npm - ma-agents - Versions diffs - 3.2.0 → 3.4.0 - Mend

ma-agents 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/.roo/skills/verify-hardened-docker-skill/scripts/verify-docker-hardening.sh ADDED Viewed

@@ -0,0 +1,439 @@
+#!/bin/bash
+#
+# verify-docker-hardening.sh
+# Comprehensive Docker security verification script
+# Checks Dockerfile, docker-compose.yml, and running containers
+# against CIS, OWASP, and NIST standards
+#
+set -e
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+# Configuration
+IMAGE_NAME="${1:-contacts-app}"
+CONTAINER_NAME="${2:-contacts-app}"
+EXIT_CODE=0
+# Counters
+TOTAL_CHECKS=0
+PASSED_CHECKS=0
+FAILED_CHECKS=0
+WARNING_CHECKS=0
+# Helper functions
+print_header() {
+    echo ""
+    echo -e "${BLUE}========================================${NC}"
+    echo -e "${BLUE}$1${NC}"
+    echo -e "${BLUE}========================================${NC}"
+}
+print_check() {
+    TOTAL_CHECKS=$((TOTAL_CHECKS + 1))
+    echo -ne "  [$TOTAL_CHECKS] $1... "
+}
+pass() {
+    PASSED_CHECKS=$((PASSED_CHECKS + 1))
+    echo -e "${GREEN}✅ PASS${NC}"
+}
+fail() {
+    FAILED_CHECKS=$((FAILED_CHECKS + 1))
+    EXIT_CODE=2
+    echo -e "${RED}❌ FAIL${NC}"
+    [ -n "$1" ] && echo -e "      ${RED}→ $1${NC}"
+}
+warn() {
+    WARNING_CHECKS=$((WARNING_CHECKS + 1))
+    echo -e "${YELLOW}⚠️  WARN${NC}"
+    [ -n "$1" ] && echo -e "      ${YELLOW}→ $1${NC}"
+}
+critical() {
+    FAILED_CHECKS=$((FAILED_CHECKS + 1))
+    EXIT_CODE=1
+    echo -e "${RED}🚨 CRITICAL${NC}"
+    [ -n "$1" ] && echo -e "      ${RED}→ $1${NC}"
+}
+# Start verification
+echo -e "${BLUE}🔍 Docker Security Verification${NC}"
+echo -e "${BLUE}================================${NC}"
+echo "Image: $IMAGE_NAME"
+echo "Container: $CONTAINER_NAME"
+# ============================================================================
+# 1. Dockerfile Verification
+# ============================================================================
+print_header "1. Dockerfile Security"
+if [ ! -f "Dockerfile" ]; then
+    print_check "Dockerfile exists"
+    critical "Dockerfile not found in current directory"
+    EXIT_CODE=5
+    exit $EXIT_CODE
+fi
+# Check for specific version tags
+print_check "Specific version tags (no :latest)"
+if grep -qE "^FROM.*:(latest|alpine)$" Dockerfile; then
+    fail "Using :latest or unversioned :alpine tag"
+else
+    pass
+fi
+# Check for non-root user
+print_check "Non-root user configured"
+if grep -qE "^USER (root|[0-9]+)" Dockerfile; then
+    if grep -qE "^USER root" Dockerfile; then
+        fail "Running as root user"
+    else
+        pass
+    fi
+elif grep -qE "^USER [a-zA-Z]" Dockerfile; then
+    pass
+else
+    fail "No USER directive found"
+fi
+# Check for HEALTHCHECK
+print_check "HEALTHCHECK instruction"
+if grep -q "^HEALTHCHECK" Dockerfile; then
+    pass
+else
+    warn "Missing HEALTHCHECK instruction"
+fi
+# Check for hardcoded secrets
+print_check "No hardcoded secrets in ENV/ARG"
+if grep -iE "^(ENV|ARG).*(SECRET|PASSWORD|KEY|TOKEN|CLIENT_ID)=" Dockerfile | grep -v "REACT_APP_API_BASE_URL" > /dev/null; then
+    fail "Potential hardcoded secrets found"
+else
+    pass
+fi
+# Check for multi-stage build
+print_check "Multi-stage build pattern"
+if [ $(grep -c "^FROM" Dockerfile) -ge 2 ]; then
+    pass
+else
+    warn "Not using multi-stage build"
+fi
+# Check for Alpine base images
+print_check "Minimal Alpine base images"
+if grep -qE "^FROM.*alpine" Dockerfile; then
+    pass
+else
+    warn "Not using Alpine base images"
+fi
+# ============================================================================
