mustflow 2.107.9 → 2.108.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/api/serve.js +73 -10
- package/dist/core/run-receipt-state.js +23 -2
- package/dist/core/secret-redaction.js +6 -1
- package/package.json +1 -1
- package/schemas/api-serve-response.schema.json +1 -0
- package/templates/default/i18n.toml +48 -12
- package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +24 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +52 -14
- package/templates/default/locales/en/.mustflow/skills/admin-control-plane-safety-review/SKILL.md +200 -0
- package/templates/default/locales/en/.mustflow/skills/ai-product-readiness-review/SKILL.md +158 -0
- package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +91 -28
- package/templates/default/locales/en/.mustflow/skills/browser-automation-reliability-review/SKILL.md +279 -0
- package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +39 -11
- package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +4 -1
- package/templates/default/locales/en/.mustflow/skills/database-change-safety/SKILL.md +21 -2
- package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +25 -7
- package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +117 -43
- package/templates/default/locales/en/.mustflow/skills/frontend-component-library-review/SKILL.md +299 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +128 -36
- package/templates/default/locales/en/.mustflow/skills/notification-delivery-integrity-review/SKILL.md +226 -0
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +34 -14
- package/templates/default/locales/en/.mustflow/skills/routes.toml +36 -0
- package/templates/default/locales/en/.mustflow/skills/small-service-platform-architecture-review/SKILL.md +273 -0
- package/templates/default/locales/en/.mustflow/skills/tauri-code-change/SKILL.md +41 -3
- package/templates/default/locales/en/.mustflow/skills/wails-code-change/SKILL.md +34 -4
- package/templates/default/manifest.toml +43 -1
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skills.index
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 207
|
|
6
6
|
authority: router
|
|
7
7
|
lifecycle: mustflow-owned
|
|
8
8
|
---
|
|
@@ -57,6 +57,11 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
57
57
|
broad code changes need a repository-evidence pass for symptom-only fixes, pinpoint
|
|
58
58
|
hardcoding, same-defect-class siblings, duplicate helpers or shapes, hidden coupling,
|
|
59
59
|
public-surface drift, swallowed errors, excessive complexity, and weak tests.
|
|
60
|
+
- Use `ai-product-readiness-review` as a primary route when an AI product feature, AI Gateway,
|
|
61
|
+
provider/model integration, prompt/RAG/tool path, AI cache, fallback path, streaming path,
|
|
62
|
+
eval gate, user-data flow, model registry, observability surface, or model portability plan
|
|
63
|
+
needs end-to-end product readiness review before narrower prompt, cost, latency, agent,
|
|
64
|
+
privacy, cache, or UX skills take over.
|
|
60
65
|
- Use `prompt-contract-quality-review` as a primary route when prompts, prompt builders,
|
|
61
66
|
RAG assembly, structured outputs, tool-use instructions, model settings, eval fixtures,
|
|
62
67
|
refusal states, or agent completion definitions need prompt-as-function review for
|
|
@@ -76,6 +81,11 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
76
81
|
agents, agentic workflows, planners, executors, verifiers, tool contracts, tool-call gates,
|
|
77
82
|
approval or interrupt flows, durable agent state, handoffs, guardrails, loop budgets, retry
|
|
78
83
|
classification, trace evaluation, or outcome metrics need execution-control review.
|
|
84
|
+
- Use `browser-automation-reliability-review` as a primary route when browser automation,
|
|
85
|
+
UI automation, Playwright, Selenium, Puppeteer, WebDriver, browser-driving agents, flaky
|
|
86
|
+
selectors, page readiness, auth state, CAPTCHA or anti-bot handling, rate limits, screenshot
|
|
87
|
+
verification, retry, timeout, human approval, or browser automation observability needs
|
|
88
|
+
reliability review before narrower agent, auth, API, frontend, or test-suite skills take over.
|
|
79
89
|
- Use `agent-eval-integrity-review` as a primary route when agent evaluation loops, trace or
|
|
80
90
|
trajectory grading, LLM judges, outcome scoring, eval datasets, golden or dirty sets, pass@k or
|
|
81
91
|
pass^k metrics, shadow environments, production-monitoring-to-eval feedback, or agent regression
|
|
@@ -91,6 +101,11 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
91
101
|
settlement, discount, inventory, notification, subscription, visibility, eligibility, report, or
|
|
92
102
|
tenant rules may be enforced in only one UI, controller, query, mapper, batch, webhook, cache,
|
|
93
103
|
admin tool, support path, or report instead of a shared rule owner.
|
|
104
|
+
- Use `small-service-platform-architecture-review` as a primary route when a multi-product
|
|
105
|
+
platform, app factory, shared account portal, Product Registry, entitlement and credit platform,
|
|
106
|
+
deployment factory, analytics spine, common UI, template system, or operations automation must
|
|
107
|
+
support many small product apps before specialist auth, payment, admin, notification,
|
|
108
|
+
localization, deployment, AI, file, queue, or service-boundary skills take over.
|
|
94
109
|
- Use `payment-integrity-review` as an adjunct when payment, checkout, authorization, capture,
|
|
95
110
|
refund, subscription, provider webhook, fulfillment, entitlement, ledger, coupon, inventory,
|
|
96
111
|
settlement, dispute, chargeback, or payment-provider integration code needs money-event integrity
|
|
@@ -102,6 +117,11 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
102
117
|
reconciliation jobs need ledger integrity review for idempotency, atomic balance changes,
|
|
103
118
|
concurrency, ordering, ownership, amount precision, policy snapshots, expiry lots, audit, or
|
|
104
119
|
reconciliation risk.
|
|
120
|
+
- Use `notification-delivery-integrity-review` as an adjunct when notification generation, email,
|
|
121
|
+
push, SMS, in-app inboxes, unsubscribe, suppression, digest, quiet hours, timezone scheduling,
|
|
122
|
+
provider webhooks, delivery attempts, templates, or notification audit logs need delivery
|
|
123
|
+
lifecycle review across source events, intents, schedules, channels, provider outcomes, consent,
|
|
124
|
+
dedupe, retry, and explainability.
|
|
105
125
|
- Use `api-misuse-resistance-review` as an adjunct when APIs, SDKs, service methods, DTOs, request
|
|
106
126
|
shapes, response shapes, pagination, idempotency, async jobs, versioning, deprecation, rate
|
|
107
127
|
limits, retry rules, observability, or caller-facing docs need caller-ergonomics and misuse-risk
|
|
@@ -119,6 +139,10 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
119
139
|
object, property, or function authorization, tenant isolation, request-supplied identity,
|
|
120
140
|
mass assignment, signed URLs, queue revalidation, webhook ownership, token/session hardening,
|
|
121
141
|
account enumeration, automation defense, or denial-case coverage.
|
|
142
|
+
- Use `admin-control-plane-safety-review` as an adjunct when admin panels, backoffice tools,
|
|
143
|
+
support consoles, operator dashboards, staff APIs, audit logs, change history, impersonation,
|
|
144
|
+
dangerous actions, approvals, exports, imports, bulk operations, admin search or filters,
|
|
145
|
+
production guardrails, PII masking, admin sessions, or MFA need control-plane safety review.
|
|
122
146
|
- Use `file-upload-security-review` as an adjunct when file uploads, imports, attachments,
|
|
123
147
|
direct-to-storage uploads, remote file fetches, archive extraction, previews, thumbnails,
|
|
124
148
|
conversions, scanner gates, storage keys, signed URLs, downloads, browser headers, or uploaded
|
|
@@ -156,8 +180,9 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
156
180
|
registry, or runtime failure is not yet localized to host, daemon, image, app, network, storage,
|
|
157
181
|
resource, or registry boundaries.
|
|
158
182
|
- Use `ci-pipeline-triage` as a primary route when CI/CD workflow, pipeline, job, runner, trigger,
|
|
159
|
-
cache, artifact,
|
|
160
|
-
|
|
183
|
+
cache, artifact, runner-minute billing, artifact storage or retention, deployment job, required
|
|
184
|
+
check, or post-deploy verification failure or cost is not yet localized to trigger, runner,
|
|
185
|
+
environment, build, test, cache, artifact, billing, deploy, or verification.
|
|
161
186
|
- Use `web-render-performance-review` as an adjunct when web frontend routes need first-render,
|
|
162
187
|
Core Web Vitals, LCP, CLS, FCP, TTFB, critical CSS, font, image, iframe, third-party script,
|
|
163
188
|
hydration, first-view data, resource-hint, CDN/cache, route-prefetch, or long-task review.
|
|
@@ -225,6 +250,11 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
225
250
|
focus order or return, dialog, form, error, live region, ARIA, hidden content, icon, image alt,
|
|
226
251
|
custom widget, non-text contrast, target size, drag alternative, or automated a11y evidence
|
|
227
252
|
review instead of an "ARIA attributes exist" checklist.
|
|
253
|
+
- Use `frontend-component-library-review` as an adjunct when a frontend component library, design
|
|
254
|
+
system package, UI kit, token system, primitive layer, variant API, theming surface, package
|
|
255
|
+
exports, Storybook or docs contract, visual regression suite, codemod, SemVer policy, or
|
|
256
|
+
breaking-change plan needs public API platform review before narrower accessibility, state,
|
|
257
|
+
layout, localization, bundle, or framework skills take over.
|
|
228
258
|
- Use `frontend-localization-review` as an adjunct when frontend localization needs all
|
|
229
259
|
user-visible strings, message catalogs, full-sentence translation units, interpolation, plural
|
|
230
260
|
and zero cases, grammar or particles, tone, date/time/number/currency/unit formatting, search,
|
|
@@ -257,8 +287,9 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
257
287
|
changed, reviewed, or upgraded.
|
|
258
288
|
- Use `wails-code-change` as a primary route when Wails v3 apps, Go services, generated bindings,
|
|
259
289
|
TypeScript runtime calls, windows, menus, system tray, dialogs, events, WebView platform
|
|
260
|
-
behavior, Taskfile or build config, signing, packaging,
|
|
261
|
-
server builds, or Wails-related tests are created,
|
|
290
|
+
behavior, Taskfile or build config, signing, packaging, platform targets, native desktop CI build
|
|
291
|
+
matrices, custom protocols, file associations, server builds, or Wails-related tests are created,
|
|
292
|
+
changed, reviewed, or upgraded.
|
|
262
293
|
- Use `axum-code-change` as a primary route when Axum routers, handlers, extractors, state,
|
|
263
294
|
extensions, middleware, Tower or Tower-HTTP layers, CORS, cookies, headers, Tokio tasks or locks,
|
|
264
295
|
SQLx pools, rejections, error responses, body limits, WebSockets, or Rust HTTP API tests are
|
|
@@ -341,7 +372,8 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
341
372
|
egress, CDN, logs, metrics, traces, autoscaling, quotas, budgets, tags, temporary resources,
|
|
342
373
|
container registries, Marketplace, LLM API, or third-party SaaS usage needs review for whether
|
|
343
374
|
spend can silently explode without account isolation, caps, lifecycle, retention, attribution,
|
|
344
|
-
or automated non-production stop guardrails.
|
|
375
|
+
or automated non-production stop guardrails. For CI runner-minute, workflow matrix, artifact
|
|
376
|
+
retention, cache quota, or release-asset handoff cost, use `ci-pipeline-triage` first.
