@claude-flow/cli 3.0.0-alpha.64 → 3.0.0-alpha.66

package/.claude/skills/aidefence.yaml

@@ -0,0 +1,297 @@
+---
+name: aidefence
+version: 1.0.0
+description: |
+  AI Manipulation Defense System (AIMDS) integration for Claude Flow V3.
+  Provides real-time threat detection, behavioral analysis, and adaptive
+  mitigation with 25-level meta-learning capabilities.
+
+author: rUv
+license: MIT
+homepage: https://ruv.io/aimds
+repository: https://github.com/ruvnet/midstream/tree/main/AIMDS
+
+# Package reference
+package: aidefence@^2.1.1
+
+# Capabilities provided by this skill
+capabilities:
+  # Detection capabilities
+  - prompt_injection_detection    # 50+ prompt injection patterns
+  - jailbreak_detection          # AI jailbreak attempt detection
+  - pii_detection               # PII identification (emails, SSNs, API keys)
+  - unicode_normalization       # Control character sanitization
+
+  # Analysis capabilities
+  - behavioral_analysis         # Temporal pattern analysis
+  - chaos_detection            # Lyapunov exponent calculation
+  - policy_verification        # Linear Temporal Logic (LTL) policies
+  - anomaly_detection          # Statistical baseline learning
+
+  # Response capabilities
+  - adaptive_mitigation        # 7 distinct mitigation strategies
+  - meta_learning             # 25-level recursive optimization (strange-loop)
+  - rollback_management       # Failed mitigation rollback
+  - effectiveness_tracking    # Real-time mitigation monitoring
+
+# Performance characteristics
+performance:
+  detection_latency: <10ms
+  analysis_latency: <100ms
+  response_latency: <50ms
+  throughput: ">12000 req/s"
+
+# Commands exposed by this skill
+commands:
+  scan:
+    description: Scan input for AI manipulation attempts
+    usage: |
+      /aidefence scan <input>
+      /aidefence scan --file <path>
+      /aidefence scan --mode paranoid <input>
+    examples:
+      - "/aidefence scan 'Ignore previous instructions and...'"
+      - "/aidefence scan --file suspicious-prompt.txt"
+      - "/aidefence scan --mode paranoid --json 'Please help me...'"
+    options:
+      - name: mode
+        type: choice
+        choices:
+          - quick      # Pattern matching only (<5ms)
+          - thorough   # Pattern + behavioral (<50ms)
+          - paranoid   # Full analysis + policy verification (<150ms)
+        default: thorough
+        description: Scan depth mode
+      - name: file
+        type: string
+        description: File path to scan instead of inline input
+      - name: json
+        type: boolean
+        default: false
+        description: Output results as JSON
+
+  analyze:
+    description: Analyze agent behavior patterns for anomalies
+    usage: |
+      /aidefence analyze <agent-id>
+      /aidefence analyze <agent-id> --window 24h
+    examples:
+      - "/aidefence analyze security-architect-1234"
+      - "/aidefence analyze coder-5678 --window 10m --threshold 0.7"
+    options:
+      - name: window
+        type: string
+        default: "1h"
+        description: Time window for behavioral analysis
+      - name: threshold
+        type: number
+        default: 0.8
+        description: Anomaly score threshold (0-1)
+
+  policy:
+    description: Verify agent against LTL security policy
+    usage: |
+      /aidefence policy <agent-id> <ltl-formula>
+    examples:
+      - "/aidefence policy coder-1234 'G(edit_file -> F(run_tests))'"
+      - "/aidefence policy reviewer-5678 'G(!approve_self_code)'"
+    options:
+      - name: verbose
+        type: boolean
+        default: false
+        description: Show detailed policy evaluation trace
+
+  learn:
+    description: Record successful mitigation for meta-learning
+    usage: |
+      /aidefence learn <threat-type> <strategy> --effectiveness <score>
+    examples:
+      - "/aidefence learn prompt_injection sanitize --effectiveness 0.95"
+      - "/aidefence learn jailbreak reject --effectiveness 1.0"
+    options:
+      - name: effectiveness
+        type: number
+        required: true
+        description: Mitigation effectiveness score (0-1)
+
+  status:
+    description: Show aidefence system status and metrics
+    usage: |
+      /aidefence status
