yadflow 2.5.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -2
- package/README.md +44 -22
- package/bin/yad.mjs +5 -0
- package/cli/doctor.mjs +1 -0
- package/cli/manifest.mjs +18 -2
- package/cli/ship.mjs +37 -0
- package/docs/index.html +44 -13
- package/package.json +2 -2
- package/skills/sdlc/config.yaml +7 -2
- package/skills/sdlc/install.sh +1 -1
- package/skills/sdlc/module-help.csv +7 -4
- package/skills/yad-checks/references/check-gates.md +58 -2
- package/skills/yad-checks/templates/checks/commit-message.sh +82 -0
- package/skills/yad-checks/templates/github/yad-checks.yml +27 -0
- package/skills/yad-checks/templates/github/yad-hub-checks.yml +36 -0
- package/skills/yad-checks/templates/gitlab/yad-checks.gitlab-ci.yml +20 -0
- package/skills/yad-checks/templates/gitlab/yad-hub-checks.gitlab-ci.yml +39 -0
- package/skills/yad-commit/SKILL.md +66 -0
- package/skills/yad-engineer-review/SKILL.md +86 -0
- package/skills/{yad-ship → yad-engineer-review}/references/ship-and-record.md +2 -2
- package/skills/{yad-ship → yad-engineer-review}/templates/.coderabbit.yaml +1 -1
- package/skills/yad-epic/references/state-schema.md +1 -1
- package/skills/yad-implement/SKILL.md +1 -1
- package/skills/yad-implement/references/implement-conventions.md +1 -1
- package/skills/yad-open-pr/SKILL.md +72 -0
- package/skills/yad-pr-template/templates/checks/pr-template.sh +62 -0
- package/skills/yad-pr-template/templates/checks/pr-title.sh +51 -0
- package/skills/yad-run/SKILL.md +2 -2
- package/skills/yad-run/references/run-loop.md +4 -4
- package/skills/yad-ship/SKILL.md +44 -66
- package/skills/yad-spec/SKILL.md +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,9 +1,18 @@
|
|
|
1
|
-
# [2.
|
|
1
|
+
# [2.6.0](https://github.com/abdelrahmannasr/yadflow/compare/v2.5.0...v2.6.0) (2026-06-14)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Bug Fixes
|
|
5
|
+
|
|
6
|
+
* allow scoped/breaking commit subjects + titles; parse only the trailer block ([63444c0](https://github.com/abdelrahmannasr/yadflow/commit/63444c08c1e33b4151c7389eb5e87f6ae682aee6))
|
|
7
|
+
* harden pattern-gate CI — pass PR title via env, write body to mktemp ([2415397](https://github.com/abdelrahmannasr/yadflow/commit/2415397f81280f459785b8fa9ca29007b473561b))
|
|
8
|
+
* let `yad ship` derive the PR title from the committed subject ([a5adba3](https://github.com/abdelrahmannasr/yadflow/commit/a5adba3212b236ffc5a2470b9ea50bf97c6c4138))
|
|
2
9
|
|
|
3
10
|
|
|
4
11
|
### Features
|
|
5
12
|
|
|
6
|
-
*
|
|
13
|
+
* add `yad ship` CLI to commit and open a PR/MR in one step ([c493e93](https://github.com/abdelrahmannasr/yadflow/commit/c493e93e5626eee590cd061c9e7dbc8047e78718))
|
|
14
|
+
* add commit-message/pr-title/pr-template pattern gates (code + hub) ([6658837](https://github.com/abdelrahmannasr/yadflow/commit/6658837d7685b826884b665a5e7661fd6ae99828))
|
|
15
|
+
* add yad-commit/yad-open-pr/yad-ship skills; rename Step E to yad-engineer-review ([c566567](https://github.com/abdelrahmannasr/yadflow/commit/c5665679e45f24ea53c682aca3a78eb52c9f984f))
|
|
7
16
|
|
|
8
17
|
# [2.2.0](https://github.com/abdelrahmannasr/yadflow/compare/v2.1.0...v2.2.0) (2026-06-14)
|
|
9
18
|
|
package/README.md
CHANGED
|
@@ -60,7 +60,10 @@ human**. Detailed walkthroughs for each phase follow below.
|
|
|
60
60
|
| `skills/yad-pr-template/` | Build Step D: install the platform PR/MR template + risk routing (code repos **and** the hub). |
|
|
61
61
|
| `skills/yad-review-comments/` | Install platform-matched PR/MR review-comment scaffolds (code repos and the hub). |
|
|
62
62
|
| `skills/yad-hub-bridge/` | The templated PR/MR **review bridge**: open a review PR/MR on the hub and sync platform approvals/comments into the file ledger. |
|
|
63
|
-
| `skills/yad-
|
|
63
|
+
| `skills/yad-commit/` | Build helper: commit ONE staged atomic change by the conventions (Conventional subject, trailers, `--ai` footer, ≤3-file guard). |
|
|
64
|
+
| `skills/yad-open-pr/` | Build helper: open a code-repo task PR/MR from the committed template (push, prefill, roster auto-assign). |
|
|
65
|
+
| `skills/yad-ship/` | Build helper: commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`). |
|
|
66
|
+
| `skills/yad-engineer-review/` | Build Step E: AI review (advisory) → engineer review → merge + record in the build log. |
|
|
64
67
|
| `skills/yad-backfill/` | Generate a human-verified spec for already-built code (Repomix), gated per touched feature. |
|
|
65
68
|
| `skills/yad-run/` | Phase 4 orchestrator: drive a story's back half on the `automation` dial; kill switch. |
|
|
66
69
|
| `skills/yad-status/` | Read-only view: front chain, build-half dials, trust record, fleet roll-up. |
|
|
@@ -94,13 +97,15 @@ with `npx` from your **product hub** repo — no clone needed.
|
|
|
94
97
|
| `yad gate ci [--branch <head>] [--pr <n>]` | The CI entry the hub workflow calls on review/merge events: derive the epic/artifact from the `review/EP-*` branch, run the same sync, and commit **only the ledger** to the hub default branch (sweep every open review PR when no `--branch`). |
|
|
95
98
|
| `yad commit --type <t> -m <subject>` | Commit by the SDLC convention — Conventional subject, `Task`/`Contract-Change`/`Co-Authored-By` trailers, atomic-file guard. |
|
|
96
99
|
| `yad open-pr [--repo <name>]` | Open a code-repo **task** PR/MR from the repo's platform template (build half). |
|
|
100
|
+
| `yad ship --type <t> -m <subject>` | Commit **and** open the task PR/MR in one step (`yad commit` then `yad open-pr`). |
|
|
97
101
|
| `yad repo list` / `yad repo refresh [name]` | List connected repos as **fresh / stale**, and re-pack a stale one — staleness is now an explicit human decision, never an automatic skill side-effect. |
|
|
98
102
|
| `npx yadflow --version` | Print the installed CLI version. |
|
|
99
103
|
|
|
100
104
|
Flags: `--dir <path>` targets a project other than the cwd; `--force` re-copies unchanged files (or
|
|
101
105
|
bypasses the commit atomic guard). Commit flags: `--type`, `-m/--message`, `--task`, `--ai
|
|
102
106
|
<claude\|copilot\|cursor\|coderabbit\|none>`, `--contract-change`, `--dry-run`. `open-pr` flags:
|
|
103
|
-
`--repo`, `--risk <low\|medium\|high>`, `--contract-change`.
|
|
107
|
+
`--repo`, `--risk <low\|medium\|high>`, `--contract-change`. `ship` takes the union of the `commit`
|
|
108
|
+
and `open-pr` flags (it runs `open-pr` only if the commit lands).
|
|
104
109
|
|
|
105
110
|
### The PR-driven review gate
|
|
106
111
|
|
|
@@ -128,7 +133,7 @@ simultaneous advancements can be lost; the next event or scheduled sweep re-sync
|
|
|
128
133
|
### What `setup` walks you through (10 steps)
|
|
129
134
|
|
|
130
135
|
1. **Preflight** — confirm the hub is a git repo (offers `git init`); check `git`/`node`/`npx`.
|
|
131
|
-
2. **Install the module** — copy all
|
|
136
|
+
2. **Install the module** — copy all 25 `yad-*` skills into the IDE skill dirs you pick
|
|
132
137
|
(`.claude/`, `.agents/`, `.zencoder/`, `.opencode/`) and register `_bmad/sdlc/`.
