mustflow 2.108.3 → 2.108.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/templates/default/i18n.toml +15 -3
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +12 -2
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +52 -15
- package/templates/default/locales/en/.mustflow/skills/routes.toml +12 -0
- package/templates/default/locales/en/.mustflow/skills/split-refactor-residual-path-review/SKILL.md +176 -0
- package/templates/default/locales/en/.mustflow/skills/ui-state-resurrection-review/SKILL.md +218 -0
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +14 -13
- package/templates/default/manifest.toml +15 -1
package/package.json
CHANGED
|
@@ -62,7 +62,7 @@ translations = {}
|
|
|
62
62
|
[documents."skills.index"]
|
|
63
63
|
source = "locales/en/.mustflow/skills/INDEX.md"
|
|
64
64
|
source_locale = "en"
|
|
65
|
-
revision =
|
|
65
|
+
revision = 214
|
|
66
66
|
translations = {}
|
|
67
67
|
|
|
68
68
|
[documents."skill.adapter-boundary"]
|
|
@@ -113,6 +113,12 @@ source_locale = "en"
|
|
|
113
113
|
revision = 12
|
|
114
114
|
translations = {}
|
|
115
115
|
|
|
116
|
+
[documents."skill.split-refactor-residual-path-review"]
|
|
117
|
+
source = "locales/en/.mustflow/skills/split-refactor-residual-path-review/SKILL.md"
|
|
118
|
+
source_locale = "en"
|
|
119
|
+
revision = 1
|
|
120
|
+
translations = {}
|
|
121
|
+
|
|
116
122
|
[documents."skill.code-review"]
|
|
117
123
|
source = "locales/en/.mustflow/skills/code-review/SKILL.md"
|
|
118
124
|
source_locale = "en"
|
|
@@ -329,6 +335,12 @@ source_locale = "en"
|
|
|
329
335
|
revision = 1
|
|
330
336
|
translations = {}
|
|
331
337
|
|
|
338
|
+
[documents."skill.ui-state-resurrection-review"]
|
|
339
|
+
source = "locales/en/.mustflow/skills/ui-state-resurrection-review/SKILL.md"
|
|
340
|
+
source_locale = "en"
|
|
341
|
+
revision = 3
|
|
342
|
+
translations = {}
|
|
343
|
+
|
|
332
344
|
[documents."skill.frontend-stress-layout-review"]
|
|
333
345
|
source = "locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md"
|
|
334
346
|
source_locale = "en"
|
|
@@ -571,7 +583,7 @@ translations = {}
|
|
|
571
583
|
[documents."skill.version-freshness-check"]
|
|
572
584
|
source = "locales/en/.mustflow/skills/version-freshness-check/SKILL.md"
|
|
573
585
|
source_locale = "en"
|
|
574
|
-
revision =
|
|
586
|
+
revision = 9
|
|
575
587
|
translations = {}
|
|
576
588
|
|
|
577
589
|
[documents."skill.line-ending-hygiene"]
|
|
@@ -709,7 +721,7 @@ translations = {}
|
|
|
709
721
|
[documents."skill.go-code-change"]
|
|
710
722
|
source = "locales/en/.mustflow/skills/go-code-change/SKILL.md"
|
|
711
723
|
source_locale = "en"
|
|
712
|
-
revision =
|
|
724
|
+
revision = 7
|
|
713
725
|
translations = {}
|
|
714
726
|
|
|
715
727
|
[documents."skill.godot-code-change"]
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skills.index
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 214
|
|
6
6
|
authority: router
|
|
7
7
|
lifecycle: mustflow-owned
|
|
8
8
|
---
|
|
@@ -93,6 +93,9 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
93
93
|
- Use `module-boundary-review` as an adjunct when module separation needs change-spread, data-owner,
|
|
94
94
|
policy-owner, failure-owner, import-direction, DTO leakage, shared-helper, public-API, or caller
|
|
95
95
|
sequencing review before deciding whether a boundary is real.
|
|
96
|
+
- Use `split-refactor-residual-path-review` as an adjunct when a split or extraction claims a
|
|
97
|
+
handler, listener, state mutation, event processor, side effect, or cleanup responsibility moved
|
|
98
|
+
and the review must prove the old file or fallback path cannot still process the same event.
|
|
96
99
|
- Use `change-blast-radius-review` as an adjunct when maintainability review needs to predict the
|
|
97
100
|
next-change spread, feature deletion path, policy owner, workflow owner, config or tenant branch
|
|
98
101
|
spread, event contract visibility, migration/runtime compatibility, or whether a clean-looking
|
|
@@ -239,6 +242,11 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
239
242
|
- Use `frontend-state-ownership-review` as an adjunct when frontend state can drift across props,
|
|
240
243
|
local state, server cache, URL params, form drafts, global stores, context, persisted storage,
|
|
241
244
|
derived selectors, optimistic updates, query keys, request races, or external subscriptions.
|
|
245
|
+
- Use `ui-state-resurrection-review` as an adjunct when a closed, completed, cleared, deleted,
|
|
246
|
+
finalized, or dismissed UI surface such as a panel, tab, route, chat stream, draft, task view,
|
|
247
|
+
layout slot, modal, drawer, or notification reappears after reload, restart, reconnect, remount,
|
|
248
|
+
persisted-store hydration, cache restore, replay, migration, crash recovery, cross-tab broadcast,
|
|
249
|
+
cloud sync, or events such as `message.complete`.
|
|
242
250
|
- Use `frontend-stress-layout-review` as an adjunct when frontend UI needs hostile-content and
|
|
243
251
|
layout-resilience review for parent container width, container queries, long unbroken strings,
|
|
244
252
|
async media, skeletons, empty, error, permission and loading states, scrollbars, mobile
|
|
@@ -566,7 +574,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
566
574
|
| JavaScript source, module format, package entry, browser or Node runtime, dependency usage, Promise handling, bundler config, or JavaScript tests are created or changed | `.mustflow/skills/javascript-code-change/SKILL.md` | Package metadata, module system, runtime target, entrypoints, changed files, and command contract entries | JavaScript source, package exports, bundler config, dependencies, tests, and docs examples | runtime API leakage, ESM/CJS drift, discarded Promise, dependency bloat, or broken package entry | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime and module boundary checked, async and dependency notes, verification, and remaining JavaScript risk |
|
|
567
575
|
| Python source, package metadata, runtime version, import layout, architecture boundaries, type checking, async tasks, exception/logging/retry behavior, collection performance, pytest fixtures or mocks, linting, CLI entry points, or tests are created or changed | `.mustflow/skills/python-code-change/SKILL.md` | Python version source, packaging files, build backend or package-manager owner, import layout, architecture boundary, lint/type/test config, async/failure/performance surface, changed files, and command contract entries | Python source, packaging metadata, imports, type hints, adapters, async ownership, exception/logging/retry code, collection hot paths, tests, and docs examples | unsupported syntax, import hacks, packaging drift, framework or ORM leakage into domain code, false type safety, unowned task, swallowed cancellation, retry storm, hidden fallback, copy-heavy hot path, fixture state leak, bare mock lie, or weakened lint/type checks | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime, packaging, import, architecture, type, async, failure, performance, and test boundary checked, verification, and remaining Python risk |
|
|
568
576
|
| PowerShell scripts, modules, command examples, `pwsh` invocations, native-command wrappers, quoting, here-strings, splatting, regex, wildcard, replacement strings, or PowerShell argument passing are created or changed | `.mustflow/skills/powershell-code-change/SKILL.md` | PowerShell version and invocation path, parser layers, native-command boundary, dynamic input boundaries, changed files, and command contract entries | PowerShell scripts, modules, package scripts, CI snippets, docs examples, native-command wrappers, tests, and directly synchronized docs | parser-layer confusion, quote loss, variable over-expansion, metacharacter interpretation, native argv drift, command injection, `--%` overuse, or cross-shell `-Command` breakage | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | PowerShell version and invocation boundary, parser ledger, string/here-string/regex/wildcard/replacement/native argv decisions, verification, and remaining PowerShell risk |
|
|
569
|
-
| Go source, modules, workspaces, package APIs, package layout, `internal` boundaries, interfaces, structs, errors, goroutines, channels, context propagation, HTTP clients or servers, graceful shutdown, reverse proxies, JSON encoding, filesystem roots, network addresses, runtime limits, profiling, benchmarks, tools, tests, or generated-code boundaries are created or changed | `.mustflow/skills/go-code-change/SKILL.md` | Module files, workspace policy, Go version support, full package files, tests, public API surface, package ownership, concurrency owner, runtime/deployment context, changed files, and command contract entries | Go packages, module and workspace metadata, internal boundaries, interfaces, structs, errors, concurrency code, HTTP/shutdown/proxy code, JSON encoding, filesystem and network helpers, runtime settings, profiling and benchmarks, tests, tools, and docs examples | unnecessary abstraction, module boundary drift, unsupported Go feature, context loss, goroutine leak, missing timeout, unsafe shutdown, JSON contract drift, filesystem traversal, IPv6 host-port bug, runtime tuning drift, performance folklore, error contract drift, or dependency drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Package, API, module/workspace, Go version, context, concurrency, runtime, HTTP/shutdown, JSON, filesystem, profiling, tool, and error boundary checked, verification, and remaining Go risk |
|
|
577
|
+
| Go source, modules, workspaces, package APIs, package layout, `internal` boundaries, interfaces, structs, errors, goroutines, channels, context propagation, HTTP clients or servers, Gin engines, router groups, middleware chains, request binding, validation, graceful shutdown, reverse proxies, JSON encoding, filesystem roots, network addresses, runtime limits, profiling, benchmarks, tools, tests, or generated-code boundaries are created or changed | `.mustflow/skills/go-code-change/SKILL.md` | Module files, workspace policy, Go version support, full package files, tests, public API surface, package ownership, concurrency owner, runtime/deployment context, Gin or framework version and route/middleware/binding context, changed files, and command contract entries | Go packages, module and workspace metadata, internal boundaries, interfaces, structs, errors, concurrency code, HTTP/shutdown/proxy code, Gin route, middleware, context, binding and validation code, JSON encoding, filesystem and network helpers, runtime settings, profiling and benchmarks, tests, tools, and docs examples | unnecessary abstraction, module boundary drift, unsupported Go feature, context loss, goroutine leak, missing timeout, unsafe shutdown, Gin context reuse bug, unsafe middleware order, trusted-proxy drift, binding or validation bypass, body-size mistake, JSON contract drift, filesystem traversal, IPv6 host-port bug, runtime tuning drift, performance folklore, error contract drift, or dependency drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Package, API, module/workspace, Go version, context, concurrency, runtime, HTTP/shutdown, Gin route/middleware/context/binding, JSON, filesystem, profiling, tool, and error boundary checked, verification, and remaining Go risk |
|
|
570
578
|
| Rust source, Cargo metadata, features, traits, errors, ownership, borrowing, lifetimes, `Clone`, `Rc`, `Arc`, `Mutex`, `RefCell`, async tasks, channels, cancellation, unsafe code, allocation, zero-copy, tests, examples, benchmarks, release profiles, MSRV, toolchain declarations, standard-library APIs, or public crate APIs are created or changed | `.mustflow/skills/rust-code-change/SKILL.md` | Cargo metadata, feature flags, public exports, ownership map, error convention, async runtime, task and channel policy, unsafe invariants, allocation or benchmark evidence, `rust-version`, edition, toolchain, workspace policy, changed files, and command contract entries | Rust source, Cargo metadata, features, errors, traits, ownership signatures, async task/channel code, tests, examples, benchmarks, profiles, and docs | clone or shared-state aliasing, lifetime debt, error opacity, unsupported Rust feature, feature drift, Cargo resolver drift, async runtime mixing, task or channel leak, zero-copy retention bug, allocation folklore, unsafe invariant loss, release-profile overclaim, or public API breakage | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Ownership, MSRV, standard-library API, Cargo feature, error, async task/channel/cancellation, allocation, unsafe, release-profile, and public API boundary checked, verification, and remaining Rust risk |
|
|
571
579
|
| Axum apps, routers, handlers, extractors, state, extensions, middleware, Tower or Tower-HTTP layers, CORS, cookies, headers, WebSockets, body limits, rejections, error responses, Tokio tasks or locks, SQLx pools, or Rust HTTP API tests are created, changed, reviewed, or upgraded | `.mustflow/skills/axum-code-change/SKILL.md` | Cargo and Axum-related crate version evidence, router ledger, handler and extractor contracts, state and extension owners, middleware and Tower stack, response envelope, Tokio runtime, SQLx pool and transaction boundaries, changed files, and command contract entries | Axum routers, handlers, extractors, state, extensions, middleware, Tower layers, CORS/cookie/header policy, error and rejection mapping, Tokio task and lock boundaries, SQLx pool setup, tests, and docs examples | stale Axum version claim, route syntax migration drift, auth or body-consuming extractor bug, `State` versus `Extension` leak, inconsistent error envelope, fallible Tower error not mapped to response, CORS-as-auth mistake, cookie confidentiality gap, sensitive header logging, body-limit bypass, unbounded spawn, lock contention, pool starvation, or transaction lifetime leak | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Axum version, route, handler, extractor, state, response, Tower middleware, CORS/cookie/header/body-limit, Tokio task/lock, SQLx pool, verification, and remaining Axum risk |
|
|
572
580
|
| Godot projects, scenes, nodes, GDScript, C# scripts, Resources, Autoloads, signals, groups, save/load systems, rendering, physics, UI, input, exports, plugins, editor tools, or Godot version migrations are created, changed, reviewed, or upgraded | `.mustflow/skills/godot-code-change/SKILL.md` | Godot version, renderer, platform targets, project settings, input map, autoloads, addons, affected scenes, scripts, Resources, save/load participants, export presets, profiler evidence when performance is claimed, and command contract entries | Godot scenes, nodes, GDScript or C# scripts, Resources, Autoloads, signals, groups, save/load systems, rendering, physics, UI, input, exports, plugins, editor tools, tests, and docs examples | stale Godot version claim, scene-tree reach-through, global-state sprawl, shared Resource mutation, hidden signal flow, save corruption, thread-unsafe SceneTree access, renderer regression, target-device drift, export preset drift, or stale migration advice | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Godot version, renderer, scene, node, signal, Resource, Autoload, save/load, rendering, physics, UI, input, export, verification, and remaining Godot risk |
|
|
@@ -662,6 +670,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
662
670
|
