mustflow 2.85.4 → 2.99.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/script-pack.js +10 -0
- package/dist/cli/i18n/en.js +183 -0
- package/dist/cli/i18n/es.js +183 -0
- package/dist/cli/i18n/fr.js +183 -0
- package/dist/cli/i18n/hi.js +183 -0
- package/dist/cli/i18n/ko.js +183 -0
- package/dist/cli/i18n/zh.js +183 -0
- package/dist/cli/lib/script-pack-registry.js +284 -1
- package/dist/cli/script-packs/code-change-impact.js +6 -0
- package/dist/cli/script-packs/code-import-cycle.js +193 -0
- package/dist/cli/script-packs/docs-link-integrity.js +145 -0
- package/dist/cli/script-packs/repo-approval-gate.js +100 -0
- package/dist/cli/script-packs/repo-git-ignore-audit.js +119 -0
- package/dist/cli/script-packs/repo-manifest-lock-drift.js +122 -0
- package/dist/cli/script-packs/repo-merge-conflict-scan.js +123 -0
- package/dist/cli/script-packs/repo-skill-route-audit.js +86 -0
- package/dist/cli/script-packs/repo-version-source.js +92 -0
- package/dist/cli/script-packs/test-performance-report.js +247 -0
- package/dist/cli/script-packs/test-regression-selector.js +167 -0
- package/dist/core/change-impact.js +23 -51
- package/dist/core/change-surface-classification.js +198 -0
- package/dist/core/docs-link-integrity.js +443 -0
- package/dist/core/import-cycle.js +152 -0
- package/dist/core/public-json-contracts.js +116 -0
- package/dist/core/repo-approval-gate.js +116 -0
- package/dist/core/repo-git-ignore-audit.js +302 -0
- package/dist/core/repo-manifest-lock-drift.js +321 -0
- package/dist/core/repo-merge-conflict-scan.js +335 -0
- package/dist/core/repo-version-source.js +82 -0
- package/dist/core/script-pack-suggestions.js +77 -1
- package/dist/core/skill-route-audit.js +354 -0
- package/dist/core/test-performance-report.js +697 -0
- package/dist/core/test-regression-selector.js +335 -0
- package/package.json +1 -1
- package/schemas/README.md +40 -2
- package/schemas/change-impact-report.schema.json +35 -1
- package/schemas/import-cycle-report.schema.json +157 -0
- package/schemas/link-integrity-report.schema.json +176 -0
- package/schemas/repo-approval-gate-report.schema.json +115 -0
- package/schemas/repo-git-ignore-audit-report.schema.json +201 -0
- package/schemas/repo-manifest-lock-drift-report.schema.json +202 -0
- package/schemas/repo-merge-conflict-scan-report.schema.json +169 -0
- package/schemas/repo-version-source-report.schema.json +127 -0
- package/schemas/skill-route-audit-report.schema.json +144 -0
- package/schemas/test-performance-report.schema.json +319 -0
- package/schemas/test-regression-selector-report.schema.json +187 -0
- package/templates/default/i18n.toml +66 -18
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +45 -8
- package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +48 -27
- package/templates/default/locales/en/.mustflow/skills/api-failure-triage/SKILL.md +270 -0
- package/templates/default/locales/en/.mustflow/skills/auth-flow-triage/SKILL.md +192 -0
- package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +59 -13
- package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +14 -5
- package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +30 -15
- package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +45 -32
- package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +200 -0
- package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +87 -13
- package/templates/default/locales/en/.mustflow/skills/docker-runtime-triage/SKILL.md +191 -0
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +18 -13
- package/templates/default/locales/en/.mustflow/skills/line-ending-hygiene/SKILL.md +18 -10
- package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +4 -1
- package/templates/default/locales/en/.mustflow/skills/motion-system-contract-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/next-action-menu/SKILL.md +177 -0
- package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +15 -7
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +59 -35
- package/templates/default/locales/en/.mustflow/skills/powershell-code-change/SKILL.md +16 -6
- package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +4 -1
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +19 -10
- package/templates/default/locales/en/.mustflow/skills/rag-pipeline-triage/SKILL.md +206 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +54 -0
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +10 -4
- package/templates/default/locales/en/.mustflow/skills/search-index-integrity-review/SKILL.md +181 -0
- package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +37 -23
- package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +9 -0
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +14 -9
- package/templates/default/locales/en/.mustflow/skills/vector-search-integrity-review/SKILL.md +209 -0
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +16 -14
- package/templates/default/manifest.toml +64 -1
|
@@ -78,6 +78,12 @@ route_type = "adjunct"
|
|
|
78
78
|
priority = 85
|
|
79
79
|
applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "mustflow_docs_change", "mustflow_config_change", "package_metadata_change", "release_risk"]
|
|
80
80
|
|
|
81
|
+
[routes."next-action-menu"]
|
|
82
|
+
category = "workflow_contracts"
|
|
83
|
+
route_type = "adjunct"
|
|
84
|
+
priority = 72
|
|
85
|
+
applies_to_reasons = ["unknown_change", "docs_change", "workflow_change", "mustflow_docs_change", "package_metadata_change"]
|
|
86
|
+
|
|
81
87
|
[routes."proactive-risk-surfacing"]
|
|
82
88
|
category = "workflow_contracts"
|
|
83
89
|
route_type = "event"
|
|
@@ -234,6 +240,30 @@ route_type = "adjunct"
|
|
|
234
240
|
priority = 73
|
|
235
241
|
applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "public_api_change", "performance_change", "security_change", "privacy_change", "data_change", "docs_change"]
|
|
236
242
|
|
|
243
|
+
[routes."api-failure-triage"]
|
|
244
|
+
category = "bug_failure"
|
|
245
|
+
route_type = "primary"
|
|
246
|
+
priority = 72
|
|
247
|
+
applies_to_reasons = ["unknown_change", "command_failure", "behavior_change", "public_api_change", "performance_change", "data_change", "docs_change"]
|
|
248
|
+
|
|
249
|
+
[routes."auth-flow-triage"]
|
|
250
|
+
category = "bug_failure"
|
|
251
|
+
route_type = "primary"
|
|
252
|
+
priority = 74
|
|
253
|
+
applies_to_reasons = ["unknown_change", "command_failure", "behavior_change", "security_change", "privacy_change", "data_change", "docs_change"]
|
|
254
|
+
|
|
255
|
+
[routes."docker-runtime-triage"]
|
|
256
|
+
