mustflow 2.39.1 → 2.58.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/run/executor.js +16 -0
- package/dist/cli/commands/run/process-tree.js +6 -3
- package/dist/cli/commands/verify.js +3 -1
- package/dist/cli/lib/git-changes.js +11 -1
- package/dist/cli/lib/i18n.js +1 -1
- package/dist/cli/lib/local-index/index.js +8 -4
- package/dist/cli/lib/local-index/populate.js +17 -3
- package/dist/cli/lib/local-index/search-read-model.js +9 -7
- package/dist/cli/lib/local-index/search-text.js +2 -2
- package/dist/cli/lib/local-index/workflow-documents.js +17 -2
- package/dist/cli/lib/mustflow-read.js +14 -2
- package/dist/cli/lib/repo-map.js +16 -3
- package/dist/cli/lib/templates.js +8 -7
- package/dist/cli/lib/validation/constants.js +1 -1
- package/dist/core/active-run-locks.js +78 -20
- package/dist/core/change-classification.js +4 -0
- package/dist/core/command-contract-rules.js +1 -1
- package/dist/core/command-contract-validation.js +1 -1
- package/dist/core/command-cwd.js +13 -2
- package/dist/core/command-effects.js +22 -4
- package/dist/core/command-env.js +8 -6
- package/dist/core/command-preconditions.js +28 -2
- package/dist/core/completion-verdict.js +1 -1
- package/dist/core/line-endings.js +8 -4
- package/dist/core/safe-filesystem.js +9 -1
- package/dist/core/source-anchor-validation.js +7 -1
- package/dist/core/source-anchors.js +8 -2
- package/dist/core/verification-scheduler.js +8 -2
- package/package.json +1 -1
- package/templates/default/i18n.toml +330 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
- package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
- package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
- package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
- package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
- package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
- package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
- package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
- package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
- package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
- package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
- package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
- package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
- package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
- package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
- package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
- package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
- package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
- package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
- package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
- package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
- package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
- package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
- package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
- package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
- package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
- package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
- package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
- package/templates/default/manifest.toml +386 -1
package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md
ADDED
|
@@ -0,0 +1,329 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.mobile-energy-efficiency-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: mobile-energy-efficiency-review
|
|
9
|
+
description: Apply this skill when Android, iOS, React Native, Flutter, Tauri mobile, or other mobile app code is created, changed, reviewed, or reported and battery, energy, background work, wake locks, exact alarms, push or WebSocket behavior, polling, networking, cellular use, location, sensors, Bluetooth, rendering, animation, timers, disk I/O, Compose recomposition, Low Power Mode, Battery Saver, or platform energy diagnostics need review for whether the app wakes the phone, radio, GPS, sensors, GPU, CPU, or storage only when the user value justifies it.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.mobile-energy-efficiency-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Mobile Energy Efficiency Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review mobile battery use as wakeup, radio, sensor, location, rendering, timer, and I/O pressure,
|
|
33
|
+
not as a generic CPU speed problem.
|
|
34
|
+
|
|
35
|
+
The review question is not "is this code fast?" It is "does this app avoid waking the phone,
|
|
36
|
+
cellular radio, GPS, sensors, GPU, CPU, and storage when the screen is not asking for it, and does
|
|
37
|
+
it degrade correctly under mobile OS power policy?"
|
|
38
|
+
|
|
39
|
+
<!-- mustflow-section: use-when -->
|
|
40
|
+
## Use When
|
|
41
|
+
|
|
42
|
+
- Android, iOS, React Native, Flutter, Tauri mobile, Kotlin Multiplatform, native mobile SDK, or
|
|
43
|
+
hybrid mobile app code creates, changes, reviews, or reports background work, scheduled work,
|
|
44
|
+
foreground services, WorkManager, JobScheduler, BackgroundTasks, `beginBackgroundTask`, wake
|
|
45
|
+
locks, exact alarms, push notifications, WebSockets, polling, network sync, uploads, downloads,
|
|
46
|
+
prefetch, retries, offline sync, cellular behavior, Low Data Mode, Battery Saver, Low Power Mode,
|
|
47
|
+
location, geofencing, route tracking, sensors, Bluetooth, BLE scanning, rendering, animation,
|
|
48
|
+
spinners, timers, disk writes, Compose recomposition, image decoding, or cache behavior.
|
|
49
|
+
- A final report claims a mobile path is battery-friendly, background-safe, Doze-safe,
|
|
50
|
+
App-Standby-safe, low-power-aware, network-efficient, location-efficient, render-efficient,
|
|
51
|
+
sensor-efficient, or safe for app-store or Play quality expectations.
|
|
52
|
+
- A bug report mentions battery drain, hot phone, background drain, high energy impact, excessive
|
|
53
|
+
wakeups, excessive wake locks, poor standby life, runaway GPS, constant network activity, cellular
|
|
54
|
+
drain, UI jank plus battery drain, or the app staying active after the user leaves.
|
|
55
|
+
|
|
56
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
57
|
+
## Do Not Use When
|
|
58
|
+
|
|
59
|
+
- The task is purely web Core Web Vitals, browser rendering, bundle size, first render, or DOM
|
|
60
|
+
frame work outside a packaged mobile app; use the matching web performance skill first.
|
|
61
|
+
- The task is primarily memory ownership, listener cleanup, native handle lifetime, or retained
|
|
62
|
+
Activity or View references; use `memory-lifetime-review` first and this skill only for energy
|
|
63
|
+
consequences.
|
|
64
|
+
- The task is primarily API rate limiting, backend cost control, retry amplification, or cloud
|
|
65
|
+
spend; use the relevant backend, rate-limit, retry, or cost skill first.