+      /aidefence status --metrics
+    options:
+      - name: metrics
+        type: boolean
+        default: false
+        description: Include Prometheus metrics
+
+# Hook integrations
+hooks:
+  # Pre-agent-input: Scan all agent inputs for manipulation
+  pre-agent-input:
+    enabled: true
+    description: Scan agent inputs before processing
+    config:
+      block_critical: true       # Block inputs with critical threats
+      block_high: false          # Allow high severity with logging
+      log_all: true             # Log all threat detections
+      mode: thorough            # Default scan mode
+
+  # Post-agent-action: Learn from agent behaviors
+  post-agent-action:
+    enabled: true
+    description: Record agent actions for behavioral modeling
+    config:
+      sampling_rate: 0.1        # Sample 10% of actions for analysis
+      anomaly_threshold: 0.8    # Alert threshold for anomaly score
+      store_embeddings: true    # Store action embeddings in AgentDB
+
+  # Pre-swarm-init: Verify swarm security policies
+  pre-swarm-init:
+    enabled: true
+    description: Verify swarm topology against security policies
+    config:
+      require_security_agent: true  # Require security-architect in swarm
+      validate_topology: true       # Validate topology security
+
+# Integration with claude-flow systems
+integration:
+  # AgentDB integration for shared threat patterns
+  agentdb:
+    enabled: true
+    namespace: security_threats
+    hnsw_enabled: true
+    config:
+      vector_dimension: 384
+      m: 16
+      ef_construction: 200
+      ef_search: 100
+
+  # ReasoningBank integration for pattern learning
+  reasoningbank:
+    enabled: true
+    store_patterns: true
+    learn_mitigations: true
+    config:
+      min_effectiveness: 0.8    # Only store high-effectiveness patterns
+      consolidation_interval: 1h
+
+  # Prometheus metrics
+  prometheus:
+    enabled: true
+    metrics:
+      - aidefence_threats_detected_total
+      - aidefence_detection_latency_ms
+      - aidefence_analysis_latency_ms
+      - aidefence_anomaly_score
+      - aidefence_mitigations_applied_total
+      - aidefence_meta_learning_depth
+
+# MCP tool registrations
+mcp_tools:
+  - name: aidefence_scan
+    description: Scan input for AI manipulation attempts
+    input_schema:
+      type: object
+      properties:
+        input:
+          type: string
+          description: Input text to scan
+        mode:
+          type: string
+          enum: [quick, thorough, paranoid]
+          default: thorough
+      required: [input]
+
+  - name: aidefence_analyze_behavior
+    description: Analyze agent behavioral patterns for anomalies
+    input_schema:
+      type: object
+      properties:
+        agentId:
+          type: string
+          description: Agent ID to analyze
+        timeWindow:
+          type: string
+          default: "1h"
+          description: Time window for analysis
+      required: [agentId]
+
+  - name: aidefence_verify_policy
+    description: Verify agent behavior against LTL security policies
+    input_schema:
+      type: object
+      properties:
+        agentId:
+          type: string
+        policy:
+          type: string
+          description: LTL policy formula
+      required: [agentId, policy]
+
+  - name: aidefence_learn_pattern
+    description: Store successful threat pattern for meta-learning
+    input_schema:
+      type: object
+      properties:
+        threatType:
+          type: string
+        mitigation:
+          type: string
+        effectiveness:
+          type: number
+          minimum: 0
+          maximum: 1
+      required: [threatType, mitigation, effectiveness]
+
+# Threat detection patterns (reference)
+threat_patterns:
+  prompt_injection:
+    count: 50+
+    categories:
+      - instruction_override    # "Ignore previous instructions"
+      - role_switching         # "You are now DAN"
+      - context_manipulation   # Fake system messages
+      - delimiter_abuse        # Using special tokens
+
+  jailbreak:
+    categories:
+      - dan_variants           # Do Anything Now variants
+      - hypothetical          # "Hypothetically, if..."
