@ngocsangairvds/vsaf 4.1.0 → 4.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/package.json +2 -1
  2. package/packages/cli/dist/commands/cleanup.d.ts +6 -0
  3. package/packages/cli/dist/commands/cleanup.d.ts.map +1 -0
  4. package/packages/cli/dist/commands/cleanup.js +103 -0
  5. package/packages/cli/dist/commands/cleanup.js.map +1 -0
  6. package/packages/cli/dist/commands/doctor.d.ts +1 -0
  7. package/packages/cli/dist/commands/doctor.d.ts.map +1 -1
  8. package/packages/cli/dist/commands/doctor.js +4 -3
  9. package/packages/cli/dist/commands/doctor.js.map +1 -1
  10. package/packages/cli/dist/index.js +23 -2
  11. package/packages/cli/dist/index.js.map +1 -1
  12. package/packages/cli/dist/mcp/server.d.ts.map +1 -1
  13. package/packages/cli/dist/mcp/server.js +9 -0
  14. package/packages/cli/dist/mcp/server.js.map +1 -1
  15. package/packages/core/dist/store/run-store.d.ts +8 -0
  16. package/packages/core/dist/store/run-store.d.ts.map +1 -1
  17. package/packages/core/dist/store/run-store.js +51 -0
  18. package/packages/core/dist/store/run-store.js.map +1 -1
  19. package/packages/web/dist/web/3rdpartylicenses.txt +614 -0
  20. package/packages/web/dist/web/browser/chunk-2QJBTGYU.js +3 -0
  21. package/packages/web/dist/web/browser/chunk-3VYLP4FZ.js +1 -0
  22. package/packages/web/dist/web/browser/chunk-6HRQZQXD.js +1 -0
  23. package/packages/web/dist/web/browser/chunk-7PK6Q4UU.js +1 -0
  24. package/packages/web/dist/web/browser/chunk-O7TQGEFF.js +8 -0
  25. package/packages/web/dist/web/browser/chunk-PWF76NCM.js +1 -0
  26. package/packages/web/dist/web/browser/favicon.ico +0 -0
  27. package/packages/web/dist/web/browser/index.html +13 -0
  28. package/packages/web/dist/web/browser/main-AZU5W3KI.js +1 -0
  29. package/packages/web/dist/web/browser/polyfills-YMBILSHJ.js +2 -0
  30. package/packages/web/dist/web/browser/styles-JBPZVY54.css +1 -0
  31. package/packages/web/dist/web/prerendered-routes.json +3 -0
  32. package/skills/sdlc/architecture/SKILL.md +5 -3
  33. package/skills/sdlc/hotfix-analyze/SKILL.md +1 -1
  34. package/skills/sdlc/hotfix-implement/SKILL.md +227 -0
  35. package/skills/sdlc/hotfix-prd/SKILL.md +161 -0
  36. package/skills/sdlc/hotfix-ship/SKILL.md +221 -0
  37. package/skills/sdlc/pack.yaml +3 -2
  38. package/skills/sdlc/prd/SKILL.md +4 -2
  39. package/skills/sdlc/review/SKILL.md +3 -1
  40. package/skills/sdlc/sdlc-health/SKILL.md +6 -5
  41. package/skills/sdlc/ship/SKILL.md +6 -91
  42. package/skills/sdlc/srs/SKILL.md +3 -1
  43. package/skills/sdlc/test-design/SKILL.md +3 -1
  44. package/skills/sdlc/workflows/hotfix-tdd.yaml +7 -12
  45. package/skills/sdlc/workflows/hotfix.yaml +16 -15
  46. package/skills/sdlc/hotfix-green/SKILL.md +0 -101
  47. package/skills/sdlc/hotfix-red/SKILL.md +0 -96
@@ -0,0 +1,161 @@
1
+ ---
2
+ name: hotfix-prd
3
+ description: "Hotfix Phase 2 — Lightweight PRD from analysis: fix requirements, acceptance criteria, scope"
4
+ version: 1.0.0
5
+ author: "@ngocsangairvds/vsaf"
6
+ ---
7
+
8
+ # Hotfix Phase 2: PRD (Fix Requirements)
9
+
10
+ You are a Principal Product Owner focused on a surgical fix. Mission: define exactly what needs to change, acceptance criteria, and "done" definition — no discovery needed (grill already happened in analyze phase).
11
+
12
+ ## Language Rule
13
+
14
+ Output documents (02-prd.md) MUST be written in Vietnamese. Only keep English for: IDs, technical terms, code references.
15
+
16
+ ## Progress Protocol
17
+
18
+ Print progress at each step:
19
+ ```
20
+ [HOTFIX-PRD] [step/4] description... ⏳
21
+ [HOTFIX-PRD] [step/4] description... ✅
22
+ ```
23
+
24
+ ## Index Protection
25
+
26
+ ⛔ Do NOT modify `graphify-out/` or `.gitnexus/` — READ only.
27
+
28
+ ## Phase Entry Protocol
29
+
30
+ ```
31
+ [HOTFIX-PRD] [1/4] Checking input artifacts... ⏳
32
+ ```
33
+
34
+ 1. Input: `.vsaf/docs/hotfixes/{bug-id}/01-analysis.md`
35
+ 2. Verify file exists:
36
+ - Does not exist → Stop: "Analysis not found. Run `/sdlc-hotfix-analyze` first."
37
+ 3. Read the analysis file — extract:
38
+ - Root cause (file:line)
39
+ - Blast radius
40
+ - Fix strategy (proposed in analyze phase)
41
+ - Affected files
42
+ 4. Read `.vsaf/docs/STATUS.md`
43
+ 5. Read `CONTEXT.md`
44
+
45
+ ```
46
+ [HOTFIX-PRD] [1/4] Checking input artifacts... ✅
47
+ ```
48
+
49
+ ## Tasks
50
+
51
+ ### Step 2: Define Fix Requirements
52
+
53
+ ```
54
+ [HOTFIX-PRD] [2/4] Defining fix requirements from analysis... ⏳
55
+ ```
56
+
57
+ Based on the analysis (NOT a new grill session — that already happened), define:
58
+
59
+ 1. **Fix Goal** — one sentence: what the fix achieves
60
+ 2. **Functional Requirements** — FR-001, FR-002... (typically 1-3 for a hotfix)
61
+ - Each FR traces to the root cause or blast radius item
62
+ 3. **Acceptance Criteria** — Given/When/Then for each FR
63
+ - MUST include a regression test criterion: "Given the fix is applied, When {original reproduction steps}, Then {expected behavior}"
64
+ 4. **Scope Boundary** — explicitly state what is OUT of scope (no refactoring, no enhancements)
65
+ 5. **Non-Functional Requirements** — only if relevant (performance regression, security)
66
+
67
+ ```
68
+ [HOTFIX-PRD] [2/4] Defining fix requirements... ✅
69
+ ```
70
+
71
+ ### Step 3: Validate + Risk Check
72
+
73
+ ```
74
+ [HOTFIX-PRD] [3/4] Validating PRD... ⏳
75
+ ```
76
+
77
+ Use `/bmad-validate-prd` — validate:
78
+ - Every FR is testable
79
+ - Acceptance criteria are unambiguous
80
+ - Scope is minimal (hotfix, not enhancement)
81
+ - Fix addresses root cause, not just symptom
82
+
83
+ If FAIL → fix inline, re-validate.
84
+
85
+ Use GitNexus `impact` — confirm blast radius from analysis is still accurate.
86
+
87
+ ```
88
+ [HOTFIX-PRD] [3/4] Validating PRD... ✅
89
+ ```
90
+
91
+ ### Step 4: Write PRD
92
+
93
+ ```
94
+ [HOTFIX-PRD] [4/4] Writing hotfix PRD... ⏳
95
+ ```
96
+
97
+ Write file: `.vsaf/docs/hotfixes/{bug-id}/02-prd.md`
98
+
99
+ ```markdown
100
+ # Hotfix PRD: {bug-id}
101
+
102
+ ## Fix Goal
103
+ {one sentence}
104
+
105
+ ## Source
106
+ - Analysis: `01-analysis.md`
107
+ - Root cause: {file:line — summary}
108
+
109
+ ## Functional Requirements
110
+
111
+ ### FR-001: {title}
112
+ {description}
113
+
114
+ **Acceptance Criteria:**
115
+ - Given {context}, When {action}, Then {expected result}
116
+
117
+ ### FR-002: {title} (if needed)
118
+ ...
119
+
120
+ ## Non-Functional Requirements
121
+ {NFR-001 if applicable, otherwise "N/A — no NFR impact for this fix"}
122
+
123
+ ## Scope Boundary
124
+ **In scope:** {what will change}
125
+ **Out of scope:** {what will NOT change — no refactoring, no enhancements}
126
+
127
+ ## Blast Radius (confirmed)
128
+ {from GitNexus impact — files that may be affected}
129
+
130
+ ## Gate: {PENDING / APPROVED by {name} on {date}}
131
+ ```
132
+
133
+ ```
134
+ [HOTFIX-PRD] [4/4] Writing hotfix PRD... ✅
135
+ ```
136
+
137
+ ## Gate
138
+
139
+ Human must approve the PRD. Write `## Gate: APPROVED` at the end of the file.
140
