mustflow 2.22.49 → 2.24.2

package/schemas/workspace-command-catalog.schema.json

@@ -0,0 +1,172 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://mustflow.github.io/schemas/workspace-command-catalog.schema.json",
+  "title": "mustflow workspace command catalog report",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema_version",
+    "command",
+    "mustflow_root",
+    "workspace",
+    "policy",
+    "repository_count",
+    "total_intent_count",
+    "runnable_intent_count",
+    "repositories",
+    "issues"
+  ],
+  "properties": {
+    "schema_version": { "const": "1" },
+    "command": { "const": "workspace command-catalog" },
+    "mustflow_root": { "type": "string" },
+    "workspace": { "$ref": "#/$defs/workspace" },
+    "policy": { "$ref": "#/$defs/policy" },
+    "repository_count": { "type": "integer", "minimum": 0 },
+    "total_intent_count": { "type": "integer", "minimum": 0 },
+    "runnable_intent_count": { "type": "integer", "minimum": 0 },
+    "repositories": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/repository" }
+    },
+    "issues": { "$ref": "#/$defs/stringArray" }
+  },
+  "$defs": {
+    "stringArray": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "nullableString": {
+      "type": ["string", "null"]
+    },
+    "workspace": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "enabled",
+        "roots",
+        "max_depth",
+        "max_repositories",
+        "follow_symlinks",
+        "stop_at_repository_root"
+      ],
+      "properties": {
+        "enabled": { "type": "boolean" },
+        "roots": { "$ref": "#/$defs/stringArray" },
+        "max_depth": { "type": "integer", "minimum": 1 },
+        "max_repositories": { "type": "integer", "minimum": 1 },
+        "follow_symlinks": { "type": "boolean" },
+        "stop_at_repository_root": { "type": "boolean" }
+      }
+    },
+    "policy": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "mode",
+        "grants_command_authority",
+        "parent_root_grants_child_authority",
+        "command_authority_per_root",
+        "run_entrypoint_per_root",
+        "executes_commands",
+        "raw_commands_included"
+      ],
+      "properties": {
+        "mode": { "const": "read_only" },
+        "grants_command_authority": { "const": false },
+        "parent_root_grants_child_authority": { "const": false },
+        "command_authority_per_root": { "const": ".mustflow/config/commands.toml" },
+        "run_entrypoint_per_root": { "const": "mf run <intent>" },
+        "executes_commands": { "const": false },
+        "raw_commands_included": { "const": false }
+      }
+    },
+    "commandSurface": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "path",
+        "exists",
+        "parse_error",
+        "total_intents",
+        "runnable_count",
+        "runnable_intents",
+        "blocked_count"
+      ],
+      "properties": {
+        "path": { "$ref": "#/$defs/nullableString" },
+        "exists": { "type": "boolean" },
+        "parse_error": { "$ref": "#/$defs/nullableString" },
+        "total_intents": { "type": ["integer", "null"], "minimum": 0 },
+        "runnable_count": { "type": ["integer", "null"], "minimum": 0 },
+        "runnable_intents": { "$ref": "#/$defs/stringArray" },
+        "blocked_count": { "type": ["integer", "null"], "minimum": 0 }
+      }
+    },
+    "repository": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "relative_path",
+        "status",
+        "command_contract",
+        "intent_count",
+        "runnable_count",
+        "blocked_count",
+        "intents",
+        "issues"
+      ],
+      "properties": {
+        "relative_path": { "type": "string" },
+        "status": { "enum": ["available", "contract_missing", "contract_invalid"] },
+        "command_contract": { "$ref": "#/$defs/commandSurface" },
+        "intent_count": { "type": "integer", "minimum": 0 },
+        "runnable_count": { "type": "integer", "minimum": 0 },
+        "blocked_count": { "type": "integer", "minimum": 0 },
+        "intents": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/intent" }
+        },
+        "issues": { "$ref": "#/$defs/stringArray" }
+      }
+    },
+    "intent": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "name",
+        "description",
+        "status",
+        "lifecycle",
+        "run_policy",
+        "runnable",
+        "reason_code",
+        "detail",
+        "run_command",
+        "run_from_repository",
+        "timeout_seconds",
+        "required_after",
+        "writes",
+        "network",
+        "destructive"
+      ],
+      "properties": {
+        "name": { "type": "string" },
+        "description": { "$ref": "#/$defs/nullableString" },
+        "status": { "$ref": "#/$defs/nullableString" },
+        "lifecycle": { "$ref": "#/$defs/nullableString" },
+        "run_policy": { "$ref": "#/$defs/nullableString" },
+        "runnable": { "type": "boolean" },
+        "reason_code": { "$ref": "#/$defs/nullableString" },
+        "detail": { "$ref": "#/$defs/nullableString" },
+        "run_command": { "$ref": "#/$defs/nullableString" },
+        "run_from_repository": { "type": "string" },
+        "timeout_seconds": { "type": ["integer", "null"], "minimum": 1 },
+        "required_after": { "$ref": "#/$defs/stringArray" },
+        "writes": { "$ref": "#/$defs/stringArray" },
+        "network": { "type": ["boolean", "null"] },
+        "destructive": { "type": ["boolean", "null"] }
+      }
+    }
+  }
+}