|
|
345
377
|
- Use `rate-limit-integrity-review` as an adjunct when rate limits, throttling, quotas, API usage
|
|
346
378
|
limits, request costs, token buckets, fixed or sliding windows, GCRA, Redis counters, edge,
|
|
347
379
|
gateway, service, tenant, user, API key, route-group, IP, 429, `Retry-After`, `RateLimit`,
|
|
@@ -466,7 +498,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
466
498
|
| Reported API, SDK, browser, mobile, webhook, gateway, CDN, load balancer, provider, wrong-status, wrong-body, CORS preflight, auth, rate-limit, cache, OpenAPI, or deployment-config failure is not yet localized to the client, network, proxy, app, database, cache, provider, or deployment boundary | `.mustflow/skills/api-failure-triage/SKILL.md` | Failing request packet, success comparator, boundary ledger, timing ledger, contract ledger, auth ledger, change ledger, redaction constraints, and configured command intents | Request/response evidence preservation, success/failure wire comparison, boundary localization, timing decomposition, status/body/content-type mapping, CORS/preflight split, redirect and proxy header checks, authn/authz split, retry/timeout/rate-limit/idempotency classification, cache and OpenAPI drift checks, focused reproduction fixtures, and directly synchronized docs or templates | log-first debugging, SDK argument theater, missing failing packet, success-only comparison, CORS blamed for server-to-server calls, redirect losing auth or method, proxy stripping idempotency or trace headers, `200` error body, HTML body with JSON content type, authn/authz collapse, object-auth incident missed, clock-skew flake, retry storm, non-idempotent replay, 429 hidden as 500, stale CDN or browser cache, OpenAPI drift, deployment config drift, or unfalsifiable log reading | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | API failure triaged, request packet and comparator, boundary and timing ledger, localized cause or evidence gap, hypotheses killed or open, fix or recommendation, evidence level, verification, and remaining API-failure risk |
|
|
467
499
|
| Login, signup, logout, refresh, password reset, magic link, passkey, MFA, OAuth, OIDC, JWT, cookie, session, token exchange, provider callback, account-linking, or authorization-after-login behavior is failing or intermittent before the failing identity boundary is known | `.mustflow/skills/auth-flow-triage/SKILL.md` | Auth attempt packet, stage ledger, token and session ledger, browser and proxy ledger, provider ledger, denial and privacy ledger, redaction constraints, and configured command intents | Auth stage localization, sanitized success/failure comparison, cookie and CORS credential checks, proxy trust and redirect URI checks, state, nonce, PKCE, issuer and subject checks, token and JWKS validation, session refresh and logout checks, passkey and MFA checks, account-linking checks, focused denial tests, and directly synchronized docs or templates | login-as-one-bucket debugging, token or cookie logging, account enumeration, loose redirect matching, state or nonce bypass, PKCE mismatch hidden, issuer plus subject ignored, SameSite or Secure drift, forwarded-header trust bug, refresh-token race, session fixation, email-only account linking, stale token claims, clock-skew flake, broad CORS wildcard, or unverified provider-console assumption | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Auth flow triaged, failing stage and comparator, cookie/proxy/provider/token/session/passkey/MFA findings, fix or recommendation, evidence level, verification, and remaining auth-flow risk |
|
|
468
500
|
| Docker Engine, Docker Desktop, daemon, context, Compose, container start, crash loop, health check, image pull, build cache, port mapping, DNS, network, volume, bind mount, storage, proxy, registry, cgroup, OOM, signal handling, PID 1, or runtime behavior is failing before the failing container boundary is known | `.mustflow/skills/docker-runtime-triage/SKILL.md` | Runtime packet, container ledger, actual config ledger, host resource ledger, network ledger, storage ledger, evidence-preservation constraints, and configured command intents | Host, daemon, context, image, container, Compose, process, resource, storage, network, proxy, registry, and build boundary localization; evidence preservation before cleanup; focused Dockerfile, Compose, health, entrypoint, network, volume, resource, docs, fixture, or test edits only after localization | prune-before-evidence, restart loop hiding first error, app blame before daemon proof, logs-only diagnosis, exit code 137 treated as automatic OOM, PID 1 signal loss, container localhost confusion, bind mount hiding image files, Compose variable drift, tag identity confusion, stale build cache, broad firewall reset, volume deletion, or unbounded raw Docker command | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Docker runtime triaged, boundary findings, evidence preserved and missing, fix or recommendation, evidence level, verification, and remaining Docker runtime risk |
|
|
469
|
-
| CI/CD workflow, pipeline, job, matrix, trigger, required check, runner, cache, artifact, deployment step, or post-deploy verification is failing, skipped, queued, flaky, slow, or green despite broken output before the failing pipeline boundary is known | `.mustflow/skills/ci-pipeline-triage/SKILL.md` | Failure classification, run identity ledger, last-good comparison, boundary ledger, redaction constraints, and configured command intents | Trigger, parsed graph, queue, runner, environment, dependency, build, test, cache, artifact, deploy, smoke, and final status localization; false-green checks; safe diagnostic evidence; focused workflow, package, docs, fixture, or test edits only after localization | last-red-line debugging, latest-code comparison, rerun-green treated as fixed, skipped required check, path-filter pending state, hidden `continue-on-error`, queue time mistaken for build time, floating `latest`, secret logging, sleep-based service readiness, cache-as-artifact confusion, deploying untested rebuilt artifacts, fork token scope surprise, unguarded environment concurrency, or zero-exit deploy without smoke evidence | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | CI pipeline triaged, failure shape and localized boundary, run identity and last-good comparison, trigger/runner/environment/build/test/cache/artifact/deploy/verification findings, verification, and remaining CI pipeline risk |
|
|
501
|
+
| CI/CD workflow, pipeline, job, matrix, trigger, required check, runner, cache, artifact, runner-minute billing, artifact storage or retention, deployment step, or post-deploy verification is failing, skipped, queued, flaky, slow, unexpectedly expensive, or green despite broken output before the failing or expensive pipeline boundary is known | `.mustflow/skills/ci-pipeline-triage/SKILL.md` | Failure classification, run identity ledger, last-good comparison, CI billing ledger when cost is in scope, boundary ledger, redaction constraints, and configured command intents | Trigger, parsed graph, queue, runner, environment, dependency, build, test, cache, artifact, billing, deploy, smoke, and final status localization; false-green checks; runner-minute and storage-quota separation; safe diagnostic evidence; focused workflow, package, docs, fixture, or test edits only after localization | last-red-line debugging, latest-code comparison, rerun-green treated as fixed, skipped required check, path-filter pending state, hidden `continue-on-error`, queue time mistaken for build time, runner-minute billing mistaken for artifact storage, plan allowance unit confusion, matrix split rounding loss, premium runner surprise, floating `latest`, secret logging, sleep-based service readiness, cache-as-artifact confusion, deploying untested rebuilt artifacts, fork token scope surprise, unguarded environment concurrency, or zero-exit deploy without smoke evidence | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | CI pipeline triaged, failure or cost shape and localized boundary, run identity and last-good comparison, trigger/runner/environment/build/test/cache/artifact/billing/deploy/verification findings, verification, and remaining CI pipeline risk |
|
|
470
502
|
|
|
471
503
|
### General Code Change
|
|
472
504
|
|
|
@@ -477,18 +509,21 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
477
509
|
| Large-scope code, docs, tests, content, log, data, or refactor work needs cheap-signal candidate selection before reading or editing many files | `.mustflow/skills/heuristic-candidate-selection/SKILL.md` | User goal, target scope, file-role boundaries, cheap signals, exclusions, scoring factors, batch limit, and verification contract | Candidate discovery, scoring, read plan, bounded batch edits, and directly synchronized surfaces | token waste, false positives, generated-file noise, unimportant cleanup, hallucinated source content, oversized diff, or missed high-impact file | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Selection goal, excluded surfaces, cheap signals, scored candidates, selected batch, skipped/deferred files, verification, and remaining selection risk |
|
|
478
510
|
| Assistant-authored, AI-generated, vibe-coded, copied, or broad code changes need a hardening pass for symptom-only fixes, pinpoint hardcoding, exact-value branches, same-defect-class sibling inputs or callers, duplicate helpers, duplicate types or shapes, hidden coupling, circular dependencies, re-export discipline, swallowed errors, excessive nesting, god functions or files, edge cases, and behavior-focused tests | `.mustflow/skills/ai-generated-code-hardening/SKILL.md` | User goal, current diff or target files, reported symptom or failing fixture, existing helpers/types/shapes, sibling inputs or callers, import and export paths, public entrypoints or barrels, error-handling conventions, edge/failure cases, tests, and configured command intents | Small hardening fixes, defect-class rule repair, deduplication into existing single source of truth, boundary notes, focused tests, and directly synchronized docs or contracts | symptom-only patch, pinpoint hardcode, exact literal fixture fix, uninspected sibling input, duplicate abstraction, hidden coupling, circular dependency, accidental public API, string-only tests, over-mocking, fallback sprawl, silent error handling, fan-in/fan-out concentration, or broad rewrite | `changes_status`, `changes_diff_summary`, `test_related`, `test_audit`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Sources of truth reused or extended, symptom patch and same-class sibling findings, duplicate/coupling/export/error/complexity/test findings, fixes made, deferred enforcement, verification, and remaining hardening risk |
|
|
479
511
|
| Quality metrics, line-count limits, complexity budgets, lint/type/test gates, or assistant-authored changes may be gamed through long-line stuffing, multiple statements per line, new suppressions, test bypass markers, type escapes, placeholder implementations, generated/vendor logic, giant config blobs, dispatch maps, or helper/util/manager/common containers | `.mustflow/skills/quality-gaming-guard/SKILL.md` | User goal, intended quality outcome behind the metric, current diff, quality gates, formatter/lint/type/test rules, generated/vendor policy, helper naming conventions, suppression baseline, and command contract entries | Real responsibility split, removal of gaming patterns, focused tests or quality-gate evidence, bounded `quality_gaming_check` command contract, and directly synchronized docs or templates | cosmetic metric compliance, line stuffing, validation suppression, test bypass, broad type escape, placeholder success, generated/vendor hiding, junk-drawer helper extraction, or legacy baseline confused with new regression | `quality_gaming_check`, `changes_status`, `changes_diff_summary`, `test_related`, `lint`, `build`, `mustflow_check` | Quality goal, gaming patterns inspected, patterns removed or intentionally left, baseline versus new-regression decision, verification, and remaining quality-gaming risk |
|
|
512
|
+
| AI product features, AI Gateways, provider/model integrations, prompt/RAG/tool paths, AI caches, fallback paths, streaming paths, evaluation gates, user-data flows, model registries, AI observability, incident runbooks, or model portability plans are created, changed, reviewed, or reported before the risk is narrow enough for one specialist LLM skill | `.mustflow/skills/ai-product-readiness-review/SKILL.md` | Product role ledger, harm model, gateway ledger, authority and action ledger, data ledger, cost and cache ledger, eval ledger, fallback and streaming ledger, model portability ledger, observability ledger, changed files, and command contract entries | AI Gateway boundaries, provider adapters, model registries, prompt registries, policy engines, tool proposal gates, quota guards, token budgets, cache keys, redaction, retry and fallback states, streaming validators, eval fixtures, observability fields, incident runbooks, tests, docs, route metadata, and directly synchronized templates | model-as-product shortcut, automatic high-risk decision, direct client provider call, prompt-only security, RAG permission leak, unvalidated model output, missing policy engine, cost budget gap, app cache tenant leak, eval theater, fallback-as-second-model, partial streaming disclosure, raw AI log retention, scattered model names, stale provider assumption, or missing kill switch | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `prompt_cache_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | AI product-readiness surface reviewed, AI role and harm model, gateway and policy boundaries, prompt-injection/data/output/permission/side-effect controls, cost/cache/eval/fallback/streaming/observability/model-portability decisions, specialist skills applied or deferred, verification, and remaining AI product-readiness risk |
|
|
480
513
|
| Prompts, prompt builders, system or developer messages, RAG prompt assembly, few-shot examples, structured outputs, tool-use instructions, model selection, reasoning-effort settings, eval sets, refusal or fallback handling, prompt versioning, or AI feature completion criteria are created, changed, reviewed, or reported | `.mustflow/skills/prompt-contract-quality-review/SKILL.md` | Prompt contract ledger, input ledger, authority ledger, output schema, tool policy, model/runtime ledger, RAG evidence ledger, eval ledger, changed files, and command contract entries | Prompt builders, prompt templates, schemas, validators, eval fixtures, boundary examples, tool policies, fallback states, completion definitions, docs, tests, and directly synchronized templates | prompt-as-function gap, user input treated as authority, buried RAG evidence, happy-path-only examples, JSON-parse theater, unpinned production model, hidden prompt storage, raw chain-of-thought request, guessed tool parameters, missing failure state, unbounded reasoning/token cost, or vibe-based prompt improvement claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Prompt contract reviewed, function boundary, authority and source separation, eval and semantic validation status, model/runtime policy, RAG/tool/failure/completion states, verification, and remaining prompt-contract risk |
|
|
481
514
|
| LLM answers, RAG responses, citations, source grounding, claim extraction, evidence IDs, answerability states, abstain behavior, retrieval thresholds, tool-backed facts, output validators, LLM judges, or hallucination-control metrics are created, changed, reviewed, or reported | `.mustflow/skills/llm-hallucination-control-review/SKILL.md` | Answer contract ledger, evidence ledger, claim ledger, tool ledger, validator ledger, eval ledger, observability ledger, changed files, and command contract entries | Answerability states, abstain states, missing-information states, source-coverage gates, claim maps, evidence-ID requirements, citation validators, retrieval thresholds, chunk metadata, tool-parameter ownership, deterministic calculators, domain validators, eval fixtures, tests, docs, route metadata, and directly synchronized templates | unsupported factual claim, fabricated citation, source ID invention, weak retrieval gate, noisy semantic-only retrieval, chunk context loss, summary-on-summary hallucination, guessed tool parameter, model arithmetic, source-priority conflict, LLM judge overtrust, low-temperature theater, missing abstain path, missing dirty eval, false citation metric gap, or unobservable grounding drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Hallucination-control surface reviewed, answerability and abstain states, evidence IDs, claim map, citations, source coverage, validators, retrieval thresholds, tool ownership, evals, metrics, verification, and remaining hallucination-control risk |
|
|
482
515
|
| RAG, knowledge-base answer, grounded chat, citation answer, retrieval-augmented support bot, or document QA flow is wrong, stale, unsupported, slow, leaking data, over-refusing, or not yet localized to ingestion, parsing, chunking, retrieval, filtering, reranking, context assembly, prompt construction, generation, citation validation, or answerability boundaries | `.mustflow/skills/rag-pipeline-triage/SKILL.md` | Symptom classification, trace ledger, source ledger, comparison ledger, eval ledger, privacy ledger, changed files, and command contract entries | End-to-end trace preservation, source availability and parsed-text checks, chunk metadata, duplicate and stale source checks, no-retrieval/current-context/gold-context comparison, keyword/vector/hybrid/retriever/reranker/context/prompt/generation/citation/answerability localization, safe synthetic fixtures, metrics, docs, and directly synchronized templates | model scapegoating, tuning top-k before source proof, original-document theater while parsed text is broken, stale source mixing, filter blamed as vector failure, reranker candidate starvation, critical evidence truncated or buried, retrieved text treated as instruction, citation decoration, answerability missing state, private corpus dump, access filter bypass, or single satisfaction score hiding layer failure | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | RAG pipeline triaged, localized boundary, trace/source/comparison/eval/metric/privacy ledgers, layer findings, fix or recommendation, evidence level, verification, and remaining RAG pipeline risk |
|
|
483
516
|
| LLM API calls, prompt assembly, chat history, RAG context, tool schemas, structured output schemas, model routing, reasoning settings, token budgets, provider prompt caching, app-level response caching, retries, batch or flex processing, predicted outputs, image or file inputs, or LLM cost metrics are created, changed, reviewed, or reported | `.mustflow/skills/llm-token-cost-control-review/SKILL.md` | Cost surface ledger, request ledger, cache ledger, context ledger, output ledger, routing ledger, observability ledger, changed files, and command contract entries | Request builders, prompt prefix ordering, canonical serialization, prompt hashes, cache keys, token counters, budget guards, model routers, context trimming, RAG packing, tool and schema payloads, output patch formats, retry repair paths, metrics, logs, tests, docs, route metadata, and directly synchronized templates | prompt-cache prefix drift, volatile field before stable prefix, unmeasured token count, full transcript replay, RAG chunk bloat, oversized tool or JSON schema payload, expensive model default, unbounded reasoning, no visible output after token cap, full-output regeneration, full-context retry replay, app cache key leak, predicted-output cost confusion, image or file token surprise, or per-call cost hiding cost-per-success regression | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `prompt_cache_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | LLM token-cost surface reviewed, cost unit and measurement source, stable prefix and cache behavior, app cache/history/RAG/tool/schema/input choices, routing/reasoning/output/retry/Batch/Flex/prediction choices, observability, verification, and remaining token-cost risk |
