claude-flow-novice 2.14.28 → 2.14.29

package/.claude/commands/CFN_LOOP_TASK_MODE.md

@@ -35,6 +35,125 @@ Task Mode: Main Chat coordinates directly and spawns agents via Task() tool with
 
 ---
 
+## ANTI-023 Memory Leak Protection (v2.14.28)
+
+**Critical Fix**: Prevents Task Mode agents from executing CLI coordination scripts that cause memory leaks.
+
+### Three-Layer Defense System
+
+#### Layer 1: Agent Documentation
+**Task Mode agents use mode-specific completion protocols:**
+```markdown
+## ⚠️ CRITICAL: Mode-Specific Completion Protocol
+
+**Task Mode (95%):** Spawned via `Task("agent", "...")` in Main Chat
+- Return structured JSON output directly
+- ❌ DO NOT: Use Redis commands, bash scripts, CLI tools
+- ✅ Main Chat receives output automatically
+
+**CLI Mode (5%):** Spawned via `npx claude-flow-novice agent-spawn`
+- Use Redis signals and completion scripts
+- ✅ CLI coordination allowed
+```
+
+#### Layer 2: Agent-Level Detection
+**Automatic detection functions prevent CLI usage:**
+```bash
+detect_task_mode_and_exit() {
+  if [[ -z "${TASK_ID:-}" || -z "${AGENT_ID:-}" ]]; then
+    echo "❌ TASK MODE DETECTED - CLI commands forbidden"
+    exit 1
+  fi
+}
+```
+
+#### Layer 3: Code-Level Runtime Blocking
+**Coordination scripts include early exit checks:**
+```bash
+# ⚠️ ANTI-023 MEMORY LEAK PROTECTION
+if [[ -z "${TASK_ID:-}" || -z "${AGENT_ID:-}" ]]; then
+    echo "❌ TASK MODE DETECTED - Redis coordination forbidden"
+    exit 1
+fi
+```
+
+### Memory Impact Resolution
+- **Before Fix**: Up to 23GB memory consumption per hanging agent
+- **After Fix**: <100MB normal usage with complete audit trails
+- **Detection Logic**: Environment variable presence indicates spawn mode
+
+---
+
+## Audit Trail Architecture (New v2.14.28)
+
+### Dual-Mode Storage System
+
+**Design Principle**: Both Task Mode and CLI Mode create complete audit trails for compliance and debugging.
+
+#### Task Mode Storage (Main Chat Managed)
+```bash
+# After Task Mode agent completion, Main Chat stores audit data
+./.claude/skills/cfn-task-audit/store-task-audit.sh \
+  --task-id "$TASK_ID" \
+  --agent-type "$AGENT_TYPE" \
+  --output "$AGENT_OUTPUT" \
+  --mode "Task"
+```
+
+**Storage Locations:**
+- **Redis**: Fast access (`swarm:${TASK_ID}:${AGENT_TYPE}:audit`)
+- **SQLite**: Permanent audit trail (`agent_audit` table)
+- **Files**: Structured logs (`.claude/logs/task-audit/`)
+
+#### CLI Mode Storage (Agent Managed)
+```bash
+# CLI agents continue using existing Redis coordination
+redis-cli HSET "swarm:${TASK_ID}:${AGENT_ID}:result" \
+  "decision" "$DECISION" \
+  "mode" "CLI"
+```
+
+### Combined Audit Retrieval
+```bash
+# Retrieve complete audit trail from both modes
+get-audit-data.sh --task-id "$TASK_ID" --mode "combined"
+
+# Returns unified decision data:
+{
+  "task_mode_data": [...],
+  "cli_mode_data": [...],
+  "complete_audit_trail": true,
+  "execution_summary": {...}
+}
+```
+
+### Audit Data Structure
+```json
+{
+  "task_id": "task-123",
+  "agent_type": "reviewer",
+  "decision": "PROCEED",
+  "reasoning": "Code meets quality standards",
+  "confidence": 0.92,
+  "mode": "Task|CLI",
+  "deliverables": ["file.ts", "test.ts"],
+  "timestamp": "2025-11-06T15:30:00Z",
+  "metadata": {
+    "stored_via": "store-task-audit.sh",
+    "version": "1.0.0"
+  }
+}
+```
+
+### Benefits
+- **✅ Complete Coverage**: Both execution modes fully audited
+- **✅ Memory Safe**: ANTI-023 protection maintained
+- **✅ Compliance Ready**: Full audit trail for enterprise requirements
+- **✅ Debugging Support**: Replay capability for complex issues
+- **✅ Performance**: Fast Redis access + persistent SQLite storage
+
+---
+
 ## Agent Specialization
 
