brainclaw 1.8.0 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -11
- package/dist/brainclaw-vscode.vsix +0 -0
- package/dist/cli.js +138 -13
- package/dist/commands/add-step.js +1 -1
- package/dist/commands/bootstrap.js +2 -26
- package/dist/commands/check-security-mcp.js +50 -33
- package/dist/commands/check-security.js +86 -43
- package/dist/commands/claim.js +22 -21
- package/dist/commands/confirm.js +26 -0
- package/dist/commands/context-diff.js +1 -1
- package/dist/commands/dispatch-watch.js +142 -0
- package/dist/commands/doctor.js +113 -2
- package/dist/commands/estimation-report.js +115 -16
- package/dist/commands/harvest.js +285 -22
- package/dist/commands/init.js +123 -21
- package/dist/commands/loops-handlers.js +4 -0
- package/dist/commands/mcp-read-handlers.js +198 -29
- package/dist/commands/mcp.js +588 -92
- package/dist/commands/memory.js +21 -17
- package/dist/commands/migrate.js +81 -17
- package/dist/commands/prune.js +78 -4
- package/dist/commands/reflect.js +26 -20
- package/dist/commands/register-agent.js +57 -1
- package/dist/commands/repair.js +20 -0
- package/dist/commands/session-end.js +15 -6
- package/dist/commands/session-start.js +18 -1
- package/dist/commands/setup-security.js +39 -18
- package/dist/commands/setup.js +26 -27
- package/dist/commands/stale.js +16 -2
- package/dist/commands/uninstall.js +126 -34
- package/dist/commands/update-step.js +6 -0
- package/dist/commands/worktree.js +60 -0
- package/dist/core/actions.js +12 -3
- package/dist/core/agent-capability.js +11 -13
- package/dist/core/agent-files.js +844 -547
- package/dist/core/agent-integrations.js +0 -3
- package/dist/core/agent-inventory.js +67 -0
- package/dist/core/agent-registry.js +163 -29
- package/dist/core/agentrun-reconciler.js +33 -2
- package/dist/core/agentruns.js +7 -1
- package/dist/core/ai-agent-detection.js +31 -44
- package/dist/core/archival.js +15 -9
- package/dist/core/assignment-reconciler.js +56 -0
- package/dist/core/assignment-sweeper.js +127 -4
- package/dist/core/assignments.js +69 -11
- package/dist/core/bootstrap.js +233 -67
- package/dist/core/brainclaw-version.js +22 -0
- package/dist/core/candidates.js +21 -1
- package/dist/core/claims.js +313 -150
- package/dist/core/config.js +6 -1
- package/dist/core/context-diff.js +148 -20
- package/dist/core/context.js +129 -8
- package/dist/core/coordination.js +22 -3
- package/dist/core/dispatch-status.js +79 -5
- package/dist/core/dispatcher.js +64 -11
- package/dist/core/entity-operations.js +45 -24
- package/dist/core/entity-registry.js +31 -5
- package/dist/core/event-log.js +138 -21
- package/dist/core/events/checkpoint.js +258 -0
- package/dist/core/events/genesis.js +220 -0
- package/dist/core/events/journal.js +507 -0
- package/dist/core/events/materialize.js +126 -0
- package/dist/core/events/registry-post-image.js +110 -0
- package/dist/core/events/verify.js +109 -0
- package/dist/core/execution-adapters.js +23 -0
- package/dist/core/facade-schema.js +38 -0
- package/dist/core/gc-semantic.js +130 -5
- package/dist/core/handoff-snapshot.js +68 -0
- package/dist/core/ids.js +19 -8
- package/dist/core/instruction-templates.js +34 -115
- package/dist/core/io.js +39 -3
- package/dist/core/json-store.js +10 -1
- package/dist/core/lock.js +153 -28
- package/dist/core/loops/bootstrap-acquire.js +25 -1
- package/dist/core/loops/facade-schema.js +2 -0
- package/dist/core/loops/hooks/survey-signals-baseline.js +36 -0
- package/dist/core/loops/index.js +1 -0
- package/dist/core/loops/presets/bootstrap.js +7 -0
- package/dist/core/loops/store.js +17 -0
- package/dist/core/loops/verbs.js +24 -1
- package/dist/core/markdown.js +8 -76
- package/dist/core/mcp-command-resolution.js +245 -0
- package/dist/core/memory-compactor.js +5 -3
- package/dist/core/memory-lifecycle.js +282 -0
- package/dist/core/merge-risk.js +150 -0
- package/dist/core/messaging.js +8 -1
- package/dist/core/migration.js +11 -1
- package/dist/core/observer-mode.js +26 -0
- package/dist/core/operations/memory-mutation.js +90 -65
- package/dist/core/operations/plan.js +27 -1
- package/dist/core/protocol-skills.js +210 -0
- package/dist/core/reflection-safety.js +6 -7
- package/dist/core/reputation.js +84 -2
- package/dist/core/runtime-signals.js +71 -9
- package/dist/core/runtime.js +84 -1
- package/dist/core/schema.js +114 -0
- package/dist/core/security-detectors.js +125 -0
- package/dist/core/security-extract.js +189 -0
- package/dist/core/security-guard.js +107 -29
- package/dist/core/security-packages.js +121 -0
- package/dist/core/security-scoring.js +76 -9
- package/dist/core/security.js +34 -2
- package/dist/core/sequence.js +11 -2
- package/dist/core/setup-flow.js +141 -13
- package/dist/core/staleness.js +72 -1
- package/dist/core/state.js +250 -54
- package/dist/core/store-resolution.js +19 -5
- package/dist/core/worktree.js +72 -8
- package/dist/facts.js +8 -8
- package/dist/facts.json +7 -7
- package/docs/PROTOCOL.md +223 -0
- package/docs/cli.md +11 -10
- package/docs/concepts/coordinator-runbook.md +129 -0
- package/docs/concepts/event-log-store-critique-A.md +333 -0
- package/docs/concepts/event-log-store-critique-B.md +353 -0
- package/docs/concepts/event-log-store-phase0-measurements.md +58 -0
- package/docs/concepts/event-log-store-proposal-A.md +365 -0
- package/docs/concepts/event-log-store-proposal-B.md +404 -0
- package/docs/concepts/event-log-store.md +928 -0
- package/docs/concepts/identity-model-proposal.md +371 -0
- package/docs/concepts/memory.md +5 -4
- package/docs/concepts/observer-protocol.md +361 -0
- package/docs/concepts/parallel-merge-protocol.md +71 -0
- package/docs/concepts/plans-and-claims.md +43 -0
- package/docs/concepts/skills.md +78 -0
- package/docs/concepts/workspace-bootstrapping.md +61 -0
- package/docs/integrations/agents.md +4 -4
- package/docs/integrations/cline.md +10 -11
- package/docs/integrations/codex.md +2 -2
- package/docs/integrations/continue.md +5 -5
- package/docs/integrations/copilot.md +14 -12
- package/docs/integrations/openclaw.md +7 -6
- package/docs/integrations/overview.md +7 -7
- package/docs/integrations/roo.md +3 -3
- package/docs/integrations/windsurf.md +6 -6
- package/docs/mcp-schema-changelog.md +29 -2
- package/docs/quickstart.md +48 -47
- package/docs/security.md +174 -15
- package/docs/storage.md +4 -2
- package/package.json +8 -6
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Cline Integration
|
|
2
2
|
|
|
3
|
-
brainclaw integrates with Cline through MCP tools, instruction rules, and
|
|
3
|
+
brainclaw integrates with Cline through MCP tools, instruction rules, auto-approval, and CLI spawn capability for parallel lanes. Cline does not currently expose a Brainclaw-managed lifecycle hook surface.