|
|
484
517
|
| LLM response latency, time to first token, first useful output, streaming, output length, LLM round trips, tool-call wait, prompt-cache latency, model routing, speculative or parallel execution, realtime continuation, priority tiers, predicted outputs, or user-perceived AI speed are created, changed, reviewed, or reported | `.mustflow/skills/llm-response-latency-review/SKILL.md` | Latency target ledger, request timeline ledger, call graph ledger, output ledger, cache ledger, routing ledger, observability ledger, changed files, and command contract entries | Streaming paths, first-useful-output contracts, request timeline metrics, call graph simplification, parallel or speculative work, model routers, fallback cascades, output caps, schema shortening, prompt-cache prefix ordering, cache keys, realtime continuation, priority-tier routing, timeout and cancellation behavior, tests, docs, route metadata, and directly synchronized templates | slow first token, useless streamed preamble, extra sequential LLM round trip, tool wait blocking first output, cache-prefix drift, unmeasured cache miss, verbose output drift, long JSON key or enum overhead, RAG chunk bloat, router escalation loop, prediction-token mismatch, priority-tier misuse, unsafe speculative work, missing cancellation, or raw prompt telemetry leak | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | LLM response-latency surface reviewed, latency unit and request timeline, round trips, parallel/tool/stream/cancel behavior, output/schema/cache/history/RAG/routing/fallback/prediction/realtime/priority choices, observability, verification, and remaining response-latency risk |
|
|
485
518
|
| Autonomous or semi-autonomous LLM agents, agentic workflows, planners, executors, verifiers, tool contracts, tool-call gates, human approval or interrupt flows, durable agent state, handoffs, guardrails, loop budgets, retry policies, trace evaluation, or agent outcome metrics are created, changed, reviewed, or reported | `.mustflow/skills/agent-execution-control-review/SKILL.md` | Autonomy ledger, stage gate ledger, role separation ledger, tool contract ledger, effect ledger, state and resume ledger, memory and context ledger, handoff and guardrail ledger, loop, retry, and budget ledger, trace and eval outcome ledger, changed files, and command contract entries | Workflow-versus-agent routing, stage gates, planner/executor/verifier boundaries, tool contracts, tool argument ownership, draft/execute separation, idempotency keys, approval records, durable checkpoints, state schema versions, memory partitions, handoff filters, guardrails, loop budgets, retry classification, trace spans, eval fixtures, tests, docs, route metadata, and directly synchronized templates | unnecessary autonomous agent, one model self-certifying success, ungated bad plan, ambiguous tool contract, guessed tool argument, relative-path trap, external effect before approval, missing idempotency key, interrupt replay side effect, stale state schema, over-shared handoff, misplaced guardrail, repeated tool loop, blind retry, final-answer-only eval, or unsafe trace data | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Agent execution-control surface reviewed, workflow-versus-agent decision, autonomy envelope, stage gates, role separation, tool contracts, approval and side-effect replay safety, state/resume/memory/handoff/guardrail/loop/retry/trace/eval checks, verification, and remaining agent execution-control risk |
|
|
519
|
+
| Browser automation, UI automation, Playwright, Selenium, Puppeteer, WebDriver, computer-use or browser-driving agents, visual browser verification, flaky selectors, page readiness, authentication state, CAPTCHA or anti-bot handling, rate limits, screenshot checks, retry, timeout, human approval, or browser automation observability is created, changed, reviewed, triaged, or reported | `.mustflow/skills/browser-automation-reliability-review/SKILL.md` | Automation intent ledger, state ledger, readiness ledger, selector and action ledger, auth and identity ledger, external pressure ledger, verification ledger, agent and approval ledger, changed files, and command contract entries | Browser automation state machines, locator contracts, test IDs, accessible names, readiness assertions, frame and popup handlers, input verification, auth fixtures, per-worker account isolation, retry classification, timeout hierarchy, idempotency checks, rate-limit handling, approval gates, manual fallback states, traces, screenshots, redaction, cleanup, tests, docs, route metadata, and directly synchronized templates | sleep-as-readiness, `networkidle` faith, flaky selector string patch, hidden duplicate DOM, skeleton-as-content, stale element handle, force-click default, shared mutable account, CAPTCHA bypass, anti-bot evasion, retry storm, non-idempotent replay, timeout layer mismatch, screenshot-as-business-proof, unredacted trace data, page prompt injection, stale approval resume, coordinate click drift, or unverified browser success claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Browser automation surface reviewed, browser-versus-API boundary, automation owner, state/readiness/locator/actionability/auth/rate-limit/retry/timeout/idempotency decisions, screenshot and business-success evidence, agent page-content trust, approval and resume checks, verification, and remaining browser automation reliability risk |
|
|
486
520
|
| Agent evaluation loops, trace or trajectory grading, LLM judges, verifier agents, outcome scoring, tool-call prechecks or postchecks, eval datasets, golden or dirty sets, pass@k or pass^k metrics, shadow environments, production-monitoring-to-eval pipelines, or agent regression gates are created, changed, reviewed, or reported | `.mustflow/skills/agent-eval-integrity-review/SKILL.md` | Outcome ledger, trace ledger, oracle ledger, tool-boundary ledger, dataset ledger, metric ledger, environment ledger, monitoring ledger, privacy ledger, changed files, and command contract entries | Outcome oracles, trace schemas, trajectory graders, deterministic checkers, model-judge rubrics, human-review sampling, tool prechecks and postchecks, tool-result evidence packets, eval fixtures, golden and dirty sets, shadow-environment adapters, monitoring-to-eval candidate flows, tests, docs, route metadata, and directly synchronized templates | final-answer-only scoring, LLM judge as sole oracle, reasoning claim treated as evidence, self-reflection certifying success, missing final environment state, ungraded unsafe trajectory, missing tool precheck or postcheck, brittle exact tool-order assertion, uncalibrated judge drift, pass@k masking unreliable pass^k, dirty set gating flakiness, raw trace data leak, or production failure not entering evals | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Agent eval-integrity surface reviewed, outcome oracle, final-state and trajectory checks, deterministic/model/human oracle split, tool boundary evidence, golden/dirty/capability/regression metrics, shadow environment, monitoring-to-eval loop, trace privacy, verification, and remaining agent eval-integrity risk |
|
|
487
521
|
| Code review or implementation needs module-boundary triage for change spread, co-change clusters, data ownership, policy ownership, failure ownership, import direction, circular dependencies, DTO leakage, shared/common/utils growth, mock-heavy tests, repeated policy conditions, enum interpretation, repository business logic, anemic domain, domain-to-I/O leakage, transaction boundary mismatch, technical event names, public module API bloat, caller sequencing, premature common helpers, bug/fix distance, config ownership, log responsibility, exception translation, cache invalidation ownership, repeated authorization checks, frontend/backend policy leakage, time policy, batch or worker bypass, or temporary-code accumulation | `.mustflow/skills/module-boundary-review/SKILL.md` | Change reason, changed-file spread, co-change evidence, module graph evidence, ownership evidence, test evidence, and configured command intents | Policy ownership, DTO boundaries, mapper boundaries, module public APIs, import direction, config injection, exception translation, cache invalidation ownership, authorization checks, event facts, worker entrypoints, focused tests, and directly synchronized docs or templates | layer-name theater, role-sliced files that always change together, lower-level modules knowing high-level policy, circular dependency, DTO infection, ownerless shared helper, broad noun module, mock-heavy rule tests, copied policy condition, enum rule scatter, repository-owned business rule, service-only domain, domain I/O coupling, cross-owner transaction, table-change event, exposed internals, caller order dependency, unsafe reuse, repeated temporary branch, bug/fix distance, config chaos, misleading logs, leaked provider or DB errors, stale cache owner drift, copied auth checks, frontend reconstructing backend policy, inconsistent time rules, worker bypass, or random capability loss when a module is removed | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Module boundary reviewed, change-spread and co-change evidence, owner and import findings, boundary fixes or recommendation, evidence level, verification, and remaining module-boundary risk |
|
|
488
522
|
| Code review or implementation needs change-blast-radius triage for maintainability risk from unpredictable next-change spread, historical co-change spread, one change reason scattered across files, multiple change reasons in one file, controller workflow leakage, junk-drawer service names, boolean mode flags, trash-can option objects, scattered domain rules, scattered authorization, hidden state transitions, direct time or randomness, unclear transaction boundaries, external API and DB coupling, retry without idempotency, cache-as-truth decisions, config flag combinations, tenant or partner hardcoding, legacy branches in the core path, DTO/entity/view model mixing, ambiguous nullable values, swallowed exceptions, low-context logs, implementation-coupled tests, mock-heavy tests, decorative abstractions, premature DRY, hidden ordering dependency, invisible event contracts, migration/runtime compatibility, or hard-to-delete features | `.mustflow/skills/change-blast-radius-review/SKILL.md` | User goal, current diff or target files, change-reason ledger, historical co-change ledger, blast-radius ledger, ownership ledger, deleteability ledger, test and operations evidence, and configured command intents | Policy ownership, workflow boundaries, explicit modes, option-object narrowing, authorization owner, state-transition owner, transaction and retry/idempotency boundaries, cache truth boundary, config and tenant variation isolation, legacy adapters, DTO mapping ownership, result types, traceable logs, behavior-focused tests, event contracts, migration compatibility notes, and directly synchronized docs or templates | clean-code theater, unpredictable edit spread, repeated cross-repo co-change, unrelated reasons in one file, controller as boss, junk-drawer service, boolean maze, option combinatorics, copied policy, copied auth, scattered status writes, hidden time or random, partial data after failure, duplicate side effect, stale cache authority, untested flag product, hardcoded customer branch, legacy core pollution, object-language mixing, nullable ambiguity, false success, useless logs, brittle process tests, five-mock class, decorative interface, wrong DRY, order-sensitive line shuffle, ghost event coupling, deploy gamble, or feature that cannot be deleted cleanly | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Change blast radius reviewed, next likely change and owner, historical co-change evidence, spread and deletion path, maintainability findings, fixes or recommendation, verification, and remaining change-spread risk |
|
|
489
523
|
| Code review or implementation needs business-rule-leakage triage for money, permission, ownership, state, settlement, discount, coupon, refund, inventory, notification, subscription, visibility, eligibility, expiry, price, tax, fee, points, reports, tenant scope, UI-only guards, controller eligibility checks, direct status assignment, query predicates as policy, list/detail scope mismatch, admin path bypass, batch hidden policy, tests at the wrong layer, duplicated business constants, date or timezone policy drift, ambiguous `isActive` or `canUse`, authentication/authorization/eligibility mixing, ownership boundary drift, broad update DTOs, PATCH null semantics, mapper logic, default-value drift, misleading error messages, swallowed business failures, transaction/action mismatch, event timing, duplicate requests, webhook trust, out-of-order events, cache-as-rule, search index drift, report or settlement SQL, public text drift, or other bypass entrances | `.mustflow/skills/business-rule-leakage-review/SKILL.md` | User goal, current diff or target files, rule ledger, entrypoint ledger, enforcement ledger, consistency ledger, state/transaction/event/idempotency/default/error evidence, and configured command intents | Shared policy/domain/application/database rule owner, server-side enforcement, reusable query scopes, list/detail consistency, update field restrictions, PATCH intent models, mechanical mappers, default ownership, visible failures, transaction and event boundaries, idempotency, webhook verification, search/detail rechecks, report calculation owners, focused tests, and directly synchronized docs or templates | clean code with leaked money rule, client-only rule, controller judge, scattered status assignment, missing query predicate, URL detail bypass, admin bypass, batch bypass, misplaced test, magic policy number, timezone cutoff drift, vague helper meaning, auth/eligibility blur, user-vs-tenant ownership hole, mass update, PATCH null corruption, mapper policy, default mismatch, error-text lie, false success, half-committed business action, pre-commit event, duplicate refund or coupon use, trusted webhook, stale event transition, wrong cache viewer, dead search result, settlement query drift, support macro drift, or uninspected entrypoint | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Business rule leakage reviewed, source of truth and entrypoints, enforcement and bypass findings, consistency notes, fixes or recommendation, verification, and remaining rule-leakage risk |
|
|
490
|
-
| Payment, checkout, authorization, capture, refund, partial refund, subscription, invoice, trial, grace period, coupon, promotion, inventory reservation, fulfillment, entitlement, settlement, fee, chargeback, dispute, provider webhook, payment session, payment link, payment-provider integration, admin manual payment change, payment log, PCI-sensitive data handling, or payment-related test needs payment-integrity triage for duplicate, late, out-of-order, wrong-actor, wrong-amount, wrong-currency, timeout, retry, idempotency, ledger, reconciliation, or audit risk | `.mustflow/skills/payment-integrity-review/SKILL.md` | User goal, current diff or target files, money-event ledger, provider interaction ledger, state-transition ledger, idempotency and uniqueness ledger, amount and currency ledger, ownership ledger, fulfillment and entitlement ledger, webhook and retry ledger, audit and sensitive-data ledger, existing tests, and configured command intents | Payment state machines, server-side amount calculation, minor-unit money handling, object ownership checks, idempotency keys, provider ID uniqueness, webhook raw-body signature verification, webhook event dedupe, queue handoff, one-time fulfillment, async payment handling, authorization/capture distinctions, refund/dispute/subscription transitions, inventory and coupon reservation, timeout and retry classification, append-only ledgers, secret and payment-data redaction, admin audit trails, stale payment endpoint cleanup notes, focused nightmare-path tests, and directly synchronized docs or templates | paid-boolean shortcut, client-trusted amount, wrong-owner order/payment/refund/subscription ID, amount drift, float money math, missing idempotency, per-retry UUID idempotency, missing provider uniqueness, duplicate webhook, out-of-order webhook, JSON-parsed webhook signature breakage, disabled webhook signature, success-page-as-proof, double fulfillment, async payment premature fulfillment, authorized-treated-as-captured, double refund, missing dispute
|
|
524
|
+
| Payment, checkout, authorization, capture, refund, partial refund, subscription, invoice, credit note, receipt, tax document, trial, grace period, coupon, promotion, inventory reservation, fulfillment, entitlement, settlement, fee, payout, chargeback, dispute, fraud review, card testing, provider webhook, payment session, payment link, payment-provider integration, admin manual payment change, payment log, PCI-sensitive data handling, or payment-related test needs payment-integrity triage for duplicate, late, out-of-order, wrong-actor, wrong-amount, wrong-currency, timeout, retry, idempotency, ledger, reconciliation, or audit risk | `.mustflow/skills/payment-integrity-review/SKILL.md` | User goal, current diff or target files, money-event ledger, provider interaction ledger, state-transition ledger, idempotency and uniqueness ledger, amount and currency ledger, invoice/receipt/tax ledger, dispute and fraud ledger, ownership ledger, fulfillment and entitlement ledger, webhook and retry ledger, audit and sensitive-data ledger, existing tests, and configured command intents | Payment state machines, server-side amount calculation, invoice and line-item snapshots, minor-unit money handling, tax snapshots and reversals, receipt delivery tracking, object ownership checks, idempotency keys, provider ID uniqueness, webhook raw-body signature verification, webhook event dedupe, queue handoff, one-time fulfillment, async payment handling, authorization/capture distinctions, refund/dispute/subscription transitions, inventory and coupon reservation, timeout and retry classification, payout reconciliation, append-only ledgers, secret and payment-data redaction, fraud and card-testing defenses, admin audit trails, stale payment endpoint cleanup notes, focused nightmare-path tests, and directly synchronized docs or templates | paid-boolean shortcut, client-trusted amount, wrong-owner order/payment/refund/subscription ID, amount drift, float money math, missing idempotency, per-retry UUID idempotency, missing provider uniqueness, duplicate webhook, out-of-order webhook, JSON-parsed webhook signature breakage, disabled webhook signature, success-page-as-proof, double fulfillment, async payment premature fulfillment, authorized-treated-as-captured, double refund, missing refund-dispute collision policy, missing tax reversal, receipt delivery gap, chargeback evidence gap, subscription period-only active check, inventory oversell, coupon double spend or lost coupon, timeout-treated-as-failure, blind retry, mutable ledger, payout-as-revenue confusion, card testing exposure, card data logging, test/live secret mix, unaudited admin override, stale payment API, or happy-path-only payment tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Payment integrity reviewed, money-event/provider/state/idempotency/amount/invoice/receipt/tax/ownership/fulfillment/webhook/dispute/fraud/payout/audit map, findings, fixes or recommendation, nightmare-path evidence, verification, and remaining payment-integrity risk |
