mustflow 2.31.0 → 2.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/api/actions.js +55 -0
- package/dist/cli/commands/api/report-runner.js +62 -0
- package/dist/cli/commands/api/serve.js +149 -0
- package/dist/cli/commands/api/workspace-recommendations.js +13 -0
- package/dist/cli/commands/api.js +15 -275
- package/dist/cli/lib/local-index/search-read-model.js +44 -7
- package/dist/cli/lib/validation/frontmatter.js +75 -0
- package/dist/cli/lib/validation/index.js +4 -86
- package/dist/cli/lib/validation/safe-read.js +13 -0
- package/dist/core/active-run-locks.js +110 -10
- package/dist/core/run-performance-history.js +14 -1
- package/dist/core/validation-ratchet.js +1 -1
- package/package.json +1 -1
- package/templates/default/i18n.toml +63 -21
- package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +15 -7
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +21 -8
- package/templates/default/locales/en/.mustflow/skills/adapter-boundary/SKILL.md +9 -2
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +249 -0
- package/templates/default/locales/en/.mustflow/skills/api-contract-change/SKILL.md +16 -11
- package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +11 -4
- package/templates/default/locales/en/.mustflow/skills/backend-reliability-change/SKILL.md +289 -0
- package/templates/default/locales/en/.mustflow/skills/css-code-change/SKILL.md +24 -14
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +18 -7
- package/templates/default/locales/en/.mustflow/skills/frontend-render-stability/SKILL.md +144 -0
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +70 -18
- package/templates/default/locales/en/.mustflow/skills/heuristic-candidate-selection/SKILL.md +165 -0
- package/templates/default/locales/en/.mustflow/skills/html-code-change/SKILL.md +20 -13
- package/templates/default/locales/en/.mustflow/skills/http-delivery-streaming/SKILL.md +205 -0
- package/templates/default/locales/en/.mustflow/skills/performance-budget-check/SKILL.md +9 -7
- package/templates/default/locales/en/.mustflow/skills/proactive-risk-surfacing/SKILL.md +198 -0
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +27 -11
- package/templates/default/locales/en/.mustflow/skills/routes.toml +43 -1
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +41 -17
- package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +4 -1
- package/templates/default/locales/en/.mustflow/skills/security-regression-tests/SKILL.md +5 -2
- package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +167 -0
- package/templates/default/locales/en/.mustflow/skills/tailwind-code-change/SKILL.md +37 -23
- package/templates/default/locales/en/.mustflow/skills/tauri-code-change/SKILL.md +27 -10
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +22 -4
- package/templates/default/locales/en/.mustflow/skills/unocss-code-change/SKILL.md +34 -15
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +29 -5
- package/templates/default/locales/en/AGENTS.md +3 -2
- package/templates/default/locales/ko/.mustflow/docs/agent-workflow.md +13 -8
- package/templates/default/locales/ko/AGENTS.md +2 -2
- package/templates/default/manifest.toml +44 -1
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.dependency-upgrade-review
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 3
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: dependency-upgrade-review
|
|
9
|
-
description: Apply this skill when dependency versions, lockfiles, package manager metadata, security advisory fixes, generated dependency outputs, runtime engine constraints, peer dependency contracts, framework plugins, CI actions, Docker base images, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported.
|
|
9
|
+
description: Apply this skill when dependency versions, lockfiles, package manager metadata, security advisory fixes, generated dependency outputs, runtime engine constraints, Python runtime support, peer dependency contracts, framework plugins, TypeScript compiler tracks, CI actions, Docker base images, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -39,6 +39,8 @@ Review dependency upgrades as runtime, build, security, package, and generated-o
|
|
|
39
39
|
- A security advisory, vulnerability scanner, Dependabot, Renovate, package audit, language audit, CI action update, Docker base image update, framework plugin update, formatter/linter/bundler update, ORM update, code generator update, protobuf/OpenAPI generator update, or toolchain update is reviewed or applied.
|
|
40
40
|
- A task claims a dependency change is "only patch", "only devDependency", "safe minor", "security-only", "transitive only", "lockfile only", or "no runtime change".
|
|
41
41
|
- A dependency update touches installation, publish output, generated clients, SDKs, native binaries, browser bundles, serverless or edge runtime, ESM/CJS/module format, Python markers, Go module graph, Cargo features, JVM dependency mediation, .NET target frameworks, Ruby/PHP/Swift lockfiles, Docker images, or CI actions.
|
|
42
|
+
- A Python runtime support floor, CI matrix, container image, `requires-python`, standard-library feature expectation, or security-default expectation changes as part of an upgrade.
|
|
43
|
+
- A TypeScript upgrade touches TypeScript 6 transition deprecations, TypeScript 7 native preview, `@typescript/native-preview`, `tsgo`, compiler API consumers, declaration emit, framework typecheck wrappers, or editor language-service behavior.
|
|
42
44
|
|
|
43
45
|
<!-- mustflow-section: do-not-use-when -->
|
|
44
46
|
## Do Not Use When
|
|
@@ -92,11 +94,15 @@ Review dependency upgrades as runtime, build, security, package, and generated-o
|
|
|
92
94
|
9. Review the lockfile as a graph, not a blob. Check direct and transitive replacements, newly introduced packages, removed packages, optional/platform packages, source URLs, integrity or checksum changes, peer resolution, engine requirements, native prebuilds, and postinstall or lifecycle scripts.
|
|
93
95
|
10. Review runtime boundaries that dependency upgrades commonly break: ESM/CJS and package `type`, `exports` and conditional exports, browser/node/edge conditions, Node engine support, Python dependency markers and extras, Go module path changes, Cargo feature unification, native builds, SSR/client split, WebView/native split, and generated client or SDK types.
|
|
94
96
|
11. Treat framework, plugin, code generator, formatter, linter, bundler, ORM, protobuf, OpenAPI, GraphQL, database driver, and test-runner upgrades as behavior changes when their output, config schema, plugin API, CLI flags, or generated code can change.
|
|
95
|
-
12. For
|
|
96
|
-
13. For
|
|
97
|
-
14.
|
|
98
|
-
15.
|
|
99
|
-
16.
|
|
97
|
+
12. For Python runtime upgrades, treat `requires-python`, CI matrices, base images, dependency markers, wheels, packaging output, standard-library API availability, and security-default changes as one compatibility contract. Review version-gated standard-library usage and changed defaults before assuming the upgrade is only a dependency resolution change.
|
|
98
|
+
13. For Python upgrades that adopt newer standard-library behavior, call out affected paths such as archive extraction, subprocess handling, async lifecycle, import/resource loading, typing surfaces, data-class shapes, and diagnostic flags. Keep fallbacks or compatibility wording when the repository still supports older interpreters.