+ Do NOT proceed to implementation without the Gate marker.
141
+
142
+ ## Phase Exit Protocol
143
+
144
+ Print PHASE REPORT:
145
+ - Bug: {bug-id}
146
+ - Status: PRD COMPLETED
147
+ - FRs: {count} functional requirements
148
+ - Output: `.vsaf/docs/hotfixes/{bug-id}/02-prd.md`
149
+ - Next step: `/sdlc-hotfix-implement`
150
+
151
+ Update `.vsaf/docs/STATUS.md`.
152
+
153
+ > Artifacts saved. If the session is interrupted, open a new session and run the next phase — data is safe.
154
+
155
+ ## Rules
156
+
157
+ - ⛔ Do NOT start a new grill session — analysis already has grill results
158
+ - ⛔ Do NOT modify `graphify-out/` or `.gitnexus/`
159
+ - ⛔ Do NOT add enhancements — hotfix scope only
160
+ - Scope MUST be minimal — fix root cause, add regression test, nothing more
161
+ - Every FR MUST be directly traceable to the root cause or blast radius
@@ -0,0 +1,221 @@
1
+ ---
2
+ name: hotfix-ship
3
+ description: "Hotfix Phase 4 — Ship: commit, PR on hotfix branch, ship report"
4
+ version: 1.0.0
5
+ author: "@ngocsangairvds/vsaf"
6
+ ---
7
+
8
+ # Hotfix Phase 4: Ship
9
+
10
+ You are DevOps Engineer. Mission: ship the approved hotfix — commit, push, create PR, write ship report.
11
+
12
+ ## Progress Protocol
13
+
14
+ Print progress at each step:
15
+ ```
16
+ [HOTFIX-SHIP] [step/5] description... ⏳
17
+ [HOTFIX-SHIP] [step/5] description... ✅
18
+ ```
19
+
20
+ ## Phase Entry Protocol
21
+
22
+ ```
23
+ [HOTFIX-SHIP] [1/5] Checking prerequisites... ⏳
24
+ ```
25
+
26
+ 1. Input: `.vsaf/docs/hotfixes/{bug-id}/` directory
27
+ 2. Verify these files exist:
28
+ - `01-analysis.md` — root cause analysis
29
+ - `02-prd.md` — fix requirements (MUST have `## Gate: APPROVED`)
30
+ - `03-impl-log.md` — implementation log
31
+ 3. Check `02-prd.md` has `## Gate: APPROVED`
32
+ - No Gate → Stop: "PRD not approved. Get approval before shipping."
33
+ 4. Verify current branch is `hotfix/{bug-id}`
34
+ - Wrong branch → Stop: "Not on hotfix branch. Switch to `hotfix/{bug-id}`."
35
+ 5. Read `CONTEXT.md`
36
+
37
+ ```
38
+ [HOTFIX-SHIP] [1/5] Checking prerequisites... ✅
39
+ ```
40
+
41
+ ## Tasks
42
+
43
+ ### Step 2: .gitignore Enforcement
44
+
45
+ ```
46
+ [HOTFIX-SHIP] [2/5] Checking .gitignore... ⏳
47
+ ```
48
+
49
+ **MANDATORY** — verify before committing:
50
+
51
+ 1. Check `.gitignore` contains:
52
+ ```
53
+ graphify-out/
54
+ .gitnexus/
55
+ ```
56
+ 2. If MISSING → add automatically and notify user
57
+ 3. Verify with `git status` — `graphify-out/` and `.gitnexus/` do NOT appear
58
+ 4. If they appear → `git rm --cached -r graphify-out/ .gitnexus/`
59
+
60
+ ⚠️ **ABSOLUTELY DO NOT commit `graphify-out/` or `.gitnexus/`**
61
+
62
+ ```
63
+ [HOTFIX-SHIP] [2/5] Checking .gitignore... ✅
64
+ ```
65
+
66
+ ### Step 3: Final Test Gate
67
+
68
+ ```
69
+ [HOTFIX-SHIP] [3/5] Final test verification... ⏳
70
+ ```
71
+
72
+ Run full test suite one last time before shipping:
73
+ ```bash
74
+ npm test # or mvn test / gradle test / equivalent
75
+ ```
76
+
77
+ - ALL tests MUST pass
78
+ - If FAIL → Stop: "Tests failing. Fix before shipping."
79
+
80
+ ```
81
+ [HOTFIX-SHIP] [3/5] Final test verification... ✅
82
+ ```
83
+
84
+ ### Step 4: Commit + Push + PR
85
+
86
+ ```
87
+ [HOTFIX-SHIP] [4/5] Commit + push + create PR... ⏳
88
+ ```
89
+
90
+ **Commit scope — ONLY commit:**
91
+ - Source code changes (the fix)
92
+ - `.vsaf/docs/hotfixes/{bug-id}/` (all artifacts)
93
+ - `.gitignore` (if updated)
94
+
95
+ **DO NOT commit:**
96
+ - `graphify-out/`
97
+ - `.gitnexus/`
