mustflow 2.112.1 → 2.112.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/command-effects.js +4 -3
- package/package.json +1 -1
- package/templates/default/i18n.toml +3 -3
- package/templates/default/locales/en/.mustflow/skills/completion-evidence-gate/SKILL.md +13 -2
- package/templates/default/locales/en/.mustflow/skills/failure-triage/SKILL.md +24 -7
- package/templates/default/locales/en/.mustflow/skills/release-publish-change/SKILL.md +20 -4
- package/templates/default/manifest.toml +1 -1
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { realpathSync } from 'node:fs';
|
|
1
2
|
import path from 'node:path';
|
|
2
3
|
import { isRecord, readString, readStringArray, } from './config-loading.js';
|
|
3
4
|
import { resolveSafeProjectCwd } from './command-cwd.js';
|
|
@@ -17,9 +18,9 @@ function pathLockKey(relativePath) {
|
|
|
17
18
|
function validateEffectPath(projectRoot, commandContract, intent, rawPath) {
|
|
18
19
|
const cwd = resolveSafeProjectCwd(projectRoot, readEffectiveCommandCwd(commandContract, intent));
|
|
19
20
|
const resolved = path.resolve(cwd, rawPath);
|
|
20
|
-
const
|
|
21
|
-
const relative = path.relative(
|
|
22
|
-
if (relative.startsWith(
|
|
21
|
+
const rootRealPath = realpathSync.native(projectRoot);
|
|
22
|
+
const relative = path.relative(rootRealPath, resolved);
|
|
23
|
+
if (relative === '..' || relative.startsWith(`..${path.sep}`) || path.isAbsolute(relative)) {
|
|
23
24
|
throw new Error(`Command effect path must stay inside the current root: ${rawPath}`);
|
|
24
25
|
}
|
|
25
26
|
return normalizeRelativePath(relative);
|
package/package.json
CHANGED
|
@@ -901,7 +901,7 @@ translations = {}
|
|
|
901
901
|
[documents."skill.completion-evidence-gate"]
|
|
902
902
|
source = "locales/en/.mustflow/skills/completion-evidence-gate/SKILL.md"
|
|
903
903
|
source_locale = "en"
|
|
904
|
-
revision =
|
|
904
|
+
revision = 7
|
|
905
905
|
translations = {}
|
|
906
906
|
|
|
907
907
|
[documents."skill.next-action-menu"]
|
|
@@ -997,7 +997,7 @@ translations = {}
|
|
|
997
997
|
[documents."skill.failure-triage"]
|
|
998
998
|
source = "locales/en/.mustflow/skills/failure-triage/SKILL.md"
|
|
999
999
|
source_locale = "en"
|
|
1000
|
-
revision =
|
|
1000
|
+
revision = 6
|
|
1001
1001
|
translations = {}
|
|
1002
1002
|
|
|
1003
1003
|
[documents."skill.external-prompt-injection-defense"]
|
|
@@ -1146,7 +1146,7 @@ translations = {}
|
|
|
1146
1146
|
[documents."skill.release-publish-change"]
|
|
1147
1147
|
source = "locales/en/.mustflow/skills/release-publish-change/SKILL.md"
|
|
1148
1148
|
source_locale = "en"
|
|
1149
|
-
revision =
|
|
1149
|
+
revision = 2
|
|
1150
1150
|
translations = {}
|
|
1151
1151
|
|
|
1152
1152
|
[documents."skill.security-privacy-review"]
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.completion-evidence-gate
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 7
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: completion-evidence-gate
|
|
9
|
-
description: Apply this skill before a final report or completion claim after non-trivial changed-file work, verification, commit, release readiness, paused implementation, or any report where changed files, skipped checks, concrete next actions, or remaining risks must be tied to repository evidence.
|
|
9
|
+
description: Apply this skill before a final report or completion claim after non-trivial changed-file work, verification, commit, push, release readiness, paused implementation, or any report where changed files, skipped checks, concrete next actions, remote check-suite state, or remaining risks must be tied to repository evidence.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -68,6 +68,9 @@ missing, blocked, failed, stale, or only partially relevant.
