mustflow 2.18.7 → 2.18.21

package/dist/cli/lib/local-index/index.js

@@ -5,6 +5,7 @@ import { isRecord, readCommandContract, readString, readStringArray } from '../c
 import { listFilesRecursive, toPosixPath } from '../filesystem.js';
 import { readTomlFile } from '../toml.js';
 import { collectSourceAnchorIndexRecords, hasHighRiskSourceAnchorRiskTags, } from '../../../core/source-anchor-status.js';
+import { listSourceAnchorFiles } from '../../../core/source-anchors.js';
 import { normalizeCommandEffects } from '../../../core/command-effects.js';
 import { listChangeClassificationRuleDescriptors } from '../../../core/change-classification.js';
 import { DEFAULT_DATABASE_RELATIVE_PATH, DEFAULT_PROMPT_CACHE_STABLE_READ, DEFAULT_PROMPT_CACHE_TASK_SOURCES, DEFAULT_PROMPT_CACHE_VOLATILE_SOURCES, INDEX_CONFIG_RELATIVE_PATH, LOCAL_INDEX_CONTENT_MODE, LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS, LOCAL_INDEX_PARSER_VERSION, LOCAL_INDEX_SCHEMA_VERSION, LOCAL_INDEX_STORE_FULL_CONTENT, LATEST_RUN_STATE_RELATIVE_PATH, MAX_SEARCH_MATCH_SNIPPET_CHARS, MAX_SNIPPET_BYTES_PER_DOCUMENT, MUSTFLOW_RELATIVE_PATH, SEARCH_BACKEND_FTS5, SEARCH_BACKEND_TABLE_SCAN, SEARCH_MATCH_CONTEXT_AFTER_CHARS, SEARCH_MATCH_CONTEXT_BEFORE_CHARS, SEARCH_MATCH_TRUNCATION_MARKER, SEARCH_NGRAM_MAX_GRAMS_PER_TARGET, SEARCH_NGRAM_MAX_LENGTH, SEARCH_NGRAM_MAX_TOKEN_CHARS, SEARCH_NGRAM_MIN_LENGTH, SOURCE_INDEX_MAX_FILE_BYTES, TEST_DISABLE_FTS5_ENV, } from './constants.js';
@@ -308,12 +309,13 @@ function readIndexedFileMetadataRecord(projectRoot, relativePath, sourceScope) {
         mtimeMs: Math.round(stats.mtimeMs),
     };
 }
-function collectIndexedFileRecords(projectRoot, documents, sourceAnchors) {
+function collectIndexedFileRecords(projectRoot, documents, sourceAnchors, sourceAnchorCandidatePaths = []) {
     const records = new Map();
     for (const document of documents) {
         records.set(document.path, readIndexedFileRecord(projectRoot, document.path, 'workflow', document.contentHash));
     }
-    for (const anchorPath of [...new Set(sourceAnchors.map((anchor) => anchor.path))].sort((left, right) => left.localeCompare(right))) {
+    const sourcePaths = new Set([...sourceAnchorCandidatePaths, ...sourceAnchors.map((anchor) => anchor.path)]);
+    for (const anchorPath of [...sourcePaths].sort((left, right) => left.localeCompare(right))) {
         if (!records.has(anchorPath)) {
             records.set(anchorPath, readIndexedFileRecord(projectRoot, anchorPath, 'source_anchor'));
         }
@@ -323,15 +325,33 @@ function collectIndexedFileRecords(projectRoot, documents, sourceAnchors) {
     }
     return [...records.values()].sort((left, right) => left.path.localeCompare(right.path));
 }
-function collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource) {
+function collectSourceAnchorCandidatePaths(projectRoot, sourceConfig) {
+    return listSourceAnchorFiles(projectRoot, {
+        ...sourceConfig,
+        excludeGeneratedOrVendor: true,
+    });
+}
+function collectFastPreflightIndexedFileRecords(projectRoot, includeSource, sourceConfig) {
+    const records = new Map();
+    for (const relativePath of getExistingIndexablePaths(projectRoot)) {
+        records.set(relativePath, readIndexedFileRecord(projectRoot, relativePath, 'workflow'));
+    }
     if (includeSource) {
-        return null;
+        try {
+            for (const sourcePath of collectSourceAnchorCandidatePaths(projectRoot, sourceConfig)) {
+                if (!records.has(sourcePath)) {
+                    records.set(sourcePath, readIndexedFileRecord(projectRoot, sourcePath, 'source_anchor'));
+                }
+            }
+        }
+        catch {
+            return null;
+        }
     }
-    const records = getExistingIndexablePaths(projectRoot).map((relativePath) => readIndexedFileMetadataRecord(projectRoot, relativePath, 'workflow'));
     if (existsSync(path.join(projectRoot, ...LATEST_RUN_STATE_RELATIVE_PATH.split('/')))) {
