yadflow 2.17.0 → 2.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -3
- package/README.md +60 -638
- package/bin/yad.mjs +24 -0
- package/cli/docs.mjs +6 -5
- package/cli/doctor.mjs +31 -1
- package/cli/epic-state.mjs +152 -0
- package/cli/manifest.mjs +6 -0
- package/cli/thread.mjs +174 -0
- package/package.json +5 -4
- package/skills/sdlc/config.yaml +46 -1
- package/skills/sdlc/install.sh +1 -1
- package/skills/sdlc/module-help.csv +4 -0
- package/skills/yad-change/SKILL.md +174 -0
- package/skills/yad-change/references/triage.md +102 -0
- package/skills/yad-checks/SKILL.md +13 -1
- package/skills/yad-checks/references/check-gates.md +27 -0
- package/skills/yad-checks/templates/checks/epic-open.sh +98 -0
- package/skills/yad-checks/templates/checks/lineage-check.sh +97 -0
- package/skills/yad-checks/templates/checks/reconcile-debt-check.sh +105 -0
- package/skills/yad-checks/templates/github/yad-checks.yml +25 -0
- package/skills/yad-checks/templates/gitlab/yad-checks.gitlab-ci.yml +20 -0
- package/skills/yad-defects/SKILL.md +79 -0
- package/skills/yad-docs-overview/SKILL.md +1 -1
- package/skills/yad-docs-overview/references/pipeline-model.md +22 -3
- package/skills/yad-epic/references/state-schema.md +106 -0
- package/skills/yad-reconcile/SKILL.md +75 -0
- package/skills/yad-timeline/SKILL.md +78 -0
package/README.md
CHANGED
|
@@ -1,670 +1,92 @@
|
|
|
1
|
-
# Yadflow —
|
|
1
|
+
# Yadflow — keep AI-generated code from shipping ungoverned
|
|
2
2
|
|
|
3
3
|
[](https://www.npmjs.com/package/yadflow)
|
|
4
4
|
[](https://github.com/abdelrahmannasr/yadflow/actions/workflows/ci.yml)
|
|
5
|
-
[](https://docs.npmjs.com/generating-provenance-statements)
|
|
6
5
|
[](https://github.com/abdelrahmannasr/yadflow/blob/main/package.json)
|
|
7
|
-
[](https://github.com/abdelrahmannasr/yadflow/blob/main/SECURITY.md)
|
|
8
6
|
[](https://abdelrahmannasr.github.io/yadflow/)
|
|
9
7
|
|
|
10
|
-
|
|
11
|
-
|
|
8
|
+
**A gated software-development lifecycle where AI builds and a human approves every step.**
|
|
9
|
+
*AI builds. The hand decides.* (*yad* — **يد**, Arabic for "hand".) On npm and GitHub as `yadflow`.
|
|
12
10
|
|
|
13
|
-
|
|
14
|
-
moves every gate. *AI builds. The hand decides.* On npm and GitHub as `yadflow`.
|
|
11
|
+
## The problem
|
|
15
12
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
13
|
+
AI writes code faster than any team can review it. Left ungoverned, that speed turns into risk:
|
|
14
|
+
unreviewed AI-generated changes merge straight into the codebase, architectural decisions get made
|
|
15
|
+
by autocomplete, and the trail of *why* a change was made disappears. The faster the team ships with
|
|
16
|
+
AI, the harder it gets to keep control of quality, architecture, and accountability.
|
|
20
17
|
|
|
21
|
-
|
|
22
|
-
a scaffolded module that installs cleanly, and a working **team review gate** you run by hand.
|
|
18
|
+
## What Yadflow is
|
|
23
19
|
|
|
24
|
-
|
|
20
|
+
Yadflow puts a **human gate on every step** of the lifecycle. Each step does its work, writes its
|
|
21
|
+
output to a plain file, and **waits** — it never advances until a human approves it (or, later, until
|
|
22
|
+
a step has *earned* the right to auto-advance). Reviews ride real PR/MRs; all state lives in files you
|
|
23
|
+
can read, diff, and edit — no database, nothing hidden. The result is a paper trail for every decision
|
|
24
|
+
and a hard wall between "AI proposed" and "we shipped it."
|
|
25
25
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
all; `yad-hub-bridge` mirrors front-half reviews to real PR/MRs.
|
|
26
|
+
It installs as a custom [BMAD](https://github.com/bmad-code-org/BMAD-METHOD) module and works across
|
|
27
|
+
one product hub + many code repos, solo or team.
|
|
28
|
+
|
|
29
|
+
## How the workflow looks
|
|
31
30
|
|
|
32
31
|
<!-- Source: docs/diagrams/sdlc-overview.mmd — edit the .mmd and run `npm run diagrams` to regenerate -->
|
|
33
32
|

|
|
34
33
|
|
|
35
|
-
**Legend
|
|
36
|
-
**
|
|
37
|
-
|
|
38
|
-
<span>⬜ dashed</span> **locked** = the engineer review and every front state, **permanently
|
|
39
|
-
human**. Detailed walkthroughs for each phase follow below.
|
|
40
|
-
|
|
41
|
-
## What's here
|
|
42
|
-
|
|
43
|
-
| Path | What it is |
|
|
44
|
-
|------|-----------|
|
|
45
|
-
| `RESEARCH-NOTES.md` | Verified Phase 0 facts about BMAD, Spec Kit, Repomix, Impeccable + deviations. |
|
|
46
|
-
| `skills/sdlc/` | Module source of truth (`config.yaml`, `module-help.csv`, `install.sh`). Survives BMAD updates. |
|
|
47
|
-
| `bin/`, `cli/` | The `yad` setup/update CLI (published to npm as `yadflow`). |
|
|
48
|
-
| `skills/yad-discovery/` | Optional front-zero (once per project, greenfield + brownfield): market research, competitor study, feasibility, current-state, requirements (functional + non-functional) and a phased roadmap (MVP+) under the reserved `EP-discovery`. `roadmap.md` is the menu of features each epic reads. |
|
|
49
|
-
| `skills/yad-analysis/` | Optional front state 1: pressure-test the idea with the analyst into `analysis.md` (skippable). |
|
|
50
|
-
| `skills/yad-epic/` | Front state 1: author an epic with AI assist, assign its `EP-<slug>` ID, seed state. |
|
|
51
|
-
| `skills/yad-architecture/` | Front state 3: author `architecture.md` + the locked `contract.md`; hash-lock the contract surface. |
|
|
52
|
-
| `skills/yad-ui/` | Front state 5: author `ui-design.md` + `DESIGN.md` (Impeccable slash-commands, or graceful fallback). |
|
|
53
|
-
| `skills/yad-stories/` | Front state 7: break the epic into repo-tagged stories with stable `EP-<slug>-S0N` IDs. |
|
|
54
|
-
| `skills/yad-test-cases/` | Front state 9: with the test architect author `test-cases.md`; implement the automation in the connected testing tool, or produce artifacts only. |
|
|
55
|
-
| `skills/yad-connect-repos/` | Connect code repos to the hub (GitHub/GitLab, local-user auth); cache a Repomix pack + **code-map** per repo so the front phases are code-aware. |
|
|
56
|
-
| `skills/yad-connect-learning/` | Connect a learning tool (DeepTutor-first, pluggable) — a CLI subprocess like Repomix; record `.sdlc/learning.json` + an optional grounded knowledge base. |
|
|
57
|
-
| `skills/yad-learn/` | The cross-cutting **learning layer**: tutor any member, at any stage, in the context of what's being built; records a personal, local-only skills log (gitignored, never committed/pushed). Opt-in, never gates. |
|
|
58
|
-
| `skills/yad-review-gate/` | The reusable **team review + approve gate** (used for all five reviews). |
|
|
59
|
-
| `skills/yad-spec/` | Build Step A: run the Spec Kit ceremony once per story per repo → `specs/<story-id>/`. |
|
|
60
|
-
| `skills/yad-implement/` | Build Step B: implement ONE atomic task as a small diff on its own branch. |
|
|
61
|
-
| `skills/yad-checks/` | Build Step C: wire + run the CI gates (spec-link, contract-check, build/test/lint, verified-commits). |
|
|
62
|
-
| `skills/yad-pr-template/` | Build Step D: install the platform PR/MR template + risk routing (code repos **and** the hub). |
|
|
63
|
-
| `skills/yad-review-comments/` | Install platform-matched PR/MR review-comment scaffolds (code repos and the hub). |
|
|
64
|
-
| `skills/yad-hub-bridge/` | The templated PR/MR **review bridge**: open a review PR/MR on the hub and sync platform approvals/comments into the file ledger. |
|
|
65
|
-
| `skills/yad-commit/` | Build helper: commit ONE staged atomic change by the conventions (Conventional subject, trailers, `--ai` footer, ≤3-file guard). |
|
|
66
|
-
| `skills/yad-open-pr/` | Build helper: open a code-repo task PR/MR from the committed template (push, prefill, roster auto-assign). |
|
|
67
|
-
| `skills/yad-ship/` | Build helper: commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`). |
|
|
68
|
-
| `skills/yad-engineer-review/` | Build Step E: AI review (advisory) → engineer review → merge + record in the build log. |
|
|
69
|
-
| `skills/yad-backfill/` | Generate a human-verified spec for already-built code (Repomix), gated per touched feature. |
|
|
70
|
-
| `skills/yad-run/` | Phase 4 orchestrator: drive a story's back half on the `automation` dial; kill switch. |
|
|
71
|
-
| `skills/yad-status/` | Read-only view: front chain, build-half dials, trust record, fleet roll-up. |
|
|
72
|
-
| `epics/EP-istifta-inquiries/` | A worked demo epic run **end to end** (front half + build half + automation). |
|
|
73
|
-
| `demo-repos/` | Throwaway code repos for the build half (separate git repos; regenerable — see `demo-repos/README.md`). |
|
|
74
|
-
| `docs/` | The phased build plans (`phase-2`…`phase-5`) and the original workflow design. |
|
|
75
|
-
| [`CONTRIBUTING.md`](CONTRIBUTING.md) | Commit & PR/MR title convention (Conventional Commits, lowercase after the type). |
|
|
76
|
-
|
|
77
|
-
## The `yad` CLI (install, update, reconcile)
|
|
78
|
-
|
|
79
|
-
The module ships a zero-dependency CLI, published to npm as
|
|
80
|
-
[`yadflow`](https://www.npmjs.com/package/yadflow). Run it
|
|
81
|
-
with `npx` from your **product hub** repo — no clone needed.