98
+
99
+ **Commit message format:**
100
+ ```
101
+ fix({area}): {short description}
102
+
103
+ Root cause: {one line from 01-analysis.md}
104
+ Closes: #{issue-number} (if applicable)
105
+ ```
106
+
107
+ **Push + PR:**
108
+ ```bash
109
+ git push -u origin hotfix/{bug-id}
110
+ gh pr create --title "fix({area}): {short description}" --body "{PR body}"
111
+ ```
112
+
113
+ **PR body template:**
114
+ ```markdown
115
+ ## Bug Fix: {bug-id}
116
+
117
+ ### Root Cause
118
+ {from 01-analysis.md — one paragraph}
119
+
120
+ ### Fix
121
+ {from 03-impl-log.md — what was changed and why}
122
+
123
+ ### Tests
124
+ - Regression test: `{test file}:{test name}`
125
+ - Full suite: {total} tests, all PASS
126
+
127
+ ### Affected Files
128
+ {list from 03-impl-log.md}
129
+
130
+ ### Scope
131
+ - ✅ Fix only — no refactoring, no enhancements
132
+ - ✅ Regression test added
133
+ - ✅ Full test suite passing
134
+
135
+ ---
136
+ > **Post-pull:** Run `npx -y gitnexus@latest analyze` and `/graphify` to re-index locally.
137
+ ```
138
+
139
+ ```
140
+ [HOTFIX-SHIP] [4/5] Commit + push + create PR... ✅
141
+ ```
142
+
143
+ ### Step 5: Ship Report
144
+
145
+ ```
146
+ [HOTFIX-SHIP] [5/5] Writing ship report... ⏳
147
+ ```
148
+
149
+ Write file: `.vsaf/docs/hotfixes/{bug-id}/04-ship.md`
150
+
151
+ ```markdown
152
+ # Ship Report: {bug-id}
153
+
154
+ ## PR
155
+ - {repo}: PR #{number} — {url}
156
+
157
+ ## Branch
158
+ `hotfix/{bug-id}` → `main`
159
+
160
+ ## Commit Scope
161
+ - Source code: {N} files (minimal fix)
162
+ - .vsaf/docs/: {M} files (hotfix artifacts)
163
+ - Excluded: graphify-out/, .gitnexus/ (local index)
164
+
165
+ ## Final Status
166
+ - Build: PASS
167
+ - Tests: all GREEN (including regression test)
168
+ - PRD Gate: APPROVED
169
+
170
+ ## Bug Fix Summary
171
+ - Root cause: {from 01-analysis.md}
172
+ - Regression test: {test file}:{test name}
173
+ - Fix: {minimal diff description}
174
+
175
+ ## Artifacts
176
+ - `01-analysis.md` — root cause analysis
177
+ - `02-prd.md` — fix requirements (approved)
178
+ - `03-impl-log.md` — TDD implementation log
179
+ - `04-ship.md` — this file
180
+
181
+ ## Post-pull Setup
182
+ After pulling the code, run:
183
+ - `npx -y gitnexus@latest analyze` — re-index code
184
+ - `/graphify` — rebuild knowledge graph
185
+ ```
186
+
187
+ ```
188
+ [HOTFIX-SHIP] [5/5] Writing ship report... ✅
189
+ ```
190
+
191
+ ## Phase Exit Protocol
192
+
193
+ Print PHASE REPORT:
194
+ ```
195
+ ═══════════════════════════════════════════
196
+ HOTFIX SHIPPED: {bug-id}
197
+ ═══════════════════════════════════════════
198
+ Flow: Analyze → PRD → Implement → Ship
199
+
200
+ PR: #{number} — {url}
201
+ Branch: hotfix/{bug-id}
202
+ Commit: source code + .vsaf/docs/ only
203
+ Excluded: graphify-out/, .gitnexus/
204
+
205
+ Artifacts: .vsaf/docs/hotfixes/{bug-id}/ (4 files)
206
+
207
+ Hotfix DONE.
208
+ ═══════════════════════════════════════════
209
+ ```
210
+
211
+ Update `.vsaf/docs/STATUS.md` → move to "Completed Hotfixes".
212
+
213
+ ## Rules
214
+
215
+ - ⛔ Do NOT review code — that happened during TDD (self-review via SonarQube)
216
+ - ⛔ Do NOT commit `graphify-out/` or `.gitnexus/`
217
+ - ⛔ Do NOT ship if tests are failing
218
+ - ⛔ Do NOT ship without PRD Gate: APPROVED
219
+ - Gate comes from PRD approval — no separate review phase needed
220
+ - PR description MUST be self-contained
221
+ - Commit message follows conventional format: `fix({area}): {description}`
@@ -25,8 +25,9 @@ skills:
25
25
 
