mustflow 2.103.12 → 2.103.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mustflow",
3
- "version": "2.103.12",
3
+ "version": "2.103.15",
4
4
  "description": "Agent workflow documents and CLI for mustflow repository roots.",
5
5
  "type": "module",
6
6
  "license": "MIT-0",
@@ -40,7 +40,7 @@ translations.hi = { path = "locales/hi/.mustflow/context/PROJECT.md", source_rev
40
40
  [documents."docs.agent-workflow"]
41
41
  source = "locales/en/.mustflow/docs/agent-workflow.md"
42
42
  source_locale = "en"
43
- revision = 24
43
+ revision = 25
44
44
  translations.ko = { path = "locales/ko/.mustflow/docs/agent-workflow.md", source_revision = 23, status = "needs_review" }
45
45
  translations.zh = { path = "locales/zh/.mustflow/docs/agent-workflow.md", source_revision = 18, status = "needs_review" }
46
46
  translations.es = { path = "locales/es/.mustflow/docs/agent-workflow.md", source_revision = 18, status = "needs_review" }
@@ -535,7 +535,7 @@ translations = {}
535
535
  [documents."skill.file-path-cross-platform-change"]
536
536
  source = "locales/en/.mustflow/skills/file-path-cross-platform-change/SKILL.md"
537
537
  source_locale = "en"
538
- revision = 4
538
+ revision = 5
539
539
  translations = {}
540
540
 
541
541
  [documents."skill.frontend-render-stability"]
@@ -691,13 +691,13 @@ translations = {}
691
691
  [documents."skill.powershell-code-change"]
692
692
  source = "locales/en/.mustflow/skills/powershell-code-change/SKILL.md"
693
693
  source_locale = "en"
694
- revision = 2
694
+ revision = 3
695
695
  translations = {}
696
696
 
697
697
  [documents."skill.shell-code-change"]
698
698
  source = "locales/en/.mustflow/skills/shell-code-change/SKILL.md"
699
699
  source_locale = "en"
700
- revision = 1
700
+ revision = 2
701
701
  translations = {}
702
702
 
703
703
  [documents."skill.structured-config-change"]
@@ -775,13 +775,13 @@ translations = {}
775
775
  [documents."skill.completion-evidence-gate"]
776
776
  source = "locales/en/.mustflow/skills/completion-evidence-gate/SKILL.md"
777
777
  source_locale = "en"
778
- revision = 5
778
+ revision = 6
779
779
  translations = {}
780
780
 
781
781
  [documents."skill.next-action-menu"]
782
782
  source = "locales/en/.mustflow/skills/next-action-menu/SKILL.md"
783
783
  source_locale = "en"
784
- revision = 3
784
+ revision = 4
785
785
  translations = {}
786
786
 
787
787
  [documents."skill.evidence-stall-breaker"]
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: docs.agent-workflow
3
3
  locale: en
4
4
  canonical: true
5
- revision: 24
5
+ revision: 25
6
6
  lifecycle: mustflow-owned
7
7
  authority: workflow-policy
8
8
  ---
@@ -356,6 +356,12 @@ Do not store raw full logs, secrets, customer data, or long transcripts in `.mus
356
356
 
357
357
  ## Reporting
358
358
 
359
+ Before a final report after changed files, verification, paused implementation, commit readiness,
360
+ release readiness, deploy preparation, or any completion/readiness claim, apply
361
+ `completion-evidence-gate` when available. If at least one concrete, evidence-backed follow-up action
362
+ remains, apply `next-action-menu` and include the bounded table. If the menu is omitted, state the
363
+ reason plainly: no concrete next action, user opt-out, or speculative-only follow-ups.
364
+
359
365
  Final reports should include:
360
366
 
