npm - @claude-flow/shared - Versions diffs - 3.0.0-alpha.1 → 3.0.0-alpha.8 - Mend

@claude-flow/shared 3.0.0-alpha.1 → 3.0.0-alpha.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (241) hide show

package/.claude-flow/daemon-state.json +135 -0
package/.claude-flow/data/pending-insights.jsonl +2 -0
package/.claude-flow/data/ranked-context.json +5 -0
package/.claude-flow/logs/daemon.log +45 -0
package/.claude-flow/logs/headless/audit_1777379186972_h5un5x_prompt.log +3210 -0
package/.claude-flow/logs/headless/audit_1777379186972_h5un5x_result.log +117 -0
package/.claude-flow/logs/headless/audit_1777379816437_w0eaul_prompt.log +3210 -0
package/.claude-flow/logs/headless/audit_1777379816437_w0eaul_result.log +53 -0
package/.claude-flow/logs/headless/audit_1777380440097_621y8m_prompt.log +3210 -0
package/.claude-flow/logs/headless/audit_1777380440097_621y8m_result.log +75 -0
package/.claude-flow/logs/headless/optimize_1777379306973_an4lmy_prompt.log +3504 -0
package/.claude-flow/logs/headless/optimize_1777379306973_an4lmy_result.log +166 -0
package/.claude-flow/logs/headless/optimize_1777380274732_apxz3s_prompt.log +3504 -0
package/.claude-flow/logs/headless/optimize_1777380274732_apxz3s_result.log +219 -0
package/.claude-flow/logs/headless/testgaps_1777379546969_dvf2a1_prompt.log +3189 -0
package/.claude-flow/logs/headless/testgaps_1777379546969_dvf2a1_result.log +155 -0
package/.claude-flow/metrics/codebase-map.json +11 -0
package/.claude-flow/metrics/consolidation.json +6 -0
package/.claude-flow/sessions/current.json +13 -0
package/.swarm/hnsw.index +0 -0
package/.swarm/hnsw.metadata.json +1 -0
package/.swarm/memory.db +0 -0
package/.swarm/memory.db-shm +0 -0
package/.swarm/memory.db-wal +0 -0
package/.swarm/schema.sql +305 -0
package/dist/core/config/loader.d.ts.map +1 -1
package/dist/core/config/loader.js +17 -1
package/dist/core/config/loader.js.map +1 -1
package/dist/core/config/schema.d.ts +697 -103
package/dist/core/config/schema.d.ts.map +1 -1
package/dist/core/config/schema.js +3 -1
package/dist/core/config/schema.js.map +1 -1
package/dist/events/event-store.d.ts.map +1 -1
package/dist/events/event-store.js +20 -9
package/dist/events/event-store.js.map +1 -1
package/dist/events/example-usage.js +1 -1
package/dist/events/example-usage.js.map +1 -1
package/dist/events/index.d.ts +2 -0
package/dist/events/index.d.ts.map +1 -1
package/dist/events/index.js +2 -0
package/dist/events/index.js.map +1 -1
package/dist/events/rvf-event-log.d.ts +82 -0
package/dist/events/rvf-event-log.d.ts.map +1 -0
package/dist/events/rvf-event-log.js +340 -0
package/dist/events/rvf-event-log.js.map +1 -0
package/dist/hooks/example-usage.js +3 -3
package/dist/hooks/example-usage.js.map +1 -1
package/dist/hooks/executor.d.ts.map +1 -1
package/dist/hooks/executor.js +7 -4
package/dist/hooks/executor.js.map +1 -1
package/dist/hooks/verify-exports.test.js +6 -6
package/dist/hooks/verify-exports.test.js.map +1 -1
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4 -0
package/dist/index.js.map +1 -1
package/dist/mcp/server.d.ts.map +1 -1
package/dist/mcp/server.js +3 -6
package/dist/mcp/server.js.map +1 -1
package/dist/mcp/types.d.ts +4 -6
package/dist/mcp/types.d.ts.map +1 -1
package/dist/mcp/types.js.map +1 -1
package/dist/plugins/official/hive-mind-plugin.js +2 -2
package/dist/plugins/official/hive-mind-plugin.js.map +1 -1
package/dist/plugins/official/maestro-plugin.js +3 -3
package/dist/plugins/official/maestro-plugin.js.map +1 -1
package/dist/services/index.d.ts +7 -0
package/dist/services/index.d.ts.map +1 -0
package/dist/services/index.js +7 -0
