mustflow 2.32.0 → 2.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/api/actions.js +55 -0
- package/dist/cli/commands/api/report-runner.js +62 -0
- package/dist/cli/commands/api/serve.js +149 -0
- package/dist/cli/commands/api/workspace-recommendations.js +13 -0
- package/dist/cli/commands/api.js +15 -275
- package/dist/cli/lib/local-index/search-read-model.js +44 -7
- package/dist/cli/lib/validation/frontmatter.js +75 -0
- package/dist/cli/lib/validation/index.js +4 -86
- package/dist/cli/lib/validation/safe-read.js +13 -0
- package/dist/core/active-run-locks.js +110 -10
- package/dist/core/run-performance-history.js +14 -1
- package/dist/core/validation-ratchet.js +1 -1
- package/package.json +1 -1
- package/templates/default/i18n.toml +55 -19
- package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +15 -7
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +20 -8
- package/templates/default/locales/en/.mustflow/skills/adapter-boundary/SKILL.md +9 -2
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +249 -0
- package/templates/default/locales/en/.mustflow/skills/api-contract-change/SKILL.md +16 -11
- package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +11 -4
- package/templates/default/locales/en/.mustflow/skills/backend-reliability-change/SKILL.md +289 -0
- package/templates/default/locales/en/.mustflow/skills/css-code-change/SKILL.md +24 -14
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +18 -7
- package/templates/default/locales/en/.mustflow/skills/frontend-render-stability/SKILL.md +144 -0
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +70 -18
- package/templates/default/locales/en/.mustflow/skills/html-code-change/SKILL.md +20 -13
- package/templates/default/locales/en/.mustflow/skills/http-delivery-streaming/SKILL.md +205 -0
- package/templates/default/locales/en/.mustflow/skills/performance-budget-check/SKILL.md +9 -7
- package/templates/default/locales/en/.mustflow/skills/proactive-risk-surfacing/SKILL.md +198 -0
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +27 -11
- package/templates/default/locales/en/.mustflow/skills/routes.toml +37 -1
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +41 -17
- package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +167 -0
- package/templates/default/locales/en/.mustflow/skills/tailwind-code-change/SKILL.md +37 -23
- package/templates/default/locales/en/.mustflow/skills/tauri-code-change/SKILL.md +27 -10
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +22 -4
- package/templates/default/locales/en/.mustflow/skills/unocss-code-change/SKILL.md +34 -15
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +29 -5
- package/templates/default/locales/en/AGENTS.md +3 -2
- package/templates/default/locales/ko/.mustflow/docs/agent-workflow.md +13 -8
- package/templates/default/locales/ko/AGENTS.md +2 -2
- package/templates/default/manifest.toml +37 -1
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skills.index
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 108
|
|
6
6
|
authority: router
|
|
7
7
|
lifecycle: mustflow-owned
|
|
8
8
|
---
|
|
@@ -46,6 +46,12 @@ refer to `AGENTS.md` and `.mustflow/config/commands.toml` to implement the most
|
|
|
46
46
|
privacy, release, or contract drift.
|
|
47
47
|
- Use `completion-evidence-gate` as a final reporting adjunct when a completion, readiness, merge,
|
|
48
48
|
release, install, or verification claim needs current repository evidence.
|
|
49
|
+
- Use `proactive-risk-surfacing` as an event route when current evidence reveals a scope-adjacent
|
|
50
|
+
risk outside the literal request and the agent must decide whether to fix now, report only, ask
|
|
51
|
+
first, or ignore it without broadening into unrelated work.
|
|
52
|
+
- Use `ai-generated-code-hardening` as an adjunct when assistant-authored, AI-generated, or
|
|
53
|
+
broad code changes need a repository-evidence pass for duplicate helpers or shapes, hidden
|
|
54
|
+
coupling, public-surface drift, swallowed errors, excessive complexity, and weak tests.
|
|
49
55
|
- Use `command-intent-mapping-gate` when outside text, docs, AI output, snippets, or reports suggest
|
|
50
56
|
commands before running, preserving, or documenting those commands.
|
|
51
57
|
- Use `public-json-contract-change` instead of the broader CLI-output route when JSON, JSONL,
|
|
@@ -122,25 +128,28 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
122
128
|
| Code changes need review before report | `.mustflow/skills/code-review/SKILL.md` | Diff and task goal | Changed files | behavior and regression | `test`, `test_related`, `test_audit`, `lint` | Findings or no-issue note |
|
|
123
129
|
| An unfamiliar codebase area needs an evidence-based map before planning, implementation, or reporting | `.mustflow/skills/codebase-orientation/SKILL.md` | User request, target area, relevant instructions, and current source, test, schema, template, configuration, or documentation files | Read-only orientation notes and any smallest follow-up edit chosen from inspected evidence | stale documentation, wrong ownership boundary, or invented architecture claim | `changes_status`, `changes_diff_summary`, `mustflow_check` | Scope inspected, entrypoints, flow map, ownership boundaries, verification options, risks, unknowns, and smallest safe next step |
|
|
124
130
|
| Large-scope code, docs, tests, content, log, data, or refactor work needs cheap-signal candidate selection before reading or editing many files | `.mustflow/skills/heuristic-candidate-selection/SKILL.md` | User goal, target scope, file-role boundaries, cheap signals, exclusions, scoring factors, batch limit, and verification contract | Candidate discovery, scoring, read plan, bounded batch edits, and directly synchronized surfaces | token waste, false positives, generated-file noise, unimportant cleanup, hallucinated source content, oversized diff, or missed high-impact file | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Selection goal, excluded surfaces, cheap signals, scored candidates, selected batch, skipped/deferred files, verification, and remaining selection risk |
|
|
131
|
+
| Assistant-authored, AI-generated, vibe-coded, copied, or broad code changes need a hardening pass for duplicate helpers, duplicate types or shapes, hidden coupling, circular dependencies, re-export discipline, swallowed errors, excessive nesting, god functions or files, edge cases, and behavior-focused tests | `.mustflow/skills/ai-generated-code-hardening/SKILL.md` | User goal, current diff or target files, existing helpers/types/shapes, import and export paths, public entrypoints or barrels, error-handling conventions, edge/failure cases, tests, and configured command intents | Small hardening fixes, deduplication into existing single source of truth, boundary notes, focused tests, and directly synchronized docs or contracts | duplicate abstractions, hidden coupling, circular dependency, accidental public API, string-only tests, over-mocking, fallback sprawl, silent error handling, fan-in/fan-out concentration, or broad rewrite | `changes_status`, `changes_diff_summary`, `test_related`, `test_audit`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Sources of truth reused or extended, duplicate/coupling/export/error/complexity/test findings, fixes made, deferred enforcement, verification, and remaining hardening risk |
|
|
125
132
|
| A coding task has missing intent, scope, domain, data, security, UX, dependency, architecture, or verification decisions that cannot be safely inferred from repository evidence | `.mustflow/skills/clarifying-question-gate/SKILL.md` | User request, inspected repository evidence, unresolved decisions, reversibility classification, recommended option, and tradeoffs | Blocking questions, safe assumptions, and the smallest safe implementation boundary | over-questioning, lazy questions, expensive wrong assumptions, user-owned decision drift, data loss, auth bypass, public-contract drift, dependency bloat, or unverifiable completion | `changes_status`, `changes_diff_summary`, `mustflow_check` | Repository evidence inspected, blocking questions with recommendations, safe assumptions, selected scope, verification, and remaining ambiguity |
|
|
126
133
|
| A task chooses, migrates, rewrites, or justifies a primary language, runtime, framework, compile target, or execution environment | `.mustflow/skills/runtime-target-selection/SKILL.md` | Current runtime surfaces, target options, product or system need, environment constraints, migration boundary, smoke targets, and performance or reliability claims | Decision records, skill procedures, route metadata, migration plans, command-contract proposals, tests, fixtures, docs, and smallest selected migration scaffold | language-preference rewrite, unsupported runtime target, unusable build loop, cache or artifact blowup, missing smoke target, deployment drift, or false performance claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_related`, `test_release`, `mustflow_check` | Decision boundary, candidate targets, environment and build-loop evidence, smoke targets, migration boundary, calibrated claims, verification, and remaining runtime-target risk |
|
|
127
134
|
| Non-trivial code work needs early structure decisions around domain rules, public contracts, external I/O, operational safety, failure handling, concurrency, data flow, or future change cost | `.mustflow/skills/structure-first-engineering/SKILL.md` | User request, target files, project context, core boundary, data flow, expected failures, public contracts, I/O surfaces, and verification contract | Risk block, focused boundaries, DTOs, adapters, pure functions, error models, tests, and directly synchronized docs or contracts | under-designed hard boundary, speculative abstraction, vague service layer, mixed I/O and domain rules, hidden partial failure, or untestable behavior | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Work risk, structure decision, data flow, failure model, I/O and concurrency boundaries, tests, verification, and remaining structure risk |
|
|
128
|
-
| HTTP, REST, GraphQL, tRPC, Hono RPC, Elysia Eden, gRPC, protobuf, OpenAPI, request/response schema, status code, header, error envelope, pagination, filtering, sorting, search, generated client, SDK, mock, fixture, or API docs contract is created or changed | `.mustflow/skills/api-contract-change/SKILL.md` | API style, contract source of truth, changed operations, request and response schemas, status and headers, error envelope, auth and permission behavior, pagination/filter/sort/search semantics, generated clients, SDKs, mocks, fixtures, callers, docs, and command contract entries | Routes, handlers, resolvers, validators, schemas, generated clients, SDKs, mocks, fixtures, docs, tests, and directly synchronized examples | route-only change, schema drift, generated-client breakage, hidden breaking change, status or error drift, pagination/search semantic drift, auth/permission drift, or stale docs examples | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | API contract source, changed operations, compatibility classification, synchronized client/schema/docs/tests surfaces, verification, and remaining API contract risk |
|
|
135
|
+
