@sylphx/flow 2.29.3 → 3.0.0

package/assets/skills/seo/SKILL.md

@@ -1,40 +0,0 @@
----
-name: seo
-description: SEO - meta tags, structured data. Use when optimizing for search.
----
-
-# SEO Guideline
-
-## Tech Stack
-
-* **Framework**: Next.js (with Turbopack, SSR-first)
-
-## Non-Negotiables
-
-* Every page must have complete metadata (title, description, canonical, OG, Twitter Cards)
-* Canonical URLs must be correct (no duplicate content)
-* Complete favicon set (ico, svg, apple-touch-icon, PWA icons)
-* Structured data (JSON-LD) for rich results where applicable
-* Security headers configured (CSP, HSTS, X-Frame-Options, X-Content-Type-Options)
-
-## Required Files
-
-* `robots.txt` — search engine crawling rules
-* `sitemap.xml` — page discovery for search engines
-* `llms.txt` — LLM/AI crawler guidance
-* `security.txt` — security vulnerability reporting (at `/.well-known/security.txt`)
-* `ads.txt` — if ads exist
-* `app-ads.txt` — if mobile ads exist
-
-## Context
-
-SEO is about being found when people are looking for what you offer. Good SEO isn't tricks — it's making content genuinely useful and technically accessible to search engines and AI crawlers.
-
-## Driving Questions
-
-* Is every page's head complete with all required meta tags?
-* Are Open Graph and Twitter Cards generating correct previews?
-* Is structured data present and validated?
-* Do all required files exist and pass validation?
-* Is the site accessible to both search engines and LLM crawlers?
-* Are security headers properly configured?

package/assets/skills/storage/SKILL.md

@@ -1,33 +0,0 @@
----
-name: storage
-description: File storage - uploads, CDN, blobs. Use when handling files.
----
-
-# Storage Guideline
-
-## Tech Stack
-
-* **Storage**: Vercel Blob
-* **Framework**: Next.js (with Turbopack)
-* **Platform**: Vercel
-
-## Non-Negotiables
-
-* All file uploads must be validated (type, size, content)
-* Signed URLs for private content access
-* No user-uploaded content served from main domain (XSS prevention)
-* File deletion must cascade with parent entity deletion
-
-## Context
-
-File storage is deceptively complex. Users expect uploads to just work, but there are many ways for it to fail — large files, slow connections, wrong formats, malicious content.
-
-Vercel Blob is the SSOT for file storage. No custom implementations.
-
-## Driving Questions
-
-* What happens when an upload fails halfway?
-* How are large files handled without blocking?
-* What file types are allowed and how is it enforced?
-* How long are files retained after entity deletion?
-* What's the storage cost and is it sustainable?

package/assets/skills/support/SKILL.md

@@ -1,31 +0,0 @@
----
-name: support
-description: Support - help center, tickets, docs. Use when building support.
----
-
-# Support Guideline
-
-## Tech Stack
-
-* **Framework**: Next.js (with Turbopack)
-* **Email**: Resend
-
-## Non-Negotiables
-
-* Self-service must be prioritized over contact forms
-* Support context must include user state (plan, usage, recent actions)
-* Response time expectations must be set and met
-
-## Context
-
-Support is where trust is won or lost. Users who need help are often frustrated — the support experience either deepens their trust or confirms their fears.
-
-Great support isn't just fast responses — it's making users not need support in the first place. Every support ticket is a signal that something in the product could be clearer.
-
-## Driving Questions
-
-* What are the most common support requests and can they be self-served?
-* What context does support need that they don't have?
-* Where does the product create confusion that leads to support tickets?
-* How would we handle a surge in support volume?
-* What would make users feel supported before they ask for help?

