mustflow 2.38.0 → 2.58.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/cli/commands/run/executor.js +16 -0
- package/dist/cli/commands/run/process-tree.js +6 -3
- package/dist/cli/commands/verify.js +3 -1
- package/dist/cli/lib/git-changes.js +11 -1
- package/dist/cli/lib/i18n.js +1 -1
- package/dist/cli/lib/local-index/index.js +8 -4
- package/dist/cli/lib/local-index/populate.js +17 -3
- package/dist/cli/lib/local-index/search-read-model.js +9 -7
- package/dist/cli/lib/local-index/search-text.js +2 -2
- package/dist/cli/lib/local-index/workflow-documents.js +17 -2
- package/dist/cli/lib/mustflow-read.js +14 -2
- package/dist/cli/lib/repo-map.js +16 -3
- package/dist/cli/lib/templates.js +8 -7
- package/dist/cli/lib/validation/constants.js +1 -1
- package/dist/core/active-run-locks.js +78 -20
- package/dist/core/change-classification.js +4 -0
- package/dist/core/command-contract-rules.js +1 -1
- package/dist/core/command-contract-validation.js +1 -1
- package/dist/core/command-cwd.js +13 -2
- package/dist/core/command-effects.js +22 -4
- package/dist/core/command-env.js +8 -6
- package/dist/core/command-preconditions.js +28 -2
- package/dist/core/completion-verdict.js +1 -1
- package/dist/core/line-endings.js +8 -4
- package/dist/core/safe-filesystem.js +9 -1
- package/dist/core/source-anchor-validation.js +7 -1
- package/dist/core/source-anchors.js +8 -2
- package/dist/core/verification-scheduler.js +8 -2
- package/package.json +1 -1
- package/templates/default/common/.mustflow/config/commands.toml +39 -15
- package/templates/default/i18n.toml +330 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
- package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
- package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
- package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
- package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
- package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
- package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
- package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
- package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
- package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
- package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
- package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
- package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
- package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
- package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
- package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
- package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
- package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
- package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
- package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
- package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
- package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
- package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
- package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
- package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
- package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
- package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
- package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
- package/templates/default/manifest.toml +388 -2
|
@@ -0,0 +1,189 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.api-request-performance-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: api-request-performance-review
|
|
9
|
+
description: Apply this skill when API endpoints, handlers, controllers, resolvers, serializers, mappers, service methods, or route-level request paths are created, changed, reviewed, or reported and the main latency risk is repeated work inside one request, including per-request I/O counts, DB or ORM fan-out, Redis fan-out, external API calls, transaction scope, pool acquire wait, cache miss paths, serialization, response size, request-path CPU work, or missing trace evidence.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.api-request-performance-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# API Request Performance Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review API latency as repeated work inside one request, not as a search for an ugly slow function.
|
|
33
|
+
|
|
34
|
+
The core question is: "For one request, how many times do we repeat the same I/O, data fetch, serialization, lock wait, transaction wait, or CPU-heavy operation before sending the response?"
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- An API endpoint, handler, controller, route, resolver, serializer, mapper, service method, middleware, webhook receiver, backend-for-frontend path, admin API, or request-scoped worker path is created, changed, reviewed, or reported.
|
|
40
|
+
- The likely risk is per-request I/O, DB query count, ORM lazy loading, Redis fan-out, external API calls, filesystem reads, transaction scope, pool acquire wait, cache miss behavior, JSON serialization, response bytes, DTO mapping, compression, crypto, image/file processing, or missing spans.
|
|
41
|
+
- Code or docs claim an API path is fast, paginated, cached, batched, preloaded, streaming, bounded, safe at p95 or p99, or protected by instrumentation.
|
|
42
|
+
- A route-level performance finding needs a request cost ledger before a broader performance-budget, load-test, database-plan, or profiling project.
|
|
43
|
+
|
|
44
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
45
|
+
## Do Not Use When
|
|
46
|
+
|
|
47
|
+
- The task is a general hot-path review without an API request boundary; use `hot-path-performance-review`.
|
|
48
|
+
- The task is only database query shape, migration safety, or engine-specific query tuning with no route-level request path; use `database-query-bottleneck-review` or the matching database skill.
|
|
49
|
+
- The task is primarily cache correctness, stale data spread, permission leakage, or invalidation order; use `cache-integrity-review`.
|
|
50
|
+
- The task is primarily reliability, retry, timeout, queue, health-check, or operational failure handling rather than per-request latency; use `backend-reliability-change`.
|
|
51
|
+
- The task is a full measurement, benchmark, production profiling, load-test, service-level objective, or p95/p99 performance-budget project; use `performance-budget-check` as the main route.
|
|
52
|
+
- The route-level request path is slow mainly because of LLM response latency, time to first token, first useful output, streaming, LLM round trips, tool-call wait, prompt-cache latency, model routing speed, realtime continuation, priority tier, or predicted-output behavior; use `llm-response-latency-review`.
|
|
53
|
+
- The API path is explicitly tiny, hard-capped, offline-only, or manual-only and the bounded request size is documented.
|
|
54
|
+
|
|
55
|
+
<!-- mustflow-section: required-inputs -->
|
|
56
|
+
## Required Inputs
|
|
57
|
+
|
|
58
|
+
- Request path: endpoint, route, handler, controller, resolver, serializer, mapper, middleware, service method, response builder, and downstream calls under review.
