channel-conformance

star 5.1k

Research, implement, review, and validate one first-party Flue HTTP channel across its package, example, channel blueprint, documentation, Node runtime, Cloudflare Workers runtime, and publish artifact. Use when adding a provider channel, expanding an existing channel's verified HTTP surface, auditing channel conformance, or evaluating whether a provider is eligible for the stateless webhook model.

withastro By withastro schedule Updated 6/15/2026
play_arrow Run Skill in Manus View GitHub

name: channel-conformance description: Research, implement, review, and validate one first-party Flue HTTP channel across its package, example, channel blueprint, documentation, Node runtime, Cloudflare Workers runtime, and publish artifact. Use when adding a provider channel, expanding an existing channel's verified HTTP surface, auditing channel conformance, or evaluating whether a provider is eligible for the stateless webhook model.

Channel Conformance

Build one provider channel to a release-ready state without releasing it. Treat each provider as a test of Flue's channel foundation: preserve provider-native semantics, compare the result with existing channels, and improve shared machinery only when concrete cross-provider evidence justifies it.

Read the repository instructions and the active provider plan first. Read references/audit-matrix.md before designing the package or declaring it complete.

Preserve The Product Boundary

Flue owns:

  • authenticated, verified HTTP ingress;
  • fixed discovered routes beneath channels/<name>.ts;
  • provider-native typed payloads and required protocol responses;
  • delivery and canonical conversation identity where the provider supplies it;
  • predictable Hono-compatible handler results.

The application owns:

  • provider SDK or Fetch clients and credentials used for outbound operations;
  • defineTool() definitions and authorization policy;
  • app installation, OAuth, token storage, refresh, and rotation;
  • webhook or subscription registration and renewal;
  • deduplication and business persistence.

Do not add a universal event schema, generic outbound client, provider tool collection, installation framework, or long-lived transport. Conversation keys are identifiers, never authorization capabilities.

Preserve Provider Payloads And Types

Provider-native payloads are the default channel contract. Before defining any event, interaction, command, or webhook types, look for an authoritative provider-maintained type package, provider SDK export, generated schema, or well-maintained DefinitelyTyped package. Prefer re-exporting those types over creating a parallel Flue model.

Pass the provider's parsed wire object through without renaming fields, moving properties, filtering valid deliveries, or replacing provider discriminants with Flue discriminants. Name the callback property for the provider surface, such as payload, interaction, command, or another provider-native term; there is no universal requirement to call it event. When the useful provider object is an outer delivery envelope, prefer one unduplicated argument such as { c, payload } and let users access its nested fields directly.

Validate only what Flue needs to own the ingress boundary:

  • authentication and replay protection;
  • body and transport encoding;
  • mandatory protocol handshakes or responses;
  • configured application, tenant, or destination identity only when the provider protocol does not already bind it cryptographically and the constructor intentionally promises that restriction;
  • the minimal structure required to route and invoke application code.

TypeScript types do not require exhaustive runtime schema validation after an authenticated provider request. Forward authenticated deliveries to application code unless the request is a package-owned protocol message. Filtering bots, message subtypes, event families, and other valid provider behavior is application policy. Workspace allowlists, tenant authorization, and installation policy also remain application concerns unless they are an explicit part of the channel's necessary verification contract.

Define local wire-shaped types only when no suitable authoritative type exists, or when a narrow Flue-owned transport wrapper has no provider type. Keep field names and nesting faithful to the provider. Do not add unknown variants, normalized unions, or camel-cased mirrors merely to create consistency across channels.

Avoid a large runtime dependency solely to acquire its types. A lightweight authoritative type package may be a direct dependency and re-exported from the channel package. If the only official types live inside a broad framework, define the smallest provider-faithful local wire types needed for the surface.

Establish Eligibility Before Implementation

Research current primary provider sources. Use official protocol, authentication, retry, SDK, runtime, and API documentation or official source. Browse because these details are time-sensitive.

Establish:

  • the useful inbound HTTP surfaces and mandatory handshakes or responses;
  • exact authentication and byte-preservation requirements;
  • event families, batching, retries, delivery identity, and deadlines;
  • stable provider, tenant, conversation, actor, and resource identity;
  • whether useful ingress is stateless HTTP rather than polling or a persistent socket;
  • a credible Node and Cloudflare Workers implementation path;
  • the best authoritative provider-native type source and its dependency cost;
  • an outbound SDK or narrow Fetch client suitable for the editable example.

