ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity

Merge c0a49bcafe into cf50f4935d

This commit is contained in:
sjennings 2025-12-08 11:31:01 -08:00 committed by GitHub
parent cf50f4935d c0a49bcafe
commit d498dafbee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 287 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/tasks/workflow.xml
View File

@ -63,6 +63,8 @@
<tag>invoke-workflow xml tag → Execute another workflow with given inputs and the workflow.xml runner</tag>
<tag>invoke-task xml tag → Execute specified task</tag>
<tag>invoke-protocol name="protocol_name" xml tag → Execute reusable protocol from protocols section</tag>
<tag>invoke-bash cmd="command" → Execute shell command, capture stdout/stderr, set {{bash_exit_code}}, {{bash_stdout}}, {{bash_stderr}}</tag>
<tag>set-var name="varname" value="..." → Set runtime variable {{varname}} to specified value (supports expressions)</tag>
<tag>goto step="x" → Jump to specified step</tag>
</execute-tags>
</substep>
@ -126,6 +128,8 @@
<tag>invoke-workflow - Call another workflow</tag>
<tag>invoke-task - Call a task</tag>
<tag>invoke-protocol - Execute a reusable protocol (e.g., discover_inputs)</tag>
<tag>invoke-bash cmd="..." - Execute shell command, results in {{bash_exit_code}}, {{bash_stdout}}, {{bash_stderr}}</tag>
<tag>set-var name="..." value="..." - Set runtime variable dynamically</tag>
</execution>
<output>
<tag>template-output - Save content checkpoint</tag>

20
src/modules/bmm/module.yaml
View File

@ -52,3 +52,23 @@ tea_use_playwright_utils:
- "You must install packages yourself, or use test architect's *framework command."
default: false
result: "{value}"
# External Code Review Agent Selection
# Allows delegating code reviews to an external AI agent CLI for independent, unbiased reviews
# Useful when using a different AI as primary IDE agent (e.g., Codex/Gemini users can use Claude for reviews)
external_review_agent:
prompt:
- "Which external agent should perform code reviews?"
- "External agents provide independent, unbiased reviews separate from your primary IDE agent."
- "The selected CLI must be installed and configured on your system."
default: "none"
result: "{value}"
single-select:
- value: "codex"
label: "Codex (OpenAI) - Code review using OpenAI Codex CLI"
- value: "gemini"
label: "Gemini (Google) - Code review using Google Gemini CLI"
- value: "claude"
label: "Claude Code (Anthropic) - Code review using Claude Code CLI"
- value: "none"
label: "None - Use built-in review (no external agent)"

30
src/modules/bmm/workflows/4-implementation/code-review/checklist.md
View File

@ -1,5 +1,7 @@
# Senior Developer Review - Validation Checklist
## Story Setup
- [ ] Story file loaded from `{{story_path}}`
- [ ] Story Status verified as reviewable (review)
- [ ] Epic and Story IDs resolved ({{epic_num}}.{{story_num}})
@ -7,12 +9,33 @@
- [ ] Epic Tech Spec located or warning recorded
- [ ] Architecture/standards docs loaded (as available)
- [ ] Tech stack detected and documented
- [ ] MCP doc search performed (or web fallback) and references captured
## External Agent Detection (Runtime)
- [ ] `invoke-bash cmd="command -v codex"` executed → {{codex_available}}
- [ ] `invoke-bash cmd="command -v gemini"` executed → {{gemini_available}}
- [ ] `invoke-bash cmd="command -v claude"` executed → {{claude_available}}
- [ ] Review method determined: {{use_external_agent}} = true/false
- [ ] If external: {{external_agent_cmd}} = codex OR gemini OR claude
- [ ] Config updated with detection results and timestamp
## Code Review Execution
- [ ] Git vs Story discrepancies identified ({{git_findings}})
- [ ] If external agent available: Prompt written to /tmp/code-review-prompt.txt
- [ ] If external agent available: CLI invoked via `invoke-bash` (MANDATORY - NO EXCEPTIONS)
- [ ] External agent output captured in {{bash_stdout}}
- [ ] If external agent CLI failed (non-zero exit): Fallback to built-in review
- [ ] ⚠️ VIOLATION CHECK: Did you skip external agent with a rationalization? If yes, RE-RUN with external agent.
- [ ] Acceptance Criteria cross-checked against implementation
- [ ] File List reviewed and validated for completeness
- [ ] Tests identified and mapped to ACs; gaps noted
- [ ] Code quality review performed on changed files
- [ ] Security review performed on changed files and dependencies
- [ ] Code quality review performed (security, performance, maintainability)
- [ ] Minimum 3 issues found (adversarial review requirement)
## Finalization
- [ ] Findings categorized: HIGH/MEDIUM/LOW severity
- [ ] Outcome decided (Approve/Changes Requested/Blocked)
- [ ] Review notes appended under "Senior Developer Review (AI)"
- [ ] Change Log updated with review entry
@ -21,3 +44,4 @@
- [ ] Story saved successfully
_Reviewer: {{user_name}} on {{date}}_
_External Agent: {{external_agent_cmd}} (codex:{{codex_available}} / gemini:{{gemini_available}} / claude:{{claude_available}})_

