mustflow 2.108.3 → 2.112.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/lib/repo-map-frontmatter.js +18 -0
- package/dist/cli/lib/repo-map.js +204 -11
- package/package.json +3 -3
- package/templates/default/i18n.toml +53 -5
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +24 -3
- package/templates/default/locales/en/.mustflow/skills/clickhouse-code-change/SKILL.md +266 -0
- package/templates/default/locales/en/.mustflow/skills/duckdb-code-change/SKILL.md +284 -0
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +52 -15
- package/templates/default/locales/en/.mustflow/skills/java-code-change/SKILL.md +499 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +42 -0
- package/templates/default/locales/en/.mustflow/skills/split-refactor-residual-path-review/SKILL.md +176 -0
- package/templates/default/locales/en/.mustflow/skills/technology-stack-selection/SKILL.md +328 -0
- package/templates/default/locales/en/.mustflow/skills/ui-state-resurrection-review/SKILL.md +218 -0
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +21 -14
- package/templates/default/locales/en/.mustflow/skills/writing-elegance/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/writing-elegance/references/phrase-bank.md +302 -0
- package/templates/default/locales/en/AGENTS.md +10 -1
- package/templates/default/locales/ko/AGENTS.md +7 -1
- package/templates/default/manifest.toml +49 -1
package/templates/default/locales/en/.mustflow/skills/split-refactor-residual-path-review/SKILL.md
ADDED
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.split-refactor-residual-path-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: split-refactor-residual-path-review
|
|
9
|
+
description: Apply this skill when a refactor splits files, extracts handlers, moves event ownership, relocates state mutations, or claims a responsibility moved, and the review must prove old execution paths, listeners, effects, dispatches, imports, feature-flag fallbacks, tests, and lifecycle cleanup no longer keep the previous behavior alive.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.split-refactor-residual-path-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- test_audit
|
|
23
|
+
- docs_validate_fast
|
|
24
|
+
- test_release
|
|
25
|
+
- mustflow_check
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
# Split Refactor Residual Path Review
|
|
29
|
+
|
|
30
|
+
<!-- mustflow-section: purpose -->
|
|
31
|
+
## Purpose
|
|
32
|
+
|
|
33
|
+
Review file-splitting and responsibility-moving refactors by proving the old path lost authority.
|
|
34
|
+
|
|
35
|
+
The main question is not "was a nicer new module added?" It is "can the old file, handler, listener, effect, dispatch, mutation, route, middleware, consumer, or fallback still process the same event or state change?"
|
|
36
|
+
|
|
37
|
+
<!-- mustflow-section: use-when -->
|
|
38
|
+
## Use When
|
|
39
|
+
|
|
40
|
+
- A PR or local diff splits a file, extracts a component, handler, reducer, service, route, listener, worker, middleware, controller, or event processor.
|
|
41
|
+
- A responsibility is claimed to move from one owner to another, especially event receive, event interpretation, state mutation, side effect, API request, cache update, analytics emission, or cleanup ownership.
|
|
42
|
+
- A previous bug may reappear because old conditions, callbacks, effects, subscriptions, imports, feature flags, fallbacks, or tests still exercise the old path.
|
|
43
|
+
- Review needs to distinguish a true move from code duplication, partial extraction, or a new module that is not connected to the real entrypoint.
|
|
44
|
+
|
|
45
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
46
|
+
## Do Not Use When
|
|
47
|
+
|
|
48
|
+
- The task is a broad behavior-preserving refactor with no file split, handler relocation, state mutation relocation, or old-path risk; use `behavior-preserving-refactor`.
|
|
49
|
+
- The main concern is general module ownership, import direction, DTO leakage, or policy owner placement; use `module-boundary-review`.
|
|
50
|
+
- The task only asks for changed-file risk classification and verification selection; use `diff-risk-review`.
|
|
51
|
+
- The change is a pure rename or formatting-only move with no runtime entrypoint, listener, state, side effect, feature flag, or test routing impact.
|
|
52
|
+
|
|
53
|
+
<!-- mustflow-section: required-inputs -->
|
|
54
|
+
## Required Inputs
|
|
55
|
+
|
|
56
|
+
- Refactor claim: what responsibility moved, from where, to where, and what behavior should remain unchanged.
|
|
57
|
+
- Current diff shape: added files, deleted lines, moved code, old files that remain, imports changed, and tests changed.
|
|
58
|
+
- Residual keyword ledger: old bug keywords, event names, action types, handler names, API calls, state field names, feature flag names, selector names, cache keys, analytics names, route names, job names, and middleware names.
|
|
59
|
+
- Entry and ownership ledger: event receiver, interpreter, state mutator, side-effect owner, external request owner, cleanup owner, and public entrypoints before and after the split.
