@hyperdrive.bot/bmad-workflow 1.0.18 → 1.0.19

package/dist/commands/config/show.js

@@ -7,6 +7,7 @@
 import { Command, Flags } from '@oclif/core';
 import { dump, load } from 'js-yaml';
 import { FileManager } from '../../services/file-system/file-manager.js';
+import { buildReviewConfig } from '../../services/review/review-config.js';
 import * as colors from '../../utils/colors.js';
 import { ConfigurationError, FileSystemError } from '../../utils/errors.js';
 import { createLogger } from '../../utils/logger.js';
@@ -76,16 +77,21 @@ export default class Show extends Command {
                 this.error(colors.error(errorMsg), { exit: 1 });
                 return;
             }
+            // Ensure review section is always present with defaults for display
+            const configObj = (config || {});
+            if (!configObj.review) {
+                configObj.review = buildReviewConfig();
+            }
             // Display configuration in requested format
             if (flags.json) {
                 // JSON output - machine-readable
-                this.log(JSON.stringify(config, null, 2));
+                this.log(JSON.stringify(configObj, null, 2));
             }
             else {
                 // YAML output - human-readable with formatting
                 this.log(colors.bold('Configuration (.bmad-core/core-config.yaml):'));
                 this.log('');
-                this.log(dump(config, { indent: 2, lineWidth: 120 }));
+                this.log(dump(configObj, { indent: 2, lineWidth: 120 }));
             }
             logger.info('Configuration displayed successfully');
         }

package/dist/commands/decompose.js

@@ -14,6 +14,7 @@ import { DependencyGraphExecutor } from '../services/orchestration/dependency-gr
 import { TaskDecompositionService } from '../services/orchestration/task-decomposition-service.js';
 import { DecomposeSessionScaffolder } from '../services/scaffolding/decompose-session-scaffolder.js';
 import * as colors from '../utils/colors.js';
+import { parseDuration } from '../utils/duration.js';
 import { formatBox, formatTable } from '../utils/formatters.js';
 import { createLogger } from '../utils/logger.js';
 /**
@@ -100,9 +101,11 @@ export default class Decompose extends Command {
         'story-prefix': Flags.string({
             description: 'Project prefix for story IDs (e.g., "MIGRATE", "REFACTOR") - used with --story-format',
         }),
-        'task-timeout': Flags.integer({
+        'task-timeout': Flags.custom({
+            parse: async (input) => parseDuration(input),
+        })({
             default: 1_800_000, // 30 minutes
-            description: 'Timeout per task in milliseconds',
+            description: 'Timeout per task — accepts durations like 30s, 5m, 1h, 90m, or raw milliseconds (default: 30m)',
         }),
         verbose: Flags.boolean({
             char: 'v',
@@ -119,6 +122,7 @@ export default class Decompose extends Command {
      */
     async run() {
         const { args, flags } = await this.parse(Decompose);
+        let sessionDir;
         try {
             // Validate provider
             if (!isProviderSupported(flags.provider)) {
@@ -160,14 +164,17 @@ export default class Decompose extends Command {
             }
             // Create session directory
             const timestamp = new Date().toISOString().replaceAll(/[:.]/g, '-').split('.')[0];
-            const sessionDir = join(flags['output-dir'], `session-${timestamp}`);
+            sessionDir = join(flags['output-dir'], `session-${timestamp}`);
             await this.fileManager.createDirectory(sessionDir);
             this.log(colors.info(`📁 Session directory: ${sessionDir}\n`));
             // Phase 1: Decompose goal into task graph
-            this.log(colors.bold('⚙️  Phase 1: Decomposing goal into task graph...\n'));
+            this.log(colors.bold('⚙️  Phase 1: Decomposing goal into task graph...'));
+            this.log(colors.dim('   (sending goal to AI agent — this typically takes 2-5 minutes)\n'));
+            const startPhase1 = Date.now();
             const decompositionService = new TaskDecompositionService(createAgentRunner(flags.provider, this.logger), this.fileManager, new GlobMatcher(this.fileManager, this.logger), this.logger);
             const taskGraph = await decompositionService.decomposeGoal(options, sessionDir);
-            this.log(colors.success('✓ Task graph generated!\n'));
+            const phase1Duration = ((Date.now() - startPhase1) / 1000).toFixed(1);
+            this.log(colors.success(`✓ Task graph generated in ${phase1Duration}s!\n`));
             this.displayTaskGraphSummary(taskGraph);
             // Phase 2: Scaffold session structure
             this.log(colors.bold('\n⚙️  Phase 2: Creating session structure...\n'));
@@ -229,6 +236,20 @@ export default class Decompose extends Command {
             this.logger.error({ error: error.message }, 'Decompose command failed');
             this.log('\n' + colors.error('✗ Decompose failed:'));
             this.log(colors.error(`  ${error.message}`));
+            // Clean up empty session directories left by failed runs
+            if (sessionDir) {
+                try {
+                    const { readdir, rmdir } = await import('node:fs/promises');
+                    const contents = await readdir(sessionDir);
+                    if (contents.length === 0) {
+                        await rmdir(sessionDir);
+                        this.logger.debug({ sessionDir }, 'Cleaned up empty session directory');
+                    }
+                }
+                catch {
+                    // Ignore cleanup errors
+                }
+            }
             this.error('Execution failed', { exit: 1 });
         }
     }

