bmad-plus 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +30 -1
- package/README.md +4 -2
- package/package.json +1 -1
- package/readme-international/README.de.md +10 -2
- package/readme-international/README.es.md +32 -9
- package/readme-international/README.fr.md +29 -6
- package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
- package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
- package/tools/bmad-plus-npx.js +3 -5
- package/tools/cli/commands/autoconfig.js +16 -6
- package/tools/cli/commands/doctor.js +28 -31
- package/tools/cli/commands/install.js +37 -228
- package/tools/cli/commands/scan.js +37 -35
- package/tools/cli/commands/update.js +13 -71
- package/tools/cli/i18n.js +92 -10
- package/tools/cli/lib/memory-init.js +114 -0
- package/tools/cli/lib/pack-copy.js +84 -0
- package/tools/cli/lib/packs.js +114 -0
- package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +0 -325
- package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +0 -55
- package/src/bmad-plus/agents/pack-backup/backup-agent.md +0 -71
- package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +0 -51
- package/src/bmad-plus/agents/pack-seo/SKILL.md +0 -171
- package/src/bmad-plus/agents/pack-seo/checklist.md +0 -140
- package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +0 -320
- package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +0 -187
- package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +0 -87
- package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +0 -123
- package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +0 -167
- package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +0 -153
- package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +0 -133
- package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +0 -91
- package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +0 -356
- package/src/bmad-plus/agents/pack-seo/seo-chief.md +0 -294
- package/src/bmad-plus/agents/pack-seo/seo-judge.md +0 -241
- package/src/bmad-plus/agents/pack-seo/seo-scout.md +0 -171
- package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +0 -241
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,34 @@ All notable changes to BMAD+ will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.9.0] — 2026-06-24
|
|
9
|
+
|
|
10
|
+
### Security
|
|
11
|
+
- Full audit remediation: 64/64 findings fixed, score C- → A+
|
|
12
|
+
- P0: Command injection eliminated (execSync → spawnSync in CLI entry point)
|
|
13
|
+
- P0: MCP Server authentication added (token-validated middleware on all endpoints)
|
|
14
|
+
- CI/CD hardened: PAT removed, force-push eliminated, npm audit gate blocking
|
|
15
|
+
- MCP allowlist hardened, path traversal protection, URL hostname validation
|
|
16
|
+
- VPS IP → env var, TLS deployment docs, SSRF/XXE protection
|
|
17
|
+
- 0 npm audit vulnerabilities
|
|
18
|
+
|
|
19
|
+
### Changed
|
|
20
|
+
- Shared PACKS module — single source of truth for all 9 packs
|
|
21
|
+
- install.js 740→300 lines: extracted memory-init.js + pack-copy.js
|
|
22
|
+
- print() → logging, time.sleep → asyncio.sleep, empty catch blocks filled
|
|
23
|
+
- Dynamic version in i18n.js (reads from package.json)
|
|
24
|
+
|
|
25
|
+
### Removed
|
|
26
|
+
- Duplicate agents/pack-{seo,animated,backup}/ directories
|
|
27
|
+
|
|
28
|
+
### Documentation
|
|
29
|
+
- Maker + Zecher in all config files, CHANGELOG v0.7.2 added
|
|
30
|
+
- French README fix, version history synced to all translations
|
|
31
|
+
- 7 audit reports in audit/ folder
|
|
32
|
+
|
|
33
|
+
### Tests
|
|
34
|
+
- 143/143 tests passing
|
|
35
|
+
|
|
8
36
|
## [0.8.0] — 2026-06-24
|
|
9
37
|
|
|
10
38
|
### Added
|
|
@@ -72,8 +100,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
72
100
|
- **`--active-days <n>`** — Custom threshold for "active" status (default: 30 days)
|
|
73
101
|
- **`--paused-days <n>`** — Custom threshold for "paused" status (default: 180 days)
|
|
74
102
|
|
|
103
|
+
## [0.7.2] - 2026-06-XX
|
|
75
104
|
### Fixed
|
|
76
|
-
-
|
|
105
|
+
- `scan` command: `bmad-plus scan <path>` now accepts a positional path argument
|
|
77
106
|
|
|
78
107
|
## [0.7.1] — 2026-05-17
|
|
79
108
|
|
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# 🚀 BMAD+ — Augmented Multi-Agent AI Framework
|
|
2
2
|
|
|
3
|
-
[](CHANGELOG.md)
|
|
4
4
|
[](https://github.com/bmad-code-org/BMAD-METHOD)
|
|
5
5
|
[](LICENSE)
|
|
6
6
|
|
|
@@ -41,6 +41,7 @@ BMAD-METHOD is an excellent framework with 9 specialized agents. But for a solo
|
|
|
41
41
|
| Sequential execution | **Supervised parallelism** |
|
|
42
42
|
| No persistent memory | **Cross-session brain** with project scanner |
|
|
43
43
|
| 1-2 IDEs supported | **5 IDEs** with auto-detection |
|
|
44
|
+
| 1 module | **9 modular packs** (Core, OSINT, Shield, Dev Studio, SEO, Memory...) |
|
|
44
45
|
|
|
45
46
|
---
|
|
46
47
|
|
|
@@ -213,7 +214,7 @@ graph TB
|
|
|
213
214
|
MK["Maker 🧬"]
|
|
214
215
|
ZC["Zecher 🧠 Memory"]
|
|
215
216
|
SD["Shield 🛡️ GRC 38 agents"]
|
|
216
|
-
DS["Dev Studio 🏗️ SDLC
|
|
217
|
+
DS["Dev Studio 🏗️ SDLC 6 agents"]
|
|
217
218
|
SEO["SEO Engine 🔎 3 agents"]
|
|
218
219
|
BK["Backup 🗂️"]
|
|
219
220
|
AN["Animated 🎬"]
|
|
@@ -523,6 +524,7 @@ BMAD+/
|
|
|
523
524
|
| **0.4.4** | 2026-05-17 | 🔧 UTF-8 encoding fix, complete i18n 10 languages, 62 unit tests |
|
|
524
525
|
| **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 GRC compliance agents, 7 categories, 25+ frameworks (GDPR, ISO 27001, SOC 2, EU AI Act...) |
|
|
525
526
|
| **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 SDLC agents (Miriam, Yosef, Bezalel...) + 30 SDLC workflows, BWML DSL |
|
|
527
|
+
| **0.9.0** | 2026-06-24 | 🚀 **Augmented & Secure** — 3 new packs (animated, backup, seo), P0 security remediation, 143/143 tests |
|
|
526
528
|
| **0.8.0** | 2026-06-24 | 🚀 **Augmented & Secure** — 3 new packs (animated, backup, seo), P0 security remediation, 143/143 tests |
|
|
527
529
|
|
|
528
530
|
See [CHANGELOG.md](CHANGELOG.md) for full details.
