mustflow 2.85.4 → 2.99.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/cli/commands/script-pack.js +10 -0
  2. package/dist/cli/i18n/en.js +183 -0
  3. package/dist/cli/i18n/es.js +183 -0
  4. package/dist/cli/i18n/fr.js +183 -0
  5. package/dist/cli/i18n/hi.js +183 -0
  6. package/dist/cli/i18n/ko.js +183 -0
  7. package/dist/cli/i18n/zh.js +183 -0
  8. package/dist/cli/lib/script-pack-registry.js +284 -1
  9. package/dist/cli/script-packs/code-change-impact.js +6 -0
  10. package/dist/cli/script-packs/code-import-cycle.js +193 -0
  11. package/dist/cli/script-packs/docs-link-integrity.js +145 -0
  12. package/dist/cli/script-packs/repo-approval-gate.js +100 -0
  13. package/dist/cli/script-packs/repo-git-ignore-audit.js +119 -0
  14. package/dist/cli/script-packs/repo-manifest-lock-drift.js +122 -0
  15. package/dist/cli/script-packs/repo-merge-conflict-scan.js +123 -0
  16. package/dist/cli/script-packs/repo-skill-route-audit.js +86 -0
  17. package/dist/cli/script-packs/repo-version-source.js +92 -0
  18. package/dist/cli/script-packs/test-performance-report.js +247 -0
  19. package/dist/cli/script-packs/test-regression-selector.js +167 -0
  20. package/dist/core/change-impact.js +23 -51
  21. package/dist/core/change-surface-classification.js +198 -0
  22. package/dist/core/docs-link-integrity.js +443 -0
  23. package/dist/core/import-cycle.js +152 -0
  24. package/dist/core/public-json-contracts.js +116 -0
  25. package/dist/core/repo-approval-gate.js +116 -0
  26. package/dist/core/repo-git-ignore-audit.js +302 -0
  27. package/dist/core/repo-manifest-lock-drift.js +321 -0
  28. package/dist/core/repo-merge-conflict-scan.js +335 -0
  29. package/dist/core/repo-version-source.js +82 -0
  30. package/dist/core/script-pack-suggestions.js +77 -1
  31. package/dist/core/skill-route-audit.js +354 -0
  32. package/dist/core/test-performance-report.js +697 -0
  33. package/dist/core/test-regression-selector.js +335 -0
  34. package/package.json +1 -1
  35. package/schemas/README.md +40 -2
  36. package/schemas/change-impact-report.schema.json +35 -1
  37. package/schemas/import-cycle-report.schema.json +157 -0
  38. package/schemas/link-integrity-report.schema.json +176 -0
  39. package/schemas/repo-approval-gate-report.schema.json +115 -0
  40. package/schemas/repo-git-ignore-audit-report.schema.json +201 -0
  41. package/schemas/repo-manifest-lock-drift-report.schema.json +202 -0
  42. package/schemas/repo-merge-conflict-scan-report.schema.json +169 -0
  43. package/schemas/repo-version-source-report.schema.json +127 -0
  44. package/schemas/skill-route-audit-report.schema.json +144 -0
  45. package/schemas/test-performance-report.schema.json +319 -0
  46. package/schemas/test-regression-selector-report.schema.json +187 -0
  47. package/templates/default/i18n.toml +67 -19
  48. package/templates/default/locales/en/.mustflow/skills/INDEX.md +45 -8
  49. package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +48 -27
  50. package/templates/default/locales/en/.mustflow/skills/api-failure-triage/SKILL.md +270 -0
  51. package/templates/default/locales/en/.mustflow/skills/auth-flow-triage/SKILL.md +192 -0
  52. package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +59 -13
  53. package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +14 -5
  54. package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +30 -15
  55. package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +45 -32
  56. package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +200 -0
  57. package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +87 -13
  58. package/templates/default/locales/en/.mustflow/skills/docker-runtime-triage/SKILL.md +191 -0
  59. package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +18 -13
  60. package/templates/default/locales/en/.mustflow/skills/line-ending-hygiene/SKILL.md +18 -10
  61. package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +4 -1
  62. package/templates/default/locales/en/.mustflow/skills/motion-system-contract-review/SKILL.md +155 -0
  63. package/templates/default/locales/en/.mustflow/skills/multi-agent-work-coordination/SKILL.md +83 -16
  64. package/templates/default/locales/en/.mustflow/skills/next-action-menu/SKILL.md +177 -0
  65. package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +15 -7
  66. package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +59 -35
  67. package/templates/default/locales/en/.mustflow/skills/powershell-code-change/SKILL.md +16 -6
  68. package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +4 -1
  69. package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +19 -10
  70. package/templates/default/locales/en/.mustflow/skills/rag-pipeline-triage/SKILL.md +206 -0
  71. package/templates/default/locales/en/.mustflow/skills/routes.toml +54 -0
  72. package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +10 -4
  73. package/templates/default/locales/en/.mustflow/skills/search-index-integrity-review/SKILL.md +181 -0
  74. package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +37 -23
  75. package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +9 -0
  76. package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +14 -9
  77. package/templates/default/locales/en/.mustflow/skills/vector-search-integrity-review/SKILL.md +209 -0
  78. package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +16 -14
  79. package/templates/default/manifest.toml +64 -1
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.service-boundary-architecture
3
3
  locale: en
4
4
  canonical: true
5
- revision: 1
5
+ revision: 2
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: service-boundary-architecture
9
- description: Apply this skill when service boundaries, modular-monolith boundaries, data ownership, queue/event boundaries, multi-tenant isolation, failure flow, operational recovery, or large-scale architecture split decisions are designed, reviewed, or changed.
9
+ description: Apply this skill when service boundaries, modular-monolith boundaries, data ownership, queue/event boundaries, multi-tenant isolation, failure flow, independent deployment, operational recovery, disaster recovery, service split evidence, team ownership, cost, toil, or large-scale architecture split decisions are designed, reviewed, or changed.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -39,6 +39,7 @@ This skill protects against the common failure mode where a system is split by n
39
39
  - A task designs, reviews, documents, or changes service boundaries, modular-monolith boundaries, bounded contexts, team ownership, API ownership, event ownership, queue ownership, or data ownership.
40
40
  - A monolith is being prepared for future split, a microservice split is proposed, or a service/module boundary is causing deploy, data, incident, or team coordination pain.
41
41
  - The task touches cross-service transactions, outbox/inbox patterns, idempotency, retries, timeouts, caches, read models, search models, shared databases, operational tools, manual correction, observability, tenancy, hot keys, or failure recovery.
42
+ - A boundary claim needs proof from recent co-change history, independent deployability, dependency direction, database write ownership, synchronous call depth, queue backlog behavior, graceful shutdown, health probe correctness, version compatibility, restore or DR drills, least-privilege access, config blast radius, cost, toil, or team bottlenecks.
