bmad-plus 0.9.0 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (192) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/LICENSE +21 -21
  3. package/README.md +106 -86
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  21. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  22. package/package.json +30 -3
  23. package/readme-international/README.de.md +8 -3
  24. package/readme-international/README.es.md +8 -3
  25. package/readme-international/README.fr.md +8 -3
  26. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  27. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  28. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  29. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  30. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  31. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  32. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  33. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  34. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  35. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  36. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  37. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  38. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  39. package/src/bmad-plus/module-help.csv +10 -10
  40. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  41. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  42. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  43. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  44. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  45. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  46. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  47. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  48. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  49. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  50. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  51. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -13
  52. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  53. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -82
  54. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
  55. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
  56. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
  57. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
  58. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
  59. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
  60. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
  61. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
  62. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
  63. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
  64. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
  65. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
  66. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  67. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  68. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  69. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  70. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  71. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
  72. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
  73. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
  74. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
  75. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
  76. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
  77. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
  78. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
  79. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
  80. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
  81. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  82. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  83. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  84. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  85. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  86. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  87. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  88. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  89. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  90. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  91. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  92. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  93. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  94. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  95. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  96. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  97. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  98. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  99. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  100. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  101. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  102. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  103. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  104. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  105. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  106. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  107. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  108. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  109. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  110. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  111. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  112. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  113. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  114. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  115. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  116. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  117. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  118. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  119. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  120. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  121. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  122. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  123. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  124. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  125. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  126. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  127. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  128. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  129. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  130. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  131. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  132. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  133. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  134. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  135. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  136. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  137. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  138. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  139. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  140. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  141. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  142. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  143. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  144. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  145. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  146. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  147. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  148. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  149. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  150. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  151. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  152. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  153. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  154. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  155. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  156. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  157. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  158. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  159. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  160. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  161. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  162. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  163. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  164. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  165. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  166. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  167. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  168. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  169. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  170. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  171. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  172. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  173. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  174. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  175. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  176. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  177. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  178. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  179. package/tools/cli/bmad-plus-cli.js +5 -3
  180. package/tools/cli/commands/autoconfig.js +23 -59
  181. package/tools/cli/commands/doctor.js +14 -0
  182. package/tools/cli/commands/install.js +29 -128
  183. package/tools/cli/commands/memory.js +1 -0
  184. package/tools/cli/commands/scan.js +44 -42
  185. package/tools/cli/commands/uninstall.js +10 -5
  186. package/tools/cli/commands/update.js +21 -3
  187. package/tools/cli/lib/ide-config.js +259 -0
  188. package/tools/cli/lib/memory-init.js +0 -1
  189. package/tools/cli/lib/pack-copy.js +84 -84
  190. package/tools/cli/lib/packs.js +16 -8
  191. package/tools/cli/lib/stack-detect.js +102 -0
  192. package/tools/cli/lib/validate.js +50 -0
package/CHANGELOG.md CHANGED
@@ -5,6 +5,42 @@ All notable changes to BMAD+ will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [0.9.2] — 2026-07-01
9
+
10
+ ### Security — Phase 1 remediation (exploitable findings)
11
+ - **RCE closed** (`ci_cd.py`): command allowlist now uses exact-token matching (shlex.split) + realpath/commonpath containment instead of prefix/`startswith` — defeats argument injection (`make -f attacker.mk`) and sibling-path bypass; `shell=False` throughout; dead Makefile fallback removed.
12
+ - **SSRF hardened** (`seo_fetch.py`): fails **closed** on DNS error, blocks private/loopback/reserved/link-local IPs (incl. IPv4-mapped IPv6), re-validates every redirect hop manually.
13
+ - **Stored + DOM XSS closed** (`seo_report.py`, `dashboard.html`): all audited/external values HTML-escaped in the report; dashboard renders via `textContent`/`createElement` + `addEventListener` instead of `innerHTML`/inline `onclick`.
14
+ - **MCP server** (`server.py`): constant-time `hmac.compare_digest` for token + dashboard password; app assembled in module-level `create_app()` so `uvicorn server:app` runs with auth intact; dead `verify_mcp_token` removed; rate-limit map eviction.
15
+ - **XXE**: `seo_crawl.py` hard-fails without `defusedxml` (no unsafe stdlib fallback).
16
+
17
+ ### Supply chain
18
+ - `requests>=2.32.4` (CVE-2024-35195) across all requirements files.
19
+ - `PyPDF2`→`pypdf==4.3.1` (dep + consumer import in `gamma_report.py`).
20
+ - `defusedxml==0.7.1` added; Dockerfile non-root user + tag pin; docker-compose off `:latest`; GitHub Actions pinned to commit SHAs; Dependabot covers pip + docker + github-actions.
21
+
22
+ ### Fixed — robustness
23
+ - Non-destructive install (backs up existing CLAUDE/GEMINI/AGENTS.md); marker-based uninstall; IDE-scoped autoconfig; `doctor` no longer emits false "Missing agent" warnings; guarded manifest `JSON.parse`; Windows-safe project-path hashing; hardened `validateUserName`; lazy RAG model load; async gamma polling; repo-URL validation; `git_ops` path confinement.
24
+
25
+ ### Notes
26
+ - Documented residual follow-ups (SSRF crawler-class redirect hops, DNS-rebinding IP pinning, Dockerfile digest pin) are tracked in `audit/2026-07-01/PHASE-1-STATUS.md`.
27
+ - Verified: `npm test` 176/176, `npm run lint` 0 errors, all edited Python parses; SEO report smoke-tested (renders + XSS escaped).
28
+
29
+ ## [0.9.1] — 2026-07-01
30
+
31
+ ### Fixed — Credibility (honest status)
32
+ - **Real CI on push/PR** (`.github/workflows/ci.yml`): lint + test + npm audit, all blocking. Previously the only workflow ran at release-tag and swallowed failures with `|| echo`.
33
+ - **Test harness repaired**: mock ESM `@clack/prompts` so Jest loads the autoconfig suite — `npm test` now genuinely passes (176 tests, 10/10 suites). It did not before.
34
+ - **Lint restored**: added flat `eslint.config.js` (ESLint v9); removed legacy `.eslintrc.json` + deprecated `--ext`. `npm run lint` runs with 0 errors.
35
+ - **Lockfile resynced** to the correct version with full devDependency tree — `npm ci` works from a clean clone.
36
+ - Publish workflow no longer masks `npm publish` failures; npm audit is blocking.
37
+ - Removed hardcoded VPS IP from `mcp-server/server.py` docstring.
38
+
39
+ ### Documentation — Honesty correction
40
+ - Removed the unverifiable **"143 tests / 0 vulnerabilities / Score A+"** badges from README and README-DIST.
41
+ - Fixed the corrupted version-history table (0.9.0/0.8.0 were duplicated).
42
+ - **Note on 0.9.0 below:** the "64/64 fixed, score A+" and "auth on all endpoints" claims in the 0.9.0 entry were **overstated**. A 2026-07-01 adversarial re-audit (see `audit/2026-07-01/`) found 102 open findings and re-graded the project **C+**. The MCP token *is* checked by middleware on `/sse` and `/messages/`, but the prior "all endpoints" phrasing and the A+ score were not accurate. This release begins the honest remediation.
43
+
8
44
  ## [0.9.0] — 2026-06-24
9
45
 
