mustflow 2.38.0 → 2.58.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/cli/commands/run/executor.js +16 -0
- package/dist/cli/commands/run/process-tree.js +6 -3
- package/dist/cli/commands/verify.js +3 -1
- package/dist/cli/lib/git-changes.js +11 -1
- package/dist/cli/lib/i18n.js +1 -1
- package/dist/cli/lib/local-index/index.js +8 -4
- package/dist/cli/lib/local-index/populate.js +17 -3
- package/dist/cli/lib/local-index/search-read-model.js +9 -7
- package/dist/cli/lib/local-index/search-text.js +2 -2
- package/dist/cli/lib/local-index/workflow-documents.js +17 -2
- package/dist/cli/lib/mustflow-read.js +14 -2
- package/dist/cli/lib/repo-map.js +16 -3
- package/dist/cli/lib/templates.js +8 -7
- package/dist/cli/lib/validation/constants.js +1 -1
- package/dist/core/active-run-locks.js +78 -20
- package/dist/core/change-classification.js +4 -0
- package/dist/core/command-contract-rules.js +1 -1
- package/dist/core/command-contract-validation.js +1 -1
- package/dist/core/command-cwd.js +13 -2
- package/dist/core/command-effects.js +22 -4
- package/dist/core/command-env.js +8 -6
- package/dist/core/command-preconditions.js +28 -2
- package/dist/core/completion-verdict.js +1 -1
- package/dist/core/line-endings.js +8 -4
- package/dist/core/safe-filesystem.js +9 -1
- package/dist/core/source-anchor-validation.js +7 -1
- package/dist/core/source-anchors.js +8 -2
- package/dist/core/verification-scheduler.js +8 -2
- package/package.json +1 -1
- package/templates/default/common/.mustflow/config/commands.toml +39 -15
- package/templates/default/i18n.toml +330 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
- package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
- package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
- package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
- package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
- package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
- package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
- package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
- package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
- package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
- package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
- package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
- package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
- package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
- package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
- package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
- package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
- package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
- package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
- package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
- package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
- package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
- package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
- package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
- package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
- package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
- package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
- package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
- package/templates/default/manifest.toml +388 -2
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.client-bundle-pruning-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: client-bundle-pruning-review
|
|
9
|
+
description: Apply this skill when frontend or web client JavaScript/CSS bundles, first-route JS, route chunks, shared vendor chunks, tree shaking, ESM versus CommonJS dependencies, barrel files, package exports, sideEffects metadata, PURE annotations, Next.js use-client boundaries, Server Components, dynamic imports, React lazy, Angular defer, Vue route lazy loading, package import modularization, icon imports, date locales, syntax highlighters, code editors, Node polyfills, browser targets, Babel polyfills, dev-only branches, console stripping, Rollup manualChunks, Vite modulepreload, Tailwind class extraction, or inline asset rules need review for bundle-size, dead-code elimination, dependency-bloat, or initial-JS budget risk.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.client-bundle-pruning-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Client Bundle Pruning Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review frontend bundle weight by finding code shapes that keep bundlers from deleting unused client code, not by repeating generic advice about compression, images, or code splitting.
|
|
33
|
+
|
|
34
|
+
The review question is not "is code splitting enabled?" It is "which imports, package entrypoints, module formats, side-effect claims, client boundaries, polyfills, and chunk rules force unused code into the first route or shared vendor bundle?"
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- A frontend route, web app, package, design system, component library, framework config, bundler config, or dependency change may alter client JavaScript, CSS, route chunks, shared vendor chunks, or first-route bundle size.
|
|
40
|
+
- Code touches imports, package entrypoints, `exports`, `main`, `module`, `browser`, `sideEffects`, barrel files, CJS/ESM package choices, tree shaking, Rollup/Vite/Webpack/esbuild settings, Babel targets, browser targets, polyfills, modulepreload, manual chunks, or asset-inline rules.
|
|
41
|
+
- Code touches React, Next.js, Angular, Vue, Svelte, Astro, or similar frontend boundaries that decide whether code ships to the browser, such as `'use client'`, Server Components, dynamic import, `React.lazy`, `next/dynamic`, Angular `@defer`, Vue route lazy loading, or islands.
|
|
42
|
+
- Code introduces or reviews icons, date libraries, locale packs, charts, editors, markdown renderers, syntax highlighters, search libraries, PDF viewers, maps, Node polyfills, Tailwind dynamic classes, or large third-party UI libraries.
|
|
43
|
+
- A review or final report claims smaller bundles, better tree shaking, smaller initial JS, route-level code splitting, modular imports, removed dead code, or reduced dependency weight.
|
|
44
|
+
|
|
45
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
46
|
+
## Do Not Use When
|
|
47
|
+
|
|
48
|
+
- The task is only first paint, LCP, CLS, TTFB, critical CSS, font loading, media priority, CDN cache, resource hints, route prefetching, or long main-thread work; use `web-render-performance-review` first and this skill only if client bundle pruning is a concrete cause.
|
|
49
|
+
- The task is only broad performance budgeting, measurement design, p95/p99 latency, throughput, memory, or backend cost; use `performance-budget-check`.
|
|
50
|
+
- The task is only adding, converting, resizing, or replacing raster image files; use `web-asset-optimization`.