|
|
82
|
-
|
|
83
|
-
> **Platform support.** Linux and macOS are first-class — the test suite, the bash check gates, and
|
|
84
|
-
> the end-to-end harness all run on both in CI. The CLI shells out to `git` (and the bash gate
|
|
85
|
-
> scripts), so on **Windows use [WSL](https://learn.microsoft.com/windows/wsl/)**; native PowerShell
|
|
86
|
-
> is not yet supported. Requires **Node.js ≥ 18**.
|
|
87
|
-
|
|
88
|
-
| Command | What it does |
|
|
89
|
-
|---------|--------------|
|
|
90
|
-
| `npx yadflow setup` | Guided first-run wizard — a short **profile interview** (solo/team, greenfield/brownfield, monorepo/separate) then the branched steps below. Pre-answer for CI/scripts with `--solo`/`--team <n>`, `--greenfield`/`--brownfield`, `--monorepo`/`--separate`, `--tools`. |
|
|
91
|
-
| `yad next [<epic>]` | **Where am I / what next.** With no epic: project-wide orientation — the one next action (run setup, start an epic, or the single active epic's step). With an epic: that epic's exact next action (a skill to invoke or a `yad` command to run). `yad next <epic> --check <step>` exits non-zero when a step is run out of order (the precondition guard); `yad next --all` lists every epic's next action. |
|
|
92
|
-
| `npx yadflow check` | Read-only report: what is **missing** / **outdated** (drifted) / **stale** (code-context) / **legacy** (pre-2.0 `sdlc-*` names) vs the bundled manifest. |
|
|
93
|
-
| `npx yadflow check --fix` | Reconcile: fill what is missing **and** update what changed — touches nothing already correct. |
|
|
94
|
-
| `npx yadflow update` | Apply drift only (alias for `check --fix --scope=changed`). Also migrates a pre-2.0 install in place: `sdlc-*` skill copies and marker-owned `sdlc-*.yml` CI files are replaced by their `yad-*` names (a same-named file *you* authored is never touched). |
|
|
95
|
-
| `npx yadflow doctor [--json]` | Environment + state health: tools on PATH and platform auth, config files parse and point at real repos, every epic ledger loads. Exit 1 on any failure; `--json` for CI and bug reports. |
|
|
96
|
-
| `yad roster list` / `yad roster add <login>` | Manage the reviewer roster + per-repo roles **any time** (not just at setup). `add` upserts a member then walks each connected repo asking for their role; `grant`/`revoke <name> <repo> <role>` and `remove <login>` round it out. A `domain-owner` grant keeps `repos.json` `domain_owners` in sync. |
|
|
97
|
-
| `yad gate open <epic> <artifact>` | Open the front-half **review PR/MR** for an artifact and mark the step `in_review`. |
|
|
98
|
-
| `yad gate sync <epic> [artifact]` | Pull the PR/MR's reviews + comment threads into the file ledger; **auto-advance** the step when approvals are satisfied, all threads are resolved, and the PR is merged. |
|
|
99
|
-
| `yad gate comments <epic> [artifact]` | Fetch the unresolved review comments to address (then reply on the PR; reviewers resolve their threads). |
|
|
100
|
-
| `yad gate status <epic>` | Show each review step and its recorded approvals. |
|
|
101
|
-
| `yad gate ci [--branch <head>] [--pr <n>]` | The CI entry the hub workflow calls on review/merge events: derive the epic/artifact from the `review/EP-*` branch, run the same sync, and commit **only the ledger** to the hub default branch (sweep every open review PR when no `--branch`). |
|
|
102
|
-
| `yad commit --type <t> -m <subject>` | Commit by the SDLC convention — Conventional subject, `Task`/`Contract-Change`/`Co-Authored-By` trailers, atomic-file guard. |
|
|
103
|
-
| `yad open-pr [--repo <name>]` | Open a **task** PR/MR from the platform template (build half). **Stage-aware on the hub:** a `review/EP-*` branch opens the front-half artifact-review PR (delegates to `yad gate open`); any other hub branch uses the code-task template (so hub tooling PRs pass the `pr-template` gate). |
|
|
104
|
-
| `yad ship --type <t> -m <subject>` | Commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`) — stage-aware, same as `open-pr`. |
|
|
105
|
-
| `yad repo list` / `yad repo refresh [name]` | List connected repos as **fresh / stale**, and re-pack a stale one — staleness is now an explicit human decision, never an automatic skill side-effect. |
|
|
106
|
-
| `yad repo sync [name]` | Switch every connected repo to its **default branch** and fast-forward it from origin (one or all). Dirty repos are skipped, never overwritten; fast-forward only. |
|
|
107
|
-
| `npx yadflow --version` | Print the installed CLI version. |
|
|
108
|
-
|
|
109
|
-
Flags: `--dir <path>` targets a project other than the cwd; `--force` re-copies unchanged files (or
|
|
110
|
-
bypasses the commit atomic guard). Commit flags: `--type`, `-m/--message`, `--task`, `--ai
|
|
111
|
-
<claude\|copilot\|cursor\|coderabbit\|none>`, `--contract-change`, `--dry-run`. `open-pr` flags:
|
|
112
|
-
`--repo`, `--risk <low\|medium\|high>`, `--contract-change`. `ship` takes the union of the `commit`
|
|
113
|
-
and `open-pr` flags (it runs `open-pr` only if the commit lands).
|
|
114
|
-
|
|
115
|
-
### The PR-driven review gate
|
|
116
|
-
|
|
117
|
-
The front-half gate now rides the **PR/MR you open per step** (`yad gate open`). Reviewers approve and
|
|
118
|
-
comment on the platform; `yad gate sync` maps that state into the file ledger (`approvals.json`,
|
|
119
|
-
`comments.json`, `reviews/*.md`) — which stays the source of truth — and the step **auto-advances on
|
|
120
|
-
merge** once three things hold: the reviewer rule is satisfied (owner + 1 reviewer, plus a domain-owner
|
|
121
|
-
per touched repo on escalated steps), every comment thread is resolved, and the review PR/MR is merged.
|
|
122
|
-
The merge click is the human approval act, so front steps still never `machine_advance`. Approvals are
|
|
123
|
-
**revoked when the reviewed artifact actually changes** (re-hash), giving reviewers a fresh pass. With no
|
|
124
|
-
hub platform / no `gh`/`glab`, the gate degrades to file-only with no error.
|
|
125
|
-
|
|
126
|
-
**Solo mode.** A lone developer can't approve their own PR on GitHub, so an approval requirement would
|
|
127
|
-
deadlock them. Opt in (`yad setup --solo`, recorded as `solo: true` in `.sdlc/hub.json`) and the gate
|
|
128
|
-
**waives the approval requirement only** — the review PR/MR and its merge stay, so CI still runs on the
|
|
129
|
-
PR and the **merge** advances the step. Net: the gate passes on *merged + all threads resolved*. It's a
|
|
130
|
-
documented, reversible relaxation; `yad doctor` warns if branch protection still "requires approvals"
|
|
131
|
-
(which would block the solo dev's own merge).
