mustflow 2.39.1 → 2.58.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/run/executor.js +16 -0
- package/dist/cli/commands/run/process-tree.js +6 -3
- package/dist/cli/commands/tech.js +60 -4
- package/dist/cli/commands/verify.js +3 -1
- package/dist/cli/lib/git-changes.js +11 -1
- package/dist/cli/lib/i18n.js +1 -1
- package/dist/cli/lib/local-index/index.js +8 -4
- package/dist/cli/lib/local-index/populate.js +17 -3
- package/dist/cli/lib/local-index/search-read-model.js +9 -7
- package/dist/cli/lib/local-index/search-text.js +2 -2
- package/dist/cli/lib/local-index/workflow-documents.js +17 -2
- package/dist/cli/lib/mustflow-read.js +14 -2
- package/dist/cli/lib/npm-version-check.js +36 -0
- package/dist/cli/lib/repo-map.js +16 -3
- package/dist/cli/lib/templates.js +8 -7
- package/dist/cli/lib/validation/constants.js +1 -1
- package/dist/core/active-run-locks.js +78 -20
- package/dist/core/change-classification.js +4 -0
- package/dist/core/command-contract-rules.js +1 -1
- package/dist/core/command-contract-validation.js +1 -1
- package/dist/core/command-cwd.js +13 -2
- package/dist/core/command-effects.js +22 -4
- package/dist/core/command-env.js +8 -6
- package/dist/core/command-preconditions.js +28 -2
- package/dist/core/completion-verdict.js +1 -1
- package/dist/core/line-endings.js +8 -4
- package/dist/core/safe-filesystem.js +9 -1
- package/dist/core/source-anchor-validation.js +7 -1
- package/dist/core/source-anchors.js +8 -2
- package/dist/core/verification-scheduler.js +8 -2
- package/package.json +1 -1
- package/templates/default/i18n.toml +330 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
- package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
- package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
- package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
- package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
- package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
- package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
- package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
- package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
- package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
- package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
- package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
- package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
- package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
- package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
- package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
- package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
- package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
- package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
- package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
- package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
- package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
- package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
- package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
- package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
- package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
- package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
- package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
- package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
- package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
- package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
- package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
- package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
- package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
- package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
- package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
- package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
- package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
- package/templates/default/manifest.toml +386 -1
package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md
ADDED
|
@@ -0,0 +1,202 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.frontend-accessibility-tree-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: frontend-accessibility-tree-review
|
|
9
|
+
description: Apply this skill when frontend UI is created, changed, reviewed, or reported and accessibility must be checked through the browser accessibility tree, accessible names, visible label consistency, native HTML semantics, keyboard navigation, focus order and return, dialogs, forms, errors, live regions, ARIA attributes, hidden content, icon and image text alternatives, custom widgets, contrast, target size, dragging alternatives, or automated accessibility evidence.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.frontend-accessibility-tree-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Frontend Accessibility Tree Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review frontend accessibility by checking what browsers expose to assistive technology, not whether code contains enough ARIA.
|
|
33
|
+
|
|
34
|
+
The core question is: "Does the accessibility tree, keyboard path, visible label, and announced state describe the same UI the sighted pointer user sees?" Native HTML should carry the contract first. ARIA should repair unavoidable gaps, not repaint broken semantics.
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- Frontend UI, controls, forms, dialogs, menus, tabs, comboboxes, custom selects, tables, cards, media, icons, images, drag interactions, loading states, error states, toasts, live updates, or design-system components are created, changed, reviewed, or reported.
|
|
40
|
+
- Code adds or changes `onClick`, `role`, `tabIndex`, `aria-*`, `alt`, `hidden`, `display: none`, `visibility: hidden`, visually hidden text, focus styles, keyboard handlers, dialogs, popovers, menus, tabs, form validation, or live regions.
|
|
41
|
+
- A review or final report claims the UI is accessible, keyboard usable, screen-reader friendly, WCAG-ready, axe-clean, semantically correct, or correctly labeled.
|
|
42
|
+
- A bug report mentions missing names, wrong screen-reader text, inaccessible icon buttons, broken Tab order, focus loss, modal focus leaks, keyboard traps, placeholder-only fields, unannounced async status, or custom widget keyboard failures.
|
|
43
|
+
|
|
44
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
45
|
+
## Do Not Use When
|
|
46
|
+
|
|
47
|
+
- The task is only visual layout stress, overflow, mobile viewport, zoom, or hostile content resilience; use `frontend-stress-layout-review` first and this skill only when assistive-technology or keyboard contracts are also affected.
|
|
48
|
+
- The task is only broad UI quality or visual polish with no semantic, keyboard, focus, form, status-message, target-size, or assistive-technology risk; use `ui-quality-gate`.
|
|
49
|
+
- The task is only first-render performance, Core Web Vitals, bundle size, or per-frame rendering; use the matching frontend performance skill.
|
|
50
|
+
- No user-facing UI, rendered artifact, browser DOM, or interaction contract is affected.
|
|
51
|
+
- Verification would require an unconfigured browser, screen reader, accessibility snapshot, or dev server. Report the missing accessibility evidence instead of inventing raw commands.
|
|
52
|
+
|
|
53
|
+
<!-- mustflow-section: required-inputs -->
|
|
54
|
+
## Required Inputs
|
|
55
|
+
|
|
56
|
+
- User goal, changed UI surface, current diff or target files, framework and component-library signals, and configured command intents.
|
|
57
|
+
- Semantic ledger: each interactive element, intended role, native element used, accessible name source, visible label, current state, disabled behavior, and destination or action semantics.
|
|
58
|
+
- Keyboard ledger: tab order, Enter and Space behavior, arrow-key contract, Escape behavior, focus trap, focus return, roving tabindex if used, and skip or landmark navigation when relevant.
|
|
59
|
+
- Assistive-technology ledger: accessibility tree role/name/state evidence, `aria-labelledby` and `aria-describedby` references, live region behavior, hidden content policy, and icon or image text alternatives.
|
|
60
|
+
- Form ledger: labels, instructions, placeholder usage, fieldset and legend groups, validation timing, `aria-invalid`, error descriptions, error summary, and submit-failure focus behavior.
|
|
61
|
+
- Interaction ledger: dialogs, menus, tabs, comboboxes, custom selects, drag and drop, sliders, touch targets, pointer alternatives, focus visibility, obscured focus, non-text contrast, reduced motion, and async status updates.
|
|
62
|
+
- Evidence level: static markup evidence, lint or axe evidence, Testing Library `getByRole` evidence, Playwright accessibility snapshot evidence, keyboard walkthrough evidence, screen-reader manual evidence, or missing evidence.
