mustflow 2.99.1 → 2.103.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/dist/cli/commands/skill.js +76 -2
  2. package/dist/cli/lib/external-skill-import.js +391 -0
  3. package/dist/cli/lib/local-index/index.js +5 -1
  4. package/dist/core/public-json-contracts.js +16 -0
  5. package/dist/core/skill-route-resolution.js +54 -6
  6. package/package.json +1 -1
  7. package/schemas/README.md +3 -0
  8. package/schemas/skill-import-report.schema.json +97 -0
  9. package/templates/default/i18n.toml +44 -8
  10. package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +11 -1
  11. package/templates/default/locales/en/.mustflow/skills/INDEX.md +27 -2
  12. package/templates/default/locales/en/.mustflow/skills/c-code-change/SKILL.md +371 -0
  13. package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +53 -14
  14. package/templates/default/locales/en/.mustflow/skills/completion-evidence-gate/SKILL.md +15 -3
  15. package/templates/default/locales/en/.mustflow/skills/complex-decision-analysis/SKILL.md +236 -0
  16. package/templates/default/locales/en/.mustflow/skills/css-code-change/SKILL.md +74 -24
  17. package/templates/default/locales/en/.mustflow/skills/docs-prose-review/SKILL.md +36 -10
  18. package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +27 -3
  19. package/templates/default/locales/en/.mustflow/skills/html-code-change/SKILL.md +37 -21
  20. package/templates/default/locales/en/.mustflow/skills/react-code-change/SKILL.md +278 -0
  21. package/templates/default/locales/en/.mustflow/skills/routes.toml +30 -0
  22. package/templates/default/locales/en/.mustflow/skills/shell-code-change/SKILL.md +279 -0
  23. package/templates/default/locales/en/.mustflow/skills/structured-config-change/SKILL.md +170 -0
  24. package/templates/default/manifest.toml +32 -1
@@ -2,7 +2,7 @@
2
2
  mustflow_doc: skill.github-contribution-quality-gate
3
3
  locale: en
4
4
  canonical: true
5
- revision: 2
5
+ revision: 3
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: github-contribution-quality-gate
@@ -55,6 +55,9 @@ The goal is not polished prose. The goal is verified, scoped, actionable informa
55
55
  - Duplicate and context search evidence: searched terms, open and closed issues, open and closed pull requests, discussions when used by the repository, documentation, changelog, and related maintainer comments.
56
56
  - User evidence: reproduction steps, minimal example, logs, screenshots, recordings, changed files, local test output, failing command, environment, version, linked issue, or maintainer question being answered.
57
57
  - Draft structure evidence: proposed title, first-screen summary, section headings, Markdown tables, task lists, code blocks, details blocks, screenshots, links, review order, and unresolved questions.
58
+ - Pull request readiness evidence when relevant: whether the PR should be ready for review or draft,
59
+ whether the title follows repository style without agent/vendor prefixes, and whether any review
60
+ re-request is explicitly warranted.
58
61
  - Verification level: personally reproduced, partially reproduced, inferred from code, inferred from logs, not reproduced, not searched, or not verified.
59
62
  - Desired result: report a bug, propose a feature, submit a fix, ask for design approval, answer a maintainer, provide missing evidence, or close the loop.
60
63
 
@@ -97,13 +100,27 @@ The goal is not polished prose. The goal is verified, scoped, actionable informa
97
100
  - `same problem here` without new evidence is not new value.
98
101
  6. Plan the reading order before polishing prose.
99
102
  - Title should name the observed result for issues or the guaranteed behavior after a PR, not labels such as `[BUG]`, `fix`, `WIP`, or implementation chores.
103
+ - Do not add agent, assistant, vendor, or tool prefixes such as `[codex]`, `[AI]`, or `[bot]`
104
+ unless the target repository explicitly requires them. Prefer the repository's conventional
105
+ commit or title style so the changed behavior stays first.
100
106
  - First screen should contain conclusion, impact, and requested decision. Move long logs, full outputs, screenshots, and alternatives below or into `<details>`.
101
107
  - Headings should answer one question each. Avoid dump headings such as `Details`, `Misc`, `Notes`, or `Context` unless the repository template requires them.
102
108
  - Separate observed facts, current hypotheses, decisions, and unknowns. Use `Cause` only when the cause is confirmed.
103
109
  7. For bug issues, require actual behavior, expected behavior, exact reproduction steps, smallest reasonable reproduction, version, environment, relevant logs or screenshots, regression status, attempted workarounds, concrete impact, and completion criteria.
104
110
  8. For feature or enhancement issues, require user problem, affected users, current workflow, desired workflow, why existing behavior is insufficient, related discussions, compatibility impact, alternatives considered, and non-goals when the proposal can sprawl.
105
111
  9. For documentation issues, require exact page, section, symbol, command, or example; current wording or behavior; expected wording or explanation; and evidence that the current documentation is stale or misleading when available.
106
- 10. For pull requests, require focused scope, linked issue or prior discussion when non-trivial, changed behavior, intentionally unchanged behavior, tests added or updated, exact verification results, compatibility notes for public surfaces, UI screenshots when relevant, and draft status when incomplete.