|
|
59
|
+
- Request cost ledger inputs: route span, DB query count, Redis call count, external API call count, filesystem or object-storage calls, payload size, response bytes, JSON serialization time, DTO mapping time, cache hit or miss, queue time, pool acquire wait, transaction duration, lock wait, and request-path CPU work when available.
|
|
60
|
+
- Data shape: request parameters, page size, relation counts, tenant or user scope, expected result size, maximum payload, large JSON/TEXT/BLOB fields, and response projection.
|
|
61
|
+
- ORM behavior: lazy loading, eager loading, generated SQL, relation access in serializers or templates, Django `select_related` and `prefetch_related`, Rails `includes`, `preload`, `eager_load`, and `strict_loading`, or equivalent framework behavior.
|
|
62
|
+
- Database evidence when available: `SELECT *`, app-side filtering or sorting, deep `OFFSET`, `COUNT(*)`, index fit for `WHERE` plus `ORDER BY` plus `LIMIT`, `EXPLAIN`, estimated rows, actual rows, join cardinality, and selectivity.
|
|
63
|
+
- Cache and Redis evidence: request-scope cache, key dimensions, cache miss path, `MGET`, pipeline behavior, Redis round trips, Redis Slow Log limitations, hot keys, fallback behavior, and stampede controls.
|
|
64
|
+
- Correctness boundaries: authorization, tenant isolation, ordering, duplicates, pagination stability, consistency, idempotency, timeout, cancellation, partial failure, stale data, and response contract.
|
|
65
|
+
- Relevant command-intent contract entries for build, tests, docs, release checks, and mustflow validation.
|
|
66
|
+
|
|
67
|
+
<!-- mustflow-section: preconditions -->
|
|
68
|
+
## Preconditions
|
|
69
|
+
|
|
70
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
71
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
72
|
+
- Required inputs are available, or missing route, query-count, trace, cache, or payload evidence can be reported without guessing.
|
|
73
|
+
- If database query shape is changed, also apply the matching database skill.
|
|
74
|
+
- If cache correctness or invalidation behavior changes, also apply `cache-integrity-review`.
|
|
75
|
+
- If retry, timeout, queue, health, idempotency, or external-service failure behavior changes, also apply `backend-reliability-change`.
|
|
76
|
+
- If authorization, tenant scope, personal data, logs, telemetry, or cache keys affect the API path, also apply the relevant security or privacy skill.
|
|
77
|
+
|
|
78
|
+
<!-- mustflow-section: allowed-edits -->
|
|
79
|
+
## Allowed Edits
|
|
80
|
+
|
|
81
|
+
- Narrow projection, remove route-level overfetching, batch per-item database or Redis calls, replace repeated external calls with bounded aggregation, add request-scope memoization, move app-side filtering or sorting into the right data layer, shorten transactions, and add bounded concurrency where semantics are clear.
|
|
82
|
+
- Add or tighten route-level observability for route span timing, DB query count, pool acquire wait, Redis count, cache hit or miss, external latency, response bytes, JSON serialization time, queue time, and request-path CPU work when local patterns support it.
|
|
83
|
+
- Add focused tests or fixtures for query count, lazy-loading prevention, pagination stability, response projection, authorization scope, cache key dimensions, timeout behavior, serialization shape, or error boundaries when repository patterns support them.
|
|
84
|
+
- Do not add speculative caches, unbounded eager loading, unbounded concurrency, broad denormalization, new infrastructure, raw load tests, or profiling hooks without evidence and ownership of invalidation, backpressure, and failure behavior.
|
|
85
|
+
- Do not trade correctness, authorization, tenant isolation, response contract, idempotency, ordering, or partial-failure behavior for a faster-looking request path.
|
|
86
|
+
|
|
87
|
+
<!-- mustflow-section: procedure -->
|
|
88
|
+
## Procedure
|
|
89
|
+
|
|
90
|
+
1. Name the API request boundary first. Include the route, handler, controller, resolver, serializer, mapper, service method, response builder, and downstream calls that run before the response is committed.
|
|
91
|
+
2. Build a Request cost ledger. Record DB query count, Redis round trips, external API calls, filesystem or object-storage calls, cache hit or miss, payload size, response bytes, JSON serialization time, DTO mapping time, pool acquire wait, transaction duration, lock wait, queue time, and request-path CPU work. Mark unavailable values as missing evidence rather than inventing them.
|
|
92
|
+
3. Count repeated I/O before reading abstraction names.
|
|
93
|
+
- A loop, mapper, serializer, resolver, template, or DTO builder that calls DB, Redis, HTTP, RPC, filesystem, object storage, provider SDK, queue, logger, metrics, crypto, compression, or image processing is the first suspect.
|
|
94
|
+
- Sequential `await` inside a loop is still serial request latency unless the operations are order-dependent.
|
|
95
|
+
- Unbounded fan-out is not a fix. Use bounded concurrency only when the downstream resource and failure behavior are understood.
|
|
96
|
+
4. Inspect ORM serializer and mapper paths.
|
|
97
|
+
- Property reads such as `user.team.name`, `order.items`, `post.comments`, or equivalent relation access can be hidden queries.
|
|
98
|
+
- In Django, choose `select_related` for single-valued relations and `prefetch_related` for multi-valued relations when the route actually needs them.
|
|
99
|
+
- In Rails, compare `includes`, `preload`, `eager_load`, and `strict_loading`; use strict loading or query-count tests where local patterns support them.
|
|
100
|
+
- Treat eager loading too much as a separate bug. It can replace N+1 with row explosion, duplicate parents, memory bloat, or huge response mapping.
