mustflow 2.103.21 → 2.103.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +7 -4
  2. package/dist/cli/commands/flow.js +93 -0
  3. package/dist/cli/commands/run/execution.js +1 -1
  4. package/dist/cli/commands/run/executor.js +28 -3
  5. package/dist/cli/commands/run/windows-command-script.js +23 -0
  6. package/dist/cli/commands/verify.js +4 -1
  7. package/dist/cli/i18n/en.js +11 -0
  8. package/dist/cli/i18n/es.js +11 -0
  9. package/dist/cli/i18n/fr.js +11 -0
  10. package/dist/cli/i18n/hi.js +11 -0
  11. package/dist/cli/i18n/ko.js +11 -0
  12. package/dist/cli/i18n/zh.js +11 -0
  13. package/dist/cli/index.js +1 -0
  14. package/dist/cli/lib/active-command-lock.js +4 -0
  15. package/dist/cli/lib/command-registry.js +7 -0
  16. package/dist/cli/lib/repo-flow-frontmatter.js +35 -0
  17. package/dist/cli/lib/repo-flow.js +209 -0
  18. package/dist/cli/lib/repo-map.js +3 -0
  19. package/dist/cli/lib/run-plan.js +8 -4
  20. package/dist/cli/lib/validation/constants.js +10 -0
  21. package/dist/cli/lib/validation/index.js +54 -1
  22. package/dist/core/generated-boundary.js +1 -0
  23. package/dist/core/retention-policy.js +4 -2
  24. package/dist/core/run-receipt-state.js +247 -0
  25. package/dist/core/run-receipt.js +5 -1
  26. package/package.json +2 -1
  27. package/templates/default/common/.mustflow/config/mustflow.toml +2 -2
  28. package/templates/default/i18n.toml +31 -7
  29. package/templates/default/locales/en/.mustflow/skills/INDEX.md +29 -6
  30. package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +95 -23
  31. package/templates/default/locales/en/.mustflow/skills/axum-code-change/SKILL.md +219 -0
  32. package/templates/default/locales/en/.mustflow/skills/babylon-code-change/SKILL.md +318 -0
  33. package/templates/default/locales/en/.mustflow/skills/bun-code-change/SKILL.md +27 -12
  34. package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +30 -5
  35. package/templates/default/locales/en/.mustflow/skills/elysia-code-change/SKILL.md +74 -20
  36. package/templates/default/locales/en/.mustflow/skills/godot-code-change/SKILL.md +272 -0
  37. package/templates/default/locales/en/.mustflow/skills/hono-code-change/SKILL.md +37 -23
  38. package/templates/default/locales/en/.mustflow/skills/routes.toml +28 -4
  39. package/templates/default/locales/en/.mustflow/skills/svelte-code-change/SKILL.md +65 -40
  40. package/templates/default/locales/en/.mustflow/skills/vue-code-change/SKILL.md +305 -0
  41. package/templates/default/manifest.toml +29 -1
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.bun-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 1
5
+ revision: 2
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: bun-code-change
9
- description: Apply this skill when Bun runtime code, Bun package manager behavior, bun.lock, bunfig.toml, Bun test runner behavior, Bun bundling, Bun TypeScript execution, or Bun-specific APIs are created or changed.
9
+ description: Apply this skill when Bun runtime code, Bun.serve or Elysia-on-Bun server behavior, Bun package manager behavior, bun.lock, bunfig.toml, Bun test runner behavior, Bun bundling, Bun compile, Bun TypeScript execution, Bun-specific APIs, Docker deployment, or Bun runtime compatibility is created, changed, reviewed, or upgraded.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -29,15 +29,15 @@ metadata:
29
29
  <!-- mustflow-section: purpose -->
30
30
  ## Purpose
31
31
 
32
- Preserve Bun's separate roles as runtime, package manager, script runner, test runner, bundler, transpiler, and Node-compatible environment without mistaking one successful role for another.
32
+ Preserve Bun's separate roles as runtime, package manager, script runner, test runner, bundler, transpiler, compiler, server runtime, and Node-compatible environment without mistaking one successful role for another.
33
33
 
