mustflow 2.23.0 → 2.25.0

package/dist/cli/lib/option-parser.js

@@ -0,0 +1,93 @@
+import { t } from './i18n.js';
+function createSpecMap(specs) {
+    const map = new Map();
+    for (const spec of specs) {
+        map.set(spec.name, spec);
+        for (const alias of spec.aliases ?? []) {
+            map.set(alias, spec);
+        }
+    }
+    return map;
+}
+function splitOptionToken(token) {
+    const separatorIndex = token.indexOf('=');
+    if (separatorIndex === -1) {
+        return { name: token, inlineValue: null };
+    }
+    return {
+        name: token.slice(0, separatorIndex),
+        inlineValue: token.slice(separatorIndex + 1),
+    };
+}
+export function hasCliOptionToken(args, name, aliases = []) {
+    const tokens = new Set([name, ...aliases]);
+    return args.some((arg) => tokens.has(splitOptionToken(arg).name));
+}
+export function parseCliOptions(args, specs, config = {}) {
+    const specByToken = createSpecMap(specs);
+    const values = new Map();
+    const occurrences = [];
+    const positionals = [];
+    const allowPositionals = config.allowPositionals === true;
+    const allowUnknownOptions = config.allowUnknownOptions === true;
+    const allowEmptyStringValues = config.allowEmptyStringValues === true;
+    for (let index = 0; index < args.length; index += 1) {
+        const arg = args[index];
+        if (!arg) {
+            continue;
+        }
+        if (!arg.startsWith('-')) {
+            if (allowPositionals) {
+                positionals.push(arg);
+                continue;
+            }
+            return { values, occurrences, positionals, error: { kind: 'unknown_option', option: arg } };
+        }
+        const { name, inlineValue } = splitOptionToken(arg);
+        const spec = specByToken.get(name);
+        if (!spec) {
+            if (allowUnknownOptions && allowPositionals) {
+                positionals.push(arg);
+                continue;
+            }
+            return { values, occurrences, positionals, error: { kind: 'unknown_option', option: arg } };
+        }
+        if (spec.kind === 'boolean') {
+            if (inlineValue !== null) {
+                return { values, occurrences, positionals, error: { kind: 'unknown_option', option: arg } };
+            }
+            values.set(spec.name, true);
+            occurrences.push({ name: spec.name, value: true, token: arg });
+            continue;
+        }
+        if (inlineValue !== null) {
+            if (inlineValue.length === 0 && !allowEmptyStringValues) {
+                return { values, occurrences, positionals, error: { kind: 'missing_value', option: name } };
+            }
+            values.set(spec.name, inlineValue);
+            occurrences.push({ name: spec.name, value: inlineValue, token: arg });
+            continue;
+        }
+        const nextArg = args[index + 1];
+        if (!nextArg || nextArg.startsWith('-')) {
+            return { values, occurrences, positionals, error: { kind: 'missing_value', option: name } };
+        }
+        values.set(spec.name, nextArg);
+        occurrences.push({ name: spec.name, value: nextArg, token: arg });
+        index += 1;
+    }
+    return { values, occurrences, positionals, error: null };
+}
+export function hasParsedCliOption(parsed, name) {
+    return parsed.values.get(name) === true;
+}
+export function getParsedCliStringOption(parsed, name) {
+    const value = parsed.values.get(name);
+    return typeof value === 'string' ? value : null;
+}
+export function formatCliOptionParseError(error, lang) {
+    if (error.kind === 'missing_value') {
+        return t(lang, 'cli.error.missingValue', { option: error.option });
+    }
+    return t(lang, 'cli.error.unknownOption', { option: error.option });
+}

