Merge ace23f6902 into 9421f20b69

Add publish-next (auto-prerelease on push to main) and publish-latest
(manual stable release with Discord notification). Update CONTRIBUTING.md
to describe the trunk-based CD model.

.claude/skills/bmad-os-review-pr/prompts/instructions.md

@@ -130,9 +130,9 @@ Likely tag:
 
 ### 1.2 Run Edge Case Hunter (subagent)
 
-Spawn a subagent that executes the task defined in `_bmad/core/tasks/review-edge-case-hunter.xml`. Pass the full PR diff as the `content` input. Omit `also_consider` unless the user specified extra focus areas.
+Spawn a subagent that invokes the `bmad-review-edge-case-hunter` skill. Pass the full PR diff as the `content` input. Omit `also_consider` unless the user specified extra focus areas.
 
-The task returns a JSON array of objects, each with: `location`, `trigger_condition`, `guard_snippet`, `potential_consequence`.
+The skill returns a JSON array of objects, each with: `location`, `trigger_condition`, `guard_snippet`, `potential_consequence`.
 
 **Map each JSON finding to the standard finding format:**
 

.github/workflows/publish-latest.yaml

@@ -0,0 +1,82 @@
+name: Publish Latest
+
+on:
+  workflow_dispatch:
+    inputs:
+      bump:
+        description: "Version bump type"
+        required: true
+        default: "patch"
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+
+concurrency:
+  group: publish-latest
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "npm"
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Configure git user
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run tests
+        run: npm test
+
+      - name: Bump version
+        run: 'npm version ${{ inputs.bump }} -m "chore(release): v%s [skip ci]"'
+
+      - name: Publish to npm
+        run: npm publish --tag latest --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Push version commit and tag
+        run: git push origin main --follow-tags
+
+      - name: Create GitHub Release
+        run: |
+          TAG="v$(node -p 'require("./package.json").version')"
+          gh release create "$TAG" --generate-notes
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Notify Discord
+        continue-on-error: true
+        run: |
+          set -o pipefail
+          source .github/scripts/discord-helpers.sh
+          [ -z "$WEBHOOK" ] && exit 0
+
+          VERSION=$(node -p 'require("./package.json").version')
+          RELEASE_URL="${{ github.server_url }}/${{ github.repository }}/releases/tag/v${VERSION}"
+          MSG=$(printf '📦 **[bmad-method v%s released](<%s>)**' "$VERSION" "$RELEASE_URL" | esc)
+
+          jq -n --arg content "$MSG" '{content: $content}' | curl -sf --retry 2 -X POST "$WEBHOOK" -H "Content-Type: application/json" -d @-
+        env:
+          WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}

.github/workflows/publish-next.yaml

@@ -0,0 +1,65 @@
+name: Publish Next
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "src/**"
+      - "tools/cli/**"
+      - "package.json"
+
+concurrency:
+  group: publish-next
+  cancel-in-progress: true
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "npm"
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run tests
+        run: npm test
+
+      - name: Derive next prerelease version
+        run: |
+          NEXT_VER=$(npm view bmad-method@next version 2>/dev/null || echo "")
+          LATEST_VER=$(npm view bmad-method@latest version 2>/dev/null || echo "")
+
+          # Determine the best base version for the next prerelease
+          BASE=$(node -e "
+            const semver = require('semver');
+            const next = process.argv[1] || null;
+            const latest = process.argv[2] || null;
+            if (!next && !latest) process.exit(0);
+            if (!next) { console.log(latest); process.exit(0); }
+            if (!latest) { console.log(next); process.exit(0); }
+            // If latest is newer than next's base, use latest (next prerelease will be based on it)
+            const nextBase = next.replace(/-next\.\d+$/, '');
+            console.log(semver.gt(latest, nextBase) ? latest : next);
+          " "$NEXT_VER" "$LATEST_VER")
+
+          if [ -n "$BASE" ]; then
+            npm version "$BASE" --no-git-tag-version --allow-same-version
+          fi
+          npm version prerelease --preid=next --no-git-tag-version
+
+      - name: Publish to npm
+        run: npm publish --tag next --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

CONTRIBUTING.md

@@ -73,7 +73,7 @@ After searching, use the [feature request template](https://github.com/bmad-code
 
 ### Target Branch
 
-Submit PRs to the `main` branch. We use [trunk-based development](https://trunkbaseddevelopment.com/branch-for-release/): `main` is the trunk where all work lands, and stable release branches receive only cherry-picked fixes.
+Submit PRs to the `main` branch. We use trunk-based development. Every push to `main` auto-publishes to `npm` under the `next` tag. Stable releases are cut ~weekly to the `latest` tag.
 
