@sylphx/flow 2.18.1 → 2.18.3

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @sylphx/flow
 
+## 2.18.3 (2025-12-18)
+
+### ♻️ Refactoring
+
+- **commands:** /continue as product thinking, not code checklist ([4f9cb0f](https://github.com/SylphxAI/flow/commit/4f9cb0f8eb3e0afca67b005bc94362d3582c6395))
+
+## 2.18.2 (2025-12-18)
+
+### ♻️ Refactoring
+
+- **commands:** align /review with /continue - skills as step 1 ([b700fa5](https://github.com/SylphxAI/flow/commit/b700fa5272d6a656cd88acf94e3851cf31d29727))
+- **commands:** simplify /continue - half the length, skills in execution flow ([b04facb](https://github.com/SylphxAI/flow/commit/b04facb60138155b0e203ac6fbf3f03d5252f226))
+- **core:** remove dead code and consolidate duplications ([ee54d3f](https://github.com/SylphxAI/flow/commit/ee54d3f885f8e7a7011e39d95e5403c70fa595be))
+
 ## 2.18.1 (2025-12-18)
 
 ### 🐛 Bug Fixes

package/assets/slash-commands/continue.md

@@ -1,94 +1,62 @@
 ---
 name: continue
-description: Continue incomplete work - find gaps, finish features, fix what's broken
+description: Iterate toward production-grade - find gaps from every angle, fix completely
 agent: coder
 ---
 
 # Continue
 
-Find what's incomplete. Finish it.
+**Goal: Production-grade, not MVP.** Perfect architecture. Perfect naming. No workarounds.
 
-## Mandate
+## Think From Every Perspective
 
-* **Think, don't checklist.** Understand the project first. What is it trying to do? What would "done" look like?
-* **Delegate workers** for parallel research. You synthesize and verify.
-* **Fix, don't report.** Implement solutions directly.
-* **One pass.** No deferrals. Complete each fix fully.
+Simulate being each persona. What's missing? What's frustrating? What breaks?
 
-## How to Find Incomplete Work
+- **New user** — First impression, onboarding, can they succeed without docs?
+- **Power user** — Edge cases, advanced flows, what's limiting them?
+- **Developer** — Is the code maintainable? Clear naming? Good abstractions?
+- **Admin** — Can they manage users, debug issues, see what's happening?
+- **Attacker** — Where are the security holes? What can be exploited?
+- **3am oncall** — If it breaks, can they diagnose it? Are there logs? Alerts?
 
-Don't grep for TODO and call it done. Incomplete work hides in:
+Don't checklist. Actually **inhabit** each perspective and feel the friction.
 
-**What's explicitly unfinished** — Yes, scan for TODO/FIXME/HACK. But ask: why are they there? What was the person avoiding?
+## Delegate for Collective Wisdom
 
-**What's implicitly broken** — Code that "works" but:
-- Fails silently (empty catch blocks, swallowed errors)
-- Works only in happy path (no validation, no edge cases)
-- Works but confuses users (unclear errors, missing feedback)
-- Works but can't be debugged (no logs, no context)
+Spawn multiple agents in parallel to ultrathink from different angles:
+- One agent: user experience gaps
+- One agent: security & trust gaps
+- One agent: architecture & code quality gaps
+- One agent: operability & observability gaps
 
-**What's missing entirely** — Features referenced but not implemented. UI that leads nowhere. Promises in docs that code doesn't deliver.
+You are the **Final Gate**. Synthesize their findings. Verify. Decide. Execute.
 
-## The Real Test
+## Invoke Skills
 
-For each part of the system, ask:
+Before fixing, load guidelines for relevant domains. Skills contain tech stack decisions, non-negotiables, patterns.
 
-> "If I were a user trying to accomplish their goal, where would I get stuck?"
+## Fix Completely
 
-> "If this broke at 3am, could someone figure out why?"
-
-> "If requirements changed tomorrow, what would be painful to modify?"
-
-> "If we had 100x traffic, what would fall over first?"
-
-These questions reveal incompleteness that checklists miss.
-
-## Execution
-
-1. **Understand the project** — Read README, main entry points, core flows. What is this thing supposed to do?
-
-2. **Walk the critical paths** — Trace actual user journeys through code. Where does the path get uncertain, error-prone, or incomplete?
-
-3. **Find the gaps** — Not just TODOs, but:
-   - Dead ends (code that starts something but doesn't finish)
-   - Weak spots (minimal implementation that will break under pressure)
-   - Missing pieces (what's referenced but doesn't exist)
-
-4. **Prioritize by impact** — What blocks users? What causes data loss? What makes debugging impossible? Fix those first.
-
-5. **Fix completely** — Don't patch. Understand root cause. Implement proper solution. Test it works.
-
-## Skills (Guidelines)
-
-**Skills contain implementation guidelines** — tech stack decisions, non-negotiables, patterns, anti-patterns for each domain.
-
-Available skills:
-auth, account-security, privacy, billing, pricing, ledger, security, trust-safety, uiux, seo, pwa, performance, i18n, database, data-architecture, storage, observability, operability, delivery, growth, referral, support, admin, discovery, code-quality
-
-**You MUST invoke relevant skills** using the Skill tool before fixing. This loads the guidelines for that domain.
+No workarounds. No "good enough". Each fix should be the **final implementation** — production-ready, battle-tested quality.
 
