@sylphx/flow 2.28.3 → 2.28.5

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @sylphx/flow
 
+## 2.28.5 (2026-01-04)
+
+Enhance continue command with Radix UI everywhere, bootstrap super admin, and platform-led integrations
+
+### 📚 Documentation
+
+- **commands:** enhance continue with Radix UI, bootstrap, platform-led integrations ([bd09618](https://github.com/SylphxAI/flow/commit/bd09618e384f638e57535d51814696e0e2b9235e))
+
+## 2.28.4 (2026-01-04)
+
+Rewrite continue command with SSOT principles and comprehensive system correctness guidelines
+
+### 📚 Documentation
+
+- **commands:** rewrite continue command with SSOT principles ([b3ca5e0](https://github.com/SylphxAI/flow/commit/b3ca5e048b7580ed2f723936297b015a03964932))
+
 ## 2.28.3 (2025-12-19)
 
 ### 🐛 Bug Fixes

package/assets/slash-commands/continue.md

@@ -5,17 +5,158 @@ description: Trigger autonomous product iteration - think, improve, ship
 
 # Continue
 
-**Go.** You are the builder.
+Continuously commit.
 
-Push for world-class:
-- What would users love?
-- What would make them pay and spread?
-- What would beat competitors?
+The entire system — not limited to data — must strictly obey a Single Source of Truth (SSOT) principle.
+Every state, behavior, flow, permission, architecture decision, UI behavior, and side effect
+must have exactly one authoritative source, one interpretation, and one correct path.
 
-**Be the user.** What frustrates? What delights?
+The system must be fully reason-able end to end.
+There must be no implicit behavior, hidden assumptions, magic defaults, or silent fallbacks.
 
-**Never self-assess.** Delegate to workers — they critique, you synthesize. Final Gate.
+Continuously and repeatedly review, validate, and correct the entire system:
+- Membership and identity correctness and completeness
+- Consistency across state, permissions, flows, and lifecycle
+- Architectural boundaries, modularity, and separation of responsibilities
+- UI behavior matching system intent, state, and permissions
+- Alignment with modern industry standards and best practices
 
-**Skills.** Before acting on any domain — use the Skill tool to load guidelines. Read the guidelines. Then exceed them.
+No workarounds.
+No hacks.
+No temporary solutions.
+No backward compatibility.
+No deprecated logic.
+No TODOs.
+No dead code.
+No unused code.
+No incorrect or misleading code.
 
-`/continue`
+Every feature must be built intent-first:
+- The correct model must exist before implementation
+- No duplicated concepts, parallel truths, or shadow logic
+- Any feature must be removable or refactorable without destabilizing the system
+
+Continuously perform:
+- Deduplication
+- Refactoring
+- Polishing
+- Modularity enforcement
+- Responsibility separation
+- Architectural correction
+
+The system must remain:
+- Stateless
+- Serverless-friendly
+- Scalable
+- Reasonable
+- Testable
+- Observable
+
+## UI: Radix UI Everywhere
+
+Use Radix UI comprehensively. If Radix has a primitive for it, use it.
+No custom implementations of solved problems.
+No alternative component libraries for what Radix already provides.
+
+Radix primitives are the SSOT for:
+- Dialogs, modals, sheets
+- Dropdowns, menus, context menus
+- Popovers, tooltips, hover cards
+- Tabs, accordions, collapsibles
+- Select, combobox, radio, checkbox, switch
+- Sliders, progress, scroll areas
+- Navigation, breadcrumbs
+- Toasts, alerts
+- Avatar, aspect ratio, separator
+
+When similar UI problems arise across the system,
+solve them once with Radix, then reuse everywhere.
+
+## Bootstrap: Super Admin
+
+Simplest possible approach:
+
+```
+INITIAL_SUPERADMIN_EMAIL=your@email.com
+```
+
+Flow:
+1. Set env variable
+2. Register with that email
+3. Automatically elevated to super_admin
+4. Done
+
+Why singular:
+- Only one initial super_admin needed
+- They promote others via admin UI
+- Simple = fewer bugs
+
+The bootstrap must:
+- Execute exactly once
+- Be non-reentrant
+- Not be bypassable
+- Not become permanent logic dependency
+
+## Third-Party Integrations: Platform-Led
+
+The platform is the source of truth. Third-party services sync FROM the platform, not TO it.
+
+**Stripe:**
+- Platform defines products, prices, features
+- Stripe is synced to match platform state
+- No manual Stripe dashboard configuration
+- Platform state → Stripe sync (never reverse)
+
+**All integrations:**
+- Design in platform first
+- Third-party services are implementation details
+- No dependency on third-party UI/configuration
+- Platform can switch providers without architectural change
+
+## Technologies
+
+All must be used correctly, consistently, and idiomatically:
+tRPC, Next.js, Radix UI, next-intl, Drizzle,
+Better Auth, Stripe, Upstash, Neon, Vercel,
+Resend (email), Vercel Blob (storage),
+AI SDK with OpenRouter provider,
+Iconify, Bun, Biome, Bun test,
+Responsive Web Design.
+
+## Re-authentication Flow
+
+All sensitive operations require explicit re-authentication:
+
+```
+    Sensitive action triggered
+                ↓
+        Check verified session
+                ↓
+    Does the user have a password?
+        ├─ Yes → Verify password
+        └─ No  → Send email OTP (6 digits, 10-minute expiry)
+                ↓
+        Verification succeeds
+                ↓
+        Mark session as verified
+                ↓
+    Allow scoped, time-bound sensitive actions
+    (2FA setup, email change, account deletion, etc.)
+```
+
+The verified state must:
+- Have explicit scope
+- Have explicit expiration
+- Never be implicitly reused
+- Never be shared across sessions or contexts
+
+---
+
+Any ambiguity, inconsistency, incompleteness, or undefined behavior
+must be treated as a bug, not a feature.
+
+The system must withstand repeated review, rejection, refactor, and redesign,
+and after every correction,
+become simpler, more consistent, and closer to the correct model.
+
+Ultrathink.

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@sylphx/flow",
-	"version": "2.28.3",
+	"version": "2.28.5",
 	"description": "One CLI to rule them all. Unified orchestration layer for AI coding assistants. Auto-detection, auto-installation, auto-upgrade.",
 	"type": "module",
 	"bin": {