mustflow 1.31.0 → 2.16.0

package/dist/core/check-issues.js

@@ -35,6 +35,12 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.skill.index_route_broad_catch_all', /^Strict warning: \.mustflow\/skills\/INDEX\.md \.mustflow\/skills\/[^/]+\/SKILL\.md route uses broad catch-all trigger ".+" that can shadow narrower skills$/u],
     ['mustflow.skill.index_route_identical_trigger', /^Strict warning: \.mustflow\/skills\/INDEX\.md \.mustflow\/skills\/[^/]+\/SKILL\.md and \.mustflow\/skills\/[^/]+\/SKILL\.md have identical skill route trigger text$/u],
     ['mustflow.skill.index_route_duplicate_surface', /^Strict warning: \.mustflow\/skills\/INDEX\.md \.mustflow\/skills\/[^/]+\/SKILL\.md and \.mustflow\/skills\/[^/]+\/SKILL\.md have duplicate edit scope, risk, and expected output route surface$/u],
+    ['mustflow.skill.route_metadata_missing', /^Strict: \.mustflow\/skills\/routes\.toml is missing metadata for route "[^"]+"$/u],
+    ['mustflow.skill.route_metadata_unlisted', /^Strict: \.mustflow\/skills\/routes\.toml route "[^"]+" is not listed in \.mustflow\/skills\/INDEX\.md$/u],
+    ['mustflow.skill.route_metadata_missing_document', /^Strict: \.mustflow\/skills\/routes\.toml route "[^"]+" points to a missing skill document$/u],
+    ['mustflow.skill.route_metadata_category_mismatch', /^Strict: \.mustflow\/skills\/INDEX\.md route "[^"]+" must appear under the .+ category section from \.mustflow\/skills\/routes\.toml$/u],
+    ['mustflow.skill.route_metadata_unknown_reference', /^Strict: \.mustflow\/skills\/routes\.toml route "[^"]+" references unknown mutually exclusive route "[^"]+"$/u],
+    ['mustflow.skill.route_metadata_asymmetric_exclusion', /^Strict warning: \.mustflow\/skills\/routes\.toml route "[^"]+" lists "[^"]+" as mutually exclusive but the reverse route does not$/u],
     ['mustflow.skill.resource_unknown_command_intent', /^Strict: \.mustflow\/skills\/[^/]+\/resources\.toml script [^\s]+ references unknown command intent "[^"]+"$/u],
     ['mustflow.source_anchor.invalid_format', /^Strict: source anchor .+ has invalid format:/u],
     ['mustflow.source_anchor.duplicate_id', /^Strict: source anchor id "[^"]+" is duplicated:/u],

package/dist/core/completion-verdict.js

@@ -0,0 +1,341 @@
+function createRiskEvidence(input) {
+    return {
+        source_anchor: input.sourceAnchorRiskCount ?? 0,
+        scope_diff: input.scopeDiffRiskCount ?? 0,
+        repeated_failure: input.repeatedFailureCount ?? 0,
+        validation_ratchet: input.validationRatchetRiskCount ?? 0,
+        repro_evidence: input.reproEvidenceRiskCount ?? 0,
+        external_evidence: input.externalEvidenceRiskCount ?? 0,
+        write_drift: input.writeDriftRiskCount ?? 0,
+        receipt_binding: input.receiptBindingRiskCount ?? 0,
+        stale_receipt: input.staleReceiptCount ?? 0,
+        plan_mismatch: input.planMismatchCount ?? 0,
+    };
+}
+function emptyReceiptBindingEvidence() {
+    return {
+        plan_bound_count: 0,
+        plan_unbound_count: 0,
+        fingerprint_bound_count: 0,
+        fingerprint_unbound_count: 0,
+        current_state_bound_count: 0,
+        current_state_unavailable_count: 0,
+        stale_count: 0,
+        plan_mismatch_count: 0,
+    };
+}
+function emptyCriteriaEvidence() {
+    return {
+        total: 0,
+        covered: 0,
+        partially_covered: 0,
+        uncovered: 0,
+        blocked: 0,
+        contradicted: 0,
+    };
+}
+function normalizeVerifyCompletionInput(input) {
+    const missingReceiptCount = Math.max(0, input.ranIntents - input.receiptCount);
+    if (missingReceiptCount === 0) {
+        return input;
+    }
+    return {
+        ...input,
