mustflow 2.39.1 → 2.58.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (92) hide show
  1. package/dist/cli/commands/run/executor.js +16 -0
  2. package/dist/cli/commands/run/process-tree.js +6 -3
  3. package/dist/cli/commands/verify.js +3 -1
  4. package/dist/cli/lib/git-changes.js +11 -1
  5. package/dist/cli/lib/i18n.js +1 -1
  6. package/dist/cli/lib/local-index/index.js +8 -4
  7. package/dist/cli/lib/local-index/populate.js +17 -3
  8. package/dist/cli/lib/local-index/search-read-model.js +9 -7
  9. package/dist/cli/lib/local-index/search-text.js +2 -2
  10. package/dist/cli/lib/local-index/workflow-documents.js +17 -2
  11. package/dist/cli/lib/mustflow-read.js +14 -2
  12. package/dist/cli/lib/repo-map.js +16 -3
  13. package/dist/cli/lib/templates.js +8 -7
  14. package/dist/cli/lib/validation/constants.js +1 -1
  15. package/dist/core/active-run-locks.js +78 -20
  16. package/dist/core/change-classification.js +4 -0
  17. package/dist/core/command-contract-rules.js +1 -1
  18. package/dist/core/command-contract-validation.js +1 -1
  19. package/dist/core/command-cwd.js +13 -2
  20. package/dist/core/command-effects.js +22 -4
  21. package/dist/core/command-env.js +8 -6
  22. package/dist/core/command-preconditions.js +28 -2
  23. package/dist/core/completion-verdict.js +1 -1
  24. package/dist/core/line-endings.js +8 -4
  25. package/dist/core/safe-filesystem.js +9 -1
  26. package/dist/core/source-anchor-validation.js +7 -1
  27. package/dist/core/source-anchors.js +8 -2
  28. package/dist/core/verification-scheduler.js +8 -2
  29. package/package.json +1 -1
  30. package/templates/default/i18n.toml +330 -1
  31. package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
  32. package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
  33. package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
  34. package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
  35. package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
  36. package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
  37. package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
  38. package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
  39. package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
  40. package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
  41. package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
  42. package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
  43. package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
  44. package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
  45. package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
  46. package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
  47. package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
  48. package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
  49. package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
  50. package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
  51. package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
  52. package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
  53. package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
  54. package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
  55. package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
  56. package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
  57. package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
  58. package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
  59. package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
  60. package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
  61. package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
  62. package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
  63. package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
  64. package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
  65. package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
  66. package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
  67. package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
  68. package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
  69. package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
  70. package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
  71. package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
  72. package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
  73. package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
  74. package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
  75. package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
  76. package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
  77. package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
  78. package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
  79. package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
  80. package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
  81. package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
  82. package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
  83. package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
  84. package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
  85. package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
  86. package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
  87. package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
  88. package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
  89. package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
  90. package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
  91. package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
  92. package/templates/default/manifest.toml +386 -1
@@ -0,0 +1,340 @@
1
+ ---
2
+ mustflow_doc: skill.low-end-device-support-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: low-end-device-support-review
9
+ description: Apply this skill when Android Go, low-RAM Android, older iOS, React Native, Flutter, Tauri mobile, Electron, desktop app shell, or other constrained-device support needs review for low-end target devices, runtime memory class, `isLowRamDevice()`, `getMemoryClass()`, cold-start frequency, peak memory, low memory killer, iOS dirty memory, memory warnings, `onTrimMemory()`, image decode sizes, GIF or Lottie cost, list virtualization, Compose recomposition, SwiftUI body work, main-thread work, frozen frames, blur, shadow, gradient, glass effects, SDK diet, remote config defaults, network fan-out, disk writes, cache limits, DB paging and indexes, background work, polling, sensors, permissions, bottom-percentile device measurement, and product-level p90 budgets.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.low-end-device-support-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # Low-End Device Support Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Review low-end device support as a capability budget across CPU, GPU, RAM, storage, network,
33
+ startup, rendering, SDKs, and background work.
34
+
35
+ The review question is not "which single algorithm is slow?" It is "does the app try to wake too
36
+ many SDKs, decode too many pixels, make too many requests, open too much data, animate too much UI,
37
+ and keep too much cache at the same time for the weakest supported device?"
38
+
39
+ <!-- mustflow-section: use-when -->
40
+ ## Use When
41
+
42
+ - Android Go, low-RAM Android, older iOS, React Native, Flutter, Tauri mobile, Electron, desktop app
43
+ shell, TV, embedded, kiosk, or other constrained-device code is created, changed, reviewed, or
44
+ reported with low-end, low RAM, weak CPU, weak GPU, small storage, slow disk, slow network,
45
+ out-of-memory, low memory killer, LMK, ANR, hangs, frozen frames, dropped frames, slow startup,
46
+ heavy first screen, image decode, GIF, Lottie, cache, database, SDK, polling, sensor, or
47
+ background-work risk.
