mustflow 2.39.1 → 2.58.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (92) hide show
  1. package/dist/cli/commands/run/executor.js +16 -0
  2. package/dist/cli/commands/run/process-tree.js +6 -3
  3. package/dist/cli/commands/verify.js +3 -1
  4. package/dist/cli/lib/git-changes.js +11 -1
  5. package/dist/cli/lib/i18n.js +1 -1
  6. package/dist/cli/lib/local-index/index.js +8 -4
  7. package/dist/cli/lib/local-index/populate.js +17 -3
  8. package/dist/cli/lib/local-index/search-read-model.js +9 -7
  9. package/dist/cli/lib/local-index/search-text.js +2 -2
  10. package/dist/cli/lib/local-index/workflow-documents.js +17 -2
  11. package/dist/cli/lib/mustflow-read.js +14 -2
  12. package/dist/cli/lib/repo-map.js +16 -3
  13. package/dist/cli/lib/templates.js +8 -7
  14. package/dist/cli/lib/validation/constants.js +1 -1
  15. package/dist/core/active-run-locks.js +78 -20
  16. package/dist/core/change-classification.js +4 -0
  17. package/dist/core/command-contract-rules.js +1 -1
  18. package/dist/core/command-contract-validation.js +1 -1
  19. package/dist/core/command-cwd.js +13 -2
  20. package/dist/core/command-effects.js +22 -4
  21. package/dist/core/command-env.js +8 -6
  22. package/dist/core/command-preconditions.js +28 -2
  23. package/dist/core/completion-verdict.js +1 -1
  24. package/dist/core/line-endings.js +8 -4
  25. package/dist/core/safe-filesystem.js +9 -1
  26. package/dist/core/source-anchor-validation.js +7 -1
  27. package/dist/core/source-anchors.js +8 -2
  28. package/dist/core/verification-scheduler.js +8 -2
  29. package/package.json +1 -1
  30. package/templates/default/i18n.toml +330 -1
  31. package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
  32. package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
  33. package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
  34. package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
  35. package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
  36. package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
  37. package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
  38. package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
  39. package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
  40. package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
  41. package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
  42. package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
  43. package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
  44. package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
  45. package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
  46. package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
  47. package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
  48. package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
  49. package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
  50. package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
  51. package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
  52. package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
  53. package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
  54. package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
  55. package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
  56. package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
  57. package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
  58. package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
  59. package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
  60. package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
  61. package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
  62. package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
  63. package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
  64. package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
  65. package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
  66. package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
  67. package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
  68. package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
  69. package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
  70. package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
  71. package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
  72. package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
  73. package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
  74. package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
  75. package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
  76. package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
  77. package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
  78. package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
  79. package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
  80. package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
  81. package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
  82. package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
  83. package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
  84. package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
  85. package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
  86. package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
  87. package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
  88. package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
  89. package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
  90. package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
  91. package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
  92. package/templates/default/manifest.toml +386 -1
@@ -0,0 +1,179 @@
1
+ ---
2
+ mustflow_doc: skill.type-state-modeling-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: type-state-modeling-review
9
+ description: Apply this skill when code is created, changed, reviewed, or reported and type design should make impossible states unrepresentable, including branded IDs, units, discriminated unions, nullable state fields, broad string statuses, DTO boundary types, raw external data, partial update inputs, Result error variants, permission capabilities, state transitions, exhaustiveness, any/cast usage, and non-empty collection invariants.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.type-state-modeling-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # Type State Modeling Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Review types as runtime bug prevention, not just compiler appeasement.
33
+
34
+ The core question is: "Can this type represent a value the domain says cannot exist?" If yes, the type is a loose note, not a guardrail. Tighten the shape so invalid IDs, units, statuses, lifecycle states, partial inputs, raw external payloads, and impossible success or error combinations cannot quietly enter ordinary code.
35
+
36
+ <!-- mustflow-section: use-when -->
37
+ ## Use When
38
+
39
+ - Code is created, changed, reviewed, or reported and the risk is invalid domain state hidden behind permissive types.
