mustflow 2.22.17 → 2.22.46

package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md

@@ -0,0 +1,154 @@
+---
+mustflow_doc: skill.python-code-change
+locale: en
+canonical: true
+revision: 2
+lifecycle: mustflow-owned
+authority: procedure
+name: python-code-change
+description: Apply this skill when Python source, packaging, runtime version, import layout, type checking, linting, tests, or CLI entry points are created or changed.
+metadata:
+  mustflow_schema: "1"
+  mustflow_kind: procedure
+  pack_id: mustflow.core
+  skill_id: mustflow.core.python-code-change
+  command_intents:
+    - changes_status
+    - changes_diff_summary
+    - lint
+    - build
+    - test_related
+    - test
+    - docs_validate_fast
+    - mustflow_check
+---
+
+# Python Code Change
+
+<!-- mustflow-section: purpose -->
+## Purpose
+
+Preserve Python runtime, packaging, import, async resource, public API, typing, lint, and test boundaries while making a focused change.
+
+<!-- mustflow-section: use-when -->
+## Use When
+
+- `.py`, `pyproject.toml`, `setup.py`, `setup.cfg`, requirements files, lockfiles, tox, nox, pytest, mypy, pyright, Ruff, or Python CI config changes.
+- The task touches package layout, CLI entry points, imports, type hints, dependency declarations, virtual environment assumptions, or tests.
+
+<!-- mustflow-section: do-not-use-when -->
+## Do Not Use When
+
+- The task only edits generated Python output that should not be maintained manually.
+- The repository does not contain Python behavior and the file is only documentation.
+
+<!-- mustflow-section: required-inputs -->
+## Required Inputs
+
+- Python version source: `requires-python`, `.python-version`, tool version files, CI matrix, or container base image.
+- Packaging and dependency files, test config, lint config, and type checker config.
+- Package layout: `src` layout, flat layout, namespace package, distribution name, import package name, package discovery settings, CLI entry points, plugin entry points, and nearby tests.
+- Async ownership and resource cleanup surface when coroutines, tasks, context managers, sessions, clients, pools, files, async generators, subprocesses, or logging change.
+- Public contract surface when imports, signatures, exceptions, return shapes, CLI behavior, config, environment variables, extras, Python version support, or typing stubs change.
+- Configured verification intents.
+
+<!-- mustflow-section: preconditions -->
+## Preconditions
+
+- Determine the lowest supported Python version before choosing syntax or typing features.
+- Read package layout and import style before editing imports.
+- Treat global machine Python state as irrelevant unless the project explicitly declares it.
+
+<!-- mustflow-section: allowed-edits -->
+## Allowed Edits
+
+- Keep existing packaging tools and layout unless the user explicitly asks for a packaging migration.
+- Add or adjust type hints at public boundaries, complex return values, and external input boundaries.
+- Follow existing test style, fixtures, parametrization, and lint/type strictness.
+- Do not lower Ruff, mypy, pyright, pytest, or packaging strictness to hide a failure.
+- Keep import fixes in package metadata, package discovery, entry points, or test invocation contracts instead of path hacks.
+- Make resource ownership explicit: code closes only the resources it creates.
+
+<!-- mustflow-section: procedure -->
+## Procedure
+
+1. Read project metadata, Python version constraints, dependency files, and test/lint/type configs.
+2. Identify the boundary touched: runtime version, package API, import root, packaging metadata, CLI entry, test fixture, async resource ownership, external input, or dependency contract.
+3. For packaging and import changes, separate the distribution name from the import package name. Check package directory mapping, package discovery settings, namespace package behavior, package data, entry points, optional dependencies, and `requires-python` before touching imports.
+4. Treat `src` layout as an installation contract. Importable code under `src/` should be tested through the supported installed-package path, not by making repository files accidentally importable from the working directory.
+5. Match existing package layout and import conventions. Do not add `sys.path`, `site.addsitedir`, `PYTHONPATH`, pytest `pythonpath`, ad hoc import loading, or test `conftest.py` import hacks to make package imports pass.
+6. Do not add `__init__.py` to tests as a blind fix. Add it only when tests are intentionally a package and the import-mode behavior remains explicit.
+7. For packaging changes, distinguish development and release contracts:
+   - editable installs prove the local development path;
+   - wheel installs or equivalent built artifacts prove the release path;
+   - entry point, dependency, optional dependency, metadata, and package data changes require reinstall-oriented verification when a configured intent exists;
+   - installed console scripts or plugin entry points should be smoke-tested through the installed entry point contract, not by directly running a source file.
