Merge 9bcafdef51 into 88b9a1c842

2026-04-26 09:34:30 -05:00
13 changed files with 51 additions and 478 deletions
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -7,7 +7,6 @@ on:
      - "src/**"
      - "tools/installer/**"
      - "package.json"
-      - "removals.txt"
  workflow_dispatch:
    inputs:
      channel:
@ -136,22 +135,6 @@ jobs:
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-      - name: Advance @next dist-tag to stable
-        if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
-        # Failure here leaves @next stale until the next push-driven prerelease
-        # republishes — annoying but not release-breaking. Don't fail the job
-        # after a successful stable publish + tag + GH release.
-        continue-on-error: true
-        run: |
-          # Without this, @latest can leapfrog @next (e.g. latest=6.5.0 while
-          # next=6.4.1-next.0) and `npx bmad-method@next install` silently
-          # downgrades users. Point @next at the just-published stable so
-          # @next >= @latest always holds; the next push-driven prerelease will
-          # bump from this base via the existing derive step above.
-          VERSION=$(node -p 'require("./package.json").version')
-          npm dist-tag add "bmad-method@${VERSION}" next
-          echo "Advanced @next dist-tag to ${VERSION}"
-
      - name: Notify Discord
        if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
        continue-on-error: true
--- a/docs/how-to/install-custom-modules.md
+++ b/docs/how-to/install-custom-modules.md
@ -68,7 +68,6 @@ Select **Yes**, then provide a source:
 | Input Type            | Example                                           |
 | --------------------- | ------------------------------------------------- |
 | HTTPS URL (any host)  | `https://github.com/org/repo`                     |
-| HTTP URL (any host)   | `http://host/org/repo`                    |
 | HTTPS URL with subdir | `https://github.com/org/repo/tree/main/my-module` |
 | SSH URL               | `git@github.com:org/repo.git`                     |
 | Local path            | `/Users/me/projects/my-module`                    |
--- a/docs/vi-vn/how-to/install-custom-modules.md
+++ b/docs/vi-vn/how-to/install-custom-modules.md
@ -68,7 +68,6 @@ Chọn **Yes**, rồi nhập nguồn:
 | Loại đầu vào | Ví dụ |
 | --------------------- | ------------------------------------------------- |
 | HTTPS URL trên bất kỳ host nào | `https://github.com/org/repo` |
-| HTTP URL trên bất kỳ host nào | `http://host/org/repo` |
 | HTTPS URL trỏ vào một thư mục con | `https://github.com/org/repo/tree/main/my-module` |
 | SSH URL | `git@github.com:org/repo.git` |
 | Đường dẫn cục bộ | `/Users/me/projects/my-module` |
--- a/docs/zh-cn/how-to/install-custom-modules.md
+++ b/docs/zh-cn/how-to/install-custom-modules.md
@ -68,7 +68,6 @@ Would you like to install from a custom source (Git URL or local path)?
 | 输入类型 | 示例 |
 | -------- | ---- |
 | HTTPS URL（任意主机） | `https://github.com/org/repo` |
-| HTTP URL（任意主机） | `http://host/org/repo` |
 | 带子目录的 HTTPS URL | `https://github.com/org/repo/tree/main/my-module` |
 | SSH URL | `git@github.com:org/repo.git` |
 | 本地路径 | `/Users/me/projects/my-module` |
--- a/src/bmm-skills/3-solutioning/bmad-create-epics-and-stories/steps/step-02-design-epics.md
+++ b/src/bmm-skills/3-solutioning/bmad-create-epics-and-stories/steps/step-02-design-epics.md
@ -55,8 +55,7 @@ Load {planning_artifacts}/epics.md and review:
 2. **Requirements Grouping**: Group related FRs that deliver cohesive user outcomes
 3. **Incremental Delivery**: Each epic should deliver value independently
 4. **Logical Flow**: Natural progression from user's perspective
-5. **Dependency-Free Within Epic**: Stories within an epic must NOT depend on future stories
-6. **Implementation Efficiency**: Consider consolidating epics that all modify the same core files into fewer epics
+5. **🔗 Dependency-Free Within Epic**: Stories within an epic must NOT depend on future stories

 **⚠️ CRITICAL PRINCIPLE:**
 Organize by USER VALUE, not technical layers:
@ -75,18 +74,6 @@ Organize by USER VALUE, not technical layers:
 - Epic 3: Frontend Components (creates reusable components) - **No user value**
 - Epic 4: Deployment Pipeline (CI/CD setup) - **No user value**

-**❌ WRONG Epic Examples (File Churn on Same Component):**
-
- Epic 1: File Upload (modifies model, controller, web form, web API)
- Epic 2: File Status (modifies model, controller, web form, web API)
- Epic 3: File Access permissions (modifies model, controller, web form, web API)
- All three epics touch the same files — consolidate into one epic with ordered stories
-
-**✅ CORRECT Alternative:**
-
- Epic 1: File Management Enhancement (upload, status, permissions as stories within one epic)
- Rationale: Single component, fully pre-designed, no feedback loop between epics
-
 **🔗 DEPENDENCY RULES:**