|
|
4
4
|
|
|
5
5
|
## Auto-setup
|
|
6
6
|
|
|
@@ -51,9 +51,9 @@ Cline supports per-server `alwaysAllow` for auto-approving specific tools:
|
|
|
51
51
|
- `.clinerules/live.md` — optional local live companion with current plans, claims, traps, candidates, and handoffs. Write it with `brainclaw export --format cline --write --include-live`; it remains gitignored.
|
|
52
52
|
- Static content stays behavioural and lightweight. By default, live state flows through MCP; the live companion is an optional parity/backstop file.
|
|
53
53
|
|
|
54
|
-
## SKILL.md discovery
|
|
55
|
-
|
|
56
|
-
Cline
|
|
54
|
+
## SKILL.md discovery
|
|
55
|
+
|
|
56
|
+
Cline may discover skills from agent-specific directories depending on the installed extension/version. Brainclaw's current Cline writer configures MCP and `.clinerules/brainclaw.md`; it does not write a Cline-specific SKILL.md.
|
|
57
57
|
|
|
58
58
|
## Headless invocation
|
|
59
59
|
|
|
@@ -69,11 +69,11 @@ The `-y` flag (YOLO mode) disables interactive approval prompts so the spawned w
|
|
|
69
69
|
|
|
70
70
|
| Field | Value |
|
|
71
71
|
|-------|-------|
|
|
72
|
-
| Tier | A |
|
|
73
|
-
| MCP | yes |
|
|
74
|
-
| Hooks |
|
|
75
|
-
| Auto-approve | yes (`alwaysAllow` per server, `-y` per session) |
|
|
76
|
-
| Skills |
|
|
72
|
+
| Tier | A |
|
|
73
|
+
| MCP | yes |
|
|
74
|
+
| Hooks | no |
|
|
75
|
+
| Auto-approve | yes (`alwaysAllow` per server, `-y` per session) |
|
|
76
|
+
| Skills | no Brainclaw-specific writer |
|
|
77
77
|
| CLI spawnable | yes |
|
|
78
78
|
| Max concurrent tasks | 3 |
|
|
79
79
|
| Workflow model | interactive |
|
|
@@ -82,7 +82,6 @@ The `-y` flag (YOLO mode) disables interactive approval prompts so the spawned w
|
|
|
82
82
|
|
|
83
83
|
## Caveats
|
|
84
84
|
|
|
85
|
-
- **
|
|
86
|
-
- **Cline / Roo / Kilocode family**: Cline shares its config-pattern lineage with Roo Code and Kilocode. The directory names differ (`.clinerules/` vs `.roo/rules/` vs `.kilo/rules/`) but the auto-discovery model is the same.
|
|
85
|
+
- **Cline / Roo / Kilocode family**: Cline shares its config-pattern lineage with Roo Code and Kilocode. The directory names differ (`.clinerules/` vs `.roo/rules/` vs `.kilo/rules/`) but the auto-discovery model is the same.
|
|
87
86
|
- **Project-scoped MCP**: unlike machine-scoped agents (Cursor, Windsurf), Cline's MCP config lives in the repo. Each repo gets its own brainclaw registration.
|
|
88
87
|
- **Long prompts**: inline arg supports up to 8000 chars before falling back to inbox-structured delivery. Briefs longer than that should arrive via inbox.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Codex Integration
|
|
2
2
|
|
|
3
|
-
brainclaw integrates with OpenAI's Codex CLI through MCP tools and shared instruction files. Codex
|
|
3
|
+
brainclaw integrates with OpenAI's Codex CLI through MCP tools and shared instruction files. Codex has MCP access, universal skills support, and headless CLI spawn capability, but no native lifecycle hook surface.
