mustflow 2.74.2 → 2.74.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/templates/default/i18n.toml +13 -13
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +4 -4
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +5 -3
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +7 -7
- package/templates/default/locales/en/.mustflow/skills/elysia-code-change/SKILL.md +15 -8
- package/templates/default/locales/en/.mustflow/skills/external-skill-intake/SKILL.md +10 -5
- package/templates/default/locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md +7 -4
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +4 -3
- package/templates/default/locales/en/.mustflow/skills/skill-authoring/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/skill-refresh/SKILL.md +19 -2
- package/templates/default/locales/en/.mustflow/skills/tailwind-code-change/SKILL.md +12 -9
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +22 -17
- package/templates/default/locales/en/.mustflow/skills/unocss-code-change/SKILL.md +16 -5
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +8 -8
- package/templates/default/manifest.toml +1 -1
package/package.json
CHANGED
|
@@ -62,7 +62,7 @@ translations = {}
|
|
|
62
62
|
[documents."skills.index"]
|
|
63
63
|
source = "locales/en/.mustflow/skills/INDEX.md"
|
|
64
64
|
source_locale = "en"
|
|
65
|
-
revision =
|
|
65
|
+
revision = 174
|
|
66
66
|
translations = {}
|
|
67
67
|
|
|
68
68
|
[documents."skill.adapter-boundary"]
|
|
@@ -356,7 +356,7 @@ translations = {}
|
|
|
356
356
|
[documents."skill.rate-limit-integrity-review"]
|
|
357
357
|
source = "locales/en/.mustflow/skills/rate-limit-integrity-review/SKILL.md"
|
|
358
358
|
source_locale = "en"
|
|
359
|
-
revision =
|
|
359
|
+
revision = 2
|
|
360
360
|
translations = {}
|
|
361
361
|
|
|
362
362
|
[documents."skill.idempotency-integrity-review"]
|
|
@@ -469,13 +469,13 @@ translations = {}
|
|
|
469
469
|
[documents."skill.dependency-upgrade-review"]
|
|
470
470
|
source = "locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md"
|
|
471
471
|
source_locale = "en"
|
|
472
|
-
revision =
|
|
472
|
+
revision = 4
|
|
473
473
|
translations = {}
|
|
474
474
|
|
|
475
475
|
[documents."skill.version-freshness-check"]
|
|
476
476
|
source = "locales/en/.mustflow/skills/version-freshness-check/SKILL.md"
|
|
477
477
|
source_locale = "en"
|
|
478
|
-
revision =
|
|
478
|
+
revision = 7
|
|
479
479
|
translations = {}
|
|
480
480
|
|
|
481
481
|
[documents."skill.line-ending-hygiene"]
|
|
@@ -517,7 +517,7 @@ translations = {}
|
|
|
517
517
|
[documents."skill.astro-code-change"]
|
|
518
518
|
source = "locales/en/.mustflow/skills/astro-code-change/SKILL.md"
|
|
519
519
|
source_locale = "en"
|
|
520
|
-
revision =
|
|
520
|
+
revision = 3
|
|
521
521
|
translations = {}
|
|
522
522
|
|
|
523
523
|
[documents."skill.auth-permission-change"]
|
|
@@ -571,7 +571,7 @@ translations = {}
|
|
|
571
571
|
[documents."skill.elysia-code-change"]
|
|
572
572
|
source = "locales/en/.mustflow/skills/elysia-code-change/SKILL.md"
|
|
573
573
|
source_locale = "en"
|
|
574
|
-
revision =
|
|
574
|
+
revision = 2
|
|
575
575
|
translations = {}
|
|
576
576
|
|
|
577
577
|
[documents."skill.flutter-code-change"]
|
|
@@ -625,7 +625,7 @@ translations = {}
|
|
|
625
625
|
[documents."skill.rust-code-change"]
|
|
626
626
|
source = "locales/en/.mustflow/skills/rust-code-change/SKILL.md"
|
|
627
627
|
source_locale = "en"
|
|
628
|
-
revision =
|
|
628
|
+
revision = 5
|
|
629
629
|
translations = {}
|
|
630
630
|
|
|
631
631
|
[documents."skill.runtime-target-selection"]
|
|
@@ -655,7 +655,7 @@ translations = {}
|
|
|
655
655
|
[documents."skill.tailwind-code-change"]
|
|
656
656
|
source = "locales/en/.mustflow/skills/tailwind-code-change/SKILL.md"
|
|
657
657
|
source_locale = "en"
|
|
658
|
-
revision =
|
|
658
|
+
revision = 4
|
|
659
659
|
translations = {}
|
|
660
660
|
|
|
661
661
|
[documents."skill.tauri-code-change"]
|
|
@@ -667,13 +667,13 @@ translations = {}
|
|
|
667
667
|
[documents."skill.typescript-code-change"]
|
|
668
668
|
source = "locales/en/.mustflow/skills/typescript-code-change/SKILL.md"
|
|
669
669
|
source_locale = "en"
|
|
670
|
-
revision =
|
|
670
|
+
revision = 4
|
|
671
671
|
translations = {}
|
|
672
672
|
|
|
673
673
|
[documents."skill.unocss-code-change"]
|
|
674
674
|
source = "locales/en/.mustflow/skills/unocss-code-change/SKILL.md"
|
|
675
675
|
source_locale = "en"
|
|
676
|
-
revision =
|
|
676
|
+
revision = 4
|
|
677
677
|
translations = {}
|
|
678
678
|
|
|
679
679
|
[documents."skill.service-boundary-architecture"]
|
|
@@ -781,7 +781,7 @@ translations = {}
|
|
|
781
781
|
[documents."skill.external-skill-intake"]
|
|
782
782
|
source = "locales/en/.mustflow/skills/external-skill-intake/SKILL.md"
|
|
783
783
|
source_locale = "en"
|
|
784
|
-
revision =
|
|
784
|
+
revision = 3
|
|
785
785
|
translations = {}
|
|
786
786
|
|
|
787
787
|
[documents."skill.github-contribution-quality-gate"]
|
|
@@ -936,13 +936,13 @@ translations = {}
|
|
|
936
936
|
[documents."skill.skill-refresh"]
|
|
937
937
|
source = "locales/en/.mustflow/skills/skill-refresh/SKILL.md"
|
|
938
938
|
source_locale = "en"
|
|
939
|
-
revision =
|
|
939
|
+
revision = 2
|
|
940
940
|
translations = {}
|
|
941
941
|
|
|
942
942
|
[documents."skill.skill-authoring"]
|
|
943
943
|
source = "locales/en/.mustflow/skills/skill-authoring/SKILL.md"
|
|
944
944
|
source_locale = "en"
|
|
945
|
-
revision =
|
|
945
|
+
revision = 9
|
|
946
946
|
translations = {}
|
|
947
947
|
|
|
948
948
|
[documents."skill.task-instruction-authoring"]
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skills.index
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 174
|
|
6
6
|
authority: router
|
|
7
7
|
lifecycle: mustflow-owned
|
|
8
8
|
---
|
|
@@ -421,7 +421,7 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
421
421
|
| Node.js runtime code, package manager ownership, module format, package entry metadata, native dependencies, Node test runner behavior, TypeScript execution mode, or deployment runtime support is created or changed | `.mustflow/skills/node-code-change/SKILL.md` | Node version signals, package manager and lockfile owner, module/package metadata, TypeScript loader, test runner, native dependency, deployment target, and command contract entries | Node runtime code, package metadata, lockfiles, scripts, CI or Docker runtime declarations, test runner config, native dependency handling, docs examples, and directly synchronized package surfaces | newest-Node assumption, package manager drift, ESM/CJS break, blocked deep import, native dependency break, Node native TypeScript overclaim, test runner migration risk, deployment mismatch, or permission-model overclaim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Runtime and package manager decision, module/package entry notes, TypeScript/test runner notes, native/deployment risks, verification, and remaining Node.js risk |
|
|
422
422
|
| Bun runtime code, Bun package manager behavior, `bun.lock`, `bunfig.toml`, Bun test runner behavior, Bun bundling, Bun TypeScript execution, or Bun-specific APIs are created or changed | `.mustflow/skills/bun-code-change/SKILL.md` | Bun role signals, `package.json`, Bun and non-Bun lockfiles, `bunfig.toml`, CI/Docker Bun setup, TypeScript config, Bun APIs, native dependency signals, and command contract entries | Bun runtime code, Bun package manager metadata, lockfiles, `bunfig.toml`, scripts, tests, bundler config, TypeScript/declaration pipeline, package metadata, and directly synchronized docs | Bun role confusion, lockfile drift, trusted dependency overgrant, runtime/package-manager conflation, Bun TypeScript typecheck overclaim, Bun build declaration gap, Node compatibility break, shebang mismatch, or native binary break | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Bun role classification, lockfile/trust notes, runtime/type/build/test notes, Node compatibility risks, verification, and remaining Bun risk |
|
|
423
423
|
| Dockerfiles, `.dockerignore`, Docker Compose files, BuildKit or buildx behavior, container image metadata, tags, entrypoints, health checks, Docker CI workflows, image security scanning, SBOM or provenance settings, registry publishing, or container runtime validation are created or changed | `.mustflow/skills/docker-code-change/SKILL.md` | Docker surfaces, project image shape, base image and platform signals, build context and cache signals, runtime contract, security and supply-chain contract, and command contract entries | Dockerfiles, `.dockerignore`, Compose files, container CI workflow snippets, image metadata, package tests, docs examples, template metadata, and directly synchronized skill routes | cache breakage, secret leak, root runtime, host access escape, dev dependency in final image, mutable tag drift, untrusted CI publish, missing SBOM/provenance, unverified runtime, or false production-readiness claim | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Docker surface classification, image/base/cache/stage decisions, secret/user/runtime/Compose/CI supply-chain notes, verification, and remaining Docker risk |
|
|
424
|
-
| TypeScript source, declarations, tsconfig, package exports, module resolution, public API, compiler-version behavior, TypeScript 6-to-7 migration surfaces,
|
|
424
|
+
| TypeScript source, declarations, tsconfig, package exports, module resolution, public API, compiler-version behavior, TypeScript 6-to-7 migration surfaces, TypeScript 7 RC or nightly tooling, or TypeScript tests are created or changed | `.mustflow/skills/typescript-code-change/SKILL.md` | TypeScript config, compiler track, package entry metadata, target runtime, changed files, declaration, TS6 API, TS7 RC, and optional TS7 nightly surfaces, and command contract entries | TypeScript source, declarations, compiler config, exports, tests, compiler-track comparison notes, and directly synchronized docs | weakened type safety, module drift, public API drift, unverified declaration output, TypeScript 6 deprecation suppression, TS7 RC over-adoption, TS7 nightly over-adoption, or compiler API track drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime, module, type, public API, compiler-version, RC, nightly, and API-track boundary checked, changes made, verification, and remaining TypeScript risk |
|
|
425
425
|
| JavaScript source, module format, package entry, browser or Node runtime, dependency usage, Promise handling, bundler config, or JavaScript tests are created or changed | `.mustflow/skills/javascript-code-change/SKILL.md` | Package metadata, module system, runtime target, entrypoints, changed files, and command contract entries | JavaScript source, package exports, bundler config, dependencies, tests, and docs examples | runtime API leakage, ESM/CJS drift, discarded Promise, dependency bloat, or broken package entry | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime and module boundary checked, async and dependency notes, verification, and remaining JavaScript risk |
|
|
426
426
|
| Python source, package metadata, runtime version, import layout, type checking, linting, CLI entry points, or tests are created or changed | `.mustflow/skills/python-code-change/SKILL.md` | Python version source, packaging files, import layout, lint/type/test config, changed files, and command contract entries | Python source, packaging metadata, imports, type hints, tests, and docs examples | unsupported syntax, import hacks, packaging drift, swallowed errors, or weakened lint/type checks | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | Runtime, packaging, import, and type boundary checked, verification, and remaining Python risk |
|
|
427
427
|
| PowerShell scripts, modules, command examples, `pwsh` invocations, native-command wrappers, quoting, here-strings, splatting, regex, wildcard, replacement strings, or PowerShell argument passing are created or changed | `.mustflow/skills/powershell-code-change/SKILL.md` | PowerShell version and invocation path, parser layers, native-command boundary, dynamic input boundaries, changed files, and command contract entries | PowerShell scripts, modules, package scripts, CI snippets, docs examples, native-command wrappers, tests, and directly synchronized docs | parser-layer confusion, quote loss, variable over-expansion, metacharacter interpretation, native argv drift, command injection, `--%` overuse, or cross-shell `-Command` breakage | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | PowerShell version and invocation boundary, parser ledger, string/here-string/regex/wildcard/replacement/native argv decisions, verification, and remaining PowerShell risk |
|
|
@@ -488,9 +488,9 @@ routes. Event routes stay inactive until their event occurs.