| HTTP, REST, GraphQL, tRPC, Hono RPC, Elysia Eden, gRPC, protobuf, OpenAPI, request/response schema, status code, header, content negotiation, cache header, error envelope, pagination, filtering, sorting, search, generated client, SDK, mock, fixture, or API docs contract is created or changed | `.mustflow/skills/api-contract-change/SKILL.md` | API style, contract source of truth, changed operations, request and response schemas, status and headers, content negotiation, error envelope, auth and permission behavior, pagination/filter/sort/search semantics, generated clients, SDKs, mocks, fixtures, callers, docs, and command contract entries | Routes, handlers, resolvers, validators, schemas, generated clients, SDKs, mocks, fixtures, docs, tests, and directly synchronized examples | route-only change, schema drift, generated-client breakage, hidden breaking change, status or error drift, pagination/search semantic drift, auth/permission drift, cache/header drift, or stale docs examples | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | API contract source, changed operations, compatibility classification, synchronized client/schema/docs/tests surfaces, verification, and remaining API contract risk |
|
|
136
|
+
| Backend APIs, workers, jobs, queues, caches, database write paths, external service calls, health checks, observability, feature flags, idempotency, retries, outbox/inbox processing, or operational failure handling are created, changed, reviewed, or reported | `.mustflow/skills/backend-reliability-change/SKILL.md` | Backend surface, trigger shape, idempotency boundary, external-call deadline and retry policy, persistence and transaction boundary, queue/cache behavior, observability fields, rollout gate, and command contract entries | Handlers, services, workers, retry policy, timeout policy, idempotency storage, outbox/inbox code, cache boundaries, health endpoints, observability fields, flags, tests, docs, and directly synchronized templates | duplicate side effects, retry storm, unbounded wait, DB uniqueness race, cache stampede, stale cache authority, poison message loop, missing outbox/inbox, raw ORM response, object-level authorization bypass, high-cardinality telemetry, secret or personal-data log leak, broken liveness/readiness, or missing kill switch | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Backend surface, idempotency and retry/timeout decisions, queue/cache/database notes, health-probe split, observability and auth/DTO notes, rollout gate, verification, and remaining backend reliability risk |
|
|
137
|
+
| HTTP delivery, content coding, compression negotiation, CDN or proxy cache behavior, streaming responses, SSE, EventSource, WebTransport, WebSocket fallback, HTTP/2 or HTTP/3 transport behavior, browser transport clients, reverse-proxy buffering, reconnect behavior, or delivery observability is created, changed, reviewed, or reported | `.mustflow/skills/http-delivery-streaming/SKILL.md` | Delivery surface, routes or assets, headers, cache and proxy/CDN path, browser/API clients, fallback behavior, streaming lifecycle, compression or dictionary choice, and observability fields | Route handlers, response headers, CDN/proxy config, browser transport code, streaming adapters, fallback clients, docs, tests, and directly synchronized templates | wrong content decoding, cache poisoning, private data cached publicly, proxy buffering, lost events, reconnect gaps, unsupported transport, unreliable datagram misuse, false compression win, or fallback failure | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Delivery ledger, negotiated encodings, cache/proxy behavior, stream/reconnect/fallback behavior, verification, and remaining delivery risk |
|
|
129
138
|
| C++ source, headers, modules, native build metadata, toolchains, package managers, public headers, shared or static libraries, ABI surfaces, generated bindings, FFI, tests, or benchmarks are created or changed | `.mustflow/skills/cpp-code-change/SKILL.md` | Owning target, compilation identity, build front door, changed consumed surface, public API/ABI/FFI/binding surfaces, ownership and lifetime contracts, and command contract entries | C++ source, headers, modules, build metadata, package metadata, generated bindings, FFI code, tests, benchmarks, and directly synchronized docs | target drift, source API break, binary ABI break, undefined behavior, lifetime bug, build-graph drift, generated-binding drift, FFI memory bug, unverified modern C++ feature, or false performance claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Owning target, compilation identity, highest compatibility risk, ownership/lifetime/UB/concurrency notes, public API/ABI/FFI/binding impact, verification, and remaining C++ risk |
|
|
130
139
|
| Node.js runtime code, package manager ownership, module format, package entry metadata, native dependencies, Node test runner behavior, TypeScript execution mode, or deployment runtime support is created or changed | `.mustflow/skills/node-code-change/SKILL.md` | Node version signals, package manager and lockfile owner, module/package metadata, TypeScript loader, test runner, native dependency, deployment target, and command contract entries | Node runtime code, package metadata, lockfiles, scripts, CI or Docker runtime declarations, test runner config, native dependency handling, docs examples, and directly synchronized package surfaces | newest-Node assumption, package manager drift, ESM/CJS break, blocked deep import, native dependency break, Node native TypeScript overclaim, test runner migration risk, deployment mismatch, or permission-model overclaim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Runtime and package manager decision, module/package entry notes, TypeScript/test runner notes, native/deployment risks, verification, and remaining Node.js risk |
|
|
131
140
|
| Bun runtime code, Bun package manager behavior, `bun.lock`, `bunfig.toml`, Bun test runner behavior, Bun bundling, Bun TypeScript execution, or Bun-specific APIs are created or changed | `.mustflow/skills/bun-code-change/SKILL.md` | Bun role signals, `package.json`, Bun and non-Bun lockfiles, `bunfig.toml`, CI/Docker Bun setup, TypeScript config, Bun APIs, native dependency signals, and command contract entries | Bun runtime code, Bun package manager metadata, lockfiles, `bunfig.toml`, scripts, tests, bundler config, TypeScript/declaration pipeline, package metadata, and directly synchronized docs | Bun role confusion, lockfile drift, trusted dependency overgrant, runtime/package-manager conflation, Bun TypeScript typecheck overclaim, Bun build declaration gap, Node compatibility break, shebang mismatch, or native binary break | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Bun role classification, lockfile/trust notes, runtime/type/build/test notes, Node compatibility risks, verification, and remaining Bun risk |
|
|
132
141
|
| Dockerfiles, `.dockerignore`, Docker Compose files, BuildKit or buildx behavior, container image metadata, tags, entrypoints, health checks, Docker CI workflows, image security scanning, SBOM or provenance settings, registry publishing, or container runtime validation are created or changed | `.mustflow/skills/docker-code-change/SKILL.md` | Docker surfaces, project image shape, base image and platform signals, build context and cache signals, runtime contract, security and supply-chain contract, and command contract entries | Dockerfiles, `.dockerignore`, Compose files, container CI workflow snippets, image metadata, package tests, docs examples, template metadata, and directly synchronized skill routes | cache breakage, secret leak, root runtime, host access escape, dev dependency in final image, mutable tag drift, untrusted CI publish, missing SBOM/provenance, unverified runtime, or false production-readiness claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Docker surface classification, image/base/cache/stage decisions, secret/user/runtime/Compose/CI supply-chain notes, verification, and remaining Docker risk |
|
|
133
|
-
| TypeScript source, declarations, tsconfig, package exports, module resolution, public API, or TypeScript tests are created or changed | `.mustflow/skills/typescript-code-change/SKILL.md` | TypeScript config, package entry metadata, target runtime, changed files, and command contract entries | TypeScript source, declarations, compiler config, exports, tests, and directly synchronized docs | weakened type safety, module drift, public API drift,
|
|
142
|
+
| TypeScript source, declarations, tsconfig, package exports, module resolution, public API, compiler-version behavior, TypeScript 6-to-7 migration surfaces, native preview tooling, or TypeScript tests are created or changed | `.mustflow/skills/typescript-code-change/SKILL.md` | TypeScript config, compiler track, package entry metadata, target runtime, changed files, declaration and native-preview surfaces, and command contract entries | TypeScript source, declarations, compiler config, exports, tests, native-preview comparison notes, and directly synchronized docs | weakened type safety, module drift, public API drift, unverified declaration output, TypeScript 6 deprecation suppression, or native-preview over-adoption | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime, module, type, public API, compiler-version, and native-preview boundary checked, changes made, verification, and remaining TypeScript risk |
|
|
134
143
|
| JavaScript source, module format, package entry, browser or Node runtime, dependency usage, Promise handling, bundler config, or JavaScript tests are created or changed | `.mustflow/skills/javascript-code-change/SKILL.md` | Package metadata, module system, runtime target, entrypoints, changed files, and command contract entries | JavaScript source, package exports, bundler config, dependencies, tests, and docs examples | runtime API leakage, ESM/CJS drift, discarded Promise, dependency bloat, or broken package entry | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime and module boundary checked, async and dependency notes, verification, and remaining JavaScript risk |
|
|
135
144
|
| Python source, package metadata, runtime version, import layout, type checking, linting, CLI entry points, or tests are created or changed | `.mustflow/skills/python-code-change/SKILL.md` | Python version source, packaging files, import layout, lint/type/test config, changed files, and command contract entries | Python source, packaging metadata, imports, type hints, tests, and docs examples | unsupported syntax, import hacks, packaging drift, swallowed errors, or weakened lint/type checks | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime, packaging, import, and type boundary checked, verification, and remaining Python risk |
|
|
136
|
-
| Go source, modules, package APIs, interfaces, errors, goroutines, channels, context propagation, tests, or generated-code boundaries are created or changed | `.mustflow/skills/go-code-change/SKILL.md` | Module files, full package files, tests, public API surface, concurrency owner, changed files, and command contract entries | Go packages, module metadata, interfaces, errors, concurrency code, tests, and docs examples | unnecessary abstraction, context loss, goroutine leak, error contract drift, or module drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Package, API, context, concurrency, and error boundary checked, verification, and remaining Go risk |
|
|
137
|
-
| Rust source, Cargo metadata, features, traits, errors, ownership, async runtime, unsafe code, tests, examples, or public crate APIs are created or changed | `.mustflow/skills/rust-code-change/SKILL.md` | Cargo metadata, feature flags, public exports, async runtime, unsafe invariants, changed files, and command contract entries | Rust source, Cargo metadata, features, errors, traits, tests, examples, and docs | clone or lock bloat, feature drift, async runtime mixing, unsafe invariant loss, or public API breakage | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Ownership, feature, async, unsafe, and public API boundary checked, verification, and remaining Rust risk |
|
|
145
|
+
