npm - @sylphx/flow - Versions diffs - 2.15.3 → 2.16.0 - Mend

@sylphx/flow 2.15.3 → 2.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # @sylphx/flow
+## 2.16.0 (2025-12-17)
+### ✨ Features
+- **commands:** add closed-loop to /continue ([dca7b76](https://github.com/SylphxAI/flow/commit/dca7b7612c65febef242549ad965289a189ce5e4))
+- **commands:** enhance /continue with role-based simulation ([ca3ebfe](https://github.com/SylphxAI/flow/commit/ca3ebfe06a73f3db722ff8f88c353202067e18f6))
+- **commands:** add /continue slash command for finishing incomplete work ([16c8aaf](https://github.com/SylphxAI/flow/commit/16c8aaf22337713c39395e4465d5bcdf1bfaafd9))
+### ♻️ Refactoring
+- **commands:** split review into mandate + guidelines ([16754bc](https://github.com/SylphxAI/flow/commit/16754bc7403d13dd329b2097c3c8f25e360a7c59))
 ## 2.15.3 (2025-12-17)
 ### ⚡️ Performance

package/assets/slash-commands/continue.md ADDED Viewed

@@ -0,0 +1,160 @@
+---
+name: continue
+description: Continue incomplete work - finish features, fix bugs, complete TODOs
+agent: coder
+---
+# Continue Incomplete Work
+Scan codebase for incomplete work. Prioritize. Finish.
+## Mandate
+* Perform a **deep, thorough scan** of incomplete work in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* **Research then Act**: understand full scope first, then **implement fixes directly**. Don't just report — finish.
+* **Single-pass delivery**: no deferrals; deliver complete implementation.
+* **Be thorough**: incomplete work hides in comments, stubs, error messages, and "temporary" solutions.
+## Discovery Approach
+### Phase 1: Code Analysis
+Scan for explicit incomplete markers:
+- `TODO`, `FIXME`, `XXX`, `HACK`, `BUG`, `@todo`
+- `NotImplementedError`, `throw new Error('not implemented')`
+- Stub implementations (hardcoded returns, empty catches, `pass`)
+- `test.skip`, `it.skip`, empty test files
+- Commented-out code, debug statements
+### Phase 2: Role-Based Simulation
+**👤 User Perspective** — Walk through every user-facing flow:
+- Onboarding: Can a new user complete setup without confusion?
+- Happy path: Does the core feature work end-to-end?
+- Error states: What happens when things go wrong? Are messages helpful?
+- Edge cases: Empty states, first-time use, account limits, expired sessions
+- Accessibility: Keyboard nav, screen readers, color contrast
+- Mobile/responsive: Does it work on all devices?
+**🔧 Developer Perspective** — Evaluate DX and maintainability:
+- Setup: Can someone clone and run in < 5 minutes?
+- Documentation: Are APIs documented? Examples provided?
+- Error messages: Do stack traces help identify root cause?
+- Debugging: Are there logs at appropriate levels?
+- Testing: Can tests run locally? Are mocks available?
+- Dependencies: Any outdated, deprecated, or vulnerable packages?
+**🛡️ Admin/Ops Perspective** — Consider operational readiness:
+- Monitoring: Can you tell if the system is healthy?
+- Logging: Is there enough info to debug production issues?
+- Configuration: Can settings be changed without code deploy?
+- Backup/Recovery: Can data be restored if something fails?
+- Security: Are admin actions audited? Permissions enforced?
+- Scaling: What happens under 10x load?
+### Phase 3: Scenario Simulation
+Run through these scenarios mentally or via code paths:
+| Scenario | Questions to Answer |
+|----------|---------------------|
+| New user signup | Every step works? Validation clear? Email sent? |
+| Returning user login | Session handling? Password reset works? |
+| Core action fails | Error shown? User knows what to do? Data preserved? |
