@eddacraft/anvil-adapters 0.1.0

package/src/__tests__/fixtures/aps/expected-output.json

@@ -0,0 +1,83 @@
+{
+  "id": "aps-12345678",
+  "hash": "0000000000000000000000000000000000000000000000000000000000000000",
+  "intent": "Implement a user authentication system with JWT tokens to secure API endpoints and manage user sessions effectively.",
+  "schema_version": "0.1.0",
+  "proposed_changes": [
+    {
+      "type": "file_create",
+      "path": "src/controllers/auth.controller.ts",
+      "description": "Create authentication controller at `src/controllers/auth.controller.ts`",
+      "content": "import { Request, Response } from 'express';\nimport jwt from 'jsonwebtoken';\nimport bcrypt from 'bcrypt';\n\nexport class AuthController {\n  async register(req: Request, res: Response) {\n    // Implementation here\n  }\n  \n  async login(req: Request, res: Response) {\n    // Implementation here\n  }\n  \n  async refresh(req: Request, res: Response) {\n    // Implementation here\n  }\n}"
+    },
+    {
+      "type": "file_create",
+      "path": "src/middleware/auth.middleware.ts",
+      "description": "Create authentication middleware at `src/middleware/auth.middleware.ts`",
+      "content": "import { Request, Response, NextFunction } from 'express';\nimport jwt from 'jsonwebtoken';\n\nexport function authenticateToken(req: Request, res: Response, next: NextFunction) {\n  // Token verification logic\n}"
+    },
+    {
+      "type": "file_update",
+      "path": "src/app.ts",
+      "description": "Update main application file `src/app.ts`"
+    },
+    {
+      "type": "file_update",
+      "path": "src/config/env.ts",
+      "description": "Update environment configuration `src/config/env.ts`"
+    },
+    {
+      "type": "config_update",
+      "path": ".env",
+      "description": "Update `.env` file"
+    },
+    {
+      "type": "dependency_add",
+      "path": "package.json",
+      "description": "jsonwebtoken: For creating and verifying JWT tokens"
+    },
+    {
+      "type": "dependency_add",
+      "path": "package.json",
+      "description": "bcrypt: For password hashing"
+    },
+    {
+      "type": "dependency_add",
+      "path": "package.json",
+      "description": "express-rate-limit: For rate limiting authentication endpoints"
+    },
+    {
+      "type": "script_execute",
+      "path": "",
+      "description": "Run database migrations to add user table"
+    },
+    {
+      "type": "script_execute",
+      "path": "",
+      "description": "Generate RSA key pair for token signing (optional)"
+    }
+  ],
+  "provenance": {
+    "timestamp": "2024-01-15T10:00:00Z",
+    "source": "cli",
+    "version": "1.0.0"
+  },
+  "metadata": {
+    "source_format": "speckit",
+    "goals": [
+      "Implement secure user authentication using JWT tokens",
+      "Add middleware for protecting API routes",
+      "Support token refresh mechanism for long-lived sessions",
+      "Implement proper password hashing and validation",
+      "Add rate limiting for authentication endpoints"
+    ],
+    "requirements": [
+      "Node.js 18+ runtime environment",
+      "Express.js web framework",
+      "jsonwebtoken library for JWT handling",
+      "bcrypt for password hashing",
+      "Redis for session management (optional)"
+    ],
+    "overview": "This specification outlines the implementation of a JWT-based authentication system that will provide secure access control for our API endpoints. The system will support user registration, login, logout, and token refresh functionality."
+  }
+}

package/src/__tests__/fixtures/bmad/invalid-malformed-yaml.md

@@ -0,0 +1,16 @@
+---
+name: Test Document
+version: 1.0.0: invalid
+author: [unclosed array
+date: "2025-10-25
+invalid: yaml: structure: here
+---
+
+# Document with Malformed YAML
+
+This document has YAML front-matter that is syntactically invalid, which should
+affect parsing but the BMAD adapter should handle gracefully.
+
+FR-01: Some requirement that exists
+
+The YAML is malformed but we still have requirement identifiers.

