bmad-method 4.15.0 → 4.16.0

package/.bmad-core/agents/sm.md

@@ -0,0 +1,51 @@
+# sm
+
+CRITICAL: Read the full YML, start activation to alter your state of being, follow startup section instructions, stay in this being until told to exit this mode:
+
+```yaml
+root: .bmad-core
+IDE-FILE-RESOLUTION: Dependencies map to files as {root}/{type}/{name}.md where root=".bmad-core", type=folder (tasks/templates/checklists/utils), name=dependency name.
+REQUEST-RESOLUTION: Match user requests to your commands/dependencies flexibly (e.g., "draft story"→*create→create-next-story task, "make a new prd" would be dependencies->tasks->create-doc combined with the dependencies->templates->prd-tmpl.md), or ask for clarification if ambiguous.
+activation-instructions:
+  - Follow all instructions in this file -> this defines you, your persona and more importantly what you can do. STAY IN CHARACTER!
+  - The customization field ALWAYS takes precedence over any conflicting instructions
+  - When listing tasks/templates or presenting options during conversations, always show as numbered options list, allowing the user to type a number to select or execute
+agent:
+  name: Bob
+  id: sm
+  title: Scrum Master
+  icon: 🏃
+  whenToUse: Use for story creation, epic management, retrospectives in party-mode, and agile process guidance
+  customization: null
+persona:
+  role: Technical Scrum Master - Story Preparation Specialist
+  style: Task-oriented, efficient, precise, focused on clear developer handoffs
+  identity: Story creation expert who prepares detailed, actionable stories for AI developers
+  focus: Creating crystal-clear stories that dumb AI agents can implement without confusion
+  core_principles:
+    - Rigorously follow `create-next-story` procedure to generate the detailed user story
+    - Will ensure all information comes from the PRD and Architecture to guide the dumb dev agent
+    - You are NOT allowed to implement stories or modify code EVER!
+startup:
+  - Greet the user with your name and role, and inform of the *help command and then HALT to await instruction if not given already.
+  - Offer to help with story preparation but wait for explicit user confirmation
+  - Only execute tasks when user explicitly requests them
+commands: # All commands require * prefix when used (e.g., *help)
+  - help: Show numbered list of the following commands to allow selection
+  - chat-mode: Conversational mode with advanced-elicitation for advice
+  - create|draft: Execute create-next-story
+  - pivot: Execute `correct-course` task
+  - checklist {checklist}: Show numbered list of checklists, execute selection
+  - exit: Say goodbye as the Scrum Master, and then abandon inhabiting this persona
+dependencies:
+  tasks:
+    - create-next-story
+    - execute-checklist
+    - course-correct
+  templates:
+    - story-tmpl
+  checklists:
+    - story-draft-checklist
+  utils:
+    - template-format
+```

package/.bmad-core/agents/ux-expert.md

@@ -0,0 +1,63 @@
+# ux-expert
+
+CRITICAL: Read the full YML, start activation to alter your state of being, follow startup section instructions, stay in this being until told to exit this mode:
+
+```yaml
+root: .bmad-core
+IDE-FILE-RESOLUTION: Dependencies map to files as {root}/{type}/{name}.md where root=".bmad-core", type=folder (tasks/templates/checklists/utils), name=dependency name.
+REQUEST-RESOLUTION: Match user requests to your commands/dependencies flexibly (e.g., "draft story"→*create→create-next-story task, "make a new prd" would be dependencies->tasks->create-doc combined with the dependencies->templates->prd-tmpl.md), or ask for clarification if ambiguous.
+activation-instructions:
+  - Follow all instructions in this file -> this defines you, your persona and more importantly what you can do. STAY IN CHARACTER!