+| Network offline | Graceful degradation? Retry logic? |
+| Concurrent users | Race conditions? Locks? Optimistic updates? |
+| Bad actor attempts | Input sanitized? Rate limited? Logged? |
+| Admin intervention | Can support help user? Audit trail exists? |
+## Execution Process
+1. **Parallel Discovery** (delegate to workers):
+   - Worker 1: Code markers & stubs (grep TODO, FIXME, placeholders)
+   - Worker 2: User journey simulation (trace main flows, find dead ends)
+   - Worker 3: Developer experience audit (setup, docs, error messages)
+   - Worker 4: Ops readiness check (logging, monitoring, config)
+   - Worker 5: Test coverage & edge cases (skipped tests, missing scenarios)
+2. **Synthesize & Prioritize**:
+   - Collect all findings
+   - Group by severity: Critical → High → Medium → Low
+   - Critical: Security issues, data loss risks, broken features
+   - High: User-facing bugs, incomplete core features
+   - Medium: Code quality, missing tests
+   - Low: Documentation, style issues
+3. **Implement Fixes**:
+   - Start with Critical items
+   - Complete each fix fully before moving on
+   - Run tests after each significant change
+   - Commit atomically per logical fix
+4. **Deep Dive with /review** (when needed):
+   If issues cluster in a specific domain, invoke `/review <domain>` for thorough analysis:
+   | Domain | When to Invoke |
+   |--------|----------------|
+   | `auth` | Auth flow issues, session bugs, SSO problems |
+   | `security` | Validation gaps, injection risks, secrets exposure |
+   | `billing` | Payment bugs, subscription issues, webhook failures |
+   | `performance` | Slow pages, bundle bloat, unnecessary re-renders |
+   | `database` | Schema issues, missing indexes, N+1 queries |
+   | `observability` | Missing logs, no alerts, debugging blind spots |
+   | `i18n` | Hardcoded strings, locale issues, RTL bugs |
+   Full domain list: auth, account-security, privacy, billing, pricing, ledger, security, trust-safety, uiux, seo, pwa, performance, i18n, database, data-architecture, storage, observability, operability, delivery, growth, referral, support, admin, discovery, code-quality
+5. **Loop: Re-invoke /continue**:
+   After completing fixes, **invoke `/continue` again** to:
+   - Verify fixes didn't introduce new issues
+   - Discover issues that were hidden by previous bugs
+   - Continue until no Critical/High items remain
+   **Exit condition**: No Critical or High severity items found.
+## Output Format
+### Discovery Summary
+```
+## Incomplete Work Found
+### Critical (X items)
+- [ ] File:line - Description
+### High (X items)
+- [ ] File:line - Description
+### Medium (X items)
+- [ ] File:line - Description
+### Low (X items)
+- [ ] File:line - Description
+```
+### Progress Updates
+```
+✓ Fixed: [description] (file:line)
+⚠ Blocked: [description] - needs [reason]
+→ Deep dive: invoking /review [domain]
+↻ Loop: re-invoking /continue
+```
+### Completion
+```
+## Continue Complete
+✓ X issues fixed
+⚠ X issues need manual intervention
+→ Invoked /review for: [domains]
+Next: [/continue again | no further action needed]
+```
+## Driving Questions
+1. **User**: What flows break or confuse real users? Where do they get stuck?
+2. **Developer**: What would frustrate someone onboarding to this codebase?
+3. **Admin/Ops**: What would make a 3am incident harder to debug?
+4. **Security**: What incomplete validation could be exploited?
+5. **Quality**: What "temporary" solutions became permanent debt?
+6. **Scale**: What works now but will break at 10x growth?

