bmad-plus 0.7.4 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (294) hide show
  1. package/CHANGELOG.md +450 -407
  2. package/LICENSE +21 -0
  3. package/README.md +555 -446
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +576 -426
  31. package/readme-international/README.es.md +578 -518
  32. package/readme-international/README.fr.md +576 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +325 -325
  46. package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +55 -55
  47. package/src/bmad-plus/agents/pack-backup/backup-agent.md +71 -71
  48. package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +51 -51
  49. package/src/bmad-plus/agents/pack-seo/SKILL.md +171 -171
  50. package/src/bmad-plus/agents/pack-seo/checklist.md +140 -140
  51. package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +320 -320
  52. package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +187 -187
  53. package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +87 -87
  54. package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +123 -123
  55. package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +167 -167
  56. package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +153 -153
  57. package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +133 -133
  58. package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +91 -91
  59. package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +356 -356
  60. package/src/bmad-plus/agents/pack-seo/seo-chief.md +294 -294
  61. package/src/bmad-plus/agents/pack-seo/seo-judge.md +241 -241
  62. package/src/bmad-plus/agents/pack-seo/seo-scout.md +171 -171
  63. package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +241 -241
  64. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  65. package/src/bmad-plus/module-help.csv +10 -10
  66. package/src/bmad-plus/module.yaml +283 -280
  67. package/src/bmad-plus/packs/pack-animated/animated-website-agent.md +325 -0
  68. package/src/bmad-plus/packs/pack-animated/templates/animated-website-workflow.md +55 -0
  69. package/src/bmad-plus/packs/pack-backup/backup-agent.md +71 -0
  70. package/src/bmad-plus/packs/pack-backup/templates/backup-workflow.md +51 -0
  71. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  111. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  112. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  113. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  114. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  115. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  116. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  117. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  118. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  119. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  120. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  121. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  122. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  123. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  124. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  125. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  126. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  127. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  128. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  129. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  130. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  131. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  132. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  133. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  134. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  135. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  136. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  137. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  138. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  139. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  140. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  141. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  142. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  143. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  144. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  145. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  146. package/src/bmad-plus/packs/pack-seo/SKILL.md +171 -0
  147. package/src/bmad-plus/packs/pack-seo/checklist.md +140 -0
  148. package/src/bmad-plus/packs/pack-seo/pagespeed-playbook.md +320 -0
  149. package/src/bmad-plus/packs/pack-seo/ref/audit-schema.json +187 -0
  150. package/src/bmad-plus/packs/pack-seo/ref/cwv-thresholds.md +87 -0
  151. package/src/bmad-plus/packs/pack-seo/ref/eeat-criteria.md +123 -0
  152. package/src/bmad-plus/packs/pack-seo/ref/geo-signals.md +167 -0
  153. package/src/bmad-plus/packs/pack-seo/ref/hreflang-rules.md +153 -0
  154. package/src/bmad-plus/packs/pack-seo/ref/quality-gates.md +133 -0
  155. package/src/bmad-plus/packs/pack-seo/ref/schema-catalog.md +91 -0
  156. package/src/bmad-plus/packs/pack-seo/ref/schema-templates.json +356 -0
  157. package/src/bmad-plus/packs/pack-seo/seo-chief.md +294 -0
  158. package/src/bmad-plus/packs/pack-seo/seo-judge.md +241 -0
  159. package/src/bmad-plus/packs/pack-seo/seo-scout.md +171 -0
  160. package/src/bmad-plus/packs/pack-seo/templates/seo-audit-workflow.md +241 -0
  161. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  162. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  163. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  164. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  165. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  166. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  167. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  168. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  169. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  170. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  171. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  172. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  173. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  174. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  175. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  176. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  177. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  178. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  179. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  180. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  181. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  182. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  183. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  184. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  185. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  186. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  187. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  188. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  189. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  190. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  191. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  192. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  193. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  194. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  195. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  196. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  197. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  198. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  199. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  200. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  201. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  202. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  203. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  204. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  205. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  206. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  207. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  208. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  209. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  210. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  211. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  212. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  213. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  214. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  215. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  216. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  217. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  218. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  219. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  220. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  221. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  222. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  223. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  224. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  225. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  226. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  227. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  228. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  229. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  230. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  231. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  232. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  233. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  234. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  235. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  236. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  237. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  238. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  239. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  240. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  241. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  242. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  243. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  244. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  245. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  246. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  247. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  248. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  249. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  250. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  251. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  252. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  253. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  254. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  255. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  256. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  257. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  258. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  259. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  260. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  261. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  262. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  263. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  264. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  265. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  266. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  267. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  268. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  269. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  270. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  271. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  272. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  273. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  274. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  275. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  276. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  277. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  278. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  279. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  280. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  281. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  282. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  283. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  284. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  285. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  286. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  287. package/tools/cli/commands/autoconfig.js +498 -489
  288. package/tools/cli/commands/doctor.js +222 -175
  289. package/tools/cli/commands/install.js +739 -739
  290. package/tools/cli/commands/memory.js +194 -194
  291. package/tools/cli/commands/scan.js +360 -350
  292. package/tools/cli/commands/uninstall.js +96 -96
  293. package/tools/cli/commands/update.js +174 -174
  294. package/tools/cli/i18n.js +763 -763
@@ -1,194 +1,194 @@
1
- ---
2
- name: bmad-investigate
3
- description: Forensic case investigation with evidence-graded findings, calibrated to the input. Use when the user asks to investigate a bug, trace what caused an incident, walk through unfamiliar code, or build a mental model of a code area before working on it.
4
- ---
5
-
6
- # Investigate
7
-
8
- ## Overview
9
-
10
- Reconstruct what's happening, or what an unfamiliar area does, from the available evidence. Produce a structured case
11
- file another engineer can pick up cold. Calibrate continuously between defect-chasing (symptom-driven) and
12
- area-exploration (no symptom); the same discipline applies on both ends.
13
-
14
- **Args:** A ticket ID, log file path, diagnostic archive, error message, code area name, problem description, or a path
15
- to an existing case file. The last form resumes a prior investigation; everything else opens a new case.
16
-
17
- **Output:** `{implementation_artifacts}/{workflow.case_file_subdir}/{workflow.case_file_filename}`. Reference inputs
18
- are recorded; raw content is not read into the parent context until an outcome calls for it.
19
-
20
- `{slug}` is the ticket ID when one is provided, otherwise a short descriptive name agreed with the user, sanitized to
21
- lowercase alphanumeric with hyphens. On collision with an existing case file at the resolved path, ask whether to
22
- rename to `slug-YYYY-MM-DD.md` or resume the existing file (resuming routes to Outcome 0).
23
-
24
- After every outcome, present what was learned and pause for the user before continuing.
25
-
26
- ## Principles
27
-
28
- - **Evidence grading.**
29
- - **Confirmed.** Directly observed; cite `path:line`, log timestamp, or commit hash.
30
- - **Deduced.** Logically follows from Confirmed evidence; show the chain.
31
- - **Hypothesized.** Plausible but unconfirmed; state what would confirm or refute it.
32
- - **Stronghold first.** Anchor in one Confirmed piece of evidence and expand outward. Never start from a theory and
33
- hunt for support. When evidence is sparse, switch to evidence-light mode (Outcome 1 branch).
34
- - **Challenge the premise.** The user's description is a hypothesis, not a fact. Verify independently; if evidence
35
- contradicts, say so.
36
- - **Follow the evidence, not the narrative.** When evidence contradicts the working theory, update the theory — never
37
- the other way around. Resist confirmation bias even when the user is convinced.
38
- - **Hypotheses are never deleted.** Update Status (Open / Confirmed / Refuted) and add a Resolution. Wrong turns are
39
- part of the deliverable.
40
- - **Missing evidence is itself a finding.** Document the gap, what it would resolve, and how to obtain it.
41
- - **Write it down early.** Initialize the case file as soon as the slug is agreed; it is the persistent state across
42
- interruptions.
43
- - **Path:line citations** use CWD-relative format, no leading `/`, so they're clickable in IDE-embedded terminals.
44
- - **Delegation discipline.** When a step requires reading 5+ files or any file >10K tokens, delegate to a subagent
45
- that returns structured JSON only. Cite `path:line` from the result; don't re-read in the parent.
