mustflow 2.107.1 → 2.107.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. package/README.md +6 -1
  2. package/dist/cli/commands/init.js +49 -1
  3. package/dist/cli/commands/run/execution.js +7 -0
  4. package/dist/cli/commands/run/executor.js +7 -0
  5. package/dist/cli/commands/verify.js +14 -0
  6. package/dist/cli/commands/workspace.js +106 -16
  7. package/dist/cli/i18n/en.js +6 -1
  8. package/dist/cli/i18n/es.js +6 -1
  9. package/dist/cli/i18n/fr.js +6 -1
  10. package/dist/cli/i18n/hi.js +6 -1
  11. package/dist/cli/i18n/ko.js +6 -1
  12. package/dist/cli/i18n/zh.js +6 -1
  13. package/dist/cli/index.js +8 -0
  14. package/dist/cli/lib/agent-context.js +7 -0
  15. package/dist/cli/lib/repo-map.js +14 -0
  16. package/dist/cli/lib/run-plan.js +7 -0
  17. package/dist/core/change-verification.js +7 -0
  18. package/dist/core/verification-scheduler.js +7 -0
  19. package/package.json +1 -1
  20. package/schemas/README.md +3 -3
  21. package/schemas/workspace-status.schema.json +4 -2
  22. package/templates/default/common/.mustflow/config/mustflow.toml +3 -3
  23. package/templates/default/i18n.toml +19 -1
  24. package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +4 -3
  25. package/templates/default/locales/en/.mustflow/skills/INDEX.md +11 -0
  26. package/templates/default/locales/en/.mustflow/skills/cli-option-contract-review/SKILL.md +147 -0
  27. package/templates/default/locales/en/.mustflow/skills/routes.toml +18 -0
  28. package/templates/default/locales/en/.mustflow/skills/third-party-api-integration-review/SKILL.md +188 -0
  29. package/templates/default/locales/en/.mustflow/skills/website-task-friction-review/SKILL.md +139 -0
  30. package/templates/default/manifest.toml +18 -1
@@ -232,6 +232,13 @@ function readMustflowConfig(projectRoot) {
232
232
  return {};
233
233
  }
234
234
  }
235
+ /**
236
+ * mf:anchor cli.repo-map.config
237
+ * purpose: Resolve repository-map and workspace discovery settings from mustflow configuration.
238
+ * search: repo map config, priority paths, anchor files, workspace roots, include nested
239
+ * invariant: Map and workspace settings shape navigation only and do not create command authority.
240
+ * risk: config
241
+ */
235
242
  export function getRepoMapConfig(projectRoot) {
236
243
  const parsed = readMustflowConfig(projectRoot);
237
244
  const configuredPriorityPaths = [...getStringArray(parsed.read_order), ...getStringArray(parsed.optional_read_order)];
@@ -266,6 +273,13 @@ function classifyGitLsFilesFailure(result) {
266
273
  }
267
274
  return 'error';
268
275
  }
276
+ /**
277
+ * mf:anchor cli.repo-map.git-file-discovery
278
+ * purpose: Read tracked files for repository-map fingerprints and anchor discovery with bounded git execution.
279
+ * search: git ls-files, repo map fingerprint, tracked files, timeout, max buffer
280
+ * invariant: Git discovery failures produce status metadata instead of falling back to unbounded filesystem scans.
281
+ * risk: config, state
282
+ */
269
283
  export function discoverGitFilesForRepoMap(projectRoot, options = {}) {
270
284
  const spawnGit = options.spawnGit ?? spawnGitLsFiles;
271
285
  const result = spawnGit('git', ['ls-files', '-z'], {
@@ -206,6 +206,13 @@ function createBlockedRunPlan(contract, intentName, intent, eligibility, reasonC
206
206
  staleActiveLocks: [],
207
207
  };
208
208
  }
209
+ /**
210
+ * mf:anchor cli.run-plan.eligibility
211
+ * purpose: Convert a command intent contract into a runnable or blocked execution plan.
212
+ * search: run plan, command intent, agent_allowed, cwd safety, output limits, approval gate
213
+ * invariant: A runnable plan exists only after intent eligibility, approvals, cwd, timeout, and command source checks pass.
214
+ * risk: config, security, state
215
+ */
209
216
  export function createRunPlan(projectRoot, contract, intentName, options = {}) {
210
217
  const rawIntent = contract.intents[intentName];
211
218
  const eligibility = evaluateCommandIntentEligibility(intentName, rawIntent);
@@ -324,6 +324,13 @@ function gapForRequirement(requirement, candidates) {
324
324
  detail: `No runnable command intents cover required_after = "${requirement.reason}".`,
325
325
  };
326
326
  }
327
+ /**
328
+ * mf:anchor core.verification.change-report
329
+ * purpose: Turn changed-file classification into verification requirements, candidates, gaps, and a scheduled intent plan.
330
+ * search: verification report, required_after, selected intents, gaps, test selection
331
+ * invariant: Selected verification intents must come from configured command-contract coverage and declared test selection.
332
+ * risk: config, data_consistency
333
+ */
327
334
  export function createChangeVerificationReport(classificationReport, commandContract, projectRoot) {
328
335
  const testSelectionPlan = createProjectTestSelectionPlan(projectRoot, classificationReport, commandContract);
329
336
  const requirements = classificationReport.summary.validationReasons.map((reason) => createVerificationRequirement(classificationReport, reason));
@@ -137,6 +137,13 @@ function addEntryToBatches(batches, batchEntries, entry) {
137
137
  locks: entry.locks,
138
138
  });
139
139
  }
140
+ /**
141
+ * mf:anchor core.verification.schedule-locks
142
+ * purpose: Order selected verification intents by command-effect locks and undeclared-write risk.
143
+ * search: verification schedule, command effects, locks, parallel eligible, undeclared writes
144
+ * invariant: Intents without explicit compatible effects or with recent undeclared writes stay serial-only.