 ### Loop 3 (Implementation)

package/.claude/skills/cfn-agent-spawning/spawn-agent.sh

@@ -5,6 +5,18 @@
 
 set -euo pipefail
 
+
+# ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Environment Sanitization
+# Load and apply environment sanitization to prevent memory leaks
+# shellcheck source=../cfn-environment-sanitization/sanitize-environment.sh
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+if [[ -f "$SCRIPT_DIR/../cfn-environment-sanitization/sanitize-environment.sh" ]]; then
+    source "$SCRIPT_DIR/../cfn-environment-sanitization/sanitize-environment.sh" --strict
+    echo "✅ Agent spawning environment sanitized" >&2
+else
+    echo "⚠️ Environment sanitization not available - proceeding without protection" >&2
+fi
+
 # ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Block Task Mode agents
 # Task Mode agents spawn via Task() tool and should NOT use agent spawning CLI
 if [[ -z "${1:-}" || -z "${TASK_ID:-}" ]]; then

package/.claude/skills/cfn-agent-spawning/spawn-agent.sh.backup

@@ -0,0 +1,273 @@
+#!/bin/bash
+
+# Agent Spawning CLI Wrapper
+# Enables agents to spawn other agents or stop existing agents via simple CLI interface
+
+set -euo pipefail
+
+# ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Block Task Mode agents
+# Task Mode agents spawn via Task() tool and should NOT use agent spawning CLI
+if [[ -z "${1:-}" || -z "${TASK_ID:-}" ]]; then
+    echo "❌ TASK MODE DETECTED - Agent spawning CLI forbidden" >&2
+    echo "🚨 ANTI-023: This script is for CLI-spawned coordinators only" >&2
+    echo "💡 Task Mode agent spawning should be handled directly by Main Chat" >&2
+    echo "🔧 Agent spawned via Task() tool - use Task() tool for spawning instead" >&2
+    exit 1
+fi
+
+# ============================================================================
+# LOGGING FUNCTIONS
+# ============================================================================
+log_error() {
+    echo "[ERROR] $*" >&2
+}
+
+log_warning() {
+    echo "[WARNING] $*" >&2
+}
+
+log_info() {
+    echo "[INFO] $*"
+}
+
+# ============================================================================
+# DEPENDENCY CHECKS
+# ============================================================================
+
+check_dependencies() {
+  local missing_deps=()
+
+  # Check bash version
+  if [[ "${BASH_VERSINFO[0]}" -lt 4 ]]; then
+    missing_deps+=("bash>=4.0")
+  fi
+
+  # Check required command-line tools
+  local required_tools=("npx" "node" "grep" "sed")
+  for tool in "${required_tools[@]}"; do
+    if ! command -v "$tool" &> /dev/null; then
+      missing_deps+=("$tool")
+    fi
+  done
+
+  # Check required Node.js modules
+  local node_modules=(
+    "redis"
+    "dotenv"
+  )
+
+  for module in "${node_modules[@]}"; do
+    if [[ ! -d "node_modules/$module" ]]; then
+      missing_deps+=("$module")
+    fi
+  done
+
+  # Specific Claude Flow dependencies
+  local claude_deps=(
+    "Task tool"
+    "session-manager.js"
+    "redis-coordination scripts"
+  )
+
+  # Use current directory as PROJECT_ROOT if not set
+  PROJECT_ROOT="${PROJECT_ROOT:-$(pwd)}"
+
+  for dep in "${claude_deps[@]}"; do
+    if [[ ! -d "$PROJECT_ROOT/.claude" ]]; then
+      missing_deps+=("$dep")
+    fi
+  done
+
+  # Report missing dependencies
+  if [[ ${#missing_deps[@]} -gt 0 ]]; then
+    log_error "Missing Dependencies:"
+    for dep in "${missing_deps[@]}"; do
+      echo "  - $dep"
+    done
+
+    log_warning "Recommended Installation:"
+    echo "  1. Install Node.js and npm (latest LTS version)"
+    echo "  2. Run: npm install redis dotenv"
+    echo "  3. Clone Claude Flow Novice repository"
+
+    exit 1
+  fi
+}
+
+# ============================================================================
+# AGENT SPAWNING FUNCTIONS
+# ============================================================================
+
+# Spawn agents via CLI
+spawn_agents() {
+  local task="$1"