|
|
63
|
+
|
|
64
|
+
<!-- mustflow-section: preconditions -->
|
|
65
|
+
## Preconditions
|
|
66
|
+
|
|
67
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
68
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
69
|
+
- Existing local patterns for buttons, links, icons, forms, dialogs, menus, tabs, comboboxes, toasts, live regions, focus rings, and visually hidden text have been searched before adding a new accessibility pattern.
|
|
70
|
+
- If an accessibility issue is caused by state ownership, permission logic, layout stress, rendering performance, or security flow, also apply the narrower matching skill for that boundary.
|
|
71
|
+
|
|
72
|
+
<!-- mustflow-section: allowed-edits -->
|
|
73
|
+
## Allowed Edits
|
|
74
|
+
|
|
75
|
+
- Replace fake interactive elements with native HTML such as `<button type="button">`, `<a href>`, `<label>`, `<fieldset>`, `<legend>`, `<select>`, and form controls when they match the interaction.
|
|
76
|
+
- Add or correct accessible names, label associations, descriptions, `aria-invalid`, `aria-expanded`, `aria-selected`, `aria-checked`, `aria-current`, `aria-busy`, live regions, focus management, keyboard handlers, and hidden-content behavior when native semantics are insufficient.
|
|
77
|
+
- Fix icon, SVG, image, and alt text contracts; add decorative `aria-hidden`, `focusable="false"`, meaningful labels, or empty alt text according to the element's role.
|
|
78
|
+
- Add focused tests, fixtures, or assertions that use roles, names, keyboard interaction, focus behavior, or accessibility snapshots when existing project patterns support them.
|
|
79
|
+
- Do not replace native controls with custom widgets, add broad ARIA frameworks, create a visual test suite, start a browser or screen-reader workflow, or change product interaction semantics beyond the affected accessibility contract.
|
|
80
|
+
|
|
81
|
+
<!-- mustflow-section: procedure -->
|
|
82
|
+
## Procedure
|
|
83
|
+
|
|
84
|
+
1. Start from the accessibility tree, not the JSX.
|
|
85
|
+
- For each important control, name the exposed role, accessible name, state, and description.
|
|
86
|
+
- If no tree evidence exists, do a static semantic pass and label the result as static evidence.
|
|
87
|
+
2. Prefer native semantics before ARIA.
|
|
88
|
+
- A clickable `div`, `span`, `li`, `svg`, or `img` is suspicious when the intended control is a button or link.
|
|
89
|
+
- Use `<button type="button">` for actions and `<a href>` for navigation. Do not accept `role="button"` until the native element is proven impossible.
|
|
90
|
+
3. Separate links from buttons.
|
|
91
|
+
- Navigation, file downloads, external URLs, and section jumps are links.
|
|
92
|
+
- Saving, deleting, opening menus, toggling panels, submitting forms, and launching modals are buttons.
|
|
93
|
+
- Flag `href="#"`, `javascript:void(0)`, `preventDefault()` link fakery, and `<a onClick>` without a real `href`.
|
|
94
|
+
4. Audit `onClick` and keyboard parity.
|
|
95
|
+
- Pointer actions need keyboard access. Native buttons already cover focus, Enter, Space, disabled behavior, and form defaults.
|
|
96
|
+
- Custom widgets must define the key contract explicitly instead of sprinkling `tabIndex={0}` and hoping.
|
|
97
|
+
5. Audit tabindex.
|
|
98
|
+
- `tabIndex={0}` should be rare and tied to a real composite widget or programmatic focus need.
|
|
99
|
+
- `tabIndex={-1}` is for script focus targets such as error summaries or dialog headings.
|
|
100
|
+
- A positive tabindex almost always creates a fake tab order and should be removed or reported.
|
|
101
|
+
6. Preserve visible focus.
|
|
102
|
+
- Reject `outline: none`, global focus removal, and focus styles hidden under sticky headers, bottom bars, banners, or overlays.
|
|
103
|
+
- Prefer `:focus-visible` when mouse focus rings caused the team to remove focus indicators.
|
|
104
|
+
- Check that focused controls are not obscured by fixed or sticky content.
|
|
105
|
+
7. Review dialogs by focus flow.
|
|
106
|
+
- A dialog needs a name, initial focus, contained Tab movement, Escape or clear close behavior when appropriate, background inertness or equivalent blocking, and focus return to the opener.
|
|
107
|
+
- `role="dialog"` or `aria-modal="true"` alone is not enough.
|
|
108
|
+
8. Check icon-only controls.
|
|
109
|
+
- `<button><Icon /></button>` needs an accessible name such as an `aria-label` or associated visible text.
|
|
110
|
+
- If visible text already names the control, do not override it with a conflicting `aria-label`.
|
|
111
|
+
- The visible label should be included in the accessible name so speech input users can say what they see.
|
|
112
|
+
9. Validate label references.
|
|
113
|
+
- `aria-labelledby` and `aria-describedby` values must be element id references, not prose.
|
|
114
|
+
- Check that referenced ids exist, are unique, are not hidden incorrectly, and remain translated with the visible UI.
|
|
115
|
+
10. Audit hidden content.
|
|
116
|
+
- `aria-hidden="true"` on a parent hides all descendants from assistive technology; do not leave focusable buttons or links inside it.
|
|
117
|
+
- Distinguish `hidden`, `display: none`, `visibility: hidden`, visually hidden text, and `aria-hidden`.
|
|
118
|
+
- Offscreen or visually hidden content must not trap focus outside the visible viewport.
|
|
119
|
+
11. Review SVG and icon defaults.
|
|
120
|
+
- Decorative icons should usually be `aria-hidden="true"` and `focusable="false"`.
|
|
121
|
+
- Meaningful standalone icons need a name strategy.
|
|
122
|
+
- Avoid duplicate announcements such as icon title plus visible text reading the same word twice.
|
|
123
|
+
12. Review image alt by role.
|
|
124
|
+
- Informative images need concise useful text.
|
|
125
|
+
- Functional images inside links or buttons should describe the action or destination.
|
|
126
|
+
- Decorative images should use `alt=""`.
|
|
127
|
+
- Reject filler alt such as "image", "thumbnail", "icon", or raw filenames.
|
|
128
|
+
13. Review forms.
|
|
129
|
+
- Placeholder is not a label. Each input needs a durable label relationship unless a project-approved equivalent exists.
|
|
130
|
+
- Radio and checkbox groups need a group name, usually `fieldset` and `legend`.