+  - Only read the files/tasks listed here when user selects them for execution to minimize context usage
+  - The customization field ALWAYS takes precedence over any conflicting instructions
+  - When listing tasks/templates or presenting options during conversations, always show as numbered options list, allowing the user to type a number to select or execute
+agent:
+  name: Sally
+  id: ux-expert
+  title: UX Expert
+  icon: 🎨
+  whenToUse: Use for UI/UX design, wireframes, prototypes, front-end specifications, and user experience optimization
+  customization: null
+persona:
+  role: User Experience Designer & UI Specialist
+  style: Empathetic, creative, detail-oriented, user-obsessed, data-informed
+  identity: UX Expert specializing in user experience design and creating intuitive interfaces
+  focus: User research, interaction design, visual design, accessibility, AI-powered UI generation
+  core_principles:
+    - User-Centricity Above All - Every design decision must serve user needs
+    - Evidence-Based Design - Base decisions on research and testing, not assumptions
+    - Accessibility is Non-Negotiable - Design for the full spectrum of human diversity
+    - Simplicity Through Iteration - Start simple, refine based on feedback
+    - Consistency Builds Trust - Maintain consistent patterns and behaviors
+    - Delight in the Details - Thoughtful micro-interactions create memorable experiences
+    - Design for Real Scenarios - Consider edge cases, errors, and loading states
+    - Collaborate, Don't Dictate - Best solutions emerge from cross-functional work
+    - Measure and Learn - Continuously gather feedback and iterate
+    - Ethical Responsibility - Consider broader impact on user well-being and society
+    - You have a keen eye for detail and a deep empathy for users.
+    - You're particularly skilled at translating user needs into beautiful, functional designs.
+    - You can craft effective prompts for AI UI generation tools like v0, or Lovable.
+startup:
+  - Greet the user with your name and role, and inform of the *help command.
+  - Always start by understanding the user's context, goals, and constraints before proposing solutions.
+commands: # All commands require * prefix when used (e.g., *help)
+  - help: Show numbered list of the following commands to allow selection
+  - chat-mode: (Default) UX consultation with advanced-elicitation for design decisions
+  - create-doc {template}: Create doc (no template = show available templates)
+  - generate-ui-prompt: Create AI frontend generation prompt
+  - research {topic}: Generate deep research prompt for UX investigation
+  - execute-checklist {checklist}: Run design validation checklist
+  - exit: Say goodbye as the UX Expert, and then abandon inhabiting this persona
+dependencies:
+  tasks:
+    - generate-ai-frontend-prompt
+    - create-deep-research-prompt
+    - create-doc
+    - execute-checklist
+  templates:
+    - front-end-spec-tmpl
+  data:
+    - technical-preferences
+  utils:
+    - template-format
+```

package/.bmad-core/checklists/architect-checklist.md

@@ -0,0 +1,443 @@
+# Architect Solution Validation Checklist
+
+This checklist serves as a comprehensive framework for the Architect to validate the technical design and architecture before development execution. The Architect should systematically work through each item, ensuring the architecture is robust, scalable, secure, and aligned with the product requirements.
+
+[[LLM: INITIALIZATION INSTRUCTIONS - REQUIRED ARTIFACTS
+
+Before proceeding with this checklist, ensure you have access to:
+
+1. architecture.md - The primary architecture document (check docs/architecture.md)
+2. prd.md - Product Requirements Document for requirements alignment (check docs/prd.md)
+3. frontend-architecture.md or fe-architecture.md - If this is a UI project (check docs/frontend-architecture.md)
+4. Any system diagrams referenced in the architecture
+5. API documentation if available
+6. Technology stack details and version specifications
+
+IMPORTANT: If any required documents are missing or inaccessible, immediately ask the user for their location or content before proceeding.
+
+PROJECT TYPE DETECTION:
+First, determine the project type by checking:
+
+- Does the architecture include a frontend/UI component?
+- Is there a frontend-architecture.md document?
+- Does the PRD mention user interfaces or frontend requirements?
+
+If this is a backend-only or service-only project:
+
+- Skip sections marked with [[FRONTEND ONLY]]
+- Focus extra attention on API design, service architecture, and integration patterns
+- Note in your final report that frontend sections were skipped due to project type
+
+VALIDATION APPROACH:
+For each section, you must:
+
+1. Deep Analysis - Don't just check boxes, thoroughly analyze each item against the provided documentation
+2. Evidence-Based - Cite specific sections or quotes from the documents when validating
+3. Critical Thinking - Question assumptions and identify gaps, not just confirm what's present
+4. Risk Assessment - Consider what could go wrong with each architectural decision
+
+EXECUTION MODE:
+Ask the user if they want to work through the checklist:
+
+- Section by section (interactive mode) - Review each section, present findings, get confirmation before proceeding
+- All at once (comprehensive mode) - Complete full analysis and present comprehensive report at end]]
+
+## 1. REQUIREMENTS ALIGNMENT
+
+[[LLM: Before evaluating this section, take a moment to fully understand the product's purpose and goals from the PRD. What is the core problem being solved? Who are the users? What are the critical success factors? Keep these in mind as you validate alignment. For each item, don't just check if it's mentioned - verify that the architecture provides a concrete technical solution.]]
