yadflow 2.18.0 → 2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,9 +1,9 @@
1
- # [2.18.0](https://github.com/abdelrahmannasr/yadflow/compare/v2.17.0...v2.18.0) (2026-06-26)
1
+ ## [2.18.1](https://github.com/abdelrahmannasr/yadflow/compare/v2.18.0...v2.18.1) (2026-06-28)
2
2
 
3
3
 
4
- ### Features
4
+ ### Bug Fixes
5
5
 
6
- * **change:** post-lock change management via feature threads (Phase 6) ([#83](https://github.com/abdelrahmannasr/yadflow/issues/83)) ([f8024d5](https://github.com/abdelrahmannasr/yadflow/commit/f8024d5808070656d1c3039905ada39096fe7d3b)), closes [#1](https://github.com/abdelrahmannasr/yadflow/issues/1)
6
+ * publish updated README and tutorial site to npm ([a7cd251](https://github.com/abdelrahmannasr/yadflow/commit/a7cd251203819565bbde76dd47959ff92b12900c)), closes [#84](https://github.com/abdelrahmannasr/yadflow/issues/84) [#85](https://github.com/abdelrahmannasr/yadflow/issues/85)
7
7
 
8
8
  # [2.2.0](https://github.com/abdelrahmannasr/yadflow/compare/v2.1.0...v2.2.0) (2026-06-14)
9
9
 
package/README.md CHANGED
@@ -1,703 +1,92 @@
1
- # Yadflow — the gated, team, multi-repo SDLC on top of BMAD
1
+ # Yadflow — keep AI-generated code from shipping ungoverned
2
2
 
3
3
  [![npm version](https://img.shields.io/npm/v/yadflow?logo=npm)](https://www.npmjs.com/package/yadflow)
4
4
  [![CI](https://github.com/abdelrahmannasr/yadflow/actions/workflows/ci.yml/badge.svg)](https://github.com/abdelrahmannasr/yadflow/actions/workflows/ci.yml)
5
- [![provenance](https://img.shields.io/badge/npm-provenance-blue?logo=npm)](https://docs.npmjs.com/generating-provenance-statements)
6
5
  [![node](https://img.shields.io/node/v/yadflow?logo=node.js)](https://github.com/abdelrahmannasr/yadflow/blob/main/package.json)
7
- [![security policy](https://img.shields.io/badge/security-policy-brightgreen)](https://github.com/abdelrahmannasr/yadflow/blob/main/SECURITY.md)
8
6
  [![report](https://img.shields.io/badge/docs-Yadflow%20report-2471a3)](https://abdelrahmannasr.github.io/yadflow/)
9
7
 
10
- > 📖 **Start here: the [Yadflow Terminology & Workflow Structure Report](https://abdelrahmannasr.github.io/yadflow/)**
11
- > the full picture of every term, artifact, gate and skill in one richly illustrated page.
8
+ **A gated software-development lifecycle where AI builds and a human approves every step.**
9
+ *AI builds. The hand decides.* (*yad* **يد**, Arabic for "hand".) On npm and GitHub as `yadflow`.
12
10
 
13
- **Yadflow** (*yahd-flow* — from **يد**, Arabic for "hand") is the AI-driven SDLC where a human hand
14
- moves every gate. *AI builds. The hand decides.* On npm and GitHub as `yadflow`.
11
+ ## The problem
15
12
 
16
- A custom BMAD module that turns BMAD from a solo tool into a **team, gated, file-driven SDLC
17
- engine**. Every step does its work, writes its output to a file, and **waits at a gate**. Who
18
- advances the gate (human now; machine later) is a per-step setting. All state lives in files
19
- nothing hidden, no database.
13
+ AI writes code faster than any team can review it. Left ungoverned, that speed turns into risk:
14
+ unreviewed AI-generated changes merge straight into the codebase, architectural decisions get made
15
+ by autocomplete, and the trail of *why* a change was made disappears. The faster the team ships with
16
+ AI, the harder it gets to keep control of quality, architecture, and accountability.
20
17
 
21
- This repo is the **first deliverable** (see `docs/claude-code-build-plan.md` §10): verified research,
22
- a scaffolded module that installs cleanly, and a working **team review gate** you run by hand.
18
+ ## What Yadflow is
23
19
 
24
- ## The workflow at a glance
20
+ Yadflow puts a **human gate on every step** of the lifecycle. Each step does its work, writes its
21
+ output to a plain file, and **waits** — it never advances until a human approves it (or, later, until
22
+ a step has *earned* the right to auto-advance). Reviews ride real PR/MRs; all state lives in files you
23
+ can read, diff, and edit — no database, nothing hidden. The result is a paper trail for every decision
24
+ and a hard wall between "AI proposed" and "we shipped it."
25
25
 
26
- The whole lifecycle, from an empty project to shipped code. Setup is one-time; the optional
27
- **front-zero** (`yad-discovery`) frames the whole project once — market, feasibility, and a phased
28
- roadmap; the **front half** is human-gated and runs once per epic in the product hub; the **build
29
- half** runs once per story per code repo; **automation** is opt-in and earned. `yad-status` reads it
30
- all; `yad-hub-bridge` mirrors front-half reviews to real PR/MRs.
26
+ It installs as a custom [BMAD](https://github.com/bmad-code-org/BMAD-METHOD) module and works across
27
+ one product hub + many code repos, solo or team.
28
+
29
+ ## How the workflow looks
31
30
 
32
31
  <!-- Source: docs/diagrams/sdlc-overview.mmd — edit the .mmd and run `npm run diagrams` to regenerate -->
33
32
  ![Yadflow SDLC overview — setup, human-gated front half, per-story build half, earned automation](https://raw.githubusercontent.com/abdelrahmannasr/yadflow/main/docs/diagrams/sdlc-overview.svg)
34
33
 
