@claude-flow/cli 3.7.0-alpha.4 → 3.7.0-alpha.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (231) hide show
  1. package/.claude/helpers/hook-handler.cjs +12 -4
  2. package/.claude/helpers/statusline.cjs +31 -2
  3. package/.claude/helpers/statusline.js +35 -4
  4. package/README.md +55 -41
  5. package/bin/cli.js +15 -2
  6. package/bin/mcp-server.js +1 -1
  7. package/dist/src/commands/agent-wasm.js +2 -2
  8. package/dist/src/commands/agent-wasm.js.map +1 -1
  9. package/dist/src/commands/daemon.d.ts +20 -0
  10. package/dist/src/commands/daemon.d.ts.map +1 -1
  11. package/dist/src/commands/daemon.js +366 -7
  12. package/dist/src/commands/daemon.js.map +1 -1
  13. package/dist/src/commands/doctor.d.ts.map +1 -1
  14. package/dist/src/commands/doctor.js +224 -46
  15. package/dist/src/commands/doctor.js.map +1 -1
  16. package/dist/src/commands/embeddings.d.ts.map +1 -1
  17. package/dist/src/commands/embeddings.js +18 -9
  18. package/dist/src/commands/embeddings.js.map +1 -1
  19. package/dist/src/commands/hive-mind.d.ts.map +1 -1
  20. package/dist/src/commands/hive-mind.js +25 -7
  21. package/dist/src/commands/hive-mind.js.map +1 -1
  22. package/dist/src/commands/hooks.d.ts.map +1 -1
  23. package/dist/src/commands/hooks.js +56 -29
  24. package/dist/src/commands/hooks.js.map +1 -1
  25. package/dist/src/commands/memory.d.ts.map +1 -1
  26. package/dist/src/commands/memory.js +104 -3
  27. package/dist/src/commands/memory.js.map +1 -1
  28. package/dist/src/commands/start.js +1 -1
  29. package/dist/src/commands/start.js.map +1 -1
  30. package/dist/src/commands/swarm.js +1 -1
  31. package/dist/src/commands/swarm.js.map +1 -1
  32. package/dist/src/commands/task.d.ts.map +1 -1
  33. package/dist/src/commands/task.js +8 -4
  34. package/dist/src/commands/task.js.map +1 -1
  35. package/dist/src/config-adapter.js +1 -1
  36. package/dist/src/config-adapter.js.map +1 -1
  37. package/dist/src/index.d.ts +5 -1
  38. package/dist/src/index.d.ts.map +1 -1
  39. package/dist/src/index.js +61 -18
  40. package/dist/src/index.js.map +1 -1
  41. package/dist/src/init/executor.d.ts.map +1 -1
  42. package/dist/src/init/executor.js +92 -0
  43. package/dist/src/init/executor.js.map +1 -1
  44. package/dist/src/init/helpers-generator.d.ts.map +1 -1
  45. package/dist/src/init/helpers-generator.js +6 -2
  46. package/dist/src/init/helpers-generator.js.map +1 -1
  47. package/dist/src/init/mcp-generator.js +4 -4
  48. package/dist/src/init/mcp-generator.js.map +1 -1
  49. package/dist/src/init/settings-generator.d.ts.map +1 -1
  50. package/dist/src/init/settings-generator.js +78 -19
  51. package/dist/src/init/settings-generator.js.map +1 -1
  52. package/dist/src/init/statusline-generator.d.ts.map +1 -1
  53. package/dist/src/init/statusline-generator.js +75 -31
  54. package/dist/src/init/statusline-generator.js.map +1 -1
  55. package/dist/src/init/types.d.ts +7 -0
  56. package/dist/src/init/types.d.ts.map +1 -1
  57. package/dist/src/init/types.js.map +1 -1
  58. package/dist/src/mcp-client.d.ts.map +1 -1
  59. package/dist/src/mcp-client.js +12 -0
  60. package/dist/src/mcp-client.js.map +1 -1
