mustflow 2.18.7 → 2.18.21

package/templates/default/locales/en/.mustflow/skills/security-regression-tests/SKILL.md

@@ -2,7 +2,7 @@
 mustflow_doc: skill.security-regression-tests
 locale: en
 canonical: true
-revision: 6
+revision: 9
 lifecycle: mustflow-owned
 authority: procedure
 name: security-regression-tests
@@ -32,6 +32,9 @@ Convert security-sensitive behavior changes into safe negative tests that preser
 
 - Authentication, authorization, session, CSRF, rate-limit, admin, payment, credit, subscription, personal-data, or tenant-boundary behavior changes.
 - Input validation, output encoding, file upload, path handling, webhook callback, redirect, or external URL handling changes.
+- Cookie, JWT, OAuth callback, reset token, invite token, logout, reauthentication, file download, upload processing, business-rule, entitlement, pricing, inventory, database query, ORM bulk operation, or deployment-configuration behavior changes.
+- AI-generated or vibe-coded routes, data access, external fetchers, admin screens, or database rules need denied-case coverage beyond a happy-path test.
+- Cryptography, password hashing, secure randomness, HTTPS/TLS, certificate validation, scanner-gate, or security-invariant behavior changes.
 - Command construction, command recommendation, executable resolution, command-contract linting, or copy-to-clipboard command behavior changes.
 - Filesystem containment, symlink handling, package publishing, build pipeline, or release automation behavior changes.
 - A bug fix closes an abuse case and the fix needs a regression test to prevent reintroduction.
@@ -81,16 +84,31 @@ Convert security-sensitive behavior changes into safe negative tests that preser
 1. Identify the protected boundary: actor, resource, operation, trust boundary, and expected defensive outcome.
 2. Classify the abuse case using project-specific facts, not broad labels alone:
    - unauthorized actor or cross-tenant access
+   - BOLA/IDOR-style object access where the resource identifier is valid but belongs to another actor or tenant
    - invalid ownership or privilege escalation
+   - UI-only admin gating without server-side role, owner, or capability enforcement
+   - authentication-only checks that omit owner, tenant, workspace, organization, team, or capability constraints
+   - unsafe session or token handling such as decode-only JWT checks, missing expiry, missing issuer or audience validation, missing logout revocation, or missing reauthentication before sensitive changes
    - unsafe input shape, size, encoding, path, or MIME mismatch
+   - unsafe sort, redirect, pagination, parser, Markdown, XML, YAML, or template input that reaches a query, file path, HTML, or command boundary
    - unsafe output rendering or serialization
+   - file upload or download authorization, content-type, signature, size, filename, metadata, web-root, or conversion resource-limit failure
    - unsafe external URL, callback, redirect, or server-side request target
+   - SSRF-style private network, localhost, link-local metadata, redirect, or DNS re-resolution target
+   - missing webhook signature validation or unsafe retry behavior for external callbacks
+   - CSRF-style state change that relies on browser credentials without an origin, token, or same-site boundary
+   - missing rate limit or lockout on login, signup, token reset, invitation, webhook, or expensive generation endpoints
+   - client-supplied price, discount, role, owner, entitlement, plan, inventory, seat, refund, coupon, or usage value trusted by the server
+   - ORM mass assignment, unscoped `findMany`, `updateMany`, `deleteMany`, unsafe migration default, or missing database policy enforcement
    - unsafe shell command construction, command name interpolation, clipboard command output, or executable lookup
    - filesystem escape through symlinks, path traversal, archive entries, generated state, or package contents
    - mismatch between two validators, linters, dashboards, schemas, or release gates that claim the same policy
    - release or package-publishing pipeline code execution before artifact publication
    - incomplete escaping, quoting, encoding, or sanitization where the safe behavior can be asserted without invoking a real shell or network target
    - stack trace or internal error exposure through a user-visible API, report, dashboard, or command output
+   - insecure password storage, custom cryptography, weak hash use, insecure randomness, or predictable reset or invite tokens
+   - disabled certificate validation, insecure HTTP downgrade, or missing HTTPS enforcement for sensitive traffic
+   - architecture drift where a refactor preserves the happy path but drops a security invariant across a layer boundary