145
+ * risk: config, state
146
+ */
140
147
  export function createVerificationSchedule(projectRoot, commandContract, candidates) {
141
148
  const latestUndeclaredWriteIntents = readLatestUndeclaredWriteIntents(projectRoot);
142
149
  const runnableIntents = uniqueSorted(candidates
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mustflow",
3
- "version": "2.107.1",
3
+ "version": "2.107.9",
4
4
  "description": "Agent workflow documents and CLI for mustflow repository roots.",
5
5
  "type": "module",
6
6
  "license": "MIT-0",
package/schemas/README.md CHANGED
@@ -39,9 +39,9 @@ Current schemas:
39
39
  - `evidence-report.schema.json`: output of `mf evidence --changed --json`, containing verification
40
40
  requirements, risk-priced evidence assessment, latest bounded evidence, failure replay capsules,
41
41
  conflict ledgers, receipts, remaining risks, and gaps without running commands
42
- - `workspace-status.schema.json`: output of `mf workspace status --json`, containing configured
43
- workspace roots, discovered nested repositories, and per-root command-contract readiness without
44
- granting command authority
42
+ - `workspace-status.schema.json`: output of `mf workspace status --json` and
43
+ `mf workspace scan --json`, containing configured or ad hoc workspace roots, discovered nested
44
+ repositories, and per-root command-contract readiness without granting command authority
45
45
  - `workspace-command-catalog.schema.json`: output of `mf workspace command-catalog --json`,
46
46
  containing per-root command intent availability, safe `mf run` entrypoints, and no raw command
47
47
  strings
@@ -16,7 +16,7 @@
16
16
  ],
17
17
  "properties": {
18
18
  "schema_version": { "const": "1" },
19
- "command": { "const": "workspace status" },
19
+ "command": { "enum": ["workspace status", "workspace scan"] },
20
20
  "mustflow_root": { "type": "string" },
21
21
  "workspace": {
22
22
  "type": "object",
@@ -65,7 +65,9 @@
65
65
  "type": "array",
66
66
  "items": { "$ref": "#/$defs/repository" }
67
67
  },
68
- "issues": { "$ref": "#/$defs/stringArray" }
68
+ "issues": { "$ref": "#/$defs/stringArray" },
69
+ "projects_dir": { "type": "string" },
70
+ "next_actions": { "$ref": "#/$defs/stringArray" }
69
71
  },
70
72
  "$defs": {
71
73
  "stringArray": {
@@ -34,7 +34,7 @@ project_context = ".mustflow/context/PROJECT.md"
34
34
  output = "REPO_MAP.md"
35
35
  mode = "anchors_only"
36
36
  privacy = "minimal"
37
- include_nested = false
37
+ include_nested = true
38
38
  anchor_files = [
39
39
  "AGENTS.md",
40
40
  "REPO_MAP.md",
@@ -94,8 +94,8 @@ anchor_files = [
94
94
  ]
95
95
 
96
96
  [workspace]
97
- enabled = false
98
- roots = []
97
+ enabled = true
98
+ roots = ["projects"]
99
99
  max_depth = 4
100
100
  max_repositories = 50
101
101
  follow_symlinks = false
@@ -40,7 +40,7 @@ translations.hi = { path = "locales/hi/.mustflow/context/PROJECT.md", source_rev
40
40
  [documents."docs.agent-workflow"]
41
41
  source = "locales/en/.mustflow/docs/agent-workflow.md"
42
42
  source_locale = "en"
43
- revision = 25
43
+ revision = 27
44
44
  translations.ko = { path = "locales/ko/.mustflow/docs/agent-workflow.md", source_revision = 23, status = "needs_review" }
45
45
  translations.zh = { path = "locales/zh/.mustflow/docs/agent-workflow.md", source_revision = 18, status = "needs_review" }
46
46
  translations.es = { path = "locales/es/.mustflow/docs/agent-workflow.md", source_revision = 18, status = "needs_review" }
@@ -167,6 +167,12 @@ source_locale = "en"
167
167
  revision = 1
168
168
  translations = {}
169
169
 
170
+ [documents."skill.third-party-api-integration-review"]
171
+ source = "locales/en/.mustflow/skills/third-party-api-integration-review/SKILL.md"
172
+ source_locale = "en"
173
+ revision = 1
174
+ translations = {}
175
+
170
176
  [documents."skill.api-access-control-review"]
171
177
  source = "locales/en/.mustflow/skills/api-access-control-review/SKILL.md"
172
178
  source_locale = "en"
@@ -323,6 +329,12 @@ source_locale = "en"
323
329
  revision = 1
324
330
  translations = {}
325
331
 
332
+ [documents."skill.website-task-friction-review"]
333
+ source = "locales/en/.mustflow/skills/website-task-friction-review/SKILL.md"
334
+ source_locale = "en"
335
+ revision = 1
336
+ translations = {}
337
+
326
338
  [documents."skill.cache-integrity-review"]
327
339
  source = "locales/en/.mustflow/skills/cache-integrity-review/SKILL.md"
328
340
  source_locale = "en"
@@ -814,6 +826,12 @@ source_locale = "en"
814
826
  revision = 2
815
827
  translations = {}
816
828
 
829
+ [documents."skill.cli-option-contract-review"]
830
+ source = "locales/en/.mustflow/skills/cli-option-contract-review/SKILL.md"
831
+ source_locale = "en"
832
+ revision = 1
833
+ translations = {}
834
+
817
835
  [documents."skill.cli-output-contract-review"]
818
836
  source = "locales/en/.mustflow/skills/cli-output-contract-review/SKILL.md"
819
837
  source_locale = "en"
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: docs.agent-workflow
3
3
  locale: en
4
4
  canonical: true
5
- revision: 25
5
+ revision: 27
6
6
  lifecycle: mustflow-owned
7
7
  authority: workflow-policy
8
8
  ---
@@ -233,12 +233,12 @@ A command intent is eligible for agent use only when all of these are true:
233
233
  - `run_policy = "agent_allowed"`
234
234
  - `stdin = "closed"`
235
235
  - `timeout_seconds` is a positive integer
236
- - A command is declared with `argv`, or with `mode = "shell"` and `cmd`
236
+ - A command is declared with `argv`, or with `mode = "shell"`, `cmd`, and `allow_shell = true`
237
237
  - `cwd` remains inside the current mustflow root
238
238
 
239
239
  `manual_only` is a status for new configurations. `run_policy = "manual_only"` may be read for older configs, but new templates should use `status = "manual_only"` instead.
240
240
 
241
- Prefer `mf run <intent>` so the project receives a concise run record in `.mustflow/state/runs/latest.json`.
241
+ Prefer `mf run <intent>` so the project receives a concise run record in `.mustflow/state/runs/latest.json` and a retained run index in `.mustflow/state/runs/latest.index.json`.
242
242
 
243
243
  Run `mf run` command intents serially. Do not start a second `mf run` while another configured intent is still running. Intents that declare non-empty `writes` are exclusive verification phases; wait for them to finish before running any other `mf run`. This is especially important when an intent rewrites package output such as `dist/`, because the local `mf` executable may load from that output.
244
244
 
@@ -268,6 +268,7 @@ Generated files should be refreshed by tools:
268
268
  - `REPO_MAP.md` through `mf map --write`
269
269
  - `.mustflow/cache/mustflow.sqlite` through `mf index`
270
270
  - `.mustflow/state/runs/latest.json` through `mf run <intent>`
271
+ - `.mustflow/state/runs/latest.index.json` through `mf run <intent>`
271
272
 
272
273
  ## Verification
273
274
 
@@ -106,6 +106,10 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
106
106
  shapes, response shapes, pagination, idempotency, async jobs, versioning, deprecation, rate
107
107
  limits, retry rules, observability, or caller-facing docs need caller-ergonomics and misuse-risk
108
108
  review rather than only schema compatibility.