package/dist/commands/epics/create.d.ts

@@ -41,6 +41,7 @@ export default class EpicsCreate extends Command {
         provider: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
         task: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         timeout: import("@oclif/core/interfaces").OptionFlag<number, import("@oclif/core/interfaces").CustomOptions>;
+        'review-timeout': import("@oclif/core/interfaces").OptionFlag<number | undefined, import("@oclif/core/interfaces").CustomOptions>;
         'max-retries': import("@oclif/core/interfaces").OptionFlag<number, import("@oclif/core/interfaces").CustomOptions>;
         'retry-backoff': import("@oclif/core/interfaces").OptionFlag<number, import("@oclif/core/interfaces").CustomOptions>;
     };

package/dist/commands/mcp/add.d.ts

@@ -0,0 +1,16 @@
+/**
+ * MCP Add Command
+ *
+ * Adds an MCP server to the active configuration by loading its template
+ * from server-templates/ and persisting it via McpConfigManager.
+ * Prompts for API key if required and not already configured.
+ */
+import { Command } from '@oclif/core';
+export default class McpAdd extends Command {
+    static args: {
+        server: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: string[];
+    run(): Promise<void>;
+}

package/dist/commands/mcp/add.js

@@ -0,0 +1,77 @@
+/**
+ * MCP Add Command
+ *
+ * Adds an MCP server to the active configuration by loading its template
+ * from server-templates/ and persisting it via McpConfigManager.
+ * Prompts for API key if required and not already configured.
+ */
+import { Args, Command } from '@oclif/core';
+import chalk from 'chalk';
+import { listAvailableTemplates, loadServerTemplate } from '../../mcp/utils/template-loader.js';
+import { McpConfigManager } from '../../services/mcp/mcp-config-manager.js';
+import { McpCredentialManager } from '../../services/mcp/mcp-credential-manager.js';
+import { createLogger } from '../../utils/logger.js';
+const logger = createLogger({ namespace: 'commands:mcp:add' });
+export default class McpAdd extends Command {
+    static args = {
+        server: Args.string({
+            description: 'Name of the MCP server template to add',
+            required: true,
+        }),
+    };
+    static description = 'Add an MCP server to the active gateway configuration';
+    static examples = [
+        '<%= config.bin %> mcp add context7',
+        '<%= config.bin %> mcp add exa',
+        '<%= config.bin %> mcp add playwright',
+    ];
+    async run() {
+        const { args } = await this.parse(McpAdd);
+        const serverName = args.server;
+        logger.info('Adding MCP server: %s', serverName);
+        // 1. Load the server template
+        let template;
+        try {
+            template = loadServerTemplate(serverName);
+        }
+        catch (error) {
+            const available = listAvailableTemplates();
+            this.error(`Server template '${serverName}' not found.\n\nAvailable templates: ${available.join(', ')}`, { exit: 1 });
+            return;
+        }
+        // 2. Add to config
+        const configManager = new McpConfigManager();
+        configManager.addServer(template);
+        this.log(chalk.green(`Server '${serverName}' added to configuration`));
+        // 3. Check credential requirements
+        if (template.api_key_required && template.env) {
+            const credentialManager = new McpCredentialManager();
+            const envVarNames = Object.keys(template.env);
+            for (const envVar of envVarNames) {
+                const existing = credentialManager.resolve(envVar);
+                if (existing) {
+                    this.log(chalk.dim(`  Credential ${envVar}: already configured`));
+                    continue;
+                }
+                // Prompt for API key if running interactively
+                if (process.stdin.isTTY) {
+                    const { password } = await import('@inquirer/prompts');
+                    const value = await password({
+                        mask: '*',
+                        message: `Enter value for ${envVar}:`,
+                    });
+                    if (value) {
+                        credentialManager.set(envVar, value);
+                        this.log(chalk.green(`  Credential set for ${envVar}`));
+                    }
+                    else {
+                        this.log(chalk.yellow(`  Warning: ${envVar} not set. Server may not work without it.`));
+                    }
+                }
+                else {
+                    this.log(chalk.yellow(`  Warning: ${envVar} is required but not set. Run in interactive mode or set the environment variable.`));
+                }
+            }
+        }
+    }
+}