|
|
131
|
+
- Instructions and errors should be programmatically connected to the relevant controls.
|
|
132
|
+
14. Review validation and submit failure.
|
|
133
|
+
- Errors need text, not only red borders or icons.
|
|
134
|
+
- Invalid controls should expose invalid state and error descriptions.
|
|
135
|
+
- After submit failure, move focus to an error summary or first invalid control when that best supports recovery, and do not steal focus during ordinary typing.
|
|
136
|
+
15. Announce important async status.
|
|
137
|
+
- Saving, saved, failed, cart updated, search results changed, zero results, upload progress, and background validation may need a `status`, `alert`, or live region pattern.
|
|
138
|
+
- Do not spam announcements for every minor rerender.
|
|
139
|
+
16. Review ARIA pattern widgets by keyboard contract.
|
|
140
|
+
- Menus, menu buttons, tabs, comboboxes, listboxes, tree views, grids, sliders, and custom selects need their pattern's role, state, focus, and key behavior together.
|
|
141
|
+
- Attributes without keyboard behavior create an accessibility-tree costume, not an accessible widget.
|
|
142
|
+
17. Challenge custom select and combobox work.
|
|
143
|
+
- Prefer native `<select>` unless search, async options, multi-select, rich option content, or a proven library requires custom behavior.
|
|
144
|
+
- Custom selects need mobile touch, keyboard, screen reader, IME, scroll, portal, and focus behavior checked together.
|
|
145
|
+
18. Check non-text contrast and target size.
|
|
146
|
+
- Focus rings, input borders, toggle states, chart lines, error icons, and meaningful graphics need sufficient contrast against adjacent colors.
|
|
147
|
+
- Pointer targets need a real clickable area, not just a visible icon size.
|
|
148
|
+
19. Provide non-drag alternatives.
|
|
149
|
+
- Sorting, sliders, map pins, uploads, and kanban moves cannot be drag-only when the product task can be exposed through buttons, numeric input, or single-pointer alternatives.
|
|
150
|
+
20. Treat automation as a floor.
|
|
151
|
+
- eslint accessibility rules, axe, Testing Library `getByRole`, and Playwright accessibility snapshots are useful smoke checks.
|
|
152
|
+
- They do not prove focus return, meaningful business labels, speech input label consistency, or human-understandable error recovery by themselves.
|
|
153
|
+
21. Report the evidence honestly.
|
|
154
|
+
- Separate static markup evidence, automated rule evidence, accessibility-tree evidence, keyboard walkthrough evidence, and manual screen-reader evidence.
|
|
155
|
+
- If a finding is based on code inspection only, say so and name the missing runtime proof.
|
|
156
|
+
|
|
157
|
+
<!-- mustflow-section: postconditions -->
|
|
158
|
+
## Postconditions
|
|
159
|
+
|
|
160
|
+
- Important controls have correct native semantics or a justified ARIA pattern with matching keyboard behavior.
|
|
161
|
+
- The accessibility tree exposes the intended role, accessible name, description, and state without fighting visible labels or translated text.
|
|
162
|
+
- Tab order, focus visibility, focus containment, focus return, hidden content, forms, errors, live regions, icons, images, custom widgets, contrast, target size, and drag alternatives are fixed, ruled out, or reported where relevant.
|
|
163
|
+
- Automated accessibility claims are not treated as full accessibility proof unless keyboard and assistive-technology behavior were also verified or explicitly marked as unverified.
|
|
164
|
+
|
|
165
|
+
<!-- mustflow-section: verification -->
|
|
166
|
+
## Verification
|
|
167
|
+
|
|
168
|
+
Use configured oneshot command intents when available:
|
|
169
|
+
|
|
170
|
+
- `changes_status`
|
|
171
|
+
- `changes_diff_summary`
|
|
172
|
+
- `lint`
|
|
173
|
+
- `build`
|
|
174
|
+
- `test_related`
|
|
175
|
+
- `test`
|
|
176
|
+
- `docs_validate_fast`
|
|
177
|
+
- `test_release`
|
|
178
|
+
- `mustflow_check`
|
|
179
|
+
|
|
180
|
+
Use the narrowest configured unit, component, accessibility, browser, build, docs, release, or mustflow intent that covers the changed accessibility contract. Use axe, Playwright accessibility snapshots, screen readers, browser DevTools, dev servers, or interactive keyboard walkthroughs only when they are configured one-shot intents or explicitly approved by the user.
|
|
181
|
+
|
|
182
|
+
<!-- mustflow-section: failure-handling -->
|
|
183
|
+
## Failure Handling
|
|
184
|
+
|
|
185
|
+
- If runtime accessibility-tree evidence is unavailable, report the missing evidence instead of claiming screen-reader safety.
|
|
186
|
+
- If native HTML can solve the interaction, prefer that before adding ARIA and custom keyboard code.
|
|
187
|
+
- If an ARIA pattern cannot be completed with the required keyboard and focus behavior, keep or restore the simpler native control and report the unsupported custom widget.
|
|
188
|
+
- If a fix changes product semantics, navigation behavior, form submission, or permission visibility, apply the relevant business, state, or security skill before continuing.
|
|
189
|
+
- If a configured test or build fails after an accessibility change, preserve the failing intent and output tail, then use `failure-triage` before broadening the fix.
|
|
190
|
+
- If verification requires unconfigured browser automation or manual screen-reader testing, stop at that boundary and report the skipped check.
|
|
191
|
+
|
|
192
|
+
<!-- mustflow-section: output-format -->
|
|
193
|
+
## Output Format
|
|
194
|
+
|
|
195
|
+
- Frontend accessibility surface reviewed
|
|
196
|
+
- Semantic, keyboard, focus, accessible-name, hidden-content, form, status-message, widget, contrast, target-size, and drag-alternative checks where relevant
|
|
197
|
+
- Accessibility tree or static semantic evidence level
|
|
198
|
+
- Findings, fixes, or recommendations
|
|
199
|
+
- Automated accessibility evidence and its limits
|
|
200
|
+
- Command intents run
|
|
201
|
+
- Skipped accessibility checks and reasons
|
|
202
|
+
- Remaining accessibility-tree risk
|
|
@@ -0,0 +1,202 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.frontend-localization-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: frontend-localization-review
|
|
9
|
+
description: Apply this skill when frontend UI, product copy, messages, metadata, notifications, exports, locale handling, formatting, sorting, search, SSR hydration, RTL behavior, or i18n tests are created, changed, reviewed, or reported and localization correctness must be checked beyond visible JSX text.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.frontend-localization-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Frontend Localization Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review frontend localization by tracing every user-visible string, locale-sensitive value, direction-sensitive layout choice, and exported text surface instead of only scanning visible JSX text.
|
|
33
|
+
|
|
34
|
+
The core question is: "Can the product say the right thing, in the right grammar, format, direction, tone, and channel for this user's language, region, currency, unit, and time zone?" A translated screen is not localized if placeholders, validation errors, file names, emails, metadata, numbers, dates, sort order, or fallback behavior still leak the source locale.