-        records.push(readIndexedFileMetadataRecord(projectRoot, LATEST_RUN_STATE_RELATIVE_PATH, 'state'));
+        records.set(LATEST_RUN_STATE_RELATIVE_PATH, readIndexedFileRecord(projectRoot, LATEST_RUN_STATE_RELATIVE_PATH, 'state'));
     }
-    return records.sort((left, right) => left.path.localeCompare(right.path));
+    return [...records.values()].sort((left, right) => left.path.localeCompare(right.path));
 }
 function normalizeSearchText(value) {
     return value.trim().replace(/\s+/g, ' ');
@@ -2033,27 +2053,6 @@ function createStoredLocalIndexResult(projectRoot, databasePath, dryRun, indexMo
         indexed_paths: readStoredIndexedPaths(database),
     };
 }
-function indexedFileMetadataMatch(database, currentFiles) {
-    const rows = queryRows(database, 'SELECT path, source_scope, size_bytes, mtime_ms, parser_version FROM indexed_files ORDER BY path');
-    if (rows.length !== currentFiles.length) {
-        return false;
-    }
-    const currentByPath = new Map(currentFiles.map((file) => [file.path, file]));
-    for (const row of rows) {
-        const storedPath = toSearchString(row.path);
-        const current = currentByPath.get(storedPath);
-        if (!current) {
-            return false;
-        }
-        if (normalizeIndexedFileSourceScope(row.source_scope) !== current.sourceScope ||
-            row.size_bytes !== current.sizeBytes ||
-            row.mtime_ms !== current.mtimeMs ||
-            toSearchString(row.parser_version) !== LOCAL_INDEX_PARSER_VERSION) {
-            return false;
-        }
-    }
-    return true;
-}
 function indexedFilesMatch(database, currentFiles) {
     const rows = queryRows(database, 'SELECT path, source_scope, content_hash, parser_version FROM indexed_files ORDER BY path');
     if (rows.length !== currentFiles.length) {
@@ -2096,7 +2095,7 @@ async function readIncrementalPreflightReuse(SQL, databasePath, projectRoot, cur
         if (!hasTable(database, 'indexed_files')) {
             return { result: null, rebuildReason: 'indexed_files_missing' };
         }
-        if (!indexedFileMetadataMatch(database, currentFiles)) {
+        if (!indexedFilesMatch(database, currentFiles)) {
             return { result: null, rebuildReason: 'file_fingerprint_mismatch' };
         }
         const capabilities = readStoredSearchCapabilities(database);
@@ -2170,7 +2169,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
     capabilities = detectLocalSearchCapabilities(capabilityDatabase);
     capabilityDatabase.close();
     if (incremental) {
-        const preflightFiles = collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource);
+        const preflightFiles = collectFastPreflightIndexedFileRecords(projectRoot, includeSource, sourceConfig);
         const preflightReuse = await readIncrementalPreflightReuse(SQL, databasePath, projectRoot, preflightFiles, sourceScopeHash, dryRun, indexMode);
         if (preflightReuse.result) {
             return preflightReuse.result;
@@ -2184,6 +2183,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
     const previousSourceAnchors = includeSource
         ? await readPreviousSourceAnchorSnapshots(databasePath).catch(() => [])
         : [];
+    const sourceAnchorCandidatePaths = includeSource ? collectSourceAnchorCandidatePaths(projectRoot, sourceConfig) : [];
     const sourceAnchors = includeSource
         ? collectSourceAnchorIndexRecords(projectRoot, previousSourceAnchors, {
             ...sourceConfig,
@@ -2191,7 +2191,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
         })
         : [];
     const verificationEvidence = createVerificationEvidenceIndex(projectRoot);
-    const indexedFiles = collectIndexedFileRecords(projectRoot, documents, sourceAnchors);
+    const indexedFiles = collectIndexedFileRecords(projectRoot, documents, sourceAnchors, sourceAnchorCandidatePaths);
     if (incremental) {
         const reuseDecision = await readIncrementalReuseDecision(SQL, databasePath, indexedFiles, sourceScopeHash);
         reusedExisting = reuseDecision.reusable;

