mustflow 2.70.0 → 2.74.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +19 -5
  2. package/dist/cli/commands/api.js +17 -0
  3. package/dist/cli/commands/evidence.js +71 -0
  4. package/dist/cli/commands/script-pack.js +124 -0
  5. package/dist/cli/commands/verify.js +50 -15
  6. package/dist/cli/commands/workspace.js +2 -0
  7. package/dist/cli/i18n/en.js +38 -0
  8. package/dist/cli/i18n/es.js +38 -0
  9. package/dist/cli/i18n/fr.js +38 -0
  10. package/dist/cli/i18n/hi.js +38 -0
  11. package/dist/cli/i18n/ko.js +38 -0
  12. package/dist/cli/i18n/zh.js +38 -0
  13. package/dist/cli/index.js +1 -0
  14. package/dist/cli/lib/agent-context.js +179 -10
  15. package/dist/cli/lib/command-registry.js +6 -0
  16. package/dist/cli/lib/dashboard-export.js +1 -0
  17. package/dist/cli/lib/script-pack-registry.js +27 -0
  18. package/dist/cli/script-packs/core-text-budget.js +241 -0
  19. package/dist/core/change-verification.js +10 -0
  20. package/dist/core/completion-verdict.js +14 -1
  21. package/dist/core/complexity-budget.js +206 -0
  22. package/dist/core/conflict-ledger.js +122 -0
  23. package/dist/core/failure-replay-capsule.js +213 -0
  24. package/dist/core/public-json-contracts.js +27 -0
  25. package/dist/core/risk-priced-evidence.js +213 -0
  26. package/dist/core/script-check-result.js +1 -0
  27. package/dist/core/text-budget.js +262 -0
  28. package/dist/core/verification-evidence.js +61 -13
  29. package/package.json +1 -1
  30. package/schemas/README.md +23 -11
  31. package/schemas/change-verification-report.schema.json +29 -0
  32. package/schemas/context-report.schema.json +58 -2
  33. package/schemas/dashboard-export.schema.json +42 -1
  34. package/schemas/diff-risk.schema.json +6 -0
  35. package/schemas/evidence-report.schema.json +45 -0
  36. package/schemas/latest-run-pointer.schema.json +50 -1
  37. package/schemas/script-pack-catalog.schema.json +68 -0
  38. package/schemas/text-budget-report.schema.json +131 -0
  39. package/schemas/verification-plan.schema.json +32 -0
  40. package/schemas/verify-report.schema.json +360 -1
  41. package/schemas/verify-run-manifest.schema.json +50 -1
  42. package/schemas/workspace-verification-plan.schema.json +32 -0
  43. package/templates/default/i18n.toml +2 -2
  44. package/templates/default/locales/en/.mustflow/skills/INDEX.md +2 -2
  45. package/templates/default/locales/en/.mustflow/skills/adapter-boundary/SKILL.md +19 -2
  46. package/templates/default/locales/en/.mustflow/skills/routes.toml +1 -1
  47. package/templates/default/manifest.toml +1 -1
@@ -40,14 +40,22 @@
40
40
  },
41
41
  "execution_status": { "enum": ["passed", "partial", "failed", "blocked"] },
42
42
  "status": { "enum": ["passed", "partial", "failed", "blocked"] },
43
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
43
44
  "completion_verdict": { "$ref": "#/$defs/completionVerdict" },
44
45
  "evidence_model": { "$ref": "#/$defs/evidenceModel" },
46
+ "conflict_ledger": { "$ref": "#/$defs/conflictLedger" },
45
47
  "failure_fingerprint": {
46
48
  "anyOf": [
47
49
  { "$ref": "#/$defs/failureFingerprint" },
48
50
  { "type": "null" }
49
51
  ]
50
52
  },
53
+ "failure_replay_capsule": {
54
+ "anyOf": [
55
+ { "$ref": "#/$defs/failureReplayCapsule" },
56
+ { "type": "null" }
57
+ ]
58
+ },
51
59
  "repeated_failure_summary": {
52
60
  "anyOf": [
53
61
  { "$ref": "#/$defs/repeatedFailureSummary" },
@@ -118,6 +126,146 @@
118
126
  }
119
127
  },
120
128
  "$defs": {
129
+ "stringArray": {
130
+ "type": "array",
131
+ "items": { "type": "string" }
132
+ },
133
+ "conflictLedger": {
134
+ "type": "object",
135
+ "additionalProperties": false,
136