package/dist/services/index.js.map +1 -0
package/dist/services/v3-progress.service.d.ts +124 -0
package/dist/services/v3-progress.service.d.ts.map +1 -0
package/dist/services/v3-progress.service.js +402 -0
package/dist/services/v3-progress.service.js.map +1 -0
package/package.json +12 -3
package/ruvector.db +0 -0
package/src/core/config/loader.ts +17 -1
package/src/core/config/schema.ts +3 -1
package/src/events/event-store.ts +18 -9
package/src/events/example-usage.ts +1 -1
package/src/events/index.ts +4 -0
package/src/events/rvf-event-log.ts +427 -0
package/src/hooks/example-usage.ts +3 -3
package/src/hooks/executor.ts +7 -5
package/src/hooks/verify-exports.test.ts +6 -6
package/src/index.ts +5 -0
package/src/mcp/server.ts +3 -6
package/src/mcp/types.ts +4 -6
package/src/plugins/official/hive-mind-plugin.ts +2 -2
package/src/plugins/official/maestro-plugin.ts +3 -3
package/src/services/index.ts +16 -0
package/src/services/v3-progress.service.ts +505 -0
package/tmp.json +0 -0
package/tsconfig.tsbuildinfo +1 -1
package/.agentic-flow/intelligence.json +0 -16
package/__tests__/coverage/base.css +0 -224
package/__tests__/coverage/block-navigation.js +0 -87
package/__tests__/coverage/coverage-final.json +0 -50
package/__tests__/coverage/favicon.png +0 -0
package/__tests__/coverage/index.html +0 -326
package/__tests__/coverage/lcov-report/base.css +0 -224
package/__tests__/coverage/lcov-report/block-navigation.js +0 -87
package/__tests__/coverage/lcov-report/favicon.png +0 -0
package/__tests__/coverage/lcov-report/index.html +0 -326
package/__tests__/coverage/lcov-report/prettify.css +0 -1
package/__tests__/coverage/lcov-report/prettify.js +0 -2
package/__tests__/coverage/lcov-report/sort-arrow-sprite.png +0 -0
package/__tests__/coverage/lcov-report/sorter.js +0 -210
package/__tests__/coverage/lcov-report/src/core/config/defaults.ts.html +0 -706
package/__tests__/coverage/lcov-report/src/core/config/index.html +0 -161
package/__tests__/coverage/lcov-report/src/core/config/loader.ts.html +0 -898
package/__tests__/coverage/lcov-report/src/core/config/schema.ts.html +0 -649
package/__tests__/coverage/lcov-report/src/core/config/validator.ts.html +0 -712
package/__tests__/coverage/lcov-report/src/core/event-bus.ts.html +0 -793
package/__tests__/coverage/lcov-report/src/core/index.html +0 -116
package/__tests__/coverage/lcov-report/src/core/interfaces/event.interface.ts.html +0 -886
package/__tests__/coverage/lcov-report/src/core/interfaces/index.html +0 -116
package/__tests__/coverage/lcov-report/src/core/orchestrator/event-coordinator.ts.html +0 -451
package/__tests__/coverage/lcov-report/src/core/orchestrator/health-monitor.ts.html +0 -727
package/__tests__/coverage/lcov-report/src/core/orchestrator/index.html +0 -176
package/__tests__/coverage/lcov-report/src/core/orchestrator/lifecycle-manager.ts.html +0 -874
package/__tests__/coverage/lcov-report/src/core/orchestrator/session-manager.ts.html +0 -922
package/__tests__/coverage/lcov-report/src/core/orchestrator/task-manager.ts.html +0 -1036
package/__tests__/coverage/lcov-report/src/events/domain-events.ts.html +0 -1837
package/__tests__/coverage/lcov-report/src/events/event-store.ts.html +0 -1849
package/__tests__/coverage/lcov-report/src/events/example-usage.ts.html +0 -964
package/__tests__/coverage/lcov-report/src/events/index.html +0 -176
package/__tests__/coverage/lcov-report/src/events/projections.ts.html +0 -1768
package/__tests__/coverage/lcov-report/src/events/state-reconstructor.ts.html +0 -1132
package/__tests__/coverage/lcov-report/src/events.ts.html +0 -1186