package/dist/cli/lib/manifest-lock.js

@@ -1,8 +1,8 @@
 import { createHash } from 'node:crypto';
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
-import { ensureInside } from './filesystem.js';
-import { readTomlFile, stringifyToml } from './toml.js';
+import { ensureFileTargetInsideWithoutSymlinks, ensureInside, readFileInsideWithoutSymlinks, readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from './filesystem.js';
+import { parseTomlText, stringifyToml } from './toml.js';
 export const MANIFEST_LOCK_RELATIVE_PATH = '.mustflow/config/manifest.lock.toml';
 function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
@@ -48,20 +48,31 @@ function parseManifestLock(raw) {
     };
 }
 export function sha256File(filePath) {
-    return `sha256:${createHash('sha256').update(readFileSync(filePath)).digest('hex')}`;
+    return `sha256:${createHash('sha256')
+        .update(readFileInsideWithoutSymlinks(path.dirname(filePath), filePath))
+        .digest('hex')}`;
+}
+function sha256ProjectFile(projectRoot, filePath) {
+    return `sha256:${createHash('sha256').update(readFileInsideWithoutSymlinks(projectRoot, filePath)).digest('hex')}`;
+}
+export function ensureManifestLockTargetSafe(projectRoot) {
+    const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
+    ensureInside(projectRoot, lockPath);
+    ensureFileTargetInsideWithoutSymlinks(projectRoot, lockPath, { allowMissingLeaf: true });
+    return existsSync(lockPath);
 }
 export function markManifestLockFileCustomized(projectRoot, relativePath) {
     const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
     const filePath = path.join(projectRoot, relativePath);
-    ensureInside(projectRoot, lockPath);
     ensureInside(projectRoot, filePath);
-    if (!existsSync(lockPath)) {
+    if (!ensureManifestLockTargetSafe(projectRoot)) {
         return false;
     }
+    ensureFileTargetInsideWithoutSymlinks(projectRoot, filePath, { allowMissingLeaf: true });
     if (!existsSync(filePath)) {
         throw new Error(`Cannot refresh manifest lock for missing file: ${relativePath}`);
     }
-    const parsed = readTomlFile(lockPath);
+    const parsed = parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, lockPath));
     if (!isRecord(parsed)) {
         throw new Error(`Invalid manifest lock: ${MANIFEST_LOCK_RELATIVE_PATH} must contain a TOML table`);
     }
@@ -71,20 +82,27 @@ export function markManifestLockFileCustomized(projectRoot, relativePath) {
     filesTable[relativePath] = {
         source: typeof existingTable.source === 'string' ? existingTable.source : 'template_common',
         last_action: 'customized',
-        content_hash: sha256File(filePath),
+        content_hash: sha256ProjectFile(projectRoot, filePath),
     };
     parsed.files = filesTable;
-    writeFileSync(lockPath, stringifyToml(parsed));
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, lockPath, stringifyToml(parsed));
     return true;
 }
 export function readManifestLock(projectRoot) {
     const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
-    ensureInside(projectRoot, lockPath);
+    try {
+        ensureInside(projectRoot, lockPath);
+        ensureFileTargetInsideWithoutSymlinks(projectRoot, lockPath, { allowMissingLeaf: true });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return { kind: 'invalid', lockPath, message };
+    }
     if (!existsSync(lockPath)) {
         return { kind: 'missing', lockPath };
     }
     try {
-        return { kind: 'present', lockPath, lock: parseManifestLock(readTomlFile(lockPath)) };
+        return { kind: 'present', lockPath, lock: parseManifestLock(parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, lockPath))) };
     }
     catch (error) {
         const message = error instanceof Error ? error.message : String(error);
@@ -121,7 +139,15 @@ export function inspectManifestLock(projectRoot) {
             issues.push(`Locked file missing: ${lockedFile.relativePath}`);
             continue;
         }
-        const actualHash = sha256File(filePath);
+        let actualHash;
+        try {
+            actualHash = sha256ProjectFile(projectRoot, filePath);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            issues.push(`Locked file cannot be read safely: ${lockedFile.relativePath}: ${message}`);
+            continue;
+        }
         if (actualHash !== lockedFile.contentHash) {
             changedFiles.push(lockedFile.relativePath);
             issues.push(`Lock hash mismatch: ${lockedFile.relativePath}`);

package/dist/core/change-classification.js

@@ -46,14 +46,36 @@ function uniqueSorted(values) {
     return [...new Set(values)].sort((left, right) => left.localeCompare(right));
 }
 function toPosixPath(value) {
-    return value.trim().replaceAll('\\', '/');
+    return value.replaceAll('\\', '/');
 }
 export function normalizeStatusPath(value) {
-    const pathText = toPosixPath(value);
+    const pathText = toPosixPath(value.trim());
     const renameTarget = pathText.includes(' -> ') ? (pathText.split(' -> ').pop() ?? pathText) : pathText;
     return renameTarget.replace(/^"|"$/gu, '');
 }
+function normalizePorcelainStatusPath(value) {
+    return toPosixPath(value);
+}
+function parseGitPorcelainStatusOutput(output) {
+    const paths = [];
+    const parts = output.split('\0').filter((part) => part.length > 0);
+    for (let index = 0; index < parts.length; index += 1) {
+        const entry = parts[index] ?? '';
+        const status = entry.slice(0, 2);
+        const filePath = normalizePorcelainStatusPath(entry.slice(3));
+        if (filePath.length > 0) {
+            paths.push(filePath);
+        }
+        if (status.includes('R') || status.includes('C')) {
+            index += 1;
+        }
+    }
+    return uniqueSorted(paths);
+}
 export function parseGitStatusOutput(output) {
+    if (output.includes('\0')) {
+        return parseGitPorcelainStatusOutput(output);
+    }
     const paths = output
         .split(/\r?\n/u)
         .map((line) => line.slice(3))

package/dist/core/command-classification.js

@@ -1,20 +1,4 @@
 const MUSTFLOW_BIN_NAMES = new Set(['mf', 'mustflow']);
-const IN_PROCESS_MUSTFLOW_BUILTIN_COMMANDS = new Set([
-    'check',
-    'classify',
-    'context',
-    'doctor',
-    'help',
-    'impact',
-    'line-endings',
-    'map',
-    'status',
-    'update',
-    'version-sources',
-]);
 export function isMustflowBinName(command) {
     return MUSTFLOW_BIN_NAMES.has(command.toLowerCase());
 }
-export function canRunMustflowBuiltinInProcess(command) {
-    return command !== undefined && IN_PROCESS_MUSTFLOW_BUILTIN_COMMANDS.has(command);
-}

