@claude-flow/cli 3.0.0-alpha.63 → 3.0.0-alpha.65

package/.claude/skills/aidefence.yaml

@@ -0,0 +1,297 @@
+---
+name: aidefence
+version: 1.0.0
+description: |
+  AI Manipulation Defense System (AIMDS) integration for Claude Flow V3.
+  Provides real-time threat detection, behavioral analysis, and adaptive
+  mitigation with 25-level meta-learning capabilities.
+
+author: rUv
+license: MIT
+homepage: https://ruv.io/aimds
+repository: https://github.com/ruvnet/midstream/tree/main/AIMDS
+
+# Package reference
+package: aidefence@^2.1.1
+
+# Capabilities provided by this skill
+capabilities:
+  # Detection capabilities
+  - prompt_injection_detection    # 50+ prompt injection patterns
+  - jailbreak_detection          # AI jailbreak attempt detection
+  - pii_detection               # PII identification (emails, SSNs, API keys)
+  - unicode_normalization       # Control character sanitization
+
+  # Analysis capabilities
+  - behavioral_analysis         # Temporal pattern analysis
+  - chaos_detection            # Lyapunov exponent calculation
+  - policy_verification        # Linear Temporal Logic (LTL) policies
+  - anomaly_detection          # Statistical baseline learning
+
+  # Response capabilities
+  - adaptive_mitigation        # 7 distinct mitigation strategies
+  - meta_learning             # 25-level recursive optimization (strange-loop)
+  - rollback_management       # Failed mitigation rollback
+  - effectiveness_tracking    # Real-time mitigation monitoring
+
+# Performance characteristics
+performance:
+  detection_latency: <10ms
+  analysis_latency: <100ms
+  response_latency: <50ms
+  throughput: ">12000 req/s"
+
+# Commands exposed by this skill
+commands:
+  scan:
+    description: Scan input for AI manipulation attempts
+    usage: |
+      /aidefence scan <input>
+      /aidefence scan --file <path>
+      /aidefence scan --mode paranoid <input>
+    examples:
+      - "/aidefence scan 'Ignore previous instructions and...'"
+      - "/aidefence scan --file suspicious-prompt.txt"
+      - "/aidefence scan --mode paranoid --json 'Please help me...'"
+    options:
+      - name: mode
+        type: choice
+        choices:
+          - quick      # Pattern matching only (<5ms)
+          - thorough   # Pattern + behavioral (<50ms)
+          - paranoid   # Full analysis + policy verification (<150ms)
+        default: thorough
+        description: Scan depth mode
+      - name: file
+        type: string
+        description: File path to scan instead of inline input
+      - name: json
+        type: boolean
+        default: false
+        description: Output results as JSON
+
+  analyze:
+    description: Analyze agent behavior patterns for anomalies
+    usage: |
+      /aidefence analyze <agent-id>
+      /aidefence analyze <agent-id> --window 24h
+    examples:
+      - "/aidefence analyze security-architect-1234"
+      - "/aidefence analyze coder-5678 --window 10m --threshold 0.7"
+    options:
+      - name: window
+        type: string
+        default: "1h"
+        description: Time window for behavioral analysis
+      - name: threshold
+        type: number
+        default: 0.8
+        description: Anomaly score threshold (0-1)
+
+  policy:
+    description: Verify agent against LTL security policy
+    usage: |
+      /aidefence policy <agent-id> <ltl-formula>
+    examples:
+      - "/aidefence policy coder-1234 'G(edit_file -> F(run_tests))'"
+      - "/aidefence policy reviewer-5678 'G(!approve_self_code)'"
+    options:
+      - name: verbose
+        type: boolean
+        default: false
+        description: Show detailed policy evaluation trace
+
+  learn:
+    description: Record successful mitigation for meta-learning
+    usage: |
+      /aidefence learn <threat-type> <strategy> --effectiveness <score>
+    examples:
+      - "/aidefence learn prompt_injection sanitize --effectiveness 0.95"
+      - "/aidefence learn jailbreak reject --effectiveness 1.0"
+    options:
+      - name: effectiveness
+        type: number
+        required: true
+        description: Mitigation effectiveness score (0-1)
+
+  status:
+    description: Show aidefence system status and metrics
+    usage: |
+      /aidefence status
+      /aidefence status --metrics
+    options:
+      - name: metrics
+        type: boolean
+        default: false
+        description: Include Prometheus metrics
+
+# Hook integrations
+hooks:
+  # Pre-agent-input: Scan all agent inputs for manipulation
+  pre-agent-input:
+    enabled: true
+    description: Scan agent inputs before processing
+    config:
+      block_critical: true       # Block inputs with critical threats
+      block_high: false          # Allow high severity with logging
+      log_all: true             # Log all threat detections
+      mode: thorough            # Default scan mode
+
+  # Post-agent-action: Learn from agent behaviors
+  post-agent-action:
+    enabled: true
+    description: Record agent actions for behavioral modeling