|
|
133
138
|
3. **Hub platform & roster** — detect GitHub/GitLab from the remote; record reviewers → `.sdlc/hub.json`.
|
|
134
139
|
4. **Connect a design tool** — record the design tool (Figma / pencil / none) → `.sdlc/design.json` so
|
|
@@ -184,7 +189,7 @@ with a fix-it hint per finding. Failures carry stable, greppable codes, also pri
|
|
|
184
189
|
|
|
185
190
|
Filing a bug? Attach `yad doctor --json` — it contains no secrets (names, paths, and check results only).
|
|
186
191
|
|
|
187
|
-
## Agent skills (all
|
|
192
|
+
## Agent skills (all 25)
|
|
188
193
|
|
|
189
194
|
The CLI **installs and wires** the module; the skills below are the **agents you invoke by name** in your
|
|
190
195
|
AI IDE (e.g. *“run `yad-epic`”*) to actually do the work. State lives in files you can also edit
|
|
@@ -276,15 +281,25 @@ directly. Each skill stops at a gate and never auto-advances unless a step has *
|
|
|
276
281
|
(≤3 files) on its own branch. The diff stays inside the files the task declared (flag and STOP if it
|
|
277
282
|
would grow). Commit ends with the task ID; `Contract-Change: yes` only if it touches the locked
|
|
278
283
|
contract surface.
|
|
279
|
-
- **`yad-checks`** — Step C, the production-safety gates. Wire and run
|
|
284
|
+
- **`yad-checks`** — Step C, the production-safety gates. Wire and run the CI gates: **spec-link**
|
|
280
285
|
(every change links a real story/spec), **contract-check** (a contract-surface diff without a
|
|
281
|
-
re-locked contract FAILS),
|
|
286
|
+
re-locked contract FAILS), **build/test/lint**, **verified-commits** (signed + roster-known authors),
|
|
287
|
+
and the **pattern gates** — **commit-message** (Conventional subject + trailer order), **pr-title**,
|
|
288
|
+
and **pr-template** (the PR/MR body uses the template). Profile-aware (`code`|`hub`), so they run on
|
|
289
|
+
both code repos and the product hub. CI-agnostic bash for GitHub Actions and GitLab CI.
|
|
282
290
|
- **`yad-pr-template`** — Step D. Detect the repo's platform and commit the matching PR/MR template with
|
|
283
291
|
an Impact & Risk block; high risk (or a contract/auth/payments surface) routes the review to domain
|
|
284
|
-
owners. Includes `risk-route.sh
|
|
285
|
-
- **`yad-
|
|
286
|
-
|
|
287
|
-
|
|
292
|
+
owners. Includes `risk-route.sh` plus the `pr-title.sh` / `pr-template.sh` gate scripts.
|
|
293
|
+
- **`yad-commit`** — build helper. Commit ONE staged atomic change by the conventions (Conventional
|
|
294
|
+
subject, `Task → Contract-Change → Co-Authored-By` trailers, the `--ai` co-author footer, the ≤3-file
|
|
295
|
+
atomic guard). Drives `yad commit`.
|
|
296
|
+
- **`yad-open-pr`** — build helper. Open a code-repo task PR/MR from the committed template: push the
|
|
297
|
+
branch, prefill the body, auto-assign the repo-scoped roster. Drives `yad open-pr`.
|
|
298
|
+
- **`yad-ship`** — build helper. Commit **and** open the task PR/MR in one step (`yad commit` then
|
|
299
|
+
`yad open-pr`; the PR step runs only if the commit lands). Drives `yad ship`.
|
|
300
|
+
- **`yad-engineer-review`** — Step E. AI review (CodeRabbit, advisory) → engineer review (the human gate,
|
|
301
|
+
owner + 1 reviewer with the same escalation) → on merge, record the ship in the epic build-log and
|
|
302
|
+
update the story state so the epic → story → task → PR chain stays traceable.
|
|
288
303
|
- **`yad-backfill`** — Step G. Generate specs for already-built features in an existing repo so new work
|
|
289
304
|
doesn't break them: pack one feature at a time with Repomix, write a DRAFT spec, require human approval
|
|
290
305
|
before it counts. A change is blocked only until the features it touches have approved specs.
|
|
@@ -382,12 +397,16 @@ build half by hand”** below.
|
|
|
382
397
|
11. `yad-implement story:<id> repo:<repo> task:<T0N>` → one atomic task = one branch = one commit
|
|
383
398
|
(repeat per task). Commit by convention with **`yad commit --type <t> -m <subject> [--ai <tool>]`**
|
|
384
399
|
(Task/Contract-Change/Co-Authored-By trailers, atomic-file guard).
|
|
385
|
-
12. `yad-checks repo:<repo> action: run` → spec-link, contract-check, build/test/lint,
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
in
|
|
400
|
+
12. `yad-checks repo:<repo> action: run` → spec-link, contract-check, build/test/lint, verified-commits
|
|
401
|
+
(platform-Verified signature + roster-allowlisted author), and commit-message must pass. (The
|
|
402
|
+
`pr-title` / `pr-template` gates need the PR title + body, so they run in CI once the PR exists —
|
|
403
|
+
step 13.)
|
|
404
|
+
13. Open the PR/MR from the wired template with **`yad open-pr --repo <repo> [--risk <level>]`** (or do
|
|
405
|
+
12+13 in one step with **`yad ship --type <t> -m <subject> --repo <repo>`**). The PR's CI now also
|
|
406
|
+
runs the `pr-title` and `pr-template` gates; `yad-pr-template repo:<repo> action: route` prints the
|
|
407
|
+
required reviewers from the Impact & Risk block.
|
|
408
|
+
14. `yad-engineer-review` → `ai-review` (advisory) → `approve` (the human engineer gate) → `ship` (merge,
|
|
409
|
+
record in `build-log.json`, update story status to `in-build`/`shipped`).
|
|
391
410
|
- **Multi-repo:** repeat 10–14 in each repo, all from the **one** locked contract.
|
|
392
411
|
- **Existing code:** `yad-backfill` first, to produce a human-verified spec for a built feature.
|
|
393
412
|
|
|
@@ -514,16 +533,19 @@ the product repo. Code repos are **separate git repos** under `demo-repos/<repo>
|
|
|
514
533
|
(`feat/<story>-<task>-…`) = one PR. The diff stays inside the files the task declared. Commit with
|
|
515
534
|
**`yad commit`** — it builds the conventional subject, derives the `Task:` trailer from the branch
|
|
516
535
|
(add `--contract-change` only if the locked surface is touched), appends an optional `--ai` co-author,
|
|
517
|
-
and refuses a non-atomic stage. Open the PR with **`yad open-pr --repo <repo>`** (template prefilled)
|
|
518
|
-
|
|
536
|
+
and refuses a non-atomic stage. Open the PR with **`yad open-pr --repo <repo>`** (template prefilled),
|
|
537
|
+
or do both in one step with **`yad ship`** (commit then open-pr).
|
|
538
|
+
3. **Check gates** — `yad-checks` wires the CI gates (GitHub + GitLab) that must pass before merge:
|
|
519
539
|
**spec-link** (links a real story/spec), **contract-check** (a contract-surface change without
|
|
520
540
|
`Contract-Change` + a re-locked contract FAILS, routing back to the architecture gate),
|
|
521
|
-
**build/test/lint
|
|
541
|
+
**build/test/lint**, **verified-commits**, and the **pattern gates** **commit-message** / **pr-title**
|
|
542
|
+
/ **pr-template** (profile-aware `code`|`hub`, so they also run on the product hub). They fail closed
|
|
543
|
+
on a bad base ref.
|
|
522
544
|
4. **PR/MR template + risk routing** — `yad-pr-template` drops the platform-matched template with an
|
|
523
545
|
Impact & Risk block; `high` risk (or a contract/auth/payments surface) routes the review to domain
|
|
524
546
|
owners (`risk-route.sh`), the same escalation as the gate.
|
|
525
|
-
5. **AI review → engineer review →
|
|
526
|
-
the authority); a human engineer approves (owner + 1 reviewer, escalating to domain owners); on
|
|
547
|
+
5. **AI review → engineer review → merge** — `yad-engineer-review`: CodeRabbit is an advisory first pass
|
|
548
|
+
(never the authority); a human engineer approves (owner + 1 reviewer, escalating to domain owners); on
|
|
527
549
|
merge the ship is recorded in `.sdlc/build-log.json` and the story state becomes `in-build` →
|
|
528
550
|
`shipped`. The epic → story → task → PR → mergeCommit chain is traceable both ways.
