yadflow 2.17.0 → 2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,670 +1,92 @@
1
- # Yadflow — the gated, team, multi-repo SDLC on top of BMAD
1
+ # Yadflow — keep AI-generated code from shipping ungoverned
2
2
 
3
3
  [![npm version](https://img.shields.io/npm/v/yadflow?logo=npm)](https://www.npmjs.com/package/yadflow)
4
4
  [![CI](https://github.com/abdelrahmannasr/yadflow/actions/workflows/ci.yml/badge.svg)](https://github.com/abdelrahmannasr/yadflow/actions/workflows/ci.yml)
5
- [![provenance](https://img.shields.io/badge/npm-provenance-blue?logo=npm)](https://docs.npmjs.com/generating-provenance-statements)
6
5
  [![node](https://img.shields.io/node/v/yadflow?logo=node.js)](https://github.com/abdelrahmannasr/yadflow/blob/main/package.json)
7
- [![security policy](https://img.shields.io/badge/security-policy-brightgreen)](https://github.com/abdelrahmannasr/yadflow/blob/main/SECURITY.md)
8
6
  [![report](https://img.shields.io/badge/docs-Yadflow%20report-2471a3)](https://abdelrahmannasr.github.io/yadflow/)
9
7
 
10
- > 📖 **Start here: the [Yadflow Terminology & Workflow Structure Report](https://abdelrahmannasr.github.io/yadflow/)**
11
- > the full picture of every term, artifact, gate and skill in one richly illustrated page.
8
+ **A gated software-development lifecycle where AI builds and a human approves every step.**
9
+ *AI builds. The hand decides.* (*yad* **يد**, Arabic for "hand".) On npm and GitHub as `yadflow`.
12
10
 
13
- **Yadflow** (*yahd-flow* — from **يد**, Arabic for "hand") is the AI-driven SDLC where a human hand
14
- moves every gate. *AI builds. The hand decides.* On npm and GitHub as `yadflow`.
11
+ ## The problem
15
12
 
16
- A custom BMAD module that turns BMAD from a solo tool into a **team, gated, file-driven SDLC
17
- engine**. Every step does its work, writes its output to a file, and **waits at a gate**. Who
18
- advances the gate (human now; machine later) is a per-step setting. All state lives in files
19
- nothing hidden, no database.
13
+ AI writes code faster than any team can review it. Left ungoverned, that speed turns into risk:
14
+ unreviewed AI-generated changes merge straight into the codebase, architectural decisions get made
15
+ by autocomplete, and the trail of *why* a change was made disappears. The faster the team ships with
16
+ AI, the harder it gets to keep control of quality, architecture, and accountability.
20
17
 
21
- This repo is the **first deliverable** (see `docs/claude-code-build-plan.md` §10): verified research,
22
- a scaffolded module that installs cleanly, and a working **team review gate** you run by hand.
18
+ ## What Yadflow is
23
19
 
24
- ## The workflow at a glance
20
+ Yadflow puts a **human gate on every step** of the lifecycle. Each step does its work, writes its
21
+ output to a plain file, and **waits** — it never advances until a human approves it (or, later, until
22
+ a step has *earned* the right to auto-advance). Reviews ride real PR/MRs; all state lives in files you
23
+ can read, diff, and edit — no database, nothing hidden. The result is a paper trail for every decision
24
+ and a hard wall between "AI proposed" and "we shipped it."
25
25
 
26
- The whole lifecycle, from an empty project to shipped code. Setup is one-time; the optional
27
- **front-zero** (`yad-discovery`) frames the whole project once — market, feasibility, and a phased
28
- roadmap; the **front half** is human-gated and runs once per epic in the product hub; the **build
29
- half** runs once per story per code repo; **automation** is opt-in and earned. `yad-status` reads it
30
- all; `yad-hub-bridge` mirrors front-half reviews to real PR/MRs.
26
+ It installs as a custom [BMAD](https://github.com/bmad-code-org/BMAD-METHOD) module and works across
27
+ one product hub + many code repos, solo or team.
28
+
29
+ ## How the workflow looks
31
30
 
32
31
  <!-- Source: docs/diagrams/sdlc-overview.mmd — edit the .mmd and run `npm run diagrams` to regenerate -->
33
32
  ![Yadflow SDLC overview — setup, human-gated front half, per-story build half, earned automation](https://raw.githubusercontent.com/abdelrahmannasr/yadflow/main/docs/diagrams/sdlc-overview.svg)
34
33
 
