@ngocsangairvds/vsaf 4.1.0 → 4.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -1
- package/packages/cli/dist/commands/cleanup.d.ts +6 -0
- package/packages/cli/dist/commands/cleanup.d.ts.map +1 -0
- package/packages/cli/dist/commands/cleanup.js +103 -0
- package/packages/cli/dist/commands/cleanup.js.map +1 -0
- package/packages/cli/dist/commands/doctor.d.ts +1 -0
- package/packages/cli/dist/commands/doctor.d.ts.map +1 -1
- package/packages/cli/dist/commands/doctor.js +4 -3
- package/packages/cli/dist/commands/doctor.js.map +1 -1
- package/packages/cli/dist/index.js +23 -2
- package/packages/cli/dist/index.js.map +1 -1
- package/packages/cli/dist/mcp/server.d.ts.map +1 -1
- package/packages/cli/dist/mcp/server.js +9 -0
- package/packages/cli/dist/mcp/server.js.map +1 -1
- package/packages/core/dist/store/run-store.d.ts +8 -0
- package/packages/core/dist/store/run-store.d.ts.map +1 -1
- package/packages/core/dist/store/run-store.js +51 -0
- package/packages/core/dist/store/run-store.js.map +1 -1
- package/packages/web/dist/web/3rdpartylicenses.txt +614 -0
- package/packages/web/dist/web/browser/chunk-2QJBTGYU.js +3 -0
- package/packages/web/dist/web/browser/chunk-3VYLP4FZ.js +1 -0
- package/packages/web/dist/web/browser/chunk-6HRQZQXD.js +1 -0
- package/packages/web/dist/web/browser/chunk-7PK6Q4UU.js +1 -0
- package/packages/web/dist/web/browser/chunk-O7TQGEFF.js +8 -0
- package/packages/web/dist/web/browser/chunk-PWF76NCM.js +1 -0
- package/packages/web/dist/web/browser/favicon.ico +0 -0
- package/packages/web/dist/web/browser/index.html +13 -0
- package/packages/web/dist/web/browser/main-AZU5W3KI.js +1 -0
- package/packages/web/dist/web/browser/polyfills-YMBILSHJ.js +2 -0
- package/packages/web/dist/web/browser/styles-JBPZVY54.css +1 -0
- package/packages/web/dist/web/prerendered-routes.json +3 -0
- package/skills/sdlc/architecture/SKILL.md +5 -3
- package/skills/sdlc/hotfix-analyze/SKILL.md +1 -1
- package/skills/sdlc/hotfix-implement/SKILL.md +227 -0
- package/skills/sdlc/hotfix-prd/SKILL.md +161 -0
- package/skills/sdlc/hotfix-ship/SKILL.md +221 -0
- package/skills/sdlc/pack.yaml +3 -2
- package/skills/sdlc/prd/SKILL.md +4 -2
- package/skills/sdlc/review/SKILL.md +3 -1
- package/skills/sdlc/sdlc-health/SKILL.md +6 -5
- package/skills/sdlc/ship/SKILL.md +6 -91
- package/skills/sdlc/srs/SKILL.md +3 -1
- package/skills/sdlc/test-design/SKILL.md +3 -1
- package/skills/sdlc/workflows/hotfix-tdd.yaml +7 -12
- package/skills/sdlc/workflows/hotfix.yaml +16 -15
- package/skills/sdlc/hotfix-green/SKILL.md +0 -101
- package/skills/sdlc/hotfix-red/SKILL.md +0 -96
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: hotfix-prd
|
|
3
|
+
description: "Hotfix Phase 2 — Lightweight PRD from analysis: fix requirements, acceptance criteria, scope"
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
author: "@ngocsangairvds/vsaf"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Hotfix Phase 2: PRD (Fix Requirements)
|
|
9
|
+
|
|
10
|
+
You are a Principal Product Owner focused on a surgical fix. Mission: define exactly what needs to change, acceptance criteria, and "done" definition — no discovery needed (grill already happened in analyze phase).
|
|
11
|
+
|
|
12
|
+
## Language Rule
|
|
13
|
+
|
|
14
|
+
Output documents (02-prd.md) MUST be written in Vietnamese. Only keep English for: IDs, technical terms, code references.
|
|
15
|
+
|
|
16
|
+
## Progress Protocol
|
|
17
|
+
|
|
18
|
+
Print progress at each step:
|
|
19
|
+
```
|
|
20
|
+
[HOTFIX-PRD] [step/4] description... ⏳
|
|
21
|
+
[HOTFIX-PRD] [step/4] description... ✅
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
## Index Protection
|
|
25
|
+
|
|
26
|
+
⛔ Do NOT modify `graphify-out/` or `.gitnexus/` — READ only.