|
|
60
|
+
- Lifecycle ledger: mount, unmount, remount, route change, modal close, tab switch, reconnect, retry, worker restart, consumer rebalance, or job replay behavior when relevant.
|
|
61
|
+
- Test ledger: existing regression tests, new module unit tests, real-entrypoint integration tests, duplicate-execution tests, cleanup tests, ordering tests, and static boundary rules.
|
|
62
|
+
|
|
63
|
+
<!-- mustflow-section: preconditions -->
|
|
64
|
+
## Preconditions
|
|
65
|
+
|
|
66
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
67
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
68
|
+
- Existing local patterns for file moves, handler ownership, event routing, state mutations, lifecycle cleanup, feature flags, and tests have been searched before recommending a new pattern.
|
|
69
|
+
- If the residual path affects payments, auth, notifications, persistence, cache truth, concurrency, or UI resurrection, also apply the narrower matching skill for that boundary.
|
|
70
|
+
|
|
71
|
+
<!-- mustflow-section: allowed-edits -->
|
|
72
|
+
## Allowed Edits
|
|
73
|
+
|
|
74
|
+
- Remove old handlers, conditions, effects, subscriptions, dispatches, emits, mutations, imports, fallback branches, direct API calls, cache updates, analytics calls, or cleanup logic that still own the moved responsibility.
|
|
75
|
+
- Convert the old owner into a pure adapter, delegator, or view when the new owner should interpret and mutate state.
|
|
76
|
+
- Add or tighten boundary guards such as import restrictions, module boundary rules, lint rules, dependency rules, or package exports that prevent the old owner from importing moved event types or handlers.
|
|
77
|
+
- Add focused tests for real entrypoint routing, old-path non-execution, single execution, lifecycle cleanup, ordering, feature-flag fallbacks, and regression scenarios tied to the moved responsibility.
|
|
78
|
+
- Do not keep duplicate old and new paths "for safety" unless the product contract explicitly requires parallel behavior and the diff names the compatibility sunset.
|
|
79
|
+
|
|
80
|
+
<!-- mustflow-section: procedure -->
|
|
81
|
+
## Procedure
|
|
82
|
+
|
|
83
|
+
1. Start with the diff shape.
|
|
84
|
+
- Compare added files with deleted old responsibility.
|
|
85
|
+
- Treat a refactor that mostly adds new code while barely deleting old conditions, effects, handlers, cleanup, or side effects as suspected duplication.
|
|
86
|
+
- Separate mechanical moves from semantic changes before judging correctness.
|
|
87
|
+
2. Name the moved responsibility.
|
|
88
|
+
- State exactly what moved: receive event, interpret event, update state, perform external request, emit analytics, update cache, route command, validate input, cleanup listener, or publish event.
|
|
89
|
+
- If the responsibility cannot be named, use `behavior-preserving-refactor` or `module-boundary-review` before editing.
|
|
90
|
+
3. Search residual paths.
|
|
91
|
+
- Search old bug keywords, event names, action types, handler names, API calls, state fields, feature flags, selectors, cache keys, analytics names, route names, job names, middleware names, and callback names.
|
|
92
|
+
- Inspect neighborhoods around `onClick`, `onChange`, `addEventListener`, `subscribe`, `dispatch`, `emit`, `useEffect`, `watch`, `listener`, `handler`, `middleware`, `controller`, `route`, `consumer`, `job`, and `callback`.
|
|
93
|
+
- Treat old imports of moved event types, handlers, mutation helpers, or state fields as evidence that the move may be incomplete.
|
|
94
|
+
4. Check single ownership of the event path.
|
|
95
|
+
- The old location may pass data through or render output, but it should not still decide what the event means.
|
|
96
|
+
- Event receiving, event interpretation, state mutation, and external side effects should not be split halfway between old and new owners unless a named compatibility adapter explains why.
|
|
97
|
+
- If both old and new owners listen to the same event, identify whether one is dead, delegated, compatibility-only, or a duplicate-execution bug.
|
|
98
|
+
5. Trace state mutation authority.
|
|
99
|
+
- Follow reducers, store mutations, local setters, optimistic updates, query-cache writes, form sync, repository writes, job state, and side-effect acknowledgements.
|
|
100
|
+
- Reject designs where the new owner changes state and the old owner later recomputes, overwrites, or replays the old value.
|
|
101
|
+
6. Check feature flags and fallback paths.
|
|
102
|
+
- Review flag on, flag off, legacy mode, mobile, SSR, permission-denied, empty data, error retry, offline, reconnect, old route, and tenant or partner branches.
|
|
103
|
+
- All supported branches should route the responsibility to the same owner, or the diff should explicitly classify the divergence.
|
|
104
|
+
7. Check dependency direction.
|
|
105
|
+
- A new event owner should not import old UI internals, container-only constants, private helpers, or test-only wiring from the old location.