  61. package/dist/src/mcp-server.d.ts.map +1 -1
  62. package/dist/src/mcp-server.js +38 -5
  63. package/dist/src/mcp-server.js.map +1 -1
  64. package/dist/src/mcp-tools/agent-execute-core.d.ts +3 -2
  65. package/dist/src/mcp-tools/agent-execute-core.d.ts.map +1 -1
  66. package/dist/src/mcp-tools/agent-execute-core.js +16 -9
  67. package/dist/src/mcp-tools/agent-execute-core.js.map +1 -1
  68. package/dist/src/mcp-tools/agent-tools.d.ts.map +1 -1
  69. package/dist/src/mcp-tools/agent-tools.js +88 -11
  70. package/dist/src/mcp-tools/agent-tools.js.map +1 -1
  71. package/dist/src/mcp-tools/agentdb-tools.d.ts +3 -0
  72. package/dist/src/mcp-tools/agentdb-tools.d.ts.map +1 -1
  73. package/dist/src/mcp-tools/agentdb-tools.js +206 -21
  74. package/dist/src/mcp-tools/agentdb-tools.js.map +1 -1
  75. package/dist/src/mcp-tools/analyze-tools.js +6 -6
  76. package/dist/src/mcp-tools/analyze-tools.js.map +1 -1
  77. package/dist/src/mcp-tools/autopilot-tools.js +10 -10
  78. package/dist/src/mcp-tools/autopilot-tools.js.map +1 -1
  79. package/dist/src/mcp-tools/browser-session-tools.d.ts.map +1 -1
  80. package/dist/src/mcp-tools/browser-session-tools.js +12 -7
  81. package/dist/src/mcp-tools/browser-session-tools.js.map +1 -1
  82. package/dist/src/mcp-tools/browser-tools.js +23 -23
  83. package/dist/src/mcp-tools/browser-tools.js.map +1 -1
  84. package/dist/src/mcp-tools/claims-tools.js +12 -12
  85. package/dist/src/mcp-tools/claims-tools.js.map +1 -1
  86. package/dist/src/mcp-tools/config-tools.js +6 -6
  87. package/dist/src/mcp-tools/config-tools.js.map +1 -1
  88. package/dist/src/mcp-tools/coordination-tools.js +7 -7
  89. package/dist/src/mcp-tools/coordination-tools.js.map +1 -1
  90. package/dist/src/mcp-tools/daa-tools.js +8 -8
  91. package/dist/src/mcp-tools/daa-tools.js.map +1 -1
  92. package/dist/src/mcp-tools/embeddings-tools.js +10 -10
  93. package/dist/src/mcp-tools/embeddings-tools.js.map +1 -1
  94. package/dist/src/mcp-tools/github-tools.js +5 -5
  95. package/dist/src/mcp-tools/github-tools.js.map +1 -1
  96. package/dist/src/mcp-tools/guidance-tools.js +21 -21
  97. package/dist/src/mcp-tools/guidance-tools.js.map +1 -1
  98. package/dist/src/mcp-tools/hive-mind-tools.d.ts.map +1 -1
  99. package/dist/src/mcp-tools/hive-mind-tools.js +53 -9
  100. package/dist/src/mcp-tools/hive-mind-tools.js.map +1 -1
  101. package/dist/src/mcp-tools/hooks-tools.d.ts +2 -0
  102. package/dist/src/mcp-tools/hooks-tools.d.ts.map +1 -1
  103. package/dist/src/mcp-tools/hooks-tools.js +183 -48
  104. package/dist/src/mcp-tools/hooks-tools.js.map +1 -1
  105. package/dist/src/mcp-tools/managed-agent-tools.d.ts +22 -0
  106. package/dist/src/mcp-tools/managed-agent-tools.d.ts.map +1 -0
  107. package/dist/src/mcp-tools/managed-agent-tools.js +357 -0
  108. package/dist/src/mcp-tools/managed-agent-tools.js.map +1 -0
  109. package/dist/src/mcp-tools/memory-tools.d.ts.map +1 -1
  110. package/dist/src/mcp-tools/memory-tools.js +490 -68
  111. package/dist/src/mcp-tools/memory-tools.js.map +1 -1
  112. package/dist/src/mcp-tools/neural-tools.d.ts.map +1 -1
  113. package/dist/src/mcp-tools/neural-tools.js +8 -7