|
|
27
|
+
|
|
28
|
+
## Phase Entry Protocol
|
|
29
|
+
|
|
30
|
+
```
|
|
31
|
+
[HOTFIX-PRD] [1/4] Checking input artifacts... ⏳
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
1. Input: `.vsaf/docs/hotfixes/{bug-id}/01-analysis.md`
|
|
35
|
+
2. Verify file exists:
|
|
36
|
+
- Does not exist → Stop: "Analysis not found. Run `/sdlc-hotfix-analyze` first."
|
|
37
|
+
3. Read the analysis file — extract:
|
|
38
|
+
- Root cause (file:line)
|
|
39
|
+
- Blast radius
|
|
40
|
+
- Fix strategy (proposed in analyze phase)
|
|
41
|
+
- Affected files
|
|
42
|
+
4. Read `.vsaf/docs/STATUS.md`
|
|
43
|
+
5. Read `CONTEXT.md`
|
|
44
|
+
|
|
45
|
+
```
|
|
46
|
+
[HOTFIX-PRD] [1/4] Checking input artifacts... ✅
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
## Tasks
|
|
50
|
+
|
|
51
|
+
### Step 2: Define Fix Requirements
|
|
52
|
+
|
|
53
|
+
```
|
|
54
|
+
[HOTFIX-PRD] [2/4] Defining fix requirements from analysis... ⏳
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Based on the analysis (NOT a new grill session — that already happened), define:
|
|
58
|
+
|
|
59
|
+
1. **Fix Goal** — one sentence: what the fix achieves
|
|
60
|
+
2. **Functional Requirements** — FR-001, FR-002... (typically 1-3 for a hotfix)
|
|
61
|
+
- Each FR traces to the root cause or blast radius item
|
|
62
|
+
3. **Acceptance Criteria** — Given/When/Then for each FR
|
|
63
|
+
- MUST include a regression test criterion: "Given the fix is applied, When {original reproduction steps}, Then {expected behavior}"
|
|
64
|
+
4. **Scope Boundary** — explicitly state what is OUT of scope (no refactoring, no enhancements)
|
|
65
|
+
5. **Non-Functional Requirements** — only if relevant (performance regression, security)
|
|
66
|
+
|
|
67
|
+
```
|
|
68
|
+
[HOTFIX-PRD] [2/4] Defining fix requirements... ✅
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
### Step 3: Validate + Risk Check
|
|
72
|
+
|
|
73
|
+
```
|
|
74
|
+
[HOTFIX-PRD] [3/4] Validating PRD... ⏳
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
Use `/bmad-validate-prd` — validate:
|
|
78
|
+
- Every FR is testable
|
|
79
|
+
- Acceptance criteria are unambiguous
|
|
80
|
+
- Scope is minimal (hotfix, not enhancement)
|
|
81
|
+
- Fix addresses root cause, not just symptom
|
|
82
|
+
|
|
83
|
+
If FAIL → fix inline, re-validate.
|
|
84
|
+
|
|
85
|
+
Use GitNexus `impact` — confirm blast radius from analysis is still accurate.
|
|
86
|
+
|
|
87
|
+
```
|
|
88
|
+
[HOTFIX-PRD] [3/4] Validating PRD... ✅
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### Step 4: Write PRD
|
|
92
|
+
|
|
93
|
+
```
|
|
94
|
+
[HOTFIX-PRD] [4/4] Writing hotfix PRD... ⏳
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Write file: `.vsaf/docs/hotfixes/{bug-id}/02-prd.md`
|
|
98
|
+
|
|
99
|
+
```markdown
|
|
100
|
+
# Hotfix PRD: {bug-id}
|
|
101
|
+
|
|
102
|
+
## Fix Goal
|
|
103
|
+
{one sentence}
|
|
104
|
+
|
|
105
|
+
## Source
|
|
106
|
+
- Analysis: `01-analysis.md`
|
|
107
|
+
- Root cause: {file:line — summary}
|
|
108
|
+
|
|
109
|
+
## Functional Requirements
|
|
110
|
+
|
|
111
|
+
### FR-001: {title}
|
|
112
|
+
{description}
|
|
113
|
+
|
|
114
|
+
**Acceptance Criteria:**
|
|
115
|
+
- Given {context}, When {action}, Then {expected result}
|
|
116
|
+
|
|
117
|
+
### FR-002: {title} (if needed)
|
|
118
|
+
...
|
|
119
|
+
|
|
120
|
+
## Non-Functional Requirements
|
|
121
|
+
{NFR-001 if applicable, otherwise "N/A — no NFR impact for this fix"}
|
|
122
|
+
|
|
123
|
+
## Scope Boundary
|
|
124
|
+
**In scope:** {what will change}
|
|
125
|
+
**Out of scope:** {what will NOT change — no refactoring, no enhancements}
|
|
126
|
+
|
|
127
|
+
## Blast Radius (confirmed)
|
|
128
|
+
{from GitNexus impact — files that may be affected}
|
|
129
|
+
|
|
130
|
+
## Gate: {PENDING / APPROVED by {name} on {date}}
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
```
|
|
134
|
+
[HOTFIX-PRD] [4/4] Writing hotfix PRD... ✅
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
## Gate
|
|
138
|
+
|
|
139
|
+
Human must approve the PRD. Write `## Gate: APPROVED` at the end of the file.