361
367
  - Skill selection note, when files were created or modified
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.completion-evidence-gate
3
3
  locale: en
4
4
  canonical: true
5
- revision: 5
5
+ revision: 6
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: completion-evidence-gate
9
- description: Apply this skill before a final report or completion claim when changed files, verification results, skipped checks, or remaining risks must be tied to concrete repository evidence.
9
+ description: Apply this skill before a final report or completion claim after non-trivial changed-file work, verification, commit, release readiness, paused implementation, or any report where changed files, skipped checks, concrete next actions, or remaining risks must be tied to repository evidence.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -134,8 +134,8 @@ missing, blocked, failed, stale, or only partially relevant.
134
134
  verification as menu rows with the gate stated plainly.
135
135
  - If no useful follow-up exists, the user asked not to include recommendations, or the only next
136
136
  actions are speculative, omit the menu and keep the final report concise.
137
- - Do not treat this gate as automatic host behavior: the menu appears only when the skill is
138
- selected and its use conditions are met.
137
+ - Treat route selection that reaches this gate but omits `next-action-menu` despite concrete
138
+ follow-ups as incomplete final-report routing, not as permission to silently drop the menu.
139
139
  8. Write the final report from evidence, not confidence.
140
140
  - Name changed files, command intents run, skipped checks with reasons, synchronized or deferred surfaces, and remaining risks.
141
141
  - Do not imply that skipped, manual-only, or missing command intents passed.
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.file-path-cross-platform-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 4
5
+ revision: 5
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: file-path-cross-platform-change
9
- description: Apply this skill when file path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, clone or checkout destinations, scaffold roots, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, or package artifact paths are created, changed, reviewed, or reported.
9
+ description: Apply this skill when file path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, clone or checkout destinations, scaffold roots, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, GitHub Actions output or report paths, or package artifact paths are created, changed, reviewed, or reported.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -35,7 +35,7 @@ Treat file paths as security boundaries and operating-system contracts, not as o
35
35
  ## Use When
36
36
 
37
37
  - Code accepts, stores, serializes, validates, normalizes, joins, resolves, compares, scans, extracts, uploads, downloads, writes, deletes, locks, packages, or reports paths.
38
- - Path behavior appears in CLI arguments, API request or response schemas, config files, snapshots, fixtures, generated output, package artifacts, logs, manifests, caches, temp directories, upload or download flows, archive extraction, repository clone or checkout destinations, project scaffolding, installer output, or scanner output.
38
+ - Path behavior appears in CLI arguments, API request or response schemas, config files, snapshots, fixtures, generated output, package artifacts, GitHub Actions `output`, `report-output`, artifact, or report directory inputs, logs, manifests, caches, temp directories, upload or download flows, archive extraction, repository clone or checkout destinations, project scaffolding, installer output, or scanner output.
39
39
  - Code clones or checks out repositories, downloads and extracts templates, scaffolds projects, installs dependency trees, or cleans up partially materialized project folders after a filesystem or toolchain failure.
40
40
  - A change claims path traversal safety, base-directory containment, symlink safety, junction or reparse-point safety, archive extraction safety, atomic write behavior, durable write behavior, lock ownership, cleanup safety, deterministic scanning, or Windows/macOS/Linux compatibility.
41
41
  - A test or docs example includes paths that must behave consistently across Windows, macOS, Linux, CI, containers, archives, package artifacts, or user machines.
@@ -51,7 +51,7 @@ Treat file paths as security boundaries and operating-system contracts, not as o
51
51
  <!-- mustflow-section: required-inputs -->
52
52
  ## Required Inputs
53
53
 