|
|
51
|
+
- The task is only JavaScript or TypeScript runtime behavior with no client bundle, import graph, module format, dependency, or bundler-output risk; use the matching language skill.
|
|
52
|
+
- The needed proof requires an unconfigured bundle analyzer, browser trace, package-manager command, dev server, or build plugin installation. Report the missing measurement or tooling boundary instead of inventing raw commands.
|
|
53
|
+
|
|
54
|
+
<!-- mustflow-section: required-inputs -->
|
|
55
|
+
## Required Inputs
|
|
56
|
+
|
|
57
|
+
- Bundle target ledger: app framework, bundler, build target, first entry route, route chunks, shared vendor chunks, CSS output, asset-inline rules, and known bundle budget or analyzer evidence.
|
|
58
|
+
- Entry and import graph ledger: changed imports, barrels, re-exports, subpath imports, dynamic imports, static imports, route imports, client/server boundaries, and dependency paths from the first route.
|
|
59
|
+
- Dependency format ledger: packages touched, ESM/CJS shape, tree-shaking support, package `exports`, `mainFields`, `sideEffects`, `moduleSideEffects`, PURE hints, browser entrypoints, and package version evidence when available.
|
|
60
|
+
- Framework boundary ledger: Next.js Server/Client Component boundary, `next/dynamic`, `optimizePackageImports`, React `lazy`, Angular `@defer`, Vue route lazy loading, Svelte/Astro island or hydration boundary, and whether code is required for first interaction.
|
|
61
|
+
- Heavy-feature ledger: icons, UI component libraries, date locales, syntax highlighters, markdown, editors, charts, maps, PDF viewers, search/fuzzy libraries, Node polyfills, dev-only tools, logs, and CSS utility extraction.
|
|
62
|
+
- Polyfill and target ledger: browser support target, Babel or TypeScript output target, `core-js` usage, Node polyfills, `process` or `Buffer` shims, Vite modulepreload polyfill, and esbuild/Webpack/Rollup define or drop settings.
|
|
63
|
+
- Existing tests, build output, bundle budgets, analyzer screenshots or reports, package metadata checks, and configured command-intent evidence.
|
|
64
|
+
|
|
65
|
+
<!-- mustflow-section: preconditions -->
|
|
66
|
+
## Preconditions
|
|
67
|
+
|
|
68
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
69
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
70
|
+
- Required inputs are available from current files, diffs, docs, configured outputs, or user-provided evidence, or missing inputs can be reported without guessing.
|
|
71
|
+
- If package metadata, library exports, module formats, or public import paths change, also use `typescript-code-change`, `javascript-code-change`, `api-contract-change`, or `dependency-reality-check` as applicable.
|
|
72
|
+
- If a current external vendor behavior claim is needed, verify with source-fresh evidence or report the claim as snapshot-only.
|
|
73
|
+
|
|
74
|
+
<!-- mustflow-section: allowed-edits -->
|
|
75
|
+
## Allowed Edits
|
|
76
|
+
|
|
77
|
+
- Narrow imports, replace CJS-heavy package paths with ESM or subpath imports, remove or avoid barrels on hot paths, add package subpath exports, adjust safe `sideEffects` metadata, add PURE annotations around pure wrapper calls, move client boundaries inward, add dynamic imports or framework deferral for heavy optional features, narrow icon/date/highlighter/editor imports, block unnecessary Node polyfills, modernize browser targets, replace broad polyfill imports, fold dev-only branches, tune chunk rules, bound route prefetch or modulepreload behavior, fix Tailwind extraction shapes, adjust asset-inline thresholds, and add focused tests or docs tied to the bundle contract.
|
|
78
|
+
- Add bundle budget assertions or package metadata checks only when the repository already has a pattern or configured command intent.
|
|
79
|
+
- Keep bundle pruning local to the affected route, package entry, dependency, or bundler rule. Do not migrate frameworks, replace bundlers, add analyzer plugins, add package dependencies, or introduce broad design-system export rewrites without explicit scope and verification support.
|
|
80
|
+
- Do not remove needed side effects, CSS, polyfills, runtime registration, accessibility behavior, localization data, error logging, or public import compatibility merely to make a bundle smaller.
|
|
81
|
+
|
|
82
|
+
<!-- mustflow-section: procedure -->
|
|
83
|
+
## Procedure
|
|
84
|
+
|
|
85
|
+
1. Review first-route JavaScript separately from total build output. Name the route or entry users actually load first, then separate initial JS, route JS, shared vendor JS, CSS, and lazy chunks when evidence exists.
|
|
86
|
+
2. Prefer a failing bundle budget over human memory. If the repository has a budget pattern, enforce initial route JS and shared vendor growth with configured tests or release checks. If no configured budget exists, report the gap instead of inventing analyzer commands.
|
|
87
|
+
3. Suspect non-ESM packages first. Tree shaking depends on static imports and exports; CommonJS `require`, mixed module packages, dynamic require patterns, or ambiguous package entrypoints often keep unused code alive.
|
|
88
|
+
4. Replace broad utility imports. Avoid `import _ from 'lodash'`, broad date imports, or whole-library namespace imports on client paths when ESM or function-level imports preserve behavior.
|
|
89
|
+
5. Audit barrel files on hot client paths. `export *` design-system or icon barrels can force bundlers to inspect or include too much. Prefer direct subpath imports when the package owns that contract.
