mustflow 2.32.0 → 2.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/api/actions.js +55 -0
- package/dist/cli/commands/api/report-runner.js +62 -0
- package/dist/cli/commands/api/serve.js +149 -0
- package/dist/cli/commands/api/workspace-recommendations.js +13 -0
- package/dist/cli/commands/api.js +15 -275
- package/dist/cli/lib/local-index/search-read-model.js +44 -7
- package/dist/cli/lib/validation/frontmatter.js +75 -0
- package/dist/cli/lib/validation/index.js +4 -86
- package/dist/cli/lib/validation/safe-read.js +13 -0
- package/dist/core/active-run-locks.js +110 -10
- package/dist/core/run-performance-history.js +14 -1
- package/dist/core/validation-ratchet.js +1 -1
- package/package.json +1 -1
- package/templates/default/i18n.toml +55 -19
- package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +15 -7
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +20 -8
- package/templates/default/locales/en/.mustflow/skills/adapter-boundary/SKILL.md +9 -2
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +249 -0
- package/templates/default/locales/en/.mustflow/skills/api-contract-change/SKILL.md +16 -11
- package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +11 -4
- package/templates/default/locales/en/.mustflow/skills/backend-reliability-change/SKILL.md +289 -0
- package/templates/default/locales/en/.mustflow/skills/css-code-change/SKILL.md +24 -14
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +18 -7
- package/templates/default/locales/en/.mustflow/skills/frontend-render-stability/SKILL.md +144 -0
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +70 -18
- package/templates/default/locales/en/.mustflow/skills/html-code-change/SKILL.md +20 -13
- package/templates/default/locales/en/.mustflow/skills/http-delivery-streaming/SKILL.md +205 -0
- package/templates/default/locales/en/.mustflow/skills/performance-budget-check/SKILL.md +9 -7
- package/templates/default/locales/en/.mustflow/skills/proactive-risk-surfacing/SKILL.md +198 -0
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +27 -11
- package/templates/default/locales/en/.mustflow/skills/routes.toml +37 -1
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +41 -17
- package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +167 -0
- package/templates/default/locales/en/.mustflow/skills/tailwind-code-change/SKILL.md +37 -23
- package/templates/default/locales/en/.mustflow/skills/tauri-code-change/SKILL.md +27 -10
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +22 -4
- package/templates/default/locales/en/.mustflow/skills/unocss-code-change/SKILL.md +34 -15
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +29 -5
- package/templates/default/locales/en/AGENTS.md +3 -2
- package/templates/default/locales/ko/.mustflow/docs/agent-workflow.md +13 -8
- package/templates/default/locales/ko/AGENTS.md +2 -2
- package/templates/default/manifest.toml +37 -1
|
@@ -0,0 +1,205 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.http-delivery-streaming
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: http-delivery-streaming
|
|
9
|
+
description: Apply this skill when HTTP delivery, content coding, compression negotiation, CDN or proxy caching, streaming responses, Server-Sent Events, WebTransport, WebSocket fallback, HTTP/2 or HTTP/3 transport behavior, browser EventSource or WebTransport clients, reverse-proxy buffering, connection limits, reconnect behavior, or delivery observability is created, changed, reviewed, or reported.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.http-delivery-streaming
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- docs_validate_fast
|
|
22
|
+
- test_release
|
|
23
|
+
- mustflow_check
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
# HTTP Delivery Streaming
|
|
27
|
+
|
|
28
|
+
<!-- mustflow-section: purpose -->
|
|
29
|
+
## Purpose
|
|
30
|
+
|
|
31
|
+
Keep HTTP delivery behavior explicit instead of treating it as a harmless header, proxy, or client-library detail. Compression, cache variation, streaming flush behavior, reconnect semantics, HTTP version behavior, and browser transport fallback are part of the user-visible and operator-visible contract.
|
|
32
|
+
|
|
33
|
+
This skill is for the awkward layer where a feature looks correct in route code but fails because a proxy buffered it, a cache ignored `Vary`, a browser cannot send the header the server expects, a datagram was treated as reliable, or a compression setting made tail latency worse.
|
|
34
|
+
|
|
35
|
+
<!-- mustflow-section: use-when -->
|
|
36
|
+
## Use When
|
|
37
|
+
|
|
38
|
+
- HTTP response delivery, `Content-Encoding`, `Accept-Encoding`, `Vary`, `Cache-Control`, `ETag`, range requests, static asset precompression, CDN compression, or origin compression changes.
|
|
39
|
+
- zstd, gzip, brotli, dictionary compression, compression dictionary transport, `.zst` artifacts, compressed archives, patches, or delivery metadata are introduced, reviewed, or documented.
|
|
40
|
+
- Streaming responses, Server-Sent Events, `EventSource`, `text/event-stream`, heartbeat comments, reconnect behavior, event replay, `Last-Event-ID`, or proxy buffering behavior changes.
|
|
41
|
+
- WebTransport, HTTP/3, QUIC, datagrams, bidirectional streams, unreliable latest-state delivery, or WebSocket/SSE/long-poll fallback changes.
|
|
42
|
+
- Reverse proxy, CDN, edge worker, load balancer, framework adapter, route handler, worker handler, or browser client behavior can change whether bytes flush, cache, decompress, reconnect, or arrive in order.
|
|
43
|
+
- Performance, reliability, auth, permission, privacy, or observability claims depend on bytes transferred, compression ratio, streaming latency, connection count, fallback path, reconnect rate, or transport metrics.
|
|
44
|
+
|
|
45
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
46
|
+
## Do Not Use When
|
|
47
|
+
|
|
48
|
+
- The change only edits an API JSON schema, route shape, status code, or generated client with no delivery, cache, compression, streaming, or transport behavior; use `api-contract-change`.
|
|
49
|
+
- The change only improves general runtime performance with no HTTP delivery or streaming surface; use `performance-budget-check`.
|
|
50
|
+
- The task only changes authentication or permission policy with no browser delivery, cache, cookie, CORS, signed URL, or streaming token behavior; use `auth-permission-change`.
|
|
51
|
+
- The task only changes an external provider adapter unrelated to HTTP delivery or browser transport behavior; use `adapter-boundary`.
|
|
52
|
+
- The user explicitly asks for a rough offline note and accepts that browser, proxy, CDN, or standards freshness is unverified.
|
|
53
|
+
|
|
54
|
+
<!-- mustflow-section: required-inputs -->
|
|
55
|
+
## Required Inputs
|
|
56
|
+
|
|
57
|
+
- Delivery surface: static asset, API response, file download, archive, streaming route, SSE channel, WebTransport session, WebSocket fallback, CDN rule, proxy rule, or browser client.
