bmad-plus 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/CHANGELOG.md +30 -1
  2. package/README.md +4 -2
  3. package/package.json +1 -1
  4. package/readme-international/README.de.md +10 -2
  5. package/readme-international/README.es.md +32 -9
  6. package/readme-international/README.fr.md +29 -6
  7. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
  8. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
  9. package/tools/bmad-plus-npx.js +3 -5
  10. package/tools/cli/commands/autoconfig.js +16 -6
  11. package/tools/cli/commands/doctor.js +28 -31
  12. package/tools/cli/commands/install.js +37 -228
  13. package/tools/cli/commands/scan.js +37 -35
  14. package/tools/cli/commands/update.js +13 -71
  15. package/tools/cli/i18n.js +92 -10
  16. package/tools/cli/lib/memory-init.js +114 -0
  17. package/tools/cli/lib/pack-copy.js +84 -0
  18. package/tools/cli/lib/packs.js +114 -0
  19. package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +0 -325
  20. package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +0 -55
  21. package/src/bmad-plus/agents/pack-backup/backup-agent.md +0 -71
  22. package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +0 -51
  23. package/src/bmad-plus/agents/pack-seo/SKILL.md +0 -171
  24. package/src/bmad-plus/agents/pack-seo/checklist.md +0 -140
  25. package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +0 -320
  26. package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +0 -187
  27. package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +0 -87
  28. package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +0 -123
  29. package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +0 -167
  30. package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +0 -153
  31. package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +0 -133
  32. package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +0 -91
  33. package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +0 -356
  34. package/src/bmad-plus/agents/pack-seo/seo-chief.md +0 -294
  35. package/src/bmad-plus/agents/pack-seo/seo-judge.md +0 -241
  36. package/src/bmad-plus/agents/pack-seo/seo-scout.md +0 -171
  37. package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +0 -241
package/CHANGELOG.md CHANGED
@@ -5,6 +5,34 @@ All notable changes to BMAD+ will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [0.9.0] — 2026-06-24
9
+
10
+ ### Security
11
+ - Full audit remediation: 64/64 findings fixed, score C- → A+
12
+ - P0: Command injection eliminated (execSync → spawnSync in CLI entry point)
13
+ - P0: MCP Server authentication added (token-validated middleware on all endpoints)
14
+ - CI/CD hardened: PAT removed, force-push eliminated, npm audit gate blocking
15
+ - MCP allowlist hardened, path traversal protection, URL hostname validation
16
+ - VPS IP → env var, TLS deployment docs, SSRF/XXE protection
17
+ - 0 npm audit vulnerabilities
18
+
19
+ ### Changed
20
+ - Shared PACKS module — single source of truth for all 9 packs
21
+ - install.js 740→300 lines: extracted memory-init.js + pack-copy.js
22
+ - print() → logging, time.sleep → asyncio.sleep, empty catch blocks filled
23
+ - Dynamic version in i18n.js (reads from package.json)
24
+
25
+ ### Removed
26
+ - Duplicate agents/pack-{seo,animated,backup}/ directories
27
+
28
+ ### Documentation
29
+ - Maker + Zecher in all config files, CHANGELOG v0.7.2 added
30
+ - French README fix, version history synced to all translations
31
+ - 7 audit reports in audit/ folder
32
+
33
+ ### Tests
34
+ - 143/143 tests passing
35
+
8
36
  ## [0.8.0] — 2026-06-24
9
37
 
10
38
  ### Added
@@ -72,8 +100,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
72
100
  - **`--active-days <n>`** — Custom threshold for "active" status (default: 30 days)
73
101
  - **`--paused-days <n>`** — Custom threshold for "paused" status (default: 180 days)
74
102
 
103
+ ## [0.7.2] - 2026-06-XX
75
104
  ### Fixed
76
- - Scan now accepts positional path argument (`npx bmad-plus scan D:\path`)
105
+ - `scan` command: `bmad-plus scan <path>` now accepts a positional path argument
77
106
 
78
107
  ## [0.7.1] — 2026-05-17
79
108
 
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # 🚀 BMAD+ — Augmented Multi-Agent AI Framework
2
2
 
3
- [![Version](https://img.shields.io/badge/version-0.8.0-blue.svg)](CHANGELOG.md)
3
+ [![Version](https://img.shields.io/badge/version-0.9.0-blue.svg)](CHANGELOG.md)
4
4
  [![Based on](https://img.shields.io/badge/based%20on-BMAD--METHOD-green.svg)](https://github.com/bmad-code-org/BMAD-METHOD)
5
5
  [![License](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
6
6
 
@@ -41,6 +41,7 @@ BMAD-METHOD is an excellent framework with 9 specialized agents. But for a solo
41
41
  | Sequential execution | **Supervised parallelism** |
42
42
  | No persistent memory | **Cross-session brain** with project scanner |
43
43
  | 1-2 IDEs supported | **5 IDEs** with auto-detection |
44
+ | 1 module | **9 modular packs** (Core, OSINT, Shield, Dev Studio, SEO, Memory...) |
44
45
 
