bmad-method 4.37.0 → 5.0.0-beta.2

package/.github/workflows/promote-to-stable.yml

@@ -0,0 +1,144 @@
+name: Promote to Stable
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_bump:
+        description: 'Version bump type'
+        required: true
+        default: 'minor'
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Configure Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"
+
+      - name: Switch to stable branch
+        run: |
+          git checkout stable
+          git pull origin stable
+
+      - name: Merge main into stable
+        run: |
+          git merge origin/main --no-edit
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Get current version and calculate new version
+        id: version
+        run: |
+          # Get current version from package.json
+          CURRENT_VERSION=$(node -p "require('./package.json').version")
+          echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          
+          # Remove beta suffix if present
+          BASE_VERSION=$(echo $CURRENT_VERSION | sed 's/-beta\.[0-9]\+//')
+          echo "base_version=$BASE_VERSION" >> $GITHUB_OUTPUT
+          
+          # Calculate new version based on bump type
+          IFS='.' read -ra VERSION_PARTS <<< "$BASE_VERSION"
+          MAJOR=${VERSION_PARTS[0]}
+          MINOR=${VERSION_PARTS[1]}
+          PATCH=${VERSION_PARTS[2]}
+          
+          case "${{ github.event.inputs.version_bump }}" in
+            "major")
+              NEW_VERSION="$((MAJOR + 1)).0.0"
+              ;;
+            "minor")
+              NEW_VERSION="$MAJOR.$((MINOR + 1)).0"
+              ;;
+            "patch")
+              NEW_VERSION="$MAJOR.$MINOR.$((PATCH + 1))"
+              ;;
+            *)
+              NEW_VERSION="$BASE_VERSION"
+              ;;
+          esac
+          
+          # Check if calculated version already exists on NPM and increment if necessary
+          while npm view bmad-method@$NEW_VERSION version >/dev/null 2>&1; do
+            echo "Version $NEW_VERSION already exists, incrementing..."
+            IFS='.' read -ra NEW_VERSION_PARTS <<< "$NEW_VERSION"
+            NEW_MAJOR=${NEW_VERSION_PARTS[0]}
+            NEW_MINOR=${NEW_VERSION_PARTS[1]}
+            NEW_PATCH=${NEW_VERSION_PARTS[2]}
+            
+            case "${{ github.event.inputs.version_bump }}" in
+              "major")
+                NEW_VERSION="$((NEW_MAJOR + 1)).0.0"
+                ;;
+              "minor")
+                NEW_VERSION="$NEW_MAJOR.$((NEW_MINOR + 1)).0"
+                ;;
+              "patch")
+                NEW_VERSION="$NEW_MAJOR.$NEW_MINOR.$((NEW_PATCH + 1))"
+                ;;
+            esac
+          done
+          
+          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
+          echo "Promoting from $CURRENT_VERSION to $NEW_VERSION"
+
+      - name: Update package.json versions
+        run: |
+          # Update main package.json
+          npm version ${{ steps.version.outputs.new_version }} --no-git-tag-version
+          
+          # Update installer package.json
+          sed -i 's/"version": ".*"/"version": "${{ steps.version.outputs.new_version }}"/' tools/installer/package.json
+
+      - name: Update package-lock.json
+        run: npm install --package-lock-only
+
+      - name: Commit stable release
+        run: |
+          git add .
+          git commit -m "feat: promote to stable ${{ steps.version.outputs.new_version }}
+
+          BREAKING CHANGE: Promote beta features to stable release
+
+          - Update version from ${{ steps.version.outputs.current_version }} to ${{ steps.version.outputs.new_version }}
+          - Automated promotion via GitHub Actions"
+
+      - name: Push stable release
+        run: |
+          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
+          git push origin stable
+
+      - name: Switch back to main
+        run: git checkout main
+
+      - name: Summary
+        run: |
+          echo "🎉 Successfully promoted to stable!"
+          echo "📦 Version: ${{ steps.version.outputs.new_version }}"
+          echo "🚀 The stable release will be automatically published to NPM via semantic-release"
+          echo "✅ Users running 'npx bmad-method install' will now get version ${{ steps.version.outputs.new_version }}"