48
+ - Code or product policy touches `isLowRamDevice()`, `getMemoryClass()`, Android Go behavior,
49
+ memory class, low-end mode, cache sizing, image sizing, animation reduction, prefetch width,
50
+ request fan-out, list batch size, feature degradation, remote config defaults, SDK auto-init, or
51
+ bottom-percentile device budgets.
52
+ - A final report claims low-end safe, Android Go safe, older-device safe, memory efficient,
53
+ lightweight, responsive, low RAM compatible, production performance ready, or measured on weak
54
+ devices.
55
+
56
+ <!-- mustflow-section: do-not-use-when -->
57
+ ## Do Not Use When
58
+
59
+ - The task is only launch critical-path review from icon tap to first frame or fully usable state;
60
+ use `app-startup-performance-review`.
61
+ - The task is only battery, wakeup, mobile radio, background scheduling, GPS, sensors, or Low Power
62
+ Mode behavior; use `mobile-energy-efficiency-review`.
63
+ - The task is only browser per-frame work, INP, scroll jank, style, layout, paint, compositing, or
64
+ DOM cost; use `frame-render-performance-review`.
65
+ - The task is only backend latency, service throughput, data-structure cost, N+1 access,
66
+ allocation churn, or broad hot-path budgeting without a constrained-device surface; use
67
+ `performance-budget-check` or a narrower performance skill.
68
+ - The task is only responsive layout, hostile content, keyboard, safe area, overflow, i18n, or
69
+ visual resilience without runtime capability limits; use `frontend-stress-layout-review`.
70
+
71
+ <!-- mustflow-section: required-inputs -->
72
+ ## Required Inputs
73
+
74
+ - Target-device ledger: supported platforms, lowest comfort baseline, lowest support baseline,
75
+ OS versions, memory class, RAM, storage, CPU/GPU class, screen density, network assumptions, and
76
+ whether the target is Android Go, low-RAM Android, older iOS, emulator, simulator, or physical
77
+ device.
78
+ - Measurement ledger: release or profile build evidence from bottom 10% devices, Android Vitals,
79
+ crash, ANR, startup, slow rendering, frozen frame, LMK, wake lock, Perfetto, Macrobenchmark, iOS
80
+ Organizer, Instruments, MetricKit, device traces, or an explicit static-only boundary.
81
+ - Product budget ledger: home first frame p90, fully usable p90, screen peak memory, image memory
82
+ limit, cache limit, request fan-out, concurrency width, dropped-frame or frozen-frame target,
83
+ background work count, SDK initialization timing, and feature degradation policy.
84
+ - Startup and first-screen ledger: cold-start frequency, TTID, TTFD, local cache, skeleton, local
85
+ defaults, remote config, ContentProvider auto-init, AndroidX App Startup, Baseline Profile,
86
+ Startup Profile, R8, first-screen API fan-out, first-screen image decode, first-screen list size,
87
+ and post-first-frame work.
88
+ - Memory-pressure ledger: peak memory, average memory, Android LMK, zRAM, iOS dirty memory,
89
+ `onTrimMemory()`, iOS memory warning, image cache, screen cache, hidden tabs, search results,
90
+ temporary models, and cleanup behavior.
91
+ - Rendering and list ledger: main-thread work, frozen frames over 700ms, 16ms frame budget,
92
+ transform, opacity, rotation, layout-property animations, blur, shadow, gradient, glass effects,
93
+ list virtualization, stable keys, lazy layout, Compose `remember`, `derivedStateOf`, delayed state
94
+ reads, SwiftUI `body`, and offscreen work.
95
+ - Data, network, and disk ledger: thumbnail versus original image sizing, GIF or video or Lottie
96
+ choice, API field selection, first-screen API fan-out, DB query shape, indexes, sort, paging,
97
+ selected columns, SQLite WAL, transactions, JSON, plist, XML, cache bounds, LRU policy, and batch
98
+ disk writes.
99
+ - SDK and background ledger: first-run essential SDKs, after-first-screen SDKs, feature-entry SDKs,
100
+ analytics, ads, CRM, chat, session replay, A/B tests, crash reporting, remote config, payments,
101
+ maps, push token, auto screen tracking, WorkManager, polling, wake locks, sensors, location, and
102
+ permission start or stop ownership.
103
+ - Existing tests, profiler traces, telemetry, build outputs, package surfaces, synchronized docs or
104
+ templates, and configured command-intent evidence.
105
+
106
+ <!-- mustflow-section: preconditions -->
107
+ ## Preconditions
108
+
109
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
110
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
111
+ current scope.