|
|
99
|
+
14. For TypeScript upgrades, classify the compiler track explicitly: stable `typescript` and `tsc`, TypeScript 6 transition release, TypeScript 7 native preview via `@typescript/native-preview` and `tsgo`, editor extension preview, or framework-owned wrapper. Do not treat a native preview package as a stable replacement for the `typescript` package unless the repository policy says so.
|
|
100
|
+
15. For TypeScript 6, review deprecations as future TypeScript 7 removals. For TypeScript 7 native preview, review unsupported compiler API, transformer, language-service plugin, watch/incremental, declaration emit, framework wrapper, and generated-output risks before changing dependency declarations or scripts.
|
|
101
|
+
16. For new dependencies introduced by the upgrade, invoke the `dependency-reality-check` decision path: license, maintainer risk, provenance, lifecycle scripts, binary downloads, package age, transitive size, supply-chain risk, and replacement path.
|
|
102
|
+
17. For Docker base images and CI actions, review them as dependencies. Check image/action source, version pinning policy, digest use when required, runtime version changes, security patch reason, cache impact, and deployment smoke coverage.
|
|
103
|
+
18. Synchronize dependent surfaces: generated code, snapshots, mocks, fixtures, examples, SDK clients, OpenAPI or GraphQL artifacts, README install guidance, migration docs, changelog, Docker/CI docs, and package publish metadata.
|
|
104
|
+
19. Select verification from the command contract based on risk. Patch and narrow transitive changes can use focused checks when they cover the touched path; major, framework, runtime-engine, generated-output, security-sensitive, Docker, CI-action, Python runtime, or TypeScript compiler-track updates need broader checks.
|
|
105
|
+
20. Report skipped checks explicitly. If the command contract lacks a dependency graph, package verification, Python runtime matrix, TypeScript declaration, or compiler-comparison intent, do not invent raw package-manager commands; report the missing configured intent.
|
|
100
106
|
|
|
101
107
|
<!-- mustflow-section: postconditions -->
|
|
102
108
|
## Postconditions
|
|
@@ -105,6 +111,8 @@ Review dependency upgrades as runtime, build, security, package, and generated-o
|
|
|
105
111
|
- The lockfile and declaration files agree.
|
|
106
112
|
- Direct and transitive changes are understood, not hidden behind lockfile volume.
|
|
107
113
|
- Runtime engine, peer dependency, optional/platform package, feature, module-format, generated-output, and publish-surface risks are classified.
|
|
114
|
+
- Python runtime upgrades classify standard-library availability, changed defaults, packaging output, and security-behavior impact.
|
|
115
|
+
- TypeScript compiler-track changes distinguish stable compiler upgrades from native-preview comparison work.
|
|
108
116
|
- Security fixes are narrow unless the user explicitly accepted a broader modernization.
|
|
109
117
|
- Tests and scanners were not weakened to pass the upgrade.
|
|
110
118
|
|
|
@@ -134,6 +142,7 @@ Prefer the narrowest configured intent that proves the actual upgraded dependenc
|
|
|
134
142
|
- If tests fail after an upgrade, do not delete tests, skip tests, loosen assertions, lower coverage, disable scanners, or widen permissions unless the behavior contract intentionally changed and the report says so.
|
|
135
143
|
- If a security upgrade requires broad modernization, split the minimum patch from the modernization when possible.
|
|
136
144
|
- If generated output changes, regenerate from the official generator path and explain the generated diff. Do not hand-edit generated dependency output.
|
|
145
|
+
- If TypeScript 7 native preview is introduced, keep stable TypeScript verification unless the repository explicitly adopts the preview path and all compiler API, framework wrapper, declaration, and generated-output risks are covered.
|
|
137
146
|
- If configured verification is missing, report the missing command intent instead of inferring a package-manager command.
|
|
138
147
|
|
|
139
148
|
<!-- mustflow-section: output-format -->
|
|
@@ -144,6 +153,8 @@ Prefer the narrowest configured intent that proves the actual upgraded dependenc
|
|
|
144
153
|
- Direct and transitive graph changes
|
|
145
154
|
- Compatibility classification: patch, minor, major, pre-1.0, security, toolchain, generated-output, Docker, or CI action
|
|
146
155
|
- Runtime, peer, engine, module, feature, platform, generated-output, and publish-surface risks
|
|
156
|
+
- Python runtime, standard-library, packaging, and changed-default risks when relevant
|
|
157
|
+
- TypeScript compiler-track and native-preview risks when relevant
|
|
147
158
|
- Security advisory and fixed-range notes when relevant
|
|
148
159
|
- Surfaces synchronized
|
|
149
160
|
- Command intents run
|
|
@@ -0,0 +1,144 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.frontend-render-stability
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 2
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: frontend-render-stability
|
|
9
|
+
description: Apply this skill when frontend navigation flicker, theme flash, hydration flash, blank initial render, unstable loading shell, route transition jank, BFCache breakage, browser-native navigation regression, or first-paint instability is reported, created, edited, reviewed, or verified.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.frontend-render-stability
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- docs_validate_fast
|
|
22
|
+
- mustflow_check
|
|
23
|
+
---
|
|
24
|
+
|
|
25
|
+
# Frontend Render Stability
|
|
26
|
+
|
|
27
|
+
<!-- mustflow-section: purpose -->
|
|
28
|
+
## Purpose
|
|
29
|
+
|
|
30
|
+
Diagnose and fix visible frontend instability by proving which layer flashes first: document navigation, theme or CSS application, hydration, first-render data, loading layout, font or media loading, or view-transition behavior.
|
|
31
|
+
|
|
32
|
+
This skill is symptom-first. It is not an Astro, SvelteKit, CSS, or performance checklist by itself. Use it to decide the root cause order, then activate the narrower framework, markup, CSS, UI, or performance skill before editing that surface.
|
|
33
|
+
|
|
34
|
+
<!-- mustflow-section: use-when -->
|
|
35
|
+
## Use When
|
|
36
|
+
|
|
37
|
+
- A user reports page flicker, theme flash, flash of unstyled content, dark-mode flash, blank page before content, hydration flash, route transition jank, state loss across navigation, layout shift during loading, or slow first visible render.
|
|
38
|
+
- A change adds, removes, or reviews client-side routing, view transitions, prefetching, shared layouts, persistent shells, early theme initialization, root HTML templates, hydration boundaries, skeletons, font loading, or first-render data flow.
|
|
39
|
+
- An Astro, SvelteKit, React, Vue, or other frontend app needs evidence that navigation keeps the common UI and theme stable instead of replacing the whole document unnecessarily.
|
|
40
|
+
- Browser-only state, local storage, cookies, media queries, locale, time, randomness, or async client effects affect initial HTML, hydration, or theme selection.
|
|
41
|
+
- A change may replace browser-native navigation, form submission, history, scrolling, focus restoration, BFCache eligibility, event delivery, or image/font loading with JavaScript behavior.
|
|
42
|
+
|
|
43
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
44
|
+
## Do Not Use When
|
|
45
|
+
|
|
46
|
+
- The task is ordinary visual polish with no navigation, first-paint, hydration, loading, or route-transition symptom; use `ui-quality-gate` or `css-code-change`.