|
|
132
|
-
|
|
133
|
-
**Event-driven sync.** Wire the hub once (`yad check --fix` installs `.github/workflows/yad-gate-sync.yml`,
|
|
134
|
-
or the GitLab fragment + schedule) and every **approval, change request, and merge** on a review PR/MR
|
|
135
|
-
triggers `yad gate ci` in the hub's own CI: the ledger updates land directly on the hub's default branch
|
|
136
|
-
— no manual `yad gate sync` needed (it stays valid as the fallback). CI never approves and never merges;
|
|
137
|
-
the human keeps the merge click. GitLab caveat: approvals are only picked up by the ~15-min scheduled
|
|
138
|
-
sweep (GitLab fires no pipeline on approval) — details in `skills/yad-hub-bridge/references/bridge.md`.
|
|
139
|
-
Concurrency caveat: on GitHub the workflow's `concurrency` group serializes runs repo-wide and every
|
|
140
|
-
sync re-reads the full platform state, so racing reviewer events lose nothing. Outside that group —
|
|
141
|
-
a manual `yad gate sync` racing CI, or GitLab pipelines — two simultaneous syncs serialize their
|
|
142
|
-
*commits* via the rebase retry but each works from the state it read at start, so the rarer of two
|
|
143
|
-
simultaneous advancements can be lost; the next event or scheduled sweep re-syncs and converges.
|
|
144
|
-
|
|
145
|
-
### What `setup` walks you through (a guided, branching interview)
|
|
146
|
-
|
|
147
|
-
Setup opens with a short **profile interview** — *solo or team (how many)? greenfield or brownfield?
|
|
148
|
-
monorepo or separate repos?* — and the answers (recorded in `.sdlc/hub.json` as `solo` + `profile`)
|
|
149
|
-
branch the rest so you only answer what your situation needs. Each step prints inline guidance (what it
|
|
150
|
-
does / why / what to enter / what skipping means), and the step count adapts.
|
|
151
|
-
|
|
152
|
-
0. **Profile** — the three questions above, plus "configure optional tools now?". Pre-answer for
|
|
153
|
-
CI/scripts with `--solo`/`--team <n>`, `--greenfield`/`--brownfield`, `--monorepo`/`--separate`, `--tools`.
|
|
154
|
-
1. **Preflight** — confirm the hub is a git repo (offers `git init`); check `git`/`node`/`npx`.
|
|
155
|
-
2. **Install the module** — copy all 31 `yad-*` skills into the IDE skill dirs you pick
|
|
156
|
-
(`.claude/`, `.agents/`, `.zencoder/`, `.opencode/`) and register `_bmad/sdlc/`.
|
|
157
|
-
3. **Hub platform & roster** — detect GitHub/GitLab from the remote; record reviewers → `.sdlc/hub.json`.
|
|
158
|
-
**Solo skips the roster** (you review by merging your own PR). Edit the roster any time with `yad roster`.
|
|
159
|
-
4. **Optional tools** — design (Figma/pencil), testing (Playwright/cypress/pytest), learning (DeepTutor).
|
|
160
|
-
Configure now, or **defer with one prompt** → all recorded as `none` (connect later with the
|
|
161
|
-
`yad-connect-*` skills; the MCPs/CLIs are confirmed there).
|
|
162
|
-
5. **Connect code repos** — register repos into `.sdlc/repos.json`. **Monorepo** connects one repo and
|
|
163
|
-
skips domain-owner prompts; **greenfield** skips the Repomix pack (run `yad repo refresh` once it has code).
|
|
164
|
-
6. **Wire each repo** — CI gates, PR/MR template, and review-comment scaffold.
|
|
165
|
-
7. **AI review** — optionally write `.coderabbit.yaml`.
|
|
166
|
-
8. **Done** — stamp `.sdlc/cli-version.json` and print a **profile-tailored next step** (brownfield →
|
|
167
|
-
`yad-backfill` first; everyone → `yad next` and your first epic via `yad-epic`).
|
|
168
|
-
|
|
169
|
-
The deterministic file work runs automatically; the AI-only steps are handed to the Claude Code skills
|
|
170
|
-
with a printed next-action. Re-run `… check --fix` any time the workflow updates — it never re-asks for
|
|
171
|
-
input you already gave; re-running `setup` carries your profile forward.
|
|
172
|
-
|
|
173
|
-
**Releases:** automated via semantic-release on merge to `main` (Conventional Commits → npm, with
|
|
174
|
-
provenance). See [`RELEASING.md`](RELEASING.md).
|
|
175
|
-
|
|
176
|
-
**Maintainers / no-CLI fallback:** the underlying copy is still a single script —
|
|
177
|
-
`bash skills/sdlc/install.sh` — which the CLI's install step is a port of. The **source** stays in
|
|
178
|
-
`skills/`, which a `bmad-method` update does not touch, so after any BMAD update just re-run the CLI
|
|
179
|
-
(`… check --fix`) or the script.
|
|
180
|
-
|
|
181
|
-
> **Releases are automated.** A `feat:`/`fix:` commit merged to `main` triggers
|
|
182
|
-
> [semantic-release](https://semantic-release.gitbook.io/): it computes the version from the
|
|
183
|
-
> [Conventional Commits](CONTRIBUTING.md), publishes to npm with build provenance (tokenless OIDC),
|
|
184
|
-
> ships the `CHANGELOG.md` in the tarball, and cuts a GitHub release. No manual `npm publish`. See
|
|
185
|
-
> [`RELEASING.md`](RELEASING.md).
|
|
186
|
-
|
|
187
|
-
### Troubleshooting (`yad doctor` + error codes)
|
|
188
|
-
|
|
189
|
-
When something is off, run `yad doctor` first — it checks the environment (git, gh/glab auth, node
|
|
190
|
-
version), the project state (`.sdlc/*.json` parse and point at real repos), and every epic ledger,
|
|
191
|
-
with a fix-it hint per finding. Failures carry stable, greppable codes, also printed by any failing
|
|
192
|
-
`yad` command:
|
|
193
|
-
|
|
194
|
-
| Code | Meaning | Fix |
|
|
195
|
-
|------|---------|-----|
|
|
196
|
-
| `YAD-ENV-001` | git is not installed or not on PATH | install git — every yad command needs it |
|
|
197
|
-
| `YAD-ENV-002` | platform CLI (gh/glab) missing or not authenticated | install it and authenticate — `gh auth login` (GitHub) or `glab auth login` (GitLab); the gate degrades to file-only without it |
|
|
198
|
-
| `YAD-ENV-003` | Node.js older than the supported range | install Node >= 18 |
|
|
199
|
-
| `YAD-STATE-001` | a ledger/config JSON file exists but does not parse | fix the file or restore from git — never delete a ledger blindly |
|
|
200
|
-
| `YAD-STATE-002` | a ledger/config file parses but has the wrong shape | fix the file or restore from git (the message names the field) |
|
|
201
|
-
| `YAD-STATE-003` | a registered repo path is missing or not a git repo | fix the path in `.sdlc/repos.json` or re-connect the repo |
|
|
202
|
-
| `YAD-CFG-001` | `hub.json` names an unknown platform | expected `github`, `gitlab`, or `null` — fix it or re-run `yad setup` |
|
|
203
|
-
| `YAD-CFG-002` | `design.json` names an unknown design tool | expected one of `config.yaml` `design.tools` (e.g. `figma`, `pencil`), or `none` — fix it or re-run `yad setup` |
|
|
204
|
-
| `YAD-CFG-003` | `testing.json` names an unknown testing tool | expected one of `config.yaml` `testing.tools` (e.g. `playwright`, `cypress`, `pytest`), or `none` — fix it or re-run `yad setup` |
|
|
205
|
-
| `YAD-CFG-004` | `learning.json` names an unknown learning tool | expected one of `config.yaml` `learning.tools` (e.g. `deeptutor`), or `none` — fix it or re-run `yad setup` |
|
|
206
|
-
|
|
207
|
-
Filing a bug? Attach `yad doctor --json` — it contains no secrets (names, paths, and check results only).
|
|
208
|
-
|
|
209
|
-
## Agent skills (all 31)
|
|
210
|
-
|
|
211
|
-
The CLI **installs and wires** the module; the skills below are the **agents you invoke by name** in your
|
|
212
|
-
AI IDE (e.g. *“run `yad-epic`”*) to actually do the work. State lives in files you can also edit
|
|
213
|
-
directly. Each skill stops at a gate and never auto-advances unless a step has *earned* automation.
|
|
214
|
-
|
|
215
|
-
### Setup & code-awareness
|
|
216
|
-
|
|
217
|
-
- **`yad-connect-repos`** — Connects code repos to the product hub so the front/"brain" phases are
|
|
218
|
-
code-aware. Registers N code repos (GitHub or GitLab, local-user auth, no stored tokens) into
|
|
219
|
-
`.sdlc/repos.json`, then caches an AI-readable picture of each — a compressed Repomix pack and a
|
|
220
|
-
lightweight code-map (existing endpoints/events/data-models/modules), secret-scanned. Idempotent and
|
|
221
|
-
refreshable; staleness tracked by HEAD sha.
