mustflow 2.70.0 → 2.74.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/README.md +20 -6
  2. package/dist/cli/commands/api.js +17 -0
  3. package/dist/cli/commands/check.js +38 -26
  4. package/dist/cli/commands/doctor.js +17 -5
  5. package/dist/cli/commands/evidence.js +71 -0
  6. package/dist/cli/commands/index.js +24 -9
  7. package/dist/cli/commands/map.js +20 -7
  8. package/dist/cli/commands/run.js +2 -1
  9. package/dist/cli/commands/script-pack.js +124 -0
  10. package/dist/cli/commands/update.js +52 -39
  11. package/dist/cli/commands/verify.js +50 -15
  12. package/dist/cli/commands/workspace.js +2 -0
  13. package/dist/cli/i18n/en.js +38 -0
  14. package/dist/cli/i18n/es.js +38 -0
  15. package/dist/cli/i18n/fr.js +38 -0
  16. package/dist/cli/i18n/hi.js +38 -0
  17. package/dist/cli/i18n/ko.js +38 -0
  18. package/dist/cli/i18n/zh.js +38 -0
  19. package/dist/cli/index.js +1 -0
  20. package/dist/cli/lib/active-command-lock.js +96 -0
  21. package/dist/cli/lib/agent-context.js +179 -10
  22. package/dist/cli/lib/command-registry.js +6 -0
  23. package/dist/cli/lib/dashboard-export.js +1 -0
  24. package/dist/cli/lib/script-pack-registry.js +27 -0
  25. package/dist/cli/script-packs/core-text-budget.js +241 -0
  26. package/dist/core/active-run-locks.js +7 -1
  27. package/dist/core/change-verification.js +10 -0
  28. package/dist/core/completion-verdict.js +14 -1
  29. package/dist/core/complexity-budget.js +206 -0
  30. package/dist/core/conflict-ledger.js +122 -0
  31. package/dist/core/failure-replay-capsule.js +213 -0
  32. package/dist/core/public-json-contracts.js +27 -0
  33. package/dist/core/risk-priced-evidence.js +213 -0
  34. package/dist/core/script-check-result.js +1 -0
  35. package/dist/core/text-budget.js +262 -0
  36. package/dist/core/verification-evidence.js +61 -13
  37. package/package.json +1 -1
  38. package/schemas/README.md +23 -11
  39. package/schemas/change-verification-report.schema.json +29 -0
  40. package/schemas/context-report.schema.json +58 -2
  41. package/schemas/dashboard-export.schema.json +42 -1
  42. package/schemas/diff-risk.schema.json +6 -0
  43. package/schemas/evidence-report.schema.json +45 -0
  44. package/schemas/latest-run-pointer.schema.json +50 -1
  45. package/schemas/script-pack-catalog.schema.json +68 -0
  46. package/schemas/text-budget-report.schema.json +131 -0
  47. package/schemas/verification-plan.schema.json +32 -0
  48. package/schemas/verify-report.schema.json +360 -1
  49. package/schemas/verify-run-manifest.schema.json +50 -1
  50. package/schemas/workspace-verification-plan.schema.json +32 -0
  51. package/templates/default/i18n.toml +2 -2
  52. package/templates/default/locales/en/.mustflow/skills/INDEX.md +2 -2
  53. package/templates/default/locales/en/.mustflow/skills/adapter-boundary/SKILL.md +19 -2
  54. package/templates/default/locales/en/.mustflow/skills/routes.toml +1 -1
  55. package/templates/default/manifest.toml +1 -1
package/schemas/README.md CHANGED
@@ -7,12 +7,14 @@ Current schemas:
7
7
 
8
8
  - `doctor-report.schema.json`: output of `mf doctor --json`
9
9
  - `adapter-compatibility-report.schema.json`: output of `mf adapters status --json`
10
- - `context-report.schema.json`: output of `mf context --json`, including prompt-cache profiles and optional cache audit data
10
+ - `context-report.schema.json`: output of `mf context --json`, including context trust metadata, prompt-cache profiles, and optional cache audit data
11
11
  - `workspace-summary.schema.json`: output of `mf api workspace-summary --json`
12
12
  - `command-catalog.schema.json`: output of `mf api command-catalog --json`
13
- - `verification-plan.schema.json`: output of `mf api verification-plan --changed --json`
13
+ - `verification-plan.schema.json`: output of `mf api verification-plan --changed --json`, including
14
+ risk-priced evidence assessment for the changed surfaces and selected command contract
14
15
  - `latest-evidence.schema.json`: output of `mf api latest-evidence --json`
15
- - `diff-risk.schema.json`: output of `mf api diff-risk --changed --json`
16
+ - `diff-risk.schema.json`: output of `mf api diff-risk --changed --json`, including a read-only
17
+ complexity budget for structural additions
