brainclaw 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (140) hide show
  1. package/README.md +12 -11
  2. package/dist/brainclaw-vscode.vsix +0 -0
  3. package/dist/cli.js +138 -13
  4. package/dist/commands/add-step.js +1 -1
  5. package/dist/commands/bootstrap.js +2 -26
  6. package/dist/commands/check-security-mcp.js +50 -33
  7. package/dist/commands/check-security.js +86 -43
  8. package/dist/commands/claim.js +22 -21
  9. package/dist/commands/confirm.js +26 -0
  10. package/dist/commands/context-diff.js +1 -1
  11. package/dist/commands/dispatch-watch.js +142 -0
  12. package/dist/commands/doctor.js +113 -2
  13. package/dist/commands/estimation-report.js +115 -16
  14. package/dist/commands/harvest.js +285 -22
  15. package/dist/commands/init.js +123 -21
  16. package/dist/commands/loops-handlers.js +4 -0
  17. package/dist/commands/mcp-read-handlers.js +198 -29
  18. package/dist/commands/mcp.js +588 -92
  19. package/dist/commands/memory.js +21 -17
  20. package/dist/commands/migrate.js +81 -17
  21. package/dist/commands/prune.js +78 -4
  22. package/dist/commands/reflect.js +26 -20
  23. package/dist/commands/register-agent.js +57 -1
  24. package/dist/commands/repair.js +20 -0
  25. package/dist/commands/session-end.js +15 -6
  26. package/dist/commands/session-start.js +18 -1
  27. package/dist/commands/setup-security.js +39 -18
  28. package/dist/commands/setup.js +26 -27
  29. package/dist/commands/stale.js +16 -2
  30. package/dist/commands/uninstall.js +126 -34
  31. package/dist/commands/update-step.js +6 -0
  32. package/dist/commands/worktree.js +60 -0
  33. package/dist/core/actions.js +12 -3
  34. package/dist/core/agent-capability.js +11 -13
  35. package/dist/core/agent-files.js +844 -547
  36. package/dist/core/agent-integrations.js +0 -3
  37. package/dist/core/agent-inventory.js +67 -0
  38. package/dist/core/agent-registry.js +163 -29
  39. package/dist/core/agentrun-reconciler.js +33 -2
  40. package/dist/core/agentruns.js +7 -1
  41. package/dist/core/ai-agent-detection.js +31 -44
  42. package/dist/core/archival.js +15 -9
  43. package/dist/core/assignment-reconciler.js +56 -0
  44. package/dist/core/assignment-sweeper.js +127 -4
  45. package/dist/core/assignments.js +69 -11
  46. package/dist/core/bootstrap.js +233 -67
  47. package/dist/core/brainclaw-version.js +22 -0
  48. package/dist/core/candidates.js +21 -1
  49. package/dist/core/claims.js +313 -150
  50. package/dist/core/config.js +6 -1
  51. package/dist/core/context-diff.js +148 -20
  52. package/dist/core/context.js +129 -8
  53. package/dist/core/coordination.js +22 -3
  54. package/dist/core/dispatch-status.js +79 -5
  55. package/dist/core/dispatcher.js +64 -11
  56. package/dist/core/entity-operations.js +45 -24
  57. package/dist/core/entity-registry.js +31 -5
  58. package/dist/core/event-log.js +138 -21
  59. package/dist/core/events/checkpoint.js +258 -0
  60. package/dist/core/events/genesis.js +220 -0
  61. package/dist/core/events/journal.js +507 -0
  62. package/dist/core/events/materialize.js +126 -0
  63. package/dist/core/events/registry-post-image.js +110 -0
  64. package/dist/core/events/verify.js +109 -0
  65. package/dist/core/execution-adapters.js +23 -0
  66. package/dist/core/facade-schema.js +38 -0
  67. package/dist/core/gc-semantic.js +130 -5
  68. package/dist/core/handoff-snapshot.js +68 -0
  69. package/dist/core/ids.js +19 -8
  70. package/dist/core/instruction-templates.js +34 -115
  71. package/dist/core/io.js +39 -3
  72. package/dist/core/json-store.js +10 -1
  73. package/dist/core/lock.js +153 -28
  74. package/dist/core/loops/bootstrap-acquire.js +25 -1
  75. package/dist/core/loops/facade-schema.js +2 -0
  76. package/dist/core/loops/hooks/survey-signals-baseline.js +36 -0
  77. package/dist/core/loops/index.js +1 -0
  78. package/dist/core/loops/presets/bootstrap.js +7 -0
  79. package/dist/core/loops/store.js +17 -0
  80. package/dist/core/loops/verbs.js +24 -1
  81. package/dist/core/markdown.js +8 -76
  82. package/dist/core/mcp-command-resolution.js +245 -0
  83. package/dist/core/memory-compactor.js +5 -3
  84. package/dist/core/memory-lifecycle.js +282 -0
  85. package/dist/core/merge-risk.js +150 -0
  86. package/dist/core/messaging.js +8 -1
  87. package/dist/core/migration.js +11 -1
  88. package/dist/core/observer-mode.js +26 -0
  89. package/dist/core/operations/memory-mutation.js +90 -65
  90. package/dist/core/operations/plan.js +27 -1
  91. package/dist/core/protocol-skills.js +210 -0
  92. package/dist/core/reflection-safety.js +6 -7
  93. package/dist/core/reputation.js +84 -2
  94. package/dist/core/runtime-signals.js +71 -9
  95. package/dist/core/runtime.js +84 -1
  96. package/dist/core/schema.js +114 -0
  97. package/dist/core/security-detectors.js +125 -0
  98. package/dist/core/security-extract.js +189 -0
  99. package/dist/core/security-guard.js +107 -29
  100. package/dist/core/security-packages.js +121 -0
  101. package/dist/core/security-scoring.js +76 -9
  102. package/dist/core/security.js +34 -2
  103. package/dist/core/sequence.js +11 -2
  104. package/dist/core/setup-flow.js +141 -13
  105. package/dist/core/staleness.js +72 -1
  106. package/dist/core/state.js +250 -54
  107. package/dist/core/store-resolution.js +19 -5
  108. package/dist/core/worktree.js +72 -8
  109. package/dist/facts.js +8 -8
  110. package/dist/facts.json +7 -7
  111. package/docs/PROTOCOL.md +223 -0
  112. package/docs/cli.md +11 -10
  113. package/docs/concepts/coordinator-runbook.md +129 -0
  114. package/docs/concepts/event-log-store-critique-A.md +333 -0
  115. package/docs/concepts/event-log-store-critique-B.md +353 -0
  116. package/docs/concepts/event-log-store-phase0-measurements.md +58 -0
  117. package/docs/concepts/event-log-store-proposal-A.md +365 -0
  118. package/docs/concepts/event-log-store-proposal-B.md +404 -0
  119. package/docs/concepts/event-log-store.md +928 -0
  120. package/docs/concepts/identity-model-proposal.md +371 -0
  121. package/docs/concepts/memory.md +5 -4
  122. package/docs/concepts/observer-protocol.md +361 -0
  123. package/docs/concepts/parallel-merge-protocol.md +71 -0
  124. package/docs/concepts/plans-and-claims.md +43 -0
  125. package/docs/concepts/skills.md +78 -0
  126. package/docs/concepts/workspace-bootstrapping.md +61 -0
  127. package/docs/integrations/agents.md +4 -4
  128. package/docs/integrations/cline.md +10 -11
  129. package/docs/integrations/codex.md +2 -2
  130. package/docs/integrations/continue.md +5 -5
  131. package/docs/integrations/copilot.md +14 -12
  132. package/docs/integrations/openclaw.md +7 -6
  133. package/docs/integrations/overview.md +7 -7
  134. package/docs/integrations/roo.md +3 -3
  135. package/docs/integrations/windsurf.md +6 -6
  136. package/docs/mcp-schema-changelog.md +29 -2
  137. package/docs/quickstart.md +48 -47
  138. package/docs/security.md +174 -15
  139. package/docs/storage.md +4 -2
  140. package/package.json +8 -6
@@ -1,6 +1,6 @@
1
1
  # Cline Integration
2
2
 
