mustflow 2.38.0 → 2.58.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/cli/commands/run/executor.js +16 -0
- package/dist/cli/commands/run/process-tree.js +6 -3
- package/dist/cli/commands/verify.js +3 -1
- package/dist/cli/lib/git-changes.js +11 -1
- package/dist/cli/lib/i18n.js +1 -1
- package/dist/cli/lib/local-index/index.js +8 -4
- package/dist/cli/lib/local-index/populate.js +17 -3
- package/dist/cli/lib/local-index/search-read-model.js +9 -7
- package/dist/cli/lib/local-index/search-text.js +2 -2
- package/dist/cli/lib/local-index/workflow-documents.js +17 -2
- package/dist/cli/lib/mustflow-read.js +14 -2
- package/dist/cli/lib/repo-map.js +16 -3
- package/dist/cli/lib/templates.js +8 -7
- package/dist/cli/lib/validation/constants.js +1 -1
- package/dist/core/active-run-locks.js +78 -20
- package/dist/core/change-classification.js +4 -0
- package/dist/core/command-contract-rules.js +1 -1
- package/dist/core/command-contract-validation.js +1 -1
- package/dist/core/command-cwd.js +13 -2
- package/dist/core/command-effects.js +22 -4
- package/dist/core/command-env.js +8 -6
- package/dist/core/command-preconditions.js +28 -2
- package/dist/core/completion-verdict.js +1 -1
- package/dist/core/line-endings.js +8 -4
- package/dist/core/safe-filesystem.js +9 -1
- package/dist/core/source-anchor-validation.js +7 -1
- package/dist/core/source-anchors.js +8 -2
- package/dist/core/verification-scheduler.js +8 -2
- package/package.json +1 -1
- package/templates/default/common/.mustflow/config/commands.toml +39 -15
- package/templates/default/i18n.toml +330 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
- package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
- package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
- package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
- package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
- package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
- package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
- package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
- package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
- package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
- package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
- package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
- package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
- package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
- package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
- package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
- package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
- package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
- package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
- package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
- package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
- package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
- package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
- package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
- package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
- package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
- package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
- package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
- package/templates/default/manifest.toml +388 -2
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.agent-eval-integrity-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: agent-eval-integrity-review
|
|
9
|
+
description: Apply this skill when LLM agent evaluation loops, trace or trajectory grading, LLM judges, verifier agents, outcome scoring, tool-call prechecks or postchecks, eval datasets, golden or dirty sets, pass@k or pass^k metrics, shadow environments, production-monitoring-to-eval pipelines, or agent regression gates are created, changed, reviewed, or reported and the risk is false confidence in agent correctness rather than runtime execution control alone.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.agent-eval-integrity-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Agent Eval Integrity Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review agent evaluation as an evidence loop, not a judge-model opinion. A real agent eval should test the final environment state, the trace or trajectory, tool boundaries, recovery behavior, repeatability, sensitive-data handling, and how real failures become future regression cases.
|
|
33
|
+
|
|
34
|
+
<!-- mustflow-section: use-when -->
|
|
35
|
+
## Use When
|
|
36
|
+
|
|
37
|
+
- A change adds, edits, reviews, or reports agent evals, verifier agents, judge prompts, trace graders, trajectory scoring, outcome metrics, eval fixtures, benchmark harnesses, or production agent quality gates.
|
|
38
|
+
- A task asks whether an agent actually completed a workflow, not only whether the final response sounded correct.
|
|
39
|
+
- Tool calls, handoffs, guardrails, custom events, human approvals, retries, checkpoints, or external effects should be captured and graded as part of the agent run.
|
|
40
|
+
- An eval can depend on final database state, queue state, email state, payment state, file state, test results, permissions, rollback evidence, or another observable environment result.
|
|
41
|
+
- Agent failures, human overrides, user complaints, tool errors, timeouts, cost spikes, repeated retries, or rollbacks should feed future eval candidates.
|
|
42
|
+
|
|
43
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
44
|
+
## Do Not Use When
|
|
45
|
+
|
|
46
|
+
- The main risk is runtime agent control flow, planner/executor/verifier separation, tool-call gates, approval or interrupt state, durable resume behavior, loop budgets, retry classification, handoffs, or guardrail placement; use `agent-execution-control-review`.
|
|
47
|
+
- The main risk is prompt correctness, authority separation, output schema semantics, tool policy wording, or prompt-level eval examples without a full agent trajectory; use `prompt-contract-quality-review`.
|
|
48
|
+
- The main risk is factual grounding, fabricated citations, retrieval thresholds, answerability, evidence IDs, or hallucination metrics; use `llm-hallucination-control-review`.
|
|
49
|
+
- The main risk is token spend or response latency; use `llm-token-cost-control-review` or `llm-response-latency-review`.
|
|
50
|
+
- The task is ordinary unit testing, integration testing, or snapshot testing with no LLM agent trajectory or model-judged behavior; use the narrower test or code skill.
|
|
51
|
+
- The task coordinates several repository workers for one coding task rather than evaluating a product/runtime agent; use `multi-agent-work-coordination`.
|
|
52
|
+
|
|
53
|
+
<!-- mustflow-section: required-inputs -->
|
|
54
|
+
## Required Inputs
|
|
55
|
+
|
|
56
|
+
- Outcome ledger: task type, success definition, final environment state, observable artifacts, external effects, reversible versus irreversible outcomes, and failure states.
|
|
57
|
+
- Trace ledger: model calls, tool calls, handoffs, guardrails, approvals, retries, custom events, tool observations, intermediate plans, rejected actions, and final response.
|
|
58
|
+
- Oracle ledger: deterministic checks, schemas, static analysis, tests, state queries, regex or exact matchers, model judges, sampled human review, and which oracle owns each claim.