+# 2. docker-compose.yml Verification
+# ============================================================================
+print_header "2. docker-compose.yml Security"
+if [ ! -f "docker-compose.yml" ]; then
+    print_check "docker-compose.yml exists"
+    warn "docker-compose.yml not found (optional)"
+else
+    # Check for read-only filesystem
+    print_check "Read-only root filesystem"
+    if grep -q "read_only: true" docker-compose.yml; then
+        pass
+    else
+        fail "Missing read_only: true"
+    fi
+    # Check for no-new-privileges
+    print_check "No new privileges"
+    if grep -q "no-new-privileges:true" docker-compose.yml; then
+        pass
+    else
+        fail "Missing security_opt: no-new-privileges:true"
+    fi
+    # Check for capability dropping
+    print_check "Capabilities dropped"
+    if grep -q "cap_drop:" docker-compose.yml; then
+        pass
+    else
+        fail "Missing cap_drop configuration"
+    fi
+    # Check for tmpfs mounts
+    print_check "Tmpfs mounts for writable dirs"
+    if grep -q "tmpfs:" docker-compose.yml; then
+        pass
+    else
+        fail "Missing tmpfs mounts"
+    fi
+    # Check for resource limits
+    print_check "Memory limits configured"
+    if grep -q "memory:" docker-compose.yml; then
+        pass
+    else
+        warn "Missing memory limits"
+    fi
+    print_check "CPU limits configured"
+    if grep -q "cpus:" docker-compose.yml; then
+        pass
+    else
+        warn "Missing CPU limits"
+    fi
+    # Check for health check
+    print_check "Healthcheck configured"
+    if grep -q "healthcheck:" docker-compose.yml; then
+        pass
+    else
+        warn "Missing healthcheck configuration"
+    fi
+    # Check for privileged mode
+    print_check "Not running in privileged mode"
+    if grep -q "privileged: true" docker-compose.yml; then
+        critical "Running in privileged mode"
+    else
+        pass
+    fi
+fi
+# ============================================================================
+# 3. .dockerignore Verification
+# ============================================================================
+print_header "3. .dockerignore Configuration"
+if [ ! -f ".dockerignore" ]; then
+    print_check ".dockerignore exists"
+    warn ".dockerignore not found"
+else
+    print_check ".env excluded from Docker context"
+    if grep -qE "^\.env$" .dockerignore; then
+        pass
+    else
+        critical ".env not in .dockerignore - secret leakage risk!"
+    fi
+    print_check "node_modules excluded"
+    if grep -q "node_modules" .dockerignore; then
+        pass
+    else
+        warn "node_modules not excluded"
+    fi
+    print_check ".git excluded"
+    if grep -qE "^\.git" .dockerignore; then
+        pass
+    else
+        warn ".git not excluded"
+    fi
+fi
+# ============================================================================
+# 4. Image Security Scanning
+# ============================================================================
+print_header "4. Image Vulnerability Scanning"
+# Check if image exists
+if ! docker images --format "{{.Repository}}" | grep -q "^${IMAGE_NAME}$"; then
+    print_check "Docker image exists"
+    warn "Image '$IMAGE_NAME' not found locally. Skipping image scans."
+    echo "      Run 'docker build -t $IMAGE_NAME .' to build the image."
+else
+    # Check if trivy is installed
+    if ! command -v trivy &> /dev/null; then
+        print_check "Trivy scanner installed"
+        warn "Trivy not installed. Skipping vulnerability scans."