|
|
|
68
68
|
- The skills used, main route chosen, and any supporting or event skills activated.
|
|
69
69
|
- Requirement, bug, issue, or external-advice sources that influenced the work.
|
|
70
70
|
- Command intents run, exit status, and whether the evidence came from `mf run` receipts or lower-confidence direct shell output.
|
|
71
|
+
- Remote check-suite evidence when the task includes commit, push, tag, release, deploy, or a
|
|
72
|
+
GitHub/GitLab/CI status claim: ref, commit SHA, workflow names, required checks, failed checks,
|
|
73
|
+
pending checks, skipped checks, and the timestamp or run id of the evidence.
|
|
71
74
|
- Command intents skipped, missing, unknown, manual-only, failed, timed out, or judged not applicable.
|
|
72
75
|
- Optional script-pack discovery evidence when the command contract exposes `script_pack_list`.
|
|
73
76
|
- Synchronized surfaces expected by the changed contract: source, tests, fixtures, schemas, templates, manifests, docs, release metadata, generated output, and localized copies.
|
|
@@ -108,6 +111,9 @@ missing, blocked, failed, stale, or only partially relevant.
|
|
|
108
111
|
4. Check verification quality.
|
|
109
112
|
- Prefer configured `mf run` receipts over direct shell output.
|
|
110
113
|
- Confirm that each command intent was relevant to the changed surface and current diff.
|
|
114
|
+
- For commit, push, tag, release, or deploy claims, classify remote checks separately from
|
|
115
|
+
artifact publication. A successful package registry lookup, GitHub Release, uploaded asset,
|
|
116
|
+
or deployment artifact does not prove branch CI or same-commit checks passed.
|
|
111
117
|
- Treat stale receipts, missing latest receipts, failed intents, timed-out intents, repeated failure fingerprints, write-drift risks, validation-ratchet risks, scope-drift risks, and external-evidence risks as completion limitations.
|
|
112
118
|
- Treat repeated identical observations, duplicate-call guards, failed reads, truncated output,
|
|
113
119
|
and directory listings used as file-content proof as evidence limitations; use
|
|
@@ -148,6 +154,8 @@ missing, blocked, failed, stale, or only partially relevant.
|
|
|
148
154
|
- The final report's completion language matches the evidence actually available.
|
|
149
155
|
- Every user requirement is mapped to proof, a limitation, or an explicit out-of-scope decision.
|
|
150
156
|
- Skipped, missing, failed, stale, or manual-only verification is visible.
|
|
157
|
+
- Push, tag, release, and deploy completion claims name the relevant remote check-suite state, or
|
|
158
|
+
explicitly say that it was not checked.
|
|
151
159
|
- Contract, template, schema, docs, test, and release drift is either resolved or named as remaining risk.
|
|
152
160
|
- For non-trivial final reports, useful follow-up tasks appear through `next-action-menu` whenever
|
|
153
161
|
at least one concrete next action remains, including approval-gated next actions.
|
|
@@ -181,6 +189,8 @@ instead of replacing it with an inferred command.
|
|
|
181
189
|
|
|
182
190
|
- If changed-file evidence is unavailable, stop the completion claim and run or request the configured status intent.
|
|
183
191
|
- If a configured command fails, switch to `failure-triage` for that intent before claiming completion.
|
|
192
|
+
- If a remote check is failing or still pending for the pushed ref, do not report the work as fully
|
|
193
|
+
green even when publication, artifact upload, or installation verification succeeded.
|
|
184
194
|
- If a required surface is missing, either synchronize it under the matching skill or report the remaining drift.
|
|
185
195
|
- If evidence is stale or comes from a different diff, treat the task as unverified until current evidence exists.
|
|
186
196
|
- If evidence stalls behind repeated reads, searches, or duplicate-call warnings, use
|
|
@@ -196,6 +206,7 @@ instead of replacing it with an inferred command.