|
|
106
|
+
- Move stable contracts to a shared domain, type, adapter, or public module surface only when that reduces ownership ambiguity.
|
|
107
|
+
8. Review tests for real routing, not only new module correctness.
|
|
108
|
+
- A unit test that calls the new module directly is not enough when the real user or system event may still enter the old path.
|
|
109
|
+
- Prefer tests where the real click, route, message, API request, worker event, queue message, or dispatch enters the app and reaches the new owner.
|
|
110
|
+
- Keep or add the old bug reproduction as a regression guard when the refactor is meant to prevent recurrence.
|
|
111
|
+
9. Add duplicate-execution tests when side effects matter.
|
|
112
|
+
- Assert one click, request, dispatch, event, analytics call, notification, charge, save, cache update, or job replay is handled once.
|
|
113
|
+
- Check counts, idempotency keys, emitted events, persistence writes, and external calls rather than only final visible state.
|
|
114
|
+
10. Add lifecycle and cleanup evidence.
|
|
115
|
+
- Test or inspect mount, unmount, remount, route change, modal close, tab switch, reconnect, consumer restart, and job replay when listeners or subscriptions moved.
|
|
116
|
+
- Ensure the subscription and cleanup moved together; a split subscription and old cleanup is usually unstable.
|
|
117
|
+
11. Check ordering.
|
|
118
|
+
- Preserve important sequences such as validate, normalize, update, persist, notify, cleanup, ack, and publish.
|
|
119
|
+
- If swapping two steps would break correctness, encode that sequence in one owner or a test that observes the ordering.
|
|
120
|
+
12. Add structural guardrails when the old path is easy to reintroduce.
|
|
121
|
+
- Prefer `no-restricted-imports`, dependency-cruiser, module boundary rules, package exports, or local lint rules over a comment that asks humans to remember.
|
|
122
|
+
- Guard only the moved responsibility; do not create broad architecture rules unrelated to the current refactor.
|
|
123
|
+
13. Decide the outcome.
|
|
124
|
+
- If old and new paths both execute, fix the residual path when in scope.
|
|
125
|
+
- If the residual path is intentional compatibility, document the sunset and tests.
|
|
126
|
+
- If evidence is insufficient, report the missing entrypoint, lifecycle, flag, ordering, or static-boundary proof.
|
|
127
|
+
|
|
128
|
+
<!-- mustflow-section: postconditions -->
|
|
129
|
+
## Postconditions
|
|
130
|
+
|
|
131
|
+
- The old location either no longer owns the moved responsibility, is a pure delegator, or has a documented compatibility role.
|
|
132
|
+
- Real entrypoints route through the new owner.
|
|
133
|
+
- Duplicate listeners, dispatches, state mutations, external requests, cache writes, analytics calls, and cleanup ownership are removed or reported.
|
|
134
|
+
- Feature flags, fallback branches, lifecycle cleanup, ordering, and tests prove the old path cannot silently revive the previous behavior.
|
|
135
|
+
|
|
136
|
+
<!-- mustflow-section: verification -->
|
|
137
|
+
## Verification
|
|
138
|
+
|
|
139
|
+
Use configured oneshot command intents when available:
|
|
140
|
+
|
|
141
|
+
- `changes_status`
|
|
142
|
+
- `changes_diff_summary`
|
|
143
|
+
- `lint`
|
|
144
|
+
- `build`
|
|
145
|
+
- `test_related`
|
|
146
|
+
- `test`
|
|
147
|
+
- `test_audit`
|
|
148
|
+
- `docs_validate_fast`
|
|
149
|
+
- `test_release`
|
|
150
|
+
- `mustflow_check`
|
|
151
|
+
|
|
152
|
+
Use the narrowest configured test, lint, build, docs, release, or mustflow intent that covers the moved responsibility, static boundary guard, template surface, or public contract.
|
|
153
|
+
|
|
154
|
+
<!-- mustflow-section: failure-handling -->
|
|
155
|
+
## Failure Handling
|
|
156
|
+
|
|
157
|
+
- If the old responsibility cannot be located, stop and report the missing residual keyword, entrypoint, or ownership evidence.
|
|
158
|
+
- If tests only call the new module directly, report the real-entrypoint gap before claiming the refactor prevents regression.
|
|
159
|
+
- If removing the old path changes behavior, split the work into a behavior-preserving refactor and a separate behavior change or bug fix.
|
|
160
|
+
- If a boundary rule would block valid callers, narrow the rule to the moved responsibility instead of weakening the review.
|
|
161
|
+
- If a configured command fails, preserve the failing intent and use `failure-triage` before unrelated edits.