34
34
  <!-- mustflow-section: use-when -->
35
35
  ## Use When
36
36
 
37
37
  - `bun.lock`, `bun.lockb`, `bunfig.toml`, `packageManager: "bun@..."`, Bun install settings, `trustedDependencies`, Bun workspace behavior, or Bun lockfile migration changes.
38
- - Bun runtime code or config changes, including `Bun.*`, `Bun.serve`, `Bun.file`, `Bun.write`, `Bun.spawn`, `Bun.$`, `bun:sqlite`, `#!/usr/bin/env bun`, Bun preload, Bun `.env` behavior, or `bun run --bun`.
38
+ - Bun runtime code or config changes, including `Bun.*`, `Bun.serve`, Elysia-on-Bun `serve` settings, `Bun.file`, `Bun.write`, `Bun.spawn`, `Bun.$`, `bun:sqlite`, `#!/usr/bin/env bun`, Bun preload, Bun `.env` behavior, or `bun run --bun`.
39
39
  - Bun test runner behavior changes, including `bun test`, `bun:test`, `[test]` in `bunfig.toml`, snapshots, mocks, preload, isolation, coverage, sharding, or parallelism.
40
- - Bun bundling, compile, transpiler, build target, JSX settings, path aliases, TypeScript runtime execution, or library packaging with Bun changes.
40
+ - Bun bundling, compile, transpiler, build target, JSX settings, path aliases, TypeScript runtime execution, single executable output, Docker images, PORT binding, observability instrumentation, or library packaging with Bun changes.
41
41
 
42
42
  <!-- mustflow-section: do-not-use-when -->
43
43
  ## Do Not Use When
@@ -54,6 +54,7 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
54
54
  - Bun ownership files: `bun.lock`, `bun.lockb`, `bunfig.toml`, npm, pnpm, or Yarn lockfiles that coexist with Bun, CI install commands, Docker install and runtime commands, and `oven-sh/setup-bun` usage.
55
55
  - Bun config sections: `[install]`, `[test]`, top-level preload, env, define, loader, JSX, and run settings.
56
56
  - Runtime and compatibility surfaces: `Bun.*`, `bun:test`, `node:*`, `.node`, `node-gyp`, lifecycle scripts, Prisma, sharp, Playwright, esbuild, native binary packages, streams, workers, child processes, crypto, filesystem watch, and shebangs.
57
+ - Server and deployment surfaces: `Bun.serve`, Elysia `serve` config, idle timeout, WebSocket config, backpressure limits, `SO_REUSEPORT`, clustering, compile target, CPU and libc assumptions, Docker base image, build context, distroless output, `PORT` env handling, OpenTelemetry or instrumentation, and reverse proxy config.
57
58
  - TypeScript and package surfaces: `tsconfig*.json`, `@types/bun`, `types: ["bun"]`, module resolution, path aliases, JSX runtime, declaration output, build targets, package exports, and command contract entries.
58
59
 
59
60
  <!-- mustflow-section: preconditions -->
@@ -63,6 +64,7 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
63
64
  - Do not treat Bun package installation as proof that Bun runtime behavior works.
64
65
  - Do not treat Bun runtime execution, Bun transpilation, Bun tests, or Bun bundling as TypeScript typechecking or declaration generation.
65
66
  - Treat lockfile, trusted dependency, build target, and package entry changes as release-sensitive unless proven internal.
67
+ - Treat Elysia-on-Bun deployment settings as runtime contracts, not local development conveniences.
66
68
 
67
69
  <!-- mustflow-section: allowed-edits -->
68
70
  ## Allowed Edits
@@ -70,6 +72,8 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
70
72
  - Keep Bun-specific APIs in Bun-owned runtime files, adapters, tests, or package entrypoints.
71
73
  - Keep Bun package manager changes aligned with `bun.lock`, `bunfig.toml`, CI, Docker, and workspace ownership.
72
74
  - Preserve existing Node, browser, edge, Jest, Vitest, TypeScript, and package-consumer contracts unless the task explicitly asks to migrate them.
75
+ - Isolate Bun-only APIs behind runtime-owned adapters when Node, browser, edge, or test portability remains a project contract.
76
+ - Keep server runtime settings explicit when long-lived requests, streaming, WebSockets, uploaded files, generated exports, or reverse proxies are involved.
73
77
  - Add focused tests or package checks only when they protect changed Bun runtime, package manager, test runner, build, or public package behavior.
74
78
 