|
|
47
|
+
- The task is only framework-specific routing, content, or data behavior with no visible instability; use the matching framework skill.
|
|
48
|
+
- The change is purely backend performance, database latency, or queue throughput with no browser render impact; use `performance-budget-check`.
|
|
49
|
+
- A configured browser, visual, or performance verification intent is missing. Do not invent ad hoc dev-server, watcher, or browser-session steps inside this skill; report the missing intent.
|
|
50
|
+
|
|
51
|
+
<!-- mustflow-section: required-inputs -->
|
|
52
|
+
## Required Inputs
|
|
53
|
+
|
|
54
|
+
- Symptom description, affected routes, whether it happens on first load, client-side navigation, hard reload, theme toggle, slow network, reduced motion, or reduced data.
|
|
55
|
+
- App framework, version signals, root HTML or layout files, route/link components, router configuration, root CSS, theme initialization, font loading, and affected components.
|
|
56
|
+
- Evidence from current files or allowed verification showing whether navigation requests a new document, whether the shared shell persists, and when theme and CSS are applied.
|
|
57
|
+
- Data-loading ownership for above-the-fold content: SSR or static data, route load function, streamed data, client effect, store initialization, or browser-only fetch.
|
|
58
|
+
- Native browser contracts affected by the change: anchors, forms, history, scroll restoration, focus, BFCache, HTTP cache, service worker, preload hints, passive event listeners, Pointer Events, ResizeObserver, IntersectionObserver, or abortable requests.
|
|
59
|
+
- Configured verification intents and any project-approved visual, browser, or build checks.
|
|
60
|
+
|
|
61
|
+
<!-- mustflow-section: preconditions -->
|
|
62
|
+
## Preconditions
|
|
63
|
+
|
|
64
|
+
- Higher-priority instructions and the command contract have been checked.
|
|
65
|
+
- The symptom is tied to a visible render, navigation, first-paint, or loading behavior, not only subjective animation preference.
|
|
66
|
+
- Framework-specific API names and browser features are verified against project dependencies or current official documentation before relying on them in code or durable docs.
|
|
67
|
+
- Any external advice, snippets, or AI output is treated as input, not authority.
|
|
68
|
+
|
|
69
|
+
<!-- mustflow-section: allowed-edits -->
|
|
70
|
+
## Allowed Edits
|
|
71
|
+
|
|
72
|
+
- Root HTML templates, app shells, layouts, route links, router configuration, early theme scripts, root CSS, theme tokens, font and media loading hints, skeleton or loading state layout, hydration boundaries, route data loaders, and tests or docs directly tied to render stability.
|
|
73
|
+
- Browser-native behavior restoration such as semantic links/forms, reserved media geometry, `fetchpriority` where appropriate, passive event listeners, abortable stale requests, focus restoration, BFCache-safe lifecycle handling, and reduced JavaScript work before first paint.
|
|
74
|
+
- Framework-specific edits only after using the matching skill, such as `astro-code-change`, `svelte-code-change`, `html-code-change`, `css-code-change`, or `ui-quality-gate`.
|
|
75
|
+
- Keep fixes local to the proven instability layer. Do not migrate frameworks, disable SSR, convert the app to an SPA, add a client router, add animation libraries, or broaden preload behavior without evidence and a reported tradeoff.
|
|
76
|
+
|
|
77
|
+
<!-- mustflow-section: procedure -->
|
|
78
|
+
## Procedure
|
|
79
|
+
|
|
80
|
+
1. Classify the symptom by phase: hard reload, same-document navigation, cross-document navigation, first paint, hydration, data arrival, loading placeholder, font swap, media load, theme toggle, or view-transition animation.
|
|
81
|
+
2. Prove or rule out a full document reload before optimizing animation. Inspect link behavior and router configuration first. In browser evidence, a new `document` request during an internal navigation usually means the shared shell, CSS, and theme are being replaced.
|
|
82
|
+
3. If full reload is not intended, inspect the framework-native navigation path before adding custom JavaScript:
|
|
83
|
+
- Astro: check whether `<ClientRouter />` is intentionally present, whether links opt out with `data-astro-reload`, whether persistent shared UI needs `transition:persist`, whether `astro:before-swap` or `astro:after-swap` must preserve theme state, and whether prefetch policy is bounded.
|
|
84
|
+
- SvelteKit: check whether internal links or GET forms are using normal SvelteKit navigation, whether `data-sveltekit-reload`, `rel="external"`, or direct `window.location` forces a reload, whether `data-sveltekit-preload-data` or `data-sveltekit-preload-code` is appropriate, and whether `onNavigate` view-transition work can finish quickly.
|
|
85
|
+
- Other frameworks: use their native router, layout persistence, and preload primitives before adding a second navigation layer.
|
|
86
|
+
4. If the symptom is a theme or color flash, inspect first-paint ordering. Theme state that changes global colors must be applied on `document.documentElement` before first paint when possible, with `color-scheme`, root `html, body` backgrounds, and CSS tokens matching the same state. Do not rely on component mount or a late store subscription for initial theme.
|
|
87
|
+
5. If CSP is active, check the framework's supported nonce, hash, or template mechanism before adding inline early scripts. Do not weaken CSP just to hide a flash.
|
|
88
|
+
6. If hydration flashes or mismatches appear, compare server-rendered markup with first client state. Remove time, randomness, locale, timezone, viewport, localStorage, and browser-only values from SSR-visible initial markup unless they are serialized or guarded with an intentional placeholder.
|
|
89
|
+
7. If above-the-fold content appears blank until client effects run, move first-render data to the framework's route loader, server data, static generation, or serialized initial data when that matches secrecy and freshness rules. Use client effects for enhancement, subscriptions, and browser-only work, not required initial page data.
|
|
90
|
+
8. If a client effect fetches required first-screen data, check whether it can move to server/static/route data. When it must stay client-side, abort stale requests, ignore obsolete responses, and keep the previous stable shell until the new result is ready.
|
|
91
|
+
9. If loading UI shifts layout, reserve final geometry for skeletons, images, videos, embeds, ads, fonts, and lazy content. Loading states should preserve the app shell and task context rather than replacing the page with an unrelated blank screen.
|
|
92
|
+
10. For LCP media, avoid accidental lazy loading, reserve dimensions, and use project-approved priority hints only for the actual first-viewport candidate. Do not preload every hero-like asset.
|
|
93
|
+
11. Check whether JavaScript replaced a browser-native contract. Prefer anchors for navigation, forms for form submission, CSS for simple states, native scroll behavior where acceptable, Pointer Events over duplicate mouse/touch stacks, passive listeners for scroll-blocking inputs, and observers over polling.
|
|
94
|
+
12. Preserve BFCache and history behavior where possible. Avoid unconditional `unload` handlers, global synchronous storage work during navigation, and stale global state that assumes every navigation creates a fresh document.