+        receiptBindingRiskCount: (input.receiptBindingRiskCount ?? 0) + missingReceiptCount,
+    };
+}
+function verifyStatus(input) {
+    const contradictions = [];
+    if (input.failedIntents > 0) {
+        contradictions.push('one_or_more_selected_verification_intents_failed');
+    }
+    if ((input.planMismatchCount ?? 0) > 0) {
+        contradictions.push('plan_receipt_mismatch');
+    }
+    if ((input.reproEvidenceContradictionCount ?? 0) > 0) {
+        contradictions.push('repro_evidence_contradicted');
+    }
+    if ((input.validationRatchetContradictionCount ?? 0) > 0) {
+        contradictions.push('validation_ratchet_contradicted');
+    }
+    if (contradictions.length > 0) {
+        if (input.failedIntents > 0 && (input.repeatedFailureCount ?? 0) > 0) {
+            contradictions.push('repeated_verification_failure');
+        }
+        return {
+            status: 'contradicted',
+            primaryReason: input.failedIntents > 0
+                ? 'verification_failed'
+                : (input.planMismatchCount ?? 0) > 0
+                    ? 'plan_receipt_mismatch'
+                    : (input.reproEvidenceContradictionCount ?? 0) > 0
+                        ? 'repro_evidence_contradicted'
+                        : 'validation_ratchet_contradicted',
+            blockers: [],
+            contradictions,
+            limitations: [],
+        };
+    }
+    if ((input.repeatedFailureBlockerCount ?? 0) > 0) {
+        return {
+            status: 'blocked',
+            primaryReason: 'repeated_failure_requires_new_evidence',
+            blockers: ['repeated_failure_requires_new_evidence'],
+            contradictions: [],
+            limitations: [],
+        };
+    }
+    if (input.ranIntents === 0 && input.skippedIntents > 0) {
+        const blockers = ['all_matching_verification_intents_were_skipped'];
+        if ((input.repeatedFailureCount ?? 0) > 0) {
+            blockers.push('repeated_verification_failure');
+        }
+        return {
+            status: 'blocked',
+            primaryReason: 'no_runnable_verification_intents',
+            blockers,
+            contradictions: [],
+            limitations: [],
+        };
+    }
+    if (input.ranIntents === 0) {
+        const limitations = ['no_verification_intents_ran'];
+        if ((input.repeatedFailureCount ?? 0) > 0) {
+            limitations.push('repeated_verification_failure');
+        }
+        return {
+            status: 'unverified',
+            primaryReason: 'no_verification_evidence',
+            blockers: [],
+            contradictions: [],
+            limitations,
+        };
+    }
+    if (input.skippedIntents > 0) {
+        const limitations = ['one_or_more_matching_verification_intents_were_skipped'];
+        if ((input.repeatedFailureCount ?? 0) > 0) {
+            limitations.push('repeated_verification_failure');
+        }
+        return {
+            status: 'partially_verified',
+            primaryReason: 'some_verification_skipped',
+            blockers: [],
+            contradictions: [],
+            limitations,
+        };
+    }
+    if ((input.reproEvidenceUnverifiedCount ?? 0) > 0) {
+        return {
+            status: 'unverified',
+            primaryReason: 'repro_evidence_unverified',
+            blockers: [],
+            contradictions: [],
+            limitations: ['repro_evidence_missing'],
+        };
+    }
+    const downgradeLimitations = [];
+    if ((input.sourceAnchorRiskCount ?? 0) > 0) {
+        downgradeLimitations.push('high_risk_source_anchor_requires_review');
+    }
+    if ((input.scopeDiffRiskCount ?? 0) > 0) {