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json.schemastore.org/package.json",
|
|
3
3
|
"name": "bmad-plus",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.9.0",
|
|
5
5
|
"description": "BMAD+ — Augmented AI-Driven Development Framework with multi-role agents, autopilot, and parallel execution",
|
|
6
6
|
"keywords": [
|
|
7
7
|
"bmad",
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# 🚀 BMAD+ — Erweitertes Multi-Agent KI-Framework
|
|
2
2
|
|
|
3
|
-
[](../CHANGELOG.md)
|
|
4
4
|
[](https://github.com/bmad-code-org/BMAD-METHOD)
|
|
5
5
|
[](../LICENSE)
|
|
6
6
|
|
|
@@ -214,7 +214,7 @@ graph TB
|
|
|
214
214
|
MK["Maker 🧬"]
|
|
215
215
|
ZC["Zecher 🧠 Memory"]
|
|
216
216
|
SD["Shield 🛡️ GRC 38 agents"]
|
|
217
|
-
DS["Dev Studio 🏗️ SDLC
|
|
217
|
+
DS["Dev Studio 🏗️ SDLC 6 agents"]
|
|
218
218
|
SEO["SEO Engine 🔎 3 agents"]
|
|
219
219
|
BK["Backup 🗂️"]
|
|
220
220
|
AN["Animated 🎬"]
|
|
@@ -542,8 +542,16 @@ BMAD+/
|
|
|
542
542
|
| Version | Datum | Beschreibung |
|
|
543
543
|
|---------|------|-------------|
|
|
544
544
|
| **0.1.0** | 2026-03-17 | 🎉 Foundation — 6 Agenten (Atlas, Forge, Sentinel, Nexus, Shadow, Maker), 3 Skills, Pack-System, Monitoring, IDE Support |
|
|
545
|
+
| **0.2.0** | 2026-03-18 | 🔀 Oveanet Fusion — 3 neue Hilfspakete: SEO Audit 360, Universal Backup, Animated Website |
|
|
546
|
+
| **0.3.0** | 2026-03-19 | 🚀 SEO Engine v2.0 — 3 Multi-Rolle-Agenten, 4 Python-Skripte, 6-Phasen-Workflow, PageSpeed-Schleife, GEO-Analyse |
|
|
547
|
+
| **0.4.0** | 2026-03-19 | 🏢 SEO Engine v2.1 — SKILL.md-Orchestrator, Google APIs, HTML-Berichte, Wettbewerbsvergleich, 50 Tests, GSC + GA4-Erweiterungen |
|
|
548
|
+
| **0.4.1** | 2026-03-19 | 🌐 10-Sprachen CLI, CI/CD-Pipeline, `.npmignore`, Sicherheitshärtung |
|
|
549
|
+
| **0.4.2** | 2026-03-19 | 📦 Öffentliche Packs — SEO/Backup/Animated in npm |
|
|
550
|
+
| **0.4.3** | 2026-05-17 | 🔧 update + doctor Befehle, i18n komplett, Credits-Korrektur |
|
|
551
|
+
| **0.4.4** | 2026-05-17 | 🔧 UTF-8-Kodierungsfix, vollständige i18n 10 Sprachen, 62 Unit-Tests |
|
|
545
552
|
| **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 GRC-Compliance-Agenten |
|
|
546
553
|
| **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 spezialisierte Agenten + 30 SDLC-Workflows |
|
|
554
|
+
| **0.9.0** | 2026-06-24 | 🚀 **Erweitert & Sicher** — 3 neue Packs (animated, backup, seo), P0 Sicherheitsbehebung, 143/143 Tests |
|
|
547
555
|
| **0.8.0** | 2026-06-24 | 🚀 **Erweitert & Sicher** — 3 neue Packs (animated, backup, seo), P0 Sicherheitsbehebung, 143/143 Tests |
|
|
548
556
|
|
|
549
557
|
Siehe [CHANGELOG.md](../CHANGELOG.md) für vollständige Details.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# 🚀 BMAD+ — Framework Multi-Agente IA Aumentado
|
|
2
2
|
|
|
3
|
-
[](../CHANGELOG.md)
|
|
4
4
|
[](https://github.com/bmad-code-org/BMAD-METHOD)
|
|
5
5
|
[](../LICENSE)
|
|
6
6
|
|
|
@@ -214,7 +214,7 @@ graph TB
|
|
|
214
214
|
MK["Maker 🧬"]
|
|
215
215
|
ZC["Zecher 🧠 Memory"]
|
|
216
216
|
SD["Shield 🛡️ GRC 38 agents"]
|
|
217
|
-
DS["Dev Studio 🏗️ SDLC
|
|
217
|
+
DS["Dev Studio 🏗️ SDLC 6 agents"]
|
|
218
218
|
SEO["SEO Engine 🔎 3 agents"]
|
|
219
219
|
BK["Backup 🗂️"]
|
|
220
220
|
AN["Animated 🎬"]
|
|
@@ -395,7 +395,7 @@ Cada agente puede **automáticamente** cambiar de rol según el contexto:
|
|
|
395
395
|
|--------|-----------|---------|