+  local agents="$2"
+  local agent_id="${3:-main}"
+  local provider="${4:-zai}"
+  local redis_channel="${5:-}"
+
+  log_info "Spawning agents: $agents"
+  log_info "Task: $task"
+
+  # Build spawn command
+  local spawn_cmd="npx claude-flow-spawn \"$task\" --agents=$agents --provider=$provider"
+
+  # Add optional Redis channel
+  if [[ -n "$redis_channel" ]]; then
+    spawn_cmd="$spawn_cmd --redis-channel=$redis_channel"
+  fi
+
+  # Execute spawn
+  eval "$spawn_cmd"
+  local exit_code=$?
+
+  if [[ $exit_code -eq 0 ]]; then
+    log_info "Agents spawned successfully"
+  else
+    log_error "Failed to spawn agents (exit code: $exit_code)"
+    exit $exit_code
+  fi
+}
+
+# Stop agent by task ID
+stop_agent() {
+  local task_id="$1"
+
+  log_info "Stopping agent: $task_id"
+  npx claude-flow-spawn --stop="$task_id"
+
+  if [[ $? -eq 0 ]]; then
+    log_info "Agent stopped successfully"
+  else
+    log_error "Failed to stop agent"
+    exit 1
+  fi
+}
+
+# Stop all agents
+stop_all_agents() {
+  log_info "Stopping all agents"
+  npx claude-flow-spawn --stop-all
+
+  if [[ $? -eq 0 ]]; then
+    log_info "All agents stopped"
+  else
+    log_error "Failed to stop all agents"
+    exit 1
+  fi
+}
+
+# Configuration handler function
+handle_config() {
+  local action="$1"
+  local key="${2:-}"
+  local value="${3:-}"
+
+  case "$action" in
+    list)
+      # Placeholder: List configuration (modify as needed)
+      echo "redis_host=localhost"
+      echo "redis_port=6379"
+      ;;
+    get)
+      # Placeholder: Return config value (modify as needed)
+      case "$key" in
+        redis_host)
+          echo "localhost"
+          ;;
+        *)
+          log_error "Unknown config key: $key"
+          exit 1
+          ;;
+      esac
+      ;;
+    set)
+      # Placeholder: Set config value (modify as needed)
+      log_info "Setting $key to $value"
+      ;;
+    *)
+      log_error "Invalid config action: $action"
+      exit 1
+      ;;
+  esac
+}
+
+# Main function to include dependency check and argument parsing
+main() {
+  check_dependencies  # Dependency check before processing
+
+  # Parse arguments
+  case "${1:-}" in
+    --check-dependencies)
+      log_info "Dependencies checked successfully"
+      ;;
+    --config)
+      shift
+      handle_config "$@"
+      ;;
+    --task)
+      shift
+      local task="$1"
+      shift
+      local agents=""
+      local agent_id="main"
+      local provider="zai"
+      local redis_channel=""
+
+      # Parse remaining arguments
+      while [[ $# -gt 0 ]]; do
+        case "$1" in
+          --agents)
+            agents="$2"
+            shift 2
+            ;;
+          --agent-id)
+            agent_id="$2"
+            shift 2
+            ;;
+          --provider)
+            provider="$2"
+            shift 2
+            ;;
+          --redis-channel)
+            redis_channel="$2"
+            shift 2
+            ;;
+          *)
+            log_error "Unknown argument: $1"
+            exit 1
+            ;;
+        esac
+      done
+
+      # Validate required arguments
+      if [[ -z "$task" ]] || [[ -z "$agents" ]]; then
+        log_error "Missing required arguments: --task and --agents"
+        exit 1
+      fi
+
+      # Spawn agents
+      spawn_agents "$task" "$agents" "$agent_id" "$provider" "$redis_channel"
+      ;;
+    --stop)
+      shift
+      stop_agent "$1"
+      ;;
+    --stop-all)
+      stop_all_agents
+      ;;
+    *)
+      log_error "Unknown argument: $1"
+      echo "Usage:"
+      echo "  spawn-agent.sh --task \"Task description\" --agents coder,tester [--provider zai] [--redis-channel channel]"
+      echo "  spawn-agent.sh --stop <task-id>"
+      echo "  spawn-agent.sh --stop-all"
+      echo "  spawn-agent.sh --check-dependencies"
+      echo "  spawn-agent.sh --config list|get|set"
+      exit 1
+      ;;
+  esac
+}
+
+# Run main function
+main "$@"