|
|
101
|
+
5. Check query projection and response projection together.
|
|
102
|
+
- Flag `SELECT *`, full entity hydration, unbounded DTOs, and list endpoints that fetch large JSON, TEXT, BLOB, image, metadata, audit, or internal columns.
|
|
103
|
+
- Fetch detail fields only after narrowing the row set when the route returns a list, feed, search result, or admin table.
|
|
104
|
+
6. Push filtering, sorting, grouping, and distinct work to the right layer.
|
|
105
|
+
- App-side filtering after loading many rows usually hides a database or cache misuse.
|
|
106
|
+
- App-side sorting, grouping, or `distinct` after join fan-out can turn a small response into a large server memory job.
|
|
107
|
+
- Preserve authorization, tenant scope, null semantics, duplicates, and stable ordering when moving work.
|
|
108
|
+
7. Review pagination and counts as latency surfaces.
|
|
109
|
+
- Deep `OFFSET` pages usually make the database count and discard earlier rows.
|
|
110
|
+
- Prefer keyset or cursor pagination with stable tie-breakers when arbitrary page jumps are not a product requirement.
|
|
111
|
+
- Expensive `COUNT(*)` for every request needs a product reason, approximate or cached count policy, or deferred count behavior.
|
|
112
|
+
8. Match indexes to the whole request query.
|
|
113
|
+
- Check `WHERE`, `ORDER BY`, and `LIMIT` together instead of asking only whether one predicate has an index.
|
|
114
|
+
- Functions around columns, implicit casts, `LOWER(email)`, `DATE(created_at)`, timezone conversion, `%keyword%`, low-selectivity predicates, and mismatched sort order can defeat useful index access.
|
|
115
|
+
- When plan evidence exists, compare `EXPLAIN` estimated rows with actual rows, join cardinality, loops, rows examined, rows returned, buffers, temp files, sort method, and lock or pool wait.
|
|
116
|
+
9. Keep external calls out of transactions.
|
|
117
|
+
- Do not hold a DB transaction while waiting for an external API, file upload, object storage, Redis fallback, image processing, logging sink, or user-controlled operation.
|
|
118
|
+
- Move external effects after commit with an outbox, job, reconciliation record, or idempotent follow-up only when the repository already owns that pattern.
|
|
119
|
+
10. Separate database execution time from pool acquire wait.
|
|
120
|
+
- A query can look fast while the request waits for a saturated connection pool.
|
|
121
|
+
- Review pool acquire time, pool size, transaction duration, connection leaks, per-request client creation, and slow downstream calls holding connections.
|
|
122
|
+
11. Check Redis as a network service, not as free memory.
|
|
123
|
+
- Redis calls inside loops are request latency. Prefer `MGET`, pipelining, batching, or request-scope cache when semantics allow.
|
|
124
|
+
- Redis Slow Log does not include client round-trip time, connection wait, serialization, or application loop overhead.
|
|
125
|
+
- Review cache miss path, fallback DB pressure, stampede control, hot keys, and key cardinality before calling the cache safe.
|
|
126
|
+
12. Review cache key scope and miss behavior.
|
|
127
|
+
- A key that is too narrow can leak or serve wrong data; a key that is too wide can explode cardinality and never hit.
|
|
128
|
+
- Count what happens on miss: DB calls, external calls, serialization, lock or singleflight behavior, early refresh, negative caching, stale serve, and timeout.
|
|
129
|
+
13. Count JSON, DTO, and response building costs.
|
|
130
|
+
- Repeated JSON parse/stringify, broad DTO-to-DTO mapping, deep clone, object spread over large arrays, and whole-object logging can dominate route CPU.
|
|
131
|
+
- Large response bytes increase server serialization, compression, network transfer, browser parse, and client cache pressure.
|
|
132
|
+
14. Check request-path CPU before offloading blame to the database.
|
|
133
|
+
- Compression, crypto, hashing, image resize, PDF or spreadsheet generation, diffing, regex, report rendering, and large locale formatting can block the request.
|
|
134
|
+
- For Node, look for event-loop blocking and flame graph evidence when available. For Go, use pprof evidence when available. For MongoDB, inspect `explain()` evidence when the route depends on MongoDB query shape.
|
|
135
|
+
15. Treat observability as part of the fix when evidence is missing.
|
|
136
|
+
- Add OpenTelemetry or existing tracing spans only through local patterns.
|
|
137
|
+
- Prefer route span, DB query count, Redis count, external-call count, pool acquire wait, cache hit or miss, external latency, response bytes, JSON serialization time, queue time, timeout count, and error category over vague "seems slow" comments.
|
|
138
|
+
16. Rank fixes by request payoff.
|
|
139
|
+
- Usually fix per-item DB or Redis calls, ORM lazy loading, app-side filtering after overfetch, deep offset pagination, expensive counts, external calls inside transactions, pool waits, unbounded fan-out, huge responses, and missing spans before micro-optimizing helper code.
|
|
140
|
+
17. Label evidence honestly.
|
|
141
|
+
- Static review can identify likely API latency risks but cannot prove speedup.
|
|
142
|
+
- A trace from a tiny fixture, warm local cache, or empty database is not representative production evidence.
|
|
143
|
+
|
|
144
|
+
<!-- mustflow-section: postconditions -->
|
|
145
|
+
## Postconditions
|
|
146
|
+
|
|
147
|
+
- The API request boundary and Request cost ledger are explicit.