package/__tests__/coverage/lcov-report/src/hooks/example-usage.ts.html +0 -1582
package/__tests__/coverage/lcov-report/src/hooks/executor.ts.html +0 -1222
package/__tests__/coverage/lcov-report/src/hooks/index.html +0 -191
package/__tests__/coverage/lcov-report/src/hooks/registry.ts.html +0 -1084
package/__tests__/coverage/lcov-report/src/hooks/safety/bash-safety.ts.html +0 -1897
package/__tests__/coverage/lcov-report/src/hooks/safety/file-organization.ts.html +0 -1504
package/__tests__/coverage/lcov-report/src/hooks/safety/git-commit.ts.html +0 -1954
package/__tests__/coverage/lcov-report/src/hooks/safety/index.html +0 -146
package/__tests__/coverage/lcov-report/src/hooks/session-hooks.ts.html +0 -1762
package/__tests__/coverage/lcov-report/src/hooks/task-hooks.ts.html +0 -1624
package/__tests__/coverage/lcov-report/src/hooks/types.ts.html +0 -1156
package/__tests__/coverage/lcov-report/src/index.html +0 -176
package/__tests__/coverage/lcov-report/src/mcp/connection-pool.ts.html +0 -1399
package/__tests__/coverage/lcov-report/src/mcp/index.html +0 -176
package/__tests__/coverage/lcov-report/src/mcp/server.ts.html +0 -2407
package/__tests__/coverage/lcov-report/src/mcp/session-manager.ts.html +0 -1369
package/__tests__/coverage/lcov-report/src/mcp/tool-registry.ts.html +0 -1783
package/__tests__/coverage/lcov-report/src/mcp/transport/http.ts.html +0 -1756
package/__tests__/coverage/lcov-report/src/mcp/transport/index.html +0 -146
package/__tests__/coverage/lcov-report/src/mcp/transport/stdio.ts.html +0 -1057
package/__tests__/coverage/lcov-report/src/mcp/transport/websocket.ts.html +0 -1537
package/__tests__/coverage/lcov-report/src/mcp/types.ts.html +0 -1780
package/__tests__/coverage/lcov-report/src/plugin-interface.ts.html +0 -2074
package/__tests__/coverage/lcov-report/src/plugin-loader.ts.html +0 -1999
package/__tests__/coverage/lcov-report/src/plugin-registry.ts.html +0 -1897
package/__tests__/coverage/lcov-report/src/plugins/official/hive-mind-plugin.ts.html +0 -1075
package/__tests__/coverage/lcov-report/src/plugins/official/index.html +0 -131
package/__tests__/coverage/lcov-report/src/plugins/official/maestro-plugin.ts.html +0 -1609
package/__tests__/coverage/lcov-report/src/resilience/bulkhead.ts.html +0 -916
package/__tests__/coverage/lcov-report/src/resilience/circuit-breaker.ts.html +0 -1063
package/__tests__/coverage/lcov-report/src/resilience/index.html +0 -161
package/__tests__/coverage/lcov-report/src/resilience/rate-limiter.ts.html +0 -1345
package/__tests__/coverage/lcov-report/src/resilience/retry.ts.html +0 -757
package/__tests__/coverage/lcov-report/src/security/index.html +0 -131
package/__tests__/coverage/lcov-report/src/security/input-validation.ts.html +0 -880
package/__tests__/coverage/lcov-report/src/security/secure-random.ts.html +0 -562
package/__tests__/coverage/lcov-report/src/types/index.html +0 -131
package/__tests__/coverage/lcov-report/src/types/swarm.types.ts.html +0 -850
package/__tests__/coverage/lcov-report/src/types/task.types.ts.html +0 -700
package/__tests__/coverage/lcov-report/src/types.ts.html +0 -1186
package/__tests__/coverage/lcov-report/src/utils/index.html +0 -116
package/__tests__/coverage/lcov-report/src/utils/secure-logger.ts.html +0 -856
package/__tests__/coverage/lcov.info +0 -19877
package/__tests__/coverage/prettify.css +0 -1
package/__tests__/coverage/prettify.js +0 -2
package/__tests__/coverage/sort-arrow-sprite.png +0 -0
package/__tests__/coverage/sorter.js +0 -210
package/__tests__/coverage/src/core/config/defaults.ts.html +0 -706
package/__tests__/coverage/src/core/config/index.html +0 -161