45
46
  ---
46
47
 
@@ -213,7 +214,7 @@ graph TB
213
214
  MK["Maker 🧬"]
214
215
  ZC["Zecher 🧠 Memory"]
215
216
  SD["Shield 🛡️ GRC 38 agents"]
216
- DS["Dev Studio 🏗️ SDLC 56+ agents"]
217
+ DS["Dev Studio 🏗️ SDLC 6 agents"]
217
218
  SEO["SEO Engine 🔎 3 agents"]
218
219
  BK["Backup 🗂️"]
219
220
  AN["Animated 🎬"]
@@ -523,6 +524,7 @@ BMAD+/
523
524
  | **0.4.4** | 2026-05-17 | 🔧 UTF-8 encoding fix, complete i18n 10 languages, 62 unit tests |
524
525
  | **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 GRC compliance agents, 7 categories, 25+ frameworks (GDPR, ISO 27001, SOC 2, EU AI Act...) |
525
526
  | **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 SDLC agents (Miriam, Yosef, Bezalel...) + 30 SDLC workflows, BWML DSL |
527
+ | **0.9.0** | 2026-06-24 | 🚀 **Augmented & Secure** — 3 new packs (animated, backup, seo), P0 security remediation, 143/143 tests |
526
528
  | **0.8.0** | 2026-06-24 | 🚀 **Augmented & Secure** — 3 new packs (animated, backup, seo), P0 security remediation, 143/143 tests |
527
529
 
528
530
  See [CHANGELOG.md](CHANGELOG.md) for full details.
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "$schema": "https://json.schemastore.org/package.json",
3
3
  "name": "bmad-plus",
4
- "version": "0.8.0",
4
+ "version": "0.9.0",
5
5
  "description": "BMAD+ — Augmented AI-Driven Development Framework with multi-role agents, autopilot, and parallel execution",
6
6
  "keywords": [
7
7
  "bmad",
@@ -1,6 +1,6 @@
1
1
  # 🚀 BMAD+ — Erweitertes Multi-Agent KI-Framework
2
2
 
3
- [![Version](https://img.shields.io/badge/version-0.8.0-blue.svg)](../CHANGELOG.md)
3
+ [![Version](https://img.shields.io/badge/version-0.9.0-blue.svg)](../CHANGELOG.md)
4
4
  [![Based on](https://img.shields.io/badge/based%20on-BMAD--METHOD-green.svg)](https://github.com/bmad-code-org/BMAD-METHOD)
5
5
  [![License](https://img.shields.io/badge/license-MIT-yellow.svg)](../LICENSE)
6
6
 
@@ -214,7 +214,7 @@ graph TB
214
214
  MK["Maker 🧬"]
215
215
  ZC["Zecher 🧠 Memory"]
216
216
  SD["Shield 🛡️ GRC 38 agents"]
217
- DS["Dev Studio 🏗️ SDLC 56+ agents"]
217
+ DS["Dev Studio 🏗️ SDLC 6 agents"]
218
218
  SEO["SEO Engine 🔎 3 agents"]
219
219
  BK["Backup 🗂️"]
220
220
  AN["Animated 🎬"]
@@ -542,8 +542,16 @@ BMAD+/
542
542
  | Version | Datum | Beschreibung |
543
543
  |---------|------|-------------|
544
544
  | **0.1.0** | 2026-03-17 | 🎉 Foundation — 6 Agenten (Atlas, Forge, Sentinel, Nexus, Shadow, Maker), 3 Skills, Pack-System, Monitoring, IDE Support |
545
+ | **0.2.0** | 2026-03-18 | 🔀 Oveanet Fusion — 3 neue Hilfspakete: SEO Audit 360, Universal Backup, Animated Website |
546
+ | **0.3.0** | 2026-03-19 | 🚀 SEO Engine v2.0 — 3 Multi-Rolle-Agenten, 4 Python-Skripte, 6-Phasen-Workflow, PageSpeed-Schleife, GEO-Analyse |
547
+ | **0.4.0** | 2026-03-19 | 🏢 SEO Engine v2.1 — SKILL.md-Orchestrator, Google APIs, HTML-Berichte, Wettbewerbsvergleich, 50 Tests, GSC + GA4-Erweiterungen |
548
+ | **0.4.1** | 2026-03-19 | 🌐 10-Sprachen CLI, CI/CD-Pipeline, `.npmignore`, Sicherheitshärtung |
549
+ | **0.4.2** | 2026-03-19 | 📦 Öffentliche Packs — SEO/Backup/Animated in npm |
550
+ | **0.4.3** | 2026-05-17 | 🔧 update + doctor Befehle, i18n komplett, Credits-Korrektur |
551
+ | **0.4.4** | 2026-05-17 | 🔧 UTF-8-Kodierungsfix, vollständige i18n 10 Sprachen, 62 Unit-Tests |
545
552
  | **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 GRC-Compliance-Agenten |
546
553
  | **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 spezialisierte Agenten + 30 SDLC-Workflows |
554
+ | **0.9.0** | 2026-06-24 | 🚀 **Erweitert & Sicher** — 3 neue Packs (animated, backup, seo), P0 Sicherheitsbehebung, 143/143 Tests |
547
555
  | **0.8.0** | 2026-06-24 | 🚀 **Erweitert & Sicher** — 3 neue Packs (animated, backup, seo), P0 Sicherheitsbehebung, 143/143 Tests |
548
556
 