  114. package/dist/src/mcp-tools/neural-tools.js.map +1 -1
  115. package/dist/src/mcp-tools/performance-tools.js +6 -6
  116. package/dist/src/mcp-tools/performance-tools.js.map +1 -1
  117. package/dist/src/mcp-tools/progress-tools.js +4 -4
  118. package/dist/src/mcp-tools/progress-tools.js.map +1 -1
  119. package/dist/src/mcp-tools/ruvllm-tools.js +10 -10
  120. package/dist/src/mcp-tools/ruvllm-tools.js.map +1 -1
  121. package/dist/src/mcp-tools/security-tools.d.ts.map +1 -1
  122. package/dist/src/mcp-tools/security-tools.js +34 -9
  123. package/dist/src/mcp-tools/security-tools.js.map +1 -1
  124. package/dist/src/mcp-tools/session-tools.d.ts.map +1 -1
  125. package/dist/src/mcp-tools/session-tools.js +130 -6
  126. package/dist/src/mcp-tools/session-tools.js.map +1 -1
  127. package/dist/src/mcp-tools/swarm-tools.d.ts.map +1 -1
  128. package/dist/src/mcp-tools/swarm-tools.js +76 -7
  129. package/dist/src/mcp-tools/swarm-tools.js.map +1 -1
  130. package/dist/src/mcp-tools/system-tools.d.ts.map +1 -1
  131. package/dist/src/mcp-tools/system-tools.js +91 -18
  132. package/dist/src/mcp-tools/system-tools.js.map +1 -1
  133. package/dist/src/mcp-tools/task-tools.d.ts.map +1 -1
  134. package/dist/src/mcp-tools/task-tools.js +55 -7
  135. package/dist/src/mcp-tools/task-tools.js.map +1 -1
  136. package/dist/src/mcp-tools/terminal-tools.js +5 -5
  137. package/dist/src/mcp-tools/terminal-tools.js.map +1 -1
  138. package/dist/src/mcp-tools/transfer-tools.js +11 -11
  139. package/dist/src/mcp-tools/transfer-tools.js.map +1 -1
  140. package/dist/src/mcp-tools/wasm-agent-tools.js +11 -11
  141. package/dist/src/mcp-tools/wasm-agent-tools.js.map +1 -1
  142. package/dist/src/mcp-tools/workflow-tools.d.ts.map +1 -1
  143. package/dist/src/mcp-tools/workflow-tools.js +118 -10
  144. package/dist/src/mcp-tools/workflow-tools.js.map +1 -1
  145. package/dist/src/memory/memory-bridge.d.ts +69 -0
  146. package/dist/src/memory/memory-bridge.d.ts.map +1 -1
  147. package/dist/src/memory/memory-bridge.js +293 -5
  148. package/dist/src/memory/memory-bridge.js.map +1 -1
  149. package/dist/src/memory/memory-initializer.d.ts +8 -0
  150. package/dist/src/memory/memory-initializer.d.ts.map +1 -1
  151. package/dist/src/memory/memory-initializer.js +89 -16
  152. package/dist/src/memory/memory-initializer.js.map +1 -1
  153. package/dist/src/memory/neural-package-bridge.d.ts +48 -0
  154. package/dist/src/memory/neural-package-bridge.d.ts.map +1 -0
  155. package/dist/src/memory/neural-package-bridge.js +87 -0
  156. package/dist/src/memory/neural-package-bridge.js.map +1 -0
  157. package/dist/src/memory/sona-optimizer.d.ts.map +1 -1
  158. package/dist/src/memory/sona-optimizer.js +3 -0
  159. package/dist/src/memory/sona-optimizer.js.map +1 -1
  160. package/dist/src/parser.d.ts +9 -0
  161. package/dist/src/parser.d.ts.map +1 -1
  162. package/dist/src/parser.js +11 -0
  163. package/dist/src/parser.js.map +1 -1
  164. package/dist/src/plugins/store/discovery.d.ts +6 -3
  165. package/dist/src/plugins/store/discovery.d.ts.map +1 -1
  166. package/dist/src/plugins/store/discovery.js +11 -8
  167. package/dist/src/plugins/store/discovery.js.map +1 -1