|
|
140
|
+
Do NOT proceed to implementation without the Gate marker.
|
|
141
|
+
|
|
142
|
+
## Phase Exit Protocol
|
|
143
|
+
|
|
144
|
+
Print PHASE REPORT:
|
|
145
|
+
- Bug: {bug-id}
|
|
146
|
+
- Status: PRD COMPLETED
|
|
147
|
+
- FRs: {count} functional requirements
|
|
148
|
+
- Output: `.vsaf/docs/hotfixes/{bug-id}/02-prd.md`
|
|
149
|
+
- Next step: `/sdlc-hotfix-implement`
|
|
150
|
+
|
|
151
|
+
Update `.vsaf/docs/STATUS.md`.
|
|
152
|
+
|
|
153
|
+
> Artifacts saved. If the session is interrupted, open a new session and run the next phase — data is safe.
|
|
154
|
+
|
|
155
|
+
## Rules
|
|
156
|
+
|
|
157
|
+
- ⛔ Do NOT start a new grill session — analysis already has grill results
|
|
158
|
+
- ⛔ Do NOT modify `graphify-out/` or `.gitnexus/`
|
|
159
|
+
- ⛔ Do NOT add enhancements — hotfix scope only
|
|
160
|
+
- Scope MUST be minimal — fix root cause, add regression test, nothing more
|
|
161
|
+
- Every FR MUST be directly traceable to the root cause or blast radius
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: hotfix-ship
|
|
3
|
+
description: "Hotfix Phase 4 — Ship: commit, PR on hotfix branch, ship report"
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
author: "@ngocsangairvds/vsaf"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Hotfix Phase 4: Ship
|
|
9
|
+
|
|
10
|
+
You are DevOps Engineer. Mission: ship the approved hotfix — commit, push, create PR, write ship report.
|
|
11
|
+
|
|
12
|
+
## Progress Protocol
|
|
13
|
+
|
|
14
|
+
Print progress at each step:
|
|
15
|
+
```
|
|
16
|
+
[HOTFIX-SHIP] [step/5] description... ⏳
|
|
17
|
+
[HOTFIX-SHIP] [step/5] description... ✅
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
## Phase Entry Protocol
|
|
21
|
+
|
|
22
|
+
```
|
|
23
|
+
[HOTFIX-SHIP] [1/5] Checking prerequisites... ⏳
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
1. Input: `.vsaf/docs/hotfixes/{bug-id}/` directory
|
|
27
|
+
2. Verify these files exist:
|
|
28
|
+
- `01-analysis.md` — root cause analysis
|
|
29
|
+
- `02-prd.md` — fix requirements (MUST have `## Gate: APPROVED`)
|
|
30
|
+
- `03-impl-log.md` — implementation log
|
|
31
|
+
3. Check `02-prd.md` has `## Gate: APPROVED`
|
|
32
|
+
- No Gate → Stop: "PRD not approved. Get approval before shipping."
|
|
33
|
+
4. Verify current branch is `hotfix/{bug-id}`
|
|
34
|
+
- Wrong branch → Stop: "Not on hotfix branch. Switch to `hotfix/{bug-id}`."
|
|
35
|
+
5. Read `CONTEXT.md`
|
|
36
|
+
|
|
37
|
+
```
|
|
38
|
+
[HOTFIX-SHIP] [1/5] Checking prerequisites... ✅
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## Tasks
|
|
42
|
+
|
|
43
|
+
### Step 2: .gitignore Enforcement
|
|
44
|
+
|
|
45
|
+
```
|
|
46
|
+
[HOTFIX-SHIP] [2/5] Checking .gitignore... ⏳
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
**MANDATORY** — verify before committing:
|
|
50
|
+
|
|
51
|
+
1. Check `.gitignore` contains:
|
|
52
|
+
```
|
|
53
|
+
graphify-out/
|
|
54
|
+
.gitnexus/
|
|
55
|
+
```
|
|
56
|
+
2. If MISSING → add automatically and notify user
|
|
57
|
+
3. Verify with `git status` — `graphify-out/` and `.gitnexus/` do NOT appear
|
|
58
|
+
4. If they appear → `git rm --cached -r graphify-out/ .gitnexus/`
|
|
59
|
+
|
|
60
|
+
⚠️ **ABSOLUTELY DO NOT commit `graphify-out/` or `.gitnexus/`**
|
|
61
|
+
|
|
62
|
+
```
|
|
63
|
+
[HOTFIX-SHIP] [2/5] Checking .gitignore... ✅
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
### Step 3: Final Test Gate
|
|
67
|
+
|
|
68
|
+
```
|
|
69
|
+
[HOTFIX-SHIP] [3/5] Final test verification... ⏳
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
Run full test suite one last time before shipping:
|
|
73
|
+
```bash
|
|
74
|
+
npm test # or mvn test / gradle test / equivalent
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
- ALL tests MUST pass
|
|
78
|
+
- If FAIL → Stop: "Tests failing. Fix before shipping."
