mustflow 2.103.22 → 2.103.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/README.md +5 -2
  2. package/dist/cli/commands/check.js +3 -3
  3. package/dist/cli/commands/flow.js +93 -0
  4. package/dist/cli/commands/run/executor.js +28 -3
  5. package/dist/cli/commands/run/windows-command-script.js +23 -0
  6. package/dist/cli/i18n/en.js +11 -0
  7. package/dist/cli/i18n/es.js +11 -0
  8. package/dist/cli/i18n/fr.js +11 -0
  9. package/dist/cli/i18n/hi.js +11 -0
  10. package/dist/cli/i18n/ko.js +11 -0
  11. package/dist/cli/i18n/zh.js +11 -0
  12. package/dist/cli/index.js +1 -0
  13. package/dist/cli/lib/active-command-lock.js +4 -0
  14. package/dist/cli/lib/command-registry.js +7 -0
  15. package/dist/cli/lib/local-index/index.js +70 -0
  16. package/dist/cli/lib/repo-flow-frontmatter.js +35 -0
  17. package/dist/cli/lib/repo-flow.js +209 -0
  18. package/dist/cli/lib/repo-map.js +3 -0
  19. package/dist/cli/lib/run-plan.js +8 -4
  20. package/dist/cli/lib/validation/constants.js +10 -0
  21. package/dist/cli/lib/validation/index.js +73 -1
  22. package/dist/core/check-issues.js +2 -0
  23. package/dist/core/generated-boundary.js +1 -0
  24. package/package.json +2 -1
  25. package/templates/default/i18n.toml +30 -6
  26. package/templates/default/locales/en/.mustflow/skills/INDEX.md +29 -6
  27. package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +95 -23
  28. package/templates/default/locales/en/.mustflow/skills/axum-code-change/SKILL.md +219 -0
  29. package/templates/default/locales/en/.mustflow/skills/babylon-code-change/SKILL.md +318 -0
  30. package/templates/default/locales/en/.mustflow/skills/bun-code-change/SKILL.md +27 -12
  31. package/templates/default/locales/en/.mustflow/skills/elysia-code-change/SKILL.md +74 -20
  32. package/templates/default/locales/en/.mustflow/skills/godot-code-change/SKILL.md +272 -0
  33. package/templates/default/locales/en/.mustflow/skills/hono-code-change/SKILL.md +37 -23
  34. package/templates/default/locales/en/.mustflow/skills/routes.toml +28 -4
  35. package/templates/default/locales/en/.mustflow/skills/svelte-code-change/SKILL.md +65 -40
  36. package/templates/default/locales/en/.mustflow/skills/vue-code-change/SKILL.md +305 -0
  37. package/templates/default/manifest.toml +29 -1
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.bun-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 1
5
+ revision: 2
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: bun-code-change
9
- description: Apply this skill when Bun runtime code, Bun package manager behavior, bun.lock, bunfig.toml, Bun test runner behavior, Bun bundling, Bun TypeScript execution, or Bun-specific APIs are created or changed.
9
+ description: Apply this skill when Bun runtime code, Bun.serve or Elysia-on-Bun server behavior, Bun package manager behavior, bun.lock, bunfig.toml, Bun test runner behavior, Bun bundling, Bun compile, Bun TypeScript execution, Bun-specific APIs, Docker deployment, or Bun runtime compatibility is created, changed, reviewed, or upgraded.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -29,15 +29,15 @@ metadata:
29
29
  <!-- mustflow-section: purpose -->
30
30
  ## Purpose
31
31
 
32
- Preserve Bun's separate roles as runtime, package manager, script runner, test runner, bundler, transpiler, and Node-compatible environment without mistaking one successful role for another.
32
+ Preserve Bun's separate roles as runtime, package manager, script runner, test runner, bundler, transpiler, compiler, server runtime, and Node-compatible environment without mistaking one successful role for another.
33
33
 
34
34
  <!-- mustflow-section: use-when -->
35
35
  ## Use When
36
36
 
37
37
  - `bun.lock`, `bun.lockb`, `bunfig.toml`, `packageManager: "bun@..."`, Bun install settings, `trustedDependencies`, Bun workspace behavior, or Bun lockfile migration changes.
38
- - Bun runtime code or config changes, including `Bun.*`, `Bun.serve`, `Bun.file`, `Bun.write`, `Bun.spawn`, `Bun.$`, `bun:sqlite`, `#!/usr/bin/env bun`, Bun preload, Bun `.env` behavior, or `bun run --bun`.
38
+ - Bun runtime code or config changes, including `Bun.*`, `Bun.serve`, Elysia-on-Bun `serve` settings, `Bun.file`, `Bun.write`, `Bun.spawn`, `Bun.$`, `bun:sqlite`, `#!/usr/bin/env bun`, Bun preload, Bun `.env` behavior, or `bun run --bun`.
39
39
  - Bun test runner behavior changes, including `bun test`, `bun:test`, `[test]` in `bunfig.toml`, snapshots, mocks, preload, isolation, coverage, sharding, or parallelism.
40
- - Bun bundling, compile, transpiler, build target, JSX settings, path aliases, TypeScript runtime execution, or library packaging with Bun changes.
40
+ - Bun bundling, compile, transpiler, build target, JSX settings, path aliases, TypeScript runtime execution, single executable output, Docker images, PORT binding, observability instrumentation, or library packaging with Bun changes.
41
41
 