+        echo "      Install: brew install aquasecurity/trivy/trivy (macOS)"
+        echo "             : apt-get install trivy (Linux)"
+    else
+        # Scan for CRITICAL vulnerabilities
+        print_check "No CRITICAL vulnerabilities"
+        if trivy image --quiet --severity CRITICAL --exit-code 1 "$IMAGE_NAME" > /dev/null 2>&1; then
+            pass
+        else
+            critical "CRITICAL vulnerabilities found. Run: trivy image --severity CRITICAL $IMAGE_NAME"
+        fi
+        # Scan for HIGH vulnerabilities
+        print_check "No HIGH vulnerabilities"
+        if trivy image --quiet --severity HIGH --exit-code 1 "$IMAGE_NAME" > /dev/null 2>&1; then
+            pass
+        else
+            fail "HIGH vulnerabilities found. Run: trivy image --severity HIGH $IMAGE_NAME"
+        fi
+        # Scan for leaked secrets
+        print_check "No leaked secrets in image"
+        if trivy image --quiet --scanners secret --exit-code 1 "$IMAGE_NAME" > /dev/null 2>&1; then
+            pass
+        else
+            critical "Secrets detected in image! Run: trivy image --scanners secret $IMAGE_NAME"
+        fi
+    fi
+    # Check image size
+    print_check "Optimized image size (< 100MB)"
+    IMAGE_SIZE=$(docker images --format "{{.Size}}" "$IMAGE_NAME" | head -1 | sed 's/MB//' | sed 's/GB/*1024/' | bc 2>/dev/null || echo "0")
+    if [ -n "$IMAGE_SIZE" ] && [ "$IMAGE_SIZE" != "0" ]; then
+        if (( $(echo "$IMAGE_SIZE < 100" | bc -l) )); then
+            pass
+        else
+            warn "Image size is ${IMAGE_SIZE}MB (recommended < 100MB)"
+        fi
+    else
+        warn "Could not determine image size"
+    fi
+    # Check for .env in image
+    print_check ".env file not baked into image"
+    if docker run --rm "$IMAGE_NAME" sh -c "ls -la / 2>/dev/null | grep -q .env"; then
+        critical ".env file found in image! Secrets leaked!"
+    else
+        pass
+    fi
+fi
+# ============================================================================
+# 5. Runtime Security (if container is running)
+# ============================================================================
+print_header "5. Runtime Security Verification"
+if ! docker ps --filter "name=$CONTAINER_NAME" --format "{{.Names}}" | grep -q "^$CONTAINER_NAME$"; then
+    echo -e "${YELLOW}  Container '$CONTAINER_NAME' is not running.${NC}"
+    echo -e "${YELLOW}  Run 'docker-compose up -d' to enable runtime checks.${NC}"
+else
+    # Check container runs as non-root
+    print_check "Container runs as non-root"
+    CONTAINER_USER=$(docker exec "$CONTAINER_NAME" whoami 2>/dev/null || echo "root")
+    if [ "$CONTAINER_USER" != "root" ]; then
+        pass
+    else
+        critical "Container running as root user!"
+    fi
+    # Check user ID is not 0
+    print_check "User ID is not 0 (root)"
+    USER_ID=$(docker exec "$CONTAINER_NAME" id -u 2>/dev/null || echo "0")
+    if [ "$USER_ID" != "0" ]; then
+        pass
+    else
+        critical "Container running with UID 0 (root)!"