112
+ - Required low-end evidence is available from current files, diffs, docs, configured outputs,
113
+ user-provided evidence, or can be reported as missing without guessing.
114
+ - Review release or profile behavior on weak physical devices when making performance claims. Treat
115
+ debug builds, simulators, emulators, hot reload, flagship-only testing, and warm developer caches
116
+ as weak evidence unless the task explicitly scopes them.
117
+ - If the change touches auth, privacy, payments, migrations, storage, permissions, telemetry,
118
+ background services, or third-party SDK behavior, also use the narrower matching skill when its
119
+ trigger is present.
120
+
121
+ <!-- mustflow-section: allowed-edits -->
122
+ ## Allowed Edits
123
+
124
+ - Add or tighten runtime capability detection, low-end mode switches, target-device budgets, cache
125
+ bounds, image decode sizing, first-screen local defaults, skeleton or cached data paths, SDK
126
+ deferral, remote config fallback, API field reduction, request fan-out limits, screen-level
127
+ concurrency queues, list virtualization, animation reduction, memory-warning cleanup, disk-write
128
+ batching, database paging and indexes, background-work constraints, polling removal, sensor stop
129
+ paths, low-end telemetry, and focused tests.
130
+ - Stage SDKs into first-run essential, after-first-screen, and feature-entry groups when repository
131
+ evidence supports the change.
132
+ - Reduce decorative blur, shadow, gradient, glass, GIF, complex Lottie, offscreen animation,
133
+ oversized thumbnails, unbounded cache, eager prefetch, and hidden-tab retention when they harm
134
+ the target device budget.
135
+ - Do not fake low-end support by only adding a model blacklist, longer splash hold, spinner, reduced
136
+ marketing copy, or generic "optimize later" comment.
137
+ - Do not remove correctness, safety, auth, privacy, crash diagnostics, accessibility, required
138
+ migration integrity, or user-critical behavior merely to fit a low-end budget.
139
+ - Do not start raw Android Studio, Xcode, emulator, device lab, profiler, dashboard, dev-server,
140
+ package-manager, or telemetry workflows outside the configured command contract.
141
+
142
+ <!-- mustflow-section: procedure -->
143
+ ## Procedure
144
+
145
+ 1. Define the low-end product contract before tuning.
146
+ - Name the comfort baseline and support baseline separately.
147
+ - Define p90 home first frame, p90 fully usable state, screen peak memory, image memory limit,
148
+ cache limit, dropped-frame or frozen-frame threshold, background work count, API fan-out, and
149
+ SDK initialization timing.
150
+ - If budgets do not exist, report that low-end support is policy-incomplete instead of treating
151
+ isolated micro-optimizations as a complete answer.
152
+ 2. Check measurement quality.
153
+ - Prefer release or profile builds on bottom 10% physical devices.
154
+ - Use Android Vitals, LMK reports, ANR, frozen frames, startup, wake locks, Perfetto,
155
+ Macrobenchmark, iOS Organizer, Instruments, and MetricKit only when configured or supplied.
156
+ - Label static-only review clearly when device, profiler, release-build, or field evidence is
157
+ missing.
158
+ 3. Detect capability at runtime.
159
+ - Use platform capability signals such as `isLowRamDevice()` and `getMemoryClass()` where
160
+ available.
161
+ - Avoid model-name blacklists as the primary decision because vendor, region, carrier, and
162
+ custom builds drift.
163
+ - Tie capability to concrete limits: image resolution, cache size, animation, prefetch count,
164
+ concurrency width, list batch size, and feature entry.
165
+ 4. Treat cold start as common on low-end devices.
166
+ - Low-end users often hit cold start more often because the OS kills background processes.
167
+ - Separate TTID from TTFD and first frame from useful state.
168
+ - Route startup-only launch work to `app-startup-performance-review` while keeping low-end
169
+ capability budgets here.
170
+ 5. Keep process entry small.
171
+ - Keep `Application.onCreate()`, `AppDelegate`, first Activity, and first ViewController limited
172
+ to process-critical work.
173
+ - Defer analytics, ad SDKs, remote config refresh, push token, payments, maps, chat, A/B tests,
174
+ database open, cache cleanup, and prefetch until after first frame or feature entry unless
175
+ product safety requires them.
176
+ 6. Audit hidden Android startup.
177
+ - Check ContentProvider auto-init and AndroidX App Startup ownership before assuming visible
178
+ application code controls launch.
179
+ - Disable or defer auto-init when the SDK supports it and first screen does not require it.
180
+ 7. Keep remote config local-first.
181
+ - Provide local defaults for feature flags and low-end limits.
182
+ - Let server values update after the first usable state when product semantics allow it.
183
+ - Report any experiment, kill switch, or remote config that blocks first screen without a local
184
+ fallback.
185
+ 8. Protect the main thread.
