@stefanoginella/auto-bmad 0.1.4

package/LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Stefano Ginella
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,168 @@
+# 🤖 Auto BMAD
+
+[![Plugin](https://img.shields.io/badge/Claude_Code-Plugin-blueviolet)](https://docs.anthropic.com/en/docs/claude-code) [![BMAD Method](https://img.shields.io/badge/BMAD-Method-orange)](https://github.com/bmad-code-org/BMAD-METHOD)
+
+Automated (and very opinionated) BMAD pipeline orchestration for Claude Code.
+
+Four sequential pipeline commands that drive the BMAD software development lifecycle — from planning through story delivery — plus a safe-bash auto-approval hook for frictionless autonomous execution.
+
+> 👀 The pipelines are quite long and token hungry (the story pipeline alone can run for more than 60 minutes). Some steps might seem redundant, but I am satisfied with the code quality and consistency I get out of this. I recommend having a Claude Code Max x5 or x20 subscription to not hit limits mid-run.
+
+## 🚀 Commands
+
+| Command | Steps | Description |
+|---------|-------|-------------|
+| `/auto-bmad-plan` | 11 | Pre-implementation pipeline: product brief, PRD, validate, UX, architecture, test framework, test design, epics, readiness, project context, sprint planning |
+| `/auto-bmad-epic-start` | 1 | Start a new epic: epic-level test design |
+| `/auto-bmad-story` | 12 | Develop a story: create, validate, ATDD, develop, 3x code review, NFR, E2E, trace, automate, test review |
+| `/auto-bmad-epic-end` | 3 | Close an epic: trace, retrospective, project context refresh |
+
+## 🗂 Artifacts
+
+The pipelines produce the following key artifacts throughout the lifecycle:
+
+| Pipeline | Artifacts |
+|----------|-----------|
+| **Plan** | Product brief, PRD, UX design, architecture doc, test framework, CI configuration, epics, test design, sprint plan |
+| **Epic Start** | Retro action resolution log, green baseline report, story order plan |
+| **Story** | Story file, ATDD specs, implementation code, code review report, security scan results, regression/E2E results, traceability entries |
+| **Epic End** | Aggregated epic data, traceability gate report, retrospective, next epic preview |
+
+## 🛠 Typical Workflow
+
+This is what a complete workflow using the pipelines might look like. If you already have all the planning artifacts ready, you can skip the plan pipeline and go directly to step 4 or 5.
+
+1. **Prepare a strong and comprehensive input** for the plan pipeline — it validates readiness and won't run with a simple `Create a todo app` prompt. I recommend going through a few `/bmad-brainstorming` and `/bmad-party-mode` sessions first to build up enough context. If the initial input isn't ready, the plan pipeline will tell you what to improve.
+2. **Run `/auto-bmad-plan`** to kick off the initial planning pipeline for a new project or major initiative. This sets up the overall architecture, test framework, CI configuration, and initial epics and stories.
+3. **Review the PRD, Architecture, UX design, Epics, and Test Plan** generated by the plan pipeline. Make sure they look good and adjust if necessary before moving on to implementation. You might want to go through a few iterations of `/bmad-party-mode` to refine the output, since it sets the foundation for the next steps.
+4. **For each new epic**, run `/auto-bmad-epic-start` to establish a baseline and plan the story order based on the epic's goals and dependencies.
+5. **For each story within an epic**, run `/auto-bmad-story` to develop the story from creation through delivery, including validation, ATDD, development, linting, testing, code review, security scanning, regression, E2E, and traceability.
+6. **After each story**, review the report generated by the story pipeline and any other BMAD artifacts, perform some manual testing, and correct course if necessary.
+7. **At the end of an epic**, run `/auto-bmad-epic-end` to close the epic, aggregate data, perform a traceability gate, conduct a retrospective, and preview the next epic.
+8. **Review the outputs of each pipeline run**, check the generated artifacts, and make adjustments as needed. The pipelines are opinionated and automated, but they still require human judgment and iteration. Use `/bmad-bmm-correct-course` when big changes are needed.
+
+> ℹ️ **Important**: This plugin won't automate a multi-story workflow or an entire epic. Some human orchestration and judgment is still required between pipeline runs.
+
+## 📦 Installation
+
+One-command install via npx:
+
+```bash
+npx @stefanoginella/auto-bmad
+```
+
+Or from the marketplace inside Claude Code:
+
+```
+/plugin marketplace add stefanoginella/claude-code-plugins
+/plugin install auto-bmad@stefanoginella-plugins --scope <project|user|local>
+```
+
+Scopes: `project` (shared with team), `user` (all your projects), `local` (personal, gitignored).
+
+Or as a local plugin for development:
+
+```bash
+claude --plugin-dir /path/to/plugins/auto-bmad
+```
+
+## 📋 Prerequisites
+
+> ⚠️ **IMPORTANT**: Without these, the pipelines might fail or produce incorrect results. Make sure they're in place before running the pipelines.