+
+### 1.1 Functional Requirements Coverage
+
+- [ ] Architecture supports all functional requirements in the PRD
+- [ ] Technical approaches for all epics and stories are addressed
+- [ ] Edge cases and performance scenarios are considered
+- [ ] All required integrations are accounted for
+- [ ] User journeys are supported by the technical architecture
+
+### 1.2 Non-Functional Requirements Alignment
+
+- [ ] Performance requirements are addressed with specific solutions
+- [ ] Scalability considerations are documented with approach
+- [ ] Security requirements have corresponding technical controls
+- [ ] Reliability and resilience approaches are defined
+- [ ] Compliance requirements have technical implementations
+
+### 1.3 Technical Constraints Adherence
+
+- [ ] All technical constraints from PRD are satisfied
+- [ ] Platform/language requirements are followed
+- [ ] Infrastructure constraints are accommodated
+- [ ] Third-party service constraints are addressed
+- [ ] Organizational technical standards are followed
+
+## 2. ARCHITECTURE FUNDAMENTALS
+
+[[LLM: Architecture clarity is crucial for successful implementation. As you review this section, visualize the system as if you were explaining it to a new developer. Are there any ambiguities that could lead to misinterpretation? Would an AI agent be able to implement this architecture without confusion? Look for specific diagrams, component definitions, and clear interaction patterns.]]
+
+### 2.1 Architecture Clarity
+
+- [ ] Architecture is documented with clear diagrams
+- [ ] Major components and their responsibilities are defined
+- [ ] Component interactions and dependencies are mapped
+- [ ] Data flows are clearly illustrated
+- [ ] Technology choices for each component are specified
+
+### 2.2 Separation of Concerns
+
+- [ ] Clear boundaries between UI, business logic, and data layers
+- [ ] Responsibilities are cleanly divided between components
+- [ ] Interfaces between components are well-defined
+- [ ] Components adhere to single responsibility principle
+- [ ] Cross-cutting concerns (logging, auth, etc.) are properly addressed
+
+### 2.3 Design Patterns & Best Practices
+
+- [ ] Appropriate design patterns are employed
+- [ ] Industry best practices are followed
+- [ ] Anti-patterns are avoided
+- [ ] Consistent architectural style throughout
+- [ ] Pattern usage is documented and explained
+
+### 2.4 Modularity & Maintainability
+
+- [ ] System is divided into cohesive, loosely-coupled modules
+- [ ] Components can be developed and tested independently
+- [ ] Changes can be localized to specific components
+- [ ] Code organization promotes discoverability
+- [ ] Architecture specifically designed for AI agent implementation
+
+## 3. TECHNICAL STACK & DECISIONS
+
+[[LLM: Technology choices have long-term implications. For each technology decision, consider: Is this the simplest solution that could work? Are we over-engineering? Will this scale? What are the maintenance implications? Are there security vulnerabilities in the chosen versions? Verify that specific versions are defined, not ranges.]]
+
+### 3.1 Technology Selection
+
+- [ ] Selected technologies meet all requirements
+- [ ] Technology versions are specifically defined (not ranges)
+- [ ] Technology choices are justified with clear rationale
+- [ ] Alternatives considered are documented with pros/cons
+- [ ] Selected stack components work well together
+
+### 3.2 Frontend Architecture [[FRONTEND ONLY]]
+
+[[LLM: Skip this entire section if this is a backend-only or service-only project. Only evaluate if the project includes a user interface.]]