|
|
|
488
488
|
| Database lock contention review needs to catch blocking visible in the diff, including hot rows, mutable counter caches, balance or stock updates, reservation flows, queue table claiming, `SELECT ... FOR UPDATE`, weaker row-lock choices, optimistic version checks, conditional updates, lock order, deadlock retry, MySQL/InnoDB gap or next-key locks, PostgreSQL row-lock variants, SQL Server lock escalation, long transactions, external calls inside transactions, DDL or metadata lock waits, idle-in-transaction blockers, lock timeout policy, connection-pool waits, or lock observability | `.mustflow/skills/database-lock-contention-review/SKILL.md` | Contended resource, workload concentration, database engine and isolation, lock path, index and predicate shape, transaction width, queue claim model, batch size, timeout and retry policy, observability evidence, and configured command intents | Data-shape changes such as ledgers, reservations, sharded counters, materialized summaries, conditional updates, weaker locks, stable lock order, chunked batches, queue shards, timeout policy, focused tests, docs, and directly synchronized templates | hot-row serialization, parent-counter bottleneck, select-then-update race, over-strong `FOR UPDATE`, missing lock-footprint index, gap-lock insert block, metadata-lock surprise, unordered multi-row deadlock, unchunked write outage, queue head contention, hidden FK parent lock, idle transaction blocking DDL, infinite lock wait, pool starvation, unsafe deadlock retry, or missing blocker/waiter evidence | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Lock-contention surface reviewed, contended resource and workload ledger, lock strength/order/index/queue/batch/DDL/timeout/pool/observability findings, evidence level, verification, and remaining database lock-contention risk |
|
|
489
489
|
| SQLite-specific schema, query, transaction, migration, indexing, extension, WAL, local-file persistence, embedded database, mobile database, browser OPFS/WASM SQLite, cache index, or SQLite runtime behavior is created, changed, reviewed, or reported | `.mustflow/skills/sqlite-code-change/SKILL.md` | SQLite role, runtime and binding, file ownership, storage medium, concurrency shape, schema/type rules, query/index evidence, migration and recovery needs, changed files, and command contract entries | SQLite schema, queries, connection setup, transactions, pragmas, indexes, migrations, fixtures, tests, docs, and directly synchronized templates | wrong runtime assumption, file-lock surprise, WAL overclaim, network filesystem risk, disabled foreign keys, weak type constraints, unsafe raw SQL, query-plan overclaim, sidecar-file data loss, failed migration rebuild, or unverified backup/restore | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | SQLite runtime, storage, WAL/concurrency, schema/type/constraint, query/index, migration, backup/restore, verification, and remaining SQLite risk |
|
|
490
490
|
| PostgreSQL-specific schema, query, transaction, migration, indexing, extension, role, row-level security, connection pooling, replication, backup, restore, managed Postgres, or Postgres runtime behavior is created, changed, reviewed, or reported | `.mustflow/skills/postgresql-code-change/SKILL.md` | PostgreSQL role, version, provider, extension inventory, topology, pooler, schema/type rules, query-plan evidence, transaction/retry rules, migration and recovery needs, changed files, and command contract entries | PostgreSQL schema, queries, migrations, generated SQL, connection setup, pool settings, roles, RLS policies, extensions, tests, docs, and directly synchronized templates | version drift, provider constraint miss, connection storm, lock or rewrite surprise, unsafe online DDL claim, bad pooler assumption, RLS bypass, search-path risk, extension drift, stale replica read, query-plan overclaim, or unverified restore | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | PostgreSQL version/topology, pooling, lock/transaction, schema/type/RLS/role, query/index/statistics, backup/restore, verification, and remaining PostgreSQL risk |
|
|
491
|
-
| Dependency versions, lockfiles, package-manager metadata, workspace constraints, runtime engines, peer dependencies, optional dependencies, security advisory fixes, generated dependency output, framework plugins, TypeScript compiler tracks, CI actions, Docker base images, package manager behavior, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported | `.mustflow/skills/dependency-upgrade-review/SKILL.md` | Dependency name, old and new versions or ranges, direct or transitive path, ecosystem and package manager, declaration files, lockfiles, runtime or toolchain files, advisory or release-note evidence, generated outputs, callers, docs, package output, Docker, CI, or TypeScript compiler-track surfaces, and command contract entries | Package declarations, lockfiles, generated outputs, compatibility code, tests, docs, package metadata, Docker or CI files, TypeScript compiler-track notes, and directly synchronized examples | lockfile churn, hidden transitive replacement, peer or engine break, module-format drift, native or optional package break, framework or generator output drift, unsafe broad security update, weakened tests, Docker or CI runtime drift,
|
|
491
|
+
| Dependency versions, lockfiles, package-manager metadata, workspace constraints, runtime engines, peer dependencies, optional dependencies, security advisory fixes, generated dependency output, framework plugins, TypeScript compiler tracks, CI actions, Docker base images, package manager behavior, or toolchain versions are upgraded, downgraded, pinned, widened, regenerated, reviewed, or reported | `.mustflow/skills/dependency-upgrade-review/SKILL.md` | Dependency name, old and new versions or ranges, direct or transitive path, ecosystem and package manager, declaration files, lockfiles, runtime or toolchain files, advisory or release-note evidence, generated outputs, callers, docs, package output, Docker, CI, or TypeScript compiler-track surfaces, and command contract entries | Package declarations, lockfiles, generated outputs, compatibility code, tests, docs, package metadata, Docker or CI files, TypeScript compiler-track notes, and directly synchronized examples | lockfile churn, hidden transitive replacement, peer or engine break, module-format drift, native or optional package break, framework or generator output drift, unsafe broad security update, weakened tests, Docker or CI runtime drift, TS7 RC over-adoption, TS7 nightly over-adoption, or unreviewed supply-chain change | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Upgrade reason, ecosystem surface, direct and transitive graph changes, compatibility classification, runtime/peer/engine/module/feature/platform/generated-output/compiler-track risks, synchronized surfaces, verification, and remaining dependency-upgrade risk |
|
|
492
492
|
| Dependency, package, runtime, framework, tool, command, plugin, service, platform capability, supported-version policy, security patch path, ecosystem maturity claim, maintainer-risk assumption, runtime portability claim, edge or serverless compatibility claim, critical-path library choice, package script, lifecycle hook, binary download, lockfile, audit result, or supply-chain-sensitive dependency surface is assumed, added, removed, imported, invoked, installed, audited, or documented | `.mustflow/skills/dependency-reality-check/SKILL.md` | Assumed dependency or capability, declaration files, version or feature expectation, role criticality, supported-version or end-of-life evidence, patchability expectation, runtime compatibility boundary, maintainer and ecosystem evidence when available, lockfile entry, package script or lifecycle hook, audit or provenance evidence, and relevant command intents | Package metadata, lockfiles, imports, scripts, command contracts, docs, tests, runtime policy notes, portability notes, and reports | unavailable dependency, hallucinated or lookalike package, fragile single-maintainer core dependency, experimental technology in a survival path, unsupported runtime, unclear security patch path, runtime-specific API leakage into core logic, stale version claim, lifecycle script risk, audit suppression, lockfile drift, or install guidance mismatch | `changes_status`, `changes_diff_summary`, `build`, `test_release`, `mustflow_check` | Dependency checked, ecosystem and maintainer-risk boundary reviewed, supported-version, patchability, and runtime-portability boundary reviewed, supply-chain surface reviewed, declarations synchronized, verification, and remaining dependency risk |
|
|
493
|
-
| Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, TypeScript compiler-track references, Rust release or MSRV references, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, TypeScript compiler track or Rust MSRV/toolchain track when relevant, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, TypeScript
|
|
493
|
+
| Generated or edited code, configuration, CI workflows, package metadata, install instructions, examples, Docker images, framework setup, runtime declarations, toolchain declarations, TypeScript compiler-track references, Rust release or MSRV references, or migration-sensitive snippets introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, or scaffold commands that may be stale | `.mustflow/skills/version-freshness-check/SKILL.md` | Versioned reference, owning files, repository version policy, approved freshness source, compatibility context, migration risk, TypeScript compiler track or Rust MSRV/toolchain track when relevant, and command contract entries | Package metadata, lockfiles, CI workflows, Dockerfiles, runtime files, framework config, docs, examples, templates, tests, and version-decision reports | stale default version, false latest claim, accidental major migration, repository policy mismatch, unsupported generated example, TypeScript RC/nightly/API-track confusion, Rust stable/nightly/MSRV confusion, floating-tag drift, or unverified security/support claim | `changes_status`, `changes_diff_summary`, `build`, `test_related`, `docs_validate_fast`, `test_release`, `mustflow_check` | Versioned surfaces checked, repository policy and freshness source, selected version track, compatibility classification, TypeScript stable/RC/nightly/API-track and Rust stable/nightly/MSRV split when relevant, approval need, synchronized surfaces, verification, and remaining version-freshness risk |
|
|
494
494
|
| External systems, protocols, SDKs, databases, webhooks, queues, files, object storage, signed upload or download URLs, caches, API response models, framework requests or responses, server actions, route handlers, edge functions, worker handlers, AI models, browser storage, search engines, analytics tools, email platforms, no-code tools, observability backends, trace or request context, provider data, or volatile component implementations cross the core boundary or need stable port/adapter translation, change isolation, error mapping, timeout, retry, circuit-breaker, bulkhead, idempotency, reconciliation, security, core-state ownership, vendor portability, or observability handling | `.mustflow/skills/adapter-boundary/SKILL.md` | External system or protocol, inbound/outbound direction, delivery boundary, internal use case, local port/adapter patterns, provider risk, provider failure policy, core-state ownership risk, vendor portability risk, observability identifier policy, API contract risk, change-isolation ledger, preserved consumer contract, changed files, and command contract entries | Ports, adapters, mappers, controllers, workers, stores, gateways, response mappers, telemetry mappers, timeout and retry policies, circuit breakers, bulkhead boundaries, tests, fixtures, assembly wiring, and directly synchronized docs or templates | provider leakage, caller churn from adapter-only changes, framework business-rule leakage, telemetry backend leakage, storage-key leakage, screen-shaped API coupling, pass-through wrapper, SaaS dashboard as truth source, search or analytics policy leakage, queue contract leakage, unclassified external failure, duplicate side effect, unsafe retry, missing timeout, missing circuit breaker, missing bulkhead, unresolved unknown provider outcome, broken identifier propagation, secret or personal-data leak, or untested integration drift | `changes_status`, `changes_diff_summary`, `test_related`, `test`, `lint`, `build`, `docs_validate_fast`, `test_release`, `mustflow_check` | Boundary classification, change-isolation ledger, preserved consumer contract, delivery adapter responsibility, internal port, provider containment, core-state ownership, vendor portability, validation and mapping, API response mapping, observability identifier flow, timeout/retry/circuit-breaker/bulkhead/idempotency handling, reconciliation behavior, security notes, verification, and remaining provider risk |
|
|
495
495
|
| Tauri frontend invokes, Rust commands, capabilities, permissions, scopes, plugins, filesystem, dialog, shell, opener, updater, sidecar, or mobile native permissions are created or changed | `.mustflow/skills/tauri-code-change/SKILL.md` | Frontend call sites, Tauri config, Rust commands, capability and permission files, plugin config, changed files, and command contract entries | Tauri frontend, Rust commands, capabilities, permissions, scopes, plugins, tests, and docs | broad native permission, untrusted IPC input, filesystem escape, shell or updater risk, or WebView/native boundary drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `mustflow_check` | IPC, permission, scope, filesystem, shell, updater, and native boundary checked, verification, and remaining Tauri risk |
|
|
496
496
|
| File path handling, cross-platform path behavior, path helpers, safe filesystem wrappers, clone or checkout destinations, scaffold roots, temp or cache paths, atomic writes, locks, archive extraction, uploads, downloads, scanners, CLI/API/schema path contracts, snapshots, generated outputs, or package artifact paths are created, changed, reviewed, or reported | `.mustflow/skills/file-path-cross-platform-change/SKILL.md` | Path ledger, trust classes, accepted path representation, base root, path helpers, safe filesystem wrappers, clone/checkout/scaffold/install/extract outputs, staging and promotion policy, temp/cache helpers, lock policy, archive policy, upload/download policy, scanner policy, CLI/API/schema/snapshot/generated/package surfaces, platform expectations, failure taxonomy, and command contract entries | Path validators, helpers, wrappers, schemas, CLI/API parsing, snapshots, fixtures, docs, tests, generated-output paths, package artifact paths, clone or scaffold destinations, archive extraction, scanner bounds, temp/cache handling, locks, and cleanup code | path traversal, base containment bypass, drive-relative path bug, reserved-name bug, case-collision bug, Unicode-collision bug, Git checkout path-length failure misreported as network or auth, unsafe archive extraction, non-atomic write claim, stale lock, scanner loop, partial-output cleanup data loss, user-selected destination deletion, path contract drift, or package artifact path drift | `changes_status`, `changes_diff_summary`, `lint`, `build`, `test_related`, `test`, `docs_validate_fast`, `test_release`, `mustflow_check` | Path contract, path ledger, trust classes, root policy, preflight/staging/promotion decisions, Windows/macOS/Linux/archive/upload/download/scanner/lock/temp/cache/atomic/cleanup decisions, failure taxonomy, synchronized contract surfaces, verification, and remaining path risk |
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.astro-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 3
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: astro-code-change
|
|
@@ -57,6 +57,7 @@ The default is no-hydration. Add browser JavaScript only after proving that nati
|
|
|
57
57
|
## Preconditions
|
|
58
58
|
|
|
59
59
|
- Read Astro config, content config, and the affected route tree before changing routing, content, canonical, RSS, sitemap, or hydration behavior.