| Go source, modules, package APIs, interfaces, errors, goroutines, channels, context propagation, HTTP clients or servers, reverse proxies, JSON encoding, filesystem roots, network addresses, runtime limits, benchmarks, tools, tests, or generated-code boundaries are created or changed | `.mustflow/skills/go-code-change/SKILL.md` | Module files, Go version support, full package files, tests, public API surface, concurrency owner, runtime/deployment context, changed files, and command contract entries | Go packages, module metadata, interfaces, errors, concurrency code, HTTP/proxy code, JSON encoding, filesystem and network helpers, runtime settings, tests, tools, and docs examples | unnecessary abstraction, unsupported Go feature, context loss, goroutine leak, missing timeout, JSON contract drift, filesystem traversal, IPv6 host-port bug, runtime tuning drift, error contract drift, or module drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Package, API, Go version, context, concurrency, runtime, HTTP, JSON, filesystem, tool, and error boundary checked, verification, and remaining Go risk |
|
|
146
|
+
| Rust source, Cargo metadata, features, traits, errors, ownership, async runtime, unsafe code, tests, examples, benchmarks, release profiles, MSRV, toolchain declarations, standard-library APIs, or public crate APIs are created or changed | `.mustflow/skills/rust-code-change/SKILL.md` | Cargo metadata, feature flags, public exports, async runtime, unsafe invariants, `rust-version`, edition, toolchain, workspace policy, changed files, and command contract entries | Rust source, Cargo metadata, features, errors, traits, tests, examples, benchmarks, profiles, and docs | clone or lock bloat, unsupported Rust feature, feature drift, Cargo resolver drift, async runtime mixing, unsafe invariant loss, release-profile overclaim, or public API breakage | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Ownership, MSRV, standard-library API, Cargo feature, async, unsafe, release-profile, and public API boundary checked, verification, and remaining Rust risk |
|
|
138
147
|
| Dart source, pub package metadata, null safety, Futures, Streams, isolates, analyzer lints, tests, CLI entry points, or public package APIs are created or changed | `.mustflow/skills/dart-code-change/SKILL.md` | Pub metadata, analyzer config, public exports, async ownership, package layout, changed files, and command contract entries | Dart source, pub metadata, exports, async code, tests, examples, and docs | null-safety bypass, discarded Future, uncanceled Stream, isolate ownership drift, or public API breakage | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Nullability, async, stream, isolate, and API boundary checked, verification, and remaining Dart risk |
|
|
139
148
|
| Hono apps, routes, middleware, validators, RPC clients, bindings, context variables, auth boundaries, or runtime adapters are created or changed | `.mustflow/skills/hono-code-change/SKILL.md` | App entry, runtime adapter, route modules, middleware, binding types, schemas, client types, changed files, and command contract entries | Hono routes, middleware, validators, bindings, RPC types, tests, and docs examples | runtime API mixing, middleware order bug, auth gap, response envelope drift, or broken typed route inference | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime, middleware, validation, auth, and response boundary checked, verification, and remaining Hono risk |
|
|
140
149
|
| Elysia routes, schemas, plugins, decorators, derives, guards, auth, error handling, OpenAPI output, Eden clients, or Bun server behavior are created or changed | `.mustflow/skills/elysia-code-change/SKILL.md` | Server entry, route modules, schemas, plugins, auth, error handling, OpenAPI or Eden surface, changed files, and command contract entries | Elysia routes, schemas, plugins, generated clients, tests, and docs examples | schema/type drift, context inference loss, auth gap, inconsistent error envelope, or stale OpenAPI/Eden output | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Schema, validation, type inference, auth, error, and client contract checked, verification, and remaining Elysia risk |
|
|
141
150
|
| Source anchors are added, revised, reviewed, or used to mark a module boundary | `.mustflow/skills/source-anchor-authoring/SKILL.md` | Target files, anchor reason, nearby anchors, source-anchor policy, and validation surface | Source anchors and directly related workflow docs or comments | comment bloat, authority drift, false verification claims, or hidden module pressure | `mustflow_check`, `docs_validate_fast` | Anchor placement decision, field choices, module-boundary handoff, and verification |
|
|
142
151
|
| Changed files need risk classification and verification selection | `.mustflow/skills/diff-risk-review/SKILL.md` | Changed-file list, diff summary, and task goal | Changed surfaces and verification report | under- or over-verification | `changes_status`, `changes_diff_summary`, `test`, `test_related`, `test_audit`, `lint`, `build`, `docs_validate`, `mustflow_check` | Risk level, verification choice, rollback notes |
|
|
143
|
-
| Runtime performance, hot paths, user-perceived latency, p95/p99 tail latency, throughput, infrastructure cost, memory, GC pressure, CPU cache locality, allocation churn, bundle size, payload size, media loading, build time, filesystem scanning, process spawning, IPC/RPC/DB/API fan-out, N+1 work, repeated filtering/sorting/parsing/serialization, caching, pagination, queues, virtualization, backpressure, or performance claims are planned, edited, reviewed, or reported | `.mustflow/skills/performance-budget-check/SKILL.md` | Performance surface, hot-path shape, input scale, measurement method, baseline and result when available, correctness boundaries, isolation surface, and command contract entries | Data access, lookup indexes, grouping, projection, batching, scheduling, rendering, cache boundaries, queues, concurrency limits, cancellation, measurements, docs, tests, and directly synchronized templates | invented budgets, stale measurements, hidden O(n²), misleading Big-O or data-structure claims, N+1 queries or RPC, unbounded materialization, repeated serialization, object churn, GC pressure, broad rerender, cache stampede, key explosion, queue backlog, pool exhaustion, stale async result, or speed-over-correctness tradeoff | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Hot path, ROI priority, cost multiplier, measurement or complexity evidence, semantic preservation, optimization applied, verification, and remaining performance risk |
|
|
152
|
+
| Runtime performance, hot paths, user-perceived latency, p95/p99 tail latency, throughput, infrastructure cost, memory, GC pressure, CPU cache locality, allocation churn, bundle size, payload size, HTTP delivery, compression, streaming latency, media loading, build time, filesystem scanning, process spawning, IPC/RPC/DB/API fan-out, N+1 work, repeated filtering/sorting/parsing/serialization, caching, pagination, queues, virtualization, backpressure, or performance claims are planned, edited, reviewed, or reported | `.mustflow/skills/performance-budget-check/SKILL.md` | Performance surface, hot-path shape, input scale, measurement method, baseline and result when available, correctness boundaries, isolation surface, and command contract entries | Data access, lookup indexes, grouping, projection, batching, scheduling, rendering, cache boundaries, queues, concurrency limits, cancellation, measurements, docs, tests, and directly synchronized templates | invented budgets, stale measurements, hidden O(n²), misleading Big-O or data-structure claims, N+1 queries or RPC, unbounded materialization, repeated serialization, object churn, GC pressure, broad rerender, false compression win, buffered stream latency, cache stampede, key explosion, queue backlog, pool exhaustion, stale async result, or speed-over-correctness tradeoff | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Hot path, ROI priority, cost multiplier, measurement or complexity evidence, semantic preservation, optimization applied, verification, and remaining performance risk |
|
|
144
153
|
| New feature, ambiguous or complex design request, pre-implementation design gate, module, folder layout, architecture, scaffold, refactor, routing, data model, frontend/backend/database/infrastructure choice, database engine choice, managed database extension choice, auth identity ownership, public URL contract, data residency policy, runtime patchability, runtime portability, global-ready locale/country/currency/timezone/money model, server-side authorization boundary, file upload or storage strategy, API response contract, content-heavy product, semantic content blocks, filter URL policy, admin operation model, cache strategy, content lifecycle, asset strategy, claim or fact registry, content graph, source collection flow, user-state layer, core/application/delivery/infra boundary, framework-magic boundary, core versus auxiliary path boundary, operational versus analytics boundary, HTTP-to-worker boundary, job or outbox model, backup/restore assumption, vendor or platform exit path, external-service truth ownership, search/queue/log/analytics portability, operational reproducibility, observability identifier flow, deployment-state portability, CI/CD dashboard dependency, ecosystem or maintainer-risk placement, multi-server state boundary, vertical-to-horizontal scaling boundary, AI usage cost boundary, AI gateway hard-limit boundary, pricing-growth boundary, failure-isolation boundary, or external service integration may require hidden structure decisions before coding | `.mustflow/skills/structure-discovery-gate/SKILL.md` | User request, intended capability, design gate classification, restated requirement, success criteria, non-goals, compatibility boundaries, hidden assumptions, named technologies or services, future content/API/rendering/data assumptions, database operating-shape assumptions, managed database feature assumptions, identity and provider-id assumptions, public URL assumptions, data location assumptions, runtime patch and portability assumptions, delivery/application/core/infra assumptions, global data assumptions, authorization assumptions, file-storage assumptions, source/provenance assumptions, lifecycle/asset/claim assumptions, user-state assumptions, admin/cache assumptions, core path and auxiliary path assumptions, async work assumptions, restore assumptions, vendor exit and replacement assumptions, external-service source-of-truth assumptions, search/queue/log/analytics reconstruction assumptions, operating-state reproduction assumptions, observability identifier assumptions, CI/CD reproducibility assumptions, dependency ecosystem and maintainer assumptions, pricing value/cost unit assumptions, failure-policy assumptions, AI gateway or cost assumptions, and relevant local patterns | Questions, assumptions, proposed file boundaries, and the smallest resulting implementation | brittle structure, vendor-name leakage, migration debt, lock-in debt, provider-id leakage, raw storage URL leakage, weak data location proof, unpatchable runtime, runtime-specific core logic, framework business-rule coupling, SaaS-only core state, weak search or queue reconstruction, weak global data model, weak server authorization, process-memory state leak, untracked AI cost, provider-budget-only AI protection, value/cost pricing mismatch, hidden dashboard deployment state, fragile single-maintainer core dependency, hidden operating state, broken traceability, file/storage drift, screen-shaped API coupling, core-path coupling, retry or worker coupling, unbounded failure radius, over-questioning, or speculative abstraction | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Design gate classification, restated requirement, success criteria, blocking questions, recommended defaults, assumptions, proposed files and responsibilities, upfront versus deferred structure decisions, borrowed service versus owned contract boundary, dependency direction, database, identity, public URL, data residency, runtime patchability and portability, global data, authorization, file-storage, API, vendor exit, external-service truth ownership, search/queue/log/analytics portability, operational reproducibility, CI/CD reproducibility, dependency risk, observability identity flow, pricing value/cost boundary, AI gateway boundary, core/application/delivery/infra boundaries, core and auxiliary boundaries, async work boundary, local pattern, verification, and remaining structure risk |
