mustflow 2.108.2 → 2.108.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/cli/commands/script-pack.js +3 -0
- package/dist/cli/i18n/en.js +37 -0
- package/dist/cli/i18n/es.js +37 -0
- package/dist/cli/i18n/fr.js +37 -0
- package/dist/cli/i18n/hi.js +37 -0
- package/dist/cli/i18n/ko.js +37 -0
- package/dist/cli/i18n/zh.js +37 -0
- package/dist/cli/lib/command-registry.js +3 -0
- package/dist/cli/lib/script-pack-registry.js +84 -0
- package/dist/cli/script-packs/repo-automation-surface.js +88 -0
- package/dist/cli/script-packs/repo-dependency-surface.js +87 -0
- package/dist/cli/script-packs/repo-toolchain-provenance.js +90 -0
- package/dist/core/public-json-contracts.js +27 -0
- package/dist/core/repo-automation-surface.js +376 -0
- package/dist/core/repo-dependency-surface.js +282 -0
- package/dist/core/repo-toolchain-provenance.js +421 -0
- package/dist/core/script-pack-suggestions.js +33 -1
- package/package.json +1 -1
- package/schemas/README.md +10 -0
- package/schemas/repo-automation-surface-report.schema.json +148 -0
- package/schemas/repo-dependency-surface-report.schema.json +121 -0
- package/schemas/repo-toolchain-provenance-report.schema.json +124 -0
- package/templates/default/i18n.toml +18 -6
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +15 -5
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +98 -22
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +86 -27
- package/templates/default/locales/en/.mustflow/skills/routes.toml +16 -4
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +51 -32
- package/templates/default/locales/en/.mustflow/skills/split-refactor-residual-path-review/SKILL.md +176 -0
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +47 -29
- package/templates/default/locales/en/.mustflow/skills/ui-state-resurrection-review/SKILL.md +218 -0
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +14 -13
- package/templates/default/manifest.toml +15 -1
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.ui-state-resurrection-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 3
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: ui-state-resurrection-review
|
|
9
|
+
description: Apply this skill when frontend, desktop, mobile, chat, streaming, workspace, panel, tab, route, runtime, terminal, or session UI state that should be closed, completed, cleared, finalized, restarted, or deleted reappears after reload, restart, reconnect, route remount, SSR hydration, persisted-store rehydration, query-cache restore, service-worker cache restore, cloud sync, cross-tab broadcast, migration, crash recovery, or events such as message.complete, terminal-error, or old-generation stream replay; use it to prove whether the UI is rendering new state or resurrecting old persisted state.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.ui-state-resurrection-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# UI State Resurrection Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Debug resurrected UI state by tracing state provenance, persistence, hydration, and finalization before blaming rendering.
|
|
33
|
+
|
|
34
|
+
The core question is: "Is this panel, message, tab, route, task view, or draft newly created, or did an old stored record regain authority?" If restart, reload, reconnect, or hydration brings back the same ID, title, position, selected tab, message run, or collapsed state, treat it as a stored-state resurrection until evidence proves otherwise.
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- A completed, closed, cleared, deleted, finalized, or dismissed UI surface reappears after app restart, browser reload, reconnect, route remount, tab focus, provider remount, workspace switch, user switch, tenant switch, schema migration, crash recovery, or cloud sync.
|
|
40
|
+
- A chat, copilot, streaming response, draft response, task panel, workspace panel, active tab, sidebar item, layout slot, notification, toast, inbox item, modal, drawer, form draft, selected item, or route state returns after `message.complete`, finish, submit, close, clear, delete, archive, or done.
|
|
41
|
+
- A streaming session mixes message lifecycle, runtime health, terminal health, restart state, hydration, persistence, or old-generation events through flat flags such as `isDone`, `isLoading`, `hasError`, or one handler that mutates both UI state and durable session storage.
|
|
42
|
+
- Local or remote state sources may include memory stores, React Query, SWR, Apollo, Redux Persist, Zustand persist, Pinia, router loaders, SSR bootstrap data, localStorage, sessionStorage, IndexedDB, CacheStorage, service worker cache, BroadcastChannel, desktop user-data SQLite, JSON, LevelDB, preferences, workspace-state files, mobile shared preferences, mobile SQLite, restore state, server workspace layout, user session state, or cloud sync.
|
|
43
|
+
- The symptom is being described as a render bug, component bug, memoization issue, or CSS issue, but the same identity or old timestamp survives a restart, reload, hydration, or sync boundary.
|
|
44
|
+
|
|
45
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
46
|
+
## Do Not Use When
|
|
47
|
+
|
|
48
|
+
- The UI is wrong only within one live render pass and no reload, restart, hydration, persistence, cache restore, replay, sync, or remount boundary is involved; use `frontend-state-ownership-review`, `frontend-render-stability`, or a framework-specific frontend skill first.
|
|
49
|
+
- The task only reviews cache key correctness outside UI restoration; use `cache-integrity-review`.
|
|
50
|
+
- The task only reviews generic async races without persisted or restored state; use `async-timing-boundary-review` or `race-condition-review`.
|
|
51
|
+
- The task only reviews deletion lifecycle for domain data, database rows, or server records rather than UI/session restore state; use `deletion-lifecycle-review` or the relevant database skill.
|
|
52
|
+
- The state is intentionally restored by an explicit product contract and the task is only to polish copy, layout, or accessibility.
|
|
53
|
+
|
|
54
|
+
<!-- mustflow-section: required-inputs -->
|
|
55
|
+
## Required Inputs
|
|
56
|
+
|
|
57
|
+
- Symptom timeline: before action, during action, completion or close moment, before shutdown or reload, after restart or reload, after reconnect or sync, and whether the same identity returns.