42
42
  <!-- mustflow-section: do-not-use-when -->
43
43
  ## Do Not Use When
@@ -54,6 +54,7 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
54
54
  - Bun ownership files: `bun.lock`, `bun.lockb`, `bunfig.toml`, npm, pnpm, or Yarn lockfiles that coexist with Bun, CI install commands, Docker install and runtime commands, and `oven-sh/setup-bun` usage.
55
55
  - Bun config sections: `[install]`, `[test]`, top-level preload, env, define, loader, JSX, and run settings.
56
56
  - Runtime and compatibility surfaces: `Bun.*`, `bun:test`, `node:*`, `.node`, `node-gyp`, lifecycle scripts, Prisma, sharp, Playwright, esbuild, native binary packages, streams, workers, child processes, crypto, filesystem watch, and shebangs.
57
+ - Server and deployment surfaces: `Bun.serve`, Elysia `serve` config, idle timeout, WebSocket config, backpressure limits, `SO_REUSEPORT`, clustering, compile target, CPU and libc assumptions, Docker base image, build context, distroless output, `PORT` env handling, OpenTelemetry or instrumentation, and reverse proxy config.
57
58
  - TypeScript and package surfaces: `tsconfig*.json`, `@types/bun`, `types: ["bun"]`, module resolution, path aliases, JSX runtime, declaration output, build targets, package exports, and command contract entries.
58
59
 
59
60
  <!-- mustflow-section: preconditions -->
@@ -63,6 +64,7 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
63
64
  - Do not treat Bun package installation as proof that Bun runtime behavior works.
64
65
  - Do not treat Bun runtime execution, Bun transpilation, Bun tests, or Bun bundling as TypeScript typechecking or declaration generation.
65
66
  - Treat lockfile, trusted dependency, build target, and package entry changes as release-sensitive unless proven internal.
67
+ - Treat Elysia-on-Bun deployment settings as runtime contracts, not local development conveniences.
66
68
 
67
69
  <!-- mustflow-section: allowed-edits -->
68
70
  ## Allowed Edits
@@ -70,6 +72,8 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
70
72
  - Keep Bun-specific APIs in Bun-owned runtime files, adapters, tests, or package entrypoints.
71
73
  - Keep Bun package manager changes aligned with `bun.lock`, `bunfig.toml`, CI, Docker, and workspace ownership.
72
74
  - Preserve existing Node, browser, edge, Jest, Vitest, TypeScript, and package-consumer contracts unless the task explicitly asks to migrate them.
75
+ - Isolate Bun-only APIs behind runtime-owned adapters when Node, browser, edge, or test portability remains a project contract.
76
+ - Keep server runtime settings explicit when long-lived requests, streaming, WebSockets, uploaded files, generated exports, or reverse proxies are involved.
73
77
  - Add focused tests or package checks only when they protect changed Bun runtime, package manager, test runner, build, or public package behavior.
74
78
 
75
79
  <!-- mustflow-section: procedure -->
@@ -92,10 +96,19 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
92
96
  10. For Bun bundling and package output, distinguish `bun run build` from direct Bun bundler usage. Confirm script bodies before treating a build as Bun bundling. Choose target and format according to actual consumers; Bun-targeted output is not automatically Node-compatible.
93
97
  11. If Node consumers are supported, do not emit package entrypoints that rely on Bun-only APIs, Bun-only wrappers, or Bun-only module resolution unless the package clearly exposes a Bun-specific entry.
94
98
  12. Treat Bun runtime as Node-compatible, not Node itself. JavaScriptCore, Node API compatibility gaps, native addons, Node internals, worker options, child process IPC, stream/backpressure, crypto/FIPS, watch behavior, Prisma CLI, sharp, Playwright, and esbuild all need targeted evidence when touched.
95
- 13. Check shebang and runner behavior. A CLI with `#!/usr/bin/env node` may execute under Node even when launched through Bun. Do not call a path Bun-runtime-verified unless the entrypoint actually ran under Bun.
96
- 14. Use Bun's test runner only when the project intentionally uses it or the task targets Bun. Do not silently migrate Jest or Vitest tests to `bun:test`. Treat mocks, snapshots, preloads, globals, path aliases, coverage, isolation, and parallelism as migration-risk areas.
97
- 15. Do not update Bun snapshots as a generic fix. Snapshot updates require intended output change, diff inspection, and a follow-up run without update mode through configured intents.
98
- 16. Choose configured verification intents that cover typecheck, build, tests, package metadata, package artifact risk, docs examples, Bun runtime behavior, Bun test behavior, and mustflow contract checks when available. Report missing frozen install, Bun runtime, Bun test, declaration, package artifact, native dependency, Node compatibility, Docker, or CI verification.
99
+ 13. For Bun server changes, check idle timeout and long-lived request behavior. Plain `Bun.serve`, Elysia `serve.idleTimeout`, SSE, streaming AI responses, long uploads, downloads, exports, and quiet proxy connections may need explicit timeout policy.
100
+ 14. For WebSocket changes, review `idleTimeout`, `maxPayloadLength`, `backpressureLimit`, `closeOnBackpressureLimit`, compression, and slow-client behavior. A connection opening successfully does not prove memory-safe backpressure behavior.
101
+ 15. For multi-core deployment, distinguish single-process Bun behavior from clustered or multi-worker deployment. Treat `SO_REUSEPORT` and same-port multi-process assumptions as platform-sensitive, especially across Linux, macOS, Windows, containers, and hosting platforms.
102
+ 16. For `Bun.serve({ routes })`, Elysia mounts, native routes, and framework interop, benchmark or test the actual route structure instead of assuming every request uses the same optimized path.
103
+ 17. For `bun build --compile` or single executable output, check target OS, architecture, libc, executable permission, CPU requirements, dynamic files, `.d.ts` or source files used by runtime generators, native addons, and externalized packages.
104
+ 18. Do not assume bundling eliminates `node_modules`. Instrumentation, monkey-patching, native modules, dynamic loading, OpenTelemetry, database drivers, and generated clients may require explicit externals and deployed runtime dependencies.
105
+ 19. Treat minification as an observability decision. Full minify can damage function-name-based tracing, stack readability, and instrumentation. Prefer smaller minification scopes when tracing or production diagnostics depend on names.
106
+ 20. For Docker and platform deploys, verify build context, workspace package copying, final base image, runtime user, executable path, `PORT` environment binding, health checks, signal handling, and reverse proxy expectations.
107
+ 21. Treat benchmarks as workload evidence, not framework marketing. Use a load generator and scenario that are fast enough to drive Bun, and include real handler, serialization, database, TLS, proxy, streaming, or WebSocket paths when those paths changed.
108
+ 22. Check shebang and runner behavior. A CLI with `#!/usr/bin/env node` may execute under Node even when launched through Bun. Do not call a path Bun-runtime-verified unless the entrypoint actually ran under Bun.
109
+ 23. Use Bun's test runner only when the project intentionally uses it or the task targets Bun. Do not silently migrate Jest or Vitest tests to `bun:test`. Treat mocks, snapshots, preloads, globals, path aliases, coverage, isolation, and parallelism as migration-risk areas.
110
+ 24. Do not update Bun snapshots as a generic fix. Snapshot updates require intended output change, diff inspection, and a follow-up run without update mode through configured intents.
111
+ 25. Choose configured verification intents that cover typecheck, build, tests, package metadata, package artifact risk, docs examples, Bun runtime behavior, Bun test behavior, server timeout behavior, WebSocket backpressure, compile artifact behavior, Docker runtime, and mustflow contract checks when available. Report missing frozen install, Bun runtime, Bun test, declaration, package artifact, native dependency, Node compatibility, Docker, or CI verification.
99
112
 