+    config:
+      sampling_rate: 0.1        # Sample 10% of actions for analysis
+      anomaly_threshold: 0.8    # Alert threshold for anomaly score
+      store_embeddings: true    # Store action embeddings in AgentDB
+
+  # Pre-swarm-init: Verify swarm security policies
+  pre-swarm-init:
+    enabled: true
+    description: Verify swarm topology against security policies
+    config:
+      require_security_agent: true  # Require security-architect in swarm
+      validate_topology: true       # Validate topology security
+
+# Integration with claude-flow systems
+integration:
+  # AgentDB integration for shared threat patterns
+  agentdb:
+    enabled: true
+    namespace: security_threats
+    hnsw_enabled: true
+    config:
+      vector_dimension: 384
+      m: 16
+      ef_construction: 200
+      ef_search: 100
+
+  # ReasoningBank integration for pattern learning
+  reasoningbank:
+    enabled: true
+    store_patterns: true
+    learn_mitigations: true
+    config:
+      min_effectiveness: 0.8    # Only store high-effectiveness patterns
+      consolidation_interval: 1h
+
+  # Prometheus metrics
+  prometheus:
+    enabled: true
+    metrics:
+      - aidefence_threats_detected_total
+      - aidefence_detection_latency_ms
+      - aidefence_analysis_latency_ms
+      - aidefence_anomaly_score
+      - aidefence_mitigations_applied_total
+      - aidefence_meta_learning_depth
+
+# MCP tool registrations
+mcp_tools:
+  - name: aidefence_scan
+    description: Scan input for AI manipulation attempts
+    input_schema:
+      type: object
+      properties:
+        input:
+          type: string
+          description: Input text to scan
+        mode:
+          type: string
+          enum: [quick, thorough, paranoid]
+          default: thorough
+      required: [input]
+
+  - name: aidefence_analyze_behavior
+    description: Analyze agent behavioral patterns for anomalies
+    input_schema:
+      type: object
+      properties:
+        agentId:
+          type: string
+          description: Agent ID to analyze
+        timeWindow:
+          type: string
+          default: "1h"
+          description: Time window for analysis
+      required: [agentId]
+
+  - name: aidefence_verify_policy
+    description: Verify agent behavior against LTL security policies
+    input_schema:
+      type: object
+      properties:
+        agentId:
+          type: string
+        policy:
+          type: string
+          description: LTL policy formula
+      required: [agentId, policy]
+
+  - name: aidefence_learn_pattern
+    description: Store successful threat pattern for meta-learning
+    input_schema:
+      type: object
+      properties:
+        threatType:
+          type: string
+        mitigation:
+          type: string
+        effectiveness:
+          type: number
+          minimum: 0
+          maximum: 1
+      required: [threatType, mitigation, effectiveness]
+
+# Threat detection patterns (reference)
+threat_patterns:
+  prompt_injection:
+    count: 50+
+    categories:
+      - instruction_override    # "Ignore previous instructions"
+      - role_switching         # "You are now DAN"
+      - context_manipulation   # Fake system messages
+      - delimiter_abuse        # Using special tokens
+
+  jailbreak:
+    categories:
+      - dan_variants           # Do Anything Now variants
+      - hypothetical          # "Hypothetically, if..."
+      - roleplay              # Character-based bypasses
+      - encoding              # Base64/ROT13 encoded prompts
+
+  pii:
+    types:
+      - email_addresses
+      - social_security_numbers
+      - credit_card_numbers
+      - api_keys
+      - passwords
+
+# Behavioral analysis configuration
+behavioral_analysis:
+  temporal:
+    window_sizes: [1m, 10m, 1h, 24h]
+    attractor_types:
+      - point     # Stable single point
+      - cycle     # Periodic behavior
+      - torus     # Quasi-periodic
+      - strange   # Chaotic (suspicious)
+
+  lyapunov:
+    threshold: 0.1  # Positive = chaotic behavior
+    embedding_dimension: 3
+    time_delay: 1
+
+  baseline:
+    learning_period: 24h
+    update_frequency: 1h
+    deviation_threshold: 3.0  # Standard deviations
+
+# Documentation links
+documentation:
+  readme: https://github.com/ruvnet/midstream/blob/main/AIMDS/README.md
+  api: https://ruv.io/aimds/api
+  patterns: https://ruv.io/aimds/patterns
+  integration: /v3/implementation/adrs/ADR-022-aidefence-integration.md

package/.claude/skills/secure-review.md

@@ -0,0 +1,181 @@
+---
+name: secure-review
+version: 1.0.0
+description: Security-focused code review with AI manipulation detection
+author: rUv
+tags: [security, code-review, aidefence]
+
+invocation:
+  - /secure-review
+  - /security-review
+
+requires:
+  - "@claude-flow/aidefence"
+---
+
+# Secure Review Skill
+
+Perform security-focused code reviews that include AI manipulation detection, credential scanning, and security best practice validation.