112
+ 10. For pull requests, require focused scope, linked issue or prior discussion when non-trivial, changed behavior, intentionally unchanged behavior, tests added or updated, exact verification results, compatibility notes for public surfaces, UI screenshots when relevant, and a readiness decision.
113
+ - Use ready-for-review as the default for small, independent fixes or narrow improvements when
114
+ the relevant checks were run, known limitations can be stated in the PR body, and no
115
+ maintainer design decision is needed.
116
+ - Use draft only when the PR is intentionally discussion-first, changes public API shape, needs
117
+ design direction, has blocked or intentionally incomplete verification, or is likely to
118
+ conflict with other active work.
119
+ - If a draft PR becomes ready after verification, mark that transition in the PR body or update
120
+ comment instead of leaving the ready state implicit.
121
+ - Do not re-request review merely because a draft was marked ready. Re-request only when a
122
+ specific reviewer was already involved, the maintainer asked for it, or repository rules say
123
+ to request review after the ready transition.
107
124
  11. For PR review guidance, provide a review order by reasoning path rather than dumping changed files. Name files or commits only when they help reviewers inspect behavior, generated output, tests, or mechanical-only changes in the right order.
108
125
  12. For review replies, answer the maintainer's actual question first. Provide requested logs, reproduction, design tradeoff, tests, or blocker. Do not answer a different question because it is easier.
109
126
  13. Use Markdown elements by job, not decoration.
@@ -134,7 +151,8 @@ The goal is not polished prose. The goal is verified, scoped, actionable informa
134
151
  - do not submit AI output that the human contributor has not reviewed, cannot explain, or could have tested but did not.
135
152
  18. Choose a gate decision before writing the final draft:
136
153
  - `POST` when the content follows repository rules and has enough verified value;
137
- - `POST_AS_DRAFT` when a PR direction is useful but not ready for final review;
154
+ - `POST_AS_DRAFT` when a PR direction is useful but not ready for final review, such as
155
+ discussion-first work, public API shape changes, blocked verification, or design approval;
138
156
  - `ASK_IN_EXISTING_THREAD` when the evidence belongs in a related issue or PR;
139
157
  - `DO_NOT_POST` when the content lacks verified value, duplicates existing content, violates repository rules, or the human contributor cannot defend it;
140
158
  - `PRIVATE_SECURITY_REPORT` when the content should not be public.
@@ -149,6 +167,8 @@ The goal is not polished prose. The goal is verified, scoped, actionable informa
149
167
  - Duplicate search is summarized with confidence.
150
168
  - Every technical claim in the draft is tied to evidence or marked uncertain.
151
169
  - Title, first-screen summary, section order, Markdown elements, verification, and risk handling help maintainers decide what to do next.
170
+ - PR readiness, draft state, and review-request behavior are chosen from evidence instead of using
171
+ draft or re-request as generic defaults.
152
172
  - Security-sensitive content is not prepared for public posting.
153
173
  - AI assistance is disclosed when required or material.
154
174
  - The draft helps maintainers act faster or the skill blocks posting.
@@ -185,10 +205,12 @@ Use `changes_status` and `changes_diff_summary` when drafting a PR description o
185
205
  - Duplicate and context check
186
206
  - Evidence checked
187
207
  - Information-structure and Markdown checks
208
+ - PR title, readiness, and review-request decision when relevant
188
209
  - Missing evidence
189
210
  - Draft
190
211
  - Final self-check:
191
212
  - Does the title state the observed issue result or PR outcome instead of metadata?
213
+ - Does the PR title avoid agent, assistant, vendor, or tool prefixes unless the repository requires them?
192
214
  - Can a maintainer understand the conclusion, impact, and requested action from the first screen?
193
215
  - Do headings, tables, task lists, details blocks, code blocks, screenshots, and links each have one clear job?
194
216
  - Can a maintainer reproduce or review this without guessing?
@@ -197,6 +219,8 @@ Use `changes_status` and `changes_diff_summary` when drafting a PR description o
197
219
  - Is every technical claim backed by evidence?
198
220
  - Are facts, hypotheses, decisions, and unknowns separated?
199
221
  - Does a PR include review focus, verification results, unverified areas, and risk or rollback notes when relevant?
222
+ - Is a verified small PR ready for review instead of unnecessarily draft?
223
+ - If a draft PR became ready, is any review re-request justified by maintainer request, repository rules, or an already involved reviewer?
200
224
  - Were feasible tests or verification checks run or honestly skipped?
201
225
  - Is AI assistance disclosed when required or material?
202
226
  - Can the human contributor explain and defend the content without AI?
@@ -2,11 +2,11 @@
2
2
  mustflow_doc: skill.html-code-change
3
3
  locale: en
4
4
  canonical: true
5
- revision: 3
5
+ revision: 4
6
6
  lifecycle: mustflow-owned
7
7
  authority: procedure
8
8
  name: html-code-change
9
- description: Apply this skill when HTML, templates, JSX or component markup, native forms, controls, popovers, dialogs, navigation, tables, media, metadata, SEO head content, or structured data are created or changed.
