mustflow 2.103.21 → 2.103.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -4
- package/dist/cli/commands/flow.js +93 -0
- package/dist/cli/commands/run/execution.js +1 -1
- package/dist/cli/commands/run/executor.js +28 -3
- package/dist/cli/commands/run/windows-command-script.js +23 -0
- package/dist/cli/commands/verify.js +4 -1
- package/dist/cli/i18n/en.js +11 -0
- package/dist/cli/i18n/es.js +11 -0
- package/dist/cli/i18n/fr.js +11 -0
- package/dist/cli/i18n/hi.js +11 -0
- package/dist/cli/i18n/ko.js +11 -0
- package/dist/cli/i18n/zh.js +11 -0
- package/dist/cli/index.js +1 -0
- package/dist/cli/lib/active-command-lock.js +4 -0
- package/dist/cli/lib/command-registry.js +7 -0
- package/dist/cli/lib/repo-flow-frontmatter.js +35 -0
- package/dist/cli/lib/repo-flow.js +209 -0
- package/dist/cli/lib/repo-map.js +3 -0
- package/dist/cli/lib/run-plan.js +8 -4
- package/dist/cli/lib/validation/constants.js +10 -0
- package/dist/cli/lib/validation/index.js +54 -1
- package/dist/core/generated-boundary.js +1 -0
- package/dist/core/retention-policy.js +4 -2
- package/dist/core/run-receipt-state.js +247 -0
- package/dist/core/run-receipt.js +5 -1
- package/package.json +2 -1
- package/templates/default/common/.mustflow/config/mustflow.toml +2 -2
- package/templates/default/i18n.toml +31 -7
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +29 -6
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +95 -23
- package/templates/default/locales/en/.mustflow/skills/axum-code-change/SKILL.md +219 -0
- package/templates/default/locales/en/.mustflow/skills/babylon-code-change/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/bun-code-change/SKILL.md +27 -12
- package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +30 -5
- package/templates/default/locales/en/.mustflow/skills/elysia-code-change/SKILL.md +74 -20
- package/templates/default/locales/en/.mustflow/skills/godot-code-change/SKILL.md +272 -0
- package/templates/default/locales/en/.mustflow/skills/hono-code-change/SKILL.md +37 -23
- package/templates/default/locales/en/.mustflow/skills/routes.toml +28 -4
- package/templates/default/locales/en/.mustflow/skills/svelte-code-change/SKILL.md +65 -40
- package/templates/default/locales/en/.mustflow/skills/vue-code-change/SKILL.md +305 -0
- package/templates/default/manifest.toml +29 -1
|
@@ -0,0 +1,219 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.axum-code-change
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: axum-code-change
|
|
9
|
+
description: Apply this skill when Axum routers, handlers, extractors, state, extensions, middleware, Tower or Tower-HTTP layers, CORS, cookies, headers, WebSockets, body limits, rejections, error responses, Tokio tasks or locks, SQLx pools, Rust HTTP API tests, or Axum version migrations are created, changed, reviewed, or upgraded.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.axum-code-change
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- mustflow_check
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
# Axum Code Change
|
|
27
|
+
|
|
28
|
+
<!-- mustflow-section: purpose -->
|
|
29
|
+
## Purpose
|
|
30
|
+
|
|
31
|
+
Preserve Axum's router, extractor, response, state, middleware, Tower, Tokio runtime, SQLx pool, HTTP security, and API error-contract boundaries while making focused Rust web-server changes.
|
|
32
|
+
|
|
33
|
+
Axum work is not "ordinary Rust plus routes". Rust prevents many memory errors, but it does not prevent CORS-as-auth mistakes, body stream double reads, request-local state leaks, Tower layer ordering bugs, service errors that close connections, unbounded spawned work, lock contention, or database pool starvation.
|
|
34
|
+
|
|
35
|
+
<!-- mustflow-section: use-when -->
|
|
36
|
+
## Use When
|
|
37
|
+
|
|
38
|
+
- `Router`, `route`, `nest`, `merge`, `fallback`, `method_not_allowed_fallback`, `route_layer`, `Router::layer`, `with_state`, handler functions, extractors, middleware, response types, rejection handling, or Axum route tests change.
|
|
39
|
+
- The task touches `State`, `Extension`, `FromRef`, `FromRequestParts`, `FromRequest`, `Json`, `Path`, `Query`, `Form`, `Bytes`, `String`, `Request`, `TypedHeader`, cookies, CORS, CSRF, auth, session, tenant, request id, tracing, body limits, WebSocket, or SSE behavior.
|
|
40
|
+
- Tower or Tower-HTTP layers are added or changed, including `ServiceBuilder`, `TraceLayer`, request id propagation, timeout, CORS, compression, decompression, body limit, sensitive headers, concurrency limit, buffer, load shed, or custom `Service`/`Layer` implementations.
|
|
41
|
+
- Tokio tasks, locks, channels, `spawn`, `spawn_blocking`, semaphores, bounded queues, SQLx pools, transactions, or connection acquisition behavior affect Axum request paths.
|
|
42
|
+
- Axum, axum-extra, tower, tower-http, tokio, SQLx, Hyper, or HTTP crate versions are upgraded or migration guidance is applied.
|
|
43
|
+
|
|
44
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
45
|
+
## Do Not Use When
|
|
46
|
+
|
|
47
|
+
- Rust service code behind handlers changes with no Axum route, extractor, response, middleware, or runtime request-path effect; use `rust-code-change` or the relevant architecture/data skill.
|
|
48
|
+
- The project uses Hono, Elysia, Express, Fastify, Actix, Rocket, or another web framework instead of Axum.
|
|
49
|
+
- The task only updates external version prose; use source-freshness or dependency guidance unless the Axum procedure itself changes.
|
|
50
|
+
- Generated Rust route files should be regenerated by a declared command rather than edited.