|
|
162
|
+
|
|
163
|
+
<!-- mustflow-section: output-format -->
|
|
164
|
+
## Output Format
|
|
165
|
+
|
|
166
|
+
- Split refactor surface reviewed
|
|
167
|
+
- Moved responsibility and old versus new owner
|
|
168
|
+
- Diff-shape evidence: additions, deletions, moved code, old imports, and old conditions
|
|
169
|
+
- Residual path search terms and findings
|
|
170
|
+
- Event, state mutation, side-effect, feature-flag, lifecycle, cleanup, and ordering evidence
|
|
171
|
+
- Tests added, updated, missing, or intentionally deferred
|
|
172
|
+
- Static boundary guard added or intentionally avoided
|
|
173
|
+
- Fixes made or recommendation
|
|
174
|
+
- Command intents run
|
|
175
|
+
- Skipped checks and reasons
|
|
176
|
+
- Remaining residual-path risk
|
|
@@ -0,0 +1,328 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.technology-stack-selection
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: technology-stack-selection
|
|
9
|
+
description: Apply this skill when choosing, adding, replacing, upgrading, rejecting, or standardizing a technology stack, framework, runtime, database, cache, queue, auth provider, payment provider, AI provider, SDK, hosting platform, deployment tool, build tool, ORM, observability tool, or vendor integration, especially when the decision affects migration path, rollback path, ecosystem maturity, maintainer risk, debugging surface, lock-in, CI/CD cost, deployment cost, operating toil, or solo-maintainer survivability.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.technology-stack-selection
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- docs_validate_fast
|
|
19
|
+
- test_related
|
|
20
|
+
- test_release
|
|
21
|
+
- mustflow_check
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
# Technology Stack Selection
|
|
25
|
+
|
|
26
|
+
<!-- mustflow-section: purpose -->
|
|
27
|
+
## Purpose
|
|
28
|
+
|
|
29
|
+
Choose technology by whether the project can operate, debug, deploy, upgrade, pay for, and
|
|
30
|
+
replace it for the full expected life of the product.
|
|
31
|
+
|
|
32
|
+
This skill prevents agents from accepting technology because it is fashionable, fast in a
|
|
33
|
+
benchmark, convenient for a demo, popular in another company's architecture, or attractive to the
|
|
34
|
+
developer. For indie, solo, and small-team projects, the core question is whether the stack can
|
|
35
|
+
keep earning value while the maintainer is tired, busy, away from the codebase, or handling an
|
|
36
|
+
incident without a dedicated platform team.
|
|
37
|
+
|
|
38
|
+
Treat survival-path decisions as failure-survivability decisions, not feature-implementation
|
|
39
|
+
decisions.
|
|
40
|
+
|
|
41
|
+
<!-- mustflow-section: use-when -->
|
|
42
|
+
## Use When
|
|
43
|
+
|
|
44
|
+
- A task chooses, compares, adopts, replaces, upgrades, rejects, or standardizes a technology,
|
|
45
|
+
framework, runtime, database, queue, cache, auth provider, payment provider, AI provider, SDK,
|
|
46
|
+
hosting platform, deployment tool, build tool, ORM, observability tool, package ecosystem, or
|
|
47
|
+
vendor integration.
|
|
48
|
+
- A technology is proposed for authentication, authorization, billing, payment, durable data,
|
|
49
|
+
permissions, deployment, backup, restore, queueing, file storage, customer money, customer data,
|
|
50
|
+
security, or another survival path.
|
|
51
|
+
- The decision depends on migration path, rollback path, local reproducibility, CI/CD cost,
|
|
52
|
+
deployment cost, operating toil, observability cost, backup and restore cost, maintainer capacity,
|
|
53
|
+
hiring availability, lock-in, data export, ecosystem maturity, or debugging surface.
|
|
54
|
+
- A new or experimental technology may belong in a differentiating edge feature, internal tool,
|
|
55
|
+
read-only path, derived-data path, analytics surface, search layer, recommendation layer, AI
|
|
56
|
+
layer, or feature-flagged experiment.
|
|
57
|
+
- A stack choice is being justified for solo, indie, small-team, funded-startup, open-source,
|
|
58
|
+
library, or enterprise contexts where the same technology can be appropriate in one context and
|
|
59
|
+
dangerous in another.
|
|
60
|
+
|
|
61
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
62
|
+
## Do Not Use When
|
|
63
|
+
|
|
64
|
+
- The task only edits code within an already selected technology and no new dependency, runtime,
|
|
65
|
+
vendor, data contract, deployment path, or operational surface is being chosen. Use the matching
|
|
66
|
+
implementation skill.
|
|
67
|
+
- The task only checks whether a dependency exists, is declared, or is safe to import. Use
|
|
68
|
+
`dependency-reality-check`.
|
|
69
|
+
- The task only chooses a primary language, runtime, compile target, or execution environment. Use
|
|
70
|
+
`runtime-target-selection` first, then this skill only for broader stack and operations tradeoffs.