+
+## Commands
+
+### `/secure-review <file-or-directory>`
+Review code for security issues including:
+- Hardcoded credentials
+- Prompt injection vulnerabilities
+- Unsafe input handling
+- Security anti-patterns
+
+### `/secure-review --quick <file>`
+Quick security scan without detailed analysis.
+
+### `/secure-review --fix <file>`
+Review and suggest fixes for security issues.
+
+---
+
+## Execution Instructions
+
+When `/secure-review` is invoked:
+
+### Step 1: Initialize Security Tools
+
+```typescript
+import { createAIDefence } from '@claude-flow/aidefence';
+
+const aidefence = createAIDefence({ enableLearning: true });
+```
+
+### Step 2: Read and Analyze Files
+
+For each file to review:
+
+1. **Read the file** using the Read tool
+2. **Scan for PII/Credentials**:
+```typescript
+const piiResult = aidefence.hasPII(fileContent);
+if (piiResult) {
+  findings.push({
+    type: 'pii',
+    severity: 'high',
+    message: 'Potential credentials or PII detected',
+    file: filePath
+  });
+}
+```
+
+3. **Check for dangerous patterns**:
+```typescript
+const dangerousPatterns = [
+  { pattern: /eval\s*\(/, message: 'Unsafe eval() usage', severity: 'critical' },
+  { pattern: /innerHTML\s*=/, message: 'Potential XSS via innerHTML', severity: 'high' },
+  { pattern: /shell:\s*true/, message: 'Shell injection risk', severity: 'critical' },
+  { pattern: /dangerouslySetInnerHTML/, message: 'Dangerous HTML injection', severity: 'high' },
+  { pattern: /password.*=.*['"][^'"]+['"]/, message: 'Hardcoded password', severity: 'critical' },
+];
+
+for (const { pattern, message, severity } of dangerousPatterns) {
+  const match = fileContent.match(pattern);
+  if (match) {
+    findings.push({ type: 'security', severity, message, file: filePath, line: getLineNumber(match) });
+  }
+}
+```
+
+4. **Scan for prompt injection in AI code**:
+```typescript
+// If file contains AI/LLM related code
+if (/openai|anthropic|llm|prompt|chat/i.test(fileContent)) {
+  // Check for unsafe prompt construction
+  const unsafePromptPatterns = [
+    /\$\{.*user.*\}/i,  // Template literal with user input
+    /\+ .*input/i,      // String concatenation with input
+    /prompt.*=.*request/i, // Direct request to prompt
+  ];
+
+  for (const pattern of unsafePromptPatterns) {
+    if (pattern.test(fileContent)) {
+      findings.push({
+        type: 'prompt_injection_risk',
+        severity: 'high',
+        message: 'Potential prompt injection vulnerability - user input directly in prompt',
+        file: filePath
+      });
+    }
+  }
+}
+```
+
+### Step 3: Generate Report
+
+```markdown
+## Security Review Report
+
+### Summary
+- Files reviewed: X
+- Critical issues: X
+- High severity: X
+- Medium severity: X
+- Low severity: X
+
+### Findings
+
+#### Critical
+1. **[file.ts:42]** Hardcoded API key detected
+   - **Risk**: Credential exposure
+   - **Fix**: Move to environment variable
+
+#### High
+1. **[api.ts:108]** User input directly concatenated to prompt
+   - **Risk**: Prompt injection vulnerability
+   - **Fix**: Sanitize and validate user input before including in prompts
+
+### Recommendations
+1. Enable input validation at all API boundaries
+2. Use environment variables for all credentials
+3. Implement prompt injection defenses for AI code
+```
+
+### Step 4: Learn from Review
+
+```typescript
+// Store review patterns for learning
+for (const finding of findings) {
+  await aidefence.learnFromDetection(
+    finding.context,
+    { safe: false, threats: [{ type: finding.type, severity: finding.severity }] }
+  );
+}
+```
+
+## Example Output
+
+```
+🔍 Security Review: src/api/
+
+Scanning 12 files...