|
|
51
|
+
|
|
52
|
+
<!-- mustflow-section: required-inputs -->
|
|
53
|
+
## Required Inputs
|
|
54
|
+
|
|
55
|
+
- Cargo manifests, lockfile policy, feature flags, toolchain and MSRV evidence, Axum-related crate versions, runtime target, server entrypoint, router modules, handlers, middleware, extractors, state types, error types, response envelope, and tests.
|
|
56
|
+
- Current official or repository-local source evidence before preserving exact "latest", release-date, or migration claims. Distinguish docs.rs for the crate version in use from GitHub `main` or unreleased branches.
|
|
57
|
+
- Route ledger: method, path, nesting, fallback, layer scope, auth boundary, params, query, headers, cookies, body type, response statuses, content types, rejection behavior, CORS, cache, timeout, tracing, and public client contract.
|
|
58
|
+
- Runtime ledger: Tokio executor assumptions, blocking or CPU-heavy work, spawned tasks, locks, channels, pool sizes, DB limits, external calls, connection or transaction lifetime, request cancellation, shutdown, and observability.
|
|
59
|
+
- Configured verification intents.
|
|
60
|
+
|
|
61
|
+
<!-- mustflow-section: preconditions -->
|
|
62
|
+
## Preconditions
|
|
63
|
+
|
|
64
|
+
- Read Cargo metadata and affected router, handler, extractor, middleware, state, error, and test files before editing.
|
|
65
|
+
- Identify the Axum crate version and target migration range before applying version-specific guidance. Do not mix docs.rs for one version with GitHub `main` examples from another track.
|
|
66
|
+
- Apply `rust-code-change` alongside this skill when ownership, MSRV, feature flags, unsafe, FFI, public crate API, or Cargo workspace behavior changes.
|
|
67
|
+
- Apply security, API contract, database, or performance skills when the Axum change also changes auth, public API semantics, migrations, persistence, queueing, or measured performance claims.
|
|
68
|
+
|
|
69
|
+
<!-- mustflow-section: allowed-edits -->
|
|
70
|
+
## Allowed Edits
|
|
71
|
+
|
|
72
|
+
- Keep handlers thin around validated request data, typed state, explicit response envelopes, and framework-free service logic.
|
|
73
|
+
- Keep app-wide resources in `State`, request-derived values in request extensions, and substate extraction through intentional `FromRef`.
|
|
74
|
+
- Keep CORS, cookies, CSRF, headers, body limits, auth, tracing, timeouts, and error envelopes as explicit route or layer policy.
|
|
75
|
+
- Use Tower layers only with a clear order, scope, error conversion, backpressure, body, and tracing contract.
|
|
76
|
+
- Keep SQLx pool, HTTP client, and other cheap-clone handles as handles. Do not wrap them in broad `Arc<Mutex<_>>` merely to share them.
|
|
77
|
+
- Keep version-specific guidance behind a version gate and omit durable exact version claims unless refreshed from official sources.
|
|
78
|
+
|
|
79
|
+
<!-- mustflow-section: procedure -->
|
|
80
|
+
## Procedure
|
|
81
|
+
|
|
82
|
+
1. Read Cargo metadata, Axum-related crate versions, server entrypoint, router composition, state types, extractors, middleware stack, error and response types, SQLx pool setup, Tokio task boundaries, and tests.
|
|
83
|
+
2. Apply the Version Gate:
|
|
84
|
+
- identify current `axum`, `axum-extra`, `tower`, `tower-http`, `tokio`, `sqlx`, Hyper, and HTTP crate versions from project manifests or lockfiles;
|
|
85
|
+
- use official docs for the version actually in use before applying migration or release-specific behavior;
|
|
86
|
+
- treat docs.rs `latest`, GitHub `main`, blog posts, and pasted release notes as different evidence tracks until reconciled;
|
|
87
|
+
- for Axum 0.8 projects, check route capture syntax such as `/{id}` and `/{*rest}`, custom extractor signatures without stale `async_trait` assumptions, stricter optional extractor behavior, and any MSRV or handler `Sync` requirements that the project version declares;
|
|
88
|
+
- do not use `without_v07_checks()` as a migration bypass. If it appears, require a reason that literal colon or asterisk paths are intended.
|
|
89
|
+
3. Build a route ledger from router composition:
|
|
90
|
+
- methods and paths, static versus dynamic route precedence, wildcard placement, nested prefixes, original URI needs, fallback versus method-not-allowed behavior, route grouping, route tests, and public URL changes;
|
|
91
|
+
- layer scope and timing: `Router::layer` and `route_layer` apply to already registered routes, and URI rewrite or path normalization must happen before routing when needed.
|
|
92
|
+
4. Review handler contracts:
|
|
93
|
+
- keep handler inputs within Axum's extractor rules and the project response envelope;
|
|
94
|
+
- prefer concrete API results such as `Result<Json<T>, AppError>` or project equivalents when success and failure shapes matter;
|
|
95
|
+
- avoid raw `StatusCode`, string errors, or leaked `anyhow` details as public error responses;
|
|
96
|
+
- remember that handler `Err` values are usually response values, while Tower service errors must be converted to responses.
|
|
97
|
+
5. Review extractors and request body ownership:
|
|
98
|
+
- extractors run left to right;
|
|
99
|
+
- body-consuming extractors such as `Json`, `Bytes`, `String`, `Form`, multipart, raw `Request`, or custom `FromRequest` extractors must be last and unique;
|
|
100
|
+
- auth, tenant, request id, and header/cookie-only extractors should use `FromRequestParts` unless they truly need the body;
|
|
101
|
+
- optional extractors must distinguish missing, malformed, expired, unauthorized, and forbidden states instead of turning security failures into anonymous access;
|
|
102
|
+
- if extractor rejections need a project JSON envelope, use `Result<Extractor, Rejection>` locally or a custom extractor rather than assuming a handler-level error catches them.