package/schemas/workspace-status.schema.json

@@ -0,0 +1,141 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://mustflow.github.io/schemas/workspace-status.schema.json",
+  "title": "mustflow workspace status report",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema_version",
+    "command",
+    "mustflow_root",
+    "workspace",
+    "policy",
+    "repository_count",
+    "repositories",
+    "issues"
+  ],
+  "properties": {
+    "schema_version": { "const": "1" },
+    "command": { "const": "workspace status" },
+    "mustflow_root": { "type": "string" },
+    "workspace": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "enabled",
+        "roots",
+        "max_depth",
+        "max_repositories",
+        "follow_symlinks",
+        "stop_at_repository_root"
+      ],
+      "properties": {
+        "enabled": { "type": "boolean" },
+        "roots": { "$ref": "#/$defs/stringArray" },
+        "max_depth": { "type": "integer", "minimum": 1 },
+        "max_repositories": { "type": "integer", "minimum": 1 },
+        "follow_symlinks": { "type": "boolean" },
+        "stop_at_repository_root": { "type": "boolean" }
+      }
+    },
+    "policy": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "mode",
+        "grants_command_authority",
+        "parent_root_grants_child_authority",
+        "command_authority_per_root",
+        "run_entrypoint_per_root",
+        "executes_commands",
+        "raw_commands_included"
+      ],
+      "properties": {
+        "mode": { "const": "read_only" },
+        "grants_command_authority": { "const": false },
+        "parent_root_grants_child_authority": { "const": false },
+        "command_authority_per_root": { "const": ".mustflow/config/commands.toml" },
+        "run_entrypoint_per_root": { "const": "mf run <intent>" },
+        "executes_commands": { "const": false },
+        "raw_commands_included": { "const": false }
+      }
+    },
+    "repository_count": { "type": "integer", "minimum": 0 },
+    "repositories": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/repository" }
+    },
+    "issues": { "$ref": "#/$defs/stringArray" }
+  },
+  "$defs": {
+    "stringArray": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "nullableString": {
+      "type": ["string", "null"]
+    },
+    "commandSurface": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "path",
+        "exists",
+        "parse_error",
+        "total_intents",
+        "runnable_count",
+        "runnable_intents",
+        "blocked_count"
+      ],
+      "properties": {
+        "path": { "$ref": "#/$defs/nullableString" },
+        "exists": { "type": "boolean" },
+        "parse_error": { "$ref": "#/$defs/nullableString" },
+        "total_intents": { "type": ["integer", "null"], "minimum": 0 },
+        "runnable_count": { "type": ["integer", "null"], "minimum": 0 },
+        "runnable_intents": { "$ref": "#/$defs/stringArray" },
+        "blocked_count": { "type": ["integer", "null"], "minimum": 0 }
+      }
+    },
+    "repository": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "relative_path",
+        "status",
+        "git_repository",
+        "mustflow",
+        "agent_rules",
+        "repo_map",
+        "mustflow_config",
+        "command_contract",
+        "context_index",
+        "skill_index",
+        "root_document_count",
+        "machine_contract_count",
+        "manifest_count",
+        "command_adapter_count",
+        "editing_policy_count",
+        "issues"
+      ],
+      "properties": {
+        "relative_path": { "type": "string" },
+        "status": { "enum": ["mustflow_ready", "contract_missing", "contract_invalid"] },
+        "git_repository": { "const": true },
+        "mustflow": { "type": "boolean" },
+        "agent_rules": { "$ref": "#/$defs/nullableString" },
+        "repo_map": { "$ref": "#/$defs/nullableString" },
+        "mustflow_config": { "$ref": "#/$defs/nullableString" },
+        "command_contract": { "$ref": "#/$defs/commandSurface" },
+        "context_index": { "$ref": "#/$defs/nullableString" },
+        "skill_index": { "$ref": "#/$defs/nullableString" },
+        "root_document_count": { "type": "integer", "minimum": 0 },
+        "machine_contract_count": { "type": "integer", "minimum": 0 },
+        "manifest_count": { "type": "integer", "minimum": 0 },
+        "command_adapter_count": { "type": "integer", "minimum": 0 },
+        "editing_policy_count": { "type": "integer", "minimum": 0 },
+        "issues": { "$ref": "#/$defs/stringArray" }
+      }
+    }
+  }
+}

