mustflow 2.108.0 → 2.108.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/README.md +3 -0
  2. package/dist/cli/commands/api/serve.js +73 -10
  3. package/dist/cli/commands/script-pack.js +3 -0
  4. package/dist/cli/i18n/en.js +37 -0
  5. package/dist/cli/i18n/es.js +37 -0
  6. package/dist/cli/i18n/fr.js +37 -0
  7. package/dist/cli/i18n/hi.js +37 -0
  8. package/dist/cli/i18n/ko.js +37 -0
  9. package/dist/cli/i18n/zh.js +37 -0
  10. package/dist/cli/lib/command-registry.js +3 -0
  11. package/dist/cli/lib/script-pack-registry.js +84 -0
  12. package/dist/cli/script-packs/repo-automation-surface.js +88 -0
  13. package/dist/cli/script-packs/repo-dependency-surface.js +87 -0
  14. package/dist/cli/script-packs/repo-toolchain-provenance.js +90 -0
  15. package/dist/core/public-json-contracts.js +27 -0
  16. package/dist/core/repo-automation-surface.js +376 -0
  17. package/dist/core/repo-dependency-surface.js +282 -0
  18. package/dist/core/repo-toolchain-provenance.js +421 -0
  19. package/dist/core/run-receipt-state.js +23 -2
  20. package/dist/core/script-pack-suggestions.js +33 -1
  21. package/dist/core/secret-redaction.js +6 -1
  22. package/package.json +1 -1
  23. package/schemas/README.md +10 -0
  24. package/schemas/api-serve-response.schema.json +1 -0
  25. package/schemas/repo-automation-surface-report.schema.json +148 -0
  26. package/schemas/repo-dependency-surface-report.schema.json +121 -0
  27. package/schemas/repo-toolchain-provenance-report.schema.json +124 -0
  28. package/templates/default/i18n.toml +9 -9
  29. package/templates/default/locales/en/.mustflow/skills/INDEX.md +17 -14
  30. package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +39 -11
  31. package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +4 -1
  32. package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +56 -17
  33. package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +86 -27
  34. package/templates/default/locales/en/.mustflow/skills/routes.toml +4 -4
  35. package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +51 -32
  36. package/templates/default/locales/en/.mustflow/skills/tauri-code-change/SKILL.md +41 -3
  37. package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +47 -29
  38. package/templates/default/locales/en/.mustflow/skills/wails-code-change/SKILL.md +34 -4
  39. package/templates/default/manifest.toml +1 -1
@@ -0,0 +1,148 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/repo-automation-surface-report.schema.json",
4
+ "title": "mustflow repo automation-surface report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "input",
18
+ "input_hash",
19
+ "summary",
20
+ "surfaces",
21
+ "findings",
22
+ "issues"
23
+ ],
24
+ "properties": {
25
+ "schema_version": { "const": "1" },
26
+ "command": { "const": "script-pack" },
27
+ "pack_id": { "const": "repo" },
28
+ "script_id": { "const": "automation-surface" },
29
+ "script_ref": { "const": "repo/automation-surface" },
30
+ "action": { "const": "inspect" },
31
+ "status": { "enum": ["passed", "failed", "error"] },
32
+ "ok": { "type": "boolean" },
33
+ "mustflow_root": { "type": "string" },
34
+ "input": { "$ref": "#/$defs/input" },
35
+ "input_hash": { "$ref": "#/$defs/sha256" },
36
+ "summary": { "$ref": "#/$defs/summary" },
37
+ "surfaces": { "type": "array", "items": { "$ref": "#/$defs/surface" } },
38
+ "findings": { "type": "array", "items": { "$ref": "#/$defs/finding" } },
39
+ "issues": { "type": "array", "items": { "type": "string" } }
40
+ },
41
+ "$defs": {
42
+ "sha256": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" },
43
+ "input": {
44
+ "type": "object",
45
+ "additionalProperties": false,
46
