feat: import MyBMAD web dashboard alongside VS Code extension

Coordinates the BMAD UI ecosystem under one repository (per BMadCode's
Discord proposal) by importing the standalone Next.js dashboard from
DevHDI/my-bmad@81b28ea into web/, side-by-side with the existing VS
Code extension under src/.

Scope is intentionally minimal:
- Exact verbatim import via `git archive HEAD` from
  DevHDI/my-bmad@81b28ea (the relicense-to-MIT commit on main)
- Zero changes inside src/ — the extension build, lint, type-check,
  and tests are unaffected
- Root eslint.config.mjs ignores web/** so the extension's strict
  TypeScript rules do not lint the Next.js code with extension-only
  policies
- Root .prettierignore ignores web/ for the same reason
- Root README updated with a "Repository structure" section
  documenting the side-by-side layout

Out of scope (deferred to follow-up PRs once Brian and Evie weigh in):
- pnpm workspace / monorepo restructuring
- Shared parser package (each subproject keeps its own parser for now)
- CI for the web dashboard
- Preview deployment / hosting

Note on web/.github/: the import is verbatim, so a nested .github/
folder is included for provenance. GitHub only executes workflows
under the repository's top-level .github/workflows, so the nested
ones do not run.

Verification:
- pnpm install --frozen-lockfile (root): clean
- pnpm typecheck (extension + webview): clean
- pnpm test (extension): 706/706
- pnpm build (extension): produces extension + webview bundles
- pnpm lint (extension): clean (only the 2 pre-existing no-console
  warnings; no web/ files scanned)
- cd web && pnpm install --frozen-lockfile: clean
- cd web && pnpm tsc --noEmit: clean
- cd web && pnpm test: 151/151
- cd web && pnpm build: clean

Author: DevHDI

.prettierignore

@@ -1,4 +1,5 @@
 _bmad/
 _bmad-output/
 .claude/
-CHANGELOG.md
+CHANGELOG.md
+web/

README.md

@@ -2,6 +2,18 @@
 
 A VS Code extension that acts as a real-time GPS for BMAD V6 projects. It monitors workflow artifacts, tracks sprint progress, and recommends next actions — all without leaving the editor.
 
+## Repository structure
+
+This repository hosts two BMAD UI surfaces, intentionally side-by-side
+without a workspace orchestrator:
+
+- **`src/`** — The VS Code extension documented below (BMAD Dashboard inside the IDE).
+- **`web/`** — A standalone Next.js dashboard (`MyBMAD`) for visualizing BMAD projects from GitHub repositories or local folders, in any browser. See [`web/README.md`](./web/README.md) for its own setup and feature list.
+
+Each subproject keeps its own `package.json`, lockfile, configs, and tests. Running `pnpm install` at the root installs **only** the extension. To work on the web dashboard, `cd web && pnpm install` separately. Tests, type-check, build, and lint run independently per subproject.
+
+Both subprojects are MIT-licensed.
+
 ## Features
 
 ### Sidebar Dashboard

eslint.config.mjs

@@ -191,6 +191,6 @@ export default defineConfig(
   // IGNORES
   // ============================================================================
   {
-    ignores: ['out/', 'node_modules/', '.vscode-test/', 'coverage/', '*.js', '*.mjs'],
+    ignores: ['out/', 'node_modules/', '.vscode-test/', 'coverage/', '*.js', '*.mjs', 'web/**'],
   }
 );

web/.dockerignore

@@ -0,0 +1,17 @@
+node_modules
+.next
+.git
+
+# Fichiers d'environnement — ne pas copier les secrets dans l'image
+.env
+.env.*
+
+# Artefacts de projet non necessaires dans l'image
+_bmad-output
+_bmad
+docs
+
+# Fichiers markdown — non necessaires dans l'image de production
+# Seul README.md est conserve
+*.md
+!README.md