100
113
  <!-- mustflow-section: postconditions -->
101
114
  ## Postconditions
@@ -104,7 +117,7 @@ Preserve Bun's separate roles as runtime, package manager, script runner, test r
104
117
  - Bun lockfile, install, workspace, trust, and lifecycle behavior is aligned with project ownership.
105
118
  - Bun runtime, test, bundler, TypeScript, and declaration claims are not conflated.
106
119
  - Bun-only APIs do not leak into Node, browser, edge, or shared package surfaces unintentionally.
107
- - Native dependency, shebang, Node compatibility, and package consumer risks are handled or reported.
120
+ - Bun server timeout, WebSocket backpressure, clustering, compile target, Docker, PORT, observability, native dependency, shebang, Node compatibility, and package consumer risks are handled or reported.
108
121
 
109
122
  <!-- mustflow-section: verification -->
110
123
  ## Verification
@@ -119,7 +132,7 @@ Use configured oneshot command intents when available:
119
132
  - `test_release`
120
133
  - `mustflow_check`
121
134
 
122
- Report missing frozen install, Bun runtime, Bun test, declaration output, package artifact, Node compatibility, native dependency, CI, Docker, or snapshot review verification intents when those surfaces change.
135
+ Report missing frozen install, Bun runtime, Bun server, WebSocket, compile artifact, Docker, Bun test, declaration output, package artifact, Node compatibility, native dependency, CI, observability, benchmark, or snapshot review verification intents when those surfaces change.
123
136
 
124
137
  <!-- mustflow-section: failure-handling -->
125
138
  ## Failure Handling
@@ -128,6 +141,8 @@ Report missing frozen install, Bun runtime, Bun test, declaration output, packag
128
141
  - If lockfile ownership conflicts, do not run dependency migration or generate a new lockfile unless the task explicitly asks for migration.
129
142
  - If Bun runtime execution succeeds but typecheck or declarations are unverified, report that gap instead of claiming TypeScript correctness.
130
143
  - If a package works under Bun but claims Node support, repair the Node-compatible entry or report the compatibility risk.
144
+ - If a server works locally but has no timeout, backpressure, port, signal, or Docker evidence, report the deployment risk instead of claiming production readiness.
145
+ - If a single executable works on the build machine only, report target CPU, OS, libc, dynamic dependency, and instrumentation gaps.
131
146
  - If a native dependency, lifecycle script, or trusted dependency change cannot be verified, keep the change scoped and report release-sensitive risk.
132
147
 
133
148
  <!-- mustflow-section: output-format -->
@@ -136,7 +151,7 @@ Report missing frozen install, Bun runtime, Bun test, declaration output, packag
136
151
  - Bun role classification
137
152
  - Package manager, lockfile, and trust notes
138
153
  - Runtime, TypeScript, bundler, and test runner notes
139
- - Native, shebang, Node compatibility, or package consumer risks
154
+ - Server timeout, WebSocket, cluster, compile, Docker, observability, benchmark, native, shebang, Node compatibility, or package consumer risks
140
155
  - Files changed
141
156
  - Command intents run
142
157
  - Skipped checks and reasons
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.elysia-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 2
5
+ revision: 3
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: elysia-code-change
9
- description: Apply this skill when Elysia routes, schemas, plugins, decorators, derives, resolves, guards, auth, error handling, OpenAPI output, Eden clients, or Bun server behavior are created or changed.
9
+ description: Apply this skill when Elysia routes, schemas, plugins, decorators, derives, resolves, guards, macros, auth, error handling, OpenAPI or Scalar docs, Eden Treaty clients, streaming, WebSocket, or Bun-backed Elysia server behavior are created, changed, reviewed, or upgraded.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -28,31 +28,34 @@ metadata:
28
28
  <!-- mustflow-section: purpose -->
29
29
  ## Purpose
30
30
 
31
- Preserve Elysia schema-first runtime validation, type inference, plugin, auth, error, OpenAPI, Eden, and Bun runtime boundaries.
31
+ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, error, OpenAPI, Eden Treaty, lifecycle, streaming, and Bun-backed runtime boundaries.
32
32
 