 - Each epic must deliver COMPLETE functionality for its domain
@ -95,38 +82,21 @@ Organize by USER VALUE, not technical layers:

 ### 3. Design Epic Structure Collaboratively

-**Step A: Assess Context and Identify Themes**
-
-First, assess how much of the solution design is already validated (Architecture, UX, Test Design).
-When the outcome is certain and direction changes between epics are unlikely, prefer fewer but larger epics.
-Split into multiple epics when there is a genuine risk boundary or when early feedback could change direction
-of following epics.
-
-Then, identify user value themes:
+**Step A: Identify User Value Themes**

 - Look for natural groupings in the FRs
 - Identify user journeys or workflows
 - Consider user types and their goals

 **Step B: Propose Epic Structure**
-
-For each proposed epic (considering whether epics share the same core files):
+For each proposed epic:

 1. **Epic Title**: User-centric, value-focused
 2. **User Outcome**: What users can accomplish after this epic
 3. **FR Coverage**: Which FR numbers this epic addresses
 4. **Implementation Notes**: Any technical or UX considerations

-**Step C: Review for File Overlap**
-
-Assess whether multiple proposed epics repeatedly target the same core files. If overlap is significant:
-
- Distinguish meaningful overlap (same component end-to-end) from incidental sharing
- Ask whether to consolidate into one epic with ordered stories
- If confirmed, merge the epic FRs into a single epic, preserving dependency flow: each story must still fit within
-  a single dev agent's context
-
-**Step D: Create the epics_list**
+**Step C: Create the epics_list**

 Format the epics_list as:

--- a/src/bmm-skills/3-solutioning/bmad-create-epics-and-stories/steps/step-04-final-validation.md
+++ b/src/bmm-skills/3-solutioning/bmad-create-epics-and-stories/steps/step-04-final-validation.md
@ -90,12 +90,6 @@ Review the complete epic and story breakdown to ensure EVERY FR is covered:
 - Dependencies flow naturally
 - Foundation stories only setup what's needed
 - No big upfront technical work
- **File Churn Check:** Do multiple epics repeatedly modify the same core files?
-  - Assess whether the overlap pattern suggests unnecessary churn or is incidental
-  - If overlap is significant: Validate that splitting provides genuine value (risk mitigation, feedback loops, context size limits)
-  - If no justification for the split: Recommend consolidation into fewer epics
-  - ❌ WRONG: Multiple epics each modify the same core files with no feedback loop between them
-  - ✅ RIGHT: Epics target distinct files/components, OR consolidation was explicitly considered and rejected with rationale

 ### 5. Dependency Validation (CRITICAL)

--- a/tools/installer/bmad-cli.js
+++ b/tools/installer/bmad-cli.js
@ -23,10 +23,13 @@ checkForUpdate().catch(() => {

 async function checkForUpdate() {
  try {
-    // Prereleases (e.g. 6.5.1-next.0) live on the `next` dist-tag; stable
-    // releases live on `latest`. semver.prerelease() returns null for stable,
-    // so this correctly routes pre-1.0-next/rc/etc. without string matching.
-    const tag = semver.prerelease(packageJson.version) ? 'next' : 'latest';
+    // For beta versions, check the beta tag; otherwise check latest
+    const isBeta =
+      packageJson.version.includes('Beta') ||
+      packageJson.version.includes('beta') ||
+      packageJson.version.includes('alpha') ||
+      packageJson.version.includes('rc');
+    const tag = isBeta ? 'beta' : 'latest';