+ "required": ["scanned_paths", "max_file_bytes"],
47
+ "properties": {
48
+ "scanned_paths": { "type": "array", "items": { "type": "string", "minLength": 1 } },
49
+ "max_file_bytes": { "type": "integer", "minimum": 1 }
50
+ }
51
+ },
52
+ "summary": {
53
+ "type": "object",
54
+ "additionalProperties": false,
55
+ "required": [
56
+ "surface_count",
57
+ "mustflow_intent_count",
58
+ "raw_surface_count",
59
+ "agent_allowed_intent_count",
60
+ "manual_only_intent_count",
61
+ "risky_surface_count",
62
+ "long_running_surface_count"
63
+ ],
64
+ "properties": {
65
+ "surface_count": { "type": "integer", "minimum": 0 },
66
+ "mustflow_intent_count": { "type": "integer", "minimum": 0 },
67
+ "raw_surface_count": { "type": "integer", "minimum": 0 },
68
+ "agent_allowed_intent_count": { "type": "integer", "minimum": 0 },
69
+ "manual_only_intent_count": { "type": "integer", "minimum": 0 },
70
+ "risky_surface_count": { "type": "integer", "minimum": 0 },
71
+ "long_running_surface_count": { "type": "integer", "minimum": 0 }
72
+ }
73
+ },
74
+ "surface": {
75
+ "type": "object",
76
+ "additionalProperties": false,
77
+ "required": [
78
+ "id",
79
+ "kind",
80
+ "path",
81
+ "line",
82
+ "name",
83
+ "command_hint",
84
+ "category",
85
+ "risks",
86
+ "mapped_intent",
87
+ "agent_allowed"
88
+ ],
89
+ "properties": {
90
+ "id": { "type": "string", "minLength": 1 },
91
+ "kind": { "enum": ["ci_workflow", "make_target", "mise_task", "mustflow_intent", "package_script", "taskfile_task"] },
92
+ "path": { "type": "string", "minLength": 1 },
93
+ "line": { "type": ["integer", "null"], "minimum": 1 },
94
+ "name": { "type": "string", "minLength": 1 },
95
+ "command_hint": { "type": ["string", "null"] },
96
+ "category": {
97
+ "enum": [
98
+ "bootstrap",
99
+ "check",
100
+ "clean",
101
+ "db",
102
+ "deploy",
103
+ "deps",
104
+ "dev_server",
105
+ "doctor",
106
+ "fix",
107
+ "release",
108
+ "smoke",
109
+ "test",
110
+ "watch",
111
+ "workflow",
112
+ "unknown"
113
+ ]
114
+ },
115
+ "risks": {
116
+ "type": "array",
117
+ "items": {
118
+ "enum": ["destructive", "git_state", "interactive", "long_running", "network", "release", "secret", "writes"]
119
+ }
120
+ },
121
+ "mapped_intent": { "type": ["string", "null"] },
122
+ "agent_allowed": { "type": ["boolean", "null"] }
123
+ }
124
+ },
125
+ "finding": {
126
+ "type": "object",
127
+ "additionalProperties": false,
128
+ "required": ["code", "severity", "message", "path", "json_pointer", "metric", "actual", "expected"],
129
+ "properties": {
130
+ "code": {
131
+ "enum": [
132
+ "dangerous_automation_surface",
133
+ "long_running_automation_surface",
134
+ "raw_command_without_mustflow_intent",
135
+ "mustflow_intent_manual_boundary"
136
+ ]
137
+ },
138
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
139
+ "message": { "type": "string" },
140
+ "path": { "type": "string", "minLength": 1 },
141
+ "json_pointer": { "type": ["string", "null"] },
142
+ "metric": { "type": ["string", "null"] },
143
+ "actual": { "type": ["number", "null"] },
144
+ "expected": { "type": ["number", "null"] }
145
+ }
146
+ }
147
+ }
148
+ }
@@ -0,0 +1,121 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/repo-dependency-surface-report.schema.json",
4
+ "title": "mustflow repo dependency-surface report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "input",
18
+ "input_hash",
19
+ "summary",
20
+ "surfaces",
21
+ "findings",
22
+ "issues"
23
+ ],
24
+ "properties": {
25
+ "schema_version": { "const": "1" },
26
+ "command": { "const": "script-pack" },
27
+ "pack_id": { "const": "repo" },
28
+ "script_id": { "const": "dependency-surface" },
29
+ "script_ref": { "const": "repo/dependency-surface" },