75
79
  <!-- mustflow-section: procedure -->
@@ -92,10 +96,19 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
92
96
  10. For Bun bundling and package output, distinguish `bun run build` from direct Bun bundler usage. Confirm script bodies before treating a build as Bun bundling. Choose target and format according to actual consumers; Bun-targeted output is not automatically Node-compatible.
93
97
  11. If Node consumers are supported, do not emit package entrypoints that rely on Bun-only APIs, Bun-only wrappers, or Bun-only module resolution unless the package clearly exposes a Bun-specific entry.
94
98
  12. Treat Bun runtime as Node-compatible, not Node itself. JavaScriptCore, Node API compatibility gaps, native addons, Node internals, worker options, child process IPC, stream/backpressure, crypto/FIPS, watch behavior, Prisma CLI, sharp, Playwright, and esbuild all need targeted evidence when touched.
95
- 13. Check shebang and runner behavior. A CLI with `#!/usr/bin/env node` may execute under Node even when launched through Bun. Do not call a path Bun-runtime-verified unless the entrypoint actually ran under Bun.
96
- 14. Use Bun's test runner only when the project intentionally uses it or the task targets Bun. Do not silently migrate Jest or Vitest tests to `bun:test`. Treat mocks, snapshots, preloads, globals, path aliases, coverage, isolation, and parallelism as migration-risk areas.
97
- 15. Do not update Bun snapshots as a generic fix. Snapshot updates require intended output change, diff inspection, and a follow-up run without update mode through configured intents.
98
- 16. Choose configured verification intents that cover typecheck, build, tests, package metadata, package artifact risk, docs examples, Bun runtime behavior, Bun test behavior, and mustflow contract checks when available. Report missing frozen install, Bun runtime, Bun test, declaration, package artifact, native dependency, Node compatibility, Docker, or CI verification.
99
+ 13. For Bun server changes, check idle timeout and long-lived request behavior. Plain `Bun.serve`, Elysia `serve.idleTimeout`, SSE, streaming AI responses, long uploads, downloads, exports, and quiet proxy connections may need explicit timeout policy.
100
+ 14. For WebSocket changes, review `idleTimeout`, `maxPayloadLength`, `backpressureLimit`, `closeOnBackpressureLimit`, compression, and slow-client behavior. A connection opening successfully does not prove memory-safe backpressure behavior.
101
+ 15. For multi-core deployment, distinguish single-process Bun behavior from clustered or multi-worker deployment. Treat `SO_REUSEPORT` and same-port multi-process assumptions as platform-sensitive, especially across Linux, macOS, Windows, containers, and hosting platforms.
102
+ 16. For `Bun.serve({ routes })`, Elysia mounts, native routes, and framework interop, benchmark or test the actual route structure instead of assuming every request uses the same optimized path.
103
+ 17. For `bun build --compile` or single executable output, check target OS, architecture, libc, executable permission, CPU requirements, dynamic files, `.d.ts` or source files used by runtime generators, native addons, and externalized packages.
104
+ 18. Do not assume bundling eliminates `node_modules`. Instrumentation, monkey-patching, native modules, dynamic loading, OpenTelemetry, database drivers, and generated clients may require explicit externals and deployed runtime dependencies.
105
+ 19. Treat minification as an observability decision. Full minify can damage function-name-based tracing, stack readability, and instrumentation. Prefer smaller minification scopes when tracing or production diagnostics depend on names.
106
+ 20. For Docker and platform deploys, verify build context, workspace package copying, final base image, runtime user, executable path, `PORT` environment binding, health checks, signal handling, and reverse proxy expectations.
107
+ 21. Treat benchmarks as workload evidence, not framework marketing. Use a load generator and scenario that are fast enough to drive Bun, and include real handler, serialization, database, TLS, proxy, streaming, or WebSocket paths when those paths changed.
108
+ 22. Check shebang and runner behavior. A CLI with `#!/usr/bin/env node` may execute under Node even when launched through Bun. Do not call a path Bun-runtime-verified unless the entrypoint actually ran under Bun.
109
+ 23. Use Bun's test runner only when the project intentionally uses it or the task targets Bun. Do not silently migrate Jest or Vitest tests to `bun:test`. Treat mocks, snapshots, preloads, globals, path aliases, coverage, isolation, and parallelism as migration-risk areas.
110
+ 24. Do not update Bun snapshots as a generic fix. Snapshot updates require intended output change, diff inspection, and a follow-up run without update mode through configured intents.
111
+ 25. Choose configured verification intents that cover typecheck, build, tests, package metadata, package artifact risk, docs examples, Bun runtime behavior, Bun test behavior, server timeout behavior, WebSocket backpressure, compile artifact behavior, Docker runtime, and mustflow contract checks when available. Report missing frozen install, Bun runtime, Bun test, declaration, package artifact, native dependency, Node compatibility, Docker, or CI verification.
99
112
 
