraphQL Federation v2, gRPC streaming bidirectional, BFF, API gateway, Stripe versioning, RFC 7807, comparison side-by-side).
edit: 04-04 Resilience Patterns, +9 subseções (hedging, adaptive concurrency, backpressure formal, token/leaky bucket math, circuit breaker state machine, bulkhead concrete, failover, chaos engineering, failure budget).
gap encerrado: profundidade desigual no batch identificado em DL-014. Sprint 1 batch 1 entregou 1100+ linhas adicionais nos 6 módulos prioritários. SN-007 audit dos restantes pendente pra batch 2.
Done log atualizada em SPRINT-NEXT.md.

2026-04-28, Sprint 0.5: Roadmap, Codebase Tours, Stack Comparisons

add: 00-meta/SPRINT-NEXT.md, backlog de aprofundamento priorizado (Sprints 1-6), com IDs SN-001 a SN-052.
add: 00-meta/CODEBASE-TOURS.md, 20 guided reading tours de repos canônicos (V8, Postgres, Redis, libuv, React, CockroachDB, K8s scheduler, Linux kernel, Kafka, TigerBeetle, Bevy ECS, Stripe SDK, TLA+ Examples, Tokio, Caddy/nginx, Excalidraw, SQLite, io_uring, Bun, Anthropic Cookbook).
add: 00-meta/STACK-COMPARISONS.md, mapeamento cross-stack (Node, Java, Python, Ruby, Go, .NET, PHP, Rust, Elixir) cobrindo backend frameworks, concurrency, auth, ORM, testing, observability, deploy, perf, real-time, frontend, mobile, AI/LLM. Reduz bias Node/Postgres do framework.
edit: DECISION-LOG.md, DL-014 (profundidade desigual aceita), DL-015 (multi-stack via comparisons), DL-016 (codebase tours como complemento). Pending questions referenciadas a SPRINT-NEXT IDs.
edit: MENTOR.md §7 + INDEX.md, referências às 3 metas novas adicionadas.
gap reconhecido: depth leveling de 01-04, 01-15, 02-02, 02-05, 04-04, 04-05 ficou em SPRINT-NEXT Sprint 1 (SN-001 a SN-006); não executado neste batch.

2026-04-28, Foundation, Stage 5, Niche specialties, Meta consolidation

add: Stage 5, Staff/Principal completo (05-01-05-07 + CAPSTONE-amplitude + README).
add: 16 módulos novos cobrindo lacunas conceituais e domain breadth:
- Fundamentos: 01-11 Concurrency Theory, 01-12 Cryptography Fundamentals, 01-13 Compilers & Interpreters, 01-14 CPU Microarchitecture, 01-15 Math Foundations.
- Plataforma: 02-15 Search Engines & IR, 02-16 Graph Databases, 02-17 Native Mobile, 02-18 Payments & Billing, 02-19 i18n / l10n.
- Professional: 03-13 Time-Series & Analytical DBs, 03-14 Graphics/Audio/Codecs, 03-15 Incident Response, 03-16 Estimation & Planning, 03-17 Accessibility Testing, 03-18 Cognitive Accessibility.
- Senior: 04-13 Streaming & Batch, 04-14 Formal Methods (TLA+), 04-15 OSS Maintainership, 04-16 Product/Business/Unit Economics.
- Staff specialties: 05-08 Hardware Design, 05-09 Bioinformatics & Scientific Computing, 05-10 Game Development Pipeline.
add: meta files completos:
- 00-meta/INDEX.md, mapa global com DAG.
- 00-meta/CAPSTONE-EVOLUTION.md, Logística v0→v1→v2→v3→v4.
- 00-meta/GLOSSARY.md, termos técnicos canônicos.
- 00-meta/MODULE-TEMPLATE.md, template oficial.
- 00-meta/SELF-ASSESSMENT.md, questionário de calibração inicial.
- 00-meta/CHANGELOG.md, este arquivo.
- 00-meta/INTERVIEW-PREP.md, mapping módulos → entrevistas tier-1.
- 00-meta/ANTIPATTERNS.md, anti-patterns cross-cutting.
- 00-meta/DECISION-LOG.md, decisões de design do próprio framework.
add: README.md raiz com overview, FAQ, próximos passos.
protocol: STUDY-PROTOCOL.md §12-§16 adicionados, spaced re-test, paper reading, public capstone, cohort/peer, journal de descobertas.
edit: PROGRESS.md, todas tabelas refletem módulos novos; novos logs (Spaced Re-Test Log, Paper Reading Log, Journal, Public Output Tracking, Mentorship Tracking) e seção Personal Stack.
edit: MENTOR.md §7 atualizado com 5 estágios e contagens corretas; protocolos transversais documentados.
edit: cada stage README com novos módulos e trilhas paralelas atualizadas.
ref: elite-references.md expandido com repos novos por módulo (Crafting Interpreters, parking_lot, libsodium, perf, NumPy, Meilisearch, OpenSearch, pgvector, Memgraph, AGE, Stripe SDK/CLI, Swift evolution, Compose, FormatJS, i18next, Yjs, ClickHouse, TimescaleDB, DuckDB, deck.gl, ffmpeg, axe-core, Pa11y, Flink, Spark, dbt-core, Iceberg, etcd raft, TLA+ Examples, FastAPI, build-your-own-x, Excalidraw, Zephyr, ESP-IDF, embedded-hal). Indivíduos novos: Tanya Reilly, Patrick McKenzie, Dan Luu, Sara Soueidan, Adrian Roselli, Murat Demirbas, Chip Huyen, Lara Hogan, Gergely Orosz, Preshing.
ref: reading-list.md expandido com livros canônicos por todos os módulos novos + papers foundational adicionados (PageRank, End-to-End Arguments, Tail at Scale, Architecture of a Database System, C-Store, Spanner, Byzantine Generals, FLP, AWS Formal Methods).
prereqs explícitos por módulo novo (ver INDEX.md).

2026-04-28, Initial framework

add: Foundation, MENTOR.md, PROGRESS.md, STUDY-PROTOCOL.md.
add: framework/00-meta/elite-references.md e reading-list.md (versão inicial).
add: Estágio 1: Fundamentos (01-01-01-10 + CAPSTONE-fundamentos + README).
add: Estágio 2: Plataforma (02-01-02-14 + CAPSTONE-plataforma + README).
add: Estágio 3: Produção (03-01-03-12 + CAPSTONE-producao + README).
add: Estágio 4: Sistemas (04-01-04-12 + CAPSTONE-sistemas + README).

Como manter

Sempre que tocar arquivo do framework:

Adicione 1 linha em formato ### YYYY-MM-DD, descrição curta.
Lista bullets de mudanças com tipo prefix.
Não edite linhas antigas (append-only).
Para mudanças triviais (typo fix, link ajustado), agrupe em entry semanal/mensal.

Se quebrou contrato (renomeou módulo cited em outros, mudou prereqs, mudou semantic de portão), documente impact e migration:

### 2026-XX-XX, Renamed 01-02 → 01-02-os-internals
- **rename**: 01-02-operating-systems.md → 01-02-os-internals.md.
- **migration**: 12 cross-references em outros módulos atualizadas.
- **migration**: PROGRESS.md, INDEX.md, stage README atualizados.

Daqui a 1 ano, este arquivo é o único jeito de saber o que mudou e quando.

Histórico append-only

Changelog

CHANGELOG, Mudanças no Framework

Registro append-only de mudanças no framework. Module added/renamed/removed, prereqs alterados, capstones revisados, protocolos atualizados, referências canônicas adicionadas.

Não é changelog de produto Logística (esse é seu repo separado). É changelog do próprio framework como artefato.

Formato: [YYYY-MM-DD] | tipo | descrição em ordem cronológica reversa (mais recente no topo).

Tipos:

add: módulo, capstone, meta, protocolo novo.
edit: conteúdo alterado em arquivo existente.
rename: arquivo renomeado.
remove: arquivo deletado.
prereqs: dependências de módulo alteradas.
capstone: escopo de capstone alterado.
protocol: STUDY-PROTOCOL ou MENTOR.md alterado.
ref: adição em reading-list ou elite-references.

2026

2026-05-01, Review wave 29 — runtime, resilience, supply chain (Node profiling deep, Postgres JSONB advanced, chaos engineering practices, OSS supply chain Sigstore, Apache Flink stateful)

edit framework/02-plataforma/02-07-nodejs-internals.md §2.19, performance profiling deep — clinic.js, 0x flamegraphs, V8 deopts, heap snapshots — profiling stack 2026 (clinic.js 13+ NearForm Doctor + Bubbleprof + Flame + Heap; 0x 5+ single-tool flamegraph; node --inspect Chrome DevTools; --cpu-prof / --heap-prof built-in; Pyroscope/Parca continuous; autocannon NearForm load); clinic.js workflow Doctor-first investigation (categorizes EventLoop/GC/IO/CPU + recommends next tool); 0x flamegraph reading (width ∝ CPU; depth call stack); V8 deoptimization detection (--trace-deopt; common causes polymorphic call sites + try/catch hot loops + arguments + with/eval + prototype mutation); pattern Logística fix polymorphic deopt monomorphic interface PricedItem; heap snapshots memory leaks (v8.writeHeapSnapshot + --heapsnapshot-near-heap-limit; 2-snapshot comparison view; retention path GC root); continuous profiling production Pyroscope (~1-2% CPU overhead; aggregated flamegraphs UI; diff over time); profiling production safely (sampling vs tracing; single instance behind LB drain; avoid synthetic dev data); investigation real Logística (orders endpoint p99 100ms → 800ms post v3.4; clinic Doctor → event loop blocking; Flame → JSON.parse 60% CPU; refactor selective fields; p99 back 95ms; Pyroscope continuous catches v3.5 within 1h); 10 anti-patterns observados.
edit framework/02-plataforma/02-09-postgres-deep.md §2.22, JSONB advanced patterns — jsonpath, GIN indexes, expression indexes, jsonb_path_query 2026 — JSONB vs JSON vs schema (JSONB binary parsed once + indexed; JSON text preserves order slow parse; schema wins known fields; hybrid structured + JSONB extras 80% time); JSONB column setup Logística orders.metadata variable data; JSONB operators Postgres 16+ (-> -> > #> #>> @> <@ ? ?| ?&); GIN indexes jsonb_ops default vs jsonb_path_ops smaller 30% (decision matrix por query patterns); expression indexes index specific path (metadata->>'source'); jsonb_path_query Postgres 12+ mature 2026 SQL/JSON path language (@? path exists + @@ path predicate + jsonb_path_query function + jsonb_path_query_first); JSONB updates partial paths (jsonb_set + concat array + remove key + nested remove #-; atomicity via SELECT FOR UPDATE); performance considerations (TOAST > 2KB rewrite expensive; cap < 2KB hot tables; GIN write 5-30% slowdown; 10M-row @> com GIN ~1-5ms vs sequential ~1-10s); JSONB validation via CHECK enforce schema partial; stack Logística (orders.metadata + GIN jsonb_path_ops + expression index source + jsonb_path_query analytics + CHECK source enum + audit_log JSONB-only details); 10 anti-patterns observados.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.29, chaos engineering practices — Gamedays, ChaosMonkey/Toxiproxy, FIS, blast radius management — why chaos engineering (hypothesis unknown failure modes; Netflix Chaos Monkey 2010; Principles of Chaos manifesto 2014; SRE standard 2026); hierarchy L0-L4 (manual tabletop → controlled gameday → automated game days → continuous chaos → production chaos Netflix-tier); tools 2026 (Chaos Monkey legacy; AWS FIS managed; Gremlin commercial; Litmus CNCF K8s-native CRDs; Chaos Mesh CNCF; Toxiproxy Shopify network-layer integration tests; PowerfulSeal); Toxiproxy pattern Logística integration tests completo (latency 500ms + jitter; disable Redis test fallback memory cache); AWS FIS experiment template JSON Logística terminate 1 EC2 ordersAsg + stop conditions CloudWatch alarm; K8s chaos via Litmus YAML pod-delete 20%; gameday playbook (pre 1 week define hypothesis + blast radius + stop criteria + notify ops + identify observers; day 30min preflight + single failure first + 15-30min observe + halt criteria + deliberate rollback; post document findings + action items P0/P1 Linear); blast radius management (staging-first; single dimension; smallest scope first; time-bounded auto-rollback; reversible failures preferred; observed full monitoring); programa Logística Q1-Q4 trimestral (Toxiproxy CI integration → monthly staging gameday → AWS FIS continuous staging → first production gameday); common findings (cascade failures + retry storms + connection pool starvation + timeout > caller + missing fallbacks + health check too strict); 10 anti-patterns observados.
edit framework/04-sistemas/04-15-oss-maintainership.md §2.19, OSS supply chain security — Sigstore, OIDC trusted publishers, SBOM, provenance attestations — supply chain attacks 2020-2026 timeline (SolarWinds 2020 18k orgs; event-stream 2018; Log4Shell 2021; 3CX 2023; xz-utils 2024 3-year social engineering; pattern trust chain breaks); Sigstore keyless signing (OIDC-based GitHub Actions/Google OAuth; Cosign CLI + Fulcio CA short-lived 10min certs + Rekor transparent log); GitHub Actions Sigstore signing pattern YAML completo (id-token: write OIDC + npm publish --provenance flag npm 9.5+); Cosign for container images (sign keyless OIDC + syft SBOM + cosign attest CycloneDX + verify-attestation); SBOM (CycloneDX OWASP vs SPDX Linux Foundation; Syft + CycloneDX CLI + SPDX SBOM generator; vulnerability scan + license audit + executive order 14028 mandates); OIDC trusted publishers npm + PyPI 2024+ (registry verifies OIDC token directly; no secret needed; even repo compromise can't publish from arbitrary workflow); aplicação Logística @logistica/idempotency-kit (release pipeline OIDC + npm provenance + cosign sign + SBOM CycloneDX attested + trusted publisher tags only + npm audit signatures consumers); SLSA framework levels (L0 no requirements; L1 documented + provenance; L2 hosted build + signed provenance; L3 hardened auditable; L4 reproducible 2-person review; 2026 industry target L2 minimum); continuous vulnerability scanning (Grype/Trivy/Snyk static + VEX false positives + Dependabot/Renovate auto-PR); 10 anti-patterns observados.
edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.19, Apache Flink stateful streaming deep — watermarks, savepoints, CEP, exactly-once — Flink vs Kafka Streams vs Spark Streaming decision (Flink dedicated runtime sub-millisecond complex state; Kafka Streams library Kafka-only Java simpler; Spark micro-batch 100ms-2s polyglot ML pipelines); Flink core concepts 2026 (DataStream API typed; Table API + SQL; State ValueState/ListState/MapState keyed RocksDB; Watermarks event-time progress; Checkpoints periodic snapshots S3/HDFS recovery; Savepoints manual upgrades preserve state); watermark fundamentals (event time vs processing time; W(t) assertion; late events dropped or side output; allowed lateness grace); watermark generation Java (BoundedOutOfOrderness Duration.ofSeconds(30) com Logística courier ping device; MonotonousTimestamps faster but error-prone); stateful operators with keyed state (CourierIdleDetector KeyedProcessFunction completo Java com ValueState lastPingTime + event-time timer 10min; sinkTo alertsSink); CEP Complex Event Processing patterns (Logística fraud detection 3 cancellations within 5min Pattern.begin/followedBy/within); exactly-once semantics Flink + Kafka 2PC (pre-commit + commit after checkpoint + recovery from last checkpoint; transactionTimeout < transaction.max.timeout.ms); savepoints upgrade with state (flink savepoint + cancel + run -s restore; operator UID required state migration; schema evolution Avro/JSON Schema); stack Logística (Kafka source + 4 Flink jobs CourierIdleDetector + FraudPatternDetector CEP + OrderJoinEnrichment + RealtimeMetrics → ClickHouse; RocksDB state backend + S3 checkpoints 60s + savepoints nightly + 3-node TaskManager K8s ~$300/mês); 10 anti-patterns observados.

2026-05-01, Review wave 28 — advanced craft (React Compiler + state mgmt 2026, Lambda runtime + EventBridge, zero trust + mTLS service mesh, LLM eval + fine-tuning, graph algorithms applied)

edit framework/02-plataforma/02-04-react-deep.md §2.14, React Compiler (RC) + state management 2026 — Zustand vs Jotai vs Valtio vs Redux Toolkit — React Compiler stable 2024+/2025 default-enabled em Next.js 15+ Remix 2026 (auto-memoization compiler detects pure components/values; auto-wraps memo/useMemo/useCallback equivalents; 90%+ manual annotations become unnecessary; migration via Babel plugin + codemod); configuration Next.js 15+ experimental.reactCompiler true + babel-plugin-react-compiler; what RC does (tracks dependencies; component memoization auto + stable callbacks); what RC does NOT (side effects useEffect; useSyncExternalStore; async; refs/forwardRef; eslint-plugin-react-compiler flags Rules of React violations); state management 2026 landscape (useState/useReducer + Context API + Zustand 5+ ~3KB selector hooks + Jotai 2.10+ atoms granular + Valtio 2+ proxy mutate-style + Redux Toolkit 2 enterprise + TanStack Query 5.60+ server state); Zustand pattern Logística completo (devtools + persist + selector); Jotai pattern (atoms + atomWithStorage + derived auto-computed); Valtio pattern (proxy mutate + useSnapshot); decision matrix por bundle/API style/devtools; server state vs UI state separation (TanStack Query for server; Zustand/Jotai for UI; anti-pattern storing server data em Redux/Zustand sem invalidation); stack Logística (TanStack Query orders/couriers/dashboard; Zustand stores per feature; Jotai theme/locale/sidebar; React Compiler enabled removed 80% manual memos via codemod); 10 anti-patterns observados.
edit framework/03-producao/03-05-aws-core.md §2.22, Lambda runtime tuning + EventBridge schemas + Step Functions vs Lambda choreography — Lambda runtime decision 2026 (Node 22 LTS + JIT warmup ~50-100ms; Python 3.13 data/ML; Java 21 SnapStart cold start ~200ms was 2-5s; Go via custom runtime ~50-100ms; Rust cargo-lambda 10-30ms smallest binary; Bun experimental); cold start optimization (memory = vCPU proportional; Power Tuning Step Function sweet spot; Provisioned Concurrency pre-warmed; SnapStart 10x faster); Lambda function URL vs API Gateway HTTP API v2 $1/1M; Lambda Powertools production-grade utilities (structured logging + tracing + metrics + idempotency middy stack) com pattern Logística; EventBridge fundamentals (event bus + rules pattern → targets; Schema Registry auto-generate code bindings; Archive + Replay 14d-1y); schema-first event design Logística OrderPlaced versioned; EventBridge Pipes 2022+ (source → filter → enrich → target); Step Functions vs Lambda choreography decision tree; Step Functions ASL JSON Logística order saga completo (ReserveInventory + ChargePayment + AssignCourier + compensation Catch); Express vs Standard cost ($25/M Express vs $0.025/1k Standard); stack Logística serverless ($50-200/mês 10k orders/dia); 10 anti-patterns observados.
edit framework/03-producao/03-08-applied-security.md §2.22, zero trust architecture + mTLS service mesh (SPIFFE/SPIRE, Istio, Linkerd) production — Zero Trust NIST SP 800-207 (every request authenticated + authorized "never trust always verify"; Google BeyondCorp 2014 pioneered; standard cloud-native enterprises 2026); workload identity SPIFFE/SPIRE CNCF graduated 2022 (SPIFFE ID URI; SVID X.509/JWT; attestation auto K8s ServiceAccount/AWS instance role; rotation 1h auto); mTLS deep (mutual TLS confidentiality + authenticity intra-service; service mesh sidecar proxy transparent vs app-level boilerplate); service mesh comparison 2026 (Istio Envoy heavy ~5-10ms p99; Linkerd Rust micro-proxy light ~1-2ms; Cilium eBPF kernel-level; AWS App Mesh; Consul Connect); Linkerd setup simplest path completo (linkerd install + annotate namespace inject); Istio AuthorizationPolicy cross-service authz default deny + explicit allow ServiceAccounts; Network Policies K8s + Cilium L7 HTTP path filtering; zero trust user-side BeyondCorp model (Cloudflare Access/Pomerium/AWS Verified Access; SSO; device posture; continuous verification); stack Logística (K8s + Linkerd auto mTLS; AuthorizationPolicy; Cilium L3/L4 + L7; API Gateway edge OAuth2; PostgreSQL sslmode=verify-full + IAM auth); 10 anti-patterns observados.
edit framework/04-sistemas/04-10-ai-llm.md §2.22, LLM evaluation deep + fine-tuning decision tree (LoRA, PEFT, RLHF) — when each wins 2026 — eval hierarchy 6 levels (L0 eyeball; L1 golden dataset regression threshold; L2 LLM-as-judge; L3 online eval 1-5% async; L4 human review panel weekly; L5 A/B test); eval frameworks 2026 (RAGAS Python; DeepEval pytest; Promptfoo CLI YAML; OpenAI Evals; LangSmith; Phoenix); Promptfoo example completo Logística intent classification + assertions; fine-tuning decision tree (NÃO se < 1000 examples + prompt não exhausted + general; SIM se specific output format + domain language + latency/cost-critical); techniques (full FT $1k-100k; LoRA 1% params $10-100; QLoRA 4-bit consumer GPU; PEFT umbrella; DPO simpler RLHF); OpenAI/Anthropic fine-tuning APIs (gpt-4o-mini ~$3/1M training tokens + 2x base inference); self-hosted LoRA Llama Python completo (transformers + peft + trl; 70B 1x H100 80GB; 4-bit 1x A100 40GB; ~$5-50 per run); decision Prompt eng vs RAG vs Fine-tune (prompt first 80%; RAG current/specific; fine-tune structured output + cost/latency); Logística applied (golden 300; CI gate regression > 2% block; online 5% async; intent classifier fine-tuned gpt-4o-mini 5k labeled → 5x cost + 200ms vs 800ms); 10 anti-patterns observados.
edit framework/02-plataforma/02-16-graph-databases.md §2.17, graph algorithms applied (PageRank, community detection, shortest path, fraud rings) — why graph algorithms (SQL recursive CTEs wall beyond 3 hops + 100k nodes; scale millions + complex traversals); tools 2026 (Neo4j GDS 60+ algorithms; Memgraph MAGE OSS; Apache AGE Postgres immature; NetworkX Python <100k; GraphFrames Spark distributed billions; TigerGraph enterprise); PageRank Logística most influential lojistas + dampingFactor 0.85; community detection (Louvain hierarchical + Label Propagation faster + Leiden improvement); pattern courier collaboration clusters; shortest path Dijkstra weighted + Yen's k-shortest top-K alternative routes; fraud detection cycle finding com depth limit; pattern referral fraud rings 3-cycle; centrality (betweenness bridges + closeness + eigenvector); link prediction (Common Neighbors + Adamic-Adar); pattern courier-courier collaboration suggestions; GraphRAG 2024+ (entity + relationship extraction + traverse graph enrich LLM; Microsoft OSS); stack Logística (Neo4j 5.x + GDS; recommendation PageRank + Common Neighbors; fraud nightly cycle + Louvain; route Yen's; Aura ~$200/mo OR self-host $100/mo); 10 anti-patterns observados.