54
- - Every path input and output, including user input, CLI args, API fields, config fields, archive entries, generated files, temp files, cache paths, lock files, uploaded filenames, download filenames, scanner roots, package artifact paths, and logs.
54
+ - Every path input and output, including user input, CLI args, API fields, config fields, CI action inputs, workflow artifact outputs, archive entries, generated files, temp files, cache paths, lock files, uploaded filenames, download filenames, scanner roots, package artifact paths, and logs.
55
55
  - The path owner and trust class: user-controlled, repository-owned, generated, temp, cache, archive-contained, package artifact, external file, or unknown.
56
56
  - The base directory or allowed root, expected relative/absolute policy, symlink and reparse-point policy, case-sensitivity policy, invalid-name policy, atomic-write policy, lock policy, archive extraction policy, scanner bounds, cleanup policy, and platform expectations.
57
57
  - For clone, checkout, scaffold, extract, and install flows: requested source, destination root, final project directory, deepest expected entry when known, path-length budget, component-length budget, byte budget, preflight coverage, partial-output owner, staging directory owner, promotion policy, cleanup policy, and failure classification contract.
@@ -81,6 +81,15 @@ Treat file paths as security boundaries and operating-system contracts, not as o
81
81
  2. Classify each path by trust and owner: trusted repository path, user input, generated state, template path, package artifact, temporary file, cache file, archive-contained path, external path, uploaded name, downloaded name, scanner root, or unknown.
82
82
  3. Define the allowed root and representation. Decide whether the contract accepts relative paths, absolute paths, URLs, file URLs, archive entry names, package-relative paths, repository-relative paths, or display-only paths.
83
83
  4. Reject dangerous path text before filesystem access: null bytes, empty names where not allowed, absolute paths where relative paths are required, dot segments where not allowed, Windows device names, drive-relative paths, UNC roots, namespace prefixes, alternate data streams, trailing dots or spaces, reserved characters, and mixed separator bypasses.
84
+ - For repository-owned output path inputs such as GitHub Action `output`, `report-output`,
85
+ artifact, generated report, or coverage directory paths, default to repository-relative paths
86
+ unless the public contract explicitly supports external destinations.
87
+ - When a repository-relative output path is required, reject POSIX absolute paths, Windows drive
88
+ paths, Windows drive-relative paths such as `C:tmp`, UNC roots, namespace prefixes, and any
89
+ `..` segment after treating both `/` and `\` as separators.
90
+ - Validate parent traversal by path segment, not by a raw substring search. `a/../b` and
91
+ `a\..\b` must fail, while ordinary names containing two dots are handled by the declared
92
+ filename policy.
84
93
  5. Treat Windows drive-relative paths such as `C:tmp.txt` as relative to a drive current directory, not as `C:\tmp.txt`.
85
94
  6. Treat Windows reserved names as reserved even with extensions. Names such as `CON`, `PRN`, `AUX`, `NUL`, `COM1`, and `LPT1` must not become ordinary user filenames.
86
95
  7. For clone, checkout, scaffold, extract, and install flows, use an explicit `preflight -> dangerous operation -> classifier -> safe cleanup` pipeline. Preflight must estimate the effective path budget before materializing files, including the destination root, project directory, generated path segments, archive or repository entry names when known, operating-system path limits, component-name limits, byte limits, and safety headroom.
@@ -107,14 +116,14 @@ Treat file paths as security boundaries and operating-system contracts, not as o
107
116
  28. For scanners, set max depth, max file count, max file size, binary-file handling, ignored directories, hidden-file policy, permission-error behavior, symlink traversal policy, loop detection, deterministic ordering, and output path format.
108
117
  29. For temp and cache paths, keep them under an owned root, avoid global temp rename into a target location, include cleanup bounds, and avoid leaking user data through predictable names.
109
118
  30. For CLI, API, schema, snapshot, docs, and package artifact path changes, update every contract surface together. Path spelling, separators, slash policy, absolute/relative policy, escaping, sorting, and error messages are part of the contract.
110
- 31. Add focused tests for the riskiest path shapes: traversal, absolute input, drive-relative input, UNC-like input, reserved names, trailing dots or spaces, case collision, Unicode collision, long path, overlong filename, byte-limit overflow with multibyte names, symlink escape, archive traversal, duplicate archive entries, scanner loop, large file cap, clone checkout failure classification, and cleanup boundary.
119
+ 31. Add focused tests for the riskiest path shapes: traversal, absolute input, drive-relative input, UNC-like input, reserved names, trailing dots or spaces, case collision, Unicode collision, long path, overlong filename, byte-limit overflow with multibyte names, symlink escape, archive traversal, duplicate archive entries, scanner loop, large file cap, clone checkout failure classification, and cleanup boundary. For workflow or action output paths, include representative `../x`, `a/../x`, `/tmp/x`, `C:\tmp\x`, `C:tmp\x`, and `\\server\share\x` cases.
111
120
  32. Select verification from the command contract based on risk. Public CLI/API/schema/package artifact changes need broader checks than internal helper-only changes.
112
121
 
113
122
  <!-- mustflow-section: postconditions -->
114
123
  ## Postconditions
115
124
 