|
|
491
525
|
| Credit, point, wallet balance, reward point, prepaid credit, usage credit, bonus credit, loyalty point, stored-value balance, balance deduction, accrual, refund, reversal, expiration, reservation, capture, release, admin adjustment, transfer, ledger table, balance cache, reconciliation job, settlement report, or credit-related test needs credit-ledger-integrity triage for ledger identity, idempotency, atomic balance changes, concurrency, ordering, ownership, amount precision, rounding, policy snapshots, expiry lots, reservation state, failure recovery, audit evidence, or reconciliation risk | `.mustflow/skills/credit-ledger-integrity-review/SKILL.md` | User goal, current diff or target files, balance surface ledger, ledger-entry ledger, source identity ledger, atomicity ledger, amount and unit ledger, ownership ledger, expiry and lot ledger, reservation ledger, queue and cache ledger, audit and reconciliation ledger, existing tests, and configured command intents | Ledger-entry models, source identifiers, idempotency comparison, conditional balance updates, database constraints, transaction boundaries, row-lock targets, optimistic-lock retry classification, amount validation, rounding policy, non-negative invariants, refund and reversal modeling, partial-use handling, expiry lot allocation, reservation/capture/release transitions, queue idempotency and ordering, cache invalidation, replica-read routing, admin adjustment audit trails, reconciliation checks, evidence logs, focused concurrency and failure tests, and directly synchronized docs or templates | mutable-balance-only path, missing source key, weak idempotency comparison, read-then-update subtraction, unchecked affected rows, split transaction, wrong lock target, optimistic retry double-spend, float credit math, hidden rounding rule, negative or zero amount abuse, app-only non-negative promise, missing unique ledger key, generic balance increase refund, partial refund blind spot, expiry lot loss, expiry batch race, missing reservation state, arbitrary status update, queue reorder damage, duplicate consumer delivery, cache-trusted deduction, replica stale balance, unaudited admin adjustment, request-body wallet ownership, current-price recalculation, missing policy snapshot, no failure injection, no balance-vs-ledger reconciliation, vague deduction log, or happy-path-only credit tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Credit ledger integrity reviewed, balance/ledger/source/atomicity/amount/ownership/expiry/reservation/queue/cache/audit/reconciliation map, findings, fixes or recommendation, nightmare-path evidence, verification, and remaining credit-ledger integrity risk |
|
|
526
|
+
| Notification generation, email, push, SMS, in-app inbox, digest, reminder, campaign, announcement, marketing message, transactional message, security alert, receipt, legal notice, notification preference, unsubscribe, suppression, quiet hours, timezone schedule, provider webhook, delivery attempt, notification template, or notification audit work needs notification-delivery triage for duplicate, late, suppressed, unsubscribed, wrong-channel, quiet-hours, timezone, retry, provider-webhook, hard-bounce, complaint, invalid-token, fallback, or audit risk | `.mustflow/skills/notification-delivery-integrity-review/SKILL.md` | User goal, current diff or target files, notification event ledger, notification intent ledger, recipient/channel/category ledger, preference and legal policy ledger, suppression ledger, schedule/timezone/quiet-hours/digest ledger, delivery job and attempt ledger, provider event ledger, in-app inbox ledger, audit/security/privacy/operations ledger, existing tests, and configured command intents | Source event and outbox records, notification intent records, preference snapshots, final pre-send rechecks, suppression records, schedule records, timezone-safe recurring intent, quiet-hours behavior, digest records, delivery jobs, delivery attempts, provider event receipts, provider webhook signature and dedupe handling, in-app inbox state, semantic dedupe keys, queue priority, retry classification, template snapshots, redacted audit logs, campaign dry run/sample/canary/ramp-up/kill-switch controls, focused hostile-path tests, and directly synchronized docs or templates | sendNotification shortcut, global opt-out, marketing consent bypass, provider acceptance treated as delivery, missing outbox, stale recipient scope, hard bounce ignored, complaint ignored, one-click unsubscribe missing, link-scanner mutation, stale push token, logout token leak, collapse key misuse, lockscreen data leak, in-app inbox count drift, mark_all_read_before race, semantic dedupe key missing, aggregation hidden as dedupe, digest window drift, quiet-hours delayed blast, timezone DST bug, provider limit starvation, unknown provider outcome blind retry, poison notification loop, provider webhook signature or dedupe gap, template render-time leak, account deletion pending-send leak, fallback spam, dry-run/sample/canary gap, no why-sent or why-suppressed audit, or happy-path-only notification tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Notification delivery reviewed, source-event/intent/recipient/preference/suppression/schedule/digest/delivery/provider/inbox/audit map, findings, fixes or recommendation, hostile-path evidence, verification, and remaining notification-delivery risk |
|
|
492
527
|
| Code review or implementation needs api-misuse-resistance triage for APIs, SDKs, function boundaries, service methods, endpoints, command methods, DTOs, request shapes, response shapes, operation names, call ordering, lifecycle setup, boolean parameters, option bags, null or empty semantics, internal table leakage, string-only errors, success-only failure models, idempotency, pagination, sorting, filtering, authorization shape, status mutation, PATCH command buses, time formats, money amounts, open enums, async jobs, bulk partial failures, cacheability, response size, overfragmented calls, internal/external API mixing, version policy, deprecation telemetry, rate limits, retry hints, observability, SDK ergonomics, or caller contract tests | `.mustflow/skills/api-misuse-resistance-review/SKILL.md` | User goal, current diff or target files, caller ledger, operation ledger, shape ledger, compatibility evidence, existing style, and configured command intents | Operation-centered names, explicit lifecycle or builder boundaries, named options or split operations, narrowed option bags, explicit absence and PATCH semantics, public DTO mapping, stable errors, idempotency metadata, cursor stability, auth-specific operations, command-shaped state changes, time and money units, unknown enum handling, job resources, item-level bulk results, cache and rate-limit hints, observability fields, SDK examples, focused tests, and directly synchronized docs or templates | implementation-leaking name, hidden state machine, boolean riddle, trash-can options, null folklore, DB schema frozen as API, string-only error, success-only design, duplicate side effect, moving-list pagination, random default order, hidden permission mode, illegal status transition, PATCH-as-command bus, timezone ambiguity, floating money, closed external enum, fake synchronous completion, erased partial failure, uncacheable expensive read, all-in-one payload bloat, frontend-as-backend call graph, internal/external contract blur, decorative version number, unmeasured deprecation, retry-hostile rate limit, untraceable operation, awkward SDK, happy-path-only contract test, or first-time caller trap | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | API misuse resistance reviewed, caller and operation ledgers, shape and contract findings, fixes or recommendation, compatibility notes, verification, and remaining caller-misuse risk |
|
|
493
528
|
| Code review or implementation needs error-message-integrity triage for error text, error codes, validation messages, parse failures, API or CLI error envelopes, public user messages, internal logs, structured diagnostics, exception wrapping, provider errors, retryable flags, idempotency errors, queue or batch failures, partial failures, permission errors, conflict errors, impossible-state errors, support IDs, redaction, stable machine fields, monitoring fields, or troubleshooting text | `.mustflow/skills/error-message-integrity-review/SKILL.md` | User goal, current diff or target files, error audience ledger, error contract ledger, disclosure ledger, recovery ledger, and configured command intents | Stable error codes, expected/actual fields, failed-operation context, reasons, safe identifiers, public/internal message split, redaction, retryability, idempotency metadata, provider metadata, parse positions, range bounds, conflict facts, partial-failure summaries, structured log fields, focused tests, and directly synchronized docs or templates | empty failed label, invalid-value fog, missing action, result repeated as cause, no work context, public/internal message mixing, sensitive value leak, missing safe identifier, retry ambiguity, try-again-later dodge, unstable string-only code, overbroad error bucket, validation info leak, parse location missing, range without bounds, timezone ambiguity, provider evidence loss, cause destruction, brittle message concatenation, prose-only logs, internal jargon in user text, permission existence leak, should-never-happen message, vague conflict, idempotency uncertainty, missing attempt count, partial failure erased, untested error contract, no 30-second next action, or call-site-specific taxonomy drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Error message integrity reviewed, surfaces and audiences, code/message contract, evidence and redaction findings, fixes or recommendation, verification, and remaining error-message risk |
|
|
494
529
|
| Object lifetime, retained references, cleanup symmetry, event listeners, timers, subscriptions, goroutines, threads, workers, streams, native handles, caches, queues, registries, closures, or memory/resource leak risk is created, changed, reviewed, or reported | `.mustflow/skills/memory-lifetime-review/SKILL.md` | Lifetime surface, setup sites, cleanup sites, retainer graph, repetition path, success and error paths, and configured command intents | Teardown, cancellation, ownership, weak-reference, eviction, queue-bound, stream-close, worker-shutdown, lifecycle-symmetry code, focused tests, and directly synchronized docs or templates | long-lived owner retaining short-lived object, setup without cleanup, unstable listener identity, timeout without cancellation, unbounded cache or queue, debug/log retention, leaked goroutine/thread/worker, native handle leak, finalizer-only cleanup, weak-reference cover-up, or missing repeated-lifecycle proof | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Lifetime boundary, setup and cleanup owners, retainer paths, long-lived owners and short-lived objects, repeated-lifecycle proof, verification, and remaining lifetime risk |
|
|
@@ -506,7 +541,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
506
541
|
| Code review or implementation needs observability-debuggability triage for logs, metrics, traces, spans, structured events, telemetry context, collectors, exporters, telemetry queues, dashboards, alerts, runbooks, sampling, redaction, dependency calls, queues, batch jobs, caches, pools, rate limits, feature flags, releases, migrations, or partial-success paths where operators need to narrow incidents quickly without high-cardinality metric explosions, missing denominator counters, lost trace context, silent telemetry loss, or sensitive telemetry leakage | `.mustflow/skills/observability-debuggability-review/SKILL.md` | Incident question, signal inventory, request or job identity, metric model, trace and event model, log model, operational domain, telemetry pipeline evidence, privacy and retention constraints, verification evidence, and configured command intents | Structured event names, safe reason codes, total and failure counters, latency distributions, low-cardinality labels, trace and span context, dependency and operation names, async propagation, per-attempt telemetry, queue or batch lag signals, pool saturation metrics, release and feature attribution, telemetry self-metrics, signal pipeline survival checks, redaction, focused tests, and directly synchronized docs or templates | success-only log, no denominator, average-only latency, mixed success and error latency, raw URL label, raw user label, raw SQL telemetry, high-cardinality metric label, missing trace or span id, broken async trace propagation, attempt and operation collapse, generic timeout bucket, missing dependency name, missing idempotency or message evidence, missing queue age, missing batch last-success timestamp, missing pool saturation, missing release attribution, decorative metric, alert without action, dropped telemetry invisible, read-path visibility blind spot, sampling drops errors, unsafe baggage, or sink-side-only masking | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Observability boundary reviewed, incident question and signal ledger, metric/trace/log/pipeline/cardinality/privacy findings, evidence level, verification, and remaining observability-debuggability risk |
|
|
507
542
|
| Code review, runbook work, or incident report needs incident-triage review for outages, degradations, timeout spikes, p95 or p99 latency spikes, queue backlog, pool saturation, CPU-idle slowness, memory pressure, OOM, disk or inode pressure, DNS or network failure, load balancer 5xx, Kubernetes node or pod issues, deployment regression, cache stampede, cron or batch spikes, Redis slowdown, DB lock waits, connection leaks, ephemeral-port exhaustion, conntrack saturation, or log floods where operators need to narrow the first bad time, affected slice, recent change, wait class, dependency, and manual-only diagnostics before reading every log | `.mustflow/skills/incident-triage-review/SKILL.md` | Incident frame, time evidence, scope axes, saturation and wait evidence, dependency evidence, change evidence, safety constraints, repository runbook or telemetry evidence, and configured command intents | Runbook steps, alert metadata, incident evidence checklists, telemetry contract notes, dashboard descriptions, test fixtures, docs, and directly synchronized templates that preserve first-bad-time, scope split, change ledger, wait classification, dependency split, success-versus-failure comparison, and manual-only diagnostic boundaries | average-only latency, all-logs-first triage, deployment dismissal, success-only comparison, proxy/app 5xx mixing, app-log-only OOM review, CPU-idle slowness ambiguity, DB-index reflex, pool-wait blindness, queue-lag understatement, cache-hit-rate overtrust, ping-only network checks, pod-only Kubernetes review, disk-capacity-only checks, log-volume blind spots, private incident-log capture, or raw live diagnostic commands treated as agent-authorized | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Incident boundary reviewed, first bad time and affected scope, change/success-failure/latency/resource/wait/dependency evidence, elimination ledger, manual-only diagnostics, verification, and remaining incident-triage risk |
|
|
508
543
|
| Code review, implementation, runbook work, or release preparation needs deployment-rollout safety review for server, backend, worker, scheduler, queue, cron, container, VM, serverless, DB migration, config, feature flag, cache, deployment pipeline, release envelope, image digest, deployment history, traffic rollback, canary, rollback, health check, readiness/liveness/startup probe, graceful shutdown, artifact promotion, release observability, or post-deploy smoke behavior where the deploy must be rolled out, stopped, observed, and rolled back safely | `.mustflow/skills/deployment-rollout-safety-review/SKILL.md` | Deployment resource ledger, release envelope, artifact identity, environment promotion path, deployment model, compatibility matrix, config diff, migration order, rollback history, traffic rollback path, cache and message compatibility, probe model, shutdown and drain behavior, canary cohort, version-split telemetry, stop conditions, rollback limits, synthetic transactions, post-deploy metrics, and configured command intents | Runbooks, release checklists, pipeline metadata, smoke tests, probe tests, config validation, feature-flag defaults, cache-key versions, worker-drain handling, deployment attribution, rollback compatibility notes, focused tests, and directly synchronized templates | unknown blast radius, missing release id, mutable latest tag, tag without digest, per-environment rebuild drift, deleted rollout history, cold old version, traffic rollback tied to rebuild, code and migration lockstep, destructive rollback SQL overclaim, missing PITR practice, config in-place mutation, missing startup config validation, process-only health check, readiness/liveness/startup probe collapse, liveness restart loop, ungraceful shutdown, load balancer drain shorter than app shutdown, worker work loss, non-idempotent queue retry, N-1 message incompatibility, unknown event poison message, missing external compensation, API N-1 or N+1 break, missing kill switch, unsafe flag fallback, vague canary cohort, global-average canary metrics, no automatic stop condition, read-only smoke, log format alert breakage, blanket cache flush, scheduler duplicate execution, CRD or operator downgrade break, missing deployment lock, production command without dry-run, or code-only rollback overclaim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Deployment rollout boundary reviewed, resource ledger and release envelope, artifact identity, config/migration/cache/queue/API/probe/shutdown/canary/rollback/observation findings, verification, and remaining deployment-rollout risk |
|
|
509
|
-
