claude-flow-novice 1.3.0 → 1.3.2

package/src/cli/simple-commands/sparc-modes/docs-writer.js

@@ -0,0 +1,38 @@
+// docs-writer.js - Documentation Writer mode orchestration template
+export function getDocsWriterOrchestration(taskDescription, memoryNamespace) {
+  return `
+## Task Orchestration Steps
+
+1. **Documentation Planning** (10 mins)
+   - Understand documentation needs: "${taskDescription}"
+   - Identify target audience
+   - Define documentation structure
+   - List required sections
+   - Store plan: \`npx claude-flow memory store ${memoryNamespace}_doc_plan "..."\`
+
+2. **Content Creation** (25 mins)
+   - Write clear, concise documentation
+   - Include code examples
+   - Add diagrams where helpful
+   - Create API references
+   - Store progress: \`npx claude-flow memory store ${memoryNamespace}_doc_content "..."\`
+
+3. **User Guides** (15 mins)
+   - Create quickstart guide
+   - Write installation instructions
+   - Document common use cases
+   - Add troubleshooting section
+   - Store guides: \`npx claude-flow memory store ${memoryNamespace}_user_guides "..."\`
+
+4. **Review & Polish** (10 mins)
+   - Check for clarity and accuracy
+   - Verify code examples work
+   - Add cross-references
+   - Create table of contents
+
+5. **Deliverables**
+   - README.md with overview
+   - docs/getting-started.md
+   - docs/api-reference.md
+   - docs/troubleshooting.md`;
+}

package/src/cli/simple-commands/sparc-modes/generic.js

@@ -0,0 +1,34 @@
+// generic.js - Generic mode orchestration template
+export function getGenericOrchestration(taskDescription, memoryNamespace) {
+  return `
+## Task Orchestration Steps
+
+1. **Analysis** (10 mins)
+   - Understand the task: "${taskDescription}"
+   - Break down requirements
+   - Identify deliverables
+   - Store analysis: \`npx claude-flow memory store ${memoryNamespace}_analysis "..."\`
+
+2. **Planning** (10 mins)
+   - Create implementation plan
+   - Define milestones
+   - Set up project structure
+   - Store plan: \`npx claude-flow memory store ${memoryNamespace}_plan "..."\`
+
+3. **Implementation** (30 mins)
+   - Execute the main task
+   - Follow best practices
+   - Keep code modular
+   - Store progress: \`npx claude-flow memory store ${memoryNamespace}_implementation "..."\`
+
+4. **Validation** (10 mins)
+   - Test the solution
+   - Verify requirements met
+   - Document the work
+   - Store validation: \`npx claude-flow memory store ${memoryNamespace}_validation "..."\`
+
+5. **Deliverables**
+   - Completed implementation
+   - Documentation
+   - Test results`;
+}