| Frontend route, component, animation, scroll path, input path, list, table, chart, map, canvas, media slot, modal, drawer, hydration boundary, DOM read/write path, CSS selector, class toggle, CSS custom property, containment, content-visibility, virtualization, observer, event listener, requestAnimationFrame loop, long task, worker boundary, ResizeObserver path, runtime CSS injection, React memo boundary, context provider, deferred update, transition, or DevTools rendering trace needs frame-render-performance triage for INP, animation smoothness, scroll responsiveness, style recalculation, layout, paint, compositing, main-thread, or hydration risk | `.mustflow/skills/frame-render-performance-review/SKILL.md` | User goal, current diff or target files, interaction and frame ledger, DOM and layout ledger, style and CSS ledger, paint and compositing ledger, event and scheduling ledger, framework render ledger, rendering evidence or measurement gap, and configured command intents | DOM read/write batching, layout-affecting writes, transform/opacity animations, will-change scope, containment, content-visibility and contain-intrinsic-size, virtualization, selector simplification, state-class scope, CSS variable scope, media geometry reservation, native lazy loading, IntersectionObserver, passive listeners, overscroll-behavior, requestAnimationFrame scheduling, long-task chunking, worker and OffscreenCanvas boundaries, ResizeObserver, runtime CSS rule reduction, React prop and context stability, deferred and transition updates, hydration narrowing, focused tests, and directly synchronized docs or templates | forced synchronous layout, layout thrashing, width/height/top/left animation, stale will-change, missing containment, unsafe contain side effect, content-visibility scroll jump, offscreen chart or canvas work, oversized DOM, deep wrapper tree, expensive selector, body/html state blast, root CSS variable churn, unreserved media slot, LCP concern misrouted as frame fix, JS lazy loader overhead, scroll polling, non-passive wheel/touch handler, JS scroll lock, setTimeout frame clock, long task, main-thread heavy compute, canvas blocking input, resize measurement loop, runtime style injection, ineffective memo, broad context rerender, urgent heavy result render, full hydration INP cost, Lighthouse-score-only claim, or unmeasured rendering win | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frame render performance reviewed, interaction/DOM/style/layout/paint/compositing/event/framework map, findings, fixes or recommendation, measurement or static frame-risk evidence, verification, and remaining frame-render performance risk |
|
|
663
671
|
| UI motion, animation, transition, microinteraction, motion recipe, motion design system, CSS animation or transition, WAAPI, Framer Motion, GSAP, View Transition, hover, press, focus, drag, viewport entry, loading, async success, async failure, reduced motion, interruption, cancellation, settlement, timeline track, transform, opacity, filter, layout animation, or additive composition is planned, edited, reviewed, or reported | `.mustflow/skills/motion-system-contract-review/SKILL.md` | User goal, current diff or target files, motion slot, source and target roles, semantic event class, logical from-state and to-state, timeline tracks, interruption policy, settlement policy, reduced-motion policy, binding approach, async signal owner, evidence level, and configured command intents | Motion recipes, component motion props, CSS keyframes and transitions, animation lifecycle handlers, reduced-motion rules, state and signal policies, role/ref/slot/data binding, story fixtures, focused tests, and directly synchronized docs or templates | motion owns product state, false success or failure feedback, timer pretending to be a signal, missing from-state or to-state, same target and channel collision, unsupported additive composition, layout-channel animation, `animation-fill-mode` state lie, missing reduced motion, hover-only access, brittle selector binding, production animation failure blocking core action, or unverified visual proof | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Motion contract reviewed, state/event/track/interruption/settlement/reduced-motion/binding ledgers, async and collision findings, evidence level, verification, and remaining motion contract risk |
|
|
664
672
|
| Frontend component, route, store, query, form, router state, context provider, persisted store, external subscription, optimistic mutation, search/filter/pagination interaction, selected item, list key, or hydration path can duplicate, derive, overwrite, or race the same value across props, local state, server cache, URL params, form drafts, global app context, selectors, storage, or external stores | `.mustflow/skills/frontend-state-ownership-review/SKILL.md` | User goal, current diff or target files, framework and state-library signals, state owner ledger, state class map, synchronization surfaces, identity and collection surfaces, evidence level, and configured command intents | State owner cleanup, derived selectors, nearest-owner move, status or mode union, grouped action, selected ID lookup, query key dimensions, invalidation scope, request cancellation, optimistic rollback, URL-state routing, form draft reset, context split or memoization, persisted-state versioning, reset keys, external subscription wrapper, focused tests, and directly synchronized docs or templates | props-to-state drift, duplicated derived state, effect-derived one-render lag, contradictory booleans, partial grouped-state tear, selected object staleness, server data copied into global store, URL state fork, form draft overwrite, optimistic update without rollback, stale request overwrite, incomplete query key, broad invalidation, index-key local-state swap, raw setter sprawl, context value rerender storm, state too high or too low, non-serializable persisted store, hydration mismatch, unsafe external subscription snapshot, or unverified state owner | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend state surface reviewed, owner ledger and state class map, duplicate or derived state findings, query/URL/form/optimistic/race/context/persistence decisions, tests or evidence level, verification, and remaining state-ownership risk |
|
|
673
|
+
| Closed, completed, cleared, deleted, finalized, or dismissed UI state such as panels, tabs, route state, workspace layout, chat or streaming messages, drafts, task views, notifications, modals, drawers, or selected items reappears after reload, restart, reconnect, route remount, persisted-store rehydration, query-cache restore, service-worker cache restore, cross-tab broadcast, server or cloud sync, migration, crash recovery, or events such as `message.complete` | `.mustflow/skills/ui-state-resurrection-review/SKILL.md` | Symptom timeline, identity ledger, lifecycle truth fields, source ledger, finalize ledger, read and write paths, storage snapshots, hydration or replay paths, sync or migration evidence, and configured command intents | Finalize actions, provenance logs, identity keys, pending-command IDs, idempotency keys, lifecycle selectors, pending-write cancellation, persisted-state partialization, query-cache cleanup, tombstones, watermarks, generation IDs, hydration merge filters, stale replay rejection, server layout invalidation, sync conflict handling, migration defaults, focused tests, and directly synchronized docs or templates | render-layer scapegoat, stale persisted record regaining authority, active and finished stored as competing truths, delayed write after clear, blind hydration merge, pending command loss, missing idempotency key, `message.complete` as memory-only clear, missing tombstone, replay older than completion, stale HTTP snapshot, overbroad storage or query key, wrong user or workspace state reuse, cross-tab or cross-device stale overwrite, crash recovery outranking normal session, migration reopening closed state, broad storage wipe, or symptom-only hide flag | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | UI state resurrection reviewed, new-versus-restored verdict, storage/source ledger, lifecycle timeline, active/finished/pending projection decision, finalize/tombstone/watermark decisions, tests or reproduction evidence, verification, and remaining resurrection risk |
|
|
665
674
|
| Frontend UI, design system component, dashboard, form, card, list, table, chart, media slot, modal, drawer, toast, bottom CTA, portal, or responsive surface needs stress-layout review against hostile content, narrow parent containers, async media, skeletons, empty or error states, permission variants, scrollbars, mobile viewport and keyboard behavior, safe areas, line clamps, i18n or RTL, touch input, reduced motion, observer loops, portal edge placement, z-index layers, browser zoom, cascade layers, or reproducible break conditions | `.mustflow/skills/frontend-stress-layout-review/SKILL.md` | User goal, current diff or target files, framework and styling signals, stress fixture ledger, parent container ledger, geometry contract ledger, interaction and state ledger, evidence level, and configured command intents | Stress fixtures, stories, tests, parent-container-aware constraints, container queries, `min-width: 0`, `minmax(0, 1fr)`, `overflow-wrap: anywhere`, reserved media dimensions, `aspect-ratio`, skeleton geometry, empty and error states, permission variants, stable scroll containers, `scrollbar-gutter: stable`, mobile viewport and keyboard constraints, `safe-area-inset-*`, explicit `line-height`, logical properties, touch-accessible affordances, `prefers-reduced-motion`, observer scope, portal placement, z-index tokens, table and chart stress handling, zoom-safe geometry, cascade layer fixes, and directly synchronized docs or templates | happy-path fixture blindness, parent-width overflow, flex or grid min-content blowout, unbroken text overflow, async media or font layout shift, skeleton mismatch, collapsed empty state, error-state overlap, permission action wrapping, late `display: none` layout jump, scrollbar width wrap, fragile `100vh`, keyboard-covered CTA, unsafe-area overlap, line-clamp/action collision, localization or RTL breakage, hover-only control, layout-affecting hover or animation, ResizeObserver loop, clipped portal, z-index arms race, unusable wide table, chart zero-width mount, browser zoom clipping, CSS specificity loss, or vague non-reproducible visual complaint | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend stress layout reviewed, stress fixture and parent-container ledgers, reproducible break conditions, fixes or recommendation, evidence level, verification, and remaining stress-layout risk |
|
|
666
675
|
| Frontend UI, design-system component, form, dialog, menu, tab, combobox, custom select, table, card, media, icon button, image, toast, live update, drag interaction, focus style, keyboard handler, `onClick`, `role`, `tabIndex`, `aria-*`, `alt`, hidden content, visually hidden text, or automated accessibility claim needs accessibility-tree review for native semantics, accessible names, visible label consistency, keyboard navigation, focus order and return, forms, errors, status messages, ARIA references, icon or image alternatives, custom widget contracts, non-text contrast, target size, drag alternatives, or a11y evidence limits | `.mustflow/skills/frontend-accessibility-tree-review/SKILL.md` | User goal, current diff or target files, framework and component-library signals, semantic ledger, keyboard ledger, assistive-technology ledger, form ledger, interaction ledger, evidence level, and configured command intents | Native HTML element selection, button/link semantics, `href` cleanup, keyboard parity, tabindex cleanup, focus-visible styling, obscured focus fixes, dialog focus management, icon-only accessible names, visible-label-aligned names, `aria-labelledby` and `aria-describedby` id references, `aria-hidden` cleanup, SVG icon defaults, image `alt`, label and fieldset wiring, `aria-invalid`, error descriptions, submit-failure focus, live regions, ARIA pattern keyboard behavior, custom select constraints, non-text contrast, target-size fixes, drag alternatives, focused tests, accessibility snapshots, and directly synchronized docs or templates | ARIA costume over broken semantics, clickable div, fake link, `href="#"`, missing Enter or Space behavior, tabIndex sprawl, positive tabindex, invisible focus, focus hidden behind sticky layers, modal focus leak, unnamed icon button, visible text fighting `aria-label`, broken `aria-labelledby`, interactive child hidden by `aria-hidden`, duplicate SVG announcement, useless image alt, placeholder-only field, missing legend, color-only error, disconnected error text, submit failure silence, unannounced async status, menu or combobox keyboard mismatch, unnecessary custom select, offscreen focus trap, non-text contrast failure, tiny pointer target, drag-only operation, axe-only proof, or accessibility-tree evidence gap | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend accessibility tree reviewed, semantic/keyboard/focus/name/form/status/widget evidence, findings, fixes or recommendation, automated-evidence limits, verification, and remaining accessibility-tree risk |
|
|
667
676
|
| Frontend component library, design system package, UI kit, shared component package, token system, primitive layer, compound component, variant API, theming surface, Storybook or docs contract, package export, public CSS variable, data attribute, slot, ref target, controlled or uncontrolled component API, visual regression suite, codemod, SemVer policy, or breaking-change plan is created, changed, reviewed, or reported | `.mustflow/skills/frontend-component-library-review/SKILL.md` | User goal, target package or library, framework signals, consumer audience, current diff or target files, package API ledger, token ledger, primitive behavior ledger, component contract ledger, state contract ledger, variant and theming ledger, docs and test ledger, release ledger, and configured command intents | Package exports and deep-import policy, peer dependencies, side-effect CSS, token source and generated CSS variables or types, primitive focus and keyboard contracts, component props and slots, stable data attributes, CSS variable hooks, controlled and uncontrolled state pairs, semantic variant axes, impossible-combination guards, theme-axis separation, documented DOM ownership, Storybook stories as executable specs, type/export tests, role/name behavior tests, accessibility evidence, representative visual regression matrix, SSR and hydration checks, bundle checks, deprecation warnings, migration docs, codemods, changelog, route metadata, and directly synchronized templates | pretty-button pile, Figma-copy repo, raw hex or raw Figma token leak, token source and generated output drift, semantic token bypass, theme logic spread across components, primitive behavior gap, ARIA costume, app store or router coupling, mixed controlled and uncontrolled ownership, prop-list dump, impossible variant combo, unsafe `as` or `asChild`, `className` escape hatch as system policy, incidental DOM selector contract, undocumented deep import reliance, docs-as-gallery, props-table-only docs, snapshot-only tests, axe-only proof, visual matrix explosion, tree-shaking drag, missing codemod, SemVer underclassification, or unverified reusable-library claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Frontend component library reviewed, package API/token/primitive/component/state/variant/theme/docs/test/release ledgers, findings, fixes or recommendation, breaking-change and migration classification, evidence level, narrower skills used or deferred, verification, and remaining component-library contract risk |
|
|
@@ -690,6 +699,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
690
699
|
| Service boundaries, modular-monolith boundaries, bounded contexts, team ownership, data ownership, source-of-truth maps, event or queue boundaries, multi-tenant isolation, failure flows, independent deployment, operational recovery, disaster recovery, cost, toil, or large-scale architecture split decisions are designed, reviewed, or changed | `.mustflow/skills/service-boundary-architecture/SKILL.md` | Candidate domains, owners, data truth map, communication paths, shared database or cache coupling, failure flows, boundary proof ledger, idempotency, queue/retry/dead-letter behavior, cache consistency, tenant/auth/audit boundaries, observability, deployment, migration, retention, operations tools, and command contract entries | Architecture docs, decision records, context files, boundary source, API/event/queue/cache/read-model contracts, operational runbooks, tests, and directly synchronized docs or templates | noun-first service split, shared database coupling, unknown data owner, repeated cross-team co-change, independent-deploy theater, dependency cycle, happy-path-only design, retry storm, queue backlog with no owner, cache as accidental authority, tenant leak, command-like events, missing observability, unsafe migration, weak health probe, untested graceful shutdown, version incompatibility, untested restore or DR, or manual recovery without audit | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary checked, data owners, co-change/deploy/dependency proof, failure/idempotency/queue/cache/event notes, tenant/auth/retention/observability/deployment/health/recovery/cost/toil notes, verification, and remaining service-boundary risk |