|
|
71
|
+
- A user or repository owner has already mandated the technology. In that case, use this skill only
|
|
72
|
+
to document constraints, guardrails, migration, rollback, observability, and verification.
|
|
73
|
+
- The task asks for an unconstrained brainstorming list with no adoption decision. Use
|
|
74
|
+
`idea-triage` or `complex-decision-analysis` when those narrower conditions match.
|
|
75
|
+
|
|
76
|
+
<!-- mustflow-section: required-inputs -->
|
|
77
|
+
## Required Inputs
|
|
78
|
+
|
|
79
|
+
- Decision scope: affected product surface, repository, packages, services, data, deployment,
|
|
80
|
+
users, operators, and time horizon.
|
|
81
|
+
- Candidate technologies: name, intended role, version range when relevant, adoption type, and
|
|
82
|
+
whether the candidate is a new stack, replacement, upgrade, or vendor migration.
|
|
83
|
+
- Baseline and boring default: current choice, no-change option, most conventional low-risk option,
|
|
84
|
+
current pain, current costs, known failure modes, and existing team knowledge.
|
|
85
|
+
- Criticality: `experiment`, `internal_tool`, `customer_facing`, `production_core`, or
|
|
86
|
+
`irreversible_core`.
|
|
87
|
+
- Reversibility class: `code_only`, `config`, `build_pipeline`, `runtime_dependency`,
|
|
88
|
+
`persistent_data`, `public_api`, `customer_workflow`, `vendor_contract`, `security_boundary`, or
|
|
89
|
+
`money_or_permission`.
|
|
90
|
+
- Team and maintainer capacity: solo, indie, small team, funded startup, enterprise, open-source
|
|
91
|
+
maintainer count, on-call owner, runbook owner, training cost, and hiring or support availability.
|
|
92
|
+
- Evidence: repository patterns, official docs, changelogs, migration guides, security advisories,
|
|
93
|
+
issue trackers, production incidents, prototypes, CI results, command receipts, pricing pages, and
|
|
94
|
+
support or SLA evidence when available.
|
|
95
|
+
- Success and failure criteria: what must improve, what must not regress, what would stop the
|
|
96
|
+
adoption, and what evidence would reverse the recommendation.
|
|
97
|
+
|
|
98
|
+
<!-- mustflow-section: preconditions -->
|
|
99
|
+
## Preconditions
|
|
100
|
+
|
|
101
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
|
|
102
|
+
current scope.
|
|
103
|
+
- External AI output, blog posts, vendor marketing, popularity signals, benchmark claims, and
|
|
104
|
+
famous-company usage are evidence candidates only, not authority.
|
|
105
|
+
- Current external facts such as versions, prices, license terms, platform limits, and release
|
|
106
|
+
status are refreshed through an authorized source path or marked as unverified when they affect
|
|
107
|
+
the decision.
|
|
108
|
+
- The status quo and a boring default are included unless the user explicitly fixed the option set.
|
|
109
|
+
- A narrower implementation skill will be selected before editing implementation files.
|
|
110
|
+
|
|
111
|
+
<!-- mustflow-section: allowed-edits -->
|
|
112
|
+
## Allowed Edits
|
|
113
|
+
|
|
114
|
+
- Create or update technology decision records, architecture notes, migration plans, rollback
|
|
115
|
+
plans, runbook notes, route metadata, skill procedures, template metadata, tests, and docs that
|
|
116
|
+
directly support the stack decision.
|
|
117
|
+
- Add only the smallest reversible implementation scaffold when the user requests implementation
|
|
118
|
+
and the decision has passed this skill's gates.
|
|
119
|
+
- Do not install dependencies, run package managers, start services, run benchmarks, perform
|
|
120
|
+
migrations, deploy, open vendor dashboards, or change cloud resources unless the repository
|
|
121
|
+
command contract and user request explicitly allow that action.
|
|
122
|
+
- Do not let a score total, popularity, benchmark, developer experience, or novelty override a hard
|
|
123
|
+
rejection gate.
|
|
124
|
+
|
|
125
|
+
<!-- mustflow-section: core-definitions -->
|
|
126
|
+
## Core Definitions
|
|
127
|
+
|
|
128
|
+
`survival_path` means a path where failure can block accounts, money, permissions, durable data,
|
|
129
|
+
deployment, backup, recovery, customer trust, or the maintainer's ability to keep the product alive.
|
|
130
|
+
Typical surfaces include auth, authorization, payment, billing, database, deployment, backup,
|
|
131
|
+
restore, queues, file storage, secrets, customer money, customer data, and operational recovery.
