mustflow 2.108.2 → 2.108.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/cli/commands/script-pack.js +3 -0
- package/dist/cli/i18n/en.js +37 -0
- package/dist/cli/i18n/es.js +37 -0
- package/dist/cli/i18n/fr.js +37 -0
- package/dist/cli/i18n/hi.js +37 -0
- package/dist/cli/i18n/ko.js +37 -0
- package/dist/cli/i18n/zh.js +37 -0
- package/dist/cli/lib/command-registry.js +3 -0
- package/dist/cli/lib/script-pack-registry.js +84 -0
- package/dist/cli/script-packs/repo-automation-surface.js +88 -0
- package/dist/cli/script-packs/repo-dependency-surface.js +87 -0
- package/dist/cli/script-packs/repo-toolchain-provenance.js +90 -0
- package/dist/core/public-json-contracts.js +27 -0
- package/dist/core/repo-automation-surface.js +376 -0
- package/dist/core/repo-dependency-surface.js +282 -0
- package/dist/core/repo-toolchain-provenance.js +421 -0
- package/dist/core/script-pack-suggestions.js +33 -1
- package/package.json +1 -1
- package/schemas/README.md +10 -0
- package/schemas/repo-automation-surface-report.schema.json +148 -0
- package/schemas/repo-dependency-surface-report.schema.json +121 -0
- package/schemas/repo-toolchain-provenance-report.schema.json +124 -0
- package/templates/default/i18n.toml +5 -5
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +5 -5
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +56 -17
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +86 -27
- package/templates/default/locales/en/.mustflow/skills/routes.toml +4 -4
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +51 -32
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +47 -29
- package/templates/default/manifest.toml +1 -1
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.python-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 5
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: python-code-change
|
|
9
|
-
description: Apply this skill when Python source, standard-library API usage, packaging, runtime version, import layout, type checking, linting, tests, or CLI entry points are created or changed.
|
|
9
|
+
description: Apply this skill when Python source, standard-library API usage, packaging, runtime version, import layout, architecture boundaries, type checking, async tasks, exception/logging/retry behavior, performance-sensitive collection usage, pytest fixtures/mocks, linting, tests, or CLI entry points are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -28,13 +28,13 @@ metadata:
|
|
|
28
28
|
<!-- mustflow-section: purpose -->
|
|
29
29
|
## Purpose
|
|
30
30
|
|
|
31
|
-
Preserve Python runtime, standard-library, packaging, import, async resource, public API, typing, lint, and test boundaries while making a focused change.
|
|
31
|
+
Preserve Python runtime, standard-library, packaging, import, architecture, async resource, failure, performance, public API, typing, lint, and test boundaries while making a focused change.
|
|
32
32
|
|
|
33
33
|
<!-- mustflow-section: use-when -->
|
|
34
34
|
## Use When
|
|
35
35
|
|
|
36
36
|
- `.py`, `pyproject.toml`, `setup.py`, `setup.cfg`, requirements files, lockfiles, tox, nox, pytest, mypy, pyright, Ruff, or Python CI config changes.
|
|
37
|
-
- The task touches standard-library feature usage, package layout, CLI entry points, imports, type hints, dependency declarations, virtual environment assumptions, or tests.
|
|
37
|
+
- The task touches standard-library feature usage, package layout, CLI entry points, imports, type hints, dependency declarations, virtual environment assumptions, async task lifecycles, exceptions, logging, retry, fallback, collection performance, or tests.
|
|
38
38
|
|
|
39
39
|
<!-- mustflow-section: do-not-use-when -->
|
|
40
40
|
## Do Not Use When
|
|
@@ -47,10 +47,13 @@ Preserve Python runtime, standard-library, packaging, import, async resource, pu
|
|
|
47
47
|
|
|
48
48
|
- Python version source: `requires-python`, `.python-version`, tool version files, CI matrix, or container base image.
|
|
49
49
|
- Standard-library feature and runtime-behavior assumptions, especially when using Python-version-gated APIs or changed security defaults.
|
|
50
|
-
- Packaging and dependency files, test config, lint config, and type checker config.
|
|
50
|
+
- Packaging and dependency files, build backend, package manager, lockfile owner, test config, lint config, and type checker config.
|
|
51
51
|
- Package layout: `src` layout, flat layout, namespace package, distribution name, import package name, package discovery settings, CLI entry points, plugin entry points, and nearby tests.
|
|
52
|
+
- Architecture boundary: external adapters, framework request/response objects, ORM models, environment input, DTOs, domain value objects, import direction, and shared utility ownership.
|
|
52
53
|
- Async ownership and resource cleanup surface when coroutines, tasks, context managers, sessions, clients, pools, files, async generators, subprocesses, or logging change.
|
|
54
|
+
- Failure surface when exceptions, logging config, retry, timeout, fallback, degraded responses, or observability fields change.
|
|
53
55
|
- Public contract surface when imports, signatures, exceptions, return shapes, CLI behavior, config, environment variables, extras, Python version support, or typing stubs change.
|
|
56
|
+
- Runtime truth boundary for type hints: external input validation, `Any`, casts, ignores, protocols, guards, stubs, and `py.typed` when present.
|
|
54
57
|
- Configured verification intents.
|
|
55
58
|
|
|
56
59
|
<!-- mustflow-section: preconditions -->
|
|
@@ -59,6 +62,7 @@ Preserve Python runtime, standard-library, packaging, import, async resource, pu
|
|
|
59
62
|
- Determine the lowest supported Python version before choosing syntax or typing features.
|
|
60
63
|
- Determine the lowest supported Python version before choosing standard-library features, changed defaults, syntax, or typing features.
|
|
61
64
|
- Read package layout and import style before editing imports.
|
|
65
|
+
- Read framework, adapter, or entry-point boundaries before moving data shapes across layers.
|
|
62
66
|
- Treat global machine Python state as irrelevant unless the project explicitly declares it.
|
|
63
67
|
|
|
64
68
|
<!-- mustflow-section: allowed-edits -->
|
|
@@ -70,61 +74,107 @@ Preserve Python runtime, standard-library, packaging, import, async resource, pu
|
|
|
70
74
|
- Do not lower Ruff, mypy, pyright, pytest, or packaging strictness to hide a failure.