|
|
691
700
|
| Multi-product platform, app factory, many-small-services architecture, shared account portal, Product Registry, shared auth, billing, credits, entitlements, admin console, deployment factory, analytics spine, logging, i18n, common UI, templates, or operations automation must support many product apps without per-service copy-paste | `.mustflow/skills/small-service-platform-architecture-review/SKILL.md` | User goal, target product count, product types, Product Registry ledger, identity ledger, money and access ledger, operations ledger, app factory ledger, observability and analytics ledger, shared product surface ledger, current diff or target files, and configured command intents | Product Registry, shared account portal, identity and organization model, billing catalog, entitlement service, credit ledger, usage meters, admin and support console, app generator, thin app shells, shared packages, CI/CD, deployment templates, analytics event schema, logging/tracing, notification, i18n, legal, consent, shared UI, file/job/integration services, feature flags, AI Gateway, license service, runbooks, tests, docs, route metadata, and directly synchronized templates | per-service auth or billing copy, Stripe or provider dashboard as only authority, missing Product Registry, plan-string feature gates, balance-only credits, no reservation lifecycle, direct database support surgery, template copy drift, no account portal, no first-value-created event, logs without app or tenant identity, missing webhook replay, missing backup or restore proof, product-specific privacy facts hidden in code, operations by memory, or unverified 100-service readiness claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Platform surface reviewed, Product Registry/identity/billing/credit/entitlement/admin/app-factory/deployment/analytics/observability/shared-surface/security/privacy/operations/phase ledgers, shared versus app-specific ownership decisions, specialist skills applied or deferred, evidence level, verification, and remaining small-service platform architecture risk |
|
|
692
701
|
| Code is being refactored, reorganized, renamed, deduplicated, simplified, or structurally improved while existing behavior should be preserved | `.mustflow/skills/behavior-preserving-refactor/SKILL.md` | Refactoring goal, target area, behavior evidence, local patterns, current changed files, and command contract entries | Small behavior-preserving refactor steps, related tests, and directly synchronized docs or contracts | hidden behavior change, broad cleanup, misleading abstraction, unsafe deduplication, or unverified legacy change | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Goal, behavior evidence, structural risks, refactoring ladder, changes made, excluded behavior changes, verification, and remaining risks |
|
|
702
|
+
| File-splitting, handler extraction, event-ownership relocation, state-mutation relocation, listener moves, route or middleware extraction, worker or consumer moves, or component split refactors need proof that old execution paths no longer handle the same responsibility | `.mustflow/skills/split-refactor-residual-path-review/SKILL.md` | Refactor claim, diff shape, residual keyword ledger, old and new entrypoints, event or state ownership ledger, feature-flag and fallback paths, lifecycle ledger, test ledger, and command contract entries | Old handlers, effects, subscriptions, dispatches, emits, mutations, imports, fallbacks, API calls, cache updates, analytics calls, cleanup code, real-entrypoint tests, duplicate-execution tests, lifecycle tests, ordering tests, and static boundary guards directly tied to the moved responsibility | partial extraction, old path still alive, duplicate listener, double dispatch, stale state overwrite, flag-off legacy path, new module not wired to real entrypoint, missing cleanup, order regression, overbroad boundary rule, or unit-test-only proof | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `test_audit`, `docs_validate_fast`, `test_release`, `mustflow_check` | Split refactor reviewed, moved responsibility, old versus new owner, residual path findings, event/state/side-effect/lifecycle/ordering evidence, tests or static guard, verification, and remaining residual-path risk |
|
|
693
703
|
| Class inheritance, base classes, abstract classes, template methods, protected state, mixins, framework subclasses, or subtype hierarchies are introduced, reviewed, or refactored, especially for behavior reuse or feature variants | `.mustflow/skills/composition-over-inheritance/SKILL.md` | Inheritance surface, reuse goal, change dimensions, local composition patterns, compatibility constraints, current changed files, and command contract entries | Classes, functions, role interfaces, policies, strategies, adapters, decorators, state machines, tests, wrappers, and directly synchronized docs or templates | fragile parent-child coupling, subclass explosion, broken substitutability, hidden protected state, over-composition, or untested behavior-preserving refactor | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Inheritance review, keep-or-replace decision, change dimensions, composition pattern, tests, verification, and remaining hierarchy risk |
|
|
694
704
|
| Multiple interchangeable algorithms, policies, calculations, scoring methods, sorting methods, recommendation methods, pricing rules, discount rules, shipping methods, payment methods, notification methods, permission policies, provider choices, feature-flag variants, or repeated branches choose how to do the same kind of work | `.mustflow/skills/strategy-pattern/SKILL.md` | Stable workflow, variants and shared purpose, current branch locations, common input and output shape, selection criteria, local Result, dependency injection, decorator, registry, and test patterns, current changed files, and command contract entries | Strategy function types, interfaces, concrete strategies, selectors, resolvers, registries, decorators, context wiring, tests, and directly synchronized docs or templates | over-abstracted small branch, wrong use-case grouping, context knowing concrete strategies, silent fallback, unsafe user-selected strategy, request-stateful strategy, strategy combination explosion, or untested selector behavior | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Strategy classification, shared contract, strategy registry, selector or resolver, default and unsupported-key behavior, tests, verification, and remaining strategy risk |
|
|
695
705
|
| State-changing user or system intents, command data objects, command handlers, command buses, payment, credit, point, inventory, entitlement, subscription, permission, document, prompt, AI budget reservation, agent loop execution, idempotency, authorization, transactions, outbox events, audit logs, retries, concurrency, long-running jobs, queue message contracts, provider intent records, HTTP work acceptance, core-state changes with auxiliary analytics, email, AI, search, statistics, cache rebuild, webhook follow-up, cron or worker execution, manual recovery, or external side effects need one traceable execution unit | `.mustflow/skills/command-pattern/SKILL.md` | User or system intent, source boundary, payload, actor and context, request/trace/correlation/causation/job/webhook identifiers, affected resources, core state to commit, auxiliary work to defer, acceptable delay or loss, work-acceptance response policy, queue contract, provider intent and recovery policy, local Result, repository, gateway, unit-of-work, outbox, job, idempotency, audit, retry, AI policy decision, agent caps, and test patterns | Command payloads, command context, handlers, command bus wiring when justified, idempotency, outbox, job records, provider intent records, audit, retry, transaction, ledger or action records, controller or worker adapters, auxiliary worker handoff, queue envelope and replay rules, AI policy decisions, tests, and directly synchronized docs or templates | command ceremony for reads, giant handler, hidden domain policy, unsafe duplicate side effect, transaction and external-call coupling, broken async traceability, auxiliary dependency blocking core state, missing durable job record, missing provider intent record, missing audit trail, retry without idempotency, unversioned queue message, one worker pool starving unrelated work, unwatched dead-letter state, unbounded AI agent loop, or untested command boundary | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Command classification, payload and context shape, request/trace/causation/job identifier choices, handler dependencies, domain delegation, core versus auxiliary split, transaction, ledger, outbox, job, provider intent, queue envelope, idempotency, retry, audit, concurrency, worker, dead-letter, manual replay, reconciliation, and AI policy choices, tests, verification, and remaining command safety risk |
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.go-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 7
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: go-code-change
|
|
9
|
-
description: Apply this skill when Go source, modules, workspaces, package APIs, package layout, internal boundaries, interfaces, structs, errors, goroutines, channels, context propagation, HTTP clients or servers, graceful shutdown, reverse proxies, JSON encoding, filesystem roots, network addresses, runtime limits, profiling, benchmarks, tests, tools, or generated code boundaries are created or changed.
|
|
9
|
+
description: Apply this skill when Go source, modules, workspaces, package APIs, package layout, internal boundaries, interfaces, structs, errors, goroutines, channels, context propagation, HTTP clients or servers, Gin engines, router groups, middleware chains, request binding, validation, recovery, access logging, CORS, cookies, trusted headers, graceful shutdown, reverse proxies, database/sql request integration, JSON encoding, filesystem roots, network addresses, runtime limits, profiling, benchmarks, tests, tools, or generated code boundaries are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -33,7 +33,7 @@ Preserve Go package, module, workspace, API, error, context, concurrency, runtim
|
|
|
33
33
|
<!-- mustflow-section: use-when -->
|
|
34
34
|
## Use When
|
|
35
35
|
|
|
36
|
-
- `.go`, `go.mod`, `go.sum`, `go.work`, build tags, generated code, public package API, tests, benchmarks, goroutines, channels, context propagation, HTTP clients or servers, graceful shutdown, reverse proxies, JSON encoding, filesystem access, network addresses, runtime tuning, profiling, tools, or module dependencies change.
|
|
36
|
+
- `.go`, `go.mod`, `go.sum`, `go.work`, build tags, generated code, public package API, tests, benchmarks, goroutines, channels, context propagation, HTTP clients or servers, Gin engines, router groups, middleware chains, request binding, validation, recovery, access logging, CORS, cookies, trusted headers, graceful shutdown, reverse proxies, database/sql request integration, JSON encoding, filesystem access, network addresses, runtime tuning, profiling, tools, or module dependencies change.
|
|
37
37
|
- The task touches interfaces, structs, zero-value behavior, error wrapping, package structure, `internal` boundaries, import direction, concurrency ownership, cancellation, timeout policy, memory limits, race-sensitive code, benchmark measurement, or module dependencies.
|
|
38
38
|
- Code or docs use Go-version-gated features such as expression operands to `new`, range-over-function iterators, generic type aliases, reflect iterators, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `T.ArtifactDir`, `B.ArtifactDir`, `F.ArtifactDir`, `testing/cryptotest.SetGlobalRandom`, `os.Root` or `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `go fix` modernizers, `encoding/json/v2`, experimental `GOEXPERIMENT` features, or newer runtime defaults.
|
|
39
39
|
|
|
@@ -51,6 +51,7 @@ Preserve Go package, module, workspace, API, error, context, concurrency, runtim
|
|
|
51
51
|
- The public API surface when exported identifiers, errors, or package paths change.
|
|
52
52
|
- Package ownership, import direction, `internal` visibility, module path, major-version suffix, workspace usage, and whether the project is an importable library, self-contained server, tool, or monorepo.
|
|
53
53
|
- Runtime and deployment context when the change touches HTTP, goroutines, timers, memory, `GOMAXPROCS`, cgroups, race detection, PGO, profiling, or container behavior.
|
|
54
|
+
- Gin or other Go HTTP framework context when relevant: framework version, minimum Go version, engine construction, route registration order, group creation order, middleware chain order, trusted proxy settings, recovery owner, logger query-string policy, route-pattern metric policy, CORS policy, cookie policy, trusted header boundary, context reuse boundaries, binding method, validator tags, body-size policy, upload limits, database call context, and response/error ownership.
|
|
54
55
|
- Minimum supported Go version, `go` directive, `toolchain` directive, `GOEXPERIMENT`, and whether the feature is stable, experimental, or repository-pinned.
|
|
55
56
|
- Configured verification intents.
|
|
56
57
|
|
|
@@ -60,7 +61,7 @@ Preserve Go package, module, workspace, API, error, context, concurrency, runtim
|
|
|
60
61
|
- Inspect the whole package before adding names or methods.
|
|
61
62
|
- Determine whether the change affects exported API, concurrency ownership, or dependency graph.
|
|
62
63
|
- Identify generated files and avoid direct edits unless explicitly requested.
|
|
63
|
-
- If a Go release, "latest Go", standard-library feature, runtime default, experimental package, or
|
|
64
|
+
- If a Go release, "latest Go", standard-library feature, runtime default, experimental package, toolchain claim, or Go framework version claim such as Gin release or minimum-Go support is written durably, use `version-freshness-check` with official Go, package registry, or framework-owned sources.
|
|
64
65
|
|
|
65
66
|
<!-- mustflow-section: allowed-edits -->
|
|
66
67
|
## Allowed Edits
|
|
@@ -112,6 +113,7 @@ Preserve Go package, module, workspace, API, error, context, concurrency, runtim
|
|
|
112
113
|
- do not rely on `err == sentinel` when callers may receive wrapped errors;
|
|
113
114
|
- do not expose dependency sentinel or typed errors through wrapping unless the package intentionally supports them as API;
|
|
114
115
|
- treat a change between observable wrapping and non-observable formatting as API-sensitive;
|
|
116
|
+
- keep public response messages separate from internal error causes. Do not return `err.Error()` to clients when the error may contain SQL, file paths, URLs, tokens, dependency details, or stack context;
|
|
115
117
|
- classify context cancellation, context deadlines, dependency timeouts, and domain failures at package boundaries instead of letting infrastructure errors leak upward unchanged;
|
|
116
118
|
- keep typed error pointer/value behavior consistent and avoid typed-nil errors behind an `error` interface;
|
|
117
119
|
- use `errors.Join` or multiple `%w` only when callers are expected to use `errors.Is` or `errors.As` rather than simple unwrap behavior;
|
|
@@ -159,45 +161,80 @@ Preserve Go package, module, workspace, API, error, context, concurrency, runtim
|
|
|
159
161
|
- reuse clients and transports instead of creating them per request;
|
|
160
162
|
- prefer reverse-proxy rewrite hooks over deprecated or unsafe director-style mutation when the supported Go version allows it;
|
|
161
163
|
- keep hop-by-hop header, forwarded-host, scheme, cancellation, streaming, and error-mapping behavior explicit.
|
|
162
|
-
15.