|
|
529
551
|
|
|
@@ -551,7 +573,7 @@ with their dials, per repo) and `trust-log.json` (every run's verdict). See
|
|
|
551
573
|
- **Drive a story's back half:** `yad-run {story} {repo}` walks `spec → tasks → implement → checks`,
|
|
552
574
|
reading each step's dial. On `machine_advance` it advances on its own; on `human_approve` it stops
|
|
553
575
|
for a human; on any FAIL, scope overrun, or contract-surface touch it **halts and pulls in a human**.
|
|
554
|
-
It always stops at the engineer review (`yad-
|
|
576
|
+
It always stops at the engineer review (`yad-engineer-review`), which is never automated.
|
|
555
577
|
- **Read the trust log:** `yad-status {epic}` shows each back step's dial, status, and trust record —
|
|
556
578
|
runs, % `approved-unchanged`, and whether that clears the threshold (`automation.trust_threshold` in
|
|
557
579
|
`config.yaml`, default ≥5 runs and ≥80% unchanged). The engineer review records each run's verdict
|
package/bin/yad.mjs
CHANGED
|
@@ -8,6 +8,7 @@ import { gateOpen, gateSync, gateComments, gateStatus, gateCi } from '../cli/gat
|
|
|
8
8
|
import { isValidEpicId } from '../cli/epic-state.mjs';
|
|
9
9
|
import { runCommit } from '../cli/commit.mjs';
|
|
10
10
|
import { runOpenPr } from '../cli/openpr.mjs';
|
|
11
|
+
import { runShip } from '../cli/ship.mjs';
|
|
11
12
|
import { runRepo } from '../cli/repo.mjs';
|
|
12
13
|
import { runDoctor } from '../cli/doctor.mjs';
|
|
13
14
|
|
|
@@ -34,6 +35,7 @@ ${c.bold('Review gate (front half)')}
|
|
|
34
35
|
${c.bold('Build helpers')}
|
|
35
36
|
yad commit --type <t> -m <subject> Commit by convention (trailers, atomic guard)
|
|
36
37
|
yad open-pr [--repo <name>] Open a code-repo task PR/MR from the template
|
|
38
|
+
yad ship --type <t> -m <subject> Commit AND open the task PR/MR in one step
|
|
37
39
|
yad repo list Show connected repos (fresh / stale)
|
|
38
40
|
yad repo refresh [name] Re-pack a stale repo (a human decision)
|
|
39
41
|
|
|
@@ -123,6 +125,9 @@ async function main() {
|
|
|
123
125
|
case 'open-pr':
|
|
124
126
|
await runOpenPr(o.dir, { repo: o.repo, platform: o.platform, base: o.base, title: o.title || o.message, task: o.task, risk: o.risk, contractChange: o.contractChange });
|
|
125
127
|
break;
|
|
128
|
+
case 'ship':
|
|
129
|
+
await runShip(o.dir, { type: o.type, message: o.message, task: o.task, ai: o.ai, contractChange: o.contractChange, dryRun: o.dryRun, force: o.force, repo: o.repo, platform: o.platform, base: o.base, title: o.title, risk: o.risk });
|
|
130
|
+
break;
|
|
126
131
|
case 'repo': {
|
|
127
132
|
const [, action, name] = o._;
|
|
128
133
|
await runRepo(o.dir, { action: action || 'list', name, today });
|
package/cli/doctor.mjs
CHANGED
|
@@ -195,6 +195,7 @@ export function ciTagsChecks(checks, root, hub, registry) {
|
|
|
195
195
|
fragments.push(
|
|
196
196
|
{ scope: 'hub', file: '.gitlab/ci/yad-gate-sync.yml', path: path.join(root, '.gitlab/ci/yad-gate-sync.yml') },
|
|
197
197
|
{ scope: 'hub', file: '.gitlab/ci/yad-verified-commits.yml', path: path.join(root, '.gitlab/ci/yad-verified-commits.yml') },
|
|
198
|
+
{ scope: 'hub', file: '.gitlab/ci/yad-hub-checks.yml', path: path.join(root, '.gitlab/ci/yad-hub-checks.yml') },
|
|
198
199
|
);
|
|
199
200
|
}
|
|
200
201
|
for (const repo of registry?.repos || []) {
|
package/cli/manifest.mjs
CHANGED
|
@@ -10,7 +10,7 @@ import { readFileSync } from 'node:fs';
|
|
|
10
10
|
const { version } = JSON.parse(readFileSync(new URL('../package.json', import.meta.url), 'utf8'));
|
|
11
11
|
export const VERSION = version;
|
|
12
12
|
|
|
13
|
-
// The
|
|
13
|
+
// The 25 hand-authored yad-* skills (mirrors skills/sdlc/install.sh).
|
|
14
14
|
export const SKILLS = [
|
|
15
15
|
'yad-analysis',
|
|
16
16
|
'yad-epic',
|
|
@@ -29,7 +29,10 @@ export const SKILLS = [
|
|
|
29
29
|
'yad-pr-template',
|
|
30
30
|
'yad-review-comments',
|
|
31
31
|
'yad-hub-bridge',
|
|
32
|
+
'yad-commit',
|
|
33
|
+
'yad-open-pr',
|
|
32
34
|
'yad-ship',
|
|
35
|
+
'yad-engineer-review',
|
|
33
36
|
'yad-backfill',
|
|
34
37
|
'yad-run',
|
|
35
38
|
'yad-review-gate',
|
|
@@ -51,7 +54,11 @@ export const LEGACY_SKILLS = {
|
|
|
51
54
|
'yad-pr-template': 'sdlc-pr-template',
|
|
52
55
|
'yad-review-comments': 'sdlc-review-comments',
|
|
53
56
|
'yad-hub-bridge': 'sdlc-hub-bridge',
|
|
54
|
-
|
|
57
|
+
// Step E ("ship") was renamed to yad-engineer-review (the yad-ship name now belongs to the new
|
|
58
|
+
// commit+open-PR combined skill). Pre-2.0 installs carry sdlc-ship → migrate it to yad-engineer-review.
|
|
59
|
+
// A 2.x install carrying yad-ship-as-Step-E is simply overwritten with the new combined content on
|
|
60
|
+
// `yad update` (same name, fresh copy), and yad-engineer-review is installed as a new skill.
|
|
61
|
+
'yad-engineer-review': 'sdlc-ship',
|
|
55
62
|
'yad-backfill': 'sdlc-backfill',
|
|
56
63
|
'yad-run': 'sdlc-run',
|
|
57
64
|
'yad-review-gate': 'sdlc-review-gate',
|
|
@@ -153,7 +160,10 @@ export const REPO_WIRING = {
|
|
|
153
160
|
{ src: 'skills/yad-checks/templates/checks/contract-check.sh', dest: 'checks/contract-check.sh', exec: true },
|
|
154
161
|
{ src: 'skills/yad-checks/templates/checks/build-test-lint.sh', dest: 'checks/build-test-lint.sh', exec: true },
|
|
155
162
|
{ src: 'skills/yad-checks/templates/checks/verified-commits.sh', dest: 'checks/verified-commits.sh', exec: true },
|
|
163
|
+
{ src: 'skills/yad-checks/templates/checks/commit-message.sh', dest: 'checks/commit-message.sh', exec: true },
|
|
156
164
|
{ src: 'skills/yad-pr-template/templates/checks/risk-route.sh', dest: 'checks/risk-route.sh', exec: true },
|
|
165
|
+
{ src: 'skills/yad-pr-template/templates/checks/pr-title.sh', dest: 'checks/pr-title.sh', exec: true },
|
|
166
|
+
{ src: 'skills/yad-pr-template/templates/checks/pr-template.sh', dest: 'checks/pr-template.sh', exec: true },
|
|
157
167
|
],
|
|
158
168
|
github: [
|
|
159
169
|
{ src: 'skills/yad-checks/templates/github/yad-checks.yml', dest: '.github/workflows/yad-checks.yml' },
|
|
@@ -179,13 +189,19 @@ export const wiringFor = (platform) => [
|
|
|
179
189
|
export const HUB_WIRING = {
|
|
180
190
|
common: [
|
|
181
191
|
{ src: 'skills/yad-checks/templates/checks/verified-commits.sh', dest: 'checks/verified-commits.sh', exec: true },
|
|
192
|
+
// Pattern gates run on the hub too (profile: hub) — commit subject + PR title + PR body.
