From 956c43ff62044bc5d0967b29c5fd5ebbe6f3a703 Mon Sep 17 00:00:00 2001 From: Alex Verkhovsky Date: Mon, 9 Mar 2026 08:20:16 -0600 Subject: [PATCH 1/2] chore(skills): convert review-edge-case-hunter.xml to native skill (#1871) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(skills): convert review-edge-case-hunter.xml to native skill Replace single-file XML task with skill directory format (SKILL.md + workflow.md + bmad-skill-manifest.yaml) following the pattern established by bmad-review-adversarial-general. Update all reference locations: bmad-skill-manifest.yaml, module-help.csv, step-04-review.md, and bmad-os-review-pr instructions. Co-Authored-By: Claude Opus 4.6 * fix: address PR review findings for edge-case-hunter skill - Fix "task returns" → "skill returns" terminology in review-pr instructions - Remove edge-case-hunter entry from central manifest (has own directory manifest) - Add sentinel error response for empty/bad input instead of silent empty array - Reframe Step 2 with two-lens approach: control flow paths + domain boundaries - Simplify Step 3 to reference Step 2 edge classes instead of duplicating list Co-Authored-By: Claude Opus 4.6 --------- Co-authored-by: Claude Opus 4.6 --- .../bmad-os-review-pr/prompts/instructions.md | 4 +- .../steps/step-04-review.md | 3 +- src/core/module-help.csv | 2 +- .../bmad-review-edge-case-hunter/SKILL.md | 6 ++ .../bmad-skill-manifest.yaml | 1 + .../bmad-review-edge-case-hunter/workflow.md | 62 ++++++++++++++++ src/core/tasks/bmad-skill-manifest.yaml | 5 -- src/core/tasks/review-edge-case-hunter.xml | 70 ------------------- 8 files changed, 73 insertions(+), 80 deletions(-) create mode 100644 src/core/tasks/bmad-review-edge-case-hunter/SKILL.md create mode 100644 src/core/tasks/bmad-review-edge-case-hunter/bmad-skill-manifest.yaml create mode 100644 src/core/tasks/bmad-review-edge-case-hunter/workflow.md delete mode 100644 src/core/tasks/review-edge-case-hunter.xml diff --git a/.claude/skills/bmad-os-review-pr/prompts/instructions.md b/.claude/skills/bmad-os-review-pr/prompts/instructions.md index 74512128e..2df118d5f 100644 --- a/.claude/skills/bmad-os-review-pr/prompts/instructions.md +++ b/.claude/skills/bmad-os-review-pr/prompts/instructions.md @@ -130,9 +130,9 @@ Likely tag: ### 1.2 Run Edge Case Hunter (subagent) -Spawn a subagent that executes the task defined in `_bmad/core/tasks/review-edge-case-hunter.xml`. Pass the full PR diff as the `content` input. Omit `also_consider` unless the user specified extra focus areas. +Spawn a subagent that invokes the `bmad-review-edge-case-hunter` skill. Pass the full PR diff as the `content` input. Omit `also_consider` unless the user specified extra focus areas. -The task returns a JSON array of objects, each with: `location`, `trigger_condition`, `guard_snippet`, `potential_consequence`. +The skill returns a JSON array of objects, each with: `location`, `trigger_condition`, `guard_snippet`, `potential_consequence`. **Map each JSON finding to the standard finding format:** diff --git a/src/bmm/workflows/bmad-quick-flow/bmad-quick-dev-new-preview/steps/step-04-review.md b/src/bmm/workflows/bmad-quick-flow/bmad-quick-dev-new-preview/steps/step-04-review.md index 0693e7331..32fbea446 100644 --- a/src/bmm/workflows/bmad-quick-flow/bmad-quick-dev-new-preview/steps/step-04-review.md +++ b/src/bmm/workflows/bmad-quick-flow/bmad-quick-dev-new-preview/steps/step-04-review.md @@ -2,7 +2,6 @@ name: 'step-04-review' description: 'Adversarial review, classify findings, optional spec loop' -edge_case_hunter_task: '{project-root}/_bmad/core/tasks/review-edge-case-hunter.xml' deferred_work_file: '{implementation_artifacts}/deferred-work.md' specLoopIteration: 1 --- @@ -31,7 +30,7 @@ Do NOT `git add` anything — this is read-only inspection. **Plan-code-review:** Launch three subagents without conversation context. If no sub-agents are available, generate three review prompt files in `{implementation_artifacts}` — one per reviewer role below — and HALT. Ask the human to run each in a separate session (ideally a different LLM) and paste back the findings. - **Blind hunter** — receives `{diff_output}` only. No spec, no context docs, no project access. Invoke via the `bmad-review-adversarial-general` skill. -- **Edge case hunter** — receives `{diff_output}` and read access to the project. Invoke via `{edge_case_hunter_task}`. +- **Edge case hunter** — receives `{diff_output}` and read access to the project. Invoke via the `bmad-review-edge-case-hunter` skill. - **Acceptance auditor** — receives `{diff_output}`, `{spec_file}`, and read access to the project. Must also read the docs listed in `{spec_file}` frontmatter `context`. Checks for violations of acceptance criteria, rules, and principles from the spec and context docs. ### Classify diff --git a/src/core/module-help.csv b/src/core/module-help.csv index a56f33772..ae873027d 100644 --- a/src/core/module-help.csv +++ b/src/core/module-help.csv @@ -7,4 +7,4 @@ core,anytime,Shard Document,SD,,_bmad/core/tasks/shard-doc.xml,bmad-shard-doc,fa core,anytime,Editorial Review - Prose,EP,,_bmad/core/tasks/editorial-review-prose.xml,bmad-editorial-review-prose,false,,,"Review prose for clarity, tone, and communication issues. Use after drafting to polish written content.",report located with target document,"three-column markdown table with suggested fixes", core,anytime,Editorial Review - Structure,ES,,_bmad/core/tasks/editorial-review-structure.xml,bmad-editorial-review-structure,false,,,"Propose cuts, reorganization, and simplification while preserving comprehension. Use when doc produced from multiple subprocesses or needs structural improvement.",report located with target document, core,anytime,Adversarial Review (General),AR,,skill:bmad-review-adversarial-general,bmad-review-adversarial-general,false,,,"Review content critically to find issues and weaknesses. Use for quality assurance or before finalizing deliverables. Code Review in other modules run this automatically, but its useful also for document reviews",, -core,anytime,Edge Case Hunter Review,ECH,,_bmad/core/tasks/review-edge-case-hunter.xml,bmad-review-edge-case-hunter,false,,,"Walk every branching path and boundary condition in code, report only unhandled edge cases. Use alongside adversarial review for orthogonal coverage - method-driven not attitude-driven.",, +core,anytime,Edge Case Hunter Review,ECH,,skill:bmad-review-edge-case-hunter,bmad-review-edge-case-hunter,false,,,"Walk every branching path and boundary condition in code, report only unhandled edge cases. Use alongside adversarial review for orthogonal coverage - method-driven not attitude-driven.",, diff --git a/src/core/tasks/bmad-review-edge-case-hunter/SKILL.md b/src/core/tasks/bmad-review-edge-case-hunter/SKILL.md new file mode 100644 index 000000000..872fff46f --- /dev/null +++ b/src/core/tasks/bmad-review-edge-case-hunter/SKILL.md @@ -0,0 +1,6 @@ +--- +name: bmad-review-edge-case-hunter +description: 'Walk every branching path and boundary condition in content, report only unhandled edge cases. Orthogonal to adversarial review - method-driven not attitude-driven.' +--- + +Follow the instructions in [workflow.md](workflow.md). diff --git a/src/core/tasks/bmad-review-edge-case-hunter/bmad-skill-manifest.yaml b/src/core/tasks/bmad-review-edge-case-hunter/bmad-skill-manifest.yaml new file mode 100644 index 000000000..d0f08abdb --- /dev/null +++ b/src/core/tasks/bmad-review-edge-case-hunter/bmad-skill-manifest.yaml @@ -0,0 +1 @@ +type: skill diff --git a/src/core/tasks/bmad-review-edge-case-hunter/workflow.md b/src/core/tasks/bmad-review-edge-case-hunter/workflow.md new file mode 100644 index 000000000..4d21c3961 --- /dev/null +++ b/src/core/tasks/bmad-review-edge-case-hunter/workflow.md @@ -0,0 +1,62 @@ +# Edge Case Hunter Review + +**Goal:** You are a pure path tracer. Never comment on whether code is good or bad; only list missing handling. +When a diff is provided, scan only the diff hunks and list boundaries that are directly reachable from the changed lines and lack an explicit guard in the diff. +When no diff