category = "bug_failure"
|
|
257
|
+
route_type = "primary"
|
|
258
|
+
priority = 73
|
|
259
|
+
applies_to_reasons = ["unknown_change", "command_failure", "behavior_change", "performance_change", "data_change", "docs_change"]
|
|
260
|
+
|
|
261
|
+
[routes."ci-pipeline-triage"]
|
|
262
|
+
category = "bug_failure"
|
|
263
|
+
route_type = "primary"
|
|
264
|
+
priority = 75
|
|
265
|
+
applies_to_reasons = ["unknown_change", "command_failure", "workflow_change", "mustflow_config_change", "docs_change", "test_change", "package_metadata_change", "release_risk", "performance_change", "security_change"]
|
|
266
|
+
|
|
237
267
|
[routes."app-startup-performance-review"]
|
|
238
268
|
category = "general_code"
|
|
239
269
|
route_type = "adjunct"
|
|
@@ -522,6 +552,12 @@ route_type = "primary"
|
|
|
522
552
|
priority = 67
|
|
523
553
|
applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "docs_change", "public_api_change", "data_change", "security_change", "privacy_change", "package_metadata_change", "release_risk"]
|
|
524
554
|
|
|
555
|
+
[routes."rag-pipeline-triage"]
|
|
556
|
+
category = "general_code"
|
|
557
|
+
route_type = "primary"
|
|
558
|
+
priority = 72
|
|
559
|
+
applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "docs_change", "public_api_change", "data_change", "performance_change", "security_change", "privacy_change", "package_metadata_change", "release_risk"]
|
|
560
|
+
|
|
525
561
|
[routes."llm-token-cost-control-review"]
|
|
526
562
|
category = "general_code"
|
|
527
563
|
route_type = "primary"
|
|
@@ -618,6 +654,18 @@ route_type = "primary"
|
|
|
618
654
|
priority = 86
|
|
619
655
|
applies_to_reasons = ["code_change", "data_change", "migration_change", "behavior_change", "public_api_change", "test_change", "docs_change", "security_change", "performance_change"]
|
|
620
656
|
|
|
657
|
+
[routes."search-index-integrity-review"]
|
|
658
|
+
category = "data_external"
|
|
659
|
+
route_type = "primary"
|
|
660
|
+
priority = 74
|
|
661
|
+
applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "public_api_change", "performance_change", "data_change", "docs_change", "package_metadata_change", "release_risk"]
|
|
662
|
+
|
|
663
|
+
[routes."vector-search-integrity-review"]
|
|
664
|
+
category = "data_external"
|
|
665
|
+
route_type = "primary"
|
|
666
|
+
priority = 73
|
|
667
|
+
applies_to_reasons = ["unknown_change", "code_change", "behavior_change", "test_change", "public_api_change", "performance_change", "data_change", "docs_change", "package_metadata_change", "release_risk"]
|
|
668
|
+
|
|
621
669
|
[routes."dependency-upgrade-review"]
|
|
622
670
|
category = "data_external"
|
|
623
671
|
route_type = "primary"
|
|
@@ -834,6 +882,12 @@ route_type = "adjunct"
|
|
|
834
882
|
priority = 81
|
|
835
883
|
applies_to_reasons = ["ui_change", "performance_change", "behavior_change", "code_change", "web_asset_change"]
|
|
836
884
|
|
|
885
|
+
[routes."motion-system-contract-review"]
|
|
886
|
+
category = "ui_assets"
|
|
887
|
+
route_type = "adjunct"
|
|
888
|
+
priority = 83
|
|
889
|
+
applies_to_reasons = ["ui_change", "behavior_change", "code_change", "performance_change", "test_change", "docs_change", "web_asset_change"]
|
|
890
|
+
|
|
837
891
|
[routes."frontend-state-ownership-review"]
|
|
838
892
|
category = "ui_assets"
|
|
839
893
|
route_type = "adjunct"
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.rust-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 6
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: rust-code-change
|
|
@@ -101,9 +101,14 @@ instead of treated as incidental.
|
|
|
101
101
|
- before using newer APIs, build an API-specific MSRV ledger instead of relying on a broad release bucket. Examples that need exact checking include `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`;
|
|
102
102
|
- do not use any newer API unless the declared MSRV, edition, CI matrix, docs.rs metadata, and toolchain path support that exact API;
|
|
103
103
|
- keep experimental, nightly-only, target-specific, or edition-specific behavior behind explicit gates or fallbacks instead of calling it general Rust advice.
|
|
104
|
-
5.
|
|
105
|
-
|
|
106
|
-
|
|
104
|
+
5. For Rust 2024 or edition migration work, review semantics instead of treating the edition as formatting:
|
|
105
|
+
- inspect `unsafe extern` blocks, unsafe attributes such as exported symbols or custom sections, `unsafe_op_in_unsafe_fn`, and public unsafe docs together;
|
|
106
|
+
- check `if let` scrutinee temporaries and tail-expression temporaries around locks, `RefCell`, guards, files, network handles, and other `Drop` values;
|
|
107
|
+
- review macro fragment specifiers, especially expression fragments whose accepted syntax changes by edition, and use older-edition fragments only when the macro intentionally rejects newer forms;
|
|
108
|
+
- treat automatic edition rewrites as candidate diffs that still need human review of unsafe, macro, pattern, temporary lifetime, docs, and examples.
|
|
109
|
+
6. Prefer flatter control flow when the MSRV supports it: use `let else` for early validation, let chains for related optional/result guards, and match `if let` guards for state-machine refinements. Remember that guard patterns do not satisfy match exhaustiveness; keep the fallback arm meaningful.
|
|
110
|
+
7. In tests, prefer `assert_matches!` over `assert!(matches!(...))` when the MSRV supports it and the failed value has useful `Debug` output. Import it explicitly from `std` or `core`; do not assume it is in the prelude.
|
|
111
|
+
8. Resolve ownership problems in this order: identify the real owner, shrink borrow scopes, fix function signatures to accept references or slices when ownership is unnecessary, distinguish transfer from sharing, then consider clone or shared ownership only when the semantics require it.
|
|
107
112
|
8. Before adding `clone`, verify it is a cheap handle clone such as `Arc`, `Rc`, or `Bytes`, a small intentional value clone, or a true independent ownership split. Reject large collection clones, loop clones, clone-then-borrow code, and whole-state clones made only to satisfy `spawn`.
|
|
108
113
|
9. Before adding `Arc<Mutex<_>>`, verify multiple owners truly need shared mutable state. For read-mostly snapshots, prefer ownership-preserving choices such as `Arc::make_mut`, immutable swaps, or explicit reload boundaries. Keep critical sections short, document lock order when relevant, and do not hold a lock guard across `.await`, I/O, callbacks, or user code.