35
- **Legend.** <span>🟨</span> **artifact** = an author step writes a file and stops; <span>🟧</span>
36
- **gate** = a human review that must pass (`open comment approve → advance`); <span>🟦</span>
37
- **earns automation** = a back step that can be set to `machine_advance` once it proves itself;
38
- <span>⬜ dashed</span> **locked** = the engineer review and every front state, **permanently
39
- human**. Detailed walkthroughs for each phase follow below.
40
-
41
- ## What's here
42
-
43
- | Path | What it is |
44
- |------|-----------|
45
- | `RESEARCH-NOTES.md` | Verified Phase 0 facts about BMAD, Spec Kit, Repomix, Impeccable + deviations. |
46
- | `skills/sdlc/` | Module source of truth (`config.yaml`, `module-help.csv`, `install.sh`). Survives BMAD updates. |
47
- | `bin/`, `cli/` | The `yad` setup/update CLI (published to npm as `yadflow`). |
48
- | `skills/yad-discovery/` | Optional front-zero (once per project, greenfield + brownfield): market research, competitor study, feasibility, current-state, requirements (functional + non-functional) and a phased roadmap (MVP+) under the reserved `EP-discovery`. `roadmap.md` is the menu of features each epic reads. |
49
- | `skills/yad-analysis/` | Optional front state 1: pressure-test the idea with the analyst into `analysis.md` (skippable). |
50
- | `skills/yad-epic/` | Front state 1: author an epic with AI assist, assign its `EP-<slug>` ID, seed state. |
51
- | `skills/yad-architecture/` | Front state 3: author `architecture.md` + the locked `contract.md`; hash-lock the contract surface. |
52
- | `skills/yad-ui/` | Front state 5: author `ui-design.md` + `DESIGN.md` (Impeccable slash-commands, or graceful fallback). |
53
- | `skills/yad-stories/` | Front state 7: break the epic into repo-tagged stories with stable `EP-<slug>-S0N` IDs. |
54
- | `skills/yad-test-cases/` | Front state 9: with the test architect author `test-cases.md`; implement the automation in the connected testing tool, or produce artifacts only. |
55
- | `skills/yad-connect-repos/` | Connect code repos to the hub (GitHub/GitLab, local-user auth); cache a Repomix pack + **code-map** per repo so the front phases are code-aware. |
56
- | `skills/yad-connect-learning/` | Connect a learning tool (DeepTutor-first, pluggable) — a CLI subprocess like Repomix; record `.sdlc/learning.json` + an optional grounded knowledge base. |
57
- | `skills/yad-learn/` | The cross-cutting **learning layer**: tutor any member, at any stage, in the context of what's being built; records a personal, local-only skills log (gitignored, never committed/pushed). Opt-in, never gates. |
58
- | `skills/yad-review-gate/` | The reusable **team review + approve gate** (used for all five reviews). |
59
- | `skills/yad-spec/` | Build Step A: run the Spec Kit ceremony once per story per repo → `specs/<story-id>/`. |
60
- | `skills/yad-implement/` | Build Step B: implement ONE atomic task as a small diff on its own branch. |
61
- | `skills/yad-checks/` | Build Step C: wire + run the CI gates (spec-link, contract-check, build/test/lint, verified-commits). |
62
- | `skills/yad-pr-template/` | Build Step D: install the platform PR/MR template + risk routing (code repos **and** the hub). |
63
- | `skills/yad-review-comments/` | Install platform-matched PR/MR review-comment scaffolds (code repos and the hub). |
64
- | `skills/yad-hub-bridge/` | The templated PR/MR **review bridge**: open a review PR/MR on the hub and sync platform approvals/comments into the file ledger. |
65
- | `skills/yad-commit/` | Build helper: commit ONE staged atomic change by the conventions (Conventional subject, trailers, `--ai` footer, ≤3-file guard). |
66
- | `skills/yad-open-pr/` | Build helper: open a code-repo task PR/MR from the committed template (push, prefill, roster auto-assign). |
67
- | `skills/yad-ship/` | Build helper: commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`). |
68
- | `skills/yad-engineer-review/` | Build Step E: AI review (advisory) → engineer review → merge + record in the build log. |
69
- | `skills/yad-backfill/` | Generate a human-verified spec for already-built code (Repomix), gated per touched feature. |
70
- | `skills/yad-run/` | Phase 4 orchestrator: drive a story's back half on the `automation` dial; kill switch. |
71
- | `skills/yad-status/` | Read-only view: front chain, build-half dials, trust record, fleet roll-up. |
72
- | `skills/yad-change/` | Phase 6: post-lock change/defect/hotfix **intake + triage** — seed a new epic threaded to its parent (inherit by reference, re-author only what changes). |
73
- | `skills/yad-timeline/` | Phase 6: render a feature **thread** as an evolution view + resolve its current truth (`thread-resolved.md`). |
74
- | `skills/yad-defects/` | Phase 6: per-epic/per-thread **quality-gap report** by `escape_stage` + `root_cause`. |
75
- | `skills/yad-reconcile/` | Phase 6: read-only **drift/orphan/debt sweep** across threads (mirrors `yad-docs-sync`; never a gate). |
76
- | `epics/EP-istifta-inquiries/` | A worked demo epic run **end to end** (front half + build half + automation + a Phase 6 change thread). |
77
- | `demo-repos/` | Throwaway code repos for the build half (separate git repos; regenerable — see `demo-repos/README.md`). |
78
- | `docs/` | The phased build plans (`phase-2`…`phase-6`) and the original workflow design. |
79
- | [`CONTRIBUTING.md`](CONTRIBUTING.md) | Commit & PR/MR title convention (Conventional Commits, lowercase after the type). |
80
-
81
- ## The `yad` CLI (install, update, reconcile)
82
-
83
- The module ships a zero-dependency CLI, published to npm as
84
- [`yadflow`](https://www.npmjs.com/package/yadflow). Run it
85
- with `npx` from your **product hub** repo — no clone needed.
86
-
87
- > **Platform support.** Linux and macOS are first-class — the test suite, the bash check gates, and
88
- > the end-to-end harness all run on both in CI. The CLI shells out to `git` (and the bash gate
89
- > scripts), so on **Windows use [WSL](https://learn.microsoft.com/windows/wsl/)**; native PowerShell
90
- > is not yet supported. Requires **Node.js ≥ 18**.
91
-
92
- | Command | What it does |
93
- |---------|--------------|
94
- | `npx yadflow setup` | Guided first-run wizard — a short **profile interview** (solo/team, greenfield/brownfield, monorepo/separate) then the branched steps below. Pre-answer for CI/scripts with `--solo`/`--team <n>`, `--greenfield`/`--brownfield`, `--monorepo`/`--separate`, `--tools`. |
95
- | `yad next [<epic>]` | **Where am I / what next.** With no epic: project-wide orientation — the one next action (run setup, start an epic, or the single active epic's step). With an epic: that epic's exact next action (a skill to invoke or a `yad` command to run). `yad next <epic> --check <step>` exits non-zero when a step is run out of order (the precondition guard); `yad next --all` lists every epic's next action. |
96
- | `npx yadflow check` | Read-only report: what is **missing** / **outdated** (drifted) / **stale** (code-context) / **legacy** (pre-2.0 `sdlc-*` names) vs the bundled manifest. |
97
- | `npx yadflow check --fix` | Reconcile: fill what is missing **and** update what changed — touches nothing already correct. |
98
- | `npx yadflow update` | Apply drift only (alias for `check --fix --scope=changed`). Also migrates a pre-2.0 install in place: `sdlc-*` skill copies and marker-owned `sdlc-*.yml` CI files are replaced by their `yad-*` names (a same-named file *you* authored is never touched). |
99
- | `npx yadflow doctor [--json]` | Environment + state health: tools on PATH and platform auth, config files parse and point at real repos, every epic ledger loads. Exit 1 on any failure; `--json` for CI and bug reports. |
100
- | `yad roster list` / `yad roster add <login>` | Manage the reviewer roster + per-repo roles **any time** (not just at setup). `add` upserts a member then walks each connected repo asking for their role; `grant`/`revoke <name> <repo> <role>` and `remove <login>` round it out. A `domain-owner` grant keeps `repos.json` `domain_owners` in sync. |
101
- | `yad gate open <epic> <artifact>` | Open the front-half **review PR/MR** for an artifact and mark the step `in_review`. |
102
- | `yad gate sync <epic> [artifact]` | Pull the PR/MR's reviews + comment threads into the file ledger; **auto-advance** the step when approvals are satisfied, all threads are resolved, and the PR is merged. |
103
- | `yad gate comments <epic> [artifact]` | Fetch the unresolved review comments to address (then reply on the PR; reviewers resolve their threads). |
104
- | `yad gate status <epic>` | Show each review step and its recorded approvals. |
105
- | `yad gate ci [--branch <head>] [--pr <n>]` | The CI entry the hub workflow calls on review/merge events: derive the epic/artifact from the `review/EP-*` branch, run the same sync, and commit **only the ledger** to the hub default branch (sweep every open review PR when no `--branch`). |
106
- | `yad commit --type <t> -m <subject>` | Commit by the SDLC convention — Conventional subject, `Task`/`Contract-Change`/`Co-Authored-By` trailers, atomic-file guard. |
107
- | `yad open-pr [--repo <name>]` | Open a **task** PR/MR from the platform template (build half). **Stage-aware on the hub:** a `review/EP-*` branch opens the front-half artifact-review PR (delegates to `yad gate open`); any other hub branch uses the code-task template (so hub tooling PRs pass the `pr-template` gate). |
108
- | `yad ship --type <t> -m <subject>` | Commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`) — stage-aware, same as `open-pr`. |
109
- | `yad repo list` / `yad repo refresh [name]` | List connected repos as **fresh / stale**, and re-pack a stale one — staleness is now an explicit human decision, never an automatic skill side-effect. |
110