+8. Verify import origin when packaging risk is present. The public package should resolve from the installed environment intended by the project, not from accidental repository-root files.
+9. Validate unknown external data before treating it as typed domain data.
+10. Preserve async and resource ownership:
+   - every coroutine is awaited, returned by contract, or scheduled as an owned and tracked task;
+   - raw background task creation is allowed only through the project's owner or spawn helper, a task group, or an equivalent lifecycle mechanism;
+   - background tasks keep a strong reference, have a shutdown path, and retrieve failures instead of leaving never-retrieved exceptions;
+   - cancellation is control flow, so cleanup uses `finally` and cancellation is re-raised after cleanup unless suppression is the documented behavior;
+   - async functions do not call blocking I/O, blocking sleeps, long CPU work, or blocking subprocess waits directly unless the project has an explicit executor or isolation pattern;
+   - context managers and async context managers do not suppress exceptions unless suppression is the feature;
+   - context-manager helpers that catch exceptions for logging re-raise after logging;
+   - early-exit async generators have an explicit close path.
+11. Preserve traceback evidence. Logging inside exception handlers should retain exception information instead of logging only the exception message.
+12. Preserve public contracts:
+   - treat public imports, public signatures, exceptions, return shapes, CLI behavior, entry points, config keys, environment variables, dependency metadata, extras, Python version support, and typing stubs as compatibility-sensitive;
+   - do not change sync functions into async functions, accepted input shapes, nullable behavior, documented exception types, tuple/dict/dataclass return shapes, config precedence, or environment variable semantics without a compatibility review;
+   - typed packages should keep runtime and typing surfaces aligned, including `py.typed` and stubs when present.
+13. Avoid mutable default arguments, broad `except Exception: pass`, broad `BaseException` catches outside process boundaries, global state hidden behind module imports, and path handling that ignores existing `pathlib` or OS conventions.
+14. Use `# type: ignore[...]` only when tightly scoped, justified, and consistent with local policy.
+15. If packaging, public API, CLI, config, or typing contracts change, synchronize README examples, entry point tests, build metadata, docs, fixtures, and downstream-style examples that describe installation or usage.
+16. Choose configured verification intents that cover formatting, lint, type checking, tests, package build, installed-package smoke checks, and CLI smoke risk when available.
+
+<!-- mustflow-section: postconditions -->
+## Postconditions
+
+- The code respects the declared Python version and packaging layout.
+- Imports work from the project-supported execution path.
+- Packaging changes distinguish development imports from release artifact imports.
+- Async tasks, context managers, files, clients, pools, subprocesses, and generators have visible ownership and cleanup.
+- Public API, CLI, config, environment, dependency metadata, and typing contract changes are called out.
+- Type and lint strictness are not weakened.
+- Tests or skipped verification are tied to the changed behavior.
+
+<!-- mustflow-section: verification -->
+## Verification
+
+Use configured oneshot command intents when available:
+
+- `lint`
+- `build`
+- `test_related`
+- `test`
+- `docs_validate_fast`
+- `mustflow_check`
+
+Report missing package, type, or test intents rather than inventing raw tool commands.
+
+<!-- mustflow-section: failure-handling -->
+## Failure Handling
+
+- If import resolution fails, inspect package metadata and test invocation before adding path hacks.
+- If a test only passes because repository root, `src`, or `tests` is injected into import paths, reject the fix and repair packaging or test layout instead.
+- If packaging correctness matters but only repository-root tests can run, report that wheel or installed-artifact verification is missing.
+- If the supported Python version blocks a syntax choice, rewrite to the supported form.
+- If third-party stubs or package metadata are wrong, document the local workaround and keep it narrow.
+- If a background task lacks owner, shutdown, strong reference, or exception retrieval, do not add it.
+- If cancellation or context-manager behavior is swallowed accidentally, restore propagation or document the intentional suppression contract.
+- If resource cleanup cannot be proven, use the project's context manager, exit stack, fixture, or lifecycle pattern before broadening tests.
+- If public contracts change without compatibility evidence, stop and report the breaking-change or deprecation requirement.
+
+<!-- mustflow-section: output-format -->
+## Output Format
+
+- Boundary checked
+- Runtime and packaging assumptions
+- Files changed
+- Type, lint, and import notes
+- Command intents run
+- Skipped checks and reasons
+- Remaining Python risk

package/templates/default/locales/en/.mustflow/skills/release-publish-change/SKILL.md