42
43
  - Architecture docs, decision records, onboarding docs, or skills need durable guidance for large-system design and operational readiness.
43
44
 
44
45
  <!-- mustflow-section: do-not-use-when -->
@@ -57,6 +58,7 @@ This skill protects against the common failure mode where a system is split by n
57
58
  - Data ownership map: which module or service is the source of truth for each core fact, identifier, status, ledger, permission, tenant record, event, and read projection.
58
59
  - Current or proposed communication paths: direct calls, APIs, events, queues, shared databases, shared caches, batch jobs, search indexes, analytics stores, files, and admin tools.
59
60
  - Failure flows: duplicate requests, partial success, timeout, retry, consumer crash, queue backlog, dead-letter handling, external provider uncertainty, reconciliation, and manual correction.
61
+ - Boundary proof ledger: last 3 months of PR co-change by repository, service, schema, deployment pipeline, and team; independent deploy test; dependency cycle map; table write ownership; synchronous call count; non-core dependency failure behavior; timeout and retry budget; queue oldest age; saturation curve; noisy-neighbor evidence; graceful shutdown; health probe split; old/new version compatibility; trace continuity; user-facing SLOs; local dev setup cost; ADR rationale; least-privilege access; config blast radius; restore and DR drill; cost per feature or customer; toil and approval bottlenecks.
60
62
  - Consistency expectations: strong consistency, eventual consistency, tolerated delay, stale reads, cache invalidation, read/write split, search delay, and deletion or retention rules.
61
63
  - Tenant, authorization, observability, deployment, migration, and operations requirements.
62
64
  - Configured verification intents and any existing architecture decision records or context files.
@@ -82,25 +84,32 @@ This skill protects against the common failure mode where a system is split by n
82
84
 
83
85
  1. Name the business capabilities and the facts each capability owns. For every core fact, identify exactly one source of truth and the owner responsible for correcting it.
84
86
  2. Split first by reason to change, not by noun. Keep code together when it changes together; split only when ownership, release cadence, scale, compliance, failure isolation, or team autonomy makes the boundary useful.
85
- 3. Prefer a modular monolith with hard internal boundaries when the team is still discovering the domain. Draw future split lines early, but do not pay distributed-system costs before the boundary pressure is real.
86
- 4. Reject shared database ownership. If another service or module needs data, choose an API, event, read projection, export, or explicitly owned query surface instead of direct table coupling.
87
- 5. Design failure flows before the happy path. Cover partial success, duplicated requests, timeout, unknown external outcome, consumer crash, queue backlog, dead-letter handling, replay, reconciliation, and manual recovery.
88
- 6. Require idempotency for commands that create, charge, reserve, approve, issue, grant, cancel, refund, redeem, or mutate durable state. Use stable request keys and return the previous result for duplicate keys.
89
- 7. Treat queues as storage and backpressure, not magic. Define retry policy, exponential backoff or jitter, max attempts, retention, dead-letter ownership, consumer scaling, ordering expectations, replay safety, and loss tolerance.
90
- 8. Every network call across the boundary needs a timeout, bounded retry policy, fallback or failure result, duplicate-safety story, and observability identifiers.
91
- 9. Treat caches as a consistency tradeoff. Declare which stale values are acceptable, max staleness, invalidation owner, tenant and permission visibility, and whether the cache is allowed to become authority.
92
- 10. Model authorization, tenant isolation, audit, and data visibility at the boundary. Tenant ID must travel through APIs, queues, caches, logs, files, reports, and admin tools when the system is multi-tenant.
93
- 11. For event-driven boundaries, use past-tense fact events such as `OrderCreated` or `PaymentApproved`. Do not disguise commands as events. Include event ID, version, occurred time, publisher, subject, causation or request ID, correlation or trace ID, and compatible schema evolution rules.
94
- 12. Separate transaction data from search, reporting, analytics, and screen-shaped read projections when their consistency, indexing, query, or retention needs diverge.
95
- 13. Define tolerated delay with numbers. Replace vague "real-time" claims with accepted latency or freshness windows such as seconds, minutes, or batch cadence.
96
- 14. Check hot keys and noisy neighbors. Define per-tenant, per-customer, per-room, per-campaign, or per-product limits, queue separation, worker pool separation, connection caps, and external API call caps when one key can dominate load.
97
- 15. Keep domain rules in the owning domain layer. Do not scatter refund windows, cancellation rules, entitlement checks, inventory reservations, or admin overrides across controllers, UI, workers, and jobs.
98
- 16. Plan migrations with expand, dual-write or compatibility, backfill, read switch, verification, and contract removal. Do not rename or remove shared fields in one deployment step.
99
- 17. Plan deletion and retention before data is created. Identify legal retention, anonymization, log masking, backup retention, search/read-model cleanup, and audit exceptions.
100
- 18. Make observability a product feature. Connect API, queue, worker, external provider, database, and admin operations with trace, request, correlation, causation, job, and tenant identifiers. Prefer p95, p99, error rate, queue age, backlog, dependency failure rate, and business success rate over averages.
101
- 19. Make deployment and rollback a boundary decision. Use feature flags, canaries, partial exposure, compatibility windows, and kill switches for risky boundary changes.
102
- 20. Provide operational tools for reality: reconcile external state, retry or quarantine failed messages, correct user/account/order state, revoke permissions, inspect provider responses, and undo manual changes with audit and approval when required.
103
- 21. Record the decision: selected boundary, rejected alternatives, reason, assumptions, failure modes, data owner, operational owner, verification, and revisit triggers.
87
+ 3. Prove whether the proposed boundary is real.
88
+ - Mine recent PRs or change records when available: count repositories, services, DB schemas, deployment pipelines, and teams touched by one small requirement.
89
+ - Try the independent-deploy thought experiment: if one boundary cannot ship without another service version, shared library, DB migration, frontend deploy, or meeting, it is not independent yet.
90
+ - Draw dependency direction and cycles. Cycles usually mean the responsibility and data boundary is wrong, not merely that imports need cleaning.
91
+ - Count how many synchronous services and stores must succeed for one user action. If the answer is "many, or humans fix the database," the consistency boundary may be split in the wrong place.
92
+ 4. Prefer a modular monolith with hard internal boundaries when the team is still discovering the domain. Draw future split lines early, but do not pay distributed-system costs before the boundary pressure is real.
93
+ 5. Reject shared database ownership. If another service or module needs data, choose an API, event, read projection, export, or explicitly owned query surface instead of direct table coupling. Table write ownership should be explicit for every core fact.
94
+ 6. Design failure flows before the happy path. Cover partial success, duplicated requests, timeout, unknown external outcome, consumer crash, queue backlog, dead-letter handling, replay, reconciliation, and manual recovery.