46
- - **Issue independent operations in parallel** (multi-grep, multi-read, parallel inventories) — one message, multiple
47
- tool calls.
48
- - **Communication.** Evidence-first language ("the evidence shows", "unconfirmed, requires X to verify"). No hedging,
49
- no narrative.
50
-
51
- ## On Activation
52
-
53
- ### Step 1: Resolve the workflow block
54
-
55
- <!-- Adapted for BMAD+: original script dependency removed -->
56
-
57
- If the script fails, stop and surface the error.
58
-
59
- ### Step 2: Execute prepend steps
60
-
61
- Run each entry in `{workflow.activation_steps_prepend}` in order.
62
-
63
- ### Step 3: Load persistent facts
64
-
65
- Treat each entry in `{workflow.persistent_facts}` as foundational context. `file:` prefixes are paths or globs under
66
- `{project-root}` (load contents); other entries are facts verbatim.
67
-
68
- ### Step 4: Load config
69
-
70
- Load `{project-root}/project config` and resolve `{user_name}`, `{communication_language}`,
71
- `{document_output_language}`, `{implementation_artifacts}`, `{project_knowledge}`. If `{implementation_artifacts}` is
72
- unresolved, fall back to `./investigations/` and surface the fallback before initializing.
73
-
74
- ### Step 5: Greet
75
-
76
- Greet `{user_name}` in `{communication_language}`.
77
-
78
- ### Step 6: Execute append steps
79
-
80
- Run each entry in `{workflow.activation_steps_append}` in order.
81
-
82
- ### Step 7: Acknowledge and route
83
-
84
- Acknowledge the input as a reference (record paths and IDs; don't read raw content). Path to an existing case file →
85
- Outcome 0. Otherwise → Outcome 1.
86
-
87
- ## Procedure
88
-
89
- ### Outcome 0: Existing case is loaded and surfaced
90
-
91
- Read the case file. Surface, in order: open hypotheses (Status = Open) with their confirm/refute criteria; open
92
- backlog (Status ≠ Done); missing-evidence rows; last Conclusion with confidence. Ask which thread to pull. New
93
- evidence opens a new `## Follow-up: {YYYY-MM-DD}` block (append `#2`, `#3` on same-day reentry). Pause for user with the recap above; wait for direction.
94
-
95
- ### Outcome 1: Scope and stronghold are established
96
-
97
- Acknowledge each input shape — record location, scope, time window only; bulk reads happen in Outcome 2.
98
-
99
- - **Issue tracker ticket.** Fetch full details via available MCP tools.
100
- - **Diagnostic archive.** Record path, file count, time window.
101
- - **Log file or stack trace.** Record path and time window; only the stack frame already in the user's message is in
102
- scope here.
103
- - **Free-text description.** Capture verbatim; treat as hypothesis.
104
- - **Code area name** (no symptom). Record entry point.
105
- - **Recent commit area.** Record commit range.
106
-
107
- If the user arrived with a hypothesis, register it as Hypothesis #1. Find the stronghold *independently*; the user's
108
- hypothesis is one of the things the stronghold validates or refutes.
109
-
110
- Find a stronghold: a Confirmed piece of evidence (error message, function name, HTTP route, config parameter, test
111
- case). Anchor here.
112
-
113
- **Initialize `{case_file}` before branching.** The path is
114
- `{implementation_artifacts}/{workflow.case_file_subdir}/{workflow.case_file_filename}` with `{slug}` substituted (slug
115
- and collision rules in Overview). Create the file from `{workflow.case_file_template}` and fill Hand-off Brief
116
- (rough), Case Info, Problem Statement, initial Evidence Inventory.
117
-
118
- **Evidence-light branch.** When no Confirmed evidence is reachable: mark the case evidence-light in the Hand-off
119
- Brief; populate the Investigation Backlog with prioritized data-collection items; record "to make progress, I need one
120
- of: …"; pause for the user to provide evidence or authorize Outcome 2 to scan more broadly.
121
-
122
- Otherwise present scope, stronghold, file path, proposed approach. Pause for user with the recap above; wait for direction.