|
|
58
|
+
- Route or asset ledger: URL, method, status, media type, response size range, cacheability, auth requirement, tenant or user variance, and caller types.
|
|
59
|
+
- Header ledger: `Content-Type`, `Content-Encoding`, `Accept-Encoding`, `Vary`, `Cache-Control`, `ETag`, `Last-Event-ID`, `Retry-After`, `Content-Disposition`, CORS, cookies, credentials mode, range request headers, and compression dictionary headers when relevant.
|
|
60
|
+
- Delivery path: origin, framework adapter, reverse proxy, CDN, edge worker, service worker, load balancer, HTTP version, TLS/ALPN, QUIC/UDP availability, and browser support assumptions.
|
|
61
|
+
- Streaming behavior: flush point, heartbeat interval, replay buffer, reconnect policy, backpressure, cancellation, per-tenant isolation, and fallback behavior.
|
|
62
|
+
- Compression behavior: selected content coding, fallback coding, window or decoder compatibility constraints, compression level, CPU budget, dictionary availability, dictionary freshness, and cache-key variance.
|
|
63
|
+
- Observability evidence: selected encoding, cache status, proxy status, client fallback, reconnect count, RTT, bytes sent, queue age, replay misses, drop estimate, and error categories.
|
|
64
|
+
- Relevant command-intent contract entries for lint, build, related tests, docs, release checks, and mustflow validation.
|
|
65
|
+
|
|
66
|
+
<!-- mustflow-section: preconditions -->
|
|
67
|
+
## Preconditions
|
|
68
|
+
|
|
69
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
70
|
+
- If official standard, browser-support, proxy-default, CDN-default, or runtime-support claims are written durably, use official or repository-approved source evidence and avoid stale "latest" wording.
|
|
71
|
+
- If the delivery change affects request/response schema, public headers, generated clients, or docs, also use `api-contract-change`.
|
|
72
|
+
- If private data, credentials, signed URLs, cookies, CORS, tenant isolation, or permission caches are involved, also use `auth-permission-change` or `security-privacy-review`.
|
|
73
|
+
- If the change is motivated by speed, bandwidth, tail latency, CPU cost, or connection pressure, also use `performance-budget-check`.
|
|
74
|
+
|
|
75
|
+
<!-- mustflow-section: allowed-edits -->
|
|
76
|
+
## Allowed Edits
|
|
77
|
+
|
|
78
|
+
- Update route handlers, response headers, streaming adapters, proxy/CDN configuration, browser transport clients, fallback code, tests, docs, and directly synchronized templates tied to the delivery behavior.
|
|
79
|
+
- Add delivery fixtures, contract tests, integration tests, browser-client tests, and docs examples when repository surfaces support them.
|
|
80
|
+
- Add explicit fallback, feature-detection, cache-variance, replay, heartbeat, timeout, reconnect, and observability behavior.
|
|
81
|
+
- Do not silently add compression, buffering changes, cache sharing, streaming transports, or browser feature assumptions without naming the caller and fallback contract.
|
|
82
|
+
- Do not use raw browser, proxy, package-manager, server, or benchmark commands unless they are configured oneshot command intents.
|
|
83
|
+
|
|
84
|
+
<!-- mustflow-section: procedure -->
|
|
85
|
+
## Procedure
|
|
86
|
+
|
|
87
|
+
1. Classify the delivery surface:
|
|
88
|
+
- static asset or file download;
|
|
89
|
+
- API response compression;
|
|
90
|
+
- compression dictionary transport;
|
|
91
|
+
- large archive, patch, or range-readable payload;
|
|
92
|
+
- streaming HTTP response;
|
|
93
|
+
- Server-Sent Events;
|
|
94
|
+
- WebTransport;
|
|
95
|
+
- WebSocket, long-poll, or fallback channel;
|
|
96
|
+
- proxy, CDN, edge, service-worker, or framework adapter rule.
|
|
97
|
+
2. Build a delivery ledger before editing:
|
|
98
|
+
- route or asset path, method, status, media type, response size, cacheability, auth requirement, and caller list;
|
|
99
|
+
- selected headers, cache key, `Vary` dimensions, compression choice, proxy/CDN path, HTTP version assumption, fallback path, and observability fields.
|
|
100
|
+
3. Keep content coding separate from media type and file naming.
|
|
101
|
+
- A precompressed file extension such as `.zst` is an origin artifact, not the browser-facing contract by itself.
|
|
102
|
+
- Serve the original media type plus the negotiated `Content-Encoding`.
|
|
103
|
+
- Use `Vary: Accept-Encoding` or an equivalent cache-key rule whenever the same URL can produce different encodings.
|
|
104
|
+
- Do not let a CDN cache one encoded variant for clients that did not negotiate it.
|
|
105
|
+
- Check decoder compatibility constraints, compression level, CPU cost, and p95/p99 latency before calling a smaller payload a faster response.
|
|
106
|
+
4. Treat zstd HTTP content coding as negotiated delivery, not a universal asset format.
|
|
107
|
+
- Keep a supported fallback for clients, proxies, or CDNs that do not negotiate it.
|
|
108
|
+
- Avoid tiny-payload wins that spend more CPU than bandwidth saved.
|
|
109
|
+
- Keep any content-coding window or decoder-limit claim tied to official sources or repository evidence.
|
|
110
|
+
- For generated `.zst` artifacts, distinguish browser delivery from archive download, package artifact, or internal cache storage.
|
|
111
|
+
5. Treat compression dictionary transport as an explicit compatibility feature.
|
|
112
|
+
- Feature-detect or negotiate dictionary use; never require it for first contact unless a closed client contract says so.
|
|
113
|
+
- Make dictionary identity, freshness, invalidation, cache key, and fallback behavior explicit.
|
|
114
|
+
- Keep dictionary selection deterministic enough that a proxy, service worker, or CDN cannot mix incompatible dictionary and response pairs.
|
|
115
|
+
- Report browser, CDN, proxy, and framework support as dated or verified evidence, not as a memory claim.
|
|
116
|
+
6. For large archives, deltas, logs, or patch payloads, define the read model.
|
|
117
|
+
- If callers need random access, partial download, verification, or resume, design chunking, indexing, frame boundaries, metadata, checksums, and range behavior before choosing a compression format.
|
|
118
|
+
- Treat checksums as corruption detection. They are not signatures or authorization.
|
|
119
|
+
- Keep decompression limits and zip-bomb style expansion risk in the security review path when untrusted content is accepted.
|
|
120
|
+
7. For Server-Sent Events, design the event stream as a contract.
|
|
121
|
+
- SSE is server-to-client. Do not smuggle client commands into an event stream design.