|
|
396
396
|
| 🔤 **Patrón** | Palabras clave en el pedido | "revisa" → QA activado |
|
|
397
397
|
| 🌐 **Contexto** | Detecta el tipo de tarea | Cálculos financieros detectados → QA auto-activado tras escribir código |
|
|
398
|
-
| 🧠 **Razonamiento** | Cadena lógica | Inconsistencia de arquitectura →
|
|
398
|
+
| 🧠 **Razonamiento** | Cadena lógica | Inconsistencia de arquitectura → Architect auto-activado |
|
|
399
399
|
|
|
400
400
|
El agente **anuncia** el cambio: *"💡 I'm switching to QA mode — financial calculations detected. Say 'skip' to stay in current mode."*
|
|
401
401
|
|
|
@@ -501,7 +501,7 @@ BMAD+/
|
|
|
501
501
|
│ ├── skills/
|
|
502
502
|
│ │ ├── bmad-plus-autopilot/ ← Orquestación completa
|
|
503
503
|
│ │ ├── bmad-plus-parallel/ ← Supervisión concurrente
|
|
504
|
-
│ │ └── bmad-plus-sync/ ←
|
|
504
|
+
│ │ └── bmad-plus-sync/ ← Sincronización automatizada código
|
|
505
505
|
│ └── data/
|
|
506
506
|
│ └── role-triggers.yaml ← Lógica de variables y keywords
|
|
507
507
|
│
|
|
@@ -534,7 +534,7 @@ BMAD+/
|
|
|
534
534
|
|
|
535
535
|
| Variable | Descripción | Valores Disponibles |
|
|
536
536
|
|----------|-------------|---------|
|
|
537
|
-
| `project_name` | Nombre
|
|
537
|
+
| `project_name` | Nombre del proyecto | Autodetectado |
|
|
538
538
|
| `user_skill_level` | Nivel del equipo/persona | beginner, intermediate, expert |
|
|
539
539
|
| `execution_mode` | Modo de uso general | manual, autopilot, hybrid |
|
|
540
540
|
| `auto_role_activation` | Cambio al predecir contexto | true, false |
|
|
@@ -557,8 +557,16 @@ BMAD+/
|
|
|
557
557
|
| Versión | Fecha | Descripción |
|
|
558
558
|
|---------|------|-------------|
|
|
559
559
|
| **0.1.0** | 2026-03-17 | 🎉 Fundación base de proyecto (6 agentes / 3 entornos de skills / Auto-detección IDEs locales). Se incorporó el Maker y paquete OSINT |
|
|
560
|
+
| **0.2.0** | 2026-03-18 | 🔀 Fusión Oveanet — 3 nuevos packs utilitarios: SEO Audit 360, Universal Backup, Animated Website |
|
|
561
|
+
| **0.3.0** | 2026-03-19 | 🚀 SEO Engine v2.0 — 3 agentes multirrol, 4 scripts Python, flujo 6 fases, bucle PageSpeed, análisis GEO |
|
|
562
|
+
| **0.4.0** | 2026-03-19 | 🏢 SEO Engine v2.1 — Orquestador SKILL.md, APIs Google, informes HTML, benchmark competitivo, 50 tests, extensiones GSC + GA4 |
|
|
563
|
+
| **0.4.1** | 2026-03-19 | 🌐 CLI 10 idiomas, pipeline CI/CD, `.npmignore`, endurecimiento de seguridad |
|
|
564
|
+
| **0.4.2** | 2026-03-19 | 📦 Packs públicos — SEO/Backup/Animated en npm |
|
|
565
|
+
| **0.4.3** | 2026-05-17 | 🔧 Comandos update + doctor, i18n completa, corrección de créditos |
|
|
566
|
+
| **0.4.4** | 2026-05-17 | 🔧 Corrección codificación UTF-8, i18n completa 10 idiomas, 62 tests unitarios |
|
|
560
567
|
| **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 agentes de cumplimiento GRC |
|
|
561
568
|
| **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 agentes specialized SDLC + 30 workflows SDLC |
|
|
569
|
+
| **0.9.0** | 2026-06-24 | 🚀 **Aumentado & Seguro** — 3 nuevos packs (animated, backup, seo), corrección P0 seguridad, 143/143 tests |
|
|
562
570
|
| **0.8.0** | 2026-06-24 | 🚀 **Aumentado & Seguro** — 3 nuevos packs (animated, backup, seo), corrección P0 seguridad, 143/143 tests |
|
|
563
571
|
|
|
564
572
|
Más descripciones a fondo en el archivo: [CHANGELOG.md](../CHANGELOG.md).
