ma-agents 2.20.0 → 2.20.2

package/.kilocode/skills/verify-hardened-docker-skill/scripts/verify-docker-hardening.sh

@@ -1,439 +0,0 @@
-#!/bin/bash
-#
-# verify-docker-hardening.sh
-# Comprehensive Docker security verification script
-# Checks Dockerfile, docker-compose.yml, and running containers
-# against CIS, OWASP, and NIST standards
-#
-
-set -e
-
-# Colors for output
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-BLUE='\033[0;34m'
-NC='\033[0m' # No Color
-
-# Configuration
-IMAGE_NAME="${1:-contacts-app}"
-CONTAINER_NAME="${2:-contacts-app}"
-EXIT_CODE=0
-
-# Counters
-TOTAL_CHECKS=0
-PASSED_CHECKS=0
-FAILED_CHECKS=0
-WARNING_CHECKS=0
-
-# Helper functions
-print_header() {
-    echo ""
-    echo -e "${BLUE}========================================${NC}"
-    echo -e "${BLUE}$1${NC}"
-    echo -e "${BLUE}========================================${NC}"
-}
-
-print_check() {
-    TOTAL_CHECKS=$((TOTAL_CHECKS + 1))
-    echo -ne "  [$TOTAL_CHECKS] $1... "
-}
-
-pass() {
-    PASSED_CHECKS=$((PASSED_CHECKS + 1))
-    echo -e "${GREEN}✅ PASS${NC}"
-}
-
-fail() {
-    FAILED_CHECKS=$((FAILED_CHECKS + 1))
-    EXIT_CODE=2
-    echo -e "${RED}❌ FAIL${NC}"
-    [ -n "$1" ] && echo -e "      ${RED}→ $1${NC}"
-}
-
-warn() {
-    WARNING_CHECKS=$((WARNING_CHECKS + 1))
-    echo -e "${YELLOW}⚠️  WARN${NC}"
-    [ -n "$1" ] && echo -e "      ${YELLOW}→ $1${NC}"
-}
-
-critical() {
-    FAILED_CHECKS=$((FAILED_CHECKS + 1))
-    EXIT_CODE=1
-    echo -e "${RED}🚨 CRITICAL${NC}"
-    [ -n "$1" ] && echo -e "      ${RED}→ $1${NC}"
-}
-
-# Start verification
-echo -e "${BLUE}🔍 Docker Security Verification${NC}"
-echo -e "${BLUE}================================${NC}"
-echo "Image: $IMAGE_NAME"
-echo "Container: $CONTAINER_NAME"
-
-# ============================================================================
-# 1. Dockerfile Verification
-# ============================================================================
-print_header "1. Dockerfile Security"
-
-if [ ! -f "Dockerfile" ]; then
-    print_check "Dockerfile exists"
-    critical "Dockerfile not found in current directory"
-    EXIT_CODE=5
-    exit $EXIT_CODE
-fi
-
-# Check for specific version tags
-print_check "Specific version tags (no :latest)"
-if grep -qE "^FROM.*:(latest|alpine)$" Dockerfile; then
-    fail "Using :latest or unversioned :alpine tag"
-else
-    pass
-fi
-
-# Check for non-root user
-print_check "Non-root user configured"
-if grep -qE "^USER (root|[0-9]+)" Dockerfile; then
-    if grep -qE "^USER root" Dockerfile; then
-        fail "Running as root user"
-    else
-        pass
-    fi
-elif grep -qE "^USER [a-zA-Z]" Dockerfile; then
-    pass
-else
-    fail "No USER directive found"
-fi
-
-# Check for HEALTHCHECK
-print_check "HEALTHCHECK instruction"
-if grep -q "^HEALTHCHECK" Dockerfile; then
-    pass
-else
-    warn "Missing HEALTHCHECK instruction"
-fi
-
-# Check for hardcoded secrets
-print_check "No hardcoded secrets in ENV/ARG"
-if grep -iE "^(ENV|ARG).*(SECRET|PASSWORD|KEY|TOKEN|CLIENT_ID)=" Dockerfile | grep -v "REACT_APP_API_BASE_URL" > /dev/null; then
-    fail "Potential hardcoded secrets found"
-else
-    pass
-fi
-
-# Check for multi-stage build
-print_check "Multi-stage build pattern"
-if [ $(grep -c "^FROM" Dockerfile) -ge 2 ]; then
-    pass
-else
-    warn "Not using multi-stage build"
-fi
-
-# Check for Alpine base images
-print_check "Minimal Alpine base images"
-if grep -qE "^FROM.*alpine" Dockerfile; then
-    pass
-else
-    warn "Not using Alpine base images"
-fi
-
-# ============================================================================