|
|
193
|
+
{ src: 'skills/yad-checks/templates/checks/commit-message.sh', dest: 'checks/commit-message.sh', exec: true },
|
|
194
|
+
{ src: 'skills/yad-pr-template/templates/checks/pr-title.sh', dest: 'checks/pr-title.sh', exec: true },
|
|
195
|
+
{ src: 'skills/yad-pr-template/templates/checks/pr-template.sh', dest: 'checks/pr-template.sh', exec: true },
|
|
182
196
|
],
|
|
183
197
|
github: [
|
|
184
198
|
{ src: 'skills/yad-hub-bridge/templates/github/yad-gate-sync.yml', dest: '.github/workflows/yad-gate-sync.yml' },
|
|
185
199
|
{ src: 'skills/yad-checks/templates/github/yad-verified-commits.yml', dest: '.github/workflows/yad-verified-commits.yml' },
|
|
200
|
+
{ src: 'skills/yad-checks/templates/github/yad-hub-checks.yml', dest: '.github/workflows/yad-hub-checks.yml' },
|
|
186
201
|
],
|
|
187
202
|
gitlab: [
|
|
188
203
|
{ src: 'skills/yad-hub-bridge/templates/gitlab/yad-gate-sync.gitlab-ci.yml', dest: '.gitlab/ci/yad-gate-sync.yml' },
|
|
189
204
|
{ src: 'skills/yad-checks/templates/gitlab/yad-verified-commits.gitlab-ci.yml', dest: '.gitlab/ci/yad-verified-commits.yml' },
|
|
205
|
+
{ src: 'skills/yad-checks/templates/gitlab/yad-hub-checks.gitlab-ci.yml', dest: '.gitlab/ci/yad-hub-checks.yml' },
|
|
190
206
|
],
|
|
191
207
|
};
|
package/cli/ship.mjs
ADDED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
// `yad ship` — commit the staged atomic change AND open its task PR/MR, in one step (build half).
|
|
2
|
+
// A thin orchestration over the two existing engines: `yad commit` then `yad open-pr`. It holds no
|
|
3
|
+
// commit/PR logic of its own — it reuses runCommit/runOpenPr so the conventions stay in one place.
|
|
4
|
+
// The PR step runs ONLY when the commit actually lands: a failed commit, a tripped atomic guard, or a
|
|
5
|
+
// --dry-run all stop before anything is pushed.
|
|
6
|
+
import { c, log, info } from './lib.mjs';
|
|
7
|
+
import { runCommit } from './commit.mjs';
|
|
8
|
+
import { runOpenPr } from './openpr.mjs';
|
|
9
|
+
|
|
10
|
+
export async function runShip(root, opts = {}) {
|
|
11
|
+
log(c.bold('\nyad ship'));
|
|
12
|
+
|
|
13
|
+
// Step 1 — commit by convention (atomic guard, trailers, AI co-author). On --dry-run this just
|
|
14
|
+
// prints the message and returns without committing; we then stop (nothing to open a PR for).
|
|
15
|
+
const committed = await runCommit(root, {
|
|
16
|
+
type: opts.type, message: opts.message, task: opts.task, ai: opts.ai,
|
|
17
|
+
contractChange: opts.contractChange, dryRun: opts.dryRun, force: opts.force,
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
if (opts.dryRun) { info('dry run — not committed, PR/MR not opened'); return committed; }
|
|
21
|
+
|
|
22
|
+
// runCommit signals failure by setting process.exitCode (not by throwing) — honour it and abort the
|
|
23
|
+
// PR step so we never open a PR for a branch whose commit did not land.
|
|
24
|
+
if (process.exitCode) { info('commit did not land — skipping open-pr'); return committed; }
|
|
25
|
+
|
|
26
|
+
// Step 2 — open the task PR/MR from the committed template (pushes the branch, auto-assigns the
|
|
27
|
+
// repo-scoped roster). Pass ONLY an explicit --title: when omitted, runOpenPr derives the title
|
|
28
|
+
// from the committed subject (the full `<type>: …` form), which the pr-title gate expects — passing
|
|
29
|
+
// the bare --message here would override that with a type-less title and fail the gate.
|
|
30
|
+
const opened = await runOpenPr(root, {
|
|
31
|
+
repo: opts.repo, platform: opts.platform, base: opts.base,
|
|
32
|
+
title: opts.title, task: opts.task,
|
|
33
|
+
risk: opts.risk, contractChange: opts.contractChange,
|
|
34
|
+
});
|
|
35
|
+
|
|
36
|
+
return { ...committed, ...opened };
|
|
37
|
+
}
|
package/docs/index.html
CHANGED
|
@@ -284,7 +284,7 @@
|
|
|
284
284
|
<div class="lane">
|
|
285
285
|
<div class="lane-title">0 · One-time setup (team lead, per project)</div>
|
|
286
286
|
<div class="flow-v">
|
|
287
|
-
<div class="node plain"><strong>Install the module</strong><small><code>npx yadflow setup</code> — copies the
|
|
287
|
+
<div class="node plain"><strong>Install the module</strong><small><code>npx yadflow setup</code> — copies the 25 skills into your IDE dirs</small></div>
|
|
288
288
|
<div class="arrow-v">▼</div>
|
|
289
289
|
<div class="node plain"><strong>Wire each repo</strong><small><code>yad-checks</code> · <code>yad-pr-template</code> · <code>yad-review-comments</code> (CI gates, PR template, comment scaffold)</small></div>
|
|
290
290
|
<div class="arrow-v">▼</div>
|
|
@@ -344,7 +344,7 @@
|
|
|
344
344
|
<div class="arrow-v">▼</div>
|
|
345
345
|
<div class="node plain"><strong>Open PR/MR</strong><small>from the wired template; risk routing picks the required reviewers</small></div>
|
|
346
346
|
<div class="arrow-v">▼</div>
|
|
347
|
-
<div class="node plain"><strong>yad-
|
|
347
|
+
<div class="node plain"><strong>yad-engineer-review: AI review</strong><small>CodeRabbit first pass — advisory only, never the authority</small></div>
|
|
348
348
|
<div class="arrow-v">▼</div>
|
|
349
349
|
<div class="node locked"><strong>Engineer review</strong><small>a human reads the diff against the spec — <strong>never automated</strong></small></div>
|
|
350
350
|
<div class="arrow-v">▼</div>
|
|
@@ -447,7 +447,7 @@ each code repo/
|
|
|
447
447
|
<div class="term"><strong>State machine</strong><span class="badge b-core">core</span><br>The core design: the workflow is a fixed set of <em>states</em> (steps). Each state does its work and waits at a gate. The states never change — only the <em>trigger</em> (who moves work forward) changes. That is what lets the team start fully manual and automate gradually without rebuilding anything.</div>
|
|
448
448
|
<div class="term"><strong>Product hub (product repo)</strong><span class="badge b-core">core</span><br>The git repo that holds the shared “thinking”: epics, architecture, the contract, UI design, stories, reviews and all state. The brain of the project. Code never lives here.</div>
|
|
449
449
|
<div class="term"><strong>Code repo</strong><span class="badge b-core">core</span><br>A separate git repo holding real application code (e.g. backend, mobile, dashboard). Each story’s spec lives inside the code repo it belongs to, with a link back to the story in the hub.</div>
|
|
450
|
-
<div class="term"><strong>Skills source (this repo)</strong><span class="badge b-core">core</span><br>The <code>yadflow</code> repo itself — where the
|
|
450
|
+
<div class="term"><strong>Skills source (this repo)</strong><span class="badge b-core">core</span><br>The <code>yadflow</code> repo itself — where the 25 skills live and where you pull updates from. No real product work happens inside it.</div>
|
|
451
451
|
<div class="term"><strong>Front half (“decide” / the brain)</strong><span class="badge b-core">core</span><br>The first half of the workflow, run once per epic in the product hub: analysis (optional) → epic → architecture + contract → UI design → stories — each followed by a human review gate, ending at <code>ready-for-build</code>. <strong>Test cases</strong> is a parallel, non-blocking track that opens at the stories gate and runs alongside the build half. Permanently human-approved.</div>
|
|
452
452
|
<div class="term"><strong>Back half / build half (“build”)</strong><span class="badge b-core">core</span><br>The second half, run once per story per code repo, inside that repo: spec → implement → checks → PR → ship. These mechanical steps may earn automation over time.</div>
|
|
453
453
|
<div class="term"><strong>Gate</strong><span class="badge b-core">core</span><br>A stopping point after a step. The step writes its output and <em>waits</em>; a human must approve before the workflow moves on. “Every step stops at a gate” is the heart of the whole system.</div>
|
|
@@ -509,6 +509,9 @@ each code repo/
|
|
|
509
509
|
<div class="term"><strong>Contract-check</strong><span class="badge b-build">build</span><br>CI gate #2: a diff that changes the contract surface without declaring <code>Contract-Change: yes</code> <em>and</em> an updated, re-locked contract <strong>fails</strong> — routing the change back up to the architecture gate. This is how the contract stays honest.</div>
|
|
510
510
|
<div class="term"><strong>Build/test/lint gate</strong><span class="badge b-build">build</span><br>CI gate #3: the ordinary safety net — the project must build, its tests must pass, lint must be clean.</div>
|
|
511
511
|
<div class="term"><strong>Verified-commits gate</strong><span class="badge b-build">build</span><br>CI gate #4: every commit must carry a platform-verified signature and be authored by a roster-known email — rejecting unverified commits from unknown users, on the hub and every repo.</div>