95
+ 7. Require idempotency for commands that create, charge, reserve, approve, issue, grant, cancel, refund, redeem, or mutate durable state. Use stable request keys and return the previous result for duplicate keys.
96
+ 8. Treat queues as storage and backpressure, not magic. Define retry policy, exponential backoff or jitter, max attempts, retention, dead-letter ownership, consumer scaling, ordering expectations, replay safety, loss tolerance, oldest-message age, and catch-up rate.
97
+ 9. Every network call across the boundary needs a timeout, bounded retry policy, fallback or failure result, duplicate-safety story, observability identifiers, and a request-level budget so retries do not multiply across layers.
98
+ 10. Treat caches as a consistency tradeoff. Declare which stale values are acceptable, max staleness, invalidation owner, tenant and permission visibility, and whether the cache is allowed to become authority.
99
+ 11. Model authorization, tenant isolation, audit, and data visibility at the boundary. Tenant ID must travel through APIs, queues, caches, logs, files, reports, and admin tools when the system is multi-tenant. Service accounts should have only the DB, queue, storage, and API permissions the boundary needs.
100
+ 12. For event-driven boundaries, use past-tense fact events such as `OrderCreated` or `PaymentApproved`. Do not disguise commands as events. Include event ID, version, occurred time, publisher, subject, causation or request ID, correlation or trace ID, and compatible schema evolution rules.
101
+ 13. Separate transaction data from search, reporting, analytics, and screen-shaped read projections when their consistency, indexing, query, or retention needs diverge.
102
+ 14. Define tolerated delay with numbers. Replace vague "real-time" claims with accepted latency or freshness windows such as seconds, minutes, or batch cadence.
103
+ 15. Check hot keys and noisy neighbors. Define per-tenant, per-customer, per-room, per-campaign, or per-product limits, queue separation, worker pool separation, connection caps, and external API call caps when one key can dominate load.
104
+ 16. Check saturation and graceful degradation. Drive load past normal capacity in a bounded test plan when available, and identify the first bottleneck: worker pool, DB pool, locks, thread pool, queue, disk, external quota, or cache stampede.
105
+ 17. Keep domain rules in the owning domain layer. Do not scatter refund windows, cancellation rules, entitlement checks, inventory reservations, or admin overrides across controllers, UI, workers, and jobs.
106
+ 18. Plan migrations with expand, dual-write or compatibility, backfill, read switch, verification, and contract removal. Do not rename or remove shared fields in one deployment step. Old and new versions should tolerate unknown fields, missing fields, old messages, and new schema during rollout.
107
+ 19. Plan deletion and retention before data is created. Identify legal retention, anonymization, log masking, backup retention, search/read-model cleanup, and audit exceptions.
108
+ 20. Make observability a product feature. Connect API, queue, worker, external provider, database, and admin operations with trace, request, correlation, causation, job, and tenant identifiers. Prefer p95, p99, error rate, queue age, backlog, dependency failure rate, and business success rate over averages.
109
+ 21. Make deployment, rollback, shutdown, and health checks boundary decisions. Use feature flags, canaries, partial exposure, compatibility windows, kill switches, readiness/liveness/startup separation, graceful drain, and rollback-forward plans for risky boundary changes.
110
+ 22. Provide operational tools for reality: reconcile external state, retry or quarantine failed messages, correct user/account/order state, revoke permissions, inspect provider responses, and undo manual changes with audit and approval when required.
111
+ 23. Prove recovery, cost, and toil. A backup is not a boundary guarantee until it is restored in a clean environment. DR, config rollback, secret or certificate recovery, per-feature cost, repeated manual work, and single-team or single-person approval bottlenecks should be measured or reported.
112
+ 24. Record the decision: selected boundary, rejected alternatives, reason, assumptions, failure modes, data owner, operational owner, verification, cost, toil, and revisit triggers.
104
113
 
105
114
  <!-- mustflow-section: review-rejection-criteria -->
106
115
  ## Review Rejection Criteria
@@ -110,6 +119,9 @@ Reject or revise the design when:
110
119
  - A service or module boundary has no named data owner.
111
120
  - Two owners write the same core fact without a conflict rule.
112
121
  - A service reads another service's tables or cache as normal behavior.
122
+ - A small requirement routinely changes many repositories, services, schemas, pipelines, or teams.
123
+ - A service cannot be deployed, rolled back, or tested without synchronized changes in another boundary.
124
+ - Dependency graphs contain cycles with no explicit ownership decision.
113
125
  - The design shows only the happy path.
114
126
  - Retries lack timeout, backoff, jitter, max attempts, idempotency, or failure ownership.
115
127
  - A queue has no dead-letter, retention, replay, ordering, or backlog policy.
@@ -117,6 +129,8 @@ Reject or revise the design when:
117
129
  - Events are imperative commands instead of past-tense facts.
118
130
  - Event schemas lack version, event ID, occurred time, publisher, and correlation or causation identifiers.
119
131
  - Tenant, permission, audit, or data-retention boundaries are added after the fact.
132
+ - Health checks only prove process liveness, graceful shutdown is untested, or old and new versions cannot run together.
133
+ - Backup, restore, DR, least privilege, config rollback, cost, or toil claims have no proof path.
120
134
  - Architecture choice is justified by tooling fashion instead of ownership, failure, scale, compliance, or team autonomy.
121
135
  - Manual operations can mutate critical state without audit, approval, and reversal or reconciliation path.
122
136
 
@@ -126,7 +140,7 @@ Reject or revise the design when:
126
140
  - Data ownership and source-of-truth boundaries are explicit.
127
141
  - Boundary split is justified by change reason, ownership, scale, compliance, failure isolation, or team autonomy.
128
142
  - Failure handling, idempotency, retry, queue, cache, event, and observability contracts are defined or explicitly deferred.
129
- - Tenant, authorization, deletion, retention, migration, deployment, and operational recovery risks are checked or reported.
143
+ - Tenant, authorization, deletion, retention, migration, deployment, graceful shutdown, health checks, version compatibility, restore, DR, cost, toil, and operational recovery risks are checked or reported.
130
144
  - Decision records explain why this boundary was chosen, what alternatives were rejected, and when to revisit.
131
145
 
132
146
  <!-- mustflow-section: verification -->
@@ -160,7 +174,7 @@ Use broader configured checks when the boundary change affects templates, public
160
174
  - Boundary checked
161
175
  - Data owners and source-of-truth notes
162
176
  - Failure, idempotency, queue, cache, and event notes
163
- - Tenant, auth, retention, observability, deployment, and operations notes
177
+ - Co-change, independent deploy, dependency, data ownership, sync-call, saturation, noisy-neighbor, tenant, auth, retention, observability, deployment, health, shutdown, version compatibility, restore, DR, cost, toil, and operations notes
164
178
  - Files changed
165
179
  - Command intents run
166
180
  - Skipped checks and reasons
@@ -121,6 +121,10 @@ resources are saturated, and what evidence keeps a faster path trustworthy?"