|
|
4
4
|
|
|
5
5
|
## Auto-setup
|
|
6
6
|
|
|
@@ -61,7 +61,7 @@ Since pln#476 (1.0.13+), spawned Codex workers are marked `delivered_and_started
|
|
|
61
61
|
|-------|-------|
|
|
62
62
|
| Tier | A |
|
|
63
63
|
| MCP | yes |
|
|
64
|
-
| Hooks |
|
|
64
|
+
| Hooks | no |
|
|
65
65
|
| Auto-approve | manual (per-tool approval) |
|
|
66
66
|
| Skills | yes |
|
|
67
67
|
| CLI spawnable | yes |
|
|
@@ -6,9 +6,9 @@ brainclaw integrates with Continue through MCP tools and project-scoped rules, g
|
|
|
6
6
|
|
|
7
7
|
`brainclaw init` detects Continue and writes `.continue/rules/brainclaw.md` automatically. Or manually:
|
|
8
8
|
|
|
9
|
-
```bash
|
|
10
|
-
brainclaw export --format continue
|
|
11
|
-
```
|
|
9
|
+
```bash
|
|
10
|
+
brainclaw export --format continue --write
|
|
11
|
+
```
|
|
12
12
|
|
|
13
13
|
## MCP configuration
|
|
14
14
|
|
|
@@ -32,7 +32,7 @@ Per-server YAML configs are also supported in `.continue/mcpServers/*.yaml`.
|
|
|
32
32
|
|
|
33
33
|
Continue uses a separate permissions file at `~/.continue/permissions.yaml`. Tool-level control uses `--allow`, `--ask`, and `--exclude` flags on the CLI.
|
|
34
34
|
|
|
35
|
-
brainclaw
|
|
35
|
+
`brainclaw setup-machine` writes `~/.continue/permissions.yaml` when Continue is selected. Configure it manually only if you need stricter local policy than Brainclaw's generated defaults.
|
|
36
36
|
|
|
37
37
|
## SKILL.md discovery
|
|
38
38
|
|
|
@@ -55,6 +55,6 @@ cn /path/to/project
|
|
|
55
55
|
## Caveats
|
|
56
56
|
|
|
57
57
|
- **No hooks**: Continue delegates hook-like behavior to VS Code extensions. No native pre-prompt injection.
|
|
58
|
-
- **
|
|
58
|
+
- **Permissions are machine-local**: Brainclaw can write `~/.continue/permissions.yaml`, but it is not committed with the project.
|
|
59
59
|
- **No native subagents**: Continue does not expose subagent orchestration.
|
|
60
60
|
- **Windows**: Works via VS Code extension; CLI (`cn`) requires Node.js on PATH.
|
|
@@ -4,10 +4,12 @@ brainclaw integrates with GitHub Copilot through MCP tools, instruction files, a
|
|
|
4
4
|
|
|
5
5
|
## Auto-setup
|
|
6
6
|
|
|
7
|
-
`brainclaw init` detects Copilot (`gh copilot` or `copilot` CLI installed) and writes:
|
|
8
|
-
|
|
9
|
-
- `.github/copilot-instructions.md` — instruction file Copilot reads automatically on each prompt
|
|
10
|
-
-
|
|
7
|
+
`brainclaw init` detects Copilot (`gh copilot` or `copilot` CLI installed) and writes:
|
|
8
|
+
|
|
9
|
+
- `.github/copilot-instructions.md` — instruction file Copilot reads automatically on each prompt
|
|
10
|
+
- `.vscode/settings.json` and `.vscode/mcp.json` — project-level MCP registration used by VS Code/Copilot surfaces
|
|
11
|
+
- `.github/copilot/hooks.json` — session lifecycle hooks where supported
|
|
12
|
+
- `.github/skills/brainclaw-context/SKILL.md` and `.agents/skills/brainclaw/SKILL.md` — Copilot and cross-agent skill discovery
|
|
11
13
|
|
|
12
14
|
Manual regeneration:
|
|
13
15
|
|
|
@@ -18,14 +20,14 @@ brainclaw export --format copilot-instructions --write --include-live
|
|
|
18
20
|
|
|
19
21
|
## MCP configuration
|
|
20
22
|
|
|
21
|
-
Copilot reads MCP
|
|
22
|
-
|
|
23
|
-
```json
|
|
24
|
-
{
|
|
25
|
-
"
|
|
26
|
-
"brainclaw": {
|
|
27
|
-
"command": "npx",
|
|
28
|
-
"args": ["-y", "brainclaw@latest", "mcp"]
|
|
23
|
+
VS Code/Copilot reads project MCP configuration from `.vscode/settings.json` and `.vscode/mcp.json`:
|
|
24
|
+
|
|
25
|
+
```json
|
|
26
|
+
{
|
|
27
|
+
"servers": {
|
|
28
|
+
"brainclaw": {
|
|
29
|
+
"command": "npx",
|
|
30
|
+
"args": ["-y", "brainclaw@latest", "mcp"]
|
|
29
31
|
}
|
|
30
32
|
}
|
|
31
33
|
}
|
|
@@ -38,12 +38,13 @@ brainclaw enable-agent openclaw
|
|
|
38
38
|
|
|
39
39
|
This copies the brainclaw skill to `~/.openclaw/workspace/skills/brainclaw/`.