package/dist/cli/lib/repo-map.js

@@ -215,7 +215,7 @@ function readMustflowConfig(projectRoot) {
         return {};
     }
 }
-function getRepoMapConfig(projectRoot) {
+export function getRepoMapConfig(projectRoot) {
     const parsed = readMustflowConfig(projectRoot);
     const configuredPriorityPaths = [...getStringArray(parsed.read_order), ...getStringArray(parsed.optional_read_order)];
     const map = isRecord(parsed.map) ? parsed.map : {};
@@ -503,7 +503,7 @@ function collectNestedRepository(projectRoot, repositoryPath, anchorFiles) {
         editingPolicies,
     };
 }
-function discoverNestedRepositories(projectRoot, mapConfig, workspaceConfig) {
+export function discoverNestedRepositories(projectRoot, mapConfig, workspaceConfig) {
     if (!mapConfig.includeNested || !workspaceConfig.enabled || workspaceConfig.roots.length === 0) {
         return [];
     }

package/dist/cli/lib/run-plan.js

@@ -2,10 +2,11 @@ import path from 'node:path';
 import { isMustflowBinName } from '../../core/command-classification.js';
 import { resolveSafeProjectCwd } from '../../core/command-cwd.js';
 import { resolveCommandEnv } from '../../core/command-env.js';
+import { getCommandMaxOutputBytesLimitDetail, readEffectiveCommandCwd, readEffectiveCommandMaxOutputBytes, } from '../../core/command-run-constraints.js';
 import { evaluateCommandIntentEligibility, } from '../../core/command-intent-eligibility.js';
 import { inspectActiveRunLocks, } from '../../core/active-run-locks.js';
 import { isRecord, readPositiveInteger, readString, readStringArray, } from '../../core/config-loading.js';
-import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, COMMAND_OUTPUT_LIMIT_SCOPE, MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from '../../core/command-output-limits.js';
+import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, COMMAND_OUTPUT_LIMIT_SCOPE, } from '../../core/command-output-limits.js';
 import { normalizeSuccessExitCodes } from '../../core/success-exit-codes.js';
 import { normalizeSafeTestTargetPath, TEST_TARGET_PATH_ERROR } from '../../core/test-target-paths.js';
 import { evaluateCommandPreconditions, } from '../../core/command-preconditions.js';
@@ -79,31 +80,13 @@ function getRunPlanMode(commandArgv, intent) {
     }
     return intent.mode === 'shell' ? 'shell' : null;
 }
-function readEffectiveMaxOutputBytes(contract, intent) {
-    return readPositiveInteger(intent, 'max_output_bytes') ??
-        readPositiveInteger(contract.defaults, 'max_output_bytes') ??
-        DEFAULT_COMMAND_MAX_OUTPUT_BYTES;
-}
 function readEffectiveKillAfterSeconds(contract, intent) {
     return readPositiveInteger(intent, 'kill_after_seconds') ??
         readPositiveInteger(contract.defaults, 'kill_after_seconds') ??
         5;
 }
-function getMaxOutputBytesLimitDetail(contract, intent) {
-    const intentValue = readPositiveInteger(intent, 'max_output_bytes');
-    if (intentValue !== undefined) {
-        return intentValue > MAX_COMMAND_OUTPUT_BYTES ?
-            commandMaxOutputBytesLimitMessage('[commands.intents.<intent>].max_output_bytes') :
-            null;
-    }
-    const defaultValue = readPositiveInteger(contract.defaults, 'max_output_bytes');
-    if (defaultValue !== undefined && defaultValue > MAX_COMMAND_OUTPUT_BYTES) {
-        return commandMaxOutputBytesLimitMessage('[commands.defaults].max_output_bytes');
-    }
-    return null;
-}
 function readRunIntentMetadata(contract, intent) {
-    const configuredCwd = readString(intent, 'cwd') ?? readString(contract.defaults, 'default_cwd') ?? '.';
+    const configuredCwd = readEffectiveCommandCwd(contract, intent);
     const commandArgv = readStringArray(intent, 'argv');
     const shellCommand = intent.mode === 'shell' ? readString(intent, 'cmd') : undefined;
     const env = resolveCommandEnv(contract, intent);
@@ -115,7 +98,7 @@ function readRunIntentMetadata(contract, intent) {
         configuredCwd,
         timeoutSeconds: readPositiveInteger(intent, 'timeout_seconds') ?? null,
         killAfterSeconds: readEffectiveKillAfterSeconds(contract, intent),
-        maxOutputBytes: readEffectiveMaxOutputBytes(contract, intent),
+        maxOutputBytes: readEffectiveCommandMaxOutputBytes(contract, intent, DEFAULT_COMMAND_MAX_OUTPUT_BYTES),
         successExitCodes: getSuccessExitCodes(intent),
         commandArgv,
         shellCommand,
@@ -186,7 +169,7 @@ export function createRunPlan(projectRoot, contract, intentName, options = {}) {
         return createBlockedRunPlan(contract, intentName, rawIntent, eligibility, eligibility.code, eligibility.detail, preconditions);
     }
     const metadata = readRunIntentMetadata(contract, rawIntent);
-    const maxOutputBytesLimitDetail = getMaxOutputBytesLimitDetail(contract, rawIntent);
+    const maxOutputBytesLimitDetail = getCommandMaxOutputBytesLimitDetail(contract, rawIntent);
     if (maxOutputBytesLimitDetail) {
         return createBlockedRunPlan(contract, intentName, rawIntent, eligibility, 'max_output_bytes_exceeds_limit', maxOutputBytesLimitDetail, preconditions);
     }