35
- **Legend.** <span>🟨</span> **artifact** = an author step writes a file and stops; <span>🟧</span>
36
- **gate** = a human review that must pass (`open comment approve → advance`); <span>🟦</span>
37
- **earns automation** = a back step that can be set to `machine_advance` once it proves itself;
38
- <span>⬜ dashed</span> **locked** = the engineer review and every front state, **permanently
39
- human**. Detailed walkthroughs for each phase follow below.
40
-
41
- ## What's here
42
-
43
- | Path | What it is |
44
- |------|-----------|
45
- | `RESEARCH-NOTES.md` | Verified Phase 0 facts about BMAD, Spec Kit, Repomix, Impeccable + deviations. |
46
- | `skills/sdlc/` | Module source of truth (`config.yaml`, `module-help.csv`, `install.sh`). Survives BMAD updates. |
47
- | `bin/`, `cli/` | The `yad` setup/update CLI (published to npm as `yadflow`). |
48
- | `skills/yad-discovery/` | Optional front-zero (once per project, greenfield + brownfield): market research, competitor study, feasibility, current-state, requirements (functional + non-functional) and a phased roadmap (MVP+) under the reserved `EP-discovery`. `roadmap.md` is the menu of features each epic reads. |
49
- | `skills/yad-analysis/` | Optional front state 1: pressure-test the idea with the analyst into `analysis.md` (skippable). |
50
- | `skills/yad-epic/` | Front state 1: author an epic with AI assist, assign its `EP-<slug>` ID, seed state. |
51
- | `skills/yad-architecture/` | Front state 3: author `architecture.md` + the locked `contract.md`; hash-lock the contract surface. |
52
- | `skills/yad-ui/` | Front state 5: author `ui-design.md` + `DESIGN.md` (Impeccable slash-commands, or graceful fallback). |
53
- | `skills/yad-stories/` | Front state 7: break the epic into repo-tagged stories with stable `EP-<slug>-S0N` IDs. |
54
- | `skills/yad-test-cases/` | Front state 9: with the test architect author `test-cases.md`; implement the automation in the connected testing tool, or produce artifacts only. |
55
- | `skills/yad-connect-repos/` | Connect code repos to the hub (GitHub/GitLab, local-user auth); cache a Repomix pack + **code-map** per repo so the front phases are code-aware. |
56
- | `skills/yad-connect-learning/` | Connect a learning tool (DeepTutor-first, pluggable) — a CLI subprocess like Repomix; record `.sdlc/learning.json` + an optional grounded knowledge base. |
57
- | `skills/yad-learn/` | The cross-cutting **learning layer**: tutor any member, at any stage, in the context of what's being built; records a personal, local-only skills log (gitignored, never committed/pushed). Opt-in, never gates. |
58
- | `skills/yad-review-gate/` | The reusable **team review + approve gate** (used for all five reviews). |
59
- | `skills/yad-spec/` | Build Step A: run the Spec Kit ceremony once per story per repo → `specs/<story-id>/`. |
60
- | `skills/yad-implement/` | Build Step B: implement ONE atomic task as a small diff on its own branch. |
61
- | `skills/yad-checks/` | Build Step C: wire + run the CI gates (spec-link, contract-check, build/test/lint, verified-commits). |
62
- | `skills/yad-pr-template/` | Build Step D: install the platform PR/MR template + risk routing (code repos **and** the hub). |
63
- | `skills/yad-review-comments/` | Install platform-matched PR/MR review-comment scaffolds (code repos and the hub). |
64
- | `skills/yad-hub-bridge/` | The templated PR/MR **review bridge**: open a review PR/MR on the hub and sync platform approvals/comments into the file ledger. |
65
- | `skills/yad-commit/` | Build helper: commit ONE staged atomic change by the conventions (Conventional subject, trailers, `--ai` footer, ≤3-file guard). |
66
- | `skills/yad-open-pr/` | Build helper: open a code-repo task PR/MR from the committed template (push, prefill, roster auto-assign). |
67
- | `skills/yad-ship/` | Build helper: commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`). |
68
- | `skills/yad-engineer-review/` | Build Step E: AI review (advisory) → engineer review → merge + record in the build log. |
69
- | `skills/yad-backfill/` | Generate a human-verified spec for already-built code (Repomix), gated per touched feature. |
70
- | `skills/yad-run/` | Phase 4 orchestrator: drive a story's back half on the `automation` dial; kill switch. |
71
- | `skills/yad-status/` | Read-only view: front chain, build-half dials, trust record, fleet roll-up. |
72
- | `epics/EP-istifta-inquiries/` | A worked demo epic run **end to end** (front half + build half + automation). |
73
- | `demo-repos/` | Throwaway code repos for the build half (separate git repos; regenerable — see `demo-repos/README.md`). |
74
- | `docs/` | The phased build plans (`phase-2`…`phase-5`) and the original workflow design. |
75
- | [`CONTRIBUTING.md`](CONTRIBUTING.md) | Commit & PR/MR title convention (Conventional Commits, lowercase after the type). |
76
-
77
- ## The `yad` CLI (install, update, reconcile)
78
-
79
- The module ships a zero-dependency CLI, published to npm as
80
- [`yadflow`](https://www.npmjs.com/package/yadflow). Run it
81
- with `npx` from your **product hub** repo — no clone needed.
82
-
83
- > **Platform support.** Linux and macOS are first-class — the test suite, the bash check gates, and
84
- > the end-to-end harness all run on both in CI. The CLI shells out to `git` (and the bash gate
85
- > scripts), so on **Windows use [WSL](https://learn.microsoft.com/windows/wsl/)**; native PowerShell
86
- > is not yet supported. Requires **Node.js ≥ 18**.
87
-
88
- | Command | What it does |
89
- |---------|--------------|
90
- | `npx yadflow setup` | Guided first-run wizard — a short **profile interview** (solo/team, greenfield/brownfield, monorepo/separate) then the branched steps below. Pre-answer for CI/scripts with `--solo`/`--team <n>`, `--greenfield`/`--brownfield`, `--monorepo`/`--separate`, `--tools`. |
91
- | `yad next [<epic>]` | **Where am I / what next.** With no epic: project-wide orientation — the one next action (run setup, start an epic, or the single active epic's step). With an epic: that epic's exact next action (a skill to invoke or a `yad` command to run). `yad next <epic> --check <step>` exits non-zero when a step is run out of order (the precondition guard); `yad next --all` lists every epic's next action. |
92
- | `npx yadflow check` | Read-only report: what is **missing** / **outdated** (drifted) / **stale** (code-context) / **legacy** (pre-2.0 `sdlc-*` names) vs the bundled manifest. |
93
- | `npx yadflow check --fix` | Reconcile: fill what is missing **and** update what changed — touches nothing already correct. |
94
- | `npx yadflow update` | Apply drift only (alias for `check --fix --scope=changed`). Also migrates a pre-2.0 install in place: `sdlc-*` skill copies and marker-owned `sdlc-*.yml` CI files are replaced by their `yad-*` names (a same-named file *you* authored is never touched). |
95
- | `npx yadflow doctor [--json]` | Environment + state health: tools on PATH and platform auth, config files parse and point at real repos, every epic ledger loads. Exit 1 on any failure; `--json` for CI and bug reports. |
96
- | `yad roster list` / `yad roster add <login>` | Manage the reviewer roster + per-repo roles **any time** (not just at setup). `add` upserts a member then walks each connected repo asking for their role; `grant`/`revoke <name> <repo> <role>` and `remove <login>` round it out. A `domain-owner` grant keeps `repos.json` `domain_owners` in sync. |
97
- | `yad gate open <epic> <artifact>` | Open the front-half **review PR/MR** for an artifact and mark the step `in_review`. |
98
- | `yad gate sync <epic> [artifact]` | Pull the PR/MR's reviews + comment threads into the file ledger; **auto-advance** the step when approvals are satisfied, all threads are resolved, and the PR is merged. |
99
- | `yad gate comments <epic> [artifact]` | Fetch the unresolved review comments to address (then reply on the PR; reviewers resolve their threads). |
100
- | `yad gate status <epic>` | Show each review step and its recorded approvals. |
101
- | `yad gate ci [--branch <head>] [--pr <n>]` | The CI entry the hub workflow calls on review/merge events: derive the epic/artifact from the `review/EP-*` branch, run the same sync, and commit **only the ledger** to the hub default branch (sweep every open review PR when no `--branch`). |
102
- | `yad commit --type <t> -m <subject>` | Commit by the SDLC convention — Conventional subject, `Task`/`Contract-Change`/`Co-Authored-By` trailers, atomic-file guard. |
103
- | `yad open-pr [--repo <name>]` | Open a **task** PR/MR from the platform template (build half). **Stage-aware on the hub:** a `review/EP-*` branch opens the front-half artifact-review PR (delegates to `yad gate open`); any other hub branch uses the code-task template (so hub tooling PRs pass the `pr-template` gate). |
104
- | `yad ship --type <t> -m <subject>` | Commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`) — stage-aware, same as `open-pr`. |
105
- | `yad repo list` / `yad repo refresh [name]` | List connected repos as **fresh / stale**, and re-pack a stale one — staleness is now an explicit human decision, never an automatic skill side-effect. |
