mustflow 2.85.4 → 2.99.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/dist/cli/commands/script-pack.js +10 -0
  2. package/dist/cli/i18n/en.js +183 -0
  3. package/dist/cli/i18n/es.js +183 -0
  4. package/dist/cli/i18n/fr.js +183 -0
  5. package/dist/cli/i18n/hi.js +183 -0
  6. package/dist/cli/i18n/ko.js +183 -0
  7. package/dist/cli/i18n/zh.js +183 -0
  8. package/dist/cli/lib/script-pack-registry.js +284 -1
  9. package/dist/cli/script-packs/code-change-impact.js +6 -0
  10. package/dist/cli/script-packs/code-import-cycle.js +193 -0
  11. package/dist/cli/script-packs/docs-link-integrity.js +145 -0
  12. package/dist/cli/script-packs/repo-approval-gate.js +100 -0
  13. package/dist/cli/script-packs/repo-git-ignore-audit.js +119 -0
  14. package/dist/cli/script-packs/repo-manifest-lock-drift.js +122 -0
  15. package/dist/cli/script-packs/repo-merge-conflict-scan.js +123 -0
  16. package/dist/cli/script-packs/repo-skill-route-audit.js +86 -0
  17. package/dist/cli/script-packs/repo-version-source.js +92 -0
  18. package/dist/cli/script-packs/test-performance-report.js +247 -0
  19. package/dist/cli/script-packs/test-regression-selector.js +167 -0
  20. package/dist/core/change-impact.js +23 -51
  21. package/dist/core/change-surface-classification.js +198 -0
  22. package/dist/core/docs-link-integrity.js +443 -0
  23. package/dist/core/import-cycle.js +152 -0
  24. package/dist/core/public-json-contracts.js +116 -0
  25. package/dist/core/repo-approval-gate.js +116 -0
  26. package/dist/core/repo-git-ignore-audit.js +302 -0
  27. package/dist/core/repo-manifest-lock-drift.js +321 -0
  28. package/dist/core/repo-merge-conflict-scan.js +335 -0
  29. package/dist/core/repo-version-source.js +82 -0
  30. package/dist/core/script-pack-suggestions.js +77 -1
  31. package/dist/core/skill-route-audit.js +354 -0
  32. package/dist/core/test-performance-report.js +697 -0
  33. package/dist/core/test-regression-selector.js +335 -0
  34. package/package.json +1 -1
  35. package/schemas/README.md +40 -2
  36. package/schemas/change-impact-report.schema.json +35 -1
  37. package/schemas/import-cycle-report.schema.json +157 -0
  38. package/schemas/link-integrity-report.schema.json +176 -0
  39. package/schemas/repo-approval-gate-report.schema.json +115 -0
  40. package/schemas/repo-git-ignore-audit-report.schema.json +201 -0
  41. package/schemas/repo-manifest-lock-drift-report.schema.json +202 -0
  42. package/schemas/repo-merge-conflict-scan-report.schema.json +169 -0
  43. package/schemas/repo-version-source-report.schema.json +127 -0
  44. package/schemas/skill-route-audit-report.schema.json +144 -0
  45. package/schemas/test-performance-report.schema.json +319 -0
  46. package/schemas/test-regression-selector-report.schema.json +187 -0
  47. package/templates/default/i18n.toml +66 -18
  48. package/templates/default/locales/en/.mustflow/skills/INDEX.md +45 -8
  49. package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +48 -27
  50. package/templates/default/locales/en/.mustflow/skills/api-failure-triage/SKILL.md +270 -0
  51. package/templates/default/locales/en/.mustflow/skills/auth-flow-triage/SKILL.md +192 -0
  52. package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +59 -13
  53. package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +14 -5
  54. package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +30 -15
  55. package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +45 -32
  56. package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +200 -0
  57. package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +87 -13
  58. package/templates/default/locales/en/.mustflow/skills/docker-runtime-triage/SKILL.md +191 -0
  59. package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +18 -13
  60. package/templates/default/locales/en/.mustflow/skills/line-ending-hygiene/SKILL.md +18 -10
  61. package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +4 -1
  62. package/templates/default/locales/en/.mustflow/skills/motion-system-contract-review/SKILL.md +155 -0
  63. package/templates/default/locales/en/.mustflow/skills/next-action-menu/SKILL.md +177 -0
  64. package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +15 -7
  65. package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +59 -35
  66. package/templates/default/locales/en/.mustflow/skills/powershell-code-change/SKILL.md +16 -6
  67. package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +4 -1
  68. package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +19 -10
  69. package/templates/default/locales/en/.mustflow/skills/rag-pipeline-triage/SKILL.md +206 -0
  70. package/templates/default/locales/en/.mustflow/skills/routes.toml +54 -0
  71. package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +10 -4
  72. package/templates/default/locales/en/.mustflow/skills/search-index-integrity-review/SKILL.md +181 -0
  73. package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +37 -23
  74. package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +9 -0
  75. package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +14 -9
  76. package/templates/default/locales/en/.mustflow/skills/vector-search-integrity-review/SKILL.md +209 -0
  77. package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +16 -14
  78. package/templates/default/manifest.toml +64 -1
@@ -0,0 +1,209 @@
1
+ ---
2
+ mustflow_doc: skill.vector-search-integrity-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 2
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: vector-search-integrity-review
9
+ description: Apply this skill when vector search, semantic search, RAG retrieval mechanics, embeddings, vector databases, ANN indexes, exact versus approximate search, filters, metadata payloads, namespaces, tenants, named vectors, hybrid search, reranking, recall, latency, quantization, HNSW, IVF, pgvector, Qdrant, Milvus, Weaviate, OpenSearch kNN, or retrieval golden-set behavior is created, changed, reviewed, or failing. Use rag-pipeline-triage first when a RAG failure is not yet localized to retrieval versus parsing, context assembly, prompt, generation, citation, or answerability.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.vector-search-integrity-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # Vector Search Integrity Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Review vector and semantic search as a retrieval contract, not as "the vector database is good or
33
+ bad."