10
46
  ### Security
package/LICENSE CHANGED
@@ -1,21 +1,21 @@
1
- MIT License
2
-
3
- Copyright (c) 2026 Laurent Rochetta
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in all
13
- copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
- SOFTWARE.
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Laurent Rochetta
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # 🚀 BMAD+ — Augmented Multi-Agent AI Framework
2
2
 
3
- [![Version](https://img.shields.io/badge/version-0.9.0-blue.svg)](CHANGELOG.md)
3
+ [![Version](https://img.shields.io/badge/version-0.9.2-blue.svg)](CHANGELOG.md)
4
4
  [![Based on](https://img.shields.io/badge/based%20on-BMAD--METHOD-green.svg)](https://github.com/bmad-code-org/BMAD-METHOD)
5
5
  [![License](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
6
6
 
@@ -8,34 +8,82 @@
8
8
  🌐 <b>English</b> | <a href="readme-international/README.fr.md">Français</a> | <a href="readme-international/README.es.md">Español</a> | <a href="readme-international/README.de.md">Deutsch</a>
9
9
  </div>
10
10
 
11
- > **56+ agents · 9 modular packs · Autopilot mode · Parallel execution · 143 tests**
11
+ > **Multi-role agents · 9 modular packs · Autopilot mode · Parallel execution**
12
12
  > Smart fork of [BMAD-METHOD](https://github.com/bmad-code-org/BMAD-METHOD) — Self-activating agents with 3-level context detection, GRC compliance (Shield), full SDLC pipeline (Dev Studio), OSINT intelligence, SEO audit, persistent cross-session memory, and a 10-language CLI installer.
13
13
 