+        downgradeLimitations.push('scope_diff_risk_requires_review');
+    }
+    if ((input.validationRatchetRiskCount ?? 0) > 0) {
+        downgradeLimitations.push('validation_ratchet_risk_requires_review');
+    }
+    if ((input.writeDriftRiskCount ?? 0) > 0) {
+        downgradeLimitations.push('write_drift_requires_review');
+    }
+    if ((input.receiptBindingRiskCount ?? 0) > 0) {
+        downgradeLimitations.push('receipt_binding_requires_review');
+    }
+    if ((input.staleReceiptCount ?? 0) > 0) {
+        downgradeLimitations.push('stale_receipt_requires_review');
+    }
+    if ((input.reproEvidenceRiskCount ?? 0) > 0) {
+        downgradeLimitations.push('repro_evidence_missing');
+    }
+    if ((input.externalEvidenceRiskCount ?? 0) > 0) {
+        downgradeLimitations.push('external_evidence_requires_review');
+    }
+    if (downgradeLimitations.length > 0) {
+        return {
+            status: 'partially_verified',
+            primaryReason: (input.sourceAnchorRiskCount ?? 0) > 0
+                ? 'source_anchor_invariant_review_required'
+                : (input.scopeDiffRiskCount ?? 0) > 0
+                    ? 'scope_diff_review_required'
+                    : (input.validationRatchetRiskCount ?? 0) > 0
+                        ? 'validation_ratchet_review_required'
+                        : (input.writeDriftRiskCount ?? 0) > 0
+                            ? 'write_drift_review_required'
+                            : (input.receiptBindingRiskCount ?? 0) > 0
+                                ? 'receipt_binding_review_required'
+                                : (input.staleReceiptCount ?? 0) > 0
+                                    ? 'stale_receipt_review_required'
+                                    : (input.reproEvidenceRiskCount ?? 0) > 0
+                                        ? 'repro_evidence_missing'
+                                        : 'external_evidence_review_required',
+            blockers: [],
+            contradictions: [],
+            limitations: downgradeLimitations,
+        };
+    }
+    if (input.passedIntents === input.ranIntents) {
+        return {
+            status: 'verified',
+            primaryReason: 'all_selected_verification_passed',
+            blockers: [],
+            contradictions: [],
+            limitations: [],
+        };
+    }
+    return {
+        status: 'unverified',
+        primaryReason: 'verification_evidence_inconclusive',
+        blockers: [],
+        contradictions: [],
+        limitations: ['selected_verification_did_not_produce_a_clear_pass_or_fail'],
+    };
+}
+export function createVerifyCompletionVerdict(input) {
+    const normalizedInput = normalizeVerifyCompletionInput(input);
+    const result = verifyStatus(normalizedInput);
+    const risks = createRiskEvidence(normalizedInput);
+    const receiptBinding = normalizedInput.receiptBinding ?? emptyReceiptBindingEvidence();
+    const criteria = normalizedInput.criteria ?? emptyCriteriaEvidence();
+    return {
+        schema_version: '1',
+        status: result.status,
+        primary_reason: result.primaryReason,
+        evidence: {
+            source: 'mf_verify',
+            verification_plan_id: normalizedInput.verificationPlanId,
+            changed_file_count: null,
+            criteria,
+            matched_intents: normalizedInput.matchedIntents,
+            ran_intents: normalizedInput.ranIntents,
+            passed_intents: normalizedInput.passedIntents,
+            failed_intents: normalizedInput.failedIntents,
+            skipped_intents: normalizedInput.skippedIntents,
+            receipt_count: normalizedInput.receiptCount,
+            gap_count: normalizedInput.skippedIntents,