package/__tests__/coverage/src/core/config/loader.ts.html +0 -898
package/__tests__/coverage/src/core/config/schema.ts.html +0 -649
package/__tests__/coverage/src/core/config/validator.ts.html +0 -712
package/__tests__/coverage/src/core/event-bus.ts.html +0 -793
package/__tests__/coverage/src/core/index.html +0 -116
package/__tests__/coverage/src/core/interfaces/event.interface.ts.html +0 -886
package/__tests__/coverage/src/core/interfaces/index.html +0 -116
package/__tests__/coverage/src/core/orchestrator/event-coordinator.ts.html +0 -451
package/__tests__/coverage/src/core/orchestrator/health-monitor.ts.html +0 -727
package/__tests__/coverage/src/core/orchestrator/index.html +0 -176
package/__tests__/coverage/src/core/orchestrator/lifecycle-manager.ts.html +0 -874
package/__tests__/coverage/src/core/orchestrator/session-manager.ts.html +0 -922
package/__tests__/coverage/src/core/orchestrator/task-manager.ts.html +0 -1036
package/__tests__/coverage/src/events/domain-events.ts.html +0 -1837
package/__tests__/coverage/src/events/event-store.ts.html +0 -1849
package/__tests__/coverage/src/events/example-usage.ts.html +0 -964
package/__tests__/coverage/src/events/index.html +0 -176
package/__tests__/coverage/src/events/projections.ts.html +0 -1768
package/__tests__/coverage/src/events/state-reconstructor.ts.html +0 -1132
package/__tests__/coverage/src/events.ts.html +0 -1186
package/__tests__/coverage/src/hooks/example-usage.ts.html +0 -1582
package/__tests__/coverage/src/hooks/executor.ts.html +0 -1222
package/__tests__/coverage/src/hooks/index.html +0 -191
package/__tests__/coverage/src/hooks/registry.ts.html +0 -1084
package/__tests__/coverage/src/hooks/safety/bash-safety.ts.html +0 -1897
package/__tests__/coverage/src/hooks/safety/file-organization.ts.html +0 -1504
package/__tests__/coverage/src/hooks/safety/git-commit.ts.html +0 -1954
package/__tests__/coverage/src/hooks/safety/index.html +0 -146
package/__tests__/coverage/src/hooks/session-hooks.ts.html +0 -1762
package/__tests__/coverage/src/hooks/task-hooks.ts.html +0 -1624
package/__tests__/coverage/src/hooks/types.ts.html +0 -1156
package/__tests__/coverage/src/index.html +0 -176
package/__tests__/coverage/src/mcp/connection-pool.ts.html +0 -1399
package/__tests__/coverage/src/mcp/index.html +0 -176
package/__tests__/coverage/src/mcp/server.ts.html +0 -2407
package/__tests__/coverage/src/mcp/session-manager.ts.html +0 -1369
package/__tests__/coverage/src/mcp/tool-registry.ts.html +0 -1783
package/__tests__/coverage/src/mcp/transport/http.ts.html +0 -1756
package/__tests__/coverage/src/mcp/transport/index.html +0 -146
package/__tests__/coverage/src/mcp/transport/stdio.ts.html +0 -1057
package/__tests__/coverage/src/mcp/transport/websocket.ts.html +0 -1537
package/__tests__/coverage/src/mcp/types.ts.html +0 -1780
package/__tests__/coverage/src/plugin-interface.ts.html +0 -2074
package/__tests__/coverage/src/plugin-loader.ts.html +0 -1999
package/__tests__/coverage/src/plugin-registry.ts.html +0 -1897
package/__tests__/coverage/src/plugins/official/hive-mind-plugin.ts.html +0 -1075
package/__tests__/coverage/src/plugins/official/index.html +0 -131
package/__tests__/coverage/src/plugins/official/maestro-plugin.ts.html +0 -1609
package/__tests__/coverage/src/resilience/bulkhead.ts.html +0 -916
package/__tests__/coverage/src/resilience/circuit-breaker.ts.html +0 -1063
package/__tests__/coverage/src/resilience/index.html +0 -161
package/__tests__/coverage/src/resilience/rate-limiter.ts.html +0 -1345
package/__tests__/coverage/src/resilience/retry.ts.html +0 -757