109
+ - Use `third-party-api-integration-review` as an adjunct when a third-party SDK or external API
110
+ integration needs production-readiness review for auth scopes, sandbox/production separation,
111
+ timeouts, retries, rate limits, idempotency, pagination, webhooks, provider error mapping,
112
+ SDK/API version drift, changelogs, migration guides, observability, or failure-path tests.
109
113
  - Use `http-api-semantics-review` as an adjunct when HTTP method choices, safe/idempotent/cacheable
110
114
  claims, GET/HEAD bodies, OPTIONS or Allow discovery, HTTP QUERY, POST versus PUT URI ownership,
111
115
  PUT replacement, PATCH document formats, DELETE behavior, conditional requests, status codes,
@@ -227,6 +231,10 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
227
231
  sort, Unicode normalization, grapheme-safe truncation, RTL or bidi text, font fallback, pseudo
228
232
  localization, SSR locale, fallback, backend error-code mapping, rich text, export, share, or
229
233
  notification surface review instead of a visible JSX text scan.
234
+ - Use `website-task-friction-review` as an adjunct when a public website, landing page, signup,
235
+ checkout, account, support, navigation, search, form, pricing, consent, or mobile web flow needs
236
+ review for user complaints such as slowness, popups, forced signup, confusing navigation,
237
+ hidden costs, vague errors, dark patterns, weak trust, or missing recovery paths.
230
238
  - Use `react-code-change` as a primary route when React, React DOM, React Server Components,
231
239
  Server Actions, React Compiler, Hooks, Suspense, Actions, forms, refs, context, concurrent
232
240
  rendering, SSR streaming, resource hints, package metadata, or React-related tests are created,
@@ -595,6 +603,7 @@ routes. Event routes stay inactive until their event occurs.
595
603
  | Dependency, package, runtime, framework, tool, command, plugin, service, platform capability, supported-version policy, security patch path, ecosystem maturity claim, maintainer-risk assumption, runtime portability claim, edge or serverless compatibility claim, critical-path library choice, package script, lifecycle hook, binary download, lockfile, audit result, or supply-chain-sensitive dependency surface is assumed, added, removed, imported, invoked, installed, audited, or documented | `.mustflow/skills/dependency-reality-check/SKILL.md` | Assumed dependency or capability, declaration files, version or feature expectation, role criticality, supported-version or end-of-life evidence, patchability expectation, runtime compatibility boundary, maintainer and ecosystem evidence when available, lockfile entry, package script or lifecycle hook, audit or provenance evidence, and relevant command intents | Package metadata, lockfiles, imports, scripts, command contracts, docs, tests, runtime policy notes, portability notes, and reports | unavailable dependency, hallucinated or lookalike package, fragile single-maintainer core dependency, experimental technology in a survival path, unsupported runtime, unclear security patch path, runtime-specific API leakage into core logic, stale version claim, lifecycle script risk, audit suppression, lockfile drift, or install guidance mismatch | `changes_status`, `changes_diff_summary`, `build`, `test_release`, `mustflow_check` | Dependency checked, ecosystem and maintainer-risk boundary reviewed, supported-version, patchability, and runtime-portability boundary reviewed, supply-chain surface reviewed, declarations synchronized, verification, and remaining dependency risk |
596
604
  | Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, TypeScript compiler-track references, Rust release or MSRV references, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, TypeScript compiler track or Rust MSRV/toolchain track when relevant, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, TypeScript RC/nightly/API-track confusion, Rust stable/nightly/MSRV confusion, floating-tag drift, or unverified security/support claim | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Versioned surfaces checked, repository policy and freshness source, selected version track, compatibility classification, TypeScript stable/RC/nightly/API-track and Rust stable/nightly/MSRV split when relevant, approval need, synchronized surfaces, verification, and remaining version-freshness risk |
597
605
  | External systems, protocols, SDKs, databases, webhooks, queues, files, object storage, signed upload or download URLs, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, provider data, or volatile component implementations cross the core boundary or need stable port/adapter translation, change isolation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, reconciliation, security, core-state ownership, vendor portability, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, delivery boundary, internal use case, local port/adapter patterns, provider risk, provider failure policy, core-state ownership risk, vendor portability risk, observability identifier policy, API contract risk, change-isolation ledger, preserved consumer contract, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, response mappers, telemetry mappers, timeout and retry policies, circuit breakers, bulkhead boundaries, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, caller churn from adapter-only changes, framework business-rule leakage, telemetry backend leakage, storage-key leakage, screen-shaped API coupling, pass-through wrapper, SaaS dashboard as truth source, search or analytics policy leakage, queue contract leakage, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, missing circuit breaker, missing bulkhead, unresolved unknown provider outcome, broken identifier propagation, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, change-isolation ledger, preserved consumer contract, delivery adapter responsibility, internal port, provider containment, core-state ownership, vendor portability, validation and mapping, API response mapping, observability identifier flow, timeout/retry/circuit-breaker/bulkhead/idempotency handling, reconciliation behavior, security notes, verification, and remaining provider risk |
606
+ | Third-party SDK or external API integration, review, debugging, upgrade, webhook handling, auth scope change, sandbox or production setup, provider SDK version change, API version migration, rate-limit handling, retry policy, idempotency key usage, pagination, provider error mapping, request id logging, changelog review, deprecation response, or provider operational-readiness test needs production integration review | `.mustflow/skills/third-party-api-integration-review/SKILL.md` | Provider and SDK/API ledger, source-of-truth docs, auth and scope ledger, operation and side-effect ledger, webhook ledger, error and observability ledger, changelog or migration evidence, existing fakes or sandbox tests, and configured command intents | Provider adapters, wrappers, typed request and response models, error mappers, timeout and retry policies, rate-limit handling, idempotency key handling, pagination handling, webhook signature verification and dedupe, redacted observability, sandbox tests, fixtures, runbooks, migration notes, and directly synchronized docs or templates | demo-only integration, stale provider docs, SDK/API drift, sandbox-production mixup, hardcoded secret, overbroad scope, token refresh gap, missing timeout, infinite retry, retrying permanent errors, mutating retry without idempotency, per-attempt idempotency key, 429 retry storm, ignored Retry-After, offset pagination assumption, raw provider error leak, string-only provider error, missing request id, trusted webhook payload, JSON-parsed signature breakage, duplicate webhook side effect, event-order assumption, success redirect as proof, unhandled unknown provider outcome, dashboard-only setting, untested SDK upgrade, or happy-path-only sandbox test | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Third-party integration reviewed, provider source-of-truth and SDK/API version evidence, auth/environment/scope decisions, timeout/retry/rate-limit/idempotency/pagination decisions, webhook delivery and dedupe checks, error and observability mapping, tests or missing evidence, verification, and remaining provider operational risk |