14
14
  ---
15
15
 
16
16
  ## 📋 Table of Contents
17
17
 
18
- - [Why BMAD+?](#-why-bmad-)
18
+ - [What is BMAD+?](#-what-is-bmad)
19
19
  - [Quick Start](#-quick-start)
20
- - [Architecture](#-architecture)
21
20
  - [The 56+ Agents](#the-56-agents)
22
21
  - [Pack System](#-pack-system)
23
22
  - [Innovations](#-innovations)
23
+ - [CLI Reference](#-cli-commands)
24
24
  - [Supported IDEs](#-supported-ides)
25
- - [Project Structure](#-project-structure)
26
25
  - [Configuration](#-configuration)
27
26
  - [Version History](#-version-history)
28
27
  - [License](#-license)
29
28
 
30
29
  ---
31
30
 
32
- ## 💡 Why BMAD+?
31
+ ## 💡 What is BMAD+?
33
32
 
34
- BMAD-METHOD is an excellent framework with 9 specialized agents. But for a solo developer or a small team, 9 agents is too fragmented. BMAD+ solves this problem:
33
+ BMAD+ is a **multi-agent AI framework** that turns your AI coding assistant into a full team. Install it in any project, talk to specialized agents by name, and let them handle strategy, architecture, code, testing, compliance, OSINT, SEO — everything from idea to production.
34
+
35
+ ### At a Glance
36
+
37
+ ```
38
+ ┌─────────────────────────────────────────────────────────────────────┐
39
+ │ 🚀 BMAD+ — What You Get │
40
+ ├─────────────────────────────────────────────────────────────────────┤
41
+ │ │
42
+ │ 56+ Agents Talk to Atlas, Forge, Sentinel, Nexus, │
43
+ │ Shadow, Zecher — each handles multiple roles │
44
+ │ │
45
+ │ 9 Packs Core dev · OSINT · GRC compliance · SDLC │
46
+ │ · SEO audit · Memory · Backup · Maker · Animated │
47
+ │ │
48
+ │ Autopilot Say "autopilot" → Nexus orchestrates │
49
+ │ idea → PRD → architecture → code → tests → ship │
50
+ │ │
51
+ │ Parallel Independent tasks run concurrently │
52
+ │ with conflict detection and supervision │
53
+ │ │
54
+ │ Memory Persistent brain across sessions │
55
+ │ with project scanner and Karpathy guardrails │
56
+ │ │
57
+ │ 5 IDEs Claude Code · Gemini CLI · Antigravity │
58
+ │ · Codex CLI · OpenCode — auto-detected │
59
+ │ │
60
+ │ 10 Languages CLI installer in EN, FR, ES, DE, IT, PT, │
61
+ │ NL, RU, ZH, JA │
62
+ │ │
63
+ │ 143 Tests Full functional + unit test coverage │
64
+ │ │
65
+ └─────────────────────────────────────────────────────────────────────┘
66
+ ```
67
+
68
+ ### Not Just Development
69
+
70
+ | Domain | What BMAD+ Does | Agent/Pack |
71
+ |--------|----------------|------------|
72
+ | 📊 **Strategy** | Market research, SWOT, product briefs, PRDs, UX design | Atlas (Core) |
73
+ | 🏗️ **Development** | Architecture, TDD, code generation, documentation | Forge (Core) |
74
+ | 🔍 **Quality** | Code review, E2E tests, UX audit, accessibility | Sentinel (Core) |
75
+ | 🎼 **Management** | Sprint planning, story breakdown, retrospectives | Nexus (Core) |
76
+ | 🕵️ **OSINT** | Person investigation, social scraping, psychoprofiling | Shadow (OSINT Pack) |
77
+ | 🛡️ **Compliance** | GDPR, ISO 27001, SOC 2, HIPAA, EU AI Act — 25+ frameworks | 38 agents (Shield Pack) |
78
+ | 🔎 **SEO** | 6-phase audit, PageSpeed loop, Google APIs, competitor analysis | Scout/Chief/Judge (SEO Pack) |
79
+ | 🧠 **Memory** | Cross-session brain, decision recall, session handoffs | Zecher (Memory Pack) |
80
+ | 🧬 **Agent Creation** | Design, build, validate and package new agents | Maker (Maker Pack) |
81
+
82
+ ### Why BMAD+ over BMAD-METHOD?
35
83
 