116
125
  - Path trust classes, accepted path representation, invalid-name policy, case policy, root boundary, symlink and reparse-point policy, archive policy, upload/download policy, scanner policy, atomic-write policy, lock policy, temp/cache policy, and cleanup policy are explicit.
117
- - Path contracts are synchronized across helpers, schemas, CLI/API docs, snapshots, fixtures, generated outputs, package artifacts, tests, and reports.
126
+ - Path contracts are synchronized across helpers, schemas, CLI/API docs, snapshots, fixtures, generated outputs, workflow artifact paths, package artifacts, tests, and reports.
118
127
  - Clone, checkout, scaffold, extract, and install flows have explicit preflight, staging, promotion, path-length, collision, platform-failure classification, diagnostic-preservation, and cleanup policies.
119
128
  - Any race-safety, atomicity, durability, lock, or cross-platform claim is scoped to what the current runtime and helpers can actually guarantee.
120
129
  - Platform behavior that was not tested is reported as remaining risk.
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.next-action-menu
3
3
  locale: en
4
4
  canonical: true
5
- revision: 3
5
+ revision: 4
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: next-action-menu
9
- description: Apply this skill when a final report, completion note, repository improvement loop, or follow-up workflow should offer a bounded numbered next-action menu that a user can select with a single digit in the next turn. Use especially after non-trivial completed or paused work, commits, pushes, release or deploy preparation, verification, or remaining approval gates when concrete follow-up actions exist.
9
+ description: Apply this skill when a final report, completion note, repository improvement loop, or follow-up workflow should offer a bounded numbered next-action menu that a user can select with a single digit in the next turn. Use especially after non-trivial code, behavior, test, docs, workflow, release, deploy, commit, push, verification, paused-work, or approval-gated work when concrete follow-up actions exist.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -38,6 +38,9 @@ scope, approval, verification, command contracts, release gates, or safety rules
38
38
  follow-up tasks.
39
39
  - A non-trivial task is being reported after changed files, a created commit, completed verification,
40
40
  push readiness, release or deploy preparation, paused work, or another concrete approval gate.
41
+ - A code, behavior, test, public API, config, workflow, docs, package, security, data, UI, or
42
+ performance change has been completed or paused and the final report can name a bounded next
43
+ action such as verify, commit, push, release, deploy, document, or continue a related slice.
41
44
  - The user repeatedly asks for "next recommended work", "continue", "proceed", or selects follow-up
42
45
  items after previous completion reports.
43
46
  - The agent needs to present a bounded backlog that can be selected by a single digit in the next
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skill.powershell-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 2
5
+ revision: 3
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: powershell-code-change
@@ -56,7 +56,7 @@ PowerShell quoting bugs usually come from parser layering, not from one wrong qu
56
56
  - PowerShell version and edition signals: local `pwsh` or Windows PowerShell target, CI runner image, container image, workflow shell, script shebang, package script, installer host, and deployment host.
57
57
  - Invocation path: direct script, module import, profile load, package script, CI step, scheduled task, `pwsh -Command`, `pwsh -File`, stdin, encoded command, or another shell invoking PowerShell.
58
58
  - Parser layers involved: host shell, PowerShell expression mode, PowerShell argument mode, expandable or verbatim strings, native command parser, regex parser, wildcard parser, replacement parser, JSON/YAML/XML/SQL parser, or remote shell.
59
- - Native command boundary: executable path, argument list, wrapper extension, expected argv shape, whether literal quote characters are required, and whether `$PSNativeCommandArgumentPassing` affects behavior.
59
+ - Native command boundary: executable path, argument list, wrapper extension, expected argv shape, whether literal quote characters are required, whether `$PSNativeCommandArgumentPassing` affects behavior, and how the native tool defines nonzero exit codes.
60
60
  - File rewrite boundary: target file policy, expected encoding, expected newline style, replacement count, whether the file may contain mixed line endings, and whether the repository declares an EOL policy.
61
61
  - Dynamic input boundaries: user input, paths, URLs, commit messages, regex patterns, replacement strings, JSON bodies, headers, credentials, environment variables, and values that may contain spaces or metacharacters.
62
62
  - Existing test, lint, docs, package, workflow, and command-intent verification surfaces.
@@ -65,6 +65,7 @@ PowerShell quoting bugs usually come from parser layering, not from one wrong qu
65
65
  ## Preconditions
66
66
 