|
|
145
154
|
|
|
146
155
|
### Tests and Regression
|
|
@@ -184,9 +193,9 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
184
193
|
| Database migration files, schema migration history, ORM schema migrations, generated clients, schema dumps, SQL snapshots, backfills, rolling deploy compatibility, expand-and-contract changes, destructive database changes, migration rollback claims, or production database migration procedures are created, changed, reviewed, or reported | `.mustflow/skills/database-migration-change/SKILL.md` | Source schema, target schema, migration files, migration history, generated clients, schema dumps, SQL snapshots, affected queries, deployment shape, database engine, table size or lock assumptions, backfill plan, rollback type, validation query, and command contract entries | Migration files, ORM schemas, generated clients, schema dumps, SQL snapshots, backfill code, validation checks, seeds, fixtures, compatibility code, docs, tests, and directly synchronized examples | data loss, drop-plus-add rename, old/new app incompatibility, unsafe rolling deploy, unbounded backfill, production lock, generated-client drift, migration-history drift, false rollback claim, ORM autogenerate mistake, or destructive contract mixed with expand phase | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Migration phase, old/new schema compatibility, backfill and validation plan, rollback classification, ORM/generated/schema dump surfaces, dependent surfaces, verification, and remaining database-migration risk |
|
|
185
194
|
| SQLite-specific schema, query, transaction, migration, indexing, extension, WAL, local-file persistence, embedded database, mobile database, browser OPFS/WASM SQLite, cache index, or SQLite runtime behavior is created, changed, reviewed, or reported | `.mustflow/skills/sqlite-code-change/SKILL.md` | SQLite role, runtime and binding, file ownership, storage medium, concurrency shape, schema/type rules, query/index evidence, migration and recovery needs, changed files, and command contract entries | SQLite schema, queries, connection setup, transactions, pragmas, indexes, migrations, fixtures, tests, docs, and directly synchronized templates | wrong runtime assumption, file-lock surprise, WAL overclaim, network filesystem risk, disabled foreign keys, weak type constraints, unsafe raw SQL, query-plan overclaim, sidecar-file data loss, failed migration rebuild, or unverified backup/restore | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | SQLite runtime, storage, WAL/concurrency, schema/type/constraint, query/index, migration, backup/restore, verification, and remaining SQLite risk |
|
|
186
195
|
| PostgreSQL-specific schema, query, transaction, migration, indexing, extension, role, row-level security, connection pooling, replication, backup, restore, managed Postgres, or Postgres runtime behavior is created, changed, reviewed, or reported | `.mustflow/skills/postgresql-code-change/SKILL.md` | PostgreSQL role, version, provider, extension inventory, topology, pooler, schema/type rules, query-plan evidence, transaction/retry rules, migration and recovery needs, changed files, and command contract entries | PostgreSQL schema, queries, migrations, generated SQL, connection setup, pool settings, roles, RLS policies, extensions, tests, docs, and directly synchronized templates | version drift, provider constraint miss, connection storm, lock or rewrite surprise, unsafe online DDL claim, bad pooler assumption, RLS bypass, search-path risk, extension drift, stale replica read, query-plan overclaim, or unverified restore | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | PostgreSQL version/topology, pooling, lock/transaction, schema/type/RLS/role, query/index/statistics, backup/restore, verification, and remaining PostgreSQL risk |
|
|
187
|
-
| Dependency versions, lockfiles, package-manager metadata, workspace constraints, runtime engines, peer dependencies, optional dependencies, security advisory fixes, generated dependency output, framework plugins, CI actions, Docker base images, package manager behavior, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported | `.mustflow/skills/dependency-upgrade-review/SKILL.md` | Dependency name, old and new versions or ranges, direct or transitive path, ecosystem and package manager, declaration files, lockfiles, runtime or toolchain files, advisory or release-note evidence, generated outputs, callers, docs, package output, Docker or
|
|
196
|
+
| Dependency versions, lockfiles, package-manager metadata, workspace constraints, runtime engines, peer dependencies, optional dependencies, security advisory fixes, generated dependency output, framework plugins, TypeScript compiler tracks, CI actions, Docker base images, package manager behavior, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported | `.mustflow/skills/dependency-upgrade-review/SKILL.md` | Dependency name, old and new versions or ranges, direct or transitive path, ecosystem and package manager, declaration files, lockfiles, runtime or toolchain files, advisory or release-note evidence, generated outputs, callers, docs, package output, Docker, CI, or TypeScript compiler-track surfaces, and command contract entries | Package declarations, lockfiles, generated outputs, compatibility code, tests, docs, package metadata, Docker or CI files, TypeScript compiler-track notes, and directly synchronized examples | lockfile churn, hidden transitive replacement, peer or engine break, module-format drift, native or optional package break, framework or generator output drift, unsafe broad security update, weakened tests, Docker or CI runtime drift, native-preview over-adoption, or unreviewed supply-chain change | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Upgrade reason, ecosystem surface, direct and transitive graph changes, compatibility classification, runtime/peer/engine/module/feature/platform/generated-output/compiler-track risks, synchronized surfaces, verification, and remaining dependency-upgrade risk |
|
|
188
197
|
| Dependency, package, runtime, framework, tool, command, plugin, service, platform capability, supported-version policy, security patch path, ecosystem maturity claim, maintainer-risk assumption, runtime portability claim, edge or serverless compatibility claim, critical-path library choice, package script, lifecycle hook, binary download, lockfile, audit result, or supply-chain-sensitive dependency surface is assumed, added, removed, imported, invoked, installed, audited, or documented | `.mustflow/skills/dependency-reality-check/SKILL.md` | Assumed dependency or capability, declaration files, version or feature expectation, role criticality, supported-version or end-of-life evidence, patchability expectation, runtime compatibility boundary, maintainer and ecosystem evidence when available, lockfile entry, package script or lifecycle hook, audit or provenance evidence, and relevant command intents | Package metadata, lockfiles, imports, scripts, command contracts, docs, tests, runtime policy notes, portability notes, and reports | unavailable dependency, hallucinated or lookalike package, fragile single-maintainer core dependency, experimental technology in a survival path, unsupported runtime, unclear security patch path, runtime-specific API leakage into core logic, stale version claim, lifecycle script risk, audit suppression, lockfile drift, or install guidance mismatch | `changes_status`, `changes_diff_summary`, `build`, `test_release`, `mustflow_check` | Dependency checked, ecosystem and maintainer-risk boundary reviewed, supported-version, patchability, and runtime-portability boundary reviewed, supply-chain surface reviewed, declarations synchronized, verification, and remaining dependency risk |
|
|
189
|
-
| Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, floating-tag drift, or unverified security/support claim | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Versioned surfaces checked, repository policy and freshness source, selected version track, compatibility classification, approval need, synchronized surfaces, verification, and remaining version-freshness risk |
|
|
198
|
+
| Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, TypeScript compiler-track references, Rust release or MSRV references, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, TypeScript compiler track or Rust MSRV/toolchain track when relevant, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, TypeScript beta/native-preview track confusion, Rust stable/nightly/MSRV confusion, floating-tag drift, or unverified security/support claim | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Versioned surfaces checked, repository policy and freshness source, selected version track, compatibility classification, TypeScript stable/beta/native-preview and Rust stable/nightly/MSRV split when relevant, approval need, synchronized surfaces, verification, and remaining version-freshness risk |
|
|
190
199
|
| External systems, protocols, SDKs, databases, webhooks, queues, files, object storage, signed upload or download URLs, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, or provider data cross the core boundary or need port/adapter translation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, reconciliation, security, core-state ownership, vendor portability, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, delivery boundary, internal use case, local port/adapter patterns, provider risk, provider failure policy, core-state ownership risk, vendor portability risk, observability identifier policy, API contract risk, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, response mappers, telemetry mappers, timeout and retry policies, circuit breakers, bulkhead boundaries, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, framework business-rule leakage, telemetry backend leakage, storage-key leakage, screen-shaped API coupling, pass-through wrapper, SaaS dashboard as truth source, search or analytics policy leakage, queue contract leakage, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, missing circuit breaker, missing bulkhead, unresolved unknown provider outcome, broken identifier propagation, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, delivery adapter responsibility, internal port, provider containment, core-state ownership, vendor portability, validation and mapping, API response mapping, observability identifier flow, timeout/retry/circuit-breaker/bulkhead/idempotency handling, reconciliation behavior, security notes, verification, and remaining provider risk |
|
|
191
200
|
| Tauri frontend invokes, Rust commands, capabilities, permissions, scopes, plugins, filesystem, dialog, shell, opener, updater, sidecar, or mobile native permissions are created or changed | `.mustflow/skills/tauri-code-change/SKILL.md` | Frontend call sites, Tauri config, Rust commands, capability and permission files, plugin config, changed files, and command contract entries | Tauri frontend, Rust commands, capabilities, permissions, scopes, plugins, tests, and docs | broad native permission, untrusted IPC input, filesystem escape, shell or updater risk, or WebView/native boundary drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | IPC, permission, scope, filesystem, shell, updater, and native boundary checked, verification, and remaining Tauri risk |