106
- | `yad repo sync [name]` | Switch every connected repo to its **default branch** and fast-forward it from origin (one or all). Dirty repos are skipped, never overwritten; fast-forward only. |
107
- | `npx yadflow --version` | Print the installed CLI version. |
108
-
109
- Flags: `--dir <path>` targets a project other than the cwd; `--force` re-copies unchanged files (or
110
- bypasses the commit atomic guard). Commit flags: `--type`, `-m/--message`, `--task`, `--ai
111
- <claude\|copilot\|cursor\|coderabbit\|none>`, `--contract-change`, `--dry-run`. `open-pr` flags:
112
- `--repo`, `--risk <low\|medium\|high>`, `--contract-change`. `ship` takes the union of the `commit`
113
- and `open-pr` flags (it runs `open-pr` only if the commit lands).
114
-
115
- ### The PR-driven review gate
116
-
117
- The front-half gate now rides the **PR/MR you open per step** (`yad gate open`). Reviewers approve and
118
- comment on the platform; `yad gate sync` maps that state into the file ledger (`approvals.json`,
119
- `comments.json`, `reviews/*.md`) — which stays the source of truth — and the step **auto-advances on
120
- merge** once three things hold: the reviewer rule is satisfied (owner + 1 reviewer, plus a domain-owner
121
- per touched repo on escalated steps), every comment thread is resolved, and the review PR/MR is merged.
122
- The merge click is the human approval act, so front steps still never `machine_advance`. Approvals are
123
- **revoked when the reviewed artifact actually changes** (re-hash), giving reviewers a fresh pass. With no
124
- hub platform / no `gh`/`glab`, the gate degrades to file-only with no error.
125
-
126
- **Solo mode.** A lone developer can't approve their own PR on GitHub, so an approval requirement would
127
- deadlock them. Opt in (`yad setup --solo`, recorded as `solo: true` in `.sdlc/hub.json`) and the gate
128
- **waives the approval requirement only** — the review PR/MR and its merge stay, so CI still runs on the
129
- PR and the **merge** advances the step. Net: the gate passes on *merged + all threads resolved*. It's a
130
- documented, reversible relaxation; `yad doctor` warns if branch protection still "requires approvals"
131
- (which would block the solo dev's own merge).
132
-
133
- **Event-driven sync.** Wire the hub once (`yad check --fix` installs `.github/workflows/yad-gate-sync.yml`,
134
- or the GitLab fragment + schedule) and every **approval, change request, and merge** on a review PR/MR
135
- triggers `yad gate ci` in the hub's own CI: the ledger updates land directly on the hub's default branch
136
- — no manual `yad gate sync` needed (it stays valid as the fallback). CI never approves and never merges;
137
- the human keeps the merge click. GitLab caveat: approvals are only picked up by the ~15-min scheduled
138
- sweep (GitLab fires no pipeline on approval) — details in `skills/yad-hub-bridge/references/bridge.md`.
139
- Concurrency caveat: on GitHub the workflow's `concurrency` group serializes runs repo-wide and every
140
- sync re-reads the full platform state, so racing reviewer events lose nothing. Outside that group —
141
- a manual `yad gate sync` racing CI, or GitLab pipelines — two simultaneous syncs serialize their
142
- *commits* via the rebase retry but each works from the state it read at start, so the rarer of two
143
- simultaneous advancements can be lost; the next event or scheduled sweep re-syncs and converges.
144
-
145
- ### What `setup` walks you through (a guided, branching interview)
146
-
147
- Setup opens with a short **profile interview** — *solo or team (how many)? greenfield or brownfield?
148
- monorepo or separate repos?* — and the answers (recorded in `.sdlc/hub.json` as `solo` + `profile`)
149
- branch the rest so you only answer what your situation needs. Each step prints inline guidance (what it
150
- does / why / what to enter / what skipping means), and the step count adapts.
151
-
152
- 0. **Profile** — the three questions above, plus "configure optional tools now?". Pre-answer for
153
- CI/scripts with `--solo`/`--team <n>`, `--greenfield`/`--brownfield`, `--monorepo`/`--separate`, `--tools`.
154
- 1. **Preflight** — confirm the hub is a git repo (offers `git init`); check `git`/`node`/`npx`.
155
- 2. **Install the module** — copy all 31 `yad-*` skills into the IDE skill dirs you pick
156
- (`.claude/`, `.agents/`, `.zencoder/`, `.opencode/`) and register `_bmad/sdlc/`.
157
- 3. **Hub platform & roster** — detect GitHub/GitLab from the remote; record reviewers → `.sdlc/hub.json`.
158
- **Solo skips the roster** (you review by merging your own PR). Edit the roster any time with `yad roster`.
159
- 4. **Optional tools** — design (Figma/pencil), testing (Playwright/cypress/pytest), learning (DeepTutor).
160
- Configure now, or **defer with one prompt** → all recorded as `none` (connect later with the
161
- `yad-connect-*` skills; the MCPs/CLIs are confirmed there).
162
- 5. **Connect code repos** — register repos into `.sdlc/repos.json`. **Monorepo** connects one repo and
163
- skips domain-owner prompts; **greenfield** skips the Repomix pack (run `yad repo refresh` once it has code).
164
- 6. **Wire each repo** — CI gates, PR/MR template, and review-comment scaffold.
165
- 7. **AI review** — optionally write `.coderabbit.yaml`.
166
- 8. **Done** — stamp `.sdlc/cli-version.json` and print a **profile-tailored next step** (brownfield →
167
- `yad-backfill` first; everyone → `yad next` and your first epic via `yad-epic`).
168
-
169
- The deterministic file work runs automatically; the AI-only steps are handed to the Claude Code skills
170
- with a printed next-action. Re-run `… check --fix` any time the workflow updates — it never re-asks for
171
- input you already gave; re-running `setup` carries your profile forward.
172
-
173
- **Releases:** automated via semantic-release on merge to `main` (Conventional Commits → npm, with
174
- provenance). See [`RELEASING.md`](RELEASING.md).
175
-
176
- **Maintainers / no-CLI fallback:** the underlying copy is still a single script —
177
- `bash skills/sdlc/install.sh` — which the CLI's install step is a port of. The **source** stays in
178
- `skills/`, which a `bmad-method` update does not touch, so after any BMAD update just re-run the CLI
179
- (`… check --fix`) or the script.
180
-
181
- > **Releases are automated.** A `feat:`/`fix:` commit merged to `main` triggers
182
- > [semantic-release](https://semantic-release.gitbook.io/): it computes the version from the
183
- > [Conventional Commits](CONTRIBUTING.md), publishes to npm with build provenance (tokenless OIDC),
184
- > ships the `CHANGELOG.md` in the tarball, and cuts a GitHub release. No manual `npm publish`. See
185
- > [`RELEASING.md`](RELEASING.md).
186
-
187
- ### Troubleshooting (`yad doctor` + error codes)
188
-
189
- When something is off, run `yad doctor` first — it checks the environment (git, gh/glab auth, node
190
- version), the project state (`.sdlc/*.json` parse and point at real repos), and every epic ledger,
191
- with a fix-it hint per finding. Failures carry stable, greppable codes, also printed by any failing
192
- `yad` command:
193
-
194
- | Code | Meaning | Fix |
195
- |------|---------|-----|
196
- | `YAD-ENV-001` | git is not installed or not on PATH | install git — every yad command needs it |
197
- | `YAD-ENV-002` | platform CLI (gh/glab) missing or not authenticated | install it and authenticate — `gh auth login` (GitHub) or `glab auth login` (GitLab); the gate degrades to file-only without it |
198
- | `YAD-ENV-003` | Node.js older than the supported range | install Node >= 18 |
199
- | `YAD-STATE-001` | a ledger/config JSON file exists but does not parse | fix the file or restore from git — never delete a ledger blindly |
200
- | `YAD-STATE-002` | a ledger/config file parses but has the wrong shape | fix the file or restore from git (the message names the field) |
201
- | `YAD-STATE-003` | a registered repo path is missing or not a git repo | fix the path in `.sdlc/repos.json` or re-connect the repo |
202
- | `YAD-CFG-001` | `hub.json` names an unknown platform | expected `github`, `gitlab`, or `null` — fix it or re-run `yad setup` |
203
- | `YAD-CFG-002` | `design.json` names an unknown design tool | expected one of `config.yaml` `design.tools` (e.g. `figma`, `pencil`), or `none` — fix it or re-run `yad setup` |
204
- | `YAD-CFG-003` | `testing.json` names an unknown testing tool | expected one of `config.yaml` `testing.tools` (e.g. `playwright`, `cypress`, `pytest`), or `none` — fix it or re-run `yad setup` |
205
- | `YAD-CFG-004` | `learning.json` names an unknown learning tool | expected one of `config.yaml` `learning.tools` (e.g. `deeptutor`), or `none` — fix it or re-run `yad setup` |
206
-
207
- Filing a bug? Attach `yad doctor --json` — it contains no secrets (names, paths, and check results only).
208
-
209
- ## Agent skills (all 31)
210
-
211
- The CLI **installs and wires** the module; the skills below are the **agents you invoke by name** in your
212
- AI IDE (e.g. *“run `yad-epic`”*) to actually do the work. State lives in files you can also edit