35
src/modules/bmm/workflows/4-implementation/code-review/external-agent-prompt.md Normal file
View File

@ -0,0 +1,35 @@
You are an ADVERSARIAL code reviewer. Your job is to find problems, not approve code.
VERY IMPORTANT!
- This is a READ ONLY operation. You are not to change anything in this code.
- You are FORBIDDEN to write to any files.
- You are FORBIDDEN to change any files.
- You are FORBIDDEN to delete any files.
REQUIREMENTS:
- Find 3-10 specific issues minimum - no lazy looks good reviews
- Categorize as HIGH (must fix), MEDIUM (should fix), LOW (nice to fix)
- For each issue: specify file:line, describe problem, suggest fix
- Check: Security vulnerabilities, performance issues, error handling, test quality
- Verify: Tasks marked [x] are actually done, ACs are actually implemented
STORY CONTEXT: {{story_path}}
FILES TO REVIEW: {{comprehensive_file_list}}
ACCEPTANCE CRITERIA: {{acceptance_criteria_list}}
TASKS: {{task_list}}
OUTPUT FORMAT:
## HIGH SEVERITY
- [file:line] Issue description | Suggested fix
## MEDIUM SEVERITY
- [file:line] Issue description | Suggested fix
## LOW SEVERITY
- [file:line] Issue description | Suggested fix

180
src/modules/bmm/workflows/4-implementation/code-review/instructions.xml
View File