9
+ description: Apply this skill when HTML, templates, JSX or component markup, semantic document structure, native forms, controls, popovers, dialogs, navigation, tables, media, metadata, SEO head content, or structured data are created or changed.
10
10
  metadata:
11
11
  mustflow_schema: "1"
12
12
  mustflow_kind: procedure
@@ -47,6 +47,7 @@ Preserve semantic structure, native controls, keyboard access, focus behavior, f
47
47
 
48
48
  - Existing page layout, document shell, head/SEO helpers, metadata builders, canonical URL helpers, sitemap or robots config, form components, interactive control components, and tests.
49
49
  - Target framework conventions for rendering, routing, hydration, and metadata.
50
+ - Semantic structure ledger: the intended `main`, landmark, heading, `section`, `article`, `nav`, `time`, `figure`, form group, table, media, and visible-label contracts.
50
51
  - Visible page content, H1 or primary title, main entity, locale, indexing intent, and data sources for title, description, image, author, date, price, rating, availability, and FAQ content when metadata changes.
51
52
  - Browser-native behavior expected from the markup: navigation, form submission, validation, autocomplete, input modality, popover behavior, dialog focus, inert background handling, media sizing, lazy loading, and history integration.
52
53
  - Accessibility and validation tooling declared in the command contract.
@@ -73,25 +74,37 @@ Preserve semantic structure, native controls, keyboard access, focus behavior, f
73
74
 
74
75
  1. Read the page shell, route layout, metadata helpers, component patterns, and tests before editing.
75
76
  2. Check document outline, landmarks, source order, and heading levels.
76
- 3. Classify each interactive element by intent. Navigation to a URL uses an anchor with `href`. Commands, toggles, submit actions, open/close actions, destructive actions, copy actions, disclosure triggers, and modal triggers use buttons.
77
- 4. Use native form controls for text entry, selection, checkbox, radio, and file input. Use grouped native radio or checkbox controls with fieldset and legend when the group label matters.
78
- 5. Treat composite widgets such as tabs, action menus, comboboxes, listboxes, trees, grids, and custom selects as high-risk. Prefer native HTML or an existing audited component; otherwise implement the complete role, state, focus, and keyboard pattern.
79
- 6. Reject clickable `div` or `span` controls, clickable icons without buttons, anchors without `href`, links used as buttons, nested interactive controls, positive `tabindex`, focusable `aria-hidden` content, and focus outline removal without a replacement focus style.
80
- 7. Use ARIA only when native HTML cannot express the needed semantics. Validate the role is legal for the element, the accessible name exists, required states are present, visual and ARIA states stay synchronized, keyboard behavior matches the widget pattern, and focus behavior is explicit.
81
- 8. For custom legacy button-like elements that cannot be replaced, require `role`, focusability, Enter activation, Space activation, Space scroll prevention, pointer activation, duplicate-event prevention, and visible focus. Use native buttons instead whenever possible.
82
- 9. For popovers, prefer the native popover pattern for lightweight anchored disclosure, teaching UI, picker panels, or menus that do not need modal focus trapping. Verify trigger ownership, light-dismiss behavior, focus behavior, accessible name, and fallback or browser target.
83
- 10. For dialogs, prefer native dialog when the project can support it. Otherwise implement focus entry, Tab and Shift+Tab containment, Escape behavior, inert or unreachable background content, visible close or cancel control, focus return, and an accessible name.
84
- 11. Do not use dialog for every overlay. Use popover for non-modal transient UI, details/summary for simple disclosure, and dialog for modal tasks or interruptions that require focus containment.
85
- 12. For tabs, use tablist, tab, and tabpanel semantics only for a real tabbed interface. Require one active tab, panel linkage, roving tabindex, arrow key movement, Home and End where expected, and Enter or Space activation when activation is manual.
86
- 13. For menus, do not use ARIA menu roles for ordinary site navigation. Site navigation is a nav landmark with links. Use ARIA menu patterns only for application-style action menus with a button trigger, expanded state, focus strategy, Escape close behavior, and focus return.
87
- 14. For forms, verify visible label association, help association, error association, required text, native required state, autocomplete, `inputmode`, `enterkeyhint`, validation timing, invalid state, error summary behavior, and submission behavior.
88
- 15. Prefer native constraint validation for simple required, type, length, pattern, range, and step rules. Add custom validation only for business rules, cross-field rules, async validation, or localized error ownership the native browser cannot express.
89
- 16. Use placeholder, title, aria-label, color, icon, or toast-only feedback only as supplementary affordances, not as the only label, required indicator, or error explanation.
90
- 17. For metadata, read visible content and the metadata generation path first. Keep title, description, canonical, Open Graph, Twitter or X card data, robots, hreflang, and JSON-LD aligned with visible content, locale, URL, and indexing intent.
91
- 18. Structured data must describe content visible on the same page. Do not invent ratings, reviews, FAQ items, authors, prices, availability, dates, organizations, product properties, or claims not backed by the page data source.
92
- 19. Ensure every HTML page has a valid non-empty language and responsive viewport that does not disable zoom. Mixed-language passages should identify their language when needed.