  168. package/dist/src/ruvector/agent-wasm.d.ts.map +1 -1
  169. package/dist/src/ruvector/agent-wasm.js +4 -1
  170. package/dist/src/ruvector/agent-wasm.js.map +1 -1
  171. package/dist/src/ruvector/coverage-tools.js +6 -6
  172. package/dist/src/ruvector/coverage-tools.js.map +1 -1
  173. package/dist/src/ruvector/index.d.ts +0 -2
  174. package/dist/src/ruvector/index.d.ts.map +1 -1
  175. package/dist/src/ruvector/index.js +8 -2
  176. package/dist/src/ruvector/index.js.map +1 -1
  177. package/dist/src/ruvector/model-router.d.ts +22 -1
  178. package/dist/src/ruvector/model-router.d.ts.map +1 -1
  179. package/dist/src/ruvector/model-router.js +125 -5
  180. package/dist/src/ruvector/model-router.js.map +1 -1
  181. package/dist/src/services/headless-worker-executor.d.ts +6 -0
  182. package/dist/src/services/headless-worker-executor.d.ts.map +1 -1
  183. package/dist/src/services/headless-worker-executor.js +37 -3
  184. package/dist/src/services/headless-worker-executor.js.map +1 -1
  185. package/dist/src/services/worker-daemon.d.ts +80 -2
  186. package/dist/src/services/worker-daemon.d.ts.map +1 -1
  187. package/dist/src/services/worker-daemon.js +372 -11
  188. package/dist/src/services/worker-daemon.js.map +1 -1
  189. package/dist/tsconfig.tsbuildinfo +1 -1
  190. package/package.json +8 -6
  191. package/.claude/skills/agentdb-advanced/SKILL.md +0 -550
  192. package/.claude/skills/agentdb-learning/SKILL.md +0 -545
  193. package/.claude/skills/agentdb-memory-patterns/SKILL.md +0 -339
  194. package/.claude/skills/agentdb-optimization/SKILL.md +0 -509
  195. package/.claude/skills/agentdb-vector-search/SKILL.md +0 -339
  196. package/.claude/skills/agentic-jujutsu/SKILL.md +0 -645
  197. package/.claude/skills/aidefence-scan.md +0 -151
  198. package/.claude/skills/aidefence.yaml +0 -297
  199. package/.claude/skills/browser/SKILL.md +0 -204
  200. package/.claude/skills/flow-nexus-neural/SKILL.md +0 -738
  201. package/.claude/skills/flow-nexus-platform/SKILL.md +0 -1157
  202. package/.claude/skills/flow-nexus-swarm/SKILL.md +0 -610
  203. package/.claude/skills/github-code-review/SKILL.md +0 -1140
  204. package/.claude/skills/github-multi-repo/SKILL.md +0 -874
  205. package/.claude/skills/github-project-management/SKILL.md +0 -1277
  206. package/.claude/skills/github-release-management/SKILL.md +0 -1081
  207. package/.claude/skills/github-workflow-automation/SKILL.md +0 -1065
  208. package/.claude/skills/hive-mind-advanced/SKILL.md +0 -712
  209. package/.claude/skills/hooks-automation/SKILL.md +0 -1201
  210. package/.claude/skills/pair-programming/SKILL.md +0 -1202
  211. package/.claude/skills/performance-analysis/SKILL.md +0 -563
  212. package/.claude/skills/reasoningbank-agentdb/SKILL.md +0 -446
  213. package/.claude/skills/reasoningbank-intelligence/SKILL.md +0 -201
  214. package/.claude/skills/secure-review.md +0 -181
  215. package/.claude/skills/skill-builder/SKILL.md +0 -910
  216. package/.claude/skills/sparc-methodology/SKILL.md +0 -1115
  217. package/.claude/skills/stream-chain/SKILL.md +0 -563
  218. package/.claude/skills/swarm-advanced/SKILL.md +0 -973