3
- brainclaw integrates with Cline through MCP tools, instruction rules, and lifecycle hooks. Cline is a Tier A agent full MCP access, hooks, auto-approve support, skills, and CLI spawn capability for parallel lanes.
3
+ brainclaw integrates with Cline through MCP tools, instruction rules, auto-approval, and CLI spawn capability for parallel lanes. Cline does not currently expose a Brainclaw-managed lifecycle hook surface.
4
4
 
5
5
  ## Auto-setup
6
6
 
@@ -51,9 +51,9 @@ Cline supports per-server `alwaysAllow` for auto-approving specific tools:
51
51
  - `.clinerules/live.md` — optional local live companion with current plans, claims, traps, candidates, and handoffs. Write it with `brainclaw export --format cline --write --include-live`; it remains gitignored.
52
52
  - Static content stays behavioural and lightweight. By default, live state flows through MCP; the live companion is an optional parity/backstop file.
53
53
 
54
- ## SKILL.md discovery
55
-
56
- Cline auto-discovers skills from `.clinerules/`, `.claude/skills/`, and `.agents/skills/`. brainclaw writes a single `.agents/skills/brainclaw/SKILL.md` that Cline picks up automatically.
54
+ ## SKILL.md discovery
55
+
56
+ Cline may discover skills from agent-specific directories depending on the installed extension/version. Brainclaw's current Cline writer configures MCP and `.clinerules/brainclaw.md`; it does not write a Cline-specific SKILL.md.
57
57
 
58
58
  ## Headless invocation
59
59
 
@@ -69,11 +69,11 @@ The `-y` flag (YOLO mode) disables interactive approval prompts so the spawned w
69
69
 
70
70
  | Field | Value |
71
71
  |-------|-------|
72
- | Tier | A |
73
- | MCP | yes |
74
- | Hooks | yes |
75
- | Auto-approve | yes (`alwaysAllow` per server, `-y` per session) |
76
- | Skills | yes |
72
+ | Tier | A |
73
+ | MCP | yes |
74
+ | Hooks | no |
75
+ | Auto-approve | yes (`alwaysAllow` per server, `-y` per session) |
76
+ | Skills | no Brainclaw-specific writer |
77
77
  | CLI spawnable | yes |
78
78
  | Max concurrent tasks | 3 |
79
79
  | Workflow model | interactive |
@@ -82,7 +82,6 @@ The `-y` flag (YOLO mode) disables interactive approval prompts so the spawned w
82
82
 
