memtrace-skills 0.8.2 → 0.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/commands/doctor.js +11 -0
  2. package/dist/index.js +1 -1
  3. package/dist/rail-install.js +4 -15
  4. package/dist/transformers/codex.js +7 -80
  5. package/dist/transformers/index.d.ts +2 -1
  6. package/dist/transformers/index.js +3 -1
  7. package/dist/transformers/opencode.js +5 -21
  8. package/dist/transformers/rail-hooks.d.ts +13 -0
  9. package/dist/transformers/rail-hooks.js +50 -0
  10. package/dist/transformers/types.d.ts +1 -1
  11. package/dist/transformers/warp.d.ts +4 -0
  12. package/dist/transformers/warp.js +83 -0
  13. package/package.json +1 -1
  14. package/plugins/memtrace-skills/.claude-plugin/plugin.json +1 -1
  15. package/plugins/memtrace-skills/references/mcp-parameters.md +7 -4
  16. package/plugins/memtrace-skills/skills/memtrace-change-impact-analysis/SKILL.md +19 -7
  17. package/plugins/memtrace-skills/skills/memtrace-decision-memory/SKILL.md +16 -12
  18. package/plugins/memtrace-skills/skills/memtrace-decision-recall/SKILL.md +7 -4
  19. package/plugins/memtrace-skills/skills/memtrace-docs/SKILL.md +121 -0
  20. package/plugins/memtrace-skills/skills/memtrace-docs-ask/SKILL.md +91 -0
  21. package/plugins/memtrace-skills/skills/memtrace-docs-read/SKILL.md +84 -0
  22. package/plugins/memtrace-skills/skills/memtrace-docs-search/SKILL.md +87 -0
  23. package/plugins/memtrace-skills/skills/memtrace-first/SKILL.md +21 -3
  24. package/plugins/memtrace-skills/skills/memtrace-preflight/SKILL.md +14 -1
  25. package/plugins/memtrace-skills/skills/memtrace-provenance/SKILL.md +7 -4
  26. package/plugins/memtrace-skills/skills/memtrace-refactoring-guide/SKILL.md +21 -9
  27. package/skills/commands/memtrace-decision-recall.md +7 -4
  28. package/skills/commands/memtrace-docs-ask.md +99 -0
  29. package/skills/commands/memtrace-docs-read.md +91 -0
  30. package/skills/commands/memtrace-docs-search.md +94 -0
  31. package/skills/commands/memtrace-preflight.md +17 -1
  32. package/skills/commands/memtrace-provenance.md +7 -4
  33. package/skills/workflows/memtrace-change-impact-analysis.md +23 -7
  34. package/skills/workflows/memtrace-decision-memory.md +16 -12
  35. package/skills/workflows/memtrace-docs.md +129 -0
  36. package/skills/workflows/memtrace-first.md +25 -3
  37. package/skills/workflows/memtrace-refactoring-guide.md +25 -9
@@ -0,0 +1,129 @@
1
+ ---
2
+ name: memtrace-docs
3
+ description: "Route Memtrace product documentation questions to the hosted docs MCP tools before guessing, searching the web, or reading stale local copies. Use when the user asks how Memtrace works, how to install/configure CLI/MCP/fleet/Cortex/enterprise MemDB, what tools or skills exist, what a command does, or wants the agent to read up on official docs. Calls search_docs, ask_docs, or read_doc on memtrace.io (override with MEMTRACE_DOCS_API_URL). Do not hallucinate Memtrace behavior — query docs first. Separate from memtrace-first (your repo's code graph)."
4
+ allowed-tools:
5
+ - mcp__memtrace__search_docs
6
+ - mcp__memtrace__ask_docs
7
+ - mcp__memtrace__read_doc
8
+ metadata:
9
+ author: "Syncable <support@syncable.dev>"
10
+ version: "1.0.0"
11
+ category: development
12
+ ---
13
+
14
+ # Memtrace Docs First
15
+
16
+ ## The Iron Law
17
+
18
+ ```
19
+ IF THE USER ASKS ABOUT MEMTRACE PRODUCT DOCS → USE DOCS MCP TOOLS FIRST.
20
+ Do not guess CLI flags, MCP tool lists, enterprise deploy steps, or fleet rules
21
+ from memory. Query the hosted documentation corpus at memtrace.io (or
22
+ MEMTRACE_DOCS_API_URL), then answer with citations.