+            source_anchor_risk_count: normalizedInput.sourceAnchorRiskCount ?? 0,
+            scope_diff_risk_count: normalizedInput.scopeDiffRiskCount ?? 0,
+            repeated_failure_count: normalizedInput.repeatedFailureCount ?? 0,
+            validation_ratchet_risk_count: normalizedInput.validationRatchetRiskCount ?? 0,
+            repro_evidence_risk_count: normalizedInput.reproEvidenceRiskCount ?? 0,
+            external_evidence_risk_count: normalizedInput.externalEvidenceRiskCount ?? 0,
+            write_drift_risk_count: normalizedInput.writeDriftRiskCount ?? 0,
+            receipt_binding_risk_count: normalizedInput.receiptBindingRiskCount ?? 0,
+            stale_receipt_count: normalizedInput.staleReceiptCount ?? 0,
+            plan_mismatch_count: normalizedInput.planMismatchCount ?? 0,
+            risks,
+            receipt_binding: receiptBinding,
+            latest_run_status: null,
+        },
+        blockers: result.blockers,
+        contradictions: result.contradictions,
+        limitations: result.limitations,
+    };
+}
+export function createDashboardCompletionVerdict(input) {
+    const risks = createRiskEvidence(input);
+    const receiptBinding = input.receiptBinding ?? emptyReceiptBindingEvidence();
+    const latestRunFailed = input.latestRunStatus === 'failed' ||
+        input.latestRunStatus === 'timed_out' ||
+        input.latestRunStatus === 'start_failed';
+    let status = 'unverified';
+    let primaryReason = 'dashboard_does_not_execute_verification';
+    const blockers = [];
+    const contradictions = [];
+    const limitations = ['dashboard_export_is_read_only'];
+    if (latestRunFailed) {
+        status = 'contradicted';
+        primaryReason = 'latest_run_failed';
+        contradictions.push('latest_run_status_is_not_passing');
+    }
+    else if ((input.sourceAnchorRiskCount ?? 0) > 0) {
+        status = 'partially_verified';
+        primaryReason = 'source_anchor_invariant_review_required';
+        limitations.push('high_risk_source_anchor_requires_review');
+        if ((input.scopeDiffRiskCount ?? 0) > 0) {
+            limitations.push('scope_diff_risk_requires_review');
+        }
+    }
+    else if ((input.scopeDiffRiskCount ?? 0) > 0) {
+        status = 'partially_verified';
+        primaryReason = 'scope_diff_review_required';
+        limitations.push('scope_diff_risk_requires_review');
+    }
+    else if (input.gapCount > 0) {
+        status = 'blocked';
+        primaryReason = 'verification_gaps_present';
+        blockers.push('dashboard_verification_graph_reports_gaps');
+    }
+    else if (input.changedFileCount > 0 && !input.latestRunExists) {
+        status = 'unverified';
+        primaryReason = 'changed_files_without_run_receipt';
+        limitations.push('no_latest_run_receipt');
+    }
+    else if (input.changedFileCount > 0 && !input.latestRunValid) {
+        status = 'unverified';
+        primaryReason = 'changed_files_with_invalid_run_receipt';
+        limitations.push('latest_run_receipt_is_invalid');
+    }
+    else if (input.changedFileCount > 0 && input.runnableIntentCount > 0) {
+        status = 'partially_verified';
+        primaryReason = 'verification_recommendations_available';
+        limitations.push('dashboard_recommendations_are_not_executed_receipts');
+    }
+    else if (input.latestRunValid && input.latestRunStatus === 'passed') {
+        status = 'partially_verified';
+        primaryReason = 'latest_run_passed_without_current_claim_binding';
+        limitations.push('latest_run_is_not_bound_to_a_current_completion_claim');
+    }
+    const criteria = input.criteria ??