package/src/__tests__/fixtures/bmad/invalid-no-requirements.md

@@ -0,0 +1,23 @@
+---
+name: 'Document Without Requirements'
+version: '1.0.0'
+---
+
+# Document Title
+
+This document has YAML front-matter and enough content, but it doesn't contain
+any requirement identifiers (FR-XX, NFR-XX, US-XX) which are essential for BMAD
+format.
+
+## Section One
+
+This is just regular content without any structured requirements.
+
+## Section Two
+
+More content here, but still no requirements that would indicate this is a BMAD
+document.
+
+The document is long enough to pass the minimum length check, but the lack of
+requirement identifiers means it should not be confidently detected as BMAD
+format.

package/src/__tests__/fixtures/bmad/invalid-only-yaml.md

@@ -0,0 +1,16 @@
+---
+name: 'Document with Only YAML'
+version: '1.0.0'
+author: 'Test Author'
+date: '2025-10-25'
+description: 'This document only has YAML front-matter'
+---
+
+# Document Title
+
+This document has proper YAML front-matter but absolutely no requirements or
+user stories. It's just freeform content without any of the structured elements
+that make it a BMAD document.
+
+This should result in low confidence detection and validation warnings about
+missing requirements.

package/src/__tests__/fixtures/bmad/invalid-too-short.md

@@ -0,0 +1,3 @@
+# Short Document
+
+This is too short to be a valid BMAD document.

package/src/__tests__/fixtures/bmad/invalid-wrong-format.md

@@ -0,0 +1,40 @@
+# Regular Markdown Document
+
+This is just a regular markdown document that doesn't follow BMAD format at all.
+
+## Introduction
+
+This document has no YAML front-matter, no requirement identifiers (FR-XX,
+NFR-XX, US-XX), and no user stories. It's just plain markdown content that talks
+about various topics.
+
+## Section One
+
+Here's some content about topic one. This is a normal paragraph with normal
+text.
+
+- Bullet point one
+- Bullet point two
+- Bullet point three
+
+## Section Two
+
+More content here. Some **bold text** and _italic text_ for variety.
+
+> A blockquote for good measure
+
+### Subsection
+
+Code example:
+
+```javascript
+function example() {
+  return 'This is not BMAD format';
+}
+```
+
+## Conclusion
+
+This document should not be detected as BMAD format because it lacks all the key
+indicators like YAML front-matter, requirement identifiers, and structured
+content.

package/src/__tests__/fixtures/bmad/valid-agent.md

@@ -0,0 +1,27 @@
+---
+name: 'Code Review Agent'
+version: '1.0.0'
+author: 'BMAD Team'
+hasSidecar: true
+---
+
+# Code Review Agent
+
+## Purpose
+
+An automated code review agent that analyzes pull requests for quality,
+security, and best practice adherence using BMAD v6 agent framework.
+
+## Role
+
+Perform thorough code reviews on incoming pull requests, checking for:
+
+- Coding standards compliance
+- Security vulnerabilities
+- Performance issues
+- Test coverage gaps
+
+## Configuration
+
+The agent uses `_bmad/_config/module.yaml` for its base configuration and stores
+review history in `_bmad/_memory`.