|
|
192
201
|
| File path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, clone or checkout destinations, scaffold roots, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, or package artifact paths are created, changed, reviewed, or reported | `.mustflow/skills/file-path-cross-platform-change/SKILL.md` | Path ledger, trust classes, accepted path representation, base root, path helpers, safe filesystem wrappers, clone/checkout/scaffold/install/extract outputs, staging and promotion policy, temp/cache helpers, lock policy, archive policy, upload/download policy, scanner policy, CLI/API/schema/snapshot/generated/package surfaces, platform expectations, failure taxonomy, and command contract entries | Path validators, helpers, wrappers, schemas, CLI/API parsing, snapshots, fixtures, docs, tests, generated-output paths, package artifact paths, clone or scaffold destinations, archive extraction, scanner bounds, temp/cache handling, locks, and cleanup code | path traversal, base containment bypass, drive-relative path bug, reserved-name bug, case-collision bug, Unicode-collision bug, Git checkout path-length failure misreported as network or auth, unsafe archive extraction, non-atomic write claim, stale lock, scanner loop, partial-output cleanup data loss, user-selected destination deletion, path contract drift, or package artifact path drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path contract, path ledger, trust classes, root policy, preflight/staging/promotion decisions, Windows/macOS/Linux/archive/upload/download/scanner/lock/temp/cache/atomic/cleanup decisions, failure taxonomy, synchronized contract surfaces, verification, and remaining path risk |
|
|
@@ -202,6 +211,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
202
211
|
| Generated artifacts, packaged files, binary assets, reports, or downloadable outputs are created, referenced, or reported | `.mustflow/skills/artifact-integrity-check/SKILL.md` | Artifact paths, source or generation path, package rules, and artifact expectations | Artifact references, package metadata, tests, and documentation | unverified or stale artifact claim | `changes_status`, `changes_diff_summary`, `test_release`, `build`, `mustflow_check` | Artifact evidence, inclusion or format checks, skipped checks, and integrity risk |
|
|
203
212
|
| A dense plan, suggestion, code explanation, review result, flow map, or decision set would be easier to inspect as a safe static HTML review artifact | `.mustflow/skills/visual-review-artifact/SKILL.md` | User request, artifact goal, target audience, source evidence, output path, and relevant command contract entries | Temporary `.mustflow/state/artifacts/**` output or explicitly requested versioned HTML artifact, plus direct references, docs, or package metadata | unsafe HTML behavior, prompt injection, unverified artifact claim, or mistaken approval authority | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Artifact kind and path, source evidence, review-only boundary, local interactions, verification, skipped checks, and remaining decision risk |
|
|
204
213
|
| Conversational AI, chat, copilot, prompt, multimodal input, streaming generation, citation, feedback, or conversation-history UI is planned, edited, reviewed, or reported | `.mustflow/skills/llm-service-ux-review/SKILL.md` | LLM service surface, user task, interaction mode, input-to-reset path, latency/source/privacy constraints, and command contract entries | Prompt, attachment, generation, output, citation, feedback, history, reset, error, accessibility, docs, templates, and reports | loss of user control, fake progress, unverifiable source claims, hidden privacy risk, decorative prompt UX, or unverified visual claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | LLM UX surface reviewed, input/waiting/output/recovery states checked, control and citation boundaries, skipped checks, and remaining LLM UX risk |
|
|
214
|
+
| Frontend navigation flicker, theme flash, FOUC, hydration flash, blank first render, unstable loading shell, route transition jank, state loss across navigation, or first-paint instability is reported, created, edited, reviewed, or verified | `.mustflow/skills/frontend-render-stability/SKILL.md` | Symptom, affected routes, framework and version signals, root shell, links/router, theme init, root CSS, font/media loading, data-loading owner, and configured verification entries | Root HTML, layouts, router links/config, early theme scripts, root CSS, theme tokens, skeletons, hydration boundaries, route data loaders, directly tied tests, docs, and templates | masked full document reload, late theme application, hydration mismatch, client-only first data, loading layout shift, duplicate view-transition names, reduced-motion regression, or false visual proof | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `docs_validate_fast`, `mustflow_check` | Symptom phase, evidence inspected, instability layer found or ruled out, framework-specific skills used, files changed, verification, skipped visual checks, and remaining render-stability risk |
|
|
205
215
|
| User-facing UI, dashboard, settings, navigation, form, copy, responsive layout, accessibility, visual geometry, interaction flow, or visual state changes are planned, edited, reviewed, or reported | `.mustflow/skills/ui-quality-gate/SKILL.md` | Changed UI surface, user task, interaction path, existing patterns, state combinations, localization rules, content stress cases, geometry-sensitive component facts, and command contract entries | UI controls, labels, states, layout constraints, geometry contracts, accessibility attributes, localization hooks, task-flow recovery, docs, templates, and reports | decorative UI drift, inaccessible controls, icon/text misalignment, overflow or layout breakage, missing empty/error/permission recovery, or unverified visual claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | UI surface reviewed, states checked, geometry/layout/accessibility/localization/recovery notes, skipped visual checks, and remaining UI risk |
|
|
206
216
|
| HTML, templates, component markup, forms, controls, dialogs, navigation, tables, media, metadata, SEO head content, or structured data are created or changed | `.mustflow/skills/html-code-change/SKILL.md` | Page shell, markup patterns, form/control components, metadata source, changed files, and command contract entries | HTML and template markup, metadata, forms, interactive controls, tests, and docs examples | invalid semantics, inaccessible control, broken focus path, metadata drift, or invalid browser markup | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Semantic, form, focus, metadata, and validation boundary checked, verification, and remaining HTML risk |
|
|
207
217
|
| CSS, Sass, Less, CSS Modules, CSS-in-JS, global styles, design tokens, layout, responsive behavior, focus styles, animation, color, or component styling are created or changed | `.mustflow/skills/css-code-change/SKILL.md` | Global CSS, tokens, component styles, parent layout, browser targets, changed files, and command contract entries | CSS, design tokens, component styles, responsive rules, tests, and docs examples | specificity escalation, token bypass, contrast failure, motion issue, layout shift, or browser incompatibility | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Cascade, token, responsive, accessibility, and layout-stability boundary checked, verification, and remaining CSS risk |
|
|
@@ -217,6 +227,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
217
227
|
| Trigger | Skill Document | Required Input | Edit Scope | Risk | Verification Intents | Expected Output |
|
|
218
228
|
| --- | --- | --- | --- | --- | --- | --- |
|
|
219
229
|
| Architecture, module boundaries, codebase structure, structural improvement, codebase deepening, or testability needs review before choosing a refactor or abstraction | `.mustflow/skills/architecture-deepening-review/SKILL.md` | Target area, structural pain, local patterns, behavior evidence, current changed files, and command contract entries | Review notes, ranked structure candidates, and at most one scoped structural follow-up when requested | speculative abstraction, broad rewrite, pattern-first design, hidden behavior change, or unverified structure claim | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Review target, evidence, candidate scores, selected next action, narrower skill choice, verification, and remaining architecture risk |
|
|
230
|
+
| Service boundaries, modular-monolith boundaries, bounded contexts, team ownership, data ownership, source-of-truth maps, event or queue boundaries, multi-tenant isolation, failure flows, operational recovery, or large-scale architecture split decisions are designed, reviewed, or changed | `.mustflow/skills/service-boundary-architecture/SKILL.md` | Candidate domains, owners, data truth map, communication paths, shared database or cache coupling, failure flows, idempotency, queue/retry/dead-letter behavior, cache consistency, tenant/auth/audit boundaries, observability, deployment, migration, retention, operations tools, and command contract entries | Architecture docs, decision records, context files, boundary source, API/event/queue/cache/read-model contracts, operational runbooks, tests, and directly synchronized docs or templates | noun-first service split, shared database coupling, unknown data owner, happy-path-only design, retry storm, queue backlog with no owner, cache as accidental authority, tenant leak, command-like events, missing observability, unsafe migration, or manual recovery without audit | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary checked, data owners, failure/idempotency/queue/cache/event notes, tenant/auth/retention/observability/deployment/operations notes, verification, and remaining service-boundary risk |
|
|
220
231
|
| Code is being refactored, reorganized, renamed, deduplicated, simplified, or structurally improved while existing behavior should be preserved | `.mustflow/skills/behavior-preserving-refactor/SKILL.md` | Refactoring goal, target area, behavior evidence, local patterns, current changed files, and command contract entries | Small behavior-preserving refactor steps, related tests, and directly synchronized docs or contracts | hidden behavior change, broad cleanup, misleading abstraction, unsafe deduplication, or unverified legacy change | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Goal, behavior evidence, structural risks, refactoring ladder, changes made, excluded behavior changes, verification, and remaining risks |
|
|
221
232
|
| Class inheritance, base classes, abstract classes, template methods, protected state, mixins, framework subclasses, or subtype hierarchies are introduced, reviewed, or refactored, especially for behavior reuse or feature variants | `.mustflow/skills/composition-over-inheritance/SKILL.md` | Inheritance surface, reuse goal, change dimensions, local composition patterns, compatibility constraints, current changed files, and command contract entries | Classes, functions, role interfaces, policies, strategies, adapters, decorators, state machines, tests, wrappers, and directly synchronized docs or templates | fragile parent-child coupling, subclass explosion, broken substitutability, hidden protected state, over-composition, or untested behavior-preserving refactor | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Inheritance review, keep-or-replace decision, change dimensions, composition pattern, tests, verification, and remaining hierarchy risk |
|
|
222
233
|