|
|
103
|
+
6. Review state and extensions:
|
|
104
|
+
- use `State` for app-wide resources such as pools, config, clients, key sets, metrics, or service registries;
|
|
105
|
+
- use request extensions for current user, tenant, request id, trace context, or middleware-derived request-local values;
|
|
106
|
+
- avoid `Extension` for required app state because missing or mismatched extensions fail at runtime;
|
|
107
|
+
- ensure `State` clones are cheap handles such as `Arc`, pool, or client handles;
|
|
108
|
+
- use `FromRef` for intentional substate boundaries, not as a hidden service locator or a way to clone large values per request;
|
|
109
|
+
- remember that `Router<S>` means the router is still missing state `S`, not that it already owns that state.
|
|
110
|
+
7. Review response and error boundaries:
|
|
111
|
+
- keep success and error content types consistent for public APIs;
|
|
112
|
+
- map internal, validation, auth, permission, not-found, conflict, rate-limit, upstream, timeout, and server-bug failures to explicit public codes;
|
|
113
|
+
- avoid tuple status overrides when inner response creation can fail unless the body has already been made infallible;
|
|
114
|
+
- convert fallible Tower middleware errors with `HandleErrorLayer` or an equivalent response mapping when the chosen layer changes service error type;
|
|
115
|
+
- distinguish `tower::timeout` error behavior from `tower_http::timeout` response behavior before swapping them.
|
|
116
|
+
8. Review middleware and Tower layers:
|
|
117
|
+
- prefer `ServiceBuilder` when layer order is non-trivial;
|
|
118
|
+
- place request id creation before tracing and propagation after tracing when using Tower-HTTP request id layers;
|
|
119
|
+
- mark sensitive request headers before trace logging and sensitive response headers before they can be logged;
|
|
120
|
+
- use `from_fn_with_state` when Axum middleware needs app state;
|
|
121
|
+
- for reusable middleware, consider Tower `Layer`/`Service` contracts, including `poll_ready`, `call`, backpressure, cloning, error type, and body type;
|
|
122
|
+
- be explicit about whether CORS, compression, decompression, body limit, timeout, auth, trace, and request id layers apply globally, to a route group, or to a single route.
|
|
123
|
+
9. Review CORS, cookies, headers, and browser security:
|
|
124
|
+
- do not treat CORS as authentication or authorization;
|
|
125
|
+
- reject permissive or very-permissive CORS in production unless the public unauthenticated contract justifies it;
|
|
126
|
+
- credentials plus reflected origin requires a strict allowlist and correct cache variation such as `Vary: Origin`;
|
|
127
|
+
- signed cookies are integrity-protected, not encrypted; use private cookies or opaque server-side session ids for sensitive data;
|
|
128
|
+
- cookie jar changes must be returned with the response;
|
|
129
|
+
- set `Secure`, `HttpOnly`, `SameSite`, `Path`, and `Domain` deliberately, and prefer host-only `__Host-` session cookies when appropriate;
|
|
130
|
+
- CORS and `SameSite` do not replace CSRF defenses for cookie-authenticated unsafe methods;
|
|
131
|
+
- do not log raw `Authorization`, `Cookie`, `Set-Cookie`, API keys, bearer tokens, or session ids.
|
|
132
|
+
10. Review body limits, uploads, and raw body paths:
|
|
133
|
+
- decide whether limits apply to wire size, decompressed size, JSON size, multipart part size, or streaming duration;
|
|
134
|
+
- do not rely on default body limits for custom body readers, third-party extractors, uploads, webhooks, GraphQL, or streaming endpoints;
|
|
135
|
+
- for webhook signatures, decide whether raw body verification or parsed JSON is the source of truth and read the body only once;
|
|
136
|
+
- keep decompression and body limit order explicit.
|
|
137
|
+
11. Review Tokio runtime and shared resources:
|
|
138
|
+
- do not hold locks, DB connections, transactions, or request-local guards across external awaits, channel waits, uploads, rendering, or slow validation;
|
|
139
|
+
- use `tokio::sync::Mutex` only when awaiting while locked is truly intended, and still keep critical sections short;
|
|
140
|
+
- remember that `RwLock` can block readers behind a queued writer;
|
|
141
|
+
- bound spawned work with a semaphore, bounded channel, worker queue, or explicit service limit;
|
|
142
|
+
- use `spawn_blocking` only for bounded blocking work and report that started blocking tasks cannot be freely aborted;
|
|
143
|
+
- move long CPU jobs, crawlers, encoders, or unbounded fan-out to workers or queues instead of request tasks.
|
|
144
|
+
12. Review SQLx or pool-backed data access:
|
|
145
|
+
- create pools at application startup and share cheap cloned handles;
|
|
146
|
+
- do not wrap `Pool`, `PgPool`, `MySqlPool`, `SqlitePool`, reqwest `Client`, or similar handles in broad mutexes;
|
|
147
|
+
- size pools from DB limits, app instance count, acquire wait, slow acquire threshold, p95 query time, and saturation evidence rather than "bigger is faster";
|
|
148
|
+
- release pool connections and transactions before external HTTP, file upload, template rendering, channel waits, or long CPU work;
|
|
149
|
+
- avoid holding transactions around retryable or unbounded external side effects.
|
|
150
|
+
13. Choose configured verification intents that cover type checking, build, route happy paths, auth failures, validation and rejection failures, body limit behavior, CORS/cookie/header behavior, middleware order, timeout/error mapping, pool contention, and runtime smoke paths when available.
|
|
151
|
+
|
|
152
|
+
<!-- mustflow-section: rejection-criteria -->
|
|
153
|
+
## Review Rejection Criteria
|
|
154
|
+
|
|
155
|
+
Reject or revise a change when:
|
|
156
|
+
|
|
157
|
+
- Axum 0.8 route syntax, extractor signatures, optional extractor behavior, handler requirements, or MSRV assumptions are applied without checking the project version.
|
|
158
|
+
- `/:id` or `/*rest` style paths are added to an Axum 0.8 route without an explicit literal-path reason.