83
83
  ## Caveats
84
84
 
85
- - **Hook support varies by platform**: Cline hooks are reliable on macOS/Linux but the Windows path is less exercised. brainclaw generates hooks that gracefully degrade when the runtime doesn't honour them — the templateTier stays A regardless.
86
- - **Cline / Roo / Kilocode family**: Cline shares its config-pattern lineage with Roo Code and Kilocode. The directory names differ (`.clinerules/` vs `.roo/rules/` vs `.kilo/rules/`) but the auto-discovery model is the same.
85
+ - **Cline / Roo / Kilocode family**: Cline shares its config-pattern lineage with Roo Code and Kilocode. The directory names differ (`.clinerules/` vs `.roo/rules/` vs `.kilo/rules/`) but the auto-discovery model is the same.
87
86
  - **Project-scoped MCP**: unlike machine-scoped agents (Cursor, Windsurf), Cline's MCP config lives in the repo. Each repo gets its own brainclaw registration.
88
87
  - **Long prompts**: inline arg supports up to 8000 chars before falling back to inbox-structured delivery. Briefs longer than that should arrive via inbox.
@@ -1,6 +1,6 @@
1
1
  # Codex Integration
2
2
 
3
- brainclaw integrates with OpenAI's Codex CLI through MCP tools and shared instruction files. Codex is a Tier A agent — full MCP access, lifecycle hooks, skills support, and headless CLI spawn capability.
3
+ brainclaw integrates with OpenAI's Codex CLI through MCP tools and shared instruction files. Codex has MCP access, universal skills support, and headless CLI spawn capability, but no native lifecycle hook surface.
4
4
 
5
5
  ## Auto-setup
6
6
 
@@ -61,7 +61,7 @@ Since pln#476 (1.0.13+), spawned Codex workers are marked `delivered_and_started
61
61
  |-------|-------|
62
62
  | Tier | A |
63
63
  | MCP | yes |
64
- | Hooks | yes |
64
+ | Hooks | no |
65
65
  | Auto-approve | manual (per-tool approval) |
66
66
  | Skills | yes |
67
67
  | CLI spawnable | yes |
@@ -6,9 +6,9 @@ brainclaw integrates with Continue through MCP tools and project-scoped rules, g
6
6
 
7
7
  `brainclaw init` detects Continue and writes `.continue/rules/brainclaw.md` automatically. Or manually:
8
8
 
9
- ```bash
10
- brainclaw export --format continue-rules --write
11
- ```
9
+ ```bash
10
+ brainclaw export --format continue --write
11
+ ```
12
12
 
13
13
  ## MCP configuration
14
14
 
@@ -32,7 +32,7 @@ Per-server YAML configs are also supported in `.continue/mcpServers/*.yaml`.
32
32
 
33
33
  Continue uses a separate permissions file at `~/.continue/permissions.yaml`. Tool-level control uses `--allow`, `--ask`, and `--exclude` flags on the CLI.
34
34
 
35
- brainclaw does not yet emit `permissions.yaml` automatically configure manually if running headless.
35
+ `brainclaw setup-machine` writes `~/.continue/permissions.yaml` when Continue is selected. Configure it manually only if you need stricter local policy than Brainclaw's generated defaults.
36
36
 
37
37
  ## SKILL.md discovery
38
38
 
@@ -55,6 +55,6 @@ cn /path/to/project
55
55
  ## Caveats
56
56
 
57
57
  - **No hooks**: Continue delegates hook-like behavior to VS Code extensions. No native pre-prompt injection.
58
- - **No auto-approve writer**: brainclaw does not emit `permissions.yaml` yet tool approval must be configured manually.
58
+ - **Permissions are machine-local**: Brainclaw can write `~/.continue/permissions.yaml`, but it is not committed with the project.
59
59
  - **No native subagents**: Continue does not expose subagent orchestration.
60
60
  - **Windows**: Works via VS Code extension; CLI (`cn`) requires Node.js on PATH.
@@ -4,10 +4,12 @@ brainclaw integrates with GitHub Copilot through MCP tools, instruction files, a
4
4
 
5
5
  ## Auto-setup
6
6
 
7
- `brainclaw init` detects Copilot (`gh copilot` or `copilot` CLI installed) and writes:
8
-
9
- - `.github/copilot-instructions.md` — instruction file Copilot reads automatically on each prompt
10
- - MCP registration at `~/.copilot/mcp-config.json` (machine-level fallback) and/or project-level `.github/copilot/mcp-config.json`
7
+ `brainclaw init` detects Copilot (`gh copilot` or `copilot` CLI installed) and writes:
8
+
9
+ - `.github/copilot-instructions.md` — instruction file Copilot reads automatically on each prompt
10
+ - `.vscode/settings.json` and `.vscode/mcp.json` — project-level MCP registration used by VS Code/Copilot surfaces
11
+ - `.github/copilot/hooks.json` — session lifecycle hooks where supported
12
+ - `.github/skills/brainclaw-context/SKILL.md` and `.agents/skills/brainclaw/SKILL.md` — Copilot and cross-agent skill discovery
11
13
 
12
14
  Manual regeneration:
13
15
 
@@ -18,14 +20,14 @@ brainclaw export --format copilot-instructions --write --include-live
18
20
 