| Multiple interchangeable algorithms, policies, calculations, scoring methods, sorting methods, recommendation methods, pricing rules, discount rules, shipping methods, payment methods, notification methods, permission policies, provider choices, feature-flag variants, or repeated branches choose how to do the same kind of work | `.mustflow/skills/strategy-pattern/SKILL.md` | Stable workflow, variants and shared purpose, current branch locations, common input and output shape, selection criteria, local Result, dependency injection, decorator, registry, and test patterns, current changed files, and command contract entries | Strategy function types, interfaces, concrete strategies, selectors, resolvers, registries, decorators, context wiring, tests, and directly synchronized docs or templates | over-abstracted small branch, wrong use-case grouping, context knowing concrete strategies, silent fallback, unsafe user-selected strategy, request-stateful strategy, strategy combination explosion, or untested selector behavior | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Strategy classification, shared contract, strategy registry, selector or resolver, default and unsupported-key behavior, tests, verification, and remaining strategy risk |
|
|
@@ -235,6 +246,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
235
246
|
| Multiple AI workers, subagents, external agents, parallel task runners, or worktree-based worker roles are planned or used for one repository task | `.mustflow/skills/multi-agent-work-coordination/SKILL.md` | Task goal, worker roles, write permissions, file ownership, workspace isolation, credential boundary, merge owner, and command contract entries | Coordination plan, worker instructions, ownership boundaries, merge notes, and directly synchronized tests or docs | same-file races, conflicting instructions, leaked credentials, shared auth cache, untrusted worker output, merge drift, or unverified parallel result | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Worker limit, role map, write ownership, isolation and credential boundaries, merge owner, verification, skipped checks, and remaining coordination risk |
|
|
236
247
|
| Brainstorming, option comparison, outside AI advice, planning notes, or loose proposals need evidence-based apply, defer, reject, or research decisions before implementation | `.mustflow/skills/idea-triage/SKILL.md` | User goal, idea list or recommendation, current repository evidence, constraints, and decision mode | Analysis, roadmap entries, and at most one selected follow-up when requested | idea spam, speculative roadmap, current-behavior claims for deferred work, or ungrounded prioritization | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `mustflow_check` | Decision mode, evidence, constraints, option decisions, selected next action, verification needs, and remaining uncertainty |
|
|
237
248
|
| Repository improvement, audit, prioritization, stabilization, polish, onboarding, contributor-readiness, production-readiness, or iterative improvement is requested without a single predetermined edit | `.mustflow/skills/repo-improvement-loop/SKILL.md` | User goal, improvement mode, repository evidence, candidate risks, current changed files, and command contract entries | Repository diagnosis, ranked candidates, and at most one scoped improvement cycle unless the user explicitly requests analysis-only | idea spam, ungrounded prioritization, autonomous loop drift, broad rewrite, or unverified improvement claim | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Mode, evidence inspected, scored candidates, selected improvement, files changed or analysis-only note, verification, next improvement question, and stop reason |
|
|
249
|
+
| Current repository evidence reveals a scope-adjacent bug, missing test, stale synchronized surface, public-contract drift, security or privacy exposure, data-loss risk, brittle error handling, concurrency risk, operational risk, or UX inconsistency outside the literal request | `.mustflow/skills/proactive-risk-surfacing/SKILL.md` | Literal user request, current evidence, risk relationship, severity, expected edit size, authority boundary, and verification options | Fix-or-report decision, small related fixes, focused tests or synchronized surfaces, and final proactive risk notes | scope creep, speculative cleanup, hidden broad refactor, ignored high-severity risk, or false completion claim | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Candidate decisions: fix now, report only, ask first, or ignore; files changed, verification, and remaining proactive risks |
|
|
238
250
|
| A final report or completion claim needs current evidence for changed files, requirements, command receipts, skipped checks, synchronized surfaces, or remaining risks | `.mustflow/skills/completion-evidence-gate/SKILL.md` | User goal, changed-file evidence, skills used, verification results, skipped checks, synchronized surfaces, and remaining risks | Final report evidence and the smallest missing in-scope evidence surface only | false completion, stale receipts, hidden skipped checks, unsupported readiness claim, or contract drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `test_audit`, `lint`, `build`, `docs_validate_fast`, `docs_validate`, `test_release`, `mustflow_check` | Completion status, requirement evidence map, changed and synchronized surfaces, commands run, skipped checks, and final wording boundary |
|
|
239
251
|
| A task is incomplete, blocked, paused, resumed, handed off, context-compacted, or needs bounded restart evidence without storing raw logs, secrets, hidden reasoning, transcripts, or authority-changing summaries | `.mustflow/skills/restricted-handoff-resume/SKILL.md` | Current goal, latest controlling instruction, changed files, command intents run or skipped, verification evidence, blocker or next safe action, and handoff or retention policy | Final report handoff evidence or explicitly configured handoff surface only | stale summary treated as authority, hidden reasoning leak, secret leak, raw log storage, unrelated work history, or missing restart point | `changes_status`, `changes_diff_summary`, `mustflow_check` | Task status, files touched, commands run/skipped, stale-summary check, next safe action or blocker, excluded raw content, and remaining resume risk |
|
|
240
252
|
| Declared behavior must stay aligned across code, schemas, templates, tests, and docs | `.mustflow/skills/contract-sync-check/SKILL.md` | Changed files, intended behavior, source of truth, derived surfaces, and command contract entries | Contract source and required synchronized surfaces | contract drift | `changes_status`, `changes_diff_summary`, `docs_validate_fast`, `test_release`, `mustflow_check` | Contract source, synchronized surfaces, deferred surfaces, verification, and drift risk |
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.adapter-boundary
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 12
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: adapter-boundary
|
|
9
|
-
description: Apply this skill when external systems, protocols, SDKs, databases, managed database features, authentication providers, webhooks, queues, files, object storage, public URL contracts, signed upload or download URLs, CDN transform rules, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, AI gateway usage policy, AI provider cost and usage data, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, or provider data cross into or out of core logic and need ports, adapters, translation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, security, cost attribution, reconciliation, core-state ownership, vendor portability, or observability boundaries.
|
|
9
|
+
description: Apply this skill when external systems, protocols, SDKs, databases, managed database features, authentication providers, webhooks, queues, files, object storage, public URL contracts, signed upload or download URLs, CDN transform rules, HTTP delivery transports, SSE, WebTransport, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, AI gateway usage policy, AI provider cost and usage data, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, or provider data cross into or out of core logic and need ports, adapters, translation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, security, cost attribution, reconciliation, core-state ownership, vendor portability, or observability boundaries.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -37,11 +37,13 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
|
|
|
37
37
|
## Use When
|
|
38
38
|
|
|
39
39
|
- Code receives input from HTTP, CLI, webhooks, message queues, scheduled jobs, browser events, uploaded files, external databases, or external APIs.
|
|
40
|
+
- Code receives or emits streaming protocol data through EventSource, SSE, WebTransport, WebSocket, HTTP streaming responses, browser transport fallbacks, proxy-mediated delivery, or CDN-delivered content variants.
|
|
40
41
|
- Code calls external APIs, payment providers, email or SMS providers, file storage, object storage, databases, caches, search engines, analytics, AI models, queues, or browser storage.
|
|
41
42
|
- Code would let a provider dashboard, SDK object, search engine setting, queue product, email tag, analytics cohort, no-code automation, or hosted storage URL define core business state instead of only processing, storing, indexing, or displaying product-owned state.
|
|
42
43
|
- Code sends logs, metrics, traces, errors, request context, baggage, user context, job metadata, webhook metadata, or telemetry to an observability backend or passes those identifiers across HTTP, queue, cron, worker, or webhook boundaries.
|
|
43
44
|
- Code issues signed upload or download URLs, translates uploaded file metadata, maps storage keys, handles object-storage callbacks, or exposes file download responses.
|
|
44
45
|
- Code exposes file, image, avatar, attachment, export, or share URLs to browsers, emails, mobile apps, crawlers, Open Graph consumers, or API clients.
|
|
46
|
+
- Code maps delivery details such as content coding, stream events, datagram loss, reconnect ids, fallback transports, cache keys, or proxy/CDN behavior into application behavior.
|
|
45
47
|
- Code maps external authentication tokens, provider subjects, social identities, hosted auth metadata, managed database auth functions, or provider permission fields into the internal user, membership, entitlement, or authorization model.
|
|
46
48
|
- Code maps database rows, ORM entities, internal model fields, storage keys, or provider payloads into public, mobile, admin, integration, or internal web API responses.
|
|
47
49
|
- Provider SDK types, framework request or response objects, database rows, external event objects, raw model responses, or provider error types are visible in domain, application, service, or use-case code.
|
|
@@ -72,6 +74,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
|
|
|
72
74
|
- Provider-specific risk: write effects, duplicate delivery, unknown statuses, money, time, identifiers, secrets, personal data, files, untrusted URLs, rate limits, or provider version changes.
|
|
73
75
|
- Public contract risk: whether provider ids, raw storage URLs, bucket names, object keys, CDN query parameters, image-transform syntax, provider template ids, provider event names, or provider auth metadata would become visible in persisted content, API responses, emails, mobile apps, search indexes, or browser caches.
|
|
74
76
|
- Delivery contract risk: whether a server action, route handler, Web API adapter, edge function, queue consumer, CLI command, cron task, or admin operation should only parse/authenticate/map/call a use case, or whether it is currently becoming the place where business rules and provider calls live.
