@claude-flow/codex 3.0.0-alpha.1

package/dist/generators/config-toml.js

@@ -0,0 +1,910 @@
+/**
+ * @claude-flow/codex - config.toml Generator
+ *
+ * Generates Codex CLI configuration files in TOML format
+ */
+/**
+ * Generate a config.toml file based on the provided options
+ */
+export async function generateConfigToml(options = {}) {
+    const { model = 'gpt-5.3-codex', approvalPolicy = 'on-request', sandboxMode = 'workspace-write', webSearch = 'cached', projectDocMaxBytes = 65536, features = {}, mcpServers = [], skills = [], profiles = {}, historyPersistence = 'save-all', security = {}, performance = {}, logging = {}, } = options;
+    const lines = [];
+    // Header
+    lines.push('# =============================================================================');
+    lines.push('# Claude Flow V3 - Codex Configuration');
+    lines.push('# =============================================================================');
+    lines.push('# Generated by: @claude-flow/codex');
+    lines.push('# Documentation: https://github.com/ruvnet/claude-flow');
+    lines.push('# ');
+    lines.push('# This file configures the Codex CLI for Claude Flow integration.');
+    lines.push('# Place in .agents/config.toml (project) or .codex/config.toml (user).');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('# =============================================================================');
+    lines.push('# Core Settings');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('# Model selection - the AI model to use for code generation');
+    lines.push('# Options: gpt-5.3-codex, gpt-4o, claude-sonnet, claude-opus');
+    lines.push(`model = "${model}"`);
+    lines.push('');
+    lines.push('# Approval policy determines when human approval is required');
+    lines.push('# - untrusted: Always require approval');
+    lines.push('# - on-failure: Require approval only after failures');
+    lines.push('# - on-request: Require approval for significant changes');
+    lines.push('# - never: Auto-approve all actions (use with caution)');
+    lines.push(`approval_policy = "${approvalPolicy}"`);
+    lines.push('');
+    lines.push('# Sandbox mode controls file system access');
+    lines.push('# - read-only: Can only read files, no modifications');
+    lines.push('# - workspace-write: Can write within workspace directory');
+    lines.push('# - danger-full-access: Full file system access (dangerous)');
+    lines.push(`sandbox_mode = "${sandboxMode}"`);
+    lines.push('');
+    lines.push('# Web search enables internet access for research');
+    lines.push('# - disabled: No web access');
+    lines.push('# - cached: Use cached results when available');
+    lines.push('# - live: Always fetch fresh results');
+    lines.push(`web_search = "${webSearch}"`);
+    lines.push('');
+    // Project Documentation
+    lines.push('# =============================================================================');
+    lines.push('# Project Documentation');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('# Maximum bytes to read from AGENTS.md files');
+    lines.push(`project_doc_max_bytes = ${projectDocMaxBytes}`);
+    lines.push('');
+    lines.push('# Fallback filenames if AGENTS.md not found');
+    lines.push('project_doc_fallback_filenames = [');
+    lines.push('  "AGENTS.md",');
+    lines.push('  "TEAM_GUIDE.md",');
+    lines.push('  ".agents.md"');
+    lines.push(']');
+    lines.push('');
+    // Features
+    lines.push('# =============================================================================');
+    lines.push('# Features');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[features]');
+    lines.push('# Enable child AGENTS.md guidance');
+    lines.push(`child_agents_md = ${features.childAgentsMd ?? true}`);
+    lines.push('');
+    lines.push('# Cache shell environment for faster repeated commands');
+    lines.push(`shell_snapshot = ${features.shellSnapshot ?? true}`);
+    lines.push('');
+    lines.push('# Smart approvals based on request context');
+    lines.push(`request_rule = ${features.requestRule ?? true}`);
+    lines.push('');
+    lines.push('# Enable remote compaction for large histories');
+    lines.push(`remote_compaction = ${features.remoteCompaction ?? true}`);