121
121
  shard tail, and idle-worker time.
122
122
  - Report p50 and p95 per test or file when available. Average-only timing hides the last slow
123
123
  shard, and the last slow shard decides CI wall time.
124
+ - When the command contract exposes `test_related_profile`, run it before policy changes that
125
+ depend on local verification timing. Then read the retained evidence with
126
+ `mf script-pack run test/performance-report summarize --json` before changing scheduling,
127
+ caching, timeout, worker, fixture, or selected-test behavior.
124
128
  2. Classify the bottleneck.
125
129
  - Discovery bottleneck: full tree scans, broad classpath scans, fixtures and generated files in
126
130
  search paths, or missing precomputed test manifests.
@@ -282,6 +286,11 @@ Use the narrowest configured test, build, docs, release, or mustflow intent that
282
286
  test-suite behavior. If the repository exposes a profiling or cached-test intent, use it only when
283
287
  the command contract marks it configured, oneshot, and agent-allowed.
284
288
 
289
+ When a profiling intent has run, prefer the read-only `test/performance-report` script-pack as the
290
+ first report surface. Its `next_actions` field should guide whether the next safe step is collecting
291
+ profile evidence, resolving previous failures, inspecting slow intents or phases, reviewing timeout
292
+ pressure, or investigating selected-test fallback behavior.
293
+
285
294
  <!-- mustflow-section: failure-handling -->
286
295
  ## Failure Handling
287
296
 
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skill.typescript-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 5
5
+ revision: 6
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: typescript-code-change
@@ -95,18 +95,22 @@ Preserve TypeScript's type, runtime validation, module, build, and public API bo
95
95
  15. In TypeScript source that targets native Node ESM, write relative imports using the emitted runtime specifier, usually `.js`, such as `import { createApp } from "./app.js"` from `app.ts`. Do not write extensionless relative imports or `.ts` runtime specifiers unless a declared loader, bundler, or runtime explicitly owns that behavior.
96
96
  16. Use `moduleResolution: "Bundler"` only when a bundler such as Vite, esbuild, Rollup, or a framework build system owns final module resolution. Do not use bundler resolution to model code that Node will execute directly without that bundler.
97
97
  17. If ESM/CJS behavior changes, verify package `type`, `main`, `module`, `browser`, `exports`, condition order, extension rules, generated JS, and generated declaration files together.
98
- 18. Inspect generated declarations when package surfaces change. Declaration files must not leak source-only aliases, private paths, workspace-only package names, unpublished internal paths, or accidental public re-exports.
99
- 19. For TypeScript 6 migration work, treat deprecation warnings as future TypeScript 7 removal risk. `ignoreDeprecations` is a temporary compatibility valve, not proof that the project is ready for 7.0. Prefer removing deprecated options and updating resolver or module choices to match the project runtime.
100
- 20. Treat TypeScript 6 `--stableTypeOrdering` as a migration comparison tool for declaration and error-order differences, not as a permanent performance-neutral default. If it changes errors or declaration output, look for inference or declaration-stability issues instead of snapshotting noise.
101
- 21. For TypeScript 7 migration work, keep the tracks separate:
98
+ 18. For `tsconfig` updates, make defaults explicit when they affect emitted shape, ambient types, or module semantics. Check `rootDir`, `include`, `exclude`, `types`, `lib`, `target`, `module`, `moduleResolution`, `verbatimModuleSyntax`, `noUncheckedSideEffectImports`, declaration output, and framework wrapper defaults together instead of relying on a compiler-major default.
99
+ 19. Treat `types` as an ambient-global allowlist. Add only the runtime or test environment globals the project actually uses, such as Node, Bun, DOM, Vitest, Jest, or Playwright. Do not restore broad ambient discovery just to hide missing imports or environment drift.
100
+ 20. Use import attributes, subpath imports, and deferred module evaluation only when the runtime, bundler, and compiler track all support the exact syntax. `import defer` is a side-effect and startup-order choice, not a generic lazy-loading trick; use it only for namespace imports whose module evaluation can safely wait until first export access.
101
+ 21. Use `using` or `await using` only when the target runtime or transform path supports explicit resource management and the object really owns a disposable resource. Do not replace visible `try/finally`, context-manager, or framework cleanup contracts with `using` if the surrounding lifecycle, error propagation, or generated JS cannot be verified.
102
+ 22. Inspect generated declarations when package surfaces change. Declaration files must not leak source-only aliases, private paths, workspace-only package names, unpublished internal paths, or accidental public re-exports.
103
+ 23. For TypeScript 6 migration work, treat deprecation warnings as future TypeScript 7 removal risk. `ignoreDeprecations` is a temporary compatibility valve, not proof that the project is ready for 7.0. Prefer removing deprecated options and updating resolver or module choices to match the project runtime.
104
+ 24. Treat TypeScript 6 `--stableTypeOrdering` as a migration comparison tool for declaration and error-order differences, not as a permanent performance-neutral default. If it changes errors or declaration output, look for inference or declaration-stability issues instead of snapshotting noise.
105
+ 25. For TypeScript 7 migration work, keep the tracks separate:
102
106
  - TS6 stable API track: `@typescript/typescript6` and `tsc6` for compiler API, transformer, ESLint, framework wrapper, and peer-dependency compatibility.
103
107
  - TS7 RC compiler track: `typescript@rc` and `tsc` for RC compiler verification.
104
108
  - TS7 nightly track: `@typescript/native-preview` and `tsgo` for nightly diagnostics only.
105
109
  - Future TS7 stable track: stable `typescript` once upstream publishes TypeScript 7 on the normal stable path.
106
- 22. Keep compiler API consumers, language-service plugins, custom transformers, and framework typecheck wrappers on the TS6 API track until their owners explicitly support the TS7 API surface. Treat TS7 RC `tsc` as compiler verification, not proof that JavaScript compiler API consumers can migrate.
107
- 23. When comparing TS6 `tsc6`, TS7 RC `tsc`, and optional TS7 nightly `tsgo`, classify differences before editing code: real type error, declaration emit order or printback noise, unsupported option, unsupported API, watch or incremental behavior gap, language-service gap, generated-output drift, or framework wrapper mismatch.
108
- 24. Do not treat faster TS7 RC or nightly results as sufficient verification. Keep the repository's existing `tsc`, `tsc6`, or framework typecheck as the compatibility baseline until repository policy explicitly adopts a different compiler track.
109
- 25. Choose the narrowest configured verification intents that cover typecheck, lint, tests, build output, declarations, package contract risk, and downstream-style consumer risk.
110
+ 26. Keep compiler API consumers, language-service plugins, custom transformers, and framework typecheck wrappers on the TS6 API track until their owners explicitly support the TS7 API surface. Treat TS7 RC `tsc` as compiler verification, not proof that JavaScript compiler API consumers can migrate.