40
+ - TypeScript, JavaScript with JSDoc, Rust, Go, Kotlin, Swift, Java, C#, Python typing, database schemas, API schemas, GraphQL schemas, protobufs, OpenAPI contracts, or validation schemas introduce or change IDs, statuses, modes, DTOs, request or response shapes, error shapes, permissions, money, time, units, external payloads, or lifecycle states.
41
+ - Code uses broad primitives such as `string`, `number`, `boolean`, arrays, maps, `any`, `unknown`, casts, non-null assertions, optional fields, nullable fields, `Partial<T>`, untyped records, or generic payload names for domain values with stricter meaning.
42
+ - A review or final report claims a type is safe because it compiles, has validation somewhere else, is "just a DTO", is only used internally, or is currently populated by trusted code.
43
+
44
+ <!-- mustflow-section: do-not-use-when -->
45
+ ## Do Not Use When
46
+
47
+ - The task is only a syntax or typecheck fix with no domain, boundary, invariant, lifecycle, error, or API shape risk.
48
+ - The task only changes one concrete state machine implementation; use `state-machine-pattern` first and this skill only for type-shape adjunct checks.
49
+ - The task only changes expected failure or absence handling; use `result-option` first and this skill only when the surrounding type shape still permits impossible states.
50
+ - The task only changes API compatibility or serialized output contracts; use `api-contract-change` or `public-json-contract-change` first and this skill only for domain-type boundary leakage.
51
+ - The language or local project style cannot express the invariant statically; report the limitation and require a constructor, parser, validator, test, or database constraint instead of pretending the type alone enforces it.
52
+
53
+ <!-- mustflow-section: required-inputs -->
54
+ ## Required Inputs
55
+
56
+ - Domain invariant: the impossible states, invalid transitions, invalid IDs, unit mistakes, absence semantics, permission rules, or trusted-boundary assumptions the code must prevent.
57
+ - Current type surface: domain models, DTOs, database rows, API request and response types, form inputs, validation schemas, generated types, error types, permissions, state fields, and helper aliases.
58
+ - Construction path: where raw data becomes trusted data, where IDs and units are parsed, where variants are created, and where casts or assertions bypass checks.
59
+ - Boundary map: raw external payload, parsed input, create input, update input, persisted row, domain model, public response, internal event, queue message, and test fixture shapes.
60
+ - Exhaustiveness surface: match, switch, visitor, sealed hierarchy, enum handling, `never` or equivalent checks, default cases, and generated client behavior.
61
+ - Relevant command-intent contract entries for build, typecheck, tests, docs, release checks, and mustflow validation.
62
+
63
+ <!-- mustflow-section: preconditions -->
64
+ ## Preconditions
65
+
66
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
67
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
68
+ - Required inputs are available, or missing invariants can be reported without guessing.
69
+ - Existing local patterns for branded types, newtypes, discriminated unions, sealed classes, enums, validators, parsers, constructors, `Result`, `Option`, state machines, and schema validation have been searched before adding new helpers.
70
+ - If the type surface crosses persistence, external protocols, generated schemas, or public APIs, also apply the relevant database, adapter, migration, API, or JSON contract skill.
71
+
72
+ <!-- mustflow-section: allowed-edits -->
73
+ ## Allowed Edits
74
+
75
+ - Replace broad primitives with branded types, newtypes, wrappers, enums, literal unions, sealed variants, discriminated unions, parser-produced types, or domain constructors when local style supports them.
76
+ - Split invalid optional or nullable field clusters into variants with required fields per state.
77
+ - Separate raw external DTOs, validated inputs, create inputs, partial update inputs, persisted rows, domain models, public responses, events, and queue messages.
78
+ - Add exhaustive handling helpers such as `assertNever` or the local equivalent, and update tests to cover impossible-state construction where the project has type-level or runtime boundary tests.
79
+ - Add focused validators, parsers, constructors, schema refinements, and database constraints only when types alone cannot enforce the invariant.
80
+ - Do not introduce a new type framework, broad generated-type rewrite, or global taxonomy when a local alias, constructor, or union fixes the current boundary.