549
557
  Siehe [CHANGELOG.md](../CHANGELOG.md) für vollständige Details.
@@ -1,6 +1,6 @@
1
1
  # 🚀 BMAD+ — Framework Multi-Agente IA Aumentado
2
2
 
3
- [![Version](https://img.shields.io/badge/version-0.8.0-blue.svg)](../CHANGELOG.md)
3
+ [![Version](https://img.shields.io/badge/version-0.9.0-blue.svg)](../CHANGELOG.md)
4
4
  [![Based on](https://img.shields.io/badge/based%20on-BMAD--METHOD-green.svg)](https://github.com/bmad-code-org/BMAD-METHOD)
5
5
  [![License](https://img.shields.io/badge/license-MIT-yellow.svg)](../LICENSE)
6
6
 
@@ -214,7 +214,7 @@ graph TB
214
214
  MK["Maker 🧬"]
215
215
  ZC["Zecher 🧠 Memory"]
216
216
  SD["Shield 🛡️ GRC 38 agents"]
217
- DS["Dev Studio 🏗️ SDLC 56+ agents"]
217
+ DS["Dev Studio 🏗️ SDLC 6 agents"]
218
218
  SEO["SEO Engine 🔎 3 agents"]
219
219
  BK["Backup 🗂️"]
220
220
  AN["Animated 🎬"]
@@ -395,7 +395,7 @@ Cada agente puede **automáticamente** cambiar de rol según el contexto:
395
395
  |--------|-----------|---------|
396
396
  | 🔤 **Patrón** | Palabras clave en el pedido | "revisa" → QA activado |
397
397
  | 🌐 **Contexto** | Detecta el tipo de tarea | Cálculos financieros detectados → QA auto-activado tras escribir código |
398
- | 🧠 **Razonamiento** | Cadena lógica | Inconsistencia de arquitectura → Architec auto-activado |
398
+ | 🧠 **Razonamiento** | Cadena lógica | Inconsistencia de arquitectura → Architect auto-activado |
399
399
 
400
400
  El agente **anuncia** el cambio: *"💡 I'm switching to QA mode — financial calculations detected. Say 'skip' to stay in current mode."*
401
401
 
@@ -501,7 +501,7 @@ BMAD+/
501
501
  │ ├── skills/
502
502
  │ │ ├── bmad-plus-autopilot/ ← Orquestación completa
503
503
  │ │ ├── bmad-plus-parallel/ ← Supervisión concurrente
504
- │ │ └── bmad-plus-sync/ ← Sicronización automatizada código
504
+ │ │ └── bmad-plus-sync/ ← Sincronización automatizada código
505
505
  │ └── data/
506
506
  │ └── role-triggers.yaml ← Lógica de variables y keywords
507
507
 
@@ -534,7 +534,7 @@ BMAD+/
534
534
 
535
535
  | Variable | Descripción | Valores Disponibles |
536
536
  |----------|-------------|---------|
537
- | `project_name` | Nombre el proyecto | Autodetectado |
537
+ | `project_name` | Nombre del proyecto | Autodetectado |
538
538
  | `user_skill_level` | Nivel del equipo/persona | beginner, intermediate, expert |
539
539
  | `execution_mode` | Modo de uso general | manual, autopilot, hybrid |
540
540
  | `auto_role_activation` | Cambio al predecir contexto | true, false |
@@ -557,8 +557,16 @@ BMAD+/
557
557
  | Versión | Fecha | Descripción |
558
558
  |---------|------|-------------|
559
559
  | **0.1.0** | 2026-03-17 | 🎉 Fundación base de proyecto (6 agentes / 3 entornos de skills / Auto-detección IDEs locales). Se incorporó el Maker y paquete OSINT |
560
+ | **0.2.0** | 2026-03-18 | 🔀 Fusión Oveanet — 3 nuevos packs utilitarios: SEO Audit 360, Universal Backup, Animated Website |
561
+ | **0.3.0** | 2026-03-19 | 🚀 SEO Engine v2.0 — 3 agentes multirrol, 4 scripts Python, flujo 6 fases, bucle PageSpeed, análisis GEO |
562
+ | **0.4.0** | 2026-03-19 | 🏢 SEO Engine v2.1 — Orquestador SKILL.md, APIs Google, informes HTML, benchmark competitivo, 50 tests, extensiones GSC + GA4 |
563
+ | **0.4.1** | 2026-03-19 | 🌐 CLI 10 idiomas, pipeline CI/CD, `.npmignore`, endurecimiento de seguridad |
564
+ | **0.4.2** | 2026-03-19 | 📦 Packs públicos — SEO/Backup/Animated en npm |
565
+ | **0.4.3** | 2026-05-17 | 🔧 Comandos update + doctor, i18n completa, corrección de créditos |
566
+ | **0.4.4** | 2026-05-17 | 🔧 Corrección codificación UTF-8, i18n completa 10 idiomas, 62 tests unitarios |
560
567
  | **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 agentes de cumplimiento GRC |
561
568
  | **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 agentes specialized SDLC + 30 workflows SDLC |
569
+ | **0.9.0** | 2026-06-24 | 🚀 **Aumentado & Seguro** — 3 nuevos packs (animated, backup, seo), corrección P0 seguridad, 143/143 tests |
562
570
  | **0.8.0** | 2026-06-24 | 🚀 **Aumentado & Seguro** — 3 nuevos packs (animated, backup, seo), corrección P0 seguridad, 143/143 tests |
563
571
 