123
-
124
- ### Outcome 2: Evidence perimeter is mapped
125
-
126
- Survey the scene: inventory available evidence in parallel across these independent categories: diagnostic archives;
127
- issue tracker; version control; test results; static analysis; source code. For any category exceeding ~10K tokens,
128
- delegate to a subagent that returns a JSON manifest (paths, sizes, time windows, key fragments cited as `path:line`).
129
-
130
- Classify each Available, Partial, or Missing — Missing is itself a finding. Update Evidence Inventory and Investigation
131
- Backlog. Pause for user with the recap above; wait for direction.
132
-
133
- ### Outcome 3: Cause is reasoned about with discipline
134
-
135
- - **Trace causality.** Symptom-driven: trace backward from the symptom to producing conditions and the state that
136
- emerged. Exploration: trace backward from outputs (returns, side effects, messages sent) to producing conditions.
137
- Same technique, different anchor.
138
- - **Reconstruct the timeline** by cross-referencing logs, system events, version control, user observations.
139
- - **Form and test hypotheses.** State, identify confirming/refuting evidence, search, grade
140
- (Confirmed / Refuted / Open). Update Status. Never delete.
141
- - **Refutation pass.** Each time a hypothesis transitions toward Confirmed, actively look for refuting evidence first.
142
- Record the attempt in Resolution.
143
- - **Verify the user's premise.** If evidence contradicts, say so explicitly.
144
- - **Add discovered paths to the backlog.** Stay focused on the current thread.
145
-
146
- Update Confirmed Findings, Deduced Conclusions, Hypothesized Paths, Backlog, Timeline. Highlight contradictions to the
147
- original premise. Pause for user with the recap above; wait for direction.
148
-
149
- ### Outcome 4: Source has been traced where it matters
150
-
151
- Issue these first-pass scans as parallel tool calls in one message: grep for exact error strings; glob the affected
152
- directory for parallel implementations; `git log` for recent changes.
153
-
154
- Then sequentially: read the surrounding code; follow the caller chain; watch for language and process boundary
155
- crossings (compiled→scripts, IPC, host→device, configuration flow).
156
-
157
- Lean by case type:
158
-
159
- - **Exploration:** I/O mapping (triggers, outputs, dependencies); frequent-terms scan; control-flow filtering
160
- (branches, loops, error handling, state-machine transitions).
161
- - **Symptom-driven:** depth assessment — is the root cause reachable from local context, or is a broader area model
162
- required? Surface escalations; never silently expand scope. Trivial-fix assessment — off-by-one, missing null check,
163
- swapped argument → one-line code suggestion or draft diff in the report; non-trivial → stop at the root cause area.
164
-
165
- Investigation stops at the diagnosis; implementation is out of scope. Update Source Code Trace (Error origin, Trigger,
166
- Condition, Related files; area model when broader). Pause for user with the recap above; wait for direction.
167
-
168
- ### Outcome 5: Report is finalized and the hand-off is clean
169
-
170
- Update `{case_file}`:
171
-
172
- - **Hand-off Brief** rewritten to final form (3 sentences, 15-second read).
173
- - **Final Conclusion** with confidence: **High** (Confirmed root cause, deterministic repro), **Medium** (Deduced;
174
- minor uncertainty), **Low** (Hypothesized; clear data gap).
175
- - **Fix direction** when applicable (categorize by mechanism if multiple combine).
176
- - **Diagnostic steps** if uncertainty remains.
177
- - **Reproduction Plan** when applicable, or a verification plan for exploration cases.
178
- - **Status:** Active / Concluded / Blocked on evidence.
179
-
180
- Present the conclusion, then a concrete next-steps menu: trivial fix → `bmad-quick-dev`; scope/plan adjustment →
181
- `bmad-correct-course`; tracked story → `bmad-create-story`; fresh review → `bmad-code-review`. Recommend the
182
- highest-value action. Mitigations and workarounds are generated only on explicit request — investigation stops at the
183
- diagnosis. Execute `{workflow.on_complete}` if non-empty. Pause for user with the recap above; wait for direction.