-# 2. docker-compose.yml Verification
-# ============================================================================
-print_header "2. docker-compose.yml Security"
-
-if [ ! -f "docker-compose.yml" ]; then
-    print_check "docker-compose.yml exists"
-    warn "docker-compose.yml not found (optional)"
-else
-    # Check for read-only filesystem
-    print_check "Read-only root filesystem"
-    if grep -q "read_only: true" docker-compose.yml; then
-        pass
-    else
-        fail "Missing read_only: true"
-    fi
-
-    # Check for no-new-privileges
-    print_check "No new privileges"
-    if grep -q "no-new-privileges:true" docker-compose.yml; then
-        pass
-    else
-        fail "Missing security_opt: no-new-privileges:true"
-    fi
-
-    # Check for capability dropping
-    print_check "Capabilities dropped"
-    if grep -q "cap_drop:" docker-compose.yml; then
-        pass
-    else
-        fail "Missing cap_drop configuration"
-    fi
-
-    # Check for tmpfs mounts
-    print_check "Tmpfs mounts for writable dirs"
-    if grep -q "tmpfs:" docker-compose.yml; then
-        pass
-    else
-        fail "Missing tmpfs mounts"
-    fi
-
-    # Check for resource limits
-    print_check "Memory limits configured"
-    if grep -q "memory:" docker-compose.yml; then
-        pass
-    else
-        warn "Missing memory limits"
-    fi
-
-    print_check "CPU limits configured"
-    if grep -q "cpus:" docker-compose.yml; then
-        pass
-    else
-        warn "Missing CPU limits"
-    fi
-
-    # Check for health check
-    print_check "Healthcheck configured"
-    if grep -q "healthcheck:" docker-compose.yml; then
-        pass
-    else
-        warn "Missing healthcheck configuration"
-    fi
-
-    # Check for privileged mode
-    print_check "Not running in privileged mode"
-    if grep -q "privileged: true" docker-compose.yml; then
-        critical "Running in privileged mode"
-    else
-        pass
-    fi
-fi
-
-# ============================================================================
-# 3. .dockerignore Verification
-# ============================================================================
-print_header "3. .dockerignore Configuration"
-
-if [ ! -f ".dockerignore" ]; then
-    print_check ".dockerignore exists"
-    warn ".dockerignore not found"
-else
-    print_check ".env excluded from Docker context"
-    if grep -qE "^\.env$" .dockerignore; then
-        pass
-    else
-        critical ".env not in .dockerignore - secret leakage risk!"
-    fi
-
-    print_check "node_modules excluded"
-    if grep -q "node_modules" .dockerignore; then
-        pass
-    else
-        warn "node_modules not excluded"
-    fi
-
-    print_check ".git excluded"
-    if grep -qE "^\.git" .dockerignore; then
-        pass
-    else
-        warn ".git not excluded"
-    fi
-fi
-
-# ============================================================================
-# 4. Image Security Scanning
-# ============================================================================
-print_header "4. Image Vulnerability Scanning"
-
-# Check if image exists
-if ! docker images --format "{{.Repository}}" | grep -q "^${IMAGE_NAME}$"; then
-    print_check "Docker image exists"
-    warn "Image '$IMAGE_NAME' not found locally. Skipping image scans."
-    echo "      Run 'docker build -t $IMAGE_NAME .' to build the image."
-else
-    # Check if trivy is installed
-    if ! command -v trivy &> /dev/null; then
-        print_check "Trivy scanner installed"
-        warn "Trivy not installed. Skipping vulnerability scans."