@@ -0,0 +1,172 @@
+---
+mustflow_doc: skill.release-publish-change
+locale: en
+canonical: true
+revision: 1
+lifecycle: mustflow-owned
+authority: procedure
+name: release-publish-change
+description: Apply this skill when release publishing, package registry publication, remote release channels, Git tags, GitHub Releases, release assets, npm, PyPI, crates.io, Go modules, Docker images, Homebrew formulae or casks, app updater metadata, version bump decisions, artifact inspection, post-publish smoke tests, rollback or yanking plans, or user installation paths are created, changed, reviewed, or reported.
+metadata:
+  mustflow_schema: "1"
+  mustflow_kind: procedure
+  pack_id: mustflow.core
+  skill_id: mustflow.core.release-publish-change
+  command_intents:
+    - changes_status
+    - changes_diff_summary
+    - lint
+    - build
+    - test_related
+    - test
+    - docs_validate_fast
+    - test_release
+    - mustflow_check
+---
+
+# Release Publish Change
+
+<!-- mustflow-section: purpose -->
+## Purpose
+
+Keep release work honest by treating a release as a remote state transition, not as a local code edit.
+
+The release is not done when tests pass locally, a version string changes, or a workflow succeeds. It is done only when the intended remote channel contains the expected artifact and a user-facing installation or update path has been smoke-tested through configured command intents or explicitly reported as unverified.
+
+<!-- mustflow-section: use-when -->
+## Use When
+
+- A task prepares, changes, reviews, or reports package publication, registry publication, Git tag release, GitHub Release creation, release assets, checksums, signatures, Docker image tags, Homebrew formulae, app updater feeds, appcast files, channel metadata, or installer distribution.
+- A change touches version bump logic, package metadata, release workflows, publish workflows, release assets, package contents, changelog-to-release wiring, post-publish smoke tests, or rollback and yanking guidance.
+- A final report claims that a version was published, released, installable, downloadable, updateable, yanked, deprecated, rolled back, or verified by the user installation path.
+- A release target includes npm, PyPI, crates.io, Go modules, Docker registries, GitHub Releases, Homebrew, Electron auto-update, Sparkle, Tauri updater, mobile stores, desktop installers, or another remote distribution channel.
+
+<!-- mustflow-section: do-not-use-when -->
+## Do Not Use When
+
+- The task only drafts release notes or changelog wording without publishing, package metadata, release artifact, or install-path claims. Use `release-notes-authoring` instead.
+- The task only changes dependency versions inside a project and does not publish the project. Use `dependency-upgrade-review`.
+- The task only checks local artifact integrity without changing or reporting release publication. Use `artifact-integrity-check` if available.
+- The task asks for a private experiment that must not affect remote tags, registries, release assets, or update channels.
+
+<!-- mustflow-section: required-inputs -->
+## Required Inputs
+
+- Release target, version, channel, package name, module path, image name, tag, artifact names, expected assets, and intended audience.
+- Public contract source for versioning: package metadata, manifest, lock or generated metadata, changelog, release workflow, tag policy, and SemVer or project-specific compatibility rules.
+- Artifact source and inspection method: package file list, archive contents, generated distributions, checksums, signatures, SBOM, provenance, installer contents, image digest, updater metadata, or release asset manifest.
+- Remote publication surface: registry, Git tag, GitHub Release, Docker registry, tap, updater feed, appcast, CDN, package index, or store.
+- Recovery model: unpublish, yank, deprecate, republish with new version, move channel pointer, revoke asset, restore from backup, or forward fix.
+- Configured command intents for build, package inspection, release verification, docs validation, and user installation or updater smoke test. If no such intent exists, report the missing intent instead of inventing a raw command.
+
+<!-- mustflow-section: preconditions -->
+## Preconditions
+
+- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
+- Higher-priority instructions, release preferences, and the command contract have been checked for the current scope.
+- The release target and version are known, or the work is explicitly limited to authoring a release procedure skill or checklist.