    const result = execSync(`npm view ${packageName}@${tag} version`, {
      encoding: 'utf8',
--- a/tools/installer/core/manifest-generator.js
+++ b/tools/installer/core/manifest-generator.js
@ -435,9 +435,6 @@ class ManifestGenerator {
    // this means user-scoped keys (e.g. user_name) could mis-file into the
    // team config, so the operator should notice.
    const scopeByModuleKey = {};
-    // Maps installer moduleName (may be full display name) → module code field
-    // from module.yaml, so TOML sections use [modules.<code>] not [modules.<name>].
-    const codeByModuleName = {};
    for (const moduleName of this.updatedModules) {
      const moduleYamlPath = await resolveInstalledModuleYaml(moduleName);
      if (!moduleYamlPath) {
@ -450,7 +447,6 @@ class ManifestGenerator {
      try {
        const parsed = yaml.parse(await fs.readFile(moduleYamlPath, 'utf8'));
        if (!parsed || typeof parsed !== 'object') continue;
-        if (parsed.code) codeByModuleName[moduleName] = parsed.code;
        scopeByModuleKey[moduleName] = {};
        for (const [key, value] of Object.entries(parsed)) {
          if (value && typeof value === 'object' && 'prompt' in value) {
@ -549,9 +545,6 @@ class ManifestGenerator {
      if (moduleName === 'core') continue;
      const cfg = moduleConfigs[moduleName];
      if (!cfg || Object.keys(cfg).length === 0) continue;
-      // Use the module's code field from module.yaml as the TOML key so the
-      // section is [modules.mdo] not [modules.MDO: Maxio DevOps Operations].
-      const sectionKey = codeByModuleName[moduleName] || moduleName;
      // Only filter out spread-from-core pollution when we actually know
      // this module's prompt schema. For external/marketplace modules whose
      // module.yaml isn't in the src tree, fall through as all-team so we
@ -559,14 +552,14 @@ class ManifestGenerator {
      const haveSchema = Object.keys(scopeByModuleKey[moduleName] || {}).length > 0;
      const { team: modTeam, user: modUser } = partition(moduleName, cfg, haveSchema);
      if (Object.keys(modTeam).length > 0) {
-        teamLines.push(`[modules.${sectionKey}]`);
+        teamLines.push(`[modules.${moduleName}]`);
        for (const [key, value] of Object.entries(modTeam)) {
          teamLines.push(`${key} = ${formatTomlValue(value)}`);
        }
        teamLines.push('');
      }
      if (Object.keys(modUser).length > 0) {
-        userLines.push(`[modules.${sectionKey}]`);
+        userLines.push(`[modules.${moduleName}]`);
        for (const [key, value] of Object.entries(modUser)) {
          userLines.push(`${key} = ${formatTomlValue(value)}`);
        }
--- a/tools/installer/modules/community-manager.js
+++ b/tools/installer/modules/community-manager.js
@ -29,11 +29,6 @@ class CommunityModuleManager {
  // Shared across all instances; the manifest writer often uses a fresh instance.
  static _resolutions = new Map();

-  // moduleCode → ResolvedModule (from PluginResolver) when the cloned repo ships
-  // a `.claude-plugin/marketplace.json`. Lets community installs reuse the same
-  // skill-level install pipeline as custom-source installs (installFromResolution).
-  static _pluginResolutions = new Map();
-
  constructor() {
    this._client = new RegistryClient();
    this._cachedIndex = null;
@ -45,11 +40,6 @@ class CommunityModuleManager {
    return CommunityModuleManager._resolutions.get(moduleCode) || null;
  }

-  /** Get the marketplace.json-derived plugin resolution for a community module, if any. */
-  getPluginResolution(moduleCode) {
-    return CommunityModuleManager._pluginResolutions.get(moduleCode) || null;
-  }
-
  // ─── Data Loading ──────────────────────────────────────────────────────────

  /**
@ -381,18 +371,6 @@ class CommunityModuleManager {
      planSource: planEntry.source,
    });

-    // If the repo ships a marketplace.json, route through PluginResolver so the
-    // skill-level install pipeline (installFromResolution) handles the copy.
-    // Repos without marketplace.json fall through to the legacy findModuleSource
-    // path unchanged.
-    await this._tryResolveMarketplacePlugin(moduleCacheDir, moduleInfo, {
-      channel: planEntry.channel,
-      version: recordedVersion,
-      sha: installedSha,
-      approvedTag,
-      approvedSha,
-    });
-
    // Install dependencies if needed
    const packageJsonPath = path.join(moduleCacheDir, 'package.json');
    if ((needsDependencyInstall || wasNewClone) && (await fs.pathExists(packageJsonPath))) {
@ -414,204 +392,6 @@ class CommunityModuleManager {
    return moduleCacheDir;
  }