2026-05-01, Review wave 27 — engineering mastery (Fastify + Hono plugin authoring, Redis Lua + Functions 7, visual regression + Playwright, Strangler Fig migration, HATEOAS + HTMX)

edit framework/02-plataforma/02-08-backend-frameworks.md §2.19, plugin authoring deep — Fastify encapsulation, Hono middleware composition, type-safe DI patterns — Fastify encapsulation model deep (each plugin own context; fastify-plugin wrapper skip encapsulation; decorators + module augmentation typed access; hooks lifecycle onRequest → preParsing → preValidation → preHandler → preSerialization → onSend → onResponse → onError); plugin pattern Logística db.plugin.ts completo com Drizzle + onClose graceful shutdown; plugin with dependencies (auth depends on db; dependencies array runtime check); encapsulated routes sub-app pattern (each prefix encapsulated; auth scoped); Zod schemas typed (compile-time + runtime validation + auto OpenAPI); Hono 4+ middleware composition (Variables generic typed; logger + cors + jwt + csrf middlewares); Hono custom middleware authoring (createMiddleware factory + tenant resolver subdomain); type-safe DI alternatives 2026 (Awilix vanilla; tsyringe Microsoft decorators; NestJS full framework; framework-native Fastify decorators / Hono Variables sweet spot até ~50 routes); plugin testing app.inject in-process; stack Logística (Fastify plugins db/auth/tenant/audit/metrics/errorHandler + encapsulated routes /orders/couriers/admin/webhooks; Hono alternative edge functions; OpenAPI auto-gen Zod + @fastify/swagger-ui); 10 anti-patterns observados.
edit framework/02-plataforma/02-11-redis.md §2.20, Lua scripting advanced + Redis Functions 7+ + atomic compound operations — why Lua scripting (atomicity single execution context; latency 1 round-trip vs N; consistency read-then-write sem race; use cases distributed locks + rate limiters + atomic counters + conditional updates); EVAL vs EVALSHA (full script vs SHA1 lookup pre-cached; SCRIPT LOAD pre-load; clients ioredis abstract NOSCRIPT retry); atomic counter rate limit fixed window completo Lua + ioredis call; sliding window rate limit (sorted set + ZREMRANGEBYSCORE + ZCARD + ZADD com timestamp + unique request ID); distributed lock Redlock-lite acquire/release (token-based release prevents accidental); idempotency key with response cache; Redis Functions 7+ (Library named collection persisted across restarts vs scripts re-load; FUNCTION LOAD + FCALL; replication library + RDB/AOF; performance same as Lua); compound operations (move courier between zones atomically; SISMEMBER + SREM + SADD); pegadinhas (SCRIPT KILL doesn't work after writes; long scripts block single-threaded; redis.call vs redis.pcall; no RANDOMKEY non-deterministic; cluster KEYS same hash slot via tag); stack Logística (rate limiting sliding window per IP+user_id ~5μs/call; idempotency every POST /orders; distributed locks schedule recalc; ~10k calls/sec sustainable ~$50/mo); 10 anti-patterns observados.
edit framework/03-producao/03-01-testing.md §2.20, visual regression testing + Playwright advanced patterns + flake elimination — visual regression when worth it (design systems + critical user-facing pages; NÃO every page + data-driven UI); tools 2026 comparison (Playwright toHaveScreenshot() free integrated E2E; Storybook + Chromatic $149+/mo design systems; Percy $599+/mo cross-browser; Applitools $299+/mo AI-based diff; Reg-suit OSS; BackstopJS legacy); Playwright toHaveScreenshot() practical com mask dynamic content + maxDiffPixelRatio + Docker for CI consistency (mcr.microsoft.com/playwright pin version); Storybook + Chromatic pattern (story per state + viewports + delay; Chromatic auto-detects + PR review UI); Playwright advanced Page Object Model + fixtures (test.extend OrdersPage class with goto/filterByStatus/createOrder methods); flake elimination patterns (NÃO setTimeout; auto-waiting actionable; network-aware waits; retries CI-only; trace viewer debug); common flake sources + fixes (animation race CSS injection; fonts not loaded document.fonts.ready; Date.now mock addInitScript; random IDs deterministic; network flakiness page.route stub); stack Logística (Storybook + Chromatic component visual; Playwright toHaveScreenshot 3 critical pages; 8 E2E flows POM + fixtures; Maestro mobile 10 flows; Playwright Docker container ~12min CI suite); 10 anti-patterns observados.
edit framework/04-sistemas/04-08-services-monolith-serverless.md §2.22, Strangler Fig migration deep — extracting services from monolith without downtime — Strangler Fig pattern Martin Fowler 2004 (vine grows around host tree replacing it; new service alongside legacy; gradual migrate; eventually retire; ~70% big-bang rewrites fail Joel Spolsky); 5-phase migration anatomy (Façade routing layer; Extract build new service + traffic subset; Verify shadow + canary; Cutover route 100%; Retire delete legacy); Phase 1 Façade pattern nginx config; Phase 2 Extract dual-write pattern Logística com transaction (better outbox cobre 04-02); Phase 3 Verify shadow + canary + diff testing GitHub Scientist; Phase 4 Cutover (big bang vs gradual via Argo Rollouts traffic split 10→25→50→100%); Phase 5 Retire (2-4 weeks wait period; code archaeology delete tests + remove from build; database read-only first deprecation eventually drop); ACL deep (cruza com 04-06 §2.18; new service NÃO inherit legacy schema warts; LegacyOrderAdapter fromLegacy/toLegacy bidirectional + mapStatus PEND→placed); database migration patterns (same DB separate schemas cheap; database per service full isolation cleaner; CDC sync Debezium → materialized view; logical replication subset); stack Logística timeline (Phase 1 Week 1-2 façade; Phase 2 Week 3-6 build + dual-write; Phase 3 Week 7-10 shadow + ACL fixes; Phase 4 Week 11-14 canary; Phase 5 Week 15-18 retire; total 4-5 meses zero-downtime); 10 anti-patterns observados.
edit framework/04-sistemas/04-05-api-design.md §2.27, HATEOAS + hypermedia + JSON:API spec — when hypermedia wins, when REST-Lite suffices — HATEOAS what it is (Roy Fielding REST level 4; client doesn't hardcode URLs; server returns relevant links per resource state; ~5% public APIs implement true HATEOAS 2026; OpenAPI covers most discoverability); Richardson Maturity Model (Level 0 single endpoint RPC; Level 1 resources nouns; Level 2 HTTP verbs + status codes; Level 3 HATEOAS; most APIs sit Level 2 REST-Lite pragmatic); JSON:API spec jsonapi.org 1.1 (standardized format; data envelope + included/relationships + links + meta + sparse fieldsets + sorting + pagination; Logística order example completo); practical hypermedia REST-Lite Stripe-style com expand parameter; HAL Hypertext Application Language (lightweight; _links + _embedded; Spring HATEOAS support); HTMX renaissance 2024+ (server returns HTML fragments; hx-* attributes partial updates; pattern Logística admin panel Hono HTML response cancel button hx-post; compelling for admin panels + CRUD-heavy; trade-off less suitable highly interactive UI); when HATEOAS / hypermedia wins (long-lived APIs many clients; server-driven UI; workflow APIs state machines; NÃO simple CRUD single client); pragmatic recommendation 2026 (default REST-Lite Level 2 + OpenAPI + Stripe-style expand; stretch JSON:API cross-team consistency; HATEOAS only workflow API or HTMX-driven UI; GraphQL prefer client-driven querying); stack Logística (public API REST-Lite + OpenAPI + expand; admin panel HTMX Hono HTML fragments; mobile semi-HATEOAS com actions field per order state machine; webhook events JSON:API-inspired envelope); 10 anti-patterns observados.

2026-05-01, Review wave 26 — deep systems II (Mongo aggregation advanced, K8s operators kubebuilder, Rust async + Zig, Kafka Streams + ksqlDB, PIX + Stripe Connect marketplace)

edit framework/02-plataforma/02-12-mongodb.md §2.19, aggregation pipeline advanced ($lookup, $graphLookup, $facet, time-series, $merge analytics) — pipeline mental model (stages sequence; $match first reduces input; index usage só em early stages; 100MB stage limit + allowDiskUse); $lookup deep (basic localField/foreignField + pipeline-form com $expr conditions; pegadinha index em foreignField mandatory pra evitar O(N×M) scan); $graphLookup recursive traversal (Logística courier referral chain maxDepth 3 + connectFromField/connectToField + index obrigatório); $facet multi-pipeline single query (Logística dashboard cards counts por status + top 5 couriers + revenue total em parallel; same input scanned once vs N separate queries 10x faster); time-series collections Mongo 7+ (createCollection com timeseries timeField/metaField/granularity + expireAfterSeconds auto-purge; storage savings 10-50x vs regular collection; limitations no UPDATE/DELETE per-document); $merge materialized views (Logística monthly_reports nightly cron com whenMatched/whenNotMatched UPSERT incremental; vs $out replace full collection); $expr complex conditional logic (pegadinha doesn't use indexes < 4.4); aggregation diagnostics ($explain executionStats + $hint + maxTimeMS + allowDiskUse); stack Logística (real-time dashboard $facet < 200ms + materialized views nightly cron + time-series 30x storage savings + $graphLookup fraud detection); 10 anti-patterns observados.
edit framework/03-producao/03-03-kubernetes.md §2.22, custom controllers + operators deep (kubebuilder, controller-runtime, CRD design) — operators vs Helm/Kustomize (operators continuous reconciliation loop + day-2 ops; use cases stateful workloads + complex multi-step + domain automation; CoreOS 2016 Operator Pattern); reconciliation loop fundamentals (Reconcile(req) idempotent + level-triggered NÃO edge-triggered + eventual consistency one step per Reconcile + requeue); CRD design (Spec desired + Status actual; OpenAPI v3 schema validation com types/ranges/enums/defaults; subresources /status e /scale separate RBAC); LogisticaTenant CRD example completo (tier free/pro/enterprise + region + replicas + status phase + conditions); kubebuilder + controller-runtime Go skeleton (kubebuilder init + create api scaffold + Reconcile function step-by-step Namespace + Deployment + Status update + RequeueAfter 30s); owner references + garbage collection (SetControllerReference cascade delete); watching dependencies (Owns vs Watches + predicates filter events); status conditions pattern Kubernetes API conventions (Available/Progressing/Degraded standard); operator distribution (OperatorHub.io + Helm chart + OLM + Direct YAML); LogisticaTenant operator applied (CRD + Reconcile creates Namespace + Deployment + Service + ConfigMap + RoleBinding; day-2 ops nightly backup + tier upgrade HPA + tenant deletion archive; 1000+ tenants same effort as 10); 10 anti-patterns observados.
edit framework/03-producao/03-11-systems-languages.md §2.19, Rust async runtimes deep (Tokio, async-std, smol) + Zig as systems alternative 2026 — Rust async fundamentals (Future trait lazy state machine + async fn desugars + .await suspends + no runtime built-in + Send + Sync constraints multi-thread runtime); Tokio production standard 2026 (multi-threaded work-stealing scheduler #[tokio::main] 1 thread per CPU + current_thread CLI; pillars spawn + select! + sync Mutex/RwLock/mpsc/oneshot/broadcast/watch); pattern Logística concurrent fetch + process com JoinSet + timeout + error handling (sustains 1M+ concurrent tasks per node sub-microsecond spawn); tokio::select! race + cancellation (branches not selected CANCELED futures dropped; ensure idempotent); Pin + Send + 'static common gotchas (Rc/RefCell across .await compile error; scope to before .await); async-std vs smol vs Tokio comparison (Tokio largest ecosystem Hyper/Axum/Reqwest/sqlx/redis-rs production proven; async-std maintenance mode 2024+; smol minimal CLI/embedded < 1MB binary); Axum Tokio-based web framework Logística orders endpoint completo (sustains 100k+ rps modest hardware p99 < 5ms); performance characteristics 2026 (sub-millisecond p99 + 1-5x faster Node.js Fastify + 2x faster Go Gin + ~5-10MB baseline + ~10ms cold start); Zig 0.13+ as systems alternative (C replacement; comptime compile-time code execution; no hidden control flow predictable; C interop trivial @cImport; cross-compilation excellent zig cc; use cases embedded + build tooling + Wasm targets; NÃO replaces Rust safety-critical no borrow checker); decision tree systems language 2026 (Rust long-running servers; Go pragmatic backend; Zig embedded + build tooling; C/C++ legacy only); 10 anti-patterns observados.
edit framework/04-sistemas/04-02-messaging.md §2.19, Kafka Streams + ksqlDB practical (windowing, joins, exactly-once, state stores) — when stream processing vs simple consumer (windowed counts + joins + enrichment + alerting; Logística real-time dashboard + fraud detection + enrichment + alerting); Kafka Streams architecture (library NOT separate cluster; topology DAG operations; state stores RocksDB-backed local key-value replicated via changelog topics; tasks parallelism unit auto-scale; EOS v2 exactly-once semantics processing.guarantee Kafka 2.5+); KStream vs KTable mental model (KStream append-only event stream; KTable changelog → current state per key; GlobalKTable replicated all instances pra small reference data); windowing fundamentals (tumbling fixed non-overlapping; hopping fixed overlapping; session gap-based; sliding custom); pattern Logística orders/min per tenant windowed count completo Java DSL; stream-stream joins windowed (Logística order placed + courier assigned within 5min com JoinWindows); stream-KTable joins always-on enrichment (orders × couriers profile); ksqlDB SQL on streams (CREATE STREAM event log vs CREATE TABLE compacted; tenant_revenue_per_hour com WINDOW TUMBLING; EMIT CHANGES push vs EMIT FINAL window closes; pull vs push queries); EOS v2 (transactional producer + consumer offset commit em mesma transaction; cost 5-10% throughput overhead + 20-50ms latency; pegadinha side effects fora Kafka NÃO exactly-once need idempotent consumer); stack Logística completo (source topics + Streams app Java + ksqlDB ad-hoc + output topics dashboard + alerts; cost ~$300/mês Kafka 3-node + $150/mês Streams 3 replicas K8s); 10 anti-patterns observados.
edit framework/02-plataforma/02-18-payments-billing.md §2.20, PIX integration deep + Stripe Connect marketplace + multi-party payments 2026 — PIX fundamentals 2026 (instant payment Bacen 2020+ < 10s settlement + 60%+ B2C 2025-2026; modalidades PIX Cobrança + PIX Saque/Troco + PIX Automático recurring 2024+ + PIX Garantido 2025+); PIX integration via PSP vs direct Bacen ($1M+ initial cost direct; PSPs 0.5-1.5% fee Stripe + Stark Bank + Mercado Pago + Asaas/Pagar.me); PIX Charge API pattern Stark Bank example completo (DynamicBrcode create + webhook handler ECDSA signature verification + tags reconciliation); PIX QR code rendering BR Code spec EMV-compatible (TXID reconciliation embedded order_id mandatory); Stripe Connect marketplace deep Logística (lojistas pay → Stripe → split → courier payout + Logística fee); account types Standard vs Express vs Custom (Express sweet spot ~80% marketplaces); Stripe Connect flow Logística completo (create Express account + accountLinks onboarding KYC + paymentIntents com application_fee_amount + transfer_data destination courier); marketplace compliance (KYC/KYB Stripe handles Express + AML PSP primary + tax reporting 1099/DARF + payout cadence T+1); reconciliation marketplace pattern (triple-entry ledger DB + Stripe + accounting; daily cron diff > 0.1% alert); stack Logística completo (Stripe + Stark Bank + Connect Express + 85/12/3 split; numbers 10k orders/dia × R$50 = R$500k/dia GMV); 10 anti-patterns observados.

2026-05-01, Review wave 25 — system craft (zero-downtime migrations, LLM-augmented search, BuildKit + multi-arch + distroless, database sharding strategies, PMF + retention metrics)

edit framework/02-plataforma/02-10-orms.md §2.17, zero-downtime schema migrations — expand-migrate-contract pragmatic — three-step lifecycle (Phase 1 Expand add nullable + dual-write; Phase 2 Migrate backfill + switch reads; Phase 3 Contract remove old) com regra rollback safe at any phase; Postgres operations cheat sheet (lock impact por operation: ADD COLUMN NULL instant Postgres 11+; ALTER COLUMN TYPE rewrites long; DROP COLUMN logical instant; CREATE INDEX CONCURRENTLY non-blocking; ADD CONSTRAINT NOT VALID + VALIDATE non-blocking pattern); concrete patterns rename column + add NOT NULL safe + add foreign key safe; Drizzle migrations integration (schema-only migrations + data migration scripts fora); backfill chunking pattern com throttle replication lag pause; migration tooling 2026 (gh-ost MySQL; pt-online-schema-change Percona; pg_repack Postgres; Sqitch SQL-first; Atlas Ariga 2024+ declarative + auto-diff + production policies; Drizzle/Prisma/TypeORM framework-integrated mas need manual care); Logística applied complete migration (split orders.address → pickup_address + dropoff_address em 3 releases ~6 weeks zero downtime); 10 anti-patterns observados (ALTER COLUMN TYPE em large table; ADD COLUMN NOT NULL DEFAULT pre-PG11 rewrite; backfill single UPDATE 100M rows; RENAME COLUMN em release ativo; trigger-based dual-write overhead; backfill sem chunking + throttle).
edit framework/02-plataforma/02-15-search-engines.md §2.19, LLM-augmented search 2026 (semantic + keyword fusion, query understanding, conversational refinement) — why LLM-augmented (pure vector falha exact match + rare entities; pure keyword BM25 falha synonyms + conceptual; hybrid + LLM bridges 5-10%); query understanding pipeline LLM as parser (Logística "pedidos atrasados acima de R$200 nos últimos 7 dias" → Zod schema structured filters + sort com gpt-4o-mini + cache hash 1h TTL; latency 200-500ms); hybrid retrieval + LLM rerank (top-50 hybrid → Cohere Rerank v3.5 top-10 → optional RAG summary; numbers 70% relevance hybrid alone vs 85% +rerank vs 92% +query understanding); query expansion LLM (variants + RRF merge; pegadinha NÃO em strict-match SKU domains); conversational search multi-turn refinement com state previous query + filters; implementation stack 2026 (vector DB pgvector/Qdrant/Weaviate/Pinecone/Milvus; embedding OpenAI text-embedding-3-small $0.02/1M / Cohere embed-v3 / bge-m3 multilingual / Voyage 3 SOTA; rerank Cohere v3.5 / bge-reranker / cross-encoder; LLM gpt-4o-mini / Claude Haiku 4.5 / Llama 3.3 70B vLLM); caching strategy critical (query understanding hash 1h; embedding 7d; result 5min; conversation 1h; Logística 80% queries repetições → cache hit ~70%; cost reduction 5-10x); eval discipline (golden dataset 200-500; metrics filter accuracy + Recall@10 + NDCG@10 + LLM-as-judge; CI gate regression > 2% block); stack Logística completo (50k queries/dia × ~$100/mês com 70% cache hit); 10 anti-patterns observados.
edit framework/03-producao/03-02-docker.md §2.21, BuildKit cache mounts + multi-arch builds + distroless images deep — BuildKit fundamentals 2026 (default Docker 23+; concurrent stage execution + cache mounts + secret mounts + SSH agent forwarding; # syntax=docker/dockerfile:1.7+ directive); cache mounts deep (RUN --mount=type=cache,target=... persistent between builds NÃO em image layer; pattern Node.js npm cache /root/.npm + Go cache /go/pkg/mod + /root/.cache/go-build; cache id sharing entre Dockerfiles; build subsequente ~30s vs ~3min cold); bind mounts build-time read-only files; multi-stage builds optimized stages paralelos; multi-arch builds linux/amd64 + linux/arm64 (Apple Silicon devs + AWS Graviton/Ampere prod 20-40% cheaper; QEMU emulation slow 5-10x; Depot.dev cloud builders native ARM 5min full build; cross-compile via Go --platform=$BUILDPLATFORM faster); distroless images deep (gcr.io/distroless/* minimal NO shell + NO package manager; variants static/base/cc/java/python3/nodejs + :nonroot/:debug; sizes static ~2MB / nodejs22-debian12 ~150MB; security wins no shell post-RCE + reduced CVE surface Trivy scan ~5 vs Alpine ~20 vs Ubuntu 100+); Chainguard Images (Wolfi-based glibc-compat; daily zero-CVE rebuilds; signed cosign + provenance/SBOM included); SBOM + provenance attestations (docker buildx build --sbom=true --provenance=true + cosign verify-attestation SLSA); stack Logística (4-stage Dockerfile + cache mounts + distroless nodejs22 nonroot ~150MB + Depot.dev multi-arch + Railway linux/arm64 Ampere 30% cheaper + cosign sign + Trivy CI gate; build ~3min cold → ~30s warm); 10 anti-patterns observados.
edit framework/04-sistemas/04-09-scaling.md §2.21, database sharding strategies (range, hash, directory; Vitess, Citus, CockroachDB comparison) — when sharding (vertical scaling cap ~$50k/mo db.r7g.16xlarge 512GB/64 vCPU; read replicas solve reads NÃO writes; threshold pragmático 2026 shard quando primary > 5TB OR writes > 50k qps sustained); three strategies (range pros range queries cons hot shards; hash pros uniform cons range queries scatter; directory pros flexible rebalancing cons lookup overhead); sharding key critical decision (wrong = 99% queries hit single shard; right = uniform distribute OR colocate related data; Logística example by tenant_id pros multi-tenant isolation cons large tenants hot); Vitess + PlanetScale architecture (CNCF graduated; VTGate query router + VTTablet per-shard MySQL proxy + VSchema declarative vindex; resharding online MoveTables zero-downtime; PlanetScale managed branching Git-like + scale 1B+ rows; users Square/GitHub/Etsy); Citus Postgres extension architecture (coordinator + workers; create_distributed_table('orders', 'tenant_id'); reference tables replicated all workers; rebalance_table_shards online via logical replication; Azure Cosmos DB for Postgres = managed Citus; users Heap/Adjust); CockroachDB / TiDB / YugabyteDB NewSQL (Postgres-compatible auto-sharding raft consensus strict serializable; 30-50% slower OLTP cost premium $$$$; multi-region strong consistency); custom application-level sharding (Drizzle SHARDS map + shardForTenant hash; cross-shard JOIN slow; reshard manual months); decision matrix com costs 2026; Logística v1 single Postgres 5TB cap → v2 read replicas → v3 Citus shard tenant_id 4 shards → v4 multi-region; 10 anti-patterns observados.
edit framework/04-sistemas/04-16-product-business-economics.md §2.20, Product-Market Fit measurement + retention metrics + activation funnels — PMF definitions (Marc Andreessen 1.0 vague; Sean Ellis test "How would you feel if you could no longer use product?" PMF > 40% Very disappointed; Rahul Vohra Superhuman Engine segment by answer ICP+benefits+barriers; quantitative PMF retention curves flatten + organic growth + category leadership); Sean Ellis test implementation SQL após 3+ uses qualified threshold + sample 100+ pra signal estatístico + quarterly cadence; retention metrics Day-N curves (D1/D7/D30/D90; cohort retention curves; pattern interpretation flatten = PMF, decay zero = leaky bucket, smile curve rare); B2B SaaS benchmarks 2026 (excellent D30 > 80% / D90 > 60%; good D30 60-80% / D90 40-60%; marginal 30-60%; bad < 30%); B2C consumer (excellent D30 > 30% / D90 > 15%); cohort retention SQL Postgres completo copy-paste com cohorts + activity + sizes JOIN; activation funnel discover "Aha moment" (action correlated com long-term retention; Logística aha lojista que cria 5+ pedidos no first week + integra Stripe → 85% D90 vs 8% só signup; Slack 2000 messages org-level; Dropbox 1 file + 1 device); A/B test reduzindo onboarding friction (12 steps → 5 steps activation 35% → 58%); MAU/DAU + DAU/MAU ratio (consumer addiction-tier > 50%; excellent SaaS 30-50%; B2B good 15-30%; "active" must be qualified action NÃO login); Net Revenue Retention NRR B2B critical (formula start ARR + expansion - downgrade - churn; world-class > 130% Snowflake/Datadog; excellent 110-130%; bad < 90%); programa Logística (Sean Ellis quarterly survey in-app + cohort dashboard Grafana + Aha discovery top 100 retained vs churned + activation goal 5 orders week 1 currently 32% goal 50% + NRR monthly tracking); tools 2026 (Posthog OSS + Amplitude + Mixpanel + Heap + June.so B2B + custom Postgres + Grafana); 10 anti-patterns observados.