package/schemas/workspace-verification-plan.schema.json

@@ -0,0 +1,195 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://mustflow.github.io/schemas/workspace-verification-plan.schema.json",
+  "title": "mustflow workspace verification plan report",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema_version",
+    "command",
+    "mustflow_root",
+    "workspace",
+    "policy",
+    "repository_count",
+    "total_changed_file_count",
+    "total_requirement_count",
+    "total_selected_intent_count",
+    "total_gap_count",
+    "repositories",
+    "issues"
+  ],
+  "properties": {
+    "schema_version": { "const": "1" },
+    "command": { "const": "workspace verify" },
+    "mustflow_root": { "type": "string" },
+    "workspace": { "$ref": "#/$defs/workspace" },
+    "policy": { "$ref": "#/$defs/policy" },
+    "repository_count": { "type": "integer", "minimum": 0 },
+    "total_changed_file_count": { "type": "integer", "minimum": 0 },
+    "total_requirement_count": { "type": "integer", "minimum": 0 },
+    "total_selected_intent_count": { "type": "integer", "minimum": 0 },
+    "total_gap_count": { "type": "integer", "minimum": 0 },
+    "repositories": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/repository" }
+    },
+    "issues": { "$ref": "#/$defs/stringArray" }
+  },
+  "$defs": {
+    "stringArray": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "nullableString": {
+      "type": ["string", "null"]
+    },
+    "workspace": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "enabled",
+        "roots",
+        "max_depth",
+        "max_repositories",
+        "follow_symlinks",
+        "stop_at_repository_root"
+      ],
+      "properties": {
+        "enabled": { "type": "boolean" },
+        "roots": { "$ref": "#/$defs/stringArray" },
+        "max_depth": { "type": "integer", "minimum": 1 },
+        "max_repositories": { "type": "integer", "minimum": 1 },
+        "follow_symlinks": { "type": "boolean" },
+        "stop_at_repository_root": { "type": "boolean" }
+      }
+    },
+    "policy": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "mode",
+        "grants_command_authority",
+        "parent_root_grants_child_authority",
+        "command_authority_per_root",
+        "run_entrypoint_per_root",
+        "executes_commands",
+        "raw_commands_included",
+        "plan_command_per_root",
+        "selected_intents_run_via"
+      ],
+      "properties": {
+        "mode": { "const": "read_only" },
+        "grants_command_authority": { "const": false },
+        "parent_root_grants_child_authority": { "const": false },
+        "command_authority_per_root": { "const": ".mustflow/config/commands.toml" },
+        "run_entrypoint_per_root": { "const": "mf run <intent>" },
+        "executes_commands": { "const": false },
+        "raw_commands_included": { "const": false },
+        "plan_command_per_root": { "const": "mf verify --changed --plan-only --json" },
+        "selected_intents_run_via": { "const": "mf run <intent>" }
+      }
+    },
+    "commandSurface": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "path",
+        "exists",
+        "parse_error",
+        "total_intents",
+        "runnable_count",
+        "runnable_intents",