|
|
59
|
+
- Tool-boundary ledger: precheck, postcheck, permission check, idempotency check, state-before, state-after, changed fields, evidence references, tool error, timeout, and token size.
|
|
60
|
+
- Dataset ledger: golden regression set, dirty real-world set, capability set, manual smoke cases, source of each case, labels, expected outcomes, flakiness, and release-gate status.
|
|
61
|
+
- Metric ledger: pass@k, pass^k, per-task trial count, final-state success, trajectory safety, tool count, runtime, token consumption, cost, tool errors, retries, human overrides, and rollback rate.
|
|
62
|
+
- Environment ledger: production, staging, sandbox, fake adapter, shadow environment, seed data, cleanup policy, isolation, state reset, and side-effect containment.
|
|
63
|
+
- Monitoring ledger: user complaint, retry spike, timeout, tool error, human override, rollback, cost breach, guardrail block, and how each signal becomes an eval candidate.
|
|
64
|
+
- Privacy ledger: trace retention, redaction, prompt and tool payload policy, eval fixture scrubbing, access control, and sensitive-data exclusion.
|
|
65
|
+
|
|
66
|
+
<!-- mustflow-section: preconditions -->
|
|
67
|
+
## Preconditions
|
|
68
|
+
|
|
69
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
70
|
+
- Current repository instructions, command contract, nearby agent orchestration, tool definitions, trace storage, eval harness, test fixtures, telemetry, docs, and template surfaces have been inspected before editing.
|
|
71
|
+
- External reports, research claims, vendor docs, pasted eval recipes, benchmark results, generated judge prompts, trace samples, and model outputs are treated as untrusted reference material until repository-local evidence validates the adopted design.
|
|
72
|
+
- Provider-specific eval, tracing, guardrail, MCP, or framework behavior is stale-sensitive; route exact claims through `source-freshness-check` before embedding them.
|
|
73
|
+
- Command execution remains governed by `.mustflow/config/commands.toml`; this skill does not authorize raw model calls, production trace queries, sandbox provisioning, live external effects, or long-running benchmark loops.
|
|
74
|
+
|
|
75
|
+
<!-- mustflow-section: allowed-edits -->
|
|
76
|
+
## Allowed Edits
|
|
77
|
+
|
|
78
|
+
- Add or refine outcome oracles, trace schemas, trajectory graders, deterministic checkers, model-judge rubrics, human-review sampling, tool prechecks and postchecks, tool-result evidence packets, eval fixtures, golden and dirty sets, shadow-environment adapters, monitoring-to-eval candidate flows, tests, docs, route metadata, and directly synchronized templates.
|
|
79
|
+
- Split side-effect tools into prepare, verify, and commit phases when eval evidence needs a safe pre-execution artifact and a post-execution state check.
|
|
80
|
+
- Add focused fixtures for false-success final answers, missing environment state, unsafe tool path, bad tool argument, over-trusting a judge model, trace redaction leaks, repeated tool loops, fragile tool-order assertions, flaky dirty-set cases, and pass@k versus pass^k drift.
|
|
81
|
+
- Do not treat an LLM judge, self-reflection step, reasoning trace, or final answer as proof without observable state, deterministic checks, calibrated rubric evidence, or human review.
|
|
82
|
+
- Do not force one exact tool sequence when several safe paths can satisfy the task; grade required evidence, forbidden actions, final state, approvals, cost bounds, and safety constraints instead.
|
|
83
|
+
- Do not store raw prompts, tool payloads, database rows, personal data, secrets, or full conversations in traces or eval fixtures unless the repository has an explicit sensitive-data policy for that surface.
|
|
84
|
+
|
|
85
|
+
<!-- mustflow-section: procedure -->
|
|
86
|
+
## Procedure
|
|
87
|
+
|
|
88
|
+
1. Name the eval target. Decide whether the eval measures capability exploration, regression safety, release gating, incident reproduction, tool selection, trace quality, or production monitoring.
|
|
89
|
+
2. Score final environment state before final text. For action agents, success means the booking, refund, email, file, ticket, database row, queue message, test result, or other observable state is correct.
|
|
90
|
+
3. Score the trajectory as a separate dimension. A correct final answer can still fail when the path used unsafe tools, repeated searches, excessive tokens, hallucinated intermediate facts, skipped approvals, or relied on luck.
|
|
91
|
+
4. Build oracle layers. Prefer deterministic checks for schemas, exact state, permissions, idempotency, static analysis, unit tests, and numeric rules; use model judges for semantic or rubric-heavy cases; sample humans for calibration and high-risk ambiguity.
|
|
92
|
+
5. Keep self-reflection out of final judgment. Use reflection to propose repairs or retry strategy, not to certify success.
|
|
93
|
+
6. Calibrate judge models. Compare judge outputs with deterministic checks or human review, track disagreement, and avoid treating one judge score as a stable product metric.
|
|
94
|
+
7. Add prechecks and postchecks around tools. Validate tool arguments before execution and validate state, evidence references, errors, and permissions after execution.
|
|
95
|
+
8. Keep destructive actions sequentially gated. For irreversible or costly actions, block before model calls or tool execution when possible; do not rely on a late parallel guardrail after cost or side effects have already happened.
|
|
96
|
+
9. Split side effects into prepare, verify, and commit. Evaluate the prepared payload or diff before the commit phase, then evaluate the committed state afterward.
|
|
97
|
+
10. Make tool results evidence packets. Include state before, state after, changed fields, evidence refs, permission scope, idempotency key, and structured error or timeout state instead of only a friendly success sentence.
|
|
98
|
+
11. Fuzz tool schemas. Test missing fields, wrong enum values, similar IDs, empty strings, long queries, unauthorized resource IDs, deleted objects, stale objects, and ambiguous names.
|
|
99
|
+
12. Test tool names and namespaces. When multiple tools overlap, use service or resource prefixes and eval whether routing improves without overfitting to one prompt.
