mustflow 2.70.0 → 2.74.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +19 -5
  2. package/dist/cli/commands/api.js +17 -0
  3. package/dist/cli/commands/evidence.js +71 -0
  4. package/dist/cli/commands/script-pack.js +124 -0
  5. package/dist/cli/commands/verify.js +50 -15
  6. package/dist/cli/commands/workspace.js +2 -0
  7. package/dist/cli/i18n/en.js +38 -0
  8. package/dist/cli/i18n/es.js +38 -0
  9. package/dist/cli/i18n/fr.js +38 -0
  10. package/dist/cli/i18n/hi.js +38 -0
  11. package/dist/cli/i18n/ko.js +38 -0
  12. package/dist/cli/i18n/zh.js +38 -0
  13. package/dist/cli/index.js +1 -0
  14. package/dist/cli/lib/agent-context.js +179 -10
  15. package/dist/cli/lib/command-registry.js +6 -0
  16. package/dist/cli/lib/dashboard-export.js +1 -0
  17. package/dist/cli/lib/script-pack-registry.js +27 -0
  18. package/dist/cli/script-packs/core-text-budget.js +241 -0
  19. package/dist/core/change-verification.js +10 -0
  20. package/dist/core/completion-verdict.js +14 -1
  21. package/dist/core/complexity-budget.js +206 -0
  22. package/dist/core/conflict-ledger.js +122 -0
  23. package/dist/core/failure-replay-capsule.js +213 -0
  24. package/dist/core/public-json-contracts.js +27 -0
  25. package/dist/core/risk-priced-evidence.js +213 -0
  26. package/dist/core/script-check-result.js +1 -0
  27. package/dist/core/text-budget.js +262 -0
  28. package/dist/core/verification-evidence.js +61 -13
  29. package/package.json +1 -1
  30. package/schemas/README.md +23 -11
  31. package/schemas/change-verification-report.schema.json +29 -0
  32. package/schemas/context-report.schema.json +58 -2
  33. package/schemas/dashboard-export.schema.json +42 -1
  34. package/schemas/diff-risk.schema.json +6 -0
  35. package/schemas/evidence-report.schema.json +45 -0
  36. package/schemas/latest-run-pointer.schema.json +50 -1
  37. package/schemas/script-pack-catalog.schema.json +68 -0
  38. package/schemas/text-budget-report.schema.json +131 -0
  39. package/schemas/verification-plan.schema.json +32 -0
  40. package/schemas/verify-report.schema.json +360 -1
  41. package/schemas/verify-run-manifest.schema.json +50 -1
  42. package/schemas/workspace-verification-plan.schema.json +32 -0
  43. package/templates/default/i18n.toml +2 -2
  44. package/templates/default/locales/en/.mustflow/skills/INDEX.md +2 -2
  45. package/templates/default/locales/en/.mustflow/skills/adapter-boundary/SKILL.md +19 -2
  46. package/templates/default/locales/en/.mustflow/skills/routes.toml +1 -1
  47. package/templates/default/manifest.toml +1 -1
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.adapter-boundary
3
3
  locale: en
4
4
  canonical: true
5
- revision: 12
5
+ revision: 13
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: adapter-boundary
9
- description: Apply this skill when external systems, protocols, SDKs, databases, managed database features, authentication providers, webhooks, queues, files, object storage, public URL contracts, signed upload or download URLs, CDN transform rules, HTTP delivery transports, SSE, WebTransport, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, AI gateway usage policy, AI provider cost and usage data, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, or provider data cross into or out of core logic and need ports, adapters, translation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, security, cost attribution, reconciliation, core-state ownership, vendor portability, or observability boundaries.
9
+ description: Apply this skill when external systems, protocols, SDKs, databases, managed database features, authentication providers, webhooks, queues, files, object storage, public URL contracts, signed upload or download URLs, CDN transform rules, HTTP delivery transports, SSE, WebTransport, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, AI gateway usage policy, AI provider cost and usage data, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, provider data, or a volatile component implementation cross into or out of core logic and need stable ports, adapters, translation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, security, cost attribution, reconciliation, core-state ownership, vendor portability, change isolation, or observability boundaries.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -33,6 +33,8 @@ Keep external-world language, protocols, failures, and operational concerns out
33
33
 