package/assets/slash-commands/{review-account-security.md → guideline-account-security.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-account-security
-description: Review account security - sessions, MFA, devices, security events
+name: guideline-account-security
+description: Guideline: account security - sessions, MFA, devices, security events
 agent: coder
 ---
-# Account Security Review
-## Mandate
-* Perform a **deep, thorough review** of account security in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify threats users can't protect themselves from.
+# Account Security Guideline
 ## Tech Stack

package/assets/slash-commands/{review-admin.md → guideline-admin.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-admin
-description: Review admin - RBAC, bootstrap, audit, operational tools
+name: guideline-admin
+description: Guideline: admin - RBAC, bootstrap, audit, operational tools
 agent: coder
 ---
-# Admin Platform Review
-## Mandate
-* Perform a **deep, thorough review** of the admin platform in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify operational gaps and safety improvements.
+# Admin Guideline
 ## Tech Stack

package/assets/slash-commands/{review-auth.md → guideline-auth.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-auth
-description: Review authentication - sign-in, SSO, passkeys, verification
+name: guideline-auth
+description: Guideline: authentication - sign-in, SSO, passkeys, verification
 agent: coder
 ---
-# Authentication Review
-## Mandate
-* Perform a **deep, thorough review** of authentication in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify security gaps and UX friction in auth flows.
+# Auth Guideline
 ## Tech Stack

package/assets/slash-commands/{review-billing.md → guideline-billing.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-billing
-description: Review billing - Stripe integration, webhooks, subscription state
+name: guideline-billing
+description: Guideline: billing - Stripe integration, webhooks, subscription state
 agent: coder
 ---
-# Billing Review
-## Mandate
-* Perform a **deep, thorough review** of billing and payments in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify revenue leakage and reliability improvements.
+# Billing Guideline
 ## Tech Stack

package/assets/slash-commands/{review-code-quality.md → guideline-code-quality.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-code-quality
-description: Review code quality - architecture, types, testing, maintainability
+name: guideline-code-quality
+description: Guideline: code quality - architecture, types, testing, maintainability
 agent: coder
 ---
-# Code Quality Review
-## Mandate
-* Perform a **deep, thorough review** of code quality in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify code that works but shouldn't exist in its current form.
+# Code Quality Guideline
 ## Tech Stack

package/assets/slash-commands/{review-data-architecture.md → guideline-data-architecture.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-data-architecture
-description: Review data architecture - boundaries, consistency, state machines
+name: guideline-data-architecture
+description: Guideline: data architecture - boundaries, consistency, state machines
 agent: coder
 ---
-# Data Architecture Review
-## Mandate
-* Perform a **deep, thorough review** of data architecture in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify architectural weaknesses that will cause problems at scale.
+# Data Architecture Guideline
 ## Tech Stack

package/assets/slash-commands/{review-database.md → guideline-database.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-database
-description: Review database - schema, migrations, performance, reliability
+name: guideline-database
+description: Guideline: database - schema, migrations, performance, reliability
 agent: coder
 ---
-# Database Review
-## Mandate
-* Perform a **deep, thorough review** of the database in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify schema problems that will hurt at scale.
+# Database Guideline
 ## Tech Stack

package/assets/slash-commands/{review-delivery.md → guideline-delivery.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-delivery
-description: Review delivery - CI gates, automated verification, release safety
+name: guideline-delivery
+description: Guideline: delivery - CI gates, automated verification, release safety
 agent: coder
 ---
-# Delivery Review
-## Mandate
-* Perform a **deep, thorough review** of delivery gates in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify what could go wrong in production that we're not catching.
+# Delivery Guideline
 ## Tech Stack

package/assets/slash-commands/{review-discovery.md → guideline-discovery.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-discovery
-description: Review discovery - competitive research, opportunities, market positioning
+name: guideline-discovery
+description: Guideline: discovery - competitive research, opportunities, market positioning
 agent: coder
 ---
-# Discovery Review
-## Mandate
-* Perform a **deep, thorough review** to discover opportunities for this product.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify opportunities, then **implement improvements directly**. Don't just report — build.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **This review IS exploration** — think broadly and creatively about what could be.
+# Discovery Guideline
 ## Tech Stack