111
+ 27. When comparing TS6 `tsc6`, TS7 RC `tsc`, and optional TS7 nightly `tsgo`, classify differences before editing code: real type error, declaration emit order or printback noise, unsupported option, unsupported API, watch or incremental behavior gap, language-service gap, generated-output drift, or framework wrapper mismatch.
112
+ 28. Do not treat faster TS7 RC or nightly results as sufficient verification. Keep the repository's existing `tsc`, `tsc6`, or framework typecheck as the compatibility baseline until repository policy explicitly adopts a different compiler track.
113
+ 29. Choose the narrowest configured verification intents that cover typecheck, lint, tests, build output, declarations, package contract risk, and downstream-style consumer risk.
110
114
 
111
115
  <!-- mustflow-section: assertion-policy -->
112
116
  ## Assertion Policy
@@ -154,6 +158,7 @@ Reject or revise the patch when any of these appear without explicit evidence an
154
158
  - Validator schemas and exported types are duplicated without a single source of truth.
155
159
  - Generated declarations expose source-only aliases, internal module paths, workspace-only packages, or accidental barrel exports.
156
160
  - Package entry metadata changes without checking runtime entry, type entry, declaration output, and supported resolver modes.
161
+ - `tsconfig` defaults, ambient `types`, import attributes, `import defer`, or explicit resource management syntax are adopted without runtime, bundler, compiler-track, and generated-output evidence.
157
162
  - `skipLibCheck` or weakened strictness is used as release validation for a library/package.
158
163
  - TypeScript 6-to-7 migration warnings are silenced instead of classified and either fixed or reported.
159
164
  - TS7 RC or nightly output differences are accepted as harmless without classification.
@@ -0,0 +1,209 @@
1
+ ---
2
+ mustflow_doc: skill.vector-search-integrity-review
3
+ locale: en
4
+ canonical: true
5
+ revision: 2
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: vector-search-integrity-review
9
+ description: Apply this skill when vector search, semantic search, RAG retrieval mechanics, embeddings, vector databases, ANN indexes, exact versus approximate search, filters, metadata payloads, namespaces, tenants, named vectors, hybrid search, reranking, recall, latency, quantization, HNSW, IVF, pgvector, Qdrant, Milvus, Weaviate, OpenSearch kNN, or retrieval golden-set behavior is created, changed, reviewed, or failing. Use rag-pipeline-triage first when a RAG failure is not yet localized to retrieval versus parsing, context assembly, prompt, generation, citation, or answerability.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.vector-search-integrity-review
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # Vector Search Integrity Review
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Review vector and semantic search as a retrieval contract, not as "the vector database is good or
33
+ bad."
34
+
35
+ The core question is whether ingestion, embedding, storage, exact search, approximate search,
36
+ filters, reranking, and latency evidence all agree for the same query contract.
37
+
38
+ <!-- mustflow-section: use-when -->
39
+ ## Use When
40
+
41
+ - Code creates or changes embedding generation, preprocessing, chunking, vector schema, collection
42
+ names, namespaces, tenants, named vectors, metadata payloads, filters, search parameters, ANN
43
+ indexes, hybrid search, reranking, retrieval metrics, RAG context selection, or vector DB clients.
44
+ - Search is missing documents, returning wrong results, returning empty filtered results, duplicating
45
+ chunks, leaking tenants, becoming slow, changing quality after model or index changes, or behaving
46
+ differently across replicas.
47
+ - A review needs recall, MRR, golden-set, exact-versus-ANN, filter, metadata index, quantization,
48
+ compaction, shard, consistency, reranker, or embedding-model-version evidence.
49
+
50
+ <!-- mustflow-section: do-not-use-when -->
51
+ ## Do Not Use When
52
+
53
+ - The task is only generic database schema or query performance with no vector, embedding, semantic
54
+ retrieval, or RAG boundary; use the database or performance skill.
55
+ - The task is only LLM answer grounding after retrieval is already proven; use
56
+ `llm-hallucination-control-review`.
57
+ - The task is an end-to-end RAG failure and it is not yet clear whether ingestion, retrieval,
58
+ context assembly, prompt construction, generation, citation validation, or answerability failed;
59
+ use `rag-pipeline-triage` first.
60
+ - The task is only API transport or SDK failure before search boundaries are known; use
61
+ `api-failure-triage`.
62
+ - The task asks for live production vector dumps containing sensitive text, embeddings, customer
63
+ documents, or private prompts. Use redacted hashes, ids, dimensions, norms, and aggregate metrics.
64
+
65
+ <!-- mustflow-section: required-inputs -->
66
+ ## Required Inputs
67
+
68
+ - Retrieval symptom classification: ingestion missing, write not visible, wrong results, empty
69
+ results, low recall, tenant leak, duplicate chunks, stale deletes, slow search, reranker drift, or
70
+ generated answer drift.
71
+ - Query contract ledger: query text or safe fixture id, embedding model and revision, preprocessing
72
+ version, vector dimension, vector norm, metric, collection, namespace, tenant, named vector,
73
+ filters, `top_k`, candidate count, consistency level, ANN parameters, hybrid weights, and reranker
74
+ settings.
75
+ - Ingestion ledger: source id, chunk id, deterministic vector id, embedding version, payload shape,
76
+ write count, unique id count, direct lookup count, indexed count, deleted or tombstoned count, and
77
+ visibility lag.
78
+ - Quality ledger: golden queries, expected ids, acceptable alternatives, exact-search result,
79
+ ANN result, recall at k, MRR, empty rate, duplicate rate, filtered result count, and before/after
80
+ comparison.
81
+ - Performance ledger: cold versus warm latency, p50, p95, p99, queue wait, DB search time, reranker
82
+ time, payload size, filter selectivity, shard distribution, compaction or indexing work, memory,
83
+ disk, and retry behavior.
84
+ - Privacy ledger: raw text, vectors, prompts, document ids, tenant ids, provider payloads, and
85
+ whether evidence can be safely stored as ids, hashes, summaries, or aggregate metrics.
86
+
87
+ <!-- mustflow-section: preconditions -->
88
+ ## Preconditions
89
+
90
+ - The task matches the Use When conditions and does not match the Do Not Use When exclusions.
91
+ - Higher-priority instructions and `.mustflow/config/commands.toml` have been checked.
92
+ - Raw embeddings, raw document text, prompts, and tenant-identifying payloads are not copied into
93
+ docs, tests, commits, or reports unless they are safe synthetic fixtures.
94
+
95
+ <!-- mustflow-section: allowed-edits -->
96
+ ## Allowed Edits
97
+
98
+ - Add or tighten embedding versioning, preprocessing versioning, vector validation, deterministic
99
+ IDs, namespace or tenant selection, metadata indexes, filter construction, exact-search checks,
100
+ ANN parameters, reranker candidate counts, golden-set tests, metrics, docs, fixtures, and
101
+ retrieval contract tests.