|
|
222
|
-
- **`yad-sync-repos`** — Brings every connected repo up to date in one shot: switches each repo in
|
|
223
|
-
`.sdlc/repos.json` to its `default_branch` and fast-forwards it from origin (local-user git, no stored
|
|
224
|
-
tokens). A working-tree-only maintenance op — never a gate, never writes the registry. A dirty repo is
|
|
225
|
-
skipped and reported (never overwritten); a diverged branch is left for manual resolution. Drives
|
|
226
|
-
`yad repo sync [name]`.
|
|
227
|
-
- **`yad-connect-design`** — Connects a design tool (Figma-first, pluggable) so the UI step can
|
|
228
|
-
materialize the actual feature design (mobile screens / web pages) inside it, alongside the Markdown.
|
|
229
|
-
Records the tool + project/file references in `.sdlc/design.json` (local-user / MCP-session auth, no
|
|
230
|
-
stored tokens), detecting the design-tool MCP and degrading to markdown-only when absent. Idempotent
|
|
231
|
-
and refreshable; one connection per project.
|
|
232
|
-
- **`yad-connect-testing`** — Connects a testing tool (Playwright-first, pluggable) so the test-cases
|
|
233
|
-
step can implement the actual automation tests inside it, alongside the Markdown. Records the tool +
|
|
234
|
-
project/suite references in `.sdlc/testing.json` (local-user / MCP-session auth, no stored tokens),
|
|
235
|
-
detecting the testing-tool MCP and degrading to artifacts-only when absent. Idempotent and
|
|
236
|
-
refreshable; one connection per project.
|
|
237
|
-
- **`yad-connect-learning`** — Connects a learning/tutoring tool (DeepTutor-first, pluggable) so the
|
|
238
|
-
cross-cutting learning layer can tutor any team member in the context of what's being built. Records
|
|
239
|
-
the tool + an optional grounded knowledge base in `.sdlc/learning.json` (local-user auth, no stored
|
|
240
|
-
tokens), detecting the **DeepTutor CLI on PATH** (a subprocess like Repomix — DeepTutor ships no MCP)
|
|
241
|
-
and degrading to **harness-native** tutoring when absent. Idempotent and refreshable; one connection
|
|
242
|
-
per project.
|
|
243
|
-
- **`yad-connect-docs`** — Connects a docs/Pages target (GitHub Pages / GitLab Pages, auto-detected from
|
|
244
|
-
`hub.json`) so the generated documentation sites can deploy. Records the target + scope + base path in
|
|
245
|
-
`.sdlc/docs.json` (local-user auth, no stored tokens), degrading to **build-only** when no Pages host /
|
|
246
|
-
CLI is present. Idempotent and refreshable; one connection per project.
|
|
247
|
-
|
|
248
|
-
### Living documentation (generated, themed, auto-kept-fresh)
|
|
249
|
-
|
|
250
|
-
- **`yad-docs`** — Generates an **interactive documentation site** for an epic (a React + Vite + Tailwind
|
|
251
|
-
SPA: an animated front-stage flow canvas + role-based stakeholder doc pages) from the authored
|
|
252
|
-
artifacts — `epic.md`, `architecture.md`, the locked `contract.md`, `ui-design.md`, the stories — into
|
|
253
|
-
`epics/EP-<slug>/docs-site/`, themed by the **connected design system** (`DESIGN.md` / `design.json`
|
|
254
|
-
tokens → the site's CSS). The content lives in generated `src/data/*.ts`; the shell is a vendored
|
|
255
|
-
template. An **output enrichment, never a gate** — it never touches epic state, approvals, or the
|
|
256
|
-
contract lock. `generate` / `refresh` / `deploy`.
|
|
257
|
-
- **`yad-docs-overview`** — Generates the project **SDLC-overview site** (`docs/sdlc-site/`) — every
|
|
258
|
-
stage from setup → ship as flow paths / system components / stakeholder roles, reusing the same shell —
|
|
259
|
-
superseding the hand-maintained `docs/index.html` (folded into the site as `public/report.html`, linked
|
|
260
|
-
from the nav).
|
|
261
|
-
- **`yad-docs-sync`** — Keeps the sites fresh: detects staleness (a content hash of the authored
|
|
262
|
-
artifacts + the connected repos' HEAD shas vs each site's build manifest), regenerates + redeploys, and
|
|
263
|
-
can wire a CI job that rebuilds on push. Generalizes the rule that feature work must hand-update the
|
|
264
|
-
docs — the overview now regenerates whenever the skill set / pipeline changes.
|
|
265
|
-
|
|
266
|
-
### The learning layer (cross-cutting — any member, any stage)
|
|
267
|
-
|
|
268
|
-
- **`yad-learn`** — At **any** SDLC stage, a team member can ask to learn a concept and be tutored *in
|
|
269
|
-
the context of what the team is building* — e.g. *"teach me why the architecture hash-locks the
|
|
270
|
-
contract surface"*. Routes the request to the connected learning tool (`.sdlc/learning.json`,
|
|
271
|
-
DeepTutor-first) grounded in the project knowledge base, or degrades to **harness-native** tutoring
|
|
272
|
-
(the harness model reading the artifacts) when nothing is connected — so it always works. Renders a
|
|
273
|
-
tutorial artifact and appends to a per-member **learning ledger** kept **local-only** (gitignored,
|
|
274
|
-
never committed or pushed — to the hub or any code repo) so it stays a private, personal **skills log**
|
|
275
|
-
(`yad-status` rolls up the local records). **Purely opt-in — it never blocks a gate** and
|
|
276
|
-
never touches epic state, approvals, or the contract lock. *AI builds, the hand decides* — and now the
|
|
277
|
-
hand can also learn, on demand, what it is deciding about.
|
|
278
|
-
|
|
279
|
-
### Front-zero — frame the whole project (once per project, optional, human-gated)
|
|
280
|
-
|
|
281
|
-
- **`yad-discovery`** — *Optional* front-zero, for **greenfield and brownfield**. With the analyst
|
|
282
|
-
and pm, run market research, a **competitor study** (both modes), a feasibility study, and — in
|
|
283
|
-
brownfield — a code-aware current-state study, then distil a **functional + non-functional
|
|
284
|
-
requirements** list and a **phased roadmap** (an explicit **MVP** phase, then later phases) under the
|
|
285
|
-
reserved `EP-discovery` ("epic zero"). It is gated by the same review gate (base rule: owner + 1
|
|
286
|
-
reviewer); on approval it terminates at `discovery-done` (no build half). Its `roadmap.md` is the menu
|
|
287
|
-
of features — each `yad-epic` reads it for project context (reference-only; discovery never
|
|
288
|
-
auto-seeds epics).
|
|
289
|
-
|
|
290
|
-
### Front half — author the "thinking" (once per epic, human-gated)
|
|
291
|
-
|
|
292
|
-
- **`yad-analysis`** — *Optional* front state 1. With the analyst, pressure-test a feature idea
|
|
293
|
-
and write the discovery brief into `analysis.md`. Assigns the `EP-<slug>` ID and seeds `.sdlc/` state
|
|
294
|
-
(the 12-step chain that puts analysis before epic). If skipped, the epic step does this shaping inline.
|
|
295
|
-
- **`yad-epic`** — The epic front state. Shape the idea with the analyst (or read `analysis.md`
|
|
296
|
-
when it already ran), then write the epic with the pm into `epic.md`. The entry point when analysis is
|
|
297
|
-
skipped: assigns the `EP-<slug>` ID and seeds `.sdlc/` state.
|
|
298
|
-
- **`yad-architecture`** — Front state 3. With the architect, author `architecture.md` and the
|
|
299
|
-
locked `contract.md` (the shared cross-repo surface), then hash-lock the contract surface into
|
|
300
|
-
`.sdlc/contract-lock.json`. Reads `epic.md`; escalates on the contract risk tag.
|
|
301
|
-
- **`yad-ui`** — Front state 5. With the ux-designer, author `ui-design.md` and `DESIGN.md`,
|
|
302
|
-
driving Impeccable as harness slash-commands (document/extract/craft) when installed, or authoring
|
|
303
|
-
directly when not. When a design tool is connected (`yad-connect-design`), also **materializes the
|
|
304
|
-
feature design** — mobile screens / web pages — in the tool (generate or link), recording the
|
|
305
|
-
screen→frame map in `design-links.json`; degrades to markdown-only otherwise. Reads epic + architecture.
|
|
306
|
-
- **`yad-stories`** — Front state 7. With the pm, break the approved epic into user stories, each
|
|
307
|
-
tagged with the repos that must implement it. Assigns zero-padded `EP-<slug>-S0N` IDs, one file per
|
|
308
|
-
story under `stories/`. Reads epic + architecture + contract + UI.