+        "blocked_count"
+      ],
+      "properties": {
+        "path": { "$ref": "#/$defs/nullableString" },
+        "exists": { "type": "boolean" },
+        "parse_error": { "$ref": "#/$defs/nullableString" },
+        "total_intents": { "type": ["integer", "null"], "minimum": 0 },
+        "runnable_count": { "type": ["integer", "null"], "minimum": 0 },
+        "runnable_intents": { "$ref": "#/$defs/stringArray" },
+        "blocked_count": { "type": ["integer", "null"], "minimum": 0 }
+      }
+    },
+    "repository": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "relative_path",
+        "status",
+        "command_contract",
+        "changed_file_count",
+        "changed_files",
+        "verification_plan_id",
+        "requirement_count",
+        "candidate_count",
+        "selected_intent_count",
+        "gap_count",
+        "selected_intents",
+        "gaps",
+        "issues"
+      ],
+      "properties": {
+        "relative_path": { "type": "string" },
+        "status": {
+          "enum": [
+            "available",
+            "contract_missing",
+            "contract_invalid",
+            "git_unavailable",
+            "plan_unavailable"
+          ]
+        },
+        "command_contract": { "$ref": "#/$defs/commandSurface" },
+        "changed_file_count": { "type": ["integer", "null"], "minimum": 0 },
+        "changed_files": { "$ref": "#/$defs/stringArray" },
+        "verification_plan_id": {
+          "type": ["string", "null"],
+          "pattern": "^sha256:[0-9a-f]{64}$"
+        },
+        "requirement_count": { "type": "integer", "minimum": 0 },
+        "candidate_count": { "type": "integer", "minimum": 0 },
+        "selected_intent_count": { "type": "integer", "minimum": 0 },
+        "gap_count": { "type": "integer", "minimum": 0 },
+        "selected_intents": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/selectedIntent" }
+        },
+        "gaps": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/gap" }
+        },
+        "issues": { "$ref": "#/$defs/stringArray" }
+      }
+    },
+    "selectedIntent": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "intent",
+        "run_command",
+        "run_from_repository",
+        "locks",
+        "conflict_count"
+      ],
+      "properties": {
+        "intent": { "type": "string" },
+        "run_command": { "$ref": "#/$defs/nullableString" },
+        "run_from_repository": { "type": "string" },
+        "locks": { "$ref": "#/$defs/stringArray" },
+        "conflict_count": { "type": "integer", "minimum": 0 }
+      }
+    },
+    "gap": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["reason", "files", "surfaces", "detail"],
+      "properties": {
+        "reason": { "type": "string" },
+        "files": { "$ref": "#/$defs/stringArray" },
+        "surfaces": { "$ref": "#/$defs/stringArray" },
+        "detail": { "type": "string" }
+      }
+    }
+  }
+}

package/templates/default/i18n.toml

@@ -56,7 +56,7 @@ translations = {}
 [documents."skills.index"]
 source = "locales/en/.mustflow/skills/INDEX.md"
 source_locale = "en"
-revision = 81
+revision = 82
 translations = {}
 
 [documents."skill.adapter-boundary"]
@@ -137,6 +137,12 @@ source_locale = "en"
 revision = 1
 translations = {}
 