|
|
148
|
+
- DB query count, Redis call count, external API call count, cache hit or miss behavior, response bytes, serialization cost, transaction scope, pool acquire wait, and request-path CPU work are fixed, bounded, instrumented, or reported.
|
|
149
|
+
- ORM lazy loading, eager-loading overfetch, `SELECT *`, app-side filtering or sorting, deep `OFFSET`, expensive `COUNT(*)`, index mismatch, external call inside transaction, Redis loop, and cache miss amplification are checked where relevant.
|
|
150
|
+
- Correctness, authorization, tenant isolation, idempotency, ordering, pagination stability, partial failure, cancellation, timeout, and stale-data behavior remain intact or are reported as tradeoffs.
|
|
151
|
+
- API performance claims are backed by configured evidence, trace evidence, plan evidence, or labeled as static review risk.
|
|
152
|
+
|
|
153
|
+
<!-- mustflow-section: verification -->
|
|
154
|
+
## Verification
|
|
155
|
+
|
|
156
|
+
Use configured oneshot command intents when available:
|
|
157
|
+
|
|
158
|
+
- `changes_status`
|
|
159
|
+
- `changes_diff_summary`
|
|
160
|
+
- `lint`
|
|
161
|
+
- `build`
|
|
162
|
+
- `test_related`
|
|
163
|
+
- `test`
|
|
164
|
+
- `docs_validate_fast`
|
|
165
|
+
- `test_release`
|
|
166
|
+
- `mustflow_check`
|
|
167
|
+
|
|
168
|
+
Use the narrowest configured test, build, docs, release, or mustflow intent that covers the changed API request path. Do not infer raw server, load-test, benchmark, profiler, database shell, Redis shell, browser, or package-manager commands outside the command contract.
|
|
169
|
+
|
|
170
|
+
<!-- mustflow-section: failure-handling -->
|
|
171
|
+
## Failure Handling
|
|
172
|
+
|
|
173
|
+
- If route-level traces, query counts, payload size, cache behavior, or pool wait evidence are missing, report static risk instead of claiming measured latency.
|
|
174
|
+
- If the safe fix requires engine-specific database features, use the matching database skill before editing those surfaces.
|
|
175
|
+
- If the safe fix requires production traces, load tests, flame graphs, pprof captures, MongoDB `explain()` from live data, Redis Slow Log access, provider dashboards, or unconfigured commands, report the manual evidence boundary instead of running raw commands.
|
|
176
|
+
- If optimization conflicts with correctness, authorization, tenant isolation, idempotency, ordering, partial failure, or the response contract, keep correctness and report the tradeoff.
|
|
177
|
+
- If a configured test, build, docs, release, or mustflow command fails, preserve the failing intent and output tail, then fix only the behavior or contract exercised by the failure.
|
|
178
|
+
|
|
179
|
+
<!-- mustflow-section: output-format -->
|
|
180
|
+
## Output Format
|
|
181
|
+
|
|
182
|
+
- API request path reviewed
|
|
183
|
+
- Request cost ledger: route span, DB query count, Redis count, external API calls, filesystem or object-storage calls, payload size, response bytes, JSON serialization time, DTO mapping time, cache hit or miss, queue time, pool acquire wait, transaction duration, lock wait, and request-path CPU work
|
|
184
|
+
- ORM lazy loading, eager loading, projection, pagination, count, index fit, app-side filtering or sorting, transaction, pool, Redis, cache miss, serialization, response size, CPU-heavy request work, and observability findings
|
|
185
|
+
- API request performance change made or recommended
|
|
186
|
+
- Evidence level: measured trace, configured-test evidence, plan evidence, static review risk, manual-only, missing, or not applicable
|
|
187
|
+
- Command intents run
|
|
188
|
+
- Skipped measurements and reasons
|
|
189
|
+
- Remaining API request performance risk
|
|
@@ -0,0 +1,309 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.app-startup-performance-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: app-startup-performance-review
|
|
9
|
+
description: Apply this skill when Android, iOS, React Native, Flutter, Tauri mobile, desktop app shell, Electron, or other installed app code needs startup performance review from icon tap or process launch to first frame and fully usable state, including cold, warm, or hot start, Android TTID and TTFD, `reportFullyDrawn()`, Android Vitals startup thresholds, Xcode Organizer, Instruments App Launch or Time Profiler, `Application.onCreate()`, `AppDelegate`, ContentProvider auto-init, AndroidX App Startup, DI graph creation, SDK initialization, static initializers, main-thread disk or network work, cache snapshots, launch migrations, first-screen layout, launch assets, custom fonts, R8, Baseline Profile, Startup Profile, Macrobenchmark, Perfetto, Hermes, JavaScript or Dart import graphs, deferred components, shader warmup, on-demand modules, splash holds, auth or config gates, and post-first-frame work queues.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.app-startup-performance-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# App Startup Performance Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review installed app startup as a launch critical path from icon tap or process start to first frame
|
|
33
|
+
and fully usable state, not as a splash-screen masking problem.
|
|
34
|
+
|
|
35
|
+
The review question is not "does the splash look smooth?" It is "what code, I/O, SDK, dependency
|
|
36
|
+
graph, asset, first-screen, auth, or config gate blocks the user before the app can draw and before
|
|
37
|
+
the first useful action works?"
