mustflow 2.107.9 → 2.108.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/dist/cli/commands/api/serve.js +73 -10
  2. package/dist/core/run-receipt-state.js +23 -2
  3. package/dist/core/secret-redaction.js +6 -1
  4. package/package.json +1 -1
  5. package/schemas/api-serve-response.schema.json +1 -0
  6. package/templates/default/i18n.toml +48 -12
  7. package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +24 -1
  8. package/templates/default/locales/en/.mustflow/skills/INDEX.md +52 -14
  9. package/templates/default/locales/en/.mustflow/skills/admin-control-plane-safety-review/SKILL.md +200 -0
  10. package/templates/default/locales/en/.mustflow/skills/ai-product-readiness-review/SKILL.md +158 -0
  11. package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +91 -28
  12. package/templates/default/locales/en/.mustflow/skills/browser-automation-reliability-review/SKILL.md +279 -0
  13. package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +39 -11
  14. package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +4 -1
  15. package/templates/default/locales/en/.mustflow/skills/database-change-safety/SKILL.md +21 -2
  16. package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +25 -7
  17. package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +117 -43
  18. package/templates/default/locales/en/.mustflow/skills/frontend-component-library-review/SKILL.md +299 -0
  19. package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +128 -36
  20. package/templates/default/locales/en/.mustflow/skills/notification-delivery-integrity-review/SKILL.md +226 -0
  21. package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +34 -14
  22. package/templates/default/locales/en/.mustflow/skills/routes.toml +36 -0
  23. package/templates/default/locales/en/.mustflow/skills/small-service-platform-architecture-review/SKILL.md +273 -0
  24. package/templates/default/locales/en/.mustflow/skills/tauri-code-change/SKILL.md +41 -3
  25. package/templates/default/locales/en/.mustflow/skills/wails-code-change/SKILL.md +34 -4
  26. package/templates/default/manifest.toml +43 -1
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.wails-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 1
5
+ revision: 2
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: wails-code-change
9
- description: Apply this skill when Wails v3 applications, Go services, generated bindings, TypeScript runtime calls, windows, menus, system tray, dialogs, events, frontend bridge payloads, WebView platform behavior, Taskfile or build config, signing, packaging, custom protocols, file associations, server builds, or Wails-related tests are created, changed, reviewed, or upgraded.
9
+ description: Apply this skill when Wails v3 applications, Go services, generated bindings, TypeScript runtime calls, windows, menus, system tray, dialogs, events, frontend bridge payloads, WebView platform behavior, Taskfile or build config, signing, packaging, platform targets, native desktop CI build matrices, custom protocols, file associations, server builds, or Wails-related tests are created, changed, reviewed, or upgraded.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -38,6 +38,8 @@ Treat Wails as a native shell around OS WebViews plus a Go-to-frontend bridge. D
38
38
  - `wails.json`, `build/config.yml`, `Taskfile.yml`, `go.mod`, Wails Go APIs, `application.New`, services, generated bindings, `@wailsio/runtime`, frontend calls to Go methods, events, raw messages, windows, menus, system tray, dialogs, browser, clipboard, autostart, notifications, file associations, custom protocols, single-instance handling, signing, packaging, server builds, or Wails tests change.
39
39
  - A task touches Wails v2-to-v3 migration, Electron-to-Wails migration, multi-window design, bridge payloads, binding generation, platform WebView behavior, OS integration, or cross-platform packaging.
40
40
  - The task writes durable guidance about Wails version status, Wails CLI or runtime versions, WebView2, WKWebView, WebKitGTK, GTK build tags, Taskfile behavior, or platform packaging.
41
+ - Wails release packaging, `Taskfile.yml`, `build/config.yml`, `wails build` flags, platform
42
+ targets, installer formats, signing, or CI matrix behavior changes.
41
43
 
42
44
  <!-- mustflow-section: do-not-use-when -->
43
45
  ## Do Not Use When
@@ -54,6 +56,9 @@ Treat Wails as a native shell around OS WebViews plus a Go-to-frontend bridge. D
54
56
  - Map of frontend calls to Go services: generated function, Go method, request DTO, response DTO, error contract, concurrency owner, cancellation path, and security or permission boundary.
55
57
  - Window and native integration ledger: window name or id, owner, lifecycle, hide versus close policy, event subscriptions, runtime-ready handshake, menu projection, tray behavior, dialog decision flow, file association, custom protocol, and single-instance policy.