|
|
159
|
+
- `without_v07_checks()` is used to silence migration failures rather than to allow intentional literal colon or asterisk paths.
|
|
160
|
+
- Auth, tenant, request id, or header/cookie-only extractors consume the request body.
|
|
161
|
+
- Multiple body-consuming extractors are used, or a body-consuming extractor is not last.
|
|
162
|
+
- Missing, malformed, expired, unauthorized, and forbidden auth states are collapsed into one optional path.
|
|
163
|
+
- `Extension` is used for required app-wide state that could be `State`.
|
|
164
|
+
- Request-local user, tenant, session, or trace data is stored in app state or module globals.
|
|
165
|
+
- `FromRef` clones large data per request or hides arbitrary global dependencies.
|
|
166
|
+
- Handler errors leak internal error text, SQL, upstream details, secrets, or inconsistent content types.
|
|
167
|
+
- Fallible Tower middleware errors are not converted to responses.
|
|
168
|
+
- Auth layers can miss later-registered protected routes, or auth converts ordinary 404/405 behavior unintentionally.
|
|
169
|
+
- CORS is treated as an access-control boundary, or credentials are allowed with reflected origins without an allowlist.
|
|
170
|
+
- Cookie changes are not returned with the response, or sensitive cookie values are only signed when confidentiality is required.
|
|
171
|
+
- Sensitive headers can be logged by trace or error output.
|
|
172
|
+
- Body limits, decompression order, upload limits, or webhook raw-body ownership are unclear.
|
|
173
|
+
- Pools or HTTP clients are wrapped in broad mutexes, locks or DB connections are held across slow awaits, or spawned work is unbounded.
|
|
174
|
+
|
|
175
|
+
<!-- mustflow-section: postconditions -->
|
|
176
|
+
## Postconditions
|
|
177
|
+
|
|
178
|
+
- Route, fallback, layer, extractor, body, state, extension, response, rejection, and middleware behavior are intentional and reported.
|
|
179
|
+
- CORS, cookies, headers, CSRF, body limits, tracing, timeouts, and sensitive logging boundaries are explicit.
|
|
180
|
+
- Tokio tasks, locks, blocking work, SQLx pools, transactions, and external calls preserve backpressure and resource release.
|
|
181
|
+
- Version-specific guidance is either refreshed from official sources for the project version or omitted from durable claims.
|
|
182
|
+
- Missing route-level, middleware, security, body-limit, rejection, pool, runtime, or load-style verification is reported.
|
|
183
|
+
|
|
184
|
+
<!-- mustflow-section: verification -->
|
|
185
|
+
## Verification
|
|
186
|
+
|
|
187
|
+
Use configured oneshot command intents when available:
|
|
188
|
+
|
|
189
|
+
- `lint`
|
|
190
|
+
- `build`
|
|
191
|
+
- `test_related`
|
|
192
|
+
- `test`
|
|
193
|
+
- `docs_validate_fast`
|
|
194
|
+
- `mustflow_check`
|
|
195
|
+
|
|
196
|
+
Report missing Axum route, rejection-envelope, CORS/cookie/header, middleware-order, timeout/error, body-limit, WebSocket, pool-contention, backpressure, load, or runtime smoke verification intents when relevant.
|
|
197
|
+
|
|
198
|
+
<!-- mustflow-section: failure-handling -->
|
|
199
|
+
## Failure Handling
|
|
200
|
+
|
|
201
|
+
- If handler type errors appear, inspect extractor order, body consumption, `Send` future requirements, state type, response type, and captured `!Send` values before adding clones, boxes, or broad bounds.
|
|
202
|
+
- If route behavior is unclear, build or inspect the route ledger before changing handlers.
|
|
203
|
+
- If auth, CORS, cookie, CSRF, or sensitive header behavior is unclear, stop that path and inspect the security boundary before broadening access.
|
|
204
|
+
- If body parsing or webhook verification fails, choose one raw-body owner and one parsed-body owner instead of trying to read the body twice.
|
|
205
|
+
- If Tower layer errors or timeouts fail to compile, decide whether the layer should be infallible, mapped through `HandleErrorLayer`, or replaced with a response-producing Tower-HTTP layer.
|
|
206
|
+
- If pool wait, lock contention, or spawned work risk cannot be tested by configured intents, report the operational risk and the missing smoke or load coverage.
|
|
207
|
+
- If official source freshness cannot be checked for a version, release, or migration claim, omit the claim from durable skill text and report it as unverified snapshot context.
|
|
208
|
+
|
|
209
|
+
<!-- mustflow-section: output-format -->
|
|
210
|
+
## Output Format
|
|
211
|
+
|
|
212
|
+
- Boundary checked
|
|
213
|
+
- Axum version, route, handler, extractor, state, and response notes
|
|
214
|
+
- Middleware, Tower, CORS, cookie, header, body-limit, tracing, and timeout notes
|
|
215
|
+
- Tokio, lock, task, SQLx pool, transaction, and backpressure notes
|
|
216
|
+
- Files changed
|
|
217
|
+
- Command intents run
|
|
218
|
+
- Skipped checks and reasons
|
|
219
|
+
- Remaining Axum risk
|
|
@@ -0,0 +1,318 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.babylon-code-change
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: babylon-code-change
|
|
9
|
+
description: Apply this skill when Babylon.js, WebGPU or WebGL engine setup, Scene lifecycle, cameras, lights, meshes, materials, textures, shaders, glTF or GLB loading, AssetContainer usage, loaders, Havok or Physics V2, LOD, instancing, thin instances, picking, render loops, Inspector debugging, or Babylon-related tests are created, changed, reviewed, or upgraded.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.babylon-code-change
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Babylon Code Change
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Preserve Babylon.js engine, Scene, render loop, asset pipeline, material, physics, lifecycle,
|
|
33
|
+
memory, and large-scene performance contracts while making focused web 3D changes.
