mustflow 2.84.0 → 2.85.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -2
- package/dist/cli/commands/script-pack.js +4 -0
- package/dist/cli/i18n/en.js +79 -0
- package/dist/cli/i18n/es.js +79 -0
- package/dist/cli/i18n/fr.js +79 -0
- package/dist/cli/i18n/hi.js +79 -0
- package/dist/cli/i18n/ko.js +79 -0
- package/dist/cli/i18n/zh.js +79 -0
- package/dist/cli/lib/repo-map.js +27 -6
- package/dist/cli/lib/run-root-trust.js +15 -1
- package/dist/cli/lib/script-pack-registry.js +114 -0
- package/dist/cli/lib/validation/index.js +2 -2
- package/dist/cli/lib/validation/primitives.js +4 -1
- package/dist/cli/script-packs/code-change-impact.js +172 -0
- package/dist/cli/script-packs/code-dependency-graph.js +181 -0
- package/dist/cli/script-packs/repo-env-contract.js +156 -0
- package/dist/cli/script-packs/repo-secret-risk-scan.js +147 -0
- package/dist/core/change-impact.js +383 -0
- package/dist/core/change-verification.js +32 -5
- package/dist/core/config-loading.js +121 -4
- package/dist/core/dependency-graph.js +490 -0
- package/dist/core/env-contract.js +450 -0
- package/dist/core/line-endings.js +26 -13
- package/dist/core/public-json-contracts.js +51 -0
- package/dist/core/route-outline.js +57 -5
- package/dist/core/script-pack-suggestions.js +21 -1
- package/dist/core/secret-risk-scan.js +440 -0
- package/package.json +1 -1
- package/schemas/README.md +16 -0
- package/schemas/change-impact-report.schema.json +150 -0
- package/schemas/commands.schema.json +12 -0
- package/schemas/dependency-graph-report.schema.json +149 -0
- package/schemas/env-contract-report.schema.json +203 -0
- package/schemas/secret-risk-scan-report.schema.json +152 -0
- package/templates/default/i18n.toml +16 -10
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +7 -2
- package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md +28 -11
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +71 -27
- package/templates/default/locales/en/.mustflow/skills/cross-agent-session-reference/SKILL.md +23 -8
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +48 -11
- package/templates/default/locales/en/.mustflow/skills/javascript-code-change/SKILL.md +15 -13
- package/templates/default/locales/en/.mustflow/skills/node-code-change/SKILL.md +16 -14
- package/templates/default/locales/en/.mustflow/skills/routes.toml +15 -9
- package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +314 -0
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +13 -10
- package/templates/default/manifest.toml +8 -1
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.javascript-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 3
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: javascript-code-change
|
|
@@ -84,23 +84,25 @@ Preserve JavaScript module, runtime, package entry, Promise, cleanup, dependency
|
|
|
84
84
|
6. Do not use runtime detection as a broad escape hatch in shared code. Prefer explicit runtime entrypoints, adapters, conditional exports, or dependency injection over a file that mixes every runtime branch.
|
|
85
85
|
7. Keep environment access behind existing server/client env helpers. Do not read raw server secrets from client, shared, browser, or edge code, and do not assume `process.env` exists outside Node-oriented code.
|
|
86
86
|
8. Do not mix `import`/`export` with `require`/`module.exports` outside an established interop boundary.
|
|
87
|
-
9.
|
|
87
|
+
9. For new Node-owned application, server, or private CLI JavaScript, prefer ESM-only with package `"type": "module"` and ordinary `.js` files when the supported runtime allows it. Use `.mjs` and `.cjs` as explicit override markers for mixed or exceptional files, not as a blanket naming convention.
|
|
88
|
+
10. In native Node ESM, write relative and absolute imports with the runtime file extension and explicit directory entry file, such as `./server.js` or `./routes/index.js`. Extensionless imports and automatic directory `index.js` lookup are CommonJS or bundler habits unless a declared loader or bundler owns them.
|
|
89
|
+
11. Treat package entry metadata as public contract:
|
|
88
90
|
- `type`, file extensions, `main`, `module`, `browser`, `exports`, `types`, `typesVersions`, `files`, `bin`, `sideEffects`, and `engines` affect consumers;
|
|
89
91
|
- adding `exports` can block deep imports and should be classified as public API sensitive;
|
|
90
92
|
- conditional exports must keep specific conditions before generic fallbacks;
|
|
91
93
|
- ESM and CJS branches should expose compatible documented shapes when both are supported;
|
|
92
94
|
- TypeScript declaration output and docs examples must keep pointing at existing package entry files.
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
95
|
+
12. For package entry changes, check source entrypoints, build output layout, docs import examples, TypeScript or declaration settings, bundler config, and consumer-style tests. Report missing Node ESM, Node CJS, browser bundle, edge, Bun, or TypeScript consumer verification when those targets are claimed but no configured intent exists.
|
|
96
|
+
13. Treat build targets as syntax/output compatibility, not as permission to use a runtime API. A browser or edge build target does not make Node filesystem, process, Buffer, or native APIs safe.
|
|
97
|
+
14. Treat implicit globals as failures.
|
|
98
|
+
15. Do not discard Promises. Every Promise-producing call must be awaited, returned, joined, or intentionally supervised by the project's detached-task pattern.
|
|
99
|
+
16. Do not leave `.map(async ...)` unjoined. Join with the established Promise aggregation or bounded-concurrency helper when parallel work is intended.
|
|
100
|
+
17. Do not use unbounded parallelism for large external I/O fan-out. Use the local concurrency limit pattern when the workload touches HTTP, database, filesystem, queue, AI, or other external services.
|
|
101
|
+
18. Propagate cancellation when the operation can outlive a request, job, stream, retry loop, timeout, or user action. Accept and forward `AbortSignal` or the repository's established cancellation token when available.
|
|
102
|
+
19. Do not implement timeout as a caller-only race that leaves the real work running. Timeout behavior must cancel or abort the underlying operation when the API supports it.
