mustflow 2.103.21 → 2.103.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -4
- package/dist/cli/commands/flow.js +93 -0
- package/dist/cli/commands/run/execution.js +1 -1
- package/dist/cli/commands/run/executor.js +28 -3
- package/dist/cli/commands/run/windows-command-script.js +23 -0
- package/dist/cli/commands/verify.js +4 -1
- package/dist/cli/i18n/en.js +11 -0
- package/dist/cli/i18n/es.js +11 -0
- package/dist/cli/i18n/fr.js +11 -0
- package/dist/cli/i18n/hi.js +11 -0
- package/dist/cli/i18n/ko.js +11 -0
- package/dist/cli/i18n/zh.js +11 -0
- package/dist/cli/index.js +1 -0
- package/dist/cli/lib/active-command-lock.js +4 -0
- package/dist/cli/lib/command-registry.js +7 -0
- package/dist/cli/lib/repo-flow-frontmatter.js +35 -0
- package/dist/cli/lib/repo-flow.js +209 -0
- package/dist/cli/lib/repo-map.js +3 -0
- package/dist/cli/lib/run-plan.js +8 -4
- package/dist/cli/lib/validation/constants.js +10 -0
- package/dist/cli/lib/validation/index.js +54 -1
- package/dist/core/generated-boundary.js +1 -0
- package/dist/core/retention-policy.js +4 -2
- package/dist/core/run-receipt-state.js +247 -0
- package/dist/core/run-receipt.js +5 -1
- package/package.json +2 -1
- package/templates/default/common/.mustflow/config/mustflow.toml +2 -2
- package/templates/default/i18n.toml +31 -7
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +29 -6
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +95 -23
- package/templates/default/locales/en/.mustflow/skills/axum-code-change/SKILL.md +219 -0
- package/templates/default/locales/en/.mustflow/skills/babylon-code-change/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/bun-code-change/SKILL.md +27 -12
- package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +30 -5
- package/templates/default/locales/en/.mustflow/skills/elysia-code-change/SKILL.md +74 -20
- package/templates/default/locales/en/.mustflow/skills/godot-code-change/SKILL.md +272 -0
- package/templates/default/locales/en/.mustflow/skills/hono-code-change/SKILL.md +37 -23
- package/templates/default/locales/en/.mustflow/skills/routes.toml +28 -4
- package/templates/default/locales/en/.mustflow/skills/svelte-code-change/SKILL.md +65 -40
- package/templates/default/locales/en/.mustflow/skills/vue-code-change/SKILL.md +305 -0
- package/templates/default/manifest.toml +29 -1
|
@@ -0,0 +1,272 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.godot-code-change
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: godot-code-change
|
|
9
|
+
description: Apply this skill when Godot projects, scenes, nodes, GDScript, C# scripts, Resources, Autoloads, signals, groups, save/load systems, rendering, physics, UI, input, exports, plugins, editor tools, or Godot version migrations are created, changed, reviewed, or upgraded.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.godot-code-change
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- mustflow_check
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
# Godot Code Change
|
|
27
|
+
|
|
28
|
+
<!-- mustflow-section: purpose -->
|
|
29
|
+
## Purpose
|
|
30
|
+
|
|
31
|
+
Preserve Godot scene ownership, node lifecycle, Resource sharing, Autoload boundaries, signal flow,
|
|
32
|
+
save/load integrity, rendering budgets, physics stability, export behavior, and version migration
|
|
33
|
+
assumptions while making focused game or editor-tool changes.
|
|
34
|
+
|
|
35
|
+
Godot work is not "script changes plus some scenes". Many failures come from scene-tree coupling,
|
|
36
|
+
shared Resources mutated as instance state, Autoloads used as global storage, hidden signal
|
|
37
|
+
connections, per-frame tree searches, blocking loads, save files written into `res://`, or renderer
|
|
38
|
+
settings changed without profiling evidence.
|
|
39
|
+
|
|
40
|
+
<!-- mustflow-section: use-when -->
|
|
41
|
+
## Use When
|
|
42
|
+
|
|
43
|
+
- `project.godot`, `.tscn`, `.tres`, `.res`, `.gd`, `.gdshader`, `.cs`, export presets, addons,
|
|
44
|
+
editor plugins, import settings, input maps, autoloads, groups, scenes, nodes, Resources, or
|
|
45
|
+
Godot-specific tests change.
|
|
46
|
+
- Scene composition, ownership, instancing, inherited scenes, node paths, unique names, exported
|
|
47
|
+
NodePath references, groups, signals, tweens, animations, UI Controls, Containers, camera,
|
|
48
|
+
rendering, physics, input, save/load, or export templates are created, changed, reviewed, or
|
|
49
|
+
upgraded.