|
|
60
|
+
- Identify the Astro major version before applying migration rules. Astro v6 changes must be checked against the v6 upgrade guide instead of inferred from older routing or adapter habits.
|
|
60
61
|
- Identify build-time versus request-time data before adding data access.
|
|
61
62
|
- Identify which UI truly needs browser JavaScript and which UI truly needs framework state before adding a framework island.
|
|
62
63
|
- Treat file movement under `src/pages`, route parameter changes, and content slug changes as URL contract changes.
|
|
@@ -73,6 +74,7 @@ The default is no-hydration. Add browser JavaScript only after proving that nati
|
|
|
73
74
|
## Procedure
|
|
74
75
|
|
|
75
76
|
1. Read package metadata and Astro config first. Record Astro version, framework integrations, `site`, `base`, `trailingSlash`, `output`, adapter, sitemap integration, MDX integration, and any framework integration.
|
|
77
|
+
- For Astro v6 migrations, check removed or changed surfaces before editing call sites: `Astro.glob()` replacement with `import.meta.glob()` or content collections, `.cjs` and `.cts` config removal, `astro:ssr-manifest`, `RouteData.generate()`, old adapter hooks, old `NodeApp` paths, Zod 4 schema effects, and numeric dynamic route params.
|
|
76
78
|
2. Read `src/content.config.*` when content, docs, blog, RSS, sitemap, canonical, or route generation is involved. Record each collection name, loader base, schema fields, slug/id policy, draft field, and date fields.
|
|
77
79
|
3. Build a route ledger from `src/pages`: static pages, dynamic pages, rest routes, endpoints, prerendered routes, on-demand routes, and possible route-priority collisions.
|
|
78
80
|
4. Classify the change: static route, dynamic route, endpoint, content collection, integration, adapter, SSR/on-demand, island, script, asset, RSS, sitemap, canonical, or docs/content.
|
|
@@ -100,7 +102,7 @@ The default is no-hydration. Add browser JavaScript only after proving that nati
|
|
|
100
102
|
|
|
101
103
|
- In static output, every dynamic route must have `getStaticPaths`.
|
|
102
104
|
- In on-demand or SSR dynamic routes, do not use `getStaticPaths`; read `Astro.params`, perform the request-time lookup, and handle missing entries with an explicit 404 or redirect path.
|
|
103
|
-
- `getStaticPaths` params must match bracket parameter names exactly
|
|
105
|
+
- `getStaticPaths` params must match bracket parameter names exactly. Param values must be strings, except rest parameters may use `undefined`; numeric params are invalid in Astro 6.
|
|
104
106
|
- Custom slugs containing `/` require a rest route such as a catch-all route. Do not force slash-containing slugs into a single named parameter route.
|
|
105
107
|
- Treat changes under `src/pages` as public URL changes, including endpoint names and extension-bearing endpoint paths.
|
|
106
108
|
- Check route priority when adding static routes, named parameters, rest parameters, catch-all routes, and endpoints that could claim the same URL.
|
|
@@ -132,7 +134,7 @@ Reject or revise a change when:
|
|
|
132
134
|
- `client:only` is used because SSR broke, instead of isolating the browser-only dependency.
|
|
133
135
|
- Static output dynamic routes lack `getStaticPaths`.
|
|
134
136
|
- On-demand or SSR dynamic routes use `getStaticPaths`.
|
|
135
|
-
- Route params do not match bracket names
|
|
137
|
+
- Route params do not match bracket names, non-rest params are not strings, rest params use values other than strings or `undefined`, or Astro 6 routes still rely on numeric params.
|
|
136
138
|
- A content slug with `/` is mapped through a non-rest route.
|
|
137
139
|
- Draft filtering differs between lists, detail pages, RSS, sitemap, or pagination.
|
|
138
140
|
- Canonical URLs are built by ad hoc string concatenation.
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.dependency-upgrade-review
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 4
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: dependency-upgrade-review
|
|
@@ -40,7 +40,7 @@ Review dependency upgrades as runtime, build, security, package, and generated-o
|
|
|
40
40
|
- A task claims a dependency change is "only patch", "only devDependency", "safe minor", "security-only", "transitive only", "lockfile only", or "no runtime change".
|
|
41
41
|
- A dependency update touches installation, publish output, generated clients, SDKs, native binaries, browser bundles, serverless or edge runtime, ESM/CJS/module format, Python markers, Go module graph, Cargo features, JVM dependency mediation, .NET target frameworks, Ruby/PHP/Swift lockfiles, Docker images, or CI actions.
|
|
42
42
|
- A Python runtime support floor, CI matrix, container image, `requires-python`, standard-library feature expectation, or security-default expectation changes as part of an upgrade.
|
|
43
|
-
- A TypeScript upgrade touches TypeScript 6 transition deprecations, TypeScript 7
|
|
43
|
+
- A TypeScript upgrade touches TypeScript 6 transition deprecations, TS6 stable API compatibility, TypeScript 7 RC compiler verification, TypeScript 7 nightly comparison, `@typescript/typescript6`, `tsc6`, `typescript@rc`, `@typescript/native-preview`, `tsgo`, compiler API consumers, declaration emit, framework typecheck wrappers, or editor language-service behavior.
|
|
44
44
|
|
|
45
45
|
<!-- mustflow-section: do-not-use-when -->
|
|
46
46
|
## Do Not Use When
|
|
@@ -96,8 +96,8 @@ Review dependency upgrades as runtime, build, security, package, and generated-o
|
|
|
96
96
|
11. Treat framework, plugin, code generator, formatter, linter, bundler, ORM, protobuf, OpenAPI, GraphQL, database driver, and test-runner upgrades as behavior changes when their output, config schema, plugin API, CLI flags, or generated code can change.
|
|
97
97
|
12. For Python runtime upgrades, treat `requires-python`, CI matrices, base images, dependency markers, wheels, packaging output, standard-library API availability, and security-default changes as one compatibility contract. Review version-gated standard-library usage and changed defaults before assuming the upgrade is only a dependency resolution change.
|
|
98
98
|
13. For Python upgrades that adopt newer standard-library behavior, call out affected paths such as archive extraction, subprocess handling, async lifecycle, import/resource loading, typing surfaces, data-class shapes, and diagnostic flags. Keep fallbacks or compatibility wording when the repository still supports older interpreters.
|
|
99
|
-
14. For TypeScript upgrades, classify the compiler track explicitly: stable
|
|
100
|
-
15. For TypeScript 6, review deprecations as future TypeScript 7 removals. For
|
|
99
|
+
14. For TypeScript upgrades, classify the compiler track explicitly: TS6 stable API track through `@typescript/typescript6` and `tsc6`, TS7 RC compiler track through `typescript@rc` and `tsc`, TS7 nightly track through `@typescript/native-preview` and `tsgo`, future TS7 stable track through the stable `typescript` package, editor extension preview, or framework-owned wrapper. Do not treat a nightly package as a stable replacement for the `typescript` package unless the repository policy says so.
|
|
100
|
+
15. For TypeScript 6, review deprecations as future TypeScript 7 removals. For TS7 RC, review compiler parity, declaration emit, watch/incremental, generated-output, and framework wrapper risks. For TS7 nightly, use `tsgo` only as an optional comparison path. Keep compiler API, transformer, ESLint, language-service plugin, and framework wrapper consumers on the TS6 API track until their owners explicitly support the TS7 API surface.
|
|
101
101
|
16. For new dependencies introduced by the upgrade, invoke the `dependency-reality-check` decision path: license, maintainer risk, provenance, lifecycle scripts, binary downloads, package age, transitive size, supply-chain risk, and replacement path.
|
|
102
102
|
17. For Docker base images and CI actions, review them as dependencies. Check image/action source, version pinning policy, digest use when required, runtime version changes, security patch reason, cache impact, and deployment smoke coverage.
|
|
103
103
|
18. Synchronize dependent surfaces: generated code, snapshots, mocks, fixtures, examples, SDK clients, OpenAPI or GraphQL artifacts, README install guidance, migration docs, changelog, Docker/CI docs, and package publish metadata.
|
|
@@ -112,7 +112,7 @@ Review dependency upgrades as runtime, build, security, package, and generated-o
|
|
|
112
112
|
- Direct and transitive changes are understood, not hidden behind lockfile volume.
|
|
113
113
|
- Runtime engine, peer dependency, optional/platform package, feature, module-format, generated-output, and publish-surface risks are classified.
|
|
114
114
|
- Python runtime upgrades classify standard-library availability, changed defaults, packaging output, and security-behavior impact.
|
|
115
|
-
- TypeScript compiler-track changes distinguish stable compiler
|
|
115
|
+
- TypeScript compiler-track changes distinguish TS6 stable API compatibility, TS7 RC compiler verification, TS7 nightly comparison work, and future TS7 stable adoption.
|
|
116
116
|
- Security fixes are narrow unless the user explicitly accepted a broader modernization.