-  // ─── Marketplace.json Resolution ──────────────────────────────────────────
-
-  /**
-   * Detect `.claude-plugin/marketplace.json` in a cloned community repo and
-   * route through PluginResolver. When successful, caches the resolution so
-   * OfficialModulesManager.install() can route the copy through
-   * installFromResolution() — the same path used by custom-source installs.
-   *
-   * Silent no-op when marketplace.json is absent or the resolver returns no
-   * matches; the legacy findModuleSource path then handles the install.
-   *
-   * @param {string} repoPath - Absolute path to the cloned repo
-   * @param {Object} moduleInfo - Normalized community module info
-   * @param {Object} resolution - Resolution metadata from cloneModule
-   * @param {string} resolution.channel - Channel ('stable' | 'next' | 'pinned')
-   * @param {string} resolution.version - Recorded version string
-   * @param {string} resolution.sha - Resolved git SHA
-   * @param {string|null} resolution.approvedTag - Registry approved tag
-   * @param {string|null} resolution.approvedSha - Registry approved SHA
-   */
-  async _tryResolveMarketplacePlugin(repoPath, moduleInfo, resolution) {
-    const marketplacePath = path.join(repoPath, '.claude-plugin', 'marketplace.json');
-    if (!(await fs.pathExists(marketplacePath))) return;
-
-    let marketplaceData;
-    try {
-      marketplaceData = JSON.parse(await fs.readFile(marketplacePath, 'utf8'));
-    } catch {
-      // Malformed marketplace.json — fall through to legacy path.
-      return;
-    }
-
-    const plugins = Array.isArray(marketplaceData?.plugins) ? marketplaceData.plugins : [];
-    if (plugins.length === 0) return;
-
-    const selection = this._selectPluginForModule(plugins, moduleInfo);
-    if (!selection) {
-      await this._safeWarn(
-        `Community module '${moduleInfo.code}' ships marketplace.json but no plugin entry matches the registry code. ` +
-          `Falling back to legacy install path.`,
-      );
-      return;
-    }
-
-    if (selection.source === 'single-fallback') {
-      // Single-entry marketplace.json whose plugin name doesn't match the registry
-      // code or the module_definition hint. Most likely correct, but worth surfacing
-      // in case marketplace.json is misconfigured and we'd install the wrong plugin.
-      await this._safeWarn(
-        `Community module '${moduleInfo.code}' picked the only plugin in marketplace.json ('${selection.plugin?.name}') ` +
-          `because no name or module_definition match was found. Verify marketplace.json if the install looks wrong.`,
-      );
-    }
-
-    const { PluginResolver } = require('./plugin-resolver');
-    const resolver = new PluginResolver();
-    let resolved;
-    try {
-      resolved = await resolver.resolve(repoPath, selection.plugin);
-    } catch (error) {
-      // PluginResolver threw (malformed plugin entry, missing files, etc.).
-      // Honor the silent-fallthrough contract — warn and let the legacy
-      // findModuleSource path handle the install.
-      await this._safeWarn(
-        `PluginResolver failed for community module '${moduleInfo.code}': ${error.message}. ` + `Falling back to legacy install path.`,
-      );
-      return;
-    }
-    if (!resolved || resolved.length === 0) return;
-
-    // The registry registers a single code per module. If the resolver returns
-    // multiple modules (Strategy 4: multiple standalone skills), accept only
-    // the entry whose code matches the registry. Other entries are ignored —
-    // they belong to plugins not registered in the community catalog.
-    const matched = resolved.find((mod) => mod.code === moduleInfo.code) || (resolved.length === 1 ? resolved[0] : null);
-    if (!matched) return;
-
-    // Shallow-clone before stamping provenance — the resolver may cache or reuse
-    // its return objects, and we don't want install-specific fields leaking back.
-    const stamped = {
-      ...matched,
-      code: moduleInfo.code,
-      repoUrl: moduleInfo.url,
-      cloneRef: resolution.channel === 'pinned' ? resolution.version : resolution.approvedTag || null,
-      cloneSha: resolution.sha,
-      communitySource: true,
-      communityChannel: resolution.channel,
-      communityVersion: resolution.version,
-      registryApprovedTag: resolution.approvedTag,
-      registryApprovedSha: resolution.approvedSha,
-    };
-
-    CommunityModuleManager._pluginResolutions.set(moduleInfo.code, stamped);
-  }
-
-  /**
-   * Lazy fallback: resolve marketplace.json straight from the on-disk cache
-   * when `_pluginResolutions` is empty (e.g. callers that reach `install()`
-   * without `cloneModule` having populated the cache earlier in this process).
-   *
-   * Reuses an existing channel resolution if present; otherwise synthesizes a
-   * minimal stable-channel stub from the registry entry + the cached repo's
-   * current HEAD. Returns the cached plugin resolution if one is produced,
-   * otherwise null (caller falls back to the legacy path).
-   *
-   * @param {string} moduleCode
-   * @returns {Promise<Object|null>}
-   */
-  async resolveFromCache(moduleCode) {
-    const existing = this.getPluginResolution(moduleCode);
-    if (existing) return existing;
-
-    const cacheRepoDir = path.join(this.getCacheDir(), moduleCode);
-    const marketplacePath = path.join(cacheRepoDir, '.claude-plugin', 'marketplace.json');
-    if (!(await fs.pathExists(marketplacePath))) return null;
-
-    let moduleInfo;
-    try {
-      moduleInfo = await this.getModuleByCode(moduleCode);
-    } catch {
-      return null;
-    }
-    if (!moduleInfo) return null;
-
-    let channelResolution = this.getResolution(moduleCode);
-    if (!channelResolution) {
-      let sha = '';
-      try {
-        sha = execSync('git rev-parse HEAD', { cwd: cacheRepoDir, stdio: 'pipe' }).toString().trim();
-      } catch {
-        // Not a git repo or unreadable — give up and let the legacy path run.
-        return null;
-      }
-      channelResolution = {
-        channel: 'stable',
-        version: moduleInfo.approvedTag || sha.slice(0, 7),
-        sha,
-        registryApprovedTag: moduleInfo.approvedTag || null,
-        registryApprovedSha: moduleInfo.approvedSha || null,
-      };
-    }
-
-    await this._tryResolveMarketplacePlugin(cacheRepoDir, moduleInfo, {
-      channel: channelResolution.channel,
-      version: channelResolution.version,
-      sha: channelResolution.sha,
-      approvedTag: channelResolution.registryApprovedTag,
-      approvedSha: channelResolution.registryApprovedSha,
-    });
-
-    return this.getPluginResolution(moduleCode);
-  }
-
-  /**
-   * Best-effort warning emitter. `prompts.log.warn` may be undefined in some
-   * harnesses and may return a rejected promise — swallow both cases so a
-   * fallthrough warning can never crash the install.
-   */
-  async _safeWarn(message) {
-    try {
-      const result = prompts.log?.warn?.(message);
-      if (result && typeof result.then === 'function') await result;
-    } catch {
-      /* ignore */
-    }
-  }
-
-  /**
-   * Pick which plugin entry from marketplace.json represents this community module.
-   * Precedence:
-   *   1. Exact match on `plugin.name === moduleInfo.code`
-   *   2. Trailing directory of `module_definition` matches `plugin.name`
-   *   3. Single plugin in marketplace.json — accepted with a warning so a
-   *      mismatched-but-uniquely-named plugin doesn't install silently.
-   *   Otherwise null (caller falls back to legacy path).
-   *
-   * @returns {{plugin: Object, source: 'name'|'hint'|'single-fallback'}|null}
-   */
-  _selectPluginForModule(plugins, moduleInfo) {
-    const byCode = plugins.find((p) => p && p.name === moduleInfo.code);
-    if (byCode) return { plugin: byCode, source: 'name' };
-
-    if (moduleInfo.moduleDefinition) {
-      // module_definition like "src/skills/suno-setup/assets/module.yaml" →
-      // hint segment "suno-setup". Match that against plugin names.
-      const segments = moduleInfo.moduleDefinition.split('/').filter(Boolean);
-      const setupIdx = segments.findIndex((s) => s.endsWith('-setup'));
-      if (setupIdx !== -1) {
-        const hint = segments[setupIdx];
-        const byHint = plugins.find((p) => p && p.name === hint);
-        if (byHint) return { plugin: byHint, source: 'hint' };
-      }
-    }
-
-    if (plugins.length === 1) return { plugin: plugins[0], source: 'single-fallback' };
-    return null;
-  }
-
  // ─── Source Finding ───────────────────────────────────────────────────────