|
|
103
|
+
20. Put cleanup in a deterministic path. Timers, event listeners, stream readers, Node streams, temp files, locks, transactions, subscriptions, and shutdown drains need success, failure, timeout, and cancellation cleanup coverage when touched.
|
|
104
|
+
21. Do not build package exports or dependency changes without checking consumers, tests, and docs examples.
|
|
105
|
+
22. Choose configured verification intents that cover lint, build, tests, package entry, runtime behavior, async rejection handling, cancellation, and cleanup when available.
|
|
104
106
|
|
|
105
107
|
<!-- mustflow-section: postconditions -->
|
|
106
108
|
## Postconditions
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.node-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: node-code-change
|
|
@@ -85,19 +85,21 @@ Preserve the actual Node.js runtime, module, package manager, TypeScript executi
|
|
|
85
85
|
- Yarn PnP, Zero-Install, and immutable installs can make `node_modules` assumptions wrong.
|
|
86
86
|
- Corepack availability depends on the Node/runtime environment; do not assume it exists in every Node version, image, or CI runner.
|
|
87
87
|
5. Determine Node module loading from Node rules, not preference or `tsconfig` alone. `.mjs` and `.mts` are ESM, `.cjs` and `.cts` are CommonJS, and `.js` or `.ts` follows the nearest package `type` after the project's loader/build path is considered.
|
|
88
|
-
6.
|
|
89
|
-
7.
|
|
90
|
-
8.
|
|
91
|
-
9. For
|
|
92
|
-
10.
|
|
93
|
-
11.
|
|
94
|
-
12.
|
|
95
|
-
13.
|
|
96
|
-
14.
|
|
97
|
-
15.
|
|
98
|
-
16.
|
|
99
|
-
17.
|
|
100
|
-
18.
|
|
88
|
+
6. For new Node applications, servers, and private CLIs, prefer an explicit ESM-only package with `"type": "module"` and ordinary `.js` source/output files when the supported runtime allows it. Do not rename every file to `.mjs` just to mean ESM; reserve `.mjs` and `.cjs` for exceptional per-file overrides or mixed-module boundaries.
|
|
89
|
+
7. In native Node ESM code, require fully specified relative and absolute import specifiers, including file extensions and directory indexes such as `./feature/index.js`. Do not carry CommonJS extensionless or directory-main assumptions into Node ESM unless a bundler or loader owns that resolution.
|
|
90
|
+
8. Treat `type`, `main`, `exports`, `imports`, file extensions, and conditional export changes as package entry contract changes. Adding `exports` can block deep imports and should be classified as compatibility-sensitive unless all previously supported paths remain exported or the release is intentionally breaking.
|
|
91
|
+
9. For conditional exports, keep condition order deliberate, include a `default` fallback when multi-runtime or bundler consumers are intended, and avoid splitting `import` and `require` into separate stateful implementations unless dual package hazards are tested.
|
|
92
|
+
10. For `imports`, use `#` aliases only for package-internal paths, and keep TypeScript paths, bundler aliases, test runner aliases, and declaration output aligned.
|
|
93
|
+
11. For JSON imports, `require(esm)`, top-level await, `.mts`, `.cts`, `.d.mts`, and `.d.cts`, verify the minimum Node version, TypeScript module resolution, generated output, and consumer path before changing code.
|
|
94
|
+
12. Do not replace an existing TypeScript pipeline with native Node TypeScript execution unless the task explicitly asks for that migration. Node native TypeScript execution is limited type stripping; it does not typecheck, read `tsconfig`, resolve path aliases, emit declarations, downlevel syntax, transform decorators or enums, or support TSX as a full build pipeline.
|
|
95
|
+
13. If native Node TypeScript execution is intentionally used, keep syntax erasable-only, use `import type` for type-only imports, avoid runtime TypeScript features that require transforms, and keep the configured typecheck/build pipeline for application and library code.
|
|
96
|
+
14. Detect the actual test runner from scripts, config files, dependencies, and CI. Do not migrate Jest, Vitest, Playwright, or another runner to `node:test` just because Node has a built-in runner. Watch, coverage, mock, snapshot, worker, and cleanup behavior are runner-specific.
|
|
97
|
+
15. Treat watch mode and snapshot update modes as development or review actions, not final verification. Use the configured oneshot intents and report when no configured runner-specific intent exists.
|
|
98
|
+
16. Before using Node APIs in deployment code, classify the target as Node server, Docker, serverless Node, edge runtime, static build, or multi-runtime package. Edge runtimes are not full Node.js runtimes.
|
|
99
|
+
17. Inspect native and install-sensitive dependencies when package metadata or runtime imports touch `.node`, `binding.gyp`, `node-gyp`, `preinstall`, `install`, `postinstall`, `prepare`, optional dependencies, peer dependencies, OS, CPU, libc, or Node ABI boundaries.
|
|
100
|
+
18. Treat optional dependencies and optional peers as absent until code handles absence. Do not require optional packages directly without fallback or error handling that matches the existing project pattern.
|
|
101
|
+
19. Treat the Node permission model as a trusted-code seatbelt, not a sandbox for untrusted code. If permission flags are introduced or changed, map required filesystem, network, child process, worker, native addon, WASI, inspector, and temporary directory access explicitly.
|
|
102
|
+
20. Choose configured verification intents that cover lint, build, tests, package metadata, release-sensitive package output, docs examples, and mustflow contract checks when available. Report missing consumer fixture, ESM, CJS, TypeScript consumer, native dependency, deployment, or permission verification.