package/dist/core/change-verification.js

@@ -120,7 +120,7 @@ function escalationIntentsForCandidate(commandContract, candidate) {
         ...readIntentRelationList(commandContract, candidate.intent, 'escalate_to'),
     ]);
 }
-function expandCandidatesWithDeclaredFallbacks(commandContract, candidates) {
+function expandCandidatesWithDeclaredFallbacks(commandContract, projectRoot, candidates) {
     const hasRunnableCandidate = candidates.some((candidate) => candidate.status === 'runnable' && candidate.intent.length > 0);
     if (hasRunnableCandidate) {
         return candidates;
@@ -133,7 +133,10 @@ function expandCandidatesWithDeclaredFallbacks(commandContract, candidates) {
     return [
         ...candidates,
         ...fallbackIntents.map((intent) => {
-            const fallback = classifyVerificationCandidate(intent, commandContract.intents[intent]);
+            const fallback = classifyVerificationCandidate(intent, commandContract.intents[intent], {
+                commandContract,
+                projectRoot,
+            });
             return {
                 ...fallback,
                 detail: fallback.status === 'runnable' ? 'Declared fallback for unavailable verification intent.' : fallback.detail,
@@ -153,7 +156,7 @@ function requirementNeedsDeclaredEscalation(requirement) {
     ].join('\n').toLowerCase();
     return DECLARED_ESCALATION_SIGNALS.some((signal) => signalText.includes(signal.toLowerCase()));
 }
-function expandCandidatesWithDeclaredEscalations(commandContract, requirement, candidates) {
+function expandCandidatesWithDeclaredEscalations(commandContract, projectRoot, requirement, candidates) {
     if (!requirementNeedsDeclaredEscalation(requirement)) {
         return candidates;
     }
@@ -165,7 +168,10 @@ function expandCandidatesWithDeclaredEscalations(commandContract, requirement, c
     return [
         ...candidates,
         ...escalationIntents.map((intent) => {
-            const escalation = classifyVerificationCandidate(intent, commandContract.intents[intent]);
+            const escalation = classifyVerificationCandidate(intent, commandContract.intents[intent], {
+                commandContract,
+                projectRoot,
+            });
             return {
                 ...escalation,
                 detail: escalation.status === 'runnable'
@@ -295,7 +301,7 @@ export function createChangeVerificationReport(classificationReport, commandCont
     const requirements = classificationReport.summary.validationReasons.map((reason) => createVerificationRequirement(classificationReport, reason));
     const plans = requirements.map((requirement) => ({
         requirement,
-        candidates: expandCandidatesWithDeclaredEscalations(commandContract, requirement, expandCandidatesWithDeclaredFallbacks(commandContract, createVerificationPlan(commandContract, requirement.reason).candidates)),
+        candidates: expandCandidatesWithDeclaredEscalations(commandContract, projectRoot, requirement, expandCandidatesWithDeclaredFallbacks(commandContract, projectRoot, createVerificationPlan(commandContract, requirement.reason, projectRoot).candidates)),
     }));
     const plansWithProjectTestSelection = plans.map((plan) => {
         const additionalCandidates = testSelectionPlan.candidates