34
+
35
+ The core question is whether ingestion, embedding, storage, exact search, approximate search,
36
+ filters, reranking, and latency evidence all agree for the same query contract.
37
+
38
+ <!-- mustflow-section: use-when -->
39
+ ## Use When
40
+
41
+ - Code creates or changes embedding generation, preprocessing, chunking, vector schema, collection
42
+ names, namespaces, tenants, named vectors, metadata payloads, filters, search parameters, ANN
43
+ indexes, hybrid search, reranking, retrieval metrics, RAG context selection, or vector DB clients.
44
+ - Search is missing documents, returning wrong results, returning empty filtered results, duplicating
45
+ chunks, leaking tenants, becoming slow, changing quality after model or index changes, or behaving
46
+ differently across replicas.
47
+ - A review needs recall, MRR, golden-set, exact-versus-ANN, filter, metadata index, quantization,
48
+ compaction, shard, consistency, reranker, or embedding-model-version evidence.
49
+
50
+ <!-- mustflow-section: do-not-use-when -->
51
+ ## Do Not Use When
52
+
53
+ - The task is only generic database schema or query performance with no vector, embedding, semantic
54
+ retrieval, or RAG boundary; use the database or performance skill.
55
+ - The task is only LLM answer grounding after retrieval is already proven; use
56
+ `llm-hallucination-control-review`.
57
+ - The task is an end-to-end RAG failure and it is not yet clear whether ingestion, retrieval,
58
+ context assembly, prompt construction, generation, citation validation, or answerability failed;
59
+ use `rag-pipeline-triage` first.
60
+ - The task is only API transport or SDK failure before search boundaries are known; use
61
+ `api-failure-triage`.
62
+ - The task asks for live production vector dumps containing sensitive text, embeddings, customer
63
+ documents, or private prompts. Use redacted hashes, ids, dimensions, norms, and aggregate metrics.
64
+
65
+ <!-- mustflow-section: required-inputs -->
66
+ ## Required Inputs
67
+
68
+ - Retrieval symptom classification: ingestion missing, write not visible, wrong results, empty
69
+ results, low recall, tenant leak, duplicate chunks, stale deletes, slow search, reranker drift, or
70
+ generated answer drift.
71
+ - Query contract ledger: query text or safe fixture id, embedding model and revision, preprocessing
72
+ version, vector dimension, vector norm, metric, collection, namespace, tenant, named vector,
73
+ filters, `top_k`, candidate count, consistency level, ANN parameters, hybrid weights, and reranker
74
+ settings.
75
+ - Ingestion ledger: source id, chunk id, deterministic vector id, embedding version, payload shape,
76
+ write count, unique id count, direct lookup count, indexed count, deleted or tombstoned count, and
77
+ visibility lag.
78
+ - Quality ledger: golden queries, expected ids, acceptable alternatives, exact-search result,
79
+ ANN result, recall at k, MRR, empty rate, duplicate rate, filtered result count, and before/after
80
+ comparison.
81
+ - Performance ledger: cold versus warm latency, p50, p95, p99, queue wait, DB search time, reranker
82
+ time, payload size, filter selectivity, shard distribution, compaction or indexing work, memory,
83
+ disk, and retry behavior.
84
+ - Privacy ledger: raw text, vectors, prompts, document ids, tenant ids, provider payloads, and
85
+ whether evidence can be safely stored as ids, hashes, summaries, or aggregate metrics.
86
+
87
+ <!-- mustflow-section: preconditions -->
88
+ ## Preconditions
89
+
90
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
91
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked.
92
+ - Raw embeddings, raw document text, prompts, and tenant-identifying payloads are not copied into
93
+ docs, tests, commits, or reports unless they are safe synthetic fixtures.
94
+
95
+ <!-- mustflow-section: allowed-edits -->
96
+ ## Allowed Edits
97
+
98
+ - Add or tighten embedding versioning, preprocessing versioning, vector validation, deterministic
99
+ IDs, namespace or tenant selection, metadata indexes, filter construction, exact-search checks,
100
+ ANN parameters, reranker candidate counts, golden-set tests, metrics, docs, fixtures, and
101
+ retrieval contract tests.
102
+ - Add focused synthetic fixtures that encode expected retrieval behavior, filtered retrieval,
103
+ tenant separation, duplicate handling, and exact-versus-ANN comparison.
104
+ - Do not change embedding models, rebuild large indexes, tune ANN parameters, disable filters, widen
105
+ tenants, bypass authorization, or dump production vectors without explicit scope and evidence.