|
|
100
|
+
13. Track tool payload size. Large tool responses are eval failures when they hide evidence, waste context, or cause the model to miss the relevant fields; use pagination, filtering, truncation, or summaries with source IDs.
|
|
101
|
+
14. Use shadow environments first. Evaluate payment, email, CRM, repository, file, database, and external mutations against sandbox or fake adapters before connecting to production systems.
|
|
102
|
+
15. Require checkpoints for human-in-the-loop. Human approval or correction should point to a durable state snapshot that can resume, replay safely, or roll back.
|
|
103
|
+
16. Classify failure handling by risk. High-risk tasks fail closed on verification gaps; reversible drafting, search, and classification can fail soft with a visible "needs review" state.
|
|
104
|
+
17. Separate capability evals from regression evals. Capability sets may start hard and improve over time; regression golden sets should stay stable and near-perfect before release.
|
|
105
|
+
18. Separate golden and dirty sets. Golden cases gate releases and should be clean, deterministic, and reviewable. Dirty cases come from real failures and may be noisy, quarantined, or used for diagnosis before promotion.
|
|
106
|
+
19. Run multiple trials where model variance matters. Use pass@k for "can solve at least once" capability claims and pass^k for "reliably solves every time" customer-facing claims.
|
|
107
|
+
20. Avoid brittle path assertions. Prefer required evidence, forbidden actions, final state, safety boundaries, approval requirements, and cost ceilings over one exact tool order unless the order is itself the contract.
|
|
108
|
+
21. Promote production failures into eval candidates. Mine complaints, retries, timeouts, tool errors, human overrides, rollbacks, cost breaches, and guardrail blocks into reviewed cases.
|
|
109
|
+
22. Let evals improve tool design. When failures cluster around ambiguous names, huge outputs, weak errors, missing fields, bad descriptions, or fuzzy parameters, fix the tool contract rather than blaming the model.
|
|
110
|
+
23. Keep traces privacy-safe first. Store spans, IDs, hashes, sizes, versions, state classifications, and redacted reason codes by default; scrub or exclude sensitive raw content from eval fixtures.
|
|
111
|
+
24. Treat prompt, model, tool, judge, rubric, dataset, metric, and environment changes as eval migrations. Recompare baselines before claiming improvement.
|
|
112
|
+
25. Verify with the narrowest configured tests, fixtures, docs validation, release checks, and mustflow validation that cover the changed eval integrity contract.
|
|
113
|
+
|
|
114
|
+
<!-- mustflow-section: postconditions -->
|
|
115
|
+
## Postconditions
|
|
116
|
+
|
|
117
|
+
- The eval loop grades final state, trajectory quality, tool-boundary evidence, recovery behavior, repeatability, and sensitive-data handling where relevant.
|
|
118
|
+
- Deterministic checks, model judges, and human review have explicit ownership rather than one judge model owning every verdict.
|
|
119
|
+
- Golden, dirty, capability, regression, pass@k, pass^k, shadow environment, production-monitoring, and trace-retention decisions are explicit when they affect agent quality claims.
|
|
120
|
+
- Final reports distinguish measured eval improvement from static hardening, judge preference, self-reflection, anecdotal demos, and unverified provider behavior.
|
|
121
|
+
|
|
122
|
+
<!-- mustflow-section: verification -->
|
|
123
|
+
## Verification
|
|
124
|
+
|
|
125
|
+
Use configured oneshot command intents when available:
|
|
126
|
+
|
|
127
|
+
- `changes_status`
|
|
128
|
+
- `changes_diff_summary`
|
|
129
|
+
- `lint`
|
|
130
|
+
- `build`
|
|
131
|
+
- `test_related`
|
|
132
|
+
- `test`
|
|
133
|
+
- `docs_validate_fast`
|
|
134
|
+
- `test_release`
|
|
135
|
+
- `mustflow_check`
|
|
136
|
+
|
|
137
|
+
Use the narrowest configured fixture, unit, integration, schema, docs, package, or release check that proves the changed agent eval-integrity contract.
|
|
138
|
+
|
|
139
|
+
<!-- mustflow-section: failure-handling -->
|
|
140
|
+
## Failure Handling
|
|
141
|
+
|
|
142
|
+
- If only a final answer or judge-model score is available, report the eval as weak and add observable outcome or trajectory evidence before claiming reliability.
|
|
143
|
+
- If deterministic checks can own a verdict, use them before asking a model judge.
|
|
144
|
+
- If model judges disagree or drift, calibrate with human or deterministic evidence and avoid treating the metric as release-blocking until stable.
|
|
145
|
+
- If production traces contain sensitive raw content, stop copying that content into evals and add redaction, hashing, or fixture scrubbing first.
|
|
146
|
+
- If a dirty case is flaky, quarantine it as diagnostic evidence instead of weakening the golden regression gate.
|
|
147
|
+
- If a configured command fails, use `failure-triage` before continuing.
|
|
148
|
+
|
|
149
|
+
<!-- mustflow-section: output-format -->
|
|
150
|
+
## Output Format
|
|
151
|
+
|
|
152
|
+
- Agent eval-integrity surface reviewed
|
|
153
|
+
- Outcome oracle, final-state checks, and trajectory checks
|
|
154
|
+
- Deterministic, model-judge, and human-review oracle split
|
|
155
|
+
- Tool prechecks, postchecks, schema fuzzing, evidence packets, and payload-size checks
|
|
156
|
+
- Golden, dirty, capability, regression, pass@k, pass^k, shadow environment, monitoring-to-eval, trace, and privacy decisions
|
|
157
|
+
- Files changed
|
|
158
|
+
- Command intents run
|
|
159
|
+
- Skipped checks and reasons
|
|
160
|
+
- Remaining agent eval-integrity risk
|
|
@@ -0,0 +1,163 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.agent-execution-control-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: agent-execution-control-review
|
|
9
|
+
description: Apply this skill when autonomous or semi-autonomous LLM agents, agentic workflows, planners, executors, verifiers, tool contracts, tool-call gates, human approval or interrupt flows, durable agent state, handoffs, guardrails, loop budgets, retry policies, trace evaluation, or agent outcome metrics are created, changed, reviewed, or reported and the risk is uncontrolled agent behavior rather than only prompt wording, token cost, response latency, or factual grounding.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.agent-execution-control-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Agent Execution Control Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review agent systems as controlled workbenches, not smarter chat prompts. An agentic path should make bad choices hard by separating workflow selection, planning, execution, verification, tools, approvals, durable state, guardrails, budgets, retries, traces, and outcome evaluation.