100
113
  <!-- mustflow-section: postconditions -->
101
114
  ## Postconditions
@@ -104,7 +117,7 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
104
117
  - Bun lockfile, install, workspace, trust, and lifecycle behavior is aligned with project ownership.
105
118
  - Bun runtime, test, bundler, TypeScript, and declaration claims are not conflated.
106
119
  - Bun-only APIs do not leak into Node, browser, edge, or shared package surfaces unintentionally.
107
- - Native dependency, shebang, Node compatibility, and package consumer risks are handled or reported.
120
+ - Bun server timeout, WebSocket backpressure, clustering, compile target, Docker, PORT, observability, native dependency, shebang, Node compatibility, and package consumer risks are handled or reported.
108
121
 
109
122
  <!-- mustflow-section: verification -->
110
123
  ## Verification
@@ -119,7 +132,7 @@ Use configured oneshot command intents when available:
119
132
  - `test_release`
120
133
  - `mustflow_check`
121
134
 
122
- Report missing frozen install, Bun runtime, Bun test, declaration output, package artifact, Node compatibility, native dependency, CI, Docker, or snapshot review verification intents when those surfaces change.
135
+ Report missing frozen install, Bun runtime, Bun server, WebSocket, compile artifact, Docker, Bun test, declaration output, package artifact, Node compatibility, native dependency, CI, observability, benchmark, or snapshot review verification intents when those surfaces change.
123
136
 
124
137
  <!-- mustflow-section: failure-handling -->
125
138
  ## Failure Handling
@@ -128,6 +141,8 @@ Report missing frozen install, Bun runtime, Bun test, declaration output, packag
128
141
  - If lockfile ownership conflicts, do not run dependency migration or generate a new lockfile unless the task explicitly asks for migration.
129
142
  - If Bun runtime execution succeeds but typecheck or declarations are unverified, report that gap instead of claiming TypeScript correctness.
130
143
  - If a package works under Bun but claims Node support, repair the Node-compatible entry or report the compatibility risk.
144
+ - If a server works locally but has no timeout, backpressure, port, signal, or Docker evidence, report the deployment risk instead of claiming production readiness.
145
+ - If a single executable works on the build machine only, report target CPU, OS, libc, dynamic dependency, and instrumentation gaps.
131
146
  - If a native dependency, lifecycle script, or trusted dependency change cannot be verified, keep the change scoped and report release-sensitive risk.
132
147
 
133
148
  <!-- mustflow-section: output-format -->
@@ -136,7 +151,7 @@ Report missing frozen install, Bun runtime, Bun test, declaration output, packag
136
151
  - Bun role classification
137
152
  - Package manager, lockfile, and trust notes
138
153
  - Runtime, TypeScript, bundler, and test runner notes
139
- - Native, shebang, Node compatibility, or package consumer risks
154
+ - Server timeout, WebSocket, cluster, compile, Docker, observability, benchmark, native, shebang, Node compatibility, or package consumer risks
140
155
  - Files changed
141
156
  - Command intents run
142
157
  - Skipped checks and reasons
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skill.clarifying-question-gate
3
3
  locale: en
4
4
  canonical: true
5
- revision: 3
5
+ revision: 4
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: clarifying-question-gate
@@ -96,6 +96,8 @@ verification, and stop-or-ask boundary.
96
96
  - Reversibility classification for each decision: cheap/reversible, moderate, or expensive/hard to
97
97
  roll back.
98
98
  - A recommended option for each blocking question, with the tradeoff of at least one alternative.
99
+ - Host input capability when known: whether a structured user-input mechanism such as Codex
100
+ `request_user_input` or MCP elicitation is explicitly available in the current runtime.
99
101
  - A request-state decision: `ready`, `ready_with_assumptions`, `needs_confirmation`,
100
102
  `blocked_by_conflict`, or `insufficient_evidence`.
101
103
  - A normalized task contract when the original request is vague enough to risk drift: goal, current
@@ -123,6 +125,8 @@ verification, and stop-or-ask boundary.
123
125
  collection, or broad product discovery.
124
126
  - Product decisions are separated from engineering responsibilities. Do not ask whether to preserve
125
127
  existing style, avoid swallowed errors, add appropriate tests, or follow command contracts.
128
+ - Structured input tools are optional host capabilities. Do not claim they exist, simulate their UI,
129
+ or depend on them unless the current host explicitly exposes them for this turn or tool call.
126
130
 