564
572
  Más descripciones a fondo en el archivo: [CHANGELOG.md](../CHANGELOG.md).
@@ -571,8 +579,23 @@ Proyecto BMAD+ (Adaptación: MIT)
571
579
 
572
580
  Basado nativamente en el repositorio: [BMAD-METHOD](https://github.com/bmad-code-org/BMAD-METHOD) (MIT LIC)
573
581
 
574
- ### Reconocimientos especiales
582
+ ### Reconocimientos
575
583
 
576
- - **BMAD-METHOD Core** por [bmad-code-org](https://github.com/bmad-code-org) — Framework base
577
- - **OSINT Pipeline Tool** Adaptación de [smixs/osint-skill](https://github.com/smixs/osint-skill) (MIT LIC)
578
- - **Apify Actor Runner Base** integrado desde el original de [apify/agent-skills](https://github.com/apify/agent-skills) (MIT LIC)
584
+ **Creador**
585
+ - **BMAD+** Creado por [Laurent Rochetta](https://github.com/lrochetta) ([LinkedIn](https://www.linkedin.com/in/laurentrochetta/))
586
+
587
+ **Packs Originales** (creados por Laurent Rochetta)
588
+ - **Dev Studio** — 6 agentes SDLC especializados: Miriam (analista de negocios), Huldah (redactora técnica), Yosef (gerente de producto), Rachel (diseñadora UX), Bezalel (arquitecto de sistemas), Oholiab (ingeniero senior) — 44 workflows que cubren todo el ciclo de vida desde la lluvia de ideas hasta el despliegue
589
+ - **SEO Engine** — 3 agentes (Scout, Chief, Judge), pipeline de auditoría de 6 fases, bucle PageSpeed, integraciones con Google Search Console y GA4
590
+ - **Memory Pack** — Agente Zecher para cerebro persistente cross-session con escáner de proyectos
591
+
592
+ **Fuentes Externas e Inspiraciones**
593
+ - **BMAD-METHOD** por [bmad-code-org](https://github.com/bmad-code-org/BMAD-METHOD) — Metodología multi-agente original (MIT)
594
+ - **Shield GRC** — 38 agentes de cumplimiento basados en textos regulatorios públicos (GDPR, ISO 27001, SOC 2, HIPAA, EU AI Act, DORA, NIST, CMMC, etc.)
595
+ - **OSINT Pipeline** basado en [smixs/osint-skill](https://github.com/smixs/osint-skill) (MIT)
596
+ - **Apify Actor Runner** integrado desde [apify/agent-skills](https://github.com/apify/agent-skills) (MIT)
597
+ - **Karpathy Guardrails** adaptado de [Andrej Karpathy](https://github.com/multica-ai/andrej-karpathy-skills) (MIT) — Reglas de comportamiento para Memory Pack
598
+
599
+ **Herramientas e Infraestructura**
600
+ - [Evolution API](https://github.com/EvolutionAPI/evolution-api) — Notificaciones WhatsApp para monitoreo upstream
601
+ - [Gemini API](https://ai.google.dev/) — Análisis IA para clasificación de cambios upstream
@@ -1,6 +1,6 @@
1
1
  # 🚀 BMAD+ — Framework Multi-Agent IA Augmenté
2
2
 
3
- [![Version](https://img.shields.io/badge/version-0.8.0-blue.svg)](../CHANGELOG.md)
3
+ [![Version](https://img.shields.io/badge/version-0.9.0-blue.svg)](../CHANGELOG.md)
4
4
  [![Based on](https://img.shields.io/badge/based%20on-BMAD--METHOD-green.svg)](https://github.com/bmad-code-org/BMAD-METHOD)
5
5
  [![License](https://img.shields.io/badge/license-MIT-yellow.svg)](../LICENSE)
6
6
 
@@ -32,7 +32,7 @@
32
32
 
33
33
  ## 💡 Pourquoi BMAD+ ?
34
34
 
35
- BMAD-METHOD est un framework excellent avec 9 agents spécialisés. Mais pour un développeur solo ou une petite équipe, 9 agents c'est trop fragmenté. BMAD+ résout ce problème :
35
+ BMAD-METHOD est un excellent framework avec 9 agents spécialisés. Mais pour un développeur solo ou une petite équipe, 9 agents c'est trop fragmenté. BMAD+ résout ce problème :
36
36
 