|
|
164
|
+
15. Check Gin and Go HTTP framework boundaries when relevant:
|
|
165
|
+
- prefer explicit production server construction around the framework engine; do not treat `Run`, `RunTLS`, or convenience helpers as graceful shutdown, timeout, or lifecycle policy;
|
|
166
|
+
- treat `gin.Default()` as a demo convenience unless local production policy really accepts its logger and recovery defaults; production paths usually need explicit request id, trace id, structured logging, panic reporting, security headers, timeout, metrics, and recovery ownership;
|
|
167
|
+
- centralize error response, access log, and metrics ownership. Handlers may classify failures, but one final responder should map typed errors to status, code, safe message, log level, retryability, and exposed details;
|
|
168
|
+
- use `c.Error` only when a later middleware owns normalization. Do not mix scattered `c.JSON(500, ...)`, `AbortWithError`, and a separate logger that reads a different error source;
|
|
169
|
+
- preserve `errors.Is` and `errors.As` across service and transport boundaries so domain failures, context deadlines, client cancellations, dependency timeouts, and programmer bugs stay distinguishable;
|
|
170
|
+
- use custom recovery when production needs panic id, request id, route pattern, user or tenant id, stack capture, error tracking, and a safe generic response. Recovery middleware does not catch panics in goroutines started by the handler;
|
|
171
|
+
- log structured request fields from a fixed schema such as request id, trace id, method, route pattern, status, latency, client IP, user or tenant id, error code, error kind, panic marker, and body size. Use `c.FullPath()` or an equivalent route pattern for logs and metrics, not raw high-cardinality paths;
|
|
172
|
+
- treat 4xx, validation, auth denial, not found, timeout, client cancellation, 5xx, dependency failure, and panic as different observability classes instead of logging every non-2xx as the same error;
|
|
173
|
+
- register middleware before the routes and child groups that must receive it. `group.Use()` and parent middleware added after route or child-group creation must not be assumed to retrofit existing handlers;
|
|
174
|
+
- review middleware order around `c.Next()`: before-next code wraps inbound work, after-next code observes completed downstream work, and response writers or transactions must be finalized in the right phase;
|
|
175
|
+
- after `Abort` or `AbortWithStatusJSON`, return from the current middleware or handler unless the remaining local code is intentionally safe to run;
|
|
176
|
+
- do not pass the original `*gin.Context` into goroutines, store it in structs, or keep it after the request. Extract immutable values and use `c.Request.Context()` only for work that should die with the request;
|
|
177
|
+
- treat `c.Copy()` as a shallow request-context snapshot, not a deep copy of request data, cancellation semantics, pointers, maps, slices, body bytes, or framework writer state;
|
|
178
|
+
- keep response writes in the original handler flow. Background work should report through channels, queues, or owned result stores rather than calling `c.JSON`, `c.Error`, `c.Abort`, `c.Writer`, `c.Query`, `c.PostForm`, or multipart parsing from another goroutine;
|
|
179
|
+
- forward `c.Request.Context()` to database, cache, RPC, outbound HTTP, and long-running work that should respect disconnects or timeouts; for work that must outlive the request, use a queue or an explicit detached lifecycle context with its own timeout and wait or retry policy;
|
|
180
|
+
- configure trusted proxies before relying on `ClientIP()` for rate limits, admin allowlists, geo policy, audit, or abuse controls; do not trust client-supplied forwarding headers by default, and treat `ClientIP()` as an auxiliary signal rather than authentication;
|
|
181
|
+
- when using trusted platform headers, require an outer network boundary that prevents direct origin-server access. Strip client-supplied identity, scheme, host, and forwarding headers at the edge before reinjecting trusted values;
|
|
182
|
+
- review CORS as browser response exposure, not API authentication. Parse and compare Origin by scheme, host, and port; avoid substring checks, origin reflection with credentials, wildcard assumptions for credentialed requests, missing `Vary: Origin`, and exposure of internal request or response headers;
|
|
183
|
+
- keep cookie policy explicit: narrow domain, `Secure`, `HttpOnly`, `SameSite`, `Path`, and host-only behavior for session cookies. Do not derive cookie `Secure` from `c.Request.TLS` when TLS terminates before the Go process;
|
|
184
|
+
- treat logger query-string handling as a privacy boundary. Avoid logging tokens, emails, OAuth codes, magic links, redirect parameters, search terms, or payment callback data from query strings;
|
|
185
|
+
- make route wildcard, escaped-path, raw-path, unescape, trailing-slash redirect, fixed-path redirect, and method-not-allowed behavior explicit when identifiers, file paths, signed URLs, or reverse proxies can change path meaning;
|
|
186
|
+
- use `ShouldBind` variants instead of `Bind` or `MustBind` when the endpoint owns JSON error shape, status code, validation response, logging, or security behavior;
|
|
187
|
+
- pick the binding source deliberately: URI params, query, headers, form, multipart, and JSON body should not all feed one domain model or permission object through a vague auto-binding path;
|
|
188
|
+
- use request DTOs with explicit `json`, `form`, `uri`, and `header` tags and `binding` validator tags. Do not bind directly into database, ORM, or domain models that contain server-owned fields such as owner, role, status, plan, hash, or tenant ids;
|
|
189
|
+
- distinguish field presence from zero values for booleans, numbers, and optional strings. Use pointers, presence types, or custom validators when `false`, `0`, or empty string can be a valid submitted value;
|
|
190
|
+
- reject or explicitly account for unknown JSON fields, duplicate keys, large numeric identifiers, and `map[string]any` float conversion when the endpoint makes money, identity, permission, or audit decisions;
|
|
191
|
+
- if request bodies are read by logging, HMAC, audit, or multiple bind passes, set a route-appropriate size limit first and restore or share the bytes deliberately. Treat `ShouldBindBodyWith` as whole-body memory retention, not a free parser cache;
|
|
192
|
+
- treat `MaxMultipartMemory` as a memory buffering threshold, not a full upload size limit. Enforce total request size, verify content, discard client filenames, and use server-owned storage names.
|
|
193
|
+
16. Check database integration from handlers when relevant:
|
|
194
|
+
- open `*sql.DB` once at process or application startup, inject the long-lived pool, and close it during shutdown, not per request;
|
|
195
|
+
- set `SetMaxOpenConns`, `SetMaxIdleConns`, `SetConnMaxLifetime`, and `SetConnMaxIdleTime` from database capacity, app instance count, and traffic shape instead of relying on unbounded defaults;
|
|
196
|
+
- pass request or operation context to `QueryContext`, `QueryRowContext`, `ExecContext`, `BeginTx`, and driver or ORM APIs that support it;
|
|
197
|
+
- close `Rows`, check `rows.Err()`, handle transaction commit and rollback paths explicitly, and keep query timeout, retry, and pool-wait observability visible;
|
|
198
|
+
- expose pool pressure through `DBStats` or local metrics when handler latency may be caused by connection waits rather than slow business code.
|
|
199
|
+
17. Keep JSON contracts honest:
|
|
163
200
|
- choose `omitempty` versus `omitzero` deliberately, especially for `time.Time`, numeric zero, boolean false, and optional fields;
|
|
164
201
|
- use `SetEscapeHTML(false)` only when the JSON is not embedded into HTML and callers expect raw `<`, `>`, or `&`;
|
|
165
202
|
- treat `encoding/json/v2` and `jsontext` as experimental unless the repository explicitly opts into the relevant experiment and migration tests.
|
|
166
|
-
|
|
203
|
+
18. Check filesystem and network address helpers:
|
|
167
204
|
- use traversal-resistant root APIs when accepting user-controlled relative paths and the supported Go version provides them;
|
|
168
205
|
- do not treat `filepath.Join` plus prefix checks as sufficient against symlinks and TOCTOU;
|
|
169
206
|
- prefer `net/netip` for comparable IP addresses and map keys when supported;
|
|
170
207
|
- use `net.JoinHostPort` instead of string formatting for host and port assembly so IPv6 works.
|
|
171
|
-
|
|
208
|
+
19. Check runtime and deployment behavior when relevant:
|
|
172
209
|
- set `GOMEMLIMIT` or `debug.SetMemoryLimit` before tuning `GOGC` for container memory pressure, leaving headroom for non-Go memory such as cgo, mmap, and the kernel;
|
|
173
210
|
- question manual `GOMAXPROCS` pins in containers on Go versions with container-aware defaults;
|
|
174
211
|
- use PGO only with representative profiles and keep `default.pgo` ownership clear;
|
|
175
212
|
- treat goroutine leak profiling, SIMD, JSON v2, and other experiments as opt-in evidence-gathering, not default production assumptions;
|
|
176
213
|
- remember that `-race` only finds races on executed paths and carries significant overhead.
|
|
177
|
-
|
|
214
|
+
20. For performance changes, measure before simplifying or optimizing:
|
|
178
215
|
- require profile or benchmark evidence before accepting a more complex hot-path change;
|
|
179
216
|
- inspect CPU, heap, allocation, goroutine, block, and mutex evidence according to the symptom instead of assuming CPU is the bottleneck;
|
|
180
217
|
- treat allocation reduction as GC-pressure reduction only when benchmark or profile evidence supports it;
|
|
181
218
|
- use escape-analysis findings to explain heap movement instead of assuming pointers are faster than values;
|
|
182
219
|
- use `sync.Pool` only for disposable temporary objects that may vanish at any time, not as a durable cache or lifecycle owner.
|
|
183
|
-
|
|
220
|
+
21. Keep tests and benchmarks deterministic:
|
|
184
221
|
- do not use elapsed real time to wait for goroutine progress; use explicit synchronization, owned lifecycle waits, fake time, `testing/synctest` when supported, or the repository's established concurrency test helper;
|
|
185
222
|
- prefer `testing.B.Loop` for new benchmarks when the supported Go version allows it, and keep setup, cleanup, allocation measurement, and compiler optimization boundaries honest;
|
|
186
223
|
- compare benchmark changes across repeated runs and include `B/op` and `allocs/op` when allocation behavior is part of the claim;
|
|
187
224
|
- use test artifact directories for files that should survive a test run only when the supported Go version and test invocation preserve artifacts; otherwise use the repository's existing temporary-file or golden-output policy;
|
|
188
225
|
- for deterministic crypto tests, prefer the standard cryptographic test hook when the supported Go version provides it instead of overriding global readers in production code paths.
|
|
189
|
-
|
|
226
|
+
22. Keep Go tools and modernization explicit:
|
|
190
227
|
- prefer the `tool` directive over `tools.go` pinning only when the repository's supported Go version allows it;
|
|
191
228
|
- use `go fix` modernizers as reviewed migrations, not silent drive-by rewrites;
|
|
192
229
|
- update code generators, schema generators, lint helpers, and reflection-heavy tooling for generic aliases, alias node behavior, and reflect iterator methods only with fixture coverage;
|
|
193
230
|
- prefer standard-library helpers such as `min`, `max`, `clear`, `slices`, `maps`, and `cmp` over new local utility packages when the supported Go version allows them.
|
|
194
|
-
|
|
231
|
+
23. If dependency metadata changes, keep module files and dependent tests synchronized:
|
|
195
232
|
- do not raise the `go` directive, add toolchain requirements, change module path, or introduce direct dependencies unless the task requires it and the final report calls out the support impact;
|
|
196
233
|
- treat `go.sum` as checksum evidence, not a package lockfile and not disposable noise;
|
|
197
234
|
- treat `replace`, especially local-path `replace`, as temporary main-module or workspace-only wiring unless the repository documents a release plan for it;
|
|
198
235
|
- verify vendor output is regenerated by a configured intent when vendoring is part of the repository contract;
|
|
199
236
|
- check private module settings before adding private import paths so module names do not leak through public proxy or checksum lookups.
|
|
200
|
-
|
|
237
|
+
24. Choose configured verification intents that cover formatting, tests, race-sensitive behavior, lint, API drift, module drift, docs, and release metadata when available.
|
|
201
238
|
|
|
202
239
|
<!-- mustflow-section: postconditions -->
|
|
203
240
|
## Postconditions
|
|
@@ -205,7 +242,7 @@ Preserve Go package, module, workspace, API, error, context, concurrency, runtim
|
|
|
205
242
|
- Package ownership and exported API impact are clear.
|
|
206
243
|
- Context, goroutine, channel, and error ownership are explicit.
|
|
207
244
|
- Go-version-gated syntax, standard-library APIs, runtime defaults, experiments, and module metadata are compatible with the repository's supported Go version.
|
|
208
|
-
- HTTP timeout, graceful shutdown, proxy, JSON, filesystem, network address, runtime, profiling, test-time, benchmark, and tool decisions are explicit where touched.
|
|
245
|
+
- HTTP timeout, graceful shutdown, proxy, Gin route and middleware order, error response ownership, recovery, access logging, CORS, cookie, trusted header, Gin context lifetime, binding, validation, database integration, JSON, filesystem, network address, runtime, profiling, test-time, benchmark, and tool decisions are explicit where touched.
|
|
209
246
|
- Tests cover the changed behavior without sleeps as synchronization.
|
|
210
247
|
- Module drift is reported when dependency verification cannot run.
|
|
211
248
|
|
|
@@ -233,7 +270,7 @@ For concurrency-sensitive changes, report whether a configured race or equivalen
|
|
|
233
270
|
- If an iterator function ignores `yield` returning false, a pull iterator omits `stop`, or a channel is replaced by an iterator while concurrency or backpressure remains required, restore the ownership contract before accepting the change.
|
|
234
271
|
- If a goroutine has no owner, stop condition, wait path, cancellation path, or error path, do not add it.
|
|
235
272
|
- If a newer Go feature is useful but the repository's `go` directive or CI matrix is lower, keep a fallback, defer the change, or report the required version bump instead of sneaking in the feature.
|
|
236
|
-
- If HTTP clients, servers, or
|
|
273
|
+
- If HTTP clients, servers, proxies, or Gin handlers have no timeout, cancellation, trusted-proxy, error response owner, recovery owner, log schema, CORS, cookie, trusted-header, context-lifetime, binding-source, body-size, database context, or middleware-order boundary, stop and make the missing policy explicit before calling the path production-ready.
|
|
237
274
|
- If JSON tag changes alter omitted fields, zero values, HTML escaping, or experimental JSON behavior, treat the change as an API contract risk.
|
|
238
275
|
- If a public error stops satisfying documented `errors.Is` or `errors.As` checks, restore the contract or report the breaking-change requirement.
|
|
239
276
|
- If wrapping would expose a dependency error as public API, keep the dependency error internal or document the intentional contract.