+ "required": [
137
+ "schema_version",
138
+ "source",
139
+ "status",
140
+ "item_count",
141
+ "blocking_count",
142
+ "contradiction_count",
143
+ "items"
144
+ ],
145
+ "properties": {
146
+ "schema_version": { "const": "1" },
147
+ "source": { "const": "verification_evidence_model" },
148
+ "status": { "enum": ["clear", "open"] },
149
+ "item_count": { "type": "integer", "minimum": 0 },
150
+ "blocking_count": { "type": "integer", "minimum": 0 },
151
+ "contradiction_count": { "type": "integer", "minimum": 0 },
152
+ "items": {
153
+ "type": "array",
154
+ "items": { "$ref": "#/$defs/conflictLedgerItem" }
155
+ }
156
+ }
157
+ },
158
+ "conflictLedgerItem": {
159
+ "type": "object",
160
+ "additionalProperties": false,
161
+ "required": [
162
+ "id",
163
+ "kind",
164
+ "status",
165
+ "severity",
166
+ "summary",
167
+ "detail",
168
+ "sources",
169
+ "affected_paths",
170
+ "affected_surfaces",
171
+ "blocks_completion",
172
+ "resolution",
173
+ "owner",
174
+ "expires_at"
175
+ ],
176
+ "properties": {
177
+ "id": { "type": "string", "pattern": "^conflict:[0-9a-f]{16}$" },
178
+ "kind": { "enum": ["blocker", "contradiction", "verification_gap", "remaining_risk"] },
179
+ "status": { "const": "open" },
180
+ "severity": { "enum": ["info", "warning", "error", "critical"] },
181
+ "summary": { "type": "string" },
182
+ "detail": { "type": "string" },
183
+ "sources": {
184
+ "type": "array",
185
+ "items": { "$ref": "#/$defs/conflictLedgerSource" }
186
+ },
187
+ "affected_paths": { "$ref": "#/$defs/stringArray" },
188
+ "affected_surfaces": { "$ref": "#/$defs/stringArray" },
189
+ "blocks_completion": { "type": "boolean" },
190
+ "resolution": { "type": "string" },
191
+ "owner": { "const": "user_or_maintainer" },
192
+ "expires_at": { "type": "null" }
193
+ }
194
+ },
195
+ "conflictLedgerSource": {
196
+ "type": "object",
197
+ "additionalProperties": false,
198
+ "required": ["kind", "authority", "key", "paths", "surfaces"],
199
+ "properties": {
200
+ "kind": { "enum": ["completion_verdict", "verification_gap", "remaining_risk"] },
201
+ "authority": { "enum": ["verdict", "verification_plan", "evidence_model"] },
202
+ "key": { "type": ["string", "null"] },
203
+ "paths": { "$ref": "#/$defs/stringArray" },
204
+ "surfaces": { "$ref": "#/$defs/stringArray" }
205
+ }
206
+ },
207
+ "complexityBudget": {
208
+ "type": "object",
209
+ "additionalProperties": false,
210
+ "required": [
211
+ "schema_version",
212
+ "source",
213
+ "status",
214
+ "score",
215
+ "budget",
216
+ "metrics",
217
+ "risks",
218
+ "review_prompts"
219
+ ],
220
+ "properties": {
221
+ "schema_version": { "const": "1" },
222
+ "source": { "const": "change_classification" },
223
+ "status": { "enum": ["within_budget", "review_required"] },
224
+ "score": { "type": "integer", "minimum": 0 },
225
+ "budget": { "type": "integer", "minimum": 0 },
226
+ "metrics": {
227
+ "type": "array",
228
+ "items": { "$ref": "#/$defs/complexityBudgetMetric" }
229
+ },
230
+ "risks": {
231
+ "type": "array",
232
+ "items": { "$ref": "#/$defs/complexityBudgetRisk" }
233
+ },
234
+ "review_prompts": { "$ref": "#/$defs/stringArray" }
235
+ }
236
+ },
237
+ "complexityBudgetMetric": {
238
+ "type": "object",
239
+ "additionalProperties": false,
240
+ "required": ["name", "value", "weight", "weighted_score"],
241
+ "properties": {
242
+ "name": { "type": "string" },
243
+ "value": { "type": "integer", "minimum": 0 },
244
+ "weight": { "type": "integer", "minimum": 0 },
245
+ "weighted_score": { "type": "integer", "minimum": 0 }
246
+ }
247
+ },
248
+ "complexityBudgetRisk": {
249
+ "type": "object",
250
+ "additionalProperties": false,