|
|
117
117
|
- Tests and scanners were not weakened to pass the upgrade.
|
|
118
118
|
|
|
@@ -142,7 +142,7 @@ Prefer the narrowest configured intent that proves the actual upgraded dependenc
|
|
|
142
142
|
- If tests fail after an upgrade, do not delete tests, skip tests, loosen assertions, lower coverage, disable scanners, or widen permissions unless the behavior contract intentionally changed and the report says so.
|
|
143
143
|
- If a security upgrade requires broad modernization, split the minimum patch from the modernization when possible.
|
|
144
144
|
- If generated output changes, regenerate from the official generator path and explain the generated diff. Do not hand-edit generated dependency output.
|
|
145
|
-
- If
|
|
145
|
+
- If TS7 RC or nightly verification is introduced, keep the repository's stable, TS6 API, or framework verification unless the repository explicitly adopts the new track and all compiler API, framework wrapper, declaration, and generated-output risks are covered.
|
|
146
146
|
- If configured verification is missing, report the missing command intent instead of inferring a package-manager command.
|
|
147
147
|
|
|
148
148
|
<!-- mustflow-section: output-format -->
|
|
@@ -154,7 +154,7 @@ Prefer the narrowest configured intent that proves the actual upgraded dependenc
|
|
|
154
154
|
- Compatibility classification: patch, minor, major, pre-1.0, security, toolchain, generated-output, Docker, or CI action
|
|
155
155
|
- Runtime, peer, engine, module, feature, platform, generated-output, and publish-surface risks
|
|
156
156
|
- Python runtime, standard-library, packaging, and changed-default risks when relevant
|
|
157
|
-
- TypeScript compiler-track and
|
|
157
|
+
- TypeScript compiler-track, RC, nightly, and API compatibility risks when relevant
|
|
158
158
|
- Security advisory and fixed-range notes when relevant
|
|
159
159
|
- Surfaces synchronized
|
|
160
160
|
- Command intents run
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.elysia-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: elysia-code-change
|
|
9
|
-
description: Apply this skill when Elysia routes, schemas, plugins, decorators, derives, guards, auth, error handling, OpenAPI output, Eden clients, or Bun server behavior are created or changed.
|
|
9
|
+
description: Apply this skill when Elysia routes, schemas, plugins, decorators, derives, resolves, guards, auth, error handling, OpenAPI output, Eden clients, or Bun server behavior are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -33,7 +33,7 @@ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, e
|
|
|
33
33
|
<!-- mustflow-section: use-when -->
|
|
34
34
|
## Use When
|
|
35
35
|
|
|
36
|
-
- `new Elysia`, route methods, `t.Object`, request or response schemas, `.use`, `.guard`, `.derive`, `.decorate`, `.onError`, auth middleware, OpenAPI, Eden, or Bun server tests change.
|
|
36
|
+
- `new Elysia`, route methods, `t.Object`, request or response schemas, `.use`, `.guard`, `.derive`, `.resolve`, `.decorate`, `.onError`, auth middleware, OpenAPI, Eden, or Bun server tests change.
|
|
37
37
|
- The task adds API routes, plugins, validators, error envelopes, authentication, or generated client contracts.
|
|
38
38
|
|
|
39
39
|
<!-- mustflow-section: do-not-use-when -->
|
|
@@ -59,7 +59,8 @@ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, e
|
|
|
59
59
|
|
|
60
60
|
- Define request and response schemas with the route.
|
|
61
61
|
- Keep framework context at the route boundary and move only framework-free business logic into services.
|
|
62
|
-
- Preserve plugin, decorator, derive, and store inference through Elysia chaining.
|
|
62
|
+
- Preserve plugin, decorator, derive, resolve, and store inference through Elysia chaining.
|
|
63
|
+
- Use `.derive` only for intentional pre-validation context shaping. Use `.resolve` by default for auth, session, user, tenant, permission, or other request-derived values that depend on validated headers, body, query, or params.
|
|
63
64
|
- Keep OpenAPI and Eden clients aligned with route schemas when present.
|
|
64
65
|
|
|
65
66
|
<!-- mustflow-section: procedure -->
|
|
@@ -70,9 +71,14 @@ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, e
|
|
|
70
71
|
3. Add or update schemas for every external input and meaningful response status.
|
|
71
72
|
4. Do not annotate handlers with broad `any`, duplicated manual interfaces, or imported `Context` types that erase inference.
|
|
72
73
|
5. Keep request-specific state out of module-level mutable globals.
|
|
73
|
-
6.
|
|
74
|
-
|
|
75
|
-
|
|
74
|
+
6. For request-derived context, choose the lifecycle hook by validation dependency:
|
|
75
|
+
- use `.derive` only when transforming raw request context before validation is intentional;
|
|
76
|
+
- use `.guard()` to apply schema and auth-related validation around a route group;
|
|
77
|
+
- use `.resolve()` inside the validated chain for user, session, tenant, permission, or other values that depend on validated input;
|
|
78
|
+
- check the order between `.resolve()` and `beforeHandle` before relying on a value in an auth or permission hook.
|
|
79
|
+
7. Centralize expected error envelope and auth failure behavior.
|
|
80
|
+
8. If OpenAPI or Eden is used, confirm the generated contract follows the schema change.
|
|
81
|
+
9. Choose configured verification intents that cover types, server boot, route happy path, validation failure, auth failure, OpenAPI, and Eden inference when available.
|
|
76
82
|
|
|
77
83
|
<!-- mustflow-section: postconditions -->
|
|
78
84
|
## Postconditions
|
|
@@ -80,7 +86,7 @@ Preserve Elysia schema-first runtime validation, type inference, plugin, auth, e
|
|
|
80
86
|
- Schemas, runtime validation, and inferred types remain one contract.
|
|
81
87
|
- Error and auth responses are consistent.
|
|
82
88
|
- OpenAPI and Eden impact is known.
|
|
83
|
-
- No route relies on unvalidated input or erased context types.
|
|
89
|
+
- No route relies on unvalidated input, pre-validation auth context, or erased context types.
|
|
84
90
|
|
|
85
91
|
<!-- mustflow-section: verification -->
|
|
86
92
|
## Verification
|
|
@@ -101,6 +107,7 @@ Report missing route, OpenAPI, or Eden verification intents when relevant.
|
|
|
101
107
|
|
|
102
108
|
- If schema and manual types diverge, make schema the source of truth or report the competing contract.
|
|
103
109
|
- If plugin inference breaks after extraction, return context-sensitive code to the Elysia chain or narrow the extraction.
|
|
110
|
+
- If auth or session state is derived before validation through `.derive`, move it to a validated `.guard()` plus `.resolve()` chain or report the validation-order risk.
|
|
104
111
|
- If auth behavior is unclear, stop the route change and inspect or request the auth contract.
|
|
105
112
|
|
|
106
113
|
<!-- mustflow-section: output-format -->
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.external-skill-intake
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 3
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: external-skill-intake
|
|
9
|
-
description: Apply this skill when reviewing third-party SKILL.md files, skill packs, awesome lists, or skill installer recommendations before adapting them into mustflow.
|
|
9
|
+
description: Apply this skill when reviewing third-party SKILL.md files, skill packs, awesome lists, GitHub CLI `gh skill` flows, or skill installer recommendations before adapting them into mustflow.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -36,6 +36,7 @@ External web-testing and session-handoff ideas need extra care: they may be usef
|
|
|
36
36
|
|
|
37
37
|
- The user provides an outside `SKILL.md`, skill folder, skill pack, awesome list, or GitHub skill repository.
|
|
38
38
|
- The task asks whether mustflow should adopt, import, translate, install, or mirror an external skill.
|
|
39
|
+
- The task reviews a GitHub CLI `gh skill` search, preview, install, update, list, or publish workflow as external skill input.
|
|
39
40
|
- A proposed skill includes helper scripts, references, assets, command recipes, external services, dependencies, permissions, or tool-specific policy.
|
|
40
41
|
- A skill recommendation from another agent needs to be converted into a mustflow-native procedure.
|
|
41
42
|
- An external skill suggests Playwright-style web testing, browser sessions, development servers, session handoffs, progress files, or agent memory records.
|
|
@@ -53,7 +54,7 @@ External web-testing and session-handoff ideas need extra care: they may be usef
|
|
|
53
54
|
|
|
54
55
|
- External source identity: repository, URL, local path, package name, author or organization, and checked date or revision when available.
|
|
55
56
|
- License or provenance evidence, or an explicit note that it was not visible.
|
|
56
|
-
- External skill shape: `SKILL.md`, helper `scripts/`, `references/`, `assets/`, generated artifacts, package assumptions, and
|
|
57
|
+
- External skill shape: `SKILL.md`, helper `scripts/`, `references/`, `assets/`, generated artifacts, package assumptions, install instructions, and any `gh skill` provenance metadata such as repository, ref, commit, or tree SHA.
|
|
57
58
|
- Intended mustflow outcome: reject, defer, update an existing skill, create a new mustflow-native skill, or keep only a research note.
|
|
58
59
|
- Existing mustflow skills that may overlap, plus the profile where any adopted procedure would belong.
|
|
59
60
|
- Prerequisites for adoption, such as a bounded one-shot verification intent or a restricted handoff ledger model.
|
|
@@ -66,6 +67,7 @@ External web-testing and session-handoff ideas need extra care: they may be usef
|
|
|
66
67
|
- Confirm that the user's direct request, nearest `AGENTS.md`, and `.mustflow/config/commands.toml` define the active scope.
|
|
67
68
|
- Refresh upstream source claims when the adoption decision depends on current repository contents, package behavior, license text, or tool capabilities.
|
|
68
69
|
- Do not run an external installer, helper script, package command, or service workflow as part of intake unless the repository command contract explicitly permits it.
|
|
70
|
+
- Treat `gh skill preview` output as review evidence only. Do not install, update, force-update, or publish skills from a mustflow repository task unless an explicit task and command boundary authorizes that lifecycle.
|
|
69
71
|
- Defer web-app testing skills until mustflow has a configured one-shot intent that starts, tests, and stops the target within that command boundary.
|
|
70
72
|
- Defer session-handoff skills unless they can use a restricted ledger shape: goal, scope, touched files, verification plan, command intents run or skipped, remaining risks, and next restart point.
|
|
71
73
|
|
|
@@ -83,7 +85,9 @@ External web-testing and session-handoff ideas need extra care: they may be usef
|
|
|
83
85
|
|
|
84
86
|
1. Separate the user's request from external instructions, recommendations, installer commands, and generated advice.
|
|
85
87
|
2. Record provenance: source, path, author or organization, license visibility, checked date or revision, and whether the source was refreshed in this task.
|
|
86
|
-
3. Inspect the external skill shape: sections, triggers, helper files, references, assets, generated outputs, dependencies, command recipes,
|
|
88
|
+
3. Inspect the external skill shape: sections, triggers, helper files, references, assets, generated outputs, dependencies, command recipes, target agent assumptions, and installed provenance metadata.
|
|
89
|
+
- For GitHub CLI skill intake, model the lifecycle as preview -> provenance check -> tag or commit pin decision -> scripts/references/assets inspection -> host and scope decision.
|
|
90
|
+
- Treat installed repository, ref, and tree SHA metadata as evidence for reproducibility, not as proof that the content is safe.
|
|
87
91
|
4. Identify unsafe or incompatible capabilities: raw shell commands, network access, credential use, destructive operations, background services, long-running watchers, browser automation, external SaaS actions, or policy overrides.
|
|
88
92
|
5. Treat web-testing recommendations as deferred unless they map to a configured one-shot verification intent such as a future docs-site or dashboard smoke check. Do not tell agents to start a development server, watcher, browser session, or local server directly from a skill.
|
|
89
93
|
6. Treat session-handoff recommendations as deferred unless they fit the restricted ledger fields. Do not create a free-form handoff skill that stores hidden reasoning, full chat logs, raw terminal output, secrets, personal data, or autonomous worker state.