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- Frontend UI, product copy, forms, validation, error messages, empty states, toasts, dialogs, emails, push notifications, share text, exports, downloads, PDFs, CSVs, calendar invites, charts, canvas, SVG text, document titles, metadata, Open Graph, or SEO text are created, changed, reviewed, or reported.
|
|
40
|
+
- Code adds or changes translation keys, message catalogs, `t(...)`, ICU messages, placeholders, `aria-label`, `title`, `alt`, `meta` tags, Open Graph text, browser `confirm` text, chart labels, file names, copy-to-clipboard text, or backend error-code mapping.
|
|
41
|
+
- Code adds or changes date, time, relative-time, number, currency, percent, unit, plural, list, case, collation, search normalization, truncation, string length, or user-input parsing logic.
|
|
42
|
+
- UI needs to support long translated labels, pseudo localization, RTL or bidirectional text, locale-specific font fallback, language switching, server rendering, hydration, or client/server locale agreement.
|
|
43
|
+
- A review or final report claims a surface is translated, localization-safe, i18n-ready, RTL-ready, locale-aware, or global-ready.
|
|
44
|
+
|
|
45
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
46
|
+
## Do Not Use When
|
|
47
|
+
|
|
48
|
+
- The task is only hostile layout resilience from long translated text or RTL layout without translation, formatting, or locale-state risk; use `frontend-stress-layout-review` first and this skill only for localization semantics.
|
|
49
|
+
- The task is only accessibility names, labels, ARIA, keyboard, focus, or assistive-technology behavior; use `frontend-accessibility-tree-review` first and this skill only when translated names or visible-label consistency are involved.
|
|
50
|
+
- The task is only copy tone in one language with no locale, formatting, fallback, or translation-key surface.
|
|
51
|
+
- No user-visible text, locale-sensitive value, user-entered text, exported text, metadata, search, sort, SSR locale, or direction-sensitive behavior is affected.
|
|
52
|
+
- Verification would require an unconfigured pseudo-localization, screenshot, browser, or translation-management workflow. Report the missing localization evidence instead of inventing raw commands.
|
|
53
|
+
|
|
54
|
+
<!-- mustflow-section: required-inputs -->
|
|
55
|
+
## Required Inputs
|
|
56
|
+
|
|
57
|
+
- User goal, changed UI or text surface, current diff or target files, framework and i18n library signals, supported locale policy, and configured command intents.
|
|
58
|
+
- String exposure ledger: visible text, placeholders, labels, `aria-label`, `title`, `alt`, document title, metadata, Open Graph, toasts, validation, errors, empty states, confirm prompts, chart labels, SVG text, canvas text, clipboard text, download file names, emails, push notifications, exports, PDFs, CSV headers, and calendar invites.
|
|
59
|
+
- Message-shape ledger: full sentence keys, interpolation values, grammatical context, plural categories, zero case, Korean particles or other inflection needs, tone or formality, reusable key risks, and HTML or component interpolation.
|
|
60
|
+
- Format ledger: dates, times, relative times, time zones, calendars, numbers, currency, percent, units, measurement systems, list formatting, input parsing, and display versus storage values.
|
|
61
|
+
- Text-processing ledger: case conversion, search, sort, collation, accent handling, Unicode normalization, grapheme segmentation, truncation, ellipsis policy, and file or user name handling.
|
|
62
|
+
- Direction and layout ledger: RTL, bidirectional user content, `dir="auto"`, logical CSS properties, direction-sensitive icons, font fallback, line height, long translated labels, pseudo localization, and locale-specific screenshot coverage.
|
|
63
|
+
- Runtime locale ledger: language versus region versus currency versus time zone versus unit settings, fallback behavior, missing-key handling, server-rendered locale, client hydration locale, and backend error-code mapping.
|
|
64
|
+
- Evidence level: static string inventory, catalog diff, pseudo-localization evidence, locale snapshot evidence, configured tests, SSR hydration evidence, or missing evidence.
|
|
65
|
+
|
|
66
|
+
<!-- mustflow-section: preconditions -->
|
|
67
|
+
## Preconditions
|
|
68
|
+
|
|
69
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
70
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
71
|
+
- Existing local patterns for message catalogs, ICU syntax, locale routing, formatters, error-code mapping, pseudo localization, RTL support, and exported text have been searched before adding a new pattern.
|
|
72
|
+
- If localization changes affect layout, accessibility, payment, business rules, security, or API contracts, also apply the narrower matching skill for that boundary.
|
|
73
|
+
|
|
74
|
+
<!-- mustflow-section: allowed-edits -->
|
|
75
|
+
## Allowed Edits
|
|
76
|
+
|
|
77
|
+
- Move hardcoded user-visible strings into the project-approved message catalog or translation mechanism.
|
|
78
|
+
- Replace string concatenation and word-fragment assembly with full-sentence messages and named interpolation values.
|
|
79
|
+
- Add or correct plural, zero, context-specific, tone-specific, Korean particle, or inflection-safe messages when the project pattern supports them.
|
|
80
|
+
- Replace ad hoc date, time, number, currency, unit, list, sort, search, and segmentation logic with locale-aware helpers or existing project formatters.
|
|
81
|
+
- Add or refine RTL, `dir="auto"`, logical CSS property, pseudo-localization, locale screenshot, missing-key, backend error-code mapping, and export-text coverage where existing project patterns support them.
|
|
82
|
+
- Do not invent a translation-management system, rewrite all catalogs, install i18n packages, machine-translate production copy, or broaden product language policy beyond the changed surface.
|
|
83
|
+
|
|
84
|
+
<!-- mustflow-section: procedure -->
|
|
85
|
+
## Procedure
|
|
86
|
+
|
|
87
|
+
1. Build the string exposure ledger before editing.
|
|
88
|
+
- Include JSX text, `placeholder`, `aria-label`, `title`, `alt`, document title, metadata, Open Graph, toasts, validation, empty states, dialogs, browser `confirm`, chart labels, SVG `<text>`, canvas text, clipboard text, file names, emails, push notifications, exports, PDFs, CSV headers, and calendar invites.