package/src/__tests__/fixtures/bmad/valid-architecture.md

@@ -0,0 +1,116 @@
+---
+name: 'Architecture Document'
+version: '1.0.0'
+description: 'Authentication Service Architecture'
+output_file: 'ARCHITECTURE.md'
+variables:
+  project_name: 'Authentication Service'
+  author: 'Technical Team'
+  date: '2025-10-23'
+---
+
+# Authentication Service - Architecture Document
+
+**Author:** Technical Team **Date:** 2025-10-23 **Version:** 1.0
+
+## Change Log
+
+| Date       | Version | Description          | Author         |
+| :--------- | :------ | :------------------- | :------------- |
+| 2025-10-23 | 1.0     | Initial architecture | Technical Team |
+
+## Technical Summary
+
+The authentication service is built using a microservices architecture with
+Node.js/Express backend, PostgreSQL database, and Redis for session management.
+The system follows REST API patterns and implements JWT-based authentication
+tokens.
+
+## High Level Architecture
+
+```
+┌─────────────┐      ┌──────────────┐      ┌──────────────┐
+│   Client    │────▶ │  Auth API    │────▶ │  PostgreSQL  │
+│   (React)   │      │  (Express)   │      │   Database   │
+└─────────────┘      └──────┬───────┘      └──────────────┘
+                            │
+                            ▼
+                     ┌──────────────┐
+                     │    Redis     │
+                     │   Sessions   │
+                     └──────────────┘
+```
+
+## System Components
+
+### API Layer
+
+- Express.js REST API
+- JWT token generation and validation
+- Rate limiting and request validation
+- OpenAPI specification
+
+### Data Layer
+
+- PostgreSQL for user data persistence
+- Redis for session caching
+- Database migrations with Knex.js
+
+### Security Layer
+
+- bcrypt password hashing
+- JWT token signing
+- CORS configuration
+- Helmet.js security headers
+
+## Tech Stack
+
+**Backend:**
+
+- Node.js 18+
+- Express 4.x
+- TypeScript
+- Passport.js
+
+**Database:**
+
+- PostgreSQL 14+
+- Redis 7+
+
+**Testing:**
+
+- Vitest
+- Supertest for API testing
+
+## API Specifications
+
+### Authentication Endpoints
+
+**POST /api/auth/register**
+
+- Request: `{ email, password, name }`
+- Response: `{ user, token }`
+- Status: 201 Created
+
+**POST /api/auth/login**
+
+- Request: `{ email, password }`
+- Response: `{ user, token }`
+- Status: 200 OK
+
+**POST /api/auth/logout**
+
+- Request: `Bearer token in Authorization header`
+- Response: `{ message: "Logged out" }`
+- Status: 200 OK
+
+## Security Considerations
+
+FR-07: All API endpoints shall use HTTPS in production
+
+FR-08: Rate limiting shall prevent brute force attacks (max 5 attempts per
+minute)
+
+NFR-07: Token expiration shall be configurable (default 24 hours)
+
+NFR-08: Database connections shall use connection pooling for performance

package/src/__tests__/fixtures/bmad/valid-complex-prd.md

@@ -0,0 +1,161 @@
+---
+name: 'Complex PRD'
+version: '2.1.0'
+description: 'E-Commerce Platform PRD'
+output_file: 'ECOMMERCE-PRD.md'
+variables:
+  project_name: 'E-Commerce Platform'
+  author: 'Product Team'
+  date: '2025-10-25'
+  status: 'In Progress'
+---
+
+# E-Commerce Platform - Product Requirements Document
+
+**Author:** Product Team **Date:** 2025-10-25 **Version:** 2.1.0 **Status:** In
+Progress
+
+## Change Log
+
+| Date       | Version | Description                | Author       |
+| :--------- | :------ | :------------------------- | :----------- |
+| 2025-10-20 | 1.0     | Initial PRD                | Product Team |
+| 2025-10-23 | 2.0     | Added payment integration  | Product Team |
+| 2025-10-25 | 2.1     | Added inventory management | Product Team |
+
+## Executive Summary
+
+This PRD defines requirements for a comprehensive e-commerce platform that
+handles product catalogue, shopping cart, checkout, payment processing,
+inventory management, and order fulfilment.
+
+## Functional Requirements
+
+### Product Catalogue
+
+FR-01: System shall display product catalogue with search and filter
+capabilities FR-02: System shall support product categories and subcategories
+FR-03: System shall allow product image upload (up to 10 images per product)
+FR-04: System shall display product reviews and ratings FR-05: System shall
+support product variants (size, colour, etc.)
+
+### Shopping Cart
+
+FR-06: System shall allow users to add products to cart FR-07: System shall
+persist cart across sessions FR-08: System shall calculate cart totals including
+taxes and shipping FR-09: System shall apply discount codes and promotions
+FR-10: System shall show real-time inventory availability
+
+### Checkout Process
+
+FR-11: System shall provide multi-step checkout flow FR-12: System shall collect
+shipping address FR-13: System shall calculate shipping costs based on
+destination FR-14: System shall support multiple payment methods FR-15: System
+shall send order confirmation emails
+
+### Payment Integration
+
+FR-16: System shall integrate with Stripe payment gateway FR-17: System shall
+support credit card payments FR-18: System shall support PayPal payments FR-19:
+System shall handle payment failures gracefully FR-20: System shall support
+refund processing
+
+### Inventory Management
+
+FR-21: System shall track inventory levels in real-time FR-22: System shall
+prevent overselling FR-23: System shall alert when inventory is low FR-24:
+System shall support inventory adjustments FR-25: System shall support multiple
+warehouses
+
+### Order Management
+
+FR-26: System shall create orders upon payment confirmation FR-27: System shall
+display order history to users FR-28: System shall send order status updates
+FR-29: System shall support order cancellation FR-30: System shall generate
+shipping labels
+
+## Non-Functional Requirements
+
+### Performance
+
+NFR-01: Product search shall return results within 500ms NFR-02: Cart operations
+shall complete within 200ms NFR-03: Checkout shall complete within 5 seconds
+NFR-04: System shall support 1,000 concurrent users
+
+### Security
+
+NFR-05: All payment data shall be PCI-DSS compliant NFR-06: User passwords shall
+be hashed using bcrypt NFR-07: All API endpoints shall use HTTPS NFR-08: Payment
+information shall never be stored in database
+
+### Scalability
+
+NFR-09: System shall support 10,000 products NFR-10: System shall handle 100,000
+orders per month NFR-11: Database shall support horizontal scaling
+
+### Reliability
+
+NFR-12: System shall maintain 99.9% uptime NFR-13: System shall have automated
+backup every 6 hours NFR-14: Payment processing shall have retry mechanism
+
+### Compliance
+
+NFR-15: System shall be GDPR compliant NFR-16: System shall be CCPA compliant
+NFR-17: System shall provide data export for users NFR-18: System shall support
+right to deletion
+
+### Testing
+
+NFR-19: All features shall have >90% test coverage NFR-20: System shall have
+end-to-end tests for checkout flow
+
+## User Stories
+
+US-01: Product Browsing
+
+As a customer, I want to browse products by category, so that I can find items
+I'm interested in purchasing.
+
+US-02: Add to Cart
+
+As a customer, I want to add products to my cart, so that I can purchase
+multiple items at once.
+
+US-03: Secure Checkout
+
+As a customer, I want a secure checkout process, so that my payment information
+is protected.
+
+US-04: Order Tracking
+
+As a customer, I want to track my order status, so that I know when to expect
+delivery.
+
+US-05: Inventory Management
+
+As a store admin, I want to manage inventory levels, so that products don't go
+out of stock unexpectedly.
+
+## Success Criteria
+
+1. All 30 functional requirements implemented and tested
+2. All 20 non-functional requirements met
+3. Payment integration completed and tested
+4. Inventory management operational
+5. Load testing completed successfully
+6. Security audit passed with no critical issues
+7. User acceptance testing completed
+
+## Technical Stack
+
+**Frontend:** React, TypeScript, TailwindCSS **Backend:** Node.js, Express,
+TypeScript **Database:** PostgreSQL **Cache:** Redis **Payment:** Stripe API
+**Email:** SendGrid **Hosting:** AWS (EC2, RDS, S3, CloudFront)
+
+## Out of Scope
+
+- Multi-vendor marketplace (deferred to v3.0)
+- Cryptocurrency payments
+- International shipping (Phase 1 is US only)
+- Mobile app (web-only for Phase 1)
+- Subscription products