+
+### BMAD Method
+
+The pipelines are based on the [BMAD Method](https://github.com/bmad-code-org/BMAD-METHOD) workflow and relies on specific BMAD modules.
+
+#### Required BMAD Modules
+
+- **TEA** — Test Engineering Architect. Provides test strategy, test design, and ATDD capabilities used throughout the pipelines.
+
+#### Optional BMAD Modules
+
+- **CIS** — Creative Intelligence Suite. Enhances UX design quality during the plan pipeline. Without it, UX steps use baseline prompts.
+
+### Optional (but recommended) Claude Code Plugins
+
+From the [`anthropics/claude-plugins-official`](https://github.com/anthropics/claude-plugins-official) marketplace.
+
+- **context7** — Live documentation lookups for library APIs. Used during architecture creation (plan) and story development (story). Without it, agents rely on training data instead of current docs.
+- **semgrep** — Security scanning in the story pipeline. Without it, the security scan step is skipped.
+- **security-guidance** — Security best practice recommendations during story development.
+- Any relevant `lsp` plugin(s) for your codebase — used during story development for linting and test feedback. They can improve the code quality and feedback loop, but are not strictly required since the pipelines also include manual lint and test steps.
+
+### Required and optional CLI tools
+
+- `jq` (required) - JSON processing in bash steps. Needed by the pipelines and the safe bash auto-approval hook.
+- `semgrep` (optional) - security scanning. Needed if you have the semgrep plugin and want to run the security scan step in the story pipeline.
+- Any relevant CLI tool (optional) needed by your LSP plugin(s).
+
+### Project Requirements
+
+The pipelines expect BMAD configuration files in the project:
+
+- `_bmad/bmm/config.yaml` — BMM configuration (output folders, artifact paths)
+- `_bmad/tea/config.yaml` — TEA configuration (test artifact paths)
+
+These files are normally created by the BMAD CLI when initializing BMAD in a project. The pipelines rely on the standard structure and paths defined by these configs, so custom configurations may require pipeline adjustments.
+
+## 🔒 Hooks
+
+### Safe Bash Auto-Approval (PreToolUse)
+
+Auto-approves bash commands matching a known-safe and non-destructive prefix list to reduce false-positive sandbox prompts during autonomous pipeline execution. This is a lightweight heuristic, not a full sandbox bypass.
+
+**Default safe list:**
+
+| Group | Match | Commands |
+|-------|-------|----------|
+| **Git** | Exact | `git diff` · `git fetch` · `git log` · `git status` |
+| | Prefix | `git -C` · `git add` · `git commit` · `git diff` · `git diff-tree` · `git fetch` · `git log` · `git rev-parse` · `git show` · `git status` · `git tag` |
+| **Docker & Compose** | Exact | `docker compose build` · `docker compose config` · `docker compose down` · `docker compose images` · `docker compose logs` · `docker compose ls` · `docker compose ps` · `docker compose pull` · `docker compose top` · `docker compose up` · `docker compose version` · `docker images` · `docker ps` · `docker version` |
+| | Prefix | `docker compose build` · `docker compose config` · `docker compose exec` · `docker compose logs` · `docker compose ps` · `docker compose pull` · `docker compose top` · `docker compose up` · `docker inspect` · `docker logs` · `docker ps` |
+| **File reading** | Prefix | `cat` · `file` · `head` · `stat` · `tail` · `wc` |
+| **File system** | Prefix | `chmod` · `cp` · `mkdir` · `mv` · `touch` |
+| **Search & filtering** | Prefix | `find` · `grep` · `sort` · `uniq` |
+| **Text processing** | Prefix | `awk` · `cut` · `diff` · `echo` · `jq` · `sed` · `tr` |
+| **Path utilities** | Prefix | `basename` · `dirname` · `realpath` |
+| **Directory listing** | Exact | `ls` · `pwd` · `tree` |
+| | Prefix | `ls` · `tree` |
+| **System & environment** | Exact | `date` · `uname` |
+| | Prefix | `date` · `du` · `timeout` · `uname` · `which` |
+| **Security scanning** | Prefix | `semgrep` |
+
+**Customizing the safe list:** Create `.claude/auto-bmad-safe-prefixes.txt` in your project to add entries without modifying the plugin:
+
+```
+# Lines starting with "= " are exact matches (bare commands)
+# All other lines are prefix matches (must end with a trailing space)
+# Empty lines and comments (#) are ignored
+
+= docker compose restart
+npm install
+npx vitest
+```
+
+### Dependency Check (SessionStart)
+
+Outputs a system message at session start listing the required BMAD plugins, so Claude can warn early if a pipeline is invoked without the necessary dependencies.
+
+## 🔐 Permissions
+
+The pipelines run various bash commands (depending on the project), skills and MCP that Claude Code will prompt you to approve if they are not already approved.