|
|
122
|
+
- Define event names, `id`, data shape, replay buffer, `Last-Event-ID` handling, `retry`, and heartbeat comments.
|
|
123
|
+
- Account for browser `EventSource` limitations such as URL-based `GET`, credential behavior, and restricted custom request headers.
|
|
124
|
+
- Choose cookies, signed URLs, CORS, or a separate token exchange deliberately when auth is needed.
|
|
125
|
+
- Disable or bypass proxy buffering where required, flush early, and send small heartbeat or comment frames often enough to keep intermediaries from deciding the connection is idle.
|
|
126
|
+
- Consider HTTP/1 connection limits, HTTP/2 stream behavior, tab count, and same-origin pressure.
|
|
127
|
+
- Handle backpressure, cancellation, slow clients, reconnect storms, and replay misses.
|
|
128
|
+
8. For WebTransport, design the transport protocol instead of treating it as faster WebSocket.
|
|
129
|
+
- Confirm secure context, HTTP/3, QUIC/UDP, certificate, proxy, load balancer, firewall, and ALPN path assumptions.
|
|
130
|
+
- Use `ready` and `closed` lifecycle handling; do not treat construction as a connected state.
|
|
131
|
+
- Use datagrams only for lossy latest-state or telemetry-style data where drops are acceptable.
|
|
132
|
+
- Use streams for reliable commands, state transitions, payments, writes, and ordered data.
|
|
133
|
+
- Add sequence numbers, timestamps, idempotency keys, and application-level ordering when messages cross datagrams and streams.
|
|
134
|
+
- Keep worker/off-main-thread behavior in view when encoding, decoding, or fan-out can block UI responsiveness.
|
|
135
|
+
- Provide WebSocket, SSE, or long-poll fallback when the product cannot require WebTransport-capable networks and browsers.
|
|
136
|
+
9. Check proxy, CDN, and edge behavior as part of the feature.
|
|
137
|
+
- Name where compression happens: origin, proxy, CDN, edge worker, service worker, or build artifact.
|
|
138
|
+
- Name where buffering happens and whether the streaming route can flush.
|
|
139
|
+
- Name where HTTP/2 or HTTP/3 terminates and what the origin actually receives.
|
|
140
|
+
- Name cache variance for auth, tenant, language, content coding, dictionary, range requests, and private responses.
|
|
141
|
+
- Do not cache private event streams, signed URLs, or tenant-specific responses as public assets.
|
|
142
|
+
10. Keep delivery concerns out of core business logic.
|
|
143
|
+
- Use adapters or transport modules to translate EventSource, WebTransport, WebSocket, compression, cache, and proxy details into internal events or commands.
|
|
144
|
+
- Do not let datagram loss, browser reconnect, CDN cache keys, or compression dictionary ids become domain rules.
|
|
145
|
+
- Use `adapter-boundary` when external protocol objects or framework response objects would otherwise leak into application services.
|
|
146
|
+
11. Add observability before trusting delivery behavior.
|
|
147
|
+
- Record selected content coding, cache hit/miss, proxy or CDN status, response size, flush latency, reconnect count, last event id, replay miss count, client fallback, RTT, stream close reason, queue age, dropped datagrams estimate, and transport error class when relevant.
|
|
148
|
+
- Keep metric labels bounded. Do not label metrics by full URL with unbounded query strings, raw user ids, tokens, dictionary hashes, or event payloads.
|
|
149
|
+
12. Verify with configured command intents.
|
|
150
|
+
- Use lint, build, related tests, docs validation, release checks, and mustflow checks when available.
|
|
151
|
+
- Report missing browser, proxy, CDN, compression-negotiation, stream-flush, or WebTransport integration coverage instead of inventing raw commands.
|
|
152
|
+
|
|
153
|
+
<!-- mustflow-section: postconditions -->
|
|
154
|
+
## Postconditions
|
|
155
|
+
|
|
156
|
+
- Delivery surface, route or asset ledger, selected headers, cache key, proxy/CDN path, and fallback path are explicit.
|
|
157
|
+
- Content coding, media type, file extension, and archive format are not conflated.
|
|
158
|
+
- zstd, dictionary compression, gzip, brotli, or other coding choices have fallback, cache variance, CPU, and compatibility behavior defined.
|
|
159
|
+
- SSE streams define event shape, heartbeat, replay, reconnect, auth, proxy buffering, cancellation, and slow-client behavior.
|
|
160
|
+
- WebTransport sessions define lifecycle, datagram versus stream reliability, fallback, network assumptions, and observability.
|
|
161
|
+
- Private, tenant-specific, credentialed, or signed responses are not accidentally made cache-public.
|
|
162
|
+
- Transport, proxy, CDN, and browser details are contained at adapter or delivery boundaries rather than leaking into core logic.
|
|
163
|
+
- Delivery and performance claims are backed by configured verification, source evidence, or clearly reported as unverified.
|
|
164
|
+
|
|
165
|
+
<!-- mustflow-section: verification -->
|
|
166
|
+
## Verification
|
|
167
|
+
|
|
168
|
+
Use configured oneshot command intents when available:
|
|
169
|
+
|
|
170
|
+
- `changes_status`
|
|
171
|
+
- `changes_diff_summary`
|
|
172
|
+
- `lint`
|
|
173
|
+
- `build`
|
|
174
|
+
- `test_related`
|
|
175
|
+
- `docs_validate_fast`
|
|
176
|
+
- `test_release`
|
|
177
|
+
- `mustflow_check`
|
|
178
|
+
|
|
179
|
+
Prefer the narrowest configured checks that prove the changed delivery behavior. Report missing browser, proxy, CDN, HTTP/2, HTTP/3, stream-flush, EventSource reconnect, WebTransport fallback, or compression-negotiation verification when relevant.
|
|
180
|
+
|
|
181
|
+
<!-- mustflow-section: failure-handling -->
|
|
182
|
+
## Failure Handling
|
|
183
|
+
|
|
184
|
+
- If a compressed response decodes incorrectly, first check `Content-Type`, `Content-Encoding`, `Accept-Encoding`, `Vary`, cache key, and double-compression before changing application payloads.
|
|
185
|
+
- If streaming appears batched, check proxy buffering, framework buffering, CDN behavior, flush calls, heartbeat cadence, and response transforms before blaming the client.
|
|
186
|
+
- If SSE reconnects repeat or miss events, check event ids, replay buffer, heartbeat, retry interval, connection limits, auth expiry, and slow-client cancellation.
|
|
187
|
+
- If WebTransport works locally but fails in production, check HTTP/3, QUIC/UDP, ALPN, certificates, proxy/load-balancer support, firewall behavior, and fallback path.