+    lines.push('');
+    // MCP Servers
+    if (mcpServers.length > 0 || true) { // Always include claude-flow by default
+        lines.push('# =============================================================================');
+        lines.push('# MCP Servers');
+        lines.push('# =============================================================================');
+        lines.push('');
+        // Default claude-flow server
+        const hasClaudeFlow = mcpServers.some(s => s.name === 'claude-flow');
+        if (!hasClaudeFlow) {
+            lines.push(...generateMcpServer({
+                name: 'claude-flow',
+                command: 'npx',
+                args: ['-y', '@claude-flow/cli@latest'],
+                enabled: true,
+                toolTimeout: 120,
+            }));
+            lines.push('');
+        }
+        for (const server of mcpServers) {
+            lines.push(...generateMcpServer(server));
+            lines.push('');
+        }
+    }
+    // Skills Configuration
+    if (skills.length > 0) {
+        lines.push('# =============================================================================');
+        lines.push('# Skills Configuration');
+        lines.push('# =============================================================================');
+        lines.push('');
+        for (const skill of skills) {
+            lines.push(...generateSkillConfig(skill));
+            lines.push('');
+        }
+    }
+    // Profiles
+    lines.push('# =============================================================================');
+    lines.push('# Profiles');
+    lines.push('# =============================================================================');
+    lines.push('');
+    // Default profiles
+    const defaultProfiles = {
+        dev: {
+            approvalPolicy: 'never',
+            sandboxMode: 'danger-full-access',
+            webSearch: 'live',
+        },
+        safe: {
+            approvalPolicy: 'untrusted',
+            sandboxMode: 'read-only',
+            webSearch: 'disabled',
+        },
+        ci: {
+            approvalPolicy: 'never',
+            sandboxMode: 'workspace-write',
+            webSearch: 'cached',
+        },
+        ...profiles,
+    };
+    for (const [name, profile] of Object.entries(defaultProfiles)) {
+        lines.push(...generateProfile(name, profile));
+        lines.push('');
+    }
+    // History
+    lines.push('# =============================================================================');
+    lines.push('# History');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[history]');
+    lines.push('# Save all session transcripts');
+    lines.push(`persistence = "${historyPersistence}"`);
+    lines.push('');
+    // Shell Environment Policy
+    lines.push('# =============================================================================');
+    lines.push('# Shell Environment');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[shell_environment_policy]');
+    lines.push('# Inherit environment variables');
+    lines.push('inherit = "core"');
+    lines.push('');
+    lines.push('# Exclude sensitive variables');
+    lines.push('exclude = ["*_KEY", "*_SECRET", "*_TOKEN", "*_PASSWORD"]');
+    lines.push('');
+    // Sandbox Workspace Write Settings
+    lines.push('# =============================================================================');
+    lines.push('# Sandbox Workspace Write Settings');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[sandbox_workspace_write]');
+    lines.push('# Additional writable paths beyond workspace');
+    lines.push('writable_roots = []');
+    lines.push('');
+    lines.push('# Allow network access');
+    lines.push('network_access = true');
+    lines.push('');
+    lines.push('# Exclude temp directories');
+    lines.push('exclude_slash_tmp = false');
+    lines.push('');
+    // Security Settings
+    lines.push('# =============================================================================');
+    lines.push('# Security Settings');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[security]');
+    lines.push('# Enable input validation for all user inputs');