is provided (full file or function), treat the entire provided content as the scope. +Ignore the rest of the codebase unless the provided content explicitly references external functions. + +**Inputs:** +- **content** — Content to review: diff, full file, or function +- **also_consider** (optional) — Areas to keep in mind during review alongside normal edge-case analysis + +**MANDATORY: Execute steps in the Execution section IN EXACT ORDER. DO NOT skip steps or change the sequence. When a halt condition triggers, follow its specific instruction exactly. Each action within a step is a REQUIRED action to complete that step.** + +**Your method is exhaustive path enumeration — mechanically walk every branch, not hunt by intuition. Report ONLY paths and conditions that lack handling — discard handled ones silently. Do NOT editorialize or add filler — findings only.** + + +## EXECUTION + +### Step 1: Receive Content + +- Load the content to review strictly from provided input +- If content is empty, or cannot be decoded as text, return `[{"location":"N/A","trigger_condition":"Input empty or undecodable","guard_snippet":"Provide valid content to review","potential_consequence":"Review skipped — no analysis performed"}]` and stop +- Identify content type (diff, full file, or function) to determine scope rules + +### Step 2: Exhaustive Path Analysis + +**Walk every branching path and boundary condition within scope — report only unhandled ones.** + +- If `also_consider` input was provided, incorporate those areas into the analysis +- Walk all branching paths: control flow (conditionals, loops, error handlers, early returns) and domain boundaries (where values, states, or conditions transition). Derive the relevant edge classes from the content itself — don't rely on a fixed checklist. Examples: missing else/default, unguarded inputs, off-by-one loops, arithmetic overflow, implicit type coercion, race conditions, timeout gaps +- For each path: determine whether the content handles it +- Collect only the unhandled paths as findings — discard handled ones silently + +### Step 3: Validate Completeness + +- Revisit every edge class from Step 2 — e.g., missing else/default, null/empty inputs, off-by-one loops, arithmetic overflow, implicit type coercion, race conditions, timeout gaps +- Add any newly found unhandled paths to findings; discard confirmed-handled ones + +### Step 4: Present Findings + +Output findings as a JSON array following the Output Format specification exactly. + + +## OUTPUT FORMAT + +Return ONLY a valid JSON array of objects. Each object must contain exactly these four fields and nothing else: + +```json +[{ + "location": "file:start-end (or file:line when single line, or file:hunk when exact line unavailable)", + "trigger_condition": "one-line description (max 15 words)", + "guard_snippet": "minimal code sketch that closes the gap (single-line escaped string, no raw newlines or unescaped quotes)", + "potential_consequence": "what could actually go wrong (max 15 words)" +}] +``` + +No extra text, no explanations, no markdown wrapping. An empty array `[]` is valid when no unhandled paths are found. + + +## HALT CONDITIONS + +- If content is empty or cannot be decoded as text, return `[{"location":"N/A","trigger_condition":"Input empty or undecodable","guard_snippet":"Provide valid content to review","potential_consequence":"Review skipped — no analysis performed"}]` and stop diff --git a/src/core/tasks/bmad-skill-manifest.yaml b/src/core/tasks/bmad-skill-manifest.yaml index ea8fdbcf1..a332ba809 100644 --- a/src/core/tasks/bmad-skill-manifest.yaml +++ b/src/core/tasks/bmad-skill-manifest.yaml @@ -18,11 +18,6 @@ index-docs.xml: type: task description: "Generates or updates an index.md to reference all docs in the folder" -review-edge-case-hunter.xml: - canonicalId: bmad-review-edge-case-hunter - type: task - description: "Walk every branching path and boundary condition in content, report only unhandled edge cases" - shard-doc.xml: canonicalId: bmad-shard-doc type: task diff --git