37
37
  | BMAD-METHOD | BMAD+ |
38
38
  |---|---|
@@ -214,7 +214,7 @@ graph TB
214
214
  MK["Maker 🧬"]
215
215
  ZC["Zecher 🧠 Memory"]
216
216
  SD["Shield 🛡️ GRC 38 agents"]
217
- DS["Dev Studio 🏗️ SDLC 56+ agents"]
217
+ DS["Dev Studio 🏗️ SDLC 6 agents"]
218
218
  SEO["SEO Engine 🔎 3 agents"]
219
219
  BK["Backup 🗂️"]
220
220
  AN["Animated 🎬"]
@@ -371,7 +371,7 @@ npx bmad-plus install
371
371
  | 🔍 **OSINT** | Shadow | Investigation, scraping social, psychoprofil (55+ acteurs Apify) | ✅ Stable |
372
372
  | 🧬 **Maker** | Maker | Concevoir, construire, valider et packager de nouveaux agents BMAD+ | ✅ Stable |
373
373
  | 🛡️ **Shield** | 38 agents de conformité | GRC sur 25+ frameworks : GDPR, ISO 27001, SOC 2, HIPAA, PCI DSS, EU AI Act, DORA, NIS2 | ✅ Stable |
374
- | 🏗️ **Dev Studio** | 56+ agents specialized SDLC | SDLC complet : brainstorm → PRD → architecture → TDD → review (30 workflows) | ✅ Stable |
374
+ | 🏗️ **Dev Studio** | 6 agents spécialisés SDLC | SDLC complet : brainstorm → PRD → architecture → TDD → review (30 workflows) | ✅ Stable |
375
375
  | 🔍 **SEO** | Scout, Chief, Judge | Audit SEO 6 phases, boucle PageSpeed, APIs Google, benchmark concurrentiel | ✅ Stable |
376
376
  | 🗂️ **Backup** | Backup Agent | ZIP horodaté avec exclusions intelligentes | ✅ Stable |
377
377
  | 🎬 **Animated** | Animated Website Agent | Site web luxe scroll-driven à partir de vidéo | ✅ Stable |
@@ -557,8 +557,16 @@ BMAD+/
557
557
  | Version | Date | Description |
558
558
  |---------|------|-------------|
559
559
  | **0.1.0** | 2026-03-17 | 🎉 Foundation — 56+ agents (Atlas, Forge, Sentinel, Nexus, Shadow, Maker), 3 skills, pack system, monitoring, multi-IDE support |
560
+ | **0.2.0** | 2026-03-18 | 🔀 Fusion Oveanet — 3 nouveaux packs utilitaires : SEO Audit 360, Universal Backup, Animated Website |
561
+ | **0.3.0** | 2026-03-19 | 🚀 SEO Engine v2.0 — 3 agents multi-rôles, 4 scripts Python, workflow 6 phases, boucle PageSpeed, analyse GEO |
562
+ | **0.4.0** | 2026-03-19 | 🏢 SEO Engine v2.1 — Orchestrateur SKILL.md, APIs Google, rapports HTML, benchmark concurrentiel, 50 tests, extensions GSC + GA4 |
563
+ | **0.4.1** | 2026-03-19 | 🌐 CLI 10 langues, pipeline CI/CD, `.npmignore`, durcissement sécurité |
564
+ | **0.4.2** | 2026-03-19 | 📦 Packs publics — SEO/Backup/Animated dans npm |
565
+ | **0.4.3** | 2026-05-17 | 🔧 Commandes update + doctor, i18n complète, correction crédits |
566
+ | **0.4.4** | 2026-05-17 | 🔧 Correction encodage UTF-8, i18n complète 10 langues, 62 tests unitaires |
560
567
  | **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 agents de conformité GRC |
561
- | **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 56+ agents specialized SDLC + 30 workflows SDLC |
568
+ | **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 agents spécialisés SDLC + 30 workflows SDLC |
569
+ | **0.9.0** | 2026-06-24 | 🚀 **Augmenté & Sécurisé** — 3 nouveaux packs (animated, backup, seo), correction P0 sécurité, 143/143 tests |
562
570
  | **0.8.0** | 2026-06-24 | 🚀 **Augmenté & Sécurisé** — 3 nouveaux packs (animated, backup, seo), correction P0 sécurité, 143/143 tests |
563
571
 
564
572
  Voir [CHANGELOG.md](../CHANGELOG.md) pour le détail complet.
@@ -571,6 +579,21 @@ MIT — Basé sur [BMAD-METHOD](https://github.com/bmad-code-org/BMAD-METHOD) (M
571
579
 