56
58
  - Platform ledger: Windows WebView2 runtime and user-data folder assumptions, macOS WKWebView and signing or notarization expectations, Linux GTK/WebKitGTK target, build tags, package format, and unsupported or legacy distribution targets.
59
+ - Build and release ledger when packaging is in scope: Taskfile targets, build config, Wails CLI
60
+ flags, runner OS matrix, package formats, frontend and Go cache strategy, signing or
61
+ notarization gates, artifact retention, and release asset upload path.
57
62
  - Official or repository-local source evidence before preserving exact Wails status, alpha, release, CLI, runtime, package, platform dependency, or OS-support claims.
58
63
  - Configured verification intents.
59
64
 
@@ -72,6 +77,8 @@ Treat Wails as a native shell around OS WebViews plus a Go-to-frontend bridge. D
72
77
  - Keep Go services as app capability boundaries with typed DTOs, validation, thread-safe state, and explicit errors.
73
78
  - Keep frontend calls thin around generated bindings and runtime event subscriptions with cleanup.
74
79
  - Keep build and package changes in declared Wails config, Taskfile, Go module, frontend package, signing, installer, and docs surfaces.
80
+ - Keep platform and package targets explicit. Do not build every OS, architecture, or installer on
81
+ every PR unless the repository has a clear compatibility contract requiring it.
75
82
  - Do not expose debug, destructive, secret, filesystem, shell, updater, protocol, or raw-message behavior through exported Go methods without an explicit product and security boundary.
76
83
 
77
84
  <!-- mustflow-section: procedure -->
@@ -130,8 +137,24 @@ Treat Wails as a native shell around OS WebViews plus a Go-to-frontend bridge. D
130
137
  - Wails v3 build and package behavior is Taskfile and build-config oriented;
131
138
  - do not assume one host can produce all signed distributable artifacts without platform-specific runners or signing steps;
132
139
  - keep WebView runtime strategy, installer format, macOS notarization, Linux distribution matrix, custom protocol registration, and file association registration explicit.
133
- 16. When migration is involved, reject search-and-replace migrations. Rebuild the app assembly around application, services, windows, managers, lifecycle, generated bindings, events, and build tasks.
134
- 17. Choose configured verification intents that cover Go code, frontend typecheck, generated bindings, package build, Wails build, platform package smoke, and docs. If those intents are missing, report the exact missing coverage.
140
+ 16. Keep CI release matrices narrow and deliberate:
141
+ - Wails builds are usually Go compile plus frontend build plus packaging, but signing,
142
+ notarization, WebView runtime checks, and Linux package dependencies can still dominate;
143
+ - prefer PR checks that prove frontend build, Go compile or tests, generated bindings, and
144
+ bridge contracts on the cheapest adequate runner;
145
+ - reserve full Windows, Linux, macOS, installer, signing, notarization, and cross-architecture
146
+ matrices for release tags, release branches, or protected manual gates unless the repository
147
+ explicitly requires every PR to produce distributables;
148
+ - use platform target and packaging flags such as no-package, installer-only, or universal
149
+ macOS behavior intentionally, according to the repository's Wails version and Taskfile style;
150
+ - keep test artifacts short-lived and promote durable distributables through the release or
151
+ package channel.
152
+ 17. When a cost comparison between Wails and another desktop stack is requested, route the CI
153
+ billing, runner-minute, artifact-storage, and matrix-shape analysis through
154
+ `ci-pipeline-triage`; use this skill for Wails-specific Taskfile, build config, Go/frontend
155
+ cache, platform dependency, signing, and packaging behavior.
156
+ 18. When migration is involved, reject search-and-replace migrations. Rebuild the app assembly around application, services, windows, managers, lifecycle, generated bindings, events, and build tasks.
157
+ 19. Choose configured verification intents that cover Go code, frontend typecheck, generated bindings, package build, Wails build, platform package smoke, and docs. If those intents are missing, report the exact missing coverage.
135
158
 
136
159
  <!-- mustflow-section: hard-bans -->
137
160
  ## Hard Bans
@@ -152,6 +175,8 @@ Treat Wails as a native shell around OS WebViews plus a Go-to-frontend bridge. D
152
175
  - Go service methods, DTOs, errors, shared state, and concurrency ownership are clear.
153
176
  - Window lifecycle, event subscriptions, menu/tray/dialog/native integration, and runtime-ready behavior are explicit.
154
177
  - Platform WebView and packaging assumptions are recorded when touched.
178
+ - Wails package targets, release matrix, cache strategy, and artifact retention are explicit when
179
+ packaging is touched.
