Expanded the security policy to include supported versions, reporting guidelines, response timelines, security scope, and best practices for users.
Co-authored-by: Alex Verkhovsky <alexey.verkhovsky@gmail.com>
* fix(cli): replace inquirer with @clack/prompts for Windows compatibility
- Add new prompts.js wrapper around @clack/prompts to fix Windows arrow
key navigation issues (libuv #852)
- Fix validation logic in github-copilot.js that always returned true
- Add support for primitive choice values (string/number) in select/multiselect
- Add 'when' property support for conditional questions in prompt()
- Update all IDE installers to use new prompts module
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(cli): address code review feedback for prompts migration
- Move @clack/prompts from devDependencies to dependencies (critical)
- Remove unused inquirer dependency
- Fix potential crash in multiselect when initialValues is undefined
- Add async validator detection with explicit error message
- Extract validateCustomContentPathSync method in ui.js
- Extract promptInstallLocation methods in claude-code.js and antigravity.js
- Fix moduleId -> missing.id in installer.js remove flow
- Update multiselect to support native clack API (options/initialValues)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: update comments to reference @clack/prompts instead of inquirer
- Update bmad-cli.js comment about CLI prompts
- Update config-collector.js JSDoc comments
- Rename inquirer variable to choiceUtils in ui.js
- Update JSDoc returns and calls documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(cli): add spacing between prompts and installation progress
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(cli): add multiselect usage hints for inexperienced users
Add inline navigation hints to all multiselect prompts showing
(↑/↓ navigate, SPACE select, ENTER confirm) to help users
unfamiliar with terminal multiselect controls.
Also restore detailed warning when no tools are selected,
explaining that SPACE must be pressed to select items.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(cli): restore IDE grouping using groupMultiselect
Replace flat multiselect with native @clack/prompts groupMultiselect
component to restore visual grouping of IDE/tool options:
- "Previously Configured" - pre-selected IDEs from existing install
- "Recommended Tools" - starred preferred options
- "Additional Tools" - other available options
This restores the grouped UX that was lost during the Inquirer.js
to @clack/prompts migration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add editorial review tasks for structure and prose
Add two complementary editorial review tasks:
- editorial-review-structure.xml: Structural editor that proposes cuts,
reorganization, and simplification. Includes 5 document archetype models
(Tutorial, Reference, Explanation, Prompt, Strategic) for targeted evaluation.
- editorial-review-prose.xml: Clinical copy-editor for prose improvements
using Microsoft Writing Style Guide as baseline.
Both tasks support humans and llm target audiences with different principles.
* fix: add content-sacrosanct guardrail to editorial review tasks
Both editorial review tasks (prose and structure) were missing the key
constraint that reviewers should never challenge the ideas/knowledge
themselves—only how clearly they are communicated. This restores the
original design intent.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: align reader_type parameter naming across editorial tasks
Prose task was using 'target_audience' for the humans/llm optimization
flag while structure task correctly separates 'target_audience' (who
reads) from 'reader_type' (optimization mode). Aligns to reader_type.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Brian <bmadcode@gmail.com>
- Add "Why does BMad use so many tokens?" FAQ explaining design tradeoff
(decision quality over code velocity)
- Fix stale anchor #adversarial-review-general → #adversarial-review
- Remove link to archived customize-workflows.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Step 4 was missing a structured menu at the spec review checkpoint.
This caused agents to skip past the approval step without waiting for
explicit user confirmation.
Added:
- Review menu with [y] Approve, [c] Changes, [q] Questions, [a] Advanced Elicitation, [p] Party Mode
- Explicit HALT instruction
- Menu handling section
This aligns step 4 with the menu-driven pattern used in steps 1-3.
Fixes#1304
Also fixes pre-existing prettier issue in src/modules/cis/module.yaml.