+      - roleplay              # Character-based bypasses
+      - encoding              # Base64/ROT13 encoded prompts
+
+  pii:
+    types:
+      - email_addresses
+      - social_security_numbers
+      - credit_card_numbers
+      - api_keys
+      - passwords
+
+# Behavioral analysis configuration
+behavioral_analysis:
+  temporal:
+    window_sizes: [1m, 10m, 1h, 24h]
+    attractor_types:
+      - point     # Stable single point
+      - cycle     # Periodic behavior
+      - torus     # Quasi-periodic
+      - strange   # Chaotic (suspicious)
+
+  lyapunov:
+    threshold: 0.1  # Positive = chaotic behavior
+    embedding_dimension: 3
+    time_delay: 1
+
+  baseline:
+    learning_period: 24h
+    update_frequency: 1h
+    deviation_threshold: 3.0  # Standard deviations
+
+# Documentation links
+documentation:
+  readme: https://github.com/ruvnet/midstream/blob/main/AIMDS/README.md
+  api: https://ruv.io/aimds/api
+  patterns: https://ruv.io/aimds/patterns
+  integration: /v3/implementation/adrs/ADR-022-aidefence-integration.md

package/.claude/skills/secure-review.md

@@ -0,0 +1,181 @@
+---
+name: secure-review
+version: 1.0.0
+description: Security-focused code review with AI manipulation detection
+author: rUv
+tags: [security, code-review, aidefence]
+
+invocation:
+  - /secure-review
+  - /security-review
+
+requires:
+  - "@claude-flow/aidefence"
+---
+
+# Secure Review Skill
+
+Perform security-focused code reviews that include AI manipulation detection, credential scanning, and security best practice validation.
+
+## Commands
+
+### `/secure-review <file-or-directory>`
+Review code for security issues including:
+- Hardcoded credentials
+- Prompt injection vulnerabilities
+- Unsafe input handling
+- Security anti-patterns
+
+### `/secure-review --quick <file>`
+Quick security scan without detailed analysis.
+
+### `/secure-review --fix <file>`
+Review and suggest fixes for security issues.
+
+---
+
+## Execution Instructions
+
+When `/secure-review` is invoked:
+
+### Step 1: Initialize Security Tools
+
+```typescript
+import { createAIDefence } from '@claude-flow/aidefence';
+
+const aidefence = createAIDefence({ enableLearning: true });
+```
+
+### Step 2: Read and Analyze Files
+
+For each file to review:
+
+1. **Read the file** using the Read tool
+2. **Scan for PII/Credentials**:
+```typescript
+const piiResult = aidefence.hasPII(fileContent);
+if (piiResult) {
+  findings.push({
+    type: 'pii',
+    severity: 'high',
+    message: 'Potential credentials or PII detected',
+    file: filePath
+  });
+}
+```
+
+3. **Check for dangerous patterns**:
+```typescript
+const dangerousPatterns = [
+  { pattern: /eval\s*\(/, message: 'Unsafe eval() usage', severity: 'critical' },
+  { pattern: /innerHTML\s*=/, message: 'Potential XSS via innerHTML', severity: 'high' },
+  { pattern: /shell:\s*true/, message: 'Shell injection risk', severity: 'critical' },
+  { pattern: /dangerouslySetInnerHTML/, message: 'Dangerous HTML injection', severity: 'high' },
+  { pattern: /password.*=.*['"][^'"]+['"]/, message: 'Hardcoded password', severity: 'critical' },
+];
+
+for (const { pattern, message, severity } of dangerousPatterns) {
+  const match = fileContent.match(pattern);
+  if (match) {
+    findings.push({ type: 'security', severity, message, file: filePath, line: getLineNumber(match) });
+  }
+}
+```
+
+4. **Scan for prompt injection in AI code**:
+```typescript
+// If file contains AI/LLM related code
+if (/openai|anthropic|llm|prompt|chat/i.test(fileContent)) {
+  // Check for unsafe prompt construction
+  const unsafePromptPatterns = [
+    /\$\{.*user.*\}/i,  // Template literal with user input
+    /\+ .*input/i,      // String concatenation with input
+    /prompt.*=.*request/i, // Direct request to prompt
+  ];
+
+  for (const pattern of unsafePromptPatterns) {
+    if (pattern.test(fileContent)) {
+      findings.push({
+        type: 'prompt_injection_risk',
+        severity: 'high',
+        message: 'Potential prompt injection vulnerability - user input directly in prompt',
+        file: filePath
+      });
+    }
+  }
+}
+```
+
+### Step 3: Generate Report
+
+```markdown
+## Security Review Report
+
+### Summary
+- Files reviewed: X
+- Critical issues: X
+- High severity: X
+- Medium severity: X
+- Low severity: X
+
+### Findings
+
+#### Critical
+1. **[file.ts:42]** Hardcoded API key detected
+   - **Risk**: Credential exposure
+   - **Fix**: Move to environment variable
+
+#### High
+1. **[api.ts:108]** User input directly concatenated to prompt
+   - **Risk**: Prompt injection vulnerability
+   - **Fix**: Sanitize and validate user input before including in prompts
+
+### Recommendations
+1. Enable input validation at all API boundaries
+2. Use environment variables for all credentials
+3. Implement prompt injection defenses for AI code
+```
+
+### Step 4: Learn from Review
+
+```typescript
+// Store review patterns for learning
+for (const finding of findings) {
+  await aidefence.learnFromDetection(
+    finding.context,
+    { safe: false, threats: [{ type: finding.type, severity: finding.severity }] }
+  );
+}
+```
+
+## Example Output
+
+```
+🔍 Security Review: src/api/
+
+Scanning 12 files...