  /**
--- a/tools/installer/modules/custom-module-manager.js
+++ b/tools/installer/modules/custom-module-manager.js
@ -24,9 +24,8 @@ class CustomModuleManager {

  /**
   * Parse a user-provided source input into a structured descriptor.
-   * Accepts local file paths, HTTPS Git URLs, HTTP Git URLs, and SSH Git URLs.
-   * For HTTPS/HTTP URLs with deep paths (e.g., /tree/main/subdir), extracts the subdir.
-   * The original protocol (http or https) is preserved in the returned cloneUrl.
+   * Accepts local file paths, HTTPS Git URLs, and SSH Git URLs.
+   * For HTTPS URLs with deep paths (e.g., /tree/main/subdir), extracts the subdir.
   *
   * @param {string} input - URL or local file path
   * @returns {Object} Parsed source descriptor:
@ -128,11 +127,11 @@ class CustomModuleManager {
      };
    }

-    // HTTPS/HTTP URL: https://host/owner/repo[/tree/branch/subdir][.git]
-    const httpsMatch = trimmed.match(/^(https?):\/\/([^/]+)\/([^/]+)\/([^/.]+?)(?:\.git)?(\/.*)?$/);
+    // HTTPS URL: https://host/owner/repo[/tree/branch/subdir][.git]
+    const httpsMatch = trimmed.match(/^https?:\/\/([^/]+)\/([^/]+)\/([^/.]+?)(?:\.git)?(\/.*)?$/);
    if (httpsMatch) {
-      const [, protocol, host, owner, repo, remainder] = httpsMatch;
-      const cloneUrl = `${protocol}://${host}/${owner}/${repo}`;
+      const [, host, owner, repo, remainder] = httpsMatch;
+      const cloneUrl = `https://${host}/${owner}/${repo}`;
      let subdir = null;
      let urlRef = null; // branch/tag extracted from /tree/<ref>/subdir

@ -312,7 +311,7 @@ class CustomModuleManager {
  /**
   * Clone a custom module repository to cache.
   * Supports any Git host (GitHub, GitLab, Bitbucket, self-hosted, etc.).
-   * @param {string} sourceInput - Git URL (HTTPS, HTTP, or SSH)
+   * @param {string} sourceInput - Git URL (HTTPS or SSH)
   * @param {Object} [options] - Clone options
   * @param {boolean} [options.silent] - Suppress spinner output
   * @param {boolean} [options.skipInstall] - Skip npm install (for browsing before user confirms)
--- a/tools/installer/modules/official-modules.js
+++ b/tools/installer/modules/official-modules.js
@ -269,21 +269,6 @@ class OfficialModules {
      return this.installFromResolution(resolved, bmadDir, fileTrackingCallback, options);
    }

