Wreos · Wreos · Feb 21, 2026 · Feb 21, 2026 · chatgpt-codex-connector · Feb 21, 2026
diff --git a/.cursor-plugin/plugin.json b/.cursor-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
   "name": "flutter-cursor-plugin",
   "displayName": "Flutter Cursor Plugin",
-  "version": "1.10.1",
+  "version": "1.10.2",
   "description": "Open-source Cursor plugin for end-to-end Flutter development and testing with Dart MCP, Figma MCP, practical architecture patterns, and reliable test workflows.",
   "author": {
     "name": "Aleksandr Lozhkovoi",

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,12 +2,14 @@
 
 ## Unreleased
 
-- Ran 10 command quality iterations and added reproducible audit:
-  - script: `scripts/quality_audit_commands.sh`
-  - report: `docs/quality-iterations-2026-02-21.md`
-- Added shared output contract for deterministic command responses:
-  - `docs/command-output-contract.md`
-- Updated all canonical commands to reference the output contract.
+- Hardened command prompts with shared execution guardrails:
+  - `docs/prompt-execution-guardrails.md`
+- Added deterministic validation guidance:
+  - `docs/validation-matrix.md`
+- Updated canonical commands and core skills for:
+  - explicit fail-fast behavior when required context is missing
+  - tighter scope control and deterministic validation requirements
+- Updated active official Flutter AI rule to choose state management by project conventions (Riverpod/Bloc/Cubit/GetX/ValueNotifier based on context).
 - Added reference example repository for project structure and tests:
   - https://github.com/Wreos/flutter-cursor-plugin-example
 - Added pre-release enable guide (`docs/pre-release-enable-plugin.md`) with repository install and manual workspace settings options.

diff --git a/README.md b/README.md
@@ -78,8 +78,8 @@ Reference project layout:
 - **Release automation**: `docs/release-automation.md` for semver bump, changelog cut, tag, and GitHub Release publishing.
 - **Security posture**: `docs/security-posture.md` for `/security-review` scope, false-positive handling, and CI integration.
 - **Reference Flutter app layout**: https://github.com/Wreos/flutter-cursor-plugin-example
-- **Output contract**: `docs/command-output-contract.md` for deterministic command response shape.
-- **Quality iterations report**: `docs/quality-iterations-2026-02-21.md`.
+- **Prompt guardrails**: `docs/prompt-execution-guardrails.md`.
+- **Validation matrix**: `docs/validation-matrix.md`.
 - **Agents**
   - `flutter-app-builder` (general Flutter implementation)
   - `flutter-code-reviewer`

