mustflow 2.22.5 → 2.22.9

package/dist/cli/lib/local-index/workflow-documents.js

@@ -0,0 +1,204 @@
+import { existsSync } from 'node:fs';
+import path from 'node:path';
+import { listFilesRecursive, toPosixPath } from '../filesystem.js';
+import { readMustflowTextFile } from '../mustflow-read.js';
+import { MAX_SNIPPET_BYTES_PER_DOCUMENT } from './constants.js';
+import { sha256Text } from './hashing.js';
+export function getExistingIndexablePaths(projectRoot) {
+    const paths = new Set();
+    const addIfExists = (relativePath) => {
+        if (existsSync(path.join(projectRoot, ...relativePath.split('/')))) {
+            paths.add(relativePath);
+        }
+    };
+    addIfExists('AGENTS.md');
+    for (const relativePath of listFilesRecursive(path.join(projectRoot, '.mustflow', 'docs'))) {
+        if (relativePath.endsWith('.md')) {
+            paths.add(toPosixPath(path.join('.mustflow', 'docs', relativePath)));
+        }
+    }
+    for (const relativePath of listFilesRecursive(path.join(projectRoot, '.mustflow', 'context'))) {
+        if (relativePath.endsWith('.md')) {
+            paths.add(toPosixPath(path.join('.mustflow', 'context', relativePath)));
+        }
+    }
+    for (const relativePath of listFilesRecursive(path.join(projectRoot, '.mustflow', 'skills'))) {
+        if (relativePath === 'INDEX.md' || relativePath.endsWith('/SKILL.md')) {
+            paths.add(toPosixPath(path.join('.mustflow', 'skills', relativePath)));
+        }
+    }
+    for (const relativePath of listFilesRecursive(path.join(projectRoot, '.mustflow', 'config'))) {
+        if (relativePath.endsWith('.toml')) {
+            paths.add(toPosixPath(path.join('.mustflow', 'config', relativePath)));
+        }
+    }
+    return Array.from(paths).sort((left, right) => left.localeCompare(right));
+}
+export function readText(projectRoot, relativePath) {
+    return readMustflowTextFile(projectRoot, relativePath);
+}
+function getDocumentType(relativePath) {
+    if (relativePath === 'AGENTS.md') {
+        return 'agent_rules';
+    }
+    if (relativePath.startsWith('.mustflow/config/')) {
+        return 'config';
+    }
+    if (relativePath === '.mustflow/skills/INDEX.md') {
+        return 'skill_index';
+    }
+    if (relativePath === '.mustflow/context/INDEX.md') {
+        return 'context_index';
+    }
+    if (relativePath.startsWith('.mustflow/context/')) {
+        return 'context';
+    }
+    if (relativePath.endsWith('/SKILL.md')) {
+        return 'skill';
+    }
+    if (relativePath.startsWith('.mustflow/docs/')) {
+        return 'workflow_doc';
+    }
+    return 'document';
+}
+function parseFrontmatter(content) {
+    if (!content.startsWith('---')) {
+        return {};
+    }
+    const end = content.indexOf('\n---', 3);
+    if (end === -1) {
+        return {};
+    }
+    const result = {};
+    const rawFrontmatter = content.slice(3, end);
+    for (const line of rawFrontmatter.split(/\r?\n/)) {
+        const separatorIndex = line.indexOf(':');
+        if (separatorIndex === -1) {
+            continue;
+        }
+        const key = line.slice(0, separatorIndex).trim();
+        const value = line.slice(separatorIndex + 1).trim();
+        if (key.length > 0 && value.length > 0) {
+            result[key] = value;
+        }
+    }
+    return result;
+}
+function getTitle(relativePath, content) {
+    const heading = content.match(/^#\s+(.+)$/mu)?.[1]?.trim();
+    return heading && heading.length > 0 ? heading : path.posix.basename(relativePath);
+}
+function getSections(content) {
+    return [...content.matchAll(/^##\s+(.+)$/gmu)].map((match) => match[1]?.trim()).filter((value) => Boolean(value));
+}
+function truncateUtf8(value, maxBytes) {
+    const buffer = Buffer.from(value, 'utf8');
+    if (buffer.byteLength <= maxBytes) {
+        return value;
+    }
+    return buffer.subarray(0, maxBytes).toString('utf8').replace(/\uFFFD$/u, '');
+}
+export function collectDocumentsFromPaths(projectRoot, relativePaths) {
