The workflow was failing with 403 "Resource not accessible by integration"
on fork PRs because pull_request events get read-only GITHUB_TOKEN
permissions for cross-repository PRs. Switching to pull_request_target
runs the workflow in the base repo context, granting write permissions
needed to post the @coderabbitai review comment.
This is safe because the workflow only posts a comment and does not
check out or execute any code from the PR branch.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add Augment Code Review (audit mode) and CodeRabbit (adversarial mode):
Augment (.augment/code_review_guidelines.yaml):
- Workflow structure and step validation rules
- Agent definition validation
- Path placeholder enforcement
- JIT loading and HALT requirements
CodeRabbit (.coderabbit.yaml):
- Raven-style adversarial reviewer persona
- Finds logical contradictions and missing implementations
- No rule anchoring - reasons freely
Supporting changes:
- .gitignore: exclude .augment/ from ignore
- eslint.config.mjs: ignore .augment/ directory
fix: clarify .augment gitignore pattern and eslint comment
Add documentation comment to .gitignore explaining the .augment/*
exception pattern, and replace misleading eslint comment about
"underscores per their spec" with accurate description of vendor
config directory exclusion.
Addresses CodeRabbit findings F10 and F11 from PR #1511 review.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: remove redundant eslint ignore patterns
The broader glob patterns (dir/**) already match all files recursively,
making the more specific sub-patterns (dir/**/*.js, dir/**/*.md, etc.)
completely redundant. Similarly, _bmad*/** already covers _bmad/**.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: synchronize ignore baselines across CodeRabbit and Augment configs
Expand path exclusions in both PR review tools to a shared baseline:
- Mutual config exclusions (each tool ignores its own and others configs)
- Build output, vendored/generated files, package metadata, binary/media
- Test fixtures, non-project dirs, AI assistant dirs, build temp
- Generated reports
CodeRabbit goes from 1 exclusion to 32; Augment from 12 to 32.
ESLint already had comprehensive ignores and is unchanged.
Addresses CodeRabbit findings F2 and F4 from PR #1511 review.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: correct project name in Augment review guidelines
fix: remove instruction that explicitly encourages false positives
The downloads page offered bmad-sources.zip and bmad-prompts.zip, both
redundant: GitHub provides source archives for every tag natively, and
npx bmad-method install is the supported path for compiled prompts.
Remove the downloads page, all bundle generation code, the archiver
dependency, and nav links. The llms.txt and llms-full.txt files (the
genuinely useful artifacts) continue to be generated as before.
The manual-release.yaml workflow has been broken since the v6 alpha
rewrite — it calls `npm run validate` which no longer exists. Releases
are now handled via the /draft-changelog and release skills instead.
- Delete .github/workflows/manual-release.yaml
- Delete tools/docs/BUNDLE_DISTRIBUTION_SETUP.md (references deleted workflow)
- Remove release:major/minor/patch/watch npm scripts (triggered deleted workflow)
Can be restored from git history if a CI-based release workflow is needed again.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Update all references to the help task file from the old path
`_bmad/core/tasks/bmad-help.md` to the new path `_bmad/core/tasks/help.md`.
Affected files:
- 7 workflow step files across multiple workflows
- 1 IDE tool command generator (updated comments)
Remove the forbidden `workflow_path` frontmatter variable from 16 step files
across 3 workflows (quick-dev, quick-spec, check-implementation-readiness).
Per BMAD workflow standards, step files should use relative paths or
{project-root} references instead.
Changes:
- quick-dev (6 files): removed workflow_path and unused thisStepFile
- quick-spec (4 files): removed workflow_path, updated templateFile to use relative path
- check-implementation-readiness (6 files): removed workflow_path, updated all references to use relative paths
Also fixes incorrect path in check-implementation-readiness that referenced
non-existent 'implementation-readiness' folder instead of 'check-implementation-readiness'.