81
+ - Do not hide uncertainty behind casts, non-null assertions, broad `Record<string, unknown>`, or comments that say a value "should" be valid.
82
+
83
+ <!-- mustflow-section: procedure -->
84
+ ## Procedure
85
+
86
+ 1. Ask the guardrail question first: can the current type construct a value the domain rejects? Name at least one concrete impossible example or state that the change must prevent.
87
+ 2. Classify primitive domain values.
88
+ - Split IDs such as user, post, team, order, tenant, account, provider, and public IDs into branded or wrapper types when accidental swapping is plausible.
89
+ - Split money, currency, duration, timestamp, local date, timezone, ratio, percentage, byte count, and quantity values so unit confusion cannot compile or silently serialize.
90
+ 3. Remove boolean flag soup.
91
+ - Avoid several booleans that encode one lifecycle, such as `isLoading`, `isError`, `isSuccess`, `isPaid`, `isCancelled`, or `isDeleted`.
92
+ - Use one discriminant, enum, sealed class, or state variant with required fields for each state.
93
+ 4. Close status vocabularies.
94
+ - Replace `status: string`, broad enum-like strings, and unchecked external strings with literal unions, enums, sealed variants, or validated parser output.
95
+ - Keep unknown provider values at the boundary as parse errors, unknown variants, or reconciliation states instead of casting them into an internal status.
96
+ 5. Split nullable and optional fields by state.
97
+ - If a field is required in one state and invalid in another, make separate variants rather than a single object with many optional fields.
98
+ - Define one absence meaning for `null`, `undefined`, `None`, or `nil`; do not mix "not loaded", "not applicable", "not found", and "intentionally empty" in one field.
99
+ 6. Separate raw, validated, persisted, domain, and response types.
100
+ - Raw external API, database row, form input, URL query, localStorage, webhook, queue, and file parse data should not be the same type as trusted domain data.
101
+ - Create, update, patch, persisted, internal domain, public response, and event types should be named by responsibility even when their fields look similar.
102
+ 7. Treat `Partial<T>`, `Pick<T>`, and `Omit<T>` as debt signals.
103
+ - Use them for local mechanical transformations only when the resulting role is obvious and bounded.
104
+ - Promote repeated or security-sensitive shapes into named types such as `UpdateUserProfileInput`, `PublicUserProfile`, or `PersistedUser`.
105
+ 8. Narrow maps and records.
106
+ - Check whether `Record<string, T>`, string-key maps, index signatures, metadata bags, and event payloads truly allow any key.
107
+ - Use a closed key union, branded key, schema parser, or value narrowing when keys are locale, feature, role, plan, permission, status, or metric names.
108
+ 9. Audit `any`, `unknown`, casts, and non-null assertions.
109
+ - `unknown` must be narrowed by validation before use.
110
+ - Repeated `as`, non-null `!`, force unwraps, unchecked type assertions, and `JSON.parse(...) as ...` usually mean the construction path is missing.
111
+ - Keep unavoidable casts at one small boundary with a parser, invariant comment, or test that proves the assumption.
112
+ 10. Model success, failure, and absence without impossible combinations.
113
+ - Replace `{ success: boolean; data?: T; error?: E }` with a discriminated `Result<T, E>` or local equivalent.
114
+ - Give `Result` an error type; a result without typed errors often loses the reason the caller needs.
115
+ - Use `Option` or equivalent for meaningful absence, and convert absence to a typed error at the layer where absence becomes failure.
116
+ 11. Model collection invariants.
117
+ - Use a `NonEmpty` type, constructor, parser, database constraint, or runtime guard when empty collections are invalid.
118
+ - Name sorted, unique, paginated, trusted, selected, active, or primary collections when those properties affect behavior.
119
+ 12. Model permissions and capabilities by action.
120
+ - Avoid scattering `role: string`, `isAdmin`, or boolean permission flags when access depends on role, plan, tenant, owner, resource state, or experiment.
121
+ - Prefer capability, policy, or permission-result types that say what action is allowed and why.
122
+ 13. Align lifecycle and temporal types.