|
|
101
103
|
|
|
102
104
|
<!-- mustflow-section: postconditions -->
|
|
103
105
|
## Postconditions
|
|
@@ -406,7 +406,7 @@ applies_to_reasons = ["code_change", "public_api_change", "test_change", "packag
|
|
|
406
406
|
category = "general_code"
|
|
407
407
|
route_type = "primary"
|
|
408
408
|
priority = 85
|
|
409
|
-
applies_to_reasons = ["code_change", "public_api_change", "test_change", "package_metadata_change"]
|
|
409
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "migration_change", "security_change", "package_metadata_change", "release_risk"]
|
|
410
410
|
|
|
411
411
|
[routes."docker-code-change"]
|
|
412
412
|
category = "general_code"
|
|
@@ -418,7 +418,7 @@ applies_to_reasons = ["code_change", "public_api_change", "test_change", "securi
|
|
|
418
418
|
category = "general_code"
|
|
419
419
|
route_type = "primary"
|
|
420
420
|
priority = 82
|
|
421
|
-
applies_to_reasons = ["code_change", "public_api_change", "docs_change", "test_change"]
|
|
421
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "docs_change", "test_change", "data_change", "migration_change", "performance_change", "security_change", "privacy_change"]
|
|
422
422
|
|
|
423
423
|
[routes."backend-reliability-change"]
|
|
424
424
|
category = "general_code"
|
|
@@ -436,7 +436,7 @@ applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "pe
|
|
|
436
436
|
category = "general_code"
|
|
437
437
|
route_type = "primary"
|
|
438
438
|
priority = 85
|
|
439
|
-
applies_to_reasons = ["code_change", "public_api_change", "test_change", "package_metadata_change"]
|
|
439
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "data_change", "migration_change", "ui_change", "package_metadata_change"]
|
|
440
440
|
|
|
441
441
|
[routes."javascript-code-change"]
|
|
442
442
|
category = "general_code"
|
|
@@ -652,13 +652,13 @@ applies_to_reasons = ["code_change", "security_change", "migration_change"]
|
|
|
652
652
|
category = "data_external"
|
|
653
653
|
route_type = "primary"
|
|
654
654
|
priority = 55
|
|
655
|
-
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "cross_cutting_code_change"]
|
|
655
|
+
applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "cross_cutting_code_change", "data_change", "migration_change", "performance_change", "security_change", "privacy_change", "package_metadata_change"]
|
|
656
656
|
|
|
657
657
|
[routes."tauri-code-change"]
|
|
658
658
|
category = "data_external"
|
|
659
659
|
route_type = "primary"
|
|
660
660
|
priority = 90
|
|
661
|
-
applies_to_reasons = ["code_change", "security_change", "public_api_change"]
|
|
661
|
+
applies_to_reasons = ["code_change", "behavior_change", "ui_change", "security_change", "privacy_change", "data_change", "public_api_change", "package_metadata_change", "release_risk"]
|
|
662
662
|
|
|
663
663
|
[routes."process-execution-safety"]
|
|
664
664
|
category = "data_external"
|
|
@@ -696,6 +696,12 @@ route_type = "adjunct"
|
|
|
696
696
|
priority = 40
|
|
697
697
|
applies_to_reasons = ["test_change", "behavior_change"]
|
|
698
698
|
|
|
699
|
+
[routes."test-suite-performance-review"]
|
|
700
|
+
category = "tests"
|
|
701
|
+
route_type = "primary"
|
|
702
|
+
priority = 58
|
|
703
|
+
applies_to_reasons = ["performance_change", "test_change", "workflow_change", "mustflow_config_change", "package_metadata_change", "unknown_change"]
|
|
704
|
+
|
|
699
705
|
[routes."test-maintenance"]
|
|
700
706
|
category = "tests"
|
|
701
707
|
route_type = "primary"
|
|
@@ -880,13 +886,13 @@ applies_to_reasons = ["ui_change", "docs_change", "code_change"]
|
|
|
880
886
|
category = "ui_assets"
|
|
881
887
|
route_type = "primary"
|
|
882
888
|
priority = 85
|
|
883
|
-
applies_to_reasons = ["ui_change", "docs_change", "code_change"]
|
|
889
|
+
applies_to_reasons = ["ui_change", "docs_change", "code_change", "behavior_change", "public_api_change", "migration_change", "package_metadata_change"]
|
|
884
890
|
|
|
885
891
|
[routes."unocss-code-change"]
|
|
886
892
|
category = "ui_assets"
|
|
887
893
|
route_type = "primary"
|
|
888
894
|
priority = 85
|
|
889
|
-
applies_to_reasons = ["ui_change", "docs_change", "code_change"]
|
|
895
|
+
applies_to_reasons = ["ui_change", "docs_change", "code_change", "behavior_change", "migration_change", "performance_change", "package_metadata_change"]
|
|
890
896
|
|
|
891
897
|
[routes."flutter-code-change"]
|
|
892
898
|
category = "ui_assets"
|
|
@@ -898,13 +904,13 @@ applies_to_reasons = ["ui_change", "code_change", "public_api_change"]
|
|
|
898
904
|
category = "ui_assets"
|
|
899
905
|
route_type = "primary"
|
|
900
906
|
priority = 85
|
|
901
|
-
applies_to_reasons = ["ui_change", "docs_change", "code_change"]
|
|
907
|
+
applies_to_reasons = ["ui_change", "docs_change", "code_change", "behavior_change", "migration_change", "package_metadata_change"]
|
|
902
908
|
|
|
903
909
|
[routes."svelte-code-change"]
|
|
904
910
|
category = "ui_assets"
|
|
905
911
|
route_type = "primary"
|
|
906
912
|
priority = 85
|
|
907
|
-
applies_to_reasons = ["ui_change", "code_change", "public_api_change"]
|
|
913
|
+
applies_to_reasons = ["ui_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "test_change", "package_metadata_change"]
|
|
908
914
|
|
|
909
915
|
[routes."pattern-scout"]
|
|
910
916
|
category = "architecture_patterns"
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.security-privacy-review
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 23
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: security-privacy-review
|
|
@@ -193,9 +193,11 @@ Catch security, privacy, and disclosure risks introduced by ordinary code, docum
|
|
|
193
193
|
32. For filesystem changes, distinguish lexical containment from the real target. Check symlinks, generated state, package contents, and file APIs that may follow links before claiming a path stays inside the repository.
