feat: biblioteca inteligente libs/ + 5 novas skills (20 skills total)

NOVAS SKILLS:
- next-best-practices      v0.1.0  (CLEAN) — Next.js App Router, RSC, caching, data
- nextjs-patterns          v1.0.0  (CLEAN) — Next.js 15: Server Actions, route handlers
- vite                     v1.0.0  (CLEAN) — env vars, aliases, proxy, CJS compat
- uncle-bob                v1.0.0  (CLEAN) — Clean Code, SOLID, Clean Architecture
- clean-code-review        v1.0.0  (CLEAN) — naming, guard clauses, anti-patterns, refactoring
- vue                      v1.0.0  (CLEAN) — Vue framework
- vue-composition-api-best-practices v1.0.0 (CLEAN) — composables, Pinia, reactivity

BIBLIOTECA INTELIGENTE libs/ (10 dominios, 11 arquivos):
- typescript/ — TS safe + generics gotchas
- react/ — Next.js App Router + Vite config
- vue/ — Composition API + Pinia
- linux/ — System diagnostic cheatsheet
- database/ — PostgreSQL + MySQL patterns
- browser/ — Chromium CLI + E2E testing
- security/ — SAST audit (OWASP Top 10)
- best-practices/ — Clean Code + SOLID + Clean Architecture
- deploy/ — Docker multi-stack + OpenClaw ops
- + INDEX.md como guia de navegacao

.learnings/ — LRN-20260519-003 criado (biblioteca compartilhada)

libs/deploy/DOCKER_DEPLOY.md

@@ -0,0 +1,64 @@
+# Docker — Multi-Stack Deploy
+
+> Extraído de `xcloud-docker-deploy` v1.2.1 + habilidades de openclaw-power-ops
+
+## 🗺️ Stack Detection Router
+
+| Arquivo encontrado | Stack | Ação |
+|-------------------|-------|------|
+| `wp-config.php` ou `wp-content/` | WordPress | Ver ref `xcloud-native-wordpress.md` |
+| `composer.json` + `artisan` | Laravel | Ver ref `xcloud-native-laravel.md` |
+| `package.json` + `next.config.*` | Next.js | Usar `dockerfiles/nextjs.Dockerfile` |
+| `package.json` | Node.js | Ver ref `xcloud-native-nodejs.md` |
+| `composer.json` (sem artisan) | PHP | Ver ref `xcloud-native-php.md` |
+| `requirements.txt` ou `pyproject.toml` | Python | Usar `dockerfiles/python-fastapi.Dockerfile` |
+| `go.mod` | Go | Gerar Dockerfile manualmente |
+| `docker-compose.yml` existe | Docker existente | Prosseguir Step 1 |
+
+## Step 1 — Cenário Detection
+| Sinal | Cenário |
+|-------|---------|
+| `build:` ou `context: .` | **A** — Build-from-source |
+| Caddy/Traefik/nginx-proxy | **B** — Proxy conflict |
+| Múltiplos `ports:` por service | **B** — Multi-port |
+| `./nginx.conf` volume mount | **B** — External config |
+| Múltiplos services com `build:` | **C** — Multi-service build |
+| `image: public-image`, 1 porta | ✅ Já compatível |
+
+## Cenário A — Build-from-Source
+1. Remover `build:` do compose
+2. Trocar `image:` por `ghcr.io/OWNER/REPO:latest`
+3. Gerar `.github/workflows/docker-build.yml`
+4. Gerar `.env.example`
+
+## Cenário B — Proxy Conflict
+1. Remover Caddy/Traefik/nginx-proxy service
+2. Remover SSL labels e multi-port — usar `expose:` (interno)
+3. Adicionar `nginx-router` service com `configs:` inline
+4. Expor uma porta (default: 3080)
+
+## Cenário C — Multi-Service Build
+- Matrix GitHub Actions — cada service com `build:` vira um GHCR image
+- Compose atualizado com todas as imagens GHCR
+
+## 🚨 Regras de Ouro (xCloud)
+- ❌ Nunca incluir `build:` no compose final — xCloud ignora silenciosamente
+- ❌ Nunca expor portas de DB diretas (`5432:5432`) — usar `expose:`
+- ❌ Nunca incluir Caddy, Traefik, nginx-proxy, Let's Encrypt
+- ✅ Preservar `environment:`, `volumes:`, `healthcheck:`
+- ✅ Sempre usar `expose:` (interno), não `ports:` (para serviços internos)
+
+## Dockerfiles Disponíveis
+| Stack | Dockerfile |
+|-------|------------|
+| PHP genérico | `dockerfiles/php-generic.Dockerfile` |
+| Laravel | `dockerfiles/laravel.Dockerfile` |
+| Node.js | `dockerfiles/node-app.Dockerfile` |
+| Next.js | `dockerfiles/nextjs.Dockerfile` |
+| Python FastAPI | `dockerfiles/python-fastapi.Dockerfile` |
+
+## Compose Templates
+- `compose-templates/laravel-mysql.yml`
+- `compose-templates/nextjs-postgres.yml`
+- `compose-templates/nodejs-api-postgres.yml`
+- `compose-templates/python-fastapi-postgres.yml`

libs/deploy/OPENCLAW_OPS.md

@@ -0,0 +1,50 @@
+# OpenClaw — Gateway Ops CLI
+
+> Referência rápida baseada em `openclaw-power-ops` + `openclaw-config`.
+
+## 🌟 Golden Rules
+1. ❌ NUNCA editar `openclaw.json` diretamente — sempre `openclaw config set/get/unset`
+2. ✅ Sempre reiniciar gateway após mudanças de config
+3. ❌ Telegram: NÃO usar campo `agent` dentro de config de conta — usar `bindings` array
+4. ❌ Telegram `streaming`: deve ser string `"off"`, não booleano `false`
+5. ✅ JSON values em `config set` precisam de `--strict-json`
+
+## Diagnóstico
+```bash
+openclaw status               # overview
+openclaw status --deep        # detalhado
+openclaw doctor               # encontra problemas
+openclaw doctor --fix         # auto-fix (com consentimento do usuário!)
+openclaw gateway health       # health check do gateway
+openclaw security audit       # scan de segurança
+openclaw security audit --deep --fix  # scan profundo + auto-fix
+```
+
+## Config Segura — $include Modular
+```json5
+// ~/.openclaw/openclaw.json
+{
+  "$include": ["./gateway.json5", "./channels/telegram.json5"],
+}
+```
+- `$include`: resolved antes da validação de schema
+- Objetos: merge recursivo; Arrays: concatenam; Primitivos: último vence
+- Limite: profundidade máx 10; includes circulares são detectados
+
+## Telegram — Exemplos
+```bash
+# DM policy open (cuidado!)
+openclaw config set channels.telegram.dmPolicy '"open"' --json
+openclaw config set channels.telegram.allowFrom '["*"]' --json
+
+# Streaming OFF (string, não boolean)
+openclaw config set channels.telegram.streaming '"off"' --json
+```
+
+## Enabling Features
+```bash
+# Web search (Brave/Perplexity)
+openclaw config set tools.web.search.enabled true --json
+openclaw config set tools.web.search.provider '"brave"' --json
+# Chave via env var: export BRAVE_API_KEY="***"
+```