npm - siesa-agents - Versions diffs - 1.5.0 → 2.0.0 - Mend

siesa-agents 1.5.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (105) hide show

package/bin/install.js +4 -4
package/bmad-core/agent-teams/team-all.yaml +15 -0
package/bmad-core/agent-teams/team-fullstack.yaml +19 -0
package/bmad-core/agent-teams/team-ide-minimal.yaml +11 -0
package/bmad-core/agent-teams/team-no-ui.yaml +14 -0
package/bmad-core/agents/analyst.md +84 -0
package/bmad-core/agents/architect.md +94 -0
package/bmad-core/agents/backend-agent.md +190 -0
package/bmad-core/agents/bmad-master.md +110 -0
package/bmad-core/agents/bmad-orchestrator.md +147 -0
package/bmad-core/agents/dev.md +81 -0
package/bmad-core/agents/frontend-agent.md +169 -0
package/bmad-core/agents/pm.md +84 -0
package/bmad-core/agents/po.md +79 -0
package/bmad-core/agents/qa.md +91 -0
package/bmad-core/agents/sm.md +65 -0
package/bmad-core/agents/ux-expert.md +69 -0
package/bmad-core/checklists/architect-checklist.md +440 -0
package/bmad-core/checklists/backend-checklist.md +143 -0
package/bmad-core/checklists/change-checklist.md +184 -0
package/bmad-core/checklists/frontend-checklist.md +106 -0
package/bmad-core/checklists/pm-checklist.md +372 -0
package/bmad-core/checklists/po-master-checklist.md +434 -0
package/bmad-core/checklists/story-dod-checklist.md +96 -0
package/bmad-core/checklists/story-draft-checklist.md +155 -0
package/bmad-core/core-config.yaml +22 -0
package/bmad-core/data/backend-standards.md +440 -0
package/bmad-core/data/bmad-kb.md +809 -0
package/bmad-core/data/brainstorming-techniques.md +38 -0
package/bmad-core/data/elicitation-methods.md +156 -0
package/bmad-core/data/frontend-standards.md +324 -0
package/bmad-core/data/technical-preferences.md +5 -0
package/bmad-core/data/test-levels-framework.md +148 -0
package/bmad-core/data/test-priorities-matrix.md +174 -0
package/bmad-core/enhanced-ide-development-workflow.md +248 -0
package/bmad-core/install-manifest.yaml +230 -0
package/bmad-core/tasks/advanced-elicitation.md +119 -0
package/bmad-core/tasks/apply-qa-fixes.md +150 -0
package/bmad-core/tasks/brownfield-create-epic.md +162 -0
package/bmad-core/tasks/brownfield-create-story.md +149 -0
package/bmad-core/tasks/correct-course.md +72 -0
package/bmad-core/tasks/create-brownfield-story.md +314 -0
package/bmad-core/tasks/create-component.md +103 -0
package/bmad-core/tasks/create-deep-research-prompt.md +280 -0
package/bmad-core/tasks/create-doc.md +103 -0
package/bmad-core/tasks/create-entity.md +133 -0
package/bmad-core/tasks/create-feature.md +91 -0
package/bmad-core/tasks/create-next-story.md +114 -0
package/bmad-core/tasks/create-service.md +118 -0
package/bmad-core/tasks/create-use-case.md +141 -0
package/bmad-core/tasks/document-project.md +345 -0
package/bmad-core/tasks/execute-checklist.md +88 -0
package/bmad-core/tasks/facilitate-brainstorming-session.md +138 -0
package/bmad-core/tasks/generate-ai-frontend-prompt.md +53 -0
package/bmad-core/tasks/index-docs.md +175 -0
package/bmad-core/tasks/kb-mode-interaction.md +77 -0
package/bmad-core/tasks/nfr-assess.md +345 -0
package/bmad-core/tasks/qa-gate.md +163 -0
package/bmad-core/tasks/review-story.md +316 -0