123
+ - Split new, persisted, active, deleted, archived, draft, published, expired, revoked, and restored variants when timestamps or IDs are only valid in some states.
124
+ - Do not let `createdAt?`, `updatedAt?`, `deletedAt?`, `publishedAt?`, or `expiresAt?` combinations encode contradictory lifecycle facts.
125
+ 14. Enforce exhaustiveness.
126
+ - Use `never`, sealed-class exhaustiveness, match expressions, exhaustive switch linting, or equivalent local tools.
127
+ - Avoid broad `default` branches that hide newly added variants unless they intentionally handle externally unknown values at a boundary.
128
+ 15. Add tests at the right layer.
129
+ - Prefer type-level tests when the repository already supports them.
130
+ - Otherwise add parser, constructor, boundary, or domain tests showing invalid states fail to enter trusted code and valid variants remain easy to construct.
131
+ 16. Report residual gaps honestly. If language limits, generated types, framework constraints, or public compatibility still permit impossible states, name the remaining constructor, validation, schema, database, or review burden.
132
+
133
+ <!-- mustflow-section: postconditions -->
134
+ ## Postconditions
135
+
136
+ - Impossible domain states are prevented by type shape, constructor, parser, validator, schema, or constraint at the earliest reasonable boundary.
137
+ - IDs, units, currencies, durations, timestamps, local dates, permissions, statuses, variants, and collection invariants are no longer erased into broad primitives where swaps or contradictions matter.
138
+ - Raw external data, validated input, persisted rows, domain models, public responses, and update inputs have explicit ownership boundaries.
139
+ - Expected failures, meaningful absence, state transitions, and lifecycle timestamps do not rely on optional-field combinations that can contradict themselves.
140
+ - Casts, assertions, non-null escapes, `any`, and broad records are removed or isolated with evidence.
141
+ - Exhaustive handling and focused tests cover the changed type surface when configured.
142
+
143
+ <!-- mustflow-section: verification -->
144
+ ## Verification
145
+
146
+ Use configured oneshot command intents when available:
147
+
148
+ - `changes_status`
149
+ - `changes_diff_summary`
150
+ - `lint`
151
+ - `build`
152
+ - `test_related`
153
+ - `test`
154
+ - `docs_validate_fast`
155
+ - `test_release`
156
+ - `mustflow_check`
157
+
158
+ Use the narrowest configured typecheck, build, test, docs, release, or mustflow intent that covers the changed type boundary. Do not infer raw package-manager, schema-generation, or type-test commands outside the command contract.
159
+
160
+ <!-- mustflow-section: failure-handling -->
161
+ ## Failure Handling
162
+
163
+ - If an invariant is unknown, stop widening types and report the missing domain decision.
164
+ - If a stricter type causes many call-site errors, fix the construction boundary and closest callers first; do not silence the errors with casts.
165
+ - If generated or public compatibility types must stay permissive, add an internal parsed type and boundary mapper instead of weakening domain types.
166
+ - If the language cannot enforce an invariant statically, use a constructor, parser, validator, database constraint, or focused test and report the residual static gap.
167
+ - If configured verification is missing, report the missing intent instead of inventing raw typecheck or schema commands.
168
+
169
+ <!-- mustflow-section: output-format -->
170
+ ## Output Format
171
+
172
+ - Type surface reviewed
173
+ - Impossible states found or ruled out
174
+ - IDs, units, status vocabulary, nullable or optional fields, raw boundary types, partial update inputs, DTO/domain/response split, maps or records, casts, non-null assertions, `any`, `Result`, `Option`, non-empty collections, permissions, lifecycle timestamps, and exhaustiveness checked where relevant
175
+ - Type shape, parser, constructor, validator, schema, or constraint changes made or recommended
176
+ - Tests or verification evidence
177
+ - Command intents run
178
+ - Skipped type-level checks and reasons
179
+ - Remaining impossible-state risk
@@ -0,0 +1,164 @@
1
+ ---
2
+ mustflow_doc: skill.web-render-performance-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: web-render-performance-review
9
+ description: Apply this skill when web pages, frontend routes, landing pages, ecommerce pages, dashboards, SSR/RSC/SPA routes, hero media, LCP candidates, CSS, fonts, images, iframes, third-party scripts, client bundles, hydration boundaries, route prefetching, first-view data, HTML streaming, CDN caching, resource hints, long tasks, Core Web Vitals, or web-performance tests need review for first-render performance, LCP, CLS, FCP, TTFB, render-blocking CSS, asset priority, JavaScript execution cost, or cache and delivery risk.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.web-render-performance-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # Web Render Performance Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Review web first-render performance as a critical rendering path problem: the browser must discover the first viewport HTML, CSS, data, fonts, scripts, and LCP media early, while noncritical work stays out of the way.
