mustflow 2.39.1 → 2.58.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (94) hide show
  1. package/dist/cli/commands/run/executor.js +16 -0
  2. package/dist/cli/commands/run/process-tree.js +6 -3
  3. package/dist/cli/commands/tech.js +60 -4
  4. package/dist/cli/commands/verify.js +3 -1
  5. package/dist/cli/lib/git-changes.js +11 -1
  6. package/dist/cli/lib/i18n.js +1 -1
  7. package/dist/cli/lib/local-index/index.js +8 -4
  8. package/dist/cli/lib/local-index/populate.js +17 -3
  9. package/dist/cli/lib/local-index/search-read-model.js +9 -7
  10. package/dist/cli/lib/local-index/search-text.js +2 -2
  11. package/dist/cli/lib/local-index/workflow-documents.js +17 -2
  12. package/dist/cli/lib/mustflow-read.js +14 -2
  13. package/dist/cli/lib/npm-version-check.js +36 -0
  14. package/dist/cli/lib/repo-map.js +16 -3
  15. package/dist/cli/lib/templates.js +8 -7
  16. package/dist/cli/lib/validation/constants.js +1 -1
  17. package/dist/core/active-run-locks.js +78 -20
  18. package/dist/core/change-classification.js +4 -0
  19. package/dist/core/command-contract-rules.js +1 -1
  20. package/dist/core/command-contract-validation.js +1 -1
  21. package/dist/core/command-cwd.js +13 -2
  22. package/dist/core/command-effects.js +22 -4
  23. package/dist/core/command-env.js +8 -6
  24. package/dist/core/command-preconditions.js +28 -2
  25. package/dist/core/completion-verdict.js +1 -1
  26. package/dist/core/line-endings.js +8 -4
  27. package/dist/core/safe-filesystem.js +9 -1
  28. package/dist/core/source-anchor-validation.js +7 -1
  29. package/dist/core/source-anchors.js +8 -2
  30. package/dist/core/verification-scheduler.js +8 -2
  31. package/package.json +1 -1
  32. package/templates/default/i18n.toml +330 -1
  33. package/templates/default/locales/en/.mustflow/skills/INDEX.md +302 -5
  34. package/templates/default/locales/en/.mustflow/skills/agent-eval-integrity-review/SKILL.md +160 -0
  35. package/templates/default/locales/en/.mustflow/skills/agent-execution-control-review/SKILL.md +163 -0
  36. package/templates/default/locales/en/.mustflow/skills/ai-generated-code-hardening/SKILL.md +49 -13
  37. package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +298 -0
  38. package/templates/default/locales/en/.mustflow/skills/api-misuse-resistance-review/SKILL.md +297 -0
  39. package/templates/default/locales/en/.mustflow/skills/api-request-performance-review/SKILL.md +189 -0
  40. package/templates/default/locales/en/.mustflow/skills/app-startup-performance-review/SKILL.md +309 -0
  41. package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +213 -0
  42. package/templates/default/locales/en/.mustflow/skills/business-rule-leakage-review/SKILL.md +295 -0
  43. package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +291 -0
  44. package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +297 -0
  45. package/templates/default/locales/en/.mustflow/skills/client-bundle-pruning-review/SKILL.md +160 -0
  46. package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +321 -0
  47. package/templates/default/locales/en/.mustflow/skills/concurrency-invariant-review/SKILL.md +193 -0
  48. package/templates/default/locales/en/.mustflow/skills/core-web-vitals-field-review/SKILL.md +161 -0
  49. package/templates/default/locales/en/.mustflow/skills/credit-ledger-integrity-review/SKILL.md +156 -0
  50. package/templates/default/locales/en/.mustflow/skills/database-json-modeling-review/SKILL.md +171 -0
  51. package/templates/default/locales/en/.mustflow/skills/database-lock-contention-review/SKILL.md +192 -0
  52. package/templates/default/locales/en/.mustflow/skills/database-migration-change/SKILL.md +76 -34
  53. package/templates/default/locales/en/.mustflow/skills/database-query-bottleneck-review/SKILL.md +194 -0
  54. package/templates/default/locales/en/.mustflow/skills/deletion-lifecycle-review/SKILL.md +171 -0
  55. package/templates/default/locales/en/.mustflow/skills/deployment-rollout-safety-review/SKILL.md +321 -0
  56. package/templates/default/locales/en/.mustflow/skills/desktop-auto-update-safety-review/SKILL.md +265 -0
  57. package/templates/default/locales/en/.mustflow/skills/desktop-background-process-stability-review/SKILL.md +318 -0
  58. package/templates/default/locales/en/.mustflow/skills/desktop-memory-footprint-review/SKILL.md +318 -0
  59. package/templates/default/locales/en/.mustflow/skills/error-message-integrity-review/SKILL.md +283 -0
  60. package/templates/default/locales/en/.mustflow/skills/failure-integrity-review/SKILL.md +193 -0
  61. package/templates/default/locales/en/.mustflow/skills/file-upload-security-review/SKILL.md +305 -0
  62. package/templates/default/locales/en/.mustflow/skills/frame-render-performance-review/SKILL.md +159 -0
  63. package/templates/default/locales/en/.mustflow/skills/frontend-accessibility-tree-review/SKILL.md +202 -0
  64. package/templates/default/locales/en/.mustflow/skills/frontend-localization-review/SKILL.md +202 -0
  65. package/templates/default/locales/en/.mustflow/skills/frontend-state-ownership-review/SKILL.md +183 -0
  66. package/templates/default/locales/en/.mustflow/skills/frontend-stress-layout-review/SKILL.md +193 -0
  67. package/templates/default/locales/en/.mustflow/skills/hot-path-performance-review/SKILL.md +159 -0
  68. package/templates/default/locales/en/.mustflow/skills/idempotency-integrity-review/SKILL.md +195 -0
  69. package/templates/default/locales/en/.mustflow/skills/image-delivery-performance-review/SKILL.md +161 -0
  70. package/templates/default/locales/en/.mustflow/skills/incident-triage-review/SKILL.md +185 -0