34
34
  This skill is not just a wrapper pattern. A good adapter boundary absorbs provider details, validates or maps untrusted input, classifies failures, applies timeouts and retry policy, preserves idempotency where needed, and records safe observability evidence without leaking secrets or personal data.
35
35
 
36
+ Use the port as a change-isolation contract. Before changing the implementation behind the adapter, name which side is allowed to vary, which consumer contract must stay stable, and what evidence proves the opposite side did not have to change.
37
+
36
38
  <!-- mustflow-section: use-when -->
37
39
  ## Use When
38
40
 
@@ -49,6 +51,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
49
51
  - Provider SDK types, framework request or response objects, database rows, external event objects, raw model responses, or provider error types are visible in domain, application, service, or use-case code.
50
52
  - Delivery-layer tools such as server actions, route handlers, Web-standard handlers, edge middleware, CLI commands, cron handlers, workers, or admin actions are about to contain pricing rules, authorization policy, payment state transitions, entitlement decisions, external provider calls, or database transactions directly.
51
53
  - A new or changed port, repository, gateway, provider module, controller, worker, webhook handler, mapper, or integration test is needed.
54
+ - A volatile component, provider, persistence detail, delivery surface, or algorithm should change behind a port without forcing callers, consumers, tests, public DTOs, stored data, or neighboring modules to change for the same reason.
52
55
  - The boundary needs timeout, retry, rate-limit, idempotency, signature verification, duplicate handling, logging, metrics, redaction, or provider-version decisions.
53
56
  - External calls can be slow, rate-limited, duplicated, partially completed, or ambiguous, and the system needs timeout, limited retry, backoff, circuit-breaker, queue isolation, dead-letter, or reconciliation behavior.
54
57
  - AI provider calls need a single internal boundary for model selection, prompt assembly, token usage, provider-call identity, request-to-call grouping, pricing snapshot, cache-hit classification, retry cost, plan limits, and redacted observability.
@@ -60,6 +63,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
60
63
  ## Do Not Use When
61
64
 
62
65
  - The change is a pure calculation, value object, internal formatter, or data-only refactor with no external boundary.
66
+ - The task only needs broad ownership, cohesion, or future-change spread review before deciding whether a port is the right repair; use `module-boundary-review` or `change-blast-radius-review` first.
63
67
  - The only problem is hidden construction or global lookup of a dependency; use `dependency-injection` first, then return here only if external data, errors, or protocol behavior also need a boundary.
64
68
  - The operation coordinates several already-translated ports, repositories, queues, caches, or providers behind one caller-facing workflow; use `facade-pattern` for that high-level entry point while keeping this skill for each external boundary.
65
69
  - The task is a disposable one-off script that is not imported, repeated, tested, used in production, or connected to external systems.
@@ -69,6 +73,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
69
73
  ## Required Inputs
70
74
 
71
75
  - The external system or protocol and whether it is inbound, outbound, or both.
76
+ - Change-isolation ledger: the volatile side, the stable consumer side, current callers, public contracts, compatibility constraints, and the smallest adapter-only change that should avoid caller edits.
72
77
  - The internal use case, domain action, or read model that should receive translated data.
73
78
  - Existing local patterns for ports, adapters, repositories, controllers, workers, mappers, result types, retries, idempotency, logging, and tests.
74
79
  - Provider-specific risk: write effects, duplicate delivery, unknown statuses, money, time, identifiers, secrets, personal data, files, untrusted URLs, rate limits, or provider version changes.
@@ -91,6 +96,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
91
96
 
