Skip to content

Commit a0c0741

Browse files
author
root
committed
update bmad
1 parent 4dfad42 commit a0c0741

1,108 files changed

Lines changed: 308 additions & 182634 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/ai-review-policy.md

Lines changed: 94 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,94 @@
1+
# AI PR Workflow Policy
2+
3+
This document defines how AI should participate in PR creation, review, and merge decisions for this repository.
4+
5+
## Goals
6+
7+
- Speed up routine authoring and review work
8+
- Improve consistency of change summaries and review coverage
9+
- Keep merge authority and release authority under explicit repository controls
10+
11+
## Allowed AI Roles
12+
13+
### 1. PR Authoring Support
14+
15+
AI may help with:
16+
17+
- PR title and summary drafting
18+
- change categorization
19+
- release-note draft text
20+
- test-plan drafting
21+
- reviewer-facing risk summaries
22+
23+
Human expectation:
24+
25+
- The PR author remains responsible for accuracy.
26+
- Generated text must be edited if it is vague, inflated, or inconsistent with the actual diff.
27+
28+
### 2. PR Review Support
29+
30+
AI may help with:
31+
32+
- first-pass diff review
33+
- identifying likely regressions
34+
- spotting missing tests
35+
- flagging API, workflow, or release-surface changes
36+
- summarizing CI results and risk areas
37+
38+
Human expectation:
39+
40+
- AI comments are advisory.
41+
- CODEOWNER-equivalent human review is still required for risky or cross-cutting changes.
42+
43+
### 3. Merge Readiness Support
44+
45+
AI may help by summarizing whether a PR appears merge-ready based on repository rules.
46+
47+
AI may recommend merge only when all of the following are true:
48+
49+
- required PR checks are green
50+
- requested human reviewers have approved
51+
- there are no unresolved review threads
52+
- no required follow-up item is hidden in comments
53+
54+
## Disallowed AI Roles
55+
56+
AI must not:
57+
58+
- bypass required CI or branch protection
59+
- approve its own generated code without human review
60+
- be treated as the sole reviewer for workflow, release, auth, security, migration, or destructive runtime changes
61+
- directly merge to `main` without repository rules explicitly allowing auto-merge after human approval
62+
- treat advisory post-merge findings as if they were release-blocking by default
63+
64+
## Repository-Specific Review Focus
65+
66+
AI review should explicitly check whether a PR changed any of these surfaces:
67+
68+
- GitHub Actions workflows under `.github/workflows/`
69+
- release behavior, tags, release assets, or image publication
70+
- OpenAPI or API route behavior
71+
- container startup, runtime env requirements, or e2e behavior
72+
- installation or bootstrap scripts
73+
74+
If any of those surfaces changed, AI should call them out clearly in the PR summary.
75+
76+
## Recommended Operating Model
77+
78+
Use AI in this order:
79+
80+
1. Draft PR summary and validation notes
81+
2. Produce a first-pass review summary
82+
3. Highlight risky files and missing checks
83+
4. Let humans decide approval and merge
84+
85+
## Merge Authority
86+
87+
Final merge authority stays with:
88+
89+
- branch protection rules
90+
- required status checks
91+
- required human approvals
92+
- repository maintainers
93+
94+
AI is a reviewer-assistant, not a branch-protection substitute.