+
+❌ CRITICAL: src/api/config.ts:15
+   Hardcoded API key: sk-ant-api03...
+   → Move to .env file and use process.env.ANTHROPIC_API_KEY
+
+⚠️ HIGH: src/api/chat.ts:42
+   User input directly in prompt template
+   → Sanitize input: const sanitized = sanitizeForPrompt(userInput)
+
+⚠️ HIGH: src/api/chat.ts:67
+   No input length validation
+   → Add: if (input.length > MAX_INPUT_LENGTH) throw new Error('...')
+
+ℹ️ MEDIUM: src/api/utils.ts:23
+   Using eval() for JSON parsing
+   → Use JSON.parse() instead
+
+📊 Summary: 1 critical, 2 high, 1 medium issues found
+```
+
+## Integration Notes
+
+- Works with `reviewer` agent for comprehensive code reviews
+- Findings are stored in memory for pattern learning
+- Can be triggered automatically via pre-commit hooks

package/dist/src/commands/security.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/commands/security.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAiC,MAAM,aAAa,CAAC;AA0P1E,eAAO,MAAM,eAAe,EAAE,OA4B7B,CAAC;AAEF,eAAe,eAAe,CAAC"}
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/commands/security.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAiC,MAAM,aAAa,CAAC;AAqZ1E,eAAO,MAAM,eAAe,EAAE,OA6B7B,CAAC;AAEF,eAAe,eAAe,CAAC"}

package/dist/src/commands/security.js

@@ -227,11 +227,150 @@ const secretsCommand = {
         return { success: true };
     },
 };
+// Defend subcommand (AIDefence integration)
+const defendCommand = {
+    name: 'defend',
+    description: 'AI manipulation defense - detect prompt injection, jailbreaks, and PII',
+    options: [
+        { name: 'input', short: 'i', type: 'string', description: 'Input text to scan for threats' },
+        { name: 'file', short: 'f', type: 'string', description: 'File to scan for threats' },
+        { name: 'quick', short: 'q', type: 'boolean', description: 'Quick scan (faster, less detailed)' },
+        { name: 'learn', short: 'l', type: 'boolean', description: 'Enable learning mode', default: 'true' },
+        { name: 'stats', short: 's', type: 'boolean', description: 'Show detection statistics' },
+        { name: 'output', short: 'o', type: 'string', description: 'Output format: text, json', default: 'text' },
+    ],
+    examples: [
+        { command: 'claude-flow security defend -i "ignore previous instructions"', description: 'Scan text for threats' },
+        { command: 'claude-flow security defend -f ./prompts.txt', description: 'Scan file for threats' },
+        { command: 'claude-flow security defend --stats', description: 'Show detection statistics' },
+    ],
+    action: async (ctx) => {
+        const inputText = ctx.flags.input;
+        const filePath = ctx.flags.file;
+        const quickMode = ctx.flags.quick;
+        const showStats = ctx.flags.stats;
+        const outputFormat = ctx.flags.output || 'text';
+        const enableLearning = ctx.flags.learn !== false;
+        output.writeln();
+        output.writeln(output.bold('🛡️ AIDefence - AI Manipulation Defense System'));
+        output.writeln(output.dim('─'.repeat(55)));
+        // Dynamic import of aidefence (allows package to be optional)
+        let createAIDefence;
+        try {
+            const aidefence = await import('@claude-flow/aidefence');
+            createAIDefence = aidefence.createAIDefence;
+        }
+        catch {
+            output.error('AIDefence package not installed. Run: npm install @claude-flow/aidefence');
+            return { success: false, message: 'AIDefence not available' };
+        }
+        const defender = createAIDefence({ enableLearning });
+        // Show stats mode
+        if (showStats) {
+            const stats = await defender.getStats();
+            output.writeln();
+            output.printBox([
+                `Detection Count: ${stats.detectionCount}`,
+                `Avg Detection Time: ${stats.avgDetectionTimeMs.toFixed(3)}ms`,
+                `Learned Patterns: ${stats.learnedPatterns}`,
+                `Mitigation Strategies: ${stats.mitigationStrategies}`,
+                `Avg Mitigation Effectiveness: ${(stats.avgMitigationEffectiveness * 100).toFixed(1)}%`,
+            ].join('\n'), 'Detection Statistics');
+            return { success: true };
+        }
+        // Get input to scan
+        let textToScan = inputText;
+        if (filePath) {
+            try {
+                const fs = await import('fs/promises');
+                textToScan = await fs.readFile(filePath, 'utf-8');
+                output.writeln(output.dim(`Reading file: ${filePath}`));
+            }
+            catch (err) {
+                output.error(`Failed to read file: ${filePath}`);
+                return { success: false, message: 'File not found' };
+            }
+        }