Fixes#1546
Fixes#1547
- step-05 now correctly routes to step-06-research-synthesis.md instead of presenting itself as the final step
- Fixed step-04 stepsCompleted: [1,2,3] → [1,2,3,4]
- Fixed step-05 stepsCompleted: [1,2,3,4] → [1,2,3,4,5]
- Fixed step-06 stepsCompleted: [1,2,3,4,5] → [1,2,3,4,5,6]
- Fixed step-05 title from "Step 4" to "Step 5"
- Fixed step-06 title from "Step 5" to "Step 6"
- Updated success/failure metrics and NEXT STEP sections
This mirrors the fix applied to market research in Beta.5, ensuring the technical research workflow properly completes through all 6 steps.
After Party Mode completes within a parent workflow, the LLM fails to
re-present the parent workflow's completion menu due to lost-in-the-middle
effect at 50-100K tokens. The parent workflow instructions get pushed into
mid-context where they are no longer proactively recalled.
Add a Return Protocol section to step-03-graceful-exit.md that instructs
the LLM to:
1. Identify the parent workflow that invoked party-mode
2. Re-read that file to restore context
3. Resume from the invocation point
4. Present required menus/options
This is platform-independent prompt engineering that forces proactive
re-reading rather than relying on mid-context recall.
Fixes#1319
Co-authored-by: Brian <bmadcode@gmail.com>
- Replace "invoke the review task" with "load and follow the review task"
- Replace "run this step/task" with "load this step/task"
- Aligns with canonical phrasing from PR #1387Closes#1378
CodeRabbit doesn't reliably handle the ready_for_review webhook
event, so draft PRs that are marked ready never get auto-reviewed.
This workflow posts @coderabbitai review when a PR transitions
from draft to ready, working around the limitation.
* docs: add pull request template
Adds PR template matching the format documented in CONTRIBUTING.md.
Completes one of two remaining GitHub Community Standards items.
Fixes#1553
* Update .github/PULL_REQUEST_TEMPLATE.md
- Override _isActionKey to treat SPACE as an action key instead of search input,
and add key handler to toggle selections when not navigating
- update IDE selection prompt message from "Select tools:" to "Integrate with:".
* docs: add official external modules reference page
* chore: remove obsolete docs and basement files
* fix: update robots.txt URLs to docs.bmad-method.org
* fix: generate robots.txt dynamically from site base URL
Replace static robots.txt with an Astro endpoint that uses the
configured site URL, so sitemap references are correct on both
fork deployments and production.
* fix: unify site URL resolution in build-docs.js
build-docs.js had its own hardcoded fallback URL
(bmad-code-org.github.io) instead of using the shared
getSiteUrl() function, causing URL mismatches between
robots.txt, llms.txt, and sitemaps. Now all components
resolve the site URL through the same function. Renamed
site-url.js to .mjs to avoid Node ESM detection warnings.
* fix: correct module names and relocate prompt file
- CIS: "Creative Innovation Suite" → "Creative Intelligence Suite"
- GDS: "Game Dev Suite" → "Game Dev Studio"
- Move _prompt-external-modules-page.md from docs/ to tools/docs/
* refactor: convert build-docs to ESM, eliminate mutable globals
- Convert build-docs.js to build-docs.mjs (CJS → ESM)
- Import getSiteUrl directly, remove async import workaround
- Kill mutable SITE_URL global, call getSiteUrl() where needed
- Clean up Banner.astro variable naming
- Update package.json and CI workflow for .mjs extension
* feat: add non-interactive installation support
Add command-line flags to support non-interactive installation for CI/CD
pipelines and automated deployments:
- --directory: Installation directory
- --modules: Comma-separated module IDs
- --tools: Tool/IDE IDs (use "none" to skip)
- --custom-content: Custom module paths
- --action: Action type for existing installations
- --user-name, --communication-language, --document-output-language, --output-folder: Core config
- -y, --yes: Accept all defaults
When flags are provided, prompts are skipped. Missing values gracefully
fall back to interactive prompts.
* fix: complete non-interactive installation support
- Fix validation checks using truthy instead of !== true
- Add skipPrompts flag to skip module config prompts with --yes
- Add getDefaultModules() for automatic module selection with --yes
- Fix IDE selection to use array check instead of length check
Co-Authored-By: AiderDesk <https://github.com/hotovo/aider-desk>
---------
Co-authored-by: Brian <bmadcode@gmail.com>
The --prefer-offline flag causes npm to use cached package metadata,
which can be stale and fail to resolve recently published versions.