package/src/cli/simple-commands/sparc-modes/index.js

@@ -0,0 +1,201 @@
+// index.js - SPARC mode orchestration loader
+import { getArchitectOrchestration } from './architect.js';
+import { getCodeOrchestration } from './code.js';
+import { getTddOrchestration } from './tdd.js';
+import { getDebugOrchestration } from './debug.js';
+import { getSecurityReviewOrchestration } from './security-review.js';
+import { getDocsWriterOrchestration } from './docs-writer.js';
+import { getIntegrationOrchestration } from './integration.js';
+import { getMonitoringOrchestration } from './monitoring.js';
+import { getOptimizationOrchestration } from './optimization.js';
+import { getSupabaseAdminOrchestration } from './supabase-admin.js';
+import { getSpecPseudocodeOrchestration } from './spec-pseudocode.js';
+import { getMcpOrchestration } from './mcp.js';
+import { getDevOpsOrchestration } from './devops.js';
+import { getAskOrchestration } from './ask.js';
+import { getTutorialOrchestration } from './tutorial.js';
+import { getSparcOrchestratorOrchestration } from './sparc-orchestrator.js';
+import { getGenericOrchestration } from './generic.js';
+import { getSwarmOrchestration } from './swarm.js';
+
+// Mode orchestration mapping
+const modeOrchestrations = {
+  architect: getArchitectOrchestration,
+  code: getCodeOrchestration,
+  tdd: getTddOrchestration,
+  debug: getDebugOrchestration,
+  'security-review': getSecurityReviewOrchestration,
+  'docs-writer': getDocsWriterOrchestration,
+  integration: getIntegrationOrchestration,
+  'post-deployment-monitoring-mode': getMonitoringOrchestration,
+  'refinement-optimization-mode': getOptimizationOrchestration,
+  'supabase-admin': getSupabaseAdminOrchestration,
+  'spec-pseudocode': getSpecPseudocodeOrchestration,
+  mcp: getMcpOrchestration,
+  devops: getDevOpsOrchestration,
+  ask: getAskOrchestration,
+  tutorial: getTutorialOrchestration,
+  sparc: getSparcOrchestratorOrchestration,
+  swarm: getSwarmOrchestration,
+};
+
+/**
+ * Get orchestration template for a specific mode
+ * @param {string} modeSlug - The mode slug identifier
+ * @param {string} taskDescription - The task description
+ * @param {string} memoryNamespace - The memory namespace
+ * @returns {string} The orchestration template
+ */
+export function getModeOrchestration(modeSlug, taskDescription, memoryNamespace) {
+  const orchestrationFunction = modeOrchestrations[modeSlug];
+
+  if (orchestrationFunction) {
+    return orchestrationFunction(taskDescription, memoryNamespace);
+  }
+
+  // Return generic orchestration for unknown modes
+  return getGenericOrchestration(taskDescription, memoryNamespace);
+}
+
+/**
+ * Get the base SPARC prompt template
+ * @param {Object} mode - The mode configuration
+ * @param {string} taskDescription - The task description
+ * @param {string} memoryNamespace - The memory namespace
+ * @returns {string} The complete SPARC prompt
+ */
+export function createSparcPrompt(mode, taskDescription, memoryNamespace) {
+  const orchestration = getModeOrchestration(mode.slug, taskDescription, memoryNamespace);
+  // Get the actual working directory where the command was run from
+  const cwd = process.env.PWD || process.cwd();
+
+  return `# ${mode.name} - Task Execution
+
+## 🎯 Your Mission
+Build exactly what the user requested: "${taskDescription}"
+
+## 📁 IMPORTANT: Project Directory
+**Current Working Directory:** ${cwd}
+
+⚠️ **CRITICAL INSTRUCTIONS:**
+- Create ALL project files in the current working directory: ${cwd}
+- NEVER create files in node_modules/ or any claude-flow directories
+- If the task specifies a project name (e.g., "hello-world"), create it as a subdirectory in ${cwd}
+- Use paths relative to ${cwd} for all file operations
+- Example: If creating "hello-world" app, use ${cwd}/hello-world/
+
+## 🚀 Your Role
+${mode.roleDefinition}
+
+${orchestration}
+
+## 📋 Mode-Specific Guidelines
+${mode.customInstructions}
+
+## 🛠️ Claude-Flow Integration
+
+### Memory Operations
+Use the memory system to track your progress and share context:
+
+\`\`\`bash
+# Store your work
+npx claude-flow memory store ${memoryNamespace}_<phase> "description of work completed"
+