16
18
  - `health.schema.json`: output of `mf api health --json`
17
19
  - `locks.schema.json`: output of `mf api locks --json`
18
20
  - `api-serve-response.schema.json`: each newline-delimited response from `mf api serve --stdio`
@@ -29,7 +31,8 @@ Current schemas:
29
31
  - `next-report.schema.json`: output of `mf next --json`, containing the next safe action,
30
32
  changed-file verification gaps, and read-only command recommendations
31
33
  - `evidence-report.schema.json`: output of `mf evidence --changed --json`, containing verification
32
- requirements, latest bounded evidence, receipts, remaining risks, and gaps without running commands
34
+ requirements, risk-priced evidence assessment, latest bounded evidence, failure replay capsules,
35
+ conflict ledgers, receipts, remaining risks, and gaps without running commands
33
36
  - `workspace-status.schema.json`: output of `mf workspace status --json`, containing configured
34
37
  workspace roots, discovered nested repositories, and per-root command-contract readiness without
35
38
  granting command authority
@@ -38,11 +41,12 @@ Current schemas:
38
41
  strings
39
42
  - `workspace-verification-plan.schema.json`: output of
40
43
  `mf workspace verify --changed --plan-only --json`, containing per-root changed-file
41
- verification plans without running commands or granting parent-to-child command authority
44
+ verification plans and risk-priced evidence assessment without running commands or granting
45
+ parent-to-child command authority
42
46
  - `dashboard-export.schema.json`: bounded static export written by `mf dashboard --export-json <path>`,
43
47
  including output policy, redaction and truncation metadata, the dashboard harness report, and
44
- the evidence-based completion verdict, evidence model, and conservative coverage matrix for the
45
- exported snapshot
48
+ the evidence-based completion verdict, conflict ledger, complexity budget, evidence model, and
49
+ conservative coverage matrix for the exported snapshot
46
50
  - `classify-report.schema.json`: output of `mf classify --changed --json` and
47
51
  `mf classify <path...> --json`
48
52
  - `impact-report.schema.json`: output of `mf impact --changed --json` and
@@ -52,6 +56,12 @@ Current schemas:
52
56
  - `quality-gaming-report.schema.json`: output of `mf quality check --json`, containing changed-file
53
57
  quality-gaming risks such as line stuffing, validation suppressions, test bypass markers, type
54
58
  escapes, generated/vendor logic, empty catch swallowing, and placeholder implementations
59
+ - `script-pack-catalog.schema.json`: output of `mf script-pack list --json`, containing bundled
60
+ script-pack ids, script refs, action names, usage strings, and associated report schemas
61
+ - `text-budget-report.schema.json`: output of
62
+ `mf script-pack run core/text-budget check <path...> --json`, containing
63
+ exact text-budget metrics, input content hashes, policy metadata, findings, and JSON Pointer field
64
+ checks for bounded user-facing strings and generated text
55
65
  - `skill-route-report.schema.json`: output of `mf skill route --json`, containing compact route
56
66
  candidates, selected main and adjunct skills, score breakdowns, route read plans, and source
57
67
  route shards without granting command authority or replacing selected `SKILL.md` reads
@@ -59,7 +69,7 @@ Current schemas:
59
69
  skill-route golden cases with required and forbidden route expectations
60
70
  - `latest-run-pointer.schema.json`: `.mustflow/state/runs/latest.json` when `mf verify` writes a
61
71
  pointer to the latest verify run bundle, including the verify completion verdict, evidence model,
62
- and coverage matrix
72
+ complexity budget, failure replay capsule, conflict ledger, and coverage matrix
63
73
  - `handoff-validation-report.schema.json`: output of
64
74
  `mf handoff validate <path> --json`
65
75
  - `version-sources-report.schema.json`: output of `mf version-sources --json`
@@ -69,14 +79,16 @@ Current schemas:
69
79
  `mf explain surface --json`, and `mf explain why <target> --json`. Verify explanations include the shared
70
80
  `decisionGraph` evidence model; latest-failure explanations include bounded latest-run metadata only.