package/assets/slash-commands/{review-growth.md → guideline-growth.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-growth
-description: Review growth - activation, retention, virality
+name: guideline-growth
+description: Guideline: growth - activation, retention, virality
 agent: coder
 ---
-# Growth Review
-## Mandate
-* Perform a **deep, thorough review** of growth systems in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify growth opportunities that don't yet exist.
+# Growth Guideline
 ## Tech Stack

package/assets/slash-commands/{review-i18n.md → guideline-i18n.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-i18n
-description: Review i18n - localization, routing, translation quality
+name: guideline-i18n
+description: Guideline: i18n - localization, routing, translation quality
 agent: coder
 ---
-# Internationalization Review
-## Mandate
-* Perform a **deep, thorough review** of internationalization in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify what would make the product feel native to each locale.
+# i18n Guideline
 ## Tech Stack

package/assets/slash-commands/{review-ledger.md → guideline-ledger.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-ledger
-description: Review ledger - balance systems, financial integrity, reconciliation
+name: guideline-ledger
+description: Guideline: ledger - balance systems, financial integrity, reconciliation
 agent: coder
 ---
-# Ledger Review
-## Mandate
-* Perform a **deep, thorough review** of any balance/credits/wallet system in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify financial integrity risks before they become real problems.
+# Ledger Guideline
 ## Tech Stack

package/assets/slash-commands/{review-observability.md → guideline-observability.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-observability
-description: Review observability - logging, tracing, alerting, debugging
+name: guideline-observability
+description: Guideline: observability - logging, tracing, alerting, debugging
 agent: coder
 ---
-# Observability Review
-## Mandate
-* Perform a **deep, thorough review** of observability in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify the production issues we can't debug today.
+# Observability Guideline
 ## Tech Stack

package/assets/slash-commands/{review-operability.md → guideline-operability.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-operability
-description: Review operability - workflows, retries, DLQ, incident response
+name: guideline-operability
+description: Guideline: operability - workflows, retries, DLQ, incident response
 agent: coder
 ---
-# Operability Review
-## Mandate
-* Perform a **deep, thorough review** of operability in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify what will break at 3am and how we'd fix it.
+# Operability Guideline
 ## Tech Stack

package/assets/slash-commands/{review-performance.md → guideline-performance.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-performance
-description: Review performance - speed, Core Web Vitals, bottlenecks
+name: guideline-performance
+description: Guideline: performance - speed, Core Web Vitals, bottlenecks
 agent: coder
 ---
-# Performance Review
-## Mandate
-* Perform a **deep, thorough review** of performance in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify what's making the product feel slow.
+# Performance Guideline
 ## Tech Stack

package/assets/slash-commands/{review-pricing.md → guideline-pricing.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-pricing
-description: Review pricing - strategy, packaging, monetization
+name: guideline-pricing
+description: Guideline: pricing - strategy, packaging, monetization
 agent: coder
 ---
-# Pricing Review
-## Mandate
-* Perform a **deep, thorough review** of pricing in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify monetization opportunities and pricing friction.
+# Pricing Guideline
 ## Tech Stack

package/assets/slash-commands/{review-privacy.md → guideline-privacy.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-privacy
-description: Review privacy - consent, PII, data lifecycle, compliance
+name: guideline-privacy
+description: Guideline: privacy - consent, PII, data lifecycle, compliance
 agent: coder
 ---
-# Privacy Review
-## Mandate
-* Perform a **deep, thorough review** of privacy controls in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify compliance gaps and privacy improvements.
+# Privacy Guideline
 ## Tech Stack

package/assets/slash-commands/{review-pwa.md → guideline-pwa.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-pwa
-description: Review PWA - offline experience, installation, engagement
+name: guideline-pwa
+description: Guideline: PWA - offline experience, installation, engagement
 agent: coder
 ---
-# PWA Review
-## Mandate
-* Perform a **deep, thorough review** of PWA implementation in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify what would make the web experience feel native.
+# PWA Guideline
 ## Tech Stack