package/dist/core/command-effects.js

@@ -1,6 +1,7 @@
 import path from 'node:path';
 import { isRecord, readString, readStringArray, } from './config-loading.js';
 import { resolveSafeProjectCwd } from './command-cwd.js';
+import { readEffectiveCommandCwd } from './command-run-constraints.js';
 export const COMMAND_EFFECT_MODES = new Set(['read', 'write', 'append', 'replace', 'delete_recreate']);
 export const COMMAND_EFFECT_TYPES = new Set(['read', 'write']);
 export const COMMAND_EFFECT_CONCURRENCY = new Set(['shared', 'exclusive']);
@@ -13,9 +14,6 @@ function normalizeRelativePath(rawPath) {
 function pathLockKey(relativePath) {
     return `path:${normalizeRelativePath(relativePath)}`;
 }
-function readEffectiveCommandCwd(commandContract, intent) {
-    return readString(intent, 'cwd') ?? readString(commandContract.defaults, 'default_cwd') ?? '.';
-}
 function validateEffectPath(projectRoot, commandContract, intent, rawPath) {
     const cwd = resolveSafeProjectCwd(projectRoot, readEffectiveCommandCwd(commandContract, intent));
     const resolved = path.resolve(cwd, rawPath);

package/dist/core/command-intent-eligibility.js

@@ -1,5 +1,19 @@
 import { isRecord, readString } from './config-loading.js';
 import { commandIntentBlockedCommandPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
+export const COMMAND_INTENT_INELIGIBILITY_CODES = [
+    'intent_not_table',
+    'status_not_configured',
+    'lifecycle_not_oneshot',
+    'run_policy_not_agent_allowed',
+    'stdin_not_closed',
+    'agent_shell_requires_allow',
+    'missing_timeout',
+    'missing_command_source',
+    'unsafe_intent_name',
+    'blocked_shell_background_pattern',
+    'blocked_long_running_command_pattern',
+];
+export const commandIntentIneligibilityCodeContractComplete = true;
 export function evaluateCommandIntentEligibility(intentName, rawIntent) {
     if (!commandIntentNameIsSafe(intentName)) {
         return {

