This PR is intentionally large due to coupled workflow.md migration and step-flow parity updates across runtime, installer, and tests.\n\nFollow-up work can be split by domain if maintainers prefer smaller review surfaces.
* feat: extend validate-file-refs.js to scan CSV workflow-file references
Add CSV file reference extraction to the Layer 1 validation pipeline,
preventing broken _bmad/ workflow-file paths in module-help.csv files.
Closes the gap identified after PR #1529 where CSV references were
unvalidated despite being a source of repeat community issues.
Refs: #1519
* fix: include test:refs in aggregate test script
Add CSV file-ref extraction tests to the aggregate `npm test` pipeline,
matching the existing pattern for test:schemas and test:install.
Thanks to CodeRabbit for catching the omission.
* fix: address review feedback on CSV validator extension
- Surface CSV parse errors visibly instead of silently swallowing
(no Layer 2c schema validator exists yet to catch these)
- Add explanatory comments for the !VERBOSE logging pattern
(non-verbose prints file headers only when issues found)
- Add verbose-mode diagnostics for extensionless path handling
([SKIP] when nothing exists, [OK-DIR] for valid directories)
* refactor: collect-then-print to eliminate confusing !VERBOSE pattern
Replace the split header-printing logic (print early in verbose mode,
print late in non-verbose mode with a !VERBOSE guard) with a simpler
collect-then-print approach. Refs are now classified into ok[] and
broken[] arrays first, then printed in a single location with one
straightforward if/else if decision.
Addresses alexeyv's review feedback about the counterintuitive
"if not verbose, log" pattern.
* feat: promote extensionless unresolved paths from silent skip to [UNRESOLVED]
Paths without file extensions that don't exist as files or directories
are now flagged as [UNRESOLVED] — a distinct tag from [BROKEN] (which
means a file with a known extension wasn't found). Both count toward
the broken reference total and appear in CI annotations.
This catches real bugs like wrong directory names in installed_path
metadata and dead invoke-workflow references to removed workflows.
Extensionless paths that DO exist as directories are still [OK-DIR].
---------
Co-authored-by: Alex Verkhovsky <alexey.verkhovsky@gmail.com>
Co-authored-by: Brian <bmadcode@gmail.com>
* feat(cli): complete @clack/prompts migration
Full migration of BMAD CLI installer from legacy terminal libraries
(chalk, ora, boxen, figlet, wrap-ansi, cli-table3, readline) to unified
@clack/prompts v1.0.0 visual system.
Foundation (prompts.js + cli-utils.js):
- Extended prompts.js wrapper with box, spinner, progress, taskLog,
path, autocomplete, selectKey, stream, color re-export
- Refactored cli-utils.js: displayLogo uses box(), sections use note(),
steps use log.step(), removed boxen/figlet/wrap-ansi/cli-table3
UI orchestration (ui.js):
- Replaced ~100 console.log+chalk calls with log.*, note(), box()
- Replaced ora spinner with @clack spinner
- Module selection: autocompleteMultiselect with locked core module,
bulleted post-selection display, maxItems for no-scroll
Spinner migration (installer.js):
- Replaced 40+ ora spinner calls with @clack spinner
- All spinner.stop() calls include meaningful messages
- Failure paths use spinner.error() (red cross) instead of stop()
Readline migration (agent/installer.js + config-collector.js):
- Migrated readline prompts to @clack text/confirm/select
- Fixed chalk.dim bug (chalk was never imported)
- Removed chalk from config-collector.js
IDE handlers + modules (7 files):
- Replaced chalk+ora across all IDE handlers and module manager
- Fixed options.installer undefined bug in manager.js update()
Cleanup:
- Removed ora, boxen, figlet, wrap-ansi, cli-table3 from dependencies
- chalk stays (used outside tools/cli/ scope)
- Replaced hand-drawn Unicode update box in bmad-cli.js with box()
- Added process.stdin.setMaxListeners(25) for sequential prompts
Spinner wrapper adds isSpinning state tracking (not native to @clack).
Removed dead groupMultiselect and sortKey sort calls.
Ref: tech-spec-installer-clack-migration-ui-enhancement.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(cli): consolidate installer output to single spinner + summary
Replace ~40 lines of output from 15+ spinner start/stop cycles with a
single animated spinner during installation and a final note() summary
block showing checkmarks per step.