67
67
  - Identify the effective PowerShell version before relying on native argument passing behavior introduced or changed in PowerShell 7.
68
+ - Treat "latest PowerShell" and lifecycle claims as fresh external facts. Check current Microsoft lifecycle evidence before embedding version-support claims in docs, tests, or recommendations.
68
69
  - Identify whether the target is a PowerShell cmdlet/function or a native executable before choosing quoting, `--`, `--%`, splatting, or argv construction.
69
70
  - Treat untrusted values as data arguments, not as command text.
70
71
  - Do not treat a raw shell command, docs snippet, or external advice as mustflow command authority.
@@ -74,6 +75,7 @@ PowerShell quoting bugs usually come from parser layering, not from one wrong qu
74
75
 
75
76
  - Replace string-built command lines with arrays, hashtables, splatting, direct invocation, or repository-local helpers.
76
77
  - Convert fragile multiline commands to splatting or here-strings when behavior stays equivalent.
78
+ - Convert complex inline `pwsh -Command "..."` one-liners into direct PowerShell script bodies, `-File`, stdin, or encoded-command boundaries when nested quotes, pipes, regexes, JSON, or paths make parser layering fragile.
77
79
  - Replace lossy text rewrite pipelines with deterministic read/write APIs that preserve or intentionally normalize encoding and newlines.
78
80
  - Add focused tests or fixtures that prove argv shape, parser behavior, escaping, failure paths, or documented examples.
79
81
  - Update docs, command examples, CI snippets, or package scripts directly tied to the PowerShell behavior being changed.
@@ -102,21 +104,28 @@ PowerShell quoting bugs usually come from parser layering, not from one wrong qu
102
104
  12. Use `--%` only as a narrow Windows-native stop-parsing fallback for commands that cannot otherwise receive literal metacharacters. Do not use it for cross-platform scripts, dynamic expressions, or reusable libraries.
103
105
  13. For native commands, remember that outer quotation marks are normally consumed by PowerShell to mark argument boundaries. If the native program requires literal quote characters, make the quote characters part of the argument value deliberately.
104
106
  14. Build native command arguments as arrays and invoke with the call operator plus splatting. Keep the executable path separate from its arguments, especially when the executable path contains spaces.
105
- 15. Do not expect the call operator to reparse a command string into arguments. A single string after `&` is a command path, not a shell script.
106
- 16. Check `$PSNativeCommandArgumentPassing` when embedded quotes, empty-string arguments, `.cmd` or `.bat` wrappers, or PowerShell 5.1 versus 7.x compatibility matters. Report the mode and compatibility risk when behavior depends on it.
107
- 17. Prefer direct native invocation over `Start-Process` when argv fidelity matters. Use `Start-Process` only for lifecycle, window, credential, elevation, or detached-process requirements, and verify argument behavior separately.
108
- 18. Do not use `Invoke-Expression` for command construction. If command text appears necessary, classify the missing abstraction: data argument, script file, stdin, encoded command, or configured command intent.
109
- 19. For regex, wildcard, and replacement operations, account for the second parser:
107
+ 15. When the current shell is already PowerShell, do not wrap a generated command in another `pwsh -Command "..."` string. Emit the script body directly, or use a temporary `.ps1`, stdin, or an encoded command only when another process must launch PowerShell.
108
+ 16. If `pwsh -Command` is unavoidable, keep the command body small and free of nested parser hazards. Switch away from inline mode when the command contains nested quotes, dollar signs, braces, parentheses, semicolons, pipes, regex alternation, JSON, YAML, paths with spaces, or Git revspecs.
109
+ 17. Do not expect the call operator to reparse a command string into arguments. A single string after `&` is a command path, not a shell script.
110
+ 18. Initialize variables before a pipeline. After `|`, provide a command or scriptblock-consuming command such as `ForEach-Object { ... }`; do not put assignments such as `$i = 0` or control-flow keywords where a pipeline command is required.
111
+ 19. Prefer the full cmdlet name `ForEach-Object` in generated one-liners and examples. Use the `foreach` language keyword only in a normal script block where its parser role is unambiguous.
112
+ 20. Check `$PSNativeCommandArgumentPassing` when embedded quotes, empty-string arguments, `.cmd` or `.bat` wrappers, or PowerShell 5.1 versus 7.x compatibility matters. Report the mode and compatibility risk when behavior depends on it.
113
+ 21. Prefer direct native invocation over `Start-Process` when argv fidelity matters. Use `Start-Process` only for lifecycle, window, credential, elevation, or detached-process requirements, and verify argument behavior separately.
114