186
+ - Treat main-thread UI work as scarce. Move image decode, JSON parsing, DB open, decompression,
187
+ recommendation computation, cache cleanup, and network waits off the immediate UI path.
188
+ - Fix frozen frames over 700ms before spending effort on tiny 16ms frame optimizations.
189
+ - Keep 16ms frame budgets and input responsiveness visible as constraints, not as proof without
190
+ trace evidence.
191
+ 9. Reduce expensive pixels.
192
+ - Prefer transform, opacity, and rotation for animation.
193
+ - Avoid per-frame width, height, margin, padding, constraint, or layout-property changes.
194
+ - Limit repeated blur, shadow, gradient, glass, translucent layer, and complex effect use,
195
+ especially inside list cells.
196
+ 10. Watch peak memory, not only averages.
197
+ - Review screen transitions, image-heavy screens, search, maps, media, hidden tabs, and cached
198
+ results for peak memory spikes.
199
+ - On Android, account for LMK and zRAM pressure. On iOS, account for dirty memory.
200
+ - Do not approve "average memory is fine" when one screen can spike over the device budget.
201
+ 11. Make memory pressure handlers real.
202
+ - Use `onTrimMemory()` and iOS memory warning paths to release image cache, screen cache, search
203
+ results, temporary models, hidden-tab data, decoded bitmaps, and stale prefetch.
204
+ - Test or report the missing test boundary for these cleanup paths.
205
+ 12. Cap concurrency by screen.
206
+ - Avoid running image decode, JSON parsing, DB queries, decompression, recommendation compute,
207
+ and prefetch all at once.
208
+ - Use screen-level or feature-level queues with cancellation, backpressure, timeout, and owner
209
+ visibility.
210
+ 13. Decode images to display size.
211
+ - Never decode original images for thumbnails.
212
+ - Treat large `ARGB_8888` images as memory events; a 4048x3036 image can be about 48MB when
213
+ fully decoded.
214
+ - Use thumbnail URLs, server transforms, downsampling, hardware bitmap policy, and low-end image
215
+ quality limits where the platform and project support them.
216
+ 14. Degrade animated media.
217
+ - Treat GIF as disabled or heavily restricted in low-end mode unless it is core user content.
218
+ - Prefer small video or static fallback where product semantics allow it.
219
+ - Keep Lottie simple; complex vector animation can become CPU work even when it looks light.
220
+ 15. Keep lists visible-only.
221
+ - Use lazy layout or virtualization, stable keys, bounded buffers, and paging.
222
+ - Avoid pre-rendering offscreen cells, measuring every cell repeatedly, decoding every image
223
+ eagerly, or changing keys across updates.
224
+ 16. Keep declarative UI bodies cheap.
225
+ - In Compose, use `remember`, `derivedStateOf`, stable models, and delayed state reads to avoid
226
+ recomputing sort, filter, date, permission, and price work during composition.
227
+ - In SwiftUI, keep `body` dumb; move formatters, image resizing, sorting, filtering, and state
228
+ combination into a view model or preparation layer.
229
+ 17. Bound caches.
230
+ - Set smaller RAM cache limits for low-end mode and define eviction behavior.
231
+ - Prefer LRU or project-standard bounded eviction over unbounded maps.
232
+ - Release screen-local caches on screen exit when the next screen needs memory more than the
233
+ previous screen needs instant restore.
234
+ 18. Shape database work for scroll.
235
+ - Review index fit, sort order, paging, selected columns, and query count for home feeds, chats,
236
+ notifications, and other frequently opened lists.
237
+ - Use SQLite WAL and transactions where the repository already supports them and the write path
238
+ needs batching.
239
+ - Do not overfetch full records just to render thumbnails or list rows.
240
+ 19. Batch disk writes.
241
+ - Avoid rewriting a large JSON, plist, or XML file for a tiny value change.
242
+ - Coalesce autosave, scroll position, telemetry, cache metadata, and preferences writes.
243
+ - Prefer partial updates, append or merge strategies, or a database when frequent small updates
244
+ outgrow a single serialized blob.
245
+ 20. Reduce first-screen network fan-out.
246
+ - Fetch only the fields and thumbnails needed for orientation and first action.
247
+ - Defer detailed data until screen entry.
248
+ - Avoid many parallel first-screen APIs that create CPU, memory, radio, TLS, JSON, and retry
249
+ pressure at once.
250
+ 21. Respect mobile background and sensor cost.
251
+ - Use system-batched work such as WorkManager when durable background work can wait.
252
+ - Avoid wake locks, polling, and exact periodic refresh by default.
253
+ - Start GPS, camera, microphone, Bluetooth, Wi-Fi scan, and other sensors only for explicit
254
+ visible value, use coarse location where enough, and stop when the screen or task ends.