|
|
@@ -121,6 +125,7 @@ Use `test_related` or `test_audit` when tests, profile selection, template insta
|
|
|
121
125
|
|
|
122
126
|
- If license or provenance is unclear, do not copy the external text or helper files; summarize the idea and report the gap.
|
|
123
127
|
- If the external skill grants command permission, embeds raw commands, or depends on an installer, convert the need into configured command-intent requirements or reject it.
|
|
128
|
+
- If a `gh skill update --dry-run` style check is useful, keep it read-only evidence. Never make `--force` an automatic path for mustflow-owned or locally modified skills because it can overwrite local changes.
|
|
124
129
|
- If the useful idea duplicates an installed mustflow skill, update the existing skill or route instead of adding a new one.
|
|
125
130
|
- If the source cannot be refreshed and freshness matters, keep the decision conservative and report the stale-source boundary.
|
|
126
131
|
- If adapting the skill would require broad localization, dependency, or runtime changes, defer the adoption and capture the narrower prerequisite.
|
|
@@ -136,6 +141,6 @@ Use `test_related` or `test_audit` when tests, profile selection, template insta
|
|
|
136
141
|
- Unsafe or incompatible capabilities found
|
|
137
142
|
- Adoption decision
|
|
138
143
|
- mustflow-native changes made or deferred
|
|
139
|
-
- Deferred prerequisites such as bounded web-smoke intent
|
|
144
|
+
- Deferred prerequisites such as bounded web-smoke intent, restricted handoff ledger, or explicit external skill lifecycle boundary
|
|
140
145
|
- Command intents run
|
|
141
146
|
- Remaining intake risks
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.rate-limit-integrity-review
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: rate-limit-integrity-review
|
|
@@ -209,9 +209,12 @@ contract, observability, and operator escape hatch?"
|
|
|
209
209
|
- Emit a machine-readable error code and `Retry-After` when a well-behaved client can wait.
|
|
210
210
|
- If `Retry-After` and `RateLimit` hints disagree, `Retry-After` should govern immediate client
|
|
211
211
|
behavior.
|
|
212
|
-
-
|
|
213
|
-
`
|
|
214
|
-
|
|
212
|
+
- `RateLimit` and `RateLimit-Policy` are defined by the active IETF Internet-Draft
|
|
213
|
+
`draft-ietf-httpapi-ratelimit-headers-11`, intended for Standards Track but not yet an RFC.
|
|
214
|
+
Treat their structured field details as draft-revision-specific, and refresh the draft before
|
|
215
|
+
writing durable standards claims.
|
|
216
|
+
- `RateLimit` and `RateLimit-Policy` may coexist with legacy `X-RateLimit-*`, but do not assume
|
|
217
|
+
every client or proxy gives legacy headers the same meaning.
|
|
215
218
|
- Do not reveal exact internal capacity, shard counts, provider quotas, attack thresholds, or
|
|
216
219
|
sensitive account state in public responses.
|
|
217
220
|
- During active abuse, silent drop, generic denial, or coarser hints can be safer than a perfect
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.rust-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 5
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: rust-code-change
|
|
@@ -98,7 +98,8 @@ instead of treated as incidental.
|
|
|
98
98
|
environment and verification choices that must be reported when they dominate iteration cost.
|
|
99
99
|
4. Determine the Rust version contract before using newer syntax or standard-library APIs:
|
|
100
100
|
- treat `rust-version`, edition, `rust-toolchain.toml`, CI matrix, docs.rs metadata, and downstream compatibility notes as the MSRV evidence ledger;
|
|
101
|
-
-
|
|
101
|
+
- before using newer APIs, build an API-specific MSRV ledger instead of relying on a broad release bucket. Examples that need exact checking include `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`;
|
|
102
|
+
- do not use any newer API unless the declared MSRV, edition, CI matrix, docs.rs metadata, and toolchain path support that exact API;
|
|
102
103
|
- keep experimental, nightly-only, target-specific, or edition-specific behavior behind explicit gates or fallbacks instead of calling it general Rust advice.
|
|
103
104
|
5. Prefer flatter control flow when the MSRV supports it: use `let else` for early validation, let chains for related optional/result guards, and match `if let` guards for state-machine refinements. Remember that guard patterns do not satisfy match exhaustiveness; keep the fallback arm meaningful.
|
|
104
105
|
6. In tests, prefer `assert_matches!` over `assert!(matches!(...))` when the MSRV supports it and the failed value has useful `Debug` output. Import it explicitly from `std` or `core`; do not assume it is in the prelude.
|
|
@@ -133,7 +134,7 @@ Reject or revise the patch when any of these appear without strong local justifi
|
|
|
133
134
|
|
|
134
135
|
- New large `clone()` calls, clone-then-borrow code, loop clones, or state clones used only to appease ownership errors.
|
|
135
136
|
- New `Arc<Mutex<AppState>>`-style shared bags, locks held across `.await`, or async I/O resources shared mainly by mutex.
|
|
136
|
-
- New Rust
|
|
137
|
+
- New version-gated Rust API usage without API-specific MSRV, `rust-version`, edition, toolchain, CI, or fallback evidence.
|
|
137
138
|
- New `LazyLock` initialization for recoverable runtime configuration where permanent panic poisoning would be the wrong failure policy.
|
|
138
139
|
- New `spare_capacity_mut` plus `set_len` without a narrow, proven initialization invariant.
|
|
139
140
|
- New public `impl Trait`, `Deref`, GAT, workspace resolver, feature, or `rust-version` change without public API and compatibility review.
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.skill-authoring
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 9
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: skill-authoring
|
|
@@ -75,6 +75,7 @@ Create narrow, repeatable mustflow skill procedures without turning skills into
|
|
|
75
75
|
8. Reference command intent names only. Do not include raw shell command blocks or claim that the skill authorizes command execution.
|
|
76
76
|
9. Update `.mustflow/skills/INDEX.md` with a compact route that includes trigger, required input, edit scope, risk, verification intents, and expected output.
|
|
77
77
|
10. If the skill is installed by a template, update the canonical skill copy plus installation metadata, package tests, and public docs that list installed files. Do not fan out routine skill edits into every localized skill copy by default; localized skill copies may be absent, and non-source template locales should fall back to the canonical source-locale skill text unless locale-specific skill text is intentionally maintained and translation review is available.
|
|
78
|
+
11. If a portable Agent Skills artifact is part of the task, create or validate it as a derived export, not as the mustflow-native canonical source. Use portable-only top-level fields and string-to-string metadata. A `gh skill publish --dry-run` check may validate the export artifact when available, but `gh skill publish --fix` must be limited to the export directory because it can remove installed provenance metadata and mustflow-native fields.
|
|
78
79
|
|
|
79
80
|
<!-- mustflow-section: postconditions -->
|
|
80
81
|
## Postconditions
|
|
@@ -109,6 +110,7 @@ If the skill changes tests or behavior-sensitive template output, also use the r
|
|
|
109
110
|
- Quality gate result and overlap decision
|
|
110
111
|
- Command intents referenced
|
|
111
112
|
- Template or localization metadata updated
|
|
113
|
+
- Portable export validation result when relevant
|
|
112
114
|
- Command intents run
|
|
113
115
|
- Skipped command intents and reasons
|
|
114
116
|
- Remaining overlap, translation, or validation risks
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.skill-refresh
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: skill-refresh
|
|
@@ -65,7 +65,7 @@ source freshness, routing metadata, helper-file alignment, and verification evid
|
|
|
65
65
|
- Existing behavior contract: trigger, non-trigger, required inputs, allowed edits, outputs,
|
|
66
66
|
command intents, forbidden actions, runtime assumptions, and package boundaries.
|
|
67
67
|
- Runtime target: mustflow-native, Codex-native, Claude-native, portable Agent Skills compatible,
|
|
68
|
-
or intentionally product-specific.
|
|
68
|
+
GitHub CLI `gh skill` lifecycle, or intentionally product-specific.
|
|
69
69
|
- Source ledger: repository-owned sources, official upstream sources, external recommendations,
|
|
70
70
|
checked date or revision, and any source that could not be refreshed.
|
|
71
71
|
- Package ledger: `scripts/`, `references/`, `assets/`, relative links, UI metadata, route metadata,
|
|
@@ -97,6 +97,8 @@ source freshness, routing metadata, helper-file alignment, and verification evid
|
|
|
97
97
|
- Do not copy external prose verbatim without a provenance and license decision.
|
|
98
98
|
- Do not add product-specific fields to a portable skill unless the runtime mode intentionally
|
|
99
99
|
supports them.
|
|
100
|
+
- Do not make a mustflow-native canonical skill pretend to be portable by deleting mustflow
|
|
101
|
+
lifecycle metadata. Export portable Agent Skills as a derived profile instead.
|
|
100
102
|
- Do not write research logs, broad changelogs, or freshness ledgers into the executable skill
|
|
101
103
|
package unless they are required inputs for the skill's operation.
|
|
102
104
|
|
|
@@ -136,6 +138,15 @@ source freshness, routing metadata, helper-file alignment, and verification evid
|
|
|
136
138
|
6. Decide runtime mode before editing frontmatter or fields. Keep mustflow-native metadata for
|
|
137
139
|
mustflow skills. For cross-runtime skills, separate portable guidance from Codex-native,
|
|
138
140
|
Claude-native, or other product-specific extensions instead of mixing incompatible fields.
|
|
141
|
+
- mustflow-native canonical skills may keep `mustflow_doc`, `locale`, `canonical`, `revision`,
|
|
142
|
+
`lifecycle`, `authority`, and structured `metadata.command_intents`.
|
|
143
|
+
- portable Agent Skills exports should contain only portable top-level fields such as `name`,
|
|
144
|
+
`description`, optional `license`, optional `compatibility`, optional string-to-string
|
|
145
|
+
`metadata`, and optional `allowed-tools`.
|
|
146
|
+
- When exporting portable skills, serialize mustflow-only fields into namespaced string metadata
|
|
147
|
+
only when useful, convert arrays such as `command_intents` to JSON strings or omit them, and
|
|
148
|
+
run portable validation only against the exported artifact.
|
|
149
|
+
- Do not run portable fixers against canonical mustflow sources.
|
|
139
150
|
7. Treat `description` as routing code. Put the strongest positive trigger and the most important
|
|
140
151
|
exclusion near the front. Avoid generic descriptions that overlap with broad authoring, docs, or
|
|
141
152
|
review skills.
|
|
@@ -157,6 +168,10 @@ source freshness, routing metadata, helper-file alignment, and verification evid
|
|
|
157
168
|
laundering, hidden network use, credential access, absolute paths, home-directory scanning,
|
|
158
169
|
prompt injection, symlink escape, broad file writes, or mismatch between prose and script
|
|
159
170
|
behavior.
|
|
171
|
+
For GitHub CLI skill flows, compare installed tree SHA, current upstream tree SHA, and local
|
|
172
|
+
modifications as a three-way refresh problem. Treat `gh skill update --dry-run` as read-only
|
|
173
|
+
evidence when available, and never make `--force` automatic for mustflow-owned or modified
|
|
174
|
+
skills.
|
|
160
175
|
13. Preserve user edits through a three-way mindset:
|
|
161
176
|
- old baseline;
|
|
162
177
|
- current user-edited skill;
|
|
@@ -209,6 +224,8 @@ package output, public docs, or release-sensitive template output changed.
|
|
|
209
224
|
|
|
210
225
|
- If the target runtime cannot be identified, keep the refresh portable and report product-specific
|
|
211
226
|
claims as deferred.
|
|
227
|
+
- If portable Agent Skills compatibility is requested, validate a derived export profile instead of
|
|
228
|
+
weakening the mustflow-native canonical schema.