251
+ "required": ["code", "severity", "detail", "count", "limit", "paths"],
252
+ "properties": {
253
+ "code": {
254
+ "enum": [
255
+ "complexity_score_budget_exceeded",
256
+ "dependency_surface_requires_justification",
257
+ "helper_container_requires_justification",
258
+ "configuration_surface_budget_exceeded",
259
+ "schema_surface_budget_exceeded"
260
+ ]
261
+ },
262
+ "severity": { "const": "warning" },
263
+ "detail": { "type": "string" },
264
+ "count": { "type": "integer", "minimum": 0 },
265
+ "limit": { "type": "integer", "minimum": 0 },
266
+ "paths": { "$ref": "#/$defs/stringArray" }
267
+ }
268
+ },
121
269
  "parallelism": {
122
270
  "type": "object",
123
271
  "additionalProperties": false,
@@ -267,6 +415,7 @@
267
415
  "receipt_binding_risk_count": { "type": "integer" },
268
416
  "stale_receipt_count": { "type": "integer" },
269
417
  "plan_mismatch_count": { "type": "integer" },
418
+ "risk_priced_evidence_risk_count": { "type": "integer" },
270
419
  "risks": { "$ref": "#/$defs/completionVerdictRisks" },
271
420
  "receipt_binding": { "$ref": "#/$defs/completionVerdictReceiptBinding" },
272
421
  "latest_run_status": { "type": ["string", "null"] }
@@ -324,7 +473,8 @@
324
473
  "write_drift": { "type": "integer" },
325
474
  "receipt_binding": { "type": "integer" },
326
475
  "stale_receipt": { "type": "integer" },
327
- "plan_mismatch": { "type": "integer" }
476
+ "plan_mismatch": { "type": "integer" },
477
+ "risk_priced_evidence": { "type": "integer" }
328
478
  }
329
479
  },
330
480
  "completionVerdictReceiptBinding": {
@@ -393,6 +543,10 @@
393
543
  "type": "array",
394
544
  "items": { "$ref": "#/$defs/evidenceGap" }
395
545
  },
546
+ "complexity_budget": { "$ref": "#/$defs/complexityBudget" },
547
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
548
+ "failure_replay_capsule": { "$ref": "#/$defs/failureReplayCapsule" },
549
+ "conflict_ledger": { "$ref": "#/$defs/conflictLedger" },
396
550
  "remaining_risks": {
397
551
  "type": "array",
398
552
  "items": { "$ref": "#/$defs/evidenceRemainingRisk" }
@@ -538,6 +692,211 @@
538
692
  "detail": { "type": "string" }
539
693
  }
540
694
  },
695
+ "riskAssessment": {
696
+ "type": "object",
697
+ "additionalProperties": false,
698
+ "required": [
699
+ "schema_version",
700
+ "source",
701
+ "level",
702
+ "reasons",
703
+ "required_evidence",
704
+ "blocking_gaps",
705
+ "rollback_required",
706
+ "human_approval_required",
707
+ "manual_review_required"
708
+ ],
709
+ "properties": {
710
+ "schema_version": { "const": "1" },
711
+ "source": { "const": "change_classification_and_command_contract" },
712
+ "level": { "enum": ["low", "medium", "high", "critical"] },
713
+ "reasons": {
714
+ "type": "array",
715
+ "items": { "type": "string" }
716
+ },
717
+ "required_evidence": {
718
+ "type": "array",
719
+ "items": { "type": "string" }
720
+ },
721
+ "blocking_gaps": {
722
+ "type": "array",
723
+ "items": { "type": "string" }
724
+ },
725
+ "rollback_required": { "type": "boolean" },
726
+ "human_approval_required": { "type": "boolean" },
727
+ "manual_review_required": { "type": "boolean" }
728
+ }
729
+ },
730
+ "failureReplayCapsule": {
731
+ "type": "object",
732
+ "additionalProperties": false,
733
+ "required": [
734
+ "schema_version",
735
+ "source",
736
+ "authority",
737
+ "created_at",
738
+ "verification_plan_id",
739
+ "failure_fingerprint",
740
+ "reasons",
741
+ "status",
742
+ "replay_commands",
743
+ "failed_results",
744
+ "affected_files",
745
+ "affected_surfaces",
746
+ "risk_codes",
747
+ "environment",
748
+ "privacy",
749
+ "hashes"
750
+ ],
751
+ "properties": {
752