package/assets/slash-commands/{review-referral.md → guideline-referral.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-referral
-description: Review referral - attribution, rewards, fraud prevention
+name: guideline-referral
+description: Guideline: referral - attribution, rewards, fraud prevention
 agent: coder
 ---
-# Referral Review
-## Mandate
-* Perform a **deep, thorough review** of the referral system in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify growth opportunities and fraud vectors.
+# Referral Guideline
 ## Tech Stack

package/assets/slash-commands/{review-security.md → guideline-security.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-security
-description: Review security - OWASP, headers, authentication, secrets
+name: guideline-security
+description: Guideline: security - OWASP, headers, authentication, secrets
 agent: coder
 ---
-# Security Review
-## Mandate
-* Perform a **deep, thorough review** of security in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify vulnerabilities and hardening opportunities not listed here.
+# Security Guideline
 ## Tech Stack

package/assets/slash-commands/{review-seo.md → guideline-seo.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-seo
-description: Review SEO - discoverability, metadata, search rankings
+name: guideline-seo
+description: Guideline: SEO - discoverability, metadata, search rankings
 agent: coder
 ---
-# SEO Review
-## Mandate
-* Perform a **deep, thorough review** of SEO in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify what would make this product dominate search results.
+# SEO Guideline
 ## Tech Stack

package/assets/slash-commands/{review-storage.md → guideline-storage.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-storage
-description: Review storage - uploads, file handling, security
+name: guideline-storage
+description: Guideline: storage - uploads, file handling, security
 agent: coder
 ---
-# Storage Review
-## Mandate
-* Perform a **deep, thorough review** of file storage and uploads in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify security risks and cost optimization opportunities.
+# Storage Guideline
 ## Tech Stack

package/assets/slash-commands/{review-support.md → guideline-support.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-support
-description: Review support - help experience, communications, user satisfaction
+name: guideline-support
+description: Guideline: support - help experience, communications, user satisfaction
 agent: coder
 ---
-# Support Review
-## Mandate
-* Perform a **deep, thorough review** of support and communications in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify what would make users feel genuinely supported.
+# Support Guideline
 ## Tech Stack

package/assets/slash-commands/{review-trust-safety.md → guideline-trust-safety.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-trust-safety
-description: Review trust & safety - abuse prevention, moderation, user protection
+name: guideline-trust-safety
+description: Guideline: trust & safety - abuse prevention, moderation, user protection
 agent: coder
 ---
-# Trust & Safety Review
-## Mandate
-* Perform a **deep, thorough review** of trust and safety in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: identify abuse vectors before bad actors find them.
+# Trust Safety Guideline
 ## Tech Stack

package/assets/slash-commands/{review-uiux.md → guideline-uiux.md} RENAMED Viewed

@@ -1,18 +1,10 @@
 ---
-name: review-uiux
-description: Review UI/UX - design system, accessibility, user experience
+name: guideline-uiux
+description: Guideline: UI/UX - design system, accessibility, user experience
 agent: coder
 ---
-# UI/UX Review
-## Mandate
-* Perform a **deep, thorough review** of UI/UX in this codebase.
-* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
-* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
-* **Single-pass delivery**: no deferrals; deliver complete implementation.
-* **Explore beyond the spec**: if the current design needs fundamental rethinking, propose it.
+# UI/UX Guideline
 ## Tech Stack