19
21
  ## MCP configuration
20
22
 
21
- Copilot reads MCP servers from `~/.copilot/mcp-config.json`:
22
-
23
- ```json
24
- {
25
- "mcpServers": {
26
- "brainclaw": {
27
- "command": "npx",
28
- "args": ["-y", "brainclaw@latest", "mcp"]
23
+ VS Code/Copilot reads project MCP configuration from `.vscode/settings.json` and `.vscode/mcp.json`:
24
+
25
+ ```json
26
+ {
27
+ "servers": {
28
+ "brainclaw": {
29
+ "command": "npx",
30
+ "args": ["-y", "brainclaw@latest", "mcp"]
29
31
  }
30
32
  }
31
33
  }
@@ -38,12 +38,13 @@ brainclaw enable-agent openclaw
38
38
 
39
39
  This copies the brainclaw skill to `~/.openclaw/workspace/skills/brainclaw/`.
40
40
 
41
- Or manually:
42
-
43
- ```bash
44
- mkdir -p ~/.openclaw/workspace/skills/brainclaw
45
- cp "$(npm root -g)/brainclaw/skills/openclaw/SKILL.md" ~/.openclaw/workspace/skills/brainclaw/
46
- ```
41
+ Or manually:
42
+
43
+ ```bash
44
+ brainclaw export --format openclaw --output /tmp/brainclaw-openclaw-skill.md
45
+ mkdir -p ~/.openclaw/workspace/skills/brainclaw
46
+ cp /tmp/brainclaw-openclaw-skill.md ~/.openclaw/workspace/skills/brainclaw/SKILL.md
47
+ ```
47
48
 
48
49
  ### Initialize a project
49
50
 
@@ -71,16 +71,16 @@ The agent cannot call brainclaw tools at all. The instruction file or SKILL.md b
71
71
  | Agent | MCP | Instruction file | Hooks | Auto-approve | Skills |
72
72
  |---|---|---|---|---|---|
73
73
  | **Claude Code** | ✔ project + global | CLAUDE.md | ✔ pre-prompt + stop | ✔ permissions | ✔ /brainclaw |
74
- | **Cursor** | ✔ global | .cursor/rules/ + MDC | alwaysApply MDC | — | |
75
- | **Windsurf** | ✔ global | .windsurfrules | session trigger | | — |
74
+ | **Cursor** | ✔ global | .cursor/rules/ + MDC | workspace hooks | — | universal skills |
75
+ | **Windsurf** | ✔ global | .windsurfrules + .windsurf/rules/ | | alwaysAllow | — |
76
76
  | **Cline** | ✔ project | .clinerules/ | — | ✔ autoApprove | — |
77
77
  | **Roo** | ✔ project | .roo/rules/ | — | ✔ alwaysAllow | — |
78
- | **Continue** | ✔ both | .continue/rules/ | — | | — |
79
- | **Kilocode** | ✔ both | .kilo/rules/ + AGENTS.md | — | ✔ alwaysAllow | |
80
- | **OpenCode** | ✔ project | AGENTS.md | — | — | |
81
- | **Codex** | ✔ global | AGENTS.md | — | — | |
78
+ | **Continue** | ✔ both | .continue/rules/ | — | permissions.yaml | — |
79
+ | **Kilocode** | ✔ both | .kilo/rules/ + AGENTS.md | — | ✔ alwaysAllow | universal skills |
80
+ | **OpenCode** | ✔ project | AGENTS.md | — | — | universal skills |
81
+ | **Codex** | ✔ global | AGENTS.md | — | — | universal skills |
82
82
  | **Gemini CLI** | ✔ global | GEMINI.md | — | — | — |
83
- | **GitHub Copilot** | ✔ global + project | .github/copilot-instructions.md | | manual (per-call) | ✔ brainclaw-context |
83
+ | **GitHub Copilot** | ✔ project | .github/copilot-instructions.md | workspace hooks | manual (per-call) | ✔ brainclaw-context + universal skills |
84
84
  | **Mistral Vibe** | ✔ project + user (TOML) | AGENTS.md | — | `--auto-approve` flag | ✔ universal skill |
85
85
  | **Hermes** | ✔ global (YAML) | AGENTS.md | — | — | ✔ universal skill |
86
86
  | **OpenClaw** | — | — | — | — | ✔ brainclaw skill |
@@ -6,9 +6,9 @@ brainclaw integrates with Roo through MCP tools and project-scoped rules, provid
6
6
 
7
7
  `brainclaw init` detects Roo and writes `.roo/rules/brainclaw.md` automatically. Or manually:
8
8
 
9
- ```bash
10
- brainclaw export --format roo-rules --write
11
- ```
9
+ ```bash
10
+ brainclaw export --format roo --write
11
+ ```
12
12
 
13
13
  ## MCP configuration
14
14
 
@@ -6,9 +6,9 @@ brainclaw integrates with Windsurf through MCP tools and instruction rules, prov
6
6
 
7
7
  `brainclaw init` detects Windsurf and writes `.windsurfrules` automatically. Or manually:
8
8
 
9
- ```bash
10
- brainclaw export --format windsurfrules --write
11
- ```
9
+ ```bash
10
+ brainclaw export --format windsurf --write
11
+ ```
12
12
 