127
131
  <!-- mustflow-section: allowed-edits -->
128
132
  ## Allowed Edits
@@ -215,22 +219,40 @@ verification, and stop-or-ask boundary.
215
219
  and one meaningful alternative;
216
220
  - avoid open-ended prompts like "how should I implement this?" unless no responsible options can
217
221
  be framed from repository evidence.
218
- 15. Do not ask bad engineering-delegation questions:
222
+ 15. Prefer structured user input for real blocking decisions when the host exposes it:
223
+ - use a structured input tool such as `request_user_input` or MCP elicitation only when it is
224
+ explicitly listed as available in the current runtime or tool call;
225
+ - use it for `needs_confirmation` or for a non-blocking `ready_with_assumptions` choice whose
226
+ answer would materially improve the result without stopping all progress;
227
+ - ask at most three short questions, and prefer one question when the answer may change the next
228
+ question;
229
+ - provide two or three mutually exclusive choices, put the recommended choice first, and include
230
+ the concrete consequence or tradeoff for each choice;
231
+ - allow free-form input when the host mechanism supports it, because the listed options are a
232
+ steering aid rather than a closed product decision;
233
+ - use auto-resolution only for non-blocking choices with a narrow reversible default, and never
234
+ for destructive actions, publish or release decisions, credential or secret handling, data
235
+ deletion or migration, auth or billing policy, dependency adoption, or other explicit
236
+ confirmation gates;
237
+ - if no structured input mechanism is available, ask the same blocking decision as a concise
238
+ normal chat question when host policy allows it; do not invent a fake UI, long questionnaire,
239
+ or multiple-choice card in prose when the host explicitly forbids that fallback.
240
+ 16. Do not ask bad engineering-delegation questions:
219
241
  - "Should I add tests?"
220
242
  - "Should I handle errors?"
221
243
  - "Should I follow existing style?"
222
244
  - "Should I check current files?"
223
245
  - "Should I preserve existing behavior?"
224
- 16. Use prompt rewriting only as an exception:
246
+ 17. Use prompt rewriting only as an exception:
225
247
  - the user explicitly asks for a prompt, issue, PR body, work order, or handoff for another
226
248
  agent;
227
249
  - the current request is too broken to execute and a normalized contract plus confirmation is the
228
250
  smallest safe next step.
229
251
  Otherwise, show the normalized contract only when it materially reduces drift, then proceed in
230
252
  the same conversation.
231
- 17. If no blocking question remains, proceed without ceremony. State only the assumptions that matter
253
+ 18. If no blocking question remains, proceed without ceremony. State only the assumptions that matter
232
254
  to review or rollback.
233
- 18. If a blocking question remains unanswered, do not implement around it. Offer the smallest safe
255
+ 19. If a blocking question remains unanswered, do not implement around it. Offer the smallest safe
234
256
  non-blocked action, such as read-only analysis, a plan, a reproduction, or a narrow preparatory
235
257
  refactor when another selected skill supports it.
236
258
 
@@ -241,6 +263,8 @@ verification, and stop-or-ask boundary.
241
263
  - The agent has not asked for facts it could read locally.
242
264
  - Expensive, user-owned, security-sensitive, data-affecting, dependency-affecting, and public-contract
243
265
  decisions are resolved before implementation.
266
+ - Structured input tools are used only when available and only for bounded decisions that benefit
267
+ from user choice.
244
268
  - Safe assumptions are narrow, reversible, and reported.
245
269
  - Any normalized contract preserves the user's original request separately from repository-derived
246
270
  facts and safe assumptions.
@@ -288,6 +312,7 @@ run the specific configured verification intents required by the selected implem
288
312
  - Normalized task contract, only when needed, with `user_confirmed`, `repository_derived`,
289
313
  `safe_assumption`, and `unresolved` source tags
290
314
  - Blocking questions asked, with recommendation and tradeoff
315
+ - Question delivery mode: structured host input, normal chat fallback, or not needed
291
316
  - Safe assumptions made
292
317
  - Decisions intentionally deferred
293
318
  - Implementation scope selected
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.elysia-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 2
5
+ revision: 3
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: elysia-code-change
9
- description: Apply this skill when Elysia routes, schemas, plugins, decorators, derives, resolves, guards, auth, error handling, OpenAPI output, Eden clients, or Bun server behavior are created or changed.
9
+ description: Apply this skill when Elysia routes, schemas, plugins, decorators, derives, resolves, guards, macros, auth, error handling, OpenAPI or Scalar docs, Eden Treaty clients, streaming, WebSocket, or Bun-backed Elysia server behavior are created, changed, reviewed, or upgraded.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -28,31 +28,34 @@ metadata:
28
28
  <!-- mustflow-section: purpose -->
29
29
  ## Purpose
30
30
 
31
- Preserve Elysia schema-first runtime validation, type inference, plugin, auth, error, OpenAPI, Eden, and Bun runtime boundaries.
31
+ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, error, OpenAPI, Eden Treaty, lifecycle, streaming, and Bun-backed runtime boundaries.
32
32
 