|
|
50
|
+
- GDScript typing, `await`, signals, callables, `@onready`, `@export`, `ResourceLoader`,
|
|
51
|
+
`ResourceSaver`, `FileAccess`, `DirAccess`, `ConfigFile`, threaded loading, or Autoload behavior
|
|
52
|
+
affects runtime paths.
|
|
53
|
+
- A Godot 3.x to 4.x migration, Godot 4.x minor upgrade, renderer change, platform export change,
|
|
54
|
+
mobile/XR/input change, or plugin compatibility change is part of the task.
|
|
55
|
+
|
|
56
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
57
|
+
## Do Not Use When
|
|
58
|
+
|
|
59
|
+
- The repository does not use Godot and only changes general assets, docs, or game design prose.
|
|
60
|
+
- Generic C#, Rust, C++, JavaScript, or shader code changes have no Godot scene, resource, engine,
|
|
61
|
+
export, editor, or runtime lifecycle effect; use the matching language or asset skill instead.
|
|
62
|
+
- The task only updates external version prose; use source-freshness guidance unless this procedure
|
|
63
|
+
itself changes.
|
|
64
|
+
- Generated import files, caches, exported builds, or `.godot/` state should be regenerated by a
|
|
65
|
+
declared command rather than edited.
|
|
66
|
+
|
|
67
|
+
<!-- mustflow-section: required-inputs -->
|
|
68
|
+
## Required Inputs
|
|
69
|
+
|
|
70
|
+
- Godot version, renderer, platform targets, export presets, project settings, input map, autoload
|
|
71
|
+
list, addon/plugin list, script language mix, and relevant official docs for the version in use.
|
|
72
|
+
- Scene ledger: entry scene, affected `.tscn` files, node ownership, instanced scenes, inherited
|
|
73
|
+
scenes, unique names, NodePaths, groups, signals, animation players, tweens, UI Containers,
|
|
74
|
+
physics nodes, cameras, lights, materials, Resources, and save/load participants.
|
|
75
|
+
- Runtime ledger: `_ready`, `_enter_tree`, `_exit_tree`, `_process`, `_physics_process`, input
|
|
76
|
+
callbacks, threaded loading, timers, deferred calls, scene transitions, queue/free behavior, and
|
|
77
|
+
profiler or frame-time evidence when performance is claimed.
|
|
78
|
+
- Data ledger: user data paths, save schema version, migration path, atomic write strategy,
|
|
79
|
+
Resource cache behavior, config defaults, validation rules, and untrusted file boundaries.
|
|
80
|
+
- Configured verification intents.
|
|
81
|
+
|
|
82
|
+
<!-- mustflow-section: preconditions -->
|
|
83
|
+
## Preconditions
|
|
84
|
+
|
|
85
|
+
- Read project settings, affected scenes, scripts, Resources, autoload declarations, export presets,
|
|
86
|
+
and tests before editing.
|
|
87
|
+
- Identify the Godot major/minor version before applying version-specific syntax, migration, or
|
|
88
|
+
export guidance. Do not mix stable docs for one branch, latest docs for another branch, and blog
|
|
89
|
+
examples as if they were one source.
|
|
90
|
+
- Apply language-specific skills alongside this skill when C#, C++, Rust/GDExtension, shader, or
|
|
91
|
+
package/tooling behavior changes outside the Godot boundary.
|
|
92
|
+
- Apply security, data, performance, UI, accessibility, or release skills when the change touches
|
|
93
|
+
save-file trust, networked games, monetized state, rendering budgets, UI behavior, or export
|
|
94
|
+
artifacts.
|
|
95
|
+
|
|
96
|
+
<!-- mustflow-section: allowed-edits -->
|
|
97
|
+
## Allowed Edits
|
|
98
|
+
|
|
99
|
+
- Keep scenes independently instantiable where practical. Parent nodes may coordinate children, but
|
|
100
|
+
child scenes should not hard-code distant parents, sibling internals, or `/root/Main` paths.
|
|
101
|
+
- Keep nodes for objects with lifecycle, transforms, notifications, or scene-tree behavior. Use
|
|
102
|
+
Resources, RefCounted, plain data, or DTOs for definitions and serializable state.
|
|
103
|
+
- Keep Autoloads limited to true process-wide services such as scene transition, save service,
|
|
104
|
+
audio bus control, settings, telemetry facade, or platform integration.
|
|
105
|
+
- Keep runtime-mutated Resources duplicated, local-to-scene, or separated from authoring data.
|
|
106
|
+
- Keep user-writable data under `user://`, not `res://`.
|
|
107
|
+
- Keep version-specific guidance behind a version gate and omit durable exact "latest" claims unless
|
|
108
|
+
refreshed from official sources.