 ### PR Size
 

src/bmm/workflows/bmad-quick-flow/bmad-quick-dev-new-preview/steps/step-04-review.md

@@ -2,7 +2,6 @@
 name: 'step-04-review'
 description: 'Adversarial review, classify findings, optional spec loop'
 
-edge_case_hunter_task: '{project-root}/_bmad/core/tasks/review-edge-case-hunter.xml'
 deferred_work_file: '{implementation_artifacts}/deferred-work.md'
 specLoopIteration: 1
 ---
@@ -31,7 +30,7 @@ Do NOT `git add` anything — this is read-only inspection.
 **Plan-code-review:** Launch three subagents without conversation context. If no sub-agents are available, generate three review prompt files in `{implementation_artifacts}` — one per reviewer role below — and HALT. Ask the human to run each in a separate session (ideally a different LLM) and paste back the findings.
 
 - **Blind hunter** — receives `{diff_output}` only. No spec, no context docs, no project access. Invoke via the `bmad-review-adversarial-general` skill.
-- **Edge case hunter** — receives `{diff_output}` and read access to the project. Invoke via `{edge_case_hunter_task}`.
+- **Edge case hunter** — receives `{diff_output}` and read access to the project. Invoke via the `bmad-review-edge-case-hunter` skill.
 - **Acceptance auditor** — receives `{diff_output}`, `{spec_file}`, and read access to the project. Must also read the docs listed in `{spec_file}` frontmatter `context`. Checks for violations of acceptance criteria, rules, and principles from the spec and context docs.
 
 ### Classify

src/bmm/workflows/bmad-quick-flow/quick-spec/steps/step-04-review.md

@@ -124,13 +124,21 @@ Saved to: {finalFile}
 
 Once you are fully satisfied with the spec (ideally after **Adversarial Review** and maybe a few rounds of **Advanced Elicitation**), it is recommended to run implementation in a FRESH CONTEXT for best results.
 
-Copy this prompt to start dev:
+Load and follow **Adversarial Review** in a fresh context (recommended for information asymmetry):
 
 \`\`\`
-quick-dev {finalFile}
+/bmad-review-adversarial-general "{finalFile}"
 \`\`\`
 
-This ensures the dev agent has clean context focused solely on implementation.
+Load and follow **development** in a fresh context:
+
+\`\`\`
+/quick-dev "{finalFile}"
+\`\`\`
+
+_(Both are slash commands — prefix `/` invokes a BMAD skill or workflow.)_
+
+This ensures the agent has clean context focused solely on its task.
 ```
 
 b) **HALT and wait for user selection.**
@@ -177,7 +185,7 @@ b) **HALT and wait for user selection.**
 When you're ready to implement, run:
 