255
+ 22. Put the app on an SDK diet.
256
+ - Classify SDKs as first-run essential, after-first-screen, or feature-entry only.
257
+ - Review analytics, ads, CRM, chat, session replay, A/B testing, crash reporting, remote config,
258
+ payments, maps, and push setup.
259
+ - Disable auto screen tracking, unused event collection, eager modules, and hidden auto-init
260
+ where product and SDK policy allow it.
261
+ 23. Define low-end degradation as a product behavior.
262
+ - Name which image resolution, cache size, animation, prefetch, list batch size, background
263
+ work, SDK timing, recommendation, ML, or ornamental effect changes under low-end mode.
264
+ - Keep user-critical safety, accessibility, auth, privacy, payment, and data-integrity paths
265
+ explicit.
266
+ 24. Verify or report the gap.
267
+ - Use configured tests, builds, docs checks, release checks, and mustflow checks for changed
268
+ repository surfaces.
269
+ - Use device, profiler, platform dashboard, and field telemetry evidence only when configured or
270
+ supplied.
271
+ - Report missing bottom-percentile device evidence, release-build traces, low-memory simulation,
272
+ memory-warning tests, startup traces, list-scroll traces, or field telemetry instead of
273
+ claiming measured low-end improvement.
274
+
275
+ <!-- mustflow-section: postconditions -->
276
+ ## Postconditions
277
+
278
+ - Target-device baseline, capability detection, low-end mode, p90 budgets, startup and first-screen
279
+ boundary, memory pressure, peak memory, main-thread work, frozen frames, image decode, animated
280
+ media, list virtualization, Compose or SwiftUI work, cache limits, DB shape, disk writes, network
281
+ fan-out, background work, polling, sensors, SDK staging, degradation policy, and evidence level
282
+ are explicit.
283
+ - Model blacklist shortcuts, splash masking, local-default gaps, hidden ContentProvider auto-init,
284
+ eager SDK setup, remote-config blocking, first-screen API fan-out, main-thread decode or parsing,
285
+ frozen frames, layout-property animation, repeated blur or shadow, peak memory spikes, no-op
286
+ memory warnings, unbounded caches, original-size thumbnails, GIF decoration, unstable list keys,
287
+ heavy Compose or SwiftUI body work, overfetching DB queries, giant JSON rewrites, polling, sensors
288
+ left on, and first-run SDK bloat are fixed or reported.
289
+ - Low-end support claims are backed by configured tests, device or telemetry evidence, static review
290
+ evidence, or labeled as manual-only or missing.
291
+
292
+ <!-- mustflow-section: verification -->
293
+ ## Verification
294
+
295
+ Use configured oneshot command intents when available:
296
+
297
+ - `changes_status`
298
+ - `changes_diff_summary`
299
+ - `lint`
300
+ - `build`
301
+ - `test_related`
302
+ - `test`
303
+ - `docs_validate_fast`
304
+ - `test_release`
305
+ - `mustflow_check`
306
+
307
+ Prefer the narrowest configured test, build, docs, release, or mustflow intent that covers the
308
+ changed low-end support surface and synchronized template surfaces. Do not infer raw Android
309
+ Studio, Xcode, emulator, device, profiler, platform dashboard, package-manager, benchmark,
310
+ telemetry, or dev-server commands outside the command contract.
311
+
312
+ <!-- mustflow-section: failure-handling -->
313
+ ## Failure Handling
314
+
315
+ - If a configured command fails, preserve the failing intent, failing assertion or output tail, and
316
+ the low-end invariant it exercised before editing again.
317
+ - If target-device baselines or budgets are missing, report that low-end support cannot be fully
318
+ judged yet instead of adding isolated optimizations.
319
+ - If release-build, weak-device, profiler, memory-warning, platform-dashboard, or production
320
+ telemetry evidence is missing, complete available static and configured-test evidence and report
321
+ the missing measurement boundary.
322
+ - If safe repair requires product requirement changes, native permission policy, third-party SDK
323
+ dashboard changes, device lab testing, production telemetry, or platform-specific implementation
324
+ outside the current scope, report the boundary instead of inventing commands.
325
+ - If low-end performance conflicts with security, privacy, payment correctness, migration
326
+ integrity, crash reporting, accessibility, or user trust, keep the safer behavior and report the
327
+ tradeoff.