|
|
109
114
|
10. Choose initialization primitives by input and failure semantics: use `LazyLock` for no-argument static lazy values that may poison permanently on panic, and `OnceLock` when boot-time or test-time code supplies the value or panic poisoning must not become the recovery policy.
|
|
@@ -135,6 +140,7 @@ Reject or revise the patch when any of these appear without strong local justifi
|
|
|
135
140
|
- New large `clone()` calls, clone-then-borrow code, loop clones, or state clones used only to appease ownership errors.
|
|
136
141
|
- New `Arc<Mutex<AppState>>`-style shared bags, locks held across `.await`, or async I/O resources shared mainly by mutex.
|
|
137
142
|
- New version-gated Rust API usage without API-specific MSRV, `rust-version`, edition, toolchain, CI, or fallback evidence.
|
|
143
|
+
- Rust 2024 edition changes accepted without reviewing unsafe extern blocks, unsafe attributes, `unsafe_op_in_unsafe_fn`, temporary drop scopes, and macro fragment behavior where those surfaces exist.
|
|
138
144
|
- New `LazyLock` initialization for recoverable runtime configuration where permanent panic poisoning would be the wrong failure policy.
|
|
139
145
|
- New `spare_capacity_mut` plus `set_len` without a narrow, proven initialization invariant.
|
|
140
146
|
- New public `impl Trait`, `Deref`, GAT, workspace resolver, feature, or `rust-version` change without public API and compatibility review.
|
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
---
|
|
2
|
+
mustflow_doc: skill.search-index-integrity-review
|
|
3
|
+
locale: en
|
|
4
|
+
canonical: true
|
|
5
|
+
revision: 1
|
|
6
|
+
lifecycle: mustflow-owned
|
|
7
|
+
authority: procedure
|
|
8
|
+
name: search-index-integrity-review
|
|
9
|
+
description: Apply this skill when keyword search, full-text search, Elasticsearch, OpenSearch, Lucene-style indexes, search APIs, indexing pipelines, aliases, bulk indexing, refresh visibility, analyzers, mappings, synonyms, autocomplete, pagination, shard failures, search quality, or search performance are created, changed, reviewed, or failing. Use vector-search-integrity-review first for vector-only or semantic retrieval mechanics, and use rag-pipeline-triage first when a RAG failure is not yet localized to search retrieval.
|
|
10
|
+
metadata:
|
|
11
|
+
mustflow_schema: "1"
|
|
12
|
+
mustflow_kind: procedure
|
|
13
|
+
pack_id: mustflow.core
|
|
14
|
+
skill_id: mustflow.core.search-index-integrity-review
|
|
15
|
+
command_intents:
|
|
16
|
+
- changes_status
|
|
17
|
+
- changes_diff_summary
|
|
18
|
+
- lint
|
|
19
|
+
- build
|
|
20
|
+
- test_related
|
|
21
|
+
- test
|
|
22
|
+
- docs_validate_fast
|
|
23
|
+
- test_release
|
|
24
|
+
- mustflow_check
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
# Search Index Integrity Review
|
|
28
|
+
|
|
29
|
+
<!-- mustflow-section: purpose -->
|
|
30
|
+
## Purpose
|
|
31
|
+
|
|
32
|
+
Review search as an end-to-end index and query contract, not as "the cluster is green."
|
|
33
|
+
|
|
34
|
+
The core question is whether a source record can be changed, accepted by the indexing path, become visible through the same API users call, rank as expected, stay isolated by tenant and filters, and remain fast under realistic query shapes.
|
|
35
|
+
|
|
36
|
+
<!-- mustflow-section: use-when -->
|
|
37
|
+
## Use When
|
|
38
|
+
|
|
39
|
+
- Code creates or changes search ingestion, indexing jobs, bulk writes, index aliases, refresh policy, index templates, mappings, analyzers, keyword or text fields, synonyms, autocomplete, query builders, filters, sort, pagination, highlighting, source filtering, result shaping, search caches, or search observability.
|
|
40
|
+
- Search is missing documents, returning stale data, returning partial results, ranking the wrong document, showing zero results, leaking tenant data, slowing down, timing out, rejecting writes, or behaving differently through direct search, backend API, and UI.
|
|
41
|
+
- A review needs index visibility, read/write alias, bulk item errors, shard failure, mapping drift, analyzer, synonym, golden-set, p95 or p99 latency, slow-log, query fingerprint, shard fan-out, cache, refresh, segment merge, disk watermark, or search SLO evidence.
|
|
42
|
+
|
|
43
|
+
<!-- mustflow-section: do-not-use-when -->
|
|
44
|
+
## Do Not Use When
|
|
45
|
+
|
|
46
|
+
- The task is only vector, semantic, embedding, ANN, reranking, or vector hybrid mechanics; use `vector-search-integrity-review` first.
|
|
47
|
+
- The task is an end-to-end RAG failure and it is not yet clear whether ingestion, retrieval, context assembly, prompt construction, generation, citation validation, or answerability failed; use `rag-pipeline-triage` first.
|
|
48
|
+
- The task is only API transport, CORS, SDK, gateway, auth, or cache failure before the search boundary is known; use `api-failure-triage`.
|
|
49
|
+
- The task is ordinary database query performance with no search index, analyzer, ranking, alias, or indexing path.
|
|
50
|
+
- The requested evidence would require dumping private queries, customer documents, raw personal data, or production result pages into docs, tests, commits, or reports. Use safe IDs, hashes, synthetic fixtures, aggregate counts, or redacted examples.
|
|
51
|
+
|
|
52
|
+
<!-- mustflow-section: required-inputs -->
|
|
53
|
+
## Required Inputs
|
|
54
|
+
|
|
55
|
+
- Symptom classification: source not indexed, write not visible, wrong alias, partial shard result, wrong exact match, wrong full-text match, ranking drift, zero results, stale delete, tenant leak, autocomplete failure, deep-page failure, slow query, bulk rejection, mapping conflict, or UI/API mismatch.
|
|
56
|
+
- Source-to-search ledger: source id, tenant, category, status, update time, indexing request time, bulk item result, indexed document id, direct lookup result, first search-visible time, rank, delete or tombstone state, and visibility lag.
|
|
57
|
+
- Query contract ledger: user-facing API path, direct search request, API-transformed request, UI result shaping, index or alias, tenant and permission filters, analyzed fields, exact fields, sort, pagination mode, source fields, highlight fields, cache state, and expected result ids.
|
|
58
|
+
- Index contract ledger: read alias, write alias, index templates, mappings, analyzers, normalizers, synonym sets, dynamic mapping policy, refresh policy, shard and replica plan, segment or merge state, disk watermark risk, and rollover or reindex status.