2026-05-01, Review wave 24 — database, performance, leadership (Postgres replication + partitioning, Speculation Rules + INP 2026, incident command + postmortem, hexagonal vs clean vs onion, EM vs IC track Staff+ ladder)

Vigésima-quarta onda do audit cross-stage. Foca em database/performance/leadership — frentes Senior+ com código copy-paste-pronto, decision matrices, frameworks operacionais e anti-patterns.

edit framework/02-plataforma/02-09-postgres-deep.md §2.21, logical replication + table partitioning + read replicas production deep — physical vs logical replication trade-off (Postgres 17 stable; row-level via decoded WAL com publication/subscription; selective tables; cross-version + cross-architecture; DDL não replicada limitation); use cases logical replication (multi-region read replicas; major version upgrade sem downtime; lakehouse sync source; multi-tenant per-tenant DB); native partitioning deep (RANGE time-series; LIST categorical tenant_id; HASH uniform distribution; sub-partitioning); range partitioning Logística tracking_pings por mês com pg_partman 5+ auto-create + retention; detach + drop pattern com CONCURRENTLY (Postgres 14+); hash partitioning 16 partitions sweet spot pra 1k-100k inserts/sec; read replicas + connection routing (hot standby; PgBouncer transaction-mode + pool_size 50; PgCat Rust + Supavisor Elixir 2026 alternatives; Drizzle/Prisma replicaUrl config); read-after-write consistency com replication lag handling; vacuum strategy com partitions (autovacuum_vacuum_scale_factor 0.02 active partition; FREEZE em old partitions read-only); stack Logística completo (Railway Postgres 17 master + 1 replica per region + tracking_pings RANGE + events HASH + audit_log RANGE + pg_partman retention); 10 anti-patterns observados.
edit framework/03-producao/03-09-frontend-performance.md §2.20, Speculation Rules API + INP optimization 2026 + Long Animation Frames — Speculation Rules API Baseline Chrome 2024+ substituindo <link rel="prerender"> deprecated com JSON declarativo (prerender + prefetch com eagerness levels immediate/eager/moderate/conservative; where matchers href_matches + selector_matches; document.prerendering flag pra evitar analytics duplicado via prerenderingchange listener); Logística applied hover orders list → moderate prerender /orders/:id (95% prerendered hits → INP p75 ~50ms vs ~200ms cold); INP substituiu FID since 2024-03 (worst interaction latency em session; <= 200ms good; <= 500ms needs improvement; > 500ms poor CrUX p75); INP optimization playbook (scheduler.yield() Baseline 2024+ pra yield event loop; scheduler.postTask() priority hints user-blocking/visible/background; requestIdleCallback legacy; useTransition React 18+ marca non-urgent; pre-compute durante idle; debounce/throttle handlers); Long Animation Frames API LoAF Baseline 2024+ (substitui Long Tasks; mede frames > 50ms + breakdown script/style/layout/paint/render-blocking + attribution scripts: [{ name, sourceLocation, duration }]); pattern PerformanceObserver collect → Grafana dashboard top scripts blocking; tree-shaking + code-splitting 2026 (route-based + dynamic import modals + bundle analyzer + selective re-export date-fns/format); critical CSS + font loading 2026 (font-display: swap vs optional; preload critical fonts; variable fonts 30-40KB savings; self-host Cloudflare > Google Fonts privacy + perf); 10 anti-patterns observados.
edit framework/03-producao/03-15-incident-response.md §2.19, incident command structure + blameless postmortem template + RCA techniques — Incident Command System adapted (IC owns coordination + decisions + comms NÃO debugs; Operations Lead hands-on remediation; Comms Lead external + internal; Scribe timeline real-time critical pra postmortem; SME pulled in pra system-specific knowledge; SEV1 minimum 1 IC + 1 Ops + 1 Comms; SEV2 = 1 IC + 1 Ops); SEV0-SEV4 levels com customer impact + response time + Logística examples; incident lifecycle (Detect → Acknowledge → Triage → Mitigate ≠ Resolve → Postmortem within 5 business days → Action items tracked); real-time response checklist IC playbook (open channel inc-YYYY-MM-DD; status page < 5min; pin top message; comms cadence 30min); blameless postmortem template completo copy-paste (Summary + Timeline UTC + Impact + RCA NÃO "human error" + What went well + What went poorly + Action Items priority/owner/due/tracked); RCA techniques (5 Whys Toyota linear single-chain; Fishbone Ishikawa 6 categorias visual; Fault tree top-down distributed; Causal Loop Diagrams feedback loops); blameless culture practices (no human error; Just Culture Sidney Dekker honest mistakes vs gross negligence vs sabotage; reward incident reporting; no name-and-shame use roles); postmortem rituals (5 business days schedule; 30-60min meeting; company-wide distribution; monthly action items review); programa Logística 2026 (PagerDuty rotation + SEV docs runbook + auto-create channel + Statuspage + postmortems/ repo + Linear action items); 10 anti-patterns observados.
edit framework/04-sistemas/04-07-architectures.md §2.19, hexagonal vs clean vs onion architecture comparison — three philosophies (Hexagonal Cockburn 2005 ports + adapters symmetric; Onion Palermo 2008 concentric circles dependencies inward; Clean Martin 2012 refinement combining DDD + Hexagonal + Onion com Use Cases central layer); all share Dependency Inversion Principle; Hexagonal anatomy completa (Domain pure + Primary ports driving + Secondary ports driven + Adapters swappable) com exemplo TypeScript Logística OrderApplicationService + PostgresOrderRepository + REST controller; Onion anatomy (Center Domain Model + Domain Services + Application Services + Infrastructure outermost); Clean Architecture anatomy (Entities + Use Cases + Interface Adapters + Frameworks & Drivers; Boundary classes cross layers); comparison matrix (year, layers, symmetry, use case explicit, best for, verbosity, test ease); when each wins (Hexagonal apps com many integrations + easy swap; Onion domain-heavy + few integrations; Clean large team + explicit use case boundaries); common pitfalls (anemic domain model derrota purpose; over-abstraction em CRUD; domain importing infrastructure cycle; thin Use Case wrappers; ports per CRUD operation explosão); pragmatic application Logística (MVP Modular Monolith + Hexagonal lite skip Use Case until needed; Growth adicionar Use Case classes em modules complex; Scale extract bounded contexts em services); testing implications (Domain pure unit fast; Application unit mocked ports; Infrastructure integration Testcontainers; Interface E2E Playwright; Logística numbers 2000+ unit < 30s; 200+ integration < 2min; 50 E2E < 5min); 10 anti-patterns observados.
edit framework/04-sistemas/04-12-tech-leadership.md §2.23, Engineering Manager vs IC track Staff+ ladder archetypes decision criteria — two tracks distinct skills (EM track people management 1:1s + performance + hiring + project mgmt; IC track post-Senior technical leadership without direct reports + architecture + mentorship via influence + cross-team coordination; both ladders pay parity em companies sérias); Tanya Reilly "The Staff Engineer's Path" 4 archetypes (Tech Lead leads team/project hands-on; Architect cross-team technical direction less hands-on; Solver tackles ambiguous high-impact; Right Hand alongside senior leader multiplier); Staff Engineer responsibilities cross-archetype (technical strategy 6-18 months + big rocks decisions + cross-team coordination + mentorship at scale via artifacts + glue work Reilly's term critical mas under-rewarded); Principal/Distinguished/Fellow next levels (Principal company-wide impact 1-3 per 500-eng; Distinguished industry-level impact via papers/OSS/talks 1 per 1000-eng); Engineering Manager M1-M4+ ladder responsibilities; decision framework Senior at crossroads (energy gain test; calendar test; skill leverage 90th percentile coder vs listener/writer/decision-maker; optionality Manager → IC harder than IC → Manager 12-24 months tech atrophy); transitions and pitfalls (Senior → EM micromanaging; Senior → Staff IC staying hands-on; EM → IC manager hiatus deliberate practice; Staff → Principal must demonstrate cross-org); levels.fyi reality check 2026 (Senior $300-400k; Staff $450-650k; Principal $650-1M; Distinguished $1M+; varies 30-50% by region/sector); Logística applied career planning conversation Staff promotion 6-9 months; 10 anti-patterns observados (promotion sem opt-in; glue work invisible em promo packets; compensation parity not real causa IC drain; "going to IC" framed as demotion).

Vigésima-terceira onda do audit cross-stage. Foca em applied engineering — frentes Senior+ com código copy-paste-pronto, numbers reais 2026 e anti-patterns de produção.

edit framework/03-producao/03-16-estimation-planning.md §2.19, Monte Carlo forecasting + flow metrics + #NoEstimates math — Monte Carlo > story points (probabilística, traduz a datas reais "85% confidence shipping 30 items em 8 weeks"); flow metrics Daniel Vacanti (throughput, cycle time, lead time, WIP, Little's Law, aging WIP); Monte Carlo implementations Python + TypeScript copy-paste-ready com both directions (when ship N items? OR how many items by date?); CFD diagramming pra bottleneck signal; #NoEstimates math (variance throughput ~ comparable to SP-weighted; just count em well-broken-down backlog); Logística applied quarterly planning (Q4 47 items + throughput last 12 weeks → forecast {p50: 7w, p85: 8w, p95: 10w}); pegadinhas (change point, outliers, items sizing, deadline planning); tools 2026 (Actionable Agile $25/user/mo, Linear pro $14, custom + Grafana); 10 anti-patterns observados.
edit framework/03-producao/03-18-cognitive-accessibility.md §2.21, readability automation + dyslexia/ADHD/autism design + cognitive performance metrics — WCAG 2.2 cognitive coverage gap (9 success criteria adicionados; WebAIM Million 2024 95.9% sites têm WCAG failures; cognitive deeper); WCAG 3.0 draft 2024+ scoring substituindo pass/fail; readability metrics (Flesch Reading Ease 0-100; FRE 70+ target UI Logística; FRE 60+ docs técnicas; pt-BR adaptado Martins 1996; libs textstat Python + text-readability JS); CI automation (Vale linter + textstat pytest assertions + Hemingway CLI + alex.js inclusive); dyslexia design patterns (fonts Atkinson Hyperlegible/OpenDyslexic/Lexend; line height 1.5+; letter-spacing 0.12em+; contrast 7:1+; cream background); ADHD design (1 primary action; progress indicators; auto-save IndexedDB; remove time pressure WCAG 2.2 SC 2.2.6); autism design (predictability, literal language, no abstract metaphors, sensory considerations, clear errors); cognitive load metrics product instrumentation (TTC + error rate per form + abandonment funnel + help/docs usage); media queries prefers-reduced-motion/-data/-contrast; stack Logística com Vale CI + Atkinson default + modo leitura toggle + multi-step auto-save + cognitive metrics dashboard; 10 anti-patterns observados.
edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.18, lakehouse 2026 deep (Iceberg vs Delta vs Hudi, CDC pipelines, time travel + branching) — lakehouse status 2026 (Apache Iceberg dominou enterprise após Snowflake/Databricks/AWS/Google/MS/Cloudflare R2 nativos; Delta UniForm 2024+ Iceberg compat; Hudi niche CDC-heavy; AWS S3 Tables re:Invent 2024 Iceberg-native ~3x faster; Cloudflare R2 Iceberg 2025+ zero egress); decision matrix Iceberg vs Delta vs Hudi (engine support, schema evolution, time travel, branching, streaming, compaction, OSS health); Iceberg architecture (Catalog REST recommended + metadata file JSON + manifest list + manifest file + Parquet data files; atomic commit via new metadata pointer); CDC pipeline pattern Postgres → Iceberg (Debezium → Kafka → Flink/Spark Structured Streaming OR PeerDB direct sem Kafka OR Estuary Flow managed); MERGE INTO upserts em Iceberg copy-paste; time travel + branching Iceberg 1.4+ (snapshot timestamp/version + tags release-stable + branches experimental + FAST FORWARD merge); WAP pattern (Write-Audit-Publish branch staging + audit queries + publish via FAST FORWARD); schema evolution patterns; compaction + maintenance (rewrite_data_files + expire_snapshots + remove_orphan_files via Airflow nightly/weekly); stack Logística completo PeerDB → Iceberg S3 (~30s latency) + REST catalog Apache Polaris OSS 2024+ + Trino ad-hoc + ClickHouse dashboards 24.x+ Iceberg engine + ~$300/mo total stack; 10 anti-patterns observados.
edit framework/02-plataforma/02-05-nextjs.md §2.22, parallel routes + intercepting routes + advanced middleware patterns — parallel routes @slot convention pra render multiple pages simultaneously em mesma layout (dashboard @analytics + @team + @notifications) com default.tsx mandatory em sub-routes; independent loading + error boundaries per slot streaming independente; conditional slot rendering baseado em session/role; intercepting routes (.)/(..)/(...) pra override route navigation render route X em context atual (modal pattern); pattern Logística order detail modal (/orders/[id] modal sobre lista; refresh = full page deep linking; file structure com @modal/(.)/[id]/page.tsx); advanced middleware patterns (Edge Runtime by default subset Node API; matcher config; multi-tenant resolver Logística completo com subdomain tenant + locale negotiation @formatjs/intl-localematcher + auth gate + tenant header injection); middleware limitations 2026 (Edge constraints no Node APIs/native modules; bundle size 1MB Vercel/4MB Cloudflare; latency cap < 50ms; waitUntil API pra fire-and-forget); Server Actions advanced patterns (form action progressive enhancement sem JS; useActionState React 19 cobre wave 21; revalidatePath/revalidateTag granular; encrypted action IDs Next.js 14+); stack Logística completo (parallel routes dashboard streaming + intercepting modal order detail + middleware tenant/locale/auth + Server Actions com Zod + revalidateTag); 10 anti-patterns observados.
edit framework/02-plataforma/02-13-auth.md §2.20, Passkeys (WebAuthn) production deep — registration, authentication, account recovery — why passkeys over passwords + SMS OTP (phishing-resistant cryptographic origin binding; no shared secret; SMS imune SIM swap/SS7; UX Touch ID/Face ID/Windows Hello; adoption 2026 Apple/Google/MS sync via iCloud Keychain/Password Manager/Hello cross-device + caBLE QR cross-platform); spec hierarchy (WebAuthn Level 3 W3C Mar 2024 + CTAP 2.2 + FIDO2 = WebAuthn + CTAP + Passkey synced credential subtype); registration flow server-side TS com SimpleWebAuthn 11+ (generateRegistrationOptions + Touch ID prompt browser + verifyRegistrationResponse) + client startRegistration; authentication flow login (generateAuthenticationOptions + startAuthentication + verifyAuthenticationResponse + counter increment + session cookie); conditional UI (Autofill UI moderna com autocomplete="username webauthn" + isConditionalMediationAvailable browser shows passkey suggestion direto autofill); account recovery patterns (lost device com no synced passkey: backup email magic link + recovery codes 8-10 single-use + KYC re-verification + multi-passkey enrollment 2-3 devices recommended; cross-device caBLE QR Bluetooth); multi-passkey management UI; migration strategy from password + SMS (phase 1 opt-in + phase 2 prompt enrollment + phase 3 primary fallback + phase 4 passwordless mandatory; adoption rates 50-70% B2C / 30-50% B2B em 12 meses); stack Logística (lojista web Next.js + courier RN react-native-passkey + 2 mandatory passkeys signup + 8 recovery codes + audit log device fingerprint; goal 80% adoption em 6 meses); 10 anti-patterns observados.

Vigésima-segunda onda do audit cross-stage. Foca em craft rigor — frentes operacionais Senior+ com código copy-paste-pronto, numbers reais 2026, decision matrices e anti-patterns observados.