|
|
66
|
+
- The operation is a pure local calculation with no mobile runtime, wakeup, background, network,
|
|
67
|
+
location, sensor, UI, timer, storage, or platform power-mode implication.
|
|
68
|
+
|
|
69
|
+
<!-- mustflow-section: required-inputs -->
|
|
70
|
+
## Required Inputs
|
|
71
|
+
|
|
72
|
+
- Energy evidence ledger: Android Vitals, Power Profiler, Macrobenchmark power metric, system
|
|
73
|
+
tracing, Xcode Organizer, MetricKit, Instruments Power Profiler, device logs, battery-drain
|
|
74
|
+
reports, or an explicit note that only static evidence is available.
|
|
75
|
+
- User-value ledger: screen or feature, foreground versus background state, user-visible outcome,
|
|
76
|
+
freshness requirement, completion requirement, acceptable delay, cancellation behavior, and
|
|
77
|
+
whether the work can be batched, deferred, or skipped.
|
|
78
|
+
- Background work ledger: coroutine, thread, async task, WorkManager, JobScheduler, foreground
|
|
79
|
+
service, exact alarm, push, BackgroundTasks, `beginBackgroundTask`, app lifecycle callback,
|
|
80
|
+
queue, retry, and expiration handling.
|
|
81
|
+
- Wakeup and radio ledger: polling, push, WebSocket, network callback, sync cadence, batch size,
|
|
82
|
+
request count, upload/download size, cellular versus Wi-Fi, expensive or constrained network
|
|
83
|
+
policy, retry policy, and offline behavior.
|
|
84
|
+
- Location, sensor, and Bluetooth ledger: requested accuracy, update interval, max delay,
|
|
85
|
+
geofence responsiveness, background permission, one-shot versus continuous location, motion
|
|
86
|
+
update interval, observer lifecycle, BLE scan and notification policy.
|
|
87
|
+
- Rendering and UI ledger: offscreen work, background animations, overdraw, opacity, blur, shadow,
|
|
88
|
+
frame rate, infinite loader, Compose stability, recomposition triggers, image decode, list cell
|
|
89
|
+
effects, and reduced motion or low-power behavior.
|
|
90
|
+
- Timer and storage ledger: repeated timer, tolerance, invalidation, dispatch source, file write
|
|
91
|
+
frequency, database batching, cache persistence, autosave cadence, and app-state flush behavior.
|
|
92
|
+
- Platform power-mode ledger: Android Doze, App Standby, Battery Saver, iOS Low Power Mode, Low
|
|
93
|
+
Data Mode, background execution entitlement, permission policy, store policy, and user-visible
|
|
94
|
+
fallback.
|
|
95
|
+
- Observability and test evidence: metrics, logs, traces, counters, wakeup counts, job outcome
|
|
96
|
+
events, timeout or expiration logs, power-mode tests, lifecycle tests, fake-clock tests, and
|
|
97
|
+
configured command intents.
|
|
98
|
+
|
|
99
|
+
<!-- mustflow-section: preconditions -->
|
|
100
|
+
## Preconditions
|
|
101
|
+
|
|
102
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
103
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
|
|
104
|
+
current scope.
|
|
105
|
+
- Required energy, user-value, background, wakeup, radio, location, sensor, rendering, timer,
|
|
106
|
+
storage, power-mode, observability, and test evidence is available, or missing evidence can be
|
|
107
|
+
reported without guessing.
|
|
108
|
+
- Existing mobile lifecycle, background task, networking, location, sensor, rendering, timer,
|
|
109
|
+
storage, telemetry, and test patterns have been searched before adding new shapes.
|
|
110
|
+
- If the feature affects money, safety, medical, navigation, authentication, permissions, privacy,
|
|
111
|
+
or legal retention, also apply the relevant security, privacy, payment, data, or failure skill.
|
|
112
|
+
|
|
113
|
+
<!-- mustflow-section: allowed-edits -->
|
|
114
|
+
## Allowed Edits
|
|
115
|
+
|
|
116
|
+
- Add or tighten lifecycle cancellation, WorkManager or JobScheduler constraints, BackgroundTasks
|
|
117
|
+
usage, wake lock timeout and release paths, exact alarm justification, push priority, network
|
|
118
|
+
batching, callback-based network state, cellular and constrained-network policy, location
|
|
119
|
+
accuracy and interval, geofence responsiveness, background-location stop behavior, sensor or BLE
|
|
120
|
+
stop behavior, render throttling, animation stop, frame-rate lowering, timer tolerance, disk I/O
|
|
121
|
+
batching, low-power degradation, observability, and focused tests.
|
|
122
|
+
- Replace unbounded background services, always-on WebSockets, frequent polling, exact alarms for
|
|
123
|
+
non-user-critical work, wake locks without timeout and release, continuous GPS for coarse needs,
|
|
124
|
+
always-on sensors, duplicate BLE scans, offscreen animations, overdraw-heavy UI, infinite loaders,
|
|
125
|
+
zero-tolerance timers, and per-keystroke disk writes when in scope.
|
|
126
|
+
- Do not add live device tests, store-console actions, production telemetry queries, background
|
|
127
|
+
workers, local servers, platform dashboards, or raw mobile build commands outside the configured
|
|
128
|
+
command contract.
|
|
129
|
+
- Do not treat a battery fix as proof of memory safety, privacy compliance, permission safety,
|
|
130
|
+
backend rate limiting, offline sync correctness, or UI performance without matching evidence.
|
|
131
|
+
|
|
132
|
+
<!-- mustflow-section: procedure -->
|
|
133
|
+
## Procedure
|
|
134
|
+
|
|
135
|
+
1. Start with measurement or mark static-only evidence.
|
|
136
|
+
- Prefer current platform evidence such as Android Vitals, Power Profiler, Macrobenchmark power
|
|
137
|
+
metric, system tracing, Xcode Organizer, MetricKit, or Instruments Power Profiler.