Also updates deprecated --production flag to --omit=dev.
Fixes#1438
* fix: bmad-help agent reads project docs and respects communication_language
The help task fabricated tech stack information instead of reading actual
project documentation (#1460) and ignored communication_language config
(#1457). Three changes:
1. Step 2 now also extracts communication_language and project_knowledge
from the active module's config.yaml
2. New step 3 scans project_knowledge path for documentation and uses
discovered facts as grounding context, with anti-hallucination guard
3. Step 7 enforces {communication_language} in all output
Chose inline config resolution over workflow.yaml conversion to match
existing core task patterns (index-docs, shard-doc).
Fixes#1460
Relates to #1457
* fix: clarify config extraction wording in help task
Remove "active module" reference from step 2 — config extraction
happens during the all-modules scan, before module detection in
step 4. Changed to "each scanned module's config" to match the
existing iteration pattern.
Addresses CodeRabbit review feedback on PR #1535.
---------
Co-authored-by: Brian <bmadcode@gmail.com>
* fix: trim activation header to avoid YAML formatting issues in kilo installer
* refactor: convert kilo installer to use YAML object serialization and add workflow support
- Replace string concatenation with yaml.parse/stringify for proper YAML handling
- Add workflow command generation and export to .kilocode/workflows/
- Implement clearBmadWorkflows to remove old BMAD workflow files
- Convert createModeEntry to createModeObject returning structured objects
- Update cleanup to use YAML parsing for proper mode filtering
- Update installCustomAgentLauncher to use object-based config
* fix: add task and tool command generation to kilo installer
---------
Co-authored-by: Brian <bmadcode@gmail.com>
* docs: rename brownfield to established projects
Flatten how-to/brownfield/ subdirectory and replace jargon term
"brownfield" with more accessible "established projects" throughout.
- brownfield/index.md → established-projects.md
- brownfield/quick-fix-in-brownfield.md → quick-fixes.md
- brownfield-faq.md → established-projects-faq.md
- Update all internal links and references
* docs: remove redundant phrase from quick-fixes description
* docs: restore natural language in established-projects body
* fix: support CRLF line endings and add task/tool templates for all IDEs
* fix: preserve file extensions in IDE task/tool paths and update BMAD branding
* fix: double extension issue in wrapper filename generation
* fix: correct path handling and variable reference in task/tool command generator
* fix: change default BMAD folder name from 'bmad' to '_bmad' across all IDE components
* refactor: centralize BMAD_FOLDER_NAME constant in path-utils
* fix: Replace the rest of BMAD_FOLDER magic values
* fix: add safety checks for setBmadFolderName method calls in IdeManager
* fix: convert absolute paths to relative in task-tool-command-generator
* fix: support .xml task files in bmad-artifacts task discovery
* fix: skip internal tasks in manifest generation and IDE command discovery
* fix: skip empty artifact_types targets and remove unused vscode_settings target
* fix: skip internal tools in manifest generation and improve Windows path handling in command generator
* fix: use csv-parse library for proper CSV handling in manifest generation
* refactor: extract CSV text cleaning to reusable method in manifest generator
* fix: normalize path separators to forward slashes in agent file copying for cross-platform compatibility
---------
Co-authored-by: Alex Verkhovsky <alexey.verkhovsky@gmail.com>
Co-authored-by: Brian <bmadcode@gmail.com>
Adds two operational technology domains to domain-complexity.csv
in both PRD and architecture workflows. Addresses the gap in OT
domain coverage for physical process control and building systems.
process_control: industrial automation, SCADA, PLC, DCS, I&C,
P&ID — covers power/utilities, water treatment, oil & gas,
manufacturing, chemical, pharmaceutical, food & beverage, mining,
and other sectors where software controls physical processes.