+    return relativePaths.map((relativePath) => {
+        const content = readText(projectRoot, relativePath);
+        const frontmatter = parseFrontmatter(content);
+        const revision = Number.parseInt(frontmatter.revision ?? '', 10);
+        return {
+            path: relativePath,
+            type: getDocumentType(relativePath),
+            title: getTitle(relativePath, content),
+            locale: frontmatter.locale ?? null,
+            revision: Number.isInteger(revision) ? revision : null,
+            contentHash: sha256Text(content),
+            contentSnippet: truncateUtf8(content, MAX_SNIPPET_BYTES_PER_DOCUMENT),
+            sections: getSections(content),
+        };
+    });
+}
+export function collectDocuments(projectRoot) {
+    return collectDocumentsFromPaths(projectRoot, getExistingIndexablePaths(projectRoot));
+}
+export function collectSkills(documents) {
+    return documents
+        .filter((document) => document.type === 'skill')
+        .map((document) => ({
+        name: document.path.split('/').at(-2) ?? document.title,
+        path: document.path,
+        title: document.title,
+    }))
+        .sort((left, right) => left.name.localeCompare(right.name));
+}
+function normalizeMarkdownCell(value) {
+    return value
+        .replace(/<br\s*\/?>/giu, ' ')
+        .replace(/`([^`]+)`/gu, '$1')
+        .replace(/\s+/gu, ' ')
+        .trim();
+}
+function parseMarkdownTableRow(line) {
+    return line
+        .trim()
+        .replace(/^\|/u, '')
+        .replace(/\|$/u, '')
+        .split('|')
+        .map((cell) => normalizeMarkdownCell(cell));
+}
+function isMarkdownSeparatorRow(cells) {
+    return cells.length > 0 && cells.every((cell) => /^:?-{3,}:?$/u.test(cell));
+}
+function skillNameFromPath(skillPath) {
+    return skillPath.split('/').at(-2) ?? path.posix.basename(skillPath, '.md');
+}
+export function splitVerificationIntents(value) {
+    return value
+        .split(',')
+        .map((item) => item.trim())
+        .filter(Boolean)
+        .sort((left, right) => left.localeCompare(right));
+}
+export function skillRouteKey(route) {
+    return `${route.skillName}\u0000${route.trigger}`;
+}
+export function collectSkillRoutes(projectRoot) {
+    const indexPath = path.join(projectRoot, '.mustflow', 'skills', 'INDEX.md');
+    if (!existsSync(indexPath)) {
+        return [];
+    }
+    const content = readMustflowTextFile(projectRoot, '.mustflow/skills/INDEX.md');
+    const routes = [];
+    let inRouteTable = false;
+    for (const line of content.split(/\r?\n/u)) {
+        if (!line.trim().startsWith('|')) {
+            if (inRouteTable && line.trim() === '') {
+                inRouteTable = false;
+            }
+            continue;
+        }
+        const cells = parseMarkdownTableRow(line);
+        if (cells.includes('Skill Document') && cells.includes('Trigger')) {
+            inRouteTable = true;
+            continue;
+        }
+        if (!inRouteTable || isMarkdownSeparatorRow(cells) || cells.length < 7) {
+            continue;
+        }
+        const [trigger, skillPath, requiredInput, editScope, risk, verificationIntents, expectedOutput] = cells;
+        if (!skillPath?.startsWith('.mustflow/skills/') || !skillPath.endsWith('/SKILL.md')) {
+            continue;
+        }
+        routes.push({
+            skillName: skillNameFromPath(skillPath),
+            skillPath,
+            trigger: trigger ?? '',
+            requiredInput: requiredInput ?? '',
+            editScope: editScope ?? '',
+            risk: risk ?? '',
+            verificationIntents: splitVerificationIntents(verificationIntents ?? ''),
+            expectedOutput: expectedOutput ?? '',
+        });
+    }
+    return routes.sort((left, right) => {
+        const skillOrder = left.skillName.localeCompare(right.skillName);
+        return skillOrder === 0 ? left.trigger.localeCompare(right.trigger) : skillOrder;
+    });
+}

