@sylphx/flow 2.28.2 → 2.28.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/assets/agents/builder.md +1 -8
  3. package/assets/slash-commands/continue.md +87 -16
  4. package/assets/slash-commands/review.md +1 -8
  5. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # @sylphx/flow
2
2
 
3
+ ## 2.28.4 (2026-01-04)
4
+
5
+ Rewrite continue command with SSOT principles and comprehensive system correctness guidelines
6
+
7
+ ### 📚 Documentation
8
+
9
+ - **commands:** rewrite continue command with SSOT principles ([b3ca5e0](https://github.com/SylphxAI/flow/commit/b3ca5e048b7580ed2f723936297b015a03964932))
10
+
11
+ ## 2.28.3 (2025-12-19)
12
+
13
+ ### 🐛 Bug Fixes
14
+
15
+ - **prompts:** instruct agents to use Skill tool explicitly ([45a2d34](https://github.com/SylphxAI/flow/commit/45a2d34fca6cf3064193980b15acdc922ac0f554))
16
+
3
17
  ## 2.28.2 (2025-12-19)
4
18
 
5
19
  Enhance PWA skill with comprehensive native app parity checklist (35 capabilities)
package/assets/agents/builder.md CHANGED
@@ -43,14 +43,7 @@ Build toward that.
43
43
 
44
44
  **Ultrathink.** Many minds beat one. Delegate workers to explore from different angles. They critique, you synthesize. Never self-assess.
45
45
 
46
- **Skills.** Before acting on any domain — invoke the skill:
47
- ```
48
- abuse-prevention, account-security, admin, appsec, auth, billing,
49
- code-quality, competitive-analysis, data-modeling, database, delivery,
50
- deployments, growth, i18n, ledger, observability, performance, pricing,
51
- privacy, pwa, referral, seo, storage, support, uiux
52
- ```
53
- Skills contain: tech stack decisions, non-negotiables, driving questions. Then exceed them.
46
+ **Skills.** Before acting on any domain — use the Skill tool to load guidelines. Read the guidelines. Then exceed them.
54
47
 
55
48
  **Act.** No permission needed. No workarounds. Ship it.
56
49
 
package/assets/slash-commands/continue.md CHANGED
@@ -5,24 +5,95 @@ description: Trigger autonomous product iteration - think, improve, ship
5
5
 
6
6
  # Continue
7
7
 
8
- **Go.** You are the builder.
8
+ Continuously commit.
9
9
 
10
- Push for world-class:
11
- - What would users love?
12
- - What would make them pay and spread?
13
- - What would beat competitors?
10
+ The entire system — not limited to data — must strictly obey a Single Source of Truth (SSOT) principle.
11
+ Every state, behavior, flow, permission, architecture decision, UI behavior, and side effect
12
+ must have exactly one authoritative source, one interpretation, and one correct path.
14
13
 
15
- **Be the user.** What frustrates? What delights?
14
+ The system must be fully reason-able end to end.
15
+ There must be no implicit behavior, hidden assumptions, magic defaults, or silent fallbacks.
16
16
 
17
- **Never self-assess.** Delegate to workers they critique, you synthesize. Final Gate.
17
+ Continuously and repeatedly review, validate, and correct the entire system:
18
+ - Membership and identity correctness and completeness
19
+ - Consistency across state, permissions, flows, and lifecycle
20
+ - Architectural boundaries, modularity, and separation of responsibilities
21
+ - UI behavior matching system intent, state, and permissions
22
+ - Alignment with modern industry standards and best practices
18
23
 
19
- **Invoke skills** before acting on any domain:
20
- ```
21
- abuse-prevention, account-security, admin, appsec, auth, billing,
22
- code-quality, competitive-analysis, data-modeling, database, delivery,
23
- deployments, growth, i18n, ledger, observability, performance, pricing,
24
- privacy, pwa, referral, seo, storage, support, uiux
25
- ```
26
- Skills contain: tech stack decisions, non-negotiables, driving questions. Then exceed them.
24
+ No workarounds.
25
+ No hacks.
26
+ No temporary solutions.
27
+ No backward compatibility.
28
+ No deprecated logic.
29
+ No TODOs.
30
+ No dead code.
31
+ No unused code.
32
+ No incorrect or misleading code.
27
33
 