    - workflow permission drift, mutable action references, wrong pinned-action object type, dependency scan overreach, or artifact credential leakage that can be checked through repository-local workflow tests or linters
    - payment, credit, coupon, subscription, refund, or entitlement abuse
    - personal-data or admin-only access leakage
@@ -98,19 +116,32 @@ Convert security-sensitive behavior changes into safe negative tests that preser
    - missing capability or scoped permission object where a sensitive operation depends on broad user, role, or global authorization state
    - missing invariant policy where a sensitive state change could violate a non-negotiable rule such as last-owner, entitlement, paid-order, refund, or retention constraints
    - missing idempotency key, action ledger, or outbox/inbox record where repeated execution of a side effect could charge, refund, notify, grant, revoke, publish, or delete more than once
+   - exposed debug, admin, metrics, storage, GraphQL, development console, root container user, default credential, or fork pull-request secret path that can be checked locally
 3. Search for existing tests that already cover the same boundary. Strengthen the existing test when that gives clearer coverage than adding a new one.
 4. Build the smallest safe negative test data: at least one allowed control case when useful, and one denied case that proves the boundary rejects the abuse condition.
-5. For parser, validator, serializer, path, command, or workflow boundaries, consider a bounded property-based or fuzz-style regression when the invariant is clearer than a list of hand-written examples. Keep generators local, deterministic under the test runner, size-limited, and focused on the defensive invariant.
-6. When adding a fuzzing or property-based testing dependency, keep dependency metadata, lockfiles, test selection rules, and package tests synchronized. Prefer an existing project dependency when it can express the invariant cleanly.
-7. Use mocks or local fakes for external requests, uploads, redirects, webhooks, payment providers, file systems, shell commands, package registries, and CI workflows. Do not contact live suspicious endpoints or publish real artifacts.
-8. Name the test after the defensive expectation, such as `cannot_read_other_users_invoice` or `rejects_private_network_callback_url`.
-9. Keep assertions tied to observable behavior: status code, returned error shape, unchanged database state, missing side effect, sanitized output, rejected job, or invariant preserved for all generated cases.
-10. Avoid dumping long exploit strings into the test. Use minimal representative inputs or generated values that prove the validation or boundary rule without becoming an offensive payload corpus.
-11. For command and filesystem boundaries, assert the denied side effect directly: no injected command appears in a runnable recommendation, no repository-local shim is executed, no background shell pattern is counted runnable, no symlink target outside the root is read or written.
-12. For plan/apply, capability, invariant, time, and idempotency boundaries, assert the safety contract directly: planning produces no side effect, commit rejects stale or unauthorized capability, invalid transitions preserve state, injected time controls expiry, and repeated side-effect keys do not repeat the effect.
-13. For workflow scanner fixes, prefer repository-local assertions for durable contracts: action references are pinned to commit SHAs or digest-pinned containers, privileged permissions are job-scoped, deployment or scanner jobs can be manually rerun when useful, and dependency scans exclude fixture-only manifests unless intentionally included.
-14. For scanner-driven fixes, include a regression only when the rule reflects a durable project contract. Do not add brittle tests that merely assert the scanner's current wording, line number, or severity.
-15. If the project lacks enough context to write a deterministic test, output a concrete test proposal instead of inventing fixtures or behavior.
+5. For ownership and tenant boundaries, use two actors and two resources. Prove that the valid owner succeeds and the non-owner fails for the same resource identifier shape.
+6. For SSRF and redirect boundaries, use local fake resolvers or request adapters and assert that private, loopback, link-local, metadata, unsupported protocol, and redirect-to-denied targets are rejected without making live network calls.
+7. For CSRF and browser-credential state changes, assert that the mutating operation rejects missing or mismatched token, origin, or same-site evidence according to the project framework.
+8. For rate limits and lockouts, use injected time, local stores, or fake counters to prove repeated attempts are bounded without slowing the suite.