 ```
-quick-dev {finalFile}
+/quick-dev {finalFile}
 ```
 
 Ship it!"

src/core/module-help.csv

@@ -7,4 +7,4 @@ core,anytime,Shard Document,SD,,_bmad/core/tasks/shard-doc.xml,bmad-shard-doc,fa
 core,anytime,Editorial Review - Prose,EP,,_bmad/core/tasks/editorial-review-prose.xml,bmad-editorial-review-prose,false,,,"Review prose for clarity, tone, and communication issues. Use after drafting to polish written content.",report located with target document,"three-column markdown table with suggested fixes",
 core,anytime,Editorial Review - Structure,ES,,_bmad/core/tasks/editorial-review-structure.xml,bmad-editorial-review-structure,false,,,"Propose cuts, reorganization, and simplification while preserving comprehension. Use when doc produced from multiple subprocesses or needs structural improvement.",report located with target document,
 core,anytime,Adversarial Review (General),AR,,skill:bmad-review-adversarial-general,bmad-review-adversarial-general,false,,,"Review content critically to find issues and weaknesses. Use for quality assurance or before finalizing deliverables. Code Review in other modules run this automatically, but its useful also for document reviews",,
-core,anytime,Edge Case Hunter Review,ECH,,_bmad/core/tasks/review-edge-case-hunter.xml,bmad-review-edge-case-hunter,false,,,"Walk every branching path and boundary condition in code, report only unhandled edge cases. Use alongside adversarial review for orthogonal coverage - method-driven not attitude-driven.",,
+core,anytime,Edge Case Hunter Review,ECH,,skill:bmad-review-edge-case-hunter,bmad-review-edge-case-hunter,false,,,"Walk every branching path and boundary condition in code, report only unhandled edge cases. Use alongside adversarial review for orthogonal coverage - method-driven not attitude-driven.",,

src/core/tasks/bmad-review-edge-case-hunter/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: bmad-review-edge-case-hunter
+description: 'Walk every branching path and boundary condition in content, report only unhandled edge cases. Orthogonal to adversarial review - method-driven not attitude-driven.'
+---
+
+Follow the instructions in [workflow.md](workflow.md).

src/core/tasks/bmad-review-edge-case-hunter/bmad-skill-manifest.yaml

@@ -0,0 +1 @@
+type: skill

src/core/tasks/bmad-review-edge-case-hunter/workflow.md

@@ -0,0 +1,62 @@
+# Edge Case Hunter Review
+
+**Goal:** You are a pure path tracer. Never comment on whether code is good or bad; only list missing handling.
+When a diff is provided, scan only the diff hunks and list boundaries that are directly reachable from the changed lines and lack an explicit guard in the diff.
+When no diff is provided (full file or function), treat the entire provided content as the scope.
+Ignore the rest of the codebase unless the provided content explicitly references external functions.
+
+**Inputs:**
+- **content** — Content to review: diff, full file, or function
+- **also_consider** (optional) — Areas to keep in mind during review alongside normal edge-case analysis
+
+**MANDATORY: Execute steps in the Execution section IN EXACT ORDER. DO NOT skip steps or change the sequence. When a halt condition triggers, follow its specific instruction exactly. Each action within a step is a REQUIRED action to complete that step.**
+
+**Your method is exhaustive path enumeration — mechanically walk every branch, not hunt by intuition. Report ONLY paths and conditions that lack handling — discard handled ones silently. Do NOT editorialize or add filler — findings only.**
+
+
+## EXECUTION
+
+### Step 1: Receive Content
+
+- Load the content to review strictly from provided input
+- If content is empty, or cannot be decoded as text, return `[{"location":"N/A","trigger_condition":"Input empty or undecodable","guard_snippet":"Provide valid content to review","potential_consequence":"Review skipped — no analysis performed"}]` and stop
+- Identify content type (diff, full file, or function) to determine scope rules
+
+### Step 2: Exhaustive Path Analysis
+
+**Walk every branching path and boundary condition within scope — report only unhandled ones.**
+
+- If `also_consider` input was provided, incorporate those areas into the analysis
+- Walk all branching paths: control flow (conditionals, loops, error handlers, early returns) and domain boundaries (where values, states, or conditions transition). Derive the relevant edge classes from the content itself — don't rely on a fixed checklist. Examples: missing else/default, unguarded inputs, off-by-one loops, arithmetic overflow, implicit type coercion, race conditions, timeout gaps
+- For each path: determine whether the content handles it
+- Collect only the unhandled paths as findings — discard handled ones silently
+
+### Step 3: Validate Completeness
+
+- Revisit every edge class from Step 2 — e.g., missing else/default, null/empty inputs, off-by-one loops, arithmetic overflow, implicit type coercion, race conditions, timeout gaps
+- Add any newly found unhandled paths to findings; discard confirmed-handled ones
+
+### Step 4: Present Findings
+
+Output findings as a JSON array following the Output Format specification exactly.
+
+
+## OUTPUT FORMAT
+
+Return ONLY a valid JSON array of objects. Each object must contain exactly these four fields and nothing else:
+
+```json
+[{
+  "location": "file:start-end (or file:line when single line, or file:hunk when exact line unavailable)",
+  "trigger_condition": "one-line description (max 15 words)",