213
- directly. Each skill stops at a gate and never auto-advances unless a step has *earned* automation.
214
-
215
- ### Setup & code-awareness
216
-
217
- - **`yad-connect-repos`** — Connects code repos to the product hub so the front/"brain" phases are
218
- code-aware. Registers N code repos (GitHub or GitLab, local-user auth, no stored tokens) into
219
- `.sdlc/repos.json`, then caches an AI-readable picture of each — a compressed Repomix pack and a
220
- lightweight code-map (existing endpoints/events/data-models/modules), secret-scanned. Idempotent and
221
- refreshable; staleness tracked by HEAD sha.
222
- - **`yad-sync-repos`** — Brings every connected repo up to date in one shot: switches each repo in
223
- `.sdlc/repos.json` to its `default_branch` and fast-forwards it from origin (local-user git, no stored
224
- tokens). A working-tree-only maintenance op — never a gate, never writes the registry. A dirty repo is
225
- skipped and reported (never overwritten); a diverged branch is left for manual resolution. Drives
226
- `yad repo sync [name]`.
227
- - **`yad-connect-design`** — Connects a design tool (Figma-first, pluggable) so the UI step can
228
- materialize the actual feature design (mobile screens / web pages) inside it, alongside the Markdown.
229
- Records the tool + project/file references in `.sdlc/design.json` (local-user / MCP-session auth, no
230
- stored tokens), detecting the design-tool MCP and degrading to markdown-only when absent. Idempotent
231
- and refreshable; one connection per project.
232
- - **`yad-connect-testing`** — Connects a testing tool (Playwright-first, pluggable) so the test-cases
233
- step can implement the actual automation tests inside it, alongside the Markdown. Records the tool +
234
- project/suite references in `.sdlc/testing.json` (local-user / MCP-session auth, no stored tokens),
235
- detecting the testing-tool MCP and degrading to artifacts-only when absent. Idempotent and
236
- refreshable; one connection per project.
237
- - **`yad-connect-learning`** — Connects a learning/tutoring tool (DeepTutor-first, pluggable) so the
238
- cross-cutting learning layer can tutor any team member in the context of what's being built. Records
239
- the tool + an optional grounded knowledge base in `.sdlc/learning.json` (local-user auth, no stored
240
- tokens), detecting the **DeepTutor CLI on PATH** (a subprocess like Repomix — DeepTutor ships no MCP)
241
- and degrading to **harness-native** tutoring when absent. Idempotent and refreshable; one connection
242
- per project.
243
- - **`yad-connect-docs`** — Connects a docs/Pages target (GitHub Pages / GitLab Pages, auto-detected from
244
- `hub.json`) so the generated documentation sites can deploy. Records the target + scope + base path in
245
- `.sdlc/docs.json` (local-user auth, no stored tokens), degrading to **build-only** when no Pages host /
246
- CLI is present. Idempotent and refreshable; one connection per project.
247
-
248
- ### Living documentation (generated, themed, auto-kept-fresh)
249
-
250
- - **`yad-docs`** — Generates an **interactive documentation site** for an epic (a React + Vite + Tailwind
251
- SPA: an animated front-stage flow canvas + role-based stakeholder doc pages) from the authored
252
- artifacts — `epic.md`, `architecture.md`, the locked `contract.md`, `ui-design.md`, the stories — into
253
- `epics/EP-<slug>/docs-site/`, themed by the **connected design system** (`DESIGN.md` / `design.json`
254
- tokens → the site's CSS). The content lives in generated `src/data/*.ts`; the shell is a vendored
255
- template. An **output enrichment, never a gate** — it never touches epic state, approvals, or the
256
- contract lock. `generate` / `refresh` / `deploy`.
257
- - **`yad-docs-overview`** — Generates the project **SDLC-overview site** (`docs/sdlc-site/`) — every
258
- stage from setup → ship as flow paths / system components / stakeholder roles, reusing the same shell —
259
- superseding the hand-maintained `docs/index.html` (folded into the site as `public/report.html`, linked
260
- from the nav).
261
- - **`yad-docs-sync`** — Keeps the sites fresh: detects staleness (a content hash of the authored
262
- artifacts + the connected repos' HEAD shas vs each site's build manifest), regenerates + redeploys, and
263
- can wire a CI job that rebuilds on push. Generalizes the rule that feature work must hand-update the
264
- docs — the overview now regenerates whenever the skill set / pipeline changes.
265
-
266
- ### The learning layer (cross-cutting — any member, any stage)
267
-
268
- - **`yad-learn`** — At **any** SDLC stage, a team member can ask to learn a concept and be tutored *in
269
- the context of what the team is building* — e.g. *"teach me why the architecture hash-locks the
270
- contract surface"*. Routes the request to the connected learning tool (`.sdlc/learning.json`,
271
- DeepTutor-first) grounded in the project knowledge base, or degrades to **harness-native** tutoring
272
- (the harness model reading the artifacts) when nothing is connected — so it always works. Renders a
273
- tutorial artifact and appends to a per-member **learning ledger** kept **local-only** (gitignored,
274
- never committed or pushed — to the hub or any code repo) so it stays a private, personal **skills log**
275
- (`yad-status` rolls up the local records). **Purely opt-in — it never blocks a gate** and
276
- never touches epic state, approvals, or the contract lock. *AI builds, the hand decides* — and now the
277
- hand can also learn, on demand, what it is deciding about.
278
-
279
- ### Front-zero — frame the whole project (once per project, optional, human-gated)
280
-
281
- - **`yad-discovery`** — *Optional* front-zero, for **greenfield and brownfield**. With the analyst
282
- and pm, run market research, a **competitor study** (both modes), a feasibility study, and — in
283
- brownfield — a code-aware current-state study, then distil a **functional + non-functional
284
- requirements** list and a **phased roadmap** (an explicit **MVP** phase, then later phases) under the
285
- reserved `EP-discovery` ("epic zero"). It is gated by the same review gate (base rule: owner + 1
286
- reviewer); on approval it terminates at `discovery-done` (no build half). Its `roadmap.md` is the menu
287
- of features — each `yad-epic` reads it for project context (reference-only; discovery never
288
- auto-seeds epics).
289
-
290
- ### Front half — author the "thinking" (once per epic, human-gated)
291
-
292
- - **`yad-analysis`** — *Optional* front state 1. With the analyst, pressure-test a feature idea
293
- and write the discovery brief into `analysis.md`. Assigns the `EP-<slug>` ID and seeds `.sdlc/` state
294
- (the 12-step chain that puts analysis before epic). If skipped, the epic step does this shaping inline.
295
- - **`yad-epic`** — The epic front state. Shape the idea with the analyst (or read `analysis.md`
296
- when it already ran), then write the epic with the pm into `epic.md`. The entry point when analysis is
297
- skipped: assigns the `EP-<slug>` ID and seeds `.sdlc/` state.
298
- - **`yad-architecture`** — Front state 3. With the architect, author `architecture.md` and the
299
- locked `contract.md` (the shared cross-repo surface), then hash-lock the contract surface into
300
- `.sdlc/contract-lock.json`. Reads `epic.md`; escalates on the contract risk tag.
301
- - **`yad-ui`** — Front state 5. With the ux-designer, author `ui-design.md` and `DESIGN.md`,
302
- driving Impeccable as harness slash-commands (document/extract/craft) when installed, or authoring
303
- directly when not. When a design tool is connected (`yad-connect-design`), also **materializes the
304
- feature design** — mobile screens / web pages — in the tool (generate or link), recording the
305
- screen→frame map in `design-links.json`; degrades to markdown-only otherwise. Reads epic + architecture.
306
- - **`yad-stories`** — Front state 7. With the pm, break the approved epic into user stories, each
307
- tagged with the repos that must implement it. Assigns zero-padded `EP-<slug>-S0N` IDs, one file per
308
- story under `stories/`. Reads epic + architecture + contract + UI.
309
- - **`yad-test-cases`** — Front state 9, a **parallel, non-blocking** track: it opens when the stories
310
- gate passes (the epic is already `ready-for-build`, so the build half runs alongside it). With the
311
- test architect (Murat), author `test-cases.md` covering the approved stories (risk-based P0–P3 cases +
312
- story→case traceability). When a testing tool is connected (`yad-connect-testing`), also **implements
313
- the automation tests** in the connected code repo(s) (generate or link), recording the case→test map in
314
- `test-links.json`; degrades to artifacts-only otherwise. Reads epic + architecture + contract + UI +
315
- stories.
34
+ **Legend:** 🟨 **artifact** (a step writes a file and stops) · 🟧 **gate** (a human review that must
35
+ pass) · 🟦 **earns automation** (a back step that can later auto-advance once it proves itself) ·
36
+ **locked** (the engineer review and every front state permanently human).
316
37
 