package/dist/core/command-contract-rules.js

@@ -14,6 +14,7 @@ const INTERPRETER_EVALUATION_FLAGS = new Map([
 const PACKAGE_SCRIPT_RUNNERS = new Set(['bun', 'npm', 'pnpm', 'yarn']);
 const LONG_RUNNING_PACKAGE_SCRIPTS = new Set(['dev', 'start', 'serve', 'watch', 'preview']);
 const LONG_RUNNING_EXECUTABLES = new Set(['nodemon', 'pm2', 'serve', 'http-server', 'live-server', 'webpack-dev-server']);
+const ATTACHED_EVALUATION_FLAGS = new Set(['-command', '-commandwithargs']);
 export const BACKGROUND_SHELL_PATTERNS = [
     /(?:^|[^&])&(?!&)\s*$/u,
     /\bnohup\b/iu,
@@ -48,10 +49,23 @@ export function shellCommandHasBlockedBackgroundPattern(command) {
 function normalizeExecutableName(value) {
     return path.basename(value).replace(/\.(?:cmd|exe|ps1)$/iu, '').toLowerCase();
 }
+function flagAllowsAttachedPayload(flag) {
+    return (flag.startsWith('-') && !flag.startsWith('--') && flag.length === 2) || flag === '/c' || ATTACHED_EVALUATION_FLAGS.has(flag);
+}
 function findFlagPayload(argv, flags) {
-    for (let index = 1; index < argv.length - 1; index += 1) {
-        if (flags.has(argv[index].toLowerCase())) {
-            return argv[index + 1];
+    for (let index = 1; index < argv.length; index += 1) {
+        const argument = argv[index] ?? '';
+        const normalizedArgument = argument.toLowerCase();
+        if (flags.has(normalizedArgument)) {
+            return argv[index + 1] ?? null;
+        }
+        for (const flag of flags) {
+            if (normalizedArgument.startsWith(`${flag}=`)) {
+                return argument.slice(flag.length + 1);
+            }
+            if (flagAllowsAttachedPayload(flag) && normalizedArgument.startsWith(flag) && argument.length > flag.length) {
+                return argument.slice(flag.length);
+            }
         }
     }
     return null;
@@ -111,6 +125,12 @@ export function commandIntentBlockedCommandPattern(intent) {
             detail: 'Shell command contains a blocked long-running or background pattern.',
         };
     }
+    if (intent.mode === 'shell' && typeof intent.cmd === 'string' && commandTextHasLongRunningPattern(intent.cmd)) {
+        return {
+            code: 'long_running_command_pattern',
+            detail: `Shell command contains a blocked long-running pattern: ${intent.cmd}.`,
+        };
+    }
     const argv = readStringArray(intent, 'argv');
     if (!argv) {
         return null;

package/dist/core/run-write-drift.js

@@ -130,6 +130,10 @@ function listObservedChangedPaths(before, after) {
 function declaredPathCoversObservedPath(declaredPath, observedPath) {
     const declaredKey = pathKey(declaredPath);
     const observedKey = pathKey(observedPath);
+    if (declaredKey.endsWith('/**')) {
+        const baseKey = declaredKey.slice(0, -3) || '.';
+        return baseKey === '.' || observedKey === baseKey || observedKey.startsWith(`${baseKey}/`);
+    }
     return declaredKey === '.' || observedKey === declaredKey || observedKey.startsWith(`${declaredKey}/`);
 }
 function truncatePaths(paths) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mustflow",
-  "version": "2.18.7",
+  "version": "2.18.21",
   "description": "Agent workflow documents and CLI for mustflow repository roots.",
   "type": "module",
   "license": "MIT-0",

package/templates/default/i18n.toml

@@ -56,7 +56,7 @@ translations = {}
 [documents."skills.index"]
 source = "locales/en/.mustflow/skills/INDEX.md"
 source_locale = "en"
-revision = 55
+revision = 60
 translations = {}
 
 [documents."skill.adapter-boundary"]
@@ -116,7 +116,7 @@ translations = {}
 [documents."skill.dependency-reality-check"]
 source = "locales/en/.mustflow/skills/dependency-reality-check/SKILL.md"
 source_locale = "en"
-revision = 1
+revision = 3
 translations = {}
 
 [documents."skill.line-ending-hygiene"]
@@ -137,6 +137,12 @@ source_locale = "en"
 revision = 1
 translations = {}
 
+[documents."skill.cli-output-contract-review"]
+source = "locales/en/.mustflow/skills/cli-output-contract-review/SKILL.md"
+source_locale = "en"
+revision = 3
+translations = {}
+
 [documents."skill.composition-over-inheritance"]
 source = "locales/en/.mustflow/skills/composition-over-inheritance/SKILL.md"
 source_locale = "en"
@@ -149,6 +155,18 @@ source_locale = "en"
 revision = 4
 translations = {}
 
+[documents."skill.command-contract-authoring"]
+source = "locales/en/.mustflow/skills/command-contract-authoring/SKILL.md"
+source_locale = "en"
+revision = 1
+translations = {}
+
+[documents."skill.cross-platform-filesystem-safety"]
+source = "locales/en/.mustflow/skills/cross-platform-filesystem-safety/SKILL.md"
+source_locale = "en"
+revision = 3
+translations = {}
+
 [documents."skill.pure-core-imperative-shell"]
 source = "locales/en/.mustflow/skills/pure-core-imperative-shell/SKILL.md"
 source_locale = "en"
@@ -182,7 +200,7 @@ translations = {}
 [documents."skill.external-prompt-injection-defense"]
 source = "locales/en/.mustflow/skills/external-prompt-injection-defense/SKILL.md"
 source_locale = "en"
-revision = 3
+revision = 5
 translations = {}
 
 [documents."skill.external-skill-intake"]
@@ -232,6 +250,12 @@ source_locale = "en"
 revision = 1
 translations = {}
 