26
26
  # Hotfix flow
27
27
  - hotfix-analyze
28
- - hotfix-red
29
- - hotfix-green
28
+ - hotfix-prd
29
+ - hotfix-implement
30
+ - hotfix-ship
30
31
  - hotfix-review
31
32
 
32
33
  # Diagnostics
@@ -63,7 +63,9 @@ Record results in `02-prd.md` §Grill Log.
63
63
  [PRD] [3/5] Creating PRD from grill results... ⏳
64
64
  ```
65
65
 
66
- Based on grill results from Step 2, create structured PRD:
66
+ Use `/bmad-create-prd` — create structured PRD from grill results (Step 2).
67
+
68
+ Ensure the output covers:
67
69
 
68
70
  1. **Goals** — business goals + success metrics
69
71
  2. **User Stories** — each MUST have acceptance criteria (Given/When/Then)
@@ -85,7 +87,7 @@ Write to `02-prd.md` §Requirements.
85
87
 
86
88
  **4a — Validate PRD:**
87
89
 
88
- Check the PRD for:
90
+ Use `/bmad-validate-prd` — validate the PRD against BMAD standards:
89
91
  - Completeness — all user stories covered by FRs? All FRs traceable to a user story?
90
92
  - Clarity — any ambiguous requirements? Can each FR be implemented without guessing?
91
93
  - Testability — can each FR be verified with a test case?
@@ -69,7 +69,9 @@ Write to `08-review.md` §Verification.
69
69
  [REVIEW] [3/5] Adversarial code review... ⏳
70
70
  ```
71
71
 