+9. For session, JWT, OAuth, reset, invite, logout, or reauthentication boundaries, assert the denied condition directly: invalid signature, expired token, wrong issuer, wrong audience, missing state, revoked token, reused token, or missing recent authentication.
+10. For upload and download boundaries, use local fixture files and fake storage. Assert authorization, content signature, MIME, size, filename, path, metadata stripping, and conversion resource-limit behavior without using live user files.
+11. For business-rule boundaries, use server-side fixtures that try manipulated price, discount, role, owner, entitlement, plan, inventory, seat, refund, coupon, or usage fields. Assert that state remains unchanged or is recalculated from trusted server data.
+12. For database and ORM boundaries, assert scoped queries or policies through observable behavior: cross-tenant rows stay invisible, bulk update or delete affects only owned rows, mass-assigned privileged fields are ignored, and unsafe migration defaults cannot create elevated access.
+13. For cryptography and token-generation boundaries, assert behavior through the project-owned API rather than hard-coding private implementation details: password verifiers reject plaintext or fast-hash storage, token generation uses injected secure randomness or a deterministic test double, and custom cryptography shortcuts are absent where the project exposes that decision.
+14. For transport-security boundaries, assert configuration rejects disabled certificate validation or insecure HTTP for sensitive endpoints when the project owns that configuration.
+15. For architecture-drift boundaries, write the test around the security invariant, not the refactor shape: unauthorized access stays denied, sensitive output stays omitted, and side effects remain scoped after the generated structure changes.
+16. For parser, validator, serializer, path, command, or workflow boundaries, consider a bounded property-based or fuzz-style regression when the invariant is clearer than a list of hand-written examples. Keep generators local, deterministic under the test runner, size-limited, and focused on the defensive invariant.
+17. When adding a fuzzing or property-based testing dependency, keep dependency metadata, lockfiles, test selection rules, and package tests synchronized. Prefer an existing project dependency when it can express the invariant cleanly.
+18. Use mocks or local fakes for external requests, uploads, redirects, webhooks, payment providers, file systems, shell commands, package registries, and CI workflows. Do not contact live suspicious endpoints or publish real artifacts.
+19. Name the test after the defensive expectation, such as `cannot_read_other_users_invoice` or `rejects_private_network_callback_url`.
+20. Keep assertions tied to observable behavior: status code, returned error shape, unchanged database state, missing side effect, sanitized output, rejected job, or invariant preserved for all generated cases.
+21. Avoid dumping long exploit strings into the test. Use minimal representative inputs or generated values that prove the validation or boundary rule without becoming an offensive payload corpus.
+22. For command and filesystem boundaries, assert the denied side effect directly: no injected command appears in a runnable recommendation, no repository-local shim is executed, no background shell pattern is counted runnable, no symlink target outside the root is read or written.
+23. For plan/apply, capability, invariant, time, and idempotency boundaries, assert the safety contract directly: planning produces no side effect, commit rejects stale or unauthorized capability, invalid transitions preserve state, injected time controls expiry, and repeated side-effect keys do not repeat the effect.
+24. For workflow scanner fixes, prefer repository-local assertions for durable contracts: action references are pinned to commit SHAs or digest-pinned containers, privileged permissions are job-scoped, fork pull requests do not receive secrets, deployment or scanner jobs can be manually rerun when useful, and dependency scans exclude fixture-only manifests unless intentionally included.
+25. For deployment and configuration fixes, prefer local config assertions: debug flags are off for production, sample credentials are absent, public admin or metrics endpoints are not enabled by default, storage is not public, containers do not run as root when the project controls that setting, and HTTPS requirements are preserved.
+26. For scanner-driven fixes, include a regression only when the rule reflects a durable project contract. Do not add brittle tests that merely assert the scanner's current wording, line number, or severity.
+27. If the project lacks enough context to write a deterministic test, output a concrete test proposal instead of inventing fixtures or behavior.
 