package/CHANGELOG.md

@@ -1,21 +1,9 @@
-# [4.37.0](https://github.com/bmadcode/BMAD-METHOD/compare/v4.36.2...v4.37.0) (2025-08-16)
-
-
-### Bug Fixes
-
-* add semver dependency and correct NPM dist-tag configuration ([5ceca3a](https://github.com/bmadcode/BMAD-METHOD/commit/5ceca3aeb9390706b0f0233322e197c9533e8426))
-* **docs:** fix broken link in GUIDING-PRINCIPLES.md ([#428](https://github.com/bmadcode/BMAD-METHOD/issues/428)) ([3efcfd5](https://github.com/bmadcode/BMAD-METHOD/commit/3efcfd54d47f4c3cdc6527a438f86fc615a8700c))
-* remove git plugin to resolve branch protection conflicts ([8e324f6](https://github.com/bmadcode/BMAD-METHOD/commit/8e324f60b0dad2f385ff62bd63615afc73c575f8))
-* update package-lock.json for semver dependency ([faff4e0](https://github.com/bmadcode/BMAD-METHOD/commit/faff4e06a16563c6d2f7fd4c1ed4046a2ee56289))
-* update versions for dual publishing beta releases ([e0dcbcf](https://github.com/bmadcode/BMAD-METHOD/commit/e0dcbcf5277ac33a824b445060177fd3e71f13d4))
+# [5.0.0-beta.2](https://github.com/bmadcode/BMAD-METHOD/compare/v5.0.0-beta.1...v5.0.0-beta.2) (2025-08-16)
 
 
 ### Features
 
-* implement dual NPM publishing strategy ([d92ba83](https://github.com/bmadcode/BMAD-METHOD/commit/d92ba835fa6e720059b943e352a03435f2a704c9))
-* install Cursor rules to subdirectory ([#438](https://github.com/bmadcode/BMAD-METHOD/issues/438)) ([d563266](https://github.com/bmadcode/BMAD-METHOD/commit/d563266b9738b5d3c5ec1e31ab683aad517e2604)), closes [#376](https://github.com/bmadcode/BMAD-METHOD/issues/376) [#376](https://github.com/bmadcode/BMAD-METHOD/issues/376)
-* republish beta with corrected dependencies and tags ([75ba8d8](https://github.com/bmadcode/BMAD-METHOD/commit/75ba8d82e1a678c16bb5ef05a0a3f1356b99668b))
-* trigger new beta release with fixed dependencies ([f3e429d](https://github.com/bmadcode/BMAD-METHOD/commit/f3e429d746b8e95d5b3da522ac18d68e3054bb36))
+* **flattener:** prompt for detailed stats; polish .stats.md with emojis ([#422](https://github.com/bmadcode/BMAD-METHOD/issues/422)) ([fab9d5e](https://github.com/bmadcode/BMAD-METHOD/commit/fab9d5e1f55d7876b6909002415af89508cc41a7))
 
 ## [4.36.2](https://github.com/bmadcode/BMAD-METHOD/compare/v4.36.1...v4.36.2) (2025-08-10)
 
@@ -705,3 +693,5 @@ Co-Authored-By: Claude <noreply@anthropic.com>
 ### Features
 
 - add versioning and release automation ([0ea5e50](https://github.com/bmadcode/BMAD-METHOD/commit/0ea5e50aa7ace5946d0100c180dd4c0da3e2fd8c))
+
+# Promote to stable release 5.0.0