+        (input.changedFileCount > 0 || input.runnableIntentCount > 0 || input.skippedIntentCount > 0 || input.gapCount > 0
+            ? {
+                total: 1,
+                covered: 0,
+                partially_covered: status === 'partially_verified' ? 1 : 0,
+                uncovered: status === 'unverified' ? 1 : 0,
+                blocked: status === 'blocked' ? 1 : 0,
+                contradicted: status === 'contradicted' ? 1 : 0,
+            }
+            : emptyCriteriaEvidence());
+    return {
+        schema_version: '1',
+        status,
+        primary_reason: primaryReason,
+        evidence: {
+            source: 'dashboard_export',
+            verification_plan_id: null,
+            changed_file_count: input.changedFileCount,
+            criteria,
+            matched_intents: input.runnableIntentCount + input.skippedIntentCount,
+            ran_intents: 0,
+            passed_intents: 0,
+            failed_intents: latestRunFailed ? 1 : 0,
+            skipped_intents: input.skippedIntentCount,
+            receipt_count: input.latestRunExists && input.latestRunValid ? 1 : 0,
+            gap_count: input.gapCount,
+            source_anchor_risk_count: input.sourceAnchorRiskCount ?? 0,
+            scope_diff_risk_count: input.scopeDiffRiskCount ?? 0,
+            repeated_failure_count: input.repeatedFailureCount ?? 0,
+            validation_ratchet_risk_count: input.validationRatchetRiskCount ?? 0,
+            repro_evidence_risk_count: input.reproEvidenceRiskCount ?? 0,
+            external_evidence_risk_count: input.externalEvidenceRiskCount ?? 0,
+            write_drift_risk_count: input.writeDriftRiskCount ?? 0,
+            receipt_binding_risk_count: input.receiptBindingRiskCount ?? 0,
+            stale_receipt_count: input.staleReceiptCount ?? 0,
+            plan_mismatch_count: input.planMismatchCount ?? 0,
+            risks,
+            receipt_binding: receiptBinding,
+            latest_run_status: input.latestRunStatus,
+        },
+        blockers,
+        contradictions,
+        limitations,
+    };
+}

package/dist/core/contract-lint.js

@@ -48,6 +48,9 @@ const COMMANDS_CONFIG_PATH = '.mustflow/config/commands.toml';
 const SKILL_INDEX_PATH = '.mustflow/skills/INDEX.md';
 const CHANGE_CLASSIFICATION_SOURCE_PATH = 'src/core/change-classification.ts';
 const AGENT_WORKFLOW_PATH = '.mustflow/docs/agent-workflow.md';
+const PACKAGE_SCRIPT_RUNNERS = new Set(['bun', 'npm', 'pnpm', 'yarn']);
+const MAKEFILE_CANDIDATES = ['Makefile', 'makefile'];
+const JUSTFILE_CANDIDATES = ['justfile', 'Justfile'];
 function uniqueSorted(values) {
     return [...new Set(values)].sort((left, right) => left.localeCompare(right));
 }
@@ -67,6 +70,195 @@ function writesAreValid(intent) {
     const value = intent.writes;
     return value === undefined || (Array.isArray(value) && value.every((entry) => typeof entry === 'string'));
 }
+function readStringList(value) {
+    if (!Array.isArray(value) || value.some((entry) => typeof entry !== 'string')) {
+        return null;
+    }
+    return [...value];
+}
+function normalizeCommandName(value) {
+    return path.basename(value).replace(/\.(?:cmd|exe)$/iu, '').toLowerCase();
+}
+function readPackageScriptReference(intent) {
+    const argv = readStringList(intent.argv);
+    if (!argv || argv.length < 3) {
+        return null;
+    }
+    const runner = normalizeCommandName(argv[0]);
+    if (!PACKAGE_SCRIPT_RUNNERS.has(runner) || argv[1] !== 'run') {
+        return null;
+    }
+    const scriptName = argv[2];
+    return scriptName && !scriptName.startsWith('-') ? scriptName : null;
+}
+function resolveIntentCwd(projectRoot, intent) {
+    const cwd = readString(intent, 'cwd') ?? '.';
+    const root = path.resolve(projectRoot);