|
|
212
229
|
- If a source cannot be refreshed and the claim is high drift, omit the claim or mark it as
|
|
213
230
|
snapshot-only instead of embedding it as current.
|
|
214
231
|
- If route overlap is detected, tighten `description`, Use When, and Do Not Use When before adding
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.tailwind-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 4
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: tailwind-code-change
|
|
@@ -34,7 +34,7 @@ Preserve Tailwind static class detection, design tokens, bounded variants, respo
|
|
|
34
34
|
## Use When
|
|
35
35
|
|
|
36
36
|
- Tailwind `class`, `className`, `@apply`, `@theme`, `@source`, `@reference`, config, source scanning, safelist, theme tokens, variants, arbitrary values, or component class composition change.
|
|
37
|
-
- The task touches Tailwind v3/v4 migration, CSS-first configuration, token addition, responsive modifiers, state modifiers, `clsx`/`cn`, CVA-style variant helpers, `source(none)`, `@source inline`, `@source not inline`, or production CSS generation risk.
|
|
37
|
+
- The task touches Tailwind v3/v4 migration, CSS-first configuration, token addition, responsive modifiers, state modifiers, `clsx`/`cn`, CVA-style variant helpers, `source(none)`, `@source inline()`, `@source not inline()`, path `@source`, path `@source not`, or production CSS generation risk.
|
|
38
38
|
- Component APIs accept status, tone, intent, size, column count, color, spacing, or class-related props that affect Tailwind utilities.
|
|
39
39
|
|
|
40
40
|
<!-- mustflow-section: do-not-use-when -->
|
|
@@ -57,7 +57,8 @@ Preserve Tailwind static class detection, design tokens, bounded variants, respo
|
|
|
57
57
|
|
|
58
58
|
- Confirm how Tailwind detects source classes before changing class composition, helper-file location, or CSS entry imports.
|
|
59
59
|
- Identify whether the project is using Tailwind v3 config safelists or Tailwind v4 CSS source directives.
|
|
60
|
-
- Identify whether Tailwind v4 source detection is automatic, disabled with `source(none)`, extended with `@source`, or narrowed with `@source not inline`.
|
|
60
|
+
- Identify whether Tailwind v4 source detection is automatic, disabled with `source(none)`, extended with path `@source`, narrowed with path `@source not`, expanded with candidate `@source inline()`, or narrowed with candidate `@source not inline()`.
|
|
61
|
+
- For Tailwind v4 migration, check browser support floors before recommending v4. If the project still supports browsers below Safari 16.4, Chrome 111, or Firefox 128, keep v3.4 as the safer maintenance track unless project policy changes.
|
|
61
62
|
- Identify tokens, variant helpers, and semantic visual states before adding arbitrary values or raw colors.
|
|
62
63
|
- Confirm whether affected components are local one-offs, shared components, or public design-system surfaces.
|
|
63
64
|
|
|
@@ -67,8 +68,9 @@ Preserve Tailwind static class detection, design tokens, bounded variants, respo
|
|
|
67
68
|
- Use full static class strings that the build can detect.
|
|
68
69
|
- Use existing theme tokens before arbitrary values or raw colors.
|
|
69
70
|
- Use static maps, component extraction, or variant helpers for finite repeated variants.
|
|
70
|
-
- Use safelists or `@source inline` only for finite class candidates that cannot appear in scanned source.
|
|
71
|
-
- Use `@source not inline`
|
|
71
|
+
- Use safelists or `@source inline()` only for finite class candidates that cannot appear in scanned source.
|
|
72
|
+
- Use `@source not inline()` to block known false-positive class candidates when generated CSS would otherwise include unwanted utilities.
|
|
73
|
+
- Use path `@source` to add scan sources and path `@source not` to exclude scan sources. Do not confuse those with candidate safelist or blocklist directives.
|
|
72
74
|
- Use `@reference` when component-scoped styles need access to Tailwind theme variables, custom utilities, or variants without duplicating emitted CSS.
|
|
73
75
|
- Use inline styles plus CSS variables for unbounded runtime values such as tenant, database, or user-provided colors.
|
|
74
76
|
- Keep hover, focus-visible, disabled, aria/data, dark, and motion variants aligned with existing component behavior.
|
|
@@ -78,12 +80,12 @@ Preserve Tailwind static class detection, design tokens, bounded variants, respo
|
|
|
78
80
|
|
|
79
81
|
1. Read Tailwind config or CSS entry, scanning rules, theme tokens, helpers, and nearby components.
|
|
80
82
|
2. Classify the change: token, utility usage, dynamic variant, component extraction, responsive state, accessibility state, or migration.
|
|
81
|
-
3. For Tailwind v4, classify CSS-first configuration before touching utility usage: `@theme`, `@utility`, `@variant`, `@custom-variant`, `@source`, `@source inline`, `@source not inline`, `source(none)`, and `@reference`. Do not apply v3 config instincts to a v4 CSS entry without checking the project pattern.
|
|
83
|
+
3. For Tailwind v4, classify CSS-first configuration before touching utility usage: `@theme`, `@utility`, `@variant`, `@custom-variant`, path `@source`, path `@source not`, candidate `@source inline()`, candidate `@source not inline()`, `source(none)`, and `@reference`. Do not apply v3 config instincts to a v4 CSS entry without checking the project pattern.
|
|
82
84
|
4. Treat every Tailwind class as a complete build-time token. Reject runtime interpolation, concatenation, array joins, or fragment assembly for utilities such as color, spacing, grid count, span, tone, or arbitrary values.
|
|
83
85
|
5. For finite choices, use a static map with semantic keys and full class strings. Good keys describe UI meaning such as `danger`, `muted`, `compact`, or `featured`; bad keys store Tailwind fragments such as `red`, `600`, or `cols-3` for later assembly.
|
|
84
86
|
6. Use a CVA-style variant helper only when a shared component has multiple variant axes, defaults, or compound variants. The helper must still contain full static class strings.
|
|
85
87
|
7. Use safelists only as a last resort for finite candidates that cannot be present in source files. Tailwind v4 projects should express this through the project's CSS source policy; Tailwind v3 maintenance projects may use config safelists when that is the existing pattern. Do not safelist broad palettes or unbounded ranges to avoid fixing a bad component API.
|
|
86
|
-
8. Keep `@source inline` bounded, named, and close to the CSS entry policy. If `source(none)` disables automatic detection, require explicit source includes for every package, app, and external component source that owns utilities. Use `@source not inline` for known false
|
|
88
|
+
8. Keep `@source inline()` bounded, named, and close to the CSS entry policy. If `source(none)` disables automatic detection, require explicit path `@source` includes for every package, app, and external component source that owns utilities. Use `@source not inline()` for known false-positive class candidates, and path `@source not` for excluded scan locations, instead of relying on accidental absence.
|
|
87
89
|
9. Use inline style plus a CSS variable bridge for unbounded runtime values from databases, APIs, tenants, CMS content, or user input. Do not try to mint Tailwind class names from unbounded values.
|
|
88
90
|
10. Treat arbitrary values as escape hatches. Allow them for one-off asset alignment, complex grid templates, complex calculations, local CSS variable assignment, or values that cannot be expressed with regular utilities.
|
|
89
91
|
11. Reject arbitrary raw colors in component markup, arbitrary spacing that approximates existing scale values, arbitrary container widths, arbitrary radius or shadow used as a hidden token, and repeated arbitrary values. Repeated values must be promoted to a semantic design token or component variant.
|
|
@@ -106,7 +108,7 @@ Preserve Tailwind static class detection, design tokens, bounded variants, respo
|
|
|
106
108
|
- Dynamic visual state must be represented by exactly one of: static map entry, variant helper entry, explicit safelist entry, or CSS variable bridge.
|
|
107
109
|
- Status, tone, intent, size, density, and column props are closed sets until proven otherwise. Model them as finite typed variants, not string fragments.
|
|
108
110
|
- Production CSS is the contract. If a class only exists after runtime string construction, assume production CSS may omit it.
|
|
109
|
-
- `@source inline`, `@source not inline`, and `source(none)` are part of the production CSS generation contract. Review them as carefully as code that uses utilities.
|
|
111
|
+
- Path `@source`, path `@source not`, candidate `@source inline()`, candidate `@source not inline()`, and `source(none)` are part of the production CSS generation contract. Review them as carefully as code that uses utilities.
|
|
110
112
|
|
|
111
113
|
<!-- mustflow-section: token-policy -->
|
|
112
114
|
## Token Policy
|
|
@@ -130,7 +132,8 @@ Reject the change when:
|
|
|
130
132
|
- Component-scoped `@apply` or `@variant` relies on Tailwind globals without the needed `@reference` boundary.
|
|
131
133
|
- A public component exposes unconstrained Tailwind class fragments.
|
|
132
134
|
- A safelist covers broad palettes, broad numeric ranges, or unknown runtime values.
|
|
133
|
-
- `@source inline` covers broad palettes, broad numeric ranges, or unknown runtime values.
|
|
135
|
+
- `@source inline()` covers broad palettes, broad numeric ranges, or unknown runtime values.
|
|
136
|
+
- Tailwind v4 is recommended while the project still promises browsers below the v4 floor such as Safari 16.4, Chrome 111, or Firefox 128.
|
|
134
137
|
- `source(none)` is used without explicit source includes for all utility-owning files.
|
|
135
138
|
- `space-*` is used where wrapped or reordered children require `gap`.
|
|
136
139
|
- Conflicting utilities are present on the same element.
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.typescript-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 4
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: typescript-code-change
|
|
9
|
-
description: Apply this skill when TypeScript source, declarations, tsconfig, package exports, module resolution, compiler-version behavior, TypeScript 6-to-7 migration surfaces,
|
|
9
|
+
description: Apply this skill when TypeScript source, declarations, tsconfig, package exports, module resolution, compiler-version behavior, TypeScript 6-to-7 migration surfaces, TypeScript 7 RC or nightly tooling, type safety, or TypeScript tests are created or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -35,7 +35,7 @@ Preserve TypeScript's type, runtime validation, module, build, and public API bo
|
|
|
35
35
|
|
|
36
36
|
- `.ts`, `.tsx`, `.mts`, `.cts`, `*.d.ts`, `tsconfig*.json`, package entry metadata, exports, declarations, runtime validators, or TypeScript tests change.
|
|
37
37
|
- The task touches module resolution, ESM/CJS interop, public package API, path aliases, generated declarations, or strict type errors.
|
|
38
|
-
- The task touches TypeScript compiler major-version behavior, TypeScript 6 transition deprecations, TypeScript 7
|
|
38
|
+
- The task touches TypeScript compiler major-version behavior, TypeScript 6 transition deprecations, TypeScript 7 RC comparison, TypeScript 7 nightly comparison, `@typescript/typescript6`, `tsc6`, `typescript@rc`, `@typescript/native-preview`, `tsgo`, compiler API use, declaration emit comparison, or editor language-service behavior.
|
|
39
39
|
- The task touches external inputs such as JSON, HTTP responses, environment variables, config files, form data, URL params, local storage, message events, queue payloads, or user-provided objects.
|
|
40
40
|
- A framework component written in TypeScript changes its props, events, routes, loader data, or exported types.
|
|
41
41
|
|
|
@@ -52,7 +52,7 @@ Preserve TypeScript's type, runtime validation, module, build, and public API bo
|
|
|
52
52
|
- Relevant `package.json`, `tsconfig*.json`, lockfile, build config, test config, and package entry files.
|
|
53
53
|
- Existing source entrypoints, public exports, declaration files, validators, schemas, type tests, and nearby tests.
|
|
54
54
|
- The target runtime and module system: Node, browser, worker, Bun, edge, ESM, CJS, or mixed boundary.