a/src/core/tasks/review-edge-case-hunter.xml b/src/core/tasks/review-edge-case-hunter.xml deleted file mode 100644 index dfe75ce34..000000000 --- a/src/core/tasks/review-edge-case-hunter.xml +++ /dev/null @@ -1,70 +0,0 @@ - - - - You are a pure path tracer. Never comment on whether code is good or bad; only list missing handling. -When a diff is provided, scan only the diff hunks and list boundaries that are directly reachable from the changed lines and lack an explicit guard in the diff. -When no diff is provided (full file or function), treat the entire provided content as the scope. -Ignore the rest of the codebase unless the provided content explicitly references external functions. - - - - - - - Return ONLY a valid JSON array of objects. Each object must contain exactly these four fields and nothing else: -[{ - "location": "file:start-end (or file:line when single line, or file:hunk when exact line unavailable)", - "trigger_condition": "one-line description (max 15 words)", - "guard_snippet": "minimal code sketch that closes the gap (single-line escaped string, no raw newlines or unescaped quotes)", - "potential_consequence": "what could actually go wrong (max 15 words)" -}] -No extra text, no explanations, no markdown wrapping. An empty array [] is valid when no unhandled paths are found. - - - MANDATORY: Execute steps in the flow section IN EXACT ORDER - DO NOT skip steps or change the sequence - When a halt-condition triggers, follow its specific instruction exactly - Each action xml tag within step xml tag is a REQUIRED action to complete that step - - Your method is exhaustive path enumeration — mechanically walk every branch, not hunt by intuition - Trace each branching path: conditionals, switches, early returns, guard clauses, loops, error handlers - Trace each boundary condition: null, undefined, empty, zero, negative, overflow, max-length, type coercion, concurrency, timing - Report ONLY paths and conditions that lack handling — discard handled ones silently - Do NOT editorialize or add filler — findings only - - - - - Load the content to review strictly from provided input - If content is empty, or cannot be decoded as text, return empty array [] and stop - Identify content type (diff, full file, or function) to determine scope rules - - - - Walk every branching path and boundary condition within scope - report only unhandled ones - If also_consider input was provided, incorporate those areas into the analysis - Enumerate all branching paths and boundary conditions within scope: conditionals, switches, early returns, guard clauses, loops, error handlers, null/empty states, overflow, type edges, concurrency, timing - For each path: determine whether the content handles it - Collect only the unhandled paths as findings - discard handled ones silently - - - - Recheck every conditional for missing else/default - Recheck every input for null/empty/wrong-type - Recheck loop bounds for off-by-one and empty-collection - Add any newly found unhandled paths to findings; discard confirmed-handled ones - - - - Output findings as a JSON array following the output-format specification exactly - - - - - If content is empty or cannot be decoded as text, return empty array [] and stop - - - From 9421f20b69783264b69c78cb038d2de1d23b4970 Mon Sep 17 00:00:00 2001 From: Alex Verkhovsky Date: Mon, 9 Mar 2026 14:23:02 -0600 Subject: [PATCH 2/2] ci: add continuous delivery workflows for npm publishing (#1872) Add publish-next (auto-prerelease on push to main) and publish-latest (manual stable release with Discord notification). Update CONTRIBUTING.md to describe the trunk-based CD model. --- .github/workflows/publish-latest.yaml | 82 +++++++++++++++++++++++++++ .github/workflows/publish-next.yaml | 65 +++++++++++++++++++++ CONTRIBUTING.md | 2 +- 3 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/publish-latest.yaml create mode 100644 .github/workflows/publish-next.yaml diff --git a/.github/workflows/publish-latest.yaml b/.github/workflows/publish-latest.yaml new file mode 100644 index 