93
- 20. Keep inline script and style minimal; move behavior and styling to the existing project layers unless the framework requires an inline boundary.
94
- 21. Choose configured verification intents that cover markup validity, lint, build, accessibility, route rendering, metadata, and docs when available.
77
+ 3. Treat semantic HTML as a machine-readable contract, not as styling decoration. Use `div` for pure wrappers and styling shells.
78
+ 4. Use `section` only for a thematic group that has a heading or explicit accessible label. Do not use `section` as a card, spacing, or script wrapper.
79
+ 5. Use `article` only for self-contained content that remains meaningful when syndicated, embedded, or moved out of the list, such as posts, articles, reviews, comments, or complete product entries.
80
+ 6. Use `nav` only for major navigation or table-of-contents regions. Do not label every incidental link group as navigation.
81
+ 7. Keep exactly one active visible `main` region for the page or current SPA view. Do not put repeated headers, footers, sidebars, or global navigation inside the main content unless that is the actual page task.
82
+ 8. Treat heading elements as content outline, not font-size controls. Preserve hierarchy by meaning, and use CSS for visual scale.
83
+ 9. Classify each interactive element by intent. Navigation to a URL uses an anchor with `href`. Commands, toggles, submit actions, open/close actions, destructive actions, copy actions, disclosure triggers, and modal triggers use buttons.
84
+ 10. Use native form controls for text entry, selection, checkbox, radio, and file input. Use grouped native radio or checkbox controls with fieldset and legend when the group label matters.
85
+ 11. Keep interactive elements out of labels. Do not place terms links, help buttons, or other controls inside a `label`; connect the label with `for` and `id`, then place related links or buttons outside the label.
86
+ 12. Treat composite widgets such as tabs, action menus, comboboxes, listboxes, trees, grids, and custom selects as high-risk. Prefer native HTML or an existing audited component; otherwise implement the complete role, state, focus, and keyboard pattern.
87
+ 13. Reject clickable `div` or `span` controls, clickable icons without buttons, anchors without `href`, links used as buttons, nested interactive controls, positive `tabindex`, focusable `aria-hidden` content, and focus outline removal without a replacement focus style.
88
+ 14. Use ARIA only when native HTML cannot express the needed semantics. Validate the role is legal for the element, the accessible name exists, required states are present, visual and ARIA states stay synchronized, keyboard behavior matches the widget pattern, and focus behavior is explicit.
89
+ 15. For custom legacy button-like elements that cannot be replaced, require `role`, focusability, Enter activation, Space activation, Space scroll prevention, pointer activation, duplicate-event prevention, and visible focus. Use native buttons instead whenever possible.
90
+ 16. For popovers, prefer the native popover pattern for lightweight anchored disclosure, teaching UI, picker panels, or menus that do not need modal focus trapping. Verify trigger ownership, light-dismiss behavior, focus behavior, accessible name, and fallback or browser target.
91
+ 17. For dialogs, prefer native dialog when the project can support it. Otherwise implement focus entry, Tab and Shift+Tab containment, Escape behavior, inert or unreachable background content, visible close or cancel control, focus return, and an accessible name.
92
+ 18. Do not use dialog for every overlay. Use popover for non-modal transient UI, details/summary for simple disclosure, and dialog for modal tasks or interruptions that require focus containment.
93
+ 19. For tabs, use tablist, tab, and tabpanel semantics only for a real tabbed interface. Require one active tab, panel linkage, roving tabindex, arrow key movement, Home and End where expected, and Enter or Space activation when activation is manual.
94
+ 20. For menus, do not use ARIA menu roles for ordinary site navigation. Site navigation is a nav landmark with links. Use ARIA menu patterns only for application-style action menus with a button trigger, expanded state, focus strategy, Escape close behavior, and focus return.
95
+ 21. For forms, verify visible label association, help association, error association, required text, native required state, autocomplete, `inputmode`, `enterkeyhint`, validation timing, invalid state, error summary behavior, and submission behavior.
96
+ 22. Prefer native constraint validation for simple required, type, length, pattern, range, and step rules. Add custom validation only for business rules, cross-field rules, async validation, or localized error ownership the native browser cannot express.
97
+ 23. Use placeholder, title, aria-label, color, icon, or toast-only feedback only as supplementary affordances, not as the only label, required indicator, or error explanation.
98
+ 24. Use `time` with a machine-readable `datetime` when the content represents a precise date, time, duration, or time-like value that tests, crawlers, calendars, or automation may need to parse.
99
+ 25. Use `figure` and `figcaption` only for self-contained referenced media, code, diagrams, charts, screenshots, or examples whose caption describes the figure. Do not use `figcaption` for ordinary card titles or unrelated image captions.
100
+ 26. Use real tables for tabular data. Include a useful `caption` when the table needs a name, use `th` for row and column headers, and set `scope` when it clarifies the header relationship.
101
+ 27. For meaningful media, prefer `img`, `picture`, `video`, or framework media components that preserve alt text, intrinsic dimensions, responsive candidate selection, and browser discovery. Keep decorative media out of the accessibility tree.
