feat: import MyBMAD web dashboard alongside VS Code extension

.prettierignore

@@ -1,4 +1,5 @@
 _bmad/
 _bmad-output/
 .claude/
-CHANGELOG.md
+CHANGELOG.md
+web/

README.md

@@ -2,6 +2,18 @@
 
 A VS Code extension that acts as a real-time GPS for BMAD V6 projects. It monitors workflow artifacts, tracks sprint progress, and recommends next actions — all without leaving the editor.
 
+## Repository structure
+
+This repository hosts two BMAD UI surfaces, intentionally side-by-side
+without a workspace orchestrator:
+
+- **`src/`** — The VS Code extension documented below (BMAD Dashboard inside the IDE).
+- **`web/`** — A standalone Next.js dashboard (`MyBMAD`) for visualizing BMAD projects from GitHub repositories or local folders, in any browser. See [`web/README.md`](./web/README.md) for its own setup and feature list.
+
+Each subproject keeps its own `package.json`, lockfile, configs, and tests. Running `pnpm install` at the root installs **only** the extension. To work on the web dashboard, `cd web && pnpm install` separately. Tests, type-check, build, and lint run independently per subproject.
+
+Both subprojects are MIT-licensed.
+
 ## Features
 
 ### Sidebar Dashboard

eslint.config.mjs

@@ -191,6 +191,6 @@ export default defineConfig(
   // IGNORES
   // ============================================================================
   {
-    ignores: ['out/', 'node_modules/', '.vscode-test/', 'coverage/', '*.js', '*.mjs'],
+    ignores: ['out/', 'node_modules/', '.vscode-test/', 'coverage/', '*.js', '*.mjs', 'web/**'],
   }
 );

web/.dockerignore

@@ -0,0 +1,17 @@
+node_modules
+.next
+.git
+
+# Fichiers d'environnement — ne pas copier les secrets dans l'image
+.env
+.env.*
+
+# Artefacts de projet non necessaires dans l'image
+_bmad-output
+_bmad
+docs
+
+# Fichiers markdown — non necessaires dans l'image de production
+# Seul README.md est conserve
+*.md
+!README.md

web/.env.example

@@ -0,0 +1,99 @@
+# =============================================================================
+# MyBMAD Dashboard — Environment Variables
+# =============================================================================
+# Copy this file to .env and fill in your values:
+#   cp .env.example .env
+#
+# Or use the setup script to auto-generate secrets:
+#   bash scripts/setup.sh
+#
+# Never commit .env or .env.local to version control.
+# =============================================================================
+
+# --- Database ---
+# PostgreSQL connection string.
+# If using the included docker-compose.yml, the default below works out of the box.
+# Format: postgresql://<user>:<password>@<host>:<port>/<database>
+DATABASE_URL=postgresql://bmad:bmad_dev_password@localhost:5433/bmad_dashboard
+
+# --- Authentication (Better Auth) ---
+# Random secret used to sign session tokens. Must be a long random string.
+# Generate with:  openssl rand -base64 32
+BETTER_AUTH_SECRET=
+
+# Base URL where the app is running.
+# For local development, use http://localhost:3000
+BETTER_AUTH_URL=http://localhost:3000
+
+# --- Registration Control ---
+# Allow new users to sign up via email/password (default: false).
+# For first deployment: set to true, create your account, then disable.
+# Or use: pnpm db:create-admin --email admin@example.com --password secret --name Admin
+# ALLOW_REGISTRATION=true
+
+# --- Local Filesystem (self-hosted only) ---
+# Enable local folder imports. Only works when the Next.js server runs on the
+# same machine as the user's files (self-hosted deployment).
+# ENABLE_LOCAL_FS=true
+
+# --- GitHub OAuth App (optional — omit to disable GitHub login) ---
+# Required for "Login with GitHub". Create an OAuth App at:
+#   https://github.com/settings/developers → "New OAuth App"
+#
+#   Application name:         MyBMAD (or anything you like)
+#   Homepage URL:             http://localhost:3000
+#   Authorization callback:   http://localhost:3000/api/auth/callback/github
+#
+# After creating the app, copy the Client ID and generate a Client Secret.
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+
+# --- GitHub Personal Access Token (optional) ---
+# Without a PAT, GitHub API allows 60 requests/hour.
+# With a PAT, you get 5,000 requests/hour — highly recommended.
+#
+# Create one at: https://github.com/settings/tokens → "Generate new token (classic)"
+# Required scopes:
+#   - "public_repo" for public repositories only
+#   - "repo"        for private repositories
+GITHUB_PAT=
+
+# --- Cache Revalidation ---
+# Random secret to protect the /api/revalidate endpoint.
+# Generate with:  openssl rand -hex 32
+REVALIDATE_SECRET=
+
+# --- Session (optional, defaults shown) ---
+# SESSION_EXPIRES_IN=604800  # 7 days in seconds
+# SESSION_UPDATE_AGE=86400   # 1 day in seconds
+
+# =============================================================================
+# PRODUCTION DEPLOYMENT (docker/docker-compose.prod.yml)
+# =============================================================================
+# In production, TWO environment files are used:
+#
+# .env         — Docker Compose interpolation (parse time)
+#   Variables used by Docker Compose: DOMAIN, ACME_EMAIL, POSTGRES_*
+#
+# .env.local   — Runtime variables injected into the Next.js container
+#   Contains: BETTER_AUTH_SECRET, BETTER_AUTH_URL, GITHUB_CLIENT_ID,
+#             GITHUB_CLIENT_SECRET, DATABASE_URL (production)
+#   (Copy the top variables from this file into .env.local with production values)
+# =============================================================================
+
+# Domain for Traefik routing and Let's Encrypt certificates
+# DOMAIN=yourdomain.example.com
+
+# Email for Let's Encrypt certificate notifications
+# ACME_EMAIL=admin@example.com
+
+# PostgreSQL credentials (used by both the postgres service AND DATABASE_URL)
+# POSTGRES_DB=bmad_dashboard
+# POSTGRES_USER=bmad
+# POSTGRES_PASSWORD=change_me_in_production
+
+# Production DATABASE_URL (uses internal Docker network, port 5432)
+# DATABASE_URL=postgresql://bmad:change_me_in_production@postgres:5432/bmad_dashboard
+
+# BETTER_AUTH_URL must match your production domain
+# BETTER_AUTH_URL=https://yourdomain.example.com