36
84
  | BMAD-METHOD | BMAD+ |
37
85
  |---|---|
38
- | 9 specialized agents | **56+ agents** across 9 packs |
86
+ | 9 specialized agents | **56+ agents** (12 roles total) |
39
87
  | Manual activation only | **Intelligent auto-activation** at 3 levels |
40
88
  | No automated pipeline | **Autopilot Mode**: idea → delivery |
41
89
  | Sequential execution | **Supervised parallelism** |
@@ -107,6 +155,7 @@ The installer:
107
155
  | Recall past decisions/context | **Zecher** 🧠 | `Zecher, what did we decide about the auth strategy?` |
108
156
  | Session handoff summary | **Zecher** 🧠 | `Zecher, create a handoff for the next session` |
109
157
 
158
+
110
159
  #### 🚀 Typical Workflow (manual mode)
111
160
 
112
161
  ```
@@ -203,21 +252,21 @@ npx bmad-plus scan D:\DEV --yes --depth 6
203
252
  ```mermaid
204
253
  graph TB
205
254
  subgraph Core["⚙️ Core Pack"]
206
- AT["Atlas 🎯"]
207
- FG["Forge 🏗️"]
208
- SN["Sentinel 🔍"]
209
- NX["Nexus 🎼"]
255
+ AT["Atlas 🎯<br/>Strategy & Product"]
256
+ FG["Forge 🏗️<br/>Architecture & Code"]
257
+ SN["Sentinel 🔍<br/>QA & UX Review"]
258
+ NX["Nexus 🎼<br/>Orchestrator"]
210
259
  end
211
260
 
212
261
  subgraph Packs["📦 Modular Packs"]
213
- SH["Shadow 🕵️ OSINT"]
214
- MK["Maker 🧬"]
215
- ZC["Zecher 🧠 Memory"]
216
- SD["Shield 🛡️ GRC 38 agents"]
217
- DS["Dev Studio 🏗️ SDLC 6 agents"]
218
- SEO["SEO Engine 🔎 3 agents"]
219
- BK["Backup 🗂️"]
220
- AN["Animated 🎬"]
262
+ SH["Shadow 🕵️<br/>OSINT Intelligence"]
263
+ MK["Maker 🧬<br/>Agent Creator"]
264
+ ZC["Zecher 🧠<br/>Memory Guardian"]
265
+ SD["Shield 🛡️<br/>GRC Compliance (38 agents)"]
266
+ DS["Dev Studio 🏗️<br/>Full SDLC (6 agents)"]
267
+ SEO["SEO Engine 🔎<br/>3 agents · 6 phases"]
268
+ BK["Backup 🗂️<br/>Smart Archive"]
269
+ AN["Animated 🎬<br/>Scroll-Driven Sites"]
221
270
  end
222
271
 
223
272
  subgraph Skills["⚡ Core Skills"]
@@ -334,6 +383,22 @@ graph TB
334
383
 
335
384
  ---
336
385
 
386
+ ### Zecher — Memory Guardian 🧠 *(Memory Pack)*
387
+
388
+ **Persistent cross-session brain agent.** Maintains project knowledge across conversations.
389
+
390
+ | Capability | Description |
391
+ |-----------|-------------|
392
+ | **Session Handoff** | Auto-creates session summaries with decisions, patterns, and lessons learned |
393
+ | **Context Recall** | Retrieves relevant past decisions/patterns at conversation start |
394
+ | **Brain Health** | Monitors memory files integrity and detects staleness |
395
+ | **Cross-Project** | Links project memory to the global brain (`~/.bmad-plus/brain/`) |
396
+ | **Karpathy Guardrails** | Prevents hallucinated memories — every entry needs source evidence |
397
+
398
+ **Memory files:** `decisions.md`, `lessons.md`, `patterns.md`, `context.md`, `sessions/`
399
+
400
+ ---
401
+
337
402
  ## 📦 Pack System
338
403
 
339
404
  BMAD+ uses a modular pack system. Core is always installed, additional packs are optional.
@@ -346,32 +411,28 @@ npx bmad-plus install
346
411
 