+ 22. Do not use `Invoke-Expression` for command construction. If command text appears necessary, classify the missing abstraction: data argument, script file, stdin, encoded command, or configured command intent.
115
+ 23. For regex, wildcard, and replacement operations, account for the second parser:
110
116
  - use single-quoted regex patterns unless PowerShell interpolation is intentional;
111
117
  - escape replacement `$` according to replacement-string rules, not only PowerShell string rules;
112
118
  - escape wildcard metacharacters for wildcard matching even inside single-quoted PowerShell strings.
113
- 20. For mechanical text replacement, count expected matches before writing. If the count is not exactly the intended number, stop and report the mismatch instead of writing a broad replacement.
114
- 21. For repository file rewrites, prefer .NET file APIs with explicit encoding over PowerShell content cmdlets when deterministic output matters. Normalize CRLF and lone CR to LF only when the repository policy expects LF, and write UTF-8 without BOM explicitly. Treat `Set-Content -Encoding utf8` as version-sensitive because Windows PowerShell 5.1 and PowerShell 6+ differ in default UTF-8 BOM behavior.
115
- 22. If line-ending warnings appear after a PowerShell rewrite, do not assume the last read command caused them. Inspect repository EOL policy and per-file EOL evidence, then activate `line-ending-hygiene` for cause analysis or normalization decisions.
116
- 23. For cross-shell PowerShell calls, avoid complex inline `-Command` strings. Prefer `-File`, stdin, or an encoded command when the repository already uses that pattern and the encoding boundary is tested. If `-Command` is used, document the host shell and PowerShell parser layers.
117
- 24. Keep paths as path values, not shell fragments. Prefer `-LiteralPath` when wildcard expansion is not intended, and do not compose destructive filesystem actions through a different shell.
118
- 25. Add or reuse verification that observes behavior, not only spelling. Useful evidence includes argv echo fixtures, Pester cases, dry-run output, parser-specific tests, deterministic encoding or line-ending checks, or configured CI/package/docs checks.
119
- 26. Choose configured verification intents that cover the changed script, docs example, package metadata, CI wrapper, public command behavior, and mustflow contract surface.
119
+ 24. For search patterns sent to tools such as `rg`, keep the regex as one literal string or use fixed-string mode when regex semantics are not needed. Do not repair PowerShell quoting by adding Bash-style backslashes that change the regex parser's input.
120
+ 25. Check `$LASTEXITCODE` immediately after each native command whose result matters, before another native command can overwrite it. Interpret tool-specific codes explicitly; for example, `rg` commonly uses exit code `1` for no matches and higher codes for real errors.
121
+ 26. Set predictable script-level diagnostics for generated PowerShell examples when logs are parsed by agents: fail PowerShell errors with `$ErrorActionPreference = 'Stop'`, prefer plain text rendering when available, and use native tool no-color flags when the tool supports them.
122
+ 27. For mechanical text replacement, count expected matches before writing. If the count is not exactly the intended number, stop and report the mismatch instead of writing a broad replacement.
123
+ 28. For repository file rewrites, prefer .NET file APIs with explicit encoding over PowerShell content cmdlets when deterministic output matters. Normalize CRLF and lone CR to LF only when the repository policy expects LF, and write UTF-8 without BOM explicitly. Treat `Set-Content -Encoding utf8` as version-sensitive because Windows PowerShell 5.1 and PowerShell 6+ differ in default UTF-8 BOM behavior.
124
+ 29. If line-ending warnings appear after a PowerShell rewrite, do not assume the last read command caused them. Inspect repository EOL policy and per-file EOL evidence, then activate `line-ending-hygiene` for cause analysis or normalization decisions.
125
+ 30. For cross-shell PowerShell calls, avoid complex inline `-Command` strings. Prefer `-File`, stdin, or an encoded command when the repository already uses that pattern and the encoding boundary is tested. If `-Command` is used, document the host shell and PowerShell parser layers.
126
+ 31. Keep paths as path values, not shell fragments. Prefer `-LiteralPath` when wildcard expansion is not intended, and do not compose destructive filesystem actions through a different shell.
127
+ 32. Add or reuse verification that observes behavior, not only spelling. Useful evidence includes argv echo fixtures, Pester cases, dry-run output, parser-specific tests, deterministic encoding or line-ending checks, or configured CI/package/docs checks.
128
+ 33. Choose configured verification intents that cover the changed script, docs example, package metadata, CI wrapper, public command behavior, and mustflow contract surface.
120
129
 