diff --git a/commands/generate-flutter-tests.md b/commands/generate-flutter-tests.md
@@ -10,4 +10,6 @@ Generate tests for the target feature or class.
 3. Keep tests behavior-driven and deterministic.
 4. Prefer focused tests for changed code paths.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/implement-figma-screen.md b/commands/implement-figma-screen.md
@@ -11,5 +11,8 @@ Implement a Flutter UI from Figma source.
 4. Use Figma MCP for node context, layout, spacing, typography, and assets.
 5. Use Dart MCP for post-implementation analysis and fixes.
 6. Add widget tests for critical interactions and visible states.
+7. If no Figma URL/node is provided, stop and request it before implementation.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/implement-flutter-feature.md b/commands/implement-flutter-feature.md
@@ -12,4 +12,6 @@ Implement or refactor a Flutter feature.
 5. Keep dependencies injected and testable.
 6. Add/update tests for modified behavior.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/integrate-firebase.md b/commands/integrate-firebase.md
@@ -11,4 +11,6 @@ Integrate Firebase into the target Flutter app.
 4. Complete `../docs/firebase-integration-checklist.md`.
 5. Verify Android and iOS initialization in release-capable configuration.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/migrate-flutter-code.md b/commands/migrate-flutter-code.md
@@ -11,4 +11,6 @@ Run a migration/refactor task.
 4. Use Dart MCP diagnostics to validate each step.
 5. Add or update tests for behavioral changes.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/prepare-mobile-release.md b/commands/prepare-mobile-release.md
@@ -11,4 +11,6 @@ Prepare app for store publication.
 4. Produce iOS release artifact (`.ipa`/archive) and validate signing/versioning.
 5. Confirm store metadata/compliance inputs are complete before submission.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/resolve-flutter-build-error.md b/commands/resolve-flutter-build-error.md
@@ -10,5 +10,8 @@ Resolve a build or runtime failure.
 3. Apply smallest safe fix.
 4. Re-run failing command and impacted tests.
 5. Document root cause and prevention notes.
+6. Always report: reproduction command, root cause, and post-fix verification command output.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/review-flutter-code.md b/commands/review-flutter-code.md
@@ -12,5 +12,8 @@ Run structured Flutter code review.
 5. Include OWASP MASVS-focused mobile security checks.
 6. Prioritize findings by severity and regression risk.
 7. Include testing and accessibility checks.
+8. If no review target is provided (PR/diff/files), stop and request explicit scope.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/scaffold-flutter-feature.md b/commands/scaffold-flutter-feature.md
@@ -11,4 +11,6 @@ Create a new feature module scaffold.
 4. Build minimal complete skeleton first (UI + state + data boundaries).
 5. Add starter tests with `write-widget-test` / `write-bloc-test`.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/security-review.md b/commands/security-review.md
@@ -12,5 +12,9 @@ Run a security audit and secrets scan (Claude-style `/security-review` workflow)
 5. Apply false-positive filtering so output stays actionable.
 6. Return findings first, prioritized by severity and exploitability.
 7. Include concrete remediation steps and verification commands.
+8. If target scope (diff/branch/files) is missing, stop and ask for explicit scope.
+9. If scanners are unavailable, report that explicitly and continue with manual checks.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/setup-mobile-github-pipeline.md b/commands/setup-mobile-github-pipeline.md
@@ -11,4 +11,6 @@ Set up a mobile CI pipeline in GitHub Actions.
 4. Ensure pipeline runs analyze/tests before building artifacts.
 5. Validate generated APK/AAB artifacts and branch trigger strategy.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/sync-official-flutter-ai-rules.md b/commands/sync-official-flutter-ai-rules.md
@@ -13,4 +13,6 @@ Sync official Flutter AI rules into the plugin repository.
 3. Run `scripts/sync_official_flutter_ai_rules.sh <10k|4k|1k>`.
 4. Commit synced files under `rules/official/` and active file `rules/flutter-official-ai-rules.mdc`.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/update-flutter-dependencies.md b/commands/update-flutter-dependencies.md
@@ -9,5 +9,8 @@ Run a controlled dependency upgrade.
 2. Keep changes incremental and reviewable.
 3. Run `flutter analyze` and impacted tests before finalizing.
 4. Document version deltas, breaking changes, and rollback plan.
+5. Always include this baseline in validation: `flutter --version` (before/after), `flutter pub outdated`, `flutter analyze`, and impacted `flutter test`.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/write-bloc-test.md b/commands/write-bloc-test.md
@@ -11,4 +11,6 @@ Create or update a Bloc/Cubit test file.
 4. Start from `../templates/bloc_test_template.dart`.
 5. Run affected tests and fix failures.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/write-e2e-test.md b/commands/write-e2e-test.md
@@ -14,4 +14,6 @@ Create or update a Patrol E2E test.
 7. Keep credentials in `--dart-define` / `.patrol.env` (no hardcoded secrets).
 8. Run affected Patrol tests and fix failures.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/commands/write-widget-test.md b/commands/write-widget-test.md
@@ -12,4 +12,6 @@ Create or update a widget test file.
 5. Prefer behavioral assertions (user action -> observable outcome, branch shown/hidden, verify side effects), not only style attributes.
 6. Run affected tests and fix failures.
 
-99. Return final response using `../docs/command-output-contract.md`.
+Preconditions and guardrails:
+- Enforce `../docs/prompt-execution-guardrails.md` before execution.
+- Validate outcomes using `../docs/validation-matrix.md`.
diff --git a/docs/command-output-contract.md b/docs/command-output-contract.md
diff --git a/docs/official-release-checklist.md b/docs/official-release-checklist.md
@@ -16,8 +16,8 @@ Use this checklist before tagging a public release.
 - Templates are generic and repository-agnostic.
 - No private/company-specific references remain.
 - Effective Dart alignment is explicitly enforced (`rules/dart-effective-dart.mdc`).
-- Command output contract is documented and referenced (`docs/command-output-contract.md`).
-- Latest quality-iterations report exists (`docs/quality-iterations-2026-02-21.md`).
+- Prompt execution guardrails are documented and referenced (`docs/prompt-execution-guardrails.md`).
+- Validation matrix is documented and referenced (`docs/validation-matrix.md`).
 