package/dist/core/command-preconditions.js

@@ -2,6 +2,7 @@ import { existsSync, readdirSync, statSync } from 'node:fs';
 import path from 'node:path';
 import { isRecord, readString, readStringArray, } from './config-loading.js';
 import { evaluateCommandIntentEligibility } from './command-intent-eligibility.js';
+import { getCommandRunStaticBlocker } from './command-run-constraints.js';
 export const COMMAND_PRECONDITION_KINDS = new Set(['path_exists', 'artifact_freshness']);
 const IGNORED_WALK_DIRECTORIES = new Set([
     '.git',
@@ -47,20 +48,23 @@ function readPreconditionDeclarations(intent) {
         satisfyIntent: readString(precondition, 'satisfy_intent') ?? null,
     }));
 }
-function createSatisfyIntentSummary(contract, intentName) {
+function createSatisfyIntentSummary(projectRoot, contract, intentName) {
     if (!intentName) {
         return null;
     }
     const rawIntent = contract.intents[intentName];
     const eligibility = evaluateCommandIntentEligibility(intentName, rawIntent);
+    const runBlocker = eligibility.ok && isRecord(rawIntent)
+        ? getCommandRunStaticBlocker(projectRoot, contract, rawIntent)
+        : null;
     return {
         intent: intentName,
         declared: isRecord(rawIntent),
-        runnable: eligibility.ok,
+        runnable: eligibility.ok && !runBlocker,
         status: isRecord(rawIntent) ? readString(rawIntent, 'status') ?? null : null,
         lifecycle: isRecord(rawIntent) ? readString(rawIntent, 'lifecycle') ?? null : null,
         runPolicy: isRecord(rawIntent) ? readString(rawIntent, 'run_policy') ?? null : null,
-        detail: eligibility.detail,
+        detail: eligibility.detail ?? runBlocker?.detail ?? null,
     };
 }
 function escapeRegExp(value) {
@@ -258,7 +262,7 @@ export function evaluateCommandPreconditions(projectRoot, contract, intentName)
     }
     const context = { projectFiles: null };
     return readPreconditionDeclarations(intent).map((declaration) => {
-        const satisfyIntent = createSatisfyIntentSummary(contract, declaration.satisfyIntent);
+        const satisfyIntent = createSatisfyIntentSummary(projectRoot, contract, declaration.satisfyIntent);
         if (declaration.kind === 'path_exists') {
             return evaluatePathExists(projectRoot, declaration, satisfyIntent);
         }

package/dist/core/command-run-constraints.js

@@ -0,0 +1,43 @@
+import { resolveSafeProjectCwd } from './command-cwd.js';
+import { MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from './command-output-limits.js';
+import { readPositiveInteger, readString, } from './config-loading.js';
+export function readEffectiveCommandCwd(contract, intent) {
+    return readString(intent, 'cwd') ?? readString(contract.defaults, 'default_cwd') ?? '.';
+}
+export function readEffectiveCommandMaxOutputBytes(contract, intent, fallback) {
+    return readPositiveInteger(intent, 'max_output_bytes') ??
+        readPositiveInteger(contract.defaults, 'max_output_bytes') ??
+        fallback;
+}
+export function getCommandMaxOutputBytesLimitDetail(contract, intent) {
+    const intentValue = readPositiveInteger(intent, 'max_output_bytes');
+    if (intentValue !== undefined) {
+        return intentValue > MAX_COMMAND_OUTPUT_BYTES ?
+            commandMaxOutputBytesLimitMessage('[commands.intents.<intent>].max_output_bytes') :
+            null;
+    }
+    const defaultValue = readPositiveInteger(contract.defaults, 'max_output_bytes');
+    if (defaultValue !== undefined && defaultValue > MAX_COMMAND_OUTPUT_BYTES) {
+        return commandMaxOutputBytesLimitMessage('[commands.defaults].max_output_bytes');
+    }
+    return null;
+}
+export function getCommandRunStaticBlocker(projectRoot, contract, intent) {
+    const maxOutputBytesLimitDetail = getCommandMaxOutputBytesLimitDetail(contract, intent);
+    if (maxOutputBytesLimitDetail) {
+        return {
+            reason: 'max_output_bytes_exceeds_limit',
+            detail: maxOutputBytesLimitDetail,
+        };
+    }
+    try {
+        resolveSafeProjectCwd(projectRoot, readEffectiveCommandCwd(contract, intent));
+    }
+    catch (error) {
+        return {
+            reason: 'cwd_outside_project',
+            detail: error instanceof Error ? error.message : String(error),
+        };
+    }
+    return null;
+}