|
|
90
|
+
6. Split internal package exports by feature. Provide stable subpath exports such as component, icon, or helper entrypoints when `@scope/ui` as a single entry drags unrelated modules into client bundles.
|
|
91
|
+
7. Set `sideEffects` metadata carefully. Use `false` only when modules are truly side-effect-free, and preserve CSS imports, polyfills, global registrations, telemetry setup, and plugin initialization through an allowlist.
|
|
92
|
+
8. Treat Rollup or Vite `moduleSideEffects: false` as dangerous by default. Use a function or allowlist when CSS, polyfills, custom elements, plugin registration, or global patches exist.
|
|
93
|
+
9. Add PURE annotations only for pure wrapper calls. React `memo`, `forwardRef`, higher-order component factories, icon factories, and generated component wrappers may need `/* @__PURE__ */`, but never mark a call pure unless its arguments and call have no required side effects.
|
|
94
|
+
10. Move client boundaries inward. In Next.js style apps, avoid putting `'use client'` on pages, layouts, or broad shells when only a small search box, menu, chart, or control needs browser state.
|
|
95
|
+
11. Use Server Components or server-only code as a deletion boundary. Keep markdown parsing, CMS transforms, price formatting, permission checks, data shaping, and server-safe library use out of Client Components when interactivity does not require them.
|
|
96
|
+
12. Keep dynamic imports statically analyzable. `next/dynamic` and similar APIs need explicit import strings at module top level when preloading or chunk naming depends on static analysis.
|
|
97
|
+
13. Declare `React.lazy` and similar lazy components outside render functions. Recreating lazy definitions during render can reset state and blur split boundaries.
|
|
98
|
+
14. Lazy-load optional heavy widgets. Modals, charts, editors, maps, search, PDF viewers, markdown preview, syntax highlighting, and admin-only panels should not enter initial JS unless they are visible and necessary at first load.
|
|
99
|
+
15. Move external library imports to the event or visibility point when safe. Search libraries can load on focus or input, charts on tab open, maps on section reveal, markdown preview on preview mode, and editors on edit intent.
|
|
100
|
+
16. Use Angular `@defer`, Vue route lazy loading, Svelte/Astro islands, or framework-native deferral when that framework is present. Confirm the dependencies are not also imported eagerly outside the deferred boundary.
|
|
101
|
+
17. Use import modularization options cautiously. Next.js `optimizePackageImports` or equivalent compiler transforms can help large export surfaces, but verify the actual output and do not treat an experimental option as proof.
|
|
102
|
+
18. Audit icon imports. Prefer per-icon imports, stable subpath imports, or build-time SVG sprites over package roots or barrels that can pull an icon catalog into client JS.
|
|
103
|
+
19. Audit date locales. Import only needed locales, prefer platform `Intl` when it is enough, and keep server-format-able date work off the client path.
|
|
104
|
+
20. Split syntax highlighters, markdown processors, and code editors by language, mode, or worker boundary. Do not ship every grammar, theme, plugin, or editor worker for one small code block.
|
|
105
|
+
21. Avoid accidental Node polyfills in browser bundles. Do not fix `crypto`, `stream`, `buffer`, `process`, or `path` resolution errors by adding browser shims unless the browser feature truly needs them; prefer false fallbacks or server-only boundaries when possible.
|
|
106
|
+
22. Modernize browser targets only with product support evidence. Too-low Babel or TypeScript targets can inject helper and polyfill overhead; too-high targets can break real users.
|
|
107
|
+
23. Replace broad Babel polyfill imports. Avoid whole `core-js/stable` or blanket polyfill entrypoints when target-aware `preset-env` or explicit feature polyfills can cover the supported browsers.
|
|
108
|
+
24. Ensure dev-only branches fold at build time. `process.env.NODE_ENV`, `__DEV__`, `import.meta.env.DEV`, feature labels, and debug helpers must become constants for dead-code elimination to remove dev tooling.
|
|
109
|
+
25. Remove console calls safely. Do not blindly drop all console calls when arguments may have side effects. Prefer logging wrappers or pure-log configuration that preserves required argument behavior.
|
|
110
|
+
26. Avoid one giant vendor chunk. Manual chunk rules that put all `node_modules` in one vendor bundle can pull charts, editors, maps, and admin-only code into the first route and can change side-effect timing.
|
|
111
|
+
27. Check Vite modulepreload behavior. Disable the modulepreload polyfill only when supported browser targets make that safe; avoid preloading lazy route or widget chunks that are not needed soon.
|
|
112
|
+
28. Keep Tailwind and utility extraction finite. Avoid dynamic class string construction that production extraction cannot see, and avoid broad safelists that inflate CSS. Prefer complete static class strings or constrained maps.
|
|
113
|
+
29. Check inline asset thresholds. Large SVGs, fonts, or images inlined into JavaScript increase parse and transfer cost; use separate resources unless the asset is small and truly critical.
|
|
114
|
+
30. Label evidence honestly. If no configured bundle analyzer, budget, build output, or package-size proof exists, report the result as static import-graph risk or missing measurement, not a measured bundle reduction.
|
|
115
|
+
|
|
116
|
+
<!-- mustflow-section: postconditions -->
|
|
117
|
+
## Postconditions
|
|
118
|
+
|
|
119
|
+
- First-route JS, route chunks, shared vendor chunks, package entrypoints, imports, barrels, side effects, client/server boundaries, dynamic imports, heavy optional features, polyfills, targets, chunk rules, CSS extraction, and inline assets are explicit where relevant.