|
|
@@ -245,7 +282,7 @@ For concurrency-sensitive changes, report whether a configured race or equivalen
|
|
|
245
282
|
- Boundary checked
|
|
246
283
|
- Package and API impact
|
|
247
284
|
- Context/concurrency/error notes
|
|
248
|
-
- Go version, module/workspace, runtime, HTTP/shutdown, JSON, filesystem, profiling, benchmark, and tool notes when relevant
|
|
285
|
+
- Go version, module/workspace, runtime, HTTP/shutdown, Gin route/middleware/error/recovery/logging/CORS/cookie/context/binding, database, JSON, filesystem, profiling, benchmark, and tool notes when relevant
|
|
249
286
|
- Files changed
|
|
250
287
|
- Command intents run
|
|
251
288
|
- Skipped checks and reasons
|
|
@@ -36,6 +36,12 @@ route_type = "primary"
|
|
|
36
36
|
priority = 40
|
|
37
37
|
applies_to_reasons = ["code_change", "behavior_change"]
|
|
38
38
|
|
|
39
|
+
[routes."split-refactor-residual-path-review"]
|
|
40
|
+
category = "architecture_patterns"
|
|
41
|
+
route_type = "adjunct"
|
|
42
|
+
priority = 79
|
|
43
|
+
applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "public_api_change", "performance_change", "ui_change", "data_change"]
|
|
44
|
+
|
|
39
45
|
[routes."composition-over-inheritance"]
|
|
40
46
|
category = "architecture_patterns"
|
|
41
47
|
route_type = "primary"
|
|
@@ -990,6 +996,12 @@ route_type = "adjunct"
|
|
|
990
996
|
priority = 80
|
|
991
997
|
applies_to_reasons = ["ui_change", "behavior_change", "code_change", "performance_change", "data_change", "test_change", "public_api_change"]
|
|
992
998
|
|
|
999
|
+
[routes."ui-state-resurrection-review"]
|
|
1000
|
+
category = "ui_assets"
|
|
1001
|
+
route_type = "adjunct"
|
|
1002
|
+
priority = 83
|
|
1003
|
+
applies_to_reasons = ["unknown_change", "ui_change", "behavior_change", "code_change", "performance_change", "data_change", "test_change", "public_api_change", "docs_change", "package_metadata_change", "release_risk"]
|
|
1004
|
+
|
|
993
1005
|
[routes."frontend-stress-layout-review"]
|
|
994
1006
|
category = "ui_assets"
|
|
995
1007
|
route_type = "adjunct"
|
package/templates/default/locales/en/.mustflow/skills/split-refactor-residual-path-review/SKILL.md
ADDED
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.split-refactor-residual-path-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: split-refactor-residual-path-review
|
|
9
|
+
description: Apply this skill when a refactor splits files, extracts handlers, moves event ownership, relocates state mutations, or claims a responsibility moved, and the review must prove old execution paths, listeners, effects, dispatches, imports, feature-flag fallbacks, tests, and lifecycle cleanup no longer keep the previous behavior alive.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.split-refactor-residual-path-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- test_audit
|
|
23
|
+
- docs_validate_fast
|
|
24
|
+
- test_release
|
|
25
|
+
- mustflow_check
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
# Split Refactor Residual Path Review
|
|
29
|
+
|
|
30
|
+
<!-- mustflow-section: purpose -->
|
|
31
|
+
## Purpose
|
|
32
|
+
|
|
33
|
+
Review file-splitting and responsibility-moving refactors by proving the old path lost authority.
|
|
34
|
+
|
|
35
|
+
The main question is not "was a nicer new module added?" It is "can the old file, handler, listener, effect, dispatch, mutation, route, middleware, consumer, or fallback still process the same event or state change?"
|
|
36
|
+
|
|
37
|
+
<!-- mustflow-section: use-when -->
|
|
38
|
+
## Use When
|
|
39
|
+
|
|
40
|
+
- A PR or local diff splits a file, extracts a component, handler, reducer, service, route, listener, worker, middleware, controller, or event processor.
|
|
41
|
+
- A responsibility is claimed to move from one owner to another, especially event receive, event interpretation, state mutation, side effect, API request, cache update, analytics emission, or cleanup ownership.
|
|
42
|
+
- A previous bug may reappear because old conditions, callbacks, effects, subscriptions, imports, feature flags, fallbacks, or tests still exercise the old path.
|
|
43
|
+
- Review needs to distinguish a true move from code duplication, partial extraction, or a new module that is not connected to the real entrypoint.
|
|
44
|
+
|
|
45
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
46
|
+
## Do Not Use When
|
|
47
|
+
|
|
48
|
+
- The task is a broad behavior-preserving refactor with no file split, handler relocation, state mutation relocation, or old-path risk; use `behavior-preserving-refactor`.
|
|
49
|
+
- The main concern is general module ownership, import direction, DTO leakage, or policy owner placement; use `module-boundary-review`.
|
|
50
|
+
- The task only asks for changed-file risk classification and verification selection; use `diff-risk-review`.
|
|
51
|
+
- The change is a pure rename or formatting-only move with no runtime entrypoint, listener, state, side effect, feature flag, or test routing impact.
|
|
52
|
+
|
|
53
|
+
<!-- mustflow-section: required-inputs -->
|
|
54
|
+
## Required Inputs
|
|
55
|
+
|
|
56
|
+
- Refactor claim: what responsibility moved, from where, to where, and what behavior should remain unchanged.
|
|
57
|
+
- Current diff shape: added files, deleted lines, moved code, old files that remain, imports changed, and tests changed.
|
|
58
|
+
- Residual keyword ledger: old bug keywords, event names, action types, handler names, API calls, state field names, feature flag names, selector names, cache keys, analytics names, route names, job names, and middleware names.
|
|
59
|
+
- Entry and ownership ledger: event receiver, interpreter, state mutator, side-effect owner, external request owner, cleanup owner, and public entrypoints before and after the split.
|
|
60
|
+
- Lifecycle ledger: mount, unmount, remount, route change, modal close, tab switch, reconnect, retry, worker restart, consumer rebalance, or job replay behavior when relevant.
|
|
61
|
+
- Test ledger: existing regression tests, new module unit tests, real-entrypoint integration tests, duplicate-execution tests, cleanup tests, ordering tests, and static boundary rules.
|
|
62
|
+
|
|
63
|
+
<!-- mustflow-section: preconditions -->
|
|
64
|
+
## Preconditions
|
|
65
|
+
|
|
66
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
67
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
68
|
+
- Existing local patterns for file moves, handler ownership, event routing, state mutations, lifecycle cleanup, feature flags, and tests have been searched before recommending a new pattern.
|
|
69
|
+
- If the residual path affects payments, auth, notifications, persistence, cache truth, concurrency, or UI resurrection, also apply the narrower matching skill for that boundary.
|
|
70
|
+
|
|
71
|
+
<!-- mustflow-section: allowed-edits -->
|
|
72
|
+
## Allowed Edits
|
|
73
|
+
|
|
74
|
+
- Remove old handlers, conditions, effects, subscriptions, dispatches, emits, mutations, imports, fallback branches, direct API calls, cache updates, analytics calls, or cleanup logic that still own the moved responsibility.
|
|
75
|
+
- Convert the old owner into a pure adapter, delegator, or view when the new owner should interpret and mutate state.
|
|
76
|
+
- Add or tighten boundary guards such as import restrictions, module boundary rules, lint rules, dependency rules, or package exports that prevent the old owner from importing moved event types or handlers.
|
|
77
|
+
- Add focused tests for real entrypoint routing, old-path non-execution, single execution, lifecycle cleanup, ordering, feature-flag fallbacks, and regression scenarios tied to the moved responsibility.
|
|
78
|
+
- Do not keep duplicate old and new paths "for safety" unless the product contract explicitly requires parallel behavior and the diff names the compatibility sunset.
|
|
79
|
+
|
|
80
|
+
<!-- mustflow-section: procedure -->
|
|
81
|
+
## Procedure
|
|
82
|
+
|
|
83
|
+
1. Start with the diff shape.
|
|
84
|
+
- Compare added files with deleted old responsibility.
|
|
85
|
+
- Treat a refactor that mostly adds new code while barely deleting old conditions, effects, handlers, cleanup, or side effects as suspected duplication.
|
|
86
|
+
- Separate mechanical moves from semantic changes before judging correctness.
|
|
87
|
+
2. Name the moved responsibility.
|
|
88
|
+
- State exactly what moved: receive event, interpret event, update state, perform external request, emit analytics, update cache, route command, validate input, cleanup listener, or publish event.
|
|
89
|
+
- If the responsibility cannot be named, use `behavior-preserving-refactor` or `module-boundary-review` before editing.
|
|
90
|
+
3. Search residual paths.
|
|
91
|
+
- Search old bug keywords, event names, action types, handler names, API calls, state fields, feature flags, selectors, cache keys, analytics names, route names, job names, middleware names, and callback names.
|
|
92
|
+
- Inspect neighborhoods around `onClick`, `onChange`, `addEventListener`, `subscribe`, `dispatch`, `emit`, `useEffect`, `watch`, `listener`, `handler`, `middleware`, `controller`, `route`, `consumer`, `job`, and `callback`.
|
|
93
|
+
- Treat old imports of moved event types, handlers, mutation helpers, or state fields as evidence that the move may be incomplete.
|
|
94
|
+
4. Check single ownership of the event path.
|
|
95
|
+
- The old location may pass data through or render output, but it should not still decide what the event means.
|
|
96
|
+
- Event receiving, event interpretation, state mutation, and external side effects should not be split halfway between old and new owners unless a named compatibility adapter explains why.
|
|
97
|
+
- If both old and new owners listen to the same event, identify whether one is dead, delegated, compatibility-only, or a duplicate-execution bug.
|
|
98
|
+
5. Trace state mutation authority.
|
|
99
|
+
- Follow reducers, store mutations, local setters, optimistic updates, query-cache writes, form sync, repository writes, job state, and side-effect acknowledgements.
|
|
100
|
+
- Reject designs where the new owner changes state and the old owner later recomputes, overwrites, or replays the old value.
|
|
101
|
+
6. Check feature flags and fallback paths.
|
|
102
|
+
- Review flag on, flag off, legacy mode, mobile, SSR, permission-denied, empty data, error retry, offline, reconnect, old route, and tenant or partner branches.
|
|
103
|
+
- All supported branches should route the responsibility to the same owner, or the diff should explicitly classify the divergence.
|
|
104
|
+
7. Check dependency direction.
|
|
105
|
+
- A new event owner should not import old UI internals, container-only constants, private helpers, or test-only wiring from the old location.
|
|
106
|
+
- Move stable contracts to a shared domain, type, adapter, or public module surface only when that reduces ownership ambiguity.
|
|
107
|
+
8. Review tests for real routing, not only new module correctness.
|
|
108
|
+
- A unit test that calls the new module directly is not enough when the real user or system event may still enter the old path.
|
|
109
|
+
- Prefer tests where the real click, route, message, API request, worker event, queue message, or dispatch enters the app and reaches the new owner.
|
|
110
|
+
- Keep or add the old bug reproduction as a regression guard when the refactor is meant to prevent recurrence.
|
|
111
|
+
9. Add duplicate-execution tests when side effects matter.
|
|
112
|
+
- Assert one click, request, dispatch, event, analytics call, notification, charge, save, cache update, or job replay is handled once.
|
|
113
|
+
- Check counts, idempotency keys, emitted events, persistence writes, and external calls rather than only final visible state.
|
|
114
|
+
10. Add lifecycle and cleanup evidence.
|
|
115
|
+
- Test or inspect mount, unmount, remount, route change, modal close, tab switch, reconnect, consumer restart, and job replay when listeners or subscriptions moved.
|
|
116
|
+
- Ensure the subscription and cleanup moved together; a split subscription and old cleanup is usually unstable.
|
|
117
|
+
11. Check ordering.
|
|
118
|
+
- Preserve important sequences such as validate, normalize, update, persist, notify, cleanup, ack, and publish.
|
|
119
|
+
- If swapping two steps would break correctness, encode that sequence in one owner or a test that observes the ordering.
|
|
120
|
+
12. Add structural guardrails when the old path is easy to reintroduce.
|
|
121
|
+
- Prefer `no-restricted-imports`, dependency-cruiser, module boundary rules, package exports, or local lint rules over a comment that asks humans to remember.
|
|
122
|
+
- Guard only the moved responsibility; do not create broad architecture rules unrelated to the current refactor.
|
|
123
|
+
13. Decide the outcome.
|
|
124
|
+
- If old and new paths both execute, fix the residual path when in scope.
|
|
125
|
+
- If the residual path is intentional compatibility, document the sunset and tests.
|
|
126
|
+
- If evidence is insufficient, report the missing entrypoint, lifecycle, flag, ordering, or static-boundary proof.
|
|
127
|
+
|
|
128
|
+
<!-- mustflow-section: postconditions -->
|
|
129
|
+
## Postconditions
|
|
130
|
+
|
|
131
|
+
- The old location either no longer owns the moved responsibility, is a pure delegator, or has a documented compatibility role.
|
|
132
|
+
- Real entrypoints route through the new owner.
|
|
133
|
+
- Duplicate listeners, dispatches, state mutations, external requests, cache writes, analytics calls, and cleanup ownership are removed or reported.
|
|
134
|
+
- Feature flags, fallback branches, lifecycle cleanup, ordering, and tests prove the old path cannot silently revive the previous behavior.
|
|
135
|
+
|
|
136
|
+
<!-- mustflow-section: verification -->
|
|
137
|
+
## Verification
|
|
138
|
+
|
|
139
|
+
Use configured oneshot command intents when available:
|
|
140
|
+
|
|
141
|
+
- `changes_status`
|
|
142
|
+
- `changes_diff_summary`
|
|
143
|
+
- `lint`
|
|
144
|
+
- `build`
|
|
145
|
+
- `test_related`
|
|
146
|
+
- `test`
|
|
147
|
+
- `test_audit`
|
|
148
|
+
- `docs_validate_fast`
|
|
149
|
+
- `test_release`
|
|
150
|
+
- `mustflow_check`
|
|
151
|
+
|
|
152
|
+
Use the narrowest configured test, lint, build, docs, release, or mustflow intent that covers the moved responsibility, static boundary guard, template surface, or public contract.
|
|
153
|
+
|
|
154
|
+
<!-- mustflow-section: failure-handling -->
|
|
155
|
+
## Failure Handling
|
|
156
|
+
|
|
157
|
+
- If the old responsibility cannot be located, stop and report the missing residual keyword, entrypoint, or ownership evidence.
|
|
158
|
+
- If tests only call the new module directly, report the real-entrypoint gap before claiming the refactor prevents regression.
|
|
159
|
+
- If removing the old path changes behavior, split the work into a behavior-preserving refactor and a separate behavior change or bug fix.