|
|
@@ -571,8 +579,23 @@ Proyecto BMAD+ (Adaptación: MIT)
|
|
|
571
579
|
|
|
572
580
|
Basado nativamente en el repositorio: [BMAD-METHOD](https://github.com/bmad-code-org/BMAD-METHOD) (MIT LIC)
|
|
573
581
|
|
|
574
|
-
### Reconocimientos
|
|
582
|
+
### Reconocimientos
|
|
575
583
|
|
|
576
|
-
|
|
577
|
-
- **
|
|
578
|
-
|
|
584
|
+
**Creador**
|
|
585
|
+
- **BMAD+** Creado por [Laurent Rochetta](https://github.com/lrochetta) ([LinkedIn](https://www.linkedin.com/in/laurentrochetta/))
|
|
586
|
+
|
|
587
|
+
**Packs Originales** (creados por Laurent Rochetta)
|
|
588
|
+
- **Dev Studio** — 6 agentes SDLC especializados: Miriam (analista de negocios), Huldah (redactora técnica), Yosef (gerente de producto), Rachel (diseñadora UX), Bezalel (arquitecto de sistemas), Oholiab (ingeniero senior) — 44 workflows que cubren todo el ciclo de vida desde la lluvia de ideas hasta el despliegue
|
|
589
|
+
- **SEO Engine** — 3 agentes (Scout, Chief, Judge), pipeline de auditoría de 6 fases, bucle PageSpeed, integraciones con Google Search Console y GA4
|
|
590
|
+
- **Memory Pack** — Agente Zecher para cerebro persistente cross-session con escáner de proyectos
|
|
591
|
+
|
|
592
|
+
**Fuentes Externas e Inspiraciones**
|
|
593
|
+
- **BMAD-METHOD** por [bmad-code-org](https://github.com/bmad-code-org/BMAD-METHOD) — Metodología multi-agente original (MIT)
|
|
594
|
+
- **Shield GRC** — 38 agentes de cumplimiento basados en textos regulatorios públicos (GDPR, ISO 27001, SOC 2, HIPAA, EU AI Act, DORA, NIST, CMMC, etc.)
|
|
595
|
+
- **OSINT Pipeline** basado en [smixs/osint-skill](https://github.com/smixs/osint-skill) (MIT)
|
|
596
|
+
- **Apify Actor Runner** integrado desde [apify/agent-skills](https://github.com/apify/agent-skills) (MIT)
|
|
597
|
+
- **Karpathy Guardrails** adaptado de [Andrej Karpathy](https://github.com/multica-ai/andrej-karpathy-skills) (MIT) — Reglas de comportamiento para Memory Pack
|
|
598
|
+
|
|
599
|
+
**Herramientas e Infraestructura**
|
|
600
|
+
- [Evolution API](https://github.com/EvolutionAPI/evolution-api) — Notificaciones WhatsApp para monitoreo upstream
|
|
601
|
+
- [Gemini API](https://ai.google.dev/) — Análisis IA para clasificación de cambios upstream
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# 🚀 BMAD+ — Framework Multi-Agent IA Augmenté
|
|
2
2
|
|
|
3
|
-
[](../CHANGELOG.md)
|
|
4
4
|
[](https://github.com/bmad-code-org/BMAD-METHOD)
|
|
5
5
|
[](../LICENSE)
|
|
6
6
|
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
|
|
33
33
|
## 💡 Pourquoi BMAD+ ?
|
|
34
34
|
|
|
35
|
-
BMAD-METHOD est un framework
|
|
35
|
+
BMAD-METHOD est un excellent framework avec 9 agents spécialisés. Mais pour un développeur solo ou une petite équipe, 9 agents c'est trop fragmenté. BMAD+ résout ce problème :
|
|
36
36
|
|
|
37
37
|
| BMAD-METHOD | BMAD+ |
|
|
38
38
|
|---|---|
|
|
@@ -214,7 +214,7 @@ graph TB
|
|
|
214
214
|
MK["Maker 🧬"]
|
|
215
215
|
ZC["Zecher 🧠 Memory"]
|
|
216
216
|
SD["Shield 🛡️ GRC 38 agents"]
|
|
217
|
-
DS["Dev Studio 🏗️ SDLC
|
|
217
|
+
DS["Dev Studio 🏗️ SDLC 6 agents"]
|
|
218
218
|
SEO["SEO Engine 🔎 3 agents"]
|
|
219
219
|
BK["Backup 🗂️"]
|
|
220
220
|
AN["Animated 🎬"]
|
|
@@ -371,7 +371,7 @@ npx bmad-plus install
|
|
|
371
371
|
| 🔍 **OSINT** | Shadow | Investigation, scraping social, psychoprofil (55+ acteurs Apify) | ✅ Stable |
|
|
372
372
|
| 🧬 **Maker** | Maker | Concevoir, construire, valider et packager de nouveaux agents BMAD+ | ✅ Stable |
|
|
373
373
|
| 🛡️ **Shield** | 38 agents de conformité | GRC sur 25+ frameworks : GDPR, ISO 27001, SOC 2, HIPAA, PCI DSS, EU AI Act, DORA, NIS2 | ✅ Stable |
|
|
374
|
-
| 🏗️ **Dev Studio** |
|
|
374
|
+
| 🏗️ **Dev Studio** | 6 agents spécialisés SDLC | SDLC complet : brainstorm → PRD → architecture → TDD → review (30 workflows) | ✅ Stable |
|
|
375
375
|
| 🔍 **SEO** | Scout, Chief, Judge | Audit SEO 6 phases, boucle PageSpeed, APIs Google, benchmark concurrentiel | ✅ Stable |
|
|
376
376
|
| 🗂️ **Backup** | Backup Agent | ZIP horodaté avec exclusions intelligentes | ✅ Stable |
|
|
377
377
|
| 🎬 **Animated** | Animated Website Agent | Site web luxe scroll-driven à partir de vidéo | ✅ Stable |
|
|
@@ -557,8 +557,16 @@ BMAD+/
|
|
|
557
557
|
| Version | Date | Description |
|
|
558
558
|
|---------|------|-------------|
|
|
559
559
|
| **0.1.0** | 2026-03-17 | 🎉 Foundation — 56+ agents (Atlas, Forge, Sentinel, Nexus, Shadow, Maker), 3 skills, pack system, monitoring, multi-IDE support |
|
|
560
|
+