  71. package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +155 -0
  72. package/templates/default/locales/en/.mustflow/skills/llm-response-latency-review/SKILL.md +155 -0
  73. package/templates/default/locales/en/.mustflow/skills/llm-service-ux-review/SKILL.md +2 -0
  74. package/templates/default/locales/en/.mustflow/skills/llm-token-cost-control-review/SKILL.md +155 -0
  75. package/templates/default/locales/en/.mustflow/skills/low-end-device-support-review/SKILL.md +340 -0
  76. package/templates/default/locales/en/.mustflow/skills/memory-lifetime-review/SKILL.md +169 -0
  77. package/templates/default/locales/en/.mustflow/skills/mobile-energy-efficiency-review/SKILL.md +329 -0
  78. package/templates/default/locales/en/.mustflow/skills/module-boundary-review/SKILL.md +278 -0
  79. package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +1 -0
  80. package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +208 -0
  81. package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +155 -0
  82. package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +158 -0
  83. package/templates/default/locales/en/.mustflow/skills/quadratic-scan-review/SKILL.md +155 -0
  84. package/templates/default/locales/en/.mustflow/skills/queue-processing-integrity-review/SKILL.md +193 -0
  85. package/templates/default/locales/en/.mustflow/skills/race-condition-review/SKILL.md +188 -0
  86. package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +344 -0
  87. package/templates/default/locales/en/.mustflow/skills/retry-policy-integrity-review/SKILL.md +195 -0
  88. package/templates/default/locales/en/.mustflow/skills/routes.toml +330 -0
  89. package/templates/default/locales/en/.mustflow/skills/security-flow-review/SKILL.md +279 -0
  90. package/templates/default/locales/en/.mustflow/skills/testability-boundary-review/SKILL.md +295 -0
  91. package/templates/default/locales/en/.mustflow/skills/transaction-boundary-integrity-review/SKILL.md +196 -0
  92. package/templates/default/locales/en/.mustflow/skills/type-state-modeling-review/SKILL.md +179 -0
  93. package/templates/default/locales/en/.mustflow/skills/web-render-performance-review/SKILL.md +164 -0
  94. package/templates/default/manifest.toml +386 -1
@@ -0,0 +1,189 @@
1
+ ---
2
+ mustflow_doc: skill.api-request-performance-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: api-request-performance-review
9
+ description: Apply this skill when API endpoints, handlers, controllers, resolvers, serializers, mappers, service methods, or route-level request paths are created, changed, reviewed, or reported and the main latency risk is repeated work inside one request, including per-request I/O counts, DB or ORM fan-out, Redis fan-out, external API calls, transaction scope, pool acquire wait, cache miss paths, serialization, response size, request-path CPU work, or missing trace evidence.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.api-request-performance-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # API Request Performance Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Review API latency as repeated work inside one request, not as a search for an ugly slow function.
33
+
34
+ The core question is: "For one request, how many times do we repeat the same I/O, data fetch, serialization, lock wait, transaction wait, or CPU-heavy operation before sending the response?"
35
+
36
+ <!-- mustflow-section: use-when -->
37
+ ## Use When
38
+
39
+ - An API endpoint, handler, controller, route, resolver, serializer, mapper, service method, middleware, webhook receiver, backend-for-frontend path, admin API, or request-scoped worker path is created, changed, reviewed, or reported.
40
+ - The likely risk is per-request I/O, DB query count, ORM lazy loading, Redis fan-out, external API calls, filesystem reads, transaction scope, pool acquire wait, cache miss behavior, JSON serialization, response bytes, DTO mapping, compression, crypto, image/file processing, or missing spans.
41
+ - Code or docs claim an API path is fast, paginated, cached, batched, preloaded, streaming, bounded, safe at p95 or p99, or protected by instrumentation.
42
+ - A route-level performance finding needs a request cost ledger before a broader performance-budget, load-test, database-plan, or profiling project.
43
+
44
+ <!-- mustflow-section: do-not-use-when -->
45
+ ## Do Not Use When
46
+
47
+ - The task is a general hot-path review without an API request boundary; use `hot-path-performance-review`.
48
+ - The task is only database query shape, migration safety, or engine-specific query tuning with no route-level request path; use `database-query-bottleneck-review` or the matching database skill.
49
+ - The task is primarily cache correctness, stale data spread, permission leakage, or invalidation order; use `cache-integrity-review`.
50
+ - The task is primarily reliability, retry, timeout, queue, health-check, or operational failure handling rather than per-request latency; use `backend-reliability-change`.
51
+ - The task is a full measurement, benchmark, production profiling, load-test, service-level objective, or p95/p99 performance-budget project; use `performance-budget-check` as the main route.
52
+ - The route-level request path is slow mainly because of LLM response latency, time to first token, first useful output, streaming, LLM round trips, tool-call wait, prompt-cache latency, model routing speed, realtime continuation, priority tier, or predicted-output behavior; use `llm-response-latency-review`.