155
180
  - Missing Wails-specific verification is reported rather than hidden behind generic Go or frontend checks.
156
181
 
157
182
  <!-- mustflow-section: verification -->
@@ -176,6 +201,9 @@ Report missing Wails-specific intents when relevant: generated binding check, fr
176
201
  - If bridge calls race or return stale results, add request sequencing, cancellation, job ownership, or synchronized Go state before adding frontend retries.
177
202
  - If a large payload stalls, move the payload to pagination, chunks, file handles, or pull-after-notification events.
178
203
  - If a tray, menu, dialog, file association, protocol, or packaging behavior differs by OS, document and test the platform-specific path instead of forcing a fake cross-platform abstraction.
204
+ - If packaging cost or duration grows unexpectedly, check Taskfile targets, build config, package
205
+ flags, release-only matrix gating, Go cache, frontend cache, macOS job count, signing and
206
+ notarization split, and artifact retention before changing unrelated app code.
179
207
  - If exact Wails version or platform support claims cannot be refreshed from official sources, keep the skill behavior version-agnostic and report the unverified source boundary.
180
208
 
181
209
  <!-- mustflow-section: output-format -->
@@ -184,6 +212,8 @@ Report missing Wails-specific intents when relevant: generated binding check, fr
184
212
  - Boundary checked
185
213
  - Wails version, app assembly, service, bridge, binding, window, event, menu, tray, dialog, and OS integration notes
186
214
  - WebView platform and packaging notes when touched
215
+ - Build matrix, platform target, signing or notarization, cache, artifact retention, and release
216
+ asset notes when packaging is touched
187
217
  - Files changed
188
218
  - Command intents run
189
219
  - Skipped checks and reasons
@@ -1,6 +1,6 @@
1
1
  id = "default"
2
2
  name = "default"
3
- version = "2.107.9"
3
+ version = "2.108.2"
4
4
  description = "Minimal workflow for LLM agents to read, edit, and verify their work in a repository."
5
5
  common_root = "common"
6
6
  locales_root = "locales"
@@ -31,6 +31,9 @@ creates = [
31
31
  ".mustflow/skills/business-rule-leakage-review/SKILL.md",
32
32
  ".mustflow/skills/payment-integrity-review/SKILL.md",
33
33
  ".mustflow/skills/credit-ledger-integrity-review/SKILL.md",
34
+ ".mustflow/skills/notification-delivery-integrity-review/SKILL.md",
35
+ ".mustflow/skills/admin-control-plane-safety-review/SKILL.md",
36
+ ".mustflow/skills/small-service-platform-architecture-review/SKILL.md",
34
37
  ".mustflow/skills/api-misuse-resistance-review/SKILL.md",
35
38
  ".mustflow/skills/third-party-api-integration-review/SKILL.md",
36
39
  ".mustflow/skills/api-access-control-review/SKILL.md",
@@ -58,6 +61,7 @@ creates = [
58
61
  ".mustflow/skills/frontend-state-ownership-review/SKILL.md",
59
62
  ".mustflow/skills/frontend-stress-layout-review/SKILL.md",
60
63
  ".mustflow/skills/frontend-accessibility-tree-review/SKILL.md",
64
+ ".mustflow/skills/frontend-component-library-review/SKILL.md",
61
65
  ".mustflow/skills/frontend-localization-review/SKILL.md",
62
66
  ".mustflow/skills/website-task-friction-review/SKILL.md",
63
67
  ".mustflow/skills/cache-integrity-review/SKILL.md",
@@ -154,11 +158,13 @@ creates = [
154
158
  ".mustflow/skills/test-suite-performance-review/SKILL.md",
155
159
  ".mustflow/skills/vertical-slice-tdd/SKILL.md",
156
160
  ".mustflow/skills/llm-service-ux-review/SKILL.md",
161
+ ".mustflow/skills/ai-product-readiness-review/SKILL.md",
157
162
  ".mustflow/skills/prompt-contract-quality-review/SKILL.md",
158
163
  ".mustflow/skills/llm-hallucination-control-review/SKILL.md",
159
164
  ".mustflow/skills/llm-token-cost-control-review/SKILL.md",
160
165
  ".mustflow/skills/llm-response-latency-review/SKILL.md",
161
166
  ".mustflow/skills/agent-execution-control-review/SKILL.md",
167
+ ".mustflow/skills/browser-automation-reliability-review/SKILL.md",
162
168
  ".mustflow/skills/agent-eval-integrity-review/SKILL.md",