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Expand tagline: "No gated Discord", "empowering everyone"
- Add emojis and stronger CTAs to Support section
- Consolidate star/subscribe asks into Support section
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add "100% free and open source" tagline at top
- Update YouTube line with upcoming master class/podcast
- Add "Help us grow" CTA for stars and subs
- Add new "Support BMad" section with donation and speaking info
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: expand TEA documentation with cheat sheets, MCP enhancements, and API testing patterns
* docs: update TEA fragment counts and fix playwright-utils code examples
* docs: addressed PR review concerns
* docs: update TEA MCP configuration link to point to documentation site
* feat: add link auditor tools and fix broken docs links
- Add audit-doc-links.js to scan docs for broken links with auto-resolution
- Add fix-doc-links.js to apply suggested fixes (dry-run by default)
- Remove stale "Back to Core Concepts" breadcrumb links
- Update BMad acronym to "Breakthrough Method of Agile AI Driven Development"
- Update README links to docs.bmad-method.org
- Simplify upgrade callout in getting-started tutorial
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: reorganize docs structure and archive v4 tutorial
- Remove unused section index files (tutorials, how-to, explanation, reference)
- Move getting-started-bmadv4.md to _archive
- Update quick-start-bmgd.md to remove archived file reference
- Update upgrade-to-v6.md
- Update astro.config.mjs for new structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: ignore underscore directories in link checker
Update check-doc-links.js to skip _archive, _planning, and other
underscore-prefixed directories when validating links.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add v4 users section to README
Add links to v4 documentation archive and upgrade guide for users
migrating from previous versions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: convert docs to site-relative links and add validation tools
- Convert all relative links (./ ../) to site-relative paths (/path/)
- Strip .md extensions and use trailing slashes for Astro/Starlight
- Add fix-doc-links.js to convert relative links to site-relative
- Add validate-doc-links.js to check links point to existing files
- Remove old audit-doc-links.js and check-doc-links.js
- Update build-docs.js to use new validation script
- Add npm scripts: docs:fix-links, docs:validate-links
- Update style guide with validation steps
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: standardize acronym to BMad across documentation
Replace incorrect "BMAD" with correct "BMad" in text and frontmatter
while preserving "BMAD-METHOD" in GitHub URLs.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: fix BMad acronym and remove draft README
- Correct acronym to "Breakthrough Method of Agile AI Driven Development"
- Remove unused README-draft.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: standardize BMad acronym in README
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: standardize FAQ format across all FAQ pages
- Add TOC with jump links under "## Questions"
- Use ### headers for questions (no Q: prefix)
- Direct answers without **A:** prefix
- Remove horizontal rules and "Related Documentation" sections
- End each FAQ with issue/Discord CTA
- Update style guide with new FAQ guidelines
- Delete redundant faq/index.md (sidebar handles navigation)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use repo-relative links with .md for GitHub compatibility
Convert all documentation links to repo-relative format (/docs/path/file.md)
so they work when browsing on GitHub. The rehype plugin strips /docs/ prefix
and converts .md to trailing slash at build time for Astro/Starlight.
- Update rehype-markdown-links.js to strip /docs/ prefix from absolute paths
- Update fix-doc-links.js to generate /docs/ prefixed paths with .md extension
- Convert 217 links across 64 files to new format
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: handle /docs/ prefix in link validator
Update resolveLink to strip /docs/ prefix from repo-relative links
before checking if files exist.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: restore FAQ index page
Re-add the FAQ index page that was accidentally deleted, with
updated repo-relative link format.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Alex Verkhovsky <alexey.verkhovsky@gmail.com>
* feat: refactor Cursor IDE setup to do command generation and cleanup instead of rules
- Added support for command generation in the Cursor IDE setup, including the creation of a new commands directory.
- Implemented cleanup for old BMAD commands alongside existing rules.
- Integrated TaskToolCommandGenerator for generating task and tool commands.
- Updated logging to reflect the number of agents, tasks, tools, and workflow commands generated during setup.
* style: adjust constructor formatting and update command path in Cursor IDE setup
- Reformatted the constructor method for consistency.
- Updated the command path syntax in the Cursor IDE setup to use a more standard format.
* fix: update Cursor command paths in documentation
- Changed the command path for Cursor IDE setup from `.cursor/rules/bmad/` to `.cursor/commands/bmad/` in both installers.md and modules.md.