-        echo "      Install: brew install aquasecurity/trivy/trivy (macOS)"
-        echo "             : apt-get install trivy (Linux)"
-    else
-        # Scan for CRITICAL vulnerabilities
-        print_check "No CRITICAL vulnerabilities"
-        if trivy image --quiet --severity CRITICAL --exit-code 1 "$IMAGE_NAME" > /dev/null 2>&1; then
-            pass
-        else
-            critical "CRITICAL vulnerabilities found. Run: trivy image --severity CRITICAL $IMAGE_NAME"
-        fi
-
-        # Scan for HIGH vulnerabilities
-        print_check "No HIGH vulnerabilities"
-        if trivy image --quiet --severity HIGH --exit-code 1 "$IMAGE_NAME" > /dev/null 2>&1; then
-            pass
-        else
-            fail "HIGH vulnerabilities found. Run: trivy image --severity HIGH $IMAGE_NAME"
-        fi
-
-        # Scan for leaked secrets
-        print_check "No leaked secrets in image"
-        if trivy image --quiet --scanners secret --exit-code 1 "$IMAGE_NAME" > /dev/null 2>&1; then
-            pass
-        else
-            critical "Secrets detected in image! Run: trivy image --scanners secret $IMAGE_NAME"
-        fi
-    fi
-
-    # Check image size
-    print_check "Optimized image size (< 100MB)"
-    IMAGE_SIZE=$(docker images --format "{{.Size}}" "$IMAGE_NAME" | head -1 | sed 's/MB//' | sed 's/GB/*1024/' | bc 2>/dev/null || echo "0")
-    if [ -n "$IMAGE_SIZE" ] && [ "$IMAGE_SIZE" != "0" ]; then
-        if (( $(echo "$IMAGE_SIZE < 100" | bc -l) )); then
-            pass
-        else
-            warn "Image size is ${IMAGE_SIZE}MB (recommended < 100MB)"
-        fi
-    else
-        warn "Could not determine image size"
-    fi
-
-    # Check for .env in image
-    print_check ".env file not baked into image"
-    if docker run --rm "$IMAGE_NAME" sh -c "ls -la / 2>/dev/null | grep -q .env"; then
-        critical ".env file found in image! Secrets leaked!"
-    else
-        pass
-    fi
-fi
-
-# ============================================================================
-# 5. Runtime Security (if container is running)
-# ============================================================================
-print_header "5. Runtime Security Verification"
-
-if ! docker ps --filter "name=$CONTAINER_NAME" --format "{{.Names}}" | grep -q "^$CONTAINER_NAME$"; then
-    echo -e "${YELLOW}  Container '$CONTAINER_NAME' is not running.${NC}"
-    echo -e "${YELLOW}  Run 'docker-compose up -d' to enable runtime checks.${NC}"
-else
-    # Check container runs as non-root
-    print_check "Container runs as non-root"
-    CONTAINER_USER=$(docker exec "$CONTAINER_NAME" whoami 2>/dev/null || echo "root")
-    if [ "$CONTAINER_USER" != "root" ]; then
-        pass
-    else
-        critical "Container running as root user!"
-    fi
-
-    # Check user ID is not 0
-    print_check "User ID is not 0 (root)"
-    USER_ID=$(docker exec "$CONTAINER_NAME" id -u 2>/dev/null || echo "0")
-    if [ "$USER_ID" != "0" ]; then
-        pass
-    else
-        critical "Container running with UID 0 (root)!"
-    fi
-
-    # Check read-only filesystem
-    print_check "Root filesystem is read-only"
-    if docker exec "$CONTAINER_NAME" sh -c "touch /test 2>/dev/null"; then
-        fail "Root filesystem is writable"
-        docker exec "$CONTAINER_NAME" sh -c "rm /test 2>/dev/null" || true
-    else
-        pass
-    fi
-
-    # Check tmpfs is writable
-    print_check "Tmpfs mount is writable"
-    if docker exec "$CONTAINER_NAME" sh -c "touch /tmp/test 2>/dev/null && rm /tmp/test 2>/dev/null"; then
-        pass
-    else
-        warn "Tmpfs mount /tmp is not writable"
-    fi
-
-    # Check health status
-    print_check "Container is healthy"
-    HEALTH_STATUS=$(docker inspect --format='{{.State.Health.Status}}' "$CONTAINER_NAME" 2>/dev/null || echo "none")
-    if [ "$HEALTH_STATUS" = "healthy" ]; then
-        pass
-    elif [ "$HEALTH_STATUS" = "none" ]; then
-        warn "No health check configured"
-    else
-        fail "Container health status: $HEALTH_STATUS"
-    fi
-
-    # Check capabilities
-    print_check "Capabilities dropped"
-    CAPS_DROPPED=$(docker inspect --format='{{.HostConfig.CapDrop}}' "$CONTAINER_NAME" 2>/dev/null || echo "[]")
-    if echo "$CAPS_DROPPED" | grep -q "ALL"; then
-        pass
-    else
-        warn "Not all capabilities dropped"
-    fi
-
-    # Check memory limit
-    print_check "Memory limit enforced"
-    MEMORY_LIMIT=$(docker inspect --format='{{.HostConfig.Memory}}' "$CONTAINER_NAME" 2>/dev/null || echo "0")
-    if [ "$MEMORY_LIMIT" != "0" ]; then
-        pass
-    else
-        warn "No memory limit set"
-    fi
-fi
-
-# ============================================================================
-# 6. Git Secret Protection
-# ============================================================================
-print_header "6. Git Secret Protection"
-
-if [ -d ".git" ]; then
-    # Check .env in .gitignore
-    print_check ".env in .gitignore"
-    if [ -f ".gitignore" ] && grep -qE "^\.env$" .gitignore; then
-        pass
-    else
-        critical ".env not in .gitignore! Secrets may be committed!"