|
|
109
|
+
|
|
110
|
+
<!-- mustflow-section: procedure -->
|
|
111
|
+
## Procedure
|
|
112
|
+
|
|
113
|
+
1. Read the Godot version, renderer, export targets, project settings, autoload declarations, input
|
|
114
|
+
map, addon list, affected scenes, scripts, Resources, shaders, import/export files, and tests.
|
|
115
|
+
2. Apply the Version Gate:
|
|
116
|
+
- identify current Godot major/minor version and whether the project is 3.x, 4.x, or in a
|
|
117
|
+
migration window;
|
|
118
|
+
- use official docs for the branch actually in use before applying syntax, API, renderer, export,
|
|
119
|
+
or migration behavior;
|
|
120
|
+
- treat stable docs, latest docs, release notes, blog posts, and pasted upgrade notes as
|
|
121
|
+
different evidence tracks until reconciled;
|
|
122
|
+
- for 4.x projects, check obsolete 3.x habits such as `yield`, stringly signal connections,
|
|
123
|
+
renderer assumptions, old physics behavior, and global singleton patterns before copying code.
|
|
124
|
+
3. Build a scene and ownership ledger:
|
|
125
|
+
- entry scene, world/UI split, instanced subscenes, inherited scenes, lifecycle owner, cleanup
|
|
126
|
+
owner, injected dependencies, sibling relationships, NodePaths, groups, signals, and public
|
|
127
|
+
scene contract;
|
|
128
|
+
- reject distant relative paths, `/root/Main` reach-through, sibling-to-sibling hard references,
|
|
129
|
+
and child scenes that cannot run or preview outside one parent unless that coupling is
|
|
130
|
+
intentional and documented.
|
|
131
|
+
4. Review node lifecycle and runtime order:
|
|
132
|
+
- distinguish `_enter_tree`, `_ready`, `_exit_tree`, `_process`, `_physics_process`, input
|
|
133
|
+
callbacks, timers, deferred calls, and scene transition timing;
|
|
134
|
+
- do not assume a new scene is immediately ready after `change_scene_to_*`;
|
|
135
|
+
- remember that `queue_free()` is deferred deletion, `remove_child()` is detachment, and
|
|
136
|
+
`replace_by()` does not automatically free the old node.
|
|
137
|
+
5. Review signals, groups, and flow visibility:
|
|
138
|
+
- use signals for events, not hidden remote commands;
|
|
139
|
+
- avoid duplicate connections on scene re-entry and lambdas that cannot be disconnected when
|
|
140
|
+
lifecycle requires cleanup;
|
|
141
|
+
- prefer typed signal/callable patterns for maintained 4.x code;
|
|
142
|
+
- treat `call_group` and `set_group` as broad broadcasts that can stutter when used on many
|
|
143
|
+
nodes; chunk, defer, or queue high-volume work.
|
|
144
|
+
6. Review Autoload and global state:
|
|
145
|
+
- keep Autoload APIs narrow and service-like;
|
|
146
|
+
- avoid putting player health, enemy state, UI control state, per-level state, or transient
|
|
147
|
+
request data into globals;
|
|
148
|
+
- do not free Autoloads during normal runtime;
|
|
149
|
+
- ensure scene transitions through an Autoload have an explicit ordering contract.
|
|
150
|
+
7. Review Resources and serialized data:
|
|
151
|
+
- remember that path-loaded Resources are cached shared references;
|
|
152
|
+
- never mutate authoring Resources as per-instance runtime state unless they are duplicated or
|
|
153
|
+
local-to-scene by design;
|
|
154
|
+
- keep item definitions, tuning tables, materials, and animation data separate from player save
|
|
155
|
+
state;
|
|
156
|
+
- avoid using instance overrides as an untracked data-management system.
|
|
157
|
+
8. Review GDScript and language boundaries:
|
|
158
|
+
- use static typing on long-lived gameplay systems, save DTOs, inventory, combat math, settings,
|
|
159
|
+
networking, and scene-transition managers;
|
|
160
|
+
- avoid per-frame `find_child`, `find_children`, and `find_parent`; cache references with
|
|
161
|
+
`@onready`, unique names, exported references, or dependency injection;
|
|
162
|
+
- use `_process` only for per-frame behavior, `_physics_process` for fixed-step physics, and
|
|
163
|
+
input callbacks for input events.
|
|
164
|
+
9. Review save/load, config, and file I/O:
|
|
165
|
+
- save state snapshots, not raw node trees;
|
|
166
|
+
- write user data to `user://`;
|
|
167
|
+
- put schema, game/content version, slot id, timestamps, and migration path at the save root;
|
|
168
|
+
- use atomic temp, backup, validate, rename style writes when save loss matters;
|
|
169
|
+
- treat JSON as readable but type-weak; validate parsed data;
|
|
170
|
+
- avoid object deserialization from untrusted files, especially object-enabled Variant loading;
|
|
171
|
+
- use `ConfigFile` for settings, with defaults, validation, apply, and batched save behavior.