package/bmad-core/tasks/risk-profile.md +355 -0
package/bmad-core/tasks/scaffold-backend.md +111 -0
package/bmad-core/tasks/scaffold-frontend.md +79 -0
package/bmad-core/tasks/shard-doc.md +187 -0
package/bmad-core/tasks/test-design.md +176 -0
package/bmad-core/tasks/trace-requirements.md +266 -0
package/bmad-core/tasks/validate-next-story.md +136 -0
package/bmad-core/templates/architecture-tmpl.yaml +662 -0
package/bmad-core/templates/brainstorming-output-tmpl.yaml +156 -0
package/bmad-core/templates/brownfield-architecture-tmpl.yaml +477 -0
package/bmad-core/templates/brownfield-prd-tmpl.yaml +281 -0
package/bmad-core/templates/competitor-analysis-tmpl.yaml +307 -0
package/bmad-core/templates/front-end-architecture-tmpl.yaml +258 -0
package/bmad-core/templates/front-end-spec-tmpl.yaml +350 -0
package/bmad-core/templates/fullstack-architecture-tmpl.yaml +824 -0
package/bmad-core/templates/market-research-tmpl.yaml +253 -0
package/bmad-core/templates/prd-tmpl.yaml +203 -0
package/bmad-core/templates/project-brief-tmpl.yaml +222 -0
package/bmad-core/templates/qa-gate-tmpl.yaml +103 -0
package/bmad-core/templates/story-tmpl.yaml +138 -0
package/bmad-core/user-guide.md +530 -0
package/bmad-core/utils/bmad-doc-template.md +327 -0
package/bmad-core/utils/workflow-management.md +71 -0
package/bmad-core/workflows/brownfield-fullstack.yaml +298 -0
package/bmad-core/workflows/brownfield-service.yaml +188 -0
package/bmad-core/workflows/brownfield-ui.yaml +198 -0
package/bmad-core/workflows/greenfield-fullstack.yaml +241 -0
package/bmad-core/workflows/greenfield-service.yaml +207 -0
package/bmad-core/workflows/greenfield-ui.yaml +236 -0
package/bmad-core/working-in-the-brownfield.md +606 -0
package/github/b-mad-expert.md +742 -0
package/github/chatmodes/analyst.chatmode.md +89 -0
package/github/chatmodes/architect.chatmode.md +97 -0
package/github/chatmodes/backend.chatmode.md +195 -0
package/github/chatmodes/bmad-master.chatmode.md +115 -0
package/github/chatmodes/bmad-orchestrator.chatmode.md +152 -0
package/github/chatmodes/dev.chatmode.md +86 -0
package/github/chatmodes/frontend.chatmode.md +158 -0
package/github/chatmodes/pm.chatmode.md +89 -0
package/github/chatmodes/po.chatmode.md +84 -0
package/github/chatmodes/qa.chatmode.md +96 -0
package/github/chatmodes/sm.chatmode.md +70 -0
package/github/chatmodes/ux-expert.chatmode.md +74 -0
package/package.json +4 -4
package/vscode/mcp.json +11 -0
package/vscode/settings.json +13 -0

package/bmad-core/tasks/risk-profile.md ADDED Viewed

@@ -0,0 +1,355 @@
+<!-- Powered by BMAD™ Core -->
+# risk-profile
+Generate a comprehensive risk assessment matrix for a story implementation using probability × impact analysis.
+## Inputs
+```yaml
+required:
+  - story_id: '{epic}.{story}' # e.g., "1.3"
+  - story_path: 'docs/stories/{epic}.{story}.*.md'
+  - story_title: '{title}' # If missing, derive from story file H1
+  - story_slug: '{slug}' # If missing, derive from title (lowercase, hyphenated)
+```
+## Purpose
+Identify, assess, and prioritize risks in the story implementation. Provide risk mitigation strategies and testing focus areas based on risk levels.