|
|
34
|
+
|
|
35
|
+
Babylon work is not ordinary frontend canvas work. Many failures come from treating WebGPU as an
|
|
36
|
+
automatic speed switch, leaving WebGL fallback undefined, loading every asset directly into the
|
|
37
|
+
Scene, using visual meshes as physics shapes, keeping every object pickable, mutating material
|
|
38
|
+
defines at runtime, or disposing meshes without owning materials, textures, observers, and render
|
|
39
|
+
loops.
|
|
40
|
+
|
|
41
|
+
<!-- mustflow-section: use-when -->
|
|
42
|
+
## Use When
|
|
43
|
+
|
|
44
|
+
- Babylon.js engine setup, `Engine`, `WebGPUEngine`, `EngineFactory`, canvas bootstrapping,
|
|
45
|
+
resize handling, render loops, scene creation, cameras, lights, shadows, render targets,
|
|
46
|
+
post-processes, frame graph, Inspector, Playground reproductions, or WebXR setup changes.
|
|
47
|
+
- Meshes, `TransformNode`, instances, thin instances, LOD, octrees, occlusion queries, picking,
|
|
48
|
+
pointer interactions, collision, culling, large-world or geospatial rendering, Gaussian splats,
|
|
49
|
+
particles, or tile/chunk streaming change.
|
|
50
|
+
- Materials, PBR/OpenPBR, clear coat, refraction, transparency, OIT, KTX2, environment maps,
|
|
51
|
+
shaders, WGSL/GLSL, material plugins, shader compilation, or material dirty behavior changes.
|
|
52
|
+
- glTF/GLB import, module-level loader functions, dynamic loader registration, decoder deployment,
|
|
53
|
+
`AssetContainer`, `instantiateModelsToScene`, Draco, Meshopt, KTX2, progressive loading, skins,
|
|
54
|
+
animation retargeting, or asset pipeline docs/tests change.
|
|
55
|
+
- Physics V2, Havok, rigid bodies, shapes, aggregates, motion types, pre-step, forces, impulses,
|
|
56
|
+
thin-instance physics, collision callbacks, raycasts, shape casts, or physics tests change.
|
|
57
|
+
|
|
58
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
59
|
+
## Do Not Use When
|
|
60
|
+
|
|
61
|
+
- The change is framework-free TypeScript, JavaScript, HTML, CSS, React, Vue, Svelte, or Astro with
|
|
62
|
+
no Babylon engine, canvas, asset, rendering, physics, or 3D lifecycle boundary.
|
|
63
|
+
- The task only edits static 3D assets, textures, or design prose without changing Babylon code,
|
|
64
|
+
loading behavior, rendering configuration, or package metadata.
|
|
65
|
+
- Three.js, PlayCanvas, Godot, Unity, Bevy, raw WebGPU, or another renderer owns the boundary; use
|
|
66
|
+
the matching renderer, language, or asset skill instead.
|
|
67
|
+
- The task only asks whether an exact Babylon release number is current; use source-freshness
|
|
68
|
+
guidance unless Babylon code or durable skill text changes too.
|
|
69
|
+
|
|
70
|
+
<!-- mustflow-section: required-inputs -->
|
|
71
|
+
## Required Inputs
|
|
72
|
+
|
|
73
|
+
- Package and runtime evidence: nearest package metadata, lockfile, package manager, bundler,
|
|
74
|
+
TypeScript config, target browsers/devices, framework integration, test setup, and CI signals.
|
|
75
|
+
- Effective Babylon support range: installed or declared `@babylonjs/core`, loaders, serializers,
|
|
76
|
+
GUI, materials, inspector, Havok, WebGPU, WebXR, and related packages or CDN URLs.
|
|
77
|
+
- Engine ledger: WebGPU/WebGL selection, async initialization, fallback policy, canvas ownership,
|
|
78
|
+
render loop owner, resize owner, context-lost policy, feature detection, and target adapters.
|
|
79
|
+
- Scene ledger: Scene lifetime, cameras, render targets, lights, shadows, post-processes, active
|
|
80
|
+
mesh evaluation, render groups, observables, pointer picking, debug/Inspector hooks, and disposal
|
|
81
|
+
owner.
|
|
82
|
+
- Asset ledger: glTF/GLB source, loader registration, decoder hosting, compression extensions,
|
|
83
|
+
KTX2 policy, `AssetContainer` cache, instantiation plan, skin/skeleton usage, and CDN/range
|
|
84
|
+
request behavior when progressive assets are used.
|
|
85
|
+
- Performance ledger: expected object counts, draw calls, active mesh evaluation, GPU frame time,
|
|
86
|
+
render target time, shader compile time, physics time, texture memory, profiler counters, and
|
|
87
|
+
target-device evidence when performance is claimed.
|
|
88
|
+
- Physics ledger: Havok initialization, body/shape/material ownership, motion types, collision
|
|
89
|
+
filtering, pre-step use, force versus impulse, callback cost, raycast result reuse, and shape
|
|
90
|
+
complexity.
|
|
91
|
+
- Configured verification intents for lint, build, tests, docs, package, and mustflow checks.
|
|
92
|
+
|
|
93
|
+
<!-- mustflow-section: preconditions -->
|
|
94
|
+
## Preconditions
|
|
95
|
+
|
|
96
|
+
- Identify the Babylon package family and supported version range before using current APIs,
|
|
97
|
+
migration guidance, Frame Graph, WebGPU non compatibility mode, module-level loader functions,
|
|
98
|
+
Physics V2/Havok, or newly released rendering features.
|
|
99
|
+
- Refresh official Babylon docs, release notes, typedoc, Khronos glTF specs, browser compatibility
|
|
100
|
+
tables, or package metadata before embedding exact "latest", browser-support, or release-date
|
|
101
|
+
claims. Do not treat this skill as a live version source.
|
|
102
|
+
- Determine whether the project is an app, product viewer, game, editor, geospatial/digital-twin
|
|
103
|
+
viewer, library, reusable component, or asset pipeline before changing engine, loader, package,
|
|
104
|
+
or performance surfaces.