102
+ 28. For responsive image markup, verify `width`, `height`, `srcset`, `sizes`, `picture` art direction, and lazy or eager loading reflect the rendered slot. Route LCP, preload, priority, CDN, or byte-size claims to `image-delivery-performance-review`.
103
+ 29. For metadata, read visible content and the metadata generation path first. Keep title, description, canonical, Open Graph, Twitter or X card data, robots, hreflang, and JSON-LD aligned with visible content, locale, URL, and indexing intent.
104
+ 30. Structured data must describe content visible on the same page. Do not invent ratings, reviews, FAQ items, authors, prices, availability, dates, organizations, product properties, or claims not backed by the page data source.
105
+ 31. Ensure every HTML page has a valid non-empty language and responsive viewport that does not disable zoom. Mixed-language passages should identify their language when needed.
106
+ 32. Keep inline script and style minimal; move behavior and styling to the existing project layers unless the framework requires an inline boundary.
107
+ 33. Choose configured verification intents that cover markup validity, lint, build, accessibility, route rendering, metadata, and docs when available.
95
108
 
96
109
  <!-- mustflow-section: form-accessibility -->
97
110
  ## Form Accessibility Rules
@@ -128,16 +141,19 @@ Reject or revise the patch when any of these appear without strong justification
128
141
 
129
142
  - New `div` or `span` interaction where a native link, button, or form control would work.
130
143
  - Anchors without `href`, buttons implemented as links, links implemented as buttons, nested interactive controls, clickable icons without native controls, or site navigation using ARIA menu roles.
144
+ - Decorative `section`, card-only `article`, incidental-link `nav`, multiple active `main` regions, headings chosen for visual size, labels containing nested interactive controls, or data tables rebuilt as non-table grids.
131
145
  - Custom controls without complete accessible name, role, state, keyboard, focus, and hidden-content behavior.
132
146
  - Popovers, dialogs, or overlays that replace native behavior without trigger, focus, light-dismiss, inert, or fallback review.
133
147
  - Positive `tabindex`, hidden content that remains tabbable, focusable `aria-hidden` content, or invisible focus.
134
148
  - Form controls without visible labels, placeholder-only labels, disconnected help or error text, color-only required or error state, premature `aria-invalid`, or autocomplete removed without reason.
149
+ - Meaningful dates without parseable `time datetime`, figures used for ordinary card content, tables without header relationships, or meaningful media that lacks alt, intrinsic dimensions, or responsive candidate review.
135
150
  - Metadata or JSON-LD that contradicts visible content, fabricates facts, points canonical or social URL at the wrong page, disables zoom, omits page language, or accidentally noindexes a public page.
136
151
 
137
152
  <!-- mustflow-section: postconditions -->
138
153
  ## Postconditions
139
154
 
140
155
  - Markup communicates the intended structure without relying on visual styling alone.
156
+ - Sections, articles, navigation, main regions, headings, forms, figures, tables, time values, and media expose truthful document semantics.
141
157
  - Keyboard and focus behavior are preserved.
142
158
  - Forms have labels and errors connected.
143
159
  - Metadata and structured data reflect visible content.
@@ -0,0 +1,278 @@
1
+ ---
2
+ mustflow_doc: skill.react-code-change
3
+ locale: en
4
+ canonical: true
5
+ revision: 1
6
+ lifecycle: mustflow-owned
7
+ authority: procedure
8
+ name: react-code-change
9
+ description: Apply this skill when React, React DOM, React Server Components, Server Actions, React Compiler, Hooks, Suspense, Actions, forms, refs, context, concurrent rendering, SSR streaming, resource hints, package metadata, or React-related tests are created, changed, reviewed, or upgraded.
10
+ metadata:
11
+ mustflow_schema: "1"
12
+ mustflow_kind: procedure
13
+ pack_id: mustflow.core
14
+ skill_id: mustflow.core.react-code-change
15
+ command_intents:
16
+ - changes_status
17
+ - changes_diff_summary
18
+ - lint
19
+ - build
20
+ - test_related
21
+ - test
22
+ - docs_validate_fast
23
+ - test_release
24
+ - mustflow_check
25
+ ---
26
+
27
+ # React Code Change
28
+
29
+ <!-- mustflow-section: purpose -->
30
+ ## Purpose
31
+
32
+ Preserve React runtime, rendering, state, effect, compiler, server/client,
33
+ form, resource, accessibility, and package-version contracts when changing
34
+ React projects, especially open-source contribution patches where maintainers
35
+ expect current React guidance and small, compatible changes.
36
+
37
+ <!-- mustflow-section: use-when -->
38
+ ## Use When
39
+
40
+ - React components, Hooks, context, refs, Suspense boundaries, transitions,
41
+ deferred values, forms, Actions, optimistic UI, React DOM metadata, resource
42
+ hints, SSR streaming, React Server Components, Server Actions, or tests change.
43
+ - `react`, `react-dom`, `react-server-dom-*`, `eslint-plugin-react-hooks`,
44
+ React Compiler, framework adapters, bundlers, JSX transforms, or React package
45
+ metadata changes.