package/dist/cli/lib/run-root-trust.js

@@ -0,0 +1,27 @@
+import { MANIFEST_LOCK_RELATIVE_PATH, readManifestLock } from './manifest-lock.js';
+export const ALLOW_UNTRUSTED_ROOT_OPTION = '--allow-untrusted-root';
+export function assessRunRootTrust(projectRoot) {
+    const readResult = readManifestLock(projectRoot);
+    if (readResult.kind === 'present') {
+        return {
+            trusted: true,
+            reason: 'manifest_lock_present',
+            manifestLockPath: readResult.lockPath,
+            detail: null,
+        };
+    }
+    if (readResult.kind === 'invalid') {
+        return {
+            trusted: false,
+            reason: 'manifest_lock_invalid',
+            manifestLockPath: readResult.lockPath,
+            detail: readResult.message,
+        };
+    }
+    return {
+        trusted: false,
+        reason: 'manifest_lock_missing',
+        manifestLockPath: readResult.lockPath,
+        detail: MANIFEST_LOCK_RELATIVE_PATH,
+    };
+}

package/dist/core/change-classification-policy.js

@@ -0,0 +1,47 @@
+export const CHANGE_CLASSIFICATION_POLICY_VERSION = '1';
+function surface(kind, category, isPublicSurface, validationReasons, affectedContracts, updatePolicy, driftChecks) {
+    return {
+        kind,
+        category,
+        isPublicSurface,
+        validationReasons,
+        affectedContracts,
+        updatePolicy,
+        driftChecks,
+    };
+}
+export const UNKNOWN_CHANGE_REASON = 'unknown_change';
+export const UNKNOWN_SURFACE = surface('unclassified_path', 'unknown', false, [UNKNOWN_CHANGE_REASON], ['unclassified repository path'], 'not_applicable', ['classification rule coverage']);
+function rule(id, match, changeKinds, surfaceContract) {
+    return {
+        id,
+        match,
+        changeKinds,
+        surface: surfaceContract,
+    };
+}
+export const CHANGE_CLASSIFICATION_RULE_DEFINITIONS = [
+    rule('readme_page', /^README\.md$/u, ['documentation'], surface('readme_page', 'documentation', true, ['docs_change', 'copy_change'], ['public documentation', 'command examples'], 'update', ['link targets', 'command examples', 'package metadata references'])),
+    rule('docs_site_translation', /^docs-site\/src\/content\/docs\/(?!en\/)[^/]+\//u, ['documentation', 'translation'], surface('docs_site_translation', 'documentation', true, ['docs_change', 'i18n_change'], ['documentation site', 'localized content', 'navigation links'], 'update_or_mark_stale', ['source page parity', 'navigation links', 'localized examples'])),
+    rule('docs_site_page', /^docs-site\/src\/content\/docs\//u, ['documentation'], surface('docs_site_page', 'documentation', true, ['docs_change'], ['documentation site', 'navigation links', 'localized content'], 'update', ['navigation links', 'localized copies', 'command examples'])),
+    rule('installed_template_translation', /^templates\/[^/]+\/locales\/[^/]+\//u, ['installed_template', 'translation'], surface('installed_template_translation', 'installed-template', true, ['i18n_change', 'template_version_change'], ['installed template files', 'localized workflow documents', 'template i18n metadata'], 'update_or_mark_stale', ['template i18n metadata', 'localized frontmatter', 'source revision'])),