 <!-- mustflow-section: postconditions -->
 ## Postconditions

package/templates/default/locales/en/.mustflow/skills/ui-quality-gate/SKILL.md

@@ -2,7 +2,7 @@
 mustflow_doc: skill.ui-quality-gate
 locale: en
 canonical: true
-revision: 3
+revision: 6
 lifecycle: mustflow-owned
 authority: procedure
 name: ui-quality-gate
@@ -34,11 +34,14 @@ Keep user-facing interfaces usable, minimal, accessible, responsive, localizatio
 - A task asks for UI polish, layout, responsive behavior, accessibility, visual states, language switching, labels, or interaction feedback.
 - A report claims that UI text fits, controls are understandable, language updates apply, or a page renders correctly.
 - A change could add explanatory, marketing-like, decorative, duplicate, invented, or non-actionable UI content.
+- AI-generated or vibe-coded UI needs review for predictable conventions, visual hierarchy, mobile usability, touch targets, component boundaries, and interaction feedback.
+- A repeated AI-editing loop may have introduced style drift, duplicated state, missing edge cases, undeclared UI dependencies, or oversized components.
 
 <!-- mustflow-section: do-not-use-when -->
 ## Do Not Use When
 
 - The task changes only backend logic, CLI output, metadata, or documentation with no user-facing UI surface.
+- The task is specifically about conversational AI, chat, copilot, prompt, multimodal input, streaming generation, citations, feedback, or conversation history; use `llm-service-ux-review`.
 - The task is only image asset conversion; use `web-asset-optimization` for that part.
 - The UI change cannot be rendered or inspected in the current environment; report the inspection gap instead of claiming visual verification.
 
@@ -48,6 +51,9 @@ Keep user-facing interfaces usable, minimal, accessible, responsive, localizatio
 - The changed UI surface, user task, and expected interaction path.
 - Existing design patterns, task-essential controls, labels, states, accessibility conventions, and localization rules in the same area.
 - Viewports, themes, languages, and state combinations that need inspection.
+- The target devices and interaction style, including mobile-first behavior, pointer or touch input, expected keyboard use, and any project breakpoint or design-token conventions.
+- Existing design-token, component, data, state, dependency, and accessibility contracts that the changed UI must preserve.
+- Any high-risk widget involved, such as toast notifications, tree views, editable grids, drag-and-drop, custom selects, comboboxes, dialogs, or virtualized lists.
 - Performance, asset-size, animation, or network constraints that affect the changed surface.
 - Relevant command-intent contract entries for status, diff, docs, build, release, or mustflow validation.
 
@@ -64,7 +70,10 @@ Keep user-facing interfaces usable, minimal, accessible, responsive, localizatio
 - Add, remove, or refine UI controls, labels, states, layout constraints, localization hooks, and accessibility attributes when they support the user's real task.
 - Remove decorative, explanatory, invented, or marketing-like UI content that does not help the user act on real data.
 - Prefer existing component patterns and stable dimensions over new visual systems.
+- Add subtle interaction feedback only when it clarifies state, confirms action, or improves perceived responsiveness without harming reduced-motion users.
+- Add a small intermediate UI contract for complex surfaces before implementation: view tree, data inputs, user actions, state transitions, visual tokens, and verification targets.
 - Do not claim a UI is visually verified without an actual render, screenshot, DOM inspection, or clear reason that visual verification was unavailable.
+- Do not add undeclared packages, invented component APIs, ad hoc style scales, or framework-specific patterns that conflict with the current project.
 
