@sylphx/flow 2.28.4 → 2.28.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/assets/slash-commands/continue.md +84 -21
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # @sylphx/flow
2
2
 
3
+ ## 2.28.5 (2026-01-04)
4
+
5
+ Enhance continue command with Radix UI everywhere, bootstrap super admin, and platform-led integrations
6
+
7
+ ### 📚 Documentation
8
+
9
+ - **commands:** enhance continue with Radix UI, bootstrap, platform-led integrations ([bd09618](https://github.com/SylphxAI/flow/commit/bd09618e384f638e57535d51814696e0e2b9235e))
10
+
3
11
  ## 2.28.4 (2026-01-04)
4
12
 
5
13
  Rewrite continue command with SSOT principles and comprehensive system correctness guidelines
package/assets/slash-commands/continue.md CHANGED
@@ -52,7 +52,70 @@ The system must remain:
52
52
  - Testable
53
53
  - Observable
54
54
 
55
- All technologies must be used correctly, consistently, and idiomatically:
55
+ ## UI: Radix UI Everywhere
56
+
57
+ Use Radix UI comprehensively. If Radix has a primitive for it, use it.
58
+ No custom implementations of solved problems.
59
+ No alternative component libraries for what Radix already provides.
60
+
61
+ Radix primitives are the SSOT for:
62
+ - Dialogs, modals, sheets
63
+ - Dropdowns, menus, context menus
64
+ - Popovers, tooltips, hover cards
65
+ - Tabs, accordions, collapsibles
66
+ - Select, combobox, radio, checkbox, switch
67
+ - Sliders, progress, scroll areas
68
+ - Navigation, breadcrumbs
69
+ - Toasts, alerts
70
+ - Avatar, aspect ratio, separator
71
+
72
+ When similar UI problems arise across the system,
73
+ solve them once with Radix, then reuse everywhere.
74
+
75
+ ## Bootstrap: Super Admin
76
+
77
+ Simplest possible approach:
78
+
79
+ ```
80
+ INITIAL_SUPERADMIN_EMAIL=your@email.com
81
+ ```
82
+
83
+ Flow:
84
+ 1. Set env variable
85
+ 2. Register with that email
86
+ 3. Automatically elevated to super_admin
87
+ 4. Done
88
+
89
+ Why singular:
90
+ - Only one initial super_admin needed
91
+ - They promote others via admin UI
92
+ - Simple = fewer bugs
93
+
94
+ The bootstrap must:
95
+ - Execute exactly once
96
+ - Be non-reentrant
97
+ - Not be bypassable
98
+ - Not become permanent logic dependency
99
+
100
+ ## Third-Party Integrations: Platform-Led
101
+
102
+ The platform is the source of truth. Third-party services sync FROM the platform, not TO it.
103
+
104
+ **Stripe:**
105
+ - Platform defines products, prices, features
106
+ - Stripe is synced to match platform state
107
+ - No manual Stripe dashboard configuration
108
+ - Platform state → Stripe sync (never reverse)
109
+
110
+ **All integrations:**
111
+ - Design in platform first
112
+ - Third-party services are implementation details
113
+ - No dependency on third-party UI/configuration
114
+ - Platform can switch providers without architectural change
115
+
116
+ ## Technologies
117
+
118
+ All must be used correctly, consistently, and idiomatically:
56
119
  tRPC, Next.js, Radix UI, next-intl, Drizzle,
57
120
  Better Auth, Stripe, Upstash, Neon, Vercel,
58
121
  Resend (email), Vercel Blob (storage),
@@ -60,28 +123,26 @@ AI SDK with OpenRouter provider,
60
123
  Iconify, Bun, Biome, Bun test,
61
124
  Responsive Web Design.
62
125
 
63
- Any identity or permission bootstrap (e.g. super admin):
64
- - Must be defined via environment configuration
65
- - Must execute exactly once in the system's lifetime
66
- - Must be non-reentrant
67
- - Must not be bypassable
68
- - Must not become a permanent logic dependency
126
+ ## Re-authentication Flow
69
127
 
70
128
  All sensitive operations require explicit re-authentication:
71
- Sensitive action triggered
72
-
73
- Check verified session
74
-
75
- Does the user have a password?
76
- ├─ Yes → Verify password
77
- └─ No → Send email OTP (6 digits, 10-minute expiry)
78
-
79
- Verification succeeds
80
-
81
- Mark session as verified
82
-
83
- Allow scoped, time-bound sensitive actions
84
- (2FA setup, email change, account deletion, etc.)
129
+
130
+ ```
131
+ Sensitive action triggered
132
+
133
+ Check verified session
134
+
135
+ Does the user have a password?
136
+ ├─ Yes → Verify password
137
+ └─ No → Send email OTP (6 digits, 10-minute expiry)
138
+
139
+ Verification succeeds
140
+
141
+ Mark session as verified
142
+
143
+ Allow scoped, time-bound sensitive actions
144
+ (2FA setup, email change, account deletion, etc.)
145
+ ```
85
146
 
86
147
  The verified state must:
87
148
  - Have explicit scope
@@ -89,6 +150,8 @@ The verified state must:
89
150
  - Never be implicitly reused
90
151
  - Never be shared across sessions or contexts
91
152
 
153
+ ---
154
+
92
155
  Any ambiguity, inconsistency, incompleteness, or undefined behavior
93
156
  must be treated as a bug, not a feature.
94
157
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sylphx/flow",
3
- "version": "2.28.4",
3
+ "version": "2.28.5",
4
4
  "description": "One CLI to rule them all. Unified orchestration layer for AI coding assistants. Auto-detection, auto-installation, auto-upgrade.",
5
5
  "type": "module",
6
6
  "bin": {