30
+ "action": { "const": "inspect" },
31
+ "status": { "enum": ["passed", "failed", "error"] },
32
+ "ok": { "type": "boolean" },
33
+ "mustflow_root": { "type": "string" },
34
+ "input": { "$ref": "#/$defs/input" },
35
+ "input_hash": { "$ref": "#/$defs/sha256" },
36
+ "summary": { "$ref": "#/$defs/summary" },
37
+ "surfaces": { "type": "array", "items": { "$ref": "#/$defs/surface" } },
38
+ "findings": { "type": "array", "items": { "$ref": "#/$defs/finding" } },
39
+ "issues": { "type": "array", "items": { "type": "string" } }
40
+ },
41
+ "$defs": {
42
+ "sha256": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" },
43
+ "input": {
44
+ "type": "object",
45
+ "additionalProperties": false,
46
+ "required": ["scanned_paths", "max_file_bytes"],
47
+ "properties": {
48
+ "scanned_paths": { "type": "array", "items": { "type": "string", "minLength": 1 } },
49
+ "max_file_bytes": { "type": "integer", "minimum": 1 }
50
+ }
51
+ },
52
+ "summary": {
53
+ "type": "object",
54
+ "additionalProperties": false,
55
+ "required": [
56
+ "surface_count",
57
+ "manifest_count",
58
+ "lockfile_count",
59
+ "update_config_count",
60
+ "audit_config_count",
61
+ "ecosystem_count",
62
+ "finding_count"
63
+ ],
64
+ "properties": {
65
+ "surface_count": { "type": "integer", "minimum": 0 },
66
+ "manifest_count": { "type": "integer", "minimum": 0 },
67
+ "lockfile_count": { "type": "integer", "minimum": 0 },
68
+ "update_config_count": { "type": "integer", "minimum": 0 },
69
+ "audit_config_count": { "type": "integer", "minimum": 0 },
70
+ "ecosystem_count": { "type": "integer", "minimum": 0 },
71
+ "finding_count": { "type": "integer", "minimum": 0 }
72
+ }
73
+ },
74
+ "surface": {
75
+ "type": "object",
76
+ "additionalProperties": false,
77
+ "required": ["id", "ecosystem", "kind", "path", "line", "name", "evidence"],
78
+ "properties": {
79
+ "id": { "type": "string", "minLength": 1 },
80
+ "ecosystem": { "enum": ["go", "javascript", "python", "rust"] },
81
+ "kind": {
82
+ "enum": [
83
+ "audit_config",
84
+ "dependency_update_config",
85
+ "lockfile",
86
+ "manifest",
87
+ "package_manager_config",
88
+ "workspace_config"
89
+ ]
90
+ },
91
+ "path": { "type": "string", "minLength": 1 },
92
+ "line": { "type": ["integer", "null"], "minimum": 1 },
93
+ "name": { "type": "string", "minLength": 1 },
94
+ "evidence": { "type": "string", "minLength": 1 }
95
+ }
96
+ },
97
+ "finding": {
98
+ "type": "object",
99
+ "additionalProperties": false,
100
+ "required": ["code", "severity", "message", "path", "json_pointer", "metric", "actual", "expected"],
101
+ "properties": {
102
+ "code": {
103
+ "enum": [
104
+ "conflicting_javascript_lockfiles",
105
+ "manifest_without_lockfile",
106
+ "update_automation_without_policy",
107
+ "lockfile_without_manifest",
108
+ "dependency_surface_without_update_automation"
109
+ ]
110
+ },
111
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
112
+ "message": { "type": "string" },
113
+ "path": { "type": "string", "minLength": 1 },
114
+ "json_pointer": { "type": ["string", "null"] },
115
+ "metric": { "type": ["string", "null"] },
116
+ "actual": { "type": ["number", "null"] },
117
+ "expected": { "type": ["number", "null"] }
118
+ }
119
+ }
120
+ }
121
+ }
@@ -0,0 +1,124 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/repo-toolchain-provenance-report.schema.json",
4
+ "title": "mustflow repo toolchain-provenance report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "input",
18
+ "input_hash",
19
+ "summary",
20
+ "sources",
21
+ "lockfiles",
22
+ "findings",
23
+ "issues"
24
+ ],
25
+ "properties": {
26
+ "schema_version": { "const": "1" },
27
+ "command": { "const": "script-pack" },