web/.env.example

@@ -0,0 +1,99 @@
+# =============================================================================
+# MyBMAD Dashboard — Environment Variables
+# =============================================================================
+# Copy this file to .env and fill in your values:
+#   cp .env.example .env
+#
+# Or use the setup script to auto-generate secrets:
+#   bash scripts/setup.sh
+#
+# Never commit .env or .env.local to version control.
+# =============================================================================
+
+# --- Database ---
+# PostgreSQL connection string.
+# If using the included docker-compose.yml, the default below works out of the box.
+# Format: postgresql://<user>:<password>@<host>:<port>/<database>
+DATABASE_URL=postgresql://bmad:bmad_dev_password@localhost:5433/bmad_dashboard
+
+# --- Authentication (Better Auth) ---
+# Random secret used to sign session tokens. Must be a long random string.
+# Generate with:  openssl rand -base64 32
+BETTER_AUTH_SECRET=
+
+# Base URL where the app is running.
+# For local development, use http://localhost:3000
+BETTER_AUTH_URL=http://localhost:3000
+
+# --- Registration Control ---
+# Allow new users to sign up via email/password (default: false).
+# For first deployment: set to true, create your account, then disable.
+# Or use: pnpm db:create-admin --email admin@example.com --password secret --name Admin
+# ALLOW_REGISTRATION=true
+
+# --- Local Filesystem (self-hosted only) ---
+# Enable local folder imports. Only works when the Next.js server runs on the
+# same machine as the user's files (self-hosted deployment).
+# ENABLE_LOCAL_FS=true
+
+# --- GitHub OAuth App (optional — omit to disable GitHub login) ---
+# Required for "Login with GitHub". Create an OAuth App at:
+#   https://github.com/settings/developers → "New OAuth App"
+#
+#   Application name:         MyBMAD (or anything you like)
+#   Homepage URL:             http://localhost:3000
+#   Authorization callback:   http://localhost:3000/api/auth/callback/github
+#
+# After creating the app, copy the Client ID and generate a Client Secret.
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+
+# --- GitHub Personal Access Token (optional) ---
+# Without a PAT, GitHub API allows 60 requests/hour.
+# With a PAT, you get 5,000 requests/hour — highly recommended.
+#
+# Create one at: https://github.com/settings/tokens → "Generate new token (classic)"
+# Required scopes:
+#   - "public_repo" for public repositories only
+#   - "repo"        for private repositories
+GITHUB_PAT=
+
+# --- Cache Revalidation ---
+# Random secret to protect the /api/revalidate endpoint.
+# Generate with:  openssl rand -hex 32
+REVALIDATE_SECRET=
+
+# --- Session (optional, defaults shown) ---
+# SESSION_EXPIRES_IN=604800  # 7 days in seconds
+# SESSION_UPDATE_AGE=86400   # 1 day in seconds
+
+# =============================================================================
+# PRODUCTION DEPLOYMENT (docker/docker-compose.prod.yml)
+# =============================================================================
+# In production, TWO environment files are used:
+#
+# .env         — Docker Compose interpolation (parse time)
+#   Variables used by Docker Compose: DOMAIN, ACME_EMAIL, POSTGRES_*
+#
+# .env.local   — Runtime variables injected into the Next.js container
+#   Contains: BETTER_AUTH_SECRET, BETTER_AUTH_URL, GITHUB_CLIENT_ID,
+#             GITHUB_CLIENT_SECRET, DATABASE_URL (production)
+#   (Copy the top variables from this file into .env.local with production values)
+# =============================================================================
+
+# Domain for Traefik routing and Let's Encrypt certificates
+# DOMAIN=yourdomain.example.com
+
+# Email for Let's Encrypt certificate notifications
+# ACME_EMAIL=admin@example.com
+
+# PostgreSQL credentials (used by both the postgres service AND DATABASE_URL)
+# POSTGRES_DB=bmad_dashboard
+# POSTGRES_USER=bmad
+# POSTGRES_PASSWORD=change_me_in_production
+
+# Production DATABASE_URL (uses internal Docker network, port 5432)
+# DATABASE_URL=postgresql://bmad:change_me_in_production@postgres:5432/bmad_dashboard
+
+# BETTER_AUTH_URL must match your production domain
+# BETTER_AUTH_URL=https://yourdomain.example.com

web/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug Report
+about: Create a report to help us improve
+title: "[BUG] "
+labels: bug
+assignees: ''
+---
+
+## Description
+A clear description of the bug.
+
+## Steps to Reproduce
+1. Go to '...'
+2. Click on '...'
+3. See error
+
+## Expected Behavior
+What you expected to happen.
+
+## Actual Behavior
+What actually happened.
+
+## Environment
+- OS: [e.g. macOS 14]
+- Browser: [e.g. Chrome 120]
+- Docker version: [if applicable]
+- Node version: [e.g. 20.x]

web/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Vulnerability
+    url: https://github.com/DevHDI/my-bmad/security/advisories/new
+    about: Please report security vulnerabilities via GitHub Security Advisories

web/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+title: "[FEAT] "
+labels: enhancement
+assignees: ''
+---
+
+## Problem
+A clear description of the problem or limitation.
+
+## Proposed Solution
+Describe the solution you'd like.
+
+## Alternatives
+Other solutions you've considered.
+
+## Additional Context
+Any other context or screenshots.

web/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,31 @@
+## Summary
+
+Briefly describe what this PR does and why.
+
+Closes #<!-- issue number -->
+
+## Type of Change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Refactoring (no behavior change)
+- [ ] Documentation update
+- [ ] Dependency update
+
+## Changes Made
+
+-
+-
+
+## Testing
+
+Describe how you tested this change:
+
+- [ ] `pnpm lint` passes
+- [ ] `pnpm test` passes
+- [ ] `pnpm build` succeeds
+- [ ] Tested manually in browser
+
+## Screenshots (if UI change)
+
+<!-- Add before/after screenshots here -->

web/.github/workflows/ci.yml

@@ -0,0 +1,77 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint-and-test:
+    name: Lint & Test
+    runs-on: ubuntu-latest
+    env:
+      DATABASE_URL: postgresql://placeholder:placeholder@localhost:5432/placeholder
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Generate Prisma client
+        run: pnpm db:generate
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Run tests
+        run: pnpm test
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: lint-and-test
+    env:
+      DATABASE_URL: postgresql://placeholder:placeholder@localhost:5432/placeholder
+      BETTER_AUTH_SECRET: ci-placeholder-secret-do-not-use
+      BETTER_AUTH_URL: http://localhost:3000
+      GITHUB_CLIENT_ID: placeholder
+      GITHUB_CLIENT_SECRET: placeholder
+      REVALIDATE_SECRET: placeholder
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Generate Prisma client
+        run: pnpm db:generate
+
+      - name: Build
+        run: pnpm build