package/dist/commands/mcp/credential/get.d.ts

@@ -0,0 +1,14 @@
+/**
+ * MCP Credential Get Command
+ *
+ * Retrieves and displays a stored credential value in masked format.
+ */
+import { Command } from '@oclif/core';
+export default class CredentialGet extends Command {
+    static args: {
+        key: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: string[];
+    run(): Promise<void>;
+}

package/dist/commands/mcp/credential/get.js

@@ -0,0 +1,35 @@
+/**
+ * MCP Credential Get Command
+ *
+ * Retrieves and displays a stored credential value in masked format.
+ */
+import { Args, Command } from '@oclif/core';
+import chalk from 'chalk';
+import { McpCredentialManager } from '../../../services/mcp/mcp-credential-manager.js';
+import { createLogger } from '../../../utils/logger.js';
+import { maskValue } from '../../../utils/credential-utils.js';
+const logger = createLogger({ namespace: 'commands:mcp:credential:get' });
+export default class CredentialGet extends Command {
+    static args = {
+        key: Args.string({
+            description: 'Credential key name (e.g., EXA_API_KEY)',
+            required: true,
+        }),
+    };
+    static description = 'Get an MCP server credential (masked display)';
+    static examples = [
+        '<%= config.bin %> mcp credential get EXA_API_KEY',
+    ];
+    async run() {
+        const { args } = await this.parse(CredentialGet);
+        const { key } = args;
+        logger.info('Getting credential: %s', key);
+        const credentialManager = new McpCredentialManager();
+        const value = credentialManager.resolve(key);
+        if (!value) {
+            this.error(chalk.red(`Credential '${key}' not found`), { exit: 1 });
+            return;
+        }
+        this.log(`${chalk.bold(key)}: ${maskValue(value)}`);
+    }
+}

package/dist/commands/mcp/credential/list.d.ts

@@ -0,0 +1,17 @@
+/**
+ * MCP Credential List Command
+ *
+ * Displays all stored credential keys with masked values, indicating
+ * which are required by currently enabled servers.
+ */
+import { Command } from '@oclif/core';
+export default class CredentialList extends Command {
+    static description: string;
+    static examples: string[];
+    run(): Promise<void>;
+    /**
+     * Map server name to known env var keys.
+     * This is a simple lookup based on known server templates.
+     */
+    private getServerEnvKeys;
+}