33
33
  <!-- mustflow-section: use-when -->
34
34
  ## Use When
35
35
 
36
- - `new Elysia`, route methods, `t.Object`, request or response schemas, `.use`, `.guard`, `.derive`, `.resolve`, `.decorate`, `.onError`, auth middleware, OpenAPI, Eden, or Bun server tests change.
37
- - The task adds API routes, plugins, validators, error envelopes, authentication, or generated client contracts.
36
+ - `new Elysia`, route methods, `t.Object`, Standard Schema validators, request or response schemas, `.model`, `.use`, `.guard`, `.derive`, `.resolve`, `.decorate`, `.state`, `.macro`, `.onError`, auth middleware, OpenAPI or Scalar docs, Eden Treaty, streaming, WebSocket, or Bun server tests change.
37
+ - The task adds API routes, plugins, validators, error envelopes, authentication, generated client contracts, SDK-facing route paths, runtime deployment settings, or Elysia version-sensitive behavior.
38
38
 
39
39
  <!-- mustflow-section: do-not-use-when -->
40
40
  ## Do Not Use When
41
41
 
42
- - The task only edits framework-free service functions called by Elysia routes; use the relevant language or architecture skill.
42
+ - The task only edits framework-free service functions called by Elysia routes; use the relevant language or architecture skill unless route contracts, schemas, lifecycle hooks, OpenAPI, or Eden types also change.
43
43
  - Another web framework owns the route surface.
44
44
 
45
45
  <!-- mustflow-section: required-inputs -->
46
46
  ## Required Inputs
47
47
 
48
- - Package metadata, Bun lockfile if present, TypeScript config, server entrypoint, route modules, plugin modules, schema/model files, auth/session files, error handling, OpenAPI config, Eden client exports, and tests.
48
+ - Package metadata, Bun lockfile if present, TypeScript config, server entrypoint, route modules, plugin modules, schema/model files, auth/session files, cookie and CORS config, error handling, OpenAPI config, Eden client exports, streaming and WebSocket config, deployment config, and tests.
49
49
  - Existing response envelope, status-code contract, and strict TypeScript policy.
50
+ - Current Elysia and plugin version evidence when the task depends on release-specific behavior. Refresh official package or vendor sources before preserving exact "latest" claims.
50
51
 
51
52
  <!-- mustflow-section: preconditions -->
52
53
  ## Preconditions
53
54
 
54
55
  - Identify whether schema is the source of truth for runtime validation and type inference.
55
56
  - Inventory method, path, params, query, headers, cookies, body, response statuses, auth, and plugin/decorator dependencies.
57
+ - Identify whether the public client contract is Eden Treaty, OpenAPI JSON, generated SDKs, or a mix. Eden uses `typeof app`; OpenAPI SDKs use the OpenAPI document.
58
+ - Identify whether Bun runtime deployment details are in scope. If so, apply `bun-code-change` for Bun-specific runtime, compile, package manager, and deploy risks.
56
59
 
57
60
  <!-- mustflow-section: allowed-edits -->
58
61
  ## Allowed Edits
@@ -60,33 +63,78 @@ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, e
60
63
  - Define request and response schemas with the route.
61
64
  - Keep framework context at the route boundary and move only framework-free business logic into services.
62
65
  - Preserve plugin, decorator, derive, resolve, and store inference through Elysia chaining.
66
+ - Preserve method chaining or return typed Elysia plugin instances so `typeof app`, decorators, schemas, and lifecycle additions remain visible to Eden and tests.
63
67
  - Use `.derive` only for intentional pre-validation context shaping. Use `.resolve` by default for auth, session, user, tenant, permission, or other request-derived values that depend on validated headers, body, query, or params.
64
- - Keep OpenAPI and Eden clients aligned with route schemas when present.
68
+ - Keep OpenAPI and Eden Treaty clients aligned with route schemas when present.
69
+ - Use `model()` or named schema references for reused schemas in larger route sets when it reduces duplicate schema drift and OpenAPI component churn.
70
+ - Keep reusable plugins explicit with `new Elysia({ name, seed })` when lifecycle deduplication, encapsulation, or dependency visibility matters.
65
71
 