package/assets/skills/uiux/SKILL.md

@@ -1,40 +0,0 @@
----
-name: uiux
-description: UI/UX - design system, accessibility. Use when building interfaces.
----
-
-# UI/UX Guideline
-
-## Tech Stack
-
-* **Framework**: Next.js (with Turbopack)
-* **Components**: Radix UI (mandatory)
-* **Styling**: Tailwind CSS
-* **Icons**: @iconify-icon/react
-
-## Radix UI (Mandatory)
-
-If Radix has a primitive for it, you MUST use it. No exceptions. No custom implementations.
-Any custom implementation of something Radix already provides is a bug.
-
-## Non-Negotiables
-
-* WCAG 2.1 AA compliance (keyboard navigation, screen readers, contrast)
-* Touch targets minimum 44x44px on mobile
-* Responsive design (mobile-first)
-* Loading states for all async operations
-* Error states must be actionable
-* No layout shift on content load
-
-## Context
-
-UI/UX is about removing friction between users and value. Bad UX doesn't just feel bad — it costs conversion, retention, and trust.
-
-## Driving Questions
-
-* Where do users get confused or frustrated?
-* What would a first-time user struggle with?
-* Where are loading states missing or unhelpful?
-* What accessibility issues exist?
-* Where does the UI feel inconsistent?
-* What would make the product feel more polished?

package/assets/slash-commands/cleanup.md

@@ -1,59 +0,0 @@
----
-name: cleanup
-description: Clean technical debt, refactor, optimize, and simplify codebase
----
-
-# Cleanup & Refactor
-
-Scan codebase for technical debt and code smells. Clean, refactor, optimize.
-
-## Scope
-
-**Code Smells:**
-- Functions >20 lines → extract
-- Duplication (3+ occurrences) → DRY
-- Complexity (>3 nesting levels) → flatten
-- Unused code/imports/variables → remove
-- Commented code → delete
-- Magic numbers → named constants
-- Poor naming → clarify
-
-**Technical Debt:**
-- TODOs/FIXMEs → implement or delete
-- Deprecated APIs → upgrade
-- Outdated patterns → modernize
-- Performance bottlenecks → optimize
-- Memory leaks → fix
-- Lint warnings → resolve
-
-**Optimization:**
-- Algorithm complexity → reduce
-- N+1 queries → batch
-- Unnecessary re-renders → memoize
-- Large bundles → code split
-- Unused dependencies → remove
-
-## Execution
-
-1. **Scan** entire codebase systematically
-2. **Prioritize** by impact (critical → major → minor)
-3. **Clean** incrementally with atomic commits
-4. **Test** after every change
-5. **Report** what was cleaned and impact
-
-## Commit Strategy
-
-One commit per logical cleanup:
-- `refactor(auth): extract validateToken function`
-- `perf(db): batch user queries to fix N+1`
-- `chore: remove unused imports and commented code`
-
-## Exit Criteria
-
-- [ ] No code smells remain
-- [ ] All tests pass
-- [ ] Lint clean
-- [ ] Performance improved (measure before/after)
-- [ ] Technical debt reduced measurably
-
-Report: Lines removed, complexity reduced, performance gains.