72
- Perform adversarial code review on the feature branch diff:
72
+ Use `/bmad-code-review` — adversarial code review on the feature branch diff with parallel review layers (Blind Hunter, Edge Case Hunter, Acceptance Auditor).
73
+
74
+ Ensure the review covers:
73
75
 
74
76
  1. **Security scan** — SQL injection, XSS, command injection, hardcoded secrets, insecure deserialization
75
77
  2. **Data integrity** — null dereference, resource leaks, race conditions, missing transactions
@@ -15,7 +15,7 @@ Execute ALL checks below in order, then print the summary table.
15
15
 
16
16
  ### Check 1: SDLC Skills (filesystem)
17
17
 
18
- Use the Read tool to check each of these 16 skill files (sdlc-health is excluded — if you're running this, it's installed). If the file exists, mark ✓. If Read returns an error, mark ✗.
18
+ Use the Read tool to check each of these 17 skill files (sdlc-health is excluded — if you're running this, it's installed). If the file exists, mark ✓. If Read returns an error, mark ✗.
19
19
 
20
20
  ```
21
21
  .claude/skills/sdlc-init/SKILL.md
@@ -31,8 +31,9 @@ Use the Read tool to check each of these 16 skill files (sdlc-health is excluded
31
31
  .claude/skills/sdlc-feature-complete/SKILL.md
32
32
  .claude/skills/sdlc-ship/SKILL.md
33
33
  .claude/skills/sdlc-hotfix-analyze/SKILL.md
34
- .claude/skills/sdlc-hotfix-red/SKILL.md
35
- .claude/skills/sdlc-hotfix-green/SKILL.md
34
+ .claude/skills/sdlc-hotfix-prd/SKILL.md
35
+ .claude/skills/sdlc-hotfix-implement/SKILL.md
36
+ .claude/skills/sdlc-hotfix-ship/SKILL.md
36
37
  .claude/skills/sdlc-hotfix-review/SKILL.md
37
38
  ```
38
39
 
@@ -137,7 +138,7 @@ After completing all checks, print this summary:
137
138
 
138
139
  | Category | Status | Details |
139
140
  |----------------------|--------|-----------------------------------------|
140
- | SDLC Skills (16) | {s} | {deployed}/{16} deployed |
141
+ | SDLC Skills (17) | {s} | {deployed}/{17} deployed |
141
142
  | BMAD Skills (17) | {s} | {deployed}/{17} deployed |
142
143
  | mattpocock Skills (5)| {s} | {deployed}/{5} deployed |
143
144
  | Plugins | {s} | superpowers {s} |
@@ -163,5 +164,5 @@ Replace `{s}` with: ✓ (pass), ✗ (required missing), ⚠ (optional missing).
163
164
  - ✗ = required missing → must fix before using SDLC
164
165
  - ⚠ = optional missing → SDLC works but some features unavailable
165
166
 
166
- **Required:** all 16 SDLC skills, all 17 BMAD skills, all 5 mattpocock skills, superpowers plugin, gh binary, graphify binary + skill, gitnexus MCP, .mcp.json entries
167
+ **Required:** all 17 SDLC skills, all 17 BMAD skills, all 5 mattpocock skills, superpowers plugin, gh binary, graphify binary + skill, gitnexus MCP, .mcp.json entries
167
168
  **Optional:** docker, sonar-scanner, vsaf MCP (only for coroutine engine)
@@ -17,37 +17,17 @@ Print progress at each step in this format:
17
17
  [SHIP] [step/5] description... ✅
18
18
  ```
19
19
 
20
- ## Flow Detection
21
-
22
- This skill supports TWO flows. Detect which one by checking the input context:
23
-
24
- | Signal | Flow | Artifact path |
25
- |---|---|---|
26
- | `.vsaf/docs/features/{name}/08-review.md` exists | **Feature flow** | `.vsaf/docs/features/{name}/` |
27
- | `.vsaf/docs/hotfixes/{bug-id}/02-review.md` exists | **Hotfix flow** | `.vsaf/docs/hotfixes/{bug-id}/` |
28
-
29
- Set `{artifact-dir}` to the matching path. All subsequent steps use `{artifact-dir}` instead of hardcoded paths.
30
-
31
20
  ## Phase Entry Protocol
32
21
 
33
22
  ```
34
23
  [SHIP] [1/5] Checking prerequisites... ⏳
35
24
  ```
36
25
 
37
- **Feature flow:**
38
26
  1. Input: `.vsaf/docs/features/{feature-name}/08-review.md`
39
27
  2. Check that the file exists + **check for Gate: APPROVED**
40
28
  - No Gate → Stop: "Review has not been approved"
41
29
  3. Check `.vsaf/docs/STATUS.md` — feature must be in "Knowledge Updated" status
42
30
  - If not → Stop: "Feature has not passed feature-complete. Run `/sdlc-feature-complete` first."
43
-
44
- **Hotfix flow:**
45
- 1. Input: `.vsaf/docs/hotfixes/{bug-id}/02-review.md`
46
- 2. Check that the file exists + **check for Gate: APPROVED**
47
- - No Gate → Stop: "Hotfix review has not been approved"
48
- 3. STATUS.md check: NOT required for hotfix (no feature-complete step)
49
-
50
- **Both flows:**
51
31
  4. Read `CONTEXT.md`
52
32
 
53
33
  ```
@@ -114,12 +94,7 @@ Generate PR description from review artifacts:
114
94
  - Create a structured PR description
115
95
  - Open PR (or suggest command if multi-repo)
116
96
 