33
+
34
+ The review question is not "did we compress assets?" It is "what blocks the first useful pixels, what competes with the LCP resource, what shifts layout later, and what work runs on the main thread before the user can see or use the page?"
35
+
36
+ <!-- mustflow-section: use-when -->
37
+ ## Use When
38
+
39
+ - A web page, frontend route, landing page, product page, dashboard, SPA, SSR route, RSC route, streamed page, app shell, or route transition is created, changed, reviewed, or reported with performance risk.
40
+ - Code touches hero images, above-the-fold media, CSS delivery, global styles, route CSS, fonts, font preloads, responsive images, lazy media, iframes, embeds, ads, chat widgets, analytics, tag managers, maps, charts, editors, markdown renderers, syntax highlighters, or third-party scripts.
41
+ - Code touches client/server component boundaries, hydration, dynamic imports, code splitting, modulepreload, route prefetching, first-view data fetching, SSR loaders, serialized initial data, Suspense, streaming HTML, CDN HTML caching, cache headers, compression, Early Hints, preconnect, `content-visibility`, workers, idle work, or long main-thread tasks.
42
+ - A review or final report claims improved Core Web Vitals, LCP, CLS, FCP, TTFB, critical CSS, bundle size, render-blocking behavior, lazy loading, preloading, cacheability, or first-render speed.
43
+
44
+ <!-- mustflow-section: do-not-use-when -->
45
+ ## Do Not Use When
46
+
47
+ - The task is only backend latency, database throughput, queue throughput, repeated work, or p95/p99 service behavior without browser first-render impact; use `hot-path-performance-review`, `database-query-bottleneck-review`, or `performance-budget-check`.
48
+ - The task is only visible flicker, hydration flash, theme flash, route transition jank, or blank first render as a symptom; use `frontend-render-stability` first, then this skill only if the root cause is resource, data, cache, bundle, or main-thread performance.
49
+ - The task only adds, converts, resizes, or replaces raster image files; use `web-asset-optimization` for asset bytes and this skill only if page delivery, LCP priority, or responsive markup also changes.
50
+ - The task is only visual layout polish, accessibility, styling correctness, or design-token work with no render-performance claim; use `ui-quality-gate`, `html-code-change`, or `css-code-change`.
51
+ - A real browser, network waterfall, Lighthouse, WebPageTest, trace, RUM, or lab measurement is required but no configured one-shot intent or explicit user-approved workflow exists. Report the measurement gap instead of inventing raw browser, server, profiler, or package-manager commands.
52
+
53
+ <!-- mustflow-section: required-inputs -->
54
+ ## Required Inputs
55
+
56
+ - First viewport and LCP candidate ledger: route, viewport, largest visible element candidates, hero media, above-the-fold text, skeletons, fallback content, and responsive breakpoints.
57
+ - Critical resource discovery ledger: HTML location, markup versus CSS background, preload, preconnect, Early Hints, modulepreload, framework image component behavior, SSR or CSR discovery timing, and competing high-priority resources.
58
+ - CSS and render-blocking ledger: critical CSS, global CSS, route CSS, common or vendor CSS, unused above-the-fold rules, CSS-in-JS injection timing, and blocking stylesheet order.
59
+ - Font loading ledger: font files, weights, subsets, `unicode-range`, format, preload list, `font-display`, fallback metrics, Korean or CJK coverage, FOIT risk, and CLS risk.