+# Query previous work
+npx claude-flow memory query ${memoryNamespace}
+
+# Examples for this task
+npx claude-flow memory store ${memoryNamespace}_analysis "Analyzed ${taskDescription} - found X components needed"
+npx claude-flow memory store ${memoryNamespace}_progress "Completed Y% of implementation"
+npx claude-flow memory store ${memoryNamespace}_blockers "Issue with Z - need clarification"
+\`\`\`
+
+### Task Orchestration
+For complex tasks, coordinate with other specialists:
+
+\`\`\`bash
+# Check system status
+npx claude-flow status
+
+# View active agents (if --parallel was used)
+npx claude-flow agent list
+
+# Monitor progress
+npx claude-flow monitor
+\`\`\`
+
+### 🚀 Parallel Execution with BatchTool
+Use BatchTool to orchestrate multiple SPARC modes concurrently in a boomerang pattern:
+
+\`\`\`bash
+# Example: Parallel development workflow
+batchtool run --parallel \\
+  "npx claude-flow sparc run architect 'design user authentication system' --non-interactive" \\
+  "npx claude-flow sparc run security-review 'analyze authentication requirements' --non-interactive" \\
+  "npx claude-flow sparc run spec-pseudocode 'create auth flow pseudocode' --non-interactive"
+
+# Boomerang Pattern: Research → Design → Implement → Test → Refine
+batchtool orchestrate --boomerang \\
+  --phase1 "npx claude-flow sparc run ask 'research best auth practices' --non-interactive" \\
+  --phase2 "npx claude-flow sparc run architect 'design based on research' --non-interactive" \\
+  --phase3 "npx claude-flow sparc run code 'implement auth system' --non-interactive" \\
+  --phase4 "npx claude-flow sparc run tdd 'test auth implementation' --non-interactive" \\
+  --phase5 "npx claude-flow sparc run optimization 'refine auth performance' --non-interactive"
+
+# Concurrent Feature Development
+batchtool run --concurrent --max-parallel 3 \\
+  "npx claude-flow sparc run code 'implement login feature' --non-interactive" \\
+  "npx claude-flow sparc run code 'implement registration feature' --non-interactive" \\
+  "npx claude-flow sparc run code 'implement password reset' --non-interactive" \\
+  "npx claude-flow sparc run tdd 'create auth test suite' --non-interactive"
+\`\`\`
+
+#### Boomerang Orchestration Pattern
+The boomerang pattern allows for iterative development where results from one phase inform the next:
+1. **Research Phase**: Gather requirements and best practices
+2. **Design Phase**: Create architecture based on research
+3. **Implementation Phase**: Build according to design
+4. **Testing Phase**: Validate implementation
+5. **Refinement Phase**: Optimize based on test results
+6. **Loop Back**: Results feed back to improve the cycle
+
+Benefits of --non-interactive mode with BatchTool:
+- No manual intervention required
+- Parallel execution of independent tasks
+- Automatic result collection and aggregation
+- Progress tracking across all concurrent operations
+- Efficient resource utilization
+
+## ⚡ Execution Guidelines
+
+1. **Focus on User's Project**
+   - Build what they asked for, not improvements to claude-flow
+   - Create files ONLY in the current working directory: ${cwd}
+   - NEVER create files in node_modules/ or system directories
+   - If creating a named project, make it a subdirectory of ${cwd}
+   - Use appropriate project structure relative to ${cwd}
+
+2. **Directory Rules**
+   - Current directory: ${cwd}
+   - Create new projects as: ${cwd}/<project-name>/
+   - Use relative paths from ${cwd} for all operations
+   - Verify you're in the correct directory before creating files
+
+3. **Quality Standards**
+   - Keep all files under 500 lines
+   - Never hardcode secrets or credentials
+   - Use environment variables and config files
+   - Write clean, maintainable code
+
+4. **Communication**
+   - Store progress updates in memory
+   - Document key decisions
+   - Ask for clarification if needed
+   - Provide clear status updates
+
+## 🏁 Start Execution
+
+Begin with Step 1 of the orchestration plan above. Focus on delivering exactly what was requested: "${taskDescription}"
+
+Remember: You're building the user's project, using claude-flow only for memory and orchestration support.`;
+}