121
130
  <!-- mustflow-section: postconditions -->
122
131
  ## Postconditions
@@ -124,6 +133,8 @@ PowerShell quoting bugs usually come from parser layering, not from one wrong qu
124
133
  - The parser layers and target command type are explicit.
125
134
  - Literal strings, expandable strings, here-strings, regex patterns, wildcard patterns, replacement strings, paths, and native argv are not conflated.
126
135
  - Native command calls keep executable path and arguments separated unless a documented target requires otherwise.
136
+ - Pipelines do not mix variable initialization or control-flow syntax into the command position after `|`.
137
+ - Native command exit-code handling preserves tool-specific semantics and checks `$LASTEXITCODE` before it can be overwritten.
127
138
  - Mechanical rewrites have explicit replacement counts, encoding, and newline decisions.
128
139
  - Dynamic values remain data-bound and are not reinterpreted as shell code.
129
140
  - PowerShell version, native argument passing mode, and cross-shell boundaries are verified or reported as remaining risks.
@@ -81,8 +81,8 @@ applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "publi
81
81
  [routes."next-action-menu"]
82
82
  category = "workflow_contracts"
83
83
  route_type = "adjunct"
84
- priority = 72
85
- applies_to_reasons = ["unknown_change", "docs_change", "workflow_change", "mustflow_docs_change", "package_metadata_change"]
84
+ priority = 84
85
+ applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "copy_change", "i18n_change", "workflow_change", "mustflow_docs_change", "mustflow_config_change", "package_metadata_change", "security_change", "privacy_change", "data_change", "migration_change", "performance_change", "ui_change", "release_risk"]
86
86
 