|
|
138
|
+
- If only code review is available, say so. Do not invent battery savings from intuition.
|
|
139
|
+
- Treat older or lightly maintained diagnostic tools as optional context, not the only proof.
|
|
140
|
+
2. Classify the user value and urgency.
|
|
141
|
+
- Name whether the work is visible foreground work, user-started completion work, silent sync,
|
|
142
|
+
prefetch, telemetry, upload, notification, navigation, safety, or convenience.
|
|
143
|
+
- Screen-visible work can often be cancelled when the screen disappears.
|
|
144
|
+
- User-started completion work can finish briefly in the background.
|
|
145
|
+
- Silent convenience work should usually wait, batch, or be skipped under power pressure.
|
|
146
|
+
3. Split foreground tasks from durable background work.
|
|
147
|
+
- Use ordinary coroutine, thread, async task, or lifecycle-scoped work for visible-only work.
|
|
148
|
+
- Use Android WorkManager, JobScheduler, or iOS BackgroundTasks-style scheduling for work that
|
|
149
|
+
must finish after the user leaves and can tolerate OS scheduling.
|
|
150
|
+
- Do not treat a background worker as a license to run immediately or forever.
|
|
151
|
+
4. Reject unbounded Android background services.
|
|
152
|
+
- A long-running background Service or foreground service should have a user-visible reason,
|
|
153
|
+
platform permission basis, notification behavior, stop condition, and fallback.
|
|
154
|
+
- Assume Android background limits, foreground-service restrictions, Doze, and App Standby can
|
|
155
|
+
delay or stop work.
|
|
156
|
+
- If the product needs exact real-time work, name the user-visible reason and platform policy
|
|
157
|
+
evidence.
|
|
158
|
+
5. Design for Doze and App Standby.
|
|
159
|
+
- Network, jobs, alarms, wake locks, and background work can be delayed or suppressed by the OS.
|
|
160
|
+
- Replace "run every N seconds/minutes exactly" with retryable, resumable, batched work unless
|
|
161
|
+
there is a true user-facing deadline.
|
|
162
|
+
- Persist enough progress to resume after delay, process death, or maintenance-window execution.
|
|
163
|
+
6. Treat exact alarms as scarce.
|
|
164
|
+
- Standard alarms can be delayed under power policy.
|
|
165
|
+
- Allow-while-idle or exact-while-idle alarms should be reserved for genuinely user-critical
|
|
166
|
+
deadlines such as alarm, calendar, safety, or payment-deadline behavior.
|
|
167
|
+
- Report missing platform permission, throttling, fallback, and user-visible justification.
|
|
168
|
+
7. Treat wake locks as emergency medicine.
|
|
169
|
+
- Prefer platform-managed work APIs before manual wake locks.
|
|
170
|
+
- If a wake lock remains, require a timeout, shortest possible scope, `try/finally` or
|
|
171
|
+
equivalent release, cancellation release, exception release, and observability for acquire and
|
|
172
|
+
release.
|
|
173
|
+
- Do not hold wake locks across network calls without tight timeout and cancellation policy.
|
|
174
|
+
8. Prefer shared push over app-owned always-on sockets.
|
|
175
|
+
- For mobile notifications and server-triggered wakeups, prefer platform push channels such as
|
|
176
|
+
FCM or APNs when the feature fits.
|
|
177
|
+
- Use high-priority push only when it leads to user-visible, time-sensitive behavior.
|
|
178
|
+
- Do not keep WebSocket, MQTT, or polling connections alive in the background for speculative
|
|
179
|
+
prefetch or invisible freshness.
|
|
180
|
+
9. Batch network work.
|
|
181
|
+
- Prefer fewer larger transactions over many tiny wakeups when freshness allows it.
|
|
182
|
+
- Coalesce sync, telemetry, uploads, and refreshes instead of firing each event immediately.
|
|
183
|
+
- Respect expensive, constrained, metered, Low Data Mode, roaming, poor-signal, and offline
|
|
184
|
+
conditions.
|
|
185
|
+
- Use connectivity callbacks instead of periodic "are we online?" polling.
|
|
186
|
+
10. Put constraints on heavy sync.
|
|
187
|
+
- For Android scheduled work, consider unmetered network, charging, idle, battery-not-low, and
|
|
188
|
+
storage-not-low constraints when the work is not urgent.
|
|
189
|
+
- For iOS networking, decide whether constrained or expensive network access is allowed and
|
|
190
|
+
whether the request should wait for connectivity.
|
|
191
|
+
- Report product requirements that conflict with battery-friendly constraints.
|
|
192
|
+
11. Lower location accuracy first.
|
|
193
|
+
- Do not use high accuracy or GPS for coarse place lookup, nearby content, analytics, or
|
|
194
|
+
personalization unless the feature proves it needs it.
|
|
195
|
+
- Prefer balanced, low-power, no-power, reduced-accuracy, or last-known strategies where safe.
|
|
196
|
+
- Treat background location permission as a high-risk energy and privacy surface.
|
|
197
|
+
12. Stop one-shot location after one shot.
|
|
198
|
+
- Use one-time location APIs when only one coordinate is needed.
|
|
199
|
+
- If continuous updates are used, stop them when the feature completes, screen disappears, or
|
|
200
|
+
accuracy is good enough.
|
|
201
|
+
- On iOS, pair background location enablement with automatic pauses, appropriate activity type,
|
|
202
|
+
explicit stop, and restoring background updates to false when no longer needed.
|
|
203
|
+
13. Batch and slow continuous location.
|
|
204
|
+
- Use the longest acceptable interval for background updates.
|
|
205
|
+
- Use max update delay or deferred update behavior when batch delivery still satisfies product
|
|
206
|
+
value.