|
|
79
|
+
|
|
80
|
+
```
|
|
81
|
+
[HOTFIX-SHIP] [3/5] Final test verification... ✅
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
### Step 4: Commit + Push + PR
|
|
85
|
+
|
|
86
|
+
```
|
|
87
|
+
[HOTFIX-SHIP] [4/5] Commit + push + create PR... ⏳
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
**Commit scope — ONLY commit:**
|
|
91
|
+
- Source code changes (the fix)
|
|
92
|
+
- `.vsaf/docs/hotfixes/{bug-id}/` (all artifacts)
|
|
93
|
+
- `.gitignore` (if updated)
|
|
94
|
+
|
|
95
|
+
**DO NOT commit:**
|
|
96
|
+
- `graphify-out/`
|
|
97
|
+
- `.gitnexus/`
|
|
98
|
+
|
|
99
|
+
**Commit message format:**
|
|
100
|
+
```
|
|
101
|
+
fix({area}): {short description}
|
|
102
|
+
|
|
103
|
+
Root cause: {one line from 01-analysis.md}
|
|
104
|
+
Closes: #{issue-number} (if applicable)
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
**Push + PR:**
|
|
108
|
+
```bash
|
|
109
|
+
git push -u origin hotfix/{bug-id}
|
|
110
|
+
gh pr create --title "fix({area}): {short description}" --body "{PR body}"
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
**PR body template:**
|
|
114
|
+
```markdown
|
|
115
|
+
## Bug Fix: {bug-id}
|
|
116
|
+
|
|
117
|
+
### Root Cause
|
|
118
|
+
{from 01-analysis.md — one paragraph}
|
|
119
|
+
|
|
120
|
+
### Fix
|
|
121
|
+
{from 03-impl-log.md — what was changed and why}
|
|
122
|
+
|
|
123
|
+
### Tests
|
|
124
|
+
- Regression test: `{test file}:{test name}`
|
|
125
|
+
- Full suite: {total} tests, all PASS
|
|
126
|
+
|
|
127
|
+
### Affected Files
|
|
128
|
+
{list from 03-impl-log.md}
|
|
129
|
+
|
|
130
|
+
### Scope
|
|
131
|
+
- ✅ Fix only — no refactoring, no enhancements
|
|
132
|
+
- ✅ Regression test added
|
|
133
|
+
- ✅ Full test suite passing
|
|
134
|
+
|
|
135
|
+
---
|
|
136
|
+
> **Post-pull:** Run `npx -y gitnexus@latest analyze` and `/graphify` to re-index locally.
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
```
|
|
140
|
+
[HOTFIX-SHIP] [4/5] Commit + push + create PR... ✅
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
### Step 5: Ship Report
|
|
144
|
+
|
|
145
|
+
```
|
|
146
|
+
[HOTFIX-SHIP] [5/5] Writing ship report... ⏳
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
Write file: `.vsaf/docs/hotfixes/{bug-id}/04-ship.md`
|
|
150
|
+
|
|
151
|
+
```markdown
|
|
152
|
+
# Ship Report: {bug-id}
|
|
153
|
+
|
|
154
|
+
## PR
|
|
155
|
+
- {repo}: PR #{number} — {url}
|
|
156
|
+
|
|
157
|
+
## Branch
|
|
158
|
+
`hotfix/{bug-id}` → `main`
|
|
159
|
+
|
|
160
|
+
## Commit Scope
|
|
161
|
+
- Source code: {N} files (minimal fix)
|
|
162
|
+
- .vsaf/docs/: {M} files (hotfix artifacts)
|
|
163
|
+
- Excluded: graphify-out/, .gitnexus/ (local index)
|
|
164
|
+
|
|
165
|
+
## Final Status
|
|
166
|
+
- Build: PASS
|
|
167
|
+
- Tests: all GREEN (including regression test)
|
|
168
|
+
- PRD Gate: APPROVED
|
|
169
|
+
|
|
170
|
+
## Bug Fix Summary
|
|
171
|
+
- Root cause: {from 01-analysis.md}
|
|
172
|
+
- Regression test: {test file}:{test name}
|
|
173
|
+
- Fix: {minimal diff description}
|
|
174
|
+
|
|
175
|
+
## Artifacts
|
|
176
|
+
- `01-analysis.md` — root cause analysis
|
|
177
|
+
- `02-prd.md` — fix requirements (approved)
|
|
178
|
+
- `03-impl-log.md` — TDD implementation log
|
|
179
|
+
- `04-ship.md` — this file
|
|
180
|
+
|
|
181
|
+
## Post-pull Setup
|
|
182
|
+
After pulling the code, run:
|
|
183
|
+
- `npx -y gitnexus@latest analyze` — re-index code
|
|
184
|
+
- `/graphify` — rebuild knowledge graph
|
|
185
|
+
```
|
|
186
|
+
|
|
187
|
+
```
|
|
188
|
+
[HOTFIX-SHIP] [5/5] Writing ship report... ✅
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
## Phase Exit Protocol
|
|
192
|
+
|
|
193
|
+
Print PHASE REPORT:
|
|
194
|
+
```
|
|
195
|
+
═══════════════════════════════════════════
|
|
196
|
+
HOTFIX SHIPPED: {bug-id}
|
|
197
|
+
═══════════════════════════════════════════
|
|
198
|
+
Flow: Analyze → PRD → Implement → Ship
|
|
199
|
+
|
|
200
|
+
PR: #{number} — {url}
|
|
201
|
+
Branch: hotfix/{bug-id}
|
|
202
|
+
Commit: source code + .vsaf/docs/ only
|
|
203
|
+
Excluded: graphify-out/, .gitnexus/
|
|
204
|
+
|
|
205
|
+
Artifacts: .vsaf/docs/hotfixes/{bug-id}/ (4 files)
|
|
206
|
+
|
|
207
|
+
Hotfix DONE.