328
+
329
+ <!-- mustflow-section: output-format -->
330
+ ## Output Format
331
+
332
+ - Low-end device support boundary reviewed
333
+ - Target-device baseline, budgets, capability detection, startup, memory, rendering, list, data,
334
+ network, disk, background, sensor, SDK, degradation, and evidence findings
335
+ - Low-end support fixes made or recommended
336
+ - Evidence level: measured, configured-test evidence, static low-end risk, manual-only, missing, or
337
+ not applicable
338
+ - Command intents run
339
+ - Skipped low-end diagnostics and reasons
340
+ - Remaining low-end device support risk
@@ -0,0 +1,169 @@
1
+ ---
2
+ mustflow_doc: skill.memory-lifetime-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: memory-lifetime-review
9
+ description: Apply this skill when code is created, changed, reviewed, or reported and object lifetime, retained references, cleanup symmetry, event listeners, timers, subscriptions, goroutines, threads, workers, streams, native handles, caches, queues, or memory/resource leak risk may matter.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.memory-lifetime-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # Memory Lifetime Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Find memory and resource leaks by tracing what still retains a value, handle, task, listener, or buffer after the useful work is done.
33
+
34
+ The question is not only "where was it allocated?" The stronger review question is "which longer-lived owner can still reach it?" In garbage-collected languages, an unused object remains alive when a live object still references it. In non-GC or native-resource paths, the same shape appears as a missing close, cancel, release, unsubscribe, shutdown, or ownership-transfer rule.
35
+
36
+ <!-- mustflow-section: use-when -->
37
+ ## Use When
38
+
39
+ - Code creates, changes, reviews, or reports event listeners, observers, subscriptions, intervals, timeouts, animation frames, effects, ref callbacks, registries, caches, maps, queues, pools, workers, threads, goroutines, futures, tasks, streams, sockets, files, database cursors, image or GPU handles, native handles, or external client sessions.
40
+ - A long-lived object such as a singleton, static field, module cache, process-level registry, service, worker, ViewModel, global store, connection pool, scheduler, or background task can retain a request, response, user session, DOM node, UI component, Activity, Fragment, context, socket, buffer, payload, or closure.
41
+ - Code adds lifecycle setup such as `new`, `open`, `connect`, `subscribe`, `observe`, `addEventListener`, `setInterval`, `setTimeout`, `context.WithCancel`, `ThreadLocal.set`, `malloc`, `retain`, `shared_ptr`, `Rc`, task spawning, stream creation, or cache insertion.
42
+ - Code uses closures, callbacks, lambdas, async work, promises, channels, effects, refs, logging queues, metrics queues, debug arrays, maps, or registries that may capture or store large or short-lived objects.
43
+ - A review or final report claims that a path is leak-free, bounded, cleaned up, disposable, safe for repeated mount/unmount, safe for long-running processes, safe under retries, or safe for repeated requests.
44
+
45
+ <!-- mustflow-section: do-not-use-when -->
46
+ ## Do Not Use When
47
+
48
+ - The task is only about CPU time, latency, query count, bundle size, or payload size with no retained-reference, cleanup, or resource-lifetime risk; use `performance-budget-check`.
49
+ - The task is only ordinary ownership or borrowing inside one language-specific change and the matching language skill fully covers the risk; use this skill only if the retention or cleanup boundary crosses callbacks, async tasks, process lifetime, UI lifecycle, native handles, or shared registries.
50
+ - The task is only database schema, migration, authorization, or API contract work with no long-lived process, stream, queue, cache, or resource handle; use the more specific skill.
51
+ - The only evidence is a vague worry about memory without code paths, retained owners, repeated lifecycle actions, or resource handles to inspect.
52
+
53
+ <!-- mustflow-section: required-inputs -->
54
+ ## Required Inputs
55
+
56
+ - Lifetime surface: UI mount/unmount, request/response, job, worker, stream, queue, cache, pool, process, test runner, CLI command, background task, native resource, or application shutdown.
57
+ - Setup sites: allocation, registration, subscription, listener attachment, timer creation, task spawn, context creation, handle open, cache insert, registry add, ref storage, or ownership transfer.
58
+ - Cleanup sites: remove, abort, cancel, close, clear, unsubscribe, dispose, release, terminate, join, shutdown, delete, weak ownership, eviction, TTL expiry, bounded queue drop, stream return, or final response cleanup.
59
+ - Retainer graph: the longer-lived owner, the shorter-lived object, the reference path between them, and the expected point where that reference should be severed.
60
+ - Repetition path: repeated requests, screen open/close, route changes, tab switches, reconnects, retries, scheduled runs, test cases, or long-running sessions that can accumulate retained state.
61
+ - Error and success paths: normal completion, early return, partial read, cancellation, timeout, retry, exception, unmount, shutdown, and dependency failure behavior.
62
+ - Relevant command-intent contract entries for tests, builds, docs, release checks, and mustflow validation.
63
+
64
+ <!-- mustflow-section: preconditions -->
65
+ ## Preconditions
66
+
67
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
68
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
69
+ - Required inputs are available, or missing inputs can be reported without guessing.
70
+ - If authorization, secrets, personal data, telemetry, or audit records are retained, also use `security-privacy-review`.