+    rule('installed_template', /^templates\/[^/]+\//u, ['installed_template'], surface('installed_template', 'installed-template', true, ['template_version_change', 'packaging_change'], ['installed template files', 'package contents', 'template manifest'], 'update', ['template manifest', 'package inventory', 'localized copies'])),
+    rule('workflow_root', /^(AGENTS\.md|\.mustflow\/(?:docs|context|skills|config)\/)/u, ['workflow'], surface('workflow_root', 'workflow', true, ['mustflow_docs_change', 'mustflow_config_change'], ['agent workflow contract', 'command contract', 'installed workflow files'], 'update', ['strict workflow validation', 'installed template parity', 'skill route alignment'])),
+    rule('host_instruction', /^(CLAUDE\.md|GEMINI\.md|\.github\/copilot-instructions\.md|\.cursor\/rules\/[^/]+\.(?:md|mdc))$/u, ['workflow', 'host_instruction'], surface('host_instruction', 'workflow', true, ['mustflow_docs_change'], ['host instruction compatibility', 'agent workflow contract', 'command contract boundary'], 'update_or_mark_stale', ['host instruction conflicts', 'command contract boundary'])),
+    rule('example', /^examples\//u, ['example'], surface('example', 'example', true, ['docs_change', 'public_api_change'], ['generated examples', 'human-readable examples'], 'update', ['example commands', 'linked docs', 'public behavior claims'])),
+    rule('schema_contract', /^schemas\//u, ['schema'], surface('schema_contract', 'contract', true, ['public_api_change', 'release_risk'], ['JSON schema', 'machine-readable output contract'], 'update', ['schema tests', 'documented JSON fields', 'package inventory'])),
+    rule('package_metadata', /^package\.json$/u, ['package_metadata'], surface('package_metadata', 'release', true, ['package_metadata_change', 'release_risk'], ['npm package metadata', 'published package contents'], 'update', ['package metadata tests', 'version source discovery', 'published file inventory'])),
+    rule('test_fixture', /^tests\/fixtures\//u, ['test_fixture'], surface('test_fixture', 'test', false, ['test_change'], ['regression fixture inputs'], 'not_applicable', ['fixture safety', 'test route coverage'])),
+    rule('test_contract', /^tests\//u, ['test'], surface('test_contract', 'test', false, ['test_change'], ['test behavior contract'], 'not_applicable', ['related test selection'])),
+    rule('implementation', /^(src|scripts)\//u, ['implementation'], surface('implementation', 'code', false, ['code_change'], ['runtime behavior when exported through CLI or package output'], 'not_applicable', ['related tests', 'build output'])),
+];
+export function listChangeClassificationPolicyRuleDescriptors() {
+    return CHANGE_CLASSIFICATION_RULE_DEFINITIONS.map((classificationRule) => ({
+        id: classificationRule.id,
+        patternKind: 'regexp',
+        pattern: classificationRule.match.source,
+        patternFlags: classificationRule.match.flags,
+        changeKinds: classificationRule.changeKinds,
+        surface: classificationRule.surface,
+    }));
+}