|
|
55
|
-
- TypeScript compiler track and tooling entrypoint when relevant: `typescript`
|
|
55
|
+
- TypeScript compiler track and tooling entrypoint when relevant: TS6 stable API track through `@typescript/typescript6` and `tsc6`, TS7 RC compiler track through `typescript@rc` and `tsc`, TS7 nightly track through `@typescript/native-preview` and `tsgo`, future TS7 stable track through the stable `typescript` package, framework typecheck wrappers, editor extension settings, and any compiler API consumers.
|
|
56
56
|
- Package API metadata when relevant: `type`, `main`, `module`, `browser`, `exports`, `types`, `typings`, `typesVersions`, `files`, `bin`, `sideEffects`, and documented import paths.
|
|
57
57
|
- Existing verification intents from the repository command contract.
|
|
58
58
|
|
|
@@ -72,7 +72,7 @@ Preserve TypeScript's type, runtime validation, module, build, and public API bo
|
|
|
72
72
|
- Keep public runtime exports and declaration exports aligned.
|
|
73
73
|
- Add focused tests or type tests only when they protect the changed contract.
|
|
74
74
|
- Use existing schema validators or narrowly scoped type guards and assertion functions for external input boundaries.
|
|
75
|
-
- Compare
|
|
75
|
+
- Compare TS6 `tsc6`, TS7 RC `tsc`, and optionally TS7 nightly `tsgo` only as a bounded migration or diagnostics exercise when repository tooling explicitly supports those tracks.
|
|
76
76
|
- Do not weaken compiler, lint, module, package, or test boundaries to make the task appear complete.
|
|
77
77
|
|
|
78
78
|
<!-- mustflow-section: procedure -->
|
|
@@ -95,10 +95,15 @@ Preserve TypeScript's type, runtime validation, module, build, and public API bo
|
|
|
95
95
|
15. Inspect generated declarations when package surfaces change. Declaration files must not leak source-only aliases, private paths, workspace-only package names, unpublished internal paths, or accidental public re-exports.
|
|
96
96
|
16. For TypeScript 6 migration work, treat deprecation warnings as future TypeScript 7 removal risk. `ignoreDeprecations` is a temporary compatibility valve, not proof that the project is ready for 7.0. Prefer removing deprecated options and updating resolver or module choices to match the project runtime.
|
|
97
97
|
17. Treat TypeScript 6 `--stableTypeOrdering` as a migration comparison tool for declaration and error-order differences, not as a permanent performance-neutral default. If it changes errors or declaration output, look for inference or declaration-stability issues instead of snapshotting noise.
|
|
98
|
-
18. For TypeScript 7
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
98
|
+
18. For TypeScript 7 migration work, keep the tracks separate:
|
|
99
|
+
- TS6 stable API track: `@typescript/typescript6` and `tsc6` for compiler API, transformer, ESLint, framework wrapper, and peer-dependency compatibility.
|
|
100
|
+
- TS7 RC compiler track: `typescript@rc` and `tsc` for RC compiler verification.
|
|
101
|
+
- TS7 nightly track: `@typescript/native-preview` and `tsgo` for nightly diagnostics only.
|
|
102
|
+
- Future TS7 stable track: stable `typescript` once upstream publishes TypeScript 7 on the normal stable path.
|
|
103
|
+
19. Keep compiler API consumers, language-service plugins, custom transformers, and framework typecheck wrappers on the TS6 API track until their owners explicitly support the TS7 API surface. Treat TS7 RC `tsc` as compiler verification, not proof that JavaScript compiler API consumers can migrate.
|
|
104
|
+
20. When comparing TS6 `tsc6`, TS7 RC `tsc`, and optional TS7 nightly `tsgo`, classify differences before editing code: real type error, declaration emit order or printback noise, unsupported option, unsupported API, watch or incremental behavior gap, language-service gap, generated-output drift, or framework wrapper mismatch.
|
|
105
|
+
21. Do not treat faster TS7 RC or nightly results as sufficient verification. Keep the repository's existing `tsc`, `tsc6`, or framework typecheck as the compatibility baseline until repository policy explicitly adopts a different compiler track.
|
|
106
|
+
22. Choose the narrowest configured verification intents that cover typecheck, lint, tests, build output, declarations, package contract risk, and downstream-style consumer risk.
|
|
102
107
|
|
|
103
108
|
<!-- mustflow-section: assertion-policy -->
|
|
104
109
|
## Assertion Policy
|
|
@@ -120,7 +125,7 @@ Rejected by default:
|
|
|
120
125
|
- Implementation `@ts-ignore`.
|
|
121
126
|
- Compiler setting downgrades such as disabling strictness, null checking, indexed access safety, or declaration checking to make the patch pass.
|
|
122
127
|
- Treating TypeScript 6 deprecation suppression as a long-term fix.
|
|
123
|
-
- Replacing stable `tsc` verification with
|
|
128
|
+
- Replacing stable `tsc`, TS6 `tsc6`, or framework verification with TS7 RC or nightly verification without an explicit repository policy and compatibility evidence.
|
|
124
129
|
|
|
125
130
|
<!-- mustflow-section: public-api-policy -->
|
|
126
131
|
## Public API Policy
|
|
@@ -148,8 +153,8 @@ Reject or revise the patch when any of these appear without explicit evidence an
|
|
|
148
153
|
- Package entry metadata changes without checking runtime entry, type entry, declaration output, and supported resolver modes.
|
|
149
154
|
- `skipLibCheck` or weakened strictness is used as release validation for a library/package.
|
|
150
155
|
- TypeScript 6-to-7 migration warnings are silenced instead of classified and either fixed or reported.
|
|
151
|
-
-
|
|
152
|
-
- Compiler API, transformer, language-service, or framework typecheck surfaces are moved
|
|
156
|
+
- TS7 RC or nightly output differences are accepted as harmless without classification.
|
|
157
|
+
- Compiler API, transformer, language-service, or framework typecheck surfaces are moved off the TS6 API track without compatibility proof.
|
|
153
158
|
|
|
154
159
|
<!-- mustflow-section: postconditions -->
|
|
155
160
|
## Postconditions
|
|
@@ -159,7 +164,7 @@ Reject or revise the patch when any of these appear without explicit evidence an
|
|
|
159
164
|
- Runtime exports, type exports, and declaration output agree.
|
|
160
165
|
- Assertions are narrow, justified, and contained.
|
|
161
166
|
- Any public API or module-system risk is reported.
|
|
162
|
-
- TypeScript 6/7 migration,
|
|
167
|
+
- TypeScript 6/7 migration, RC, nightly, stable, and compiler-entrypoint risks are classified when relevant.
|
|
163
168
|
- No type-checking or test guard was weakened without an explicit user request and risk report.
|
|
164
169
|
|
|
165
170
|
<!-- mustflow-section: verification -->
|
|
@@ -176,7 +181,7 @@ Use configured oneshot command intents when available:
|
|
|
176
181
|
|
|
177
182
|
If a package API changes, include the configured release or package-surface verification when available.
|
|
178
183
|
|
|
179
|
-
Report whether configured verification exists for declaration output, package artifact contents, downstream-style consumer fixtures, minimum supported TypeScript version, latest supported TypeScript version,
|
|
184
|
+
Report whether configured verification exists for declaration output, package artifact contents, downstream-style consumer fixtures, minimum supported TypeScript version, latest supported TypeScript version, TS6/TS7 RC comparison, optional TS7 nightly comparison, ESM, CJS, and bundler-style resolution when those surfaces change.
|
|
180
185
|
|
|
181
186
|
<!-- mustflow-section: failure-handling -->
|
|
182
187
|
## Failure Handling
|
|
@@ -185,8 +190,8 @@ Report whether configured verification exists for declaration output, package ar
|
|
|
185
190
|
- If external input has no validation pattern, add a narrow validator/guard/assertion or report the missing boundary instead of casting.
|
|
186
191
|
- If module resolution is unclear, inspect the package and compiler configuration before changing imports.
|
|
187
192
|
- If generated declaration output cannot be inspected, report the package API risk and the missing verification intent.
|
|
188
|
-
- If
|
|
189
|
-
- If a framework, plugin, transformer, or compiler API consumer depends on the JavaScript compiler implementation, do not
|
|
193
|
+
- If TS7 RC or nightly disagrees with the repository's TS6 or stable baseline, keep the baseline as the compatibility path, classify the difference, and report whether it is a project bug, compiler bug, unsupported feature, or expected declaration/order drift.
|
|
194
|
+
- If a framework, plugin, transformer, or compiler API consumer depends on the JavaScript compiler implementation, do not move it off the TS6 API track unless the dependency explicitly supports that path.
|
|
190
195
|
- If verification commands are missing, report the missing intents instead of inventing package-manager commands.
|
|
191
196
|
|
|
192
197
|
<!-- mustflow-section: output-format -->
|
|
@@ -196,7 +201,7 @@ Report whether configured verification exists for declaration output, package ar
|
|
|
196
201
|
- Files changed
|
|
197
202
|
- Type and module safety notes
|
|
198
203
|
- Public API or declaration impact
|
|
199
|
-
- Compiler-version or
|
|
204
|
+
- Compiler-version, RC, nightly, or API-track notes
|
|
200
205
|
- Command intents run
|
|
201
206
|
- Skipped checks and reasons
|
|
202
207
|
- Remaining TypeScript risk
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.unocss-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 4
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: unocss-code-change
|
|
@@ -56,7 +56,7 @@ Preserve UnoCSS extraction, preset, shortcut, rule, safelist, blocklist, variant
|
|
|
56
56
|
|
|
57
57
|
- Confirm extraction targets before adding utilities or moving class maps.
|
|
58
58
|
- Identify whether the project uses default pipeline extraction, explicit `content.pipeline.include`, `@unocss-include`, safelist, or custom extractors.
|
|
59
|
-
- Identify whether the project uses the classic preset stack, `presetWind4`, theme compatibility tokens, shortcut layers, variant groups, icons, attributify, directives, or framework-specific plugin order.
|
|
59
|
+
- Identify whether the project uses the classic preset stack, `presetWind4`, theme compatibility tokens, shortcut layers, variant groups, icons, attributify, directives, reset packages, compatibility presets, or framework-specific plugin order.
|
|
60
60
|
- Identify whether shortcuts, rules, variants, or safelist entries are design-system vocabulary or one-off hiding places.
|
|
61
61
|
- If the config is unclear, do not introduce attributify, custom rules, custom variants, broad shortcuts, or broad safelists. Use plain `class` utilities with complete static strings.
|
|
62
62
|
|
|
@@ -82,7 +82,16 @@ Preserve UnoCSS extraction, preset, shortcut, rule, safelist, blocklist, variant
|
|
|
82
82
|
6. Keep safelists small, finite, named, and bounded by approved token lists and maximum generated count. Treat feature-local safelists over 50 classes, shared safelists over 200 classes, or total safelists over 300 classes as design/extraction failures unless explicitly justified.
|
|
83
83
|
7. Do not generate safelists from whole theme objects, full color palettes, all shades, all spacing values, all breakpoints, or broad property and variant multiplication.
|
|
84
84
|
8. Use token allowlists before writing shortcuts, rules, variants, or safelists. Do not use every theme key as an allowed product value.
|
|
85
|
-
9. For Wind4 migration, verify preset choice, theme token migration,
|
|
85
|
+
9. For Wind4 migration, verify preset choice, theme token migration, reset ownership, variant behavior, and compatibility with existing Tailwind-like class vocabulary before changing utilities at call sites. Use a token rename matrix instead of vague "theme review":
|
|
86
|
+
- `fontFamily` -> `font`;
|
|
87
|
+
- `borderRadius` -> `radius`;
|
|
88
|
+
- `easing` -> `ease`;
|
|
89
|
+
- `breakpoints` -> `breakpoint`;
|
|
90
|
+
- `verticalBreakpoints` -> `verticalBreakpoint`;
|
|
91
|
+
- `boxShadow` -> `shadow`;
|
|
92
|
+
- size scale families that now share spacing -> `spacing`;
|
|
93
|
+
- `container.maxWidth` -> `containers.maxWidth`.