+  "guard_snippet": "minimal code sketch that closes the gap (single-line escaped string, no raw newlines or unescaped quotes)",
+  "potential_consequence": "what could actually go wrong (max 15 words)"
+}]
+```
+
+No extra text, no explanations, no markdown wrapping. An empty array `[]` is valid when no unhandled paths are found.
+
+
+## HALT CONDITIONS
+
+- If content is empty or cannot be decoded as text, return `[{"location":"N/A","trigger_condition":"Input empty or undecodable","guard_snippet":"Provide valid content to review","potential_consequence":"Review skipped — no analysis performed"}]` and stop

src/core/tasks/bmad-skill-manifest.yaml

@@ -18,11 +18,6 @@ index-docs.xml:
   type: task
   description: "Generates or updates an index.md to reference all docs in the folder"
 
-review-edge-case-hunter.xml:
-  canonicalId: bmad-review-edge-case-hunter
-  type: task
-  description: "Walk every branching path and boundary condition in content, report only unhandled edge cases"
-
 shard-doc.xml:
   canonicalId: bmad-shard-doc
   type: task

src/core/tasks/review-edge-case-hunter.xml

@@ -1,70 +0,0 @@
-<!-- if possible, run this in a separate subagent or process with read access to the project,
-  but no context except the content to review -->
-
-<task id="_bmad/core/tasks/review-edge-case-hunter.xml" name="Edge Case Hunter Review"
-  description="Walk every branching path and boundary condition in content, report only unhandled edge cases. Orthogonal to adversarial review - method-driven not attitude-driven.">
-  <objective>You are a pure path tracer. Never comment on whether code is good or bad; only list missing handling.
-When a diff is provided, scan only the diff hunks and list boundaries that are directly reachable from the changed lines and lack an explicit guard in the diff.
-When no diff is provided (full file or function), treat the entire provided content as the scope.
-Ignore the rest of the codebase unless the provided content explicitly references external functions.</objective>
-
-  <inputs>
-    <input name="content" desc="Content to review - diff, full file, or function" />
-    <input name="also_consider" required="false"
-      desc="Optional areas to keep in mind during review alongside normal edge-case analysis" />
-  </inputs>
-
-  <output-format>Return ONLY a valid JSON array of objects. Each object must contain exactly these four fields and nothing else:
-[{
-  "location": "file:start-end (or file:line when single line, or file:hunk when exact line unavailable)",
-  "trigger_condition": "one-line description (max 15 words)",
-  "guard_snippet": "minimal code sketch that closes the gap (single-line escaped string, no raw newlines or unescaped quotes)",
-  "potential_consequence": "what could actually go wrong (max 15 words)"
-}]
-No extra text, no explanations, no markdown wrapping. An empty array [] is valid when no unhandled paths are found.</output-format>
-
-  <llm critical="true">
-    <i>MANDATORY: Execute steps in the flow section IN EXACT ORDER</i>
-    <i>DO NOT skip steps or change the sequence</i>
-    <i>When a halt-condition triggers, follow its specific instruction exactly</i>
-    <i>Each action xml tag within step xml tag is a REQUIRED action to complete that step</i>
-
-    <i>Your method is exhaustive path enumeration — mechanically walk every branch, not hunt by intuition</i>
-    <i>Trace each branching path: conditionals, switches, early returns, guard clauses, loops, error handlers</i>
-    <i>Trace each boundary condition: null, undefined, empty, zero, negative, overflow, max-length, type coercion, concurrency, timing</i>
-    <i>Report ONLY paths and conditions that lack handling — discard handled ones silently</i>
-    <i>Do NOT editorialize or add filler — findings only</i>
-  </llm>
-
-  <flow>
-    <step n="1" title="Receive Content">
-      <action>Load the content to review strictly from provided input</action>
-      <action>If content is empty, or cannot be decoded as text, return empty array [] and stop</action>
-      <action>Identify content type (diff, full file, or function) to determine scope rules</action>
-    </step>
-
-    <step n="2" title="Exhaustive Path Analysis" critical="true">
-      <mandate>Walk every branching path and boundary condition within scope - report only unhandled ones</mandate>
-      <action>If also_consider input was provided, incorporate those areas into the analysis</action>
-      <action>Enumerate all branching paths and boundary conditions within scope: conditionals, switches, early returns, guard clauses, loops, error handlers, null/empty states, overflow, type edges, concurrency, timing</action>
-      <action>For each path: determine whether the content handles it</action>
-      <action>Collect only the unhandled paths as findings - discard handled ones silently</action>
-    </step>
-
-    <step n="3" title="Validate Completeness">
-      <action>Recheck every conditional for missing else/default</action>
-      <action>Recheck every input for null/empty/wrong-type</action>
-      <action>Recheck loop bounds for off-by-one and empty-collection</action>
-      <action>Add any newly found unhandled paths to findings; discard confirmed-handled ones</action>
-    </step>
-
-    <step n="4" title="Present Findings">
-      <action>Output findings as a JSON array following the output-format specification exactly</action>
-    </step>
-  </flow>
-
-  <halt-conditions>
-    <condition>If content is empty or cannot be decoded as text, return empty array [] and stop</condition>
-  </halt-conditions>
-
-</task>