|
|
|
196
206
|
- Changed surfaces
|
|
197
207
|
- Synchronized surfaces and deferred surfaces
|
|
198
208
|
- Command intents run
|
|
209
|
+
- Remote check-suite state for pushed refs, tags, releases, or deploys
|
|
199
210
|
- Skipped, missing, failed, stale, or manual-only checks
|
|
200
211
|
- Lower-confidence evidence, if any
|
|
201
212
|
- Stalled or repeated observations, if any
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.failure-triage
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 6
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: failure-triage
|
|
@@ -28,6 +28,8 @@ Identify the most probable root cause of a failed command or verification step b
|
|
|
28
28
|
|
|
29
29
|
- A configured command intent returns a non-zero exit code.
|
|
30
30
|
- Validation, build, test, or documentation checks fail.
|
|
31
|
+
- A local release or publish path succeeded, but a remote CI job, check suite, or platform-specific
|
|
32
|
+
runner still shows a failure for the pushed branch, tag, or commit.
|
|
31
33
|
- The root cause of the failure is not yet apparent.
|
|
32
34
|
- A test or build failure may have been caused by an overlapping run, orphaned process, stale lock, or deleted build output.
|
|
33
35
|
- Several failures appear together and the first root cause needs to be separated from follow-on noise.
|
|
@@ -45,6 +47,8 @@ Identify the most probable root cause of a failed command or verification step b
|
|
|
45
47
|
- Original command intent
|
|
46
48
|
- Exit code
|
|
47
49
|
- Truncated stdout and stderr output
|
|
50
|
+
- Remote run context when applicable: branch, tag, commit SHA, job name, runner OS, matrix entry,
|
|
51
|
+
and whether the failure belongs to a push, pull request, tag, release, or scheduled run
|
|
48
52
|
- Recently modified files
|
|
49
53
|
- Relevant command contract entry
|
|
50
54
|
- Active or recently active build/test/profile processes when the failure mentions missing compiled files, stale output, port/resource conflicts, or unexpected file deletion
|
|
@@ -74,17 +78,27 @@ Identify the most probable root cause of a failed command or verification step b
|
|
|
74
78
|
- `documentation`: docs navigation, frontmatter, generated content, or localized metadata drifted.
|
|
75
79
|
- `environment`: missing tool, platform difference, path, permission, lock, stale build output, or orphaned process.
|
|
76
80
|
- `tool_runner`: the verification runner, scheduler, cache, or build wrapper failed independently from the code under test.
|
|
77
|
-
4.
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
+
4. For remote CI failures, record the failing ref, commit, job name, runner OS, and matrix before
|
|
82
|
+
editing. Compare that runner to local verification instead of assuming local success covers the
|
|
83
|
+
remote job.
|
|
84
|
+
5. Treat Windows-only, path-only, or runner-only failures as real until proven otherwise. If the
|
|
85
|
+
error mentions `inside the current root`, `.mustflow/cache/**`, `.mustflow/review/docs.toml`,
|
|
86
|
+
symlinks, junctions, realpaths, drive-letter casing, path separators, or root containment, inspect
|
|
87
|
+
path normalization and containment helpers first. Add or update a regression test that models the
|
|
88
|
+
platform/root-alias behavior instead of weakening containment checks.
|
|
89
|
+
6. If several failures appear, triage in this order: environment and overlapping processes, build or generated output, configuration/schema drift, fixture setup, then behavior logic.
|
|
90
|
+
7. For failures involving `dist/`, generated output, temporary files, ports, databases, or abrupt test termination, check whether another build/test/profile process for the same repository is still running.
|
|
91
|
+
8. If an orphaned or overlapping process is found, stop or wait for it before changing source files, then rerun the narrowest failing intent to confirm the failure is reproducible.
|
|
92
|
+
9. Pick one rerun target:
|
|
81
93
|
- the original failing intent when it is narrow enough;
|
|
82
94
|
- `test_related` when changed files map to a focused suite;
|
|
83
95
|
- `docs_validate_fast` for docs navigation or content-only failures;
|
|
84
96
|
- `test_release` for package, template, schema, or release metadata drift;
|
|
85
97
|
- `mustflow_check` for workflow, skill, command-contract, or manifest-lock failures.