33
33
  <!-- mustflow-section: use-when -->
34
34
  ## Use When
35
35
 
36
- - `new Elysia`, route methods, `t.Object`, request or response schemas, `.use`, `.guard`, `.derive`, `.resolve`, `.decorate`, `.onError`, auth middleware, OpenAPI, Eden, or Bun server tests change.
37
- - The task adds API routes, plugins, validators, error envelopes, authentication, or generated client contracts.
36
+ - `new Elysia`, route methods, `t.Object`, Standard Schema validators, request or response schemas, `.model`, `.use`, `.guard`, `.derive`, `.resolve`, `.decorate`, `.state`, `.macro`, `.onError`, auth middleware, OpenAPI or Scalar docs, Eden Treaty, streaming, WebSocket, or Bun server tests change.
37
+ - The task adds API routes, plugins, validators, error envelopes, authentication, generated client contracts, SDK-facing route paths, runtime deployment settings, or Elysia version-sensitive behavior.
38
38
 
39
39
  <!-- mustflow-section: do-not-use-when -->
40
40
  ## Do Not Use When
41
41
 
42
- - The task only edits framework-free service functions called by Elysia routes; use the relevant language or architecture skill.
42
+ - The task only edits framework-free service functions called by Elysia routes; use the relevant language or architecture skill unless route contracts, schemas, lifecycle hooks, OpenAPI, or Eden types also change.
43
43
  - Another web framework owns the route surface.
44
44
 
45
45
  <!-- mustflow-section: required-inputs -->
46
46
  ## Required Inputs
47
47
 
48
- - Package metadata, Bun lockfile if present, TypeScript config, server entrypoint, route modules, plugin modules, schema/model files, auth/session files, error handling, OpenAPI config, Eden client exports, and tests.
48
+ - Package metadata, Bun lockfile if present, TypeScript config, server entrypoint, route modules, plugin modules, schema/model files, auth/session files, cookie and CORS config, error handling, OpenAPI config, Eden client exports, streaming and WebSocket config, deployment config, and tests.
49
49
  - Existing response envelope, status-code contract, and strict TypeScript policy.
50
+ - Current Elysia and plugin version evidence when the task depends on release-specific behavior. Refresh official package or vendor sources before preserving exact "latest" claims.
50
51
 
51
52
  <!-- mustflow-section: preconditions -->
52
53
  ## Preconditions
53
54
 
54
55
  - Identify whether schema is the source of truth for runtime validation and type inference.
55
56
  - Inventory method, path, params, query, headers, cookies, body, response statuses, auth, and plugin/decorator dependencies.
57
+ - Identify whether the public client contract is Eden Treaty, OpenAPI JSON, generated SDKs, or a mix. Eden uses `typeof app`; OpenAPI SDKs use the OpenAPI document.
58
+ - Identify whether Bun runtime deployment details are in scope. If so, apply `bun-code-change` for Bun-specific runtime, compile, package manager, and deploy risks.
56
59
 
57
60
  <!-- mustflow-section: allowed-edits -->
58
61
  ## Allowed Edits
@@ -60,33 +63,78 @@ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, e
60
63
  - Define request and response schemas with the route.
61
64
  - Keep framework context at the route boundary and move only framework-free business logic into services.
62
65
  - Preserve plugin, decorator, derive, resolve, and store inference through Elysia chaining.
66
+ - Preserve method chaining or return typed Elysia plugin instances so `typeof app`, decorators, schemas, and lifecycle additions remain visible to Eden and tests.
63
67
  - Use `.derive` only for intentional pre-validation context shaping. Use `.resolve` by default for auth, session, user, tenant, permission, or other request-derived values that depend on validated headers, body, query, or params.
64
- - Keep OpenAPI and Eden clients aligned with route schemas when present.
68
+ - Keep OpenAPI and Eden Treaty clients aligned with route schemas when present.
69
+ - Use `model()` or named schema references for reused schemas in larger route sets when it reduces duplicate schema drift and OpenAPI component churn.
70
+ - Keep reusable plugins explicit with `new Elysia({ name, seed })` when lifecycle deduplication, encapsulation, or dependency visibility matters.
65
71
 