package/__tests__/coverage/src/security/index.html +0 -131
package/__tests__/coverage/src/security/input-validation.ts.html +0 -880
package/__tests__/coverage/src/security/secure-random.ts.html +0 -562
package/__tests__/coverage/src/types/index.html +0 -131
package/__tests__/coverage/src/types/swarm.types.ts.html +0 -850
package/__tests__/coverage/src/types/task.types.ts.html +0 -700
package/__tests__/coverage/src/types.ts.html +0 -1186
package/__tests__/coverage/src/utils/index.html +0 -116
package/__tests__/coverage/src/utils/secure-logger.ts.html +0 -856

package/.claude-flow/logs/headless/audit_1777379816437_w0eaul_result.log ADDED Viewed

@@ -0,0 +1,53 @@
+[2026-04-28T12:37:20.067Z] RESULT
+============================================================
+{
+  "success": true,
+  "output": "# Security Analysis Report\n\nAfter analyzing the provided codebase, I've identified the security posture and potential vulnerabilities.\n\n```json\n{\n  \"vulnerabilities\": [\n    {\n      \"severity\": \"medium\",\n      \"file\": \"src/core/config/loader.ts\",\n      \"line\": 55,\n      \"description\": \"JSON file parsing without size validation. loadJsonConfig() reads entire file and parses JSON without checking file size, potentially vulnerable to JSON bomb/DoS attacks (though file system typically limits this).\"\n    },\n    {\n      \"severity\": \"low\",\n      \"file\": \"src/core/config/loader.ts\",\n      \"line\": 80,\n      \"description\": \"Missing radix parameter in some parseInt calls - not present in the visible code, but best practice would be explicit radix=10 for all string-to-number conversions. Current code at line 93 uses parseInt(..., 10) correctly.\"\n    },\n    {\n      \"severity\": \"low\",\n      \"file\": \"src/core/config/schema.ts\",\n      \"line\": 15,\n      \"description\": \"Agent capability names validated as simple strings without alphanumeric constraints. Could allow injection of special characters in capability names, though impact is low in this context.\"\n    },\n    {\n      \"severity\": \"low\",\n      \"file\": \"src/core/interfaces/memory.interface.ts\",\n      \"line\": 45,\n      \"description\": \"Metadata field allows arbitrary Record<string, unknown> without constraints. Could potentially store unbounded data if not enforced at the backend level.\"\n    }\n  ],\n  \"riskScore\": 28,\n  \"recommendations\": [\n    \"Add file size validation in loadJsonConfig() - enforce maximum JSON file size (e.g., 10MB) before parsing to prevent JSON bomb attacks\",\n    \"Implement input sanitization for arbitrary metadata fields before storing in memory backends\",\n    \"Add rate limiting to configuration loader to prevent rapid repeated file reads\",\n    \"Use JSON.parse() with reviver function to validate structure before full parsing\",\n    \"Document and enforce maximum payload sizes for all network communication (MCP tools, agent messages)\",\n    \"Consider adding a security audit for the event bus to ensure malicious events cannot cause DoS\",\n    \"Add validation for agent capability names - restrict to alphanumeric + hyphens/underscores\",\n    \"Implement size limits for memory entry values in IMemoryBackend implementations\",\n    \"Ensure all file paths in configuration are validated against path traversal attacks\",\n    \"Add explicit error handling for corrupted configuration files (current code uses generic JSON.parse error)\"\n  ]\n}\n```\n\n## Additional Findings\n\n### Positive Security Measures\n✅ **Secure Logger** (`src/utils/secure-logger.js`): Excellent implementation