|
|
77
|
+
- HTTP delivery boundary risk: whether SSE events, WebTransport streams, datagrams, content-coding variants, browser fallback paths, CDN cache keys, or proxy buffering details are leaking into core use cases instead of staying in delivery adapters.
|
|
75
78
|
- Identity boundary risk: how provider subject ids, emails, token claims, user metadata, hosted-auth roles, and session state are normalized into app-owned user, organization, membership, and permission concepts.
|
|
76
79
|
- Dependency and provider replacement risk: whether the SDK or platform is on a survival path, how widely provider names and types would spread, what internal contract would preserve product meaning, and which provider features are acceptable to depend on directly.
|
|
77
80
|
- Core-state ownership risk: which customer, entitlement, consent, file, content, search, job, audit, or event facts must be represented in internal types and storage before or after the provider call.
|
|
@@ -90,6 +93,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
|
|
|
90
93
|
- The boundary direction and owner are clear enough to avoid putting provider names or external protocol terms into core logic.
|
|
91
94
|
- If the local layout is unfamiliar, use `pattern-scout` or `codebase-orientation` before introducing new folders or naming conventions.
|
|
92
95
|
- If the change also introduces hidden collaborators or concrete construction, use `dependency-injection` for that part of the work.
|
|
96
|
+
- If the change alters HTTP content coding, streaming flush behavior, SSE, WebTransport, WebSocket fallback, CDN/proxy behavior, or browser delivery compatibility, use `http-delivery-streaming` for the transport contract and keep this skill focused on core-boundary containment.
|
|
93
97
|
- If the integration is optional and disabled by explicit configuration, use `null-object-pattern` only when the neutral behavior is safe and honest; required providers must fail closed.
|
|
94
98
|
|
|
95
99
|
<!-- mustflow-section: allowed-edits -->
|
|
@@ -124,6 +128,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
|
|
|
124
128
|
- Map use-case results back to the protocol response.
|
|
125
129
|
- Keep pricing, permission decisions, state transitions, inventory policy, subscription policy, and other business rules in the application or domain layer.
|
|
126
130
|
- For server actions, route handlers, Web API adapters, edge functions, CLI commands, cron tasks, and worker handlers, keep framework-specific work to input parsing, trusted context creation, use-case invocation, response mapping, redirects, and cache invalidation. Move pricing, entitlement, payment, persistence orchestration, provider calls, and retry policy behind application commands or ports.
|
|
131
|
+
- For EventSource, SSE, WebTransport, WebSocket, and HTTP streaming adapters, translate protocol events into internal commands or read-model notifications. Keep event ids, reconnect tokens, datagram sequence numbers, fallback transport names, and proxy quirks out of core domain decisions unless they are explicitly product concepts.
|
|
127
132
|
5. Build outbound adapters as provider translators, not pass-through wrappers.
|
|
128
133
|
- Create provider requests from internal input.
|
|
129
134
|
- Set timeouts and retry policy where appropriate.
|
|
@@ -204,6 +209,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
|
|
|
204
209
|
- Ports are named in internal business language and expose only internal input, output, and error types.
|
|
205
210
|
- Provider dashboards, hosted settings, and SDK payloads do not become the only source for core business facts, search policy, queue failure policy, analytics event definitions, email customer state, or file ownership.
|
|
206
211
|
- Public URLs, provider identity claims, image variants, entitlement decisions, and AI policy decisions are represented as product-owned contracts before provider-specific syntax reaches callers.
|
|
212
|
+
- Streaming and delivery transport details such as SSE ids, WebTransport datagrams, content-coding variants, fallback paths, and CDN cache keys are contained at adapter boundaries before core logic receives product-level events or commands.
|
|
207
213
|
- Critical external SDKs are contained behind internal use-case contracts so provider names, SDK types, and dashboard assumptions do not spread through core logic.
|
|
208
214
|
- Inbound adapters validate and translate before calling use cases.
|
|
209
215
|
- Outbound adapters translate internal requests, provider responses, and provider failures before returning.
|
|
@@ -247,6 +253,7 @@ Prefer the narrowest configured test or build intent that proves the affected bo
|
|
|
247
253
|
- Boundary classified
|
|
248
254
|
- Internal port or use-case input selected
|
|
249
255
|
- Provider or protocol details contained
|
|
256
|
+
- HTTP delivery, streaming, and fallback transport details contained when relevant
|
|
250
257
|
- Public URL, identity, and provider-id details contained when relevant
|
|
251
258
|
- Inbound validation and translation handled
|
|
252
259
|
- Outbound request, response, and error mapping handled
|
|
@@ -0,0 +1,249 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.ai-generated-code-hardening
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: ai-generated-code-hardening
|
|
9
|
+
description: Apply this skill when AI-generated, assistant-authored, vibe-coded, or broad code changes need evidence-backed hardening against duplicate helpers or shapes, hidden coupling, weak tests, swallowed errors, excessive complexity, and boundary drift.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.ai-generated-code-hardening
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- test_related
|
|
19
|
+
- test_audit
|
|
20
|
+
- lint
|
|
21
|
+
- build
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# AI-Generated Code Hardening
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Use this skill to turn agent-written code from "looks plausible" into maintainable
|
|
33
|
+
repository code. The goal is not style cleanup. The goal is to catch the failure
|
|
34
|
+
modes that appear when an agent forgets the repository between sessions: duplicate
|
|
35
|
+
helpers, duplicate shapes, hidden coupling, weak tests, swallowed errors, accidental
|
|
36
|
+
public surfaces, and oversized functions or files.
|
|
37
|
+
|
|
38
|
+
<!-- mustflow-section: use-when -->
|
|
39
|
+
## Use When
|
|
40
|
+
|
|
41
|
+
- The current diff was substantially generated by an AI agent, copied from an
|
|
42
|
+
outside suggestion, or produced through broad assistant edits.
|
|
43
|
+
- A new helper, function, type, schema, DTO, fixture, adapter, or shape appears and
|
|
44
|
+
the repository may already have a single source of truth.
|
|
45
|
+
- The change may introduce hidden coupling through import direction, initialization
|
|
46
|
+
order, shared globals, side effects, circular dependencies, barrel exports, or
|
|
47
|
+
re-export drift.
|
|
48
|
+
- Tests were added or changed and may only check strings, function names, snapshots,
|
|
49
|
+
mocks, or implementation details instead of observable behavior.
|
|
50
|
+
- Error handling, fallback paths, defensive guards, or default values were added in
|
|
51
|
+
multiple callers instead of one boundary.
|
|
52
|
+
- New or changed functions/files are becoming hard to review because of excessive
|
|
53
|
+
nesting, god function growth, god file growth, fan-in concentration, or fan-out
|
|
54
|
+
sprawl.
|
|
55
|
+
|
|
56
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
57
|
+
## Do Not Use When
|
|
58
|
+
|
|
59
|
+
- The task is a tiny mechanical edit with no new behavior, helpers, shapes, tests,
|
|
60
|
+
imports, or error handling.
|
|
61
|
+
- The task is purely a code review with no edits; use `code-review` as the main
|
|
62
|
+
skill and add this skill only when AI-generated-code failure modes are concrete.
|
|
63
|
+
- The task is deciding the first architecture boundary for new behavior; use
|
|
64
|
+
`structure-first-engineering` first, then this skill as a hardening pass if code
|
|
65
|
+
is generated or broad.
|
|
66
|
+
- The task is adopting an outside tool, plugin, command, or CI rule; use
|
|
67
|
+
`external-skill-intake`, `command-intent-mapping-gate`, or
|
|
68
|
+
`command-contract-authoring` as appropriate before adding commands or rules.
|
|
69
|
+
|
|
70
|
+
<!-- mustflow-section: required-inputs -->
|
|
71
|
+
## Required Inputs
|
|
72
|
+
|
|
73
|
+
- User goal and changed files or expected edit scope.
|
|
74
|
+
- Current diff, or the files likely to be changed.
|
|
75
|
+
- Existing helpers, public types, schemas, DTOs, fixtures, adapters, utilities, and
|
|
76
|
+
domain shapes near the change.
|
|
77
|
+
- Import and export paths for touched modules, including barrels and public package
|
|
78
|
+
entrypoints when present.
|
|
79
|
+
- Existing error-handling conventions and the boundary where failures are meant to
|
|
80
|
+
become user-facing, logged, retried, or returned.
|
|
81
|
+
- Existing test style, edge-case coverage, and configured verification intents.
|
|
82
|
+
- Existing static analysis or lint rules, if any. Missing rules may be reported or
|
|
83
|
+
proposed, but this skill does not authorize adding new dependencies, CI gates, or
|
|
84
|
+
command contracts by itself.
|
|
85
|
+
|
|
86
|
+
<!-- mustflow-section: preconditions -->
|
|
87
|
+
## Preconditions
|
|
88
|
+
|
|
89
|
+
- The task matches the Use When conditions and does not match the Do Not Use When
|
|
90
|
+
exclusions.
|
|
91
|
+
- Higher-priority repository instructions, selected main-route skills, and
|
|
92
|
+
`.mustflow/config/commands.toml` have been checked for the current scope.
|
|
93
|
+
- The hardening concern is backed by current repository evidence or the current
|
|
94
|
+
diff, not by generic best-practice advice alone.
|
|
95
|
+
- The work can stay bounded to the touched code, directly synchronized surfaces,
|
|
96
|
+
focused tests, or report-only findings.
|
|
97
|
+
|
|
98
|
+
<!-- mustflow-section: allowed-edits -->
|
|
99
|
+
## Allowed Edits
|
|
100
|
+
|
|
101
|
+
- Replace duplicate new helpers, shapes, fixtures, or validators with existing
|
|
102
|
+
sources of truth.
|
|
103
|
+
- Extract or move code only around a clear local responsibility boundary.