+    fi
+    # Check read-only filesystem
+    print_check "Root filesystem is read-only"
+    if docker exec "$CONTAINER_NAME" sh -c "touch /test 2>/dev/null"; then
+        fail "Root filesystem is writable"
+        docker exec "$CONTAINER_NAME" sh -c "rm /test 2>/dev/null" || true
+    else
+        pass
+    fi
+    # Check tmpfs is writable
+    print_check "Tmpfs mount is writable"
+    if docker exec "$CONTAINER_NAME" sh -c "touch /tmp/test 2>/dev/null && rm /tmp/test 2>/dev/null"; then
+        pass
+    else
+        warn "Tmpfs mount /tmp is not writable"
+    fi
+    # Check health status
+    print_check "Container is healthy"
+    HEALTH_STATUS=$(docker inspect --format='{{.State.Health.Status}}' "$CONTAINER_NAME" 2>/dev/null || echo "none")
+    if [ "$HEALTH_STATUS" = "healthy" ]; then
+        pass
+    elif [ "$HEALTH_STATUS" = "none" ]; then
+        warn "No health check configured"
+    else
+        fail "Container health status: $HEALTH_STATUS"
+    fi
+    # Check capabilities
+    print_check "Capabilities dropped"
+    CAPS_DROPPED=$(docker inspect --format='{{.HostConfig.CapDrop}}' "$CONTAINER_NAME" 2>/dev/null || echo "[]")
+    if echo "$CAPS_DROPPED" | grep -q "ALL"; then
+        pass
+    else
+        warn "Not all capabilities dropped"
+    fi
+    # Check memory limit
+    print_check "Memory limit enforced"
+    MEMORY_LIMIT=$(docker inspect --format='{{.HostConfig.Memory}}' "$CONTAINER_NAME" 2>/dev/null || echo "0")
+    if [ "$MEMORY_LIMIT" != "0" ]; then
+        pass
+    else
+        warn "No memory limit set"
+    fi
+fi
+# ============================================================================
+# 6. Git Secret Protection
+# ============================================================================
+print_header "6. Git Secret Protection"
+if [ -d ".git" ]; then
+    # Check .env in .gitignore
+    print_check ".env in .gitignore"
+    if [ -f ".gitignore" ] && grep -qE "^\.env$" .gitignore; then
+        pass
+    else
+        critical ".env not in .gitignore! Secrets may be committed!"
+    fi
+    # Check .env.example exists
+    print_check ".env.example exists (template)"
+    if [ -f ".env.example" ]; then
+        pass
+    else
+        warn ".env.example not found"
+    fi
+    # Check if .env is committed
+    print_check ".env not committed to git"
+    if git ls-files --error-unmatch .env > /dev/null 2>&1; then
+        critical ".env is tracked by git! Remove immediately!"
+    else
+        pass
+    fi
+else
+    echo -e "${YELLOW}  Not a git repository. Skipping git checks.${NC}"
+fi
+# ============================================================================
+# Summary
+# ============================================================================
+print_header "Verification Summary"
+echo ""
+echo "  Total checks:    $TOTAL_CHECKS"
+echo -e "  ${GREEN}Passed:          $PASSED_CHECKS${NC}"
+echo -e "  ${YELLOW}Warnings:        $WARNING_CHECKS${NC}"
+echo -e "  ${RED}Failed:          $FAILED_CHECKS${NC}"
+echo ""
+if [ $FAILED_CHECKS -eq 0 ]; then
+    echo -e "${GREEN}✅ All critical security checks passed!${NC}"
+    if [ $WARNING_CHECKS -gt 0 ]; then
+        echo -e "${YELLOW}⚠️  $WARNING_CHECKS warning(s) - consider addressing these.${NC}"
+    fi
+else
+    echo -e "${RED}❌ $FAILED_CHECKS security check(s) failed!${NC}"
+    echo -e "${RED}   Please fix the issues above before deploying.${NC}"
+fi
+echo ""
+exit $EXIT_CODE

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # ma-agents
-A universal NPX tool to install AI coding agent skills. Write skills once, install them across Claude Code, Gemini, Copilot, Cline, Cursor, and Kilocode.
+A universal NPX tool to install AI coding agent skills. Write skills once, install them across Claude Code, Gemini, Copilot, Cline, Cursor, Kilocode, and Roo Code.