package/dist/core/change-classification.js

@@ -1,47 +1,21 @@
+import { CHANGE_CLASSIFICATION_RULE_DEFINITIONS, UNKNOWN_SURFACE, listChangeClassificationPolicyRuleDescriptors, } from './change-classification-policy.js';
 export const PUBLIC_SURFACE_UPDATE_POLICIES = [
     'update',
     'update_or_mark_stale',
     'not_applicable',
 ];
-function surface(kind, category, isPublicSurface, validationReasons, affectedContracts, updatePolicy, driftChecks) {
+function compileRule(definition) {
     return {
-        kind,
-        category,
-        isPublicSurface,
-        validationReasons,
-        affectedContracts,
-        updatePolicy,
-        driftChecks,
-    };
-}
-const UNKNOWN_CHANGE_REASON = 'unknown_change';
-const UNKNOWN_SURFACE = surface('unclassified_path', 'unknown', false, [UNKNOWN_CHANGE_REASON], ['unclassified repository path'], 'not_applicable', ['classification rule coverage']);
-function rule(id, match, changeKinds, surfaceContract) {
-    return {
-        id,
+        id: definition.id,
         patternKind: 'regexp',
-        pattern: match.source,
-        patternFlags: match.flags,
-        match,
-        changeKinds,
-        surface: surfaceContract,
+        pattern: definition.match.source,
+        patternFlags: definition.match.flags,
+        match: definition.match,
+        changeKinds: definition.changeKinds,
+        surface: definition.surface,
     };
 }
-const CHANGE_CLASSIFICATION_RULES = [
-    rule('readme_page', /^README\.md$/u, ['documentation'], surface('readme_page', 'documentation', true, ['docs_change', 'copy_change'], ['public documentation', 'command examples'], 'update', ['link targets', 'command examples', 'package metadata references'])),
-    rule('docs_site_translation', /^docs-site\/src\/content\/docs\/(?!en\/)[^/]+\//u, ['documentation', 'translation'], surface('docs_site_translation', 'documentation', true, ['docs_change', 'i18n_change'], ['documentation site', 'localized content', 'navigation links'], 'update_or_mark_stale', ['source page parity', 'navigation links', 'localized examples'])),
-    rule('docs_site_page', /^docs-site\/src\/content\/docs\//u, ['documentation'], surface('docs_site_page', 'documentation', true, ['docs_change'], ['documentation site', 'navigation links', 'localized content'], 'update', ['navigation links', 'localized copies', 'command examples'])),
-    rule('installed_template_translation', /^templates\/[^/]+\/locales\/[^/]+\//u, ['installed_template', 'translation'], surface('installed_template_translation', 'installed-template', true, ['i18n_change', 'template_version_change'], ['installed template files', 'localized workflow documents', 'template i18n metadata'], 'update_or_mark_stale', ['template i18n metadata', 'localized frontmatter', 'source revision'])),
-    rule('installed_template', /^templates\/[^/]+\//u, ['installed_template'], surface('installed_template', 'installed-template', true, ['template_version_change', 'packaging_change'], ['installed template files', 'package contents', 'template manifest'], 'update', ['template manifest', 'package inventory', 'localized copies'])),
-    rule('workflow_root', /^(AGENTS\.md|\.mustflow\/(?:docs|context|skills|config)\/)/u, ['workflow'], surface('workflow_root', 'workflow', true, ['mustflow_docs_change', 'mustflow_config_change'], ['agent workflow contract', 'command contract', 'installed workflow files'], 'update', ['strict workflow validation', 'installed template parity', 'skill route alignment'])),
-    rule('host_instruction', /^(CLAUDE\.md|GEMINI\.md|\.github\/copilot-instructions\.md|\.cursor\/rules\/[^/]+\.(?:md|mdc))$/u, ['workflow', 'host_instruction'], surface('host_instruction', 'workflow', true, ['mustflow_docs_change'], ['host instruction compatibility', 'agent workflow contract', 'command contract boundary'], 'update_or_mark_stale', ['host instruction conflicts', 'command contract boundary'])),
-    rule('example', /^examples\//u, ['example'], surface('example', 'example', true, ['docs_change', 'public_api_change'], ['generated examples', 'human-readable examples'], 'update', ['example commands', 'linked docs', 'public behavior claims'])),
-    rule('schema_contract', /^schemas\//u, ['schema'], surface('schema_contract', 'contract', true, ['public_api_change', 'release_risk'], ['JSON schema', 'machine-readable output contract'], 'update', ['schema tests', 'documented JSON fields', 'package inventory'])),
-    rule('package_metadata', /^package\.json$/u, ['package_metadata'], surface('package_metadata', 'release', true, ['package_metadata_change', 'release_risk'], ['npm package metadata', 'published package contents'], 'update', ['package metadata tests', 'version source discovery', 'published file inventory'])),
-    rule('test_fixture', /^tests\/fixtures\//u, ['test_fixture'], surface('test_fixture', 'test', false, ['test_change'], ['regression fixture inputs'], 'not_applicable', ['fixture safety', 'test route coverage'])),
-    rule('test_contract', /^tests\//u, ['test'], surface('test_contract', 'test', false, ['test_change'], ['test behavior contract'], 'not_applicable', ['related test selection'])),
-    rule('implementation', /^(src|scripts)\//u, ['implementation'], surface('implementation', 'code', false, ['code_change'], ['runtime behavior when exported through CLI or package output'], 'not_applicable', ['related tests', 'build output'])),
-];
+const CHANGE_CLASSIFICATION_RULES = CHANGE_CLASSIFICATION_RULE_DEFINITIONS.map(compileRule);
 function uniqueSorted(values) {
     return [...new Set(values)].sort((left, right) => left.localeCompare(right));
 }
@@ -93,14 +67,7 @@ export function classifyChangePath(relativePath) {
     };
 }
 export function listChangeClassificationRuleDescriptors() {
-    return CHANGE_CLASSIFICATION_RULES.map((classificationRule) => ({
-        id: classificationRule.id,
-        patternKind: classificationRule.patternKind,
-        pattern: classificationRule.pattern,
-        patternFlags: classificationRule.patternFlags,
-        changeKinds: classificationRule.changeKinds,
-        surface: classificationRule.surface,
-    }));
+    return listChangeClassificationPolicyRuleDescriptors();
 }
 export function listChangeClassificationValidationReasons() {
     return uniqueSorted([