|
|
71
75
|
- Keep import fixes in package metadata, package discovery, entry points, or test invocation contracts instead of path hacks.
|
|
72
76
|
- Make resource ownership explicit: code closes only the resources it creates.
|
|
77
|
+
- Translate external data and third-party failures at boundaries instead of leaking framework, SDK, ORM, raw JSON, or environment shapes into domain logic.
|
|
73
78
|
|
|
74
79
|
<!-- mustflow-section: procedure -->
|
|
75
80
|
## Procedure
|
|
76
81
|
|
|
77
82
|
1. Read project metadata, Python version constraints, dependency files, and test/lint/type configs.
|
|
78
|
-
2. Identify the boundary touched: runtime version, package API, import root, packaging metadata, CLI entry, test fixture, async resource ownership, external input, or dependency contract.
|
|
83
|
+
2. Identify the boundary touched: runtime version, package API, import root, packaging metadata, architecture layer, CLI entry, test fixture, async resource ownership, external input, exception/logging/retry path, performance-sensitive collection path, or dependency contract.
|
|
79
84
|
3. For packaging and import changes, separate the distribution name from the import package name. Check package directory mapping, package discovery settings, namespace package behavior, package data, entry points, optional dependencies, and `requires-python` before touching imports.
|
|
80
|
-
4.
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
85
|
+
4. For `pyproject.toml`, keep build metadata, package metadata, and tool settings separate:
|
|
86
|
+
- `[build-system]` names the build backend and build requirements;
|
|
87
|
+
- `[project]` names distribution metadata, runtime dependencies, Python support, scripts, optional dependencies, and package typing signals;
|
|
88
|
+
- `[tool.*]`, dependency groups, uv or Poetry settings, and lockfiles are tool or environment contracts, not a substitute for wheel metadata.
|
|
89
|
+
5. Treat `src` layout as an installation contract. Importable code under `src/` should be tested through the supported installed-package path, not by making repository files accidentally importable from the working directory.
|
|
90
|
+
6. Match existing package layout and import conventions. Do not add `sys.path`, `site.addsitedir`, `PYTHONPATH`, pytest `pythonpath`, ad hoc import loading, or test `conftest.py` import hacks to make package imports pass.
|
|
91
|
+
7. Do not add `__init__.py` to tests as a blind fix. Add it only when tests are intentionally a package and the import-mode behavior remains explicit.
|
|
92
|
+
8. For packaging changes, distinguish development and release contracts:
|
|
84
93
|
- editable installs prove the local development path;
|
|
85
94
|
- wheel installs or equivalent built artifacts prove the release path;
|
|
95
|
+
- editable installs may not reflect entry point, dependency, package metadata, C extension, or package data changes until reinstall or rebuild;
|
|
96
|
+
- build dependencies, runtime dependencies, optional dependencies, and dependency groups are different contracts;
|
|
97
|
+
- apps should pin or lock environments; libraries should publish compatible dependency ranges instead of over-pinning downstream users;
|
|
98
|
+
- uv, Poetry, pip, and build backends each own different parts of the workflow; do not mix their metadata as competing sources of truth;
|
|
86
99
|
- entry point, dependency, optional dependency, metadata, and package data changes require reinstall-oriented verification when a configured intent exists;
|
|
87
100
|
- installed console scripts or plugin entry points should be smoke-tested through the installed entry point contract, not by directly running a source file.
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
101
|
+
9. Verify import origin when packaging risk is present. The public package should resolve from the installed environment intended by the project, not from accidental repository-root files.
|
|
102
|
+
10. Preserve architecture boundaries:
|
|
103
|
+
- keep framework request objects, ORM models, SDK clients, raw JSON, environment variables, and CLI parser output in adapter layers;
|
|
104
|
+
- convert external input into explicit DTOs, dataclasses, value objects, or validated models before domain logic uses it;
|
|
105
|
+
- name modules by responsibility instead of dumping shared behavior into `utils.py`, `helpers.py`, or `common.py`;
|
|
106
|
+
- keep import direction one-way and treat circular imports as architecture evidence, not only a runtime nuisance;
|
|
107
|
+
- prefer protocols or narrow callable/data contracts over inheritance when callers only need behavior shape.
|
|
108
|
+
11. Validate unknown external data before treating it as typed domain data. Type hints do not enforce runtime values; boundary validation owns JSON, form, CSV, queue, environment, and third-party API input.
|
|
109
|
+
12. Keep type-checking honest:
|
|
110
|
+
- treat `Any`, bare generics, untyped imports, `cast`, broad `type: ignore`, false `TypeGuard` or `TypeIs`, and runtime `Protocol` checks as trust-boundary risks;
|
|
111
|
+
- prefer `object` plus narrowing over `Any` when a value is unknown but operations must be checked;
|
|
112
|
+
- require scoped `# type: ignore[...]` with a local reason when the project policy allows ignores;
|
|
113
|
+
- do not use `cast()` as conversion; add parsing, validation, or a checked adapter when runtime shape is uncertain;
|
|
114
|
+
- keep `None` explicit in signatures and return shapes instead of returning `None` from non-optional contracts;
|
|
115
|
+
- when publishing typed packages, keep `py.typed`, stubs, and public exports aligned.
|
|
116
|
+
13. Choose standard-library helpers by semantic contract and supported Python version:
|
|
91
117
|
- prefer cardinality-explicit iteration such as `zip(strict=True)`, `itertools.batched(..., strict=True)`, or Python 3.14+ `map(strict=True)` only when unequal lengths are a bug and the declared runtime supports the API;
|
|
92
118
|
- do not use `itertools.groupby` as a database-style grouping primitive unless input ordering and group materialization are intentional;
|
|
93
119
|
- avoid shared mutable defaults; use `default_factory` or an existing local construction pattern for per-instance mutable state;
|
|
94
120
|
- prefer `importlib.resources` for packaged data, `tomllib` for TOML reads, and `Path.walk()` only after checking version support, pruning behavior, symlink recursion, ordering, and cycle risks;
|
|
95
121
|
- use dataclass options such as `slots`, `frozen`, and `kw_only`, `StrEnum`, `TypedDict`, or `Protocol` only when they match the public shape and runtime/type-checker support;
|
|
96
122
|
- treat `functools.cache`, `lru_cache`, `cached_property`, `partial`, and Python 3.14+ `Placeholder` as state, memory, concurrency, and versioned-API choices rather than harmless terseness.