+[documents."skill.process-execution-safety"]
+source = "locales/en/.mustflow/skills/process-execution-safety/SKILL.md"
+source_locale = "en"
+revision = 1
+translations = {}
+
 [documents."skill.repo-improvement-loop"]
 source = "locales/en/.mustflow/skills/repo-improvement-loop/SKILL.md"
 source_locale = "en"
@@ -301,13 +325,19 @@ translations = {}
 [documents."skill.security-privacy-review"]
 source = "locales/en/.mustflow/skills/security-privacy-review/SKILL.md"
 source_locale = "en"
-revision = 4
+revision = 7
 translations = {}
 
 [documents."skill.security-regression-tests"]
 source = "locales/en/.mustflow/skills/security-regression-tests/SKILL.md"
 source_locale = "en"
-revision = 6
+revision = 9
+translations = {}
+
+[documents."skill.search-ad-content-authoring"]
+source = "locales/en/.mustflow/skills/search-ad-content-authoring/SKILL.md"
+source_locale = "en"
+revision = 3
 translations = {}
 
 [documents."skill.skill-authoring"]
@@ -334,10 +364,16 @@ source_locale = "en"
 revision = 1
 translations = {}
 
+[documents."skill.llm-service-ux-review"]
+source = "locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md"
+source_locale = "en"
+revision = 2
+translations = {}
+
 [documents."skill.ui-quality-gate"]
 source = "locales/en/.mustflow/skills/ui-quality-gate/SKILL.md"
 source_locale = "en"
-revision = 3
+revision = 6
 translations = {}
 
 [documents."skill.visual-review-artifact"]

package/templates/default/locales/en/.mustflow/skills/INDEX.md

@@ -2,7 +2,7 @@
 mustflow_doc: skills.index
 locale: en
 canonical: true
-revision: 55
+revision: 60
 authority: router
 lifecycle: mustflow-owned
 ---
@@ -115,6 +115,7 @@ stay inactive until their event occurs.
 | Claims, adoption decisions, research notes, methodology recommendations, tool comparisons, or external summaries depend on current, external, dated, versioned, or otherwise drift-prone sources | `.mustflow/skills/source-freshness-check/SKILL.md` | Stale-sensitive claim or recommendation, source text or page, date or version context, source policy, and intended adoption surface | Source wording, documentation, skill procedures, templates, tests, schemas, and freshness report | stale or unverifiable claim, copied external authority, or unsafe adoption | `changes_status`, `docs_validate_fast`, `mustflow_check` | Checked source boundary, research split, adoption decision, wording changes, skipped refreshes, and stale-source risk |
 | `README.md` is created, restructured, or substantially rewritten | `.mustflow/skills/readme-authoring/SKILL.md` | User request, existing README if any, repository evidence, nearest instructions, and command contracts | `README.md` and directly linked public docs | invented project claims, marketing drift, or loss of human-authored intent | `docs_validate_fast`, `mustflow_check` | Evidence-based README changes, preserved or deferred sections, verification notes |
 | Release notes, changelog entries, public change summaries, release preparation copy, or package release wording are drafted or revised | `.mustflow/skills/release-notes-authoring/SKILL.md` | User-provided change summary, current diff summary, release audience, public surfaces, version source, and command contract entries | Release notes, changelog entries, release preparation notes, and directly synchronized docs or package metadata | invented release history, inflated public claims, internal noise, stale version or migration notes, or unverified release evidence | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Release audience, categorized notes, excluded internal changes, version or migration checks, verification, skipped release-history checks, and remaining release-note risk |
+| Search-friendly ad-supported articles, blog posts, guides, reviews, comparisons, FAQs, or evergreen content are planned, written, edited, reviewed, or reported | `.mustflow/skills/search-ad-content-authoring/SKILL.md` | Search intent, reader task, content type, source freshness needs, monetization constraints, article draft or outline, and command contract entries | Article outlines, headings, paragraphs, tables, lists, FAQs, images, links, disclosures, content docs, templates, tests, and reports | keyword stuffing, thin filler, misleading ad adjacency, stale policy or ranking claims, unsupported revenue claims, accessibility or layout instability, or copied competitor content | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Search intent, outline shape, content structure checks, source freshness, ad layout and trust checks, omitted or verified claims, verification, and remaining content risk |
 | Documentation review queue entries need prose cleanup | `.mustflow/skills/docs-prose-review/SKILL.md` | Review queue entry or selected document path, review comment if present, target language, reviewer metadata | Selected documentation file and review ledger entry | meaning drift or stale queue state | `docs_validate`, `mustflow_check` | Prose changes, recorded review status, verification notes |
 | Documentation changes affect public or workflow docs | `.mustflow/skills/docs-update/SKILL.md` | Changed behavior or field | Relevant docs only | stale public docs | `docs_validate_fast`, `docs_validate`, `mustflow_check` | Doc changes and skipped checks |
 
@@ -122,17 +123,19 @@ stay inactive until their event occurs.
 