package/dist/core/contract-lint.js

@@ -14,6 +14,7 @@ const CONTRACT_LINT_SOURCE_FILES = [
     '.mustflow/docs/agent-workflow.md',
     'AGENTS.md',
     'src/core/change-classification.ts',
+    'src/core/change-classification-policy.ts',
 ];
 export const DOCUMENTED_VERIFICATION_REASONS = [
     'before_publish',
@@ -49,7 +50,10 @@ const RELEASE_SENSITIVE_REASONS = new Set([
 ]);
 const COMMANDS_CONFIG_PATH = '.mustflow/config/commands.toml';
 const SKILL_INDEX_PATH = '.mustflow/skills/INDEX.md';
-const CHANGE_CLASSIFICATION_SOURCE_PATH = 'src/core/change-classification.ts';
+const CHANGE_CLASSIFICATION_SOURCE_PATHS = [
+    'src/core/change-classification.ts',
+    'src/core/change-classification-policy.ts',
+];
 const AGENT_WORKFLOW_PATH = '.mustflow/docs/agent-workflow.md';
 const PACKAGE_SCRIPT_RUNNERS = new Set(['bun', 'npm', 'pnpm', 'yarn']);
 const MAKEFILE_CANDIDATES = ['Makefile', 'makefile'];
@@ -413,7 +417,7 @@ function classifyReasonSource(reason, knownClassificationReasons, documentedVeri
 function buildRelatedDocs(source, relatedSkills) {
     const docs = [COMMANDS_CONFIG_PATH];
     if (source === 'classification') {
-        docs.push(CHANGE_CLASSIFICATION_SOURCE_PATH);
+        docs.push(...CHANGE_CLASSIFICATION_SOURCE_PATHS);
     }
     if (source === 'documented') {
         docs.push(AGENT_WORKFLOW_PATH);

package/dist/core/correlation-id.js

@@ -0,0 +1,16 @@
+import { randomBytes } from 'node:crypto';
+export const CORRELATION_ID_PATTERN = '^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$';
+const CORRELATION_ID_REGEX = new RegExp(CORRELATION_ID_PATTERN);
+function normalizeCorrelationScope(scope) {
+    const normalized = scope
+        .toLowerCase()
+        .replace(/[^a-z0-9_-]+/g, '_')
+        .replace(/^_+|_+$/g, '');
+    return /^[a-z][a-z0-9_-]*$/.test(normalized) ? normalized : 'event';
+}
+export function createCorrelationId(scope) {
+    return `mf-${normalizeCorrelationScope(scope)}-${randomBytes(8).toString('hex')}`;
+}
+export function isCorrelationId(value) {
+    return typeof value === 'string' && CORRELATION_ID_REGEX.test(value);
+}

package/dist/core/run-receipt.js

@@ -225,6 +225,7 @@ export function createRunReceipt(input) {
     return {
         schema_version: RUN_RECEIPT_SCHEMA_VERSION,
         command: 'run',
+        correlation_id: input.correlationId,
         intent: input.intent,
         status: input.status,
         timed_out: input.timedOut,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mustflow",
-  "version": "2.22.5",
+  "version": "2.22.9",
   "description": "Agent workflow documents and CLI for mustflow repository roots.",
   "type": "module",
   "license": "MIT-0",
@@ -36,10 +36,13 @@
     "test:coverage": "bun run build && node scripts/run-cli-tests.mjs coverage",
     "test:audit": "node scripts/audit-tests.mjs --json",
     "test:release": "bun run build && node scripts/run-cli-tests.mjs release",
+    "test:fast:node": "npm run build && node scripts/run-cli-tests.mjs fast",
+    "test:release:node": "npm run build && node scripts/run-cli-tests.mjs release",
     "test:full": "bun run build && node scripts/run-cli-tests.mjs full-auto",
     "test:full:auto": "bun run build && node scripts/run-cli-tests.mjs full-auto",
     "test:full:serial": "bun run build && node scripts/run-cli-tests.mjs full",
     "check": "bun run check:package && bun run test:full",
+    "check:core:node": "node scripts/run-node-core-check.mjs",
     "check:package": "node -e \"const fs=require('fs'); JSON.parse(fs.readFileSync('package.json','utf8')); console.log('package.json ok')\"",
     "check:typecheck": "tsc -p tsconfig.json --noEmit",
     "prepack": "npm run build",

package/schemas/README.md

@@ -48,6 +48,10 @@ Current schemas:
 These schemas define stable, automation-facing fields. Human-readable command  
 output is intentionally excluded.
 