|
|
105
|
+
- Apply framework-specific skills alongside this skill when React, Vue, Svelte, Astro, Nuxt,
|
|
106
|
+
routing, SSR, hydration, or component lifecycle owns the canvas mount/unmount boundary.
|
|
107
|
+
|
|
108
|
+
<!-- mustflow-section: allowed-edits -->
|
|
109
|
+
## Allowed Edits
|
|
110
|
+
|
|
111
|
+
- Make focused Babylon source, test, package metadata, docs, template, and configuration edits
|
|
112
|
+
directly required by the requested change.
|
|
113
|
+
- Add or update tests when they protect engine selection, WebGPU fallback, render loop cleanup,
|
|
114
|
+
loader registration, asset ownership, disposal, physics behavior, or package compatibility.
|
|
115
|
+
- Keep fallback, compatibility, and older API paths when the app or package still supports
|
|
116
|
+
browsers, devices, or Babylon versions where the newer path is unavailable.
|
|
117
|
+
- Do not switch a project from WebGL to WebGPU-only, remove fallback, enable WebGPU fast paths,
|
|
118
|
+
enable expensive rendering features, replace physics backends, or move asset hosting unless the
|
|
119
|
+
task and repository contract explicitly support that change.
|
|
120
|
+
|
|
121
|
+
<!-- mustflow-section: procedure -->
|
|
122
|
+
## Procedure
|
|
123
|
+
|
|
124
|
+
1. **Classify the Babylon surface.**
|
|
125
|
+
- Identify whether the patch touches engine startup, framework integration, scene graph,
|
|
126
|
+
lighting, materials, shaders, asset loading, physics, interaction, performance, docs, tests,
|
|
127
|
+
package metadata, or release-sensitive templates.
|
|
128
|
+
- For reusable packages, treat engine factory options, component props, asset URLs, loader
|
|
129
|
+
expectations, peer ranges, emitted events, and cleanup behavior as public contracts.
|
|
130
|
+
2. **Check version, package, and import boundaries.**
|
|
131
|
+
- Read Babylon package versions and import style before using module-level loader functions,
|
|
132
|
+
side-effect imports, WebGPU APIs, Physics V2, Inspector, GUI, serializers, or addon packages.
|
|
133
|
+
- Prefer module-level loader functions such as asset-container and scene load helpers when the
|
|
134
|
+
project already uses ESM tree-shaking. Avoid importing all loaders or legacy barrels unless
|
|
135
|
+
the package size contract allows it.
|
|
136
|
+
- Verify required side-effect imports for loaders, physics, ray picking, occlusion, inspector,
|
|
137
|
+
or scene extensions. IDE type visibility does not prove the production bundle registers the
|
|
138
|
+
runtime behavior.
|
|
139
|
+
3. **Review engine setup and fallback.**
|
|
140
|
+
- Treat WebGPU initialization as asynchronous. Do not build scenes, attach resize handlers,
|
|
141
|
+
start render loops, open Inspector, initialize XR, or load assets before the selected engine is
|
|
142
|
+
ready.
|
|
143
|
+
- Preserve WebGL fallback unless project evidence proves WebGPU-only deployment is intentional.
|
|
144
|
+
Browser support tables do not guarantee the user's OS, GPU, driver, secure context, adapter,
|
|
145
|
+
or blocked-device list supports the needed features.
|
|
146
|
+
- Distinguish WebGPU compatibility mode concepts from Babylon's engine `compatibilityMode`.
|
|
147
|
+
Babylon non compatibility mode should be enabled only when material, skeleton, shadow, vertex
|
|
148
|
+
buffer, and global state are stable enough to reuse bundles.
|
|
149
|
+
- If WebGPU fast paths are used, inspect bundle creation counters and repeated material or
|
|
150
|
+
buffer dirtiness instead of assuming WebGPU is faster.
|
|
151
|
+
4. **Own render loop and scene lifecycle.**
|
|
152
|
+
- Keep engine, scene, canvas, render loop, resize, observers, debug panels, and route/component
|
|
153
|
+
mount lifetimes explicit.
|
|
154
|
+
- Make render-loop registration idempotent. Avoid starting another `runRenderLoop` on every
|
|
155
|
+
framework remount, hot reload, tab reactivation, or route change.
|
|
156
|
+
- Dispose scenes, containers, observers, custom event listeners, render targets, materials,
|
|
157
|
+
textures, physics bodies, and caches according to an ownership ledger. `mesh.dispose()` alone
|
|
158
|
+
rarely proves memory cleanup.
|
|
159
|
+
- Decide whether WebGL context-loss recovery is required before changing `doNotHandleContextLost`.
|
|
160
|
+
Disabling recovery saves memory only by moving recovery responsibility to the app.
|
|
161
|
+
5. **Review Scene structure by cost owner.**
|
|
162
|
+
- Use `TransformNode` for non-rendering parents, anchors, glTF roots, tile roots, rig parents,
|
|
163
|
+
and effect pivots. Do not use empty meshes as folders.
|
|
164
|
+
- Keep cameras, render targets, mirrors, minimaps, portals, thumbnails, shadows, and post-process
|
|
165
|
+
passes visible in the cost model. Another camera or render target often means drawing the scene
|
|
166
|
+
again.
|
|
167
|
+
- Keep static meshes and materials marked static only when their transforms and shader defines
|
|
168
|
+
will not change. `freezeWorldMatrix`, `material.freeze`, and `freezeActiveMeshes` are
|
|
169
|
+
contracts, not generic speed buttons.
|
|
170
|
+
6. **Review lights, shadows, and post-processing.**
|
|
171
|
+
- Treat clustered lighting as a way to reduce light evaluation cost, not as permission to enable
|
|
172
|
+
unlimited real-time shadows.