|
|
160
|
+
- If a boundary rule would block valid callers, narrow the rule to the moved responsibility instead of weakening the review.
|
|
161
|
+
- If a configured command fails, preserve the failing intent and use `failure-triage` before unrelated edits.
|
|
162
|
+
|
|
163
|
+
<!-- mustflow-section: output-format -->
|
|
164
|
+
## Output Format
|
|
165
|
+
|
|
166
|
+
- Split refactor surface reviewed
|
|
167
|
+
- Moved responsibility and old versus new owner
|
|
168
|
+
- Diff-shape evidence: additions, deletions, moved code, old imports, and old conditions
|
|
169
|
+
- Residual path search terms and findings
|
|
170
|
+
- Event, state mutation, side-effect, feature-flag, lifecycle, cleanup, and ordering evidence
|
|
171
|
+
- Tests added, updated, missing, or intentionally deferred
|
|
172
|
+
- Static boundary guard added or intentionally avoided
|
|
173
|
+
- Fixes made or recommendation
|
|
174
|
+
- Command intents run
|
|
175
|
+
- Skipped checks and reasons
|
|
176
|
+
- Remaining residual-path risk
|
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.ui-state-resurrection-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 3
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: ui-state-resurrection-review
|
|
9
|
+
description: Apply this skill when frontend, desktop, mobile, chat, streaming, workspace, panel, tab, route, runtime, terminal, or session UI state that should be closed, completed, cleared, finalized, restarted, or deleted reappears after reload, restart, reconnect, route remount, SSR hydration, persisted-store rehydration, query-cache restore, service-worker cache restore, cloud sync, cross-tab broadcast, migration, crash recovery, or events such as message.complete, terminal-error, or old-generation stream replay; use it to prove whether the UI is rendering new state or resurrecting old persisted state.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.ui-state-resurrection-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# UI State Resurrection Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Debug resurrected UI state by tracing state provenance, persistence, hydration, and finalization before blaming rendering.
|
|
33
|
+
|
|
34
|
+
The core question is: "Is this panel, message, tab, route, task view, or draft newly created, or did an old stored record regain authority?" If restart, reload, reconnect, or hydration brings back the same ID, title, position, selected tab, message run, or collapsed state, treat it as a stored-state resurrection until evidence proves otherwise.
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- A completed, closed, cleared, deleted, finalized, or dismissed UI surface reappears after app restart, browser reload, reconnect, route remount, tab focus, provider remount, workspace switch, user switch, tenant switch, schema migration, crash recovery, or cloud sync.
|
|
40
|
+
- A chat, copilot, streaming response, draft response, task panel, workspace panel, active tab, sidebar item, layout slot, notification, toast, inbox item, modal, drawer, form draft, selected item, or route state returns after `message.complete`, finish, submit, close, clear, delete, archive, or done.
|
|
41
|
+
- A streaming session mixes message lifecycle, runtime health, terminal health, restart state, hydration, persistence, or old-generation events through flat flags such as `isDone`, `isLoading`, `hasError`, or one handler that mutates both UI state and durable session storage.
|
|
42
|
+
- Local or remote state sources may include memory stores, React Query, SWR, Apollo, Redux Persist, Zustand persist, Pinia, router loaders, SSR bootstrap data, localStorage, sessionStorage, IndexedDB, CacheStorage, service worker cache, BroadcastChannel, desktop user-data SQLite, JSON, LevelDB, preferences, workspace-state files, mobile shared preferences, mobile SQLite, restore state, server workspace layout, user session state, or cloud sync.
|
|
43
|
+
- The symptom is being described as a render bug, component bug, memoization issue, or CSS issue, but the same identity or old timestamp survives a restart, reload, hydration, or sync boundary.
|
|
44
|
+
|
|
45
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
46
|
+
## Do Not Use When
|
|
47
|
+
|
|
48
|
+
- The UI is wrong only within one live render pass and no reload, restart, hydration, persistence, cache restore, replay, sync, or remount boundary is involved; use `frontend-state-ownership-review`, `frontend-render-stability`, or a framework-specific frontend skill first.
|
|
49
|
+
- The task only reviews cache key correctness outside UI restoration; use `cache-integrity-review`.
|
|
50
|
+
- The task only reviews generic async races without persisted or restored state; use `async-timing-boundary-review` or `race-condition-review`.
|
|
51
|
+
- The task only reviews deletion lifecycle for domain data, database rows, or server records rather than UI/session restore state; use `deletion-lifecycle-review` or the relevant database skill.
|
|
52
|
+
- The state is intentionally restored by an explicit product contract and the task is only to polish copy, layout, or accessibility.
|
|
53
|
+
|
|
54
|
+
<!-- mustflow-section: required-inputs -->
|
|
55
|
+
## Required Inputs
|
|
56
|
+
|
|
57
|
+
- Symptom timeline: before action, during action, completion or close moment, before shutdown or reload, after restart or reload, after reconnect or sync, and whether the same identity returns.
|
|
58
|
+
- Identity ledger: user ID, workspace or tenant ID, route params, conversation ID, message ID, logical ID, instance ID, run ID, submission ID, stream ID, panel ID, tab key, task ID, event ID, event sequence, cursor, server version, message version, schema version, pending command ID, idempotency key, tombstone version, and process start time where relevant.
|
|
59
|
+
- Source ledger: memory store, query cache, router state, URL state, persisted store, browser storage, service worker cache, desktop user-data files, mobile storage, server layout, cloud sync, crash recovery, migration, and cross-tab or cross-device channels.
|
|
60
|
+
- Finalize ledger: close, clear, complete, delete, submit, archive, done, `message.complete`, or equivalent action; memory clear, persisted clear, query-cache update, pending write cancellation, hydration abort, server invalidation, tombstone or watermark write, and sync conflict policy.
|
|
61
|
+
- Streaming ownership ledger: gateway or listener, envelope validator, event handler or processor, reducer or state machine, UI selector, persistence writer, hydration guard, cleanup owner, runtime generation owner, ack policy, and replay or resync policy.
|
|
62
|
+
- Runtime health ledger: message status, terminal status, session health, restart-required state, runtime ID, generation ID, old-generation event rejection, terminal error archive, transcript retention, and active-runtime cleanup.
|
|
63
|
+
- Read and write paths: store actions, reducers, selectors, query cache writes, persistence middleware, storage reads and writes, hydration callbacks, route loaders, app init effects, WebSocket or event replay handlers, HTTP refetch handlers, BroadcastChannel handlers, migrations, and save-last-session code.
|
|
64
|
+
- Test or reproduction surface: delayed persist write, delayed HTTP snapshot, reconnect replay, route remount, store recreation, app restart, clean profile, copied app-data folder, cross-tab broadcast, cross-device sync, and schema migration where relevant.
|
|
65
|
+
|
|
66
|
+
<!-- mustflow-section: preconditions -->
|
|
67
|
+
## Preconditions
|
|
68
|
+
|
|
69
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
70
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
71
|
+
- Existing local patterns for persistence, hydration, cache restore, session restore, crash recovery, cross-tab sync, and server-side layout storage have been searched before adding another cleanup effect.
|
|
72
|
+
- If the resurrected state affects auth, tenant isolation, privacy, payment, deletion, or server data correctness, also apply the narrower security, payment, deletion, database, or cache skill for that boundary.
|
|
73
|
+
|
|
74
|
+
<!-- mustflow-section: allowed-edits -->
|
|
75
|
+
## Allowed Edits
|
|
76
|
+
|
|
77
|
+
- Add source labels, identity keys, timestamps, versions, event sequences, debug logs, and bounded instrumentation that prove which path wrote or read the resurrected value.
|
|
78
|
+
- Convert close, clear, complete, delete, archive, or done handlers into a single finalize action when state must be cleared across memory, persisted storage, query cache, inflight hydration, pending writes, server snapshots, and sync surfaces.
|
|
79
|
+
- Add tombstones, watermarks, generation IDs, abort tokens, schema migrations, identity guards, persisted-state partialization, merge filters, and stale-payload rejection for completed or cleared UI state.
|
|
80
|
+
- Split ephemeral in-progress state from committed history or durable layout state so a restored snapshot cannot recreate a completed run, closed panel, or cleared draft.
|
|
81
|
+
- Replace authoritative `active` and `finished` stores with selectors over one lifecycle truth when both lists can drift, duplicate, or resurrect the same item.
|
|
82
|
+
- Add lifecycle fields such as `logicalId`, `instanceId`, `status`, `version`, `eventCursor`, `pendingCommandId`, `idempotencyKey`, and `tombstone` when provenance shows projections are being stored as truth.
|
|
83
|
+
- Split streaming gateway, event handler, state store, persistence writer, hydration guard, and cleanup into explicit owners when one handler mutates UI state, session state, and durable storage.
|
|
84
|
+
- Add append-only event logs, snapshots, high-watermarks, durable-write acknowledgements, runtime or generation IDs, buffered hydration queues, and old-generation event rejection when streaming replay can cross restart or hydration boundaries.
|
|
85
|
+
- Add focused tests for delayed writes after finalize, stale HTTP snapshots, reconnect replay, route remount, cross-tab stale broadcasts, cross-device sync overwrite, crash recovery priority, migration defaulting, `message.complete` versus `terminal-error`, restart generation changes, and stale old-generation stream events.
|
|
86
|
+
- Do not fix resurrection by adding another render-time hide flag, CSS rule, duplicate cleanup effect, broad storage wipe, global cache clear, or product-state deletion unless provenance proves that scope is correct.
|
|
87
|
+
|
|
88
|
+
<!-- mustflow-section: procedure -->
|
|
89
|
+
## Procedure
|
|
90
|
+
|
|
91
|
+
1. Prove whether the UI is new or restored.
|
|
92
|
+
- Compare IDs, route params, tab keys, titles, positions, collapsed state, selected tab, task IDs, message IDs, run IDs, timestamps, and schema versions before and after restart, reload, remount, reconnect, or sync.
|
|
93
|
+
- If the same old identity returns after memory should be gone, prioritize persistence, hydration, replay, sync, migration, or crash recovery over rendering.
|
|
94
|
+
2. Snapshot every storage layer around the lifecycle.
|
|
95
|
+
- Capture state before the user action, during in-progress work, immediately after completion or close, before shutdown or reload, and immediately after restart or hydration.
|
|
96
|
+
- For web apps, inspect localStorage, sessionStorage, IndexedDB, CacheStorage, service worker cache, persisted query caches, and SSR bootstrap payloads.
|
|
97
|
+
- For desktop apps, inspect user-data SQLite, JSON, LevelDB, preferences, workspace-state files, crash recovery files, and cloud sync files.
|
|
98
|
+
- For mobile apps, inspect shared preferences, SQLite, key-value stores, sandbox restore state, and platform state restoration.
|
|
99
|
+
- Look for names such as `openPanels`, `activeTaskPanel`, `workspaceLayout`, `restoredTabs`, `lastSession`, `pendingTasks`, `taskViews`, `streamingMessage`, `pendingEvents`, `draftResponse`, `activeRun`, `completedStreamIds`, `lastCompletedEventSeq`, `clearedAt`, and `runFinalizedAt`.
|
|
100
|
+
3. Add provenance to reads and writes.
|
|
101
|
+
- Label each value with source, action name, previous value, next value, stack or caller, route, tab, user, workspace, message, run, event sequence, created time, written time, rehydrated time, and persist version when safe.
|
|
102
|
+
- Instrument store actions, reducers, query cache `setQueryData`, persistence `setItem`, IndexedDB writes, server response application, hydration callbacks, route loaders, app init effects, replay handlers, and BroadcastChannel handlers.
|
|
103
|
+
- Keep logs bounded and scrub secrets or personal data according to repository policy.
|
|
104
|
+
4. Reconstruct the timeline.
|
|
105
|
+
- The common failure is: stale in-progress state is scheduled for persistence, completion clears memory, a delayed write flushes the old snapshot, hydration later reads it, and the UI honestly renders it.
|
|
106
|
+
- Check whether `hydrate`, `restore`, `merge`, `sync`, `initialize`, `loadDraft`, `resumeSession`, `reconnect`, `onFocus`, `onMount`, or `saveLastSession` runs after finalize.
|
|
107
|
+
- Compare process start time with stored `createdAt` or `rehydratedAt`; old timestamps in post-start state are strong resurrection evidence.
|
|
108
|
+
5. Inspect finalize semantics.
|
|
109
|
+
- Treat `message.complete`, close, clear, delete, done, and archive as finalization events, not only render cleanup.
|
|
110
|
+
- Finalize should clear memory, remove or update persisted state, remove ephemeral query-cache fields, cancel pending persisted writes, abort inflight hydration, invalidate or patch server snapshots, and record a tombstone or watermark when replay is possible.
|
|
111
|
+
- Persisting only `null` may be weaker than persisting "this run or panel was finalized at this sequence/time" when old payloads can arrive later.
|
|
112
|
+
6. Review hydration merge policy.
|
|
113
|
+
- Reject blind shallow merges such as persisted state overriding current state without identity, version, and tombstone checks.
|
|
114
|
+
- Hydration should restore only if the persisted payload matches the current user, workspace, conversation, message, run, route, schema, and lifecycle, and is newer than the relevant clear or completion watermark.
|
|
115
|
+
- Drop streaming, draft, panel, and task-view fields from persisted state unless they have an explicit restoration contract.
|
|
116
|
+
7. Review inbound event ordering.
|
|
117
|
+
- `message.delta`, `message.complete`, reconnect replay, snapshot refresh, and history load may arrive through different paths.
|
|
118
|
+
- Require event sequence, server version, message version, run ID, or generation ID checks so replayed or late payloads older than completion cannot rebuild ephemeral UI.
|
|
119
|
+
- Delayed HTTP snapshots and background refetches must not recreate streaming or panel state after finalize.
|
|
120
|
+
8. Review streaming responsibility separation.
|
|
121
|
+
- Treat the gateway as a connection and envelope owner only: open the stream, parse chunks, validate `sessionId`, `streamId`, `eventId`, `seq`, `createdAt`, `type`, and `payload`, then hand off the event.
|
|
122
|
+
- Keep UI mutation and durable persistence out of the gateway. A listener that calls component setters and writes session storage in the same branch is a source-of-truth split.
|
|
123
|
+
- Let the event handler validate, deduplicate, order, and translate external events into internal commands. It should not decide component display policy or directly edit durable storage.