71
81
  - `verify-report.schema.json`: output of `mf verify --reason <event> --json`, including an
72
- explicit execution aggregate, evidence-based completion verdict, and evidence model with a
82
+ explicit execution aggregate, risk-priced evidence assessment, evidence-based completion verdict,
83
+ failure replay capsule, conflict ledger, and evidence model with a read-only complexity budget and
73
84
  conservative coverage matrix for the selected receipts and skipped checks
74
85
  - `verify-run-manifest.schema.json`: `.mustflow/state/runs/verify-*/manifest.json`, including
75
- the same execution aggregate, completion verdict, evidence model, and coverage matrix as the verify report
86
+ the same execution aggregate, risk assessment, completion verdict, failure replay capsule,
87
+ conflict ledger, evidence model, complexity budget, and coverage matrix as the verify report
76
88
  - `change-verification-report.schema.json`: output of `mf verify --reason <event> --plan-only --json` and
77
89
  `mf verify --from-classification <classify-report.json> --plan-only --json`, including the `decision_graph` that links
78
90
  changed surfaces, classification reasons, command candidates, eligibility, selected or not-selected state,
79
- effects, and gaps.
91
+ effects, gaps, and risk-priced evidence requirements.
80
92
  Local-index command-effect graphs and command preconditions are explanation-only and cannot grant command authority.
81
93
 
82
94
  These schemas define stable, automation-facing fields. Human-readable command
@@ -55,6 +55,9 @@
55
55
  "$ref": "#/$defs/verificationGap"
56
56
  }
57
57
  },
58
+ "risk_assessment": {
59
+ "$ref": "#/$defs/riskAssessment"
60
+ },
58
61
  "schedule": {
59
62
  "$ref": "#/$defs/verificationSchedule"
60
63
  },
@@ -328,6 +331,32 @@
328
331
  }
329
332
  }
330
333
  },
334
+ "riskAssessment": {
335
+ "type": "object",
336
+ "additionalProperties": false,
337
+ "required": [
338
+ "schema_version",
339
+ "source",
340
+ "level",
341
+ "reasons",
342
+ "required_evidence",
343
+ "blocking_gaps",
344
+ "rollback_required",
345
+ "human_approval_required",
346
+ "manual_review_required"
347
+ ],
348
+ "properties": {
349
+ "schema_version": { "const": "1" },
350
+ "source": { "const": "change_classification_and_command_contract" },
351
+ "level": { "enum": ["low", "medium", "high", "critical"] },
352
+ "reasons": { "$ref": "#/$defs/stringArray" },
353
+ "required_evidence": { "$ref": "#/$defs/stringArray" },
354
+ "blocking_gaps": { "$ref": "#/$defs/stringArray" },
355
+ "rollback_required": { "type": "boolean" },
356
+ "human_approval_required": { "type": "boolean" },
357
+ "manual_review_required": { "type": "boolean" }
358
+ }
359
+ },
331
360
  "testSelectionReport": {
332
361
  "type": "object",
333
362
  "additionalProperties": false,
@@ -121,7 +121,61 @@
121
121
  "required": ["path", "exists"],
122
122
  "properties": {
123
123
  "path": { "type": "string" },
124
- "exists": { "type": "boolean" }
124
+ "exists": { "type": "boolean" },
125
+ "trust": { "$ref": "#/$defs/contextTrust" }
126
+ }
127
+ },
128
+ "contextTrust": {
129
+ "type": "object",
130
+ "additionalProperties": false,
131
+ "required": [
132
+ "source_kind",
133
+ "authority",
134
+ "cache_layer",
135
+ "freshness",
136
+ "content_hash",
137
+ "can_instruct_agent",