|
|
58
|
+
- Identity ledger: user ID, workspace or tenant ID, route params, conversation ID, message ID, logical ID, instance ID, run ID, submission ID, stream ID, panel ID, tab key, task ID, event ID, event sequence, cursor, server version, message version, schema version, pending command ID, idempotency key, tombstone version, and process start time where relevant.
|
|
59
|
+
- Source ledger: memory store, query cache, router state, URL state, persisted store, browser storage, service worker cache, desktop user-data files, mobile storage, server layout, cloud sync, crash recovery, migration, and cross-tab or cross-device channels.
|
|
60
|
+
- Finalize ledger: close, clear, complete, delete, submit, archive, done, `message.complete`, or equivalent action; memory clear, persisted clear, query-cache update, pending write cancellation, hydration abort, server invalidation, tombstone or watermark write, and sync conflict policy.
|
|
61
|
+
- Streaming ownership ledger: gateway or listener, envelope validator, event handler or processor, reducer or state machine, UI selector, persistence writer, hydration guard, cleanup owner, runtime generation owner, ack policy, and replay or resync policy.
|
|
62
|
+
- Runtime health ledger: message status, terminal status, session health, restart-required state, runtime ID, generation ID, old-generation event rejection, terminal error archive, transcript retention, and active-runtime cleanup.
|
|
63
|
+
- Read and write paths: store actions, reducers, selectors, query cache writes, persistence middleware, storage reads and writes, hydration callbacks, route loaders, app init effects, WebSocket or event replay handlers, HTTP refetch handlers, BroadcastChannel handlers, migrations, and save-last-session code.
|
|
64
|
+
- Test or reproduction surface: delayed persist write, delayed HTTP snapshot, reconnect replay, route remount, store recreation, app restart, clean profile, copied app-data folder, cross-tab broadcast, cross-device sync, and schema migration where relevant.
|
|
65
|
+
|
|
66
|
+
<!-- mustflow-section: preconditions -->
|
|
67
|
+
## Preconditions
|
|
68
|
+
|
|
69
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
70
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
71
|
+
- Existing local patterns for persistence, hydration, cache restore, session restore, crash recovery, cross-tab sync, and server-side layout storage have been searched before adding another cleanup effect.
|
|
72
|
+
- If the resurrected state affects auth, tenant isolation, privacy, payment, deletion, or server data correctness, also apply the narrower security, payment, deletion, database, or cache skill for that boundary.
|
|
73
|
+
|
|
74
|
+
<!-- mustflow-section: allowed-edits -->
|
|
75
|
+
## Allowed Edits
|
|
76
|
+
|
|
77
|
+
- Add source labels, identity keys, timestamps, versions, event sequences, debug logs, and bounded instrumentation that prove which path wrote or read the resurrected value.
|
|
78
|
+
- Convert close, clear, complete, delete, archive, or done handlers into a single finalize action when state must be cleared across memory, persisted storage, query cache, inflight hydration, pending writes, server snapshots, and sync surfaces.
|
|
79
|
+
- Add tombstones, watermarks, generation IDs, abort tokens, schema migrations, identity guards, persisted-state partialization, merge filters, and stale-payload rejection for completed or cleared UI state.
|
|
80
|
+
- Split ephemeral in-progress state from committed history or durable layout state so a restored snapshot cannot recreate a completed run, closed panel, or cleared draft.
|
|
81
|
+
- Replace authoritative `active` and `finished` stores with selectors over one lifecycle truth when both lists can drift, duplicate, or resurrect the same item.
|
|
82
|
+
- Add lifecycle fields such as `logicalId`, `instanceId`, `status`, `version`, `eventCursor`, `pendingCommandId`, `idempotencyKey`, and `tombstone` when provenance shows projections are being stored as truth.
|
|
83
|
+
- Split streaming gateway, event handler, state store, persistence writer, hydration guard, and cleanup into explicit owners when one handler mutates UI state, session state, and durable storage.
|
|
84
|
+
- Add append-only event logs, snapshots, high-watermarks, durable-write acknowledgements, runtime or generation IDs, buffered hydration queues, and old-generation event rejection when streaming replay can cross restart or hydration boundaries.
|
|
85
|
+
- Add focused tests for delayed writes after finalize, stale HTTP snapshots, reconnect replay, route remount, cross-tab stale broadcasts, cross-device sync overwrite, crash recovery priority, migration defaulting, `message.complete` versus `terminal-error`, restart generation changes, and stale old-generation stream events.
|
|
86
|
+
- Do not fix resurrection by adding another render-time hide flag, CSS rule, duplicate cleanup effect, broad storage wipe, global cache clear, or product-state deletion unless provenance proves that scope is correct.
|
|
87
|
+
|
|
88
|
+
<!-- mustflow-section: procedure -->
|
|
89
|
+
## Procedure
|
|
90
|
+
|
|
91
|
+
1. Prove whether the UI is new or restored.
|
|
92
|
+
- Compare IDs, route params, tab keys, titles, positions, collapsed state, selected tab, task IDs, message IDs, run IDs, timestamps, and schema versions before and after restart, reload, remount, reconnect, or sync.
|
|
93
|
+
- If the same old identity returns after memory should be gone, prioritize persistence, hydration, replay, sync, migration, or crash recovery over rendering.
|
|
94
|
+
2. Snapshot every storage layer around the lifecycle.
|
|
95
|
+
- Capture state before the user action, during in-progress work, immediately after completion or close, before shutdown or reload, and immediately after restart or hydration.