|
|
309
|
-
- **`yad-test-cases`** — Front state 9, a **parallel, non-blocking** track: it opens when the stories
|
|
310
|
-
gate passes (the epic is already `ready-for-build`, so the build half runs alongside it). With the
|
|
311
|
-
test architect (Murat), author `test-cases.md` covering the approved stories (risk-based P0–P3 cases +
|
|
312
|
-
story→case traceability). When a testing tool is connected (`yad-connect-testing`), also **implements
|
|
313
|
-
the automation tests** in the connected code repo(s) (generate or link), recording the case→test map in
|
|
314
|
-
`test-links.json`; degrades to artifacts-only otherwise. Reads epic + architecture + contract + UI +
|
|
315
|
-
stories.
|
|
34
|
+
**Legend:** 🟨 **artifact** (a step writes a file and stops) · 🟧 **gate** (a human review that must
|
|
35
|
+
pass) · 🟦 **earns automation** (a back step that can later auto-advance once it proves itself) ·
|
|
36
|
+
⬜ **locked** (the engineer review and every front state — permanently human).
|
|
316
37
|
|
|
317
|
-
|
|
38
|
+
## Quickstart
|
|
318
39
|
|
|
319
|
-
|
|
320
|
-
reviewer comments and approvals as files, enforces the **owner + 1 reviewer** rule (escalating to
|
|
321
|
-
domain owners on contract/auth/payments), and advances the epic state **only** when approval is
|
|
322
|
-
recorded.
|
|
323
|
-
- **`yad-hub-bridge`** — The templated PR/MR bridge for the front-half gate. When the hub has a platform
|
|
324
|
-
(`.sdlc/hub.json`), it opens a review PR/MR per artifact, sets the required reviewers/labels, and
|
|
325
|
-
provides the read-only `gh`/`glab` recipes that sync platform comments + approvals back into the file
|
|
326
|
-
ledger. The file ledger stays the source of truth; degrades to a file-only gate with no platform.
|
|
327
|
-
- **`yad-review-comments`** — Installs platform-matched PR/MR review-comment scaffolds so reviewers
|
|
328
|
-
leave structured, attributable feedback that maps cleanly into the file ledger.
|
|
40
|
+
From your **product hub** repo (an empty git repo is fine):
|
|
329
41
|
|
|
330
|
-
### Build half — turn stories into shipped code (once per story, per repo)
|
|
331
|
-
|
|
332
|
-
- **`yad-spec`** — Step A. For one ready-for-build story and one of its repos, run the Spec Kit ceremony
|
|
333
|
-
once (specify → clarify → plan → analyze → checklist → tasks) → `specs/<story-id>/`. Drives `/speckit.*`
|
|
334
|
-
when installed; references the locked contract — never re-invents the surface.
|
|
335
|
-
- **`yad-implement`** — Step B. With the dev lens, implement **one** atomic task as a small diff
|
|
336
|
-
(≤3 files) on its own branch. The diff stays inside the files the task declared (flag and STOP if it
|
|
337
|
-
would grow). Commit ends with the task ID; `Contract-Change: yes` only if it touches the locked
|
|
338
|
-
contract surface.
|
|
339
|
-
- **`yad-checks`** — Step C, the production-safety gates. Wire and run the CI gates: **spec-link**
|
|
340
|
-
(every change links a real story/spec), **contract-check** (a contract-surface diff without a
|
|
341
|
-
re-locked contract FAILS), **build/test/lint**, **verified-commits** (signed + roster-known authors),
|
|
342
|
-
and the **pattern gates** — **commit-message** (Conventional subject + trailer order), **pr-title**,
|
|
343
|
-
and **pr-template** (the PR/MR body uses the template). Profile-aware (`code`|`hub`), so they run on
|
|
344
|
-
both code repos and the product hub. CI-agnostic bash for GitHub Actions and GitLab CI.
|
|
345
|
-
- **`yad-pr-template`** — Step D. Detect the repo's platform and commit the matching PR/MR template with
|
|
346
|
-
an Impact & Risk block; high risk (or a contract/auth/payments surface) routes the review to domain
|
|
347
|
-
owners. Includes `risk-route.sh` plus the `pr-title.sh` / `pr-template.sh` gate scripts.
|
|
348
|
-
- **`yad-commit`** — build helper. Commit ONE staged atomic change by the conventions (Conventional
|
|
349
|
-
subject, `Task → Contract-Change → Co-Authored-By` trailers, the `--ai` co-author footer, the ≤3-file
|
|
350
|
-
atomic guard). Drives `yad commit`.
|
|
351
|
-
- **`yad-open-pr`** — build helper. Open a code-repo task PR/MR from the committed template: push the
|
|
352
|
-
branch, prefill the body, auto-assign the repo-scoped roster. Drives `yad open-pr`.
|
|
353
|
-
- **`yad-ship`** — build helper. Commit **and** open the task PR/MR in one step (`yad commit` then
|
|
354
|
-
`yad open-pr`; the PR step runs only if the commit lands). Drives `yad ship`.
|
|
355
|
-
- **`yad-engineer-review`** — Step E. AI review (CodeRabbit, advisory) → engineer review (the human gate,
|
|
356
|
-
owner + 1 reviewer with the same escalation) → on merge, record the ship in the epic build-log and
|
|
357
|
-
update the story state so the epic → story → task → PR chain stays traceable.
|
|
358
|
-
- **`yad-backfill`** — Step G. Generate specs for already-built features in an existing repo so new work
|
|
359
|
-
doesn't break them: pack one feature at a time with Repomix, write a DRAFT spec, require human approval
|
|
360
|
-
before it counts. A change is blocked only until the features it touches have approved specs.
|
|
361
|
-
|
|
362
|
-
### Automation & status
|
|
363
|
-
|
|
364
|
-
- **`yad-run`** — The Phase 4 orchestrator. Drives a story's back-half loop (spec → tasks → implement →
|
|
365
|
-
checks) on each step's automation dial, recording every run in the trust log. A clean `checks` pass
|
|
366
|
-
auto-advances to engineer-review; any failure, scope overrun, or contract-surface touch HALTS for a
|
|
367
|
-
human. Also sets a step's dial (gated by trust evidence) and flips the system-wide kill switch.
|
|
368
|
-
- **`yad-status`** — Read-only view of an epic: the current step, each step's dials (assistance/
|
|
369
|
-
automation) and status, which approvals are still required, per-story back-half trust records, the
|
|
370
|
-
kill-switch state, and a fleet roll-up across epics.
|
|
371
|
-
|
|
372
|
-
## The two dials (per step, build plan §2)
|
|
373
|
-
|
|
374
|
-
- **assistance:** `none` | `review` | `heavy` — how much AI helps.
|
|
375
|
-
- **automation:** `human_approve` | `machine_advance` — who advances the step.
|
|
376
|
-
|
|
377
|
-
Defaults: every step starts `human_approve`. The four **front** authoring steps (epic, architecture,
|
|
378
|
-
UI, stories) and their reviews are **locked** — they may not be set to `machine_advance` in this
|
|
379
|
-
version. A front state advances only on a **human act** — recording an approval and `advance`, or
|
|
380
|
-
merging the approved, fully-resolved review PR — never on a machine.
|
|
381
|
-
|
|
382
|
-
As of **Phase 4a** the `automation` dial is no longer inert: the orchestrator `yad-run` reads it and,
|
|
383
|
-
for the safe **back** steps, advances on its own when a step is set to `machine_advance` (and has
|
|
384
|
-
*earned* it — see "Run the back half on the dial" below). The engineer review and all five front
|
|
385
|
-
states stay `human_approve` forever.
|
|
386
|
-
|
|
387
|
-
## Using the workflow end to end (all the steps, in order)
|
|
388
|
-
|
|
389
|
-
This is the full path from nothing to shipped code. Each numbered step names the skill to invoke; the
|
|
390
|
-
detailed sections below expand every phase. Invoke a skill by name in your agent/IDE (e.g. *“run
|
|
391
|
-
`yad-epic`”*); state lives in files you can also edit directly.
|
|
392
|
-
|
|
393
|
-
### 0 — One-time setup
|
|
394
|
-
|
|
395
|
-
> **Shortcut:** `npx yadflow setup` runs the guided wizard interactively — module install, hub
|
|
396
|
-
> detect + roster, connect a design/testing/learning tool (each optional), connect repos, wire each
|
|
397
|
-
> repo. Run `… check --fix` any time afterwards to reconcile. The manual steps below are the
|
|
398
|
-
> long-hand equivalent and still work.
|
|
399
|
-
|
|
400
|
-
1. **Install the module:** `bash skills/sdlc/install.sh` (re-run after any BMAD update).
|
|
401
|
-
2. **Have your code repo(s).** They are **separate git repos** (one `.git` each). For the demo they
|
|
402
|
-
live under `demo-repos/<repo>/` — regenerate from `demo-repos/README.md`.