598
607
  | Tauri frontend invokes, Rust commands, capabilities, permissions, scopes, plugins, filesystem, dialog, shell, opener, updater, sidecar, or mobile native permissions are created or changed | `.mustflow/skills/tauri-code-change/SKILL.md` | Frontend call sites, Tauri config, Rust commands, capability and permission files, plugin config, changed files, and command contract entries | Tauri frontend, Rust commands, capabilities, permissions, scopes, plugins, tests, and docs | broad native permission, untrusted IPC input, filesystem escape, shell or updater risk, or WebView/native boundary drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | IPC, permission, scope, filesystem, shell, updater, and native boundary checked, verification, and remaining Tauri risk |
599
608
  | Wails v3 applications, Go services, generated bindings, TypeScript runtime calls, windows, menus, system tray, dialogs, events, frontend bridge payloads, WebView platform behavior, Taskfile or build config, signing, packaging, custom protocols, file associations, server builds, or Wails-related tests are created, changed, reviewed, or upgraded | `.mustflow/skills/wails-code-change/SKILL.md` | Wails version track, Go module and frontend package metadata, generated bindings, app entry point, service/window/event/menu/tray/dialog/build/package evidence, changed files, and command contract entries | Wails app assembly, Go services, frontend bridge calls, generated bindings, windows, events, menus, tray, dialogs, WebView platform behavior, platform packaging, tests, and docs | Electron or Wails v2 migration drift, accidental exported RPC, binding or runtime version drift, shared-service race, unsafe frontend input, oversized bridge payload, event leak or broadcast, WebView platform mismatch, or packaging/signing drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Wails version/app/service/bridge/binding/window/event/menu/tray/dialog/platform packaging notes, verification, and remaining Wails risk |
600
609
  | File path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, clone or checkout destinations, scaffold roots, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, or package artifact paths are created, changed, reviewed, or reported | `.mustflow/skills/file-path-cross-platform-change/SKILL.md` | Path ledger, trust classes, accepted path representation, base root, path helpers, safe filesystem wrappers, clone/checkout/scaffold/install/extract outputs, staging and promotion policy, temp/cache helpers, lock policy, archive policy, upload/download policy, scanner policy, CLI/API/schema/snapshot/generated/package surfaces, platform expectations, failure taxonomy, and command contract entries | Path validators, helpers, wrappers, schemas, CLI/API parsing, snapshots, fixtures, docs, tests, generated-output paths, package artifact paths, clone or scaffold destinations, archive extraction, scanner bounds, temp/cache handling, locks, and cleanup code | path traversal, base containment bypass, drive-relative path bug, reserved-name bug, case-collision bug, Unicode-collision bug, Git checkout path-length failure misreported as network or auth, unsafe archive extraction, non-atomic write claim, stale lock, scanner loop, partial-output cleanup data loss, user-selected destination deletion, path contract drift, or package artifact path drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path contract, path ledger, trust classes, root policy, preflight/staging/promotion decisions, Windows/macOS/Linux/archive/upload/download/scanner/lock/temp/cache/atomic/cleanup decisions, failure taxonomy, synchronized contract surfaces, verification, and remaining path risk |
@@ -620,6 +629,7 @@ routes. Event routes stay inactive until their event occurs.
620
629
  | Frontend UI, design system component, dashboard, form, card, list, table, chart, media slot, modal, drawer, toast, bottom CTA, portal, or responsive surface needs stress-layout review against hostile content, narrow parent containers, async media, skeletons, empty or error states, permission variants, scrollbars, mobile viewport and keyboard behavior, safe areas, line clamps, i18n or RTL, touch input, reduced motion, observer loops, portal edge placement, z-index layers, browser zoom, cascade layers, or reproducible break conditions | `.mustflow/skills/frontend-stress-layout-review/SKILL.md` | User goal, current diff or target files, framework and styling signals, stress fixture ledger, parent container ledger, geometry contract ledger, interaction and state ledger, evidence level, and configured command intents | Stress fixtures, stories, tests, parent-container-aware constraints, container queries, `min-width: 0`, `minmax(0, 1fr)`, `overflow-wrap: anywhere`, reserved media dimensions, `aspect-ratio`, skeleton geometry, empty and error states, permission variants, stable scroll containers, `scrollbar-gutter: stable`, mobile viewport and keyboard constraints, `safe-area-inset-*`, explicit `line-height`, logical properties, touch-accessible affordances, `prefers-reduced-motion`, observer scope, portal placement, z-index tokens, table and chart stress handling, zoom-safe geometry, cascade layer fixes, and directly synchronized docs or templates | happy-path fixture blindness, parent-width overflow, flex or grid min-content blowout, unbroken text overflow, async media or font layout shift, skeleton mismatch, collapsed empty state, error-state overlap, permission action wrapping, late `display: none` layout jump, scrollbar width wrap, fragile `100vh`, keyboard-covered CTA, unsafe-area overlap, line-clamp/action collision, localization or RTL breakage, hover-only control, layout-affecting hover or animation, ResizeObserver loop, clipped portal, z-index arms race, unusable wide table, chart zero-width mount, browser zoom clipping, CSS specificity loss, or vague non-reproducible visual complaint | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend stress layout reviewed, stress fixture and parent-container ledgers, reproducible break conditions, fixes or recommendation, evidence level, verification, and remaining stress-layout risk |
621
630
  | Frontend UI, design-system component, form, dialog, menu, tab, combobox, custom select, table, card, media, icon button, image, toast, live update, drag interaction, focus style, keyboard handler, `onClick`, `role`, `tabIndex`, `aria-*`, `alt`, hidden content, visually hidden text, or automated accessibility claim needs accessibility-tree review for native semantics, accessible names, visible label consistency, keyboard navigation, focus order and return, forms, errors, status messages, ARIA references, icon or image alternatives, custom widget contracts, non-text contrast, target size, drag alternatives, or a11y evidence limits | `.mustflow/skills/frontend-accessibility-tree-review/SKILL.md` | User goal, current diff or target files, framework and component-library signals, semantic ledger, keyboard ledger, assistive-technology ledger, form ledger, interaction ledger, evidence level, and configured command intents | Native HTML element selection, button/link semantics, `href` cleanup, keyboard parity, tabindex cleanup, focus-visible styling, obscured focus fixes, dialog focus management, icon-only accessible names, visible-label-aligned names, `aria-labelledby` and `aria-describedby` id references, `aria-hidden` cleanup, SVG icon defaults, image `alt`, label and fieldset wiring, `aria-invalid`, error descriptions, submit-failure focus, live regions, ARIA pattern keyboard behavior, custom select constraints, non-text contrast, target-size fixes, drag alternatives, focused tests, accessibility snapshots, and directly synchronized docs or templates | ARIA costume over broken semantics, clickable div, fake link, `href="#"`, missing Enter or Space behavior, tabIndex sprawl, positive tabindex, invisible focus, focus hidden behind sticky layers, modal focus leak, unnamed icon button, visible text fighting `aria-label`, broken `aria-labelledby`, interactive child hidden by `aria-hidden`, duplicate SVG announcement, useless image alt, placeholder-only field, missing legend, color-only error, disconnected error text, submit failure silence, unannounced async status, menu or combobox keyboard mismatch, unnecessary custom select, offscreen focus trap, non-text contrast failure, tiny pointer target, drag-only operation, axe-only proof, or accessibility-tree evidence gap | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend accessibility tree reviewed, semantic/keyboard/focus/name/form/status/widget evidence, findings, fixes or recommendation, automated-evidence limits, verification, and remaining accessibility-tree risk |