+- Remote publication, tag creation, push, registry upload, production updater change, and destructive yanking or unpublish actions are not executed unless the repository and host rules explicitly authorize them.
+
+<!-- mustflow-section: allowed-edits -->
+## Allowed Edits
+
+- Update version metadata, release workflow files, package manifests, artifact manifests, changelog or release-preparation docs, release validation tests, package fixture expectations, and installed-template metadata directly required by the release contract.
+- Update smoke-test expectations and package tests that encode the release or installation contract.
+- Add conservative release procedure text that describes configured command intents and required evidence.
+- Do not publish, tag, push, yank, delete, unpublish, overwrite assets, or alter remote channels unless explicitly requested and authorized by the active command contract and host rules.
+
+<!-- mustflow-section: procedure -->
+## Procedure
+
+1. Classify the release surface.
+   - Package registry: npm, PyPI, crates.io, RubyGems, Maven, NuGet, SwiftPM, or similar.
+   - Source tag release: Go module, GitHub Release, generated assets, source archive, or checksum manifest.
+   - Container release: image tag, digest, multi-platform manifest, base image, provenance, or registry metadata.
+   - Installer or updater release: desktop installer, appcast, update feed, channel metadata, signature, release notes, or updater endpoint.
+   - Formula or distribution wrapper: Homebrew formula, cask, tap metadata, checksum, bottle, or livecheck.
+2. Declare the public API before choosing the version bump.
+   - Public API includes CLI output, flags, config schema, package exports, templates, generated artifacts, installer behavior, migration contract, deprecation behavior, update channel behavior, and documented examples.
+   - Use SemVer only after naming what this project treats as public API.
+   - Treat compatibility-affecting behavior, removed assets, changed binary names, moved module paths, changed updater channels, or stricter parsers as release-contract changes even when source APIs look unchanged.
+3. Inspect the artifact, not only the repository tree.
+   - Check package file lists, archive contents, generated distributions, binary entrypoints, README, LICENSE, metadata, generated schemas, template files, checksums, signatures, SBOM, provenance, image digest, and platform matrix as applicable.
+   - Do not claim artifact inspection from the source tree alone.
+   - Stale `dist`, build output, generated clients, package caches, or old release assets must be cleaned or reported before publication evidence is trusted.
+4. Classify channel permanence and recovery.
+   - npm name and version pairs, PyPI distribution filenames, crates.io versions, and Go module tags are effectively one-way release identifiers for practical purposes.
+   - Docker tags can move in many registries, but digests identify content and should be captured when reporting release evidence.
+   - GitHub Releases depend on Git tags, but release assets, checksums, signatures, and release body are separate evidence surfaces.
+   - App updater channels depend on metadata and signature state, not only uploaded installers.
+5. For npm-style package publication, verify package metadata, packed file list, entrypoints, bin links, README, LICENSE, access, provenance or trusted publisher setup, registry target, and exact published version behavior through configured intents.
+6. For PyPI-style publication, verify source distribution, wheel contents, metadata, Python version constraints, entrypoints, README rendering, filename uniqueness, and install smoke path through configured intents.
+7. For crates.io-style publication, verify manifest metadata, include and exclude rules, packaged file list, feature combinations, docs expectations, and yank-forward-fix policy.
+8. For Go modules, treat the Git tag as the release. Verify module path, semantic tag, major-version path rules, tag target commit, proxy/cache implications, and module consumer smoke path. Do not move or delete tags as a casual recovery shortcut.
+9. For Docker images, verify image digest, tag, platform manifest, labels, exposed ports, entrypoint, user, vulnerability or base-image expectations, and pull-run smoke behavior through configured intents.
+10. For GitHub Releases, verify tag, release body, generated notes policy, asset list, checksum files, signatures, archives, attached binaries, and download smoke behavior.