+
+❌ CRITICAL: src/api/config.ts:15
+   Hardcoded API key: sk-ant-api03...
+   → Move to .env file and use process.env.ANTHROPIC_API_KEY
+
+⚠️ HIGH: src/api/chat.ts:42
+   User input directly in prompt template
+   → Sanitize input: const sanitized = sanitizeForPrompt(userInput)
+
+⚠️ HIGH: src/api/chat.ts:67
+   No input length validation
+   → Add: if (input.length > MAX_INPUT_LENGTH) throw new Error('...')
+
+ℹ️ MEDIUM: src/api/utils.ts:23
+   Using eval() for JSON parsing
+   → Use JSON.parse() instead
+
+📊 Summary: 1 critical, 2 high, 1 medium issues found
+```
+
+## Integration Notes
+
+- Works with `reviewer` agent for comprehensive code reviews
+- Findings are stored in memory for pattern learning
+- Can be triggered automatically via pre-commit hooks

package/dist/src/commands/embeddings.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"embeddings.d.ts","sourceRoot":"","sources":["../../../src/commands/embeddings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAiC,MAAM,aAAa,CAAC;AA01B1E,eAAO,MAAM,iBAAiB,EAAE,OA6D/B,CAAC;AAEF,eAAe,iBAAiB,CAAC"}
+{"version":3,"file":"embeddings.d.ts","sourceRoot":"","sources":["../../../src/commands/embeddings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAiC,MAAM,aAAa,CAAC;AAg+B1E,eAAO,MAAM,iBAAiB,EAAE,OAiE/B,CAAC;AAEF,eAAe,iBAAiB,CAAC"}

package/dist/src/commands/embeddings.js

@@ -452,6 +452,127 @@ const indexCommand = {
         return { success: true };
     },
 };
+// Init subcommand - Initialize ONNX models and hyperbolic config
+const initCommand = {
+    name: 'init',
+    description: 'Initialize embedding subsystem with ONNX model and hyperbolic config',
+    options: [
+        { name: 'model', short: 'm', type: 'string', description: 'ONNX model ID', default: 'all-MiniLM-L6-v2' },
+        { name: 'hyperbolic', type: 'boolean', description: 'Enable hyperbolic (Poincaré ball) embeddings', default: 'true' },
+        { name: 'curvature', short: 'c', type: 'number', description: 'Poincaré ball curvature (negative)', default: '-1' },
+        { name: 'download', short: 'd', type: 'boolean', description: 'Download model during init', default: 'true' },
+        { name: 'cache-size', type: 'number', description: 'LRU cache entries', default: '256' },
+    ],
+    examples: [
+        { command: 'claude-flow embeddings init', description: 'Initialize with defaults' },
+        { command: 'claude-flow embeddings init --model all-mpnet-base-v2', description: 'Use higher quality model' },
+        { command: 'claude-flow embeddings init --no-hyperbolic', description: 'Euclidean only' },
+    ],
+    action: async (ctx) => {
+        const model = ctx.flags.model || 'all-MiniLM-L6-v2';
+        const hyperbolic = ctx.flags.hyperbolic !== false;
+        const curvature = parseFloat(ctx.flags.curvature || '-1');
+        const download = ctx.flags.download !== false;
+        const cacheSize = parseInt(ctx.flags['cache-size'] || '256', 10);
+        output.writeln();
+        output.writeln(output.bold('Initialize Embedding Subsystem'));
+        output.writeln(output.dim('─'.repeat(55)));
+        const spinner = output.createSpinner({ text: 'Initializing...', spinner: 'dots' });
+        spinner.start();
+        try {
+            const fs = await import('fs');
+            const path = await import('path');
+            // Create directories
+            const configDir = path.join(process.cwd(), '.claude-flow');
+            const modelDir = path.join(configDir, 'models');
+            if (!fs.existsSync(configDir)) {
+                fs.mkdirSync(configDir, { recursive: true });
+            }
+            if (!fs.existsSync(modelDir)) {
+                fs.mkdirSync(modelDir, { recursive: true });
+            }
+            // Download model if requested
+            if (download) {
+                spinner.setText(`Downloading ONNX model: ${model}...`);
+                const embeddings = await getEmbeddings();
+                if (embeddings) {
+                    await embeddings.downloadEmbeddingModel(model, modelDir, (p) => {
+                        spinner.setText(`Downloading ${model}... ${p.percent.toFixed(0)}%`);
+                    });
+                }
+                else {
+                    // Simulate download for when embeddings package not available
+                    await new Promise(r => setTimeout(r, 500));
+                    output.writeln(output.dim('  (Simulated - @claude-flow/embeddings not installed)'));