  219. package/.claude/skills/swarm-orchestration/SKILL.md +0 -179
  220. package/.claude/skills/v3-cli-modernization/SKILL.md +0 -872
  221. package/.claude/skills/v3-core-implementation/SKILL.md +0 -797
  222. package/.claude/skills/v3-ddd-architecture/SKILL.md +0 -442
  223. package/.claude/skills/v3-integration-deep/SKILL.md +0 -241
  224. package/.claude/skills/v3-mcp-optimization/SKILL.md +0 -777
  225. package/.claude/skills/v3-memory-unification/SKILL.md +0 -174
  226. package/.claude/skills/v3-performance-optimization/SKILL.md +0 -390
  227. package/.claude/skills/v3-security-overhaul/SKILL.md +0 -82
  228. package/.claude/skills/v3-swarm-coordination/SKILL.md +0 -340
  229. package/.claude/skills/verification-quality/SKILL.md +0 -649
  230. package/.claude/skills/worker-benchmarks/skill.md +0 -135
  231. package/.claude/skills/worker-integration/skill.md +0 -154
@@ -1,181 +0,0 @@
1
- ---
2
- name: secure-review
3
- version: 1.0.0
4
- description: Security-focused code review with AI manipulation detection
5
- author: rUv
6
- tags: [security, code-review, aidefence]
7
-
8
- invocation:
9
- - /secure-review
10
- - /security-review
11
-
12
- requires:
13
- - "@claude-flow/aidefence"
14
- ---
15
-
16
- # Secure Review Skill
17
-
18
- Perform security-focused code reviews that include AI manipulation detection, credential scanning, and security best practice validation.
19
-
20
- ## Commands
21
-
22
- ### `/secure-review <file-or-directory>`
23
- Review code for security issues including:
24
- - Hardcoded credentials
25
- - Prompt injection vulnerabilities
26
- - Unsafe input handling
27
- - Security anti-patterns
28
-
29
- ### `/secure-review --quick <file>`
30
- Quick security scan without detailed analysis.
31
-
32
- ### `/secure-review --fix <file>`
33
- Review and suggest fixes for security issues.
34
-
35
- ---
36
-
37
- ## Execution Instructions
38
-
39
- When `/secure-review` is invoked:
40
-
41
- ### Step 1: Initialize Security Tools
42
-
43
- ```typescript
44
- import { createAIDefence } from '@claude-flow/aidefence';
45
-
46
- const aidefence = createAIDefence({ enableLearning: true });
47
- ```
48
-
49
- ### Step 2: Read and Analyze Files
50
-
51
- For each file to review:
52
-
53
- 1. **Read the file** using the Read tool
54
- 2. **Scan for PII/Credentials**:
55
- ```typescript
56
- const piiResult = aidefence.hasPII(fileContent);
57
- if (piiResult) {
58
- findings.push({
59
- type: 'pii',
60
- severity: 'high',
61
- message: 'Potential credentials or PII detected',
62
- file: filePath
63
- });
64
- }
65
- ```
66
-
67
- 3. **Check for dangerous patterns**:
68
- ```typescript
69
- const dangerousPatterns = [
70
- { pattern: /eval\s*\(/, message: 'Unsafe eval() usage', severity: 'critical' },
71
- { pattern: /innerHTML\s*=/, message: 'Potential XSS via innerHTML', severity: 'high' },
72
- { pattern: /shell:\s*true/, message: 'Shell injection risk', severity: 'critical' },
73
- { pattern: /dangerouslySetInnerHTML/, message: 'Dangerous HTML injection', severity: 'high' },
74
- { pattern: /password.*=.*['"][^'"]+['"]/, message: 'Hardcoded password', severity: 'critical' },
75
- ];
76
-
77
- for (const { pattern, message, severity } of dangerousPatterns) {