+    const resolved = path.resolve(root, cwd);
+    if (resolved !== root && !resolved.startsWith(`${root}${path.sep}`)) {
+        return null;
+    }
+    return resolved;
+}
+function toProjectRelativePath(projectRoot, absolutePath) {
+    const relativePath = path.relative(projectRoot, absolutePath) || '.';
+    return relativePath.split(path.sep).join('/');
+}
+function readPackageScripts(projectRoot, intent) {
+    const intentCwd = resolveIntentCwd(projectRoot, intent);
+    if (!intentCwd) {
+        return null;
+    }
+    const packagePath = path.join(intentCwd, 'package.json');
+    if (!existsSync(packagePath)) {
+        return null;
+    }
+    try {
+        const parsed = JSON.parse(readFileSync(packagePath, 'utf8'));
+        if (!isRecord(parsed) || !isRecord(parsed.scripts)) {
+            return {
+                relativePath: toProjectRelativePath(projectRoot, packagePath),
+                scripts: new Set(),
+            };
+        }
+        return {
+            relativePath: toProjectRelativePath(projectRoot, packagePath),
+            scripts: new Set(Object.keys(parsed.scripts)),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function readRootPackageScripts(projectRoot) {
+    const packagePath = path.join(projectRoot, 'package.json');
+    if (!existsSync(packagePath)) {
+        return [];
+    }
+    try {
+        const parsed = JSON.parse(readFileSync(packagePath, 'utf8'));
+        if (!isRecord(parsed) || !isRecord(parsed.scripts)) {
+            return [];
+        }
+        return Object.entries(parsed.scripts)
+            .filter((entry) => typeof entry[1] === 'string')
+            .sort((left, right) => left[0].localeCompare(right[0]));
+    }
+    catch {
+        return [];
+    }
+}
+function readFirstExistingFile(projectRoot, candidates) {
+    for (const candidate of candidates) {
+        if (existsSync(path.join(projectRoot, candidate))) {
+            return candidate;
+        }
+    }
+    return null;
+}
+function readMakeTargets(projectRoot) {
+    const relativePath = readFirstExistingFile(projectRoot, MAKEFILE_CANDIDATES);
+    if (!relativePath) {
+        return [];
+    }
+    const content = readFileSync(path.join(projectRoot, relativePath), 'utf8');
+    const targets = [];
+    for (const line of content.split(/\r?\n/u)) {
+        if (/^\s/u.test(line) || line.startsWith('#') || line.includes(':=')) {
+            continue;
+        }
+        const match = /^([A-Za-z0-9][A-Za-z0-9_-]*)\s*:/u.exec(line);
+        if (match) {
+            targets.push(match[1]);
+        }
+    }
+    return uniqueSorted(targets);
+}
+function readJustRecipes(projectRoot) {
+    const relativePath = readFirstExistingFile(projectRoot, JUSTFILE_CANDIDATES);
+    if (!relativePath) {
+        return [];
+    }
+    const content = readFileSync(path.join(projectRoot, relativePath), 'utf8');
+    const recipes = [];
+    for (const line of content.split(/\r?\n/u)) {
+        if (/^\s/u.test(line) || line.startsWith('#') || line.startsWith('set ') || line.includes(' := ')) {
+            continue;
+        }
+        const match = /^([A-Za-z0-9][A-Za-z0-9_-]*)(?:\s+[^:]*)?:\s*(?:#.*)?$/u.exec(line);
+        if (match) {
+            recipes.push(match[1]);
+        }
+    }
+    return uniqueSorted(recipes);
+}
+function toTomlString(value) {
+    return JSON.stringify(value);
+}
+function normalizeIntentSegment(value) {
+    return value
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/gu, '_')
+        .replace(/^_+|_+$/gu, '');
+}
+function uniqueSuggestionIntentName(baseName, usedIntentNames) {
+    let candidate = baseName;
+    let suffix = 2;
+    while (usedIntentNames.has(candidate)) {
+        candidate = `${baseName}_${suffix}`;