|
|
40
40
|
|
|
41
|
-
Or manually:
|
|
42
|
-
|
|
43
|
-
```bash
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
41
|
+
Or manually:
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
brainclaw export --format openclaw --output /tmp/brainclaw-openclaw-skill.md
|
|
45
|
+
mkdir -p ~/.openclaw/workspace/skills/brainclaw
|
|
46
|
+
cp /tmp/brainclaw-openclaw-skill.md ~/.openclaw/workspace/skills/brainclaw/SKILL.md
|
|
47
|
+
```
|
|
47
48
|
|
|
48
49
|
### Initialize a project
|
|
49
50
|
|
|
@@ -71,16 +71,16 @@ The agent cannot call brainclaw tools at all. The instruction file or SKILL.md b
|
|
|
71
71
|
| Agent | MCP | Instruction file | Hooks | Auto-approve | Skills |
|
|
72
72
|
|---|---|---|---|---|---|
|
|
73
73
|
| **Claude Code** | ✔ project + global | CLAUDE.md | ✔ pre-prompt + stop | ✔ permissions | ✔ /brainclaw |
|
|
74
|
-
| **Cursor** | ✔ global | .cursor/rules/ + MDC |
|
|
75
|
-
| **Windsurf** | ✔ global | .windsurfrules
|
|
74
|
+
| **Cursor** | ✔ global | .cursor/rules/ + MDC | ✔ workspace hooks | — | ✔ universal skills |
|
|
75
|
+
| **Windsurf** | ✔ global | .windsurfrules + .windsurf/rules/ | — | ✔ alwaysAllow | — |
|
|
76
76
|
| **Cline** | ✔ project | .clinerules/ | — | ✔ autoApprove | — |
|
|
77
77
|
| **Roo** | ✔ project | .roo/rules/ | — | ✔ alwaysAllow | — |
|
|
78
|
-
| **Continue** | ✔ both | .continue/rules/ | — |
|
|
79
|
-
| **Kilocode** | ✔ both | .kilo/rules/ + AGENTS.md | — | ✔ alwaysAllow |
|
|
80
|
-
| **OpenCode** | ✔ project | AGENTS.md | — | — |
|
|
81
|
-
| **Codex** | ✔ global | AGENTS.md | — | — |
|
|
78
|
+
| **Continue** | ✔ both | .continue/rules/ | — | ✔ permissions.yaml | — |
|
|
79
|
+
| **Kilocode** | ✔ both | .kilo/rules/ + AGENTS.md | — | ✔ alwaysAllow | ✔ universal skills |
|
|
80
|
+
| **OpenCode** | ✔ project | AGENTS.md | — | — | ✔ universal skills |
|
|
81
|
+
| **Codex** | ✔ global | AGENTS.md | — | — | ✔ universal skills |
|
|
82
82
|
| **Gemini CLI** | ✔ global | GEMINI.md | — | — | — |
|
|
83
|
-
| **GitHub Copilot** | ✔
|
|
83
|
+
| **GitHub Copilot** | ✔ project | .github/copilot-instructions.md | ✔ workspace hooks | manual (per-call) | ✔ brainclaw-context + universal skills |
|
|
84
84
|
| **Mistral Vibe** | ✔ project + user (TOML) | AGENTS.md | — | `--auto-approve` flag | ✔ universal skill |
|
|
85
85
|
| **Hermes** | ✔ global (YAML) | AGENTS.md | — | — | ✔ universal skill |
|
|
86
86
|
| **OpenClaw** | — | — | — | — | ✔ brainclaw skill |
|
package/docs/integrations/roo.md
CHANGED
|
@@ -6,9 +6,9 @@ brainclaw integrates with Roo through MCP tools and project-scoped rules, provid
|
|
|
6
6
|
|
|
7
7
|
`brainclaw init` detects Roo and writes `.roo/rules/brainclaw.md` automatically. Or manually:
|
|
8
8
|
|
|
9
|
-
```bash
|
|
10
|
-
brainclaw export --format roo
|
|
11
|
-
```
|
|
9
|
+
```bash
|
|
10
|
+
brainclaw export --format roo --write
|
|
11
|
+
```
|
|
12
12
|
|
|
13
13
|
## MCP configuration
|
|
14
14
|
|
|
@@ -6,9 +6,9 @@ brainclaw integrates with Windsurf through MCP tools and instruction rules, prov
|
|
|
6
6
|
|
|
7
7
|
`brainclaw init` detects Windsurf and writes `.windsurfrules` automatically. Or manually:
|
|
8
8
|
|
|
9
|
-
```bash
|
|
10
|
-
brainclaw export --format
|
|
11
|
-
```
|
|
9
|
+
```bash
|
|
10
|
+
brainclaw export --format windsurf --write
|
|
11
|
+
```
|
|
12
12
|
|
|
13
13
|
## MCP configuration
|
|
14
14
|
|
|
@@ -49,14 +49,14 @@ Windsurf supports `alwaysAllow` as an array on each MCP server entry:
|
|
|
49
49
|
}
|
|
50
50
|
```
|
|
51
51
|
|
|
52
|
-
brainclaw
|
|
52
|
+
`brainclaw setup-machine` emits the Windsurf MCP config with `alwaysAllow` for the Brainclaw tool surface.
|
|
53
53
|
|
|
54
54
|
## Instruction files
|
|
55
55
|
|
|
56
56
|
- `.windsurf/rules/*.md` — modern format (recommended), multiple rule files
|
|
57
57
|
- `.windsurfrules` — legacy single-file format (still supported)
|
|
58
58
|
|
|
59
|
-
brainclaw
|
|
59
|
+
`brainclaw export --format windsurf --write` writes the legacy `.windsurfrules` instruction file. Project setup also writes `.windsurf/rules/brainclaw.md` when Windsurf is selected, so modern rule discovery is covered.
|
|
60
60
|
|
|
61
61
|
## SKILL.md discovery
|
|
62
62
|
|
|
@@ -77,7 +77,7 @@ Windsurf does not offer a headless CLI. It runs as a Docker-based environment
|
|
|
77
77
|
|
|
78
78
|
- **Machine-scoped MCP**: The config at `~/.codeium/windsurf/mcp_config.json` is global, not per-project. All projects share the same server list.
|
|
79
79
|
- **No hooks**: Cascade Hooks exist but are limited to logging — no pre-prompt injection.
|
|
80
|
-
- **
|
|
80
|
+
- **Two rule paths**: `.windsurfrules` remains the portable export target; `.windsurf/rules/brainclaw.md` is written during project setup for modern Windsurf rule discovery.
|
|
81
81
|
- **No headless**: Cannot be used as a brainclaw dispatch target.
|
|
82
82
|
- **Plan Mode**: Windsurf's "megaplan" mode is separate from brainclaw plans — they don't conflict but don't interoperate.
|
|
83
83
|
- **Windows/Linux**: Works on all platforms via the Windsurf IDE.
|
|
@@ -10,6 +10,17 @@ guarantees this changelog follows.