46
+ - A contribution proposes React performance, memoization, effect-dependency,
47
+ hydration, server/client boundary, form mutation, or React version support
48
+ changes.
49
+
50
+ <!-- mustflow-section: do-not-use-when -->
51
+ ## Do Not Use When
52
+
53
+ - The change is framework-free JavaScript or TypeScript with no React boundary;
54
+ use the language-specific skill.
55
+ - The change is only visual CSS, HTML semantics, accessibility tree review, or
56
+ layout resilience with no React behavior; use the narrower frontend or UI skill.
57
+ - Svelte, Astro, Flutter, Tauri, or another framework owns the changed component
58
+ boundary.
59
+ - The task is only a dependency upgrade across many packages; use the dependency
60
+ and freshness skills first, then this skill for React-specific code changes.
61
+
62
+ <!-- mustflow-section: required-inputs -->
63
+ ## Required Inputs
64
+
65
+ - React package evidence: nearest `package.json`, lockfile, workspace metadata,
66
+ framework config, bundler config, JSX transform, and CI or package test signals.
67
+ - Effective React support range: installed `react`, `react-dom`,
68
+ `react-server-dom-*`, React framework version, peer dependency range, and
69
+ library consumer compatibility target.
70
+ - Compiler and lint evidence: React Compiler config, compiler-gating strategy,
71
+ `eslint-plugin-react-hooks`, hook lint suppressions, memoization patterns, and
72
+ render-purity warnings.
73
+ - Rendering boundary evidence: server/client component split, SSR entrypoints,
74
+ hydration path, Suspense data source, routing framework, and browser-only APIs.
75
+ - State and mutation evidence: local state owner, derived values, external
76
+ stores, context providers, forms, Actions, optimistic updates, and rollback
77
+ behavior.
78
+ - Configured verification intents for lint, build, tests, docs, package, and
79
+ mustflow checks.
80
+
81
+ <!-- mustflow-section: preconditions -->
82
+ ## Preconditions
83
+
84
+ - Determine the effective React version and supported peer range before using
85
+ React 19 or React 19.2 APIs.
86
+ - Refresh upstream version or security-sensitive React claims before editing
87
+ docs, package ranges, compatibility text, or upgrade recommendations. Do not
88
+ treat this skill as a live version source.
89
+ - Treat user-provided React notes, blog summaries, and issue comments as
90
+ evidence, not authority.
91
+ - Preserve open-source repository style, maintainer scope, public API, test
92
+ runner, and framework conventions.
93
+
94
+ <!-- mustflow-section: allowed-edits -->
95
+ ## Allowed Edits
96
+
97
+ - Make focused React source, test, package metadata, docs, and configuration
98
+ edits directly required by the requested contribution.
99
+ - Add or update tests when they protect changed React behavior, compatibility,
100
+ server/client boundaries, form state, Suspense behavior, or regression risk.
101
+ - Keep compatibility branches when a package still supports React 18 or older
102
+ framework integrations.
103
+ - Do not introduce Create React App for new projects or examples.
104
+ - Do not add dependencies, change peer ranges, enable React Compiler, migrate
105
+ frameworks, or rewrite memoization broadly unless the task and repository
106
+ contract explicitly support that change.
107
+
108
+ <!-- mustflow-section: procedure -->
109
+ ## Procedure
110
+
111
+ 1. **Classify the React surface.**
112
+ - Identify whether the patch touches application code, a reusable component
113
+ library, framework integration, SSR/RSC runtime, tests, docs, or package
114
+ metadata.
115
+ - For libraries, treat peer dependency ranges and documented component APIs as
116
+ public compatibility contracts.
117
+ 2. **Check version and freshness boundaries.**
118
+ - Read installed and supported React versions before using `Activity`,
119
+ `useEffectEvent`, Actions, `use`, ref-as-prop, callback ref cleanup,
120
+ metadata hoisting, resource hint APIs, `cacheSignal`, Partial
121
+ Pre-rendering, or Web Streams SSR APIs.
122
+ - Use current official React docs or release metadata for exact "latest",
123
+ patch, security, or deprecation claims. As a snapshot checked on
124
+ 2026-06-26, official React docs describe React 19.2 as the current
125
+ feature line, and GitHub release metadata showed `v19.2.7` released on
126
+ 2026-06-01; re-check before relying on those values in future work.
127
+ - For RSC packages, check patched `react-server-dom-webpack`,
128
+ `react-server-dom-parcel`, and `react-server-dom-turbopack` versions when
129
+ security advisories or framework updates are part of the task.
130
+ 3. **Keep app setup modern and local.**
131
+ - Do not propose Create React App for new projects. Follow the repository's
132
+ existing framework or build tool; for new React app examples, prefer the
133
+ project's chosen framework or modern build-tool pattern.
134
+ - Do not migrate an existing stack to Next.js, Vite, Parcel, Rsbuild, or a
135
+ React framework merely because React documentation recommends frameworks
136
+ for new apps.
137
+ 4. **Repair effects by responsibility.**
138
+ - Use Effects for synchronization with external systems such as timers,
139
+ subscriptions, DOM or browser APIs, third-party widgets, network
140
+ connections, and cleanup.