|
|
208
|
+
═══════════════════════════════════════════
|
|
209
|
+
```
|
|
210
|
+
|
|
211
|
+
Update `.vsaf/docs/STATUS.md` → move to "Completed Hotfixes".
|
|
212
|
+
|
|
213
|
+
## Rules
|
|
214
|
+
|
|
215
|
+
- ⛔ Do NOT review code — that happened during TDD (self-review via SonarQube)
|
|
216
|
+
- ⛔ Do NOT commit `graphify-out/` or `.gitnexus/`
|
|
217
|
+
- ⛔ Do NOT ship if tests are failing
|
|
218
|
+
- ⛔ Do NOT ship without PRD Gate: APPROVED
|
|
219
|
+
- Gate comes from PRD approval — no separate review phase needed
|
|
220
|
+
- PR description MUST be self-contained
|
|
221
|
+
- Commit message follows conventional format: `fix({area}): {description}`
|
package/skills/sdlc/pack.yaml
CHANGED
package/skills/sdlc/prd/SKILL.md
CHANGED
|
@@ -63,7 +63,9 @@ Record results in `02-prd.md` §Grill Log.
|
|
|
63
63
|
[PRD] [3/5] Creating PRD from grill results... ⏳
|
|
64
64
|
```
|
|
65
65
|
|
|
66
|
-
|
|
66
|
+
Use `/bmad-create-prd` — create structured PRD from grill results (Step 2).
|
|
67
|
+
|
|
68
|
+
Ensure the output covers:
|
|
67
69
|
|
|
68
70
|
1. **Goals** — business goals + success metrics
|
|
69
71
|
2. **User Stories** — each MUST have acceptance criteria (Given/When/Then)
|
|
@@ -85,7 +87,7 @@ Write to `02-prd.md` §Requirements.
|
|
|
85
87
|
|
|
86
88
|
**4a — Validate PRD:**
|
|
87
89
|
|
|
88
|
-
|
|
90
|
+
Use `/bmad-validate-prd` — validate the PRD against BMAD standards:
|
|
89
91
|
- Completeness — all user stories covered by FRs? All FRs traceable to a user story?
|
|
90
92
|
- Clarity — any ambiguous requirements? Can each FR be implemented without guessing?
|
|
91
93
|
- Testability — can each FR be verified with a test case?
|
|
@@ -69,7 +69,9 @@ Write to `08-review.md` §Verification.
|
|
|
69
69
|
[REVIEW] [3/5] Adversarial code review... ⏳
|
|
70
70
|
```
|
|
71
71
|
|
|
72
|
-
|
|
72
|
+
Use `/bmad-code-review` — adversarial code review on the feature branch diff with parallel review layers (Blind Hunter, Edge Case Hunter, Acceptance Auditor).
|
|
73
|
+
|
|
74
|
+
Ensure the review covers:
|
|
73
75
|
|
|
74
76
|
1. **Security scan** — SQL injection, XSS, command injection, hardcoded secrets, insecure deserialization
|
|
75
77
|
2. **Data integrity** — null dereference, resource leaks, race conditions, missing transactions
|
|
@@ -15,7 +15,7 @@ Execute ALL checks below in order, then print the summary table.
|
|
|
15
15
|
|
|
16
16
|
### Check 1: SDLC Skills (filesystem)
|
|
17
17
|
|
|
18
|
-
Use the Read tool to check each of these
|
|
18
|
+
Use the Read tool to check each of these 17 skill files (sdlc-health is excluded — if you're running this, it's installed). If the file exists, mark ✓. If Read returns an error, mark ✗.