|
|
95
|
+
13. If view transitions are used, treat motion as progressive enhancement. Keep names unique where required, avoid duplicate rendered `view-transition-name` values, respect reduced motion, and disable or narrow transitions that conceal content state changes or stall navigation.
|
|
96
|
+
14. Check font and CSS delivery only after document reload, theme order, hydration, and data timing are understood. Use project-approved font loading, preloads, `font-display`, and root background policies without bypassing existing asset strategy.
|
|
97
|
+
15. Choose the narrowest configured verification intents that cover the changed layer. If a real browser, visual diff, network-panel, throttled-load, BFCache, or INP check would be required but no configured one-shot intent exists, report that gap instead of claiming visual proof.
|
|
98
|
+
|
|
99
|
+
<!-- mustflow-section: postconditions -->
|
|
100
|
+
## Postconditions
|
|
101
|
+
|
|
102
|
+
- The report names the proven or most likely instability layer and the layers ruled out.
|
|
103
|
+
- Navigation behavior is intentional: full document reload is either removed, preserved with a reason, or reported as an unresolved product decision.
|
|
104
|
+
- Theme, CSS, font, hydration, data, loading, and transition changes preserve accessibility, reduced motion, state ownership, and framework boundaries.
|
|
105
|
+
- Native browser contracts are preserved, restored, or explicitly traded off with a reason.
|
|
106
|
+
- Any framework-specific changes have used the matching framework skill.
|
|
107
|
+
- Visual verification is current and explicit, or the missing configured visual/browser intent is reported.
|
|
108
|
+
|
|
109
|
+
<!-- mustflow-section: verification -->
|
|
110
|
+
## Verification
|
|
111
|
+
|
|
112
|
+
Use configured oneshot command intents when available:
|
|
113
|
+
|
|
114
|
+
- `changes_status`
|
|
115
|
+
- `changes_diff_summary`
|
|
116
|
+
- `lint`
|
|
117
|
+
- `build`
|
|
118
|
+
- `test_related`
|
|
119
|
+
- `docs_validate_fast`
|
|
120
|
+
- `mustflow_check`
|
|
121
|
+
|
|
122
|
+
Use broader configured tests only when route behavior, SSR/client boundaries, public docs, templates, or shared UI contracts change. Use visual or browser verification only through configured one-shot intents or an explicit user-approved workflow.
|
|
123
|
+
|
|
124
|
+
<!-- mustflow-section: failure-handling -->
|
|
125
|
+
## Failure Handling
|
|
126
|
+
|
|
127
|
+
- If the symptom cannot be reproduced from current evidence, report the reproduction gap and avoid adding speculative router, animation, or preload code.
|
|
128
|
+
- If the fix would require a new router, SSR disablement, framework migration, CSP weakening, global preload policy, or development server workflow, stop and report the architectural or command-contract decision needed.
|
|
129
|
+
- If JavaScript is fighting browser defaults, remove the unnecessary ownership first before adding more lifecycle hooks, timers, polling, or global state.
|
|
130
|
+
- If official framework docs conflict with snippets or older advice, follow the current project version and official docs, then report the source-freshness boundary.
|
|
131
|
+
- If verification fails after a render-stability change, use `failure-triage` before broadening the fix.
|
|
132
|
+
- If the route is stable but visual polish remains, hand off to `ui-quality-gate` or `css-code-change` instead of expanding this skill.
|
|
133
|
+
|
|
134
|
+
<!-- mustflow-section: output-format -->
|
|
135
|
+
## Output Format
|
|
136
|
+
|
|
137
|
+
- Symptom and affected phase
|
|
138
|
+
- Evidence inspected
|
|
139
|
+
- Instability layer found or ruled out
|
|
140
|
+
- Framework-specific skills used
|
|
141
|
+
- Files changed
|
|
142
|
+
- Command intents run
|
|
143
|
+
- Skipped visual or browser checks and reason
|
|
144
|
+
- Remaining render-stability risk
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.go-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 3
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: go-code-change
|
|
9
|
-
description: Apply this skill when Go source, modules, package APIs, interfaces, errors, goroutines, channels, context propagation, tests, or generated code boundaries are created or changed.
|
|
9
|
+
description: Apply this skill when Go source, modules, package APIs, interfaces, errors, goroutines, channels, context propagation, HTTP clients or servers, reverse proxies, JSON encoding, filesystem roots, network addresses, runtime limits, benchmarks, tests, tools, or generated code boundaries are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -28,13 +28,14 @@ metadata:
|
|
|
28
28
|
<!-- mustflow-section: purpose -->
|
|
29
29
|
## Purpose
|
|
30
30
|
|
|
31
|
-
Preserve Go package, module, API, error, context, concurrency, and test boundaries without adding needless abstraction.
|
|
31
|
+
Preserve Go package, module, API, error, context, concurrency, runtime, HTTP, JSON, filesystem, and test boundaries without adding needless abstraction.
|
|
32
32
|
|
|
33
33
|
<!-- mustflow-section: use-when -->
|
|
34
34
|
## Use When
|
|
35
35
|
|
|
36
|
-
- `.go`, `go.mod`, `go.sum`, `go.work`, build tags, generated code, public package API, tests, benchmarks, goroutines, channels,
|
|
37
|
-
- The task touches interfaces, error wrapping, package structure, concurrency ownership, or module dependencies.
|
|
36
|
+
- `.go`, `go.mod`, `go.sum`, `go.work`, build tags, generated code, public package API, tests, benchmarks, goroutines, channels, context propagation, HTTP clients or servers, reverse proxies, JSON encoding, filesystem access, network addresses, runtime tuning, tools, or module dependencies change.
|
|
37
|
+
- The task touches interfaces, error wrapping, package structure, concurrency ownership, cancellation, timeout policy, memory limits, race-sensitive code, benchmark measurement, or module dependencies.
|
|
38
|
+
- Code or docs use Go-version-gated features such as expression operands to `new`, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `os.Root` or `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `go fix` modernizers, `encoding/json/v2`, experimental `GOEXPERIMENT` features, or newer runtime defaults.
|
|
38
39
|
|
|
39
40
|
<!-- mustflow-section: do-not-use-when -->
|
|
40
41
|
## Do Not Use When
|
|
@@ -48,6 +49,8 @@ Preserve Go package, module, API, error, context, concurrency, and test boundari
|
|
|
48
49
|
- `go.mod`, `go.sum`, `go.work`, build tooling, lint config, and CI hints.
|
|
49
50
|
- All files in the changed package, including `_test.go`, build-tagged files, examples, and generated-file markers.
|
|
50
51
|
- The public API surface when exported identifiers, errors, or package paths change.
|
|
52
|
+
- Runtime and deployment context when the change touches HTTP, goroutines, timers, memory, `GOMAXPROCS`, cgroups, race detection, PGO, profiling, or container behavior.