|
|
132
|
+
|
|
133
|
+
`migration_path` means a staged move from the baseline to the candidate while keeping the product or
|
|
134
|
+
workflow usable. It covers code, data, configuration, deployment, tests, cutover, ownership, and the
|
|
135
|
+
middle state. A big-bang rewrite is not a migration path.
|
|
136
|
+
|
|
137
|
+
`rollback_path` means a rehearsable return to the previous stable state or a safe degraded state. It
|
|
138
|
+
covers data compatibility, schema compatibility, feature flags, routing, backups, cutover timing,
|
|
139
|
+
customer impact, and the point after which rollback becomes unsafe. Backup alone is not rollback.
|
|
140
|
+
|
|
141
|
+
`ecosystem_maturity` means the candidate and its surrounding tools can survive ordinary production
|
|
142
|
+
use: docs, changelogs, migration guides, security response, integrations, testing tools, debugging
|
|
143
|
+
tools, production failure knowledge, release cadence, and available operators.
|
|
144
|
+
|
|
145
|
+
`maintainer_risk` means the risk that the candidate becomes abandoned, unsupported, vendor-captured,
|
|
146
|
+
relicensed, incompatibly changed, underfunded, or dependent on too few people.
|
|
147
|
+
|
|
148
|
+
`debugging_surface` means the layers and opaque states a maintainer must inspect during failure:
|
|
149
|
+
generated code, runtime magic, plugins, hidden cache, async queues, network boundaries, vendor
|
|
150
|
+
dashboards, local reproducibility, logs, traces, metrics, error codes, and request correlation.
|
|
151
|
+
|
|
152
|
+
<!-- mustflow-section: hard-rejection-criteria -->
|
|
153
|
+
## Hard Rejection Criteria
|
|
154
|
+
|
|
155
|
+
Reject a candidate for `production_core` or `irreversible_core` when any condition is true:
|
|
156
|
+
|
|
157
|
+
- No staged migration path exists.
|
|
158
|
+
- The only migration path is a big-bang rewrite.
|
|
159
|
+
- Rollback depends on luck, manual data surgery, unbounded downtime, or customer-visible data loss.
|
|
160
|
+
- The candidate writes persistent data, events, files, auth state, money records, permission
|
|
161
|
+
records, cache keys, or public API contracts that the previous system cannot read or safely ignore.
|
|
162
|
+
- The candidate is beta, experimental, preview-only, unstable, deprecated, or vendor-opaque for a
|
|
163
|
+
customer-facing or core surface.
|
|
164
|
+
- Maintainer risk concentrates on one person, one abandoned project, one unfunded package, or one
|
|
165
|
+
vendor-controlled API without an adapter, fork, export, or replacement plan.
|
|
166
|
+
- The ecosystem lacks current docs, migration guides, security response, basic integrations, or
|
|
167
|
+
searchable operational failure knowledge for the intended use.
|
|
168
|
+
- Debugging crosses opaque generated code, hidden runtime state, async infrastructure, or remote
|
|
169
|
+
vendor behavior without local reproduction, logs, traces, metrics, request IDs, and an error
|
|
170
|
+
taxonomy.
|
|
171
|
+
- The team cannot operate the technology and has no owner, training plan, runbook, or support plan.
|
|
172
|
+
- License, pricing, data retention, region, privacy, compliance, or security constraints conflict
|
|
173
|
+
with the project.
|
|
174
|
+
- The candidate solves taste, novelty, resume value, or aesthetic discomfort rather than a real
|
|
175
|
+
product, operational, security, performance, or maintenance bottleneck.
|
|
176
|
+
- A local reversible problem would become a global architecture commitment.
|
|
177
|
+
|
|
178
|
+
Do not average scores until hard rejection criteria have been applied.
|
|
179
|
+
|
|
180
|
+
<!-- mustflow-section: scoring-rubric -->
|
|
181
|
+
## Scoring Rubric
|
|
182
|
+
|
|
183
|
+
Score each non-rejected candidate from 0 to 5:
|
|
184
|
+
|
|
185
|
+
- `0`: no evidence, impossible, or actively unsafe.
|
|
186
|
+
- `1`: theoretical, undocumented, or dependent on heroic manual work.
|
|
187
|
+
- `2`: possible with high manual cost, fragile assumptions, or large downtime.
|
|
188
|
+
- `3`: usable with known limits, documented mitigation, and acceptable blast radius.
|
|
189
|
+
- `4`: documented, staged, testable, rehearsable, observable, and owned.
|
|
190
|
+
- `5`: boring, standard, widely proven, easy to operate, easy to replace, and compatible with the
|
|
191
|
+
project.