|
|
38
|
+
|
|
39
|
+
<!-- mustflow-section: use-when -->
|
|
40
|
+
## Use When
|
|
41
|
+
|
|
42
|
+
- Android, iOS, React Native, Flutter, Tauri mobile, Electron, desktop app shell, or packaged app
|
|
43
|
+
code is created, changed, reviewed, or reported with startup, launch, splash, first frame, first
|
|
44
|
+
screen, time-to-interactive, time-to-full-display, cold start, warm start, hot start, blank screen,
|
|
45
|
+
slow app open, initial route, auth bootstrap, config bootstrap, SDK initialization, or app shell
|
|
46
|
+
performance risk.
|
|
47
|
+
- Code touches `Application.onCreate()`, `AppDelegate`, Android ContentProvider auto-init, AndroidX
|
|
48
|
+
App Startup initializers, dependency injection graph creation, service locators, SDK setup, crash
|
|
49
|
+
reporting, analytics, remote config, feature flags, A/B experiments, ad SDKs, database open,
|
|
50
|
+
migrations, cache cleanup, thumbnail generation, log compression, static initializers, top-level
|
|
51
|
+
imports, global constants, first-screen assets, custom fonts, launch resources, route bootstrap,
|
|
52
|
+
React Native bundles, Flutter first frame, Tauri or Electron preload, or on-demand modules.
|
|
53
|
+
- A final report claims startup is faster, startup-safe, splash-safe, fully drawn, release-ready,
|
|
54
|
+
app-store quality, Play quality, low-end-device safe, or measured by Android Vitals, TTID, TTFD,
|
|
55
|
+
`reportFullyDrawn()`, Xcode Organizer, Instruments, Macrobenchmark, Perfetto, or similar evidence.
|
|
56
|
+
|
|
57
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
58
|
+
## Do Not Use When
|
|
59
|
+
|
|
60
|
+
- The task is purely web page first render, Core Web Vitals, LCP, browser TTFB, route prefetch, or
|
|
61
|
+
web hydration outside an installed app shell; use `web-render-performance-review`.
|
|
62
|
+
- The task is per-frame browser jank, INP, scroll, animation, style, layout, paint, compositing, or
|
|
63
|
+
interaction rendering after startup; use `frame-render-performance-review`.
|
|
64
|
+
- The task is mobile battery, background wakeups, radio, GPS, sensors, Low Power Mode, Battery
|
|
65
|
+
Saver, or energy diagnostics without launch critical-path impact; use `mobile-energy-efficiency-review`.
|
|
66
|
+
- The task is broad runtime performance, backend latency, database throughput, memory, allocation,
|
|
67
|
+
queueing, or generic hot-path work with no app startup boundary; use `performance-budget-check`.
|
|
68
|
+
- The operation only changes splash branding, colors, copy, or artwork with no launch timing,
|
|
69
|
+
startup task, first-screen, asset, or fully usable state claim.
|
|
70
|
+
|
|
71
|
+
<!-- mustflow-section: required-inputs -->
|
|
72
|
+
## Required Inputs
|
|
73
|
+
|
|
74
|
+
- Startup scope ledger: platform, app type, target release build, device class, OS version, startup
|
|
75
|
+
type, entry route, first frame definition, fully usable state definition, and whether the path is
|
|
76
|
+
cold start, warm start, hot start, or process resume.
|
|
77
|
+
- Measurement ledger: Android Vitals, TTID, TTFD, `reportFullyDrawn()` timing, Macrobenchmark,
|
|
78
|
+
Perfetto, Startup Profile, Baseline Profile, Xcode Organizer, Instruments App Launch, Time
|
|
79
|
+
Profiler, release/profile device evidence, low-end physical device evidence, or an explicit
|
|
80
|
+
static-only boundary.
|
|
81
|
+
- Launch critical-path ledger: process entry, app delegate or application class, ContentProvider
|
|
82
|
+
auto-init, AndroidX App Startup initializers, dependency graph creation, SDK initialization,
|
|
83
|
+
static initializers, top-level imports, app shell bootstrap, first route, first view controller or
|
|
84
|
+
activity, and first navigation decision.
|
|
85
|
+
- Main-thread blocking ledger: synchronous disk reads, network calls, JSON parsing, database open,
|
|
86
|
+
SQLite access, SharedPreferences, DataStore, UserDefaults, Keychain, secure storage, file scans,
|
|
87
|
+
font loading, image decode, shader work, and strict-mode or profiler evidence.
|
|
88
|
+
- First usable state ledger: cached snapshot, local token, local config, remote config gate, feature
|
|
89
|
+
flag gate, server validation, kill switch, offline behavior, first CTA availability, and
|
|
90
|
+
post-first-frame refresh policy.
|
|
91
|
+
- First-screen render ledger: shell complexity, list size, nested scroll, custom chart, map, video,
|
|
92
|
+
Lottie, blur, shadow, SVG, oversized launch resources, custom fonts, synchronous layout work,
|
|
93
|
+
cached summary, and placeholder stability.
|
|
94
|
+
- Deferred work ledger: analytics, crash SDK, ad SDK, remote config refresh, feature experiments,
|
|
95
|
+
migrations, cache cleanup, thumbnail regeneration, log compression, prefetch, warmup, telemetry,
|
|
96
|
+
and idle or screen-entry queue ownership.
|
|
97
|
+
- Platform optimization ledger: Android R8, shrink or optimize settings, keep-rule side effects,
|
|
98
|
+
Baseline Profile, Startup Profile, Macrobenchmark CI, Perfetto traces, AndroidX App Startup,
|
|
99
|
+
on-demand modules, iOS dynamic frameworks, mergeable libraries, Objective-C `+load`, C++ static
|
|
100
|
+
constructors, React Native Hermes, lazy loading, inline require, import graph, Flutter deferred
|
|
101
|
+
components, shader warmup tradeoff, and Tauri or Electron preload cost.