package/assets/slash-commands/continue.md

@@ -1,94 +0,0 @@
----
-name: continue
-description: Trigger autonomous product iteration - think, improve, ship
----
-
-# Continue
-
-Continuously commit.
-
-The entire system — not limited to data — must strictly obey a Single Source of Truth (SSOT) principle.
-Every state, behavior, flow, permission, architecture decision, UI behavior, and side effect
-must have exactly one authoritative source, one interpretation, and one correct path.
-
-The system must be fully reason-able end to end.
-There must be no implicit behavior, hidden assumptions, magic defaults, or silent fallbacks.
-
-Continuously and repeatedly review, validate, and correct the entire system:
-- Membership and identity correctness and completeness
-- Consistency across state, permissions, flows, and lifecycle
-- Architectural boundaries, modularity, and separation of responsibilities
-- UI behavior matching system intent, state, and permissions
-- Alignment with modern industry standards and best practices
-
-No workarounds.
-No hacks.
-No temporary solutions.
-No backward compatibility.
-No deprecated logic.
-No TODOs.
-No dead code.
-No unused code.
-No incorrect or misleading code.
-
-Every feature must be built intent-first:
-- The correct model must exist before implementation
-- No duplicated concepts, parallel truths, or shadow logic
-- Any feature must be removable or refactorable without destabilizing the system
-
-Continuously perform:
-- Deduplication
-- Refactoring
-- Polishing
-- Modularity enforcement
-- Responsibility separation
-- Architectural correction
-
-The system must remain:
-- Stateless
-- Serverless-friendly
-- Scalable
-- Reasonable
-- Testable
-- Observable
-
-## Radix UI (Mandatory)
-
-If Radix has a primitive for it, you MUST use it. No exceptions. No custom implementations.
-Any custom implementation of something Radix already provides is a bug.
-
-## Bootstrap
-
-Admin bootstrap via INITIAL_SUPERADMIN_EMAIL only. One-time, non-reentrant, non-bypassable.
-
-## Platform-Led Integrations
-
-Platform is source of truth. Third-party services sync FROM platform, never reverse.
-All configuration in code. No manual third-party dashboard configuration.
-Platform can switch providers without architectural change.
-
-## Re-authentication
-
-Sensitive actions require step-up re-authentication (password or email OTP).
-Verified session state must be scoped, time-bound, never implicitly reused.
-
-## Technologies
-
-tRPC, Next.js (with Turbopack), Radix UI, next-intl, Drizzle,
-Better Auth, Stripe, Upstash, Neon, Vercel,
-Resend (email), Vercel Blob (storage),
-AI SDK with OpenRouter provider,
-Tailwind CSS (styling), @iconify-icon/react (icons),
-Bun, Biome, Bun test,
-Responsive Web Design.
-
----
-
-Any ambiguity, inconsistency, incompleteness, or undefined behavior
-must be treated as a bug, not a feature.
-
-The system must withstand repeated review, rejection, refactor, and redesign,
-and after every correction,
-become simpler, more consistent, and closer to the correct model.
-
-Ultrathink.

package/assets/slash-commands/continue2.md

@@ -1,61 +0,0 @@
----
-name: continue2
-description: Iterative codebase review - apply each skill guideline to audit and fix the project
----
-
-# Continue2: Guideline-Driven Codebase Review
-
-Use skill guidelines to audit and improve the project codebase.
-
-**Important**: You are reviewing the PROJECT CODE against the guidelines, NOT reviewing the guidelines themselves.
-
-## Process
-
-### Phase 1: Sequential Audit
-
-For each skill guideline:
-
-1. Use the Skill tool to load the guideline (e.g., `skill: "auth"`)
-2. Audit the project codebase against that guideline's non-negotiables
-3. Fix any violations found in the project code
-4. Move to next skill
-
-Skills to audit against (25 total):
-- auth, account-security, admin, appsec
-- billing, pricing, ledger
-- database, data-modeling
-- delivery, deployments, observability
-- privacy, seo, performance, pwa
-- uiux, i18n, growth
-- storage, support, referral
-- abuse-prevention, competitive-analysis, code-quality
-
-### Phase 2: Delegate Full Audit
-
-After Phase 1, delegate a comprehensive review to a worker agent:
-
-```
-Task: Audit the project codebase against all 25 skill guidelines.
-
-For each skill:
-1. Load the guideline using Skill tool (e.g., skill: "auth")
-2. Check if the project code complies with the non-negotiables
-3. Report any violations found
-
-Return: List of specific violations in the codebase, or "No violations found."
-```
-
-### Phase 3: Fix and Repeat
-
-If reviewer found violations:
-1. Fix all violations in the project code
-2. Return to Phase 2
-
-If no violations found:
-- Done. Commit and release.
-
-## Exit Condition
-
-The loop terminates when:
-- A reviewer agent returns "No violations found"
-- The project codebase fully complies with all skill guidelines