|
|
172
|
+
10. Review loading, threads, and deferred work:
|
|
173
|
+
- use threaded resource requests with status polling before getting the loaded resource;
|
|
174
|
+
- avoid calling blocking loads during gameplay spikes or UI opening;
|
|
175
|
+
- do not touch active SceneTree nodes directly from background threads; use deferred calls or a
|
|
176
|
+
main-thread handoff;
|
|
177
|
+
- guard shared data with a clear ownership or mutex policy.
|
|
178
|
+
11. Review rendering, UI, physics, and input:
|
|
179
|
+
- require profiler or frame-time evidence before accepting performance claims;
|
|
180
|
+
- for 3D, check visibility ranges, occlusion, HLOD/LOD, far plane, light counts, shadows,
|
|
181
|
+
materials, shader variants, particles, MultiMesh usage, and camera cost;
|
|
182
|
+
- for 2D, check draw calls, canvas layers, custom drawing invalidation, particles, tilemaps,
|
|
183
|
+
collision shapes, and physics tick stability;
|
|
184
|
+
- for UI, keep Container layout separate from animation transforms and avoid wrapper-node
|
|
185
|
+
sprawl when the current version has a cleaner Control transform path;
|
|
186
|
+
- for mobile/gamepad/XR, check input mode, focus loss, virtual controls, safe areas, and export
|
|
187
|
+
target behavior.
|
|
188
|
+
12. Review export and plugin surfaces:
|
|
189
|
+
- keep export presets, export templates, platform architectures, signing, permissions, splash,
|
|
190
|
+
icon, native plugin, GDExtension, and addon compatibility explicit;
|
|
191
|
+
- do not edit generated imports, cache state, or exported binaries as source;
|
|
192
|
+
- verify release-sensitive export changes with configured package/release checks when available.
|
|
193
|
+
13. Choose configured verification intents that cover scene loading, script parsing/type checks,
|
|
194
|
+
save/load migration, settings validation, scene transitions, rendering smoke, physics/input
|
|
195
|
+
behavior, export metadata, and package/template sync when available.
|
|
196
|
+
|
|
197
|
+
<!-- mustflow-section: rejection-criteria -->
|
|
198
|
+
## Review Rejection Criteria
|
|
199
|
+
|
|
200
|
+
Reject or revise a change when:
|
|
201
|
+
|
|
202
|
+
- Godot 3.x syntax, signals, renderer, physics, or singleton patterns are applied to a 4.x project
|
|
203
|
+
without checking the project version.
|
|
204
|
+
- A subscene reaches distant parents, siblings, or `/root/Main` instead of receiving dependencies
|
|
205
|
+
through its parent, exported references, groups, or a service boundary.
|
|
206
|
+
- Autoload becomes a catch-all for gameplay, UI, level, save, and platform state.
|
|
207
|
+
- Runtime code mutates shared authoring Resources as if each instance owns a copy.
|
|
208
|
+
- Save files are written under `res://`, lack a schema version, or deserialize trusted objects from
|
|
209
|
+
user-controlled data.
|
|
210
|
+
- `_process` performs tree searches, heavy polling, loading, group broadcasts, or work that belongs
|
|
211
|
+
in input callbacks, timers, or cached references.
|
|
212
|
+
- Threads touch live SceneTree nodes directly.
|
|
213
|
+
- Scene transition code assumes old and new scenes are available synchronously after the transition
|
|
214
|
+
call.
|
|
215
|
+
- Rendering, physics, or memory changes claim performance wins without profiler, frame-time, or
|
|
216
|
+
target-device evidence.
|
|
217
|
+
- Export preset or platform changes omit target architecture, signing, permission, template, or
|
|
218
|
+
native-plugin impact.
|
|
219
|
+
|
|
220
|
+
<!-- mustflow-section: postconditions -->
|
|
221
|
+
## Postconditions
|
|
222
|
+
|
|
223
|
+
- Scene ownership, node lifecycle, signals, groups, Autoloads, Resources, save/load, config,
|
|
224
|
+
rendering, physics, input, export, and version assumptions are intentional and reported.
|
|
225
|
+
- Runtime-mutated state is separated from authoring Resources and process-wide services.
|
|
226
|
+
- User-writable files, migrations, atomic writes, and untrusted data boundaries are explicit.
|
|
227
|
+
- Version-specific guidance is refreshed from official sources for the project version or omitted
|
|
228
|
+
from durable claims.
|
|
229
|
+
- Missing scene, save/load, rendering, physics, input, export, or target-device verification is
|
|
230
|
+
reported.