|
|
59
|
+
- Quality ledger: representative queries, expected results, acceptable alternatives, zero-result expectations, Precision@K, Recall@K, MRR or ranking metric, before/after comparison, click or behavior metric limitations, and golden-set fixture status.
|
|
60
|
+
- Performance ledger: cold and warm latency, p50, p95, p99, search server time, API time, UI time, query phase, fetch phase, response size, shard fan-out, thread-pool active/queue/rejected, slow-log or query-profile evidence, cache hit or miss, and retry behavior.
|
|
61
|
+
- Privacy ledger: raw query text, document text, tenant ids, user ids, behavior analytics, search logs, highlights, and whether evidence can be stored safely as synthetic fixtures, ids, hashes, summaries, or aggregate metrics.
|
|
62
|
+
|
|
63
|
+
<!-- mustflow-section: preconditions -->
|
|
64
|
+
## Preconditions
|
|
65
|
+
|
|
66
|
+
- The task matches the Use When conditions and does not match the Do Not Use When exclusions.
|
|
67
|
+
- Higher-priority instructions and `.mustflow/config/commands.toml` have been checked.
|
|
68
|
+
- Existing search adapters, query builders, index templates, mapping fixtures, golden sets, telemetry, and tests have been searched before changing search behavior.
|
|
69
|
+
- Raw private document text, queries, user behavior, and tenant-identifying payloads are not copied into repository artifacts unless they are safe synthetic fixtures.
|
|
70
|
+
|
|
71
|
+
<!-- mustflow-section: allowed-edits -->
|
|
72
|
+
## Allowed Edits
|
|
73
|
+
|
|
74
|
+
- Add or tighten search canaries, indexing ledgers, bulk item error handling, alias checks, mapping and analyzer fixtures, exact-versus-full-text tests, tenant and permission filter tests, golden-set tests, synonym regression tests, pagination guards, query fingerprint metrics, search latency metrics, docs, and directly synchronized templates.
|
|
75
|
+
- Add focused synthetic fixtures that encode expected exact search, full-text search, analyzer behavior, synonym behavior, filtered search, tenant isolation, zero-result behavior, pagination stability, and ranking order.
|
|
76
|
+
- Do not change analyzer, synonym, refresh, alias, shard, cache, or ranking settings blindly. First preserve source-to-search, query-contract, quality, and performance evidence.
|
|
77
|
+
- Do not force every write to refresh immediately unless the product contract explicitly needs synchronous visibility and the indexing cost is accepted.
|
|
78
|
+
- Do not treat search metrics as permission checks. Authorization and tenant filters must remain enforced outside and inside the search query path as the product requires.
|
|
79
|
+
|
|
80
|
+
<!-- mustflow-section: procedure -->
|
|
81
|
+
## Procedure
|
|
82
|
+
|
|
83
|
+
1. Classify the failure before tuning.
|
|
84
|
+
- Separate source missing, indexing rejected, write not visible, wrong alias, direct lookup mismatch, exact-search mismatch, full-text mismatch, ranking drift, partial shard result, API/UI transformation, stale cache, and slow query.
|
|
85
|
+
- If the symptom is only "cluster green but users cannot find it," require source-to-search evidence.
|
|
86
|
+
2. Add or inspect a search canary when the system supports it.
|
|
87
|
+
- A unique canary document should pass through the same write path and user-facing search API as real data.
|
|
88
|
+
- Record accepted time, first visible time, rank, index or alias, tenant or filter context, and not-found evidence.
|
|
89
|
+
3. Check bulk and ingestion outcomes per item.
|
|
90
|
+
- A batch-level success is insufficient. Inspect item-level errors, mapping conflicts, version conflicts, rejected writes, shard failures, retries, and failed ids.
|
|
91
|
+
- Preserve failed source ids or safe hashes so reindex and reconciliation can target real misses.
|
|
92
|
+
4. Reconcile source and index by slices.
|
|
93
|
+
- Compare counts and checksums by tenant, date, category, status, or other ownership boundary.
|
|
94
|
+
- Total count equality can hide one tenant missing and another duplicated.
|
|
95
|
+
5. Split direct lookup, exact search, and full-text search.
|
|
96
|
+
- Direct lookup success with search failure points toward refresh, alias, mapping, analyzer, filter, query, or API transformation.
|
|
97
|
+
- Exact keyword failure and full-text failure are different contracts.
|
|
98
|
+
6. Check read and write aliases.
|
|
99
|
+
- Expand aliases to concrete indexes, write index, filters, routing, rollover state, and reindex targets.
|
|
100
|
+
- A new index receiving writes while search reads the old alias is an indexing visibility bug, not a ranking bug.
|
|
101
|
+
7. Treat partial shard results as correctness evidence.
|
|
102
|
+
- Record `timed_out`, total shards, successful shards, failed shards, and partial-result policy.
|
|
103
|
+
- If partial results are not a valid product state, fail the request instead of silently returning incomplete search.
|
|
104
|
+
8. Compare direct search, backend API, and UI output.
|
|
105
|
+
- Direct search isolates engine behavior.
|
|
106
|
+
- Backend API adds query builders, permission filters, caches, response shaping, and pagination.
|
|
107
|
+
- UI adds sorting, dedupe, local cache, page state, and display filtering.
|
|
108
|
+
9. Inspect mappings and analyzers before changing queries.
|
|
109
|
+
- IDs, emails, status codes, tags, and exact filters usually need keyword-like fields.
|
|
110
|
+
- Human text usually needs text analysis. Use analyzer evidence or fixtures to prove tokenization for punctuation, case, hyphen, Korean spacing, product codes, and mixed alphanumeric text.
|
|
111
|
+
10. Review synonym and ranking changes against a golden set.
|
|
112
|
+
- Synonyms can improve one query and break many others.
|
|
113
|
+
- Compare representative queries before and after; include zero-result, typo, ambiguous, category, brand, long natural-language, and high-value queries.
|
|
114
|
+
11. Explain surprising ranks only for bounded cases.
|
|
115
|
+
- Inspect why one expected document ranked below another for a small failing sample.
|
|
116
|
+
- Do not enable expensive explain or profile behavior for broad production traffic.
|
|
117
|
+
12. Separate query, fetch, API, and UI latency.
|
|
118
|
+
- p50, p95, and p99 must be grouped by search type, index, route, role, tenant class, and query fingerprint where safe.
|
|
119
|
+
- Fetch time, source size, highlight fields, nested fields, and response shaping can dominate score calculation.
|
|
120
|
+
13. Fingerprint query shapes.
|
|
121
|
+
- Remove raw IDs, dates, user text, and tenant secrets before grouping.