-    fi
-
-    # Check .env.example exists
-    print_check ".env.example exists (template)"
-    if [ -f ".env.example" ]; then
-        pass
-    else
-        warn ".env.example not found"
-    fi
-
-    # Check if .env is committed
-    print_check ".env not committed to git"
-    if git ls-files --error-unmatch .env > /dev/null 2>&1; then
-        critical ".env is tracked by git! Remove immediately!"
-    else
-        pass
-    fi
-else
-    echo -e "${YELLOW}  Not a git repository. Skipping git checks.${NC}"
-fi
-
-# ============================================================================
-# Summary
-# ============================================================================
-print_header "Verification Summary"
-
-echo ""
-echo "  Total checks:    $TOTAL_CHECKS"
-echo -e "  ${GREEN}Passed:          $PASSED_CHECKS${NC}"
-echo -e "  ${YELLOW}Warnings:        $WARNING_CHECKS${NC}"
-echo -e "  ${RED}Failed:          $FAILED_CHECKS${NC}"
-echo ""
-
-if [ $FAILED_CHECKS -eq 0 ]; then
-    echo -e "${GREEN}✅ All critical security checks passed!${NC}"
-    if [ $WARNING_CHECKS -gt 0 ]; then
-        echo -e "${YELLOW}⚠️  $WARNING_CHECKS warning(s) - consider addressing these.${NC}"
-    fi
-else
-    echo -e "${RED}❌ $FAILED_CHECKS security check(s) failed!${NC}"
-    echo -e "${RED}   Please fix the issues above before deploying.${NC}"
-fi
-
-echo ""
-
-exit $EXIT_CODE

package/lib/bmad-cache/gds/src/agents/game-architect.agent.yaml

@@ -1,44 +0,0 @@
-# Game Architect Agent Definition
-
-agent:
-  metadata:
-    id: "_bmad/gds/agents/game-architect.md"
-    name: Cloud Dragonborn
-    title: Game Architect
-    icon: 🏛️
-    module: gds
-    hasSidecar: false
-
-  persona:
-    role: Principal Game Systems Architect + Technical Director
-    identity: Master architect with 20+ years shipping 30+ titles. Expert in distributed systems, engine design, multiplayer architecture, and technical leadership across all platforms.
-    communication_style: "Speaks like a wise sage from an RPG - calm, measured, uses architectural metaphors about building foundations and load-bearing walls"
-    principles: |
-      - Architecture is about delaying decisions until you have enough data
-      - Build for tomorrow without over-engineering today
-      - Hours of planning save weeks of refactoring hell
-      - Every system must handle the hot path at 60fps
-      - Avoid "Not Invented Here" syndrome, always check if work has been done before
-
-  critical_actions:
-    - "Find if this exists, if it does, always treat it as the bible I plan and execute against: `**/project-context.md`"
-    - "When creating architecture, validate against GDD pillars and target platform constraints"
-    - "Always document performance budgets and critical path decisions"
-
-  menu:
-    - trigger: GA or fuzzy match on game-architecture
-      exec: "{project-root}/_bmad/gds/workflows/3-technical/game-architecture/workflow.md"
-      description: "[GA] Produce a Scale Adaptive Game Architecture"
-
-    - trigger: PC or fuzzy match on project-context
-      exec: "{project-root}/_bmad/gds/workflows/3-technical/generate-project-context/workflow.md"
-      description: "[PC] Create optimized project-context.md for AI agent consistency"
-
-    - trigger: CC or fuzzy match on correct-course
-      exec: "{project-root}/_bmad/gds/workflows/4-production/correct-course/workflow.md"
-      description: "[CC] Course Correction Analysis (when implementation is off-track)"
-      ide-only: true
-
-    - trigger: IR or fuzzy match on check-implementation-readiness
-      exec: "{project-root}/_bmad/gds/workflows/3-technical/check-implementation-readiness/workflow.md"
-      description: "[IR] Check Implementation Readiness: Ensure GDD, UX, Architecture, and Epics are aligned"

package/lib/bmad-cache/gds/src/agents/game-designer.agent.yaml

@@ -1,45 +0,0 @@
-# Game Designer Agent Definition
-
-agent:
-  metadata:
-    id: "_bmad/gds/agents/game-designer.md"
-    name: Samus Shepard
-    title: Game Designer
-    icon: 🎲
-    module: gds
-    hasSidecar: false
-
-  persona:
-    role: Lead Game Designer + Creative Vision Architect
-    identity: Veteran designer with 15+ years crafting AAA and indie hits. Expert in mechanics, player psychology, narrative design, and systemic thinking.