- | `yad repo sync [name]` | Switch every connected repo to its **default branch** and fast-forward it from origin (one or all). Dirty repos are skipped, never overwritten; fast-forward only. |
111
- | `yad thread [<epic>]` | **Feature threads (Phase 6).** No arg: list every thread. With an epic: show its thread (genesis → changes → defects), the **resolved current-truth** map (which epic owns each artifact now), and any open hotfix debt. `--json` for tooling. Read-only. |
112
- | `yad reconcile [check\|refresh\|wire]` | Sweep threads for **drift / orphans / open hotfix debt** and report which thread drifted and why (mirrors `yad docs sync`; advisory — the CI gates block at merge). |
113
- | `npx yadflow --version` | Print the installed CLI version. |
114
-
115
- Flags: `--dir <path>` targets a project other than the cwd; `--force` re-copies unchanged files (or
116
- bypasses the commit atomic guard). Commit flags: `--type`, `-m/--message`, `--task`, `--ai
117
- <claude\|copilot\|cursor\|coderabbit\|none>`, `--contract-change`, `--dry-run`. `open-pr` flags:
118
- `--repo`, `--risk <low\|medium\|high>`, `--contract-change`. `ship` takes the union of the `commit`
119
- and `open-pr` flags (it runs `open-pr` only if the commit lands).
120
-
121
- ### The PR-driven review gate
122
-
123
- The front-half gate now rides the **PR/MR you open per step** (`yad gate open`). Reviewers approve and
124
- comment on the platform; `yad gate sync` maps that state into the file ledger (`approvals.json`,
125
- `comments.json`, `reviews/*.md`) — which stays the source of truth — and the step **auto-advances on
126
- merge** once three things hold: the reviewer rule is satisfied (owner + 1 reviewer, plus a domain-owner
127
- per touched repo on escalated steps), every comment thread is resolved, and the review PR/MR is merged.
128
- The merge click is the human approval act, so front steps still never `machine_advance`. Approvals are
129
- **revoked when the reviewed artifact actually changes** (re-hash), giving reviewers a fresh pass. With no
130
- hub platform / no `gh`/`glab`, the gate degrades to file-only with no error.
131
-
132
- **Solo mode.** A lone developer can't approve their own PR on GitHub, so an approval requirement would
133
- deadlock them. Opt in (`yad setup --solo`, recorded as `solo: true` in `.sdlc/hub.json`) and the gate
134
- **waives the approval requirement only** — the review PR/MR and its merge stay, so CI still runs on the
135
- PR and the **merge** advances the step. Net: the gate passes on *merged + all threads resolved*. It's a
136
- documented, reversible relaxation; `yad doctor` warns if branch protection still "requires approvals"
137
- (which would block the solo dev's own merge).
138
-
139
- **Event-driven sync.** Wire the hub once (`yad check --fix` installs `.github/workflows/yad-gate-sync.yml`,
140
- or the GitLab fragment + schedule) and every **approval, change request, and merge** on a review PR/MR
141
- triggers `yad gate ci` in the hub's own CI: the ledger updates land directly on the hub's default branch
142
- — no manual `yad gate sync` needed (it stays valid as the fallback). CI never approves and never merges;
143
- the human keeps the merge click. GitLab caveat: approvals are only picked up by the ~15-min scheduled
144
- sweep (GitLab fires no pipeline on approval) — details in `skills/yad-hub-bridge/references/bridge.md`.
145
- Concurrency caveat: on GitHub the workflow's `concurrency` group serializes runs repo-wide and every
146
- sync re-reads the full platform state, so racing reviewer events lose nothing. Outside that group —
147
- a manual `yad gate sync` racing CI, or GitLab pipelines — two simultaneous syncs serialize their
148
- *commits* via the rebase retry but each works from the state it read at start, so the rarer of two
149
- simultaneous advancements can be lost; the next event or scheduled sweep re-syncs and converges.
150
-
151
- ### What `setup` walks you through (a guided, branching interview)
152
-
153
- Setup opens with a short **profile interview** — *solo or team (how many)? greenfield or brownfield?
154
- monorepo or separate repos?* — and the answers (recorded in `.sdlc/hub.json` as `solo` + `profile`)
155
- branch the rest so you only answer what your situation needs. Each step prints inline guidance (what it
156
- does / why / what to enter / what skipping means), and the step count adapts.
157
-
158
- 0. **Profile** — the three questions above, plus "configure optional tools now?". Pre-answer for
159
- CI/scripts with `--solo`/`--team <n>`, `--greenfield`/`--brownfield`, `--monorepo`/`--separate`, `--tools`.
160
- 1. **Preflight** — confirm the hub is a git repo (offers `git init`); check `git`/`node`/`npx`.
161
- 2. **Install the module** — copy all 31 `yad-*` skills into the IDE skill dirs you pick
162
- (`.claude/`, `.agents/`, `.zencoder/`, `.opencode/`) and register `_bmad/sdlc/`.
163
- 3. **Hub platform & roster** — detect GitHub/GitLab from the remote; record reviewers → `.sdlc/hub.json`.
164
- **Solo skips the roster** (you review by merging your own PR). Edit the roster any time with `yad roster`.
165
- 4. **Optional tools** — design (Figma/pencil), testing (Playwright/cypress/pytest), learning (DeepTutor).
166
- Configure now, or **defer with one prompt** → all recorded as `none` (connect later with the
167
- `yad-connect-*` skills; the MCPs/CLIs are confirmed there).
168
- 5. **Connect code repos** — register repos into `.sdlc/repos.json`. **Monorepo** connects one repo and
169
- skips domain-owner prompts; **greenfield** skips the Repomix pack (run `yad repo refresh` once it has code).
170
- 6. **Wire each repo** — CI gates, PR/MR template, and review-comment scaffold.
171
- 7. **AI review** — optionally write `.coderabbit.yaml`.
172
- 8. **Done** — stamp `.sdlc/cli-version.json` and print a **profile-tailored next step** (brownfield →
173
- `yad-backfill` first; everyone → `yad next` and your first epic via `yad-epic`).
174
-
175
- The deterministic file work runs automatically; the AI-only steps are handed to the Claude Code skills
176
- with a printed next-action. Re-run `… check --fix` any time the workflow updates — it never re-asks for
177
- input you already gave; re-running `setup` carries your profile forward.
178
-
179
- **Releases:** automated via semantic-release on merge to `main` (Conventional Commits → npm, with
180
- provenance). See [`RELEASING.md`](RELEASING.md).
181
-
182
- **Maintainers / no-CLI fallback:** the underlying copy is still a single script —
183
- `bash skills/sdlc/install.sh` — which the CLI's install step is a port of. The **source** stays in
184
- `skills/`, which a `bmad-method` update does not touch, so after any BMAD update just re-run the CLI
185
- (`… check --fix`) or the script.
186
-
187
- > **Releases are automated.** A `feat:`/`fix:` commit merged to `main` triggers
188
- > [semantic-release](https://semantic-release.gitbook.io/): it computes the version from the
189
- > [Conventional Commits](CONTRIBUTING.md), publishes to npm with build provenance (tokenless OIDC),
190
- > ships the `CHANGELOG.md` in the tarball, and cuts a GitHub release. No manual `npm publish`. See
191
- > [`RELEASING.md`](RELEASING.md).
192
-
193
- ### Troubleshooting (`yad doctor` + error codes)
194
-
195
- When something is off, run `yad doctor` first — it checks the environment (git, gh/glab auth, node
196
- version), the project state (`.sdlc/*.json` parse and point at real repos), and every epic ledger,
197
- with a fix-it hint per finding. Failures carry stable, greppable codes, also printed by any failing
198
- `yad` command:
199
-
200
- | Code | Meaning | Fix |
201
- |------|---------|-----|
202
- | `YAD-ENV-001` | git is not installed or not on PATH | install git — every yad command needs it |
203
- | `YAD-ENV-002` | platform CLI (gh/glab) missing or not authenticated | install it and authenticate — `gh auth login` (GitHub) or `glab auth login` (GitLab); the gate degrades to file-only without it |
204
- | `YAD-ENV-003` | Node.js older than the supported range | install Node >= 18 |
205
- | `YAD-STATE-001` | a ledger/config JSON file exists but does not parse | fix the file or restore from git — never delete a ledger blindly |
206
- | `YAD-STATE-002` | a ledger/config file parses but has the wrong shape | fix the file or restore from git (the message names the field) |
207
- | `YAD-STATE-003` | a registered repo path is missing or not a git repo | fix the path in `.sdlc/repos.json` or re-connect the repo |
208
- | `YAD-CFG-001` | `hub.json` names an unknown platform | expected `github`, `gitlab`, or `null` — fix it or re-run `yad setup` |
209
- | `YAD-CFG-002` | `design.json` names an unknown design tool | expected one of `config.yaml` `design.tools` (e.g. `figma`, `pencil`), or `none` — fix it or re-run `yad setup` |
210
- | `YAD-CFG-003` | `testing.json` names an unknown testing tool | expected one of `config.yaml` `testing.tools` (e.g. `playwright`, `cypress`, `pytest`), or `none` — fix it or re-run `yad setup` |
211
- | `YAD-CFG-004` | `learning.json` names an unknown learning tool | expected one of `config.yaml` `learning.tools` (e.g. `deeptutor`), or `none` — fix it or re-run `yad setup` |
212
-
213
- Filing a bug? Attach `yad doctor --json` — it contains no secrets (names, paths, and check results only).
214
-
215
- ## Agent skills (all 35)
216
-
217
- The CLI **installs and wires** the module; the skills below are the **agents you invoke by name** in your
218
- AI IDE (e.g. *“run `yad-epic`”*) to actually do the work. State lives in files you can also edit
219
- directly. Each skill stops at a gate and never auto-advances unless a step has *earned* automation.
220
-
221
- ### Setup & code-awareness
222
-
223
- - **`yad-connect-repos`** — Connects code repos to the product hub so the front/"brain" phases are
224
- code-aware. Registers N code repos (GitHub or GitLab, local-user auth, no stored tokens) into