|
|
96
|
+
- For web apps, inspect localStorage, sessionStorage, IndexedDB, CacheStorage, service worker cache, persisted query caches, and SSR bootstrap payloads.
|
|
97
|
+
- For desktop apps, inspect user-data SQLite, JSON, LevelDB, preferences, workspace-state files, crash recovery files, and cloud sync files.
|
|
98
|
+
- For mobile apps, inspect shared preferences, SQLite, key-value stores, sandbox restore state, and platform state restoration.
|
|
99
|
+
- Look for names such as `openPanels`, `activeTaskPanel`, `workspaceLayout`, `restoredTabs`, `lastSession`, `pendingTasks`, `taskViews`, `streamingMessage`, `pendingEvents`, `draftResponse`, `activeRun`, `completedStreamIds`, `lastCompletedEventSeq`, `clearedAt`, and `runFinalizedAt`.
|
|
100
|
+
3. Add provenance to reads and writes.
|
|
101
|
+
- Label each value with source, action name, previous value, next value, stack or caller, route, tab, user, workspace, message, run, event sequence, created time, written time, rehydrated time, and persist version when safe.
|
|
102
|
+
- Instrument store actions, reducers, query cache `setQueryData`, persistence `setItem`, IndexedDB writes, server response application, hydration callbacks, route loaders, app init effects, replay handlers, and BroadcastChannel handlers.
|
|
103
|
+
- Keep logs bounded and scrub secrets or personal data according to repository policy.
|
|
104
|
+
4. Reconstruct the timeline.
|
|
105
|
+
- The common failure is: stale in-progress state is scheduled for persistence, completion clears memory, a delayed write flushes the old snapshot, hydration later reads it, and the UI honestly renders it.
|
|
106
|
+
- Check whether `hydrate`, `restore`, `merge`, `sync`, `initialize`, `loadDraft`, `resumeSession`, `reconnect`, `onFocus`, `onMount`, or `saveLastSession` runs after finalize.
|
|
107
|
+
- Compare process start time with stored `createdAt` or `rehydratedAt`; old timestamps in post-start state are strong resurrection evidence.
|
|
108
|
+
5. Inspect finalize semantics.
|
|
109
|
+
- Treat `message.complete`, close, clear, delete, done, and archive as finalization events, not only render cleanup.
|
|
110
|
+
- Finalize should clear memory, remove or update persisted state, remove ephemeral query-cache fields, cancel pending persisted writes, abort inflight hydration, invalidate or patch server snapshots, and record a tombstone or watermark when replay is possible.
|
|
111
|
+
- Persisting only `null` may be weaker than persisting "this run or panel was finalized at this sequence/time" when old payloads can arrive later.
|
|
112
|
+
6. Review hydration merge policy.
|
|
113
|
+
- Reject blind shallow merges such as persisted state overriding current state without identity, version, and tombstone checks.
|
|
114
|
+
- Hydration should restore only if the persisted payload matches the current user, workspace, conversation, message, run, route, schema, and lifecycle, and is newer than the relevant clear or completion watermark.
|
|
115
|
+
- Drop streaming, draft, panel, and task-view fields from persisted state unless they have an explicit restoration contract.
|
|
116
|
+
7. Review inbound event ordering.
|
|
117
|
+
- `message.delta`, `message.complete`, reconnect replay, snapshot refresh, and history load may arrive through different paths.
|
|
118
|
+
- Require event sequence, server version, message version, run ID, or generation ID checks so replayed or late payloads older than completion cannot rebuild ephemeral UI.
|
|
119
|
+
- Delayed HTTP snapshots and background refetches must not recreate streaming or panel state after finalize.
|
|
120
|
+
8. Review streaming responsibility separation.
|
|
121
|
+
- Treat the gateway as a connection and envelope owner only: open the stream, parse chunks, validate `sessionId`, `streamId`, `eventId`, `seq`, `createdAt`, `type`, and `payload`, then hand off the event.
|
|
122
|
+
- Keep UI mutation and durable persistence out of the gateway. A listener that calls component setters and writes session storage in the same branch is a source-of-truth split.
|
|
123
|
+
- Let the event handler validate, deduplicate, order, and translate external events into internal commands. It should not decide component display policy or directly edit durable storage.
|
|
124
|
+
- Keep the state store as the only in-memory truth. Reducers or state machines should apply commands deterministically and update metadata such as `lastAppliedSeq`, `appliedEventIds`, `sessionStatus`, `messageIndex`, and `pendingToolCalls`.
|
|
125
|
+
- Make the persistence writer own event log, snapshots, high-watermark, schema version, migration, compaction, blob references, dirty markers, and durable-write success. Send server acknowledgements only through the durable boundary when acknowledgement means recoverability.
|
|
126
|
+
- Make the hydration guard buffer live events while snapshots or logs load, discard events older than the restored high-watermark, request replay or resync when a sequence gap appears, and reject late hydration from an obsolete runtime generation.
|
|
127
|
+
- Make cleanup dispose the runtime generation: abort streams, cancel readers, remove heartbeat and retry timers, stop new persistence writes, finish or mark short idempotent writes, drop buffered events, and require async callbacks to check `runtimeId` or generation tokens.
|
|
128
|
+
9. Separate message lifecycle from runtime health.
|
|
129
|
+
- `message.complete` ends the message lifecycle only. It should not clear terminal errors, mark runtime health as clean, erase restart-required state, or turn old terminal failures into success.
|
|
130
|
+
- `terminal-error` changes terminal and session health. It should not rewrite already completed messages as failed messages, delete message content, or pretend a partial message completed successfully.