|
|
97
|
-
|
|
123
|
+
14. Review collection and iterator performance when code can scale with input size:
|
|
124
|
+
- avoid list membership inside large loops, `pop(0)`, repeated list concatenation, large loop slices, and hot-path `deepcopy`;
|
|
125
|
+
- use `set`, `dict`, `deque`, `Counter`, `heapq`, `join`, comprehensions, or `itertools` when they match the data contract;
|
|
126
|
+
- treat generators as one-shot streams; do not add hidden `list()`, `sorted()`, `len()`, `tee()`, or `cycle()` materialization without memory reasoning;
|
|
127
|
+
- rebuild large dicts after bulk deletion when long-lived memory and iteration cost matter;
|
|
128
|
+
- avoid eager default factories hidden in `dict.get(key, expensive())` or `setdefault(key, expensive())`.
|
|
129
|
+
15. Treat newer syntax and typing features as semantic tools, not style trophies:
|
|
98
130
|
- use template string literals only when a handler needs the static and interpolated parts separately, such as SQL builders, shell command objects, logging templates, or markup renderers; do not replace ordinary f-strings when the result is just a string;
|
|
99
131
|
- when runtime code reads annotations, use the supported annotation inspection API and choose the intended format explicitly instead of assuming `__annotations__` already contains runtime values;
|
|
100
132
|
- use sentinel values to distinguish "argument omitted" from `None`, but compare sentinels by identity and keep public signatures readable;
|
|
101
133
|
- prefer `Mapping` or narrower read-only protocols for read-only inputs so immutable mapping implementations are not rejected accidentally;
|
|
102
134
|
- use closed or extra-key `TypedDict` forms only when the supported Python and type-checker versions agree with that shape.
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
135
|
+
16. Keep `finally` as cleanup, not outcome selection. Do not add `return`, `break`, or `continue` inside `finally` blocks because they can mask exceptions and cancellation; move result decisions outside cleanup or make suppression an explicit documented contract.
|
|
136
|
+
17. Use explicit lazy imports only for startup-sensitive module-scope dependencies after checking version support and import-time side effects. Do not lazily import plugins, registries, monkey patches, model definitions, ORM mappings, or observability setup whose import side effects are part of startup correctness.
|
|
137
|
+
18. Keep process, archive, and concurrency safety explicit:
|
|
106
138
|
- subprocess calls use argument lists, checked failure handling, timeouts, bounded captured output, and a narrow `shell=True` exception when the project already permits it;
|
|
107
139
|
- archive extraction, including `tarfile`, keeps untrusted archive inspection, extraction filters, partial-extract cleanup, and older-runtime defaults visible;
|
|
108
140
|
- `asyncio.TaskGroup`, `asyncio.timeout`, and `asyncio.to_thread` are used only when their cancellation, timeout, blocking-work, and Python-version semantics fit the surrounding lifecycle.
|
|
109
|
-
|
|
110
|
-
|
|
141
|
+
19. Use runtime diagnostics as evidence, not as permanent workaround code. Interpreter or library diagnostics such as import timing, `tracemalloc`, `faulthandler`, profiling, and allocation tracing should go through configured diagnostic or verification intents when available, and missing intents should be reported instead of adding ad hoc command recipes to the skill.
|
|
142
|
+
20. Preserve async and resource ownership:
|
|
111
143
|
- every coroutine is awaited, returned by contract, or scheduled as an owned and tracked task;
|
|
112
144
|
- raw background task creation is allowed only through the project's owner or spawn helper, a task group, or an equivalent lifecycle mechanism;
|
|
113
145
|
- background tasks keep a strong reference, have a shutdown path, and retrieve failures instead of leaving never-retrieved exceptions;
|
|
114
146
|
- cancellation is control flow, so cleanup uses `finally` and cancellation is re-raised after cleanup unless suppression is the documented behavior;
|
|
147
|
+
- choose `TaskGroup` over `gather()` when sibling task failure must cancel the rest;
|
|
148
|
+
- bound fan-out with semaphores, queues, worker pools, or an existing local concurrency primitive;
|
|
149
|
+
- propagate absolute deadlines or remaining budgets through nested calls instead of resetting relative timeouts at every layer;
|
|
150
|
+
- cancel and await pending tasks after `asyncio.wait()` timeouts;
|
|
115
151
|
- async functions do not call blocking I/O, blocking sleeps, long CPU work, or blocking subprocess waits directly unless the project has an explicit executor or isolation pattern;
|
|
116
152
|
- context managers and async context managers do not suppress exceptions unless suppression is the feature;
|
|
117
153
|
- context-manager helpers that catch exceptions for logging re-raise after logging;
|
|
118
154
|
- early-exit async generators have an explicit close path.
|
|
119
|
-
|
|
120
|
-
|
|
155
|
+
21. Preserve failure evidence:
|
|
156
|
+
- translate external exceptions into domain exceptions at boundaries with `raise ... from exc`;
|
|
157
|
+
- do not use `except Exception: pass`, broad `BaseException` catches, or fallback returns that hide failures;
|
|
158
|
+
- use `logger.exception()` only inside exception handlers or preserve exception info explicitly;
|
|
159
|
+
- configure logging so module loggers propagate through a deliberate root or parent handler, existing loggers are not disabled accidentally, and slow handlers are isolated when request latency matters;
|
|
160
|
+
- keep retry finite, jittered or backed off where appropriate, idempotent, and owned by one layer;
|
|
161
|
+
- make fallback a visible degraded path with logs, metrics, or response metadata rather than silent success.
|
|
162
|
+
22. Preserve public contracts:
|
|
121
163
|
- treat public imports, public signatures, exceptions, return shapes, CLI behavior, entry points, config keys, environment variables, dependency metadata, extras, Python version support, and typing stubs as compatibility-sensitive;
|
|
122
164
|
- do not change sync functions into async functions, accepted input shapes, nullable behavior, documented exception types, tuple/dict/dataclass return shapes, config precedence, or environment variable semantics without a compatibility review;
|
|
123
165
|
- typed packages should keep runtime and typing surfaces aligned, including `py.typed` and stubs when present.