13
13
  ## MCP configuration
14
14
 
@@ -49,14 +49,14 @@ Windsurf supports `alwaysAllow` as an array on each MCP server entry:
49
49
  }
50
50
  ```
51
51
 
52
- brainclaw does not yet emit `alwaysAllow` for Windsurf automatically.
52
+ `brainclaw setup-machine` emits the Windsurf MCP config with `alwaysAllow` for the Brainclaw tool surface.
53
53
 
54
54
  ## Instruction files
55
55
 
56
56
  - `.windsurf/rules/*.md` — modern format (recommended), multiple rule files
57
57
  - `.windsurfrules` — legacy single-file format (still supported)
58
58
 
59
- brainclaw currently emits the legacy format. Modern `.windsurf/rules/` support is planned.
59
+ `brainclaw export --format windsurf --write` writes the legacy `.windsurfrules` instruction file. Project setup also writes `.windsurf/rules/brainclaw.md` when Windsurf is selected, so modern rule discovery is covered.
60
60
 
61
61
  ## SKILL.md discovery
62
62
 
@@ -77,7 +77,7 @@ Windsurf does not offer a headless CLI. It runs as a Docker-based environment
77
77
 
78
78
  - **Machine-scoped MCP**: The config at `~/.codeium/windsurf/mcp_config.json` is global, not per-project. All projects share the same server list.
79
79
  - **No hooks**: Cascade Hooks exist but are limited to logging — no pre-prompt injection.
80
- - **Legacy format**: brainclaw currently writes `.windsurfrules` (single file). Modern `.windsurf/rules/` multi-file support is planned (P5).
80
+ - **Two rule paths**: `.windsurfrules` remains the portable export target; `.windsurf/rules/brainclaw.md` is written during project setup for modern Windsurf rule discovery.
81
81
  - **No headless**: Cannot be used as a brainclaw dispatch target.
82
82
  - **Plan Mode**: Windsurf's "megaplan" mode is separate from brainclaw plans — they don't conflict but don't interoperate.
83
83
  - **Windows/Linux**: Works on all platforms via the Windsurf IDE.
@@ -10,6 +10,17 @@ guarantees this changelog follows.
10
10
 
11
11
  ## Unreleased
12
12
 
13
+ **Changed — agent-UX read-path surface (pln#542)**
14
+ - `bclaw_work`, `bclaw_context`, `bclaw_find`, `bclaw_get`, `bclaw_search`
15
+ gain an optional `budget_tokens` argument (relevance-ranked fill).
16
+ - `bclaw_work` compact payload now includes a trimmed `context_diff`
17
+ (event-cursor sourced, all intents) and facade responses carry
18
+ `next_actions` affordances.
19
+ - `bclaw_quick_capture` gains an optional caller-asserted `type` argument;
20
+ contradiction detection is advisory metadata (no longer blocks promotion).
21
+ - No tool was removed or renamed; no required argument changed.
22
+ - MCP public surface fingerprint: `sha256:eaa8865070b10401`
23
+
13
24
  **Changed — JSON Schema generation shift (pln#486, zod 4 migration)**
14
25
  - Migration from zod 3.24 → 4.3.6 changes the introspection output that
15
26
  feeds `tools/list`. Schemas are semantically equivalent but the emitted
@@ -93,8 +104,24 @@ will still succeed. A follow-up PR will strip the dead handler code.
93
104
  changelog records the published MCP surface fingerprint. When a tool
94
105
  name, tier, category, or input schema changes, the test fails until
95
106
  this section is updated.
96
- - MCP public surface fingerprint: `sha256:333be7c3cda7e166`
97
- (updated 2026-06-09: added the `preflight` boolean to the bclaw_coordinate
107
+ - MCP public surface fingerprint: `sha256:b1d3c6a00a224509`
108
+ (updated 2026-06-14: journal ON by default + `migrate --enable-journal`,
109
+ registry post-image families + verify gate, and capped auto-handoff diff
110
+ preview on `bclaw_get`; pln#567/#568/#569.
111
+ Previous: `sha256:21fa9544977a3754`,
112
+ updated 2026-06-11b: observability surfaces — composite
113
+ `attention_required` in board_summary, observer-mode read flags,
114
+ `bootstrap_verdict` in FacadeResponse; pln#557/#558/#559.
115
+ Previous: `sha256:8f86d3998f8a24e3`,
116
+ updated 2026-06-11: uninitialized setup mode — the server now boots with
117
+ a minimal catalog on a missing project store instead of exit(1), and the
118
+ empty-memory decision rule is surfaced in setup/work hints; pln#556.
119
+ Previous: `sha256:eaa8865070b10401`,
120
+ updated 2026-06-10: agent-UX read-path surface — `budget_tokens` on the
121
+ read tools, `context_diff`/`next_actions` in facade payloads,
122
+ caller-asserted `type` on quick_capture; see the Unreleased entry, pln#542.
123