|
|
102
|
+
- Existing tests, startup budgets, profiler traces, telemetry, build outputs, package surfaces,
|
|
103
|
+
synchronized docs or templates, and configured command-intent evidence.
|
|
104
|
+
|
|
105
|
+
<!-- mustflow-section: preconditions -->
|
|
106
|
+
## Preconditions
|
|
107
|
+
|
|
108
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
109
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
|
|
110
|
+
current scope.
|
|
111
|
+
- Required startup evidence is available from current files, diffs, docs, configured outputs, user
|
|
112
|
+
evidence, or can be reported as missing without guessing.
|
|
113
|
+
- Review release or profile behavior, not only debug builds, simulators, emulators, hot-reload
|
|
114
|
+
sessions, flagship devices, or local developer machines.
|
|
115
|
+
- If code touches auth, permissions, privacy, payments, migrations, storage, push, analytics, or
|
|
116
|
+
third-party SDKs, also use the matching narrower security, data, migration, telemetry, or
|
|
117
|
+
dependency skill when its trigger is present.
|
|
118
|
+
|
|
119
|
+
<!-- mustflow-section: allowed-edits -->
|
|
120
|
+
## Allowed Edits
|
|
121
|
+
|
|
122
|
+
- Move noncritical SDK initialization, analytics, remote config, feature experiments, ad SDKs,
|
|
123
|
+
cache cleanup, log compression, prefetch, migrations, heavy parsing, and thumbnail work from
|
|
124
|
+
pre-first-frame startup into post-first-frame, idle, background-safe, or screen-entry queues.
|
|
125
|
+
- Replace eager dependency graph construction, top-level imports, static initializers, app-wide
|
|
126
|
+
service locator setup, and auto-initialized providers with lazy, scoped, or explicit startup
|
|
127
|
+
owners when the repository evidence supports the change.
|
|
128
|
+
- Add or tighten startup budgets, measurement hooks, `reportFullyDrawn()` placement, first usable
|
|
129
|
+
state tests, lazy-init tests, macrobenchmark-style harness integration, profiler notes, and
|
|
130
|
+
synchronized docs or templates when the repository already has a pattern or configured intent.
|
|
131
|
+
- Simplify first-screen render work, use cached snapshots, defer server validation, limit remote
|
|
132
|
+
config gates, reduce first-screen asset and font cost, and split on-demand modules when in scope.
|
|
133
|
+
- Do not hide slow startup behind a longer splash hold, fake `reportFullyDrawn()` early, remove
|
|
134
|
+
necessary safety gates, skip required migrations unsafely, or trade correctness, auth, privacy,
|
|
135
|
+
data integrity, crash diagnostics, accessibility, or user trust for a faster-looking first paint.
|
|
136
|
+
- Do not start raw Android Studio, Xcode, emulator, device, profiler, browser, package-manager,
|
|
137
|
+
benchmark, or dev-server workflows outside the configured command contract.
|
|
138
|
+
|
|
139
|
+
<!-- mustflow-section: procedure -->
|
|
140
|
+
## Procedure
|
|
141
|
+
|
|
142
|
+
1. Define the startup target before tuning.
|
|
143
|
+
- Name cold start, warm start, hot start, process resume, or first route transition.
|
|
144
|
+
- Name the user-visible first frame and the fully usable state separately.
|
|
145
|
+
- For Android, distinguish TTID from TTFD and require `reportFullyDrawn()` to mark real usable
|
|
146
|
+
completion, not an early metric shortcut.
|
|
147
|
+
- For iOS, distinguish launch display, first screen readiness, and post-launch work visible in
|
|
148
|
+
Xcode Organizer or Instruments.
|
|
149
|
+
2. Check measurement quality.
|
|
150
|
+
- Prefer release or profile builds on a low-end physical device for startup claims.
|
|
151
|
+
- Treat debug builds, simulators, emulators, hot reload, warm dev caches, and flagship-only
|
|
152
|
+
evidence as weak or non-representative.
|
|
153
|
+
- Use Android Vitals cold, warm, and hot startup thresholds, Macrobenchmark, Perfetto, Startup
|
|
154
|
+
Profile, Baseline Profile, Xcode Organizer, Instruments App Launch, and Time Profiler only
|
|
155
|
+
when they are configured or provided. Otherwise label the result as static startup risk.
|
|
156
|
+
3. Draw the launch critical path.
|
|
157
|
+
- List every owner that runs before the first frame: OS entry, `Application.onCreate()`,
|
|
158
|
+
`AppDelegate`, ContentProvider auto-init, AndroidX App Startup, dependency injection, SDK
|
|
159
|
+
setup, static initializers, top-level imports, first route, first activity or view controller,
|
|
160
|
+
first database open, and first network decision.
|
|
161
|
+
- Mark whether each item is required for first pixels, required for first useful action, or
|
|
162
|
+
deferrable.
|
|
163
|
+
4. Empty the application delegate or application class.
|
|
164
|
+
- Do not treat `Application.onCreate()` or `AppDelegate` as a warehouse for analytics, crash SDKs,
|
|
165
|
+
remote config, feature flags, A/B experiments, ad SDKs, database open, dependency graph build,
|
|
166
|
+
cache warmup, and one-time cleanup.
|
|
167
|
+
- Keep only the minimum process safety and routing prerequisites there.