+        suffix += 1;
+    }
+    usedIntentNames.add(candidate);
+    return candidate;
+}
+function createUnknownIntentSnippet(intentName, description, reason) {
+    return [
+        `[intents.${intentName}]`,
+        'status = "unknown"',
+        `description = ${toTomlString(description)}`,
+        `reason = ${toTomlString(reason)}`,
+        'agent_action = "review_and_configure_before_run"',
+    ].join('\n');
+}
+function createSuggestion(usedIntentNames, sourceFile, sourceKind, sourceName, commandHint) {
+    const sourcePrefix = sourceKind.replace(/_script$/u, '').replace(/_target$/u, '').replace(/_recipe$/u, '');
+    const intentName = uniqueSuggestionIntentName(`suggest_${sourcePrefix}_${normalizeIntentSegment(sourceName) || 'command'}`, usedIntentNames);
+    const reason = `Suggested from ${sourceFile} entry "${sourceName}". Review before adding runnable command fields.`;
+    const description = `Review ${commandHint} for a possible command intent.`;
+    return {
+        sourceFile,
+        sourceKind,
+        sourceName,
+        commandHint,
+        suggestedIntent: intentName,
+        status: 'unknown',
+        reason,
+        snippet: createUnknownIntentSnippet(intentName, description, reason),
+    };
+}
+function suggestCommandContracts(projectRoot, existingIntentNames) {
+    if (!projectRoot) {
+        return [];
+    }
+    const usedIntentNames = new Set(existingIntentNames);
+    const suggestions = [];
+    for (const [scriptName] of readRootPackageScripts(projectRoot)) {
+        suggestions.push(createSuggestion(usedIntentNames, 'package.json', 'package_script', scriptName, `npm run ${scriptName}`));
+    }
+    const makefilePath = readFirstExistingFile(projectRoot, MAKEFILE_CANDIDATES);
+    if (makefilePath) {
+        for (const target of readMakeTargets(projectRoot)) {
+            suggestions.push(createSuggestion(usedIntentNames, makefilePath, 'make_target', target, `make ${target}`));
+        }
+    }
+    const justfilePath = readFirstExistingFile(projectRoot, JUSTFILE_CANDIDATES);
+    if (justfilePath) {
+        for (const recipe of readJustRecipes(projectRoot)) {
+            suggestions.push(createSuggestion(usedIntentNames, justfilePath, 'just_recipe', recipe, `just ${recipe}`));
+        }
+    }
+    return suggestions;
+}
 function pushIssue(issues, severity, code, intent, message) {
     issues.push({ severity, code, intent, message });
 }
@@ -143,6 +335,25 @@ function lintIntent(name, value, issues) {
     }
     return value;
 }
+function lintReferencedPackageScripts(projectRoot, intents, issues) {
+    if (!projectRoot) {
+        return;
+    }
+    for (const [name, intent] of intents) {
+        if (readString(intent, 'status') !== 'configured') {
+            continue;
+        }
+        const scriptName = readPackageScriptReference(intent);
+        if (!scriptName) {
+            continue;
+        }
+        const packageScripts = readPackageScripts(projectRoot, intent);
+        if (!packageScripts || packageScripts.scripts.has(scriptName)) {
+            continue;
+        }
+        pushIssue(issues, 'warning', 'referenced_package_script_missing', name, `Intent ${name} references package script "${scriptName}" in ${packageScripts.relativePath}, but that script is not declared.`);
+    }
+}
 function collectRequiredAfterReasons(contract) {
     const reasonToIntents = new Map();
     for (const [name, intent] of Object.entries(contract.intents)) {
@@ -343,24 +554,28 @@ export function lintCommandContract(contract, options = {}) {
     const issues = [];
     const intentEntries = Object.entries(contract.intents);
     const intentTables = intentEntries
-        .map(([name, value]) => lintIntent(name, value, issues))