60
+ - Image, video, and iframe ledger: `srcset`, `sizes`, intrinsic dimensions, `aspect-ratio`, lazy/eager loading, `fetchpriority`, CDN transformation, thumbnails, embeds, ads, maps, and offscreen media.
61
+ - Third-party script ledger: analytics, tag managers, ads, A/B testing, heatmaps, chat widgets, payment widgets, maps, embeds, consent gates, page scope, and user-intent loading.
62
+ - JavaScript bundle and hydration ledger: initial route bundle, client/server boundaries, `use client` placement, dynamic imports, chunk graph, modulepreload, route prefetching, parse/compile/execute cost, and main-thread tasks.
63
+ - Data and HTML delivery ledger: first-view data owner, SSR/RSC/loader/static generation, client effects, serialized initial data, streaming shell, Suspense or loading boundaries, personalization holes, and TTFB evidence.
64
+ - Cache, compression, and resource-hint ledger: CDN HTML cacheability, cache-control headers, fingerprinted assets, private data boundaries, text compression, Early Hints, preconnect origins, and preload accuracy.
65
+ - Main-thread and long-task ledger: expensive parsing, syntax highlighting, charting, search indexing, markdown rendering, JSON work, layout-heavy below-fold DOM, idle work, worker offload, and chunking strategy.
66
+ - Existing tests, performance budgets, traces, RUM, lab reports, build output, bundle output, server timing, or configured command-intent evidence.
67
+
68
+ <!-- mustflow-section: preconditions -->
69
+ ## Preconditions
70
+
71
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
72
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
73
+ - Required inputs are available from current files, diffs, docs, configured outputs, or user-provided evidence, or missing inputs can be reported without guessing.
74
+ - Framework-specific APIs and delivery behavior are verified against project dependencies or current official documentation before durable docs or framework-specific code changes rely on them.
75
+ - If the change modifies actual HTML, CSS, framework, image assets, security-sensitive third-party scripts, cache privacy, or backend TTFB behavior, also use the matching narrower skill.
76
+
77
+ <!-- mustflow-section: allowed-edits -->
78
+ ## Allowed Edits
79
+
80
+ - Adjust LCP media loading, responsive image markup, intrinsic dimensions, priority hints, critical CSS, route CSS splitting, font loading, font preloads, font subsets, lazy media, iframe loading, third-party script gates, chat-widget loading, hydration boundaries, dynamic imports, route prefetch policy, first-view data ownership, HTML streaming boundaries, static shell and dynamic hole split, cache headers, compression settings, resource hints, below-fold rendering containment, long-task scheduling, focused tests, and directly synchronized docs or templates.
81
+ - Add lightweight instrumentation or assertions for LCP candidate delivery, query or data count, server timing, bundle or asset budgets, resource hints, cache headers, or lazy-media geometry when the repository already has a pattern or configured intent.
82
+ - Keep changes local to the proven first-render path. Do not introduce a new framework, CDN, image service, analytics stack, service worker, router, bundler, worker runtime, or benchmark harness without explicit product and command-contract support.
83
+ - Do not trade correctness, accessibility, privacy, security, authorization, localization, cache safety, visual stability, or user control for faster-looking first paint.
84
+
85
+ <!-- mustflow-section: procedure -->
86
+ ## Procedure
87
+
88
+ 1. Identify the LCP candidate before tuning. Name the likely largest first-viewport element for desktop and mobile, whether it is text, image, video poster, background image, or rendered component, and how the browser discovers it.
89
+ 2. Do not lazy-load the LCP image. Above-the-fold hero or first product media should be eager by default, and `fetchpriority="high"` should be reserved for the actual LCP resource after checking competing resources and framework behavior.
90
+ 3. Preload background hero images when CSS hides discovery. If the LCP candidate is a CSS background, carousel first slide, dynamically selected hero, or responsive background, add or verify an accurate preload strategy instead of assuming the browser finds it early.
91
+ 4. Budget `fetchpriority`. Marking many resources as high is priority inflation; it makes the browser choose between too many "urgent" things. Use high priority for the one critical candidate and leave secondary assets normal or lazy.