23
+
24
+ memtrace-first = your indexed SOURCE CODE (find_code, get_impact, …)
25
+ memtrace-docs = official MEMTRACE DOCUMENTATION (search_docs, ask_docs, read_doc)
26
+ ```
27
+
28
+ Docs tools call the **hosted** Memtrace docs API over HTTPS. They do **not** read
29
+ your local MemDB or your repo. Core graph tools stay offline; docs tools degrade
30
+ gracefully when the network is down (`ok: false` + hint).
31
+
32
+ ## Server check (once per session)
33
+
34
+ Confirm the docs tools are available on your `memtrace` MCP server:
35
+
36
+ - `search_docs` — ranked chunks (slug, title, H2, excerpt)
37
+ - `ask_docs` — grounded Q&A `{ answer, citations[], refused }`
38
+ - `read_doc` — full page text by slug
39
+ - Resources: `memtrace://docs/<slug>` via `read_resource` (optional)
40
+
41
+ If none of these exist, the MCP build may be outdated — tell the user to update
42
+ Memtrace and run `npx -y memtrace-skills@latest install`.
43
+
44
+ Override API host: `MEMTRACE_DOCS_API_URL` (default `https://memtrace.io`).
45
+
46
+ ## The decision rule
47
+
48
+ | User is asking | Right tool | Sub-skill |
49
+ |---|---|---|
50
+ | "How do I install / configure / deploy X in Memtrace?" | `ask_docs(question=…)` | `memtrace-docs-ask` |
51
+ | "What MCP tools / skills / CLI commands exist?" | `ask_docs` or `search_docs` then `read_doc` on hit slugs | `memtrace-docs-ask` / `memtrace-docs-search` |
52
+ | "What does `memtrace rail enable` do?" | `ask_docs` | `memtrace-docs-ask` |
53
+ | "Find docs about fleet coordination" | `search_docs(query=…)` | `memtrace-docs-search` |
54
+ | "Read the full getting-started page" | `read_doc(slug="getting-started")` | `memtrace-docs-read` |
55
+ | "Read enterprise MemDB deploy guide" | `read_doc(slug="enterprise/memdb-deploy")` | `memtrace-docs-read` |
56
+ | Need several related sections | `search_docs` → `read_doc` on top slugs | `memtrace-docs-search` + `memtrace-docs-read` |
57
+
58
+ **Default for natural-language questions:** `ask_docs` — it retrieves context and
59
+ returns a cited answer in one call.
60
+
61
+ **Default for "find the doc about…":** `search_docs` — scan chunks, then `read_doc`
62
+ if you need the full page.
63
+
64
+ ## Standard workflows
65
+
66
+ ### "How does X work in Memtrace?" (most common)
67
+
68
+ 1. `ask_docs(question="<user question verbatim>")`
69
+ 2. If `refused: true` or `ok: false` → `search_docs` with shorter keywords → `read_doc` on best slug
70
+ 3. Quote the answer; link slugs as `/docs/<slug>` when helpful
71
+ 4. If docs say "not found", say so — do not invent flags or behavior
72
+
73
+ ### "What tools / commands / skills are available?"