Defer the provider when useful ingress requires a long-lived process, a provider-managed service inside Flue, unverifiable inbound requests, or a Node-only canonical path with no defensible Workers alternative. Record the evidence and blocker rather than weakening the gate.

If a third-party implementation repository is supplied as an educational reference, inspect only its public capability inventory and integration requirements. Do not read or derive from its implementation, types, tests, fixtures, snapshots, or payloads. Produce original code and synthetic fixtures from primary specifications.

Use Subagents Deliberately

When subagents are available, delegate independent side work such as:

  • primary-source protocol and security research;
  • Cloudflare and dependency viability research;
  • focused package, workerd, docs, or artifact review;
  • a final independent gap audit.

Tell every delegated agent that it must not spawn subagents. Give editing agents disjoint ownership and tell them not to revert concurrent work. Do not delegate the immediate blocking decision or final reconciliation. The primary agent must inspect the evidence, resolve conflicts, and own correctness.

Design From Provider Semantics

Before editing, write a short design brief in the active plan:

  • package, blueprint, file, and route names;
  • constructor inputs and optional surfaces;
  • verification strategy and runtime dependencies;
  • provider-native callback payload, authoritative type source, and forward-compatible delivery behavior;
  • provider response and timeout behavior;
  • delivery and conversation identity;
  • example client choice and Cloudflare evidence;
  • explicit non-goals and any deferrals.

Use the nearest existing packages as structural references, not templates to copy mechanically. Constructor arguments and route count are provider-specific. Prefer fixed route suffixes such as /webhook, /events, /interactions, or another provider-native noun. Omitted optional handlers should omit their routes unless the provider protocol requires an always-present endpoint.

Callbacks receive one extensible object preserving the Hono Context, such as { c, payload }, { c, interaction }, or another provider-appropriate shape. Use the established result contract unless the protocol requires stricter behavior:

  • no returned value becomes an empty successful response;
  • a JSON-compatible value becomes the response JSON body;
  • a normal Hono or Fetch Response passes through unchanged.

Required handshakes and interaction responses may have provider-specific contracts. Verify requests before invoking application code.

Implement The Complete Provider Slice

Implement the package, tests, example, channel blueprint, setup guide, API reference, navigation, package preparation mapping, and changelog entry as one provider workstream. Inspect current repository patterns because the package set and build wiring may have changed.

When authoring the ecosystem guide, follow the shared editorial pattern in ../documentation-writer/references/ecosystem-channel-guides.md. Adapt it to provider semantics rather than forcing identical sections.

Keep package runtime dependencies minimal:

  • use Hono directly for public context and handler types;
  • add a standards-based authentication dependency only when it materially improves correctness;
  • accept or depend on a provider SDK inside the channel package only when the provider's own verified-ingress API is the best cross-runtime implementation;
  • otherwise keep provider SDKs in the editable example and channel blueprint.

The example must demonstrate the intended developer experience:

  • export channel;
  • export a real project-owned client;
  • dispatch a useful verified event to an agent;
  • show grouped switch cases where appropriate;
  • define a narrow application-owned tool when an outbound operation is useful;
  • bind destinations and credentials in trusted code;
  • include route comments with the complete discovered URL;
  • keep optional routes visible but commented out when that best teaches the provider without publishing unused surfaces.

Do not contact live provider APIs. Exercise the actual recommended client against a fake transport in Node and workerd.

Test Observable Contracts

Create original synthetic payloads from the protocol specification. Test public behavior rather than private helpers.

Prove:

  • valid and invalid authentication over exact request bytes;
  • content type, malformed input, body limit, and required-header behavior;
  • handshakes, mandatory acknowledgements, response serialization, errors, and deadlines;
  • provider-native payload pass-through without field renaming or valid-event filtering;
  • representative provider discriminants and an authenticated future or otherwise unmodeled discriminant when the type system permits it;
  • tenant/application identity checks where configuration fixes that identity;
  • delivery, batching, retry, and conversation identity semantics;
  • optional route publication;
  • actual execution in Node and workerd;
  • the example's outbound request construction through a fake transport;
  • Node and Cloudflare example builds.