|
|
173
|
+
- Limit shadow generators to lights and objects that need dynamic shadows. Keep directional
|
|
174
|
+
shadow frustums, min/max Z, ortho scale, map size, cascades, and refresh rate deliberate.
|
|
175
|
+
- Gate volumetrics, glow, SSAO, outline, dynamic IBL shadows, area lights, textured area lights,
|
|
176
|
+
splats, particles, and HTML-in-Canvas by target device and frame budget.
|
|
177
|
+
7. **Review materials, textures, shaders, and transparency.**
|
|
178
|
+
- Do not use full PBR, clear coat, glass, subsurface, refraction, transparency, OIT, or expensive
|
|
179
|
+
post-processes on every object by default. Assign expensive features to hero surfaces.
|
|
180
|
+
- Treat PNG, JPG, and WebP as transfer formats, not GPU memory optimization. Use KTX2/Basis
|
|
181
|
+
policies when VRAM and texture upload are the real bottlenecks.
|
|
182
|
+
- Choose KTX2 modes by texture class. Avoid applying ETC1S blindly to normal, metallic,
|
|
183
|
+
roughness, or other non-color data where UASTC or another policy is needed.
|
|
184
|
+
- Prefer prefiltered environment textures for release builds instead of runtime HDR/EXR
|
|
185
|
+
prefilter work unless startup cost is acceptable.
|
|
186
|
+
- Avoid runtime material define churn. Use uniforms for value changes, prebuilt variants for
|
|
187
|
+
structural changes, preload shader compilation for important materials, and restore
|
|
188
|
+
`scene.blockMaterialDirtyMechanism` after batched edits.
|
|
189
|
+
- For WebGPU custom shaders, check WGSL, GLSL conversion, sampler binding, attribute lists,
|
|
190
|
+
texture array restrictions, viewport bounds, and unsupported texture formats.
|
|
191
|
+
8. **Review glTF and asset loading.**
|
|
192
|
+
- Prefer `LoadAssetContainerAsync` when the code needs delayed attachment, pooling, cloning,
|
|
193
|
+
repeated instantiation, route-level ownership, or predictable cleanup.
|
|
194
|
+
- Do not treat `loadedMeshes[0]` as the first visual mesh for glTF. Account for the loader-added
|
|
195
|
+
root node before measuring bounds, assigning materials, adding collisions, or changing pivots.
|
|
196
|
+
- Treat Draco, Meshopt, KTX2, and progressive GLB as runtime contracts, not only export flags.
|
|
197
|
+
Check decoder hosting, CSP/offline constraints, workers, CPU decode time, CDN cache keys, and
|
|
198
|
+
HTTP range support.
|
|
199
|
+
- For skins and animation retargeting, check skeleton nodes, linked bone transforms, reference
|
|
200
|
+
pose, root motion, scale, socket ownership, and whether code mutates the linked transform node
|
|
201
|
+
rather than a transient bone value.
|
|
202
|
+
9. **Review LOD, culling, instances, and large scenes.**
|
|
203
|
+
- Start with instrumentation: active mesh evaluation, draw calls, GPU frame time, render target
|
|
204
|
+
time, shader compile time, and physics time. Do not add LOD or occlusion blindly.
|
|
205
|
+
- Split large worlds into cells, chunks, tiles, sectors, or streaming roots with separate
|
|
206
|
+
bounding, LOD, loading, disposal, and interaction ownership.
|
|
207
|
+
- Use regular instances when per-instance object control matters. Use thin instances for large,
|
|
208
|
+
mostly static repeated objects with deliberate buffer and bounding design.
|
|
209
|
+
- Build thin-instance buffers in bulk, update only changed ranges when possible, and avoid
|
|
210
|
+
rebuilding `Float32Array` or GPU buffers every frame.
|
|
211
|
+
- Keep thin-instance roots spatially chunked. One visible instance should not keep an entire
|
|
212
|
+
forest, city, or catalog alive.
|
|
213
|
+
- Separate positive and negative determinant instance batches. Mirrored transforms can break
|
|
214
|
+
batching or rendering assumptions.
|
|
215
|
+
- Choose culling strategies per mesh class. Sphere-only, standard, and optimistic strategies
|
|
216
|
+
trade CPU precision against false-positive GPU work.
|
|
217
|
+
- Use occlusion queries only for large expensive objects where asynchronous, delayed visibility
|
|
218
|
+
decisions and rendering group ordering are acceptable.
|
|
219
|
+
10. **Review picking, interaction, and per-frame allocation.**
|
|
220
|
+
- Keep only interactive meshes pickable. Disable pointer move picking when hover behavior is not
|
|
221
|
+
needed, and prefer proxy interaction layers for dense models.
|
|
222
|
+
- Avoid creating math objects, arrays, matrices, colors, raycast results, or thin-instance
|
|
223
|
+
buffers inside hot render loops. Reuse `TmpVectors`, `copyFrom`, `set`, mutable refs, and
|
|
224
|
+
preallocated arrays where the code path is per-frame.
|
|
225
|
+
- Keep pointer actions, observables, callbacks, and external event buses removable and scoped to
|
|
226
|
+
the owning scene or component.
|
|
227
|
+
11. **Review Physics V2 and Havok boundaries.**
|
|
228
|
+
- Use Physics V2 concepts: body, shape, material, aggregate, constraint, and motion type are
|
|
229
|
+
separate design decisions.
|
|
230
|
+
- Initialize Havok and plugin state explicitly, including WASM/package deployment. Do not assume
|
|
231
|
+
a JavaScript import alone wires every physics extension in a tree-shaken bundle.
|
|
232
|
+
- Use simple shapes, convex hulls, or compounds for dynamic bodies. Reserve mesh shapes for
|
|
233
|
+
static terrain or static concave geometry where the triangle cost is acceptable.
|
|
234
|
+
- Reuse shapes for repeated bodies when appropriate. Do not treat `PhysicsAggregate` convenience
|
|
235
|
+
as an object-pool or native-memory strategy.