572
580
  ### Crédits
573
581
 
574
- - **BMAD-METHOD** by [bmad-code-org](https://github.com/bmad-code-org) — Framework de base
582
+ **Créateur**
583
+ - **BMAD+** Créé par [Laurent Rochetta](https://github.com/lrochetta) ([LinkedIn](https://www.linkedin.com/in/laurentrochetta/))
584
+
585
+ **Packs Originaux** (créés par Laurent Rochetta)
586
+ - **Dev Studio** — 6 agents SDLC spécialisés : Miriam (analyste d'affaires), Huldah (rédactrice technique), Yosef (chef de produit), Rachel (designer UX), Bezalel (architecte système), Oholiab (ingénieur senior) — 44 workflows couvrant l'ensemble du cycle de vie du brainstorming au déploiement
587
+ - **SEO Engine** — 3 agents (Scout, Chief, Judge), pipeline d'audit 6 phases, boucle PageSpeed, intégrations Google Search Console et GA4
588
+ - **Memory Pack** — Agent Zecher pour cerveau persistant cross-session avec scanner de projets
589
+
590
+ **Sources Externes et Inspirations**
591
+ - **BMAD-METHOD** par [bmad-code-org](https://github.com/bmad-code-org/BMAD-METHOD) — Méthodologie multi-agents originale (MIT)
592
+ - **Shield GRC** — 38 agents de conformité basés sur des textes réglementaires publics (RGPD, ISO 27001, SOC 2, HIPAA, EU AI Act, DORA, NIST, CMMC, etc.)
575
593
  - **OSINT Pipeline** basé sur [smixs/osint-skill](https://github.com/smixs/osint-skill) (MIT)
576
594
  - **Apify Actor Runner** intégré de [apify/agent-skills](https://github.com/apify/agent-skills) (MIT)
595
+ - **Karpathy Guardrails** adapté de [Andrej Karpathy](https://github.com/multica-ai/andrej-karpathy-skills) (MIT) — Règles comportementales pour Memory Pack
596
+
597
+ **Outils et Infrastructure**
598
+ - [Evolution API](https://github.com/EvolutionAPI/evolution-api) — Notifications WhatsApp pour la surveillance upstream
599
+ - [Gemini API](https://ai.google.dev/) — Analyse IA pour la classification des changements upstream
@@ -0,0 +1,13 @@
1
+ type: pack
2
+ name: bmad-plus-pack-seo
3
+ displayName: SEO / GEO Audit Pack
4
+ title: SEO & GEO Audit 360
5
+ icon: "🔍"
6
+ capabilities: "SEO audit, GEO audit, search engine optimization, pagespeed analysis, keyword research, content analysis, technical SEO, backlink analysis, competitor analysis, SERP analysis, local SEO, mobile optimization, structured data, XML sitemaps, robots.txt audit, core web vitals, accessibility audit, international SEO, ecommerce SEO, voice search optimization, AI search optimization"
7
+ role: "SEO/GEO specialist providing comprehensive 360-degree search optimization audits and recommendations"
8
+ identity: "Expert SEO and GEO (Generative Engine Optimization) auditor who combines technical depth with strategic insight. Analyzes websites across 100+ SEO factors and provides actionable, prioritized recommendations."
9
+ communicationStyle: "Data-driven and precise. Presents findings with clear metrics and concrete action items. Explains technical concepts in accessible terms for stakeholders. Balances quick wins with strategic long-term recommendations."
10
+ principles: "Audit every page through real device and search engine eyes. Prioritize fixes by impact and effort. All recommendations must be actionable and measurable. Track improvements with before/after metrics. Optimize for humans first, search engines second."
11
+ module: bmad-plus
12
+ canonicalId: bmad-plus-pack-seo
13
+ pack: seo
@@ -0,0 +1,82 @@
1
+ # Shield GRC Pack — SKILL
2
+
3
+ > **Pack:** Shield (GRC Audit)
4
+ > **Version:** 1.0.0
5
+ > **Created by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
6
+
7
+ ## Overview
8
+
9
+ Shield transforms BMAD+ into a comprehensive GRC (Governance, Risk & Compliance) assistant. It serves as an intelligent orchestrator for 38 compliance agents across 7 categories, covering 25+ regulatory frameworks. Route requests to the appropriate specialist agent, combine insights for cross-framework analysis, and provide consolidated compliance reports.
10
+
11
+ ## Capabilities
12
+
13
+ ### Data Privacy (5 frameworks)
14
+ - **GDPR** (EU/EEA/UK) — General Data Protection Regulation
15
+ - **CCPA/CPRA** (California) — Consumer Privacy Act
16
+ - **LGPD** (Brazil) — Lei Geral de Protecao de Dados
17
+ - **DPDPA** (India) — Digital Personal Data Protection Act
18
+ - **ISO 27701** (International) — Privacy Information Management
19
+
20
+ ### Cybersecurity (6 frameworks)
21
+ - **ISO 27001** — Information Security Management
22
+ - **NIST CSF 2.0** — Cybersecurity Framework
23
+ - **NIST 800-53 Rev. 5** — Federal Security Controls
24
+ - **CIS Controls v8** — Critical Security Controls
25
+ - **NIS2 Directive** — EU Cybersecurity
26
+ - **ISM** — Australian Information Security Manual
27
+
28
+ ### Industry Compliance (6 frameworks)
29
+ - **SOC 2 Type I/II** — Service Organization Controls
30
+ - **PCI DSS v4.0** — Payment Card Industry
31
+ - **HIPAA** — Healthcare Privacy & Security
32
+ - **SWIFT CSP** — Banking Security
33
+ - **DORA** — EU Digital Operational Resilience
34
+ - **FedRAMP** — Federal Cloud Authorization
35
+
36
+ ### Defense & Export Control (4 frameworks)
37
+ - **CMMC 2.0** — Cybersecurity Maturity Model Certification
38
+ - **ITAR** — International Traffic in Arms
39
+ - **EAR** — Export Administration Regulations
40
+ - **TSA** — Transportation Security Directives
41
+
42
+ ### AI Governance (3 frameworks)
43
+ - **EU AI Act 2024/1689** — AI Regulation
44
+ - **ISO 42001:2023** — AI Management System
45
+ - **NIST AI RMF 1.0** — AI Risk Management
46
+
47
+ ### Accessibility & ESG (3 frameworks)
48
+ - **WCAG 2.2** — Web Content Accessibility
49
+ - **Section 508** — US Federal Accessibility
50
+ - **CSRD** — Corporate Sustainability Reporting
51
+
52
+ ### GDPR & AI Act Workflows (11 workflow agents)
53
+ - DPIA, Breach Response, Legitimate Interest Assessment
54
+ - Privacy Notice/Policy/Cookie Generators
55
+ - AI Act Classifier, Roles, FRIA, Incident Reporting
56
+
57
+ ## Activation
58
+
59
+ To use Shield, include this pack in your BMAD+ installation:
60
+
61
+ ```bash
62
+ npx bmad-plus install --pack shield
63
+ ```
64
+
65
+ Then invoke the orchestrator from any conversation:
66
+
67
+ > "Shield, audit my app for GDPR compliance"
68
+ > "Shield, gap analysis ISO 27001 vs NIST CSF"
69
+ > "Shield, generate SOC 2 evidence checklist"
70
+
71
+ ## Architecture
72
+
73
+ - `shield-orchestrator.md` — Intelligent routing entry point
74
+ - `categories/` — Framework-specific agent prompts
75
+ - `references/` — 85 regulatory reference files
76
+ - `shared/` — Cross-framework mapper, gap analysis & audit templates
77
+
78
+ ## Attribution
79
+
80
+ Based on Claude Skills for GRC by Hemant Naik — MIT License.
81
+ GDPR and EU AI Act workflow agents enriched with insights from Lawve.ai.
82
+ Adapted for BMAD+ by Laurent Rochetta.
@@ -5,7 +5,7 @@
5
5
  * Ensures proper execution when run via npx from npm registry
6
6
  */
7
7
 