78
- const match = fileContent.match(pattern);
79
- if (match) {
80
- findings.push({ type: 'security', severity, message, file: filePath, line: getLineNumber(match) });
81
- }
82
- }
83
- ```
84
-
85
- 4. **Scan for prompt injection in AI code**:
86
- ```typescript
87
- // If file contains AI/LLM related code
88
- if (/openai|anthropic|llm|prompt|chat/i.test(fileContent)) {
89
- // Check for unsafe prompt construction
90
- const unsafePromptPatterns = [
91
- /\$\{.*user.*\}/i, // Template literal with user input
92
- /\+ .*input/i, // String concatenation with input
93
- /prompt.*=.*request/i, // Direct request to prompt
94
- ];
95
-
96
- for (const pattern of unsafePromptPatterns) {
97
- if (pattern.test(fileContent)) {
98
- findings.push({
99
- type: 'prompt_injection_risk',
100
- severity: 'high',
101
- message: 'Potential prompt injection vulnerability - user input directly in prompt',
102
- file: filePath
103
- });
104
- }
105
- }
106
- }
107
- ```
108
-
109
- ### Step 3: Generate Report
110
-
111
- ```markdown
112
- ## Security Review Report
113
-
114
- ### Summary
115
- - Files reviewed: X
116
- - Critical issues: X
117
- - High severity: X
118
- - Medium severity: X
119
- - Low severity: X
120
-
121
- ### Findings
122
-
123
- #### Critical
124
- 1. **[file.ts:42]** Hardcoded API key detected
125
- - **Risk**: Credential exposure
126
- - **Fix**: Move to environment variable
127
-
128
- #### High
129
- 1. **[api.ts:108]** User input directly concatenated to prompt
130
- - **Risk**: Prompt injection vulnerability
131
- - **Fix**: Sanitize and validate user input before including in prompts
132
-
133
- ### Recommendations
134
- 1. Enable input validation at all API boundaries
135
- 2. Use environment variables for all credentials
136
- 3. Implement prompt injection defenses for AI code
137
- ```
138
-
139
- ### Step 4: Learn from Review
140
-
141
- ```typescript
142
- // Store review patterns for learning
143
- for (const finding of findings) {
144
- await aidefence.learnFromDetection(
145
- finding.context,
146
- { safe: false, threats: [{ type: finding.type, severity: finding.severity }] }
147
- );
148
- }
149
- ```
150
-
151
- ## Example Output
152
-
153
- ```
154
- 🔍 Security Review: src/api/
155
-
156
- Scanning 12 files...
157
-
158
- ❌ CRITICAL: src/api/config.ts:15
159
- Hardcoded API key: sk-ant-api03...
160
- → Move to .env file and use process.env.ANTHROPIC_API_KEY
161
-
162
- âš ī¸ HIGH: src/api/chat.ts:42
163
- User input directly in prompt template
164
- → Sanitize input: const sanitized = sanitizeForPrompt(userInput)
165
-
166
- âš ī¸ HIGH: src/api/chat.ts:67
167
- No input length validation
168
- → Add: if (input.length > MAX_INPUT_LENGTH) throw new Error('...')
169
-
170
- â„šī¸ MEDIUM: src/api/utils.ts:23
171
- Using eval() for JSON parsing
172
- → Use JSON.parse() instead
173
-
174
- 📊 Summary: 1 critical, 2 high, 1 medium issues found
175
- ```
176
-
177
- ## Integration Notes
178
-
179
- - Works with `reviewer` agent for comprehensive code reviews
180
- - Findings are stored in memory for pattern learning
181
- - Can be triggered automatically via pre-commit hooks