+ "schema_version": { "const": "1" },
753
+ "source": { "const": "mf_verify_failure" },
754
+ "authority": { "const": "replay_supporting_evidence" },
755
+ "created_at": { "type": "string", "format": "date-time" },
756
+ "verification_plan_id": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
757
+ "failure_fingerprint": {
758
+ "type": ["string", "null"],
759
+ "pattern": "^sha256:[0-9a-f]{64}$"
760
+ },
761
+ "reasons": { "$ref": "#/$defs/stringArray" },
762
+ "status": { "type": "string" },
763
+ "replay_commands": { "$ref": "#/$defs/stringArray" },
764
+ "failed_results": {
765
+ "type": "array",
766
+ "items": { "$ref": "#/$defs/failureReplayResult" }
767
+ },
768
+ "affected_files": {
769
+ "type": "array",
770
+ "items": { "$ref": "#/$defs/failureReplayFile" }
771
+ },
772
+ "affected_surfaces": { "$ref": "#/$defs/stringArray" },
773
+ "risk_codes": { "$ref": "#/$defs/stringArray" },
774
+ "environment": { "$ref": "#/$defs/failureReplayEnvironment" },
775
+ "privacy": { "$ref": "#/$defs/failureReplayPrivacy" },
776
+ "hashes": { "$ref": "#/$defs/failureReplayHashes" }
777
+ }
778
+ },
779
+ "failureReplayResult": {
780
+ "type": "object",
781
+ "additionalProperties": false,
782
+ "required": [
783
+ "intent",
784
+ "status",
785
+ "exit_code",
786
+ "exit_code_class",
787
+ "error_kind",
788
+ "timed_out",
789
+ "receipt_path",
790
+ "receipt_sha256",
791
+ "command_fingerprint",
792
+ "contract_fingerprint",
793
+ "stdout_tail_hash",
794
+ "stderr_tail_hash",
795
+ "output_truncated",
796
+ "replay_command"
797
+ ],
798
+ "properties": {
799
+ "intent": { "type": "string" },
800
+ "status": { "type": "string" },
801
+ "exit_code": { "type": ["integer", "null"] },
802
+ "exit_code_class": { "type": ["string", "null"] },
803
+ "error_kind": { "type": ["string", "null"] },
804
+ "timed_out": { "type": "boolean" },
805
+ "receipt_path": { "type": ["string", "null"] },
806
+ "receipt_sha256": {
807
+ "type": ["string", "null"],
808
+ "pattern": "^sha256:[0-9a-f]{64}$"
809
+ },
810
+ "command_fingerprint": {
811
+ "type": ["string", "null"],
812
+ "pattern": "^sha256:[0-9a-f]{64}$"
813
+ },
814
+ "contract_fingerprint": {
815
+ "type": ["string", "null"],
816
+ "pattern": "^sha256:[0-9a-f]{64}$"
817
+ },
818
+ "stdout_tail_hash": {
819
+ "type": ["string", "null"],
820
+ "pattern": "^sha256:[0-9a-f]{64}$"
821
+ },
822
+ "stderr_tail_hash": {
823
+ "type": ["string", "null"],
824
+ "pattern": "^sha256:[0-9a-f]{64}$"
825
+ },
826
+ "output_truncated": { "type": "boolean" },
827
+ "replay_command": { "type": "string" }
828
+ }
829
+ },
830
+ "failureReplayFile": {
831
+ "type": "object",
832
+ "additionalProperties": false,
833
+ "required": ["path", "status", "sha256", "bytes"],
834
+ "properties": {
835
+ "path": { "type": "string" },
836
+ "status": { "enum": ["present", "missing", "unreadable", "outside_root"] },
837
+ "sha256": {
838
+ "type": ["string", "null"],
839
+ "pattern": "^sha256:[0-9a-f]{64}$"
840
+ },
841
+ "bytes": { "type": ["integer", "null"], "minimum": 0 }
842
+ }
843
+ },
844
+ "failureReplayEnvironment": {
845
+ "type": "object",
846
+ "additionalProperties": false,
847
+ "required": ["platform_family", "arch_family", "runtimes", "env_policies", "env_allowlist", "timeout_seconds"],
848
+ "properties": {
849
+ "platform_family": { "type": ["string", "null"] },
850
+ "arch_family": { "type": ["string", "null"] },
851
+ "runtimes": { "$ref": "#/$defs/stringArray" },
852
+ "env_policies": { "$ref": "#/$defs/stringArray" },
853
+ "env_allowlist": { "$ref": "#/$defs/stringArray" },
854
+ "timeout_seconds": {
855
+ "type": "array",
856
+ "items": { "type": "integer", "minimum": 0 }