+11. For Homebrew, verify formula or cask URL, version, checksum, livecheck, bottle expectations, test block, audit result, and install smoke path through configured intents.
+12. For app updaters, verify installer artifact, update metadata, channel, minimum version, signature, release notes, feed URL, staged rollout rules, and updater smoke path from an older installed version when configured.
+13. Keep release notes and release publication separate.
+   - Release notes may say what changed only when evidence supports it.
+   - Publication evidence must say what remote artifact exists and how a user reaches it.
+14. Verify remote state after publication when authorized.
+   - Check the registry, tag, release page, asset download, digest, updater feed, tap, or package index that users actually consume.
+   - Then run the configured user installation, pull, download, or updater smoke intent.
+   - If remote publication was not authorized or not performed, report the release as prepared but not published.
+15. Report immutable or hard-to-recover mistakes honestly.
+   - Bad package version: usually deprecate, yank, or release a new version.
+   - Bad Go module tag: do not assume moving the tag fixes proxy/cache consumers.
+   - Bad Docker tag: distinguish moved tag from old digest still being referenced.
+   - Bad updater metadata: treat as a live channel incident if clients may already have seen it.
+16. Never call a release complete from local tests alone. The completion evidence must name the remote channel and the user installation or update path, or explicitly say that post-publish verification was skipped.
+
+<!-- mustflow-section: postconditions -->
+## Postconditions
+
+- Version bump, release notes, package metadata, manifests, artifacts, workflows, tests, and docs agree.
+- The artifact contents have been inspected through configured evidence, not inferred from the source tree.
+- Remote publication status is classified as not started, prepared, published, verified, failed, yanked, deprecated, superseded, or unknown.
+- User installation, pull, download, or updater smoke test status is known or explicitly reported as skipped.
+- Recovery plan matches the channel's actual permanence and rules.
+
+<!-- mustflow-section: verification -->
+## Verification
+
+Use configured oneshot command intents when available:
+
+- `changes_status`
+- `changes_diff_summary`
+- `lint`
+- `build`
+- `test_related`
+- `test`
+- `docs_validate_fast`
+- `test_release`
+- `mustflow_check`
+
+Prefer configured release, package-inspection, artifact-inspection, install-smoke, updater-smoke, checksum, signature, provenance, or registry-verification intents when the command contract exposes them.
+
+Do not infer package manager, registry, Docker, Git, Homebrew, or updater commands from project files. If the needed intent is missing, report the missing command contract instead of writing a raw command into the skill or final release procedure.
+
+<!-- mustflow-section: failure-handling -->
+## Failure Handling
+
+- If the artifact contents differ from the intended release, stop release claims and fix the source, generated output, or packaging configuration before publication.
+- If the remote registry already contains the version, do not assume overwrite is possible. Report the channel-specific recovery path.
+- If publication succeeds but install smoke fails, treat the release as published but not verified and recommend channel-appropriate mitigation.
+- If a tag, asset, digest, checksum, signature, updater feed, or release body is missing, do not collapse the issue into "workflow failed"; name the missing remote surface.
+- If release evidence comes only from CI logs, report that no independent user-path smoke test was completed unless the configured CI explicitly performs that path.
+- If unpublish, yank, tag movement, channel rollback, or asset deletion is proposed, check host and repository authorization first and report the permanence risk.
+
+<!-- mustflow-section: output-format -->
+## Output Format
+
+- Release target, version, and channel
+- Public API and version bump classification
+- Artifact contents inspected
+- Remote publication state
+- User installation, download, pull, or updater smoke path result
+- Synchronized version, docs, manifest, workflow, and test surfaces
+- Recovery or rollback classification
+- Command intents run
+- Skipped remote, publish, or install checks and reasons
+- Remaining release-publish risk