|
|
19
19
|
|
|
20
20
|
```
|
|
21
21
|
.claude/skills/sdlc-init/SKILL.md
|
|
@@ -31,8 +31,9 @@ Use the Read tool to check each of these 16 skill files (sdlc-health is excluded
|
|
|
31
31
|
.claude/skills/sdlc-feature-complete/SKILL.md
|
|
32
32
|
.claude/skills/sdlc-ship/SKILL.md
|
|
33
33
|
.claude/skills/sdlc-hotfix-analyze/SKILL.md
|
|
34
|
-
.claude/skills/sdlc-hotfix-
|
|
35
|
-
.claude/skills/sdlc-hotfix-
|
|
34
|
+
.claude/skills/sdlc-hotfix-prd/SKILL.md
|
|
35
|
+
.claude/skills/sdlc-hotfix-implement/SKILL.md
|
|
36
|
+
.claude/skills/sdlc-hotfix-ship/SKILL.md
|
|
36
37
|
.claude/skills/sdlc-hotfix-review/SKILL.md
|
|
37
38
|
```
|
|
38
39
|
|
|
@@ -137,7 +138,7 @@ After completing all checks, print this summary:
|
|
|
137
138
|
|
|
138
139
|
| Category | Status | Details |
|
|
139
140
|
|----------------------|--------|-----------------------------------------|
|
|
140
|
-
| SDLC Skills (
|
|
141
|
+
| SDLC Skills (17) | {s} | {deployed}/{17} deployed |
|
|
141
142
|
| BMAD Skills (17) | {s} | {deployed}/{17} deployed |
|
|
142
143
|
| mattpocock Skills (5)| {s} | {deployed}/{5} deployed |
|
|
143
144
|
| Plugins | {s} | superpowers {s} |
|
|
@@ -163,5 +164,5 @@ Replace `{s}` with: ✓ (pass), ✗ (required missing), ⚠ (optional missing).
|
|
|
163
164
|
- ✗ = required missing → must fix before using SDLC
|
|
164
165
|
- ⚠ = optional missing → SDLC works but some features unavailable
|
|
165
166
|
|
|
166
|
-
**Required:** all
|
|
167
|
+
**Required:** all 17 SDLC skills, all 17 BMAD skills, all 5 mattpocock skills, superpowers plugin, gh binary, graphify binary + skill, gitnexus MCP, .mcp.json entries
|
|
167
168
|
**Optional:** docker, sonar-scanner, vsaf MCP (only for coroutine engine)
|
|
@@ -17,37 +17,17 @@ Print progress at each step in this format:
|
|
|
17
17
|
[SHIP] [step/5] description... ✅
|
|
18
18
|
```
|
|
19
19
|
|
|
20
|
-
## Flow Detection
|
|
21
|
-
|
|
22
|
-
This skill supports TWO flows. Detect which one by checking the input context:
|
|
23
|
-
|
|
24
|
-
| Signal | Flow | Artifact path |
|
|
25
|
-
|---|---|---|
|
|
26
|
-
| `.vsaf/docs/features/{name}/08-review.md` exists | **Feature flow** | `.vsaf/docs/features/{name}/` |
|
|
27
|
-
| `.vsaf/docs/hotfixes/{bug-id}/02-review.md` exists | **Hotfix flow** | `.vsaf/docs/hotfixes/{bug-id}/` |
|
|
28
|
-
|
|
29
|
-
Set `{artifact-dir}` to the matching path. All subsequent steps use `{artifact-dir}` instead of hardcoded paths.
|
|
30
|
-
|
|
31
20
|
## Phase Entry Protocol
|
|
32
21
|
|
|
33
22
|
```
|
|
34
23
|
[SHIP] [1/5] Checking prerequisites... ⏳
|
|
35
24
|
```
|
|
36
25
|
|
|
37
|
-
**Feature flow:**
|
|
38
26
|
1. Input: `.vsaf/docs/features/{feature-name}/08-review.md`
|
|
39
27
|
2. Check that the file exists + **check for Gate: APPROVED**
|
|
40
28
|
- No Gate → Stop: "Review has not been approved"
|
|
41
29
|
3. Check `.vsaf/docs/STATUS.md` — feature must be in "Knowledge Updated" status
|
|
42
30
|
- If not → Stop: "Feature has not passed feature-complete. Run `/sdlc-feature-complete` first."