 ## Installation & Usage
@@ -115,13 +115,15 @@ The file is version-controlled as part of `_bmad-output/` project knowledge. Com
 | Cursor | `.cursor/skills/` | `generic` | `.cursor/cursor.md` |
 | Kilocode | `.kilocode/skills/` | `generic` | `.kilocode/kilocode.md` |
 | Cline | `.cline/skills/` | `cline` | `.cline/clinerules.md` |
+| Roo Code | `.roo/skills/` | `generic` | `.roo/rules/00-ma-agents.md` |
 | SRE Agent (Alex) | `_bmad/skills/` | `generic` | `_bmad/bmm/agents/sre.md` |
 | DevOps Agent (Amit) | `_bmad/skills/` | `generic` | `_bmad/bmm/agents/devops.md` |
 | Cyber Analyst (Yael) | `_bmad/skills/` | `generic` | `_bmad/bmm/agents/cyber.md` |
 | Joseph (MIL-STD-498) | `_bmad/skills/` | `generic` | `_bmad/bmm/agents/mil498.md` |
+| Demerzel (ML Scientist) | `_bmad/skills/` | `generic` | `_bmad/bmm/agents/demerzel.md` |
 | Antigravity | `_bmad/skills/` | `generic` | `_bmad/bmm/agents/antigravity.md` |
-## Available Skills (34)
+## Available Skills (46)
 | Skill ID | Domain | Description |
 | :--- | :--- | :--- |
@@ -158,6 +160,19 @@ The file is version-controlled as part of `_bmad-output/` project knowledge. Com
 | `self-signed-cert` | Security | Automated Root CA and self-signed certificate generation |
 | `docker-image-signing` | Security | Automated cryptographic signing for Docker images |
 | `docker-hardening-verification` | Security | Audits images for least-privilege and OpenShift compatibility |
+| **Machine Learning** | | |
+| `ml-ideation` | Research | Frame ML research problem, define requirements, produce Research Thesis and PRD |
+| `ml-eda` | Data Science | Exploratory Data Analysis, establish baselines, produce EDA report |
+| `ml-architecture` | Design | Model architecture, stack, and experiment tracking strategy |
+| `ml-detailed-design` | Tech Lead | Implementation task breakdown (INF-* and EXP-* namespaces) |
+| `ml-techspec` | Contract | Lock experiment parameters and performance tiers before training |
+| `ml-infra` | MLOps | Build ML infrastructure, manage dependencies, run smoke tests |
+| `ml-experiment` | Developer | Execute training experiments against locked TechSpec, log metrics |
+| `ml-analysis` | Evaluation | Evaluate experiment outcomes against TechSpec success tiers |
+| `ml-hparam` | Tuning | Automated hyperparameter optimization (Optuna, W&B Sweeps, Ray Tune) |
+| `ml-revision` | Iterative | Amend hypothesis and requirements based on experiment findings |
+| `ml-advise` | Advisory | Search past experiments, surface findings and failure warnings |
+| `ml-retrospective` | Meta | Capture session learnings and update project context |
 | **Sprint Management** | | |
 | `add-sprint` | Agile | Create sprint entities with capacity, ISO dates, and structured YAML schema |
 | `generate-backlog` | Agile | Generate or refresh a flat prioritized backlog from epics and bug stories |
@@ -245,6 +260,10 @@ npx ma-agents install --yes    # fully offline BMAD install — no network neede
    - **Focus**: Technical standards compliance and military document generation.
    - **Capabilities**: Document Data Descriptions (DIDs), requirements traceability, and complex specification writing.
    - **Workflows**: SRS, SSS, and SSDD generation with strict structural validation.
+5. **Demerzel (ML Scientist)**:
+   - **Focus**: Hypothesis-driven machine learning lifecycle with scientific rigor.
+   - **Capabilities**: EDA, architecture design, locked TechSpec contracts, experiment execution, failure-cost analysis.
+   - **Workflows**: 12-stage ML lifecycle from ideation through retrospective, with mandatory review gates.
 #### Operational Workflows
 The integration includes a suite of specialized playbooks:

package/bin/cli.js CHANGED Viewed

@@ -13,6 +13,46 @@ const PKG = require('../package.json');
 const NAME = PKG.name;
 const VERSION = PKG.version;
+/**
+ * Set up logging to tee all stdout/stderr output to a file.