 ## Loop
 
-After fixing: "Did my fixes introduce new gaps? Did fixing X reveal Y was also broken?"
+After fixing: Are there new gaps? Did fixing X reveal Y was also broken?
 
-If yes → run `/continue` again. If no Critical/High issues remain → done.
+If yes → `/continue` again. Keep iterating until production-grade.
 
 ## Output
 
 ```
-## What I Found
+## Perspectives Explored
+[Which personas, what gaps found from each]
 
-[Describe the gaps discovered — not a checklist, but an understanding of what's incomplete and why]
+## Fixed
+[Changes made and why they're production-ready]
 
-## What I Fixed
-
-- [Description of fix and why it matters]
-
-## What Remains
-
-- [Issues that need human decision or are blocked]
+## Remains
+[Needs human decision or blocked]
 
 ## Next
-
-[/continue again | done]
+[/continue | production-ready]
 ```

package/assets/slash-commands/review.md

@@ -12,19 +12,23 @@ args:
 
 ## Mandate
 
-* **Understand first.** Absorb the principles, then apply judgment.
-* **Think like the failure mode.** Security? Think like an attacker. Performance? Think like a slow network. Auth? Think like a confused user.
-* **Delegate workers** for parallel research. You synthesize and verify.
-* **Fix, don't report.** Implement solutions directly.
+- **Think like the failure mode.** Security → attacker. Performance → slow network. Auth → confused user.
+- **Delegate workers** for parallel research. You synthesize and verify.
+- **Fix, don't report.** Implement solutions directly.
 
-## Skills (Guidelines)
+## Execution
 
-**Skills contain implementation guidelines** — tech stack decisions, non-negotiables, patterns, anti-patterns for each domain.
+1. **Invoke skills** — Load guidelines for relevant domains:
+   ```
+   auth, account-security, billing, security, database, performance, observability...
+   ```
+   Skills contain: tech stack decisions, non-negotiables, patterns, anti-patterns.
 
-Available skills:
-auth, account-security, privacy, billing, pricing, ledger, security, trust-safety, uiux, seo, pwa, performance, i18n, database, data-architecture, storage, observability, operability, delivery, growth, referral, support, admin, discovery, code-quality
+2. **Understand** — How is this implemented? Architecture, choices, tradeoffs.
 
-**You MUST invoke relevant skills** using the Skill tool before reviewing. This loads the guidelines for that domain.
+3. **Find issues** — What violates the guidelines? What's wrong and why it matters?
+
+4. **Fix** — Implement solutions directly.
 
 ## Output
 
@@ -32,14 +36,14 @@ auth, account-security, privacy, billing, pricing, ledger, security, trust-safet
 ## Review: [topic]
 
 ### Understanding
-[How this is implemented. Architecture, choices, tradeoffs.]
+[Architecture, choices, tradeoffs]
 
 ### Issues
-[What's wrong and why it matters]
+[What's wrong and why]
 
 ### Fixed
 [Changes made]
 
-### Remaining
-[Needs human decision or blocked]
+### Remains
+[Needs human decision]
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@sylphx/flow",
-	"version": "2.18.1",
+	"version": "2.18.3",
 	"description": "One CLI to rule them all. Unified orchestration layer for Claude Code, OpenCode, Cursor and all AI development tools. Auto-detection, auto-installation, auto-upgrade.",
 	"type": "module",
 	"bin": {

package/src/core/backup-manager.ts

@@ -9,7 +9,7 @@ import fs from 'node:fs/promises';
 import path from 'node:path';
 import type { Target } from '../types/target.types.js';
 import type { ProjectManager } from './project-manager.js';
-import { targetManager } from './target-manager.js';
+import { resolveTarget, resolveTargetOrId } from './target-resolver.js';
 
 export interface BackupInfo {
   sessionId: string;
@@ -69,17 +69,6 @@ export class BackupManager {
     this.projectManager = projectManager;
   }
 