66
72
  <!-- mustflow-section: procedure -->
67
73
  ## Procedure
68
74
 
69
- 1. Read server entry, routes, plugins, schemas, auth, error handling, OpenAPI, Eden exports, and tests.
75
+ 1. Read server entry, routes, plugins, schemas, auth, cookies, CORS, error handling, OpenAPI, Eden exports, runtime deployment config, and tests.
70
76
  2. Build a route inventory for the changed surface.
71
- 3. Add or update schemas for every external input and meaningful response status.
72
- 4. Do not annotate handlers with broad `any`, duplicated manual interfaces, or imported `Context` types that erase inference.
73
- 5. Keep request-specific state out of module-level mutable globals.
74
- 6. For request-derived context, choose the lifecycle hook by validation dependency:
77
+ 3. Treat route schema as the primary contract for runtime validation, TypeScript inference, OpenAPI, and Eden. Avoid duplicating request and response contracts as separate TypeScript interfaces unless a clear external boundary requires it.
78
+ 4. Add or update schemas for every external input and meaningful response status, including non-2xx statuses.
79
+ 5. For URL and header inputs, remember that params, query, and headers arrive as HTTP strings:
80
+ - use lower-case header schema keys;
81
+ - use explicit numeric or boolean coercion schemas such as `t.Numeric()` where the route expects converted URL values;
82
+ - use array schemas for query arrays instead of relying on caller convention;
83
+ - distinguish `t.Optional` around an input object from optional properties inside the object.
84
+ 6. For file uploads, distinguish `t.File()` behavior from Standard Schema file validation. If using Zod, Valibot, or another Standard Schema, require explicit JSON Schema or file magic-number mapping when OpenAPI or runtime file validation depends on it.
85
+ 7. Check body parser ownership. For webhook verifiers, tRPC, oRPC, proxy, or raw-body endpoints, require an explicit raw-body or `parse: 'none'` design instead of letting schema inference consume the request body first.
86
+ 8. Reject GET or HEAD bodies as portable public API contracts unless the repository has an explicit non-portable exception. Use query contracts or a POST search/action endpoint instead.
87
+ 9. Do not annotate handlers with broad `any`, duplicated manual interfaces, or imported `Context` types that erase inference. Keep Elysia context at the route boundary and pass only validated values into services.
88
+ 10. Keep request-specific state out of module-level mutable globals, `.store`, and `.decorate`. Use validated `.resolve` or handler context for user, session, tenant, request id, or permission data.
89
+ 11. For request-derived context, choose the lifecycle hook by validation dependency:
75
90
  - use `.derive` only when transforming raw request context before validation is intentional;
76
91
  - use `.guard()` to apply schema and auth-related validation around a route group;
77
92
  - use `.resolve()` inside the validated chain for user, session, tenant, permission, or other values that depend on validated input;
78
93
  - check the order between `.resolve()` and `beforeHandle` before relying on a value in an auth or permission hook.
79
- 7. Centralize expected error envelope and auth failure behavior.
80
- 8. If OpenAPI or Eden is used, confirm the generated contract follows the schema change.
81
- 9. Choose configured verification intents that cover types, server boot, route happy path, validation failure, auth failure, OpenAPI, and Eden inference when available.
94
+ 12. Check lifecycle scope and registration order:
95
+ - hooks generally affect routes registered after them;
96
+ - plugin lifecycle is local unless scoped or global behavior is explicitly chosen;
97
+ - `global` scope should be reserved for true app-wide policy, not hidden feature dependencies;
98
+ - async or lazy plugins may require tests to wait for registered modules before asserting routes.
99
+ 13. Treat macros as public route-option APIs. Review their schema, lifecycle, OpenAPI, type-inference, dedupe, and error-response effects before adding or changing macro options.
100
+ 14. Centralize expected error envelope and auth failure behavior. Prefer typed `status(...)` return paths for expected route failures when Eden or OpenAPI clients need status-specific types; use `throw status(...)` intentionally when `onError` logging or transformation must run.
101
+ 15. Register custom errors and map unknown errors deliberately. Avoid collapsing business, auth, validation, upstream, and server bugs into one unknown 500.
102
+ 16. Review security defaults and exposure:
103
+ - configure CORS origins and credential behavior explicitly;
104
+ - protect or intentionally expose `/openapi`, `/openapi/json`, Scalar or Swagger UI routes;
105
+ - do not treat `detail.hide` as access control;
106
+ - sign and secure session cookies where applicable;
107
+ - avoid production validation details that leak schema internals.
108
+ 17. Review OpenAPI separately from docs UI:
109
+ - the official Elysia OpenAPI plugin and its docs UI provider are not the same thing as the raw OpenAPI document;
110
+ - confirm the raw OpenAPI JSON path, UI provider, and access policy before telling SDK consumers where to read the spec;
111
+ - if `fromTypes()` or type generation is used, verify production and bundled builds can still read the required `.d.ts`, `projectRoot`, and `tsconfigPath`;
112
+ - if Standard Schema is used, verify `mapJsonSchema` or equivalent JSON Schema mapping rather than assuming OpenAPI output is complete;
113
+ - remember `withHeader()` documents response headers; it does not enforce that the runtime sets them.
114
+ 18. Review Eden Treaty separately from OpenAPI codegen:
115
+ - export `type App = typeof app` from the server boundary;
116
+ - keep frontend imports type-only so server runtime code does not enter client bundles;
117
+ - keep server and client Elysia versions and strict TypeScript settings aligned;
118
+ - treat route path shape as SDK surface;
119
+ - handle Treaty `error` before assuming `data` is non-null;
120
+ - centralize auth headers in Treaty config or request hooks;
121
+ - split public, admin, internal, WebSocket, and streaming surfaces when one giant `App` type would expose too much or slow typechecking.
122
+ 19. Review routing semantics:
123
+ - static, dynamic, wildcard, optional, group, guard, prefix, mount, and `all()` behavior affect auth, cache, generated clients, and tests;
124
+ - auto HEAD behavior, explicit HEAD routes, range responses, SSE, and stream headers need separate verification when relevant;
125
+ - avoid `all()` unless accepting every method is the intended public contract.
126
+ 20. If Bun-backed runtime behavior changes, also review Elysia production settings that affect idle timeout, WebSocket backpressure, clustering, compile targets, port binding, Docker build context, and observability. Use `bun-code-change` for Bun-specific edits.
127
+ 21. Choose configured verification intents that cover types, server boot, route happy path, validation failure, auth failure, OpenAPI JSON, Eden inference, streaming/WebSocket behavior, and deployment config when available.
82
128
 
83
129
  <!-- mustflow-section: postconditions -->
84
130
  ## Postconditions
85
131
 
86
132
  - Schemas, runtime validation, and inferred types remain one contract.
87
133
  - Error and auth responses are consistent.
88
- - OpenAPI and Eden impact is known.
89
- - No route relies on unvalidated input, pre-validation auth context, or erased context types.
134
+ - OpenAPI docs UI, raw OpenAPI JSON, generated SDK, and Eden Treaty impact is known and not conflated.
135
+ - No route relies on unvalidated input, pre-validation auth context, request-specific global state, or erased context types.
136
+ - Plugin scope, hook order, macro behavior, and public route path shape are deliberate.
137
+ - Runtime, streaming, WebSocket, or deploy-specific Elysia/Bun risks are handled or reported.
90
138
 
91
139
  <!-- mustflow-section: verification -->
92
140
  ## Verification
@@ -100,7 +148,7 @@ Use configured oneshot command intents when available:
100
148
  - `docs_validate_fast`
101
149
  - `mustflow_check`
102
150
 