138
+ "grants_command_authority",
139
+ "notes"
140
+ ],
141
+ "properties": {
142
+ "source_kind": {
143
+ "enum": [
144
+ "workflow_file",
145
+ "command_contract",
146
+ "skill_file",
147
+ "context_file",
148
+ "generated_cache",
149
+ "generated_state",
150
+ "source_placeholder",
151
+ "runtime_volatile",
152
+ "unknown_file"
153
+ ]
154
+ },
155
+ "authority": {
156
+ "enum": [
157
+ "binding",
158
+ "workflow_policy",
159
+ "configuration",
160
+ "command_contract",
161
+ "procedure",
162
+ "contextual",
163
+ "hint",
164
+ "generated",
165
+ "evidence_only",
166
+ "volatile",
167
+ "unknown"
168
+ ]
169
+ },
170
+ "cache_layer": { "enum": ["stable", "task", "volatile", null] },
171
+ "freshness": { "enum": ["hash_verified", "missing", "dynamic", "runtime_volatile", "unchecked"] },
172
+ "content_hash": { "type": ["string", "null"] },
173
+ "can_instruct_agent": { "type": "boolean" },
174
+ "grants_command_authority": { "type": "boolean" },
175
+ "notes": {
176
+ "type": "array",
177
+ "items": { "type": "string" }
178
+ }
125
179
  }
126
180
  },
127
181
  "intentContext": {
@@ -364,7 +418,8 @@
364
418
  "properties": {
365
419
  "path": { "type": "string" },
366
420
  "exists": { "type": "boolean" },
367
- "content_hash": { "type": ["string", "null"] }
421
+ "content_hash": { "type": ["string", "null"] },
422
+ "trust": { "$ref": "#/$defs/contextTrust" }
368
423
  }
369
424
  },
370
425
  "taskContextLayer": {
@@ -617,6 +672,7 @@
617
672
  "type": "array",
618
673
  "items": { "type": "string" }
619
674
  },
675
+ "trust": { "$ref": "#/$defs/contextTrust" },
620
676
  "issue": { "type": ["string", "null"] }
621
677
  }
622
678
  },
@@ -197,6 +197,9 @@
197
197
  "type": "array",
198
198
  "items": { "$ref": "#/$defs/evidenceGap" }
199
199
  },
200
+ "complexity_budget": { "$ref": "verify-report.schema.json#/$defs/complexityBudget" },
201
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
202
+ "conflict_ledger": { "$ref": "verify-report.schema.json#/$defs/conflictLedger" },
200
203
  "remaining_risks": {
201
204
  "type": "array",
202
205
  "items": { "$ref": "#/$defs/evidenceRemainingRisk" }
@@ -304,6 +307,41 @@
304
307
  "detail": { "type": "string" }
305
308
  }
306
309
  },
310
+ "riskAssessment": {
311
+ "type": "object",
312
+ "additionalProperties": false,
313
+ "required": [
314
+ "schema_version",
315
+ "source",
316
+ "level",
317
+ "reasons",
318
+ "required_evidence",
319
+ "blocking_gaps",
320
+ "rollback_required",
321
+ "human_approval_required",
322
+ "manual_review_required"
323
+ ],
324
+ "properties": {
325
+ "schema_version": { "const": "1" },
326
+ "source": { "const": "change_classification_and_command_contract" },
327
+ "level": { "enum": ["low", "medium", "high", "critical"] },
328
+ "reasons": {
329
+ "type": "array",
330
+ "items": { "type": "string" }
331
+ },
332
+ "required_evidence": {
333
+ "type": "array",
334
+ "items": { "type": "string" }
335
+ },
336
+ "blocking_gaps": {
337
+ "type": "array",
338
+ "items": { "type": "string" }
339
+ },
340
+ "rollback_required": { "type": "boolean" },
341
+ "human_approval_required": { "type": "boolean" },
342
+ "manual_review_required": { "type": "boolean" }
343
+ }
344
+ },
307
345
  "evidenceExplanation": {
308
346
  "type": "object",
309
347
  "additionalProperties": false,