|
|
403
|
-
3. **Optional tools** (the workflow degrades gracefully and records it if any are absent): **Spec Kit**
|
|
404
|
-
(`/speckit.*`), **Impeccable** (`/impeccable …`), **Repomix** (`npx repomix`, used by
|
|
405
|
-
`yad-connect-repos` and `yad-backfill`), **CodeRabbit** (advisory AI review), **DeepTutor**
|
|
406
|
-
(`deeptutor`, the learning layer's tutor — degrades to harness-native, used by `yad-connect-learning`
|
|
407
|
-
and `yad-learn`).
|
|
408
|
-
4. **Wire each code repo once:** `yad-checks repo:<repo> action: wire` (installs the CI gates —
|
|
409
|
-
*merges* with any existing CI, never clobbers), `yad-pr-template repo:<repo> action: wire` (PR/MR
|
|
410
|
-
template + risk routing), `yad-review-comments repo:<repo> action: wire` (review-comment scaffold).
|
|
411
|
-
5. **Connect each code repo to the hub** (so the front phases see what's already built):
|
|
412
|
-
`yad-connect-repos action: connect repo:<repo> path:<path-or-git_url> domain_owner:<who>`. It
|
|
413
|
-
registers the repo in `.sdlc/repos.json` and caches a Repomix pack + a lightweight **code-map**
|
|
414
|
-
(existing endpoints/events/data-models/modules, secret-scanned). Clones/fetches as the **local user**
|
|
415
|
-
(SSH or credential helper; GitHub or GitLab; no stored tokens). Re-run for any new repo. Freshness is a
|
|
416
|
-
**human decision**: `yad repo list` shows fresh/stale, `yad repo refresh [name]` re-packs a moved repo
|
|
417
|
-
(skills flag staleness and point here — they never silently re-pack). Greenfield → skip it.
|
|
418
|
-
6. **(Optional) Connect tools** so the matching steps do real work (each degrades gracefully and is
|
|
419
|
-
recorded if absent): `yad-connect-design action: connect` (Figma-first → `design.json`, lets
|
|
420
|
-
`yad-ui` materialize screens), `yad-connect-testing action: connect` (Playwright-first →
|
|
421
|
-
`testing.json`, lets `yad-test-cases` implement automation), `yad-connect-learning action: connect`
|
|
422
|
-
(DeepTutor-first → `learning.json`, powers the cross-cutting learning layer).
|
|
423
|
-
7. **(Optional) Put the hub on a platform** so the front-half review runs through real PRs:
|
|
424
|
-
`yad-connect-repos action: detect-hub`, then `yad roster add <login>` once per reviewer (login →
|
|
425
|
-
SDLC name + per-repo roles — the `add` walk asks for each connected repo's role; `yad roster grant`
|
|
426
|
-
sets one directly), and `yad-pr-template repo:hub action: wire` / `yad-review-comments repo:hub
|
|
427
|
-
action: wire` / `yad-checks repo:hub action: wire`. With no hub platform the front gate runs file-only.
|
|
428
|
-
8. **Conventions:** commits and PR/MR titles follow Conventional Commits (lowercase after the type), the
|
|
429
|
-
human author owns each commit with an optional per-commit `Co-Authored-By` AI trailer — see
|
|
430
|
-
[`CONTRIBUTING.md`](CONTRIBUTING.md).
|
|
431
|
-
|
|
432
|
-
### A — Front half (human-authored, once per epic)
|
|
433
|
-
Each author step writes its artifact, sets itself `done`, moves `currentStep` to its review, and
|
|
434
|
-
**stops at the gate**. Run every gate with **`yad-review-gate`** — or, when the hub is on a platform,
|
|
435
|
-
drive it deterministically with the **`yad gate`** CLI (`open → sync → … → merge`): the review rides
|
|
436
|
-
the per-step PR/MR and the step **auto-advances on merge** once approvals are satisfied and all comment
|
|
437
|
-
threads are resolved. Details: **“Run the full front half by hand”** below.
|
|
438
|
-
|
|
439
|
-
0. *(optional, once per project)* `yad-discovery` → the discovery set (`market-research.md`,
|
|
440
|
-
`competitor-analysis.md`, `current-state.md`, `feasibility.md`, `requirements.md`, `roadmap.md`)
|
|
441
|
-
under the reserved `EP-discovery` → review (base rule) → `currentStep: discovery-done`. The whole
|
|
442
|
-
set is required to review; its `roadmap.md` then frames each epic below (read once it is approved).
|
|
443
|
-
6. `yad-epic` → `epic.md` (assigns `EP-<slug>`, seeds state) → review (base rule).
|
|
444
|
-
7. `yad-architecture` → `architecture.md` + locked `contract.md` → review (**escalated**: contract).
|
|
445
|
-
8. `yad-ui` → `ui-design.md` + `DESIGN.md` → review (base rule).
|
|
446
|
-
9. `yad-stories` → repo-tagged `stories/EP-<slug>-S0N.md` → review (**per-repo**).
|
|
447
|
-
→ `state.json` reaches `currentStep: ready-for-build` — **the build half can start now.**
|
|
448
|
-
10. `yad-test-cases` → `test-cases.md` (+ automation tests when a testing tool is connected) → review (base rule).
|
|
449
|
-
**Parallel, non-blocking:** opens when the stories gate passes and runs alongside the build half; its
|
|
450
|
-
review never moves `currentStep` off `ready-for-build`.
|
|
451
|
-
|
|
452
|
-
### B — Build half (per story, per repo)
|
|
453
|
-
From a `ready-for-build` story, for **each** repo the story is tagged with. Details: **“Run the full
|
|
454
|
-
build half by hand”** below.
|
|
455
|
-
|
|
456
|
-
10. `yad-spec story:<id> repo:<repo>` → writes `specs/<story-id>/` (spec/plan/tasks + `link.md`).
|
|
457
|
-
11. `yad-implement story:<id> repo:<repo> task:<T0N>` → one atomic task = one branch = one commit
|
|
458
|
-
(repeat per task). Commit by convention with **`yad commit --type <t> -m <subject> [--ai <tool>]`**
|
|
459
|
-
(Task/Contract-Change/Co-Authored-By trailers, atomic-file guard).
|
|
460
|
-
12. `yad-checks repo:<repo> action: run` → spec-link, contract-check, build/test/lint, verified-commits
|
|
461
|
-
(platform-Verified signature + roster-allowlisted author), and commit-message must pass. (The
|
|
462
|
-
`pr-title` / `pr-template` gates need the PR title + body, so they run in CI once the PR exists —
|
|
463
|
-
step 13.)
|
|
464
|
-
13. Open the PR/MR from the wired template with **`yad open-pr --repo <repo> [--risk <level>]`** (or do
|
|
465
|
-
12+13 in one step with **`yad ship --type <t> -m <subject> --repo <repo>`**). The PR's CI now also
|
|
466
|
-
runs the `pr-title` and `pr-template` gates; `yad-pr-template repo:<repo> action: route` prints the
|
|
467
|
-
required reviewers from the Impact & Risk block.
|
|
468
|
-
14. `yad-engineer-review` → `ai-review` (advisory) → `approve` (the human engineer gate) → `ship` (merge,
|
|
469
|
-
record in `build-log.json`, update story status to `in-build`/`shipped`).
|
|
470
|
-
- **Multi-repo:** repeat 10–14 in each repo, all from the **one** locked contract.
|
|
471
|
-
- **Existing code:** `yad-backfill` first, to produce a human-verified spec for a built feature.
|
|
472
|
-
|
|
473
|
-
### C — Automation (optional, earned over time)
|
|
474
|
-
15. After a back step accumulates trust evidence, earn it:
|
|
475
|
-
`yad-run action: set-dial step:<step> to: machine_advance` (refused if evidence is short or for a
|
|
476
|
-
front state / the engineer review).
|
|
477
|
-
16. Drive a story's back half on the dials: `yad-run story:<id> repo:<repo>` — it auto-advances
|
|
478
|
-
earned steps and stops for a human otherwise, always halting at the engineer review.
|
|
479
|
-
17. **Kill switch any time:** `yad-run action: kill` (everything → manual) / `action: unkill`.
|
|
480
|
-
Details: **“Run the back half on the dial”** below.
|
|
481
|
-
|
|
482
|
-
### Any time
|
|
483
|
-
- **`yad-status [EP-<slug>]`** — read-only: the front chain, each build step's dial + status, the
|
|
484
|
-
trust record, and (across epics) the fleet roll-up. Start here to see what's blocking.