| Code review, implementation, runbook work, or infrastructure review needs cloud-cost-guardrail review for cloud accounts, projects, subscriptions, environments, Kubernetes namespaces, serverless, databases, object storage, block storage, snapshots, NAT, private endpoints, public IPs, egress, CDN, logs, metrics, traces, autoscaling, quotas, budgets, tags, temporary resources, container registries, Marketplace, LLM APIs, external APIs, or third-party SaaS where spend must be attributed, capped, lifecycle-managed, alerted, and safely stoppable before a silent bill explosion | `.mustflow/skills/cloud-cost-guardrail-review/SKILL.md` | Cost surface ledger, budget actual and forecast thresholds, automated non-production action path, account or project isolation, quota and cap model, tag taxonomy, temporary resource expiration, network cost model, telemetry cost model, storage lifecycle model, commitment baseline, Marketplace or LLM usage limits, and configured command intents | Cost guardrail docs, infrastructure policy files, review checklists, tag schemas, quota notes, budget-action runbooks, cleanup rules, retention defaults, autoscale caps, Kubernetes ResourceQuota and LimitRange notes, registry lifecycle policies, provider usage caps, focused tests, and directly synchronized templates | notification-only budget, imagined hard spending limit, mixed prod and dev account, over-wide service quota, missing owner tag, tag-key chaos, no expires_at, stopped VM with NAT or DB still running, unbounded autoscale, missing Kubernetes ResourceQuota, inflated requests growing nodes, cloud-native service through NAT, untracked egress, cross-AZ surprise, idle public IPv4, no CDN cache cost control, log ingest flood, infinite retention, high-cardinality metric label, unbounded flow or audit logs, object lifecycle missing, cold-storage minimum-duration trap, stale block volume type, snapshot landfill, sticky DB storage growth, unbounded registry images, premature commitment, stateful spot misuse, unmonitored Marketplace or LLM spend, or no safe cost stop runbook | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Cloud cost boundary reviewed, cost surface ledger, budget and action model, isolation/quota/tag/autoscale/Kubernetes/network/telemetry/storage/registry/commitment/spot/Marketplace/LLM/SaaS guardrail findings, manual-only provider checks, verification, and remaining cloud-cost risk |
|
|
544
|
+
| Code review, implementation, runbook work, or infrastructure review needs cloud-cost-guardrail review for cloud accounts, projects, subscriptions, environments, Kubernetes namespaces, serverless, databases, object storage, block storage, snapshots, NAT, private endpoints, public IPs, egress, CDN, logs, metrics, traces, autoscaling, quotas, budgets, tags, temporary resources, container registries, Marketplace, LLM APIs, external APIs, or third-party SaaS where spend must be attributed, capped, lifecycle-managed, alerted, and safely stoppable before a silent bill explosion | `.mustflow/skills/cloud-cost-guardrail-review/SKILL.md` | Cost surface ledger, budget actual and forecast thresholds, automated non-production action path, account or project isolation, quota and cap model, tag taxonomy, temporary resource expiration, network cost model, telemetry cost model, storage lifecycle model, commitment baseline, Marketplace or LLM usage limits, and configured command intents | Cost guardrail docs, infrastructure policy files, review checklists, tag schemas, quota notes, budget-action runbooks, cleanup rules, retention defaults, autoscale caps, Kubernetes ResourceQuota and LimitRange notes, registry lifecycle policies, provider usage caps, focused tests, and directly synchronized templates. CI runner minutes, workflow matrix cost, artifact retention, cache quota, and release asset handoff route to `ci-pipeline-triage` first | notification-only budget, imagined hard spending limit, mixed prod and dev account, over-wide service quota, missing owner tag, tag-key chaos, no expires_at, stopped VM with NAT or DB still running, unbounded autoscale, missing Kubernetes ResourceQuota, inflated requests growing nodes, cloud-native service through NAT, untracked egress, cross-AZ surprise, idle public IPv4, no CDN cache cost control, log ingest flood, infinite retention, high-cardinality metric label, unbounded flow or audit logs, object lifecycle missing, cold-storage minimum-duration trap, stale block volume type, snapshot landfill, sticky DB storage growth, unbounded registry images, premature commitment, stateful spot misuse, unmonitored Marketplace or LLM spend, CI billing routed to broad cloud review before localizing workflow cost, or no safe cost stop runbook | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Cloud cost boundary reviewed, cost surface ledger, budget and action model, isolation/quota/tag/autoscale/Kubernetes/network/telemetry/storage/registry/commitment/spot/Marketplace/LLM/SaaS guardrail findings, manual-only provider checks, verification, and remaining cloud-cost risk |
|
|
510
545
|
| Code review or implementation needs rate-limit integrity triage for rate limits, throttling, quotas, API usage limits, request costs, token bucket, leaky bucket, fixed window, sliding window counter, sliding window log, GCRA, Redis counters, Lua or EVAL updates, CDN or WAF limits, gateway limits, service limits, tenant, user, API key, route group, IP, 429, `Retry-After`, `RateLimit`, shadow mode, operator reset, async enqueue, cached-hit counting, or concurrency-limit overlap that must protect a named resource without bypass, unfairness, counter drift, storage growth, retry storms, or misleading client hints | `.mustflow/skills/rate-limit-integrity-review/SKILL.md` | Protected resource ledger, cost-weighted request ledger, layer model, key model, algorithm and storage model, failure mode model, response contract, observability and operator evidence, and configured command intents | Protected-resource definitions, request cost weights, per-key policy, layered limit placement, route-template keys, atomic counter updates, TTLs, storage-time use, fail-open or fail-closed policy, blocked-decision cache, shadow mode, 429 response shape, observability fields, operator lookup or reset behavior, focused tests, and directly synchronized docs or templates | algorithm-first limiter, request-count-only quota, IP-only authenticated key, raw URL key explosion, missing identity-header policy, fixed-window boundary burst, costly sliding-window log on hot paths, non-atomic Redis read-modify-write, missing counter TTL, Redis Cluster hash-slot failure, app-server clock reset drift, process-local global quota, approximate edge limit treated as precise, hidden fail-open, free failed responses, rate versus concurrency confusion, unhelpful or leaky 429, synchronized retry wave, unsafe allow-decision cache, no shadow-mode ramp, missing policy id logs, raw Redis reset, unlimited async enqueue, cached CDN hit ambiguity, or rate limit treated as authorization or hard cost control | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Rate-limit policy boundary reviewed, protected resource and cost/layer/key/storage/fail-mode/response/operator model mapped, evidence level, verification, and remaining rate-limit-integrity risk |
|
|
511
546
|
| Code review or implementation needs idempotency-integrity triage for repeated requests, retries, duplicate POST/PATCH/DELETE calls, webhooks, provider callbacks, queue redelivery, scheduler or batch reruns, double clicks, app restarts, timeout recovery, external API callbacks, or duplicate business commands that can apply the same logical operation more than once | `.mustflow/skills/idempotency-integrity-review/SKILL.md` | Operation identity ledger, side-effect ledger, durable dedupe evidence, duplicate response policy, concurrency and recovery evidence, queue/webhook/scheduler/batch evidence, test evidence, and configured command intents | Durable idempotency records, request body hash checks, user and tenant binding, operation-type and target-resource binding, unique constraints, atomic insert-or-return behavior, state guards, affected-row checks, inbox and outbox records, applied-event ledgers, provider result lookup, response replay, processing lease recovery, focused duplicate tests, and directly synchronized docs or templates | POST-only assumption, idempotency key without durable storage, key not bound to payload or actor, memory-only or Redis-TTL-only dedupe, app-only `exists` then `insert`, missing unique index, duplicate success response drift, failed-attempt caching mistake, timeout treated as failure, external API before local operation record, provider idempotency used as internal proof, unconditional status update, duplicate increment, DELETE side-effect replay, GET hidden mutation, queue ack before durable commit, queue redelivery damage, webhook replay or stale event overwrite, scheduler rerun duplication, missing outbox or inbox, double compensation, stuck `PROCESSING`, lock-only proof, frontend-only debounce, or missing duplicate-path tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Idempotency boundary reviewed, logical operation and duplicate sources mapped, operation identity/payload/response/recovery evidence, durable dedupe and side-effect findings, tests or evidence level, verification, and remaining idempotency-integrity risk |
|
|
512
547
|
| Code review or implementation needs retry-policy integrity triage for retry loops, SDK retry configs, client middleware, `while true`, `for (;;)`, recursive retry, `maxAttempts`, `maxRetries`, `maxElapsedTime`, deadline, timeout, sleep, backoff, jitter, `Retry-After`, retry predicates, layered retries, circuit breakers, bulkheads, token buckets, queue redelivery, broker retry, cancellation-aware sleep, or retry observability that can amplify failures, duplicate side effects, hide permanent errors, exhaust pools, or overload dependencies | `.mustflow/skills/retry-policy-integrity-review/SKILL.md` | Retry surface, layered retry ledger, attempt budget, retry predicate, side-effect and idempotency ledger, backoff and jitter policy, overload and throttling evidence, observability and test evidence, and configured command intents | Bounded attempts, max elapsed time, per-attempt timeout, total deadline, cancellation propagation, retry predicates, exponential backoff with jitter, `Retry-After` parsing and clamping, idempotency key reuse, dependency-specific policy, retry wrapper diagnostics, per-attempt logs and metrics, focused retry tests, and directly synchronized docs or templates | retry amplification, infinite retry, capped backoff without stop condition, timeout gap for DNS, TLS, pool wait, streaming, or parsing, fixed-sleep herd behavior, broad catch-and-retry, permanent error retry, unknown-outcome replay, new idempotency key per attempt, key not bound to actor or payload, retry inside transaction or lock, pool starvation, unlimited parallel retry, stale per-key failure counter, global limiter unfairness, wrong circuit breaker or bulkhead order, wrapper losing cause/status/retry-after/request id, committed-response retry, non-replayable streaming body retry, app-plus-broker retry multiplication, cancellation-ignoring sleep, generic dependency policy, missing retry metrics, or happy-path-only retry tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Retry policy boundary reviewed, layer multiplication and attempt budget mapped, timeout/backoff/predicate/idempotency/throttling findings, evidence level, verification, and remaining retry-policy-integrity risk |
|
|
@@ -575,8 +610,9 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
575
610
|
| Trigger | Skill Document | Required Input | Edit Scope | Risk | Verification Intents | Expected Output |
|
|
576
611
|
| --- | --- | --- | --- | --- | --- | --- |
|
|
577
612
|
| Environment variables, config keys, secrets, public env prefixes, build-time or runtime config, config schemas or parsers, feature flags, deployment variables, CI secrets, Docker or Compose env, Kubernetes ConfigMaps or Secrets, Cloudflare bindings, Vite, Next.js, Astro, SvelteKit, Tauri, Node, Bun, generated env types, `.env` examples, config docs, or config validation behavior are created, changed, reviewed, or reported | `.mustflow/skills/config-env-change/SKILL.md` | Key name, value meaning, sensitivity, visibility, timing, required environments, owner, default, validation shape, config source of truth, read-first surfaces, platform timing, deployment surfaces, generated types, docs, tests, and command contract entries | Config schemas, parser code, runtime loader wiring, generated type expectations, fake-value env examples, deployment docs, tests, CI or deployment variable names, feature flag defaults, redacted validation errors, and deprecation notes | secret leak, public-prefix misuse, build-time/runtime confusion, stale deploy config, missing `.env.example`, unchecked raw env read, boolean truthiness bug, unredacted error, stale feature flag, production fallback from local/test, or missing restart/rebuild/rollout note | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Keys or flags changed, sensitivity, visibility, timing, required action after value change, source of truth, synchronized surfaces, public/private boundary, redaction notes, build/runtime classification, feature flag behavior, verification, and remaining config/env risk |
|
|
578
|
-
| Authentication, authorization, permission, effective-permission decision, role, tenant, session, JWT, OAuth/OIDC, API key, route guard, admin, impersonation, database policy, object-level access control, or permission cache behavior is created or changed | `.mustflow/skills/auth-permission-change/SKILL.md` | Actors, principals, permission decision tuple, effective permissions, tenants, resources, actions, context, auth middleware, sessions, tokens, API keys, route guards, server policy, DB policy, role matrix, audit, and tests | Auth middleware, policy functions, controllers, services, jobs, webhooks, database queries, RLS, UI guards, audit logs, docs, migrations, and tests | authentication treated as authorization, role column mistaken for effective permission, unexplained allow or deny, client guard trusted as security, object-level authorization bypass, cross-tenant leak, stale token or cache permission, over-broad admin/API-key scope, or missing denial tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Auth/authz boundary, principal/tenant/resource/action/context, effective permission, policy version, decision explanation, revocation window, policy source of truth, server/database enforcement, client UX-only guards, denial coverage, verification, and remaining permission risk |
|
|
613
|
+
| Authentication, authorization, permission, effective-permission decision, role, RBAC/ABAC policy, tenant, organization or team membership, session, cookie, JWT, refresh token, OAuth/OIDC, MFA, passkey, account recovery, API key, route guard, admin, impersonation, database policy, object-level access control, or permission cache behavior is created or changed | `.mustflow/skills/auth-permission-change/SKILL.md` | Actors, principals, permission decision tuple, effective permissions, tenants, organizations, teams, resources, actions, context, auth middleware, sessions, cookies, tokens, refresh-token store, OAuth/OIDC, MFA/passkeys, API keys, route guards, server policy, DB policy, role matrix, audit, and tests | Auth middleware, policy functions, controllers, services, jobs, webhooks, database queries, RLS, UI guards, audit logs, docs, migrations, and tests | authentication treated as authorization, role column mistaken for effective permission, unexplained allow or deny, client guard trusted as security, object-level authorization bypass, cross-tenant leak, stale token or cache permission, refresh-token reuse gap, account-recovery privilege escalation, over-broad admin/API-key scope, or missing denial tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Auth/authz boundary, principal/tenant/resource/action/context, effective permission, policy version, decision explanation, revocation window, policy source of truth, server/database enforcement, client UX-only guards, account-takeover response, denial coverage, verification, and remaining permission risk |
|
|
579
614
|
| API security review needs api-access-control triage for BOLA or IDOR, effective permission decisions, broken authentication, object-level authorization, object-property authorization, function-level authorization, request-supplied user, tenant, role, or owner identifiers, tenant isolation, scoped admin, list/detail mismatch, write permissions, mass assignment, DTO exposure, client-only admin, temporary public holes, router order, GraphQL resolvers, batch APIs, exports, downloads, previews, signed storage URLs, cache keys, async job revalidation, webhook ownership mapping, OAuth or OIDC confusion, JWT verification, stale token claims, session rotation, cookie flags, reauthentication, reset tokens, account enumeration, automation defense, internal identity planes, or denial-case matrices | `.mustflow/skills/api-access-control-review/SKILL.md` | User goal, current diff or target files, subject-object-action-context ledger, decision explanation ledger, object authorization ledger, property authorization ledger, function authorization ledger, authentication proof ledger, denial evidence, and configured command intents | Server-side object checks, tenant-scoped lookups, relationship checks, function-level checks, property allowlists, DTO mappers, signed URL scoping, cache-key dimensions, worker revalidation, webhook ownership mapping, token/session/cookie hardening, reauthentication gates, enumeration-safe responses, rate limits, audit logs, focused denial tests, and directly synchronized docs or templates | login-as-authorization, request-owned identity trust, findById before owner check, role-only admin, unexplainable allow/deny decision, list/detail authorization drift, read/write permission confusion, mass assignment, entity DTO leak, client-only admin, permitAll leak, route shadowing, resolver bypass, batch item bypass, export/download bypass, signed URL bypass, tenantless query or cache, stale queue permission, webhook ownership confusion, OAuth/OIDC token confusion, decoded-but-unverified JWT, stale token claim, session fixation, weak cookie, missing reauth, reusable reset token, account enumeration, automation abuse, internal account exposure, or happy-path-only auth tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | API access control reviewed, subject/object/action/field/tenant map, effective permission and decision-explanation findings, object/property/function/auth findings, fixes or recommendation, denial evidence, verification, and remaining API access-control risk |
|
|
615
|
+
| Admin panel, backoffice tool, support console, operator dashboard, staff API, internal dashboard, admin RBAC or ABAC, scoped operator role, audit log, object change history, impersonation, dangerous action, approval flow, export, import, bulk operation, admin search or filter, production guardrail, PII masking, admin session, MFA, or operational-evidence work needs admin-control-plane safety triage | `.mustflow/skills/admin-control-plane-safety-review/SKILL.md` | User goal, current diff or target files, admin actor and session ledger, permission ledger, resource and field ledger, dangerous action ledger, audit and change-history ledger, impersonation ledger, search/filter/export/import/bulk ledger, role matrix, admin docs, runbooks, existing tests, and configured command intents | Scoped admin permission checks, trusted-layer enforcement, server-side field allowlists, tenant-scoped lookups, step-up authentication, dangerous-action previews and confirmations, approval gates, audit records, change-history records, impersonation controls, export/import controls, bulk dry-run and job controls, search and filter limits, production guardrails, focused hostile-path tests, and directly synchronized docs or templates | single `is_admin` shortcut, UI-only admin gate, hidden button trusted as security, support bypass, role-only operator permission, missing explicit deny, missing admin MFA or step-up, audit log confused with change history, editable audit trail, impersonation without actor and subject, export-as-harmless-read, unlimited PII CSV, import mass assignment, bulk click without dry run, preview payload trusted at execution, missing idempotency, no cancel or partial-failure report, production/staging confusion, unmasked sensitive search, unaudited PII read, or happy-path-only admin tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Admin control plane reviewed, operator persona and environment scope, effective permission and trusted enforcement findings, admin session and production guardrails, audit versus change-history findings, impersonation/dangerous-action/export/import/bulk/search/filter findings, hostile-path evidence, verification, and remaining admin-control-plane risk |