edit framework/02-plataforma/02-19-internationalization.md §2.19, ICU MessageFormat + RTL + locale negotiation production deep — ICU MessageFormat (Unicode CLDR 44) substituindo naive interpolation com grammatical rules built-in (plural one/two/few/many/other; gender; nested select); plural categories per locale (pt 2 categories, ru 4, ar 6, ja/zh/ko 1, pl 4) com Intl.PluralRules('locale').select(n) em test; RTL deep com CSS Logical Properties Baseline 2024 (padding-inline-start, margin-inline-end), <bdi> isolando user content em mixed-direction, Tailwind v4 dir-* variants, mirror seletivo (icons direcionais yes; logos/photos/code no); locale negotiation RFC 4647 lookup algorithm + URL-based vs cookie-based + per-user preference override + CDN Vary: Accept-Language cardinality explosion mitigation via Worker normalization; Intl APIs Baseline (DateTimeFormat/NumberFormat/RelativeTimeFormat/ListFormat) + Temporal proposal Stage 3 estável 2026 mid; timezone-aware pegadinhas (TIMESTAMPTZ Postgres + IANA TZ names; Brazil DST aboliu 2019); stack Logística (pt-BR primary + es-419 + en + next-intl + URL strategy /pt-BR/orders/:id; BRL primário com tenant cross-border config); 10 anti-patterns observados.
edit framework/04-sistemas/04-06-domain-driven-design.md §2.18, bounded contexts identification + Event Storming workshop deep — heuristics pra identificar BC borders (linguistic shifts, team boundaries Conway's Law, lifecycle differences, stakeholder alignment, data ownership), Context Map types canônicos Eric Evans (Partnership, Shared Kernel, Customer-Supplier, Conformist, ACL, Open Host Service, Published Language, Separate Ways, Big Ball of Mud), Event Storming Brandolini ~2013 com 3 níveis (Big Picture 1-2 dias; Process Modelling 4-8h; Software Design multi-week) + materiais (post-its laranja events past tense; roxo policies; amarelo actors; azul commands; rosa hot spots; verde read models) + workshop steps (chaotic exploration → enforce timeline → hot spots → pivotal events → walking the timeline → identify BCs ~5-9 em domínio médio) + facilitation rules (mix participants 1-2 senior dev + PM + business + ops + designer; standing only; time-box rigorous; photo-document; NÃO codar durante), Logística applied 6 BCs identificados (Catalog, Orders, Routing, Tracking, Billing, Identity) + pivotal events OrderPlaced/CourierAssigned/Delivered + Context Map (Orders↔ACL→Catalog; Orders↔Customer/Supplier→Routing; Orders↔Open Host events→Billing; Tracking↔Conformist→Orders) + aggregate borders (Order per pickup-delivery cycle, Courier, Subscription per tenant), refactoring legacy → DDD via Strangler Fig + module-before-split + database-per-context (timeline real 6-12 meses não semanas), 10 anti-patterns observados.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.28, resilience patterns deep tuning (timeouts, retries, hedging, fallbacks com production numbers) — timeout discipline (deadline propagation header X-Request-Deadline cada hop subtrai network buffer; tiered timeouts 1.5x server-side = 2x DB; per-call NÃO per-retry; numbers reais HTTP API 1-3s p99, Postgres 100-500ms, Redis 50-100ms, external API 5-10s, LLM 15-60s long-tail), retry strategy (idempotency PREREQUISITE; only retryable 5xx + network timeout; exponential backoff + jitter min(maxMs, base * 2^attempt) * (0.5 + random*0.5); decorrelated jitter AWS pattern random(base, prev*3); retry budget 10% baseline RPS preventing storm), hedging requests cruza com adaptive hedging wave 11 (cópia request a SECOND replica APÓS p99 expira; primeiro response wins; saving p99 → ~p95 effective; cost ~5% extra; NÃO hedge writes/expensive ops; AbortController implementation TS), circuit breaker production state machine (Closed/Open/Half-Open com 50% threshold em 20+ requests window NÃO 2; cooldown 30-60s; half-open 1-3 probes; per-endpoint NOT per-service; lib opossum 8+ Node), fallback hierarchy (Primary → Cached Redis → Default degraded UX → Error last resort; cached aceitável 90% reads NEVER writes), bulkhead concrete (connection pools per dependency Postgres 100/Redis 200/external 20; thread pool isolation JVM/CLR; K8s separate Deployment per consumer), load shedding (adaptive concurrency Netflix; priority-based shedding free tier first; CPU% inadequate signal → use queue-depth/in-flight-requests), stack Logística completo (Mapbox circuit breaker + cached fallback + retry; Stripe idempotency-key + decorrelated jitter NO hedging; Postgres pool 50 + statement_timeout 5s; Redis 100ms timeout + pipeline; deadline propagation client 5s → BFF 4.5s → orders-api 4s → Postgres 3s → external 1s), 10 anti-patterns observados.
edit framework/03-producao/03-17-accessibility-testing.md §2.21, a11y testing automation pipeline (axe + Playwright + Storybook + manual screen reader workflow) — automated catches ~30-57% WCAG 2.2 (axe-core + Lighthouse); manual SR + keyboard cobre rest (focus management, semantic correctness, cognitive coherence); strategy automate catchable + manual gates critical journeys + user testing PWD trimestral; axe-core + Playwright integration (@axe-core/playwright AxeBuilder com tags wcag2a/aa/2.1/2.2; ~5-10ms per page CI; signal/noise alta; page-state testing snapshot-only must run cada important state); Storybook a11y addon @storybook/addon-a11y rodando axe em background panel + test-runner --runner playwright em CI testando cada story; Lighthouse CI a11y score gating (@lhci/cli config categories:accessibility minScore 0.95 block merge regression); manual screen reader workflow mandatory critical journeys (NVDA + Firefox Windows free primary target; JAWS + Chrome enterprise; VoiceOver + Safari Apple; TalkBack + Chrome Android) + workflow Logística "criar pedido" 4 passos (Tab através form anuncia label/hint/error; submit announce role+state; success aria-live without focus moving; modal focus return ao trigger); keyboard-only navigation (focus visible :focus-visible; skip links primeiro tab stop; modal trap Tab cycla + Esc fecha); color contrast automation axe rule 4.5:1 normal AA / 3:1 large; CI pipeline Logística completo (PR gate axe Playwright em 5 critical journeys + Storybook stories + Lighthouse 95; pre-release manual SR + user testing PWD; production a11y@logistica.example.com + audit 3rd party $5-15k/ano), 10 anti-patterns observados.
edit framework/03-producao/03-13-time-series-analytical-dbs.md §2.19, time-series storage decision matrix 2026 (Prometheus, VictoriaMetrics, Mimir, ClickHouse, TimescaleDB) — workload categorization (operational metrics RED+USE 1k-100k series; application analytics 1M+ series; IoT high write rate; APM traces high cardinality; logs schemaless), decision matrix com cost @ 1M series 1mo retention (Prometheus vanilla OSS ~16GB RAM/$50/mo até 500k series; Thanos +25% Prom cost long-retention S3; Mimir Grafana OSS multi-tenant 1M-1B series; VictoriaMetrics drop-in 5-10x storage efficiency 30% Prom cost; InfluxDB 3.0 Lakehouse Iceberg + Apache Arrow Cloud $0.25/GB; TimescaleDB Postgres extension JOIN relational; ClickHouse high cardinality ad-hoc $0.05/GB/mo S3-backed; DataDog $5/host + $0.20/MM custom $$$), cardinality #1 cost driver (1M series ~16GB RAM Prom; 100M ~16TB; 1B impractical self-host) com mitigation (path template /orders/:id not /orders/123; aggregate by tenant_id NOT user_id; histograms NOT raw observations), VictoriaMetrics deep (single binary 32GB serves 5M series; PromQL + MetricsQL extensions; migration zero-friction com remoteWrite), Mimir deep (distributor → ingester → querier → store-gateway; multi-tenant X-Scope-OrgID; compactor downsamples 5min after 1d / 1h after 1w; 5-15 services overhead vale apenas > 10M series), ClickHouse application analytics + TimescaleDB JOIN relational + InfluxDB 3.0 tagless cardinality decision per workload, long-retention strategy (tiered storage hot/warm/cold + downsampling 5min/1h/1d save 99% storage), stack Logística completo ($300/mês total observability self-hosted vs $3k/mês Datadog equivalente), 10 anti-patterns observados.

2026-05-01, Review wave 21 — frontier skills (Web3 reality 2026, React 19 Forms/Actions, deployment strategies progressive delivery, OWASP 2025 + CSP + JWT, RAG architectures + eval)

edit framework/04-sistemas/04-11-web3.md §2.20, Web3 reality check 2026 (smart contract auditing, gas optimization, account abstraction ERC-4337) — TVL DeFi recovered $80-120B (vs 2021 peak $180B), 5-10M daily wallets vs 100M+ web2 logins, real adoption stablecoins ($150B USDC/USDT supply) + tokenized treasuries + FX corridors, smart contract auditing process (Foundry forge test --gas-report + Slither + Mythril + Echidna; tier list Trail of Bits/OpenZeppelin/ConsenSys + competitive Code4rena/Sherlock $50-500k pool); audit checklist (reentrancy, integer over/underflow Solidity 0.8+ checked default, access control, oracle manipulation, front-running MEV, upgrade pattern, storage collision em proxies); attack vectors 2024-2026 com cifras reais (Ronin $625M, Wormhole $325M, Multichain $210M; Compound flash-loan governance 2022); gas optimization patterns (storage SSTORE 22.1k gas zero→non-zero, struct packing, external > public, unchecked blocks, custom errors, bitmaps; ~30-50% gas savings); L2 reality 2026 (Optimistic rollups 7-day challenge; ZK rollups instant finality; Base $2B TVL; cost $0.05-1 vs $5-50 mainnet); Account Abstraction ERC-4337 production deep (UserOperation + Bundler + EntryPoint + Smart Account + Paymaster; gas sponsorship + session keys + social recovery + batch ops; Stackup/Pimlico/Alchemy/Biconomy bundler infra + Safe/Kernel/Privy smart account libs); honest comparison Web2 alternativas (DID + verifiable credentials NÃO precisam blockchain; audit trail = append-only + Merkle + RFC 3161 timestamping 1000x cheaper; cross-border = Wise/Revolut resolve 95%); verdict Logística (NÃO blockchain MVP; considerar V3+ apenas cross-border settlement); 8 anti-patterns observados.
edit framework/02-plataforma/02-04-react-deep.md §2.13, React 19 Forms + Actions + concurrent rendering deep — React 19 stable Maio 2025+ (<form action={fn}> accept function directly + auto-pending + auto-reset + ErrorBoundary integration substituindo ~80% form library use cases), useActionState hook (formerly useFormState) com signature [state, dispatch, isPending] = useActionState(action, initial) + pattern Logística order create form com Zod safeParse + revalidatePath + error handling, useFormStatus form-scoped pending sem prop drilling (deve ser CHILD do form), useOptimistic deep com pattern Logística "marcar entregue" (apply optimistic + action + auto-revert em throw), useTransition concurrent rendering pattern (urgent input feedback vs non-urgent list re-render via startTransition + isPending spinner; useSyncExternalStore pra Zustand/Jotai tearing prevention), Suspense boundaries production (1 boundary por unit independente; nested boundaries dashboard Metrics + OrdersList streaming paralelo), ErrorBoundary integration (catch sync + actions + async unexpected; useActionState pra errors esperados), useDeferredValue vs useTransition decision (controle imperative vs marcar value), stack Logística completo (Server Action + Zod + revalidatePath; useOptimistic + auto-revert; useTransition search filter; nested Suspense), 10 anti-patterns observados.
edit framework/03-producao/03-04-cicd.md §2.20, deployment strategies (blue/green, canary, progressive delivery, feature flags) — strategy decision matrix (recreate dev only; rolling K8s default; blue/green 2x infra zero-downtime; canary +20% infra observable metrics; progressive +20% automated gate; shadow 2x no traffic), rolling K8s tuning (maxSurge + maxUnavailable: 0 em prod + readinessProbe reading actual app state), blue/green pattern com Service selector swap + DB migration challenge (backward-compat schema MANDATORY; expand-migrate-contract), canary com Argo Rollouts YAML completo (setWeight 10/25/50/100 + pause + analysis templates Prometheus), Flagger alternativa, Service Mesh integration (Istio VirtualService weights + Linkerd traffic split), AnalysisTemplate queries pra success rate + latency p99 + error budget burn, progressive delivery auto-promote/auto-rollback baseado em SLI metrics + tooling 2026 (Argo Rollouts + Prometheus + Flagger + Spinnaker legacy), shadow/dark launch via Istio mirror pra perf testing real load sem user impact, feature flags em produção (decoupling deploy de release; tooling LaunchDarkly $20/seat + Unleash OSS + Statsig + OpenFeature vendor-neutral + PostHog; server-side eval pra business logic; Logística rollout per tenant), database migrations (expand-migrate-contract pattern; gh-ost MySQL + pg_repack Postgres + native PG 12+ ALTER TABLE optimizations), stack Logística completo (Argo Rollouts 10%→100% com 10min pause + analysis gate + auto-rollback error rate > 2% sustain 2min OR latency p99 > 600ms; Statsig flags per cohort), 10 anti-patterns observados.
edit framework/03-producao/03-08-applied-security.md §2.21, OWASP Top 10 2025 applied + CSP modern + CSRF + JWT pitfalls — OWASP Top 10 2025 mapeado a Logística (A01 Broken Access Control #1 since 2017 com RLS multi-tenant + integration test cross-tenant; A02 Cryptographic Failures TLS 1.3 + Argon2id 2025 rec > bcrypt; A03 Injection inclui Prompt injection LLM; A04 Insecure Design rate limit + tenant isolation; A05-A10), CSP modern 2026 com strict-dynamic + nonces substituindo whitelisting (defeats XSS bypass via redirect) + Trusted Types Baseline 2024 (eliminates DOM XSS via trustedTypes.createPolicy + DOMPurify + require-trusted-types-for 'script') + Reporting-Endpoints + report-to directive, CSRF protection 2026 (SameSite=Lax cookie default Chrome 2020+ mitiga 95% CSRF naturally; Strict pra high-value; None+Secure cross-origin; Synchronizer Token + Origin/Referer check Fastify hook completo + Double-submit cookie SPA), JWT pitfalls produção (NEVER secrets em payload; alg:none attack ALWAYS hardcode algorithms; HS256/RS256 confusion; long-lived JWT > 30d revogation impossible; NEVER localStorage XSS; HttpOnly cookie pra SPA + Bearer pra mobile; kid rotation), rate limit patterns (per-IP + per-user + per-endpoint + adaptive + failed-auth backoff exponential), headers de segurança production-ready (HSTS 2y preload + nosniff + Permissions-Policy + COOP same-origin + COEP require-corp), stack Logística (Fastify @fastify/helmet + JWT RS256 access 15min + refresh httpOnly 30d rotated + CSP report-only staging → enforce prod + Snyk + Semgrep + Socket supply chain), pen test focus areas (IDOR cross-tenant + JWT manipulation + CSRF + SSRF AWS metadata IMDS v1 + prompt injection LLM), 10 anti-patterns observados.
edit framework/04-sistemas/04-10-ai-llm.md §2.21, RAG architectures + evaluation harnesses + production patterns — RAG architecture spectrum 5 levels (L0 naive 50% queries → L1 hybrid dense+sparse RRF 70% → L2 + reranker 80% → L3 query rewriting + multi-query +5% → L4 agentic +5%; cost decay tradeoff), hybrid retrieval implementation Postgres pgvector + tsvector com schema completo + RRF SQL query (Cormack 2009 k=60 canônico) + HNSW index, chunking strategy deep (fixed-size simples mas quebra meaning; semantic boundaries; recursive splitter LangChain; sentence-window context preservation; late chunking Jina 2024+; sweet spot 256-512 tokens com 10-20% overlap), reranker production (Cohere Rerank v3.5 $1/1k searches latency ~200ms vs BGE-Reranker self-host TEI), query rewriting + multi-query + HyDE pattern (LLM gera resposta sintética pra search docs), RAG evaluation harness (golden dataset 100-500 pares + metrics Recall@K/MRR/NDCG retrieval + faithfulness/answer-relevance/context-precision generation; tools RAGAS 0.2+ Python LLM-as-judge + Phoenix + DeepEval + Promptfoo; CI gate regressão > 2% blocks merge; online eval 1-5% sampled async), cost optimization 2026 (embedding $0.02/1M tokens; LLM Haiku 4.5 $0.80/1M input; prompt caching reduz 90% input cost em hit; tiered routing cheap → expensive; Logística 10k queries/dia $1800/mês → $500/mês com caching), Logística applied (KB docs query → embed → hybrid + rerank → top-5 → LLM com citation enforcement [doc_id] + refusal pattern), streaming UI (SSE retrieval 1-2s → "Pesquisando docs..." → stream LLM chunks), 10 anti-patterns observados.

2026-05-01, Review wave 20 — deep systems (Swift Concurrency + Kotlin Coroutines, CDN + edge + image opt, Wasm Component Model + WASI Preview 2, WebGPU + WebCodecs, formal methods TLA+/Alloy/P)

edit framework/02-plataforma/02-17-native-mobile.md §2.19, Swift Concurrency + Kotlin Coroutines deep + structured concurrency patterns — Swift 5.9+ / Swift 6 strict 2024+ com async/await + Task + actor substituindo locks + Sendable enforce + @MainActor UI thread + cancellation via Task.checkCancellation(), pattern produção iOS Logística JobsViewModel com cancel-previous + start-new (latest wins) em refresh, AsyncSequence/AsyncStream consumindo WebSocket reactive (CLLocationUpdate.liveUpdates() iOS 17+), Kotlin Coroutines 1.7+ com Dispatchers.Main/IO/Default + structured concurrency coroutineScope { } cancel propagation + supervisorScope { } siblings independentes, viewModelScope + lifecycleScope.launch { repeatOnLifecycle(STARTED) } collect Flow só em foreground, pattern Android Logística JobsViewModel com MutableStateFlow exposto via asStateFlow(), Flow/StateFlow/SharedFlow decision (cold vs hot vs replay), NDK + JNI quando necessário (ML on-device TF Lite via JNI; ~100ns per call overhead; GlobalRef leak pegadinha), Universal Links iOS + App Links Android unified pattern com apple-app-site-association + assetlinks.json + autoVerify="true" + Cloudflare cache invalidation gotcha, custom URI scheme inseguro, 10 anti-patterns observados.
edit framework/03-producao/03-10-backend-performance.md §2.20, CDN deep + edge transformations + image optimization 2026 — CDN decision matrix 2026 (Cloudflare 300+ PoPs free 1TB; Vercel Edge Network Next.js-focused $0.40/GB; Fastly VCL/Compute@Edge purge < 150ms; AWS CloudFront $0.085/GB egress; Bunny cheap challenger; Akamai enterprise), cache key composition deep com Vary header pegadinha + cookie bucketize tiers (anon/auth_basic/auth_premium) via Worker pra preservar cache hit rate, TTL strategy (max-age=31536000, immutable static; s-maxage=60, stale-while-revalidate=300 HTML; stale-if-error=300 API resilience), tag-based invalidation Cloudflare Cache Tags + Fastly Surrogate Keys + Vercel revalidateTag() (purge tenant-X em < 200ms global), edge transformations (Cloudflare Workers V8 50ms CPU/req sem cold start; Vercel Edge Runtime; Fastly Compute@Edge Wasm; Lambda@Edge full Lambda), image optimization 2026 (AVIF Baseline 2024 30-50% smaller than WebP; WebP fallback; JPEG legacy; format negotiation via Accept; Cloudflare Images $5/100k stored; Vercel next/image; Imgproxy self-host $0 license), origin shield + tiered caching (Cloudflare reduz origin RPS 80%; CloudFront $0.0075/10k req), Brotli vs gzip vs zstd (Brotli 15-25% smaller; zstd 2-3x faster compression em dynamic), stack Logística (Cloudflare front + Imgproxy Railway + Vercel Edge Next.js + 99% cache hit static / 75% HTML / 30% API), 10 anti-patterns observados.
edit framework/03-producao/03-12-webassembly.md §2.17, Component Model + WASI Preview 2 deep (composability + capability-based security) — Component Model W3C 2024+ stable em wasmtime 19+/wasmer 5+/JCO 1+ supera core Wasm com types alto nível (string/list/record/variant/option/result) cruzando boundaries sem manual ABI shim, WIT (Wasm Interface Type) language declarativa + tooling gera bindings Rust/Go/JS/Python automaticamente, wac compose liga componentes (A imports B exports), exemplo WIT completo Logística routing engine package + interface + world, WASI Preview 2 stable 2024+ com standard interfaces capability-based (wasi:filesystem/http/cli/sockets/logging/io) onde componente NÃO tem ambient authority — host explicitly grants (sandbox por default, malicious code sem fs grant NÃO consegue ler /etc/passwd), wasi:http/incoming-handler pattern Rust com wit_bindgen::generate! + LogisticaApi impl rodando mesmo .wasm em wasmtime/Fastly Compute@Edge/Cosmonic/Wasmer Edge sem mudança código, JCO (@bytecodealliance/jco) transpile Wasm component → JS module preservando types + d.ts auto, composition multi-componente (auth-service exports auth.verify-token; orders-service imports + exports list; wac compose produz binário único; vantagem: testar isolado com mock auth + trocar impl sem rebuild), Logística applied (Rust → wasm32-wasip2 → Fastly Compute@Edge $0.50/M req cold start ~0ms p99 ~5ms VRP solver), limitations 2026 (multi-threading WIP; GC integration browser-only stable; async story estável mid-2026; binary 500KB-2MB; debug source maps WIP), 8 anti-patterns observados.
edit framework/03-producao/03-14-graphics-audio-codecs.md §2.18, WebGPU compute shaders + WebCodecs API (media processing pipelines) — WebGPU Baseline 2023 Chrome/Edge desktop, 2024 Safari iOS 17.4+/macOS 14.4+ + Firefox flag substituindo WebGL com compute shaders + storage buffers + bindless textures + async error handling, compute shader exemplo Logística diff entre delivery proof e expected (WGSL @compute @workgroup_size(8,8) + atomicAdd) com 4MP image em ~5ms desktop GPU vs 200-500ms CPU, WebGPU vs WebGL trade-off (WebGPU 80-85% browsers 2026; WebGL 95% legacy fallback) com pattern feature detection, WebCodecs API Baseline 2024 Chromium/Safari/Firefox 130+ direct hardware-accelerated encode/decode VideoEncoder/VideoDecoder/AudioEncoder/AudioDecoder substituindo MediaRecorder hacks, pipeline produção Logística compress delivery proof video em-browser antes de upload (canvas.captureStream(30) + MediaStreamTrackProcessor + VideoEncoder('avc1.42E01E', 1080p, 2Mbps, 30fps) + keyFrame regular + mp4-muxer + streaming upload; 1080p 30s → 5MB H.264 vs 50MB raw; encode 0.5x realtime mobile A14+, 0.2x desktop GPU), OffscreenCanvas + WebGPU + Worker (main thread transferControlToOffscreen(); Worker request seu próprio adapter/device), WebGPU mobile gotchas (iOS 17.4+ A14+ only; Android Vulkan-capable; battery throttling sustained load), HDR + wide-color (HDR10/HLG metadata via WebCodecs colorSpace; Display-P3 + CSS color-gamut: p3), stack Logística (courier WebCodecs encode delivery proof; dashboard WebGPU diff pickup/delivery em < 50ms client-side), 8 anti-patterns observados.
edit framework/04-sistemas/04-14-formal-methods.md §2.18, TLA+ vs Alloy vs P language — choosing the right tool — three tools three philosophies (TLA+ Lamport/MSR state-transition math-heavy industry-proven AWS S3 DynamoDB Cosmos DB Azure; Alloy MIT relational logic declarative structural invariants instant counterexamples; P language MSR event-driven state machines actors com code-gen C#/Go/Java verified Azure Storage USB driver), decision tree (distributed protocol = TLA+; schema/permission/structural = Alloy; event-driven actor = P; fast PoC = Alloy; production rigor = TLA+; code-gen needed = P), TLA+/PlusCal exemplo concreto Logística Saga AssignOrderToCourier (módulo completo Init/ReserveCourier/ChargeFee com compensation branch + Spec + invariant NoDoubleAssignment) rodando via TLC ou Apalache symbolic SMT-based, Alloy exemplo Logística multi-tenant access control (sig Tenant/User/Role/Order + pred canRead + assert NoCrossTenantRead + check), P language exemplo distributed lock acquire/release LockServer machine + spec MutualExclusion observer, workflow integrado formal methods em CI (specs em formal/ + TLC em PR de concurrency-critical change + counterexample = blocking review), state explosion mitigation (symmetry reduction Couriers indistinguíveis 100x reduction; bound model config small + smoke; Apalache symbolic; state constraint cap log growth), industry success cases (DynamoDB multi-region replication bug pre-prod; Cosmos DB 5 consistency levels; MongoDB Raft; Azure Storage P code-gen; Confluent exactly-once design), Logística applied 3 protocolos validáveis (Outbox + idempotent consumer = exactly-once business effect; Saga compensations ordem reversa + courier nunca duplo-reservado; multi-tenant zero cross-tenant leak), 8 anti-patterns observados.