package/dist/core/public-json-contracts.js

@@ -79,6 +79,13 @@ const PUBLIC_JSON_SCHEMA_CONTRACTS = [
         documented: true,
         installedCommand: ['mf', 'api', 'locks', '--json'],
     },
+    {
+        id: 'api-serve-response',
+        schemaFile: 'api-serve-response.schema.json',
+        producer: 'mf api serve --stdio',
+        packaged: true,
+        documented: true,
+    },
     {
         id: 'run-receipt',
         schemaFile: 'run-receipt.schema.json',
@@ -109,6 +116,56 @@ const PUBLIC_JSON_SCHEMA_CONTRACTS = [
         documented: true,
         installedCommand: ['mf', 'contract-lint', '--json'],
     },
+    {
+        id: 'onboard-commands-report',
+        schemaFile: 'onboard-commands-report.schema.json',
+        producer: 'mf onboard commands --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'onboard', 'commands', '--json'],
+    },
+    {
+        id: 'next-report',
+        schemaFile: 'next-report.schema.json',
+        producer: 'mf next --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'next', '--json'],
+        expectedExitCodes: [0, 1],
+    },
+    {
+        id: 'evidence-report',
+        schemaFile: 'evidence-report.schema.json',
+        producer: 'mf evidence --changed --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'evidence', '--changed', '--json'],
+        expectedExitCodes: [0, 1],
+    },
+    {
+        id: 'workspace-status',
+        schemaFile: 'workspace-status.schema.json',
+        producer: 'mf workspace status --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'workspace', 'status', '--json'],
+    },
+    {
+        id: 'workspace-command-catalog',
+        schemaFile: 'workspace-command-catalog.schema.json',
+        producer: 'mf workspace command-catalog --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'workspace', 'command-catalog', '--json'],
+    },
+    {
+        id: 'workspace-verification-plan',
+        schemaFile: 'workspace-verification-plan.schema.json',
+        producer: 'mf workspace verify --changed --plan-only --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'workspace', 'verify', '--changed', '--plan-only', '--json'],
+    },
     {
         id: 'dashboard-export',
         schemaFile: 'dashboard-export.schema.json',

package/dist/core/test-selection.js

@@ -190,7 +190,10 @@ export function createProjectTestSelectionPlan(projectRoot, classificationReport
             fallbackIntent: rule.fallbackIntent,
             testTargets: rule.testTargets,
         });
-        const primary = withDetail(classifyVerificationCandidate(rule.intent, commandContract.intents[rule.intent]), `Project-declared test selection rule "${rule.id}".`);
+        const primary = withDetail(classifyVerificationCandidate(rule.intent, commandContract.intents[rule.intent], {
+            commandContract,
+            projectRoot,
+        }), `Project-declared test selection rule "${rule.id}".`);
         const primaryTestTargets = appliedTestTargetsForCandidate(rule, commandContract, primary);
         const primaryCandidate = { reason, candidate: primary, testTargets: primaryTestTargets };
         candidates.push(primaryCandidate);
@@ -200,7 +203,10 @@ export function createProjectTestSelectionPlan(projectRoot, classificationReport
             continue;
         }
         selectedReportCandidates.push(toReportCandidate(rule, reason, 'primary', primary, primaryTestTargets));
-        const fallback = withDetail(classifyVerificationCandidate(rule.fallbackIntent, commandContract.intents[rule.fallbackIntent]), `Fallback for project-declared test selection rule "${rule.id}".`);
+        const fallback = withDetail(classifyVerificationCandidate(rule.fallbackIntent, commandContract.intents[rule.fallbackIntent], {
+            commandContract,
+            projectRoot,
+        }), `Fallback for project-declared test selection rule "${rule.id}".`);
         const fallbackTestTargets = appliedTestTargetsForCandidate(rule, commandContract, fallback);
         const fallbackCandidate = { reason, candidate: fallback, testTargets: fallbackTestTargets };
         candidates.push(fallbackCandidate);