 | Trigger | Skill Document | Required Input | Edit Scope | Risk | Verification Intents | Expected Output |
 | --- | --- | --- | --- | --- | --- | --- |
-| Code, configuration, docs, templates, logs, telemetry, credentials, or data flows affect secrets, personal data, authentication, authorization, retention, or external disclosure | `.mustflow/skills/security-privacy-review/SKILL.md` | Changed files, sensitive surfaces, project secret and privacy rules, public or packaged surfaces, and command contract entries | Sensitive data handling, logs, receipts, generated state, docs, templates, package metadata, and reports | secret leak, personal-data exposure, or misleading privacy claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Sensitive surfaces reviewed, disclosure paths checked, redaction or omission changes, related test need, and remaining security or privacy risk |
-| Security-sensitive behavior changes need abuse-case regression tests | `.mustflow/skills/security-regression-tests/SKILL.md` | Changed boundary, actors, and expected deny behavior | Test files and related security boundary source | false confidence and unsafe coverage | `test`, `test_related`, `test_audit`, `lint`, `build` | Security boundary, abuse case, tests, and remaining risks |
-| Outside text, generated content, logs, issues, webpages, or pasted prompts include instructions that could override repository rules or change scope | `.mustflow/skills/external-prompt-injection-defense/SKILL.md` | External text source, direct user request, repository instruction files, conflicting instruction, and command contract entries | Prompts, fixtures, docs, tests, skills, templates, and reports that handle untrusted text | prompt injection, scope drift, or unsafe command authority | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | External sources reviewed, unsafe instructions neutralized, safe requirements adapted, verification, and remaining prompt-injection risk |
+| Code, configuration, docs, templates, logs, telemetry, credentials, data flows, AI-generated code, authentication, authorization, sessions, tokens, uploads, downloads, external requests, deployment settings, dependencies, cryptography, secure transport, scanner gates, security invariants, or agent configuration affect secrets, personal data, retention, or external disclosure | `.mustflow/skills/security-privacy-review/SKILL.md` | Changed files, sensitive surfaces, actor and resource owner, session or token surface, external target, dependency source, cryptography or transport surface, scanner evidence, agent-tool permission, deployment setting, project secret and privacy rules, public or packaged surfaces, and command contract entries | Sensitive data handling, authorization, sessions, tokens, inputs, files, logs, receipts, generated state, docs, templates, package metadata, deployment settings, and reports | secret leak, personal-data exposure, access-control bypass, unsafe external request, supply-chain drift, weak cryptography, insecure transport, over-privileged agent, or misleading privacy claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Sensitive surfaces reviewed, authorization and disclosure paths checked, dependency, cryptography, transport, scanner, and agent-tool boundaries checked, redaction or omission changes, related test need, and remaining security or privacy risk |
+| Security-sensitive behavior changes need abuse-case regression tests | `.mustflow/skills/security-regression-tests/SKILL.md` | Changed boundary, actors, resource ownership, state-changing route, token, file, cryptography, transport, scanner, or invariant behavior, business rule, and expected deny behavior | Test files and related security boundary source | false confidence, happy-path-only coverage, unsafe authorization, token, file, business-rule, cryptography, transport, deployment, or invariant coverage | `test`, `test_related`, `test_audit`, `lint`, `build` | Security boundary, abuse case, defensive test data, tests added or reused, and remaining risks |
+| Outside text, generated content, logs, issues, webpages, pasted prompts, agent rules, MCP/tool configuration, or AI context sources include instructions that could override repository rules, broaden tool access, leak data, or change scope | `.mustflow/skills/external-prompt-injection-defense/SKILL.md` | External text source, direct user request, repository instruction files, conflicting instruction, context sources, tool permission surface, hidden content evidence, and command contract entries | Prompts, fixtures, docs, tests, skills, templates, agent configs, tool configs, and reports that handle untrusted text | prompt injection, context leakage, scope drift, unsafe command authority, or over-broad tool permission | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | External sources reviewed, unsafe instructions neutralized, context and permission boundaries checked, safe requirements adapted, verification, and remaining prompt-injection risk |
 