|
|
53
|
+
- Minimum supported Go version, `go` directive, `toolchain` directive, `GOEXPERIMENT`, and whether the feature is stable, experimental, or repository-pinned.
|
|
51
54
|
- Configured verification intents.
|
|
52
55
|
|
|
53
56
|
<!-- mustflow-section: preconditions -->
|
|
@@ -56,6 +59,7 @@ Preserve Go package, module, API, error, context, concurrency, and test boundari
|
|
|
56
59
|
- Inspect the whole package before adding names or methods.
|
|
57
60
|
- Determine whether the change affects exported API, concurrency ownership, or dependency graph.
|
|
58
61
|
- Identify generated files and avoid direct edits unless explicitly requested.
|
|
62
|
+
- If a Go release, "latest Go", standard-library feature, runtime default, experimental package, or toolchain claim is written durably, use `version-freshness-check` and official Go sources.
|
|
59
63
|
|
|
60
64
|
<!-- mustflow-section: allowed-edits -->
|
|
61
65
|
## Allowed Edits
|
|
@@ -66,13 +70,19 @@ Preserve Go package, module, API, error, context, concurrency, and test boundari
|
|
|
66
70
|
- Preserve context propagation across API and goroutine boundaries.
|
|
67
71
|
- Return actionable errors and wrap causes when callers need `errors.Is` or `errors.As`.
|
|
68
72
|
- Add table-driven tests when they clarify behavior.
|
|
73
|
+
- Keep runtime and deployment tuning close to the process owner; do not hide memory, CPU, timeout, or profiling policy in unrelated helpers.
|
|
69
74
|
|
|
70
75
|
<!-- mustflow-section: procedure -->
|
|
71
76
|
## Procedure
|
|
72
77
|
|
|
73
78
|
1. Read module files, package files, tests, build tags, and generated-code markers.
|
|
74
|
-
2. Classify the change as package API, internal implementation, dependency, error behavior, context flow, concurrency, or test-only.
|
|
75
|
-
3. Check
|
|
79
|
+
2. Classify the change as package API, internal implementation, dependency, error behavior, context flow, concurrency, HTTP or proxy behavior, JSON encoding, filesystem safety, runtime or deployment behavior, benchmark, tooling, or test-only.
|
|
80
|
+
3. Check the Go version contract before using newer syntax or APIs:
|
|
81
|
+
- treat the `go` directive as a language and module compatibility switch, not decoration;
|
|
82
|
+
- do not use `new(expr)`, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `go fix` modernizers, `encoding/json/v2`, or any `GOEXPERIMENT` feature unless the repository's supported Go version and build path allow it;
|
|
83
|
+
- distinguish stable standard-library APIs from experimental APIs that require `GOEXPERIMENT`;
|
|
84
|
+
- when `go.mod` or `go.work` changes, report language-version, module-graph, toolchain, and downstream support impact.
|
|
85
|
+
4. Check package boundaries before adding a package or interface:
|
|
76
86
|
- reject shared bucket packages named `common`, `util`, `types`, `interfaces`, `api`, or `models` unless the repository already has a specific local convention with a narrower meaning;
|
|
77
87
|
- put an interface in the package that consumes the methods, not in the package that merely implements them;
|
|
78
88
|
- create an interface only after a real consumer needs that exact method set;
|
|
@@ -80,41 +90,79 @@ Preserve Go package, module, API, error, context, concurrency, and test boundari
|
|
|
80
90
|
- reject provider-side interfaces that exist only for mocks;
|
|
81
91
|
- reject provider constructors that return interfaces by default; prefer concrete exported types such as `*Client`, `*Store`, or `*Service`;
|
|
82
92
|
- verify that a package split reduces a real dependency direction problem or creates a coherent capability instead of hiding imports.
|
|
83
|
-
|
|
93
|
+
5. If exported identifiers or package paths change, classify the public API impact:
|
|
84
94
|
- treat exported functions, variables, constants, types, methods, struct fields, interfaces, interface method sets, sentinel errors, typed errors, module path, package import path, and minimum Go version as contracts;
|
|
85
95
|
- assume exported symbols in a v1+ module are public API unless the package is internal or local evidence proves otherwise;
|
|
86
96
|
- do not remove, rename, or change exported signatures, exported field types, exported interface methods, or observable error behavior without an explicit breaking-change plan;
|
|
87
97
|
- adding a method to an exported interface is breaking for external implementations even when adding a method to a concrete type would be safe.
|
|
88
|
-
|
|
98
|
+
6. Preserve error contracts:
|
|
89
99
|
- use `errors.Is` and `errors.As` semantics as observable API when documented or already tested;
|
|
90
100
|
- do not compare error strings;
|
|
91
101
|
- do not expose dependency sentinel or typed errors through wrapping unless the package intentionally supports them as API;
|
|
92
102
|
- treat a change between observable wrapping and non-observable formatting as API-sensitive;
|
|
103
|
+
- use `errors.AsType` only when the supported Go version allows it and the shorter form preserves the same typed-error contract;
|
|
93
104
|
- add tests for documented sentinel or typed errors when the error behavior changes.
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
105
|
+
7. If goroutines or channels change, name the owner, stop condition, cancellation path, wait path, error path, close responsibility, and test synchronization.
|
|
106
|
+
8. Choose the right goroutine primitive:
|
|
107
|
+
- use `sync.WaitGroup.Go` only for tasks that do not return errors and must not panic;
|
|
108
|
+
- use an errgroup-style boundary when work needs error propagation, context cancellation, or concurrency limits;
|
|
109
|
+
- do not hand-roll `WaitGroup` plus error channel plus cancellation plus semaphore unless the local code already owns that exact pattern and tests cover it;
|
|
110
|
+
- treat buffered-channel semaphores as semantic backpressure, not just a performance knob; changing capacity can change ordering and pressure;
|
|
111
|
+
- treat `TryLock` as suspicious unless skipping the work is genuinely correct and observable.
|
|
112
|
+
9. Reject fire-and-forget goroutines unless they are owned by a long-lived object with a shutdown path, joined before return, managed by a group with a wait path, or explicitly documented as safely detached.
|
|
113
|
+
10. Preserve context propagation:
|
|
97
114
|
- request-scoped functions accept `ctx` first and pass it down;
|
|
98
115
|
- do not store request context in structs;
|
|
99
116
|
- do not pass nil context;
|
|
100
117
|
- do not introduce `context.Background()` inside request or operation depth unless it is a true process root with a documented owner;
|
|
101
118
|
- derived contexts must release their cancel function on every path;
|
|
119
|
+
- use cancellation causes when callers or logs need to distinguish shutdown, rate limit, dependency timeout, parent cancellation, and explicit abort;
|
|
120
|
+
- use `context.WithoutCancel` only for short bounded cleanup such as audit or log flush work; add a fresh timeout or wait boundary because it does not inherit cancellation or deadline;
|
|
121
|
+
- when `context.AfterFunc` bridges a context-unaware API, design the stop function and completion wait separately because stopping does not wait for an already-running callback;
|
|
102
122
|
- blocking sends, receives, waits, retry loops, worker loops, and external calls must observe cancellation or be proven non-blocking.
|
|
103
|
-
|
|
123
|
+
11. Preserve channel ownership:
|
|
104
124
|
- the sender that knows all sends are complete closes the channel;
|
|
105
125
|
- receivers do not close borrowed input channels;
|
|
106
126
|
- multiple senders require a coordinator that closes only after all senders finish;
|
|
107
127
|
- cancellable pipelines must avoid permanently blocking upstream goroutines when downstream stops early.