+
+Many bash commands are already pre-approved by the safe bash auto-approval hook, but some might still require manual approval, especially if you have custom steps or a unique project setup that involves commands not in the default safe list. For the first few runs in a new project, expect several approval prompts as the allow list builds up. After that, things stabilize and the pipelines run fully autonomously.
+
+I recommend adding these to your project's `.claude/settings.json` under `permissions.allow` to avoid repeated prompts:
+
+- "WebSearch"
+- "WebFetch"
+- "mcp__ide__getDiagnostics"
+- "mcp__plugin_context7_context7__resolve-library-id"
+- "mcp__plugin_context7_context7__query-docs"
+
+> ⚠️ Alternatively, you can run Claude Code in "dangerously skip permissions" mode (`--dangerously-skip-permissions`), but do so at your own risk — this disables **all** permission checks, not just the ones above. Only use it in an isolated environment like a VM or container.
+
+## 📄 License
+
+[MIT](../../LICENSE)

package/install.sh

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PLUGIN_NAME="auto-bmad"
+MARKETPLACE="stefanoginella-plugins"
+MARKETPLACE_REPO="stefanoginella/claude-code-plugins"
+
+# --- Color support ---
+if [ "${NO_COLOR:-}" = "" ] && [ -t 1 ]; then
+  GREEN='\033[0;32m'
+  RED='\033[0;31m'
+  YELLOW='\033[1;33m'
+  BOLD='\033[1m'
+  RESET='\033[0m'
+else
+  GREEN='' RED='' YELLOW='' BOLD='' RESET=''
+fi
+
+# --- Check claude CLI is available ---
+if ! command -v claude &>/dev/null; then
+  echo -e "${RED}Error: claude CLI not found.${RESET}" >&2
+  echo "Install Claude Code first: https://docs.anthropic.com/en/docs/claude-code" >&2
+  exit 1
+fi
+
+# --- Uninstall ---
+if [ "${1:-}" = "--uninstall" ]; then
+  echo "Uninstalling ${PLUGIN_NAME}..."
+  claude plugin uninstall "${PLUGIN_NAME}@${MARKETPLACE}" 2>/dev/null && \
+    echo -e "${GREEN}${PLUGIN_NAME} uninstalled.${RESET}" || \
+    echo "${PLUGIN_NAME} is not installed."
+  exit 0
+fi
+
+# --- Choose scope ---
+echo ""
+echo -e "${BOLD}Install scope:${RESET}"
+echo "  1) project — shared with team via .claude/settings.json (default)"
+echo "  2) user    — available across all your projects"
+echo "  3) local   — this project only, personal, gitignored"
+echo ""
+printf "Choose scope [1]: "
+read -r scope_choice
+
+case "${scope_choice}" in
+  2) SCOPE="user" ;;
+  3) SCOPE="local" ;;
+  *) SCOPE="project" ;;
+esac
+
+# --- Install ---
+echo ""
+echo -e "${BOLD}Installing ${PLUGIN_NAME} (scope: ${SCOPE})...${RESET}"
+echo ""
+
+# Add marketplace (idempotent)
+echo "Adding marketplace ${MARKETPLACE_REPO}..."
+claude plugin marketplace add "${MARKETPLACE_REPO}" 2>/dev/null || true
+
+# Install plugin
+echo "Installing plugin..."
+if claude plugin install "${PLUGIN_NAME}@${MARKETPLACE}" --scope "${SCOPE}"; then
+  echo ""
+  echo -e "${GREEN}${BOLD}${PLUGIN_NAME} installed successfully.${RESET}"
+  echo ""
+  echo "Start Claude Code in this project directory to use the plugin."
+  echo -e "Run ${YELLOW}npx @stefanoginella/${PLUGIN_NAME} --uninstall${RESET} to remove."
+  echo ""
+else
+  echo ""
+  echo -e "${RED}Installation failed.${RESET}" >&2
+  echo "Try installing manually inside Claude Code:" >&2
+  echo "  /plugin marketplace add ${MARKETPLACE_REPO}" >&2
+  echo "  /plugin install ${PLUGIN_NAME}@${MARKETPLACE}" >&2
+  exit 1
+fi

package/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "@stefanoginella/auto-bmad",
+  "version": "0.1.4",
+  "description": "Installs the auto-bmad Claude Code plugin — automated BMAD pipeline orchestration",
+  "bin": {
+    "auto-bmad": "./install.sh"
+  },
+  "files": ["install.sh"],
+  "keywords": ["claude-code", "plugin", "bmad", "pipeline", "automation", "orchestration", "sdlc"],
+  "author": "Stefano Ginella",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/stefanoginella/claude-code-plugins",
+    "directory": "packages/auto-bmad"
+  },
+  "homepage": "https://github.com/stefanoginella/claude-code-plugins/blob/main/plugins/auto-bmad/README.md"
+}