53
+ - The API path is explicitly tiny, hard-capped, offline-only, or manual-only and the bounded request size is documented.
54
+
55
+ <!-- mustflow-section: required-inputs -->
56
+ ## Required Inputs
57
+
58
+ - Request path: endpoint, route, handler, controller, resolver, serializer, mapper, middleware, service method, response builder, and downstream calls under review.
59
+ - Request cost ledger inputs: route span, DB query count, Redis call count, external API call count, filesystem or object-storage calls, payload size, response bytes, JSON serialization time, DTO mapping time, cache hit or miss, queue time, pool acquire wait, transaction duration, lock wait, and request-path CPU work when available.
60
+ - Data shape: request parameters, page size, relation counts, tenant or user scope, expected result size, maximum payload, large JSON/TEXT/BLOB fields, and response projection.
61
+ - ORM behavior: lazy loading, eager loading, generated SQL, relation access in serializers or templates, Django `select_related` and `prefetch_related`, Rails `includes`, `preload`, `eager_load`, and `strict_loading`, or equivalent framework behavior.
62
+ - Database evidence when available: `SELECT *`, app-side filtering or sorting, deep `OFFSET`, `COUNT(*)`, index fit for `WHERE` plus `ORDER BY` plus `LIMIT`, `EXPLAIN`, estimated rows, actual rows, join cardinality, and selectivity.
63
+ - Cache and Redis evidence: request-scope cache, key dimensions, cache miss path, `MGET`, pipeline behavior, Redis round trips, Redis Slow Log limitations, hot keys, fallback behavior, and stampede controls.
64
+ - Correctness boundaries: authorization, tenant isolation, ordering, duplicates, pagination stability, consistency, idempotency, timeout, cancellation, partial failure, stale data, and response contract.
65
+ - Relevant command-intent contract entries for build, tests, docs, release checks, and mustflow validation.
66
+
67
+ <!-- mustflow-section: preconditions -->
68
+ ## Preconditions
69
+
70
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
71
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
72
+ - Required inputs are available, or missing route, query-count, trace, cache, or payload evidence can be reported without guessing.
73
+ - If database query shape is changed, also apply the matching database skill.
74
+ - If cache correctness or invalidation behavior changes, also apply `cache-integrity-review`.
75
+ - If retry, timeout, queue, health, idempotency, or external-service failure behavior changes, also apply `backend-reliability-change`.
76
+ - If authorization, tenant scope, personal data, logs, telemetry, or cache keys affect the API path, also apply the relevant security or privacy skill.
77
+
78
+ <!-- mustflow-section: allowed-edits -->
79
+ ## Allowed Edits
80
+
81
+ - Narrow projection, remove route-level overfetching, batch per-item database or Redis calls, replace repeated external calls with bounded aggregation, add request-scope memoization, move app-side filtering or sorting into the right data layer, shorten transactions, and add bounded concurrency where semantics are clear.
82
+ - Add or tighten route-level observability for route span timing, DB query count, pool acquire wait, Redis count, cache hit or miss, external latency, response bytes, JSON serialization time, queue time, and request-path CPU work when local patterns support it.
83
+ - Add focused tests or fixtures for query count, lazy-loading prevention, pagination stability, response projection, authorization scope, cache key dimensions, timeout behavior, serialization shape, or error boundaries when repository patterns support them.
84
+ - Do not add speculative caches, unbounded eager loading, unbounded concurrency, broad denormalization, new infrastructure, raw load tests, or profiling hooks without evidence and ownership of invalidation, backpressure, and failure behavior.
85
+ - Do not trade correctness, authorization, tenant isolation, response contract, idempotency, ordering, or partial-failure behavior for a faster-looking request path.
86
+
87
+ <!-- mustflow-section: procedure -->
88
+ ## Procedure
89
+
90
+ 1. Name the API request boundary first. Include the route, handler, controller, resolver, serializer, mapper, service method, response builder, and downstream calls that run before the response is committed.
91
+ 2. Build a Request cost ledger. Record DB query count, Redis round trips, external API calls, filesystem or object-storage calls, cache hit or miss, payload size, response bytes, JSON serialization time, DTO mapping time, pool acquire wait, transaction duration, lock wait, queue time, and request-path CPU work. Mark unavailable values as missing evidence rather than inventing them.
92
+ 3. Count repeated I/O before reading abstraction names.
93
+ - A loop, mapper, serializer, resolver, template, or DTO builder that calls DB, Redis, HTTP, RPC, filesystem, object storage, provider SDK, queue, logger, metrics, crypto, compression, or image processing is the first suspect.
94
+ - Sequential `await` inside a loop is still serial request latency unless the operations are order-dependent.
95
+ - Unbounded fan-out is not a fix. Use bounded concurrency only when the downstream resource and failure behavior are understood.
96
+ 4. Inspect ORM serializer and mapper paths.
97
+ - Property reads such as `user.team.name`, `order.items`, `post.comments`, or equivalent relation access can be hidden queries.
98
+ - In Django, choose `select_related` for single-valued relations and `prefetch_related` for multi-valued relations when the route actually needs them.
99
+ - In Rails, compare `includes`, `preload`, `eager_load`, and `strict_loading`; use strict loading or query-count tests where local patterns support them.
100
+ - Treat eager loading too much as a separate bug. It can replace N+1 with row explosion, duplicate parents, memory bloat, or huge response mapping.
101
+ 5. Check query projection and response projection together.