package/templates/default/locales/en/.mustflow/skills/routes.toml

@@ -108,6 +108,60 @@ route_type = "primary"
 priority = 20
 applies_to_reasons = ["unknown_change", "code_change"]
 
+[routes."api-contract-change"]
+category = "general_code"
+route_type = "primary"
+priority = 82
+applies_to_reasons = ["code_change", "public_api_change", "docs_change", "test_change"]
+
+[routes."typescript-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "test_change"]
+
+[routes."javascript-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "test_change"]
+
+[routes."python-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "test_change"]
+
+[routes."go-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "test_change"]
+
+[routes."rust-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "test_change"]
+
+[routes."dart-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "test_change"]
+
+[routes."hono-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "security_change"]
+
+[routes."elysia-code-change"]
+category = "general_code"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "public_api_change", "security_change"]
+
 [routes."source-anchor-authoring"]
 category = "general_code"
 route_type = "primary"
@@ -156,12 +210,30 @@ route_type = "primary"
 priority = 55
 applies_to_reasons = ["code_change", "behavior_change"]
 
+[routes."database-migration-change"]
+category = "data_external"
+route_type = "primary"
+priority = 82
+applies_to_reasons = ["code_change", "data_change", "migration_change", "public_api_change", "test_change", "docs_change", "security_change"]
+
+[routes."dependency-upgrade-review"]
+category = "data_external"
+route_type = "primary"
+priority = 75
+applies_to_reasons = ["code_change", "docs_change", "security_change", "package_metadata_change", "release_risk"]
+
 [routes."dependency-reality-check"]
 category = "data_external"
 route_type = "adjunct"
 priority = 45
 applies_to_reasons = ["code_change", "docs_change", "security_change"]
 
+[routes."file-path-cross-platform-change"]
+category = "data_external"
+route_type = "primary"
+priority = 78
+applies_to_reasons = ["code_change", "public_api_change", "test_change", "docs_change", "security_change", "package_metadata_change"]
+
 [routes."cross-platform-filesystem-safety"]
 category = "data_external"
 route_type = "adjunct"
@@ -174,6 +246,12 @@ route_type = "primary"
 priority = 55
 applies_to_reasons = ["code_change", "behavior_change"]
 
+[routes."tauri-code-change"]
+category = "data_external"
+route_type = "primary"
+priority = 90
+applies_to_reasons = ["code_change", "security_change", "public_api_change"]
+
 [routes."process-execution-safety"]
 category = "data_external"
 route_type = "primary"
@@ -222,6 +300,18 @@ route_type = "primary"
 priority = 30
 applies_to_reasons = ["security_change", "privacy_change"]
 
+[routes."config-env-change"]
+category = "security_privacy"
+route_type = "primary"
+priority = 35
+applies_to_reasons = ["code_change", "docs_change", "security_change", "privacy_change", "package_metadata_change", "mustflow_config_change"]
+
+[routes."auth-permission-change"]
+category = "security_privacy"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["code_change", "security_change", "privacy_change", "public_api_change"]
+
 [routes."security-regression-tests"]
 category = "security_privacy"
 route_type = "adjunct"
@@ -264,6 +354,48 @@ route_type = "primary"
 priority = 50
 applies_to_reasons = ["ui_change"]
 
+[routes."html-code-change"]
+category = "ui_assets"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["ui_change", "docs_change", "code_change"]
+
+[routes."css-code-change"]
+category = "ui_assets"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["ui_change", "docs_change", "code_change"]
+
+[routes."tailwind-code-change"]
+category = "ui_assets"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["ui_change", "docs_change", "code_change"]
+
+[routes."unocss-code-change"]
+category = "ui_assets"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["ui_change", "docs_change", "code_change"]
+
+[routes."flutter-code-change"]
+category = "ui_assets"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["ui_change", "code_change", "public_api_change"]
+
+[routes."astro-code-change"]
+category = "ui_assets"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["ui_change", "docs_change", "code_change"]
+
+[routes."svelte-code-change"]
+category = "ui_assets"
+route_type = "primary"
+priority = 85
+applies_to_reasons = ["ui_change", "code_change", "public_api_change"]
+
 [routes."pattern-scout"]
 category = "architecture_patterns"
 route_type = "adjunct"
@@ -312,6 +444,12 @@ route_type = "primary"
 priority = 55
 applies_to_reasons = ["release_risk", "docs_change"]
 
+[routes."release-publish-change"]
+category = "docs_release"
+route_type = "primary"
+priority = 58
+applies_to_reasons = ["release_risk", "package_metadata_change", "docs_change", "public_api_change"]
+
 [routes."search-ad-content-authoring"]
 category = "docs_release"
 route_type = "primary"