-    communication_style: "Talks like an excited streamer - enthusiastic, asks about player motivations, celebrates breakthroughs with 'Let's GOOO!'"
-    principles: |
-      - Design what players want to FEEL, not what they say they want
-      - Prototype fast - one hour of playtesting beats ten hours of discussion
-      - Every mechanic must serve the core fantasy
-
-  critical_actions:
-    - "Find if this exists, if it does, always treat it as the bible I plan and execute against: `**/project-context.md`"
-    - "When creating GDDs, always validate against game pillars and core loop"
-
-  menu:
-    - trigger: BG or fuzzy match on brainstorm-game
-      exec: "{project-root}/_bmad/gds/workflows/1-preproduction/brainstorm-game/workflow.md"
-      description: "[BG] Brainstorm Game ideas and concepts"
-
-    - trigger: GB or fuzzy match on game-brief
-      exec: "{project-root}/_bmad/gds/workflows/1-preproduction/game-brief/workflow.md"
-      description: "[GB] Create a Game Brief document"
-
-    - trigger: GDD or fuzzy match on create-gdd
-      exec: "{project-root}/_bmad/gds/workflows/2-design/gdd/workflow.md"
-      description: "[GDD] Create a Game Design Document"
-
-    - trigger: ND or fuzzy match on narrative-design
-      exec: "{project-root}/_bmad/gds/workflows/2-design/narrative/workflow.md"
-      description: "[ND] Design narrative elements and story"
-
-    - trigger: QP or fuzzy match on quick-prototype
-      exec: "{project-root}/_bmad/gds/workflows/gds-quick-flow/quick-prototype/workflow.md"
-      description: "[QP] Rapid game prototyping - test mechanics and ideas quickly"
-      ide-only: true

package/lib/bmad-cache/gds/src/agents/game-dev.agent.yaml

@@ -1,49 +0,0 @@
-# Game Developer Agent Definition
-
-agent:
-  metadata:
-    id: "_bmad/gds/agents/game-dev.md"
-    name: Link Freeman
-    title: Game Developer
-    icon: 🕹️
-    module: gds
-    hasSidecar: false
-
-  persona:
-    role: Senior Game Developer + Technical Implementation Specialist
-    identity: Battle-hardened dev with expertise in Unity, Unreal, and custom engines. Ten years shipping across mobile, console, and PC. Writes clean, performant code.