141
+ - Do not use Effects to copy props/state into derived state, send event-owned
142
+ mutations, or paper over rendering data flow.
143
+ - Do not silence `react-hooks/exhaustive-deps` as a default fix. If effect
144
+ logic contains non-reactive event behavior and React 19.2 is supported, use
145
+ `useEffectEvent` for that event-like logic only.
146
+ 5. **Preserve state ownership.**
147
+ - Derive renderable values during render when they are computed from current
148
+ props or state.
149
+ - Use updater functions for repeated state updates based on the previous
150
+ value.
151
+ - Normalize state that can otherwise contradict itself. Avoid duplicated,
152
+ deeply nested, or derived state unless the repository has a clear owner.
153
+ - Use `key` for intentional component state reset, and keep component
154
+ functions at top level so React does not recreate component types on every
155
+ render.
156
+ 6. **Treat memoization and the compiler as contracts, not decoration.**
157
+ - Do not blanket-add `memo`, `useMemo`, or `useCallback` to look faster.
158
+ Require profiler, dependency, identity, or compiler evidence.
159
+ - Do not blanket-remove existing memoization in legacy code without tests;
160
+ removal can change identity, effect dependencies, and compiler output.
161
+ - If React Compiler is enabled or proposed, keep components and Hooks pure,
162
+ keep compiler-powered `eslint-plugin-react-hooks` findings visible, and
163
+ report when compiler verification is missing.
164
+ 7. **Handle context, refs, and external stores deliberately.**
165
+ - Split frequently changing context values from stable actions or identities;
166
+ `memo` does not block re-renders caused by context updates.
167
+ - Use React 19 ref-as-prop and callback-ref cleanup only when the support
168
+ range allows it. Preserve `forwardRef` where React 18 compatibility matters.
169
+ - Expose narrow imperative handles with `useImperativeHandle` instead of
170
+ leaking whole DOM nodes or child internals.
171
+ - Use `useSyncExternalStore` for external mutable stores or subscriptions
172
+ instead of ad hoc Effect plus state mirroring.
173
+ 8. **Use concurrent and async primitives for the right boundary.**
174
+ - Use `startTransition` or `useTransition` for non-urgent updates, but do not
175
+ control text input values through a transition.
176
+ - Use `useDeferredValue` when stale-but-responsive derived UI is acceptable;
177
+ use the `initialValue` form only when the React version supports it.
178
+ - Do not expect Suspense to catch ordinary Effect fetches. Suspense needs
179
+ lazy code, framework data, or cached Promise reads.
180
+ - Treat `use` as render-time Promise or context reading, not a normal Hook
181
+ with the ordinary top-level-only mental model. Do not create fresh Promises
182
+ in render and pass them to `use`.
183
+ 9. **Use React 19 form and Action APIs only when supported.**
184
+ - Prefer `useActionState`, `useFormStatus`, `useOptimistic`, `<form action>`,
185
+ and `formAction` for supported React 19 mutation flows with pending,
186
+ errors, resets, progressive enhancement, and rollback.
187
+ - Keep explicit error handling, authorization, validation, idempotency, and
188
+ rollback behavior. Do not hide server failures behind optimistic UI.
189
+ 10. **Respect React 19.2 rendering and performance APIs.**
190
+ - Treat `<Activity>` as hidden UI with preserved state, unmounted effects,
191
+ and lower-priority hidden updates, not as `display: none` or ordinary
192
+ conditional rendering.
193
+ - Use React Performance Tracks, React DevTools, or existing profiler evidence
194
+ when claiming render, effect, Scheduler, transition, or component
195
+ performance improvements.
196
+ 11. **Keep server rendering and RSC boundaries exact.**
197
+ - Distinguish Server Components from Server Actions. `"use server"` marks
198
+ server functions or modules for actions; it is not a Server Component tag.
199
+ - Keep browser APIs, client state, and event handlers out of Server
200
+ Components; keep secrets and server-only imports out of Client Components.
201
+ - Use `cacheSignal` only for RSC cached work where abort or cleanup is
202
+ meaningful.
203
+ - For Partial Pre-rendering, `prerender`, `resume`, `resumeAndPrerender`,
204
+ and streaming APIs, verify the framework/runtime owns those APIs before
205
+ changing lower-level React DOM server code.
206
+ - In Node environments, do not assume Web Streams are faster than Node
207
+ streams; preserve the existing SSR stream API unless the task proves the
208
+ runtime benefit and compression behavior.
209
+ 12. **Use React DOM document and resource APIs close to the owner.**
210
+ - Metadata, stylesheets with `precedence`, async scripts, `preinit`,
211
+ `preload`, `preconnect`, and `prefetchDNS` may belong near the component
212
+ that needs them when React and the framework support that behavior.
213
+ - Avoid duplicate head managers, resource hint spam, and hints for assets
214
+ whose timing or priority is unproven.
215
+ 13. **Verify through the repository contract.**
216
+ - Run the smallest configured checks that cover changed React code, package
217
+ metadata, build output, docs, and tests.
218
+ - Report missing browser, hydration, SSR, RSC, compiler, profiler, or
219
+ cross-version React verification when those surfaces changed.