71
+ - If queue, cache, retry, worker, health, or operational behavior changes, also use `backend-reliability-change`.
72
+ - If user-perceived latency, throughput, allocation churn, GC pressure, or memory budget is claimed, also use `performance-budget-check`.
73
+ - If UI lifecycle, rendering, or browser behavior changes, also use the matching UI or framework skill.
74
+
75
+ <!-- mustflow-section: allowed-edits -->
76
+ ## Allowed Edits
77
+
78
+ - Add or tighten teardown, cancellation, ownership, weak-reference, eviction, queue-bound, stream-close, worker-shutdown, and lifecycle-symmetry code tied to the task.
79
+ - Refactor setup and cleanup into a shared lifecycle boundary when it prevents duplicate registration or forgotten teardown.
80
+ - Add focused tests, fixtures, probes, or docs that prove cleanup symmetry, bounded retention, repeated lifecycle behavior, or native-resource disposal when repository evidence supports them.
81
+ - Do not hide leak warnings by raising listener limits, disabling strict lifecycle checks, adding finalizers as primary cleanup, or weakening tests.
82
+ - Do not use weak references as a design cover-up when the real owner and cleanup point should be explicit.
83
+
84
+ <!-- mustflow-section: procedure -->
85
+ ## Procedure
86
+
87
+ 1. Name the lifetime boundary. State which object or resource should die at request end, unmount, stream close, job completion, retry cancellation, test end, worker shutdown, or process exit.
88
+ 2. Build a retainer ledger.
89
+ - For each setup site, record the long-lived owner, the short-lived object or resource, the reference path, and the intended cleanup owner.
90
+ - Treat singletons, static maps, module-level arrays, registries, caches, listeners, stores, workers, ViewModels, thread pools, goroutines, and scheduler state as long-lived until proven otherwise.
91
+ - Treat requests, responses, DOM nodes, UI components, Activity or Fragment instances, contexts, buffers, payloads, streams, sockets, cursors, and per-job state as short-lived unless the product explicitly says they are durable.
92
+ 3. Check setup and cleanup symmetry in the same change.
93
+ - `addEventListener` needs a stable removal path or an `AbortSignal` tied to teardown.
94
+ - `setInterval`, repeated `setTimeout`, animation frames, schedulers, and cron-like loops need clear, cancel, shutdown, or bounded end behavior.
95
+ - `subscribe`, `observe`, websocket, EventSource, stream, file, DB cursor, socket, and provider client handles need unsubscribe, close, dispose, or abort behavior.
96
+ - `context.WithCancel`, `WithTimeout`, or `WithDeadline` needs cancel on all paths that stop needing the child context.
97
+ - `ThreadLocal.set` in pooled threads needs a `remove` path in a finally-like boundary.
98
+ 4. Review normal repeated paths before rare error paths. Screen open/close loops, route changes, tab switches, request loops, reconnect loops, scheduled jobs, queue redeliveries, and test reruns often expose leaks better than exceptional returns.
99
+ 5. Inspect closure capture.
100
+ - A small callback may retain `this`, request, response, context, session, view, DOM event, buffer, large array, database row, or provider payload.
101
+ - If the callback is stored in a long-lived emitter, timer, queue, cache, worker, or registry, shrink captures to stable identifiers or copied scalar values.
102
+ 6. Check anonymous or unstable listener identities. A listener added with a fresh anonymous function in a loop or mount path usually cannot be removed by function identity. Prefer a stable callback reference or a scoped abort controller when the platform supports it.
103
+ 7. Treat timeout wrappers as incomplete cancellation. `Promise.race` or equivalent timeout selection does not stop the losing work by itself. Verify that fetches, DB calls, streams, workers, goroutines, futures, or background tasks receive a real abort, cancel, close, or done signal.
104
+ 8. Check streams and async iterators. Early break, partial read, error, or return paths must close, cancel, drain, or otherwise release upstream sockets, file descriptors, buffers, goroutines, and listeners.
105
+ 9. Bound caches, registries, debug stores, logs, and queues.
106
+ - Caches need max entries or bytes, TTL, eviction, key cardinality review, authorization dimensions, and stale behavior.
107
+ - Debug arrays such as recent requests, events, responses, payloads, traces, or errors need a cap and should store small copied facts rather than live large objects.
108
+ - Logs, metrics, traces, and dead-letter queues should not retain raw requests, responses, DOM events, exception graphs, payload bodies, tokens, or personal data.
109
+ - Producer-consumer queues need a capacity, drop or backpressure policy, timeout, and consumer shutdown path.
110
+ 10. Check language and runtime traps where applicable.
111
+ - JavaScript and TypeScript: `addEventListener`, EventEmitter listeners, `setMaxListeners`, timers, intervals, unresolved promises, `AbortSignal`, React effects, ref arrays, module caches, maps, and logging queues.