+ Previous: `sha256:333be7c3cda7e166`,
124
+ updated 2026-06-09: added the `preflight` boolean to the bclaw_coordinate
98
125
  inputSchema — pln#533, the pre-flight spawn validation for open_loop reviews
99
126
  (run one trivial validation spawn per reviewer before opening the loop so an
100
127
  environment death surfaces with a clear reason instead of a generic timeout).
@@ -6,46 +6,46 @@ Get brainclaw running in your project in under 5 minutes.
6
6
 
7
7
  If you're about to cut a release that changes the CLI, MCP, or context surface, run the checklist in [release-maintenance.md](release-maintenance.md) before publishing a local pack or npm build.
8
8
 
9
- ## Step 1: Install
10
-
11
- ```bash
12
- npm install -g brainclaw
13
- ```
14
-
15
- Requires Node.js 20+. Verify with `brainclaw --version`.
16
-
17
- ## Step 2: Bootstrap this machine
18
-
19
- ```bash
20
- brainclaw setup-machine --yes
21
- ```
22
-
23
- This configures the agents Brainclaw can see on the current machine and writes the machine-level MCP/user files it manages. It does **not** initialize the current repository yet.
24
-
25
- ## Step 3: Initialize or refresh your project
26
-
27
- ```bash
28
- cd your-project
29
- brainclaw init
30
- ```
31
-
32
- **What happens:**
33
- - Creates `.brainclaw/` when the project is new, or refreshes it safely when it already exists
34
- - Detects your coding agent (Claude Code, Codex, Cursor, Copilot, Cline, Mistral Vibe, etc.)
35
- - Refreshes the detected agent's project and machine integration files when applicable
36
- - Writes instruction files (`CLAUDE.md`, `AGENTS.md`, `.cursor/rules/brainclaw.md`, etc.)
37
- - Installs session hooks (if supported by your agent)
38
- - Adds `.brainclaw/` to `.gitignore`
39
-
40
- If you want the explicit path for a second or late-arriving agent on an already initialized project, use:
41
-
42
- ```bash
43
- brainclaw enable-agent <agent-name>
44
- ```
45
-
46
- If you have multiple repos, use `brainclaw setup --yes` instead — it bootstraps the machine, scans your project directories, and initializes everything at once.
47
-
48
- ## Step 4: Restart your agent
9
+ ## Step 1: Install
10
+
11
+ ```bash
12
+ npm install -g brainclaw
13
+ ```
14
+
15
+ Requires Node.js 20+ (`engines.node = ">=20.0.0"`). CI exercises Node 22 (Active LTS) and Node 24 (current LTS) — Node 22 or 24 is the recommended runtime; Node 20 still installs but is no longer CI-verified since its April 2026 EOL. Verify with `brainclaw --version`.
16
+
17
+ ## Step 2: Bootstrap this machine
18
+
19
+ ```bash
20
+ brainclaw setup-machine --yes
21
+ ```
22
+
23
+ This configures the agents Brainclaw can see on the current machine and writes the machine-level MCP/user files it manages. It does **not** initialize the current repository yet.
24
+
25
+ ## Step 3: Initialize or refresh your project
26
+
27
+ ```bash
28
+ cd your-project
29
+ brainclaw init
30
+ ```
31
+
32
+ **What happens:**
33
+ - Creates `.brainclaw/` when the project is new, or refreshes it safely when it already exists
34
+ - Detects your coding agent (Claude Code, Codex, Cursor, Copilot, Cline, Mistral Vibe, etc.)
35
+ - Refreshes the detected agent's project and machine integration files when applicable
36
+ - Writes instruction files (`CLAUDE.md`, `AGENTS.md`, `.cursor/rules/brainclaw.md`, etc.)
37
+ - Installs session hooks (if supported by your agent)
38
+ - Adds `.brainclaw/` to `.gitignore`
39
+
40
+ If you want the explicit path for a second or late-arriving agent on an already initialized project, use:
41
+
42
+ ```bash
43
+ brainclaw enable-agent <agent-name>
44
+ ```
45
+
46
+ If you have multiple repos, use `brainclaw setup --yes` instead — it bootstraps the machine, scans your project directories, and initializes everything at once.
47
+
48
+ ## Step 4: Restart your agent
49
49
 
50
50
  Your coding agent needs to reload to pick up the new MCP configuration.
51
51
 
@@ -58,7 +58,7 @@ Your coding agent needs to reload to pick up the new MCP configuration.
58
58
  | **Windsurf** | Reload the editor |
59
59
  | **Copilot** | Reload VS Code window (uses instruction file, not MCP) |
60
60
 
61
- ## Step 5: Verify it works
61
+ ## Step 5: Verify it works
62
62
 
63
63
  After reloading, tell your agent:
64
64
 
@@ -76,7 +76,7 @@ brainclaw agent-board # what each agent sees
76
76
  brainclaw context # current project memory
77
77
  ```
78
78
 