102
+ - Flag `SELECT *`, full entity hydration, unbounded DTOs, and list endpoints that fetch large JSON, TEXT, BLOB, image, metadata, audit, or internal columns.
103
+ - Fetch detail fields only after narrowing the row set when the route returns a list, feed, search result, or admin table.
104
+ 6. Push filtering, sorting, grouping, and distinct work to the right layer.
105
+ - App-side filtering after loading many rows usually hides a database or cache misuse.
106
+ - App-side sorting, grouping, or `distinct` after join fan-out can turn a small response into a large server memory job.
107
+ - Preserve authorization, tenant scope, null semantics, duplicates, and stable ordering when moving work.
108
+ 7. Review pagination and counts as latency surfaces.
109
+ - Deep `OFFSET` pages usually make the database count and discard earlier rows.
110
+ - Prefer keyset or cursor pagination with stable tie-breakers when arbitrary page jumps are not a product requirement.
111
+ - Expensive `COUNT(*)` for every request needs a product reason, approximate or cached count policy, or deferred count behavior.
112
+ 8. Match indexes to the whole request query.
113
+ - Check `WHERE`, `ORDER BY`, and `LIMIT` together instead of asking only whether one predicate has an index.
114
+ - Functions around columns, implicit casts, `LOWER(email)`, `DATE(created_at)`, timezone conversion, `%keyword%`, low-selectivity predicates, and mismatched sort order can defeat useful index access.
115
+ - When plan evidence exists, compare `EXPLAIN` estimated rows with actual rows, join cardinality, loops, rows examined, rows returned, buffers, temp files, sort method, and lock or pool wait.
116
+ 9. Keep external calls out of transactions.
117
+ - Do not hold a DB transaction while waiting for an external API, file upload, object storage, Redis fallback, image processing, logging sink, or user-controlled operation.
118
+ - Move external effects after commit with an outbox, job, reconciliation record, or idempotent follow-up only when the repository already owns that pattern.
119
+ 10. Separate database execution time from pool acquire wait.
120
+ - A query can look fast while the request waits for a saturated connection pool.
121
+ - Review pool acquire time, pool size, transaction duration, connection leaks, per-request client creation, and slow downstream calls holding connections.
122
+ 11. Check Redis as a network service, not as free memory.
123
+ - Redis calls inside loops are request latency. Prefer `MGET`, pipelining, batching, or request-scope cache when semantics allow.
124
+ - Redis Slow Log does not include client round-trip time, connection wait, serialization, or application loop overhead.
125
+ - Review cache miss path, fallback DB pressure, stampede control, hot keys, and key cardinality before calling the cache safe.
126
+ 12. Review cache key scope and miss behavior.
127
+ - A key that is too narrow can leak or serve wrong data; a key that is too wide can explode cardinality and never hit.
128
+ - Count what happens on miss: DB calls, external calls, serialization, lock or singleflight behavior, early refresh, negative caching, stale serve, and timeout.
129
+ 13. Count JSON, DTO, and response building costs.
130
+ - Repeated JSON parse/stringify, broad DTO-to-DTO mapping, deep clone, object spread over large arrays, and whole-object logging can dominate route CPU.
131
+ - Large response bytes increase server serialization, compression, network transfer, browser parse, and client cache pressure.
132
+ 14. Check request-path CPU before offloading blame to the database.
133
+ - Compression, crypto, hashing, image resize, PDF or spreadsheet generation, diffing, regex, report rendering, and large locale formatting can block the request.
134
+ - For Node, look for event-loop blocking and flame graph evidence when available. For Go, use pprof evidence when available. For MongoDB, inspect `explain()` evidence when the route depends on MongoDB query shape.
135
+ 15. Treat observability as part of the fix when evidence is missing.
136
+ - Add OpenTelemetry or existing tracing spans only through local patterns.
137
+ - Prefer route span, DB query count, Redis count, external-call count, pool acquire wait, cache hit or miss, external latency, response bytes, JSON serialization time, queue time, timeout count, and error category over vague "seems slow" comments.
138
+ 16. Rank fixes by request payoff.
139
+ - Usually fix per-item DB or Redis calls, ORM lazy loading, app-side filtering after overfetch, deep offset pagination, expensive counts, external calls inside transactions, pool waits, unbounded fan-out, huge responses, and missing spans before micro-optimizing helper code.
140
+ 17. Label evidence honestly.
141
+ - Static review can identify likely API latency risks but cannot prove speedup.
142
+ - A trace from a tiny fixture, warm local cache, or empty database is not representative production evidence.
143
+
144
+ <!-- mustflow-section: postconditions -->
145
+ ## Postconditions
146
+
147
+ - The API request boundary and Request cost ledger are explicit.
148
+ - DB query count, Redis call count, external API call count, cache hit or miss behavior, response bytes, serialization cost, transaction scope, pool acquire wait, and request-path CPU work are fixed, bounded, instrumented, or reported.
149
+ - ORM lazy loading, eager-loading overfetch, `SELECT *`, app-side filtering or sorting, deep `OFFSET`, expensive `COUNT(*)`, index mismatch, external call inside transaction, Redis loop, and cache miss amplification are checked where relevant.
150
+ - Correctness, authorization, tenant isolation, idempotency, ordering, pagination stability, partial failure, cancellation, timeout, and stale-data behavior remain intact or are reported as tradeoffs.
151
+ - API performance claims are backed by configured evidence, trace evidence, plan evidence, or labeled as static review risk.