|
|
512
|
+
<div class="term"><strong>Commit-message gate</strong><span class="badge b-build">build</span><br>CI gate #5: every commit subject must follow Conventional Commits (<code><type>: …</code>, no trailing period) and its trailers must be ordered <code>Task → Contract-Change → Co-Authored-By</code>. Profile-aware (code|hub).</div>
|
|
513
|
+
<div class="term"><strong>PR-title gate</strong><span class="badge b-build">build</span><br>CI gate #6: the PR/MR title must follow the convention — a Conventional-Commits subject on code repos, a <code>review: <artifact> (EP-<slug>)</code> title on the hub.</div>
|
|
514
|
+
<div class="term"><strong>PR-template gate</strong><span class="badge b-build">build</span><br>CI gate #7: the PR/MR body must actually use the committed template (its required sections present + the risk field filled), so the review and routing have their inputs. Profile-aware (code|hub).</div>
|
|
512
515
|
<div class="term"><strong><code>Task:</code> trailer</strong><span class="badge b-build">build</span><br>A line at the end of every commit message naming the story + task it implements (e.g. <code>Task: EP-istifta-inquiries-S01-T03</code>). What the spec-link check verifies.</div>
|
|
513
516
|
<div class="term"><strong><code>Contract-Change: yes</code> trailer</strong><span class="badge b-build">build</span><br>A commit trailer added <em>only</em> when the diff deliberately touches the locked contract surface — paired with an updated, re-locked contract, or the contract-check fails.</div>
|
|
514
517
|
<div class="term"><strong>Conventional Commits</strong><span class="badge b-build">build</span><br>The commit/PR title convention used everywhere: <code>feat: …</code>, <code>fix: …</code> (lowercase after the type). Merged <code>feat:</code>/<code>fix:</code> commits also drive automated releases of the CLI itself.</div>
|
|
@@ -538,7 +541,7 @@ each code repo/
|
|
|
538
541
|
<div class="term"><strong>CodeRabbit</strong><span class="badge b-tool">tools</span><br>An AI code-review service used as the advisory first pass on PRs. Optional; never the merge authority.</div>
|
|
539
542
|
<div class="term"><strong>Graceful degradation</strong><span class="badge b-tool">tools</span><br>The rule that every optional tool (Spec Kit, Impeccable, Repomix, CodeRabbit) can be absent: the workflow falls back to doing the work directly and <em>records</em> that the tool was missing. You can start with none of them.</div>
|
|
540
543
|
<div class="term"><strong>Tool-agnostic rule</strong><span class="badge b-tool">tools</span><br>Talk to every tool through its commands and files, never through its internal code — so each tool stays swappable.</div>
|
|
541
|
-
<div class="term"><strong>Skill</strong><span class="badge b-tool">tools</span><br>One of the
|
|
544
|
+
<div class="term"><strong>Skill</strong><span class="badge b-tool">tools</span><br>One of the 25 named agents (e.g. <code>yad-epic</code>) you invoke by name in your AI IDE. Each skill does one step’s work, writes files, and stops at its gate.</div>
|
|
542
545
|
<div class="term"><strong>The <code>yad</code> CLI</strong><span class="badge b-tool">tools</span><br>A zero-dependency command-line tool (npm: <code>yadflow</code>) that installs, wires and reconciles the workflow (<code>setup</code>, <code>check --fix</code>, <code>update</code>) and runs the deterministic pieces (<code>gate</code>, <code>commit</code>, <code>open-pr</code>, <code>repo</code>).</div>
|
|
543
546
|
|
|
544
547
|
<h3>People & AI roles</h3>
|
|
@@ -681,7 +684,7 @@ each code repo/
|
|
|
681
684
|
|
|
682
685
|
<!-- ======================================================= -->
|
|
683
686
|
<section id="skills">
|
|
684
|
-
<h2>6. The
|
|
687
|
+
<h2>6. The 25 skills — what each does, how to use it, and when</h2>
|
|
685
688
|
<p>A <strong>skill</strong> is an agent you invoke <em>by name</em> in your AI IDE — you just ask in
|
|
686
689
|
plain words, e.g. <em>“run <code>yad-epic</code>”</em>, adding any inputs the skill needs
|
|
687
690
|
(<code>repo: backend</code>, <code>story: EP-…-S01</code>, <code>action: wire</code>, …).
|
|
@@ -706,7 +709,10 @@ each code repo/
|
|
|
706
709
|
<tr><td><a href="#sk-impl"><code>yad-implement</code></a></td><td>Build B</td><td>Implement one atomic task as a small branch.</td></tr>
|
|
707
710
|
<tr><td><a href="#sk-checks"><code>yad-checks</code></a></td><td>Build C</td><td>Wire / run the CI gates.</td></tr>
|
|
708
711
|
<tr><td><a href="#sk-prt"><code>yad-pr-template</code></a></td><td>Build D</td><td>Install the PR/MR template + risk routing.</td></tr>
|
|
709
|
-
<tr><td><a href="#sk-
|
|
712
|
+
<tr><td><a href="#sk-commit"><code>yad-commit</code></a></td><td>Build helper</td><td>Commit one staged atomic change by the conventions.</td></tr>
|
|
713
|
+
<tr><td><a href="#sk-openpr"><code>yad-open-pr</code></a></td><td>Build helper</td><td>Open a code-repo task PR/MR from the committed template.</td></tr>
|
|
714
|
+
<tr><td><a href="#sk-ship"><code>yad-ship</code></a></td><td>Build helper</td><td>Commit <strong>and</strong> open the task PR/MR in one step.</td></tr>
|
|
715
|
+
<tr><td><a href="#sk-engineer-review"><code>yad-engineer-review</code></a></td><td>Build E</td><td>AI review → engineer review → merge + record.</td></tr>
|
|
710
716
|
<tr><td><a href="#sk-backfill"><code>yad-backfill</code></a></td><td>Build G</td><td>Spec already-built / legacy code before changing it.</td></tr>
|
|
711
717
|
<tr><td><a href="#sk-run"><code>yad-run</code></a></td><td>Automation</td><td>Drive the back half on the dials; set dials; kill switch.</td></tr>
|
|
712
718
|
<tr><td><a href="#sk-status"><code>yad-status</code></a></td><td>Anytime</td><td>Read-only view: where everything is and what’s blocking.</td></tr>
|
|
@@ -876,7 +882,7 @@ yad open-pr --repo backend</code></pre>
|
|
|
876
882
|
|
|
877
883
|
<div class="skillcard" id="sk-checks">
|
|
878
884
|
<h4><code>yad-checks</code> — Build Step C</h4>
|
|
879
|
-
<div class="row"><span class="lbl lbl-what">What</span> The production-safety CI gates: <strong>spec-link</strong> (every change links a real story/spec), <strong>contract-check</strong> (a contract-surface diff without a re-locked contract FAILS), <strong>build/test/lint</strong>,
|
|
885
|
+
<div class="row"><span class="lbl lbl-what">What</span> The production-safety CI gates: <strong>spec-link</strong> (every change links a real story/spec), <strong>contract-check</strong> (a contract-surface diff without a re-locked contract FAILS), <strong>build/test/lint</strong>, <strong>verified-commits</strong> (signed commits from roster-known authors), and the <strong>pattern gates</strong> — <strong>commit-message</strong> (Conventional subject + trailer order), <strong>pr-title</strong>, and <strong>pr-template</strong> (the PR/MR body uses the template). The pattern gates are profile-aware (<code>code</code>|<code>hub</code>), so they run on code repos <em>and</em> the product hub. <code>wire</code> installs them into the repo’s CI (merging with any existing CI, never clobbering); <code>run</code> executes them right now, locally.</div>
|
|
880
886
|
<div class="row"><span class="lbl lbl-how">How</span></div>
|
|
881
887
|
<pre><code>yad-checks repo: backend action: wire # once, during setup
|
|
882
888
|
yad-checks repo: backend action: run # before opening each PR
|
|
@@ -886,7 +892,7 @@ yad-checks repo: hub action: wire # hub-flavored gates for the product hub
|
|
|
886
892
|
|
|
887
893
|
<div class="skillcard" id="sk-prt">
|
|
888
894
|
<h4><code>yad-pr-template</code> — Build Step D</h4>
|
|
889
|
-
<div class="row"><span class="lbl lbl-what">What</span> Detects the repo’s platform and commits the matching PR/MR template, which carries an <strong>Impact & Risk block</strong>. A <code>high</code> risk level — or a touched contract/auth/payments surface — routes the review to the domain owners. <code>route</code> reads a PR body and prints exactly who must review it.</div>
|
|
895
|
+
<div class="row"><span class="lbl lbl-what">What</span> Detects the repo’s platform and commits the matching PR/MR template, which carries an <strong>Impact & Risk block</strong>. A <code>high</code> risk level — or a touched contract/auth/payments surface — routes the review to the domain owners. <code>route</code> reads a PR body and prints exactly who must review it. It also ships the <code>pr-title.sh</code> / <code>pr-template.sh</code> gate scripts that <code>yad-checks</code> runs.</div>
|
|
890
896
|
<div class="row"><span class="lbl lbl-how">How</span></div>
|
|
891
897
|
<pre><code>yad-pr-template repo: backend action: wire # once, during setup
|
|
892
898
|
yad-pr-template repo: backend action: route # who must review this PR?