66
72
  <!-- mustflow-section: procedure -->
67
73
  ## Procedure
68
74
 
69
- 1. Read server entry, routes, plugins, schemas, auth, error handling, OpenAPI, Eden exports, and tests.
75
+ 1. Read server entry, routes, plugins, schemas, auth, cookies, CORS, error handling, OpenAPI, Eden exports, runtime deployment config, and tests.
70
76
  2. Build a route inventory for the changed surface.
71
- 3. Add or update schemas for every external input and meaningful response status.
72
- 4. Do not annotate handlers with broad `any`, duplicated manual interfaces, or imported `Context` types that erase inference.
73
- 5. Keep request-specific state out of module-level mutable globals.
74
- 6. For request-derived context, choose the lifecycle hook by validation dependency:
77
+ 3. Treat route schema as the primary contract for runtime validation, TypeScript inference, OpenAPI, and Eden. Avoid duplicating request and response contracts as separate TypeScript interfaces unless a clear external boundary requires it.
78
+ 4. Add or update schemas for every external input and meaningful response status, including non-2xx statuses.
79
+ 5. For URL and header inputs, remember that params, query, and headers arrive as HTTP strings:
80
+ - use lower-case header schema keys;
81
+ - use explicit numeric or boolean coercion schemas such as `t.Numeric()` where the route expects converted URL values;
82
+ - use array schemas for query arrays instead of relying on caller convention;
83
+ - distinguish `t.Optional` around an input object from optional properties inside the object.
84
+ 6. For file uploads, distinguish `t.File()` behavior from Standard Schema file validation. If using Zod, Valibot, or another Standard Schema, require explicit JSON Schema or file magic-number mapping when OpenAPI or runtime file validation depends on it.
85
+ 7. Check body parser ownership. For webhook verifiers, tRPC, oRPC, proxy, or raw-body endpoints, require an explicit raw-body or `parse: 'none'` design instead of letting schema inference consume the request body first.
86
+ 8. Reject GET or HEAD bodies as portable public API contracts unless the repository has an explicit non-portable exception. Use query contracts or a POST search/action endpoint instead.
87
+ 9. Do not annotate handlers with broad `any`, duplicated manual interfaces, or imported `Context` types that erase inference. Keep Elysia context at the route boundary and pass only validated values into services.
88
+ 10. Keep request-specific state out of module-level mutable globals, `.store`, and `.decorate`. Use validated `.resolve` or handler context for user, session, tenant, request id, or permission data.
89
+ 11. For request-derived context, choose the lifecycle hook by validation dependency:
75
90
  - use `.derive` only when transforming raw request context before validation is intentional;
76
91
  - use `.guard()` to apply schema and auth-related validation around a route group;
77
92
  - use `.resolve()` inside the validated chain for user, session, tenant, permission, or other values that depend on validated input;
78
93
  - check the order between `.resolve()` and `beforeHandle` before relying on a value in an auth or permission hook.
79
- 7. Centralize expected error envelope and auth failure behavior.
80
- 8. If OpenAPI or Eden is used, confirm the generated contract follows the schema change.
81
- 9. Choose configured verification intents that cover types, server boot, route happy path, validation failure, auth failure, OpenAPI, and Eden inference when available.
94
+ 12. Check lifecycle scope and registration order:
95
+ - hooks generally affect routes registered after them;
96
+ - plugin lifecycle is local unless scoped or global behavior is explicitly chosen;
97
+ - `global` scope should be reserved for true app-wide policy, not hidden feature dependencies;
98
+ - async or lazy plugins may require tests to wait for registered modules before asserting routes.
99
+ 13. Treat macros as public route-option APIs. Review their schema, lifecycle, OpenAPI, type-inference, dedupe, and error-response effects before adding or changing macro options.
100
+ 14. Centralize expected error envelope and auth failure behavior. Prefer typed `status(...)` return paths for expected route failures when Eden or OpenAPI clients need status-specific types; use `throw status(...)` intentionally when `onError` logging or transformation must run.
101
+ 15. Register custom errors and map unknown errors deliberately. Avoid collapsing business, auth, validation, upstream, and server bugs into one unknown 500.
102
+ 16. Review security defaults and exposure:
103
+ - configure CORS origins and credential behavior explicitly;
104
+ - protect or intentionally expose `/openapi`, `/openapi/json`, Scalar or Swagger UI routes;
105
+ - do not treat `detail.hide` as access control;
106
+ - sign and secure session cookies where applicable;
107
+ - avoid production validation details that leak schema internals.
108
+ 17. Review OpenAPI separately from docs UI:
109
+ - the official Elysia OpenAPI plugin and its docs UI provider are not the same thing as the raw OpenAPI document;
110
+ - confirm the raw OpenAPI JSON path, UI provider, and access policy before telling SDK consumers where to read the spec;
111
+ - if `fromTypes()` or type generation is used, verify production and bundled builds can still read the required `.d.ts`, `projectRoot`, and `tsconfigPath`;
112
+ - if Standard Schema is used, verify `mapJsonSchema` or equivalent JSON Schema mapping rather than assuming OpenAPI output is complete;
113
+ - remember `withHeader()` documents response headers; it does not enforce that the runtime sets them.
114
+ 18. Review Eden Treaty separately from OpenAPI codegen:
115
+ - export `type App = typeof app` from the server boundary;
116
+ - keep frontend imports type-only so server runtime code does not enter client bundles;
117
+ - keep server and client Elysia versions and strict TypeScript settings aligned;
118
+ - treat route path shape as SDK surface;
119
+ - handle Treaty `error` before assuming `data` is non-null;
120
+ - centralize auth headers in Treaty config or request hooks;
121
+ - split public, admin, internal, WebSocket, and streaming surfaces when one giant `App` type would expose too much or slow typechecking.
122
+ 19. Review routing semantics:
123
+ - static, dynamic, wildcard, optional, group, guard, prefix, mount, and `all()` behavior affect auth, cache, generated clients, and tests;
124
+ - auto HEAD behavior, explicit HEAD routes, range responses, SSE, and stream headers need separate verification when relevant;
125
+ - avoid `all()` unless accepting every method is the intended public contract.
126
+ 20. If Bun-backed runtime behavior changes, also review Elysia production settings that affect idle timeout, WebSocket backpressure, clustering, compile targets, port binding, Docker build context, and observability. Use `bun-code-change` for Bun-specific edits.
127
+ 21. Choose configured verification intents that cover types, server boot, route happy path, validation failure, auth failure, OpenAPI JSON, Eden inference, streaming/WebSocket behavior, and deployment config when available.
82
128
 