package/.claude/skills/cfn-hybrid-routing/README.md

@@ -20,7 +20,7 @@ Refer to `config.json` for detailed routing configuration parameters.
 
 ### Spawning Workers
 ```bash
-./spawn-worker.sh
+./scripts/spawn-worker.sh
 ```
 
 ### Dependency Check

package/.claude/skills/cfn-loop-orchestration/orchestrate.sh

@@ -21,6 +21,10 @@
 
 set -euo pipefail
 
+# Determine PROJECT_ROOT first before any other operations
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
 # ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Block Task Mode agents
 # Task Mode agents spawn via Task() tool and should NOT use orchestration scripts
 if [[ -z "${TASK_ID:-}" || -z "${LOOP3_AGENTS:-}" ]]; then
@@ -31,14 +35,39 @@ if [[ -z "${TASK_ID:-}" || -z "${LOOP3_AGENTS:-}" ]]; then
     exit 1
 fi
 
+# ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Environment Sanitization
+# Load and apply environment sanitization to prevent memory leaks
+if [[ -f "$PROJECT_ROOT/.claude/skills/cfn-task-mode-sanitize/task-mode-env-sanitizer.sh" ]]; then
+    source "$PROJECT_ROOT/.claude/skills/cfn-task-mode-sanitize/task-mode-env-sanitizer.sh"
+    sanitize_task_mode_environment "cli"
+    echo "✅ Environment sanitization applied" >&2
+else
+    echo "⚠️ Environment sanitization not available - proceeding without protection" >&2
+fi
+
+# ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Process Instrumentation
+# Load process instrumentation and monitoring for the orchestrator
+if [[ -f "$PROJECT_ROOT/.claude/skills/cfn-validation-runner-instrumentation/wrapped-executor.sh" ]]; then
+    source "$PROJECT_ROOT/.claude/skills/cfn-validation-runner-instrumentation/wrapped-executor.sh"
+    echo "✅ Orchestrator process instrumentation enabled" >&2
+else
+    echo "⚠️ Process instrumentation not available - proceeding without monitoring" >&2
+fi
+
+# ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Environment Configuration
+# Set stabilization environment variables with sensible defaults
+export CFN_VALIDATION_TIMEOUT="${CFN_VALIDATION_TIMEOUT:-300}"   # 5 minutes
+export CFN_MEMORY_LIMIT="${CFN_MEMORY_LIMIT:-2048}"              # 2GB memory limit
+export CFN_CPU_LIMIT="${CFN_CPU_LIMIT:-80}"                      # 80% CPU limit
+export CFN_TELEMETRY_DIR="${CFN_TELEMETRY_DIR:-$PROJECT_ROOT/.artifacts/telemetry}"
+mkdir -p "$CFN_TELEMETRY_DIR"
+
 # Load security utilities
 # shellcheck source=./security_utils.sh
 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/security_utils.sh"
 