 <!-- mustflow-section: procedure -->
 ## Procedure
@@ -72,23 +81,33 @@ Keep user-facing interfaces usable, minimal, accessible, responsive, localizatio
 1. Identify the real user task and the UI surface that supports it.
 2. Check nearby UI patterns before adding new layout, component, color, copy, or state conventions.
 3. Keep task-essential controls only. Remove or avoid non-essential welcome text, feature summaries, decorative cards, fake metrics, marketing copy, invented filters, and controls that do not operate on real data.
-4. Verify controls are understandable and state-aware: icon buttons need accessible names or tooltips, destructive or state-changing actions need clear labels, selected or disabled states need clear visual treatment, and disabled states need a visible reason when useful.
-5. Check keyboard and focus behavior before visual polish: native elements first, tab order, focus order and return, visible focus state, names for icon-only controls, form error linkage, live status announcements, reduced-motion handling, and sufficient contrast.
-6. Check accessible names and states against the actual interaction model, not only the rendered text. Dynamic controls must expose the current expanded, selected, checked, invalid, busy, or disabled state when applicable.
-7. Check form error and empty-state behavior. Errors should point to the field or action that needs attention, and empty states should be short and action-oriented rather than explaining the product.
-8. Check localization-safe labels: language switching, fallback text, placeholders, plural or formatted values, long translated labels, bidirectional text, logical spacing, and date, time, number, currency, or unit display where applicable.
-9. Check responsive layout without text overlap: text should not overflow, clip, overlap, resize fixed-format controls unexpectedly, or depend on viewport-width font scaling.
-10. Check performance and asset-size awareness when the change adds images, icons, animation, third-party UI code, large client data, or extra network work. Prefer existing assets and bounded rendering cost.
-11. Check state coverage: loading, empty, error, saved, changed, disabled, selected, focused, and language-switched states should update consistently where applicable.
-12. Inspect responsive and localization-sensitive surfaces when the change affects layout or translated text.
-13. Use visual verification only when a configured one-shot command or approved browser workflow exists for the surface. Do not start development servers, watchers, or browser sessions directly from the skill.
-14. Run the narrowest configured verification that covers the changed UI, documentation, package, or mustflow contract.
+4. Check predictability and visual hierarchy. Follow familiar platform or product conventions, make the next likely action visible, and use spacing, size, weight, grouping, and order to make the primary task easier to scan.
+5. Check responsive and touch ergonomics. Prefer mobile-first layout decisions, preserve readable spacing at small widths, keep touch targets and gaps usable, and follow existing breakpoint or design-token conventions instead of inventing one-off sizes.
+6. Verify controls are understandable and state-aware: icon buttons need accessible names or tooltips, destructive or state-changing actions need clear labels, hover, active, selected, loading, and disabled states need clear visual treatment, and disabled states need a visible reason when useful.
+7. Check keyboard and focus behavior before visual polish: native elements first, semantic landmarks when they clarify page structure, tab order, focus order and return, visible focus state, names for icon-only controls, form error linkage, live status announcements, reduced-motion handling, and sufficient contrast.
+8. Check accessible names and states against the actual interaction model, not only the rendered text. Dynamic controls must expose the current expanded, selected, checked, invalid, busy, or disabled state when applicable.
+9. Check form validation, error, and empty-state behavior. Validate close to the field when useful, place errors next to the action or input that needs attention, preserve user input after failure, and keep empty states short and action-oriented rather than explaining the product.
+10. Check interaction feedback. Loading, skeleton, saving, success, failure, toast, inline message, or micro-interaction feedback should map to real state and should not distract from the task or hide a slow operation.
+11. Check localization-safe labels: language switching, fallback text, placeholders, plural or formatted values, long translated labels, bidirectional text, logical spacing, and date, time, number, currency, or unit display where applicable.
+12. Check responsive layout without text overlap: text should not overflow, clip, overlap, resize fixed-format controls unexpectedly, or depend on viewport-width font scaling.
+13. Check style drift. Repeated AI edits should not create one-off spacing, color, radius, typography, shadow, or inline-style variants when an existing token, utility, or component variant already covers the need.
+14. Check state architecture. Async UI should cover the relevant idle, loading, success, empty, error, retrying, and stale-data states without duplicating state variables or leaving race-prone updates after unmount.
+15. Check component boundaries. Reusable UI pieces should be small enough to maintain consistent states and accessibility, but not split into wrappers that obscure the user task or duplicate design rules.
+16. Check dependency and API reality. Imported UI packages, generated helpers, component props, browser APIs, and event contracts must exist in the project or be handled through the dependency workflow before code relies on them.
+17. Check high-risk widgets. Toasts need pauseable timing and appropriate status announcements; tree views need composite keyboard behavior; editable grids need navigation and editing modes; custom selects, dialogs, and comboboxes need proven accessibility patterns or an existing library.
+18. Check performance and asset-size awareness when the change adds images, icons, animation, third-party UI code, large client data, or extra network work. Prefer existing assets, lazy loading when appropriate, explicit image dimensions, and bounded rendering cost.
+19. Check state coverage: loading, empty, error, saved, changed, disabled, selected, focused, hover, active, validating, and language-switched states should update consistently where applicable.
+20. For complex surfaces, write or confirm a compact UI contract before broad implementation: view tree, data contract, interaction model, state model, design-token contract, and verification targets.
+21. Inspect responsive and localization-sensitive surfaces when the change affects layout or translated text.
+22. Use visual verification only when a configured one-shot command or approved browser workflow exists for the surface. Do not start development servers, watchers, or browser sessions directly from the skill.
+23. Run the narrowest configured verification that covers the changed UI, documentation, package, or mustflow contract.
 