Do not claim Cloudflare support from bundling alone. Execute the verification path and canonical example client in workerd with Flue's required nodejs_compat configuration. Node API usage is acceptable when Cloudflare implements the required behavior, but imports backed only by non-functional compatibility stubs are not. Actual workerd execution remains the gate.

Audit Artifacts And Developer Surfaces

Run focused package and example checks during implementation, then the relevant repository-wide gates. Prepare and pack the package, inspect the tarball, and compile a clean strict consumer from packed artifacts. Exercise the named blueprint through the real built flue add path and build the documentation and blueprint registry.

Run a built-example webhook smoke test with locally generated valid and invalid requests. Confirm that no test or build contacts the provider.

Use the audit matrix for the complete evidence set and adapt commands to the current package scripts. Do not add a generic conformance script or duplicate provider protocol assertions outside provider-owned suites.

Run A Scope And Simplicity Audit

Before final review, examine every public option, type, validation branch, helper, response path, and test for whether its value justifies making Flue responsible for it. Prefer deletion and standard platform behavior when the provider contract does not require custom machinery.

Apply these questions:

  • Does request authentication already establish the identity that another constructor option or allowlist rechecks? Do not turn application authorization policy into channel verification without a concrete protocol requirement.
  • Does a package-owned timeout actually cancel work? Do not race a callback against a timer when the callback can continue after the response; document the provider deadline and let applications admit durable work promptly.
  • Is a local payload type current, useful, and otherwise unavailable? Type the smallest current provider surface that provides meaningful narrowing. Do not maintain deprecated or legacy schemas merely for completeness, but do not collapse valuable current provider types to unknown solely to reduce line count.
  • Can standard Hono or Fetch responses express the contract? Avoid custom return APIs, redundant provider response aliases, recursive JSON validators, and package-specific error interception unless the protocol requires them. Preserve proven cross-realm response handling at the owning shared boundary.
  • Does a public error give consumers a meaningful programmatic distinction? Prefer ordinary platform errors for invalid trusted helper inputs, but audit established cross-channel error patterns as a portfolio decision instead of making one provider inconsistent.
  • Are internal callback signatures duplicating exported public input types? Reuse the public types so implementation and declarations cannot drift.

Classify review outcomes explicitly:

  • safe cleanup that preserves public behavior;
  • meaningful public simplification that requires approval;
  • rejected deletion where the protocol, security boundary, or developer experience justifies the existing scope.

Record the classification and reasoning in the active plan. A channel is not more conformant because it has more options, validation, types, or tests.

Reflect On The Foundation

After the provider passes its focused checks, compare the work with every existing channel and record:

  • provider-specific differences that should remain local;
  • repeated friction or duplicated correctness logic;
  • assumptions in discovery, Hono typing, response handling, examples, packaging, docs, or workerd validation that this provider disproved;
  • concrete improvements worth applying across affected channels.

Require a failure scenario or violated invariant before changing shared machinery. Do not abstract merely because two providers look similar. When a foundation improvement is clear and within scope, implement it across all affected channels and rerun their relevant checks. When it changes public direction or has broad uncertain impact, record and defer it for user review without blocking unrelated provider work.

Append research, decisions, tests, deviations, deferrals, and reflection to the active plan. If no provider plan exists, create a dated plan under plans/.

Review, Commit, And Stop Before Release

Perform one focused independent review after implementation. Evaluate findings against concrete correctness, durability, security, Cloudflare, and developer experience risks; do not apply speculative scope expansion.

Commit the provider in a coherent validated state. Split commits when that makes review or recovery materially clearer, but do not force a fixed commit count.

Finish with:

  • the implemented capability and route set;
  • Node and workerd evidence;
  • package, example, blueprint, docs, and artifact evidence;
  • foundation improvements or suggestions;
  • recorded deviations and deferrals;
  • remaining risks.

Do not publish, deploy, tag, or version packages as part of an individual provider run. Keep all channels release-ready and perform release preparation only after the requested provider portfolio and final cross-provider audit are complete.

Install via CLI
npx skills add https://github.com/withastro/flue --skill channel-conformance
Repository Details
star Stars 5,116
call_split Forks 275
navigation Branch main
article Path SKILL.md
More from Creator
withastro
withastro Explore all skills →