225
- `.sdlc/repos.json`, then caches an AI-readable picture of each — a compressed Repomix pack and a
226
- lightweight code-map (existing endpoints/events/data-models/modules), secret-scanned. Idempotent and
227
- refreshable; staleness tracked by HEAD sha.
228
- - **`yad-sync-repos`** — Brings every connected repo up to date in one shot: switches each repo in
229
- `.sdlc/repos.json` to its `default_branch` and fast-forwards it from origin (local-user git, no stored
230
- tokens). A working-tree-only maintenance op — never a gate, never writes the registry. A dirty repo is
231
- skipped and reported (never overwritten); a diverged branch is left for manual resolution. Drives
232
- `yad repo sync [name]`.
233
- - **`yad-connect-design`** — Connects a design tool (Figma-first, pluggable) so the UI step can
234
- materialize the actual feature design (mobile screens / web pages) inside it, alongside the Markdown.
235
- Records the tool + project/file references in `.sdlc/design.json` (local-user / MCP-session auth, no
236
- stored tokens), detecting the design-tool MCP and degrading to markdown-only when absent. Idempotent
237
- and refreshable; one connection per project.
238
- - **`yad-connect-testing`** — Connects a testing tool (Playwright-first, pluggable) so the test-cases
239
- step can implement the actual automation tests inside it, alongside the Markdown. Records the tool +
240
- project/suite references in `.sdlc/testing.json` (local-user / MCP-session auth, no stored tokens),
241
- detecting the testing-tool MCP and degrading to artifacts-only when absent. Idempotent and
242
- refreshable; one connection per project.
243
- - **`yad-connect-learning`** — Connects a learning/tutoring tool (DeepTutor-first, pluggable) so the
244
- cross-cutting learning layer can tutor any team member in the context of what's being built. Records
245
- the tool + an optional grounded knowledge base in `.sdlc/learning.json` (local-user auth, no stored
246
- tokens), detecting the **DeepTutor CLI on PATH** (a subprocess like Repomix — DeepTutor ships no MCP)
247
- and degrading to **harness-native** tutoring when absent. Idempotent and refreshable; one connection
248
- per project.
249
- - **`yad-connect-docs`** — Connects a docs/Pages target (GitHub Pages / GitLab Pages, auto-detected from
250
- `hub.json`) so the generated documentation sites can deploy. Records the target + scope + base path in
251
- `.sdlc/docs.json` (local-user auth, no stored tokens), degrading to **build-only** when no Pages host /
252
- CLI is present. Idempotent and refreshable; one connection per project.
253
-
254
- ### Living documentation (generated, themed, auto-kept-fresh)
255
-
256
- - **`yad-docs`** — Generates an **interactive documentation site** for an epic (a React + Vite + Tailwind
257
- SPA: an animated front-stage flow canvas + role-based stakeholder doc pages) from the authored
258
- artifacts — `epic.md`, `architecture.md`, the locked `contract.md`, `ui-design.md`, the stories — into
259
- `epics/EP-<slug>/docs-site/`, themed by the **connected design system** (`DESIGN.md` / `design.json`
260
- tokens → the site's CSS). The content lives in generated `src/data/*.ts`; the shell is a vendored
261
- template. An **output enrichment, never a gate** — it never touches epic state, approvals, or the
262
- contract lock. `generate` / `refresh` / `deploy`.
263
- - **`yad-docs-overview`** — Generates the project **SDLC-overview site** (`docs/sdlc-site/`) — every
264
- stage from setup → ship as flow paths / system components / stakeholder roles, reusing the same shell —
265
- superseding the hand-maintained `docs/index.html` (folded into the site as `public/report.html`, linked
266
- from the nav).
267
- - **`yad-docs-sync`** — Keeps the sites fresh: detects staleness (a content hash of the authored
268
- artifacts + the connected repos' HEAD shas vs each site's build manifest), regenerates + redeploys, and
269
- can wire a CI job that rebuilds on push. Generalizes the rule that feature work must hand-update the
270
- docs — the overview now regenerates whenever the skill set / pipeline changes.
271
-
272
- ### The learning layer (cross-cutting — any member, any stage)
273
-
274
- - **`yad-learn`** — At **any** SDLC stage, a team member can ask to learn a concept and be tutored *in
275
- the context of what the team is building* — e.g. *"teach me why the architecture hash-locks the
276
- contract surface"*. Routes the request to the connected learning tool (`.sdlc/learning.json`,
277
- DeepTutor-first) grounded in the project knowledge base, or degrades to **harness-native** tutoring
278
- (the harness model reading the artifacts) when nothing is connected — so it always works. Renders a
279
- tutorial artifact and appends to a per-member **learning ledger** kept **local-only** (gitignored,
280
- never committed or pushed — to the hub or any code repo) so it stays a private, personal **skills log**
281
- (`yad-status` rolls up the local records). **Purely opt-in — it never blocks a gate** and
282
- never touches epic state, approvals, or the contract lock. *AI builds, the hand decides* — and now the
283
- hand can also learn, on demand, what it is deciding about.
284
-
285
- ### Front-zero — frame the whole project (once per project, optional, human-gated)
286
-
287
- - **`yad-discovery`** — *Optional* front-zero, for **greenfield and brownfield**. With the analyst
288
- and pm, run market research, a **competitor study** (both modes), a feasibility study, and — in
289
- brownfield — a code-aware current-state study, then distil a **functional + non-functional
290
- requirements** list and a **phased roadmap** (an explicit **MVP** phase, then later phases) under the
291
- reserved `EP-discovery` ("epic zero"). It is gated by the same review gate (base rule: owner + 1
292
- reviewer); on approval it terminates at `discovery-done` (no build half). Its `roadmap.md` is the menu
293
- of features — each `yad-epic` reads it for project context (reference-only; discovery never
294
- auto-seeds epics).
295
-
296
- ### Front half — author the "thinking" (once per epic, human-gated)
297
-
298
- - **`yad-analysis`** — *Optional* front state 1. With the analyst, pressure-test a feature idea
299
- and write the discovery brief into `analysis.md`. Assigns the `EP-<slug>` ID and seeds `.sdlc/` state
300
- (the 12-step chain that puts analysis before epic). If skipped, the epic step does this shaping inline.
301
- - **`yad-epic`** — The epic front state. Shape the idea with the analyst (or read `analysis.md`
302
- when it already ran), then write the epic with the pm into `epic.md`. The entry point when analysis is
303
- skipped: assigns the `EP-<slug>` ID and seeds `.sdlc/` state.
304
- - **`yad-architecture`** — Front state 3. With the architect, author `architecture.md` and the
305
- locked `contract.md` (the shared cross-repo surface), then hash-lock the contract surface into
306
- `.sdlc/contract-lock.json`. Reads `epic.md`; escalates on the contract risk tag.
307
- - **`yad-ui`** — Front state 5. With the ux-designer, author `ui-design.md` and `DESIGN.md`,
308
- driving Impeccable as harness slash-commands (document/extract/craft) when installed, or authoring
309
- directly when not. When a design tool is connected (`yad-connect-design`), also **materializes the
310
- feature design** — mobile screens / web pages — in the tool (generate or link), recording the
311
- screen→frame map in `design-links.json`; degrades to markdown-only otherwise. Reads epic + architecture.
312
- - **`yad-stories`** — Front state 7. With the pm, break the approved epic into user stories, each
313
- tagged with the repos that must implement it. Assigns zero-padded `EP-<slug>-S0N` IDs, one file per
314
- story under `stories/`. Reads epic + architecture + contract + UI.
315
- - **`yad-test-cases`** — Front state 9, a **parallel, non-blocking** track: it opens when the stories
316
- gate passes (the epic is already `ready-for-build`, so the build half runs alongside it). With the
317
- test architect (Murat), author `test-cases.md` covering the approved stories (risk-based P0–P3 cases +
318
- story→case traceability). When a testing tool is connected (`yad-connect-testing`), also **implements
319
- the automation tests** in the connected code repo(s) (generate or link), recording the case→test map in
320
- `test-links.json`; degrades to artifacts-only otherwise. Reads epic + architecture + contract + UI +
321
- stories.
322
-
323
- ### The review gate (cross-cutting — used by every review)
324
-
325
- - **`yad-review-gate`** — The reusable team review + approve gate. Shares an authored artifact, records
326
- reviewer comments and approvals as files, enforces the **owner + 1 reviewer** rule (escalating to
327
- domain owners on contract/auth/payments), and advances the epic state **only** when approval is
328
- recorded.
329
- - **`yad-hub-bridge`** — The templated PR/MR bridge for the front-half gate. When the hub has a platform
330
- (`.sdlc/hub.json`), it opens a review PR/MR per artifact, sets the required reviewers/labels, and
331
- provides the read-only `gh`/`glab` recipes that sync platform comments + approvals back into the file
332
- ledger. The file ledger stays the source of truth; degrades to a file-only gate with no platform.
333
- - **`yad-review-comments`** — Installs platform-matched PR/MR review-comment scaffolds so reviewers
334
- leave structured, attributable feedback that maps cleanly into the file ledger.
34
+ **Legend:** 🟨 **artifact** (a step writes a file and stops) · 🟧 **gate** (a human review that must
35
+ pass) · 🟦 **earns automation** (a back step that can later auto-advance once it proves itself) ·
36
+ **locked** (the engineer review and every front state permanently human).
335
37
 