-        .filter((intent) => intent !== null);
+        .map(([name, value]) => [name, lintIntent(name, value, issues)])
+        .filter((entry) => entry[1] !== null);
+    lintReferencedPackageScripts(options.projectRoot, intentTables, issues);
+    const validIntents = intentTables.map(([, intent]) => intent);
     const coverage = options.coverage === true ? lintCoverage(contract, options, issues) : undefined;
+    const suggestions = options.suggest === true ? suggestCommandContracts(options.projectRoot, intentEntries.map(([name]) => name)) : undefined;
     const errors = issues.filter((issue) => issue.severity === 'error').length;
     const warnings = issues.length - errors;
     return {
         status: getStatus(errors, warnings),
         summary: {
             totalIntents: intentEntries.length,
-            configured: intentTables.filter((intent) => readString(intent, 'status') === 'configured').length,
-            runnable: intentTables.filter(configuredIntentIsRunnable).length,
-            manualOnly: intentTables.filter((intent) => readString(intent, 'status') === 'manual_only').length,
-            unknown: intentTables.filter((intent) => readString(intent, 'status') === 'unknown').length,
+            configured: validIntents.filter((intent) => readString(intent, 'status') === 'configured').length,
+            runnable: validIntents.filter(configuredIntentIsRunnable).length,
+            manualOnly: validIntents.filter((intent) => readString(intent, 'status') === 'manual_only').length,
+            unknown: validIntents.filter((intent) => readString(intent, 'status') === 'unknown').length,
             errors,
             warnings,
         },
         issues,
         sourceFiles: CONTRACT_LINT_SOURCE_FILES,
         coverage,
+        suggestions,
     };
 }

package/dist/core/external-evidence.js

@@ -0,0 +1,9 @@
+export function createExternalEvidenceRisks(checks) {
+    return checks
+        .filter((check) => check.status !== 'passed')
+        .map((check) => ({
+        code: 'external_evidence_requires_review',
+        severity: 'medium',
+        detail: `External ${check.provider} check ${check.name} reported ${check.status}; review it as supporting evidence, not command authority.`,
+    }));
+}

package/dist/core/public-json-contracts.js

@@ -38,6 +38,13 @@ const PUBLIC_JSON_SCHEMA_CONTRACTS = [
         packaged: true,
         documented: true,
     },
+    {
+        id: 'test-selection',
+        schemaFile: 'test-selection.schema.json',
+        producer: 'parsed .mustflow/config/test-selection.toml',
+        packaged: true,
+        documented: true,
+    },
     {
         id: 'contract-lint-report',
         schemaFile: 'contract-lint-report.schema.json',
@@ -78,6 +85,13 @@ const PUBLIC_JSON_SCHEMA_CONTRACTS = [
         installedCommand: ['mf', 'line-endings', 'check', '--json'],
         expectedExitCodes: [0, 1],
     },
+    {
+        id: 'latest-run-pointer',
+        schemaFile: 'latest-run-pointer.schema.json',
+        producer: '.mustflow/state/runs/latest.json when written by mf verify',
+        packaged: true,
+        documented: true,
+    },
     {
         id: 'handoff-validation-report',
         schemaFile: 'handoff-validation-report.schema.json',
@@ -118,6 +132,13 @@ const PUBLIC_JSON_SCHEMA_CONTRACTS = [
         documented: true,
         installedCommand: ['mf', 'verify', '--reason', 'schema_verify', '--json'],
     },
+    {
+        id: 'verify-run-manifest',
+        schemaFile: 'verify-run-manifest.schema.json',
+        producer: '.mustflow/state/runs/verify-latest/manifest.json',
+        packaged: true,
+        documented: true,
+    },
     {
         id: 'change-verification-report',
         schemaFile: 'change-verification-report.schema.json',