package/dist/core/verification-plan.js

@@ -1,9 +1,23 @@
 import { isRecord, readStringArray, } from './config-loading.js';
-import { evaluateCommandIntentEligibility, } from './command-intent-eligibility.js';
+import { getCommandRunStaticBlocker, } from './command-run-constraints.js';
+import { COMMAND_INTENT_INELIGIBILITY_CODES, evaluateCommandIntentEligibility, } from './command-intent-eligibility.js';
+export const VERIFICATION_SKIP_REASONS = [
+    'no_matching_intents',
+    ...COMMAND_INTENT_INELIGIBILITY_CODES,
+    'cwd_outside_project',
+    'max_output_bytes_exceeds_limit',
+];
+export const verificationSkipReasonContractComplete = true;
 function hasRequiredAfter(intent, reason) {
     return (readStringArray(intent, 'required_after') ?? []).includes(reason);
 }
-export function classifyVerificationCandidate(intentName, rawIntent) {
+function getRunPlanBlocker(rawIntent, context) {
+    if (!context.projectRoot || !context.commandContract) {
+        return null;
+    }
+    return getCommandRunStaticBlocker(context.projectRoot, context.commandContract, rawIntent);
+}
+export function classifyVerificationCandidate(intentName, rawIntent, context = {}) {
     const eligibility = evaluateCommandIntentEligibility(intentName, rawIntent);
     if (!eligibility.ok) {
         return {
@@ -13,6 +27,17 @@ export function classifyVerificationCandidate(intentName, rawIntent) {
             detail: eligibility.detail,
         };
     }
+    if (isRecord(rawIntent)) {
+        const blocker = getRunPlanBlocker(rawIntent, context);
+        if (blocker) {
+            return {
+                intent: intentName,
+                status: 'skipped',
+                reason: blocker.reason,
+                detail: blocker.detail,
+            };
+        }
+    }
     return {
         intent: intentName,
         status: 'runnable',
@@ -20,10 +45,13 @@ export function classifyVerificationCandidate(intentName, rawIntent) {
         detail: null,
     };
 }
-export function createVerificationPlan(contract, reason) {
+export function createVerificationPlan(contract, reason, projectRoot) {
     const candidates = Object.entries(contract.intents)
         .filter(([, intent]) => isRecord(intent) && hasRequiredAfter(intent, reason))
-        .map(([intentName, intent]) => classifyVerificationCandidate(intentName, intent))
+        .map(([intentName, intent]) => classifyVerificationCandidate(intentName, intent, {
+        commandContract: contract,
+        projectRoot,
+    }))
         .sort((left, right) => left.intent.localeCompare(right.intent));
     return {
         reason,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mustflow",
-  "version": "2.23.0",
+  "version": "2.25.0",
   "description": "Agent workflow documents and CLI for mustflow repository roots.",
   "type": "module",
   "license": "MIT-0",

package/schemas/README.md

@@ -15,6 +15,7 @@ Current schemas:
 - `diff-risk.schema.json`: output of `mf api diff-risk --changed --json`
 - `health.schema.json`: output of `mf api health --json`
 - `locks.schema.json`: output of `mf api locks --json`
+- `api-serve-response.schema.json`: each newline-delimited response from `mf api serve --stdio`
 - `run-receipt.schema.json`: output of `mf run <intent> --json` and `.mustflow/state/runs/latest.json`,
   including bounded declared-write drift metadata, a safe latest-run performance summary, and optional
   structured phase timings and selection summaries
@@ -23,6 +24,21 @@ Current schemas:
   command execution or automatic dependency execution
 - `test-selection.schema.json`: parsed optional `.mustflow/config/test-selection.toml`
 - `contract-lint-report.schema.json`: output of `mf contract-lint --json`
+- `onboard-commands-report.schema.json`: output of `mf onboard commands --json`, containing
+  review-only command-intent suggestions that do not grant command authority or write files
+- `next-report.schema.json`: output of `mf next --json`, containing the next safe action,
+  changed-file verification gaps, and read-only command recommendations
+- `evidence-report.schema.json`: output of `mf evidence --changed --json`, containing verification
+  requirements, latest bounded evidence, receipts, remaining risks, and gaps without running commands
+- `workspace-status.schema.json`: output of `mf workspace status --json`, containing configured
+  workspace roots, discovered nested repositories, and per-root command-contract readiness without
+  granting command authority
+- `workspace-command-catalog.schema.json`: output of `mf workspace command-catalog --json`,
+  containing per-root command intent availability, safe `mf run` entrypoints, and no raw command
+  strings
+- `workspace-verification-plan.schema.json`: output of
+  `mf workspace verify --changed --plan-only --json`, containing per-root changed-file
+  verification plans without running commands or granting parent-to-child command authority
 - `dashboard-export.schema.json`: bounded static export written by `mf dashboard --export-json <path>`,
   including output policy, redaction and truncation metadata, the dashboard harness report, and
   the evidence-based completion verdict, evidence model, and conservative coverage matrix for the