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
128
|
+
12. Keep timeout policy at request, command, API, or operation boundaries. Do not hide arbitrary sleeps or timeouts in reusable helpers unless that helper explicitly owns the policy.
|
|
129
|
+
13. Check HTTP and proxy defaults:
|
|
130
|
+
- set deliberate `http.Client` and `http.Server` timeouts for network-facing code; zero timeout means no limit in important cases;
|
|
131
|
+
- reuse clients and transports instead of creating them per request;
|
|
132
|
+
- prefer reverse-proxy rewrite hooks over deprecated or unsafe director-style mutation when the supported Go version allows it;
|
|
133
|
+
- keep hop-by-hop header, forwarded-host, scheme, cancellation, streaming, and error-mapping behavior explicit.
|
|
134
|
+
14. Keep JSON contracts honest:
|
|
135
|
+
- choose `omitempty` versus `omitzero` deliberately, especially for `time.Time`, numeric zero, boolean false, and optional fields;
|
|
136
|
+
- use `SetEscapeHTML(false)` only when the JSON is not embedded into HTML and callers expect raw `<`, `>`, or `&`;
|
|
137
|
+
- treat `encoding/json/v2` and `jsontext` as experimental unless the repository explicitly opts into the relevant experiment and migration tests.
|
|
138
|
+
15. Check filesystem and network address helpers:
|
|
139
|
+
- use traversal-resistant root APIs when accepting user-controlled relative paths and the supported Go version provides them;
|
|
140
|
+
- do not treat `filepath.Join` plus prefix checks as sufficient against symlinks and TOCTOU;
|
|
141
|
+
- prefer `net/netip` for comparable IP addresses and map keys when supported;
|
|
142
|
+
- use `net.JoinHostPort` instead of string formatting for host and port assembly so IPv6 works.
|
|
143
|
+
16. Check runtime and deployment behavior when relevant:
|
|
144
|
+
- set `GOMEMLIMIT` or `debug.SetMemoryLimit` before tuning `GOGC` for container memory pressure, leaving headroom for non-Go memory such as cgo, mmap, and the kernel;
|
|
145
|
+
- question manual `GOMAXPROCS` pins in containers on Go versions with container-aware defaults;
|
|
146
|
+
- use PGO only with representative profiles and keep `default.pgo` ownership clear;
|
|
147
|
+
- treat goroutine leak profiling, SIMD, JSON v2, and other experiments as opt-in evidence-gathering, not default production assumptions;
|
|
148
|
+
- remember that `-race` only finds races on executed paths and carries significant overhead.
|
|
149
|
+
17. Keep tests and benchmarks deterministic:
|
|
150
|
+
- do not use elapsed real time to wait for goroutine progress; use explicit synchronization, owned lifecycle waits, fake time, `testing/synctest` when supported, or the repository's established concurrency test helper;
|
|
151
|
+
- prefer `testing.B.Loop` for new benchmarks when the supported Go version allows it, and keep setup, cleanup, allocation measurement, and compiler optimization boundaries honest.
|
|
152
|
+
18. Keep Go tools and modernization explicit:
|
|
153
|
+
- prefer the `tool` directive over `tools.go` pinning only when the repository's supported Go version allows it;
|
|
154
|
+
- use `go fix` modernizers as reviewed migrations, not silent drive-by rewrites;
|
|
155
|
+
- prefer standard-library helpers such as `min`, `max`, `clear`, `slices`, `maps`, and `cmp` over new local utility packages when the supported Go version allows them.
|
|
156
|
+
19. If dependency metadata changes, keep module files and dependent tests synchronized. Do not raise the `go` directive, add toolchain requirements, change module path, or introduce direct dependencies unless the task requires it and the final report calls out the support impact.
|
|
157
|
+
20. Choose configured verification intents that cover formatting, tests, race-sensitive behavior, lint, API drift, module drift, docs, and release metadata when available.
|
|
112
158
|
|
|
113
159
|
<!-- mustflow-section: postconditions -->
|
|
114
160
|
## Postconditions
|
|
115
161
|
|
|
116
162
|
- Package ownership and exported API impact are clear.
|
|
117
163
|
- Context, goroutine, channel, and error ownership are explicit.
|
|
164
|
+
- Go-version-gated syntax, standard-library APIs, runtime defaults, experiments, and module metadata are compatible with the repository's supported Go version.
|
|
165
|
+
- HTTP timeout, proxy, JSON, filesystem, network address, runtime, test-time, benchmark, and tool decisions are explicit where touched.
|
|
118
166
|
- Tests cover the changed behavior without sleeps as synchronization.
|
|
119
167
|
- Module drift is reported when dependency verification cannot run.
|
|
120
168
|
|
|
@@ -130,7 +178,7 @@ Use configured oneshot command intents when available:
|
|
|
130
178
|
- `docs_validate_fast`
|
|
131
179
|
- `mustflow_check`
|
|
132
180
|
|
|
133
|
-
For concurrency-sensitive changes, report whether a configured race or equivalent verification intent exists.
|
|
181
|
+
For concurrency-sensitive changes, report whether a configured race or equivalent verification intent exists. For Go-version-gated features, report whether the repository has a configured matrix, build, or test path for the selected Go version.
|
|
134
182
|
|
|
135
183
|
<!-- mustflow-section: failure-handling -->
|
|
136
184
|
## Failure Handling
|
|
@@ -140,6 +188,9 @@ For concurrency-sensitive changes, report whether a configured race or equivalen
|
|
|
140
188
|
- If a provider-side interface appears only for mocking, delete it or move a minimal interface to the consumer.
|
|
141
189
|
- If tests need sleeps for concurrency, prefer deterministic synchronization or report the gap.
|
|
142
190
|
- If a goroutine has no owner, stop condition, wait path, cancellation path, or error path, do not add it.
|
|
191
|
+
- If a newer Go feature is useful but the repository's `go` directive or CI matrix is lower, keep a fallback, defer the change, or report the required version bump instead of sneaking in the feature.
|
|
192
|
+
- If HTTP clients, servers, or proxies have no timeout or cancellation boundary, stop and make the missing policy explicit before calling the path production-ready.