|
|
192
|
+
|
|
193
|
+
Required dimensions:
|
|
194
|
+
|
|
195
|
+
- Migration path
|
|
196
|
+
- Rollback path
|
|
197
|
+
- Ecosystem maturity
|
|
198
|
+
- Maintainer health
|
|
199
|
+
- Debuggability
|
|
200
|
+
- Operating surface and toil
|
|
201
|
+
- Cost predictability
|
|
202
|
+
- Data ownership and export
|
|
203
|
+
- Security and privacy fit
|
|
204
|
+
|
|
205
|
+
For `experiment` or `internal_tool`, scores of 2 or 3 can be acceptable when the candidate is
|
|
206
|
+
isolated, timeboxed, feature-flagged, and easy to remove.
|
|
207
|
+
|
|
208
|
+
For `customer_facing`, require no hard rejection and at least 3 in migration, rollback, ecosystem,
|
|
209
|
+
maintainer health, and debuggability.
|
|
210
|
+
|
|
211
|
+
For `production_core`, require no hard rejection, at least 4 in migration, rollback, debuggability,
|
|
212
|
+
operating surface, and data ownership, and at least 3 in ecosystem and maintainer health.
|
|
213
|
+
|
|
214
|
+
For `irreversible_core`, require no hard rejection, at least 4 in every dimension, a named owner,
|
|
215
|
+
and a rehearsed recovery path.
|
|
216
|
+
|
|
217
|
+
<!-- mustflow-section: procedure -->
|
|
218
|
+
## Procedure
|
|
219
|
+
|
|
220
|
+
1. Define the decision contract: what is being chosen, what is not being chosen, baseline, boring
|
|
221
|
+
default, owner, time horizon, and affected survival paths.
|
|
222
|
+
2. Classify criticality and reversibility. Raise the evidence bar for persistent data, public APIs,
|
|
223
|
+
auth, payment, permission, deployment, backup, restore, and customer workflows.
|
|
224
|
+
3. Build the option set. Include the status quo and boring default. Compare no more than three
|
|
225
|
+
additional candidates unless the user asks for a broader survey.
|
|
226
|
+
4. Build the evidence ledger. Separate facts, inferences, assumptions, and unknowns. Prefer current
|
|
227
|
+
primary evidence over social proof, benchmark marketing, generated advice, or repeated citations.
|
|
228
|
+
5. Evaluate maintainer life. For solo or indie work, prefer the smallest operating surface: one
|
|
229
|
+
understandable app path, managed boring infrastructure, simple CI/CD, automatic backups,
|
|
230
|
+
observable failures, and cheap rollback. Treat maintainer time as a real cost.
|
|
231
|
+
6. Place experimentation at the edge. New or experimental technology belongs in replaceable parts,
|
|
232
|
+
read-only paths, derived-data paths, internal tools, feature-flagged features, analytics, search,
|
|
233
|
+
recommendation, or AI differentiators that can fail without corrupting the source of truth.
|
|
234
|
+
7. Assess migration path for each candidate: source, target, compatibility layer, data conversion,
|
|
235
|
+
dual-run or shadow mode, cutover, validation, owner, blast radius, and stop condition.
|
|
236
|
+
8. Assess rollback path for each candidate: trigger, steps, data preservation, schema compatibility,
|
|
237
|
+
feature flag or routing control, backup and restore limits, customer impact, irreversible cutoff,
|
|
238
|
+
and rehearsal requirement.
|
|
239
|
+
9. Assess ecosystem maturity and maintainer risk: docs, changelog, release cadence, security
|
|
240
|
+
response, issue and PR handling, governance, funding, license stability, support, and exit path.
|
|
241
|
+
10. Assess debugging surface: local reproduction, logs, traces, metrics, request IDs, error codes,
|
|
242
|
+
generated code, runtime magic, caches, queues, network boundaries, vendor dashboards, and blind
|
|
243
|
+
spots.
|
|
244
|
+
11. Assess cost and operating surface: fixed cost, variable cost, CI/CD cost, observability cost,
|
|
245
|
+
backup and restore cost, failure-spike cost, egress, retry storms, log volume, billing meters,
|
|
246
|
+
and monthly maintainer labor.
|
|
247
|
+
12. Apply hard rejection criteria before scoring. Do not rescue a hard-failed candidate with
|
|
248
|
+
popularity, performance, developer experience, or future promises.
|
|
249
|
+
13. Score remaining candidates with one sentence of evidence for each dimension. Avoid invented
|
|
250
|
+
weights unless the user provided a decision model.
|
|
251
|
+
14. Attack the leading candidate. State the strongest reason not to choose it and the smallest
|
|
252
|
+
evidence that would reverse the recommendation.
|
|
253
|
+
15. Choose exactly one decision state: `adopt`, `adopt_with_constraints`, `experiment_first`,
|
|
254
|
+
`defer`, `reject`, or `reject_until_evidence_exists`.
|
|
255
|
+
16. Define the next action. For adoption, specify the smallest safe rollout, guardrails, migration,
|
|
256
|
+
rollback, observability, owner, verification, and stop condition. For experiment, specify the
|
|
257
|
+
question, timebox, success criteria, failure criteria, cleanup path, and decision-reversing
|
|
258
|
+
evidence.