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
166
|
+
23. Preserve test truth:
|
|
167
|
+
- keep pytest fixtures small, with one state-changing responsibility and cleanup coupled to that state;
|
|
168
|
+
- treat fixture scope and autouse as isolation decisions, not speed knobs;
|
|
169
|
+
- avoid mutable `parametrize` values unless each case receives a fresh object;
|
|
170
|
+
- use `tmp_path`, scoped `monkeypatch`, and patch the namespace where code looks up the object;
|
|
171
|
+
- prefer mock `autospec`, `spec_set`, and `AsyncMock` await assertions so tests cannot lie about signatures or async execution;
|
|
172
|
+
- use log assertions to check operational signals, not only message text;
|
|
173
|
+
- use property-based tests when behavior is an invariant over an input space and existing project dependencies support it.
|
|
174
|
+
24. Avoid mutable default arguments, broad `except Exception: pass`, broad `BaseException` catches outside process boundaries, global state hidden behind module imports, `finally` masking, and path handling that ignores existing `pathlib` or OS conventions.
|
|
175
|
+
25. Use `# type: ignore[...]` only when tightly scoped, justified, and consistent with local policy.
|
|
176
|
+
26. If packaging, public API, CLI, config, typing, async, retry, logging, or test contracts change, synchronize README examples, entry point tests, build metadata, docs, fixtures, and downstream-style examples that describe installation or usage.
|
|
177
|
+
27. Choose configured verification intents that cover formatting, lint, type checking, tests, package build, installed-package smoke checks, and CLI smoke risk when available.
|
|
128
178
|
|
|
129
179
|
<!-- mustflow-section: postconditions -->
|
|
130
180
|
## Postconditions
|
|
@@ -133,10 +183,14 @@ Preserve Python runtime, standard-library, packaging, import, async resource, pu
|
|
|
133
183
|
- Python-version-gated standard-library features and changed runtime defaults are accepted only when the declared support matrix allows them.
|
|
134
184
|
- Imports work from the project-supported execution path.
|
|
135
185
|
- Packaging changes distinguish development imports from release artifact imports.
|
|
186
|
+
- Framework, ORM, SDK, raw input, and environment data stay outside the domain core unless intentionally adapted.
|
|
187
|
+
- Runtime validation, type hints, and published typing metadata agree at public and external-input boundaries.
|
|
136
188
|
- Async tasks, context managers, files, clients, pools, subprocesses, and generators have visible ownership and cleanup.
|
|
189
|
+
- Exceptions, logs, retries, timeouts, and fallback paths preserve cause, deadline, idempotency, and degraded-state evidence.
|
|
190
|
+
- Collection and iterator changes have size, copy, and materialization behavior reviewed when relevant.
|
|
137
191
|
- Public API, CLI, config, environment, dependency metadata, and typing contract changes are called out.
|
|
138
192
|
- Type and lint strictness are not weakened.
|
|
139
|
-
- Tests or skipped verification are tied to the changed behavior.
|
|
193
|
+
- Tests or skipped verification are tied to the changed behavior, with fixture/mock/async/logging risks named when relevant.
|
|
140
194
|
|
|
141
195
|
<!-- mustflow-section: verification -->
|
|
142
196
|
## Verification
|
|
@@ -158,13 +212,18 @@ Report missing package, type, or test intents rather than inventing raw tool com
|
|
|
158
212
|
- If import resolution fails, inspect package metadata and test invocation before adding path hacks.
|
|
159
213
|
- If a test only passes because repository root, `src`, or `tests` is injected into import paths, reject the fix and repair packaging or test layout instead.
|
|
160
214
|
- If packaging correctness matters but only repository-root tests can run, report that wheel or installed-artifact verification is missing.
|
|
215
|
+
- If build backend, package manager, lockfile, dependency group, optional dependency, or editable-install behavior is ambiguous, keep the existing owner and report the missing packaging contract instead of migrating tools.
|
|
161
216
|
- If the supported Python version blocks a syntax choice, rewrite to the supported form.
|
|
162
217
|
- If the supported Python version blocks a standard-library feature, changed default, diagnostic flag, or helper API, use the supported equivalent or report the runtime-support decision instead of silently raising `requires-python`.
|
|
163
218
|
- If template strings, annotation runtime access, lazy imports, sentinels, immutable mappings, or typed extra keys are useful but version-gated, keep a fallback or report the required support bump instead of smuggling the newer feature into a lower-runtime project.
|
|
164
219
|
- If third-party stubs or package metadata are wrong, document the local workaround and keep it narrow.
|
|
220
|
+
- If `Any`, `cast`, `type: ignore`, runtime `Protocol`, or type guard behavior is needed, keep it local, justified, and backed by runtime validation or tests where the type claim can lie.
|
|
221
|
+
- If performance risk appears in collections, generators, copies, or caches, report the input-size assumption or use an existing benchmark/profile intent when configured.
|
|
165
222
|
- If a background task lacks owner, shutdown, strong reference, or exception retrieval, do not add it.
|
|
166
223
|
- If cancellation or context-manager behavior is swallowed accidentally, restore propagation or document the intentional suppression contract.
|
|
224
|
+
- If retry, timeout, or fallback lacks idempotency, deadline, owner layer, or degraded-state evidence, keep the failure explicit instead of adding hidden recovery.
|
|
167
225
|
- If resource cleanup cannot be proven, use the project's context manager, exit stack, fixture, or lifecycle pattern before broadening tests.
|
|
226
|
+
- If tests require broad fixtures, autouse state, unscoped monkeypatching, bare mocks, or mutable parametrization, narrow the test seam before trusting the result.
|
|
168
227
|
- If public contracts change without compatibility evidence, stop and report the breaking-change or deprecation requirement.