|
|
43
|
-
|
|
44
|
-
**Hotfix flow:**
|
|
45
|
-
1. Input: `.vsaf/docs/hotfixes/{bug-id}/02-review.md`
|
|
46
|
-
2. Check that the file exists + **check for Gate: APPROVED**
|
|
47
|
-
- No Gate → Stop: "Hotfix review has not been approved"
|
|
48
|
-
3. STATUS.md check: NOT required for hotfix (no feature-complete step)
|
|
49
|
-
|
|
50
|
-
**Both flows:**
|
|
51
31
|
4. Read `CONTEXT.md`
|
|
52
32
|
|
|
53
33
|
```
|
|
@@ -114,12 +94,7 @@ Generate PR description from review artifacts:
|
|
|
114
94
|
- Create a structured PR description
|
|
115
95
|
- Open PR (or suggest command if multi-repo)
|
|
116
96
|
|
|
117
|
-
**Branch naming:**
|
|
118
|
-
|
|
119
|
-
| Flow | Branch pattern |
|
|
120
|
-
|---|---|
|
|
121
|
-
| Feature | `feat/{feature-name}` |
|
|
122
|
-
| Hotfix | `hotfix/{bug-id}` |
|
|
97
|
+
**Branch naming:** `feat/{feature-name}`
|
|
123
98
|
|
|
124
99
|
**Single repo:**
|
|
125
100
|
```bash
|
|
@@ -149,8 +124,7 @@ For each repo with code changes:
|
|
|
149
124
|
[SHIP] [5/5] Writing ship report... ⏳
|
|
150
125
|
```
|
|
151
126
|
|
|
152
|
-
|
|
153
|
-
**Hotfix flow:** Write file `{artifact-dir}/03-ship.md`
|
|
127
|
+
Write file: `.vsaf/docs/features/{feature-name}/09-ship.md`
|
|
154
128
|
|
|
155
129
|
```
|
|
156
130
|
[SHIP] [5/5] Writing ship report... ✅
|
|
@@ -158,10 +132,6 @@ For each repo with code changes:
|
|
|
158
132
|
|
|
159
133
|
## Output
|
|
160
134
|
|
|
161
|
-
Write ship report to `{artifact-dir}`:
|
|
162
|
-
|
|
163
|
-
**Feature flow template:**
|
|
164
|
-
|
|
165
135
|
```markdown
|
|
166
136
|
# Ship Report: {feature-name}
|
|
167
137
|
|
|
@@ -192,43 +162,9 @@ After pulling the code, run:
|
|
|
192
162
|
- `/graphify` — rebuild knowledge graph
|
|
193
163
|
```
|
|
194
164
|
|
|
195
|
-
**Hotfix flow template:**
|
|
196
|
-
|
|
197
|
-
```markdown
|
|
198
|
-
# Ship Report: {bug-id}
|
|
199
|
-
|
|
200
|
-
## PR
|
|
201
|
-
- {repo}: PR #{number} — {url}
|
|
202
|
-
|
|
203
|
-
## Merge Strategy
|
|
204
|
-
{merge commit / squash / rebase}
|
|
205
|
-
|
|
206
|
-
## Commit Scope
|
|
207
|
-
- Source code: {N} files (minimal fix)
|
|
208
|
-
- .vsaf/docs/: {M} files (hotfix artifacts)
|
|
209
|
-
- Excluded: graphify-out/, .gitnexus/ (local index)
|
|
210
|
-
|
|
211
|
-
## Final Status
|
|
212
|
-
- Build: PASS
|
|
213
|
-
- Tests: all GREEN (including regression test)
|
|
214
|
-
- Review: APPROVED
|
|
215
|
-
|
|
216
|
-
## Bug Fix Summary
|
|
217
|
-
- Root cause: {from 01-analysis.md}
|
|
218
|
-
- Reproduction test: {test file + test name}
|
|
219
|
-
- Fix: {minimal diff description}
|
|
220
|
-
|
|
221
|
-
## Post-pull Setup
|
|
222
|
-
After pulling the code, run:
|
|
223
|
-
- `npx -y gitnexus@latest analyze` — re-index code
|
|
224
|
-
- `/graphify` — rebuild knowledge graph
|
|
225
|
-
```
|
|
226
|
-
|
|
227
165
|
## Phase Exit Protocol
|
|
228
166
|
|
|
229
|
-
Print PHASE REPORT
|
|
230
|
-
|
|
231
|
-
**Feature flow:**
|
|
167
|
+
Print PHASE REPORT:
|
|
232
168
|
```
|
|
233
169
|
═══════════════════════════════════════════
|
|
234
170
|
SHIP COMPLETE: {feature-name}
|
|
@@ -240,39 +176,18 @@ Print PHASE REPORT (adapt to flow):
|
|
|
240
176
|
Excluded: graphify-out/, .gitnexus/
|
|
241
177
|
|
|
242
178
|
Phases completed: 1→2→3→4→5→6→7→8→9
|
|
243
|
-
Artifacts: {
|
|
179
|
+
Artifacts: .vsaf/docs/features/{feature-name}/ (9 files)
|
|
244
180
|
|
|
245
181
|
Feature DONE.