|
|
207
|
+
- For geofences, avoid instant responsiveness unless the user-facing feature needs it.
|
|
208
|
+
14. Stop sensors and BLE when done.
|
|
209
|
+
- Motion, orientation, accelerometer, gyroscope, magnetometer, camera, microphone, and BLE scan
|
|
210
|
+
work should have clear start and stop ownership.
|
|
211
|
+
- Increase sensor update intervals to the lowest useful frequency.
|
|
212
|
+
- Stop BLE scan after finding the target, avoid duplicate discovery unless needed, and prefer
|
|
213
|
+
notification/subscription over polling for value changes.
|
|
214
|
+
15. Stop invisible UI work.
|
|
215
|
+
- When the app backgrounds or a screen disappears, stop animations, progress UI, timers, image
|
|
216
|
+
work, layout loops, and screen-only state updates that no user can see.
|
|
217
|
+
- Keep durable state changes separate from decorative or visual progress.
|
|
218
|
+
- Do not let a spinner, shimmer, Lottie animation, or progress timer run forever behind another
|
|
219
|
+
screen or in background.
|
|
220
|
+
16. Reduce pixels and frames.
|
|
221
|
+
- Check Android overdraw, duplicated backgrounds, translucent overlays, nested cards, wrapper
|
|
222
|
+
views, blur, shadows, and large invalidated regions.
|
|
223
|
+
- On iOS, treat opacity, translucent blur, shadows, and high frame rate as costs that must be
|
|
224
|
+
justified by the screen.
|
|
225
|
+
- Lower frame rate for menus, settings, static feeds, loading decoration, and non-interactive
|
|
226
|
+
surfaces where the platform and UI stack support it.
|
|
227
|
+
17. Make Compose and declarative UI stable.
|
|
228
|
+
- Stable models let Compose or similar declarative UI skip work; unstable mutable models can
|
|
229
|
+
cause needless recomposition.
|
|
230
|
+
- Avoid passing mutable lists, changing lambdas, large state bags, or module-boundary types that
|
|
231
|
+
the UI runtime cannot prove stable.
|
|
232
|
+
- Track recomposition evidence before claiming the UI is energy-efficient.
|
|
233
|
+
18. Give timers slack.
|
|
234
|
+
- Repeating timers wake the CPU. Invalidate them when the screen or task ends.
|
|
235
|
+
- Use timer tolerance, coalescing, debouncing, dispatch sources, lifecycle-aware flows, or
|
|
236
|
+
platform schedulers when exact ticks are not needed.
|
|
237
|
+
- Avoid 1-second or sub-second timers for decorative UI, polling, autosave, or progress that
|
|
238
|
+
can be event-driven.
|
|
239
|
+
19. Batch disk I/O.
|
|
240
|
+
- Write only when data changed.
|
|
241
|
+
- Coalesce autosave, cache persistence, telemetry, and app-state writes.
|
|
242
|
+
- Avoid rewriting large JSON or preference blobs on every keystroke, scroll event, or sensor
|
|
243
|
+
sample; use a database or append/merge strategy when partial updates are frequent.
|
|
244
|
+
20. React to Low Power Mode and Battery Saver as product states.
|
|
245
|
+
- Define which animation, sync, backup, location, prefetch, ML inference, image decode, and
|
|
246
|
+
background behavior is disabled, delayed, or simplified.
|
|
247
|
+
- Preserve user-critical and safety-critical behavior explicitly.
|
|
248
|
+
- Make the degraded path observable and testable.
|
|
249
|
+
21. Keep energy telemetry useful and low-risk.
|
|
250
|
+
- Log job reason, lifecycle state, power mode, network class, constraint decision, location mode,
|
|
251
|
+
wake lock scope, push priority, background expiration, retry count, and stop reason where safe.
|
|
252
|
+
- Keep metrics labels bounded; do not label by user id, raw URL, coordinate, BLE device address,
|
|
253
|
+
payload, or trace id.
|
|
254
|
+
- Include both "started" and "stopped" or "expired" evidence for background work, sensors,
|
|
255
|
+
location, BLE, timers, and wake locks.
|
|
256
|
+
22. Test the ugly edges.
|
|
257
|
+
- Cover backgrounding, screen disappear, cancellation, process death resume, Doze or standby
|
|
258
|
+
simulation when configured, Battery Saver or Low Power Mode policy, constrained network,
|
|
259
|
+
offline-to-online callback, location permission downgrade, sensor stop, BLE scan stop, timer
|
|
260
|
+
invalidation, wake lock release on exception, and background-task expiration.
|
|
261
|
+
- If device, emulator, Xcode, Android Studio, store-console, or production telemetry evidence is
|
|
262
|
+
not configured, report that boundary as manual-only instead of approving battery behavior.
|
|
263
|
+
|
|
264
|
+
<!-- mustflow-section: postconditions -->
|
|
265
|
+
## Postconditions
|
|
266
|
+
|
|
267
|
+
- Measurement status, user value, foreground versus background boundary, OS scheduling, Doze or
|
|
268
|
+
App Standby behavior, exact alarm use, wake lock scope, push versus socket choice, network
|
|
269
|
+
batching, cellular constraints, location accuracy and duration, geofence responsiveness, sensor
|
|
270
|
+
and BLE lifecycle, invisible UI work, overdraw and effects, frame rate, Compose stability, timer
|
|
271
|
+
tolerance, disk I/O batching, Low Power Mode or Battery Saver behavior, telemetry, and tests are
|
|
272
|
+
explicit.