+    lines.push(`input_validation = ${security.inputValidation ?? true}`);
+    lines.push('');
+    lines.push('# Prevent directory traversal attacks');
+    lines.push(`path_traversal_prevention = ${security.pathTraversal ?? true}`);
+    lines.push('');
+    lines.push('# Scan for hardcoded secrets');
+    lines.push(`secret_scanning = ${security.secretScanning ?? true}`);
+    lines.push('');
+    lines.push('# Scan dependencies for known CVEs');
+    lines.push(`cve_scanning = ${security.cveScanning ?? true}`);
+    lines.push('');
+    lines.push('# Maximum file size for operations (bytes)');
+    lines.push(`max_file_size = ${security.maxFileSize ?? 10485760}`);
+    lines.push('');
+    lines.push('# Allowed file extensions (empty = allow all)');
+    const allowedExts = security.allowedExtensions ?? [];
+    if (allowedExts.length > 0) {
+        lines.push(`allowed_extensions = [${allowedExts.map((e) => `"${e}"`).join(', ')}]`);
+    }
+    else {
+        lines.push('allowed_extensions = []');
+    }
+    lines.push('');
+    lines.push('# Blocked file patterns (regex)');
+    const blockedPatterns = security.blockedPatterns ?? ['\\.env$', 'credentials\\.json$', '\\.pem$', '\\.key$'];
+    lines.push(`blocked_patterns = [${blockedPatterns.map((p) => `"${escapeTomlString(p)}"`).join(', ')}]`);
+    lines.push('');
+    // Performance Settings
+    lines.push('# =============================================================================');
+    lines.push('# Performance Settings');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[performance]');
+    lines.push('# Maximum concurrent agents');
+    lines.push(`max_agents = ${performance.maxAgents ?? 8}`);
+    lines.push('');
+    lines.push('# Task timeout in seconds');
+    lines.push(`task_timeout = ${performance.taskTimeout ?? 300}`);
+    lines.push('');
+    lines.push('# Memory limit per agent');
+    lines.push(`memory_limit = "${performance.memoryLimit ?? '512MB'}"`);
+    lines.push('');
+    lines.push('# Enable response caching');
+    lines.push(`cache_enabled = ${performance.cacheEnabled ?? true}`);
+    lines.push('');
+    lines.push('# Cache TTL in seconds');
+    lines.push(`cache_ttl = ${performance.cacheTtl ?? 3600}`);
+    lines.push('');
+    lines.push('# Enable parallel task execution');
+    lines.push(`parallel_execution = ${performance.parallelExecution ?? true}`);
+    lines.push('');
+    // Logging Settings
+    lines.push('# =============================================================================');
+    lines.push('# Logging Settings');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[logging]');
+    lines.push('# Log level: debug, info, warn, error');
+    lines.push(`level = "${logging.level ?? 'info'}"`);
+    lines.push('');
+    lines.push('# Log format: json, text, pretty');
+    lines.push(`format = "${logging.format ?? 'pretty'}"`);
+    lines.push('');
+    lines.push('# Log destination: stdout, file, both');
+    lines.push(`destination = "${logging.destination ?? 'stdout'}"`);
+    lines.push('');
+    if (logging.filePath || logging.destination === 'file' || logging.destination === 'both') {
+        lines.push('# Log file path');
+        lines.push(`file_path = "${logging.filePath ?? './logs/claude-flow.log'}"`);
+        lines.push('');
+        lines.push('# Maximum number of log files to retain');
+        lines.push(`max_files = ${logging.maxFiles ?? 10}`);
+        lines.push('');
+        lines.push('# Maximum size per log file');
+        lines.push(`max_size = "${logging.maxSize ?? '10MB'}"`);
+        lines.push('');
+    }
+    // Neural/Intelligence Settings
+    lines.push('# =============================================================================');
+    lines.push('# Neural Intelligence Settings');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[neural]');
+    lines.push('# Enable SONA (Self-Optimizing Neural Architecture)');
+    lines.push('sona_enabled = true');
+    lines.push('');
+    lines.push('# Enable HNSW vector search');
+    lines.push('hnsw_enabled = true');
+    lines.push('');
+    lines.push('# HNSW index parameters');
+    lines.push('hnsw_m = 16');
+    lines.push('hnsw_ef_construction = 200');
+    lines.push('hnsw_ef_search = 100');
+    lines.push('');