|
|
580
616
|
| File upload, import, attachment, direct-to-storage upload, remote file fetch, archive extraction, thumbnail, preview, image resize, OCR, media transcode, document conversion, antivirus scan, CDR, file metadata, storage key, public file URL, signed upload URL, signed download URL, CDN delivery, file download, uploaded filename display, or file lifecycle test needs file-upload-security triage across validation, storage, processing, serving, and cleanup | `.mustflow/skills/file-upload-security-review/SKILL.md` | User goal, current diff or target files, upload entrypoint ledger, file identity ledger, validation ledger, processing ledger, serving ledger, existing tests or abuse cases, storage policy evidence, and configured command intents | Server-side type allowlists, decoded and normalized filename checks, generated storage keys, path containment checks, overwrite protection, upload size and count limits, quota checks, quarantine states, scanner gates, parser sandboxing, archive extraction guards, CSV formula neutralization, metadata stripping, image rewriting, signed URL constraints, download authorization, response headers, filename encoding, audit logs, cleanup rules, focused denial tests, and directly synchronized docs or templates | client-only file restriction, trusted MIME label, extension check before normalization, blocklist-only type policy, original-name-only validation, user-controlled storage key, path traversal, long-name exception leak, overwrite or key guessing, executable web-root storage, web-server handler execution, magic-byte theater, polyglot file, metadata payload, active SVG or HTML, unsafe PDF or Office preview, Zip Slip, decompression bomb, CSV formula injection, remote fetch SSRF, scan-after-publication gap, unsandboxed parser, weak presigned URL policy, direct-to-storage pre-scan publication, tenant key collision, missing download authorization, unsafe response header, filename XSS or header injection, chunk assembly bypass, quota bypass, orphan file leak, or happy-path-only upload tests | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | File upload security reviewed, upload/file identity/storage/validation/processing/serving/cleanup map, findings, fixes or recommendation, denial evidence, verification, and remaining file-upload security risk |
|
|
581
617
|
| Code review or implementation needs security-flow triage by tracing values from source to sink across authorization, object ownership, tenant scoping, IDOR or BOLA risk, list/detail/export scope, state-changing permissions, mass assignment, admin-only surfaces, cache keys, sort/filter/field injection inputs, ORM raw paths, shell wrappers, SSRF, file upload and extraction, path traversal, XSS, CSRF, OAuth, reset tokens, JWTs, cookies, cryptography, logs, fail-open error handling, queued work, race conditions, or supply-chain and CI/CD paths | `.mustflow/skills/security-flow-review/SKILL.md` | User goal, current diff or target files, security claim, source-to-sink map, actor and resource map, read and write surfaces, framework escape hatches, existing tests or scanner findings, and configured command intents | Server-side ownership checks, tenant-scoped queries, allowlisted updates, cache-key dimensions, URL and path validation, parser or renderer boundaries, upload and extraction limits, token validation, cookie flags, fail-closed error handling, queue revalidation, idempotency, focused tests, and directly synchronized docs or templates | dangerous-keyword theater, authentication treated as authorization, UUID-as-lock assumption, list/detail scope drift, export over-disclosure, state change via raw body status, mass assignment, frontend-only admin gate, cache viewer leak, ORDER BY injection, ORM raw escape hatch, shell wrapper injection, SSRF, unsafe upload preview, Zip Slip, decompression bomb, path traversal, XSS, CSRF, weak OAuth state, reset-token reuse, stale JWT claims, broad cookie domain, custom crypto, token or PII logging, missing security logs, fail-open permission, stale queued permission, duplicate money or entitlement effect, postinstall or CI secret exposure | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Security flow reviewed, source/sink/actor/resource/tenant map, authorization and ownership notes, input/file/network/browser/token/cookie/crypto/log/fail-open/async/race/cache/supply-chain findings, fixes or recommendation, tests or invariant evidence, verification, and remaining security-flow risk |
|
|
582
618
|
| Code, configuration, docs, templates, logs, telemetry, traces, baggage, behavior analytics, credentials, data flows, data residency policy, region or processing-location claims, AI-generated code, authentication, authorization, client-only permission checks, admin operations, audit logs, cache policy, cache-as-authority decisions, claim or policy data, comparison or affiliate data, user-generated content, sessions, tokens, uploads, downloads, signed URLs, API responses, webhooks, job queues, external API call records, external requests, third-party data-use terms, runtime security patch policy, deployment settings, dependencies, cryptography, secure transport, scanner gates, security invariants, or agent configuration affect secrets, personal data, retention, access control, vendor disclosure, or external disclosure | `.mustflow/skills/security-privacy-review/SKILL.md` | Changed files, sensitive surfaces, actor and resource owner, data-owner boundary, data residency and processing-location boundary, runtime patch boundary, AI gateway or budget boundary, server-side authorization rule, file upload/download boundary, API response field boundary, behavior analytics surface, trace or baggage surface, webhook or external-call record surface, admin operation surface, audit-log surface, cache visibility and authority policy, claim or affiliate policy surface, session or token surface, external target, dependency source, third-party data-use or terms surface, cryptography or transport surface, scanner evidence, agent-tool permission, deployment setting, project secret and privacy rules, public or packaged surfaces, and command contract entries | Sensitive data handling, authorization, admin operations, data residency, runtime patchability, AI budget records, behavior analytics, observability identifiers, webhook receipts, external-call records, dead-letter records, audit logs, shared-cache behavior, cache-authority behavior, claim and affiliate disclosure, sessions, tokens, inputs, files, signed URLs, API responses, logs, receipts, generated state, docs, templates, package metadata, deployment settings, and reports | secret leak, personal-data exposure, access-control bypass, client-trusted role or owner value, unsafe admin action, private file exposure, over-broad API response, shared-cache leak, unsafe cache authority, unprovable data location, unpatchable runtime, privacy-heavy telemetry, unsafe baggage propagation, unsafe webhook payload retention, unsafe external request, supply-chain drift, weak cryptography, insecure transport, over-privileged agent, risky third-party terms, or misleading privacy claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Sensitive surfaces reviewed, data residency, runtime patchability, AI hard-limit, behavior analytics, observability, and audit boundaries, webhook, external-call, and dead-letter boundaries, cache authority and disclosure boundaries, assumptions checked, disclosure and retention paths, authorization, file, API response, third-party terms, and external-boundary notes, verification, and remaining security or privacy risk |
|
|
@@ -590,7 +626,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
590
626
|
| Trigger | Skill Document | Required Input | Edit Scope | Risk | Verification Intents | Expected Output |
|
|
591
627
|
| --- | --- | --- | --- | --- | --- | --- |
|
|
592
628
|
| Database schema, database engine choice, managed database extension or provider feature, SQLite or PostgreSQL suitability, query, transaction, ORM model, repository/store, index, cache-backed read model, read/write model, content metadata, content blocks, content graph, lifecycle states, versioned records, ledgers, job tables, outbox events, inbox events, idempotency records, processed webhook records, external API call records, provider intent records, manual recovery records, taxonomy, filter URL policies, SEO landing records, claim or fact registries, comparison methodologies, affiliate links, source provenance, verification state, behavior analytics events, core event stores, search document metadata, queue recovery metadata, semantic export/import data, provider id mappings, app-owned identity records, public URL records, data residency records, AI budget or policy records, external-service truth ownership, operational versus analytics data boundaries, cache-as-store decisions, API response projections, public identifiers, data ownership boundaries, admin audit logs, cache invalidation data, user activity state, aggregate cache, hybrid file/database storage, file metadata records, data retention, pagination, concurrency, idempotency, audit log, or persistence boundary is introduced, changed, reviewed, or reported | `.mustflow/skills/database-change-safety/SKILL.md` | Data role, database operating model, managed database dependency model, event role, affected tables or stores, storage split, identity and provider-id mapping model, public URL and file-object model, data location model, AI budget and feature-policy model, block/graph/lifecycle/version/ledger/job/outbox/inbox/webhook/provider-call/taxonomy/filter/claim/source/admin/cache/user-state model, export/import and provider-id mapping model, external-service truth model, search/queue/log/analytics data model, operational versus analytics boundary, API projection boundary, file metadata and object-storage boundary, public id rule, read/write path, transaction boundary, migration or rollback expectations, local DB or ORM patterns, changed files, and command contract entries | Schema, migrations, repositories, stores, queries, transactions, indexes, read models, ledgers, job records, outbox records, inbox records, processed webhook records, external call records, provider intent records, manual recovery records, content metadata, block records, claim records, source records, comparison records, affiliate records, behavior event records, core event records, search source records, projection records, export/import records, provider mapping records, app identity records, public URL records, data residency records, AI budget or feature-policy records, admin audit records, file metadata records, cache records, user-state records, fixtures, tests, docs, and directly synchronized templates | data loss, incomplete export, provider-id lock-in, provider-auth-function lock-in, raw storage URL lock-in, unprovable data location, SaaS-only core fact, stale cache, authorization leak, transaction bug, duplicate side effect, unknown provider outcome, retry drift, missing manual replay record, slow query, N+1 query growth, write-contention blind spot, operational DB reporting overload, file/database drift, provenance drift, search or queue reconstruction gap, aggregate drift, API/DB coupling, cache-invalidation drift, provider-budget-only AI enforcement, or unverified migration claim | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Data role, database operating model, source-of-truth split, managed database dependency, app-owned identity, public URL, data residency, AI budget and policy records, schema/query/transaction review, delete lifecycle, versioning, ledger, job/outbox/inbox/webhook/provider-call/manual-recovery model, export/import and provider-id mapping model, external-service truth model, search/queue/log/analytics ownership, read/write model, behavior/audit event boundary, API projection boundary, file metadata boundary, block/graph/lifecycle/taxonomy/filter/claim/source/admin/cache/user-state checks, migration and rollback status, index/performance notes, security/retention checks, tests, verification, and remaining database risk |
|
|
593
|
-
| Database migration files, schema migration history, ORM schema migrations, generated clients, schema dumps, SQL snapshots, online DDL, indexes, constraints, backfills, rolling deploy compatibility, expand-and-contract changes, destructive database changes, migration rollback or roll-forward claims, cut-over plans, lock or timeout policy, replication lag risk, migration observability, or production database migration procedures are created, changed, reviewed, or reported | `.mustflow/skills/database-migration-change/SKILL.md` | Source schema, target schema, migration files, migration history, generated clients, schema dumps, SQL snapshots, affected queries, deployment shape, database engine, table size, lock and online-DDL assumptions, backfill cursor, rollback or roll-forward type, validation and observability queries, and command contract entries | Migration files, ORM schemas, generated clients, schema dumps, SQL snapshots, backfill code, validation checks, observability notes, seeds, fixtures, compatibility code, docs, tests, and directly synchronized examples | data loss, drop-plus-add rename, old/new app incompatibility, unsafe rolling deploy, unbounded or offset backfill, production lock, silent online-DDL table rewrite, replication lag, uncontrolled cut-over, generated-client drift, migration-history drift, false
|
|
629
|
+
| Database migration files, schema migration history, ORM schema migrations, generated clients, schema dumps, SQL snapshots, online DDL, indexes, constraints, background-job backfills, zero-downtime migration claims, rolling deploy compatibility, expand-and-contract changes, destructive database changes, migration rollback or roll-forward claims, cut-over plans, feature-flagged read/write switches, lock or timeout policy, replication lag risk, migration observability, or production database migration procedures are created, changed, reviewed, or reported | `.mustflow/skills/database-migration-change/SKILL.md` | Source schema, target schema, migration files, migration history, generated clients, schema dumps, SQL snapshots, affected queries, deployment shape, database engine, table size, lock and online-DDL assumptions, backfill cursor, read/write transition controls, rollback or roll-forward type, validation and observability queries, runbook stop thresholds, and command contract entries | Migration files, ORM schemas, generated clients, schema dumps, SQL snapshots, backfill code, validation checks, observability notes, runbook notes, seeds, fixtures, compatibility code, docs, tests, and directly synchronized examples | data loss, drop-plus-add rename, old/new app incompatibility, unsafe rolling deploy, deploy-time long-running data rewrite, unbounded or offset backfill, production lock, silent online-DDL table rewrite, replication lag, uncontrolled cut-over, backup-only rollback claim, generated-client drift, migration-history drift, false zero-downtime claim, ORM autogenerate mistake, or destructive contract mixed with expand phase | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Migration phase, old/new schema compatibility, expand/backfill/switch/contract plan, read/write transition controls, backfill and validation plan, lock/timeout/replication/cut-over/runbook/observability classification, rollback or roll-forward classification, ORM/generated/schema dump surfaces, dependent surfaces, verification, and remaining database-migration risk |
|
|
594
630
|
| Database query review needs to catch bottlenecks visible in the diff, including join fan-out, N+1 calls, over-eager loading, `SELECT *`, unstable `LIMIT`, large `OFFSET`, composite index mismatch, range predicate order, functions or casts on indexed columns, parameter type mismatch, wildcard search, cross-column `OR`, large `IN`, `COUNT(*) > 0`, `NOT IN` with NULL, `LEFT JOIN` filters, aggregation after fan-out, latest-row subqueries, wide sort/group/distinct, JSON filters, missing tenant or soft-delete scope, plan/statistics skew, missing-index advice, or long transactions | `.mustflow/skills/database-query-bottleneck-review/SKILL.md` | Query surface, cardinality shape, repetition shape, index and plan evidence, database and ORM context, correctness boundaries, and configured command intents | Projection narrowing, stable ordering, keyset pagination, batching, explicit loading, database-side joins or aggregation, transaction narrowing, focused tests, and engine-specific index or statistics changes only through matching engine skills | cardinality explosion, ORM N+1, eager-load overfetch, covering-index defeat, nondeterministic page, linear offset scan, composite index stop point missed, function-wrapped column scan, implicit cast, wildcard table scan, OR plan instability, huge IN planning cost, wasted count, NULL logic bug, accidental inner join, DISTINCT hiding fan-out, per-parent latest query, temp sort on wide rows, JSON path scan, tenant-wide scan, stale statistics, bad cached plan, index write-amplification, plan-forcing theater, or lock wait from long transaction | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Query path reviewed, cardinality and repetition ledger, projection/pagination/index/plan/transaction findings, evidence level, verification, and remaining database bottleneck risk |
|
|
595
631
|
| Database JSON, `jsonb`, `json`, metadata, extra, options, settings, attributes, properties, payload, raw payload, event context, dynamic fields, JSON path filters or sorts, generated columns, computed columns, expression indexes, GIN indexes, `jsonb_path_ops`, JSON search indexes, `JSON_VALUE`, `JSON_EXTRACT`, `ISJSON`, schemaVersion, JSON key registries, raw provider payloads, arrays of objects, unbounded maps, or JSON-to-column promotion decisions are introduced, changed, reviewed, or reported | `.mustflow/skills/database-json-modeling-review/SKILL.md` | JSON column role, database engine, key inventory, query and behavior paths, raw-versus-operational split, cardinality and shape, migration compatibility expectations, tests, fixtures, docs, and configured command intents | JSON field contracts, promoted typed columns, child tables, generated/computed columns, check constraints, expression/JSON indexes, key registries, schema versions, repositories, migrations, tests, fixtures, docs, and directly synchronized templates | business state hidden in metadata, status or permission key buried in JSON, tenant or retention key not enforceable, raw payload mistaken for truth, JSON path scan, unbounded object arrays, mutable/static evidence mixed, cross-domain blob, unknown key drift, malformed value drift, engine-specific JSON index overclaim, generated-column migration surprise, old/new writer incompatibility, or missing promotion criteria | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | JSON surface reviewed, role and key inventory, promotion decisions, raw payload versus operational truth split, engine-specific validation/index notes, migration/backfill/compatibility status, evidence level, verification, and remaining JSON modeling risk |