|
|
86
|
-
|
|
87
|
-
|
|
98
|
+
10. Examine the most relevant files.
|
|
99
|
+
11. Develop a single hypothesis and verify it using the most targeted configured intent. When the
|
|
100
|
+
failure came from remote CI, also confirm the replacement run or check suite for the affected
|
|
101
|
+
ref before reporting that the remote failure is fixed.
|
|
88
102
|
|
|
89
103
|
<!-- mustflow-section: postconditions -->
|
|
90
104
|
## Postconditions
|
|
@@ -105,6 +119,9 @@ intent that isolates the same failure area.
|
|
|
105
119
|
- If the failure is due to missing tools, report the missing tool and the command that revealed the issue.
|
|
106
120
|
- If the failure was caused by an orphaned or overlapping process, report that the original run was invalid and add or use a guard that prevents the same overlap before taking new measurements.
|
|
107
121
|
- If rerunning the same intent produces a different failure without code changes, classify the issue as flaky or environmental and avoid weakening assertions until the unstable dependency is identified.
|
|
122
|
+
- If publication, release creation, or artifact upload succeeded while another check on the same
|
|
123
|
+
pushed commit failed, report those as separate states and triage the failed check before using
|
|
124
|
+
all-clear language.
|
|
108
125
|
- If sensitive data appears in the output, cease copying raw output and summarize the information safely.
|
|
109
126
|
|
|
110
127
|
<!-- mustflow-section: output-format -->
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.release-publish-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: release-publish-change
|
|
@@ -31,7 +31,7 @@ metadata:
|
|
|
31
31
|
|
|
32
32
|
Keep release work honest by treating a release as a remote state transition, not as a local code edit.
|
|
33
33
|
|
|
34
|
-
The release is not done when tests pass locally, a version string changes, or a workflow succeeds. It is done only when the intended remote channel contains the expected artifact and a user-facing installation or update path has been smoke-tested through configured command intents or explicitly reported as unverified.
|
|
34
|
+
The release is not done when tests pass locally, a version string changes, or a workflow succeeds. It is done only when the intended remote channel contains the expected artifact and a user-facing installation or update path has been smoke-tested through configured command intents or explicitly reported as unverified. Release publication success and branch or tag check-suite health are separate evidence surfaces.
|
|
35
35
|
|
|
36
36
|
<!-- mustflow-section: use-when -->
|
|
37
37
|
## Use When
|
|
@@ -56,6 +56,9 @@ The release is not done when tests pass locally, a version string changes, or a
|
|
|
56
56
|
- Public contract source for versioning: package metadata, manifest, lock or generated metadata, changelog, release workflow, tag policy, and SemVer or project-specific compatibility rules.
|
|
57
57
|
- Artifact source and inspection method: package file list, archive contents, generated distributions, checksums, signatures, SBOM, provenance, installer contents, image digest, updater metadata, or release asset manifest.
|
|
58
58
|
- Remote publication surface: registry, Git tag, GitHub Release, Docker registry, tap, updater feed, appcast, CDN, package index, or store.
|
|
59
|
+
- Remote check surface: pushed branch, tag, commit SHA, workflow run, required checks, matrix jobs,
|
|
60
|
+
and whether each belongs to publication, branch CI, tag CI, release asset generation, or another
|
|
61
|
+
independent verification path.
|
|
59
62
|
- Recovery model: unpublish, yank, deprecate, republish with new version, move channel pointer, revoke asset, restore from backup, or forward fix.
|
|
60
63
|
- Configured command intents for build, package inspection, release verification, docs validation, and user installation or updater smoke test. If no such intent exists, report the missing intent instead of inventing a raw command.
|
|
61
64
|
|
|
@@ -112,12 +115,19 @@ The release is not done when tests pass locally, a version string changes, or a
|
|
|
112
115
|
- Check the registry, tag, release page, asset download, digest, updater feed, tap, or package index that users actually consume.
|
|
113
116
|
- Then run the configured user installation, pull, download, or updater smoke intent.
|
|
114
117
|
- If remote publication was not authorized or not performed, report the release as prepared but not published.
|
|
115
|
-
15.