|
|
89
|
+
- Treat "not on the screen" as still user-visible when the user can save, share, print, hear, search, preview, or receive it.
|
|
90
|
+
2. Check full-sentence translation units.
|
|
91
|
+
- Reject `t('hello') + name + t('welcome')`, translated word fragments, and grammar assembled in code.
|
|
92
|
+
- Use full messages with named interpolation values so translators can change word order and surrounding grammar.
|
|
93
|
+
3. Check context-specific wording.
|
|
94
|
+
- Do not reuse a generic key when the same source word means different things, such as file open, business open, and public status.
|
|
95
|
+
- Prefer keys that name the product context, user action, and destination surface rather than a short dictionary word.
|
|
96
|
+
4. Check destructive and action labels as complete phrases.
|
|
97
|
+
- Do not build labels like `Delete {item}` from separate translated parts when languages need different order, case, or particles.
|
|
98
|
+
- Use context-specific messages such as delete project, delete file, or delete account.
|
|
99
|
+
5. Check plural and zero cases.
|
|
100
|
+
- Do not model plural as only `count === 1`.
|
|
101
|
+
- Use ICU plural or the project's plural system for all supported locale categories.
|
|
102
|
+
- Give zero-result states their own UX wording when "0 items" would be awkward or misleading.
|
|
103
|
+
6. Check language-specific grammar traps.
|
|
104
|
+
- For Korean, review particles such as eun/neun, i/ga, eul/reul, and wa/gwa or avoid the particle with a safer sentence shape.
|
|
105
|
+
- For other languages, check case, gender, noun class, politeness, or inflection needs when dynamic values are inserted into prose.
|
|
106
|
+
7. Check tone and formality inside one flow.
|
|
107
|
+
- Compare adjacent labels, confirmations, validation messages, empty states, and recovery actions.
|
|
108
|
+
- A flow that mixes formal and casual voice should be fixed or reported as product-language drift.
|
|
109
|
+
8. Check date, time, and relative-time formatting.
|
|
110
|
+
- Reject manual assembly such as `year + '.' + month + '.' + day`.
|
|
111
|
+
- Use locale-aware formatters and confirm whether the user's time zone, server time zone, and stored instant can shift deadlines, bookings, billing dates, or "yesterday" labels.
|
|
112
|
+
- Treat `new Date()` in render paths, server-rendered relative time, and client hydration time as mismatch risks.
|
|
113
|
+
9. Check numbers, currency, percent, and units.
|
|
114
|
+
- Do not rely on comma insertion, fixed decimal assumptions, or locale-agnostic `Number(input)` parsing.
|
|
115
|
+
- Separate display format from canonical stored value.
|
|
116
|
+
- Keep language, region, currency, time zone, and measurement unit as separate settings unless the product has an explicit rule tying them together.
|
|
117
|
+
10. Check collation, search, and normalization.
|
|
118
|
+
- Do not trust default `sort()`, raw `localeCompare` without locale intent, or plain `toLowerCase()` for user-facing search and sort.
|
|
119
|
+
- Use locale-aware collation where order matters.
|
|
120
|
+
- Normalize Unicode when comparing user names, filenames, tags, search queries, accents, combining characters, or Hangul variants.
|
|
121
|
+
11. Check grapheme-safe length, truncation, and ellipsis.
|
|
122
|
+
- Do not use `.length` and `slice(0, n)` when user-visible text may contain emoji, flags, skin tones, combining marks, or complex scripts.
|
|
123
|
+
- Use grapheme-aware segmentation or existing utilities.
|
|
124
|
+
- Choose ellipsis by content meaning: paths may need middle truncation, names may need enough disambiguating text, and amounts should not be truncated.
|
|
125
|
+
12. Check RTL and bidirectional text.
|
|
126
|
+
- Replace physical `left` and `right` assumptions with logical `start`, `end`, `inline-start`, and `inline-end` where direction depends on language.
|
|
127
|
+
- Use `dir="auto"` for user-generated names, comments, reviews, addresses, chat, and profile text when direction may differ from the UI locale.
|
|
128
|
+
- Do not mirror all icons blindly. Back, next, drawer, and carousel direction may flip; play, download, clock, and brand icons usually should not.
|
|
129
|
+
13. Check translated layout resilience.
|
|
130
|
+
- Long German, French, Vietnamese, Arabic, pseudo-localized, and compact CJK labels need real fixtures.
|
|
131
|
+
- Fixed-width buttons, tabs, table headers, modal titles, `white-space: nowrap`, and fixed-height rows should be routed to `frontend-stress-layout-review` when geometry changes are needed.
|
|
132
|
+
14. Check font fallback.
|
|
133
|
+
- CJK, Thai, Arabic, Hindi, and emoji may need safe fallback fonts, line-height tolerance, and real glyph coverage.
|
|
134
|
+
- Watch icon fonts, fake bold, missing weights, and square tofu glyphs.
|
|
135
|
+
15. Check pseudo localization and locale snapshots.
|
|
136
|
+
- Prefer pseudo localization for hardcoded strings, missing keys, broken interpolation, glyph support, and expansion stress before real translations arrive.
|
|
137
|
+
- For high-trust flows, compare at least a long-language locale, an RTL locale, and a dense CJK or Japanese-style locale when the project has such coverage.
|
|
138
|
+
16. Check SSR and hydration locale agreement.
|
|
139
|
+
- Server and client must receive compatible locale, time zone, messages, and formatter inputs.
|
|
140
|
+
- Default-language server output followed by client language switching can cause flicker, hydration mismatch, SEO drift, and different date or number text on first render.
|
|
141
|
+
17. Check fallback and missing-key behavior.
|
|
142
|
+
- In development, missing keys should be loud enough to catch.
|
|
143
|
+
- In production, fallback should protect the user while logs, metrics, or diagnostics make the missing translation visible to maintainers.
|
|
144
|
+
- Do not treat silent English fallback as a successful localization state.
|
|
145
|
+
18. Check HTML and rich text in translations.
|
|
146
|
+
- Do not let translators edit raw HTML when component interpolation can preserve link, emphasis, and accessibility structure safely.
|
|
147
|
+
- Links and emphasis inside a sentence must be movable by locale without exposing XSS, broken tags, or fixed English word order.
|
|
148
|
+
19. Check backend error message boundaries.
|
|
149
|
+
- Do not show raw backend prose such as "Invalid password" directly in localized UI.
|
|
150
|
+
- Prefer stable error codes mapped to localized frontend messages, with safe fallback for unknown codes.