92
+ 5. Inline only critical CSS needed for the first viewport when the project supports it. Do not inline large global styles, component libraries, or below-fold rules under the name of critical CSS.
93
+ 6. Split route CSS. A common, global, vendor, or design-system stylesheet that grows with every page can block render for pages that use only a fraction of it.
94
+ 7. Choose `font-display` deliberately. Decide whether `optional`, `swap`, or another strategy is right for the page, then check fallback metrics so text appears quickly without large layout shifts.
95
+ 8. Preload only first-view fonts. Preload the exact font file, weight, subset, and format needed for first paint; do not preload every family, weight, italic variant, icon font, or locale subset.
96
+ 9. Subset Korean and CJK fonts. Large Korean, Japanese, Chinese, and full Unicode fonts need subsets, `unicode-range`, variable or minimal weights, and fallback planning before they are allowed on the first-render path.
97
+ 10. Use `srcset` and `sizes` before celebrating WebP or AVIF. A modern format still hurts if the browser downloads a desktop-sized image on mobile or an image wider than its rendered slot.
98
+ 11. Use an image CDN or transformation pipeline when the page has many responsive images and the repository already supports one. The important property is per-device dimensions, format, quality, and cacheability, not the vendor name.
99
+ 12. Reserve space for lazy media. Offscreen images, videos, ads, embeds, and iframes can lazy-load, but they need width, height, `aspect-ratio`, placeholders, or stable containers so they do not create CLS later.
100
+ 13. Lazy-load or click-load offscreen iframes and heavy embeds. Maps, videos, dashboards, social embeds, and ads should not compete with first paint unless they are the first task on the page.
101
+ 14. Gate third-party scripts by page, consent, timing, and user intent. Analytics, heatmaps, tag managers, A/B tests, widgets, and ads should not load globally just because one route might use them.
102
+ 15. Defer chat widgets until intent. A chat launcher can be visible without loading the full SDK, iframe, fonts, analytics, and network stack before first paint.
103
+ 16. Keep `use client` boundaries narrow in React and Next.js style apps. A top-level layout or page marked client-side can drag static markup, data, and child components into the hydration and bundle cost.
104
+ 17. Lazy-load heavy interactive widgets. Modals, charts, editors, maps, markdown renderers, syntax highlighters, date pickers, and rarely opened panels should usually enter through dynamic import or route-level loading.
105
+ 18. Split code by "not needed for this route now," not by chunk theater. Too many tiny chunks can add request and module scheduling overhead, while one giant common chunk ships unused code everywhere.
106
+ 19. Use `modulepreload` only for critical initial modules. Preloading every possible route, widget, or secondary chunk creates a new waterfall in nicer clothes.
107
+ 20. Do not fetch first-view data in a client effect when server, route loader, RSC, static generation, or serialized initial data can safely provide it. Client effects are for enhancement, subscriptions, and browser-only data, not required first pixels.
108
+ 21. Stream HTML and shell early. Send stable layout, navigation, critical content, and placeholders as soon as possible; put slow regions behind Suspense, loading boundaries, or progressive sections when the framework supports it.
109
+ 22. Split static shells from dynamic holes. Cache and reuse stable HTML around narrow personalized or fast-changing regions instead of making the whole page uncached and origin-bound for one username, cart count, or recommendation slot.
110
+ 23. Investigate slow TTFB before polishing the browser side. If TTFB is around or above one second, use Server-Timing, origin logs, cache status, query count, API count, SSR timing, or configured evidence to find the upstream wait.
111
+ 24. Cache HTML at the edge when it is safe. Low-personalization pages can often be CDN cached with revalidation or hole punching; private or user-specific pages need explicit cache boundaries to avoid data leaks.
112
+ 25. Cache fingerprinted assets with long immutable headers. Do not confuse `no-cache`, `no-store`, `private`, and long-lived immutable caching; the wrong header can either slow every visit or leak user-specific content.
113
+ 26. Enable text compression for HTML, CSS, JS, JSON, SVG, and other text resources. Do not waste time recompressing already compressed media such as JPEG, PNG, WebP, AVIF, video, or font formats that are already compressed.