|
|
231
|
+
|
|
232
|
+
<!-- mustflow-section: verification -->
|
|
233
|
+
## Verification
|
|
234
|
+
|
|
235
|
+
Use configured oneshot command intents when available:
|
|
236
|
+
|
|
237
|
+
- `lint`
|
|
238
|
+
- `build`
|
|
239
|
+
- `test_related`
|
|
240
|
+
- `test`
|
|
241
|
+
- `docs_validate_fast`
|
|
242
|
+
- `mustflow_check`
|
|
243
|
+
|
|
244
|
+
Report missing Godot editor import, script parse, scene load, save migration, renderer smoke,
|
|
245
|
+
physics/input, export preset, target-device, or release verification intents when relevant.
|
|
246
|
+
|
|
247
|
+
<!-- mustflow-section: failure-handling -->
|
|
248
|
+
## Failure Handling
|
|
249
|
+
|
|
250
|
+
- If scene behavior is unclear, build the scene and ownership ledger before changing scripts.
|
|
251
|
+
- If runtime errors mention missing nodes, inspect NodePaths, unique names, scene instancing,
|
|
252
|
+
lifecycle order, and scene transition timing before adding broader globals.
|
|
253
|
+
- If shared data changes leak across instances, inspect Resource cache, duplication, local-to-scene,
|
|
254
|
+
instance overrides, and authored-versus-runtime state separation.
|
|
255
|
+
- If save/load fails, inspect path choice, schema version, migration, parse errors, type validation,
|
|
256
|
+
atomic write behavior, and untrusted object deserialization.
|
|
257
|
+
- If performance cannot be measured by configured intents, report the missing profiler, scene-load,
|
|
258
|
+
target-device, or export-smoke coverage instead of claiming a performance fix.
|
|
259
|
+
- If official source freshness cannot be checked for a version, release, migration, or export claim,
|
|
260
|
+
omit the claim from durable skill text and report it as unverified snapshot context.
|
|
261
|
+
|
|
262
|
+
<!-- mustflow-section: output-format -->
|
|
263
|
+
## Output Format
|
|
264
|
+
|
|
265
|
+
- Boundary checked
|
|
266
|
+
- Godot version, renderer, scene, node, signal, Resource, Autoload, and lifecycle notes
|
|
267
|
+
- Save/load, config, file I/O, threaded loading, and untrusted data notes
|
|
268
|
+
- Rendering, physics, UI, input, export, plugin, and target-platform notes
|
|
269
|
+
- Files changed
|
|
270
|
+
- Command intents run
|
|
271
|
+
- Skipped checks and reasons
|
|
272
|
+
- Remaining Godot risk
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.hono-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: hono-code-change
|
|
9
|
-
description: Apply this skill when Hono apps,
|
|
9
|
+
description: Apply this skill when Hono apps, route chains, middleware order, validators, RPC or typed clients, OpenAPI schema generation, runtime bindings, context variables, auth, CORS, cookie, header, streaming, WebSocket, cache, static asset, or Cloudflare, Bun, Node, Deno, edge, or serverless adapter boundaries are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -28,26 +28,29 @@ metadata:
|
|
|
28
28
|
<!-- mustflow-section: purpose -->
|
|
29
29
|
## Purpose
|
|
30
30
|
|
|
31
|
-
Preserve Hono runtime, middleware, validation, context binding, auth, typed
|
|
31
|
+
Preserve Hono route registration, runtime adapter, middleware ordering, validation, context binding, auth, typed client, OpenAPI, streaming, cache, static asset, and response contract boundaries.
|
|
32
32
|
|
|
33
33
|
<!-- mustflow-section: use-when -->
|
|
34
34
|
## Use When
|
|
35
35
|
|
|
36
|
-
- `new Hono`, `app.get`, `app.post`, `app.use`, `c.env`, `c.get`, `c.set`, validators, RPC clients, middleware, adapters, or Hono route tests change.
|
|
37
|
-
- The task touches Cloudflare Workers, Bun, Node, edge-compatible
|
|
36
|
+
- `new Hono`, `app.route`, `basePath`, `app.get`, `app.post`, `app.use`, wildcard routes, fallback routes, `c.env`, `c.get`, `c.set`, `c.req.valid`, validators, RPC clients, middleware, adapters, or Hono route tests change.
|
|
37
|
+
- The task touches Cloudflare Workers, Bun, Node, Deno, edge-compatible, serverless, SSR, static file, WebSocket, SSE, streaming, cache, cookie, CORS, CSRF, JWT, JWK, header, body-limit, binding, variable, auth middleware, OpenAPI, or response schema behavior.
|
|
38
|
+
- The task exports or consumes `typeof app`, `typeof routes`, `AppType`, `hc`, `InferRequestType`, `InferResponseType`, `ApplyGlobalResponse`, OpenAPI clients, or generated SDKs from Hono routes.