112
+ - React and similar UI runtimes: effects that touch the outside world need cleanup that reverses setup; ref callbacks and registries must remove old nodes and survive strict double-invocation checks.
113
+ - Android: ViewModel or application-scope objects must not retain Activity, Fragment, View, lifecycle owner, or short-lived context; use lifecycle cleanup such as `onCleared` where appropriate.
114
+ - Java and Kotlin: thread pools plus `ThreadLocal`, static caches, listener registries, executors, cursors, streams, and closeable resources need explicit release.
115
+ - Go: goroutines must exit on their own, channels need a done or cancellation path when downstream stops early, contexts need cancel, and finalizers are not primary cleanup.
116
+ - C and C++: ownership transfer must be explicit across raw pointers, containers, callbacks, and failure paths; `shared_ptr` cycles need `weak_ptr` or a different ownership shape.
117
+ - Rust: `Rc`, `Arc`, `RefCell`, task handles, channels, and cycles can leak even when memory safety is preserved; use weak ownership or explicit shutdown when ownership is not truly shared.
118
+ - Python: weak references are useful for caches and observer maps, but not as a substitute for a clear lifetime owner; check global dicts, LRU caches, callbacks, generators, files, and async tasks.
119
+ 11. Reject finalizers as the main plan. Finalizers, destructors, drop hooks, or weak callbacks can be last-resort diagnostics or safety nets, but the review should still identify deterministic cleanup for resources and reference removal.
120
+ 12. Add a repeated-lifecycle proof when feasible. Prefer a focused test or probe that repeats the risky lifecycle, then asserts listener count, registry size, cache size, goroutine/task completion, handle closure, queue depth, or retained object count. If heap snapshots, leak profilers, sanitizer runs, or platform-specific diagnostics are not configured intents, report them as manual evidence gaps instead of running raw commands.
121
+
122
+ <!-- mustflow-section: postconditions -->
123
+ ## Postconditions
124
+
125
+ - Every setup site has a cleanup owner, cleanup trigger, and repeated-path behavior, or the missing evidence is reported.
126
+ - Long-lived owners no longer retain short-lived objects beyond their intended lifecycle, or the remaining retention is intentional and bounded.
127
+ - Caches, queues, registries, debug stores, and logging or telemetry buffers have capacity, eviction, truncation, or copied-value boundaries where they can grow.
128
+ - Async, stream, worker, goroutine, thread, and native-resource paths have deterministic cancellation, close, shutdown, or release behavior where the platform supports it.
129
+ - Tests or configured verification cover the highest-risk repeated lifecycle when feasible.
130
+
131
+ <!-- mustflow-section: verification -->
132
+ ## Verification
133
+
134
+ Use configured oneshot command intents when available:
135
+
136
+ - `changes_status`
137
+ - `changes_diff_summary`
138
+ - `lint`
139
+ - `build`
140
+ - `test_related`
141
+ - `test`
142
+ - `docs_validate_fast`
143
+ - `test_release`
144
+ - `mustflow_check`
145
+
146
+ Use the narrowest configured test, build, docs, release, or mustflow intent that proves the changed lifetime surface. Do not infer raw heap snapshot, profiler, sanitizer, browser, device, server, database, or load-test commands.
147
+
148
+ <!-- mustflow-section: failure-handling -->
149
+ ## Failure Handling
150
+
151
+ - If a configured test or build fails, preserve the failing intent and output tail, then fix the lifecycle boundary that the failure exercised before broad refactors.
152
+ - If no cleanup owner can be identified, stop and report the retainer path and missing lifecycle decision instead of hiding it behind weak references or comments.
153
+ - If setup and cleanup live in separate owners, make the ownership transfer explicit or report the split as a residual leak risk.
154
+ - If repeated-lifecycle proof requires unconfigured heap, profiler, sanitizer, browser, device, or load-test access, report the missing manual evidence and complete the configured checks that are available.
155
+ - If leak reduction conflicts with product semantics, authorization, durability, observability, or retry behavior, use the relevant stronger skill and report the tradeoff.
156
+
157
+ <!-- mustflow-section: output-format -->
158
+ ## Output Format
159
+
160
+ - Lifetime boundary reviewed
161
+ - Setup sites and cleanup owners
162
+ - Retainer paths found or ruled out
163
+ - Long-lived owners and short-lived objects checked
164
+ - Timers, listeners, subscriptions, streams, workers, goroutines, threads, native handles, caches, queues, registries, closures, and logs checked where relevant
165
+ - Cleanup symmetry changes made or recommended
166
+ - Repeated-lifecycle proof: configured, manual-only, missing, or not applicable
167
+ - Command intents run
168
+ - Skipped diagnostics and reasons
169
+ - Remaining memory or resource lifetime risk