114
+ 27. Use Early Hints and preconnect sparingly. They help only when the critical resource or origin is definitely needed soon; speculative hints for many origins can steal sockets and bandwidth from the real first-render path.
115
+ 28. Use `content-visibility: auto` with `contain-intrinsic-size` for huge below-fold DOM when supported. It can reduce early layout and paint work, but missing intrinsic size can cause scroll jumps.
116
+ 29. Break long main-thread tasks. Heavy JSON parsing, syntax highlighting, chart rendering, markdown rendering, search indexing, diffing, and data formatting may need chunking, idle callbacks, workers, virtualization, or server-side precomputation.
117
+ 30. Audit route prefetch behavior. Framework prefetching can help a few likely next clicks, but a page with hundreds of links can turn prefetch into a silent network and CPU tax; disable or move it to hover or viewport intent when needed.
118
+ 31. Label evidence honestly. If there is no configured browser trace, network waterfall, bundle report, RUM, or lab measurement, report findings as static critical-path risk or configured-test evidence, not measured Web Vitals improvement.
119
+
120
+ <!-- mustflow-section: postconditions -->
121
+ ## Postconditions
122
+
123
+ - The first viewport, LCP candidate, discovery path, critical CSS, fonts, media, scripts, data, HTML delivery, cache behavior, resource hints, and main-thread work are explicit.
124
+ - Lazy LCP media, hidden background hero discovery, priority inflation, render-blocking global CSS, over-preloaded fonts, unsubset Korean or CJK fonts, oversized images, missing dimensions, eager offscreen embeds, global third-party scripts, broad client boundaries, eager heavy widgets, client-effect first data, all-or-nothing HTML waits, unsafe cache headers, hint spam, below-fold layout work, long tasks, and overbroad prefetch are fixed or reported.
125
+ - Performance claims are backed by current configured evidence or labeled as static review risk, manual-only measurement, or missing evidence.
126
+ - Accessibility, layout stability, privacy, security, cache correctness, and framework boundaries remain intact or are reported as tradeoffs.
127
+
128
+ <!-- mustflow-section: verification -->
129
+ ## Verification
130
+
131
+ Use configured oneshot command intents when available:
132
+
133
+ - `changes_status`
134
+ - `changes_diff_summary`
135
+ - `lint`
136
+ - `build`
137
+ - `test_related`
138
+ - `test`
139
+ - `docs_validate_fast`
140
+ - `test_release`
141
+ - `mustflow_check`
142
+
143
+ Use the narrowest configured test, build, docs, release, or mustflow intent that covers the changed render path. Use browser, Lighthouse, WebPageTest, trace, RUM, bundle-analyzer, server, CDN, or profiler workflows only when they are configured one-shot intents or explicitly approved by the user.
144
+
145
+ <!-- mustflow-section: failure-handling -->
146
+ ## Failure Handling
147
+
148
+ - If the LCP candidate or first viewport is unknown, report the unknown before adding preloads, priority hints, or lazy-loading changes.
149
+ - If a configured test or build fails, preserve the failing intent and output tail, then fix only the render, resource, cache, or template contract exercised by the failure.
150
+ - If the fix needs unconfigured browser measurement, dev servers, production traces, CDN changes, package-manager scripts, or framework upgrades, stop and report the missing command or product decision.
151
+ - If speed conflicts with privacy, authorization, cache safety, accessibility, or layout stability, keep the safer behavior and report the performance tradeoff.
152
+ - If verification fails after a performance change, use `failure-triage` before broadening the fix.
153
+
154
+ <!-- mustflow-section: output-format -->
155
+ ## Output Format
156
+
157
+ - Web render surface reviewed
158
+ - First viewport and LCP candidate
159
+ - Resource discovery, CSS, font, media, third-party, JavaScript, data, cache, hint, and main-thread ledgers
160
+ - Findings or fixes
161
+ - Evidence level: measured, configured-test evidence, static critical-path risk, manual-only, missing, or not applicable
162
+ - Command intents run
163
+ - Skipped browser or performance measurements and reasons
164
+ - Remaining web-render performance risk