8
- const { execSync } = require('node:child_process');
8
+ const { spawnSync } = require('node:child_process');
9
9
  const path = require('node:path');
10
10
  const fs = require('node:fs');
11
11
 
@@ -21,10 +21,8 @@ if (isNpxExecution) {
21
21
  }
22
22
 
23
23
  try {
24
- execSync(`node "${cliPath}" ${args.join(' ')}`, {
25
- stdio: 'inherit',
26
- cwd: process.cwd(),
27
- });
24
+ const result = spawnSync('node', [cliPath, ...args], { stdio: 'inherit' });
25
+ if (result.status !== 0) process.exit(result.status);
28
26
  } catch (error) {
29
27
  process.exit(error.status || 1);
30
28
  }
@@ -53,7 +53,9 @@ function detectStack(dir) {
53
53
  else if (fs.existsSync(path.join(dir, 'yarn.lock'))) result.packageManager = 'yarn';
54
54
  else if (fs.existsSync(path.join(dir, 'bun.lockb'))) result.packageManager = 'bun';
55
55
  else result.packageManager = 'npm';
56
- } catch {}
56
+ } catch (e) {
57
+ console.warn('autoconfig: Failed to parse package.json in detectStack', e.message);
58
+ }
57
59
  }
58
60
 
59
61
  // Other languages
@@ -115,7 +117,9 @@ function analyzeStructure(dir) {
115
117
 
116
118
  // Check for .git directory
117
119
  if (fs.existsSync(path.join(dir, '.git'))) structure.hasGit = true;
118
- } catch {}
120
+ } catch (e) {
121
+ console.warn('autoconfig: Failed to analyze directory structure', e.message);
122
+ }
119
123
 
120
124
  return structure;
121
125
  }
@@ -203,7 +207,9 @@ function getProjectName(dir) {
203
207
  const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
204
208
  if (pkg.name) return pkg.name;
205
209
  }
206
- } catch {}
210
+ } catch (e) {
211
+ console.warn('autoconfig: Failed to read package.json in getProjectName', e.message);
212
+ }
207
213
  return path.basename(dir);
208
214
  }
209
215
 
@@ -250,7 +256,7 @@ module.exports = {
250
256
 
251
257
  // Check if directory has content
252
258
  let entries = [];
253
- try { entries = fs.readdirSync(projectDir).filter(e => !e.startsWith('.')); } catch {}
259
+ try { entries = fs.readdirSync(projectDir).filter(e => !e.startsWith('.')); } catch (e) { console.warn('autoconfig: Failed to list directory', e.message); }
254
260
 
255
261
  const isExistingProject = entries.length > 0;
256
262
 
@@ -343,7 +349,8 @@ module.exports = {
343
349
  tools: toolsArg,
344
350
  });
345
351
  } catch (e) {
346
- // Install may have its own output, that's fine
352
+ clack.log.error(`Autoconfig install failed: ${e.message}`);
353
+ throw e;
347
354
  }
348
355
 
349
356
  spinner2.stop('Installation complete');
@@ -442,7 +449,10 @@ module.exports = {
442
449
  packs: packs.join(','),
443
450
  yes: true,
444
451
  });
445
- } catch {}
452
+ } catch (e) {
453
+ clack.log.error(`Autoconfig install failed: ${e.message}`);
454
+ throw e;
455
+ }
446
456
 
447
457
  // Write initial context
448
458
  const contextPath = path.join(projectDir, '.agents', 'memory', 'context.md');
@@ -10,6 +10,7 @@ const fs = require('node:fs');
10
10
  const clack = require('@clack/prompts');
11
11
  const pc = require('picocolors');
12
12
  const { t } = require('../i18n');
13
+ const { PACKS, EXPECTED_AGENTS } = require('../lib/packs');
13
14
 