-# Determine script directory
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 HELPERS_DIR="$SCRIPT_DIR/helpers"
-PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)" && REDIS_COORD_SKILL="$PROJECT_ROOT/.claude/skills/cfn-redis-coordination"
+REDIS_COORD_SKILL="$PROJECT_ROOT/.claude/skills/cfn-redis-coordination"
 
 # Configuration
 TASK_ID=""
@@ -250,6 +279,16 @@ if [ -z "$TASK_ID" ] || [ -z "$LOOP3_AGENTS" ] || [ -z "$LOOP2_AGENTS" ] || [ -z
   exit 1
 fi
 
+# ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Process Instrumentation
+# Load process instrumentation and monitoring for the orchestrator
+# shellcheck source=../cfn-process-instrumentation/instrument-process.sh
+if [[ -f "$PROJECT_ROOT/.claude/skills/cfn-process-instrumentation/instrument-process.sh" ]]; then
+    source "$PROJECT_ROOT/.claude/skills/cfn-process-instrumentation/instrument-process.sh"
+    echo "✅ Orchestrator process instrumentation enabled" >&2
+else
+    echo "⚠️ Process instrumentation not available - proceeding without monitoring" >&2
+fi
+
 # Get thresholds for mode
 # Add additional mode validation with safe fallback
 case "$MODE" in
@@ -435,12 +474,22 @@ function spawn_loop3_agents() {
     safe_task_id=$(sanitize_input "$task_id") || continue
     safe_agent_id=$(sanitize_input "$UNIQUE_AGENT_ID") || continue
 
-    # Spawn agent in background with explicit agent ID
-    npx claude-flow-novice agent "$safe_agent_type" \
-      --task-id "$safe_task_id" \
-      --agent-id "$safe_agent_id" \
-      --iteration "$iteration" \
-      --context "$(build_agent_context "$safe_task_id" "$iteration" "$safe_agent_type" "" "loop3")" &
+    # Spawn agent in background with process instrumentation and memory limits
+    if command -v execute_instrumented >/dev/null 2>&1; then
+        execute_instrumented "npx" "$CFN_VALIDATION_TIMEOUT" "$CFN_MEMORY_LIMIT" \
+          claude-flow-novice agent "$safe_agent_type" \
+          --task-id "$safe_task_id" \
+          --agent-id "$safe_agent_id" \
+          --iteration "$iteration" \
+          --context "$(build_agent_context "$safe_task_id" "$iteration" "$safe_agent_type" "" "loop3")" &
+    else
+        # Fallback to raw spawn if instrumentation unavailable
+        npx claude-flow-novice agent "$safe_agent_type" \
+          --task-id "$safe_task_id" \
+          --agent-id "$safe_agent_id" \
+          --iteration "$iteration" \
+          --context "$(build_agent_context "$safe_task_id" "$iteration" "$safe_agent_type" "" "loop3")" &
+    fi
 
     # Store PID for monitoring using unique agent ID
     AGENT_PID=$!
@@ -450,6 +499,17 @@ function spawn_loop3_agents() {
       --value "{\"pid\": $AGENT_PID}" \
       --namespace "swarm" >/dev/null
 