|
|
122
|
+
- Store query family, index, role, shard count, cache state, source fields, sort, and filter shape so one feature cannot hide across millions of unique queries.
|
|
123
|
+
14. Check shard fan-out, thread pools, segments, cache, and disk.
|
|
124
|
+
- Search across hundreds of tiny shards, stale segments, merge backlog, cold caches, search queue rejections, hot shards, and disk watermarks can look like application bugs.
|
|
125
|
+
- Separate cold and warm measurements; cached benchmarks are not full search evidence.
|
|
126
|
+
15. Review refresh and visibility policy.
|
|
127
|
+
- Indexing success is not search visibility.
|
|
128
|
+
- Use synchronous visibility only for writes whose user contract needs it; otherwise define acceptable visibility lag and measure it.
|
|
129
|
+
16. Review pagination and result payloads.
|
|
130
|
+
- Avoid deep offset pagination as a default product contract.
|
|
131
|
+
- Use stable tie-breakers for cursor-like pagination, and limit source fields and highlights to what the UI needs.
|
|
132
|
+
17. Keep vector and hybrid boundaries explicit.
|
|
133
|
+
- If dense vectors, ANN, reranking, hybrid score fusion, or Recall@K drives the failure, switch to `vector-search-integrity-review` for that slice.
|
|
134
|
+
- If the bug is ordinary keyword indexing, alias, analyzer, source filtering, or shard partials, keep this skill as the primary route.
|
|
135
|
+
18. Define numeric SLOs and destructive drills when in scope.
|
|
136
|
+
- Useful examples include indexing-to-search-visible p95, search p99, zero-result rate, partial shard failure rate, top-result duplication, golden-set metric, bulk item failure rate, and reindex reconciliation lag.
|
|
137
|
+
- Live node kills, disk pressure, alias mistakes, mapping conflicts, and mass reindex drills are manual unless the command contract declares them.
|
|
138
|
+
|
|
139
|
+
<!-- mustflow-section: postconditions -->
|
|
140
|
+
## Postconditions
|
|
141
|
+
|
|
142
|
+
- The search symptom, source-to-search ledger, query contract, index contract, quality ledger, performance ledger, and privacy boundary are explicit.
|
|
143
|
+
- Bulk item errors, source/index reconciliation, direct lookup, exact search, full-text search, aliases, partial shards, API/UI transformation, mappings, analyzers, synonyms, ranking, pagination, source payload, shard fan-out, thread-pool pressure, cache state, refresh visibility, segments, disk, and SLO evidence are fixed or reported where relevant.
|
|
144
|
+
- Search claims are backed by configured tests, fixtures, golden-set evidence, static review, safe canary evidence, or labeled manual-only or missing.
|
|
145
|
+
|
|
146
|
+
<!-- mustflow-section: verification -->
|
|
147
|
+
## Verification
|
|
148
|
+
|
|
149
|
+
Use configured oneshot command intents when available:
|
|
150
|
+
|
|
151
|
+
- `changes_status`
|
|
152
|
+
- `changes_diff_summary`
|
|
153
|
+
- `lint`
|
|
154
|
+
- `build`
|
|
155
|
+
- `test_related`
|
|
156
|
+
- `test`
|
|
157
|
+
- `docs_validate_fast`
|
|
158
|
+
- `test_release`
|
|
159
|
+
- `mustflow_check`
|
|
160
|
+
|
|
161
|
+
Prefer the narrowest configured tests that cover search contract, tenant isolation, filters, mappings, analyzer fixtures, golden-set metrics, docs, or template surfaces. Report missing live search cluster, slow-log, reindex, canary, load, or production-index evidence instead of inventing live diagnostics.
|
|
162
|
+
|
|
163
|
+
<!-- mustflow-section: failure-handling -->
|
|
164
|
+
## Failure Handling
|
|
165
|
+
|
|
166
|
+
- If the query contract cannot be reconstructed, report the missing source, alias, filter, analyzer, ranking, or API transformation evidence before changing search settings.
|
|
167
|
+
- If evidence contains raw private query text, document text, personal data, behavior analytics, or tenant-identifying data, redact to synthetic fixtures, ids, hashes, safe summaries, or aggregate metrics.
|
|
168
|
+
- If the fix requires live index rebuild, production reindex, alias flip, cluster setting change, slow-log enablement, profile API on real traffic, or destructive drill outside the command contract, report the manual boundary.
|
|
169
|
+
- If configured verification fails, preserve the failing intent and output tail, then fix only the localized search contract or test expectation.
|
|
170
|
+
|
|
171
|
+
<!-- mustflow-section: output-format -->
|
|
172
|
+
## Output Format
|
|
173
|
+
|
|
174
|
+
- Search index integrity reviewed
|
|
175
|
+
- Symptom, source-to-search ledger, query contract, index contract, quality ledger, performance ledger, and privacy boundary
|
|
176
|
+
- Bulk, reconciliation, lookup, exact/full-text, alias, shard, API/UI, mapping, analyzer, synonym, ranking, pagination, payload, shard fan-out, thread-pool, cache, refresh, segment, disk, and SLO findings
|
|
177
|
+
- Fix applied or recommended
|
|
178
|
+
- Evidence level: canary evidence, golden-set evidence, configured-test evidence, static review risk, manual-only, missing, or not applicable
|
|
179
|
+
- Command intents run
|
|
180
|
+
- Skipped search diagnostics and reasons
|
|
181
|
+
- Remaining search-index risk
|
package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md
CHANGED
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
mustflow_doc: skill.service-boundary-architecture
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 2
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: service-boundary-architecture
|
|
9
|
-
description: Apply this skill when service boundaries, modular-monolith boundaries, data ownership, queue/event boundaries, multi-tenant isolation, failure flow, operational recovery, or large-scale architecture split decisions are designed, reviewed, or changed.
|
|
9
|
+
description: Apply this skill when service boundaries, modular-monolith boundaries, data ownership, queue/event boundaries, multi-tenant isolation, failure flow, independent deployment, operational recovery, disaster recovery, service split evidence, team ownership, cost, toil, or large-scale architecture split decisions are designed, reviewed, or changed.
|
|
10
10
|
metadata:
|
|
11
11
|
mustflow_schema: "1"
|
|
12
12
|
mustflow_kind: procedure
|
|
@@ -39,6 +39,7 @@ This skill protects against the common failure mode where a system is split by n
|
|
|
39
39
|
- A task designs, reviews, documents, or changes service boundaries, modular-monolith boundaries, bounded contexts, team ownership, API ownership, event ownership, queue ownership, or data ownership.