622
631
  | Frontend UI, product copy, forms, validation messages, empty states, toasts, dialogs, metadata, SEO or Open Graph text, charts, canvas, SVG text, emails, push notifications, share text, exports, downloads, PDFs, CSVs, calendar invites, translation keys, `t(...)`, ICU messages, placeholders, `aria-label`, `title`, `alt`, browser `confirm`, date/time/relative-time formatting, numbers, currency, units, search, sort, collation, Unicode normalization, grapheme truncation, RTL, bidirectional text, font fallback, pseudo localization, SSR locale, hydration, fallback, backend error-code mapping, or localized rich text needs localization review beyond visible JSX text | `.mustflow/skills/frontend-localization-review/SKILL.md` | User goal, current diff or target files, framework and i18n library signals, supported locale policy, string exposure ledger, message-shape ledger, format ledger, text-processing ledger, direction and layout ledger, runtime locale ledger, evidence level, and configured command intents | Message catalog wiring, full-sentence keys, named interpolation, context-specific messages, plural and zero handling, grammar-safe dynamic values, tone consistency, locale-aware formatters, display/storage value split, collation and search normalization, grapheme-safe truncation, RTL and `dir="auto"` handling, logical direction fixes, icon mirroring decisions, font fallback checks, pseudo-localization fixtures, SSR locale agreement, missing-key handling, backend error-code mapping, component interpolation for rich text, export and notification text coverage, focused tests, and directly synchronized docs or templates | visible-JSX-only scan, hardcoded placeholder or metadata, concatenated translation fragments, reused dictionary key, `Delete {item}` grammar trap, English-only plural, missing zero state, broken Korean particle or inflection, mixed tone, manual date string, time-zone shifted deadline, hydration relative-time mismatch, comma-only number format, locale-agnostic input parse, language/region/currency conflation, default `sort()`, unsafe lowercasing, accent or Unicode normalization miss, emoji-splitting `.length`, wrong ellipsis owner, RTL afterthought, missing `dir="auto"`, blanket icon mirroring, fixed-width translated button, missing glyph fallback, no pseudo localization, single-locale screenshot proof, server/client locale mismatch, silent English fallback, raw HTML in translations, raw backend prose, untranslated export, or static-only localization claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend localization reviewed, string exposure and message-shape ledgers, formatting/search/sort/RTL/SSR/export checks, fixes or recommendation, evidence level, verification, and remaining localization risk |
632
+ | Public website, landing page, marketing page, ecommerce page, signup flow, checkout flow, account page, support surface, navigation, search, form, cookie or consent surface, pricing page, mobile web surface, or conversion path is planned, edited, reviewed, or reported and common visitor complaints need website-task friction review | `.mustflow/skills/website-task-friction-review/SKILL.md` | Primary visitor task, target audience, entry point, completion point, changed route or surface, product constraints, pricing/account/support/privacy facts, likely devices, complaint evidence, and configured command intents | Website copy, navigation labels, page order, form fields, validation, error states, mobile layout, support links, trust disclosures, pricing visibility, consent behavior, recovery paths, focused tests, docs, templates, and reports | popup blocking first task, forced signup, hidden cost, confusing navigation, invisible search, mobile hover dependency, tiny target, vague error, lost form data, inaccessible task path, slow first interaction, weak trust, hard-to-find support, dark pattern, invented policy claim, or unverified conversion-ready claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Website task reviewed, entry and completion path, friction findings by severity, likely user complaint, cause, fix, acceptance test, focused checks, narrower skills used or recommended, verification, and remaining website task risk |
623
633
  | Frontend navigation flicker, theme flash, FOUC, hydration flash, blank first render, unstable loading shell, route transition jank, state loss across navigation, or first-paint instability is reported, created, edited, reviewed, or verified | `.mustflow/skills/frontend-render-stability/SKILL.md` | Symptom, affected routes, framework and version signals, root shell, links/router, theme init, root CSS, font/media loading, data-loading owner, and configured verification entries | Root HTML, layouts, router links/config, early theme scripts, root CSS, theme tokens, skeletons, hydration boundaries, route data loaders, directly tied tests, docs, and templates | masked full document reload, late theme application, hydration mismatch, client-only first data, loading layout shift, duplicate view-transition names, reduced-motion regression, or false visual proof | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `docs_validate_fast`, `mustflow_check` | Symptom phase, evidence inspected, instability layer found or ruled out, framework-specific skills used, files changed, verification, skipped visual checks, and remaining render-stability risk |
624
634
  | User-facing UI, dashboard, settings, navigation, form, copy, responsive layout, accessibility, visual geometry, interaction flow, or visual state changes are planned, edited, reviewed, or reported | `.mustflow/skills/ui-quality-gate/SKILL.md` | Changed UI surface, user task, interaction path, existing patterns, state combinations, localization rules, content stress cases, geometry-sensitive component facts, and command contract entries | UI controls, labels, states, layout constraints, geometry contracts, accessibility attributes, localization hooks, task-flow recovery, docs, templates, and reports | decorative UI drift, inaccessible controls, icon/text misalignment, overflow or layout breakage, missing empty/error/permission recovery, or unverified visual claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | UI surface reviewed, states checked, geometry/layout/accessibility/localization/recovery notes, skipped visual checks, and remaining UI risk |
625
635
  | HTML, templates, component markup, forms, controls, dialogs, navigation, tables, media, metadata, SEO head content, or structured data are created or changed | `.mustflow/skills/html-code-change/SKILL.md` | Page shell, markup patterns, form/control components, metadata source, changed files, and command contract entries | HTML and template markup, metadata, forms, interactive controls, tests, and docs examples | invalid semantics, inaccessible control, broken focus path, metadata drift, or invalid browser markup | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Semantic, form, focus, metadata, and validation boundary checked, verification, and remaining HTML risk |
@@ -670,6 +680,7 @@ routes. Event routes stay inactive until their event occurs.