152
+
153
+ <!-- mustflow-section: verification -->
154
+ ## Verification
155
+
156
+ Use configured oneshot command intents when available:
157
+
158
+ - `changes_status`
159
+ - `changes_diff_summary`
160
+ - `lint`
161
+ - `build`
162
+ - `test_related`
163
+ - `test`
164
+ - `docs_validate_fast`
165
+ - `test_release`
166
+ - `mustflow_check`
167
+
168
+ Use the narrowest configured test, build, docs, release, or mustflow intent that covers the changed API request path. Do not infer raw server, load-test, benchmark, profiler, database shell, Redis shell, browser, or package-manager commands outside the command contract.
169
+
170
+ <!-- mustflow-section: failure-handling -->
171
+ ## Failure Handling
172
+
173
+ - If route-level traces, query counts, payload size, cache behavior, or pool wait evidence are missing, report static risk instead of claiming measured latency.
174
+ - If the safe fix requires engine-specific database features, use the matching database skill before editing those surfaces.
175
+ - If the safe fix requires production traces, load tests, flame graphs, pprof captures, MongoDB `explain()` from live data, Redis Slow Log access, provider dashboards, or unconfigured commands, report the manual evidence boundary instead of running raw commands.
176
+ - If optimization conflicts with correctness, authorization, tenant isolation, idempotency, ordering, partial failure, or the response contract, keep correctness and report the tradeoff.
177
+ - If a configured test, build, docs, release, or mustflow command fails, preserve the failing intent and output tail, then fix only the behavior or contract exercised by the failure.
178
+
179
+ <!-- mustflow-section: output-format -->
180
+ ## Output Format
181
+
182
+ - API request path reviewed
183
+ - Request cost ledger: route span, DB query count, Redis count, external API calls, filesystem or object-storage calls, payload size, response bytes, JSON serialization time, DTO mapping time, cache hit or miss, queue time, pool acquire wait, transaction duration, lock wait, and request-path CPU work
184
+ - ORM lazy loading, eager loading, projection, pagination, count, index fit, app-side filtering or sorting, transaction, pool, Redis, cache miss, serialization, response size, CPU-heavy request work, and observability findings
185
+ - API request performance change made or recommended
186
+ - Evidence level: measured trace, configured-test evidence, plan evidence, static review risk, manual-only, missing, or not applicable
187
+ - Command intents run
188
+ - Skipped measurements and reasons
189
+ - Remaining API request performance risk
@@ -0,0 +1,309 @@
1
+ ---
2
+ mustflow_doc: skill.app-startup-performance-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: app-startup-performance-review
9
+ description: Apply this skill when Android, iOS, React Native, Flutter, Tauri mobile, desktop app shell, Electron, or other installed app code needs startup performance review from icon tap or process launch to first frame and fully usable state, including cold, warm, or hot start, Android TTID and TTFD, `reportFullyDrawn()`, Android Vitals startup thresholds, Xcode Organizer, Instruments App Launch or Time Profiler, `Application.onCreate()`, `AppDelegate`, ContentProvider auto-init, AndroidX App Startup, DI graph creation, SDK initialization, static initializers, main-thread disk or network work, cache snapshots, launch migrations, first-screen layout, launch assets, custom fonts, R8, Baseline Profile, Startup Profile, Macrobenchmark, Perfetto, Hermes, JavaScript or Dart import graphs, deferred components, shader warmup, on-demand modules, splash holds, auth or config gates, and post-first-frame work queues.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.app-startup-performance-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # App Startup Performance Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Review installed app startup as a launch critical path from icon tap or process start to first frame
33
+ and fully usable state, not as a splash-screen masking problem.
34
+
35
+ The review question is not "does the splash look smooth?" It is "what code, I/O, SDK, dependency
36
+ graph, asset, first-screen, auth, or config gate blocks the user before the app can draw and before
37
+ the first useful action works?"
38
+
39
+ <!-- mustflow-section: use-when -->
40
+ ## Use When
41
+
42
+ - Android, iOS, React Native, Flutter, Tauri mobile, Electron, desktop app shell, or packaged app
43
+ code is created, changed, reviewed, or reported with startup, launch, splash, first frame, first
44
+ screen, time-to-interactive, time-to-full-display, cold start, warm start, hot start, blank screen,
45
+ slow app open, initial route, auth bootstrap, config bootstrap, SDK initialization, or app shell
46
+ performance risk.
47
+ - Code touches `Application.onCreate()`, `AppDelegate`, Android ContentProvider auto-init, AndroidX
48
+ App Startup initializers, dependency injection graph creation, service locators, SDK setup, crash
49
+ reporting, analytics, remote config, feature flags, A/B experiments, ad SDKs, database open,
50
+ migrations, cache cleanup, thumbnail generation, log compression, static initializers, top-level
51
+ imports, global constants, first-screen assets, custom fonts, launch resources, route bootstrap,
52
+ React Native bundles, Flutter first frame, Tauri or Electron preload, or on-demand modules.
53
+ - A final report claims startup is faster, startup-safe, splash-safe, fully drawn, release-ready,
54
+ app-store quality, Play quality, low-end-device safe, or measured by Android Vitals, TTID, TTFD,
55
+ `reportFullyDrawn()`, Xcode Organizer, Instruments, Macrobenchmark, Perfetto, or similar evidence.
56
+
57
+ <!-- mustflow-section: do-not-use-when -->
58
+ ## Do Not Use When
59
+
60
+ - The task is purely web page first render, Core Web Vitals, LCP, browser TTFB, route prefetch, or
61
+ web hydration outside an installed app shell; use `web-render-performance-review`.