336
- ### Build half — turn stories into shipped code (once per story, per repo)
38
+ ## Quickstart
337
39
 
338
- - **`yad-spec`** Step A. For one ready-for-build story and one of its repos, run the Spec Kit ceremony
339
- once (specify → clarify → plan → analyze → checklist → tasks) → `specs/<story-id>/`. Drives `/speckit.*`
340
- when installed; references the locked contract — never re-invents the surface.
341
- - **`yad-implement`** — Step B. With the dev lens, implement **one** atomic task as a small diff
342
- (≤3 files) on its own branch. The diff stays inside the files the task declared (flag and STOP if it
343
- would grow). Commit ends with the task ID; `Contract-Change: yes` only if it touches the locked
344
- contract surface.
345
- - **`yad-checks`** — Step C, the production-safety gates. Wire and run the CI gates: **spec-link**
346
- (every change links a real story/spec), **contract-check** (a contract-surface diff without a
347
- re-locked contract FAILS), **build/test/lint**, **verified-commits** (signed + roster-known authors),
348
- and the **pattern gates** — **commit-message** (Conventional subject + trailer order), **pr-title**,
349
- and **pr-template** (the PR/MR body uses the template). Profile-aware (`code`|`hub`), so they run on
350
- both code repos and the product hub. CI-agnostic bash for GitHub Actions and GitLab CI.
351
- - **`yad-pr-template`** — Step D. Detect the repo's platform and commit the matching PR/MR template with
352
- an Impact & Risk block; high risk (or a contract/auth/payments surface) routes the review to domain
353
- owners. Includes `risk-route.sh` plus the `pr-title.sh` / `pr-template.sh` gate scripts.
354
- - **`yad-commit`** — build helper. Commit ONE staged atomic change by the conventions (Conventional
355
- subject, `Task → Contract-Change → Co-Authored-By` trailers, the `--ai` co-author footer, the ≤3-file
356
- atomic guard). Drives `yad commit`.
357
- - **`yad-open-pr`** — build helper. Open a code-repo task PR/MR from the committed template: push the
358
- branch, prefill the body, auto-assign the repo-scoped roster. Drives `yad open-pr`.
359
- - **`yad-ship`** — build helper. Commit **and** open the task PR/MR in one step (`yad commit` then
360
- `yad open-pr`; the PR step runs only if the commit lands). Drives `yad ship`.
361
- - **`yad-engineer-review`** — Step E. AI review (CodeRabbit, advisory) → engineer review (the human gate,
362
- owner + 1 reviewer with the same escalation) → on merge, record the ship in the epic build-log and
363
- update the story state so the epic → story → task → PR chain stays traceable.
364
- - **`yad-backfill`** — Step G. Generate specs for already-built features in an existing repo so new work
365
- doesn't break them: pack one feature at a time with Repomix, write a DRAFT spec, require human approval
366
- before it counts. A change is blocked only until the features it touches have approved specs.
40
+ From your **product hub** repo (an empty git repo is fine):
367
41
 