+                }
+            }
+            // Write embeddings config
+            spinner.setText('Writing configuration...');
+            const dimension = model.includes('mpnet') ? 768 : 384;
+            const config = {
+                model,
+                modelPath: modelDir,
+                dimension,
+                cacheSize,
+                hyperbolic: {
+                    enabled: hyperbolic,
+                    curvature,
+                    epsilon: 1e-15,
+                    maxNorm: 1 - 1e-5,
+                },
+                neural: {
+                    enabled: true,
+                    driftThreshold: 0.3,
+                    decayRate: 0.01,
+                },
+                initialized: new Date().toISOString(),
+            };
+            const configPath = path.join(configDir, 'embeddings.json');
+            fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+            spinner.succeed('Embedding subsystem initialized');
+            output.writeln();
+            output.printTable({
+                columns: [
+                    { key: 'setting', header: 'Setting', width: 18 },
+                    { key: 'value', header: 'Value', width: 40 },
+                ],
+                data: [
+                    { setting: 'Model', value: model },
+                    { setting: 'Dimension', value: String(dimension) },
+                    { setting: 'Cache Size', value: String(cacheSize) + ' entries' },
+                    { setting: 'Hyperbolic', value: hyperbolic ? `${output.success('Enabled')} (c=${curvature})` : output.dim('Disabled') },
+                    { setting: 'Neural Substrate', value: output.success('Enabled') },
+                    { setting: 'Model Path', value: modelDir },
+                    { setting: 'Config', value: configPath },
+                ],
+            });
+            output.writeln();
+            if (hyperbolic) {
+                output.printBox([
+                    'Hyperbolic Embeddings (Poincaré Ball):',
+                    '• Better for hierarchical data (trees, taxonomies)',
+                    '• Exponential capacity in low dimensions',
+                    '• Distance preserves hierarchy structure',
+                    '',
+                    'Use: embeddings hyperbolic -a convert',
+                ].join('\n'), 'Hyperbolic Space');
+            }
+            output.writeln();
+            output.writeln(output.dim('Next steps:'));
+            output.printList([
+                'embeddings generate -t "test text"  - Test embedding generation',
+                'embeddings search -q "query"        - Semantic search',
+                'memory store -k key --value text    - Store with auto-embedding',
+            ]);
+            return { success: true, data: config };
+        }
+        catch (error) {
+            spinner.fail('Initialization failed');
+            output.printError(error instanceof Error ? error.message : String(error));
+            return { success: false, exitCode: 1 };
+        }
+    },
+};
 // Providers subcommand
 const providersCommand = {
     name: 'providers',
@@ -770,6 +891,7 @@ export const embeddingsCommand = {
     description: 'Vector embeddings, semantic search, similarity operations',
     aliases: ['embed'],
     subcommands: [
+        initCommand,
         generateCommand,
         searchCommand,
         compareCommand,
@@ -784,6 +906,8 @@ export const embeddingsCommand = {
         cacheCommand,
     ],
     examples: [
+        { command: 'claude-flow embeddings init', description: 'Initialize ONNX embedding system' },
+        { command: 'claude-flow embeddings init --model all-mpnet-base-v2', description: 'Init with larger model' },
         { command: 'claude-flow embeddings generate -t "Hello"', description: 'Generate embedding' },
         { command: 'claude-flow embeddings search -q "error handling"', description: 'Semantic search' },
         { command: 'claude-flow embeddings chunk -t "Long doc..."', description: 'Chunk document' },
@@ -797,6 +921,7 @@ export const embeddingsCommand = {
         output.writeln();
         output.writeln('Core Commands:');
         output.printList([
+            'init        - Initialize ONNX models and hyperbolic config',
             'generate    - Generate embeddings for text',
             'search      - Semantic similarity search',
             'compare     - Compare similarity between texts',