62
+ - The task is per-frame browser jank, INP, scroll, animation, style, layout, paint, compositing, or
63
+ interaction rendering after startup; use `frame-render-performance-review`.
64
+ - The task is mobile battery, background wakeups, radio, GPS, sensors, Low Power Mode, Battery
65
+ Saver, or energy diagnostics without launch critical-path impact; use `mobile-energy-efficiency-review`.
66
+ - The task is broad runtime performance, backend latency, database throughput, memory, allocation,
67
+ queueing, or generic hot-path work with no app startup boundary; use `performance-budget-check`.
68
+ - The operation only changes splash branding, colors, copy, or artwork with no launch timing,
69
+ startup task, first-screen, asset, or fully usable state claim.
70
+
71
+ <!-- mustflow-section: required-inputs -->
72
+ ## Required Inputs
73
+
74
+ - Startup scope ledger: platform, app type, target release build, device class, OS version, startup
75
+ type, entry route, first frame definition, fully usable state definition, and whether the path is
76
+ cold start, warm start, hot start, or process resume.
77
+ - Measurement ledger: Android Vitals, TTID, TTFD, `reportFullyDrawn()` timing, Macrobenchmark,
78
+ Perfetto, Startup Profile, Baseline Profile, Xcode Organizer, Instruments App Launch, Time
79
+ Profiler, release/profile device evidence, low-end physical device evidence, or an explicit
80
+ static-only boundary.
81
+ - Launch critical-path ledger: process entry, app delegate or application class, ContentProvider
82
+ auto-init, AndroidX App Startup initializers, dependency graph creation, SDK initialization,
83
+ static initializers, top-level imports, app shell bootstrap, first route, first view controller or
84
+ activity, and first navigation decision.
85
+ - Main-thread blocking ledger: synchronous disk reads, network calls, JSON parsing, database open,
86
+ SQLite access, SharedPreferences, DataStore, UserDefaults, Keychain, secure storage, file scans,
87
+ font loading, image decode, shader work, and strict-mode or profiler evidence.
88
+ - First usable state ledger: cached snapshot, local token, local config, remote config gate, feature
89
+ flag gate, server validation, kill switch, offline behavior, first CTA availability, and
90
+ post-first-frame refresh policy.
91
+ - First-screen render ledger: shell complexity, list size, nested scroll, custom chart, map, video,
92
+ Lottie, blur, shadow, SVG, oversized launch resources, custom fonts, synchronous layout work,
93
+ cached summary, and placeholder stability.
94
+ - Deferred work ledger: analytics, crash SDK, ad SDK, remote config refresh, feature experiments,
95
+ migrations, cache cleanup, thumbnail regeneration, log compression, prefetch, warmup, telemetry,
96
+ and idle or screen-entry queue ownership.
97
+ - Platform optimization ledger: Android R8, shrink or optimize settings, keep-rule side effects,
98
+ Baseline Profile, Startup Profile, Macrobenchmark CI, Perfetto traces, AndroidX App Startup,
99
+ on-demand modules, iOS dynamic frameworks, mergeable libraries, Objective-C `+load`, C++ static
100
+ constructors, React Native Hermes, lazy loading, inline require, import graph, Flutter deferred
101
+ components, shader warmup tradeoff, and Tauri or Electron preload cost.
102
+ - Existing tests, startup budgets, profiler traces, telemetry, build outputs, package surfaces,
103
+ synchronized docs or templates, and configured command-intent evidence.
104
+
105
+ <!-- mustflow-section: preconditions -->
106
+ ## Preconditions
107
+
108
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
109
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
110
+ current scope.
111
+ - Required startup evidence is available from current files, diffs, docs, configured outputs, user
112
+ evidence, or can be reported as missing without guessing.
113
+ - Review release or profile behavior, not only debug builds, simulators, emulators, hot-reload
114
+ sessions, flagship devices, or local developer machines.
115
+ - If code touches auth, permissions, privacy, payments, migrations, storage, push, analytics, or
116
+ third-party SDKs, also use the matching narrower security, data, migration, telemetry, or
117
+ dependency skill when its trigger is present.
118
+
119
+ <!-- mustflow-section: allowed-edits -->
120
+ ## Allowed Edits
121
+
122
+ - Move noncritical SDK initialization, analytics, remote config, feature experiments, ad SDKs,
123
+ cache cleanup, log compression, prefetch, migrations, heavy parsing, and thumbnail work from
124
+ pre-first-frame startup into post-first-frame, idle, background-safe, or screen-entry queues.
125
+ - Replace eager dependency graph construction, top-level imports, static initializers, app-wide
126
+ service locator setup, and auto-initialized providers with lazy, scoped, or explicit startup
127
+ owners when the repository evidence supports the change.
128
+ - Add or tighten startup budgets, measurement hooks, `reportFullyDrawn()` placement, first usable
129
+ state tests, lazy-init tests, macrobenchmark-style harness integration, profiler notes, and
130
+ synchronized docs or templates when the repository already has a pattern or configured intent.
131
+ - Simplify first-screen render work, use cached snapshots, defer server validation, limit remote
132
+ config gates, reduce first-screen asset and font cost, and split on-demand modules when in scope.
133
+ - Do not hide slow startup behind a longer splash hold, fake `reportFullyDrawn()` early, remove
134
+ necessary safety gates, skip required migrations unsafely, or trade correctness, auth, privacy,
135
+ data integrity, crash diagnostics, accessibility, or user trust for a faster-looking first paint.