368
- ### Automation & status
369
-
370
- - **`yad-run`** — The Phase 4 orchestrator. Drives a story's back-half loop (spec → tasks → implement →
371
- checks) on each step's automation dial, recording every run in the trust log. A clean `checks` pass
372
- auto-advances to engineer-review; any failure, scope overrun, or contract-surface touch HALTS for a
373
- human. Also sets a step's dial (gated by trust evidence) and flips the system-wide kill switch.
374
- - **`yad-status`** — Read-only view of an epic: the current step, each step's dials (assistance/
375
- automation) and status, which approvals are still required, per-story back-half trust records, the
376
- kill-switch state, and a fleet roll-up across epics.
377
-
378
- ### Post-lock change management — feature threads (Phase 6)
379
-
380
- After the contract locks and code ships, a change must **not** mutate a locked artifact — it becomes a
381
- **new epic threaded to its parent**. A feature is a *thread* of linked epics (genesis → change → defect →
382
- …); a change-epic **inherits** the front artifacts it does not change (by reference) and **re-authors**
383
- only what it does. So artifacts never go stale — they are *superseded*; the feature's current truth is the
384
- head of the thread. This is what keeps the SDLC a trusted source of truth for AI on the next change.
385
-
386
- - **`yad-change`** — the intake + triage. Classifies the change *depth* (defect-fix /
387
- behavioral-no-surface / contract-surface / new-capability), seeds a new `EP-<slug>` threaded to its
388
- parent (lineage frontmatter, an inherited-step `state.json`, a pointer-lock `contract-lock.json`,
389
- `change.json`), and for hotfixes opens `reconcile-debt.json`. Never auto-advances — hands off to the
390
- normal authoring skills + the review gate.
391
- - **`yad-timeline`** — render the thread as an evolution view (yad-docs shell + `TIMELINE.md`) and emit
392
- `thread-resolved.md`, the composed **current-truth map** (which epic owns each artifact now).
393
- - **`yad-defects`** — a per-epic/per-thread quality-gap report aggregating defects by **`escape_stage`**
394
- (the gate that should have caught it) + `root_cause` — *where the SDLC leaks*, so the team hardens the
395
- originating stage.
396
- - **`yad-reconcile`** — a read-only drift/orphan/debt sweep across threads (mirrors `yad-docs-sync`; never
397
- a gate). The hard block is the CI gates.
398
-
399
- Three CI gates (in `yad-checks`) enforce it: **lineage-check** (a change links a real threaded epic),
400
- **epic-open** (a *sealed* epic — all stories shipped — refuses new behaviour, forcing a change-epic so the
401
- front artifacts can never go stale), and **reconcile-debt** (a thread with open hotfix debt is frozen
402
- until paid). Two read-only CLIs surface it: `yad thread <epic>` (the thread + resolved truth + open debt)
403
- and `yad reconcile` (the drift sweep).
404
-
405
- ## The two dials (per step, build plan §2)
406
-
407
- - **assistance:** `none` | `review` | `heavy` — how much AI helps.
408
- - **automation:** `human_approve` | `machine_advance` — who advances the step.
409
-
410
- Defaults: every step starts `human_approve`. The four **front** authoring steps (epic, architecture,
411
- UI, stories) and their reviews are **locked** — they may not be set to `machine_advance` in this
412
- version. A front state advances only on a **human act** — recording an approval and `advance`, or
413
- merging the approved, fully-resolved review PR — never on a machine.
414
-
415
- As of **Phase 4a** the `automation` dial is no longer inert: the orchestrator `yad-run` reads it and,
416
- for the safe **back** steps, advances on its own when a step is set to `machine_advance` (and has
417
- *earned* it — see "Run the back half on the dial" below). The engineer review and all five front
418
- states stay `human_approve` forever.
419
-
420
- ## Using the workflow end to end (all the steps, in order)
421
-
422
- This is the full path from nothing to shipped code. Each numbered step names the skill to invoke; the
423
- detailed sections below expand every phase. Invoke a skill by name in your agent/IDE (e.g. *“run
424
- `yad-epic`”*); state lives in files you can also edit directly.
425
-
426
- ### 0 — One-time setup
427
-
428
- > **Shortcut:** `npx yadflow setup` runs the guided wizard interactively — module install, hub
429
- > detect + roster, connect a design/testing/learning tool (each optional), connect repos, wire each
430
- > repo. Run `… check --fix` any time afterwards to reconcile. The manual steps below are the
431
- > long-hand equivalent and still work.
432
-
433
- 1. **Install the module:** `bash skills/sdlc/install.sh` (re-run after any BMAD update).
434
- 2. **Have your code repo(s).** They are **separate git repos** (one `.git` each). For the demo they
435
- live under `demo-repos/<repo>/` — regenerate from `demo-repos/README.md`.
436
- 3. **Optional tools** (the workflow degrades gracefully and records it if any are absent): **Spec Kit**
437
- (`/speckit.*`), **Impeccable** (`/impeccable …`), **Repomix** (`npx repomix`, used by
438
- `yad-connect-repos` and `yad-backfill`), **CodeRabbit** (advisory AI review), **DeepTutor**
439
- (`deeptutor`, the learning layer's tutor — degrades to harness-native, used by `yad-connect-learning`
440
- and `yad-learn`).
441
- 4. **Wire each code repo once:** `yad-checks repo:<repo> action: wire` (installs the CI gates —
442
- *merges* with any existing CI, never clobbers), `yad-pr-template repo:<repo> action: wire` (PR/MR
443
- template + risk routing), `yad-review-comments repo:<repo> action: wire` (review-comment scaffold).
444
- 5. **Connect each code repo to the hub** (so the front phases see what's already built):
445
- `yad-connect-repos action: connect repo:<repo> path:<path-or-git_url> domain_owner:<who>`. It
446
- registers the repo in `.sdlc/repos.json` and caches a Repomix pack + a lightweight **code-map**
447
- (existing endpoints/events/data-models/modules, secret-scanned). Clones/fetches as the **local user**
448
- (SSH or credential helper; GitHub or GitLab; no stored tokens). Re-run for any new repo. Freshness is a
449
- **human decision**: `yad repo list` shows fresh/stale, `yad repo refresh [name]` re-packs a moved repo
450
- (skills flag staleness and point here — they never silently re-pack). Greenfield → skip it.
451
- 6. **(Optional) Connect tools** so the matching steps do real work (each degrades gracefully and is
452
- recorded if absent): `yad-connect-design action: connect` (Figma-first → `design.json`, lets
453
- `yad-ui` materialize screens), `yad-connect-testing action: connect` (Playwright-first →
454
- `testing.json`, lets `yad-test-cases` implement automation), `yad-connect-learning action: connect`
455
- (DeepTutor-first → `learning.json`, powers the cross-cutting learning layer).
456
- 7. **(Optional) Put the hub on a platform** so the front-half review runs through real PRs:
457
- `yad-connect-repos action: detect-hub`, then `yad roster add <login>` once per reviewer (login →
458
- SDLC name + per-repo roles — the `add` walk asks for each connected repo's role; `yad roster grant`
459
- sets one directly), and `yad-pr-template repo:hub action: wire` / `yad-review-comments repo:hub
460
- action: wire` / `yad-checks repo:hub action: wire`. With no hub platform the front gate runs file-only.
461
- 8. **Conventions:** commits and PR/MR titles follow Conventional Commits (lowercase after the type), the
462
- human author owns each commit with an optional per-commit `Co-Authored-By` AI trailer — see
463
- [`CONTRIBUTING.md`](CONTRIBUTING.md).
464
-
465
- ### A — Front half (human-authored, once per epic)
466
- Each author step writes its artifact, sets itself `done`, moves `currentStep` to its review, and
467
- **stops at the gate**. Run every gate with **`yad-review-gate`** — or, when the hub is on a platform,
468
- drive it deterministically with the **`yad gate`** CLI (`open → sync → … → merge`): the review rides
469
- the per-step PR/MR and the step **auto-advances on merge** once approvals are satisfied and all comment
470
- threads are resolved. Details: **“Run the full front half by hand”** below.
471
-
472
- 0. *(optional, once per project)* `yad-discovery` → the discovery set (`market-research.md`,
473
- `competitor-analysis.md`, `current-state.md`, `feasibility.md`, `requirements.md`, `roadmap.md`)
474
- under the reserved `EP-discovery` → review (base rule) → `currentStep: discovery-done`. The whole
475
- set is required to review; its `roadmap.md` then frames each epic below (read once it is approved).
476
- 6. `yad-epic` → `epic.md` (assigns `EP-<slug>`, seeds state) → review (base rule).
477
- 7. `yad-architecture` → `architecture.md` + locked `contract.md` → review (**escalated**: contract).
478
- 8. `yad-ui` → `ui-design.md` + `DESIGN.md` → review (base rule).
479
- 9. `yad-stories` → repo-tagged `stories/EP-<slug>-S0N.md` → review (**per-repo**).
480
- → `state.json` reaches `currentStep: ready-for-build` — **the build half can start now.**
481
- 10. `yad-test-cases` → `test-cases.md` (+ automation tests when a testing tool is connected) → review (base rule).
482
- **Parallel, non-blocking:** opens when the stories gate passes and runs alongside the build half; its
483
- review never moves `currentStep` off `ready-for-build`.
484
-
485
- ### B — Build half (per story, per repo)
486
- From a `ready-for-build` story, for **each** repo the story is tagged with. Details: **“Run the full
487
- build half by hand”** below.
488
-
489
- 10. `yad-spec story:<id> repo:<repo>` → writes `specs/<story-id>/` (spec/plan/tasks + `link.md`).
490
- 11. `yad-implement story:<id> repo:<repo> task:<T0N>` → one atomic task = one branch = one commit
491
- (repeat per task). Commit by convention with **`yad commit --type <t> -m <subject> [--ai <tool>]`**
492
- (Task/Contract-Change/Co-Authored-By trailers, atomic-file guard).
493
- 12. `yad-checks repo:<repo> action: run` → spec-link, contract-check, build/test/lint, verified-commits
494
- (platform-Verified signature + roster-allowlisted author), and commit-message must pass. (The
495
- `pr-title` / `pr-template` gates need the PR title + body, so they run in CI once the PR exists —
496
- step 13.)
497
- 13. Open the PR/MR from the wired template with **`yad open-pr --repo <repo> [--risk <level>]`** (or do
498
- 12+13 in one step with **`yad ship --type <t> -m <subject> --repo <repo>`**). The PR's CI now also
499
- runs the `pr-title` and `pr-template` gates; `yad-pr-template repo:<repo> action: route` prints the
500
- required reviewers from the Impact & Risk block.
501
- 14. `yad-engineer-review` → `ai-review` (advisory) → `approve` (the human engineer gate) → `ship` (merge,
502
- record in `build-log.json`, update story status to `in-build`/`shipped`).
503
- - **Multi-repo:** repeat 10–14 in each repo, all from the **one** locked contract.
504
- - **Existing code:** `yad-backfill` first, to produce a human-verified spec for a built feature.
505
-
506
- ### C — Automation (optional, earned over time)
507
- 15. After a back step accumulates trust evidence, earn it:
508
- `yad-run action: set-dial step:<step> to: machine_advance` (refused if evidence is short or for a
509
- front state / the engineer review).
510
- 16. Drive a story's back half on the dials: `yad-run story:<id> repo:<repo>` — it auto-advances
511
- earned steps and stops for a human otherwise, always halting at the engineer review.
512
- 17. **Kill switch any time:** `yad-run action: kill` (everything → manual) / `action: unkill`.
513
- Details: **“Run the back half on the dial”** below.
514
-
515
- ### Any time
516
- - **`yad-status [EP-<slug>]`** — read-only: the front chain, each build step's dial + status, the
517
- trust record, and (across epics) the fleet roll-up. Start here to see what's blocking.
518
-
519
- ## Run the full front half by hand
520
-
521
- Optionally preceded once per project by the **front-zero** — **`yad-discovery` → review →
522
- `discovery-done`** — which frames the whole product (market, competitor, feasibility, requirements,
523
- roadmap) under the reserved `EP-discovery`; its approved `roadmap.md` then feeds each epic. The front
524
- half itself walks **epic → review → architecture+contract → review → UI design → review → stories
525
- → review → `ready-for-build`**, then **test cases → review** runs as a **parallel, non-blocking track**
526
- alongside the build half. It is all files under `epics/EP-<slug>/`. The skills below guide you, but you
527
- can also edit the files directly — that's the point.
528
-
529
- Each authoring step is the same shape: an author skill produces an artifact, sets its step `done`,
530
- moves `currentStep` to the matching review, and **stops at the gate**. Then **`yad-review-gate`**
531
- (one gate, reused for all five reviews) takes `open → comment → approve → advance`. When the hub is on a
532
- platform, the **`yad gate`** CLI runs that gate over a real PR/MR — `open` raises the review PR, `sync`
533
- pulls approvals + comment threads into the ledger, and the step **auto-advances when the approved,
534
- fully-resolved PR is merged** (the merge is the human approval act).
535
-
536
- **Code-aware (when repos are connected).** If you ran `yad-connect-repos` in setup, each author step
537
- first loads the connected repos' **code-maps** (from `.sdlc/code-context/<repo>/`) so it considers what
538
- already exists: the epic references existing behaviour, **the architecture cross-checks the contract
539
- surface against existing endpoints/events/entities before hash-locking it**, the UI reuses existing
540
- components, and stories anchor to real modules. Each artifact stamps what it read in its `code-context:`
541
- frontmatter; a repo that has moved since connect triggers a staleness warning — the step **flags it and
542
- stops**, pointing you at `yad repo refresh <repo>` (refreshing is a human decision, never an automatic
543
- side-effect). With no repos connected the steps proceed exactly as before (greenfield-safe).
544
-
545
- ### Author steps
546
- 1. **`yad-epic`** (state 1) → `epic.md`; assigns the stable `EP-<slug>` ID; seeds
547
- `.sdlc/state.json` (all `human_approve`, front steps locked) + empty `.sdlc/approvals.json`.
548
- 2. **`yad-architecture`** (state 3) → `architecture.md` + the locked `contract.md`; writes the
549
- contract-surface SHA-256 to `.sdlc/contract-lock.json`.
550
- 3. **`yad-ui`** (state 5) → `ui-design.md` + `DESIGN.md` (drives Impeccable
551
- `document|extract|craft` slash-commands when installed; otherwise authors directly).
552
- 4. **`yad-stories`** (state 7) → one file per story `stories/EP-<slug>-S0N.md`, each tagged
553
- with the `repos` it implements.
554
-
555
- ### The one gate (every review)
556
-
557
- Every review is the same loop — author writes, reviewers comment (which never advances), approvals
558
- accumulate, and the step moves forward only when the rule is met. **File-only** ends in an explicit
559
- `advance`; **PR-driven** (hub on a platform) ends when the approved, fully-resolved review PR is
560
- **merged**:
561
-
562
- <!-- Source: docs/diagrams/review-loop.mmd — edit the .mmd and run `npm run diagrams` to regenerate -->
563
- ![Review gate loop — author, open, comment, approve, advance](https://raw.githubusercontent.com/abdelrahmannasr/yadflow/main/docs/diagrams/review-loop.svg)
564
-
565
- **File-only** — invoke **`yad-review-gate`** with `open` (present the artifact; reviewers comment in
566
- `reviews/<artifact>--<date>--comments.md`), `approve` (name + role → `.sdlc/approvals.json`), and
567
- `advance` (moves **only if** the rule is satisfied, else it names the missing approval).
568
-
569
- **PR-driven** — when the hub is on a platform, the **`yad gate`** CLI runs the same gate over a PR/MR:
570
- - `yad gate open <epic> <artifact>` — raise the review PR/MR; mark the step `in_review`.
571
- - `yad gate sync <epic> [artifact]` — pull approvals + comment threads into the **same** ledger (your
572
- own `gh`/`glab`, no stored tokens) and **auto-advance on merge** once the rule is met and every thread
573
- is resolved. Approvals are **revoked when the reviewed artifact changes** (re-hash), so reviewers get
574
- a fresh pass. Unresolved comments hold the step `in_review`.
575
- - `yad gate comments <epic>` fetches the open threads to address; `yad gate status <epic>` shows
576
- approvals (counting only the non-stale ones). The file ledger stays the source of truth; with no
577
- platform / no CLI it degrades to file-only.
578
-
579
- **The gate rule, by review:**
580
- - **Base** (epic, UI): `owner + 1 reviewer`.
581
- - **Escalated** (architecture+contract — `risk_tags: ["contract"]`): base **plus a domain owner for
582
- every repo in `epic.repos`**. The contract-surface hash must still match `.sdlc/contract-lock.json`
583
- (a changed surface invalidates approvals).
584
- - **Per-repo** (stories): base **plus a domain owner (the repo's engineer) for every repo that appears
585
- in any story's `repos`**.
586
-
587
- ### Check status anytime
588
- Invoke **`yad-status`** (read-only) to see the full 10-step chain, every step's dials/status, the
589
- contract lock, story repo tags, and which approvals the active gate still needs.
590
-
591
- ## Worked example (already in this repo)
592
-
593
- `epics/EP-istifta-inquiries/` shows the **whole front half** walked end to end:
594
- - `epic.md` authored + approved (epic gate, base rule) — 2026-06-04.
595
- - `architecture.md` + `contract.md` authored; contract surface hash-locked in
596
- `.sdlc/contract-lock.json`. Architecture gate **escalated** (contract): owner *alice* + reviewer
597
- *bob* + domain owners *carol* (backend) and *dave* (mobile).
598
- - `ui-design.md` + `DESIGN.md` authored (Impeccable not installed → graceful fallback). UI gate base
599
- rule (alice + bob).
600
- - Five repo-tagged stories `stories/EP-istifta-inquiries-S01..S05.md`. Stories gate **per-repo**: base
601
- rule + a domain owner for each touched repo (carol/backend, dave/mobile).
602
- - `state.json` now reads `currentStep: ready-for-build`, every front step `done` — the Phase 3
603
- handoff point.
604
-
605
- Inspect it:
606
42
  ```bash
607
- cat epics/EP-istifta-inquiries/.sdlc/state.json
608
- cat epics/EP-istifta-inquiries/.sdlc/approvals.json
609
- cat epics/EP-istifta-inquiries/.sdlc/contract-lock.json
610
- ls epics/EP-istifta-inquiries/reviews/
611
- ls epics/EP-istifta-inquiries/stories/
612
- # re-verify the contract surface still matches its lock:
613
- awk '/CONTRACT-SURFACE:BEGIN/{f=1;next} /CONTRACT-SURFACE:END/{f=0} f' \
614
- epics/EP-istifta-inquiries/contract.md | shasum -a 256
43
+ npx yadflow setup # 1. guided wizard: install skills, connect repos, wire CI gates
615
44
  ```
616
45
 