|
|
131
|
+
- Model message status, terminal status, session health, and restart state separately instead of flattening them into `isDone`, `isLoading`, or `hasError`.
|
|
132
|
+
- Allow states such as `completedWithTerminalError`: the user may have a complete assistant message and a broken terminal at the same time.
|
|
133
|
+
- On restart, create a new runtime generation. Preserve transcript history when the product contract requires it, clear or archive active terminal errors, cancel pending streams, and reject old-generation `message.complete`, `terminal-error`, stdout, stderr, delta, and tool events.
|
|
134
|
+
10. Review identity boundaries.
|
|
135
|
+
- Persist and query keys must include every dimension that changes ownership: user, tenant, workspace, route, conversation, message, run, tab, and feature or locale dimensions when relevant.
|
|
136
|
+
- A key like `chat-state`, `workspace-layout`, or `activeMessage` is unsafe when more than one identity can share it.
|
|
137
|
+
- On logout, tenant switch, workspace switch, conversation switch, or route identity change, clear or reject state from the previous identity.
|
|
138
|
+
11. Review active, finished, and pending as lifecycle projections.
|
|
139
|
+
- Treat `active` and `finished` as selectors over one lifecycle model, not two independent authoritative stores.
|
|
140
|
+
- Preserve user intent, externally confirmed facts, and unfinished retryable work; clear only UI posture such as selected tab, accordion open state, hover, scroll, temporary filters, or transient loading decorations without durable evidence.
|
|
141
|
+
- Keep active until a terminal event such as finished, cancelled, deleted, archived, or tombstoned is confirmed with a version, cursor, or event ID and can be replayed after restart.
|
|
142
|
+
- Keep finished as append-only or versioned history until a versioned delete, archive, purge, retention expiry, or tombstone event proves removal; do not let an old restored snapshot erase newer finished facts.
|
|
143
|
+
- Keep pending finish, submit, close, delete, or archive commands with a command ID or idempotency key until success or failure ack decides whether to clear, retry, or restore active state.
|
|
144
|
+
- If the same logical item can have a current attempt and past completed records, separate user-facing `logicalId` from lifecycle `instanceId`, `runId`, or `submissionId`.
|
|
145
|
+
- Use one reducer for persisted snapshots, realtime events, and local commands so version, cursor, event ID, tombstone, and pending-command rules arbitrate every input consistently.
|
|
146
|
+
- Snapshot restore is not truth. A restored active or finished value must lose to newer versions, later cursors, tombstones, and already-applied event IDs even when the snapshot came from local disk or server layout.
|
|
147
|
+
12. Review async generation and remounts.
|
|
148
|
+
- Provider remount, StrictMode development double execution, HMR, route segment remount, auth context change, tab focus, and reconnect can run hydration more than once.
|
|
149
|
+
- Async hydration needs request tokens, generation IDs, or AbortController-style cancellation so late loads cannot overwrite current finalized state.
|
|
150
|
+
13. Review local, server, and sync authority.
|
|
151
|
+
- Test a clean browser profile or OS user; if the issue disappears, local persisted state is likely.
|
|
152
|
+
- Test a clean device after login; if the issue returns, server layout, session state, or cloud sync is likely.
|
|
153
|
+
- Delete only the suspect stored record; if the UI disappears after restart, the stored record had authority.
|
|
154
|
+
- Inject the stored record into a clean environment; if it reproduces, the restore path is proven.
|
|
155
|
+
- Check multi-device conflict policy: an old open state from device B must not overwrite a newer close or complete from device A.
|
|
156
|
+
14. Review migrations and crash recovery.
|
|
157
|
+
- Migration defaults must not convert old `closed: true`, `completed`, `done`, or missing lifecycle fields into open or active state.
|
|
158
|
+
- Crash recovery files must not outrank a normal session file that recorded a later finalize.
|
|
159
|
+
- Save-last-session code must save the latest state, not a stale captured snapshot from before completion.
|
|
160
|
+
15. Add targeted regression evidence.
|
|
161
|
+
- Prefer tests that model delayed persisted writes, persisted-store rehydration after finalize, stale HTTP snapshot after complete, reconnect replay after complete, route remount after complete, cross-tab stale broadcast, cross-device stale sync, and migration of old session records.
|
|
162
|
+
- Assert that rendering follows store state honestly, and that the store refuses old restored state after finalization.
|
|
163
|
+
- Add active, finished, and pending tests where a stale snapshot, replayed realtime event, duplicate event ID, command retry, or tombstone competes for the same logical ID or instance ID.
|
|
164
|
+
- Add reducer tests for `message.delta` to `message.complete`, duplicate `message.complete`, `terminal-error` preserving message content, `terminal-error` then `message.complete`, `message.complete` then `terminal-error`, hydration idempotency, restart generation changes, and stale old-generation event rejection.
|
|
165
|
+
- Add integration tests for normal streaming completion, terminal error before message completion, terminal error after message completion, refresh hydration of `completedWithTerminalError`, restart from a hydrated error session, and old-generation events arriving after restart.
|
|
166
|
+
- Add transition-table tests for `ready`, `streaming`, `completed`, `terminalError`, `completedWithTerminalError`, `hydrating`, `restarting`, and `readyAfterRestart` when those states exist in the product model.
|
|
167
|
+
|
|
168
|
+
<!-- mustflow-section: postconditions -->
|
|
169
|
+
## Postconditions
|
|
170
|
+
|
|
171
|
+
- The resurrected UI is classified as newly created, restored from local persistence, restored from query or service-worker cache, restored from desktop or mobile app data, restored from server layout, restored from sync, restored by replay, restored by migration, restored by crash recovery, or not yet localized.