|
|
118
|
+
15. Verify check-suite state separately from publication state.
|
|
119
|
+
- Identify which workflow runs belong to the pushed branch, release tag, and publication event.
|
|
120
|
+
- Do not treat npm registry visibility, package installability, or GitHub Release creation as
|
|
121
|
+
proof that push checks, branch protection, or platform matrix jobs are green.
|
|
122
|
+
- If a publication workflow succeeds while a branch, tag, or same-commit check fails or remains
|
|
123
|
+
in progress, report `published` and `checks failing` or `checks pending` as separate states.
|
|
124
|
+
- Route any failing check through `failure-triage` before reporting an all-clear.
|
|
125
|
+
16. Report immutable or hard-to-recover mistakes honestly.
|
|
116
126
|
- Bad package version: usually deprecate, yank, or release a new version.
|
|
117
127
|
- Bad Go module tag: do not assume moving the tag fixes proxy/cache consumers.
|
|
118
128
|
- Bad Docker tag: distinguish moved tag from old digest still being referenced.
|
|
119
129
|
- Bad updater metadata: treat as a live channel incident if clients may already have seen it.
|
|
120
|
-
|
|
130
|
+
17. Never call a release complete from local tests alone. The completion evidence must name the remote channel, the user installation or update path, and the current relevant check-suite state, or explicitly say which post-publish verification was skipped.
|
|
121
131
|
|
|
122
132
|
<!-- mustflow-section: postconditions -->
|
|
123
133
|
## Postconditions
|
|
@@ -125,6 +135,8 @@ The release is not done when tests pass locally, a version string changes, or a
|
|
|
125
135
|
- Version bump, release notes, package metadata, manifests, artifacts, workflows, tests, and docs agree.
|
|
126
136
|
- The artifact contents have been inspected through configured evidence, not inferred from the source tree.
|
|
127
137
|
- Remote publication status is classified as not started, prepared, published, verified, failed, yanked, deprecated, superseded, or unknown.
|
|
138
|
+
- Branch, tag, and publication workflow checks are classified separately as green, failing, pending,
|
|
139
|
+
skipped, not applicable, or unknown.
|
|
128
140
|
- User installation, pull, download, or updater smoke test status is known or explicitly reported as skipped.
|
|
129
141
|
- Recovery plan matches the channel's actual permanence and rules.
|
|
130
142
|
|
|
@@ -153,6 +165,9 @@ Do not infer package manager, registry, Docker, Git, Homebrew, or updater comman
|
|
|
153
165
|
- If the artifact contents differ from the intended release, stop release claims and fix the source, generated output, or packaging configuration before publication.
|
|
154
166
|
- If the remote registry already contains the version, do not assume overwrite is possible. Report the channel-specific recovery path.
|
|
155
167
|
- If publication succeeds but install smoke fails, treat the release as published but not verified and recommend channel-appropriate mitigation.
|
|
168
|
+
- If publication succeeds but branch, tag, or same-commit checks fail, treat the release as
|
|
169
|
+
published but not all-clear. Do not hide the red check behind successful registry or GitHub
|
|
170
|
+
Release evidence.
|
|
156
171
|
- If a tag, asset, digest, checksum, signature, updater feed, or release body is missing, do not collapse the issue into "workflow failed"; name the missing remote surface.
|
|
157
172
|
- If release evidence comes only from CI logs, report that no independent user-path smoke test was completed unless the configured CI explicitly performs that path.
|
|
158
173
|
- If unpublish, yank, tag movement, channel rollback, or asset deletion is proposed, check host and repository authorization first and report the permanence risk.
|
|
@@ -164,6 +179,7 @@ Do not infer package manager, registry, Docker, Git, Homebrew, or updater comman
|
|
|
164
179
|
- Public API and version bump classification
|
|
165
180
|
- Artifact contents inspected
|
|
166
181
|
- Remote publication state
|
|
182
|
+
- Branch, tag, and publication check-suite state
|
|
167
183
|
- User installation, download, pull, or updater smoke path result
|
|
168
184
|
- Synchronized version, docs, manifest, workflow, and test surfaces
|
|
169
185
|
- Recovery or rollback classification
|