- Updated file extension references to use `.md` instead of `.mdc` for consistency.
Implement Vitest testing framework with 287 new tests achieving 80%+ overall coverage for previously untested critical components.
Coverage achievements:
- file-ops.js: 100% (exceeded 95% target)
- xml-utils.js: 100%
- config.js: 89% (exceeded 85% target)
- yaml-xml-builder.js: 86% (close to 90% target)
- dependency-resolver.js: 81%, 100% functions
New test coverage:
- 126 tests for file operations (254+ file system interactions)
- 74 tests for dependency resolution (multi-pass, circular detection)
- 69 tests for YAML/XML transformations (persona merging, XML generation)
- 37 tests for configuration processing (placeholder replacement, validation)
- 18 tests for XML utilities (special character escaping)
Infrastructure improvements:
- Add Vitest 4.0.16 with V8 coverage provider
- Create test helpers for temp directories and fixtures
- Configure ESLint for ES module test files
- Update npm scripts for test execution and coverage
- Maintain 100% backward compatibility with existing tests
Critical scenarios tested:
- Data loss prevention in syncDirectory() with hash/timestamp comparison
- Circular dependency handling in multi-pass resolution
- XML special character escaping to prevent injection
- Unicode filename and content handling
- Large file streaming (10MB+) for hash calculation
All 352 tests (65 existing + 287 new) passing with zero flaky tests.
Inquirer v9+ is ESM-only, causing ERR_REQUIRE_ESM when loaded via
require() in CommonJS. Convert all require('inquirer') calls to
dynamic import('inquirer') across 8 CLI files.
Fixes#1197
Version bump for revalidation and ghost feature detection features.
New in alpha.4:
- Story/epic revalidation workflows (verify checkbox accuracy)
- Ghost feature detector (find orphaned code with no stories)
- Both features production-ready
- Agent menus updated with RVS, RVE, GFD triggers
- .gitignore updated to exclude exported conversation files
Ready for npm publish.
- Update instructions.md Step 2.5 to explicitly halt when story
creation/regeneration is needed (agents cannot invoke workflows)
- Add clear user guidance with manual action steps
- Add manual_actions_required tracking to batch summary (Step 5)
- Update README.md with Critical Prerequisites section
- Create scripts/validate-all-stories.sh for pre-batch validation
This addresses the root cause where batch-super-dev told agents to
"Invoke workflow: /create-story-with-gap-analysis" which is not
possible in batch mode. Agents now gracefully skip invalid stories
and provide clear instructions for manual intervention.
Follows recommendations from BMAD-WORKFLOW-IMPROVEMENTS.md
WHO YOU GONNA CALL? 👻 GHOST-FEATURE-BUSTERS!
Implements reverse gap analysis to find "orphaned code" - functionality
that exists in the codebase but has no corresponding story documentation.