|
|
120
|
+
- CJS-heavy imports, broad package roots, hot-path barrels, missing subpath exports, unsafe side-effect metadata, missing PURE hints, broad client boundaries, eager heavy widgets, event-time libraries, icon catalogs, date locale packs, highlighter/editor language packs, Node polyfills, old browser targets, broad polyfills, un-folded dev code, unsafe console drops, giant vendor chunks, modulepreload spam, dynamic Tailwind classes, broad safelists, and large inline assets are fixed or reported.
|
|
121
|
+
- Bundle-size claims are backed by current configured evidence or labeled as static import-graph risk, manual-only measurement, or missing evidence.
|
|
122
|
+
- Public import compatibility, CSS, polyfills, localization, accessibility, logging semantics, and framework behavior remain intact or are reported as tradeoffs.
|
|
123
|
+
|
|
124
|
+
<!-- mustflow-section: verification -->
|
|
125
|
+
## Verification
|
|
126
|
+
|
|
127
|
+
Use configured oneshot command intents when available:
|
|
128
|
+
|
|
129
|
+
- `changes_status`
|
|
130
|
+
- `changes_diff_summary`
|
|
131
|
+
- `lint`
|
|
132
|
+
- `build`
|
|
133
|
+
- `test_related`
|
|
134
|
+
- `test`
|
|
135
|
+
- `docs_validate_fast`
|
|
136
|
+
- `test_release`
|
|
137
|
+
- `mustflow_check`
|
|
138
|
+
|
|
139
|
+
Use the narrowest configured test, build, docs, release, or mustflow intent that covers the changed import graph, package metadata, route boundary, or bundler behavior. Use bundle analyzers, browser traces, dev servers, package-manager commands, or plugin installation only when they are configured one-shot intents or explicitly approved by the user.
|
|
140
|
+
|
|
141
|
+
<!-- mustflow-section: failure-handling -->
|
|
142
|
+
## Failure Handling
|
|
143
|
+
|
|
144
|
+
- If bundle evidence is missing, avoid adding speculative chunk rules or package rewrites; report the missing budget or analyzer evidence.
|
|
145
|
+
- If a configured test or build fails, preserve the failing intent and output tail, then fix only the import, package, bundler, or framework boundary exercised by the failure.
|
|
146
|
+
- If pruning would break public import paths, CSS side effects, polyfills, localization, or runtime registrations, keep behavior intact and report the tradeoff or migration path.
|
|
147
|
+
- If a fix requires package replacement, dependency installation, framework upgrade, bundler migration, or unconfigured analyzer tooling, stop and report the missing product or command-contract decision.
|
|
148
|
+
- If verification fails after a bundle-pruning change, use `failure-triage` before broadening the fix.
|
|
149
|
+
|
|
150
|
+
<!-- mustflow-section: output-format -->
|
|
151
|
+
## Output Format
|
|
152
|
+
|
|
153
|
+
- Client bundle surface reviewed
|
|
154
|
+
- First-route JS, route chunk, and shared vendor evidence
|
|
155
|
+
- Import graph, package entry, side-effect, client boundary, lazy-loading, polyfill, target, chunk, CSS extraction, and inline asset ledgers
|
|
156
|
+
- Findings or fixes
|
|
157
|
+
- Evidence level: measured, configured-test evidence, static import-graph risk, manual-only, missing, or not applicable
|
|
158
|
+
- Command intents run
|
|
159
|
+
- Skipped bundle measurements and reasons
|
|
160
|
+
- Remaining client-bundle pruning risk
|
|
@@ -0,0 +1,321 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.cloud-cost-guardrail-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: cloud-cost-guardrail-review
|
|
9
|
+
description: Apply this skill when cloud, infrastructure, Kubernetes, serverless, database, storage, logging, telemetry, CDN, NAT, egress, autoscaling, quota, budget, tagging, snapshot, container registry, Marketplace, LLM API, or third-party SaaS usage is created, changed, reviewed, or reported and the risk is whether spend can silently explode without account, project, quota, tag, lifecycle, retention, cap, or automated shutoff guardrails.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.cloud-cost-guardrail-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Cloud Cost Guardrail Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review cloud cost risk as a blast-radius and guardrail problem, not as "use a smaller server."
|
|
33
|
+
|
|
34
|
+
Cloud bills usually explode through side channels: logs, NAT, egress, snapshots, autoscaling,
|
|
35
|
+
external IPs, container images, metrics cardinality, database storage growth, object lifecycle,
|
|
36
|
+
Marketplace products, LLM APIs, and forgotten temporary resources. This skill makes the agent check
|
|
37
|
+
whether a change has budget signals, hard or automated stops where safe, spend attribution, quotas,
|
|
38
|
+
lifecycle cleanup, and service-specific caps before the bill becomes the first alarm.
|
|
39
|
+
|
|
40
|
+
<!-- mustflow-section: use-when -->
|
|
41
|
+
## Use When
|
|
42
|
+
|
|
43
|
+
- A change touches cloud accounts, projects, subscriptions, environments, regions, availability
|
|
44
|
+
zones, VPCs, NAT, load balancers, CDN, object storage, block storage, databases, backups,
|
|
45
|
+
snapshots, logs, metrics, traces, Kubernetes clusters, serverless functions, containers,
|
|
46
|
+
registries, batch jobs, GPU or high-memory compute, AI/LLM providers, Marketplace products, or
|
|
47
|
+
third-party SaaS integrations.