 <!-- mustflow-section: postconditions -->
 ## Postconditions
 
 - The UI supports the user's task without unnecessary explanatory or decorative surface.
-- Important controls, labels, states, keyboard and focus paths, layout constraints, localization updates, and performance-sensitive assets are checked or reported as unverified.
+- Important controls, labels, states, visual hierarchy, touch ergonomics, keyboard and focus paths, layout constraints, localization updates, and performance-sensitive assets are checked or reported as unverified.
+- AI-generated changes preserve existing style tokens, component boundaries, state contracts, dependency reality, and high-risk widget accessibility expectations.
 - Final reports distinguish code-level verification from visual or interactive verification.
 
 <!-- mustflow-section: verification -->
@@ -120,7 +139,8 @@ Use a narrower configured test, build, browser, screenshot, or accessibility int
 - UI surface reviewed
 - User task and states checked
 - Task-essential controls kept or removed
-- Layout, keyboard and focus, accessibility, localization, performance, and asset-size checks
+- Visual hierarchy, responsive layout, touch ergonomics, keyboard and focus, accessibility, localization, performance, and asset-size checks
+- Interaction feedback, style drift, state architecture, dependency, high-risk widget, and component-boundary checks
 - Decorative or unnecessary UI avoided or removed
 - Command intents run
 - Skipped visual checks and reasons