package/assets/slash-commands/improve.md

@@ -1,153 +0,0 @@
----
-name: improve
-description: Proactively discover and implement improvements
----
-
-# Proactive Improvement
-
-Analyze project comprehensively. Discover improvement opportunities. Prioritize and execute.
-
-## Discovery Areas
-
-**Code Quality:**
-- Code complexity hotspots
-- Duplication patterns
-- Test coverage gaps
-- Error handling weaknesses
-- Type safety improvements
-- Naming inconsistencies
-
-**Architecture:**
-- Tight coupling
-- Missing abstractions
-- Scalability bottlenecks
-- State management issues
-- API design improvements
-- Module organization
-
-**Performance:**
-- Slow algorithms (profiling data)
-- Database query inefficiencies
-- Bundle size optimization
-- Memory usage patterns
-- Network request optimization
-- Caching opportunities
-
-**Security:**
-- Vulnerability scan (dependencies)
-- Input validation gaps
-- Authentication/authorization weaknesses
-- Sensitive data exposure
-- OWASP top 10 check
-- Security best practices
-
-**Developer Experience:**
-- Development setup complexity
-- Build time optimization
-- Testing speed
-- Debugging capabilities
-- Error messages clarity
-- Documentation gaps
-
-**Maintenance:**
-- Outdated dependencies
-- Deprecated API usage
-- Missing tests
-- Incomplete documentation
-- Configuration complexity
-- Technical debt accumulation
-
-**Features:**
-- Missing functionality (user feedback)
-- Integration opportunities
-- Automation potential
-- Monitoring/observability
-- Error recovery
-- User experience improvements
-
-## Analysis Process
-
-1. **Scan** codebase comprehensively
-2. **Profile** performance bottlenecks
-3. **Check** security vulnerabilities
-4. **Review** dependencies for updates
-5. **Analyze** test coverage
-6. **Assess** documentation completeness
-7. **Evaluate** architectural patterns
-8. **Identify** missing features
-
-## Prioritization Matrix
-
-**Impact vs Effort:**
-- **High Impact + Low Effort** → Do first
-- **High Impact + High Effort** → Plan carefully
-- **Low Impact + Low Effort** → Quick wins
-- **Low Impact + High Effort** → Skip or defer
-
-**Categories:**
-- **Critical:** Security, data loss, crashes
-- **High:** Performance degradation, poor UX
-- **Medium:** Code quality, maintainability
-- **Low:** Nice-to-haves, polish
-
-## Execution Plan
-
-For each improvement:
-1. **Describe** what and why
-2. **Estimate** effort (small/medium/large)
-3. **Assess** impact (low/medium/high)
-4. **Prioritize** using matrix
-5. **Create** implementation plan
-
-Then execute top priorities:
-- Start with high-impact, low-effort
-- Make atomic commits
-- Test thoroughly
-- Document changes
-
-## Output Format
-
-```markdown
-## Improvement Opportunities
-
-### Critical (Do Now)
-1. [Security] Update vulnerable dependency X (CVE-XXXX)
-   - Impact: High (prevents exploit)
-   - Effort: Low (5 min)
-   - Action: `npm update X`
-
-### High Priority
-1. [Performance] Optimize user query (N+1 problem)
-   - Impact: High (10x speedup)
-   - Effort: Medium (2 hrs)
-   - Action: Batch queries with JOIN
-
-### Quick Wins
-1. [DX] Add pre-commit hooks
-   - Impact: Medium (catch errors early)
-   - Effort: Low (30 min)
-   - Action: Setup husky + lint-staged
-
-### Planned Improvements
-1. [Feature] Add caching layer
-   - Impact: High (reduce server load)
-   - Effort: High (1 week)
-   - Action: Design cache strategy, implement Redis
-
-## Execution Plan
-1. Fix security vulnerability (now)
-2. Optimize query performance (today)
-3. Add pre-commit hooks (today)
-4. Plan caching implementation (next sprint)
-```
-
-## Exit Criteria
-
-- [ ] Comprehensive analysis completed
-- [ ] Opportunities prioritized
-- [ ] High-priority improvements implemented
-- [ ] Tests pass
-- [ ] Impact measured
-- [ ] Documentation updated
-
-Report: Improvements discovered, implemented, impact metrics.