|
|
48
|
+
- A review needs to decide whether non-production, experiments, review apps, customer-specific
|
|
49
|
+
environments, or temporary resources can keep spending after the owner forgets them.
|
|
50
|
+
- A code, infrastructure, runbook, or docs change claims that a cloud setup is cheap, bounded,
|
|
51
|
+
safe for experiments, cost-aware, FinOps-ready, or protected by budgets, quotas, alerts, or tags.
|
|
52
|
+
|
|
53
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
54
|
+
## Do Not Use When
|
|
55
|
+
|
|
56
|
+
- The task is primarily request latency or CPU work; use `api-request-performance-review`,
|
|
57
|
+
`hot-path-performance-review`, or `performance-budget-check` first, then use this skill only for
|
|
58
|
+
provider-billed resource growth.
|
|
59
|
+
- The main risk is LLM request payload token spend, provider prompt-cache hit rate, chat-history
|
|
60
|
+
bloat, RAG context size, model routing cost, reasoning budget, retry replay, or cost-per-success
|
|
61
|
+
telemetry inside model calls; use `llm-token-cost-control-review`.
|
|
62
|
+
- The task is primarily incident debugging; use `incident-triage-review` first and return here only
|
|
63
|
+
when the fix changes cost guardrails.
|
|
64
|
+
- The task is primarily security or privacy of cloud resources; use `security-privacy-review` or a
|
|
65
|
+
narrower security skill first, then use this skill for spend blast radius.
|
|
66
|
+
- The task only changes local development code with no cloud, provider, telemetry, storage,
|
|
67
|
+
network, external API, or deployable infrastructure surface.
|
|
68
|
+
|
|
69
|
+
<!-- mustflow-section: required-inputs -->
|
|
70
|
+
## Required Inputs
|
|
71
|
+
|
|
72
|
+
- Cost surface ledger: every changed cloud service, account, project, subscription, region, AZ,
|
|
73
|
+
namespace, environment, provider API, external SaaS, billing owner, and cost-bearing data path.
|
|
74
|
+
- Budget model: actual and forecast alert thresholds, alert recipients, escalation route, and
|
|
75
|
+
whether an automated non-production action can safely scale down, disable, or delete resources.
|
|
76
|
+
- Isolation model: account, project, subscription, tenant, environment, customer, namespace, and
|
|
77
|
+
quota boundaries that limit the blast radius of experiments or bugs.
|
|
78
|
+
- Quota and cap model: service quotas, autoscaling maximums, serverless concurrency, Kubernetes
|
|
79
|
+
`ResourceQuota` and `LimitRange`, GPU or high-cost VM limits, database storage growth limits, and
|
|
80
|
+
external API request or token caps.
|
|
81
|
+
- Attribution model: required tag or label keys, allowed values, cost allocation activation,
|
|
82
|
+
owner and expiration fields, and behavior for untagged or invalidly tagged resources.
|
|
83
|
+
- Network cost model: NAT, private endpoints, VPC endpoints, Private Google Access-style paths,
|
|
84
|
+
internet egress, cross-AZ transfer, cross-region transfer, public IPv4, load balancer, CDN, and
|
|
85
|
+
cache-hit assumptions.
|
|
86
|
+
- Telemetry cost model: log ingest, log class or bucket, retention, audit and flow logs, metric
|
|
87
|
+
cardinality, trace sampling, alerting, and telemetry self-monitoring.
|
|
88
|
+
- Storage lifecycle model: object lifecycle rules, minimum storage duration, small-object risk,
|
|
89
|
+
block volume type, snapshot retention, archive policy, database storage autoscaling behavior,
|
|
90
|
+
container registry cleanup, and backup ownership.
|
|
91
|
+
- Commitment model: Savings Plans, Reserved Instances, committed use discounts, spot or
|
|
92
|
+
preemptible workloads, and which stable baseline spend remains after cleanup and rightsizing.
|
|
93
|
+
|
|
94
|
+
<!-- mustflow-section: preconditions -->
|
|
95
|
+
## Preconditions
|
|
96
|
+
|
|
97
|
+
- The cost-bearing surface is in scope for the current task, or the user explicitly asked for cost
|
|
98
|
+
guardrail review.
|
|
99
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
|
|
100
|
+
current scope.
|
|
101
|
+
- Live cloud consoles, billing APIs, production dashboards, provider CLIs, and destructive
|
|
102
|
+
shutdown or delete actions are treated as manual-only unless a configured command intent permits
|
|
103
|
+
them.
|
|
104
|
+
- Missing pricing, quota, tag, or billing evidence can be reported without inventing current
|
|
105
|
+
provider prices.
|
|
106
|
+
|
|
107
|
+
<!-- mustflow-section: allowed-edits -->
|
|
108
|
+
## Allowed Edits
|
|
109
|
+
|
|
110
|
+
- Add or tighten cost guardrail docs, infrastructure policy files, review checklists, tag schemas,
|
|
111
|
+
quota notes, budget-action runbooks, cleanup rules, retention defaults, autoscale caps, registry
|
|
112
|
+
lifecycle policies, and focused tests when they match the repository style.