package/templates/default/manifest.toml

@@ -1,6 +1,6 @@
 id = "default"
 name = "default"
-version = "2.18.7"
+version = "2.18.21"
 description = "Minimal workflow for LLM agents to read, edit, and verify their work in a repository."
 common_root = "common"
 locales_root = "locales"
@@ -17,9 +17,12 @@ creates = [
   ".mustflow/skills/behavior-preserving-refactor/SKILL.md",
   ".mustflow/skills/code-review/SKILL.md",
   ".mustflow/skills/codebase-orientation/SKILL.md",
+  ".mustflow/skills/cli-output-contract-review/SKILL.md",
+  ".mustflow/skills/command-contract-authoring/SKILL.md",
   ".mustflow/skills/command-pattern/SKILL.md",
   ".mustflow/skills/composition-over-inheritance/SKILL.md",
   ".mustflow/skills/contract-sync-check/SKILL.md",
+  ".mustflow/skills/cross-platform-filesystem-safety/SKILL.md",
   ".mustflow/skills/date-number-audit/SKILL.md",
   ".mustflow/skills/database-change-safety/SKILL.md",
   ".mustflow/skills/dependency-injection/SKILL.md",
@@ -31,6 +34,7 @@ creates = [
   ".mustflow/skills/test-design-guard/SKILL.md",
   ".mustflow/skills/test-maintenance/SKILL.md",
   ".mustflow/skills/vertical-slice-tdd/SKILL.md",
+  ".mustflow/skills/llm-service-ux-review/SKILL.md",
   ".mustflow/skills/ui-quality-gate/SKILL.md",
   ".mustflow/skills/external-prompt-injection-defense/SKILL.md",
   ".mustflow/skills/external-skill-intake/SKILL.md",
@@ -43,6 +47,7 @@ creates = [
   ".mustflow/skills/null-object-pattern/SKILL.md",
   ".mustflow/skills/performance-budget-check/SKILL.md",
   ".mustflow/skills/pattern-scout/SKILL.md",
+  ".mustflow/skills/process-execution-safety/SKILL.md",
   ".mustflow/skills/repo-improvement-loop/SKILL.md",
   ".mustflow/skills/structure-discovery-gate/SKILL.md",
   ".mustflow/skills/readme-authoring/SKILL.md",
@@ -57,6 +62,7 @@ creates = [
   ".mustflow/skills/project-context-authoring/SKILL.md",
   ".mustflow/skills/security-privacy-review/SKILL.md",
   ".mustflow/skills/security-regression-tests/SKILL.md",
+  ".mustflow/skills/search-ad-content-authoring/SKILL.md",
   ".mustflow/skills/skill-authoring/SKILL.md",
   ".mustflow/skills/visual-review-artifact/SKILL.md",
   ".mustflow/skills/visual-review-artifact/resources.toml",
@@ -91,6 +97,7 @@ minimal = [
   "behavior-preserving-refactor",
   "code-review",
   "codebase-orientation",
+  "command-contract-authoring",
   "contract-sync-check",
   "date-number-audit",
   "database-change-safety",
@@ -117,6 +124,7 @@ patterns = [
   "behavior-preserving-refactor",
   "code-review",
   "codebase-orientation",
+  "command-contract-authoring",
   "command-pattern",
   "composition-over-inheritance",
   "contract-sync-check",
@@ -154,9 +162,12 @@ oss = [
   "behavior-preserving-refactor",
   "code-review",
   "codebase-orientation",
+  "cli-output-contract-review",
+  "command-contract-authoring",
   "command-pattern",
   "composition-over-inheritance",
   "contract-sync-check",
+  "cross-platform-filesystem-safety",
   "date-number-audit",
   "database-change-safety",
   "dependency-injection",
@@ -173,6 +184,7 @@ oss = [
   "migration-safety-check",
   "null-object-pattern",
   "pattern-scout",
+  "process-execution-safety",
   "project-context-authoring",
   "pure-core-imperative-shell",
   "readme-authoring",
@@ -199,9 +211,11 @@ team = [
   "behavior-preserving-refactor",
   "code-review",
   "codebase-orientation",
+  "command-contract-authoring",
   "command-pattern",
   "composition-over-inheritance",
   "contract-sync-check",
+  "cross-platform-filesystem-safety",
   "date-number-audit",
   "database-change-safety",
   "dependency-injection",
@@ -215,6 +229,7 @@ team = [
   "multi-agent-work-coordination",
   "null-object-pattern",
   "pattern-scout",
+  "process-execution-safety",
   "pure-core-imperative-shell",
   "result-option",
   "requirement-regression-guard",
@@ -234,6 +249,7 @@ product = [
   "behavior-preserving-refactor",
   "code-review",
   "codebase-orientation",
+  "command-contract-authoring",
   "command-pattern",
   "composition-over-inheritance",
   "contract-sync-check",
@@ -247,6 +263,7 @@ product = [
   "facade-pattern",
   "failure-triage",
   "instruction-conflict-scope-check",
+  "llm-service-ux-review",
   "null-object-pattern",
   "pattern-scout",
   "performance-budget-check",
@@ -255,6 +272,7 @@ product = [
   "requirement-regression-guard",
   "repro-first-debug",
   "security-privacy-review",
+  "search-ad-content-authoring",
   "source-anchor-authoring",
   "source-freshness-check",
   "state-machine-pattern",
@@ -274,9 +292,12 @@ library = [
   "behavior-preserving-refactor",
   "code-review",
   "codebase-orientation",
+  "cli-output-contract-review",
+  "command-contract-authoring",
   "command-pattern",
   "composition-over-inheritance",
   "contract-sync-check",
+  "cross-platform-filesystem-safety",
   "date-number-audit",
   "database-change-safety",
   "dependency-injection",
@@ -292,6 +313,7 @@ library = [
   "migration-safety-check",
   "null-object-pattern",
   "pattern-scout",
+  "process-execution-safety",
   "project-context-authoring",
   "pure-core-imperative-shell",
   "readme-authoring",