package/assets/slash-commands/init.md

@@ -1,34 +0,0 @@
----
-name: init
-description: Initialize project docs - create PRODUCT.md and ARCHITECTURE.md
----
-
-# Init Project Docs
-
-Create project documentation if missing:
-
-1. **Check** if `PRODUCT.md` exists in project root
-   - If missing → Create with structure:
-     - Vision / Mission
-     - Success Metrics (revenue, users, growth)
-     - Target Users
-     - Value Propositions
-     - Key Features
-     - Competitive Landscape
-     - Roadmap (Now / Next / Later)
-
-2. **Check** if `ARCHITECTURE.md` exists in project root
-   - If missing → Create with structure:
-     - Tech Stack (with rationale)
-     - System Design
-     - Key Patterns
-     - Data Models
-     - Integrations
-     - Technical Decisions
-     - Known Limitations
-
-3. **If files exist**, read them and suggest improvements based on current codebase.
-
-**Fill in details** based on what you can learn from the codebase. Ask user for what you can't infer.
-
-Product = WHAT and WHY. Architecture = HOW.

package/assets/slash-commands/polish.md

@@ -1,87 +0,0 @@
----
-name: polish
-description: Polish project presentation - docs, README, packaging, metadata
----
-
-# Polish Project
-
-Make project professional, welcoming, and well-documented.
-
-## Scope
-
-**README:**
-- Clear project description (what, why, how)
-- Installation instructions (tested)
-- Quick start example (copy-paste ready)
-- Key features (3-5 bullet points)
-- API overview
-- Links to full docs
-- Badges (build status, coverage, version, license)
-- Contributing guidelines link
-- License
-
-**Documentation:**
-- API reference (all public functions)
-- Usage examples (common scenarios)
-- Tutorials (step-by-step guides)
-- Architecture overview
-- Troubleshooting guide
-- FAQ
-- Migration guides (if applicable)
-
-**Code Comments:**
-- JSDoc for public APIs
-- Complex logic explained (WHY not WHAT)
-- Non-obvious decisions documented
-- Examples in comments where helpful
-
-**Packaging (package.json):**
-- Accurate description
-- Relevant keywords (10-15)
-- Repository URL
-- Homepage URL
-- Bug tracker URL
-- Author info
-- License
-- Engines specified
-- Files field (only ship necessary)
-
-**GitHub Metadata:**
-- Topics/tags (10-20 relevant tags)
-- Description (concise, searchable)
-- Website URL
-- Social preview image (if applicable)
-
-**Changelog:**
-- Update CHANGELOG.md
-- Clear version history
-- Breaking changes highlighted
-- Migration instructions
-
-**Contributing:**
-- CONTRIBUTING.md
-- Code of conduct
-- Development setup
-- Testing guidelines
-- PR process
-
-## Execution
-
-1. **Audit** what exists vs what's missing
-2. **Update** outdated content
-3. **Create** missing documentation
-4. **Test** all code examples
-5. **Verify** all links work
-6. **Ensure** consistency across docs
-
-## Quality Checks
-
-- [ ] README explains project in <5 min read
-- [ ] New user can get started in <10 min
-- [ ] All examples tested and work
-- [ ] No broken links
-- [ ] Search-friendly keywords
-- [ ] Professional presentation
-- [ ] Beginner-friendly
-
-Report: What was added/updated, coverage improved.