|
|
104
|
+
- Flatten excessive nesting when behavior is unchanged and tests cover the path.
|
|
105
|
+
- Remove accidental re-exports or update synchronized public-surface contracts.
|
|
106
|
+
- Consolidate error handling into the owning boundary.
|
|
107
|
+
- Add focused behavior tests and edge-case tests tied to the current change.
|
|
108
|
+
- Update directly synchronized docs, templates, or route metadata when the hardening
|
|
109
|
+
change affects installed or public surfaces.
|
|
110
|
+
|
|
111
|
+
<!-- mustflow-section: procedure -->
|
|
112
|
+
## Procedure
|
|
113
|
+
|
|
114
|
+
1. Baseline the diff.
|
|
115
|
+
- Identify new functions, helpers, classes, types, schemas, DTOs, fixtures,
|
|
116
|
+
adapters, exported names, and test helpers.
|
|
117
|
+
- Separate intentional new concepts from possible duplicates.
|
|
118
|
+
- Note which files are production code, test code, generated code, public
|
|
119
|
+
contract files, or installed templates.
|
|
120
|
+
|
|
121
|
+
2. Check repository memory discontinuity.
|
|
122
|
+
- Search for existing helpers, types, schemas, shapes, fixtures, and validators
|
|
123
|
+
before accepting a new one.
|
|
124
|
+
- Prefer the existing single source of truth when it already covers the behavior.
|
|
125
|
+
- If the existing source is incomplete, extend it narrowly instead of creating a
|
|
126
|
+
parallel shape.
|
|
127
|
+
- If both old and new concepts must remain, name the boundary and explain why
|
|
128
|
+
they are not duplicates.
|
|
129
|
+
|
|
130
|
+
3. Check coupling and dependency direction.
|
|
131
|
+
- Look for hidden coupling through import direction, initialization order,
|
|
132
|
+
shared mutable state, environment reads, caches, file-system state, timers,
|
|
133
|
+
module-level side effects, and ambient globals.
|
|
134
|
+
- Look for circular dependencies or a new dependency from lower-level code into
|
|
135
|
+
higher-level orchestration, UI, CLI, or framework code.
|
|
136
|
+
- Inspect fan-in and fan-out. A new utility imported everywhere, or a high-level
|
|
137
|
+
module imported from many low-level places, needs a boundary explanation.
|
|
138
|
+
|
|
139
|
+
4. Check public surface and re-export discipline.
|
|
140
|
+
- Treat a barrel export, wildcard export, package entrypoint, generated client,
|
|
141
|
+
CLI JSON field, or template-installed file as a public surface until proven
|
|
142
|
+
otherwise.
|
|
143
|
+
- Remove accidental re-exports, or update the matching contract, tests, and docs
|
|
144
|
+
when the export is intentional.
|
|
145
|
+
- Do not hide a breaking public-surface change behind "internal cleanup" wording.
|
|
146
|
+
|
|
147
|
+
5. Check error handling and fallbacks.
|
|
148
|
+
- Reject empty `catch`, generic fallback values, silent `null` returns, and
|
|
149
|
+
duplicated defensive guards unless they are the repository's explicit boundary
|
|
150
|
+
pattern.
|
|
151
|
+
- Move failure interpretation to the boundary that owns it: parser, adapter,
|
|
152
|
+
handler, command, job, or UI state.
|
|
153
|
+
- Preserve useful error context without leaking secrets or personal data.
|
|
154
|
+
- Prefer explicit result shapes or typed errors when they already exist locally.
|
|
155
|
+
|
|
156
|
+
6. Check complexity before it calcifies.
|
|
157
|
+
- Challenge nesting deeper than three levels, especially inside loops, async
|
|
158
|
+
flows, parsers, command handlers, and test setup.
|
|
159
|
+
- Flatten unnecessary nesting with guard clauses or early returns when that keeps
|
|
160
|
+
the invariant clearer.
|
|
161
|
+
- Split a god function only around a real responsibility boundary. Do not create
|
|
162
|
+
tiny helpers that hide control flow or duplicate a local convention.
|
|
163
|
+
- Split a god file only when the new module has a stable owner, direction, and
|
|
164
|
+
verification path.
|
|
165
|
+
|
|
166
|
+
7. Harden tests against fake confidence.
|
|
167
|
+
- Verify behavior and side effects, not only function names, strings, snapshots,
|
|
168
|
+
or the presence of files.
|
|
169
|
+
- Add or preserve edge cases for empty input, missing input, null or undefined
|
|
170
|
+
where the language permits it, boundary values, duplicate requests, failure
|
|
171
|
+
paths, and concurrency or ordering when relevant.
|
|
172
|
+
- Mock only external boundaries: network, clock, filesystem, process, database,
|
|
173
|
+
queue, browser, or third-party service. Avoid mocking internal collaborators
|
|
174
|
+
just to make the implementation easier to assert.
|
|
175
|
+
- If production code gained defensive fallback only to satisfy a brittle test,
|
|
176
|
+
fix the test or move the fallback to the owning boundary.
|
|
177
|
+
|
|
178
|
+
8. Use enforcement evidence without inventing enforcement.
|
|
179
|
+
- Run existing configured lint, build, and related test intents when they cover
|
|
180
|
+
the risk.
|
|
181
|
+
- If the repository lacks dependency-boundary, complexity, max-depth,
|
|
182
|
+
no-floating-promise, no-explicit-any, or circular-dependency checks, report the
|
|
183
|
+
missing guard as future hardening unless the user explicitly asked to add it.
|
|
184
|
+
- Never paste outside plugin commands, package-manager commands, or CI recipes
|
|
185
|
+
into mustflow command contracts without command-contract review.
|
|
186
|
+
|
|
187
|
+
9. Decide fix now, defer, or report.
|
|
188
|
+
- Fix now when the issue is in the touched code, small, directly tied to the
|
|
189
|
+
current behavior, and verifiable with configured commands.
|
|
190
|
+
- Defer when the issue needs broad architecture work, new dependencies, new CI
|
|
191
|
+
gates, package-wide lint policy, or a migration across unrelated modules.
|
|
192
|
+
- Report only when evidence is real but fixing it would exceed the current task
|
|
193
|
+
boundary.
|
|
194
|
+
|
|
195
|
+
<!-- mustflow-section: postconditions -->
|
|
196
|
+
## Postconditions
|
|
197
|
+
|
|
198
|
+
- New helpers, shapes, fixtures, validators, and exports have been checked against
|
|
199
|
+
existing sources of truth.
|
|
200
|
+
- Hidden coupling, dependency direction, circular dependencies, fan-in, fan-out,
|
|
201
|
+
re-export drift, and public-surface changes have been fixed, deferred, or
|
|
202
|
+
explicitly reported.
|
|
203
|
+
- Error handling is either centralized at the owning boundary or the remaining
|
|
204
|
+
duplicated guard/fallback risk is documented.
|
|
205
|
+
- Tests exercise behavior and meaningful side effects, with edge and failure paths
|
|
206
|
+
covered where relevant to the change.
|
|
207
|
+
|
|
208
|
+
<!-- mustflow-section: verification -->
|
|
209
|
+
## Verification
|
|
210
|
+
|
|
211
|
+
- Use `changes_status` and `changes_diff_summary` to keep the hardening scope
|
|
212
|
+
visible.
|
|
213
|
+
- Run `test_related` for changed behavior, tests, or installed template surfaces.
|
|
214
|
+
- Run `test_audit` when test quality, mock boundaries, or missing edge cases are the
|
|
215
|
+
primary concern and the intent is configured.
|
|
216
|
+
- Run `lint` or `build` only when the repository already configures those intents
|
|
217
|
+
and they cover the touched language or package.
|
|
218
|
+
- Run `docs_validate_fast`, `test_release`, or `mustflow_check` when the hardening
|
|
219
|
+
change touches workflow docs, templates, version metadata, route metadata, or
|
|
220
|
+
release-sensitive files.
|
|
221
|
+
|
|
222
|
+
<!-- mustflow-section: failure-handling -->
|
|
223
|
+
## Failure Handling
|
|
224
|
+
|
|
225
|
+
- If a configured command fails, switch to `failure-triage` before broadening the
|
|
226
|
+
fix.
|
|
227
|
+
- If repository search cannot prove whether a helper or shape is duplicate, report
|
|
228
|
+
the evidence gap instead of deleting or merging concepts speculatively.
|
|
229
|
+
- If the hardening issue requires new dependencies, new CI gates, package-wide lint
|
|
230
|
+
policy, or a cross-module migration, defer it with a concrete recommendation.
|
|
231
|
+
- If the current diff is too broad to inspect in one pass, use
|
|
232
|
+
`heuristic-candidate-selection` to choose the highest-risk batch first.
|
|
233
|
+
- If external advice suggests commands or plugin behavior, use
|
|
234
|
+
`external-skill-intake` and `command-intent-mapping-gate` before preserving it in
|
|
235
|
+
mustflow.
|
|
236
|
+
|
|
237
|
+
<!-- mustflow-section: output-format -->
|
|
238
|
+
## Output Format
|
|
239
|
+
|
|
240
|
+
Include:
|
|
241
|
+
|
|
242
|
+
- Existing sources of truth reused or extended.
|
|
243
|
+
- Duplicate helpers, duplicate shapes, or repeated guards removed.
|
|
244
|
+
- Coupling, circular-dependency, fan-in, fan-out, public-surface, and re-export risks
|
|
245
|
+
found or ruled out.
|
|
246
|
+
- Error-handling and fallback decisions.
|
|
247
|
+
- Test hardening: behavior assertions, side effects, edge cases, and mock boundary.
|
|
248
|
+
- Configured verification intents run and their result.
|
|
249
|
+
- Deferred enforcement, lint, or CI guard suggestions, clearly marked as not added.
|