|
|
172
|
+
- Finalize actions clear or tombstone memory, persistence, query cache, inflight hydration, pending writes, server snapshots, and sync inputs where relevant.
|
|
173
|
+
- Hydration and replay paths reject stale, wrong-identity, wrong-schema, or older-than-watermark payloads.
|
|
174
|
+
- Streaming event handling has one mutation pipeline from gateway to event handler, state store, persistence writer, hydration guard, cleanup, and UI selectors; handlers do not directly mutate both UI and durable storage.
|
|
175
|
+
- `message.complete`, `terminal-error`, hydration, and restart are proven separate lifecycle concerns rather than competing flat flags.
|
|
176
|
+
- `active`, `finished`, and `pending` are either proven projections from one lifecycle truth or the remaining multi-source drift is reported.
|
|
177
|
+
- Tests or reproduction evidence cover the changed lifecycle boundary, or missing evidence is reported explicitly.
|
|
178
|
+
|
|
179
|
+
<!-- mustflow-section: verification -->
|
|
180
|
+
## Verification
|
|
181
|
+
|
|
182
|
+
Use configured oneshot command intents when available:
|
|
183
|
+
|
|
184
|
+
- `changes_status`
|
|
185
|
+
- `changes_diff_summary`
|
|
186
|
+
- `lint`
|
|
187
|
+
- `build`
|
|
188
|
+
- `test_related`
|
|
189
|
+
- `test`
|
|
190
|
+
- `docs_validate_fast`
|
|
191
|
+
- `test_release`
|
|
192
|
+
- `mustflow_check`
|
|
193
|
+
|
|
194
|
+
Use the narrowest configured frontend, unit, integration, docs, release, or mustflow intent that covers the persistence, hydration, replay, sync, migration, or finalize boundary. Do not infer raw browser, dev-server, storage-inspection, database, sync-service, or mobile commands outside the command contract.
|
|
195
|
+
|
|
196
|
+
<!-- mustflow-section: failure-handling -->
|
|
197
|
+
## Failure Handling
|
|
198
|
+
|
|
199
|
+
- If storage access, server layout, sync logs, or app-data files are unavailable, report which source remains unproven instead of claiming a render fix.
|
|
200
|
+
- If the state source cannot be named, add bounded provenance before changing cleanup logic.
|
|
201
|
+
- If a proposed fix only hides the component while the old record remains restorable, reject it as symptom masking.
|
|
202
|
+
- If clearing all storage would hide the bug but delete user data, narrow the stored record, identity, tombstone, or migration rule first.
|
|
203
|
+
- If tests need live browser, mobile, desktop, sync, or production telemetry not configured in `.mustflow/config/commands.toml`, run available local checks and report the manual evidence gap.
|
|
204
|
+
|
|
205
|
+
<!-- mustflow-section: output-format -->
|
|
206
|
+
## Output Format
|
|
207
|
+
|
|
208
|
+
- UI state resurrection surface reviewed
|
|
209
|
+
- New-versus-restored verdict and identity evidence
|
|
210
|
+
- Source ledger: memory, query cache, persisted store, browser storage, desktop or mobile storage, server layout, sync, replay, migration, and crash recovery where relevant
|
|
211
|
+
- Timeline: write, finalize, delayed write, read, hydrate, replay, remount, sync, and render order
|
|
212
|
+
- Streaming ownership: gateway, event handler, state store, persistence writer, hydration guard, cleanup, ack, and UI selector boundary
|
|
213
|
+
- Finalize, tombstone, watermark, merge, identity, lifecycle projection, runtime health, terminal health, pending command, generation, cache, and migration decisions
|
|
214
|
+
- Fixes made or recommended
|
|
215
|
+
- Tests or reproduction evidence
|
|
216
|
+
- Command intents run
|
|
217
|
+
- Skipped resurrection diagnostics and reasons
|
|
218
|
+
- Remaining UI state resurrection risk
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.version-freshness-check
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 9
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: version-freshness-check
|
|
9
|
-
description: Apply this skill when generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, Python standard-library/API references, TypeScript compiler-track references, Go release, toolchain, standard-library, runtime, or
|
|
9
|
+
description: Apply this skill when generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, Python standard-library/API references, TypeScript compiler-track references, Go release, toolchain, standard-library, runtime, experiment, framework, or dependency references such as Gin, Rust release, toolchain, standard-library, Cargo, edition, MSRV, lint, or target references, HTTP standard or browser-support references, or migration-sensitive snippets introduce explicit external version references that may be stale.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -36,7 +36,7 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
36
36
|
- CI workflows, release workflows, Dockerfiles, package metadata, lockfiles, runtime files, framework configuration, README examples, docs, tests, fixtures, or templates mention external versions such as GitHub Actions refs, Node, Bun, Deno, Python, Rust, Tauri, Astro, Next, SvelteKit, Electron, Docker images, package managers, SDKs, plugins, or generators.
|
|
37
37
|
- Python wording mentions current/stable/support status, Python 3.14+ or 3.15+ syntax, standard-library APIs, runtime flags, changed default behavior, security defaults, or examples that depend on `requires-python`.
|
|
38
38
|
- TypeScript wording mentions current/stable/RC/nightly status for TypeScript 6, TypeScript 7, `@typescript/typescript6`, `tsc6`, `typescript@rc`, `@typescript/native-preview`, `tsgo`, compiler API compatibility, or migration readiness.