|
|
33
|
+
|
|
34
|
+
<!-- mustflow-section: use-when -->
|
|
35
|
+
## Use When
|
|
36
|
+
|
|
37
|
+
- A change adds, edits, reviews, or reports an autonomous or semi-autonomous LLM agent, agent loop, planner, executor, verifier, evaluator, router, handoff, tool-calling workflow, or long-running AI task runner.
|
|
38
|
+
- A task asks whether an AI agent should be a fixed workflow, dynamic agent, prompt chain, routed worker, tool user, human-approved assistant, or multi-step automation.
|
|
39
|
+
- Tool definitions, tool names, tool argument schemas, tool-call guards, server-known arguments, tool-result summarization, or unsafe tool execution policies change.
|
|
40
|
+
- The system can write data, send messages, delete or mutate resources, spend money, call external services, open support tickets, start jobs, or perform any external side effect through model-directed steps.
|
|
41
|
+
- Human approval, interrupt or resume behavior, durable checkpoints, state versioning, memory, trace telemetry, loop limits, retry policy, or agent evals affect agent correctness.
|
|
42
|
+
|
|
43
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
44
|
+
## Do Not Use When
|
|
45
|
+
|
|
46
|
+
- The main risk is prompt function boundaries, authority separation, output schema quality, model settings, or eval fixture wording without autonomous control flow; use `prompt-contract-quality-review`.
|
|
47
|
+
- The main risk is unsupported factual output, fabricated citations, weak retrieval, claim maps, evidence IDs, or abstain behavior; use `llm-hallucination-control-review`.
|
|
48
|
+
- The main risk is token spend, prompt-cache cost, history bloat, RAG context size, model routing cost, reasoning budget, retry replay, or cost observability; use `llm-token-cost-control-review`.
|
|
49
|
+
- The main risk is time to first token, first useful output, LLM round trips, tool wait, streaming latency, prompt-cache latency, or user-perceived response speed; use `llm-response-latency-review`.
|
|
50
|
+
- The main risk is chat, prompt composer, streaming UI, citation display, progress state, history UX, or manual fallback UI; use `llm-service-ux-review`.
|
|
51
|
+
- The main risk is agent eval integrity, trace or trajectory grading, judge-model calibration, final environment state scoring, golden or dirty eval sets, pass@k or pass^k metrics, shadow environments, or production-monitoring-to-eval feedback; use `agent-eval-integrity-review`.
|
|
52
|
+
- The task coordinates several repository workers or subagents for one coding task rather than designing a product/runtime agent; use `multi-agent-work-coordination`.
|
|
53
|
+
- The task is ordinary idempotency, retry, queue, approval, state-machine, or workflow code with no LLM-directed agent behavior; use the narrower integrity or pattern skill first.
|
|
54
|
+
|
|
55
|
+
<!-- mustflow-section: required-inputs -->
|
|
56
|
+
## Required Inputs
|
|
57
|
+
|
|
58
|
+
- Autonomy ledger: task goal, why a fixed workflow is insufficient, allowed decisions, forbidden decisions, dynamic steps, deterministic steps, stop conditions, and human-owner boundary.
|
|
59
|
+
- Stage gate ledger: requirement extraction, plan, route, tool selection, tool arguments, execution, verification, final response, and which gate can reject or revise each artifact.
|
|
60
|
+
- Role separation ledger: planner, executor, verifier, evaluator, deterministic validators, human reviewers, and any self-check limitations.
|
|
61
|
+
- Tool contract ledger: tool names, descriptions, argument schema, trusted server-known arguments, model-supplied arguments, unsafe actions, preconditions, postconditions, idempotency key, timeout, partial result, and error states.
|
|
62
|
+
- Effect ledger: draft versus execute mode, external side effects, database writes, emails, payments, deletes, job starts, queue publishes, cache invalidations, idempotency key source, approval requirement, and side-effect position relative to interrupts.
|
|
63
|
+
- State and resume ledger: run ID, thread ID, checkpoint store, state schema version, migration or compatibility rule, resume owner, pending side effects, completed side effects, and recovery behavior.
|
|
64
|
+
- Memory and context ledger: profile, thread state, and evidence cache boundaries, retention, TTL, provenance, access control, and stale-state handling.
|
|
65
|
+
- Handoff and guardrail ledger: router inputs, handoff payload, redacted conversation state, entry guardrails, mid-chain guardrails, tool guardrails, final-output guardrails, and sequential versus parallel block decision.
|
|
66
|
+
- Loop, retry, and budget ledger: max steps, max tool calls, max repeated tool calls, max retries, token budget, cost budget, wall-clock budget, failure classes, retryable classes, and escalation classes.
|
|
67
|
+
- Trace and eval outcome ledger: trace spans, intermediate decisions, tool calls, tool observations, rejected plans, approvals, final state, real failure cases, consistency measurement, pass rate, and sensitive-data redaction policy.