184
-
185
- ## Follow-up Iterations
186
-
187
- Continue work by appending to `{case_file}` under a new `## Follow-up: {YYYY-MM-DD}` block (`#2`, `#3` on same-day
188
- reentry). The investigation is complete when:
189
-
190
- - Root cause is Confirmed.
191
- - Root cause is Hypothesized with a clear data gap.
192
- - The mental model is sufficient for the user's stated goal (exploration cases).
193
- - The backlog contains only items requiring unavailable evidence.
1
+ ---
2
+ name: bmad-investigate
3
+ description: Forensic case investigation with evidence-graded findings, calibrated to the input. Use when the user asks to investigate a bug, trace what caused an incident, walk through unfamiliar code, or build a mental model of a code area before working on it.
4
+ ---
5
+
6
+ # Investigate
7
+
8
+ ## Overview
9
+
10
+ Reconstruct what's happening, or what an unfamiliar area does, from the available evidence. Produce a structured case
11
+ file another engineer can pick up cold. Calibrate continuously between defect-chasing (symptom-driven) and
12
+ area-exploration (no symptom); the same discipline applies on both ends.
13
+
14
+ **Args:** A ticket ID, log file path, diagnostic archive, error message, code area name, problem description, or a path
15
+ to an existing case file. The last form resumes a prior investigation; everything else opens a new case.
16
+
17
+ **Output:** `{implementation_artifacts}/{workflow.case_file_subdir}/{workflow.case_file_filename}`. Reference inputs
18
+ are recorded; raw content is not read into the parent context until an outcome calls for it.
19
+
20
+ `{slug}` is the ticket ID when one is provided, otherwise a short descriptive name agreed with the user, sanitized to
21
+ lowercase alphanumeric with hyphens. On collision with an existing case file at the resolved path, ask whether to
22
+ rename to `slug-YYYY-MM-DD.md` or resume the existing file (resuming routes to Outcome 0).
23
+
24
+ After every outcome, present what was learned and pause for the user before continuing.
25
+
26
+ ## Principles
27
+
28
+ - **Evidence grading.**
29
+ - **Confirmed.** Directly observed; cite `path:line`, log timestamp, or commit hash.
30
+ - **Deduced.** Logically follows from Confirmed evidence; show the chain.
31
+ - **Hypothesized.** Plausible but unconfirmed; state what would confirm or refute it.
32
+ - **Stronghold first.** Anchor in one Confirmed piece of evidence and expand outward. Never start from a theory and
33
+ hunt for support. When evidence is sparse, switch to evidence-light mode (Outcome 1 branch).
34
+ - **Challenge the premise.** The user's description is a hypothesis, not a fact. Verify independently; if evidence
35
+ contradicts, say so.
36
+ - **Follow the evidence, not the narrative.** When evidence contradicts the working theory, update the theory — never
37
+ the other way around. Resist confirmation bias even when the user is convinced.
38
+ - **Hypotheses are never deleted.** Update Status (Open / Confirmed / Refuted) and add a Resolution. Wrong turns are
39
+ part of the deliverable.
40
+ - **Missing evidence is itself a finding.** Document the gap, what it would resolve, and how to obtain it.
41
+ - **Write it down early.** Initialize the case file as soon as the slug is agreed; it is the persistent state across
42
+ interruptions.
43
+ - **Path:line citations** use CWD-relative format, no leading `/`, so they're clickable in IDE-embedded terminals.
44
+ - **Delegation discipline.** When a step requires reading 5+ files or any file >10K tokens, delegate to a subagent
45
+ that returns structured JSON only. Cite `path:line` from the result; don't re-read in the parent.
46
+ - **Issue independent operations in parallel** (multi-grep, multi-read, parallel inventories) — one message, multiple
47
+ tool calls.
48
+ - **Communication.** Evidence-first language ("the evidence shows", "unconfirmed, requires X to verify"). No hedging,
49
+ no narrative.
50
+
51
+ ## On Activation
52
+
53
+ ### Step 1: Resolve the workflow block
54
+
55
+ <!-- Adapted for BMAD+: original script dependency removed -->
56
+
57
+ If the script fails, stop and surface the error.
58
+
59
+ ### Step 2: Execute prepend steps
60
+
61
+ Run each entry in `{workflow.activation_steps_prepend}` in order.