857
+ }
858
+ }
859
+ },
860
+ "failureReplayPrivacy": {
861
+ "type": "object",
862
+ "additionalProperties": false,
863
+ "required": [
864
+ "raw_output_included",
865
+ "env_values_included",
866
+ "receipt_paths_only",
867
+ "redacted",
868
+ "redaction_count",
869
+ "redaction_kinds",
870
+ "redaction_fields"
871
+ ],
872
+ "properties": {
873
+ "raw_output_included": { "const": false },
874
+ "env_values_included": { "const": false },
875
+ "receipt_paths_only": { "const": true },
876
+ "redacted": { "type": "boolean" },
877
+ "redaction_count": { "type": "integer", "minimum": 0 },
878
+ "redaction_kinds": { "$ref": "#/$defs/stringArray" },
879
+ "redaction_fields": { "$ref": "#/$defs/stringArray" }
880
+ }
881
+ },
882
+ "failureReplayHashes": {
883
+ "type": "object",
884
+ "additionalProperties": false,
885
+ "required": [
886
+ "capsule_fingerprint",
887
+ "changed_files_hash",
888
+ "failed_results_hash",
889
+ "command_fingerprints_hash",
890
+ "output_tails_hash"
891
+ ],
892
+ "properties": {
893
+ "capsule_fingerprint": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
894
+ "changed_files_hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
895
+ "failed_results_hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
896
+ "command_fingerprints_hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
897
+ "output_tails_hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" }
898
+ }
899
+ },
541
900
  "reproEvidence": {
542
901
  "type": "object",
543
902
  "additionalProperties": false,
@@ -36,14 +36,22 @@
36
36
  },
37
37
  "execution_status": { "enum": ["passed", "partial", "failed", "blocked"] },
38
38
  "status": { "enum": ["passed", "partial", "failed", "blocked"] },
39
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
39
40
  "completion_verdict": { "$ref": "#/$defs/completionVerdict" },
40
41
  "evidence_model": { "$ref": "#/$defs/evidenceModel" },
42
+ "conflict_ledger": { "$ref": "verify-report.schema.json#/$defs/conflictLedger" },
41
43
  "failure_fingerprint": {
42
44
  "anyOf": [
43
45
  { "$ref": "#/$defs/failureFingerprint" },
44
46
  { "type": "null" }
45
47
  ]
46
48
  },
49
+ "failure_replay_capsule": {
50
+ "anyOf": [
51
+ { "$ref": "verify-report.schema.json#/$defs/failureReplayCapsule" },
52
+ { "type": "null" }
53
+ ]
54
+ },
47
55
  "repeated_failure_summary": {
48
56
  "anyOf": [
49
57
  { "$ref": "#/$defs/repeatedFailureSummary" },
@@ -184,6 +192,7 @@
184
192
  "receipt_binding_risk_count": { "type": "integer" },
185
193
  "stale_receipt_count": { "type": "integer" },
186
194
  "plan_mismatch_count": { "type": "integer" },
195
+ "risk_priced_evidence_risk_count": { "type": "integer" },
187
196
  "risks": { "$ref": "#/$defs/completionVerdictRisks" },
188
197
  "receipt_binding": { "$ref": "#/$defs/completionVerdictReceiptBinding" },
189
198
  "latest_run_status": { "type": ["string", "null"] }
@@ -241,7 +250,8 @@
241
250
  "write_drift": { "type": "integer" },
242
251
  "receipt_binding": { "type": "integer" },
243
252
  "stale_receipt": { "type": "integer" },
244
- "plan_mismatch": { "type": "integer" }
253
+ "plan_mismatch": { "type": "integer" },
254
+ "risk_priced_evidence": { "type": "integer" }
245
255
  }
246
256
  },
247
257
  "summary": {
@@ -348,6 +358,10 @@
348
358
  "type": "array",
349
359
  "items": { "$ref": "#/$defs/evidenceGap" }
350
360
  },
361
+ "complexity_budget": { "$ref": "verify-report.schema.json#/$defs/complexityBudget" },
362
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
363
+ "failure_replay_capsule": { "$ref": "verify-report.schema.json#/$defs/failureReplayCapsule" },
364