79
- ## Step 6: Start using brainclaw
79
+ ## Step 6: Start using brainclaw
80
80
 
81
81
  ### For agents with MCP (most agents)
82
82
 
@@ -109,11 +109,12 @@ The CLI is for inspection, scripting, and fallback:
109
109
 
110
110
  ```bash
111
111
  brainclaw plan create "Implement auth module" --priority high
112
- brainclaw plan list
113
- brainclaw claim list
114
- brainclaw context --for src/auth/routes.ts
115
- brainclaw export --detect --write # regenerate all instruction files
116
- ```
112
+ brainclaw plan list
113
+ brainclaw claim list
114
+ brainclaw context --for src/auth/routes.ts
115
+ brainclaw export --detect --write # regenerate the detected agent instruction file
116
+ brainclaw export --all # regenerate all known instruction files
117
+ ```
117
118
 
118
119
  ## Onboarding an existing project
119
120
 
package/docs/security.md CHANGED
@@ -4,8 +4,10 @@ brainclaw is designed to be safe by default.
4
4
 
5
5
  ## Security model
6
6
 
7
- ### No network access
8
- The CLI does not need to call external services to function.
7
+ ### No network access by default
8
+ The CLI does not need to call external services to function. The optional
9
+ supply-chain gate (see below) is the one feature that talks to a remote
10
+ service, and it is off until explicitly enabled.
9
11
 
10
12
  ### No telemetry
11
13
  brainclaw does not collect or send usage data.
@@ -19,35 +21,192 @@ That makes review easier, but it also means users must be careful about what the
19
21
 
20
22
  ## Built-in safety behaviors
21
23
 
22
- brainclaw warns when content appears sensitive, for example when text includes patterns such as:
24
+ ### Content scanning (scanText)
23
25
 
24
- - `api_key`
25
- - `secret`
26
- - `token`
27
- - `password`
26
+ Whenever content is added to `.brainclaw/` brainclaw scans the text in three
27
+ layers:
28
28
 
29
- It can also warn about sensitive paths such as:
29
+ 1. **User-configured regex patterns** from `redaction.patterns`. The
30
+ defaults catch words like `api_key`, `secret`, `token`, `password`.
31
+ 2. **Structural detectors** for well-known token shapes — GitHub PATs
32
+ (`ghp_`, `gho_`, `github_pat_…`), AWS access keys (`AKIA…`/`ASIA…`),
33
+ Google API keys (`AIza…`), Slack tokens and webhooks, Stripe
34
+ `sk_live_/sk_test_` keys, JWTs, PEM-encoded private keys, and URLs
35
+ with embedded `user:password@host` credentials.
36
+ 3. **Entropy detector** that flags high-Shannon-entropy substrings near
37
+ a secret keyword (api_key/token/secret/password/auth/...). This
38
+ catches custom-shaped keys the structural list does not enumerate.
30
39
 
31
- - `.env`
32
- - `secrets/`
40
+ In `security.mode: warn` matches surface as warnings; in
41
+ `security.strict_redaction: true` (or `security.mode: strict`) the same
42
+ matches block the write.
33
43
 
34
- Redaction behavior is configurable in `config.yaml`:
44
+ ### Sensitive paths
45
+
46
+ When `security.block_sensitive_paths: true` (default), content that
47
+ references paths like `.env`, `secrets/`, `.git/`, or `node_modules/`
48
+ emits a warning.
49
+
50
+ ### Configuration
35
51
 
36
52
  ```yaml
37
53
  security:
38
- mode: warn # 'warn' or 'strict'
54
+ mode: warn # 'warn' or 'strict' — affects redaction scanning
39
55
  strict_redaction: false # if true, blocks entries with sensitive content
40
56
  block_sensitive_paths: true
57
+ token_detection:
58
+ enabled: true # turn off all structural + entropy detection
59
+ entropy:
60
+ enabled: true
61
+ min_length: 32 # minimum substring length to consider
62
+ min_entropy: 4.0 # minimum Shannon entropy (bits/char)
63
+ detectors: # per-detector override map; explicit false disables a detector
64
+ aws_access_key: true
65
+ jwt: true
66
+
67
+ redaction:
68
+ enabled: true
69
+ patterns:
70
+ - '(?i)api[_-]?key'
71
+ - '(?i)secret'
72
+ - '(?i)token'
73
+ - '(?i)password'
74
+ ```
75
+
76
+ ## Supply-chain pre-install gate
77
+
78
+ `brainclaw setup-security` enables a preinstall gate that intercepts
79
+ `npm`/`pnpm`/`yarn`/`pip`/`pip3` install commands and asks Socket.dev's
80
+ scoring service whether the requested packages are risky.
81
+
82
+ ```
83
+ brainclaw setup-security --mode advisory # default — warn-only
84
+ brainclaw setup-security --mode enforced # block risky installs
41
85
  ```
42
86
 
87
+ ### Advisory vs enforced
88
+
89
+ The mode determines what happens when the gate decides a package is
90
+ risky:
91
+
92
+ - **advisory** — verdicts are surfaced (printed warning, security trap
93
+ created) but the install is *not* aborted.
94
+ - **enforced** — a `block` verdict aborts the install with a non-zero
95
+ exit code.
96
+
97
+ The mode is read from `security.preinstall.mode` and can be overridden
98
+ per call with `brainclaw check-security --mode <advisory|enforced>`.
99
+
100
+ ### Exit codes
101
+
102
+ `brainclaw check-security` emits exit codes that already encode the mode
103
+ decision, so wrapper scripts are mode-agnostic:
104
+
105
+ | Exit | Meaning |
106
+ |------|------------------------------------------------------------|
107
+ | 0 | pass — no risky packages |
108
+ | 1 | warn — advisory-mode block, or warn-threshold verdict |
109
+ | 2 | block — enforced-mode block; the wrapper aborts the install|
110
+
111
+ The wrapper scripts (`<.brainclaw/security/bin>/npm`, `pnpm`, `yarn`,
112
+ `pip`, `pip3` and their `.ps1` counterparts) call the CLI and react
113
+ purely to the exit code, so flipping advisory↔enforced is a config
114
+ change — no regeneration required.
115
+
116
+ ### Composite scoring
117
+
118