62
+
63
+ ### Step 3: Load persistent facts
64
+
65
+ Treat each entry in `{workflow.persistent_facts}` as foundational context. `file:` prefixes are paths or globs under
66
+ `{project-root}` (load contents); other entries are facts verbatim.
67
+
68
+ ### Step 4: Load config
69
+
70
+ Load `{project-root}/project config` and resolve `{user_name}`, `{communication_language}`,
71
+ `{document_output_language}`, `{implementation_artifacts}`, `{project_knowledge}`. If `{implementation_artifacts}` is
72
+ unresolved, fall back to `./investigations/` and surface the fallback before initializing.
73
+
74
+ ### Step 5: Greet
75
+
76
+ Greet `{user_name}` in `{communication_language}`.
77
+
78
+ ### Step 6: Execute append steps
79
+
80
+ Run each entry in `{workflow.activation_steps_append}` in order.
81
+
82
+ ### Step 7: Acknowledge and route
83
+
84
+ Acknowledge the input as a reference (record paths and IDs; don't read raw content). Path to an existing case file →
85
+ Outcome 0. Otherwise → Outcome 1.
86
+
87
+ ## Procedure
88
+
89
+ ### Outcome 0: Existing case is loaded and surfaced
90
+
91
+ Read the case file. Surface, in order: open hypotheses (Status = Open) with their confirm/refute criteria; open
92
+ backlog (Status ≠ Done); missing-evidence rows; last Conclusion with confidence. Ask which thread to pull. New
93
+ evidence opens a new `## Follow-up: {YYYY-MM-DD}` block (append `#2`, `#3` on same-day reentry). Pause for user with the recap above; wait for direction.
94
+
95
+ ### Outcome 1: Scope and stronghold are established
96
+
97
+ Acknowledge each input shape — record location, scope, time window only; bulk reads happen in Outcome 2.
98
+
99
+ - **Issue tracker ticket.** Fetch full details via available MCP tools.
100
+ - **Diagnostic archive.** Record path, file count, time window.
101
+ - **Log file or stack trace.** Record path and time window; only the stack frame already in the user's message is in
102
+ scope here.
103
+ - **Free-text description.** Capture verbatim; treat as hypothesis.
104
+ - **Code area name** (no symptom). Record entry point.
105
+ - **Recent commit area.** Record commit range.
106
+
107
+ If the user arrived with a hypothesis, register it as Hypothesis #1. Find the stronghold *independently*; the user's
108
+ hypothesis is one of the things the stronghold validates or refutes.
109
+
110
+ Find a stronghold: a Confirmed piece of evidence (error message, function name, HTTP route, config parameter, test
111
+ case). Anchor here.
112
+
113
+ **Initialize `{case_file}` before branching.** The path is
114
+ `{implementation_artifacts}/{workflow.case_file_subdir}/{workflow.case_file_filename}` with `{slug}` substituted (slug
115
+ and collision rules in Overview). Create the file from `{workflow.case_file_template}` and fill Hand-off Brief
116
+ (rough), Case Info, Problem Statement, initial Evidence Inventory.
117
+
118
+ **Evidence-light branch.** When no Confirmed evidence is reachable: mark the case evidence-light in the Hand-off
119
+ Brief; populate the Investigation Backlog with prioritized data-collection items; record "to make progress, I need one
120
+ of: …"; pause for the user to provide evidence or authorize Outcome 2 to scan more broadly.
121
+
122
+ Otherwise present scope, stronghold, file path, proposed approach. Pause for user with the recap above; wait for direction.
123
+
124
+ ### Outcome 2: Evidence perimeter is mapped
125
+
126
+ Survey the scene: inventory available evidence in parallel across these independent categories: diagnostic archives;
127
+ issue tracker; version control; test results; static analysis; source code. For any category exceeding ~10K tokens,
128
+ delegate to a subagent that returns a JSON manifest (paths, sizes, time windows, key fragments cited as `path:line`).
129
+
130
+ Classify each Available, Partial, or Missing — Missing is itself a finding. Update Evidence Inventory and Investigation
131
+ Backlog. Pause for user with the recap above; wait for direction.