|
|
169
228
|
|
|
170
229
|
<!-- mustflow-section: output-format -->
|
|
@@ -173,7 +232,7 @@ Report missing package, type, or test intents rather than inventing raw tool com
|
|
|
173
232
|
- Boundary checked
|
|
174
233
|
- Runtime and packaging assumptions
|
|
175
234
|
- Files changed
|
|
176
|
-
-
|
|
235
|
+
- Architecture, type, lint, import, async, failure, performance, and test notes
|
|
177
236
|
- Command intents run
|
|
178
237
|
- Skipped checks and reasons
|
|
179
238
|
- Remaining Python risk
|
|
@@ -526,7 +526,7 @@ applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "pe
|
|
|
526
526
|
category = "general_code"
|
|
527
527
|
route_type = "primary"
|
|
528
528
|
priority = 85
|
|
529
|
-
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "data_change", "migration_change", "ui_change", "package_metadata_change"]
|
|
529
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "data_change", "migration_change", "ui_change", "performance_change", "package_metadata_change", "release_risk"]
|
|
530
530
|
|
|
531
531
|
[routes."javascript-code-change"]
|
|
532
532
|
category = "general_code"
|
|
@@ -538,7 +538,7 @@ applies_to_reasons = ["code_change", "public_api_change", "test_change"]
|
|
|
538
538
|
category = "general_code"
|
|
539
539
|
route_type = "primary"
|
|
540
540
|
priority = 85
|
|
541
|
-
applies_to_reasons = ["code_change", "public_api_change", "test_change"]
|
|
541
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "data_change", "migration_change", "performance_change", "security_change", "privacy_change", "package_metadata_change", "release_risk"]
|
|
542
542
|
|
|
543
543
|
[routes."powershell-code-change"]
|
|
544
544
|
category = "general_code"
|
|
@@ -550,13 +550,13 @@ applies_to_reasons = ["code_change", "test_change", "docs_change", "package_meta
|
|
|
550
550
|
category = "general_code"
|
|
551
551
|
route_type = "primary"
|
|
552
552
|
priority = 85
|
|
553
|
-
applies_to_reasons = ["code_change", "public_api_change", "test_change"]
|
|
553
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "data_change", "performance_change", "package_metadata_change", "release_risk"]
|
|
554
554
|
|
|
555
555
|
[routes."rust-code-change"]
|
|
556
556
|
category = "general_code"
|
|
557
557
|
route_type = "primary"
|
|
558
558
|
priority = 85
|
|
559
|
-
applies_to_reasons = ["code_change", "public_api_change", "test_change"]
|
|
559
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "data_change", "performance_change", "security_change", "privacy_change", "package_metadata_change", "release_risk"]
|
|
560
560
|
|
|
561
561
|
[routes."axum-code-change"]
|
|
562
562
|
category = "general_code"
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.rust-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 7
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: rust-code-change
|
|
9
|
-
description: Apply this skill when Rust source, Cargo metadata, features, traits, errors, ownership, async
|
|
9
|
+
description: Apply this skill when Rust source, Cargo metadata, features, traits, errors, ownership, borrowing, lifetimes, Clone/Rc/Arc/Mutex/RefCell use, async tasks, channels, cancellation, unsafe code, allocation, zero-copy, tests, examples, benchmarks, release profiles, MSRV, toolchain declarations, standard-library APIs, or public crate APIs are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -28,7 +28,7 @@ metadata:
|
|
|
28
28
|
<!-- mustflow-section: purpose -->
|
|
29
29
|
## Purpose
|
|
30
30
|
|
|
31
|
-
Preserve Rust ownership, error, trait, feature, async runtime, unsafe, and public crate boundaries while making a focused change. A Rust change is successful only when it clarifies
|
|
31
|
+
Preserve Rust ownership, error, trait, feature, async runtime, unsafe, performance, and public crate boundaries while making a focused change. A Rust change is successful only when it clarifies owners, state, failure contracts, and allocation behavior, not when it merely silences the borrow checker.
|
|
32
32
|
|
|
33
33
|
Rust's compiler feedback can be especially useful for AI-assisted work because it rejects many
|
|
34
34
|
invalid states with concrete errors. That benefit has a real cost: compile time, target-directory
|
|
@@ -38,8 +38,8 @@ instead of treated as incidental.
|
|
|
38
38
|
<!-- mustflow-section: use-when -->
|
|
39
39
|
## Use When
|
|
40
40
|
|
|
41
|
-
- `.rs`, `Cargo.toml`, `Cargo.lock`, workspace config, feature flags, public exports, traits, error types, tests, examples, benches, FFI, async runtime, or unsafe code change.
|
|
42
|
-
- The task touches ownership, borrowing, lifetimes, `Clone`, `Arc`, `Mutex`, `unwrap`, or public crate compatibility.
|
|
41
|
+
- `.rs`, `Cargo.toml`, `Cargo.lock`, workspace config, feature flags, public exports, traits, error types, tests, examples, benches, FFI, async runtime, allocation-sensitive code, or unsafe code change.
|
|
42
|
+
- The task touches ownership, borrowing, lifetimes, `Clone`, `Rc`, `Arc`, `Mutex`, `RefCell`, `unwrap`, `anyhow`, `thiserror`, `Box<dyn Error>`, channels, cancellation, zero-copy buffers, or public crate compatibility.
|
|
43
43
|
- The task introduces or reviews Rust-version-gated APIs or language behavior such as `let else`, let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `rust-version`, Rust 2024 lints, or release-profile tuning.
|
|
44
44
|
|
|
45
45
|
<!-- mustflow-section: do-not-use-when -->
|
|
@@ -53,7 +53,7 @@ instead of treated as incidental.
|
|
|
53
53
|
|
|
54
54
|
- `Cargo.toml`, workspace manifests, lockfile policy, toolchain config, rustfmt, clippy, feature flags, docs.rs metadata, optional dependencies, build profiles, target directory or cache policy, and CI hints.
|
|
55
55
|
- Relevant `src/lib.rs`, `src/main.rs`, modules, public re-exports, tests, examples, and docs examples.
|
|
56
|
-
- Existing error handling convention and
|
|
56
|
+
- Existing ownership map, error handling convention, async runtime, task ownership model, channel/backpressure policy, and shutdown or cancellation boundary.