+## Risk Assessment Framework
+### Risk Categories
+**Category Prefixes:**
+- `TECH`: Technical Risks
+- `SEC`: Security Risks
+- `PERF`: Performance Risks
+- `DATA`: Data Risks
+- `BUS`: Business Risks
+- `OPS`: Operational Risks
+1. **Technical Risks (TECH)**
+   - Architecture complexity
+   - Integration challenges
+   - Technical debt
+   - Scalability concerns
+   - System dependencies
+2. **Security Risks (SEC)**
+   - Authentication/authorization flaws
+   - Data exposure vulnerabilities
+   - Injection attacks
+   - Session management issues
+   - Cryptographic weaknesses
+3. **Performance Risks (PERF)**
+   - Response time degradation
+   - Throughput bottlenecks
+   - Resource exhaustion
+   - Database query optimization
+   - Caching failures
+4. **Data Risks (DATA)**
+   - Data loss potential
+   - Data corruption
+   - Privacy violations
+   - Compliance issues
+   - Backup/recovery gaps
+5. **Business Risks (BUS)**
+   - Feature doesn't meet user needs
+   - Revenue impact
+   - Reputation damage
+   - Regulatory non-compliance
+   - Market timing
+6. **Operational Risks (OPS)**
+   - Deployment failures
+   - Monitoring gaps
+   - Incident response readiness
+   - Documentation inadequacy
+   - Knowledge transfer issues
+## Risk Analysis Process
+### 1. Risk Identification
+For each category, identify specific risks:
+```yaml
+risk:
+  id: 'SEC-001' # Use prefixes: SEC, PERF, DATA, BUS, OPS, TECH
+  category: security
+  title: 'Insufficient input validation on user forms'
+  description: 'Form inputs not properly sanitized could lead to XSS attacks'
+  affected_components:
+    - 'UserRegistrationForm'
+    - 'ProfileUpdateForm'
+  detection_method: 'Code review revealed missing validation'
+```
+### 2. Risk Assessment
+Evaluate each risk using probability × impact:
+**Probability Levels:**
+- `High (3)`: Likely to occur (>70% chance)
+- `Medium (2)`: Possible occurrence (30-70% chance)
+- `Low (1)`: Unlikely to occur (<30% chance)
+**Impact Levels:**
+- `High (3)`: Severe consequences (data breach, system down, major financial loss)
+- `Medium (2)`: Moderate consequences (degraded performance, minor data issues)
+- `Low (1)`: Minor consequences (cosmetic issues, slight inconvenience)
+### Risk Score = Probability × Impact
+- 9: Critical Risk (Red)
+- 6: High Risk (Orange)
+- 4: Medium Risk (Yellow)
+- 2-3: Low Risk (Green)
+- 1: Minimal Risk (Blue)
+### 3. Risk Prioritization
+Create risk matrix:
+```markdown
+## Risk Matrix
+| Risk ID  | Description             | Probability | Impact     | Score | Priority |
+| -------- | ----------------------- | ----------- | ---------- | ----- | -------- |
+| SEC-001  | XSS vulnerability       | High (3)    | High (3)   | 9     | Critical |
+| PERF-001 | Slow query on dashboard | Medium (2)  | Medium (2) | 4     | Medium   |
+| DATA-001 | Backup failure          | Low (1)     | High (3)   | 3     | Low      |
+```
+### 4. Risk Mitigation Strategies
+For each identified risk, provide mitigation:
+```yaml
+mitigation:
+  risk_id: 'SEC-001'
+  strategy: 'preventive' # preventive|detective|corrective
+  actions:
+    - 'Implement input validation library (e.g., validator.js)'
+    - 'Add CSP headers to prevent XSS execution'
+    - 'Sanitize all user inputs before storage'
+    - 'Escape all outputs in templates'
+  testing_requirements:
+    - 'Security testing with OWASP ZAP'
+    - 'Manual penetration testing of forms'
+    - 'Unit tests for validation functions'
+  residual_risk: 'Low - Some zero-day vulnerabilities may remain'
+  owner: 'dev'
+  timeline: 'Before deployment'
+```
+## Outputs
+### Output 1: Gate YAML Block
+Generate for pasting into gate file under `risk_summary`:
+**Output rules:**
+- Only include assessed risks; do not emit placeholders
+- Sort risks by score (desc) when emitting highest and any tabular lists
+- If no risks: totals all zeros, omit highest, keep recommendations arrays empty
+```yaml
+# risk_summary (paste into gate file):
+risk_summary:
+  totals:
+    critical: X # score 9
+    high: Y # score 6
+    medium: Z # score 4
+    low: W # score 2-3
+  highest:
+    id: SEC-001
+    score: 9
+    title: 'XSS on profile form'
+  recommendations:
+    must_fix:
+      - 'Add input sanitization & CSP'
+    monitor:
+      - 'Add security alerts for auth endpoints'
+```
+### Output 2: Markdown Report
+**Save to:** `qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md`
+```markdown
+# Risk Profile: Story {epic}.{story}
+Date: {date}
+Reviewer: Quinn (Test Architect)
+## Executive Summary
+- Total Risks Identified: X
+- Critical Risks: Y
+- High Risks: Z
+- Risk Score: XX/100 (calculated)
+## Critical Risks Requiring Immediate Attention
+### 1. [ID]: Risk Title
+**Score: 9 (Critical)**
+**Probability**: High - Detailed reasoning
+**Impact**: High - Potential consequences
+**Mitigation**:
+- Immediate action required
+- Specific steps to take
+  **Testing Focus**: Specific test scenarios needed
+## Risk Distribution
+### By Category
+- Security: X risks (Y critical)
+- Performance: X risks (Y critical)
+- Data: X risks (Y critical)
+- Business: X risks (Y critical)
+- Operational: X risks (Y critical)
+### By Component
+- Frontend: X risks
+- Backend: X risks
+- Database: X risks
+- Infrastructure: X risks
+## Detailed Risk Register
+[Full table of all risks with scores and mitigations]
+## Risk-Based Testing Strategy
+### Priority 1: Critical Risk Tests
+- Test scenarios for critical risks
+- Required test types (security, load, chaos)
+- Test data requirements
+### Priority 2: High Risk Tests
+- Integration test scenarios
+- Edge case coverage
+### Priority 3: Medium/Low Risk Tests
+- Standard functional tests
+- Regression test suite
+## Risk Acceptance Criteria
+### Must Fix Before Production
+- All critical risks (score 9)
+- High risks affecting security/data
+### Can Deploy with Mitigation
+- Medium risks with compensating controls
+- Low risks with monitoring in place
+### Accepted Risks
+- Document any risks team accepts
+- Include sign-off from appropriate authority
+## Monitoring Requirements
+Post-deployment monitoring for:
+- Performance metrics for PERF risks
+- Security alerts for SEC risks
+- Error rates for operational risks
+- Business KPIs for business risks
+## Risk Review Triggers
+Review and update risk profile when:
+- Architecture changes significantly
+- New integrations added
+- Security vulnerabilities discovered
+- Performance issues reported
+- Regulatory requirements change
+```
+## Risk Scoring Algorithm
+Calculate overall story risk score:
+```text
+Base Score = 100
+For each risk:
+  - Critical (9): Deduct 20 points
+  - High (6): Deduct 10 points
+  - Medium (4): Deduct 5 points
+  - Low (2-3): Deduct 2 points
+Minimum score = 0 (extremely risky)
+Maximum score = 100 (minimal risk)
+```
+## Risk-Based Recommendations
+Based on risk profile, recommend:
+1. **Testing Priority**
+   - Which tests to run first
+   - Additional test types needed
+   - Test environment requirements
+2. **Development Focus**
+   - Code review emphasis areas
+   - Additional validation needed
+   - Security controls to implement
+3. **Deployment Strategy**
+   - Phased rollout for high-risk changes
+   - Feature flags for risky features
+   - Rollback procedures
+4. **Monitoring Setup**
+   - Metrics to track
+   - Alerts to configure
+   - Dashboard requirements
+## Integration with Quality Gates
+**Deterministic gate mapping:**
+- Any risk with score ≥ 9 → Gate = FAIL (unless waived)
+- Else if any score ≥ 6 → Gate = CONCERNS
+- Else → Gate = PASS
+- Unmitigated risks → Document in gate
+### Output 3: Story Hook Line
+**Print this line for review task to quote:**
+```text
+Risk profile: qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md
+```
+## Key Principles
+- Identify risks early and systematically
+- Use consistent probability × impact scoring
+- Provide actionable mitigation strategies
+- Link risks to specific test requirements
+- Track residual risk after mitigation
+- Update risk profile as story evolves

package/bmad-core/tasks/scaffold-backend.md ADDED Viewed

@@ -0,0 +1,111 @@
+# Scaffold Backend Microservice
+## Purpose
+Generate complete microservice structure with Hexagonal Architecture + DDD principles using NestJS.
+**CRITICAL**: Always use NestJS 10+ with TypeScript, Prisma ORM, and strict hexagonal architecture patterns. No raw queries allowed - use Prisma for all database operations.