117
- **Branch naming:**
118
-
119
- | Flow | Branch pattern |
120
- |---|---|
121
- | Feature | `feat/{feature-name}` |
122
- | Hotfix | `hotfix/{bug-id}` |
97
+ **Branch naming:** `feat/{feature-name}`
123
98
 
124
99
  **Single repo:**
125
100
  ```bash
@@ -149,8 +124,7 @@ For each repo with code changes:
149
124
  [SHIP] [5/5] Writing ship report... ⏳
150
125
  ```
151
126
 
152
- **Feature flow:** Write file `{artifact-dir}/09-ship.md`
153
- **Hotfix flow:** Write file `{artifact-dir}/03-ship.md`
127
+ Write file: `.vsaf/docs/features/{feature-name}/09-ship.md`
154
128
 
155
129
  ```
156
130
  [SHIP] [5/5] Writing ship report... ✅
@@ -158,10 +132,6 @@ For each repo with code changes:
158
132
 
159
133
  ## Output
160
134
 
161
- Write ship report to `{artifact-dir}`:
162
-
163
- **Feature flow template:**
164
-
165
135
  ```markdown
166
136
  # Ship Report: {feature-name}
167
137
 
@@ -192,43 +162,9 @@ After pulling the code, run:
192
162
  - `/graphify` — rebuild knowledge graph
193
163
  ```
194
164
 
195
- **Hotfix flow template:**
196
-
197
- ```markdown
198
- # Ship Report: {bug-id}
199
-
200
- ## PR
201
- - {repo}: PR #{number} — {url}
202
-
203
- ## Merge Strategy
204
- {merge commit / squash / rebase}
205
-
206
- ## Commit Scope
207
- - Source code: {N} files (minimal fix)
208
- - .vsaf/docs/: {M} files (hotfix artifacts)
209
- - Excluded: graphify-out/, .gitnexus/ (local index)
210
-
211
- ## Final Status
212
- - Build: PASS
213
- - Tests: all GREEN (including regression test)
214
- - Review: APPROVED
215
-
216
- ## Bug Fix Summary
217
- - Root cause: {from 01-analysis.md}
218
- - Reproduction test: {test file + test name}
219
- - Fix: {minimal diff description}
220
-
221
- ## Post-pull Setup
222
- After pulling the code, run:
223
- - `npx -y gitnexus@latest analyze` — re-index code
224
- - `/graphify` — rebuild knowledge graph
225
- ```
226
-
227
165
  ## Phase Exit Protocol
228
166
 
229
- Print PHASE REPORT (adapt to flow):
230
-
231
- **Feature flow:**
167
+ Print PHASE REPORT:
232
168
  ```
233
169
  ═══════════════════════════════════════════
234
170
  SHIP COMPLETE: {feature-name}
@@ -240,39 +176,18 @@ Print PHASE REPORT (adapt to flow):
240
176
  Excluded: graphify-out/, .gitnexus/
241
177
 
242
178
  Phases completed: 1→2→3→4→5→6→7→8→9
243
- Artifacts: {artifact-dir} (9 files)
179
+ Artifacts: .vsaf/docs/features/{feature-name}/ (9 files)
244
180
 