-    // Community modules whose cloned repo ships marketplace.json get the same
-    // skill-level install treatment as custom-source installs. If the in-process
-    // cache wasn't populated (e.g. caller skipped the pre-clone phase), fall
-    // back to resolving directly from `~/.bmad/cache/community-modules/<name>/`
-    // so we don't silently regress to the legacy half-install path.
-    const { CommunityModuleManager } = require('./community-manager');
-    const communityMgr = new CommunityModuleManager();
-    let communityResolved = communityMgr.getPluginResolution(moduleName);
-    if (!communityResolved) {
-      communityResolved = await communityMgr.resolveFromCache(moduleName);
-    }
-    if (communityResolved) {
-      return this.installFromResolution(communityResolved, bmadDir, fileTrackingCallback, options);
-    }
-
    const sourcePath = await this.findModuleSource(moduleName, {
      silent: options.silent,
      channelOptions: options.channelOptions,
@ -375,27 +360,21 @@ class OfficialModules {
      await this.createModuleDirectories(resolved.code, bmadDir, options);
    }

-    // Update manifest. For community installs we honor the channel resolved by
-    // CommunityModuleManager (stable/next/pinned) and propagate the registry's
-    // approved tag/sha. For custom-source installs we derive channel from the
-    // cloneRef (present → pinned, absent → next; local paths have no channel).
+    // Update manifest. For custom modules, derive channel from the git ref:
+    //   cloneRef present → pinned at that ref
+    //   cloneRef absent  → next (main HEAD)
+    //   local path       → no channel concept
    const { Manifest } = require('../core/manifest');
    const manifestObj = new Manifest();

    const hasGitClone = !!resolved.repoUrl;
-    const isCommunity = resolved.communitySource === true;
    const manifestEntry = {
-      version: resolved.communityVersion || resolved.cloneRef || (hasGitClone ? 'main' : resolved.version || null),
-      source: isCommunity ? 'community' : 'custom',
+      version: resolved.cloneRef || (hasGitClone ? 'main' : resolved.version || null),
+      source: 'custom',
      npmPackage: null,
      repoUrl: resolved.repoUrl || null,
    };
-    if (isCommunity) {
-      if (resolved.communityChannel) manifestEntry.channel = resolved.communityChannel;
-      if (resolved.cloneSha) manifestEntry.sha = resolved.cloneSha;
-      if (resolved.registryApprovedTag) manifestEntry.registryApprovedTag = resolved.registryApprovedTag;
-      if (resolved.registryApprovedSha) manifestEntry.registryApprovedSha = resolved.registryApprovedSha;
-    } else if (hasGitClone) {
+    if (hasGitClone) {
      manifestEntry.channel = resolved.cloneRef ? 'pinned' : 'next';
      if (resolved.cloneSha) manifestEntry.sha = resolved.cloneSha;
      if (resolved.rawInput) manifestEntry.rawSource = resolved.rawInput;
@ -407,13 +386,10 @@ class OfficialModules {
      success: true,
      module: resolved.code,
      path: targetPath,
-      // Mirror the manifestEntry.version precedence above so downstream summary
-      // lines show the same string we just wrote to disk (community installs
-      // use the registry-approved tag via `communityVersion`; custom git-backed
-      // installs show the cloned ref or 'main').
-      versionInfo: {
-        version: resolved.communityVersion || resolved.cloneRef || (hasGitClone ? 'main' : resolved.version || ''),
-      },
+      // Match the manifestEntry.version expression above so downstream summary
+      // lines show the cloned ref (tag or 'main') instead of the on-disk
+      // package.json version for git-backed custom installs.
+      versionInfo: { version: resolved.cloneRef || (hasGitClone ? 'main' : resolved.version || '') },
    };
  }

--- a/tools/installer/project-root.js
+++ b/tools/installer/project-root.js
@ -1,6 +1,5 @@
 const path = require('node:path');
 const os = require('node:os');
-const yaml = require('yaml');
 const fs = require('./fs-native');

 /**
@ -87,11 +86,6 @@ function getExternalModuleCachePath(moduleName, ...segments) {
 * Built-in modules (core, bmm) live under <src>. External official modules are
 * cloned into ~/.bmad/cache/external-modules/<name>/ with varying internal
 * layouts (some at src/module.yaml, some at skills/module.yaml, some nested).
- * Url-source custom modules are cloned into ~/.bmad/cache/custom-modules/<host>/<owner>/<repo>/
- * and are resolved by walking the cache and matching `code` or `name` from the
- * discovered module.yaml. Local custom-source modules are not cached; their
- * path is read from the CustomModuleManager resolution cache set during the
- * same install run.
 * This mirrors the candidate-path search in
 * ExternalModuleManager.findExternalModuleSource but performs no git/network
 * work, which keeps it safe to call during manifest writing.
@ -103,113 +97,26 @@ async function resolveInstalledModuleYaml(moduleName) {
  const builtIn = path.join(getModulePath(moduleName), 'module.yaml');
  if (await fs.pathExists(builtIn)) return builtIn;