+## Task Configuration
+```yaml
+elicit: true
+interactive: true
+required_params:
+  - service_name
+  - domain_contexts
+optional_params:
+  - database_type
+  - messaging_transport
+  - shared_libraries
+```
+## Task Execution
+### Step 1: Elicit Service Requirements
+Ask user for the following information:
+**Service Name**: What would you like to name your microservice? (use kebab-case)
+**Domain Contexts**: List the main bounded contexts for this service (e.g., quotes, products, billing)
+**Database Type**: Which database will this service use? (PostgreSQL, MySQL, MongoDB - default: PostgreSQL)
+**Messaging Transport**: What messaging transport? (Redis, RabbitMQ, gRPC - default: Redis)
+**Shared Libraries**: Any existing shared libraries to include? (optional)
+### Step 2: Generate MonoRepo Structure
+Create the following Nx workspace structure:
+```
+apps/{service-name}/
+├── src/
+│   ├── modules/
+│   │   └── {context}/
+│   │       ├── application/
+│   │       │   ├── ports/
+│   │       │   ├── use-cases/
+│   │       │   ├── commands/
+│   │       │   ├── queries/
+│   │       │   └── dto/
+│   │       ├── domain/
+│   │       │   ├── entities/
+│   │       │   ├── value-objects/
+│   │       │   ├── aggregates/
+│   │       │   ├── events/
+│   │       │   └── services/
+│   │       └── infrastructure/
+│   │           ├── repositories/
+│   │           ├── services/
+│   │           └── events/
+│   ├── api/
+│   │   ├── controllers/
+│   │   ├── guards/
+│   │   ├── middlewares/
+│   │   └── filters/
+│   ├── config/
+│   ├── main.ts
+│   └── app.module.ts
+├── test/
+├── prisma/
+│   ├── schema.prisma
+│   └── migrations/
+└── package.json
+```
+### Step 3: Setup NestJS Configuration
+- Initialize NestJS application with TypeScript
+- Configure Nx workspace if not exists
+- Setup Prisma with selected database
+- Configure dependency injection container
+- Setup validation with class-validator
+- Configure Swagger/OpenAPI documentation
+- Setup health checks and monitoring
+### Step 4: Generate Domain Contexts
+For each bounded context:
+- Create hexagonal architecture layers
+- Generate base domain entities with DDD patterns
+- Create application ports (interfaces)
+- Setup infrastructure adapters
+- Create Prisma schema definitions
+- Generate initial use cases
+### Step 5: Setup Shared Infrastructure
+- Configure JWT authentication
+- Setup Redis for caching and messaging
+- Configure CORS and security headers
+- Setup logging with Winston
+- Configure environment variables
+- Setup database connection pooling
+### Step 6: Generate Initial Tests
+- Unit tests for domain entities
+- Integration tests for use cases
+- E2E tests for API endpoints
+- Repository tests with test database
+- Mocking strategies for external dependencies
+## Completion Criteria
+- MonoRepo structure follows hexagonal architecture
+- All dependencies properly configured
+- Prisma schema generated and migrated
+- TypeScript compiles without errors
+- Initial tests pass
+- Swagger documentation accessible
+- Health checks responding

package/bmad-core/tasks/scaffold-frontend.md ADDED Viewed

@@ -0,0 +1,79 @@
+# Scaffold Frontend Project
+## Purpose
+Generate complete frontend project structure with Clean Architecture + DDD principles.
+**CRITICAL**: Always use Next.js 14+ with App Router as the default framework. Only use pure React + Vite when user explicitly mentions offline-first functionality or specifically requests non-Next.js setup.
+## Task Configuration
+```yaml
+elicit: true
+interactive: true
+required_params:
+  - project_name
+  - features
+optional_params:
+  - pwa_enabled
+  - theme_config
+```
+## Task Execution
+### Step 1: Elicit Project Requirements
+Ask user for the following information:
+**Project Name**: What would you like to name your frontend project?
+**Initial Features**: List the main features/modules you want to start with (e.g., auth, dashboard, profile)
+**PWA Enabled**: Do you want Progressive Web App capabilities? (default: yes)
+**Theme Configuration**: Do you have specific theme/brand requirements?
+### Step 2: Generate Project Structure
+Create the following folder structure:
+```
+src/
+├── features/
+│   └── shared/
+│       ├── components/
+│       ├── hooks/
+│       ├── utils/
+│       └── types/
+├── app/
+│   ├── providers/
+│   ├── router/
+│   └── store/
+└── infrastructure/
+    ├── api/
+    ├── storage/
+    └── pwa/
+```
+### Step 3: Setup Configuration Files
+- Initialize Next.js 14+ project with TypeScript
+- Configure Next.js config for App Router
+- Setup TailwindCSS + Shadcn/ui integration
+- Configure Vitest for testing (with Next.js)
+- Setup ESLint + Prettier (Next.js config)
+- Configure PWA with Next.js PWA plugin if requested
+- Setup environment configuration
+### Step 4: Generate Initial Features
+For each feature requested:
+- Create feature folder with DDD structure
+- Generate basic domain entities
+- Create application layer with hooks and stores
+- Setup infrastructure layer with API clients
+- Create presentation layer with basic components
+### Step 5: Validation
+- Verify all files compile without errors
+- Run initial tests
+- Check TypeScript strict mode compliance
+- Validate folder structure follows Clean Architecture
+## Completion Criteria
+- Project structure matches Clean Architecture patterns
+- All dependencies are properly installed
+- Initial features are scaffolded with all layers
+- TypeScript compiles without errors
+- Basic tests pass