|
|
273
|
+
- Unbounded background services, exact periodic sync fantasies, wake locks without timeout, high
|
|
274
|
+
priority push for invisible prefetch, constant WebSocket background connections, polling,
|
|
275
|
+
cellular-as-Wi-Fi assumptions, high-accuracy location by default, forgotten continuous location,
|
|
276
|
+
instant geofence marketing, background location left enabled, unclosed sensors, endless BLE scan,
|
|
277
|
+
offscreen animation, overdraw, excessive blur or shadow, high FPS decoration, infinite loaders,
|
|
278
|
+
unstable Compose models, zero-tolerance timers, per-keystroke disk writes, and low-power blindness
|
|
279
|
+
are fixed or reported.
|
|
280
|
+
- Mobile energy claims are backed by configured tests, platform diagnostic evidence, static review
|
|
281
|
+
evidence, or labeled as manual-only or missing.
|
|
282
|
+
|
|
283
|
+
<!-- mustflow-section: verification -->
|
|
284
|
+
## Verification
|
|
285
|
+
|
|
286
|
+
Use configured oneshot command intents when available:
|
|
287
|
+
|
|
288
|
+
- `changes_status`
|
|
289
|
+
- `changes_diff_summary`
|
|
290
|
+
- `lint`
|
|
291
|
+
- `build`
|
|
292
|
+
- `test_related`
|
|
293
|
+
- `test`
|
|
294
|
+
- `docs_validate_fast`
|
|
295
|
+
- `test_release`
|
|
296
|
+
- `mustflow_check`
|
|
297
|
+
|
|
298
|
+
Prefer the narrowest configured test, build, docs, release, or mustflow intent that covers the
|
|
299
|
+
changed mobile energy policy and synchronized template surfaces. Do not infer raw Android Studio,
|
|
300
|
+
Xcode, emulator, device, store-console, telemetry, background-service, or platform-dashboard checks
|
|
301
|
+
outside the command contract.
|
|
302
|
+
|
|
303
|
+
<!-- mustflow-section: failure-handling -->
|
|
304
|
+
## Failure Handling
|
|
305
|
+
|
|
306
|
+
- If a configured command fails, preserve the failing intent, failing assertion or output tail, and
|
|
307
|
+
the energy invariant it exercised before editing again.
|
|
308
|
+
- If the user value or urgency cannot be named, report that the energy tradeoff is not reviewable
|
|
309
|
+
yet.
|
|
310
|
+
- If platform power behavior cannot be tested locally, complete available static and unit evidence
|
|
311
|
+
and report missing device, emulator, profiler, or production telemetry evidence.
|
|
312
|
+
- If safe repair requires product requirement changes, native permission policy, store policy,
|
|
313
|
+
platform entitlement, device lab testing, production telemetry, or OS-specific implementation
|
|
314
|
+
outside the current scope, report the missing boundary instead of inventing commands.
|
|
315
|
+
|
|
316
|
+
<!-- mustflow-section: output-format -->
|
|
317
|
+
## Output Format
|
|
318
|
+
|
|
319
|
+
- Mobile energy boundary reviewed
|
|
320
|
+
- Measurement status, user value, background work, OS scheduling, exact alarm, wake lock, push or
|
|
321
|
+
socket, network batching, cellular or constrained network, location, geofence, sensor, BLE, UI
|
|
322
|
+
rendering, animation, frame rate, Compose or declarative UI stability, timer, disk I/O, low-power
|
|
323
|
+
mode, telemetry, and test findings
|
|
324
|
+
- Mobile energy fixes made or recommended
|
|
325
|
+
- Evidence level: configured-test evidence, platform diagnostic evidence, static review risk,
|
|
326
|
+
manual-only, missing, or not applicable
|
|
327
|
+
- Command intents run
|
|
328
|
+
- Skipped mobile energy diagnostics and reasons
|
|
329
|
+
- Remaining mobile energy risk
|
|
@@ -0,0 +1,278 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.module-boundary-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: module-boundary-review
|
|
9
|
+
description: Apply this skill when code is created, changed, reviewed, or reported and module separation, cohesion, coupling, data ownership, rule ownership, failure ownership, import direction, circular dependency, DTO leakage, shared/common/utils growth, mock-heavy tests, repeated policy conditions, enum interpretation, repository business logic, anemic domain, domain-to-I/O leakage, transaction boundary mismatch, event naming, public API bloat, caller sequencing, premature reuse, co-change history, bug/fix distance, config ownership, log responsibility, exception translation, cache invalidation ownership, repeated authorization checks, frontend/backend policy leakage, time policy, batch or worker bypass, or temporary-code accumulation can make a change spread beyond its real owner.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.module-boundary-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Module Boundary Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review module separation by tracing change spread, ownership, and ignorance boundaries rather than
|
|
33
|
+
folder names, layer names, or file labels.
|
|
34
|
+
|
|
35
|
+
The review question is not "which folder should this file live in?" It is "when this rule changes,
|
|
36
|
+
who must change, who owns the data, who owns the failure, and who should not need to know?"
|
|
37
|
+
|
|
38
|
+
<!-- mustflow-section: use-when -->
|
|
39
|
+
## Use When
|
|
40
|
+
|
|
41
|
+
- Code creates, changes, reviews, or reports module boundaries, package boundaries, folder splits,
|
|
42
|
+
services, repositories, validators, mappers, helpers, shared utilities, DTOs, domain models,
|
|
43
|
+
policies, use cases, workers, batches, events, caches, permissions, config reads, or public module
|
|
44
|
+
APIs.
|
|
45
|
+
- A change touches several folders, layers, or modules for one reason, or several differently named
|
|
46
|
+
files repeatedly change together.
|
|
47
|
+
- A review claims that layering, clean architecture, DDD, modular monolith, feature folders,
|
|
48
|
+
repositories, services, shared utilities, events, DTOs, or frontend/backend separation is clean.