|
|
40
40
|
- A monolith is being prepared for future split, a microservice split is proposed, or a service/module boundary is causing deploy, data, incident, or team coordination pain.
|
|
41
41
|
- The task touches cross-service transactions, outbox/inbox patterns, idempotency, retries, timeouts, caches, read models, search models, shared databases, operational tools, manual correction, observability, tenancy, hot keys, or failure recovery.
|
|
42
|
+
- A boundary claim needs proof from recent co-change history, independent deployability, dependency direction, database write ownership, synchronous call depth, queue backlog behavior, graceful shutdown, health probe correctness, version compatibility, restore or DR drills, least-privilege access, config blast radius, cost, toil, or team bottlenecks.
|
|
42
43
|
- Architecture docs, decision records, onboarding docs, or skills need durable guidance for large-system design and operational readiness.
|
|
43
44
|
|
|
44
45
|
<!-- mustflow-section: do-not-use-when -->
|
|
@@ -57,6 +58,7 @@ This skill protects against the common failure mode where a system is split by n
|
|
|
57
58
|
- Data ownership map: which module or service is the source of truth for each core fact, identifier, status, ledger, permission, tenant record, event, and read projection.
|
|
58
59
|
- Current or proposed communication paths: direct calls, APIs, events, queues, shared databases, shared caches, batch jobs, search indexes, analytics stores, files, and admin tools.
|
|
59
60
|
- Failure flows: duplicate requests, partial success, timeout, retry, consumer crash, queue backlog, dead-letter handling, external provider uncertainty, reconciliation, and manual correction.
|
|
61
|
+
- Boundary proof ledger: last 3 months of PR co-change by repository, service, schema, deployment pipeline, and team; independent deploy test; dependency cycle map; table write ownership; synchronous call count; non-core dependency failure behavior; timeout and retry budget; queue oldest age; saturation curve; noisy-neighbor evidence; graceful shutdown; health probe split; old/new version compatibility; trace continuity; user-facing SLOs; local dev setup cost; ADR rationale; least-privilege access; config blast radius; restore and DR drill; cost per feature or customer; toil and approval bottlenecks.
|
|
60
62
|
- Consistency expectations: strong consistency, eventual consistency, tolerated delay, stale reads, cache invalidation, read/write split, search delay, and deletion or retention rules.
|
|
61
63
|
- Tenant, authorization, observability, deployment, migration, and operations requirements.
|
|
62
64
|
- Configured verification intents and any existing architecture decision records or context files.
|
|
@@ -82,25 +84,32 @@ This skill protects against the common failure mode where a system is split by n
|
|
|
82
84
|
|
|
83
85
|
1. Name the business capabilities and the facts each capability owns. For every core fact, identify exactly one source of truth and the owner responsible for correcting it.
|
|
84
86
|
2. Split first by reason to change, not by noun. Keep code together when it changes together; split only when ownership, release cadence, scale, compliance, failure isolation, or team autonomy makes the boundary useful.
|
|
85
|
-
3.
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
87
|
+
3. Prove whether the proposed boundary is real.
|
|
88
|
+
- Mine recent PRs or change records when available: count repositories, services, DB schemas, deployment pipelines, and teams touched by one small requirement.
|
|
89
|
+
- Try the independent-deploy thought experiment: if one boundary cannot ship without another service version, shared library, DB migration, frontend deploy, or meeting, it is not independent yet.
|
|
90
|
+
- Draw dependency direction and cycles. Cycles usually mean the responsibility and data boundary is wrong, not merely that imports need cleaning.
|
|
91
|
+
- Count how many synchronous services and stores must succeed for one user action. If the answer is "many, or humans fix the database," the consistency boundary may be split in the wrong place.
|
|
92
|
+
4. Prefer a modular monolith with hard internal boundaries when the team is still discovering the domain. Draw future split lines early, but do not pay distributed-system costs before the boundary pressure is real.
|
|
93
|
+
5. Reject shared database ownership. If another service or module needs data, choose an API, event, read projection, export, or explicitly owned query surface instead of direct table coupling. Table write ownership should be explicit for every core fact.
|
|
94
|
+
6. Design failure flows before the happy path. Cover partial success, duplicated requests, timeout, unknown external outcome, consumer crash, queue backlog, dead-letter handling, replay, reconciliation, and manual recovery.
|
|
95
|
+
7. Require idempotency for commands that create, charge, reserve, approve, issue, grant, cancel, refund, redeem, or mutate durable state. Use stable request keys and return the previous result for duplicate keys.
|
|
96
|
+
8. Treat queues as storage and backpressure, not magic. Define retry policy, exponential backoff or jitter, max attempts, retention, dead-letter ownership, consumer scaling, ordering expectations, replay safety, loss tolerance, oldest-message age, and catch-up rate.
|
|
97
|
+
9. Every network call across the boundary needs a timeout, bounded retry policy, fallback or failure result, duplicate-safety story, observability identifiers, and a request-level budget so retries do not multiply across layers.
|
|
98
|
+
10. Treat caches as a consistency tradeoff. Declare which stale values are acceptable, max staleness, invalidation owner, tenant and permission visibility, and whether the cache is allowed to become authority.
|
|
99
|
+
11. Model authorization, tenant isolation, audit, and data visibility at the boundary. Tenant ID must travel through APIs, queues, caches, logs, files, reports, and admin tools when the system is multi-tenant. Service accounts should have only the DB, queue, storage, and API permissions the boundary needs.
|
|
100
|
+
12. For event-driven boundaries, use past-tense fact events such as `OrderCreated` or `PaymentApproved`. Do not disguise commands as events. Include event ID, version, occurred time, publisher, subject, causation or request ID, correlation or trace ID, and compatible schema evolution rules.
|
|
101
|
+
13. Separate transaction data from search, reporting, analytics, and screen-shaped read projections when their consistency, indexing, query, or retention needs diverge.
|
|
102
|
+
14. Define tolerated delay with numbers. Replace vague "real-time" claims with accepted latency or freshness windows such as seconds, minutes, or batch cadence.
|
|
103
|
+
15. Check hot keys and noisy neighbors. Define per-tenant, per-customer, per-room, per-campaign, or per-product limits, queue separation, worker pool separation, connection caps, and external API call caps when one key can dominate load.
|
|
104
|
+
16. Check saturation and graceful degradation. Drive load past normal capacity in a bounded test plan when available, and identify the first bottleneck: worker pool, DB pool, locks, thread pool, queue, disk, external quota, or cache stampede.