package/src/cli/simple-commands/sparc-modes/integration.js

@@ -0,0 +1,55 @@
+// integration.js - System Integrator mode orchestration template
+export function getIntegrationOrchestration(taskDescription, memoryNamespace) {
+  return `
+## Task Orchestration Steps
+
+1. **Integration Analysis** (10 mins)
+   - Review integration requirements: "${taskDescription}"
+   - Identify components to connect
+   - Map data flows between systems
+   - Check compatibility requirements
+   - Store analysis: \`npx claude-flow memory store ${memoryNamespace}_integration_analysis "..."\`
+
+2. **Interface Development** (20 mins)
+   - Create integration adapters
+   - Implement data transformers
+   - Build connection handlers
+   - Add retry mechanisms
+   - Store interfaces: \`npx claude-flow memory store ${memoryNamespace}_interfaces "..."\`
+
+3. **System Connection** (20 mins)
+   - Wire up components
+   - Configure communication channels
+   - Implement error handling
+   - Add monitoring hooks
+   - Store configuration: \`npx claude-flow memory store ${memoryNamespace}_connections "..."\`
+
+4. **End-to-End Testing** (15 mins)
+   - Test data flow scenarios
+   - Verify error handling
+   - Check performance metrics
+   - Validate data integrity
+
+5. **Directory Safety**
+   - **IMPORTANT**: All integration files should be created in the current working directory
+   - **DO NOT** create files in system directories or node_modules
+   - For named projects, create a subdirectory: \`mkdir project-name && cd project-name\`
+   - Use relative paths from your working directory
+   - Suggested structure for integration code:
+     \`\`\`
+     ./ (current directory)
+     ├── integrations/
+     │   ├── adapters/
+     │   ├── transformers/
+     │   └── handlers/
+     ├── config/
+     └── tests/
+         └── integration/
+     \`\`\`
+
+6. **Deliverables**
+   - Integration layer code
+   - Configuration templates
+   - Integration test suite
+   - Deployment guide`;
+}

package/src/cli/simple-commands/sparc-modes/mcp.js

@@ -0,0 +1,38 @@
+// mcp.js - MCP Integration mode orchestration template
+export function getMcpOrchestration(taskDescription, memoryNamespace) {
+  return `
+## Task Orchestration Steps
+
+1. **Integration Planning** (10 mins)
+   - Understand integration needs: "${taskDescription}"
+   - Identify MCP endpoints
+   - Review API documentation
+   - Plan data mappings
+   - Store plan: \`npx claude-flow memory store ${memoryNamespace}_mcp_plan "..."\`
+
+2. **Connection Setup** (15 mins)
+   - Configure MCP servers
+   - Set up authentication
+   - Test connectivity
+   - Implement error handling
+   - Store config: \`npx claude-flow memory store ${memoryNamespace}_mcp_config "..."\`
+
+3. **Data Integration** (20 mins)
+   - Implement data transformers
+   - Create API wrappers
+   - Add validation layers
+   - Build retry mechanisms
+   - Store integration: \`npx claude-flow memory store ${memoryNamespace}_mcp_integration "..."\`
+
+4. **Testing & Validation** (15 mins)
+   - Test all endpoints
+   - Verify data accuracy
+   - Check error scenarios
+   - Monitor performance
+
+5. **Deliverables**
+   - MCP integration code
+   - Configuration files
+   - API documentation
+   - Integration tests`;
+}

package/src/cli/simple-commands/sparc-modes/monitoring.js

@@ -0,0 +1,38 @@
+// monitoring.js - Deployment Monitor mode orchestration template
+export function getMonitoringOrchestration(taskDescription, memoryNamespace) {
+  return `
+## Task Orchestration Steps
+
+1. **Monitoring Setup** (15 mins)
+   - Define monitoring scope: "${taskDescription}"
+   - Identify key metrics
+   - Set up logging infrastructure
+   - Configure alerting rules
+   - Store setup: \`npx claude-flow memory store ${memoryNamespace}_monitoring_setup "..."\`
+
+2. **Metric Collection** (20 mins)
+   - Implement performance metrics
+   - Add business metrics
+   - Set up error tracking
+   - Configure uptime monitoring
+   - Store metrics: \`npx claude-flow memory store ${memoryNamespace}_metrics "..."\`
+
+3. **Dashboard Creation** (15 mins)
+   - Build monitoring dashboards
+   - Create alert configurations
+   - Set up automated reports
+   - Document metric meanings
+   - Store dashboards: \`npx claude-flow memory store ${memoryNamespace}_dashboards "..."\`
+
+4. **Baseline Establishment** (10 mins)
+   - Collect initial metrics
+   - Define normal ranges
+   - Set alert thresholds
+   - Document SLIs/SLOs
+
+5. **Deliverables**
+   - Monitoring configuration
+   - Dashboard definitions
+   - Alert rules
+   - Ops runbook`;
+}