Key concerns include functional safety, process safety and hazard
analysis, environmental compliance, OT cybersecurity, and plant
reliability/maintainability. Requires engineering_authority PRD
section for PE/EOR credential requirements.
building_automation: BAS/BMS, HVAC, fire alarm, fire protection,
life safety, elevators, lighting, access control, commissioning —
covers commercial and institutional building systems. Key concerns
include life safety codes, multi-trade coordination, commissioning,
and indoor environmental quality.
Both domains are high complexity, include engineering_authority
as a required PRD section, and follow established entry patterns.
Fixes#1240
Co-authored-by: Brian <bmadcode@gmail.com>
* feat: add cross-file reference validator for CI
Add tools/validate-file-refs.js that validates cross-file references
in BMAD source files (agents, workflows, tasks, steps). Catches broken
file paths, missing referenced files, wrong extensions, and absolute
path leaks before they reach users.
Addresses broken-file-ref and path-handling bug classes which account
for 25% of all historical bugs (59 closed issues, 129+ comments).
- Scans src/ for YAML, markdown, and XML files
- Validates {project-root}/_bmad/ references against source tree
- Checks relative path references, exec attributes, invoke-task tags
- Detects absolute path leaks (/Users/, /home/, C:\)
- Adds validate:refs npm script and CI step in quality.yaml
* feat: strip JSON example blocks to reduce false-positive broken refs
Add stripJsonExampleBlocks() to the markdown reference extractor so
bare JSON example/template blocks (braces on their own lines) are
removed before pattern matching. This prevents paths inside example
data from being flagged as broken references.
* feat: add line numbers, fix utility/ path mapping, improve verbose output
- Add utility/ to direct path mapping (was incorrectly falling through
to src/modules/utility/)
- Show line numbers for broken references in markdown files
- Show YAML key path for broken references in YAML files
- Print file headers in verbose mode for all files with refs
* fix: correct verbose [OK]/[BROKEN] overlap and line number drift
Broken refs no longer print [OK] before [BROKEN] in --verbose mode.
Code block stripping now preserves newlines so offsetToLine() reports
accurate line numbers when code blocks precede broken references.
* fix: address review feedback, add CI annotations and step summary
Address alexeyv's review findings on PR #1494:
- Fix exec-attr prefix handling for {_bmad}/ and bare _bmad/ paths
- Fix mapInstalledToSource fallback (remove phantom src/modules/ mapping)
- Switch extractYamlRefs to parseDocument() for YAML line numbers
Add CI integration (stories 2-1, 2-2):
- Emit ::warning annotations for broken refs and abs-path leaks
- Write markdown table to $GITHUB_STEP_SUMMARY
- Guard both behind environment variable checks
Harden CI output:
- escapeAnnotation() encodes %, \r, \n per GitHub Actions spec
- escapeTableCell() escapes pipe chars in step summary table
---------
Co-authored-by: Alex Verkhovsky <alexey.verkhovsky@gmail.com>
Co-authored-by: Brian <bmadcode@gmail.com>
- BS -> BSP (Brainstorming in core module)
Resolves conflict with cis Brainstorming (BS).
Core is for project brainstorming, cis is general brainstorming.
Replace /src/core/ paths with {project-root}/_bmad/core/ convention
in validation-report-prd-workflow.md lines 293-294.
These paths reference party-mode and advanced-elicitation workflows
using the source tree layout (/src/core/) instead of the installed
layout ({project-root}/_bmad/core/) that Beta.4 standardized
across all other files.
This is the remaining half of the fix for #1435, which was closed
as "will fix with .4 release" but only the brianmadison path on
line 11 and the XML syntax issue were addressed. The /src/core/
paths on lines 293-294 were missed.
Fixes#1480
Connect orphaned detailed customer analysis chain (steps 02-behavior,
03-pain-points, 04-decisions) by updating step-01-init to load
step-02-customer-behavior instead of the condensed
step-02-customer-insights. Remove the now-superseded monolithic file.
Fixes#1399
Co-authored-by: Brian <bmadcode@gmail.com>
Alex Verkhovsky
Brian Madison
Michael Pursifull
Davor Racic
Vladimir Hrusovsky
Drickon
Adam Biggs
PinkyD
murat
Murat K Ozcan