|
|
193
|
+
- If JSON tag changes alter omitted fields, zero values, HTML escaping, or experimental JSON behavior, treat the change as an API contract risk.
|
|
143
194
|
- If a public error stops satisfying documented `errors.Is` or `errors.As` checks, restore the contract or report the breaking-change requirement.
|
|
144
195
|
- If wrapping would expose a dependency error as public API, keep the dependency error internal or document the intentional contract.
|
|
145
196
|
- If a generated file must change but no generator intent exists, report the missing command contract.
|
|
@@ -150,6 +201,7 @@ For concurrency-sensitive changes, report whether a configured race or equivalen
|
|
|
150
201
|
- Boundary checked
|
|
151
202
|
- Package and API impact
|
|
152
203
|
- Context/concurrency/error notes
|
|
204
|
+
- Go version, runtime, HTTP, JSON, filesystem, benchmark, and tool notes when relevant
|
|
153
205
|
- Files changed
|
|
154
206
|
- Command intents run
|
|
155
207
|
- Skipped checks and reasons
|
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.heuristic-candidate-selection
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: heuristic-candidate-selection
|
|
9
|
+
description: Apply this skill when a large folder, repository, documentation set, or refactor request needs cheap-signal candidate selection before reading or editing many files.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.heuristic-candidate-selection
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- test_related
|
|
19
|
+
- docs_validate_fast
|
|
20
|
+
- test_release
|
|
21
|
+
- mustflow_check
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
# Heuristic Candidate Selection
|
|
25
|
+
|
|
26
|
+
<!-- mustflow-section: purpose -->
|
|
27
|
+
## Purpose
|
|
28
|
+
|
|
29
|
+
Prevent agents from opening every file in a large scope before they know which files are likely to matter.
|
|
30
|
+
|
|
31
|
+
Use cheap repository signals to rank candidate files, calibrate the ranking with small samples, read only the selected batch, and verify that the selected change actually improved the targeted risk.
|
|
32
|
+
|
|
33
|
+
<!-- mustflow-section: use-when -->
|
|
34
|
+
## Use When
|
|
35
|
+
|
|
36
|
+
- The user asks to find sparse, stale, incomplete, weak, outdated, duplicate, oversized, risky, or refactor-worthy files across a broad folder or repository.
|
|
37
|
+
- A request such as "fill in thin docs", "improve weak documents", "refactor files with too much code", "clean up this folder", "audit this area", or "find what to fix first" would otherwise tempt the agent to read many files.
|
|
38
|
+
- The task needs candidate discovery before implementation, especially for documentation sets, content collections, tests, frontend components, backend services, logs, data files, migrations, or monorepo packages.
|
|
39
|
+
- The next safe edit depends on separating file discovery, target selection, precise reading, and modification.
|
|
40
|
+
- The user values efficient navigation, bounded context, or batch-by-batch work over a broad manual sweep.
|
|
41
|
+
|
|
42
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
43
|
+
## Do Not Use When
|
|
44
|
+
|
|
45
|
+
- The task names one or two exact files and the required edit is already clear.
|
|
46
|
+
- A failing command, stack trace, or reproduction path already identifies the first files to inspect; use `repro-first-debug` or `failure-triage`.
|
|
47
|
+
- The task is only to orient in an unfamiliar area without ranking candidates; use `codebase-orientation`.
|
|
48
|
+
- The task is only to choose a local precedent after the target file is known; use `pattern-scout`.
|
|
49
|
+
- The user explicitly asks for exhaustive manual review of every file and accepts the cost.
|
|
50
|
+
|
|
51
|
+
<!-- mustflow-section: required-inputs -->
|
|
52
|
+
## Required Inputs
|
|
53
|
+
|
|
54
|
+
- User goal, target scope, and whether the output should be analysis-only, candidate list, or implementation batch.
|
|
55
|
+
- File-type and role boundaries, such as source, tests, docs, schemas, configs, generated files, assets, logs, data, migrations, or package surfaces.
|
|
56
|
+
- Cheap signals available without reading every full file: file names, sizes, line counts, symbol or heading outlines, changed-file summaries, recent churn, inbound or outbound dependency hints, search hits, TODO-like markers, entrypoints, schema or config centrality, test proximity, user-facing routes, and generated-file markers.
|
|
57
|
+
- Exclusion rules for generated output, vendored code, lockfiles, snapshots, build artifacts, caches, and intentionally tiny adapter, index, barrel, or marker files.
|
|
58
|
+
- Risk and importance factors for the domain, such as user-visible route, public API, schema ownership, money, permission, data mutation, external I/O, runtime configuration, search exposure, internal-link centrality, or recent work-in-progress.
|
|
59
|
+
- Batch limit, folder quota, confidence threshold, and verification intents relevant to the selected surface.
|
|
60
|
+
|
|
61
|
+
<!-- mustflow-section: preconditions -->
|
|
62
|
+
## Preconditions
|
|
63
|
+
|
|
64
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
65
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
66
|
+
- Candidate selection is needed before reading complete files.
|
|
67
|
+
- Missing cheap-signal sources can be reported without inventing a ranking.
|
|
68
|
+
|
|
69
|
+
<!-- mustflow-section: allowed-edits -->
|
|
70
|
+
## Allowed Edits
|
|
71
|
+
|
|
72
|
+
- Analysis-only mode may produce a ranked candidate list, read plan, batch plan, and excluded-surface notes without changing files.
|
|
73
|
+
- Implementation mode may edit only the selected bounded batch and directly synchronized files required by the chosen change.
|
|
74
|
+
- Add or update lightweight audit helpers, fixtures, or docs only when the repository already has an appropriate owned surface or the user asked for reusable automation.
|
|
75
|
+
- Do not read, summarize, or modify a whole large folder just because it is in scope.
|
|
76
|
+
- Do not modify generated files, external dependencies, lockfiles, snapshots, or broad shared utilities unless the selected task explicitly requires that surface and the matching skill allows it.
|
|
77
|
+
- Do not fill unknown source material, book summaries, external facts, API behavior, or domain claims from model memory. Mark such targets as `needs_source`, `needs_runtime_check`, or `needs_domain_decision`.
|
|
78
|
+
|
|
79
|
+
<!-- mustflow-section: procedure -->
|
|
80
|
+
## Procedure
|
|
81
|
+
|
|
82
|
+
1. Define the selection job.
|
|
83
|
+
- Restate the user goal, target scope, intended deliverable, batch size, and whether edits are allowed now.
|
|
84
|
+
- Decide whether candidates should optimize for risk, importance, certainty, repair value, or low-cost cleanup.
|
|
85
|
+
2. Classify file roles before scoring.
|
|
86
|
+
- Separate human-authored source from generated output, dependency folders, build artifacts, caches, snapshots, lockfiles, vendored code, and intentionally small glue files.
|
|
87
|
+
- Treat config, schema, route, permission, payment, data mutation, migration, queue, webhook, cache, and external-adapter files as high-impact even when small.