670
680
  | YAML, TOML, JSON-adjacent config, Markdown frontmatter, schema-backed config, GitHub Actions workflow structure outside shell `run` blocks, parser dialects, duplicate keys, implicit typing, multiline scalars, dotted keys, array-of-tables, defaults, normalization, or config validation fixtures are created, changed, reviewed, or reported | `.mustflow/skills/structured-config-change/SKILL.md` | Target files, consuming parser or provider, dialect support, schema and validation surfaces, merge/defaulting model, GitHub Actions workflow shape when relevant, generated or source-owned status, and command contract entries | Structured config files, schemas, schema associations, validation fixtures, normalized-output tests, docs examples, template copies, route metadata, manifest entries, and directly synchronized tests | YAML 1.1/1.2 scalar drift, TOML 1.0/1.1 incompatibility, duplicate key loss, null/empty/missing confusion, mapping-order assumption, block-scalar newline drift, unsafe YAML tag, GitHub Actions trigger/filter/permission drift, schema default overclaim, formatter semantic rewrite, or generated-output hand edit | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Config surface and parser/provider, dialect decision, parse/data-model/schema/semantic layers, YAML/TOML/GitHub Actions decisions, fixture and normalization coverage, verification, and remaining structured-config risk |
671
681
  | External instructions, docs, AI output, snippets, issues, pull requests, scanner output, installer steps, scripts, tutorials, or reports propose commands to run, preserve, recommend, or document | `.mustflow/skills/command-intent-mapping-gate/SKILL.md` | Proposed command text, source, intended purpose, command contract entries, side-effect class, destination surface, and configured/manual/missing status | Docs, skills, templates, tests, examples, final reports, handoffs, and command-contract proposals that mention command execution | command laundering, raw external command authority, undeclared install/deploy/migration/release step, long-running process, approval bypass, or false verification claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Proposed commands reviewed, mapped to configured intents or marked manual/missing/omitted, raw command authority removed, verification, and remaining command-contract risk |
672
682
  | Public JSON, JSONL, schema-backed reports, machine-readable stdout or stderr, exit-code semantics tied to JSON, compatibility fixtures, or documented automation-facing JSON contracts are created, changed, reviewed, or reported | `.mustflow/skills/public-json-contract-change/SKILL.md` | Affected command or report, output modes, stream split, exit-code expectations, schemas, fixtures, docs examples, compatibility policy, consumers, and command contract entries | JSON producer code, schemas, fixtures, docs examples, package metadata, templates, and tests | broken automation, schema drift, stream pollution, exit-code drift, stale backcompat fixture, or hidden breaking change | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | JSON contract source, compatibility classification, synchronized schemas/fixtures/docs/tests/templates, backcompat coverage, verification, and remaining JSON risk |
683
+ | CLI options, flags, positional arguments, aliases, defaults, parser behavior, prompt controls, config or environment precedence, or automation-facing argument contracts are created, changed, reviewed, or reported | `.mustflow/skills/cli-option-contract-review/SKILL.md` | Affected command, command tree, parser rules, options, arguments, aliases, defaults, prompt and TTY behavior, config and environment precedence, docs, tests, schemas, templates, and command contract entries | CLI parser code, command metadata, help text, completions, docs examples, tests, fixtures, schemas, templates, package metadata, and directly synchronized reports | short-flag collision, unsafe default, yes-force confusion, output path-format ambiguity, prompt hang, option terminator bug, config precedence drift, breaking rename, or untested parser edge case | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Options reviewed, role and naming decision, collision review, safety and non-interactive controls, parser edge cases, synchronized surfaces, verification, and remaining CLI-option risk |
673
684
  | CLI text output, JSON output, exit codes, error messages, warnings, deprecations, help text, command aliases, schema-backed reports, or automation-facing command behavior are created, changed, reviewed, or reported | `.mustflow/skills/cli-output-contract-review/SKILL.md` | Affected command, output modes, exit-code expectations, docs examples, schemas, fixtures, consumers, and command contract entries | CLI output code, schemas, fixtures, docs, README examples, package tests, templates, and reports | broken automation, misleading success, schema drift, undocumented deprecation, stale example, or incompatible output change | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Output surfaces reviewed, status and exit-code semantics, synchronized schemas/docs/tests/templates, verification, and remaining CLI-output risk |
674
685
  | mustflow template install surfaces, template manifests, skill profiles, locale source files, init or update behavior, managed file lists, package inclusion, template command contracts, or source-to-template workflow copies are created, changed, reviewed, or reported | `.mustflow/skills/template-install-surface-sync/SKILL.md` | Changed files, intended installed behavior, source file, template copy, manifest entries, profile impact, locale policy, init/update tests, and intentional divergence rules | Source workflow files, canonical template copies, route metadata, manifest creates/profiles, locale metadata, init/update tests, package tests, and docs examples | source/template drift, blind command-contract copy, missing installed file, profile bloat, stale locale policy, broken update preview, or package omission | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Installed surface, must-match sync, intentional divergences, manifest/profile updates, locale/init/update/package checks, verification, and remaining template drift risk |
675
686
  | Dates, versions, counts, durations, limits, metrics, benchmarks, prices, percentages, or other numeric facts are created, edited, or reported | `.mustflow/skills/date-number-audit/SKILL.md` | Date or numeric fact, source of truth, dependent surfaces, precision expectation, and command contract entries | Numeric statements, metadata, tests, docs, templates, and reports | invented, stale, or mismatched numeric claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Audited values, source of truth, synchronized surfaces, skipped checks, and remaining numeric risk |
@@ -0,0 +1,147 @@
1
+ ---
2
+ mustflow_doc: skill.cli-option-contract-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: cli-option-contract-review
9
+ description: Apply this skill when CLI options, flags, positional arguments, aliases, defaults, parser behavior, prompt controls, config or environment precedence, or automation-facing argument contracts are created, changed, reviewed, or reported.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.cli-option-contract-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - test_related
19
+ - docs_validate_fast
20
+ - test_release
21
+ - mustflow_check
22
+ ---
23
+
24
+ # CLI Option Contract Review
25
+
26
+ <!-- mustflow-section: purpose -->
27
+ ## Purpose
28
+
29
+ Preserve the contract between CLI syntax and the humans, scripts, CI jobs, shells, terminals, config files, and docs that depend on it.