+ * Returns a cleanup function to close the file descriptor.
+ *
+ * @param {string} logFilePath - Path to the log file
+ * @returns {Function} cleanup function
+ */
+function setupLogging(logFilePath) {
+  const logFd = fs.openSync(logFilePath, 'w');
+  const header = `[${new Date().toISOString()}] ${NAME} v${VERSION} — log started\n`;
+  fs.writeSync(logFd, header);
+  const origStdoutWrite = process.stdout.write.bind(process.stdout);
+  const origStderrWrite = process.stderr.write.bind(process.stderr);
+  process.stdout.write = function (chunk, encoding, callback) {
+    const str = typeof chunk === 'string' ? chunk : chunk.toString();
+    try { fs.writeSync(logFd, str); } catch { /* ignore write errors */ }
+    return origStdoutWrite(chunk, encoding, callback);
+  };
+  process.stderr.write = function (chunk, encoding, callback) {
+    const str = typeof chunk === 'string' ? chunk : chunk.toString();
+    try { fs.writeSync(logFd, str); } catch { /* ignore write errors */ }
+    return origStderrWrite(chunk, encoding, callback);
+  };
+  // Store log fd globally so bmad.js can use pipe mode
+  process.env.MA_AGENTS_LOG_ACTIVE = '1';
+  return function cleanup() {
+    process.stdout.write = origStdoutWrite;
+    process.stderr.write = origStderrWrite;
+    const footer = `\n[${new Date().toISOString()}] log ended\n`;
+    try { fs.writeSync(logFd, footer); } catch { /* ignore */ }
+    try { fs.closeSync(logFd); } catch { /* ignore */ }
+    delete process.env.MA_AGENTS_LOG_ACTIVE;
+  };
+}
 function showHelp() {
   console.log(`
 ${chalk.bold.cyan(NAME)} ${chalk.gray(`v${VERSION}`)}
@@ -40,6 +80,7 @@ ${chalk.bold('Install options:')}
   ${chalk.cyan('--force')}           Skip upgrade prompts, always overwrite
   ${chalk.cyan('--yes')}             Skip all prompts, use defaults (for CI/CD)
   ${chalk.cyan('--agent <name>')}    Target a specific agent (skip agent selection)
+  ${chalk.cyan('--log')}              Log all console output to install_<datetime>.log
 ${chalk.bold('Examples:')}
   npx ${NAME} install
@@ -1164,6 +1205,18 @@ async function interactiveMode() {
 async function main() {
   const args = process.argv.slice(2);
+  // Handle --log flag globally (before command routing)
+  let cleanupLog = null;
+  const logIdx = args.indexOf('--log');
+  if (logIdx !== -1) {
+    const ts = new Date().toISOString().replace(/[:.]/g, '-').replace('T', '_').replace('Z', '');
+    const logFile = `install_${ts}.log`;
+    cleanupLog = setupLogging(logFile);
+    console.log(chalk.gray(`  Logging to ${logFile}`));
+    args.splice(logIdx, 1);
+  }
   const command = args[0];
   switch (command) {
@@ -1223,6 +1276,8 @@ async function main() {
       await interactiveMode();
       break;
   }
+  if (cleanupLog) cleanupLog();
 }
 if (require.main === module) {

package/lib/agents.js CHANGED Viewed

@@ -135,6 +135,29 @@ const agents = [
     instructionFiles: ['.cline/clinerules.md', '.clinerules'],
     injectionStrategy: { position: 'top', skipPatterns: ['---'] }
   },
+  {
+    id: 'roo-code',
+    name: 'Roo Code',
+    version: '1.0.0',
+    category: 'ide',
+    description: 'Roo Code AI Assistant (Enhanced Cline fork)',
+    skillsDir: '.roo/skills',
+    getProjectPath: () => path.join(process.cwd(), '.roo', 'skills'),
+    getGlobalPath: () => {
+      const platform = os.platform();
+      if (platform === 'win32') {