package/src/__tests__/fixtures/bmad/valid-epic.md

@@ -0,0 +1,73 @@
+---
+name: 'Epic Document'
+version: '1.0.0'
+description: 'User Registration Epic'
+output_file: 'EPIC-001.md'
+variables:
+  epic_id: 'EPIC-001'
+  author: 'Product Manager'
+  date: '2025-10-23'
+---
+
+# EPIC-001: User Registration
+
+**Author:** Product Manager **Date:** 2025-10-23 **Version:** 1.0
+
+## Change Log
+
+| Date       | Version | Description  | Author          |
+| :--------- | :------ | :----------- | :-------------- |
+| 2025-10-23 | 1.0     | Epic created | Product Manager |
+
+## Epic Goal
+
+Enable users to create accounts on the platform using email/password or OAuth
+providers, ensuring a smooth onboarding experience whilst maintaining security
+standards.
+
+## Description
+
+This epic encompasses all functionality related to user registration, including
+account creation forms, validation logic, email verification, and OAuth
+integration. The goal is to make registration as frictionless as possible whilst
+collecting necessary information for compliance.
+
+## Related Stories
+
+US-01: User registration with email/password US-02: OAuth registration with
+Google US-03: OAuth registration with GitHub US-04: Email verification flow
+US-05: Registration form validation
+
+## Success Criteria
+
+1. Users can successfully register using email/password
+2. Users can successfully register using OAuth (Google, GitHub)
+3. Email verification process completes successfully
+4. Registration conversion rate >80%
+5. Form validation provides clear error messages
+6. All registration flows have >90% test coverage
+
+## Technical Requirements
+
+FR-09: Registration form shall validate inputs on client and server side
+
+FR-10: Email verification links shall expire after 24 hours
+
+NFR-09: Registration process shall complete within 3 seconds
+
+NFR-10: Registration form shall be accessible (WCAG 2.1 AA compliant)
+
+## Acceptance Criteria
+
+As a product owner, I want to see:
+
+1. Registration success rate >95%
+2. Form abandonment rate <20%
+3. Email verification completion rate >80%
+4. Zero security vulnerabilities in code review
+
+## Out of Scope
+
+- Phone number verification
+- Social media login beyond Google and GitHub
+- Corporate email domain restrictions