245
181
  Feature DONE.
246
182
  ═══════════════════════════════════════════
247
183
  ```
248
184
 
249
- **Hotfix flow:**
250
- ```
251
- ═══════════════════════════════════════════
252
- SHIP COMPLETE: {bug-id}
253
- ═══════════════════════════════════════════
254
- Phase: Ship (hotfix final phase)
255
-
256
- PR: #{number} — {url}
257
- Commit: source code + .vsaf/docs/ only
258
- Excluded: graphify-out/, .gitnexus/
259
-
260
- Phases completed: Analyze → RED → GREEN → Review → Ship
261
- Artifacts: {artifact-dir} (3 files)
262
-
263
- Hotfix DONE.
264
- ═══════════════════════════════════════════
265
- ```
266
-
267
- **Both flows:** Update `.vsaf/docs/STATUS.md`:
268
- - Feature flow → move to "Completed Features"
269
- - Hotfix flow → move to "Completed Hotfixes"
185
+ Update `.vsaf/docs/STATUS.md` → move to "Completed Features".
270
186
 
271
187
  ## Rules
272
188
 
273
189
  - DO NOT review code — that is the review phase's job
274
- - Feature flow: only ship code that is APPROVED + knowledge UPDATED (feature-complete done)
275
- - Hotfix flow: only ship code that is APPROVED (no feature-complete step)
190
+ - Only ship code that is APPROVED + knowledge UPDATED (feature-complete done)
276
191
  - PR description MUST be self-contained (reading the PR alone should be enough to understand the feature without reading artifacts)
277
192
  - **ABSOLUTELY DO NOT commit `graphify-out/` or `.gitnexus/`** — verify .gitignore first
278
193
  - **ONLY commit source code + `.vsaf/docs/`**
@@ -45,7 +45,9 @@ All output documents (05-srs.md) MUST be written in Vietnamese. Section headers,
45
45
  [SRS] [2/3] Writing SRS from PRD + ADR... ⏳
46
46
  ```
47
47
 
48
- Derive SRS from PRD + ADR. For each FR/NFR:
48
+ Use `/bmad-agent-analyst` analyze PRD + ADR to identify gaps, ambiguities, and missing requirements before writing the SRS.
49
+
50
+ Derive SRS from PRD + ADR + analyst findings. For each FR/NFR:
49
51
 
50
52
  1. **Unique ID** — FR-001, NFR-001 (sequential, no gaps)
51
53
  2. **Traceability** — trace to PRD user story (US-xxx)
@@ -37,7 +37,9 @@ You are a QA Lead. Your mission: design test cases FROM the SRS (spec), NOT from
37
37
  [TEST-DESIGN] [2/4] Generating test cases from SRS... ⏳
38
38
  ```
39
39
 
40
- Derive test cases from SRS FRs/NFRs. For each requirement, design ≥1 test case:
40
+ Use `/bmad-qa-generate-e2e-tests` — generate test cases from SRS FRs/NFRs.
41
+
42
+ For each requirement, ensure ≥1 test case with:
41
43
 
42
44
  1. **Unique ID** — TC-001 (sequential)
43
45
  2. **Traceability** — TC → FR/NFR → PRD user story (US-xxx)
@@ -1,23 +1,18 @@
1
1
  name: hotfix-tdd
2
- description: "Sub-flow: TDD RED GREEN → Test Gate — write failing test, fix, verify"
2
+ description: "Sub-flow: Hotfix Implement (TDD) → Test Gate"
3
3
 
4
4
  nodes:
5
- - id: red
6
- description: "RED: write failing test that reproduces the bug"
7
- command: sdlc-hotfix-red
5
+ - id: implement
6
+ description: "Implement TDD (RED GREEN REFACTOR), SonarQube-in-loop"
7
+ command: sdlc-hotfix-implement
8
8
  depends_on: []
9
9
 
10
- - id: green
11
- description: "GREEN: implement minimal fix to make the test pass"
12
- command: sdlc-hotfix-green
13
- depends_on: [red]
14
-
15
10
  - id: test-gate
16
- description: "Test Gate: run full test suite to verify fix and catch regressions"
11
+ description: "Test Gate run full test suite"
17
12
  bash: |
18
13
  cd $WORKSPACE && npm test 2>&1
19
- depends_on: [green]
14
+ depends_on: [implement]
20
15
  loop:
21
- on_fail: green
16
+ on_fail: implement
22
17
  max_retries: 3
23
18
  inject_error: true