@ -4,16 +4,35 @@
<critical>Communicate all responses in {communication_language} and language MUST be tailored to {user_skill_level}</critical>
<critical>Generate all documents in {document_output_language}</critical>
<critical>🔥 YOU ARE AN ADVERSARIAL CODE REVIEWER - Find what's wrong or missing! 🔥</critical>
<!-- ================================================================ -->
<!-- EXTERNAL AGENT MANDATE - THIS IS THE MOST IMPORTANT RULE -->
<!-- ================================================================ -->
<critical>🚨 MANDATORY EXTERNAL AGENT RULE - NO EXCEPTIONS 🚨</critical>
<critical>If an external agent CLI (codex, gemini, or claude) is detected as available, you MUST delegate the code review to that agent.</critical>
<critical>You are FORBIDDEN from performing your own code review analysis if an external agent is available.</critical>
<critical>The external agent provides an independent, unbiased review. Your job is to INVOKE it, not replace it.</critical>
<critical>Only perform built-in review if ALL external agents fail detection OR the CLI invocation actually fails with a non-zero exit code.</critical>
<critical>DO NOT SKIP the invoke-bash commands for detection and invocation - they are MANDATORY.</critical>
<!-- PROHIBITED EXCUSES - DO NOT USE THESE TO SKIP EXTERNAL AGENT -->
<critical>🚫 PROHIBITED RATIONALIZATIONS - You may NOT skip the external agent for ANY of these reasons:</critical>
<critical>❌ "The prompt is too long" - Long prompts are expected and supported. Invoke anyway.</critical>
<critical>❌ "CLI is meant for simple operations" - FALSE. The CLI handles complex prompts. Invoke anyway.</critical>
<critical>❌ "This is a re-review" - Re-reviews MUST use external agent. No exception.</critical>
<critical>❌ "I can do this myself" - You are FORBIDDEN from self-review when external agent is available.</critical>
<critical>❌ "It would be faster/better if I do it" - Irrelevant. External agent is MANDATORY.</critical>
<critical>❌ "The context is too complex" - The external agent handles complexity. Invoke anyway.</critical>
<critical>If you find yourself rationalizing why to skip the external agent, STOP and invoke it anyway.</critical>
<critical>🔥 ADVERSARIAL CODE REVIEW REQUIREMENTS 🔥</critical>
<critical>Your purpose: Validate story file claims against actual implementation</critical>
<critical>Challenge everything: Are tasks marked [x] actually done? Are ACs really implemented?</critical>
<critical>Find 3-10 specific issues in every review minimum - no lazy "looks good" reviews - YOU are so much better than the dev agent
that wrote this slop</critical>
<critical>Find 3-10 specific issues in every review minimum - no lazy "looks good" reviews</critical>
<critical>Read EVERY file in the File List - verify implementation against story requirements</critical>
<critical>Tasks marked complete but not done = CRITICAL finding</critical>
<critical>Acceptance Criteria not implemented = HIGH severity finding</critical>
<step n="1" goal="Load story and discover changes">
<step n="1" goal="Load story and detect external agents">
<action>Use provided {{story_path}} or ask user which story file to review</action>
<action>Read COMPLETE story file</action>
<action>Set {{story_key}} = extracted key from filename (e.g., "1-2-user-authentication.md" → "1-2-user-authentication") or story metadata</action>
@ -38,6 +57,86 @@
<invoke-protocol name="discover_inputs" />
<action>Load {project_context} for coding standards (if exists)</action>
<!-- ============================================================== -->
<!-- EXTERNAL AGENT DETECTION - CHECK CONFIG FIRST, THEN DETECT -->
<!-- ============================================================== -->
<set-var name="use_external_agent" value="false" />
<set-var name="external_agent_cmd" value="" />
<set-var name="codex_available" value="false" />
<set-var name="gemini_available" value="false" />
<set-var name="claude_available" value="false" />
<set-var name="external_agent_failed" value="false" />
<set-var name="preferred_agent" value="{external_review_agent}" />
<!-- Check if user has disabled external agents -->
<check if="{{preferred_agent}} == 'none'">
<output>📋 External agent disabled in config - will use built-in adversarial review</output>
</check>
<!-- Only detect and use external agents if not set to "none" -->
<check if="{{preferred_agent}} != 'none'">
<output>🔍 Detecting external agent availability...</output>
<!-- Detect Codex CLI availability -->
<invoke-bash cmd="command -v codex &amp;&amp; codex --version 2>/dev/null || echo 'NOT_FOUND'" />