617
- ## Run the full build half by hand (Phase 3)
46
+ Then, in your AI IDE, drive the lifecycle by invoking skills by name:
618
47
 
619
- From a `ready-for-build` story, the **build half** turns one atomic task into shipped code through
620
- gates that protect production. Per-repo specs live in each code repo; the contract stays singular in
621
- the product repo. Code repos are **separate git repos** under `demo-repos/<repo>/` (gitignored;
622
- `demo-repos/README.md` explains regeneration). **Nothing auto-advances** — every gate is human-owned.
623
-
624
- 1. **Spec** — `yad-spec` runs the heavy Spec Kit ceremony **once per story per repo**
625
- (`specify`→`clarify`→`plan`→`analyze`→`checklist`→`tasks`), writing `specs/<story-id>/` and a
626
- `link.md` back to the story (drives `/speckit.*` when installed, else degrades). It **quotes** the
627
- locked contract; it never widens it.
628
- 2. **Implement** — `yad-implement` (the `dev` step): one atomic task = one branch
629
- (`feat/<story>-<task>-…`) = one PR. The diff stays inside the files the task declared. Commit with
630
- **`yad commit`** — it builds the conventional subject, derives the `Task:` trailer from the branch
631
- (add `--contract-change` only if the locked surface is touched), appends an optional `--ai` co-author,
632
- and refuses a non-atomic stage. Open the PR with **`yad open-pr --repo <repo>`** (template prefilled),
633
- or do both in one step with **`yad ship`** (commit then open-pr).
634
- 3. **Check gates** — `yad-checks` wires the CI gates (GitHub + GitLab) that must pass before merge:
635
- **spec-link** (links a real story/spec), **contract-check** (a contract-surface change without
636
- `Contract-Change` + a re-locked contract FAILS, routing back to the architecture gate),
637
- **build/test/lint**, **verified-commits**, and the **pattern gates** **commit-message** / **pr-title**
638
- / **pr-template** (profile-aware `code`|`hub`, so they also run on the product hub). They fail closed
639
- on a bad base ref.
640
- 4. **PR/MR template + risk routing** — `yad-pr-template` drops the platform-matched template with an
641
- Impact & Risk block; `high` risk (or a contract/auth/payments surface) routes the review to domain
642
- owners (`risk-route.sh`), the same escalation as the gate.
643
- 5. **AI review → engineer review → merge** — `yad-engineer-review`: CodeRabbit is an advisory first pass
644
- (never the authority); a human engineer approves (owner + 1 reviewer, escalating to domain owners); on
645
- merge the ship is recorded in `.sdlc/build-log.json` and the story state becomes `in-build` →
646
- `shipped`. The epic → story → task → PR → mergeCommit chain is traceable both ways.
48
+ ```text
49
+ run yad-epic # 2. author + gate the "thinking": epic architecture UI stories
50
+ run yad-spec … # 3. build half: spec implement checks ship (per story, per repo)
51
+ ```
647
52
 
648
- **Multi-repo:** a story tagged `repos: [backend, mobile]` runs the above in each repo independently from
649
- the **one** locked contract; the contract-check blocks a surface bypass in either repo.
53
+ Every step stops at a gate until a human approves. New here? **Walk it lesson-by-lesson in the
54
+ [guided tutorial](https://abdelrahmannasr.github.io/yadflow/tutorial/)**, or read the
55
+ [team guide](TEAM-GUIDE.md).
650
56
 
651
- **Backfill existing code:** `yad-backfill` packs one feature with **Repomix** (`npx repomix`, secret-scan
652
- by default), drafts an *unverified* spec ("describe what exists, do not invent"), a human approves it,
653
- and `backfill-check.sh` blocks a change to that feature until its spec is approved — gated per touched
654
- feature, never the whole repo.
57
+ ## How it works (in five points)
655
58
 
656
- The build half is walked end to end on the worked epic: story **S01** shipped (`status: shipped`,
657
- three tasks in `build-log.json`), **S03** built across backend + mobile, and a `health` feature
658
- backfilled. The code repos are regenerable from `demo-repos/README.md`.
59
+ - **Front half = decide.** Once per epic, in the product hub: epic, architecture + a locked contract,
60
+ UI, stories, test cases. Always human-gated nothing auto-advances.
61
+ - **Build half = build.** Once per story per code repo: spec implement → checks → ship.
62
+ - **Every step stops at a gate.** A human moves it forward (file-only, or by merging a review PR/MR).
63
+ - **Automation is opt-in and earned.** A safe back-half step can earn auto-advance after it proves
64
+ itself — and a one-command kill switch reverts everything to manual. The engineer review and all
65
+ front states are never automatable.
66
+ - **Everything is files.** State, approvals, the contract lock, the build log — all plain files under
67
+ `epics/EP-<slug>/`. No database. The audit trail *is* the repo.
659
68
 
660
- ## Run the back half on the dial (Phase 4 — automation, earned)
69
+ ## Who it's for
661
70
 
662
- Phase 4 is **automation, earned with evidence and reversible in one move**. Phase 4a made the
663
- `automation` dial real and earned the safest step (the check-gate advance); Phase 4b added the
664
- `implement check` hand-off and the `spec`/`tasks` trust hooks. The engine is `yad-run`; the
665
- evidence lives in two new files per epic under `.sdlc/`: `build-state/<story-id>.json` (the back steps
666
- with their dials, per repo) and `trust-log.json` (every run's verdict). See
667
- `docs/phase-4-build-plan.md` and `docs/phase-4b-build-plan.md`.
71
+ Tech leads and engineering managers who want their team to move fast with AI **without** giving up
72
+ review, architectural control, or an audit trail the governance layer around AI-assisted
73
+ development, not another code generator.
668
74
 
669
- - **Drive a story's back half:** `yad-run {story} {repo}` walks `spec → tasks → implement → checks`,
670
- reading each step's dial. On `machine_advance` it advances on its own; on `human_approve` it stops
671
- for a human; on any FAIL, scope overrun, or contract-surface touch it **halts and pulls in a human**.
672
- It always stops at the engineer review (`yad-engineer-review`), which is never automated.
673
- - **Read the trust log:** `yad-status {epic}` shows each back step's dial, status, and trust record —
674
- runs, % `approved-unchanged`, and whether that clears the threshold (`automation.trust_threshold` in
675
- `config.yaml`, default ≥5 runs and ≥80% unchanged). The engineer review records each run's verdict
676
- (a diff merged as-authored is `approved-unchanged`; one edited first is `approved-with-edits`; a
677
- failed one is `rejected`).
678
- - **Earn automation for a step:** once a step's trust record clears the threshold,
679
- `yad-run action: set-dial step: checks to: machine_advance` flips it. The setter **refuses** if the
680
- evidence is short, or for any front state / the engineer review. Reverting
681
- (`to: human_approve`) is always allowed — automation is reversible in one move.
682
- - **Kill switch:** `yad-run action: kill` forces every step back to `human_approve` system-wide
683
- instantly (no code change, no per-step edits); `yad-run action: unkill` restores earned automation.
75
+ ## Documentation
684
76
 
685
- **Earned so far:** `checks` (Step B, Phase 4a) and `implement` (Step D, Phase 4b the
686
- `implement check` hand-off; the scope/contract halts and the engineer review still gate the merge).
687
- `tasks` (Step C) and `spec` have their dials + trust hooks but stay `human_approve` until their own
688
- runs clear the threshold there is no historical signal to seed them from, so they are earned only on
689
- genuine runs (never fabricated). See `docs/phase-4b-build-plan.md`.
77
+ - **[Guided tutorial](https://abdelrahmannasr.github.io/yadflow/tutorial/)** learn by doing, setup first shipped feature.
78
+ - **[Terminology & workflow report](https://abdelrahmannasr.github.io/yadflow/)** every term, artifact, gate, and skill on one illustrated page.
79
+ - **[TEAM-GUIDE.md](TEAM-GUIDE.md)** the short, plain-language version for a developer team.
80
+ - **[docs/CLI.md](docs/CLI.md)**the full `yad` command reference, the PR-driven gate, and `yad doctor` codes.
81
+ - **[docs/SKILLS.md](docs/SKILLS.md)** the catalogue of all 35 agent skills.
82
+ - **[docs/WALKTHROUGH.md](docs/WALKTHROUGH.md)** — the by-hand, end-to-end path through every phase.
83
+ - **[CONTRIBUTING.md](CONTRIBUTING.md)** · **[RESEARCH-NOTES.md](RESEARCH-NOTES.md)** · **[RELEASING.md](RELEASING.md)**
690
84
 