|
|
168
|
+
5. Audit auto-init.
|
|
169
|
+
- On Android, search ContentProvider and AndroidX App Startup initialization paths before blaming
|
|
170
|
+
visible application code.
|
|
171
|
+
- Disable or defer third-party auto-init when the SDK supports it and startup does not need it.
|
|
172
|
+
- Keep a single explicit startup owner so SDK order and failure behavior are reviewable.
|
|
173
|
+
6. Shrink dependency graph creation.
|
|
174
|
+
- Do not build the whole DI container, service locator, repository graph, database stack, or SDK
|
|
175
|
+
registry before first frame when the first screen needs only a small subset.
|
|
176
|
+
- Prefer lazy providers, route-scoped owners, and first-use construction with clear failure paths.
|
|
177
|
+
7. Hunt static initializer cost.
|
|
178
|
+
- Check Kotlin `object` and companion object initialization, Java static blocks, Swift global
|
|
179
|
+
constants, Objective-C `+load`, C++ static constructors, module-level JavaScript or Dart
|
|
180
|
+
code, and Electron or Tauri preload side effects.
|
|
181
|
+
- Move heavy parsing, disk reads, regex compilation, crypto setup, SDK access, and service
|
|
182
|
+
creation out of static startup paths.
|
|
183
|
+
8. Remove main-thread disk and network before first frame.
|
|
184
|
+
- Treat SharedPreferences, DataStore, UserDefaults, Keychain, secure storage, SQLite, JSON files,
|
|
185
|
+
file scans, cache index reads, network fetches, DNS, TLS, and remote config calls as startup
|
|
186
|
+
blockers until proven asynchronous and non-blocking.
|
|
187
|
+
- Use platform strict-mode, profiler, or trace evidence when available; otherwise report static
|
|
188
|
+
risk instead of claiming the path is clean.
|
|
189
|
+
9. Make first usable state mostly local.
|
|
190
|
+
- Draw the first screen from a small cache snapshot, local token, and last-known safe config when
|
|
191
|
+
product semantics allow it.
|
|
192
|
+
- Defer server validation, full remote config refresh, feature experiment fetches, personalization,
|
|
193
|
+
and secondary data until after first frame or screen entry.
|
|
194
|
+
- Keep only a minimal synchronous kill switch or safety gate when the product truly needs it.
|
|
195
|
+
10. Keep migrations and maintenance off launch.
|
|
196
|
+
- Do not run large database migrations, cache cleanup, thumbnail regeneration, log compression,
|
|
197
|
+
full-text index rebuilds, media scans, or telemetry flushes before first frame.
|
|
198
|
+
- Split required compatibility checks from heavy maintenance; schedule heavy work after first
|
|
199
|
+
usable state with cancellation, retry, and failure visibility.
|
|
200
|
+
11. Make the first screen cheap.
|
|
201
|
+
- Prefer a lightweight shell, primary CTA, cached summary, stable placeholders, and enough
|
|
202
|
+
content for orientation.
|
|
203
|
+
- Defer nested scroll containers, custom charts, maps, video, Lottie, shadows, blur, SVG-heavy
|
|
204
|
+
illustrations, huge lists, and complex text measurement until after startup unless they are
|
|
205
|
+
the core first task.
|
|
206
|
+
12. Keep launch assets and fonts small.
|
|
207
|
+
- Use appropriately sized launch resources, not full-resolution marketing artwork.
|
|
208
|
+
- Limit first-screen custom font families, weights, and icon fonts; use system or fallback fonts
|
|
209
|
+
when the first usable state matters more than brand polish.
|
|
210
|
+
- Avoid startup JSON parsing or asset manifest scans that exist only to select decoration.
|
|
211
|
+
13. Apply Android startup tooling deliberately.
|
|
212
|
+
- Check R8 optimize and shrink behavior, keep-rule bloat, class loading, Baseline Profile,
|
|
213
|
+
Startup Profile, Macrobenchmark coverage, Perfetto trace boundaries, and AndroidX App Startup
|
|
214
|
+
ownership.
|
|
215
|
+
- Use on-demand modules for large optional features when the module split is already supported
|
|
216
|
+
or explicitly in scope.
|
|
217
|
+
14. Apply iOS startup tooling deliberately.
|
|
218
|
+
- Review third-party framework count, dynamic framework loading, mergeable library options,
|
|
219
|
+
Objective-C `+load`, C++ static constructors, global Swift initialization, and app delegate
|
|
220
|
+
work.
|
|
221
|
+
- Use Xcode Organizer, Instruments App Launch, and Time Profiler evidence when available.
|
|
222
|
+
15. Apply hybrid framework startup rules.
|
|
223
|
+
- React Native: check Hermes, startup bundle size, lazy loading, `inline require`, import graph,
|
|
224
|
+
top-level side effects, native module eager init, and whether one heavy import pulls in a
|
|
225
|
+
screen that the first route does not need.
|
|
226
|
+
- Flutter: check release or profile startup on device, deferred components, shader warmup as a
|
|
227
|
+
tradeoff, synchronous plugin setup, isolate startup, and first-frame work.
|
|
228
|
+
- Electron or Tauri: check preload script cost, window creation, sync filesystem access, eager
|
|
229
|
+
native plugin load, and first window route imports.
|
|
230
|
+
16. Split work by launch phase.
|
|
231
|
+
- Put only process-critical prerequisites before first frame.
|
|
232
|
+
- Put visible first-screen requirements before fully usable state.