163
169
  ".mustflow/skills/ui-quality-gate/SKILL.md",
164
170
  ".mustflow/skills/external-prompt-injection-defense/SKILL.md",
@@ -251,6 +257,9 @@ minimal = [
251
257
  "business-rule-leakage-review",
252
258
  "payment-integrity-review",
253
259
  "credit-ledger-integrity-review",
260
+ "notification-delivery-integrity-review",
261
+ "admin-control-plane-safety-review",
262
+ "small-service-platform-architecture-review",
254
263
  "api-misuse-resistance-review",
255
264
  "third-party-api-integration-review",
256
265
  "api-access-control-review",
@@ -278,6 +287,7 @@ minimal = [
278
287
  "frontend-state-ownership-review",
279
288
  "frontend-stress-layout-review",
280
289
  "frontend-accessibility-tree-review",
290
+ "frontend-component-library-review",
281
291
  "frontend-localization-review",
282
292
  "website-task-friction-review",
283
293
  "cache-integrity-review",
@@ -359,11 +369,13 @@ minimal = [
359
369
  "diff-risk-review",
360
370
  "docs-update",
361
371
  "external-prompt-injection-defense",
372
+ "ai-product-readiness-review",
362
373
  "prompt-contract-quality-review",
363
374
  "llm-hallucination-control-review",
364
375
  "llm-token-cost-control-review",
365
376
  "llm-response-latency-review",
366
377
  "agent-execution-control-review",
378
+ "browser-automation-reliability-review",
367
379
  "agent-eval-integrity-review",
368
380
  "failure-triage",
369
381
  "file-path-cross-platform-change",
@@ -408,6 +420,9 @@ patterns = [
408
420
  "business-rule-leakage-review",
409
421
  "payment-integrity-review",
410
422
  "credit-ledger-integrity-review",
423
+ "notification-delivery-integrity-review",
424
+ "admin-control-plane-safety-review",
425
+ "small-service-platform-architecture-review",
411
426
  "api-misuse-resistance-review",
412
427
  "third-party-api-integration-review",
413
428
  "api-access-control-review",
@@ -435,6 +450,7 @@ patterns = [
435
450
  "frontend-state-ownership-review",
436
451
  "frontend-stress-layout-review",
437
452
  "frontend-accessibility-tree-review",
453
+ "frontend-component-library-review",
438
454
  "frontend-localization-review",
439
455
  "website-task-friction-review",
440
456
  "cache-integrity-review",
@@ -519,11 +535,13 @@ patterns = [
519
535
  "diff-risk-review",
520
536
  "docs-update",
521
537
  "external-prompt-injection-defense",
538
+ "ai-product-readiness-review",
522
539
  "prompt-contract-quality-review",
523
540
  "llm-hallucination-control-review",
524
541
  "llm-token-cost-control-review",
525
542
  "llm-response-latency-review",
526
543
  "agent-execution-control-review",
544
+ "browser-automation-reliability-review",
527
545
  "agent-eval-integrity-review",
528
546
  "facade-pattern",
529
547
  "failure-triage",
@@ -576,6 +594,9 @@ oss = [
576
594
  "business-rule-leakage-review",
577
595
  "payment-integrity-review",
578
596
  "credit-ledger-integrity-review",
597
+ "notification-delivery-integrity-review",
598
+ "admin-control-plane-safety-review",
599
+ "small-service-platform-architecture-review",
579
600
  "api-misuse-resistance-review",
580
601
  "third-party-api-integration-review",
581
602
  "api-access-control-review",
@@ -603,6 +624,7 @@ oss = [
603
624
  "frontend-state-ownership-review",
604
625
  "frontend-stress-layout-review",
605
626
  "frontend-accessibility-tree-review",
627
+ "frontend-component-library-review",
606
628
  "frontend-localization-review",
607
629
  "website-task-friction-review",
608
630
  "cache-integrity-review",
@@ -691,11 +713,13 @@ oss = [
691
713
  "docs-prose-review",
692
714
  "docs-update",
693
715
  "external-prompt-injection-defense",
716
+ "ai-product-readiness-review",
694
717
  "prompt-contract-quality-review",
695
718
  "llm-hallucination-control-review",
696
719
  "llm-token-cost-control-review",
697
720
  "llm-response-latency-review",
698
721
  "agent-execution-control-review",
722
+ "browser-automation-reliability-review",
699
723
  "agent-eval-integrity-review",
700
724
  "external-skill-intake",
701
725