+ "conflict_ledger": { "$ref": "verify-report.schema.json#/$defs/conflictLedger" },
351
365
  "remaining_risks": {
352
366
  "type": "array",
353
367
  "items": { "$ref": "#/$defs/evidenceRemainingRisk" }
@@ -493,6 +507,41 @@
493
507
  "detail": { "type": "string" }
494
508
  }
495
509
  },
510
+ "riskAssessment": {
511
+ "type": "object",
512
+ "additionalProperties": false,
513
+ "required": [
514
+ "schema_version",
515
+ "source",
516
+ "level",
517
+ "reasons",
518
+ "required_evidence",
519
+ "blocking_gaps",
520
+ "rollback_required",
521
+ "human_approval_required",
522
+ "manual_review_required"
523
+ ],
524
+ "properties": {
525
+ "schema_version": { "const": "1" },
526
+ "source": { "const": "change_classification_and_command_contract" },
527
+ "level": { "enum": ["low", "medium", "high", "critical"] },
528
+ "reasons": {
529
+ "type": "array",
530
+ "items": { "type": "string" }
531
+ },
532
+ "required_evidence": {
533
+ "type": "array",
534
+ "items": { "type": "string" }
535
+ },
536
+ "blocking_gaps": {
537
+ "type": "array",
538
+ "items": { "type": "string" }
539
+ },
540
+ "rollback_required": { "type": "boolean" },
541
+ "human_approval_required": { "type": "boolean" },
542
+ "manual_review_required": { "type": "boolean" }
543
+ }
544
+ },
496
545
  "reproEvidence": {
497
546
  "type": "object",
498
547
  "additionalProperties": false,
@@ -147,6 +147,12 @@
147
147
  "type": ["string", "null"],
148
148
  "pattern": "^sha256:[0-9a-f]{64}$"
149
149
  },
150
+ "risk_assessment": {
151
+ "anyOf": [
152
+ { "type": "null" },
153
+ { "$ref": "#/$defs/riskAssessment" }
154
+ ]
155
+ },
150
156
  "requirement_count": { "type": "integer", "minimum": 0 },
151
157
  "candidate_count": { "type": "integer", "minimum": 0 },
152
158
  "selected_intent_count": { "type": "integer", "minimum": 0 },
@@ -190,6 +196,32 @@
190
196
  "surfaces": { "$ref": "#/$defs/stringArray" },
191
197
  "detail": { "type": "string" }
192
198
  }
199
+ },
200
+ "riskAssessment": {
201
+ "type": "object",
202
+ "additionalProperties": false,
203
+ "required": [
204
+ "schema_version",
205
+ "source",
206
+ "level",
207
+ "reasons",
208
+ "required_evidence",
209
+ "blocking_gaps",
210
+ "rollback_required",
211
+ "human_approval_required",
212
+ "manual_review_required"
213
+ ],
214
+ "properties": {
215
+ "schema_version": { "const": "1" },
216
+ "source": { "const": "change_classification_and_command_contract" },
217
+ "level": { "enum": ["low", "medium", "high", "critical"] },
218
+ "reasons": { "$ref": "#/$defs/stringArray" },
219
+ "required_evidence": { "$ref": "#/$defs/stringArray" },
220
+ "blocking_gaps": { "$ref": "#/$defs/stringArray" },
221
+ "rollback_required": { "type": "boolean" },
222
+ "human_approval_required": { "type": "boolean" },
223
+ "manual_review_required": { "type": "boolean" }
224
+ }
193
225
  }
194
226
  }
195
227
  }
@@ -62,13 +62,13 @@ translations = {}
62
62
  [documents."skills.index"]
63
63
  source = "locales/en/.mustflow/skills/INDEX.md"
64
64
  source_locale = "en"
65
- revision = 171
65
+ revision = 172
66
66
  translations = {}
67
67
 
68
68
  [documents."skill.adapter-boundary"]
69
69
  source = "locales/en/.mustflow/skills/adapter-boundary/SKILL.md"
70
70
  source_locale = "en"
71
- revision = 12
71
+ revision = 13
72
72
  translations = {}
73
73
 
74
74
  [documents."skill.artifact-integrity-check"]
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skills.index
3
3
  locale: en
4
4
  canonical: true
5
- revision: 171
5
+ revision: 172
6
6
  authority: router
7
7
  lifecycle: mustflow-owned
8
8
  ---
@@ -486,7 +486,7 @@ routes. Event routes stay inactive until their event occurs.