package/src/__tests__/fixtures/bmad/valid-minimal-prd.md

@@ -0,0 +1,19 @@
+---
+name: 'Minimal PRD'
+version: '1.0.0'
+author: 'John Doe'
+date: '2025-10-25'
+---
+
+# Minimal Product Requirements Document
+
+This is a minimal but valid BMAD PRD that contains just the essential elements.
+
+## Functional Requirements
+
+FR-01: System shall provide a dashboard view FR-02: System shall allow data
+export
+
+## Non-Functional Requirements
+
+NFR-01: System shall load within 2 seconds

package/src/__tests__/fixtures/bmad/valid-prd.md

@@ -0,0 +1,107 @@
+---
+name: 'Product Requirements Document'
+version: '1.0.0'
+description: 'User Authentication System PRD'
+output_file: 'PRD.md'
+variables:
+  project_name: 'Authentication Service'
+  author: 'Jane Smith'
+  date: '2025-10-23'
+---
+
+# Authentication Service - Product Requirements Document
+
+**Author:** Jane Smith **Date:** 2025-10-23 **Version:** 1.0
+
+## Change Log
+
+| Date       | Version | Description          | Author     |
+| :--------- | :------ | :------------------- | :--------- |
+| 2025-10-23 | 1.0     | Initial PRD creation | Jane Smith |
+| 2025-10-24 | 1.1     | Added OAuth support  | John Doe   |
+
+## Executive Summary
+
+This PRD defines the requirements for a user authentication system that will
+provide secure login, registration, and session management capabilities for the
+platform. The system must support multiple authentication methods including
+email/password and OAuth providers.
+
+## Product Vision
+
+Build a secure, scalable authentication system that provides excellent user
+experience whilst maintaining industry-standard security practices.
+
+## Functional Requirements
+
+### User Registration
+
+FR-01: The system shall allow users to register with email and password
+
+As a new user, I want to create an account using my email address so that I can
+access the platform.
+
+**Acceptance Criteria:**
+
+1. Email validation is performed
+2. Password meets complexity requirements
+3. Confirmation email is sent
+4. Account is created in database
+
+FR-02: The system shall support OAuth registration
+
+As a user, I want to sign up using my Google or GitHub account so that I don't
+need to create a new password.
+
+### User Login
+
+FR-03: The system shall provide secure login functionality
+
+Users must be able to authenticate using their registered credentials and
+receive a session token.
+
+FR-04: The system shall implement password reset functionality
+
+As a user who forgot their password, I want to receive a reset link via email so
+that I can regain access to my account.
+
+### Session Management
+
+FR-05: The system shall maintain user sessions securely
+
+Session tokens must be cryptographically secure and have appropriate expiration
+times.
+
+FR-06: The system shall allow users to log out
+
+As a logged-in user, I want to end my session so that others cannot access my
+account on shared devices.
+
+## Non-Functional Requirements
+
+NFR-01: Security - The system shall encrypt all passwords using bcrypt with
+minimum 12 rounds
+
+NFR-02: Performance - Authentication operations shall complete within 500ms at
+95th percentile
+
+NFR-03: Scalability - The system shall support 10,000 concurrent users
+
+NFR-04: Availability - The authentication service shall maintain 99.9% uptime
+
+NFR-05: Compliance - The system shall be GDPR compliant for data handling
+
+NFR-06: Testing - All authentication flows shall have >90% test coverage
+
+## Success Criteria
+
+1. All functional requirements implemented and tested
+2. Non-functional requirements meet defined thresholds
+3. Security audit completed with no critical findings
+4. User acceptance testing completed successfully
+
+## Out of Scope
+
+- Multi-factor authentication (deferred to v2.0)
+- Biometric authentication
+- Single sign-on (SSO) for enterprise