@@ -377,6 +415,7 @@
377
415
  "receipt_binding_risk_count": { "type": "integer" },
378
416
  "stale_receipt_count": { "type": "integer" },
379
417
  "plan_mismatch_count": { "type": "integer" },
418
+ "risk_priced_evidence_risk_count": { "type": "integer" },
380
419
  "risks": { "$ref": "#/$defs/completionVerdictRisks" },
381
420
  "receipt_binding": { "$ref": "#/$defs/completionVerdictReceiptBinding" },
382
421
  "latest_run_status": { "type": ["string", "null"] }
@@ -434,7 +473,8 @@
434
473
  "write_drift": { "type": "integer" },
435
474
  "receipt_binding": { "type": "integer" },
436
475
  "stale_receipt": { "type": "integer" },
437
- "plan_mismatch": { "type": "integer" }
476
+ "plan_mismatch": { "type": "integer" },
477
+ "risk_priced_evidence": { "type": "integer" }
438
478
  }
439
479
  },
440
480
  "completionVerdictReceiptBinding": {
@@ -505,6 +545,7 @@
505
545
  "properties": {
506
546
  "completion_verdict": { "$ref": "#/$defs/completionVerdict" },
507
547
  "evidence_model": { "$ref": "#/$defs/evidenceModel" },
548
+ "conflict_ledger": { "$ref": "verify-report.schema.json#/$defs/conflictLedger" },
508
549
  "changed_file_count": { "type": "integer" },
509
550
  "changed_surfaces": { "$ref": "#/$defs/stringArray" },
510
551
  "decision_graph_summary": {
@@ -37,6 +37,12 @@
37
37
  "update_policies": { "$ref": "#/$defs/stringArray" },
38
38
  "drift_checks": { "$ref": "#/$defs/stringArray" },
39
39
  "required_verification": { "$ref": "#/$defs/stringArray" },
40
+ "complexity_budget": {
41
+ "anyOf": [
42
+ { "type": "null" },
43
+ { "$ref": "verify-report.schema.json#/$defs/complexityBudget" }
44
+ ]
45
+ },
40
46
  "residual_corrections": { "$ref": "#/$defs/residualCorrections" },
41
47
  "gap_count": { "type": "integer", "minimum": 0 },
42
48
  "gaps": {
@@ -107,6 +107,7 @@
107
107
  "changed_files": { "$ref": "#/$defs/stringArray" },
108
108
  "validation_reasons": { "$ref": "#/$defs/stringArray" },
109
109
  "selected_intents": { "$ref": "#/$defs/stringArray" },
110
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
110
111
  "requirement_count": { "type": "integer", "minimum": 0 },
111
112
  "gap_count": { "type": "integer", "minimum": 0 },
112
113
  "requirements": {
@@ -199,6 +200,24 @@
199
200
  "receipt_count": { "type": ["integer", "null"], "minimum": 0 },
200
201
  "skipped_check_count": { "type": "integer", "minimum": 0 },
201
202
  "remaining_risk_count": { "type": "integer", "minimum": 0 },
203
+ "risk_assessment": {
204
+ "anyOf": [
205
+ { "type": "null" },
206
+ { "$ref": "#/$defs/riskAssessment" }
207
+ ]
208
+ },
209
+ "failure_replay_capsule": {
210
+ "anyOf": [
211
+ { "type": "null" },
212
+ { "$ref": "verify-report.schema.json#/$defs/failureReplayCapsule" }
213
+ ]
214
+ },
215
+ "conflict_ledger": {
216
+ "anyOf": [
217
+ { "type": "null" },
218
+ { "$ref": "verify-report.schema.json#/$defs/conflictLedger" }
219
+ ]
220
+ },
202
221
  "requirements": {
203
222
  "type": "array",
204
223
  "items": { "$ref": "#/$defs/latestRequirement" }
@@ -255,6 +274,32 @@
255
274
  "detail": { "type": "string" }
256
275
  }
257
276
  },
277
+ "riskAssessment": {
278
+ "type": "object",
279
+ "additionalProperties": false,
280
+ "required": [
281
+ "schema_version",
282
+ "source",
283
+ "level",
284
+ "reasons",
285
+ "required_evidence",