691
- ## What's intentionally NOT built yet
85
+ ---
692
86
 
693
- **Phase 4b Step C** (the remaining automation): `tasks` generation advance gated until real
694
- `tasks`/`spec` trust evidence accrues. The hook that records that evidence is built; the dial flips
695
- only once the threshold is genuinely met. The scope guard and contract-surface halt always override
696
- the dial, and **front states and the engineer review stay `human_approve`, permanently.**
87
+ **Platform support.** Linux and macOS are first-class (CI runs the test suite, bash gates, and the
88
+ end-to-end harness on both). On **Windows use [WSL](https://learn.microsoft.com/windows/wsl/)** native
89
+ PowerShell is not yet supported. Requires **Node.js 18**.
697
90
 
698
- **Phase 5 (conditional):** the optional service layer (watch repos, run earned-automation steps
699
- unattended, read-only dashboards), built only when the CLI genuinely can't keep up, with git remaining
700
- the source of truth. It is **trigger-gated** — `docs/phase-5-build-plan.md` is the build plan: its
701
- three parts (read-index, unattended runner, dashboard) each ship only when *their* bottleneck is
702
- measured, with the hard rules they inherit and the instrumentation (already shipped in `yad-status`)
703
- that makes the decision data-driven. See also `docs/claude-code-build-plan.md` §8.
91
+ **Releases** are automated via [semantic-release](https://semantic-release.gitbook.io/) on merge to
92
+ `main` (Conventional Commits npm, with provenance). See [RELEASING.md](RELEASING.md).
package/cli/docs.mjs CHANGED
@@ -121,6 +121,7 @@ export function docsStale(manifest, { artifactHash, repoHeads = {}, templateVers
121
121
  const BUILD_PUBLIC = [
122
122
  'mkdir -p public',
123
123
  'if [ -d docs/sdlc-site ]; then (cd docs/sdlc-site && npm ci && npm run build) && mkdir -p public/app && cp -r docs/sdlc-site/dist/. public/app/ && cp docs/sdlc-site/public/report.html public/index.html && cp docs/sdlc-site/public/report.html public/report.html; fi',
124
+ 'if [ -d docs/tutorial-site ]; then (cd docs/tutorial-site && npm ci && npm run build) && mkdir -p public/tutorial && cp -r docs/tutorial-site/dist/. public/tutorial/; fi',
124
125
  'for d in epics/*/docs-site; do [ -d "$d" ] || continue; id=$(basename "$(dirname "$d")"); (cd "$d" && npm ci && npm run build) && mkdir -p "public/epics/$id" && cp -r "$d/dist/." "public/epics/$id/"; done',
125
126
  ];
126
127
  export function pagesWorkflow(platform) {
@@ -160,19 +161,19 @@ jobs:
160
161
  name: github-pages
161
162
  url: \${{ steps.deployment.outputs.page_url }}
162
163
  steps:
163
- - uses: actions/checkout@v4
164
- - uses: actions/setup-node@v4
164
+ - uses: actions/checkout@v7
165
+ - uses: actions/setup-node@v6
165
166
  with:
166
167
  node-version: 20
167
168
  - name: Build the overview + per-epic sites into ./public
168
169
  run: |
169
170
  ${BUILD_PUBLIC.map((l) => ` ${l}`).join('\n')}
170
- - uses: actions/configure-pages@v5
171
- - uses: actions/upload-pages-artifact@v3
171
+ - uses: actions/configure-pages@v6
172
+ - uses: actions/upload-pages-artifact@v5
172
173
  with:
173
174
  path: public
174
175
  - id: deployment
175
- uses: actions/deploy-pages@v4
176
+ uses: actions/deploy-pages@v5
176
177
  `;
177
178
  }
178
179
  export function pagesWorkflowPath(platform) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "yadflow",
3
- "version": "2.18.0",
3
+ "version": "2.18.1",
4
4
  "description": "Yadflow — the gated, team, multi-repo SDLC: author → review → build with a PR-driven review gate and a zero-dependency `yad` CLI (setup, gate, commit, open-pr, ship, repo, thread, reconcile). A BMAD module + 35 yad-* skills.",
5
5
  "type": "module",
6
6
  "author": "AbdelRahman Nasr",
@@ -56,7 +56,7 @@ git work tree). Generate and commit on it.
56
56
  Map the pipeline onto the same data structures `yad-docs` uses (concrete mapping in
57
57
  `references/pipeline-model.md`):
58
58
 
59
- - **Flow paths** = the **phases** — `Setup`, `Front half`, `Build half`, `Automation`.
59
+ - **Flow paths** = the **phases** — `Setup`, `Front-zero` (discovery), `Front half`, `Build half`, `Automation`, `Change management` (feature threads).
60
60
  - **Flow steps** = the **skills/gates in order** (from `module-help.csv` `preceded-by`/`followed-by`),
61
61
  each step's `messages` = the skill's `outputs`, and `sideEffects` = the `.sdlc/` files it writes.
62
62
  - **System components** = the **durable state objects** — the product hub, each `.sdlc/*.json`
@@ -10,7 +10,7 @@ ordering source of truth is `skills/sdlc/module-help.csv` (`phase`, `preceded-by
10
10
 
11
11
  | Shell primitive | Overview meaning |
12
12
  |-----------------|------------------|
13
- | `FlowPath` (`paths.ts`) | a **phase**: Setup, Front half, Build half, Automation. |
13
+ | `FlowPath` (`paths.ts`) | a **phase**: Setup, Front-zero (discovery), Front half, Build half, Automation, Change management (feature threads). |
14
14
  | `FlowStep` (within a path) | a **skill or gate** in order; `messages` = its `outputs`; `sideEffects` = the `.sdlc/` files it writes; `status`/`bookingStatus` annotate gated vs. enrichment vs. earned. |
15
15
  | `SystemComponent` (`components.ts`) | a **durable state object** (the hub, each `.sdlc/*.json`, code repos, the design/testing/learning tools, the platform). |
16
16
  | `RoleConfig` (`roles.ts`) | a **lens** → its relevant sections + paths. |
@@ -66,7 +66,7 @@ Per-story, per-repo: `spec → tasks → implement → checks → engineer-revie
66
66
  |--------------|------------------------|
67
67
  | `yad-spec` | `specs/<story-id>/` (Spec Kit layout), `link.md` |
68
68
  | `yad-implement` | a branch + commit per atomic task |
69
- | `yad-checks` | `checks/*.sh`, CI workflows |
69
+ | `yad-checks` | `checks/*.sh`, CI workflows — the gate set: `spec-link · contract-check · build-test-lint · verified-commits · commit-message · pr-title · pr-template · lineage-check · epic-open · reconcile-debt` |
70
70
  | `yad-pr-template` | PR/MR template + routing helpers |
71
71
  | `yad-commit` / `yad-open-pr` / `yad-ship` | one commit / one PR/MR |
72
72
  | `yad-engineer-review` | engineer review + ship recorded in `build-log.json` |
@@ -83,11 +83,30 @@ node classes from the diagram.
83
83
  | `yad-status` | read-only view (no writes) |
84
84
  | `yad-docs` / `yad-docs-overview` / `yad-docs-sync` | the docs sites + their `docs-build.json` manifests |
85
85
 
86
+ ### Path: Change management — feature threads (`phase: 6-change`)
87
+ The post-lock evolution layer. Once an epic is **sealed** (all stories shipped), behaviour can no longer
88
+ be mutated in place — a change request becomes a **new epic threaded to its parent** (genesis → change →
89
+ defect), inheriting unchanged front artifacts **by reference** and re-authoring only what changes, so
90
+ locked artifacts are never mutated and never go stale, only superseded. Three CI gates enforce the thread
91
+ (`lineage-check`, `epic-open`, `reconcile-debt`). This path never gates the front chain; `yad-change` is
92
+ the intake, then it hands off to the normal authoring skills + the review gate.
93
+
94
+ | Step (skill) | Outputs / sideEffects |
95
+ |--------------|------------------------|
96
+ | `yad-change` | intake + triage depth (defect-fix / behavioral-no-surface / contract-surface / new-capability); seeds a threaded change-epic — lineage frontmatter, inherited-step `state.json`, pointer-lock `contract-lock.json`, `change.json`, and `reconcile-debt.json` for hotfixes |
97
+ | `yad-timeline` | `TIMELINE.md` (the thread evolution view) + `thread-resolved.md` (the resolved current truth) |
98
+ | `yad-defects` | `DEFECTS.md` (quality-gap report by `escape_stage` + root cause) |
99
+ | `yad-reconcile` | advisory drift / orphan / debt sweep (read-only; mirrors `yad-docs-sync`) |
100
+
101
+ CLI: `yad thread [<epic>]` prints a thread + its resolved current truth + open debt; `yad reconcile`
102
+ runs the sweep. The three thread gates ride in the build-half `yad-checks` set above.
103
+
86
104
  ## System components = the durable state objects
87
105
 
88
106
  `components.ts` renders these on the canvas (deterministic positions): the **product hub**; each
89
107
  `.sdlc/*.json` (`state.json`, `approvals.json`, `comments.json`, `hub.json`, `repos.json`, `design.json`,
90
- `testing.json`, `learning.json`, `docs.json`, `contract-lock.json`, `build-state/*`, `trust-log.json`);
108
+ `testing.json`, `learning.json`, `docs.json`, `contract-lock.json`, `build-state/*`, `trust-log.json`,
109
+ and the change-thread ledgers `change.json`, `reconcile-debt.json`, `build-log.json`);
91
110
  the **connected code repos**; the **design / testing / learning tools**; and the **platform**
92
111
  (GitHub/GitLab + Pages). A skill's `sideEffects` link its step to the component it writes.
93
112