|
|
39
|
-
- Go wording mentions current/stable/support status, Go release numbers, `go.mod` language version behavior, `toolchain` behavior, standard-library APIs, `GOEXPERIMENT`, runtime defaults, container behavior, JSON experiments, or examples that depend on a specific Go version.
|
|
39
|
+
- Go wording mentions current/stable/support status, Go release numbers, `go.mod` language version behavior, `toolchain` behavior, standard-library APIs, `GOEXPERIMENT`, runtime defaults, container behavior, JSON experiments, third-party Go framework releases such as Gin, framework minimum-Go requirements, or examples that depend on a specific Go or framework version.
|
|
40
40
|
- Rust wording mentions current/stable/support status, Rust release numbers, `rust-version`, edition behavior, `rust-toolchain`, Cargo resolver or workspace behavior, standard-library APIs, compiler lints, target behavior, release profiles, or examples that depend on a specific Rust version.
|
|
41
41
|
- HTTP delivery wording mentions current support, baseline status, default behavior, standard status, or compatibility for zstd content coding, compression dictionary transport, SSE/EventSource, WebTransport, WebSocket fallback, HTTP/2, HTTP/3, QUIC, CDN behavior, proxy buffering, or browser transport APIs.
|
|
42
42
|
- An agent proposes a versioned dependency, tool, framework, action, image, or runtime based on memory, copied snippets, older project examples, or user-provided text that may be stale.
|
|
@@ -100,14 +100,15 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
100
100
|
16. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat TS6 stable API track (`@typescript/typescript6`, `tsc6`), TS7 RC compiler track (`typescript@rc`, `tsc`), TS7 nightly track (`@typescript/native-preview`, `tsgo`), and future TS7 stable `typescript` behavior as distinct tracks. Do not call RC or nightly output "latest stable TypeScript" just because it is newer.
|
|
101
101
|
17. For TypeScript examples, make the selected track explicit: TS6 API compatibility, TS7 RC compiler verification, TS7 nightly comparison, editor preview, or repository adoption. If the project has compiler API consumers, transformers, framework wrappers, or declaration snapshots, classify the reference as migration-sensitive and keep API consumers on the TS6 API track until support is explicit. Check exact support before relying on `rootDir` defaults, ambient `types` defaults, import attributes, subpath imports, `import defer`, `using`, or `await using`.
|
|
102
102
|
18. For Go release, toolchain, standard-library, runtime, or experiment claims, refresh official Go release notes or package documentation before writing durable wording. Check the repository's `go` directive, `toolchain` directive, CI/runtime matrix, and container target before using or recommending version-gated features such as expression operands to `new`, range-over-function iterators, generic type aliases, reflect iterator methods, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `T.ArtifactDir`, `B.ArtifactDir`, `F.ArtifactDir`, `testing/cryptotest.SetGlobalRandom`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `ReverseProxy.Rewrite`, container-aware `GOMAXPROCS`, goroutine leak profiles, `encoding/json/v2`, or `GOEXPERIMENT` APIs.
|
|
103
|
-
19. For Go
|
|
104
|
-
20. For
|
|
105
|
-
21. For Rust
|
|
106
|
-
22. For
|
|
107
|
-
23. For HTTP
|
|
108
|
-
24. For
|
|
109
|
-
25.
|
|
110
|
-
26.
|
|
103
|
+
19. For Go framework and dependency release claims, refresh the source that owns the artifact before writing durable wording. For Gin, prefer official Gin release notes, pkg.go.dev module metadata, and the upstream repository release or source files for claims about latest stable version, minimum Go version, HTTP/3 support, BSON support, binding behavior, router options, logger options, trusted proxy behavior, or `Context` APIs. Keep framework upgrade advice separate from repository adoption, because a framework minor can still require a Go toolchain, CI image, Docker base, middleware, route, or binding migration.
|
|
104
|
+
20. For Go examples that use newer standard-library APIs, framework APIs, or runtime defaults, either keep the example behind an explicit Go or framework version floor or provide a supported fallback. Do not call an experimental `GOEXPERIMENT` feature, a newer `go` directive behavior, or a newly added framework method a general Go best practice when the repository declares lower support.
|
|
105
|
+
21. For Rust release, toolchain, standard-library, Cargo, edition, lint, target, or MSRV claims, refresh official Rust release notes, standard-library docs, the Cargo Book, Rust Reference, or rustc book before writing durable wording. Check `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, docs.rs metadata, and crate publish policy before using or recommending version-gated features such as let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `resolver = "2"`, Rust 2024 `unsafe extern`, unsafe attributes, Rust 2024 `unsafe_op_in_unsafe_fn`, temporary drop-scope changes, macro fragment behavior, or release-profile defaults.
|
|
106
|
+
22. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback. Use an API-by-API MSRV ledger for features such as `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`; do not collapse them into a single "latest Rust" bucket, and do not treat nightly-only behavior or target-specific linker behavior as stable without explicit evidence.
|
|
107
|
+
23. For HTTP standards, browser APIs, proxy defaults, CDN defaults, and transport support claims, prefer official RFCs, standards bodies, MDN or browser vendor docs, and vendor-owned proxy/CDN documentation. Keep WebTransport, compression dictionary transport, zstd content coding, SSE/EventSource, HTTP/2, HTTP/3, QUIC, and proxy-buffering claims track-specific and dated when support is changing.
|
|
108
|
+
24. For HTTP delivery examples that depend on newer or unevenly supported behavior, require feature detection, fallback behavior, or explicit deployment constraints. Do not present WebTransport, dictionary compression, or zstd negotiation as a universal default when the project still needs browsers, proxies, CDNs, or networks that may not support it.