28
- `/continue`
34
+ Every feature must be built intent-first:
35
+ - The correct model must exist before implementation
36
+ - No duplicated concepts, parallel truths, or shadow logic
37
+ - Any feature must be removable or refactorable without destabilizing the system
38
+
39
+ Continuously perform:
40
+ - Deduplication
41
+ - Refactoring
42
+ - Polishing
43
+ - Modularity enforcement
44
+ - Responsibility separation
45
+ - Architectural correction
46
+
47
+ The system must remain:
48
+ - Stateless
49
+ - Serverless-friendly
50
+ - Scalable
51
+ - Reasonable
52
+ - Testable
53
+ - Observable
54
+
55
+ All technologies must be used correctly, consistently, and idiomatically:
56
+ tRPC, Next.js, Radix UI, next-intl, Drizzle,
57
+ Better Auth, Stripe, Upstash, Neon, Vercel,
58
+ Resend (email), Vercel Blob (storage),
59
+ AI SDK with OpenRouter provider,
60
+ Iconify, Bun, Biome, Bun test,
61
+ Responsive Web Design.
62
+
63
+ Any identity or permission bootstrap (e.g. super admin):
64
+ - Must be defined via environment configuration
65
+ - Must execute exactly once in the system's lifetime
66
+ - Must be non-reentrant
67
+ - Must not be bypassable
68
+ - Must not become a permanent logic dependency
69
+
70
+ All sensitive operations require explicit re-authentication:
71
+ Sensitive action triggered
72
+
73
+ Check verified session
74
+
75
+ Does the user have a password?
76
+ ├─ Yes → Verify password
77
+ └─ No → Send email OTP (6 digits, 10-minute expiry)
78
+
79
+ Verification succeeds
80
+
81
+ Mark session as verified
82
+
83
+ Allow scoped, time-bound sensitive actions
84
+ (2FA setup, email change, account deletion, etc.)
85
+
86
+ The verified state must:
87
+ - Have explicit scope
88
+ - Have explicit expiration
89
+ - Never be implicitly reused
90
+ - Never be shared across sessions or contexts
91
+
92
+ Any ambiguity, inconsistency, incompleteness, or undefined behavior
93
+ must be treated as a bug, not a feature.
94
+
95
+ The system must withstand repeated review, rejection, refactor, and redesign,
96
+ and after every correction,
97
+ become simpler, more consistent, and closer to the correct model.
98
+
99
+ Ultrathink.
package/assets/slash-commands/review.md CHANGED
@@ -17,14 +17,7 @@ args:
17
17
 
18
18
  ## Execution
19
19
 
20
- 1. **Invoke skills** — Load guidelines for relevant domains:
21
- ```
22
- abuse-prevention, account-security, admin, appsec, auth, billing,
23
- code-quality, competitive-analysis, data-modeling, database, delivery,
24
- deployments, growth, i18n, ledger, observability, performance, pricing,
25
- privacy, pwa, referral, seo, storage, support, uiux
26
- ```
27
- Skills contain: tech stack decisions, non-negotiables, driving questions.
20
+ 1. **Load skills** — Use the Skill tool to load guidelines for relevant domains. Read the guidelines.
28
21
 
29
22
  2. **Understand** — How is this implemented? Architecture, choices, tradeoffs.
30
23
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sylphx/flow",
3
- "version": "2.28.2",
3
+ "version": "2.28.4",
4
4
  "description": "One CLI to rule them all. Unified orchestration layer for AI coding assistants. Auto-detection, auto-installation, auto-upgrade.",
5
5
  "type": "module",
6
6
  "bin": {