|
|
124
|
+
- Keep the state store as the only in-memory truth. Reducers or state machines should apply commands deterministically and update metadata such as `lastAppliedSeq`, `appliedEventIds`, `sessionStatus`, `messageIndex`, and `pendingToolCalls`.
|
|
125
|
+
- Make the persistence writer own event log, snapshots, high-watermark, schema version, migration, compaction, blob references, dirty markers, and durable-write success. Send server acknowledgements only through the durable boundary when acknowledgement means recoverability.
|
|
126
|
+
- Make the hydration guard buffer live events while snapshots or logs load, discard events older than the restored high-watermark, request replay or resync when a sequence gap appears, and reject late hydration from an obsolete runtime generation.
|
|
127
|
+
- Make cleanup dispose the runtime generation: abort streams, cancel readers, remove heartbeat and retry timers, stop new persistence writes, finish or mark short idempotent writes, drop buffered events, and require async callbacks to check `runtimeId` or generation tokens.
|
|
128
|
+
9. Separate message lifecycle from runtime health.
|
|
129
|
+
- `message.complete` ends the message lifecycle only. It should not clear terminal errors, mark runtime health as clean, erase restart-required state, or turn old terminal failures into success.
|
|
130
|
+
- `terminal-error` changes terminal and session health. It should not rewrite already completed messages as failed messages, delete message content, or pretend a partial message completed successfully.
|
|
131
|
+
- Model message status, terminal status, session health, and restart state separately instead of flattening them into `isDone`, `isLoading`, or `hasError`.
|
|
132
|
+
- Allow states such as `completedWithTerminalError`: the user may have a complete assistant message and a broken terminal at the same time.
|
|
133
|
+
- On restart, create a new runtime generation. Preserve transcript history when the product contract requires it, clear or archive active terminal errors, cancel pending streams, and reject old-generation `message.complete`, `terminal-error`, stdout, stderr, delta, and tool events.
|
|
134
|
+
10. Review identity boundaries.
|
|
135
|
+
- Persist and query keys must include every dimension that changes ownership: user, tenant, workspace, route, conversation, message, run, tab, and feature or locale dimensions when relevant.
|
|
136
|
+
- A key like `chat-state`, `workspace-layout`, or `activeMessage` is unsafe when more than one identity can share it.
|
|
137
|
+
- On logout, tenant switch, workspace switch, conversation switch, or route identity change, clear or reject state from the previous identity.
|
|
138
|
+
11. Review active, finished, and pending as lifecycle projections.
|
|
139
|
+
- Treat `active` and `finished` as selectors over one lifecycle model, not two independent authoritative stores.
|
|
140
|
+
- Preserve user intent, externally confirmed facts, and unfinished retryable work; clear only UI posture such as selected tab, accordion open state, hover, scroll, temporary filters, or transient loading decorations without durable evidence.
|
|
141
|
+
- Keep active until a terminal event such as finished, cancelled, deleted, archived, or tombstoned is confirmed with a version, cursor, or event ID and can be replayed after restart.
|
|
142
|
+
- Keep finished as append-only or versioned history until a versioned delete, archive, purge, retention expiry, or tombstone event proves removal; do not let an old restored snapshot erase newer finished facts.
|
|
143
|
+
- Keep pending finish, submit, close, delete, or archive commands with a command ID or idempotency key until success or failure ack decides whether to clear, retry, or restore active state.
|
|
144
|
+
- If the same logical item can have a current attempt and past completed records, separate user-facing `logicalId` from lifecycle `instanceId`, `runId`, or `submissionId`.
|
|
145
|
+
- Use one reducer for persisted snapshots, realtime events, and local commands so version, cursor, event ID, tombstone, and pending-command rules arbitrate every input consistently.
|
|
146
|
+
- Snapshot restore is not truth. A restored active or finished value must lose to newer versions, later cursors, tombstones, and already-applied event IDs even when the snapshot came from local disk or server layout.
|
|
147
|
+
12. Review async generation and remounts.
|
|
148
|
+
- Provider remount, StrictMode development double execution, HMR, route segment remount, auth context change, tab focus, and reconnect can run hydration more than once.
|
|
149
|
+
- Async hydration needs request tokens, generation IDs, or AbortController-style cancellation so late loads cannot overwrite current finalized state.
|
|
150
|
+
13. Review local, server, and sync authority.
|
|
151
|
+
- Test a clean browser profile or OS user; if the issue disappears, local persisted state is likely.
|
|
152
|
+
- Test a clean device after login; if the issue returns, server layout, session state, or cloud sync is likely.
|
|
153
|
+
- Delete only the suspect stored record; if the UI disappears after restart, the stored record had authority.
|
|
154
|
+
- Inject the stored record into a clean environment; if it reproduces, the restore path is proven.
|
|
155
|
+
- Check multi-device conflict policy: an old open state from device B must not overwrite a newer close or complete from device A.
|
|
156
|
+
14. Review migrations and crash recovery.
|
|
157
|
+
- Migration defaults must not convert old `closed: true`, `completed`, `done`, or missing lifecycle fields into open or active state.
|
|
158
|
+
- Crash recovery files must not outrank a normal session file that recorded a later finalize.
|
|
159
|
+
- Save-last-session code must save the latest state, not a stale captured snapshot from before completion.
|
|
160
|
+
15. Add targeted regression evidence.
|
|
161
|
+
- Prefer tests that model delayed persisted writes, persisted-store rehydration after finalize, stale HTTP snapshot after complete, reconnect replay after complete, route remount after complete, cross-tab stale broadcast, cross-device stale sync, and migration of old session records.
|
|
162
|
+
- Assert that rendering follows store state honestly, and that the store refuses old restored state after finalization.
|
|
163
|
+
- Add active, finished, and pending tests where a stale snapshot, replayed realtime event, duplicate event ID, command retry, or tombstone competes for the same logical ID or instance ID.
|
|
164
|
+
- Add reducer tests for `message.delta` to `message.complete`, duplicate `message.complete`, `terminal-error` preserving message content, `terminal-error` then `message.complete`, `message.complete` then `terminal-error`, hydration idempotency, restart generation changes, and stale old-generation event rejection.
|
|
165
|
+
- Add integration tests for normal streaming completion, terminal error before message completion, terminal error after message completion, refresh hydration of `completedWithTerminalError`, restart from a hydrated error session, and old-generation events arriving after restart.
|
|
166
|
+
- Add transition-table tests for `ready`, `streaming`, `completed`, `terminalError`, `completedWithTerminalError`, `hydrating`, `restarting`, and `readyAfterRestart` when those states exist in the product model.
|
|
167
|
+
|
|
168
|
+
<!-- mustflow-section: postconditions -->
|
|
169
|
+
## Postconditions
|
|
170
|
+
|
|
171
|
+
- The resurrected UI is classified as newly created, restored from local persistence, restored from query or service-worker cache, restored from desktop or mobile app data, restored from server layout, restored from sync, restored by replay, restored by migration, restored by crash recovery, or not yet localized.
|
|
172
|
+
- Finalize actions clear or tombstone memory, persistence, query cache, inflight hydration, pending writes, server snapshots, and sync inputs where relevant.
|
|
173
|
+
- Hydration and replay paths reject stale, wrong-identity, wrong-schema, or older-than-watermark payloads.
|
|
174
|
+
- Streaming event handling has one mutation pipeline from gateway to event handler, state store, persistence writer, hydration guard, cleanup, and UI selectors; handlers do not directly mutate both UI and durable storage.
|
|
175
|
+
- `message.complete`, `terminal-error`, hydration, and restart are proven separate lifecycle concerns rather than competing flat flags.
|
|
176
|
+
- `active`, `finished`, and `pending` are either proven projections from one lifecycle truth or the remaining multi-source drift is reported.
|
|
177
|
+
- Tests or reproduction evidence cover the changed lifecycle boundary, or missing evidence is reported explicitly.
|
|
178
|
+
|
|
179
|
+
<!-- mustflow-section: verification -->
|
|
180
|
+
## Verification
|
|
181
|
+
|
|
182
|
+
Use configured oneshot command intents when available:
|
|
183
|
+
|
|
184
|
+
- `changes_status`
|
|
185
|
+
- `changes_diff_summary`
|
|
186
|
+
- `lint`
|
|
187
|
+
- `build`
|
|
188
|
+
- `test_related`
|
|
189
|
+
- `test`
|
|
190
|
+
- `docs_validate_fast`
|
|
191
|
+
- `test_release`
|
|
192
|
+
- `mustflow_check`
|
|
193
|
+
|
|
194
|
+
Use the narrowest configured frontend, unit, integration, docs, release, or mustflow intent that covers the persistence, hydration, replay, sync, migration, or finalize boundary. Do not infer raw browser, dev-server, storage-inspection, database, sync-service, or mobile commands outside the command contract.
|
|
195
|
+
|
|
196
|
+
<!-- mustflow-section: failure-handling -->
|
|
197
|
+
## Failure Handling
|
|
198
|
+
|
|
199
|
+
- If storage access, server layout, sync logs, or app-data files are unavailable, report which source remains unproven instead of claiming a render fix.
|
|
200
|
+
- If the state source cannot be named, add bounded provenance before changing cleanup logic.
|
|
201
|
+
- If a proposed fix only hides the component while the old record remains restorable, reject it as symptom masking.
|
|
202
|
+
- If clearing all storage would hide the bug but delete user data, narrow the stored record, identity, tombstone, or migration rule first.
|
|
203
|
+
- If tests need live browser, mobile, desktop, sync, or production telemetry not configured in `.mustflow/config/commands.toml`, run available local checks and report the manual evidence gap.
|
|
204
|
+
|
|
205
|
+
<!-- mustflow-section: output-format -->
|
|
206
|
+
## Output Format
|
|
207
|
+
|
|
208
|
+
- UI state resurrection surface reviewed
|
|
209
|
+
- New-versus-restored verdict and identity evidence
|
|
210
|
+
- Source ledger: memory, query cache, persisted store, browser storage, desktop or mobile storage, server layout, sync, replay, migration, and crash recovery where relevant
|
|
211
|
+
- Timeline: write, finalize, delayed write, read, hydrate, replay, remount, sync, and render order
|
|
212
|
+
- Streaming ownership: gateway, event handler, state store, persistence writer, hydration guard, cleanup, ack, and UI selector boundary
|
|
213
|
+
- Finalize, tombstone, watermark, merge, identity, lifecycle projection, runtime health, terminal health, pending command, generation, cache, and migration decisions
|
|
214
|
+
- Fixes made or recommended
|
|
215
|
+
- Tests or reproduction evidence
|
|
216
|
+
- Command intents run
|
|
217
|
+
- Skipped resurrection diagnostics and reasons
|
|
218
|
+
- Remaining UI state resurrection risk
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.version-freshness-check
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 9
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: version-freshness-check
|
|
9
|
-
description: Apply this skill when generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, Python standard-library/API references, TypeScript compiler-track references, Go release, toolchain, standard-library, runtime, or
|
|
9
|
+
description: Apply this skill when generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, Python standard-library/API references, TypeScript compiler-track references, Go release, toolchain, standard-library, runtime, experiment, framework, or dependency references such as Gin, Rust release, toolchain, standard-library, Cargo, edition, MSRV, lint, or target references, HTTP standard or browser-support references, or migration-sensitive snippets introduce explicit external version references that may be stale.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -36,7 +36,7 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
36
36
|
- CI workflows, release workflows, Dockerfiles, package metadata, lockfiles, runtime files, framework configuration, README examples, docs, tests, fixtures, or templates mention external versions such as GitHub Actions refs, Node, Bun, Deno, Python, Rust, Tauri, Astro, Next, SvelteKit, Electron, Docker images, package managers, SDKs, plugins, or generators.
|
|
37
37
|
- Python wording mentions current/stable/support status, Python 3.14+ or 3.15+ syntax, standard-library APIs, runtime flags, changed default behavior, security defaults, or examples that depend on `requires-python`.
|
|
38
38
|
- TypeScript wording mentions current/stable/RC/nightly status for TypeScript 6, TypeScript 7, `@typescript/typescript6`, `tsc6`, `typescript@rc`, `@typescript/native-preview`, `tsgo`, compiler API compatibility, or migration readiness.
|
|
39
|
-
- Go wording mentions current/stable/support status, Go release numbers, `go.mod` language version behavior, `toolchain` behavior, standard-library APIs, `GOEXPERIMENT`, runtime defaults, container behavior, JSON experiments, or examples that depend on a specific Go version.
|
|
39
|
+
- Go wording mentions current/stable/support status, Go release numbers, `go.mod` language version behavior, `toolchain` behavior, standard-library APIs, `GOEXPERIMENT`, runtime defaults, container behavior, JSON experiments, third-party Go framework releases such as Gin, framework minimum-Go requirements, or examples that depend on a specific Go or framework version.
|
|
40
40
|
- Rust wording mentions current/stable/support status, Rust release numbers, `rust-version`, edition behavior, `rust-toolchain`, Cargo resolver or workspace behavior, standard-library APIs, compiler lints, target behavior, release profiles, or examples that depend on a specific Rust version.
|
|
41
41
|
- HTTP delivery wording mentions current support, baseline status, default behavior, standard status, or compatibility for zstd content coding, compression dictionary transport, SSE/EventSource, WebTransport, WebSocket fallback, HTTP/2, HTTP/3, QUIC, CDN behavior, proxy buffering, or browser transport APIs.
|
|
42
42
|
- An agent proposes a versioned dependency, tool, framework, action, image, or runtime based on memory, copied snippets, older project examples, or user-provided text that may be stale.
|
|
@@ -100,14 +100,15 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
100
100
|
16. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat TS6 stable API track (`@typescript/typescript6`, `tsc6`), TS7 RC compiler track (`typescript@rc`, `tsc`), TS7 nightly track (`@typescript/native-preview`, `tsgo`), and future TS7 stable `typescript` behavior as distinct tracks. Do not call RC or nightly output "latest stable TypeScript" just because it is newer.
|
|
101
101
|
17. For TypeScript examples, make the selected track explicit: TS6 API compatibility, TS7 RC compiler verification, TS7 nightly comparison, editor preview, or repository adoption. If the project has compiler API consumers, transformers, framework wrappers, or declaration snapshots, classify the reference as migration-sensitive and keep API consumers on the TS6 API track until support is explicit. Check exact support before relying on `rootDir` defaults, ambient `types` defaults, import attributes, subpath imports, `import defer`, `using`, or `await using`.