|
|
188
|
+
- If a cache serves private or wrong-encoding data, fail closed, disable or narrow caching, and report the cache-key or `Vary` defect.
|
|
189
|
+
- If official support or standard details cannot be verified, keep wording conservative and report the freshness boundary.
|
|
190
|
+
|
|
191
|
+
<!-- mustflow-section: output-format -->
|
|
192
|
+
## Output Format
|
|
193
|
+
|
|
194
|
+
- Delivery surface classified
|
|
195
|
+
- Route or asset ledger
|
|
196
|
+
- Header, cache key, proxy/CDN, and HTTP version notes
|
|
197
|
+
- Content coding, dictionary, archive, or compression decision
|
|
198
|
+
- SSE, WebTransport, WebSocket, or fallback behavior when relevant
|
|
199
|
+
- Auth, CORS, cookie, signed URL, tenant, and private-cache notes when relevant
|
|
200
|
+
- Backpressure, cancellation, reconnect, replay, timeout, and buffering behavior
|
|
201
|
+
- Observability fields added or required
|
|
202
|
+
- Tests, fixtures, browser/proxy checks, or docs synchronized
|
|
203
|
+
- Command intents run
|
|
204
|
+
- Skipped verification and reasons
|
|
205
|
+
- Remaining delivery or streaming risk
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.performance-budget-check
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 20
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: performance-budget-check
|
|
9
|
-
description: Apply this skill when runtime performance, hot paths, user-perceived latency, p95/p99 tail latency, throughput, infrastructure cost, memory, GC pressure, CPU cache locality, allocation churn, bundle size, payload size, media loading, build time, filesystem scanning, process spawning, IPC/RPC/DB/API fan-out, N+1 work, repeated filtering/sorting/parsing/serialization, caching, pagination, queues, virtualization, backpressure, or performance claims are planned, edited, reviewed, or reported.
|
|
9
|
+
description: Apply this skill when runtime performance, hot paths, user-perceived latency, p95/p99 tail latency, throughput, infrastructure cost, memory, GC pressure, CPU cache locality, allocation churn, bundle size, payload size, HTTP delivery, compression, streaming latency, media loading, build time, filesystem scanning, process spawning, IPC/RPC/DB/API fan-out, N+1 work, repeated filtering/sorting/parsing/serialization, caching, pagination, queues, virtualization, backpressure, or performance claims are planned, edited, reviewed, or reported.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -27,17 +27,17 @@ metadata:
|
|
|
27
27
|
<!-- mustflow-section: purpose -->
|
|
28
28
|
## Purpose
|
|
29
29
|
|
|
30
|
-
Keep performance work focused on the places where cost multiplies: item count, request count, service fan-out, retry count, bytes transferred, bytes copied, objects allocated, rendered nodes, database round trips, filesystem walks, IPC calls, cache misses, branch misses, lock waits, queue backlog, and connection-pool waits.
|
|
30
|
+
Keep performance work focused on the places where cost multiplies: item count, request count, service fan-out, retry count, bytes transferred, compression CPU, stream flushes, reconnects, bytes copied, objects allocated, rendered nodes, database round trips, filesystem walks, IPC calls, cache misses, branch misses, lock waits, queue backlog, and connection-pool waits.
|
|
31
31
|
|
|
32
32
|
Prefer removing unnecessary work over making unnecessary work slightly faster. A performance change should preserve semantics, name the hot path, and report whether it is measured, inferred from complexity, or still unverified. Do not treat Big-O labels, "hash map", "indexed query", "cache", "queue", or "autoscaling" as proof that a path is fast enough; constant factors, memory layout, runtime dispatch, allocation, locks, external round trips, and shared resource bottlenecks often dominate.
|
|
33
33
|
|
|
34
34
|
<!-- mustflow-section: use-when -->
|
|
35
35
|
## Use When
|
|
36
36
|
|
|
37
|
-
- A task changes or reports latency, p95 or p99 tail latency, throughput, infrastructure cost, memory use, GC pressure, CPU cache locality, allocation churn, build time, bundle size, payload size, media loading, CLI duration, test scheduling, cache initialization, filesystem scanning, process spawning, or command execution duration.
|
|
37
|
+
- A task changes or reports latency, p95 or p99 tail latency, throughput, infrastructure cost, memory use, GC pressure, CPU cache locality, allocation churn, build time, bundle size, payload size, HTTP delivery, compression, streaming latency, media loading, CLI duration, test scheduling, cache initialization, filesystem scanning, process spawning, or command execution duration.
|
|
38
38
|
- Code introduces or reviews repeated external access such as DB queries, repository calls, HTTP/RPC calls, Redis calls, S3/object storage calls, IPC commands, filesystem `stat` or scan calls, or child processes.
|
|
39
39
|
- Code filters, sorts, groups, joins, parses, serializes, clones, formats, normalizes, validates, allocates objects, builds DTOs, opens clients or sessions, renders UI lists, or computes projections inside loops or render paths.
|
|
40
|
-
- A change adds caching, memoization, precomputation, derived stores, selectors, virtualized lists, batching, queues, concurrency limits, cancellation, backpressure, debounce, throttle, workers, background jobs, CDN or HTTP caching assumptions, payload reduction, or media optimization for performance reasons.
|
|
40
|
+
- A change adds caching, memoization, precomputation, derived stores, selectors, virtualized lists, batching, queues, concurrency limits, cancellation, backpressure, debounce, throttle, workers, background jobs, CDN or HTTP caching assumptions, compression, content coding, streaming, payload reduction, or media optimization for performance reasons.
|
|
41
41
|
- Code uses async work, goroutines, futures, workers, task queues, streams, regexes, date parsing, string construction, exception handling, or logging in a path whose input or traffic can grow.
|
|
42
42
|
- A report claims a path is faster, optimized, efficient, lightweight, responsive, scalable, low-memory, low-overhead, or safe for large input.
|
|
43
43
|
|
|
@@ -72,6 +72,7 @@ Prefer removing unnecessary work over making unnecessary work slightly faster. A
|
|
|
72
72
|
- If personal data, authorization, tenant isolation, secrets, logs, retention, or audit data is involved, also use `security-privacy-review`.
|
|
73
73
|
- If database schema, query, index, migration, or transaction behavior changes, also use `database-change-safety`, `database-migration-change`, or the matching database engine skill.
|
|
74
74
|
- If UI rendering, layout, accessibility, or user-facing interaction changes, also use `ui-quality-gate`.