<check if="{{bash_exit_code}} == 0 AND {{bash_stdout}} does not contain 'NOT_FOUND'">
<set-var name="codex_available" value="true" />
<output>✓ Codex CLI detected</output>
</check>
<!-- Detect Gemini CLI availability -->
<invoke-bash cmd="command -v gemini &amp;&amp; gemini --version 2>/dev/null || echo 'NOT_FOUND'" />
<check if="{{bash_exit_code}} == 0 AND {{bash_stdout}} does not contain 'NOT_FOUND'">
<set-var name="gemini_available" value="true" />
<output>✓ Gemini CLI detected</output>
</check>
<!-- Detect Claude CLI availability -->
<invoke-bash cmd="command -v claude &amp;&amp; claude --version 2>/dev/null || echo 'NOT_FOUND'" />
<check if="{{bash_exit_code}} == 0 AND {{bash_stdout}} does not contain 'NOT_FOUND'">
<set-var name="claude_available" value="true" />
<output>✓ Claude CLI detected</output>
</check>
<!-- Select which external agent to use based on availability and preference -->
<check if="{{preferred_agent}} == 'codex' AND {{codex_available}} == true">
<set-var name="use_external_agent" value="true" />
<set-var name="external_agent_cmd" value="codex" />
</check>
<check if="{{preferred_agent}} == 'gemini' AND {{gemini_available}} == true">
<set-var name="use_external_agent" value="true" />
<set-var name="external_agent_cmd" value="gemini" />
</check>
<check if="{{preferred_agent}} == 'claude' AND {{claude_available}} == true">
<set-var name="use_external_agent" value="true" />
<set-var name="external_agent_cmd" value="claude" />
</check>
<!-- Fallback selection if preferred agent not available -->
<check if="{{use_external_agent}} == false AND {{codex_available}} == true">
<set-var name="use_external_agent" value="true" />
<set-var name="external_agent_cmd" value="codex" />
<output>⚠️ Preferred agent ({{preferred_agent}}) not available, falling back to Codex</output>
</check>
<check if="{{use_external_agent}} == false AND {{gemini_available}} == true">
<set-var name="use_external_agent" value="true" />
<set-var name="external_agent_cmd" value="gemini" />
<output>⚠️ Preferred agent ({{preferred_agent}}) not available, falling back to Gemini</output>
</check>
<check if="{{use_external_agent}} == false AND {{claude_available}} == true">
<set-var name="use_external_agent" value="true" />
<set-var name="external_agent_cmd" value="claude" />
<output>⚠️ Preferred agent ({{preferred_agent}}) not available, falling back to Claude</output>
</check>
<check if="{{use_external_agent}} == true">
<output>🤖 External agent selected: {{external_agent_cmd}} - will delegate code review</output>
</check>
<check if="{{use_external_agent}} == false">
<output>📋 No external agent available - will use built-in adversarial review</output>
</check>
</check>
</step>
<step n="2" goal="Build review attack plan">
@ -56,15 +155,75 @@
<step n="3" goal="Execute adversarial review">
<critical>VALIDATE EVERY CLAIM - Check git reality vs story claims</critical>
<!-- Git vs Story Discrepancies -->
<!-- Git vs Story Discrepancies - ALWAYS runs -->
<action>Review git vs story File List discrepancies:
1. **Files changed but not in story File List** → MEDIUM finding (incomplete documentation)
2. **Story lists files but no git changes** → HIGH finding (false claims)
3. **Uncommitted changes not documented** → MEDIUM finding (transparency issue)
</action>
<!-- Use combined file list: story File List + git discovered files -->
<action>Create comprehensive review file list from story File List and git changes</action>
<action>Store git discrepancy findings in {{git_findings}}</action>
<!-- ============================================================== -->
<!-- MANDATORY: INVOKE EXTERNAL AGENT IF AVAILABLE -->
<!-- ============================================================== -->
<critical>If {{use_external_agent}} == true, you MUST invoke the external agent via CLI.</critical>
<critical>DO NOT perform your own code review - delegate to the external agent.</critical>
<check if="{{use_external_agent}} == true">
<output>🔄 Invoking {{external_agent_cmd}} CLI for adversarial code review...</output>
<!-- ============================================================== -->
<!-- INVOKE EXTERNAL AGENT - USE EXACT COMMANDS AS WRITTEN -->
<!-- ============================================================== -->
<critical>🚨 USE EXACT COMMAND SYNTAX - DO NOT MODIFY OR SIMPLIFY 🚨</critical>
<critical>Copy the invoke-bash cmd attribute EXACTLY as written below.</critical>
<critical>DO NOT remove flags, reorder arguments, or "improve" the command.</critical>
<!-- External agent prompt is loaded from external-agent-prompt.md -->
<set-var name="external_prompt_file" value="{installed_path}/external-agent-prompt.md" />