106
+
107
+ <!-- mustflow-section: procedure -->
108
+ ## Procedure
109
+
110
+ 1. Classify the symptom first: ingestion missing, write-not-visible, wrong result, empty result,
111
+ stale delete, duplicate chunks, tenant leak, slow search, reranker drift, or answer generation.
112
+ 2. Build the query contract ledger before tuning. Include model revision, preprocessing, dimension,
113
+ norm, metric, collection, namespace, named vector, filters, `top_k`, ANN parameters, hybrid
114
+ weights, reranker settings, and consistency level.
115
+ 3. Validate vector shape at ingestion and query time. Reject wrong dimension, NaN, infinities,
116
+ all-zero vectors, extreme norms, and model or preprocessing version mismatches.
117
+ 4. Keep embedding model identity exact. Model name alone is not enough; include revision, tokenizer,
118
+ pooling, prefix policy, max length, HTML cleanup, chunking, and normalization.
119
+ 5. Compare exact search with approximate search on the same query and filter. If exact search is
120
+ wrong, stop tuning ANN and inspect embeddings, preprocessing, metric, payload, and expectations.
121
+ 6. Compare filter-free search, filter-only count, filtered exact search, and filtered ANN search.
122
+ Empty filtered results often mean filter construction, metadata typing, payload indexing, or
123
+ post-filter candidate loss rather than bad embeddings.
124
+ 7. Confirm collection, namespace, tenant, alias, and named vector. Directly inspect the problem id
125
+ or safe synthetic id in the same search surface the app uses.
126
+ 8. Check deterministic upsert ids. Source id, chunk index, tenant, and embedding version should not
127
+ accidentally duplicate chunks or overwrite all chunks with one id.
128
+ 9. Separate write success from search visibility. Check direct lookup, exact search, ANN search,
129
+ indexed count, consistency, segment state, and visibility lag.
130
+ 10. Check deletes and updates. Deletion marks, tombstones, compaction, vacuum, stale segments, and
131
+ old chunks can keep appearing after API success.
132
+ 11. Review metric and normalization. Cosine, dot product, and L2 are different contracts unless
133
+ the vectors are intentionally normalized and the index operator matches.
134
+ 12. Tune ANN only after the exact and filter contracts are correct. Evaluate recall and p95 latency
135
+ across parameter sweeps instead of changing one value blindly.
136
+ 13. Treat build-time index parameters as recall ceilings. If search-time parameters cannot recover
137
+ recall, the index may need rebuild policy, not a larger query knob.
138
+ 14. Review quantization and rescoring. Compare full-precision exact results with compressed-index
139
+ candidates and confirm enough candidates reach full-precision reranking.
140
+ 15. For hybrid search, store dense score, sparse or keyword score, normalized score, fusion method,
141
+ and final score. Do not add incompatible raw scores directly without a deliberate combiner.
142
+ 16. For reranking, record pre-rerank and post-rerank ids and ranks. If the right document never
143
+ enters the candidate set, the reranker cannot recover it.
144
+ 17. Avoid deep ANN pagination as a product contract. Use cursor, filters, grouping, or ordinary
145
+ sorted indexes for deep browsing instead of pretending vector search has cheap random offsets.
146
+ 18. Split cold and warm latency, server search time and client wait, vector DB time and reranker
147
+ time, and single-query latency from concurrent load.
148
+ 19. Inspect shard, replica, segment, compaction, flush, indexing, memory, disk, and cache state when
149
+ p99 or intermittent quality varies across nodes.
150
+ 20. Add a golden-set gate when the project has a test surface. Include easy, hard, filtered,
151
+ tenant-scoped, rare-name, synonym, short-query, long-query, and sparse-data cases.
152
+
153
+ <!-- mustflow-section: postconditions -->
154
+ ## Postconditions
155
+
156
+ - The retrieval symptom, query contract, ingestion contract, quality ledger, performance ledger, and
157
+ privacy boundary are explicit.
158
+ - Exact search, ANN, filters, metadata, namespaces, tenants, named vectors, IDs, deletes, metric,
159
+ normalization, quantization, hybrid search, reranking, shards, consistency, and latency are fixed
160
+ or reported where relevant.
161
+ - Search quality claims are backed by golden-set, exact-versus-ANN, configured-test, static review,
162
+ or manual-only evidence.
163
+
164
+ <!-- mustflow-section: verification -->
165
+ ## Verification
166
+
167
+ Use configured oneshot command intents when available:
168
+
169
+ - `changes_status`
170
+ - `changes_diff_summary`
171
+ - `lint`
172
+ - `build`
173
+ - `test_related`
174
+ - `test`
175
+ - `docs_validate_fast`
176
+ - `test_release`
177
+ - `mustflow_check`
178
+
179
+ Prefer the narrowest configured tests that cover retrieval contract, tenant isolation, filters,
180
+ golden-set metrics, deterministic ids, and docs or template surfaces. Report missing vector DB,
181
+ embedding provider, exact-search, ANN recall, reranker, load, or production-index evidence instead
182
+ of inventing live diagnostics.
183
+
184
+ <!-- mustflow-section: failure-handling -->
185
+ ## Failure Handling
186
+
187
+ - If the query contract cannot be reconstructed, report the missing fields before changing model,
188
+ filter, or ANN settings.