+    lines.push('# Enable pattern learning');
+    lines.push('pattern_learning = true');
+    lines.push('');
+    lines.push('# Learning rate for neural adaptation');
+    lines.push('learning_rate = 0.01');
+    lines.push('');
+    // Swarm Settings
+    lines.push('# =============================================================================');
+    lines.push('# Swarm Orchestration Settings');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[swarm]');
+    lines.push('# Default topology: hierarchical, mesh, ring, star');
+    lines.push('default_topology = "hierarchical"');
+    lines.push('');
+    lines.push('# Default strategy: balanced, specialized, adaptive');
+    lines.push('default_strategy = "specialized"');
+    lines.push('');
+    lines.push('# Consensus algorithm: raft, byzantine, gossip');
+    lines.push('consensus = "raft"');
+    lines.push('');
+    lines.push('# Enable anti-drift measures');
+    lines.push('anti_drift = true');
+    lines.push('');
+    lines.push('# Checkpoint interval (tasks)');
+    lines.push('checkpoint_interval = 10');
+    lines.push('');
+    // Hooks Settings
+    lines.push('# =============================================================================');
+    lines.push('# Hooks Configuration');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[hooks]');
+    lines.push('# Enable lifecycle hooks');
+    lines.push('enabled = true');
+    lines.push('');
+    lines.push('# Pre-task hook');
+    lines.push('pre_task = true');
+    lines.push('');
+    lines.push('# Post-task hook (for learning)');
+    lines.push('post_task = true');
+    lines.push('');
+    lines.push('# Enable neural training on post-edit');
+    lines.push('train_on_edit = true');
+    lines.push('');
+    // Background Workers
+    lines.push('# =============================================================================');
+    lines.push('# Background Workers');
+    lines.push('# =============================================================================');
+    lines.push('');
+    lines.push('[workers]');
+    lines.push('# Enable background workers');
+    lines.push('enabled = true');
+    lines.push('');
+    lines.push('# Worker configuration');
+    lines.push('[workers.audit]');
+    lines.push('enabled = true');
+    lines.push('priority = "critical"');
+    lines.push('interval = 300');
+    lines.push('');
+    lines.push('[workers.optimize]');
+    lines.push('enabled = true');
+    lines.push('priority = "high"');
+    lines.push('interval = 600');
+    lines.push('');
+    lines.push('[workers.consolidate]');
+    lines.push('enabled = true');
+    lines.push('priority = "low"');
+    lines.push('interval = 1800');
+    lines.push('');
+    return lines.join('\n');
+}
+/**
+ * Escape special characters in TOML strings
+ */
+function escapeTomlString(str) {
+    return str
+        .replace(/\\/g, '\\\\')
+        .replace(/"/g, '\\"')
+        .replace(/\n/g, '\\n')
+        .replace(/\r/g, '\\r')
+        .replace(/\t/g, '\\t');
+}
+/**
+ * Generate MCP server configuration lines
+ */
+function generateMcpServer(server) {
+    const lines = [];
+    lines.push(`[mcp_servers.${server.name}]`);
+    lines.push(`command = "${server.command}"`);
+    if (server.args && server.args.length > 0) {
+        const argsStr = server.args.map(a => `"${a}"`).join(', ');
+        lines.push(`args = [${argsStr}]`);
+    }
+    lines.push(`enabled = ${server.enabled ?? true}`);
+    if (server.toolTimeout) {
+        lines.push(`tool_timeout_sec = ${server.toolTimeout}`);
+    }
+    if (server.env && Object.keys(server.env).length > 0) {
+        lines.push('');
+        lines.push(`[mcp_servers.${server.name}.env]`);
+        for (const [key, value] of Object.entries(server.env)) {
+            lines.push(`${key} = "${value}"`);
+        }
+    }
+    return lines;
+}
+/**
+ * Generate skill configuration lines
+ */
+function generateSkillConfig(skill) {
+    const lines = [];
+    lines.push('[[skills.config]]');
+    lines.push(`path = "${skill.path}"`);
+    lines.push(`enabled = ${skill.enabled ?? true}`);
+    return lines;
+}
+/**
+ * Generate profile configuration lines
+ */
+function generateProfile(name, profile) {