  "github-contribution-quality-gate",
@@ -761,6 +785,9 @@ team = [
761
785
  "business-rule-leakage-review",
762
786
  "payment-integrity-review",
763
787
  "credit-ledger-integrity-review",
788
+ "notification-delivery-integrity-review",
789
+ "admin-control-plane-safety-review",
790
+ "small-service-platform-architecture-review",
764
791
  "api-misuse-resistance-review",
765
792
  "third-party-api-integration-review",
766
793
  "api-access-control-review",
@@ -788,6 +815,7 @@ team = [
788
815
  "frontend-state-ownership-review",
789
816
  "frontend-stress-layout-review",
790
817
  "frontend-accessibility-tree-review",
818
+ "frontend-component-library-review",
791
819
  "frontend-localization-review",
792
820
  "website-task-friction-review",
793
821
  "cache-integrity-review",
@@ -873,11 +901,13 @@ team = [
873
901
  "diff-risk-review",
874
902
  "docs-update",
875
903
  "external-prompt-injection-defense",
904
+ "ai-product-readiness-review",
876
905
  "prompt-contract-quality-review",
877
906
  "llm-hallucination-control-review",
878
907
  "llm-token-cost-control-review",
879
908
  "llm-response-latency-review",
880
909
  "agent-execution-control-review",
910
+ "browser-automation-reliability-review",
881
911
  "agent-eval-integrity-review",
882
912
  "github-contribution-quality-gate",
883
913
  "facade-pattern",
@@ -931,6 +961,9 @@ product = [
931
961
  "business-rule-leakage-review",
932
962
  "payment-integrity-review",
933
963
  "credit-ledger-integrity-review",
964
+ "notification-delivery-integrity-review",
965
+ "admin-control-plane-safety-review",
966
+ "small-service-platform-architecture-review",
934
967
  "api-misuse-resistance-review",
935
968
  "third-party-api-integration-review",
936
969
  "api-access-control-review",
@@ -958,6 +991,7 @@ product = [
958
991
  "frontend-state-ownership-review",
959
992
  "frontend-stress-layout-review",
960
993
  "frontend-accessibility-tree-review",
994
+ "frontend-component-library-review",
961
995
  "frontend-localization-review",
962
996
  "website-task-friction-review",
963
997
  "cache-integrity-review",
@@ -1042,11 +1076,13 @@ product = [
1042
1076
  "diff-risk-review",
1043
1077
  "docs-update",
1044
1078
  "external-prompt-injection-defense",
1079
+ "ai-product-readiness-review",
1045
1080
  "prompt-contract-quality-review",
1046
1081
  "llm-hallucination-control-review",
1047
1082
  "llm-token-cost-control-review",
1048
1083
  "llm-response-latency-review",
1049
1084
  "agent-execution-control-review",
1085
+ "browser-automation-reliability-review",
1050
1086
  "agent-eval-integrity-review",
1051
1087
  "facade-pattern",
1052
1088
  "github-contribution-quality-gate",
@@ -1107,6 +1143,9 @@ library = [
1107
1143
  "business-rule-leakage-review",
1108
1144
  "payment-integrity-review",
1109
1145
  "credit-ledger-integrity-review",
1146
+ "notification-delivery-integrity-review",
1147
+ "admin-control-plane-safety-review",
1148
+ "small-service-platform-architecture-review",
1110
1149
  "api-misuse-resistance-review",
1111
1150
  "third-party-api-integration-review",
1112
1151
  "api-access-control-review",
@@ -1134,6 +1173,7 @@ library = [
1134
1173
  "frontend-state-ownership-review",
1135
1174
  "frontend-stress-layout-review",
1136
1175
  "frontend-accessibility-tree-review",
1176
+ "frontend-component-library-review",
1137
1177
  "frontend-localization-review",
1138
1178
  "website-task-friction-review",
1139
1179
  "cache-integrity-review",
@@ -1222,11 +1262,13 @@ library = [
1222
1262
  "docs-prose-review",
1223
1263
  "docs-update",
1224
1264
  "external-prompt-injection-defense",
1265
+ "ai-product-readiness-review",
1225
1266
  "prompt-contract-quality-review",
1226
1267
  "llm-hallucination-control-review",
1227
1268
  "llm-token-cost-control-review",
1228
1269
  "llm-response-latency-review",
1229
1270
  "agent-execution-control-review",
1271
+ "browser-automation-reliability-review",
1230
1272
  "agent-eval-integrity-review",
1231
1273
  "facade-pattern",
1232
1274
  "github-contribution-quality-gate",