|
|
194
194
|
33. For code-scanning alerts, group findings by root cause and rule. Fix the underlying pattern, not only the exact flagged line, and separate repository-setting alerts such as branch protection or maintainer activity from code changes.
|
|
195
195
|
- For incomplete escaping or encoding findings, search the same sink class for adjacent ad hoc sanitizer patterns such as first-occurrence `.replace`, non-global replacement, hand-escaped slashes, quotes, backslashes, path separators, or mixed URL encoders. Replace the pattern with a domain-owned transformation and add a regression test or narrow source-pattern guard when the behavior is release-sensitive.
|
|
196
|
+
- For ReDoS or inefficient-regular-expression findings, identify whether attacker-controlled text, repository files, generated output, logs, Markdown, YAML, or source code can reach the expression. Prefer a bounded parser, token scanner, structured parser, or anchored non-overlapping expression over nested quantifiers, repeated alternatives that can match the same prefix, or optional whitespace loops. Add a long malformed input case or equivalent static guard before claiming the backtracking risk is fixed.
|
|
196
197
|
34. For workflow scanner alerts, check action pinning, `persist-credentials`, job-level permissions, reusable workflow permissions, fork pull-request secret exposure, artifact upload boundaries, and privileged identity timing before treating the warning as cosmetic.
|
|
197
198
|
35. For pinned action references, distinguish tag objects from the commit that implements the tag. Verify pinned SHAs against the action repository so scanner tooling does not report an imposter or non-member commit.
|
|
198
199
|
36. For dependency scanner alerts, separate production dependency manifests from fixtures, examples, generated test repositories, and intentionally vulnerable samples. Narrow the scan scope before treating fixture-only alerts as product vulnerabilities.
|
|
200
|
+
- For lockfile CVEs, inspect the manifest and lockfile together. Identify the direct parent that keeps the vulnerable transitive package in the graph, update the narrowest direct dependency or override needed to reach the fixed range, and confirm the vulnerable package version no longer appears in the resolved graph before claiming the alert is fixed.
|
|
199
201
|
37. For deployment settings, check debug mode, sample admin accounts, default credentials, public admin panels, open metrics endpoints, public storage, root container users, HTTPS enforcement, and exposed GraphQL or development consoles.
|
|
200
202
|
38. For runtime and framework security updates, check that supported versions are documented, end-of-life versions are rejected, dependency locks exist where appropriate, security patches can be tested and deployed quickly, and rollback or redeploy can happen without manual dashboard memory. Do not treat a fashionable or high-performance runtime as safe unless the patch path is operationally credible.
|
|
201
203
|
39. For transport security, check HTTPS/TLS requirements, certificate validation, insecure HTTP downgrade paths, disabled verification flags, and whether sensitive traffic can bypass the secure channel.
|
|
@@ -0,0 +1,314 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.test-suite-performance-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: test-suite-performance-review
|
|
9
|
+
description: Apply this skill when test-suite runtime, CI feedback latency, test selection, shard balance, worker scheduling, retry policy, flaky-test handling, fixture setup, database or container test lifecycle, coverage or artifact overhead, test-result caching, test discovery, or test performance claims are planned, edited, reviewed, or reported.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.test-suite-performance-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- build
|
|
19
|
+
- test_related
|
|
20
|
+
- test
|
|
21
|
+
- test_audit
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Test Suite Performance Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Make test suites faster without turning the default verification path into wishful thinking.
|
|
33
|
+
|
|
34
|
+
The review question is not "can the suite run in parallel?" It is "where is the wall-clock time
|
|
35
|
+
actually spent, which tests are safe to skip or run later, which workers are waiting, which shared
|
|
36
|
+
resources are saturated, and what evidence keeps a faster path trustworthy?"
|
|
37
|
+
|
|
38
|
+
<!-- mustflow-section: use-when -->
|
|
39
|
+
## Use When
|
|
40
|
+
|
|
41
|
+
- Test or CI runtime, developer-loop feedback time, shard balance, worker count, test discovery,
|
|
42
|
+
coverage collection, trace or artifact generation, retry policy, flaky-test handling, or test
|
|
43
|
+
result caching is created, changed, reviewed, or reported.
|
|
44
|
+
- A task changes command contracts, CI workflows, test runner configuration, test grouping, test
|
|
45
|
+
selection, test scheduling, package scripts, fixture setup, database setup, container lifecycle,
|
|
46
|
+
browser test behavior, or coverage and report defaults for performance reasons.
|
|
47
|
+
- A report claims tests are faster, optimized, selected, cached, parallelized, sharded, hermetic,
|
|
48
|
+
stable, less flaky, or safer to run on every PR.
|
|
49
|
+
- A test suite is slow because of repeated process startup, full-directory discovery, repeated
|
|
50
|
+
migration or seed work, per-test containers, sleeps, external internet calls, huge artifacts,
|
|
51
|
+
tail shards, or over-broad full-suite execution.
|
|
52
|
+
|
|
53
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
54
|
+
## Do Not Use When
|
|
55
|
+
|
|
56
|
+
- The task only adds or updates behavior tests; use `test-design-guard` or `test-maintenance`.
|
|
57
|
+
- The task only reviews whether production code is testable; use `testability-boundary-review`.
|
|
58
|
+
- The task is ordinary application hot-path performance with no test runner, fixture, CI, or
|
|
59
|
+
verification-loop behavior; use `performance-budget-check`.
|
|
60
|
+
- The user only wants a one-time local command result and no persistent test or CI behavior changes.
|
|
61
|
+
- The proposed change weakens verification by deleting tests, skipping failed tests, removing
|
|
62
|
+
assertions, disabling coverage gates, or hiding flaky tests without an evidence-based policy.