+Current `classify`, `verify`, `run`, dashboard export, and verify state outputs may include
+`correlation_id` so local artifacts from one work incident can be connected without storing raw
+transcripts, environment values, or hidden reasoning.
+
 The published schema surface is tracked in `src/core/public-json-contracts.ts`.  
 Release tests verify consistency between this manifest, `schemas/*.schema.json`,  
 `npm pack --dry-run --json`, and the installed package’s JSON command output.

package/schemas/change-verification-report.schema.json

@@ -29,6 +29,10 @@
     "classification_summary": {
       "$ref": "#/$defs/classificationSummary"
     },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "verification_plan_id": {
       "type": "string",
       "pattern": "^sha256:[0-9a-f]{64}$"

package/schemas/classify-report.schema.json

@@ -16,6 +16,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "classify" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "mustflow_root": { "type": "string" },
     "source": { "enum": ["changed", "paths"] },
     "files": {

package/schemas/dashboard-export.schema.json

@@ -20,6 +20,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "dashboard export" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "format": { "enum": ["html", "json"] },
     "generated_at": { "type": "string" },
     "mustflow_root": { "type": "string" },

package/schemas/latest-run-pointer.schema.json

@@ -23,6 +23,10 @@
     "schema_version": { "const": "1" },
     "command": { "const": "verify" },
     "kind": { "const": "verify_run_summary" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "reason": { "type": "string" },
     "reasons": {
       "type": "array",

package/schemas/run-receipt.schema.json

@@ -34,6 +34,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "run" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "intent": { "type": "string" },
     "status": { "enum": ["passed", "failed", "timed_out", "start_failed", "output_limit_exceeded"] },
     "timed_out": { "type": "boolean" },

package/schemas/verify-report.schema.json

@@ -23,6 +23,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "verify" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "mustflow_root": { "type": "string" },
     "reason": { "type": "string" },
     "reasons": {

package/schemas/verify-run-manifest.schema.json

@@ -20,6 +20,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "verify" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "reason": { "type": "string" },
     "reasons": {
       "type": "array",

package/templates/default/i18n.toml

@@ -74,7 +74,7 @@ translations = {}
 [documents."skill.architecture-deepening-review"]
 source = "locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md"
 source_locale = "en"
-revision = 1
+revision = 2
 translations = {}
 
 [documents."skill.behavior-preserving-refactor"]
@@ -325,7 +325,7 @@ translations = {}
 [documents."skill.security-privacy-review"]
 source = "locales/en/.mustflow/skills/security-privacy-review/SKILL.md"
 source_locale = "en"
-revision = 16
+revision = 17
 translations = {}
 
 [documents."skill.security-regression-tests"]
@@ -349,7 +349,7 @@ translations = {}
 [documents."skill.test-design-guard"]
 source = "locales/en/.mustflow/skills/test-design-guard/SKILL.md"
 source_locale = "en"
-revision = 1
+revision = 2
 translations = {}
 
 [documents."skill.test-maintenance"]

package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md

@@ -2,7 +2,7 @@
 mustflow_doc: skill.architecture-deepening-review
 locale: en
 canonical: true
-revision: 1
+revision: 2
 lifecycle: mustflow-owned
 authority: procedure
 name: architecture-deepening-review
@@ -37,6 +37,7 @@ This is a review-first skill. It helps decide whether code needs a deeper module
 ## Use When
 
 - The user asks for architecture review, module boundaries, structural improvement, codebase deepening, maintainability review, or testability improvement.
+- The user asks where a design will break first as it grows, which responsibility boundary is most likely to blur, or whether a module, service, database owner, permission model, deployment unit, or failure boundary is still clear enough.
 - A file, module, service, handler, command, controller, or test suite looks broad enough that the next edit may add another responsibility.
 - Code exposes internal steps to many callers, repeats orchestration, or makes tests hard because policy, I/O, formatting, and dispatch are mixed.
 - A shallow wrapper adds naming without hiding complexity, or a helper has become a pass-through layer around many unrelated concerns.
@@ -57,6 +58,7 @@ This is a review-first skill. It helps decide whether code needs a deeper module
 - Target area, current pain, and the user-facing or maintainer-facing reason to inspect architecture.
 - Relevant source files, call sites, exports, tests, fixtures, schemas, templates, or documentation that show current behavior and ownership.
 - Local patterns for modules, boundaries, naming, errors, dependency direction, and tests.
+- The data owner, write path, failure mode, and expected 3x, 10x, or 100x growth pressure when the review is about a design rather than only a file split.
 - Current changed-file list when the worktree is already dirty.
 - Relevant command-intent contract entries for verification.
 