83
129
  <!-- mustflow-section: postconditions -->
84
130
  ## Postconditions
85
131
 
86
132
  - Schemas, runtime validation, and inferred types remain one contract.
87
133
  - Error and auth responses are consistent.
88
- - OpenAPI and Eden impact is known.
89
- - No route relies on unvalidated input, pre-validation auth context, or erased context types.
134
+ - OpenAPI docs UI, raw OpenAPI JSON, generated SDK, and Eden Treaty impact is known and not conflated.
135
+ - No route relies on unvalidated input, pre-validation auth context, request-specific global state, or erased context types.
136
+ - Plugin scope, hook order, macro behavior, and public route path shape are deliberate.
137
+ - Runtime, streaming, WebSocket, or deploy-specific Elysia/Bun risks are handled or reported.
90
138
 
91
139
  <!-- mustflow-section: verification -->
92
140
  ## Verification
@@ -100,7 +148,7 @@ Use configured oneshot command intents when available:
100
148
  - `docs_validate_fast`
101
149
  - `mustflow_check`
102
150
 
103
- Report missing route, OpenAPI, or Eden verification intents when relevant.
151
+ Report missing route, OpenAPI JSON, Eden Treaty, streaming, WebSocket, security, Docker, deploy, or runtime verification intents when relevant.
104
152
 
105
153
  <!-- mustflow-section: failure-handling -->
106
154
  ## Failure Handling
@@ -108,6 +156,10 @@ Report missing route, OpenAPI, or Eden verification intents when relevant.
108
156
  - If schema and manual types diverge, make schema the source of truth or report the competing contract.
109
157
  - If plugin inference breaks after extraction, return context-sensitive code to the Elysia chain or narrow the extraction.
110
158
  - If auth or session state is derived before validation through `.derive`, move it to a validated `.guard()` plus `.resolve()` chain or report the validation-order risk.
159
+ - If OpenAPI output looks correct only in development, inspect type generation inputs and production or bundled artifact availability before trusting generated SDKs.
160
+ - If `detail.hide` is used for sensitive routes, add real access control or report the exposure risk.
161
+ - If Eden types require importing server runtime into a frontend bundle, split type-only exports or report the bundling risk.
162
+ - If streaming, WebSocket, or long-lived request behavior is touched without timeout or backpressure evidence, report the operational risk.
111
163
  - If auth behavior is unclear, stop the route change and inspect or request the auth contract.
112
164
 
113
165
  <!-- mustflow-section: output-format -->
@@ -115,7 +167,9 @@ Report missing route, OpenAPI, or Eden verification intents when relevant.
115
167
 
116
168
  - Boundary checked
117
169
  - Schema and type inference notes
118
- - Auth, error, OpenAPI, or Eden impact
170
+ - Lifecycle, plugin, macro, auth, and error notes
171
+ - OpenAPI, Scalar or Swagger UI, generated SDK, and Eden Treaty impact
172
+ - Bun-backed runtime, streaming, WebSocket, or deployment notes
119
173
  - Files changed
120
174
  - Command intents run
121
175
  - Skipped checks and reasons