Key changes:
- Add results collector pattern in install() method
- Replace spinner.stop/start pairs with addResult + spinner.message
- Add renderInstallSummary() using prompts.note() with colored output
- Propagate silent flag through IDE handlers and module manager
- Add spinner race condition guards (start while spinning, stop while stopped)
- Add no-op spinner pattern for silent external module cloning
- Fix stdin listener limit to be defensive with Math.max
- Add GIT_TERMINAL_PROMPT=0 for non-interactive git operations
- Merge locked values into initialValue for autocomplete prompts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(cli): resolve code review findings from @clack/prompts migration
Address 31 issues across 14 CLI files found during PR #1586 review
(Augment Code + CodeRabbit):
- Fix bmadDir ReferenceError by hoisting declaration before try block
- Wrap console.log monkey-patch in try/finally for safe restoration
- Fix transformWorkflowPath dead code and undefined return path
- Fix broken symlink crash in _config-driven.js and codex.js cleanup
- Pass installer instance through update() for agent recompilation
- Fix @clack/prompts API: defaultValue→default, initialValue→default
- Use nullish coalescing (??) instead of logical OR for falsy values
- Forward options in recursive promptToolSelection calls
- Remove no-op replaceAll('_bmad','_bmad') in manager and generator
- Remove unused confirm prompt in config-collector hasNoConfig branch
- Guard spinner.message() when spinner is not running
- Add missing methods to silent spinner stub (cancel, clear, isSpinning)
- Wrap install.js error handler with inner try/catch + console fallback
- Gate codex per-entry error log with silent flag
- Add return statements to all stream wrapper methods
- Remove dead variables (availableNames, hasCustomContentItems)
- Filter core module from update flow selection
- Replace borderColor ternary chain with object map
- Fix Kilo "agents" label to "modes" in IDE manager
- Normalize error return shape for unsupported IDEs
- Fix spinner message timing before dependency resolution
- Guard undefined moduleDir in dependency-resolver
- Fix workflowsInstalled counter inflation in custom handler
- Migrate console.warn calls to prompts.log.warn
- Replace console.log() with prompts.log.message('')
- Fix legacyBmadPath hardcoded to .bmad instead of entry.name
- Fix focusedValue never assigned breaking SPACE toggle and hints
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The workflow was failing with 403 "Resource not accessible by integration"
on fork PRs because pull_request events get read-only GITHUB_TOKEN
permissions for cross-repository PRs. Switching to pull_request_target
runs the workflow in the base repo context, granting write permissions
needed to post the @coderabbitai review comment.
This is safe because the workflow only posts a comment and does not
check out or execute any code from the PR branch.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add Augment Code Review (audit mode) and CodeRabbit (adversarial mode):
Augment (.augment/code_review_guidelines.yaml):
- Workflow structure and step validation rules
- Agent definition validation
- Path placeholder enforcement
- JIT loading and HALT requirements
CodeRabbit (.coderabbit.yaml):
- Raven-style adversarial reviewer persona
- Finds logical contradictions and missing implementations
- No rule anchoring - reasons freely
Supporting changes:
- .gitignore: exclude .augment/ from ignore
- eslint.config.mjs: ignore .augment/ directory
fix: clarify .augment gitignore pattern and eslint comment
Add documentation comment to .gitignore explaining the .augment/*
exception pattern, and replace misleading eslint comment about
"underscores per their spec" with accurate description of vendor
config directory exclusion.
Addresses CodeRabbit findings F10 and F11 from PR #1511 review.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: remove redundant eslint ignore patterns
The broader glob patterns (dir/**) already match all files recursively,
making the more specific sub-patterns (dir/**/*.js, dir/**/*.md, etc.)
completely redundant. Similarly, _bmad*/** already covers _bmad/**.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: synchronize ignore baselines across CodeRabbit and Augment configs
Expand path exclusions in both PR review tools to a shared baseline:
- Mutual config exclusions (each tool ignores its own and others configs)
- Build output, vendored/generated files, package metadata, binary/media
- Test fixtures, non-project dirs, AI assistant dirs, build temp
- Generated reports
CodeRabbit goes from 1 exclusion to 32; Augment from 12 to 32.
ESLint already had comprehensive ignores and is unchanged.
Addresses CodeRabbit findings F2 and F4 from PR #1511 review.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: correct project name in Augment review guidelines
fix: remove instruction that explicitly encourages false positives
Dicky Moore
Dicky Moore
Michael Pursifull
Alex Verkhovsky
Davor Racic