<action>Load {{external_prompt_file}} content into {{external_prompt}}</action>
<check if="{{external_agent_cmd}} == 'codex'">
<critical>CODEX: Use codex exec with read-only sandbox and full-auto</critical>
<invoke-bash cmd="codex exec --sandbox read-only --full-auto &quot;$(cat '{{external_prompt_file}}')&quot;" timeout="300000" />
</check>
<check if="{{external_agent_cmd}} == 'gemini'">
<critical>GEMINI: Use gemini -p with prompt from file and --yolo</critical>
<invoke-bash cmd="gemini -p &quot;$(cat '{{external_prompt_file}}')&quot; --yolo" timeout="300000" />
</check>
<check if="{{external_agent_cmd}} == 'claude'">
<critical>CLAUDE: Use claude -p with prompt from file</critical>
<invoke-bash cmd="claude -p &quot;$(cat '{{external_prompt_file}}')&quot; --dangerously-skip-permissions" timeout="300000" />
</check>
<check if="{{bash_exit_code}} != 0 OR {{bash_stdout}} is empty">
<output>⚠️ External agent CLI failed (exit code: {{bash_exit_code}}), falling back to built-in review</output>
<output>Error: {{bash_stderr}}</output>
<set-var name="use_external_agent" value="false" />
<set-var name="external_agent_failed" value="true" />
</check>
<check if="{{bash_exit_code}} == 0 AND {{bash_stdout}} is not empty">
<set-var name="external_findings" value="{{bash_stdout}}" />
<action>Parse {{external_findings}} into structured HIGH/MEDIUM/LOW lists</action>
<action>Merge {{git_findings}} with {{external_findings}} into {{all_findings}}</action>
<output>✅ External review complete - {{external_agent_cmd}} CLI findings received</output>
</check>
</check>
<!-- Fallback to built-in if external agent failed -->
<check if="{{external_agent_failed}} == true">
<set-var name="use_external_agent" value="false" />
</check>
<check if="{{use_external_agent}} == false">
<!-- ============================================================== -->
<!-- FALLBACK ONLY: Built-in Review (when NO external agent works) -->
<!-- ============================================================== -->
<critical>This section should ONLY execute if ALL external agents failed detection or invocation.</critical>
<critical>If you are here but an external agent was available, you have violated the workflow rules.</critical>
<output>⚠️ No external agent available - performing built-in adversarial review</output>
<!-- AC Validation -->
<action>For EACH Acceptance Criterion:
@ -91,6 +250,10 @@
5. **Test Quality**: Are tests real assertions or placeholders?
</action>
<action>Merge {{git_findings}} with built-in findings into {{all_findings}}</action>
</check>
<!-- Minimum issue check - applies to both paths -->
<check if="total_issues_found lt 3">
<critical>NOT LOOKING HARD ENOUGH - Find more problems!</critical>
<action>Re-examine code for:
@ -113,6 +276,7 @@
<output>**🔥 CODE REVIEW FINDINGS, {user_name}!**
**Story:** {{story_file}}
**Review Method:** {{external_agent_cmd}} OR built-in
**Git vs Story Discrepancies:** {{git_discrepancy_count}} found
**Issues Found:** {{high_count}} High, {{medium_count}} Medium, {{low_count}} Low
@ -185,7 +349,7 @@
<action>Set {{current_sprint_status}} = "no-sprint-tracking"</action>
</check>
<!-- Sync sprint-status.yaml when story status changes (only if sprint tracking enabled) -->
<!-- Sync sprint-status.yaml when story status changes -->
<check if="{{current_sprint_status}} != 'no-sprint-tracking'">
<action>Load the FULL file: {sprint_status}</action>
<action>Find development_status key matching {{story_key}}</action>

7
src/modules/bmm/workflows/4-implementation/code-review/workflow.yaml
View File

@ -18,6 +18,7 @@ sprint_status: "{sprint_artifacts}/sprint-status.yaml || {output_folder}/sprint-
installed_path: "{project-root}/{bmad_folder}/bmm/workflows/4-implementation/code-review"
instructions: "{installed_path}/instructions.xml"
validation: "{installed_path}/checklist.md"
external_agent_prompt: "{installed_path}/external-agent-prompt.md"
template: false
variables:
@ -25,6 +26,11 @@ variables:
project_context: "**/project-context.md"
story_dir: "{sprint_artifacts}"
# External code review agent configuration
# User selects preferred agent during install; detection verifies availability at runtime
# Supported values: codex, gemini, claude, none
external_review_agent: "{config_source}:external_review_agent || 'none'"
# Smart input file references - handles both whole docs and sharded docs
# Priority: Whole document first, then sharded version
# Strategy: SELECTIVE LOAD - only load the specific epic needed for this story review
@ -51,4 +57,3 @@ input_file_patterns:
load_strategy: "INDEX_GUIDED"
standalone: true
web_bundle: false