|
|
|
10
10
|
|
|
11
11
|
## Unreleased
|
|
12
12
|
|
|
13
|
+
**Changed — agent-UX read-path surface (pln#542)**
|
|
14
|
+
- `bclaw_work`, `bclaw_context`, `bclaw_find`, `bclaw_get`, `bclaw_search`
|
|
15
|
+
gain an optional `budget_tokens` argument (relevance-ranked fill).
|
|
16
|
+
- `bclaw_work` compact payload now includes a trimmed `context_diff`
|
|
17
|
+
(event-cursor sourced, all intents) and facade responses carry
|
|
18
|
+
`next_actions` affordances.
|
|
19
|
+
- `bclaw_quick_capture` gains an optional caller-asserted `type` argument;
|
|
20
|
+
contradiction detection is advisory metadata (no longer blocks promotion).
|
|
21
|
+
- No tool was removed or renamed; no required argument changed.
|
|
22
|
+
- MCP public surface fingerprint: `sha256:eaa8865070b10401`
|
|
23
|
+
|
|
13
24
|
**Changed — JSON Schema generation shift (pln#486, zod 4 migration)**
|
|
14
25
|
- Migration from zod 3.24 → 4.3.6 changes the introspection output that
|
|
15
26
|
feeds `tools/list`. Schemas are semantically equivalent but the emitted
|
|
@@ -93,8 +104,24 @@ will still succeed. A follow-up PR will strip the dead handler code.
|
|
|
93
104
|
changelog records the published MCP surface fingerprint. When a tool
|
|
94
105
|
name, tier, category, or input schema changes, the test fails until
|
|
95
106
|
this section is updated.
|
|
96
|
-
- MCP public surface fingerprint: `sha256:
|
|
97
|
-
(updated 2026-06-
|
|
107
|
+
- MCP public surface fingerprint: `sha256:b1d3c6a00a224509`
|
|
108
|
+
(updated 2026-06-14: journal ON by default + `migrate --enable-journal`,
|
|
109
|
+
registry post-image families + verify gate, and capped auto-handoff diff
|
|
110
|
+
preview on `bclaw_get`; pln#567/#568/#569.
|
|
111
|
+
Previous: `sha256:21fa9544977a3754`,
|
|
112
|
+
updated 2026-06-11b: observability surfaces — composite
|
|
113
|
+
`attention_required` in board_summary, observer-mode read flags,
|
|
114
|
+
`bootstrap_verdict` in FacadeResponse; pln#557/#558/#559.
|
|
115
|
+
Previous: `sha256:8f86d3998f8a24e3`,
|
|
116
|
+
updated 2026-06-11: uninitialized setup mode — the server now boots with
|
|
117
|
+
a minimal catalog on a missing project store instead of exit(1), and the
|
|
118
|
+
empty-memory decision rule is surfaced in setup/work hints; pln#556.
|
|
119
|
+
Previous: `sha256:eaa8865070b10401`,
|
|
120
|
+
updated 2026-06-10: agent-UX read-path surface — `budget_tokens` on the
|
|
121
|
+
read tools, `context_diff`/`next_actions` in facade payloads,
|
|
122
|
+
caller-asserted `type` on quick_capture; see the Unreleased entry, pln#542.
|
|
123
|
+
Previous: `sha256:333be7c3cda7e166`,
|
|
124
|
+
updated 2026-06-09: added the `preflight` boolean to the bclaw_coordinate
|
|
98
125
|
inputSchema — pln#533, the pre-flight spawn validation for open_loop reviews
|
|
99
126
|
(run one trivial validation spawn per reviewer before opening the loop so an
|
|
100
127
|
environment death surfaces with a clear reason instead of a generic timeout).
|
package/docs/quickstart.md
CHANGED
|
@@ -6,46 +6,46 @@ Get brainclaw running in your project in under 5 minutes.
|
|
|
6
6
|
|
|
7
7
|
If you're about to cut a release that changes the CLI, MCP, or context surface, run the checklist in [release-maintenance.md](release-maintenance.md) before publishing a local pack or npm build.
|
|
8
8
|
|
|
9
|
-
## Step 1: Install
|
|
10
|
-
|
|
11
|
-
```bash
|
|
12
|
-
npm install -g brainclaw
|
|
13
|
-
```
|
|
14
|
-
|
|
15
|
-
Requires Node.js 20
|
|
16
|
-
|
|
17
|
-
## Step 2: Bootstrap this machine
|
|
18
|
-
|
|
19
|
-
```bash
|
|
20
|
-
brainclaw setup-machine --yes
|
|
21
|
-
```
|
|
22
|
-
|
|
23
|
-
This configures the agents Brainclaw can see on the current machine and writes the machine-level MCP/user files it manages. It does **not** initialize the current repository yet.
|
|
24
|
-
|
|
25
|
-
## Step 3: Initialize or refresh your project
|
|
26
|
-
|
|
27
|
-
```bash
|
|
28
|
-
cd your-project
|
|
29
|
-
brainclaw init
|
|
30
|
-
```
|
|
31
|
-
|
|
32
|
-
**What happens:**
|
|
33
|
-
- Creates `.brainclaw/` when the project is new, or refreshes it safely when it already exists
|
|
34
|
-
- Detects your coding agent (Claude Code, Codex, Cursor, Copilot, Cline, Mistral Vibe, etc.)
|
|
35
|
-
- Refreshes the detected agent's project and machine integration files when applicable
|
|
36
|
-
- Writes instruction files (`CLAUDE.md`, `AGENTS.md`, `.cursor/rules/brainclaw.md`, etc.)
|
|
37
|
-
- Installs session hooks (if supported by your agent)
|
|
38
|
-
- Adds `.brainclaw/` to `.gitignore`
|
|
39
|
-
|
|
40
|
-
If you want the explicit path for a second or late-arriving agent on an already initialized project, use:
|
|
41
|
-
|
|
42
|
-
```bash
|
|
43
|
-
brainclaw enable-agent <agent-name>
|
|
44
|
-
```
|
|
45
|
-
|
|
46
|
-
If you have multiple repos, use `brainclaw setup --yes` instead — it bootstraps the machine, scans your project directories, and initializes everything at once.