|
|
246
182
|
═══════════════════════════════════════════
|
|
247
183
|
```
|
|
248
184
|
|
|
249
|
-
|
|
250
|
-
```
|
|
251
|
-
═══════════════════════════════════════════
|
|
252
|
-
SHIP COMPLETE: {bug-id}
|
|
253
|
-
═══════════════════════════════════════════
|
|
254
|
-
Phase: Ship (hotfix final phase)
|
|
255
|
-
|
|
256
|
-
PR: #{number} — {url}
|
|
257
|
-
Commit: source code + .vsaf/docs/ only
|
|
258
|
-
Excluded: graphify-out/, .gitnexus/
|
|
259
|
-
|
|
260
|
-
Phases completed: Analyze → RED → GREEN → Review → Ship
|
|
261
|
-
Artifacts: {artifact-dir} (3 files)
|
|
262
|
-
|
|
263
|
-
Hotfix DONE.
|
|
264
|
-
═══════════════════════════════════════════
|
|
265
|
-
```
|
|
266
|
-
|
|
267
|
-
**Both flows:** Update `.vsaf/docs/STATUS.md`:
|
|
268
|
-
- Feature flow → move to "Completed Features"
|
|
269
|
-
- Hotfix flow → move to "Completed Hotfixes"
|
|
185
|
+
Update `.vsaf/docs/STATUS.md` → move to "Completed Features".
|
|
270
186
|
|
|
271
187
|
## Rules
|
|
272
188
|
|
|
273
189
|
- DO NOT review code — that is the review phase's job
|
|
274
|
-
-
|
|
275
|
-
- Hotfix flow: only ship code that is APPROVED (no feature-complete step)
|
|
190
|
+
- Only ship code that is APPROVED + knowledge UPDATED (feature-complete done)
|
|
276
191
|
- PR description MUST be self-contained (reading the PR alone should be enough to understand the feature without reading artifacts)
|
|
277
192
|
- **ABSOLUTELY DO NOT commit `graphify-out/` or `.gitnexus/`** — verify .gitignore first
|
|
278
193
|
- **ONLY commit source code + `.vsaf/docs/`**
|
package/skills/sdlc/srs/SKILL.md
CHANGED
|
@@ -45,7 +45,9 @@ All output documents (05-srs.md) MUST be written in Vietnamese. Section headers,
|
|
|
45
45
|
[SRS] [2/3] Writing SRS from PRD + ADR... ⏳
|
|
46
46
|
```
|
|
47
47
|
|
|
48
|
-
|
|
48
|
+
Use `/bmad-agent-analyst` — analyze PRD + ADR to identify gaps, ambiguities, and missing requirements before writing the SRS.
|
|
49
|
+
|
|
50
|
+
Derive SRS from PRD + ADR + analyst findings. For each FR/NFR:
|
|
49
51
|
|
|
50
52
|
1. **Unique ID** — FR-001, NFR-001 (sequential, no gaps)
|
|
51
53
|
2. **Traceability** — trace to PRD user story (US-xxx)
|
|
@@ -37,7 +37,9 @@ You are a QA Lead. Your mission: design test cases FROM the SRS (spec), NOT from
|
|
|
37
37
|
[TEST-DESIGN] [2/4] Generating test cases from SRS... ⏳
|
|
38
38
|
```
|
|
39
39
|
|
|
40
|
-
|
|
40
|
+
Use `/bmad-qa-generate-e2e-tests` — generate test cases from SRS FRs/NFRs.
|
|
41
|
+
|
|
42
|
+
For each requirement, ensure ≥1 test case with:
|
|
41
43
|
|
|
42
44
|
1. **Unique ID** — TC-001 (sequential)
|
|
43
45
|
2. **Traceability** — TC → FR/NFR → PRD user story (US-xxx)
|
|
@@ -1,23 +1,18 @@
|
|
|
1
1
|
name: hotfix-tdd
|
|
2
|
-
description: "Sub-flow:
|
|
2
|
+
description: "Sub-flow: Hotfix Implement (TDD) → Test Gate"
|
|
3
3
|
|
|
4
4
|
nodes:
|
|
5
|
-
- id:
|
|
6
|
-
description: "
|
|
7
|
-
command: sdlc-hotfix-
|
|
5
|
+
- id: implement
|
|
6
|
+
description: "Implement — TDD (RED → GREEN → REFACTOR), SonarQube-in-loop"
|
|
7
|
+
command: sdlc-hotfix-implement
|
|
8
8
|
depends_on: []
|
|
9
9
|
|
|
10
|
-
- id: green
|
|
11
|
-
description: "GREEN: implement minimal fix to make the test pass"
|
|
12
|
-
command: sdlc-hotfix-green
|
|
13
|
-
depends_on: [red]
|
|
14
|
-
|
|
15
10
|
- id: test-gate
|
|
16
|
-
description: "Test Gate
|
|
11
|
+
description: "Test Gate — run full test suite"
|
|
17
12
|
bash: |
|
|
18
13
|
cd $WORKSPACE && npm test 2>&1
|
|
19
|
-
depends_on: [
|
|
14
|
+
depends_on: [implement]
|
|
20
15
|
loop:
|
|
21
|
-
on_fail:
|
|
16
|
+
on_fail: implement
|
|
22
17
|
max_retries: 3
|
|
23
18
|
inject_error: true
|