74
+
75
+ 1. `ask_docs(question="What MCP tools are available?")` or fleet/skills variant
76
+ 2. If the answer lists categories but user wants exhaustive detail → `read_doc(slug="mcp/tools")`
77
+ 3. For agent skills → `read_doc(slug="mcp/skills")`
78
+
79
+ ### "Read up on X before we implement"
80
+
81
+ 1. `search_docs(query="X", limit=8)`
82
+ 2. `read_doc(slug=<top hit>)` for each page you will rely on
83
+ 3. Summarize with citations; use `memtrace-first` only when switching to **their repo's code**
84
+
85
+ ### Enterprise / self-hosted MemDB
86
+
87
+ 1. `ask_docs(question="How do I deploy MemDB with Helm on Azure?")` or user wording
88
+ 2. Follow-up `read_doc(slug="enterprise/memdb-deploy")` for operator steps
89
+ 3. Engineer connect → `read_doc(slug="enterprise/connect")` or `cli/connect`
90
+
91
+ ## Red flags — STOP, use docs tools
92
+
93
+ | Thought | Reality |
94
+ |---|---|
95
+ | "I know how Memtrace fleet works from training data" | Product docs change — `ask_docs` first |
96
+ | "I'll grep the repo for README" | User repo ≠ official docs — use `search_docs` / `read_doc` |
97
+ | "I'll web-search Memtrace" | Use hosted docs API — same corpus as memtrace.io/docs |
98
+ | `ask_docs` returned `refused: true` | Docs corpus had no match — say so; try `search_docs` with different terms |
99
+ | `ok: false` network error | Report offline; core Memtrace graph tools still work locally |
100
+
101
+ ## Relationship to other skills
102
+
103
+ | Skill | When |
104
+ |---|---|
105
+ | `memtrace-docs` | Questions about **Memtrace product** (install, MCP, fleet, Cortex, enterprise) |
106
+ | `memtrace-first` | Questions about **the user's indexed source code** |
107
+ | `memtrace-decision-memory` | **Why** code exists (Cortex decisions) — not product docs |
108
+
109
+ Use both when needed: docs for "how is Memtrace supposed to work?", graph tools for
110
+ "how does *this repo* implement it?"
111
+
112
+ ## Output
113
+
114
+ Prefer citing doc slugs returned in `citations` or `search_docs` results:
115
+
116
+ ```
117
+ ask_docs → { ok: true, answer: "…", citations: ["cli/rail", "mcp/skills"], refused: false }
118
+ search_docs → { ok: true, results: [{ slug, pageTitle, h2Title, excerpt }] }
119
+ read_doc → { ok: true, slug, title, body }
120
+ ```
121
+
122
+ When `refused: true`, tell the user the docs did not cover it and suggest browsing
123
+ https://memtrace.io/docs or rephrasing.
124
+
125
+ ## Sub-skills
126
+
127
+ - Discovery / chunk search → `memtrace-docs-search`
128
+ - Grounded Q&A → `memtrace-docs-ask`
129
+ - Full page read → `memtrace-docs-read`
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: memtrace-first
3
- description: "Route code discovery, debugging, flow tracing, and how-code-works questions in indexed source-code repos to Memtrace graph tools. Use first before searching files, reading code for discovery, debugging, tracing flows, finding implementations, understanding behavior, or answering how code works. Do not use Grep, Glob, rg, find, or manual file browsing for code discovery when Memtrace is indexed. Zero results, missing languages, or partial-looking stats are not permission to grep; diagnose/reindex with Memtrace."
3
+ description: "Route code discovery, debugging, flow tracing, how-code-works questions, and pre-edit rationale checks in indexed source-code repos to Memtrace graph plus Cortex decision tools. Use first before searching/reading code, and before editing, refactoring, deleting, or re-picking an approach that may have a recorded decision, ban, convention, or contract. Do not use Grep, Glob, rg, find, or manual file browsing for code discovery when Memtrace is indexed. Zero results are not permission to grep; diagnose/reindex with Memtrace."
4
4
  allowed-tools:
5
5
  - mcp__memtrace__list_indexed_repositories
6
6
  - mcp__memtrace__index_directory
@@ -23,6 +23,10 @@ allowed-tools:
23
23
  - mcp__memtrace__get_style_fingerprint
24
24
  - mcp__memtrace__find_most_complex_functions
25
25
  - mcp__memtrace__get_source_window
26
+ - mcp__memtrace__recall_decision
27
+ - mcp__memtrace__verify_intent
28
+ - mcp__memtrace__why_is_this_here
29
+ - mcp__memtrace__governing_contracts
26
30
  - Read
27
31
  - Grep
28
32
  - Glob
@@ -44,6 +48,12 @@ ONLY when you're about to edit or quote, and read only the bounded span
44
48
  returned by Memtrace (start_line .. end_line + small context). Do not
45
49
  Grep/Glob/Find to "locate" anything already in the graph, and do not read
46
50
  the whole file when Memtrace has given you exact lines.
51
+
52
+ BEFORE you edit/refactor/delete existing code or choose/re-pick a pattern,
53
+ call Cortex decision memory: recall_decision for the symbol/subsystem/approach,
54
+ and use provenance/contracts when a symbol_id is available. Use Memtrace's graph
55
+ tools for structure and blast radius; use Cortex for rationale, bans, and
56
+ contracts.