+        if (!textToScan) {
+            output.writeln('Usage: claude-flow security defend -i "<text>" or -f <file>');
+            output.writeln();
+            output.writeln('Options:');
+            output.printList([
+                '-i, --input   Text to scan for AI manipulation attempts',
+                '-f, --file    File path to scan',
+                '-q, --quick   Quick scan mode (faster)',
+                '-s, --stats   Show detection statistics',
+                '--learn       Enable pattern learning (default: true)',
+            ]);
+            return { success: true };
+        }
+        const spinner = output.createSpinner({ text: 'Scanning for threats...', spinner: 'dots' });
+        spinner.start();
+        // Perform scan
+        const startTime = performance.now();
+        const result = quickMode
+            ? { ...defender.quickScan(textToScan), threats: [], piiFound: false, detectionTimeMs: 0, inputHash: '', safe: !defender.quickScan(textToScan).threat }
+            : await defender.detect(textToScan);
+        const scanTime = performance.now() - startTime;
+        spinner.stop();
+        // JSON output
+        if (outputFormat === 'json') {
+            output.writeln(JSON.stringify({
+                safe: result.safe,
+                threats: result.threats || [],
+                piiFound: result.piiFound,
+                detectionTimeMs: scanTime,
+            }, null, 2));
+            return { success: true };
+        }
+        // Text output
+        output.writeln();
+        if (result.safe && !result.piiFound) {
+            output.writeln(output.success('✅ No threats detected'));
+        }
+        else {
+            if (!result.safe && result.threats) {
+                output.writeln(output.error(`⚠️ ${result.threats.length} threat(s) detected:`));
+                output.writeln();
+                for (const threat of result.threats) {
+                    const severityColor = {
+                        critical: output.error,
+                        high: output.warning,
+                        medium: output.info,
+                        low: output.dim,
+                    }[threat.severity] || output.dim;
+                    output.writeln(`  ${severityColor(`[${threat.severity.toUpperCase()}]`)} ${threat.type}`);
+                    output.writeln(`    ${output.dim(threat.description)}`);
+                    output.writeln(`    Confidence: ${(threat.confidence * 100).toFixed(1)}%`);
+                    output.writeln();
+                }
+                // Show mitigation recommendations
+                const criticalThreats = result.threats.filter(t => t.severity === 'critical');
+                if (criticalThreats.length > 0 && enableLearning) {
+                    output.writeln(output.bold('Recommended Mitigations:'));
+                    for (const threat of criticalThreats) {
+                        const mitigation = await defender.getBestMitigation(threat.type);
+                        if (mitigation) {
+                            output.writeln(`  ${threat.type}: ${output.bold(mitigation.strategy)} (${(mitigation.effectiveness * 100).toFixed(0)}% effective)`);
+                        }
+                    }
+                    output.writeln();
+                }
+            }
+            if (result.piiFound) {
+                output.writeln(output.warning('⚠️ PII detected (emails, SSNs, API keys, etc.)'));
+                output.writeln();
+            }
+        }
+        output.writeln(output.dim(`Detection time: ${scanTime.toFixed(3)}ms`));
+        return { success: result.safe };
+    },
+};
 // Main security command
 export const securityCommand = {
     name: 'security',
-    description: 'Security scanning, CVE detection, threat modeling, vulnerability management',
-    subcommands: [scanCommand, cveCommand, threatsCommand, auditCommand, secretsCommand],
+    description: 'Security scanning, CVE detection, threat modeling, AI defense',
+    subcommands: [scanCommand, cveCommand, threatsCommand, auditCommand, secretsCommand, defendCommand],
     examples: [
         { command: 'claude-flow security scan', description: 'Run security scan' },
         { command: 'claude-flow security cve --list', description: 'List known CVEs' },
@@ -249,6 +388,7 @@ export const securityCommand = {
             'threats  - Threat modeling (STRIDE, DREAD, PASTA)',
             'audit    - Security audit logging and compliance',
             'secrets  - Detect and manage secrets in codebase',
+            'defend   - AI manipulation defense (prompt injection, jailbreaks, PII)',
         ]);
         output.writeln();
         output.writeln('Use --help with subcommands for more info');