|
|
49
|
+
- The suspected issue is not a large service split yet, but a local module boundary that leaks
|
|
50
|
+
business rules, data shape, failure handling, sequencing, or ownership to neighbors.
|
|
51
|
+
|
|
52
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
53
|
+
## Do Not Use When
|
|
54
|
+
|
|
55
|
+
- The task designs or reviews service ownership, team ownership, cross-service data ownership,
|
|
56
|
+
deployment units, queues, large modular-monolith boundaries, or operational recovery; use
|
|
57
|
+
`service-boundary-architecture`.
|
|
58
|
+
- The task asks for an architecture review before choosing a refactor or abstraction; use
|
|
59
|
+
`architecture-deepening-review` first and this skill only for module-leak evidence.
|
|
60
|
+
- The task is implementing a new feature where early data flow and failure model decisions dominate;
|
|
61
|
+
use `structure-first-engineering` first and this skill as an adjunct when module ownership is the
|
|
62
|
+
sharpest risk.
|
|
63
|
+
- The task is only a behavior-preserving move or rename with known behavior evidence; use
|
|
64
|
+
`behavior-preserving-refactor`.
|
|
65
|
+
- The only concern is a single pattern such as adapter, facade, strategy, state machine, dependency
|
|
66
|
+
injection, result type, or composition over inheritance; use that narrower pattern skill.
|
|
67
|
+
|
|
68
|
+
<!-- mustflow-section: required-inputs -->
|
|
69
|
+
## Required Inputs
|
|
70
|
+
|
|
71
|
+
- Change reason: the policy, feature, bug, data shape, failure path, or operational behavior that
|
|
72
|
+
caused the edit.
|
|
73
|
+
- Changed-file spread: folders, modules, layers, packages, tests, generated files, templates, and
|
|
74
|
+
docs touched by the same reason.
|
|
75
|
+
- Co-change evidence when available: recent commits, PRs, repeated paired files, or local diff
|
|
76
|
+
history showing files that usually move together.
|
|
77
|
+
- Module graph evidence: imports, exports, public APIs, call sites, dependency direction, cycles,
|
|
78
|
+
shared helpers, DTO flow, and configuration reads.
|
|
79
|
+
- Ownership evidence: source of truth for data, owner of policy decisions, owner of failure handling,
|
|
80
|
+
owner of cache invalidation, owner of time and config interpretation, and owner of authorization.
|
|
81
|
+
- Test evidence: number and kind of mocks, pure-domain tests, integration tests, worker or batch
|
|
82
|
+
entry tests, and whether callers need to know internal call order.
|
|
83
|
+
- Relevant command-intent contract entries for tests, builds, docs, release checks, and mustflow
|
|
84
|
+
validation.
|
|
85
|
+
|
|
86
|
+
<!-- mustflow-section: preconditions -->
|
|
87
|
+
## Preconditions
|
|
88
|
+
|
|
89
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
90
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
|
|
91
|
+
current scope.
|
|
92
|
+
- Required inputs are available, or missing ownership, import, co-change, test, or failure evidence
|
|
93
|
+
can be reported without guessing.
|
|
94
|
+
- If the review finds security, privacy, cache, concurrency, database, API, or failure-integrity
|
|
95
|
+
risk, also use the relevant narrower skill before editing that part.
|
|
96
|
+
|
|
97
|
+
<!-- mustflow-section: allowed-edits -->
|
|
98
|
+
## Allowed Edits
|
|
99
|
+
|
|
100
|
+
- Move or tighten policy ownership, DTO boundaries, mapper boundaries, module public APIs, import
|
|
101
|
+
direction, config injection, exception translation, cache invalidation ownership, authorization
|
|
102
|
+
checks, event facts, worker entrypoints, and tests directly tied to the reviewed module boundary.
|
|
103
|
+
- Add small facades, use-case functions, policy objects, pure domain helpers, adapters, or result
|
|
104
|
+
mappings only when they reduce caller knowledge, co-change spread, duplicate rules, or mock cost.
|
|
105
|
+
- Add focused tests that prove the boundary contract, such as one policy owner, caller order hidden
|
|
106
|
+
inside a module, batch and online paths using the same use case, or frontend receiving a decision
|
|
107
|
+
instead of reconstructing backend state.
|
|
108
|
+
- Do not split files, introduce layers, rename modules, or create broad shared helpers only because
|
|
109
|
+
the current folder looks untidy.
|
|
110
|
+
- Do not move behavior across a public contract, database owner, event contract, or permission
|
|
111
|
+
boundary without preserving compatibility or reporting the migration risk.
|
|
112
|
+
|
|
113
|
+
<!-- mustflow-section: procedure -->
|
|
114
|
+
## Procedure
|
|
115
|
+
|
|
116
|
+
1. Start with change spread, not folder names.
|
|
117
|
+
- Name the single reason for the change.
|
|
118
|
+
- Count how many modules, folders, layers, tests, docs, and templates changed for that one reason.
|
|
119
|
+
- If one policy edit forces controller, service, repository, mapper, utility, constants, worker,
|
|
120
|
+
and UI edits together, treat the module boundary as suspect.
|
|
121
|
+
2. Group by reason to change.
|
|
122
|
+
- Files with different names but the same change reason are one module candidate.
|
|
123
|
+
- `UserService`, `UserValidator`, `UserMapper`, `UserPolicy`, and `UserHelper` changing together is
|
|
124
|
+
evidence of sliced roles, not necessarily separated modules.
|
|
125
|
+
3. Check import direction.
|
|
126
|
+
- Infrastructure or low-level modules should not know high-level business use case names unless
|
|
127
|
+
the repository intentionally uses that inversion.
|
|
128
|
+
- Treat lower layers importing policy names such as plan, checkout, approval, permission, or
|
|
129
|
+
subscription as evidence that the policy leaked downward.