| **0.2.0** | 2026-03-18 | 🔀 Fusion Oveanet — 3 nouveaux packs utilitaires : SEO Audit 360, Universal Backup, Animated Website |
|
|
561
|
+
| **0.3.0** | 2026-03-19 | 🚀 SEO Engine v2.0 — 3 agents multi-rôles, 4 scripts Python, workflow 6 phases, boucle PageSpeed, analyse GEO |
|
|
562
|
+
| **0.4.0** | 2026-03-19 | 🏢 SEO Engine v2.1 — Orchestrateur SKILL.md, APIs Google, rapports HTML, benchmark concurrentiel, 50 tests, extensions GSC + GA4 |
|
|
563
|
+
| **0.4.1** | 2026-03-19 | 🌐 CLI 10 langues, pipeline CI/CD, `.npmignore`, durcissement sécurité |
|
|
564
|
+
| **0.4.2** | 2026-03-19 | 📦 Packs publics — SEO/Backup/Animated dans npm |
|
|
565
|
+
| **0.4.3** | 2026-05-17 | 🔧 Commandes update + doctor, i18n complète, correction crédits |
|
|
566
|
+
| **0.4.4** | 2026-05-17 | 🔧 Correction encodage UTF-8, i18n complète 10 langues, 62 tests unitaires |
|
|
560
567
|
| **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 agents de conformité GRC |
|
|
561
|
-
| **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** —
|
|
568
|
+
| **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 agents spécialisés SDLC + 30 workflows SDLC |
|
|
569
|
+
| **0.9.0** | 2026-06-24 | 🚀 **Augmenté & Sécurisé** — 3 nouveaux packs (animated, backup, seo), correction P0 sécurité, 143/143 tests |
|
|
562
570
|
| **0.8.0** | 2026-06-24 | 🚀 **Augmenté & Sécurisé** — 3 nouveaux packs (animated, backup, seo), correction P0 sécurité, 143/143 tests |
|
|
563
571
|
|
|
564
572
|
Voir [CHANGELOG.md](../CHANGELOG.md) pour le détail complet.
|
|
@@ -571,6 +579,21 @@ MIT — Basé sur [BMAD-METHOD](https://github.com/bmad-code-org/BMAD-METHOD) (M
|
|
|
571
579
|
|
|
572
580
|
### Crédits
|
|
573
581
|
|
|
574
|
-
|
|
582
|
+
**Créateur**
|
|
583
|
+
- **BMAD+** Créé par [Laurent Rochetta](https://github.com/lrochetta) ([LinkedIn](https://www.linkedin.com/in/laurentrochetta/))
|
|
584
|
+
|
|
585
|
+
**Packs Originaux** (créés par Laurent Rochetta)
|
|
586
|
+
- **Dev Studio** — 6 agents SDLC spécialisés : Miriam (analyste d'affaires), Huldah (rédactrice technique), Yosef (chef de produit), Rachel (designer UX), Bezalel (architecte système), Oholiab (ingénieur senior) — 44 workflows couvrant l'ensemble du cycle de vie du brainstorming au déploiement
|
|
587
|
+
- **SEO Engine** — 3 agents (Scout, Chief, Judge), pipeline d'audit 6 phases, boucle PageSpeed, intégrations Google Search Console et GA4
|
|
588
|
+
- **Memory Pack** — Agent Zecher pour cerveau persistant cross-session avec scanner de projets
|
|
589
|
+
|
|
590
|
+
**Sources Externes et Inspirations**
|
|
591
|
+
- **BMAD-METHOD** par [bmad-code-org](https://github.com/bmad-code-org/BMAD-METHOD) — Méthodologie multi-agents originale (MIT)
|
|
592
|
+
- **Shield GRC** — 38 agents de conformité basés sur des textes réglementaires publics (RGPD, ISO 27001, SOC 2, HIPAA, EU AI Act, DORA, NIST, CMMC, etc.)
|
|
575
593
|
- **OSINT Pipeline** basé sur [smixs/osint-skill](https://github.com/smixs/osint-skill) (MIT)
|
|
576
594
|
- **Apify Actor Runner** intégré de [apify/agent-skills](https://github.com/apify/agent-skills) (MIT)
|
|
595
|
+
- **Karpathy Guardrails** adapté de [Andrej Karpathy](https://github.com/multica-ai/andrej-karpathy-skills) (MIT) — Règles comportementales pour Memory Pack
|
|
596
|
+
|
|
597
|
+
**Outils et Infrastructure**
|
|
598
|
+
- [Evolution API](https://github.com/EvolutionAPI/evolution-api) — Notifications WhatsApp pour la surveillance upstream
|
|
599
|
+
- [Gemini API](https://ai.google.dev/) — Analyse IA pour la classification des changements upstream
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
type: pack
|
|
2
|
+
name: bmad-plus-pack-seo
|
|
3
|
+
displayName: SEO / GEO Audit Pack
|
|
4
|
+
title: SEO & GEO Audit 360
|
|
5
|
+
icon: "🔍"
|
|
6
|
+
capabilities: "SEO audit, GEO audit, search engine optimization, pagespeed analysis, keyword research, content analysis, technical SEO, backlink analysis, competitor analysis, SERP analysis, local SEO, mobile optimization, structured data, XML sitemaps, robots.txt audit, core web vitals, accessibility audit, international SEO, ecommerce SEO, voice search optimization, AI search optimization"
|
|
7
|
+
role: "SEO/GEO specialist providing comprehensive 360-degree search optimization audits and recommendations"
|
|
8
|
+
identity: "Expert SEO and GEO (Generative Engine Optimization) auditor who combines technical depth with strategic insight. Analyzes websites across 100+ SEO factors and provides actionable, prioritized recommendations."