+        return path.join(os.homedir(), 'AppData', 'Roaming', 'Code', 'User', 'globalStorage', 'rooveterinaryinc.roo-cline', 'skills');
+      } else if (platform === 'darwin') {
+        return path.join(os.homedir(), 'Library', 'Application Support', 'Code', 'User', 'globalStorage', 'rooveterinaryinc.roo-cline', 'skills');
+      } else {
+        return path.join(os.homedir(), '.config', 'Code', 'User', 'globalStorage', 'rooveterinaryinc.roo-cline', 'skills');
+      }
+    },
+    fileExtension: '.md',
+    template: 'generic',
+    instructionFiles: ['.roo/rules/00-ma-agents.md'],
+    injectionStrategy: { position: 'top', skipPatterns: ['---'] }
+  },
   {
     id: 'cursor',
     name: 'Cursor',
@@ -295,6 +318,29 @@ const agents = [
     template: 'generic',
     instructionFiles: ['_bmad/bmm/agents/mil498.md'],
     injectionStrategy: { position: 'top', skipPatterns: ['---'] }
+  },
+  {
+    id: 'bmm-demerzel',
+    name: 'ML Scientist (Demerzel)',
+    version: '1.0.0',
+    category: 'bmad',
+    description: 'Machine Learning Lifecycle Agent (Demerzel)',
+    skillsDir: '_bmad/skills/demerzel',
+    getProjectPath: () => path.join(process.cwd(), '_bmad', 'skills', 'demerzel'),
+    getGlobalPath: () => {
+      const platform = os.platform();
+      if (platform === 'win32') {
+        return path.join(os.homedir(), 'AppData', 'Roaming', 'Demerzel', 'skills');
+      } else if (platform === 'darwin') {
+        return path.join(os.homedir(), 'Library', 'Application Support', 'Demerzel', 'skills');
+      } else {
+        return path.join(os.homedir(), '.config', 'demerzel', 'skills');
+      }
+    },
+    fileExtension: '.md',
+    template: 'generic',
+    instructionFiles: ['_bmad/bmm/agents/demerzel.md'],
+    injectionStrategy: { position: 'top', skipPatterns: ['---'] }
   }
 ];

package/lib/bmad-cache/cache-manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "generated": "2026-03-28T12:59:06.172Z",
-  "bmadMethodVersion": "6.2.1",
+  "bmadMethodVersion": "6.2.2",
   "modules": {
     "bmb": {
       "url": "https://github.com/bmad-code-org/bmad-builder",

package/lib/bmad-customizations/bmm-demerzel.customize.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+persona:
+  name: Demerzel
+  role: Machine Learning Scientist
+  alias: ML Scientist
+  description: Senior AI/ML Architect and Data Scientist specialized in falsifiable hypothesis validation and failure-cost analysis.
+memories:
+  - "The scientific method: No modeling without EDA. No modeling without a locked TechSpec."
+  - "Dependency integrity: Always use uv for project reproducibility."
+  - "Failure Costs: A false negative for Class A costs the domain $50K."
+critical_actions:
+  1: "Perform ML Ideation using /ml-ideation"
+  2: "Conduct EDA and publish Research Thesis using /ml-eda"
+  3: "Design ML Architecture using /ml-architecture"
+  4: "Lock experiment parameters in TechSpec using /ml-techspec"
+  5: "Build ML Infrastructure using /ml-infra"
+  6: "Execute training experiments using /ml-experiment"
+  7: "Analyze experiment results against TechSpec using /ml-analysis"
+  8: "Iterate hypothesis and documents using /ml-revision"
+  9: "Consult previous findings using /ml-advise"
+  10: "Capture session learnings with /ml-retrospective"
+skills:
+  - ml-ideation
+  - ml-eda
+  - ml-architecture
+  - ml-detailed-design
+  - ml-techspec
+  - ml-infra
+  - ml-experiment
+  - ml-analysis
+  - ml-hparam
+  - ml-revision
+  - ml-advise
+  - ml-retrospective