bmad-method 6.10.0 → 6.10.1-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -29,7 +29,8 @@
29
29
  "./src/core-skills/bmad-editorial-review-structure",
30
30
  "./src/core-skills/bmad-index-docs",
31
31
  "./src/core-skills/bmad-review-adversarial-general",
32
- "./src/core-skills/bmad-review-edge-case-hunter"
32
+ "./src/core-skills/bmad-review-edge-case-hunter",
33
+ "./src/core-skills/bmad-review-verification-gap"
33
34
  ]
34
35
  },
35
36
  {
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "$schema": "https://json.schemastore.org/package.json",
3
3
  "name": "bmad-method",
4
- "version": "6.10.0",
4
+ "version": "6.10.1-next.0",
5
5
  "description": "Breakthrough Method of Agile AI-driven Development",
6
6
  "keywords": [
7
7
  "agile",
@@ -13,7 +13,7 @@ failed_layers: '' # set at runtime: comma-separated list of layers that failed o
13
13
 
14
14
  1. If `{review_mode}` = `"no-spec"`, note to the user: "Acceptance Auditor skipped — no spec file provided."
15
15
 
16
- 2. Launch Blind Hunter and Edge Case Hunter in parallel without prior conversation context. If `{review_mode}` = `"full"`, include the Acceptance Auditor in the same parallel launch. If subagents are not available, generate prompt files in `{implementation_artifacts}` for each applicable reviewer role and HALT. Ask the user to run each in a separate session (ideally a different LLM) and paste back the findings. When findings are pasted, resume from this point and proceed to step 3.
16
+ 2. Launch Blind Hunter, Edge Case Hunter, and Verification Gap Reviewer in parallel without prior conversation context. If `{review_mode}` = `"full"`, include the Acceptance Auditor in the same parallel launch. If subagents are not available, generate prompt files in `{implementation_artifacts}` for each applicable reviewer role and HALT. Ask the user to run each in a separate session (ideally a different LLM) and paste back the findings. When findings are pasted, resume from this point and proceed to step 3.
17
17
 
18
18
  - **Blind Hunter** — prompt:
19
19
  > Invoke the `bmad-review-adversarial-general` skill on this diff:
@@ -25,6 +25,11 @@ failed_layers: '' # set at runtime: comma-separated list of layers that failed o
25
25
  >
26
26
  > {diff_output}
27
27
 
28
+ - **Verification Gap Reviewer** — prompt:
29
+ > Invoke the `bmad-review-verification-gap` skill on this diff:
30
+ >
31
+ > {diff_output}
32
+
28
33
  - **Acceptance Auditor** (only if `{review_mode}` = `"full"`) — prompt:
29
34
  > You are an Acceptance Auditor. Review the provided diff against `{spec_file}` and any loaded context docs. Check for: violations of acceptance criteria, deviations from spec intent, missing implementation of specified behavior, contradictions between spec constraints and actual code. Output findings as a Markdown list. Each finding: one-line title, which AC/constraint it violates, and evidence from the diff.
30
35
  >
@@ -9,16 +9,9 @@
9
9
 
10
10
  ## INSTRUCTIONS
11
11
 
12
- 1. **Normalize** findings into a common format. Expected input formats:
13
- - Adversarial (Blind Hunter): markdown list of descriptions
14
- - Edge Case Hunter: JSON array with `location`, `trigger_condition`, `guard_snippet`, `potential_consequence` fields
15
- - Acceptance Auditor: markdown list with title, AC/constraint reference, and evidence
16
-
17
- If a layer's output does not match its expected format, attempt best-effort parsing. Note any parsing issues for the user.
18
-
19
- Convert all to a unified list where each finding has:
12
+ 1. **Normalize** findings from all layers into a unified list where each finding has:
20
13
  - `id` -- sequential integer
21
- - `source` -- `blind`, `edge`, `auditor`, or merged sources (e.g., `blind+edge`)
14
+ - `source` -- `blind`, `edge`, `vgap`, `auditor`, or merged sources (e.g., `blind+edge`)
22
15
  - `title` -- one-line summary
23
16
  - `detail` -- full description
24
17
  - `location` -- file and line reference (if available)
@@ -22,7 +22,7 @@ Do NOT `git add` anything — this is read-only inspection.
22
22
 
23
23
  ### Review
24
24
 
25
- Launch Blind Hunter and Edge Case Hunter in parallel without prior conversation context.
25
+ Launch Blind Hunter, Edge Case Hunter, and Verification Gap Reviewer in parallel without prior conversation context.
26
26
 
27
27
  - **Blind Hunter** — prompt:
28
28
  > Invoke the `bmad-review-adversarial-general` skill on this diff:
@@ -32,6 +32,10 @@ Launch Blind Hunter and Edge Case Hunter in parallel without prior conversation
32
32
  > Invoke the `bmad-review-edge-case-hunter` skill on this diff:
33
33
  >
34
34
  > {diff_output}
35
+ - **Verification Gap Reviewer** — prompt:
36
+ > Invoke the `bmad-review-verification-gap` skill on this diff:
37
+ >
38
+ > {diff_output}
35
39
 