-  // Collect every module.yaml under a root using the standard candidate paths.
-  // Url-source repos can host multiple plugins (discovery mode), so we need all
-  // matches, not just the first. Returned in priority order.
-  async function searchRootAll(root) {
-    const results = [];
-    for (const dir of ['skills', 'src']) {
-      const direct = path.join(root, dir, 'module.yaml');
-      if (await fs.pathExists(direct)) results.push(direct);
-
-      const dirPath = path.join(root, dir);
-      if (await fs.pathExists(dirPath)) {
-        const entries = await fs.readdir(dirPath, { withFileTypes: true });
-        for (const entry of entries) {
-          if (!entry.isDirectory()) continue;
-          const nested = path.join(dirPath, entry.name, 'module.yaml');
-          if (await fs.pathExists(nested)) results.push(nested);
-        }
-      }
-    }
-
-    // BMB standard: {setup-skill}/assets/module.yaml (setup skill is any *-setup directory).
-    // Check at the repo root, and also under src/skills/ and skills/ since
-    // marketplace plugins commonly nest skills under src/skills/<name>/.
-    const setupSearchRoots = [root, path.join(root, 'src', 'skills'), path.join(root, 'skills')];
-    for (const setupRoot of setupSearchRoots) {
-      if (!(await fs.pathExists(setupRoot))) continue;
-      const entries = await fs.readdir(setupRoot, { withFileTypes: true });
-      for (const entry of entries) {
-        if (!entry.isDirectory() || !entry.name.endsWith('-setup')) continue;
-        const setupAssets = path.join(setupRoot, entry.name, 'assets', 'module.yaml');
-        if (await fs.pathExists(setupAssets)) results.push(setupAssets);
-      }
-    }
-
-    const atRoot = path.join(root, 'module.yaml');
-    if (await fs.pathExists(atRoot)) results.push(atRoot);
-    return results;
-  }
-
-  // Backwards-compatible single-result variant for the existing external-cache
-  // and resolution-cache fallbacks (one module per root by construction).
-  async function searchRoot(root) {
-    const all = await searchRootAll(root);
-    return all.length > 0 ? all[0] : null;
-  }
-
  const cacheRoot = getExternalModuleCachePath(moduleName);
-  if (await fs.pathExists(cacheRoot)) {
-    const found = await searchRoot(cacheRoot);
-    if (found) return found;
-  }
+  if (!(await fs.pathExists(cacheRoot))) return null;

-  // Community modules are cloned to ~/.bmad/cache/community-modules/<name>/
-  // (parallel to the external-modules cache used above). Search there too so
-  // collectAgentsFromModuleYaml and writeCentralConfig can locate community
-  // module.yaml files regardless of how nested the layout is.
-  const communityCacheRoot = path.join(os.homedir(), '.bmad', 'cache', 'community-modules', moduleName);
-  if (await fs.pathExists(communityCacheRoot)) {
-    const found = await searchRoot(communityCacheRoot);
-    if (found) return found;
-  }
+  for (const dir of ['skills', 'src']) {
+    const direct = path.join(cacheRoot, dir, 'module.yaml');
+    if (await fs.pathExists(direct)) return direct;

-  // Fallback: local custom-source modules store their source path in the
-  // CustomModuleManager resolution cache populated during the same install run.
-  // Match by code OR name since callers may use either form.
-  try {
-    const { CustomModuleManager } = require('./modules/custom-module-manager');
-    for (const [, mod] of CustomModuleManager._resolutionCache) {
-      if ((mod.code === moduleName || mod.name === moduleName) && mod.localPath) {
-        const found = await searchRoot(mod.localPath);
-        if (found) return found;
+    const dirPath = path.join(cacheRoot, dir);
+    if (await fs.pathExists(dirPath)) {
+      const entries = await fs.readdir(dirPath, { withFileTypes: true });
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        const nested = path.join(dirPath, entry.name, 'module.yaml');
+        if (await fs.pathExists(nested)) return nested;
      }
    }
-  } catch {
-    // Resolution cache unavailable — continue
  }

-  // Fallback: url-source custom modules cloned to ~/.bmad/cache/custom-modules/.
-  // Walk every cached repo, enumerate ALL module.yaml files via searchRootAll
-  // (a single repo can host multiple plugins in discovery mode), and match by
-  // the yaml's `code` or `name` field. This works on re-install runs where
-  // _resolutionCache is empty and covers both discovery-mode (with marketplace.json)
-  // and direct-mode modules, since we identify repo roots by .bmad-source.json
-  // (written by cloneRepo) or .claude-plugin/ rather than by marketplace.json.
-  try {
-    const customCacheDir = path.join(os.homedir(), '.bmad', 'cache', 'custom-modules');
-    if (await fs.pathExists(customCacheDir)) {
-      const { CustomModuleManager } = require('./modules/custom-module-manager');
-      const customMgr = new CustomModuleManager();
-      const repoRoots = await customMgr._findCacheRepoRoots(customCacheDir);
-      for (const { repoPath } of repoRoots) {
-        const candidates = await searchRootAll(repoPath);
-        for (const candidate of candidates) {
-          try {
-            const parsed = yaml.parse(await fs.readFile(candidate, 'utf8'));
-            if (parsed && (parsed.code === moduleName || parsed.name === moduleName)) {
-              return candidate;
-            }
-          } catch {
-            // Malformed yaml — skip
-          }
-        }
-      }
-    }
-  } catch {
-    // Custom-modules cache walk failed — continue
-  }
+  const atRoot = path.join(cacheRoot, 'module.yaml');
+  if (await fs.pathExists(atRoot)) return atRoot;