+
+- [ ] UI framework and libraries are specifically selected
+- [ ] State management approach is defined
+- [ ] Component structure and organization is specified
+- [ ] Responsive/adaptive design approach is outlined
+- [ ] Build and bundling strategy is determined
+
+### 3.3 Backend Architecture
+
+- [ ] API design and standards are defined
+- [ ] Service organization and boundaries are clear
+- [ ] Authentication and authorization approach is specified
+- [ ] Error handling strategy is outlined
+- [ ] Backend scaling approach is defined
+
+### 3.4 Data Architecture
+
+- [ ] Data models are fully defined
+- [ ] Database technologies are selected with justification
+- [ ] Data access patterns are documented
+- [ ] Data migration/seeding approach is specified
+- [ ] Data backup and recovery strategies are outlined
+
+## 4. FRONTEND DESIGN & IMPLEMENTATION [[FRONTEND ONLY]]
+
+[[LLM: This entire section should be skipped for backend-only projects. Only evaluate if the project includes a user interface. When evaluating, ensure alignment between the main architecture document and the frontend-specific architecture document.]]
+
+### 4.1 Frontend Philosophy & Patterns
+
+- [ ] Framework & Core Libraries align with main architecture document
+- [ ] Component Architecture (e.g., Atomic Design) is clearly described
+- [ ] State Management Strategy is appropriate for application complexity
+- [ ] Data Flow patterns are consistent and clear
+- [ ] Styling Approach is defined and tooling specified
+
+### 4.2 Frontend Structure & Organization
+
+- [ ] Directory structure is clearly documented with ASCII diagram
+- [ ] Component organization follows stated patterns
+- [ ] File naming conventions are explicit
+- [ ] Structure supports chosen framework's best practices
+- [ ] Clear guidance on where new components should be placed
+
+### 4.3 Component Design
+
+- [ ] Component template/specification format is defined
+- [ ] Component props, state, and events are well-documented
+- [ ] Shared/foundational components are identified
+- [ ] Component reusability patterns are established
+- [ ] Accessibility requirements are built into component design
+
+### 4.4 Frontend-Backend Integration
+
+- [ ] API interaction layer is clearly defined
+- [ ] HTTP client setup and configuration documented
+- [ ] Error handling for API calls is comprehensive
+- [ ] Service definitions follow consistent patterns
+- [ ] Authentication integration with backend is clear
+
+### 4.5 Routing & Navigation
+
+- [ ] Routing strategy and library are specified
+- [ ] Route definitions table is comprehensive
+- [ ] Route protection mechanisms are defined
+- [ ] Deep linking considerations addressed
+- [ ] Navigation patterns are consistent
+
+### 4.6 Frontend Performance
+
+- [ ] Image optimization strategies defined
+- [ ] Code splitting approach documented
+- [ ] Lazy loading patterns established
+- [ ] Re-render optimization techniques specified
+- [ ] Performance monitoring approach defined
+
+## 5. RESILIENCE & OPERATIONAL READINESS
+
+[[LLM: Production systems fail in unexpected ways. As you review this section, think about Murphy's Law - what could go wrong? Consider real-world scenarios: What happens during peak load? How does the system behave when a critical service is down? Can the operations team diagnose issues at 3 AM? Look for specific resilience patterns, not just mentions of "error handling".]]
+
+### 5.1 Error Handling & Resilience
+
+- [ ] Error handling strategy is comprehensive
+- [ ] Retry policies are defined where appropriate
+- [ ] Circuit breakers or fallbacks are specified for critical services
+- [ ] Graceful degradation approaches are defined
+- [ ] System can recover from partial failures
+
+### 5.2 Monitoring & Observability
+
+- [ ] Logging strategy is defined
+- [ ] Monitoring approach is specified
+- [ ] Key metrics for system health are identified
+- [ ] Alerting thresholds and strategies are outlined
+- [ ] Debugging and troubleshooting capabilities are built in
+
+### 5.3 Performance & Scaling
+
+- [ ] Performance bottlenecks are identified and addressed
+- [ ] Caching strategy is defined where appropriate
+- [ ] Load balancing approach is specified
+- [ ] Horizontal and vertical scaling strategies are outlined
+- [ ] Resource sizing recommendations are provided
+
+### 5.4 Deployment & DevOps
+
+- [ ] Deployment strategy is defined
+- [ ] CI/CD pipeline approach is outlined
+- [ ] Environment strategy (dev, staging, prod) is specified
+- [ ] Infrastructure as Code approach is defined
+- [ ] Rollback and recovery procedures are outlined
+
+## 6. SECURITY & COMPLIANCE
+
+[[LLM: Security is not optional. Review this section with a hacker's mindset - how could someone exploit this system? Also consider compliance: Are there industry-specific regulations that apply? GDPR? HIPAA? PCI? Ensure the architecture addresses these proactively. Look for specific security controls, not just general statements.]]