103
- Report missing route, OpenAPI, or Eden verification intents when relevant.
151
+ Report missing route, OpenAPI JSON, Eden Treaty, streaming, WebSocket, security, Docker, deploy, or runtime verification intents when relevant.
104
152
 
105
153
  <!-- mustflow-section: failure-handling -->
106
154
  ## Failure Handling
@@ -108,6 +156,10 @@ Report missing route, OpenAPI, or Eden verification intents when relevant.
108
156
  - If schema and manual types diverge, make schema the source of truth or report the competing contract.
109
157
  - If plugin inference breaks after extraction, return context-sensitive code to the Elysia chain or narrow the extraction.
110
158
  - If auth or session state is derived before validation through `.derive`, move it to a validated `.guard()` plus `.resolve()` chain or report the validation-order risk.
159
+ - If OpenAPI output looks correct only in development, inspect type generation inputs and production or bundled artifact availability before trusting generated SDKs.
160
+ - If `detail.hide` is used for sensitive routes, add real access control or report the exposure risk.
161
+ - If Eden types require importing server runtime into a frontend bundle, split type-only exports or report the bundling risk.
162
+ - If streaming, WebSocket, or long-lived request behavior is touched without timeout or backpressure evidence, report the operational risk.
111
163
  - If auth behavior is unclear, stop the route change and inspect or request the auth contract.
112
164
 
113
165
  <!-- mustflow-section: output-format -->
@@ -115,7 +167,9 @@ Report missing route, OpenAPI, or Eden verification intents when relevant.
115
167
 