|
|
57
57
|
- Public crate status, minimum supported Rust version, feature support policy, and downstream compatibility expectations when available.
|
|
58
58
|
- `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, Cargo resolver, workspace inheritance policy, and whether newer standard-library APIs require a raised MSRV.
|
|
59
59
|
- Host and build-loop constraints: OS, shell, native toolchain prerequisites, VM or remote-builder use, release profile, LTO, workspace size, disk budget, and configured smoke or focused-check intents.
|
|
@@ -62,9 +62,9 @@ instead of treated as incidental.
|
|
|
62
62
|
<!-- mustflow-section: preconditions -->
|
|
63
63
|
## Preconditions
|
|
64
64
|
|
|
65
|
-
- Determine whether the change affects ownership flow, public API, feature gates, optional dependencies, error contract, async runtime, or unsafe invariants.
|
|
66
|
-
- Read local patterns before adding traits, lifetimes, clones, locks, boxed errors, feature bounds, or `Send + Sync + 'static` constraints.
|
|
67
|
-
- Treat `clone`, `Arc
|
|
65
|
+
- Determine whether the change affects ownership flow, borrow duration, shared-state meaning, public API, feature gates, optional dependencies, error contract, async runtime, performance hot paths, or unsafe invariants.
|
|
66
|
+
- Read local patterns before adding traits, lifetimes, clones, locks, `Rc<RefCell<_>>`, boxed errors, feature bounds, owned buffers, or `Send + Sync + 'static` constraints.
|
|
67
|
+
- Treat `clone`, `Rc`, `Arc`, `Mutex`, `RefCell`, explicit lifetimes, `'static`, `Box<dyn Error>`, `anyhow`, `unwrap`, feature changes, zero-copy lifetime spread, and `unsafe` as suspicious until their contract impact is justified.
|
|
68
68
|
- Identify the intended edit-check-test loop before choosing a broad build. Treat whole-workspace
|
|
69
69
|
checks, release builds, fat LTO, cross-compiles, and sanitizer-style runs as expensive evidence
|
|
70
70
|
unless the command contract declares them as the normal focused path.
|
|
@@ -73,7 +73,7 @@ instead of treated as incidental.
|
|
|
73
73
|
<!-- mustflow-section: allowed-edits -->
|
|
74
74
|
## Allowed Edits
|
|
75
75
|
|
|
76
|
-
- Prefer truthful ownership and borrowing over broad cloning.
|
|
76
|
+
- Prefer truthful ownership and borrowing over broad cloning, shared mutable bags, or lifetime puzzles.
|
|
77
77
|
- Follow the crate's existing application-versus-library error convention.
|
|
78
78
|
- Keep feature-gated code and public re-exports synchronized.
|
|
79
79
|
- Touch unsafe code only with explicit invariants preserved in nearby comments.
|
|
@@ -86,7 +86,7 @@ instead of treated as incidental.
|
|
|
86
86
|
## Procedure
|
|
87
87
|
|
|
88
88
|
1. Read Cargo metadata, features, optional dependencies, docs.rs metadata, toolchain config, build profiles, public exports, relevant modules, and tests.
|
|
89
|
-
2. Classify the change as ownership, API, error, feature, async, unsafe, dependency, or test-only.
|
|
89
|
+
2. Classify the change as ownership, API, error, feature, async, concurrency, allocation, unsafe, dependency, or test-only.
|
|
90
90
|
3. Model the build loop before broad edits:
|
|
91
91
|
- identify the smallest package, crate, feature set, smoke target, or test that covers the risk;
|
|
92
92
|
- check whether `target/` or an equivalent cache may grow enough to affect local disk budget;
|
|
@@ -108,29 +108,38 @@ instead of treated as incidental.
|
|
|
108
108
|
- treat automatic edition rewrites as candidate diffs that still need human review of unsafe, macro, pattern, temporary lifetime, docs, and examples.
|
|
109
109
|
6. Prefer flatter control flow when the MSRV supports it: use `let else` for early validation, let chains for related optional/result guards, and match `if let` guards for state-machine refinements. Remember that guard patterns do not satisfy match exhaustiveness; keep the fallback arm meaningful.
|
|
110
110
|
7. In tests, prefer `assert_matches!` over `assert!(matches!(...))` when the MSRV supports it and the failed value has useful `Debug` output. Import it explicitly from `std` or `core`; do not assume it is in the prelude.
|
|
111
|
-
8.
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
111
|
+
8. Build an ownership ledger before reshaping modules:
|
|
112
|
+
- name the value owner, mutation owner, drop owner, and long-lived storage owner;
|
|
113
|
+
- keep `&T` as short observation, `&mut T` as short exclusive mutation, and `T` as transfer;
|
|
114
|
+
- prefer owned values, ids, handles, indexes, ranges, or offsets for long-lived structs;
|
|
115
|
+
- add explicit lifetimes only when the type is truly a view tied to source data.
|
|
116
|
+
9. Resolve ownership problems in this order: identify the real owner, shrink borrow scopes, fix function signatures to accept references or slices when ownership is unnecessary, distinguish transfer from sharing, then consider clone or shared ownership only when the semantics require it.
|
|
117
|
+
10. Before adding `clone`, verify it is a cheap handle clone such as `Arc`, `Rc`, or `Bytes`, a small intentional value clone, or a true independent ownership split. Reject derived `Clone` that hides shared mutable state, large collection clones, loop clones, clone-then-borrow code, and whole-state clones made only to satisfy `spawn`.
|
|
118
|
+
11. Before adding `Rc`, `Arc`, `Mutex`, or `RefCell`, identify whether the code needs shared ownership, thread crossing, interior mutability, or true shared mutable state. Prefer one owner plus messages or commands when possible; use `Weak` for back edges or cycles; keep `RefCell` and mutex guards short, and do not hold a guard across `.await`, I/O, callbacks, logging hooks, observer calls, or user code.