package/src/cli/simple-commands/sparc-modes/optimization.js

@@ -0,0 +1,38 @@
+// optimization.js - Optimizer mode orchestration template
+export function getOptimizationOrchestration(taskDescription, memoryNamespace) {
+  return `
+## Task Orchestration Steps
+
+1. **Performance Analysis** (15 mins)
+   - Analyze optimization needs: "${taskDescription}"
+   - Profile current performance
+   - Identify bottlenecks
+   - Review code quality metrics
+   - Store analysis: \`npx claude-flow memory store ${memoryNamespace}_performance_analysis "..."\`
+
+2. **Refactoring Plan** (10 mins)
+   - Prioritize improvements
+   - Plan refactoring approach
+   - Identify quick wins
+   - Estimate impact
+   - Store plan: \`npx claude-flow memory store ${memoryNamespace}_refactor_plan "..."\`
+
+3. **Code Optimization** (25 mins)
+   - Refactor large files (>500 lines)
+   - Optimize algorithms
+   - Improve data structures
+   - Enhance caching strategies
+   - Store changes: \`npx claude-flow memory store ${memoryNamespace}_optimizations "..."\`
+
+4. **Validation** (10 mins)
+   - Run performance benchmarks
+   - Verify functionality preserved
+   - Check test coverage
+   - Document improvements
+
+5. **Deliverables**
+   - Optimized codebase
+   - Performance metrics
+   - Refactoring documentation
+   - Best practices guide`;
+}