|
|
259
|
+
17. Hand off to implementation only after selecting the narrower implementation skill and carrying
|
|
260
|
+
forward accepted constraints, migration steps, rollback steps, observability, and verification.
|
|
261
|
+
|
|
262
|
+
<!-- mustflow-section: postconditions -->
|
|
263
|
+
## Postconditions
|
|
264
|
+
|
|
265
|
+
- The recommendation is based on survivability, reversibility, debugging, operating cost, and team
|
|
266
|
+
capacity, not novelty.
|
|
267
|
+
- Survival-path choices prefer boring proven technology unless the candidate proves a stronger
|
|
268
|
+
recovery and operating story.
|
|
269
|
+
- Experimental technology is isolated from source-of-truth data, money, permissions, and deployment
|
|
270
|
+
unless the project explicitly accepts the risk and can roll back.
|
|
271
|
+
- Hard rejection criteria are applied before any score comparison.
|
|
272
|
+
- Migration, rollback, observability, owner, and stop conditions are explicit.
|
|
273
|
+
|
|
274
|
+
<!-- mustflow-section: verification -->
|
|
275
|
+
## Verification
|
|
276
|
+
|
|
277
|
+
Use configured oneshot command intents when available:
|
|
278
|
+
|
|
279
|
+
- `changes_status`
|
|
280
|
+
- `changes_diff_summary`
|
|
281
|
+
- `docs_validate_fast`
|
|
282
|
+
- `test_related`
|
|
283
|
+
- `test_release`
|
|
284
|
+
- `mustflow_check`
|
|
285
|
+
|
|
286
|
+
Use `docs_validate_fast` when a decision record, architecture note, skill, template, or mustflow doc
|
|
287
|
+
changes. Use `test_related` or `test_release` when installed template behavior, package output, or
|
|
288
|
+
tests change. Use `mustflow_check` when mustflow-owned skills, routes, indexes, templates, or command
|
|
289
|
+
contracts change.
|
|
290
|
+
|
|
291
|
+
Report missing benchmark, migration, deployment, restore, cloud, vendor, pricing, or observability
|
|
292
|
+
verification instead of inventing raw commands.
|
|
293
|
+
|
|
294
|
+
<!-- mustflow-section: failure-handling -->
|
|
295
|
+
## Failure Handling
|
|
296
|
+
|
|
297
|
+
- If the user provides only a favorite technology and no baseline, compare it with the status quo
|
|
298
|
+
and a boring default.
|
|
299
|
+
- If evidence is missing for a production-core decision, return `reject_until_evidence_exists` or
|
|
300
|
+
`experiment_first`, not `adopt`.
|
|
301
|
+
- If rollback is weak, constrain the candidate to experiment, edge usage, or non-core usage.
|
|
302
|
+
- If a mature candidate creates a large debugging surface, require observability and local
|
|
303
|
+
reproduction before adoption.
|
|
304
|
+
- If maintainer risk is concentrated, require an adapter, fork plan, vendor alternative, or deferral.
|
|
305
|
+
- If cost cannot be estimated across normal, success, and failure-spike scenarios, mark cost
|
|
306
|
+
predictability as unresolved.
|
|
307
|
+
- If every option fails hard constraints, return `defer`, `reject`, or
|
|
308
|
+
`reject_until_evidence_exists` and name what would need to change.
|
|
309
|
+
|
|
310
|
+
<!-- mustflow-section: output-format -->
|
|
311
|
+
## Output Format
|
|
312
|
+
|
|
313
|
+
- Skill selection and overlap decision
|
|
314
|
+
- Decision state: `adopt`, `adopt_with_constraints`, `experiment_first`, `defer`, `reject`, or
|
|
315
|
+
`reject_until_evidence_exists`
|
|
316
|
+
- Decision scope, baseline, boring default, criticality, reversibility class, owner, and time horizon
|
|
317
|
+
- Candidate matrix with hard-gate result, scores, evidence, mitigations, and verdict
|
|
318
|
+
- Survival-path impact and experimental-edge placement
|
|
319
|
+
- Migration path
|
|
320
|
+
- Rollback path
|
|
321
|
+
- Debugging surface
|
|
322
|
+
- Cost and operating-surface notes
|
|
323
|
+
- Hard rejections and exact criteria
|
|
324
|
+
- Guardrails, owner, runbook, observability, security, privacy, and data-export requirements
|
|
325
|
+
- Experiment plan when the decision is `experiment_first`
|
|
326
|
+
- Command intents run
|
|
327
|
+
- Skipped verification and reasons
|
|
328
|
+
- Remaining risk and decision-reversing evidence
|