189
+ - If evidence contains raw text, embeddings, prompts, personal data, or tenant-identifying data,
190
+ redact to ids, hashes, dimensions, norms, and aggregate metrics.
191
+ - If the fix requires model replacement, re-embedding, index rebuild, production data dump, or live
192
+ vector DB access outside the command contract, report the manual boundary.
193
+ - If configured verification fails, preserve the failing intent and output tail, then fix only the
194
+ localized retrieval contract or test expectation.
195
+
196
+ <!-- mustflow-section: output-format -->
197
+ ## Output Format
198
+
199
+ - Vector search integrity reviewed
200
+ - Retrieval symptom, query contract, ingestion ledger, quality ledger, performance ledger, and
201
+ privacy boundary
202
+ - Exact versus ANN, filter, metadata, namespace, tenant, id, delete, metric, normalization,
203
+ quantization, hybrid, reranker, shard, consistency, and latency findings
204
+ - Fix applied or recommended
205
+ - Evidence level: golden-set evidence, configured-test evidence, static review risk, manual-only,
206
+ missing, or not applicable
207
+ - Command intents run
208
+ - Skipped vector diagnostics and reasons
209
+ - Remaining vector search risk
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skill.version-freshness-check
3
3
  locale: en
4
4
  canonical: true
5
- revision: 7
5
+ revision: 8
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: version-freshness-check
@@ -34,7 +34,7 @@ Prevent agents from writing stale external version references from memory, while
34
34
 
35
35
  - Generated or edited files introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, toolchain versions, setup actions, scaffold commands, install commands, or migration examples.
36
36
  - CI workflows, release workflows, Dockerfiles, package metadata, lockfiles, runtime files, framework configuration, README examples, docs, tests, fixtures, or templates mention external versions such as GitHub Actions refs, Node, Bun, Deno, Python, Rust, Tauri, Astro, Next, SvelteKit, Electron, Docker images, package managers, SDKs, plugins, or generators.
37
- - Python wording mentions current/stable/support status, Python 3.14+ standard-library APIs, runtime flags, changed default behavior, security defaults, or examples that depend on `requires-python`.
37
+ - Python wording mentions current/stable/support status, Python 3.14+ or 3.15+ syntax, standard-library APIs, runtime flags, changed default behavior, security defaults, or examples that depend on `requires-python`.
38
38
  - TypeScript wording mentions current/stable/RC/nightly status for TypeScript 6, TypeScript 7, `@typescript/typescript6`, `tsc6`, `typescript@rc`, `@typescript/native-preview`, `tsgo`, compiler API compatibility, or migration readiness.
39
39
  - Go wording mentions current/stable/support status, Go release numbers, `go.mod` language version behavior, `toolchain` behavior, standard-library APIs, `GOEXPERIMENT`, runtime defaults, container behavior, JSON experiments, or examples that depend on a specific Go version.
40
40
  - Rust wording mentions current/stable/support status, Rust release numbers, `rust-version`, edition behavior, `rust-toolchain`, Cargo resolver or workspace behavior, standard-library APIs, compiler lints, target behavior, release profiles, or examples that depend on a specific Rust version.
@@ -94,19 +94,20 @@ Prevent agents from writing stale external version references from memory, while
94
94
  10. For patch, security-minimum, and low-risk minor differences, update only when the declaration, examples, lockfile policy, and verification surface can stay aligned. Otherwise report the proposed change and leave the pinned value unchanged.
95
95
  11. For GitHub Actions and CI tools, review the action source, major tag policy, runtime support, cache behavior, permissions, and organization pinning rule. Do not assume a newer major is safe only because it exists.
96
96
  12. For framework and runtime majors such as Astro, Tauri, Electron, Next, SvelteKit, Node, Bun, Deno, Python, Rust, or Java, check migration notes, config schema, plugin and adapter compatibility, generated files, security model, deployment target, and rollback path before recommending a major change.
97
- 13. For Python standard-library or runtime-behavior claims, refresh official Python documentation before writing durable wording. Check `requires-python`, CI/runtime matrices, and container images before using or recommending version-gated features such as Python 3.14+ `map(strict=True)`, `functools.Placeholder`, `heapq` max-heap helpers, import-timing flag behavior, or changed security defaults.
97
+ 13. For Python standard-library or runtime-behavior claims, refresh official Python documentation before writing durable wording. Check `requires-python`, CI/runtime matrices, and container images before using or recommending Python 3.14+ standard-library APIs or version-gated features such as template string literals, `annotationlib`, Python 3.14+ `map(strict=True)`, `functools.Placeholder`, `heapq` max-heap helpers, import-timing flag behavior, `finally` flow-control warnings, or changed security defaults.
98
98
  14. For Python examples that use newer standard-library APIs, either keep the example behind an explicit runtime floor or provide a supported fallback. Do not call a Python 3.14-only API a general Python best practice when the repository declares lower support.
99
- 15. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat TS6 stable API track (`@typescript/typescript6`, `tsc6`), TS7 RC compiler track (`typescript@rc`, `tsc`), TS7 nightly track (`@typescript/native-preview`, `tsgo`), and future TS7 stable `typescript` behavior as distinct tracks. Do not call RC or nightly output "latest stable TypeScript" just because it is newer.