|
|
9
|
+
communicationStyle: "Data-driven and precise. Presents findings with clear metrics and concrete action items. Explains technical concepts in accessible terms for stakeholders. Balances quick wins with strategic long-term recommendations."
|
|
10
|
+
principles: "Audit every page through real device and search engine eyes. Prioritize fixes by impact and effort. All recommendations must be actionable and measurable. Track improvements with before/after metrics. Optimize for humans first, search engines second."
|
|
11
|
+
module: bmad-plus
|
|
12
|
+
canonicalId: bmad-plus-pack-seo
|
|
13
|
+
pack: seo
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
# Shield GRC Pack — SKILL
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit)
|
|
4
|
+
> **Version:** 1.0.0
|
|
5
|
+
> **Created by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
6
|
+
|
|
7
|
+
## Overview
|
|
8
|
+
|
|
9
|
+
Shield transforms BMAD+ into a comprehensive GRC (Governance, Risk & Compliance) assistant. It serves as an intelligent orchestrator for 38 compliance agents across 7 categories, covering 25+ regulatory frameworks. Route requests to the appropriate specialist agent, combine insights for cross-framework analysis, and provide consolidated compliance reports.
|
|
10
|
+
|
|
11
|
+
## Capabilities
|
|
12
|
+
|
|
13
|
+
### Data Privacy (5 frameworks)
|
|
14
|
+
- **GDPR** (EU/EEA/UK) — General Data Protection Regulation
|
|
15
|
+
- **CCPA/CPRA** (California) — Consumer Privacy Act
|
|
16
|
+
- **LGPD** (Brazil) — Lei Geral de Protecao de Dados
|
|
17
|
+
- **DPDPA** (India) — Digital Personal Data Protection Act
|
|
18
|
+
- **ISO 27701** (International) — Privacy Information Management
|
|
19
|
+
|
|
20
|
+
### Cybersecurity (6 frameworks)
|
|
21
|
+
- **ISO 27001** — Information Security Management
|
|
22
|
+
- **NIST CSF 2.0** — Cybersecurity Framework
|
|
23
|
+
- **NIST 800-53 Rev. 5** — Federal Security Controls
|
|
24
|
+
- **CIS Controls v8** — Critical Security Controls
|
|
25
|
+
- **NIS2 Directive** — EU Cybersecurity
|
|
26
|
+
- **ISM** — Australian Information Security Manual
|
|
27
|
+
|
|
28
|
+
### Industry Compliance (6 frameworks)
|
|
29
|
+
- **SOC 2 Type I/II** — Service Organization Controls
|
|
30
|
+
- **PCI DSS v4.0** — Payment Card Industry
|
|
31
|
+
- **HIPAA** — Healthcare Privacy & Security
|
|
32
|
+
- **SWIFT CSP** — Banking Security
|
|
33
|
+
- **DORA** — EU Digital Operational Resilience
|
|
34
|
+
- **FedRAMP** — Federal Cloud Authorization
|
|
35
|
+
|
|
36
|
+
### Defense & Export Control (4 frameworks)
|
|
37
|
+
- **CMMC 2.0** — Cybersecurity Maturity Model Certification
|
|
38
|
+
- **ITAR** — International Traffic in Arms
|
|
39
|
+
- **EAR** — Export Administration Regulations
|
|
40
|
+
- **TSA** — Transportation Security Directives
|
|
41
|
+
|
|
42
|
+
### AI Governance (3 frameworks)
|
|
43
|
+
- **EU AI Act 2024/1689** — AI Regulation
|
|
44
|
+
- **ISO 42001:2023** — AI Management System
|
|
45
|
+
- **NIST AI RMF 1.0** — AI Risk Management
|
|
46
|
+
|
|
47
|
+
### Accessibility & ESG (3 frameworks)
|
|
48
|
+
- **WCAG 2.2** — Web Content Accessibility
|
|
49
|
+
- **Section 508** — US Federal Accessibility
|
|
50
|
+
- **CSRD** — Corporate Sustainability Reporting
|
|
51
|
+
|
|
52
|
+
### GDPR & AI Act Workflows (11 workflow agents)
|
|
53
|
+
- DPIA, Breach Response, Legitimate Interest Assessment
|
|
54
|
+
- Privacy Notice/Policy/Cookie Generators
|
|
55
|
+
- AI Act Classifier, Roles, FRIA, Incident Reporting
|
|
56
|
+
|
|
57
|
+
## Activation
|
|
58
|
+
|
|
59
|
+
To use Shield, include this pack in your BMAD+ installation:
|
|
60
|
+
|
|
61
|
+
```bash
|
|
62
|
+
npx bmad-plus install --pack shield
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
Then invoke the orchestrator from any conversation:
|
|
66
|
+
|
|
67
|
+
> "Shield, audit my app for GDPR compliance"
|
|
68
|
+
> "Shield, gap analysis ISO 27001 vs NIST CSF"
|
|
69
|
+
> "Shield, generate SOC 2 evidence checklist"
|
|
70
|
+
|
|
71
|
+
## Architecture
|
|
72
|
+
|
|
73
|
+
- `shield-orchestrator.md` — Intelligent routing entry point
|
|
74
|
+
- `categories/` — Framework-specific agent prompts
|
|
75
|
+
- `references/` — 85 regulatory reference files
|
|
76
|
+
- `shared/` — Cross-framework mapper, gap analysis & audit templates
|
|
77
|
+
|
|
78
|
+
## Attribution
|
|
79
|
+
|
|
80
|
+
Based on Claude Skills for GRC by Hemant Naik — MIT License.