2026-05-01, Review wave 19 — mobile, realtime, infra (RN Hermes + JSI + Reanimated 3 + Skia, presence at scale + message ordering cross-region, Terraform/OpenTofu modules, event sourcing operacional, OSS becoming maintainer)

edit framework/02-plataforma/02-06-react-native.md §2.18, Hermes engine + JSI + Reanimated 3 + Skia (RN performance deep) — Hermes bytecode AOT vs JSC JIT trade-off (cold start 25-40% melhor + RAM menor mas peak throughput 2x pior em pure JS), enable_hermes_jit opcional, Static Hermes 2025+ experimental (typed JS → native), JSI substituindo bridge JSON com TurboModule custom completo (3 partes: spec TS + codegenConfig + native impl ObjC++/Kotlin), Fabric renderer concurrent + C++ shadow tree + pegadinha setNativeProps legacy NÃO funciona, Reanimated 3 worklets em UI thread com restriction de capture (objetos ricos viram undefined), gesture pattern Logística order card expandindo via Gesture.Pan().onChange() + useAnimatedStyle(), runOnJS/runOnUI cruzando threads, Skia GPU-accelerated 2D pra mapa custom Logística com courier markers + polyline animada (60fps mesmo low-end Android), MMKV via JSI 30x faster que AsyncStorage (sync API sem await), 8 anti-patterns observados (JSC em prod, setNativeProps em Fabric, worklet capturando objeto rico, shared value sem withTiming, runOnJS em hot gesture, AsyncStorage em hot reads, Skia em UI estática, TurboModule sem codegenConfig).
edit framework/02-plataforma/02-14-realtime.md §2.17, presence at scale + message ordering cross-region — naive presence (TTL refresh) explode em > 10k concurrent (200k ops/s só de heartbeat), pattern hierárquico Discord/Slack com presence shards per-channel reduzindo 50x, presence diff strategy via Redis Set + Lua atomic + Pub/Sub {joined,left} (recovery via SMEMBERS + diff stream), message ordering cross-region trade-off (total ordering global = 100-300ms cross-region inaceitável; per-conversation home region via consistent hash = pragmático em 99% chat apps; HLC tags pra ordering local cliente), sharding fan-out com Redis Cluster pegadinha (Pub/Sub classic é cluster-wide custoso → Sharded Pub/Sub Redis 7+ via SSUBSCRIBE evita cross-node), WS connection sharding com Linux tuning (ulimit -n, somaxconn, ephemeral ports), L4 NLB ip-hash vs L7 ALB stickiness pra WebSocket sticky, comparativo 2026 Soketi/Centrifugo/Pusher/Ably (self-host threshold < 50k concurrent vs Centrifugo cluster vs Ably managed multi-region), stack Logística completo (Centrifugo 3 nodes, ~250k subs, per-tenant home region via consistent hash by tenant_id), 8 anti-patterns observados.
edit framework/03-producao/03-06-iac.md §2.19, Terraform module patterns + OpenTofu fork status 2026 — OpenTofu fork após HashiCorp BSL change (Aug 2023 → Linux Foundation Jan 2024), drop-in compat com Terraform 1.5.x + features TF não-terá (state encryption nativo, test framework rico, for_each em providers), migration terraform init → tofu init zero-friction, decision tree (greenfield = OpenTofu; legacy TF Cloud heavy = TF até migrar), module design composition over inheritance + inputs com validation blocks (precondition TF 1.2+) + outputs como API estável + sem provider blocks dentro de modules (anti-pattern famoso), source pinning OBRIGATÓRIO (?ref=v2.1.3 ou Registry version), for_each vs count blast radius rule (count re-cria índices subsequentes em delete; for_each map keys estáveis), refactoring sem destroy/recreate via moved block (TF 1.1+/OpenTofu 1.6+) + removed block (TF 1.7+) + import declarative block (TF 1.5+), lifecycle meta-args (prevent_destroy em RDS prod, ignore_changes em tags CI, create_before_destroy em LT/TG, replace_triggered_by), módulo ecs-service Logística completo com validation CPU + lifecycle CI-driven, 10 anti-patterns observados.
edit framework/04-sistemas/04-03-event-driven-patterns.md §2.18, event sourcing operacional (versioning, snapshots, projection rebuild) — event store Postgres schema canonical com (stream_id, version) PK + global_seq BIGSERIAL pra projection consumers + INSERT ON CONFLICT DO NOTHING retry pra optimistic concurrency, 5 strategies de event versioning (weak schema additive only, upcast on read em aggregate, lazy migration background re-write, multiple events per change deprecation, snapshot bump invalidando schema_version) com decision tree por size + cost, snapshot pattern (cache derivado a cada N=50-100 events; NUNCA fonte de verdade, sempre re-apply), Logística snapshot Order com 200+ status events reduz hydration 200ms → 5ms, projection rebuild greenfield zero-downtime via global_seq=0 catch-up + sharding por stream_id hash (10M events × 1ms = 3h single-thread; paralelizado 30min), concurrency control + idempotency com command_id em metadata pra dedup retry, outbox + projection consumers idempotent UPSERT + lag monitoring SLO p99 < 500ms, 5 event design rules (past tense + entity, immutable, self-contained, bounded context naming, no FK em payload), end-to-end Logística Order aggregate com OrderPlaced/CourierAssigned/PickedUp/Delivered/Cancelled + 3 projections (orders_view, dashboard_aggregate, delivery_eta) + CourierAssignedV1 → V2 upcast inferindo vehicle_type, 9 anti-patterns observados.
edit framework/04-sistemas/04-15-oss-maintainership.md §2.18, becoming a maintainer (PR triage, RFC participation, trust ladder) — trust ladder observada em projetos sérios (Node.js/React/Postgres/Linux): external contributor → frequent → triager → reviewer → committer → core/TSC com numbers reais (12-24 meses + 30+ PRs significantes + 100+ reviews), choosing project decision framework (alignment com prod usage + health signals PR < 30d / issues < 7d / 3+ active maintainers + sweet spot > 10k stars + visibility) e avoid (bus factor 1, governance opaca), first contribution playbook (CONTRIBUTING.md linha por linha, good first issue claim antes de codar, PR < 200 LOC single concern, conventional commit, description responde O QUE/POR QUE/COMO testar/BREAKING), receiving review (engage substantively NÃO performance, address each comment explicit, squash norm por projeto, "nit" ainda merece fix), RFC participation (search closed antes de propor, structure problem→motivation→3+ alternatives→chosen→migration→drawbacks, engage early antes de implementação completa), reputation building (review antes de pedir review, triage sem permission, data-driven em discussions), when to walk away (silent maintainer 30d, hostile culture, vision misalignment, burnout), Logística applied @logistica/idempotency-kit extraído após 6+ meses prod, 8 anti-patterns observados.

2026-05-01, Review wave 18 — platform fluency (CSS layers + container queries, modern Web APIs, Redis Streams consumer groups, contract testing + fuzzing, OTel SDK + Collector)

edit framework/02-plataforma/02-01-html-css-tailwind.md §2.14, CSS layer architecture + container queries 2026 — @layer (CSS Cascade Level 5) com 5-layer canonical architecture (reset, base, tokens, components, utilities, overrides) defeating specificity wars sem !important, Tailwind v4 three-layer model (theme/base/components/utilities), @container deep com inline-size vs size (containment trade-off com intrinsic-sized children) e exemplo OrderCard Logística adaptando entre sidebar wide e lista densa via container queries em vez de viewport, container query units (cqw/cqi/cqb/cqmin), :has() Selectors L4 com 3 patterns produção (form :invalid highlight, card featured-badge, layout swap sidebar empty) + perf warning, color spaces oklch perceptual uniform substituindo hsl + color-mix() pra variants + light-dark() Baseline 2024 dispensando media query, Tailwind v4 native CSS com @theme (config.js descontinuado), 8 anti-patterns observados.
edit framework/02-plataforma/02-03-dom-web-apis.md §2.13, Modern Web APIs 2026 (View Transitions, Popover, @starting-style, Web Locks, OPFS) — View Transitions API same-document (document.startViewTransition) e cross-document MPA via @view-transition, view-transition-name + pseudo-elements ::view-transition-old/new/group(name), pattern Logística lista pedidos → detalhe com hero crossfade + prefers-reduced-motion cancel + promise interface (ready/finished/updateCallbackDone), Popover API Baseline 2024 substituindo Floating UI/Radix com popover attribute + popovertarget + native top-layer/light-dismiss/focus management, ::backdrop styling, 3 padrões produção (tooltip, menu, modal substitute), @starting-style permite animar IN sem JS hack via transition-behavior: allow-discrete, Web Locks API pra leader election cross-tab (Logística decide qual tab mantém WebSocket courier tracking), OPFS sandboxed filesystem privado por origin com sync API em Worker pra SQLite WASM/blobs grandes, 8 anti-patterns observados.
edit framework/02-plataforma/02-11-redis.md §2.19, Redis Streams + consumer groups production deep — fundamentals revisited (IDs <ms>-<seq>, MAXLEN approximate ~, persistence AOF/RDB, vs Pub/Sub sem retention vs Kafka sem partitioning real), consumer groups (XGROUP CREATE, XREADGROUP COUNT N BLOCK 5000 STREAMS > , PEL pendentes, XACK confirma, XAUTOCLAIM Redis 6.2+ reassign messages órfãs, idle time detection), worker pattern TypeScript completo com loop XREADGROUP + reclaim cron 60s + try/catch ack-only-success + DLQ via XADD outro stream + graceful shutdown, caso real Logística courier location ingest com producer XADD + consumer group dispatchers × 3 workers paralelos + grupo analytics independente offset próprio + MAXLEN ~1M retention 24h, Cluster + Streams (key vai pra UM slot) com particionamento manual via hashtag {shard0}, decision table Streams vs Kafka/NATS JetStream/RabbitMQ Streams/SQS FIFO, 8 anti-patterns observados (Pub/Sub event sourcing crítico, ACK antes de processar, sem XAUTOCLAIM cron, MAXLEN exato sem ~, consumer name não estável, mistura XREAD/XREADGROUP, sem hashtag em Cluster, sem DLQ permanent failures).
edit framework/03-producao/03-01-testing.md §2.19, contract testing (Pact) + fuzzing patterns — por que CDC vence integration test entre serviços (latência E2E + flakiness + cross-team coordination), Pact JS 12 + Pact Spec v4 + Pactflow broker workflow consumer/provider com can-i-deploy CLI gate em CD pipeline, código TypeScript consumer (Pact.given().uponReceiving().withRequest().willRespondWith()) + provider Verifier, Logística applied backend↔courier mobile com GET /jobs?lat=&lng=&radius_km= retornando payout_cents + breaking change scenario (rename → payout_value) bloqueado por can-i-deploy --to-environment production, schema-first vs Pact decision (consumer count × deploy independence), bidirectional contract testing Pactflow (provider OpenAPI + consumer Pact, sem provider verifier rodando), fuzzing patterns Schemathesis (OpenAPI fuzzer 5000 inputs em minutos), Restler stateful (Microsoft), Jazzer.js (libFuzzer Node), fast-check + Zod-fuzz, Logística applied fuzzing (webhooks POST /webhooks/:source Unicode em CPF crash + POST /orders Zod schema), 9 anti-patterns observados (timestamps reais, sem provider_states, sem can-i-deploy gate, fuzzer sem corpus seed, Schemathesis em DB compartilhado, etc.).
edit framework/03-producao/03-07-observability.md §2.20, OTel SDK + Collector pipeline + structured logging — SDK Node setup production-ready com auto-instrumentation HTTP/pg/redis/fetch + manual NodeSDK em tracing.ts carregado via --require antes do app code, OTLPTraceExporter/MetricExporter/LogExporter pra Collector gRPC :4317 + resource attributes obrigatórios (service.name/version, deployment.environment, service.instance.id), Collector como pipeline central (Agent DaemonSet vs Gateway centralizado) com 3 estágios receivers→processors→exporters + YAML config completo (otlp + memory_limiter + attributes/redact PII + tail_sampling 5% + 100% errors + 100% slow + batch + exporters Tempo/Mimir/Loki), trace propagation cross-service W3C traceparent automático em HTTP/gRPC mas manual em messaging via @opentelemetry/instrumentation-kafkajs, structured logging pino + trace correlation via mixin extraindo trace.getActiveSpan()?.spanContext() (clica log abre trace bidi em Grafana), sampling decision tree head-based parentbased(traceidratio(0.1)) vs tail-based Collector decision_wait 30s + numbers reais 2026 (10k req/s sem sampling = $3-5k/mês SaaS; com tail-based 5% + errors = $300/mês com signal preservado), cardinality control http.route template baixa cardinality vs http.target IDs explosion, stack Logística completo Apps→DaemonSet Collector→Gateway Collector tail-sampling+PII mask→Tempo+Mimir+Loki S3-backed→Grafana, 9 anti-patterns observados (SDK init pós app, service.name genérico, propagation ausente em messaging, head 1% low-traffic, tail sem memory_limiter, http.target cardinality $20k, logs sem trace_id, pino-pretty em prod, Collector sem batch).

edit framework/04-sistemas/04-16-product-business-economics.md §2.19, unit economics deep — fórmula CAC com inclusões/exclusões corretas (sales+marketing salaries, ads, ferramentas; NÃO customer success/eng/infra), 3 níveis de LTV (quick com gross margin × 1/churn; cohort-adjusted; discounted NPV pra valuation série B+), CAC payback period (< 12m saudável SaaS B2B), LTV:CAC ratio (3:1 mínimo, 5:1+ excelente), cohort analysis em SQL completo (CTE com cohorts × activity × cohort_size), COGS per request decomposed em compute/db/storage/network/3rd party, engineering ROI rule (infra < 15% revenue → growth; > 25% → cost optimization), modelo Logística end-to-end com numbers reais ($500 ARPU × 75% margin × 1/0.03 churn = $12,500 LTV), 8 anti-patterns observados.
edit framework/02-plataforma/02-08-backend-frameworks.md §2.18, backend frameworks 2026 deep — benchmarks reais de RPS + latência p99 (Bun.serve 250k, Hono+Bun 240k, Elysia+Bun 220k, Fastify+Node 85k, Express 25k, Next.js Route Handlers 20k) com disclaimer (DB queries dominate em prod), Fastify production-ready com Zod schema-first + hooks lifecycle, Hono universal runtime (Workers/Bun/Deno/Node/Lambda), Elysia TypeScript-first em Bun nativo, Next.js Route Handlers pra fullstack, decision tree por workload, migration patterns (Express→Fastify shim, Express→Hono rewrite, Node→Bun compat), plugins ecosystem comparison table, 7 anti-patterns observados.
edit framework/04-sistemas/04-07-architectures.md §2.18, architecture decision por estágio — v1 PMF (modular monolith Logística com monorepo + 1 API + 1 Postgres + Railway, equipe 2-8), v2 growth (extract notifications/image processing/cron pra serviços; API ainda monolítico 80%, equipe 8-25), v3 service-oriented (8-15 services bounded contexts via DDD + API Gateway + DB per service + Kafka spinal cord + outbox pattern, equipe 25-100), v4 multi-region (regional deploys US/EU/BR + edge functions + serverless bursty workloads + multi-cluster K8s, equipe 100+), decision tree de quando extrair serviço (5 critérios), signals de estágio errado, custo real de cada transição (v1→v2 2-3 meses, v2→v3 9-12 meses, v3→v4 6-12 meses), 8 anti-patterns observados.
edit framework/02-plataforma/02-02-accessibility.md §2.17, ARIA patterns aplicados + screen reader testing + automated CI a11y — first rule "no ARIA é melhor que bad ARIA", 5 patterns canônicos com TSX completo (Modal com focus trap + restore focus + portal, Combobox com aria-activedescendant, Live region polite/assertive, Disclosure accordion, Tabs com Home/End/Arrow), screen reader testing workflow real (NVDA/JAWS/VoiceOver/TalkBack), automated CI com axe-core + Playwright + Storybook a11y addon (axe cobre ~57% WCAG; manual obrigatório resto), checklist Logística a11y por feature (12 itens), 10 anti-patterns observados (div onClick, outline:none sem replacement, aria-label em texto visível, modal sem focus trap, etc.).
edit framework/03-producao/03-05-aws-core.md §2.21, AWS cost optimization deep — 5 alavancas com numbers 2026 (RI/Savings Plans 30-72%, Spot 50-90%, S3 lifecycle 40-95%, NAT Gateway $0.045/GB armadilha invisível, egress $0.09/GB internet vs free CloudFront), Compute Savings Plan 1-year no-upfront como default, Spot pra Karpenter/CI/staging com interruption notice handling, S3 lifecycle policy JSON Logística (Standard → IA 30d → Glacier IR 90d → Deep 365d), VPC Endpoints (S3/DDB free gateway; ECR/Secrets/KMS interface) substituindo NAT, CloudFront free tier 1TB/mês egress + cache hit rate, Lambda tuning (memory sweet spot via Power Tuning, ARM Graviton 20% cheaper, SnapStart), Aurora Serverless v2 + I/O-Optimized decision, FinOps tooling (Cost Explorer/Budgets/Anomaly Detection/CUR Athena/Vantage/infracost em PR), tagging strategy obrigatória, stack saving Logística completo (-62%: $40k → $15k/mês em 2 semanas eng work), 10 anti-patterns observados.

2026-05-01, Review wave 16 — data rigor (Mongo schema design, Node event loop, logical clocks, payment webhooks, graph DBs Cypher)

Décima-sexta onda do audit cross-stage. Foca em rigor de dados e sistemas — patterns onde Senior+ paga preço caro com schema/ordering errado, código copy-paste-pronto e anti-patterns reais.

edit framework/02-plataforma/02-12-mongodb.md §2.18, schema design deep — embed vs reference decision matrix por padrão de acesso, embed pattern com Order + items + courier snapshot (snapshot de campos imutáveis-no-contexto + ref pra source of truth), reference pattern com tracking_pings em time-series collection (Mongo 6+ com expireAfterSeconds), schema versioning via schemaVersion field + lazy migration, aggregation patterns ($match first + $lookup com pipeline + $facet + $merge pra materialized views), allowDiskUse e maxTimeMS em pipelines pesados, transactions com withTransaction + retry em TransientTransactionError + custo 2-5x latência, 9 anti-patterns observados.
edit framework/02-plataforma/02-07-nodejs-internals.md §2.18, event loop blocking detection + worker_threads vs cluster + libuv pool — monitorEventLoopDelay com Prometheus gauge (p99 < 50ms healthy), monitorEventLoopUtilization (Node 14.10+) pra capacity, worker_threads + Piscina pool pra CPU-bound (offload sem block), cluster pra paralelismo I/O fora-K8s (em K8s usar HPA), libuv UV_THREADPOOL_SIZE tuning pra DNS/crypto/fs/zlib, diagnostic toolkit production (--cpu-prof, --heap-prof, clinic.js, 0x), stack Logística com Fastify + Piscina pool, 8 anti-patterns observados.
edit framework/04-sistemas/04-01-distributed-systems-theory.md §2.21, logical clocks deep — Lamport timestamp (total ordering simples mas perde causalidade real), vector clocks (causalidade exata mas O(N) bytes com pruning trick), Hybrid Logical Clocks HLC (Kulkarni 2014, wall-clock + logical em 64-bit, usado em CockroachDB/MongoDB clusterTime/YugabyteDB), código TypeScript completo com compare() static pra cada, decisão por uso Logística (LWW status → HLC, multi-master sibling → vector, audit log readable → HLC, CRDT → vector), production gotchas (NTP skew, leap seconds smear, VM migration clock jump, persistence ao restart), integração com message broker via headers, 7 anti-patterns observados.
edit framework/02-plataforma/02-18-payments-billing.md §2.19, webhook security + reconciliation + dispute handling — 5 layers de webhook security (signature verification com stripe.webhooks.constructEvent em raw body, replay attack via timestamp tolerance 300s, idempotent processing com processedWebhooks table TX, out-of-order handling via event.created timestamp comparison, quick ack < 5s + async processing via inbox), reconciliation diária cron com diff Stripe ↔ DB ↔ ledger, triple-entry ledger pattern (PSP + DB + accounting double-entry SQL imutável), dispute (chargeback) handling com evidence package + win rate típico (Stripe 30-50% pra fraud), Pix-specific Brasil (SPI/Bacen reconciliation), webhook retry policy table por PSP (Stripe 3 dias, Adyen 8 retries 12h), end-to-end Logística pipeline payment + webhook + ledger, 9 anti-patterns observados.
edit framework/02-plataforma/02-16-graph-databases.md §2.16, Cypher patterns aplicados — 4 cenários canônicos onde graph vence SQL (multi-hop traversal 4+ hops, pathfinding, pattern matching subgraphs, variable depth com filter), 5 patterns Cypher production-ready (multi-hop friend recommendation Logística couriers com WORKED_WITH*2..3, fraud detection cycle kickback ring com duration filter, shortest path Dijkstra via APOC, variable-depth recommendation com filter, subgraph extraction pra GNN ML feature engineering), decisão graph dedicado vs Postgres (Neo4j/Memgraph/Apache AGE/Postgres recursive CTE/ltree), padrão híbrido recomendado (Postgres source + CDC + Neo4j projection), schema design no graph (minimal node properties + edge properties + index obrigatório), comparação tooling 2026 (Neo4j 5.x/Memgraph/AGE/TigerGraph/Neptune/Dgraph), 8 anti-patterns observados.