|
|
38
39
|
|
|
39
40
|
<!-- mustflow-section: do-not-use-when -->
|
|
40
41
|
## Do Not Use When
|
|
41
42
|
|
|
42
43
|
- The task only touches framework-agnostic service code behind a Hono handler; use the relevant language or architecture skill.
|
|
43
44
|
- Another HTTP framework is used instead of Hono.
|
|
45
|
+
- The task only updates external framework version prose; use `source-freshness-check` unless the Hono procedure itself changes.
|
|
44
46
|
|
|
45
47
|
<!-- mustflow-section: required-inputs -->
|
|
46
48
|
## Required Inputs
|
|
47
49
|
|
|
48
|
-
- Package metadata, TypeScript config, runtime adapter config, worker or server entrypoint,
|
|
49
|
-
- Target runtime matrix: Cloudflare, Bun, Node, edge-compatible, or single runtime.
|
|
50
|
-
- Existing response envelope
|
|
50
|
+
- Package metadata, TypeScript config, runtime adapter config, worker or server entrypoint, route modules, middleware registration, env and binding types, context variables, schemas, validators, client type exports, OpenAPI generation, generated SDKs, and tests.
|
|
51
|
+
- Target runtime matrix: Cloudflare Workers or Pages, Bun, Node with `@hono/node-server`, Deno, Lambda or other serverless adapter, edge-compatible, or single runtime.
|
|
52
|
+
- Existing response envelope, status-code contract, error contract, CORS, cookie, header, cache, streaming, WebSocket, static file, body-size, and upload behavior.
|
|
53
|
+
- Official or repository-local source evidence before preserving exact latest-version, patch-note, or adapter-behavior claims.
|
|
51
54
|
|
|
52
55
|
<!-- mustflow-section: preconditions -->
|
|
53
56
|
## Preconditions
|
|
@@ -55,6 +58,7 @@ Preserve Hono runtime, middleware, validation, context binding, auth, typed rout
|
|
|
55
58
|
- Confirm runtime before using platform APIs.
|
|
56
59
|
- Identify `Bindings` for runtime-provided values and `Variables` for request-local middleware values.
|
|
57
60
|
- Identify auth, validation, and error response boundaries before adding routes.
|
|
61
|
+
- Refresh official package or vendor sources before preserving exact "latest", release-date, or security-patch claims; otherwise keep those facts out of the skill or mark them as snapshot-only in the report.
|
|
58
62
|
|
|
59
63
|
<!-- mustflow-section: allowed-edits -->
|
|
60
64
|
## Allowed Edits
|
|
@@ -63,26 +67,33 @@ Preserve Hono runtime, middleware, validation, context binding, auth, typed rout
|
|
|
63
67
|
- Register middleware in an order that preserves logging, CORS, security headers, body limits, auth, validation, and handler behavior.
|
|
64
68
|
- Trust only validated request data in handlers.
|
|
65
69
|
- Keep success and failure envelopes consistent.
|
|
70
|
+
- Keep route type exports, RPC clients, OpenAPI documents, generated SDKs, tests, and docs synchronized when public API behavior changes.
|
|
66
71
|
|
|
67
72
|
<!-- mustflow-section: procedure -->
|
|
68
73
|
## Procedure
|
|
69
74
|
|
|
70
|
-
1. Read app entrypoint, runtime adapter, route modules, middleware, schemas, client type exports, and tests.
|
|
71
|
-
2. Map the route boundary: method, path, runtime, auth, params, query, headers, cookies, body, variables, bindings, response statuses, and
|
|
72
|
-
3.
|
|
73
|
-
4. Keep auth
|
|
74
|
-
5.
|
|
75
|
-
6.
|
|
76
|
-
7.
|
|
77
|
-
8.
|
|
75
|
+
1. Read app entrypoint, runtime adapter, route modules, middleware, schemas, validator helpers, OpenAPI setup, client type exports, generated clients, and tests.
|
|
76
|
+
2. Map the route boundary: method, path, registration order, runtime, auth, params, query, headers, cookies, body, variables, bindings, response statuses, content types, cache headers, streaming mode, and public client surface.
|
|
77
|
+
3. Treat Hono route order as behavior. Keep specific routes before wildcard or fallback routes; check `route()`, `basePath()`, `mount`, optional params, regexp params, static routes, and fallback registration for shadowing or doubled prefixes.
|
|
78
|
+
4. Keep auth, CORS, CSRF, secure headers, body limit, cookie, JWT, JWK, cache, ETag, compression, and logging middleware in an order that matches the security and observability boundary.
|
|
79
|
+
5. For CORS with credentials, require an explicit origin allowlist or exact origin callback; do not rely on wildcard origin behavior or loose suffix checks.