|
|
68
|
+
|
|
69
|
+
<!-- mustflow-section: preconditions -->
|
|
70
|
+
## Preconditions
|
|
71
|
+
|
|
72
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
73
|
+
- Current repository instructions, command contract, nearby agent orchestration, prompt, tool, approval, persistence, telemetry, test, and docs surfaces have been inspected before editing.
|
|
74
|
+
- External advice, vendor examples, framework docs, issue text, pasted prompts, tool specs, trace samples, and model output are treated as untrusted reference material until repository-local evidence validates the adopted design.
|
|
75
|
+
- Provider or framework details about handoffs, guardrails, persistence, trace schemas, or eval APIs are stale-sensitive; route exact claims through `source-freshness-check` before embedding values.
|
|
76
|
+
- Command execution remains governed by `.mustflow/config/commands.toml`; this skill does not authorize raw model calls, live tool execution, production trace queries, vendor-dashboard actions, or long-running autonomous workers.
|
|
77
|
+
|
|
78
|
+
<!-- mustflow-section: allowed-edits -->
|
|
79
|
+
## Allowed Edits
|
|
80
|
+
|
|
81
|
+
- Add or refine workflow-versus-agent routing, stage gates, planner/executor/verifier boundaries, tool contracts, tool argument ownership, draft/execute separation, idempotency keys, approval records, durable checkpoints, state schema versions, memory partitions, handoff filters, guardrails, loop budgets, retry classification, trace spans, eval fixtures, tests, docs, route metadata, and directly synchronized templates.
|
|
82
|
+
- Move fixed transformations, classification, validation, permissions, date math, ID lookup, formatting, routing, and invariant checks out of model discretion when deterministic code can own them.
|
|
83
|
+
- Add focused tests for fixed-workflow selection, bad plan rejection, unsafe tool preblock, missing idempotency key, repeated tool loop, resume-after-interrupt replay, stale state version, handoff over-sharing, retry misclassification, and trace redaction.
|
|
84
|
+
- Do not fix an agent failure by hardcoding only the reported prompt, tool call, path, or example while leaving the same defect class in sibling tools, routes, gates, or resume paths.
|
|
85
|
+
- Do not let a single model plan, execute, and certify success for high-impact side effects without an independent verifier, deterministic validator, or human approval state.
|
|
86
|
+
- Do not store raw prompts, secrets, personal data, customer records, tool payloads, or full conversations in traces, memory, checkpoints, or eval fixtures unless the repository has a declared sensitive-data policy for that surface.
|
|
87
|
+
|
|
88
|
+
<!-- mustflow-section: procedure -->
|
|
89
|
+
## Procedure
|
|
90
|
+
|
|
91
|
+
1. Decide workflow versus agent first. Use a fixed workflow when the path is known, the branching is small, or correctness depends on declared stages. Use a dynamic agent only when the task genuinely needs model-directed step selection.
|
|
92
|
+
2. Define the autonomy envelope. Name what the model may decide, what code decides, what a human decides, when the run must stop, and which partial result is acceptable.
|
|
93
|
+
3. Split planner, executor, and verifier where risk justifies it. If one model performs multiple roles, add deterministic gates or independent checks before external effects or final success claims.
|
|
94
|
+
4. Gate intermediate artifacts. Validate extracted requirements, plans, routes, tool selections, tool arguments, execution results, and final answers before later stages consume them.
|
|
95
|
+
5. Make tools model-readable and execution-safe. Tool names should describe the action, descriptions should state when to use and not use them, schemas should be explicit, and unsafe side effects should be visible in the contract.
|
|
96
|
+
6. Remove relative-path and implicit-default traps. Prefer absolute project paths, explicit working directories, explicit tenant or workspace IDs supplied by the server, and no hidden dependence on current conversation state.
|
|
97
|
+
7. Use structured outputs plus business validation. Schema validity is only the first gate; validate permissions, ownership, state transitions, amounts, dates, IDs, and product rules outside free-form generation.
|
|
98
|
+
8. Separate draft from execute. For deletes, writes, emails, payments, external API mutations, job starts, queue publishes, or other irreversible actions, have the agent propose a plan or draft before execution unless the path is explicitly low-risk and idempotent.
|
|
99
|
+
9. Require idempotency for side effects. Derive idempotency keys from stable run, operation, target, and attempt identities; record completed side effects before any path can resume and replay them.
|
|
100
|
+
10. Treat approval as durable state. Store who approved what, which exact proposed action was approved, when it expires, what changed after approval, and what resume step owns execution.
|
|
101
|
+
11. Design interrupt and resume before side effects. Code before an interrupt may run again after resume in many graph runtimes, so keep pre-interrupt work pure or idempotent and keep irreversible effects after approval checkpoints.
|
|
102
|
+
12. Version long-running state. Add a state schema version, migration or compatibility rule, stale-run behavior, and final-state classification for interrupted, cancelled, failed, succeeded, and partially applied runs.
|
|
103
|
+
13. Split memory. Keep profile, thread state, and evidence cache separate; store provenance and freshness, avoid making summaries authoritative, and keep access-control and TTL rules visible.
|
|
104
|
+
14. Summarize tool results into state. Preserve source IDs, key fields, uncertainty, errors, and provenance instead of passing raw blobs or letting a long observation become hidden authority.
|
|
105
|
+
15. Evaluate tool triggering both ways. Test overtriggering that calls tools unnecessarily and undertriggering that skips required evidence, permission, or freshness checks.
|
|
106
|
+
16. Route before handoff. Choose specialized workers or downstream agents up front from explicit inputs, pass only the state they need, and redact irrelevant conversation or tool history.
|
|
107
|
+
17. Place guardrails at every boundary. Use entry guardrails for obviously disallowed requests, stage guardrails for bad plans or arguments, tool guardrails for unsafe calls, and final guardrails for response policy.