116
168
  - Boundary checked
117
169
  - Schema and type inference notes
118
- - Auth, error, OpenAPI, or Eden impact
170
+ - Lifecycle, plugin, macro, auth, and error notes
171
+ - OpenAPI, Scalar or Swagger UI, generated SDK, and Eden Treaty impact
172
+ - Bun-backed runtime, streaming, WebSocket, or deployment notes
119
173
  - Files changed
120
174
  - Command intents run
121
175
  - Skipped checks and reasons
@@ -0,0 +1,272 @@
1
+ ---
2
+ mustflow_doc: skill.godot-code-change
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: godot-code-change
9
+ description: Apply this skill when Godot projects, scenes, nodes, GDScript, C# scripts, Resources, Autoloads, signals, groups, save/load systems, rendering, physics, UI, input, exports, plugins, editor tools, or Godot version migrations are created, changed, reviewed, or upgraded.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.godot-code-change
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - mustflow_check
24
+ ---
25
+
26
+ # Godot Code Change
27
+
28
+ <!-- mustflow-section: purpose -->
29
+ ## Purpose
30
+
31
+ Preserve Godot scene ownership, node lifecycle, Resource sharing, Autoload boundaries, signal flow,
32
+ save/load integrity, rendering budgets, physics stability, export behavior, and version migration
33
+ assumptions while making focused game or editor-tool changes.
34
+
35
+ Godot work is not "script changes plus some scenes". Many failures come from scene-tree coupling,
36
+ shared Resources mutated as instance state, Autoloads used as global storage, hidden signal
37
+ connections, per-frame tree searches, blocking loads, save files written into `res://`, or renderer
38
+ settings changed without profiling evidence.
39
+
40
+ <!-- mustflow-section: use-when -->
41
+ ## Use When
42
+
43
+ - `project.godot`, `.tscn`, `.tres`, `.res`, `.gd`, `.gdshader`, `.cs`, export presets, addons,
44
+ editor plugins, import settings, input maps, autoloads, groups, scenes, nodes, Resources, or
45
+ Godot-specific tests change.
46
+ - Scene composition, ownership, instancing, inherited scenes, node paths, unique names, exported
47
+ NodePath references, groups, signals, tweens, animations, UI Controls, Containers, camera,
48
+ rendering, physics, input, save/load, or export templates are created, changed, reviewed, or
49
+ upgraded.
50
+ - GDScript typing, `await`, signals, callables, `@onready`, `@export`, `ResourceLoader`,
51
+ `ResourceSaver`, `FileAccess`, `DirAccess`, `ConfigFile`, threaded loading, or Autoload behavior
52
+ affects runtime paths.
53
+ - A Godot 3.x to 4.x migration, Godot 4.x minor upgrade, renderer change, platform export change,
54
+ mobile/XR/input change, or plugin compatibility change is part of the task.
55
+
56
+ <!-- mustflow-section: do-not-use-when -->
57
+ ## Do Not Use When
58
+
59
+ - The repository does not use Godot and only changes general assets, docs, or game design prose.
60
+ - Generic C#, Rust, C++, JavaScript, or shader code changes have no Godot scene, resource, engine,
61
+ export, editor, or runtime lifecycle effect; use the matching language or asset skill instead.
62
+ - The task only updates external version prose; use source-freshness guidance unless this procedure
63
+ itself changes.
64
+ - Generated import files, caches, exported builds, or `.godot/` state should be regenerated by a
65
+ declared command rather than edited.
66
+
67
+ <!-- mustflow-section: required-inputs -->
68
+ ## Required Inputs
69
+
70
+ - Godot version, renderer, platform targets, export presets, project settings, input map, autoload
71
+ list, addon/plugin list, script language mix, and relevant official docs for the version in use.
72
+ - Scene ledger: entry scene, affected `.tscn` files, node ownership, instanced scenes, inherited
73
+ scenes, unique names, NodePaths, groups, signals, animation players, tweens, UI Containers,
74
+ physics nodes, cameras, lights, materials, Resources, and save/load participants.
75
+ - Runtime ledger: `_ready`, `_enter_tree`, `_exit_tree`, `_process`, `_physics_process`, input
76
+ callbacks, threaded loading, timers, deferred calls, scene transitions, queue/free behavior, and
77
+ profiler or frame-time evidence when performance is claimed.
78
+ - Data ledger: user data paths, save schema version, migration path, atomic write strategy,
79
+ Resource cache behavior, config defaults, validation rules, and untrusted file boundaries.
80
+ - Configured verification intents.
81
+
82
+ <!-- mustflow-section: preconditions -->
83
+ ## Preconditions
84
+
85
+ - Read project settings, affected scenes, scripts, Resources, autoload declarations, export presets,
86
+ and tests before editing.
87
+ - Identify the Godot major/minor version before applying version-specific syntax, migration, or
88
+ export guidance. Do not mix stable docs for one branch, latest docs for another branch, and blog
89
+ examples as if they were one source.
90
+ - Apply language-specific skills alongside this skill when C#, C++, Rust/GDExtension, shader, or
91
+ package/tooling behavior changes outside the Godot boundary.
92
+ - Apply security, data, performance, UI, accessibility, or release skills when the change touches
93
+ save-file trust, networked games, monetized state, rendering budgets, UI behavior, or export
94
+ artifacts.
95
+
96
+ <!-- mustflow-section: allowed-edits -->
97
+ ## Allowed Edits
98
+
99
+ - Keep scenes independently instantiable where practical. Parent nodes may coordinate children, but
100
+ child scenes should not hard-code distant parents, sibling internals, or `/root/Main` paths.
101
+ - Keep nodes for objects with lifecycle, transforms, notifications, or scene-tree behavior. Use
102
+ Resources, RefCounted, plain data, or DTOs for definitions and serializable state.
103
+ - Keep Autoloads limited to true process-wide services such as scene transition, save service,
104
+ audio bus control, settings, telemetry facade, or platform integration.
105
+ - Keep runtime-mutated Resources duplicated, local-to-scene, or separated from authoring data.
106
+ - Keep user-writable data under `user://`, not `res://`.
107
+ - Keep version-specific guidance behind a version gate and omit durable exact "latest" claims unless
108
+ refreshed from official sources.
109
+
110
+ <!-- mustflow-section: procedure -->
111
+ ## Procedure
112
+
113
+ 1. Read the Godot version, renderer, export targets, project settings, autoload declarations, input
114
+ map, addon list, affected scenes, scripts, Resources, shaders, import/export files, and tests.
115
+ 2. Apply the Version Gate:
116
+ - identify current Godot major/minor version and whether the project is 3.x, 4.x, or in a
117
+ migration window;
118
+ - use official docs for the branch actually in use before applying syntax, API, renderer, export,
119
+ or migration behavior;
120
+ - treat stable docs, latest docs, release notes, blog posts, and pasted upgrade notes as
121
+ different evidence tracks until reconciled;
122
+ - for 4.x projects, check obsolete 3.x habits such as `yield`, stringly signal connections,
123
+ renderer assumptions, old physics behavior, and global singleton patterns before copying code.
124
+ 3. Build a scene and ownership ledger:
125
+ - entry scene, world/UI split, instanced subscenes, inherited scenes, lifecycle owner, cleanup
126
+ owner, injected dependencies, sibling relationships, NodePaths, groups, signals, and public
127
+ scene contract;
128
+ - reject distant relative paths, `/root/Main` reach-through, sibling-to-sibling hard references,
129
+ and child scenes that cannot run or preview outside one parent unless that coupling is
130
+ intentional and documented.
131
+ 4. Review node lifecycle and runtime order:
132
+ - distinguish `_enter_tree`, `_ready`, `_exit_tree`, `_process`, `_physics_process`, input
133
+ callbacks, timers, deferred calls, and scene transition timing;
134
+ - do not assume a new scene is immediately ready after `change_scene_to_*`;
135
+ - remember that `queue_free()` is deferred deletion, `remove_child()` is detachment, and
136
+ `replace_by()` does not automatically free the old node.
137
+ 5. Review signals, groups, and flow visibility:
138
+ - use signals for events, not hidden remote commands;
139