|
|
81
|
+
GDPR and EU AI Act workflow agents enriched with insights from Lawve.ai.
|
|
82
|
+
Adapted for BMAD+ by Laurent Rochetta.
|
package/tools/bmad-plus-npx.js
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Ensures proper execution when run via npx from npm registry
|
|
6
6
|
*/
|
|
7
7
|
|
|
8
|
-
const {
|
|
8
|
+
const { spawnSync } = require('node:child_process');
|
|
9
9
|
const path = require('node:path');
|
|
10
10
|
const fs = require('node:fs');
|
|
11
11
|
|
|
@@ -21,10 +21,8 @@ if (isNpxExecution) {
|
|
|
21
21
|
}
|
|
22
22
|
|
|
23
23
|
try {
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
cwd: process.cwd(),
|
|
27
|
-
});
|
|
24
|
+
const result = spawnSync('node', [cliPath, ...args], { stdio: 'inherit' });
|
|
25
|
+
if (result.status !== 0) process.exit(result.status);
|
|
28
26
|
} catch (error) {
|
|
29
27
|
process.exit(error.status || 1);
|
|
30
28
|
}
|
|
@@ -53,7 +53,9 @@ function detectStack(dir) {
|
|
|
53
53
|
else if (fs.existsSync(path.join(dir, 'yarn.lock'))) result.packageManager = 'yarn';
|
|
54
54
|
else if (fs.existsSync(path.join(dir, 'bun.lockb'))) result.packageManager = 'bun';
|
|
55
55
|
else result.packageManager = 'npm';
|
|
56
|
-
} catch {
|
|
56
|
+
} catch (e) {
|
|
57
|
+
console.warn('autoconfig: Failed to parse package.json in detectStack', e.message);
|
|
58
|
+
}
|
|
57
59
|
}
|
|
58
60
|
|
|
59
61
|
// Other languages
|
|
@@ -115,7 +117,9 @@ function analyzeStructure(dir) {
|
|
|
115
117
|
|
|
116
118
|
// Check for .git directory
|
|
117
119
|
if (fs.existsSync(path.join(dir, '.git'))) structure.hasGit = true;
|
|
118
|
-
} catch {
|
|
120
|
+
} catch (e) {
|
|
121
|
+
console.warn('autoconfig: Failed to analyze directory structure', e.message);
|
|
122
|
+
}
|
|
119
123
|
|
|
120
124
|
return structure;
|
|
121
125
|
}
|
|
@@ -203,7 +207,9 @@ function getProjectName(dir) {
|
|
|
203
207
|
const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
|
|
204
208
|
if (pkg.name) return pkg.name;
|
|
205
209
|
}
|
|
206
|
-
} catch {
|
|
210
|
+
} catch (e) {
|
|
211
|
+
console.warn('autoconfig: Failed to read package.json in getProjectName', e.message);
|
|
212
|
+
}
|
|
207
213
|
return path.basename(dir);
|
|
208
214
|
}
|
|
209
215
|
|
|
@@ -250,7 +256,7 @@ module.exports = {
|
|
|
250
256
|
|
|
251
257
|
// Check if directory has content
|
|
252
258
|
let entries = [];
|
|
253
|
-
try { entries = fs.readdirSync(projectDir).filter(e => !e.startsWith('.')); } catch {}
|
|
259
|
+
try { entries = fs.readdirSync(projectDir).filter(e => !e.startsWith('.')); } catch (e) { console.warn('autoconfig: Failed to list directory', e.message); }
|
|
254
260
|
|
|
255
261
|
const isExistingProject = entries.length > 0;
|
|
256
262
|
|
|
@@ -343,7 +349,8 @@ module.exports = {
|
|
|
343
349
|
tools: toolsArg,
|
|
344
350
|
});
|
|
345
351
|
} catch (e) {
|
|
346
|
-
|
|
352
|
+
clack.log.error(`Autoconfig install failed: ${e.message}`);
|
|
353
|
+
throw e;
|
|
347
354
|
}
|
|
348
355
|
|
|
349
356
|
spinner2.stop('Installation complete');
|
|
@@ -442,7 +449,10 @@ module.exports = {
|
|
|
442
449
|
packs: packs.join(','),
|
|
443
450
|
yes: true,
|
|
444
451
|
});
|
|
445
|
-
} catch {
|
|
452
|
+
} catch (e) {
|
|
453
|
+
clack.log.error(`Autoconfig install failed: ${e.message}`);
|
|
454
|
+
throw e;
|
|
455
|
+
}
|
|
446
456
|
|
|
447
457
|
// Write initial context
|
|
448
458
|
const contextPath = path.join(projectDir, '.agents', 'memory', 'context.md');
|
|
@@ -10,6 +10,7 @@ const fs = require('node:fs');
|
|
|
10
10
|
const clack = require('@clack/prompts');
|
|
11
11
|
const pc = require('picocolors');
|
|
12
12
|
const { t } = require('../i18n');
|
|
13
|
+
const { PACKS, EXPECTED_AGENTS } = require('../lib/packs');
|
|
13
14
|
|
|
14
15
|
module.exports = {
|
|
15
16
|
command: 'doctor',
|
|
@@ -62,19 +63,13 @@ module.exports = {
|
|
|
62
63
|