package/schemas/api-serve-response.schema.json

@@ -0,0 +1,89 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://mustflow.github.io/schemas/api-serve-response.schema.json",
+  "title": "mustflow api serve response",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema_version",
+    "command",
+    "transport",
+    "id",
+    "ok",
+    "policy"
+  ],
+  "properties": {
+    "schema_version": { "const": "1" },
+    "command": { "const": "api serve" },
+    "transport": { "const": "stdio" },
+    "id": { "type": ["string", "number", "null"] },
+    "ok": { "type": "boolean" },
+    "policy": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "mode",
+        "executes_commands",
+        "direct_commands_allowed",
+        "raw_output_included",
+        "hidden_reasoning_included"
+      ],
+      "properties": {
+        "mode": { "const": "read_only" },
+        "executes_commands": { "const": false },
+        "direct_commands_allowed": { "const": false },
+        "raw_output_included": { "const": false },
+        "hidden_reasoning_included": { "const": false }
+      }
+    },
+    "result": {
+      "anyOf": [
+        { "$ref": "workspace-summary.schema.json" },
+        { "$ref": "command-catalog.schema.json" },
+        { "$ref": "verification-plan.schema.json" },
+        { "$ref": "latest-evidence.schema.json" },
+        { "$ref": "diff-risk.schema.json" },
+        { "$ref": "health.schema.json" },
+        { "$ref": "locks.schema.json" }
+      ]
+    },
+    "error": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["code", "message"],
+      "properties": {
+        "code": {
+          "enum": [
+            "invalid_json",
+            "invalid_request",
+            "unknown_action",
+            "action_requires_changed",
+            "action_does_not_accept_changed",
+            "report_unavailable"
+          ]
+        },
+        "message": { "type": "string" }
+      }
+    }
+  },
+  "oneOf": [
+    {
+      "properties": {
+        "ok": { "const": true }
+      },
+      "required": ["result"],
+      "not": {
+        "required": ["error"]
+      }
+    },
+    {
+      "properties": {
+        "ok": { "const": false }
+      },
+      "required": ["error"],
+      "not": {
+        "required": ["result"]
+      }
+    }
+  ]
+}

package/schemas/change-verification-report.schema.json

@@ -255,8 +255,11 @@
         "missing_timeout",
         "missing_command_source",
         "unsafe_intent_name",
+        "agent_shell_requires_allow",
         "blocked_shell_background_pattern",
-        "blocked_long_running_command_pattern"
+        "blocked_long_running_command_pattern",
+        "cwd_outside_project",
+        "max_output_bytes_exceeds_limit"
       ]
     },
     "verificationCandidate": {

package/schemas/contract-lint-report.schema.json

@@ -139,6 +139,7 @@
                             "missing_timeout",
                             "missing_command_source",
                             "unsafe_intent_name",
+                            "agent_shell_requires_allow",
                             "blocked_shell_background_pattern",
                             "blocked_long_running_command_pattern"
                           ]