|
|
75
|
+
- If HTTP content coding, CDN or proxy delivery, SSE, WebTransport, streaming flush behavior, or browser transport fallback changes, also use `http-delivery-streaming`.
|
|
75
76
|
|
|
76
77
|
<!-- mustflow-section: allowed-edits -->
|
|
77
78
|
## Allowed Edits
|
|
@@ -105,6 +106,7 @@ Prefer removing unnecessary work over making unnecessary work slightly faster. A
|
|
|
105
106
|
10. Preserve semantics while changing data structures. State whether order, duplicate handling, first versus last winner, tie-breakers, missing records, and stable IDs still match the old behavior.
|
|
106
107
|
11. Bound reads and materialization. Avoid unbounded `SELECT *`, `findAll`, full filesystem scans, full JSON loads, full array materialization, whole response bodies, and API responses without pagination, projection, chunking, or streaming when data can grow.
|
|
107
108
|
12. Reduce payload and media work before tuning rendering internals. Send only needed fields, avoid overfetching, split late or optional data, use HTTP caching or CDN only for cacheable assets or responses, and check image dimensions, formats, lazy loading, and fixed layout dimensions before adding component memoization.
|
|
109
|
+
- Treat compression and streaming as latency tradeoffs, not free wins. Check compression CPU, content-coding negotiation, dictionary fallback, proxy buffering, buffered stream latency, flush latency, reconnect pressure, and whether p95/p99 improves for the actual client path. Do not report a false compression win when smaller bytes increase CPU, buffering, or tail latency.
|
|
108
110
|
13. Check sorting and top-k work. Do not sort entire collections when only a top subset is needed. Precompute sort keys when comparison logic parses dates, normalizes strings, computes scores, or reads paths.
|
|
109
111
|
14. Check pagination semantics. Offset pagination can become linearly slower and can duplicate or skip items on changing data. Prefer stable keyset or cursor semantics when the product does not require arbitrary page jumps.
|
|
110
112
|
15. Move repeated pure computation out of loops and renders. Normalize queries once, precompute search blobs or numeric timestamps, reuse regexes and formatters, and avoid repeated schema validation after data crosses a trusted boundary.
|
|
@@ -143,7 +145,7 @@ Prefer removing unnecessary work over making unnecessary work slightly faster. A
|
|
|
143
145
|
- The wall-time breakdown, CPU-versus-wait classification, saturation signal, and resource bottleneck class are explicit when evidence exists.
|
|
144
146
|
- Speed, memory, bundle, payload, query-count, render, CPU locality, allocation, lock, pool, queue, or I/O claims are backed by measurement or labeled as complexity-only.
|
|
145
147
|
- N+1 work, hidden quadratic scans, unbounded materialization, repeated serialization, repeated allocation, client/session churn, broad rendering, and unbounded or accidentally sequential async work are removed or reported.
|
|
146
|
-
- Caches, queues, batching, concurrency, workers, streams, CDN or HTTP caching, media optimization, and projections have invalidation, ordering, duplicate, partial-failure, cancellation, backpressure, capacity, stale-data, and memory behavior defined where relevant.
|
|
148
|
+
- Caches, queues, batching, concurrency, workers, streams, compression, CDN or HTTP caching, media optimization, and projections have invalidation, ordering, duplicate, partial-failure, cancellation, backpressure, capacity, stale-data, CPU, and memory behavior defined where relevant.
|
|
147
149
|
- Correctness, security, durability, privacy, and user-visible semantics remain intact or are explicitly reported as tradeoffs.
|
|
148
150
|
|
|
149
151
|
<!-- mustflow-section: verification -->
|
|
@@ -180,7 +182,7 @@ Use the narrowest configured test, build, docs, release, or mustflow intent that
|
|
|
180
182
|
- Performance evidence: measured, complexity-only, or unverified
|
|
181
183
|
- Semantics preserved: order, duplicates, IDs, consistency, partial failure, cancellation, and stale result handling
|
|
182
184
|
- Optimization applied or recommended
|
|
183
|
-
- Cache, queue, batching, concurrency, projection, UI, payload, media, memory, runtime, lock, pool, stream, retry, timeout, deployment, sharding, and I/O notes where relevant
|
|
185
|
+
- Cache, queue, batching, concurrency, projection, UI, payload, compression, HTTP delivery, media, memory, runtime, lock, pool, stream, retry, timeout, deployment, sharding, and I/O notes where relevant
|
|
184
186
|
- Command intents run
|
|
185
187
|
- Skipped measurements and reasons
|
|
186
188
|
- Remaining performance risk
|
|
@@ -0,0 +1,198 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.proactive-risk-surfacing
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: proactive-risk-surfacing
|
|
9
|
+
description: Apply this skill when current repository evidence reveals a scope-adjacent risk that was not explicitly requested, and the agent must decide whether to fix it, report it, ask first, or ignore it without drifting into broad unrelated work.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.proactive-risk-surfacing
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- test_related
|
|
19
|
+
- docs_validate_fast
|
|
20
|
+
- test_release
|
|
21
|
+
- mustflow_check
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
# Proactive Risk Surfacing
|
|
25
|
+
|
|
26
|
+
<!-- mustflow-section: purpose -->
|
|
27
|
+
## Purpose
|
|
28
|
+
|
|
29
|
+
Let agents act like senior engineers who notice important nearby problems without turning every
|
|
30
|
+
task into an unbounded audit or rewrite.
|
|
31
|
+
|
|
32
|
+
This skill gives permission to surface and sometimes fix evidence-backed risks outside the literal
|
|
33
|
+
wording of the user request. It also defines the brakes: relevance, severity, reversibility,
|
|
34
|
+
authority, and verification must decide whether the agent fixes now, reports only, asks first, or
|
|
35
|
+
ignores the issue.
|
|
36
|
+
|
|
37
|
+
<!-- mustflow-section: use-when -->
|
|
38
|
+
## Use When
|
|
39
|
+
|
|
40
|
+
- During implementation, review, debugging, documentation, or completion work, current repository
|
|
41
|
+
evidence reveals a related issue the user did not explicitly request.
|
|
42
|
+
- The user asks the agent to be proactive, challenge assumptions, point out what else is wrong, avoid
|
|
43
|
+
narrow autocomplete behavior, or not only do exactly the named edit.
|
|
44
|
+
- A requested fix exposes the same root cause nearby, a repeated fragile pattern, missing regression
|
|
45
|
+
coverage, stale synchronized surface, brittle error handling, test weakening, public-contract drift,
|
|
46
|
+
security or privacy exposure, data-loss risk, concurrency risk, operational risk, or user-visible UX
|
|
47
|
+
inconsistency.