package/dist/commands/mcp/credential/list.js

@@ -0,0 +1,67 @@
+/**
+ * MCP Credential List Command
+ *
+ * Displays all stored credential keys with masked values, indicating
+ * which are required by currently enabled servers.
+ */
+import { Command } from '@oclif/core';
+import chalk from 'chalk';
+import { McpConfigManager } from '../../../services/mcp/mcp-config-manager.js';
+import { McpCredentialManager } from '../../../services/mcp/mcp-credential-manager.js';
+import { createLogger } from '../../../utils/logger.js';
+import { maskValue } from '../../../utils/credential-utils.js';
+const logger = createLogger({ namespace: 'commands:mcp:credential:list' });
+export default class CredentialList extends Command {
+    static description = 'List all stored MCP server credentials';
+    static examples = [
+        '<%= config.bin %> mcp credential list',
+    ];
+    async run() {
+        logger.info('Listing credentials');
+        const credentialManager = new McpCredentialManager();
+        const configManager = new McpConfigManager();
+        const entries = credentialManager.list();
+        if (entries.length === 0) {
+            this.log(chalk.dim('No credentials stored. Use "bmad-workflow mcp credential set <key> <value>" to add one.'));
+            return;
+        }
+        // Determine which env var keys are required by enabled servers
+        const enabledServers = configManager.getEnabledServers();
+        const requiredKeys = new Set();
+        // We need to check the full server templates to get env var names
+        // For now, servers with apiKeyRequired=true imply their env keys are needed
+        for (const server of enabledServers) {
+            if (server.apiKeyRequired && server.enabled) {
+                // Map server name to known env keys via template
+                const envKeys = this.getServerEnvKeys(server.name);
+                for (const k of envKeys) {
+                    requiredKeys.add(k);
+                }
+            }
+        }
+        this.log(chalk.bold('\nMCP Credentials\n'));
+        this.log(`${chalk.dim('Key'.padEnd(25))} ${chalk.dim('Value'.padEnd(25))} ${chalk.dim('Status')}`);
+        this.log(chalk.dim('─'.repeat(70)));
+        for (const entry of entries) {
+            const value = credentialManager.resolve(entry.key);
+            const masked = value ? maskValue(value) : chalk.dim('not set');
+            const required = requiredKeys.has(entry.key);
+            const status = entry.configured
+                ? (required ? chalk.green('configured (required)') : chalk.green('configured'))
+                : (required ? chalk.yellow('missing (required)') : chalk.dim('not set'));
+            this.log(`${entry.key.padEnd(25)} ${masked.padEnd(25)} ${status}`);
+        }
+        this.log('');
+    }
+    /**
+     * Map server name to known env var keys.
+     * This is a simple lookup based on known server templates.
+     */
+    getServerEnvKeys(serverName) {
+        const envMapping = {
+            apify: ['APIFY_TOKEN'],
+            exa: ['EXA_API_KEY'],
+        };
+        return envMapping[serverName] || [];
+    }
+}

package/dist/commands/mcp/credential/remove.d.ts

@@ -0,0 +1,18 @@
+/**
+ * MCP Credential Remove Command
+ *
+ * Removes a credential entry from the stored credentials file.
+ * Warns if the key is required by an enabled server before proceeding.
+ */
+import { Command } from '@oclif/core';
+export default class CredentialRemove extends Command {
+    static args: {
+        key: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: string[];
+    static flags: {
+        force: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/mcp/credential/remove.js

@@ -0,0 +1,84 @@
+/**
+ * MCP Credential Remove Command
+ *
+ * Removes a credential entry from the stored credentials file.
+ * Warns if the key is required by an enabled server before proceeding.
+ */
+import { Args, Command, Flags } from '@oclif/core';
+import chalk from 'chalk';
+import { McpConfigManager } from '../../../services/mcp/mcp-config-manager.js';
+import { McpCredentialManager } from '../../../services/mcp/mcp-credential-manager.js';
+import { createLogger } from '../../../utils/logger.js';
+const logger = createLogger({ namespace: 'commands:mcp:credential:remove' });
+/**
+ * Map server name to known env var keys.
+ */
+function getServerEnvKeys(serverName) {
+    const envMapping = {
+        apify: ['APIFY_TOKEN'],
+        exa: ['EXA_API_KEY'],
+    };
+    return envMapping[serverName] || [];
+}
+export default class CredentialRemove extends Command {
+    static args = {
+        key: Args.string({
+            description: 'Credential key name to remove',
+            required: true,
+        }),
+    };
+    static description = 'Remove an MCP server credential';
+    static examples = [
+        '<%= config.bin %> mcp credential remove EXA_API_KEY',
+        '<%= config.bin %> mcp credential remove APIFY_TOKEN --force',
+    ];
+    static flags = {
+        force: Flags.boolean({
+            char: 'f',
+            default: false,
+            description: 'Skip confirmation when key is required by an enabled server',
+        }),
+    };
+    async run() {
+        const { args, flags } = await this.parse(CredentialRemove);
+        const { key } = args;
+        logger.info('Removing credential: %s', key);
+        const credentialManager = new McpCredentialManager();
+        const configManager = new McpConfigManager();
+        // Check if key is required by any enabled server
+        const enabledServers = configManager.getEnabledServers();
+        const dependentServers = [];
+        for (const server of enabledServers) {
+            if (server.apiKeyRequired && server.enabled) {
+                const envKeys = getServerEnvKeys(server.name);
+                if (envKeys.includes(key)) {
+                    dependentServers.push(server.name);
+                }
+            }
+        }
+        if (dependentServers.length > 0 && !flags.force) {
+            this.log(chalk.yellow(`Warning: '${key}' is required by enabled server(s): ${dependentServers.join(', ')}`));
+            this.log(chalk.yellow('Removing this credential may break those servers.'));
+            this.log(chalk.dim('Use --force to skip this warning.'));
+            if (process.stdin.isTTY) {
+                const { confirm } = await import('@inquirer/prompts');
+                const proceed = await confirm({ default: false, message: 'Proceed with removal?' });
+                if (!proceed) {
+                    this.log(chalk.dim('Removal cancelled.'));
+                    return;
+                }
+            }
+            else {
+                this.error(chalk.red(`Credential '${key}' is required by enabled servers. Use --force to remove.`), { exit: 1 });
+                return;
+            }
+        }
+        const removed = credentialManager.remove(key);
+        if (removed) {
+            this.log(chalk.green(`Credential '${key}' removed successfully`));
+        }
+        else {
+            this.log(chalk.yellow(`Credential '${key}' not found in store`));
+        }
+    }
+}