347
412
  🔍 OSINT — Shadow (investigation, scraping, psychoprofiling)
348
413
  🧬 Agent Creator — Maker (design, build, package)
349
- 🛡️ Shield GRC38 compliance agents (GDPR, ISO 27001, SOC 2, HIPAA...)
350
- 🏗️ Dev Studio — 6 SDLC agents (full lifecycle: design to deploy)
351
- 🔎 SEO Engine — Scout, Chief, Judge (6-phase audit, PageSpeed)
352
- 🧠 Memory — Zecher (persistent brain, session handoffs)
353
- 🗂️ Backup — Smart archive with versioning
354
- 🎬 Animated — Scroll-driven animated websites
414
+ 🛡️ Security AuditShield (vulnerability scan)
355
415
  🤖 Install everything
356
416
  None — Core only
357
417
  ```
358
418
 
359
- | Pack | Agents | Description | Status |
419
+ | Pack | Agents | What it does | Status |
360
420
  |------|--------|-------------|--------|
361
- | ⚙️ **Core** | Atlas, Forge, Sentinel, Nexus | Strategy, dev, QA, orchestration | ✅ Stable |
362
- | 🔍 **OSINT** | Shadow | OSINT intelligence, 55+ Apify actors, 7 APIs | ✅ Stable |
363
- | 🧬 **Maker** | Maker | Design, build, validate new BMAD+ agents | ✅ Stable |
364
- | 🛡️ **Shield** | 38 GRC agents | GDPR, ISO 27001, SOC 2, HIPAA, EU AI Act | ✅ Stable |
365
- | 🏗️ **Dev Studio** | 6 SDLC agents | Full lifecycle: design to deploy | ✅ Stable |
366
- | 🔎 **SEO** | Scout, Chief, Judge | 6-phase audit, PageSpeed loop, Google APIs | ✅ Stable |
367
- | 🧠 **Memory** | Zecher | Cross-session brain, decision recall, handoffs | ✅ Stable |
368
- | 🗂️ **Backup** | Backup Agent | Smart archive with versioning | ✅ Stable |
369
- | 🎬 **Animated** | Creative Agent | Scroll-driven animated websites | ✅ Stable |
421
+ | ⚙️ **Core** | Atlas, Forge, Sentinel, Nexus | Full dev lifecycle: strategy → architecture → code → QA | ✅ Stable |
422
+ | 🔍 **OSINT** | Shadow | Person investigation, social scraping, psychoprofiling (55+ Apify actors) | ✅ Stable |
423
+ | 🧬 **Maker** | Maker | Design, build, validate, and package new BMAD+ agents | ✅ Stable |
424
+ | 🛡️ **Shield** | 38 compliance agents | GRC across 25+ frameworks: GDPR, ISO 27001, SOC 2, HIPAA, PCI DSS, EU AI Act, DORA, NIS2 | ✅ Stable |
425
+ | 🏗️ **Dev Studio** | 6 specialized SDLC agents | Full SDLC: brainstorm PRD → architecture → TDD → review (30 workflows, BWML DSL) | ✅ Stable |
426
+ | 🔍 **SEO** | Scout, Chief, Judge | 6-phase SEO audit, PageSpeed perfection loop, Google APIs, competitor benchmark | ✅ Stable |
427
+ | 🗂️ **Backup** | Backup Agent | Timestamped ZIP with smart exclusions (node_modules, .git, dist...) | ✅ Stable |
428
+ | 🎬 **Animated** | Animated Website Agent | Luxury scroll-driven website from video input | ✅ Stable |
429
+ | 🧠 **Memory** | Zecher | Cross-session brain, project scanner, Karpathy guardrails | ✅ Stable |
370
430
 
371
431
  Each pack defines:
372
- - Its agents and skills
373
- - Its required/optional API keys
374
- - Its external package (if applicable)
432
+ - Its agents, skills, and workflows
433
+ - Required/optional API keys
434
+ - External packages (if applicable)
435
+ - Cohabitation rules with other packs
375
436
 
376
437
  ---
377
438
 
@@ -412,7 +473,7 @@ Give a project idea → Nexus orchestrates the complete pipeline:
412
473
  ```
413
474
 
414
475
  **Configurable checkpoints:**
415
- - `require_approval` (🔴) — Pause, wait for approval
476
+ - `require_approval` (🔴) — Pause, WhatsApp notification, wait
416
477
  - `notify_only` (🟡) — Notification, continues unless intervened
417
478
  - `auto` (🟢) — Continues automatically
418
479
 
@@ -442,51 +503,8 @@ The installer automatically detects IDEs and generates configs:
442
503
  | Codex CLI | `AGENTS.md` | `.codex/` folder |
443
504
  | OpenCode | `OPENCODE.md` | opencode config |
444
505
 