+ Each package gets five sub-scores from Socket (supply-chain,
119
+ vulnerability, quality, maintenance, license) on a 0–100 scale. The
120
+ gate combines them into a single composite using configurable weights:
121
+
122
+ ```yaml
123
+ security:
124
+ preinstall:
125
+ weights:
126
+ supply_chain: 0.35
127
+ vulnerability: 0.30
128
+ quality: 0.15
129
+ maintenance: 0.15
130
+ license: 0.05
131
+ thresholds:
132
+ composite_pass: 70 # composite >= 70 → pass
133
+ composite_warn: 50 # composite >= 50 but < 70 → warn; below → block
134
+ supply_chain_block: 30 # hard block when supply_chain < 30
135
+ vulnerability_block: 20 # hard block when vulnerability < 20
136
+ ```
137
+
138
+ Weights are normalized to sum to 1.0 automatically — a config like
139
+ `{ supply_chain: 1, vulnerability: 1 }` is rescaled rather than
140
+ producing composites above 100. Thresholds are clamped to `[0,100]`
141
+ and `composite_warn` is capped at `composite_pass` so the verdict
142
+ function stays monotonic.
143
+
144
+ ### Allowlist / denylist
145
+
146
+ ```yaml
147
+ security:
148
+ preinstall:
149
+ allowlist:
150
+ - npm:internal-pkg # ecosystem-scoped
151
+ - npm:axios@1.14.0 # exact version pin
152
+ - lodash # bare name — any ecosystem, any version
153
+ denylist:
154
+ - npm:axios@1.14.1 # known-compromised version
155
+ - pypi:bad-pkg
156
+ ```
157
+
158
+ Matching is exact on each component. Bare names match by package name
159
+ only; an `ecosystem:` prefix scopes the match to that ecosystem;
160
+ appending `@version` (or `==version` for pip-style) requires an exact
161
+ version. The wildcard `@*` matches any version (useful for explicit
162
+ "any version" entries).
163
+
164
+ This is a hard tightening from the MVP: previously `denylist: ['lodash']`
165
+ matched any package whose purl contained the substring `lodash`, so
166
+ `react-lodash` was silently blocked. The new matcher requires exact
167
+ package-name equality.
168
+
169
+ ### Package extraction sources
170
+
171
+ `check-security` can pull the list of packages from three places, which
172
+ may be combined:
173
+
174
+ - `--packages axios,express@1.2.3` — comma-separated specs
175
+ - `--requirements requirements.txt` — pip-style requirements file;
176
+ recursive `-r` includes, env markers, and extras are handled
177
+ - `--lockfile package-lock.json` — npm package-lock (v1, v2, v3);
178
+ scans top-level direct deps and devDeps
179
+
180
+ The wrappers auto-translate `npm install -r foo.txt` → `--requirements`,
181
+ skip filesystem paths and URL specs that aren't registry packages
182
+ (`./local-pkg`, `git+https://…`, `*.tgz`, `*.whl`), and handle the
183
+ common npm/pip flag conventions.
184
+
185
+ ### Offline / fetch-error fallback
186
+
187
+ When the Socket call fails (network down, service unreachable), the
188
+ gate uses `security.preinstall.fallback_on_error`:
189
+
190
+ - `block` — fail closed regardless of mode
191
+ - `warn` — surface a warning, continue with whatever cached scores
192
+ exist; if no cache exists the gate exits with code 1
193
+ - `pass` — silent fall-through (the install proceeds)
194
+
195
+ Cached scores have a TTL of `cache_ttl_hours` (default 24) and live
196
+ in `.brainclaw/security/cache.json`.
197
+
43
198
  ## Recommended stance
44
199
 
45
- - do not store secrets
200
+ - do not store secrets — even with detection, the safer move is to never
201
+ write them
46
202
  - review what gets committed
47
203
  - keep machine-local observations machine-local when appropriate
48
204
  - use stricter redaction settings in sensitive environments
205
+ - run `setup-security --mode advisory` first; flip to `enforced` once
206
+ the team has gotten used to the verdicts
49
207
 
50
208
  ## Important nuance
51
209
 
52
- brainclaw reduces hidden behavior, but it does not remove the need for operational discipline.
53
- It warns; the team still decides what belongs in shared memory.
210
+ brainclaw reduces hidden behavior, but it does not remove the need for
211
+ operational discipline. It warns; the team still decides what belongs
212
+ in shared memory.
package/docs/storage.md CHANGED
@@ -7,7 +7,7 @@ brainclaw is local-first and workspace-centric.
7
7
  ```text
8
8
  .brainclaw/
9
9
  config.yaml ← Project configuration
10
- project.md ← Derived readable view (best-effort, regenerable)
10
+ project.md ← Legacy derived readable view (best-effort, regenerable)
11
11
  events.jsonl ← Append-only event log (agent notifications)
12
12
  audit.log ← Append-only audit trail (before/after snapshots)
13
13
  memory/
@@ -42,7 +42,9 @@ Benefits:
42
42
  - isolated corruption (one bad file does not affect others)
43
43
 
44
44
  ### Derived views are best-effort
45
- `project.md` is a **derived view** regenerated from canonical state via `rebuildProjectMd()`. It is not a write target it can always be rebuilt from the JSON files using `brainclaw rebuild`.
45
+ `.brainclaw/project.md` is a **legacy derived view** regenerated from canonical state via `rebuildProjectMd()`. It is not a write target and no longer carries live claims, plans, handoffs, or runtime state — use `brainclaw agent-board`, `brainclaw context`, or MCP board/context tools for that operational data.
46
+
47
+ Root `PROJECT.md` is different: it is the durable project vision and should contain stable product, architecture, and contribution guidance that does not expire every session.
46
48
 
47
49
  Failures to regenerate `project.md` are logged but never block mutations. If it gets stale, `brainclaw doctor` detects the drift.
48
50