286
+ "blocking_gaps",
287
+ "rollback_required",
288
+ "human_approval_required",
289
+ "manual_review_required"
290
+ ],
291
+ "properties": {
292
+ "schema_version": { "const": "1" },
293
+ "source": { "const": "change_classification_and_command_contract" },
294
+ "level": { "enum": ["low", "medium", "high", "critical"] },
295
+ "reasons": { "$ref": "#/$defs/stringArray" },
296
+ "required_evidence": { "$ref": "#/$defs/stringArray" },
297
+ "blocking_gaps": { "$ref": "#/$defs/stringArray" },
298
+ "rollback_required": { "type": "boolean" },
299
+ "human_approval_required": { "type": "boolean" },
300
+ "manual_review_required": { "type": "boolean" }
301
+ }
302
+ },
258
303
  "coverage": {
259
304
  "type": "object",
260
305
  "additionalProperties": false,
@@ -39,14 +39,22 @@
39
39
  },
40
40
  "execution_status": { "enum": ["passed", "partial", "failed", "blocked"] },
41
41
  "status": { "enum": ["passed", "partial", "failed", "blocked"] },
42
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
42
43
  "completion_verdict": { "$ref": "#/$defs/completionVerdict" },
43
44
  "evidence_model": { "$ref": "#/$defs/evidenceModel" },
45
+ "conflict_ledger": { "$ref": "verify-report.schema.json#/$defs/conflictLedger" },
44
46
  "failure_fingerprint": {
45
47
  "anyOf": [
46
48
  { "$ref": "#/$defs/failureFingerprint" },
47
49
  { "type": "null" }
48
50
  ]
49
51
  },
52
+ "failure_replay_capsule": {
53
+ "anyOf": [
54
+ { "$ref": "verify-report.schema.json#/$defs/failureReplayCapsule" },
55
+ { "type": "null" }
56
+ ]
57
+ },
50
58
  "repeated_failure_summary": {
51
59
  "anyOf": [
52
60
  { "$ref": "#/$defs/repeatedFailureSummary" },
@@ -196,6 +204,7 @@
196
204
  "receipt_binding_risk_count": { "type": "integer" },
197
205
  "stale_receipt_count": { "type": "integer" },
198
206
  "plan_mismatch_count": { "type": "integer" },
207
+ "risk_priced_evidence_risk_count": { "type": "integer" },
199
208
  "risks": { "$ref": "#/$defs/completionVerdictRisks" },
200
209
  "receipt_binding": { "$ref": "#/$defs/completionVerdictReceiptBinding" },
201
210
  "latest_run_status": { "type": ["string", "null"] }
@@ -253,7 +262,8 @@
253
262
  "write_drift": { "type": "integer" },
254
263
  "receipt_binding": { "type": "integer" },
255
264
  "stale_receipt": { "type": "integer" },
256
- "plan_mismatch": { "type": "integer" }
265
+ "plan_mismatch": { "type": "integer" },
266
+ "risk_priced_evidence": { "type": "integer" }
257
267
  }
258
268
  },
259
269
  "completionVerdictReceiptBinding": {
@@ -322,6 +332,10 @@
322
332
  "type": "array",
323
333
  "items": { "$ref": "#/$defs/evidenceGap" }
324
334
  },
335
+ "complexity_budget": { "$ref": "verify-report.schema.json#/$defs/complexityBudget" },
336
+ "risk_assessment": { "$ref": "#/$defs/riskAssessment" },
337
+ "failure_replay_capsule": { "$ref": "verify-report.schema.json#/$defs/failureReplayCapsule" },
338
+ "conflict_ledger": { "$ref": "verify-report.schema.json#/$defs/conflictLedger" },
325
339
  "remaining_risks": {
326
340
  "type": "array",
327
341
  "items": { "$ref": "#/$defs/evidenceRemainingRisk" }
@@ -467,6 +481,41 @@
467
481
  "detail": { "type": "string" }
468
482
  }
469
483
  },
484
+ "riskAssessment": {
485
+ "type": "object",
486
+ "additionalProperties": false,
487
+ "required": [
488
+ "schema_version",
489
+ "source",