47
57
  ```
48
58
 
49
59
  Memtrace is the **memory layer** of the codebase, not a search engine that returns code. It has the full knowledge graph — every symbol, call, import, community, process, and API — with a time dimension. The point is to navigate that graph: who calls this, what's the blast radius, when did this change, what community is it part of. File tools are blind to all of that.
@@ -103,6 +113,8 @@ For everything else inside the indexed repo, memtrace is the right tool.
103
113
  | "Find the function that uses `STRIPE_KEY_FOO_BAR`" | `find_code(query="STRIPE_KEY_FOO_BAR")` → semantic finds it inside any embedded body. |
104
114
  | "Where's that error message `'connection refused for tenant'`?" | `find_code(query="connection refused for tenant")` → semantic catches it. |
105
115
  | "What breaks if I change `foo`?" | `get_impact(repo_id, target="foo")` → blast radius. |
116
+ | "Should I change/delete/refactor `foo`?" | `find_symbol`/`get_symbol_context` → `recall_decision("foo / subsystem / approach")`; if a symbol id is available, `why_is_this_here` + `governing_contracts`; then `get_impact`. |
117
+ | "Can I use/switch to pattern or library X?" | `recall_decision("X")` FIRST; bans and conventions are decisions. Verify a matching decision with `verify_intent(decision_id)` before relying on it. |
106
118
  | "What changed in `auth.ts` last week?" | `get_evolution(repo_id, from="7d ago", mode="recent", file_path="auth.ts")`. |
107
119
  | "List all `*.test.ts` files." | `Glob` (file inventory, not symbol search). |
108
120
  | "Find this string in my `.env`." | `Grep` (non-source artifact). |
@@ -160,6 +172,8 @@ If not indexed → offer to index with `mcp__memtrace__index_directory`, then fo
160
172
  | What files change together? | `get_cochange_context` |
161
173
  | Architecture overview | `list_communities` + `find_central_symbols` |
162
174
  | About to edit / quote — need exact lines | Bounded `Read(file, offset=start_line, limit=N)` (preferred), or `get_source_window` for path-resolution parity |
175
+ | About to edit/refactor/delete existing code | `recall_decision` for the intent + `why_is_this_here`/`governing_contracts` when a symbol id is available, then `get_impact` |
176
+ | About to choose or replace a library/pattern/architecture | `recall_decision` first; use `verify_intent` on any matching decision before contradicting it |
163
177
  | About to choose between competing idioms (ternary vs if-else, arrow vs fn-decl, const vs let, await vs `.then`) | `get_style_fingerprint(repo_id, file_path)` — empirical codebase norm; see `memtrace-style-fingerprint` workflow |
164
178
 
165
179
  ## Standard Workflows
@@ -185,8 +199,10 @@ If not indexed → offer to index with `mcp__memtrace__index_directory`, then fo
185
199
  ### Before any code modification
186
200
  1. `find_symbol` → confirm you have the right target
187
201
  2. `get_symbol_context` → understand full context
188
- 3. `get_impact` → know blast radius before touching anything
189
- 4. `get_style_fingerprint(repo_id, file_path=<file>)` match the codebase's empirical idiom (ternary vs if-else, arrow vs fn-decl, etc.) see `memtrace-style-fingerprint` workflow for the full decision rule
202
+ 3. `recall_decision("<symbol/subsystem/approach>")` → surface recorded choices, bans, and conventions before deciding what to do
203
+ 4. If a `symbol_id` is available, `why_is_this_here(symbol_id)` + `governing_contracts(symbol_id)` before deleting, rewriting, or "cleaning up" odd code
204
+ 5. `get_impact` → know blast radius before touching anything
205
+ 6. `get_style_fingerprint(repo_id, file_path=<file>)` → match the codebase's empirical idiom (ternary vs if-else, arrow vs fn-decl, etc.) — see `memtrace-style-fingerprint` workflow for the full decision rule
190
206
 
191
207
  ## Red Flags — STOP, Use Memtrace Instead
192
208
 
@@ -197,6 +213,9 @@ You are violating this skill if you think:
197
213
  | "Let me grep for this" | `find_code` or `find_symbol` is faster and structurally aware |
198
214
  | "Let me glob for the file" | `find_symbol` returns exact location with context |
199
215