2026-05-01, Review wave 15 — engineering rigor (Next.js PPR + cache layers, ORM N+1 + DataLoader, idempotent consumer, Saga patterns, K8s production resilience)

edit framework/02-plataforma/02-05-nextjs.md §2.21, Partial Pre-Rendering (PPR) + 4 cache layers — Request Memoization (per-request dedup), Data Cache (cross-request com revalidate/tags), Full Route Cache (static HTML), Router Cache (client-side com staleTime), PPR híbrido static/dynamic com Suspense em rota única, código completo Logística com unstable_cache + revalidateTag granular + Server Action, cache observability (x-nextjs-cache, build log, Cache-Control), distributed cache handler com Redis + tag-based invalidation pra multi-instance, 8 anti-patterns observados (fetch sem wrapper, router.refresh esquecido, revalidate em endpoint volátil, multi-instance sem handler, cookies em layout root, unstable_cache sem keyParts, tag genérica, build-time fetch volátil).
edit framework/02-plataforma/02-10-orms.md §2.16, N+1 detection + DataLoader pattern + query analysis — anatomy de N+1 com Drizzle/Prisma, 3 fixes (eager via with/include, SELECT IN batch quando JOIN é cartesian, DataLoader per-request), detection via logger + AsyncLocalStorage counter + APM (Datadog/Sentry/New Relic), query analysis tooling (pg_stat_statements, PgHero, pganalyze, EXPLAIN ANALYZE em ORM-generated query), 5 eager loading anti-patterns (over-fetch, cartesian explosion, getter lazy, DataLoader compartilhado, sem maxBatchSize), query budget per endpoint como SLO, stack pragmático Logística completo com Drizzle + DataLoader.
edit framework/04-sistemas/04-02-messaging.md §2.18, idempotent consumer + 4 deduplication strategies — fundamento "exactly-once = at-least-once + idempotent consumer" (FLP impossibility), 4 strategies em código (idempotency table com TX atomic + cleanup cron, natural idempotency via UPSERT condicional para LWW, inbox pattern com FOR UPDATE SKIP LOCKED desacoplando receiver de processor, external side effect com Stripe idempotencyKey), decision tree por cenário, DLQ + poison message handling com max attempts + alert, pipeline Logística end-to-end Order Outbox + Inbox + Notification, 8 anti-patterns observados (trust em "exactly-once" do broker, ack antes de processar, check fora de TX, sem cleanup, DLQ sem alert, replay sem partial assumption, message_id de timestamp, external sem idempotency key).
edit framework/04-sistemas/04-08-services-monolith-serverless.md §2.21, Saga patterns deep — choreography (event-driven Kafka, loosely coupled mas business logic distribuído) vs orchestration (central coordinator, business logic visível mas tight coupling), Temporal workflow durável com proxyActivities + retry automatic + compensation array em LIFO, compensating transaction design rules (idempotente, ordem reverso, não-undo perfeito, pivotal step), state machine vs free-form workflow, decisão híbrida Logística (PlaceOrder = Temporal orchestration; status propagation = Kafka choreography), 7 anti-patterns observados (distributed monolith, sem timeout, compensation falha em silêncio, coordinator em-memória, sem saga ID, cyclic events, refund-then-charge), tooling 2026 (Temporal/Restate/Step Functions/Camunda 8/Inngest).
edit framework/03-producao/03-03-kubernetes.md §2.21, K8s production resilience — PodDisruptionBudget com unhealthyPodEvictionPolicy: AlwaysAllow (1.27+), Topology Spread Constraints com maxSkew + matchLabelKeys (1.27+) protegendo AZ failure, anti-affinity como complemento, PriorityClass pra eviction order (critical-prod 100k vs best-effort-batch 1k) + system critical reservados, QoS classes (Guaranteed/Burstable/BestEffort) com regra prod, descheduler com LowNodeUtilization + RemovePodsViolatingTopologySpreadConstraint, eviction thresholds tuning kubelet (hard vs soft), stack Logística completo orders-api com todas defenses ligadas (PriorityClass + topology spread zone + Guaranteed QoS + 3 probes + PDB minAvailable 4 + grace 60s), 9 anti-patterns observados, validation toolkit (kubectl drain dry-run, kubent, kubescape, chaos-mesh).

2026-05-01, Review wave 14 — platform edges (OAuth2 PKCE mobile, ADR deep, RUM web-vitals, backpressure end-to-end, Docker secrets)

edit framework/02-plataforma/02-13-auth.md §2.19, OAuth2 PKCE para mobile com Authorization Code Grant deep — mecânica code_verifier/code_challenge SHA256 (RFC 7636 + OAuth 2.1 BCP 2025), código Expo/React Native completo (PKCE pair generation, AuthSession.startAsync, token exchange, SecureStore com keychainAccessible WHEN_PASSCODE_SET), refresh rotation handling com singleflight pra evitar race em parallel requests, Universal/App Links vs custom URI scheme (code intercept attack), logout completo RFC 7009 token revocation + RP-initiated end-session, 8 anti-patterns observados (PKCE plain method, state faltando, refresh em AsyncStorage, implicit flow, static client_secret, custom URI sem app links, sem singleflight, token em deep link log), config minimal AS compatible Hydra/Keycloak/Auth0.
edit framework/04-sistemas/04-12-tech-leadership.md §2.22, Architectural Decision Records (ADR) deep — quando ADR é obrigatório (heurística hard-to-reverse, cross-team, controversial, viola pattern), template MADR completo (Status/Date/Deciders/Consulted/Informed + Context + Decision Drivers + Considered Options + Decision Outcome + Pros/Cons + Links + Notes) com exemplo Iceberg adoption, lifecycle workflow (Proposed → Accepted → Deprecated/Superseded/Rejected) e regra de manter rejected docs, repo structure 4-digit numbering + slug verb-forte, tooling (adr-tools + log4brains + CI label needs-adr), padrão RFC vs ADR por size de time, exemplo Logística track de 12 meses, 7 anti-patterns observados (ADR pra tudo, sem alternativas, escrito após implementação, status nunca atualiza, design doc gigante, sem template enforced, sem reviewer), 4 métricas de programa (throughput, diversity de autores, superseded ratio, time-to-decision).
edit framework/03-producao/03-09-frontend-performance.md §2.19, Real User Monitoring (RUM) deep — Core Web Vitals 2026 com INP substituindo FID em 2024-03 (thresholds e percentile p75 origin), web-vitals v4 código completo com sendBeacon + keepalive fallback, attribution data por métrica (LCP element/url/loadDelay; INP eventTarget/inputDelay/processingDuration/longestScript; CLS largestShiftTarget/loadState) que vira ação concreta, backend Edge runtime + sampling client-side (10% high-traffic + 100% low-traffic ou per-session persistent), 3 dashboards essenciais (p75 trend, distribution histogram, attribution heatmap), Logística por user journey (pickup-confirm vs homepage), comparação stack 2026 (SpeedCurve LUX/Datadog RUM/Sentry/Cloudflare WA/OTel+ClickHouse com custos 1M PV/mês), 8 anti-patterns observados (Lighthouse-driven sem RUM, sem attribution, CrUX só, sampling sem persistência, send sem keepalive, reportAllChanges true em prod, sem device/connection metadata, CLS sem loadState), performance budget enforcement no CI.
edit framework/04-sistemas/04-09-scaling.md §2.20, backpressure end-to-end deep — 4 layers cascateados (TCP slow-start + cwnd/rwnd com pegadinha tcp_rmem em high-RTT, app Reactive Streams com RxJS/async iterator + p-limit bounded parallelism, queue prefetch + manual ack RabbitMQ/Kafka eachBatchAutoResolve false/SQS visibility timeout, producer load shedding 503 + Retry-After + adaptive concurrency Netflix), decision tree drop/buffer/throttle/backpressure por workload (analytics drop, financial backpressure, API load shed, background throttle, bulk cursor), pipeline Logística stack completo end-to-end com backpressure ativo em cada hop, observability obrigatório por layer (TCP via ss/eBPF, app via gauges, queue lag/depth, producer 503 rate), 8 anti-patterns observados (buffer unbounded, drop silencioso sem métrica, retry sem backoff em saturação, for...of em stream, Kafka sem manual offset, RabbitMQ prefetch unlimited, load shed por CPU%, backpressure só em uma camada).
edit framework/03-producao/03-02-docker.md §2.20, secrets em containers — anti-patterns Dockerfile (ENV/ARG/COPY .env vazam em layers/history/inspect), build-time correto com BuildKit --mount=type=secret + SSH agent forwarding (--mount=type=ssh), 4 padrões runtime (env vars caveat, env-file, tmpfs mount, IMDS/Vault/SecretsManager com cache 5min e IRSA/Workload Identity), Docker Swarm secrets pra legacy, K8s 3 padrões (Secret resource com encryption-at-rest etcd config, External Secrets Operator sync de Vault/AWS, CSI Secret Store Driver mount sem K8s Secret), detecção via gitleaks pre-commit + trufflehog --only-verified em CI, 8 anti-patterns observados (ENV em Dockerfile, ARG pra secret, COPY .env, process.env dump em exception, connection string em log, K8s Secret sem encryption etcd, SA cluster-admin, sem rotation policy), validation bash pra secret leak audit local.

2026-05-01, Review wave 13 — systems craft (Go concurrency, ClickHouse query opt, search relevance tuning, SLO burn rate, Postgres tuning sob carga)

edit framework/03-producao/03-11-systems-languages.md §2.18, Go concurrency patterns aplicados — 7 patterns production-ready (errgroup com context cancellation + SetLimit, select com timeout + ctx.Done() evitando time.After leak, context propagation cross-service com r.Context() e WithValue, pipeline channels fan-out/fan-in com defer close + select em send, graceful shutdown com signal.NotifyContext + shutdown ctx separado, goroutine leak detection com goleak + pprof, sync.Pool com Reset obrigatório), 7 anti-patterns observados (goroutine sem ctx.Done, time.After em loop, lock across channel send, channel não-buffered fan-out, recover sem propagação, context.Background em handler HTTP, errgroup sem SetLimit), race detector + linters obrigatórios.
edit framework/03-producao/03-13-time-series-analytical-dbs.md §2.18, ClickHouse query optimization deep — sorting key escolhido como filtro frequente (tenant-first, not timestamp-first), 5 tipos de skip indexes (minmax/set/bloom_filter/tokenbf_v1/ngrambf_v1) com matriz de quando cada um vence, projections como segunda cópia ordenada transparente, materialized views com AggregatingMergeTree + uniqState/uniqMerge HLL, caso real Logística fact_tracking_pings com TTL hot/cold tiers, query rewrite patterns (PREWHERE, SAMPLE, LIMIT N BY), 7 anti-patterns observados (SELECT *, fact-fact JOIN, skip index sem EXPLAIN validation, sorting key 10 colunas, update/delete frequente em MergeTree, ORDER BY sem LIMIT, sem PARTITION BY), diagnostic toolbox via system tables.
edit framework/02-plataforma/02-15-search-engines.md §2.18, relevance tuning operacional — métricas offline (NDCG@10, MRR, MAP@K, Recall@K), construção de golden dataset (100-500 query/relevant_docs com Argilla/Label Studio), código TypeScript de NDCG@10 pra CI guardrail, synonyms 2-tier (bidirectional vs one-way) com Elasticsearch synonym_graph + pegadinha de só no search_analyzer, boosting com function_score (field_value_factor + gauss decay) com cap em 2-3x pra evitar spam, learning-to-rank quando vale (clickstream > 100k events/mês, baseline saturou) com Elasticsearch LTR plugin + LightGBM pipeline, online A/B test com guardrails (latency p99, zero-result rate), 6 anti-patterns observados (synonym bidirectional sem cuidado, popularity boost sem freshness penalty, LTR sem golden dataset, embedding sem rerank, esquecer query understanding, NDCG offline melhora online degrada).
edit framework/03-producao/03-15-incident-response.md §2.18, SLO error budget burn rate alerts — tabela canônica Google SRE de 4 alerts MWMBR (14.4x/6x/3x/1x com long+short windows pareados), PromQL recording rules + alerting rules completos pra orders endpoint, Alertmanager routing por severity (PagerDuty critical, Linear/Jira warning), 3 panels Grafana essenciais, SLO definition YAML template processável por Pyrra/Sloth/OpenSLO spec CNCF, error budget policy template (< 50% normal, 50-80% extra review, 80-100% freeze non-critical, > 100% hard freeze + postmortem), 6 anti-patterns observados (single window, sem short window check, target irreal 99.999%, SLO de coisa não-customer, sem error budget policy, alert sem runbook).
edit framework/02-plataforma/02-09-postgres-deep.md §2.20, Postgres tuning sob carga — formula pragmática 32GB RAM (shared_buffers 25% RAM, effective_cache_size 75%, work_mem por NÓ não conn), pgbouncer transaction-mode obrigatório com max_connections baixo, autovacuum tuning com per-table override pra hot tables (autovacuum_vacuum_scale_factor 0.02 + fillfactor 90), bloat detection via pg_stat_user_tables + pgstattuple + pg_repack online, checkpoint tuning anti-spike (timeout 15min + max_wal_size 8GB + completion_target 0.9), config Logística production completo (32GB/8 vCPU/SSD), diagnostic queries (top por exec_time, cache hit ratio, wait events, connection state), 7 anti-patterns observados (shared_buffers > 40% RAM, work_mem alto global, max_connections 500 sem pgbouncer, autovacuum desligado, checkpoint sem max_wal_size, sem log_min_duration_statement, tunar via blog sem medir), validation toolkit (pgbench, pg_stat_statements, auto_explain, pgbadger, PgHero).

2026-05-01, Review wave 12 — applied depth (specification pattern, dbt incremental, SBOM/VEX, React 19 use()/cache(), agentic patterns)

edit framework/04-sistemas/04-06-domain-driven-design.md §2.17, specification pattern e invariants no código — interface Specification<T> com and/or/not combinators, SqlSpecification com toSqlClause() (paridade in-memory ↔ SQL como killer feature), distinção operacional invariant/precondition/validation, encoding em código (smart constructors com Result<T, E>, value objects que validam uma vez, assertInvariants() ao fim de mutações), Order aggregate completo com pattern aplicado, 5 anti-patterns observados (anemic model, spec só in-memory virando OOM, validações duplicadas, if-statements espalhados), quando spec pattern é overkill (CRUD, app pequena, regras só UI).
edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.9.1, dbt incremental strategies decisão e código real — matriz comparativa append/merge/delete+insert/insert_overwrite (modelo, quando usa, DB suportado, race conditions), deep dive em cada strategy com SQL copy-paste-pronto, decision tree operacional, late-arriving data com lookback_window, backfill por janela com --vars, idempotency tests, monitoring com Elementary/re_data, 5 anti-patterns observados (incremental sem is_incremental(), unique_key sem constraint, append em source com retries, ignorar late data, delete+insert em horário de pico).
edit framework/03-producao/03-08-applied-security.md §2.20, SBOM lifecycle e VEX statements operacionais — formats CycloneDX/SPDX/SWID com escolha 2026 (CycloneDX 1.6+ com VEX nativo), geração no build (Dockerfile multi-stage + syft + cosign attest), anatomia CycloneDX com purl + dependency graph, VEX statuses com 9 NTIA-defined justifications (code_not_reachable, protected_at_perimeter, etc.), exemplo VEX completo, pipeline GHA integrada (syft → cosign → grype com --vex → Dependency-Track → OPA/Rego policy gate), SBOM diff entre releases, 6 anti-patterns observados (SBOM gerada uma vez, sem VEX virando alert fatigue, SBOM em S3 sem ingestão, justifications vazias, SBOM em dev workstation, cosign sem keyless OIDC).
edit framework/02-plataforma/02-04-react-deep.md §2.9.2, React 19 use() hook + cache() em RSC patterns — use() permite chamada conditional/em loop (impossível com hooks tradicionais), exemplo server component lendo promise, conditional use() em client com promise estável, cache() request-scoped resolvendo N+1 com 3 componentes batendo mesma cached promise, preload pattern fire-and-forget pra evitar waterfall, dashboard Logística completo com <Suspense> + cache() + use() streaming independente, 6 anti-patterns observados (use com promise inline em client, cache em client component, cache esperando cross-request, esquecer preload, mistura await+use(), key com objeto inline).
edit framework/04-sistemas/04-10-ai-llm.md §2.20, agentic patterns operacionais — 3 patterns que separam agent prod de protótipo: (1) planner-executor split (LLM gera JSON estruturado via Zod discriminated union, executor determinístico com budget cap + audit log), (2) critic loop (segundo LLM Haiku 4.5 valida output do planner Sonnet/Opus, retry ≤3 com errors como context, ~~70-80% das falhas resolvem), (3) tool selection com retrieval (vector search top-5 tools quando catalog > 20, fix degradação documentada Anthropic/OpenAI), pipeline end-to-end Logística (~~$0.04-0.08/session, p99 8-15s), 7 anti-patterns observados (single-LLM ReAct loop, critic mesmo modelo+prompt, sem budget caps, retrieval sem fallback fixed tools, audit sem latency por step, critic em loop infinito, esquecer logging de reasoning).

edit framework/03-producao/03-04-cicd.md §2.15, monorepo CI graph deep — comparação Turborepo / Nx / Bazel / Pants / Rush.js (modelo, hermetic, cache local/remoto, quando usar), 3 estratégias de affected detection (path-based com paths-filter, tool-based com turbo --filter='[origin/main]' + nx affected, Bazel target-based com bazel-diff), remote cache backends (Turbo open spec via Cloudflare Workers self-hosted, Nx Cloud, BuildBuddy/EngFlow com RBE), padrão Logística monorepo completo (estrutura + turbo.json + workflow GHA reduzindo CI 12min→90s), 4 caveats reais (cache hit rate como métrica primária, inputs implícitos quebrando cache, cache poisoning, cross-platform divergence).
edit framework/04-sistemas/04-12-tech-leadership.md §2.21, promotion Senior → Staff processo concreto — diferença operacional Senior vs Staff em 6 dimensões (Larson/Reilly), artifact requirements (2-3 cross-team projects com impact métrico, 3-5 ADRs lideradas, 1 RFC organizacional, 2-3 mentees promovidos, external signal, postmortem authoria, 5-10 endorsements), 30/60/90 day plan tipo após sinalizar intent ao manager, defense ritual de 30-45min com estrutura por bloco, anti-patterns que matam promo case (eu-fiz vs eu-liderei, métricas vagas, sem cross-team), quando NÃO buscar Staff (track fechado, quer 80% código, org instável), calibração emocional sobre promo ≠ valor pessoal.
edit framework/02-plataforma/02-19-internationalization.md §2.7 + §2.13, timezone edges + currency precision — half-hour/quarter-hour timezones (IST UTC+5:30, NPT UTC+5:45) que quebram filters por hour, DST spring-forward (timestamps inexistentes) e fall-back (ambíguos) com exemplos Brasil 2019, DST policy mudando + tzdata pin obrigatório em Dockerfile, recurring events como (rrule_text, tz_id) separados, padrão Luxon+Temporal API (TC39 Stage 3 2026); currency precision por ISO 4217 com 4 tipos (zero/two/three/four-decimal), toMinorUnits correto pra KWD/BHD/OMR (3 decimals), Intl.NumberFormat por locale, FX rate provider patterns com multi-provider fallback chain, settlement vs display (snapshot da rate dentro da transação), half-decimal/indexed currencies (CLF, UYI, XAU).
edit framework/02-plataforma/02-09-postgres-deep.md §2.7 + §2.7.1, partial index + JSONB indexing patterns — partial index quando vence (10M rows / 600MB → 50k / 3MB) com pegadinha de subset lógico no WHERE da query, audit em prod via pg_indexes; JSONB com jsonb_path_ops (containment-only, 2-3x menor), expression index sobre path conhecido (B-tree vence GIN em equality), composite expression+partial, gin_trgm_ops pra fuzzy em path, decision matrix por query pattern (containment/equality/fuzzy/key-exists/range com cast), caso real Logística events table com stack ótimo de 3 índices, 3 anti-patterns observados (single GIN cobrindo tudo, sem partial em time-series, B-tree em payload direto), maintenance com bloat audit + REINDEX CONCURRENTLY.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.19, hedging adaptive com backup-after-percentile — AdaptiveHedger TypeScript com TDigest pra estimar P95 dinâmico (substitui timeout fixo de 50ms hack), AbortController pattern pra cancelar replica losing, custo medido (5-10% extra requests) vs benefício real (Google Bigtable 2013: P99 lookup -30 a -43% sem aumentar load total), 5 anti-cases onde hedge HURTS (cache-warming, quorum reads cross-region, backend saturado, write não-idempotente sem dedupe, custo $$$ por request tipo Claude API), decisão pragmática por cenário (read replica ✅, LLM com cap+idempotency ⚠️, payment capture ❌, cache lookup ❌, cross-region ✅).

2026-05-01, Review wave 10 — execution patterns (dbt+Iceberg, step-up auth, Wasm prod, Suspense+ErrorBoundary, distributed cache invalidation)

Décima onda do audit cross-stage. Patterns de execução com código copy-paste-pronto pra Logística production.

edit framework/04-sistemas/04-13-streaming-batch-processing.md §2.9, dbt + Iceberg pipeline real Logística — projeto estruturado (sources.yml + staging incremental com CDC dedup + intermediate + marts SummingMergeTree + tests + snapshots SCD2 + seeds), Iceberg em produção 2026 (multi-engine, time travel, schema/partition evolution, catalog Polaris emergente, compaction, vacuum), orquestração Dagster.
edit framework/02-plataforma/02-13-auth.md §2.8, step-up authentication completo — OIDC acr + amr + auth_time claims, middleware requireStepUp com policy por endpoint sensível (delete account exige acr 3 + max_age 5min + webauthn-only; update payout exige acr 2 + max_age 10min), frontend handling de 401 step_up_required com retry silencioso, CAEP emergente (continuous re-auth) + padrão pragmático antes (short-lived tokens + heartbeat + revocation list).
edit framework/03-producao/03-12-webassembly.md §2.6, Wasm produção real — Rust → wasm-pack pipeline completo (Cargo.toml otimizado pra size + lib.rs com wasm-bindgen + serde-wasm-bindgen), uso Next.js Client Component, bench real (100MB CSV: 12s JS → 800ms Wasm = 15x), Component Model + WIT bindings (Preview 2, future), Spin/Fermyon edge deploy, 5 caveats (boundary cost, DOM access, bundle size, async maturity, debug).
edit framework/02-plataforma/02-04-react-deep.md §2.8, Suspense + Error Boundaries em produção — hierarquia granular por widget (não 1 boundary global), retry com useQueryErrorResetBoundary (canonical React Query pattern), useTransition pra UI responsivo durante state mudança, useDeferredValue pra defer derivação cara, 6 pegadinhas em produção (event handlers + async, onReset sem reset query, boundary too broad, layout shift, streaming SSR error.tsx, Sentry integration).
edit framework/04-sistemas/04-09-scaling.md §2.5, distributed cache invalidation — 4 patterns em código (pub/sub broadcast Redis, CDC-based zero dual-write via Debezium → Kafka → cache-invalidator, versioned keys no-invalidation, tag-based Cloudflare-style), matriz de decisão por cenário, 3 anti-padrões (TTL longa "compensada", invalidate síncrono no path, sem observability).