317
- ### The review gate (cross-cutting — used by every review)
38
+ ## Quickstart
318
39
 
319
- - **`yad-review-gate`** The reusable team review + approve gate. Shares an authored artifact, records
320
- reviewer comments and approvals as files, enforces the **owner + 1 reviewer** rule (escalating to
321
- domain owners on contract/auth/payments), and advances the epic state **only** when approval is
322
- recorded.
323
- - **`yad-hub-bridge`** — The templated PR/MR bridge for the front-half gate. When the hub has a platform
324
- (`.sdlc/hub.json`), it opens a review PR/MR per artifact, sets the required reviewers/labels, and
325
- provides the read-only `gh`/`glab` recipes that sync platform comments + approvals back into the file
326
- ledger. The file ledger stays the source of truth; degrades to a file-only gate with no platform.
327
- - **`yad-review-comments`** — Installs platform-matched PR/MR review-comment scaffolds so reviewers
328
- leave structured, attributable feedback that maps cleanly into the file ledger.
40
+ From your **product hub** repo (an empty git repo is fine):
329
41
 
330
- ### Build half — turn stories into shipped code (once per story, per repo)
331
-
332
- - **`yad-spec`** — Step A. For one ready-for-build story and one of its repos, run the Spec Kit ceremony
333
- once (specify → clarify → plan → analyze → checklist → tasks) → `specs/<story-id>/`. Drives `/speckit.*`
334
- when installed; references the locked contract — never re-invents the surface.
335
- - **`yad-implement`** — Step B. With the dev lens, implement **one** atomic task as a small diff
336
- (≤3 files) on its own branch. The diff stays inside the files the task declared (flag and STOP if it
337
- would grow). Commit ends with the task ID; `Contract-Change: yes` only if it touches the locked
338
- contract surface.
339
- - **`yad-checks`** — Step C, the production-safety gates. Wire and run the CI gates: **spec-link**
340
- (every change links a real story/spec), **contract-check** (a contract-surface diff without a
341
- re-locked contract FAILS), **build/test/lint**, **verified-commits** (signed + roster-known authors),
342
- and the **pattern gates** — **commit-message** (Conventional subject + trailer order), **pr-title**,
343
- and **pr-template** (the PR/MR body uses the template). Profile-aware (`code`|`hub`), so they run on
344
- both code repos and the product hub. CI-agnostic bash for GitHub Actions and GitLab CI.
345
- - **`yad-pr-template`** — Step D. Detect the repo's platform and commit the matching PR/MR template with
346
- an Impact & Risk block; high risk (or a contract/auth/payments surface) routes the review to domain
347
- owners. Includes `risk-route.sh` plus the `pr-title.sh` / `pr-template.sh` gate scripts.
348
- - **`yad-commit`** — build helper. Commit ONE staged atomic change by the conventions (Conventional
349
- subject, `Task → Contract-Change → Co-Authored-By` trailers, the `--ai` co-author footer, the ≤3-file
350
- atomic guard). Drives `yad commit`.
351
- - **`yad-open-pr`** — build helper. Open a code-repo task PR/MR from the committed template: push the
352
- branch, prefill the body, auto-assign the repo-scoped roster. Drives `yad open-pr`.
353
- - **`yad-ship`** — build helper. Commit **and** open the task PR/MR in one step (`yad commit` then
354
- `yad open-pr`; the PR step runs only if the commit lands). Drives `yad ship`.
355
- - **`yad-engineer-review`** — Step E. AI review (CodeRabbit, advisory) → engineer review (the human gate,
356
- owner + 1 reviewer with the same escalation) → on merge, record the ship in the epic build-log and
357
- update the story state so the epic → story → task → PR chain stays traceable.
358
- - **`yad-backfill`** — Step G. Generate specs for already-built features in an existing repo so new work
359
- doesn't break them: pack one feature at a time with Repomix, write a DRAFT spec, require human approval
360
- before it counts. A change is blocked only until the features it touches have approved specs.
361
-
362
- ### Automation & status
363
-
364
- - **`yad-run`** — The Phase 4 orchestrator. Drives a story's back-half loop (spec → tasks → implement →
365
- checks) on each step's automation dial, recording every run in the trust log. A clean `checks` pass
366
- auto-advances to engineer-review; any failure, scope overrun, or contract-surface touch HALTS for a
367
- human. Also sets a step's dial (gated by trust evidence) and flips the system-wide kill switch.
368
- - **`yad-status`** — Read-only view of an epic: the current step, each step's dials (assistance/
369
- automation) and status, which approvals are still required, per-story back-half trust records, the
370
- kill-switch state, and a fleet roll-up across epics.
371
-
372
- ## The two dials (per step, build plan §2)
373
-
374
- - **assistance:** `none` | `review` | `heavy` — how much AI helps.
375
- - **automation:** `human_approve` | `machine_advance` — who advances the step.
376
-
377
- Defaults: every step starts `human_approve`. The four **front** authoring steps (epic, architecture,
378
- UI, stories) and their reviews are **locked** — they may not be set to `machine_advance` in this
379
- version. A front state advances only on a **human act** — recording an approval and `advance`, or
380
- merging the approved, fully-resolved review PR — never on a machine.
381
-
382
- As of **Phase 4a** the `automation` dial is no longer inert: the orchestrator `yad-run` reads it and,
383
- for the safe **back** steps, advances on its own when a step is set to `machine_advance` (and has
384
- *earned* it — see "Run the back half on the dial" below). The engineer review and all five front
385
- states stay `human_approve` forever.
386
-
387
- ## Using the workflow end to end (all the steps, in order)
388
-
389
- This is the full path from nothing to shipped code. Each numbered step names the skill to invoke; the
390
- detailed sections below expand every phase. Invoke a skill by name in your agent/IDE (e.g. *“run
391
- `yad-epic`”*); state lives in files you can also edit directly.
392
-
393
- ### 0 — One-time setup
394
-
395
- > **Shortcut:** `npx yadflow setup` runs the guided wizard interactively — module install, hub
396
- > detect + roster, connect a design/testing/learning tool (each optional), connect repos, wire each
397
- > repo. Run `… check --fix` any time afterwards to reconcile. The manual steps below are the
398
- > long-hand equivalent and still work.
399
-
400
- 1. **Install the module:** `bash skills/sdlc/install.sh` (re-run after any BMAD update).
401
- 2. **Have your code repo(s).** They are **separate git repos** (one `.git` each). For the demo they
402
- live under `demo-repos/<repo>/` — regenerate from `demo-repos/README.md`.
403
- 3. **Optional tools** (the workflow degrades gracefully and records it if any are absent): **Spec Kit**
404
- (`/speckit.*`), **Impeccable** (`/impeccable …`), **Repomix** (`npx repomix`, used by
405
- `yad-connect-repos` and `yad-backfill`), **CodeRabbit** (advisory AI review), **DeepTutor**
406
- (`deeptutor`, the learning layer's tutor — degrades to harness-native, used by `yad-connect-learning`
407
- and `yad-learn`).
408
- 4. **Wire each code repo once:** `yad-checks repo:<repo> action: wire` (installs the CI gates —
409
- *merges* with any existing CI, never clobbers), `yad-pr-template repo:<repo> action: wire` (PR/MR
410
- template + risk routing), `yad-review-comments repo:<repo> action: wire` (review-comment scaffold).
411
- 5. **Connect each code repo to the hub** (so the front phases see what's already built):
412
- `yad-connect-repos action: connect repo:<repo> path:<path-or-git_url> domain_owner:<who>`. It
413
- registers the repo in `.sdlc/repos.json` and caches a Repomix pack + a lightweight **code-map**
414
- (existing endpoints/events/data-models/modules, secret-scanned). Clones/fetches as the **local user**
415
- (SSH or credential helper; GitHub or GitLab; no stored tokens). Re-run for any new repo. Freshness is a
416
- **human decision**: `yad repo list` shows fresh/stale, `yad repo refresh [name]` re-packs a moved repo
417
- (skills flag staleness and point here — they never silently re-pack). Greenfield → skip it.
418
- 6. **(Optional) Connect tools** so the matching steps do real work (each degrades gracefully and is
419
- recorded if absent): `yad-connect-design action: connect` (Figma-first → `design.json`, lets
420
- `yad-ui` materialize screens), `yad-connect-testing action: connect` (Playwright-first →
421
- `testing.json`, lets `yad-test-cases` implement automation), `yad-connect-learning action: connect`
422
- (DeepTutor-first → `learning.json`, powers the cross-cutting learning layer).
423
- 7. **(Optional) Put the hub on a platform** so the front-half review runs through real PRs:
424
- `yad-connect-repos action: detect-hub`, then `yad roster add <login>` once per reviewer (login →
425
- SDLC name + per-repo roles — the `add` walk asks for each connected repo's role; `yad roster grant`
426
- sets one directly), and `yad-pr-template repo:hub action: wire` / `yad-review-comments repo:hub
427
- action: wire` / `yad-checks repo:hub action: wire`. With no hub platform the front gate runs file-only.
428
- 8. **Conventions:** commits and PR/MR titles follow Conventional Commits (lowercase after the type), the
429
- human author owns each commit with an optional per-commit `Co-Authored-By` AI trailer — see
430
- [`CONTRIBUTING.md`](CONTRIBUTING.md).
431
-
432
- ### A — Front half (human-authored, once per epic)
433
- Each author step writes its artifact, sets itself `done`, moves `currentStep` to its review, and
434
- **stops at the gate**. Run every gate with **`yad-review-gate`** — or, when the hub is on a platform,
435
- drive it deterministically with the **`yad gate`** CLI (`open → sync → … → merge`): the review rides
436
- the per-step PR/MR and the step **auto-advances on merge** once approvals are satisfied and all comment
437
- threads are resolved. Details: **“Run the full front half by hand”** below.
438
-
439
- 0. *(optional, once per project)* `yad-discovery` → the discovery set (`market-research.md`,
440
- `competitor-analysis.md`, `current-state.md`, `feasibility.md`, `requirements.md`, `roadmap.md`)
441
- under the reserved `EP-discovery` → review (base rule) → `currentStep: discovery-done`. The whole