package/bmad-core/agents/qa.md

@@ -30,26 +30,30 @@ activation-instructions:
 agent:
   name: Quinn
   id: qa
-  title: Senior Developer & QA Architect
+  title: Test Architect & Quality Advisor
   icon: 🧪
-  whenToUse: Use for senior code review, refactoring, test planning, quality assurance, and mentoring through code improvements
+  whenToUse: |
+    Use for comprehensive test architecture review, quality gate decisions, 
+    and code improvement. Provides thorough analysis including requirements 
+    traceability, risk assessment, and test strategy. 
+    Advisory only - teams choose their quality bar.
   customization: null
 persona:
-  role: Senior Developer & Test Architect
-  style: Methodical, detail-oriented, quality-focused, mentoring, strategic
-  identity: Senior developer with deep expertise in code quality, architecture, and test automation
-  focus: Code excellence through review, refactoring, and comprehensive testing strategies
+  role: Test Architect with Quality Advisory Authority
+  style: Comprehensive, systematic, advisory, educational, pragmatic
+  identity: Test architect who provides thorough quality assessment and actionable recommendations without blocking progress
+  focus: Comprehensive quality analysis through test architecture, risk assessment, and advisory gates
   core_principles:
-    - Senior Developer Mindset - Review and improve code as a senior mentoring juniors
-    - Active Refactoring - Don't just identify issues, fix them with clear explanations
-    - Test Strategy & Architecture - Design holistic testing strategies across all levels
-    - Code Quality Excellence - Enforce best practices, patterns, and clean code principles
-    - Shift-Left Testing - Integrate testing early in development lifecycle
-    - Performance & Security - Proactively identify and fix performance/security issues
-    - Mentorship Through Action - Explain WHY and HOW when making improvements
-    - Risk-Based Testing - Prioritize testing based on risk and critical areas
-    - Continuous Improvement - Balance perfection with pragmatism
-    - Architecture & Design Patterns - Ensure proper patterns and maintainable code structure
+    - Depth As Needed - Go deep based on risk signals, stay concise when low risk
+    - Requirements Traceability - Map all stories to tests using Given-When-Then patterns
+    - Risk-Based Testing - Assess and prioritize by probability × impact
+    - Quality Attributes - Validate NFRs (security, performance, reliability) via scenarios
+    - Testability Assessment - Evaluate controllability, observability, debuggability
+    - Gate Governance - Provide clear PASS/CONCERNS/FAIL/WAIVED decisions with rationale
+    - Advisory Excellence - Educate through documentation, never block arbitrarily
+    - Technical Debt Awareness - Identify and quantify debt with improvement suggestions
+    - LLM Acceleration - Use LLMs to accelerate thorough yet focused analysis
+    - Pragmatic Balance - Distinguish must-fix from nice-to-have improvements
 story-file-permissions:
   - CRITICAL: When reviewing stories, you are ONLY authorized to update the "QA Results" section of story files
   - CRITICAL: DO NOT modify any other sections including Status, Story, Acceptance Criteria, Tasks/Subtasks, Dev Notes, Testing, Dev Agent Record, Change Log, or any other sections
@@ -57,13 +61,28 @@ story-file-permissions:
 # All commands require * prefix when used (e.g., *help)
 commands:
   - help: Show numbered list of the following commands to allow selection
-  - review {story}: execute the task review-story for the highest sequence story in docs/stories unless another is specified - keep any specified technical-preferences in mind as needed
-  - exit: Say goodbye as the QA Engineer, and then abandon inhabiting this persona
+  - review {story}: |
+      Adaptive, risk-aware comprehensive review. 
+      Produces: QA Results update in story file + gate file (PASS/CONCERNS/FAIL/WAIVED).
+      Gate file location: docs/qa/gates/{epic}.{story}-{slug}.yml
+      Executes review-story task which includes all analysis and creates gate decision.
+  - gate {story}: Execute qa-gate task to write/update quality gate decision in docs/qa/gates/