100
- 16. For TypeScript examples, make the selected track explicit: TS6 API compatibility, TS7 RC compiler verification, TS7 nightly comparison, editor preview, or repository adoption. If the project has compiler API consumers, transformers, framework wrappers, or declaration snapshots, classify the reference as migration-sensitive and keep API consumers on the TS6 API track until support is explicit.
101
- 17. For Go release, toolchain, standard-library, runtime, or experiment claims, refresh official Go release notes or package documentation before writing durable wording. Check the repository's `go` directive, `toolchain` directive, CI/runtime matrix, and container target before using or recommending version-gated features such as expression operands to `new`, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `ReverseProxy.Rewrite`, container-aware `GOMAXPROCS`, goroutine leak profiles, `encoding/json/v2`, or `GOEXPERIMENT` APIs.
102
- 18. For Go examples that use newer standard-library APIs or runtime defaults, either keep the example behind an explicit Go version floor or provide a supported fallback. Do not call an experimental `GOEXPERIMENT` feature or a newer `go` directive behavior a general Go best practice when the repository declares lower support.
103
- 19. For Rust release, toolchain, standard-library, Cargo, edition, lint, target, or MSRV claims, refresh official Rust release notes, standard-library docs, the Cargo Book, Rust Reference, or rustc book before writing durable wording. Check `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, docs.rs metadata, and crate publish policy before using or recommending version-gated features such as let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `resolver = "2"`, Rust 2024 `unsafe_op_in_unsafe_fn`, or release-profile defaults.
104
- 20. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback. Use an API-by-API MSRV ledger for features such as `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`; do not collapse them into a single "latest Rust" bucket, and do not treat nightly-only behavior or target-specific linker behavior as stable without explicit evidence.
105
- 21. For HTTP standards, browser APIs, proxy defaults, CDN defaults, and transport support claims, prefer official RFCs, standards bodies, MDN or browser vendor docs, and vendor-owned proxy/CDN documentation. Keep WebTransport, compression dictionary transport, zstd content coding, SSE/EventSource, HTTP/2, HTTP/3, QUIC, and proxy-buffering claims track-specific and dated when support is changing.
106
- 22. For HTTP delivery examples that depend on newer or unevenly supported behavior, require feature detection, fallback behavior, or explicit deployment constraints. Do not present WebTransport, dictionary compression, or zstd negotiation as a universal default when the project still needs browsers, proxies, CDNs, or networks that may not support it.
107
- 23. For Docker images, decide whether the project prefers semver tags, distro tags, LTS tags, date tags, or digests. Do not replace a digest or pinned base image with a floating tag unless the repository policy says so.
108
- 24. Synchronize every accepted version decision across package metadata, lockfiles when intentionally updated, CI, Docker, runtime files, docs, examples, templates, tests, and release notes.
109
- 25. Run the narrowest configured verification that covers the changed versioned surface. Use broader verification for major, migration-required, runtime, framework, generated-output, package-publish, Docker, CI, TypeScript compiler-track, Go toolchain or runtime support, Rust toolchain or MSRV support, HTTP delivery compatibility, or security-sensitive changes.
99
+ 15. For Python 3.15+ claims, keep beta, release-candidate, and stable tracks separate. Refresh official docs before using explicit lazy imports, built-in `frozendict`, built-in `sentinel`, unpacking comprehensions, typed `TypedDict` extra items, startup configuration files, or changed encoding behavior in durable examples.
100
+ 16. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat TS6 stable API track (`@typescript/typescript6`, `tsc6`), TS7 RC compiler track (`typescript@rc`, `tsc`), TS7 nightly track (`@typescript/native-preview`, `tsgo`), and future TS7 stable `typescript` behavior as distinct tracks. Do not call RC or nightly output "latest stable TypeScript" just because it is newer.
101
+ 17. For TypeScript examples, make the selected track explicit: TS6 API compatibility, TS7 RC compiler verification, TS7 nightly comparison, editor preview, or repository adoption. If the project has compiler API consumers, transformers, framework wrappers, or declaration snapshots, classify the reference as migration-sensitive and keep API consumers on the TS6 API track until support is explicit. Check exact support before relying on `rootDir` defaults, ambient `types` defaults, import attributes, subpath imports, `import defer`, `using`, or `await using`.
102
+ 18. For Go release, toolchain, standard-library, runtime, or experiment claims, refresh official Go release notes or package documentation before writing durable wording. Check the repository's `go` directive, `toolchain` directive, CI/runtime matrix, and container target before using or recommending version-gated features such as expression operands to `new`, range-over-function iterators, generic type aliases, reflect iterator methods, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `T.ArtifactDir`, `B.ArtifactDir`, `F.ArtifactDir`, `testing/cryptotest.SetGlobalRandom`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `ReverseProxy.Rewrite`, container-aware `GOMAXPROCS`, goroutine leak profiles, `encoding/json/v2`, or `GOEXPERIMENT` APIs.
103
+ 19. For Go examples that use newer standard-library APIs or runtime defaults, either keep the example behind an explicit Go version floor or provide a supported fallback. Do not call an experimental `GOEXPERIMENT` feature or a newer `go` directive behavior a general Go best practice when the repository declares lower support.