-  /**
-   * Resolve target from ID string to Target object
-   */
-  private resolveTarget(targetId: string): Target {
-    const targetOption = targetManager.getTarget(targetId);
-    if (targetOption._tag === 'None') {
-      throw new Error(`Unknown target: ${targetId}`);
-    }
-    return targetOption.value;
-  }
-
   /**
    * Create full backup of project environment
    */
@@ -88,7 +77,7 @@ export class BackupManager {
     projectHash: string,
     targetOrId: Target | string
   ): Promise<BackupInfo> {
-    const target = typeof targetOrId === 'string' ? this.resolveTarget(targetOrId) : targetOrId;
+    const target = resolveTargetOrId(targetOrId);
     const targetId = target.id;
     const sessionId = `session-${Date.now()}`;
     const timestamp = new Date().toISOString();
@@ -178,7 +167,7 @@ export class BackupManager {
     const targetId = manifest.target;
 
     // Resolve target to get config
-    const target = this.resolveTarget(targetId);
+    const target = resolveTarget(targetId);
 
     // Get target config directory
     const targetConfigDir = this.projectManager.getTargetConfigDir(projectPath, target);

package/src/core/secrets-manager.ts

@@ -9,7 +9,7 @@ import fs from 'node:fs/promises';
 import path from 'node:path';
 import type { Target } from '../types/target.types.js';
 import type { ProjectManager } from './project-manager.js';
-import { targetManager } from './target-manager.js';
+import { resolveTargetOrId } from './target-resolver.js';
 
 export interface MCPSecrets {
   version: string;
@@ -30,17 +30,6 @@ export class SecretsManager {
     this.projectManager = projectManager;
   }
 
-  /**
-   * Resolve target from ID string to Target object
-   */
-  private resolveTarget(targetId: string): Target {
-    const targetOption = targetManager.getTarget(targetId);
-    if (targetOption._tag === 'None') {
-      throw new Error(`Unknown target: ${targetId}`);
-    }
-    return targetOption.value;
-  }
-
   /**
    * Extract MCP secrets from project config
    */
@@ -49,7 +38,7 @@ export class SecretsManager {
     _projectHash: string,
     targetOrId: Target | string
   ): Promise<MCPSecrets> {
-    const target = typeof targetOrId === 'string' ? this.resolveTarget(targetOrId) : targetOrId;
+    const target = resolveTargetOrId(targetOrId);
     // configFile is at project root, not in targetDir
     const configPath = path.join(projectPath, target.config.configFile);
     const mcpPath = target.config.mcpConfigPath;
@@ -145,7 +134,7 @@ export class SecretsManager {
       return;
     }
 
-    const target = typeof targetOrId === 'string' ? this.resolveTarget(targetOrId) : targetOrId;
+    const target = resolveTargetOrId(targetOrId);
     // configFile is at project root, not in targetDir
     const configPath = path.join(projectPath, target.config.configFile);
     const mcpPath = target.config.mcpConfigPath;

package/src/core/target-resolver.ts

@@ -0,0 +1,28 @@
+/**
+ * Target Resolver
+ * Shared utility for resolving target IDs to Target objects
+ * Eliminates duplication across BackupManager and SecretsManager
+ */
+
+import type { Target } from '../types/target.types.js';
+import { targetManager } from './target-manager.js';
+
+/**
+ * Resolve a target from ID string to Target object
+ * @throws Error if target ID is not found
+ */
+export function resolveTarget(targetId: string): Target {
+  const targetOption = targetManager.getTarget(targetId);
+  if (targetOption._tag === 'None') {
+    throw new Error(`Unknown target: ${targetId}`);
+  }
+  return targetOption.value;
+}
+
+/**
+ * Resolve target, accepting either string ID or Target object
+ * Returns the Target object in both cases
+ */
+export function resolveTargetOrId(targetOrId: Target | string): Target {
+  return typeof targetOrId === 'string' ? resolveTarget(targetOrId) : targetOrId;
+}

package/src/utils/index.ts

@@ -37,13 +37,9 @@ export * from './error-handler.js';
 export * from './files/file-operations.js';
 export * from './files/sync-utils.js';
 // ============================================================================
-// FUNCTIONAL PROGRAMMING
-// ============================================================================
-export * from './functional.js';
-export * from './security/secret-utils.js';
-// ============================================================================
 // SECURITY
 // ============================================================================
+export * from './security/secret-utils.js';
 export * from './security/security.js';
 // ============================================================================
 // VERSIONING