|
|
108
|
+
18. Choose sequential or parallel guardrails by risk. Sequential pre-blocking protects expensive or dangerous paths before cost or side effects happen; parallel guardrails can reduce latency only when wasted work is acceptable.
|
|
109
|
+
19. Add loop budgets. Enforce max steps, tool calls, repeated tool calls, retries, token spend, cost, and wall-clock time; make repeated same-tool or same-error loops visible.
|
|
110
|
+
20. Retry by failure class. Distinguish invalid schema, missing information, permission denied, timeout, transient provider error, deterministic validation failure, unsafe request, and unknown outcome; do not blindly "try again."
|
|
111
|
+
21. Trace the work, not only the answer. Capture decisions, plans, tool choices, tool arguments, validator results, approvals, retries, final state, and outcome fields needed to debug agent behavior.
|
|
112
|
+
22. Make traces privacy-safe first. Redact or hash sensitive content before telemetry, restrict retention, and ensure eval fixtures do not become a secret dump.
|
|
113
|
+
23. Evaluate from real failures. Build fixtures from incidents, near misses, wrong tool calls, bad handoffs, missing approvals, replay bugs, and loop failures; measure final state and consistency, not only final text.
|
|
114
|
+
24. Treat prompt, model, tool, schema, routing, guardrail, and state changes as behavior migrations. Check old runs, old data, old approvals, cached plans, and in-flight tasks before changing the contract.
|
|
115
|
+
25. Verify with the narrowest configured tests, fixtures, docs validation, release checks, and mustflow validation that cover the changed agent control plane.
|
|
116
|
+
|
|
117
|
+
<!-- mustflow-section: postconditions -->
|
|
118
|
+
## Postconditions
|
|
119
|
+
|
|
120
|
+
- The agent path has an explicit workflow-versus-agent decision, autonomy envelope, stop conditions, stage gates, role separation, tool contracts, effect boundaries, and verification path.
|
|
121
|
+
- External side effects are drafted, approved, idempotent, replay-safe, or explicitly reported as residual risk.
|
|
122
|
+
- Durable state, memory, handoffs, guardrails, loop budgets, retries, traces, evals, and sensitive-data policy are bounded where they affect correctness.
|
|
123
|
+
- Final reports distinguish static control-plane hardening from measured agent success, model-quality assumptions, and unverified framework behavior.
|
|
124
|
+
|
|
125
|
+
<!-- mustflow-section: verification -->
|
|
126
|
+
## Verification
|
|
127
|
+
|
|
128
|
+
Use configured oneshot command intents when available:
|
|
129
|
+
|
|
130
|
+
- `changes_status`
|
|
131
|
+
- `changes_diff_summary`
|
|
132
|
+
- `lint`
|
|
133
|
+
- `build`
|
|
134
|
+
- `test_related`
|
|
135
|
+
- `test`
|
|
136
|
+
- `docs_validate_fast`
|
|
137
|
+
- `test_release`
|
|
138
|
+
- `mustflow_check`
|
|
139
|
+
|
|
140
|
+
Use the narrowest configured fixture, unit, integration, schema, docs, package, or release check that proves the changed agent execution-control contract.
|
|
141
|
+
|
|
142
|
+
<!-- mustflow-section: failure-handling -->
|
|
143
|
+
## Failure Handling
|
|
144
|
+
|
|
145
|
+
- If a fixed workflow is sufficient, report that an autonomous agent is unnecessary and keep the simpler workflow unless the user explicitly accepts the agent tradeoff.
|
|
146
|
+
- If tool ownership, side-effect ownership, or approval state is unclear, stop execution-path changes and report the missing authority boundary.
|
|
147
|
+
- If interrupt or resume behavior can replay side effects and no idempotency key exists, add replay safety before claiming the agent is durable.
|
|
148
|
+
- If no trace or eval covers the behavior, report static risk reduction rather than claiming the agent is reliable.
|
|
149
|
+
- If a guardrail needs sensitive raw content to work, prefer scoped local checks, redacted features, or human review over unsafe telemetry.
|
|
150
|
+
- If a configured command fails, use `failure-triage` before continuing.
|
|
151
|
+
|
|
152
|
+
<!-- mustflow-section: output-format -->
|
|
153
|
+
## Output Format
|
|
154
|
+
|
|
155
|
+
- Agent execution-control surface reviewed
|
|
156
|
+
- Workflow-versus-agent decision, autonomy envelope, and stop conditions
|
|
157
|
+
- Stage gates, planner/executor/verifier split, and validation path
|
|
158
|
+
- Tool contracts, argument ownership, draft/execute split, idempotency, approval, and side-effect replay safety
|
|
159
|
+
- Durable state, resume, memory, handoff, guardrail, loop budget, retry, trace, eval, and privacy policy checked
|
|
160
|
+
- Files changed
|
|
161
|
+
- Command intents run
|
|
162
|
+
- Skipped checks and reasons
|
|
163
|
+
- Remaining agent execution-control risk
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.ai-generated-code-hardening
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: ai-generated-code-hardening
|
|
9
|
-
description: Apply this skill when AI-generated, assistant-authored, vibe-coded, or broad code changes need evidence-backed hardening against duplicate helpers or shapes, hidden coupling, weak tests, swallowed errors, excessive complexity, and boundary drift.
|
|
9
|
+
description: Apply this skill when AI-generated, assistant-authored, vibe-coded, or broad code changes need evidence-backed hardening against symptom-only fixes, pinpoint hardcoding, duplicate helpers or shapes, hidden coupling, weak tests, swallowed errors, excessive complexity, and boundary drift.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -31,15 +31,19 @@ metadata:
|
|
|
31
31
|
|
|
32
32
|
Use this skill to turn agent-written code from "looks plausible" into maintainable
|
|
33
33
|
repository code. The goal is not style cleanup. The goal is to catch the failure
|
|
34
|
-
modes that appear when an agent forgets the repository between sessions:
|
|
35
|
-
|
|
36
|
-
public surfaces, and oversized functions or
|
|
34
|
+
modes that appear when an agent forgets the repository between sessions: symptom-only
|
|
35
|
+
patches, pinpoint hardcoding, duplicate helpers, duplicate shapes, hidden coupling,
|
|
36
|
+
weak tests, swallowed errors, accidental public surfaces, and oversized functions or
|
|
37
|
+
files.