442
- set is required to review; its `roadmap.md` then frames each epic below (read once it is approved).
443
- 6. `yad-epic` → `epic.md` (assigns `EP-<slug>`, seeds state) → review (base rule).
444
- 7. `yad-architecture` → `architecture.md` + locked `contract.md` → review (**escalated**: contract).
445
- 8. `yad-ui` → `ui-design.md` + `DESIGN.md` → review (base rule).
446
- 9. `yad-stories` → repo-tagged `stories/EP-<slug>-S0N.md` → review (**per-repo**).
447
- → `state.json` reaches `currentStep: ready-for-build` — **the build half can start now.**
448
- 10. `yad-test-cases` → `test-cases.md` (+ automation tests when a testing tool is connected) → review (base rule).
449
- **Parallel, non-blocking:** opens when the stories gate passes and runs alongside the build half; its
450
- review never moves `currentStep` off `ready-for-build`.
451
-
452
- ### B — Build half (per story, per repo)
453
- From a `ready-for-build` story, for **each** repo the story is tagged with. Details: **“Run the full
454
- build half by hand”** below.
455
-
456
- 10. `yad-spec story:<id> repo:<repo>` → writes `specs/<story-id>/` (spec/plan/tasks + `link.md`).
457
- 11. `yad-implement story:<id> repo:<repo> task:<T0N>` → one atomic task = one branch = one commit
458
- (repeat per task). Commit by convention with **`yad commit --type <t> -m <subject> [--ai <tool>]`**
459
- (Task/Contract-Change/Co-Authored-By trailers, atomic-file guard).
460
- 12. `yad-checks repo:<repo> action: run` → spec-link, contract-check, build/test/lint, verified-commits
461
- (platform-Verified signature + roster-allowlisted author), and commit-message must pass. (The
462
- `pr-title` / `pr-template` gates need the PR title + body, so they run in CI once the PR exists —
463
- step 13.)
464
- 13. Open the PR/MR from the wired template with **`yad open-pr --repo <repo> [--risk <level>]`** (or do
465
- 12+13 in one step with **`yad ship --type <t> -m <subject> --repo <repo>`**). The PR's CI now also
466
- runs the `pr-title` and `pr-template` gates; `yad-pr-template repo:<repo> action: route` prints the
467
- required reviewers from the Impact & Risk block.
468
- 14. `yad-engineer-review` → `ai-review` (advisory) → `approve` (the human engineer gate) → `ship` (merge,
469
- record in `build-log.json`, update story status to `in-build`/`shipped`).
470
- - **Multi-repo:** repeat 10–14 in each repo, all from the **one** locked contract.
471
- - **Existing code:** `yad-backfill` first, to produce a human-verified spec for a built feature.
472
-
473
- ### C — Automation (optional, earned over time)
474
- 15. After a back step accumulates trust evidence, earn it:
475
- `yad-run action: set-dial step:<step> to: machine_advance` (refused if evidence is short or for a
476
- front state / the engineer review).
477
- 16. Drive a story's back half on the dials: `yad-run story:<id> repo:<repo>` — it auto-advances
478
- earned steps and stops for a human otherwise, always halting at the engineer review.
479
- 17. **Kill switch any time:** `yad-run action: kill` (everything → manual) / `action: unkill`.
480
- Details: **“Run the back half on the dial”** below.
481
-
482
- ### Any time
483
- - **`yad-status [EP-<slug>]`** — read-only: the front chain, each build step's dial + status, the
484
- trust record, and (across epics) the fleet roll-up. Start here to see what's blocking.
485
-
486
- ## Run the full front half by hand
487
-
488
- Optionally preceded once per project by the **front-zero** — **`yad-discovery` → review →
489
- `discovery-done`** — which frames the whole product (market, competitor, feasibility, requirements,
490
- roadmap) under the reserved `EP-discovery`; its approved `roadmap.md` then feeds each epic. The front
491
- half itself walks **epic → review → architecture+contract → review → UI design → review → stories
492
- → review → `ready-for-build`**, then **test cases → review** runs as a **parallel, non-blocking track**
493
- alongside the build half. It is all files under `epics/EP-<slug>/`. The skills below guide you, but you
494
- can also edit the files directly — that's the point.
495
-
496
- Each authoring step is the same shape: an author skill produces an artifact, sets its step `done`,
497
- moves `currentStep` to the matching review, and **stops at the gate**. Then **`yad-review-gate`**
498
- (one gate, reused for all five reviews) takes `open → comment → approve → advance`. When the hub is on a
499
- platform, the **`yad gate`** CLI runs that gate over a real PR/MR — `open` raises the review PR, `sync`
500
- pulls approvals + comment threads into the ledger, and the step **auto-advances when the approved,
501
- fully-resolved PR is merged** (the merge is the human approval act).
502
-
503
- **Code-aware (when repos are connected).** If you ran `yad-connect-repos` in setup, each author step
504
- first loads the connected repos' **code-maps** (from `.sdlc/code-context/<repo>/`) so it considers what
505
- already exists: the epic references existing behaviour, **the architecture cross-checks the contract
506
- surface against existing endpoints/events/entities before hash-locking it**, the UI reuses existing
507
- components, and stories anchor to real modules. Each artifact stamps what it read in its `code-context:`
508
- frontmatter; a repo that has moved since connect triggers a staleness warning — the step **flags it and
509
- stops**, pointing you at `yad repo refresh <repo>` (refreshing is a human decision, never an automatic
510
- side-effect). With no repos connected the steps proceed exactly as before (greenfield-safe).
511
-
512
- ### Author steps
513
- 1. **`yad-epic`** (state 1) → `epic.md`; assigns the stable `EP-<slug>` ID; seeds
514
- `.sdlc/state.json` (all `human_approve`, front steps locked) + empty `.sdlc/approvals.json`.
515
- 2. **`yad-architecture`** (state 3) → `architecture.md` + the locked `contract.md`; writes the
516
- contract-surface SHA-256 to `.sdlc/contract-lock.json`.
517
- 3. **`yad-ui`** (state 5) → `ui-design.md` + `DESIGN.md` (drives Impeccable
518
- `document|extract|craft` slash-commands when installed; otherwise authors directly).
519
- 4. **`yad-stories`** (state 7) → one file per story `stories/EP-<slug>-S0N.md`, each tagged
520
- with the `repos` it implements.
521
-
522
- ### The one gate (every review)
523
-
524
- Every review is the same loop — author writes, reviewers comment (which never advances), approvals
525
- accumulate, and the step moves forward only when the rule is met. **File-only** ends in an explicit
526
- `advance`; **PR-driven** (hub on a platform) ends when the approved, fully-resolved review PR is
527
- **merged**:
528
-
529
- <!-- Source: docs/diagrams/review-loop.mmd — edit the .mmd and run `npm run diagrams` to regenerate -->
530
- ![Review gate loop — author, open, comment, approve, advance](https://raw.githubusercontent.com/abdelrahmannasr/yadflow/main/docs/diagrams/review-loop.svg)
531
-
532
- **File-only** — invoke **`yad-review-gate`** with `open` (present the artifact; reviewers comment in
533
- `reviews/<artifact>--<date>--comments.md`), `approve` (name + role → `.sdlc/approvals.json`), and
534
- `advance` (moves **only if** the rule is satisfied, else it names the missing approval).
535
-
536
- **PR-driven** — when the hub is on a platform, the **`yad gate`** CLI runs the same gate over a PR/MR:
537
- - `yad gate open <epic> <artifact>` — raise the review PR/MR; mark the step `in_review`.
538
- - `yad gate sync <epic> [artifact]` — pull approvals + comment threads into the **same** ledger (your
539
- own `gh`/`glab`, no stored tokens) and **auto-advance on merge** once the rule is met and every thread
540
- is resolved. Approvals are **revoked when the reviewed artifact changes** (re-hash), so reviewers get
541
- a fresh pass. Unresolved comments hold the step `in_review`.
542
- - `yad gate comments <epic>` fetches the open threads to address; `yad gate status <epic>` shows
543
- approvals (counting only the non-stale ones). The file ledger stays the source of truth; with no
544
- platform / no CLI it degrades to file-only.
545
-
546
- **The gate rule, by review:**
547
- - **Base** (epic, UI): `owner + 1 reviewer`.
548
- - **Escalated** (architecture+contract — `risk_tags: ["contract"]`): base **plus a domain owner for
549
- every repo in `epic.repos`**. The contract-surface hash must still match `.sdlc/contract-lock.json`
550
- (a changed surface invalidates approvals).
551
- - **Per-repo** (stories): base **plus a domain owner (the repo's engineer) for every repo that appears
552
- in any story's `repos`**.
553
-
554
- ### Check status anytime
555
- Invoke **`yad-status`** (read-only) to see the full 10-step chain, every step's dials/status, the
556
- contract lock, story repo tags, and which approvals the active gate still needs.
557
-
558
- ## Worked example (already in this repo)
559
-
560
- `epics/EP-istifta-inquiries/` shows the **whole front half** walked end to end:
561
- - `epic.md` authored + approved (epic gate, base rule) — 2026-06-04.
562
- - `architecture.md` + `contract.md` authored; contract surface hash-locked in
563
- `.sdlc/contract-lock.json`. Architecture gate **escalated** (contract): owner *alice* + reviewer
564
- *bob* + domain owners *carol* (backend) and *dave* (mobile).
565
- - `ui-design.md` + `DESIGN.md` authored (Impeccable not installed → graceful fallback). UI gate base
566
- rule (alice + bob).
567
- - Five repo-tagged stories `stories/EP-istifta-inquiries-S01..S05.md`. Stories gate **per-repo**: base
568
- rule + a domain owner for each touched repo (carol/backend, dave/mobile).
569
- - `state.json` now reads `currentStep: ready-for-build`, every front step `done` — the Phase 3
570
- handoff point.
571
-
572
- Inspect it:
573
42
  ```bash
574
- cat epics/EP-istifta-inquiries/.sdlc/state.json
575
- cat epics/EP-istifta-inquiries/.sdlc/approvals.json
576
- cat epics/EP-istifta-inquiries/.sdlc/contract-lock.json
577
- ls epics/EP-istifta-inquiries/reviews/
578
- ls epics/EP-istifta-inquiries/stories/
579
- # re-verify the contract surface still matches its lock:
580
- awk '/CONTRACT-SURFACE:BEGIN/{f=1;next} /CONTRACT-SURFACE:END/{f=0} f' \
581
- epics/EP-istifta-inquiries/contract.md | shasum -a 256
43
+ npx yadflow setup # 1. guided wizard: install skills, connect repos, wire CI gates
582
44
  ```
583
45
 