+ - avoid duplicate connections on scene re-entry and lambdas that cannot be disconnected when
140
+ lifecycle requires cleanup;
141
+ - prefer typed signal/callable patterns for maintained 4.x code;
142
+ - treat `call_group` and `set_group` as broad broadcasts that can stutter when used on many
143
+ nodes; chunk, defer, or queue high-volume work.
144
+ 6. Review Autoload and global state:
145
+ - keep Autoload APIs narrow and service-like;
146
+ - avoid putting player health, enemy state, UI control state, per-level state, or transient
147
+ request data into globals;
148
+ - do not free Autoloads during normal runtime;
149
+ - ensure scene transitions through an Autoload have an explicit ordering contract.
150
+ 7. Review Resources and serialized data:
151
+ - remember that path-loaded Resources are cached shared references;
152
+ - never mutate authoring Resources as per-instance runtime state unless they are duplicated or
153
+ local-to-scene by design;
154
+ - keep item definitions, tuning tables, materials, and animation data separate from player save
155
+ state;
156
+ - avoid using instance overrides as an untracked data-management system.
157
+ 8. Review GDScript and language boundaries:
158
+ - use static typing on long-lived gameplay systems, save DTOs, inventory, combat math, settings,
159
+ networking, and scene-transition managers;
160
+ - avoid per-frame `find_child`, `find_children`, and `find_parent`; cache references with
161
+ `@onready`, unique names, exported references, or dependency injection;
162
+ - use `_process` only for per-frame behavior, `_physics_process` for fixed-step physics, and
163
+ input callbacks for input events.
164
+ 9. Review save/load, config, and file I/O:
165
+ - save state snapshots, not raw node trees;
166
+ - write user data to `user://`;
167
+ - put schema, game/content version, slot id, timestamps, and migration path at the save root;
168
+ - use atomic temp, backup, validate, rename style writes when save loss matters;
169
+ - treat JSON as readable but type-weak; validate parsed data;
170
+ - avoid object deserialization from untrusted files, especially object-enabled Variant loading;
171
+ - use `ConfigFile` for settings, with defaults, validation, apply, and batched save behavior.
172
+ 10. Review loading, threads, and deferred work:
173
+ - use threaded resource requests with status polling before getting the loaded resource;
174
+ - avoid calling blocking loads during gameplay spikes or UI opening;
175
+ - do not touch active SceneTree nodes directly from background threads; use deferred calls or a
176
+ main-thread handoff;
177
+ - guard shared data with a clear ownership or mutex policy.
178
+ 11. Review rendering, UI, physics, and input:
179
+ - require profiler or frame-time evidence before accepting performance claims;
180
+ - for 3D, check visibility ranges, occlusion, HLOD/LOD, far plane, light counts, shadows,
181
+ materials, shader variants, particles, MultiMesh usage, and camera cost;
182
+ - for 2D, check draw calls, canvas layers, custom drawing invalidation, particles, tilemaps,
183
+ collision shapes, and physics tick stability;
184
+ - for UI, keep Container layout separate from animation transforms and avoid wrapper-node
185
+ sprawl when the current version has a cleaner Control transform path;
186
+ - for mobile/gamepad/XR, check input mode, focus loss, virtual controls, safe areas, and export
187
+ target behavior.
188
+ 12. Review export and plugin surfaces:
189
+ - keep export presets, export templates, platform architectures, signing, permissions, splash,
190
+ icon, native plugin, GDExtension, and addon compatibility explicit;
191
+ - do not edit generated imports, cache state, or exported binaries as source;
192
+ - verify release-sensitive export changes with configured package/release checks when available.
193
+ 13. Choose configured verification intents that cover scene loading, script parsing/type checks,
194
+ save/load migration, settings validation, scene transitions, rendering smoke, physics/input
195
+ behavior, export metadata, and package/template sync when available.
196
+
197
+ <!-- mustflow-section: rejection-criteria -->
198
+ ## Review Rejection Criteria
199
+
200
+ Reject or revise a change when:
201
+
202
+ - Godot 3.x syntax, signals, renderer, physics, or singleton patterns are applied to a 4.x project
203
+ without checking the project version.
204
+ - A subscene reaches distant parents, siblings, or `/root/Main` instead of receiving dependencies
205
+ through its parent, exported references, groups, or a service boundary.
206
+ - Autoload becomes a catch-all for gameplay, UI, level, save, and platform state.
207
+ - Runtime code mutates shared authoring Resources as if each instance owns a copy.
208
+ - Save files are written under `res://`, lack a schema version, or deserialize trusted objects from
209
+ user-controlled data.
210
+ - `_process` performs tree searches, heavy polling, loading, group broadcasts, or work that belongs
211
+ in input callbacks, timers, or cached references.
212
+ - Threads touch live SceneTree nodes directly.
213
+ - Scene transition code assumes old and new scenes are available synchronously after the transition
214
+ call.
215
+ - Rendering, physics, or memory changes claim performance wins without profiler, frame-time, or
216
+ target-device evidence.
217
+ - Export preset or platform changes omit target architecture, signing, permission, template, or
218
+ native-plugin impact.
219
+
220
+ <!-- mustflow-section: postconditions -->
221
+ ## Postconditions
222
+
223
+ - Scene ownership, node lifecycle, signals, groups, Autoloads, Resources, save/load, config,
224
+ rendering, physics, input, export, and version assumptions are intentional and reported.
225
+ - Runtime-mutated state is separated from authoring Resources and process-wide services.
226
+ - User-writable files, migrations, atomic writes, and untrusted data boundaries are explicit.
227
+ - Version-specific guidance is refreshed from official sources for the project version or omitted
228
+ from durable claims.
229
+ - Missing scene, save/load, rendering, physics, input, export, or target-device verification is
230
+ reported.
231
+
232
+ <!-- mustflow-section: verification -->
233
+ ## Verification
234
+
235
+ Use configured oneshot command intents when available:
236
+
237
+ - `lint`
238
+ - `build`
239
+ - `test_related`
240
+ - `test`
241
+ - `docs_validate_fast`
242
+ - `mustflow_check`
243
+
244
+ Report missing Godot editor import, script parse, scene load, save migration, renderer smoke,
245
+ physics/input, export preset, target-device, or release verification intents when relevant.
246
+
247
+ <!-- mustflow-section: failure-handling -->
248
+ ## Failure Handling
249
+
250
+ - If scene behavior is unclear, build the scene and ownership ledger before changing scripts.
251
+ - If runtime errors mention missing nodes, inspect NodePaths, unique names, scene instancing,
252
+ lifecycle order, and scene transition timing before adding broader globals.
253
+ - If shared data changes leak across instances, inspect Resource cache, duplication, local-to-scene,
254
+ instance overrides, and authored-versus-runtime state separation.
255
+ - If save/load fails, inspect path choice, schema version, migration, parse errors, type validation,
256
+ atomic write behavior, and untrusted object deserialization.
257
+ - If performance cannot be measured by configured intents, report the missing profiler, scene-load,
258
+ target-device, or export-smoke coverage instead of claiming a performance fix.
259
+ - If official source freshness cannot be checked for a version, release, migration, or export claim,
260
+ omit the claim from durable skill text and report it as unverified snapshot context.
261
+
262
+ <!-- mustflow-section: output-format -->
263
+ ## Output Format
264
+
265
+ - Boundary checked
266
+ - Godot version, renderer, scene, node, signal, Resource, Autoload, and lifecycle notes
267
+ - Save/load, config, file I/O, threaded loading, and untrusted data notes
268
+ - Rendering, physics, UI, input, export, plugin, and target-platform notes
269
+ - Files changed
270
+ - Command intents run
271
+ - Skipped checks and reasons
272
+ - Remaining Godot risk