@@ -88,7 +90,22 @@ This is a review-first skill. It helps decide whether code needs a deeper module
 3. Identify one to three candidate boundaries.
    - Each candidate must name the responsibility it would hide or clarify.
    - Reject candidates that only rename, wrap, or move code without lowering caller complexity or test cost.
-4. Score each candidate from 1 to 9.
+4. Force the design through the ownership and failure questions before scoring.
+   - Name the first likely mixed-responsibility boundary. Common early failures are business rules leaking into controllers, repositories, external adapters, UI components, or framework-specific handlers.
+   - Name the final owner for important data. The owner is the module that protects the invariant, not necessarily the module that reads the value most often.
+   - Separate original state from cache, search index, analytics, summary, AI output, provider response, or other derived state.
+   - Identify every direct write path for high-impact fields such as status, role, permission, balance, quota, plan, entitlement, deleted state, payment state, or ownership.
+   - Ask whether a failure creates a visible failure state or silently creates false success. High-impact paths such as authorization, payment, entitlement, deletion, and destructive administration should fail closed.
+   - Ask whether duplicate requests, retries, webhook redelivery, queue replay, or worker restart can repeat a harmful effect. If yes, require an idempotency, ledger, outbox, or reconciliation boundary before calling the design safe.
+5. Check growth pressure in concrete stages.
+   - At 3x scale, look first for implementation-quality failures: missing indexes, N+1 reads, large responses, synchronous file or image work, repeated external calls, and insufficient connection pools.
+   - At 10x scale, look first for ownership and state failures: write hot spots, queue delay, cache invalidation, server-local files, scattered permission rules, external API rate limits, and deployment units that change for unrelated reasons.
+   - At 100x scale, look first for partitioning and operational failures: data split boundaries, tenant or region hot spots, retry storms, external dependency isolation, long deploy recovery, missing observability, and manual-only recovery paths.
+6. Check scaling direction without forcing premature distribution.
+   - A small team may start with one larger server or a simple server set, but request handlers should not depend on process memory, local uploads, duplicate cron execution, in-transaction external calls, or server-specific job state.
+   - Application servers should be able to become stateless. Databases may start with vertical scaling, but the design should not block read replicas, read models, queue-backed work, or future data partitioning.
+   - Horizontal scaling is only real if any server can handle the same request, workers can safely duplicate or retry work, and database writes do not all converge on an uncontrolled hot spot.
+7. Score each candidate from 1 to 9.
    - User value: whether the structure protects a user-visible or public contract.
    - Maintenance value: whether future changes become smaller or less error-prone.
    - Blast radius: how many callers, files, schemas, templates, or docs would change.
@@ -111,6 +128,8 @@ This is a review-first skill. It helps decide whether code needs a deeper module
 
 - The output contains a ranked architecture candidate list or one scoped structural change.
 - Any chosen change has a named reason tied to lower change cost, lower defect risk, or better testability.
+- Important data has a named owner, write path, original-or-derived classification, and failure behavior when the reviewed design touches durable state.
+- Growth pressure is either checked at 3x, 10x, and 100x or explicitly marked not relevant to the current architecture decision.
 - Behavior changes are excluded or explicitly moved to a separate follow-up.
 - Verification evidence or verification gaps are reported without claiming unrun checks passed.
 
@@ -145,6 +164,10 @@ Use documentation and release checks only when the review or chosen change touch
 
 - Review target and current pain
 - Evidence inspected
+- Data owner, write path, and original-versus-derived state when relevant
+- Failure mode, idempotency, and recovery boundary when relevant
+- 3x, 10x, and 100x growth pressure when relevant
+- Vertical versus horizontal scaling direction when relevant
 - Candidate boundaries and scores
 - Selected next action
 - Narrower skill used or intentionally avoided