|
|
@@ -894,13 +900,38 @@ yad-pr-template repo: hub action: wire # the hub's front-half review temp
|
|
|
894
900
|
<div class="row"><span class="lbl lbl-when">When</span> <code>wire</code> once per repo (and the hub) at setup; <code>route</code> whenever you’ve opened a PR and want the required reviewer list.</div>
|
|
895
901
|
</div>
|
|
896
902
|
|
|
903
|
+
<div class="skillcard" id="sk-commit">
|
|
904
|
+
<h4><code>yad-commit</code> — Build helper</h4>
|
|
905
|
+
<div class="row"><span class="lbl lbl-what">What</span> Commits <strong>one staged atomic change</strong> by the conventions: a Conventional-Commits subject, the fixed trailer block (<code>Task → Contract-Change → Co-Authored-By</code>), and a ≤3-file atomic guard. The human git author owns the commit; an assisting AI is recorded only as a <code>Co-Authored-By</code> footer chosen per-commit with <code>--ai</code> (default <code>none</code>, human-only).</div>
|
|
906
|
+
<div class="row"><span class="lbl lbl-how">How</span> From the repo holding the staged change:</div>
|
|
907
|
+
<pre><code>yad commit --type feat -m "add the inquiry endpoint" --ai claude
|
|
908
|
+
yad commit --type fix -m "handle null user" --dry-run # preview only</code></pre>
|
|
909
|
+
<div class="row"><span class="lbl lbl-when">When</span> Any time you have a staged atomic change to commit by the rules — on a code repo or the hub.</div>
|
|
910
|
+
</div>
|
|
911
|
+
|
|
912
|
+
<div class="skillcard" id="sk-openpr">
|
|
913
|
+
<h4><code>yad-open-pr</code> — Build helper</h4>
|
|
914
|
+
<div class="row"><span class="lbl lbl-what">What</span> Opens a code-repo <strong>task PR/MR</strong> from the committed platform template: detects GitHub/GitLab, pushes the task branch, and creates the PR/MR with the body prefilled and the title defaulting to the commit subject. Auto-assigns from the hub roster — assignee = the committer, reviewers = the repo’s reviewers + domain-owners. It never merges.</div>
|
|
915
|
+
<div class="row"><span class="lbl lbl-how">How</span> On the task branch:</div>
|
|
916
|
+
<pre><code>yad open-pr --repo backend --risk low</code></pre>
|
|
917
|
+
<div class="row"><span class="lbl lbl-when">When</span> After committing a task, to raise its PR/MR for the check gates + engineer review.</div>
|
|
918
|
+
</div>
|
|
919
|
+
|
|
897
920
|
<div class="skillcard" id="sk-ship">
|
|
898
|
-
<h4><code>yad-ship</code> — Build
|
|
921
|
+
<h4><code>yad-ship</code> — Build helper</h4>
|
|
922
|
+
<div class="row"><span class="lbl lbl-what">What</span> Does the two routine build-half hand-actions for one task in <strong>one step</strong>: commit by convention, then open the task PR/MR. A thin wrapper over <code>yad-commit</code> then <code>yad-open-pr</code> — the PR step runs <em>only</em> if the commit lands (a failed commit, tripped guard, or <code>--dry-run</code> stops before pushing). It never merges.</div>
|
|
923
|
+
<div class="row"><span class="lbl lbl-how">How</span> On the task branch, with the change staged:</div>
|
|
924
|
+
<pre><code>yad ship --type feat -m "add the inquiry endpoint" --ai claude --repo backend --risk low</code></pre>
|
|
925
|
+
<div class="row"><span class="lbl lbl-when">When</span> The common case — turn an implemented, staged task into a reviewable PR/MR in one command.</div>
|
|
926
|
+
</div>
|
|
927
|
+
|
|
928
|
+
<div class="skillcard" id="sk-engineer-review">
|
|
929
|
+
<h4><code>yad-engineer-review</code> — Build Step E</h4>
|
|
899
930
|
<div class="row"><span class="lbl lbl-what">What</span> The last mile of a task’s PR: <code>ai-review</code> triggers the advisory AI pass (CodeRabbit — a second set of eyes, never the authority); <code>approve</code> records the <strong>human engineer approval</strong> (owner + 1 reviewer, same escalation); <code>ship</code> merges and records the ship in <code>build-log.json</code>, moving the story to <code>in-build</code> → <code>shipped</code> so the epic → story → task → PR chain stays traceable.</div>
|
|
900
931
|
<div class="row"><span class="lbl lbl-how">How</span> Against the task’s PR, in order:</div>
|
|
901
|
-
<pre><code>yad-
|
|
902
|
-
yad-
|
|
903
|
-
yad-
|
|
932
|
+
<pre><code>yad-engineer-review story: EP-istifta-inquiries-S01 task: T01 repo: backend action: ai-review
|
|
933
|
+
yad-engineer-review … action: approve # the human engineer's approval
|
|
934
|
+
yad-engineer-review … action: ship # merge + record in build-log.json</code></pre>
|
|
904
935
|
<div class="row"><span class="lbl lbl-when">When</span> Once a task’s PR is open and the check gates are green. The engineer approval here is <strong>permanently human</strong> — no dial can ever automate it.</div>
|
|
905
936
|
</div>
|
|
906
937
|
|
|
@@ -948,7 +979,7 @@ yad-status EP-istifta-inquiries # one epic in detail</code></pre>
|
|
|
948
979
|
|
|
949
980
|
<div class="skillcard">
|
|
950
981
|
<h4><code>npx yadflow setup</code></h4>
|
|
951
|
-
<div class="row"><span class="lbl lbl-what">What</span> The guided first-run wizard. Ten steps: preflight (git/node check), install all
|
|
982
|
+
<div class="row"><span class="lbl lbl-what">What</span> The guided first-run wizard. Ten steps: preflight (git/node check), install all 25 skills into the IDE dirs you pick, detect the hub’s platform + record the reviewer roster, connect a design tool (Figma-first; optional), connect a testing tool (Playwright-first; optional), connect a learning tool (DeepTutor-first; optional), connect your code repos, wire each one (CI gates, PR template, comment scaffold), optionally write the AI-review config, and stamp the installed version.</div>
|
|
952
983
|
<div class="row"><span class="lbl lbl-how">How</span></div>
|
|
953
984
|
<pre><code>cd <product-hub-repo>
|
|
954
985
|
npx yadflow setup</code></pre>
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "yadflow",
|
|
3
|
-
"version": "2.