220
+
221
+ <!-- mustflow-section: postconditions -->
222
+ ## Postconditions
223
+
224
+ - Effective React version, peer range, framework ownership, and compiler/lint
225
+ status are known or explicitly reported as unknown.
226
+ - Effects, state, memoization, context, refs, forms, Suspense, and async
227
+ boundaries follow React's current model for the supported version.
228
+ - React 19 and React 19.2 APIs are not introduced into code that still promises
229
+ older React compatibility.
230
+ - SSR, RSC, Server Action, browser-only, and resource-hint boundaries are
231
+ preserved.
232
+ - Performance claims have profiler or benchmark evidence, or are reported as
233
+ unverified.
234
+
235
+ <!-- mustflow-section: verification -->
236
+ ## Verification
237
+
238
+ Use configured oneshot command intents when available:
239
+
240
+ - `lint`
241
+ - `build`
242
+ - `test_related`
243
+ - `test`
244
+ - `docs_validate_fast`
245
+ - `test_release`
246
+ - `mustflow_check`
247
+
248
+ Report missing React-version matrix, browser automation, hydration, SSR/RSC,
249
+ Compiler, performance profiling, or package-consumer verification when those
250
+ surfaces changed.
251
+
252
+ <!-- mustflow-section: failure-handling -->
253
+ ## Failure Handling
254
+
255
+ - If React version evidence conflicts, do not assume the newest API is
256
+ available. Preserve the older-compatible path or report the compatibility
257
+ decision.
258
+ - If an effect dependency fix causes reconnects, stale closures, or event logic
259
+ churn, separate reactive synchronization from event-like behavior instead of
260
+ disabling lint.
261
+ - If a compiler or memoization change shifts behavior, restore the previous
262
+ identity boundary or add focused evidence before continuing.
263
+ - If Suspense, `use`, Actions, or RSC behavior is framework-owned, read the
264
+ framework boundary before editing raw React assumptions.
265
+ - If freshness checks are unavailable for a React release, security patch, or
266
+ deprecation claim, avoid embedding exact "latest" wording and report the gap.
267
+
268
+ <!-- mustflow-section: output-format -->
269
+ ## Output Format
270
+
271
+ - React surface and supported version checked
272
+ - Compiler, lint, effect, state, memoization, context, ref, form, Suspense, SSR,
273
+ RSC, and resource-boundary notes
274
+ - Freshness-sensitive React claims checked or left conservative
275
+ - Files changed
276
+ - Command intents run
277
+ - Skipped checks and reasons
278
+ - Remaining React compatibility or verification risk
@@ -150,6 +150,12 @@ route_type = "primary"
150
150
  priority = 50
151
151
  applies_to_reasons = ["unknown_change", "docs_change", "mustflow_docs_change", "workflow_change", "product_change"]
152
152
 
153
+ [routes."complex-decision-analysis"]
154
+ category = "workflow_contracts"
155
+ route_type = "primary"
156
+ priority = 45
157
+ applies_to_reasons = ["unknown_change", "product_change", "cross_cutting_code_change"]
158
+
153
159
  [routes."codebase-orientation"]
154
160
  category = "general_code"
155
161
  route_type = "primary"
@@ -426,6 +432,24 @@ route_type = "primary"
426
432
  priority = 85
427
433
  applies_to_reasons = ["code_change", "public_api_change", "test_change", "package_metadata_change"]
428
434
 
435
+ [routes."c-code-change"]
436
+ category = "general_code"
437
+ route_type = "primary"
438
+ priority = 85
439
+ applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "performance_change", "security_change", "package_metadata_change", "release_risk"]
440
+
441
+ [routes."shell-code-change"]
442
+ category = "general_code"
443
+ route_type = "primary"
444
+ priority = 85
445
+ applies_to_reasons = ["code_change", "behavior_change", "public_api_change", "test_change", "docs_change", "workflow_change", "security_change", "package_metadata_change", "release_risk"]
446
+
447
+ [routes."structured-config-change"]
448
+ category = "workflow_contracts"
449
+ route_type = "primary"
450
+ priority = 84
451
+ applies_to_reasons = ["code_change", "docs_change", "workflow_change", "mustflow_config_change", "package_metadata_change", "test_change", "security_change", "release_risk"]
452
+
429
453
  [routes."node-code-change"]
430
454
  category = "general_code"
431
455
  route_type = "primary"
@@ -960,6 +984,12 @@ route_type = "primary"
960
984
  priority = 85
961
985
  applies_to_reasons = ["ui_change", "docs_change", "code_change", "behavior_change", "migration_change", "package_metadata_change"]
962
986
 
987
+ [routes."react-code-change"]
988
+ category = "ui_assets"
989
+ route_type = "primary"
990
+ priority = 85
991
+ applies_to_reasons = ["ui_change", "code_change", "behavior_change", "public_api_change", "data_change", "security_change", "privacy_change", "performance_change", "test_change", "package_metadata_change", "release_risk"]
992
+
963
993
  [routes."svelte-code-change"]
964
994
  category = "ui_assets"
965
995
  route_type = "primary"