|
|
485
|
-
|
|
486
|
-
## Run the full front half by hand
|
|
487
|
-
|
|
488
|
-
Optionally preceded once per project by the **front-zero** — **`yad-discovery` → review →
|
|
489
|
-
`discovery-done`** — which frames the whole product (market, competitor, feasibility, requirements,
|
|
490
|
-
roadmap) under the reserved `EP-discovery`; its approved `roadmap.md` then feeds each epic. The front
|
|
491
|
-
half itself walks **epic → review → architecture+contract → review → UI design → review → stories
|
|
492
|
-
→ review → `ready-for-build`**, then **test cases → review** runs as a **parallel, non-blocking track**
|
|
493
|
-
alongside the build half. It is all files under `epics/EP-<slug>/`. The skills below guide you, but you
|
|
494
|
-
can also edit the files directly — that's the point.
|
|
495
|
-
|
|
496
|
-
Each authoring step is the same shape: an author skill produces an artifact, sets its step `done`,
|
|
497
|
-
moves `currentStep` to the matching review, and **stops at the gate**. Then **`yad-review-gate`**
|
|
498
|
-
(one gate, reused for all five reviews) takes `open → comment → approve → advance`. When the hub is on a
|
|
499
|
-
platform, the **`yad gate`** CLI runs that gate over a real PR/MR — `open` raises the review PR, `sync`
|
|
500
|
-
pulls approvals + comment threads into the ledger, and the step **auto-advances when the approved,
|
|
501
|
-
fully-resolved PR is merged** (the merge is the human approval act).
|
|
502
|
-
|
|
503
|
-
**Code-aware (when repos are connected).** If you ran `yad-connect-repos` in setup, each author step
|
|
504
|
-
first loads the connected repos' **code-maps** (from `.sdlc/code-context/<repo>/`) so it considers what
|
|
505
|
-
already exists: the epic references existing behaviour, **the architecture cross-checks the contract
|
|
506
|
-
surface against existing endpoints/events/entities before hash-locking it**, the UI reuses existing
|
|
507
|
-
components, and stories anchor to real modules. Each artifact stamps what it read in its `code-context:`
|
|
508
|
-
frontmatter; a repo that has moved since connect triggers a staleness warning — the step **flags it and
|
|
509
|
-
stops**, pointing you at `yad repo refresh <repo>` (refreshing is a human decision, never an automatic
|
|
510
|
-
side-effect). With no repos connected the steps proceed exactly as before (greenfield-safe).
|
|
511
|
-
|
|
512
|
-
### Author steps
|
|
513
|
-
1. **`yad-epic`** (state 1) → `epic.md`; assigns the stable `EP-<slug>` ID; seeds
|
|
514
|
-
`.sdlc/state.json` (all `human_approve`, front steps locked) + empty `.sdlc/approvals.json`.
|
|
515
|
-
2. **`yad-architecture`** (state 3) → `architecture.md` + the locked `contract.md`; writes the
|
|
516
|
-
contract-surface SHA-256 to `.sdlc/contract-lock.json`.
|
|
517
|
-
3. **`yad-ui`** (state 5) → `ui-design.md` + `DESIGN.md` (drives Impeccable
|
|
518
|
-
`document|extract|craft` slash-commands when installed; otherwise authors directly).
|
|
519
|
-
4. **`yad-stories`** (state 7) → one file per story `stories/EP-<slug>-S0N.md`, each tagged
|
|
520
|
-
with the `repos` it implements.
|
|
521
|
-
|
|
522
|
-
### The one gate (every review)
|
|
523
|
-
|
|
524
|
-
Every review is the same loop — author writes, reviewers comment (which never advances), approvals
|
|
525
|
-
accumulate, and the step moves forward only when the rule is met. **File-only** ends in an explicit
|
|
526
|
-
`advance`; **PR-driven** (hub on a platform) ends when the approved, fully-resolved review PR is
|
|
527
|
-
**merged**:
|
|
528
|
-
|
|
529
|
-
<!-- Source: docs/diagrams/review-loop.mmd — edit the .mmd and run `npm run diagrams` to regenerate -->
|
|
530
|
-

|
|
531
|
-
|
|
532
|
-
**File-only** — invoke **`yad-review-gate`** with `open` (present the artifact; reviewers comment in
|
|
533
|
-
`reviews/<artifact>--<date>--comments.md`), `approve` (name + role → `.sdlc/approvals.json`), and
|
|
534
|
-
`advance` (moves **only if** the rule is satisfied, else it names the missing approval).
|
|
535
|
-
|
|
536
|
-
**PR-driven** — when the hub is on a platform, the **`yad gate`** CLI runs the same gate over a PR/MR:
|
|
537
|
-
- `yad gate open <epic> <artifact>` — raise the review PR/MR; mark the step `in_review`.
|
|
538
|
-
- `yad gate sync <epic> [artifact]` — pull approvals + comment threads into the **same** ledger (your
|
|
539
|
-
own `gh`/`glab`, no stored tokens) and **auto-advance on merge** once the rule is met and every thread
|
|
540
|
-
is resolved. Approvals are **revoked when the reviewed artifact changes** (re-hash), so reviewers get
|
|
541
|
-
a fresh pass. Unresolved comments hold the step `in_review`.
|
|
542
|
-
- `yad gate comments <epic>` fetches the open threads to address; `yad gate status <epic>` shows
|
|
543
|
-
approvals (counting only the non-stale ones). The file ledger stays the source of truth; with no
|
|
544
|
-
platform / no CLI it degrades to file-only.
|
|
545
|
-
|
|
546
|
-
**The gate rule, by review:**
|
|
547
|
-
- **Base** (epic, UI): `owner + 1 reviewer`.
|
|
548
|
-
- **Escalated** (architecture+contract — `risk_tags: ["contract"]`): base **plus a domain owner for
|
|
549
|
-
every repo in `epic.repos`**. The contract-surface hash must still match `.sdlc/contract-lock.json`
|
|
550
|
-
(a changed surface invalidates approvals).
|
|
551
|
-
- **Per-repo** (stories): base **plus a domain owner (the repo's engineer) for every repo that appears
|
|
552
|
-
in any story's `repos`**.
|
|
553
|
-
|
|
554
|
-
### Check status anytime
|
|
555
|
-
Invoke **`yad-status`** (read-only) to see the full 10-step chain, every step's dials/status, the
|
|
556
|
-
contract lock, story repo tags, and which approvals the active gate still needs.
|
|
557
|
-
|
|
558
|
-
## Worked example (already in this repo)
|
|
559
|
-
|
|
560
|
-
`epics/EP-istifta-inquiries/` shows the **whole front half** walked end to end:
|
|
561
|
-
- `epic.md` authored + approved (epic gate, base rule) — 2026-06-04.
|
|
562
|
-
- `architecture.md` + `contract.md` authored; contract surface hash-locked in
|
|
563
|
-
`.sdlc/contract-lock.json`. Architecture gate **escalated** (contract): owner *alice* + reviewer
|
|
564
|
-
*bob* + domain owners *carol* (backend) and *dave* (mobile).
|
|
565
|
-
- `ui-design.md` + `DESIGN.md` authored (Impeccable not installed → graceful fallback). UI gate base
|
|
566
|
-
rule (alice + bob).
|
|
567
|
-
- Five repo-tagged stories `stories/EP-istifta-inquiries-S01..S05.md`. Stories gate **per-repo**: base
|
|
568
|
-
rule + a domain owner for each touched repo (carol/backend, dave/mobile).
|
|
569
|
-
- `state.json` now reads `currentStep: ready-for-build`, every front step `done` — the Phase 3
|
|
570
|
-
handoff point.
|
|
571
|
-
|
|
572
|
-
Inspect it:
|
|
573
42
|
```bash
|
|
574
|
-
|
|
575
|
-
cat epics/EP-istifta-inquiries/.sdlc/approvals.json
|
|
576
|
-
cat epics/EP-istifta-inquiries/.sdlc/contract-lock.json
|
|
577
|
-
ls epics/EP-istifta-inquiries/reviews/
|
|
578
|
-
ls epics/EP-istifta-inquiries/stories/
|
|
579
|
-
# re-verify the contract surface still matches its lock:
|
|
580
|
-
awk '/CONTRACT-SURFACE:BEGIN/{f=1;next} /CONTRACT-SURFACE:END/{f=0} f' \
|
|
581
|
-
epics/EP-istifta-inquiries/contract.md | shasum -a 256
|
|
43
|
+
npx yadflow setup # 1. guided wizard: install skills, connect repos, wire CI gates
|
|
582
44
|
```
|
|
583
45
|
|
|
584
|
-
|
|
46
|
+
Then, in your AI IDE, drive the lifecycle by invoking skills by name:
|
|
585
47
|
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
1. **Spec** — `yad-spec` runs the heavy Spec Kit ceremony **once per story per repo**
|
|
592
|
-
(`specify`→`clarify`→`plan`→`analyze`→`checklist`→`tasks`), writing `specs/<story-id>/` and a
|
|
593
|
-
`link.md` back to the story (drives `/speckit.*` when installed, else degrades). It **quotes** the
|
|
594
|
-
locked contract; it never widens it.