+[documents."skill.version-freshness-check"]
+source = "locales/en/.mustflow/skills/version-freshness-check/SKILL.md"
+source_locale = "en"
+revision = 1
+translations = {}
+
 [documents."skill.line-ending-hygiene"]
 source = "locales/en/.mustflow/skills/line-ending-hygiene/SKILL.md"
 source_locale = "en"

package/templates/default/locales/en/.mustflow/skills/INDEX.md

@@ -2,7 +2,7 @@
 mustflow_doc: skills.index
 locale: en
 canonical: true
-revision: 81
+revision: 82
 authority: router
 lifecycle: mustflow-owned
 ---
@@ -151,6 +151,7 @@ routes. Event routes stay inactive until their event occurs.
 | Database migration files, schema migration history, ORM schema migrations, generated clients, schema dumps, SQL snapshots, backfills, rolling deploy compatibility, expand-and-contract changes, destructive database changes, migration rollback claims, or production database migration procedures are created, changed, reviewed, or reported | `.mustflow/skills/database-migration-change/SKILL.md` | Source schema, target schema, migration files, migration history, generated clients, schema dumps, SQL snapshots, affected queries, deployment shape, database engine, table size or lock assumptions, backfill plan, rollback type, validation query, and command contract entries | Migration files, ORM schemas, generated clients, schema dumps, SQL snapshots, backfill code, validation checks, seeds, fixtures, compatibility code, docs, tests, and directly synchronized examples | data loss, drop-plus-add rename, old/new app incompatibility, unsafe rolling deploy, unbounded backfill, production lock, generated-client drift, migration-history drift, false rollback claim, ORM autogenerate mistake, or destructive contract mixed with expand phase | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Migration phase, old/new schema compatibility, backfill and validation plan, rollback classification, ORM/generated/schema dump surfaces, dependent surfaces, verification, and remaining database-migration risk |
 | Dependency versions, lockfiles, package-manager metadata, workspace constraints, runtime engines, peer dependencies, optional dependencies, security advisory fixes, generated dependency output, framework plugins, CI actions, Docker base images, package manager behavior, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported | `.mustflow/skills/dependency-upgrade-review/SKILL.md` | Dependency name, old and new versions or ranges, direct or transitive path, ecosystem and package manager, declaration files, lockfiles, runtime or toolchain files, advisory or release-note evidence, generated outputs, callers, docs, package output, Docker or CI surfaces, and command contract entries | Package declarations, lockfiles, generated outputs, compatibility code, tests, docs, package metadata, Docker or CI files, and directly synchronized examples | lockfile churn, hidden transitive replacement, peer or engine break, module-format drift, native or optional package break, framework or generator output drift, unsafe broad security update, weakened tests, Docker or CI runtime drift, or unreviewed supply-chain change | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Upgrade reason, ecosystem surface, direct and transitive graph changes, compatibility classification, runtime/peer/engine/module/feature/platform/generated-output risks, synchronized surfaces, verification, and remaining dependency-upgrade risk |
 | Dependency, package, runtime, framework, tool, command, plugin, service, platform capability, supported-version policy, security patch path, ecosystem maturity claim, maintainer-risk assumption, runtime portability claim, edge or serverless compatibility claim, critical-path library choice, package script, lifecycle hook, binary download, lockfile, audit result, or supply-chain-sensitive dependency surface is assumed, added, removed, imported, invoked, installed, audited, or documented | `.mustflow/skills/dependency-reality-check/SKILL.md` | Assumed dependency or capability, declaration files, version or feature expectation, role criticality, supported-version or end-of-life evidence, patchability expectation, runtime compatibility boundary, maintainer and ecosystem evidence when available, lockfile entry, package script or lifecycle hook, audit or provenance evidence, and relevant command intents | Package metadata, lockfiles, imports, scripts, command contracts, docs, tests, runtime policy notes, portability notes, and reports | unavailable dependency, hallucinated or lookalike package, fragile single-maintainer core dependency, experimental technology in a survival path, unsupported runtime, unclear security patch path, runtime-specific API leakage into core logic, stale version claim, lifecycle script risk, audit suppression, lockfile drift, or install guidance mismatch | `changes_status`, `changes_diff_summary`, `build`, `test_release`, `mustflow_check` | Dependency checked, ecosystem and maintainer-risk boundary reviewed, supported-version, patchability, and runtime-portability boundary reviewed, supply-chain surface reviewed, declarations synchronized, verification, and remaining dependency risk |
+| Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, floating-tag drift, or unverified security/support claim | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Versioned surfaces checked, repository policy and freshness source, selected version track, compatibility classification, approval need, synchronized surfaces, verification, and remaining version-freshness risk |
 | External systems, protocols, SDKs, databases, webhooks, queues, files, object storage, signed upload or download URLs, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, or provider data cross the core boundary or need port/adapter translation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, reconciliation, security, core-state ownership, vendor portability, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, delivery boundary, internal use case, local port/adapter patterns, provider risk, provider failure policy, core-state ownership risk, vendor portability risk, observability identifier policy, API contract risk, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, response mappers, telemetry mappers, timeout and retry policies, circuit breakers, bulkhead boundaries, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, framework business-rule leakage, telemetry backend leakage, storage-key leakage, screen-shaped API coupling, pass-through wrapper, SaaS dashboard as truth source, search or analytics policy leakage, queue contract leakage, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, missing circuit breaker, missing bulkhead, unresolved unknown provider outcome, broken identifier propagation, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, delivery adapter responsibility, internal port, provider containment, core-state ownership, vendor portability, validation and mapping, API response mapping, observability identifier flow, timeout/retry/circuit-breaker/bulkhead/idempotency handling, reconciliation behavior, security notes, verification, and remaining provider risk |
 | Tauri frontend invokes, Rust commands, capabilities, permissions, scopes, plugins, filesystem, dialog, shell, opener, updater, sidecar, or mobile native permissions are created or changed | `.mustflow/skills/tauri-code-change/SKILL.md` | Frontend call sites, Tauri config, Rust commands, capability and permission files, plugin config, changed files, and command contract entries | Tauri frontend, Rust commands, capabilities, permissions, scopes, plugins, tests, and docs | broad native permission, untrusted IPC input, filesystem escape, shell or updater risk, or WebView/native boundary drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | IPC, permission, scope, filesystem, shell, updater, and native boundary checked, verification, and remaining Tauri risk |
 | File path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, or package artifact paths are created, changed, reviewed, or reported | `.mustflow/skills/file-path-cross-platform-change/SKILL.md` | Path ledger, trust classes, accepted path representation, base root, path helpers, safe filesystem wrappers, temp/cache helpers, lock policy, archive policy, upload/download policy, scanner policy, CLI/API/schema/snapshot/generated/package surfaces, platform expectations, and command contract entries | Path validators, helpers, wrappers, schemas, CLI/API parsing, snapshots, fixtures, docs, tests, generated-output paths, package artifact paths, archive extraction, scanner bounds, temp/cache handling, locks, and cleanup code | path traversal, base containment bypass, drive-relative path bug, reserved-name bug, case-collision bug, symlink or junction escape, unsafe archive extraction, non-atomic write claim, stale lock, scanner loop, cleanup data loss, path contract drift, or package artifact path drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path contract, path ledger, trust classes, root policy, Windows/macOS/Linux/archive/upload/download/scanner/lock/temp/cache/atomic/cleanup decisions, synchronized contract surfaces, verification, and remaining path risk |

package/templates/default/locales/en/.mustflow/skills/routes.toml

@@ -228,6 +228,12 @@ route_type = "adjunct"
 priority = 45
 applies_to_reasons = ["code_change", "docs_change", "security_change"]
 
+[routes."version-freshness-check"]
+category = "data_external"
+route_type = "adjunct"
+priority = 68
+applies_to_reasons = ["code_change", "docs_change", "package_metadata_change", "mustflow_config_change", "release_risk"]
+
 [routes."file-path-cross-platform-change"]
 category = "data_external"
 route_type = "primary"