|
|
233
|
+
- Put analytics, remote config refresh, prefetch, optional SDKs, cleanup, and warmup after first
|
|
234
|
+
frame, idle, background-safe scheduling, or screen entry.
|
|
235
|
+
- Give each deferred bucket an owner, cancellation rule, timeout, retry policy, and observability.
|
|
236
|
+
17. Verify or label the evidence.
|
|
237
|
+
- Use configured tests, builds, docs checks, release checks, and mustflow checks for repository
|
|
238
|
+
surfaces changed by the review.
|
|
239
|
+
- Use platform traces, Macrobenchmark, Perfetto, Android Vitals, Xcode Organizer, and
|
|
240
|
+
Instruments only when they are configured or supplied.
|
|
241
|
+
- Report missing device, profiler, release-build, low-end-device, production telemetry, or
|
|
242
|
+
benchmark evidence instead of claiming measured startup improvement.
|
|
243
|
+
|
|
244
|
+
<!-- mustflow-section: postconditions -->
|
|
245
|
+
## Postconditions
|
|
246
|
+
|
|
247
|
+
- Startup type, first frame, fully usable state, measurement quality, release/profile device
|
|
248
|
+
boundary, launch critical path, app delegate or application class work, auto-init, dependency
|
|
249
|
+
graph, static initializers, main-thread I/O, first-screen data source, auth and config gates,
|
|
250
|
+
maintenance work, first-screen render complexity, assets, fonts, platform optimizations, hybrid
|
|
251
|
+
framework import graph, deferred queue ownership, and verification evidence are explicit.
|
|
252
|
+
- Splash masking, early `reportFullyDrawn()` metric gaming, debug-only measurement, simulator-only
|
|
253
|
+
claims, flagship-only claims, app delegate warehouses, ContentProvider surprise init, eager DI
|
|
254
|
+
graph construction, SDK auto-init, static initializer cost, main-thread disk or network, network
|
|
255
|
+
first-screen dependency, launch migrations, cache cleanup, heavy first screen, oversized launch
|
|
256
|
+
assets, font bloat, React Native top-level import bloat, Flutter shader surprise, and unowned
|
|
257
|
+
deferred work are fixed or reported.
|
|
258
|
+
- Startup performance claims are backed by configured tests, platform diagnostic evidence, static
|
|
259
|
+
review evidence, or labeled as manual-only or missing.
|
|
260
|
+
|
|
261
|
+
<!-- mustflow-section: verification -->
|
|
262
|
+
## Verification
|
|
263
|
+
|
|
264
|
+
Use configured oneshot command intents when available:
|
|
265
|
+
|
|
266
|
+
- `changes_status`
|
|
267
|
+
- `changes_diff_summary`
|
|
268
|
+
- `lint`
|
|
269
|
+
- `build`
|
|
270
|
+
- `test_related`
|
|
271
|
+
- `test`
|
|
272
|
+
- `docs_validate_fast`
|
|
273
|
+
- `test_release`
|
|
274
|
+
- `mustflow_check`
|
|
275
|
+
|
|
276
|
+
Prefer the narrowest configured test, build, docs, release, or mustflow intent that covers the
|
|
277
|
+
changed startup surface and synchronized template surfaces. Do not infer raw Android Studio, Xcode,
|
|
278
|
+
emulator, physical device, profiler, platform dashboard, package-manager, benchmark, or dev-server
|
|
279
|
+
commands outside the command contract.
|
|
280
|
+
|
|
281
|
+
<!-- mustflow-section: failure-handling -->
|
|
282
|
+
## Failure Handling
|
|
283
|
+
|
|
284
|
+
- If a configured command fails, preserve the failing intent, failing assertion or output tail, and
|
|
285
|
+
the startup invariant it exercised before editing again.
|
|
286
|
+
- If first frame or fully usable state cannot be defined, report that startup performance is not
|
|
287
|
+
reviewable yet instead of adding generic lazy loading.
|
|
288
|
+
- If release-build, device, profiler, or production telemetry evidence is missing, complete
|
|
289
|
+
available static and configured-test evidence and report the missing measurement boundary.
|
|
290
|
+
- If safe repair requires product changes to auth, config, SDK policy, migration design, native
|
|
291
|
+
module ownership, release profiling, platform entitlements, or third-party SDK settings outside
|
|
292
|
+
scope, report the boundary instead of inventing commands.
|
|
293
|
+
- If startup speed conflicts with security, privacy, data migration integrity, crash reporting,
|
|
294
|
+
accessibility, or user trust, keep the safer behavior and report the startup tradeoff.
|
|
295
|
+
|
|
296
|
+
<!-- mustflow-section: output-format -->
|
|
297
|
+
## Output Format
|
|
298
|
+
|
|
299
|
+
- App startup boundary reviewed
|
|
300
|
+
- Startup type, first frame, fully usable state, measurement quality, and evidence level
|
|
301
|
+
- Launch critical path, auto-init, dependency graph, static initializer, main-thread I/O, first data,
|
|
302
|
+
auth/config gate, maintenance, first-screen render, asset/font, platform tooling, hybrid framework,
|
|
303
|
+
and deferred-work findings
|
|
304
|
+
- Startup fixes made or recommended
|
|
305
|
+
- Evidence level: measured, configured-test evidence, static startup risk, manual-only, missing, or
|
|
306
|
+
not applicable
|
|
307
|
+
- Command intents run
|
|
308
|
+
- Skipped startup diagnostics and reasons
|
|
309
|
+
- Remaining app-startup performance risk
|