|
|
4
|
-
"description": "Yadflow — the gated, team, multi-repo SDLC: author → review → build with a PR-driven review gate and a zero-dependency `yad` CLI (setup, gate, commit, open-pr, repo). A BMAD module +
|
|
3
|
+
"version": "2.6.0",
|
|
4
|
+
"description": "Yadflow — the gated, team, multi-repo SDLC: author → review → build with a PR-driven review gate and a zero-dependency `yad` CLI (setup, gate, commit, open-pr, ship, repo). A BMAD module + 25 yad-* skills.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"author": "AbdelRahman Nasr",
|
|
7
7
|
"license": "MIT",
|
package/skills/sdlc/config.yaml
CHANGED
|
@@ -73,8 +73,13 @@ build:
|
|
|
73
73
|
- { id: cursor, name: "Cursor", email: "noreply@cursor.com" }
|
|
74
74
|
- { id: coderabbit, name: "CodeRabbit", email: "noreply@coderabbit.ai" }
|
|
75
75
|
- { id: none, name: "(no AI assistance)", email: "" }
|
|
76
|
-
# Step C (yad-checks) — the
|
|
76
|
+
# Step C (yad-checks) — the CI gates that must pass before merge. CI-agnostic bash in checks/.
|
|
77
77
|
gates: [spec-link, contract-check, build-test-lint]
|
|
78
|
+
# Pattern gates — commit subject + PR/MR title + PR/MR template-usage. Profile-aware (code|hub): code
|
|
79
|
+
# repos validate the Conventional-Commits / task-PR conventions; the product hub validates its
|
|
80
|
+
# artifact-review conventions (review/EP-<slug>/<artifact>, the hub PR template). verified-commits is
|
|
81
|
+
# the separate security gate (signature + roster-known author). All blocking in CI; both repos + hub.
|
|
82
|
+
pattern_gates: [commit-message, pr-title, pr-template]
|
|
78
83
|
ci_platforms: [github, gitlab] # both wired from skills/yad-checks/templates/; GitHub is this product repo's platform
|
|
79
84
|
contract_surface_glob: "specs/*/contracts/**" # the repo's quoted contract slice; a diff here needs Contract-Change + a re-locked contract
|
|
80
85
|
# Step D (yad-pr-template) — platform-matched PR/MR template + risk routing.
|
|
@@ -85,7 +90,7 @@ build:
|
|
|
85
90
|
github: ".github/pull_request_template.md"
|
|
86
91
|
gitlab: ".gitlab/merge_request_templates/Default.md"
|
|
87
92
|
risk_levels: [low, medium, high] # high (or a contract/auth/payments surface) routes to domain owners (yad-review-gate escalation)
|
|
88
|
-
# Step E (yad-
|
|
93
|
+
# Step E (yad-engineer-review) — AI review (advisory) + engineer review (the human gate) + merge.
|
|
89
94
|
ai_review: coderabbit # advisory first pass; never the authority (.coderabbit.yaml)
|
|
90
95
|
build_log: "epics/EP-<slug>/.sdlc/build-log.json" # append-only ship ledger (back-half analogue of approvals.json)
|
|
91
96
|
story_build_states: [in-build, shipped] # in-build = some tasks shipped; shipped = all tasks in tasks.md shipped
|
package/skills/sdlc/install.sh
CHANGED
|
@@ -11,7 +11,7 @@ set -euo pipefail
|
|
|
11
11
|
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
|
|
12
12
|
cd "$ROOT"
|
|
13
13
|
|
|
14
|
-
SKILLS=(yad-analysis yad-epic yad-architecture yad-ui yad-stories yad-test-cases yad-connect-repos yad-connect-design yad-connect-testing yad-connect-learning yad-learn yad-spec yad-implement yad-checks yad-pr-template yad-review-comments yad-hub-bridge yad-ship yad-backfill yad-run yad-review-gate yad-status)
|
|
14
|
+
SKILLS=(yad-analysis yad-epic yad-architecture yad-ui yad-stories yad-test-cases yad-connect-repos yad-connect-design yad-connect-testing yad-connect-learning yad-learn yad-spec yad-implement yad-checks yad-pr-template yad-review-comments yad-hub-bridge yad-commit yad-open-pr yad-ship yad-engineer-review yad-backfill yad-run yad-review-gate yad-status)
|
|
15
15
|
|
|
16
16
|
echo "Installing sdlc module from $ROOT/skills ..."
|
|
17
17
|
|
|
@@ -13,11 +13,14 @@ SDLC Workflow,yad-connect-learning,Connect Learning Tool,CL,"Setup/maintenance:
|
|
|
13
13
|
SDLC Workflow,yad-learn,Learn (Tutor),LN,"Cross-cutting learning layer: at ANY SDLC stage a team member can ask to learn a concept and be tutored in the context of what the team is building. Routes to the connected learning tool (.sdlc/learning.json, DeepTutor-first) grounded in the project knowledge base, or degrades to harness-native tutoring (the harness model reading the artifacts). Renders a tutorial artifact and appends to a per-member learning ledger kept LOCAL-ONLY (gitignored, never committed/pushed to the hub or any code repo) so it stays a private, personal skills log (yad-status rolls up the local records). Purely opt-in — never blocks a gate, never touches epic state, approvals, or the contract lock.",,{concept: <idea>} {context: <focus>} {epic: EP-<slug>} {stage: <sdlc stage>} {member: <who>} {mode: explain|deep|quiz} {action: learn|list|complete},,,,,false,epics/EP-<slug>/,learning-records.json learning/<member>--<concept>.md
|
|
14
14
|
SDLC Workflow,yad-spec,Author Spec,SP,"Build-half Step A: for one ready-for-build story and one of its repos, run the heavy Spec Kit ceremony once (specify→clarify→plan→analyze→checklist→tasks) inside that code repo, writing specs/<story-id>/ in Spec Kit's layout (drives /speckit.* when installed, else hand-authors and records speckit: not-installed). References the locked contract; never re-invents the surface. Writes link.md back to the story. Never auto-advances.",,{epic: EP-<slug>} {story: EP-<slug>-S0N} {repo: <one of story.repos>},3-build,yad-review-gate,,false,demo-repos/<repo>/specs/<story-id>/,spec.md research.md data-model.md contracts/ plan.md tasks.md link.md
|
|
15
15
|
SDLC Workflow,yad-implement,Implement Task,IM,"Build-half Step B: with the dev lens, implement ONE atomic task from a story's tasks.md as a small diff (<=3 files) on its own branch feat/<story>-<task>-<slug> in the code repo. Diff stays inside the task's declared files (flag and STOP if it grows beyond them). Commit ends with a Task: <story>-<task> trailer; add Contract-Change: yes only when the locked contract surface is touched (routes back to the architecture gate). Never auto-advances.",,{epic: EP-<slug>} {story: EP-<slug>-S0N} {repo: <one of story.repos>} {task: T0N},3-build,yad-spec,,false,demo-repos/<repo>/,branch+commit per atomic task
|
|
16
|
-
SDLC Workflow,yad-checks,Check Gates,CK,"Build-half Step C: wire and run the
|
|
17
|
-
SDLC Workflow,yad-pr-template,PR/MR Template,PT,"Build-half Step D: detect a code repo's platform and commit the matching PR/MR template (.github/pull_request_template.md or .gitlab/merge_request_templates/Default.md) with an Impact & Risk block. A high risk level (or a touched contract/auth/payments surface) routes the review to domain owners — the same escalation yad-review-gate applies. risk-route.sh
|
|
16
|
+
SDLC Workflow,yad-checks,Check Gates,CK,"Build-half Step C: wire and run the production-safety CI gates on a code repo (and product hub) — spec-link (every change links a real story/spec via its Task trailer), contract-check (a contract-surface change without Contract-Change + an updated re-locked contract FAILS and routes back to the architecture gate), build/test/lint, verified-commits (signed + roster-known authors), and the pattern gates commit-message / pr-title / pr-template (profile-aware code|hub). CI-agnostic bash invoked by GitHub Actions and GitLab CI. Blocking in CI; the human still owns the merge. Never auto-advances.",,{repo: <one of an epic's repos | hub>} {action: wire|run} {base: target branch},3-build,yad-implement,,false,demo-repos/<repo>/,checks/*.sh .github/workflows/yad-checks.yml .gitlab-ci.yml
|
|
17
|
+