 ### Data and External Systems
 
 | Trigger | Skill Document | Required Input | Edit Scope | Risk | Verification Intents | Expected Output |
 | --- | --- | --- | --- | --- | --- | --- |
 | Database schema, query, transaction, ORM model, repository/store, index, cache-backed read model, data retention, pagination, concurrency, idempotency, audit log, or persistence boundary is introduced, changed, reviewed, or reported | `.mustflow/skills/database-change-safety/SKILL.md` | Data role, affected tables or stores, read/write path, transaction boundary, migration or rollback expectations, local DB or ORM patterns, changed files, and command contract entries | Schema, migrations, repositories, stores, queries, transactions, indexes, read models, fixtures, tests, docs, and directly synchronized templates | data loss, stale cache, authorization leak, transaction bug, duplicate side effect, slow query, or unverified migration claim | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Data role, schema/query/transaction review, migration and rollback status, index/performance notes, security/retention checks, tests, verification, and remaining database risk |
-| Packages, runtimes, tools, commands, services, or platform capabilities are assumed, added, invoked, or documented | `.mustflow/skills/dependency-reality-check/SKILL.md` | Dependency or capability, repository declarations, version or capability claim, and command contract entries | Dependency declarations, imports, command metadata, tests, and docs | invented or unavailable dependency | `changes_status`, `changes_diff_summary`, `build`, `test_release`, `mustflow_check` | Dependency status, synchronized surfaces, verification, and remaining dependency risk |
+| Dependency, package, runtime, tool, command, plugin, service, platform capability, package script, lifecycle hook, binary download, lockfile, audit result, or supply-chain-sensitive dependency surface is assumed, added, removed, imported, invoked, installed, or documented | `.mustflow/skills/dependency-reality-check/SKILL.md` | Assumed dependency or capability, declaration files, version or feature expectation, lockfile entry, package script or lifecycle hook, audit or provenance evidence, and relevant command intents | Package metadata, lockfiles, imports, scripts, command contracts, docs, tests, and reports | unavailable dependency, hallucinated or lookalike package, stale version claim, lifecycle script risk, audit suppression, lockfile drift, or install guidance mismatch | `changes_status`, `changes_diff_summary`, `build`, `test_release`, `mustflow_check` | Dependency checked, supply-chain surface reviewed, declarations synchronized, verification, and remaining dependency risk |
 | External systems, protocols, SDKs, databases, webhooks, queues, files, caches, framework requests or responses, AI models, browser storage, or provider data cross the core boundary or need port/adapter translation, error mapping, retry, idempotency, security, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, internal use case, local port/adapter patterns, provider risk, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, pass-through wrapper, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, internal port, provider containment, validation and mapping, timeout/retry/idempotency handling, security notes, verification, and remaining provider risk |
+| File paths, directories, symlinks, real paths, traversal, atomic writes, file copies, generated outputs, temporary files, cleanup, or Windows/POSIX filesystem behavior are created, changed, reviewed, or reported | `.mustflow/skills/cross-platform-filesystem-safety/SKILL.md` | Path inputs, base directory, trust boundary, symlink policy, write or cleanup strategy, platform expectations, and command contract entries | Path validation, file helpers, copy/update/delete code, scan bounds, fixtures, tests, docs, and templates | path traversal, symlink escape, unsafe overwrite, platform-only behavior, stale output, or cleanup data loss | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path trust classes, root boundary, symlink/write/delete/scan decisions, platform assumptions, verification, and remaining filesystem risk |
+| Child processes, shell or argv execution, built-in command reruns, timeouts, process trees, output limits, streaming, environment policy, command eligibility, or execution receipts are created, changed, reviewed, or reported | `.mustflow/skills/process-execution-safety/SKILL.md` | Execution path, timeout, output limit, stdin, environment, cwd, process tree behavior, receipt and write-tracking expectations, and command contract entries | Process execution code, process-tree helpers, output buffers, environment creation, eligibility checks, receipts, tests, and docs | runaway process, unbounded output, leaked environment, inconsistent JSON/text execution, false cleanup claim, or unreliable receipt | `changes_status`, `changes_diff_summary`, `test_related`, `test_release`, `mustflow_check` | Execution surface, timeout/output/environment/process-tree boundaries, receipt consistency, tests, verification, and remaining process risk |
 | Core or application logic creates, imports, resolves, or hides external dependencies such as databases, SDKs, clocks, random generators, configuration, loggers, framework objects, filesystems, queues, AI clients, or payment/email providers | `.mustflow/skills/dependency-injection/SKILL.md` | Target code area, hidden dependency, intended business capability, layer ownership, local port/adapter patterns, changed files, and command contract entries | Core logic signatures, ports, adapters, assembly roots, tests, and directly synchronized docs or templates | hidden global state, untestable business logic, provider leakage, lifecycle drift, or service-locator coupling | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Dependency boundary, direct dependencies found, injection style, ports/adapters, assembly boundary, tests or fakes, verification, and remaining dependency leakage |
 | Code, data, schema, configuration, file layout, template, or generated-state migrations are planned, edited, documented, or reported | `.mustflow/skills/migration-safety-check/SKILL.md` | Source state, target state, migration surface owner, idempotency, rollback, dry-run, compatibility, and command contract entries | Migration plans, compatibility notes, lock metadata, docs, tests, templates, generated state, and reports | irreversible migration, data loss, or false migration-success claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Migration surface, source and target state, idempotency, rollback, metadata updates, verification, and remaining migration risk |
 
@@ -142,6 +145,7 @@ stay inactive until their event occurs.
 | --- | --- | --- | --- | --- | --- | --- |
 | Generated artifacts, packaged files, binary assets, reports, or downloadable outputs are created, referenced, or reported | `.mustflow/skills/artifact-integrity-check/SKILL.md` | Artifact paths, source or generation path, package rules, and artifact expectations | Artifact references, package metadata, tests, and documentation | unverified or stale artifact claim | `changes_status`, `changes_diff_summary`, `test_release`, `build`, `mustflow_check` | Artifact evidence, inclusion or format checks, skipped checks, and integrity risk |
 | A dense plan, suggestion, code explanation, review result, flow map, or decision set would be easier to inspect as a safe static HTML review artifact | `.mustflow/skills/visual-review-artifact/SKILL.md` | User request, artifact goal, target audience, source evidence, output path, and relevant command contract entries | Temporary `.mustflow/state/artifacts/**` output or explicitly requested versioned HTML artifact, plus direct references, docs, or package metadata | unsafe HTML behavior, prompt injection, unverified artifact claim, or mistaken approval authority | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Artifact kind and path, source evidence, review-only boundary, local interactions, verification, skipped checks, and remaining decision risk |
+| Conversational AI, chat, copilot, prompt, multimodal input, streaming generation, citation, feedback, or conversation-history UI is planned, edited, reviewed, or reported | `.mustflow/skills/llm-service-ux-review/SKILL.md` | LLM service surface, user task, interaction mode, input-to-reset path, latency/source/privacy constraints, and command contract entries | Prompt, attachment, generation, output, citation, feedback, history, reset, error, accessibility, docs, templates, and reports | loss of user control, fake progress, unverifiable source claims, hidden privacy risk, decorative prompt UX, or unverified visual claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | LLM UX surface reviewed, input/waiting/output/recovery states checked, control and citation boundaries, skipped checks, and remaining LLM UX risk |
 | User-facing UI, dashboard, settings, navigation, form, copy, responsive layout, accessibility, or visual state changes are planned, edited, reviewed, or reported | `.mustflow/skills/ui-quality-gate/SKILL.md` | Changed UI surface, user task, interaction path, existing patterns, state combinations, localization rules, and command contract entries | UI controls, labels, states, layout constraints, accessibility attributes, localization hooks, docs, templates, and reports | decorative UI drift, inaccessible controls, layout breakage, or unverified visual claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | UI surface reviewed, states checked, layout/accessibility/localization notes, skipped visual checks, and remaining UI risk |
 | Web image assets are added, converted, resized, or replaced | `.mustflow/skills/web-asset-optimization/SKILL.md` | Image asset request and target path | Web image assets | asset quality and size | `asset_optimize`, `build` | Optimized asset notes |
 