|
|
119
|
+
12. Before adding `Arc<Mutex<_>>`, verify multiple owners truly need shared mutable state. For read-mostly snapshots, prefer ownership-preserving choices such as `Arc::make_mut`, immutable swaps, atomics, sharded owners, or explicit reload boundaries. Keep critical sections short, document lock order when more than one lock exists, and decide whether poisoning is crash policy, recovery policy, or state-discard policy.
|
|
120
|
+
13. Choose initialization primitives by input and failure semantics: use `LazyLock` for no-argument static lazy values that may poison permanently on panic, and `OnceLock` when boot-time or test-time code supplies the value or panic poisoning must not become the recovery policy.
|
|
121
|
+
14. Avoid hidden allocation when cheaper type contracts fit: use `Cow<'_, str>` or borrowed slices for mostly-borrowed results, query `HashMap<String, V>` with `&str` when `Borrow` supports it, use `Option::take`, `take_if`, or `as_slice` for state transitions and 0-or-1 iteration, and use `ControlFlow`, `try_for_each`, or `try_fold` when visitor or iterator APIs need explicit short-circuiting.
|
|
122
|
+
15. Treat collection and string capacity as part of performance correctness. Use `with_capacity`, `reserve`, `spare_capacity_mut`, or `push_mut` only when the safety and MSRV contract are clear; keep `set_len` inside a small proven unsafe boundary; avoid repeated `String::insert`, front insertion loops, per-item `format!`, unnecessary `collect()`, and temporary `Vec` or `String` construction in hot paths.
|
|
123
|
+
16. Use zero-copy only when the lifetime cost is lower than the copy cost. Prefer borrowed slices for same-call observation, owned values for queue/task/cache/domain storage, and reference-counted buffers such as `Bytes` only when retaining the larger backing allocation is acceptable.
|
|
124
|
+
17. Use explicit lifetimes only to describe real borrow relationships. Do not add `'static` or `T: 'static` to public APIs merely because an internal task boundary requires it. If a self-referential shape appears, first replace internal references with offsets, ranges, ids, or arenas before considering `Pin`, macros, or unsafe.
|
|
125
|
+
18. Use concrete error enums for library APIs when callers need to classify failures. Separate recoverable errors from internal bugs; shape error variants around caller action, not merely dependency type names. Use `thiserror` to implement typed errors, `map_err` to translate lower-level failures, and `source()` to preserve diagnostic cause.
|
|
126
|
+
19. Keep `anyhow` mostly at application, CLI, worker, migration, or top-level orchestration boundaries where errors are logged, enriched with context, and not matched by downstream callers. Use `.context()` or `.with_context()` where `?` would otherwise erase the operation that failed.
|
|
127
|
+
20. Avoid `unwrap`, vague `expect`, and unbounded `panic!` in production paths. They are allowed only for tests, examples, startup policy, panic-boundary adapters, or invariants already proven by nearby code. Do not parse `Display` strings for control flow; match typed variants, error kinds, or stable error codes.
|
|
128
|
+
21. Review public API shape before adding `impl Trait`, `Deref`, or trait/lifetime machinery:
|
|
121
129
|
- argument-position `impl Trait` removes caller turbofish control and can be a public breaking change when converted from named generics;
|
|
122
130
|
- return-position `impl Trait` hides one concrete type, so divergent iterator or future branches need an enum, boxed trait object, or different API boundary;
|
|
123
131
|
- implement `Deref` only for pointer-like wrappers, not domain inheritance or method forwarding;
|
|
124
132
|
- use GATs for borrowing iterator/view traits when they remove a real allocation or boxed lifetime escape, not as decorative complexity.
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
133
|
+
22. If feature flags or Cargo workspace metadata change, treat default features, no-default builds, all-features builds, optional dependency implicit features, resolver behavior, target-specific dependencies, `workspace.package`, `workspace.dependencies`, `workspace.lints`, public re-exports, docs examples, and feature-gated trait impls as compatibility surfaces. Features should be additive, and `resolver = "2"` or a newer resolver decision must match the crate's edition/MSRV policy.
|
|
134
|
+
23. Treat public re-exports, public dependency types, generic bounds, trait item sets, error enum variants, `#[non_exhaustive]`, sealed versus externally implementable traits, and MSRV as public API. Tightened bounds, added required trait methods, removed re-exports, changed error variants, public dependency upgrades, or raised `rust-version` require compatibility review.
|
|
135
|
+
24. Do not mix async runtimes. A Tokio crate should not casually gain `async-std` or runtime-specific APIs in library core. Do not call blocking I/O or CPU-heavy work in async paths without an established boundary such as async-native APIs, bounded `spawn_blocking`, a semaphore, a dedicated worker, or a caller-owned runtime decision.
|
|
136
|
+
25. For async spawning, avoid leaking internal `Send + Sync + 'static` requirements into public APIs. Prefer owned task state, smaller spawn boundaries, local task structures, or caller-owned runtime decisions. Track every spawned task's owner, join/abort policy, panic handling, cancellation signal, and shutdown wait point.
|
|
137
|
+
26. Review async channels and cancellation as reliability contracts: prefer bounded channels unless unbounded memory growth is explicitly acceptable; define full-queue behavior, `send` failure handling, `recv None` shutdown behavior, sender clone lifecycle, timeout target, and whether `select!` branches are cancel-safe.
|
|
138
|
+
27. Touch `unsafe` only when a safe design cannot express the required behavior. Every unsafe block needs a nearby `SAFETY:` explanation; every public `unsafe fn` needs `# Safety` docs. In Rust 2024 or when `unsafe_op_in_unsafe_fn` is enabled, unsafe operations inside `unsafe fn` still need explicit unsafe blocks. Keep unsafe scopes small and wrap them in safe abstractions only when callers have no hidden safety obligations.
|
|
139
|
+
28. For FFI, keep Rust ABI types out of C boundaries. Use explicit ownership, `#[repr(C)]` where required, raw pointer plus length pairs, `CStr`/`CString`, RAII wrappers, null handling, panic boundaries, and documented thread-safety evidence before manual `Send` or `Sync`.
|
|
140
|
+
29. Review release profiles when the task changes binary delivery, CLI startup, embedded, wasm, or performance behavior. Treat `opt-level`, LTO, `panic`, `codegen-units`, and `strip` as product tradeoffs that must be measured or reported, not decorative Cargo knobs.