|
|
113
|
+
- Add local code guards for provider request caps, token caps, maximum instances, storage TTL,
|
|
114
|
+
retention defaults, safe tag validation, or cost attribution when the task scope includes the
|
|
115
|
+
owning code.
|
|
116
|
+
- Replace broad "monitor costs" guidance with explicit cost surfaces, thresholds, owners, actions,
|
|
117
|
+
caps, lifecycle rules, and manual-only boundaries.
|
|
118
|
+
- Do not add a new cloud provider, billing integration, production shutdown bot, live provider
|
|
119
|
+
command, background cleanup worker, or destructive policy outside the configured command contract.
|
|
120
|
+
- Do not store billing exports, customer identifiers, secrets, provider account ids, raw logs, or
|
|
121
|
+
private usage data in repository docs or tests.
|
|
122
|
+
|
|
123
|
+
<!-- mustflow-section: procedure -->
|
|
124
|
+
## Procedure
|
|
125
|
+
|
|
126
|
+
1. Build the cost surface ledger.
|
|
127
|
+
List every cost-bearing resource or data path touched by the change. Include compute, GPU,
|
|
128
|
+
serverless, Kubernetes nodes, databases, block storage, object storage, snapshots, container
|
|
129
|
+
registries, NAT, egress, load balancers, public IPs, CDN, logs, metrics, traces, Marketplace,
|
|
130
|
+
AI/LLM APIs, and third-party SaaS calls. Mark unknown surfaces as missing evidence.
|
|
131
|
+
|
|
132
|
+
2. Separate alerts from stops.
|
|
133
|
+
Budget alerts are signals, not circuit breakers. Check whether actual and forecast thresholds
|
|
134
|
+
exist at multiple levels such as 25, 50, 75, 90, and 100 percent, and whether non-production
|
|
135
|
+
environments have safe automated actions such as scale-to-zero, disable, pause, or owner paging.
|
|
136
|
+
Report when production needs manual approval instead of automatic destruction.
|
|
137
|
+
|
|
138
|
+
3. Reject imaginary provider spending limits.
|
|
139
|
+
Do not assume a general cloud account stops charging at the budget. Verify whether the platform
|
|
140
|
+
has a real hard spending limit for the exact subscription or account type. If it does not, require
|
|
141
|
+
quotas, caps, alerts, and safe automation instead of treating budgets as a hard stop.
|
|
142
|
+
|
|
143
|
+
4. Split billing blast radius.
|
|
144
|
+
Keep development, staging, production, experiments, customer-specific environments, and review
|
|
145
|
+
apps in separate accounts, projects, subscriptions, namespaces, or quota domains where possible.
|
|
146
|
+
A cost incident is worse when nobody can attribute or stop the offending slice.
|
|
147
|
+
|
|
148
|
+
5. Treat quotas as card limits.
|
|
149
|
+
Review service quotas for GPU, high-cost VMs, NAT, public IPs, load balancers, serverless
|
|
150
|
+
concurrency, container nodes, database storage, and expensive managed services. Prefer low
|
|
151
|
+
defaults and explicit increases over wide-open quotas that turn a bug into a bill.
|
|
152
|
+
|
|
153
|
+
6. Enforce required tags before creation.
|
|
154
|
+
Require a small controlled taxonomy such as `owner`, `env`, `service`, `cost_center`,
|
|
155
|
+
`expires_at`, and `data_class` when those concepts exist locally. Check case sensitivity and
|
|
156
|
+
allowed values. Report if cost allocation tags or labels must be activated before they are useful
|
|
157
|
+
in billing reports.
|
|
158
|
+
|
|
159
|
+
7. Give temporary resources an expiration.
|
|
160
|
+
Review review apps, test databases, temporary buckets, experimental GPUs, batch clusters, and
|
|
161
|
+
one-off environments for `expires_at`, owner, cleanup scope, and daily cleanup evidence. A manual
|
|
162
|
+
"remember to delete" note is not a guardrail.
|
|
163
|
+
|
|
164
|
+
8. Shut down the whole non-production stack.
|
|
165
|
+
Night and weekend scheduling should cover databases, NAT, load balancers, search clusters, Redis,
|
|
166
|
+
logging pipelines, dev Kubernetes node groups, disks, and public IPs, not only VMs. Report hidden
|
|
167
|
+
always-on services that keep charging after compute is stopped.
|
|
168
|
+
|
|
169
|
+
9. Cap autoscaling and concurrency.
|
|
170
|
+
Autoscaling is a spend multiplier. Check maximum instance counts, serverless concurrency,
|
|
171
|
+
queue-worker limits, batch parallelism, retry concurrency, and deployment surge settings. Missing
|
|
172
|
+
maximums are cost-risk findings even when autoscaling is useful.
|
|
173
|
+
|
|
174
|
+
10. Bound Kubernetes namespaces.
|
|
175
|
+
Require `ResourceQuota` and `LimitRange` or an equivalent policy when Kubernetes workloads can
|
|
176
|
+
create pods, jobs, PVCs, or high resource requests. Review CPU and memory requests because
|
|
177
|
+
inflated requests can trigger autoscaler node growth even when real usage is low.