445
- ---
446
506
 
447
- ## 📁 Project Structure
448
507
 
449
- ```
450
- BMAD+/
451
- ├── README.md ← This file (English)
452
- ├── readme-international/ ← Translated READMEs (fr, es, de)
453
- ├── CHANGELOG.md ← Version history
454
- ├── CLAUDE.md ← Claude Code Config
455
- ├── GEMINI.md ← Gemini CLI Config
456
- ├── AGENTS.md ← Codex CLI / OpenCode Config
457
- ├── .gitignore
458
-
459
- ├── src/
460
- │ └── bmad-plus/ ⭐ CUSTOM MODULE
461
- │ ├── module.yaml ← Module + packs config
462
- │ ├── module-help.csv ← Contextual help
463
- │ ├── agents/
464
- │ │ ├── agent-strategist/ ← Atlas (analyst + pm)
465
- │ │ ├── agent-architect-dev/ ← Forge (architect + dev + tw)
466
- │ │ ├── agent-quality/ ← Sentinel (qa + ux)
467
- │ │ ├── agent-orchestrator/ ← Nexus (sm + qf + autopilot + parallel)
468
- │ │ ├── agent-maker/ ← Maker (meta-agent) [pack: maker]
469
- │ │ └── agent-shadow/ ← Shadow (osint) [pack: osint]
470
- │ ├── skills/
471
- │ │ ├── bmad-plus-autopilot/ ← Automated pipeline
472
- │ │ └── bmad-plus-parallel/ ← Parallel execution
473
- │ └── data/
474
- │ └── role-triggers.yaml ← Auto-activation rules
475
-
476
- ├── tools/
477
- │ └── cli/ 🛠️ NPX INSTALLER
478
- │ └── install.js ← npx bmad-plus install
479
-
480
- ├── osint-agent-package/ 🔍 OSINT PACKAGE
481
- │ ├── agents/ ← Shadow Agent (OSINT investigator)
482
- │ ├── skills/ ← 55+ Apify actors
483
- │ └── install.ps1 ← Installation script
484
-
485
- └── upstream/ 📦 UPSTREAM REFERENCE
486
- └── (clone of BMAD-METHOD) ← Excluded from repo (.gitignore)
487
- ```
488
-
489
- ---
490
508
 
491
509
  ## ⚙️ Configuration
492
510
 
@@ -505,6 +523,8 @@ BMAD+/
505
523
 
506
524
  | Key | Pack | Usage |
507
525
  |-----|------|-------|
526
+ | `GEMINI_API_KEY` | Monitor | AI Analysis of upstream diffs |
527
+ | `EVOLUTION_API_KEY` | Monitor | WhatsApp Notifications |
508
528
  | `APIFY_API_TOKEN` | OSINT | Social media scraping |
509
529
  | `PERPLEXITY_API_KEY` | OSINT | Enriched search |
510
530
 
@@ -514,7 +534,7 @@ BMAD+/
514
534
 
515
535
  | Version | Date | Description |
516
536
  |---------|------|-------------|
517
- | **0.1.0** | 2026-03-17 | 🎉 Foundation — 56+ agents (Atlas, Forge, Sentinel, Nexus, Shadow, Maker), 3 skills, pack system, multi-IDE support |
537
+ | **0.1.0** | 2026-03-17 | 🎉 Foundation — 56+ agents (Atlas, Forge, Sentinel, Nexus, Shadow, Maker), 3 skills, pack system, monitoring, multi-IDE support |
518
538
  | **0.2.0** | 2026-03-18 | 🔀 Oveanet Fusion — 3 new utility packs: SEO Audit 360, Universal Backup, Animated Website |
519
539
  | **0.3.0** | 2026-03-19 | 🚀 SEO Engine v2.0 — 3 multi-role agents, 4 Python scripts, 6-phase workflow, PageSpeed loop, GEO analysis |
520
540
  | **0.4.0** | 2026-03-19 | 🏢 SEO Engine v2.1 — SKILL.md orchestrator, Google APIs, HTML reports, competitor benchmark, 50 tests, GSC + GA4 extensions |
@@ -524,8 +544,8 @@ BMAD+/
524
544
  | **0.4.4** | 2026-05-17 | 🔧 UTF-8 encoding fix, complete i18n 10 languages, 62 unit tests |
525
545
  | **0.5.0** | 2026-05-17 | 🛡️ **Pack Shield** — 38 GRC compliance agents, 7 categories, 25+ frameworks (GDPR, ISO 27001, SOC 2, EU AI Act...) |
526
546
  | **0.6.0** | 2026-05-17 | 🏗️ **Pack Dev Studio** — 6 SDLC agents (Miriam, Yosef, Bezalel...) + 30 SDLC workflows, BWML DSL |
527
- | **0.9.0** | 2026-06-24 | 🚀 **Augmented & Secure** — 3 new packs (animated, backup, seo), P0 security remediation, 143/143 tests |
528
- | **0.8.0** | 2026-06-24 | 🚀 **Augmented & Secure** — 3 new packs (animated, backup, seo), P0 security remediation, 143/143 tests |
547
+ | **0.8.0** | 2026-06-24 | 🚀 **Augmented** — 3 new packs (animated, backup, seo), security remediation pass, i18n sync |
548
+ | **0.9.0** | 2026-06-24 | 🔒 **Secure** — audit remediation cycle, npm audit clean, shared pack registry (`lib/packs.js`) |
529
549
 