|
|
596
632
|
| Data deletion, soft delete, hard delete, purge, restore, undelete, account deletion, tenant deletion, retention, legal hold, erasure, anonymization, pseudonymization, tombstones, backup residue, PITR, WAL, binlog, transaction logs, object storage cleanup, search or cache deletion, analytics or warehouse deletion, downstream deletion events, bulk delete jobs, partition drops, admin dry runs, or deletion audit behavior is introduced, changed, reviewed, or reported | `.mustflow/skills/deletion-lifecycle-review/SKILL.md` | Deletion class, entity and dependency graph, state model, query and uniqueness model, recovery model, purge and retention model, privacy and audit model, downstream systems, backup/log residue assumptions, and configured command intents | Deletion states, lifecycle columns, constraints, partial indexes, scopes, tombstone tables, purge and restore jobs, downstream deletion records, idempotent workers, audit records, fixtures, tests, docs, and directly synchronized templates | deleted data leaking through queries, `is_deleted` theater, soft-deleted row blocking active uniqueness, unsafe cascade, lost restore scope, id reuse security bug, missing tombstone, legal hold bypass, audit evidence purged, personal data copied into audit logs, backup erasure overclaim, stuck downstream deletion, unbounded bulk delete, tenant offboarding outage, partition-retention drift, or false irreversible-delete claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Deletion surface reviewed, deletion class and state model, dependency and downstream graph, visibility/uniqueness/identity/cascade/legal/audit/restore/purge/backup decisions, evidence level, verification, and remaining deletion lifecycle risk |
|
|
@@ -604,8 +640,8 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
604
640
|
| Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, TypeScript compiler-track references, Rust release or MSRV references, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, TypeScript compiler track or Rust MSRV/toolchain track when relevant, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, TypeScript RC/nightly/API-track confusion, Rust stable/nightly/MSRV confusion, floating-tag drift, or unverified security/support claim | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Versioned surfaces checked, repository policy and freshness source, selected version track, compatibility classification, TypeScript stable/RC/nightly/API-track and Rust stable/nightly/MSRV split when relevant, approval need, synchronized surfaces, verification, and remaining version-freshness risk |
|
|
605
641
|
| External systems, protocols, SDKs, databases, webhooks, queues, files, object storage, signed upload or download URLs, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, provider data, or volatile component implementations cross the core boundary or need stable port/adapter translation, change isolation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, reconciliation, security, core-state ownership, vendor portability, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, delivery boundary, internal use case, local port/adapter patterns, provider risk, provider failure policy, core-state ownership risk, vendor portability risk, observability identifier policy, API contract risk, change-isolation ledger, preserved consumer contract, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, response mappers, telemetry mappers, timeout and retry policies, circuit breakers, bulkhead boundaries, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, caller churn from adapter-only changes, framework business-rule leakage, telemetry backend leakage, storage-key leakage, screen-shaped API coupling, pass-through wrapper, SaaS dashboard as truth source, search or analytics policy leakage, queue contract leakage, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, missing circuit breaker, missing bulkhead, unresolved unknown provider outcome, broken identifier propagation, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, change-isolation ledger, preserved consumer contract, delivery adapter responsibility, internal port, provider containment, core-state ownership, vendor portability, validation and mapping, API response mapping, observability identifier flow, timeout/retry/circuit-breaker/bulkhead/idempotency handling, reconciliation behavior, security notes, verification, and remaining provider risk |
|
|
606
642
|
| Third-party SDK or external API integration, review, debugging, upgrade, webhook handling, auth scope change, sandbox or production setup, provider SDK version change, API version migration, rate-limit handling, retry policy, idempotency key usage, pagination, provider error mapping, request id logging, changelog review, deprecation response, or provider operational-readiness test needs production integration review | `.mustflow/skills/third-party-api-integration-review/SKILL.md` | Provider and SDK/API ledger, source-of-truth docs, auth and scope ledger, operation and side-effect ledger, webhook ledger, error and observability ledger, changelog or migration evidence, existing fakes or sandbox tests, and configured command intents | Provider adapters, wrappers, typed request and response models, error mappers, timeout and retry policies, rate-limit handling, idempotency key handling, pagination handling, webhook signature verification and dedupe, redacted observability, sandbox tests, fixtures, runbooks, migration notes, and directly synchronized docs or templates | demo-only integration, stale provider docs, SDK/API drift, sandbox-production mixup, hardcoded secret, overbroad scope, token refresh gap, missing timeout, infinite retry, retrying permanent errors, mutating retry without idempotency, per-attempt idempotency key, 429 retry storm, ignored Retry-After, offset pagination assumption, raw provider error leak, string-only provider error, missing request id, trusted webhook payload, JSON-parsed signature breakage, duplicate webhook side effect, event-order assumption, success redirect as proof, unhandled unknown provider outcome, dashboard-only setting, untested SDK upgrade, or happy-path-only sandbox test | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Third-party integration reviewed, provider source-of-truth and SDK/API version evidence, auth/environment/scope decisions, timeout/retry/rate-limit/idempotency/pagination decisions, webhook delivery and dedupe checks, error and observability mapping, tests or missing evidence, verification, and remaining provider operational risk |
|
|
607
|
-
| Tauri frontend invokes, Rust commands, capabilities, permissions, scopes, plugins, filesystem, dialog, shell, opener, updater, sidecar,
|
|
608
|
-
| Wails v3 applications, Go services, generated bindings, TypeScript runtime calls, windows, menus, system tray, dialogs, events, frontend bridge payloads, WebView platform behavior, Taskfile or build config, signing, packaging, custom protocols, file associations, server builds, or Wails-related tests are created, changed, reviewed, or upgraded | `.mustflow/skills/wails-code-change/SKILL.md` | Wails version track, Go module and frontend package metadata, generated bindings, app entry point, service/window/event/menu/tray/dialog/build/package evidence, changed files, and command contract entries | Wails app assembly, Go services, frontend bridge calls, generated bindings, windows, events, menus, tray, dialogs, WebView platform behavior, platform packaging, tests, and docs | Electron or Wails v2 migration drift, accidental exported RPC, binding or runtime version drift, shared-service race, unsafe frontend input, oversized bridge payload, event leak or broadcast, WebView platform mismatch,
|
|
643
|
+
| Tauri frontend invokes, Rust commands, capabilities, permissions, scopes, plugins, filesystem, dialog, shell, opener, updater, sidecar, mobile native permissions, Tauri bundling targets, release package formats, or native desktop CI build matrices are created or changed | `.mustflow/skills/tauri-code-change/SKILL.md` | Frontend call sites, Tauri config, Rust commands, capability and permission files, plugin config, bundle targets, release matrix evidence, changed files, and command contract entries | Tauri frontend, Rust commands, capabilities, permissions, scopes, plugins, bundle target narrowing, package target notes, tests, and docs | broad native permission, untrusted IPC input, filesystem escape, shell or updater risk, WebView/native boundary drift, all-target bundling surprise, cold Cargo cache cost, duplicated macOS packaging jobs, or long-retention CI artifacts posing as release assets | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | IPC, permission, scope, filesystem, shell, updater, native boundary, bundle target, release matrix, artifact retention, verification, and remaining Tauri risk |
|
|
644
|
+
| Wails v3 applications, Go services, generated bindings, TypeScript runtime calls, windows, menus, system tray, dialogs, events, frontend bridge payloads, WebView platform behavior, Taskfile or build config, signing, packaging, platform targets, native desktop CI build matrices, custom protocols, file associations, server builds, or Wails-related tests are created, changed, reviewed, or upgraded | `.mustflow/skills/wails-code-change/SKILL.md` | Wails version track, Go module and frontend package metadata, generated bindings, app entry point, service/window/event/menu/tray/dialog/build/package evidence, platform target and release matrix evidence, changed files, and command contract entries | Wails app assembly, Go services, frontend bridge calls, generated bindings, windows, events, menus, tray, dialogs, WebView platform behavior, platform packaging, target narrowing, tests, and docs | Electron or Wails v2 migration drift, accidental exported RPC, binding or runtime version drift, shared-service race, unsafe frontend input, oversized bridge payload, event leak or broadcast, WebView platform mismatch, packaging/signing drift, all-platform PR packaging, duplicated macOS packaging jobs, or long-retention CI artifacts posing as release assets | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Wails version/app/service/bridge/binding/window/event/menu/tray/dialog/platform packaging, release matrix, artifact retention notes, verification, and remaining Wails risk |
|
|
609
645
|
| File path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, clone or checkout destinations, scaffold roots, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, or package artifact paths are created, changed, reviewed, or reported | `.mustflow/skills/file-path-cross-platform-change/SKILL.md` | Path ledger, trust classes, accepted path representation, base root, path helpers, safe filesystem wrappers, clone/checkout/scaffold/install/extract outputs, staging and promotion policy, temp/cache helpers, lock policy, archive policy, upload/download policy, scanner policy, CLI/API/schema/snapshot/generated/package surfaces, platform expectations, failure taxonomy, and command contract entries | Path validators, helpers, wrappers, schemas, CLI/API parsing, snapshots, fixtures, docs, tests, generated-output paths, package artifact paths, clone or scaffold destinations, archive extraction, scanner bounds, temp/cache handling, locks, and cleanup code | path traversal, base containment bypass, drive-relative path bug, reserved-name bug, case-collision bug, Unicode-collision bug, Git checkout path-length failure misreported as network or auth, unsafe archive extraction, non-atomic write claim, stale lock, scanner loop, partial-output cleanup data loss, user-selected destination deletion, path contract drift, or package artifact path drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path contract, path ledger, trust classes, root policy, preflight/staging/promotion decisions, Windows/macOS/Linux/archive/upload/download/scanner/lock/temp/cache/atomic/cleanup decisions, failure taxonomy, synchronized contract surfaces, verification, and remaining path risk |
|
|
610
646
|
| File paths, directories, symlinks, real paths, traversal, atomic writes, file copies, generated outputs, temporary files, clone or checkout materialization, cleanup, or Windows/POSIX filesystem behavior are created, changed, reviewed, or reported | `.mustflow/skills/cross-platform-filesystem-safety/SKILL.md` | Path inputs, base directory, trust boundary, symlink policy, write or cleanup strategy, clone/checkout/scaffold/install/extract path budget, app-owned staging boundary, platform expectations, failure taxonomy, and command contract entries | Path validation, file helpers, copy/update/delete code, clone/scaffold/archive cleanup code, scan bounds, fixtures, tests, docs, and templates | path traversal, symlink escape, unsafe overwrite, platform-only behavior, stale output, path-length or filename-length misclassification, watcher/resource misclassification, or cleanup data loss | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path trust classes, root boundary, symlink/write/delete/scan decisions, preflight and staging boundaries, clone/scaffold/extract classification, platform assumptions, verification, and remaining filesystem risk |
|
|
611
647
|
| Child processes, shell or argv execution, built-in command reruns, Git/package-manager/scaffolder failures, timeouts, process trees, output limits, streaming, environment policy, command eligibility, failure classification, command-line length limits, or execution receipts are created, changed, reviewed, or reported | `.mustflow/skills/process-execution-safety/SKILL.md` | Execution path, timeout, output limit, stdin, argv and shell command-length budget, environment, cwd, process tree behavior, failure taxonomy, receipt and write-tracking expectations, and command contract entries | Process execution code, process-tree helpers, output buffers, environment creation, eligibility checks, failure classifiers, receipts, tests, and docs | runaway process, unbounded output, leaked environment, argv-too-long failure, shell-command-too-long failure, inconsistent JSON/text execution, false cleanup claim, Git checkout path failure misreported as network or auth, blind retry, diagnostic loss, or unreliable receipt | `changes_status`, `changes_diff_summary`, `test_related`, `test_release`, `mustflow_check` | Execution surface, timeout/output/environment/process-tree boundaries, argv and shell length handling, failure classification, diagnostic preservation, receipt consistency, tests, verification, and remaining process risk |
|
|
@@ -628,7 +664,8 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
628
664
|
| Frontend component, route, store, query, form, router state, context provider, persisted store, external subscription, optimistic mutation, search/filter/pagination interaction, selected item, list key, or hydration path can duplicate, derive, overwrite, or race the same value across props, local state, server cache, URL params, form drafts, global app context, selectors, storage, or external stores | `.mustflow/skills/frontend-state-ownership-review/SKILL.md` | User goal, current diff or target files, framework and state-library signals, state owner ledger, state class map, synchronization surfaces, identity and collection surfaces, evidence level, and configured command intents | State owner cleanup, derived selectors, nearest-owner move, status or mode union, grouped action, selected ID lookup, query key dimensions, invalidation scope, request cancellation, optimistic rollback, URL-state routing, form draft reset, context split or memoization, persisted-state versioning, reset keys, external subscription wrapper, focused tests, and directly synchronized docs or templates | props-to-state drift, duplicated derived state, effect-derived one-render lag, contradictory booleans, partial grouped-state tear, selected object staleness, server data copied into global store, URL state fork, form draft overwrite, optimistic update without rollback, stale request overwrite, incomplete query key, broad invalidation, index-key local-state swap, raw setter sprawl, context value rerender storm, state too high or too low, non-serializable persisted store, hydration mismatch, unsafe external subscription snapshot, or unverified state owner | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend state surface reviewed, owner ledger and state class map, duplicate or derived state findings, query/URL/form/optimistic/race/context/persistence decisions, tests or evidence level, verification, and remaining state-ownership risk |
|
|
629
665
|
| Frontend UI, design system component, dashboard, form, card, list, table, chart, media slot, modal, drawer, toast, bottom CTA, portal, or responsive surface needs stress-layout review against hostile content, narrow parent containers, async media, skeletons, empty or error states, permission variants, scrollbars, mobile viewport and keyboard behavior, safe areas, line clamps, i18n or RTL, touch input, reduced motion, observer loops, portal edge placement, z-index layers, browser zoom, cascade layers, or reproducible break conditions | `.mustflow/skills/frontend-stress-layout-review/SKILL.md` | User goal, current diff or target files, framework and styling signals, stress fixture ledger, parent container ledger, geometry contract ledger, interaction and state ledger, evidence level, and configured command intents | Stress fixtures, stories, tests, parent-container-aware constraints, container queries, `min-width: 0`, `minmax(0, 1fr)`, `overflow-wrap: anywhere`, reserved media dimensions, `aspect-ratio`, skeleton geometry, empty and error states, permission variants, stable scroll containers, `scrollbar-gutter: stable`, mobile viewport and keyboard constraints, `safe-area-inset-*`, explicit `line-height`, logical properties, touch-accessible affordances, `prefers-reduced-motion`, observer scope, portal placement, z-index tokens, table and chart stress handling, zoom-safe geometry, cascade layer fixes, and directly synchronized docs or templates | happy-path fixture blindness, parent-width overflow, flex or grid min-content blowout, unbroken text overflow, async media or font layout shift, skeleton mismatch, collapsed empty state, error-state overlap, permission action wrapping, late `display: none` layout jump, scrollbar width wrap, fragile `100vh`, keyboard-covered CTA, unsafe-area overlap, line-clamp/action collision, localization or RTL breakage, hover-only control, layout-affecting hover or animation, ResizeObserver loop, clipped portal, z-index arms race, unusable wide table, chart zero-width mount, browser zoom clipping, CSS specificity loss, or vague non-reproducible visual complaint | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend stress layout reviewed, stress fixture and parent-container ledgers, reproducible break conditions, fixes or recommendation, evidence level, verification, and remaining stress-layout risk |
|
|
630
666
|