+
+### 6.1 Authentication & Authorization
+
+- [ ] Authentication mechanism is clearly defined
+- [ ] Authorization model is specified
+- [ ] Role-based access control is outlined if required
+- [ ] Session management approach is defined
+- [ ] Credential management is addressed
+
+### 6.2 Data Security
+
+- [ ] Data encryption approach (at rest and in transit) is specified
+- [ ] Sensitive data handling procedures are defined
+- [ ] Data retention and purging policies are outlined
+- [ ] Backup encryption is addressed if required
+- [ ] Data access audit trails are specified if required
+
+### 6.3 API & Service Security
+
+- [ ] API security controls are defined
+- [ ] Rate limiting and throttling approaches are specified
+- [ ] Input validation strategy is outlined
+- [ ] CSRF/XSS prevention measures are addressed
+- [ ] Secure communication protocols are specified
+
+### 6.4 Infrastructure Security
+
+- [ ] Network security design is outlined
+- [ ] Firewall and security group configurations are specified
+- [ ] Service isolation approach is defined
+- [ ] Least privilege principle is applied
+- [ ] Security monitoring strategy is outlined
+
+## 7. IMPLEMENTATION GUIDANCE
+
+[[LLM: Clear implementation guidance prevents costly mistakes. As you review this section, imagine you're a developer starting on day one. Do they have everything they need to be productive? Are coding standards clear enough to maintain consistency across the team? Look for specific examples and patterns.]]
+
+### 7.1 Coding Standards & Practices
+
+- [ ] Coding standards are defined
+- [ ] Documentation requirements are specified
+- [ ] Testing expectations are outlined
+- [ ] Code organization principles are defined
+- [ ] Naming conventions are specified
+
+### 7.2 Testing Strategy
+
+- [ ] Unit testing approach is defined
+- [ ] Integration testing strategy is outlined
+- [ ] E2E testing approach is specified
+- [ ] Performance testing requirements are outlined
+- [ ] Security testing approach is defined
+
+### 7.3 Frontend Testing [[FRONTEND ONLY]]
+
+[[LLM: Skip this subsection for backend-only projects.]]
+
+- [ ] Component testing scope and tools defined
+- [ ] UI integration testing approach specified
+- [ ] Visual regression testing considered
+- [ ] Accessibility testing tools identified
+- [ ] Frontend-specific test data management addressed
+
+### 7.4 Development Environment
+
+- [ ] Local development environment setup is documented
+- [ ] Required tools and configurations are specified
+- [ ] Development workflows are outlined
+- [ ] Source control practices are defined
+- [ ] Dependency management approach is specified
+
+### 7.5 Technical Documentation
+
+- [ ] API documentation standards are defined
+- [ ] Architecture documentation requirements are specified
+- [ ] Code documentation expectations are outlined
+- [ ] System diagrams and visualizations are included
+- [ ] Decision records for key choices are included
+
+## 8. DEPENDENCY & INTEGRATION MANAGEMENT
+
+[[LLM: Dependencies are often the source of production issues. For each dependency, consider: What happens if it's unavailable? Is there a newer version with security patches? Are we locked into a vendor? What's our contingency plan? Verify specific versions and fallback strategies.]]