102
+ - Add focused synthetic fixtures that encode expected retrieval behavior, filtered retrieval,
103
+ tenant separation, duplicate handling, and exact-versus-ANN comparison.
104
+ - Do not change embedding models, rebuild large indexes, tune ANN parameters, disable filters, widen
105
+ tenants, bypass authorization, or dump production vectors without explicit scope and evidence.
106
+
107
+ <!-- mustflow-section: procedure -->
108
+ ## Procedure
109
+
110
+ 1. Classify the symptom first: ingestion missing, write-not-visible, wrong result, empty result,
111
+ stale delete, duplicate chunks, tenant leak, slow search, reranker drift, or answer generation.
112
+ 2. Build the query contract ledger before tuning. Include model revision, preprocessing, dimension,
113
+ norm, metric, collection, namespace, named vector, filters, `top_k`, ANN parameters, hybrid
114
+ weights, reranker settings, and consistency level.
115
+ 3. Validate vector shape at ingestion and query time. Reject wrong dimension, NaN, infinities,
116
+ all-zero vectors, extreme norms, and model or preprocessing version mismatches.
117
+ 4. Keep embedding model identity exact. Model name alone is not enough; include revision, tokenizer,
118
+ pooling, prefix policy, max length, HTML cleanup, chunking, and normalization.
119
+ 5. Compare exact search with approximate search on the same query and filter. If exact search is
120
+ wrong, stop tuning ANN and inspect embeddings, preprocessing, metric, payload, and expectations.
121
+ 6. Compare filter-free search, filter-only count, filtered exact search, and filtered ANN search.
122
+ Empty filtered results often mean filter construction, metadata typing, payload indexing, or
123
+ post-filter candidate loss rather than bad embeddings.
124
+ 7. Confirm collection, namespace, tenant, alias, and named vector. Directly inspect the problem id
125
+ or safe synthetic id in the same search surface the app uses.
126
+ 8. Check deterministic upsert ids. Source id, chunk index, tenant, and embedding version should not
127
+ accidentally duplicate chunks or overwrite all chunks with one id.
128
+ 9. Separate write success from search visibility. Check direct lookup, exact search, ANN search,
129
+ indexed count, consistency, segment state, and visibility lag.
130
+ 10. Check deletes and updates. Deletion marks, tombstones, compaction, vacuum, stale segments, and
131
+ old chunks can keep appearing after API success.
132
+ 11. Review metric and normalization. Cosine, dot product, and L2 are different contracts unless
133
+ the vectors are intentionally normalized and the index operator matches.
134
+ 12. Tune ANN only after the exact and filter contracts are correct. Evaluate recall and p95 latency
135
+ across parameter sweeps instead of changing one value blindly.
136
+ 13. Treat build-time index parameters as recall ceilings. If search-time parameters cannot recover
137
+ recall, the index may need rebuild policy, not a larger query knob.
138
+ 14. Review quantization and rescoring. Compare full-precision exact results with compressed-index
139
+ candidates and confirm enough candidates reach full-precision reranking.
140
+ 15. For hybrid search, store dense score, sparse or keyword score, normalized score, fusion method,
141
+ and final score. Do not add incompatible raw scores directly without a deliberate combiner.
142
+ 16. For reranking, record pre-rerank and post-rerank ids and ranks. If the right document never
143
+ enters the candidate set, the reranker cannot recover it.
144
+ 17. Avoid deep ANN pagination as a product contract. Use cursor, filters, grouping, or ordinary
145
+ sorted indexes for deep browsing instead of pretending vector search has cheap random offsets.
146
+ 18. Split cold and warm latency, server search time and client wait, vector DB time and reranker
147
+ time, and single-query latency from concurrent load.
148
+ 19. Inspect shard, replica, segment, compaction, flush, indexing, memory, disk, and cache state when
149
+ p99 or intermittent quality varies across nodes.
150
+ 20. Add a golden-set gate when the project has a test surface. Include easy, hard, filtered,
151
+ tenant-scoped, rare-name, synonym, short-query, long-query, and sparse-data cases.
152
+
153
+ <!-- mustflow-section: postconditions -->
154
+ ## Postconditions
155
+
156
+ - The retrieval symptom, query contract, ingestion contract, quality ledger, performance ledger, and
157
+ privacy boundary are explicit.
158
+ - Exact search, ANN, filters, metadata, namespaces, tenants, named vectors, IDs, deletes, metric,
159
+ normalization, quantization, hybrid search, reranking, shards, consistency, and latency are fixed
160
+ or reported where relevant.
161
+ - Search quality claims are backed by golden-set, exact-versus-ANN, configured-test, static review,
162
+ or manual-only evidence.
163
+
164
+ <!-- mustflow-section: verification -->
165
+ ## Verification
166
+
167
+ Use configured oneshot command intents when available:
168
+
169
+ - `changes_status`
170
+ - `changes_diff_summary`
171
+ - `lint`
172
+ - `build`
173
+ - `test_related`
174
+ - `test`
175
+ - `docs_validate_fast`
176
+ - `test_release`
177
+ - `mustflow_check`
178
+
179
+ Prefer the narrowest configured tests that cover retrieval contract, tenant isolation, filters,
180
+ golden-set metrics, deterministic ids, and docs or template surfaces. Report missing vector DB,
181
+ embedding provider, exact-search, ANN recall, reranker, load, or production-index evidence instead
182
+ of inventing live diagnostics.
183
+
184
+ <!-- mustflow-section: failure-handling -->
185
+ ## Failure Handling
186
+
187
+ - If the query contract cannot be reconstructed, report the missing fields before changing model,
188
+ filter, or ANN settings.
189
+ - If evidence contains raw text, embeddings, prompts, personal data, or tenant-identifying data,
190
+ redact to ids, hashes, dimensions, norms, and aggregate metrics.
191
+ - If the fix requires model replacement, re-embedding, index rebuild, production data dump, or live
192
+ vector DB access outside the command contract, report the manual boundary.
193
+ - If configured verification fails, preserve the failing intent and output tail, then fix only the
194
+ localized retrieval contract or test expectation.
195
+
196
+ <!-- mustflow-section: output-format -->
197
+ ## Output Format
198
+
199
+ - Vector search integrity reviewed
200
+ - Retrieval symptom, query contract, ingestion ledger, quality ledger, performance ledger, and
201
+ privacy boundary
202
+ - Exact versus ANN, filter, metadata, namespace, tenant, id, delete, metric, normalization,
203
+ quantization, hybrid, reranker, shard, consistency, and latency findings
204
+ - Fix applied or recommended
205
+ - Evidence level: golden-set evidence, configured-test evidence, static review risk, manual-only,
206
+ missing, or not applicable
207
+ - Command intents run
208
+ - Skipped vector diagnostics and reasons
209
+ - Remaining vector search risk
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skill.version-freshness-check
3
3
  locale: en
4
4
  canonical: true
5
- revision: 7
5
+ revision: 8
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: version-freshness-check
@@ -34,7 +34,7 @@ Prevent agents from writing stale external version references from memory, while
34
34
 
35
35
  - Generated or edited files introduce explicit external version references, action refs, package ranges, runtime versions, framework majors, Docker image tags, toolchain versions, setup actions, scaffold commands, install commands, or migration examples.