28
+ "pack_id": { "const": "repo" },
29
+ "script_id": { "const": "toolchain-provenance" },
30
+ "script_ref": { "const": "repo/toolchain-provenance" },
31
+ "action": { "const": "inspect" },
32
+ "status": { "enum": ["passed", "failed", "error"] },
33
+ "ok": { "type": "boolean" },
34
+ "mustflow_root": { "type": "string" },
35
+ "input": { "$ref": "#/$defs/input" },
36
+ "input_hash": { "$ref": "#/$defs/sha256" },
37
+ "summary": { "$ref": "#/$defs/summary" },
38
+ "sources": { "type": "array", "items": { "$ref": "#/$defs/source" } },
39
+ "lockfiles": { "type": "array", "items": { "type": "string", "minLength": 1 } },
40
+ "findings": { "type": "array", "items": { "$ref": "#/$defs/finding" } },
41
+ "issues": { "type": "array", "items": { "type": "string" } }
42
+ },
43
+ "$defs": {
44
+ "sha256": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" },
45
+ "input": {
46
+ "type": "object",
47
+ "additionalProperties": false,
48
+ "required": ["scanned_paths", "max_file_bytes"],
49
+ "properties": {
50
+ "scanned_paths": { "type": "array", "items": { "type": "string", "minLength": 1 } },
51
+ "max_file_bytes": { "type": "integer", "minimum": 1 }
52
+ }
53
+ },
54
+ "summary": {
55
+ "type": "object",
56
+ "additionalProperties": false,
57
+ "required": [
58
+ "source_count",
59
+ "runtime_count",
60
+ "package_manager_count",
61
+ "lockfile_count",
62
+ "ci_source_count",
63
+ "finding_count"
64
+ ],
65
+ "properties": {
66
+ "source_count": { "type": "integer", "minimum": 0 },
67
+ "runtime_count": { "type": "integer", "minimum": 0 },
68
+ "package_manager_count": { "type": "integer", "minimum": 0 },
69
+ "lockfile_count": { "type": "integer", "minimum": 0 },
70
+ "ci_source_count": { "type": "integer", "minimum": 0 },
71
+ "finding_count": { "type": "integer", "minimum": 0 }
72
+ }
73
+ },
74
+ "source": {
75
+ "type": "object",
76
+ "additionalProperties": false,
77
+ "required": ["kind", "source_kind", "path", "line", "key", "value"],
78
+ "properties": {
79
+ "kind": { "enum": ["bun", "docker", "go", "node", "package_manager", "python", "rust"] },
80
+ "source_kind": {
81
+ "enum": [
82
+ "ci_workflow",
83
+ "dockerfile",
84
+ "go_mod",
85
+ "mise_toml",
86
+ "node_version_file",
87
+ "package_json",
88
+ "python_version_file",
89
+ "pyproject_toml",
90
+ "rust_toolchain",
91
+ "tool_versions"
92
+ ]
93
+ },
94
+ "path": { "type": "string", "minLength": 1 },
95
+ "line": { "type": ["integer", "null"], "minimum": 1 },
96
+ "key": { "type": "string", "minLength": 1 },
97
+ "value": { "type": "string", "minLength": 1 }
98
+ }
99
+ },
100
+ "finding": {
101
+ "type": "object",
102
+ "additionalProperties": false,
103
+ "required": ["code", "severity", "message", "path", "json_pointer", "metric", "actual", "expected"],
104
+ "properties": {
105
+ "code": {
106
+ "enum": [
107
+ "conflicting_node_version_sources",
108
+ "conflicting_package_manager_lockfiles",
109
+ "package_manager_without_lockfile",
110
+ "toolchain_declared_without_package_manager",
111
+ "runtime_declared_in_ci_only"
112
+ ]
113
+ },
114
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
115
+ "message": { "type": "string" },
116
+ "path": { "type": "string", "minLength": 1 },
117
+ "json_pointer": { "type": ["string", "null"] },
118
+ "metric": { "type": ["string", "null"] },
119
+ "actual": { "type": ["number", "null"] },
120
+ "expected": { "type": ["number", "null"] }
121
+ }
122
+ }
123
+ }
124
+ }
@@ -62,7 +62,7 @@ translations = {}
62
62
  [documents."skills.index"]
63
63
  source = "locales/en/.mustflow/skills/INDEX.md"
64
64
  source_locale = "en"
65
- revision = 206
65
+ revision = 211
66
66
  translations = {}
67
67
 