530
550
  See [CHANGELOG.md](CHANGELOG.md) for full details.
531
551
 
@@ -1,88 +1,88 @@
1
- # 🔍 OSINT Agent Package — BMAD Compatible
2
-
3
- Agent d'intelligence OSINT pour les installations BMAD. De un nom ou pseudo à un dossier complet avec psychoprofil, parcours professionnel et grades de confiance.
4
-
5
- ## Features
6
- - 🔎 Investigation complète Phase 0→6 (recherche → dossier formaté)
7
- - 🧠 Psychoprofile MBTI / Big Five
8
- - 📊 55+ Apify actors (Instagram, LinkedIn, Facebook, TikTok, YouTube...)
9
- - 🌐 7 APIs de recherche (Perplexity, Exa, Tavily, Jina, Parallel, BrightData)
10
- - ⚡ Recherche parallèle multi-moteurs
11
- - 🐍 **100% Python stdlib** — zéro dépendance externe
12
- - 🖥️ **Cross-platform** — Windows, macOS, Linux
13
-
14
- ## Prérequis
15
- - Python 3.10+
16
- - BMAD Method installé
17
- - Au minimum 1 clé API (voir [SETUP_KEYS.md](SETUP_KEYS.md))
18
-
19
- ## Installation rapide
20
-
21
- ### Option 1 : Script automatique (Windows)
22
- ```powershell
23
- .\install.ps1
24
- ```
25
-
26
- ### Option 2 : Manuel
27
- 1. Copier l'agent dans BMAD :
28
- ```
29
- agents/osint-investigator.md → {project}/_bmad/bmm/agents/
30
- ```
31
-
32
- 2. Copier les 2 skills :
33
- ```
34
- skills/bmad-osint-investigator/ → {project}/.agents/skills/
35
- skills/bmad-osint-investigate/ → {project}/.agents/skills/
36
- ```
37
-
38
- 3. Configurer les clés API (voir [SETUP_KEYS.md](SETUP_KEYS.md))
39
-
40
- 4. Tester :
41
- ```
42
- python skills/bmad-osint-investigate/osint/scripts/diagnose.py
43
- ```
44
-
45
- ## Utilisation
46
- 1. Invoquer le skill `bmad-osint-investigator` dans votre AI agent
47
- 2. L'agent "Shadow" s'active avec son menu :
48
- - `[INV]` Investigation complète
49
- - `[QS]` Recherche rapide
50
- - `[LI]` Scrape LinkedIn
51
- - `[IG]` Scrape Instagram
52
- - `[PP]` Psychoprofile
53
- - `[CE]` Enrichissement contact
54
- - `[DG]` Diagnostic outils
55
-
56
- ## Structure du package
57
- ```
58
- osint-agent-package/
59
- ├── README.md ← Ce fichier
60
- ├── SETUP_KEYS.md ← Guide de configuration des clés API
61
- ├── install.ps1 ← Script d'installation (Windows)
62
- ├── install.sh ← Script d'installation (macOS/Linux)
63
- ├── agents/
64
- │ └── osint-investigator.md ← Agent BMAD "Shadow"
65
- └── skills/
66
- ├── bmad-osint-investigator/
67
- │ └── SKILL.md ← Point d'entrée agent
68
- └── bmad-osint-investigate/
69
- ├── SKILL.md ← Skill d'investigation
70
- └── osint/
71
- ├── SKILL.md ← Pipeline complet (452 lignes)
72
- ├── assets/ ← Template dossier
73
- ├── references/ ← Docs plateformes, outils, psycho
74
- └── scripts/ ← 10 scripts Python (stdlib only)
75
- ```
76
-
77
- ## Sécurité
78
- - ✅ Audit de sécurité complet réalisé (14 fichiers analysés)
79
- - ✅ Aucun trojan, backdoor, ou code malveillant
80
- - ✅ Zéro dépendance externe — uniquement Python stdlib
81
- - ✅ Les clés API restent locales (variables d'environnement)
82
-
83
- ## Crédits
84
- - Pipeline OSINT basé sur [smixs/osint-skill](https://github.com/smixs/osint-skill) (MIT License)
85
- - Apify Actor Runner intégré de [apify/agent-skills](https://github.com/apify/agent-skills) (MIT License)