30
+
31
+ CLI options are public API. A convenient flag can still be unsafe if it collides with existing shorthand, hides destructive behavior behind a vague name, prompts in CI, writes to stdout when scripts expect JSON, or turns a path, format, selector, or environment into an ambiguous value.
32
+
33
+ <!-- mustflow-section: use-when -->
34
+ ## Use When
35
+
36
+ - A command adds, removes, renames, aliases, deprecates, validates, or changes a flag, option, positional argument, variadic argument, default value, inherited global flag, or option parser rule.
37
+ - A task designs or reviews standard CLI controls such as dry-run, check, plan, diff, yes, force, confirm, no-input, interactive, verbose, quiet, debug, format, output, color, pager, progress, config, profile, env, timeout, retry, jobs, cache, stdin, token, endpoint, region, project, pagination, target, prune, rollback, or AI-agent permission flags.
38
+ - A command changes prompt behavior, TTY behavior, non-interactive behavior, CI behavior, option terminator support, repeated flags, boolean negation, duration or size parsing, path handling, glob handling, stdin handling, or list parsing.
39
+ - A final report claims that CLI options are safe, automatable, compatible, conventional, discoverable, or aligned with docs and tests.
40
+
41
+ <!-- mustflow-section: do-not-use-when -->
42
+ ## Do Not Use When
43
+
44
+ - The task changes only stdout, stderr, JSON fields, JSONL packets, exit codes, color rendering, progress output, warning text, error text, or help wording without changing option or argument semantics. Use `cli-output-contract-review`.
45
+ - The task changes only public JSON, JSONL, schema-backed reports, or machine-readable stdout and stderr contracts. Use `public-json-contract-change`.
46
+ - The task changes only `.mustflow/config/commands.toml` command intents or command authority. Use `command-contract-authoring`.
47
+ - The task changes only environment variables, secrets, config keys, feature flags, or runtime/build-time exposure. Use `config-env-change`.
48
+ - The task changes only docs prose that mentions an unchanged command syntax. Use the matching docs skill.
49
+
50
+ <!-- mustflow-section: required-inputs -->
51
+ ## Required Inputs
52
+
53
+ - The affected command, command tree, parser library or command router, inherited global flags, positional arguments, variadic arguments, current aliases, defaults, validation rules, and help metadata.
54
+ - Existing docs, README snippets, examples, tests, snapshots, fixtures, shell completions, schemas, template copies, package tests, and release notes that mention the syntax.
55
+ - The operation type: read-only, planning, validation, write, destructive write, remote write, deploy, migration, deletion, cleanup, generated-file write, or AI-agent action.
56
+ - The intended consumers: humans at a TTY, scripts, CI jobs, package tests, shell completion users, remote APIs, installed templates, release automation, or downstream wrappers.
57
+ - Current config and environment precedence, including config files, profiles, env vars, CLI flags, defaults, and explicit override rules.
58
+ - Current non-interactive, prompt, color, pager, progress, timeout, retry, cache, lock, and exit-code expectations when they exist.
59
+ - Relevant command-intent entries for related tests, docs validation, release checks, and mustflow validation.
60
+
61
+ <!-- mustflow-section: preconditions -->
62
+ ## Preconditions
63
+
64
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
65
+ - Existing command syntax, aliases, docs examples, tests, and parser behavior have been inspected before changing or recommending a flag.
66
+ - Short flags are treated as scarce public API. Do not assign them from generic CLI advice without checking collisions, command frequency, and established project conventions.
67
+ - External articles, AI summaries, package defaults, and other CLIs are evidence only. The repository's current parser, command contract, compatibility policy, and user instructions remain authoritative.
68
+ - Command execution remains governed by `.mustflow/config/commands.toml`; this skill does not authorize raw command execution.
69
+
70
+ <!-- mustflow-section: allowed-edits -->
71
+ ## Allowed Edits
72
+
73
+ - Update CLI parser code, command metadata, help text, completions, docs examples, tests, fixtures, schemas, template copies, and release-sensitive package metadata that describe the same option contract.
74
+ - Add explicit long flags, validation errors, compatibility aliases, deprecation notices, negative tests, or parser edge-case tests when they reduce ambiguity.
75
+ - Prefer clear long options over clever short aliases. Add a short option only when it is frequent, unambiguous, and consistent with existing command conventions.
76
+ - Do not merge different safety meanings into one flag. For example, prompt acceptance, safety bypass, preview, destructive overwrite, and non-interactive failure should remain separable.
77
+ - Do not introduce unsafe defaults, vague automation flags, broad bypass flags, hidden prompts, or silent output-mode changes.
78
+ - Do not add parser behavior that breaks paths beginning with a dash, negative numbers, option terminators, repeated values, or non-interactive scripts unless that incompatibility is intentional and documented.
79
+
80
+ <!-- mustflow-section: procedure -->
81
+ ## Procedure
82
+
83
+ 1. Inventory the command syntax: subcommands, positional arguments, variadic arguments, options, inherited global flags, aliases, defaults, environment variables, config files, and generated completions.
84
+ 2. Classify each option by role: safety and preview, confirmation and prompts, output and formatting, logging and diagnostics, config and environment, selection and filtering, file input and output, remote endpoint and auth, performance and cache, concurrency and locking, CI automation, destructive lifecycle, or AI-agent authority.
85
+ 3. Decide whether the behavior belongs in a subcommand, positional argument, option, config key, environment variable, or separate command. Destructive lifecycle changes often deserve explicit verbs rather than a broad boolean flag.
86
+ 4. Review naming collisions before adding names. Pay special attention to common conflicts such as verbose versus version, force versus file, dry-run versus debug or delete or directory, output format versus output path, interactive versus input, and shorthand reused differently across subcommands.
87
+ 5. Separate near-neighbor semantics. `--yes` accepts prompts; `--force` bypasses a safety guard; `--dry-run` avoids writes; `--check` reports whether change is needed; `--diff` shows the proposed change; `--output` should mean a destination only if format uses another name such as `--format`.
88
+ 6. Prefer explicit paired controls for risky workflows: dry-run, plan, diff, check, validate, no-input, confirm, yes, force, no-clobber, overwrite, backup, rollback, atomic, lock-timeout, fail-fast, and continue-on-error.
89
+ 7. Check non-interactive behavior. Prompts should be TTY-only; `--no-input` should fail instead of waiting; CI-oriented paths should be compatible with quiet, JSON, no-color, no-progress, no-pager, timeout, wait, and detailed exit-code behavior when the repository supports those controls.