|
|
178
|
+
|
|
179
|
+
11. Remove avoidable NAT tolls.
|
|
180
|
+
Check whether private workloads call cloud-native object storage, NoSQL, container registries,
|
|
181
|
+
or provider APIs through NAT when a private endpoint, gateway endpoint, or private API access
|
|
182
|
+
path exists. NAT hourly, processed-byte, and external IP charges should be explicit.
|
|
183
|
+
|
|
184
|
+
12. Account for data transfer.
|
|
185
|
+
Same-cloud traffic is not automatically free. Review internet egress, CDN origin traffic,
|
|
186
|
+
cross-AZ traffic, cross-region traffic, database-to-app placement, cache placement, and large
|
|
187
|
+
API responses. High-traffic services need deliberate AZ and cache decisions.
|
|
188
|
+
|
|
189
|
+
13. Audit public IPv4 and idle addresses.
|
|
190
|
+
Treat public IPv4 addresses, Elastic IPs, static external IPs, and load-balancer addresses as
|
|
191
|
+
billable inventory. Require an owner, purpose, and cleanup path for idle or detached addresses.
|
|
192
|
+
|
|
193
|
+
14. Use CDN and caches as cost controls.
|
|
194
|
+
Review cacheable assets, downloads, public API responses, image transforms, and CDN keys.
|
|
195
|
+
Cache hit rate, origin egress, purge behavior, and personalized-response safety should be known
|
|
196
|
+
before claiming CDN savings.
|
|
197
|
+
|
|
198
|
+
15. Control log ingest before retention.
|
|
199
|
+
Log volume can charge before storage retention matters. Split hot operational logs from audit or
|
|
200
|
+
forensic logs where the provider supports classes or buckets. Review log level, duplicate stack
|
|
201
|
+
traces, flow logs, NAT logs, load-balancer logs, Kubernetes audit logs, sampling, and retention.
|
|
202
|
+
|
|
203
|
+
16. Protect metric cardinality.
|
|
204
|
+
Reject unbounded labels such as raw user id, request id, email, raw URL path, tenant id without
|
|
205
|
+
budgeted bounds, SQL text, or arbitrary error messages. Metrics are for grouping; logs are for
|
|
206
|
+
lookup. Track billable metric growth where the telemetry backend exposes it.
|
|
207
|
+
|
|
208
|
+
17. Lifecycle object storage deliberately.
|
|
209
|
+
Add lifecycle rules for TTL, old versions, multipart uploads, storage class transitions, and
|
|
210
|
+
delete markers. Check minimum storage duration and small-object minimum billable size before
|
|
211
|
+
moving tiny or short-lived objects to colder classes.
|
|
212
|
+
|
|
213
|
+
18. Review block storage and snapshots.
|
|
214
|
+
Check volume type, provisioned IOPS, provisioned throughput, unattached disks, snapshot
|
|
215
|
+
retention, archive policy, and snapshot reference behavior. Snapshots are backup evidence and a
|
|
216
|
+
cost landfill unless retention and restore ownership are explicit.
|
|
217
|
+
|
|
218
|
+
19. Treat database storage growth as sticky.
|
|
219
|
+
Database autoscaling, logs, imports, temp tables, indexes, and replicas can grow storage that is
|
|
220
|
+
expensive or impossible to shrink in place. Require growth alarms, import runbooks, cleanup
|
|
221
|
+
paths, and restore or rebuild notes for large storage spikes.
|
|
222
|
+
|
|
223
|
+
20. Clean container registries.
|
|
224
|
+
CI can push images on every commit. Require lifecycle policies for untagged images, old tags,
|
|
225
|
+
branch preview images, cache layers, SBOMs, and build artifacts. Keep rollback images intentionally
|
|
226
|
+
retained and garbage-collect the rest.
|
|
227
|
+
|
|
228
|
+
21. Buy commitments last.
|
|
229
|
+
Savings Plans, Reserved Instances, committed use discounts, and long-term reservations should
|
|
230
|
+
follow idle cleanup, scheduling, rightsizing, storage cleanup, NAT reduction, and log reduction.
|
|
231
|
+
Report commitment risk when the workload baseline is not proven stable.
|
|
232
|
+
|
|
233
|
+
22. Use spot or preemptible only for retryable work.
|
|
234
|
+
Cheap interruptible capacity fits queues, batch, CI, image processing, and analytics that can
|
|
235
|
+
retry safely. Do not treat it as safe for single databases, single Redis instances, singleton
|
|
236
|
+
search nodes, or stateful components without replication and recovery.
|
|
237
|
+
|
|
238
|
+
23. Monitor Marketplace, LLM, and SaaS costs separately.
|
|
239
|
+
Provider anomaly tools may not cover every third-party charge. AI models, vector search,
|
|
240
|
+
external APIs, observability vendors, security scanners, and Marketplace products need product
|
|
241
|
+
limits, usage attribution, owner alerts, and kill switches when they can spend independently of
|
|
242
|
+
compute.
|
|
243
|
+
|
|
244
|
+
24. Build a cost stop runbook.
|
|
245
|
+
Name the cheapest safe stop for each environment: scale service to zero, pause workers, disable
|
|
246
|
+
feature flag, lower concurrency, block provider calls, close public ingress, stop batch schedule,
|
|
247
|
+
delete temporary resources, or page an owner. Separate non-production automation from production
|
|
248
|
+
manual approval.