136
+ - Do not start raw Android Studio, Xcode, emulator, device, profiler, browser, package-manager,
137
+ benchmark, or dev-server workflows outside the configured command contract.
138
+
139
+ <!-- mustflow-section: procedure -->
140
+ ## Procedure
141
+
142
+ 1. Define the startup target before tuning.
143
+ - Name cold start, warm start, hot start, process resume, or first route transition.
144
+ - Name the user-visible first frame and the fully usable state separately.
145
+ - For Android, distinguish TTID from TTFD and require `reportFullyDrawn()` to mark real usable
146
+ completion, not an early metric shortcut.
147
+ - For iOS, distinguish launch display, first screen readiness, and post-launch work visible in
148
+ Xcode Organizer or Instruments.
149
+ 2. Check measurement quality.
150
+ - Prefer release or profile builds on a low-end physical device for startup claims.
151
+ - Treat debug builds, simulators, emulators, hot reload, warm dev caches, and flagship-only
152
+ evidence as weak or non-representative.
153
+ - Use Android Vitals cold, warm, and hot startup thresholds, Macrobenchmark, Perfetto, Startup
154
+ Profile, Baseline Profile, Xcode Organizer, Instruments App Launch, and Time Profiler only
155
+ when they are configured or provided. Otherwise label the result as static startup risk.
156
+ 3. Draw the launch critical path.
157
+ - List every owner that runs before the first frame: OS entry, `Application.onCreate()`,
158
+ `AppDelegate`, ContentProvider auto-init, AndroidX App Startup, dependency injection, SDK
159
+ setup, static initializers, top-level imports, first route, first activity or view controller,
160
+ first database open, and first network decision.
161
+ - Mark whether each item is required for first pixels, required for first useful action, or
162
+ deferrable.
163
+ 4. Empty the application delegate or application class.
164
+ - Do not treat `Application.onCreate()` or `AppDelegate` as a warehouse for analytics, crash SDKs,
165
+ remote config, feature flags, A/B experiments, ad SDKs, database open, dependency graph build,
166
+ cache warmup, and one-time cleanup.
167
+ - Keep only the minimum process safety and routing prerequisites there.
168
+ 5. Audit auto-init.
169
+ - On Android, search ContentProvider and AndroidX App Startup initialization paths before blaming
170
+ visible application code.
171
+ - Disable or defer third-party auto-init when the SDK supports it and startup does not need it.
172
+ - Keep a single explicit startup owner so SDK order and failure behavior are reviewable.
173
+ 6. Shrink dependency graph creation.
174
+ - Do not build the whole DI container, service locator, repository graph, database stack, or SDK
175
+ registry before first frame when the first screen needs only a small subset.
176
+ - Prefer lazy providers, route-scoped owners, and first-use construction with clear failure paths.
177
+ 7. Hunt static initializer cost.
178
+ - Check Kotlin `object` and companion object initialization, Java static blocks, Swift global
179
+ constants, Objective-C `+load`, C++ static constructors, module-level JavaScript or Dart
180
+ code, and Electron or Tauri preload side effects.
181
+ - Move heavy parsing, disk reads, regex compilation, crypto setup, SDK access, and service
182
+ creation out of static startup paths.
183
+ 8. Remove main-thread disk and network before first frame.
184
+ - Treat SharedPreferences, DataStore, UserDefaults, Keychain, secure storage, SQLite, JSON files,
185
+ file scans, cache index reads, network fetches, DNS, TLS, and remote config calls as startup
186
+ blockers until proven asynchronous and non-blocking.
187
+ - Use platform strict-mode, profiler, or trace evidence when available; otherwise report static
188
+ risk instead of claiming the path is clean.
189
+ 9. Make first usable state mostly local.
190
+ - Draw the first screen from a small cache snapshot, local token, and last-known safe config when
191
+ product semantics allow it.
192
+ - Defer server validation, full remote config refresh, feature experiment fetches, personalization,
193
+ and secondary data until after first frame or screen entry.
194
+ - Keep only a minimal synchronous kill switch or safety gate when the product truly needs it.
195
+ 10. Keep migrations and maintenance off launch.
196
+ - Do not run large database migrations, cache cleanup, thumbnail regeneration, log compression,
197
+ full-text index rebuilds, media scans, or telemetry flushes before first frame.
198
+ - Split required compatibility checks from heavy maintenance; schedule heavy work after first
199
+ usable state with cancellation, retry, and failure visibility.
200
+ 11. Make the first screen cheap.
201
+ - Prefer a lightweight shell, primary CTA, cached summary, stable placeholders, and enough
202
+ content for orientation.
203
+ - Defer nested scroll containers, custom charts, maps, video, Lottie, shadows, blur, SVG-heavy
204
+ illustrations, huge lists, and complex text measurement until after startup unless they are
205
+ the core first task.
206
+ 12. Keep launch assets and fonts small.
207
+ - Use appropriately sized launch resources, not full-resolution marketing artwork.
208
+ - Limit first-screen custom font families, weights, and icon fonts; use system or fallback fonts
209
+ when the first usable state matters more than brand polish.
210
+ - Avoid startup JSON parsing or asset manifest scans that exist only to select decoration.
211
+ 13. Apply Android startup tooling deliberately.
212
+ - Check R8 optimize and shrink behavior, keep-rule bloat, class loading, Baseline Profile,
213
+ Startup Profile, Macrobenchmark coverage, Perfetto trace boundaries, and AndroidX App Startup
214
+ ownership.
215
+ - Use on-demand modules for large optional features when the module split is already supported
216
+ or explicitly in scope.