000000000..a70dc5738 --- /dev/null +++ b/.github/workflows/publish-latest.yaml @@ -0,0 +1,82 @@ +name: Publish Latest + +on: + workflow_dispatch: + inputs: + bump: + description: "Version bump type" + required: true + default: "patch" + type: choice + options: + - patch + - minor + - major + +concurrency: + group: publish-latest + +permissions: + id-token: write + contents: write + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: ".nvmrc" + cache: "npm" + registry-url: "https://registry.npmjs.org" + + - name: Configure git user + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Install dependencies + run: npm ci + + - name: Run tests + run: npm test + + - name: Bump version + run: 'npm version ${{ inputs.bump }} -m "chore(release): v%s [skip ci]"' + + - name: Publish to npm + run: npm publish --tag latest --provenance + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Push version commit and tag + run: git push origin main --follow-tags + + - name: Create GitHub Release + run: | + TAG="v$(node -p 'require("./package.json").version')" + gh release create "$TAG" --generate-notes + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Notify Discord + continue-on-error: true + run: | + set -o pipefail + source .github/scripts/discord-helpers.sh + [ -z "$WEBHOOK" ] && exit 0 + + VERSION=$(node -p 'require("./package.json").version') + RELEASE_URL="${{ github.server_url }}/${{ github.repository }}/releases/tag/v${VERSION}" + MSG=$(printf '📦 **[bmad-method v%s released](<%s>)**' "$VERSION" "$RELEASE_URL" | esc) + + jq -n --arg content "$MSG" '{content: $content}' | curl -sf --retry 2 -X POST "$WEBHOOK" -H "Content-Type: application/json" -d @- + env: + WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} diff --git a/.github/workflows/publish-next.yaml b/.github/workflows/publish-next.yaml new file mode 100644 index 000000000..7bf0a4b18 --- /dev/null +++ b/.github/workflows/publish-next.yaml @@ -0,0 +1,65 @@ +name: Publish Next + +on: + push: + branches: [main] + paths: + - "src/**" + - "tools/cli/**" + - "package.json" + +concurrency: + group: publish-next + cancel-in-progress: true + +permissions: + id-token: write + contents: read + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: ".nvmrc" + cache: "npm" + registry-url: "https://registry.npmjs.org" + + - name: Install dependencies + run: npm ci + + - name: Run tests + run: npm test + + - name: Derive next prerelease version + run: | + NEXT_VER=$(npm view bmad-method@next version 2>/dev/null || echo "") + LATEST_VER=$(npm view bmad-method@latest version 2>/dev/null || echo "") + + # Determine the best base version for the next prerelease + BASE=$(node -e " + const semver = require('semver'); + const next = process.argv[1] || null; + const latest = process.argv[2] || null; + if (!next && !latest) process.exit(0); + if (!next) { console.log(latest); process.exit(0); } + if (!latest) { console.log(next); process.exit(0); } + // If latest is newer than next's base, use latest (next prerelease will be based on it) + const nextBase = next.replace(/-next\.\d+$/, ''); + console.log(semver.gt(latest, nextBase) ? latest : next); + " "$NEXT_VER" "$LATEST_VER") + + if [ -n "$BASE" ]; then + npm version "$BASE" --no-git-tag-version --allow-same-version + fi + npm version prerelease --preid=next --no-git-tag-version + + - name: Publish to npm + run: npm publish --tag next --provenance + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d9c12655f..459195916 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -73,7 +73,7 @@ After searching, use the [feature request template](https://github.com/bmad-code ### Target Branch -Submit PRs to the `main` branch. We use [trunk-based development](https://trunkbaseddevelopment.com/branch-for-release/): `main` is the trunk where all work lands, and stable release branches receive only cherry-picked fixes. +Submit PRs to the `main` branch. We use trunk-based development. Every push to `main` auto-publishes to `npm` under the `next` tag. Stable releases are cut ~weekly to the `latest` tag. ### PR Size