|
|
80
|
+
6. Separate `Bindings` from `Variables`; do not store request-local auth, user, session, tenant, or trace state in globals, module singletons, or runtime-wide mutable objects.
|
|
81
|
+
7. Use `createMiddleware<{ Variables }>()` or route-local generics for context values that depend on middleware execution. Avoid `ContextVariableMap` unless the value is truly available for every request path.
|
|
82
|
+
8. Use `c.req.valid(...)` output rather than rereading unvalidated request bodies. Remember that request bodies are one-shot, query and params are strings, header validator keys are lowercase, and `json` or `form` validators need the matching `Content-Type`.
|
|
83
|
+
9. For multipart uploads, large JSON, webhooks, raw-body signatures, and file routes, check parser shape, body limits, runtime limits, storage limits, repeated-field behavior, and raw request cloning before changing handlers.
|
|
84
|
+
10. Preserve typed route, RPC, and SDK inference by exporting the route chain actually used by `hc<AppType>()`, keeping handler responses on typed `c.json(payload, status)` paths, and avoiding broad `Context` handler extraction that drops path, validator, or response types.
|
|
85
|
+
11. Keep runtime validation schema, OpenAPI schema, response schema, generated SDKs, and Hono RPC types from becoming separate truths. Choose one canonical contract and verify drift with tests or snapshots when available.
|
|
86
|
+
12. Do not put Node-only, Bun-only, Cloudflare-only, Deno-only, Lambda-only, static-serving, connection-info, WebSocket, or filesystem APIs in shared route modules. Keep runtime entry files thin and pass plain config or adapter functions into shared app code.
|
|
87
|
+
13. For streaming, SSE, WebSocket, cache, ETag, static file, and SSR or JSX routes, check cancellation, abort handling, backpressure, already-started-response errors, header retention, path traversal, cache key and `Vary`, repeated `Set-Cookie`, and adapter header normalization.
|
|
88
|
+
14. Choose configured verification intents that cover type checks, route tests, auth failure, validation failure, CORS/cookie/header behavior, streaming or WebSocket behavior, OpenAPI or SDK generation, and runtime env mocks when available.
|
|
78
89
|
|
|
79
90
|
<!-- mustflow-section: postconditions -->
|
|
80
91
|
## Postconditions
|
|
81
92
|
|
|
82
93
|
- Runtime-specific APIs are isolated.
|
|
83
|
-
- Middleware order and auth boundary are clear.
|
|
84
|
-
- Request validation and response envelope are preserved.
|
|
85
|
-
- Typed route
|
|
94
|
+
- Middleware order, route order, and auth boundary are clear.
|
|
95
|
+
- Request validation, body parsing, header/cookie/CORS/cache, and response envelope behavior are preserved.
|
|
96
|
+
- Typed route, RPC, OpenAPI, generated SDK, and runtime adapter contract impact is reported.
|
|
86
97
|
|
|
87
98
|
<!-- mustflow-section: verification -->
|
|
88
99
|
## Verification
|
|
@@ -96,21 +107,24 @@ Use configured oneshot command intents when available:
|
|
|
96
107
|
- `docs_validate_fast`
|
|
97
108
|
- `mustflow_check`
|
|
98
109
|
|
|
99
|
-
Report missing multi-runtime
|
|
110
|
+
Report missing multi-runtime, route-level, streaming, WebSocket, OpenAPI, SDK, or adapter verification intents when relevant.
|
|
100
111
|
|
|
101
112
|
<!-- mustflow-section: failure-handling -->
|
|
102
113
|
## Failure Handling
|
|
103
114
|
|
|
104
115
|
- If runtime target is unclear, inspect adapter and deployment config before editing.
|
|
105
116
|
- If a route needs a broader permission, binding, or auth change, switch to the relevant security or contract skill.
|
|
106
|
-
- If typed route inference breaks, repair schema and response shape before adding more routes.
|
|
117
|
+
- If typed route inference breaks, repair the route chain, validator, schema, and response shape before adding more routes.
|
|
118
|
+
- If official source freshness cannot be checked for a version, release, or security-patch claim, omit the claim from durable skill text and report it as unverified snapshot context.
|
|
119
|
+
- If streaming, WebSocket, cache, static, or adapter-specific behavior cannot be tested by configured intents, report the missing runtime smoke coverage.