SDLC Workflow,yad-pr-template,PR/MR Template,PT,"Build-half Step D: detect a code repo's platform and commit the matching PR/MR template (.github/pull_request_template.md or .gitlab/merge_request_templates/Default.md) with an Impact & Risk block. A high risk level (or a touched contract/auth/payments surface) routes the review to domain owners — the same escalation yad-review-gate applies. Ships the routing helper risk-route.sh plus the pattern-gate scripts pr-title.sh and pr-template.sh (used by yad-checks). Never auto-advances.",,{repo: <one of an epic's repos | hub>} {action: wire|route} {body: PR description file},3-build,yad-checks,,false,demo-repos/<repo>/,.github/pull_request_template.md .gitlab/merge_request_templates/Default.md checks/risk-route.sh checks/pr-title.sh checks/pr-template.sh
|
|
18
|
+
SDLC Workflow,yad-commit,Commit by Convention,CM,"Build-half helper: commit ONE staged atomic change by the conventions — a Conventional-Commits subject, the fixed trailer block (Task -> Contract-Change -> Co-Authored-By), and the <=3-file atomic guard. The human git author owns the commit; an assisting AI is recorded only as a Co-Authored-By footer chosen per-commit with --ai (claude|copilot|cursor|coderabbit|none, default none). Drives the yad commit CLI. Never auto-advances.",,{type: feat|fix|...} {message: subject} {ai: <tool|none>} {task: <id>} {contract-change: true|false},3-build,yad-implement,,false,<repo>/,one commit
|
|
19
|
+
SDLC Workflow,yad-open-pr,Open PR/MR,OP,"Build-half helper: open a code-repo task PR/MR from the committed platform template — detect GitHub/GitLab, push the task branch, create the PR/MR with the body prefilled (Summary / Story-task / Impact & Risk) and the title defaulting to the commit subject. Auto-assigns from the hub roster (assignee = committer, reviewers = repo reviewers + domain-owners); high risk / contract surface routes to domain owners (risk-route.sh). Drives the yad open-pr CLI. Never merges; never auto-advances.",,{repo: <name>} {risk: low|medium|high} {contract-change: true|false},3-build,yad-commit,,false,<repo>/,one PR/MR
|
|
20
|
+
SDLC Workflow,yad-ship,Commit + Open PR/MR,SP2,"Build-half helper: commit AND open the task PR/MR in one step — a thin orchestration over yad-commit then yad-open-pr. Commits the staged atomic change by the conventions, then pushes the branch and opens the PR/MR from the committed template with the roster auto-assigned. The PR step runs ONLY if the commit lands (a failed commit, tripped guard, or --dry-run stops before pushing). Drives the yad ship CLI. Never merges; never auto-advances.",,{type: feat|fix|...} {message: subject} {ai: <tool|none>} {repo: <name>} {risk: low|medium|high} {contract-change: true|false},3-build,yad-pr-template,,false,<repo>/,one commit + one PR/MR
|
|
18
21
|
SDLC Workflow,yad-review-comments,Review Comment Templates,RC,"Install platform-matched PR/MR review-comment scaffolds (committed REVIEW_COMMENTS.md) into a code repo or the product hub, so reviewers leave structured, attributable feedback whose **name (role)** headers map cleanly into the SDLC file ledger. GitHub Saved Replies / GitLab comment templates are per-user, so a committed doc is the repo-level mechanism. Never auto-advances.",,{repo: <one of an epic's repos | hub>} {action: wire},3-build,,,false,<repo>/.github|.gitlab/,REVIEW_COMMENTS.md
|
|
19
22
|
SDLC Workflow,yad-hub-bridge,Hub Review Bridge,HB,"The templated PR/MR bridge for the front-half review gate: when the product hub has a platform (.sdlc/hub.json), open a review PR/MR on the hub for an authored artifact, set required reviewers/labels from the routing rule, and provide the read-only gh/glab recipes yad-review-gate's sync uses to pull platform comments + approvals into the file ledger. Local-user auth, no stored tokens; file ledger stays the source of truth; degrades to file-only when no platform/CLI. Never auto-advances.",,{epic: EP-<slug>} {artifact: epic.md|architecture.md|ui-design.md|stories/} {action: open|route},1-front,yad-review-gate,yad-review-gate,false,epics/EP-<slug>/.sdlc/,hub-prs.json
|
|
20
|
-
SDLC Workflow,yad-
|
|
23
|
+
SDLC Workflow,yad-engineer-review,Engineer Review & Merge,ER,"Build-half Step E: wire an advisory AI first-pass (CodeRabbit) on the PR, record the human engineer review with the same human_approve discipline as the front gates (owner + 1 reviewer, escalating to domain owners on high risk / contract / auth / payments), and on merge record the ship in epics/<epic>/.sdlc/build-log.json and update the story state. AI review is advisory, never the authority; the human owns the merge. Never auto-advances.",,{epic: EP-<slug>} {story: EP-<slug>-S0N} {task: T0N} {repo: <repo>} {action: ai-review|approve|ship},3-build,yad-ship,,false,epics/EP-<slug>/.sdlc/,build-log.json story-status
|
|
21
24
|
SDLC Workflow,yad-backfill,Backfill Specs,BF,"Build-half Step G: generate specs for already-built features in an existing repo. Confirm Repomix (npx repomix CLI), pack ONE feature (compress + git logs, secret-scan), feed to AI with a 'describe what exists, do not invent' prompt, write a DRAFT spec marked verified: false. Human approval (reuse yad-review-gate) makes it real. Boundary auto-proposed and human-confirmed. A change is blocked only until the features it touches have approved specs. Never auto-advances.",,{repo: <repo>} {feature: <name + globs>} {action: pack|draft|approve|gate},3-build,,,false,demo-repos/<repo>/specs/backfill/<feature>/,spec.md backfill-check.sh
|
|
22
|
-
SDLC Workflow,yad-run,Run (Automation),RN,"Phase 4 orchestrator: drive a story's back-half loop (spec→tasks→implement→checks) in one code repo, reading each step's automation dial from build-state — on machine_advance it advances on its own, on human_approve it stops for a human. Records every run in the trust log. Realizes Step B (a clean checks pass auto-advances to the engineer review when earned; any FAIL / scope overrun / contract touch HALTS). set-dial earns/reverts a step's automation (machine_advance gated by the trust threshold; front states and engineer-review refused); kill/unkill toggles the system-wide kill switch. Front states and the human merge gate never auto-advance.",,{epic: EP-<slug>} {story: EP-<slug>-S0N} {repo: <repo>} {action: run|set-dial|kill|unkill} {step: <back-step>} {to: human_approve|machine_advance},4-automate,yad-spec,yad-
|
|
25
|
+
SDLC Workflow,yad-run,Run (Automation),RN,"Phase 4 orchestrator: drive a story's back-half loop (spec→tasks→implement→checks) in one code repo, reading each step's automation dial from build-state — on machine_advance it advances on its own, on human_approve it stops for a human. Records every run in the trust log. Realizes Step B (a clean checks pass auto-advances to the engineer review when earned; any FAIL / scope overrun / contract touch HALTS). set-dial earns/reverts a step's automation (machine_advance gated by the trust threshold; front states and engineer-review refused); kill/unkill toggles the system-wide kill switch. Front states and the human merge gate never auto-advance.",,{epic: EP-<slug>} {story: EP-<slug>-S0N} {repo: <repo>} {action: run|set-dial|kill|unkill} {step: <back-step>} {to: human_approve|machine_advance},4-automate,yad-spec,yad-engineer-review,false,epics/EP-<slug>/.sdlc/,build-state/<story-id>.json trust-log.json
|
|
23
26
|
SDLC Workflow,yad-status,SDLC Status,SS,"Read-only: print the full front-state chain, per-step dials, contract lock, story repo tags, and pending approvals at the active gate. For stories in the build half, also print each back-half step's automation dial and status, the trust record (runs / % approved-unchanged / earned vs gathering evidence), and the system-wide kill-switch state.",,{epic: EP-<slug>},1-front,,,false,,
|