92
97
  - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the current scope.
93
98
  - The boundary direction and owner are clear enough to avoid putting provider names or external protocol terms into core logic.
99
+ - The preserved consumer contract is clear enough to test or report. If a caller-facing type, status, event, DTO, stored shape, or public behavior must change, classify that as a public-contract or migration change instead of hiding it inside an adapter refactor.
94
100
  - If the local layout is unfamiliar, use `pattern-scout` or `codebase-orientation` before introducing new folders or naming conventions.
95
101
  - If the change also introduces hidden collaborators or concrete construction, use `dependency-injection` for that part of the work.
96
102
  - If the change alters HTTP content coding, streaming flush behavior, SSE, WebTransport, WebSocket fallback, CDN/proxy behavior, or browser delivery compatibility, use `http-delivery-streaming` for the transport contract and keep this skill focused on core-boundary containment.
@@ -105,6 +111,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
105
111
  - Add mapper, error-mapper, fixture, fake-port, contract-test, and adapter-test files directly needed by the boundary.
106
112
  - Add or update assembly-root wiring when a new adapter implementation is introduced.
107
113
  - Do not copy provider APIs into ports, return provider SDK objects, expose database rows as domain objects, or add a broad catch-all `ExternalAdapter`.
114
+ - Do not make callers change just because the adapter implementation, provider, storage shape, framework surface, or algorithm changed behind the port. If callers must change, name the missing contract or the intentional breaking change.
108
115
 
109
116
  <!-- mustflow-section: procedure -->
110
117
  ## Procedure
@@ -112,12 +119,16 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
112
119
  1. Classify the boundary.
113
120
  - Inbound: HTTP route, controller, webhook, CLI command, queue consumer, scheduler, browser event, uploaded file, or external data import.
114
121
  - Outbound: provider SDK, HTTP API, database, cache, file storage, search engine, message publisher, email/SMS/push provider, payment provider, AI model, or browser storage.
122
+ - Change-isolation: a volatile component or implementation detail is expected to change behind a stable internal port while the consuming side should keep the same contract.
115
123
  2. Name the internal capability in business language. Use names such as `PaymentGateway`, `EmailSender`, `ObjectStorage`, `UserStore`, `OrderReader`, `SummaryGenerator`, or `EventPublisher`. Keep provider names such as Stripe, Prisma, SendGrid, S3, OpenAI, or Redis inside adapter implementation names.
116
124
  Treat external services as processors or presenters unless the architecture explicitly accepts them as a system of record. A payment provider can process money, an email tool can send messages, a search engine can rank derived documents, and an analytics tool can visualize events, but internal code should still own the facts needed to explain customers, rights, money, files, content, and important events.
117
125
  3. Design the port from the consumer's need, not from the provider's API.
118
126
  - Keep ports small and split unrelated reasons to change.
119
127
  - Use internal input and output types only.
120
128
  - Do not include SDK types, ORM model types, HTTP request objects, provider response objects, or provider error classes.
129
+ - Write down the preserved consumer contract before changing implementation code: accepted input, returned output, local error kinds, side effects, timing or ordering expectations, idempotency behavior, and observable public result.
130
+ - Make the adapter absorb representation changes. Provider response fields, table columns, wire envelopes, framework request objects, model output shapes, cache key syntax, or algorithm-specific options should change inside adapter or mapper files before consumer code sees them.
131
+ - If preserving the port would require lying about new behavior, stop and classify the change as a public API, migration, event, or workflow-contract change rather than stretching the adapter.
121
132
  - For survival-path providers, define the internal operation first, such as create checkout, grant entitlement, store file, send transactional email, enqueue job, or generate summary. Let adapter implementations translate that operation to Stripe, Supabase, S3, Resend, OpenAI, or another provider.
122
133
  - Do not build a fake "replace every vendor tomorrow" abstraction. Keep the boundary thin, but ensure provider names, dashboards, response shapes, and SDK errors do not become the language of the core use case.
123
134
  - Abstract product contracts, not every technology. Prefer boundaries such as user identity, permission checks, public URLs, file objects, entitlements, usage metering, AI generation, and billing rights over broad catch-all adapters that still leak provider concepts.
@@ -131,6 +142,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
131
142
  - For EventSource, SSE, WebTransport, WebSocket, and HTTP streaming adapters, translate protocol events into internal commands or read-model notifications. Keep event ids, reconnect tokens, datagram sequence numbers, fallback transport names, and proxy quirks out of core domain decisions unless they are explicitly product concepts.
132
143
  5. Build outbound adapters as provider translators, not pass-through wrappers.
133
144
  - Create provider requests from internal input.
145
+ - Keep adapter-only changes adapter-only. When a provider swap, storage rewrite, framework move, model routing change, or algorithm replacement forces caller edits, treat that as evidence the port mirrored the implementation instead of the consumer need.
134
146
  - Set timeouts and retry policy where appropriate.
135
147
  - Pass idempotency keys for writes when the provider supports them.
136
148
  - Use limited retries with backoff and jitter for transient failures. Do not retry malformed requests, denied authorization, or domain rejections.
@@ -199,6 +211,8 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
199
211
  13. Test at the right layer.
200
212
  - Use fake ports in use-case tests; they should not call real external systems.
201
213
  - Test adapters with provider fixtures, mock clients, or local test doubles for request mapping, response mapping, error mapping, timeout, retry, idempotency, redaction, and duplicate handling.
214
+ - Add or reuse preserved-consumer tests that prove callers use the port contract and do not import provider SDKs, framework request types, raw rows, adapter-only enums, or mapper internals.
215
+ - When the implementation behind the port changes, run or report tests that compare the old and new adapter behavior at the port boundary, not only tests that exercise the new provider happy path.
202
216
  - Add contract or sandbox tests for critical providers when local fixtures cannot catch provider drift.
203
217
  14. Verify with the narrowest configured command intents that cover changed source, tests, templates, docs, release metadata, and mustflow checks.
204
218
 