104
+ 20. For Rust release, toolchain, standard-library, Cargo, edition, lint, target, or MSRV claims, refresh official Rust release notes, standard-library docs, the Cargo Book, Rust Reference, or rustc book before writing durable wording. Check `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, docs.rs metadata, and crate publish policy before using or recommending version-gated features such as let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `resolver = "2"`, Rust 2024 `unsafe extern`, unsafe attributes, Rust 2024 `unsafe_op_in_unsafe_fn`, temporary drop-scope changes, macro fragment behavior, or release-profile defaults.
105
+ 21. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback. Use an API-by-API MSRV ledger for features such as `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`; do not collapse them into a single "latest Rust" bucket, and do not treat nightly-only behavior or target-specific linker behavior as stable without explicit evidence.
106
+ 22. For HTTP standards, browser APIs, proxy defaults, CDN defaults, and transport support claims, prefer official RFCs, standards bodies, MDN or browser vendor docs, and vendor-owned proxy/CDN documentation. Keep WebTransport, compression dictionary transport, zstd content coding, SSE/EventSource, HTTP/2, HTTP/3, QUIC, and proxy-buffering claims track-specific and dated when support is changing.
107
+ 23. For HTTP delivery examples that depend on newer or unevenly supported behavior, require feature detection, fallback behavior, or explicit deployment constraints. Do not present WebTransport, dictionary compression, or zstd negotiation as a universal default when the project still needs browsers, proxies, CDNs, or networks that may not support it.
108
+ 24. For Docker images, decide whether the project prefers semver tags, distro tags, LTS tags, date tags, or digests. Do not replace a digest or pinned base image with a floating tag unless the repository policy says so.
109
+ 25. Synchronize every accepted version decision across package metadata, lockfiles when intentionally updated, CI, Docker, runtime files, docs, examples, templates, tests, and release notes.
110
+ 26. Run the narrowest configured verification that covers the changed versioned surface. Use broader verification for major, migration-required, runtime, framework, generated-output, package-publish, Docker, CI, TypeScript compiler-track, Go toolchain or runtime support, Rust toolchain or MSRV support, HTTP delivery compatibility, or security-sensitive changes.
110
111
 
111
112
  <!-- mustflow-section: postconditions -->
112
113
  ## Postconditions
@@ -116,6 +117,7 @@ Prevent agents from writing stale external version references from memory, while
116
117
  - Repository-pinned versions are preserved unless the task, policy, and compatibility classification support changing them.
117
118
  - Major or migration-required changes are either explicitly approved, deferred with a recommendation, or left unchanged with the risk reported.
118
119
  - Python standard-library examples and runtime-default claims match the declared Python support matrix or name the required runtime floor.
120
+ - Python template strings, annotation inspection, explicit lazy imports, immutable mappings, sentinels, and advanced `TypedDict` shape claims are either official-source checked or omitted.
119
121
  - TypeScript 6 stable API, TypeScript 7 RC compiler, TypeScript 7 nightly, and future stable TypeScript tracks are not collapsed into one generic "latest TypeScript" claim.
120
122
  - Go release, `go.mod` language version, standard-library API, runtime-default, and `GOEXPERIMENT` claims match the declared Go support matrix or name the required runtime floor.
121
123
  - Rust release, `rust-version`, edition, standard-library API, Cargo resolver, lint-default, target, and nightly/stable claims match the declared Rust support matrix or name the required API-specific runtime floor.
@@ -1,6 +1,6 @@
1
1
  id = "default"
2
2
  name = "default"
3
- version = "2.85.4"
3
+ version = "2.99.0"
4
4
  description = "Minimal workflow for LLM agents to read, edit, and verify their work in a repository."