36
36
  - CI workflows, release workflows, Dockerfiles, package metadata, lockfiles, runtime files, framework configuration, README examples, docs, tests, fixtures, or templates mention external versions such as GitHub Actions refs, Node, Bun, Deno, Python, Rust, Tauri, Astro, Next, SvelteKit, Electron, Docker images, package managers, SDKs, plugins, or generators.
37
- - Python wording mentions current/stable/support status, Python 3.14+ standard-library APIs, runtime flags, changed default behavior, security defaults, or examples that depend on `requires-python`.
37
+ - Python wording mentions current/stable/support status, Python 3.14+ or 3.15+ syntax, standard-library APIs, runtime flags, changed default behavior, security defaults, or examples that depend on `requires-python`.
38
38
  - TypeScript wording mentions current/stable/RC/nightly status for TypeScript 6, TypeScript 7, `@typescript/typescript6`, `tsc6`, `typescript@rc`, `@typescript/native-preview`, `tsgo`, compiler API compatibility, or migration readiness.
39
39
  - Go wording mentions current/stable/support status, Go release numbers, `go.mod` language version behavior, `toolchain` behavior, standard-library APIs, `GOEXPERIMENT`, runtime defaults, container behavior, JSON experiments, or examples that depend on a specific Go version.
40
40
  - Rust wording mentions current/stable/support status, Rust release numbers, `rust-version`, edition behavior, `rust-toolchain`, Cargo resolver or workspace behavior, standard-library APIs, compiler lints, target behavior, release profiles, or examples that depend on a specific Rust version.
@@ -94,19 +94,20 @@ Prevent agents from writing stale external version references from memory, while
94
94
  10. For patch, security-minimum, and low-risk minor differences, update only when the declaration, examples, lockfile policy, and verification surface can stay aligned. Otherwise report the proposed change and leave the pinned value unchanged.
95
95
  11. For GitHub Actions and CI tools, review the action source, major tag policy, runtime support, cache behavior, permissions, and organization pinning rule. Do not assume a newer major is safe only because it exists.
96
96
  12. For framework and runtime majors such as Astro, Tauri, Electron, Next, SvelteKit, Node, Bun, Deno, Python, Rust, or Java, check migration notes, config schema, plugin and adapter compatibility, generated files, security model, deployment target, and rollback path before recommending a major change.
97
- 13. For Python standard-library or runtime-behavior claims, refresh official Python documentation before writing durable wording. Check `requires-python`, CI/runtime matrices, and container images before using or recommending version-gated features such as Python 3.14+ `map(strict=True)`, `functools.Placeholder`, `heapq` max-heap helpers, import-timing flag behavior, or changed security defaults.
97
+ 13. For Python standard-library or runtime-behavior claims, refresh official Python documentation before writing durable wording. Check `requires-python`, CI/runtime matrices, and container images before using or recommending Python 3.14+ standard-library APIs or version-gated features such as template string literals, `annotationlib`, Python 3.14+ `map(strict=True)`, `functools.Placeholder`, `heapq` max-heap helpers, import-timing flag behavior, `finally` flow-control warnings, or changed security defaults.
98
98
  14. For Python examples that use newer standard-library APIs, either keep the example behind an explicit runtime floor or provide a supported fallback. Do not call a Python 3.14-only API a general Python best practice when the repository declares lower support.
99
- 15. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat TS6 stable API track (`@typescript/typescript6`, `tsc6`), TS7 RC compiler track (`typescript@rc`, `tsc`), TS7 nightly track (`@typescript/native-preview`, `tsgo`), and future TS7 stable `typescript` behavior as distinct tracks. Do not call RC or nightly output "latest stable TypeScript" just because it is newer.
100
- 16. For TypeScript examples, make the selected track explicit: TS6 API compatibility, TS7 RC compiler verification, TS7 nightly comparison, editor preview, or repository adoption. If the project has compiler API consumers, transformers, framework wrappers, or declaration snapshots, classify the reference as migration-sensitive and keep API consumers on the TS6 API track until support is explicit.
101
- 17. For Go release, toolchain, standard-library, runtime, or experiment claims, refresh official Go release notes or package documentation before writing durable wording. Check the repository's `go` directive, `toolchain` directive, CI/runtime matrix, and container target before using or recommending version-gated features such as expression operands to `new`, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `ReverseProxy.Rewrite`, container-aware `GOMAXPROCS`, goroutine leak profiles, `encoding/json/v2`, or `GOEXPERIMENT` APIs.
102
- 18. For Go examples that use newer standard-library APIs or runtime defaults, either keep the example behind an explicit Go version floor or provide a supported fallback. Do not call an experimental `GOEXPERIMENT` feature or a newer `go` directive behavior a general Go best practice when the repository declares lower support.
103
- 19. For Rust release, toolchain, standard-library, Cargo, edition, lint, target, or MSRV claims, refresh official Rust release notes, standard-library docs, the Cargo Book, Rust Reference, or rustc book before writing durable wording. Check `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, docs.rs metadata, and crate publish policy before using or recommending version-gated features such as let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `resolver = "2"`, Rust 2024 `unsafe_op_in_unsafe_fn`, or release-profile defaults.
104
- 20. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback. Use an API-by-API MSRV ledger for features such as `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`; do not collapse them into a single "latest Rust" bucket, and do not treat nightly-only behavior or target-specific linker behavior as stable without explicit evidence.
105
- 21. For HTTP standards, browser APIs, proxy defaults, CDN defaults, and transport support claims, prefer official RFCs, standards bodies, MDN or browser vendor docs, and vendor-owned proxy/CDN documentation. Keep WebTransport, compression dictionary transport, zstd content coding, SSE/EventSource, HTTP/2, HTTP/3, QUIC, and proxy-buffering claims track-specific and dated when support is changing.
106
- 22. For HTTP delivery examples that depend on newer or unevenly supported behavior, require feature detection, fallback behavior, or explicit deployment constraints. Do not present WebTransport, dictionary compression, or zstd negotiation as a universal default when the project still needs browsers, proxies, CDNs, or networks that may not support it.
107
- 23. For Docker images, decide whether the project prefers semver tags, distro tags, LTS tags, date tags, or digests. Do not replace a digest or pinned base image with a floating tag unless the repository policy says so.