|
|
94
|
+
Also check duplicate resets from existing `@unocss/reset` or `normalize.css`, remove `presetRemToPx` when Wind4 covers the behavior internally, and do not combine `presetLegacyCompat` with Wind4 OKLCH color behavior.
|
|
86
95
|
10. Use `extendTheme` or equivalent merge hooks when preserving existing theme tokens matters. Do not replace the whole theme object if the local config expects extension semantics.
|
|
87
96
|
11. Add shortcuts only for repeated product primitives. Prefer static shortcuts when all combinations are known. Dynamic shortcuts must be anchored, token allowlisted, and free of broad catch-all groups.
|
|
88
97
|
12. Do not use shortcuts as one-off wrappers for long class strings in a single screen.
|
|
@@ -131,7 +140,9 @@ Preserve UnoCSS extraction, preset, shortcut, rule, safelist, blocklist, variant
|
|
|
131
140
|
<!-- mustflow-section: preset-icon-shadow-policy -->
|
|
132
141
|
## Preset, Icon, And Shadow DOM Policy
|
|
133
142
|
|
|
134
|
-
- Wind4 migration must preserve theme tokens,
|
|
143
|
+
- Wind4 migration must preserve theme tokens, reset ownership, variant semantics, generated CSS size, and color behavior before call-site cleanup.
|
|
144
|
+
- Wind4 includes Tailwind 4-style reset behavior. Existing `@unocss/reset` or `normalize.css` imports need duplicate-reset review.
|
|
145
|
+
- Wind4 migration should remove obsolete `presetRemToPx` usage and avoid `presetLegacyCompat` when OKLCH color compatibility matters.
|
|
135
146
|
- Icon utilities are production assets. Verify the chosen icon collections, loader ownership, package footprint, currentColor inheritance, accessibility label path, and whether dynamic icon names require a finite safelist.
|
|
136
147
|
- Shadow DOM and web component styles need an explicit injection owner. Do not assume global utility CSS reaches closed or separately injected roots.
|
|
137
148
|
- Framework plugin order is part of extraction. Svelte, Vue, Astro, MDX, transformers, variant-group handling, and attributify can change whether the token exists before UnoCSS scans it.
|
|
@@ -158,7 +169,7 @@ Reject the change when:
|
|
|
158
169
|
- Custom variants accept arbitrary selectors or themes.
|
|
159
170
|
- Blocklist removes utilities without an actionable developer-facing signal.
|
|
160
171
|
- JSX/TSX attributify lacks prefix, transformer, or type support.
|
|
161
|
-
- Wind4 migration replaces theme or preflight behavior without compatibility review.
|
|
172
|
+
- Wind4 migration replaces theme, reset, color, or preflight behavior without compatibility review.
|
|
162
173
|
- Icon utilities accept unbounded runtime icon names.
|
|
163
174
|
- Shadow DOM utility usage has no style injection owner.
|
|
164
175
|
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.version-freshness-check
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 7
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: version-freshness-check
|
|
@@ -35,7 +35,7 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
35
35
|
- Generated or edited files introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, toolchain versions, setup actions, scaffold commands, install commands, or migration examples.
|
|
36
36
|
- CI workflows, release workflows, Dockerfiles, package metadata, lockfiles, runtime files, framework configuration, README examples, docs, tests, fixtures, or templates mention external versions such as GitHub Actions refs, Node, Bun, Deno, Python, Rust, Tauri, Astro, Next, SvelteKit, Electron, Docker images, package managers, SDKs, plugins, or generators.
|
|
37
37
|
- Python wording mentions current/stable/support status, Python 3.14+ standard-library APIs, runtime flags, changed default behavior, security defaults, or examples that depend on `requires-python`.
|
|
38
|
-
- TypeScript wording mentions current/stable/
|
|
38
|
+
- TypeScript wording mentions current/stable/RC/nightly status for TypeScript 6, TypeScript 7, `@typescript/typescript6`, `tsc6`, `typescript@rc`, `@typescript/native-preview`, `tsgo`, compiler API compatibility, or migration readiness.
|
|
39
39
|
- Go wording mentions current/stable/support status, Go release numbers, `go.mod` language version behavior, `toolchain` behavior, standard-library APIs, `GOEXPERIMENT`, runtime defaults, container behavior, JSON experiments, or examples that depend on a specific Go version.
|
|
40
40
|
- Rust wording mentions current/stable/support status, Rust release numbers, `rust-version`, edition behavior, `rust-toolchain`, Cargo resolver or workspace behavior, standard-library APIs, compiler lints, target behavior, release profiles, or examples that depend on a specific Rust version.
|
|
41
41
|
- HTTP delivery wording mentions current support, baseline status, default behavior, standard status, or compatibility for zstd content coding, compression dictionary transport, SSE/EventSource, WebTransport, WebSocket fallback, HTTP/2, HTTP/3, QUIC, CDN behavior, proxy buffering, or browser transport APIs.
|
|
@@ -96,12 +96,12 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
96
96
|
12. For framework and runtime majors such as Astro, Tauri, Electron, Next, SvelteKit, Node, Bun, Deno, Python, Rust, or Java, check migration notes, config schema, plugin and adapter compatibility, generated files, security model, deployment target, and rollback path before recommending a major change.
|
|
97
97
|
13. For Python standard-library or runtime-behavior claims, refresh official Python documentation before writing durable wording. Check `requires-python`, CI/runtime matrices, and container images before using or recommending version-gated features such as Python 3.14+ `map(strict=True)`, `functools.Placeholder`, `heapq` max-heap helpers, import-timing flag behavior, or changed security defaults.
|
|
98
98
|
14. For Python examples that use newer standard-library APIs, either keep the example behind an explicit runtime floor or provide a supported fallback. Do not call a Python 3.14-only API a general Python best practice when the repository declares lower support.
|
|
99
|
-
15. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat
|
|
100
|
-
16. For TypeScript
|
|
99
|
+
15. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat TS6 stable API track (`@typescript/typescript6`, `tsc6`), TS7 RC compiler track (`typescript@rc`, `tsc`), TS7 nightly track (`@typescript/native-preview`, `tsgo`), and future TS7 stable `typescript` behavior as distinct tracks. Do not call RC or nightly output "latest stable TypeScript" just because it is newer.
|
|
100
|
+
16. For TypeScript examples, make the selected track explicit: TS6 API compatibility, TS7 RC compiler verification, TS7 nightly comparison, editor preview, or repository adoption. If the project has compiler API consumers, transformers, framework wrappers, or declaration snapshots, classify the reference as migration-sensitive and keep API consumers on the TS6 API track until support is explicit.
|
|
101
101
|
17. For Go release, toolchain, standard-library, runtime, or experiment claims, refresh official Go release notes or package documentation before writing durable wording. Check the repository's `go` directive, `toolchain` directive, CI/runtime matrix, and container target before using or recommending version-gated features such as expression operands to `new`, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `ReverseProxy.Rewrite`, container-aware `GOMAXPROCS`, goroutine leak profiles, `encoding/json/v2`, or `GOEXPERIMENT` APIs.
|
|
102
102
|
18. For Go examples that use newer standard-library APIs or runtime defaults, either keep the example behind an explicit Go version floor or provide a supported fallback. Do not call an experimental `GOEXPERIMENT` feature or a newer `go` directive behavior a general Go best practice when the repository declares lower support.
|
|
103
103
|
19. For Rust release, toolchain, standard-library, Cargo, edition, lint, target, or MSRV claims, refresh official Rust release notes, standard-library docs, the Cargo Book, Rust Reference, or rustc book before writing durable wording. Check `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, docs.rs metadata, and crate publish policy before using or recommending version-gated features such as let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `resolver = "2"`, Rust 2024 `unsafe_op_in_unsafe_fn`, or release-profile defaults.
|
|
104
|
-
20. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback.
|
|
104
|
+
20. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback. Use an API-by-API MSRV ledger for features such as `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`; do not collapse them into a single "latest Rust" bucket, and do not treat nightly-only behavior or target-specific linker behavior as stable without explicit evidence.
|
|
105
105
|
21. For HTTP standards, browser APIs, proxy defaults, CDN defaults, and transport support claims, prefer official RFCs, standards bodies, MDN or browser vendor docs, and vendor-owned proxy/CDN documentation. Keep WebTransport, compression dictionary transport, zstd content coding, SSE/EventSource, HTTP/2, HTTP/3, QUIC, and proxy-buffering claims track-specific and dated when support is changing.
|
|
106
106
|
22. For HTTP delivery examples that depend on newer or unevenly supported behavior, require feature detection, fallback behavior, or explicit deployment constraints. Do not present WebTransport, dictionary compression, or zstd negotiation as a universal default when the project still needs browsers, proxies, CDNs, or networks that may not support it.
|
|
107
107
|
23. For Docker images, decide whether the project prefers semver tags, distro tags, LTS tags, date tags, or digests. Do not replace a digest or pinned base image with a floating tag unless the repository policy says so.
|
|
@@ -116,9 +116,9 @@ Prevent agents from writing stale external version references from memory, while
|
|
|
116
116
|
- Repository-pinned versions are preserved unless the task, policy, and compatibility classification support changing them.
|
|
117
117
|
- Major or migration-required changes are either explicitly approved, deferred with a recommendation, or left unchanged with the risk reported.
|
|
118
118
|
- Python standard-library examples and runtime-default claims match the declared Python support matrix or name the required runtime floor.
|
|
119
|
-
- TypeScript 6 stable, TypeScript 7
|
|
119
|
+
- TypeScript 6 stable API, TypeScript 7 RC compiler, TypeScript 7 nightly, and future stable TypeScript tracks are not collapsed into one generic "latest TypeScript" claim.
|
|
120
120
|
- Go release, `go.mod` language version, standard-library API, runtime-default, and `GOEXPERIMENT` claims match the declared Go support matrix or name the required runtime floor.
|
|
121
|
-
- Rust release, `rust-version`, edition, standard-library API, Cargo resolver, lint-default, target, and nightly/stable claims match the declared Rust support matrix or name the required runtime floor.
|
|
121
|
+
- Rust release, `rust-version`, edition, standard-library API, Cargo resolver, lint-default, target, and nightly/stable claims match the declared Rust support matrix or name the required API-specific runtime floor.
|
|
122
122
|
- HTTP standard, browser-support, proxy-default, CDN-default, and transport-support claims are not written from stale memory and keep feature detection or fallback boundaries explicit where support varies.
|
|
123
123
|
- Docs and examples do not make unverifiable current-version claims.
|
|
124
124
|
|
|
@@ -144,7 +144,7 @@ Choose the narrowest configured intent that proves the changed versioned surface
|
|
|
144
144
|
- If official sources conflict, prefer the source that owns the artifact being referenced and report the conflict.
|
|
145
145
|
- If a freshness check requires network, credentials, or a connector that is not available, report the boundary and avoid current-version claims.
|
|
146
146
|
- If a proposed major or migration-required version is better for greenfield work but risky for the existing project, present both choices and ask before changing the project.
|
|
147
|
-
- If TypeScript 7
|
|
147
|
+
- If TypeScript 7 RC, nightly, or stable freshness changes during the task, update wording to a dated or track-specific claim and keep repository adoption separate from comparison-only checks.
|
|
148
148
|
- If Go release or experiment freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, `go` directive adoption, CI support, and `GOEXPERIMENT` adoption separate.
|
|
149
149
|
- If Rust release or toolchain freshness changes during the task, update wording to a dated or track-specific claim and keep official release status, MSRV adoption, edition adoption, CI support, target support, and nightly or unstable features separate.
|
|
150
150
|
- If HTTP delivery support changes during the task, update wording to a dated or track-specific claim and keep standards, browser support, CDN behavior, proxy defaults, and repository adoption separate.
|