36
40
  ### Classify
37
41
 
@@ -21,7 +21,7 @@ Do NOT `git add` anything — this is read-only inspection.
21
21
 
22
22
  ### Review
23
23
 
24
- Launch Blind Hunter and Edge Case Hunter in parallel without prior conversation context. If no subagents are available, generate two review prompt files in `{implementation_artifacts}` — one per reviewer role below — and HALT. Ask the human to run each in a separate session (ideally a different LLM) and paste back the findings.
24
+ Launch Blind Hunter, Edge Case Hunter, and Verification Gap Reviewer in parallel without prior conversation context. If no subagents are available, generate three review prompt files in `{implementation_artifacts}` — one per reviewer role below — and HALT. Ask the human to run each in a separate session (ideally a different LLM) and paste back the findings.
25
25
 
26
26
  - **Blind Hunter** — prompt:
27
27
  > Invoke the `bmad-review-adversarial-general` skill on this diff:
@@ -31,6 +31,10 @@ Launch Blind Hunter and Edge Case Hunter in parallel without prior conversation
31
31
  > Invoke the `bmad-review-edge-case-hunter` skill on this diff:
32
32
  >
33
33
  > {diff_output}
34
+ - **Verification Gap Reviewer** — prompt:
35
+ > Invoke the `bmad-review-verification-gap` skill on this diff:
36
+ >
37
+ > {diff_output}
34
38
 