package/dist/cli/commands/run/builtin-dispatch.js

@@ -1,92 +0,0 @@
-import { canRunMustflowBuiltinInProcess, isMustflowBinName } from '../../../core/command-classification.js';
-import { getPackageVersion } from '../../lib/package-info.js';
-import { createBufferedReporter } from './output.js';
-/**
- * mf:anchor cli.run.builtin-inprocess
- * purpose: Dispatch selected mustflow built-in commands without spawning a nested CLI process.
- * search: builtin intent, in-process command, nested mf run, run receipt
- * invariant: Only commands classified by command-classification can use this path.
- * risk: config, state
- */
-async function runKnownBuiltinCommand(args, reporter, lang) {
-    const [command, ...commandArgs] = args;
-    if ((command === '--version' || command === '-v' || command === 'version') && commandArgs.length === 0) {
-        reporter.stdout(getPackageVersion());
-        return 0;
-    }
-    if (!canRunMustflowBuiltinInProcess(command)) {
-        return undefined;
-    }
-    if (command === 'check') {
-        return (await import('../check.js')).runCheck(commandArgs, reporter, lang);
-    }
-    if (command === 'classify') {
-        return (await import('../classify.js')).runClassify(commandArgs, reporter, lang);
-    }
-    if (command === 'context') {
-        return (await import('../context.js')).runContext(commandArgs, reporter, lang);
-    }
-    if (command === 'doctor') {
-        return (await import('../doctor.js')).runDoctor(commandArgs, reporter, lang);
-    }
-    if (command === 'help') {
-        return (await import('../help.js')).runHelp(commandArgs, reporter, lang);
-    }
-    if (command === 'impact') {
-        return (await import('../impact.js')).runImpact(commandArgs, reporter, lang);
-    }
-    if (command === 'line-endings') {
-        return (await import('../line-endings.js')).runLineEndings(commandArgs, reporter, lang);
-    }
-    if (command === 'map') {
-        return (await import('../map.js')).runMap(commandArgs, reporter, lang);
-    }
-    if (command === 'status') {
-        return (await import('../status.js')).runStatus(commandArgs, reporter, lang);
-    }
-    if (command === 'update') {
-        return (await import('../update.js')).runUpdate(commandArgs, reporter, lang);
-    }
-    if (command === 'version-sources') {
-        return (await import('../version-sources.js')).runVersionSources(commandArgs, reporter, lang);
-    }
-    return undefined;
-}
-async function withWorkingDirectory(cwd, callback) {
-    const previousCwd = process.cwd();
-    process.chdir(cwd);
-    try {
-        return await callback();
-    }
-    finally {
-        process.chdir(previousCwd);
-    }
-}
-export async function runBuiltinArgvInProcess(commandArgv, cwd, lang) {
-    const [command = '', ...builtinArgs] = commandArgv;
-    if (!isMustflowBinName(command)) {
-        return undefined;
-    }
-    const output = createBufferedReporter();
-    try {
-        const status = await withWorkingDirectory(cwd, () => runKnownBuiltinCommand(builtinArgs, output.reporter, lang));
-        if (status === undefined) {
-            return undefined;
-        }
-        return {
-            status,
-            signal: null,
-            stdout: output.stdout(),
-            stderr: output.stderr(),
-        };
-    }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        return {
-            status: 1,
-            signal: null,
-            stdout: output.stdout(),
-            stderr: `${output.stderr()}${message}\n`,
-        };
-    }
-}