|
|
37
38
|
|
|
38
39
|
<!-- mustflow-section: use-when -->
|
|
39
40
|
## Use When
|
|
40
41
|
|
|
41
42
|
- The current diff was substantially generated by an AI agent, copied from an
|
|
42
43
|
outside suggestion, or produced through broad assistant edits.
|
|
44
|
+
- A bug fix appears to handle only the reported example, failing fixture, exact string,
|
|
45
|
+
exact path, exact ID, exact platform, or current test input instead of the same class
|
|
46
|
+
of defect.
|
|
43
47
|
- A new helper, function, type, schema, DTO, fixture, adapter, or shape appears and
|
|
44
48
|
the repository may already have a single source of truth.
|
|
45
49
|
- The change may introduce hidden coupling through import direction, initialization
|
|
@@ -78,6 +82,8 @@ public surfaces, and oversized functions or files.
|
|
|
78
82
|
entrypoints when present.
|
|
79
83
|
- Existing error-handling conventions and the boundary where failures are meant to
|
|
80
84
|
become user-facing, logged, retried, or returned.
|
|
85
|
+
- The reported symptom, failing fixture, user example, or scanner finding that caused
|
|
86
|
+
the fix, plus nearby inputs that should follow the same rule.
|
|
81
87
|
- Existing test style, edge-case coverage, and configured verification intents.
|
|
82
88
|
- Existing static analysis or lint rules, if any. Missing rules may be reported or
|
|
83
89
|
proposed, but this skill does not authorize adding new dependencies, CI gates, or
|
|
@@ -100,6 +106,9 @@ public surfaces, and oversized functions or files.
|
|
|
100
106
|
|
|
101
107
|
- Replace duplicate new helpers, shapes, fixtures, or validators with existing
|
|
102
108
|
sources of truth.
|
|
109
|
+
- Replace symptom-only conditions, literal-value patches, one-off string replacements,
|
|
110
|
+
and caller-by-caller guards with the smallest rule, parser, boundary, or data owner
|
|
111
|
+
that covers the defect class.
|
|
103
112
|
- Extract or move code only around a clear local responsibility boundary.
|
|
104
113
|
- Flatten excessive nesting when behavior is unchanged and tests cover the path.
|
|
105
114
|
- Remove accidental re-exports or update synchronized public-surface contracts.
|
|
@@ -114,11 +123,28 @@ public surfaces, and oversized functions or files.
|
|
|
114
123
|
1. Baseline the diff.
|
|
115
124
|
- Identify new functions, helpers, classes, types, schemas, DTOs, fixtures,
|
|
116
125
|
adapters, exported names, and test helpers.
|
|
126
|
+
- Identify any literal values, branch conditions, special-case IDs, one-off
|
|
127
|
+
regexes, fixture names, paths, or platform checks that were added because they
|
|
128
|
+
match the reported symptom.
|
|
117
129
|
- Separate intentional new concepts from possible duplicates.
|
|
118
130
|
- Note which files are production code, test code, generated code, public
|
|
119
131
|
contract files, or installed templates.
|
|
120
132
|
|
|
121
|
-
2. Check
|
|
133
|
+
2. Check for symptom-only patches.
|
|
134
|
+
- Name the reported symptom and the broader defect class before accepting the
|
|
135
|
+
fix. Examples: path traversal, stale cache authority, duplicate side effect,
|
|
136
|
+
invalid state transition, malformed command fence, newline handling, missing
|
|
137
|
+
cleanup, wrong ownership check, or non-atomic write.
|
|
138
|
+
- Search for sibling inputs, adjacent parsers, other callers, parallel fixtures,
|
|
139
|
+
and same-shaped branches that would fail for the same reason.
|
|
140
|
+
- Reject fixes that only say "if this exact value, return the expected answer"
|
|
141
|
+
unless the value is a documented product rule with an owner and test.
|
|
142
|
+
- Prefer changing the parser, validator, state transition, normalization rule,
|
|
143
|
+
ownership boundary, or shared helper that owns the whole defect class.
|
|
144
|
+
- If a narrow patch is the only safe current change, document why the broader
|
|
145
|
+
rule is deferred and add a regression guard that names the remaining class risk.
|
|
146
|
+
|
|
147
|
+
3. Check repository memory discontinuity.
|
|
122
148
|
- Search for existing helpers, types, schemas, shapes, fixtures, and validators
|
|
123
149
|
before accepting a new one.
|
|
124
150
|
- Prefer the existing single source of truth when it already covers the behavior.
|
|
@@ -127,7 +153,7 @@ public surfaces, and oversized functions or files.
|
|
|
127
153
|
- If both old and new concepts must remain, name the boundary and explain why
|
|
128
154
|
they are not duplicates.
|
|
129
155
|
|
|
130
|
-
|
|
156
|
+
4. Check coupling and dependency direction.
|
|
131
157
|
- Look for hidden coupling through import direction, initialization order,
|
|
132
158
|
shared mutable state, environment reads, caches, file-system state, timers,
|
|
133
159
|
module-level side effects, and ambient globals.
|
|
@@ -136,7 +162,7 @@ public surfaces, and oversized functions or files.
|
|
|
136
162
|
- Inspect fan-in and fan-out. A new utility imported everywhere, or a high-level
|
|
137
163
|
module imported from many low-level places, needs a boundary explanation.