|
|
47
|
-
|
|
48
|
-
## Step 4: Restart your agent
|
|
9
|
+
## Step 1: Install
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
npm install -g brainclaw
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
Requires Node.js 20+ (`engines.node = ">=20.0.0"`). CI exercises Node 22 (Active LTS) and Node 24 (current LTS) — Node 22 or 24 is the recommended runtime; Node 20 still installs but is no longer CI-verified since its April 2026 EOL. Verify with `brainclaw --version`.
|
|
16
|
+
|
|
17
|
+
## Step 2: Bootstrap this machine
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
brainclaw setup-machine --yes
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
This configures the agents Brainclaw can see on the current machine and writes the machine-level MCP/user files it manages. It does **not** initialize the current repository yet.
|
|
24
|
+
|
|
25
|
+
## Step 3: Initialize or refresh your project
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
cd your-project
|
|
29
|
+
brainclaw init
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
**What happens:**
|
|
33
|
+
- Creates `.brainclaw/` when the project is new, or refreshes it safely when it already exists
|
|
34
|
+
- Detects your coding agent (Claude Code, Codex, Cursor, Copilot, Cline, Mistral Vibe, etc.)
|
|
35
|
+
- Refreshes the detected agent's project and machine integration files when applicable
|
|
36
|
+
- Writes instruction files (`CLAUDE.md`, `AGENTS.md`, `.cursor/rules/brainclaw.md`, etc.)
|
|
37
|
+
- Installs session hooks (if supported by your agent)
|
|
38
|
+
- Adds `.brainclaw/` to `.gitignore`
|
|
39
|
+
|
|
40
|
+
If you want the explicit path for a second or late-arriving agent on an already initialized project, use:
|
|
41
|
+
|
|
42
|
+
```bash
|
|
43
|
+
brainclaw enable-agent <agent-name>
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
If you have multiple repos, use `brainclaw setup --yes` instead — it bootstraps the machine, scans your project directories, and initializes everything at once.
|
|
47
|
+
|
|
48
|
+
## Step 4: Restart your agent
|
|
49
49
|
|
|
50
50
|
Your coding agent needs to reload to pick up the new MCP configuration.
|
|
51
51
|
|
|
@@ -58,7 +58,7 @@ Your coding agent needs to reload to pick up the new MCP configuration.
|
|
|
58
58
|
| **Windsurf** | Reload the editor |
|
|
59
59
|
| **Copilot** | Reload VS Code window (uses instruction file, not MCP) |
|
|
60
60
|
|
|
61
|
-
## Step 5: Verify it works
|
|
61
|
+
## Step 5: Verify it works
|
|
62
62
|
|
|
63
63
|
After reloading, tell your agent:
|
|
64
64
|
|
|
@@ -76,7 +76,7 @@ brainclaw agent-board # what each agent sees
|
|
|
76
76
|
brainclaw context # current project memory
|
|
77
77
|
```
|
|
78
78
|
|
|
79
|
-
## Step 6: Start using brainclaw
|
|
79
|
+
## Step 6: Start using brainclaw
|
|
80
80
|
|
|
81
81
|
### For agents with MCP (most agents)
|
|
82
82
|
|
|
@@ -109,11 +109,12 @@ The CLI is for inspection, scripting, and fallback:
|
|
|
109
109
|
|
|
110
110
|
```bash
|
|
111
111
|
brainclaw plan create "Implement auth module" --priority high
|
|
112
|
-
brainclaw plan list
|
|
113
|
-
brainclaw claim list
|
|
114
|
-
brainclaw context --for src/auth/routes.ts
|
|
115
|
-
brainclaw export --detect --write # regenerate
|
|
116
|
-
|
|
112
|
+
brainclaw plan list
|
|
113
|
+
brainclaw claim list
|
|
114
|
+
brainclaw context --for src/auth/routes.ts
|
|
115
|
+
brainclaw export --detect --write # regenerate the detected agent instruction file
|
|
116
|
+
brainclaw export --all # regenerate all known instruction files
|
|
117
|
+
```
|
|
117
118
|
|
|
118
119
|
## Onboarding an existing project
|
|
119
120
|
|
package/docs/security.md
CHANGED
|
@@ -4,8 +4,10 @@ brainclaw is designed to be safe by default.
|
|
|
4
4
|
|
|
5
5
|
## Security model
|
|
6
6
|
|
|
7
|
-
### No network access
|
|
8
|
-
The CLI does not need to call external services to function.
|
|
7
|
+
### No network access by default
|
|
8
|
+
The CLI does not need to call external services to function. The optional
|
|
9
|
+
supply-chain gate (see below) is the one feature that talks to a remote
|
|
10
|
+
service, and it is off until explicitly enabled.
|
|
9
11
|
|
|
10
12
|
### No telemetry
|
|
11
13
|
brainclaw does not collect or send usage data.
|
|
@@ -19,35 +21,192 @@ That makes review easier, but it also means users must be careful about what the
|
|
|
19
21
|
|
|
20
22
|
## Built-in safety behaviors
|
|
21
23
|
|
|
22
|
-
|
|
24
|
+
### Content scanning (scanText)
|
|
23
25
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
- `token`
|
|
27
|
-
- `password`
|
|
26
|
+
Whenever content is added to `.brainclaw/` brainclaw scans the text in three
|
|
27
|
+
layers:
|
|
28
28
|
|
|
29
|
-
|
|
29
|
+
1. **User-configured regex patterns** from `redaction.patterns`. The
|
|
30
|
+
defaults catch words like `api_key`, `secret`, `token`, `password`.
|
|
31
|
+
2. **Structural detectors** for well-known token shapes — GitHub PATs
|
|
32
|
+
(`ghp_`, `gho_`, `github_pat_…`), AWS access keys (`AKIA…`/`ASIA…`),
|
|
33
|
+
Google API keys (`AIza…`), Slack tokens and webhooks, Stripe
|
|
34
|
+
`sk_live_/sk_test_` keys, JWTs, PEM-encoded private keys, and URLs
|
|
35
|
+
with embedded `user:password@host` credentials.