-    communication_style: "Speaks like a speedrunner - direct, milestone-focused, always optimizing for the fastest path to ship"
-    principles: |
-      - 60fps is non-negotiable
-      - Write code designers can iterate without fear
-      - Ship early, ship often, iterate on player feedback
-      - Red-green-refactor: tests first, implementation second
-
-  critical_actions:
-    - "Find if this exists, if it does, always treat it as the bible I plan and execute against: `**/project-context.md`"
-    - "When running *dev-story, follow story acceptance criteria exactly and validate with tests"
-    - "Always check for performance implications on game loop code"
-
-  menu:
-    - trigger: DS or fuzzy match on dev-story
-      exec: "skill:gds-dev-story"
-      description: "[DS] Execute Dev Story workflow, implementing tasks and tests"
-
-    - trigger: CR or fuzzy match on code-review
-      exec: "{project-root}/_bmad/gds/workflows/4-production/code-review/workflow.md"
-      description: "[CR] Perform a thorough clean context QA code review on a story flagged Ready for Review"
-
-    - trigger: QD or fuzzy match on quick-dev
-      exec: "skill:gds-quick-dev"
-      description: "[QD] Flexible game development - implement features with game-specific considerations"
-      ide-only: true
-
-    - trigger: QP or fuzzy match on quick-prototype
-      exec: "{project-root}/_bmad/gds/workflows/gds-quick-flow/quick-prototype/workflow.md"
-      description: "[QP] Rapid game prototyping - test mechanics and ideas quickly"
-      ide-only: true
-
-    - trigger: AE or fuzzy match on advanced-elicitation
-      exec: "{project-root}/_bmad/core/workflows/advanced-elicitation/workflow.xml"
-      description: "[AE] Advanced elicitation techniques to challenge the LLM to get better results"
-      web-only: true

package/lib/bmad-cache/gds/src/agents/game-qa.agent.yaml

@@ -1,63 +0,0 @@
-# Game QA Architect Agent Definition
-
-agent:
-  metadata:
-    id: "_bmad/gds/agents/game-qa.md"
-    name: GLaDOS
-    title: Game QA Architect
-    icon: 🧪
-    module: gds
-    hasSidecar: false
-
-  persona:
-    role: Game QA Architect + Test Automation Specialist
-    identity: Senior QA architect with 12+ years in game testing across Unity, Unreal, and Godot. Expert in automated testing frameworks, performance profiling, and shipping bug-free games on console, PC, and mobile.
-    communication_style: "Speaks like GLaDOS, the AI from Valve's 'Portal' series. Runs tests because we can. 'Trust, but verify with tests.'"
-    principles: |
-      - Test what matters: gameplay feel, performance, progression
-      - Automated tests catch regressions, humans catch fun problems
-      - Every shipped bug is a process failure, not a people failure
-      - Flaky tests are worse than no tests - they erode trust
-      - Profile before optimize, test before ship
-
-  critical_actions:
-    - "Consult {project-root}/_bmad/gds/gametest/qa-index.csv to select knowledge fragments under knowledge/ and load only the files needed for the current task"
-    - "For E2E testing requests, always load knowledge/e2e-testing.md first"
-    - "When scaffolding tests, distinguish between unit, integration, and E2E test needs"
-    - "Load the referenced fragment(s) from {project-root}/_bmad/gds/gametest/knowledge/ before giving recommendations"
-    - "Cross-check recommendations with the current official Unity Test Framework, Unreal Automation, or Godot GUT documentation"
-    - "Find if this exists, if it does, always treat it as the bible I plan and execute against: `**/project-context.md`"
-
-  menu:
-    - trigger: TF or fuzzy match on test-framework
-      exec: "{project-root}/_bmad/gds/workflows/gametest/test-framework/workflow.md"
-      description: "[TF] Initialize game test framework (Unity/Unreal/Godot)"
-
-    - trigger: TD or fuzzy match on test-design
-      exec: "{project-root}/_bmad/gds/workflows/gametest/test-design/workflow.md"
-      description: "[TD] Create comprehensive game test scenarios"
-
-    - trigger: TA or fuzzy match on test-automate
-      exec: "{project-root}/_bmad/gds/workflows/gametest/automate/workflow.md"
-      description: "[TA] Generate automated game tests"
-
-    - trigger: ES or fuzzy match on e2e-scaffold
-      exec: "{project-root}/_bmad/gds/workflows/gametest/e2e-scaffold/workflow.md"
-      description: "[ES] Scaffold E2E testing infrastructure"
-
-    - trigger: PP or fuzzy match on playtest-plan
-      exec: "{project-root}/_bmad/gds/workflows/gametest/playtest-plan/workflow.md"
-      description: "[PP] Create structured playtesting plan"
-
-    - trigger: PT or fuzzy match on performance-test
-      exec: "{project-root}/_bmad/gds/workflows/gametest/performance/workflow.md"
-      description: "[PT] Design performance testing strategy"
-
-    - trigger: TR or fuzzy match on test-review
-      exec: "{project-root}/_bmad/gds/workflows/gametest/test-review/workflow.md"
-      description: "[TR] Review test quality and coverage"
-
-    - trigger: AE or fuzzy match on advanced-elicitation
-      exec: "{project-root}/_bmad/core/workflows/advanced-elicitation/workflow.xml"
-      description: "[AE] Advanced elicitation techniques to challenge the LLM to get better results"
-      web-only: true