584
- ## Run the full build half by hand (Phase 3)
46
+ Then, in your AI IDE, drive the lifecycle by invoking skills by name:
585
47
 
586
- From a `ready-for-build` story, the **build half** turns one atomic task into shipped code through
587
- gates that protect production. Per-repo specs live in each code repo; the contract stays singular in
588
- the product repo. Code repos are **separate git repos** under `demo-repos/<repo>/` (gitignored;
589
- `demo-repos/README.md` explains regeneration). **Nothing auto-advances** — every gate is human-owned.
590
-
591
- 1. **Spec** — `yad-spec` runs the heavy Spec Kit ceremony **once per story per repo**
592
- (`specify`→`clarify`→`plan`→`analyze`→`checklist`→`tasks`), writing `specs/<story-id>/` and a
593
- `link.md` back to the story (drives `/speckit.*` when installed, else degrades). It **quotes** the
594
- locked contract; it never widens it.
595
- 2. **Implement** — `yad-implement` (the `dev` step): one atomic task = one branch
596
- (`feat/<story>-<task>-…`) = one PR. The diff stays inside the files the task declared. Commit with
597
- **`yad commit`** — it builds the conventional subject, derives the `Task:` trailer from the branch
598
- (add `--contract-change` only if the locked surface is touched), appends an optional `--ai` co-author,
599
- and refuses a non-atomic stage. Open the PR with **`yad open-pr --repo <repo>`** (template prefilled),
600
- or do both in one step with **`yad ship`** (commit then open-pr).
601
- 3. **Check gates** — `yad-checks` wires the CI gates (GitHub + GitLab) that must pass before merge:
602
- **spec-link** (links a real story/spec), **contract-check** (a contract-surface change without
603
- `Contract-Change` + a re-locked contract FAILS, routing back to the architecture gate),
604
- **build/test/lint**, **verified-commits**, and the **pattern gates** **commit-message** / **pr-title**
605
- / **pr-template** (profile-aware `code`|`hub`, so they also run on the product hub). They fail closed
606
- on a bad base ref.
607
- 4. **PR/MR template + risk routing** — `yad-pr-template` drops the platform-matched template with an
608
- Impact & Risk block; `high` risk (or a contract/auth/payments surface) routes the review to domain
609
- owners (`risk-route.sh`), the same escalation as the gate.
610
- 5. **AI review → engineer review → merge** — `yad-engineer-review`: CodeRabbit is an advisory first pass
611
- (never the authority); a human engineer approves (owner + 1 reviewer, escalating to domain owners); on
612
- merge the ship is recorded in `.sdlc/build-log.json` and the story state becomes `in-build` →
613
- `shipped`. The epic → story → task → PR → mergeCommit chain is traceable both ways.
48
+ ```text
49
+ run yad-epic # 2. author + gate the "thinking": epic architecture UI stories
50
+ run yad-spec … # 3. build half: spec implement checks ship (per story, per repo)
51
+ ```
614
52
 