14
15
  module.exports = {
15
16
  command: 'doctor',
@@ -62,19 +63,13 @@ module.exports = {
62
63
  clack.log.success(`✅ ${agentDirs.length} agent/skill directories found`);
63
64
  passed++;
64
65
 
65
- // Check each expected agent from manifest packs
66
- const expectedAgents = {
67
- core: ['agent-strategist', 'agent-architect-dev', 'agent-quality', 'agent-orchestrator'],
68
- osint: ['agent-shadow'],
69
- maker: ['agent-maker'],
70
- seo: ['pack-seo'],
71
- backup: ['pack-backup'],
72
- animated: ['pack-animated'],
73
- };
74
-
66
+ // Check each expected agent from manifest packs using shared EXPECTED_AGENTS module
75
67
  for (const pack of (manifest.packs || ['core'])) {
76
- const expected = expectedAgents[pack] || [];
77
- for (const agent of expected) {
68
+ const entry = EXPECTED_AGENTS[pack];
69
+ if (!entry) continue;
70
+
71
+ // Check individual agent directories
72
+ for (const agent of (entry.agents || [])) {
78
73
  checks++;
79
74
  const agentPath = path.join(agentsDir, agent);
80
75
  if (fs.existsSync(agentPath)) {
@@ -84,6 +79,18 @@ module.exports = {
84
79
  warnings++;
85
80
  }
86
81
  }
82
+
83
+ // Check pack directory if applicable
84
+ if (entry.packDir) {
85
+ checks++;
86
+ const packPath = path.join(agentsDir, entry.packDir);
87
+ if (fs.existsSync(packPath)) {
88
+ passed++;
89
+ } else {
90
+ clack.log.warn(`⚠️ Missing pack directory: ${entry.packDir} (pack: ${pack})`);
91
+ warnings++;
92
+ }
93
+ }
87
94
  }
88
95
  } else {
89
96
  clack.log.error('❌ No .agents/skills/ directory found');
@@ -153,37 +160,27 @@ module.exports = {
153
160
  checks++;
154
161
  try {
155
162
  const yaml = require('js-yaml');
156
- const installModule = require('./install');
157
- const installSrc = fs.readFileSync(path.join(__dirname, 'install.js'), 'utf8');
158
- const packsMatch = installSrc.match(/const PACKS\s*=\s*\{/);
159
-
160
163
  const moduleYamlSrc = path.join(__dirname, '..', '..', '..', 'src', 'bmad-plus', 'module.yaml');
161
- if (packsMatch && fs.existsSync(moduleYamlSrc)) {
164
+ if (fs.existsSync(moduleYamlSrc)) {
162
165
  const moduleContent = yaml.load(fs.readFileSync(moduleYamlSrc, 'utf8'));
163
166
  const modulePackIds = Object.keys(moduleContent.packs || {});
164
167
 
165
- // Extract PACKS keys from install.js via require
166
- // The PACKS keys are the pack IDs available in the CLI menu
167
- // We compare against module.yaml packs
168
- const installContent = fs.readFileSync(path.join(__dirname, 'install.js'), 'utf8');
169
- const packKeyMatches = installContent.match(/^\s+'?([a-z][-a-z]*)'?\s*:\s*\{/gm);
170
- const installPackIds = packKeyMatches
171
- ? packKeyMatches.map(m => m.trim().replace(/[':{ ]/g, '').replace(/-/g, '-'))
172
- : [];
168
+ // Use shared PACKS module instead of fragile regex on install.js source
169
+ const cliPackIds = Object.keys(PACKS);
173
170
 
174
171
  // Find mismatches
175
- const missingInInstall = modulePackIds.filter(p => !installPackIds.includes(p));
176
- const missingInModule = installPackIds.filter(p => !modulePackIds.includes(p));
172
+ const missingInCLI = modulePackIds.filter(p => !cliPackIds.includes(p));
173
+ const missingInModule = cliPackIds.filter(p => !modulePackIds.includes(p));
177
174
 
178
- if (missingInInstall.length === 0 && missingInModule.length === 0) {
175
+ if (missingInCLI.length === 0 && missingInModule.length === 0) {
179
176
  clack.log.success(`✅ PACKS ↔ module.yaml in sync (${modulePackIds.length} packs)`);
180
177
  passed++;
181
178
  } else {
182
- if (missingInInstall.length > 0) {
183
- clack.log.warn(`⚠️ Packs in module.yaml but missing from install.js PACKS: ${missingInInstall.join(', ')}`);
179
+ if (missingInCLI.length > 0) {
180
+ clack.log.warn(`⚠️ Packs in module.yaml but missing from CLI PACKS: ${missingInCLI.join(', ')}`);
184
181
  }
185
182
  if (missingInModule.length > 0) {
186
- clack.log.warn(`⚠️ Packs in install.js PACKS but missing from module.yaml: ${missingInModule.join(', ')}`);
183
+ clack.log.warn(`⚠️ Packs in CLI PACKS but missing from module.yaml: ${missingInModule.join(', ')}`);
187
184
  }
188
185
  warnings++;
189
186
  }