|
|
130
|
+
4. Treat cycles as boundary failure until proven harmless.
|
|
131
|
+
- If A imports B and B imports A, identify the missing concept, ownership decision, event, port, or
|
|
132
|
+
data-flow direction.
|
|
133
|
+
- Do not accept "they need each other" without naming the invariant that forces the cycle.
|
|
134
|
+
5. Trace DTO infection.
|
|
135
|
+
- API response DTOs, request DTOs, ORM rows, provider payloads, and UI view models should not
|
|
136
|
+
become domain, repository, batch, worker, or event models by default.
|
|
137
|
+
- Convert at the boundary and keep internal decision shapes separate from external transport shapes.
|
|
138
|
+
6. Audit `common`, `shared`, `utils`, and `helpers`.
|
|
139
|
+
- Low-level pure tools can be shared. Business rules in shared folders are usually ownerless
|
|
140
|
+
policy.
|
|
141
|
+
- If a shared helper imports domain words or changes with one product rule, move ownership closer
|
|
142
|
+
to the domain that owns the rule.
|
|
143
|
+
7. Check module responsibility by verbs, not names.
|
|
144
|
+
- A noun-named module that calculates unrelated coupons, points, email, inventory, admin alerts,
|
|
145
|
+
and audit behavior is hiding a process, not a bounded responsibility.
|
|
146
|
+
- A module deleted from the system should remove a coherent business capability, not random
|
|
147
|
+
features from several flows.
|
|
148
|
+
8. Use tests as boundary sensors.
|
|
149
|
+
- If one module's core rule test needs many mocks, the module probably knows too many external
|
|
150
|
+
facts or mixes decision logic with orchestration.
|
|
151
|
+
- Prefer pure rule tests for the owner and smaller integration tests for adapters and delivery.
|
|
152
|
+
9. Find repeated policy conditions.
|
|
153
|
+
- Repeated `isPremium`, `status === PAID`, `plan === ENTERPRISE`, owner checks, feature flags, or
|
|
154
|
+
time-window branches across modules mean the policy has no single owner.
|
|
155
|
+
- Move interpretation to a policy object, domain method, use case, state machine, capability
|
|
156
|
+
result, or other local pattern that callers can ask instead of reimplement.
|
|
157
|
+
10. Check enum spread.
|
|
158
|
+
- Sharing a status value may be fine. Sharing every interpretation of that status across modules
|
|
159
|
+
is not.
|
|
160
|
+
- Refundability, notification behavior, inventory restoration, permission, and UI action
|
|
161
|
+
visibility should have named owners, not scattered enum branches.
|
|
162
|
+
11. Check repository language.
|
|
163
|
+
- Repository names such as `findRefundableOrders`, `findUsersEligibleForPromotion`, or
|
|
164
|
+
`saveWithAuditAndNotify` usually mean persistence is making business decisions.
|
|
165
|
+
- Repositories may expose data queries, but policy eligibility and side-effect orchestration need
|
|
166
|
+
an owner above persistence unless the local architecture explicitly says otherwise.
|
|
167
|
+
12. Check anemic and overpowered domain shapes.
|
|
168
|
+
- A domain object with only fields while services own every decision is a sign that rules moved
|
|
169
|
+
away from the data that explains them.
|
|
170
|
+
- A domain object that sends email, opens transactions, calls HTTP, invalidates Redis, or reads
|
|
171
|
+
process environment knows too much about the outside world.
|
|
172
|
+
13. Check transaction boundaries against module boundaries.
|
|
173
|
+
- If one use case must transactionally mutate many owners, decide which facts are truly one
|
|
174
|
+
consistency boundary and which can move through outbox, event, worker, or reconciliation.
|
|
175
|
+
- Do not hide a cross-owner consistency problem behind a single large service method.
|
|
176
|
+
14. Check event language.
|
|
177
|
+
- Events should describe domain facts such as `OrderPaid`, `SubscriptionCancelled`, or
|
|
178
|
+
`RefundApproved`, not storage mechanics such as `UserTableUpdated` or `OrderRowInserted`.
|
|
179
|
+
- A technical event name often exposes another module's internals instead of publishing a useful
|
|
180
|
+
fact.
|
|
181
|
+
15. Check public module API size and caller sequencing.
|
|
182
|
+
- Too many exported functions can mean internals are on display.
|
|
183
|
+
- If callers must call `create`, then `apply`, then `reserve`, then `mark`, the module has handed
|
|
184
|
+
out an assembly manual instead of owning the sequence.
|
|
185
|
+
16. Check reuse claims.
|
|
186
|
+
- "Used in many places" is not enough reason to extract a common helper.
|
|
187
|
+
- Reuse is safe only when the callers change for the same reason. Similar code from different
|
|
188
|
+
business contexts may need duplication until the shared concept is real.
|
|
189
|
+
17. Check history, not only the current diff.
|
|
190
|
+
- Recent commits and repeated PR pairings can reveal true module candidates better than folder
|
|
191
|
+
names.
|
|
192
|
+
- If a file repeatedly receives temporary exceptions in the same direction, name the missing
|
|
193
|
+
concept instead of adding another branch.
|
|
194
|
+
18. Compare bug location with fix location.
|
|
195
|
+
- If the symptom appears in one module but the fix belongs in an unrelated utility, policy, or
|
|
196
|
+
mapper, the responsibility line may be bent.
|
|
197
|
+
19. Check config, time, and logging responsibility.
|
|
198
|
+
- Raw `process.env`, feature flag, remote config, clock, timezone, locale, and date parsing should
|
|
199
|
+
usually be read at the edge and injected as explicit values.
|
|
200
|
+
- Logs that mention another module's job, such as payment code logging welcome-email failure, are
|
|
201
|
+
strong ownership evidence.