|
|
151
|
+
20. Check export, share, and notification surfaces.
|
|
152
|
+
- Confirm CSV headers, PDF receipts, downloaded file names, email subjects, email bodies, push notifications, share text, clipboard output, printed output, and calendar invites follow the same language and formatting policy as the screen.
|
|
153
|
+
21. Report evidence by surface.
|
|
154
|
+
- Separate string-inventory evidence, catalog evidence, formatter evidence, pseudo-localization evidence, screenshot evidence, SSR evidence, and export or notification evidence.
|
|
155
|
+
- If a claim is static-only, say which runtime locale, time zone, RTL, pseudo-localization, or export proof is missing.
|
|
156
|
+
|
|
157
|
+
<!-- mustflow-section: postconditions -->
|
|
158
|
+
## Postconditions
|
|
159
|
+
|
|
160
|
+
- User-visible strings across screen, metadata, notifications, exports, downloads, and assistive labels are either localized, intentionally excluded, or reported.
|
|
161
|
+
- Messages use full translation units, named interpolation, contextual keys, plural and zero handling, tone consistency, and grammar-safe dynamic values where relevant.
|
|
162
|
+
- Dates, times, numbers, currencies, units, search, sort, case conversion, Unicode normalization, grapheme length, truncation, RTL, bidi text, font fallback, SSR locale, fallback, backend errors, and rich text are fixed, ruled out, or reported where relevant.
|
|
163
|
+
- Localization readiness claims distinguish static catalog evidence from pseudo-localization, locale snapshot, SSR, runtime formatter, and export evidence.
|
|
164
|
+
|
|
165
|
+
<!-- mustflow-section: verification -->
|
|
166
|
+
## Verification
|
|
167
|
+
|
|
168
|
+
Use configured oneshot command intents when available:
|
|
169
|
+
|
|
170
|
+
- `changes_status`
|
|
171
|
+
- `changes_diff_summary`
|
|
172
|
+
- `lint`
|
|
173
|
+
- `build`
|
|
174
|
+
- `test_related`
|
|
175
|
+
- `test`
|
|
176
|
+
- `docs_validate_fast`
|
|
177
|
+
- `test_release`
|
|
178
|
+
- `mustflow_check`
|
|
179
|
+
|
|
180
|
+
Use the narrowest configured unit, component, i18n, screenshot, build, docs, release, or mustflow intent that covers the changed localization contract. Use pseudo-localization, browser screenshots, translation-management checks, SSR render checks, or export generation only when they are configured one-shot intents or explicitly approved by the user.
|
|
181
|
+
|
|
182
|
+
<!-- mustflow-section: failure-handling -->
|
|
183
|
+
## Failure Handling
|
|
184
|
+
|
|
185
|
+
- If a string surface cannot be enumerated, report the missing exposure ledger before claiming localization coverage.
|
|
186
|
+
- If the project has no plural, formatter, collation, segmentation, pseudo-localization, or missing-key pattern, preserve existing behavior and report the missing project contract instead of inventing a broad framework.
|
|
187
|
+
- If language, region, currency, time zone, or unit settings are conflated, avoid patching one locale branch only; report the model issue or make the smallest local split required by the changed surface.
|
|
188
|
+
- If translation changes alter accessibility names, focus recovery, layout geometry, payment meaning, legal copy, or security-sensitive messaging, apply the matching skill before continuing that part.
|
|
189
|
+
- If a configured test or build fails after a localization change, preserve the failing intent and output tail, then use `failure-triage` before broadening the fix.
|
|
190
|
+
- If verification requires unconfigured browser, pseudo-localization, screenshot, SSR, export, or translation-management tooling, stop at that boundary and report the skipped check.
|
|
191
|
+
|
|
192
|
+
<!-- mustflow-section: output-format -->
|
|
193
|
+
## Output Format
|
|
194
|
+
|
|
195
|
+
- Frontend localization surface reviewed
|
|
196
|
+
- String exposure ledger
|
|
197
|
+
- Message-shape, plural, zero, grammar, tone, formatter, search, sort, normalization, segmentation, RTL, bidi, font, SSR, fallback, backend-error, rich-text, export, share, and notification checks where relevant
|
|
198
|
+
- Localization fixes or recommendations
|
|
199
|
+
- Evidence level: static inventory, catalog, configured test, pseudo-localization, screenshot, SSR, export, manual-only, missing, or not applicable
|
|
200
|
+
- Command intents run
|
|
201
|
+
- Skipped localization checks and reasons
|
|
202
|
+
- Remaining localization risk
|
package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md
ADDED
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.frontend-state-ownership-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: frontend-state-ownership-review
|
|
9
|
+
description: Apply this skill when frontend code is created, changed, reviewed, or reported and state ownership, duplicated state, derived state, server-cache copying, URL state, form drafts, optimistic updates, request races, query keys, context rerenders, persisted client state, SSR hydration, or external subscriptions can make the UI show stale, contradictory, or silently overwritten values.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.frontend-state-ownership-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Frontend State Ownership Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review frontend state by asking who owns each fact, not which state library is fashionable.
|
|
33
|
+
|
|
34
|
+
The core question is: "Can the same value live in two places and drift?" If yes, the UI can render a lie. Make one source authoritative, derive the rest, and keep server cache, URL state, local drafts, global app context, and external subscriptions from pretending to be the same thing.
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- Frontend code is created, changed, reviewed, or reported and the risk is stale, duplicated, contradictory, over-lifted, under-lifted, or race-prone state.
|
|
40
|
+
- React, Vue, Svelte, Solid, Angular, TanStack Query, Redux, Zustand, Jotai, MobX, Apollo, SWR, router state, form state, local storage, session storage, IndexedDB, context providers, or external stores hold data that could also exist in props, component state, server cache, URL params, or derived selectors.
|
|
41
|
+
- Code introduces or changes `useState(props...)`, derived values in state, boolean loading or mode clusters, selected objects, query keys, invalidation rules, optimistic updates, request cancellation, context values, persisted client stores, SSR hydration branches, or `useSyncExternalStore`-style subscriptions.
|
|
42
|
+
- A review claims the state is safe because it uses a popular library, is "just UI state", is copied only once, has an effect to keep it synced, or currently has small data.
|
|
43
|
+
|
|
44
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
45
|
+
## Do Not Use When
|
|
46
|
+
|
|
47
|
+
- The task only models impossible domain states in type shapes; use `type-state-modeling-review` first and this skill only when frontend ownership or synchronization is also at risk.
|
|
48
|
+
- The task only reviews cache correctness outside frontend client state; use `cache-integrity-review` first and this skill only for client-side server-cache copies, query keys, stale rendering, or invalidation UI effects.