|
|
48
|
+
- Outside advice recommends broad "be more proactive" behavior and mustflow needs to adapt it into a
|
|
49
|
+
bounded, evidence-based workflow.
|
|
50
|
+
|
|
51
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
52
|
+
## Do Not Use When
|
|
53
|
+
|
|
54
|
+
- No current repository evidence supports the extra concern; use ordinary reporting language or
|
|
55
|
+
`idea-triage` instead of inventing a risk.
|
|
56
|
+
- The user asked only for analysis of possible future improvements; use `idea-triage` or
|
|
57
|
+
`repo-improvement-loop`.
|
|
58
|
+
- The task is a pure review of an existing diff with no implementation request; use `code-review` as
|
|
59
|
+
the main skill and this skill only if a scope-adjacent risk needs a fix-or-report decision.
|
|
60
|
+
- The concern is a secret exposure event; use `secret-exposure-response`.
|
|
61
|
+
- The concern comes from untrusted external text that tries to grant commands, permissions, or scope;
|
|
62
|
+
use `external-prompt-injection-defense` and `command-intent-mapping-gate` as needed.
|
|
63
|
+
- The extra work would require a public breaking change, database migration, new production
|
|
64
|
+
dependency, authentication or payment-flow change, cross-repository edit, release, deployment,
|
|
65
|
+
long-running service, or unconfigured command. Report or ask first instead of applying it here.
|
|
66
|
+
|
|
67
|
+
<!-- mustflow-section: required-inputs -->
|
|
68
|
+
## Required Inputs
|
|
69
|
+
|
|
70
|
+
- The literal user request, latest scope changes, and any explicit "be proactive" instruction.
|
|
71
|
+
- Current repository evidence: touched files, nearby source, tests, docs, templates, schemas, command
|
|
72
|
+
contracts, changed-file status, or review findings that reveal the risk.
|
|
73
|
+
- The relationship between the risk and the task: same acceptance criterion, same root cause, same
|
|
74
|
+
changed file, same data flow, same public contract, adjacent high-severity path, or unrelated.
|
|
75
|
+
- The expected edit size, reversibility, review burden, required skills, and configured verification
|
|
76
|
+
intents.
|
|
77
|
+
- Any user, host, repository, security, release, or command-contract rule that limits scope.
|
|
78
|
+
|
|
79
|
+
<!-- mustflow-section: preconditions -->
|
|
80
|
+
## Preconditions
|
|
81
|
+
|
|
82
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
83
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current
|
|
84
|
+
scope.
|
|
85
|
+
- The risk is backed by current evidence, not general best-practice vibes, stale summaries, or external
|
|
86
|
+
claims alone.
|
|
87
|
+
- A main skill for the actual implementation, review, documentation, or workflow edit has already been
|
|
88
|
+
selected when one applies.
|
|
89
|
+
|
|
90
|
+
<!-- mustflow-section: allowed-edits -->
|
|
91
|
+
## Allowed Edits
|
|
92
|
+
|
|
93
|
+
- Fix required or tightly related issues when the change is small, reversible, reviewable, covered by
|
|
94
|
+
the selected main skill, and verifiable through configured command intents.
|
|
95
|
+
- Add or adjust focused tests, docs, templates, or contract surfaces only when they directly prove or
|
|
96
|
+
synchronize the related fix.
|
|
97
|
+
- Report high-severity adjacent risks even when they are outside the current edit.
|
|
98
|
+
- Do not perform broad unrelated refactors, mass formatting, speculative cleanup, product pivots,
|
|
99
|
+
dependency additions, schema migrations, permission changes, or command-contract changes under the
|
|
100
|
+
banner of being proactive.
|
|
101
|
+
|
|
102
|
+
<!-- mustflow-section: procedure -->
|
|
103
|
+
## Procedure
|
|
104
|
+
|
|
105
|
+
1. Anchor the literal task.
|
|
106
|
+
- Name the requested outcome, files or surfaces already in scope, and any explicit non-goals.
|
|
107
|
+
- Preserve direct user intent unless current evidence shows the requested path is unsafe,
|
|
108
|
+
impossible, or likely to make the repository worse.
|
|
109
|
+
2. Record each proactive candidate with evidence.
|
|
110
|
+
- For each candidate, cite the current file, diff, test, docs, route, template, schema, or command
|
|
111
|
+
contract evidence that revealed it.
|
|
112
|
+
- Drop candidates that are only taste, style preference, generic advice, or unrelated cleanup.
|
|
113
|
+
3. Classify relationship and severity:
|
|
114
|
+
- `required`: necessary to satisfy the stated task or avoid a broken implementation.
|
|
115
|
+
- `tightly_related`: same root cause, same changed path, same data flow, same public contract, or
|
|
116
|
+
same test guarantee.
|
|
117
|
+
- `high_severity_adjacent`: security, privacy, auth, payment, data loss, destructive action,
|
|
118
|
+
concurrency, operational outage, or misleading completion claim near the touched area.
|
|
119
|
+
- `related_but_large`: relevant, but would expand review, compatibility, migration, dependency, or
|
|
120
|
+
release scope.
|
|
121
|
+
- `low_relevance`: interesting but not meaningfully connected to the task.
|
|
122
|
+
4. Choose one decision per candidate:
|
|
123
|
+
- `fix_now`: use for `required` or small `tightly_related` risks with clear verification and no
|
|
124
|
+
authority conflict.
|
|
125
|
+
- `report_only`: use for `high_severity_adjacent` or `related_but_large` risks that need owner
|
|
126
|
+
judgment, broader design, manual action, or a separate change.
|
|
127
|
+
- `ask_first`: use when the safe path depends on user-owned product, compatibility, release,
|
|
128
|
+
security, migration, dependency, or data-retention decisions.
|
|
129
|
+
- `ignore`: use for `low_relevance`, subjective, duplicate, or unverified candidates.
|
|
130
|
+
5. Before `fix_now`, activate the narrower matching skill for the actual edit if it has not already
|
|
131
|
+
been read. Examples include code, docs, tests, security, templates, API contracts, data, UI, release,
|
|
132
|
+
or workflow skills.
|
|
133
|
+
6. Keep the proactive edit bounded.
|
|
134
|
+
- Touch only the files required for the related risk and its verification.
|
|
135
|
+
- Avoid mixing unrelated improvements into the same diff.
|
|
136
|
+
- If more than one useful candidate exists, fix the one that is required or highest leverage and
|
|
137
|
+
report the rest.
|
|
138
|
+
7. Verify with the narrowest configured intents that cover both the original task and the proactive
|
|
139
|
+
fix. Report missing, skipped, manual-only, or failed verification instead of replacing it with an
|
|
140
|
+
inferred command.