87
87
  [routes."proactive-risk-surfacing"]
88
88
  category = "workflow_contracts"
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skill.shell-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 1
5
+ revision: 2
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: shell-code-change
@@ -46,6 +46,8 @@ runner shell sees it, or a pipeline treats filenames as line-delimited text.
46
46
  or changed.
47
47
  - GitHub Actions, CI, or workflow `run` blocks contain shell code, shell options, environment files,
48
48
  heredocs, matrix variables, checkout-dependent shell logic, or context interpolation.
49
+ - GitHub Actions `run` blocks validate or consume action inputs that name generated files,
50
+ reports, coverage directories, package artifacts, or other repository workspace outputs.
49
51
  - Code or docs use shell quoting, parameter expansion, command substitution, globbing, word
50
52
  splitting, redirection, pipes, traps, `set` options, `test`, `case`, loops, subshells, functions,
51
53
  `eval`, `sh -c`, `bash -c`, or sourced files.
@@ -84,6 +86,9 @@ runner shell sees it, or a pipeline treats filenames as line-delimited text.
84
86
  - Dynamic input boundaries: user input, paths, URLs, branch names, pull request titles or bodies,
85
87
  commit messages, matrix values, environment variables, secrets, file contents, regex patterns, and
86
88
  replacement strings.
89
+ - GitHub Actions path-input boundaries: `with` inputs, environment variables derived from inputs,
90
+ `GITHUB_OUTPUT`, artifact paths, report directories, generated output paths, and whether each path
91
+ must stay repository-relative.
87
92
  - File and stream boundary: whether filenames are path arguments, globs, line-delimited streams,
88
93
  NUL-delimited streams, stdin, temp files, generated files, or destructive targets.
89
94
  - Failure and cleanup expectations: required commands, exit-status meaning, pipeline status,
@@ -196,18 +201,23 @@ runner shell sees it, or a pipeline treats filenames as line-delimited text.
196
201
  27. For GitHub Actions environment and output files, account for step lifetime, multiline delimiter
197
202
  collisions, reserved variables, and echo portability. Do not assume values written for later
198
203
  steps are available in the current shell.
199
- 28. For GitHub Actions runner behavior, check shell defaults, job containers, checkout depth, fork
204
+ 28. For GitHub Actions `run` blocks that accept paths for generated outputs, reports, coverage, or
205
+ artifacts, do not stop at "non-empty" validation. If the path is meant to stay in the caller
206
+ repository, validate it as repository-relative: reject POSIX absolute paths, Windows drive and
207
+ drive-relative paths, UNC roots, namespace prefixes, and `..` segments after treating `/` and
208
+ `\` as separators. Use `file-path-cross-platform-change` for the path contract and tests.
209
+ 29. For GitHub Actions runner behavior, check shell defaults, job containers, checkout depth, fork
200
210
  and Dependabot permissions, secrets availability, runner image drift, and platform-specific
201
211
  userland before changing shell code.
202
- 29. Keep secrets out of trace output, logs, process arguments, environment dumps, temp files, and
212
+ 30. Keep secrets out of trace output, logs, process arguments, environment dumps, temp files, and
203
213
  diagnostic artifacts. Disable tracing around sensitive commands and redact only as a backup.
204
- 30. Treat `eval`, dynamic `source`, dynamic `.` loading, `sh -c`, remote shell strings, and workflow
214
+ 31. Treat `eval`, dynamic `source`, dynamic `.` loading, `sh -c`, remote shell strings, and workflow
205
215
  expression injection as command-injection risks unless the command text is fully trusted and
206
216
  bounded.
207
- 31. If the shell code becomes complex enough to need structured data parsing, concurrency,
217
+ 32. If the shell code becomes complex enough to need structured data parsing, concurrency,
208
218
  rollback, JSON mutation, long-lived state, or rich error recovery, consider moving the logic to
209
219
  a project-supported runtime and leaving shell as a thin launcher.
210
- 32. Verify with behavior evidence, not only spelling. Useful evidence includes shell lint, format,
220
+ 33. Verify with behavior evidence, not only spelling. Useful evidence includes shell lint, format,
211
221
  cross-shell execution, Bats or similar tests, CI dry-run or provider evidence, path-shape
212
222
  fixtures, line-ending checks, docs validation, package checks, and configured release checks.
213
223
 
@@ -218,6 +228,8 @@ runner shell sees it, or a pipeline treats filenames as line-delimited text.
218
228
  - Parser and expansion boundaries are separated from downstream regex, sed, awk, find, xargs, and
219
229
  GitHub Actions expression boundaries.
220
230
  - Dynamic values remain data-bound and are not reinterpreted as shell code.
231
+ - Repository output, report, coverage, and artifact path inputs are either explicitly external or
232
+ validated as repository-relative path contracts.
221
233
  - Filename handling survives spaces, newlines, leading dashes, glob characters, and empty matches or
222
234
  the unsupported cases are stated.
223
235
  - Exit-status, pipeline, cleanup, temp-file, destructive-action, logging, and secret-handling
@@ -240,8 +252,8 @@ Use configured oneshot command intents when available:
240
252
  - `line_endings_check`
241
253
 
242
254
  Report missing ShellCheck, shfmt, Bats, cross-shell, POSIX sh, Bash-version, GNU/BSD/BusyBox,
243
- GitHub Actions, fork-PR, checkout-depth, secret-redaction, path-shape, destructive-dry-run, or
244
- line-ending verification when those surfaces change.
255
+ GitHub Actions, fork-PR, checkout-depth, secret-redaction, path-shape, action output-path,
256
+ destructive-dry-run, or line-ending verification when those surfaces change.
245
257
 
246
258
  <!-- mustflow-section: failure-handling -->
247
259
  ## Failure Handling
@@ -1,6 +1,6 @@
1
1
  id = "default"
2
2
  name = "default"
3
- version = "2.103.12"
3
+ version = "2.103.15"
4
4
  description = "Minimal workflow for LLM agents to read, edit, and verify their work in a repository."
5
5
  common_root = "common"
6
6
  locales_root = "locales"