490
+ "level",
491
+ "reasons",
492
+ "required_evidence",
493
+ "blocking_gaps",
494
+ "rollback_required",
495
+ "human_approval_required",
496
+ "manual_review_required"
497
+ ],
498
+ "properties": {
499
+ "schema_version": { "const": "1" },
500
+ "source": { "const": "change_classification_and_command_contract" },
501
+ "level": { "enum": ["low", "medium", "high", "critical"] },
502
+ "reasons": {
503
+ "type": "array",
504
+ "items": { "type": "string" }
505
+ },
506
+ "required_evidence": {
507
+ "type": "array",
508
+ "items": { "type": "string" }
509
+ },
510
+ "blocking_gaps": {
511
+ "type": "array",
512
+ "items": { "type": "string" }
513
+ },
514
+ "rollback_required": { "type": "boolean" },
515
+ "human_approval_required": { "type": "boolean" },
516
+ "manual_review_required": { "type": "boolean" }
517
+ }
518
+ },
470
519
  "reproEvidence": {
471
520
  "type": "object",
472
521
  "additionalProperties": false,
@@ -0,0 +1,68 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/script-pack-catalog.schema.json",
4
+ "title": "mustflow script-pack catalog",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "action",
11
+ "ok",
12
+ "mustflow_root",
13
+ "packs",
14
+ "issues"
15
+ ],
16
+ "properties": {
17
+ "schema_version": { "const": "1" },
18
+ "command": { "const": "script-pack" },
19
+ "action": { "const": "list" },
20
+ "ok": { "type": "boolean" },
21
+ "mustflow_root": { "type": "string" },
22
+ "packs": {
23
+ "type": "array",
24
+ "items": { "$ref": "#/$defs/pack" }
25
+ },
26
+ "issues": {
27
+ "type": "array",
28
+ "items": { "type": "string" }
29
+ }
30
+ },
31
+ "$defs": {
32
+ "pack": {
33
+ "type": "object",
34
+ "additionalProperties": false,
35
+ "required": ["id", "summary_key", "scripts"],
36
+ "properties": {
37
+ "id": { "type": "string", "pattern": "^[a-z0-9]+(?:-[a-z0-9]+)*$" },
38
+ "summary_key": { "type": "string" },
39
+ "scripts": {
40
+ "type": "array",
41
+ "items": { "$ref": "#/$defs/script" }
42
+ }
43
+ }
44
+ },
45
+ "script": {
46
+ "type": "object",
47
+ "additionalProperties": false,
48
+ "required": ["id", "ref", "usage", "summary_key", "actions", "report_schema_file"],
49
+ "properties": {
50
+ "id": { "type": "string", "pattern": "^[a-z0-9]+(?:-[a-z0-9]+)*$" },
51
+ "ref": { "type": "string", "pattern": "^[a-z0-9]+(?:-[a-z0-9]+)*/[a-z0-9]+(?:-[a-z0-9]+)*$" },
52
+ "usage": { "type": "string" },
53
+ "summary_key": { "type": "string" },
54
+ "actions": {
55
+ "type": "array",
56
+ "items": { "type": "string", "pattern": "^[a-z0-9]+(?:-[a-z0-9]+)*$" },
57
+ "minItems": 1
58
+ },
59
+ "report_schema_file": {
60
+ "anyOf": [
61
+ { "type": "string", "pattern": "^[a-z0-9-]+\\.schema\\.json$" },
62
+ { "type": "null" }
63
+ ]
64
+ }
65
+ }
66
+ }
67
+ }
68
+ }
@@ -0,0 +1,131 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/text-budget-report.schema.json",
4
+ "title": "mustflow text-budget report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "policy",
18
+ "input_hash",
19
+ "metrics",
20
+ "findings",
21
+ "artifacts",
22
+ "issues"
23
+ ],
24
+ "properties": {
25
+ "schema_version": { "const": "1" },
26
+ "command": { "const": "script-pack" },
27
+ "pack_id": { "const": "core" },
28
+ "script_id": { "const": "text-budget" },
29
+ "script_ref": { "const": "core/text-budget" },
30
+ "action": { "const": "check" },