|
|
36
|
+
3. **Entropy detector** that flags high-Shannon-entropy substrings near
|
|
37
|
+
a secret keyword (api_key/token/secret/password/auth/...). This
|
|
38
|
+
catches custom-shaped keys the structural list does not enumerate.
|
|
30
39
|
|
|
31
|
-
|
|
32
|
-
|
|
40
|
+
In `security.mode: warn` matches surface as warnings; in
|
|
41
|
+
`security.strict_redaction: true` (or `security.mode: strict`) the same
|
|
42
|
+
matches block the write.
|
|
33
43
|
|
|
34
|
-
|
|
44
|
+
### Sensitive paths
|
|
45
|
+
|
|
46
|
+
When `security.block_sensitive_paths: true` (default), content that
|
|
47
|
+
references paths like `.env`, `secrets/`, `.git/`, or `node_modules/`
|
|
48
|
+
emits a warning.
|
|
49
|
+
|
|
50
|
+
### Configuration
|
|
35
51
|
|
|
36
52
|
```yaml
|
|
37
53
|
security:
|
|
38
|
-
mode: warn # 'warn' or 'strict'
|
|
54
|
+
mode: warn # 'warn' or 'strict' — affects redaction scanning
|
|
39
55
|
strict_redaction: false # if true, blocks entries with sensitive content
|
|
40
56
|
block_sensitive_paths: true
|
|
57
|
+
token_detection:
|
|
58
|
+
enabled: true # turn off all structural + entropy detection
|
|
59
|
+
entropy:
|
|
60
|
+
enabled: true
|
|
61
|
+
min_length: 32 # minimum substring length to consider
|
|
62
|
+
min_entropy: 4.0 # minimum Shannon entropy (bits/char)
|
|
63
|
+
detectors: # per-detector override map; explicit false disables a detector
|
|
64
|
+
aws_access_key: true
|
|
65
|
+
jwt: true
|
|
66
|
+
|
|
67
|
+
redaction:
|
|
68
|
+
enabled: true
|
|
69
|
+
patterns:
|
|
70
|
+
- '(?i)api[_-]?key'
|
|
71
|
+
- '(?i)secret'
|
|
72
|
+
- '(?i)token'
|
|
73
|
+
- '(?i)password'
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## Supply-chain pre-install gate
|
|
77
|
+
|
|
78
|
+
`brainclaw setup-security` enables a preinstall gate that intercepts
|
|
79
|
+
`npm`/`pnpm`/`yarn`/`pip`/`pip3` install commands and asks Socket.dev's
|
|
80
|
+
scoring service whether the requested packages are risky.
|
|
81
|
+
|
|
82
|
+
```
|
|
83
|
+
brainclaw setup-security --mode advisory # default — warn-only
|
|
84
|
+
brainclaw setup-security --mode enforced # block risky installs
|
|
41
85
|
```
|
|
42
86
|
|
|
87
|
+
### Advisory vs enforced
|
|
88
|
+
|
|
89
|
+
The mode determines what happens when the gate decides a package is
|
|
90
|
+
risky:
|
|
91
|
+
|
|
92
|
+
- **advisory** — verdicts are surfaced (printed warning, security trap
|
|
93
|
+
created) but the install is *not* aborted.
|
|
94
|
+
- **enforced** — a `block` verdict aborts the install with a non-zero
|
|
95
|
+
exit code.
|
|
96
|
+
|
|
97
|
+
The mode is read from `security.preinstall.mode` and can be overridden
|
|
98
|
+
per call with `brainclaw check-security --mode <advisory|enforced>`.
|
|
99
|
+
|
|
100
|
+
### Exit codes
|
|
101
|
+
|
|
102
|
+
`brainclaw check-security` emits exit codes that already encode the mode
|
|
103
|
+
decision, so wrapper scripts are mode-agnostic:
|
|
104
|
+
|
|
105
|
+
| Exit | Meaning |
|
|
106
|
+
|------|------------------------------------------------------------|
|
|
107
|
+
| 0 | pass — no risky packages |
|
|
108
|
+
| 1 | warn — advisory-mode block, or warn-threshold verdict |
|
|
109
|
+
| 2 | block — enforced-mode block; the wrapper aborts the install|
|
|
110
|
+
|
|
111
|
+
The wrapper scripts (`<.brainclaw/security/bin>/npm`, `pnpm`, `yarn`,
|
|
112
|
+
`pip`, `pip3` and their `.ps1` counterparts) call the CLI and react
|
|
113
|
+
purely to the exit code, so flipping advisory↔enforced is a config
|
|
114
|
+
change — no regeneration required.
|
|
115
|
+
|
|
116
|
+
### Composite scoring
|
|
117
|
+
|
|
118
|
+
Each package gets five sub-scores from Socket (supply-chain,
|
|
119
|
+
vulnerability, quality, maintenance, license) on a 0–100 scale. The
|
|
120
|
+
gate combines them into a single composite using configurable weights:
|
|
121
|
+
|
|
122
|
+
```yaml
|
|
123
|
+
security:
|
|
124
|
+
preinstall:
|
|
125
|
+
weights:
|
|
126
|
+
supply_chain: 0.35
|
|
127
|
+
vulnerability: 0.30
|
|
128
|
+
quality: 0.15
|
|
129
|
+
maintenance: 0.15
|
|
130
|
+
license: 0.05
|
|
131
|
+
thresholds:
|
|
132
|
+
composite_pass: 70 # composite >= 70 → pass
|
|
133
|
+
composite_warn: 50 # composite >= 50 but < 70 → warn; below → block
|
|
134
|
+
supply_chain_block: 30 # hard block when supply_chain < 30
|
|
135
|
+
vulnerability_block: 20 # hard block when vulnerability < 20
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
Weights are normalized to sum to 1.0 automatically — a config like
|
|
139
|
+
`{ supply_chain: 1, vulnerability: 1 }` is rescaled rather than
|
|
140
|
+
producing composites above 100. Thresholds are clamped to `[0,100]`
|
|
141
|
+
and `composite_warn` is capped at `composite_pass` so the verdict
|
|
142
|
+
function stays monotonic.