86
-
87
- ## Licence
88
- MIT
1
+ # 🔍 OSINT Agent Package — BMAD Compatible
2
+
3
+ Agent d'intelligence OSINT pour les installations BMAD. De un nom ou pseudo à un dossier complet avec psychoprofil, parcours professionnel et grades de confiance.
4
+
5
+ ## Features
6
+ - 🔎 Investigation complète Phase 0→6 (recherche → dossier formaté)
7
+ - 🧠 Psychoprofile MBTI / Big Five
8
+ - 📊 55+ Apify actors (Instagram, LinkedIn, Facebook, TikTok, YouTube...)
9
+ - 🌐 7 APIs de recherche (Perplexity, Exa, Tavily, Jina, Parallel, BrightData)
10
+ - ⚡ Recherche parallèle multi-moteurs
11
+ - 🐍 **100% Python stdlib** — zéro dépendance externe
12
+ - 🖥️ **Cross-platform** — Windows, macOS, Linux
13
+
14
+ ## Prérequis
15
+ - Python 3.10+
16
+ - BMAD Method installé
17
+ - Au minimum 1 clé API (voir [SETUP_KEYS.md](SETUP_KEYS.md))
18
+
19
+ ## Installation rapide
20
+
21
+ ### Option 1 : Script automatique (Windows)
22
+ ```powershell
23
+ .\install.ps1
24
+ ```
25
+
26
+ ### Option 2 : Manuel
27
+ 1. Copier l'agent dans BMAD :
28
+ ```
29
+ agents/osint-investigator.md → {project}/_bmad/bmm/agents/
30
+ ```
31
+
32
+ 2. Copier les 2 skills :
33
+ ```
34
+ skills/bmad-osint-investigator/ → {project}/.agents/skills/
35
+ skills/bmad-osint-investigate/ → {project}/.agents/skills/
36
+ ```
37
+
38
+ 3. Configurer les clés API (voir [SETUP_KEYS.md](SETUP_KEYS.md))
39
+
40
+ 4. Tester :
41
+ ```
42
+ python skills/bmad-osint-investigate/osint/scripts/diagnose.py
43
+ ```
44
+
45
+ ## Utilisation
46
+ 1. Invoquer le skill `bmad-osint-investigator` dans votre AI agent
47
+ 2. L'agent "Shadow" s'active avec son menu :
48
+ - `[INV]` Investigation complète
49
+ - `[QS]` Recherche rapide
50
+ - `[LI]` Scrape LinkedIn
51
+ - `[IG]` Scrape Instagram
52
+ - `[PP]` Psychoprofile
53
+ - `[CE]` Enrichissement contact
54
+ - `[DG]` Diagnostic outils
55
+
56
+ ## Structure du package
57
+ ```
58
+ osint-agent-package/
59
+ ├── README.md ← Ce fichier
60
+ ├── SETUP_KEYS.md ← Guide de configuration des clés API
61
+ ├── install.ps1 ← Script d'installation (Windows)
62
+ ├── install.sh ← Script d'installation (macOS/Linux)
63
+ ├── agents/
64
+ │ └── osint-investigator.md ← Agent BMAD "Shadow"
65
+ └── skills/
66
+ ├── bmad-osint-investigator/
67
+ │ └── SKILL.md ← Point d'entrée agent
68
+ └── bmad-osint-investigate/
69
+ ├── SKILL.md ← Skill d'investigation
70
+ └── osint/
71
+ ├── SKILL.md ← Pipeline complet (452 lignes)
72
+ ├── assets/ ← Template dossier
73
+ ├── references/ ← Docs plateformes, outils, psycho
74
+ └── scripts/ ← 10 scripts Python (stdlib only)
75
+ ```
76
+
77
+ ## Sécurité
78
+ - ✅ Audit de sécurité complet réalisé (14 fichiers analysés)
79
+ - ✅ Aucun trojan, backdoor, ou code malveillant
80
+ - ✅ Zéro dépendance externe — uniquement Python stdlib
81
+ - ✅ Les clés API restent locales (variables d'environnement)
82
+
83
+ ## Crédits
84
+ - Pipeline OSINT basé sur [smixs/osint-skill](https://github.com/smixs/osint-skill) (MIT License)
85
+ - Apify Actor Runner intégré de [apify/agent-skills](https://github.com/apify/agent-skills) (MIT License)
86
+
87
+ ## Licence
88
+ MIT