|
|
63
|
+
|
|
64
|
+
<!-- mustflow-section: required-inputs -->
|
|
65
|
+
## Required Inputs
|
|
66
|
+
|
|
67
|
+
- Suite surface: local command, CI job, package script, test runner, shard system, coverage job,
|
|
68
|
+
browser test job, database-backed test job, or release gate.
|
|
69
|
+
- Timing ledger: discovery, process startup, shared setup, fixture creation, test body, database or
|
|
70
|
+
container setup, cleanup, coverage, report generation, artifact upload, queue wait, shard tail,
|
|
71
|
+
and idle-worker time when available.
|
|
72
|
+
- Test timing evidence: p50 and p95 per test or file, longest tests, previous failures, flaky
|
|
73
|
+
history, shard start and finish times, worker utilization, retry count, and timeout outliers.
|
|
74
|
+
- Selection ledger: changed files, dependency graph, runtime coverage or touched-file evidence,
|
|
75
|
+
newly added tests, previous failed tests, unsafe-change fallback rules, and scheduled full-suite
|
|
76
|
+
safety net.
|
|
77
|
+
- Isolation ledger: time, randomness, UUIDs, locale, timezone, environment variables, home
|
|
78
|
+
directory, filesystem paths, network, database, containers, queues, browser profiles, caches,
|
|
79
|
+
module state, and runner process reuse.
|
|
80
|
+
- Resource ledger: CPU, memory, DB connections, browser processes, containers, network, filesystem,
|
|
81
|
+
GPU, SQLite or PostgreSQL locks, port allocation, and any scarce resource that needs a token or
|
|
82
|
+
affinity rule.
|
|
83
|
+
- Cache ledger: declared inputs, cache keys, volatile values, hit rate, miss reasons, runner-local
|
|
84
|
+
cache, remote cache, result-cache eligibility, and invalidation behavior.
|
|
85
|
+
- Relevant command-intent entries for tests, builds, docs, release checks, and mustflow validation.
|
|
86
|
+
|
|
87
|
+
<!-- mustflow-section: preconditions -->
|
|
88
|
+
## Preconditions
|
|
89
|
+
|
|
90
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
91
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked for the
|
|
92
|
+
current scope.
|
|
93
|
+
- Required inputs are available, or missing timing, selection, cache, isolation, or resource
|
|
94
|
+
evidence can be reported without guessing.
|
|
95
|
+
- If a change touches production behavior or test coverage meaning, use the matching behavior,
|
|
96
|
+
test-design, security, data, or release skill before accepting the performance change.
|
|
97
|
+
- If test result caching or selected-test execution is introduced, the full-suite fallback and
|
|
98
|
+
scheduled full-suite safety net are defined first.
|
|
99
|
+
|
|
100
|
+
<!-- mustflow-section: allowed-edits -->
|
|
101
|
+
## Allowed Edits
|
|
102
|
+
|
|
103
|
+
- Add or refine test timing collection, historical duration stores, selected-test manifests,
|
|
104
|
+
dependency-to-test maps, runner scheduling, shard assignment, worker limits, retry classification,
|
|
105
|
+
fixture lifecycle, local stubs, fake timers, cache keys, coverage defaults, and CI report policy.
|
|
106
|
+
- Add or adjust tests, fixtures, docs, command contracts, release checks, and template surfaces
|
|
107
|
+
directly tied to the test-suite performance behavior.
|
|
108
|
+
- Move expensive setup from per-test to per-worker, per-module, or per-session scope only when
|
|
109
|
+
mutable state still has a cheap isolation layer.
|
|
110
|
+
- Do not remove tests, weaken assertions, disable failure artifacts, or mark flaky tests as normal
|
|
111
|
+
success to make a suite look faster.
|
|
112
|
+
- Do not add unbounded parallelism, shared database schemas, cross-test mutable fixtures, or result
|
|
113
|
+
caches when hidden inputs are not declared.
|
|
114
|
+
|
|
115
|
+
<!-- mustflow-section: procedure -->
|
|
116
|
+
## Procedure
|
|
117
|
+
|
|
118
|
+
1. Measure before optimizing.
|
|
119
|
+
- Split elapsed time into discovery, process startup, shared setup, fixture creation, test body,
|
|
120
|
+
database or container setup, cleanup, coverage, report generation, artifact upload, queue wait,
|
|
121
|
+
shard tail, and idle-worker time.
|
|
122
|
+
- Report p50 and p95 per test or file when available. Average-only timing hides the last slow
|
|
123
|
+
shard, and the last slow shard decides CI wall time.
|
|
124
|
+
2. Classify the bottleneck.
|
|
125
|
+
- Discovery bottleneck: full tree scans, broad classpath scans, fixtures and generated files in
|
|
126
|
+
search paths, or missing precomputed test manifests.
|
|
127
|
+
- Startup bottleneck: one process, JVM, Python, Node, browser, container, or dependency-injection
|
|
128
|
+
graph per test instead of a safe persistent worker.
|
|
129
|
+
- Fixture bottleneck: repeated migrations, seed data, model loads, browser profile setup, or
|
|
130
|
+
container creation.
|
|
131
|
+
- Scheduling bottleneck: file-count sharding, no historical duration data, no work stealing,
|
|
132
|
+
huge test files, or worker count beyond the resource optimum.
|
|
133
|
+
- Artifact bottleneck: coverage, screenshots, videos, traces, full logs, HTML reports, or upload
|
|
134
|
+
work paid on every PR path instead of only failure, retry, nightly, or release paths.
|
|
135
|
+
3. Replace blanket full-suite execution with selected execution only when fallback is explicit.
|
|
136
|
+
- Include affected tests from changed files, new tests, and previous failed tests.
|
|
137
|
+
- Fall back to the full suite for changes to lockfiles, compiler or runtime settings, test runner
|
|
138
|
+
configuration, shared fixtures, migrations, database schema, generated contracts, package
|
|
139
|
+
metadata that affects runtime, or any change the selector cannot understand.