  return null;
 }
--- a/tools/installer/ui.js
+++ b/tools/installer/ui.js
@ -2,7 +2,6 @@ const path = require('node:path');
 const os = require('node:os');
 const semver = require('semver');
 const fs = require('./fs-native');
-const installerPackageJson = require('../../package.json');
 const { CLIUtils } = require('./cli-utils');
 const { ExternalModuleManager } = require('./modules/external-manager');
 const { resolveModuleVersion } = require('./modules/version-resolver');
@ -129,24 +128,6 @@ class UI {
      await prompts.log.warn(warning);
    }

-    // When the user launched the installer from a prerelease (npx bmad-method@next),
-    // mirror that intent for external modules: seed the global channel to 'next' so
-    // the module picker's version labels resolve from main HEAD (matching what
-    // actually gets installed) and the interactive channel gate skips — the user
-    // already declared "next" intent by typing @next. Explicit channel flags
-    // override this seed.
-    if (
-      semver.prerelease(installerPackageJson.version) !== null &&
-      !channelOptions.global &&
-      channelOptions.nextSet.size === 0 &&
-      channelOptions.pins.size === 0
-    ) {
-      channelOptions.global = 'next';
-      await prompts.log.info(
-        'Launched from a prerelease — installing all external modules from main HEAD (next channel). Pass --all-stable or --pin to override.',
-      );
-    }
-
    // Get directory from options or prompt
    let confirmedDirectory;
    if (options.directory) {
@ -200,15 +181,12 @@ class UI {
        actionType = options.action;
        await prompts.log.info(`Using action from command-line: ${actionType}`);
      } else if (options.yes) {
-        // Default to quick-update if available, unless flags that require the
-        // full update path are present (e.g. --custom-source which re-clones
-        // modules at a new version — quick-update skips that entirely).
+        // Default to quick-update if available, otherwise first available choice
        if (choices.length === 0) {
          throw new Error('No valid actions available for this installation');
        }
        const hasQuickUpdate = choices.some((c) => c.value === 'quick-update');
-        const needsFullUpdate = !!options.customSource;
-        actionType = hasQuickUpdate && !needsFullUpdate ? 'quick-update' : (choices.find((c) => c.value === 'update') || choices[0]).value;
+        actionType = hasQuickUpdate ? 'quick-update' : choices[0].value;
        await prompts.log.info(`Non-interactive mode (--yes): defaulting to ${actionType}`);
      } else {
        actionType = await prompts.select({
@ -244,11 +222,8 @@ class UI {
            .map((m) => m.trim())
            .filter(Boolean);
          await prompts.log.info(`Using modules from command-line: ${selectedModules.join(', ')}`);
-        } else if (options.customSource && !options.yes) {
-          // Custom source without --modules or --yes: start with empty list
-          // (only custom source modules + core will be installed).
-          // When --yes is also set, fall through to the --yes branch so all
-          // installed modules are included alongside the custom source modules.
+        } else if (options.customSource) {
+          // Custom source without --modules: start with empty list (core added below)
          selectedModules = [];
        } else if (options.yes) {
          selectedModules = await this.getDefaultModules(installedModuleIds);
@ -357,10 +332,8 @@ class UI {

    // Interactive channel gate: "Ready to install (all stable)? [Y/n]"
    // Only shown for fresh installs with no channel flags and an external module
-    // selected. Skipped for prerelease launches because channelOptions.global
-    // was already seeded to 'next' upstream. Non-interactive installs skip this
-    // and fall through to the registry default (stable) or whatever flags were
-    // supplied.
+    // selected. Non-interactive installs skip this and fall through to the
+    // registry default (stable) or whatever flags were supplied.
    await this._interactiveChannelGate({ options, channelOptions, selectedModules });

    let toolSelection = await this.promptToolSelection(confirmedDirectory, options);
@ -1810,9 +1783,7 @@ class UI {
   *
   * Skipped when:
   *   - running non-interactively (--yes)
-   *   - the user already passed channel flags (--channel / --pin / --next), OR
-   *     the installer was launched from a prerelease (which seeds
-   *     channelOptions.global = 'next' upstream in promptInstall)
+   *   - the user already passed channel flags (--channel / --pin / --next)
   *   - no externals/community modules are selected
   *
   * Mutates channelOptions.pins and channelOptions.nextSet to reflect picker choices.