 ## Tooling
 

diff --git a/docs/prompt-execution-guardrails.md b/docs/prompt-execution-guardrails.md
@@ -0,0 +1,30 @@
+# Prompt Execution Guardrails
+
+Use these rules for all command prompts.
+
+## Required inputs (before execution)
+
+- Goal: what outcome is required.
+- Scope: target modules/files and out-of-scope areas.
+- Constraints: architecture/state-management/tooling constraints.
+- Validation: exact commands to prove success.
+
+If any required input is missing, stop and request clarification instead of guessing.
+
+## Fail-fast rules
+
+- Do not fabricate external context (Figma node IDs, CI logs, credentials, API contracts).
+- If prerequisites are unavailable (tools, credentials, build context), report blocker and minimal next input needed.
+- For security/review commands, require explicit target: diff, branch, or file set.
+
+## Change scope limits
+
+- Keep blast radius small: modify only files needed for the stated goal.
+- No unrelated refactors in the same run.
+- If migration is large, split into batches with per-batch validation.
+
+## Output quality
+
+- Tie claims to concrete checks run.
+- Prefer precise file references and command results.
+- Explicitly call out residual risks and unverified assumptions.
diff --git a/docs/quality-iterations-2026-02-21.md b/docs/quality-iterations-2026-02-21.md
diff --git a/docs/validation-matrix.md b/docs/validation-matrix.md
@@ -0,0 +1,58 @@
+# Validation Matrix
+
+Deterministic validation baseline per command.
+
+## implement-flutter-feature
+
+- `flutter analyze`
+- `flutter test` (targeted for changed feature/tests)
+
+## implement-figma-screen
+
+- `flutter analyze`
+- `flutter test` (widget tests for implemented screen)
+
+## generate-flutter-tests
+
+- `flutter test` for created/changed test files
+
+## review-flutter-code
+
+- Evidence-based findings against changed files/diff
+- Security pass included (`security-audit` scope)
+
+## security-review
+
+- Secrets scan command(s) executed or explicitly unavailable
+- Findings with severity + remediation + verification steps
+
+## update-flutter-dependencies
+
+- `flutter --version` (before/after)
+- `flutter pub outdated`
+- `flutter analyze`
+- impacted `flutter test` suite
+
+## resolve-flutter-build-error
+
+- Reproduction command captured
+- Re-run reproduction command after fix
+- `flutter analyze` + impacted tests
+
+## prepare-mobile-release
+
+- `flutter analyze`
+- `flutter test` (required suite)
+- release artifact build commands documented (`.aab`/`.ipa` path)
+
+## integrate-firebase
+
+- `flutter analyze`
+- `flutter test` (impacted)
+- platform config verification (Android/iOS init)
+
+## migrate-flutter-code
+
+- Per-batch `flutter analyze`
+- Per-batch impacted tests
+- migration checklist completion status
diff --git a/plugin.json b/plugin.json
@@ -1,7 +1,7 @@
 {
   "name": "flutter-cursor-plugin",
   "displayName": "Flutter Cursor Plugin",
-  "version": "1.10.1",
+  "version": "1.10.2",
   "description": "Open-source Cursor plugin for end-to-end Flutter development and testing with Dart MCP, Figma MCP, practical architecture patterns, and reliable test workflows.",
   "author": "Aleksandr Lozhkovoi",
   "license": "MIT",

diff --git a/rules/flutter-official-ai-rules.mdc b/rules/flutter-official-ai-rules.mdc
@@ -26,9 +26,9 @@ Do not edit manually; run scripts/sync_official_flutter_ai_rules.sh.
 * **SOLID:** strictly enforced.
 * **State Management:**
   * **Pattern:** Separate UI state (ephemeral) from App state.
-  * **Native First:** Use `ValueNotifier`, `ChangeNotifier`.
-  * **Prohibited:** NO Riverpod, Bloc, GetX unless explicitly requested.
-  * **DI:** Manual constructor injection or `provider` package if requested.
+  * **Project First:** Follow the existing project architecture and state-management choice.
+  * **Selection:** Use Riverpod/Bloc/Cubit/GetX/ValueNotifier based on project conventions, complexity, and team standards.
+  * **DI:** Keep dependencies explicit via constructor injection or project-standard DI.
 
 ## Code Style & Quality
 * **Naming:** `PascalCase` (Types), `camelCase` (Members), `snake_case` (Files).