+    const lines = [];
+    const comment = name === 'dev' ? 'Development profile - more permissive for local work'
+        : name === 'safe' ? 'Safe profile - maximum restrictions'
+            : name === 'ci' ? 'CI profile - for automated pipelines'
+                : `${name} profile`;
+    lines.push(`# ${comment}`);
+    lines.push(`[profiles.${name}]`);
+    if (profile.approvalPolicy) {
+        lines.push(`approval_policy = "${profile.approvalPolicy}"`);
+    }
+    if (profile.sandboxMode) {
+        lines.push(`sandbox_mode = "${profile.sandboxMode}"`);
+    }
+    if (profile.webSearch) {
+        lines.push(`web_search = "${profile.webSearch}"`);
+    }
+    return lines;
+}
+/**
+ * Generate minimal config.toml
+ */
+export async function generateMinimalConfigToml(options = {}) {
+    const { model = 'gpt-5.3-codex', approvalPolicy = 'on-request', sandboxMode = 'workspace-write', } = options;
+    return `# Claude Flow V3 - Minimal Codex Configuration
+
+model = "${model}"
+approval_policy = "${approvalPolicy}"
+sandbox_mode = "${sandboxMode}"
+
+[mcp_servers.claude-flow]
+command = "npx"
+args = ["-y", "@claude-flow/cli@latest"]
+enabled = true
+`;
+}
+/**
+ * Generate CI/CD config.toml
+ */
+export async function generateCIConfigToml() {
+    return `# =============================================================================
+# Claude Flow V3 - CI/CD Pipeline Configuration
+# =============================================================================
+# Optimized for automated CI/CD environments
+# No interactive approvals, ephemeral history, minimal overhead
+# =============================================================================
+
+model = "gpt-5.3-codex"
+approval_policy = "never"
+sandbox_mode = "workspace-write"
+web_search = "disabled"
+
+# Project documentation
+project_doc_max_bytes = 65536
+
+[features]
+# Disable interactive features for CI
+shell_snapshot = false
+remote_compaction = false
+child_agents_md = true
+request_rule = false
+
+[mcp_servers.claude-flow]
+command = "npx"
+args = ["-y", "@claude-flow/cli@latest"]
+enabled = true
+tool_timeout_sec = 300
+
+[history]
+persistence = "none"
+
+[shell_environment_policy]
+inherit = "core"
+exclude = ["*_KEY", "*_SECRET", "*_TOKEN", "*_PASSWORD", "CI_*"]
+
+[security]
+input_validation = true
+path_traversal_prevention = true
+secret_scanning = true
+cve_scanning = true
+
+[performance]
+max_agents = 4
+task_timeout = 600
+cache_enabled = false
+parallel_execution = true
+
+[logging]
+level = "info"
+format = "json"
+destination = "stdout"
+
+[swarm]
+default_topology = "hierarchical"
+default_strategy = "specialized"
+anti_drift = true
+
+[hooks]
+enabled = true
+pre_task = true
+post_task = false
+train_on_edit = false
+`;
+}
+/**
+ * Generate enterprise config.toml with full governance
+ */
+export async function generateEnterpriseConfigToml() {
+    return `# =============================================================================
+# Claude Flow V3 - Enterprise Configuration
+# =============================================================================
+# Full governance, audit logging, and compliance features enabled
+# Suitable for enterprise environments with strict security requirements
+# =============================================================================
+
+model = "gpt-5.3-codex"
+approval_policy = "on-request"
+sandbox_mode = "workspace-write"
+web_search = "cached"
+
+# Project documentation
+project_doc_max_bytes = 131072
+project_doc_fallback_filenames = [
+  "AGENTS.md",
+  "TEAM_GUIDE.md",
+  ".agents.md",
+  "CONTRIBUTING.md"
+]
+
+[features]
+child_agents_md = true
+shell_snapshot = true
+request_rule = true
+remote_compaction = true
+
+# =============================================================================
+# MCP Servers
+# =============================================================================
+
+[mcp_servers.claude-flow]
+command = "npx"
+args = ["-y", "@claude-flow/cli@latest"]
+enabled = true
+tool_timeout_sec = 120
+
+[mcp_servers.claude-flow.env]
+CLAUDE_FLOW_LOG_LEVEL = "info"
+
+# =============================================================================
+# Profiles
+# =============================================================================