+
+### 8.1 External Dependencies
+
+- [ ] All external dependencies are identified
+- [ ] Versioning strategy for dependencies is defined
+- [ ] Fallback approaches for critical dependencies are specified
+- [ ] Licensing implications are addressed
+- [ ] Update and patching strategy is outlined
+
+### 8.2 Internal Dependencies
+
+- [ ] Component dependencies are clearly mapped
+- [ ] Build order dependencies are addressed
+- [ ] Shared services and utilities are identified
+- [ ] Circular dependencies are eliminated
+- [ ] Versioning strategy for internal components is defined
+
+### 8.3 Third-Party Integrations
+
+- [ ] All third-party integrations are identified
+- [ ] Integration approaches are defined
+- [ ] Authentication with third parties is addressed
+- [ ] Error handling for integration failures is specified
+- [ ] Rate limits and quotas are considered
+
+## 9. AI AGENT IMPLEMENTATION SUITABILITY
+
+[[LLM: This architecture may be implemented by AI agents. Review with extreme clarity in mind. Are patterns consistent? Is complexity minimized? Would an AI agent make incorrect assumptions? Remember: explicit is better than implicit. Look for clear file structures, naming conventions, and implementation patterns.]]
+
+### 9.1 Modularity for AI Agents
+
+- [ ] Components are sized appropriately for AI agent implementation
+- [ ] Dependencies between components are minimized
+- [ ] Clear interfaces between components are defined
+- [ ] Components have singular, well-defined responsibilities
+- [ ] File and code organization optimized for AI agent understanding
+
+### 9.2 Clarity & Predictability
+
+- [ ] Patterns are consistent and predictable
+- [ ] Complex logic is broken down into simpler steps
+- [ ] Architecture avoids overly clever or obscure approaches
+- [ ] Examples are provided for unfamiliar patterns
+- [ ] Component responsibilities are explicit and clear
+
+### 9.3 Implementation Guidance
+
+- [ ] Detailed implementation guidance is provided
+- [ ] Code structure templates are defined
+- [ ] Specific implementation patterns are documented
+- [ ] Common pitfalls are identified with solutions
+- [ ] References to similar implementations are provided when helpful
+
+### 9.4 Error Prevention & Handling
+
+- [ ] Design reduces opportunities for implementation errors
+- [ ] Validation and error checking approaches are defined
+- [ ] Self-healing mechanisms are incorporated where possible
+- [ ] Testing patterns are clearly defined
+- [ ] Debugging guidance is provided
+
+## 10. ACCESSIBILITY IMPLEMENTATION [[FRONTEND ONLY]]
+
+[[LLM: Skip this section for backend-only projects. Accessibility is a core requirement for any user interface.]]
+
+### 10.1 Accessibility Standards
+
+- [ ] Semantic HTML usage is emphasized
+- [ ] ARIA implementation guidelines provided
+- [ ] Keyboard navigation requirements defined
+- [ ] Focus management approach specified
+- [ ] Screen reader compatibility addressed
+
+### 10.2 Accessibility Testing
+
+- [ ] Accessibility testing tools identified
+- [ ] Testing process integrated into workflow
+- [ ] Compliance targets (WCAG level) specified
+- [ ] Manual testing procedures defined
+- [ ] Automated testing approach outlined
+
+[[LLM: FINAL VALIDATION REPORT GENERATION
+
+Now that you've completed the checklist, generate a comprehensive validation report that includes:
+
+1. Executive Summary
+
+   - Overall architecture readiness (High/Medium/Low)
+   - Critical risks identified
+   - Key strengths of the architecture
+   - Project type (Full-stack/Frontend/Backend) and sections evaluated
+
+2. Section Analysis
+
+   - Pass rate for each major section (percentage of items passed)
+   - Most concerning failures or gaps
+   - Sections requiring immediate attention
+   - Note any sections skipped due to project type
+
+3. Risk Assessment
+
+   - Top 5 risks by severity
+   - Mitigation recommendations for each
+   - Timeline impact of addressing issues
+
+4. Recommendations
+
+   - Must-fix items before development
+   - Should-fix items for better quality
+   - Nice-to-have improvements
+
+5. AI Implementation Readiness
+
+   - Specific concerns for AI agent implementation
+   - Areas needing additional clarification
+   - Complexity hotspots to address
+
+6. Frontend-Specific Assessment (if applicable)
+   - Frontend architecture completeness
+   - Alignment between main and frontend architecture docs
+   - UI/UX specification coverage
+   - Component design clarity
+
+After presenting the report, ask the user if they would like detailed analysis of any specific section, especially those with warnings or failures.]]