+  - trace {story}: Execute trace-requirements task to map requirements to tests using Given-When-Then
+  - risk-profile {story}: Execute risk-profile task to generate risk assessment matrix
+  - test-design {story}: Execute test-design task to create comprehensive test scenarios
+  - nfr-assess {story}: Execute nfr-assess task to validate non-functional requirements
+  - exit: Say goodbye as the Test Architect, and then abandon inhabiting this persona
 dependencies:
   tasks:
     - review-story.md
+    - qa-gate.md
+    - trace-requirements.md
+    - risk-profile.md
+    - test-design.md
+    - nfr-assess.md
   data:
     - technical-preferences.md
   templates:
     - story-tmpl.yaml
+    - qa-gate-tmpl.yaml
 ```

package/bmad-core/data/test-levels-framework.md

@@ -0,0 +1,146 @@
+# Test Levels Framework
+
+Comprehensive guide for determining appropriate test levels (unit, integration, E2E) for different scenarios.
+
+## Test Level Decision Matrix
+
+### Unit Tests
+
+**When to use:**
+
+- Testing pure functions and business logic
+- Algorithm correctness
+- Input validation and data transformation
+- Error handling in isolated components
+- Complex calculations or state machines
+
+**Characteristics:**
+
+- Fast execution (immediate feedback)
+- No external dependencies (DB, API, file system)
+- Highly maintainable and stable
+- Easy to debug failures
+
+**Example scenarios:**
+
+```yaml
+unit_test:
+  component: "PriceCalculator"
+  scenario: "Calculate discount with multiple rules"
+  justification: "Complex business logic with multiple branches"
+  mock_requirements: "None - pure function"
+```
+
+### Integration Tests
+
+**When to use:**
+
+- Component interaction verification
+- Database operations and transactions
+- API endpoint contracts
+- Service-to-service communication
+- Middleware and interceptor behavior
+
+**Characteristics:**
+
+- Moderate execution time
+- Tests component boundaries
+- May use test databases or containers
+- Validates system integration points
+
+**Example scenarios:**
+
+```yaml
+integration_test:
+  components: ["UserService", "AuthRepository"]
+  scenario: "Create user with role assignment"
+  justification: "Critical data flow between service and persistence"
+  test_environment: "In-memory database"
+```
+
+### End-to-End Tests
+
+**When to use:**
+
+- Critical user journeys
+- Cross-system workflows
+- Visual regression testing
+- Compliance and regulatory requirements
+- Final validation before release
+
+**Characteristics:**
+
+- Slower execution
+- Tests complete workflows
+- Requires full environment setup
+- Most realistic but most brittle
+
+**Example scenarios:**
+
+```yaml
+e2e_test:
+  journey: "Complete checkout process"
+  scenario: "User purchases with saved payment method"
+  justification: "Revenue-critical path requiring full validation"
+  environment: "Staging with test payment gateway"
+```
+
+## Test Level Selection Rules
+
+### Favor Unit Tests When:
+
+- Logic can be isolated
+- No side effects involved
+- Fast feedback needed
+- High cyclomatic complexity
+
+### Favor Integration Tests When:
+
+- Testing persistence layer
+- Validating service contracts
+- Testing middleware/interceptors
+- Component boundaries critical
+
+### Favor E2E Tests When:
+
+- User-facing critical paths
+- Multi-system interactions
+- Regulatory compliance scenarios
+- Visual regression important
+
+## Anti-patterns to Avoid
+
+- E2E testing for business logic validation
+- Unit testing framework behavior
+- Integration testing third-party libraries
+- Duplicate coverage across levels
+
+## Duplicate Coverage Guard
+
+**Before adding any test, check:**
+
+1. Is this already tested at a lower level?
+2. Can a unit test cover this instead of integration?
+3. Can an integration test cover this instead of E2E?
+
+**Coverage overlap is only acceptable when:**
+
+- Testing different aspects (unit: logic, integration: interaction, e2e: user experience)
+- Critical paths requiring defense in depth
+- Regression prevention for previously broken functionality
+
+## Test Naming Conventions
+
+- Unit: `test_{component}_{scenario}`
+- Integration: `test_{flow}_{interaction}`
+- E2E: `test_{journey}_{outcome}`
+