5
5
  common_root = "common"
6
6
  locales_root = "locales"
@@ -38,11 +38,16 @@ creates = [
38
38
  ".mustflow/skills/desktop-memory-footprint-review/SKILL.md",
39
39
  ".mustflow/skills/hot-path-performance-review/SKILL.md",
40
40
  ".mustflow/skills/api-request-performance-review/SKILL.md",
41
+ ".mustflow/skills/api-failure-triage/SKILL.md",
42
+ ".mustflow/skills/ci-pipeline-triage/SKILL.md",
43
+ ".mustflow/skills/auth-flow-triage/SKILL.md",
44
+ ".mustflow/skills/docker-runtime-triage/SKILL.md",
41
45
  ".mustflow/skills/web-render-performance-review/SKILL.md",
42
46
  ".mustflow/skills/core-web-vitals-field-review/SKILL.md",
43
47
  ".mustflow/skills/image-delivery-performance-review/SKILL.md",
44
48
  ".mustflow/skills/client-bundle-pruning-review/SKILL.md",
45
49
  ".mustflow/skills/frame-render-performance-review/SKILL.md",
50
+ ".mustflow/skills/motion-system-contract-review/SKILL.md",
46
51
  ".mustflow/skills/app-startup-performance-review/SKILL.md",
47
52
  ".mustflow/skills/desktop-background-process-stability-review/SKILL.md",
48
53
  ".mustflow/skills/desktop-auto-update-safety-review/SKILL.md",
@@ -73,6 +78,7 @@ creates = [
73
78
  ".mustflow/skills/heuristic-candidate-selection/SKILL.md",
74
79
  ".mustflow/skills/clarifying-question-gate/SKILL.md",
75
80
  ".mustflow/skills/completion-evidence-gate/SKILL.md",
81
+ ".mustflow/skills/next-action-menu/SKILL.md",
76
82
  ".mustflow/skills/evidence-stall-breaker/SKILL.md",
77
83
  ".mustflow/skills/command-intent-mapping-gate/SKILL.md",
78
84
  ".mustflow/skills/astro-code-change/SKILL.md",
@@ -116,6 +122,9 @@ creates = [
116
122
  ".mustflow/skills/database-lock-contention-review/SKILL.md",
117
123
  ".mustflow/skills/sqlite-code-change/SKILL.md",
118
124
  ".mustflow/skills/postgresql-code-change/SKILL.md",
125
+ ".mustflow/skills/search-index-integrity-review/SKILL.md",
126
+ ".mustflow/skills/vector-search-integrity-review/SKILL.md",
127
+ ".mustflow/skills/rag-pipeline-triage/SKILL.md",
119
128
  ".mustflow/skills/dependency-injection/SKILL.md",
120
129
  ".mustflow/skills/dependency-reality-check/SKILL.md",
121
130
  ".mustflow/skills/dependency-upgrade-review/SKILL.md",
@@ -233,11 +242,16 @@ minimal = [
233
242
  "desktop-memory-footprint-review",
234
243
  "hot-path-performance-review",
235
244
  "api-request-performance-review",
245
+ "api-failure-triage",
246
+ "ci-pipeline-triage",
247
+ "auth-flow-triage",
248
+ "docker-runtime-triage",
236
249
  "web-render-performance-review",
237
250
  "core-web-vitals-field-review",
238
251
  "image-delivery-performance-review",
239
252
  "client-bundle-pruning-review",
240
253
  "frame-render-performance-review",
254
+ "motion-system-contract-review",
241
255
  "app-startup-performance-review",
242
256
  "desktop-background-process-stability-review",
243
257
  "desktop-auto-update-safety-review",
@@ -268,6 +282,7 @@ minimal = [
268
282
  "heuristic-candidate-selection",
269
283
  "clarifying-question-gate",
270
284
  "completion-evidence-gate",
285
+ "next-action-menu",
271
286
  "evidence-stall-breaker",
272
287
  "astro-code-change",
273
288
  "bun-code-change",
@@ -305,6 +320,9 @@ minimal = [
305
320
  "database-lock-contention-review",
306
321
  "sqlite-code-change",
307
322
  "postgresql-code-change",
323
+ "search-index-integrity-review",
324
+ "vector-search-integrity-review",
325
+ "rag-pipeline-triage",
308
326
  "dependency-reality-check",
309
327
  "dependency-upgrade-review",
310
328
  "version-freshness-check",
@@ -367,11 +385,16 @@ patterns = [
367
385
  "desktop-memory-footprint-review",
368
386
  "hot-path-performance-review",
369
387
  "api-request-performance-review",
388
+ "api-failure-triage",
389
+ "ci-pipeline-triage",
390
+ "auth-flow-triage",
391
+ "docker-runtime-triage",
370
392
  "web-render-performance-review",
371
393
  "core-web-vitals-field-review",
372
394
  "image-delivery-performance-review",
373
395
  "client-bundle-pruning-review",
374
396
  "frame-render-performance-review",
397
+ "motion-system-contract-review",
375
398
  "app-startup-performance-review",
376
399
  "desktop-background-process-stability-review",
377
400
  "desktop-auto-update-safety-review",
@@ -402,6 +425,7 @@ patterns = [
402
425
  "heuristic-candidate-selection",
403
426
  "clarifying-question-gate",
404
427
  "completion-evidence-gate",
428
+ "next-action-menu",
405
429
  "evidence-stall-breaker",
406
430
  "astro-code-change",
407
431
  "bun-code-change",
@@ -441,6 +465,9 @@ patterns = [
441
465
  "database-lock-contention-review",
442
466
  "sqlite-code-change",
443
467
  "postgresql-code-change",
468
+ "search-index-integrity-review",
469
+ "vector-search-integrity-review",
470
+ "rag-pipeline-triage",
444
471
  "dependency-injection",
445
472
  "dependency-reality-check",
446
473
  "dependency-upgrade-review",
@@ -512,11 +539,16 @@ oss = [
512
539
  "desktop-memory-footprint-review",
513
540
  "hot-path-performance-review",
514
541
  "api-request-performance-review",
542
+ "api-failure-triage",
543
+ "ci-pipeline-triage",
544
+ "auth-flow-triage",