31
+ "status": { "enum": ["passed", "failed", "error"] },
32
+ "ok": { "type": "boolean" },
33
+ "mustflow_root": { "type": "string" },
34
+ "policy": { "$ref": "#/$defs/policy" },
35
+ "input_hash": { "$ref": "#/$defs/sha256" },
36
+ "metrics": {
37
+ "type": "array",
38
+ "items": { "$ref": "#/$defs/metric" }
39
+ },
40
+ "findings": {
41
+ "type": "array",
42
+ "items": { "$ref": "#/$defs/finding" }
43
+ },
44
+ "artifacts": {
45
+ "type": "array",
46
+ "items": { "$ref": "#/$defs/artifact" }
47
+ },
48
+ "issues": {
49
+ "type": "array",
50
+ "items": { "type": "string" }
51
+ }
52
+ },
53
+ "$defs": {
54
+ "sha256": {
55
+ "type": "string",
56
+ "pattern": "^sha256:[a-f0-9]{64}$"
57
+ },
58
+ "unit": {
59
+ "description": "Counting unit. The line unit counts line segments after splitting on line breaks, so a trailing line break contributes an empty final line.",
60
+ "enum": ["grapheme", "code-point", "utf16", "utf8-byte", "word", "line"]
61
+ },
62
+ "policy": {
63
+ "type": "object",
64
+ "additionalProperties": false,
65
+ "required": ["min", "max", "exact", "unit", "json_pointer", "max_file_bytes"],
66
+ "properties": {
67
+ "min": { "type": ["integer", "null"], "minimum": 0 },
68
+ "max": { "type": ["integer", "null"], "minimum": 0 },
69
+ "exact": { "type": ["integer", "null"], "minimum": 0 },
70
+ "unit": { "$ref": "#/$defs/unit" },
71
+ "json_pointer": { "type": ["string", "null"] },
72
+ "max_file_bytes": { "type": "integer", "minimum": 1 }
73
+ }
74
+ },
75
+ "metric": {
76
+ "type": "object",
77
+ "additionalProperties": false,
78
+ "required": ["name", "value", "unit", "path", "json_pointer", "content_sha256"],
79
+ "properties": {
80
+ "name": { "const": "text_length" },
81
+ "value": { "type": "integer", "minimum": 0 },
82
+ "unit": { "$ref": "#/$defs/unit" },
83
+ "path": { "type": "string" },
84
+ "json_pointer": { "type": ["string", "null"] },
85
+ "content_sha256": { "$ref": "#/$defs/sha256" }
86
+ }
87
+ },
88
+ "finding": {
89
+ "type": "object",
90
+ "additionalProperties": false,
91
+ "required": ["code", "severity", "message", "path", "json_pointer", "metric", "actual", "expected"],
92
+ "properties": {
93
+ "code": {
94
+ "enum": [
95
+ "text_budget_above_max",
96
+ "text_budget_below_min",
97
+ "text_budget_not_exact",
98
+ "text_budget_unreadable",
99
+ "text_budget_json_parse_failed",
100
+ "text_budget_json_pointer_invalid",
101
+ "text_budget_json_pointer_missing",
102
+ "text_budget_json_pointer_not_string"
103
+ ]
104
+ },
105
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
106
+ "message": { "type": "string" },
107
+ "path": { "type": "string" },
108
+ "json_pointer": { "type": ["string", "null"] },
109
+ "metric": {
110
+ "anyOf": [
111
+ { "const": "text_length" },
112
+ { "type": "null" }
113
+ ]
114
+ },
115
+ "actual": { "type": ["integer", "null"], "minimum": 0 },
116
+ "expected": { "type": ["integer", "null"], "minimum": 0 }
117
+ }
118
+ },
119
+ "artifact": {
120
+ "type": "object",
121
+ "additionalProperties": false,
122
+ "required": ["kind", "path", "sha256", "size_bytes"],
123
+ "properties": {
124
+ "kind": { "const": "input" },
125
+ "path": { "type": "string" },
126
+ "sha256": { "$ref": "#/$defs/sha256" },
127
+ "size_bytes": { "type": "integer", "minimum": 0 }
128
+ }
129
+ }
130
+ }
131
+ }