|
|
140
|
+
- Keep a scheduled full-suite path for nightly, release, or pre-merge confidence.
|
|
141
|
+
4. Do not build impact analysis from imports alone.
|
|
142
|
+
- Combine static dependency evidence with previous runtime evidence such as touched files,
|
|
143
|
+
classes, schemas, config keys, fixtures, resources, and test-to-source mappings.
|
|
144
|
+
- Prefer file or class granularity when method-level tracing costs more than it saves.
|
|
145
|
+
- Treat dynamic imports, reflection, generated code, config-driven branches, and framework magic
|
|
146
|
+
as reasons to widen selection or fall back.
|
|
147
|
+
5. Run likely failures early.
|
|
148
|
+
- Order previous failed tests, recently changed tests, tests near the changed code, historically
|
|
149
|
+
flaky tests, and long tests before low-risk tests.
|
|
150
|
+
- Use early-fail jobs for fast developer feedback, but keep a separate full-data job that
|
|
151
|
+
continues collecting remaining failures when the workflow needs all failures.
|
|
152
|
+
6. Cache only hermetic test results.
|
|
153
|
+
- A successful test result can be reused only when the test binary, test code, affected product
|
|
154
|
+
code, fixtures, environment, toolchain, locale, timezone, and declared resources match.
|
|
155
|
+
- Do not include volatile values such as commit SHA, build number, wall-clock time, random temp
|
|
156
|
+
roots, or runner-specific paths in cache keys unless they truly affect output.
|
|
157
|
+
- Do include language version, compiler flags, runtime flags, timezone, locale, dependency lock
|
|
158
|
+
content, fixture versions, and DB schema version when they affect behavior.
|
|
159
|
+
- Track cache hit rate and miss reasons after adding a cache; a cache with invisible misses is
|
|
160
|
+
performance theater.
|
|
161
|
+
7. Preserve warm local and remote caches.
|
|
162
|
+
- Avoid clearing dependency caches, transformed source caches, test discovery indexes, compiled
|
|
163
|
+
output, and package caches at the start of every CI job.
|
|
164
|
+
- Prefer runner-local SSD caches or content-hash restore over slow network-volume scans.
|
|
165
|
+
8. Avoid full discovery on every run.
|
|
166
|
+
- Generate or maintain package-level test manifests when the project can do so safely.
|
|
167
|
+
- Exclude fixtures, snapshots, generated output, archived tests, vendored code, and build output
|
|
168
|
+
from discovery paths.
|
|
169
|
+
- For JVM and similar ecosystems, prefer explicit include patterns over broad classpath scanning
|
|
170
|
+
when the runner supports it.
|
|
171
|
+
9. Reuse workers before increasing worker count.
|
|
172
|
+
- Keep interpreters, JIT, dependency injection, ASTs, browser engines, and database clients warm
|
|
173
|
+
across multiple tests when isolation allows it.
|
|
174
|
+
- Reset static state, module caches, timers, environment, and global fixtures between tests.
|
|
175
|
+
- Replace workers only after measured memory leaks, not by default after every test.
|
|
176
|
+
10. Size work units for the scheduler.
|
|
177
|
+
- Do not send thousands of tiny remote jobs where queue setup, sandbox setup, input transfer,
|
|
178
|
+
and result collection cost more than the test body.
|
|
179
|
+
- Bundle micro-tests by package, runtime, or fixture affinity while preserving per-test result
|
|
180
|
+
reporting.
|
|
181
|
+
11. Shard by historical duration, not file count.
|
|
182
|
+
- Use recent successful durations, trimmed means, or exponential moving averages.
|
|
183
|
+
- Assign longest tests first to the currently lightest shard.
|
|
184
|
+
- Give new tests a directory or type median, and cap timeout outliers so one historic failure
|
|
185
|
+
does not poison future placement.
|
|
186
|
+
12. Add work stealing when static shards still leave idle workers.
|
|
187
|
+
- Let early workers take not-yet-started work from overloaded shards.
|
|
188
|
+
- Keep tests that share expensive setup together unless the tail cost is worse than duplicated
|
|
189
|
+
setup.
|
|
190
|
+
13. Split huge files below the file level when supported.
|
|
191
|
+
- File-level sharding is fake parallelism when one file contains most of the runtime.
|
|
192
|
+
- Confirm that the runner actually honors case-level sharding; unsupported sharding can cause
|
|
193
|
+
every shard to run the whole suite.
|
|
194
|
+
14. Schedule by resource tokens and affinity.
|
|
195
|
+
- Tag tests by CPU, memory, DB connections, browser processes, containers, GPU, filesystem, and
|
|
196
|
+
network pressure.
|
|
197
|
+
- Use resource tokens or locks for scarce shared resources instead of disabling all parallelism.
|
|
198
|
+
- Keep expensive fixture groups together when setup reuse beats perfect load balance.
|
|
199
|
+
15. Tune worker count empirically.
|
|
200
|
+
- Compare worker counts such as 1, 2, 4, and 8 on the same commit.
|
|
201
|
+
- Stop increasing workers when wall time stops improving, memory peaks rise sharply, DB waits
|
|
202
|
+
increase, browser tests swap, or flaky rate rises.
|
|
203
|
+
16. Make database and container setup worker-scoped.
|
|
204
|
+
- Prefer one DB server or service container per worker, with per-test schemas, databases,
|
|
205
|
+
transactions, savepoints, namespaces, ports, or fixture copies.
|
|
206
|
+
- Do not let all workers share the same mutable schema unless the suite is intentionally
|
|
207
|
+
serialized.
|
|
208
|
+
- Build a migrated and seeded template DB or snapshot once, then clone it per worker when
|
|
209
|
+
migrations or seed data dominate.
|
|
210
|
+
17. Reset mutable state cheaply.
|
|
211
|
+
- Prefer transaction rollback or savepoints for tests whose side effects stay inside one DB
|
|
212
|
+
connection.