|
|
49
|
+
- The task only reviews render timing, LCP, CLS, INP, hydration flash, or frame jank; use the matching frontend performance or render-stability skill first and this skill only when state ownership causes the symptom.
|
|
50
|
+
- The task is a purely visual or copy-only UI change with no state, data, routing, form, cache, or subscription behavior.
|
|
51
|
+
- The framework or library owns the state contract and no project code creates, copies, derives, persists, or mutates the value; report that this skill does not apply instead of inventing state risk.
|
|
52
|
+
|
|
53
|
+
<!-- mustflow-section: required-inputs -->
|
|
54
|
+
## Required Inputs
|
|
55
|
+
|
|
56
|
+
- User goal, current diff or target files, framework and state-library signals, and configured command intents.
|
|
57
|
+
- State owner ledger: each state value, authoritative owner, copies, readers, mutators, reset path, persistence path, and rollback path.
|
|
58
|
+
- State class map: server data, URL-owned state, local UI state, form draft, global app context, derived selector value, persisted client state, and external subscription state.
|
|
59
|
+
- Synchronization surfaces: props-to-state initialization, effects that set state, query keys, invalidation, optimistic update, request cancellation, router params, context providers, storage hydration, and external store subscriptions.
|
|
60
|
+
- Identity and collection surfaces: selected IDs versus selected objects, list keys, index keys, object replacement rules, normalized entities, selectors, memoized context values, and row or item local state.
|
|
61
|
+
- Evidence level: static diff evidence, focused test evidence, browser or component verification, missing route or interaction evidence, and any unverified state combinations.
|
|
62
|
+
|
|
63
|
+
<!-- mustflow-section: preconditions -->
|
|
64
|
+
## Preconditions
|
|
65
|
+
|
|
66
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
67
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
|
|
68
|
+
- Existing local patterns for server data, router state, form drafts, selectors, context providers, global stores, optimistic updates, and cancellation have been searched before adding a new state pattern.
|
|
69
|
+
- If state crosses API, database, security, payment, cache, concurrency, or public JSON boundaries, also apply the narrower matching skill for that boundary.
|
|
70
|
+
|
|
71
|
+
<!-- mustflow-section: allowed-edits -->
|
|
72
|
+
## Allowed Edits
|
|
73
|
+
|
|
74
|
+
- Remove duplicated state by deriving values during render, through selectors, or through memoized pure helpers when cost justifies memoization.
|
|
75
|
+
- Move state to the nearest owner that matches the user interaction, route, form draft, server cache, or global app context.
|
|
76
|
+
- Replace contradictory boolean flags with one status, mode, or discriminated union when the UI can otherwise express impossible combinations.
|
|
77
|
+
- Store stable identifiers such as `selectedId` instead of selected objects when the canonical entity lives in server cache, normalized state, or parent data.
|
|
78
|
+
- Keep TanStack Query, SWR, Apollo, or router-owned server and URL data in their owners; do not copy them into Redux, Zustand, or component state without a deliberate draft, snapshot, or offline reason.
|
|
79
|
+
- Add or refine query keys, invalidation scope, request cancellation, optimistic rollback, reset keys, selectors, context splitting, memoized provider values, persisted-state versioning, hydration guards, and external subscription wrappers.
|
|
80
|
+
- Add focused tests for stale request ordering, query-key changes, invalidation scope, optimistic rollback, reset behavior, impossible status combinations, and form draft isolation when existing test patterns support them.
|
|
81
|
+
- Do not migrate state libraries, introduce a global store, normalize all entities, or add broad state architecture unless the current ownership problem requires it.
|
|
82
|
+
|
|
83
|
+
<!-- mustflow-section: procedure -->
|
|
84
|
+
## Procedure
|
|
85
|
+
|
|
86
|
+
1. Build a State owner ledger before changing code.
|
|
87
|
+
- For each important value, name the single owner, every copy, every reader, every mutator, reset rules, persistence rules, rollback rules, and whether the value is original or derived.
|
|
88
|
+
- Classify each value as server data, URL-owned state, local UI state, form draft, global app context, derived selector value, persisted client state, or external subscription state.
|
|
89
|
+
2. Hunt props-to-state copies.
|
|
90
|
+
- Treat `useState(props` or equivalent initializers as suspicious unless the value is a deliberate draft, snapshot, uncontrolled initial value, or reset-by-key state.
|
|
91
|
+
- If props should remain live, read props directly or lift the owner; if a draft is intended, name the commit, cancel, and reset behavior.
|
|
92
|
+
3. Remove derived values from mutable state.
|
|
93
|
+
- Values such as `fullName`, `totalPrice`, `filteredItems`, `isAllChecked`, counts, sorted lists, permissions, and display labels should usually be derived from source facts.
|
|
94
|
+
- Do not use `useEffect(() => setX(...), [y])` for render-derived state unless the effect synchronizes with an external system.
|
|
95
|
+
- Watch for effect-derived one-render lag, dependency suppression, and duplicate business logic in components.
|
|
96
|
+
4. Replace contradictory status and mode state.
|
|
97
|
+
- Flag `isLoading`, `isSuccess`, `isError`, `isSaving`, `isDirty`, `isModalOpen`, `isEdit`, and similar clusters when one lifecycle or mode can express impossible combinations.
|
|
98
|
+
- Prefer one `status`, `mode`, state machine, or discriminated union with fields required only for that state.
|
|
99
|
+
- Update grouped state together through one action when partial updates can tear the invariant.
|
|
100
|
+
5. Keep server data in server-data owners.
|
|
101
|
+
- Do not copy TanStack Query, SWR, Apollo, loader data, or RSC data into global stores or component state just to make it convenient.
|
|
102
|
+
- Use selectors, query cache reads, or a deliberate form draft instead of cache-as-Redux duplication.
|
|
103
|
+
- Ensure the query key includes every condition that changes the result, including tenant, user, filters, sort, page, search, locale, feature flags, and auth-dependent scope.
|
|
104
|
+
6. Keep URL-owned state in the URL.
|
|
105
|
+
- Filters, tabs, sort, page, search terms, selected route IDs, and shareable view state usually belong in route params or query params.
|
|
106
|
+
- Avoid a second store copy unless the UI has an explicit unsaved draft or debounced input contract.
|
|
107
|
+
7. Review form drafts separately from saved entities.
|
|
108
|
+
- A form draft may copy initial data, but it needs explicit reset, dirty, submit, cancel, conflict, and post-save behavior.