217
+ 14. Apply iOS startup tooling deliberately.
218
+ - Review third-party framework count, dynamic framework loading, mergeable library options,
219
+ Objective-C `+load`, C++ static constructors, global Swift initialization, and app delegate
220
+ work.
221
+ - Use Xcode Organizer, Instruments App Launch, and Time Profiler evidence when available.
222
+ 15. Apply hybrid framework startup rules.
223
+ - React Native: check Hermes, startup bundle size, lazy loading, `inline require`, import graph,
224
+ top-level side effects, native module eager init, and whether one heavy import pulls in a
225
+ screen that the first route does not need.
226
+ - Flutter: check release or profile startup on device, deferred components, shader warmup as a
227
+ tradeoff, synchronous plugin setup, isolate startup, and first-frame work.
228
+ - Electron or Tauri: check preload script cost, window creation, sync filesystem access, eager
229
+ native plugin load, and first window route imports.
230
+ 16. Split work by launch phase.
231
+ - Put only process-critical prerequisites before first frame.
232
+ - Put visible first-screen requirements before fully usable state.
233
+ - Put analytics, remote config refresh, prefetch, optional SDKs, cleanup, and warmup after first
234
+ frame, idle, background-safe scheduling, or screen entry.
235
+ - Give each deferred bucket an owner, cancellation rule, timeout, retry policy, and observability.
236
+ 17. Verify or label the evidence.
237
+ - Use configured tests, builds, docs checks, release checks, and mustflow checks for repository
238
+ surfaces changed by the review.
239
+ - Use platform traces, Macrobenchmark, Perfetto, Android Vitals, Xcode Organizer, and
240
+ Instruments only when they are configured or supplied.
241
+ - Report missing device, profiler, release-build, low-end-device, production telemetry, or
242
+ benchmark evidence instead of claiming measured startup improvement.
243
+
244
+ <!-- mustflow-section: postconditions -->
245
+ ## Postconditions
246
+
247
+ - Startup type, first frame, fully usable state, measurement quality, release/profile device
248
+ boundary, launch critical path, app delegate or application class work, auto-init, dependency
249
+ graph, static initializers, main-thread I/O, first-screen data source, auth and config gates,
250
+ maintenance work, first-screen render complexity, assets, fonts, platform optimizations, hybrid
251
+ framework import graph, deferred queue ownership, and verification evidence are explicit.
252
+ - Splash masking, early `reportFullyDrawn()` metric gaming, debug-only measurement, simulator-only
253
+ claims, flagship-only claims, app delegate warehouses, ContentProvider surprise init, eager DI
254
+ graph construction, SDK auto-init, static initializer cost, main-thread disk or network, network
255
+ first-screen dependency, launch migrations, cache cleanup, heavy first screen, oversized launch
256
+ assets, font bloat, React Native top-level import bloat, Flutter shader surprise, and unowned
257
+ deferred work are fixed or reported.
258
+ - Startup performance claims are backed by configured tests, platform diagnostic evidence, static
259
+ review evidence, or labeled as manual-only or missing.
260
+
261
+ <!-- mustflow-section: verification -->
262
+ ## Verification
263
+
264
+ Use configured oneshot command intents when available:
265
+
266
+ - `changes_status`
267
+ - `changes_diff_summary`
268
+ - `lint`
269
+ - `build`
270
+ - `test_related`
271
+ - `test`
272
+ - `docs_validate_fast`
273
+ - `test_release`
274
+ - `mustflow_check`
275
+
276
+ Prefer the narrowest configured test, build, docs, release, or mustflow intent that covers the
277
+ changed startup surface and synchronized template surfaces. Do not infer raw Android Studio, Xcode,
278
+ emulator, physical device, profiler, platform dashboard, package-manager, benchmark, or dev-server
279
+ commands outside the command contract.
280
+
281
+ <!-- mustflow-section: failure-handling -->
282
+ ## Failure Handling
283
+
284
+ - If a configured command fails, preserve the failing intent, failing assertion or output tail, and
285
+ the startup invariant it exercised before editing again.
286
+ - If first frame or fully usable state cannot be defined, report that startup performance is not
287
+ reviewable yet instead of adding generic lazy loading.
288
+ - If release-build, device, profiler, or production telemetry evidence is missing, complete
289
+ available static and configured-test evidence and report the missing measurement boundary.
290
+ - If safe repair requires product changes to auth, config, SDK policy, migration design, native
291
+ module ownership, release profiling, platform entitlements, or third-party SDK settings outside
292
+ scope, report the boundary instead of inventing commands.
293
+ - If startup speed conflicts with security, privacy, data migration integrity, crash reporting,
294
+ accessibility, or user trust, keep the safer behavior and report the startup tradeoff.
295
+
296
+ <!-- mustflow-section: output-format -->
297
+ ## Output Format
298
+
299
+ - App startup boundary reviewed
300
+ - Startup type, first frame, fully usable state, measurement quality, and evidence level
301
+ - Launch critical path, auto-init, dependency graph, static initializer, main-thread I/O, first data,
302
+ auth/config gate, maintenance, first-screen render, asset/font, platform tooling, hybrid framework,
303
+ and deferred-work findings
304
+ - Startup fixes made or recommended
305
+ - Evidence level: measured, configured-test evidence, static startup risk, manual-only, missing, or
306
+ not applicable
307
+ - Command intents run
308
+ - Skipped startup diagnostics and reasons
309
+ - Remaining app-startup performance risk