package/src/cli/simple-commands/sparc-modes/security-review.js

@@ -0,0 +1,130 @@
+// security-review.js - Security Reviewer mode orchestration template
+export function getSecurityReviewOrchestration(taskDescription, memoryNamespace) {
+  return `
+## Task Orchestration Steps
+
+1. **Security Audit Scope Definition** (10 mins)
+   - Define audit boundaries for: "${taskDescription}"
+   - Query system architecture and sensitive areas:
+     \`\`\`bash
+     npx claude-flow memory query ${memoryNamespace}_architecture
+     npx claude-flow memory query ${memoryNamespace}_auth
+     npx claude-flow memory query ${memoryNamespace}_config
+     \`\`\`
+   - Identify critical assets:
+     - User data and PII
+     - Authentication tokens/sessions
+     - API keys and credentials
+     - Payment/financial data
+   - Map data flows and trust boundaries
+   - List all external interfaces and integrations
+   - Review authentication/authorization points
+   - Store scope: \`npx claude-flow memory store ${memoryNamespace}_security_scope "Audit scope: ${taskDescription}. Critical assets: user PII, JWT tokens, payment data. External interfaces: REST API, webhooks, third-party integrations."\`
+
+2. **Static Security Analysis** (20 mins)
+   - Scan for hardcoded secrets and credentials:
+     - Check all code files for API keys, passwords
+     - Verify .env files are properly gitignored
+     - Ensure no secrets in logs or error messages
+   - Review environment configuration:
+     - Check for direct env coupling
+     - Verify secrets management approach
+     - Ensure config files don't expose sensitive data
+   - Analyze authentication/authorization:
+     - Review JWT implementation
+     - Check session management
+     - Verify role-based access control
+   - Inspect input validation and sanitization:
+     - SQL injection prevention
+     - XSS protection
+     - Command injection safeguards
+   - Check cryptographic implementations:
+     - Password hashing (bcrypt/scrypt/argon2)
+     - Data encryption at rest/transit
+     - Secure random number generation
+   - Audit file size compliance (< 500 lines)
+   - Review dependency vulnerabilities:
+     \`\`\`bash
+     npm audit
+     \`\`\`
+   - Store findings: \`npx claude-flow memory store ${memoryNamespace}_vulnerabilities "Critical: 2 hardcoded API keys found. High: Missing input validation in user-controller. Medium: Outdated JWT library. Low: Verbose error messages expose stack traces."\`
+
+3. **Dynamic Security Analysis** (10 mins)
+   - Test authentication flows:
+     - Login/logout sequences
+     - Password reset process
+     - Token refresh mechanisms
+   - Check authorization boundaries:
+     - Test role-based access
+     - Verify resource ownership checks
+     - Test privilege escalation vectors
+   - Analyze rate limiting and DoS protection
+   - Review CORS and CSP policies
+   - Test error handling for information leakage
+   - Store dynamic findings: \`npx claude-flow memory store ${memoryNamespace}_dynamic_findings "Auth bypass: None found. Rate limiting: Missing on login endpoint. CORS: Overly permissive. Error handling: Leaks database schema in dev mode."\`
+
+4. **Risk Assessment & Prioritization** (15 mins)
+   - Categorize findings by severity (CVSS scores):
+     - Critical (9.0-10.0): Immediate action required
+     - High (7.0-8.9): Fix before deployment
+     - Medium (4.0-6.9): Fix in next sprint
+     - Low (0.1-3.9): Track for future
+   - Assess potential business impact:
+     - Data breach consequences
+     - Compliance violations (GDPR, PCI-DSS)
+     - Reputation damage
+   - Calculate risk scores (likelihood × impact)
+   - Prioritize remediation efforts
+   - Document attack vectors and exploit scenarios
+   - Store assessment: \`npx claude-flow memory store ${memoryNamespace}_risk_assessment "Critical risks: 2 (hardcoded secrets, missing auth on admin endpoints). High risks: 3 (outdated deps, missing rate limiting, weak session management). Compliance impact: GDPR violation risk due to logging PII."\`
+
+5. **Remediation Plan & Implementation** (10 mins)
+   - Create specific fix recommendations:
+     - Move secrets to environment variables
+     - Implement proper secrets management (Vault/AWS Secrets Manager)
+     - Add comprehensive input validation
+     - Update vulnerable dependencies
+     - Implement rate limiting
+     - Fix authorization checks
+   - Suggest security enhancements:
+     - Add security headers (HSTS, CSP, X-Frame-Options)
+     - Implement audit logging
+     - Add intrusion detection
+     - Set up security monitoring
+   - Create security checklist for future development
+   - Implement critical fixes if authorized
+   - Store plan: \`npx claude-flow memory store ${memoryNamespace}_remediation_plan "Immediate: Remove hardcoded secrets, fix auth bypass. Next sprint: Implement rate limiting, update dependencies. Future: Add WAF, implement SIEM integration."\`
+
+## Deliverables
+- security-audit-report.md:
+  - Executive summary
+  - Detailed findings with CVSS scores
+  - Risk assessment matrix
+  - Compliance gaps
+- remediation-plan.md:
+  - Prioritized fix list
+  - Implementation guidelines
+  - Timeline recommendations
+- security-checklist.md:
+  - Pre-deployment security checks
+  - Code review guidelines
+  - Security testing procedures
+- Fixed code (for critical issues):
+  - Removed hardcoded secrets
+  - Added input validation
+  - Fixed authorization gaps
+
+## Security Review Standards
+- OWASP Top 10 compliance
+- SANS CWE Top 25 coverage
+- Industry-specific requirements (PCI-DSS, HIPAA, etc.)
+- Zero tolerance for hardcoded secrets
+- All files must be < 500 lines for maintainability
+- Comprehensive logging without exposing sensitive data
+
+## Next Steps
+After security review:
+- \`npx claude-flow sparc run code "Implement security remediation plan" --non-interactive\`
+- \`npx claude-flow sparc run tdd "Write security test cases" --non-interactive\`
+- \`npx claude-flow sparc run post-deployment-monitoring-mode "Set up security monitoring and alerts" --non-interactive\``;
+}