|
|
141
|
+
8. In the final report, separate:
|
|
142
|
+
- requested work completed;
|
|
143
|
+
- proactive risks fixed;
|
|
144
|
+
- proactive risks reported only;
|
|
145
|
+
- risks intentionally ignored or deferred;
|
|
146
|
+
- verification that covers each part.
|
|
147
|
+
|
|
148
|
+
<!-- mustflow-section: postconditions -->
|
|
149
|
+
## Postconditions
|
|
150
|
+
|
|
151
|
+
- The agent's extra work is tied to current evidence and the user's goal.
|
|
152
|
+
- Every proactive candidate has a decision: `fix_now`, `report_only`, `ask_first`, or `ignore`.
|
|
153
|
+
- Fixed candidates are small, reviewable, and covered by the relevant main skill and configured
|
|
154
|
+
verification.
|
|
155
|
+
- Report-only candidates are visible without being misrepresented as completed work.
|
|
156
|
+
- Unrelated cleanup and speculative improvements remain out of the diff.
|
|
157
|
+
|
|
158
|
+
<!-- mustflow-section: verification -->
|
|
159
|
+
## Verification
|
|
160
|
+
|
|
161
|
+
Use configured oneshot command intents when available:
|
|
162
|
+
|
|
163
|
+
- `changes_status`
|
|
164
|
+
- `changes_diff_summary`
|
|
165
|
+
- `test_related`
|
|
166
|
+
- `docs_validate_fast`
|
|
167
|
+
- `test_release`
|
|
168
|
+
- `mustflow_check`
|
|
169
|
+
|
|
170
|
+
Use the narrower configured implementation, test, documentation, security, template, build, or release
|
|
171
|
+
intent that proves the actual proactive edit. If no configured verification covers the extra fix, report
|
|
172
|
+
that limitation and prefer `report_only` unless the fix is required for the original task.
|
|
173
|
+
|
|
174
|
+
<!-- mustflow-section: failure-handling -->
|
|
175
|
+
## Failure Handling
|
|
176
|
+
|
|
177
|
+
- If evidence is missing, stale, truncated, or repeated without new information, use
|
|
178
|
+
`evidence-stall-breaker` or downgrade the candidate to `report_only` or `ignore`.
|
|
179
|
+
- If the candidate requires user-owned product, compatibility, security, migration, release, or
|
|
180
|
+
dependency judgment, stop that candidate at `ask_first`.
|
|
181
|
+
- If a configured command fails after a proactive fix, use `failure-triage` before adding another
|
|
182
|
+
proactive change.
|
|
183
|
+
- If the proactive change begins to require broad refactoring, split it into a reported follow-up or a
|
|
184
|
+
`repo-improvement-loop` cycle.
|
|
185
|
+
- If the user rejects the proactive direction, preserve the requested task and remove or avoid the
|
|
186
|
+
extra work unless it is needed for safety or correctness.
|
|
187
|
+
|
|
188
|
+
<!-- mustflow-section: output-format -->
|
|
189
|
+
## Output Format
|
|
190
|
+
|
|
191
|
+
- Literal task and proactive trigger
|
|
192
|
+
- Evidence inspected
|
|
193
|
+
- Candidate decisions: `fix_now`, `report_only`, `ask_first`, or `ignore`
|
|
194
|
+
- Files changed for proactive fixes
|
|
195
|
+
- Related skills used
|
|
196
|
+
- Verification intents run
|
|
197
|
+
- Skipped checks and reasons
|
|
198
|
+
- Remaining proactive risks or follow-up candidates
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.python-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 3
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: python-code-change
|
|
9
|
-
description: Apply this skill when Python source, packaging, runtime version, import layout, type checking, linting, tests, or CLI entry points are created or changed.
|
|
9
|
+
description: Apply this skill when Python source, standard-library API usage, packaging, runtime version, import layout, type checking, linting, tests, or CLI entry points are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -28,13 +28,13 @@ metadata:
|
|
|
28
28
|
<!-- mustflow-section: purpose -->
|
|
29
29
|
## Purpose
|
|
30
30
|
|
|
31
|
-
Preserve Python runtime, packaging, import, async resource, public API, typing, lint, and test boundaries while making a focused change.
|
|
31
|
+
Preserve Python runtime, standard-library, packaging, import, async resource, public API, typing, lint, and test boundaries while making a focused change.
|
|
32
32
|
|
|
33
33
|
<!-- mustflow-section: use-when -->
|
|
34
34
|
## Use When
|
|
35
35
|
|
|
36
36
|
- `.py`, `pyproject.toml`, `setup.py`, `setup.cfg`, requirements files, lockfiles, tox, nox, pytest, mypy, pyright, Ruff, or Python CI config changes.
|
|
37
|
-
- The task touches package layout, CLI entry points, imports, type hints, dependency declarations, virtual environment assumptions, or tests.
|
|
37
|
+
- The task touches standard-library feature usage, package layout, CLI entry points, imports, type hints, dependency declarations, virtual environment assumptions, or tests.
|
|
38
38
|
|
|
39
39
|
<!-- mustflow-section: do-not-use-when -->
|
|
40
40
|
## Do Not Use When
|
|
@@ -46,6 +46,7 @@ Preserve Python runtime, packaging, import, async resource, public API, typing,
|
|
|
46
46
|
## Required Inputs
|
|
47
47
|
|
|
48
48
|
- Python version source: `requires-python`, `.python-version`, tool version files, CI matrix, or container base image.
|
|
49
|
+
- Standard-library feature and runtime-behavior assumptions, especially when using Python-version-gated APIs or changed security defaults.
|
|
49
50
|
- Packaging and dependency files, test config, lint config, and type checker config.
|
|
50
51
|
- Package layout: `src` layout, flat layout, namespace package, distribution name, import package name, package discovery settings, CLI entry points, plugin entry points, and nearby tests.
|
|
51
52
|
- Async ownership and resource cleanup surface when coroutines, tasks, context managers, sessions, clients, pools, files, async generators, subprocesses, or logging change.
|
|
@@ -56,6 +57,7 @@ Preserve Python runtime, packaging, import, async resource, public API, typing,
|
|
|
56
57
|
## Preconditions
|
|
57
58
|
|
|
58
59
|
- Determine the lowest supported Python version before choosing syntax or typing features.
|
|
60
|
+
- Determine the lowest supported Python version before choosing standard-library features, changed defaults, syntax, or typing features.
|
|
59
61
|
- Read package layout and import style before editing imports.
|
|
60
62
|
- Treat global machine Python state as irrelevant unless the project explicitly declares it.