package/dist/commands/mcp/credential/set.d.ts

@@ -0,0 +1,16 @@
+/**
+ * MCP Credential Set Command
+ *
+ * Stores an API credential key-value pair to ~/.bmad/credentials/mcp-keys.yaml
+ * with file permissions 600. Rejects empty values.
+ */
+import { Command } from '@oclif/core';
+export default class CredentialSet extends Command {
+    static args: {
+        key: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+        value: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: string[];
+    run(): Promise<void>;
+}

package/dist/commands/mcp/credential/set.js

@@ -0,0 +1,41 @@
+/**
+ * MCP Credential Set Command
+ *
+ * Stores an API credential key-value pair to ~/.bmad/credentials/mcp-keys.yaml
+ * with file permissions 600. Rejects empty values.
+ */
+import { Args, Command } from '@oclif/core';
+import chalk from 'chalk';
+import { McpCredentialManager } from '../../../services/mcp/mcp-credential-manager.js';
+import { createLogger } from '../../../utils/logger.js';
+import { maskValue } from '../../../utils/credential-utils.js';
+const logger = createLogger({ namespace: 'commands:mcp:credential:set' });
+export default class CredentialSet extends Command {
+    static args = {
+        key: Args.string({
+            description: 'Credential key name (e.g., EXA_API_KEY)',
+            required: true,
+        }),
+        value: Args.string({
+            description: 'Credential value',
+            required: true,
+        }),
+    };
+    static description = 'Set an MCP server credential';
+    static examples = [
+        '<%= config.bin %> mcp credential set EXA_API_KEY sk-exa-abc123',
+        '<%= config.bin %> mcp credential set APIFY_TOKEN apify_api_xyz',
+    ];
+    async run() {
+        const { args } = await this.parse(CredentialSet);
+        const { key, value } = args;
+        logger.info('Setting credential: %s', key);
+        if (!value || value.trim().length === 0) {
+            this.error(chalk.red('Value cannot be empty'), { exit: 1 });
+            return;
+        }
+        const credentialManager = new McpCredentialManager();
+        credentialManager.set(key, value);
+        this.log(chalk.green(`Credential '${key}' set successfully (${maskValue(value)})`));
+    }
+}

package/dist/commands/mcp/credential/validate.d.ts

@@ -0,0 +1,12 @@
+/**
+ * MCP Credential Validate Command
+ *
+ * Validates all credentials required by enabled MCP servers by resolving them
+ * via the credential resolution chain and testing against live health checks.
+ */
+import { Command } from '@oclif/core';
+export default class CredentialValidate extends Command {
+    static description: string;
+    static examples: string[];
+    run(): Promise<void>;
+}