+
+# Development profile - more permissive for local work
+[profiles.dev]
+approval_policy = "never"
+sandbox_mode = "danger-full-access"
+web_search = "live"
+
+# Safe profile - maximum restrictions
+[profiles.safe]
+approval_policy = "untrusted"
+sandbox_mode = "read-only"
+web_search = "disabled"
+
+# CI profile - for automated pipelines
+[profiles.ci]
+approval_policy = "never"
+sandbox_mode = "workspace-write"
+web_search = "disabled"
+
+# Production profile - careful changes only
+[profiles.production]
+approval_policy = "untrusted"
+sandbox_mode = "workspace-write"
+web_search = "cached"
+
+# =============================================================================
+# History
+# =============================================================================
+
+[history]
+persistence = "save-all"
+retention_days = 90
+audit_log = true
+
+# =============================================================================
+# Shell Environment
+# =============================================================================
+
+[shell_environment_policy]
+inherit = "core"
+exclude = ["*_KEY", "*_SECRET", "*_TOKEN", "*_PASSWORD", "AWS_*", "AZURE_*"]
+
+[sandbox_workspace_write]
+writable_roots = []
+network_access = true
+exclude_slash_tmp = false
+
+# =============================================================================
+# Security (Enterprise)
+# =============================================================================
+
+[security]
+input_validation = true
+path_traversal_prevention = true
+secret_scanning = true
+cve_scanning = true
+max_file_size = 10485760
+blocked_patterns = ["\\\\.env$", "credentials\\\\.json$", "\\\\.pem$", "\\\\.key$", "secrets\\\\.yaml$"]
+
+# RBAC configuration
+[security.rbac]
+enabled = true
+default_role = "developer"
+
+# Audit configuration
+[security.audit]
+enabled = true
+destination = "file"
+file_path = "./logs/audit.json"
+retention_days = 90
+
+# =============================================================================
+# Performance
+# =============================================================================
+
+[performance]
+max_agents = 8
+task_timeout = 300
+memory_limit = "1GB"
+cache_enabled = true
+cache_ttl = 3600
+parallel_execution = true
+
+# =============================================================================
+# Logging (Enterprise)
+# =============================================================================
+
+[logging]
+level = "info"
+format = "json"
+destination = "both"
+file_path = "./logs/claude-flow.log"
+max_files = 30
+max_size = "50MB"
+
+# =============================================================================
+# Neural Intelligence
+# =============================================================================
+
+[neural]
+sona_enabled = true
+hnsw_enabled = true
+hnsw_m = 16
+hnsw_ef_construction = 200
+hnsw_ef_search = 100
+pattern_learning = true
+learning_rate = 0.01
+
+# =============================================================================
+# Swarm Orchestration
+# =============================================================================
+
+[swarm]
+default_topology = "hierarchical"
+default_strategy = "specialized"
+consensus = "raft"
+anti_drift = true
+checkpoint_interval = 10
+
+# =============================================================================
+# Hooks
+# =============================================================================
+
+[hooks]
+enabled = true
+pre_task = true
+post_task = true
+train_on_edit = true
+
+# =============================================================================
+# Background Workers
+# =============================================================================
+
+[workers]
+enabled = true
+
+[workers.audit]
+enabled = true
+priority = "critical"
+interval = 300
+
+[workers.optimize]
+enabled = true
+priority = "high"
+interval = 600
+
+[workers.consolidate]
+enabled = true
+priority = "low"
+interval = 1800
+
+[workers.testgaps]
+enabled = true
+priority = "normal"
+interval = 3600
+
+# =============================================================================
+# Compliance
+# =============================================================================
+
+[compliance]
+soc2 = true