486
486
  | Dependency versions, lockfiles, package-manager metadata, workspace constraints, runtime engines, peer dependencies, optional dependencies, security advisory fixes, generated dependency output, framework plugins, TypeScript compiler tracks, CI actions, Docker base images, package manager behavior, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported | `.mustflow/skills/dependency-upgrade-review/SKILL.md` | Dependency name, old and new versions or ranges, direct or transitive path, ecosystem and package manager, declaration files, lockfiles, runtime or toolchain files, advisory or release-note evidence, generated outputs, callers, docs, package output, Docker, CI, or TypeScript compiler-track surfaces, and command contract entries | Package declarations, lockfiles, generated outputs, compatibility code, tests, docs, package metadata, Docker or CI files, TypeScript compiler-track notes, and directly synchronized examples | lockfile churn, hidden transitive replacement, peer or engine break, module-format drift, native or optional package break, framework or generator output drift, unsafe broad security update, weakened tests, Docker or CI runtime drift, native-preview over-adoption, or unreviewed supply-chain change | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Upgrade reason, ecosystem surface, direct and transitive graph changes, compatibility classification, runtime/peer/engine/module/feature/platform/generated-output/compiler-track risks, synchronized surfaces, verification, and remaining dependency-upgrade risk |
487
487
  | Dependency, package, runtime, framework, tool, command, plugin, service, platform capability, supported-version policy, security patch path, ecosystem maturity claim, maintainer-risk assumption, runtime portability claim, edge or serverless compatibility claim, critical-path library choice, package script, lifecycle hook, binary download, lockfile, audit result, or supply-chain-sensitive dependency surface is assumed, added, removed, imported, invoked, installed, audited, or documented | `.mustflow/skills/dependency-reality-check/SKILL.md` | Assumed dependency or capability, declaration files, version or feature expectation, role criticality, supported-version or end-of-life evidence, patchability expectation, runtime compatibility boundary, maintainer and ecosystem evidence when available, lockfile entry, package script or lifecycle hook, audit or provenance evidence, and relevant command intents | Package metadata, lockfiles, imports, scripts, command contracts, docs, tests, runtime policy notes, portability notes, and reports | unavailable dependency, hallucinated or lookalike package, fragile single-maintainer core dependency, experimental technology in a survival path, unsupported runtime, unclear security patch path, runtime-specific API leakage into core logic, stale version claim, lifecycle script risk, audit suppression, lockfile drift, or install guidance mismatch | `changes_status`, `changes_diff_summary`, `build`, `test_release`, `mustflow_check` | Dependency checked, ecosystem and maintainer-risk boundary reviewed, supported-version, patchability, and runtime-portability boundary reviewed, supply-chain surface reviewed, declarations synchronized, verification, and remaining dependency risk |
488
488
  | Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, TypeScript compiler-track references, Rust release or MSRV references, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, TypeScript compiler track or Rust MSRV/toolchain track when relevant, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, TypeScript beta/native-preview track confusion, Rust stable/nightly/MSRV confusion, floating-tag drift, or unverified security/support claim | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Versioned surfaces checked, repository policy and freshness source, selected version track, compatibility classification, TypeScript stable/beta/native-preview and Rust stable/nightly/MSRV split when relevant, approval need, synchronized surfaces, verification, and remaining version-freshness risk |
489
- | External systems, protocols, SDKs, databases, webhooks, queues, files, object storage, signed upload or download URLs, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, or provider data cross the core boundary or need port/adapter translation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, reconciliation, security, core-state ownership, vendor portability, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, delivery boundary, internal use case, local port/adapter patterns, provider risk, provider failure policy, core-state ownership risk, vendor portability risk, observability identifier policy, API contract risk, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, response mappers, telemetry mappers, timeout and retry policies, circuit breakers, bulkhead boundaries, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, framework business-rule leakage, telemetry backend leakage, storage-key leakage, screen-shaped API coupling, pass-through wrapper, SaaS dashboard as truth source, search or analytics policy leakage, queue contract leakage, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, missing circuit breaker, missing bulkhead, unresolved unknown provider outcome, broken identifier propagation, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, delivery adapter responsibility, internal port, provider containment, core-state ownership, vendor portability, validation and mapping, API response mapping, observability identifier flow, timeout/retry/circuit-breaker/bulkhead/idempotency handling, reconciliation behavior, security notes, verification, and remaining provider risk |