|
|
105
|
+
17. Keep domain rules in the owning domain layer. Do not scatter refund windows, cancellation rules, entitlement checks, inventory reservations, or admin overrides across controllers, UI, workers, and jobs.
|
|
106
|
+
18. Plan migrations with expand, dual-write or compatibility, backfill, read switch, verification, and contract removal. Do not rename or remove shared fields in one deployment step. Old and new versions should tolerate unknown fields, missing fields, old messages, and new schema during rollout.
|
|
107
|
+
19. Plan deletion and retention before data is created. Identify legal retention, anonymization, log masking, backup retention, search/read-model cleanup, and audit exceptions.
|
|
108
|
+
20. Make observability a product feature. Connect API, queue, worker, external provider, database, and admin operations with trace, request, correlation, causation, job, and tenant identifiers. Prefer p95, p99, error rate, queue age, backlog, dependency failure rate, and business success rate over averages.
|
|
109
|
+
21. Make deployment, rollback, shutdown, and health checks boundary decisions. Use feature flags, canaries, partial exposure, compatibility windows, kill switches, readiness/liveness/startup separation, graceful drain, and rollback-forward plans for risky boundary changes.
|
|
110
|
+
22. Provide operational tools for reality: reconcile external state, retry or quarantine failed messages, correct user/account/order state, revoke permissions, inspect provider responses, and undo manual changes with audit and approval when required.
|
|
111
|
+
23. Prove recovery, cost, and toil. A backup is not a boundary guarantee until it is restored in a clean environment. DR, config rollback, secret or certificate recovery, per-feature cost, repeated manual work, and single-team or single-person approval bottlenecks should be measured or reported.
|
|
112
|
+
24. Record the decision: selected boundary, rejected alternatives, reason, assumptions, failure modes, data owner, operational owner, verification, cost, toil, and revisit triggers.
|
|
104
113
|
|
|
105
114
|
<!-- mustflow-section: review-rejection-criteria -->
|
|
106
115
|
## Review Rejection Criteria
|
|
@@ -110,6 +119,9 @@ Reject or revise the design when:
|
|
|
110
119
|
- A service or module boundary has no named data owner.
|
|
111
120
|
- Two owners write the same core fact without a conflict rule.
|
|
112
121
|
- A service reads another service's tables or cache as normal behavior.
|
|
122
|
+
- A small requirement routinely changes many repositories, services, schemas, pipelines, or teams.
|
|
123
|
+
- A service cannot be deployed, rolled back, or tested without synchronized changes in another boundary.
|
|
124
|
+
- Dependency graphs contain cycles with no explicit ownership decision.
|
|
113
125
|
- The design shows only the happy path.
|
|
114
126
|
- Retries lack timeout, backoff, jitter, max attempts, idempotency, or failure ownership.
|
|
115
127
|
- A queue has no dead-letter, retention, replay, ordering, or backlog policy.
|
|
@@ -117,6 +129,8 @@ Reject or revise the design when:
|
|
|
117
129
|
- Events are imperative commands instead of past-tense facts.
|
|
118
130
|
- Event schemas lack version, event ID, occurred time, publisher, and correlation or causation identifiers.
|
|
119
131
|
- Tenant, permission, audit, or data-retention boundaries are added after the fact.
|
|
132
|
+
- Health checks only prove process liveness, graceful shutdown is untested, or old and new versions cannot run together.
|
|
133
|
+
- Backup, restore, DR, least privilege, config rollback, cost, or toil claims have no proof path.
|
|
120
134
|
- Architecture choice is justified by tooling fashion instead of ownership, failure, scale, compliance, or team autonomy.
|
|
121
135
|
- Manual operations can mutate critical state without audit, approval, and reversal or reconciliation path.
|
|
122
136
|
|
|
@@ -126,7 +140,7 @@ Reject or revise the design when:
|
|
|
126
140
|
- Data ownership and source-of-truth boundaries are explicit.
|
|
127
141
|
- Boundary split is justified by change reason, ownership, scale, compliance, failure isolation, or team autonomy.
|
|
128
142
|
- Failure handling, idempotency, retry, queue, cache, event, and observability contracts are defined or explicitly deferred.
|
|
129
|
-
- Tenant, authorization, deletion, retention, migration, deployment, and operational recovery risks are checked or reported.
|
|
143
|
+
- Tenant, authorization, deletion, retention, migration, deployment, graceful shutdown, health checks, version compatibility, restore, DR, cost, toil, and operational recovery risks are checked or reported.
|
|
130
144
|
- Decision records explain why this boundary was chosen, what alternatives were rejected, and when to revisit.
|
|
131
145
|
|
|
132
146
|
<!-- mustflow-section: verification -->
|
|
@@ -160,7 +174,7 @@ Use broader configured checks when the boundary change affects templates, public
|
|
|
160
174
|
- Boundary checked
|
|
161
175
|
- Data owners and source-of-truth notes
|
|
162
176
|
- Failure, idempotency, queue, cache, and event notes
|
|
163
|
-
-
|
|
177
|
+
- Co-change, independent deploy, dependency, data ownership, sync-call, saturation, noisy-neighbor, tenant, auth, retention, observability, deployment, health, shutdown, version compatibility, restore, DR, cost, toil, and operations notes
|
|
164
178
|
- Files changed
|
|
165
179
|
- Command intents run
|
|
166
180
|
- Skipped checks and reasons
|
package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md
CHANGED
|
@@ -121,6 +121,10 @@ resources are saturated, and what evidence keeps a faster path trustworthy?"
|
|
|
121
121
|
shard tail, and idle-worker time.
|
|
122
122
|
- Report p50 and p95 per test or file when available. Average-only timing hides the last slow
|
|
123
123
|
shard, and the last slow shard decides CI wall time.
|
|
124
|
+
- When the command contract exposes `test_related_profile`, run it before policy changes that
|
|
125
|
+
depend on local verification timing. Then read the retained evidence with
|
|
126
|
+
`mf script-pack run test/performance-report summarize --json` before changing scheduling,
|
|
127
|
+
caching, timeout, worker, fixture, or selected-test behavior.
|
|
124
128
|
2. Classify the bottleneck.
|
|
125
129
|
- Discovery bottleneck: full tree scans, broad classpath scans, fixtures and generated files in
|
|
126
130
|
search paths, or missing precomputed test manifests.
|
|
@@ -282,6 +286,11 @@ Use the narrowest configured test, build, docs, release, or mustflow intent that
|
|
|
282
286
|
test-suite behavior. If the repository exposes a profiling or cached-test intent, use it only when
|
|
283
287
|
the command contract marks it configured, oneshot, and agent-allowed.