+gdpr = true
+pci_dss = false
+hipaa = false
+`;
+}
+/**
+ * Generate development config.toml with permissive settings
+ */
+export async function generateDevConfigToml() {
+    return `# =============================================================================
+# Claude Flow V3 - Development Configuration
+# =============================================================================
+# Permissive settings for local development
+# Auto-approve most actions, full access, live web search
+# =============================================================================
+
+model = "gpt-5.3-codex"
+approval_policy = "never"
+sandbox_mode = "danger-full-access"
+web_search = "live"
+
+# Project documentation
+project_doc_max_bytes = 65536
+
+[features]
+child_agents_md = true
+shell_snapshot = true
+request_rule = false
+remote_compaction = true
+
+[mcp_servers.claude-flow]
+command = "npx"
+args = ["-y", "@claude-flow/cli@latest"]
+enabled = true
+tool_timeout_sec = 120
+
+[history]
+persistence = "save-all"
+
+[shell_environment_policy]
+inherit = "all"
+exclude = []
+
+[sandbox_workspace_write]
+writable_roots = ["/tmp", "~/.cache"]
+network_access = true
+exclude_slash_tmp = false
+
+[security]
+input_validation = true
+path_traversal_prevention = true
+secret_scanning = true
+cve_scanning = false
+
+[performance]
+max_agents = 8
+task_timeout = 600
+cache_enabled = true
+parallel_execution = true
+
+[logging]
+level = "debug"
+format = "pretty"
+destination = "stdout"
+
+[neural]
+sona_enabled = true
+hnsw_enabled = true
+pattern_learning = true
+
+[swarm]
+default_topology = "hierarchical"
+default_strategy = "specialized"
+anti_drift = true
+
+[hooks]
+enabled = true
+pre_task = true
+post_task = true
+train_on_edit = true
+
+[workers]
+enabled = true
+`;
+}
+/**
+ * Generate security-focused config.toml
+ */
+export async function generateSecureConfigToml() {
+    return `# =============================================================================
+# Claude Flow V3 - Security-Focused Configuration
+# =============================================================================
+# Maximum security restrictions for sensitive environments
+# All actions require approval, read-only access, no web search
+# =============================================================================
+
+model = "gpt-5.3-codex"
+approval_policy = "untrusted"
+sandbox_mode = "read-only"
+web_search = "disabled"
+
+# Project documentation
+project_doc_max_bytes = 32768
+
+[features]
+child_agents_md = true
+shell_snapshot = false
+request_rule = true
+remote_compaction = false
+
+[mcp_servers.claude-flow]
+command = "npx"
+args = ["-y", "@claude-flow/cli@latest"]
+enabled = true
+tool_timeout_sec = 60
+
+[history]
+persistence = "save-all"
+retention_days = 365
+
+[shell_environment_policy]
+inherit = "none"
+exclude = ["*"]
+
+[sandbox_workspace_write]
+writable_roots = []
+network_access = false
+exclude_slash_tmp = true
+
+[security]
+input_validation = true
+path_traversal_prevention = true
+secret_scanning = true
+cve_scanning = true
+max_file_size = 1048576
+allowed_extensions = [".ts", ".js", ".json", ".md", ".yaml", ".yml"]
+blocked_patterns = ["\\\\.env", "secret", "credential", "password", "key", "token", "\\\\.pem", "\\\\.p12"]
+
+[security.rbac]
+enabled = true
+default_role = "observer"
+
+[security.audit]
+enabled = true
+destination = "both"
+file_path = "./logs/security-audit.json"
+retention_days = 365
+
+[performance]
+max_agents = 4
+task_timeout = 120
+cache_enabled = false
+parallel_execution = false
+
+[logging]
+level = "info"
+format = "json"
+destination = "both"
+file_path = "./logs/claude-flow.log"
+max_files = 100
+max_size = "10MB"
+
+[neural]
+sona_enabled = false
+hnsw_enabled = true
+pattern_learning = false
+
+[swarm]
+default_topology = "hierarchical"
+default_strategy = "specialized"
+consensus = "byzantine"
+anti_drift = true
+checkpoint_interval = 5
+
+[hooks]
+enabled = true
+pre_task = true
+post_task = true
+train_on_edit = false
+
+[workers]
+enabled = true
+
+[workers.audit]
+enabled = true
+priority = "critical"
+interval = 60
+
+[workers.optimize]
+enabled = false
+
+[workers.consolidate]
+enabled = false
+`;
+}
+//# sourceMappingURL=config-toml.js.map