545
+ "docker-runtime-triage",
515
546
  "web-render-performance-review",
516
547
  "core-web-vitals-field-review",
517
548
  "image-delivery-performance-review",
518
549
  "client-bundle-pruning-review",
519
550
  "frame-render-performance-review",
551
+ "motion-system-contract-review",
520
552
  "app-startup-performance-review",
521
553
  "desktop-background-process-stability-review",
522
554
  "desktop-auto-update-safety-review",
@@ -547,6 +579,7 @@ oss = [
547
579
  "heuristic-candidate-selection",
548
580
  "clarifying-question-gate",
549
581
  "completion-evidence-gate",
582
+ "next-action-menu",
550
583
  "evidence-stall-breaker",
551
584
  "astro-code-change",
552
585
  "bun-code-change",
@@ -588,6 +621,9 @@ oss = [
588
621
  "database-lock-contention-review",
589
622
  "sqlite-code-change",
590
623
  "postgresql-code-change",
624
+ "search-index-integrity-review",
625
+ "vector-search-integrity-review",
626
+ "rag-pipeline-triage",
591
627
  "dependency-injection",
592
628
  "dependency-reality-check",
593
629
  "dependency-upgrade-review",
@@ -673,11 +709,16 @@ team = [
673
709
  "desktop-memory-footprint-review",
674
710
  "hot-path-performance-review",
675
711
  "api-request-performance-review",
712
+ "api-failure-triage",
713
+ "ci-pipeline-triage",
714
+ "auth-flow-triage",
715
+ "docker-runtime-triage",
676
716
  "web-render-performance-review",
677
717
  "core-web-vitals-field-review",
678
718
  "image-delivery-performance-review",
679
719
  "client-bundle-pruning-review",
680
720
  "frame-render-performance-review",
721
+ "motion-system-contract-review",
681
722
  "app-startup-performance-review",
682
723
  "desktop-background-process-stability-review",
683
724
  "desktop-auto-update-safety-review",
@@ -708,6 +749,7 @@ team = [
708
749
  "heuristic-candidate-selection",
709
750
  "clarifying-question-gate",
710
751
  "completion-evidence-gate",
752
+ "next-action-menu",
711
753
  "evidence-stall-breaker",
712
754
  "astro-code-change",
713
755
  "bun-code-change",
@@ -748,6 +790,9 @@ team = [
748
790
  "database-lock-contention-review",
749
791
  "sqlite-code-change",
750
792
  "postgresql-code-change",
793
+ "search-index-integrity-review",
794
+ "vector-search-integrity-review",
795
+ "rag-pipeline-triage",
751
796
  "dependency-injection",
752
797
  "dependency-reality-check",
753
798
  "dependency-upgrade-review",
@@ -819,11 +864,16 @@ product = [
819
864
  "desktop-memory-footprint-review",
820
865
  "hot-path-performance-review",
821
866
  "api-request-performance-review",
867
+ "api-failure-triage",
868
+ "ci-pipeline-triage",
869
+ "auth-flow-triage",
870
+ "docker-runtime-triage",
822
871
  "web-render-performance-review",
823
872
  "core-web-vitals-field-review",
824
873
  "image-delivery-performance-review",
825
874
  "client-bundle-pruning-review",
826
875
  "frame-render-performance-review",
876
+ "motion-system-contract-review",
827
877
  "app-startup-performance-review",
828
878
  "desktop-background-process-stability-review",
829
879
  "desktop-auto-update-safety-review",
@@ -854,6 +904,7 @@ product = [
854
904
  "heuristic-candidate-selection",
855
905
  "clarifying-question-gate",
856
906
  "completion-evidence-gate",
907
+ "next-action-menu",
857
908
  "evidence-stall-breaker",
858
909
  "astro-code-change",
859
910
  "bun-code-change",
@@ -893,6 +944,9 @@ product = [
893
944
  "database-lock-contention-review",
894
945
  "sqlite-code-change",
895
946
  "postgresql-code-change",
947
+ "search-index-integrity-review",
948
+ "vector-search-integrity-review",
949
+ "rag-pipeline-triage",
896
950
  "dependency-injection",
897
951
  "dependency-reality-check",
898
952
  "dependency-upgrade-review",
@@ -971,11 +1025,16 @@ library = [
971
1025
  "desktop-memory-footprint-review",
972
1026
  "hot-path-performance-review",
973
1027
  "api-request-performance-review",
1028
+ "api-failure-triage",
1029
+ "ci-pipeline-triage",
1030
+ "auth-flow-triage",
1031
+ "docker-runtime-triage",
974
1032
  "web-render-performance-review",
975
1033
  "core-web-vitals-field-review",
976
1034
  "image-delivery-performance-review",
977
1035
  "client-bundle-pruning-review",
978
1036
  "frame-render-performance-review",
1037
+ "motion-system-contract-review",
979
1038
  "app-startup-performance-review",
980
1039
  "desktop-background-process-stability-review",
981
1040
  "desktop-auto-update-safety-review",
@@ -1006,6 +1065,7 @@ library = [
1006
1065
  "heuristic-candidate-selection",
1007
1066
  "clarifying-question-gate",
1008
1067
  "completion-evidence-gate",
1068
+ "next-action-menu",
1009
1069
  "evidence-stall-breaker",
1010
1070
  "astro-code-change",
1011
1071
  "bun-code-change",
@@ -1047,6 +1107,9 @@ library = [
1047
1107
  "database-lock-contention-review",
1048
1108
  "sqlite-code-change",
1049
1109
  "postgresql-code-change",
1110
+ "search-index-integrity-review",
1111
+ "vector-search-integrity-review",
1112
+ "rag-pipeline-triage",
1050
1113
  "dependency-injection",
1051
1114
  "dependency-reality-check",
1052
1115
  "dependency-upgrade-review",