.github/branch-protection-guide.md

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
# Branch Protection And CI Roles
2+
3+
This repository uses three CI layers with different responsibilities:
4+
5+
- `PR Gate`: the pre-merge blocking gate for `main`
6+
- `Main Post-Merge`: post-merge validation for merge-result health and advisory supply-chain checks
7+
- `Release`: tag-based release preparation and draft release creation
8+
9+
Related workflows:
10+
11+
- `.github/workflows/pr-gate.yml`
12+
- `.github/workflows/main-post-merge.yml`
13+
- `.github/workflows/release.yml`
14+
- `.github/workflows/publish-images.yml`
15+
16+
## What Should Block Merge
17+
18+
Only the PR gate should be configured as the required branch-protection check for `main`.
19+
20+
Recommended required check target:
21+
22+
- workflow: `PR Gate`
23+
- job: `Quality Gate`
24+
25+
Why:
26+
27+
- It is the main admission gate for code entering `main`.
28+
- It runs lint, tests, security fast checks, and e2e smoke.
29+
- It avoids using post-merge or release-only checks as pre-merge blockers.
30+
31+
## What Should Not Block Merge
32+
33+
`Main Post-Merge` should validate the merged result, but it should not be the primary merge gate.
34+
35+
In the current design:
36+
37+
- `Build Production Image` is a blocking post-merge health signal for `main`
38+
- `Advisory Image Security` is informative and should not redefine main-branch health on its own
39+
40+
If `Main Post-Merge` fails:
41+
42+
- treat `Quality Gate` or image-build failures as urgent main-health issues
43+
- treat advisory scan failures as triage items unless policy says otherwise
44+
45+
## Recommended GitHub Settings For `main`
46+
47+
Enable:
48+
49+
- Require a pull request before merging
50+
- Require status checks to pass before merging
51+
- Require branches to be up to date before merging
52+
- Require conversation resolution before merging
53+
- Restrict direct pushes to `main`
54+
- Allow auto-merge only after required checks and approvals pass
55+
56+
Recommended manual settings outside the repository:
57+
58+
- set `PR Gate / Quality Gate` as a required status check
59+
- require at least one human approval
60+
- add CODEOWNERS later for sensitive areas such as workflows, release logic, and runtime bootstrapping
61+
62+
## How To Treat AI In Branch Protection
63+
64+
AI review may help summarize and pre-screen PRs, but branch protection should still rely on:
65+
66+
- required CI checks
67+
- human approvals
68+
- repository permissions
69+
70+
Do not treat AI comments or AI merge suggestions as equivalent to a required approval.
71+
72+
## Release Layer
73+
74+
Release workflows are not part of the merge gate.
75+
76+
- `Release` validates tags, generates release artifacts, and creates a draft release
77+
- `Publish Images` runs only after a release is published
78+
79+
This separation avoids using release-specific work as a daily development bottleneck.

.github/pull_request_template.md

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
# Summary
2+
3+
Describe the change in 2-5 lines.
4+
5+
# What Changed
6+
7+
-
8+
-
9+
-
10+
11+
# Why
12+
13+
Explain the problem, requirement, or risk this PR addresses.
14+
15+
# Validation
16+
17+
- [ ] `make lint`
18+
- [ ] `make test backend`
19+
- [ ] `make test web`
20+
- [ ] `make e2e`
21+
- [ ] Other validation noted below
22+
23+
Additional validation notes:
24+
25+
```text
26+
27+
```
28+
29+
# Risk Review
30+
31+
- User-facing impact:
32+
- Data or migration impact:
33+
- CI/release impact:
34+
- Rollback plan:
35+
36+
# Contract Review
37+
38+
- [ ] No API or schema contract changed
39+
- [ ] OpenAPI or generated contract artifacts were updated
40+
- [ ] Release notes or changelog impact was reviewed
41+
- [ ] No release/distribution behavior changed
42+
43+
# AI Assistance
44+
45+
- [ ] No AI assistance was used
46+
- [ ] AI helped draft code or tests
47+
- [ ] AI helped draft PR text or review notes
48+
- [ ] AI output was manually reviewed and corrected where needed
49+
50+
Notes on AI usage:
51+
52+
```text
53+
54+
```
55+
56+
# Reviewer Checklist
57+
58+
- [ ] Scope is small enough to review safely
59+
- [ ] Validation is appropriate for the changed surface
60+
- [ ] New behavior is covered by tests or explicitly justified
61+
- [ ] Docs/workflows/contracts were updated if behavior changed
62+
- [ ] Rollback or follow-up risk is acceptable

.github/skills/bmad-advanced-elicitation/SKILL.md

Lines changed: 0 additions & 137 deletions
This file was deleted.

0 commit comments

Comments
 (0)