|
|
102
102
|
18. For Go release, toolchain, standard-library, runtime, or experiment claims, refresh official Go release notes or package documentation before writing durable wording. Check the repository's `go` directive, `toolchain` directive, CI/runtime matrix, and container target before using or recommending version-gated features such as expression operands to `new`, range-over-function iterators, generic type aliases, reflect iterator methods, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `T.ArtifactDir`, `B.ArtifactDir`, `F.ArtifactDir`, `testing/cryptotest.SetGlobalRandom`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `ReverseProxy.Rewrite`, container-aware `GOMAXPROCS`, goroutine leak profiles, `encoding/json/v2`, or `GOEXPERIMENT` APIs.
|
|
103
|
-
19. For Go
|
|
104
|
-
20. For
|
|
105
|
-
21. For Rust
|
|
106
|
-
22. For
|
|
107
|
-
23. For HTTP
|
|
108
|
-
24. For
|
|
109
|
-
25.
|
|
110
|
-
26.
|
|
103
|
+
19. For Go framework and dependency release claims, refresh the source that owns the artifact before writing durable wording. For Gin, prefer official Gin release notes, pkg.go.dev module metadata, and the upstream repository release or source files for claims about latest stable version, minimum Go version, HTTP/3 support, BSON support, binding behavior, router options, logger options, trusted proxy behavior, or `Context` APIs. Keep framework upgrade advice separate from repository adoption, because a framework minor can still require a Go toolchain, CI image, Docker base, middleware, route, or binding migration.
|
|
104
|
+
20. For Go examples that use newer standard-library APIs, framework APIs, or runtime defaults, either keep the example behind an explicit Go or framework version floor or provide a supported fallback. Do not call an experimental `GOEXPERIMENT` feature, a newer `go` directive behavior, or a newly added framework method a general Go best practice when the repository declares lower support.
|
|
105
|
+
21. For Rust release, toolchain, standard-library, Cargo, edition, lint, target, or MSRV claims, refresh official Rust release notes, standard-library docs, the Cargo Book, Rust Reference, or rustc book before writing durable wording. Check `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, docs.rs metadata, and crate publish policy before using or recommending version-gated features such as let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `resolver = "2"`, Rust 2024 `unsafe extern`, unsafe attributes, Rust 2024 `unsafe_op_in_unsafe_fn`, temporary drop-scope changes, macro fragment behavior, or release-profile defaults.
|
|
106
|
+
22. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback. Use an API-by-API MSRV ledger for features such as `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`; do not collapse them into a single "latest Rust" bucket, and do not treat nightly-only behavior or target-specific linker behavior as stable without explicit evidence.
|
|
107
|
+
23. For HTTP standards, browser APIs, proxy defaults, CDN defaults, and transport support claims, prefer official RFCs, standards bodies, MDN or browser vendor docs, and vendor-owned proxy/CDN documentation. Keep WebTransport, compression dictionary transport, zstd content coding, SSE/EventSource, HTTP/2, HTTP/3, QUIC, and proxy-buffering claims track-specific and dated when support is changing.
|
|
108
|
+
24. For HTTP delivery examples that depend on newer or unevenly supported behavior, require feature detection, fallback behavior, or explicit deployment constraints. Do not present WebTransport, dictionary compression, or zstd negotiation as a universal default when the project still needs browsers, proxies, CDNs, or networks that may not support it.
|
|
109
|
+
25. For Docker images, decide whether the project prefers semver tags, distro tags, LTS tags, date tags, or digests. Do not replace a digest or pinned base image with a floating tag unless the repository policy says so.
|
|
110
|
+
26. Synchronize every accepted version decision across package metadata, lockfiles when intentionally updated, CI, Docker, runtime files, docs, examples, templates, tests, and release notes.
|
|
111
|
+
27. Run the narrowest configured verification that covers the changed versioned surface. Use broader verification for major, migration-required, runtime, framework, generated-output, package-publish, Docker, CI, TypeScript compiler-track, Go toolchain or runtime support, Go framework runtime support, Rust toolchain or MSRV support, HTTP delivery compatibility, or security-sensitive changes.
|
|
111
112
|
|
|
112
113
|
<!-- mustflow-section: postconditions -->
|
|
113
114
|
## Postconditions
|
|
@@ -119,7 +120,7 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
119
120
|
- Python standard-library examples and runtime-default claims match the declared Python support matrix or name the required runtime floor.
|
|
120
121
|
- Python template strings, annotation inspection, explicit lazy imports, immutable mappings, sentinels, and advanced `TypedDict` shape claims are either official-source checked or omitted.
|
|
121
122
|
- TypeScript 6 stable API, TypeScript 7 RC compiler, TypeScript 7 nightly, and future stable TypeScript tracks are not collapsed into one generic "latest TypeScript" claim.
|
|
122
|
-
- Go release, `go.mod` language version, standard-library API, runtime-default, and `GOEXPERIMENT` claims match the declared Go support matrix or name the required runtime floor.
|
|
123
|
+
- Go release, `go.mod` language version, standard-library API, framework dependency API such as Gin, runtime-default, and `GOEXPERIMENT` claims match the declared Go support matrix or name the required runtime or framework floor.
|
|
123
124
|
- Rust release, `rust-version`, edition, standard-library API, Cargo resolver, lint-default, target, and nightly/stable claims match the declared Rust support matrix or name the required API-specific runtime floor.
|
|
124
125
|
- HTTP standard, browser-support, proxy-default, CDN-default, and transport-support claims are not written from stale memory and keep feature detection or fallback boundaries explicit where support varies.
|
|
125
126
|
- Docs and examples do not make unverifiable current-version claims.
|
|
@@ -147,7 +148,7 @@ Choose the narrowest configured intent that proves the changed versioned surface
|
|
|
147
148
|
- If a freshness check requires network, credentials, or a connector that is not available, report the boundary and avoid current-version claims.
|
|
148
149
|
- If a proposed major or migration-required version is better for greenfield work but risky for the existing project, present both choices and ask before changing the project.
|
|
149
150
|
- If TypeScript 7 RC, nightly, or stable freshness changes during the task, update wording to a dated or track-specific claim and keep repository adoption separate from comparison-only checks.
|
|
150
|
-
- If Go release or experiment freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, `go` directive adoption, CI support, and `GOEXPERIMENT` adoption separate.
|
|
151
|
+
- If Go release, framework release, or experiment freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, `go` directive adoption, framework adoption, CI support, and `GOEXPERIMENT` adoption separate.
|
|
151
152
|
- If Rust release or toolchain freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, MSRV adoption, edition adoption, CI support, target support, and nightly or unstable features separate.
|
|
152
153
|
- If HTTP delivery support changes during the task, update wording to a dated or track-specific claim and keep standards, browser support, CDN behavior, proxy defaults, and repository adoption separate.
|
|
153
154
|
- If verification fails after a freshness update, do not weaken tests, lower type checks, delete lockfiles, or widen ranges to make the update pass. Revert or narrow the version decision unless the behavior change is intentional.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
id = "default"
|
|
2
2
|
name = "default"
|
|
3
|
-
version = "2.108.
|
|
3
|
+
version = "2.108.8"
|
|
4
4
|
description = "Minimal workflow for LLM agents to read, edit, and verify their work in a repository."
|
|
5
5
|
common_root = "common"
|
|
6
6
|
locales_root = "locales"
|
|
@@ -23,6 +23,7 @@ creates = [
|
|
|
23
23
|
".mustflow/skills/auth-permission-change/SKILL.md",
|
|
24
24
|
".mustflow/skills/security-flow-review/SKILL.md",
|
|
25
25
|
".mustflow/skills/behavior-preserving-refactor/SKILL.md",
|
|
26
|
+
".mustflow/skills/split-refactor-residual-path-review/SKILL.md",
|
|
26
27
|
".mustflow/skills/code-review/SKILL.md",
|
|
27
28
|
".mustflow/skills/ai-generated-code-hardening/SKILL.md",
|
|
28
29
|
".mustflow/skills/quality-gaming-guard/SKILL.md",
|
|
@@ -59,6 +60,7 @@ creates = [
|
|
|
59
60
|
".mustflow/skills/low-end-device-support-review/SKILL.md",
|
|
60
61
|
".mustflow/skills/mobile-energy-efficiency-review/SKILL.md",
|
|
61
62
|
".mustflow/skills/frontend-state-ownership-review/SKILL.md",
|
|
63
|
+
".mustflow/skills/ui-state-resurrection-review/SKILL.md",
|
|
62
64
|
".mustflow/skills/frontend-stress-layout-review/SKILL.md",
|
|
63
65
|
".mustflow/skills/frontend-accessibility-tree-review/SKILL.md",
|
|
64
66
|
".mustflow/skills/frontend-component-library-review/SKILL.md",
|
|
@@ -249,6 +251,7 @@ minimal = [
|
|
|
249
251
|
"auth-permission-change",
|
|
250
252
|
"security-flow-review",
|
|
251
253
|
"behavior-preserving-refactor",
|
|
254
|
+
"split-refactor-residual-path-review",
|
|
252
255
|
"code-review",
|
|
253
256
|
"ai-generated-code-hardening",
|
|
254
257
|
"quality-gaming-guard",
|
|
@@ -285,6 +288,7 @@ minimal = [
|
|
|
285
288
|
"low-end-device-support-review",
|
|
286
289
|
"mobile-energy-efficiency-review",
|
|
287
290
|
"frontend-state-ownership-review",
|
|
291
|
+
"ui-state-resurrection-review",
|
|
288
292
|
"frontend-stress-layout-review",
|
|
289
293
|
"frontend-accessibility-tree-review",
|
|
290
294
|
"frontend-component-library-review",
|
|
@@ -412,6 +416,7 @@ patterns = [
|
|
|
412
416
|
"auth-permission-change",
|
|
413
417
|
"security-flow-review",
|
|
414
418
|
"behavior-preserving-refactor",
|
|
419
|
+
"split-refactor-residual-path-review",
|
|
415
420
|
"code-review",
|
|
416
421
|
"ai-generated-code-hardening",
|
|
417
422
|
"quality-gaming-guard",
|
|
@@ -448,6 +453,7 @@ patterns = [
|
|
|
448
453
|
"low-end-device-support-review",
|
|
449
454
|
"mobile-energy-efficiency-review",
|
|
450
455
|
"frontend-state-ownership-review",
|
|
456
|
+
"ui-state-resurrection-review",
|
|
451
457
|
"frontend-stress-layout-review",
|
|
452
458
|
"frontend-accessibility-tree-review",
|
|
453
459
|
"frontend-component-library-review",
|
|
@@ -586,6 +592,7 @@ oss = [
|
|
|
586
592
|
"auth-permission-change",
|
|
587
593
|
"security-flow-review",
|
|
588
594
|
"behavior-preserving-refactor",
|
|
595
|
+
"split-refactor-residual-path-review",
|
|
589
596
|
"code-review",
|
|
590
597
|
"ai-generated-code-hardening",
|
|
591
598
|
"quality-gaming-guard",
|
|
@@ -622,6 +629,7 @@ oss = [
|
|
|
622
629
|
"low-end-device-support-review",
|
|
623
630
|
"mobile-energy-efficiency-review",
|
|
624
631
|
"frontend-state-ownership-review",
|
|
632
|
+
"ui-state-resurrection-review",
|
|
625
633
|
"frontend-stress-layout-review",
|
|
626
634
|
"frontend-accessibility-tree-review",
|
|
627
635
|
"frontend-component-library-review",
|
|
@@ -777,6 +785,7 @@ team = [
|
|
|
777
785
|
"auth-permission-change",
|
|
778
786
|
"security-flow-review",
|
|
779
787
|
"behavior-preserving-refactor",
|
|
788
|
+
"split-refactor-residual-path-review",
|
|
780
789
|
"code-review",
|
|
781
790
|
"ai-generated-code-hardening",
|
|
782
791
|
"quality-gaming-guard",
|
|
@@ -813,6 +822,7 @@ team = [
|
|
|
813
822
|
"low-end-device-support-review",
|
|
814
823
|
"mobile-energy-efficiency-review",
|
|
815
824
|
"frontend-state-ownership-review",
|
|
825
|
+
"ui-state-resurrection-review",
|
|
816
826
|
"frontend-stress-layout-review",
|
|
817
827
|
"frontend-accessibility-tree-review",
|
|
818
828
|
"frontend-component-library-review",
|
|
@@ -953,6 +963,7 @@ product = [
|
|
|
953
963
|
"auth-permission-change",
|
|
954
964
|
"security-flow-review",
|
|
955
965
|
"behavior-preserving-refactor",
|
|
966
|
+
"split-refactor-residual-path-review",
|
|
956
967
|
"code-review",
|
|
957
968
|
"ai-generated-code-hardening",
|
|
958
969
|
"quality-gaming-guard",
|
|
@@ -989,6 +1000,7 @@ product = [
|
|
|
989
1000
|
"low-end-device-support-review",
|
|
990
1001
|
"mobile-energy-efficiency-review",
|
|
991
1002
|
"frontend-state-ownership-review",
|
|
1003
|
+
"ui-state-resurrection-review",
|
|
992
1004
|
"frontend-stress-layout-review",
|
|
993
1005
|
"frontend-accessibility-tree-review",
|
|
994
1006
|
"frontend-component-library-review",
|
|
@@ -1135,6 +1147,7 @@ library = [
|
|
|
1135
1147
|
"auth-permission-change",
|
|
1136
1148
|
"security-flow-review",
|
|
1137
1149
|
"behavior-preserving-refactor",
|
|
1150
|
+
"split-refactor-residual-path-review",
|
|
1138
1151
|
"code-review",
|
|
1139
1152
|
"ai-generated-code-hardening",
|
|
1140
1153
|
"quality-gaming-guard",
|
|
@@ -1171,6 +1184,7 @@ library = [
|
|
|
1171
1184
|
"low-end-device-support-review",
|
|
1172
1185
|
"mobile-energy-efficiency-review",
|
|
1173
1186
|
"frontend-state-ownership-review",
|
|
1187
|
+
"ui-state-resurrection-review",
|
|
1174
1188
|
"frontend-stress-layout-review",
|
|
1175
1189
|
"frontend-accessibility-tree-review",
|
|
1176
1190
|
"frontend-component-library-review",
|