|
|
284
288
|
|
|
289
|
+
When a profiling intent has run, prefer the read-only `test/performance-report` script-pack as the
|
|
290
|
+
first report surface. Its `next_actions` field should guide whether the next safe step is collecting
|
|
291
|
+
profile evidence, resolving previous failures, inspecting slow intents or phases, reviewing timeout
|
|
292
|
+
pressure, or investigating selected-test fallback behavior.
|
|
293
|
+
|
|
285
294
|
<!-- mustflow-section: failure-handling -->
|
|
286
295
|
## Failure Handling
|
|
287
296
|
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
mustflow_doc: skill.typescript-code-change
|
|
3
3
|
locale: en
|
|
4
4
|
canonical: true
|
|
5
|
-
revision:
|
|
5
|
+
revision: 6
|
|
6
6
|
lifecycle: mustflow-owned
|
|
7
7
|
authority: procedure
|
|
8
8
|
name: typescript-code-change
|
|
@@ -95,18 +95,22 @@ Preserve TypeScript's type, runtime validation, module, build, and public API bo
|
|
|
95
95
|
15. In TypeScript source that targets native Node ESM, write relative imports using the emitted runtime specifier, usually `.js`, such as `import { createApp } from "./app.js"` from `app.ts`. Do not write extensionless relative imports or `.ts` runtime specifiers unless a declared loader, bundler, or runtime explicitly owns that behavior.
|
|
96
96
|
16. Use `moduleResolution: "Bundler"` only when a bundler such as Vite, esbuild, Rollup, or a framework build system owns final module resolution. Do not use bundler resolution to model code that Node will execute directly without that bundler.
|
|
97
97
|
17. If ESM/CJS behavior changes, verify package `type`, `main`, `module`, `browser`, `exports`, condition order, extension rules, generated JS, and generated declaration files together.
|
|
98
|
-
18.
|
|
99
|
-
19.
|
|
100
|
-
20.
|
|
101
|
-
21.
|
|
98
|
+
18. For `tsconfig` updates, make defaults explicit when they affect emitted shape, ambient types, or module semantics. Check `rootDir`, `include`, `exclude`, `types`, `lib`, `target`, `module`, `moduleResolution`, `verbatimModuleSyntax`, `noUncheckedSideEffectImports`, declaration output, and framework wrapper defaults together instead of relying on a compiler-major default.
|
|
99
|
+
19. Treat `types` as an ambient-global allowlist. Add only the runtime or test environment globals the project actually uses, such as Node, Bun, DOM, Vitest, Jest, or Playwright. Do not restore broad ambient discovery just to hide missing imports or environment drift.
|
|
100
|
+
20. Use import attributes, subpath imports, and deferred module evaluation only when the runtime, bundler, and compiler track all support the exact syntax. `import defer` is a side-effect and startup-order choice, not a generic lazy-loading trick; use it only for namespace imports whose module evaluation can safely wait until first export access.
|
|
101
|
+
21. Use `using` or `await using` only when the target runtime or transform path supports explicit resource management and the object really owns a disposable resource. Do not replace visible `try/finally`, context-manager, or framework cleanup contracts with `using` if the surrounding lifecycle, error propagation, or generated JS cannot be verified.
|
|
102
|
+
22. Inspect generated declarations when package surfaces change. Declaration files must not leak source-only aliases, private paths, workspace-only package names, unpublished internal paths, or accidental public re-exports.
|
|
103
|
+
23. For TypeScript 6 migration work, treat deprecation warnings as future TypeScript 7 removal risk. `ignoreDeprecations` is a temporary compatibility valve, not proof that the project is ready for 7.0. Prefer removing deprecated options and updating resolver or module choices to match the project runtime.
|
|
104
|
+
24. Treat TypeScript 6 `--stableTypeOrdering` as a migration comparison tool for declaration and error-order differences, not as a permanent performance-neutral default. If it changes errors or declaration output, look for inference or declaration-stability issues instead of snapshotting noise.
|
|
105
|
+
25. For TypeScript 7 migration work, keep the tracks separate:
|
|
102
106
|
- TS6 stable API track: `@typescript/typescript6` and `tsc6` for compiler API, transformer, ESLint, framework wrapper, and peer-dependency compatibility.
|
|
103
107
|
- TS7 RC compiler track: `typescript@rc` and `tsc` for RC compiler verification.
|
|
104
108
|
- TS7 nightly track: `@typescript/native-preview` and `tsgo` for nightly diagnostics only.
|
|
105
109
|
- Future TS7 stable track: stable `typescript` once upstream publishes TypeScript 7 on the normal stable path.
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
+
26. Keep compiler API consumers, language-service plugins, custom transformers, and framework typecheck wrappers on the TS6 API track until their owners explicitly support the TS7 API surface. Treat TS7 RC `tsc` as compiler verification, not proof that JavaScript compiler API consumers can migrate.
|
|
111
|
+
27. When comparing TS6 `tsc6`, TS7 RC `tsc`, and optional TS7 nightly `tsgo`, classify differences before editing code: real type error, declaration emit order or printback noise, unsupported option, unsupported API, watch or incremental behavior gap, language-service gap, generated-output drift, or framework wrapper mismatch.
|
|
112
|
+
28. Do not treat faster TS7 RC or nightly results as sufficient verification. Keep the repository's existing `tsc`, `tsc6`, or framework typecheck as the compatibility baseline until repository policy explicitly adopts a different compiler track.
|
|
113
|
+
29. Choose the narrowest configured verification intents that cover typecheck, lint, tests, build output, declarations, package contract risk, and downstream-style consumer risk.
|
|
110
114
|
|
|
111
115
|
<!-- mustflow-section: assertion-policy -->
|
|
112
116
|
## Assertion Policy
|
|
@@ -154,6 +158,7 @@ Reject or revise the patch when any of these appear without explicit evidence an
|
|
|
154
158
|
- Validator schemas and exported types are duplicated without a single source of truth.
|
|
155
159
|
- Generated declarations expose source-only aliases, internal module paths, workspace-only packages, or accidental barrel exports.
|
|
156
160
|
- Package entry metadata changes without checking runtime entry, type entry, declaration output, and supported resolver modes.
|
|
161
|
+
- `tsconfig` defaults, ambient `types`, import attributes, `import defer`, or explicit resource management syntax are adopted without runtime, bundler, compiler-track, and generated-output evidence.
|
|
157
162
|
- `skipLibCheck` or weakened strictness is used as release validation for a library/package.
|
|
158
163
|
- TypeScript 6-to-7 migration warnings are silenced instead of classified and either fixed or reported.
|
|
159
164
|
- TS7 RC or nightly output differences are accepted as harmless without classification.
|