|
|
109
|
+
25. For Docker images, decide whether the project prefers semver tags, distro tags, LTS tags, date tags, or digests. Do not replace a digest or pinned base image with a floating tag unless the repository policy says so.
|
|
110
|
+
26. Synchronize every accepted version decision across package metadata, lockfiles when intentionally updated, CI, Docker, runtime files, docs, examples, templates, tests, and release notes.
|
|
111
|
+
27. Run the narrowest configured verification that covers the changed versioned surface. Use broader verification for major, migration-required, runtime, framework, generated-output, package-publish, Docker, CI, TypeScript compiler-track, Go toolchain or runtime support, Go framework runtime support, Rust toolchain or MSRV support, HTTP delivery compatibility, or security-sensitive changes.
|
|
111
112
|
|
|
112
113
|
<!-- mustflow-section: postconditions -->
|
|
113
114
|
## Postconditions
|
|
@@ -119,7 +120,7 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
119
120
|
- Python standard-library examples and runtime-default claims match the declared Python support matrix or name the required runtime floor.
|
|
120
121
|
- Python template strings, annotation inspection, explicit lazy imports, immutable mappings, sentinels, and advanced `TypedDict` shape claims are either official-source checked or omitted.
|
|
121
122
|
- TypeScript 6 stable API, TypeScript 7 RC compiler, TypeScript 7 nightly, and future stable TypeScript tracks are not collapsed into one generic "latest TypeScript" claim.
|
|
122
|
-
- Go release, `go.mod` language version, standard-library API, runtime-default, and `GOEXPERIMENT` claims match the declared Go support matrix or name the required runtime floor.
|
|
123
|
+
- Go release, `go.mod` language version, standard-library API, framework dependency API such as Gin, runtime-default, and `GOEXPERIMENT` claims match the declared Go support matrix or name the required runtime or framework floor.
|
|
123
124
|
- Rust release, `rust-version`, edition, standard-library API, Cargo resolver, lint-default, target, and nightly/stable claims match the declared Rust support matrix or name the required API-specific runtime floor.
|
|
124
125
|
- HTTP standard, browser-support, proxy-default, CDN-default, and transport-support claims are not written from stale memory and keep feature detection or fallback boundaries explicit where support varies.
|
|
125
126
|
- Docs and examples do not make unverifiable current-version claims.
|
|
@@ -147,7 +148,7 @@ Choose the narrowest configured intent that proves the changed versioned surface
|
|
|
147
148
|
- If a freshness check requires network, credentials, or a connector that is not available, report the boundary and avoid current-version claims.
|
|
148
149
|
- If a proposed major or migration-required version is better for greenfield work but risky for the existing project, present both choices and ask before changing the project.
|
|
149
150
|
- If TypeScript 7 RC, nightly, or stable freshness changes during the task, update wording to a dated or track-specific claim and keep repository adoption separate from comparison-only checks.
|
|
150
|
-
- If Go release or experiment freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, `go` directive adoption, CI support, and `GOEXPERIMENT` adoption separate.
|
|
151
|
+
- If Go release, framework release, or experiment freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, `go` directive adoption, framework adoption, CI support, and `GOEXPERIMENT` adoption separate.
|
|
151
152
|
- If Rust release or toolchain freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, MSRV adoption, edition adoption, CI support, target support, and nightly or unstable features separate.
|
|
152
153
|
- If HTTP delivery support changes during the task, update wording to a dated or track-specific claim and keep standards, browser support, CDN behavior, proxy defaults, and repository adoption separate.
|
|
153
154
|
- If verification fails after a freshness update, do not weaken tests, lower type checks, delete lockfiles, or widen ranges to make the update pass. Revert or narrow the version decision unless the behavior change is intentional.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
id = "default"
|
|
2
2
|
name = "default"
|
|
3
|
-
version = "2.108.
|
|
3
|
+
version = "2.108.8"
|
|
4
4
|
description = "Minimal workflow for LLM agents to read, edit, and verify their work in a repository."