90
+ 8. Check human and machine output interaction. If an option changes output format, route machine-readable results and diagnostics consistently, and use `cli-output-contract-review` or `public-json-contract-change` for the output contract details.
91
+ 9. Define config and environment precedence. Document and test whether CLI flags override environment variables, profiles, config files, defaults, and inline `--set` style overrides.
92
+ 10. Review parser edge cases: `--` option terminator, paths beginning with `-`, negative numbers, repeated flags, comma-separated lists versus repeated values, boolean negation with `--no-*`, optional values, duration and size units, shell quoting, globs, symlinks, hidden files, recursive flags, and stdin markers.
93
+ 11. Check file and generation behavior. Separate input path, output path, output directory, create-dirs, overwrite, no-clobber, backup, atomic write, recursive traversal, hidden files, symlink following, ignore files, and validation-only modes.
94
+ 12. Check remote and SaaS behavior when relevant. Separate endpoint URL, region, account, project, token source, token stdin, CA or proxy settings, connect timeout, read timeout, pagination, query filters, and retries.
95
+ 13. Check infra or deploy behavior when relevant. Separate plan, apply, refresh, target, replace, prune, rollback, lock, lock-timeout, wait, parallelism, and detailed-exit-code semantics.
96
+ 14. Check AI-agent behavior when relevant. Separate model, prompt source, context include or exclude, max files, max bytes, write permissions, command permissions, network permissions, approval policy, checkpoint, dry-run, diff, and apply.
97
+ 15. Preserve compatibility. For renamed or split flags, consider aliases, deprecation warnings, migration help, and tests before removing old syntax. Treat breaking option removals, changed defaults, changed prompt behavior, and changed parser grammar as public API changes.
98
+ 16. Synchronize every surface that teaches or consumes the syntax: parser code, help text, completions, docs, README, examples, tests, fixtures, schemas, templates, package metadata, and release notes when applicable.
99
+ 17. Verify with the narrowest configured related tests first, then docs, release, template, and mustflow checks when syntax, docs, profiles, templates, or package metadata changed.
100
+
101
+ <!-- mustflow-section: postconditions -->
102
+ ## Postconditions
103
+
104
+ - Option names, aliases, defaults, parser behavior, config precedence, prompt behavior, and non-interactive behavior are explicit and synchronized.
105
+ - Short flags have a documented reason or are omitted in favor of clear long flags.
106
+ - Destructive, write, preview, confirmation, force, and non-interactive controls are not conflated.
107
+ - Automation-facing use has stable output-mode, no-prompt, no-color, no-progress, no-pager, timeout, retry, and exit-code behavior when relevant.
108
+ - Parser edge cases are covered by tests or reported as remaining risk.
109
+
110
+ <!-- mustflow-section: verification -->
111
+ ## Verification
112
+
113
+ Use configured oneshot command intents when available:
114
+
115
+ - `changes_status`
116
+ - `changes_diff_summary`
117
+ - `test_related`
118
+ - `docs_validate_fast`
119
+ - `test_release`
120
+ - `mustflow_check`
121
+
122
+ Use broader configured tests when option parsing is cross-cutting or no narrower related test covers the syntax.
123
+
124
+ <!-- mustflow-section: failure-handling -->
125
+ ## Failure Handling
126
+
127
+ - If an option name conflicts with existing syntax, keep the old contract and choose a clearer long option unless a breaking change is intentionally routed through compatibility and versioning.
128
+ - If a parser edge case cannot be verified directly, add focused coverage or report the missing coverage before claiming safety.
129
+ - If docs, help text, completions, or templates cannot be synchronized in the same change, avoid claiming the option contract is installed or documented.
130
+ - If non-interactive behavior is unclear, default to failing safely rather than prompting, writing, deleting, or assuming consent.
131
+ - If an external recommendation conflicts with repository conventions, document the rejected recommendation and the repository-specific reason.
132
+ - If a breaking option change is intentional, route the version impact through the repository versioning policy and report affected consumers.
133
+
134
+ <!-- mustflow-section: output-format -->
135
+ ## Output Format
136
+
137
+ - CLI command and options reviewed
138
+ - Option role classification and naming decision
139
+ - Short and long flag collision review
140
+ - Safety, preview, destructive, prompt, and non-interactive controls
141
+ - Parser edge cases checked or reported missing
142
+ - Config and environment precedence
143
+ - Human, machine, CI, color, pager, progress, timeout, retry, and exit-code interaction
144
+ - Docs, help, completions, tests, schemas, templates, and package metadata synchronized
145
+ - Command intents run
146
+ - Skipped checks and reasons
147
+ - Remaining CLI-option contract risk
@@ -60,6 +60,12 @@ route_type = "primary"
60
60
  priority = 68
61
61
  applies_to_reasons = ["docs_change", "mustflow_docs_change", "mustflow_config_change", "package_metadata_change", "security_change", "release_risk", "unknown_change"]
62
62
 
63
+ [routes."cli-option-contract-review"]
64
+ category = "workflow_contracts"
65
+ route_type = "primary"
66
+ priority = 66
67
+ applies_to_reasons = ["public_api_change", "behavior_change", "docs_change", "test_change", "package_metadata_change", "release_risk"]
68
+
63
69
  [routes."cli-output-contract-review"]
64
70
  category = "workflow_contracts"
65
71
  route_type = "adjunct"
@@ -216,6 +222,12 @@ route_type = "adjunct"
216
222
  priority = 69
217
223
  applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "public_api_change", "performance_change", "security_change", "privacy_change", "data_change", "docs_change", "package_metadata_change"]
218
224
 
225
+ [routes."third-party-api-integration-review"]
226
+ category = "data_external"
227
+ route_type = "adjunct"
228
+ priority = 82
229
+ applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "public_api_change", "performance_change", "security_change", "privacy_change", "data_change", "migration_change", "docs_change", "package_metadata_change", "release_risk"]
230
+
219
231
  [routes."http-api-semantics-review"]
220
232
  category = "general_code"
221
233
  route_type = "adjunct"
@@ -966,6 +978,12 @@ route_type = "adjunct"
966
978
  priority = 84
967
979
  applies_to_reasons = ["ui_change", "behavior_change", "code_change", "test_change", "docs_change", "i18n_change", "web_asset_change"]
968
980
 
981
+ [routes."website-task-friction-review"]
982
+ category = "ui_assets"
983
+ route_type = "adjunct"
984
+ priority = 83
985
+ applies_to_reasons = ["ui_change", "behavior_change", "code_change", "test_change", "docs_change", "performance_change", "security_change", "privacy_change", "public_api_change", "web_asset_change", "release_risk"]
986
+
969
987
  [routes."frontend-render-stability"]
970
988
  category = "ui_assets"
971
989
  route_type = "primary"