|
|
202
|
+
20. Translate exceptions at boundaries.
|
|
203
|
+
- Database, provider, filesystem, framework, and payment errors should not leak through every
|
|
204
|
+
layer unchanged.
|
|
205
|
+
- Convert external failure dialect into the receiving module's language while preserving safe
|
|
206
|
+
diagnostic causes.
|
|
207
|
+
21. Check cache invalidation, authorization, frontend policy, and alternate entrypoints.
|
|
208
|
+
- Cache invalidation belongs near the data owner, not scattered across random callers.
|
|
209
|
+
- Authorization checks repeated in controllers should move to one use-case entry, policy, or
|
|
210
|
+
capability boundary.
|
|
211
|
+
- Frontend code should receive allowed actions or decisions when possible, not reconstruct
|
|
212
|
+
backend policy from internal statuses.
|
|
213
|
+
- Batch, cron, worker, and admin tools should use the same use case or policy owner as online
|
|
214
|
+
requests instead of bypassing validations, events, logs, and permissions.
|
|
215
|
+
22. Decide the smallest response.
|
|
216
|
+
- If evidence is strong and the edit is in scope, make the smallest boundary fix.
|
|
217
|
+
- If the fix would be broad, report the module boundary risk and the first safe split point.
|
|
218
|
+
- If evidence is weak, leave the structure alone and report the missing co-change or ownership
|
|
219
|
+
evidence.
|
|
220
|
+
|
|
221
|
+
<!-- mustflow-section: postconditions -->
|
|
222
|
+
## Postconditions
|
|
223
|
+
|
|
224
|
+
- The changed reason, changed-file spread, co-change evidence, data owner, policy owner, failure
|
|
225
|
+
owner, and public module surface are explicit or reported as missing.
|
|
226
|
+
- Import direction, cycles, DTO spread, shared helper ownership, repository policy leakage, domain
|
|
227
|
+
I/O leakage, transaction mismatch, event naming, caller sequencing, duplicated policy, and alternate
|
|
228
|
+
entrypoints are fixed or reported where relevant.
|
|
229
|
+
- Any new abstraction hides a named responsibility and reduces caller knowledge, change spread, or
|
|
230
|
+
test mock cost.
|
|
231
|
+
- Behavior, public contracts, permissions, data ownership, and failure semantics remain intact or
|
|
232
|
+
are reported as risks.
|
|
233
|
+
|
|
234
|
+
<!-- mustflow-section: verification -->
|
|
235
|
+
## Verification
|
|
236
|
+
|
|
237
|
+
Use configured oneshot command intents when available:
|
|
238
|
+
|
|
239
|
+
- `changes_status`
|
|
240
|
+
- `changes_diff_summary`
|
|
241
|
+
- `lint`
|
|
242
|
+
- `build`
|
|
243
|
+
- `test_related`
|
|
244
|
+
- `test`
|
|
245
|
+
- `docs_validate_fast`
|
|
246
|
+
- `test_release`
|
|
247
|
+
- `mustflow_check`
|
|
248
|
+
|
|
249
|
+
Prefer the narrowest configured test, build, docs, release, or mustflow intent that covers the changed
|
|
250
|
+
module boundary. Use release or docs checks when templates, public docs, package metadata, public APIs,
|
|
251
|
+
schemas, generated clients, or install surfaces change.
|
|
252
|
+
|
|
253
|
+
<!-- mustflow-section: failure-handling -->
|
|
254
|
+
## Failure Handling
|
|
255
|
+
|
|
256
|
+
- If ownership cannot be identified, report the missing owner instead of creating a vague shared
|
|
257
|
+
helper or new layer.
|
|
258
|
+
- If changing the boundary would require broad moves, public API migration, database ownership
|
|
259
|
+
migration, or cross-team decisions, stop at the risk report and name the first safe follow-up.
|
|
260
|
+
- If tests require many mocks after the change, revisit the boundary before weakening assertions.
|
|
261
|
+
- If a configured command fails, preserve the failing intent and use `failure-triage` before making
|
|
262
|
+
unrelated edits.
|
|
263
|
+
|
|
264
|
+
<!-- mustflow-section: output-format -->
|
|
265
|
+
## Output Format
|
|
266
|
+
|
|
267
|
+
- Module boundary reviewed
|
|
268
|
+
- Change reason and changed-file spread
|
|
269
|
+
- Co-change, import direction, cycle, DTO, shared helper, public API, caller sequencing, and test mock
|
|
270
|
+
evidence
|
|
271
|
+
- Data owner, policy owner, failure owner, cache invalidation owner, config/time owner, and
|
|
272
|
+
authorization owner where relevant
|
|
273
|
+
- Boundary fixes made or recommended
|
|
274
|
+
- Evidence level: current diff, local source evidence, history evidence, configured-test evidence,
|
|
275
|
+
missing, or not applicable
|
|
276
|
+
- Command intents run
|
|
277
|
+
- Skipped diagnostics and reasons
|
|
278
|
+
- Remaining module-boundary risk
|
package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md
CHANGED
|
@@ -54,6 +54,7 @@ Do not use this skill when:
|
|
|
54
54
|
- one agent is doing a small linear task
|
|
55
55
|
- the user only asks for a normal code change, review, or test run
|
|
56
56
|
- the requested work is a production automation runtime rather than repository coordination
|
|
57
|
+
- the requested work designs an LLM product agent's planner, executor, verifier, tool gates, approval or interrupt state, durable resume behavior, loop budgets, handoffs, guardrails, or trace outcome evaluation; use `agent-execution-control-review`
|
|
57
58
|
- the repository or host instructions forbid starting workers or long-running processes
|
|
58
59
|
|
|
59
60
|
<!-- mustflow-section: required-inputs -->
|