clack.log.success(`✅ ${agentDirs.length} agent/skill directories found`);
|
|
63
64
|
passed++;
|
|
64
65
|
|
|
65
|
-
// Check each expected agent from manifest packs
|
|
66
|
-
const expectedAgents = {
|
|
67
|
-
core: ['agent-strategist', 'agent-architect-dev', 'agent-quality', 'agent-orchestrator'],
|
|
68
|
-
osint: ['agent-shadow'],
|
|
69
|
-
maker: ['agent-maker'],
|
|
70
|
-
seo: ['pack-seo'],
|
|
71
|
-
backup: ['pack-backup'],
|
|
72
|
-
animated: ['pack-animated'],
|
|
73
|
-
};
|
|
74
|
-
|
|
66
|
+
// Check each expected agent from manifest packs using shared EXPECTED_AGENTS module
|
|
75
67
|
for (const pack of (manifest.packs || ['core'])) {
|
|
76
|
-
const
|
|
77
|
-
|
|
68
|
+
const entry = EXPECTED_AGENTS[pack];
|
|
69
|
+
if (!entry) continue;
|
|
70
|
+
|
|
71
|
+
// Check individual agent directories
|
|
72
|
+
for (const agent of (entry.agents || [])) {
|
|
78
73
|
checks++;
|
|
79
74
|
const agentPath = path.join(agentsDir, agent);
|
|
80
75
|
if (fs.existsSync(agentPath)) {
|
|
@@ -84,6 +79,18 @@ module.exports = {
|
|
|
84
79
|
warnings++;
|
|
85
80
|
}
|
|
86
81
|
}
|
|
82
|
+
|
|
83
|
+
// Check pack directory if applicable
|
|
84
|
+
if (entry.packDir) {
|
|
85
|
+
checks++;
|
|
86
|
+
const packPath = path.join(agentsDir, entry.packDir);
|
|
87
|
+
if (fs.existsSync(packPath)) {
|
|
88
|
+
passed++;
|
|
89
|
+
} else {
|
|
90
|
+
clack.log.warn(`⚠️ Missing pack directory: ${entry.packDir} (pack: ${pack})`);
|
|
91
|
+
warnings++;
|
|
92
|
+
}
|
|
93
|
+
}
|
|
87
94
|
}
|
|
88
95
|
} else {
|
|
89
96
|
clack.log.error('❌ No .agents/skills/ directory found');
|
|
@@ -153,37 +160,27 @@ module.exports = {
|
|
|
153
160
|
checks++;
|
|
154
161
|
try {
|
|
155
162
|
const yaml = require('js-yaml');
|
|
156
|
-
const installModule = require('./install');
|
|
157
|
-
const installSrc = fs.readFileSync(path.join(__dirname, 'install.js'), 'utf8');
|
|
158
|
-
const packsMatch = installSrc.match(/const PACKS\s*=\s*\{/);
|
|
159
|
-
|
|
160
163
|
const moduleYamlSrc = path.join(__dirname, '..', '..', '..', 'src', 'bmad-plus', 'module.yaml');
|
|
161
|
-
if (
|
|
164
|
+
if (fs.existsSync(moduleYamlSrc)) {
|
|
162
165
|
const moduleContent = yaml.load(fs.readFileSync(moduleYamlSrc, 'utf8'));
|
|
163
166
|
const modulePackIds = Object.keys(moduleContent.packs || {});
|
|
164
167
|
|
|
165
|
-
//
|
|
166
|
-
|
|
167
|
-
// We compare against module.yaml packs
|
|
168
|
-
const installContent = fs.readFileSync(path.join(__dirname, 'install.js'), 'utf8');
|
|
169
|
-
const packKeyMatches = installContent.match(/^\s+'?([a-z][-a-z]*)'?\s*:\s*\{/gm);
|
|
170
|
-
const installPackIds = packKeyMatches
|
|
171
|
-
? packKeyMatches.map(m => m.trim().replace(/[':{ ]/g, '').replace(/-/g, '-'))
|
|
172
|
-
: [];
|
|
168
|
+
// Use shared PACKS module instead of fragile regex on install.js source
|
|
169
|
+
const cliPackIds = Object.keys(PACKS);
|
|
173
170
|
|
|
174
171
|
// Find mismatches
|
|
175
|
-
const
|
|
176
|
-
const missingInModule =
|
|
172
|
+
const missingInCLI = modulePackIds.filter(p => !cliPackIds.includes(p));
|
|
173
|
+
const missingInModule = cliPackIds.filter(p => !modulePackIds.includes(p));
|
|
177
174
|
|
|
178
|
-
if (
|
|
175
|
+
if (missingInCLI.length === 0 && missingInModule.length === 0) {
|
|
179
176
|
clack.log.success(`✅ PACKS ↔ module.yaml in sync (${modulePackIds.length} packs)`);
|
|
180
177
|
passed++;
|
|
181
178
|
} else {
|
|
182
|
-
if (
|
|
183
|
-
clack.log.warn(`⚠️ Packs in module.yaml but missing from
|
|
179
|
+
if (missingInCLI.length > 0) {
|
|
180
|
+
clack.log.warn(`⚠️ Packs in module.yaml but missing from CLI PACKS: ${missingInCLI.join(', ')}`);
|
|
184
181
|
}
|
|
185
182
|
if (missingInModule.length > 0) {
|
|
186
|
-
clack.log.warn(`⚠️ Packs in
|
|
183
|
+
clack.log.warn(`⚠️ Packs in CLI PACKS but missing from module.yaml: ${missingInModule.join(', ')}`);
|
|
187
184
|
}
|
|
188
185
|
warnings++;
|
|
189
186
|
}
|