615
- **Multi-repo:** a story tagged `repos: [backend, mobile]` runs the above in each repo independently from
616
- the **one** locked contract; the contract-check blocks a surface bypass in either repo.
53
+ Every step stops at a gate until a human approves. New here? **Walk it lesson-by-lesson in the
54
+ [guided tutorial](https://abdelrahmannasr.github.io/yadflow/tutorial/)**, or read the
55
+ [team guide](TEAM-GUIDE.md).
617
56
 
618
- **Backfill existing code:** `yad-backfill` packs one feature with **Repomix** (`npx repomix`, secret-scan
619
- by default), drafts an *unverified* spec ("describe what exists, do not invent"), a human approves it,
620
- and `backfill-check.sh` blocks a change to that feature until its spec is approved — gated per touched
621
- feature, never the whole repo.
57
+ ## How it works (in five points)
622
58
 
623
- The build half is walked end to end on the worked epic: story **S01** shipped (`status: shipped`,
624
- three tasks in `build-log.json`), **S03** built across backend + mobile, and a `health` feature
625
- backfilled. The code repos are regenerable from `demo-repos/README.md`.
59
+ - **Front half = decide.** Once per epic, in the product hub: epic, architecture + a locked contract,
60
+ UI, stories, test cases. Always human-gated nothing auto-advances.
61
+ - **Build half = build.** Once per story per code repo: spec implement → checks → ship.
62
+ - **Every step stops at a gate.** A human moves it forward (file-only, or by merging a review PR/MR).
63
+ - **Automation is opt-in and earned.** A safe back-half step can earn auto-advance after it proves
64
+ itself — and a one-command kill switch reverts everything to manual. The engineer review and all
65
+ front states are never automatable.
66
+ - **Everything is files.** State, approvals, the contract lock, the build log — all plain files under
67
+ `epics/EP-<slug>/`. No database. The audit trail *is* the repo.
626
68
 
627
- ## Run the back half on the dial (Phase 4 — automation, earned)
69
+ ## Who it's for
628
70
 
629
- Phase 4 is **automation, earned with evidence and reversible in one move**. Phase 4a made the
630
- `automation` dial real and earned the safest step (the check-gate advance); Phase 4b added the
631
- `implement check` hand-off and the `spec`/`tasks` trust hooks. The engine is `yad-run`; the
632
- evidence lives in two new files per epic under `.sdlc/`: `build-state/<story-id>.json` (the back steps
633
- with their dials, per repo) and `trust-log.json` (every run's verdict). See
634
- `docs/phase-4-build-plan.md` and `docs/phase-4b-build-plan.md`.
71
+ Tech leads and engineering managers who want their team to move fast with AI **without** giving up
72
+ review, architectural control, or an audit trail the governance layer around AI-assisted
73
+ development, not another code generator.
635
74
 
636
- - **Drive a story's back half:** `yad-run {story} {repo}` walks `spec → tasks → implement → checks`,
637
- reading each step's dial. On `machine_advance` it advances on its own; on `human_approve` it stops
638
- for a human; on any FAIL, scope overrun, or contract-surface touch it **halts and pulls in a human**.
639
- It always stops at the engineer review (`yad-engineer-review`), which is never automated.
640
- - **Read the trust log:** `yad-status {epic}` shows each back step's dial, status, and trust record —
641
- runs, % `approved-unchanged`, and whether that clears the threshold (`automation.trust_threshold` in
642
- `config.yaml`, default ≥5 runs and ≥80% unchanged). The engineer review records each run's verdict
643
- (a diff merged as-authored is `approved-unchanged`; one edited first is `approved-with-edits`; a
644
- failed one is `rejected`).
645
- - **Earn automation for a step:** once a step's trust record clears the threshold,
646
- `yad-run action: set-dial step: checks to: machine_advance` flips it. The setter **refuses** if the
647
- evidence is short, or for any front state / the engineer review. Reverting
648
- (`to: human_approve`) is always allowed — automation is reversible in one move.
649
- - **Kill switch:** `yad-run action: kill` forces every step back to `human_approve` system-wide
650
- instantly (no code change, no per-step edits); `yad-run action: unkill` restores earned automation.
75
+ ## Documentation
651
76
 
652
- **Earned so far:** `checks` (Step B, Phase 4a) and `implement` (Step D, Phase 4b the
653
- `implement check` hand-off; the scope/contract halts and the engineer review still gate the merge).
654
- `tasks` (Step C) and `spec` have their dials + trust hooks but stay `human_approve` until their own
655
- runs clear the threshold there is no historical signal to seed them from, so they are earned only on
656
- genuine runs (never fabricated). See `docs/phase-4b-build-plan.md`.
77
+ - **[Guided tutorial](https://abdelrahmannasr.github.io/yadflow/tutorial/)** learn by doing, setup first shipped feature.
78
+ - **[Terminology & workflow report](https://abdelrahmannasr.github.io/yadflow/)** every term, artifact, gate, and skill on one illustrated page.
79
+ - **[TEAM-GUIDE.md](TEAM-GUIDE.md)** the short, plain-language version for a developer team.
80
+ - **[docs/CLI.md](docs/CLI.md)**the full `yad` command reference, the PR-driven gate, and `yad doctor` codes.
81
+ - **[docs/SKILLS.md](docs/SKILLS.md)** the catalogue of all 35 agent skills.
82
+ - **[docs/WALKTHROUGH.md](docs/WALKTHROUGH.md)** — the by-hand, end-to-end path through every phase.
83
+ - **[CONTRIBUTING.md](CONTRIBUTING.md)** · **[RESEARCH-NOTES.md](RESEARCH-NOTES.md)** · **[RELEASING.md](RELEASING.md)**
657
84
 
658
- ## What's intentionally NOT built yet
85
+ ---
659
86
 
660
- **Phase 4b Step C** (the remaining automation): `tasks` generation advance gated until real
661
- `tasks`/`spec` trust evidence accrues. The hook that records that evidence is built; the dial flips
662
- only once the threshold is genuinely met. The scope guard and contract-surface halt always override
663
- the dial, and **front states and the engineer review stay `human_approve`, permanently.**
87
+ **Platform support.** Linux and macOS are first-class (CI runs the test suite, bash gates, and the
88
+ end-to-end harness on both). On **Windows use [WSL](https://learn.microsoft.com/windows/wsl/)** native
89
+ PowerShell is not yet supported. Requires **Node.js 18**.
664
90
 
665
- **Phase 5 (conditional):** the optional service layer (watch repos, run earned-automation steps
666
- unattended, read-only dashboards), built only when the CLI genuinely can't keep up, with git remaining
667
- the source of truth. It is **trigger-gated** — `docs/phase-5-build-plan.md` is the build plan: its
668
- three parts (read-index, unattended runner, dashboard) each ship only when *their* bottleneck is
669
- measured, with the hard rules they inherit and the instrumentation (already shipped in `yad-status`)
670
- that makes the decision data-driven. See also `docs/claude-code-build-plan.md` §8.
91
+ **Releases** are automated via [semantic-release](https://semantic-release.gitbook.io/) on merge to
92
+ `main` (Conventional Commits npm, with provenance). See [RELEASING.md](RELEASING.md).