+## Test ID Format
+
+`{EPIC}.{STORY}-{LEVEL}-{SEQ}`
+
+Examples:
+
+- `1.3-UNIT-001`
+- `1.3-INT-002`
+- `1.3-E2E-001`

package/bmad-core/data/test-priorities-matrix.md

@@ -0,0 +1,172 @@
+# Test Priorities Matrix
+
+Guide for prioritizing test scenarios based on risk, criticality, and business impact.
+
+## Priority Levels
+
+### P0 - Critical (Must Test)
+
+**Criteria:**
+
+- Revenue-impacting functionality
+- Security-critical paths
+- Data integrity operations
+- Regulatory compliance requirements
+- Previously broken functionality (regression prevention)
+
+**Examples:**
+
+- Payment processing
+- Authentication/authorization
+- User data creation/deletion
+- Financial calculations
+- GDPR/privacy compliance
+
+**Testing Requirements:**
+
+- Comprehensive coverage at all levels
+- Both happy and unhappy paths
+- Edge cases and error scenarios
+- Performance under load
+
+### P1 - High (Should Test)
+
+**Criteria:**
+
+- Core user journeys
+- Frequently used features
+- Features with complex logic
+- Integration points between systems
+- Features affecting user experience
+
+**Examples:**
+
+- User registration flow
+- Search functionality
+- Data import/export
+- Notification systems
+- Dashboard displays
+
+**Testing Requirements:**
+
+- Primary happy paths required
+- Key error scenarios
+- Critical edge cases
+- Basic performance validation
+
+### P2 - Medium (Nice to Test)
+
+**Criteria:**
+
+- Secondary features
+- Admin functionality
+- Reporting features
+- Configuration options
+- UI polish and aesthetics
+
+**Examples:**
+
+- Admin settings panels
+- Report generation
+- Theme customization
+- Help documentation
+- Analytics tracking
+
+**Testing Requirements:**
+
+- Happy path coverage
+- Basic error handling
+- Can defer edge cases
+
+### P3 - Low (Test if Time Permits)
+
+**Criteria:**
+
+- Rarely used features
+- Nice-to-have functionality
+- Cosmetic issues
+- Non-critical optimizations
+
+**Examples:**
+
+- Advanced preferences
+- Legacy feature support
+- Experimental features
+- Debug utilities
+
+**Testing Requirements:**
+
+- Smoke tests only
+- Can rely on manual testing
+- Document known limitations
+
+## Risk-Based Priority Adjustments
+
+### Increase Priority When:
+
+- High user impact (affects >50% of users)
+- High financial impact (>$10K potential loss)
+- Security vulnerability potential
+- Compliance/legal requirements
+- Customer-reported issues
+- Complex implementation (>500 LOC)
+- Multiple system dependencies
+
+### Decrease Priority When:
+
+- Feature flag protected
+- Gradual rollout planned
+- Strong monitoring in place
+- Easy rollback capability
+- Low usage metrics
+- Simple implementation
+- Well-isolated component
+
+## Test Coverage by Priority
+
+| Priority | Unit Coverage | Integration Coverage | E2E Coverage       |
+| -------- | ------------- | -------------------- | ------------------ |
+| P0       | >90%          | >80%                 | All critical paths |
+| P1       | >80%          | >60%                 | Main happy paths   |
+| P2       | >60%          | >40%                 | Smoke tests        |
+| P3       | Best effort   | Best effort          | Manual only        |
+
+## Priority Assignment Rules
+
+1. **Start with business impact** - What happens if this fails?
+2. **Consider probability** - How likely is failure?
+3. **Factor in detectability** - Would we know if it failed?
+4. **Account for recoverability** - Can we fix it quickly?
+
+## Priority Decision Tree
+
+```
+Is it revenue-critical?
+├─ YES → P0
+└─ NO → Does it affect core user journey?
+    ├─ YES → Is it high-risk?
+    │   ├─ YES → P0
+    │   └─ NO → P1
+    └─ NO → Is it frequently used?
+        ├─ YES → P1
+        └─ NO → Is it customer-facing?
+            ├─ YES → P2
+            └─ NO → P3
+```
+
+## Test Execution Order
+
+1. Execute P0 tests first (fail fast on critical issues)
+2. Execute P1 tests second (core functionality)
+3. Execute P2 tests if time permits
+4. P3 tests only in full regression cycles
+
+## Continuous Adjustment
+
+Review and adjust priorities based on:
+
+- Production incident patterns
+- User feedback and complaints
+- Usage analytics
+- Test failure history
+- Business priority changes