2026-05-01, Review wave 9 — operational fluency (EXPLAIN forensic, cache stampede, IC rituals, OSS funding, jittered backoff)

Nona onda do audit cross-stage. Foca em fluência operacional — frentes onde dev mediano "sabe que existe" mas trava na hora de aplicar; código e templates production-ready.

edit framework/02-plataforma/02-09-postgres-deep.md §2.9, EXPLAIN ANALYZE forensic guide — workflow forense em 5 passos (identificar nó dominante, comparar rows estimado/actual, conferir Buffers, distinguir Filter vs Index Cond, comparar plano esperado), caso real Logística (query 4823ms → 0.4ms = ~12000x via composite + partial + INCLUDE index), 4 anti-patterns (EXPLAIN sem ANALYZE, otimizar por cost, CONCURRENTLY ausente, índice "pra todo filter"), ferramentas (explain.dalibo, depesz, pg_stat_statements, auto_explain).
edit framework/02-plataforma/02-11-redis.md §2.11, cache stampede protection completo — 4 patterns em código (Singleflight in-process, distributed lock com double-check + Lua atomic unlock, XFetch probabilistic refresh com beta tunable, stale-while-revalidate Cloudflare-style), matriz de decisão por cenário, anti-padrão de jittered TTL solo.
edit framework/03-producao/03-15-incident-response.md §2.6, IC playbook completo — first 15 minutes script (T+0 a T+15 com ações concretas), decision log template (What/Why/Risk/Reversal/Observed effect), nova §2.6.1 war-room rituals (pinned message, threaded discussions, voice channel paralelo, no silent investigation, timeboxing, eat/break protocol), 3 anti-patterns. §2.8 expandido com 4 templates concretos de status page (Investigating/Identified/Monitoring/Resolved) + customer email completo + 5 anti-patterns + canonical examples.
edit framework/04-sistemas/04-15-oss-maintainership.md §2.12, OSS sustainability deep — números reais 2026 por tier (hobby → hyperscaler-funded), reality check sobre burnout, dual-licensing armadilha legal (CLA mandatório vs DCO), 4 casos canônicos (Hashicorp BSL 2023 → OpenTofu fork, MongoDB SSPL 2018, Redis 2024 → Valkey, Sentry FSL sucesso), decisão pragmática por estágio de ARR.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.3, jittered exponential backoff implementação completa — TypeScript production-ready com decorrelated jitter (Marc Brooker AWS pattern 2015), comparação 3 estratégias (no jitter / full jitter / decorrelated), exemplo Logística com Stripe API + idempotencyKey + retryable error filter, 5 caveats que mordem em produção (idempotency obrigatório, Retry-After respect, layer-only retry, AbortSignal, jittered shutdown).

2026-05-01, Review wave 8 — staff rigor (refresh rotation, mutation testing, estimation, aggregate refactor, OLAP decision tree)

Oitava onda do audit cross-stage. Foca em rigor que separa Staff de Senior — execução defensável de patterns onde quem decide errado paga preço caro em produção.

edit framework/02-plataforma/02-13-auth.md §2.15, refresh token rotation com family-based replay detection (RFC 9700 BCP 2025) — schema Postgres com family_id + parent_jti + status, algoritmo atômico Postgres advisory lock, family invalidation em replay detection com security event, sliding vs absolute vs híbrido com cap, storage trade-off matrix (HttpOnly cookie / localStorage / in-memory + cookie / mobile keychain), detecção avançada (fingerprint check, geo-velocity, concurrent device cap).
edit framework/03-producao/03-01-testing.md §2.9, mutation testing com Stryker concretamente — config completa stryker.conf.json com incremental + thresholds, 9 operadores canônicos com exemplos (ArithmeticOperator, ConditionalExpression, EqualityOperator, etc.), interpretação de output (survived / killed / timeout / no coverage), 3 tipos de reação a survived mutants, anti-padrão da obsessão por 100%, threshold pragmático por tipo de código, onde rodar (PR-level / nightly / pre-release).
edit framework/04-sistemas/04-12-tech-leadership.md §2.12, estimation com data — matriz de decisão entre T-shirt / story points / 3-point PERT / NoEstimates com acurácia + tempo de cerimônia + quando, story points é mais caro não mais preciso em times novos (CMU research), erro sistemático 2x baixa de mediana (Hofstadter calibration), RICE pra priorização (não estimativa) com exemplo concreto Logística, planning poker variantes (async, magic estimation, bucket), comunicação de incerteza calibrada com 3 níveis.
edit framework/04-sistemas/04-06-domain-driven-design.md §2.8, aggregate design rules expandido com heurísticas concretas — 5 critérios em ordem de peso (invariant boundary, lifecycle, co-modificação, tamanho carregado, concurrency contention), 5 sinais de aggregate grande demais, caso real de refactor Logística (Order V1 anti-padrão com tracking pings dentro vs V2 com 5 aggregates separados), migração incremental sem big-bang, deploy reversível por passo.
edit framework/03-producao/03-13-time-series-analytical-dbs.md §2.15, decision tree analytics 2026 com 7 cenários — Postgres BRIN + matviews / TimescaleDB / ClickHouse / DuckDB embedded / BigQuery-Snowflake / Druid-Pinot real-time / lakehouse Iceberg + ClickHouse, com volume threshold + custo + curva de aprendizado + quando vira dor pra cada um. Matriz resumida por estágio Logística (v1 → v4) com recomendação específica.

2026-05-01, Review wave 7 — elite depth (Tokio internals, distributed rate limit, Apollo Router, BuildKit multi-arch, Server Actions)

Sétima onda do audit cross-stage. Profundidade técnica em frentes onde Senior+ precisa de rigor de elite — código de produção real, não demo de tutorial.

edit framework/03-producao/03-11-systems-languages.md §2.17, Tokio internals em profundidade — modelo de execução (tasks, reactor, scheduler, blocking), Pin e por que existe (state machine self-referential), Send vs !Send com exemplos compiláveis, holding lock across await como antipattern crítico (3 padrões de fix), function coloring custo real (block_on caveats), decisão runtime por workload, observability (tokio-console + tracing).
edit framework/04-sistemas/04-09-scaling.md nova §2.7.1, distributed rate limiting deep — comparação de 5 algoritmos (fixed window, sliding log, sliding counter, token bucket, leaky bucket), Lua script atomic completo pra sliding window log + token bucket, padrão Logística multi-tier com Retry-After + X-RateLimit headers, caveats em produção (Redis cluster slot tags, failover fail-closed vs fail-open, clock drift via redis.call('TIME')).
edit framework/04-sistemas/04-05-api-design.md §2.20, Apollo Router (Rust) deep — pipeline de query (parse → planner → execução → compose), exemplo de query plan Logística com _entities resolution, config TOML production-ready (timeouts por subgraph, retry, telemetry OTLP), caveats (N+1 cross-subgraph, schema evolution coordenada, composition errors, auth distribuído).
edit framework/03-producao/03-02-docker.md §2.6, BuildKit advanced — multi-arch builds (linux/amd64 + linux/arm64) com manifest list, ARM nativo runners GHA vs QEMU emulation, cache backends pra CI (registry, gha, s3) com mode=max vs min, secrets mount avançado (não vaza em layer/ARG/ENV), output formats (oci tarball, plain filesystem).
edit framework/02-plataforma/02-04-react-deep.md nova §2.9.1, Server Actions deep — modelo mental, exemplo Logística com 'use server' + Zod validation + RLS Postgres + revalidatePath, useActionState + useFormStatus + useOptimistic patterns, pegadinhas reais (encryption keys multi-instance, CSRF built-in, args serializáveis, validação server obrigatória, long-running actions com queue), quando NÃO usar Server Actions.

2026-05-01, Review wave 6 — applied patterns (CRDTs, hybrid search, deadline propagation, bulkhead, chaos)

edit framework/04-sistemas/04-01-distributed-systems-theory.md §2.18 (CRDT), exemplo concreto Logística com Yjs — server (y-websocket + LeveldbPersistence) e client (provider + awareness + CodeMirror integration) pra notas colaborativas em pedido. Pegadinhas em produção (GC tradeoff, auth no upgrade, permissões custom message types, storage scaling, Yjs vs Automerge decision).
edit framework/02-plataforma/02-15-search-engines.md §2.7, hybrid search com código copiável: schema Postgres com tsvector + pgvector HNSW, SQL CTE de RRF (k=60 padrão Cormack), TypeScript Cohere Rerank com top-50→10. Custos e latências reais 2026 (10-30ms hybrid + 100-300ms rerank, $2/1k searches Cohere). Alternativa local com cross-encoder GPU.
edit framework/04-sistemas/04-04-resilience-patterns.md §2.2, deadline propagation com pseudocódigo TypeScript completo — withDeadline, remainingMs, call com AbortController + reserva de buffer, handler gateway Logística cascateando deadline em 4 hops, X-Request-Deadline header, pegadinha de clock skew, implementations canônicas (gRPC context, OTel baggage, Anthropic SDK).
edit framework/04-sistemas/04-04-resilience-patterns.md §2.24, bulkhead per-tenant em código — pools dedicados por tier (premium 20 conns, standard 10, free 5) com timeouts e statement_timeout próprios, middleware de roteamento, métricas Prometheus por tier, variantes (read/write split, per-feature pools, queue worker isolation), anti-pattern do pool global compartilhado.
edit framework/03-producao/03-15-incident-response.md §2.11, game day prático com toxiproxy — setup Docker, 5 cenários Logística runnable (Postgres latency, Redis down, payment provider partition, mobile bandwidth limit, TCP slow close), bash script game-day automation com abort condition em error rate > 5%, postmortem template pós-game-day.

2026-05-01, Review wave 5 — industrial depth (CDC/Patroni, real-time scaling, DORA, embedded Rust, hardware bring-up)

Quinta onda do audit cross-stage. Refinamentos cirúrgicos de profundidade industrial onde aluno Senior+ precisa de rigor operacional concreto.

edit framework/02-plataforma/02-09-postgres-deep.md §2.13.1, aplicação concreta de CDC pra Logística v2→v3 (Debezium + outbox table + Postgres publication + transação atômica + slot lag monitoring com SQL queries + alertas Prometheus). Patroni HA com synchronous standby names e PgBouncer. Cruza com 04-02 e 04-03.
edit framework/02-plataforma/02-14-realtime.md §2.8, expansão real-time scaling com Soketi vs Centrifugo deep (matriz de modelo/protocolo/forte/limita), exemplo Soketi setup pra Logística, Centrifugo unique strengths (history buffer + presence + GRPC), sticky session cookie hash vs IP hash com pegadinha mobile carrier NAT, cardinality de canais (problema de 1M canais one-to-one), padrão Logística (tenant/courier/order channels), presence em escala.
edit framework/03-producao/03-04-cicd.md §2.16, DORA metrics deep — definição operacional + fonte + cálculo de cada métrica, implementação prática em GitHub Actions + Postgres (workflow YAML + SQL query weekly), categorias DORA 2024 (Elite/High/Medium/Low) com thresholds, comparação de tools (LinearB, Sleuth, Faros, DIY Grafana), 3 anti-padrões (otimizar deploy freq isolado, lead-time errado, vanity metrics). Cruza com 03-15 e 04-12.
edit framework/05-amplitude/05-07-embedded-iot.md §2.12, embedded Rust em profundidade — HAL trait pattern com exemplo vendor-neutral, no_std vs std vs std-com-allocator, async runtimes (embassy + RTIC + Tock OS comparados), embassy Logística firmware example, defmt logging compactado, probe-rs debugger universal, decisão Rust vs C em 2026.
edit framework/05-amplitude/05-08-hardware-design.md §4, bring-up day playbook — sequência de 6 etapas (pre-power inspection → power-up isolado → programming interface → periférico por periférico → connectivity stack → soak test) com tempo estimado e armadilhas; tabela de common failures com sintomas/causas/tempo médio até fix; skills críticos não-óbvios (datasheet completo, scope/logic analyzer, hot air rework). Calibração realista: 1-3 dias primeiro bring-up, 4-8 horas quando experiente.

2026-05-01, Review wave 4 — modern frontiers (edge, supply chain, AI ops, vector DBs, PWA)

Quarta onda do audit cross-stage. Foca em fronteiras modernas que faltavam profundidade adequada — temas onde o framework precisa estar em 2026, não em 2022.

edit framework/03-producao/03-09-frontend-performance.md, nova §2.6.1 "Edge functions e edge rendering, deep" — players (Cloudflare Workers, Vercel Edge, Deno Deploy, Lambda@Edge) com matriz de runtime/limites/cold start/pricing, constraints reais (sem Node APIs, sem long-running connections, memory cap, CPU bilhado), padrão arquitetural pra Logística (edge auth + rate limit, origin pra DB pesado).
edit framework/03-producao/03-08-applied-security.md §2.14, supply chain reescrito do zero — 6 camadas de threat (CVEs, dependency confusion, typosquatting, compromised maintainer estilo xz-utils 2024, build system compromise SolarWinds, registry compromise), SLSA 1-4 com critérios, Sigstore stack (cosign + Fulcio + Rekor) com keyless OIDC, SBOM (CycloneDX + SPDX + syft) com exemplo, in-toto attestations, stack mínimo defensável 2026 em 9 itens.
edit framework/03-producao/03-07-observability.md, nova §2.19 "AI Ops & LLM observability" — métricas únicas (per-call/per-conversation/per-eval/per-tool), failure modes únicos (hallucination, tool argument drift, cost spike, latency tail, quality drift silencioso), OpenTelemetry GenAI semantic conventions, comparação de 5 tools (LangSmith, Langfuse, Helicone, Phoenix, W&B/Weave), padrão de span hierárquico, eval automation offline+online com golden dataset, cost trap de tracing exhaustivo.
edit framework/04-sistemas/04-10-ai-llm.md §2.8 (vector DBs), matriz comparativa expandida com 8 entradas (pgvector, Qdrant, Weaviate, Milvus, Pinecone, Chroma, LanceDB, Vespa) com modelo, indexes, hybrid search, filter perf, ops, quando usar. Heurística pragmática 2026 + anti-padrão "Pinecone porque é fácil".
edit framework/02-plataforma/02-03-dom-web-apis.md, nova §2.12 "Service Workers e PWA" deep — lifecycle (install/activate/fetch/message/push/sync), 5 caching strategies em matriz (cache-first, network-first, SWR, network-only, cache-only) com Workbox exemplo, Web Push (RFC 8030 + VAPID) com flow completo, Background Sync vs Periodic Sync, install prompt + Manifest mínimo, pegadinhas reais (versioning, update flow, scope, iOS limitações), quando NÃO usar PWA.

2026-05-01, Review wave 3 — operational meta docs + 05-07/05-08 integration

Terceira onda do audit cross-stage. Foca em meta docs operacionais que estavam ausentes (operação reativa do estudo) + clarificação de relação entre módulos opcionais.

add framework/00-meta/TROUBLESHOOTING.md, padrões reais de falha durante o estudo organizados em 7 categorias (portões repetidos, cadência insustentável, problemas de modo A/B/D, capstone scope creep, output público estagnado, mentees esgotando, recovery). Cada padrão tem sintoma + diagnóstico + ação concreta. Referência primária quando aluno trava.
add framework/00-meta/PEER-REVIEW-PROTOCOL.md, operacional concreto pro Modo B do MENTOR.md. Composição de cohort, 3 ritos semanais (standup async, sessão técnica síncrona, paper club mensal), procedimento detalhado pra conduzir e receber portões, padrão de feedback honesto sem destruir relação, calibração externa trimestral anti-eco-chamber, anti-patterns observados, quando dissolver cohort.
edit framework/05-amplitude/05-07-embedded-iot.md §4, header explícito sobre relação com 05-08: 05-07 cobre lado firmware, 05-08 cobre lado hardware do mesmo dispositivo. MCU e sensors devem ser consistentes.
edit framework/05-amplitude/05-08-hardware-design.md §4, integração explícita com 05-07: PCB hospeda firmware do 05-07; bring-up valida ambos. Critério "use mesmo MCU/sensors" elimina retrabalho.
edit framework/00-meta/INDEX.md, contagem de metas atualizada (17→19, considerando RUBRIC já adicionado em wave 1); links pra TROUBLESHOOTING e PEER-REVIEW-PROTOCOL adicionados na seção de "Outros documentos vivos".

2026-05-01, Review consolidado + ajustes de profundidade

Audit cross-stage retornou 12 ações prioritárias. Aplicado em 2 ondas neste ciclo:

Onda 1 — estruturais e críticas:

add framework/00-meta/RUBRIC.md, critério explícito de pass/fail nos 3 portões com pesos por dimensão e exemplos. MENTOR.md §3 e INDEX.md atualizados pra apontar pra RUBRIC.
edit framework/04-sistemas/04-02-messaging.md §2.12, Outbox encurtado pra "lado messaging"; ownership do padrão completo movido pra 04-03 §2.8.
edit framework/01-fundamentos/01-04-data-structures.md §2.4, adicionados blocos "Hash function: cryptographic vs distribution" e "Consistent hashing (sharding distribuído)" — fecha gap pré-requisito de 04-09 e 02-11.
edit framework/04-sistemas/04-14-formal-methods.md §2.9, Lean 4 reposicionado como "emergente, não-production-default"; PBT (fast-check, Hypothesis, PropEr) elevado como entrada saudável antes de TLA+.
edit framework/01-fundamentos/01-14-cpu-microarchitecture.md §2.8, expandido com condições de auto-vectorization, AoS vs SoA com exemplo C, e custo invisível de AVX-512 frequency throttling.
edit framework/04-sistemas/04-05-api-design.md §2.17, webhooks com Idempotency-Key obrigatório, replay defense via timestamp, ordering caveat, referência a AsyncAPI spec.
edit framework/04-sistemas/04-08-services-monolith-serverless.md, nova §2.19 Multi-tenancy (Pool/Bridge/Silo, RLS exemplo, noisy neighbor mitigations, game day Logística); §2.20 com critérios objetivos de extração.
protocol MENTOR.md §3, ponteiro adicionado pra RUBRIC.md.

Onda 2 — quantificação 2026 e rebalanceamentos:

edit framework/03-producao/03-03-kubernetes.md §2.15, Service Mesh expandido com matriz Istio/Linkerd/Cilium/Istio Ambient (overhead, decisão por número de services); §2.18.1 (Alternativas a K8s) movido pra README do estágio.
edit framework/03-producao/README.md, nova seção "Quando NOT usar K8s" com tabela completa de alternativas (ECS, Nomad, Fly.io, Cloud Run, Kamal), heurística por tamanho de time, e mito vs realidade. Apresentada antes do módulo 03-03 pra evitar K8s por default.
edit framework/04-sistemas/04-09-scaling.md §2.13, observability cost quantificado (Datadog, CloudWatch, OTel self-hosted) com padrões obrigatórios (head/tail-based sampling, retention tiers); §2.14 com tabela de categorias de custo AWS típicas e ordem de ataque pra cortar conta; §2.16 com números reais de WebSocket connections per server (100k-500k tuning, 1M+ benchmarks Soketi/Centrifugo).
edit framework/04-sistemas/04-10-ai-llm.md §2.14, self-hosted inference com espectro completo (Ollama → llama.cpp → vLLM → SGLang → managed open-weights), quantização GGUF, LoRA/QLoRA pricing; §2.16 com cálculo concreto de prompt caching savings (Sonnet 4.6 system prompt 5k tokens, 90% hit = $40k/mês de economia), model tiering, batch API; §2.17 com tabela TTFT/throughput, streaming UX, parallel tool calls.
ref framework/00-meta/reading-list.md, anos de edição adicionados em livros canônicos (CS:APP 3rd 2015, CLRS 4th 2022, SICP JS 2022, Effective TS 2nd 2024, Serious Cryptography 2nd 2024); RFCs novos referenciados (RFC 9700 OAuth BCP 2025, WebAuthn L3 2024); AI Engineering (Chip Huyen 2024) substituiu "Building LLM Applications" como referência canônica; Postgres 16 Internals + DDIA 2nd ed beta sinalizados; MCP spec adicionado.

2026-04-28, Content gap fill: 24+ subseções novas em 16 módulos

Expansão de conteúdo cobrindo gaps detectados em audit interno. Tópicos atualizados pra 2025-2026 reality.

Fundamentos (4 módulos):

01-02: §2.4.1 schedulers modernos (CFS→EEVDF Linux 6.6+, Windows Thread Director, hybrid CPUs P/E cores).
01-03: §2.6.1 QUIC deep, UDP user-space, 0-RTT replay attack, connection migration, custos vs TCP.
01-11: §2.17 modelos de concorrência comparados, CSP/Go vs Actors/Erlang vs async-await/Rust com tabela e quando usar cada.
01-12: §2.15 reescrito, NIST PQ standards 2024 (FIPS 203/204/205), TLS hybrid X25519MLKEM768, "harvest now decrypt later".

Plataforma (5 módulos):

02-04: §2.7 React Compiler deep, modelo mental novo, rules of React, bail-out behavior, migrações práticas.
02-07: §2.17 Node vs Bun vs Deno comparação real 2026, tabela de decisão, pegadinhas, veredicto pragmático.
02-09: §2.13.1 logical replication uso real (CDC, zero-downtime upgrade, pegadinhas) + §2.14 Postgres 17/18 features.
02-13: §2.9 Passkeys/WebAuthn deep, synced vs device-bound vs roaming, server flow, pegadinhas, migration strategy.
02-14: §2.14 WebTransport deep, modelo, API client, quando vs WebSocket, server libs 2026.

Professional (6 módulos):

03-03: §2.18 operators pattern + §2.18.1 alternativas a K8s (ECS, Nomad, Fly, Railway, Cloud Run, Kamal) com heurística pragmática.
03-05: §2.3.1 VPC deep, TGW, PrivateLink, egress VPC, IPv6, custos esquecidos. + §2.19 FinOps + §2.20 Sustainability.
03-07: §2.16 eBPF observability deep, tools 2026 (Pixie, Tetragon, Parca, Cilium, Coroot, bpftrace, Beyla), quando vale.
03-08: §2.17.1 privacy engineering, tokenization, field encryption, RTBF real, differential privacy, k-anonymity, antipatterns.
03-10: §2.19 perf JVM/.NET/Go, JIT tiers, GCs, AOT, virtual threads, comparação cross-runtime.
03-15: §2.11 chaos engineering tooling deep, Litmus, Chaos Mesh, Gremlin, FIS, Pumba; tipos de injeção; maturity ladder.

Senior (5 módulos):

04-01: §2.18 CRDT deep, famílias (CvRDT/CmRDT/delta), Yjs/Automerge, limitações, quando usar.
04-02: §2.7 Pulsar/Redpanda/NATS JetStream deep com tabela de decisão.
04-05: §2.13 tRPC + Connect-RPC, comparação com gRPC clássico e REST, quando escolher.
04-13: §2.2.1 streaming SQL incremental, Materialize, RisingWave, vs Flink.
04-14: §2.7-2.9 reescritos, P language, Alloy, Lean 4 (mathlib4, Cedar) deep.

Staff (3 módulos):

05-04: §2.7.1 must-read papers list, 35 papers ordenados por estágio (Plataforma→Staff→Foundations→Data/ML).
05-05: §2.2.1 YouTube/podcast como medium, formatos, setup, cadência, quando NÃO usar.
CAPSTONE-amplitude: Track G, AI Infrastructure Engineer (vLLM, training pipelines, vector DBs prod, evals, GPU cost).