| Frontend UI, design-system component, form, dialog, menu, tab, combobox, custom select, table, card, media, icon button, image, toast, live update, drag interaction, focus style, keyboard handler, `onClick`, `role`, `tabIndex`, `aria-*`, `alt`, hidden content, visually hidden text, or automated accessibility claim needs accessibility-tree review for native semantics, accessible names, visible label consistency, keyboard navigation, focus order and return, forms, errors, status messages, ARIA references, icon or image alternatives, custom widget contracts, non-text contrast, target size, drag alternatives, or a11y evidence limits | `.mustflow/skills/frontend-accessibility-tree-review/SKILL.md` | User goal, current diff or target files, framework and component-library signals, semantic ledger, keyboard ledger, assistive-technology ledger, form ledger, interaction ledger, evidence level, and configured command intents | Native HTML element selection, button/link semantics, `href` cleanup, keyboard parity, tabindex cleanup, focus-visible styling, obscured focus fixes, dialog focus management, icon-only accessible names, visible-label-aligned names, `aria-labelledby` and `aria-describedby` id references, `aria-hidden` cleanup, SVG icon defaults, image `alt`, label and fieldset wiring, `aria-invalid`, error descriptions, submit-failure focus, live regions, ARIA pattern keyboard behavior, custom select constraints, non-text contrast, target-size fixes, drag alternatives, focused tests, accessibility snapshots, and directly synchronized docs or templates | ARIA costume over broken semantics, clickable div, fake link, `href="#"`, missing Enter or Space behavior, tabIndex sprawl, positive tabindex, invisible focus, focus hidden behind sticky layers, modal focus leak, unnamed icon button, visible text fighting `aria-label`, broken `aria-labelledby`, interactive child hidden by `aria-hidden`, duplicate SVG announcement, useless image alt, placeholder-only field, missing legend, color-only error, disconnected error text, submit failure silence, unannounced async status, menu or combobox keyboard mismatch, unnecessary custom select, offscreen focus trap, non-text contrast failure, tiny pointer target, drag-only operation, axe-only proof, or accessibility-tree evidence gap | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend accessibility tree reviewed, semantic/keyboard/focus/name/form/status/widget evidence, findings, fixes or recommendation, automated-evidence limits, verification, and remaining accessibility-tree risk |
|
|
631
|
-
| Frontend
|
|
667
|
+
| Frontend component library, design system package, UI kit, shared component package, token system, primitive layer, compound component, variant API, theming surface, Storybook or docs contract, package export, public CSS variable, data attribute, slot, ref target, controlled or uncontrolled component API, visual regression suite, codemod, SemVer policy, or breaking-change plan is created, changed, reviewed, or reported | `.mustflow/skills/frontend-component-library-review/SKILL.md` | User goal, target package or library, framework signals, consumer audience, current diff or target files, package API ledger, token ledger, primitive behavior ledger, component contract ledger, state contract ledger, variant and theming ledger, docs and test ledger, release ledger, and configured command intents | Package exports and deep-import policy, peer dependencies, side-effect CSS, token source and generated CSS variables or types, primitive focus and keyboard contracts, component props and slots, stable data attributes, CSS variable hooks, controlled and uncontrolled state pairs, semantic variant axes, impossible-combination guards, theme-axis separation, documented DOM ownership, Storybook stories as executable specs, type/export tests, role/name behavior tests, accessibility evidence, representative visual regression matrix, SSR and hydration checks, bundle checks, deprecation warnings, migration docs, codemods, changelog, route metadata, and directly synchronized templates | pretty-button pile, Figma-copy repo, raw hex or raw Figma token leak, token source and generated output drift, semantic token bypass, theme logic spread across components, primitive behavior gap, ARIA costume, app store or router coupling, mixed controlled and uncontrolled ownership, prop-list dump, impossible variant combo, unsafe `as` or `asChild`, `className` escape hatch as system policy, incidental DOM selector contract, undocumented deep import reliance, docs-as-gallery, props-table-only docs, snapshot-only tests, axe-only proof, visual matrix explosion, tree-shaking drag, missing codemod, SemVer underclassification, or unverified reusable-library claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend component library reviewed, package API/token/primitive/component/state/variant/theme/docs/test/release ledgers, findings, fixes or recommendation, breaking-change and migration classification, evidence level, narrower skills used or deferred, verification, and remaining component-library contract risk |
|
|
668
|
+
| Frontend UI, product copy, forms, validation messages, empty states, toasts, dialogs, metadata, SEO or Open Graph text, `hreflang`, canonical links, localized routes, locale sitemaps, charts, canvas, SVG text, emails, push notifications, share text, exports, downloads, PDFs, CSVs, calendar invites, translation keys, key lifecycle, message catalogs, TMS or XLIFF workflow, `t(...)`, ICU messages, placeholders, `aria-label`, `title`, `alt`, browser `confirm`, date/time/relative-time formatting, numbers, currency, units, search, sort, collation, Unicode normalization, grapheme truncation, RTL, bidirectional text, font fallback, pseudo localization, SSR locale, hydration, fallback, missing-key telemetry, backend error-code mapping, or localized rich text needs localization review beyond visible JSX text | `.mustflow/skills/frontend-localization-review/SKILL.md` | User goal, current diff or target files, framework and i18n library signals, supported locale policy, locale model ledger, string exposure ledger, translation-key ledger, message-shape ledger, format ledger, text-processing ledger, direction and layout ledger, runtime locale ledger, SEO and routing ledger, translation workflow ledger, operations ledger, evidence level, and configured command intents | Message catalog wiring, stable contextual keys, key lifecycle checks, full-sentence keys, named interpolation, placeholder metadata, context-specific messages, plural/select/zero handling, grammar-safe dynamic values, tone consistency, locale-aware formatters, display/storage value split, collation and search normalization, grapheme-safe truncation, global name/address/phone assumptions, RTL and `dir="auto"` handling, logical direction fixes, icon mirroring decisions, font fallback checks, pseudo-localization fixtures, locale route priority, SSR locale agreement, missing-key and fallback telemetry, SEO `hreflang`/canonical/sitemap checks, backend error-code mapping, component interpolation for rich text, translation workflow gates, export and notification text coverage, focused tests, and directly synchronized docs or templates | visible-JSX-only scan, hardcoded placeholder or metadata, concatenated translation fragments, reused dictionary key, source-prose-as-key churn, orphan or missing key, placeholder mismatch, `Delete {item}` grammar trap, English-only plural, missing select or zero state, broken Korean particle or inflection, mixed tone, manual date string, naive recurring timezone, comma-only number format, `toFixed(2)` currency assumption, language/region/currency/time-zone conflation, default `sort()`, unsafe lowercasing, accent or Unicode normalization miss, first-name/last-name or numeric postal-code assumption, emoji-splitting `.length`, wrong ellipsis owner, RTL afterthought, missing `dir="auto"`, blanket icon mirroring, fixed-width translated button, missing glyph fallback, no pseudo localization, single-locale screenshot proof, server/client locale mismatch, silent English fallback, wrong localized canonical, missing reciprocal `hreflang`, forced locale redirect, raw HTML in translations, raw backend prose, text baked into images, untranslated export, unreviewed machine translation, or static-only localization claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend localization reviewed, locale model/string/key/message-shape ledgers, formatting/search/sort/RTL/SSR/SEO/workflow/export checks, fixes or recommendation, evidence level, verification, and remaining localization risk |
|
|
632
669
|
| Public website, landing page, marketing page, ecommerce page, signup flow, checkout flow, account page, support surface, navigation, search, form, cookie or consent surface, pricing page, mobile web surface, or conversion path is planned, edited, reviewed, or reported and common visitor complaints need website-task friction review | `.mustflow/skills/website-task-friction-review/SKILL.md` | Primary visitor task, target audience, entry point, completion point, changed route or surface, product constraints, pricing/account/support/privacy facts, likely devices, complaint evidence, and configured command intents | Website copy, navigation labels, page order, form fields, validation, error states, mobile layout, support links, trust disclosures, pricing visibility, consent behavior, recovery paths, focused tests, docs, templates, and reports | popup blocking first task, forced signup, hidden cost, confusing navigation, invisible search, mobile hover dependency, tiny target, vague error, lost form data, inaccessible task path, slow first interaction, weak trust, hard-to-find support, dark pattern, invented policy claim, or unverified conversion-ready claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Website task reviewed, entry and completion path, friction findings by severity, likely user complaint, cause, fix, acceptance test, focused checks, narrower skills used or recommended, verification, and remaining website task risk |
|
|
633
670
|
| Frontend navigation flicker, theme flash, FOUC, hydration flash, blank first render, unstable loading shell, route transition jank, state loss across navigation, or first-paint instability is reported, created, edited, reviewed, or verified | `.mustflow/skills/frontend-render-stability/SKILL.md` | Symptom, affected routes, framework and version signals, root shell, links/router, theme init, root CSS, font/media loading, data-loading owner, and configured verification entries | Root HTML, layouts, router links/config, early theme scripts, root CSS, theme tokens, skeletons, hydration boundaries, route data loaders, directly tied tests, docs, and templates | masked full document reload, late theme application, hydration mismatch, client-only first data, loading layout shift, duplicate view-transition names, reduced-motion regression, or false visual proof | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `docs_validate_fast`, `mustflow_check` | Symptom phase, evidence inspected, instability layer found or ruled out, framework-specific skills used, files changed, verification, skipped visual checks, and remaining render-stability risk |
|
|
634
671
|
| User-facing UI, dashboard, settings, navigation, form, copy, responsive layout, accessibility, visual geometry, interaction flow, or visual state changes are planned, edited, reviewed, or reported | `.mustflow/skills/ui-quality-gate/SKILL.md` | Changed UI surface, user task, interaction path, existing patterns, state combinations, localization rules, content stress cases, geometry-sensitive component facts, and command contract entries | UI controls, labels, states, layout constraints, geometry contracts, accessibility attributes, localization hooks, task-flow recovery, docs, templates, and reports | decorative UI drift, inaccessible controls, icon/text misalignment, overflow or layout breakage, missing empty/error/permission recovery, or unverified visual claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | UI surface reviewed, states checked, geometry/layout/accessibility/localization/recovery notes, skipped visual checks, and remaining UI risk |
|
|
@@ -651,6 +688,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
651
688
|
| --- | --- | --- | --- | --- | --- | --- |
|
|
652
689
|
| Architecture, module boundaries, codebase structure, structural improvement, codebase deepening, or testability needs review before choosing a refactor or abstraction | `.mustflow/skills/architecture-deepening-review/SKILL.md` | Target area, structural pain, local patterns, behavior evidence, current changed files, and command contract entries | Review notes, ranked structure candidates, and at most one scoped structural follow-up when requested | speculative abstraction, broad rewrite, pattern-first design, hidden behavior change, or unverified structure claim | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Review target, evidence, candidate scores, selected next action, narrower skill choice, verification, and remaining architecture risk |
|
|
653
690
|
| Service boundaries, modular-monolith boundaries, bounded contexts, team ownership, data ownership, source-of-truth maps, event or queue boundaries, multi-tenant isolation, failure flows, independent deployment, operational recovery, disaster recovery, cost, toil, or large-scale architecture split decisions are designed, reviewed, or changed | `.mustflow/skills/service-boundary-architecture/SKILL.md` | Candidate domains, owners, data truth map, communication paths, shared database or cache coupling, failure flows, boundary proof ledger, idempotency, queue/retry/dead-letter behavior, cache consistency, tenant/auth/audit boundaries, observability, deployment, migration, retention, operations tools, and command contract entries | Architecture docs, decision records, context files, boundary source, API/event/queue/cache/read-model contracts, operational runbooks, tests, and directly synchronized docs or templates | noun-first service split, shared database coupling, unknown data owner, repeated cross-team co-change, independent-deploy theater, dependency cycle, happy-path-only design, retry storm, queue backlog with no owner, cache as accidental authority, tenant leak, command-like events, missing observability, unsafe migration, weak health probe, untested graceful shutdown, version incompatibility, untested restore or DR, or manual recovery without audit | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary checked, data owners, co-change/deploy/dependency proof, failure/idempotency/queue/cache/event notes, tenant/auth/retention/observability/deployment/health/recovery/cost/toil notes, verification, and remaining service-boundary risk |
|
|
691
|
+
| Multi-product platform, app factory, many-small-services architecture, shared account portal, Product Registry, shared auth, billing, credits, entitlements, admin console, deployment factory, analytics spine, logging, i18n, common UI, templates, or operations automation must support many product apps without per-service copy-paste | `.mustflow/skills/small-service-platform-architecture-review/SKILL.md` | User goal, target product count, product types, Product Registry ledger, identity ledger, money and access ledger, operations ledger, app factory ledger, observability and analytics ledger, shared product surface ledger, current diff or target files, and configured command intents | Product Registry, shared account portal, identity and organization model, billing catalog, entitlement service, credit ledger, usage meters, admin and support console, app generator, thin app shells, shared packages, CI/CD, deployment templates, analytics event schema, logging/tracing, notification, i18n, legal, consent, shared UI, file/job/integration services, feature flags, AI Gateway, license service, runbooks, tests, docs, route metadata, and directly synchronized templates | per-service auth or billing copy, Stripe or provider dashboard as only authority, missing Product Registry, plan-string feature gates, balance-only credits, no reservation lifecycle, direct database support surgery, template copy drift, no account portal, no first-value-created event, logs without app or tenant identity, missing webhook replay, missing backup or restore proof, product-specific privacy facts hidden in code, operations by memory, or unverified 100-service readiness claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Platform surface reviewed, Product Registry/identity/billing/credit/entitlement/admin/app-factory/deployment/analytics/observability/shared-surface/security/privacy/operations/phase ledgers, shared versus app-specific ownership decisions, specialist skills applied or deferred, evidence level, verification, and remaining small-service platform architecture risk |
|
|
654
692
|
| Code is being refactored, reorganized, renamed, deduplicated, simplified, or structurally improved while existing behavior should be preserved | `.mustflow/skills/behavior-preserving-refactor/SKILL.md` | Refactoring goal, target area, behavior evidence, local patterns, current changed files, and command contract entries | Small behavior-preserving refactor steps, related tests, and directly synchronized docs or contracts | hidden behavior change, broad cleanup, misleading abstraction, unsafe deduplication, or unverified legacy change | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Goal, behavior evidence, structural risks, refactoring ladder, changes made, excluded behavior changes, verification, and remaining risks |
|
|
655
693
|
| Class inheritance, base classes, abstract classes, template methods, protected state, mixins, framework subclasses, or subtype hierarchies are introduced, reviewed, or refactored, especially for behavior reuse or feature variants | `.mustflow/skills/composition-over-inheritance/SKILL.md` | Inheritance surface, reuse goal, change dimensions, local composition patterns, compatibility constraints, current changed files, and command contract entries | Classes, functions, role interfaces, policies, strategies, adapters, decorators, state machines, tests, wrappers, and directly synchronized docs or templates | fragile parent-child coupling, subclass explosion, broken substitutability, hidden protected state, over-composition, or untested behavior-preserving refactor | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Inheritance review, keep-or-replace decision, change dimensions, composition pattern, tests, verification, and remaining hierarchy risk |
|
|
656
694
|
| Multiple interchangeable algorithms, policies, calculations, scoring methods, sorting methods, recommendation methods, pricing rules, discount rules, shipping methods, payment methods, notification methods, permission policies, provider choices, feature-flag variants, or repeated branches choose how to do the same kind of work | `.mustflow/skills/strategy-pattern/SKILL.md` | Stable workflow, variants and shared purpose, current branch locations, common input and output shape, selection criteria, local Result, dependency injection, decorator, registry, and test patterns, current changed files, and command contract entries | Strategy function types, interfaces, concrete strategies, selectors, resolvers, registries, decorators, context wiring, tests, and directly synchronized docs or templates | over-abstracted small branch, wrong use-case grouping, context knowing concrete strategies, silent fallback, unsafe user-selected strategy, request-stateful strategy, strategy combination explosion, or untested selector behavior | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Strategy classification, shared contract, strategy registry, selector or resolver, default and unsupported-key behavior, tests, verification, and remaining strategy risk |
|