Use Case:
"Find functionality that doesn't exist in any story (was vibe coded or
magically appeared) and propose backfilling stories" - User
FEATURE: /ghost-features (trigger: GFD)
---------------------------------------
Scans codebase and cross-references with ALL stories to find orphans:
1. Codebase Scan:
- React/Vue/Angular components
- API endpoints (Next.js, NestJS, Express)
- Database tables (Prisma, TypeORM, migrations)
- Services and business logic modules
- Ignores tests, build artifacts, node_modules
2. Cross-Reference with Stories:
- Check if component mentioned in any File List
- Check if API mentioned in any Task/AC
- Check if table mentioned in any story
- Mark as DOCUMENTED if found, ORPHAN if not
3. Severity Classification:
- CRITICAL: APIs, auth, payment (security-critical)
- HIGH: Components, DB tables, services (significant features)
- MEDIUM: Utilities, helpers
- LOW: Config files, constants
4. Backfill Story Generation:
- Analyze orphan code to understand functionality
- Generate story draft documenting existing implementation
- Mark most tasks as [x] (already exists)
- Add tasks for missing tests/docs
- Suggest epic assignment based on functionality
5. Epic Organization:
- Option A: Create "Epic-Backfill" for all orphans
- Option B: Distribute to existing epics
- Option C: Leave in backlog
Output:
- Orphaned features list (by severity and type)
- Documentation coverage % (what % of code has stories)
- Backfill stories created (if requested)
- Comprehensive report (ghost-features-report-{timestamp}.md)
Usage:
```bash
# Detect orphans in entire sprint
/ghost-features
# Detect orphans in Epic 2
/ghost-features epic_number=2 scan_scope=epic
# Detect and create backfill stories
/ghost-features create_backfill_stories=true
# Full codebase scan
/ghost-features scan_scope=codebase
```
Files Created:
- detect-ghost-features/workflow.yaml: Reverse gap analysis config
- detect-ghost-features/instructions.md: 8-step detection + backfill process
Files Modified:
- sm.agent.yaml: Added GFD (Ghost Feature Detector) menu item
Benefits:
- Prevents "ghost features" from accumulating
- Documents vibe-coded functionality
- Maintains story-code parity
- Enables accurate sprint planning (know what actually exists)
- Makes codebase auditable (every feature has a story)
- Catches manual code additions that bypassed story process
Implements user-requested revalidation capability to verify checkbox accuracy.
Use Case:
"I am uncertain about the real status of some stories and epics that I've
worked on and would love a re-check" - User
FEATURE: /revalidate-story
-------------------------
Clears all checkboxes and re-verifies each item against codebase:
1. Clear Phase:
- Uncheck all boxes in ACs, Tasks, DoD
- Start from clean slate
2. Verification Phase:
- For each item: search codebase with Glob/Grep
- Read files to verify actual implementation (not stubs)
- Check for tests and verify they pass
- Re-check verified items: [x] verified, [~] partial, [ ] missing
3. Gap Reporting:
- Report what exists vs what's documented
- Calculate accuracy (before % vs after %)
- Identify over-reported (checked but missing) and under-reported (exists but unchecked)
4. Gap Filling Mode (optional):
- Implement missing items
- Run tests to verify
- Commit per gap or all at once
- Re-verify after filling
Token Cost Analysis:
- Verify-only: ~30-45K tokens (just scan and report)
- Verify-and-fill (10% gaps): ~35-55K tokens
- Verify-and-fill (50% gaps): ~60-90K tokens
- Compare to full re-implementation: ~80-120K tokens
- Savings: 40-60% when gaps <30%
FEATURE: /revalidate-epic
------------------------
Batch revalidation of all stories in an epic using semaphore pattern:
- Maintain pool of N concurrent workers
- As worker finishes → immediately start next story
- Constant concurrency until all stories revalidated
- Epic-wide summary with health score
- Stories grouped by completion %
Usage:
```bash
# Verify only
/revalidate-story story_file=path/to/story.md
# Verify and fill gaps
/revalidate-story story_file=path/to/story.md fill_gaps=true
# Revalidate entire epic
/revalidate-epic epic_number=2
# Revalidate epic and fill all gaps
/revalidate-epic epic_number=2 fill_gaps=true max_concurrent=5
```
Files Created:
- revalidate-story/workflow.yaml: Story revalidation config
- revalidate-story/instructions.md: 10-step revalidation process
- revalidate-epic/workflow.yaml: Epic batch revalidation config
- revalidate-epic/instructions.md: Semaphore pattern for parallel revalidation
Files Modified:
- dev.agent.yaml: Added RVS and RVE menu items
- sm.agent.yaml: Added RVS and RVE menu items
Next: Reverse gap analysis (detect orphaned code with no stories)
Version bump after alpha.2 was published to npm.
Changes in alpha.3:
- Semaphore pattern for parallel execution (20-40% faster)
- Git commit queue eliminates lock file conflicts
- Minimum 3-task requirement prevents invalid stories
- All features production-tested and ready
Implements user-requested semaphore/worker pool pattern for maximum parallelization efficiency.