|
|
138
164
|
|
|
139
|
-
|
|
165
|
+
5. Check public surface and re-export discipline.
|
|
140
166
|
- Treat a barrel export, wildcard export, package entrypoint, generated client,
|
|
141
167
|
CLI JSON field, or template-installed file as a public surface until proven
|
|
142
168
|
otherwise.
|
|
@@ -144,7 +170,7 @@ public surfaces, and oversized functions or files.
|
|
|
144
170
|
when the export is intentional.
|
|
145
171
|
- Do not hide a breaking public-surface change behind "internal cleanup" wording.
|
|
146
172
|
|
|
147
|
-
|
|
173
|
+
6. Check error handling and fallbacks.
|
|
148
174
|
- Reject empty `catch`, generic fallback values, silent `null` returns, and
|
|
149
175
|
duplicated defensive guards unless they are the repository's explicit boundary
|
|
150
176
|
pattern.
|
|
@@ -153,7 +179,7 @@ public surfaces, and oversized functions or files.
|
|
|
153
179
|
- Preserve useful error context without leaking secrets or personal data.
|
|
154
180
|
- Prefer explicit result shapes or typed errors when they already exist locally.
|
|
155
181
|
|
|
156
|
-
|
|
182
|
+
7. Check complexity before it calcifies.
|
|
157
183
|
- Challenge nesting deeper than three levels, especially inside loops, async
|
|
158
184
|
flows, parsers, command handlers, and test setup.
|
|
159
185
|
- Flatten unnecessary nesting with guard clauses or early returns when that keeps
|
|
@@ -163,9 +189,11 @@ public surfaces, and oversized functions or files.
|
|
|
163
189
|
- Split a god file only when the new module has a stable owner, direction, and
|
|
164
190
|
verification path.
|
|
165
191
|
|
|
166
|
-
|
|
192
|
+
8. Harden tests against fake confidence.
|
|
167
193
|
- Verify behavior and side effects, not only function names, strings, snapshots,
|
|
168
194
|
or the presence of files.
|
|
195
|
+
- For bug fixes, add at least one nearby negative or sibling case when feasible so
|
|
196
|
+
the guard proves the generalized rule, not only the reported literal input.
|
|
169
197
|
- Add or preserve edge cases for empty input, missing input, null or undefined
|
|
170
198
|
where the language permits it, boundary values, duplicate requests, failure
|
|
171
199
|
paths, and concurrency or ordering when relevant.
|
|
@@ -175,7 +203,7 @@ public surfaces, and oversized functions or files.
|
|
|
175
203
|
- If production code gained defensive fallback only to satisfy a brittle test,
|
|
176
204
|
fix the test or move the fallback to the owning boundary.
|
|
177
205
|
|
|
178
|
-
|
|
206
|
+
9. Use enforcement evidence without inventing enforcement.
|
|
179
207
|
- Run existing configured lint, build, and related test intents when they cover
|
|
180
208
|
the risk.
|
|
181
209
|
- If the repository lacks dependency-boundary, complexity, max-depth,
|
|
@@ -184,7 +212,7 @@ public surfaces, and oversized functions or files.
|
|
|
184
212
|
- Never paste outside plugin commands, package-manager commands, or CI recipes
|
|
185
213
|
into mustflow command contracts without command-contract review.
|
|
186
214
|
|
|
187
|
-
|
|
215
|
+
10. Decide fix now, defer, or report.
|
|
188
216
|
- Fix now when the issue is in the touched code, small, directly tied to the
|
|
189
217
|
current behavior, and verifiable with configured commands.
|
|
190
218
|
- Defer when the issue needs broad architecture work, new dependencies, new CI
|
|
@@ -197,6 +225,9 @@ public surfaces, and oversized functions or files.
|
|
|
197
225
|
|
|
198
226
|
- New helpers, shapes, fixtures, validators, and exports have been checked against
|
|
199
227
|
existing sources of truth.
|
|
228
|
+
- Symptom-only patches, pinpoint hardcoding, literal-value branches, and one-off
|
|
229
|
+
string replacements have been replaced by a defect-class rule or explicitly
|
|
230
|
+
reported with the remaining class risk.
|
|
200
231
|
- Hidden coupling, dependency direction, circular dependencies, fan-in, fan-out,
|
|
201
232
|
re-export drift, and public-surface changes have been fixed, deferred, or
|
|
202
233
|
explicitly reported.
|
|
@@ -226,6 +257,9 @@ public surfaces, and oversized functions or files.
|
|
|
226
257
|
fix.
|
|
227
258
|
- If repository search cannot prove whether a helper or shape is duplicate, report
|
|
228
259
|
the evidence gap instead of deleting or merging concepts speculatively.
|
|
260
|
+
- If the same defect class may exist in uninspected callers, parsers, fixtures, or
|
|
261
|
+
sibling inputs, report the uninspected surface instead of claiming the root cause
|
|
262
|
+
is fixed.
|
|
229
263
|
- If the hardening issue requires new dependencies, new CI gates, package-wide lint
|
|
230
264
|
policy, or a cross-module migration, defer it with a concrete recommendation.
|
|
231
265
|
- If the current diff is too broad to inspect in one pass, use
|
|
@@ -240,6 +274,8 @@ public surfaces, and oversized functions or files.
|
|
|
240
274
|
Include:
|
|
241
275
|
|
|
242
276
|
- Existing sources of truth reused or extended.
|
|
277
|
+
- Symptom-only patches, pinpoint hardcoding, and same-defect-class sibling surfaces
|
|
278
|
+
fixed, ruled out, or reported.
|
|
243
279
|
- Duplicate helpers, duplicate shapes, or repeated guards removed.
|
|
244
280
|
- Coupling, circular-dependency, fan-in, fan-out, public-surface, and re-export risks
|
|
245
281
|
found or ruled out.
|