132
+
133
+ ### Outcome 3: Cause is reasoned about with discipline
134
+
135
+ - **Trace causality.** Symptom-driven: trace backward from the symptom to producing conditions and the state that
136
+ emerged. Exploration: trace backward from outputs (returns, side effects, messages sent) to producing conditions.
137
+ Same technique, different anchor.
138
+ - **Reconstruct the timeline** by cross-referencing logs, system events, version control, user observations.
139
+ - **Form and test hypotheses.** State, identify confirming/refuting evidence, search, grade
140
+ (Confirmed / Refuted / Open). Update Status. Never delete.
141
+ - **Refutation pass.** Each time a hypothesis transitions toward Confirmed, actively look for refuting evidence first.
142
+ Record the attempt in Resolution.
143
+ - **Verify the user's premise.** If evidence contradicts, say so explicitly.
144
+ - **Add discovered paths to the backlog.** Stay focused on the current thread.
145
+
146
+ Update Confirmed Findings, Deduced Conclusions, Hypothesized Paths, Backlog, Timeline. Highlight contradictions to the
147
+ original premise. Pause for user with the recap above; wait for direction.
148
+
149
+ ### Outcome 4: Source has been traced where it matters
150
+
151
+ Issue these first-pass scans as parallel tool calls in one message: grep for exact error strings; glob the affected
152
+ directory for parallel implementations; `git log` for recent changes.
153
+
154
+ Then sequentially: read the surrounding code; follow the caller chain; watch for language and process boundary
155
+ crossings (compiled→scripts, IPC, host→device, configuration flow).
156
+
157
+ Lean by case type:
158
+
159
+ - **Exploration:** I/O mapping (triggers, outputs, dependencies); frequent-terms scan; control-flow filtering
160
+ (branches, loops, error handling, state-machine transitions).
161
+ - **Symptom-driven:** depth assessment — is the root cause reachable from local context, or is a broader area model
162
+ required? Surface escalations; never silently expand scope. Trivial-fix assessment — off-by-one, missing null check,
163
+ swapped argument → one-line code suggestion or draft diff in the report; non-trivial → stop at the root cause area.
164
+
165
+ Investigation stops at the diagnosis; implementation is out of scope. Update Source Code Trace (Error origin, Trigger,
166
+ Condition, Related files; area model when broader). Pause for user with the recap above; wait for direction.
167
+
168
+ ### Outcome 5: Report is finalized and the hand-off is clean
169
+
170
+ Update `{case_file}`:
171
+
172
+ - **Hand-off Brief** rewritten to final form (3 sentences, 15-second read).
173
+ - **Final Conclusion** with confidence: **High** (Confirmed root cause, deterministic repro), **Medium** (Deduced;
174
+ minor uncertainty), **Low** (Hypothesized; clear data gap).
175
+ - **Fix direction** when applicable (categorize by mechanism if multiple combine).
176
+ - **Diagnostic steps** if uncertainty remains.
177
+ - **Reproduction Plan** when applicable, or a verification plan for exploration cases.
178
+ - **Status:** Active / Concluded / Blocked on evidence.
179
+
180
+ Present the conclusion, then a concrete next-steps menu: trivial fix → `bmad-quick-dev`; scope/plan adjustment →
181
+ `bmad-correct-course`; tracked story → `bmad-create-story`; fresh review → `bmad-code-review`. Recommend the
182
+ highest-value action. Mitigations and workarounds are generated only on explicit request — investigation stops at the
183
+ diagnosis. Execute `{workflow.on_complete}` if non-empty. Pause for user with the recap above; wait for direction.
184
+
185
+ ## Follow-up Iterations
186
+
187
+ Continue work by appending to `{case_file}` under a new `## Follow-up: {YYYY-MM-DD}` block (`#2`, `#3` on same-day
188
+ reentry). The investigation is complete when:
189
+
190
+ - Root cause is Confirmed.
191
+ - Root cause is Hypothesized with a clear data gap.
192
+ - The mental model is sufficient for the user's stated goal (exploration cases).
193
+ - The backlog contains only items requiring unavailable evidence.
194
194
  - The user explicitly concludes.