|
|
88
|
+
3. Gather cheap signals before opening full files.
|
|
89
|
+
- Prefer file metadata, changed-file summaries, search hits, symbol or heading outlines, import or dependency hints, route maps, schema names, test names, warning summaries, and bounded head or tail previews.
|
|
90
|
+
- Use configured command receipts and declared generated maps only as evidence or navigation aids; they do not replace current files or command contracts.
|
|
91
|
+
- For documentation and content, score body-like content separately from frontmatter, imports, exports, component wrappers, links, images, quotes, code blocks, placeholders, and duplicated descriptions.
|
|
92
|
+
- For code, score churn, entrypoint proximity, dependency centrality, missing nearby tests, TODO-like markers, type bypasses, exception density, mutation paths, async or concurrency hints, config and schema ownership, and public-contract exposure.
|
|
93
|
+
4. Build a candidate score instead of using one metric.
|
|
94
|
+
- Combine risk, importance, certainty, and estimated fix cost.
|
|
95
|
+
- Calibrate small-file findings by file role so index files, barrel exports, type declarations, marker files, and config shims are not treated as broken merely because they are short.
|
|
96
|
+
- For large-file refactors, prefer symbol outlines, export lists, responsibility clusters, churn, dependency centrality, and test coverage gaps before reading the whole file.
|
|
97
|
+
- For documentation gaps, compare each file to its sibling folder pattern and expected document role before calling it thin.
|
|
98
|
+
5. Avoid tunnel vision.
|
|
99
|
+
- Limit candidates per folder or package so one noisy directory does not consume the whole batch.
|
|
100
|
+
- Include a small random or representative sample from lower-scored files to expose blind spots in the scoring formula.
|
|
101
|
+
- Select good sibling examples as references before editing weak files.
|
|
102
|
+
6. Choose the read batch.
|
|
103
|
+
- Produce a ranked list with path, score drivers, role classification, likely risk, and why this candidate is worth reading now.
|
|
104
|
+
- Select only the top bounded batch plus any directly required sibling examples or one-step dependencies.
|
|
105
|
+
- Keep candidate selection separate from editing; do not justify edits by retrofitting the ranking after reading.
|
|
106
|
+
7. Read precisely.
|
|
107
|
+
- Open only selected files, relevant symbols, relevant sections, head or tail previews, and direct dependencies needed to validate the candidate.
|
|
108
|
+
- If a candidate proves healthy, mark it `skipped_healthy` and move on instead of forcing a change.
|
|
109
|
+
- If evidence is insufficient, mark it `needs_source`, `needs_runtime_check`, `needs_domain_decision`, or `needs_larger_scope` rather than guessing.
|
|
110
|
+
8. Edit the selected batch only when implementation is in scope.
|
|
111
|
+
- Preserve frontmatter, imports, exports, public APIs, routes, schemas, component contracts, and file identity unless the chosen change explicitly requires them.
|
|
112
|
+
- For documents with missing source evidence, add safe scaffolding such as reading questions, verification prompts, known context, application ideas, and follow-up checks instead of invented summaries.
|
|
113
|
+
- For code refactors, keep behavior-preserving changes separate from behavior changes and activate narrower code, test, security, data, UI, or pattern skills as soon as their trigger appears.
|
|
114
|
+
9. Verify and re-audit.
|
|
115
|
+
- Run the narrowest configured verification intents that cover the changed surfaces.
|
|
116
|
+
- Compare the post-change state to the original selection signals when an audit score, warning count, TODO count, test proximity, or candidate risk was the reason for the work.
|
|
117
|
+
- Stop if the diff grows beyond the selected batch, the scoring evidence was wrong, or verification fails and needs triage.
|
|
118
|
+
|
|
119
|
+
<!-- mustflow-section: postconditions -->
|
|
120
|
+
## Postconditions
|
|
121
|
+
|
|
122
|
+
- Broad-scope work starts from cheap signals and a bounded candidate list, not full-file reading.
|
|
123
|
+
- Selected candidates have explicit score drivers, role classification, and read reasons.
|
|
124
|
+
- Healthy candidates can be skipped without edits.
|
|
125
|
+
- Edited files stay inside the selected batch and directly required synchronized surfaces.
|
|
126
|
+
- The final report distinguishes selected, modified, skipped, deferred, and unsafe-to-guess candidates.
|
|
127
|
+
|
|
128
|
+
<!-- mustflow-section: verification -->
|
|
129
|
+
## Verification
|
|
130
|
+
|
|
131
|
+
Use configured oneshot command intents when available:
|
|
132
|
+
|
|
133
|
+
- `changes_status`
|
|
134
|
+
- `changes_diff_summary`
|
|
135
|
+
- `test_related`
|
|
136
|
+
- `docs_validate_fast`
|
|
137
|
+
- `test_release`
|
|
138
|
+
- `mustflow_check`
|
|
139
|
+
|
|
140
|
+
Use narrower configured test, build, documentation, package, or mustflow intents when they better prove the selected surface. Do not invent verification commands from package scripts, external advice, or model memory.
|
|
141
|
+
|
|
142
|
+
<!-- mustflow-section: failure-handling -->
|
|
143
|
+
## Failure Handling
|
|
144
|
+
|
|
145
|
+
- If cheap signals are unavailable or contradictory, report the missing evidence and fall back to a smaller manual sample instead of reading the whole scope.
|
|
146
|
+
- If many candidates tie, use folder quotas, importance factors, and representative sampling rather than expanding the batch until it becomes unreviewable.
|
|
147
|
+
- If generated files, lockfiles, snapshots, vendored code, or build output dominate the candidate list, tighten exclusions and restart candidate selection.
|
|
148
|
+
- If selected documentation lacks trustworthy source material, do not summarize the missing source; mark the file for source-backed follow-up or add only safe reading and verification scaffolding.
|
|
149
|
+
- If a refactor candidate touches a public API, schema, config, permission, money, data, external I/O, or migration boundary, activate the narrower matching skill before editing.
|
|
150
|
+
- If the batch diff becomes too large or mixes unrelated concerns, stop and report a smaller next batch.
|
|
151
|
+
|
|
152
|
+
<!-- mustflow-section: output-format -->
|
|
153
|
+
## Output Format
|
|
154
|
+
|
|
155
|
+
- Selection goal and mode
|
|
156
|
+
- Target scope and excluded surfaces
|
|
157
|
+
- Cheap signals gathered
|
|
158
|
+
- Scoring factors and calibration sample
|
|
159
|
+
- Ranked candidates with score drivers
|
|
160
|
+
- Selected read batch and batch limits
|
|
161
|
+
- Files modified, skipped healthy, or deferred with reason
|
|
162
|
+
- Post-change audit or comparison result when applicable
|
|
163
|
+
- Command intents run
|
|
164
|
+
- Skipped checks and reasons
|
|
165
|
+
- Remaining selection, evidence, or batch-size risk
|