|
|
5
5
|
common_root = "common"
|
|
6
6
|
locales_root = "locales"
|
|
@@ -23,6 +23,7 @@ creates = [
|
|
|
23
23
|
".mustflow/skills/auth-permission-change/SKILL.md",
|
|
24
24
|
".mustflow/skills/security-flow-review/SKILL.md",
|
|
25
25
|
".mustflow/skills/behavior-preserving-refactor/SKILL.md",
|
|
26
|
+
".mustflow/skills/split-refactor-residual-path-review/SKILL.md",
|
|
26
27
|
".mustflow/skills/code-review/SKILL.md",
|
|
27
28
|
".mustflow/skills/ai-generated-code-hardening/SKILL.md",
|
|
28
29
|
".mustflow/skills/quality-gaming-guard/SKILL.md",
|
|
@@ -59,6 +60,7 @@ creates = [
|
|
|
59
60
|
".mustflow/skills/low-end-device-support-review/SKILL.md",
|
|
60
61
|
".mustflow/skills/mobile-energy-efficiency-review/SKILL.md",
|
|
61
62
|
".mustflow/skills/frontend-state-ownership-review/SKILL.md",
|
|
63
|
+
".mustflow/skills/ui-state-resurrection-review/SKILL.md",
|
|
62
64
|
".mustflow/skills/frontend-stress-layout-review/SKILL.md",
|
|
63
65
|
".mustflow/skills/frontend-accessibility-tree-review/SKILL.md",
|
|
64
66
|
".mustflow/skills/frontend-component-library-review/SKILL.md",
|
|
@@ -249,6 +251,7 @@ minimal = [
|
|
|
249
251
|
"auth-permission-change",
|
|
250
252
|
"security-flow-review",
|
|
251
253
|
"behavior-preserving-refactor",
|
|
254
|
+
"split-refactor-residual-path-review",
|
|
252
255
|
"code-review",
|
|
253
256
|
"ai-generated-code-hardening",
|
|
254
257
|
"quality-gaming-guard",
|
|
@@ -285,6 +288,7 @@ minimal = [
|
|
|
285
288
|
"low-end-device-support-review",
|
|
286
289
|
"mobile-energy-efficiency-review",
|
|
287
290
|
"frontend-state-ownership-review",
|
|
291
|
+
"ui-state-resurrection-review",
|
|
288
292
|
"frontend-stress-layout-review",
|
|
289
293
|
"frontend-accessibility-tree-review",
|
|
290
294
|
"frontend-component-library-review",
|
|
@@ -412,6 +416,7 @@ patterns = [
|
|
|
412
416
|
"auth-permission-change",
|
|
413
417
|
"security-flow-review",
|
|
414
418
|
"behavior-preserving-refactor",
|
|
419
|
+
"split-refactor-residual-path-review",
|
|
415
420
|
"code-review",
|
|
416
421
|
"ai-generated-code-hardening",
|
|
417
422
|
"quality-gaming-guard",
|
|
@@ -448,6 +453,7 @@ patterns = [
|
|
|
448
453
|
"low-end-device-support-review",
|
|
449
454
|
"mobile-energy-efficiency-review",
|
|
450
455
|
"frontend-state-ownership-review",
|
|
456
|
+
"ui-state-resurrection-review",
|
|
451
457
|
"frontend-stress-layout-review",
|
|
452
458
|
"frontend-accessibility-tree-review",
|
|
453
459
|
"frontend-component-library-review",
|
|
@@ -586,6 +592,7 @@ oss = [
|
|
|
586
592
|
"auth-permission-change",
|
|
587
593
|
"security-flow-review",
|
|
588
594
|
"behavior-preserving-refactor",
|
|
595
|
+
"split-refactor-residual-path-review",
|
|
589
596
|
"code-review",
|
|
590
597
|
"ai-generated-code-hardening",
|
|
591
598
|
"quality-gaming-guard",
|
|
@@ -622,6 +629,7 @@ oss = [
|
|
|
622
629
|
"low-end-device-support-review",
|
|
623
630
|
"mobile-energy-efficiency-review",
|
|
624
631
|
"frontend-state-ownership-review",
|
|
632
|
+
"ui-state-resurrection-review",
|
|
625
633
|
"frontend-stress-layout-review",
|
|
626
634
|
"frontend-accessibility-tree-review",
|
|
627
635
|
"frontend-component-library-review",
|
|
@@ -777,6 +785,7 @@ team = [
|
|
|
777
785
|
"auth-permission-change",
|
|
778
786
|
"security-flow-review",
|
|
779
787
|
"behavior-preserving-refactor",
|
|
788
|
+
"split-refactor-residual-path-review",
|
|
780
789
|
"code-review",
|
|
781
790
|
"ai-generated-code-hardening",
|
|
782
791
|
"quality-gaming-guard",
|
|
@@ -813,6 +822,7 @@ team = [
|
|
|
813
822
|
"low-end-device-support-review",
|
|
814
823
|
"mobile-energy-efficiency-review",
|
|
815
824
|
"frontend-state-ownership-review",
|
|
825
|
+
"ui-state-resurrection-review",
|
|
816
826
|
"frontend-stress-layout-review",
|
|
817
827
|
"frontend-accessibility-tree-review",
|
|
818
828
|
"frontend-component-library-review",
|
|
@@ -953,6 +963,7 @@ product = [
|
|
|
953
963
|
"auth-permission-change",
|
|
954
964
|
"security-flow-review",
|
|
955
965
|
"behavior-preserving-refactor",
|
|
966
|
+
"split-refactor-residual-path-review",
|
|
956
967
|
"code-review",
|
|
957
968
|
"ai-generated-code-hardening",
|
|
958
969
|
"quality-gaming-guard",
|
|
@@ -989,6 +1000,7 @@ product = [
|
|
|
989
1000
|
"low-end-device-support-review",
|
|
990
1001
|
"mobile-energy-efficiency-review",
|
|
991
1002
|
"frontend-state-ownership-review",
|
|
1003
|
+
"ui-state-resurrection-review",
|
|
992
1004
|
"frontend-stress-layout-review",
|
|
993
1005
|
"frontend-accessibility-tree-review",
|
|
994
1006
|
"frontend-component-library-review",
|
|
@@ -1135,6 +1147,7 @@ library = [
|
|
|
1135
1147
|
"auth-permission-change",
|
|
1136
1148
|
"security-flow-review",
|
|
1137
1149
|
"behavior-preserving-refactor",
|
|
1150
|
+
"split-refactor-residual-path-review",
|
|
1138
1151
|
"code-review",
|
|
1139
1152
|
"ai-generated-code-hardening",
|
|
1140
1153
|
"quality-gaming-guard",
|
|
@@ -1171,6 +1184,7 @@ library = [
|
|
|
1171
1184
|
"low-end-device-support-review",
|
|
1172
1185
|
"mobile-energy-efficiency-review",
|
|
1173
1186
|
"frontend-state-ownership-review",
|
|
1187
|
+
"ui-state-resurrection-review",
|
|
1174
1188
|
"frontend-stress-layout-review",
|
|
1175
1189
|
"frontend-accessibility-tree-review",
|
|
1176
1190
|
"frontend-component-library-review",
|