|
|
109
|
+
- Do not let live server refetches silently overwrite user edits unless the product contract says so and the UI exposes it.
|
|
110
|
+
8. Store identifiers, not stale objects.
|
|
111
|
+
- Prefer `selectedId` plus a lookup into the current collection, cache, or normalized entity map.
|
|
112
|
+
- Recheck index keys when row components have local state; index keys can move state to the wrong item after insert, delete, sort, or filter.
|
|
113
|
+
9. Review mutations and optimistic updates.
|
|
114
|
+
- Each optimistic update needs rollback, duplicate-submit behavior, disabled or queued actions, failed retry behavior, and invalidation scope.
|
|
115
|
+
- Mutation invalidation should refresh the smallest true data surface without leaving related lists, detail pages, badges, totals, or permissions stale.
|
|
116
|
+
10. Review request races.
|
|
117
|
+
- Search, filter, autocomplete, pagination, tab changes, and route changes need AbortController, request IDs, library cancellation, or query-key ownership so older responses cannot overwrite newer state.
|
|
118
|
+
- Do not accept "last promise wins" unless the library contract proves stale results are ignored.
|
|
119
|
+
11. Review actions and setter exposure.
|
|
120
|
+
- Avoid exporting raw setters through context or stores when callers need domain intent such as `selectProject`, `applyFilters`, `resetDraft`, or `markSaved`.
|
|
121
|
+
- Repeated reset calls, scattered business logic, and component-local policy branches should move to an action, selector, or custom hook with one owner.
|
|
122
|
+
12. Review Context and subscription precision.
|
|
123
|
+
- Context value identity must be stable when consumers are broad; memoize values or split read and write contexts when needed.
|
|
124
|
+
- Context is not a precise subscription store; high-churn or large stores need selector-based subscriptions or a proper external store.
|
|
125
|
+
- Browser or external subscriptions should use `useSyncExternalStore` or the framework's equivalent so SSR and hydration see a consistent snapshot.
|
|
126
|
+
13. Review state height.
|
|
127
|
+
- State too high turns the root into a trash can and rerenders unrelated consumers.
|
|
128
|
+
- State too low forces sibling synchronization, event buses, prop-drilling hacks, or duplicated URL and cache state.
|
|
129
|
+
- Move ownership to the nearest common owner that also owns the user action.
|
|
130
|
+
14. Review reset and persistence.
|
|
131
|
+
- Use `key` resets when component identity should reset local state after route, entity, or draft identity changes.
|
|
132
|
+
- Persisted stores need serializable values, schema versioning, migrations, storage availability handling, logout or tenant reset, and cross-tab behavior when relevant.
|
|
133
|
+
- Avoid storing functions, class instances, promises, DOM nodes, dates without encoding policy, or query cache snapshots in persisted client state.
|
|
134
|
+
15. Report the evidence level honestly.
|
|
135
|
+
- Distinguish static risk from tested behavior, browser-observed behavior, and unverified state combinations.
|
|
136
|
+
- If a state owner is unknown, report the missing owner instead of papering over it with another copy or effect.
|
|
137
|
+
|
|
138
|
+
<!-- mustflow-section: postconditions -->
|
|
139
|
+
## Postconditions
|
|
140
|
+
|
|
141
|
+
- Each important frontend value has one named owner, and copies are either removed, derived, or justified as drafts, snapshots, optimistic entries, persisted state, or external subscription snapshots.
|
|
142
|
+
- Server data, URL-owned state, local UI state, form drafts, global app context, derived selector values, persisted client state, and external subscriptions do not silently overwrite each other.
|
|
143
|
+
- Query keys, invalidation, optimistic rollback, request race handling, context value identity, list keys, reset behavior, and hydration/subscription contracts are checked where relevant.
|
|
144
|
+
- Raw setters, repeated reset logic, and duplicated component business logic are removed or reported when they make state ownership unclear.
|
|
145
|
+
- Focused tests or verification evidence cover the changed state boundary when configured.
|
|
146
|
+
|
|
147
|
+
<!-- mustflow-section: verification -->
|
|
148
|
+
## Verification
|
|
149
|
+
|
|
150
|
+
Use configured oneshot command intents when available:
|
|
151
|
+
|
|
152
|
+
- `changes_status`
|
|
153
|
+
- `changes_diff_summary`
|
|
154
|
+
- `lint`
|
|
155
|
+
- `build`
|
|
156
|
+
- `test_related`
|
|
157
|
+
- `test`
|
|
158
|
+
- `docs_validate_fast`
|
|
159
|
+
- `test_release`
|
|
160
|
+
- `mustflow_check`
|
|
161
|
+
|
|
162
|
+
Use the narrowest configured frontend, unit, component, integration, docs, release, or mustflow intent that covers the changed state boundary. Do not infer raw package-manager, dev-server, browser, or watcher commands outside the command contract.
|
|
163
|
+
|
|
164
|
+
<!-- mustflow-section: failure-handling -->
|
|
165
|
+
## Failure Handling
|
|
166
|
+
|
|
167
|
+
- If the owner of a state value cannot be named, stop adding synchronization and report the missing ownership decision.
|
|
168
|
+
- If a proposed fix requires a library migration, normalize only the current owner boundary first and report the broader migration as separate work.
|
|
169
|
+
- If a query-key or invalidation fix exposes backend/API ambiguity, apply the relevant API, cache, database, or security skill before pretending the client can infer correctness.
|
|
170
|
+
- If a test failure reveals stale request ordering, optimistic rollback, hydration, or context rerender risk, preserve the failing scenario and fix the ownership or synchronization boundary before broad refactors.
|
|
171
|
+
- If configured verification is missing, report the missing intent instead of inventing raw frontend commands.
|
|
172
|
+
|
|
173
|
+
<!-- mustflow-section: output-format -->
|
|
174
|
+
## Output Format
|
|
175
|
+
|
|
176
|
+
- Frontend state surface reviewed
|
|
177
|
+
- State owner ledger and state class map
|
|
178
|
+
- Duplicated, derived, contradictory, over-lifted, under-lifted, server-cache, URL, form draft, optimistic, request race, query key, invalidation, Context value, raw setter, index key, reset, persisted state, SSR hydration, and external subscription checks where relevant
|
|
179
|
+
- State ownership, derivation, action, selector, query-key, invalidation, cancellation, rollback, context, persistence, reset, or subscription changes made or recommended
|
|
180
|
+
- Tests or verification evidence
|
|
181
|
+
- Command intents run
|
|
182
|
+
- Skipped frontend checks and reasons
|
|
183
|
+
- Remaining state-ownership risk
|