|
|
141
|
+
30. Calibrate performance claims. Do not claim Rust made a system faster from compile success, empty-database timings, warm-cache microbenchmarks, local-only runs, or debug versus release confusion. Require representative data size, concurrency, target hardware, profile, and measurement method before reporting speed claims. Prefer Criterion-style or macrobenchmark evidence when adding benchmark-backed claims, and state whether allocation count, copy count, lock contention, syscall count, p95/p99 latency, or throughput changed.
|
|
142
|
+
31. Choose configured verification intents that cover format, lint, build, tests, feature combinations, docs, public API, unsafe, FFI, smoke targets, package artifact, benchmark evidence, and release-profile risk when available.
|
|
134
143
|
|
|
135
144
|
<!-- mustflow-section: rejection-criteria -->
|
|
136
145
|
## Review Rejection Criteria
|
|
@@ -138,7 +147,11 @@ instead of treated as incidental.
|
|
|
138
147
|
Reject or revise the patch when any of these appear without strong local justification:
|
|
139
148
|
|
|
140
149
|
- New large `clone()` calls, clone-then-borrow code, loop clones, or state clones used only to appease ownership errors.
|
|
141
|
-
- New `
|
|
150
|
+
- New `#[derive(Clone)]` on types that contain shared mutable state without an explicit handle-versus-snapshot decision.
|
|
151
|
+
- New long-lived `struct Foo<'a>` fields, self-referential shapes, or public `'static` bounds that export an internal borrow or task workaround.
|
|
152
|
+
- New `Rc<RefCell<_>>` object graphs, `Rc` cycles without `Weak`, `RefCell` guards held across callbacks, or runtime borrow panics treated as normal control flow.
|
|
153
|
+
- New `Arc<Mutex<AppState>>`-style shared bags, locks held across `.await`, I/O, callbacks, logging hooks, or user code, or async I/O resources shared mainly by mutex.
|
|
154
|
+
- New unbounded channels, detached `tokio::spawn` work, timeout wrappers that only stop waiting, blocking work on an async executor, or shutdown paths that signal without waiting.
|
|
142
155
|
- New version-gated Rust API usage without API-specific MSRV, `rust-version`, edition, toolchain, CI, or fallback evidence.
|
|
143
156
|
- Rust 2024 edition changes accepted without reviewing unsafe extern blocks, unsafe attributes, `unsafe_op_in_unsafe_fn`, temporary drop scopes, and macro fragment behavior where those surfaces exist.
|
|
144
157
|
- New `LazyLock` initialization for recoverable runtime configuration where permanent panic poisoning would be the wrong failure policy.
|
|
@@ -146,7 +159,11 @@ Reject or revise the patch when any of these appear without strong local justifi
|
|
|
146
159
|
- New public `impl Trait`, `Deref`, GAT, workspace resolver, feature, or `rust-version` change without public API and compatibility review.
|
|
147
160
|
- New public `'static`, `Send`, or `Sync` bounds that exist only because an internal task was spawned.
|
|
148
161
|
- New public `Box<dyn Error>` in a library where callers need typed failures.
|
|
162
|
+
- New library `anyhow::Result` where downstream callers need stable classification, transparent dependency errors that leak implementation, or error variants named only after dependency crates.
|
|
149
163
|
- New production `unwrap` or vague `expect` on I/O, parse, environment, network, FFI, lock, or user input paths.
|
|
164
|
+
- New string-parsed error control flow instead of typed error variants, error kinds, or stable codes.
|
|
165
|
+
- New zero-copy lifetime spread that makes queues, tasks, caches, or domain objects borrow input buffers longer than the source owner can guarantee.
|
|
166
|
+
- New hot-path `format!`, `.to_string()`, unnecessary `collect()`, temporary `Vec`, repeated allocation, or debug-build performance claim without measurement evidence.
|
|
150
167
|
- New unbounded `panic!` paths, index assumptions, or unchecked slicing in production paths without a documented invariant or panic boundary.
|
|
151
168
|
- Feature changes that remove APIs, change type meaning, rename features, expose internal optional dependency names, or fail default/no-default/all-features reasoning.
|
|
152
169
|
- Public dependency types, re-exports, trait bounds, trait methods, or error enum variants changed without semver review.
|
|
@@ -162,8 +179,9 @@ Reject or revise the patch when any of these appear without strong local justifi
|
|
|
162
179
|
- Rust-version-gated syntax, standard-library APIs, Cargo behavior, and lint assumptions match the declared MSRV or have explicit fallbacks.
|
|
163
180
|
- Public API, features, optional dependencies, and error contracts are synchronized.
|
|
164
181
|
- Async runtime ownership is preserved and blocking work is isolated.
|
|
182
|
+
- Task ownership, channel capacity, cancellation, timeout, and shutdown wait points are explicit when async code changes.
|
|
165
183
|
- Unsafe, `unsafe_op_in_unsafe_fn`, and FFI invariants are preserved or no unsafe code was touched.
|
|
166
|
-
- Allocation, initialization, Cargo workspace, and release-profile choices are intentional and reported when they affect public or delivery behavior.
|
|
184
|
+
- Allocation, zero-copy, initialization, Cargo workspace, and release-profile choices are intentional and reported when they affect public, hot-path, or delivery behavior.
|
|
167
185
|
- Build-loop cost, target/cache impact, smoke-target coverage, and native toolchain prerequisites
|
|
168
186
|
are handled or reported.
|
|
169
187
|
- Missing feature, semver, docs, unsafe, FFI, smoke, package, or performance verification is reported.
|
|
@@ -215,6 +233,7 @@ When configured intents exist for these risks, prefer coverage equivalent to:
|
|
|
215
233
|
- Boundary checked
|
|
216
234
|
- Build-loop, cache, smoke target, and toolchain notes
|
|
217
235
|
- Ownership, feature, async, or unsafe impact
|
|
236
|
+
- Allocation, zero-copy, channel, cancellation, or benchmark impact
|
|
218
237
|
- Public API or error impact
|
|
219
238
|
- Files changed
|
|
220
239
|
- Command intents run
|