@@ -168,6 +172,8 @@ stay inactive until their event occurs.
 | Multiple AI workers, subagents, external agents, parallel task runners, or worktree-based worker roles are planned or used for one repository task | `.mustflow/skills/multi-agent-work-coordination/SKILL.md` | Task goal, worker roles, write permissions, file ownership, workspace isolation, credential boundary, merge owner, and command contract entries | Coordination plan, worker instructions, ownership boundaries, merge notes, and directly synchronized tests or docs | same-file races, conflicting instructions, leaked credentials, shared auth cache, untrusted worker output, merge drift, or unverified parallel result | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Worker limit, role map, write ownership, isolation and credential boundaries, merge owner, verification, skipped checks, and remaining coordination risk |
 | Repository improvement, audit, prioritization, stabilization, polish, onboarding, contributor-readiness, production-readiness, or iterative improvement is requested without a single predetermined edit | `.mustflow/skills/repo-improvement-loop/SKILL.md` | User goal, improvement mode, repository evidence, candidate risks, current changed files, and command contract entries | Repository diagnosis, ranked candidates, and at most one scoped improvement cycle unless the user explicitly requests analysis-only | idea spam, ungrounded prioritization, autonomous loop drift, broad rewrite, or unverified improvement claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Mode, evidence inspected, scored candidates, selected improvement, files changed or analysis-only note, verification, next improvement question, and stop reason |
 | Declared behavior must stay aligned across code, schemas, templates, tests, and docs | `.mustflow/skills/contract-sync-check/SKILL.md` | Changed files, intended behavior, source of truth, derived surfaces, and command contract entries | Contract source and required synchronized surfaces | contract drift | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Contract source, synchronized surfaces, deferred surfaces, verification, and drift risk |
+| `.mustflow/config/commands.toml` command intents, resources, effects, timeouts, output limits, environment policies, lifecycle values, run policies, or command-selection metadata are created, changed, reviewed, or removed | `.mustflow/skills/command-contract-authoring/SKILL.md` | Command goal, current command contract, expected reads and writes, side effects, locks, timeout, output, environment, stdin, and verification entries | Command contract, template command contracts, workflow docs, skills, tests, and directly synchronized public docs | accidental command authority, inferred command, unbounded side effect, missing lock, secret exposure, or long-running command approval | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Intent authority decision, side-effect model, environment and timeout boundary, synchronized surfaces, verification, and remaining command-contract risk |
+| CLI text output, JSON output, exit codes, error messages, warnings, deprecations, help text, command aliases, schema-backed reports, or automation-facing command behavior are created, changed, reviewed, or reported | `.mustflow/skills/cli-output-contract-review/SKILL.md` | Affected command, output modes, exit-code expectations, docs examples, schemas, fixtures, consumers, and command contract entries | CLI output code, schemas, fixtures, docs, README examples, package tests, templates, and reports | broken automation, misleading success, schema drift, undocumented deprecation, stale example, or incompatible output change | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Output surfaces reviewed, status and exit-code semantics, synchronized schemas/docs/tests/templates, verification, and remaining CLI-output risk |
 | Dates, versions, counts, durations, limits, metrics, benchmarks, prices, percentages, or other numeric facts are created, edited, or reported | `.mustflow/skills/date-number-audit/SKILL.md` | Date or numeric fact, source of truth, dependent surfaces, precision expectation, and command contract entries | Numeric statements, metadata, tests, docs, templates, and reports | invented, stale, or mismatched numeric claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Audited values, source of truth, synchronized surfaces, skipped checks, and remaining numeric risk |
 | Git reports CRLF/LF warnings or tracked text files may need line-ending normalization | `.mustflow/skills/line-ending-hygiene/SKILL.md` | Warning text or changed-file evidence, line-ending policy, changed-file status, and command contract entries | Line-ending policy files, tracked text files, command metadata, tests, and reports | silent working-tree rewrite or policy drift | `line_endings_check`, `changes_status`, `mustflow_check` | Policy found, drift files, normalization status, verification, and remaining line-ending risk |
 | External `SKILL.md` files, skill packs, awesome lists, GitHub skill repositories, installer recommendations, or third-party skill procedures are reviewed for possible mustflow adoption | `.mustflow/skills/external-skill-intake/SKILL.md` | Source path or URL, license or provenance evidence, external skill files, intended adoption outcome, existing skill overlap, and command contract entries | Skill procedures, skill routes, template metadata, tests, docs, and review notes that adapt the external idea | third-party command bypass, license or provenance gap, unsafe helper script, duplicated skill, stale source claim, or default-profile bloat | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Source review, overlap decision, safety findings, command-intent mapping, adoption decision, synchronized surfaces, verification, and remaining intake risk |