|
|
213
|
+
- Use DB clone, schema clone, or container snapshot for tests that cross processes, queues,
|
|
214
|
+
external workers, sequence assertions, or asynchronous effects.
|
|
215
|
+
- Use tmpfs only for non-persistent state with explicit size limits.
|
|
216
|
+
18. Replace sleeps with readiness and fake time.
|
|
217
|
+
- Treat fixed sleeps as performance bugs.
|
|
218
|
+
- Wait for real readiness: health endpoints, logs, successful queries, event receipt, or port
|
|
219
|
+
plus protocol-level checks.
|
|
220
|
+
- For timers, retries, expiry, and scheduled work, inject clocks or use fake timers instead of
|
|
221
|
+
waiting in real time.
|
|
222
|
+
19. Remove external internet from the default CI path.
|
|
223
|
+
- Use local stubs, fixtures, mocks, recorded responses, or contract-specific jobs.
|
|
224
|
+
- Block unrelated images, fonts, analytics, and third-party requests in UI tests unless the test
|
|
225
|
+
is specifically about that delivery behavior.
|
|
226
|
+
20. Control hidden inputs.
|
|
227
|
+
- Inject time, random seeds, UUID generation, locale, timezone, environment, and current user.
|
|
228
|
+
- Report seed values on failure so a failed run can be reproduced.
|
|
229
|
+
21. Move expensive evidence off the default path.
|
|
230
|
+
- Collect full coverage, videos, traces, screenshots, full logs, and HTML reports only where
|
|
231
|
+
they pay for themselves: failures, first retry, nightly, release, or dedicated coverage jobs.
|
|
232
|
+
- Merge shard reports after tests finish rather than blocking each shard on heavy reporting.
|
|
233
|
+
22. Retry narrowly and honestly.
|
|
234
|
+
- Retry only the failed test or case, once, in a fresh worker when possible.
|
|
235
|
+
- Preserve first-failure logs and artifacts.
|
|
236
|
+
- Classify retry success as flaky success, not normal success.
|
|
237
|
+
23. Use speculative tail duplication only for hermetic shards.
|
|
238
|
+
- If the last shard exceeds its historical p95 while workers are idle, a scheduler may duplicate
|
|
239
|
+
that shard and accept the first result.
|
|
240
|
+
- Do not duplicate non-hermetic tests, tests with side effects, or tests that consume scarce
|
|
241
|
+
external resources.
|
|
242
|
+
24. Garbage-collect the test portfolio.
|
|
243
|
+
- Track duration, unique behavior coverage, defect-finding history, flaky rate, owner, and last
|
|
244
|
+
meaningful update.
|
|
245
|
+
- Move low-value duplicates from PR paths to nightly paths before deleting them.
|
|
246
|
+
- Quarantine flaky tests with owner and expiry; do not let quarantine become permanent silence.
|
|
247
|
+
25. Verify the faster path and the fallback path.
|
|
248
|
+
- A selector, cache, shard rule, retry policy, or fixture reuse change is not complete until the
|
|
249
|
+
default fast path and the fallback or full path both have evidence or a reported missing
|
|
250
|
+
command intent.
|
|
251
|
+
|
|
252
|
+
<!-- mustflow-section: postconditions -->
|
|
253
|
+
## Postconditions
|
|
254
|
+
|
|
255
|
+
- The test-suite bottleneck is classified by timing, selection, scheduling, cache, fixture, DB,
|
|
256
|
+
container, artifact, retry, or resource evidence.
|
|
257
|
+
- The optimization goal is explicit: faster first failure, shorter PR wall time, lower CI cost,
|
|
258
|
+
lower flaky rate, smaller artifact overhead, or faster local feedback.
|
|
259
|
+
- Selected-test execution has a full-suite fallback for unsafe or unknown changes.
|
|
260
|
+
- Caches declare inputs, omit irrelevant volatile values, and report hit rate or miss reasons when
|
|
261
|
+
evidence exists.
|
|
262
|
+
- Worker count, resource tokens, shard placement, fixture affinity, and retry behavior preserve
|
|
263
|
+
test isolation and failure evidence.
|
|
264
|
+
- Any speed claim is measured, complexity-only, or explicitly unverified.
|
|
265
|
+
|
|
266
|
+
<!-- mustflow-section: verification -->
|
|
267
|
+
## Verification
|
|
268
|
+
|
|
269
|
+
Use configured oneshot command intents when available:
|
|
270
|
+
|
|
271
|
+
- `changes_status`
|
|
272
|
+
- `changes_diff_summary`
|
|
273
|
+
- `build`
|
|
274
|
+
- `test_related`
|
|
275
|
+
- `test`
|
|
276
|
+
- `test_audit`
|
|
277
|
+
- `docs_validate_fast`
|
|
278
|
+
- `test_release`
|
|
279
|
+
- `mustflow_check`
|
|
280
|
+
|
|
281
|
+
Use the narrowest configured test, build, docs, release, or mustflow intent that proves the changed
|
|
282
|
+
test-suite behavior. If the repository exposes a profiling or cached-test intent, use it only when
|
|
283
|
+
the command contract marks it configured, oneshot, and agent-allowed.
|
|
284
|
+
|
|
285
|
+
<!-- mustflow-section: failure-handling -->
|
|
286
|
+
## Failure Handling
|
|
287
|
+
|
|
288
|
+
- If timing evidence is missing, add bounded measurement or report the missing evidence before
|
|
289
|
+
changing scheduling, caching, or selection policy.
|
|
290
|
+
- If selection cannot understand a change, fall back to the full suite.
|
|
291
|
+
- If a cache key is uncertain, prefer a cache miss over a false hit.
|
|
292
|
+
- If worker reuse causes order dependence, leaked state, or flaky failures, isolate the leaked
|
|
293
|
+
resource before widening reuse.
|
|
294
|
+
- If parallelism makes tests slower, check shared DB, browser, memory, filesystem, and container
|
|
295
|
+
contention before increasing workers again.