489
+ | External systems, protocols, SDKs, databases, webhooks, queues, files, object storage, signed upload or download URLs, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, provider data, or volatile component implementations cross the core boundary or need stable port/adapter translation, change isolation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, reconciliation, security, core-state ownership, vendor portability, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, delivery boundary, internal use case, local port/adapter patterns, provider risk, provider failure policy, core-state ownership risk, vendor portability risk, observability identifier policy, API contract risk, change-isolation ledger, preserved consumer contract, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, response mappers, telemetry mappers, timeout and retry policies, circuit breakers, bulkhead boundaries, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, caller churn from adapter-only changes, framework business-rule leakage, telemetry backend leakage, storage-key leakage, screen-shaped API coupling, pass-through wrapper, SaaS dashboard as truth source, search or analytics policy leakage, queue contract leakage, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, missing circuit breaker, missing bulkhead, unresolved unknown provider outcome, broken identifier propagation, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, change-isolation ledger, preserved consumer contract, delivery adapter responsibility, internal port, provider containment, core-state ownership, vendor portability, validation and mapping, API response mapping, observability identifier flow, timeout/retry/circuit-breaker/bulkhead/idempotency handling, reconciliation behavior, security notes, verification, and remaining provider risk |
490
490
  | Tauri frontend invokes, Rust commands, capabilities, permissions, scopes, plugins, filesystem, dialog, shell, opener, updater, sidecar, or mobile native permissions are created or changed | `.mustflow/skills/tauri-code-change/SKILL.md` | Frontend call sites, Tauri config, Rust commands, capability and permission files, plugin config, changed files, and command contract entries | Tauri frontend, Rust commands, capabilities, permissions, scopes, plugins, tests, and docs | broad native permission, untrusted IPC input, filesystem escape, shell or updater risk, or WebView/native boundary drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | IPC, permission, scope, filesystem, shell, updater, and native boundary checked, verification, and remaining Tauri risk |
491
491
  | File path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, clone or checkout destinations, scaffold roots, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, or package artifact paths are created, changed, reviewed, or reported | `.mustflow/skills/file-path-cross-platform-change/SKILL.md` | Path ledger, trust classes, accepted path representation, base root, path helpers, safe filesystem wrappers, clone/checkout/scaffold/install/extract outputs, staging and promotion policy, temp/cache helpers, lock policy, archive policy, upload/download policy, scanner policy, CLI/API/schema/snapshot/generated/package surfaces, platform expectations, failure taxonomy, and command contract entries | Path validators, helpers, wrappers, schemas, CLI/API parsing, snapshots, fixtures, docs, tests, generated-output paths, package artifact paths, clone or scaffold destinations, archive extraction, scanner bounds, temp/cache handling, locks, and cleanup code | path traversal, base containment bypass, drive-relative path bug, reserved-name bug, case-collision bug, Unicode-collision bug, Git checkout path-length failure misreported as network or auth, unsafe archive extraction, non-atomic write claim, stale lock, scanner loop, partial-output cleanup data loss, user-selected destination deletion, path contract drift, or package artifact path drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path contract, path ledger, trust classes, root policy, preflight/staging/promotion decisions, Windows/macOS/Linux/archive/upload/download/scanner/lock/temp/cache/atomic/cleanup decisions, failure taxonomy, synchronized contract surfaces, verification, and remaining path risk |
492
492
  | File paths, directories, symlinks, real paths, traversal, atomic writes, file copies, generated outputs, temporary files, clone or checkout materialization, cleanup, or Windows/POSIX filesystem behavior are created, changed, reviewed, or reported | `.mustflow/skills/cross-platform-filesystem-safety/SKILL.md` | Path inputs, base directory, trust boundary, symlink policy, write or cleanup strategy, clone/checkout/scaffold/install/extract path budget, app-owned staging boundary, platform expectations, failure taxonomy, and command contract entries | Path validation, file helpers, copy/update/delete code, clone/scaffold/archive cleanup code, scan bounds, fixtures, tests, docs, and templates | path traversal, symlink escape, unsafe overwrite, platform-only behavior, stale output, path-length or filename-length misclassification, watcher/resource misclassification, or cleanup data loss | `changes_status`, `changes_diff_summary`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path trust classes, root boundary, symlink/write/delete/scan decisions, preflight and staging boundaries, clone/scaffold/extract classification, platform assumptions, verification, and remaining filesystem risk |