|
|
143
|
+
|
|
144
|
+
### Allowlist / denylist
|
|
145
|
+
|
|
146
|
+
```yaml
|
|
147
|
+
security:
|
|
148
|
+
preinstall:
|
|
149
|
+
allowlist:
|
|
150
|
+
- npm:internal-pkg # ecosystem-scoped
|
|
151
|
+
- npm:axios@1.14.0 # exact version pin
|
|
152
|
+
- lodash # bare name — any ecosystem, any version
|
|
153
|
+
denylist:
|
|
154
|
+
- npm:axios@1.14.1 # known-compromised version
|
|
155
|
+
- pypi:bad-pkg
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
Matching is exact on each component. Bare names match by package name
|
|
159
|
+
only; an `ecosystem:` prefix scopes the match to that ecosystem;
|
|
160
|
+
appending `@version` (or `==version` for pip-style) requires an exact
|
|
161
|
+
version. The wildcard `@*` matches any version (useful for explicit
|
|
162
|
+
"any version" entries).
|
|
163
|
+
|
|
164
|
+
This is a hard tightening from the MVP: previously `denylist: ['lodash']`
|
|
165
|
+
matched any package whose purl contained the substring `lodash`, so
|
|
166
|
+
`react-lodash` was silently blocked. The new matcher requires exact
|
|
167
|
+
package-name equality.
|
|
168
|
+
|
|
169
|
+
### Package extraction sources
|
|
170
|
+
|
|
171
|
+
`check-security` can pull the list of packages from three places, which
|
|
172
|
+
may be combined:
|
|
173
|
+
|
|
174
|
+
- `--packages axios,express@1.2.3` — comma-separated specs
|
|
175
|
+
- `--requirements requirements.txt` — pip-style requirements file;
|
|
176
|
+
recursive `-r` includes, env markers, and extras are handled
|
|
177
|
+
- `--lockfile package-lock.json` — npm package-lock (v1, v2, v3);
|
|
178
|
+
scans top-level direct deps and devDeps
|
|
179
|
+
|
|
180
|
+
The wrappers auto-translate `npm install -r foo.txt` → `--requirements`,
|
|
181
|
+
skip filesystem paths and URL specs that aren't registry packages
|
|
182
|
+
(`./local-pkg`, `git+https://…`, `*.tgz`, `*.whl`), and handle the
|
|
183
|
+
common npm/pip flag conventions.
|
|
184
|
+
|
|
185
|
+
### Offline / fetch-error fallback
|
|
186
|
+
|
|
187
|
+
When the Socket call fails (network down, service unreachable), the
|
|
188
|
+
gate uses `security.preinstall.fallback_on_error`:
|
|
189
|
+
|
|
190
|
+
- `block` — fail closed regardless of mode
|
|
191
|
+
- `warn` — surface a warning, continue with whatever cached scores
|
|
192
|
+
exist; if no cache exists the gate exits with code 1
|
|
193
|
+
- `pass` — silent fall-through (the install proceeds)
|
|
194
|
+
|
|
195
|
+
Cached scores have a TTL of `cache_ttl_hours` (default 24) and live
|
|
196
|
+
in `.brainclaw/security/cache.json`.
|
|
197
|
+
|
|
43
198
|
## Recommended stance
|
|
44
199
|
|
|
45
|
-
- do not store secrets
|
|
200
|
+
- do not store secrets — even with detection, the safer move is to never
|
|
201
|
+
write them
|
|
46
202
|
- review what gets committed
|
|
47
203
|
- keep machine-local observations machine-local when appropriate
|
|
48
204
|
- use stricter redaction settings in sensitive environments
|
|
205
|
+
- run `setup-security --mode advisory` first; flip to `enforced` once
|
|
206
|
+
the team has gotten used to the verdicts
|
|
49
207
|
|
|
50
208
|
## Important nuance
|
|
51
209
|
|
|
52
|
-
brainclaw reduces hidden behavior, but it does not remove the need for
|
|
53
|
-
It warns; the team still decides what belongs
|
|
210
|
+
brainclaw reduces hidden behavior, but it does not remove the need for
|
|
211
|
+
operational discipline. It warns; the team still decides what belongs
|
|
212
|
+
in shared memory.
|
package/docs/storage.md
CHANGED
|
@@ -7,7 +7,7 @@ brainclaw is local-first and workspace-centric.
|
|
|
7
7
|
```text
|
|
8
8
|
.brainclaw/
|
|
9
9
|
config.yaml ← Project configuration
|
|
10
|
-
project.md ←
|
|
10
|
+
project.md ← Legacy derived readable view (best-effort, regenerable)
|
|
11
11
|
events.jsonl ← Append-only event log (agent notifications)
|
|
12
12
|
audit.log ← Append-only audit trail (before/after snapshots)
|
|
13
13
|
memory/
|
|
@@ -42,7 +42,9 @@ Benefits:
|
|
|
42
42
|
- isolated corruption (one bad file does not affect others)
|
|
43
43
|
|
|
44
44
|
### Derived views are best-effort
|
|
45
|
-
|
|
45
|
+
`.brainclaw/project.md` is a **legacy derived view** regenerated from canonical state via `rebuildProjectMd()`. It is not a write target and no longer carries live claims, plans, handoffs, or runtime state — use `brainclaw agent-board`, `brainclaw context`, or MCP board/context tools for that operational data.
|
|
46
|
+
|
|
47
|
+
Root `PROJECT.md` is different: it is the durable project vision and should contain stable product, architecture, and contribution guidance that does not expire every session.
|
|
46
48
|
|
|
47
49
|
Failures to regenerate `project.md` are logged but never block mutations. If it gets stale, `brainclaw doctor` detects the drift.
|
|
48
50
|
|