+    # ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Start telemetry monitoring
+    if [[ -f "$PROJECT_ROOT/.claude/skills/cfn-telemetry/collect-metrics.sh" ]]; then
+        MONITOR_PID=$("$PROJECT_ROOT/.claude/skills/cfn-telemetry/collect-metrics.sh" start-monitoring "$UNIQUE_AGENT_ID" "$AGENT_PID" "$iteration" "$safe_agent_type")
+        "$REDIS_COORD_SKILL/store-context.sh" \
+          --task-id "$task_id" \
+          --key "${UNIQUE_AGENT_ID}:monitor_pid" \
+          --value "{\"pid\": $MONITOR_PID}" \
+          --namespace "swarm" >/dev/null
+        echo "🔍 Started monitoring for $UNIQUE_AGENT_ID (Agent PID: $AGENT_PID, Monitor PID: $MONITOR_PID)" >&2
+    fi
+
     # Store agent ID mapping for later retrieval using Redis SADD for set storage
     redis-cli SADD "swarm:${task_id}:loop3:agent_ids:iteration${iteration}" "$UNIQUE_AGENT_ID" >/dev/null
   done
@@ -524,6 +584,16 @@ function wait_for_agents() {
     wait "$pid" 2>/dev/null || true
   done
 
+  # ⚠️ ANTI-023 MEMORY LEAK PROTECTION: Stop monitoring for all agents
+  echo "  Stopping telemetry monitoring for Loop 3 agents..." >&2
+  for unique_agent_id in "${AGENT_IDS[@]}"; do
+    local monitor_pid=$("$REDIS_COORD_SKILL/get-context.sh" --task-id "$task_id" --key "${unique_agent_id}:monitor_pid" --namespace "swarm" 2>/dev/null | jq -r '.pid // 0' || echo "0")
+    if [[ "$monitor_pid" -gt 0 ]] && kill -0 "$monitor_pid" 2>/dev/null; then
+      "$PROJECT_ROOT/.claude/skills/cfn-telemetry/collect-metrics.sh" stop-monitoring "$monitor_pid" >/dev/null 2>&1 || true
+      echo "    Stopped monitoring for $unique_agent_id (Monitor PID: $monitor_pid)" >&2
+    fi
+  done
+
   # Calculate actual elapsed time
   local end_time=$(date +%s)
   local elapsed=$((end_time - start_time))
@@ -668,12 +738,22 @@ function spawn_loop2_agents() {
 
     echo "  Spawning: $agent_type (ID: $UNIQUE_VALIDATOR_ID)"
 
-    # Spawn agent in background with explicit agent ID
-    npx claude-flow-novice agent "$agent_type" \
-      --task-id "$task_id" \
-      --agent-id "$UNIQUE_VALIDATOR_ID" \
-      --iteration "$iteration" \
-      --context "$(build_agent_context "$task_id" "$iteration" "$agent_type" "" "loop2")" &
+    # Spawn validator in background with process instrumentation and memory limits
+    if command -v execute_instrumented >/dev/null 2>&1; then
+        execute_instrumented "npx" "$CFN_VALIDATION_TIMEOUT" "$CFN_MEMORY_LIMIT" \
+          claude-flow-novice agent "$agent_type" \
+          --task-id "$task_id" \
+          --agent-id "$UNIQUE_VALIDATOR_ID" \
+          --iteration "$iteration" \
+          --context "$(build_agent_context "$task_id" "$iteration" "$agent_type" "" "loop2")" &
+    else
+        # Fallback to raw spawn if instrumentation unavailable
+        npx claude-flow-novice agent "$agent_type" \
+          --task-id "$task_id" \
+          --agent-id "$UNIQUE_VALIDATOR_ID" \
+          --iteration "$iteration" \
+          --context "$(build_agent_context "$task_id" "$iteration" "$agent_type" "" "loop2")" &
+    fi
 
     # Store PID for monitoring using unique agent ID
     AGENT_PID=$!