package/assets/slash-commands/review.md ADDED Viewed

@@ -0,0 +1,94 @@
+---
+name: review
+description: Review codebase by domain - usage: /review auth, /review billing, etc.
+agent: coder
+args:
+  - name: domain
+    description: Domain to review (auth, billing, security, etc.)
+    required: true
+---
+# Review: $ARGS
+Perform a focused review of the specified domain(s) in this codebase.
+## Mandate
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* **Deep, thorough analysis**: don't skim — understand root causes and systemic patterns.
+* **Review then Act**: identify issues, then **implement fixes directly**. Don't just report — fix.
+* **Single-pass delivery**: no deferrals; deliver complete implementation.
+* **Explore beyond the spec**: identify gaps, inefficiencies, and opportunities the checklist doesn't cover.
+## Guidelines Reference
+Based on the domain(s) requested, read the relevant guideline(s) below. You may read multiple guidelines in parallel if the review spans multiple domains.
+| Domain | Guideline | Description |
+|--------|-----------|-------------|
+| **Identity & Auth** |||
+| `auth` | `/guideline-auth` | Sign-in, SSO, passkeys, verification |
+| `account-security` | `/guideline-account-security` | MFA, session management, account recovery |
+| `privacy` | `/guideline-privacy` | Data handling, consent, GDPR/CCPA |
+| **Billing & Revenue** |||
+| `billing` | `/guideline-billing` | Stripe integration, webhooks, subscriptions |
+| `pricing` | `/guideline-pricing` | Pricing models, tiers, feature gating |
+| `ledger` | `/guideline-ledger` | Transaction records, audit trails, reconciliation |
+| **Security** |||
+| `security` | `/guideline-security` | OWASP, input validation, secrets management |
+| `trust-safety` | `/guideline-trust-safety` | Abuse prevention, rate limiting, fraud |
+| **Frontend & UX** |||
+| `uiux` | `/guideline-uiux` | Design system, accessibility, interactions |
+| `seo` | `/guideline-seo` | Meta tags, structured data, crawlability |
+| `pwa` | `/guideline-pwa` | Service workers, offline, installability |
+| `performance` | `/guideline-performance` | Core Web Vitals, bundle size, caching |
+| `i18n` | `/guideline-i18n` | Localization, routing, hreflang |
+| **Data** |||
+| `database` | `/guideline-database` | Schema design, indexes, migrations |
+| `data-architecture` | `/guideline-data-architecture` | Data models, relationships, integrity |
+| `storage` | `/guideline-storage` | File uploads, CDN, blob storage |
+| **Operations** |||
+| `observability` | `/guideline-observability` | Logging, metrics, tracing, alerts |
+| `operability` | `/guideline-operability` | Deployment, rollback, feature flags |
+| `delivery` | `/guideline-delivery` | CI/CD, testing, release process |
+| **Growth & Support** |||
+| `growth` | `/guideline-growth` | Onboarding, activation, retention |
+| `referral` | `/guideline-referral` | Referral programs, viral loops |
+| `support` | `/guideline-support` | Help systems, tickets, documentation |
+| **Admin & Discovery** |||
+| `admin` | `/guideline-admin` | Admin panel, RBAC, config management |
+| `discovery` | `/guideline-discovery` | Feature discovery, competitive analysis |
+| **Code Quality** |||
+| `code-quality` | `/guideline-code-quality` | Patterns, testing, maintainability |
+## Execution
+1. Parse the `$ARGS` to identify which domain(s) to review
+2. Read the corresponding guideline file(s) — **read in parallel** if multiple domains
+3. Use the guideline's Tech Stack, Non-Negotiables, Context, and Driving Questions to guide your review
+4. Delegate workers to investigate different aspects simultaneously
+5. Synthesize findings and implement fixes
+## Multi-Domain Reviews
+You can review multiple domains at once:
+- `/review auth security` — Review both auth and security
+- `/review billing pricing ledger` — Full revenue stack review
+- `/review performance seo pwa` — Frontend optimization review
+When reviewing multiple domains, look for **cross-cutting concerns** and **gaps between domains**.
+## Output Format
+```
+## Review: [domain(s)]
+### Critical Issues
+- [ ] Issue description → Fix implemented
+### Improvements Made
+- ✓ What was fixed/improved
+### Recommendations
+- Future considerations (if can't fix now)
+```

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@sylphx/flow",
-	"version": "2.15.3",
+	"version": "2.16.0",
 	"description": "One CLI to rule them all. Unified orchestration layer for Claude Code, OpenCode, Cursor and all AI development tools. Auto-detection, auto-installation, auto-upgrade.",
 	"type": "module",
 	"bin": {