|
|
249
|
+
|
|
250
|
+
<!-- mustflow-section: postconditions -->
|
|
251
|
+
## Postconditions
|
|
252
|
+
|
|
253
|
+
- The cost-bearing resources, owners, billing boundaries, alert thresholds, automated or manual stop
|
|
254
|
+
paths, quotas, caps, tags, lifecycle rules, retention choices, and manual cloud evidence boundaries
|
|
255
|
+
are explicit.
|
|
256
|
+
- Hidden spend channels such as NAT, egress, logs, high-cardinality metrics, public IPs, snapshots,
|
|
257
|
+
DB storage growth, registry images, temporary resources, Marketplace, LLM APIs, and SaaS usage are
|
|
258
|
+
fixed, bounded, or reported.
|
|
259
|
+
- Template, route, i18n, package, docs, and tests remain synchronized when this skill is edited or
|
|
260
|
+
installed.
|
|
261
|
+
|
|
262
|
+
## Review Checklist
|
|
263
|
+
|
|
264
|
+
- Budget alerts cover actual and forecast spend at multiple thresholds, and non-production has a
|
|
265
|
+
safe action path.
|
|
266
|
+
- Account, project, subscription, namespace, environment, customer, and experiment boundaries limit
|
|
267
|
+
blast radius.
|
|
268
|
+
- Expensive service quotas, autoscale maxima, serverless concurrency, Kubernetes ResourceQuota, and
|
|
269
|
+
LimitRange controls are present or consciously deferred.
|
|
270
|
+
- Required tags or labels are enforced before creation and include owner, environment, service,
|
|
271
|
+
cost center, expiration, and data class where relevant.
|
|
272
|
+
- NAT, private endpoint, public IPv4, egress, cross-AZ, cross-region, CDN, and cache cost paths are
|
|
273
|
+
explicit.
|
|
274
|
+
- Log ingest, retention, flow or audit logs, metric cardinality, trace sampling, and telemetry
|
|
275
|
+
self-cost signals are controlled.
|
|
276
|
+
- Object lifecycle, storage class minimums, block volume type, snapshots, database storage growth,
|
|
277
|
+
and container registry cleanup have owners and retention rules.
|
|
278
|
+
- Commitments are based on cleaned-up stable baseline spend, and spot or preemptible usage is
|
|
279
|
+
restricted to retryable workloads.
|
|
280
|
+
- Marketplace, LLM, and SaaS spend has attribution, caps, owner alerts, and kill switches.
|
|
281
|
+
|
|
282
|
+
<!-- mustflow-section: verification -->
|
|
283
|
+
## Verification
|
|
284
|
+
|
|
285
|
+
Prefer the narrowest configured mustflow command intent that covers the changed surface:
|
|
286
|
+
|
|
287
|
+
- `test_related` for local tests around tag validation, budget policy files, config caps,
|
|
288
|
+
lifecycle defaults, provider usage limits, or cost attribution code.
|
|
289
|
+
- `lint` or `build` when infrastructure-as-code, generated policy, or typed config surfaces changed.
|
|
290
|
+
- `docs_validate_fast` when runbooks, skills, or cost guardrail docs changed.
|
|
291
|
+
- `test_release` when package/template/release surfaces changed.
|
|
292
|
+
- `mustflow_check` before finishing broad mustflow-owned changes.
|
|
293
|
+
|
|
294
|
+
Do not infer live cloud billing checks, provider CLI calls, production shutdowns, dashboard queries,
|
|
295
|
+
or destructive cleanup outside the command contract. Report those as manual-only or missing.
|
|
296
|
+
|
|
297
|
+
<!-- mustflow-section: failure-handling -->
|
|
298
|
+
## Failure Handling
|
|
299
|
+
|
|
300
|
+
- If the cloud provider, account, project, subscription, or environment boundary is unknown, report
|
|
301
|
+
the missing blast-radius evidence instead of claiming the cost is bounded.
|
|
302
|
+
- If pricing or quota facts are time-sensitive and not locally available, avoid exact price claims
|
|
303
|
+
and state which provider billing evidence must be checked manually.
|
|
304
|
+
- If a budget alert exists without an action path, classify it as notification-only, not a stop.
|
|
305
|
+
- If an automated shutdown would risk production data, payments, customer traffic, or compliance,
|
|
306
|
+
require manual approval and name a safer cap or throttle.
|
|
307
|
+
- If a configured command fails after cost docs, tests, or templates change, preserve the failing
|
|
308
|
+
intent and use `failure-triage` before further edits.
|
|
309
|
+
|
|
310
|
+
<!-- mustflow-section: output-format -->
|
|
311
|
+
## Output Format
|
|
312
|
+
|
|
313
|
+
When reporting a review or change, include:
|
|
314
|
+
|
|
315
|
+
- Skills used.
|
|
316
|
+
- Cost surfaces and billing boundaries reviewed.
|
|
317
|
+
- Budget, quota, tag, lifecycle, retention, autoscale, Kubernetes, network, telemetry, storage,
|
|
318
|
+
registry, commitment, spot, Marketplace, LLM, and SaaS guardrails found or added.
|
|
319
|
+
- Manual-only provider billing checks or destructive stop actions.
|
|
320
|
+
- Verification commands run and their result.
|
|
321
|
+
- Remaining cloud-cost guardrail risk.
|