|
|
236
|
+
- Choose static, dynamic, and animated motion types by intent. Do not fight the physics engine
|
|
237
|
+
by directly transforming dynamic bodies every frame.
|
|
238
|
+
- Enable pre-step only for the bodies and frames that must sync node transforms into physics.
|
|
239
|
+
- Use impulses for instantaneous events and forces for continuous effects. Do not encode game
|
|
240
|
+
state in sleep status.
|
|
241
|
+
- Keep collision callbacks lightweight and filtered. Prefer world-level callbacks with
|
|
242
|
+
filtering when that is the cheaper design. Reuse raycast result objects and masks.
|
|
243
|
+
12. **Keep public and package surfaces synchronized.**
|
|
244
|
+
- If engine selection, asset loading, material behavior, physics behavior, component props,
|
|
245
|
+
browser support, package ranges, or performance claims change, synchronize docs, examples,
|
|
246
|
+
tests, and package metadata.
|
|
247
|
+
- Avoid exact latest-version wording unless official sources were refreshed in the current task.
|
|
248
|
+
Prefer support-range wording such as "Babylon.js 9.x" only when the project actually supports
|
|
249
|
+
that range.
|
|
250
|
+
13. **Verify through the repository contract.**
|
|
251
|
+
- Run the smallest configured checks that cover Babylon code, package output, docs, tests, and
|
|
252
|
+
release-sensitive template output.
|
|
253
|
+
- Report missing browser, WebGPU/WebGL, target-device, visual, physics, asset-pipeline,
|
|
254
|
+
memory-leak, WebXR, Inspector, profiler, or package-consumer verification when those surfaces
|
|
255
|
+
changed.
|
|
256
|
+
|
|
257
|
+
<!-- mustflow-section: postconditions -->
|
|
258
|
+
## Postconditions
|
|
259
|
+
|
|
260
|
+
- Effective Babylon package, browser, engine, loader, asset, and physics compatibility are known or
|
|
261
|
+
explicitly reported as unknown.
|
|
262
|
+
- Engine initialization, render loop ownership, scene lifecycle, observer cleanup, disposal, and
|
|
263
|
+
context-loss behavior are intentional.
|
|
264
|
+
- Asset loading, decoder hosting, compression, material, shader, LOD, culling, instancing, picking,
|
|
265
|
+
and physics choices match the target scale and device budget.
|
|
266
|
+
- Performance claims have instrumentation, profiler, benchmark, target-device, frame-time, memory,
|
|
267
|
+
or configured evidence, or are reported as static risk.
|
|
268
|
+
|
|
269
|
+
<!-- mustflow-section: verification -->
|
|
270
|
+
## Verification
|
|
271
|
+
|
|
272
|
+
Use configured oneshot command intents when available:
|
|
273
|
+
|
|
274
|
+
- `lint`
|
|
275
|
+
- `build`
|
|
276
|
+
- `test_related`
|
|
277
|
+
- `test`
|
|
278
|
+
- `docs_validate_fast`
|
|
279
|
+
- `test_release`
|
|
280
|
+
- `mustflow_check`
|
|
281
|
+
|
|
282
|
+
Report missing Babylon browser smoke, WebGPU/WebGL fallback, visual regression, target-device
|
|
283
|
+
profiling, asset decoder, glTF/GLB loading, WebXR, physics, memory/disposal, Inspector, or package
|
|
284
|
+
consumer verification when those surfaces changed.
|
|
285
|
+
|
|
286
|
+
<!-- mustflow-section: failure-handling -->
|
|
287
|
+
## Failure Handling
|
|
288
|
+
|
|
289
|
+
- If WebGPU behavior fails, separate async engine readiness, feature support, fallback selection,
|
|
290
|
+
shader binding, texture format, viewport bounds, bundle churn, and custom shader conversion
|
|
291
|
+
before reverting to broad renderer changes.
|
|
292
|
+
- If a model loads incorrectly, inspect loader registration, root node handling, decoder hosting,
|
|
293
|
+
compression extension support, skeleton linked nodes, material slots, texture URLs, and CDN/range
|
|
294
|
+
behavior before changing unrelated scene code.
|
|
295
|
+
- If frame time regresses, identify whether the bottleneck is active mesh evaluation, draw calls,
|
|
296
|
+
shader compile, material dirty, fill rate, render targets, shadows, post-processes, picking,
|
|
297
|
+
physics, or GC before adding generic optimizations.
|
|
298
|
+
- If memory grows, inspect ownership of containers, meshes, materials, textures, render targets,
|
|
299
|
+
observers, event listeners, physics bodies, caches, context-lost recovery, and framework remounts.
|
|
300
|
+
- If physics behavior is unstable, inspect shape complexity, motion type, pre-step, transform
|
|
301
|
+
ownership, collision filtering, callback work, and force versus impulse use.
|
|
302
|
+
- If official source freshness cannot be checked for a version, browser, release, or API claim,
|
|
303
|
+
omit the claim from durable skill text and report it as unverified snapshot context.
|
|
304
|
+
|
|
305
|
+
<!-- mustflow-section: output-format -->
|
|
306
|
+
## Output Format
|
|
307
|
+
|
|
308
|
+
- Babylon surface and supported version checked
|
|
309
|
+
- Engine, WebGPU/WebGL fallback, render loop, Scene lifecycle, disposal, context-loss, and
|
|
310
|
+
observer notes
|
|
311
|
+
- Asset loading, glTF/GLB, decoder, compression, material, shader, texture, transparency, and
|
|
312
|
+
environment notes
|
|
313
|
+
- LOD, culling, instancing, thin-instance, picking, large-scene, physics, Havok, and performance
|
|
314
|
+
notes
|
|
315
|
+
- Files changed
|
|
316
|
+
- Command intents run
|
|
317
|
+
- Skipped checks and reasons
|
|
318
|
+
- Remaining Babylon, WebGPU/WebGL, asset, physics, performance, or verification risk
|