Cross-cutting:

STUDY-PROTOCOL §17: Quarterly Review template com cadência fixa, 3 perguntas brutais, sinais de burnout.
SPRINT-NEXT entries SN-054 a SN-064 documentando gaps remanescentes (Anki decks, solution sketches, mock interviews, AI Infra track curriculum, etc.).

2026-04-28, Site público em apps/site/

add: apps/site/, Next.js 16 + React 19 + Tailwind 4 + Framer Motion. Mesma stack/visual do MyPersonalWebSite.
add: 12 rotas (/, /stages, /stages/[stage], /modules/[id], /progress, /now, /index, /library, /glossary, /docs/[slug], /about, /api/health).
add: Dockerfile multi-stage standalone + railway.json apontando pro app. Healthcheck em /api/health.
add: LICENSE CC BY-NC 4.0.
add: scripts/validate-content.mjs, pre-build validation hook (frontmatter + prereqs + links + line count). Flags --strict/--quiet/--json.
add: DECISION-LOG DL-018 documentando decisão de monorepo (site dentro do FATHOM).
add: SPRINT-NEXT entry SN-053 done.
edit: site lê framework/*.md + raiz .md via fs/promises. Single source of truth: edição segue sendo git commit no Markdown.
Features: CMD+K palette, mermaid render do DAG, library curada, glossary com search, prev/next nav, reading time, breadcrumbs, mobile menu, prefers-reduced-motion, OG images via next/og.

2026-04-28, Refactor: protocolo agnóstico de mentor + atribuição autoral única

remove: CLAUDE.md raiz (versão dependente de ferramenta específica). Conteúdo migrado/generalizado em MENTOR.md.
edit: MENTOR.md reescrito com 4 modos de mentor, A (self), B (peer/cohort), C (suplemento opcional de produtividade, sob restrições), D (hybrid recomendado). Sem nomear ferramentas específicas.
edit: limpeza de referências a ferramentas/fornecedores de IA específicos em todo o repo (README.md, PROGRESS.md, STUDY-PROTOCOL.md, capstones, metas). Linguagem agnóstica ("o mentor", "você", voz passiva). Referências técnicas legítimas em 04-10 (módulo sobre LLM systems), elite-references e reading-list (recursos de estudo) preservadas.
edit: RELEASE-NOTES.md, seção "Agradecimentos" substituída por "Autoria" (Nicolas De Nigris, único autor; síntese baseada em fontes canônicas).
add: DECISION-LOG.md DL-017, atribuição autoral única; ferramentas usadas no processo são instrumento, não co-autor.
edit: DECISION-LOG.md DL-005 reescrito como "Mentor flexível com modos self / peer / suplemento opcional"; entries que mencionavam ferramenta específica generalizadas.
edit: INDEX.md, contagem de raiz ajustada pra 4 arquivos (README, MENTOR, PROGRESS, STUDY-PROTOCOL); CLAUDE.md removido das listas.
protocol: protocolo de mentoria agora é agnóstico, disciplina e rigor independem da ferramenta usada.

2026-04-28, v1.0 SHIPPING

add: 00-meta/RELEASE-NOTES.md, marco de v1.0 shipping-ready. Documenta o que está pronto, limitações reconhecidas, como começar, filosofia.
add: 00-meta/STUDY-PLANS.md, 7 templates de plano por cenário (full-time, part-time, weekend, bootcamp grad, Senior→Staff, career switcher, executive).
edit: SPRINT-NEXT.md, SN-007 fechado com audit results dos restantes módulos shallow. Decisão: aprofundamento adicional triggered por uso real, não preemptivamente.
status: framework atinge versão 1.0: base estável shipping-ready. Modificações futuras são incrementos sobre essa base.

2026-04-28, Sprint 1 batch 1: Depth Leveling em 6 módulos

edit: 01-04 Data Structures, +10 subseções (B-Tree variants, persistent DS, cache-oblivious, skip list deep, HAMT, LSM-Tree, Bloom math, adjacency variants, Trie variants, Union-Find).
edit: 01-15 Math Foundations, +8 subseções deep (linear algebra concrete, probability cases, info theory, graphs com complexity, numerical, LA code, optimization, probabilistic DS math).
edit: 02-02 Accessibility, +4 subseções (WCAG 2.2 critérios, ARIA APG patterns, manual audit checklist, Brasil regional context).
edit: 02-05 Next.js, +8 subseções (Server Components mental model, RSC payload, streaming deep, Server Actions revalidation/optimistic/transitions, Edge runtime, ISR cache invalidation, Turbopack vs Webpack, errors/instrumentation).
edit: 04-05 API Design, +7 subseções (GraphQL Federation v2, gRPC streaming bidirectional, BFF, API gateway, Stripe versioning, RFC 7807, comparison side-by-side).
edit: 04-04 Resilience Patterns, +9 subseções (hedging, adaptive concurrency, backpressure formal, token/leaky bucket math, circuit breaker state machine, bulkhead concrete, failover, chaos engineering, failure budget).
gap encerrado: profundidade desigual no batch identificado em DL-014. Sprint 1 batch 1 entregou 1100+ linhas adicionais nos 6 módulos prioritários. SN-007 audit dos restantes pendente pra batch 2.
Done log atualizada em SPRINT-NEXT.md.

2026-04-28, Sprint 0.5: Roadmap, Codebase Tours, Stack Comparisons

add: 00-meta/SPRINT-NEXT.md, backlog de aprofundamento priorizado (Sprints 1-6), com IDs SN-001 a SN-052.
add: 00-meta/CODEBASE-TOURS.md, 20 guided reading tours de repos canônicos (V8, Postgres, Redis, libuv, React, CockroachDB, K8s scheduler, Linux kernel, Kafka, TigerBeetle, Bevy ECS, Stripe SDK, TLA+ Examples, Tokio, Caddy/nginx, Excalidraw, SQLite, io_uring, Bun, Anthropic Cookbook).
add: 00-meta/STACK-COMPARISONS.md, mapeamento cross-stack (Node, Java, Python, Ruby, Go, .NET, PHP, Rust, Elixir) cobrindo backend frameworks, concurrency, auth, ORM, testing, observability, deploy, perf, real-time, frontend, mobile, AI/LLM. Reduz bias Node/Postgres do framework.
edit: DECISION-LOG.md, DL-014 (profundidade desigual aceita), DL-015 (multi-stack via comparisons), DL-016 (codebase tours como complemento). Pending questions referenciadas a SPRINT-NEXT IDs.
edit: MENTOR.md §7 + INDEX.md, referências às 3 metas novas adicionadas.
gap reconhecido: depth leveling de 01-04, 01-15, 02-02, 02-05, 04-04, 04-05 ficou em SPRINT-NEXT Sprint 1 (SN-001 a SN-006); não executado neste batch.

2026-04-28, Foundation, Stage 5, Niche specialties, Meta consolidation

add: Stage 5, Staff/Principal completo (05-01-05-07 + CAPSTONE-amplitude + README).
add: 16 módulos novos cobrindo lacunas conceituais e domain breadth:
- Fundamentos: 01-11 Concurrency Theory, 01-12 Cryptography Fundamentals, 01-13 Compilers & Interpreters, 01-14 CPU Microarchitecture, 01-15 Math Foundations.
- Plataforma: 02-15 Search Engines & IR, 02-16 Graph Databases, 02-17 Native Mobile, 02-18 Payments & Billing, 02-19 i18n / l10n.
- Professional: 03-13 Time-Series & Analytical DBs, 03-14 Graphics/Audio/Codecs, 03-15 Incident Response, 03-16 Estimation & Planning, 03-17 Accessibility Testing, 03-18 Cognitive Accessibility.
- Senior: 04-13 Streaming & Batch, 04-14 Formal Methods (TLA+), 04-15 OSS Maintainership, 04-16 Product/Business/Unit Economics.
- Staff specialties: 05-08 Hardware Design, 05-09 Bioinformatics & Scientific Computing, 05-10 Game Development Pipeline.
add: meta files completos:
- 00-meta/INDEX.md, mapa global com DAG.
- 00-meta/CAPSTONE-EVOLUTION.md, Logística v0→v1→v2→v3→v4.
- 00-meta/GLOSSARY.md, termos técnicos canônicos.
- 00-meta/MODULE-TEMPLATE.md, template oficial.
- 00-meta/SELF-ASSESSMENT.md, questionário de calibração inicial.
- 00-meta/CHANGELOG.md, este arquivo.
- 00-meta/INTERVIEW-PREP.md, mapping módulos → entrevistas tier-1.
- 00-meta/ANTIPATTERNS.md, anti-patterns cross-cutting.
- 00-meta/DECISION-LOG.md, decisões de design do próprio framework.
add: README.md raiz com overview, FAQ, próximos passos.
protocol: STUDY-PROTOCOL.md §12-§16 adicionados, spaced re-test, paper reading, public capstone, cohort/peer, journal de descobertas.
edit: PROGRESS.md, todas tabelas refletem módulos novos; novos logs (Spaced Re-Test Log, Paper Reading Log, Journal, Public Output Tracking, Mentorship Tracking) e seção Personal Stack.
edit: MENTOR.md §7 atualizado com 5 estágios e contagens corretas; protocolos transversais documentados.
edit: cada stage README com novos módulos e trilhas paralelas atualizadas.
ref: elite-references.md expandido com repos novos por módulo (Crafting Interpreters, parking_lot, libsodium, perf, NumPy, Meilisearch, OpenSearch, pgvector, Memgraph, AGE, Stripe SDK/CLI, Swift evolution, Compose, FormatJS, i18next, Yjs, ClickHouse, TimescaleDB, DuckDB, deck.gl, ffmpeg, axe-core, Pa11y, Flink, Spark, dbt-core, Iceberg, etcd raft, TLA+ Examples, FastAPI, build-your-own-x, Excalidraw, Zephyr, ESP-IDF, embedded-hal). Indivíduos novos: Tanya Reilly, Patrick McKenzie, Dan Luu, Sara Soueidan, Adrian Roselli, Murat Demirbas, Chip Huyen, Lara Hogan, Gergely Orosz, Preshing.
ref: reading-list.md expandido com livros canônicos por todos os módulos novos + papers foundational adicionados (PageRank, End-to-End Arguments, Tail at Scale, Architecture of a Database System, C-Store, Spanner, Byzantine Generals, FLP, AWS Formal Methods).
prereqs explícitos por módulo novo (ver INDEX.md).

2026-04-28, Initial framework

add: Foundation, MENTOR.md, PROGRESS.md, STUDY-PROTOCOL.md.
add: framework/00-meta/elite-references.md e reading-list.md (versão inicial).
add: Estágio 1: Fundamentos (01-01-01-10 + CAPSTONE-fundamentos + README).
add: Estágio 2: Plataforma (02-01-02-14 + CAPSTONE-plataforma + README).
add: Estágio 3: Produção (03-01-03-12 + CAPSTONE-producao + README).
add: Estágio 4: Sistemas (04-01-04-12 + CAPSTONE-sistemas + README).

Como manter

Sempre que tocar arquivo do framework:

Adicione 1 linha em formato ### YYYY-MM-DD, descrição curta.
Lista bullets de mudanças com tipo prefix.
Não edite linhas antigas (append-only).
Para mudanças triviais (typo fix, link ajustado), agrupe em entry semanal/mensal.

Se quebrou contrato (renomeou módulo cited em outros, mudou prereqs, mudou semantic de portão), documente impact e migration:

### 2026-XX-XX, Renamed 01-02 → 01-02-os-internals
- **rename**: 01-02-operating-systems.md → 01-02-os-internals.md.
- **migration**: 12 cross-references em outros módulos atualizadas.
- **migration**: PROGRESS.md, INDEX.md, stage README atualizados.

Daqui a 1 ano, este arquivo é o único jeito de saber o que mudou e quando.

Changelog

CHANGELOG, Mudanças no Framework

2026

2026-05-01, Review wave 29 — runtime, resilience, supply chain (Node profiling deep, Postgres JSONB advanced, chaos engineering practices, OSS supply chain Sigstore, Apache Flink stateful)

2026-05-01, Review wave 28 — advanced craft (React Compiler + state mgmt 2026, Lambda runtime + EventBridge, zero trust + mTLS service mesh, LLM eval + fine-tuning, graph algorithms applied)

2026-05-01, Review wave 27 — engineering mastery (Fastify + Hono plugin authoring, Redis Lua + Functions 7, visual regression + Playwright, Strangler Fig migration, HATEOAS + HTMX)

2026-05-01, Review wave 26 — deep systems II (Mongo aggregation advanced, K8s operators kubebuilder, Rust async + Zig, Kafka Streams + ksqlDB, PIX + Stripe Connect marketplace)

2026-05-01, Review wave 25 — system craft (zero-downtime migrations, LLM-augmented search, BuildKit + multi-arch + distroless, database sharding strategies, PMF + retention metrics)

2026-05-01, Review wave 24 — database, performance, leadership (Postgres replication + partitioning, Speculation Rules + INP 2026, incident command + postmortem, hexagonal vs clean vs onion, EM vs IC track Staff+ ladder)

2026-05-01, Review wave 23 — applied engineering (Monte Carlo forecasting, cognitive a11y deep, lakehouse 2026 + CDC, Next.js parallel/intercepting routes, Passkeys WebAuthn)

2026-05-01, Review wave 22 — craft rigor (i18n ICU + RTL, DDD bounded contexts + Event Storming, resilience tuning, a11y testing pipeline, time-series storage decision)

2026-05-01, Review wave 21 — frontier skills (Web3 reality 2026, React 19 Forms/Actions, deployment strategies progressive delivery, OWASP 2025 + CSP + JWT, RAG architectures + eval)

2026-05-01, Review wave 20 — deep systems (Swift Concurrency + Kotlin Coroutines, CDN + edge + image opt, Wasm Component Model + WASI Preview 2, WebGPU + WebCodecs, formal methods TLA+/Alloy/P)

2026-05-01, Review wave 19 — mobile, realtime, infra (RN Hermes + JSI + Reanimated 3 + Skia, presence at scale + message ordering cross-region, Terraform/OpenTofu modules, event sourcing operacional, OSS becoming maintainer)

2026-05-01, Review wave 18 — platform fluency (CSS layers + container queries, modern Web APIs, Redis Streams consumer groups, contract testing + fuzzing, OTel SDK + Collector)

2026-05-01, Review wave 17 — strategic depth (unit economics, backend frameworks 2026, architecture por estágio, a11y ARIA + screen reader, AWS cost optimization)

2026-05-01, Review wave 16 — data rigor (Mongo schema design, Node event loop, logical clocks, payment webhooks, graph DBs Cypher)

2026-05-01, Review wave 15 — engineering rigor (Next.js PPR + cache layers, ORM N+1 + DataLoader, idempotent consumer, Saga patterns, K8s production resilience)

2026-05-01, Review wave 14 — platform edges (OAuth2 PKCE mobile, ADR deep, RUM web-vitals, backpressure end-to-end, Docker secrets)

2026-05-01, Review wave 13 — systems craft (Go concurrency, ClickHouse query opt, search relevance tuning, SLO burn rate, Postgres tuning sob carga)

2026-05-01, Review wave 12 — applied depth (specification pattern, dbt incremental, SBOM/VEX, React 19 use()/cache(), agentic patterns)

2026-05-01, Review wave 11 — staff frontier (monorepo CI graph, Senior→Staff promo, tz/currency edges, JSONB indexing, adaptive hedging)

2026-05-01, Review wave 10 — execution patterns (dbt+Iceberg, step-up auth, Wasm prod, Suspense+ErrorBoundary, distributed cache invalidation)

2026-05-01, Review wave 9 — operational fluency (EXPLAIN forensic, cache stampede, IC rituals, OSS funding, jittered backoff)

2026-05-01, Review wave 8 — staff rigor (refresh rotation, mutation testing, estimation, aggregate refactor, OLAP decision tree)

2026-05-01, Review wave 7 — elite depth (Tokio internals, distributed rate limit, Apollo Router, BuildKit multi-arch, Server Actions)

2026-05-01, Review wave 6 — applied patterns (CRDTs, hybrid search, deadline propagation, bulkhead, chaos)

2026-05-01, Review wave 5 — industrial depth (CDC/Patroni, real-time scaling, DORA, embedded Rust, hardware bring-up)

2026-05-01, Review wave 4 — modern frontiers (edge, supply chain, AI ops, vector DBs, PWA)

2026-05-01, Review wave 3 — operational meta docs + 05-07/05-08 integration

2026-05-01, Review consolidado + ajustes de profundidade

2026-04-28, Content gap fill: 24+ subseções novas em 16 módulos

2026-04-28, Site público em apps/site/

2026-04-28, Refactor: protocolo agnóstico de mentor + atribuição autoral única

2026-04-28, v1.0 SHIPPING

2026-04-28, Sprint 1 batch 1: Depth Leveling em 6 módulos

2026-04-28, Sprint 0.5: Roadmap, Codebase Tours, Stack Comparisons

2026-04-28, Foundation, Stage 5, Niche specialties, Meta consolidation

2026-04-28, Initial framework

Como manter

Changelog

CHANGELOG, Mudanças no Framework

2026

2026-05-01, Review wave 29 — runtime, resilience, supply chain (Node profiling deep, Postgres JSONB advanced, chaos engineering practices, OSS supply chain Sigstore, Apache Flink stateful)

2026-05-01, Review wave 28 — advanced craft (React Compiler + state mgmt 2026, Lambda runtime + EventBridge, zero trust + mTLS service mesh, LLM eval + fine-tuning, graph algorithms applied)

2026-05-01, Review wave 27 — engineering mastery (Fastify + Hono plugin authoring, Redis Lua + Functions 7, visual regression + Playwright, Strangler Fig migration, HATEOAS + HTMX)

2026-05-01, Review wave 26 — deep systems II (Mongo aggregation advanced, K8s operators kubebuilder, Rust async + Zig, Kafka Streams + ksqlDB, PIX + Stripe Connect marketplace)

2026-05-01, Review wave 25 — system craft (zero-downtime migrations, LLM-augmented search, BuildKit + multi-arch + distroless, database sharding strategies, PMF + retention metrics)

2026-05-01, Review wave 24 — database, performance, leadership (Postgres replication + partitioning, Speculation Rules + INP 2026, incident command + postmortem, hexagonal vs clean vs onion, EM vs IC track Staff+ ladder)

2026-05-01, Review wave 23 — applied engineering (Monte Carlo forecasting, cognitive a11y deep, lakehouse 2026 + CDC, Next.js parallel/intercepting routes, Passkeys WebAuthn)

2026-05-01, Review wave 22 — craft rigor (i18n ICU + RTL, DDD bounded contexts + Event Storming, resilience tuning, a11y testing pipeline, time-series storage decision)

2026-05-01, Review wave 21 — frontier skills (Web3 reality 2026, React 19 Forms/Actions, deployment strategies progressive delivery, OWASP 2025 + CSP + JWT, RAG architectures + eval)

2026-05-01, Review wave 20 — deep systems (Swift Concurrency + Kotlin Coroutines, CDN + edge + image opt, Wasm Component Model + WASI Preview 2, WebGPU + WebCodecs, formal methods TLA+/Alloy/P)

2026-05-01, Review wave 19 — mobile, realtime, infra (RN Hermes + JSI + Reanimated 3 + Skia, presence at scale + message ordering cross-region, Terraform/OpenTofu modules, event sourcing operacional, OSS becoming maintainer)

2026-05-01, Review wave 18 — platform fluency (CSS layers + container queries, modern Web APIs, Redis Streams consumer groups, contract testing + fuzzing, OTel SDK + Collector)

2026-05-01, Review wave 17 — strategic depth (unit economics, backend frameworks 2026, architecture por estágio, a11y ARIA + screen reader, AWS cost optimization)

2026-05-01, Review wave 16 — data rigor (Mongo schema design, Node event loop, logical clocks, payment webhooks, graph DBs Cypher)

2026-05-01, Review wave 15 — engineering rigor (Next.js PPR + cache layers, ORM N+1 + DataLoader, idempotent consumer, Saga patterns, K8s production resilience)

2026-05-01, Review wave 14 — platform edges (OAuth2 PKCE mobile, ADR deep, RUM web-vitals, backpressure end-to-end, Docker secrets)

2026-05-01, Review wave 13 — systems craft (Go concurrency, ClickHouse query opt, search relevance tuning, SLO burn rate, Postgres tuning sob carga)

2026-05-01, Review wave 12 — applied depth (specification pattern, dbt incremental, SBOM/VEX, React 19 use()/cache(), agentic patterns)

2026-05-01, Review wave 11 — staff frontier (monorepo CI graph, Senior→Staff promo, tz/currency edges, JSONB indexing, adaptive hedging)

2026-05-01, Review wave 10 — execution patterns (dbt+Iceberg, step-up auth, Wasm prod, Suspense+ErrorBoundary, distributed cache invalidation)

2026-05-01, Review wave 9 — operational fluency (EXPLAIN forensic, cache stampede, IC rituals, OSS funding, jittered backoff)

2026-05-01, Review wave 8 — staff rigor (refresh rotation, mutation testing, estimation, aggregate refactor, OLAP decision tree)

2026-05-01, Review wave 7 — elite depth (Tokio internals, distributed rate limit, Apollo Router, BuildKit multi-arch, Server Actions)

2026-05-01, Review wave 6 — applied patterns (CRDTs, hybrid search, deadline propagation, bulkhead, chaos)

2026-05-01, Review wave 5 — industrial depth (CDC/Patroni, real-time scaling, DORA, embedded Rust, hardware bring-up)

2026-05-01, Review wave 4 — modern frontiers (edge, supply chain, AI ops, vector DBs, PWA)

2026-05-01, Review wave 3 — operational meta docs + 05-07/05-08 integration

2026-05-01, Review consolidado + ajustes de profundidade

2026-04-28, Content gap fill: 24+ subseções novas em 16 módulos

2026-04-28, Site público em apps/site/

2026-04-28, Refactor: protocolo agnóstico de mentor + atribuição autoral única

2026-04-28, v1.0 SHIPPING

2026-04-28, Sprint 1 batch 1: Depth Leveling em 6 módulos

2026-04-28, Sprint 0.5: Roadmap, Codebase Tours, Stack Comparisons

2026-04-28, Foundation, Stage 5, Niche specialties, Meta consolidation

2026-04-28, Initial framework

Como manter