@@ -207,6 +221,7 @@ This skill is not just a wrapper pattern. A good adapter boundary absorbs provid
207
221
 
208
222
  - Core logic has no provider SDK imports, framework request or response objects, ORM clients, database rows, provider response objects, or provider error classes.
209
223
  - Ports are named in internal business language and expose only internal input, output, and error types.
224
+ - Preserved consumer contracts are explicit, and implementation changes behind adapters do not force unrelated caller, DTO, test, workflow, or neighboring-module edits.
210
225
  - Provider dashboards, hosted settings, and SDK payloads do not become the only source for core business facts, search policy, queue failure policy, analytics event definitions, email customer state, or file ownership.
211
226
  - Public URLs, provider identity claims, image variants, entitlement decisions, and AI policy decisions are represented as product-owned contracts before provider-specific syntax reaches callers.
212
227
  - Streaming and delivery transport details such as SSE ids, WebTransport datagrams, content-coding variants, fallback paths, and CDN cache keys are contained at adapter boundaries before core logic receives product-level events or commands.
@@ -251,6 +266,7 @@ Prefer the narrowest configured test or build intent that proves the affected bo
251
266
  ## Output Format
252
267
 
253
268
  - Boundary classified
269
+ - Change-isolation ledger and preserved consumer contract
254
270
  - Internal port or use-case input selected
255
271
  - Provider or protocol details contained
256
272
  - HTTP delivery, streaming, and fallback transport details contained when relevant
@@ -263,6 +279,7 @@ Prefer the narrowest configured test or build intent that proves the affected bo
263
279
  - Security and redaction surfaces checked
264
280
  - Observability identifier propagation and backend portability checked when relevant
265
281
  - Tests, fixtures, fakes, or contract checks added or reused
282
+ - Evidence that implementation changes stayed behind the port, or the intentional breaking-change boundary
266
283
  - Command intents run
267
284
  - Skipped checks and reasons
268
285
  - Remaining boundary leakage or provider risk
@@ -640,7 +640,7 @@ applies_to_reasons = ["code_change", "security_change", "migration_change"]
640
640
  category = "data_external"
641
641
  route_type = "primary"
642
642
  priority = 55
643
- applies_to_reasons = ["code_change", "behavior_change"]
643
+ applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "cross_cutting_code_change"]
644
644
 
645
645
  [routes."tauri-code-change"]
646
646
  category = "data_external"
@@ -1,6 +1,6 @@
1
1
  id = "default"
2
2
  name = "default"
3
- version = "2.70.0"
3
+ version = "2.74.0"
4
4
  description = "Minimal workflow for LLM agents to read, edit, and verify their work in a repository."
5
5
  common_root = "common"
6
6
  locales_root = "locales"