|
|
61
63
|
|
|
@@ -85,7 +87,19 @@ Preserve Python runtime, packaging, import, async resource, public API, typing,
|
|
|
85
87
|
- installed console scripts or plugin entry points should be smoke-tested through the installed entry point contract, not by directly running a source file.
|
|
86
88
|
8. Verify import origin when packaging risk is present. The public package should resolve from the installed environment intended by the project, not from accidental repository-root files.
|
|
87
89
|
9. Validate unknown external data before treating it as typed domain data.
|
|
88
|
-
10.
|
|
90
|
+
10. Choose standard-library helpers by semantic contract and supported Python version:
|
|
91
|
+
- prefer cardinality-explicit iteration such as `zip(strict=True)`, `itertools.batched(..., strict=True)`, or Python 3.14+ `map(strict=True)` only when unequal lengths are a bug and the declared runtime supports the API;
|
|
92
|
+
- do not use `itertools.groupby` as a database-style grouping primitive unless input ordering and group materialization are intentional;
|
|
93
|
+
- avoid shared mutable defaults; use `default_factory` or an existing local construction pattern for per-instance mutable state;
|
|
94
|
+
- prefer `importlib.resources` for packaged data, `tomllib` for TOML reads, and `Path.walk()` only after checking version support, pruning behavior, symlink recursion, ordering, and cycle risks;
|
|
95
|
+
- use dataclass options such as `slots`, `frozen`, and `kw_only`, `StrEnum`, `TypedDict`, or `Protocol` only when they match the public shape and runtime/type-checker support;
|
|
96
|
+
- treat `functools.cache`, `lru_cache`, `cached_property`, `partial`, and Python 3.14+ `Placeholder` as state, memory, concurrency, and versioned-API choices rather than harmless terseness.
|
|
97
|
+
11. Keep process, archive, and concurrency safety explicit:
|
|
98
|
+
- subprocess calls use argument lists, checked failure handling, timeouts, bounded captured output, and a narrow `shell=True` exception when the project already permits it;
|
|
99
|
+
- archive extraction, including `tarfile`, keeps untrusted archive inspection, extraction filters, partial-extract cleanup, and older-runtime defaults visible;
|
|
100
|
+
- `asyncio.TaskGroup`, `asyncio.timeout`, and `asyncio.to_thread` are used only when their cancellation, timeout, blocking-work, and Python-version semantics fit the surrounding lifecycle.
|
|
101
|
+
12. Use runtime diagnostics as evidence, not as permanent workaround code. Interpreter or library diagnostics such as import timing, `tracemalloc`, `faulthandler`, profiling, and allocation tracing should go through configured diagnostic or verification intents when available, and missing intents should be reported instead of adding ad hoc command recipes to the skill.
|
|
102
|
+
13. Preserve async and resource ownership:
|
|
89
103
|
- every coroutine is awaited, returned by contract, or scheduled as an owned and tracked task;
|
|
90
104
|
- raw background task creation is allowed only through the project's owner or spawn helper, a task group, or an equivalent lifecycle mechanism;
|
|
91
105
|
- background tasks keep a strong reference, have a shutdown path, and retrieve failures instead of leaving never-retrieved exceptions;
|
|
@@ -94,20 +108,21 @@ Preserve Python runtime, packaging, import, async resource, public API, typing,
|
|
|
94
108
|
- context managers and async context managers do not suppress exceptions unless suppression is the feature;
|
|
95
109
|
- context-manager helpers that catch exceptions for logging re-raise after logging;
|
|
96
110
|
- early-exit async generators have an explicit close path.
|
|
97
|
-
|
|
98
|
-
|
|
111
|
+
14. Preserve traceback evidence. Logging inside exception handlers should retain exception information instead of logging only the exception message.
|
|
112
|
+
15. Preserve public contracts:
|
|
99
113
|
- treat public imports, public signatures, exceptions, return shapes, CLI behavior, entry points, config keys, environment variables, dependency metadata, extras, Python version support, and typing stubs as compatibility-sensitive;
|
|
100
114
|
- do not change sync functions into async functions, accepted input shapes, nullable behavior, documented exception types, tuple/dict/dataclass return shapes, config precedence, or environment variable semantics without a compatibility review;
|
|
101
115
|
- typed packages should keep runtime and typing surfaces aligned, including `py.typed` and stubs when present.
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
116
|
+
16. Avoid mutable default arguments, broad `except Exception: pass`, broad `BaseException` catches outside process boundaries, global state hidden behind module imports, and path handling that ignores existing `pathlib` or OS conventions.
|
|
117
|
+
17. Use `# type: ignore[...]` only when tightly scoped, justified, and consistent with local policy.
|
|
118
|
+
18. If packaging, public API, CLI, config, or typing contracts change, synchronize README examples, entry point tests, build metadata, docs, fixtures, and downstream-style examples that describe installation or usage.
|
|
119
|
+
19. Choose configured verification intents that cover formatting, lint, type checking, tests, package build, installed-package smoke checks, and CLI smoke risk when available.
|
|
106
120
|
|
|
107
121
|
<!-- mustflow-section: postconditions -->
|
|
108
122
|
## Postconditions
|
|
109
123
|
|
|
110
124
|
- The code respects the declared Python version and packaging layout.
|
|
125
|
+
- Python-version-gated standard-library features and changed runtime defaults are accepted only when the declared support matrix allows them.
|
|
111
126
|
- Imports work from the project-supported execution path.
|
|
112
127
|
- Packaging changes distinguish development imports from release artifact imports.
|
|
113
128
|
- Async tasks, context managers, files, clients, pools, subprocesses, and generators have visible ownership and cleanup.
|
|
@@ -136,6 +151,7 @@ Report missing package, type, or test intents rather than inventing raw tool com
|
|
|
136
151
|
- If a test only passes because repository root, `src`, or `tests` is injected into import paths, reject the fix and repair packaging or test layout instead.
|
|
137
152
|
- If packaging correctness matters but only repository-root tests can run, report that wheel or installed-artifact verification is missing.
|
|
138
153
|
- If the supported Python version blocks a syntax choice, rewrite to the supported form.
|
|
154
|
+
- If the supported Python version blocks a standard-library feature, changed default, diagnostic flag, or helper API, use the supported equivalent or report the runtime-support decision instead of silently raising `requires-python`.
|
|
139
155
|
- If third-party stubs or package metadata are wrong, document the local workaround and keep it narrow.
|
|
140
156
|
- If a background task lacks owner, shutdown, strong reference, or exception retrieval, do not add it.
|
|
141
157
|
- If cancellation or context-manager behavior is swallowed accidentally, restore propagation or document the intentional suppression contract.
|