  | "Let me read the whole file" | `get_symbol_context` for the WHY (callers/callees/community); a bounded source read at start_line..end_line for the WHAT |
216
+ | "I know why this is written this way" | Check Cortex first. Use `recall_decision`; use `why_is_this_here`/`governing_contracts` when you have a symbol id. |
217
+ | "This looks unused/weird; I'll remove it" | `why_is_this_here` + `governing_contracts` first, then blast radius. CannotProve is unknown, not permission. |
218
+ | "I'll just switch to library/pattern X" | `recall_decision("X")` first — you may be reintroducing a banned approach. |
200
219
  | "It's just a quick search" | Grep has no understanding of call graphs, communities, or time |
201
220
  | "I don't know if it's indexed" | Check with `list_indexed_repositories` first — takes 1 second |
202
221
  | "Memtrace returned 0 results" | Broaden the Memtrace query, check repo_id/path coverage, then reindex if needed |
@@ -210,6 +229,7 @@ Use Grep/Glob/Read ONLY for:
210
229
  - Non-source files or paths outside every indexed source repo
211
230
  - Files that are config, data, or docs (not source code symbols)
212
231
  - Repos or paths confirmed outside every Memtrace indexed root
232
+ - **Official Memtrace product documentation** — use `memtrace-docs` (`ask_docs` / `search_docs` / `read_doc`), not file tools or web search
213
233
 
214
234
  For source-code spans already located by Memtrace, use a **bounded** read —
215
235
  your harness's `Read(file, offset, limit)` with the returned `start_line` /
@@ -227,9 +247,11 @@ When this skill applies, it overrides default file-search behavior. Use the spec
227
247
  - Discovery → `memtrace-search`
228
248
  - Impact analysis → `memtrace-impact`
229
249
  - Temporal / change analysis → `memtrace-evolution`
250
+ - Rationale / prior decisions / bans / contracts → `memtrace-decision-memory`
230
251
  - Incident investigation → `memtrace-incident-investigation`
231
252
  - Architecture overview → `memtrace-codebase-exploration`
232
253
  - Refactoring → `memtrace-refactoring-guide`
254
+ - Memtrace **product docs** (install, CLI, MCP, enterprise) → `memtrace-docs`
233
255
 
234
256
  ## Output
235
257
 
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: memtrace-refactoring-guide
3
- description: "Build a phased, risk-scored refactoring plan from Memtrace complexity, dead-code, bridge, and impact analysis. Use when the user wants to refactor source code, reduce complexity, clean technical debt, split large functions, extract modules, reorganize code, or choose refactoring priorities. Do not use Grep or manual reference search to plan refactors; Memtrace provides complexity, dead-code, relationships, and impact context."
3
+ description: "Build a phased, risk-scored refactoring plan from Memtrace complexity, dead-code, bridge, impact analysis, and Cortex decision-memory constraints. Use when the user wants to refactor source code, reduce complexity, clean technical debt, delete dead code, split large functions, extract modules, reorganize code, or choose refactoring priorities. Do not plan refactors from grep/manual reference search alone; check graph impact and decision rationale/bans/contracts before changing existing code."
4
4
  allowed-tools:
5
5
  - mcp__memtrace__find_most_complex_functions
6
6
  - mcp__memtrace__find_dead_code
@@ -10,6 +10,10 @@ allowed-tools:
10
10
  - mcp__memtrace__get_symbol_context
11
11
  - mcp__memtrace__analyze_relationships
12
12
  - mcp__memtrace__list_communities
13
+ - mcp__memtrace__recall_decision
14
+ - mcp__memtrace__why_is_this_here
15
+ - mcp__memtrace__governing_contracts
16
+ - mcp__memtrace__verify_intent
13
17
  metadata:
14
18
  author: "Syncable <support@syncable.dev>"
15
19
  version: "1.0.0"
@@ -19,7 +23,7 @@ user-invocable: true
19
23
 
20
24
  ## Overview
21
25
 
22
- Guided refactoring workflow — identifies refactoring candidates using structural analysis, scores them by risk and priority, and produces a phased refactoring plan. Combines complexity metrics, dead code detection, bridge analysis, and temporal evolution to prioritize what to refactor first and how to do it safely.