68
68
  [documents."skill.adapter-boundary"]
@@ -242,7 +242,7 @@ translations = {}
242
242
  [documents."skill.ci-pipeline-triage"]
243
243
  source = "locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md"
244
244
  source_locale = "en"
245
- revision = 1
245
+ revision = 2
246
246
  translations = {}
247
247
 
248
248
  [documents."skill.auth-flow-triage"]
@@ -428,7 +428,7 @@ translations = {}
428
428
  [documents."skill.cloud-cost-guardrail-review"]
429
429
  source = "locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md"
430
430
  source_locale = "en"
431
- revision = 1
431
+ revision = 2
432
432
  translations = {}
433
433
 
434
434
  [documents."skill.rate-limit-integrity-review"]
@@ -709,7 +709,7 @@ translations = {}
709
709
  [documents."skill.go-code-change"]
710
710
  source = "locales/en/.mustflow/skills/go-code-change/SKILL.md"
711
711
  source_locale = "en"
712
- revision = 4
712
+ revision = 5
713
713
  translations = {}
714
714
 
715
715
  [documents."skill.godot-code-change"]
@@ -763,7 +763,7 @@ translations = {}
763
763
  [documents."skill.python-code-change"]
764
764
  source = "locales/en/.mustflow/skills/python-code-change/SKILL.md"
765
765
  source_locale = "en"
766
- revision = 4
766
+ revision = 5
767
767
  translations = {}
768
768
 
769
769
  [documents."skill.powershell-code-change"]
@@ -787,7 +787,7 @@ translations = {}
787
787
  [documents."skill.rust-code-change"]
788
788
  source = "locales/en/.mustflow/skills/rust-code-change/SKILL.md"
789
789
  source_locale = "en"
790
- revision = 6
790
+ revision = 7
791
791
  translations = {}
792
792
 
793
793
  [documents."skill.runtime-target-selection"]
@@ -823,19 +823,19 @@ translations = {}
823
823
  [documents."skill.tauri-code-change"]
824
824
  source = "locales/en/.mustflow/skills/tauri-code-change/SKILL.md"
825
825
  source_locale = "en"
826
- revision = 3
826
+ revision = 4
827
827
  translations = {}
828
828
 
829
829
  [documents."skill.wails-code-change"]
830
830
  source = "locales/en/.mustflow/skills/wails-code-change/SKILL.md"
831
831
  source_locale = "en"
832
- revision = 1
832
+ revision = 2
833
833
  translations = {}
834
834
 
835
835
  [documents."skill.typescript-code-change"]
836
836
  source = "locales/en/.mustflow/skills/typescript-code-change/SKILL.md"
837
837
  source_locale = "en"
838
- revision = 6
838
+ revision = 7
839
839
  translations = {}
840
840
 
841
841
  [documents."skill.unocss-code-change"]