35
39
  ### Classify
36
40
 
@@ -0,0 +1,106 @@
1
+ ---
2
+ name: bmad-review-verification-gap
3
+ description: 'Review a code change for changed behavior that could regress without reliable verification catching it. Use when checking whether a change is adequately verified.'
4
+ ---
5
+
6
+ # Verification Gap Review
7
+
8
+ **Goal:** Find changed behavior that could break without reliable verification catching it. Ask one question — "if the behavior this change is supposed to produce broke where it's actually used, would verification fail?" Do not hunt for correctness bugs, but report genuine problems you notice while tracing verification.
9
+
10
+ The main verification gap shapes are:
11
+
12
+ 1. **Regression gap:** the changed code regresses where it's used, and no test covering that use would fail.
13
+ 2. **Missing-adoption gap:** a place that should now use the new behavior doesn't; it handles the same case its own way, or not at all, and no test would flag the omission.
14
+ 3. **Broken-verification gap:** a test appears to cover the changed behavior, but would not actually protect it because it is skipped, flaky, not run in the normal verification path, or too weak to observe the regression.
15
+
16
+ ## Evidence Rules
17
+
18
+ - Read a test before claiming what it covers, runs, asserts, or misses.
19
+ - Before claiming no test exists, search the whole repo by the symbol under test and by import references; expected file locations are not enough.
20
+ - Never assert what you did not verify. If a finding cannot be grounded, drop it.
21
+ - In a finding, say what you actually checked — "none of the tests I read cover this" — and show how far you looked. Say a test doesn't exist anywhere only when the symbol/import-reference search actually shows that.
22
+ - Do not assign severity, confidence, priority, or ranking.
23
+
24
+ ## Review Sequence
25
+
26
+ ### Step 1: Screen for behavioral change
27
+
28
+ If the change is non-behavioral, stop here and output the clean result (see Output Format). Call it non-behavioral only when the changed code does not alter return values, thrown errors, caller-visible side effects, or observable state (including iteration order and emitted messages). After the changed code meets that test, stop; do not inspect callers or tests for extra confirmation.
29
+
30
+ Common non-behavioral examples: formatting, comments, whitespace; pure renames; trivial getters/setters and pass-throughs; type-only or compiler-enforced changes with no runtime effect; etc.
31
+
32
+ ### Step 2: Find the behavior that changed
33
+
34
+ Identify what behavior changed compared to the previous version: output, side effect, branch, error path, schema/event shape, config default, validation/authorization rule, external contract, etc. If the change affects more than one behavior, handle each separately.
35
+
36
+ Treat broad-impact changes as behavioral even when no single changed line looks important: dependency, toolchain, build/config, data-file, etc.
37
+
38
+ ### Step 3: Trace where that behavior is used
39
+
40
+ Trace the changed behavior to the places that observe it. Start with direct callers and registered entry points (routes, commands, DI), contract consumers (schemas, events, APIs, database readers), and reverse-dependency info if already available.
41
+
42
+ Follow a path only while the changed behavior is reachable and unverified. Stop when a test at that boundary would fail, the consumer does not observe the changed behavior, or the next hop is guesswork (dynamic dispatch, reflection, outside-repo consumers, etc.). Prefer the nearest observable boundary, often one to three hops away, especially across contract, integration, or service edges. If there are more than five similar consumers, group obvious repeats and check representative paths; expand only when a consumer observes the behavior differently.
43
+
44
+ ### Step 4: Qualify the consumer, then check its test
45
+
46
+ For each consumer, name the smallest realistic regression this consumer would observe: invert the branch, drop the default, omit the field, return the old error code, skip the integration call, etc. This is the Demonstration. If no such regression exists, drop the path; untested downstream code is not a finding.
47
+
48
+ A `Missing-adoption gap` qualifies not by the adoption failure alone but by a supersession signal: the change gives clear evidence the new behavior is meant to replace the local one — PR intent, naming or docs, a replaced sibling site, deleted duplicate logic, or a test defining the new rule — and the local site shares the same observable contract. Without a supersession signal and a shared observable contract, it is a refactor suggestion, not a verification-gap finding. Once both hold, check whether any test for that site would flag the non-adoption; missing coverage of the non-adoption is the gap itself, not a disqualifier.
49
+
50
+ Find and read the relevant test. Ask whether the Demonstration would make an assertion fail.
51
+
52
+ - If yes, the behavior is verified. No finding.
53
+ - For a regression-style Demonstration: if no test runs the path, the test is skipped/flaky/not run normally, or the test runs the code without checking the changed result, report a `Regression gap` or `Broken-verification gap`.
54
+ - For a qualifying Missing-adoption case: if none of the site tests you found assert it adopts the new behavior, report a `Missing-adoption gap`.
55
+
56
+ A test counts only if it runs normally and an assertion observes the changed output, branch, or contract. These do not count: no execution; success/no-throw/snapshot-only checks; mock/log-call checks; human-only checks; tests that mock away the integration; e2e tests that pass through without checking the changed output; stale assertions or fixtures.
57
+
58
+ Common patterns:
59
+
60
+ - **Caller-path gap** — helper test covers the branch, but caller values skip it.
61
+ - **Contract drift** — payload/schema/event changes must be verified at the consumer.
62
+ - **Migration compatibility** — tests only create new-format rows or fresh schemas.
63
+ - **Phantom exception** — handled partial-failure path has no test.
64
+ - **Missing-adoption gap** — sibling site should use the new rule/helper and does not.
65
+ - **Removed verification** — deleted test or weakened assertion leaves behavior unpinned.
66
+
67
+ ### Step 5: Confirm each finding is real
68
+
69
+ Before writing a finding, re-open the specific tests or search results the finding relies on. Verify the Demonstration would not make any test you checked fail, or that the absence claim is backed by the symbol/import-reference search. Do not claim more than you verified; drop any finding you cannot ground.
70
+
71
+ Do not report: compiler/type-checker-enforced cases; behavior already verified by an integration, contract, or e2e test; implementation-detail or mock-only tests; low coverage or a missing test file by itself; legacy untested code the change did not affect.
72
+
73
+ Report genuine problems you noticed while tracing verification, even if they are not verification gaps. Put them under `Other findings` in the output. This permits reporting what you already reached, not extra hunting.
74
+
75
+ ## OUTPUT FORMAT
76
+
77
+ Emit each verification-gap finding as one block. No general advice, no severity or confidence.
78
+
79
+ ```markdown
80
+ ### <one-line title naming the gap>
81
+
82
+ - **Changed surface:** the exact behavior or contract that changed — `file:line`.
83
+ - **Impacted consumer or site:** named concretely with `file:line` (e.g. "the `createInvoice` mutation used by the billing dashboard at `billing/dashboard.ts:88`," not "callers of this function").
84
+ - **Existing test evidence:**
85
+ - `Regression gap`: what the relevant test actually asserts, with `file:line`; or, if none, the symbol/import-reference searches run and their result.
86
+ - `Missing-adoption gap`: tests for the impacted site, and whether any assert it adopts the new behavior.
87
+ - `Broken-verification gap`: the apparent test or verification path, and why it does not count.
88
+ - **Missing verification:** the precise assertion or check that's absent.
89
+ - **Demonstration:**
90
+ - `Regression gap` / `Broken-verification gap`: the concrete regression that would ship undetected, and why the tests you checked would not fail.
91
+ - `Missing-adoption gap`: the case the site mishandles by not adopting the new behavior, and that none of the tests you read assert adoption.
92
+ - **Consequence:** the concrete thing that ships wrong — a regression the checked evidence would not catch, or a site that should use the new behavior and doesn't.
93
+ - **Suggested test shape:** (optional) the kind of test that would close the gap, fit to the repo's own way of verifying — don't impose a generic test pyramid.
94
+ ```
95
+
96
+ If you noticed genuine non-gap problems while tracing verification, append:
97
+
98
+ ```markdown
99
+ ## Other findings
100
+
101
+ - <description only; no severity, confidence, priority, or ranking>
102
+ ```
103
+
104
+ When you find no verification gaps and no other findings, output exactly this single line, not an empty response:
105
+
106
+ `No verification gaps found.`