|
|
107
120
|
|
|
108
121
|
<!-- mustflow-section: output-format -->
|
|
109
122
|
## Output Format
|
|
110
123
|
|
|
111
124
|
- Boundary checked
|
|
112
|
-
- Runtime and middleware notes
|
|
113
|
-
- Validation and response contract notes
|
|
125
|
+
- Runtime, adapter, route-order, and middleware notes
|
|
126
|
+
- Validation, RPC, OpenAPI, SDK, and response contract notes
|
|
127
|
+
- CORS, cookie, header, cache, streaming, WebSocket, static, or SSR notes when touched
|
|
114
128
|
- Files changed
|
|
115
129
|
- Command intents run
|
|
116
130
|
- Skipped checks and reasons
|
|
@@ -528,6 +528,18 @@ route_type = "primary"
|
|
|
528
528
|
priority = 85
|
|
529
529
|
applies_to_reasons = ["code_change", "public_api_change", "test_change"]
|
|
530
530
|
|
|
531
|
+
[routes."axum-code-change"]
|
|
532
|
+
category = "general_code"
|
|
533
|
+
route_type = "primary"
|
|
534
|
+
priority = 85
|
|
535
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "performance_change", "security_change", "privacy_change", "data_change", "package_metadata_change", "release_risk"]
|
|
536
|
+
|
|
537
|
+
[routes."godot-code-change"]
|
|
538
|
+
category = "general_code"
|
|
539
|
+
route_type = "primary"
|
|
540
|
+
priority = 85
|
|
541
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "performance_change", "security_change", "privacy_change", "data_change", "ui_change", "package_metadata_change", "release_risk"]
|
|
542
|
+
|
|
531
543
|
[routes."dart-code-change"]
|
|
532
544
|
category = "general_code"
|
|
533
545
|
route_type = "primary"
|
|
@@ -538,13 +550,13 @@ applies_to_reasons = ["code_change", "public_api_change", "test_change"]
|
|
|
538
550
|
category = "general_code"
|
|
539
551
|
route_type = "primary"
|
|
540
552
|
priority = 85
|
|
541
|
-
applies_to_reasons = ["code_change", "public_api_change", "security_change"]
|
|
553
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "performance_change", "security_change", "privacy_change", "package_metadata_change", "release_risk"]
|
|
542
554
|
|
|
543
555
|
[routes."elysia-code-change"]
|
|
544
556
|
category = "general_code"
|
|
545
557
|
route_type = "primary"
|
|
546
558
|
priority = 85
|
|
547
|
-
applies_to_reasons = ["code_change", "public_api_change", "security_change"]
|
|
559
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "performance_change", "security_change", "privacy_change", "package_metadata_change", "release_risk"]
|
|
548
560
|
|
|
549
561
|
[routes."source-anchor-authoring"]
|
|
550
562
|
category = "general_code"
|
|
@@ -988,7 +1000,13 @@ applies_to_reasons = ["ui_change", "code_change", "public_api_change"]
|
|
|
988
1000
|
category = "ui_assets"
|
|
989
1001
|
route_type = "primary"
|
|
990
1002
|
priority = 85
|
|
991
|
-
applies_to_reasons = ["ui_change", "docs_change", "code_change", "behavior_change", "migration_change", "package_metadata_change"]
|
|
1003
|
+
applies_to_reasons = ["ui_change", "docs_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "performance_change", "test_change", "migration_change", "package_metadata_change", "release_risk"]
|
|
1004
|
+
|
|
1005
|
+
[routes."babylon-code-change"]
|
|
1006
|
+
category = "ui_assets"
|
|
1007
|
+
route_type = "primary"
|
|
1008
|
+
priority = 85
|
|
1009
|
+
applies_to_reasons = ["ui_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "performance_change", "test_change", "docs_change", "migration_change", "package_metadata_change", "release_risk"]
|
|
992
1010
|
|
|
993
1011
|
[routes."react-code-change"]
|
|
994
1012
|
category = "ui_assets"
|
|
@@ -996,11 +1014,17 @@ route_type = "primary"
|
|
|
996
1014
|
priority = 85
|
|
997
1015
|
applies_to_reasons = ["ui_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "performance_change", "test_change", "package_metadata_change", "release_risk"]
|
|
998
1016
|
|
|
1017
|
+
[routes."vue-code-change"]
|
|
1018
|
+
category = "ui_assets"
|
|
1019
|
+
route_type = "primary"
|
|
1020
|
+
priority = 85
|
|
1021
|
+
applies_to_reasons = ["ui_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "performance_change", "test_change", "package_metadata_change", "release_risk"]
|
|
1022
|
+
|
|
999
1023
|
[routes."svelte-code-change"]
|
|
1000
1024
|
category = "ui_assets"
|
|
1001
1025
|
route_type = "primary"
|
|
1002
1026
|
priority = 85
|
|
1003
|
-
applies_to_reasons = ["ui_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "test_change", "package_metadata_change"]
|
|
1027
|
+
applies_to_reasons = ["ui_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "performance_change", "test_change", "docs_change", "migration_change", "package_metadata_change", "release_risk"]
|
|
1004
1028
|
|
|
1005
1029
|
[routes."pattern-scout"]
|
|
1006
1030
|
category = "architecture_patterns"
|