108
- 24. Synchronize every accepted version decision across package metadata, lockfiles when intentionally updated, CI, Docker, runtime files, docs, examples, templates, tests, and release notes.
109
- 25. Run the narrowest configured verification that covers the changed versioned surface. Use broader verification for major, migration-required, runtime, framework, generated-output, package-publish, Docker, CI, TypeScript compiler-track, Go toolchain or runtime support, Rust toolchain or MSRV support, HTTP delivery compatibility, or security-sensitive changes.
99
+ 15. For Python 3.15+ claims, keep beta, release-candidate, and stable tracks separate. Refresh official docs before using explicit lazy imports, built-in `frozendict`, built-in `sentinel`, unpacking comprehensions, typed `TypedDict` extra items, startup configuration files, or changed encoding behavior in durable examples.
100
+ 16. For TypeScript 6 and 7 claims, refresh official TypeScript sources before writing durable wording. Treat TS6 stable API track (`@typescript/typescript6`, `tsc6`), TS7 RC compiler track (`typescript@rc`, `tsc`), TS7 nightly track (`@typescript/native-preview`, `tsgo`), and future TS7 stable `typescript` behavior as distinct tracks. Do not call RC or nightly output "latest stable TypeScript" just because it is newer.
101
+ 17. For TypeScript examples, make the selected track explicit: TS6 API compatibility, TS7 RC compiler verification, TS7 nightly comparison, editor preview, or repository adoption. If the project has compiler API consumers, transformers, framework wrappers, or declaration snapshots, classify the reference as migration-sensitive and keep API consumers on the TS6 API track until support is explicit. Check exact support before relying on `rootDir` defaults, ambient `types` defaults, import attributes, subpath imports, `import defer`, `using`, or `await using`.
102
+ 18. For Go release, toolchain, standard-library, runtime, or experiment claims, refresh official Go release notes or package documentation before writing durable wording. Check the repository's `go` directive, `toolchain` directive, CI/runtime matrix, and container target before using or recommending version-gated features such as expression operands to `new`, range-over-function iterators, generic type aliases, reflect iterator methods, `errors.AsType`, `sync.WaitGroup.Go`, `testing/synctest`, `testing.B.Loop`, `T.ArtifactDir`, `B.ArtifactDir`, `F.ArtifactDir`, `testing/cryptotest.SetGlobalRandom`, `os.Root`, `os.OpenInRoot`, `omitzero`, `go.mod` `tool`, `ReverseProxy.Rewrite`, container-aware `GOMAXPROCS`, goroutine leak profiles, `encoding/json/v2`, or `GOEXPERIMENT` APIs.
103
+ 19. For Go examples that use newer standard-library APIs or runtime defaults, either keep the example behind an explicit Go version floor or provide a supported fallback. Do not call an experimental `GOEXPERIMENT` feature or a newer `go` directive behavior a general Go best practice when the repository declares lower support.
104
+ 20. For Rust release, toolchain, standard-library, Cargo, edition, lint, target, or MSRV claims, refresh official Rust release notes, standard-library docs, the Cargo Book, Rust Reference, or rustc book before writing durable wording. Check `rust-version`, edition, `rust-toolchain.toml`, CI toolchain matrix, target triples, docs.rs metadata, and crate publish policy before using or recommending version-gated features such as let chains, match `if let` guards, `cfg_select!`, `assert_matches!`, `core::range`, `Vec::push_mut`, `HashMap::get_disjoint_mut`, `Option::take_if`, `LazyLock`, `OnceLock`, `workspace.lints`, `resolver = "2"`, Rust 2024 `unsafe extern`, unsafe attributes, Rust 2024 `unsafe_op_in_unsafe_fn`, temporary drop-scope changes, macro fragment behavior, or release-profile defaults.
105
+ 21. For Rust examples that use newer language or standard-library APIs, either keep the example behind an explicit Rust version floor or provide a supported fallback. Use an API-by-API MSRV ledger for features such as `cfg_select!`, match `if let` guards, `core::range` items, `Vec::push_mut`, `assert_matches!`, and `debug_assert_matches!`; do not collapse them into a single "latest Rust" bucket, and do not treat nightly-only behavior or target-specific linker behavior as stable without explicit evidence.
106
+ 22. For HTTP standards, browser APIs, proxy defaults, CDN defaults, and transport support claims, prefer official RFCs, standards bodies, MDN or browser vendor docs, and vendor-owned proxy/CDN documentation. Keep WebTransport, compression dictionary transport, zstd content coding, SSE/EventSource, HTTP/2, HTTP/3, QUIC, and proxy-buffering claims track-specific and dated when support is changing.
107
+ 23. For HTTP delivery examples that depend on newer or unevenly supported behavior, require feature detection, fallback behavior, or explicit deployment constraints. Do not present WebTransport, dictionary compression, or zstd negotiation as a universal default when the project still needs browsers, proxies, CDNs, or networks that may not support it.
108
+ 24. For Docker images, decide whether the project prefers semver tags, distro tags, LTS tags, date tags, or digests. Do not replace a digest or pinned base image with a floating tag unless the repository policy says so.
109
+ 25. Synchronize every accepted version decision across package metadata, lockfiles when intentionally updated, CI, Docker, runtime files, docs, examples, templates, tests, and release notes.
110
+ 26. Run the narrowest configured verification that covers the changed versioned surface. Use broader verification for major, migration-required, runtime, framework, generated-output, package-publish, Docker, CI, TypeScript compiler-track, Go toolchain or runtime support, Rust toolchain or MSRV support, HTTP delivery compatibility, or security-sensitive changes.
110
111
 
111
112
  <!-- mustflow-section: postconditions -->
112
113
  ## Postconditions
@@ -116,6 +117,7 @@ Prevent agents from writing stale external version references from memory, while
116
117
  - Repository-pinned versions are preserved unless the task, policy, and compatibility classification support changing them.
117
118
  - Major or migration-required changes are either explicitly approved, deferred with a recommendation, or left unchanged with the risk reported.
118
119
  - Python standard-library examples and runtime-default claims match the declared Python support matrix or name the required runtime floor.
120
+ - Python template strings, annotation inspection, explicit lazy imports, immutable mappings, sentinels, and advanced `TypedDict` shape claims are either official-source checked or omitted.
119
121
  - TypeScript 6 stable API, TypeScript 7 RC compiler, TypeScript 7 nightly, and future stable TypeScript tracks are not collapsed into one generic "latest TypeScript" claim.
120
122
  - Go release, `go.mod` language version, standard-library API, runtime-default, and `GOEXPERIMENT` claims match the declared Go support matrix or name the required runtime floor.
121
123
  - Rust release, `rust-version`, edition, standard-library API, Cargo resolver, lint-default, target, and nightly/stable claims match the declared Rust support matrix or name the required API-specific runtime floor.