web/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug Report
+about: Create a report to help us improve
+title: "[BUG] "
+labels: bug
+assignees: ''
+---
+
+## Description
+A clear description of the bug.
+
+## Steps to Reproduce
+1. Go to '...'
+2. Click on '...'
+3. See error
+
+## Expected Behavior
+What you expected to happen.
+
+## Actual Behavior
+What actually happened.
+
+## Environment
+- OS: [e.g. macOS 14]
+- Browser: [e.g. Chrome 120]
+- Docker version: [if applicable]
+- Node version: [e.g. 20.x]

web/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Vulnerability
+    url: https://github.com/DevHDI/my-bmad/security/advisories/new
+    about: Please report security vulnerabilities via GitHub Security Advisories

web/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+title: "[FEAT] "
+labels: enhancement
+assignees: ''
+---
+
+## Problem
+A clear description of the problem or limitation.
+
+## Proposed Solution
+Describe the solution you'd like.
+
+## Alternatives
+Other solutions you've considered.
+
+## Additional Context
+Any other context or screenshots.

web/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,31 @@
+## Summary
+
+Briefly describe what this PR does and why.
+
+Closes #<!-- issue number -->
+
+## Type of Change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Refactoring (no behavior change)
+- [ ] Documentation update
+- [ ] Dependency update
+
+## Changes Made
+
+-
+-
+
+## Testing
+
+Describe how you tested this change:
+
+- [ ] `pnpm lint` passes
+- [ ] `pnpm test` passes
+- [ ] `pnpm build` succeeds
+- [ ] Tested manually in browser
+
+## Screenshots (if UI change)
+
+<!-- Add before/after screenshots here -->

web/.github/workflows/ci.yml

@@ -0,0 +1,77 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint-and-test:
+    name: Lint & Test
+    runs-on: ubuntu-latest
+    env:
+      DATABASE_URL: postgresql://placeholder:placeholder@localhost:5432/placeholder
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Generate Prisma client
+        run: pnpm db:generate
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Run tests
+        run: pnpm test
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: lint-and-test
+    env:
+      DATABASE_URL: postgresql://placeholder:placeholder@localhost:5432/placeholder
+      BETTER_AUTH_SECRET: ci-placeholder-secret-do-not-use
+      BETTER_AUTH_URL: http://localhost:3000
+      GITHUB_CLIENT_ID: placeholder
+      GITHUB_CLIENT_SECRET: placeholder
+      REVALIDATE_SECRET: placeholder
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Generate Prisma client
+        run: pnpm db:generate
+
+      - name: Build
+        run: pnpm build

web/.gitignore

@@ -0,0 +1,61 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/versions
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# env files (can opt-in for committing if needed)
+.env*
+!.env.example
+
+# Claude Code / MCP configuration (IDE-specific, not needed for contributors)
+.mcp.json
+/.claude/
+/.agents/
+skills-lock.json
+
+# playwright mcp screenshots
+.playwright-mcp/
+
+# BMAD methodology system and planning artifacts (local use only)
+/_bmad/
+/_bmad-output/
+
+# runtime data
+/data/
+
+# prisma generated client
+/src/generated/
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts

web/.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+  "css.customData": [],
+  "css.lint.unknownAtRules": "ignore"
+}