26
+ Guided refactoring workflow — identifies refactoring candidates using structural analysis, scores them by risk and priority, checks Cortex decision memory for rationale/bans/contracts, and produces a phased refactoring plan. Combines complexity metrics, dead code detection, bridge analysis, temporal evolution, and decision memory to prioritize what to refactor first and how to do it safely.
23
27
 
24
28
  ## Steps
25
29
 
@@ -63,7 +67,17 @@ Also call `get_symbol_context` to check:
63
67
  - How many processes does this symbol participate in? (More = more testing needed)
64
68
  - Is it part of a cross-repo API? (If yes, coordinate with consumers)
65
69
 
66
- ### 4. Understand the neighbourhood
70
+ ### 4. Check decision memory before refactoring/removing
71
+
72
+ For each top candidate, call `recall_decision("<symbol/subsystem/refactor intent>")`.
73
+ If you have a numeric `symbol_id`, call `why_is_this_here(symbol_id)` and
74
+ `governing_contracts(symbol_id)`.
75
+
76
+ - A matching held decision/ban can veto or reshape the refactor.
77
+ - Contracts become acceptance criteria for the new design.
78
+ - CannotProve is unknown, not permission to delete.
79
+
80
+ ### 5. Understand the neighbourhood
67
81
 
68
82
  For each refactoring target, call `analyze_relationships`:
69
83
  - `find_callees` — what does it depend on? These become candidates for extraction
@@ -72,13 +86,13 @@ For each refactoring target, call `analyze_relationships`:
72
86
 
73
87
  Full parameter spec for every Memtrace tool: `references/mcp-parameters.md` (bundled at the memtrace-skills plugin root).
74
88
 
75
- ### 5. Check community boundaries
89
+ ### 6. Check community boundaries
76
90
 
77
91
  Call `list_communities` and check: does the refactoring target sit at a community boundary?
78
92
  - If yes, the refactoring may involve splitting responsibilities across modules
79
93
  - If it belongs clearly to one community, the refactoring is more contained
80
94
 
81
- ### 6. Produce the refactoring plan
95
+ ### 7. Produce the refactoring plan
82
96
 
83
97
  Synthesize into a phased plan:
84
98
 
@@ -98,8 +112,9 @@ For each item, include:
98
112
  1. **Target** — function/class name, file, current complexity score
99
113
  2. **Why** — complexity + volatility + blast radius rationale
100
114
  3. **How** — specific refactoring approach (extract method, split class, introduce interface)
101
- 4. **Risk** — impact analysis rating + affected processes
102
- 5. **Test Plan** — which callers/processes to verify
115
+ 4. **Decision Memory** — relevant Cortex decisions/bans/contracts, or CannotProve as unknown
116
+ 5. **Risk** — impact analysis rating + affected processes
117
+ 6. **Test Plan** — which callers/processes to verify
103
118
 
104
119
  ## Decision Points
105
120
 
@@ -107,9 +122,10 @@ For each item, include:
107
122
  |-----------|--------|
108
123
  | Complex + volatile + high blast radius | Highest priority — but plan carefully; incremental approach |
109
124
  | Complex + stable + low blast radius | Can wait; refactor when you're already touching nearby code |
110
- | Dead code with zero callers | Safe to delete quick win |
125
+ | Dead code with zero callers | Run Cortex provenance/recall first; zero callers is not proof that no decision/contract keeps it |
111
126
  | Bridge symbol with many dependents | Extract interface first, then refactor implementation behind it |
112
127
  | Symbol in cross-repo API | Coordinate with consumers; backward-compatible changes only |
128
+ | Cortex returns a held ban/contract | Preserve it or ask before overriding it |
113
129
 
114
130
  ## Output
115
131
 
@@ -123,7 +139,7 @@ A phased plan (Phases 1–3). One worked entry:
123
139
  | Risk | High — upstream spans 3 processes incl. `checkout_flow`; incremental migration |
124
140
 
125
141
  Acceptance criteria:
126
- - Every plan item cites complexity, volatility, and blast radius — no gut-feel picks.
142
+ - Every plan item cites complexity, volatility, blast radius, and decision-memory status — no gut-feel picks.
127
143
  - High/Critical-risk items include a test plan naming affected callers/processes.
128
144
 
129
145
  ## Common Mistakes