|
|
296
|
+
- If a retry hides a real failure, preserve first-failure evidence and classify the result as flaky.
|
|
297
|
+
- If configured verification is missing, report the missing intent instead of inventing raw runner
|
|
298
|
+
commands.
|
|
299
|
+
|
|
300
|
+
<!-- mustflow-section: output-format -->
|
|
301
|
+
## Output Format
|
|
302
|
+
|
|
303
|
+
- Suite surface and feedback goal
|
|
304
|
+
- Timing breakdown and bottleneck class
|
|
305
|
+
- Selection policy and full-suite fallback
|
|
306
|
+
- Scheduling, sharding, worker, and resource-token decisions
|
|
307
|
+
- Fixture, DB, container, filesystem, time, randomness, network, and isolation notes
|
|
308
|
+
- Cache key, hit-rate, and miss-reason notes
|
|
309
|
+
- Retry and flaky-test policy
|
|
310
|
+
- Coverage, trace, log, screenshot, video, report, and artifact policy
|
|
311
|
+
- Speed evidence: measured, complexity-only, or unverified
|
|
312
|
+
- Command intents run
|
|
313
|
+
- Skipped command intents and reasons
|
|
314
|
+
- Remaining test-suite performance risk
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.typescript-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 5
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: typescript-code-change
|
|
@@ -91,19 +91,22 @@ Preserve TypeScript's type, runtime validation, module, build, and public API bo
|
|
|
91
91
|
11. For type tests, prefer `@ts-expect-error` with a short reason. Do not use `@ts-ignore` in implementation code. Implementation `@ts-expect-error` needs an owner, removal condition, and risk report.
|
|
92
92
|
12. If a public API changes, trace every consumer-visible import specifier, runtime export, type export, declaration output, docs example, type-only export, overload, generic default, interface field, enum or literal member, class member, and package entry condition.
|
|
93
93
|
13. Treat `exports`, `types`, `typings`, `typesVersions`, package `type`, file extensions, path aliases, declaration import paths, and barrel exports as public API surfaces. Adding or tightening `exports` can break existing deep imports.
|
|
94
|
-
14.
|
|
95
|
-
15.
|
|
96
|
-
16.
|
|
97
|
-
17.
|
|
98
|
-
18.
|
|
94
|
+
14. For TypeScript that emits code for native Node ESM, prefer `.ts` source plus package `"type": "module"` and `module`/`moduleResolution` set to `NodeNext` or the repository's fixed Node mode. Do not rename every source file to `.mts` just to mean ESM; reserve `.mts` and `.cts` for explicit per-file module overrides or mixed-package boundaries.
|
|
95
|
+
15. In TypeScript source that targets native Node ESM, write relative imports using the emitted runtime specifier, usually `.js`, such as `import { createApp } from "./app.js"` from `app.ts`. Do not write extensionless relative imports or `.ts` runtime specifiers unless a declared loader, bundler, or runtime explicitly owns that behavior.
|
|
96
|
+
16. Use `moduleResolution: "Bundler"` only when a bundler such as Vite, esbuild, Rollup, or a framework build system owns final module resolution. Do not use bundler resolution to model code that Node will execute directly without that bundler.
|
|
97
|
+
17. If ESM/CJS behavior changes, verify package `type`, `main`, `module`, `browser`, `exports`, condition order, extension rules, generated JS, and generated declaration files together.
|
|
98
|
+
18. Inspect generated declarations when package surfaces change. Declaration files must not leak source-only aliases, private paths, workspace-only package names, unpublished internal paths, or accidental public re-exports.
|
|
99
|
+
19. For TypeScript 6 migration work, treat deprecation warnings as future TypeScript 7 removal risk. `ignoreDeprecations` is a temporary compatibility valve, not proof that the project is ready for 7.0. Prefer removing deprecated options and updating resolver or module choices to match the project runtime.
|
|
100
|
+
20. Treat TypeScript 6 `--stableTypeOrdering` as a migration comparison tool for declaration and error-order differences, not as a permanent performance-neutral default. If it changes errors or declaration output, look for inference or declaration-stability issues instead of snapshotting noise.
|
|
101
|
+
21. For TypeScript 7 migration work, keep the tracks separate:
|
|
99
102
|
- TS6 stable API track: `@typescript/typescript6` and `tsc6` for compiler API, transformer, ESLint, framework wrapper, and peer-dependency compatibility.
|
|
100
103
|
- TS7 RC compiler track: `typescript@rc` and `tsc` for RC compiler verification.
|
|
101
104
|
- TS7 nightly track: `@typescript/native-preview` and `tsgo` for nightly diagnostics only.
|
|
102
105
|
- Future TS7 stable track: stable `typescript` once upstream publishes TypeScript 7 on the normal stable path.
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
106
|
+
22. Keep compiler API consumers, language-service plugins, custom transformers, and framework typecheck wrappers on the TS6 API track until their owners explicitly support the TS7 API surface. Treat TS7 RC `tsc` as compiler verification, not proof that JavaScript compiler API consumers can migrate.
|
|
107
|
+
23. When comparing TS6 `tsc6`, TS7 RC `tsc`, and optional TS7 nightly `tsgo`, classify differences before editing code: real type error, declaration emit order or printback noise, unsupported option, unsupported API, watch or incremental behavior gap, language-service gap, generated-output drift, or framework wrapper mismatch.
|
|
108
|
+
24. Do not treat faster TS7 RC or nightly results as sufficient verification. Keep the repository's existing `tsc`, `tsc6`, or framework typecheck as the compatibility baseline until repository policy explicitly adopts a different compiler track.
|
|
109
|
+
25. Choose the narrowest configured verification intents that cover typecheck, lint, tests, build output, declarations, package contract risk, and downstream-style consumer risk.
|
|
107
110
|
|
|
108
111
|
<!-- mustflow-section: assertion-policy -->
|
|
109
112
|
## Assertion Policy
|