|
|
595
|
-
2. **Implement** — `yad-implement` (the `dev` step): one atomic task = one branch
|
|
596
|
-
(`feat/<story>-<task>-…`) = one PR. The diff stays inside the files the task declared. Commit with
|
|
597
|
-
**`yad commit`** — it builds the conventional subject, derives the `Task:` trailer from the branch
|
|
598
|
-
(add `--contract-change` only if the locked surface is touched), appends an optional `--ai` co-author,
|
|
599
|
-
and refuses a non-atomic stage. Open the PR with **`yad open-pr --repo <repo>`** (template prefilled),
|
|
600
|
-
or do both in one step with **`yad ship`** (commit then open-pr).
|
|
601
|
-
3. **Check gates** — `yad-checks` wires the CI gates (GitHub + GitLab) that must pass before merge:
|
|
602
|
-
**spec-link** (links a real story/spec), **contract-check** (a contract-surface change without
|
|
603
|
-
`Contract-Change` + a re-locked contract FAILS, routing back to the architecture gate),
|
|
604
|
-
**build/test/lint**, **verified-commits**, and the **pattern gates** **commit-message** / **pr-title**
|
|
605
|
-
/ **pr-template** (profile-aware `code`|`hub`, so they also run on the product hub). They fail closed
|
|
606
|
-
on a bad base ref.
|
|
607
|
-
4. **PR/MR template + risk routing** — `yad-pr-template` drops the platform-matched template with an
|
|
608
|
-
Impact & Risk block; `high` risk (or a contract/auth/payments surface) routes the review to domain
|
|
609
|
-
owners (`risk-route.sh`), the same escalation as the gate.
|
|
610
|
-
5. **AI review → engineer review → merge** — `yad-engineer-review`: CodeRabbit is an advisory first pass
|
|
611
|
-
(never the authority); a human engineer approves (owner + 1 reviewer, escalating to domain owners); on
|
|
612
|
-
merge the ship is recorded in `.sdlc/build-log.json` and the story state becomes `in-build` →
|
|
613
|
-
`shipped`. The epic → story → task → PR → mergeCommit chain is traceable both ways.
|
|
48
|
+
```text
|
|
49
|
+
run yad-epic # 2. author + gate the "thinking": epic → architecture → UI → stories
|
|
50
|
+
run yad-spec … # 3. build half: spec → implement → checks → ship (per story, per repo)
|
|
51
|
+
```
|
|
614
52
|
|
|
615
|
-
|
|
616
|
-
|
|
53
|
+
Every step stops at a gate until a human approves. New here? **Walk it lesson-by-lesson in the
|
|
54
|
+
[guided tutorial](https://abdelrahmannasr.github.io/yadflow/tutorial/)**, or read the
|
|
55
|
+
[team guide](TEAM-GUIDE.md).
|
|
617
56
|
|
|
618
|
-
|
|
619
|
-
by default), drafts an *unverified* spec ("describe what exists, do not invent"), a human approves it,
|
|
620
|
-
and `backfill-check.sh` blocks a change to that feature until its spec is approved — gated per touched
|
|
621
|
-
feature, never the whole repo.
|
|
57
|
+
## How it works (in five points)
|
|
622
58
|
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
59
|
+
- **Front half = decide.** Once per epic, in the product hub: epic, architecture + a locked contract,
|
|
60
|
+
UI, stories, test cases. Always human-gated — nothing auto-advances.
|
|
61
|
+
- **Build half = build.** Once per story per code repo: spec → implement → checks → ship.
|
|
62
|
+
- **Every step stops at a gate.** A human moves it forward (file-only, or by merging a review PR/MR).
|
|
63
|
+
- **Automation is opt-in and earned.** A safe back-half step can earn auto-advance after it proves
|
|
64
|
+
itself — and a one-command kill switch reverts everything to manual. The engineer review and all
|
|
65
|
+
front states are never automatable.
|
|
66
|
+
- **Everything is files.** State, approvals, the contract lock, the build log — all plain files under
|
|
67
|
+
`epics/EP-<slug>/`. No database. The audit trail *is* the repo.
|
|
626
68
|
|
|
627
|
-
##
|
|
69
|
+
## Who it's for
|
|
628
70
|
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
evidence lives in two new files per epic under `.sdlc/`: `build-state/<story-id>.json` (the back steps
|
|
633
|
-
with their dials, per repo) and `trust-log.json` (every run's verdict). See
|
|
634
|
-
`docs/phase-4-build-plan.md` and `docs/phase-4b-build-plan.md`.
|
|
71
|
+
Tech leads and engineering managers who want their team to move fast with AI **without** giving up
|
|
72
|
+
review, architectural control, or an audit trail — the governance layer around AI-assisted
|
|
73
|
+
development, not another code generator.
|
|
635
74
|
|
|
636
|
-
|
|
637
|
-
reading each step's dial. On `machine_advance` it advances on its own; on `human_approve` it stops
|
|
638
|
-
for a human; on any FAIL, scope overrun, or contract-surface touch it **halts and pulls in a human**.
|
|
639
|
-
It always stops at the engineer review (`yad-engineer-review`), which is never automated.
|
|
640
|
-
- **Read the trust log:** `yad-status {epic}` shows each back step's dial, status, and trust record —
|
|
641
|
-
runs, % `approved-unchanged`, and whether that clears the threshold (`automation.trust_threshold` in
|
|
642
|
-
`config.yaml`, default ≥5 runs and ≥80% unchanged). The engineer review records each run's verdict
|
|
643
|
-
(a diff merged as-authored is `approved-unchanged`; one edited first is `approved-with-edits`; a
|
|
644
|
-
failed one is `rejected`).
|
|
645
|
-
- **Earn automation for a step:** once a step's trust record clears the threshold,
|
|
646
|
-
`yad-run action: set-dial step: checks to: machine_advance` flips it. The setter **refuses** if the
|
|
647
|
-
evidence is short, or for any front state / the engineer review. Reverting
|
|
648
|
-
(`to: human_approve`) is always allowed — automation is reversible in one move.
|
|
649
|
-
- **Kill switch:** `yad-run action: kill` forces every step back to `human_approve` system-wide
|
|
650
|
-
instantly (no code change, no per-step edits); `yad-run action: unkill` restores earned automation.
|
|
75
|
+
## Documentation
|
|
651
76
|
|
|
652
|
-
**
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
77
|
+
- **[Guided tutorial](https://abdelrahmannasr.github.io/yadflow/tutorial/)** — learn by doing, setup → first shipped feature.
|
|
78
|
+
- **[Terminology & workflow report](https://abdelrahmannasr.github.io/yadflow/)** — every term, artifact, gate, and skill on one illustrated page.
|
|
79
|
+
- **[TEAM-GUIDE.md](TEAM-GUIDE.md)** — the short, plain-language version for a developer team.
|
|
80
|
+
- **[docs/CLI.md](docs/CLI.md)** — the full `yad` command reference, the PR-driven gate, and `yad doctor` codes.
|
|
81
|
+
- **[docs/SKILLS.md](docs/SKILLS.md)** — the catalogue of all 35 agent skills.
|
|
82
|
+
- **[docs/WALKTHROUGH.md](docs/WALKTHROUGH.md)** — the by-hand, end-to-end path through every phase.
|
|
83
|
+
- **[CONTRIBUTING.md](CONTRIBUTING.md)** · **[RESEARCH-NOTES.md](RESEARCH-NOTES.md)** · **[RELEASING.md](RELEASING.md)**
|
|
657
84
|
|
|
658
|
-
|
|
85
|
+
---
|
|
659
86
|
|
|
660
|
-
**
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
the dial, and **front states and the engineer review stay `human_approve`, permanently.**
|
|
87
|
+
**Platform support.** Linux and macOS are first-class (CI runs the test suite, bash gates, and the
|
|
88
|
+
end-to-end harness on both). On **Windows use [WSL](https://learn.microsoft.com/windows/wsl/)** — native
|
|
89
|
+
PowerShell is not yet supported. Requires **Node.js ≥ 18**.
|
|
664
90
|
|
|
665
|
-
**
|
|
666
|
-
|
|
667
|
-
the source of truth. It is **trigger-gated** — `docs/phase-5-build-plan.md` is the build plan: its
|
|
668
|
-
three parts (read-index, unattended runner, dashboard) each ship only when *their* bottleneck is
|
|
669
|
-
measured, with the hard rules they inherit and the instrumentation (already shipped in `yad-status`)
|
|
670
|
-
that makes the decision data-driven. See also `docs/claude-code-build-plan.md` §8.
|
|
91
|
+
**Releases** are automated via [semantic-release](https://semantic-release.gitbook.io/) on merge to
|
|
92
|
+
`main` (Conventional Commits → npm, with provenance). See [RELEASING.md](RELEASING.md).
|