OLD Pattern (Inefficient):
- Split stories into batches of N
- Spawn N agents for batch 1
- Wait for ALL N to finish (idle time if some finish early)
- Spawn N agents for batch 2
- Wait for ALL N to finish
- Repeat until done
NEW Semaphore Pattern (Efficient):
- Initialize pool with N worker slots
- Fill all N slots with first N stories
- Poll workers continuously (non-blocking)
- As soon as ANY worker completes → immediately refill that slot
- Maintain constant N concurrent agents until queue empty
- Zero idle time, maximum throughput
Benefits:
- 20-40% faster completion (eliminates batch synchronization delays)
- Constant utilization of all worker slots
- More predictable completion times
- Better resource efficiency
Implementation Details:
- run_in_background: true for Task agents (non-blocking spawns)
- TaskOutput(block=false) for polling without waiting
- Worker pool state tracking (active_workers map)
- Immediate slot refill on completion
- Live progress dashboard every 30 seconds
- Graceful handling of failures (continue_on_failure support)
Files Modified:
- batch-super-dev/instructions.md: Rewrote Step 4-Parallel with semaphore logic
- batch-super-dev/README.md: Updated to v1.3.0, documented semaphore pattern
- docs/HOW-TO-VALIDATE-SPRINT-STATUS.md: Explained semaphore vs batch patterns
- src/modules/cis/module.yaml: Auto-formatted by prettier
User Experience:
- Same concurrency selection (2, 4, or all stories)
- Same sequential vs parallel choice
- Now with continuous worker pool instead of batch synchronization
- Real-time visibility: "Worker 3 completed → immediately refilled"
Added comprehensive documentation for v1.3.0 continuous sprint-status tracking:
- Real-time progress dashboard updates after every task
- CRITICAL enforcement with HALT on failure
- Progress format examples (X/Y tasks, Z%)
- Benefits and backward compatibility notes
- Files modified list
Implements requirements #1 and #2: stronger enforcement + progress tracking
REQUIREMENT #1: Stronger Enforcement
- dev-story Step 8 now MANDATES sprint-status.yaml update after EVERY task
- Previously: Updated only at story start (step 4) and end (step 9)
- Now: Updated after EACH task completion with CRITICAL + HALT enforcement
- Validation: Re-reads file to verify update persisted, HALTs on failure
REQUIREMENT #2: Progress Tracking
- Extended sprint-status.yaml format with inline progress comments
- Format: "story-key: in-progress # X/Y tasks (Z%)"
- Real-time visibility into story progress without opening story files
- Automatically updated by dev-story and batch-super-dev reconciliation
Progress Comment Format:
- in-progress: "# 3/10 tasks (30%)"
- review: "# 10/10 tasks (100%) - awaiting review"
- done: "# ✅ COMPLETED: Brief summary"
Benefits:
- Sprint-status.yaml becomes a real-time progress dashboard
- No need to open individual story files to check progress
- Immediate visibility when stories stall (same % for days)
- Enables better sprint planning and resource allocation
Files Modified:
- dev-story/instructions.xml (BMM + BMGD): Added mandatory task-level updates
- sprint-status/instructions.md (BMM + BMGD): Added progress parsing/display
- batch-super-dev/step-4.5-reconcile-story-status.md: Added progress to reconciliation
- docs/HOW-TO-VALIDATE-SPRINT-STATUS.md: Documented new format and enforcement
Breaking Change: None (backward compatible with old format)
- Old entries without progress comments still work
- New entries automatically add progress
- Gradual migration as stories are worked
Republish version after alpha.1 was already published to npm.
No functional changes from alpha.1.
Changes:
- package.json: 6.1.0-alpha.1 → 6.1.0-alpha.2
- package-lock.json: updated to reflect new version
- CHANGELOG.md: added alpha.2 entry
Brian Madison
Nwokoma Chukwuma U.
Kevin Heidt
Murat K Ozcan
Eduard Voiculescu
sjennings
VJSai
Davor Racic
Alex Verkhovsky
forcetrainer
Brian
forcetrainer
Phil
Jonah Schulte
Q00