Quality skills: five boundary rules from the iOS bug-report retro

Status: Delivered (partial — 2 of 7 tooling sub-tasks remain backlog) CAS: CAS-2550 Delivered: 2026-05-12 PRs: #654, #656, #657, #658

What’s new

Casaconomy’s AI engineering skills now enforce five rules that close a class of bugs the existing quality guardrails couldn’t catch: bugs that live at the boundary between two processes or two layers, where each side’s own tests passed and the failure was invisible until runtime. These rules were extracted from the 2026-05-12 retrospective on the iOS bug-report arc — a two-day incident chain where 11 bugs in a row traced back to cross-process contract mismatches.

The five rules now live in the backend-quality, frontend-quality, and a new architecture-review skill. Engineers are prompted to check them at code-review time. Two pieces of supporting tooling also shipped: a shared Rust binary-lookup helper and a build-time plugin-symmetry enforcement script.

How to use it

These rules are enforced at two checkpoints:

Code review (skill-enforced): When Runa or Finn requests review, the CTO’s review skill now includes a boundary-rule checklist. Any PR that serialises a struct across a process boundary, invokes an external binary, uses a Tauri plugin, or has a catch block that silently returns a default must be verified against the relevant rule.

Build time: The plugin-symmetry script (scripts/check-plugin-deps.sh) now runs as part of the build. It compares @tauri-apps/plugin-* entries in package.json against tauri-plugin-* entries in Cargo.toml and plugin() init calls in lib.rs. A mismatch fails the build.

Runtime (Rust): The shared find_external_binary helper in src-tauri/src/utils/binary.rs is now the canonical way to locate external binaries (gh, claude, etc.) — it tries the standard PATH locations plus known install paths for launchd-spawned environments where PATH is stripped.

What changed under the hood

.agents/skills/casaconomy-backend-quality/SKILL.md — two new rules: cross-process schema testing (Rule 1) and external binary invocation via find_external_binary (Rule 2).
.agents/skills/casaconomy-frontend-quality/SKILL.md — three new rules: Tauri plugin-dep symmetry (Rule 3), default-on-error catch semantics (Rule 4), and cross-process contract validation (Rule 5).
.agents/skills/casaconomy-architecture-review/SKILL.md — new skill: two-source-of-truth rule. Fires when a reviewer spots two places in the codebase maintaining the same value independently (e.g., two URL constants for the same endpoint).
src-tauri/src/utils/binary.rs — find_external_binary(name) helper with PATH + known-paths fallback; fixes the launchd binary-not-found class.
scripts/check-plugin-deps.sh — build-time symmetry checker; integrated into the Tauri build pre-flight.

Why we built it

The iOS bug-report arc (CAS-2516, CAS-2537, CAS-2544, CAS-2499) exposed that our quality skills were excellent within a layer but blind to cross-layer contracts. A plugin could be added to the JS side without the Rust dependency; a URL constant could drift between chat and submit; a binary path could work in development and fail in production under launchd. None of these had a test that would catch them at commit time, and none of the existing review checklists prompted for them. The five rules close those gaps before the next multi-day arc can start.

Known limitations / follow-on work

CAS-2555 (backlog): Rust test scaffold for cross-process serde schemas — a concrete harness for Rule 1, not yet implemented.
CAS-2557 (backlog): ESLint rule that flags uncommented catch blocks returning a default value — tooling for Rule 4, not yet implemented.
The architecture-review skill (two-source-of-truth) is currently manual/checklist-only; no automated linting for duplicate constants yet.