with proper sanitization of passwords, tokens, API keys, and file paths  \n✅ **Type Safety**: Comprehensive use of TypeScript and Zod validation schemas  \n✅ **Configuration Validation**: All configs validated against schemas before use  \n✅ **Secure Event IDs**: Uses `randomBytes()` for cryptographically secure event ID generation  \n✅ **Test Coverage**: Strong test files demonstrating security awareness (bash safety, file organization enforcement)  \n\n### Areas for Improvement\n⚠️ **No visible authentication/authorization enforcement** - while interfaces reference these, no implementation shown  \n⚠️ **Missing rate limiting** - especially important for file I/O and event processing  \n⚠️ **No encryption at rest** - memory backends don't explicitly mention encryption  \n⚠️ **Limited error context** - error messages could expose internal details in some cases\n",
+  "parsedOutput": {
+    "vulnerabilities": [
+      {
+        "severity": "medium",
+        "file": "src/core/config/loader.ts",
+        "line": 55,
+        "description": "JSON file parsing without size validation. loadJsonConfig() reads entire file and parses JSON without checking file size, potentially vulnerable to JSON bomb/DoS attacks (though file system typically limits this)."
+      },
+      {
+        "severity": "low",
+        "file": "src/core/config/loader.ts",
+        "line": 80,
+        "description": "Missing radix parameter in some parseInt calls - not present in the visible code, but best practice would be explicit radix=10 for all string-to-number conversions. Current code at line 93 uses parseInt(..., 10) correctly."
+      },
+      {
+        "severity": "low",
+        "file": "src/core/config/schema.ts",
+        "line": 15,
+        "description": "Agent capability names validated as simple strings without alphanumeric constraints. Could allow injection of special characters in capability names, though impact is low in this context."
+      },
+      {
+        "severity": "low",
+        "file": "src/core/interfaces/memory.interface.ts",
+        "line": 45,
+        "description": "Metadata field allows arbitrary Record<string, unknown> without constraints. Could potentially store unbounded data if not enforced at the backend level."
+      }
+    ],
+    "riskScore": 28,
+    "recommendations": [
+      "Add file size validation in loadJsonConfig() - enforce maximum JSON file size (e.g., 10MB) before parsing to prevent JSON bomb attacks",
+      "Implement input sanitization for arbitrary metadata fields before storing in memory backends",
+      "Add rate limiting to configuration loader to prevent rapid repeated file reads",
+      "Use JSON.parse() with reviver function to validate structure before full parsing",
+      "Document and enforce maximum payload sizes for all network communication (MCP tools, agent messages)",
+      "Consider adding a security audit for the event bus to ensure malicious events cannot cause DoS",
+      "Add validation for agent capability names - restrict to alphanumeric + hyphens/underscores",
+      "Implement size limits for memory entry values in IMemoryBackend implementations",
+      "Ensure all file paths in configuration are validated against path traversal attacks",
+      "Add explicit error handling for corrupted configuration files (current code uses generic JSON.parse error)"
+    ]
+  },
+  "durationMs": 23630,
+  "model": "haiku",
+  "sandboxMode": "strict",
+  "workerType": "audit",
+  "timestamp": "2026-04-28T12:37:20.067Z",
+  "executionId": "audit_1777379816437_w0eaul"
+}